standardized symbols via "isabelle update_sub_sup", excluding src/Pure and src/Tools/WWW_Find;
authorwenzelm
Tue Aug 13 16:25:47 2013 +0200 (2013-08-13)
changeset 53015a1119cf551e8
parent 53009 bb18eed53ed6
child 53016 fa9c38891cf2
standardized symbols via "isabelle update_sub_sup", excluding src/Pure and src/Tools/WWW_Find;
src/Doc/Classes/Classes.thy
src/Doc/Codegen/Foundations.thy
src/Doc/Codegen/Refinement.thy
src/Doc/IsarImplementation/Logic.thy
src/Doc/IsarImplementation/Prelim.thy
src/Doc/IsarImplementation/Proof.thy
src/Doc/IsarImplementation/Tactic.thy
src/Doc/IsarRef/First_Order_Logic.thy
src/Doc/IsarRef/Framework.thy
src/Doc/IsarRef/HOL_Specific.thy
src/Doc/IsarRef/Misc.thy
src/Doc/IsarRef/Outer_Syntax.thy
src/Doc/IsarRef/Proof.thy
src/Doc/IsarRef/Spec.thy
src/Doc/LaTeXsugar/Sugar.thy
src/Doc/Main/Main_Doc.thy
src/Doc/ProgProve/Basics.thy
src/Doc/ProgProve/Bool_nat_list.thy
src/Doc/ProgProve/Isar.thy
src/Doc/ProgProve/Logic.thy
src/Doc/ProgProve/Types_and_funs.thy
src/Doc/Tutorial/Documents/Documents.thy
src/Doc/Tutorial/Inductive/Mutual.thy
src/Doc/Tutorial/Types/Axioms.thy
src/HOL/Complete_Lattices.thy
src/HOL/Complex.thy
src/HOL/Decision_Procs/Cooper.thy
src/HOL/Decision_Procs/ex/Approximation_Ex.thy
src/HOL/Enum.thy
src/HOL/Finite_Set.thy
src/HOL/IMP/ACom.thy
src/HOL/IMP/AExp.thy
src/HOL/IMP/ASM.thy
src/HOL/IMP/Abs_Int0.thy
src/HOL/IMP/Abs_Int1.thy
src/HOL/IMP/Abs_Int2.thy
src/HOL/IMP/Abs_Int3.thy
src/HOL/IMP/Abs_Int_Den/Abs_Int_den1.thy
src/HOL/IMP/Abs_Int_ITP/Abs_Int0_ITP.thy
src/HOL/IMP/Abs_Int_ITP/Abs_Int1_ITP.thy
src/HOL/IMP/Abs_Int_ITP/Abs_Int2_ITP.thy
src/HOL/IMP/Abs_Int_ITP/Abs_Int3_ITP.thy
src/HOL/IMP/Abs_Int_ITP/Abs_State_ITP.thy
src/HOL/IMP/Abs_Int_ITP/Collecting_ITP.thy
src/HOL/IMP/Abs_State.thy
src/HOL/IMP/BExp.thy
src/HOL/IMP/Big_Step.thy
src/HOL/IMP/C_like.thy
src/HOL/IMP/Compiler.thy
src/HOL/IMP/Def_Init.thy
src/HOL/IMP/Def_Init_Big.thy
src/HOL/IMP/Def_Init_Exp.thy
src/HOL/IMP/Def_Init_Small.thy
src/HOL/IMP/Hoare.thy
src/HOL/IMP/Hoare_Sound_Complete.thy
src/HOL/IMP/Hoare_Total.thy
src/HOL/IMP/Live.thy
src/HOL/IMP/Live_True.thy
src/HOL/IMP/OO.thy
src/HOL/IMP/Procs_Dyn_Vars_Dyn.thy
src/HOL/IMP/Procs_Stat_Vars_Dyn.thy
src/HOL/IMP/Procs_Stat_Vars_Stat.thy
src/HOL/IMP/Sec_Type_Expr.thy
src/HOL/IMP/Sec_Typing.thy
src/HOL/IMP/Sec_TypingT.thy
src/HOL/IMP/Small_Step.thy
src/HOL/IMP/VCG.thy
src/HOL/IMP/Vars.thy
src/HOL/Induct/Ordinals.thy
src/HOL/Library/Cardinality.thy
src/HOL/Library/Discrete.thy
src/HOL/Library/FuncSet.thy
src/HOL/Library/Function_Growth.thy
src/HOL/Library/Inner_Product.thy
src/HOL/Library/Kleene_Algebra.thy
src/HOL/Library/Product_Lexorder.thy
src/HOL/Library/Product_Vector.thy
src/HOL/Library/Sublist.thy
src/HOL/List.thy
src/HOL/Map.thy
src/HOL/Metis_Examples/Big_O.thy
src/HOL/Metis_Examples/Binary_Tree.thy
src/HOL/Metis_Examples/Message.thy
src/HOL/Metis_Examples/Sets.thy
src/HOL/Metis_Examples/Trans_Closure.thy
src/HOL/MicroJava/DFA/Product.thy
src/HOL/Multivariate_Analysis/Convex_Euclidean_Space.thy
src/HOL/Multivariate_Analysis/Integration.thy
src/HOL/Multivariate_Analysis/L2_Norm.thy
src/HOL/Multivariate_Analysis/Linear_Algebra.thy
src/HOL/Multivariate_Analysis/Topology_Euclidean_Space.thy
src/HOL/NSA/NSCA.thy
src/HOL/Nitpick_Examples/Manual_Nits.thy
src/HOL/Nitpick_Examples/Special_Nits.thy
src/HOL/Nominal/Examples/CK_Machine.thy
src/HOL/Nominal/Examples/CR.thy
src/HOL/Nominal/Examples/CR_Takahashi.thy
src/HOL/Nominal/Examples/Class1.thy
src/HOL/Nominal/Examples/Class2.thy
src/HOL/Nominal/Examples/Class3.thy
src/HOL/Nominal/Examples/Contexts.thy
src/HOL/Nominal/Examples/Crary.thy
src/HOL/Nominal/Examples/Fsub.thy
src/HOL/Nominal/Examples/Lam_Funs.thy
src/HOL/Nominal/Examples/Pattern.thy
src/HOL/Nominal/Examples/SN.thy
src/HOL/Nominal/Examples/SOS.thy
src/HOL/Nominal/Examples/Standardization.thy
src/HOL/Nominal/Examples/Type_Preservation.thy
src/HOL/Nominal/Examples/W.thy
src/HOL/NthRoot.thy
src/HOL/Old_Number_Theory/Pocklington.thy
src/HOL/Old_Number_Theory/Primes.thy
src/HOL/Power.thy
src/HOL/Predicate_Compile_Examples/Context_Free_Grammar_Example.thy
src/HOL/Predicate_Compile_Examples/Examples.thy
src/HOL/Predicate_Compile_Examples/Hotel_Example.thy
src/HOL/Predicate_Compile_Examples/Hotel_Example_Prolog.thy
src/HOL/Predicate_Compile_Examples/Predicate_Compile_Quickcheck_Examples.thy
src/HOL/Predicate_Compile_Examples/Specialisation_Examples.thy
src/HOL/Probability/Binary_Product_Measure.thy
src/HOL/Probability/Distributions.thy
src/HOL/Probability/Fin_Map.thy
src/HOL/Probability/Finite_Product_Measure.thy
src/HOL/Probability/Independent_Family.thy
src/HOL/Probability/Infinite_Product_Measure.thy
src/HOL/Probability/Information.thy
src/HOL/Probability/Lebesgue_Integration.thy
src/HOL/Probability/Lebesgue_Measure.thy
src/HOL/Probability/Probability_Measure.thy
src/HOL/Probability/Projective_Family.thy
src/HOL/Probability/Projective_Limit.thy
src/HOL/Probability/Radon_Nikodym.thy
src/HOL/Quickcheck_Examples/Hotel_Example.thy
src/HOL/Quickcheck_Exhaustive.thy
src/HOL/Rat.thy
src/HOL/Statespace/DistinctTreeProver.thy
src/HOL/Tools/ATP/atp_util.ML
src/HOL/Tools/Nitpick/nitpick_model.ML
src/HOL/Tools/Nitpick/nitpick_util.ML
src/HOL/Transcendental.thy
src/HOL/Unix/Unix.thy
src/HOL/ex/FinFunPred.thy
src/HOL/ex/Groebner_Examples.thy
src/HOL/ex/Sqrt.thy
     1.1 --- a/src/Doc/Classes/Classes.thy	Tue Aug 13 14:20:22 2013 +0200
     1.2 +++ b/src/Doc/Classes/Classes.thy	Tue Aug 13 16:25:47 2013 +0200
     1.3 @@ -195,11 +195,11 @@
     1.4  begin
     1.5  
     1.6  definition %quote
     1.7 -  mult_prod_def: "p\<^isub>1 \<otimes> p\<^isub>2 = (fst p\<^isub>1 \<otimes> fst p\<^isub>2, snd p\<^isub>1 \<otimes> snd p\<^isub>2)"
     1.8 +  mult_prod_def: "p\<^sub>1 \<otimes> p\<^sub>2 = (fst p\<^sub>1 \<otimes> fst p\<^sub>2, snd p\<^sub>1 \<otimes> snd p\<^sub>2)"
     1.9  
    1.10  instance %quote proof
    1.11 -  fix p\<^isub>1 p\<^isub>2 p\<^isub>3 :: "\<alpha>\<Colon>semigroup \<times> \<beta>\<Colon>semigroup"
    1.12 -  show "p\<^isub>1 \<otimes> p\<^isub>2 \<otimes> p\<^isub>3 = p\<^isub>1 \<otimes> (p\<^isub>2 \<otimes> p\<^isub>3)"
    1.13 +  fix p\<^sub>1 p\<^sub>2 p\<^sub>3 :: "\<alpha>\<Colon>semigroup \<times> \<beta>\<Colon>semigroup"
    1.14 +  show "p\<^sub>1 \<otimes> p\<^sub>2 \<otimes> p\<^sub>3 = p\<^sub>1 \<otimes> (p\<^sub>2 \<otimes> p\<^sub>3)"
    1.15      unfolding mult_prod_def by (simp add: assoc)
    1.16  qed      
    1.17  
     2.1 --- a/src/Doc/Codegen/Foundations.thy	Tue Aug 13 14:20:22 2013 +0200
     2.2 +++ b/src/Doc/Codegen/Foundations.thy	Tue Aug 13 16:25:47 2013 +0200
     2.3 @@ -56,8 +56,8 @@
     2.4  
     2.5    \noindent Central to code generation is the notion of \emph{code
     2.6    equations}.  A code equation as a first approximation is a theorem
     2.7 -  of the form @{text "f t\<^isub>1 t\<^isub>2 \<dots> t\<^isub>n \<equiv> t"} (an equation headed by a
     2.8 -  constant @{text f} with arguments @{text "t\<^isub>1 t\<^isub>2 \<dots> t\<^isub>n"} and right
     2.9 +  of the form @{text "f t\<^sub>1 t\<^sub>2 \<dots> t\<^sub>n \<equiv> t"} (an equation headed by a
    2.10 +  constant @{text f} with arguments @{text "t\<^sub>1 t\<^sub>2 \<dots> t\<^sub>n"} and right
    2.11    hand side @{text t}).
    2.12  
    2.13    \begin{itemize}
     3.1 --- a/src/Doc/Codegen/Refinement.thy	Tue Aug 13 14:20:22 2013 +0200
     3.2 +++ b/src/Doc/Codegen/Refinement.thy	Tue Aug 13 16:25:47 2013 +0200
     3.3 @@ -116,8 +116,8 @@
     3.4    to be.
     3.5  
     3.6    The prerequisite for datatype constructors is only syntactical: a
     3.7 -  constructor must be of type @{text "\<tau> = \<dots> \<Rightarrow> \<kappa> \<alpha>\<^isub>1 \<dots> \<alpha>\<^isub>n"} where @{text
     3.8 -  "{\<alpha>\<^isub>1, \<dots>, \<alpha>\<^isub>n}"} is exactly the set of \emph{all} type variables in
     3.9 +  constructor must be of type @{text "\<tau> = \<dots> \<Rightarrow> \<kappa> \<alpha>\<^sub>1 \<dots> \<alpha>\<^sub>n"} where @{text
    3.10 +  "{\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>n}"} is exactly the set of \emph{all} type variables in
    3.11    @{text "\<tau>"}; then @{text "\<kappa>"} is its corresponding datatype.  The
    3.12    HOL datatype package by default registers any new datatype with its
    3.13    constructors, but this may be changed using @{command_def
     4.1 --- a/src/Doc/IsarImplementation/Logic.thy	Tue Aug 13 14:20:22 2013 +0200
     4.2 +++ b/src/Doc/IsarImplementation/Logic.thy	Tue Aug 13 16:25:47 2013 +0200
     4.3 @@ -38,18 +38,18 @@
     4.4  
     4.5    \medskip A \emph{type class} is an abstract syntactic entity
     4.6    declared in the theory context.  The \emph{subclass relation} @{text
     4.7 -  "c\<^isub>1 \<subseteq> c\<^isub>2"} is specified by stating an acyclic
     4.8 +  "c\<^sub>1 \<subseteq> c\<^sub>2"} is specified by stating an acyclic
     4.9    generating relation; the transitive closure is maintained
    4.10    internally.  The resulting relation is an ordering: reflexive,
    4.11    transitive, and antisymmetric.
    4.12  
    4.13 -  A \emph{sort} is a list of type classes written as @{text "s = {c\<^isub>1,
    4.14 -  \<dots>, c\<^isub>m}"}, it represents symbolic intersection.  Notationally, the
    4.15 +  A \emph{sort} is a list of type classes written as @{text "s = {c\<^sub>1,
    4.16 +  \<dots>, c\<^sub>m}"}, it represents symbolic intersection.  Notationally, the
    4.17    curly braces are omitted for singleton intersections, i.e.\ any
    4.18    class @{text "c"} may be read as a sort @{text "{c}"}.  The ordering
    4.19    on type classes is extended to sorts according to the meaning of
    4.20 -  intersections: @{text "{c\<^isub>1, \<dots> c\<^isub>m} \<subseteq> {d\<^isub>1, \<dots>, d\<^isub>n}"} iff @{text
    4.21 -  "\<forall>j. \<exists>i. c\<^isub>i \<subseteq> d\<^isub>j"}.  The empty intersection @{text "{}"} refers to
    4.22 +  intersections: @{text "{c\<^sub>1, \<dots> c\<^sub>m} \<subseteq> {d\<^sub>1, \<dots>, d\<^sub>n}"} iff @{text
    4.23 +  "\<forall>j. \<exists>i. c\<^sub>i \<subseteq> d\<^sub>j"}.  The empty intersection @{text "{}"} refers to
    4.24    the universal sort, which is the largest element wrt.\ the sort
    4.25    order.  Thus @{text "{}"} represents the ``full sort'', not the
    4.26    empty one!  The intersection of all (finitely many) classes declared
    4.27 @@ -57,10 +57,10 @@
    4.28  
    4.29    \medskip A \emph{fixed type variable} is a pair of a basic name
    4.30    (starting with a @{text "'"} character) and a sort constraint, e.g.\
    4.31 -  @{text "('a, s)"} which is usually printed as @{text "\<alpha>\<^isub>s"}.
    4.32 +  @{text "('a, s)"} which is usually printed as @{text "\<alpha>\<^sub>s"}.
    4.33    A \emph{schematic type variable} is a pair of an indexname and a
    4.34    sort constraint, e.g.\ @{text "(('a, 0), s)"} which is usually
    4.35 -  printed as @{text "?\<alpha>\<^isub>s"}.
    4.36 +  printed as @{text "?\<alpha>\<^sub>s"}.
    4.37  
    4.38    Note that \emph{all} syntactic components contribute to the identity
    4.39    of type variables: basic name, index, and sort constraint.  The core
    4.40 @@ -70,7 +70,7 @@
    4.41  
    4.42    A \emph{type constructor} @{text "\<kappa>"} is a @{text "k"}-ary operator
    4.43    on types declared in the theory.  Type constructor application is
    4.44 -  written postfix as @{text "(\<alpha>\<^isub>1, \<dots>, \<alpha>\<^isub>k)\<kappa>"}.  For
    4.45 +  written postfix as @{text "(\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>k)\<kappa>"}.  For
    4.46    @{text "k = 0"} the argument tuple is omitted, e.g.\ @{text "prop"}
    4.47    instead of @{text "()prop"}.  For @{text "k = 1"} the parentheses
    4.48    are omitted, e.g.\ @{text "\<alpha> list"} instead of @{text "(\<alpha>)list"}.
    4.49 @@ -79,7 +79,7 @@
    4.50    \<beta>)fun"}.
    4.51    
    4.52    The logical category \emph{type} is defined inductively over type
    4.53 -  variables and type constructors as follows: @{text "\<tau> = \<alpha>\<^isub>s | ?\<alpha>\<^isub>s |
    4.54 +  variables and type constructors as follows: @{text "\<tau> = \<alpha>\<^sub>s | ?\<alpha>\<^sub>s |
    4.55    (\<tau>\<^sub>1, \<dots>, \<tau>\<^sub>k)\<kappa>"}.
    4.56  
    4.57    A \emph{type abbreviation} is a syntactic definition @{text
    4.58 @@ -89,27 +89,27 @@
    4.59    logical core.
    4.60  
    4.61    A \emph{type arity} declares the image behavior of a type
    4.62 -  constructor wrt.\ the algebra of sorts: @{text "\<kappa> :: (s\<^isub>1, \<dots>,
    4.63 -  s\<^isub>k)s"} means that @{text "(\<tau>\<^isub>1, \<dots>, \<tau>\<^isub>k)\<kappa>"} is
    4.64 -  of sort @{text "s"} if every argument type @{text "\<tau>\<^isub>i"} is
    4.65 -  of sort @{text "s\<^isub>i"}.  Arity declarations are implicitly
    4.66 +  constructor wrt.\ the algebra of sorts: @{text "\<kappa> :: (s\<^sub>1, \<dots>,
    4.67 +  s\<^sub>k)s"} means that @{text "(\<tau>\<^sub>1, \<dots>, \<tau>\<^sub>k)\<kappa>"} is
    4.68 +  of sort @{text "s"} if every argument type @{text "\<tau>\<^sub>i"} is
    4.69 +  of sort @{text "s\<^sub>i"}.  Arity declarations are implicitly
    4.70    completed, i.e.\ @{text "\<kappa> :: (\<^vec>s)c"} entails @{text "\<kappa> ::
    4.71    (\<^vec>s)c'"} for any @{text "c' \<supseteq> c"}.
    4.72  
    4.73    \medskip The sort algebra is always maintained as \emph{coregular},
    4.74    which means that type arities are consistent with the subclass
    4.75    relation: for any type constructor @{text "\<kappa>"}, and classes @{text
    4.76 -  "c\<^isub>1 \<subseteq> c\<^isub>2"}, and arities @{text "\<kappa> ::
    4.77 -  (\<^vec>s\<^isub>1)c\<^isub>1"} and @{text "\<kappa> ::
    4.78 -  (\<^vec>s\<^isub>2)c\<^isub>2"} holds @{text "\<^vec>s\<^isub>1 \<subseteq>
    4.79 -  \<^vec>s\<^isub>2"} component-wise.
    4.80 +  "c\<^sub>1 \<subseteq> c\<^sub>2"}, and arities @{text "\<kappa> ::
    4.81 +  (\<^vec>s\<^sub>1)c\<^sub>1"} and @{text "\<kappa> ::
    4.82 +  (\<^vec>s\<^sub>2)c\<^sub>2"} holds @{text "\<^vec>s\<^sub>1 \<subseteq>
    4.83 +  \<^vec>s\<^sub>2"} component-wise.
    4.84  
    4.85    The key property of a coregular order-sorted algebra is that sort
    4.86    constraints can be solved in a most general fashion: for each type
    4.87    constructor @{text "\<kappa>"} and sort @{text "s"} there is a most general
    4.88 -  vector of argument sorts @{text "(s\<^isub>1, \<dots>, s\<^isub>k)"} such
    4.89 -  that a type scheme @{text "(\<alpha>\<^bsub>s\<^isub>1\<^esub>, \<dots>,
    4.90 -  \<alpha>\<^bsub>s\<^isub>k\<^esub>)\<kappa>"} is of sort @{text "s"}.
    4.91 +  vector of argument sorts @{text "(s\<^sub>1, \<dots>, s\<^sub>k)"} such
    4.92 +  that a type scheme @{text "(\<alpha>\<^bsub>s\<^sub>1\<^esub>, \<dots>,
    4.93 +  \<alpha>\<^bsub>s\<^sub>k\<^esub>)\<kappa>"} is of sort @{text "s"}.
    4.94    Consequently, type unification has most general solutions (modulo
    4.95    equivalence of sorts), so type-inference produces primary types as
    4.96    expected \cite{nipkow-prehofer}.
    4.97 @@ -159,8 +159,8 @@
    4.98    TVar}) in @{text "\<tau>"}; the type structure is traversed from left to
    4.99    right.
   4.100  
   4.101 -  \item @{ML Sign.subsort}~@{text "thy (s\<^isub>1, s\<^isub>2)"}
   4.102 -  tests the subsort relation @{text "s\<^isub>1 \<subseteq> s\<^isub>2"}.
   4.103 +  \item @{ML Sign.subsort}~@{text "thy (s\<^sub>1, s\<^sub>2)"}
   4.104 +  tests the subsort relation @{text "s\<^sub>1 \<subseteq> s\<^sub>2"}.
   4.105  
   4.106    \item @{ML Sign.of_sort}~@{text "thy (\<tau>, s)"} tests whether type
   4.107    @{text "\<tau>"} is of sort @{text "s"}.
   4.108 @@ -172,13 +172,13 @@
   4.109    \item @{ML Sign.add_type_abbrev}~@{text "ctxt (\<kappa>, \<^vec>\<alpha>, \<tau>)"}
   4.110    defines a new type abbreviation @{text "(\<^vec>\<alpha>)\<kappa> = \<tau>"}.
   4.111  
   4.112 -  \item @{ML Sign.primitive_class}~@{text "(c, [c\<^isub>1, \<dots>,
   4.113 -  c\<^isub>n])"} declares a new class @{text "c"}, together with class
   4.114 -  relations @{text "c \<subseteq> c\<^isub>i"}, for @{text "i = 1, \<dots>, n"}.
   4.115 +  \item @{ML Sign.primitive_class}~@{text "(c, [c\<^sub>1, \<dots>,
   4.116 +  c\<^sub>n])"} declares a new class @{text "c"}, together with class
   4.117 +  relations @{text "c \<subseteq> c\<^sub>i"}, for @{text "i = 1, \<dots>, n"}.
   4.118  
   4.119 -  \item @{ML Sign.primitive_classrel}~@{text "(c\<^isub>1,
   4.120 -  c\<^isub>2)"} declares the class relation @{text "c\<^isub>1 \<subseteq>
   4.121 -  c\<^isub>2"}.
   4.122 +  \item @{ML Sign.primitive_classrel}~@{text "(c\<^sub>1,
   4.123 +  c\<^sub>2)"} declares the class relation @{text "c\<^sub>1 \<subseteq>
   4.124 +  c\<^sub>2"}.
   4.125  
   4.126    \item @{ML Sign.primitive_arity}~@{text "(\<kappa>, \<^vec>s, s)"} declares
   4.127    the arity @{text "\<kappa> :: (\<^vec>s)s"}.
   4.128 @@ -258,25 +258,25 @@
   4.129    without any loose variables.
   4.130  
   4.131    A \emph{fixed variable} is a pair of a basic name and a type, e.g.\
   4.132 -  @{text "(x, \<tau>)"} which is usually printed @{text "x\<^isub>\<tau>"} here.  A
   4.133 +  @{text "(x, \<tau>)"} which is usually printed @{text "x\<^sub>\<tau>"} here.  A
   4.134    \emph{schematic variable} is a pair of an indexname and a type,
   4.135    e.g.\ @{text "((x, 0), \<tau>)"} which is likewise printed as @{text
   4.136 -  "?x\<^isub>\<tau>"}.
   4.137 +  "?x\<^sub>\<tau>"}.
   4.138  
   4.139    \medskip A \emph{constant} is a pair of a basic name and a type,
   4.140 -  e.g.\ @{text "(c, \<tau>)"} which is usually printed as @{text "c\<^isub>\<tau>"}
   4.141 +  e.g.\ @{text "(c, \<tau>)"} which is usually printed as @{text "c\<^sub>\<tau>"}
   4.142    here.  Constants are declared in the context as polymorphic families
   4.143    @{text "c :: \<sigma>"}, meaning that all substitution instances @{text
   4.144 -  "c\<^isub>\<tau>"} for @{text "\<tau> = \<sigma>\<vartheta>"} are valid.
   4.145 +  "c\<^sub>\<tau>"} for @{text "\<tau> = \<sigma>\<vartheta>"} are valid.
   4.146  
   4.147 -  The vector of \emph{type arguments} of constant @{text "c\<^isub>\<tau>"} wrt.\
   4.148 +  The vector of \emph{type arguments} of constant @{text "c\<^sub>\<tau>"} wrt.\
   4.149    the declaration @{text "c :: \<sigma>"} is defined as the codomain of the
   4.150 -  matcher @{text "\<vartheta> = {?\<alpha>\<^isub>1 \<mapsto> \<tau>\<^isub>1, \<dots>, ?\<alpha>\<^isub>n \<mapsto> \<tau>\<^isub>n}"} presented in
   4.151 -  canonical order @{text "(\<tau>\<^isub>1, \<dots>, \<tau>\<^isub>n)"}, corresponding to the
   4.152 -  left-to-right occurrences of the @{text "\<alpha>\<^isub>i"} in @{text "\<sigma>"}.
   4.153 +  matcher @{text "\<vartheta> = {?\<alpha>\<^sub>1 \<mapsto> \<tau>\<^sub>1, \<dots>, ?\<alpha>\<^sub>n \<mapsto> \<tau>\<^sub>n}"} presented in
   4.154 +  canonical order @{text "(\<tau>\<^sub>1, \<dots>, \<tau>\<^sub>n)"}, corresponding to the
   4.155 +  left-to-right occurrences of the @{text "\<alpha>\<^sub>i"} in @{text "\<sigma>"}.
   4.156    Within a given theory context, there is a one-to-one correspondence
   4.157 -  between any constant @{text "c\<^isub>\<tau>"} and the application @{text "c(\<tau>\<^isub>1,
   4.158 -  \<dots>, \<tau>\<^isub>n)"} of its type arguments.  For example, with @{text "plus :: \<alpha>
   4.159 +  between any constant @{text "c\<^sub>\<tau>"} and the application @{text "c(\<tau>\<^sub>1,
   4.160 +  \<dots>, \<tau>\<^sub>n)"} of its type arguments.  For example, with @{text "plus :: \<alpha>
   4.161    \<Rightarrow> \<alpha> \<Rightarrow> \<alpha>"}, the instance @{text "plus\<^bsub>nat \<Rightarrow> nat \<Rightarrow> nat\<^esub>"} corresponds to
   4.162    @{text "plus(nat)"}.
   4.163  
   4.164 @@ -290,7 +290,7 @@
   4.165    \medskip An \emph{atomic term} is either a variable or constant.
   4.166    The logical category \emph{term} is defined inductively over atomic
   4.167    terms, with abstraction and application as follows: @{text "t = b |
   4.168 -  x\<^isub>\<tau> | ?x\<^isub>\<tau> | c\<^isub>\<tau> | \<lambda>\<^isub>\<tau>. t | t\<^isub>1 t\<^isub>2"}.  Parsing and printing takes care of
   4.169 +  x\<^sub>\<tau> | ?x\<^sub>\<tau> | c\<^sub>\<tau> | \<lambda>\<^sub>\<tau>. t | t\<^sub>1 t\<^sub>2"}.  Parsing and printing takes care of
   4.170    converting between an external representation with named bound
   4.171    variables.  Subsequently, we shall use the latter notation instead
   4.172    of internal de-Bruijn representation.
   4.173 @@ -299,7 +299,7 @@
   4.174    term according to the structure of atomic terms, abstractions, and
   4.175    applicatins:
   4.176    \[
   4.177 -  \infer{@{text "a\<^isub>\<tau> :: \<tau>"}}{}
   4.178 +  \infer{@{text "a\<^sub>\<tau> :: \<tau>"}}{}
   4.179    \qquad
   4.180    \infer{@{text "(\<lambda>x\<^sub>\<tau>. t) :: \<tau> \<Rightarrow> \<sigma>"}}{@{text "t :: \<sigma>"}}
   4.181    \qquad
   4.182 @@ -315,7 +315,7 @@
   4.183  
   4.184    The identity of atomic terms consists both of the name and the type
   4.185    component.  This means that different variables @{text
   4.186 -  "x\<^bsub>\<tau>\<^isub>1\<^esub>"} and @{text "x\<^bsub>\<tau>\<^isub>2\<^esub>"} may become the same after
   4.187 +  "x\<^bsub>\<tau>\<^sub>1\<^esub>"} and @{text "x\<^bsub>\<tau>\<^sub>2\<^esub>"} may become the same after
   4.188    type instantiation.  Type-inference rejects variables of the same
   4.189    name, but different types.  In contrast, mixed instances of
   4.190    polymorphic constants occur routinely.
   4.191 @@ -329,11 +329,11 @@
   4.192    pathological situation notoriously demands additional care.
   4.193  
   4.194    \medskip A \emph{term abbreviation} is a syntactic definition @{text
   4.195 -  "c\<^isub>\<sigma> \<equiv> t"} of a closed term @{text "t"} of type @{text "\<sigma>"},
   4.196 +  "c\<^sub>\<sigma> \<equiv> t"} of a closed term @{text "t"} of type @{text "\<sigma>"},
   4.197    without any hidden polymorphism.  A term abbreviation looks like a
   4.198    constant in the syntax, but is expanded before entering the logical
   4.199    core.  Abbreviations are usually reverted when printing terms, using
   4.200 -  @{text "t \<rightarrow> c\<^isub>\<sigma>"} as rules for higher-order rewriting.
   4.201 +  @{text "t \<rightarrow> c\<^sub>\<sigma>"} as rules for higher-order rewriting.
   4.202  
   4.203    \medskip Canonical operations on @{text "\<lambda>"}-terms include @{text
   4.204    "\<alpha>\<beta>\<eta>"}-conversion: @{text "\<alpha>"}-conversion refers to capture-free
   4.205 @@ -428,7 +428,7 @@
   4.206    introduces a new term abbreviation @{text "c \<equiv> t"}.
   4.207  
   4.208    \item @{ML Sign.const_typargs}~@{text "thy (c, \<tau>)"} and @{ML
   4.209 -  Sign.const_instance}~@{text "thy (c, [\<tau>\<^isub>1, \<dots>, \<tau>\<^isub>n])"}
   4.210 +  Sign.const_instance}~@{text "thy (c, [\<tau>\<^sub>1, \<dots>, \<tau>\<^sub>n])"}
   4.211    convert between two representations of polymorphic constants: full
   4.212    type instance vs.\ compact type arguments form.
   4.213  
   4.214 @@ -497,7 +497,7 @@
   4.215    The theory @{text "Pure"} contains constant declarations for the
   4.216    primitive connectives @{text "\<And>"}, @{text "\<Longrightarrow>"}, and @{text "\<equiv>"} of
   4.217    the logical framework, see \figref{fig:pure-connectives}.  The
   4.218 -  derivability judgment @{text "A\<^isub>1, \<dots>, A\<^isub>n \<turnstile> B"} is
   4.219 +  derivability judgment @{text "A\<^sub>1, \<dots>, A\<^sub>n \<turnstile> B"} is
   4.220    defined inductively by the primitive inferences given in
   4.221    \figref{fig:prim-rules}, with the global restriction that the
   4.222    hypotheses must \emph{not} contain any schematic variables.  The
   4.223 @@ -564,7 +564,7 @@
   4.224    "\<And>\<hyphen>intro"}) need not be recorded in the hypotheses, because
   4.225    the simple syntactic types of Pure are always inhabitable.
   4.226    ``Assumptions'' @{text "x :: \<tau>"} for type-membership are only
   4.227 -  present as long as some @{text "x\<^isub>\<tau>"} occurs in the statement
   4.228 +  present as long as some @{text "x\<^sub>\<tau>"} occurs in the statement
   4.229    body.\footnote{This is the key difference to ``@{text "\<lambda>HOL"}'' in
   4.230    the PTS framework \cite{Barendregt-Geuvers:2001}, where hypotheses
   4.231    @{text "x : A"} are treated uniformly for propositions and types.}
   4.232 @@ -625,7 +625,7 @@
   4.233    "c((\<^vec>\<alpha>)\<kappa>) \<equiv> t"} for each type constructor @{text "\<kappa>"} (for
   4.234    distinct variables @{text "\<^vec>\<alpha>"}).  The RHS may mention
   4.235    previously defined constants as above, or arbitrary constants @{text
   4.236 -  "d(\<alpha>\<^isub>i)"} for some @{text "\<alpha>\<^isub>i"} projected from @{text
   4.237 +  "d(\<alpha>\<^sub>i)"} for some @{text "\<alpha>\<^sub>i"} projected from @{text
   4.238    "\<^vec>\<alpha>"}.  Thus overloaded definitions essentially work by
   4.239    primitive recursion over the syntactic structure of a single type
   4.240    argument.  See also \cite[\S4.3]{Haftmann-Wenzel:2006:classes}.
   4.241 @@ -738,10 +738,10 @@
   4.242    variables are generalized simultaneously, specified by the given
   4.243    basic names.
   4.244  
   4.245 -  \item @{ML Thm.instantiate}~@{text "(\<^vec>\<alpha>\<^isub>s,
   4.246 -  \<^vec>x\<^isub>\<tau>)"} corresponds to the @{text "instantiate"} rules
   4.247 +  \item @{ML Thm.instantiate}~@{text "(\<^vec>\<alpha>\<^sub>s,
   4.248 +  \<^vec>x\<^sub>\<tau>)"} corresponds to the @{text "instantiate"} rules
   4.249    of \figref{fig:subst-rules}.  Type variables are substituted before
   4.250 -  term variables.  Note that the types in @{text "\<^vec>x\<^isub>\<tau>"}
   4.251 +  term variables.  Note that the types in @{text "\<^vec>x\<^sub>\<tau>"}
   4.252    refer to the instantiated versions.
   4.253  
   4.254    \item @{ML Thm.add_axiom}~@{text "ctxt (name, A)"} declares an
   4.255 @@ -761,10 +761,10 @@
   4.256    low-level representation in the axiom table may differ slightly from
   4.257    the returned theorem.
   4.258  
   4.259 -  \item @{ML Theory.add_deps}~@{text "ctxt name c\<^isub>\<tau> \<^vec>d\<^isub>\<sigma>"}
   4.260 +  \item @{ML Theory.add_deps}~@{text "ctxt name c\<^sub>\<tau> \<^vec>d\<^sub>\<sigma>"}
   4.261    declares dependencies of a named specification for constant @{text
   4.262 -  "c\<^isub>\<tau>"}, relative to existing specifications for constants @{text
   4.263 -  "\<^vec>d\<^isub>\<sigma>"}.
   4.264 +  "c\<^sub>\<tau>"}, relative to existing specifications for constants @{text
   4.265 +  "\<^vec>d\<^sub>\<sigma>"}.
   4.266  
   4.267    \end{description}
   4.268  *}
   4.269 @@ -1188,7 +1188,7 @@
   4.270    \item @{text "rules\<^sub>1 RL rules\<^sub>2"} abbreviates @{text "rules\<^sub>1 RLN (1,
   4.271    rules\<^sub>2)"}.
   4.272  
   4.273 -  \item @{text "[rule\<^sub>1, \<dots>, rule\<^sub>n] MRS rule"} resolves @{text "rule\<^isub>i"}
   4.274 +  \item @{text "[rule\<^sub>1, \<dots>, rule\<^sub>n] MRS rule"} resolves @{text "rule\<^sub>i"}
   4.275    against premise @{text "i"} of @{text "rule"}, for @{text "i = n, \<dots>,
   4.276    1"}.  By working from right to left, newly emerging premises are
   4.277    concatenated in the result, without interfering.
     5.1 --- a/src/Doc/IsarImplementation/Prelim.thy	Tue Aug 13 14:20:22 2013 +0200
     5.2 +++ b/src/Doc/IsarImplementation/Prelim.thy	Tue Aug 13 16:25:47 2013 +0200
     5.3 @@ -844,7 +844,7 @@
     5.4    \item @{ML Long_Name.qualifier}~@{text "name"} returns the qualifier
     5.5    of a long name.
     5.6  
     5.7 -  \item @{ML Long_Name.append}~@{text "name\<^isub>1 name\<^isub>2"} appends two long
     5.8 +  \item @{ML Long_Name.append}~@{text "name\<^sub>1 name\<^sub>2"} appends two long
     5.9    names.
    5.10  
    5.11    \item @{ML Long_Name.implode}~@{text "names"} and @{ML
    5.12 @@ -989,7 +989,7 @@
    5.13    \item Type @{ML_type Name_Space.T} represents name spaces.
    5.14  
    5.15    \item @{ML Name_Space.empty}~@{text "kind"} and @{ML Name_Space.merge}~@{text
    5.16 -  "(space\<^isub>1, space\<^isub>2)"} are the canonical operations for
    5.17 +  "(space\<^sub>1, space\<^sub>2)"} are the canonical operations for
    5.18    maintaining name spaces according to theory data management
    5.19    (\secref{sec:context-data}); @{text "kind"} is a formal comment
    5.20    to characterize the purpose of a name space.
     6.1 --- a/src/Doc/IsarImplementation/Proof.thy	Tue Aug 13 14:20:22 2013 +0200
     6.2 +++ b/src/Doc/IsarImplementation/Proof.thy	Tue Aug 13 16:25:47 2013 +0200
     6.3 @@ -10,7 +10,7 @@
     6.4    Any variable that is not explicitly bound by @{text "\<lambda>"}-abstraction
     6.5    is considered as ``free''.  Logically, free variables act like
     6.6    outermost universal quantification at the sequent level: @{text
     6.7 -  "A\<^isub>1(x), \<dots>, A\<^isub>n(x) \<turnstile> B(x)"} means that the result
     6.8 +  "A\<^sub>1(x), \<dots>, A\<^sub>n(x) \<turnstile> B(x)"} means that the result
     6.9    holds \emph{for all} values of @{text "x"}.  Free variables for
    6.10    terms (not types) can be fully internalized into the logic: @{text
    6.11    "\<turnstile> B(x)"} and @{text "\<turnstile> \<And>x. B(x)"} are interchangeable, provided
    6.12 @@ -35,26 +35,26 @@
    6.13    depend on type variables, which means that type variables would have
    6.14    to be declared first.  For example, a raw type-theoretic framework
    6.15    would demand the context to be constructed in stages as follows:
    6.16 -  @{text "\<Gamma> = \<alpha>: type, x: \<alpha>, a: A(x\<^isub>\<alpha>)"}.
    6.17 +  @{text "\<Gamma> = \<alpha>: type, x: \<alpha>, a: A(x\<^sub>\<alpha>)"}.
    6.18  
    6.19    We allow a slightly less formalistic mode of operation: term
    6.20    variables @{text "x"} are fixed without specifying a type yet
    6.21    (essentially \emph{all} potential occurrences of some instance
    6.22 -  @{text "x\<^isub>\<tau>"} are fixed); the first occurrence of @{text "x"}
    6.23 +  @{text "x\<^sub>\<tau>"} are fixed); the first occurrence of @{text "x"}
    6.24    within a specific term assigns its most general type, which is then
    6.25    maintained consistently in the context.  The above example becomes
    6.26 -  @{text "\<Gamma> = x: term, \<alpha>: type, A(x\<^isub>\<alpha>)"}, where type @{text
    6.27 +  @{text "\<Gamma> = x: term, \<alpha>: type, A(x\<^sub>\<alpha>)"}, where type @{text
    6.28    "\<alpha>"} is fixed \emph{after} term @{text "x"}, and the constraint
    6.29    @{text "x :: \<alpha>"} is an implicit consequence of the occurrence of
    6.30 -  @{text "x\<^isub>\<alpha>"} in the subsequent proposition.
    6.31 +  @{text "x\<^sub>\<alpha>"} in the subsequent proposition.
    6.32  
    6.33    This twist of dependencies is also accommodated by the reverse
    6.34    operation of exporting results from a context: a type variable
    6.35    @{text "\<alpha>"} is considered fixed as long as it occurs in some fixed
    6.36    term variable of the context.  For example, exporting @{text "x:
    6.37 -  term, \<alpha>: type \<turnstile> x\<^isub>\<alpha> \<equiv> x\<^isub>\<alpha>"} produces in the first step @{text "x: term
    6.38 -  \<turnstile> x\<^isub>\<alpha> \<equiv> x\<^isub>\<alpha>"} for fixed @{text "\<alpha>"}, and only in the second step
    6.39 -  @{text "\<turnstile> ?x\<^isub>?\<^isub>\<alpha> \<equiv> ?x\<^isub>?\<^isub>\<alpha>"} for schematic @{text "?x"} and @{text "?\<alpha>"}.
    6.40 +  term, \<alpha>: type \<turnstile> x\<^sub>\<alpha> \<equiv> x\<^sub>\<alpha>"} produces in the first step @{text "x: term
    6.41 +  \<turnstile> x\<^sub>\<alpha> \<equiv> x\<^sub>\<alpha>"} for fixed @{text "\<alpha>"}, and only in the second step
    6.42 +  @{text "\<turnstile> ?x\<^sub>?\<^sub>\<alpha> \<equiv> ?x\<^sub>?\<^sub>\<alpha>"} for schematic @{text "?x"} and @{text "?\<alpha>"}.
    6.43    The following Isar source text illustrates this scenario.
    6.44  *}
    6.45  
    6.46 @@ -92,9 +92,9 @@
    6.47  
    6.48    The @{text "focus"} operation provides a variant of @{text "import"}
    6.49    for nested propositions (with explicit quantification): @{text
    6.50 -  "\<And>x\<^isub>1 \<dots> x\<^isub>n. B(x\<^isub>1, \<dots>, x\<^isub>n)"} is
    6.51 -  decomposed by inventing fixed variables @{text "x\<^isub>1, \<dots>,
    6.52 -  x\<^isub>n"} for the body.
    6.53 +  "\<And>x\<^sub>1 \<dots> x\<^sub>n. B(x\<^sub>1, \<dots>, x\<^sub>n)"} is
    6.54 +  decomposed by inventing fixed variables @{text "x\<^sub>1, \<dots>,
    6.55 +  x\<^sub>n"} for the body.
    6.56  *}
    6.57  
    6.58  text %mlref {*
    6.59 @@ -234,8 +234,8 @@
    6.60    quantifiers stripped.  For example, by assuming @{text "\<And>x :: \<alpha>. P
    6.61    x"} we get @{text "\<And>x :: \<alpha>. P x \<turnstile> P ?x"} for schematic @{text "?x"}
    6.62    of fixed type @{text "\<alpha>"}.  Local derivations accumulate more and
    6.63 -  more explicit references to hypotheses: @{text "A\<^isub>1, \<dots>,
    6.64 -  A\<^isub>n \<turnstile> B"} where @{text "A\<^isub>1, \<dots>, A\<^isub>n"} needs to
    6.65 +  more explicit references to hypotheses: @{text "A\<^sub>1, \<dots>,
    6.66 +  A\<^sub>n \<turnstile> B"} where @{text "A\<^sub>1, \<dots>, A\<^sub>n"} needs to
    6.67    be covered by the assumptions of the current context.
    6.68  
    6.69    \medskip The @{text "add_assms"} operation augments the context by
     7.1 --- a/src/Doc/IsarImplementation/Tactic.thy	Tue Aug 13 14:20:22 2013 +0200
     7.2 +++ b/src/Doc/IsarImplementation/Tactic.thy	Tue Aug 13 16:25:47 2013 +0200
     7.3 @@ -509,7 +509,7 @@
     7.4    regarded as an atomic formula, to solve premise @{text "i"} of
     7.5    @{text "thm\<^sub>2"}.  Let @{text "thm\<^sub>1"} and @{text "thm\<^sub>2"} be @{text
     7.6    "\<psi>"} and @{text "\<phi>\<^sub>1 \<Longrightarrow> \<dots> \<phi>\<^sub>n \<Longrightarrow> \<phi>"}.  The unique @{text "s"} that
     7.7 -  unifies @{text "\<psi>"} and @{text "\<phi>\<^isub>i"} yields the theorem @{text "(\<phi>\<^sub>1 \<Longrightarrow>
     7.8 +  unifies @{text "\<psi>"} and @{text "\<phi>\<^sub>i"} yields the theorem @{text "(\<phi>\<^sub>1 \<Longrightarrow>
     7.9    \<dots> \<phi>\<^sub>i\<^sub>-\<^sub>1 \<Longrightarrow> \<phi>\<^sub>i\<^sub>+\<^sub>1 \<Longrightarrow> \<dots> \<phi>\<^sub>n \<Longrightarrow> \<phi>)s"}.  Multiple results are considered as
    7.10    error (exception @{ML THM}).
    7.11  
     8.1 --- a/src/Doc/IsarRef/First_Order_Logic.thy	Tue Aug 13 14:20:22 2013 +0200
     8.2 +++ b/src/Doc/IsarRef/First_Order_Logic.thy	Tue Aug 13 16:25:47 2013 +0200
     8.3 @@ -183,15 +183,15 @@
     8.4  
     8.5  axiomatization
     8.6    disj :: "o \<Rightarrow> o \<Rightarrow> o"  (infixr "\<or>" 30) where
     8.7 -  disjI\<^isub>1 [intro]: "A \<Longrightarrow> A \<or> B" and
     8.8 -  disjI\<^isub>2 [intro]: "B \<Longrightarrow> A \<or> B" and
     8.9 +  disjI\<^sub>1 [intro]: "A \<Longrightarrow> A \<or> B" and
    8.10 +  disjI\<^sub>2 [intro]: "B \<Longrightarrow> A \<or> B" and
    8.11    disjE [elim]: "A \<or> B \<Longrightarrow> (A \<Longrightarrow> C) \<Longrightarrow> (B \<Longrightarrow> C) \<Longrightarrow> C"
    8.12  
    8.13  axiomatization
    8.14    conj :: "o \<Rightarrow> o \<Rightarrow> o"  (infixr "\<and>" 35) where
    8.15    conjI [intro]: "A \<Longrightarrow> B \<Longrightarrow> A \<and> B" and
    8.16 -  conjD\<^isub>1: "A \<and> B \<Longrightarrow> A" and
    8.17 -  conjD\<^isub>2: "A \<and> B \<Longrightarrow> B"
    8.18 +  conjD\<^sub>1: "A \<and> B \<Longrightarrow> A" and
    8.19 +  conjD\<^sub>2: "A \<and> B \<Longrightarrow> B"
    8.20  
    8.21  text {*
    8.22    \noindent The conjunctive destructions have the disadvantage that
    8.23 @@ -205,8 +205,8 @@
    8.24    assumes "A \<and> B"
    8.25    obtains A and B
    8.26  proof
    8.27 -  from `A \<and> B` show A by (rule conjD\<^isub>1)
    8.28 -  from `A \<and> B` show B by (rule conjD\<^isub>2)
    8.29 +  from `A \<and> B` show A by (rule conjD\<^sub>1)
    8.30 +  from `A \<and> B` show B by (rule conjD\<^sub>2)
    8.31  qed
    8.32  
    8.33  text {*
    8.34 @@ -378,8 +378,8 @@
    8.35    @{text "impI: \<ASSUMES> A \<Longrightarrow> B \<SHOWS> A \<longrightarrow> B"} \\
    8.36    @{text "impD: \<ASSUMES> A \<longrightarrow> B \<AND> A \<SHOWS> B"} \\[1ex]
    8.37  
    8.38 -  @{text "disjI\<^isub>1: \<ASSUMES> A \<SHOWS> A \<or> B"} \\
    8.39 -  @{text "disjI\<^isub>2: \<ASSUMES> B \<SHOWS> A \<or> B"} \\
    8.40 +  @{text "disjI\<^sub>1: \<ASSUMES> A \<SHOWS> A \<or> B"} \\
    8.41 +  @{text "disjI\<^sub>2: \<ASSUMES> B \<SHOWS> A \<or> B"} \\
    8.42    @{text "disjE: \<ASSUMES> A \<or> B \<OBTAINS> A \<BBAR> B"} \\[1ex]
    8.43  
    8.44    @{text "conjI: \<ASSUMES> A \<AND> B \<SHOWS> A \<and> B"} \\
     9.1 --- a/src/Doc/IsarRef/Framework.thy	Tue Aug 13 14:20:22 2013 +0200
     9.2 +++ b/src/Doc/IsarRef/Framework.thy	Tue Aug 13 16:25:47 2013 +0200
     9.3 @@ -270,8 +270,8 @@
     9.4    :: \<alpha>. B(x)"} and @{text "A \<Longrightarrow> B"}.  Primitive reasoning operates on
     9.5    judgments of the form @{text "\<Gamma> \<turnstile> \<phi>"}, with standard introduction
     9.6    and elimination rules for @{text "\<And>"} and @{text "\<Longrightarrow>"} that refer to
     9.7 -  fixed parameters @{text "x\<^isub>1, \<dots>, x\<^isub>m"} and hypotheses
     9.8 -  @{text "A\<^isub>1, \<dots>, A\<^isub>n"} from the context @{text "\<Gamma>"};
     9.9 +  fixed parameters @{text "x\<^sub>1, \<dots>, x\<^sub>m"} and hypotheses
    9.10 +  @{text "A\<^sub>1, \<dots>, A\<^sub>n"} from the context @{text "\<Gamma>"};
    9.11    the corresponding proof terms are left implicit.  The subsequent
    9.12    inference rules define @{text "\<Gamma> \<turnstile> \<phi>"} inductively, relative to a
    9.13    collection of axioms:
    9.14 @@ -327,11 +327,11 @@
    9.15    quantifiers are pulled in front of implications at each level of
    9.16    nesting.  This means that any Pure proposition may be presented as a
    9.17    \emph{Hereditary Harrop Formula} \cite{Miller:1991} which is of the
    9.18 -  form @{text "\<And>x\<^isub>1 \<dots> x\<^isub>m. H\<^isub>1 \<Longrightarrow> \<dots> H\<^isub>n \<Longrightarrow>
    9.19 +  form @{text "\<And>x\<^sub>1 \<dots> x\<^sub>m. H\<^sub>1 \<Longrightarrow> \<dots> H\<^sub>n \<Longrightarrow>
    9.20    A"} for @{text "m, n \<ge> 0"}, and @{text "A"} atomic, and @{text
    9.21 -  "H\<^isub>1, \<dots>, H\<^isub>n"} being recursively of the same format.
    9.22 +  "H\<^sub>1, \<dots>, H\<^sub>n"} being recursively of the same format.
    9.23    Following the convention that outermost quantifiers are implicit,
    9.24 -  Horn clauses @{text "A\<^isub>1 \<Longrightarrow> \<dots> A\<^isub>n \<Longrightarrow> A"} are a special
    9.25 +  Horn clauses @{text "A\<^sub>1 \<Longrightarrow> \<dots> A\<^sub>n \<Longrightarrow> A"} are a special
    9.26    case of this.
    9.27  
    9.28    For example, @{text "\<inter>"}-introduction rule encountered before is
    9.29 @@ -348,9 +348,9 @@
    9.30    @{text "InterI:"}~@{prop "(\<And>A. A \<in> \<A> \<Longrightarrow> x \<in> A) \<Longrightarrow> x \<in> \<Inter>\<A>"}
    9.31    \]
    9.32  
    9.33 -  \medskip Goals are also represented as rules: @{text "A\<^isub>1 \<Longrightarrow>
    9.34 -  \<dots> A\<^isub>n \<Longrightarrow> C"} states that the sub-goals @{text "A\<^isub>1, \<dots>,
    9.35 -  A\<^isub>n"} entail the result @{text "C"}; for @{text "n = 0"} the
    9.36 +  \medskip Goals are also represented as rules: @{text "A\<^sub>1 \<Longrightarrow>
    9.37 +  \<dots> A\<^sub>n \<Longrightarrow> C"} states that the sub-goals @{text "A\<^sub>1, \<dots>,
    9.38 +  A\<^sub>n"} entail the result @{text "C"}; for @{text "n = 0"} the
    9.39    goal is finished.  To allow @{text "C"} being a rule statement
    9.40    itself, we introduce the protective marker @{text "# :: prop \<Rightarrow>
    9.41    prop"}, which is defined as identity and hidden from the user.  We
    9.42 @@ -369,7 +369,7 @@
    9.43    sub-goal (replacing it by zero or more sub-goals), and @{inference
    9.44    assumption}, for solving a sub-goal (finding a short-circuit with
    9.45    local assumptions).  Below @{text "\<^vec>x"} stands for @{text
    9.46 -  "x\<^isub>1, \<dots>, x\<^isub>n"} (@{text "n \<ge> 0"}).
    9.47 +  "x\<^sub>1, \<dots>, x\<^sub>n"} (@{text "n \<ge> 0"}).
    9.48  
    9.49    \[
    9.50    \infer[(@{inference_def resolution})]
    10.1 --- a/src/Doc/IsarRef/HOL_Specific.thy	Tue Aug 13 14:20:22 2013 +0200
    10.2 +++ b/src/Doc/IsarRef/HOL_Specific.thy	Tue Aug 13 16:25:47 2013 +0200
    10.3 @@ -1212,16 +1212,16 @@
    10.4  
    10.5    \begin{matharray}{lll}
    10.6      @{text "m"} & @{text "::"} &
    10.7 -      @{text "\<sigma>\<^isub>1 \<Rightarrow> \<dots> \<sigma>\<^isub>k \<Rightarrow> (\<^vec>\<alpha>\<^isub>n) t \<Rightarrow> (\<^vec>\<beta>\<^isub>n) t"} \\
    10.8 +      @{text "\<sigma>\<^sub>1 \<Rightarrow> \<dots> \<sigma>\<^sub>k \<Rightarrow> (\<^vec>\<alpha>\<^sub>n) t \<Rightarrow> (\<^vec>\<beta>\<^sub>n) t"} \\
    10.9    \end{matharray}
   10.10  
   10.11    \noindent where @{text t} is the type constructor, @{text
   10.12 -  "\<^vec>\<alpha>\<^isub>n"} and @{text "\<^vec>\<beta>\<^isub>n"} are distinct
   10.13 -  type variables free in the local theory and @{text "\<sigma>\<^isub>1"},
   10.14 -  \ldots, @{text "\<sigma>\<^isub>k"} is a subsequence of @{text "\<alpha>\<^isub>1 \<Rightarrow>
   10.15 -  \<beta>\<^isub>1"}, @{text "\<beta>\<^isub>1 \<Rightarrow> \<alpha>\<^isub>1"}, \ldots,
   10.16 -  @{text "\<alpha>\<^isub>n \<Rightarrow> \<beta>\<^isub>n"}, @{text "\<beta>\<^isub>n \<Rightarrow>
   10.17 -  \<alpha>\<^isub>n"}.
   10.18 +  "\<^vec>\<alpha>\<^sub>n"} and @{text "\<^vec>\<beta>\<^sub>n"} are distinct
   10.19 +  type variables free in the local theory and @{text "\<sigma>\<^sub>1"},
   10.20 +  \ldots, @{text "\<sigma>\<^sub>k"} is a subsequence of @{text "\<alpha>\<^sub>1 \<Rightarrow>
   10.21 +  \<beta>\<^sub>1"}, @{text "\<beta>\<^sub>1 \<Rightarrow> \<alpha>\<^sub>1"}, \ldots,
   10.22 +  @{text "\<alpha>\<^sub>n \<Rightarrow> \<beta>\<^sub>n"}, @{text "\<beta>\<^sub>n \<Rightarrow>
   10.23 +  \<alpha>\<^sub>n"}.
   10.24  
   10.25    \end{description}
   10.26  *}
   10.27 @@ -1441,7 +1441,7 @@
   10.28  
   10.29    \begin{description}
   10.30  
   10.31 -  \item @{command "adhoc_overloading"}~@{text "c v\<^isub>1 ... v\<^isub>n"}
   10.32 +  \item @{command "adhoc_overloading"}~@{text "c v\<^sub>1 ... v\<^sub>n"}
   10.33    associates variants with an existing constant.
   10.34  
   10.35    \item @{command "no_adhoc_overloading"} is similar to
   10.36 @@ -1687,8 +1687,8 @@
   10.37    \begin{description}
   10.38  
   10.39    \item @{attribute (HOL) "coercion"}~@{text "f"} registers a new
   10.40 -  coercion function @{text "f :: \<sigma>\<^isub>1 \<Rightarrow> \<sigma>\<^isub>2"} where @{text "\<sigma>\<^isub>1"} and
   10.41 -  @{text "\<sigma>\<^isub>2"} are type constructors without arguments.  Coercions are
   10.42 +  coercion function @{text "f :: \<sigma>\<^sub>1 \<Rightarrow> \<sigma>\<^sub>2"} where @{text "\<sigma>\<^sub>1"} and
   10.43 +  @{text "\<sigma>\<^sub>2"} are type constructors without arguments.  Coercions are
   10.44    composed by the inference algorithm if needed.  Note that the type
   10.45    inference algorithm is complete only if the registered coercions
   10.46    form a lattice.
   10.47 @@ -1699,11 +1699,11 @@
   10.48  
   10.49    \begin{matharray}{lll}
   10.50      @{text "map"} & @{text "::"} &
   10.51 -      @{text "f\<^isub>1 \<Rightarrow> \<dots> \<Rightarrow> f\<^isub>n \<Rightarrow> (\<alpha>\<^isub>1, \<dots>, \<alpha>\<^isub>n) t \<Rightarrow> (\<beta>\<^isub>1, \<dots>, \<beta>\<^isub>n) t"} \\
   10.52 +      @{text "f\<^sub>1 \<Rightarrow> \<dots> \<Rightarrow> f\<^sub>n \<Rightarrow> (\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>n) t \<Rightarrow> (\<beta>\<^sub>1, \<dots>, \<beta>\<^sub>n) t"} \\
   10.53    \end{matharray}
   10.54  
   10.55 -  where @{text "t"} is a type constructor and @{text "f\<^isub>i"} is of type
   10.56 -  @{text "\<alpha>\<^isub>i \<Rightarrow> \<beta>\<^isub>i"} or @{text "\<beta>\<^isub>i \<Rightarrow> \<alpha>\<^isub>i"}.  Registering a map function
   10.57 +  where @{text "t"} is a type constructor and @{text "f\<^sub>i"} is of type
   10.58 +  @{text "\<alpha>\<^sub>i \<Rightarrow> \<beta>\<^sub>i"} or @{text "\<beta>\<^sub>i \<Rightarrow> \<alpha>\<^sub>i"}.  Registering a map function
   10.59    overwrites any existing map function for this particular type
   10.60    constructor.
   10.61  
   10.62 @@ -1881,7 +1881,7 @@
   10.63      (Ax - Bx) * (By - Cy) = (Ay - By) * (Bx - Cx)"
   10.64  
   10.65  lemma collinear_inv_rotation:
   10.66 -  assumes "collinear (Ax, Ay) (Bx, By) (Cx, Cy)" and "c\<twosuperior> + s\<twosuperior> = 1"
   10.67 +  assumes "collinear (Ax, Ay) (Bx, By) (Cx, Cy)" and "c\<^sup>2 + s\<^sup>2 = 1"
   10.68    shows "collinear (Ax * c - Ay * s, Ay * c + Ax * s)
   10.69      (Bx * c - By * s, By * c + Bx * s) (Cx * c - Cy * s, Cy * c + Cx * s)"
   10.70    using assms by (algebra add: collinear.simps)
    11.1 --- a/src/Doc/IsarRef/Misc.thy	Tue Aug 13 14:20:22 2013 +0200
    11.2 +++ b/src/Doc/IsarRef/Misc.thy	Tue Aug 13 16:25:47 2013 +0200
    11.3 @@ -93,9 +93,9 @@
    11.4    visualizes dependencies of facts, using Isabelle's graph browser
    11.5    tool (see also \cite{isabelle-sys}).
    11.6  
    11.7 -  \item @{command "unused_thms"}~@{text "A\<^isub>1 \<dots> A\<^isub>m - B\<^isub>1 \<dots> B\<^isub>n"}
    11.8 -  displays all unused theorems in theories @{text "B\<^isub>1 \<dots> B\<^isub>n"}
    11.9 -  or their parents, but not in @{text "A\<^isub>1 \<dots> A\<^isub>m"} or their parents.
   11.10 +  \item @{command "unused_thms"}~@{text "A\<^sub>1 \<dots> A\<^sub>m - B\<^sub>1 \<dots> B\<^sub>n"}
   11.11 +  displays all unused theorems in theories @{text "B\<^sub>1 \<dots> B\<^sub>n"}
   11.12 +  or their parents, but not in @{text "A\<^sub>1 \<dots> A\<^sub>m"} or their parents.
   11.13    If @{text n} is @{text 0}, the end of the range of theories
   11.14    defaults to the current theory. If no range is specified,
   11.15    only the unused theorems in the current theory are displayed.
    12.1 --- a/src/Doc/IsarRef/Outer_Syntax.thy	Tue Aug 13 14:20:22 2013 +0200
    12.2 +++ b/src/Doc/IsarRef/Outer_Syntax.thy	Tue Aug 13 16:25:47 2013 +0200
    12.3 @@ -150,7 +150,7 @@
    12.4      @{syntax_def verbatim} & = & @{verbatim "{*"} @{text "\<dots>"} @{verbatim "*"}@{verbatim "}"} \\[1ex]
    12.5  
    12.6      @{text letter} & = & @{text "latin  |  "}@{verbatim "\\"}@{verbatim "<"}@{text latin}@{verbatim ">"}@{text "  |  "}@{verbatim "\\"}@{verbatim "<"}@{text "latin latin"}@{verbatim ">"}@{text "  |  greek  |"} \\
    12.7 -          &   & @{verbatim "\<^isub>"}@{text "  |  "}@{verbatim "\<^isup>"} \\
    12.8 +          &   & @{verbatim "\<^sub>"}@{text "  |  "}@{verbatim "\<^sup>"} \\
    12.9      @{text quasiletter} & = & @{text "letter  |  digit  |  "}@{verbatim "_"}@{text "  |  "}@{verbatim "'"} \\
   12.10      @{text latin} & = & @{verbatim a}@{text "  | \<dots> |  "}@{verbatim z}@{text "  |  "}@{verbatim A}@{text "  |  \<dots> |  "}@{verbatim Z} \\
   12.11      @{text digit} & = & @{verbatim "0"}@{text "  |  \<dots> |  "}@{verbatim "9"} \\
    13.1 --- a/src/Doc/IsarRef/Proof.thy	Tue Aug 13 14:20:22 2013 +0200
    13.2 +++ b/src/Doc/IsarRef/Proof.thy	Tue Aug 13 16:25:47 2013 +0200
    13.3 @@ -1224,8 +1224,8 @@
    13.4    \item @{attribute case_names}~@{text "c\<^sub>1 \<dots> c\<^sub>k"} declares names for
    13.5    the local contexts of premises of a theorem; @{text "c\<^sub>1, \<dots>, c\<^sub>k"}
    13.6    refers to the \emph{prefix} of the list of premises. Each of the
    13.7 -  cases @{text "c\<^isub>i"} can be of the form @{text "c[h\<^isub>1 \<dots> h\<^isub>n]"} where
    13.8 -  the @{text "h\<^isub>1 \<dots> h\<^isub>n"} are the names of the hypotheses in case @{text "c\<^isub>i"}
    13.9 +  cases @{text "c\<^sub>i"} can be of the form @{text "c[h\<^sub>1 \<dots> h\<^sub>n]"} where
   13.10 +  the @{text "h\<^sub>1 \<dots> h\<^sub>n"} are the names of the hypotheses in case @{text "c\<^sub>i"}
   13.11    from left to right.
   13.12    
   13.13    \item @{attribute case_conclusion}~@{text "c d\<^sub>1 \<dots> d\<^sub>k"} declares
    14.1 --- a/src/Doc/IsarRef/Spec.thy	Tue Aug 13 14:20:22 2013 +0200
    14.2 +++ b/src/Doc/IsarRef/Spec.thy	Tue Aug 13 16:25:47 2013 +0200
    14.3 @@ -844,7 +844,7 @@
    14.4  
    14.5    A weakend form of this is available through a further variant of
    14.6    @{command instance}:  @{command instance}~@{text "c\<^sub>1 \<subseteq> c\<^sub>2"} opens
    14.7 -  a proof that class @{text "c\<^isub>2"} implies @{text "c\<^isub>1"} without reference
    14.8 +  a proof that class @{text "c\<^sub>2"} implies @{text "c\<^sub>1"} without reference
    14.9    to the underlying locales;  this is useful if the properties to prove
   14.10    the logical connection are not sufficent on the locale level but on
   14.11    the theory level.
    15.1 --- a/src/Doc/LaTeXsugar/Sugar.thy	Tue Aug 13 14:20:22 2013 +0200
    15.2 +++ b/src/Doc/LaTeXsugar/Sugar.thy	Tue Aug 13 16:25:47 2013 +0200
    15.3 @@ -57,10 +57,10 @@
    15.4  @{text"case"} are set in sans serif font to distinguish them from
    15.5  other functions. This improves readability:
    15.6  \begin{itemize}
    15.7 -\item @{term"if b then e\<^isub>1 else e\<^isub>2"} instead of @{text"if b then e\<^isub>1 else e\<^isub>2"}.
    15.8 -\item @{term"let x = e\<^isub>1 in e\<^isub>2"} instead of @{text"let x = e\<^isub>1 in e\<^isub>2"}.
    15.9 -\item @{term"case x of True \<Rightarrow> e\<^isub>1 | False \<Rightarrow> e\<^isub>2"} instead of\\
   15.10 -      @{text"case x of True \<Rightarrow> e\<^isub>1 | False \<Rightarrow> e\<^isub>2"}.
   15.11 +\item @{term"if b then e\<^sub>1 else e\<^sub>2"} instead of @{text"if b then e\<^sub>1 else e\<^sub>2"}.
   15.12 +\item @{term"let x = e\<^sub>1 in e\<^sub>2"} instead of @{text"let x = e\<^sub>1 in e\<^sub>2"}.
   15.13 +\item @{term"case x of True \<Rightarrow> e\<^sub>1 | False \<Rightarrow> e\<^sub>2"} instead of\\
   15.14 +      @{text"case x of True \<Rightarrow> e\<^sub>1 | False \<Rightarrow> e\<^sub>2"}.
   15.15  \end{itemize}
   15.16  
   15.17  \subsection{Sets}
   15.18 @@ -99,7 +99,7 @@
   15.19  line. To avoid this, \texttt{OptionalSugar} contains syntax to group
   15.20  @{text"@"}-terms to the left before printing, which leads to better
   15.21  line breaking behaviour:
   15.22 -@{term[display]"term\<^isub>0 @ term\<^isub>1 @ term\<^isub>2 @ term\<^isub>3 @ term\<^isub>4 @ term\<^isub>5 @ term\<^isub>6 @ term\<^isub>7 @ term\<^isub>8 @ term\<^isub>9 @ term\<^isub>1\<^isub>0"}
   15.23 +@{term[display]"term\<^sub>0 @ term\<^sub>1 @ term\<^sub>2 @ term\<^sub>3 @ term\<^sub>4 @ term\<^sub>5 @ term\<^sub>6 @ term\<^sub>7 @ term\<^sub>8 @ term\<^sub>9 @ term\<^sub>1\<^sub>0"}
   15.24  
   15.25  \end{itemize}
   15.26  
   15.27 @@ -140,8 +140,8 @@
   15.28  suppresses question marks; variables that end in digits,
   15.29  e.g. @{text"x1"}, are still printed with a trailing @{text".0"},
   15.30  e.g. @{text"x1.0"}, their internal index. This can be avoided by
   15.31 -turning the last digit into a subscript: write \verb!x\<^isub>1! and
   15.32 -obtain the much nicer @{text"x\<^isub>1"}. *}
   15.33 +turning the last digit into a subscript: write \verb!x\<^sub>1! and
   15.34 +obtain the much nicer @{text"x\<^sub>1"}. *}
   15.35  
   15.36  (*<*)declare [[show_question_marks = false]](*>*)
   15.37  
    16.1 --- a/src/Doc/Main/Main_Doc.thy	Tue Aug 13 14:20:22 2013 +0200
    16.2 +++ b/src/Doc/Main/Main_Doc.thy	Tue Aug 13 16:25:47 2013 +0200
    16.3 @@ -45,7 +45,7 @@
    16.4  @{term"~(x = y)"} & @{term[source]"\<not> (x = y)"} & (\verb$~=$)\\
    16.5  @{term[source]"P \<longleftrightarrow> Q"} & @{term"P \<longleftrightarrow> Q"} \\
    16.6  @{term"If x y z"} & @{term[source]"If x y z"}\\
    16.7 -@{term"Let e\<^isub>1 (%x. e\<^isub>2)"} & @{term[source]"Let e\<^isub>1 (\<lambda>x. e\<^isub>2)"}\\
    16.8 +@{term"Let e\<^sub>1 (%x. e\<^sub>2)"} & @{term[source]"Let e\<^sub>1 (\<lambda>x. e\<^sub>2)"}\\
    16.9  \end{supertabular}
   16.10  
   16.11  
   16.12 @@ -131,7 +131,7 @@
   16.13  \subsubsection*{Syntax}
   16.14  
   16.15  \begin{supertabular}{@ {} l @ {\quad$\equiv$\quad} l l @ {}}
   16.16 -@{text"{x\<^isub>1,\<dots>,x\<^isub>n}"} & @{text"insert x\<^isub>1 (\<dots> (insert x\<^isub>n {})\<dots>)"}\\
   16.17 +@{text"{x\<^sub>1,\<dots>,x\<^sub>n}"} & @{text"insert x\<^sub>1 (\<dots> (insert x\<^sub>n {})\<dots>)"}\\
   16.18  @{term"x ~: A"} & @{term[source]"\<not>(x \<in> A)"}\\
   16.19  @{term"A \<subseteq> B"} & @{term[source]"A \<le> B"}\\
   16.20  @{term"A \<subset> B"} & @{term[source]"A < B"}\\
   16.21 @@ -165,7 +165,7 @@
   16.22  
   16.23  \begin{tabular}{@ {} l @ {\quad$\equiv$\quad} l @ {}}
   16.24  @{term"fun_upd f x y"} & @{term[source]"fun_upd f x y"}\\
   16.25 -@{text"f(x\<^isub>1:=y\<^isub>1,\<dots>,x\<^isub>n:=y\<^isub>n)"} & @{text"f(x\<^isub>1:=y\<^isub>1)\<dots>(x\<^isub>n:=y\<^isub>n)"}\\
   16.26 +@{text"f(x\<^sub>1:=y\<^sub>1,\<dots>,x\<^sub>n:=y\<^sub>n)"} & @{text"f(x\<^sub>1:=y\<^sub>1)\<dots>(x\<^sub>n:=y\<^sub>n)"}\\
   16.27  \end{tabular}
   16.28  
   16.29  
   16.30 @@ -545,7 +545,7 @@
   16.31  \subsubsection*{Syntax}
   16.32  
   16.33  \begin{supertabular}{@ {} l @ {\quad$\equiv$\quad} l @ {}}
   16.34 -@{text"[x\<^isub>1,\<dots>,x\<^isub>n]"} & @{text"x\<^isub>1 # \<dots> # x\<^isub>n # []"}\\
   16.35 +@{text"[x\<^sub>1,\<dots>,x\<^sub>n]"} & @{text"x\<^sub>1 # \<dots> # x\<^sub>n # []"}\\
   16.36  @{term"[m..<n]"} & @{term[source]"upt m n"}\\
   16.37  @{term"[i..j]"} & @{term[source]"upto i j"}\\
   16.38  @{text"[e. x \<leftarrow> xs]"} & @{term"map (%x. e) xs"}\\
   16.39 @@ -555,8 +555,8 @@
   16.40  \end{supertabular}
   16.41  \medskip
   16.42  
   16.43 -List comprehension: @{text"[e. q\<^isub>1, \<dots>, q\<^isub>n]"} where each
   16.44 -qualifier @{text q\<^isub>i} is either a generator \mbox{@{text"pat \<leftarrow> e"}} or a
   16.45 +List comprehension: @{text"[e. q\<^sub>1, \<dots>, q\<^sub>n]"} where each
   16.46 +qualifier @{text q\<^sub>i} is either a generator \mbox{@{text"pat \<leftarrow> e"}} or a
   16.47  guard, i.e.\ boolean expression.
   16.48  
   16.49  \section*{Map}
   16.50 @@ -581,8 +581,8 @@
   16.51  \begin{tabular}{@ {} l @ {\quad$\equiv$\quad} l @ {}}
   16.52  @{term"Map.empty"} & @{term"\<lambda>x. None"}\\
   16.53  @{term"m(x:=Some y)"} & @{term[source]"m(x:=Some y)"}\\
   16.54 -@{text"m(x\<^isub>1\<mapsto>y\<^isub>1,\<dots>,x\<^isub>n\<mapsto>y\<^isub>n)"} & @{text[source]"m(x\<^isub>1\<mapsto>y\<^isub>1)\<dots>(x\<^isub>n\<mapsto>y\<^isub>n)"}\\
   16.55 -@{text"[x\<^isub>1\<mapsto>y\<^isub>1,\<dots>,x\<^isub>n\<mapsto>y\<^isub>n]"} & @{text[source]"Map.empty(x\<^isub>1\<mapsto>y\<^isub>1,\<dots>,x\<^isub>n\<mapsto>y\<^isub>n)"}\\
   16.56 +@{text"m(x\<^sub>1\<mapsto>y\<^sub>1,\<dots>,x\<^sub>n\<mapsto>y\<^sub>n)"} & @{text[source]"m(x\<^sub>1\<mapsto>y\<^sub>1)\<dots>(x\<^sub>n\<mapsto>y\<^sub>n)"}\\
   16.57 +@{text"[x\<^sub>1\<mapsto>y\<^sub>1,\<dots>,x\<^sub>n\<mapsto>y\<^sub>n]"} & @{text[source]"Map.empty(x\<^sub>1\<mapsto>y\<^sub>1,\<dots>,x\<^sub>n\<mapsto>y\<^sub>n)"}\\
   16.58  @{term"map_upds m xs ys"} & @{term[source]"map_upds m xs ys"}\\
   16.59  \end{tabular}
   16.60  
    17.1 --- a/src/Doc/ProgProve/Basics.thy	Tue Aug 13 14:20:22 2013 +0200
    17.2 +++ b/src/Doc/ProgProve/Basics.thy	Tue Aug 13 16:25:47 2013 +0200
    17.3 @@ -35,8 +35,8 @@
    17.4  
    17.5  \concept{Terms} are formed as in functional programming by
    17.6  applying functions to arguments. If @{text f} is a function of type
    17.7 -@{text"\<tau>\<^isub>1 \<Rightarrow> \<tau>\<^isub>2"} and @{text t} is a term of type
    17.8 -@{text"\<tau>\<^isub>1"} then @{term"f t"} is a term of type @{text"\<tau>\<^isub>2"}. We write @{text "t :: \<tau>"} to mean that term @{text t} has type @{text \<tau>}.
    17.9 +@{text"\<tau>\<^sub>1 \<Rightarrow> \<tau>\<^sub>2"} and @{text t} is a term of type
   17.10 +@{text"\<tau>\<^sub>1"} then @{term"f t"} is a term of type @{text"\<tau>\<^sub>2"}. We write @{text "t :: \<tau>"} to mean that term @{text t} has type @{text \<tau>}.
   17.11  
   17.12  \begin{warn}
   17.13  There are many predefined infix symbols like @{text "+"} and @{text"\<le>"}.
   17.14 @@ -47,9 +47,9 @@
   17.15  
   17.16  HOL also supports some basic constructs from functional programming:
   17.17  \begin{quote}
   17.18 -@{text "(if b then t\<^isub>1 else t\<^isub>2)"}\\
   17.19 +@{text "(if b then t\<^sub>1 else t\<^sub>2)"}\\
   17.20  @{text "(let x = t in u)"}\\
   17.21 -@{text "(case t of pat\<^isub>1 \<Rightarrow> t\<^isub>1 | \<dots> | pat\<^isub>n \<Rightarrow> t\<^isub>n)"}
   17.22 +@{text "(case t of pat\<^sub>1 \<Rightarrow> t\<^sub>1 | \<dots> | pat\<^sub>n \<Rightarrow> t\<^sub>n)"}
   17.23  \end{quote}
   17.24  \begin{warn}
   17.25  The above three constructs must always be enclosed in parentheses
   17.26 @@ -86,11 +86,11 @@
   17.27  \begin{warn}
   17.28  Right-arrows of all kinds always associate to the right. In particular,
   17.29  the formula
   17.30 -@{text"A\<^isub>1 \<Longrightarrow> A\<^isub>2 \<Longrightarrow> A\<^isub>3"} means @{text "A\<^isub>1 \<Longrightarrow> (A\<^isub>2 \<Longrightarrow> A\<^isub>3)"}.
   17.31 -The (Isabelle specific) notation \mbox{@{text"\<lbrakk> A\<^isub>1; \<dots>; A\<^isub>n \<rbrakk> \<Longrightarrow> A"}}
   17.32 -is short for the iterated implication \mbox{@{text"A\<^isub>1 \<Longrightarrow> \<dots> \<Longrightarrow> A\<^isub>n \<Longrightarrow> A"}}.
   17.33 +@{text"A\<^sub>1 \<Longrightarrow> A\<^sub>2 \<Longrightarrow> A\<^sub>3"} means @{text "A\<^sub>1 \<Longrightarrow> (A\<^sub>2 \<Longrightarrow> A\<^sub>3)"}.
   17.34 +The (Isabelle specific) notation \mbox{@{text"\<lbrakk> A\<^sub>1; \<dots>; A\<^sub>n \<rbrakk> \<Longrightarrow> A"}}
   17.35 +is short for the iterated implication \mbox{@{text"A\<^sub>1 \<Longrightarrow> \<dots> \<Longrightarrow> A\<^sub>n \<Longrightarrow> A"}}.
   17.36  Sometimes we also employ inference rule notation:
   17.37 -\inferrule{\mbox{@{text "A\<^isub>1"}}\\ \mbox{@{text "\<dots>"}}\\ \mbox{@{text "A\<^isub>n"}}}
   17.38 +\inferrule{\mbox{@{text "A\<^sub>1"}}\\ \mbox{@{text "\<dots>"}}\\ \mbox{@{text "A\<^sub>n"}}}
   17.39  {\mbox{@{text A}}}
   17.40  \end{warn}
   17.41  
   17.42 @@ -104,13 +104,13 @@
   17.43  The general format of a theory @{text T} is
   17.44  \begin{quote}
   17.45  \isacom{theory} @{text T}\\
   17.46 -\isacom{imports} @{text "T\<^isub>1 \<dots> T\<^isub>n"}\\
   17.47 +\isacom{imports} @{text "T\<^sub>1 \<dots> T\<^sub>n"}\\
   17.48  \isacom{begin}\\
   17.49  \emph{definitions, theorems and proofs}\\
   17.50  \isacom{end}
   17.51  \end{quote}
   17.52 -where @{text "T\<^isub>1 \<dots> T\<^isub>n"} are the names of existing
   17.53 -theories that @{text T} is based on. The @{text "T\<^isub>i"} are the
   17.54 +where @{text "T\<^sub>1 \<dots> T\<^sub>n"} are the names of existing
   17.55 +theories that @{text T} is based on. The @{text "T\<^sub>i"} are the
   17.56  direct \concept{parent theories} of @{text T}.
   17.57  Everything defined in the parent theories (and their parents, recursively) is
   17.58  automatically visible. Each theory @{text T} must
    18.1 --- a/src/Doc/ProgProve/Bool_nat_list.thy	Tue Aug 13 14:20:22 2013 +0200
    18.2 +++ b/src/Doc/ProgProve/Bool_nat_list.thy	Tue Aug 13 16:25:47 2013 +0200
    18.3 @@ -385,7 +385,7 @@
    18.4  \begin{itemize}
    18.5  \item @{text "[]"} is @{const Nil},
    18.6  \item @{term"x # xs"} is @{term"Cons x xs"},
    18.7 -\item @{text"[x\<^isub>1, \<dots>, x\<^isub>n]"} is @{text"x\<^isub>1 # \<dots> # x\<^isub>n # []"}, and
    18.8 +\item @{text"[x\<^sub>1, \<dots>, x\<^sub>n]"} is @{text"x\<^sub>1 # \<dots> # x\<^sub>n # []"}, and
    18.9  \item @{term "xs @ ys"} is @{term"app xs ys"}.
   18.10  \end{itemize}
   18.11  There is also a large library of predefined functions.
    19.1 --- a/src/Doc/ProgProve/Isar.thy	Tue Aug 13 14:20:22 2013 +0200
    19.2 +++ b/src/Doc/ProgProve/Isar.thy	Tue Aug 13 16:25:47 2013 +0200
    19.3 @@ -443,8 +443,8 @@
    19.4  @{text"\<longleftrightarrow>"}:
    19.5  \end{isamarkuptext}%
    19.6  *}
    19.7 -(*<*)lemma "formula\<^isub>1 \<longleftrightarrow> formula\<^isub>2" proof-(*>*)
    19.8 -show "formula\<^isub>1 \<longleftrightarrow> formula\<^isub>2" (is "?L \<longleftrightarrow> ?R")
    19.9 +(*<*)lemma "formula\<^sub>1 \<longleftrightarrow> formula\<^sub>2" proof-(*>*)
   19.10 +show "formula\<^sub>1 \<longleftrightarrow> formula\<^sub>2" (is "?L \<longleftrightarrow> ?R")
   19.11  proof
   19.12    assume "?L"
   19.13    txt_raw{*\\\mbox{}\quad$\vdots$\\\mbox{}\hspace{-1.4ex}*}
   19.14 @@ -455,7 +455,7 @@
   19.15    show "?L" (*<*)sorry(*>*) txt_raw{*\ $\dots$\\*}
   19.16  qed(*<*)qed(*>*)
   19.17  
   19.18 -text{* Instead of duplicating @{text"formula\<^isub>i"} in the text, we introduce
   19.19 +text{* Instead of duplicating @{text"formula\<^sub>i"} in the text, we introduce
   19.20  the two abbreviations @{text"?L"} and @{text"?R"} by pattern matching.
   19.21  Pattern matching works wherever a formula is stated, in particular
   19.22  with \isacom{have} and \isacom{lemma}.
   19.23 @@ -513,11 +513,11 @@
   19.24  \isa{%
   19.25  *}
   19.26  (*<*)lemma "P" proof-(*>*)
   19.27 -have "P\<^isub>1" (*<*)sorry(*>*)txt_raw{*\ $\dots$\\*}
   19.28 -moreover have "P\<^isub>2" (*<*)sorry(*>*)txt_raw{*\ $\dots$\\*}
   19.29 +have "P\<^sub>1" (*<*)sorry(*>*)txt_raw{*\ $\dots$\\*}
   19.30 +moreover have "P\<^sub>2" (*<*)sorry(*>*)txt_raw{*\ $\dots$\\*}
   19.31  moreover
   19.32  txt_raw{*\\$\vdots$\\\hspace{-1.4ex}*}(*<*)have "True" ..(*>*)
   19.33 -moreover have "P\<^isub>n" (*<*)sorry(*>*)txt_raw{*\ $\dots$\\*}
   19.34 +moreover have "P\<^sub>n" (*<*)sorry(*>*)txt_raw{*\ $\dots$\\*}
   19.35  ultimately have "P"  (*<*)sorry(*>*)txt_raw{*\ $\dots$\\*}
   19.36  (*<*)oops(*>*)
   19.37  
   19.38 @@ -529,11 +529,11 @@
   19.39  \isa{%
   19.40  *}
   19.41  (*<*)lemma "P" proof-(*>*)
   19.42 -have lab\<^isub>1: "P\<^isub>1" (*<*)sorry(*>*)txt_raw{*\ $\dots$\\*}
   19.43 -have lab\<^isub>2: "P\<^isub>2" (*<*)sorry(*>*)txt_raw{*\ $\dots$*}
   19.44 +have lab\<^sub>1: "P\<^sub>1" (*<*)sorry(*>*)txt_raw{*\ $\dots$\\*}
   19.45 +have lab\<^sub>2: "P\<^sub>2" (*<*)sorry(*>*)txt_raw{*\ $\dots$*}
   19.46  txt_raw{*\\$\vdots$\\\hspace{-1.4ex}*}
   19.47 -have lab\<^isub>n: "P\<^isub>n" (*<*)sorry(*>*)txt_raw{*\ $\dots$\\*}
   19.48 -from lab\<^isub>1 lab\<^isub>2 txt_raw{*\ $\dots$\\*}
   19.49 +have lab\<^sub>n: "P\<^sub>n" (*<*)sorry(*>*)txt_raw{*\ $\dots$\\*}
   19.50 +from lab\<^sub>1 lab\<^sub>2 txt_raw{*\ $\dots$\\*}
   19.51  have "P"  (*<*)sorry(*>*)txt_raw{*\ $\dots$\\*}
   19.52  (*<*)oops(*>*)
   19.53  
   19.54 @@ -551,14 +551,14 @@
   19.55  has its own assumptions and is generalized over its locally fixed
   19.56  variables at the end. This is what a \concept{raw proof block} does:
   19.57  \begin{quote}
   19.58 -@{text"{"} \isacom{fix} @{text"x\<^isub>1 \<dots> x\<^isub>n"}\\
   19.59 -\mbox{}\ \ \ \isacom{assume} @{text"A\<^isub>1 \<dots> A\<^isub>m"}\\
   19.60 +@{text"{"} \isacom{fix} @{text"x\<^sub>1 \<dots> x\<^sub>n"}\\
   19.61 +\mbox{}\ \ \ \isacom{assume} @{text"A\<^sub>1 \<dots> A\<^sub>m"}\\
   19.62  \mbox{}\ \ \ $\vdots$\\
   19.63  \mbox{}\ \ \ \isacom{have} @{text"B"}\\
   19.64  @{text"}"}
   19.65  \end{quote}
   19.66 -proves @{text"\<lbrakk> A\<^isub>1; \<dots> ; A\<^isub>m \<rbrakk> \<Longrightarrow> B"}
   19.67 -where all @{text"x\<^isub>i"} have been replaced by unknowns @{text"?x\<^isub>i"}.
   19.68 +proves @{text"\<lbrakk> A\<^sub>1; \<dots> ; A\<^sub>m \<rbrakk> \<Longrightarrow> B"}
   19.69 +where all @{text"x\<^sub>i"} have been replaced by unknowns @{text"?x\<^sub>i"}.
   19.70  \begin{warn}
   19.71  The conclusion of a raw proof block is \emph{not} indicated by \isacom{show}
   19.72  but is simply the final \isacom{have}.
   19.73 @@ -642,15 +642,15 @@
   19.74  This proof pattern works for any term @{text t} whose type is a datatype.
   19.75  The goal has to be proved for each constructor @{text C}:
   19.76  \begin{quote}
   19.77 -\isacom{fix} \ @{text"x\<^isub>1 \<dots> x\<^isub>n"} \isacom{assume} @{text"\"t = C x\<^isub>1 \<dots> x\<^isub>n\""}
   19.78 +\isacom{fix} \ @{text"x\<^sub>1 \<dots> x\<^sub>n"} \isacom{assume} @{text"\"t = C x\<^sub>1 \<dots> x\<^sub>n\""}
   19.79  \end{quote}
   19.80  Each case can be written in a more compact form by means of the \isacom{case}
   19.81  command:
   19.82  \begin{quote}
   19.83 -\isacom{case} @{text "(C x\<^isub>1 \<dots> x\<^isub>n)"}
   19.84 +\isacom{case} @{text "(C x\<^sub>1 \<dots> x\<^sub>n)"}
   19.85  \end{quote}
   19.86  This is equivalent to the explicit \isacom{fix}-\isacom{assume} line
   19.87 -but also gives the assumption @{text"\"t = C x\<^isub>1 \<dots> x\<^isub>n\""} a name: @{text C},
   19.88 +but also gives the assumption @{text"\"t = C x\<^sub>1 \<dots> x\<^sub>n\""} a name: @{text C},
   19.89  like the constructor.
   19.90  Here is the \isacom{case} version of the proof above:
   19.91  *}
   19.92 @@ -782,16 +782,16 @@
   19.93  (here @{text"A(Suc n)"}).
   19.94  
   19.95  Induction works for any datatype.
   19.96 -Proving a goal @{text"\<lbrakk> A\<^isub>1(x); \<dots>; A\<^isub>k(x) \<rbrakk> \<Longrightarrow> P(x)"}
   19.97 +Proving a goal @{text"\<lbrakk> A\<^sub>1(x); \<dots>; A\<^sub>k(x) \<rbrakk> \<Longrightarrow> P(x)"}
   19.98  by induction on @{text x} generates a proof obligation for each constructor
   19.99 -@{text C} of the datatype. The command @{text"case (C x\<^isub>1 \<dots> x\<^isub>n)"}
  19.100 +@{text C} of the datatype. The command @{text"case (C x\<^sub>1 \<dots> x\<^sub>n)"}
  19.101  performs the following steps:
  19.102  \begin{enumerate}
  19.103 -\item \isacom{fix} @{text"x\<^isub>1 \<dots> x\<^isub>n"}
  19.104 +\item \isacom{fix} @{text"x\<^sub>1 \<dots> x\<^sub>n"}
  19.105  \item \isacom{assume} the induction hypotheses (calling them @{text C.IH})
  19.106 - and the premises \mbox{@{text"A\<^isub>i(C x\<^isub>1 \<dots> x\<^isub>n)"}} (calling them @{text"C.prems"})
  19.107 + and the premises \mbox{@{text"A\<^sub>i(C x\<^sub>1 \<dots> x\<^sub>n)"}} (calling them @{text"C.prems"})
  19.108   and calling the whole list @{text C}
  19.109 -\item \isacom{let} @{text"?case = \"P(C x\<^isub>1 \<dots> x\<^isub>n)\""}
  19.110 +\item \isacom{let} @{text"?case = \"P(C x\<^sub>1 \<dots> x\<^sub>n)\""}
  19.111  \end{enumerate}
  19.112  
  19.113  \subsection{Rule Induction}
  19.114 @@ -889,34 +889,34 @@
  19.115  \indent
  19.116  In general, let @{text I} be a (for simplicity unary) inductively defined
  19.117  predicate and let the rules in the definition of @{text I}
  19.118 -be called @{text "rule\<^isub>1"}, \dots, @{text "rule\<^isub>n"}. A proof by rule
  19.119 +be called @{text "rule\<^sub>1"}, \dots, @{text "rule\<^sub>n"}. A proof by rule
  19.120  induction follows this pattern:
  19.121  *}
  19.122  
  19.123  (*<*)
  19.124 -inductive I where rule\<^isub>1: "I()" |  rule\<^isub>2: "I()" |  rule\<^isub>n: "I()"
  19.125 +inductive I where rule\<^sub>1: "I()" |  rule\<^sub>2: "I()" |  rule\<^sub>n: "I()"
  19.126  lemma "I x \<Longrightarrow> P x" proof-(*>*)
  19.127  show "I x \<Longrightarrow> P x"
  19.128  proof(induction rule: I.induct)
  19.129 -  case rule\<^isub>1
  19.130 +  case rule\<^sub>1
  19.131    txt_raw{*\\[-.4ex]\mbox{}\ \ $\vdots$\\[-.4ex]\mbox{}\hspace{-1ex}*}
  19.132    show ?case (*<*)sorry(*>*)txt_raw{*\ $\dots$\\*}
  19.133  next
  19.134    txt_raw{*\\[-.4ex]$\vdots$\\[-.4ex]\mbox{}\hspace{-1ex}*}
  19.135  (*<*)
  19.136 -  case rule\<^isub>2
  19.137 +  case rule\<^sub>2
  19.138    show ?case sorry
  19.139  (*>*)
  19.140  next
  19.141 -  case rule\<^isub>n
  19.142 +  case rule\<^sub>n
  19.143    txt_raw{*\\[-.4ex]\mbox{}\ \ $\vdots$\\[-.4ex]\mbox{}\hspace{-1ex}*}
  19.144    show ?case (*<*)sorry(*>*)txt_raw{*\ $\dots$\\*}
  19.145  qed(*<*)qed(*>*)
  19.146  
  19.147  text{*
  19.148  One can provide explicit variable names by writing
  19.149 -\isacom{case}~@{text"(rule\<^isub>i x\<^isub>1 \<dots> x\<^isub>k)"}, thus renaming the first @{text k}
  19.150 -free variables in rule @{text i} to @{text"x\<^isub>1 \<dots> x\<^isub>k"},
  19.151 +\isacom{case}~@{text"(rule\<^sub>i x\<^sub>1 \<dots> x\<^sub>k)"}, thus renaming the first @{text k}
  19.152 +free variables in rule @{text i} to @{text"x\<^sub>1 \<dots> x\<^sub>k"},
  19.153  going through rule @{text i} from left to right.
  19.154  
  19.155  \subsection{Assumption Naming}
  19.156 @@ -930,8 +930,8 @@
  19.157  induction rule. For rule inductions these are the hypotheses of rule
  19.158  @{text name}, for structural inductions these are empty.
  19.159  \item[@{text name.prems}] contains the (suitably instantiated) premises
  19.160 -of the statement being proved, i.e. the @{text A\<^isub>i} when
  19.161 -proving @{text"\<lbrakk> A\<^isub>1; \<dots>; A\<^isub>n \<rbrakk> \<Longrightarrow> A"}.
  19.162 +of the statement being proved, i.e. the @{text A\<^sub>i} when
  19.163 +proving @{text"\<lbrakk> A\<^sub>1; \<dots>; A\<^sub>n \<rbrakk> \<Longrightarrow> A"}.
  19.164  \end{description}
  19.165  \begin{warn}
  19.166  Proof method @{text induct} differs from @{text induction}
    20.1 --- a/src/Doc/ProgProve/Logic.thy	Tue Aug 13 14:20:22 2013 +0200
    20.2 +++ b/src/Doc/ProgProve/Logic.thy	Tue Aug 13 16:25:47 2013 +0200
    20.3 @@ -72,8 +72,8 @@
    20.4  theorems and proof states, separating assumptions from conclusions.
    20.5  The implication @{text"\<longrightarrow>"} is part of the logic HOL and can occur inside the
    20.6  formulas that make up the assumptions and conclusion.
    20.7 -Theorems should be of the form @{text"\<lbrakk> A\<^isub>1; \<dots>; A\<^isub>n \<rbrakk> \<Longrightarrow> A"},
    20.8 -not @{text"A\<^isub>1 \<and> \<dots> \<and> A\<^isub>n \<longrightarrow> A"}. Both are logically equivalent
    20.9 +Theorems should be of the form @{text"\<lbrakk> A\<^sub>1; \<dots>; A\<^sub>n \<rbrakk> \<Longrightarrow> A"},
   20.10 +not @{text"A\<^sub>1 \<and> \<dots> \<and> A\<^sub>n \<longrightarrow> A"}. Both are logically equivalent
   20.11  but the first one works better when using the theorem in further proofs.
   20.12  \end{warn}
   20.13  
   20.14 @@ -83,7 +83,7 @@
   20.15  Sets of elements of type @{typ 'a} have type @{typ"'a set"}.
   20.16  They can be finite or infinite. Sets come with the usual notation:
   20.17  \begin{itemize}
   20.18 -\item @{term"{}"},\quad @{text"{e\<^isub>1,\<dots>,e\<^isub>n}"}
   20.19 +\item @{term"{}"},\quad @{text"{e\<^sub>1,\<dots>,e\<^sub>n}"}
   20.20  \item @{prop"e \<in> A"},\quad @{prop"A \<subseteq> B"}
   20.21  \item @{term"A \<union> B"},\quad @{term"A \<inter> B"},\quad @{term"A - B"},\quad @{term"-A"}
   20.22  \end{itemize}
   20.23 @@ -319,9 +319,9 @@
   20.24  two formulas @{text"a=b"} and @{text False}, yielding the rule
   20.25  @{thm[display,mode=Rule]conjI[of "a=b" False]}
   20.26  
   20.27 -In general, @{text"th[of string\<^isub>1 \<dots> string\<^isub>n]"} instantiates
   20.28 +In general, @{text"th[of string\<^sub>1 \<dots> string\<^sub>n]"} instantiates
   20.29  the unknowns in the theorem @{text th} from left to right with the terms
   20.30 -@{text string\<^isub>1} to @{text string\<^isub>n}.
   20.31 +@{text string\<^sub>1} to @{text string\<^sub>n}.
   20.32  
   20.33  \item By unification. \concept{Unification} is the process of making two
   20.34  terms syntactically equal by suitable instantiations of unknowns. For example,
   20.35 @@ -346,13 +346,13 @@
   20.36  @{text"1.  \<dots>  \<Longrightarrow> A"}\\
   20.37  @{text"2.  \<dots>  \<Longrightarrow> B"}
   20.38  \end{quote}
   20.39 -In general, the application of a rule @{text"\<lbrakk> A\<^isub>1; \<dots>; A\<^isub>n \<rbrakk> \<Longrightarrow> A"}
   20.40 +In general, the application of a rule @{text"\<lbrakk> A\<^sub>1; \<dots>; A\<^sub>n \<rbrakk> \<Longrightarrow> A"}
   20.41  to a subgoal \mbox{@{text"\<dots> \<Longrightarrow> C"}} proceeds in two steps:
   20.42  \begin{enumerate}
   20.43  \item
   20.44  Unify @{text A} and @{text C}, thus instantiating the unknowns in the rule.
   20.45  \item
   20.46 -Replace the subgoal @{text C} with @{text n} new subgoals @{text"A\<^isub>1"} to @{text"A\<^isub>n"}.
   20.47 +Replace the subgoal @{text C} with @{text n} new subgoals @{text"A\<^sub>1"} to @{text"A\<^sub>n"}.
   20.48  \end{enumerate}
   20.49  This is the command to apply rule @{text xyz}:
   20.50  \begin{quote}
   20.51 @@ -430,10 +430,10 @@
   20.52  premises.
   20.53  \end{warn}
   20.54  
   20.55 -In general @{text r} can be of the form @{text"\<lbrakk> A\<^isub>1; \<dots>; A\<^isub>n \<rbrakk> \<Longrightarrow> A"}
   20.56 -and there can be multiple argument theorems @{text r\<^isub>1} to @{text r\<^isub>m}
   20.57 -(with @{text"m \<le> n"}), in which case @{text "r[OF r\<^isub>1 \<dots> r\<^isub>m]"} is obtained
   20.58 -by unifying and thus proving @{text "A\<^isub>i"} with @{text "r\<^isub>i"}, @{text"i = 1\<dots>m"}.
   20.59 +In general @{text r} can be of the form @{text"\<lbrakk> A\<^sub>1; \<dots>; A\<^sub>n \<rbrakk> \<Longrightarrow> A"}
   20.60 +and there can be multiple argument theorems @{text r\<^sub>1} to @{text r\<^sub>m}
   20.61 +(with @{text"m \<le> n"}), in which case @{text "r[OF r\<^sub>1 \<dots> r\<^sub>m]"} is obtained
   20.62 +by unifying and thus proving @{text "A\<^sub>i"} with @{text "r\<^sub>i"}, @{text"i = 1\<dots>m"}.
   20.63  Here is an example, where @{thm[source]refl} is the theorem
   20.64  @{thm[show_question_marks] refl}:
   20.65  *}
   20.66 @@ -739,7 +739,7 @@
   20.67  \end{quote}
   20.68  followed by a sequence of (possibly named) rules of the form
   20.69  \begin{quote}
   20.70 -@{text "\<lbrakk> I a\<^isub>1; \<dots>; I a\<^isub>n \<rbrakk> \<Longrightarrow> I a"}
   20.71 +@{text "\<lbrakk> I a\<^sub>1; \<dots>; I a\<^sub>n \<rbrakk> \<Longrightarrow> I a"}
   20.72  \end{quote}
   20.73  separated by @{text"|"}. As usual, @{text n} can be 0.
   20.74  The corresponding rule induction principle
   20.75 @@ -755,7 +755,7 @@
   20.76  Proving @{prop "I x \<Longrightarrow> P x"} by rule induction means proving
   20.77  for every rule of @{text I} that @{text P} is invariant:
   20.78  \begin{quote}
   20.79 -@{text "\<lbrakk> I a\<^isub>1; P a\<^isub>1; \<dots>; I a\<^isub>n; P a\<^isub>n \<rbrakk> \<Longrightarrow> P a"}
   20.80 +@{text "\<lbrakk> I a\<^sub>1; P a\<^sub>1; \<dots>; I a\<^sub>n; P a\<^sub>n \<rbrakk> \<Longrightarrow> P a"}
   20.81  \end{quote}
   20.82  
   20.83  The above format for inductive definitions is simplified in a number of
    21.1 --- a/src/Doc/ProgProve/Types_and_funs.thy	Tue Aug 13 14:20:22 2013 +0200
    21.2 +++ b/src/Doc/ProgProve/Types_and_funs.thy	Tue Aug 13 16:25:47 2013 +0200
    21.3 @@ -21,14 +21,14 @@
    21.4  The general form of a datatype definition looks like this:
    21.5  \begin{quote}
    21.6  \begin{tabular}{@ {}rclcll}
    21.7 -\isacom{datatype} @{text "('a\<^isub>1,\<dots>,'a\<^isub>n)t"}
    21.8 +\isacom{datatype} @{text "('a\<^sub>1,\<dots>,'a\<^sub>n)t"}
    21.9       & = & $C_1 \ @{text"\""}\tau_{1,1}@{text"\""} \dots @{text"\""}\tau_{1,n_1}@{text"\""}$ \\
   21.10       & $|$ & \dots \\
   21.11       & $|$ & $C_k \ @{text"\""}\tau_{k,1}@{text"\""} \dots @{text"\""}\tau_{k,n_k}@{text"\""}$
   21.12  \end{tabular}
   21.13  \end{quote}
   21.14  It introduces the constructors \
   21.15 -$C_i :: \tau_{i,1}\Rightarrow \cdots \Rightarrow \tau_{i,n_i} \Rightarrow$~@{text "('a\<^isub>1,\<dots>,'a\<^isub>n)t"} \ and expresses that any value of this type is built from these constructors in a unique manner. Uniqueness is implied by the following
   21.16 +$C_i :: \tau_{i,1}\Rightarrow \cdots \Rightarrow \tau_{i,n_i} \Rightarrow$~@{text "('a\<^sub>1,\<dots>,'a\<^sub>n)t"} \ and expresses that any value of this type is built from these constructors in a unique manner. Uniqueness is implied by the following
   21.17  properties of the constructors:
   21.18  \begin{itemize}
   21.19  \item \emph{Distinctness:} $C_i\ \ldots \neq C_j\ \dots$ \quad if $i \neq j$
   21.20 @@ -40,9 +40,9 @@
   21.21  \end{itemize}
   21.22  The fact that any value of the datatype is built from the constructors implies
   21.23  the structural induction rule: to show
   21.24 -$P~x$ for all $x$ of type @{text "('a\<^isub>1,\<dots>,'a\<^isub>n)t"},
   21.25 +$P~x$ for all $x$ of type @{text "('a\<^sub>1,\<dots>,'a\<^sub>n)t"},
   21.26  one needs to show $P(C_i\ x_1 \dots x_{n_i})$ (for each $i$) assuming
   21.27 -$P(x_j)$ for all $j$ where $\tau_{i,j} =$~@{text "('a\<^isub>1,\<dots>,'a\<^isub>n)t"}.
   21.28 +$P(x_j)$ for all $j$ where $\tau_{i,j} =$~@{text "('a\<^sub>1,\<dots>,'a\<^sub>n)t"}.
   21.29  Distinctness and injectivity are applied automatically by @{text auto}
   21.30  and other proof methods. Induction must be applied explicitly.
   21.31  
   21.32 @@ -91,11 +91,11 @@
   21.33  "lookup ((a,b) # ps) x = (if a = x then Some b else lookup ps x)"
   21.34  
   21.35  text{*
   21.36 -Note that @{text"\<tau>\<^isub>1 * \<tau>\<^isub>2"} is the type of pairs, also written @{text"\<tau>\<^isub>1 \<times> \<tau>\<^isub>2"}.
   21.37 +Note that @{text"\<tau>\<^sub>1 * \<tau>\<^sub>2"} is the type of pairs, also written @{text"\<tau>\<^sub>1 \<times> \<tau>\<^sub>2"}.
   21.38  Pairs can be taken apart either by pattern matching (as above) or with the
   21.39  projection functions @{const fst} and @{const snd}: @{thm fst_conv} and @{thm snd_conv}. Tuples are simulated by pairs nested to the right: @{term"(a,b,c)"}
   21.40 -abbreviates @{text"(a, (b, c))"} and @{text "\<tau>\<^isub>1 \<times> \<tau>\<^isub>2 \<times> \<tau>\<^isub>3"} abbreviates
   21.41 -@{text "\<tau>\<^isub>1 \<times> (\<tau>\<^isub>2 \<times> \<tau>\<^isub>3)"}.
   21.42 +abbreviates @{text"(a, (b, c))"} and @{text "\<tau>\<^sub>1 \<times> \<tau>\<^sub>2 \<times> \<tau>\<^sub>3"} abbreviates
   21.43 +@{text "\<tau>\<^sub>1 \<times> (\<tau>\<^sub>2 \<times> \<tau>\<^sub>3)"}.
   21.44  
   21.45  \subsection{Definitions}
   21.46  
   21.47 @@ -106,7 +106,7 @@
   21.48  "sq n = n * n"
   21.49  
   21.50  text{* Such definitions do not allow pattern matching but only
   21.51 -@{text"f x\<^isub>1 \<dots> x\<^isub>n = t"}, where @{text f} does not occur in @{text t}.
   21.52 +@{text"f x\<^sub>1 \<dots> x\<^sub>n = t"}, where @{text f} does not occur in @{text t}.
   21.53  
   21.54  \subsection{Abbreviations}
   21.55  
   21.56 @@ -185,18 +185,18 @@
   21.57  because the induction follows the (terminating!) computation.
   21.58  For every defining equation
   21.59  \begin{quote}
   21.60 -@{text "f(e) = \<dots> f(r\<^isub>1) \<dots> f(r\<^isub>k) \<dots>"}
   21.61 +@{text "f(e) = \<dots> f(r\<^sub>1) \<dots> f(r\<^sub>k) \<dots>"}
   21.62  \end{quote}
   21.63 -where @{text"f(r\<^isub>i)"}, @{text"i=1\<dots>k"}, are all the recursive calls,
   21.64 +where @{text"f(r\<^sub>i)"}, @{text"i=1\<dots>k"}, are all the recursive calls,
   21.65  the induction rule @{text"f.induct"} contains one premise of the form
   21.66  \begin{quote}
   21.67 -@{text"P(r\<^isub>1) \<Longrightarrow> \<dots> \<Longrightarrow> P(r\<^isub>k) \<Longrightarrow> P(e)"}
   21.68 +@{text"P(r\<^sub>1) \<Longrightarrow> \<dots> \<Longrightarrow> P(r\<^sub>k) \<Longrightarrow> P(e)"}
   21.69  \end{quote}
   21.70 -If @{text "f :: \<tau>\<^isub>1 \<Rightarrow> \<dots> \<Rightarrow> \<tau>\<^isub>n \<Rightarrow> \<tau>"} then @{text"f.induct"} is applied like this:
   21.71 +If @{text "f :: \<tau>\<^sub>1 \<Rightarrow> \<dots> \<Rightarrow> \<tau>\<^sub>n \<Rightarrow> \<tau>"} then @{text"f.induct"} is applied like this:
   21.72  \begin{quote}
   21.73 -\isacom{apply}@{text"(induction x\<^isub>1 \<dots> x\<^isub>n rule: f.induct)"}
   21.74 +\isacom{apply}@{text"(induction x\<^sub>1 \<dots> x\<^sub>n rule: f.induct)"}
   21.75  \end{quote}
   21.76 -where typically there is a call @{text"f x\<^isub>1 \<dots> x\<^isub>n"} in the goal.
   21.77 +where typically there is a call @{text"f x\<^sub>1 \<dots> x\<^sub>n"} in the goal.
   21.78  But note that the induction rule does not mention @{text f} at all,
   21.79  except in its name, and is applicable independently of @{text f}.
   21.80  
   21.81 @@ -300,7 +300,7 @@
   21.82  \emph{Generalize induction by generalizing all free
   21.83  variables\\ {\em(except the induction variable itself)}.}
   21.84  \end{quote}
   21.85 -Generalization is best performed with @{text"arbitrary: y\<^isub>1 \<dots> y\<^isub>k"}. 
   21.86 +Generalization is best performed with @{text"arbitrary: y\<^sub>1 \<dots> y\<^sub>k"}. 
   21.87  This heuristic prevents trivial failures like the one above.
   21.88  However, it should not be applied blindly.
   21.89  It is not always required, and the additional quantifiers can complicate
   21.90 @@ -410,16 +410,16 @@
   21.91  In such cases the more predictable @{text simp} method should be used.
   21.92  Given a goal
   21.93  \begin{quote}
   21.94 -@{text"1. \<lbrakk> P\<^isub>1; \<dots>; P\<^isub>m \<rbrakk> \<Longrightarrow> C"}
   21.95 +@{text"1. \<lbrakk> P\<^sub>1; \<dots>; P\<^sub>m \<rbrakk> \<Longrightarrow> C"}
   21.96  \end{quote}
   21.97  the command
   21.98  \begin{quote}
   21.99 -\isacom{apply}@{text"(simp add: th\<^isub>1 \<dots> th\<^isub>n)"}
  21.100 +\isacom{apply}@{text"(simp add: th\<^sub>1 \<dots> th\<^sub>n)"}
  21.101  \end{quote}
  21.102 -simplifies the assumptions @{text "P\<^isub>i"} and the conclusion @{text C} using
  21.103 +simplifies the assumptions @{text "P\<^sub>i"} and the conclusion @{text C} using
  21.104  \begin{itemize}
  21.105  \item all simplification rules, including the ones coming from \isacom{datatype} and \isacom{fun},
  21.106 -\item the additional lemmas @{text"th\<^isub>1 \<dots> th\<^isub>n"}, and
  21.107 +\item the additional lemmas @{text"th\<^sub>1 \<dots> th\<^sub>n"}, and
  21.108  \item the assumptions.
  21.109  \end{itemize}
  21.110  In addition to or instead of @{text add} there is also @{text del} for removing
    22.1 --- a/src/Doc/Tutorial/Documents/Documents.thy	Tue Aug 13 14:20:22 2013 +0200
    22.2 +++ b/src/Doc/Tutorial/Documents/Documents.thy	Tue Aug 13 16:25:47 2013 +0200
    22.3 @@ -126,10 +126,10 @@
    22.4    in the trailing part of an identifier. This means that the input
    22.5  
    22.6    \medskip
    22.7 -  {\small\noindent \verb,\,\verb,<forall>\,\verb,<alpha>\<^isub>1.,~\verb,\,\verb,<alpha>\<^isub>1 = \,\verb,<Pi>\<^isub>\<A>,}
    22.8 +  {\small\noindent \verb,\,\verb,<forall>\,\verb,<alpha>\<^sub>1.,~\verb,\,\verb,<alpha>\<^sub>1 = \,\verb,<Pi>\<^sub>\<A>,}
    22.9  
   22.10    \medskip
   22.11 -  \noindent is recognized as the term @{term "\<forall>\<alpha>\<^isub>1. \<alpha>\<^isub>1 = \<Pi>\<^isub>\<A>"} 
   22.12 +  \noindent is recognized as the term @{term "\<forall>\<alpha>\<^sub>1. \<alpha>\<^sub>1 = \<Pi>\<^sub>\<A>"} 
   22.13    by Isabelle.
   22.14  
   22.15    Replacing our previous definition of @{text xor} by the
    23.1 --- a/src/Doc/Tutorial/Inductive/Mutual.thy	Tue Aug 13 14:20:22 2013 +0200
    23.2 +++ b/src/Doc/Tutorial/Inductive/Mutual.thy	Tue Aug 13 16:25:47 2013 +0200
    23.3 @@ -69,11 +69,11 @@
    23.4  you write \commdx{inductive} instead of \isacommand{inductive\_set} and
    23.5  @{prop"evn n"} instead of @{prop"n : even"}.
    23.6  When defining an n-ary relation as a predicate, it is recommended to curry
    23.7 -the predicate: its type should be \mbox{@{text"\<tau>\<^isub>1 \<Rightarrow> \<dots> \<Rightarrow> \<tau>\<^isub>n \<Rightarrow> bool"}}
    23.8 +the predicate: its type should be \mbox{@{text"\<tau>\<^sub>1 \<Rightarrow> \<dots> \<Rightarrow> \<tau>\<^sub>n \<Rightarrow> bool"}}
    23.9  rather than
   23.10 -@{text"\<tau>\<^isub>1 \<times> \<dots> \<times> \<tau>\<^isub>n \<Rightarrow> bool"}. The curried version facilitates inductions.
   23.11 +@{text"\<tau>\<^sub>1 \<times> \<dots> \<times> \<tau>\<^sub>n \<Rightarrow> bool"}. The curried version facilitates inductions.
   23.12  
   23.13 -When should you choose sets and when predicates? If you intend to combine your notion with set theoretic notation, define it as an inductive set. If not, define it as an inductive predicate, thus avoiding the @{text"\<in>"} notation. But note that predicates of more than one argument cannot be combined with the usual set theoretic operators: @{term"P \<union> Q"} is not well-typed if @{text"P, Q :: \<tau>\<^isub>1 \<Rightarrow> \<tau>\<^isub>2 \<Rightarrow> bool"}, you have to write @{term"%x y. P x y & Q x y"} instead.
   23.14 +When should you choose sets and when predicates? If you intend to combine your notion with set theoretic notation, define it as an inductive set. If not, define it as an inductive predicate, thus avoiding the @{text"\<in>"} notation. But note that predicates of more than one argument cannot be combined with the usual set theoretic operators: @{term"P \<union> Q"} is not well-typed if @{text"P, Q :: \<tau>\<^sub>1 \<Rightarrow> \<tau>\<^sub>2 \<Rightarrow> bool"}, you have to write @{term"%x y. P x y & Q x y"} instead.
   23.15  \index{inductive predicates|)}
   23.16  *}
   23.17  
    24.1 --- a/src/Doc/Tutorial/Types/Axioms.thy	Tue Aug 13 14:20:22 2013 +0200
    24.2 +++ b/src/Doc/Tutorial/Types/Axioms.thy	Tue Aug 13 16:25:47 2013 +0200
    24.3 @@ -63,9 +63,9 @@
    24.4  begin
    24.5  
    24.6  instance proof
    24.7 -  fix p\<^isub>1 p\<^isub>2 p\<^isub>3 :: "'a\<Colon>semigroup \<times> 'b\<Colon>semigroup"
    24.8 -  show "p\<^isub>1 \<oplus> p\<^isub>2 \<oplus> p\<^isub>3 = p\<^isub>1 \<oplus> (p\<^isub>2 \<oplus> p\<^isub>3)"
    24.9 -    by (cases p\<^isub>1, cases p\<^isub>2, cases p\<^isub>3) (simp add: assoc)
   24.10 +  fix p\<^sub>1 p\<^sub>2 p\<^sub>3 :: "'a\<Colon>semigroup \<times> 'b\<Colon>semigroup"
   24.11 +  show "p\<^sub>1 \<oplus> p\<^sub>2 \<oplus> p\<^sub>3 = p\<^sub>1 \<oplus> (p\<^sub>2 \<oplus> p\<^sub>3)"
   24.12 +    by (cases p\<^sub>1, cases p\<^sub>2, cases p\<^sub>3) (simp add: assoc)
   24.13  
   24.14  txt {* \noindent Associativity of product semigroups is established
   24.15  using the hypothetical associativity @{fact assoc} of the type
    25.1 --- a/src/HOL/Complete_Lattices.thy	Tue Aug 13 14:20:22 2013 +0200
    25.2 +++ b/src/HOL/Complete_Lattices.thy	Tue Aug 13 16:25:47 2013 +0200
    25.3 @@ -1033,8 +1033,8 @@
    25.4  
    25.5  text {*
    25.6    Note the difference between ordinary xsymbol syntax of indexed
    25.7 -  unions and intersections (e.g.\ @{text"\<Union>a\<^isub>1\<in>A\<^isub>1. B"})
    25.8 -  and their \LaTeX\ rendition: @{term"\<Union>a\<^isub>1\<in>A\<^isub>1. B"}. The
    25.9 +  unions and intersections (e.g.\ @{text"\<Union>a\<^sub>1\<in>A\<^sub>1. B"})
   25.10 +  and their \LaTeX\ rendition: @{term"\<Union>a\<^sub>1\<in>A\<^sub>1. B"}. The
   25.11    former does not make the index expression a subscript of the
   25.12    union/intersection symbol because this leads to problems with nested
   25.13    subscripts in Proof General.
    26.1 --- a/src/HOL/Complex.thy	Tue Aug 13 14:20:22 2013 +0200
    26.2 +++ b/src/HOL/Complex.thy	Tue Aug 13 16:25:47 2013 +0200
    26.3 @@ -103,7 +103,7 @@
    26.4  
    26.5  definition complex_inverse_def:
    26.6    "inverse x =
    26.7 -    Complex (Re x / ((Re x)\<twosuperior> + (Im x)\<twosuperior>)) (- Im x / ((Re x)\<twosuperior> + (Im x)\<twosuperior>))"
    26.8 +    Complex (Re x / ((Re x)\<^sup>2 + (Im x)\<^sup>2)) (- Im x / ((Re x)\<^sup>2 + (Im x)\<^sup>2))"
    26.9  
   26.10  definition complex_divide_def:
   26.11    "x / (y\<Colon>complex) = x * inverse y"
   26.12 @@ -128,15 +128,15 @@
   26.13    by (simp add: complex_mult_def)
   26.14  
   26.15  lemma complex_inverse [simp]:
   26.16 -  "inverse (Complex a b) = Complex (a / (a\<twosuperior> + b\<twosuperior>)) (- b / (a\<twosuperior> + b\<twosuperior>))"
   26.17 +  "inverse (Complex a b) = Complex (a / (a\<^sup>2 + b\<^sup>2)) (- b / (a\<^sup>2 + b\<^sup>2))"
   26.18    by (simp add: complex_inverse_def)
   26.19  
   26.20  lemma complex_Re_inverse:
   26.21 -  "Re (inverse x) = Re x / ((Re x)\<twosuperior> + (Im x)\<twosuperior>)"
   26.22 +  "Re (inverse x) = Re x / ((Re x)\<^sup>2 + (Im x)\<^sup>2)"
   26.23    by (simp add: complex_inverse_def)
   26.24  
   26.25  lemma complex_Im_inverse:
   26.26 -  "Im (inverse x) = - Im x / ((Re x)\<twosuperior> + (Im x)\<twosuperior>)"
   26.27 +  "Im (inverse x) = - Im x / ((Re x)\<^sup>2 + (Im x)\<^sup>2)"
   26.28    by (simp add: complex_inverse_def)
   26.29  
   26.30  instance
   26.31 @@ -267,7 +267,7 @@
   26.32  begin
   26.33  
   26.34  definition complex_norm_def:
   26.35 -  "norm z = sqrt ((Re z)\<twosuperior> + (Im z)\<twosuperior>)"
   26.36 +  "norm z = sqrt ((Re z)\<^sup>2 + (Im z)\<^sup>2)"
   26.37  
   26.38  abbreviation cmod :: "complex \<Rightarrow> real"
   26.39    where "cmod \<equiv> norm"
   26.40 @@ -283,7 +283,7 @@
   26.41  
   26.42  lemmas cmod_def = complex_norm_def
   26.43  
   26.44 -lemma complex_norm [simp]: "cmod (Complex x y) = sqrt (x\<twosuperior> + y\<twosuperior>)"
   26.45 +lemma complex_norm [simp]: "cmod (Complex x y) = sqrt (x\<^sup>2 + y\<^sup>2)"
   26.46    by (simp add: complex_norm_def)
   26.47  
   26.48  instance proof
   26.49 @@ -439,7 +439,7 @@
   26.50  lemma i_squared [simp]: "ii * ii = -1"
   26.51    by (simp add: i_def)
   26.52  
   26.53 -lemma power2_i [simp]: "ii\<twosuperior> = -1"
   26.54 +lemma power2_i [simp]: "ii\<^sup>2 = -1"
   26.55    by (simp add: power2_eq_square)
   26.56  
   26.57  lemma inverse_i [simp]: "inverse ii = - ii"
   26.58 @@ -529,10 +529,10 @@
   26.59  lemma complex_diff_cnj: "z - cnj z = complex_of_real (2 * Im z) * ii"
   26.60    by (simp add: complex_eq_iff)
   26.61  
   26.62 -lemma complex_mult_cnj: "z * cnj z = complex_of_real ((Re z)\<twosuperior> + (Im z)\<twosuperior>)"
   26.63 +lemma complex_mult_cnj: "z * cnj z = complex_of_real ((Re z)\<^sup>2 + (Im z)\<^sup>2)"
   26.64    by (simp add: complex_eq_iff power2_eq_square)
   26.65  
   26.66 -lemma complex_mod_mult_cnj: "cmod (z * cnj z) = (cmod z)\<twosuperior>"
   26.67 +lemma complex_mod_mult_cnj: "cmod (z * cnj z) = (cmod z)\<^sup>2"
   26.68    by (simp add: norm_mult power2_eq_square)
   26.69  
   26.70  lemma complex_mod_sqrt_Re_mult_cnj: "cmod z = sqrt (Re (z * cnj z))"
    27.1 --- a/src/HOL/Decision_Procs/Cooper.thy	Tue Aug 13 14:20:22 2013 +0200
    27.2 +++ b/src/HOL/Decision_Procs/Cooper.thy	Tue Aug 13 16:25:47 2013 +0200
    27.3 @@ -1110,7 +1110,7 @@
    27.4    "plusinf (Ge  (CN 0 c e)) = T"
    27.5    "plusinf p = p"
    27.6  
    27.7 -consts \<delta> :: "fm \<Rightarrow> int"  -- {* Compute @{text "lcm {d| N\<^isup>? Dvd c*x+t \<in> p}"} *}
    27.8 +consts \<delta> :: "fm \<Rightarrow> int"  -- {* Compute @{text "lcm {d| N\<^sup>? Dvd c*x+t \<in> p}"} *}
    27.9  recdef \<delta> "measure size"
   27.10    "\<delta> (And p q) = lcm (\<delta> p) (\<delta> q)"
   27.11    "\<delta> (Or p q) = lcm (\<delta> p) (\<delta> q)"
    28.1 --- a/src/HOL/Decision_Procs/ex/Approximation_Ex.thy	Tue Aug 13 14:20:22 2013 +0200
    28.2 +++ b/src/HOL/Decision_Procs/ex/Approximation_Ex.thy	Tue Aug 13 16:25:47 2013 +0200
    28.3 @@ -17,8 +17,8 @@
    28.4  variables can be used, but each one need to be bounded by an upper and lower
    28.5  bound.
    28.6  
    28.7 -To specify the bounds either @{term "l\<^isub>1 \<le> x \<and> x \<le> u\<^isub>1"},
    28.8 -@{term "x \<in> { l\<^isub>1 .. u\<^isub>1 }"} or @{term "x = bnd"} can be used. Where the
    28.9 +To specify the bounds either @{term "l\<^sub>1 \<le> x \<and> x \<le> u\<^sub>1"},
   28.10 +@{term "x \<in> { l\<^sub>1 .. u\<^sub>1 }"} or @{term "x = bnd"} can be used. Where the
   28.11  bound specification are again arithmetic formulas containing variables. They can
   28.12  be connected using either meta level or HOL equivalence.
   28.13  
    29.1 --- a/src/HOL/Enum.thy	Tue Aug 13 14:20:22 2013 +0200
    29.2 +++ b/src/HOL/Enum.thy	Tue Aug 13 16:25:47 2013 +0200
    29.3 @@ -438,25 +438,25 @@
    29.4  
    29.5  text {* We define small finite types for the use in Quickcheck *}
    29.6  
    29.7 -datatype finite_1 = a\<^isub>1
    29.8 +datatype finite_1 = a\<^sub>1
    29.9  
   29.10 -notation (output) a\<^isub>1  ("a\<^isub>1")
   29.11 +notation (output) a\<^sub>1  ("a\<^sub>1")
   29.12  
   29.13  lemma UNIV_finite_1:
   29.14 -  "UNIV = {a\<^isub>1}"
   29.15 +  "UNIV = {a\<^sub>1}"
   29.16    by (auto intro: finite_1.exhaust)
   29.17  
   29.18  instantiation finite_1 :: enum
   29.19  begin
   29.20  
   29.21  definition
   29.22 -  "enum = [a\<^isub>1]"
   29.23 +  "enum = [a\<^sub>1]"
   29.24  
   29.25  definition
   29.26 -  "enum_all P = P a\<^isub>1"
   29.27 +  "enum_all P = P a\<^sub>1"
   29.28  
   29.29  definition
   29.30 -  "enum_ex P = P a\<^isub>1"
   29.31 +  "enum_ex P = P a\<^sub>1"
   29.32  
   29.33  instance proof
   29.34  qed (simp_all only: enum_finite_1_def enum_all_finite_1_def enum_ex_finite_1_def UNIV_finite_1, simp_all)
   29.35 @@ -482,28 +482,28 @@
   29.36  
   29.37  end
   29.38  
   29.39 -hide_const (open) a\<^isub>1
   29.40 +hide_const (open) a\<^sub>1
   29.41  
   29.42 -datatype finite_2 = a\<^isub>1 | a\<^isub>2
   29.43 +datatype finite_2 = a\<^sub>1 | a\<^sub>2
   29.44  
   29.45 -notation (output) a\<^isub>1  ("a\<^isub>1")
   29.46 -notation (output) a\<^isub>2  ("a\<^isub>2")
   29.47 +notation (output) a\<^sub>1  ("a\<^sub>1")
   29.48 +notation (output) a\<^sub>2  ("a\<^sub>2")
   29.49  
   29.50  lemma UNIV_finite_2:
   29.51 -  "UNIV = {a\<^isub>1, a\<^isub>2}"
   29.52 +  "UNIV = {a\<^sub>1, a\<^sub>2}"
   29.53    by (auto intro: finite_2.exhaust)
   29.54  
   29.55  instantiation finite_2 :: enum
   29.56  begin
   29.57  
   29.58  definition
   29.59 -  "enum = [a\<^isub>1, a\<^isub>2]"
   29.60 +  "enum = [a\<^sub>1, a\<^sub>2]"
   29.61  
   29.62  definition
   29.63 -  "enum_all P \<longleftrightarrow> P a\<^isub>1 \<and> P a\<^isub>2"
   29.64 +  "enum_all P \<longleftrightarrow> P a\<^sub>1 \<and> P a\<^sub>2"
   29.65  
   29.66  definition
   29.67 -  "enum_ex P \<longleftrightarrow> P a\<^isub>1 \<or> P a\<^isub>2"
   29.68 +  "enum_ex P \<longleftrightarrow> P a\<^sub>1 \<or> P a\<^sub>2"
   29.69  
   29.70  instance proof
   29.71  qed (simp_all only: enum_finite_2_def enum_all_finite_2_def enum_ex_finite_2_def UNIV_finite_2, simp_all)
   29.72 @@ -515,7 +515,7 @@
   29.73  
   29.74  definition less_finite_2 :: "finite_2 \<Rightarrow> finite_2 \<Rightarrow> bool"
   29.75  where
   29.76 -  "x < y \<longleftrightarrow> x = a\<^isub>1 \<and> y = a\<^isub>2"
   29.77 +  "x < y \<longleftrightarrow> x = a\<^sub>1 \<and> y = a\<^sub>2"
   29.78  
   29.79  definition less_eq_finite_2 :: "finite_2 \<Rightarrow> finite_2 \<Rightarrow> bool"
   29.80  where
   29.81 @@ -529,29 +529,29 @@
   29.82  
   29.83  end
   29.84  
   29.85 -hide_const (open) a\<^isub>1 a\<^isub>2
   29.86 +hide_const (open) a\<^sub>1 a\<^sub>2
   29.87  
   29.88 -datatype finite_3 = a\<^isub>1 | a\<^isub>2 | a\<^isub>3
   29.89 +datatype finite_3 = a\<^sub>1 | a\<^sub>2 | a\<^sub>3
   29.90  
   29.91 -notation (output) a\<^isub>1  ("a\<^isub>1")
   29.92 -notation (output) a\<^isub>2  ("a\<^isub>2")
   29.93 -notation (output) a\<^isub>3  ("a\<^isub>3")
   29.94 +notation (output) a\<^sub>1  ("a\<^sub>1")
   29.95 +notation (output) a\<^sub>2  ("a\<^sub>2")
   29.96 +notation (output) a\<^sub>3  ("a\<^sub>3")
   29.97  
   29.98  lemma UNIV_finite_3:
   29.99 -  "UNIV = {a\<^isub>1, a\<^isub>2, a\<^isub>3}"
  29.100 +  "UNIV = {a\<^sub>1, a\<^sub>2, a\<^sub>3}"
  29.101    by (auto intro: finite_3.exhaust)
  29.102  
  29.103  instantiation finite_3 :: enum
  29.104  begin
  29.105  
  29.106  definition
  29.107 -  "enum = [a\<^isub>1, a\<^isub>2, a\<^isub>3]"
  29.108 +  "enum = [a\<^sub>1, a\<^sub>2, a\<^sub>3]"
  29.109  
  29.110  definition
  29.111 -  "enum_all P \<longleftrightarrow> P a\<^isub>1 \<and> P a\<^isub>2 \<and> P a\<^isub>3"
  29.112 +  "enum_all P \<longleftrightarrow> P a\<^sub>1 \<and> P a\<^sub>2 \<and> P a\<^sub>3"
  29.113  
  29.114  definition
  29.115 -  "enum_ex P \<longleftrightarrow> P a\<^isub>1 \<or> P a\<^isub>2 \<or> P a\<^isub>3"
  29.116 +  "enum_ex P \<longleftrightarrow> P a\<^sub>1 \<or> P a\<^sub>2 \<or> P a\<^sub>3"
  29.117  
  29.118  instance proof
  29.119  qed (simp_all only: enum_finite_3_def enum_all_finite_3_def enum_ex_finite_3_def UNIV_finite_3, simp_all)
  29.120 @@ -563,7 +563,7 @@
  29.121  
  29.122  definition less_finite_3 :: "finite_3 \<Rightarrow> finite_3 \<Rightarrow> bool"
  29.123  where
  29.124 -  "x < y = (case x of a\<^isub>1 \<Rightarrow> y \<noteq> a\<^isub>1 | a\<^isub>2 \<Rightarrow> y = a\<^isub>3 | a\<^isub>3 \<Rightarrow> False)"
  29.125 +  "x < y = (case x of a\<^sub>1 \<Rightarrow> y \<noteq> a\<^sub>1 | a\<^sub>2 \<Rightarrow> y = a\<^sub>3 | a\<^sub>3 \<Rightarrow> False)"
  29.126  
  29.127  definition less_eq_finite_3 :: "finite_3 \<Rightarrow> finite_3 \<Rightarrow> bool"
  29.128  where
  29.129 @@ -574,69 +574,69 @@
  29.130  
  29.131  end
  29.132  
  29.133 -hide_const (open) a\<^isub>1 a\<^isub>2 a\<^isub>3
  29.134 +hide_const (open) a\<^sub>1 a\<^sub>2 a\<^sub>3
  29.135  
  29.136 -datatype finite_4 = a\<^isub>1 | a\<^isub>2 | a\<^isub>3 | a\<^isub>4
  29.137 +datatype finite_4 = a\<^sub>1 | a\<^sub>2 | a\<^sub>3 | a\<^sub>4
  29.138  
  29.139 -notation (output) a\<^isub>1  ("a\<^isub>1")
  29.140 -notation (output) a\<^isub>2  ("a\<^isub>2")
  29.141 -notation (output) a\<^isub>3  ("a\<^isub>3")
  29.142 -notation (output) a\<^isub>4  ("a\<^isub>4")
  29.143 +notation (output) a\<^sub>1  ("a\<^sub>1")
  29.144 +notation (output) a\<^sub>2  ("a\<^sub>2")
  29.145 +notation (output) a\<^sub>3  ("a\<^sub>3")
  29.146 +notation (output) a\<^sub>4  ("a\<^sub>4")
  29.147  
  29.148  lemma UNIV_finite_4:
  29.149 -  "UNIV = {a\<^isub>1, a\<^isub>2, a\<^isub>3, a\<^isub>4}"
  29.150 +  "UNIV = {a\<^sub>1, a\<^sub>2, a\<^sub>3, a\<^sub>4}"
  29.151    by (auto intro: finite_4.exhaust)
  29.152  
  29.153  instantiation finite_4 :: enum
  29.154  begin
  29.155  
  29.156  definition
  29.157 -  "enum = [a\<^isub>1, a\<^isub>2, a\<^isub>3, a\<^isub>4]"
  29.158 +  "enum = [a\<^sub>1, a\<^sub>2, a\<^sub>3, a\<^sub>4]"
  29.159  
  29.160  definition
  29.161 -  "enum_all P \<longleftrightarrow> P a\<^isub>1 \<and> P a\<^isub>2 \<and> P a\<^isub>3 \<and> P a\<^isub>4"
  29.162 +  "enum_all P \<longleftrightarrow> P a\<^sub>1 \<and> P a\<^sub>2 \<and> P a\<^sub>3 \<and> P a\<^sub>4"
  29.163  
  29.164  definition
  29.165 -  "enum_ex P \<longleftrightarrow> P a\<^isub>1 \<or> P a\<^isub>2 \<or> P a\<^isub>3 \<or> P a\<^isub>4"
  29.166 +  "enum_ex P \<longleftrightarrow> P a\<^sub>1 \<or> P a\<^sub>2 \<or> P a\<^sub>3 \<or> P a\<^sub>4"
  29.167  
  29.168  instance proof
  29.169  qed (simp_all only: enum_finite_4_def enum_all_finite_4_def enum_ex_finite_4_def UNIV_finite_4, simp_all)
  29.170  
  29.171  end
  29.172  
  29.173 -hide_const (open) a\<^isub>1 a\<^isub>2 a\<^isub>3 a\<^isub>4
  29.174 +hide_const (open) a\<^sub>1 a\<^sub>2 a\<^sub>3 a\<^sub>4
  29.175  
  29.176  
  29.177 -datatype finite_5 = a\<^isub>1 | a\<^isub>2 | a\<^isub>3 | a\<^isub>4 | a\<^isub>5
  29.178 +datatype finite_5 = a\<^sub>1 | a\<^sub>2 | a\<^sub>3 | a\<^sub>4 | a\<^sub>5
  29.179  
  29.180 -notation (output) a\<^isub>1  ("a\<^isub>1")
  29.181 -notation (output) a\<^isub>2  ("a\<^isub>2")
  29.182 -notation (output) a\<^isub>3  ("a\<^isub>3")
  29.183 -notation (output) a\<^isub>4  ("a\<^isub>4")
  29.184 -notation (output) a\<^isub>5  ("a\<^isub>5")
  29.185 +notation (output) a\<^sub>1  ("a\<^sub>1")
  29.186 +notation (output) a\<^sub>2  ("a\<^sub>2")
  29.187 +notation (output) a\<^sub>3  ("a\<^sub>3")
  29.188 +notation (output) a\<^sub>4  ("a\<^sub>4")
  29.189 +notation (output) a\<^sub>5  ("a\<^sub>5")
  29.190  
  29.191  lemma UNIV_finite_5:
  29.192 -  "UNIV = {a\<^isub>1, a\<^isub>2, a\<^isub>3, a\<^isub>4, a\<^isub>5}"
  29.193 +  "UNIV = {a\<^sub>1, a\<^sub>2, a\<^sub>3, a\<^sub>4, a\<^sub>5}"
  29.194    by (auto intro: finite_5.exhaust)
  29.195  
  29.196  instantiation finite_5 :: enum
  29.197  begin
  29.198  
  29.199  definition
  29.200 -  "enum = [a\<^isub>1, a\<^isub>2, a\<^isub>3, a\<^isub>4, a\<^isub>5]"
  29.201 +  "enum = [a\<^sub>1, a\<^sub>2, a\<^sub>3, a\<^sub>4, a\<^sub>5]"
  29.202  
  29.203  definition
  29.204 -  "enum_all P \<longleftrightarrow> P a\<^isub>1 \<and> P a\<^isub>2 \<and> P a\<^isub>3 \<and> P a\<^isub>4 \<and> P a\<^isub>5"
  29.205 +  "enum_all P \<longleftrightarrow> P a\<^sub>1 \<and> P a\<^sub>2 \<and> P a\<^sub>3 \<and> P a\<^sub>4 \<and> P a\<^sub>5"
  29.206  
  29.207  definition
  29.208 -  "enum_ex P \<longleftrightarrow> P a\<^isub>1 \<or> P a\<^isub>2 \<or> P a\<^isub>3 \<or> P a\<^isub>4 \<or> P a\<^isub>5"
  29.209 +  "enum_ex P \<longleftrightarrow> P a\<^sub>1 \<or> P a\<^sub>2 \<or> P a\<^sub>3 \<or> P a\<^sub>4 \<or> P a\<^sub>5"
  29.210  
  29.211  instance proof
  29.212  qed (simp_all only: enum_finite_5_def enum_all_finite_5_def enum_ex_finite_5_def UNIV_finite_5, simp_all)
  29.213  
  29.214  end
  29.215  
  29.216 -hide_const (open) a\<^isub>1 a\<^isub>2 a\<^isub>3 a\<^isub>4 a\<^isub>5
  29.217 +hide_const (open) a\<^sub>1 a\<^sub>2 a\<^sub>3 a\<^sub>4 a\<^sub>5
  29.218  
  29.219  
  29.220  subsection {* Closing up *}
    30.1 --- a/src/HOL/Finite_Set.thy	Tue Aug 13 14:20:22 2013 +0200
    30.2 +++ b/src/HOL/Finite_Set.thy	Tue Aug 13 16:25:47 2013 +0200
    30.3 @@ -566,7 +566,7 @@
    30.4  subsection {* A basic fold functional for finite sets *}
    30.5  
    30.6  text {* The intended behaviour is
    30.7 -@{text "fold f z {x\<^isub>1, ..., x\<^isub>n} = f x\<^isub>1 (\<dots> (f x\<^isub>n z)\<dots>)"}
    30.8 +@{text "fold f z {x\<^sub>1, ..., x\<^sub>n} = f x\<^sub>1 (\<dots> (f x\<^sub>n z)\<dots>)"}
    30.9  if @{text f} is ``left-commutative'':
   30.10  *}
   30.11  
    31.1 --- a/src/HOL/IMP/ACom.thy	Tue Aug 13 14:20:22 2013 +0200
    31.2 +++ b/src/HOL/IMP/ACom.thy	Tue Aug 13 16:25:47 2013 +0200
    31.3 @@ -19,9 +19,9 @@
    31.4  fun strip :: "'a acom \<Rightarrow> com" where
    31.5  "strip (SKIP {P}) = com.SKIP" |
    31.6  "strip (x ::= e {P}) = x ::= e" |
    31.7 -"strip (C\<^isub>1;;C\<^isub>2) = strip C\<^isub>1;; strip C\<^isub>2" |
    31.8 -"strip (IF b THEN {P\<^isub>1} C\<^isub>1 ELSE {P\<^isub>2} C\<^isub>2 {P}) =
    31.9 -  IF b THEN strip C\<^isub>1 ELSE strip C\<^isub>2" |
   31.10 +"strip (C\<^sub>1;;C\<^sub>2) = strip C\<^sub>1;; strip C\<^sub>2" |
   31.11 +"strip (IF b THEN {P\<^sub>1} C\<^sub>1 ELSE {P\<^sub>2} C\<^sub>2 {P}) =
   31.12 +  IF b THEN strip C\<^sub>1 ELSE strip C\<^sub>2" |
   31.13  "strip ({I} WHILE b DO {P} C {Q}) = WHILE b DO strip C"
   31.14  text_raw{*}%endsnip*}
   31.15  
   31.16 @@ -29,8 +29,8 @@
   31.17  fun asize :: "com \<Rightarrow> nat" where
   31.18  "asize com.SKIP = 1" |
   31.19  "asize (x ::= e) = 1" |
   31.20 -"asize (C\<^isub>1;;C\<^isub>2) = asize C\<^isub>1 + asize C\<^isub>2" |
   31.21 -"asize (IF b THEN C\<^isub>1 ELSE C\<^isub>2) = asize C\<^isub>1 + asize C\<^isub>2 + 3" |
   31.22 +"asize (C\<^sub>1;;C\<^sub>2) = asize C\<^sub>1 + asize C\<^sub>2" |
   31.23 +"asize (IF b THEN C\<^sub>1 ELSE C\<^sub>2) = asize C\<^sub>1 + asize C\<^sub>2 + 3" |
   31.24  "asize (WHILE b DO C) = asize C + 3"
   31.25  text_raw{*}%endsnip*}
   31.26  
   31.27 @@ -41,11 +41,11 @@
   31.28  fun annotate :: "(nat \<Rightarrow> 'a) \<Rightarrow> com \<Rightarrow> 'a acom" where
   31.29  "annotate f com.SKIP = SKIP {f 0}" |
   31.30  "annotate f (x ::= e) = x ::= e {f 0}" |
   31.31 -"annotate f (c\<^isub>1;;c\<^isub>2) = annotate f c\<^isub>1;; annotate (shift f (asize c\<^isub>1)) c\<^isub>2" |
   31.32 -"annotate f (IF b THEN c\<^isub>1 ELSE c\<^isub>2) =
   31.33 -  IF b THEN {f 0} annotate (shift f 1) c\<^isub>1
   31.34 -  ELSE {f(asize c\<^isub>1 + 1)} annotate (shift f (asize c\<^isub>1 + 2)) c\<^isub>2
   31.35 -  {f(asize c\<^isub>1 + asize c\<^isub>2 + 2)}" |
   31.36 +"annotate f (c\<^sub>1;;c\<^sub>2) = annotate f c\<^sub>1;; annotate (shift f (asize c\<^sub>1)) c\<^sub>2" |
   31.37 +"annotate f (IF b THEN c\<^sub>1 ELSE c\<^sub>2) =
   31.38 +  IF b THEN {f 0} annotate (shift f 1) c\<^sub>1
   31.39 +  ELSE {f(asize c\<^sub>1 + 1)} annotate (shift f (asize c\<^sub>1 + 2)) c\<^sub>2
   31.40 +  {f(asize c\<^sub>1 + asize c\<^sub>2 + 2)}" |
   31.41  "annotate f (WHILE b DO c) =
   31.42    {f 0} WHILE b DO {f 1} annotate (shift f 2) c {f(asize c + 2)}"
   31.43  text_raw{*}%endsnip*}
   31.44 @@ -54,9 +54,9 @@
   31.45  fun annos :: "'a acom \<Rightarrow> 'a list" where
   31.46  "annos (SKIP {P}) = [P]" |
   31.47  "annos (x ::= e {P}) = [P]" |
   31.48 -"annos (C\<^isub>1;;C\<^isub>2) = annos C\<^isub>1 @ annos C\<^isub>2" |
   31.49 -"annos (IF b THEN {P\<^isub>1} C\<^isub>1 ELSE {P\<^isub>2} C\<^isub>2 {Q}) =
   31.50 -  P\<^isub>1 # annos C\<^isub>1 @  P\<^isub>2 # annos C\<^isub>2 @ [Q]" |
   31.51 +"annos (C\<^sub>1;;C\<^sub>2) = annos C\<^sub>1 @ annos C\<^sub>2" |
   31.52 +"annos (IF b THEN {P\<^sub>1} C\<^sub>1 ELSE {P\<^sub>2} C\<^sub>2 {Q}) =
   31.53 +  P\<^sub>1 # annos C\<^sub>1 @  P\<^sub>2 # annos C\<^sub>2 @ [Q]" |
   31.54  "annos ({I} WHILE b DO {P} C {Q}) = I # P # annos C @ [Q]"
   31.55  text_raw{*}%endsnip*}
   31.56  
   31.57 @@ -70,9 +70,9 @@
   31.58  fun map_acom :: "('a \<Rightarrow> 'b) \<Rightarrow> 'a acom \<Rightarrow> 'b acom" where
   31.59  "map_acom f (SKIP {P}) = SKIP {f P}" |
   31.60  "map_acom f (x ::= e {P}) = x ::= e {f P}" |
   31.61 -"map_acom f (C\<^isub>1;;C\<^isub>2) = map_acom f C\<^isub>1;; map_acom f C\<^isub>2" |
   31.62 -"map_acom f (IF b THEN {P\<^isub>1} C\<^isub>1 ELSE {P\<^isub>2} C\<^isub>2 {Q}) =
   31.63 -  IF b THEN {f P\<^isub>1} map_acom f C\<^isub>1 ELSE {f P\<^isub>2} map_acom f C\<^isub>2
   31.64 +"map_acom f (C\<^sub>1;;C\<^sub>2) = map_acom f C\<^sub>1;; map_acom f C\<^sub>2" |
   31.65 +"map_acom f (IF b THEN {P\<^sub>1} C\<^sub>1 ELSE {P\<^sub>2} C\<^sub>2 {Q}) =
   31.66 +  IF b THEN {f P\<^sub>1} map_acom f C\<^sub>1 ELSE {f P\<^sub>2} map_acom f C\<^sub>2
   31.67    {f Q}" |
   31.68  "map_acom f ({I} WHILE b DO {P} C {Q}) =
   31.69    {f I} WHILE b DO {f P} map_acom f C {f Q}"
    32.1 --- a/src/HOL/IMP/AExp.thy	Tue Aug 13 14:20:22 2013 +0200
    32.2 +++ b/src/HOL/IMP/AExp.thy	Tue Aug 13 16:25:47 2013 +0200
    32.3 @@ -16,7 +16,7 @@
    32.4  fun aval :: "aexp \<Rightarrow> state \<Rightarrow> val" where
    32.5  "aval (N n) s = n" |
    32.6  "aval (V x) s = s x" |
    32.7 -"aval (Plus a\<^isub>1 a\<^isub>2) s = aval a\<^isub>1 s + aval a\<^isub>2 s"
    32.8 +"aval (Plus a\<^sub>1 a\<^sub>2) s = aval a\<^sub>1 s + aval a\<^sub>2 s"
    32.9  text_raw{*}%endsnip*}
   32.10  
   32.11  
   32.12 @@ -48,7 +48,7 @@
   32.13  value "aval (Plus (V ''x'') (N 5)) <''y'' := 7>"
   32.14  
   32.15  text{* Note that this @{text"<\<dots>>"} syntax works for any function space
   32.16 -@{text"\<tau>\<^isub>1 \<Rightarrow> \<tau>\<^isub>2"} where @{text "\<tau>\<^isub>2"} has a @{text 0}. *}
   32.17 +@{text"\<tau>\<^sub>1 \<Rightarrow> \<tau>\<^sub>2"} where @{text "\<tau>\<^sub>2"} has a @{text 0}. *}
   32.18  
   32.19  
   32.20  subsection "Constant Folding"
   32.21 @@ -59,10 +59,10 @@
   32.22  fun asimp_const :: "aexp \<Rightarrow> aexp" where
   32.23  "asimp_const (N n) = N n" |
   32.24  "asimp_const (V x) = V x" |
   32.25 -"asimp_const (Plus a\<^isub>1 a\<^isub>2) =
   32.26 -  (case (asimp_const a\<^isub>1, asimp_const a\<^isub>2) of
   32.27 -    (N n\<^isub>1, N n\<^isub>2) \<Rightarrow> N(n\<^isub>1+n\<^isub>2) |
   32.28 -    (b\<^isub>1,b\<^isub>2) \<Rightarrow> Plus b\<^isub>1 b\<^isub>2)"
   32.29 +"asimp_const (Plus a\<^sub>1 a\<^sub>2) =
   32.30 +  (case (asimp_const a\<^sub>1, asimp_const a\<^sub>2) of
   32.31 +    (N n\<^sub>1, N n\<^sub>2) \<Rightarrow> N(n\<^sub>1+n\<^sub>2) |
   32.32 +    (b\<^sub>1,b\<^sub>2) \<Rightarrow> Plus b\<^sub>1 b\<^sub>2)"
   32.33  text_raw{*}%endsnip*}
   32.34  
   32.35  theorem aval_asimp_const:
   32.36 @@ -76,10 +76,10 @@
   32.37  
   32.38  text_raw{*\snip{AExpplusdef}{0}{2}{% *}
   32.39  fun plus :: "aexp \<Rightarrow> aexp \<Rightarrow> aexp" where
   32.40 -"plus (N i\<^isub>1) (N i\<^isub>2) = N(i\<^isub>1+i\<^isub>2)" |
   32.41 +"plus (N i\<^sub>1) (N i\<^sub>2) = N(i\<^sub>1+i\<^sub>2)" |
   32.42  "plus (N i) a = (if i=0 then a else Plus (N i) a)" |
   32.43  "plus a (N i) = (if i=0 then a else Plus a (N i))" |
   32.44 -"plus a\<^isub>1 a\<^isub>2 = Plus a\<^isub>1 a\<^isub>2"
   32.45 +"plus a\<^sub>1 a\<^sub>2 = Plus a\<^sub>1 a\<^sub>2"
   32.46  text_raw{*}%endsnip*}
   32.47  
   32.48  lemma aval_plus[simp]:
   32.49 @@ -92,7 +92,7 @@
   32.50  fun asimp :: "aexp \<Rightarrow> aexp" where
   32.51  "asimp (N n) = N n" |
   32.52  "asimp (V x) = V x" |
   32.53 -"asimp (Plus a\<^isub>1 a\<^isub>2) = plus (asimp a\<^isub>1) (asimp a\<^isub>2)"
   32.54 +"asimp (Plus a\<^sub>1 a\<^sub>2) = plus (asimp a\<^sub>1) (asimp a\<^sub>2)"
   32.55  text_raw{*}%endsnip*}
   32.56  
   32.57  text{* Note that in @{const asimp_const} the optimized constructor was
    33.1 --- a/src/HOL/IMP/ASM.thy	Tue Aug 13 14:20:22 2013 +0200
    33.2 +++ b/src/HOL/IMP/ASM.thy	Tue Aug 13 16:25:47 2013 +0200
    33.3 @@ -47,7 +47,7 @@
    33.4  fun comp :: "aexp \<Rightarrow> instr list" where
    33.5  "comp (N n) = [LOADI n]" |
    33.6  "comp (V x) = [LOAD x]" |
    33.7 -"comp (Plus e\<^isub>1 e\<^isub>2) = comp e\<^isub>1 @ comp e\<^isub>2 @ [ADD]"
    33.8 +"comp (Plus e\<^sub>1 e\<^sub>2) = comp e\<^sub>1 @ comp e\<^sub>2 @ [ADD]"
    33.9  text_raw{*}%endsnip*}
   33.10  
   33.11  value "comp (Plus (Plus (V ''x'') (N 1)) (V ''z''))"
    34.1 --- a/src/HOL/IMP/Abs_Int0.thy	Tue Aug 13 14:20:22 2013 +0200
    34.2 +++ b/src/HOL/IMP/Abs_Int0.thy	Tue Aug 13 16:25:47 2013 +0200
    34.3 @@ -183,63 +183,63 @@
    34.4  "AI c = pfp (step' \<top>) (bot c)"
    34.5  
    34.6  
    34.7 -abbreviation \<gamma>\<^isub>s :: "'av st \<Rightarrow> state set"
    34.8 -where "\<gamma>\<^isub>s == \<gamma>_fun \<gamma>"
    34.9 +abbreviation \<gamma>\<^sub>s :: "'av st \<Rightarrow> state set"
   34.10 +where "\<gamma>\<^sub>s == \<gamma>_fun \<gamma>"
   34.11  
   34.12 -abbreviation \<gamma>\<^isub>o :: "'av st option \<Rightarrow> state set"
   34.13 -where "\<gamma>\<^isub>o == \<gamma>_option \<gamma>\<^isub>s"
   34.14 +abbreviation \<gamma>\<^sub>o :: "'av st option \<Rightarrow> state set"
   34.15 +where "\<gamma>\<^sub>o == \<gamma>_option \<gamma>\<^sub>s"
   34.16  
   34.17 -abbreviation \<gamma>\<^isub>c :: "'av st option acom \<Rightarrow> state set acom"
   34.18 -where "\<gamma>\<^isub>c == map_acom \<gamma>\<^isub>o"
   34.19 +abbreviation \<gamma>\<^sub>c :: "'av st option acom \<Rightarrow> state set acom"
   34.20 +where "\<gamma>\<^sub>c == map_acom \<gamma>\<^sub>o"
   34.21  
   34.22 -lemma gamma_s_Top[simp]: "\<gamma>\<^isub>s \<top> = UNIV"
   34.23 +lemma gamma_s_Top[simp]: "\<gamma>\<^sub>s \<top> = UNIV"
   34.24  by(simp add: top_fun_def \<gamma>_fun_def)
   34.25  
   34.26 -lemma gamma_o_Top[simp]: "\<gamma>\<^isub>o \<top> = UNIV"
   34.27 +lemma gamma_o_Top[simp]: "\<gamma>\<^sub>o \<top> = UNIV"
   34.28  by (simp add: top_option_def)
   34.29  
   34.30 -lemma mono_gamma_s: "f1 \<le> f2 \<Longrightarrow> \<gamma>\<^isub>s f1 \<subseteq> \<gamma>\<^isub>s f2"
   34.31 +lemma mono_gamma_s: "f1 \<le> f2 \<Longrightarrow> \<gamma>\<^sub>s f1 \<subseteq> \<gamma>\<^sub>s f2"
   34.32  by(auto simp: le_fun_def \<gamma>_fun_def dest: mono_gamma)
   34.33  
   34.34  lemma mono_gamma_o:
   34.35 -  "S1 \<le> S2 \<Longrightarrow> \<gamma>\<^isub>o S1 \<subseteq> \<gamma>\<^isub>o S2"
   34.36 +  "S1 \<le> S2 \<Longrightarrow> \<gamma>\<^sub>o S1 \<subseteq> \<gamma>\<^sub>o S2"
   34.37  by(induction S1 S2 rule: less_eq_option.induct)(simp_all add: mono_gamma_s)
   34.38  
   34.39 -lemma mono_gamma_c: "C1 \<le> C2 \<Longrightarrow> \<gamma>\<^isub>c C1 \<le> \<gamma>\<^isub>c C2"
   34.40 +lemma mono_gamma_c: "C1 \<le> C2 \<Longrightarrow> \<gamma>\<^sub>c C1 \<le> \<gamma>\<^sub>c C2"
   34.41  by (simp add: less_eq_acom_def mono_gamma_o size_annos anno_map_acom size_annos_same[of C1 C2])
   34.42  
   34.43  text{* Correctness: *}
   34.44  
   34.45 -lemma aval'_correct: "s : \<gamma>\<^isub>s S \<Longrightarrow> aval a s : \<gamma>(aval' a S)"
   34.46 +lemma aval'_correct: "s : \<gamma>\<^sub>s S \<Longrightarrow> aval a s : \<gamma>(aval' a S)"
   34.47  by (induct a) (auto simp: gamma_num' gamma_plus' \<gamma>_fun_def)
   34.48  
   34.49 -lemma in_gamma_update: "\<lbrakk> s : \<gamma>\<^isub>s S; i : \<gamma> a \<rbrakk> \<Longrightarrow> s(x := i) : \<gamma>\<^isub>s(S(x := a))"
   34.50 +lemma in_gamma_update: "\<lbrakk> s : \<gamma>\<^sub>s S; i : \<gamma> a \<rbrakk> \<Longrightarrow> s(x := i) : \<gamma>\<^sub>s(S(x := a))"
   34.51  by(simp add: \<gamma>_fun_def)
   34.52  
   34.53  lemma gamma_Step_subcomm:
   34.54 -  assumes "!!x e S. f1 x e (\<gamma>\<^isub>o S) \<subseteq> \<gamma>\<^isub>o (f2 x e S)"  "!!b S. g1 b (\<gamma>\<^isub>o S) \<subseteq> \<gamma>\<^isub>o (g2 b S)"
   34.55 -  shows "Step f1 g1 (\<gamma>\<^isub>o S) (\<gamma>\<^isub>c C) \<le> \<gamma>\<^isub>c (Step f2 g2 S C)"
   34.56 +  assumes "!!x e S. f1 x e (\<gamma>\<^sub>o S) \<subseteq> \<gamma>\<^sub>o (f2 x e S)"  "!!b S. g1 b (\<gamma>\<^sub>o S) \<subseteq> \<gamma>\<^sub>o (g2 b S)"
   34.57 +  shows "Step f1 g1 (\<gamma>\<^sub>o S) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c (Step f2 g2 S C)"
   34.58  proof(induction C arbitrary: S)
   34.59  qed  (auto simp: mono_gamma_o assms)
   34.60  
   34.61 -lemma step_step': "step (\<gamma>\<^isub>o S) (\<gamma>\<^isub>c C) \<le> \<gamma>\<^isub>c (step' S C)"
   34.62 +lemma step_step': "step (\<gamma>\<^sub>o S) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c (step' S C)"
   34.63  unfolding step_def step'_def
   34.64  by(rule gamma_Step_subcomm)
   34.65    (auto simp: aval'_correct in_gamma_update asem_def split: option.splits)
   34.66  
   34.67 -lemma AI_correct: "AI c = Some C \<Longrightarrow> CS c \<le> \<gamma>\<^isub>c C"
   34.68 +lemma AI_correct: "AI c = Some C \<Longrightarrow> CS c \<le> \<gamma>\<^sub>c C"
   34.69  proof(simp add: CS_def AI_def)
   34.70    assume 1: "pfp (step' \<top>) (bot c) = Some C"
   34.71    have pfp': "step' \<top> C \<le> C" by(rule pfp_pfp[OF 1])
   34.72 -  have 2: "step (\<gamma>\<^isub>o \<top>) (\<gamma>\<^isub>c C) \<le> \<gamma>\<^isub>c C"  --"transfer the pfp'"
   34.73 +  have 2: "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c C"  --"transfer the pfp'"
   34.74    proof(rule order_trans)
   34.75 -    show "step (\<gamma>\<^isub>o \<top>) (\<gamma>\<^isub>c C) \<le> \<gamma>\<^isub>c (step' \<top> C)" by(rule step_step')
   34.76 -    show "... \<le> \<gamma>\<^isub>c C" by (metis mono_gamma_c[OF pfp'])
   34.77 +    show "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c (step' \<top> C)" by(rule step_step')
   34.78 +    show "... \<le> \<gamma>\<^sub>c C" by (metis mono_gamma_c[OF pfp'])
   34.79    qed
   34.80 -  have 3: "strip (\<gamma>\<^isub>c C) = c" by(simp add: strip_pfp[OF _ 1] step'_def)
   34.81 -  have "lfp c (step (\<gamma>\<^isub>o \<top>)) \<le> \<gamma>\<^isub>c C"
   34.82 -    by(rule lfp_lowerbound[simplified,where f="step (\<gamma>\<^isub>o \<top>)", OF 3 2])
   34.83 -  thus "lfp c (step UNIV) \<le> \<gamma>\<^isub>c C" by simp
   34.84 +  have 3: "strip (\<gamma>\<^sub>c C) = c" by(simp add: strip_pfp[OF _ 1] step'_def)
   34.85 +  have "lfp c (step (\<gamma>\<^sub>o \<top>)) \<le> \<gamma>\<^sub>c C"
   34.86 +    by(rule lfp_lowerbound[simplified,where f="step (\<gamma>\<^sub>o \<top>)", OF 3 2])
   34.87 +  thus "lfp c (step UNIV) \<le> \<gamma>\<^sub>c C" by simp
   34.88  qed
   34.89  
   34.90  end
   34.91 @@ -314,20 +314,20 @@
   34.92  assumes h: "m x \<le> h"
   34.93  begin
   34.94  
   34.95 -definition m_s :: "'av st \<Rightarrow> vname set \<Rightarrow> nat" ("m\<^isub>s") where
   34.96 +definition m_s :: "'av st \<Rightarrow> vname set \<Rightarrow> nat" ("m\<^sub>s") where
   34.97  "m_s S X = (\<Sum> x \<in> X. m(S x))"
   34.98  
   34.99  lemma m_s_h: "finite X \<Longrightarrow> m_s S X \<le> h * card X"
  34.100  by(simp add: m_s_def) (metis nat_mult_commute of_nat_id setsum_bounded[OF h])
  34.101  
  34.102 -fun m_o :: "'av st option \<Rightarrow> vname set \<Rightarrow> nat" ("m\<^isub>o") where
  34.103 +fun m_o :: "'av st option \<Rightarrow> vname set \<Rightarrow> nat" ("m\<^sub>o") where
  34.104  "m_o (Some S) X = m_s S X" |
  34.105  "m_o None X = h * card X + 1"
  34.106  
  34.107  lemma m_o_h: "finite X \<Longrightarrow> m_o opt X \<le> (h*card X + 1)"
  34.108  by(cases opt)(auto simp add: m_s_h le_SucI dest: m_s_h)
  34.109  
  34.110 -definition m_c :: "'av st option acom \<Rightarrow> nat" ("m\<^isub>c") where
  34.111 +definition m_c :: "'av st option acom \<Rightarrow> nat" ("m\<^sub>c") where
  34.112  "m_c C = listsum (map (\<lambda>a. m_o a (vars C)) (annos C))"
  34.113  
  34.114  text{* Upper complexity bound: *}
  34.115 @@ -356,14 +356,14 @@
  34.116  the finitely many variables in the program change. That the others do not change
  34.117  follows because they remain @{term \<top>}. *}
  34.118  
  34.119 -fun top_on_st :: "'av st \<Rightarrow> vname set \<Rightarrow> bool" ("top'_on\<^isub>s") where
  34.120 +fun top_on_st :: "'av st \<Rightarrow> vname set \<Rightarrow> bool" ("top'_on\<^sub>s") where
  34.121  "top_on_st S X = (\<forall>x\<in>X. S x = \<top>)"
  34.122  
  34.123 -fun top_on_opt :: "'av st option \<Rightarrow> vname set \<Rightarrow> bool" ("top'_on\<^isub>o") where
  34.124 +fun top_on_opt :: "'av st option \<Rightarrow> vname set \<Rightarrow> bool" ("top'_on\<^sub>o") where
  34.125  "top_on_opt (Some S) X = top_on_st S X" |
  34.126  "top_on_opt None X = True"
  34.127  
  34.128 -definition top_on_acom :: "'av st option acom \<Rightarrow> vname set \<Rightarrow> bool" ("top'_on\<^isub>c") where
  34.129 +definition top_on_acom :: "'av st option acom \<Rightarrow> vname set \<Rightarrow> bool" ("top'_on\<^sub>c") where
  34.130  "top_on_acom C X = (\<forall>a \<in> set(annos C). top_on_opt a X)"
  34.131  
  34.132  lemma top_on_top: "top_on_opt \<top> X"
    35.1 --- a/src/HOL/IMP/Abs_Int1.thy	Tue Aug 13 14:20:22 2013 +0200
    35.2 +++ b/src/HOL/IMP/Abs_Int1.thy	Tue Aug 13 16:25:47 2013 +0200
    35.3 @@ -16,17 +16,17 @@
    35.4  "aval' (V x) S = fun S x" |
    35.5  "aval' (Plus a1 a2) S = plus' (aval' a1 S) (aval' a2 S)"
    35.6  
    35.7 -lemma aval'_correct: "s : \<gamma>\<^isub>s S \<Longrightarrow> aval a s : \<gamma>(aval' a S)"
    35.8 +lemma aval'_correct: "s : \<gamma>\<^sub>s S \<Longrightarrow> aval a s : \<gamma>(aval' a S)"
    35.9  by (induction a) (auto simp: gamma_num' gamma_plus' \<gamma>_st_def)
   35.10  
   35.11  lemma gamma_Step_subcomm: fixes C1 C2 :: "'a::semilattice_sup acom"
   35.12 -  assumes "!!x e S. f1 x e (\<gamma>\<^isub>o S) \<subseteq> \<gamma>\<^isub>o (f2 x e S)"
   35.13 -          "!!b S. g1 b (\<gamma>\<^isub>o S) \<subseteq> \<gamma>\<^isub>o (g2 b S)"
   35.14 -  shows "Step f1 g1 (\<gamma>\<^isub>o S) (\<gamma>\<^isub>c C) \<le> \<gamma>\<^isub>c (Step f2 g2 S C)"
   35.15 +  assumes "!!x e S. f1 x e (\<gamma>\<^sub>o S) \<subseteq> \<gamma>\<^sub>o (f2 x e S)"
   35.16 +          "!!b S. g1 b (\<gamma>\<^sub>o S) \<subseteq> \<gamma>\<^sub>o (g2 b S)"
   35.17 +  shows "Step f1 g1 (\<gamma>\<^sub>o S) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c (Step f2 g2 S C)"
   35.18  proof(induction C arbitrary: S)
   35.19  qed (auto simp: assms intro!: mono_gamma_o sup_ge1 sup_ge2)
   35.20  
   35.21 -lemma in_gamma_update: "\<lbrakk> s : \<gamma>\<^isub>s S; i : \<gamma> a \<rbrakk> \<Longrightarrow> s(x := i) : \<gamma>\<^isub>s(update S x a)"
   35.22 +lemma in_gamma_update: "\<lbrakk> s : \<gamma>\<^sub>s S; i : \<gamma> a \<rbrakk> \<Longrightarrow> s(x := i) : \<gamma>\<^sub>s(update S x a)"
   35.23  by(simp add: \<gamma>_st_def)
   35.24  
   35.25  end
   35.26 @@ -50,24 +50,24 @@
   35.27  
   35.28  text{* Correctness: *}
   35.29  
   35.30 -lemma step_step': "step (\<gamma>\<^isub>o S) (\<gamma>\<^isub>c C) \<le> \<gamma>\<^isub>c (step' S C)"
   35.31 +lemma step_step': "step (\<gamma>\<^sub>o S) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c (step' S C)"
   35.32  unfolding step_def step'_def
   35.33  by(rule gamma_Step_subcomm)
   35.34    (auto simp: intro!: aval'_correct in_gamma_update split: option.splits)
   35.35  
   35.36 -lemma AI_correct: "AI c = Some C \<Longrightarrow> CS c \<le> \<gamma>\<^isub>c C"
   35.37 +lemma AI_correct: "AI c = Some C \<Longrightarrow> CS c \<le> \<gamma>\<^sub>c C"
   35.38  proof(simp add: CS_def AI_def)
   35.39    assume 1: "pfp (step' \<top>) (bot c) = Some C"
   35.40    have pfp': "step' \<top> C \<le> C" by(rule pfp_pfp[OF 1])
   35.41 -  have 2: "step (\<gamma>\<^isub>o \<top>) (\<gamma>\<^isub>c C) \<le> \<gamma>\<^isub>c C"  --"transfer the pfp'"
   35.42 +  have 2: "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c C"  --"transfer the pfp'"
   35.43    proof(rule order_trans)
   35.44 -    show "step (\<gamma>\<^isub>o \<top>) (\<gamma>\<^isub>c C) \<le> \<gamma>\<^isub>c (step' \<top> C)" by(rule step_step')
   35.45 -    show "... \<le> \<gamma>\<^isub>c C" by (metis mono_gamma_c[OF pfp'])
   35.46 +    show "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c (step' \<top> C)" by(rule step_step')
   35.47 +    show "... \<le> \<gamma>\<^sub>c C" by (metis mono_gamma_c[OF pfp'])
   35.48    qed
   35.49 -  have 3: "strip (\<gamma>\<^isub>c C) = c" by(simp add: strip_pfp[OF _ 1] step'_def)
   35.50 -  have "lfp c (step (\<gamma>\<^isub>o \<top>)) \<le> \<gamma>\<^isub>c C"
   35.51 -    by(rule lfp_lowerbound[simplified,where f="step (\<gamma>\<^isub>o \<top>)", OF 3 2])
   35.52 -  thus "lfp c (step UNIV) \<le> \<gamma>\<^isub>c C" by simp
   35.53 +  have 3: "strip (\<gamma>\<^sub>c C) = c" by(simp add: strip_pfp[OF _ 1] step'_def)
   35.54 +  have "lfp c (step (\<gamma>\<^sub>o \<top>)) \<le> \<gamma>\<^sub>c C"
   35.55 +    by(rule lfp_lowerbound[simplified,where f="step (\<gamma>\<^sub>o \<top>)", OF 3 2])
   35.56 +  thus "lfp c (step UNIV) \<le> \<gamma>\<^sub>c C" by simp
   35.57  qed
   35.58  
   35.59  end
   35.60 @@ -105,19 +105,19 @@
   35.61  assumes h: "m x \<le> h"
   35.62  begin
   35.63  
   35.64 -definition m_s :: "'av st \<Rightarrow> vname set \<Rightarrow> nat" ("m\<^isub>s") where
   35.65 +definition m_s :: "'av st \<Rightarrow> vname set \<Rightarrow> nat" ("m\<^sub>s") where
   35.66  "m_s S X = (\<Sum> x \<in> X. m(fun S x))"
   35.67  
   35.68  lemma m_s_h: "finite X \<Longrightarrow> m_s S X \<le> h * card X"
   35.69  by(simp add: m_s_def) (metis nat_mult_commute of_nat_id setsum_bounded[OF h])
   35.70  
   35.71 -definition m_o :: "'av st option \<Rightarrow> vname set \<Rightarrow> nat" ("m\<^isub>o") where
   35.72 +definition m_o :: "'av st option \<Rightarrow> vname set \<Rightarrow> nat" ("m\<^sub>o") where
   35.73  "m_o opt X = (case opt of None \<Rightarrow> h * card X + 1 | Some S \<Rightarrow> m_s S X)"
   35.74  
   35.75  lemma m_o_h: "finite X \<Longrightarrow> m_o opt X \<le> (h*card X + 1)"
   35.76  by(auto simp add: m_o_def m_s_h le_SucI split: option.split dest:m_s_h)
   35.77  
   35.78 -definition m_c :: "'av st option acom \<Rightarrow> nat" ("m\<^isub>c") where
   35.79 +definition m_c :: "'av st option acom \<Rightarrow> nat" ("m\<^sub>c") where
   35.80  "m_c C = listsum (map (\<lambda>a. m_o a (vars C)) (annos C))"
   35.81  
   35.82  text{* Upper complexity bound: *}
   35.83 @@ -134,14 +134,14 @@
   35.84  
   35.85  end
   35.86  
   35.87 -fun top_on_st :: "'a::order_top st \<Rightarrow> vname set \<Rightarrow> bool" ("top'_on\<^isub>s") where
   35.88 +fun top_on_st :: "'a::order_top st \<Rightarrow> vname set \<Rightarrow> bool" ("top'_on\<^sub>s") where
   35.89  "top_on_st S X = (\<forall>x\<in>X. fun S x = \<top>)"
   35.90  
   35.91 -fun top_on_opt :: "'a::order_top st option \<Rightarrow> vname set \<Rightarrow> bool" ("top'_on\<^isub>o") where
   35.92 +fun top_on_opt :: "'a::order_top st option \<Rightarrow> vname set \<Rightarrow> bool" ("top'_on\<^sub>o") where
   35.93  "top_on_opt (Some S)  X = top_on_st S X" |
   35.94  "top_on_opt None X = True"
   35.95  
   35.96 -definition top_on_acom :: "'a::order_top st option acom \<Rightarrow> vname set \<Rightarrow> bool" ("top'_on\<^isub>c") where
   35.97 +definition top_on_acom :: "'a::order_top st option acom \<Rightarrow> vname set \<Rightarrow> bool" ("top'_on\<^sub>c") where
   35.98  "top_on_acom C X = (\<forall>a \<in> set(annos C). top_on_opt a X)"
   35.99  
  35.100  lemma top_on_top: "top_on_opt (\<top>::_ st option) X"
    36.1 --- a/src/HOL/IMP/Abs_Int2.thy	Tue Aug 13 14:20:22 2013 +0200
    36.2 +++ b/src/HOL/IMP/Abs_Int2.thy	Tue Aug 13 16:25:47 2013 +0200
    36.3 @@ -51,10 +51,10 @@
    36.4  and inv_plus' :: "'av \<Rightarrow> 'av \<Rightarrow> 'av \<Rightarrow> 'av * 'av"
    36.5  and inv_less' :: "bool \<Rightarrow> 'av \<Rightarrow> 'av \<Rightarrow> 'av * 'av"
    36.6  assumes test_num': "test_num' i a = (i : \<gamma> a)"
    36.7 -and inv_plus': "inv_plus' a a1 a2 = (a\<^isub>1',a\<^isub>2') \<Longrightarrow>
    36.8 -  i1 : \<gamma> a1 \<Longrightarrow> i2 : \<gamma> a2 \<Longrightarrow> i1+i2 : \<gamma> a \<Longrightarrow> i1 : \<gamma> a\<^isub>1' \<and> i2 : \<gamma> a\<^isub>2'"
    36.9 -and inv_less': "inv_less' (i1<i2) a1 a2 = (a\<^isub>1',a\<^isub>2') \<Longrightarrow>
   36.10 -  i1 : \<gamma> a1 \<Longrightarrow> i2 : \<gamma> a2 \<Longrightarrow> i1 : \<gamma> a\<^isub>1' \<and> i2 : \<gamma> a\<^isub>2'"
   36.11 +and inv_plus': "inv_plus' a a1 a2 = (a\<^sub>1',a\<^sub>2') \<Longrightarrow>
   36.12 +  i1 : \<gamma> a1 \<Longrightarrow> i2 : \<gamma> a2 \<Longrightarrow> i1+i2 : \<gamma> a \<Longrightarrow> i1 : \<gamma> a\<^sub>1' \<and> i2 : \<gamma> a\<^sub>2'"
   36.13 +and inv_less': "inv_less' (i1<i2) a1 a2 = (a\<^sub>1',a\<^sub>2') \<Longrightarrow>
   36.14 +  i1 : \<gamma> a1 \<Longrightarrow> i2 : \<gamma> a2 \<Longrightarrow> i1 : \<gamma> a\<^sub>1' \<and> i2 : \<gamma> a\<^sub>2'"
   36.15  
   36.16  
   36.17  locale Abs_Int_inv = Val_inv where \<gamma> = \<gamma>
   36.18 @@ -62,14 +62,14 @@
   36.19  begin
   36.20  
   36.21  lemma in_gamma_sup_UpI:
   36.22 -  "s : \<gamma>\<^isub>o S1 \<or> s : \<gamma>\<^isub>o S2 \<Longrightarrow> s : \<gamma>\<^isub>o(S1 \<squnion> S2)"
   36.23 +  "s : \<gamma>\<^sub>o S1 \<or> s : \<gamma>\<^sub>o S2 \<Longrightarrow> s : \<gamma>\<^sub>o(S1 \<squnion> S2)"
   36.24  by (metis (hide_lams, no_types) sup_ge1 sup_ge2 mono_gamma_o subsetD)
   36.25  
   36.26  fun aval'' :: "aexp \<Rightarrow> 'av st option \<Rightarrow> 'av" where
   36.27  "aval'' e None = \<bottom>" |
   36.28  "aval'' e (Some S) = aval' e S"
   36.29  
   36.30 -lemma aval''_correct: "s : \<gamma>\<^isub>o S \<Longrightarrow> aval a s : \<gamma>(aval'' a S)"
   36.31 +lemma aval''_correct: "s : \<gamma>\<^sub>o S \<Longrightarrow> aval a s : \<gamma>(aval'' a S)"
   36.32  by(cases S)(auto simp add: aval'_correct split: option.splits)
   36.33  
   36.34  subsubsection "Backward analysis"
   36.35 @@ -103,12 +103,12 @@
   36.36    (let (a1,a2) = inv_less' res (aval'' e1 S) (aval'' e2 S)
   36.37     in inv_aval'' e1 a1 (inv_aval'' e2 a2 S))"
   36.38  
   36.39 -lemma inv_aval''_correct: "s : \<gamma>\<^isub>o S \<Longrightarrow> aval e s : \<gamma> a \<Longrightarrow> s : \<gamma>\<^isub>o (inv_aval'' e a S)"
   36.40 +lemma inv_aval''_correct: "s : \<gamma>\<^sub>o S \<Longrightarrow> aval e s : \<gamma> a \<Longrightarrow> s : \<gamma>\<^sub>o (inv_aval'' e a S)"
   36.41  proof(induction e arbitrary: a S)
   36.42    case N thus ?case by simp (metis test_num')
   36.43  next
   36.44    case (V x)
   36.45 -  obtain S' where "S = Some S'" and "s : \<gamma>\<^isub>s S'" using `s : \<gamma>\<^isub>o S`
   36.46 +  obtain S' where "S = Some S'" and "s : \<gamma>\<^sub>s S'" using `s : \<gamma>\<^sub>o S`
   36.47      by(auto simp: in_gamma_option_iff)
   36.48    moreover hence "s x : \<gamma> (fun S' x)"
   36.49      by(simp add: \<gamma>_st_def)
   36.50 @@ -122,7 +122,7 @@
   36.51      by (auto split: prod.split)
   36.52  qed
   36.53  
   36.54 -lemma inv_bval''_correct: "s : \<gamma>\<^isub>o S \<Longrightarrow> bv = bval b s \<Longrightarrow> s : \<gamma>\<^isub>o(inv_bval'' b bv S)"
   36.55 +lemma inv_bval''_correct: "s : \<gamma>\<^sub>o S \<Longrightarrow> bv = bval b s \<Longrightarrow> s : \<gamma>\<^sub>o(inv_bval'' b bv S)"
   36.56  proof(induction b arbitrary: S bv)
   36.57    case Bc thus ?case by simp
   36.58  next
   36.59 @@ -159,24 +159,24 @@
   36.60  
   36.61  subsubsection "Correctness"
   36.62  
   36.63 -lemma step_step': "step (\<gamma>\<^isub>o S) (\<gamma>\<^isub>c C) \<le> \<gamma>\<^isub>c (step' S C)"
   36.64 +lemma step_step': "step (\<gamma>\<^sub>o S) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c (step' S C)"
   36.65  unfolding step_def step'_def
   36.66  by(rule gamma_Step_subcomm)
   36.67    (auto simp: intro!: aval'_correct inv_bval''_correct in_gamma_update split: option.splits)
   36.68  
   36.69 -lemma AI_correct: "AI c = Some C \<Longrightarrow> CS c \<le> \<gamma>\<^isub>c C"
   36.70 +lemma AI_correct: "AI c = Some C \<Longrightarrow> CS c \<le> \<gamma>\<^sub>c C"
   36.71  proof(simp add: CS_def AI_def)
   36.72    assume 1: "pfp (step' \<top>) (bot c) = Some C"
   36.73    have pfp': "step' \<top> C \<le> C" by(rule pfp_pfp[OF 1])
   36.74 -  have 2: "step (\<gamma>\<^isub>o \<top>) (\<gamma>\<^isub>c C) \<le> \<gamma>\<^isub>c C"  --"transfer the pfp'"
   36.75 +  have 2: "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c C"  --"transfer the pfp'"
   36.76    proof(rule order_trans)
   36.77 -    show "step (\<gamma>\<^isub>o \<top>) (\<gamma>\<^isub>c C) \<le> \<gamma>\<^isub>c (step' \<top> C)" by(rule step_step')
   36.78 -    show "... \<le> \<gamma>\<^isub>c C" by (metis mono_gamma_c[OF pfp'])
   36.79 +    show "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c (step' \<top> C)" by(rule step_step')
   36.80 +    show "... \<le> \<gamma>\<^sub>c C" by (metis mono_gamma_c[OF pfp'])
   36.81    qed
   36.82 -  have 3: "strip (\<gamma>\<^isub>c C) = c" by(simp add: strip_pfp[OF _ 1] step'_def)
   36.83 -  have "lfp c (step (\<gamma>\<^isub>o \<top>)) \<le> \<gamma>\<^isub>c C"
   36.84 -    by(rule lfp_lowerbound[simplified,where f="step (\<gamma>\<^isub>o \<top>)", OF 3 2])
   36.85 -  thus "lfp c (step UNIV) \<le> \<gamma>\<^isub>c C" by simp
   36.86 +  have 3: "strip (\<gamma>\<^sub>c C) = c" by(simp add: strip_pfp[OF _ 1] step'_def)
   36.87 +  have "lfp c (step (\<gamma>\<^sub>o \<top>)) \<le> \<gamma>\<^sub>c C"
   36.88 +    by(rule lfp_lowerbound[simplified,where f="step (\<gamma>\<^sub>o \<top>)", OF 3 2])
   36.89 +  thus "lfp c (step UNIV) \<le> \<gamma>\<^sub>c C" by simp
   36.90  qed
   36.91  
   36.92  end
    37.1 --- a/src/HOL/IMP/Abs_Int3.thy	Tue Aug 13 14:20:22 2013 +0200
    37.2 +++ b/src/HOL/IMP/Abs_Int3.thy	Tue Aug 13 16:25:47 2013 +0200
    37.3 @@ -240,22 +240,22 @@
    37.4  definition AI_wn :: "com \<Rightarrow> 'av st option acom option" where
    37.5  "AI_wn c = pfp_wn (step' \<top>) (bot c)"
    37.6  
    37.7 -lemma AI_wn_correct: "AI_wn c = Some C \<Longrightarrow> CS c \<le> \<gamma>\<^isub>c C"
    37.8 +lemma AI_wn_correct: "AI_wn c = Some C \<Longrightarrow> CS c \<le> \<gamma>\<^sub>c C"
    37.9  proof(simp add: CS_def AI_wn_def)
   37.10    assume 1: "pfp_wn (step' \<top>) (bot c) = Some C"
   37.11    have 2: "strip C = c \<and> step' \<top> C \<le> C"
   37.12      by(rule pfp_wn_pfp[where x="bot c"]) (simp_all add: 1 mono_step'_top)
   37.13 -  have pfp: "step (\<gamma>\<^isub>o \<top>) (\<gamma>\<^isub>c C) \<le> \<gamma>\<^isub>c C"
   37.14 +  have pfp: "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c C"
   37.15    proof(rule order_trans)
   37.16 -    show "step (\<gamma>\<^isub>o \<top>) (\<gamma>\<^isub>c C) \<le>  \<gamma>\<^isub>c (step' \<top> C)"
   37.17 +    show "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le>  \<gamma>\<^sub>c (step' \<top> C)"
   37.18        by(rule step_step')
   37.19 -    show "... \<le> \<gamma>\<^isub>c C"
   37.20 +    show "... \<le> \<gamma>\<^sub>c C"
   37.21        by(rule mono_gamma_c[OF conjunct2[OF 2]])
   37.22    qed
   37.23 -  have 3: "strip (\<gamma>\<^isub>c C) = c" by(simp add: strip_pfp_wn[OF _ 1])
   37.24 -  have "lfp c (step (\<gamma>\<^isub>o \<top>)) \<le> \<gamma>\<^isub>c C"
   37.25 -    by(rule lfp_lowerbound[simplified,where f="step (\<gamma>\<^isub>o \<top>)", OF 3 pfp])
   37.26 -  thus "lfp c (step UNIV) \<le> \<gamma>\<^isub>c C" by simp
   37.27 +  have 3: "strip (\<gamma>\<^sub>c C) = c" by(simp add: strip_pfp_wn[OF _ 1])
   37.28 +  have "lfp c (step (\<gamma>\<^sub>o \<top>)) \<le> \<gamma>\<^sub>c C"
   37.29 +    by(rule lfp_lowerbound[simplified,where f="step (\<gamma>\<^sub>o \<top>)", OF 3 pfp])
   37.30 +  thus "lfp c (step UNIV) \<le> \<gamma>\<^sub>c C" by simp
   37.31  qed
   37.32  
   37.33  end
   37.34 @@ -405,8 +405,8 @@
   37.35  done
   37.36  
   37.37  
   37.38 -definition n_s :: "'av st \<Rightarrow> vname set \<Rightarrow> nat" ("n\<^isub>s") where
   37.39 -"n\<^isub>s S X = (\<Sum>x\<in>X. n(fun S x))"
   37.40 +definition n_s :: "'av st \<Rightarrow> vname set \<Rightarrow> nat" ("n\<^sub>s") where
   37.41 +"n\<^sub>s S X = (\<Sum>x\<in>X. n(fun S x))"
   37.42  
   37.43  lemma n_s_narrow_rep:
   37.44  assumes "finite X"  "S1 = S2 on -X"  "\<forall>x. S2 x \<le> S1 x"  "\<forall>x. S1 x \<triangle> S2 x \<le> S1 x"
   37.45 @@ -423,25 +423,25 @@
   37.46  qed
   37.47  
   37.48  lemma n_s_narrow: "finite X \<Longrightarrow> fun S1 = fun S2 on -X \<Longrightarrow> S2 \<le> S1 \<Longrightarrow> S1 \<triangle> S2 < S1
   37.49 -  \<Longrightarrow> n\<^isub>s (S1 \<triangle> S2) X < n\<^isub>s S1 X"
   37.50 +  \<Longrightarrow> n\<^sub>s (S1 \<triangle> S2) X < n\<^sub>s S1 X"
   37.51  apply(auto simp add: less_st_def n_s_def)
   37.52  apply (transfer fixing: n)
   37.53  apply(auto simp add: less_eq_st_rep_iff eq_st_def fun_eq_iff n_s_narrow_rep)
   37.54  done
   37.55  
   37.56 -definition n_o :: "'av st option \<Rightarrow> vname set \<Rightarrow> nat" ("n\<^isub>o") where
   37.57 -"n\<^isub>o opt X = (case opt of None \<Rightarrow> 0 | Some S \<Rightarrow> n\<^isub>s S X + 1)"
   37.58 +definition n_o :: "'av st option \<Rightarrow> vname set \<Rightarrow> nat" ("n\<^sub>o") where
   37.59 +"n\<^sub>o opt X = (case opt of None \<Rightarrow> 0 | Some S \<Rightarrow> n\<^sub>s S X + 1)"
   37.60  
   37.61  lemma n_o_narrow:
   37.62    "top_on_opt S1 (-X) \<Longrightarrow> top_on_opt S2 (-X) \<Longrightarrow> finite X
   37.63 -  \<Longrightarrow> S2 \<le> S1 \<Longrightarrow> S1 \<triangle> S2 < S1 \<Longrightarrow> n\<^isub>o (S1 \<triangle> S2) X < n\<^isub>o S1 X"
   37.64 +  \<Longrightarrow> S2 \<le> S1 \<Longrightarrow> S1 \<triangle> S2 < S1 \<Longrightarrow> n\<^sub>o (S1 \<triangle> S2) X < n\<^sub>o S1 X"
   37.65  apply(induction S1 S2 rule: narrow_option.induct)
   37.66  apply(auto simp: n_o_def n_s_narrow)
   37.67  done
   37.68  
   37.69  
   37.70 -definition n_c :: "'av st option acom \<Rightarrow> nat" ("n\<^isub>c") where
   37.71 -"n\<^isub>c C = listsum (map (\<lambda>a. n\<^isub>o a (vars C)) (annos C))"
   37.72 +definition n_c :: "'av st option acom \<Rightarrow> nat" ("n\<^sub>c") where
   37.73 +"n\<^sub>c C = listsum (map (\<lambda>a. n\<^sub>o a (vars C)) (annos C))"
   37.74  
   37.75  lemma less_annos_iff: "(C1 < C2) = (C1 \<le> C2 \<and>
   37.76    (\<exists>i<length (annos C1). annos C1 ! i < annos C2 ! i))"
   37.77 @@ -449,7 +449,7 @@
   37.78  
   37.79  lemma n_c_narrow: "strip C1 = strip C2
   37.80    \<Longrightarrow> top_on_acom C1 (- vars C1) \<Longrightarrow> top_on_acom C2 (- vars C2)
   37.81 -  \<Longrightarrow> C2 \<le> C1 \<Longrightarrow> C1 \<triangle> C2 < C1 \<Longrightarrow> n\<^isub>c (C1 \<triangle> C2) < n\<^isub>c C1"
   37.82 +  \<Longrightarrow> C2 \<le> C1 \<Longrightarrow> C1 \<triangle> C2 < C1 \<Longrightarrow> n\<^sub>c (C1 \<triangle> C2) < n\<^sub>c C1"
   37.83  apply(auto simp: n_c_def narrow_acom_def listsum_setsum_nth)
   37.84  apply(subgoal_tac "length(annos C2) = length(annos C1)")
   37.85  prefer 2 apply (simp add: size_annos_same2)
    38.1 --- a/src/HOL/IMP/Abs_Int_Den/Abs_Int_den1.thy	Tue Aug 13 14:20:22 2013 +0200
    38.2 +++ b/src/HOL/IMP/Abs_Int_Den/Abs_Int_den1.thy	Tue Aug 13 16:25:47 2013 +0200
    38.3 @@ -102,7 +102,7 @@
    38.4  lemma in_rep_join_UpI: "s <:: S1 | s <:: S2 \<Longrightarrow> s <:: S1 \<squnion> S2"
    38.5  by (metis in_rep_up_trans SL_top_class.join_ge1 SL_top_class.join_ge2)
    38.6  
    38.7 -fun aval' :: "aexp \<Rightarrow> 'a astate up \<Rightarrow> 'a" ("aval\<^isup>#") where
    38.8 +fun aval' :: "aexp \<Rightarrow> 'a astate up \<Rightarrow> 'a" ("aval\<^sup>#") where
    38.9  "aval' _ bot = Bot" |
   38.10  "aval' (N n) _ = num' n" |
   38.11  "aval' (V x) (Up S) = lookup S x" |
    39.1 --- a/src/HOL/IMP/Abs_Int_ITP/Abs_Int0_ITP.thy	Tue Aug 13 14:20:22 2013 +0200
    39.2 +++ b/src/HOL/IMP/Abs_Int_ITP/Abs_Int0_ITP.thy	Tue Aug 13 16:25:47 2013 +0200
    39.3 @@ -203,26 +203,26 @@
    39.4  qed
    39.5  
    39.6  definition
    39.7 - lpfp\<^isub>c :: "(('a::SL_top)option acom \<Rightarrow> 'a option acom) \<Rightarrow> com \<Rightarrow> 'a option acom option" where
    39.8 -"lpfp\<^isub>c f c = pfp f (\<bottom>\<^sub>c c)"
    39.9 + lpfp\<^sub>c :: "(('a::SL_top)option acom \<Rightarrow> 'a option acom) \<Rightarrow> com \<Rightarrow> 'a option acom option" where
   39.10 +"lpfp\<^sub>c f c = pfp f (\<bottom>\<^sub>c c)"
   39.11  
   39.12 -lemma lpfpc_pfp: "lpfp\<^isub>c f c0 = Some c \<Longrightarrow> f c \<sqsubseteq> c"
   39.13 -by(simp add: pfp_pfp lpfp\<^isub>c_def)
   39.14 +lemma lpfpc_pfp: "lpfp\<^sub>c f c0 = Some c \<Longrightarrow> f c \<sqsubseteq> c"
   39.15 +by(simp add: pfp_pfp lpfp\<^sub>c_def)
   39.16  
   39.17  lemma strip_pfp:
   39.18  assumes "\<And>x. g(f x) = g x" and "pfp f x0 = Some x" shows "g x = g x0"
   39.19  using assms while_option_rule[where P = "%x. g x = g x0" and c = f]
   39.20  unfolding pfp_def by metis
   39.21  
   39.22 -lemma strip_lpfpc: assumes "\<And>c. strip(f c) = strip c" and "lpfp\<^isub>c f c = Some c'"
   39.23 +lemma strip_lpfpc: assumes "\<And>c. strip(f c) = strip c" and "lpfp\<^sub>c f c = Some c'"
   39.24  shows "strip c' = c"
   39.25 -using assms(1) strip_pfp[OF _ assms(2)[simplified lpfp\<^isub>c_def]]
   39.26 +using assms(1) strip_pfp[OF _ assms(2)[simplified lpfp\<^sub>c_def]]
   39.27  by(metis strip_bot_acom)
   39.28  
   39.29  lemma lpfpc_least:
   39.30  assumes mono: "\<And>x y. x \<sqsubseteq> y \<Longrightarrow> f x \<sqsubseteq> f y"
   39.31 -and "strip p = c0" and "f p \<sqsubseteq> p" and lp: "lpfp\<^isub>c f c0 = Some c" shows "c \<sqsubseteq> p"
   39.32 -using pfp_least[OF _ _ bot_acom[OF `strip p = c0`] lp[simplified lpfp\<^isub>c_def]]
   39.33 +and "strip p = c0" and "f p \<sqsubseteq> p" and lp: "lpfp\<^sub>c f c0 = Some c" shows "c \<sqsubseteq> p"
   39.34 +using pfp_least[OF _ _ bot_acom[OF `strip p = c0`] lp[simplified lpfp\<^sub>c_def]]
   39.35    mono `f p \<sqsubseteq> p`
   39.36  by blast
   39.37  
   39.38 @@ -270,51 +270,51 @@
   39.39    {S \<squnion> post c} WHILE b DO (step' Inv c) {Inv}"
   39.40  
   39.41  definition AI :: "com \<Rightarrow> 'av st option acom option" where
   39.42 -"AI = lpfp\<^isub>c (step' \<top>)"
   39.43 +"AI = lpfp\<^sub>c (step' \<top>)"
   39.44  
   39.45  
   39.46  lemma strip_step'[simp]: "strip(step' S c) = strip c"
   39.47  by(induct c arbitrary: S) (simp_all add: Let_def)
   39.48  
   39.49  
   39.50 -abbreviation \<gamma>\<^isub>f :: "'av st \<Rightarrow> state set"
   39.51 -where "\<gamma>\<^isub>f == \<gamma>_fun \<gamma>"
   39.52 +abbreviation \<gamma>\<^sub>f :: "'av st \<Rightarrow> state set"
   39.53 +where "\<gamma>\<^sub>f == \<gamma>_fun \<gamma>"
   39.54  
   39.55 -abbreviation \<gamma>\<^isub>o :: "'av st option \<Rightarrow> state set"
   39.56 -where "\<gamma>\<^isub>o == \<gamma>_option \<gamma>\<^isub>f"
   39.57 +abbreviation \<gamma>\<^sub>o :: "'av st option \<Rightarrow> state set"
   39.58 +where "\<gamma>\<^sub>o == \<gamma>_option \<gamma>\<^sub>f"
   39.59  
   39.60 -abbreviation \<gamma>\<^isub>c :: "'av st option acom \<Rightarrow> state set acom"
   39.61 -where "\<gamma>\<^isub>c == map_acom \<gamma>\<^isub>o"
   39.62 +abbreviation \<gamma>\<^sub>c :: "'av st option acom \<Rightarrow> state set acom"
   39.63 +where "\<gamma>\<^sub>c == map_acom \<gamma>\<^sub>o"
   39.64  
   39.65 -lemma gamma_f_Top[simp]: "\<gamma>\<^isub>f Top = UNIV"
   39.66 +lemma gamma_f_Top[simp]: "\<gamma>\<^sub>f Top = UNIV"
   39.67  by(simp add: Top_fun_def \<gamma>_fun_def)
   39.68  
   39.69 -lemma gamma_o_Top[simp]: "\<gamma>\<^isub>o Top = UNIV"
   39.70 +lemma gamma_o_Top[simp]: "\<gamma>\<^sub>o Top = UNIV"
   39.71  by (simp add: Top_option_def)
   39.72  
   39.73  (* FIXME (maybe also le \<rightarrow> sqle?) *)
   39.74  
   39.75 -lemma mono_gamma_f: "f \<sqsubseteq> g \<Longrightarrow> \<gamma>\<^isub>f f \<subseteq> \<gamma>\<^isub>f g"
   39.76 +lemma mono_gamma_f: "f \<sqsubseteq> g \<Longrightarrow> \<gamma>\<^sub>f f \<subseteq> \<gamma>\<^sub>f g"
   39.77  by(auto simp: le_fun_def \<gamma>_fun_def dest: mono_gamma)
   39.78  
   39.79  lemma mono_gamma_o:
   39.80 -  "sa \<sqsubseteq> sa' \<Longrightarrow> \<gamma>\<^isub>o sa \<subseteq> \<gamma>\<^isub>o sa'"
   39.81 +  "sa \<sqsubseteq> sa' \<Longrightarrow> \<gamma>\<^sub>o sa \<subseteq> \<gamma>\<^sub>o sa'"
   39.82  by(induction sa sa' rule: le_option.induct)(simp_all add: mono_gamma_f)
   39.83  
   39.84 -lemma mono_gamma_c: "ca \<sqsubseteq> ca' \<Longrightarrow> \<gamma>\<^isub>c ca \<le> \<gamma>\<^isub>c ca'"
   39.85 +lemma mono_gamma_c: "ca \<sqsubseteq> ca' \<Longrightarrow> \<gamma>\<^sub>c ca \<le> \<gamma>\<^sub>c ca'"
   39.86  by (induction ca ca' rule: le_acom.induct) (simp_all add:mono_gamma_o)
   39.87  
   39.88  text{* Soundness: *}
   39.89  
   39.90 -lemma aval'_sound: "s : \<gamma>\<^isub>f S \<Longrightarrow> aval a s : \<gamma>(aval' a S)"
   39.91 +lemma aval'_sound: "s : \<gamma>\<^sub>f S \<Longrightarrow> aval a s : \<gamma>(aval' a S)"
   39.92  by (induct a) (auto simp: gamma_num' gamma_plus' \<gamma>_fun_def)
   39.93  
   39.94  lemma in_gamma_update:
   39.95 -  "\<lbrakk> s : \<gamma>\<^isub>f S; i : \<gamma> a \<rbrakk> \<Longrightarrow> s(x := i) : \<gamma>\<^isub>f(S(x := a))"
   39.96 +  "\<lbrakk> s : \<gamma>\<^sub>f S; i : \<gamma> a \<rbrakk> \<Longrightarrow> s(x := i) : \<gamma>\<^sub>f(S(x := a))"
   39.97  by(simp add: \<gamma>_fun_def)
   39.98  
   39.99  lemma step_preserves_le:
  39.100 -  "\<lbrakk> S \<subseteq> \<gamma>\<^isub>o S'; c \<le> \<gamma>\<^isub>c c' \<rbrakk> \<Longrightarrow> step S c \<le> \<gamma>\<^isub>c (step' S' c')"
  39.101 +  "\<lbrakk> S \<subseteq> \<gamma>\<^sub>o S'; c \<le> \<gamma>\<^sub>c c' \<rbrakk> \<Longrightarrow> step S c \<le> \<gamma>\<^sub>c (step' S' c')"
  39.102  proof(induction c arbitrary: c' S S')
  39.103    case SKIP thus ?case by(auto simp:SKIP_le map_acom_SKIP)
  39.104  next
  39.105 @@ -328,40 +328,40 @@
  39.106    case (If b c1 c2 P)
  39.107    then obtain c1' c2' P' where
  39.108        "c' = IF b THEN c1' ELSE c2' {P'}"
  39.109 -      "P \<subseteq> \<gamma>\<^isub>o P'" "c1 \<le> \<gamma>\<^isub>c c1'" "c2 \<le> \<gamma>\<^isub>c c2'"
  39.110 +      "P \<subseteq> \<gamma>\<^sub>o P'" "c1 \<le> \<gamma>\<^sub>c c1'" "c2 \<le> \<gamma>\<^sub>c c2'"
  39.111      by (fastforce simp: If_le map_acom_If)
  39.112 -  moreover have "post c1 \<subseteq> \<gamma>\<^isub>o(post c1' \<squnion> post c2')"
  39.113 -    by (metis (no_types) `c1 \<le> \<gamma>\<^isub>c c1'` join_ge1 le_post mono_gamma_o order_trans post_map_acom)
  39.114 -  moreover have "post c2 \<subseteq> \<gamma>\<^isub>o(post c1' \<squnion> post c2')"
  39.115 -    by (metis (no_types) `c2 \<le> \<gamma>\<^isub>c c2'` join_ge2 le_post mono_gamma_o order_trans post_map_acom)
  39.116 -  ultimately show ?case using `S \<subseteq> \<gamma>\<^isub>o S'` by (simp add: If.IH subset_iff)
  39.117 +  moreover have "post c1 \<subseteq> \<gamma>\<^sub>o(post c1' \<squnion> post c2')"
  39.118 +    by (metis (no_types) `c1 \<le> \<gamma>\<^sub>c c1'` join_ge1 le_post mono_gamma_o order_trans post_map_acom)
  39.119 +  moreover have "post c2 \<subseteq> \<gamma>\<^sub>o(post c1' \<squnion> post c2')"
  39.120 +    by (metis (no_types) `c2 \<le> \<gamma>\<^sub>c c2'` join_ge2 le_post mono_gamma_o order_trans post_map_acom)
  39.121 +  ultimately show ?case using `S \<subseteq> \<gamma>\<^sub>o S'` by (simp add: If.IH subset_iff)
  39.122  next
  39.123    case (While I b c1 P)
  39.124    then obtain c1' I' P' where
  39.125      "c' = {I'} WHILE b DO c1' {P'}"
  39.126 -    "I \<subseteq> \<gamma>\<^isub>o I'" "P \<subseteq> \<gamma>\<^isub>o P'" "c1 \<le> \<gamma>\<^isub>c c1'"
  39.127 +    "I \<subseteq> \<gamma>\<^sub>o I'" "P \<subseteq> \<gamma>\<^sub>o P'" "c1 \<le> \<gamma>\<^sub>c c1'"
  39.128      by (fastforce simp: map_acom_While While_le)
  39.129 -  moreover have "S \<union> post c1 \<subseteq> \<gamma>\<^isub>o (S' \<squnion> post c1')"
  39.130 -    using `S \<subseteq> \<gamma>\<^isub>o S'` le_post[OF `c1 \<le> \<gamma>\<^isub>c c1'`, simplified]
  39.131 +  moreover have "S \<union> post c1 \<subseteq> \<gamma>\<^sub>o (S' \<squnion> post c1')"
  39.132 +    using `S \<subseteq> \<gamma>\<^sub>o S'` le_post[OF `c1 \<le> \<gamma>\<^sub>c c1'`, simplified]
  39.133      by (metis (no_types) join_ge1 join_ge2 le_sup_iff mono_gamma_o order_trans)
  39.134    ultimately show ?case by (simp add: While.IH subset_iff)
  39.135  qed
  39.136  
  39.137 -lemma AI_sound: "AI c = Some c' \<Longrightarrow> CS c \<le> \<gamma>\<^isub>c c'"
  39.138 +lemma AI_sound: "AI c = Some c' \<Longrightarrow> CS c \<le> \<gamma>\<^sub>c c'"
  39.139  proof(simp add: CS_def AI_def)
  39.140 -  assume 1: "lpfp\<^isub>c (step' \<top>) c = Some c'"
  39.141 +  assume 1: "lpfp\<^sub>c (step' \<top>) c = Some c'"
  39.142    have 2: "step' \<top> c' \<sqsubseteq> c'" by(rule lpfpc_pfp[OF 1])
  39.143 -  have 3: "strip (\<gamma>\<^isub>c (step' \<top> c')) = c"
  39.144 +  have 3: "strip (\<gamma>\<^sub>c (step' \<top> c')) = c"
  39.145      by(simp add: strip_lpfpc[OF _ 1])
  39.146 -  have "lfp (step UNIV) c \<le> \<gamma>\<^isub>c (step' \<top> c')"
  39.147 +  have "lfp (step UNIV) c \<le> \<gamma>\<^sub>c (step' \<top> c')"
  39.148    proof(rule lfp_lowerbound[simplified,OF 3])
  39.149 -    show "step UNIV (\<gamma>\<^isub>c (step' \<top> c')) \<le> \<gamma>\<^isub>c (step' \<top> c')"
  39.150 +    show "step UNIV (\<gamma>\<^sub>c (step' \<top> c')) \<le> \<gamma>\<^sub>c (step' \<top> c')"
  39.151      proof(rule step_preserves_le[OF _ _])
  39.152 -      show "UNIV \<subseteq> \<gamma>\<^isub>o \<top>" by simp
  39.153 -      show "\<gamma>\<^isub>c (step' \<top> c') \<le> \<gamma>\<^isub>c c'" by(rule mono_gamma_c[OF 2])
  39.154 +      show "UNIV \<subseteq> \<gamma>\<^sub>o \<top>" by simp
  39.155 +      show "\<gamma>\<^sub>c (step' \<top> c') \<le> \<gamma>\<^sub>c c'" by(rule mono_gamma_c[OF 2])
  39.156      qed
  39.157    qed
  39.158 -  with 2 show "lfp (step UNIV) c \<le> \<gamma>\<^isub>c c'"
  39.159 +  with 2 show "lfp (step UNIV) c \<le> \<gamma>\<^sub>c c'"
  39.160      by (blast intro: mono_gamma_c order_trans)
  39.161  qed
  39.162  
    40.1 --- a/src/HOL/IMP/Abs_Int_ITP/Abs_Int1_ITP.thy	Tue Aug 13 14:20:22 2013 +0200
    40.2 +++ b/src/HOL/IMP/Abs_Int_ITP/Abs_Int1_ITP.thy	Tue Aug 13 16:25:47 2013 +0200
    40.3 @@ -17,7 +17,7 @@
    40.4  "aval' (V x) S = lookup S x" |
    40.5  "aval' (Plus a1 a2) S = plus' (aval' a1 S) (aval' a2 S)"
    40.6  
    40.7 -lemma aval'_sound: "s : \<gamma>\<^isub>f S \<Longrightarrow> aval a s : \<gamma>(aval' a S)"
    40.8 +lemma aval'_sound: "s : \<gamma>\<^sub>f S \<Longrightarrow> aval a s : \<gamma>(aval' a S)"
    40.9  by (induction a) (auto simp: gamma_num' gamma_plus' \<gamma>_st_def lookup_def)
   40.10  
   40.11  end
   40.12 @@ -41,7 +41,7 @@
   40.13     {S \<squnion> post c} WHILE b DO step' Inv c {Inv}"
   40.14  
   40.15  definition AI :: "com \<Rightarrow> 'av st option acom option" where
   40.16 -"AI = lpfp\<^isub>c (step' \<top>)"
   40.17 +"AI = lpfp\<^sub>c (step' \<top>)"
   40.18  
   40.19  
   40.20  lemma strip_step'[simp]: "strip(step' S c) = strip c"
   40.21 @@ -51,14 +51,14 @@
   40.22  text{* Soundness: *}
   40.23  
   40.24  lemma in_gamma_update:
   40.25 -  "\<lbrakk> s : \<gamma>\<^isub>f S; i : \<gamma> a \<rbrakk> \<Longrightarrow> s(x := i) : \<gamma>\<^isub>f(update S x a)"
   40.26 +  "\<lbrakk> s : \<gamma>\<^sub>f S; i : \<gamma> a \<rbrakk> \<Longrightarrow> s(x := i) : \<gamma>\<^sub>f(update S x a)"
   40.27  by(simp add: \<gamma>_st_def lookup_update)
   40.28  
   40.29  text{* The soundness proofs are textually identical to the ones for the step
   40.30  function operating on states as functions. *}
   40.31  
   40.32  lemma step_preserves_le:
   40.33 -  "\<lbrakk> S \<subseteq> \<gamma>\<^isub>o S'; c \<le> \<gamma>\<^isub>c c' \<rbrakk> \<Longrightarrow> step S c \<le> \<gamma>\<^isub>c (step' S' c')"
   40.34 +  "\<lbrakk> S \<subseteq> \<gamma>\<^sub>o S'; c \<le> \<gamma>\<^sub>c c' \<rbrakk> \<Longrightarrow> step S c \<le> \<gamma>\<^sub>c (step' S' c')"
   40.35  proof(induction c arbitrary: c' S S')
   40.36    case SKIP thus ?case by(auto simp:SKIP_le map_acom_SKIP)
   40.37  next
   40.38 @@ -72,40 +72,40 @@
   40.39    case (If b c1 c2 P)
   40.40    then obtain c1' c2' P' where
   40.41        "c' = IF b THEN c1' ELSE c2' {P'}"
   40.42 -      "P \<subseteq> \<gamma>\<^isub>o P'" "c1 \<le> \<gamma>\<^isub>c c1'" "c2 \<le> \<gamma>\<^isub>c c2'"
   40.43 +      "P \<subseteq> \<gamma>\<^sub>o P'" "c1 \<le> \<gamma>\<^sub>c c1'" "c2 \<le> \<gamma>\<^sub>c c2'"
   40.44      by (fastforce simp: If_le map_acom_If)
   40.45 -  moreover have "post c1 \<subseteq> \<gamma>\<^isub>o(post c1' \<squnion> post c2')"
   40.46 -    by (metis (no_types) `c1 \<le> \<gamma>\<^isub>c c1'` join_ge1 le_post mono_gamma_o order_trans post_map_acom)
   40.47 -  moreover have "post c2 \<subseteq> \<gamma>\<^isub>o(post c1' \<squnion> post c2')"
   40.48 -    by (metis (no_types) `c2 \<le> \<gamma>\<^isub>c c2'` join_ge2 le_post mono_gamma_o order_trans post_map_acom)
   40.49 -  ultimately show ?case using `S \<subseteq> \<gamma>\<^isub>o S'` by (simp add: If.IH subset_iff)
   40.50 +  moreover have "post c1 \<subseteq> \<gamma>\<^sub>o(post c1' \<squnion> post c2')"
   40.51 +    by (metis (no_types) `c1 \<le> \<gamma>\<^sub>c c1'` join_ge1 le_post mono_gamma_o order_trans post_map_acom)
   40.52 +  moreover have "post c2 \<subseteq> \<gamma>\<^sub>o(post c1' \<squnion> post c2')"
   40.53 +    by (metis (no_types) `c2 \<le> \<gamma>\<^sub>c c2'` join_ge2 le_post mono_gamma_o order_trans post_map_acom)
   40.54 +  ultimately show ?case using `S \<subseteq> \<gamma>\<^sub>o S'` by (simp add: If.IH subset_iff)
   40.55  next
   40.56    case (While I b c1 P)
   40.57    then obtain c1' I' P' where
   40.58      "c' = {I'} WHILE b DO c1' {P'}"
   40.59 -    "I \<subseteq> \<gamma>\<^isub>o I'" "P \<subseteq> \<gamma>\<^isub>o P'" "c1 \<le> \<gamma>\<^isub>c c1'"
   40.60 +    "I \<subseteq> \<gamma>\<^sub>o I'" "P \<subseteq> \<gamma>\<^sub>o P'" "c1 \<le> \<gamma>\<^sub>c c1'"
   40.61      by (fastforce simp: map_acom_While While_le)
   40.62 -  moreover have "S \<union> post c1 \<subseteq> \<gamma>\<^isub>o (S' \<squnion> post c1')"
   40.63 -    using `S \<subseteq> \<gamma>\<^isub>o S'` le_post[OF `c1 \<le> \<gamma>\<^isub>c c1'`, simplified]
   40.64 +  moreover have "S \<union> post c1 \<subseteq> \<gamma>\<^sub>o (S' \<squnion> post c1')"
   40.65 +    using `S \<subseteq> \<gamma>\<^sub>o S'` le_post[OF `c1 \<le> \<gamma>\<^sub>c c1'`, simplified]
   40.66      by (metis (no_types) join_ge1 join_ge2 le_sup_iff mono_gamma_o order_trans)
   40.67    ultimately show ?case by (simp add: While.IH subset_iff)
   40.68  qed
   40.69  
   40.70 -lemma AI_sound: "AI c = Some c' \<Longrightarrow> CS c \<le> \<gamma>\<^isub>c c'"
   40.71 +lemma AI_sound: "AI c = Some c' \<Longrightarrow> CS c \<le> \<gamma>\<^sub>c c'"
   40.72  proof(simp add: CS_def AI_def)
   40.73 -  assume 1: "lpfp\<^isub>c (step' \<top>) c = Some c'"
   40.74 +  assume 1: "lpfp\<^sub>c (step' \<top>) c = Some c'"
   40.75    have 2: "step' \<top> c' \<sqsubseteq> c'" by(rule lpfpc_pfp[OF 1])
   40.76 -  have 3: "strip (\<gamma>\<^isub>c (step' \<top> c')) = c"
   40.77 +  have 3: "strip (\<gamma>\<^sub>c (step' \<top> c')) = c"
   40.78      by(simp add: strip_lpfpc[OF _ 1])
   40.79 -  have "lfp (step UNIV) c \<le> \<gamma>\<^isub>c (step' \<top> c')"
   40.80 +  have "lfp (step UNIV) c \<le> \<gamma>\<^sub>c (step' \<top> c')"
   40.81    proof(rule lfp_lowerbound[simplified,OF 3])
   40.82 -    show "step UNIV (\<gamma>\<^isub>c (step' \<top> c')) \<le> \<gamma>\<^isub>c (step' \<top> c')"
   40.83 +    show "step UNIV (\<gamma>\<^sub>c (step' \<top> c')) \<le> \<gamma>\<^sub>c (step' \<top> c')"
   40.84      proof(rule step_preserves_le[OF _ _])
   40.85 -      show "UNIV \<subseteq> \<gamma>\<^isub>o \<top>" by simp
   40.86 -      show "\<gamma>\<^isub>c (step' \<top> c') \<le> \<gamma>\<^isub>c c'" by(rule mono_gamma_c[OF 2])
   40.87 +      show "UNIV \<subseteq> \<gamma>\<^sub>o \<top>" by simp
   40.88 +      show "\<gamma>\<^sub>c (step' \<top> c') \<le> \<gamma>\<^sub>c c'" by(rule mono_gamma_c[OF 2])
   40.89      qed
   40.90    qed
   40.91 -  from this 2 show "lfp (step UNIV) c \<le> \<gamma>\<^isub>c c'"
   40.92 +  from this 2 show "lfp (step UNIV) c \<le> \<gamma>\<^sub>c c'"
   40.93      by (blast intro: mono_gamma_c order_trans)
   40.94  qed
   40.95  
   40.96 @@ -367,8 +367,8 @@
   40.97    fixes f :: "(('a::SL_top)option acom \<Rightarrow> 'a option acom)"
   40.98    assumes "acc {(x::'a,y). x \<sqsubseteq> y}" and "\<And>x y. x \<sqsubseteq> y \<Longrightarrow> f x \<sqsubseteq> f y"
   40.99    and "\<And>c. strip(f c) = strip c"
  40.100 -  shows "\<exists>c'. lpfp\<^isub>c f c = Some c'"
  40.101 -unfolding lpfp\<^isub>c_def
  40.102 +  shows "\<exists>c'. lpfp\<^sub>c f c = Some c'"
  40.103 +unfolding lpfp\<^sub>c_def
  40.104  apply(rule pfp_termination)
  40.105    apply(erule assms(2))
  40.106   apply(rule acc_acom[OF acc_option[OF assms(1)]])
    41.1 --- a/src/HOL/IMP/Abs_Int_ITP/Abs_Int2_ITP.thy	Tue Aug 13 14:20:22 2013 +0200
    41.2 +++ b/src/HOL/IMP/Abs_Int_ITP/Abs_Int2_ITP.thy	Tue Aug 13 16:25:47 2013 +0200
    41.3 @@ -70,14 +70,14 @@
    41.4    Val_abs1 where \<gamma> = \<gamma> for \<gamma> :: "'av::L_top_bot \<Rightarrow> val set"
    41.5  begin
    41.6  
    41.7 -lemma in_gamma_join_UpI: "s : \<gamma>\<^isub>o S1 \<or> s : \<gamma>\<^isub>o S2 \<Longrightarrow> s : \<gamma>\<^isub>o(S1 \<squnion> S2)"
    41.8 +lemma in_gamma_join_UpI: "s : \<gamma>\<^sub>o S1 \<or> s : \<gamma>\<^sub>o S2 \<Longrightarrow> s : \<gamma>\<^sub>o(S1 \<squnion> S2)"
    41.9  by (metis (no_types) join_ge1 join_ge2 mono_gamma_o set_rev_mp)
   41.10  
   41.11  fun aval'' :: "aexp \<Rightarrow> 'av st option \<Rightarrow> 'av" where
   41.12  "aval'' e None = \<bottom>" |
   41.13  "aval'' e (Some sa) = aval' e sa"
   41.14  
   41.15 -lemma aval''_sound: "s : \<gamma>\<^isub>o S \<Longrightarrow> aval a s : \<gamma>(aval'' a S)"
   41.16 +lemma aval''_sound: "s : \<gamma>\<^sub>o S \<Longrightarrow> aval a s : \<gamma>(aval'' a S)"
   41.17  by(cases S)(simp add: aval'_sound)+
   41.18  
   41.19  subsubsection "Backward analysis"
   41.20 @@ -111,12 +111,12 @@
   41.21    (let (res1,res2) = filter_less' res (aval'' e1 S) (aval'' e2 S)
   41.22     in afilter e1 res1 (afilter e2 res2 S))"
   41.23  
   41.24 -lemma afilter_sound: "s : \<gamma>\<^isub>o S \<Longrightarrow> aval e s : \<gamma> a \<Longrightarrow> s : \<gamma>\<^isub>o (afilter e a S)"
   41.25 +lemma afilter_sound: "s : \<gamma>\<^sub>o S \<Longrightarrow> aval e s : \<gamma> a \<Longrightarrow> s : \<gamma>\<^sub>o (afilter e a S)"
   41.26  proof(induction e arbitrary: a S)
   41.27    case N thus ?case by simp (metis test_num')
   41.28  next
   41.29    case (V x)
   41.30 -  obtain S' where "S = Some S'" and "s : \<gamma>\<^isub>f S'" using `s : \<gamma>\<^isub>o S`
   41.31 +  obtain S' where "S = Some S'" and "s : \<gamma>\<^sub>f S'" using `s : \<gamma>\<^sub>o S`
   41.32      by(auto simp: in_gamma_option_iff)
   41.33    moreover hence "s x : \<gamma> (lookup S' x)" by(simp add: \<gamma>_st_def)
   41.34    moreover have "s x : \<gamma> a" using V by simp
   41.35 @@ -129,7 +129,7 @@
   41.36      by (auto split: prod.split)
   41.37  qed
   41.38  
   41.39 -lemma bfilter_sound: "s : \<gamma>\<^isub>o S \<Longrightarrow> bv = bval b s \<Longrightarrow> s : \<gamma>\<^isub>o(bfilter b bv S)"
   41.40 +lemma bfilter_sound: "s : \<gamma>\<^sub>o S \<Longrightarrow> bv = bval b s \<Longrightarrow> s : \<gamma>\<^sub>o(bfilter b bv S)"
   41.41  proof(induction b arbitrary: S bv)
   41.42    case Bc thus ?case by simp
   41.43  next
   41.44 @@ -158,7 +158,7 @@
   41.45     {bfilter b False Inv}"
   41.46  
   41.47  definition AI :: "com \<Rightarrow> 'av st option acom option" where
   41.48 -"AI = lpfp\<^isub>c (step' \<top>)"
   41.49 +"AI = lpfp\<^sub>c (step' \<top>)"
   41.50  
   41.51  lemma strip_step'[simp]: "strip(step' S c) = strip c"
   41.52  by(induct c arbitrary: S) (simp_all add: Let_def)
   41.53 @@ -167,11 +167,11 @@
   41.54  subsubsection "Soundness"
   41.55  
   41.56  lemma in_gamma_update:
   41.57 -  "\<lbrakk> s : \<gamma>\<^isub>f S; i : \<gamma> a \<rbrakk> \<Longrightarrow> s(x := i) : \<gamma>\<^isub>f(update S x a)"
   41.58 +  "\<lbrakk> s : \<gamma>\<^sub>f S; i : \<gamma> a \<rbrakk> \<Longrightarrow> s(x := i) : \<gamma>\<^sub>f(update S x a)"
   41.59  by(simp add: \<gamma>_st_def lookup_update)
   41.60  
   41.61  lemma step_preserves_le:
   41.62 -  "\<lbrakk> S \<subseteq> \<gamma>\<^isub>o S'; cs \<le> \<gamma>\<^isub>c ca \<rbrakk> \<Longrightarrow> step S cs \<le> \<gamma>\<^isub>c (step' S' ca)"
   41.63 +  "\<lbrakk> S \<subseteq> \<gamma>\<^sub>o S'; cs \<le> \<gamma>\<^sub>c ca \<rbrakk> \<Longrightarrow> step S cs \<le> \<gamma>\<^sub>c (step' S' ca)"
   41.64  proof(induction cs arbitrary: ca S S')
   41.65    case SKIP thus ?case by(auto simp:SKIP_le map_acom_SKIP)
   41.66  next
   41.67 @@ -185,41 +185,41 @@
   41.68    case (If b cs1 cs2 P)
   41.69    then obtain ca1 ca2 Pa where
   41.70        "ca= IF b THEN ca1 ELSE ca2 {Pa}"
   41.71 -      "P \<subseteq> \<gamma>\<^isub>o Pa" "cs1 \<le> \<gamma>\<^isub>c ca1" "cs2 \<le> \<gamma>\<^isub>c ca2"
   41.72 +      "P \<subseteq> \<gamma>\<^sub>o Pa" "cs1 \<le> \<gamma>\<^sub>c ca1" "cs2 \<le> \<gamma>\<^sub>c ca2"
   41.73      by (fastforce simp: If_le map_acom_If)
   41.74 -  moreover have "post cs1 \<subseteq> \<gamma>\<^isub>o(post ca1 \<squnion> post ca2)"
   41.75 -    by (metis (no_types) `cs1 \<le> \<gamma>\<^isub>c ca1` join_ge1 le_post mono_gamma_o order_trans post_map_acom)
   41.76 -  moreover have "post cs2 \<subseteq> \<gamma>\<^isub>o(post ca1 \<squnion> post ca2)"
   41.77 -    by (metis (no_types) `cs2 \<le> \<gamma>\<^isub>c ca2` join_ge2 le_post mono_gamma_o order_trans post_map_acom)
   41.78 -  ultimately show ?case using `S \<subseteq> \<gamma>\<^isub>o S'`
   41.79 +  moreover have "post cs1 \<subseteq> \<gamma>\<^sub>o(post ca1 \<squnion> post ca2)"
   41.80 +    by (metis (no_types) `cs1 \<le> \<gamma>\<^sub>c ca1` join_ge1 le_post mono_gamma_o order_trans post_map_acom)
   41.81 +  moreover have "post cs2 \<subseteq> \<gamma>\<^sub>o(post ca1 \<squnion> post ca2)"
   41.82 +    by (metis (no_types) `cs2 \<le> \<gamma>\<^sub>c ca2` join_ge2 le_post mono_gamma_o order_trans post_map_acom)
   41.83 +  ultimately show ?case using `S \<subseteq> \<gamma>\<^sub>o S'`
   41.84      by (simp add: If.IH subset_iff bfilter_sound)
   41.85  next
   41.86    case (While I b cs1 P)
   41.87    then obtain ca1 Ia Pa where
   41.88      "ca = {Ia} WHILE b DO ca1 {Pa}"
   41.89 -    "I \<subseteq> \<gamma>\<^isub>o Ia" "P \<subseteq> \<gamma>\<^isub>o Pa" "cs1 \<le> \<gamma>\<^isub>c ca1"
   41.90 +    "I \<subseteq> \<gamma>\<^sub>o Ia" "P \<subseteq> \<gamma>\<^sub>o Pa" "cs1 \<le> \<gamma>\<^sub>c ca1"
   41.91      by (fastforce simp: map_acom_While While_le)
   41.92 -  moreover have "S \<union> post cs1 \<subseteq> \<gamma>\<^isub>o (S' \<squnion> post ca1)"
   41.93 -    using `S \<subseteq> \<gamma>\<^isub>o S'` le_post[OF `cs1 \<le> \<gamma>\<^isub>c ca1`, simplified]
   41.94 +  moreover have "S \<union> post cs1 \<subseteq> \<gamma>\<^sub>o (S' \<squnion> post ca1)"
   41.95 +    using `S \<subseteq> \<gamma>\<^sub>o S'` le_post[OF `cs1 \<le> \<gamma>\<^sub>c ca1`, simplified]
   41.96      by (metis (no_types) join_ge1 join_ge2 le_sup_iff mono_gamma_o order_trans)
   41.97    ultimately show ?case by (simp add: While.IH subset_iff bfilter_sound)
   41.98  qed
   41.99  
  41.100 -lemma AI_sound: "AI c = Some c' \<Longrightarrow> CS c \<le> \<gamma>\<^isub>c c'"
  41.101 +lemma AI_sound: "AI c = Some c' \<Longrightarrow> CS c \<le> \<gamma>\<^sub>c c'"
  41.102  proof(simp add: CS_def AI_def)
  41.103 -  assume 1: "lpfp\<^isub>c (step' \<top>) c = Some c'"
  41.104 +  assume 1: "lpfp\<^sub>c (step' \<top>) c = Some c'"
  41.105    have 2: "step' \<top> c' \<sqsubseteq> c'" by(rule lpfpc_pfp[OF 1])
  41.106 -  have 3: "strip (\<gamma>\<^isub>c (step' \<top> c')) = c"
  41.107 +  have 3: "strip (\<gamma>\<^sub>c (step' \<top> c')) = c"
  41.108      by(simp add: strip_lpfpc[OF _ 1])
  41.109 -  have "lfp (step UNIV) c \<le> \<gamma>\<^isub>c (step' \<top> c')"
  41.110 +  have "lfp (step UNIV) c \<le> \<gamma>\<^sub>c (step' \<top> c')"
  41.111    proof(rule lfp_lowerbound[simplified,OF 3])
  41.112 -    show "step UNIV (\<gamma>\<^isub>c (step' \<top> c')) \<le> \<gamma>\<^isub>c (step' \<top> c')"
  41.113 +    show "step UNIV (\<gamma>\<^sub>c (step' \<top> c')) \<le> \<gamma>\<^sub>c (step' \<top> c')"
  41.114      proof(rule step_preserves_le[OF _ _])
  41.115 -      show "UNIV \<subseteq> \<gamma>\<^isub>o \<top>" by simp
  41.116 -      show "\<gamma>\<^isub>c (step' \<top> c') \<le> \<gamma>\<^isub>c c'" by(rule mono_gamma_c[OF 2])
  41.117 +      show "UNIV \<subseteq> \<gamma>\<^sub>o \<top>" by simp
  41.118 +      show "\<gamma>\<^sub>c (step' \<top> c') \<le> \<gamma>\<^sub>c c'" by(rule mono_gamma_c[OF 2])
  41.119      qed
  41.120    qed
  41.121 -  from this 2 show "lfp (step UNIV) c \<le> \<gamma>\<^isub>c c'"
  41.122 +  from this 2 show "lfp (step UNIV) c \<le> \<gamma>\<^sub>c c'"
  41.123      by (blast intro: mono_gamma_c order_trans)
  41.124  qed
  41.125  
    42.1 --- a/src/HOL/IMP/Abs_Int_ITP/Abs_Int3_ITP.thy	Tue Aug 13 14:20:22 2013 +0200
    42.2 +++ b/src/HOL/IMP/Abs_Int_ITP/Abs_Int3_ITP.thy	Tue Aug 13 16:25:47 2013 +0200
    42.3 @@ -205,21 +205,21 @@
    42.4  definition AI_wn :: "com \<Rightarrow> 'av st option acom option" where
    42.5  "AI_wn = pfp_wn (step' \<top>)"
    42.6  
    42.7 -lemma AI_wn_sound: "AI_wn c = Some c' \<Longrightarrow> CS c \<le> \<gamma>\<^isub>c c'"
    42.8 +lemma AI_wn_sound: "AI_wn c = Some c' \<Longrightarrow> CS c \<le> \<gamma>\<^sub>c c'"
    42.9  proof(simp add: CS_def AI_wn_def)
   42.10    assume 1: "pfp_wn (step' \<top>) c = Some c'"
   42.11    from pfp_wn_pfp[OF mono_step'2 1]
   42.12    have 2: "step' \<top> c' \<sqsubseteq> c'" .
   42.13 -  have 3: "strip (\<gamma>\<^isub>c (step' \<top> c')) = c" by(simp add: strip_pfp_wn[OF _ 1])
   42.14 -  have "lfp (step UNIV) c \<le> \<gamma>\<^isub>c (step' \<top> c')"
   42.15 +  have 3: "strip (\<gamma>\<^sub>c (step' \<top> c')) = c" by(simp add: strip_pfp_wn[OF _ 1])
   42.16 +  have "lfp (step UNIV) c \<le> \<gamma>\<^sub>c (step' \<top> c')"
   42.17    proof(rule lfp_lowerbound[simplified,OF 3])
   42.18 -    show "step UNIV (\<gamma>\<^isub>c (step' \<top> c')) \<le> \<gamma>\<^isub>c (step' \<top> c')"
   42.19 +    show "step UNIV (\<gamma>\<^sub>c (step' \<top> c')) \<le> \<gamma>\<^sub>c (step' \<top> c')"
   42.20      proof(rule step_preserves_le[OF _ _])
   42.21 -      show "UNIV \<subseteq> \<gamma>\<^isub>o \<top>" by simp
   42.22 -      show "\<gamma>\<^isub>c (step' \<top> c') \<le> \<gamma>\<^isub>c c'" by(rule mono_gamma_c[OF 2])
   42.23 +      show "UNIV \<subseteq> \<gamma>\<^sub>o \<top>" by simp
   42.24 +      show "\<gamma>\<^sub>c (step' \<top> c') \<le> \<gamma>\<^sub>c c'" by(rule mono_gamma_c[OF 2])
   42.25      qed
   42.26    qed
   42.27 -  from this 2 show "lfp (step UNIV) c \<le> \<gamma>\<^isub>c c'"
   42.28 +  from this 2 show "lfp (step UNIV) c \<le> \<gamma>\<^sub>c c'"
   42.29      by (blast intro: mono_gamma_c order_trans)
   42.30  qed
   42.31  
    43.1 --- a/src/HOL/IMP/Abs_Int_ITP/Abs_State_ITP.thy	Tue Aug 13 14:20:22 2013 +0200
    43.2 +++ b/src/HOL/IMP/Abs_Int_ITP/Abs_State_ITP.thy	Tue Aug 13 16:25:47 2013 +0200
    43.3 @@ -61,32 +61,32 @@
    43.4  locale Gamma = Val_abs where \<gamma>=\<gamma> for \<gamma> :: "'av::SL_top \<Rightarrow> val set"
    43.5  begin
    43.6  
    43.7 -abbreviation \<gamma>\<^isub>f :: "'av st \<Rightarrow> state set"
    43.8 -where "\<gamma>\<^isub>f == \<gamma>_st \<gamma>"
    43.9 +abbreviation \<gamma>\<^sub>f :: "'av st \<Rightarrow> state set"
   43.10 +where "\<gamma>\<^sub>f == \<gamma>_st \<gamma>"
   43.11  
   43.12 -abbreviation \<gamma>\<^isub>o :: "'av st option \<Rightarrow> state set"
   43.13 -where "\<gamma>\<^isub>o == \<gamma>_option \<gamma>\<^isub>f"
   43.14 +abbreviation \<gamma>\<^sub>o :: "'av st option \<Rightarrow> state set"
   43.15 +where "\<gamma>\<^sub>o == \<gamma>_option \<gamma>\<^sub>f"
   43.16  
   43.17 -abbreviation \<gamma>\<^isub>c :: "'av st option acom \<Rightarrow> state set acom"
   43.18 -where "\<gamma>\<^isub>c == map_acom \<gamma>\<^isub>o"
   43.19 +abbreviation \<gamma>\<^sub>c :: "'av st option acom \<Rightarrow> state set acom"
   43.20 +where "\<gamma>\<^sub>c == map_acom \<gamma>\<^sub>o"
   43.21  
   43.22 -lemma gamma_f_Top[simp]: "\<gamma>\<^isub>f Top = UNIV"
   43.23 +lemma gamma_f_Top[simp]: "\<gamma>\<^sub>f Top = UNIV"
   43.24  by(auto simp: Top_st_def \<gamma>_st_def lookup_def)
   43.25  
   43.26 -lemma gamma_o_Top[simp]: "\<gamma>\<^isub>o Top = UNIV"
   43.27 +lemma gamma_o_Top[simp]: "\<gamma>\<^sub>o Top = UNIV"
   43.28  by (simp add: Top_option_def)
   43.29  
   43.30  (* FIXME (maybe also le \<rightarrow> sqle?) *)
   43.31  
   43.32 -lemma mono_gamma_f: "f \<sqsubseteq> g \<Longrightarrow> \<gamma>\<^isub>f f \<subseteq> \<gamma>\<^isub>f g"
   43.33 +lemma mono_gamma_f: "f \<sqsubseteq> g \<Longrightarrow> \<gamma>\<^sub>f f \<subseteq> \<gamma>\<^sub>f g"
   43.34  apply(simp add:\<gamma>_st_def subset_iff lookup_def le_st_def split: if_splits)
   43.35  by (metis UNIV_I mono_gamma gamma_Top subsetD)
   43.36  
   43.37  lemma mono_gamma_o:
   43.38 -  "sa \<sqsubseteq> sa' \<Longrightarrow> \<gamma>\<^isub>o sa \<subseteq> \<gamma>\<^isub>o sa'"
   43.39 +  "sa \<sqsubseteq> sa' \<Longrightarrow> \<gamma>\<^sub>o sa \<subseteq> \<gamma>\<^sub>o sa'"
   43.40  by(induction sa sa' rule: le_option.induct)(simp_all add: mono_gamma_f)
   43.41  
   43.42 -lemma mono_gamma_c: "ca \<sqsubseteq> ca' \<Longrightarrow> \<gamma>\<^isub>c ca \<le> \<gamma>\<^isub>c ca'"
   43.43 +lemma mono_gamma_c: "ca \<sqsubseteq> ca' \<Longrightarrow> \<gamma>\<^sub>c ca \<le> \<gamma>\<^sub>c ca'"
   43.44  by (induction ca ca' rule: le_acom.induct) (simp_all add:mono_gamma_o)
   43.45  
   43.46  lemma in_gamma_option_iff:
    44.1 --- a/src/HOL/IMP/Abs_Int_ITP/Collecting_ITP.thy	Tue Aug 13 14:20:22 2013 +0200
    44.2 +++ b/src/HOL/IMP/Abs_Int_ITP/Collecting_ITP.thy	Tue Aug 13 16:25:47 2013 +0200
    44.3 @@ -63,14 +63,14 @@
    44.4  
    44.5  end
    44.6  
    44.7 -fun sub\<^isub>1 :: "'a acom \<Rightarrow> 'a acom" where
    44.8 -"sub\<^isub>1(c1;;c2) = c1" |
    44.9 -"sub\<^isub>1(IF b THEN c1 ELSE c2 {S}) = c1" |
   44.10 -"sub\<^isub>1({I} WHILE b DO c {P}) = c"
   44.11 +fun sub\<^sub>1 :: "'a acom \<Rightarrow> 'a acom" where
   44.12 +"sub\<^sub>1(c1;;c2) = c1" |
   44.13 +"sub\<^sub>1(IF b THEN c1 ELSE c2 {S}) = c1" |
   44.14 +"sub\<^sub>1({I} WHILE b DO c {P}) = c"
   44.15  
   44.16 -fun sub\<^isub>2 :: "'a acom \<Rightarrow> 'a acom" where
   44.17 -"sub\<^isub>2(c1;;c2) = c2" |
   44.18 -"sub\<^isub>2(IF b THEN c1 ELSE c2 {S}) = c2"
   44.19 +fun sub\<^sub>2 :: "'a acom \<Rightarrow> 'a acom" where
   44.20 +"sub\<^sub>2(c1;;c2) = c2" |
   44.21 +"sub\<^sub>2(IF b THEN c1 ELSE c2 {S}) = c2"
   44.22  
   44.23  fun invar :: "'a acom \<Rightarrow> 'a" where
   44.24  "invar({I} WHILE b DO c {P}) = I"
   44.25 @@ -80,13 +80,13 @@
   44.26  "lift F com.SKIP M = (SKIP {F (post ` M)})" |
   44.27  "lift F (x ::= a) M = (x ::= a {F (post ` M)})" |
   44.28  "lift F (c1;;c2) M =
   44.29 -  lift F c1 (sub\<^isub>1 ` M);; lift F c2 (sub\<^isub>2 ` M)" |
   44.30 +  lift F c1 (sub\<^sub>1 ` M);; lift F c2 (sub\<^sub>2 ` M)" |
   44.31  "lift F (IF b THEN c1 ELSE c2) M =
   44.32 -  IF b THEN lift F c1 (sub\<^isub>1 ` M) ELSE lift F c2 (sub\<^isub>2 ` M)
   44.33 +  IF b THEN lift F c1 (sub\<^sub>1 ` M) ELSE lift F c2 (sub\<^sub>2 ` M)
   44.34    {F (post ` M)}" |
   44.35  "lift F (WHILE b DO c) M =
   44.36   {F (invar ` M)}
   44.37 - WHILE b DO lift F c (sub\<^isub>1 ` M)
   44.38 + WHILE b DO lift F c (sub\<^sub>1 ` M)
   44.39   {F (post ` M)}"
   44.40  
   44.41  interpretation Complete_Lattice_ix "%c. {c'. strip c' = c}" "lift Inter"
    45.1 --- a/src/HOL/IMP/Abs_State.thy	Tue Aug 13 14:20:22 2013 +0200
    45.2 +++ b/src/HOL/IMP/Abs_State.thy	Tue Aug 13 16:25:47 2013 +0200
    45.3 @@ -132,29 +132,29 @@
    45.4    for \<gamma> :: "'av::semilattice_sup_top \<Rightarrow> val set"
    45.5  begin
    45.6  
    45.7 -abbreviation \<gamma>\<^isub>s :: "'av st \<Rightarrow> state set"
    45.8 -where "\<gamma>\<^isub>s == \<gamma>_st \<gamma>"
    45.9 +abbreviation \<gamma>\<^sub>s :: "'av st \<Rightarrow> state set"
   45.10 +where "\<gamma>\<^sub>s == \<gamma>_st \<gamma>"
   45.11  
   45.12 -abbreviation \<gamma>\<^isub>o :: "'av st option \<Rightarrow> state set"
   45.13 -where "\<gamma>\<^isub>o == \<gamma>_option \<gamma>\<^isub>s"
   45.14 +abbreviation \<gamma>\<^sub>o :: "'av st option \<Rightarrow> state set"
   45.15 +where "\<gamma>\<^sub>o == \<gamma>_option \<gamma>\<^sub>s"
   45.16  
   45.17 -abbreviation \<gamma>\<^isub>c :: "'av st option acom \<Rightarrow> state set acom"
   45.18 -where "\<gamma>\<^isub>c == map_acom \<gamma>\<^isub>o"
   45.19 +abbreviation \<gamma>\<^sub>c :: "'av st option acom \<Rightarrow> state set acom"
   45.20 +where "\<gamma>\<^sub>c == map_acom \<gamma>\<^sub>o"
   45.21  
   45.22 -lemma gamma_s_top[simp]: "\<gamma>\<^isub>s \<top> = UNIV"
   45.23 +lemma gamma_s_top[simp]: "\<gamma>\<^sub>s \<top> = UNIV"
   45.24  by(auto simp: \<gamma>_st_def fun_top)
   45.25  
   45.26 -lemma gamma_o_Top[simp]: "\<gamma>\<^isub>o \<top> = UNIV"
   45.27 +lemma gamma_o_Top[simp]: "\<gamma>\<^sub>o \<top> = UNIV"
   45.28  by (simp add: top_option_def)
   45.29  
   45.30 -lemma mono_gamma_s: "f \<le> g \<Longrightarrow> \<gamma>\<^isub>s f \<subseteq> \<gamma>\<^isub>s g"
   45.31 +lemma mono_gamma_s: "f \<le> g \<Longrightarrow> \<gamma>\<^sub>s f \<subseteq> \<gamma>\<^sub>s g"
   45.32  by(simp add:\<gamma>_st_def le_st_iff subset_iff) (metis mono_gamma subsetD)
   45.33  
   45.34  lemma mono_gamma_o:
   45.35 -  "S1 \<le> S2 \<Longrightarrow> \<gamma>\<^isub>o S1 \<subseteq> \<gamma>\<^isub>o S2"
   45.36 +  "S1 \<le> S2 \<Longrightarrow> \<gamma>\<^sub>o S1 \<subseteq> \<gamma>\<^sub>o S2"
   45.37  by(induction S1 S2 rule: less_eq_option.induct)(simp_all add: mono_gamma_s)
   45.38  
   45.39 -lemma mono_gamma_c: "C1 \<le> C2 \<Longrightarrow> \<gamma>\<^isub>c C1 \<le> \<gamma>\<^isub>c C2"
   45.40 +lemma mono_gamma_c: "C1 \<le> C2 \<Longrightarrow> \<gamma>\<^sub>c C1 \<le> \<gamma>\<^sub>c C2"
   45.41  by (simp add: less_eq_acom_def mono_gamma_o size_annos anno_map_acom size_annos_same[of C1 C2])
   45.42  
   45.43  lemma in_gamma_option_iff:
    46.1 --- a/src/HOL/IMP/BExp.thy	Tue Aug 13 14:20:22 2013 +0200
    46.2 +++ b/src/HOL/IMP/BExp.thy	Tue Aug 13 16:25:47 2013 +0200
    46.3 @@ -10,8 +10,8 @@
    46.4  fun bval :: "bexp \<Rightarrow> state \<Rightarrow> bool" where
    46.5  "bval (Bc v) s = v" |
    46.6  "bval (Not b) s = (\<not> bval b s)" |
    46.7 -"bval (And b\<^isub>1 b\<^isub>2) s = (bval b\<^isub>1 s \<and> bval b\<^isub>2 s)" |
    46.8 -"bval (Less a\<^isub>1 a\<^isub>2) s = (aval a\<^isub>1 s < aval a\<^isub>2 s)"
    46.9 +"bval (And b\<^sub>1 b\<^sub>2) s = (bval b\<^sub>1 s \<and> bval b\<^sub>2 s)" |
   46.10 +"bval (Less a\<^sub>1 a\<^sub>2) s = (aval a\<^sub>1 s < aval a\<^sub>2 s)"
   46.11  text_raw{*}%endsnip*}
   46.12  
   46.13  value "bval (Less (V ''x'') (Plus (N 3) (V ''y'')))
   46.14 @@ -33,8 +33,8 @@
   46.15  
   46.16  text_raw{*\snip{BExplessdef}{0}{2}{% *}
   46.17  fun less :: "aexp \<Rightarrow> aexp \<Rightarrow> bexp" where
   46.18 -"less (N n\<^isub>1) (N n\<^isub>2) = Bc(n\<^isub>1 < n\<^isub>2)" |
   46.19 -"less a\<^isub>1 a\<^isub>2 = Less a\<^isub>1 a\<^isub>2"
   46.20 +"less (N n\<^sub>1) (N n\<^sub>2) = Bc(n\<^sub>1 < n\<^sub>2)" |
   46.21 +"less a\<^sub>1 a\<^sub>2 = Less a\<^sub>1 a\<^sub>2"
   46.22  text_raw{*}%endsnip*}
   46.23  
   46.24  lemma [simp]: "bval (less a1 a2) s = (aval a1 s < aval a2 s)"
   46.25 @@ -48,7 +48,7 @@
   46.26  "and b (Bc True) = b" |
   46.27  "and (Bc False) b = Bc False" |
   46.28  "and b (Bc False) = Bc False" |
   46.29 -"and b\<^isub>1 b\<^isub>2 = And b\<^isub>1 b\<^isub>2"
   46.30 +"and b\<^sub>1 b\<^sub>2 = And b\<^sub>1 b\<^sub>2"
   46.31  text_raw{*}%endsnip*}
   46.32  
   46.33  lemma bval_and[simp]: "bval (and b1 b2) s = (bval b1 s \<and> bval b2 s)"
   46.34 @@ -74,8 +74,8 @@
   46.35  fun bsimp :: "bexp \<Rightarrow> bexp" where
   46.36  "bsimp (Bc v) = Bc v" |
   46.37  "bsimp (Not b) = not(bsimp b)" |
   46.38 -"bsimp (And b\<^isub>1 b\<^isub>2) = and (bsimp b\<^isub>1) (bsimp b\<^isub>2)" |
   46.39 -"bsimp (Less a\<^isub>1 a\<^isub>2) = less (asimp a\<^isub>1) (asimp a\<^isub>2)"
   46.40 +"bsimp (And b\<^sub>1 b\<^sub>2) = and (bsimp b\<^sub>1) (bsimp b\<^sub>2)" |
   46.41 +"bsimp (Less a\<^sub>1 a\<^sub>2) = less (asimp a\<^sub>1) (asimp a\<^sub>2)"
   46.42  text_raw{*}%endsnip*}
   46.43  
   46.44  value "bsimp (And (Less (N 0) (N 1)) b)"
    47.1 --- a/src/HOL/IMP/Big_Step.thy	Tue Aug 13 14:20:22 2013 +0200
    47.2 +++ b/src/HOL/IMP/Big_Step.thy	Tue Aug 13 16:25:47 2013 +0200
    47.3 @@ -16,13 +16,13 @@
    47.4  where
    47.5  Skip: "(SKIP,s) \<Rightarrow> s" |
    47.6  Assign: "(x ::= a,s) \<Rightarrow> s(x := aval a s)" |
    47.7 -Seq: "\<lbrakk> (c\<^isub>1,s\<^isub>1) \<Rightarrow> s\<^isub>2;  (c\<^isub>2,s\<^isub>2) \<Rightarrow> s\<^isub>3 \<rbrakk> \<Longrightarrow> (c\<^isub>1;;c\<^isub>2, s\<^isub>1) \<Rightarrow> s\<^isub>3" |
    47.8 -IfTrue: "\<lbrakk> bval b s;  (c\<^isub>1,s) \<Rightarrow> t \<rbrakk> \<Longrightarrow> (IF b THEN c\<^isub>1 ELSE c\<^isub>2, s) \<Rightarrow> t" |
    47.9 -IfFalse: "\<lbrakk> \<not>bval b s;  (c\<^isub>2,s) \<Rightarrow> t \<rbrakk> \<Longrightarrow> (IF b THEN c\<^isub>1 ELSE c\<^isub>2, s) \<Rightarrow> t" |
   47.10 +Seq: "\<lbrakk> (c\<^sub>1,s\<^sub>1) \<Rightarrow> s\<^sub>2;  (c\<^sub>2,s\<^sub>2) \<Rightarrow> s\<^sub>3 \<rbrakk> \<Longrightarrow> (c\<^sub>1;;c\<^sub>2, s\<^sub>1) \<Rightarrow> s\<^sub>3" |
   47.11 +IfTrue: "\<lbrakk> bval b s;  (c\<^sub>1,s) \<Rightarrow> t \<rbrakk> \<Longrightarrow> (IF b THEN c\<^sub>1 ELSE c\<^sub>2, s) \<Rightarrow> t" |
   47.12 +IfFalse: "\<lbrakk> \<not>bval b s;  (c\<^sub>2,s) \<Rightarrow> t \<rbrakk> \<Longrightarrow> (IF b THEN c\<^sub>1 ELSE c\<^sub>2, s) \<Rightarrow> t" |
   47.13  WhileFalse: "\<not>bval b s \<Longrightarrow> (WHILE b DO c,s) \<Rightarrow> s" |
   47.14  WhileTrue:
   47.15 -"\<lbrakk> bval b s\<^isub>1;  (c,s\<^isub>1) \<Rightarrow> s\<^isub>2;  (WHILE b DO c, s\<^isub>2) \<Rightarrow> s\<^isub>3 \<rbrakk> 
   47.16 -\<Longrightarrow> (WHILE b DO c, s\<^isub>1) \<Rightarrow> s\<^isub>3"
   47.17 +"\<lbrakk> bval b s\<^sub>1;  (c,s\<^sub>1) \<Rightarrow> s\<^sub>2;  (WHILE b DO c, s\<^sub>2) \<Rightarrow> s\<^sub>3 \<rbrakk> 
   47.18 +\<Longrightarrow> (WHILE b DO c, s\<^sub>1) \<Rightarrow> s\<^sub>3"
   47.19  text_raw{*}%endsnip*}
   47.20  
   47.21  text_raw{*\snip{BigStepEx}{1}{2}{% *}
   47.22 @@ -283,19 +283,19 @@
   47.23    "(c,s) \<Rightarrow> t  \<Longrightarrow>  (c,s) \<Rightarrow> t'  \<Longrightarrow>  t' = t"
   47.24  proof (induction arbitrary: t' rule: big_step.induct)
   47.25    -- "the only interesting case, @{text WhileTrue}:"
   47.26 -  fix b c s s\<^isub>1 t t'
   47.27 +  fix b c s s\<^sub>1 t t'
   47.28    -- "The assumptions of the rule:"
   47.29 -  assume "bval b s" and "(c,s) \<Rightarrow> s\<^isub>1" and "(WHILE b DO c,s\<^isub>1) \<Rightarrow> t"
   47.30 +  assume "bval b s" and "(c,s) \<Rightarrow> s\<^sub>1" and "(WHILE b DO c,s\<^sub>1) \<Rightarrow> t"
   47.31    -- {* Ind.Hyp; note the @{text"\<And>"} because of arbitrary: *}
   47.32 -  assume IHc: "\<And>t'. (c,s) \<Rightarrow> t' \<Longrightarrow> t' = s\<^isub>1"
   47.33 -  assume IHw: "\<And>t'. (WHILE b DO c,s\<^isub>1) \<Rightarrow> t' \<Longrightarrow> t' = t"
   47.34 +  assume IHc: "\<And>t'. (c,s) \<Rightarrow> t' \<Longrightarrow> t' = s\<^sub>1"
   47.35 +  assume IHw: "\<And>t'. (WHILE b DO c,s\<^sub>1) \<Rightarrow> t' \<Longrightarrow> t' = t"
   47.36    -- "Premise of implication:"
   47.37    assume "(WHILE b DO c,s) \<Rightarrow> t'"
   47.38 -  with `bval b s` obtain s\<^isub>1' where
   47.39 -      c: "(c,s) \<Rightarrow> s\<^isub>1'" and
   47.40 -      w: "(WHILE b DO c,s\<^isub>1') \<Rightarrow> t'"
   47.41 +  with `bval b s` obtain s\<^sub>1' where
   47.42 +      c: "(c,s) \<Rightarrow> s\<^sub>1'" and
   47.43 +      w: "(WHILE b DO c,s\<^sub>1') \<Rightarrow> t'"
   47.44      by auto
   47.45 -  from c IHc have "s\<^isub>1' = s\<^isub>1" by blast
   47.46 +  from c IHc have "s\<^sub>1' = s\<^sub>1" by blast
   47.47    with w IHw show "t' = t" by blast
   47.48  qed blast+ -- "prove the rest automatically"
   47.49  text_raw{*}%endsnip*}
    48.1 --- a/src/HOL/IMP/C_like.thy	Tue Aug 13 14:20:22 2013 +0200
    48.2 +++ b/src/HOL/IMP/C_like.thy	Tue Aug 13 16:25:47 2013 +0200
    48.3 @@ -9,15 +9,15 @@
    48.4  fun aval :: "aexp \<Rightarrow> state \<Rightarrow> nat" where
    48.5  "aval (N n) s = n" |
    48.6  "aval (!a) s = s(aval a s)" |
    48.7 -"aval (Plus a\<^isub>1 a\<^isub>2) s = aval a\<^isub>1 s + aval a\<^isub>2 s"
    48.8 +"aval (Plus a\<^sub>1 a\<^sub>2) s = aval a\<^sub>1 s + aval a\<^sub>2 s"
    48.9  
   48.10  datatype bexp = Bc bool | Not bexp | And bexp bexp | Less aexp aexp
   48.11  
   48.12  primrec bval :: "bexp \<Rightarrow> state \<Rightarrow> bool" where
   48.13  "bval (Bc v) _ = v" |
   48.14  "bval (Not b) s = (\<not> bval b s)" |
   48.15 -"bval (And b\<^isub>1 b\<^isub>2) s = (if bval b\<^isub>1 s then bval b\<^isub>2 s else False)" |
   48.16 -"bval (Less a\<^isub>1 a\<^isub>2) s = (aval a\<^isub>1 s < aval a\<^isub>2 s)"
   48.17 +"bval (And b\<^sub>1 b\<^sub>2) s = (if bval b\<^sub>1 s then bval b\<^sub>2 s else False)" |
   48.18 +"bval (Less a\<^sub>1 a\<^sub>2) s = (aval a\<^sub>1 s < aval a\<^sub>2 s)"
   48.19  
   48.20  
   48.21  datatype
   48.22 @@ -34,18 +34,18 @@
   48.23  Skip:    "(SKIP,sn) \<Rightarrow> sn" |
   48.24  Assign:  "(lhs ::= a,s,n) \<Rightarrow> (s(aval lhs s := aval a s),n)" |
   48.25  New:     "(New lhs a,s,n) \<Rightarrow> (s(aval lhs s := n), n+aval a s)"  |
   48.26 -Seq:    "\<lbrakk> (c\<^isub>1,sn\<^isub>1) \<Rightarrow> sn\<^isub>2;  (c\<^isub>2,sn\<^isub>2) \<Rightarrow> sn\<^isub>3 \<rbrakk> \<Longrightarrow>
   48.27 -          (c\<^isub>1;c\<^isub>2, sn\<^isub>1) \<Rightarrow> sn\<^isub>3" |
   48.28 +Seq:    "\<lbrakk> (c\<^sub>1,sn\<^sub>1) \<Rightarrow> sn\<^sub>2;  (c\<^sub>2,sn\<^sub>2) \<Rightarrow> sn\<^sub>3 \<rbrakk> \<Longrightarrow>
   48.29 +          (c\<^sub>1;c\<^sub>2, sn\<^sub>1) \<Rightarrow> sn\<^sub>3" |
   48.30  
   48.31 -IfTrue:  "\<lbrakk> bval b s;  (c\<^isub>1,s,n) \<Rightarrow> tn \<rbrakk> \<Longrightarrow>
   48.32 -         (IF b THEN c\<^isub>1 ELSE c\<^isub>2, s,n) \<Rightarrow> tn" |
   48.33 -IfFalse: "\<lbrakk> \<not>bval b s;  (c\<^isub>2,s,n) \<Rightarrow> tn \<rbrakk> \<Longrightarrow>
   48.34 -         (IF b THEN c\<^isub>1 ELSE c\<^isub>2, s,n) \<Rightarrow> tn" |
   48.35 +IfTrue:  "\<lbrakk> bval b s;  (c\<^sub>1,s,n) \<Rightarrow> tn \<rbrakk> \<Longrightarrow>
   48.36 +         (IF b THEN c\<^sub>1 ELSE c\<^sub>2, s,n) \<Rightarrow> tn" |
   48.37 +IfFalse: "\<lbrakk> \<not>bval b s;  (c\<^sub>2,s,n) \<Rightarrow> tn \<rbrakk> \<Longrightarrow>
   48.38 +         (IF b THEN c\<^sub>1 ELSE c\<^sub>2, s,n) \<Rightarrow> tn" |
   48.39  
   48.40  WhileFalse: "\<not>bval b s \<Longrightarrow> (WHILE b DO c,s,n) \<Rightarrow> (s,n)" |
   48.41  WhileTrue:
   48.42 -  "\<lbrakk> bval b s\<^isub>1;  (c,s\<^isub>1,n) \<Rightarrow> sn\<^isub>2;  (WHILE b DO c, sn\<^isub>2) \<Rightarrow> sn\<^isub>3 \<rbrakk> \<Longrightarrow>
   48.43 -   (WHILE b DO c, s\<^isub>1,n) \<Rightarrow> sn\<^isub>3"
   48.44 +  "\<lbrakk> bval b s\<^sub>1;  (c,s\<^sub>1,n) \<Rightarrow> sn\<^sub>2;  (WHILE b DO c, sn\<^sub>2) \<Rightarrow> sn\<^sub>3 \<rbrakk> \<Longrightarrow>
   48.45 +   (WHILE b DO c, s\<^sub>1,n) \<Rightarrow> sn\<^sub>3"
   48.46  
   48.47  code_pred big_step .
   48.48  
    49.1 --- a/src/HOL/IMP/Compiler.thy	Tue Aug 13 14:20:22 2013 +0200
    49.2 +++ b/src/HOL/IMP/Compiler.thy	Tue Aug 13 16:25:47 2013 +0200
    49.3 @@ -201,10 +201,10 @@
    49.4  fun ccomp :: "com \<Rightarrow> instr list" where
    49.5  "ccomp SKIP = []" |
    49.6  "ccomp (x ::= a) = acomp a @ [STORE x]" |
    49.7 -"ccomp (c\<^isub>1;;c\<^isub>2) = ccomp c\<^isub>1 @ ccomp c\<^isub>2" |
    49.8 -"ccomp (IF b THEN c\<^isub>1 ELSE c\<^isub>2) =
    49.9 -  (let cc\<^isub>1 = ccomp c\<^isub>1; cc\<^isub>2 = ccomp c\<^isub>2; cb = bcomp b False (size cc\<^isub>1 + 1)
   49.10 -   in cb @ cc\<^isub>1 @ JMP (size cc\<^isub>2) # cc\<^isub>2)" |
   49.11 +"ccomp (c\<^sub>1;;c\<^sub>2) = ccomp c\<^sub>1 @ ccomp c\<^sub>2" |
   49.12 +"ccomp (IF b THEN c\<^sub>1 ELSE c\<^sub>2) =
   49.13 +  (let cc\<^sub>1 = ccomp c\<^sub>1; cc\<^sub>2 = ccomp c\<^sub>2; cb = bcomp b False (size cc\<^sub>1 + 1)
   49.14 +   in cb @ cc\<^sub>1 @ JMP (size cc\<^sub>2) # cc\<^sub>2)" |
   49.15  "ccomp (WHILE b DO c) =
   49.16   (let cc = ccomp c; cb = bcomp b False (size cc + 1)
   49.17    in cb @ cc @ [JMP (-(size cb + size cc + 1))])"
    50.1 --- a/src/HOL/IMP/Def_Init.thy	Tue Aug 13 14:20:22 2013 +0200
    50.2 +++ b/src/HOL/IMP/Def_Init.thy	Tue Aug 13 16:25:47 2013 +0200
    50.3 @@ -7,9 +7,9 @@
    50.4  inductive D :: "vname set \<Rightarrow> com \<Rightarrow> vname set \<Rightarrow> bool" where
    50.5  Skip: "D A SKIP A" |
    50.6  Assign: "vars a \<subseteq> A \<Longrightarrow> D A (x ::= a) (insert x A)" |
    50.7 -Seq: "\<lbrakk> D A\<^isub>1 c\<^isub>1 A\<^isub>2;  D A\<^isub>2 c\<^isub>2 A\<^isub>3 \<rbrakk> \<Longrightarrow> D A\<^isub>1 (c\<^isub>1;; c\<^isub>2) A\<^isub>3" |
    50.8 -If: "\<lbrakk> vars b \<subseteq> A;  D A c\<^isub>1 A\<^isub>1;  D A c\<^isub>2 A\<^isub>2 \<rbrakk> \<Longrightarrow>
    50.9 -  D A (IF b THEN c\<^isub>1 ELSE c\<^isub>2) (A\<^isub>1 Int A\<^isub>2)" |
   50.10 +Seq: "\<lbrakk> D A\<^sub>1 c\<^sub>1 A\<^sub>2;  D A\<^sub>2 c\<^sub>2 A\<^sub>3 \<rbrakk> \<Longrightarrow> D A\<^sub>1 (c\<^sub>1;; c\<^sub>2) A\<^sub>3" |
   50.11 +If: "\<lbrakk> vars b \<subseteq> A;  D A c\<^sub>1 A\<^sub>1;  D A c\<^sub>2 A\<^sub>2 \<rbrakk> \<Longrightarrow>
   50.12 +  D A (IF b THEN c\<^sub>1 ELSE c\<^sub>2) (A\<^sub>1 Int A\<^sub>2)" |
   50.13  While: "\<lbrakk> vars b \<subseteq> A;  D A c A' \<rbrakk> \<Longrightarrow> D A (WHILE b DO c) A"
   50.14  
   50.15  inductive_cases [elim!]:
    51.1 --- a/src/HOL/IMP/Def_Init_Big.thy	Tue Aug 13 14:20:22 2013 +0200
    51.2 +++ b/src/HOL/IMP/Def_Init_Big.thy	Tue Aug 13 16:25:47 2013 +0200
    51.3 @@ -13,13 +13,13 @@
    51.4  Skip: "(SKIP,s) \<Rightarrow> s" |
    51.5  AssignNone: "aval a s = None \<Longrightarrow> (x ::= a, Some s) \<Rightarrow> None" |
    51.6  Assign: "aval a s = Some i \<Longrightarrow> (x ::= a, Some s) \<Rightarrow> Some(s(x := Some i))" |
    51.7 -Seq:    "(c\<^isub>1,s\<^isub>1) \<Rightarrow> s\<^isub>2 \<Longrightarrow> (c\<^isub>2,s\<^isub>2) \<Rightarrow> s\<^isub>3 \<Longrightarrow> (c\<^isub>1;;c\<^isub>2,s\<^isub>1) \<Rightarrow> s\<^isub>3" |
    51.8 +Seq:    "(c\<^sub>1,s\<^sub>1) \<Rightarrow> s\<^sub>2 \<Longrightarrow> (c\<^sub>2,s\<^sub>2) \<Rightarrow> s\<^sub>3 \<Longrightarrow> (c\<^sub>1;;c\<^sub>2,s\<^sub>1) \<Rightarrow> s\<^sub>3" |
    51.9  
   51.10 -IfNone:  "bval b s = None \<Longrightarrow> (IF b THEN c\<^isub>1 ELSE c\<^isub>2,Some s) \<Rightarrow> None" |
   51.11 -IfTrue:  "\<lbrakk> bval b s = Some True;  (c\<^isub>1,Some s) \<Rightarrow> s' \<rbrakk> \<Longrightarrow>
   51.12 -  (IF b THEN c\<^isub>1 ELSE c\<^isub>2,Some s) \<Rightarrow> s'" |
   51.13 -IfFalse: "\<lbrakk> bval b s = Some False;  (c\<^isub>2,Some s) \<Rightarrow> s' \<rbrakk> \<Longrightarrow>
   51.14 -  (IF b THEN c\<^isub>1 ELSE c\<^isub>2,Some s) \<Rightarrow> s'" |
   51.15 +IfNone:  "bval b s = None \<Longrightarrow> (IF b THEN c\<^sub>1 ELSE c\<^sub>2,Some s) \<Rightarrow> None" |
   51.16 +IfTrue:  "\<lbrakk> bval b s = Some True;  (c\<^sub>1,Some s) \<Rightarrow> s' \<rbrakk> \<Longrightarrow>
   51.17 +  (IF b THEN c\<^sub>1 ELSE c\<^sub>2,Some s) \<Rightarrow> s'" |
   51.18 +IfFalse: "\<lbrakk> bval b s = Some False;  (c\<^sub>2,Some s) \<Rightarrow> s' \<rbrakk> \<Longrightarrow>
   51.19 +  (IF b THEN c\<^sub>1 ELSE c\<^sub>2,Some s) \<Rightarrow> s'" |
   51.20  
   51.21  WhileNone: "bval b s = None \<Longrightarrow> (WHILE b DO c,Some s) \<Rightarrow> None" |
   51.22  WhileFalse: "bval b s = Some False \<Longrightarrow> (WHILE b DO c,Some s) \<Rightarrow> Some s" |
    52.1 --- a/src/HOL/IMP/Def_Init_Exp.thy	Tue Aug 13 14:20:22 2013 +0200
    52.2 +++ b/src/HOL/IMP/Def_Init_Exp.thy	Tue Aug 13 16:25:47 2013 +0200
    52.3 @@ -12,18 +12,18 @@
    52.4  fun aval :: "aexp \<Rightarrow> state \<Rightarrow> val option" where
    52.5  "aval (N i) s = Some i" |
    52.6  "aval (V x) s = s x" |
    52.7 -"aval (Plus a\<^isub>1 a\<^isub>2) s =
    52.8 -  (case (aval a\<^isub>1 s, aval a\<^isub>2 s) of
    52.9 -     (Some i\<^isub>1,Some i\<^isub>2) \<Rightarrow> Some(i\<^isub>1+i\<^isub>2) | _ \<Rightarrow> None)"
   52.10 +"aval (Plus a\<^sub>1 a\<^sub>2) s =
   52.11 +  (case (aval a\<^sub>1 s, aval a\<^sub>2 s) of
   52.12 +     (Some i\<^sub>1,Some i\<^sub>2) \<Rightarrow> Some(i\<^sub>1+i\<^sub>2) | _ \<Rightarrow> None)"
   52.13  
   52.14  
   52.15  fun bval :: "bexp \<Rightarrow> state \<Rightarrow> bool option" where
   52.16  "bval (Bc v) s = Some v" |
   52.17  "bval (Not b) s = (case bval b s of None \<Rightarrow> None | Some bv \<Rightarrow> Some(\<not> bv))" |
   52.18 -"bval (And b\<^isub>1 b\<^isub>2) s = (case (bval b\<^isub>1 s, bval b\<^isub>2 s) of
   52.19 -  (Some bv\<^isub>1, Some bv\<^isub>2) \<Rightarrow> Some(bv\<^isub>1 & bv\<^isub>2) | _ \<Rightarrow> None)" |
   52.20 -"bval (Less a\<^isub>1 a\<^isub>2) s = (case (aval a\<^isub>1 s, aval a\<^isub>2 s) of
   52.21 - (Some i\<^isub>1, Some i\<^isub>2) \<Rightarrow> Some(i\<^isub>1 < i\<^isub>2) | _ \<Rightarrow> None)"
   52.22 +"bval (And b\<^sub>1 b\<^sub>2) s = (case (bval b\<^sub>1 s, bval b\<^sub>2 s) of
   52.23 +  (Some bv\<^sub>1, Some bv\<^sub>2) \<Rightarrow> Some(bv\<^sub>1 & bv\<^sub>2) | _ \<Rightarrow> None)" |
   52.24 +"bval (Less a\<^sub>1 a\<^sub>2) s = (case (aval a\<^sub>1 s, aval a\<^sub>2 s) of
   52.25 + (Some i\<^sub>1, Some i\<^sub>2) \<Rightarrow> Some(i\<^sub>1 < i\<^sub>2) | _ \<Rightarrow> None)"
   52.26  
   52.27  
   52.28  lemma aval_Some: "vars a \<subseteq> dom s \<Longrightarrow> \<exists> i. aval a s = Some i"
    53.1 --- a/src/HOL/IMP/Def_Init_Small.thy	Tue Aug 13 14:20:22 2013 +0200
    53.2 +++ b/src/HOL/IMP/Def_Init_Small.thy	Tue Aug 13 16:25:47 2013 +0200
    53.3 @@ -12,10 +12,10 @@
    53.4  Assign:  "aval a s = Some i \<Longrightarrow> (x ::= a, s) \<rightarrow> (SKIP, s(x := Some i))" |
    53.5  
    53.6  Seq1:   "(SKIP;;c,s) \<rightarrow> (c,s)" |
    53.7 -Seq2:   "(c\<^isub>1,s) \<rightarrow> (c\<^isub>1',s') \<Longrightarrow> (c\<^isub>1;;c\<^isub>2,s) \<rightarrow> (c\<^isub>1';;c\<^isub>2,s')" |
    53.8 +Seq2:   "(c\<^sub>1,s) \<rightarrow> (c\<^sub>1',s') \<Longrightarrow> (c\<^sub>1;;c\<^sub>2,s) \<rightarrow> (c\<^sub>1';;c\<^sub>2,s')" |
    53.9  
   53.10 -IfTrue:  "bval b s = Some True \<Longrightarrow> (IF b THEN c\<^isub>1 ELSE c\<^isub>2,s) \<rightarrow> (c\<^isub>1,s)" |
   53.11 -IfFalse: "bval b s = Some False \<Longrightarrow> (IF b THEN c\<^isub>1 ELSE c\<^isub>2,s) \<rightarrow> (c\<^isub>2,s)" |
   53.12 +IfTrue:  "bval b s = Some True \<Longrightarrow> (IF b THEN c\<^sub>1 ELSE c\<^sub>2,s) \<rightarrow> (c\<^sub>1,s)" |
   53.13 +IfFalse: "bval b s = Some False \<Longrightarrow> (IF b THEN c\<^sub>1 ELSE c\<^sub>2,s) \<rightarrow> (c\<^sub>2,s)" |
   53.14  
   53.15  While:   "(WHILE b DO c,s) \<rightarrow> (IF b THEN c;; WHILE b DO c ELSE SKIP,s)"
   53.16  
    54.1 --- a/src/HOL/IMP/Hoare.thy	Tue Aug 13 14:20:22 2013 +0200
    54.2 +++ b/src/HOL/IMP/Hoare.thy	Tue Aug 13 16:25:47 2013 +0200
    54.3 @@ -23,11 +23,11 @@
    54.4  
    54.5  Assign:  "\<turnstile> {\<lambda>s. P(s[a/x])} x::=a {P}"  |
    54.6  
    54.7 -Seq: "\<lbrakk> \<turnstile> {P} c\<^isub>1 {Q};  \<turnstile> {Q} c\<^isub>2 {R} \<rbrakk>
    54.8 -      \<Longrightarrow> \<turnstile> {P} c\<^isub>1;;c\<^isub>2 {R}"  |
    54.9 +Seq: "\<lbrakk> \<turnstile> {P} c\<^sub>1 {Q};  \<turnstile> {Q} c\<^sub>2 {R} \<rbrakk>
   54.10 +      \<Longrightarrow> \<turnstile> {P} c\<^sub>1;;c\<^sub>2 {R}"  |
   54.11  
   54.12 -If: "\<lbrakk> \<turnstile> {\<lambda>s. P s \<and> bval b s} c\<^isub>1 {Q};  \<turnstile> {\<lambda>s. P s \<and> \<not> bval b s} c\<^isub>2 {Q} \<rbrakk>
   54.13 -     \<Longrightarrow> \<turnstile> {P} IF b THEN c\<^isub>1 ELSE c\<^isub>2 {Q}"  |
   54.14 +If: "\<lbrakk> \<turnstile> {\<lambda>s. P s \<and> bval b s} c\<^sub>1 {Q};  \<turnstile> {\<lambda>s. P s \<and> \<not> bval b s} c\<^sub>2 {Q} \<rbrakk>
   54.15 +     \<Longrightarrow> \<turnstile> {P} IF b THEN c\<^sub>1 ELSE c\<^sub>2 {Q}"  |
   54.16  
   54.17  While: "\<turnstile> {\<lambda>s. P s \<and> bval b s} c {P} \<Longrightarrow>
   54.18          \<turnstile> {P} WHILE b DO c {\<lambda>s. P s \<and> \<not> bval b s}"  |
    55.1 --- a/src/HOL/IMP/Hoare_Sound_Complete.thy	Tue Aug 13 14:20:22 2013 +0200
    55.2 +++ b/src/HOL/IMP/Hoare_Sound_Complete.thy	Tue Aug 13 16:25:47 2013 +0200
    55.3 @@ -31,12 +31,12 @@
    55.4  lemma wp_Ass[simp]: "wp (x::=a) Q = (\<lambda>s. Q(s[a/x]))"
    55.5  by (rule ext) (auto simp: wp_def)
    55.6  
    55.7 -lemma wp_Seq[simp]: "wp (c\<^isub>1;;c\<^isub>2) Q = wp c\<^isub>1 (wp c\<^isub>2 Q)"
    55.8 +lemma wp_Seq[simp]: "wp (c\<^sub>1;;c\<^sub>2) Q = wp c\<^sub>1 (wp c\<^sub>2 Q)"
    55.9  by (rule ext) (auto simp: wp_def)
   55.10  
   55.11  lemma wp_If[simp]:
   55.12 - "wp (IF b THEN c\<^isub>1 ELSE c\<^isub>2) Q =
   55.13 - (\<lambda>s. if bval b s then wp c\<^isub>1 Q s else wp c\<^isub>2 Q s)"
   55.14 + "wp (IF b THEN c\<^sub>1 ELSE c\<^sub>2) Q =
   55.15 + (\<lambda>s. if bval b s then wp c\<^sub>1 Q s else wp c\<^sub>2 Q s)"
   55.16  by (rule ext) (auto simp: wp_def)
   55.17  
   55.18  lemma wp_While_If:
    56.1 --- a/src/HOL/IMP/Hoare_Total.thy	Tue Aug 13 14:20:22 2013 +0200
    56.2 +++ b/src/HOL/IMP/Hoare_Total.thy	Tue Aug 13 16:25:47 2013 +0200
    56.3 @@ -25,10 +25,10 @@
    56.4  
    56.5  Assign:  "\<turnstile>\<^sub>t {\<lambda>s. P(s[a/x])} x::=a {P}"  |
    56.6  
    56.7 -Seq: "\<lbrakk> \<turnstile>\<^sub>t {P\<^isub>1} c\<^isub>1 {P\<^isub>2}; \<turnstile>\<^sub>t {P\<^isub>2} c\<^isub>2 {P\<^isub>3} \<rbrakk> \<Longrightarrow> \<turnstile>\<^sub>t {P\<^isub>1} c\<^isub>1;;c\<^isub>2 {P\<^isub>3}"  |
    56.8 +Seq: "\<lbrakk> \<turnstile>\<^sub>t {P\<^sub>1} c\<^sub>1 {P\<^sub>2}; \<turnstile>\<^sub>t {P\<^sub>2} c\<^sub>2 {P\<^sub>3} \<rbrakk> \<Longrightarrow> \<turnstile>\<^sub>t {P\<^sub>1} c\<^sub>1;;c\<^sub>2 {P\<^sub>3}"  |
    56.9  
   56.10 -If: "\<lbrakk> \<turnstile>\<^sub>t {\<lambda>s. P s \<and> bval b s} c\<^isub>1 {Q}; \<turnstile>\<^sub>t {\<lambda>s. P s \<and> \<not> bval b s} c\<^isub>2 {Q} \<rbrakk>
   56.11 -  \<Longrightarrow> \<turnstile>\<^sub>t {P} IF b THEN c\<^isub>1 ELSE c\<^isub>2 {Q}"  |
   56.12 +If: "\<lbrakk> \<turnstile>\<^sub>t {\<lambda>s. P s \<and> bval b s} c\<^sub>1 {Q}; \<turnstile>\<^sub>t {\<lambda>s. P s \<and> \<not> bval b s} c\<^sub>2 {Q} \<rbrakk>
   56.13 +  \<Longrightarrow> \<turnstile>\<^sub>t {P} IF b THEN c\<^sub>1 ELSE c\<^sub>2 {Q}"  |
   56.14  
   56.15  While:
   56.16    "(\<And>n::nat.
   56.17 @@ -119,14 +119,14 @@
   56.18  lemma [simp]: "wp\<^sub>t (x ::= e) Q = (\<lambda>s. Q(s(x := aval e s)))"
   56.19  by(auto intro!: ext simp: wpt_def)
   56.20  
   56.21 -lemma [simp]: "wp\<^sub>t (c\<^isub>1;;c\<^isub>2) Q = wp\<^sub>t c\<^isub>1 (wp\<^sub>t c\<^isub>2 Q)"
   56.22 +lemma [simp]: "wp\<^sub>t (c\<^sub>1;;c\<^sub>2) Q = wp\<^sub>t c\<^sub>1 (wp\<^sub>t c\<^sub>2 Q)"
   56.23  unfolding wpt_def
   56.24  apply(rule ext)
   56.25  apply auto
   56.26  done
   56.27  
   56.28  lemma [simp]:
   56.29 - "wp\<^sub>t (IF b THEN c\<^isub>1 ELSE c\<^isub>2) Q = (\<lambda>s. wp\<^sub>t (if bval b s then c\<^isub>1 else c\<^isub>2) Q s)"
   56.30 + "wp\<^sub>t (IF b THEN c\<^sub>1 ELSE c\<^sub>2) Q = (\<lambda>s. wp\<^sub>t (if bval b s then c\<^sub>1 else c\<^sub>2) Q s)"
   56.31  apply(unfold wpt_def)
   56.32  apply(rule ext)
   56.33  apply auto
    57.1 --- a/src/HOL/IMP/Live.thy	Tue Aug 13 14:20:22 2013 +0200
    57.2 +++ b/src/HOL/IMP/Live.thy	Tue Aug 13 16:25:47 2013 +0200
    57.3 @@ -10,8 +10,8 @@
    57.4  fun L :: "com \<Rightarrow> vname set \<Rightarrow> vname set" where
    57.5  "L SKIP X = X" |
    57.6  "L (x ::= a) X = vars a \<union> (X - {x})" |
    57.7 -"L (c\<^isub>1;; c\<^isub>2) X = L c\<^isub>1 (L c\<^isub>2 X)" |
    57.8 -"L (IF b THEN c\<^isub>1 ELSE c\<^isub>2) X = vars b \<union> L c\<^isub>1 X \<union> L c\<^isub>2 X" |
    57.9 +"L (c\<^sub>1;; c\<^sub>2) X = L c\<^sub>1 (L c\<^sub>2 X)" |
   57.10 +"L (IF b THEN c\<^sub>1 ELSE c\<^sub>2) X = vars b \<union> L c\<^sub>1 X \<union> L c\<^sub>2 X" |
   57.11  "L (WHILE b DO c) X = vars b \<union> X \<union> L c X"
   57.12  
   57.13  value "show (L (''y'' ::= V ''z'';; ''x'' ::= Plus (V ''y'') (V ''z'')) {''x''})"
   57.14 @@ -21,15 +21,15 @@
   57.15  fun "kill" :: "com \<Rightarrow> vname set" where
   57.16  "kill SKIP = {}" |
   57.17  "kill (x ::= a) = {x}" |
   57.18 -"kill (c\<^isub>1;; c\<^isub>2) = kill c\<^isub>1 \<union> kill c\<^isub>2" |
   57.19 -"kill (IF b THEN c\<^isub>1 ELSE c\<^isub>2) = kill c\<^isub>1 \<inter> kill c\<^isub>2" |
   57.20 +"kill (c\<^sub>1;; c\<^sub>2) = kill c\<^sub>1 \<union> kill c\<^sub>2" |
   57.21 +"kill (IF b THEN c\<^sub>1 ELSE c\<^sub>2) = kill c\<^sub>1 \<inter> kill c\<^sub>2" |
   57.22  "kill (WHILE b DO c) = {}"
   57.23  
   57.24  fun gen :: "com \<Rightarrow> vname set" where
   57.25  "gen SKIP = {}" |
   57.26  "gen (x ::= a) = vars a" |
   57.27 -"gen (c\<^isub>1;; c\<^isub>2) = gen c\<^isub>1 \<union> (gen c\<^isub>2 - kill c\<^isub>1)" |
   57.28 -"gen (IF b THEN c\<^isub>1 ELSE c\<^isub>2) = vars b \<union> gen c\<^isub>1 \<union> gen c\<^isub>2" |
   57.29 +"gen (c\<^sub>1;; c\<^sub>2) = gen c\<^sub>1 \<union> (gen c\<^sub>2 - kill c\<^sub>1)" |
   57.30 +"gen (IF b THEN c\<^sub>1 ELSE c\<^sub>2) = vars b \<union> gen c\<^sub>1 \<union> gen c\<^sub>2" |
   57.31  "gen (WHILE b DO c) = vars b \<union> gen c"
   57.32  
   57.33  lemma L_gen_kill: "L c X = gen c \<union> (X - kill c)"
   57.34 @@ -110,8 +110,8 @@
   57.35  fun bury :: "com \<Rightarrow> vname set \<Rightarrow> com" where
   57.36  "bury SKIP X = SKIP" |
   57.37  "bury (x ::= a) X = (if x \<in> X then x ::= a else SKIP)" |
   57.38 -"bury (c\<^isub>1;; c\<^isub>2) X = (bury c\<^isub>1 (L c\<^isub>2 X);; bury c\<^isub>2 X)" |
   57.39 -"bury (IF b THEN c\<^isub>1 ELSE c\<^isub>2) X = IF b THEN bury c\<^isub>1 X ELSE bury c\<^isub>2 X" |
   57.40 +"bury (c\<^sub>1;; c\<^sub>2) X = (bury c\<^sub>1 (L c\<^sub>2 X);; bury c\<^sub>2 X)" |
   57.41 +"bury (IF b THEN c\<^sub>1 ELSE c\<^sub>2) X = IF b THEN bury c\<^sub>1 X ELSE bury c\<^sub>2 X" |
   57.42  "bury (WHILE b DO c) X = WHILE b DO bury c (L (WHILE b DO c) X)"
   57.43  
   57.44  text{* We could prove the analogous lemma to @{thm[source]L_correct}, and the
   57.45 @@ -182,8 +182,8 @@
   57.46  lemma Assign_bury[simp]: "x::=a = bury c X \<longleftrightarrow> c = x::=a & x : X"
   57.47  by (cases c) auto
   57.48  
   57.49 -lemma Seq_bury[simp]: "bc\<^isub>1;;bc\<^isub>2 = bury c X \<longleftrightarrow>
   57.50 -  (EX c\<^isub>1 c\<^isub>2. c = c\<^isub>1;;c\<^isub>2 & bc\<^isub>2 = bury c\<^isub>2 X & bc\<^isub>1 = bury c\<^isub>1 (L c\<^isub>2 X))"
   57.51 +lemma Seq_bury[simp]: "bc\<^sub>1;;bc\<^sub>2 = bury c X \<longleftrightarrow>
   57.52 +  (EX c\<^sub>1 c\<^sub>2. c = c\<^sub>1;;c\<^sub>2 & bc\<^sub>2 = bury c\<^sub>2 X & bc\<^sub>1 = bury c\<^sub>1 (L c\<^sub>2 X))"
   57.53  by (cases c) auto
   57.54  
   57.55  lemma If_bury[simp]: "IF b THEN bc1 ELSE bc2 = bury c X \<longleftrightarrow>
    58.1 --- a/src/HOL/IMP/Live_True.thy	Tue Aug 13 14:20:22 2013 +0200
    58.2 +++ b/src/HOL/IMP/Live_True.thy	Tue Aug 13 16:25:47 2013 +0200
    58.3 @@ -9,8 +9,8 @@
    58.4  fun L :: "com \<Rightarrow> vname set \<Rightarrow> vname set" where
    58.5  "L SKIP X = X" |
    58.6  "L (x ::= a) X = (if x \<in> X then vars a \<union> (X - {x}) else X)" |
    58.7 -"L (c\<^isub>1;; c\<^isub>2) X = L c\<^isub>1 (L c\<^isub>2 X)" |
    58.8 -"L (IF b THEN c\<^isub>1 ELSE c\<^isub>2) X = vars b \<union> L c\<^isub>1 X \<union> L c\<^isub>2 X" |
    58.9 +"L (c\<^sub>1;; c\<^sub>2) X = L c\<^sub>1 (L c\<^sub>2 X)" |
   58.10 +"L (IF b THEN c\<^sub>1 ELSE c\<^sub>2) X = vars b \<union> L c\<^sub>1 X \<union> L c\<^sub>2 X" |
   58.11  "L (WHILE b DO c) X = lfp(\<lambda>Y. vars b \<union> X \<union> L c Y)"
   58.12  
   58.13  lemma L_mono: "mono (L c)"
   58.14 @@ -171,8 +171,8 @@
   58.15  fun Lb :: "com \<Rightarrow> vname set \<Rightarrow> vname set" where
   58.16  "Lb SKIP X = X" |
   58.17  "Lb (x ::= a) X = (if x \<in> X then X - {x} \<union> vars a else X)" |
   58.18 -"Lb (c\<^isub>1;; c\<^isub>2) X = (Lb c\<^isub>1 \<circ> Lb c\<^isub>2) X" |
   58.19 -"Lb (IF b THEN c\<^isub>1 ELSE c\<^isub>2) X = vars b \<union> Lb c\<^isub>1 X \<union> Lb c\<^isub>2 X" |
   58.20 +"Lb (c\<^sub>1;; c\<^sub>2) X = (Lb c\<^sub>1 \<circ> Lb c\<^sub>2) X" |
   58.21 +"Lb (IF b THEN c\<^sub>1 ELSE c\<^sub>2) X = vars b \<union> Lb c\<^sub>1 X \<union> Lb c\<^sub>2 X" |
   58.22  "Lb (WHILE b DO c) X = iter (\<lambda>A. vars b \<union> X \<union> Lb c A) 2 {} (vars b \<union> rvars c \<union> X)"
   58.23  
   58.24  text{* @{const Lb} (and @{const iter}) is not monotone! *}
    59.1 --- a/src/HOL/IMP/OO.thy	Tue Aug 13 14:20:22 2013 +0200
    59.2 +++ b/src/HOL/IMP/OO.thy	Tue Aug 13 16:25:47 2013 +0200
    59.3 @@ -48,33 +48,33 @@
    59.4  "me \<turnstile> (e,c) \<Rightarrow> (r,ve',sn') \<Longrightarrow>
    59.5   me \<turnstile> (x ::= e,c) \<Rightarrow> (r,ve'(x:=r),sn')" |
    59.6  Fassign:
    59.7 -"\<lbrakk> me \<turnstile> (oe,c\<^isub>1) \<Rightarrow> (Ref a,c\<^isub>2);  me \<turnstile> (e,c\<^isub>2) \<Rightarrow> (r,ve\<^isub>3,s\<^isub>3,n\<^isub>3) \<rbrakk> \<Longrightarrow>
    59.8 - me \<turnstile> (oe\<bullet>f ::= e,c\<^isub>1) \<Rightarrow> (r,ve\<^isub>3,s\<^isub>3(a,f := r),n\<^isub>3)" |
    59.9 +"\<lbrakk> me \<turnstile> (oe,c\<^sub>1) \<Rightarrow> (Ref a,c\<^sub>2);  me \<turnstile> (e,c\<^sub>2) \<Rightarrow> (r,ve\<^sub>3,s\<^sub>3,n\<^sub>3) \<rbrakk> \<Longrightarrow>
   59.10 + me \<turnstile> (oe\<bullet>f ::= e,c\<^sub>1) \<Rightarrow> (r,ve\<^sub>3,s\<^sub>3(a,f := r),n\<^sub>3)" |
   59.11  Mcall:
   59.12 -"\<lbrakk> me \<turnstile> (oe,c\<^isub>1) \<Rightarrow> (or,c\<^isub>2);  me \<turnstile> (pe,c\<^isub>2) \<Rightarrow> (pr,ve\<^isub>3,sn\<^isub>3);
   59.13 +"\<lbrakk> me \<turnstile> (oe,c\<^sub>1) \<Rightarrow> (or,c\<^sub>2);  me \<turnstile> (pe,c\<^sub>2) \<Rightarrow> (pr,ve\<^sub>3,sn\<^sub>3);
   59.14     ve = (\<lambda>x. null)(''this'' := or, ''param'' := pr);
   59.15 -   me \<turnstile> (me m,ve,sn\<^isub>3) \<Rightarrow> (r,ve',sn\<^isub>4) \<rbrakk>
   59.16 +   me \<turnstile> (me m,ve,sn\<^sub>3) \<Rightarrow> (r,ve',sn\<^sub>4) \<rbrakk>
   59.17    \<Longrightarrow>
   59.18 - me \<turnstile> (oe\<bullet>m<pe>,c\<^isub>1) \<Rightarrow> (r,ve\<^isub>3,sn\<^isub>4)" |
   59.19 + me \<turnstile> (oe\<bullet>m<pe>,c\<^sub>1) \<Rightarrow> (r,ve\<^sub>3,sn\<^sub>4)" |
   59.20  Seq:
   59.21 -"\<lbrakk> me \<turnstile> (e\<^isub>1,c\<^isub>1) \<Rightarrow> (r,c\<^isub>2);  me \<turnstile> (e\<^isub>2,c\<^isub>2) \<Rightarrow> c\<^isub>3 \<rbrakk> \<Longrightarrow>
   59.22 - me \<turnstile> (e\<^isub>1; e\<^isub>2,c\<^isub>1) \<Rightarrow> c\<^isub>3" |
   59.23 +"\<lbrakk> me \<turnstile> (e\<^sub>1,c\<^sub>1) \<Rightarrow> (r,c\<^sub>2);  me \<turnstile> (e\<^sub>2,c\<^sub>2) \<Rightarrow> c\<^sub>3 \<rbrakk> \<Longrightarrow>
   59.24 + me \<turnstile> (e\<^sub>1; e\<^sub>2,c\<^sub>1) \<Rightarrow> c\<^sub>3" |
   59.25  IfTrue:
   59.26 -"\<lbrakk> me \<turnstile> (b,c\<^isub>1) \<rightarrow> (True,c\<^isub>2);  me \<turnstile> (e\<^isub>1,c\<^isub>2) \<Rightarrow> c\<^isub>3 \<rbrakk> \<Longrightarrow>
   59.27 - me \<turnstile> (IF b THEN e\<^isub>1 ELSE e\<^isub>2,c\<^isub>1) \<Rightarrow> c\<^isub>3" |
   59.28 +"\<lbrakk> me \<turnstile> (b,c\<^sub>1) \<rightarrow> (True,c\<^sub>2);  me \<turnstile> (e\<^sub>1,c\<^sub>2) \<Rightarrow> c\<^sub>3 \<rbrakk> \<Longrightarrow>
   59.29 + me \<turnstile> (IF b THEN e\<^sub>1 ELSE e\<^sub>2,c\<^sub>1) \<Rightarrow> c\<^sub>3" |
   59.30  IfFalse:
   59.31 -"\<lbrakk> me \<turnstile> (b,c\<^isub>1) \<rightarrow> (False,c\<^isub>2);  me \<turnstile> (e\<^isub>2,c\<^isub>2) \<Rightarrow> c\<^isub>3 \<rbrakk> \<Longrightarrow>
   59.32 - me \<turnstile> (IF b THEN e\<^isub>1 ELSE e\<^isub>2,c\<^isub>1) \<Rightarrow> c\<^isub>3" |
   59.33 +"\<lbrakk> me \<turnstile> (b,c\<^sub>1) \<rightarrow> (False,c\<^sub>2);  me \<turnstile> (e\<^sub>2,c\<^sub>2) \<Rightarrow> c\<^sub>3 \<rbrakk> \<Longrightarrow>
   59.34 + me \<turnstile> (IF b THEN e\<^sub>1 ELSE e\<^sub>2,c\<^sub>1) \<Rightarrow> c\<^sub>3" |
   59.35  
   59.36  "me \<turnstile> (B bv,c) \<rightarrow> (bv,c)" |
   59.37  
   59.38 -"me \<turnstile> (b,c\<^isub>1) \<rightarrow> (bv,c\<^isub>2) \<Longrightarrow> me \<turnstile> (Not b,c\<^isub>1) \<rightarrow> (\<not>bv,c\<^isub>2)" |
   59.39 +"me \<turnstile> (b,c\<^sub>1) \<rightarrow> (bv,c\<^sub>2) \<Longrightarrow> me \<turnstile> (Not b,c\<^sub>1) \<rightarrow> (\<not>bv,c\<^sub>2)" |
   59.40  
   59.41 -"\<lbrakk> me \<turnstile> (b\<^isub>1,c\<^isub>1) \<rightarrow> (bv\<^isub>1,c\<^isub>2);  me \<turnstile> (b\<^isub>2,c\<^isub>2) \<rightarrow> (bv\<^isub>2,c\<^isub>3) \<rbrakk> \<Longrightarrow>
   59.42 - me \<turnstile> (And b\<^isub>1 b\<^isub>2,c\<^isub>1) \<rightarrow> (bv\<^isub>1\<and>bv\<^isub>2,c\<^isub>3)" |
   59.43 +"\<lbrakk> me \<turnstile> (b\<^sub>1,c\<^sub>1) \<rightarrow> (bv\<^sub>1,c\<^sub>2);  me \<turnstile> (b\<^sub>2,c\<^sub>2) \<rightarrow> (bv\<^sub>2,c\<^sub>3) \<rbrakk> \<Longrightarrow>
   59.44 + me \<turnstile> (And b\<^sub>1 b\<^sub>2,c\<^sub>1) \<rightarrow> (bv\<^sub>1\<and>bv\<^sub>2,c\<^sub>3)" |
   59.45  
   59.46 -"\<lbrakk> me \<turnstile> (e\<^isub>1,c\<^isub>1) \<Rightarrow> (r\<^isub>1,c\<^isub>2);  me \<turnstile> (e\<^isub>2,c\<^isub>2) \<Rightarrow> (r\<^isub>2,c\<^isub>3) \<rbrakk> \<Longrightarrow>
   59.47 - me \<turnstile> (Eq e\<^isub>1 e\<^isub>2,c\<^isub>1) \<rightarrow> (r\<^isub>1=r\<^isub>2,c\<^isub>3)"
   59.48 +"\<lbrakk> me \<turnstile> (e\<^sub>1,c\<^sub>1) \<Rightarrow> (r\<^sub>1,c\<^sub>2);  me \<turnstile> (e\<^sub>2,c\<^sub>2) \<Rightarrow> (r\<^sub>2,c\<^sub>3) \<rbrakk> \<Longrightarrow>
   59.49 + me \<turnstile> (Eq e\<^sub>1 e\<^sub>2,c\<^sub>1) \<rightarrow> (r\<^sub>1=r\<^sub>2,c\<^sub>3)"
   59.50  
   59.51  
   59.52  code_pred (modes: i => i => o => bool) big_step .
    60.1 --- a/src/HOL/IMP/Procs_Dyn_Vars_Dyn.thy	Tue Aug 13 14:20:22 2013 +0200
    60.2 +++ b/src/HOL/IMP/Procs_Dyn_Vars_Dyn.thy	Tue Aug 13 16:25:47 2013 +0200
    60.3 @@ -10,18 +10,18 @@
    60.4  where
    60.5  Skip:    "pe \<turnstile> (SKIP,s) \<Rightarrow> s" |
    60.6  Assign:  "pe \<turnstile> (x ::= a,s) \<Rightarrow> s(x := aval a s)" |
    60.7 -Seq:     "\<lbrakk> pe \<turnstile> (c\<^isub>1,s\<^isub>1) \<Rightarrow> s\<^isub>2;  pe \<turnstile> (c\<^isub>2,s\<^isub>2) \<Rightarrow> s\<^isub>3 \<rbrakk> \<Longrightarrow>
    60.8 -          pe \<turnstile> (c\<^isub>1;;c\<^isub>2, s\<^isub>1) \<Rightarrow> s\<^isub>3" |
    60.9 +Seq:     "\<lbrakk> pe \<turnstile> (c\<^sub>1,s\<^sub>1) \<Rightarrow> s\<^sub>2;  pe \<turnstile> (c\<^sub>2,s\<^sub>2) \<Rightarrow> s\<^sub>3 \<rbrakk> \<Longrightarrow>
   60.10 +          pe \<turnstile> (c\<^sub>1;;c\<^sub>2, s\<^sub>1) \<Rightarrow> s\<^sub>3" |
   60.11  
   60.12 -IfTrue:  "\<lbrakk> bval b s;  pe \<turnstile> (c\<^isub>1,s) \<Rightarrow> t \<rbrakk> \<Longrightarrow>
   60.13 -         pe \<turnstile> (IF b THEN c\<^isub>1 ELSE c\<^isub>2, s) \<Rightarrow> t" |
   60.14 -IfFalse: "\<lbrakk> \<not>bval b s;  pe \<turnstile> (c\<^isub>2,s) \<Rightarrow> t \<rbrakk> \<Longrightarrow>
   60.15 -         pe \<turnstile> (IF b THEN c\<^isub>1 ELSE c\<^isub>2, s) \<Rightarrow> t" |
   60.16 +IfTrue:  "\<lbrakk> bval b s;  pe \<turnstile> (c\<^sub>1,s) \<Rightarrow> t \<rbrakk> \<Longrightarrow>
   60.17 +         pe \<turnstile> (IF b THEN c\<^sub>1 ELSE c\<^sub>2, s) \<Rightarrow> t" |
   60.18 +IfFalse: "\<lbrakk> \<not>bval b s;  pe \<turnstile> (c\<^sub>2,s) \<Rightarrow> t \<rbrakk> \<Longrightarrow>
   60.19 +         pe \<turnstile> (IF b THEN c\<^sub>1 ELSE c\<^sub>2, s) \<Rightarrow> t" |
   60.20  
   60.21  WhileFalse: "\<not>bval b s \<Longrightarrow> pe \<turnstile> (WHILE b DO c,s) \<Rightarrow> s" |
   60.22  WhileTrue:
   60.23 -  "\<lbrakk> bval b s\<^isub>1;  pe \<turnstile> (c,s\<^isub>1) \<Rightarrow> s\<^isub>2;  pe \<turnstile> (WHILE b DO c, s\<^isub>2) \<Rightarrow> s\<^isub>3 \<rbrakk> \<Longrightarrow>
   60.24 -   pe \<turnstile> (WHILE b DO c, s\<^isub>1) \<Rightarrow> s\<^isub>3" |
   60.25 +  "\<lbrakk> bval b s\<^sub>1;  pe \<turnstile> (c,s\<^sub>1) \<Rightarrow> s\<^sub>2;  pe \<turnstile> (WHILE b DO c, s\<^sub>2) \<Rightarrow> s\<^sub>3 \<rbrakk> \<Longrightarrow>
   60.26 +   pe \<turnstile> (WHILE b DO c, s\<^sub>1) \<Rightarrow> s\<^sub>3" |
   60.27  
   60.28  Var: "pe \<turnstile> (c,s) \<Rightarrow> t  \<Longrightarrow>  pe \<turnstile> ({VAR x; c}, s) \<Rightarrow> t(x := s x)" |
   60.29  
    61.1 --- a/src/HOL/IMP/Procs_Stat_Vars_Dyn.thy	Tue Aug 13 14:20:22 2013 +0200
    61.2 +++ b/src/HOL/IMP/Procs_Stat_Vars_Dyn.thy	Tue Aug 13 16:25:47 2013 +0200
    61.3 @@ -10,18 +10,18 @@
    61.4  where
    61.5  Skip:    "pe \<turnstile> (SKIP,s) \<Rightarrow> s" |
    61.6  Assign:  "pe \<turnstile> (x ::= a,s) \<Rightarrow> s(x := aval a s)" |
    61.7 -Seq:     "\<lbrakk> pe \<turnstile> (c\<^isub>1,s\<^isub>1) \<Rightarrow> s\<^isub>2;  pe \<turnstile> (c\<^isub>2,s\<^isub>2) \<Rightarrow> s\<^isub>3 \<rbrakk> \<Longrightarrow>
    61.8 -          pe \<turnstile> (c\<^isub>1;;c\<^isub>2, s\<^isub>1) \<Rightarrow> s\<^isub>3" |
    61.9 +Seq:     "\<lbrakk> pe \<turnstile> (c\<^sub>1,s\<^sub>1) \<Rightarrow> s\<^sub>2;  pe \<turnstile> (c\<^sub>2,s\<^sub>2) \<Rightarrow> s\<^sub>3 \<rbrakk> \<Longrightarrow>
   61.10 +          pe \<turnstile> (c\<^sub>1;;c\<^sub>2, s\<^sub>1) \<Rightarrow> s\<^sub>3" |
   61.11  
   61.12 -IfTrue:  "\<lbrakk> bval b s;  pe \<turnstile> (c\<^isub>1,s) \<Rightarrow> t \<rbrakk> \<Longrightarrow>
   61.13 -         pe \<turnstile> (IF b THEN c\<^isub>1 ELSE c\<^isub>2, s) \<Rightarrow> t" |
   61.14 -IfFalse: "\<lbrakk> \<not>bval b s;  pe \<turnstile> (c\<^isub>2,s) \<Rightarrow> t \<rbrakk> \<Longrightarrow>
   61.15 -         pe \<turnstile> (IF b THEN c\<^isub>1 ELSE c\<^isub>2, s) \<Rightarrow> t" |
   61.16 +IfTrue:  "\<lbrakk> bval b s;  pe \<turnstile> (c\<^sub>1,s) \<Rightarrow> t \<rbrakk> \<Longrightarrow>
   61.17 +         pe \<turnstile> (IF b THEN c\<^sub>1 ELSE c\<^sub>2, s) \<Rightarrow> t" |
   61.18 +IfFalse: "\<lbrakk> \<not>bval b s;  pe \<turnstile> (c\<^sub>2,s) \<Rightarrow> t \<rbrakk> \<Longrightarrow>
   61.19 +         pe \<turnstile> (IF b THEN c\<^sub>1 ELSE c\<^sub>2, s) \<Rightarrow> t" |
   61.20  
   61.21  WhileFalse: "\<not>bval b s \<Longrightarrow> pe \<turnstile> (WHILE b DO c,s) \<Rightarrow> s" |
   61.22  WhileTrue:
   61.23 -  "\<lbrakk> bval b s\<^isub>1;  pe \<turnstile> (c,s\<^isub>1) \<Rightarrow> s\<^isub>2;  pe \<turnstile> (WHILE b DO c, s\<^isub>2) \<Rightarrow> s\<^isub>3 \<rbrakk> \<Longrightarrow>
   61.24 -   pe \<turnstile> (WHILE b DO c, s\<^isub>1) \<Rightarrow> s\<^isub>3" |
   61.25 +  "\<lbrakk> bval b s\<^sub>1;  pe \<turnstile> (c,s\<^sub>1) \<Rightarrow> s\<^sub>2;  pe \<turnstile> (WHILE b DO c, s\<^sub>2) \<Rightarrow> s\<^sub>3 \<rbrakk> \<Longrightarrow>
   61.26 +   pe \<turnstile> (WHILE b DO c, s\<^sub>1) \<Rightarrow> s\<^sub>3" |
   61.27  
   61.28  Var: "pe \<turnstile> (c,s) \<Rightarrow> t  \<Longrightarrow>  pe \<turnstile> ({VAR x; c}, s) \<Rightarrow> t(x := s x)" |
   61.29  
    62.1 --- a/src/HOL/IMP/Procs_Stat_Vars_Stat.thy	Tue Aug 13 14:20:22 2013 +0200
    62.2 +++ b/src/HOL/IMP/Procs_Stat_Vars_Stat.thy	Tue Aug 13 16:25:47 2013 +0200
    62.3 @@ -17,19 +17,19 @@
    62.4  where
    62.5  Skip:    "e \<turnstile> (SKIP,s) \<Rightarrow> s" |
    62.6  Assign:  "(pe,ve,f) \<turnstile> (x ::= a,s) \<Rightarrow> s(ve x := aval a (s o ve))" |
    62.7 -Seq:     "\<lbrakk> e \<turnstile> (c\<^isub>1,s\<^isub>1) \<Rightarrow> s\<^isub>2;  e \<turnstile> (c\<^isub>2,s\<^isub>2) \<Rightarrow> s\<^isub>3 \<rbrakk> \<Longrightarrow>
    62.8 -          e \<turnstile> (c\<^isub>1;;c\<^isub>2, s\<^isub>1) \<Rightarrow> s\<^isub>3" |
    62.9 +Seq:     "\<lbrakk> e \<turnstile> (c\<^sub>1,s\<^sub>1) \<Rightarrow> s\<^sub>2;  e \<turnstile> (c\<^sub>2,s\<^sub>2) \<Rightarrow> s\<^sub>3 \<rbrakk> \<Longrightarrow>
   62.10 +          e \<turnstile> (c\<^sub>1;;c\<^sub>2, s\<^sub>1) \<Rightarrow> s\<^sub>3" |
   62.11  
   62.12 -IfTrue:  "\<lbrakk> bval b (s \<circ> venv e);  e \<turnstile> (c\<^isub>1,s) \<Rightarrow> t \<rbrakk> \<Longrightarrow>
   62.13 -         e \<turnstile> (IF b THEN c\<^isub>1 ELSE c\<^isub>2, s) \<Rightarrow> t" |
   62.14 -IfFalse: "\<lbrakk> \<not>bval b (s \<circ> venv e);  e \<turnstile> (c\<^isub>2,s) \<Rightarrow> t \<rbrakk> \<Longrightarrow>
   62.15 -         e \<turnstile> (IF b THEN c\<^isub>1 ELSE c\<^isub>2, s) \<Rightarrow> t" |
   62.16 +IfTrue:  "\<lbrakk> bval b (s \<circ> venv e);  e \<turnstile> (c\<^sub>1,s) \<Rightarrow> t \<rbrakk> \<Longrightarrow>
   62.17 +         e \<turnstile> (IF b THEN c\<^sub>1 ELSE c\<^sub>2, s) \<Rightarrow> t" |
   62.18 +IfFalse: "\<lbrakk> \<not>bval b (s \<circ> venv e);  e \<turnstile> (c\<^sub>2,s) \<Rightarrow> t \<rbrakk> \<Longrightarrow>
   62.19 +         e \<turnstile> (IF b THEN c\<^sub>1 ELSE c\<^sub>2, s) \<Rightarrow> t" |
   62.20  
   62.21  WhileFalse: "\<not>bval b (s \<circ> venv e) \<Longrightarrow> e \<turnstile> (WHILE b DO c,s) \<Rightarrow> s" |
   62.22  WhileTrue:
   62.23 -  "\<lbrakk> bval b (s\<^isub>1 \<circ> venv e);  e \<turnstile> (c,s\<^isub>1) \<Rightarrow> s\<^isub>2;
   62.24 -     e \<turnstile> (WHILE b DO c, s\<^isub>2) \<Rightarrow> s\<^isub>3 \<rbrakk> \<Longrightarrow>
   62.25 -   e \<turnstile> (WHILE b DO c, s\<^isub>1) \<Rightarrow> s\<^isub>3" |
   62.26 +  "\<lbrakk> bval b (s\<^sub>1 \<circ> venv e);  e \<turnstile> (c,s\<^sub>1) \<Rightarrow> s\<^sub>2;
   62.27 +     e \<turnstile> (WHILE b DO c, s\<^sub>2) \<Rightarrow> s\<^sub>3 \<rbrakk> \<Longrightarrow>
   62.28 +   e \<turnstile> (WHILE b DO c, s\<^sub>1) \<Rightarrow> s\<^sub>3" |
   62.29  
   62.30  Var: "(pe,ve(x:=f),f+1) \<turnstile> (c,s) \<Rightarrow> t  \<Longrightarrow>
   62.31        (pe,ve,f) \<turnstile> ({VAR x; c}, s) \<Rightarrow> t" |
    63.1 --- a/src/HOL/IMP/Sec_Type_Expr.thy	Tue Aug 13 14:20:22 2013 +0200
    63.2 +++ b/src/HOL/IMP/Sec_Type_Expr.thy	Tue Aug 13 16:25:47 2013 +0200
    63.3 @@ -29,7 +29,7 @@
    63.4  fun sec_aexp :: "aexp \<Rightarrow> level" where
    63.5  "sec (N n) = 0" |
    63.6  "sec (V x) = sec x" |
    63.7 -"sec (Plus a\<^isub>1 a\<^isub>2) = max (sec a\<^isub>1) (sec a\<^isub>2)"
    63.8 +"sec (Plus a\<^sub>1 a\<^sub>2) = max (sec a\<^sub>1) (sec a\<^sub>2)"
    63.9  
   63.10  instance ..
   63.11  
   63.12 @@ -41,8 +41,8 @@
   63.13  fun sec_bexp :: "bexp \<Rightarrow> level" where
   63.14  "sec (Bc v) = 0" |
   63.15  "sec (Not b) = sec b" |
   63.16 -"sec (And b\<^isub>1 b\<^isub>2) = max (sec b\<^isub>1) (sec b\<^isub>2)" |
   63.17 -"sec (Less a\<^isub>1 a\<^isub>2) = max (sec a\<^isub>1) (sec a\<^isub>2)"
   63.18 +"sec (And b\<^sub>1 b\<^sub>2) = max (sec b\<^sub>1) (sec b\<^sub>2)" |
   63.19 +"sec (Less a\<^sub>1 a\<^sub>2) = max (sec a\<^sub>1) (sec a\<^sub>2)"
   63.20  
   63.21  instance ..
   63.22  
   63.23 @@ -58,11 +58,11 @@
   63.24  "s = s' (< l) == (\<forall> x. sec x < l \<longrightarrow> s x = s' x)"
   63.25  
   63.26  lemma aval_eq_if_eq_le:
   63.27 -  "\<lbrakk> s\<^isub>1 = s\<^isub>2 (\<le> l);  sec a \<le> l \<rbrakk> \<Longrightarrow> aval a s\<^isub>1 = aval a s\<^isub>2"
   63.28 +  "\<lbrakk> s\<^sub>1 = s\<^sub>2 (\<le> l);  sec a \<le> l \<rbrakk> \<Longrightarrow> aval a s\<^sub>1 = aval a s\<^sub>2"
   63.29  by (induct a) auto
   63.30  
   63.31  lemma bval_eq_if_eq_le:
   63.32 -  "\<lbrakk> s\<^isub>1 = s\<^isub>2 (\<le> l);  sec b \<le> l \<rbrakk> \<Longrightarrow> bval b s\<^isub>1 = bval b s\<^isub>2"
   63.33 +  "\<lbrakk> s\<^sub>1 = s\<^sub>2 (\<le> l);  sec b \<le> l \<rbrakk> \<Longrightarrow> bval b s\<^sub>1 = bval b s\<^sub>2"
   63.34  by (induct b) (auto simp add: aval_eq_if_eq_le)
   63.35  
   63.36  end
    64.1 --- a/src/HOL/IMP/Sec_Typing.thy	Tue Aug 13 14:20:22 2013 +0200
    64.2 +++ b/src/HOL/IMP/Sec_Typing.thy	Tue Aug 13 16:25:47 2013 +0200
    64.3 @@ -11,9 +11,9 @@
    64.4  Assign:
    64.5    "\<lbrakk> sec x \<ge> sec a;  sec x \<ge> l \<rbrakk> \<Longrightarrow> l \<turnstile> x ::= a" |
    64.6  Seq:
    64.7 -  "\<lbrakk> l \<turnstile> c\<^isub>1;  l \<turnstile> c\<^isub>2 \<rbrakk> \<Longrightarrow> l \<turnstile> c\<^isub>1;;c\<^isub>2" |
    64.8 +  "\<lbrakk> l \<turnstile> c\<^sub>1;  l \<turnstile> c\<^sub>2 \<rbrakk> \<Longrightarrow> l \<turnstile> c\<^sub>1;;c\<^sub>2" |
    64.9  If:
   64.10 -  "\<lbrakk> max (sec b) l \<turnstile> c\<^isub>1;  max (sec b) l \<turnstile> c\<^isub>2 \<rbrakk> \<Longrightarrow> l \<turnstile> IF b THEN c\<^isub>1 ELSE c\<^isub>2" |
   64.11 +  "\<lbrakk> max (sec b) l \<turnstile> c\<^sub>1;  max (sec b) l \<turnstile> c\<^sub>2 \<rbrakk> \<Longrightarrow> l \<turnstile> IF b THEN c\<^sub>1 ELSE c\<^sub>2" |
   64.12  While:
   64.13    "max (sec b) l \<turnstile> c \<Longrightarrow> l \<turnstile> WHILE b DO c"
   64.14  
   64.15 @@ -24,7 +24,7 @@
   64.16  value "2 \<turnstile> IF Less (V ''x1'') (V ''x'') THEN ''x1'' ::= N 0 ELSE SKIP"
   64.17  
   64.18  inductive_cases [elim!]:
   64.19 -  "l \<turnstile> x ::= a"  "l \<turnstile> c\<^isub>1;;c\<^isub>2"  "l \<turnstile> IF b THEN c\<^isub>1 ELSE c\<^isub>2"  "l \<turnstile> WHILE b DO c"
   64.20 +  "l \<turnstile> x ::= a"  "l \<turnstile> c\<^sub>1;;c\<^sub>2"  "l \<turnstile> IF b THEN c\<^sub>1 ELSE c\<^sub>2"  "l \<turnstile> WHILE b DO c"
   64.21  
   64.22  
   64.23  text{* An important property: anti-monotonicity. *}
   64.24 @@ -187,9 +187,9 @@
   64.25  Assign':
   64.26    "\<lbrakk> sec x \<ge> sec a; sec x \<ge> l \<rbrakk> \<Longrightarrow> l \<turnstile>' x ::= a" |
   64.27  Seq':
   64.28 -  "\<lbrakk> l \<turnstile>' c\<^isub>1;  l \<turnstile>' c\<^isub>2 \<rbrakk> \<Longrightarrow> l \<turnstile>' c\<^isub>1;;c\<^isub>2" |
   64.29 +  "\<lbrakk> l \<turnstile>' c\<^sub>1;  l \<turnstile>' c\<^sub>2 \<rbrakk> \<Longrightarrow> l \<turnstile>' c\<^sub>1;;c\<^sub>2" |
   64.30  If':
   64.31 -  "\<lbrakk> sec b \<le> l;  l \<turnstile>' c\<^isub>1;  l \<turnstile>' c\<^isub>2 \<rbrakk> \<Longrightarrow> l \<turnstile>' IF b THEN c\<^isub>1 ELSE c\<^isub>2" |
   64.32 +  "\<lbrakk> sec b \<le> l;  l \<turnstile>' c\<^sub>1;  l \<turnstile>' c\<^sub>2 \<rbrakk> \<Longrightarrow> l \<turnstile>' IF b THEN c\<^sub>1 ELSE c\<^sub>2" |
   64.33  While':
   64.34    "\<lbrakk> sec b \<le> l;  l \<turnstile>' c \<rbrakk> \<Longrightarrow> l \<turnstile>' WHILE b DO c" |
   64.35  anti_mono':
   64.36 @@ -221,10 +221,10 @@
   64.37  Assign2:
   64.38    "sec x \<ge> sec a \<Longrightarrow> \<turnstile> x ::= a : sec x" |
   64.39  Seq2:
   64.40 -  "\<lbrakk> \<turnstile> c\<^isub>1 : l\<^isub>1;  \<turnstile> c\<^isub>2 : l\<^isub>2 \<rbrakk> \<Longrightarrow> \<turnstile> c\<^isub>1;;c\<^isub>2 : min l\<^isub>1 l\<^isub>2 " |
   64.41 +  "\<lbrakk> \<turnstile> c\<^sub>1 : l\<^sub>1;  \<turnstile> c\<^sub>2 : l\<^sub>2 \<rbrakk> \<Longrightarrow> \<turnstile> c\<^sub>1;;c\<^sub>2 : min l\<^sub>1 l\<^sub>2 " |
   64.42  If2:
   64.43 -  "\<lbrakk> sec b \<le> min l\<^isub>1 l\<^isub>2;  \<turnstile> c\<^isub>1 : l\<^isub>1;  \<turnstile> c\<^isub>2 : l\<^isub>2 \<rbrakk>
   64.44 -  \<Longrightarrow> \<turnstile> IF b THEN c\<^isub>1 ELSE c\<^isub>2 : min l\<^isub>1 l\<^isub>2" |
   64.45 +  "\<lbrakk> sec b \<le> min l\<^sub>1 l\<^sub>2;  \<turnstile> c\<^sub>1 : l\<^sub>1;  \<turnstile> c\<^sub>2 : l\<^sub>2 \<rbrakk>
   64.46 +  \<Longrightarrow> \<turnstile> IF b THEN c\<^sub>1 ELSE c\<^sub>2 : min l\<^sub>1 l\<^sub>2" |
   64.47  While2:
   64.48    "\<lbrakk> sec b \<le> l;  \<turnstile> c : l \<rbrakk> \<Longrightarrow> \<turnstile> WHILE b DO c : l"
   64.49  
    65.1 --- a/src/HOL/IMP/Sec_TypingT.thy	Tue Aug 13 14:20:22 2013 +0200
    65.2 +++ b/src/HOL/IMP/Sec_TypingT.thy	Tue Aug 13 16:25:47 2013 +0200
    65.3 @@ -9,17 +9,17 @@
    65.4  Assign:
    65.5    "\<lbrakk> sec x \<ge> sec a;  sec x \<ge> l \<rbrakk> \<Longrightarrow> l \<turnstile> x ::= a"  |
    65.6  Seq:
    65.7 -  "l \<turnstile> c\<^isub>1 \<Longrightarrow> l \<turnstile> c\<^isub>2 \<Longrightarrow> l \<turnstile> c\<^isub>1;;c\<^isub>2"  |
    65.8 +  "l \<turnstile> c\<^sub>1 \<Longrightarrow> l \<turnstile> c\<^sub>2 \<Longrightarrow> l \<turnstile> c\<^sub>1;;c\<^sub>2"  |
    65.9  If:
   65.10 -  "\<lbrakk> max (sec b) l \<turnstile> c\<^isub>1;  max (sec b) l \<turnstile> c\<^isub>2 \<rbrakk>
   65.11 -   \<Longrightarrow> l \<turnstile> IF b THEN c\<^isub>1 ELSE c\<^isub>2"  |
   65.12 +  "\<lbrakk> max (sec b) l \<turnstile> c\<^sub>1;  max (sec b) l \<turnstile> c\<^sub>2 \<rbrakk>
   65.13 +   \<Longrightarrow> l \<turnstile> IF b THEN c\<^sub>1 ELSE c\<^sub>2"  |
   65.14  While:
   65.15    "sec b = 0 \<Longrightarrow> 0 \<turnstile> c \<Longrightarrow> 0 \<turnstile> WHILE b DO c"
   65.16  
   65.17  code_pred (expected_modes: i => i => bool) sec_type .
   65.18  
   65.19  inductive_cases [elim!]:
   65.20 -  "l \<turnstile> x ::= a"  "l \<turnstile> c\<^isub>1;;c\<^isub>2"  "l \<turnstile> IF b THEN c\<^isub>1 ELSE c\<^isub>2"  "l \<turnstile> WHILE b DO c"
   65.21 +  "l \<turnstile> x ::= a"  "l \<turnstile> c\<^sub>1;;c\<^sub>2"  "l \<turnstile> IF b THEN c\<^sub>1 ELSE c\<^sub>2"  "l \<turnstile> WHILE b DO c"
   65.22  
   65.23  
   65.24  lemma anti_mono: "l \<turnstile> c \<Longrightarrow> l' \<le> l \<Longrightarrow> l' \<turnstile> c"
   65.25 @@ -176,9 +176,9 @@
   65.26  Assign':
   65.27    "\<lbrakk> sec x \<ge> sec a;  sec x \<ge> l \<rbrakk> \<Longrightarrow> l \<turnstile>' x ::= a"  |
   65.28  Seq':
   65.29 -  "l \<turnstile>' c\<^isub>1 \<Longrightarrow> l \<turnstile>' c\<^isub>2 \<Longrightarrow> l \<turnstile>' c\<^isub>1;;c\<^isub>2"  |
   65.30 +  "l \<turnstile>' c\<^sub>1 \<Longrightarrow> l \<turnstile>' c\<^sub>2 \<Longrightarrow> l \<turnstile>' c\<^sub>1;;c\<^sub>2"  |
   65.31  If':
   65.32 -  "\<lbrakk> sec b \<le> l;  l \<turnstile>' c\<^isub>1;  l \<turnstile>' c\<^isub>2 \<rbrakk> \<Longrightarrow> l \<turnstile>' IF b THEN c\<^isub>1 ELSE c\<^isub>2"  |
   65.33 +  "\<lbrakk> sec b \<le> l;  l \<turnstile>' c\<^sub>1;  l \<turnstile>' c\<^sub>2 \<rbrakk> \<Longrightarrow> l \<turnstile>' IF b THEN c\<^sub>1 ELSE c\<^sub>2"  |
   65.34  While':
   65.35    "\<lbrakk> sec b = 0;  0 \<turnstile>' c \<rbrakk> \<Longrightarrow> 0 \<turnstile>' WHILE b DO c"  |
   65.36  anti_mono':
    66.1 --- a/src/HOL/IMP/Small_Step.thy	Tue Aug 13 14:20:22 2013 +0200
    66.2 +++ b/src/HOL/IMP/Small_Step.thy	Tue Aug 13 16:25:47 2013 +0200
    66.3 @@ -10,11 +10,11 @@
    66.4  where
    66.5  Assign:  "(x ::= a, s) \<rightarrow> (SKIP, s(x := aval a s))" |
    66.6  
    66.7 -Seq1:    "(SKIP;;c\<^isub>2,s) \<rightarrow> (c\<^isub>2,s)" |
    66.8 -Seq2:    "(c\<^isub>1,s) \<rightarrow> (c\<^isub>1',s') \<Longrightarrow> (c\<^isub>1;;c\<^isub>2,s) \<rightarrow> (c\<^isub>1';;c\<^isub>2,s')" |
    66.9 +Seq1:    "(SKIP;;c\<^sub>2,s) \<rightarrow> (c\<^sub>2,s)" |
   66.10 +Seq2:    "(c\<^sub>1,s) \<rightarrow> (c\<^sub>1',s') \<Longrightarrow> (c\<^sub>1;;c\<^sub>2,s) \<rightarrow> (c\<^sub>1';;c\<^sub>2,s')" |
   66.11  
   66.12 -IfTrue:  "bval b s \<Longrightarrow> (IF b THEN c\<^isub>1 ELSE c\<^isub>2,s) \<rightarrow> (c\<^isub>1,s)" |
   66.13 -IfFalse: "\<not>bval b s \<Longrightarrow> (IF b THEN c\<^isub>1 ELSE c\<^isub>2,s) \<rightarrow> (c\<^isub>2,s)" |
   66.14 +IfTrue:  "bval b s \<Longrightarrow> (IF b THEN c\<^sub>1 ELSE c\<^sub>2,s) \<rightarrow> (c\<^sub>1,s)" |
   66.15 +IfFalse: "\<not>bval b s \<Longrightarrow> (IF b THEN c\<^sub>1 ELSE c\<^sub>2,s) \<rightarrow> (c\<^sub>2,s)" |
   66.16  
   66.17  While:   "(WHILE b DO c,s) \<rightarrow>
   66.18              (IF b THEN c;; WHILE b DO c ELSE SKIP,s)"
    67.1 --- a/src/HOL/IMP/VCG.thy	Tue Aug 13 14:20:22 2013 +0200
    67.2 +++ b/src/HOL/IMP/VCG.thy	Tue Aug 13 16:25:47 2013 +0200
    67.3 @@ -20,8 +20,8 @@
    67.4  fun strip :: "acom \<Rightarrow> com" where
    67.5  "strip SKIP = com.SKIP" |
    67.6  "strip (x ::= a) = (x ::= a)" |
    67.7 -"strip (C\<^isub>1;; C\<^isub>2) = (strip C\<^isub>1;; strip C\<^isub>2)" |
    67.8 -"strip (IF b THEN C\<^isub>1 ELSE C\<^isub>2) = (IF b THEN strip C\<^isub>1 ELSE strip C\<^isub>2)" |
    67.9 +"strip (C\<^sub>1;; C\<^sub>2) = (strip C\<^sub>1;; strip C\<^sub>2)" |
   67.10 +"strip (IF b THEN C\<^sub>1 ELSE C\<^sub>2) = (IF b THEN strip C\<^sub>1 ELSE strip C\<^sub>2)" |
   67.11  "strip ({_} WHILE b DO C) = (WHILE b DO strip C)"
   67.12  
   67.13  text{* Weakest precondition from annotated commands: *}
   67.14 @@ -29,9 +29,9 @@
   67.15  fun pre :: "acom \<Rightarrow> assn \<Rightarrow> assn" where
   67.16  "pre SKIP Q = Q" |
   67.17  "pre (x ::= a) Q = (\<lambda>s. Q(s(x := aval a s)))" |
   67.18 -"pre (C\<^isub>1;; C\<^isub>2) Q = pre C\<^isub>1 (pre C\<^isub>2 Q)" |
   67.19 -"pre (IF b THEN C\<^isub>1 ELSE C\<^isub>2) Q =
   67.20 -  (\<lambda>s. if bval b s then pre C\<^isub>1 Q s else pre C\<^isub>2 Q s)" |
   67.21 +"pre (C\<^sub>1;; C\<^sub>2) Q = pre C\<^sub>1 (pre C\<^sub>2 Q)" |
   67.22 +"pre (IF b THEN C\<^sub>1 ELSE C\<^sub>2) Q =
   67.23 +  (\<lambda>s. if bval b s then pre C\<^sub>1 Q s else pre C\<^sub>2 Q s)" |
   67.24  "pre ({I} WHILE b DO C) Q = I"
   67.25  
   67.26  text{* Verification condition: *}
   67.27 @@ -39,8 +39,8 @@
   67.28  fun vc :: "acom \<Rightarrow> assn \<Rightarrow> assn" where
   67.29  "vc SKIP Q = (\<lambda>s. True)" |
   67.30  "vc (x ::= a) Q = (\<lambda>s. True)" |
   67.31 -"vc (C\<^isub>1;; C\<^isub>2) Q = (\<lambda>s. vc C\<^isub>1 (pre C\<^isub>2 Q) s \<and> vc C\<^isub>2 Q s)" |
   67.32 -"vc (IF b THEN C\<^isub>1 ELSE C\<^isub>2) Q = (\<lambda>s. vc C\<^isub>1 Q s \<and> vc C\<^isub>2 Q s)" |
   67.33 +"vc (C\<^sub>1;; C\<^sub>2) Q = (\<lambda>s. vc C\<^sub>1 (pre C\<^sub>2 Q) s \<and> vc C\<^sub>2 Q s)" |
   67.34 +"vc (IF b THEN C\<^sub>1 ELSE C\<^sub>2) Q = (\<lambda>s. vc C\<^sub>1 Q s \<and> vc C\<^sub>2 Q s)" |
   67.35  "vc ({I} WHILE b DO C) Q =
   67.36    (\<lambda>s. (I s \<and> bval b s \<longrightarrow> pre C I s) \<and>
   67.37         (I s \<and> \<not> bval b s \<longrightarrow> Q s) \<and>
    68.1 --- a/src/HOL/IMP/Vars.thy	Tue Aug 13 14:20:22 2013 +0200
    68.2 +++ b/src/HOL/IMP/Vars.thy	Tue Aug 13 16:25:47 2013 +0200
    68.3 @@ -25,7 +25,7 @@
    68.4  fun vars_aexp :: "aexp \<Rightarrow> vname set" where
    68.5  "vars (N n) = {}" |
    68.6  "vars (V x) = {x}" |
    68.7 -"vars (Plus a\<^isub>1 a\<^isub>2) = vars a\<^isub>1 \<union> vars a\<^isub>2"
    68.8 +"vars (Plus a\<^sub>1 a\<^sub>2) = vars a\<^sub>1 \<union> vars a\<^sub>2"
    68.9  
   68.10  instance ..
   68.11  
   68.12 @@ -39,8 +39,8 @@
   68.13  fun vars_bexp :: "bexp \<Rightarrow> vname set" where
   68.14  "vars (Bc v) = {}" |
   68.15  "vars (Not b) = vars b" |
   68.16 -"vars (And b\<^isub>1 b\<^isub>2) = vars b\<^isub>1 \<union> vars b\<^isub>2" |
   68.17 -"vars (Less a\<^isub>1 a\<^isub>2) = vars a\<^isub>1 \<union> vars a\<^isub>2"
   68.18 +"vars (And b\<^sub>1 b\<^sub>2) = vars b\<^sub>1 \<union> vars b\<^sub>2" |
   68.19 +"vars (Less a\<^sub>1 a\<^sub>2) = vars a\<^sub>1 \<union> vars a\<^sub>2"
   68.20  
   68.21  instance ..
   68.22  
   68.23 @@ -54,16 +54,16 @@
   68.24  "f = g on X == \<forall> x \<in> X. f x = g x"
   68.25  
   68.26  lemma aval_eq_if_eq_on_vars[simp]:
   68.27 -  "s\<^isub>1 = s\<^isub>2 on vars a \<Longrightarrow> aval a s\<^isub>1 = aval a s\<^isub>2"
   68.28 +  "s\<^sub>1 = s\<^sub>2 on vars a \<Longrightarrow> aval a s\<^sub>1 = aval a s\<^sub>2"
   68.29  apply(induction a)
   68.30  apply simp_all
   68.31  done
   68.32  
   68.33  lemma bval_eq_if_eq_on_vars:
   68.34 -  "s\<^isub>1 = s\<^isub>2 on vars b \<Longrightarrow> bval b s\<^isub>1 = bval b s\<^isub>2"
   68.35 +  "s\<^sub>1 = s\<^sub>2 on vars b \<Longrightarrow> bval b s\<^sub>1 = bval b s\<^sub>2"
   68.36  proof(induction b)
   68.37    case (Less a1 a2)
   68.38 -  hence "aval a1 s\<^isub>1 = aval a1 s\<^isub>2" and "aval a2 s\<^isub>1 = aval a2 s\<^isub>2" by simp_all
   68.39 +  hence "aval a1 s\<^sub>1 = aval a1 s\<^sub>2" and "aval a2 s\<^sub>1 = aval a2 s\<^sub>2" by simp_all
   68.40    thus ?case by simp
   68.41  qed simp_all
   68.42  
    69.1 --- a/src/HOL/Induct/Ordinals.thy	Tue Aug 13 14:20:22 2013 +0200
    69.2 +++ b/src/HOL/Induct/Ordinals.thy	Tue Aug 13 16:25:47 2013 +0200
    69.3 @@ -56,7 +56,7 @@
    69.4  | "veblen (Limit f) = \<nabla>(OpLim (\<lambda>n. veblen (f n)))"
    69.5  
    69.6  definition "veb a = veblen a Zero"
    69.7 -definition "\<epsilon>\<^isub>0 = veb Zero"
    69.8 -definition "\<Gamma>\<^isub>0 = Limit (\<lambda>n. iter veb n Zero)"
    69.9 +definition "\<epsilon>\<^sub>0 = veb Zero"
   69.10 +definition "\<Gamma>\<^sub>0 = Limit (\<lambda>n. iter veb n Zero)"
   69.11  
   69.12  end
    70.1 --- a/src/HOL/Library/Cardinality.thy	Tue Aug 13 14:20:22 2013 +0200
    70.2 +++ b/src/HOL/Library/Cardinality.thy	Tue Aug 13 16:25:47 2013 +0200
    70.3 @@ -345,20 +345,20 @@
    70.4  instance by intro_classes (simp add: card_UNIV_set_def card_UNIV_set card_UNIV)
    70.5  end
    70.6  
    70.7 -lemma UNIV_finite_1: "UNIV = set [finite_1.a\<^isub>1]"
    70.8 +lemma UNIV_finite_1: "UNIV = set [finite_1.a\<^sub>1]"
    70.9  by(auto intro: finite_1.exhaust)
   70.10  
   70.11 -lemma UNIV_finite_2: "UNIV = set [finite_2.a\<^isub>1, finite_2.a\<^isub>2]"
   70.12 +lemma UNIV_finite_2: "UNIV = set [finite_2.a\<^sub>1, finite_2.a\<^sub>2]"
   70.13  by(auto intro: finite_2.exhaust)
   70.14  
   70.15 -lemma UNIV_finite_3: "UNIV = set [finite_3.a\<^isub>1, finite_3.a\<^isub>2, finite_3.a\<^isub>3]"
   70.16 +lemma UNIV_finite_3: "UNIV = set [finite_3.a\<^sub>1, finite_3.a\<^sub>2, finite_3.a\<^sub>3]"
   70.17  by(auto intro: finite_3.exhaust)
   70.18  
   70.19 -lemma UNIV_finite_4: "UNIV = set [finite_4.a\<^isub>1, finite_4.a\<^isub>2, finite_4.a\<^isub>3, finite_4.a\<^isub>4]"
   70.20 +lemma UNIV_finite_4: "UNIV = set [finite_4.a\<^sub>1, finite_4.a\<^sub>2, finite_4.a\<^sub>3, finite_4.a\<^sub>4]"
   70.21  by(auto intro: finite_4.exhaust)
   70.22  
   70.23  lemma UNIV_finite_5:
   70.24 -  "UNIV = set [finite_5.a\<^isub>1, finite_5.a\<^isub>2, finite_5.a\<^isub>3, finite_5.a\<^isub>4, finite_5.a\<^isub>5]"
   70.25 +  "UNIV = set [finite_5.a\<^sub>1, finite_5.a\<^sub>2, finite_5.a\<^sub>3, finite_5.a\<^sub>4, finite_5.a\<^sub>5]"
   70.26  by(auto intro: finite_5.exhaust)
   70.27  
   70.28  instantiation Enum.finite_1 :: card_UNIV begin
    71.1 --- a/src/HOL/Library/Discrete.thy	Tue Aug 13 14:20:22 2013 +0200
    71.2 +++ b/src/HOL/Library/Discrete.thy	Tue Aug 13 16:25:47 2013 +0200
    71.3 @@ -76,32 +76,32 @@
    71.4  
    71.5  definition sqrt :: "nat \<Rightarrow> nat"
    71.6  where
    71.7 -  "sqrt n = Max {m. m\<twosuperior> \<le> n}"
    71.8 +  "sqrt n = Max {m. m\<^sup>2 \<le> n}"
    71.9  
   71.10  lemma sqrt_aux:
   71.11    fixes n :: nat
   71.12 -  shows "finite {m. m\<twosuperior> \<le> n}" and "{m. m\<twosuperior> \<le> n} \<noteq> {}"
   71.13 +  shows "finite {m. m\<^sup>2 \<le> n}" and "{m. m\<^sup>2 \<le> n} \<noteq> {}"
   71.14  proof -
   71.15    { fix m
   71.16 -    assume "m\<twosuperior> \<le> n"
   71.17 +    assume "m\<^sup>2 \<le> n"
   71.18      then have "m \<le> n"
   71.19        by (cases m) (simp_all add: power2_eq_square)
   71.20    } note ** = this
   71.21 -  then have "{m. m\<twosuperior> \<le> n} \<subseteq> {m. m \<le> n}" by auto
   71.22 -  then show "finite {m. m\<twosuperior> \<le> n}" by (rule finite_subset) rule
   71.23 -  have "0\<twosuperior> \<le> n" by simp
   71.24 -  then show *: "{m. m\<twosuperior> \<le> n} \<noteq> {}" by blast
   71.25 +  then have "{m. m\<^sup>2 \<le> n} \<subseteq> {m. m \<le> n}" by auto
   71.26 +  then show "finite {m. m\<^sup>2 \<le> n}" by (rule finite_subset) rule
   71.27 +  have "0\<^sup>2 \<le> n" by simp
   71.28 +  then show *: "{m. m\<^sup>2 \<le> n} \<noteq> {}" by blast
   71.29  qed
   71.30  
   71.31  lemma [code]:
   71.32 -  "sqrt n = Max (Set.filter (\<lambda>m. m\<twosuperior> \<le> n) {0..n})"
   71.33 +  "sqrt n = Max (Set.filter (\<lambda>m. m\<^sup>2 \<le> n) {0..n})"
   71.34  proof -
   71.35 -  from power2_nat_le_imp_le [of _ n] have "{m. m \<le> n \<and> m\<twosuperior> \<le> n} = {m. m\<twosuperior> \<le> n}" by auto
   71.36 +  from power2_nat_le_imp_le [of _ n] have "{m. m \<le> n \<and> m\<^sup>2 \<le> n} = {m. m\<^sup>2 \<le> n}" by auto
   71.37    then show ?thesis by (simp add: sqrt_def Set.filter_def)
   71.38  qed
   71.39  
   71.40  lemma sqrt_inverse_power2 [simp]:
   71.41 -  "sqrt (n\<twosuperior>) = n"
   71.42 +  "sqrt (n\<^sup>2) = n"
   71.43  proof -
   71.44    have "{m. m \<le> n} \<noteq> {}" by auto
   71.45    then have "Max {m. m \<le> n} \<le> n" by auto
   71.46 @@ -121,30 +121,30 @@
   71.47  lemma sqrt_greater_zero_iff [simp]:
   71.48    "sqrt n > 0 \<longleftrightarrow> n > 0"
   71.49  proof -
   71.50 -  have *: "0 < Max {m. m\<twosuperior> \<le> n} \<longleftrightarrow> (\<exists>a\<in>{m. m\<twosuperior> \<le> n}. 0 < a)"
   71.51 +  have *: "0 < Max {m. m\<^sup>2 \<le> n} \<longleftrightarrow> (\<exists>a\<in>{m. m\<^sup>2 \<le> n}. 0 < a)"
   71.52      by (rule Max_gr_iff) (fact sqrt_aux)+
   71.53    show ?thesis
   71.54    proof
   71.55      assume "0 < sqrt n"
   71.56 -    then have "0 < Max {m. m\<twosuperior> \<le> n}" by (simp add: sqrt_def)
   71.57 +    then have "0 < Max {m. m\<^sup>2 \<le> n}" by (simp add: sqrt_def)
   71.58      with * show "0 < n" by (auto dest: power2_nat_le_imp_le)
   71.59    next
   71.60      assume "0 < n"
   71.61 -    then have "1\<twosuperior> \<le> n \<and> 0 < (1::nat)" by simp
   71.62 -    then have "\<exists>q. q\<twosuperior> \<le> n \<and> 0 < q" ..
   71.63 -    with * have "0 < Max {m. m\<twosuperior> \<le> n}" by blast
   71.64 +    then have "1\<^sup>2 \<le> n \<and> 0 < (1::nat)" by simp
   71.65 +    then have "\<exists>q. q\<^sup>2 \<le> n \<and> 0 < q" ..
   71.66 +    with * have "0 < Max {m. m\<^sup>2 \<le> n}" by blast
   71.67      then show "0 < sqrt n" by  (simp add: sqrt_def)
   71.68    qed
   71.69  qed
   71.70  
   71.71  lemma sqrt_power2_le [simp]: (* FIXME tune proof *)
   71.72 -  "(sqrt n)\<twosuperior> \<le> n"
   71.73 +  "(sqrt n)\<^sup>2 \<le> n"
   71.74  proof (cases "n > 0")
   71.75    case False then show ?thesis by (simp add: sqrt_def)
   71.76  next
   71.77    case True then have "sqrt n > 0" by simp
   71.78 -  then have "mono (times (Max {m. m\<twosuperior> \<le> n}))" by (auto intro: mono_times_nat simp add: sqrt_def)
   71.79 -  then have *: "Max {m. m\<twosuperior> \<le> n} * Max {m. m\<twosuperior> \<le> n} = Max (times (Max {m. m\<twosuperior> \<le> n}) ` {m. m\<twosuperior> \<le> n})"
   71.80 +  then have "mono (times (Max {m. m\<^sup>2 \<le> n}))" by (auto intro: mono_times_nat simp add: sqrt_def)
   71.81 +  then have *: "Max {m. m\<^sup>2 \<le> n} * Max {m. m\<^sup>2 \<le> n} = Max (times (Max {m. m\<^sup>2 \<le> n}) ` {m. m\<^sup>2 \<le> n})"
   71.82      using sqrt_aux [of n] by (rule mono_Max_commute)
   71.83    have "Max (op * (Max {m. m * m \<le> n}) ` {m. m * m \<le> n}) \<le> n"
   71.84      apply (subst Max_le_iff)
    72.1 --- a/src/HOL/Library/FuncSet.thy	Tue Aug 13 14:20:22 2013 +0200
    72.2 +++ b/src/HOL/Library/FuncSet.thy	Tue Aug 13 16:25:47 2013 +0200
    72.3 @@ -342,21 +342,21 @@
    72.4  definition PiE :: "'a set \<Rightarrow> ('a \<Rightarrow> 'b set) \<Rightarrow> ('a \<Rightarrow> 'b) set" where
    72.5    "PiE S T = Pi S T \<inter> extensional S"
    72.6  
    72.7 -abbreviation "Pi\<^isub>E A B \<equiv> PiE A B"
    72.8 +abbreviation "Pi\<^sub>E A B \<equiv> PiE A B"
    72.9  
   72.10  syntax "_PiE"  :: "[pttrn, 'a set, 'b set] => ('a => 'b) set"  ("(3PIE _:_./ _)" 10)
   72.11  
   72.12 -syntax (xsymbols) "_PiE" :: "[pttrn, 'a set, 'b set] => ('a => 'b) set"  ("(3\<Pi>\<^isub>E _\<in>_./ _)" 10)
   72.13 +syntax (xsymbols) "_PiE" :: "[pttrn, 'a set, 'b set] => ('a => 'b) set"  ("(3\<Pi>\<^sub>E _\<in>_./ _)" 10)
   72.14  
   72.15 -syntax (HTML output) "_PiE" :: "[pttrn, 'a set, 'b set] => ('a => 'b) set"  ("(3\<Pi>\<^isub>E _\<in>_./ _)" 10)
   72.16 +syntax (HTML output) "_PiE" :: "[pttrn, 'a set, 'b set] => ('a => 'b) set"  ("(3\<Pi>\<^sub>E _\<in>_./ _)" 10)
   72.17  
   72.18 -translations "PIE x:A. B" == "CONST Pi\<^isub>E A (%x. B)"
   72.19 +translations "PIE x:A. B" == "CONST Pi\<^sub>E A (%x. B)"
   72.20  
   72.21 -abbreviation extensional_funcset :: "'a set \<Rightarrow> 'b set \<Rightarrow> ('a \<Rightarrow> 'b) set" (infixr "->\<^isub>E" 60) where
   72.22 -  "A ->\<^isub>E B \<equiv> (\<Pi>\<^isub>E i\<in>A. B)"
   72.23 +abbreviation extensional_funcset :: "'a set \<Rightarrow> 'b set \<Rightarrow> ('a \<Rightarrow> 'b) set" (infixr "->\<^sub>E" 60) where
   72.24 +  "A ->\<^sub>E B \<equiv> (\<Pi>\<^sub>E i\<in>A. B)"
   72.25  
   72.26  notation (xsymbols)
   72.27 -  extensional_funcset  (infixr "\<rightarrow>\<^isub>E" 60)
   72.28 +  extensional_funcset  (infixr "\<rightarrow>\<^sub>E" 60)
   72.29  
   72.30  lemma extensional_funcset_def: "extensional_funcset S T = (S -> T) \<inter> extensional S"
   72.31    by (simp add: PiE_def)
   72.32 @@ -368,16 +368,16 @@
   72.33    unfolding PiE_def by auto
   72.34  
   72.35  lemma PiE_eq_empty_iff:
   72.36 -  "Pi\<^isub>E I F = {} \<longleftrightarrow> (\<exists>i\<in>I. F i = {})"
   72.37 +  "Pi\<^sub>E I F = {} \<longleftrightarrow> (\<exists>i\<in>I. F i = {})"
   72.38  proof
   72.39 -  assume "Pi\<^isub>E I F = {}"
   72.40 +  assume "Pi\<^sub>E I F = {}"
   72.41    show "\<exists>i\<in>I. F i = {}"
   72.42    proof (rule ccontr)
   72.43      assume "\<not> ?thesis"
   72.44      then have "\<forall>i. \<exists>y. (i \<in> I \<longrightarrow> y \<in> F i) \<and> (i \<notin> I \<longrightarrow> y = undefined)" by auto
   72.45      from choice[OF this] guess f ..
   72.46 -    then have "f \<in> Pi\<^isub>E I F" by (auto simp: extensional_def PiE_def)
   72.47 -    with `Pi\<^isub>E I F = {}` show False by auto
   72.48 +    then have "f \<in> Pi\<^sub>E I F" by (auto simp: extensional_def PiE_def)
   72.49 +    with `Pi\<^sub>E I F = {}` show False by auto
   72.50    qed
   72.51  qed (auto simp: PiE_def)
   72.52  
   72.53 @@ -405,11 +405,11 @@
   72.54    then show ?thesis using assms by (auto intro: PiE_fun_upd)
   72.55  qed
   72.56  
   72.57 -lemma PiE_Int: "(Pi\<^isub>E I A) \<inter> (Pi\<^isub>E I B) = Pi\<^isub>E I (\<lambda>x. A x \<inter> B x)"
   72.58 +lemma PiE_Int: "(Pi\<^sub>E I A) \<inter> (Pi\<^sub>E I B) = Pi\<^sub>E I (\<lambda>x. A x \<inter> B x)"
   72.59    by (auto simp: PiE_def)
   72.60  
   72.61  lemma PiE_cong:
   72.62 -  "(\<And>i. i\<in>I \<Longrightarrow> A i = B i) \<Longrightarrow> Pi\<^isub>E I A = Pi\<^isub>E I B"
   72.63 +  "(\<And>i. i\<in>I \<Longrightarrow> A i = B i) \<Longrightarrow> Pi\<^sub>E I A = Pi\<^sub>E I B"
   72.64    unfolding PiE_def by (auto simp: Pi_cong)
   72.65  
   72.66  lemma PiE_E [elim]:
   72.67 @@ -433,22 +433,22 @@
   72.68  
   72.69  lemma PiE_eq_subset:
   72.70    assumes ne: "\<And>i. i \<in> I \<Longrightarrow> F i \<noteq> {}" "\<And>i. i \<in> I \<Longrightarrow> F' i \<noteq> {}"
   72.71 -  assumes eq: "Pi\<^isub>E I F = Pi\<^isub>E I F'" and "i \<in> I"
   72.72 +  assumes eq: "Pi\<^sub>E I F = Pi\<^sub>E I F'" and "i \<in> I"
   72.73    shows "F i \<subseteq> F' i"
   72.74  proof
   72.75    fix x assume "x \<in> F i"
   72.76    with ne have "\<forall>j. \<exists>y. ((j \<in> I \<longrightarrow> y \<in> F j \<and> (i = j \<longrightarrow> x = y)) \<and> (j \<notin> I \<longrightarrow> y = undefined))" by auto
   72.77    from choice[OF this] guess f .. note f = this
   72.78 -  then have "f \<in> Pi\<^isub>E I F" by (auto simp: extensional_def PiE_def)
   72.79 -  then have "f \<in> Pi\<^isub>E I F'" using assms by simp
   72.80 +  then have "f \<in> Pi\<^sub>E I F" by (auto simp: extensional_def PiE_def)
   72.81 +  then have "f \<in> Pi\<^sub>E I F'" using assms by simp
   72.82    then show "x \<in> F' i" using f `i \<in> I` by (auto simp: PiE_def)
   72.83  qed
   72.84  
   72.85  lemma PiE_eq_iff_not_empty:
   72.86    assumes ne: "\<And>i. i \<in> I \<Longrightarrow> F i \<noteq> {}" "\<And>i. i \<in> I \<Longrightarrow> F' i \<noteq> {}"
   72.87 -  shows "Pi\<^isub>E I F = Pi\<^isub>E I F' \<longleftrightarrow> (\<forall>i\<in>I. F i = F' i)"
   72.88 +  shows "Pi\<^sub>E I F = Pi\<^sub>E I F' \<longleftrightarrow> (\<forall>i\<in>I. F i = F' i)"
   72.89  proof (intro iffI ballI)
   72.90 -  fix i assume eq: "Pi\<^isub>E I F = Pi\<^isub>E I F'" and i: "i \<in> I"
   72.91 +  fix i assume eq: "Pi\<^sub>E I F = Pi\<^sub>E I F'" and i: "i \<in> I"
   72.92    show "F i = F' i"
   72.93      using PiE_eq_subset[of I F F', OF ne eq i]
   72.94      using PiE_eq_subset[of I F' F, OF ne(2,1) eq[symmetric] i]
   72.95 @@ -456,21 +456,21 @@
   72.96  qed (auto simp: PiE_def)
   72.97  
   72.98  lemma PiE_eq_iff:
   72.99 -  "Pi\<^isub>E I F = Pi\<^isub>E I F' \<longleftrightarrow> (\<forall>i\<in>I. F i = F' i) \<or> ((\<exists>i\<in>I. F i = {}) \<and> (\<exists>i\<in>I. F' i = {}))"
  72.100 +  "Pi\<^sub>E I F = Pi\<^sub>E I F' \<longleftrightarrow> (\<forall>i\<in>I. F i = F' i) \<or> ((\<exists>i\<in>I. F i = {}) \<and> (\<exists>i\<in>I. F' i = {}))"
  72.101  proof (intro iffI disjCI)
  72.102 -  assume eq[simp]: "Pi\<^isub>E I F = Pi\<^isub>E I F'"
  72.103 +  assume eq[simp]: "Pi\<^sub>E I F = Pi\<^sub>E I F'"
  72.104    assume "\<not> ((\<exists>i\<in>I. F i = {}) \<and> (\<exists>i\<in>I. F' i = {}))"
  72.105    then have "(\<forall>i\<in>I. F i \<noteq> {}) \<and> (\<forall>i\<in>I. F' i \<noteq> {})"
  72.106      using PiE_eq_empty_iff[of I F] PiE_eq_empty_iff[of I F'] by auto
  72.107    with PiE_eq_iff_not_empty[of I F F'] show "\<forall>i\<in>I. F i = F' i" by auto
  72.108  next
  72.109    assume "(\<forall>i\<in>I. F i = F' i) \<or> (\<exists>i\<in>I. F i = {}) \<and> (\<exists>i\<in>I. F' i = {})"
  72.110 -  then show "Pi\<^isub>E I F = Pi\<^isub>E I F'"
  72.111 +  then show "Pi\<^sub>E I F = Pi\<^sub>E I F'"
  72.112      using PiE_eq_empty_iff[of I F] PiE_eq_empty_iff[of I F'] by (auto simp: PiE_def)
  72.113  qed
  72.114  
  72.115  lemma extensional_funcset_fun_upd_restricts_rangeI: 
  72.116 -  "\<forall>y \<in> S. f x \<noteq> f y \<Longrightarrow> f : (insert x S) \<rightarrow>\<^isub>E T ==> f(x := undefined) : S \<rightarrow>\<^isub>E (T - {f x})"
  72.117 +  "\<forall>y \<in> S. f x \<noteq> f y \<Longrightarrow> f : (insert x S) \<rightarrow>\<^sub>E T ==> f(x := undefined) : S \<rightarrow>\<^sub>E (T - {f x})"
  72.118    unfolding extensional_funcset_def extensional_def
  72.119    apply auto
  72.120    apply (case_tac "x = xa")
  72.121 @@ -478,21 +478,21 @@
  72.122    done
  72.123  
  72.124  lemma extensional_funcset_fun_upd_extends_rangeI:
  72.125 -  assumes "a \<in> T" "f \<in> S \<rightarrow>\<^isub>E (T - {a})"
  72.126 -  shows "f(x := a) \<in> (insert x S) \<rightarrow>\<^isub>E  T"
  72.127 +  assumes "a \<in> T" "f \<in> S \<rightarrow>\<^sub>E (T - {a})"
  72.128 +  shows "f(x := a) \<in> (insert x S) \<rightarrow>\<^sub>E  T"
  72.129    using assms unfolding extensional_funcset_def extensional_def by auto
  72.130  
  72.131  subsubsection {* Injective Extensional Function Spaces *}
  72.132  
  72.133  lemma extensional_funcset_fun_upd_inj_onI:
  72.134 -  assumes "f \<in> S \<rightarrow>\<^isub>E (T - {a})" "inj_on f S"
  72.135 +  assumes "f \<in> S \<rightarrow>\<^sub>E (T - {a})" "inj_on f S"
  72.136    shows "inj_on (f(x := a)) S"
  72.137    using assms unfolding extensional_funcset_def by (auto intro!: inj_on_fun_updI)
  72.138  
  72.139  lemma extensional_funcset_extend_domain_inj_on_eq:
  72.140    assumes "x \<notin> S"
  72.141 -  shows"{f. f \<in> (insert x S) \<rightarrow>\<^isub>E T \<and> inj_on f (insert x S)} =
  72.142 -    (%(y, g). g(x:=y)) ` {(y, g). y \<in> T \<and> g \<in> S \<rightarrow>\<^isub>E (T - {y}) \<and> inj_on g S}"
  72.143 +  shows"{f. f \<in> (insert x S) \<rightarrow>\<^sub>E T \<and> inj_on f (insert x S)} =
  72.144 +    (%(y, g). g(x:=y)) ` {(y, g). y \<in> T \<and> g \<in> S \<rightarrow>\<^sub>E (T - {y}) \<and> inj_on g S}"
  72.145  proof -
  72.146    from assms show ?thesis
  72.147      apply (auto del: PiE_I PiE_E)
  72.148 @@ -508,7 +508,7 @@
  72.149  
  72.150  lemma extensional_funcset_extend_domain_inj_onI:
  72.151    assumes "x \<notin> S"
  72.152 -  shows "inj_on (\<lambda>(y, g). g(x := y)) {(y, g). y \<in> T \<and> g \<in> S \<rightarrow>\<^isub>E (T - {y}) \<and> inj_on g S}"
  72.153 +  shows "inj_on (\<lambda>(y, g). g(x := y)) {(y, g). y \<in> T \<and> g \<in> S \<rightarrow>\<^sub>E (T - {y}) \<and> inj_on g S}"
  72.154  proof -
  72.155    from assms show ?thesis
  72.156      apply (auto intro!: inj_onI)
  72.157 @@ -522,9 +522,9 @@
  72.158  lemma finite_PiE: "finite S \<Longrightarrow> (\<And>i. i \<in> S \<Longrightarrow> finite (T i)) \<Longrightarrow> finite (PIE i : S. T i)"
  72.159    by (induct S arbitrary: T rule: finite_induct) (simp_all add: PiE_insert_eq)
  72.160  
  72.161 -lemma inj_combinator: "x \<notin> S \<Longrightarrow> inj_on (\<lambda>(y, g). g(x := y)) (T x \<times> Pi\<^isub>E S T)"
  72.162 +lemma inj_combinator: "x \<notin> S \<Longrightarrow> inj_on (\<lambda>(y, g). g(x := y)) (T x \<times> Pi\<^sub>E S T)"
  72.163  proof (safe intro!: inj_onI ext)
  72.164 -  fix f y g z assume "x \<notin> S" and fg: "f \<in> Pi\<^isub>E S T" "g \<in> Pi\<^isub>E S T"
  72.165 +  fix f y g z assume "x \<notin> S" and fg: "f \<in> Pi\<^sub>E S T" "g \<in> Pi\<^sub>E S T"
  72.166    assume "f(x := y) = g(x := z)"
  72.167    then have *: "\<And>i. (f(x := y)) i = (g(x := z)) i"
  72.168      unfolding fun_eq_iff by auto
    73.1 --- a/src/HOL/Library/Function_Growth.thy	Tue Aug 13 14:20:22 2013 +0200
    73.2 +++ b/src/HOL/Library/Function_Growth.thy	Tue Aug 13 16:25:47 2013 +0200
    73.3 @@ -73,35 +73,35 @@
    73.4  definition equiv_fun :: "(nat \<Rightarrow> nat) \<Rightarrow> (nat \<Rightarrow> nat) \<Rightarrow> bool" (infix "\<cong>" 50)
    73.5  where
    73.6    "f \<cong> g \<longleftrightarrow>
    73.7 -    (\<exists>c\<^isub>1>0. \<exists>c\<^isub>2>0. \<exists>n. \<forall>m>n. f m \<le> c\<^isub>1 * g m \<and> g m \<le> c\<^isub>2 * f m)"
    73.8 +    (\<exists>c\<^sub>1>0. \<exists>c\<^sub>2>0. \<exists>n. \<forall>m>n. f m \<le> c\<^sub>1 * g m \<and> g m \<le> c\<^sub>2 * f m)"
    73.9  
   73.10  text {*
   73.11 -  This yields @{text "f \<cong> g \<longleftrightarrow> f \<in> \<Theta>(g)"}.  Concerning @{text "c\<^isub>1"} and @{text "c\<^isub>2"}
   73.12 +  This yields @{text "f \<cong> g \<longleftrightarrow> f \<in> \<Theta>(g)"}.  Concerning @{text "c\<^sub>1"} and @{text "c\<^sub>2"}
   73.13    restricted to @{typ nat}, see note above on @{text "(\<lesssim>)"}.
   73.14  *}
   73.15  
   73.16  lemma equiv_funI [intro?]:
   73.17 -  assumes "\<exists>c\<^isub>1>0. \<exists>c\<^isub>2>0. \<exists>n. \<forall>m>n. f m \<le> c\<^isub>1 * g m \<and> g m \<le> c\<^isub>2 * f m"
   73.18 +  assumes "\<exists>c\<^sub>1>0. \<exists>c\<^sub>2>0. \<exists>n. \<forall>m>n. f m \<le> c\<^sub>1 * g m \<and> g m \<le> c\<^sub>2 * f m"
   73.19    shows "f \<cong> g"
   73.20    unfolding equiv_fun_def by (rule assms)
   73.21  
   73.22  lemma not_equiv_funI:
   73.23 -  assumes "\<And>c\<^isub>1 c\<^isub>2 n. c\<^isub>1 > 0 \<Longrightarrow> c\<^isub>2 > 0 \<Longrightarrow>
   73.24 -    \<exists>m>n. c\<^isub>1 * f m < g m \<or> c\<^isub>2 * g m < f m"
   73.25 +  assumes "\<And>c\<^sub>1 c\<^sub>2 n. c\<^sub>1 > 0 \<Longrightarrow> c\<^sub>2 > 0 \<Longrightarrow>
   73.26 +    \<exists>m>n. c\<^sub>1 * f m < g m \<or> c\<^sub>2 * g m < f m"
   73.27    shows "\<not> f \<cong> g"
   73.28    using assms unfolding equiv_fun_def linorder_not_le [symmetric] by blast
   73.29  
   73.30  lemma equiv_funE [elim?]:
   73.31    assumes "f \<cong> g"
   73.32 -  obtains n c\<^isub>1 c\<^isub>2 where "c\<^isub>1 > 0" and "c\<^isub>2 > 0"
   73.33 -    and "\<And>m. m > n \<Longrightarrow> f m \<le> c\<^isub>1 * g m \<and> g m \<le> c\<^isub>2 * f m"
   73.34 +  obtains n c\<^sub>1 c\<^sub>2 where "c\<^sub>1 > 0" and "c\<^sub>2 > 0"
   73.35 +    and "\<And>m. m > n \<Longrightarrow> f m \<le> c\<^sub>1 * g m \<and> g m \<le> c\<^sub>2 * f m"
   73.36    using assms unfolding equiv_fun_def by blast
   73.37  
   73.38  lemma not_equiv_funE:
   73.39 -  fixes n c\<^isub>1 c\<^isub>2
   73.40 -  assumes "\<not> f \<cong> g" and "c\<^isub>1 > 0" and "c\<^isub>2 > 0"
   73.41 +  fixes n c\<^sub>1 c\<^sub>2
   73.42 +  assumes "\<not> f \<cong> g" and "c\<^sub>1 > 0" and "c\<^sub>2 > 0"
   73.43    obtains m where "m > n"
   73.44 -    and "c\<^isub>1 * f m < g m \<or> c\<^isub>2 * g m < f m"
   73.45 +    and "c\<^sub>1 * f m < g m \<or> c\<^sub>2 * g m < f m"
   73.46    using assms unfolding equiv_fun_def linorder_not_le [symmetric] by blast
   73.47  
   73.48  
   73.49 @@ -207,23 +207,23 @@
   73.50      assume "f \<lesssim> g" and "g \<lesssim> h"
   73.51      show "f \<lesssim> h"
   73.52      proof
   73.53 -      from `f \<lesssim> g` obtain n\<^isub>1 c\<^isub>1
   73.54 -        where "c\<^isub>1 > 0" and P\<^isub>1: "\<And>m. m > n\<^isub>1 \<Longrightarrow> f m \<le> c\<^isub>1 * g m"
   73.55 +      from `f \<lesssim> g` obtain n\<^sub>1 c\<^sub>1
   73.56 +        where "c\<^sub>1 > 0" and P\<^sub>1: "\<And>m. m > n\<^sub>1 \<Longrightarrow> f m \<le> c\<^sub>1 * g m"
   73.57          by rule blast
   73.58 -      from `g \<lesssim> h` obtain n\<^isub>2 c\<^isub>2
   73.59 -        where "c\<^isub>2 > 0" and P\<^isub>2: "\<And>m. m > n\<^isub>2 \<Longrightarrow> g m \<le> c\<^isub>2 * h m"
   73.60 +      from `g \<lesssim> h` obtain n\<^sub>2 c\<^sub>2
   73.61 +        where "c\<^sub>2 > 0" and P\<^sub>2: "\<And>m. m > n\<^sub>2 \<Longrightarrow> g m \<le> c\<^sub>2 * h m"
   73.62          by rule blast
   73.63 -      have "\<forall>m>max n\<^isub>1 n\<^isub>2. f m \<le> (c\<^isub>1 * c\<^isub>2) * h m"
   73.64 +      have "\<forall>m>max n\<^sub>1 n\<^sub>2. f m \<le> (c\<^sub>1 * c\<^sub>2) * h m"
   73.65        proof (rule allI, rule impI)
   73.66          fix m
   73.67 -        assume Q: "m > max n\<^isub>1 n\<^isub>2"
   73.68 -        from P\<^isub>1 Q have *: "f m \<le> c\<^isub>1 * g m" by simp
   73.69 -        from P\<^isub>2 Q have "g m \<le> c\<^isub>2 * h m" by simp
   73.70 -        with `c\<^isub>1 > 0` have "c\<^isub>1 * g m \<le> (c\<^isub>1 * c\<^isub>2) * h m" by simp
   73.71 -        with * show "f m \<le> (c\<^isub>1 * c\<^isub>2) * h m" by (rule order_trans)
   73.72 +        assume Q: "m > max n\<^sub>1 n\<^sub>2"
   73.73 +        from P\<^sub>1 Q have *: "f m \<le> c\<^sub>1 * g m" by simp
   73.74 +        from P\<^sub>2 Q have "g m \<le> c\<^sub>2 * h m" by simp
   73.75 +        with `c\<^sub>1 > 0` have "c\<^sub>1 * g m \<le> (c\<^sub>1 * c\<^sub>2) * h m" by simp
   73.76 +        with * show "f m \<le> (c\<^sub>1 * c\<^sub>2) * h m" by (rule order_trans)
   73.77        qed
   73.78 -      then have "\<exists>n. \<forall>m>n. f m \<le> (c\<^isub>1 * c\<^isub>2) * h m" by rule
   73.79 -      moreover from `c\<^isub>1 > 0` `c\<^isub>2 > 0` have "c\<^isub>1 * c\<^isub>2 > 0" by (rule mult_pos_pos)
   73.80 +      then have "\<exists>n. \<forall>m>n. f m \<le> (c\<^sub>1 * c\<^sub>2) * h m" by rule
   73.81 +      moreover from `c\<^sub>1 > 0` `c\<^sub>2 > 0` have "c\<^sub>1 * c\<^sub>2 > 0" by (rule mult_pos_pos)
   73.82        ultimately show "\<exists>c>0. \<exists>n. \<forall>m>n. f m \<le> c * h m" by blast
   73.83      qed
   73.84    qed
   73.85 @@ -234,43 +234,43 @@
   73.86      show "f \<lesssim> g \<and> g \<lesssim> f \<longleftrightarrow> f \<cong> g"
   73.87      proof
   73.88        assume "f \<cong> g"
   73.89 -      then obtain n c\<^isub>1 c\<^isub>2 where "c\<^isub>1 > 0" and "c\<^isub>2 > 0"
   73.90 -        and *: "\<And>m. m > n \<Longrightarrow> f m \<le> c\<^isub>1 * g m \<and> g m \<le> c\<^isub>2 * f m"
   73.91 +      then obtain n c\<^sub>1 c\<^sub>2 where "c\<^sub>1 > 0" and "c\<^sub>2 > 0"
   73.92 +        and *: "\<And>m. m > n \<Longrightarrow> f m \<le> c\<^sub>1 * g m \<and> g m \<le> c\<^sub>2 * f m"
   73.93          by rule blast
   73.94 -      have "\<forall>m>n. f m \<le> c\<^isub>1 * g m"
   73.95 +      have "\<forall>m>n. f m \<le> c\<^sub>1 * g m"
   73.96        proof (rule allI, rule impI)
   73.97          fix m
   73.98          assume "m > n"
   73.99 -        with * show "f m \<le> c\<^isub>1 * g m" by simp
  73.100 +        with * show "f m \<le> c\<^sub>1 * g m" by simp
  73.101        qed
  73.102 -      with `c\<^isub>1 > 0` have "\<exists>c>0. \<exists>n. \<forall>m>n. f m \<le> c * g m" by blast
  73.103 +      with `c\<^sub>1 > 0` have "\<exists>c>0. \<exists>n. \<forall>m>n. f m \<le> c * g m" by blast
  73.104        then have "f \<lesssim> g" ..
  73.105 -      have "\<forall>m>n. g m \<le> c\<^isub>2 * f m"
  73.106 +      have "\<forall>m>n. g m \<le> c\<^sub>2 * f m"
  73.107        proof (rule allI, rule impI)
  73.108          fix m
  73.109          assume "m > n"
  73.110 -        with * show "g m \<le> c\<^isub>2 * f m" by simp
  73.111 +        with * show "g m \<le> c\<^sub>2 * f m" by simp
  73.112        qed
  73.113 -      with `c\<^isub>2 > 0` have "\<exists>c>0. \<exists>n. \<forall>m>n. g m \<le> c * f m" by blast
  73.114 +      with `c\<^sub>2 > 0` have "\<exists>c>0. \<exists>n. \<forall>m>n. g m \<le> c * f m" by blast
  73.115        then have "g \<lesssim> f" ..
  73.116        from `f \<lesssim> g` and `g \<lesssim> f` show "f \<lesssim> g \<and> g \<lesssim> f" ..
  73.117      next
  73.118        assume "f \<lesssim> g \<and> g \<lesssim> f"
  73.119        then have "f \<lesssim> g" and "g \<lesssim> f" by auto
  73.120 -      from `f \<lesssim> g` obtain n\<^isub>1 c\<^isub>1 where "c\<^isub>1 > 0"
  73.121 -        and P\<^isub>1: "\<And>m. m > n\<^isub>1 \<Longrightarrow> f m \<le> c\<^isub>1 * g m" by rule blast
  73.122 -      from `g \<lesssim> f` obtain n\<^isub>2 c\<^isub>2 where "c\<^isub>2 > 0"
  73.123 -        and P\<^isub>2: "\<And>m. m > n\<^isub>2 \<Longrightarrow> g m \<le> c\<^isub>2 * f m" by rule blast
  73.124 -      have "\<forall>m>max n\<^isub>1 n\<^isub>2. f m \<le> c\<^isub>1 * g m \<and> g m \<le> c\<^isub>2 * f m"
  73.125 +      from `f \<lesssim> g` obtain n\<^sub>1 c\<^sub>1 where "c\<^sub>1 > 0"
  73.126 +        and P\<^sub>1: "\<And>m. m > n\<^sub>1 \<Longrightarrow> f m \<le> c\<^sub>1 * g m" by rule blast
  73.127 +      from `g \<lesssim> f` obtain n\<^sub>2 c\<^sub>2 where "c\<^sub>2 > 0"
  73.128 +        and P\<^sub>2: "\<And>m. m > n\<^sub>2 \<Longrightarrow> g m \<le> c\<^sub>2 * f m" by rule blast
  73.129 +      have "\<forall>m>max n\<^sub>1 n\<^sub>2. f m \<le> c\<^sub>1 * g m \<and> g m \<le> c\<^sub>2 * f m"
  73.130        proof (rule allI, rule impI)
  73.131          fix m
  73.132 -        assume Q: "m > max n\<^isub>1 n\<^isub>2"
  73.133 -        from P\<^isub>1 Q have "f m \<le> c\<^isub>1 * g m" by simp
  73.134 -        moreover from P\<^isub>2 Q have "g m \<le> c\<^isub>2 * f m" by simp
  73.135 -        ultimately show "f m \<le> c\<^isub>1 * g m \<and> g m \<le> c\<^isub>2 * f m" ..
  73.136 +        assume Q: "m > max n\<^sub>1 n\<^sub>2"
  73.137 +        from P\<^sub>1 Q have "f m \<le> c\<^sub>1 * g m" by simp
  73.138 +        moreover from P\<^sub>2 Q have "g m \<le> c\<^sub>2 * f m" by simp
  73.139 +        ultimately show "f m \<le> c\<^sub>1 * g m \<and> g m \<le> c\<^sub>2 * f m" ..
  73.140        qed
  73.141 -      with `c\<^isub>1 > 0` `c\<^isub>2 > 0` have "\<exists>c\<^isub>1>0. \<exists>c\<^isub>2>0. \<exists>n.
  73.142 -        \<forall>m>n. f m \<le> c\<^isub>1 * g m \<and> g m \<le> c\<^isub>2 * f m" by blast
  73.143 +      with `c\<^sub>1 > 0` `c\<^sub>2 > 0` have "\<exists>c\<^sub>1>0. \<exists>c\<^sub>2>0. \<exists>n.
  73.144 +        \<forall>m>n. f m \<le> c\<^sub>1 * g m \<and> g m \<le> c\<^sub>2 * f m" by blast
  73.145        then show "f \<cong> g" ..
  73.146      qed
  73.147    qed
  73.148 @@ -318,15 +318,15 @@
  73.149  proof (rule less_fun_strongI)
  73.150    fix c :: nat
  73.151    assume "0 < c"
  73.152 -  have "\<forall>m>(Suc c)\<twosuperior>. c * Discrete.sqrt m < id m"
  73.153 +  have "\<forall>m>(Suc c)\<^sup>2. c * Discrete.sqrt m < id m"
  73.154    proof (rule allI, rule impI)
  73.155      fix m
  73.156 -    assume "(Suc c)\<twosuperior> < m"
  73.157 -    then have "(Suc c)\<twosuperior> \<le> m" by simp
  73.158 -    with mono_sqrt have "Discrete.sqrt ((Suc c)\<twosuperior>) \<le> Discrete.sqrt m" by (rule monoE)
  73.159 +    assume "(Suc c)\<^sup>2 < m"
  73.160 +    then have "(Suc c)\<^sup>2 \<le> m" by simp
  73.161 +    with mono_sqrt have "Discrete.sqrt ((Suc c)\<^sup>2) \<le> Discrete.sqrt m" by (rule monoE)
  73.162      then have "Suc c \<le> Discrete.sqrt m" by simp
  73.163      then have "c < Discrete.sqrt m" by simp
  73.164 -    moreover from `(Suc c)\<twosuperior> < m` have "Discrete.sqrt m > 0" by simp
  73.165 +    moreover from `(Suc c)\<^sup>2 < m` have "Discrete.sqrt m > 0" by simp
  73.166      ultimately have "c * Discrete.sqrt m < Discrete.sqrt m * Discrete.sqrt m" by simp
  73.167      also have "\<dots> \<le> m" by (simp add: power2_eq_square [symmetric])
  73.168      finally show "c * Discrete.sqrt m < id m" by simp
  73.169 @@ -334,7 +334,7 @@
  73.170    then show "\<exists>n. \<forall>m>n. c * Discrete.sqrt m < id m" ..
  73.171  qed
  73.172  
  73.173 -lemma "id \<prec> (\<lambda>n. n\<twosuperior>)"
  73.174 +lemma "id \<prec> (\<lambda>n. n\<^sup>2)"
  73.175    by (rule less_fun_strongI) (auto simp add: power2_eq_square)
  73.176  
  73.177  lemma "(\<lambda>n. n ^ k) \<prec> (\<lambda>n. n ^ Suc k)"
    74.1 --- a/src/HOL/Library/Inner_Product.thy	Tue Aug 13 14:20:22 2013 +0200
    74.2 +++ b/src/HOL/Library/Inner_Product.thy	Tue Aug 13 16:25:47 2013 +0200
    74.3 @@ -78,11 +78,11 @@
    74.4  lemma inner_gt_zero_iff [simp]: "0 < inner x x \<longleftrightarrow> x \<noteq> 0"
    74.5    by (simp add: order_less_le)
    74.6  
    74.7 -lemma power2_norm_eq_inner: "(norm x)\<twosuperior> = inner x x"
    74.8 +lemma power2_norm_eq_inner: "(norm x)\<^sup>2 = inner x x"
    74.9    by (simp add: norm_eq_sqrt_inner)
   74.10  
   74.11  lemma Cauchy_Schwarz_ineq:
   74.12 -  "(inner x y)\<twosuperior> \<le> inner x x * inner y y"
   74.13 +  "(inner x y)\<^sup>2 \<le> inner x x * inner y y"
   74.14  proof (cases)
   74.15    assume "y = 0"
   74.16    thus ?thesis by simp
   74.17 @@ -93,21 +93,21 @@
   74.18      by (rule inner_ge_zero)
   74.19    also have "\<dots> = inner x x - inner y x * ?r"
   74.20      by (simp add: inner_diff)
   74.21 -  also have "\<dots> = inner x x - (inner x y)\<twosuperior> / inner y y"
   74.22 +  also have "\<dots> = inner x x - (inner x y)\<^sup>2 / inner y y"
   74.23      by (simp add: power2_eq_square inner_commute)
   74.24 -  finally have "0 \<le> inner x x - (inner x y)\<twosuperior> / inner y y" .
   74.25 -  hence "(inner x y)\<twosuperior> / inner y y \<le> inner x x"
   74.26 +  finally have "0 \<le> inner x x - (inner x y)\<^sup>2 / inner y y" .
   74.27 +  hence "(inner x y)\<^sup>2 / inner y y \<le> inner x x"
   74.28      by (simp add: le_diff_eq)
   74.29 -  thus "(inner x y)\<twosuperior> \<le> inner x x * inner y y"
   74.30 +  thus "(inner x y)\<^sup>2 \<le> inner x x * inner y y"
   74.31      by (simp add: pos_divide_le_eq y)
   74.32  qed
   74.33  
   74.34  lemma Cauchy_Schwarz_ineq2:
   74.35    "\<bar>inner x y\<bar> \<le> norm x * norm y"
   74.36  proof (rule power2_le_imp_le)
   74.37 -  have "(inner x y)\<twosuperior> \<le> inner x x * inner y y"
   74.38 +  have "(inner x y)\<^sup>2 \<le> inner x x * inner y y"
   74.39      using Cauchy_Schwarz_ineq .
   74.40 -  thus "\<bar>inner x y\<bar>\<twosuperior> \<le> (norm x * norm y)\<twosuperior>"
   74.41 +  thus "\<bar>inner x y\<bar>\<^sup>2 \<le> (norm x * norm y)\<^sup>2"
   74.42      by (simp add: power_mult_distrib power2_norm_eq_inner)
   74.43    show "0 \<le> norm x * norm y"
   74.44      unfolding norm_eq_sqrt_inner
   74.45 @@ -123,13 +123,13 @@
   74.46      proof (rule power2_le_imp_le)
   74.47        have "inner x y \<le> norm x * norm y"
   74.48          by (rule order_trans [OF abs_ge_self Cauchy_Schwarz_ineq2])
   74.49 -      thus "(norm (x + y))\<twosuperior> \<le> (norm x + norm y)\<twosuperior>"
   74.50 +      thus "(norm (x + y))\<^sup>2 \<le> (norm x + norm y)\<^sup>2"
   74.51          unfolding power2_sum power2_norm_eq_inner
   74.52          by (simp add: inner_add inner_commute)
   74.53        show "0 \<le> norm x + norm y"
   74.54          unfolding norm_eq_sqrt_inner by simp
   74.55      qed
   74.56 -  have "sqrt (a\<twosuperior> * inner x x) = \<bar>a\<bar> * sqrt (inner x x)"
   74.57 +  have "sqrt (a\<^sup>2 * inner x x) = \<bar>a\<bar> * sqrt (inner x x)"
   74.58      by (simp add: real_sqrt_mult_distrib)
   74.59    then show "norm (a *\<^sub>R x) = \<bar>a\<bar> * norm x"
   74.60      unfolding norm_eq_sqrt_inner
   74.61 @@ -324,7 +324,7 @@
   74.62  
   74.63  lemma GDERIV_inverse:
   74.64      "\<lbrakk>GDERIV f x :> df; f x \<noteq> 0\<rbrakk>
   74.65 -     \<Longrightarrow> GDERIV (\<lambda>x. inverse (f x)) x :> - (inverse (f x))\<twosuperior> *\<^sub>R df"
   74.66 +     \<Longrightarrow> GDERIV (\<lambda>x. inverse (f x)) x :> - (inverse (f x))\<^sup>2 *\<^sub>R df"
   74.67    apply (erule GDERIV_DERIV_compose)
   74.68    apply (erule DERIV_inverse [folded numeral_2_eq_2])
   74.69    done
    75.1 --- a/src/HOL/Library/Kleene_Algebra.thy	Tue Aug 13 14:20:22 2013 +0200
    75.2 +++ b/src/HOL/Library/Kleene_Algebra.thy	Tue Aug 13 16:25:47 2013 +0200
    75.3 @@ -321,10 +321,10 @@
    75.4  lemma ka25: "star y * star x \<le> star x * star y \<Longrightarrow> star (star y * star x) \<le> star x * star y"
    75.5  proof -
    75.6    assume "star y * star x \<le> star x * star y"
    75.7 -  hence "\<forall>x\<^isub>1. star y * (star x * x\<^isub>1) \<le> star x * (star y * x\<^isub>1)" by (metis mult_assoc mult_right_mono zero_minimum)
    75.8 +  hence "\<forall>x\<^sub>1. star y * (star x * x\<^sub>1) \<le> star x * (star y * x\<^sub>1)" by (metis mult_assoc mult_right_mono zero_minimum)
    75.9    hence "star y * (star x * star y) \<le> star x * star y" by (metis star_mult_idem)
   75.10 -  hence "\<exists>x\<^isub>1. star (star y * star x) * star x\<^isub>1 \<le> star x * star y" by (metis star_decomp star_idemp star_simulation_leq_2 star_slide)
   75.11 -  hence "\<exists>x\<^isub>1\<ge>star (star y * star x). x\<^isub>1 \<le> star x * star y" by (metis x_less_star)
   75.12 +  hence "\<exists>x\<^sub>1. star (star y * star x) * star x\<^sub>1 \<le> star x * star y" by (metis star_decomp star_idemp star_simulation_leq_2 star_slide)
   75.13 +  hence "\<exists>x\<^sub>1\<ge>star (star y * star x). x\<^sub>1 \<le> star x * star y" by (metis x_less_star)
   75.14    thus "star (star y * star x) \<le> star x * star y" by (metis order_trans)
   75.15  qed
   75.16  
    76.1 --- a/src/HOL/Library/Product_Lexorder.thy	Tue Aug 13 14:20:22 2013 +0200
    76.2 +++ b/src/HOL/Library/Product_Lexorder.thy	Tue Aug 13 16:25:47 2013 +0200
    76.3 @@ -94,23 +94,23 @@
    76.4      case (Pair a b)
    76.5      show "P (a, b)"
    76.6      proof (induct a arbitrary: b rule: less_induct)
    76.7 -      case (less a\<^isub>1) note a\<^isub>1 = this
    76.8 -      show "P (a\<^isub>1, b)"
    76.9 +      case (less a\<^sub>1) note a\<^sub>1 = this
   76.10 +      show "P (a\<^sub>1, b)"
   76.11        proof (induct b rule: less_induct)
   76.12 -        case (less b\<^isub>1) note b\<^isub>1 = this
   76.13 -        show "P (a\<^isub>1, b\<^isub>1)"
   76.14 +        case (less b\<^sub>1) note b\<^sub>1 = this
   76.15 +        show "P (a\<^sub>1, b\<^sub>1)"
   76.16          proof (rule P)
   76.17 -          fix p assume p: "p < (a\<^isub>1, b\<^isub>1)"
   76.18 +          fix p assume p: "p < (a\<^sub>1, b\<^sub>1)"
   76.19            show "P p"
   76.20 -          proof (cases "fst p < a\<^isub>1")
   76.21 +          proof (cases "fst p < a\<^sub>1")
   76.22              case True
   76.23 -            then have "P (fst p, snd p)" by (rule a\<^isub>1)
   76.24 +            then have "P (fst p, snd p)" by (rule a\<^sub>1)
   76.25              then show ?thesis by simp
   76.26            next
   76.27              case False
   76.28 -            with p have 1: "a\<^isub>1 = fst p" and 2: "snd p < b\<^isub>1"
   76.29 +            with p have 1: "a\<^sub>1 = fst p" and 2: "snd p < b\<^sub>1"
   76.30                by (simp_all add: less_prod_def')
   76.31 -            from 2 have "P (a\<^isub>1, snd p)" by (rule b\<^isub>1)
   76.32 +            from 2 have "P (a\<^sub>1, snd p)" by (rule b\<^sub>1)
   76.33              with 1 show ?thesis by simp
   76.34            qed
   76.35          qed
    77.1 --- a/src/HOL/Library/Product_Vector.thy	Tue Aug 13 14:20:22 2013 +0200
    77.2 +++ b/src/HOL/Library/Product_Vector.thy	Tue Aug 13 16:25:47 2013 +0200
    77.3 @@ -275,9 +275,9 @@
    77.4  begin
    77.5  
    77.6  definition dist_prod_def:
    77.7 -  "dist x y = sqrt ((dist (fst x) (fst y))\<twosuperior> + (dist (snd x) (snd y))\<twosuperior>)"
    77.8 +  "dist x y = sqrt ((dist (fst x) (fst y))\<^sup>2 + (dist (snd x) (snd y))\<^sup>2)"
    77.9  
   77.10 -lemma dist_Pair_Pair: "dist (a, b) (c, d) = sqrt ((dist a c)\<twosuperior> + (dist b d)\<twosuperior>)"
   77.11 +lemma dist_Pair_Pair: "dist (a, b) (c, d) = sqrt ((dist a c)\<^sup>2 + (dist b d)\<^sup>2)"
   77.12    unfolding dist_prod_def by simp
   77.13  
   77.14  lemma dist_fst_le: "dist (fst x) (fst y) \<le> dist x y"
   77.15 @@ -335,7 +335,7 @@
   77.16        def r \<equiv> "e / sqrt 2" and s \<equiv> "e / sqrt 2"
   77.17        from `0 < e` have "0 < r" and "0 < s"
   77.18          unfolding r_def s_def by (simp_all add: divide_pos_pos)
   77.19 -      from `0 < e` have "e = sqrt (r\<twosuperior> + s\<twosuperior>)"
   77.20 +      from `0 < e` have "e = sqrt (r\<^sup>2 + s\<^sup>2)"
   77.21          unfolding r_def s_def by (simp add: power_divide)
   77.22        def A \<equiv> "{y. dist (fst x) y < r}" and B \<equiv> "{y. dist (snd x) y < s}"
   77.23        have "open A" and "open B"
   77.24 @@ -349,7 +349,7 @@
   77.25          hence "dist a (fst x) < r" and "dist b (snd x) < s"
   77.26            unfolding A_def B_def by (simp_all add: dist_commute)
   77.27          hence "dist (a, b) x < e"
   77.28 -          unfolding dist_prod_def `e = sqrt (r\<twosuperior> + s\<twosuperior>)`
   77.29 +          unfolding dist_prod_def `e = sqrt (r\<^sup>2 + s\<^sup>2)`
   77.30            by (simp add: add_strict_mono power_strict_mono)
   77.31          thus "(a, b) \<in> S"
   77.32            by (simp add: S)
   77.33 @@ -406,12 +406,12 @@
   77.34  begin
   77.35  
   77.36  definition norm_prod_def:
   77.37 -  "norm x = sqrt ((norm (fst x))\<twosuperior> + (norm (snd x))\<twosuperior>)"
   77.38 +  "norm x = sqrt ((norm (fst x))\<^sup>2 + (norm (snd x))\<^sup>2)"
   77.39  
   77.40  definition sgn_prod_def:
   77.41    "sgn (x::'a \<times> 'b) = scaleR (inverse (norm x)) x"
   77.42  
   77.43 -lemma norm_Pair: "norm (a, b) = sqrt ((norm a)\<twosuperior> + (norm b)\<twosuperior>)"
   77.44 +lemma norm_Pair: "norm (a, b) = sqrt ((norm a)\<^sup>2 + (norm b)\<^sup>2)"
   77.45    unfolding norm_prod_def by simp
   77.46  
   77.47  instance proof
    78.1 --- a/src/HOL/Library/Sublist.thy	Tue Aug 13 14:20:22 2013 +0200
    78.2 +++ b/src/HOL/Library/Sublist.thy	Tue Aug 13 16:25:47 2013 +0200
    78.3 @@ -115,7 +115,7 @@
    78.4    by (auto simp add: prefixeq_def)
    78.5  
    78.6  lemma prefixeq_same_cases:
    78.7 -  "prefixeq (xs\<^isub>1::'a list) ys \<Longrightarrow> prefixeq xs\<^isub>2 ys \<Longrightarrow> prefixeq xs\<^isub>1 xs\<^isub>2 \<or> prefixeq xs\<^isub>2 xs\<^isub>1"
    78.8 +  "prefixeq (xs\<^sub>1::'a list) ys \<Longrightarrow> prefixeq xs\<^sub>2 ys \<Longrightarrow> prefixeq xs\<^sub>1 xs\<^sub>2 \<or> prefixeq xs\<^sub>2 xs\<^sub>1"
    78.9    unfolding prefixeq_def by (metis append_eq_append_conv2)
   78.10  
   78.11  lemma set_mono_prefixeq: "prefixeq xs ys \<Longrightarrow> set xs \<subseteq> set ys"
    79.1 --- a/src/HOL/List.thy	Tue Aug 13 14:20:22 2013 +0200
    79.2 +++ b/src/HOL/List.thy	Tue Aug 13 16:25:47 2013 +0200
    79.3 @@ -2095,13 +2095,13 @@
    79.4  done
    79.5  
    79.6  lemma append_eq_append_conv_if:
    79.7 - "(xs\<^isub>1 @ xs\<^isub>2 = ys\<^isub>1 @ ys\<^isub>2) =
    79.8 -  (if size xs\<^isub>1 \<le> size ys\<^isub>1
    79.9 -   then xs\<^isub>1 = take (size xs\<^isub>1) ys\<^isub>1 \<and> xs\<^isub>2 = drop (size xs\<^isub>1) ys\<^isub>1 @ ys\<^isub>2
   79.10 -   else take (size ys\<^isub>1) xs\<^isub>1 = ys\<^isub>1 \<and> drop (size ys\<^isub>1) xs\<^isub>1 @ xs\<^isub>2 = ys\<^isub>2)"
   79.11 -apply(induct xs\<^isub>1 arbitrary: ys\<^isub>1)
   79.12 + "(xs\<^sub>1 @ xs\<^sub>2 = ys\<^sub>1 @ ys\<^sub>2) =
   79.13 +  (if size xs\<^sub>1 \<le> size ys\<^sub>1
   79.14 +   then xs\<^sub>1 = take (size xs\<^sub>1) ys\<^sub>1 \<and> xs\<^sub>2 = drop (size xs\<^sub>1) ys\<^sub>1 @ ys\<^sub>2
   79.15 +   else take (size ys\<^sub>1) xs\<^sub>1 = ys\<^sub>1 \<and> drop (size ys\<^sub>1) xs\<^sub>1 @ xs\<^sub>2 = ys\<^sub>2)"
   79.16 +apply(induct xs\<^sub>1 arbitrary: ys\<^sub>1)
   79.17   apply simp
   79.18 -apply(case_tac ys\<^isub>1)
   79.19 +apply(case_tac ys\<^sub>1)
   79.20  apply simp_all
   79.21  done
   79.22  
    80.1 --- a/src/HOL/Map.thy	Tue Aug 13 14:20:22 2013 +0200
    80.2 +++ b/src/HOL/Map.thy	Tue Aug 13 16:25:47 2013 +0200
    80.3 @@ -48,7 +48,7 @@
    80.4  
    80.5  definition
    80.6    map_le :: "('a ~=> 'b) => ('a ~=> 'b) => bool"  (infix "\<subseteq>\<^sub>m" 50) where
    80.7 -  "(m\<^isub>1 \<subseteq>\<^sub>m m\<^isub>2) = (\<forall>a \<in> dom m\<^isub>1. m\<^isub>1 a = m\<^isub>2 a)"
    80.8 +  "(m\<^sub>1 \<subseteq>\<^sub>m m\<^sub>2) = (\<forall>a \<in> dom m\<^sub>1. m\<^sub>1 a = m\<^sub>2 a)"
    80.9  
   80.10  nonterminal maplets and maplet
   80.11  
    81.1 --- a/src/HOL/Metis_Examples/Big_O.thy	Tue Aug 13 14:20:22 2013 +0200
    81.2 +++ b/src/HOL/Metis_Examples/Big_O.thy	Tue Aug 13 16:25:47 2013 +0200
    81.3 @@ -42,20 +42,20 @@
    81.4  proof -
    81.5    fix c :: 'a and x :: 'b
    81.6    assume A1: "\<forall>x. \<bar>h x\<bar> \<le> c * \<bar>f x\<bar>"
    81.7 -  have F1: "\<forall>x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 0 \<le> \<bar>x\<^isub>1\<bar>" by (metis abs_ge_zero)
    81.8 -  have F2: "\<forall>x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 1 * x\<^isub>1 = x\<^isub>1" by (metis mult_1)
    81.9 -  have F3: "\<forall>x\<^isub>1 x\<^isub>3. x\<^isub>3 \<le> \<bar>h x\<^isub>1\<bar> \<longrightarrow> x\<^isub>3 \<le> c * \<bar>f x\<^isub>1\<bar>" by (metis A1 order_trans)
   81.10 -  have F4: "\<forall>x\<^isub>2 x\<^isub>3\<Colon>'a\<Colon>linordered_idom. \<bar>x\<^isub>3\<bar> * \<bar>x\<^isub>2\<bar> = \<bar>x\<^isub>3 * x\<^isub>2\<bar>"
   81.11 +  have F1: "\<forall>x\<^sub>1\<Colon>'a\<Colon>linordered_idom. 0 \<le> \<bar>x\<^sub>1\<bar>" by (metis abs_ge_zero)
   81.12 +  have F2: "\<forall>x\<^sub>1\<Colon>'a\<Colon>linordered_idom. 1 * x\<^sub>1 = x\<^sub>1" by (metis mult_1)
   81.13 +  have F3: "\<forall>x\<^sub>1 x\<^sub>3. x\<^sub>3 \<le> \<bar>h x\<^sub>1\<bar> \<longrightarrow> x\<^sub>3 \<le> c * \<bar>f x\<^sub>1\<bar>" by (metis A1 order_trans)
   81.14 +  have F4: "\<forall>x\<^sub>2 x\<^sub>3\<Colon>'a\<Colon>linordered_idom. \<bar>x\<^sub>3\<bar> * \<bar>x\<^sub>2\<bar> = \<bar>x\<^sub>3 * x\<^sub>2\<bar>"
   81.15      by (metis abs_mult)
   81.16 -  have F5: "\<forall>x\<^isub>3 x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 0 \<le> x\<^isub>1 \<longrightarrow> \<bar>x\<^isub>3 * x\<^isub>1\<bar> = \<bar>x\<^isub>3\<bar> * x\<^isub>1"
   81.17 +  have F5: "\<forall>x\<^sub>3 x\<^sub>1\<Colon>'a\<Colon>linordered_idom. 0 \<le> x\<^sub>1 \<longrightarrow> \<bar>x\<^sub>3 * x\<^sub>1\<bar> = \<bar>x\<^sub>3\<bar> * x\<^sub>1"
   81.18      by (metis abs_mult_pos)
   81.19 -  hence "\<forall>x\<^isub>1\<ge>0. \<bar>x\<^isub>1\<Colon>'a\<Colon>linordered_idom\<bar> = \<bar>1\<bar> * x\<^isub>1" by (metis F2)
   81.20 -  hence "\<forall>x\<^isub>1\<ge>0. \<bar>x\<^isub>1\<Colon>'a\<Colon>linordered_idom\<bar> = x\<^isub>1" by (metis F2 abs_one)
   81.21 -  hence "\<forall>x\<^isub>3. 0 \<le> \<bar>h x\<^isub>3\<bar> \<longrightarrow> \<bar>c * \<bar>f x\<^isub>3\<bar>\<bar> = c * \<bar>f x\<^isub>3\<bar>" by (metis F3)
   81.22 -  hence "\<forall>x\<^isub>3. \<bar>c * \<bar>f x\<^isub>3\<bar>\<bar> = c * \<bar>f x\<^isub>3\<bar>" by (metis F1)
   81.23 -  hence "\<forall>x\<^isub>3. (0\<Colon>'a) \<le> \<bar>f x\<^isub>3\<bar> \<longrightarrow> c * \<bar>f x\<^isub>3\<bar> = \<bar>c\<bar> * \<bar>f x\<^isub>3\<bar>" by (metis F5)
   81.24 -  hence "\<forall>x\<^isub>3. (0\<Colon>'a) \<le> \<bar>f x\<^isub>3\<bar> \<longrightarrow> c * \<bar>f x\<^isub>3\<bar> = \<bar>c * f x\<^isub>3\<bar>" by (metis F4)
   81.25 -  hence "\<forall>x\<^isub>3. c * \<bar>f x\<^isub>3\<bar> = \<bar>c * f x\<^isub>3\<bar>" by (metis F1)
   81.26 +  hence "\<forall>x\<^sub>1\<ge>0. \<bar>x\<^sub>1\<Colon>'a\<Colon>linordered_idom\<bar> = \<bar>1\<bar> * x\<^sub>1" by (metis F2)
   81.27 +  hence "\<forall>x\<^sub>1\<ge>0. \<bar>x\<^sub>1\<Colon>'a\<Colon>linordered_idom\<bar> = x\<^sub>1" by (metis F2 abs_one)
   81.28 +  hence "\<forall>x\<^sub>3. 0 \<le> \<bar>h x\<^sub>3\<bar> \<longrightarrow> \<bar>c * \<bar>f x\<^sub>3\<bar>\<bar> = c * \<bar>f x\<^sub>3\<bar>" by (metis F3)
   81.29 +  hence "\<forall>x\<^sub>3. \<bar>c * \<bar>f x\<^sub>3\<bar>\<bar> = c * \<bar>f x\<^sub>3\<bar>" by (metis F1)
   81.30 +  hence "\<forall>x\<^sub>3. (0\<Colon>'a) \<le> \<bar>f x\<^sub>3\<bar> \<longrightarrow> c * \<bar>f x\<^sub>3\<bar> = \<bar>c\<bar> * \<bar>f x\<^sub>3\<bar>" by (metis F5)
   81.31 +  hence "\<forall>x\<^sub>3. (0\<Colon>'a) \<le> \<bar>f x\<^sub>3\<bar> \<longrightarrow> c * \<bar>f x\<^sub>3\<bar> = \<bar>c * f x\<^sub>3\<bar>" by (metis F4)
   81.32 +  hence "\<forall>x\<^sub>3. c * \<bar>f x\<^sub>3\<bar> = \<bar>c * f x\<^sub>3\<bar>" by (metis F1)
   81.33    hence "\<bar>h x\<bar> \<le> \<bar>c * f x\<bar>" by (metis A1)
   81.34    thus "\<bar>h x\<bar> \<le> \<bar>c\<bar> * \<bar>f x\<bar>" by (metis F4)
   81.35  qed
   81.36 @@ -73,12 +73,12 @@
   81.37  proof -
   81.38    fix c :: 'a and x :: 'b
   81.39    assume A1: "\<forall>x. \<bar>h x\<bar> \<le> c * \<bar>f x\<bar>"
   81.40 -  have F1: "\<forall>x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 1 * x\<^isub>1 = x\<^isub>1" by (metis mult_1)
   81.41 -  have F2: "\<forall>x\<^isub>2 x\<^isub>3\<Colon>'a\<Colon>linordered_idom. \<bar>x\<^isub>3\<bar> * \<bar>x\<^isub>2\<bar> = \<bar>x\<^isub>3 * x\<^isub>2\<bar>"
   81.42 +  have F1: "\<forall>x\<^sub>1\<Colon>'a\<Colon>linordered_idom. 1 * x\<^sub>1 = x\<^sub>1" by (metis mult_1)
   81.43 +  have F2: "\<forall>x\<^sub>2 x\<^sub>3\<Colon>'a\<Colon>linordered_idom. \<bar>x\<^sub>3\<bar> * \<bar>x\<^sub>2\<bar> = \<bar>x\<^sub>3 * x\<^sub>2\<bar>"
   81.44      by (metis abs_mult)
   81.45 -  have "\<forall>x\<^isub>1\<ge>0. \<bar>x\<^isub>1\<Colon>'a\<Colon>linordered_idom\<bar> = x\<^isub>1" by (metis F1 abs_mult_pos abs_one)
   81.46 -  hence "\<forall>x\<^isub>3. \<bar>c * \<bar>f x\<^isub>3\<bar>\<bar> = c * \<bar>f x\<^isub>3\<bar>" by (metis A1 abs_ge_zero order_trans)
   81.47 -  hence "\<forall>x\<^isub>3. 0 \<le> \<bar>f x\<^isub>3\<bar> \<longrightarrow> c * \<bar>f x\<^isub>3\<bar> = \<bar>c * f x\<^isub>3\<bar>" by (metis F2 abs_mult_pos)
   81.48 +  have "\<forall>x\<^sub>1\<ge>0. \<bar>x\<^sub>1\<Colon>'a\<Colon>linordered_idom\<bar> = x\<^sub>1" by (metis F1 abs_mult_pos abs_one)
   81.49 +  hence "\<forall>x\<^sub>3. \<bar>c * \<bar>f x\<^sub>3\<bar>\<bar> = c * \<bar>f x\<^sub>3\<bar>" by (metis A1 abs_ge_zero order_trans)
   81.50 +  hence "\<forall>x\<^sub>3. 0 \<le> \<bar>f x\<^sub>3\<bar> \<longrightarrow> c * \<bar>f x\<^sub>3\<bar> = \<bar>c * f x\<^sub>3\<bar>" by (metis F2 abs_mult_pos)
   81.51    hence "\<bar>h x\<bar> \<le> \<bar>c * f x\<bar>" by (metis A1 abs_ge_zero)
   81.52    thus "\<bar>h x\<bar> \<le> \<bar>c\<bar> * \<bar>f x\<bar>" by (metis F2)
   81.53  qed
   81.54 @@ -96,10 +96,10 @@
   81.55  proof -
   81.56    fix c :: 'a and x :: 'b
   81.57    assume A1: "\<forall>x. \<bar>h x\<bar> \<le> c * \<bar>f x\<bar>"
   81.58 -  have F1: "\<forall>x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 1 * x\<^isub>1 = x\<^isub>1" by (metis mult_1)
   81.59 -  have F2: "\<forall>x\<^isub>3 x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 0 \<le> x\<^isub>1 \<longrightarrow> \<bar>x\<^isub>3 * x\<^isub>1\<bar> = \<bar>x\<^isub>3\<bar> * x\<^isub>1" by (metis abs_mult_pos)
   81.60 -  hence "\<forall>x\<^isub>1\<ge>0. \<bar>x\<^isub>1\<Colon>'a\<Colon>linordered_idom\<bar> = x\<^isub>1" by (metis F1 abs_one)
   81.61 -  hence "\<forall>x\<^isub>3. 0 \<le> \<bar>f x\<^isub>3\<bar> \<longrightarrow> c * \<bar>f x\<^isub>3\<bar> = \<bar>c\<bar> * \<bar>f x\<^isub>3\<bar>" by (metis F2 A1 abs_ge_zero order_trans)
   81.62 +  have F1: "\<forall>x\<^sub>1\<Colon>'a\<Colon>linordered_idom. 1 * x\<^sub>1 = x\<^sub>1" by (metis mult_1)
   81.63 +  have F2: "\<forall>x\<^sub>3 x\<^sub>1\<Colon>'a\<Colon>linordered_idom. 0 \<le> x\<^sub>1 \<longrightarrow> \<bar>x\<^sub>3 * x\<^sub>1\<bar> = \<bar>x\<^sub>3\<bar> * x\<^sub>1" by (metis abs_mult_pos)
   81.64 +  hence "\<forall>x\<^sub>1\<ge>0. \<bar>x\<^sub>1\<Colon>'a\<Colon>linordered_idom\<bar> = x\<^sub>1" by (metis F1 abs_one)
   81.65 +  hence "\<forall>x\<^sub>3. 0 \<le> \<bar>f x\<^sub>3\<bar> \<longrightarrow> c * \<bar>f x\<^sub>3\<bar> = \<bar>c\<bar> * \<bar>f x\<^sub>3\<bar>" by (metis F2 A1 abs_ge_zero order_trans)
   81.66    thus "\<bar>h x\<bar> \<le> \<bar>c\<bar> * \<bar>f x\<bar>" by (metis A1 abs_ge_zero)
   81.67  qed
   81.68  
   81.69 @@ -116,8 +116,8 @@
   81.70  proof -
   81.71    fix c :: 'a and x :: 'b
   81.72    assume A1: "\<forall>x. \<bar>h x\<bar> \<le> c * \<bar>f x\<bar>"
   81.73 -  have "\<forall>x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 1 * x\<^isub>1 = x\<^isub>1" by (metis mult_1)
   81.74 -  hence "\<forall>x\<^isub>3. \<bar>c * \<bar>f x\<^isub>3\<bar>\<bar> = c * \<bar>f x\<^isub>3\<bar>"
   81.75 +  have "\<forall>x\<^sub>1\<Colon>'a\<Colon>linordered_idom. 1 * x\<^sub>1 = x\<^sub>1" by (metis mult_1)
   81.76 +  hence "\<forall>x\<^sub>3. \<bar>c * \<bar>f x\<^sub>3\<bar>\<bar> = c * \<bar>f x\<^sub>3\<bar>"
   81.77      by (metis A1 abs_ge_zero order_trans abs_mult_pos abs_one)
   81.78    hence "\<bar>h x\<bar> \<le> \<bar>c * f x\<bar>" by (metis A1 abs_ge_zero abs_mult_pos abs_mult)
   81.79    thus "\<bar>h x\<bar> \<le> \<bar>c\<bar> * \<bar>f x\<bar>" by (metis abs_mult)
   81.80 @@ -459,11 +459,11 @@
   81.81    have "(0\<Colon>'a) < \<bar>c\<bar> \<longrightarrow> (0\<Colon>'a) < \<bar>inverse c\<bar>" using F1 by (metis positive_imp_inverse_positive)
   81.82    hence "(0\<Colon>'a) < \<bar>inverse c\<bar>" using F2 by metis
   81.83    hence F3: "(0\<Colon>'a) \<le> \<bar>inverse c\<bar>" by (metis order_le_less)
   81.84 -  have "\<exists>(u\<Colon>'a) SKF\<^isub>7\<Colon>'a \<Rightarrow> 'b. \<bar>g (SKF\<^isub>7 (\<bar>inverse c\<bar> * u))\<bar> \<le> u * \<bar>f (SKF\<^isub>7 (\<bar>inverse c\<bar> * u))\<bar>"
   81.85 +  have "\<exists>(u\<Colon>'a) SKF\<^sub>7\<Colon>'a \<Rightarrow> 'b. \<bar>g (SKF\<^sub>7 (\<bar>inverse c\<bar> * u))\<bar> \<le> u * \<bar>f (SKF\<^sub>7 (\<bar>inverse c\<bar> * u))\<bar>"
   81.86      using A2 by metis
   81.87 -  hence F4: "\<exists>(u\<Colon>'a) SKF\<^isub>7\<Colon>'a \<Rightarrow> 'b. \<bar>g (SKF\<^isub>7 (\<bar>inverse c\<bar> * u))\<bar> \<le> u * \<bar>f (SKF\<^isub>7 (\<bar>inverse c\<bar> * u))\<bar> \<and> (0\<Colon>'a) \<le> \<bar>inverse c\<bar>"
   81.88 +  hence F4: "\<exists>(u\<Colon>'a) SKF\<^sub>7\<Colon>'a \<Rightarrow> 'b. \<bar>g (SKF\<^sub>7 (\<bar>inverse c\<bar> * u))\<bar> \<le> u * \<bar>f (SKF\<^sub>7 (\<bar>inverse c\<bar> * u))\<bar> \<and> (0\<Colon>'a) \<le> \<bar>inverse c\<bar>"
   81.89      using F3 by metis
   81.90 -  hence "\<exists>(v\<Colon>'a) (u\<Colon>'a) SKF\<^isub>7\<Colon>'a \<Rightarrow> 'b. \<bar>inverse c\<bar> * \<bar>g (SKF\<^isub>7 (u * v))\<bar> \<le> u * (v * \<bar>f (SKF\<^isub>7 (u * v))\<bar>)"
   81.91 +  hence "\<exists>(v\<Colon>'a) (u\<Colon>'a) SKF\<^sub>7\<Colon>'a \<Rightarrow> 'b. \<bar>inverse c\<bar> * \<bar>g (SKF\<^sub>7 (u * v))\<bar> \<le> u * (v * \<bar>f (SKF\<^sub>7 (u * v))\<bar>)"
   81.92      by (metis comm_mult_left_mono)
   81.93    thus "\<exists>ca\<Colon>'a. \<forall>x\<Colon>'b. \<bar>inverse c\<bar> * \<bar>g x\<bar> \<le> ca * \<bar>f x\<bar>"
   81.94      using A2 F4 by (metis ab_semigroup_mult_class.mult_ac(1) comm_mult_left_mono)
    82.1 --- a/src/HOL/Metis_Examples/Binary_Tree.thy	Tue Aug 13 14:20:22 2013 +0200
    82.2 +++ b/src/HOL/Metis_Examples/Binary_Tree.thy	Tue Aug 13 16:25:47 2013 +0200
    82.3 @@ -59,9 +59,9 @@
    82.4  proof (induct t)
    82.5    case Lf thus ?case
    82.6    proof -
    82.7 -    let "?p\<^isub>1 x\<^isub>1" = "x\<^isub>1 \<noteq> n_leaves (reflect (Lf::'a bt))"
    82.8 -    have "\<not> ?p\<^isub>1 (Suc 0)" by (metis reflect.simps(1) n_leaves.simps(1))
    82.9 -    hence "\<not> ?p\<^isub>1 (n_leaves (Lf::'a bt))" by (metis n_leaves.simps(1))
   82.10 +    let "?p\<^sub>1 x\<^sub>1" = "x\<^sub>1 \<noteq> n_leaves (reflect (Lf::'a bt))"
   82.11 +    have "\<not> ?p\<^sub>1 (Suc 0)" by (metis reflect.simps(1) n_leaves.simps(1))
   82.12 +    hence "\<not> ?p\<^sub>1 (n_leaves (Lf::'a bt))" by (metis n_leaves.simps(1))
   82.13      thus "n_leaves (reflect (Lf::'a bt)) = n_leaves (Lf::'a bt)" by metis
   82.14    qed
   82.15  next
    83.1 --- a/src/HOL/Metis_Examples/Message.thy	Tue Aug 13 14:20:22 2013 +0200
    83.2 +++ b/src/HOL/Metis_Examples/Message.thy	Tue Aug 13 16:25:47 2013 +0200
    83.3 @@ -677,10 +677,10 @@
    83.4  
    83.5  lemma analz_synth [simp]: "analz (synth H) = analz H \<union> synth H"
    83.6  proof -
    83.7 -  have "\<forall>x\<^isub>2 x\<^isub>1. synth x\<^isub>1 \<union> analz (x\<^isub>1 \<union> x\<^isub>2) = analz (synth x\<^isub>1 \<union> x\<^isub>2)" by (metis Un_commute analz_synth_Un)
    83.8 -  hence "\<forall>x\<^isub>1. synth x\<^isub>1 \<union> analz x\<^isub>1 = analz (synth x\<^isub>1 \<union> {})" by (metis Un_empty_right)
    83.9 -  hence "\<forall>x\<^isub>1. synth x\<^isub>1 \<union> analz x\<^isub>1 = analz (synth x\<^isub>1)" by (metis Un_empty_right)
   83.10 -  hence "\<forall>x\<^isub>1. analz x\<^isub>1 \<union> synth x\<^isub>1 = analz (synth x\<^isub>1)" by (metis Un_commute)
   83.11 +  have "\<forall>x\<^sub>2 x\<^sub>1. synth x\<^sub>1 \<union> analz (x\<^sub>1 \<union> x\<^sub>2) = analz (synth x\<^sub>1 \<union> x\<^sub>2)" by (metis Un_commute analz_synth_Un)
   83.12 +  hence "\<forall>x\<^sub>1. synth x\<^sub>1 \<union> analz x\<^sub>1 = analz (synth x\<^sub>1 \<union> {})" by (metis Un_empty_right)
   83.13 +  hence "\<forall>x\<^sub>1. synth x\<^sub>1 \<union> analz x\<^sub>1 = analz (synth x\<^sub>1)" by (metis Un_empty_right)
   83.14 +  hence "\<forall>x\<^sub>1. analz x\<^sub>1 \<union> synth x\<^sub>1 = analz (synth x\<^sub>1)" by (metis Un_commute)
   83.15    thus "analz (synth H) = analz H \<union> synth H" by metis
   83.16  qed
   83.17  
   83.18 @@ -690,8 +690,8 @@
   83.19  lemma parts_insert_subset_Un: "X \<in> G ==> parts(insert X H) \<subseteq> parts G \<union> parts H"
   83.20  proof -
   83.21    assume "X \<in> G"
   83.22 -  hence "\<forall>x\<^isub>1. G \<subseteq> x\<^isub>1 \<longrightarrow> X \<in> x\<^isub>1 " by auto
   83.23 -  hence "\<forall>x\<^isub>1. X \<in> G \<union> x\<^isub>1" by (metis Un_upper1)
   83.24 +  hence "\<forall>x\<^sub>1. G \<subseteq> x\<^sub>1 \<longrightarrow> X \<in> x\<^sub>1 " by auto
   83.25 +  hence "\<forall>x\<^sub>1. X \<in> G \<union> x\<^sub>1" by (metis Un_upper1)
   83.26    hence "insert X H \<subseteq> G \<union> H" by (metis Un_upper2 insert_subset)
   83.27    hence "parts (insert X H) \<subseteq> parts (G \<union> H)" by (metis parts_mono)
   83.28    thus "parts (insert X H) \<subseteq> parts G \<union> parts H" by (metis parts_Un)
   83.29 @@ -702,22 +702,22 @@
   83.30        parts (insert X H) \<subseteq> synth (analz H) \<union> parts H"
   83.31  proof -
   83.32    assume A1: "X \<in> synth (analz H)"
   83.33 -  have F1: "\<forall>x\<^isub>1. analz x\<^isub>1 \<union> synth (analz x\<^isub>1) = analz (synth (analz x\<^isub>1))"
   83.34 +  have F1: "\<forall>x\<^sub>1. analz x\<^sub>1 \<union> synth (analz x\<^sub>1) = analz (synth (analz x\<^sub>1))"
   83.35      by (metis analz_idem analz_synth)
   83.36 -  have F2: "\<forall>x\<^isub>1. parts x\<^isub>1 \<union> synth (analz x\<^isub>1) = parts (synth (analz x\<^isub>1))"
   83.37 +  have F2: "\<forall>x\<^sub>1. parts x\<^sub>1 \<union> synth (analz x\<^sub>1) = parts (synth (analz x\<^sub>1))"
   83.38      by (metis parts_analz parts_synth)
   83.39    have F3: "X \<in> synth (analz H)" using A1 by metis
   83.40 -  have "\<forall>x\<^isub>2 x\<^isub>1\<Colon>msg set. x\<^isub>1 \<le> sup x\<^isub>1 x\<^isub>2" by (metis inf_sup_ord(3))
   83.41 -  hence F4: "\<forall>x\<^isub>1. analz x\<^isub>1 \<subseteq> analz (synth x\<^isub>1)" by (metis analz_synth)
   83.42 +  have "\<forall>x\<^sub>2 x\<^sub>1\<Colon>msg set. x\<^sub>1 \<le> sup x\<^sub>1 x\<^sub>2" by (metis inf_sup_ord(3))
   83.43 +  hence F4: "\<forall>x\<^sub>1. analz x\<^sub>1 \<subseteq> analz (synth x\<^sub>1)" by (metis analz_synth)
   83.44    have F5: "X \<in> synth (analz H)" using F3 by metis
   83.45 -  have "\<forall>x\<^isub>1. analz x\<^isub>1 \<subseteq> synth (analz x\<^isub>1)
   83.46 -         \<longrightarrow> analz (synth (analz x\<^isub>1)) = synth (analz x\<^isub>1)"
   83.47 +  have "\<forall>x\<^sub>1. analz x\<^sub>1 \<subseteq> synth (analz x\<^sub>1)
   83.48 +         \<longrightarrow> analz (synth (analz x\<^sub>1)) = synth (analz x\<^sub>1)"
   83.49      using F1 by (metis subset_Un_eq)
   83.50 -  hence F6: "\<forall>x\<^isub>1. analz (synth (analz x\<^isub>1)) = synth (analz x\<^isub>1)"
   83.51 +  hence F6: "\<forall>x\<^sub>1. analz (synth (analz x\<^sub>1)) = synth (analz x\<^sub>1)"
   83.52      by (metis synth_increasing)
   83.53 -  have "\<forall>x\<^isub>1. x\<^isub>1 \<subseteq> analz (synth x\<^isub>1)" using F4 by (metis analz_subset_iff)
   83.54 -  hence "\<forall>x\<^isub>1. x\<^isub>1 \<subseteq> analz (synth (analz x\<^isub>1))" by (metis analz_subset_iff)
   83.55 -  hence "\<forall>x\<^isub>1. x\<^isub>1 \<subseteq> synth (analz x\<^isub>1)" using F6 by metis
   83.56 +  have "\<forall>x\<^sub>1. x\<^sub>1 \<subseteq> analz (synth x\<^sub>1)" using F4 by (metis analz_subset_iff)
   83.57 +  hence "\<forall>x\<^sub>1. x\<^sub>1 \<subseteq> analz (synth (analz x\<^sub>1))" by (metis analz_subset_iff)
   83.58 +  hence "\<forall>x\<^sub>1. x\<^sub>1 \<subseteq> synth (analz x\<^sub>1)" using F6 by metis
   83.59    hence "H \<subseteq> synth (analz H)" by metis
   83.60    hence "H \<subseteq> synth (analz H) \<and> X \<in> synth (analz H)" using F5 by metis
   83.61    hence "insert X H \<subseteq> synth (analz H)" by (metis insert_subset)
    84.1 --- a/src/HOL/Metis_Examples/Sets.thy	Tue Aug 13 14:20:22 2013 +0200
    84.2 +++ b/src/HOL/Metis_Examples/Sets.thy	Tue Aug 13 16:25:47 2013 +0200
    84.3 @@ -27,9 +27,9 @@
    84.4  lemma (*equal_union: *)
    84.5     "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))"
    84.6  proof -
    84.7 -  have F1: "\<forall>(x\<^isub>2\<Colon>'b set) x\<^isub>1\<Colon>'b set. x\<^isub>1 \<subseteq> x\<^isub>1 \<union> x\<^isub>2" by (metis Un_commute Un_upper2)
    84.8 -  have F2a: "\<forall>(x\<^isub>2\<Colon>'b set) x\<^isub>1\<Colon>'b set. x\<^isub>1 \<subseteq> x\<^isub>2 \<longrightarrow> x\<^isub>2 = x\<^isub>2 \<union> x\<^isub>1" by (metis Un_commute subset_Un_eq)
    84.9 -  have F2: "\<forall>(x\<^isub>2\<Colon>'b set) x\<^isub>1\<Colon>'b set. x\<^isub>1 \<subseteq> x\<^isub>2 \<and> x\<^isub>2 \<subseteq> x\<^isub>1 \<longrightarrow> x\<^isub>1 = x\<^isub>2" by (metis F2a subset_Un_eq)
   84.10 +  have F1: "\<forall>(x\<^sub>2\<Colon>'b set) x\<^sub>1\<Colon>'b set. x\<^sub>1 \<subseteq> x\<^sub>1 \<union> x\<^sub>2" by (metis Un_commute Un_upper2)
   84.11 +  have F2a: "\<forall>(x\<^sub>2\<Colon>'b set) x\<^sub>1\<Colon>'b set. x\<^sub>1 \<subseteq> x\<^sub>2 \<longrightarrow> x\<^sub>2 = x\<^sub>2 \<union> x\<^sub>1" by (metis Un_commute subset_Un_eq)
   84.12 +  have F2: "\<forall>(x\<^sub>2\<Colon>'b set) x\<^sub>1\<Colon>'b set. x\<^sub>1 \<subseteq> x\<^sub>2 \<and> x\<^sub>2 \<subseteq> x\<^sub>1 \<longrightarrow> x\<^sub>1 = x\<^sub>2" by (metis F2a subset_Un_eq)
   84.13    { assume "\<not> Z \<subseteq> X"
   84.14      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   84.15    moreover
   84.16 @@ -44,12 +44,12 @@
   84.17        { assume "(Z \<subseteq> X \<and> Y \<subseteq> X) \<and> Y \<union> Z \<noteq> X"
   84.18          hence "Y \<union> Z \<subseteq> X \<and> X \<noteq> Y \<union> Z" by (metis Un_subset_iff)
   84.19          hence "Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> Y \<union> Z" by (metis F2)
   84.20 -        hence "\<exists>x\<^isub>1\<Colon>'a set. Y \<subseteq> x\<^isub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^isub>1 \<union> Z" by (metis F1)
   84.21 +        hence "\<exists>x\<^sub>1\<Colon>'a set. Y \<subseteq> x\<^sub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^sub>1 \<union> Z" by (metis F1)
   84.22          hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   84.23        ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AAA1) }
   84.24      ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AA1) }
   84.25    moreover
   84.26 -  { assume "\<exists>x\<^isub>1\<Colon>'a set. (Z \<subseteq> x\<^isub>1 \<and> Y \<subseteq> x\<^isub>1) \<and> \<not> X \<subseteq> x\<^isub>1"
   84.27 +  { assume "\<exists>x\<^sub>1\<Colon>'a set. (Z \<subseteq> x\<^sub>1 \<and> Y \<subseteq> x\<^sub>1) \<and> \<not> X \<subseteq> x\<^sub>1"
   84.28      { assume "\<not> Y \<subseteq> X"
   84.29        hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis F1) }
   84.30      moreover
   84.31 @@ -60,7 +60,7 @@
   84.32        { assume "(Z \<subseteq> X \<and> Y \<subseteq> X) \<and> Y \<union> Z \<noteq> X"
   84.33          hence "Y \<union> Z \<subseteq> X \<and> X \<noteq> Y \<union> Z" by (metis Un_subset_iff)
   84.34          hence "Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> Y \<union> Z" by (metis F2)
   84.35 -        hence "\<exists>x\<^isub>1\<Colon>'a set. Y \<subseteq> x\<^isub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^isub>1 \<union> Z" by (metis F1)
   84.36 +        hence "\<exists>x\<^sub>1\<Colon>'a set. Y \<subseteq> x\<^sub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^sub>1 \<union> Z" by (metis F1)
   84.37          hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   84.38        ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AAA1) }
   84.39      ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by blast }
   84.40 @@ -75,14 +75,14 @@
   84.41  lemma (*equal_union: *)
   84.42     "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))"
   84.43  proof -
   84.44 -  have F1: "\<forall>(x\<^isub>2\<Colon>'b set) x\<^isub>1\<Colon>'b set. x\<^isub>1 \<subseteq> x\<^isub>2 \<and> x\<^isub>2 \<subseteq> x\<^isub>1 \<longrightarrow> x\<^isub>1 = x\<^isub>2" by (metis Un_commute subset_Un_eq)
   84.45 -  { assume AA1: "\<exists>x\<^isub>1\<Colon>'a set. (Z \<subseteq> x\<^isub>1 \<and> Y \<subseteq> x\<^isub>1) \<and> \<not> X \<subseteq> x\<^isub>1"
   84.46 +  have F1: "\<forall>(x\<^sub>2\<Colon>'b set) x\<^sub>1\<Colon>'b set. x\<^sub>1 \<subseteq> x\<^sub>2 \<and> x\<^sub>2 \<subseteq> x\<^sub>1 \<longrightarrow> x\<^sub>1 = x\<^sub>2" by (metis Un_commute subset_Un_eq)
   84.47 +  { assume AA1: "\<exists>x\<^sub>1\<Colon>'a set. (Z \<subseteq> x\<^sub>1 \<and> Y \<subseteq> x\<^sub>1) \<and> \<not> X \<subseteq> x\<^sub>1"
   84.48      { assume AAA1: "Y \<subseteq> X \<and> Y \<union> Z \<noteq> X"
   84.49        { assume "\<not> Z \<subseteq> X"
   84.50          hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   84.51        moreover
   84.52        { assume "Y \<union> Z \<subseteq> X \<and> X \<noteq> Y \<union> Z"
   84.53 -        hence "\<exists>x\<^isub>1\<Colon>'a set. Y \<subseteq> x\<^isub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^isub>1 \<union> Z" by (metis F1 Un_commute Un_upper2)
   84.54 +        hence "\<exists>x\<^sub>1\<Colon>'a set. Y \<subseteq> x\<^sub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^sub>1 \<union> Z" by (metis F1 Un_commute Un_upper2)
   84.55          hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   84.56        ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AAA1 Un_subset_iff) }
   84.57      moreover
   84.58 @@ -101,7 +101,7 @@
   84.59        hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   84.60      moreover
   84.61      { assume "Y \<union> Z \<subseteq> X \<and> X \<noteq> Y \<union> Z"
   84.62 -      hence "\<exists>x\<^isub>1\<Colon>'a set. Y \<subseteq> x\<^isub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^isub>1 \<union> Z" by (metis F1 Un_commute Un_upper2)
   84.63 +      hence "\<exists>x\<^sub>1\<Colon>'a set. Y \<subseteq> x\<^sub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^sub>1 \<union> Z" by (metis F1 Un_commute Un_upper2)
   84.64        hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   84.65      ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AA1 Un_subset_iff) }
   84.66    ultimately show "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by metis
   84.67 @@ -112,12 +112,12 @@
   84.68  lemma (*equal_union: *)
   84.69     "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))"
   84.70  proof -
   84.71 -  have F1a: "\<forall>(x\<^isub>2\<Colon>'b set) x\<^isub>1\<Colon>'b set. x\<^isub>1 \<subseteq> x\<^isub>2 \<longrightarrow> x\<^isub>2 = x\<^isub>2 \<union> x\<^isub>1" by (metis Un_commute subset_Un_eq)
   84.72 -  have F1: "\<forall>(x\<^isub>2\<Colon>'b set) x\<^isub>1\<Colon>'b set. x\<^isub>1 \<subseteq> x\<^isub>2 \<and> x\<^isub>2 \<subseteq> x\<^isub>1 \<longrightarrow> x\<^isub>1 = x\<^isub>2" by (metis F1a subset_Un_eq)
   84.73 +  have F1a: "\<forall>(x\<^sub>2\<Colon>'b set) x\<^sub>1\<Colon>'b set. x\<^sub>1 \<subseteq> x\<^sub>2 \<longrightarrow> x\<^sub>2 = x\<^sub>2 \<union> x\<^sub>1" by (metis Un_commute subset_Un_eq)
   84.74 +  have F1: "\<forall>(x\<^sub>2\<Colon>'b set) x\<^sub>1\<Colon>'b set. x\<^sub>1 \<subseteq> x\<^sub>2 \<and> x\<^sub>2 \<subseteq> x\<^sub>1 \<longrightarrow> x\<^sub>1 = x\<^sub>2" by (metis F1a subset_Un_eq)
   84.75    { assume "(Z \<subseteq> X \<and> Y \<subseteq> X) \<and> Y \<union> Z \<noteq> X"
   84.76      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis F1 Un_commute Un_subset_iff Un_upper2) }
   84.77    moreover
   84.78 -  { assume AA1: "\<exists>x\<^isub>1\<Colon>'a set. (Z \<subseteq> x\<^isub>1 \<and> Y \<subseteq> x\<^isub>1) \<and> \<not> X \<subseteq> x\<^isub>1"
   84.79 +  { assume AA1: "\<exists>x\<^sub>1\<Colon>'a set. (Z \<subseteq> x\<^sub>1 \<and> Y \<subseteq> x\<^sub>1) \<and> \<not> X \<subseteq> x\<^sub>1"
   84.80      { assume "(Z \<subseteq> X \<and> Y \<subseteq> X) \<and> Y \<union> Z \<noteq> X"
   84.81        hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis F1 Un_commute Un_subset_iff Un_upper2) }
   84.82      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AA1 Un_commute Un_subset_iff Un_upper2) }
   84.83 @@ -129,12 +129,12 @@
   84.84  lemma (*equal_union: *)
   84.85     "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))"
   84.86  proof -
   84.87 -  have F1: "\<forall>(x\<^isub>2\<Colon>'b set) x\<^isub>1\<Colon>'b set. x\<^isub>1 \<subseteq> x\<^isub>2 \<and> x\<^isub>2 \<subseteq> x\<^isub>1 \<longrightarrow> x\<^isub>1 = x\<^isub>2" by (metis Un_commute subset_Un_eq)
   84.88 +  have F1: "\<forall>(x\<^sub>2\<Colon>'b set) x\<^sub>1\<Colon>'b set. x\<^sub>1 \<subseteq> x\<^sub>2 \<and> x\<^sub>2 \<subseteq> x\<^sub>1 \<longrightarrow> x\<^sub>1 = x\<^sub>2" by (metis Un_commute subset_Un_eq)
   84.89    { assume "\<not> Y \<subseteq> X"
   84.90      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_commute Un_upper2) }
   84.91    moreover
   84.92    { assume AA1: "Y \<subseteq> X \<and> Y \<union> Z \<noteq> X"
   84.93 -    { assume "\<exists>x\<^isub>1\<Colon>'a set. Y \<subseteq> x\<^isub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^isub>1 \<union> Z"
   84.94 +    { assume "\<exists>x\<^sub>1\<Colon>'a set. Y \<subseteq> x\<^sub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^sub>1 \<union> Z"
   84.95        hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   84.96      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AA1 F1 Un_commute Un_subset_iff Un_upper2) }
   84.97    ultimately show "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a set. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_subset_iff Un_upper2)
   84.98 @@ -170,10 +170,10 @@
   84.99       "\<forall>x \<in> S. \<Union>S \<subseteq> x \<Longrightarrow> \<exists>z. S \<subseteq> {z}"
  84.100  proof -
  84.101    assume "\<forall>x \<in> S. \<Union>S \<subseteq> x"
  84.102 -  hence "\<forall>x\<^isub>1. x\<^isub>1 \<subseteq> \<Union>S \<and> x\<^isub>1 \<in> S \<longrightarrow> x\<^isub>1 = \<Union>S" by (metis set_eq_subset)
  84.103 -  hence "\<forall>x\<^isub>1. x\<^isub>1 \<in> S \<longrightarrow> x\<^isub>1 = \<Union>S" by (metis Union_upper)
  84.104 -  hence "\<forall>x\<^isub>1\<Colon>('a set) set. \<Union>S \<in> x\<^isub>1 \<longrightarrow> S \<subseteq> x\<^isub>1" by (metis subsetI)
  84.105 -  hence "\<forall>x\<^isub>1\<Colon>('a set) set. S \<subseteq> insert (\<Union>S) x\<^isub>1" by (metis insert_iff)
  84.106 +  hence "\<forall>x\<^sub>1. x\<^sub>1 \<subseteq> \<Union>S \<and> x\<^sub>1 \<in> S \<longrightarrow> x\<^sub>1 = \<Union>S" by (metis set_eq_subset)
  84.107 +  hence "\<forall>x\<^sub>1. x\<^sub>1 \<in> S \<longrightarrow> x\<^sub>1 = \<Union>S" by (metis Union_upper)
  84.108 +  hence "\<forall>x\<^sub>1\<Colon>('a set) set. \<Union>S \<in> x\<^sub>1 \<longrightarrow> S \<subseteq> x\<^sub>1" by (metis subsetI)
  84.109 +  hence "\<forall>x\<^sub>1\<Colon>('a set) set. S \<subseteq> insert (\<Union>S) x\<^sub>1" by (metis insert_iff)
  84.110    thus "\<exists>z. S \<subseteq> {z}" by metis
  84.111  qed
  84.112  
    85.1 --- a/src/HOL/Metis_Examples/Trans_Closure.thy	Tue Aug 13 14:20:22 2013 +0200
    85.2 +++ b/src/HOL/Metis_Examples/Trans_Closure.thy	Tue Aug 13 16:25:47 2013 +0200
    85.3 @@ -51,7 +51,7 @@
    85.4    assume A3: "(a, b) \<in> R\<^sup>*"
    85.5    assume A4: "(b, c) \<in> R\<^sup>*"
    85.6    have "b \<noteq> c" using A1 A2 by metis
    85.7 -  hence "\<exists>x\<^isub>1. (b, x\<^isub>1) \<in> R" using A4 by (metis converse_rtranclE)
    85.8 +  hence "\<exists>x\<^sub>1. (b, x\<^sub>1) \<in> R" using A4 by (metis converse_rtranclE)
    85.9    thus "\<exists>c. (b, c) \<in> R \<and> (a, c) \<in> R\<^sup>*" using A3 by (metis transitive_closure_trans(6))
   85.10  qed
   85.11  
    86.1 --- a/src/HOL/MicroJava/DFA/Product.thy	Tue Aug 13 14:20:22 2013 +0200
    86.2 +++ b/src/HOL/MicroJava/DFA/Product.thy	Tue Aug 13 16:25:47 2013 +0200
    86.3 @@ -47,7 +47,7 @@
    86.4  done 
    86.5  
    86.6  lemma acc_le_prodI [intro!]:
    86.7 -  "\<lbrakk> acc r\<^isub>A; acc r\<^isub>B \<rbrakk> \<Longrightarrow> acc(Product.le r\<^isub>A r\<^isub>B)"
    86.8 +  "\<lbrakk> acc r\<^sub>A; acc r\<^sub>B \<rbrakk> \<Longrightarrow> acc(Product.le r\<^sub>A r\<^sub>B)"
    86.9  apply (unfold acc_def)
   86.10  apply (rule wf_subset)
   86.11   apply (erule wf_lex_prod)
    87.1 --- a/src/HOL/Multivariate_Analysis/Convex_Euclidean_Space.thy	Tue Aug 13 14:20:22 2013 +0200
    87.2 +++ b/src/HOL/Multivariate_Analysis/Convex_Euclidean_Space.thy	Tue Aug 13 16:25:47 2013 +0200
    87.3 @@ -3352,7 +3352,7 @@
    87.4  next
    87.5    case False obtain y where "y\<in>s" and y:"\<forall>x\<in>s. dist z y \<le> dist z x"
    87.6      using distance_attains_inf[OF assms(2) False] by auto
    87.7 -  show ?thesis apply(rule_tac x="y - z" in exI, rule_tac x="inner (y - z) z + (norm(y - z))\<twosuperior> / 2" in exI)
    87.8 +  show ?thesis apply(rule_tac x="y - z" in exI, rule_tac x="inner (y - z) z + (norm(y - z))\<^sup>2 / 2" in exI)
    87.9      apply rule defer apply rule proof-
   87.10      fix x assume "x\<in>s"
   87.11      have "\<not> 0 < inner (z - y) (x - y)" apply(rule_tac notI) proof(drule closer_point_lemma)
   87.12 @@ -3363,7 +3363,7 @@
   87.13          using `x\<in>s` `y\<in>s` by (auto simp add: dist_commute algebra_simps) qed
   87.14      moreover have "0 < norm (y - z) ^ 2" using `y\<in>s` `z\<notin>s` by auto
   87.15      hence "0 < inner (y - z) (y - z)" unfolding power2_norm_eq_inner by simp
   87.16 -    ultimately show "inner (y - z) z + (norm (y - z))\<twosuperior> / 2 < inner (y - z) x"
   87.17 +    ultimately show "inner (y - z) z + (norm (y - z))\<^sup>2 / 2 < inner (y - z) x"
   87.18        unfolding power2_norm_eq_inner and not_less by (auto simp add: field_simps inner_commute inner_diff)
   87.19    qed(insert `y\<in>s` `z\<notin>s`, auto)
   87.20  qed
    88.1 --- a/src/HOL/Multivariate_Analysis/Integration.thy	Tue Aug 13 14:20:22 2013 +0200
    88.2 +++ b/src/HOL/Multivariate_Analysis/Integration.thy	Tue Aug 13 16:25:47 2013 +0200
    88.3 @@ -879,7 +879,7 @@
    88.4    obtains p where "p division_of {a..b}" "{c..d} \<in> p"
    88.5  proof
    88.6    let ?B = "\<lambda>f::'a\<Rightarrow>'a \<times> 'a. {(\<Sum>i\<in>Basis. (fst (f i) \<bullet> i) *\<^sub>R i) .. (\<Sum>i\<in>Basis. (snd (f i) \<bullet> i) *\<^sub>R i)}"
    88.7 -  def p \<equiv> "?B ` (Basis \<rightarrow>\<^isub>E {(a, c), (c, d), (d, b)})"
    88.8 +  def p \<equiv> "?B ` (Basis \<rightarrow>\<^sub>E {(a, c), (c, d), (d, b)})"
    88.9  
   88.10    show "{c .. d} \<in> p"
   88.11      unfolding p_def
   88.12 @@ -900,7 +900,7 @@
   88.13      {
   88.14        fix k
   88.15        assume "k \<in> p"
   88.16 -      then obtain f where f: "f \<in> Basis \<rightarrow>\<^isub>E {(a, c), (c, d), (d, b)}" and k: "k = ?B f"
   88.17 +      then obtain f where f: "f \<in> Basis \<rightarrow>\<^sub>E {(a, c), (c, d), (d, b)}" and k: "k = ?B f"
   88.18          by (auto simp: p_def)
   88.19        then show "\<exists>a b. k = {a..b}" by auto
   88.20        have "k \<subseteq> {a..b} \<and> k \<noteq> {}"
   88.21 @@ -917,7 +917,7 @@
   88.22        then show "k \<noteq> {}" "k \<subseteq> {a .. b}" by auto
   88.23        {
   88.24          fix l assume "l \<in> p"
   88.25 -        then obtain g where g: "g \<in> Basis \<rightarrow>\<^isub>E {(a, c), (c, d), (d, b)}" and l: "l = ?B g"
   88.26 +        then obtain g where g: "g \<in> Basis \<rightarrow>\<^sub>E {(a, c), (c, d), (d, b)}" and l: "l = ?B g"
   88.27            by (auto simp: p_def)
   88.28          assume "l \<noteq> k"
   88.29          have "\<exists>i\<in>Basis. f i \<noteq> g i"
   88.30 @@ -952,7 +952,7 @@
   88.31            by auto
   88.32        qed
   88.33        then guess f unfolding bchoice_iff .. note f = this
   88.34 -      moreover then have "restrict f Basis \<in> Basis \<rightarrow>\<^isub>E {(a, c), (c, d), (d, b)}"
   88.35 +      moreover then have "restrict f Basis \<in> Basis \<rightarrow>\<^sub>E {(a, c), (c, d), (d, b)}"
   88.36          by auto
   88.37        moreover from f have "x \<in> ?B (restrict f Basis)"
   88.38          by (auto simp: mem_interval eucl_le[where 'a='a])
    89.1 --- a/src/HOL/Multivariate_Analysis/L2_Norm.thy	Tue Aug 13 14:20:22 2013 +0200
    89.2 +++ b/src/HOL/Multivariate_Analysis/L2_Norm.thy	Tue Aug 13 16:25:47 2013 +0200
    89.3 @@ -9,7 +9,7 @@
    89.4  begin
    89.5  
    89.6  definition
    89.7 -  "setL2 f A = sqrt (\<Sum>i\<in>A. (f i)\<twosuperior>)"
    89.8 +  "setL2 f A = sqrt (\<Sum>i\<in>A. (f i)\<^sup>2)"
    89.9  
   89.10  lemma setL2_cong:
   89.11    "\<lbrakk>A = B; \<And>x. x \<in> B \<Longrightarrow> f x = g x\<rbrakk> \<Longrightarrow> setL2 f A = setL2 g B"
   89.12 @@ -27,7 +27,7 @@
   89.13  
   89.14  lemma setL2_insert [simp]:
   89.15    "\<lbrakk>finite F; a \<notin> F\<rbrakk> \<Longrightarrow>
   89.16 -    setL2 f (insert a F) = sqrt ((f a)\<twosuperior> + (setL2 f F)\<twosuperior>)"
   89.17 +    setL2 f (insert a F) = sqrt ((f a)\<^sup>2 + (setL2 f F)\<^sup>2)"
   89.18    unfolding setL2_def by (simp add: setsum_nonneg)
   89.19  
   89.20  lemma setL2_nonneg [simp]: "0 \<le> setL2 f A"
   89.21 @@ -94,12 +94,12 @@
   89.22      show ?case by simp
   89.23    next
   89.24      case (insert x F)
   89.25 -    hence "sqrt ((f x + g x)\<twosuperior> + (setL2 (\<lambda>i. f i + g i) F)\<twosuperior>) \<le>
   89.26 -           sqrt ((f x + g x)\<twosuperior> + (setL2 f F + setL2 g F)\<twosuperior>)"
   89.27 +    hence "sqrt ((f x + g x)\<^sup>2 + (setL2 (\<lambda>i. f i + g i) F)\<^sup>2) \<le>
   89.28 +           sqrt ((f x + g x)\<^sup>2 + (setL2 f F + setL2 g F)\<^sup>2)"
   89.29        by (intro real_sqrt_le_mono add_left_mono power_mono insert
   89.30                  setL2_nonneg add_increasing zero_le_power2)
   89.31      also have
   89.32 -      "\<dots> \<le> sqrt ((f x)\<twosuperior> + (setL2 f F)\<twosuperior>) + sqrt ((g x)\<twosuperior> + (setL2 g F)\<twosuperior>)"
   89.33 +      "\<dots> \<le> sqrt ((f x)\<^sup>2 + (setL2 f F)\<^sup>2) + sqrt ((g x)\<^sup>2 + (setL2 g F)\<^sup>2)"
   89.34        by (rule real_sqrt_sum_squares_triangle_ineq)
   89.35      finally show ?case
   89.36        using insert by simp
   89.37 @@ -107,7 +107,7 @@
   89.38  qed
   89.39  
   89.40  lemma sqrt_sum_squares_le_sum:
   89.41 -  "\<lbrakk>0 \<le> x; 0 \<le> y\<rbrakk> \<Longrightarrow> sqrt (x\<twosuperior> + y\<twosuperior>) \<le> x + y"
   89.42 +  "\<lbrakk>0 \<le> x; 0 \<le> y\<rbrakk> \<Longrightarrow> sqrt (x\<^sup>2 + y\<^sup>2) \<le> x + y"
   89.43    apply (rule power2_le_imp_le)
   89.44    apply (simp add: power2_sum mult_nonneg_nonneg)
   89.45    apply simp
   89.46 @@ -125,7 +125,7 @@
   89.47    apply simp
   89.48    done
   89.49  
   89.50 -lemma sqrt_sum_squares_le_sum_abs: "sqrt (x\<twosuperior> + y\<twosuperior>) \<le> \<bar>x\<bar> + \<bar>y\<bar>"
   89.51 +lemma sqrt_sum_squares_le_sum_abs: "sqrt (x\<^sup>2 + y\<^sup>2) \<le> \<bar>x\<bar> + \<bar>y\<bar>"
   89.52    apply (rule power2_le_imp_le)
   89.53    apply (simp add: power2_sum mult_nonneg_nonneg)
   89.54    apply simp
   89.55 @@ -143,14 +143,14 @@
   89.56  
   89.57  lemma setL2_mult_ineq_lemma:
   89.58    fixes a b c d :: real
   89.59 -  shows "2 * (a * c) * (b * d) \<le> a\<twosuperior> * d\<twosuperior> + b\<twosuperior> * c\<twosuperior>"
   89.60 +  shows "2 * (a * c) * (b * d) \<le> a\<^sup>2 * d\<^sup>2 + b\<^sup>2 * c\<^sup>2"
   89.61  proof -
   89.62 -  have "0 \<le> (a * d - b * c)\<twosuperior>" by simp
   89.63 -  also have "\<dots> = a\<twosuperior> * d\<twosuperior> + b\<twosuperior> * c\<twosuperior> - 2 * (a * d) * (b * c)"
   89.64 +  have "0 \<le> (a * d - b * c)\<^sup>2" by simp
   89.65 +  also have "\<dots> = a\<^sup>2 * d\<^sup>2 + b\<^sup>2 * c\<^sup>2 - 2 * (a * d) * (b * c)"
   89.66      by (simp only: power2_diff power_mult_distrib)
   89.67 -  also have "\<dots> = a\<twosuperior> * d\<twosuperior> + b\<twosuperior> * c\<twosuperior> - 2 * (a * c) * (b * d)"
   89.68 +  also have "\<dots> = a\<^sup>2 * d\<^sup>2 + b\<^sup>2 * c\<^sup>2 - 2 * (a * c) * (b * d)"
   89.69      by simp
   89.70 -  finally show "2 * (a * c) * (b * d) \<le> a\<twosuperior> * d\<twosuperior> + b\<twosuperior> * c\<twosuperior>"
   89.71 +  finally show "2 * (a * c) * (b * d) \<le> a\<^sup>2 * d\<^sup>2 + b\<^sup>2 * c\<^sup>2"
   89.72      by simp
   89.73  qed
   89.74  
    90.1 --- a/src/HOL/Multivariate_Analysis/Linear_Algebra.thy	Tue Aug 13 14:20:22 2013 +0200
    90.2 +++ b/src/HOL/Multivariate_Analysis/Linear_Algebra.thy	Tue Aug 13 16:25:47 2013 +0200
    90.3 @@ -94,11 +94,11 @@
    90.4  lemma real_abs_le_square_iff: "\<bar>x\<bar> \<le> \<bar>y\<bar> \<longleftrightarrow> (x::real)^2 \<le> y^2"
    90.5  proof
    90.6    assume "\<bar>x\<bar> \<le> \<bar>y\<bar>"
    90.7 -  then have "\<bar>x\<bar>\<twosuperior> \<le> \<bar>y\<bar>\<twosuperior>" by (rule power_mono, simp)
    90.8 -  then show "x\<twosuperior> \<le> y\<twosuperior>" by simp
    90.9 +  then have "\<bar>x\<bar>\<^sup>2 \<le> \<bar>y\<bar>\<^sup>2" by (rule power_mono, simp)
   90.10 +  then show "x\<^sup>2 \<le> y\<^sup>2" by simp
   90.11  next
   90.12 -  assume "x\<twosuperior> \<le> y\<twosuperior>"
   90.13 -  then have "sqrt (x\<twosuperior>) \<le> sqrt (y\<twosuperior>)" by (rule real_sqrt_le_mono)
   90.14 +  assume "x\<^sup>2 \<le> y\<^sup>2"
   90.15 +  then have "sqrt (x\<^sup>2) \<le> sqrt (y\<^sup>2)" by (rule real_sqrt_le_mono)
   90.16    then show "\<bar>x\<bar> \<le> \<bar>y\<bar>" by simp
   90.17  qed
   90.18  
   90.19 @@ -2601,7 +2601,7 @@
   90.20      unfolding real_of_nat_def
   90.21      apply(subst euclidean_inner)
   90.22      apply (subst power2_abs[symmetric])
   90.23 -    apply (rule order_trans[OF setsum_bounded[where K="\<bar>infnorm x\<bar>\<twosuperior>"]])
   90.24 +    apply (rule order_trans[OF setsum_bounded[where K="\<bar>infnorm x\<bar>\<^sup>2"]])
   90.25      apply (auto simp add: power2_eq_square[symmetric])
   90.26      apply (subst power2_abs[symmetric])
   90.27      apply (rule power_mono)
    91.1 --- a/src/HOL/Multivariate_Analysis/Topology_Euclidean_Space.thy	Tue Aug 13 14:20:22 2013 +0200
    91.2 +++ b/src/HOL/Multivariate_Analysis/Topology_Euclidean_Space.thy	Tue Aug 13 16:25:47 2013 +0200
    91.3 @@ -745,7 +745,7 @@
    91.4    show ?thesis
    91.5    proof (rule exI[of _ ?a], rule exI[of _ ?b], safe)
    91.6      fix y :: 'a assume *: "y \<in> box ?a ?b"
    91.7 -    have "dist x y = sqrt (\<Sum>i\<in>Basis. (dist (x \<bullet> i) (y \<bullet> i))\<twosuperior>)"
    91.8 +    have "dist x y = sqrt (\<Sum>i\<in>Basis. (dist (x \<bullet> i) (y \<bullet> i))\<^sup>2)"
    91.9        unfolding setL2_def[symmetric] by (rule euclidean_dist_l2)
   91.10      also have "\<dots> < sqrt (\<Sum>(i::'a)\<in>Basis. e^2 / real (DIM('a)))"
   91.11      proof (rule real_sqrt_less_mono, rule setsum_strict_mono)
   91.12 @@ -756,9 +756,9 @@
   91.13        ultimately have "\<bar>x\<bullet>i - y\<bullet>i\<bar> < 2 * e'" by auto
   91.14        then have "dist (x \<bullet> i) (y \<bullet> i) < e/sqrt (real (DIM('a)))"
   91.15          unfolding e'_def by (auto simp: dist_real_def)
   91.16 -      then have "(dist (x \<bullet> i) (y \<bullet> i))\<twosuperior> < (e/sqrt (real (DIM('a))))\<twosuperior>"
   91.17 +      then have "(dist (x \<bullet> i) (y \<bullet> i))\<^sup>2 < (e/sqrt (real (DIM('a))))\<^sup>2"
   91.18          by (rule power_strict_mono) auto
   91.19 -      then show "(dist (x \<bullet> i) (y \<bullet> i))\<twosuperior> < e\<twosuperior> / real DIM('a)"
   91.20 +      then show "(dist (x \<bullet> i) (y \<bullet> i))\<^sup>2 < e\<^sup>2 / real DIM('a)"
   91.21          by (simp add: power_divide)
   91.22      qed auto
   91.23      also have "\<dots> = e" using `0 < e` by (simp add: real_eq_of_nat)
   91.24 @@ -771,7 +771,7 @@
   91.25    assumes "open M" 
   91.26    defines "a' \<equiv> \<lambda>f :: 'a \<Rightarrow> real \<times> real. (\<Sum>(i::'a)\<in>Basis. fst (f i) *\<^sub>R i)"
   91.27    defines "b' \<equiv> \<lambda>f :: 'a \<Rightarrow> real \<times> real. (\<Sum>(i::'a)\<in>Basis. snd (f i) *\<^sub>R i)"
   91.28 -  defines "I \<equiv> {f\<in>Basis \<rightarrow>\<^isub>E \<rat> \<times> \<rat>. box (a' f) (b' f) \<subseteq> M}"
   91.29 +  defines "I \<equiv> {f\<in>Basis \<rightarrow>\<^sub>E \<rat> \<times> \<rat>. box (a' f) (b' f) \<subseteq> M}"
   91.30    shows "M = (\<Union>f\<in>I. box (a' f) (b' f))"
   91.31  proof -
   91.32    {
   91.33 @@ -4747,7 +4747,7 @@
   91.34  proof-
   91.35    obtain x y a b where "\<forall>z\<in>s. dist x z \<le> a" "\<forall>z\<in>t. dist y z \<le> b"
   91.36      using assms [unfolded bounded_def] by auto
   91.37 -  then have "\<forall>z\<in>s \<times> t. dist (x, y) z \<le> sqrt (a\<twosuperior> + b\<twosuperior>)"
   91.38 +  then have "\<forall>z\<in>s \<times> t. dist (x, y) z \<le> sqrt (a\<^sup>2 + b\<^sup>2)"
   91.39      by (auto simp add: dist_Pair_Pair real_sqrt_le_mono add_mono power_mono)
   91.40    thus ?thesis unfolding bounded_any_center [where a="(x, y)"] by auto
   91.41  qed
   91.42 @@ -5500,7 +5500,7 @@
   91.43    then have a: "\<And>f. (\<Sum>i\<in>Basis. fst (f i) *\<^sub>R i) = a f" by simp
   91.44    def b \<equiv> "\<lambda>f :: 'a \<Rightarrow> (real \<times> real). \<Sum>i\<in>Basis. snd (f i) *\<^sub>R i"
   91.45    then have b: "\<And>f. (\<Sum>i\<in>Basis. snd (f i) *\<^sub>R i) = b f" by simp
   91.46 -  def B \<equiv> "(\<lambda>f. box (a f) (b f)) ` (Basis \<rightarrow>\<^isub>E (\<rat> \<times> \<rat>))"
   91.47 +  def B \<equiv> "(\<lambda>f. box (a f) (b f)) ` (Basis \<rightarrow>\<^sub>E (\<rat> \<times> \<rat>))"
   91.48  
   91.49    have "Ball B open" by (simp add: B_def open_box)
   91.50    moreover have "(\<forall>A. open A \<longrightarrow> (\<exists>B'\<subseteq>B. \<Union>B' = A))"
    92.1 --- a/src/HOL/NSA/NSCA.thy	Tue Aug 13 14:20:22 2013 +0200
    92.2 +++ b/src/HOL/NSA/NSCA.thy	Tue Aug 13 16:25:47 2013 +0200
    92.3 @@ -256,12 +256,12 @@
    92.4  apply (erule (1) InfinitesimalD2)
    92.5  done
    92.6  
    92.7 -lemma real_sqrt_lessI: "\<lbrakk>0 < u; x < u\<twosuperior>\<rbrakk> \<Longrightarrow> sqrt x < u"
    92.8 +lemma real_sqrt_lessI: "\<lbrakk>0 < u; x < u\<^sup>2\<rbrakk> \<Longrightarrow> sqrt x < u"
    92.9  (* TODO: this belongs somewhere else *)
   92.10  by (frule real_sqrt_less_mono) simp
   92.11  
   92.12  lemma hypreal_sqrt_lessI:
   92.13 -  "\<And>x u. \<lbrakk>0 < u; x < u\<twosuperior>\<rbrakk> \<Longrightarrow> ( *f* sqrt) x < u"
   92.14 +  "\<And>x u. \<lbrakk>0 < u; x < u\<^sup>2\<rbrakk> \<Longrightarrow> ( *f* sqrt) x < u"
   92.15  by transfer (rule real_sqrt_lessI)
   92.16   
   92.17  lemma hypreal_sqrt_ge_zero: "\<And>x. 0 \<le> x \<Longrightarrow> 0 \<le> ( *f* sqrt) x"
   92.18 @@ -270,7 +270,7 @@
   92.19  lemma Infinitesimal_sqrt:
   92.20    "\<lbrakk>x \<in> Infinitesimal; 0 \<le> x\<rbrakk> \<Longrightarrow> ( *f* sqrt) x \<in> Infinitesimal"
   92.21  apply (rule InfinitesimalI2)
   92.22 -apply (drule_tac r="r\<twosuperior>" in InfinitesimalD2, simp)
   92.23 +apply (drule_tac r="r\<^sup>2" in InfinitesimalD2, simp)
   92.24  apply (simp add: hypreal_sqrt_ge_zero)
   92.25  apply (rule hypreal_sqrt_lessI, simp_all)
   92.26  done
    93.1 --- a/src/HOL/Nitpick_Examples/Manual_Nits.thy	Tue Aug 13 14:20:22 2013 +0200
    93.2 +++ b/src/HOL/Nitpick_Examples/Manual_Nits.thy	Tue Aug 13 16:25:47 2013 +0200
    93.3 @@ -250,25 +250,25 @@
    93.4  "loose (Lam t) k = loose t (Suc k)" |
    93.5  "loose (App t u) k = (loose t k \<or> loose u k)"
    93.6  
    93.7 -primrec subst\<^isub>1 where
    93.8 -"subst\<^isub>1 \<sigma> (Var j) = \<sigma> j" |
    93.9 -"subst\<^isub>1 \<sigma> (Lam t) =
   93.10 - Lam (subst\<^isub>1 (\<lambda>n. case n of 0 \<Rightarrow> Var 0 | Suc m \<Rightarrow> lift (\<sigma> m) 1) t)" |
   93.11 -"subst\<^isub>1 \<sigma> (App t u) = App (subst\<^isub>1 \<sigma> t) (subst\<^isub>1 \<sigma> u)"
   93.12 +primrec subst\<^sub>1 where
   93.13 +"subst\<^sub>1 \<sigma> (Var j) = \<sigma> j" |
   93.14 +"subst\<^sub>1 \<sigma> (Lam t) =
   93.15 + Lam (subst\<^sub>1 (\<lambda>n. case n of 0 \<Rightarrow> Var 0 | Suc m \<Rightarrow> lift (\<sigma> m) 1) t)" |
   93.16 +"subst\<^sub>1 \<sigma> (App t u) = App (subst\<^sub>1 \<sigma> t) (subst\<^sub>1 \<sigma> u)"
   93.17  
   93.18 -lemma "\<not> loose t 0 \<Longrightarrow> subst\<^isub>1 \<sigma> t = t"
   93.19 +lemma "\<not> loose t 0 \<Longrightarrow> subst\<^sub>1 \<sigma> t = t"
   93.20  nitpick [verbose, expect = genuine]
   93.21 -nitpick [eval = "subst\<^isub>1 \<sigma> t", expect = genuine]
   93.22 +nitpick [eval = "subst\<^sub>1 \<sigma> t", expect = genuine]
   93.23  (* nitpick [dont_box, expect = unknown] *)
   93.24  oops
   93.25  
   93.26 -primrec subst\<^isub>2 where
   93.27 -"subst\<^isub>2 \<sigma> (Var j) = \<sigma> j" |
   93.28 -"subst\<^isub>2 \<sigma> (Lam t) =
   93.29 - Lam (subst\<^isub>2 (\<lambda>n. case n of 0 \<Rightarrow> Var 0 | Suc m \<Rightarrow> lift (\<sigma> m) 0) t)" |
   93.30 -"subst\<^isub>2 \<sigma> (App t u) = App (subst\<^isub>2 \<sigma> t) (subst\<^isub>2 \<sigma> u)"
   93.31 +primrec subst\<^sub>2 where
   93.32 +"subst\<^sub>2 \<sigma> (Var j) = \<sigma> j" |
   93.33 +"subst\<^sub>2 \<sigma> (Lam t) =
   93.34 + Lam (subst\<^sub>2 (\<lambda>n. case n of 0 \<Rightarrow> Var 0 | Suc m \<Rightarrow> lift (\<sigma> m) 0) t)" |
   93.35 +"subst\<^sub>2 \<sigma> (App t u) = App (subst\<^sub>2 \<sigma> t) (subst\<^sub>2 \<sigma> u)"
   93.36  
   93.37 -lemma "\<not> loose t 0 \<Longrightarrow> subst\<^isub>2 \<sigma> t = t"
   93.38 +lemma "\<not> loose t 0 \<Longrightarrow> subst\<^sub>2 \<sigma> t = t"
   93.39  nitpick [card = 1\<emdash>5, expect = none]
   93.40  sorry
   93.41  
   93.42 @@ -354,73 +354,73 @@
   93.43  
   93.44  datatype alphabet = a | b
   93.45  
   93.46 -inductive_set S\<^isub>1 and A\<^isub>1 and B\<^isub>1 where
   93.47 -  "[] \<in> S\<^isub>1"
   93.48 -| "w \<in> A\<^isub>1 \<Longrightarrow> b # w \<in> S\<^isub>1"
   93.49 -| "w \<in> B\<^isub>1 \<Longrightarrow> a # w \<in> S\<^isub>1"
   93.50 -| "w \<in> S\<^isub>1 \<Longrightarrow> a # w \<in> A\<^isub>1"
   93.51 -| "w \<in> S\<^isub>1 \<Longrightarrow> b # w \<in> S\<^isub>1"
   93.52 -| "\<lbrakk>v \<in> B\<^isub>1; v \<in> B\<^isub>1\<rbrakk> \<Longrightarrow> a # v @ w \<in> B\<^isub>1"
   93.53 +inductive_set S\<^sub>1 and A\<^sub>1 and B\<^sub>1 where
   93.54 +  "[] \<in> S\<^sub>1"
   93.55 +| "w \<in> A\<^sub>1 \<Longrightarrow> b # w \<in> S\<^sub>1"
   93.56 +| "w \<in> B\<^sub>1 \<Longrightarrow> a # w \<in> S\<^sub>1"
   93.57 +| "w \<in> S\<^sub>1 \<Longrightarrow> a # w \<in> A\<^sub>1"
   93.58 +| "w \<in> S\<^sub>1 \<Longrightarrow> b # w \<in> S\<^sub>1"
   93.59 +| "\<lbrakk>v \<in> B\<^sub>1; v \<in> B\<^sub>1\<rbrakk> \<Longrightarrow> a # v @ w \<in> B\<^sub>1"
   93.60  
   93.61 -theorem S\<^isub>1_sound:
   93.62 -"w \<in> S\<^isub>1 \<longrightarrow> length [x \<leftarrow> w. x = a] = length [x \<leftarrow> w. x = b]"
   93.63 +theorem S\<^sub>1_sound:
   93.64 +"w \<in> S\<^sub>1 \<longrightarrow> length [x \<leftarrow> w. x = a] = length [x \<leftarrow> w. x = b]"
   93.65  nitpick [expect = genuine]
   93.66  oops
   93.67  
   93.68 -inductive_set S\<^isub>2 and A\<^isub>2 and B\<^isub>2 where
   93.69 -  "[] \<in> S\<^isub>2"
   93.70 -| "w \<in> A\<^isub>2 \<Longrightarrow> b # w \<in> S\<^isub>2"
   93.71 -| "w \<in> B\<^isub>2 \<Longrightarrow> a # w \<in> S\<^isub>2"
   93.72 -| "w \<in> S\<^isub>2 \<Longrightarrow> a # w \<in> A\<^isub>2"
   93.73 -| "w \<in> S\<^isub>2 \<Longrightarrow> b # w \<in> B\<^isub>2"
   93.74 -| "\<lbrakk>v \<in> B\<^isub>2; v \<in> B\<^isub>2\<rbrakk> \<Longrightarrow> a # v @ w \<in> B\<^isub>2"
   93.75 +inductive_set S\<^sub>2 and A\<^sub>2 and B\<^sub>2 where
   93.76 +  "[] \<in> S\<^sub>2"
   93.77 +| "w \<in> A\<^sub>2 \<Longrightarrow> b # w \<in> S\<^sub>2"
   93.78 +| "w \<in> B\<^sub>2 \<Longrightarrow> a # w \<in> S\<^sub>2"
   93.79 +| "w \<in> S\<^sub>2 \<Longrightarrow> a # w \<in> A\<^sub>2"
   93.80 +| "w \<in> S\<^sub>2 \<Longrightarrow> b # w \<in> B\<^sub>2"
   93.81 +| "\<lbrakk>v \<in> B\<^sub>2; v \<in> B\<^sub>2\<rbrakk> \<Longrightarrow> a # v @ w \<in> B\<^sub>2"
   93.82  
   93.83 -theorem S\<^isub>2_sound:
   93.84 -"w \<in> S\<^isub>2 \<longrightarrow> length [x \<leftarrow> w. x = a] = length [x \<leftarrow> w. x = b]"
   93.85 +theorem S\<^sub>2_sound:
   93.86 +"w \<in> S\<^sub>2 \<longrightarrow> length [x \<leftarrow> w. x = a] = length [x \<leftarrow> w. x = b]"
   93.87  nitpick [expect = genuine]
   93.88  oops
   93.89  
   93.90 -inductive_set S\<^isub>3 and A\<^isub>3 and B\<^isub>3 where
   93.91 -  "[] \<in> S\<^isub>3"
   93.92 -| "w \<in> A\<^isub>3 \<Longrightarrow> b # w \<in> S\<^isub>3"
   93.93 -| "w \<in> B\<^isub>3 \<Longrightarrow> a # w \<in> S\<^isub>3"
   93.94 -| "w \<in> S\<^isub>3 \<Longrightarrow> a # w \<in> A\<^isub>3"
   93.95 -| "w \<in> S\<^isub>3 \<Longrightarrow> b # w \<in> B\<^isub>3"
   93.96 -| "\<lbrakk>v \<in> B\<^isub>3; w \<in> B\<^isub>3\<rbrakk> \<Longrightarrow> a # v @ w \<in> B\<^isub>3"
   93.97 +inductive_set S\<^sub>3 and A\<^sub>3 and B\<^sub>3 where
   93.98 +  "[] \<in> S\<^sub>3"
   93.99 +| "w \<in> A\<^sub>3 \<Longrightarrow> b # w \<in> S\<^sub>3"
  93.100 +| "w \<in> B\<^sub>3 \<Longrightarrow> a # w \<in> S\<^sub>3"
  93.101 +| "w \<in> S\<^sub>3 \<Longrightarrow> a # w \<in> A\<^sub>3"
  93.102 +| "w \<in> S\<^sub>3 \<Longrightarrow> b # w \<in> B\<^sub>3"
  93.103 +| "\<lbrakk>v \<in> B\<^sub>3; w \<in> B\<^sub>3\<rbrakk> \<Longrightarrow> a # v @ w \<in> B\<^sub>3"
  93.104  
  93.105 -theorem S\<^isub>3_sound:
  93.106 -"w \<in> S\<^isub>3 \<longrightarrow> length [x \<leftarrow> w. x = a] = length [x \<leftarrow> w. x = b]"
  93.107 +theorem S\<^sub>3_sound:
  93.108 +"w \<in> S\<^sub>3 \<longrightarrow> length [x \<leftarrow> w. x = a] = length [x \<leftarrow> w. x = b]"
  93.109  nitpick [card = 1\<emdash>5, expect = none]
  93.110  sorry
  93.111  
  93.112 -theorem S\<^isub>3_complete:
  93.113 -"length [x \<leftarrow> w. x = a] = length [x \<leftarrow> w. x = b] \<longrightarrow> w \<in> S\<^isub>3"
  93.114 +theorem S\<^sub>3_complete:
  93.115 +"length [x \<leftarrow> w. x = a] = length [x \<leftarrow> w. x = b] \<longrightarrow> w \<in> S\<^sub>3"
  93.116  nitpick [expect = genuine]
  93.117  oops
  93.118  
  93.119 -inductive_set S\<^isub>4 and A\<^isub>4 and B\<^isub>4 where
  93.120 -  "[] \<in> S\<^isub>4"
  93.121 -| "w \<in> A\<^isub>4 \<Longrightarrow> b # w \<in> S\<^isub>4"
  93.122 -| "w \<in> B\<^isub>4 \<Longrightarrow> a # w \<in> S\<^isub>4"
  93.123 -| "w \<in> S\<^isub>4 \<Longrightarrow> a # w \<in> A\<^isub>4"
  93.124 -| "\<lbrakk>v \<in> A\<^isub>4; w \<in> A\<^isub>4\<rbrakk> \<Longrightarrow> b # v @ w \<in> A\<^isub>4"
  93.125 -| "w \<in> S\<^isub>4 \<Longrightarrow> b # w \<in> B\<^isub>4"
  93.126 -| "\<lbrakk>v \<in> B\<^isub>4; w \<in> B\<^isub>4\<rbrakk> \<Longrightarrow> a # v @ w \<in> B\<^isub>4"
  93.127 +inductive_set S\<^sub>4 and A\<^sub>4 and B\<^sub>4 where
  93.128 +  "[] \<in> S\<^sub>4"
  93.129 +| "w \<in> A\<^sub>4 \<Longrightarrow> b # w \<in> S\<^sub>4"
  93.130 +| "w \<in> B\<^sub>4 \<Longrightarrow> a # w \<in> S\<^sub>4"
  93.131 +| "w \<in> S\<^sub>4 \<Longrightarrow> a # w \<in> A\<^sub>4"
  93.132 +| "\<lbrakk>v \<in> A\<^sub>4; w \<in> A\<^sub>4\<rbrakk> \<Longrightarrow> b # v @ w \<in> A\<^sub>4"
  93.133 +| "w \<in> S\<^sub>4 \<Longrightarrow> b # w \<in> B\<^sub>4"
  93.134 +| "\<lbrakk>v \<in> B\<^sub>4; w \<in> B\<^sub>4\<rbrakk> \<Longrightarrow> a # v @ w \<in> B\<^sub>4"
  93.135  
  93.136 -theorem S\<^isub>4_sound:
  93.137 -"w \<in> S\<^isub>4 \<longrightarrow> length [x \<leftarrow> w. x = a] = length [x \<leftarrow> w. x = b]"
  93.138 +theorem S\<^sub>4_sound:
  93.139 +"w \<in> S\<^sub>4 \<longrightarrow> length [x \<leftarrow> w. x = a] = length [x \<leftarrow> w. x = b]"
  93.140  nitpick [card = 1\<emdash>5, expect = none]
  93.141  sorry
  93.142  
  93.143 -theorem S\<^isub>4_complete:
  93.144 -"length [x \<leftarrow> w. x = a] = length [x \<leftarrow> w. x = b] \<longrightarrow> w \<in> S\<^isub>4"
  93.145 +theorem S\<^sub>4_complete:
  93.146 +"length [x \<leftarrow> w. x = a] = length [x \<leftarrow> w. x = b] \<longrightarrow> w \<in> S\<^sub>4"
  93.147  nitpick [card = 1\<emdash>5, expect = none]
  93.148  sorry
  93.149  
  93.150 -theorem S\<^isub>4_A\<^isub>4_B\<^isub>4_sound_and_complete:
  93.151 -"w \<in> S\<^isub>4 \<longleftrightarrow> length [x \<leftarrow> w. x = a] = length [x \<leftarrow> w. x = b]"
  93.152 -"w \<in> A\<^isub>4 \<longleftrightarrow> length [x \<leftarrow> w. x = a] = length [x \<leftarrow> w. x = b] + 1"
  93.153 -"w \<in> B\<^isub>4 \<longleftrightarrow> length [x \<leftarrow> w. x = b] = length [x \<leftarrow> w. x = a] + 1"
  93.154 +theorem S\<^sub>4_A\<^sub>4_B\<^sub>4_sound_and_complete:
  93.155 +"w \<in> S\<^sub>4 \<longleftrightarrow> length [x \<leftarrow> w. x = a] = length [x \<leftarrow> w. x = b]"
  93.156 +"w \<in> A\<^sub>4 \<longleftrightarrow> length [x \<leftarrow> w. x = a] = length [x \<leftarrow> w. x = b] + 1"
  93.157 +"w \<in> B\<^sub>4 \<longleftrightarrow> length [x \<leftarrow> w. x = b] = length [x \<leftarrow> w. x = a] + 1"
  93.158  nitpick [card = 1\<emdash>5, expect = none]
  93.159  sorry
  93.160  
  93.161 @@ -442,11 +442,11 @@
  93.162  
  93.163  primrec left where
  93.164  "left \<Lambda> = \<Lambda>" |
  93.165 -"left (N _ _ t\<^isub>1 _) = t\<^isub>1"
  93.166 +"left (N _ _ t\<^sub>1 _) = t\<^sub>1"
  93.167  
  93.168  primrec right where
  93.169  "right \<Lambda> = \<Lambda>" |
  93.170 -"right (N _ _ _ t\<^isub>2) = t\<^isub>2"
  93.171 +"right (N _ _ _ t\<^sub>2) = t\<^sub>2"
  93.172  
  93.173  fun wf where
  93.174  "wf \<Lambda> = True" |
  93.175 @@ -484,31 +484,31 @@
  93.176  nitpick [card = 1\<emdash>5, expect = none]
  93.177  sorry
  93.178  
  93.179 -primrec insort\<^isub>1 where
  93.180 -"insort\<^isub>1 \<Lambda> x = N x 1 \<Lambda> \<Lambda>" |
  93.181 -"insort\<^isub>1 (N y k t u) x =
  93.182 - (* (split \<circ> skew) *) (N y k (if x < y then insort\<^isub>1 t x else t)
  93.183 -                             (if x > y then insort\<^isub>1 u x else u))"
  93.184 +primrec insort\<^sub>1 where
  93.185 +"insort\<^sub>1 \<Lambda> x = N x 1 \<Lambda> \<Lambda>" |
  93.186 +"insort\<^sub>1 (N y k t u) x =
  93.187 + (* (split \<circ> skew) *) (N y k (if x < y then insort\<^sub>1 t x else t)
  93.188 +                             (if x > y then insort\<^sub>1 u x else u))"
  93.189  
  93.190 -theorem wf_insort\<^isub>1: "wf t \<Longrightarrow> wf (insort\<^isub>1 t x)"
  93.191 +theorem wf_insort\<^sub>1: "wf t \<Longrightarrow> wf (insort\<^sub>1 t x)"
  93.192  nitpick [expect = genuine]
  93.193  oops
  93.194  
  93.195 -theorem wf_insort\<^isub>1_nat: "wf t \<Longrightarrow> wf (insort\<^isub>1 t (x\<Colon>nat))"
  93.196 -nitpick [eval = "insort\<^isub>1 t x", expect = genuine]
  93.197 +theorem wf_insort\<^sub>1_nat: "wf t \<Longrightarrow> wf (insort\<^sub>1 t (x\<Colon>nat))"
  93.198 +nitpick [eval = "insort\<^sub>1 t x", expect = genuine]
  93.199  oops
  93.200  
  93.201 -primrec insort\<^isub>2 where
  93.202 -"insort\<^isub>2 \<Lambda> x = N x 1 \<Lambda> \<Lambda>" |
  93.203 -"insort\<^isub>2 (N y k t u) x =
  93.204 - (split \<circ> skew) (N y k (if x < y then insort\<^isub>2 t x else t)
  93.205 -                       (if x > y then insort\<^isub>2 u x else u))"
  93.206 +primrec insort\<^sub>2 where
  93.207 +"insort\<^sub>2 \<Lambda> x = N x 1 \<Lambda> \<Lambda>" |
  93.208 +"insort\<^sub>2 (N y k t u) x =
  93.209 + (split \<circ> skew) (N y k (if x < y then insort\<^sub>2 t x else t)
  93.210 +                       (if x > y then insort\<^sub>2 u x else u))"
  93.211  
  93.212 -theorem wf_insort\<^isub>2: "wf t \<Longrightarrow> wf (insort\<^isub>2 t x)"
  93.213 +theorem wf_insort\<^sub>2: "wf t \<Longrightarrow> wf (insort\<^sub>2 t x)"
  93.214  nitpick [card = 1\<emdash>5, expect = none]
  93.215  sorry
  93.216  
  93.217 -theorem dataset_insort\<^isub>2: "dataset (insort\<^isub>2 t x) = {x} \<union> dataset t"
  93.218 +theorem dataset_insort\<^sub>2: "dataset (insort\<^sub>2 t x) = {x} \<union> dataset t"
  93.219  nitpick [card = 1\<emdash>5, expect = none]
  93.220  sorry
  93.221  
    94.1 --- a/src/HOL/Nitpick_Examples/Special_Nits.thy	Tue Aug 13 14:20:22 2013 +0200
    94.2 +++ b/src/HOL/Nitpick_Examples/Special_Nits.thy	Tue Aug 13 16:25:47 2013 +0200
    94.3 @@ -131,8 +131,8 @@
    94.4  sorry
    94.5  
    94.6  lemma "\<forall>a. g a = a
    94.7 -       \<Longrightarrow> \<exists>b\<^isub>1 b\<^isub>2 b\<^isub>3 b\<^isub>4 b\<^isub>5 b\<^isub>6 b\<^isub>7 b\<^isub>8 b\<^isub>9 b\<^isub>10 (b\<^isub>11\<Colon>nat).
    94.8 -           b\<^isub>1 < b\<^isub>11 \<and> f5 g x = f5 (\<lambda>a. if b\<^isub>1 < b\<^isub>11 then a else h b\<^isub>2) x"
    94.9 +       \<Longrightarrow> \<exists>b\<^sub>1 b\<^sub>2 b\<^sub>3 b\<^sub>4 b\<^sub>5 b\<^sub>6 b\<^sub>7 b\<^sub>8 b\<^sub>9 b\<^sub>10 (b\<^sub>11\<Colon>nat).
   94.10 +           b\<^sub>1 < b\<^sub>11 \<and> f5 g x = f5 (\<lambda>a. if b\<^sub>1 < b\<^sub>11 then a else h b\<^sub>2) x"
   94.11  nitpick [expect = potential]
   94.12  nitpick [dont_specialize, expect = none]
   94.13  nitpick [dont_box, expect = none]
   94.14 @@ -140,13 +140,13 @@
   94.15  sorry
   94.16  
   94.17  lemma "\<forall>a. g a = a
   94.18 -       \<Longrightarrow> \<exists>b\<^isub>1 b\<^isub>2 b\<^isub>3 b\<^isub>4 b\<^isub>5 b\<^isub>6 b\<^isub>7 b\<^isub>8 b\<^isub>9 b\<^isub>10 (b\<^isub>11\<Colon>nat).
   94.19 -           b\<^isub>1 < b\<^isub>11
   94.20 -           \<and> f5 g x = f5 (\<lambda>a. if b\<^isub>1 < b\<^isub>11 then
   94.21 +       \<Longrightarrow> \<exists>b\<^sub>1 b\<^sub>2 b\<^sub>3 b\<^sub>4 b\<^sub>5 b\<^sub>6 b\<^sub>7 b\<^sub>8 b\<^sub>9 b\<^sub>10 (b\<^sub>11\<Colon>nat).
   94.22 +           b\<^sub>1 < b\<^sub>11
   94.23 +           \<and> f5 g x = f5 (\<lambda>a. if b\<^sub>1 < b\<^sub>11 then
   94.24                                  a
   94.25                                else
   94.26 -                                h b\<^isub>2 + h b\<^isub>3 + h b\<^isub>4 + h b\<^isub>5 + h b\<^isub>6 + h b\<^isub>7 + h b\<^isub>8
   94.27 -                                + h b\<^isub>9 + h b\<^isub>10) x"
   94.28 +                                h b\<^sub>2 + h b\<^sub>3 + h b\<^sub>4 + h b\<^sub>5 + h b\<^sub>6 + h b\<^sub>7 + h b\<^sub>8
   94.29 +                                + h b\<^sub>9 + h b\<^sub>10) x"
   94.30  nitpick [card nat = 2, card 'a = 1, expect = none]
   94.31  nitpick [card nat = 2, card 'a = 1, dont_box, expect = none]
   94.32  nitpick [card nat = 2, card 'a = 1, dont_specialize, expect = none]
   94.33 @@ -154,13 +154,13 @@
   94.34  sorry
   94.35  
   94.36  lemma "\<forall>a. g a = a
   94.37 -       \<Longrightarrow> \<exists>b\<^isub>1 b\<^isub>2 b\<^isub>3 b\<^isub>4 b\<^isub>5 b\<^isub>6 b\<^isub>7 b\<^isub>8 b\<^isub>9 b\<^isub>10 (b\<^isub>11\<Colon>nat).
   94.38 -           b\<^isub>1 < b\<^isub>11
   94.39 -           \<and> f5 g x = f5 (\<lambda>a. if b\<^isub>1 \<ge> b\<^isub>11 then
   94.40 +       \<Longrightarrow> \<exists>b\<^sub>1 b\<^sub>2 b\<^sub>3 b\<^sub>4 b\<^sub>5 b\<^sub>6 b\<^sub>7 b\<^sub>8 b\<^sub>9 b\<^sub>10 (b\<^sub>11\<Colon>nat).
   94.41 +           b\<^sub>1 < b\<^sub>11
   94.42 +           \<and> f5 g x = f5 (\<lambda>a. if b\<^sub>1 \<ge> b\<^sub>11 then
   94.43                                  a
   94.44                                else
   94.45 -                                h b\<^isub>2 + h b\<^isub>3 + h b\<^isub>4 + h b\<^isub>5 + h b\<^isub>6 + h b\<^isub>7 + h b\<^isub>8
   94.46 -                                + h b\<^isub>9 + h b\<^isub>10) x"
   94.47 +                                h b\<^sub>2 + h b\<^sub>3 + h b\<^sub>4 + h b\<^sub>5 + h b\<^sub>6 + h b\<^sub>7 + h b\<^sub>8
   94.48 +                                + h b\<^sub>9 + h b\<^sub>10) x"
   94.49  nitpick [card nat = 2, card 'a = 1, expect = potential]
   94.50  nitpick [card nat = 2, card 'a = 1, dont_box, expect = potential]
   94.51  nitpick [card nat = 2, card 'a = 1, dont_specialize, expect = potential]
    95.1 --- a/src/HOL/Nominal/Examples/CK_Machine.thy	Tue Aug 13 14:20:22 2013 +0200
    95.2 +++ b/src/HOL/Nominal/Examples/CK_Machine.thy	Tue Aug 13 16:25:47 2013 +0200
    95.3 @@ -43,11 +43,11 @@
    95.4    subst :: "lam \<Rightarrow> name \<Rightarrow> lam \<Rightarrow> lam"  ("_[_::=_]" [100,100,100] 100)
    95.5  where
    95.6    "(VAR x)[y::=s] = (if x=y then s else (VAR x))"
    95.7 -| "(APP t\<^isub>1 t\<^isub>2)[y::=s] = APP (t\<^isub>1[y::=s]) (t\<^isub>2[y::=s])"
    95.8 +| "(APP t\<^sub>1 t\<^sub>2)[y::=s] = APP (t\<^sub>1[y::=s]) (t\<^sub>2[y::=s])"
    95.9  | "x\<sharp>(y,s) \<Longrightarrow> (LAM [x].t)[y::=s] = LAM [x].(t[y::=s])"
   95.10  | "(NUM n)[y::=s] = NUM n"
   95.11 -| "(t\<^isub>1 -- t\<^isub>2)[y::=s] = (t\<^isub>1[y::=s]) -- (t\<^isub>2[y::=s])"
   95.12 -| "(t\<^isub>1 ++ t\<^isub>2)[y::=s] = (t\<^isub>1[y::=s]) ++ (t\<^isub>2[y::=s])"
   95.13 +| "(t\<^sub>1 -- t\<^sub>2)[y::=s] = (t\<^sub>1[y::=s]) -- (t\<^sub>2[y::=s])"
   95.14 +| "(t\<^sub>1 ++ t\<^sub>2)[y::=s] = (t\<^sub>1[y::=s]) ++ (t\<^sub>2[y::=s])"
   95.15  | "x\<sharp>(y,s) \<Longrightarrow> (FIX [x].t)[y::=s] = FIX [x].(t[y::=s])"
   95.16  | "TRUE[y::=s] = TRUE"
   95.17  | "FALSE[y::=s] = FALSE"
   95.18 @@ -387,7 +387,7 @@
   95.19  abbreviation
   95.20    "sub_tctx" :: "tctx \<Rightarrow> tctx \<Rightarrow> bool" ("_ \<subseteq> _") 
   95.21  where
   95.22 -  "\<Gamma>\<^isub>1 \<subseteq> \<Gamma>\<^isub>2 \<equiv> \<forall>x. x \<in> set \<Gamma>\<^isub>1 \<longrightarrow> x \<in> set \<Gamma>\<^isub>2"
   95.23 +  "\<Gamma>\<^sub>1 \<subseteq> \<Gamma>\<^sub>2 \<equiv> \<forall>x. x \<in> set \<Gamma>\<^sub>1 \<longrightarrow> x \<in> set \<Gamma>\<^sub>2"
   95.24  
   95.25  text {* Valid Typing Contexts *}
   95.26  
   95.27 @@ -429,11 +429,11 @@
   95.28    typing :: "tctx \<Rightarrow> lam \<Rightarrow> ty \<Rightarrow> bool" ("_ \<turnstile> _ : _") 
   95.29  where
   95.30    t_VAR[intro]:  "\<lbrakk>valid \<Gamma>; (x,T)\<in>set \<Gamma>\<rbrakk> \<Longrightarrow> \<Gamma> \<turnstile> VAR x : T"
   95.31 -| t_APP[intro]:  "\<lbrakk>\<Gamma> \<turnstile> t\<^isub>1 : T\<^isub>1\<rightarrow>T\<^isub>2; \<Gamma> \<turnstile> t\<^isub>2 : T\<^isub>1\<rbrakk> \<Longrightarrow> \<Gamma> \<turnstile> APP t\<^isub>1 t\<^isub>2 : T\<^isub>2"
   95.32 -| t_LAM[intro]:  "\<lbrakk>x\<sharp>\<Gamma>; (x,T\<^isub>1)#\<Gamma> \<turnstile> t : T\<^isub>2\<rbrakk> \<Longrightarrow> \<Gamma> \<turnstile> LAM [x].t : T\<^isub>1 \<rightarrow> T\<^isub>2"
   95.33 +| t_APP[intro]:  "\<lbrakk>\<Gamma> \<turnstile> t\<^sub>1 : T\<^sub>1\<rightarrow>T\<^sub>2; \<Gamma> \<turnstile> t\<^sub>2 : T\<^sub>1\<rbrakk> \<Longrightarrow> \<Gamma> \<turnstile> APP t\<^sub>1 t\<^sub>2 : T\<^sub>2"
   95.34 +| t_LAM[intro]:  "\<lbrakk>x\<sharp>\<Gamma>; (x,T\<^sub>1)#\<Gamma> \<turnstile> t : T\<^sub>2\<rbrakk> \<Longrightarrow> \<Gamma> \<turnstile> LAM [x].t : T\<^sub>1 \<rightarrow> T\<^sub>2"
   95.35  | t_NUM[intro]:  "\<Gamma> \<turnstile> (NUM n) : tINT"
   95.36 -| t_DIFF[intro]: "\<lbrakk>\<Gamma> \<turnstile> t\<^isub>1 : tINT; \<Gamma> \<turnstile> t\<^isub>2 : tINT\<rbrakk> \<Longrightarrow> \<Gamma> \<turnstile> t\<^isub>1 -- t\<^isub>2 : tINT"
   95.37 -| t_PLUS[intro]: "\<lbrakk>\<Gamma> \<turnstile> t\<^isub>1 : tINT; \<Gamma> \<turnstile> t\<^isub>2 : tINT\<rbrakk> \<Longrightarrow> \<Gamma> \<turnstile> t\<^isub>1 ++ t\<^isub>2 : tINT"
   95.38 +| t_DIFF[intro]: "\<lbrakk>\<Gamma> \<turnstile> t\<^sub>1 : tINT; \<Gamma> \<turnstile> t\<^sub>2 : tINT\<rbrakk> \<Longrightarrow> \<Gamma> \<turnstile> t\<^sub>1 -- t\<^sub>2 : tINT"
   95.39 +| t_PLUS[intro]: "\<lbrakk>\<Gamma> \<turnstile> t\<^sub>1 : tINT; \<Gamma> \<turnstile> t\<^sub>2 : tINT\<rbrakk> \<Longrightarrow> \<Gamma> \<turnstile> t\<^sub>1 ++ t\<^sub>2 : tINT"
   95.40  | t_TRUE[intro]:  "\<Gamma> \<turnstile> TRUE : tBOOL"
   95.41  | t_FALSE[intro]: "\<Gamma> \<turnstile> FALSE : tBOOL"
   95.42  | t_IF[intro]:    "\<lbrakk>\<Gamma> \<turnstile> t1 : tBOOL; \<Gamma> \<turnstile> t2 : T; \<Gamma> \<turnstile> t3 : T\<rbrakk> \<Longrightarrow> \<Gamma> \<turnstile> IF t1 t2 t3 : T"
   95.43 @@ -443,8 +443,8 @@
   95.44  
   95.45  declare lam.inject[simp]
   95.46  inductive_cases typing_inversion[elim]:
   95.47 -  "\<Gamma> \<turnstile> t\<^isub>1 -- t\<^isub>2 : T"
   95.48 -  "\<Gamma> \<turnstile> t\<^isub>1 ++ t\<^isub>2 : T"
   95.49 +  "\<Gamma> \<turnstile> t\<^sub>1 -- t\<^sub>2 : T"
   95.50 +  "\<Gamma> \<turnstile> t\<^sub>1 ++ t\<^sub>2 : T"
   95.51    "\<Gamma> \<turnstile> IF t1 t2 t3 : T"
   95.52    "\<Gamma> \<turnstile> ZET t : T"
   95.53    "\<Gamma> \<turnstile> EQI t1 t2 : T"
   95.54 @@ -461,7 +461,7 @@
   95.55  lemma t_LAM_inversion[dest]:
   95.56    assumes ty: "\<Gamma> \<turnstile> LAM [x].t : T" 
   95.57    and     fc: "x\<sharp>\<Gamma>" 
   95.58 -  shows "\<exists>T\<^isub>1 T\<^isub>2. T = T\<^isub>1 \<rightarrow> T\<^isub>2 \<and> (x,T\<^isub>1)#\<Gamma> \<turnstile> t : T\<^isub>2"
   95.59 +  shows "\<exists>T\<^sub>1 T\<^sub>2. T = T\<^sub>1 \<rightarrow> T\<^sub>2 \<and> (x,T\<^sub>1)#\<Gamma> \<turnstile> t : T\<^sub>2"
   95.60  using ty fc 
   95.61  by (cases rule: typing.strong_cases) 
   95.62     (auto simp add: alpha lam.inject abs_fresh ty_fresh)
    96.1 --- a/src/HOL/Nominal/Examples/CR.thy	Tue Aug 13 14:20:22 2013 +0200
    96.2 +++ b/src/HOL/Nominal/Examples/CR.thy	Tue Aug 13 16:25:47 2013 +0200
    96.3 @@ -146,12 +146,12 @@
    96.4  section {* Beta Reduction *}
    96.5  
    96.6  inductive
    96.7 -  "Beta" :: "lam\<Rightarrow>lam\<Rightarrow>bool" (" _ \<longrightarrow>\<^isub>\<beta> _" [80,80] 80)
    96.8 +  "Beta" :: "lam\<Rightarrow>lam\<Rightarrow>bool" (" _ \<longrightarrow>\<^sub>\<beta> _" [80,80] 80)
    96.9  where
   96.10 -    b1[intro]: "s1\<longrightarrow>\<^isub>\<beta>s2 \<Longrightarrow> (App s1 t)\<longrightarrow>\<^isub>\<beta>(App s2 t)"
   96.11 -  | b2[intro]: "s1\<longrightarrow>\<^isub>\<beta>s2 \<Longrightarrow> (App t s1)\<longrightarrow>\<^isub>\<beta>(App t s2)"
   96.12 -  | b3[intro]: "s1\<longrightarrow>\<^isub>\<beta>s2 \<Longrightarrow> (Lam [a].s1)\<longrightarrow>\<^isub>\<beta> (Lam [a].s2)"
   96.13 -  | b4[intro]: "a\<sharp>s2 \<Longrightarrow> (App (Lam [a].s1) s2)\<longrightarrow>\<^isub>\<beta>(s1[a::=s2])"
   96.14 +    b1[intro]: "s1\<longrightarrow>\<^sub>\<beta>s2 \<Longrightarrow> (App s1 t)\<longrightarrow>\<^sub>\<beta>(App s2 t)"
   96.15 +  | b2[intro]: "s1\<longrightarrow>\<^sub>\<beta>s2 \<Longrightarrow> (App t s1)\<longrightarrow>\<^sub>\<beta>(App t s2)"
   96.16 +  | b3[intro]: "s1\<longrightarrow>\<^sub>\<beta>s2 \<Longrightarrow> (Lam [a].s1)\<longrightarrow>\<^sub>\<beta> (Lam [a].s2)"
   96.17 +  | b4[intro]: "a\<sharp>s2 \<Longrightarrow> (App (Lam [a].s1) s2)\<longrightarrow>\<^sub>\<beta>(s1[a::=s2])"
   96.18  
   96.19  equivariance Beta
   96.20  
   96.21 @@ -159,29 +159,29 @@
   96.22    by (simp_all add: abs_fresh fresh_fact')
   96.23  
   96.24  inductive
   96.25 -  "Beta_star"  :: "lam\<Rightarrow>lam\<Rightarrow>bool" (" _ \<longrightarrow>\<^isub>\<beta>\<^sup>* _" [80,80] 80)
   96.26 +  "Beta_star"  :: "lam\<Rightarrow>lam\<Rightarrow>bool" (" _ \<longrightarrow>\<^sub>\<beta>\<^sup>* _" [80,80] 80)
   96.27  where
   96.28 -    bs1[intro, simp]: "M \<longrightarrow>\<^isub>\<beta>\<^sup>* M"
   96.29 -  | bs2[intro]: "\<lbrakk>M1\<longrightarrow>\<^isub>\<beta>\<^sup>* M2; M2 \<longrightarrow>\<^isub>\<beta> M3\<rbrakk> \<Longrightarrow> M1 \<longrightarrow>\<^isub>\<beta>\<^sup>* M3"
   96.30 +    bs1[intro, simp]: "M \<longrightarrow>\<^sub>\<beta>\<^sup>* M"
   96.31 +  | bs2[intro]: "\<lbrakk>M1\<longrightarrow>\<^sub>\<beta>\<^sup>* M2; M2 \<longrightarrow>\<^sub>\<beta> M3\<rbrakk> \<Longrightarrow> M1 \<longrightarrow>\<^sub>\<beta>\<^sup>* M3"
   96.32  
   96.33  equivariance Beta_star
   96.34  
   96.35  lemma beta_star_trans:
   96.36 -  assumes a1: "M1\<longrightarrow>\<^isub>\<beta>\<^sup>* M2"
   96.37 -  and     a2: "M2\<longrightarrow>\<^isub>\<beta>\<^sup>* M3"
   96.38 -  shows "M1 \<longrightarrow>\<^isub>\<beta>\<^sup>* M3"
   96.39 +  assumes a1: "M1\<longrightarrow>\<^sub>\<beta>\<^sup>* M2"
   96.40 +  and     a2: "M2\<longrightarrow>\<^sub>\<beta>\<^sup>* M3"
   96.41 +  shows "M1 \<longrightarrow>\<^sub>\<beta>\<^sup>* M3"
   96.42  using a2 a1
   96.43  by (induct) (auto)
   96.44  
   96.45  section {* One-Reduction *}
   96.46  
   96.47  inductive
   96.48 -  One :: "lam\<Rightarrow>lam\<Rightarrow>bool" (" _ \<longrightarrow>\<^isub>1 _" [80,80] 80)
   96.49 +  One :: "lam\<Rightarrow>lam\<Rightarrow>bool" (" _ \<longrightarrow>\<^sub>1 _" [80,80] 80)
   96.50  where
   96.51 -    o1[intro!]:      "M\<longrightarrow>\<^isub>1M"
   96.52 -  | o2[simp,intro!]: "\<lbrakk>t1\<longrightarrow>\<^isub>1t2;s1\<longrightarrow>\<^isub>1s2\<rbrakk> \<Longrightarrow> (App t1 s1)\<longrightarrow>\<^isub>1(App t2 s2)"
   96.53 -  | o3[simp,intro!]: "s1\<longrightarrow>\<^isub>1s2 \<Longrightarrow> (Lam [a].s1)\<longrightarrow>\<^isub>1(Lam [a].s2)"
   96.54 -  | o4[simp,intro!]: "\<lbrakk>a\<sharp>(s1,s2); s1\<longrightarrow>\<^isub>1s2;t1\<longrightarrow>\<^isub>1t2\<rbrakk> \<Longrightarrow> (App (Lam [a].t1) s1)\<longrightarrow>\<^isub>1(t2[a::=s2])"
   96.55 +    o1[intro!]:      "M\<longrightarrow>\<^sub>1M"
   96.56 +  | o2[simp,intro!]: "\<lbrakk>t1\<longrightarrow>\<^sub>1t2;s1\<longrightarrow>\<^sub>1s2\<rbrakk> \<Longrightarrow> (App t1 s1)\<longrightarrow>\<^sub>1(App t2 s2)"
   96.57 +  | o3[simp,intro!]: "s1\<longrightarrow>\<^sub>1s2 \<Longrightarrow> (Lam [a].s1)\<longrightarrow>\<^sub>1(Lam [a].s2)"
   96.58 +  | o4[simp,intro!]: "\<lbrakk>a\<sharp>(s1,s2); s1\<longrightarrow>\<^sub>1s2;t1\<longrightarrow>\<^sub>1t2\<rbrakk> \<Longrightarrow> (App (Lam [a].t1) s1)\<longrightarrow>\<^sub>1(t2[a::=s2])"
   96.59  
   96.60  equivariance One
   96.61  
   96.62 @@ -189,23 +189,23 @@
   96.63    by (simp_all add: abs_fresh fresh_fact')
   96.64  
   96.65  inductive
   96.66 -  "One_star"  :: "lam\<Rightarrow>lam\<Rightarrow>bool" (" _ \<longrightarrow>\<^isub>1\<^sup>* _" [80,80] 80)
   96.67 +  "One_star"  :: "lam\<Rightarrow>lam\<Rightarrow>bool" (" _ \<longrightarrow>\<^sub>1\<^sup>* _" [80,80] 80)
   96.68  where
   96.69 -    os1[intro, simp]: "M \<longrightarrow>\<^isub>1\<^sup>* M"
   96.70 -  | os2[intro]: "\<lbrakk>M1\<longrightarrow>\<^isub>1\<^sup>* M2; M2 \<longrightarrow>\<^isub>1 M3\<rbrakk> \<Longrightarrow> M1 \<longrightarrow>\<^isub>1\<^sup>* M3"
   96.71 +    os1[intro, simp]: "M \<longrightarrow>\<^sub>1\<^sup>* M"
   96.72 +  | os2[intro]: "\<lbrakk>M1\<longrightarrow>\<^sub>1\<^sup>* M2; M2 \<longrightarrow>\<^sub>1 M3\<rbrakk> \<Longrightarrow> M1 \<longrightarrow>\<^sub>1\<^sup>* M3"
   96.73  
   96.74  equivariance One_star 
   96.75  
   96.76  lemma one_star_trans:
   96.77 -  assumes a1: "M1\<longrightarrow>\<^isub>1\<^sup>* M2" 
   96.78 -  and     a2: "M2\<longrightarrow>\<^isub>1\<^sup>* M3"
   96.79 -  shows "M1\<longrightarrow>\<^isub>1\<^sup>* M3"
   96.80 +  assumes a1: "M1\<longrightarrow>\<^sub>1\<^sup>* M2" 
   96.81 +  and     a2: "M2\<longrightarrow>\<^sub>1\<^sup>* M3"
   96.82 +  shows "M1\<longrightarrow>\<^sub>1\<^sup>* M3"
   96.83  using a2 a1
   96.84  by (induct) (auto)
   96.85  
   96.86  lemma one_fresh_preserv:
   96.87    fixes a :: "name"
   96.88 -  assumes a: "t\<longrightarrow>\<^isub>1s"
   96.89 +  assumes a: "t\<longrightarrow>\<^sub>1s"
   96.90    and     b: "a\<sharp>t"
   96.91    shows "a\<sharp>s"
   96.92  using a b
   96.93 @@ -247,7 +247,7 @@
   96.94  
   96.95  lemma one_fresh_preserv_automatic:
   96.96    fixes a :: "name"
   96.97 -  assumes a: "t\<longrightarrow>\<^isub>1s"
   96.98 +  assumes a: "t\<longrightarrow>\<^sub>1s"
   96.99    and     b: "a\<sharp>t"
  96.100    shows "a\<sharp>s"
  96.101  using a b
  96.102 @@ -263,8 +263,8 @@
  96.103     (auto simp add: calc_atm fresh_atm abs_fresh)
  96.104  
  96.105  lemma one_abs: 
  96.106 -  assumes a: "Lam [a].t\<longrightarrow>\<^isub>1t'"
  96.107 -  shows "\<exists>t''. t'=Lam [a].t'' \<and> t\<longrightarrow>\<^isub>1t''"
  96.108 +  assumes a: "Lam [a].t\<longrightarrow>\<^sub>1t'"
  96.109 +  shows "\<exists>t''. t'=Lam [a].t'' \<and> t\<longrightarrow>\<^sub>1t''"
  96.110  proof -
  96.111    have "a\<sharp>Lam [a].t" by (simp add: abs_fresh)
  96.112    with a have "a\<sharp>t'" by (simp add: one_fresh_preserv)
  96.113 @@ -274,15 +274,15 @@
  96.114  qed
  96.115  
  96.116  lemma one_app: 
  96.117 -  assumes a: "App t1 t2 \<longrightarrow>\<^isub>1 t'"
  96.118 -  shows "(\<exists>s1 s2. t' = App s1 s2 \<and> t1 \<longrightarrow>\<^isub>1 s1 \<and> t2 \<longrightarrow>\<^isub>1 s2) \<or> 
  96.119 -         (\<exists>a s s1 s2. t1 = Lam [a].s \<and> t' = s1[a::=s2] \<and> s \<longrightarrow>\<^isub>1 s1 \<and> t2 \<longrightarrow>\<^isub>1 s2 \<and> a\<sharp>(t2,s2))"
  96.120 +  assumes a: "App t1 t2 \<longrightarrow>\<^sub>1 t'"
  96.121 +  shows "(\<exists>s1 s2. t' = App s1 s2 \<and> t1 \<longrightarrow>\<^sub>1 s1 \<and> t2 \<longrightarrow>\<^sub>1 s2) \<or> 
  96.122 +         (\<exists>a s s1 s2. t1 = Lam [a].s \<and> t' = s1[a::=s2] \<and> s \<longrightarrow>\<^sub>1 s1 \<and> t2 \<longrightarrow>\<^sub>1 s2 \<and> a\<sharp>(t2,s2))"
  96.123  using a by (erule_tac One.cases) (auto simp add: lam.inject)
  96.124  
  96.125  lemma one_red: 
  96.126 -  assumes a: "App (Lam [a].t1) t2 \<longrightarrow>\<^isub>1 M" "a\<sharp>(t2,M)"
  96.127 -  shows "(\<exists>s1 s2. M = App (Lam [a].s1) s2 \<and> t1 \<longrightarrow>\<^isub>1 s1 \<and> t2 \<longrightarrow>\<^isub>1 s2) \<or> 
  96.128 -         (\<exists>s1 s2. M = s1[a::=s2] \<and> t1 \<longrightarrow>\<^isub>1 s1 \<and> t2 \<longrightarrow>\<^isub>1 s2)" 
  96.129 +  assumes a: "App (Lam [a].t1) t2 \<longrightarrow>\<^sub>1 M" "a\<sharp>(t2,M)"
  96.130 +  shows "(\<exists>s1 s2. M = App (Lam [a].s1) s2 \<and> t1 \<longrightarrow>\<^sub>1 s1 \<and> t2 \<longrightarrow>\<^sub>1 s2) \<or> 
  96.131 +         (\<exists>s1 s2. M = s1[a::=s2] \<and> t1 \<longrightarrow>\<^sub>1 s1 \<and> t2 \<longrightarrow>\<^sub>1 s2)" 
  96.132  using a
  96.133  by (cases rule: One.strong_cases [where a="a" and aa="a"])
  96.134     (auto dest: one_abs simp add: lam.inject abs_fresh alpha fresh_prod)
  96.135 @@ -290,31 +290,31 @@
  96.136  text {* first case in Lemma 3.2.4*}
  96.137  
  96.138  lemma one_subst_aux:
  96.139 -  assumes a: "N\<longrightarrow>\<^isub>1N'"
  96.140 -  shows "M[x::=N] \<longrightarrow>\<^isub>1 M[x::=N']"
  96.141 +  assumes a: "N\<longrightarrow>\<^sub>1N'"
  96.142 +  shows "M[x::=N] \<longrightarrow>\<^sub>1 M[x::=N']"
  96.143  using a
  96.144  proof (nominal_induct M avoiding: x N N' rule: lam.strong_induct)
  96.145    case (Var y) 
  96.146 -  thus "Var y[x::=N] \<longrightarrow>\<^isub>1 Var y[x::=N']" by (cases "x=y") auto
  96.147 +  thus "Var y[x::=N] \<longrightarrow>\<^sub>1 Var y[x::=N']" by (cases "x=y") auto
  96.148  next
  96.149    case (App P Q) (* application case - third line *)
  96.150 -  thus "(App P Q)[x::=N] \<longrightarrow>\<^isub>1  (App P Q)[x::=N']" using o2 by simp
  96.151 +  thus "(App P Q)[x::=N] \<longrightarrow>\<^sub>1  (App P Q)[x::=N']" using o2 by simp
  96.152  next 
  96.153    case (Lam y P) (* abstraction case - fourth line *)
  96.154 -  thus "(Lam [y].P)[x::=N] \<longrightarrow>\<^isub>1 (Lam [y].P)[x::=N']" using o3 by simp
  96.155 +  thus "(Lam [y].P)[x::=N] \<longrightarrow>\<^sub>1 (Lam [y].P)[x::=N']" using o3 by simp
  96.156  qed
  96.157  
  96.158  lemma one_subst_aux_automatic:
  96.159 -  assumes a: "N\<longrightarrow>\<^isub>1N'"
  96.160 -  shows "M[x::=N] \<longrightarrow>\<^isub>1 M[x::=N']"
  96.161 +  assumes a: "N\<longrightarrow>\<^sub>1N'"
  96.162 +  shows "M[x::=N] \<longrightarrow>\<^sub>1 M[x::=N']"
  96.163  using a
  96.164  by (nominal_induct M avoiding: x N N' rule: lam.strong_induct)
  96.165     (auto simp add: fresh_prod fresh_atm)
  96.166  
  96.167  lemma one_subst: 
  96.168 -  assumes a: "M\<longrightarrow>\<^isub>1M'"
  96.169 -  and     b: "N\<longrightarrow>\<^isub>1N'"
  96.170 -  shows "M[x::=N]\<longrightarrow>\<^isub>1M'[x::=N']" 
  96.171 +  assumes a: "M\<longrightarrow>\<^sub>1M'"
  96.172 +  and     b: "N\<longrightarrow>\<^sub>1N'"
  96.173 +  shows "M[x::=N]\<longrightarrow>\<^sub>1M'[x::=N']" 
  96.174  using a b
  96.175  proof (nominal_induct M M' avoiding: N N' x rule: One.strong_induct)
  96.176    case (o1 M)
  96.177 @@ -328,22 +328,22 @@
  96.178  next
  96.179    case (o4 a N1 N2 M1 M2 N N' x)
  96.180    have vc: "a\<sharp>N" "a\<sharp>N'" "a\<sharp>x" "a\<sharp>N1" "a\<sharp>N2" by fact+
  96.181 -  have asm: "N\<longrightarrow>\<^isub>1N'" by fact
  96.182 +  have asm: "N\<longrightarrow>\<^sub>1N'" by fact
  96.183    show ?case
  96.184    proof -
  96.185      have "(App (Lam [a].M1) N1)[x::=N] = App (Lam [a].(M1[x::=N])) (N1[x::=N])" using vc by simp
  96.186 -    moreover have "App (Lam [a].(M1[x::=N])) (N1[x::=N]) \<longrightarrow>\<^isub>1 M2[x::=N'][a::=N2[x::=N']]" 
  96.187 +    moreover have "App (Lam [a].(M1[x::=N])) (N1[x::=N]) \<longrightarrow>\<^sub>1 M2[x::=N'][a::=N2[x::=N']]" 
  96.188        using o4 asm by (simp add: fresh_fact)
  96.189      moreover have "M2[x::=N'][a::=N2[x::=N']] = M2[a::=N2][x::=N']" 
  96.190        using vc by (simp add: substitution_lemma fresh_atm)
  96.191 -    ultimately show "(App (Lam [a].M1) N1)[x::=N] \<longrightarrow>\<^isub>1 M2[a::=N2][x::=N']" by simp
  96.192 +    ultimately show "(App (Lam [a].M1) N1)[x::=N] \<longrightarrow>\<^sub>1 M2[a::=N2][x::=N']" by simp
  96.193    qed
  96.194  qed
  96.195  
  96.196  lemma one_subst_automatic: 
  96.197 -  assumes a: "M\<longrightarrow>\<^isub>1M'" 
  96.198 -  and     b: "N\<longrightarrow>\<^isub>1N'"
  96.199 -  shows "M[x::=N]\<longrightarrow>\<^isub>1M'[x::=N']" 
  96.200 +  assumes a: "M\<longrightarrow>\<^sub>1M'" 
  96.201 +  and     b: "N\<longrightarrow>\<^sub>1N'"
  96.202 +  shows "M[x::=N]\<longrightarrow>\<^sub>1M'[x::=N']" 
  96.203  using a b
  96.204  by (nominal_induct M M' avoiding: N N' x rule: One.strong_induct)
  96.205     (auto simp add: one_subst_aux substitution_lemma fresh_atm fresh_fact)
  96.206 @@ -351,122 +351,122 @@
  96.207  lemma diamond[rule_format]:
  96.208    fixes    M :: "lam"
  96.209    and      M1:: "lam"
  96.210 -  assumes a: "M\<longrightarrow>\<^isub>1M1" 
  96.211 -  and     b: "M\<longrightarrow>\<^isub>1M2"
  96.212 -  shows "\<exists>M3. M1\<longrightarrow>\<^isub>1M3 \<and> M2\<longrightarrow>\<^isub>1M3"
  96.213 +  assumes a: "M\<longrightarrow>\<^sub>1M1" 
  96.214 +  and     b: "M\<longrightarrow>\<^sub>1M2"
  96.215 +  shows "\<exists>M3. M1\<longrightarrow>\<^sub>1M3 \<and> M2\<longrightarrow>\<^sub>1M3"
  96.216    using a b
  96.217  proof (nominal_induct avoiding: M1 M2 rule: One.strong_induct)
  96.218    case (o1 M) (* case 1 --- M1 = M *)
  96.219 -  thus "\<exists>M3. M\<longrightarrow>\<^isub>1M3 \<and>  M2\<longrightarrow>\<^isub>1M3" by blast
  96.220 +  thus "\<exists>M3. M\<longrightarrow>\<^sub>1M3 \<and>  M2\<longrightarrow>\<^sub>1M3" by blast
  96.221  next
  96.222    case (o4 x Q Q' P P') (* case 2 --- a beta-reduction occurs*)
  96.223    have vc: "x\<sharp>Q" "x\<sharp>Q'" "x\<sharp>M2" by fact+
  96.224 -  have i1: "\<And>M2. Q \<longrightarrow>\<^isub>1M2 \<Longrightarrow> (\<exists>M3. Q'\<longrightarrow>\<^isub>1M3 \<and> M2\<longrightarrow>\<^isub>1M3)" by fact
  96.225 -  have i2: "\<And>M2. P \<longrightarrow>\<^isub>1M2 \<Longrightarrow> (\<exists>M3. P'\<longrightarrow>\<^isub>1M3 \<and> M2\<longrightarrow>\<^isub>1M3)" by fact
  96.226 -  have "App (Lam [x].P) Q \<longrightarrow>\<^isub>1 M2" by fact
  96.227 -  hence "(\<exists>P' Q'. M2 = App (Lam [x].P') Q' \<and> P\<longrightarrow>\<^isub>1P' \<and> Q\<longrightarrow>\<^isub>1Q') \<or> 
  96.228 -         (\<exists>P' Q'. M2 = P'[x::=Q'] \<and> P\<longrightarrow>\<^isub>1P' \<and> Q\<longrightarrow>\<^isub>1Q')" using vc by (simp add: one_red)
  96.229 +  have i1: "\<And>M2. Q \<longrightarrow>\<^sub>1M2 \<Longrightarrow> (\<exists>M3. Q'\<longrightarrow>\<^sub>1M3 \<and> M2\<longrightarrow>\<^sub>1M3)" by fact
  96.230 +  have i2: "\<And>M2. P \<longrightarrow>\<^sub>1M2 \<Longrightarrow> (\<exists>M3. P'\<longrightarrow>\<^sub>1M3 \<and> M2\<longrightarrow>\<^sub>1M3)" by fact
  96.231 +  have "App (Lam [x].P) Q \<longrightarrow>\<^sub>1 M2" by fact
  96.232 +  hence "(\<exists>P' Q'. M2 = App (Lam [x].P') Q' \<and> P\<longrightarrow>\<^sub>1P' \<and> Q\<longrightarrow>\<^sub>1Q') \<or> 
  96.233 +         (\<exists>P' Q'. M2 = P'[x::=Q'] \<and> P\<longrightarrow>\<^sub>1P' \<and> Q\<longrightarrow>\<^sub>1Q')" using vc by (simp add: one_red)
  96.234    moreover (* subcase 2.1 *)
  96.235 -  { assume "\<exists>P' Q'. M2 = App (Lam [x].P') Q' \<and> P\<longrightarrow>\<^isub>1P' \<and> Q\<longrightarrow>\<^isub>1Q'"
  96.236 +  { assume "\<exists>P' Q'. M2 = App (Lam [x].P') Q' \<and> P\<longrightarrow>\<^sub>1P' \<and> Q\<longrightarrow>\<^sub>1Q'"
  96.237      then obtain P'' and Q'' where 
  96.238 -      b1: "M2=App (Lam [x].P'') Q''" and b2: "P\<longrightarrow>\<^isub>1P''" and b3: "Q\<longrightarrow>\<^isub>1Q''" by blast
  96.239 -    from b2 i2 have "(\<exists>M3. P'\<longrightarrow>\<^isub>1M3 \<and> P''\<longrightarrow>\<^isub>1M3)" by simp
  96.240 +      b1: "M2=App (Lam [x].P'') Q''" and b2: "P\<longrightarrow>\<^sub>1P''" and b3: "Q\<longrightarrow>\<^sub>1Q''" by blast
  96.241 +    from b2 i2 have "(\<exists>M3. P'\<longrightarrow>\<^sub>1M3 \<and> P''\<longrightarrow>\<^sub>1M3)" by simp
  96.242      then obtain P''' where
  96.243 -      c1: "P'\<longrightarrow>\<^isub>1P'''" and c2: "P''\<longrightarrow>\<^isub>1P'''" by force
  96.244 -    from b3 i1 have "(\<exists>M3. Q'\<longrightarrow>\<^isub>1M3 \<and> Q''\<longrightarrow>\<^isub>1M3)" by simp
  96.245 +      c1: "P'\<longrightarrow>\<^sub>1P'''" and c2: "P''\<longrightarrow>\<^sub>1P'''" by force
  96.246 +    from b3 i1 have "(\<exists>M3. Q'\<longrightarrow>\<^sub>1M3 \<and> Q''\<longrightarrow>\<^sub>1M3)" by simp
  96.247      then obtain Q''' where
  96.248 -      d1: "Q'\<longrightarrow>\<^isub>1Q'''" and d2: "Q''\<longrightarrow>\<^isub>1Q'''" by force
  96.249 +      d1: "Q'\<longrightarrow>\<^sub>1Q'''" and d2: "Q''\<longrightarrow>\<^sub>1Q'''" by force
  96.250      from c1 c2 d1 d2 
  96.251 -    have "P'[x::=Q']\<longrightarrow>\<^isub>1P'''[x::=Q'''] \<and> App (Lam [x].P'') Q'' \<longrightarrow>\<^isub>1 P'''[x::=Q''']" 
  96.252 +    have "P'[x::=Q']\<longrightarrow>\<^sub>1P'''[x::=Q'''] \<and> App (Lam [x].P'') Q'' \<longrightarrow>\<^sub>1 P'''[x::=Q''']" 
  96.253        using vc b3 by (auto simp add: one_subst one_fresh_preserv)
  96.254 -    hence "\<exists>M3. P'[x::=Q']\<longrightarrow>\<^isub>1M3 \<and> M2\<longrightarrow>\<^isub>1M3" using b1 by blast
  96.255 +    hence "\<exists>M3. P'[x::=Q']\<longrightarrow>\<^sub>1M3 \<and> M2\<longrightarrow>\<^sub>1M3" using b1 by blast
  96.256    }
  96.257    moreover (* subcase 2.2 *)
  96.258 -  { assume "\<exists>P' Q'. M2 = P'[x::=Q'] \<and> P\<longrightarrow>\<^isub>1P' \<and> Q\<longrightarrow>\<^isub>1Q'"
  96.259 +  { assume "\<exists>P' Q'. M2 = P'[x::=Q'] \<and> P\<longrightarrow>\<^sub>1P' \<and> Q\<longrightarrow>\<^sub>1Q'"
  96.260      then obtain P'' Q'' where
  96.261 -      b1: "M2=P''[x::=Q'']" and b2: "P\<longrightarrow>\<^isub>1P''" and  b3: "Q\<longrightarrow>\<^isub>1Q''" by blast
  96.262 -    from b2 i2 have "(\<exists>M3. P'\<longrightarrow>\<^isub>1M3 \<and> P''\<longrightarrow>\<^isub>1M3)" by simp
  96.263 +      b1: "M2=P''[x::=Q'']" and b2: "P\<longrightarrow>\<^sub>1P''" and  b3: "Q\<longrightarrow>\<^sub>1Q''" by blast
  96.264 +    from b2 i2 have "(\<exists>M3. P'\<longrightarrow>\<^sub>1M3 \<and> P''\<longrightarrow>\<^sub>1M3)" by simp
  96.265      then obtain P''' where
  96.266 -      c1: "P'\<longrightarrow>\<^isub>1P'''" and c2: "P''\<longrightarrow>\<^isub>1P'''" by blast
  96.267 -    from b3 i1 have "(\<exists>M3. Q'\<longrightarrow>\<^isub>1M3 \<and> Q''\<longrightarrow>\<^isub>1M3)" by simp
  96.268 +      c1: "P'\<longrightarrow>\<^sub>1P'''" and c2: "P''\<longrightarrow>\<^sub>1P'''" by blast
  96.269 +    from b3 i1 have "(\<exists>M3. Q'\<longrightarrow>\<^sub>1M3 \<and> Q''\<longrightarrow>\<^sub>1M3)" by simp
  96.270      then obtain Q''' where
  96.271 -      d1: "Q'\<longrightarrow>\<^isub>1Q'''" and d2: "Q''\<longrightarrow>\<^isub>1Q'''" by blast
  96.272 +      d1: "Q'\<longrightarrow>\<^sub>1Q'''" and d2: "Q''\<longrightarrow>\<^sub>1Q'''" by blast
  96.273      from c1 c2 d1 d2 
  96.274 -    have "P'[x::=Q']\<longrightarrow>\<^isub>1P'''[x::=Q'''] \<and> P''[x::=Q'']\<longrightarrow>\<^isub>1P'''[x::=Q''']" 
  96.275 +    have "P'[x::=Q']\<longrightarrow>\<^sub>1P'''[x::=Q'''] \<and> P''[x::=Q'']\<longrightarrow>\<^sub>1P'''[x::=Q''']" 
  96.276        by (force simp add: one_subst)
  96.277 -    hence "\<exists>M3. P'[x::=Q']\<longrightarrow>\<^isub>1M3 \<and> M2\<longrightarrow>\<^isub>1M3" using b1 by blast
  96.278 +    hence "\<exists>M3. P'[x::=Q']\<longrightarrow>\<^sub>1M3 \<and> M2\<longrightarrow>\<^sub>1M3" using b1 by blast
  96.279    }
  96.280 -  ultimately show "\<exists>M3. P'[x::=Q']\<longrightarrow>\<^isub>1M3 \<and> M2\<longrightarrow>\<^isub>1M3" by blast
  96.281 +  ultimately show "\<exists>M3. P'[x::=Q']\<longrightarrow>\<^sub>1M3 \<and> M2\<longrightarrow>\<^sub>1M3" by blast
  96.282  next
  96.283    case (o2 P P' Q Q') (* case 3 *)
  96.284 -  have i0: "P\<longrightarrow>\<^isub>1P'" by fact
  96.285 -  have i0': "Q\<longrightarrow>\<^isub>1Q'" by fact
  96.286 -  have i1: "\<And>M2. Q \<longrightarrow>\<^isub>1M2 \<Longrightarrow> (\<exists>M3. Q'\<longrightarrow>\<^isub>1M3 \<and> M2\<longrightarrow>\<^isub>1M3)" by fact
  96.287 -  have i2: "\<And>M2. P \<longrightarrow>\<^isub>1M2 \<Longrightarrow> (\<exists>M3. P'\<longrightarrow>\<^isub>1M3 \<and> M2\<longrightarrow>\<^isub>1M3)" by fact
  96.288 -  assume "App P Q \<longrightarrow>\<^isub>1 M2"
  96.289 -  hence "(\<exists>P'' Q''. M2 = App P'' Q'' \<and> P\<longrightarrow>\<^isub>1P'' \<and> Q\<longrightarrow>\<^isub>1Q'') \<or> 
  96.290 -         (\<exists>x P' P'' Q'. P = Lam [x].P' \<and> M2 = P''[x::=Q'] \<and> P'\<longrightarrow>\<^isub>1 P'' \<and> Q\<longrightarrow>\<^isub>1Q' \<and> x\<sharp>(Q,Q'))" 
  96.291 +  have i0: "P\<longrightarrow>\<^sub>1P'" by fact
  96.292 +  have i0': "Q\<longrightarrow>\<^sub>1Q'" by fact
  96.293 +  have i1: "\<And>M2. Q \<longrightarrow>\<^sub>1M2 \<Longrightarrow> (\<exists>M3. Q'\<longrightarrow>\<^sub>1M3 \<and> M2\<longrightarrow>\<^sub>1M3)" by fact
  96.294 +  have i2: "\<And>M2. P \<longrightarrow>\<^sub>1M2 \<Longrightarrow> (\<exists>M3. P'\<longrightarrow>\<^sub>1M3 \<and> M2\<longrightarrow>\<^sub>1M3)" by fact
  96.295 +  assume "App P Q \<longrightarrow>\<^sub>1 M2"
  96.296 +  hence "(\<exists>P'' Q''. M2 = App P'' Q'' \<and> P\<longrightarrow>\<^sub>1P'' \<and> Q\<longrightarrow>\<^sub>1Q'') \<or> 
  96.297 +         (\<exists>x P' P'' Q'. P = Lam [x].P' \<and> M2 = P''[x::=Q'] \<and> P'\<longrightarrow>\<^sub>1 P'' \<and> Q\<longrightarrow>\<^sub>1Q' \<and> x\<sharp>(Q,Q'))" 
  96.298      by (simp add: one_app[simplified])
  96.299    moreover (* subcase 3.1 *)
  96.300 -  { assume "\<exists>P'' Q''. M2 = App P'' Q'' \<and> P\<longrightarrow>\<^isub>1P'' \<and> Q\<longrightarrow>\<^isub>1Q''"
  96.301 +  { assume "\<exists>P'' Q''. M2 = App P'' Q'' \<and> P\<longrightarrow>\<^sub>1P'' \<and> Q\<longrightarrow>\<^sub>1Q''"
  96.302      then obtain P'' and Q'' where 
  96.303 -      b1: "M2=App P'' Q''" and b2: "P\<longrightarrow>\<^isub>1P''" and b3: "Q\<longrightarrow>\<^isub>1Q''" by blast
  96.304 -    from b2 i2 have "(\<exists>M3. P'\<longrightarrow>\<^isub>1M3 \<and> P''\<longrightarrow>\<^isub>1M3)" by simp
  96.305 +      b1: "M2=App P'' Q''" and b2: "P\<longrightarrow>\<^sub>1P''" and b3: "Q\<longrightarrow>\<^sub>1Q''" by blast
  96.306 +    from b2 i2 have "(\<exists>M3. P'\<longrightarrow>\<^sub>1M3 \<and> P''\<longrightarrow>\<^sub>1M3)" by simp
  96.307      then obtain P''' where
  96.308 -      c1: "P'\<longrightarrow>\<^isub>1P'''" and c2: "P''\<longrightarrow>\<^isub>1P'''" by blast
  96.309 -    from b3 i1 have "\<exists>M3. Q'\<longrightarrow>\<^isub>1M3 \<and> Q''\<longrightarrow>\<^isub>1M3" by simp
  96.310 +      c1: "P'\<longrightarrow>\<^sub>1P'''" and c2: "P''\<longrightarrow>\<^sub>1P'''" by blast
  96.311 +    from b3 i1 have "\<exists>M3. Q'\<longrightarrow>\<^sub>1M3 \<and> Q''\<longrightarrow>\<^sub>1M3" by simp
  96.312      then obtain Q''' where
  96.313 -      d1: "Q'\<longrightarrow>\<^isub>1Q'''" and d2: "Q''\<longrightarrow>\<^isub>1Q'''" by blast
  96.314 +      d1: "Q'\<longrightarrow>\<^sub>1Q'''" and d2: "Q''\<longrightarrow>\<^sub>1Q'''" by blast
  96.315      from c1 c2 d1 d2 
  96.316 -    have "App P' Q'\<longrightarrow>\<^isub>1App P''' Q''' \<and> App P'' Q'' \<longrightarrow>\<^isub>1 App P''' Q'''" by blast
  96.317 -    hence "\<exists>M3. App P' Q'\<longrightarrow>\<^isub>1M3 \<and> M2\<longrightarrow>\<^isub>1M3" using b1 by blast
  96.318 +    have "App P' Q'\<longrightarrow>\<^sub>1App P''' Q''' \<and> App P'' Q'' \<longrightarrow>\<^sub>1 App P''' Q'''" by blast
  96.319 +    hence "\<exists>M3. App P' Q'\<longrightarrow>\<^sub>1M3 \<and> M2\<longrightarrow>\<^sub>1M3" using b1 by blast
  96.320    }
  96.321    moreover (* subcase 3.2 *)
  96.322 -  { assume "\<exists>x P1 P'' Q''. P = Lam [x].P1 \<and> M2 = P''[x::=Q''] \<and> P1\<longrightarrow>\<^isub>1 P'' \<and> Q\<longrightarrow>\<^isub>1Q'' \<and> x\<sharp>(Q,Q'')"
  96.323 +  { assume "\<exists>x P1 P'' Q''. P = Lam [x].P1 \<and> M2 = P''[x::=Q''] \<and> P1\<longrightarrow>\<^sub>1 P'' \<and> Q\<longrightarrow>\<^sub>1Q'' \<and> x\<sharp>(Q,Q'')"
  96.324      then obtain x P1 P1'' Q'' where
  96.325        b0: "P = Lam [x].P1" and b1: "M2 = P1''[x::=Q'']" and 
  96.326 -      b2: "P1\<longrightarrow>\<^isub>1P1''" and  b3: "Q\<longrightarrow>\<^isub>1Q''" and vc: "x\<sharp>(Q,Q'')" by blast
  96.327 -    from b0 i0 have "\<exists>P1'. P'=Lam [x].P1' \<and> P1\<longrightarrow>\<^isub>1P1'" by (simp add: one_abs)      
  96.328 -    then obtain P1' where g1: "P'=Lam [x].P1'" and g2: "P1\<longrightarrow>\<^isub>1P1'" by blast 
  96.329 -    from g1 b0 b2 i2 have "(\<exists>M3. (Lam [x].P1')\<longrightarrow>\<^isub>1M3 \<and> (Lam [x].P1'')\<longrightarrow>\<^isub>1M3)" by simp
  96.330 +      b2: "P1\<longrightarrow>\<^sub>1P1''" and  b3: "Q\<longrightarrow>\<^sub>1Q''" and vc: "x\<sharp>(Q,Q'')" by blast
  96.331 +    from b0 i0 have "\<exists>P1'. P'=Lam [x].P1' \<and> P1\<longrightarrow>\<^sub>1P1'" by (simp add: one_abs)      
  96.332 +    then obtain P1' where g1: "P'=Lam [x].P1'" and g2: "P1\<longrightarrow>\<^sub>1P1'" by blast 
  96.333 +    from g1 b0 b2 i2 have "(\<exists>M3. (Lam [x].P1')\<longrightarrow>\<^sub>1M3 \<and> (Lam [x].P1'')\<longrightarrow>\<^sub>1M3)" by simp
  96.334      then obtain P1''' where
  96.335 -      c1: "(Lam [x].P1')\<longrightarrow>\<^isub>1P1'''" and c2: "(Lam [x].P1'')\<longrightarrow>\<^isub>1P1'''" by blast
  96.336 -    from c1 have "\<exists>R1. P1'''=Lam [x].R1 \<and> P1'\<longrightarrow>\<^isub>1R1" by (simp add: one_abs)
  96.337 -    then obtain R1 where r1: "P1'''=Lam [x].R1" and r2: "P1'\<longrightarrow>\<^isub>1R1" by blast
  96.338 -    from c2 have "\<exists>R2. P1'''=Lam [x].R2 \<and> P1''\<longrightarrow>\<^isub>1R2" by (simp add: one_abs)
  96.339 -    then obtain R2 where r3: "P1'''=Lam [x].R2" and r4: "P1''\<longrightarrow>\<^isub>1R2" by blast
  96.340 +      c1: "(Lam [x].P1')\<longrightarrow>\<^sub>1P1'''" and c2: "(Lam [x].P1'')\<longrightarrow>\<^sub>1P1'''" by blast
  96.341 +    from c1 have "\<exists>R1. P1'''=Lam [x].R1 \<and> P1'\<longrightarrow>\<^sub>1R1" by (simp add: one_abs)
  96.342 +    then obtain R1 where r1: "P1'''=Lam [x].R1" and r2: "P1'\<longrightarrow>\<^sub>1R1" by blast
  96.343 +    from c2 have "\<exists>R2. P1'''=Lam [x].R2 \<and> P1''\<longrightarrow>\<^sub>1R2" by (simp add: one_abs)
  96.344 +    then obtain R2 where r3: "P1'''=Lam [x].R2" and r4: "P1''\<longrightarrow>\<^sub>1R2" by blast
  96.345      from r1 r3 have r5: "R1=R2" by (simp add: lam.inject alpha)
  96.346 -    from b3 i1 have "(\<exists>M3. Q'\<longrightarrow>\<^isub>1M3 \<and> Q''\<longrightarrow>\<^isub>1M3)" by simp
  96.347 +    from b3 i1 have "(\<exists>M3. Q'\<longrightarrow>\<^sub>1M3 \<and> Q''\<longrightarrow>\<^sub>1M3)" by simp
  96.348      then obtain Q''' where
  96.349 -      d1: "Q'\<longrightarrow>\<^isub>1Q'''" and d2: "Q''\<longrightarrow>\<^isub>1Q'''" by blast
  96.350 +      d1: "Q'\<longrightarrow>\<^sub>1Q'''" and d2: "Q''\<longrightarrow>\<^sub>1Q'''" by blast
  96.351      from g1 r2 d1 r4 r5 d2 
  96.352 -    have "App P' Q'\<longrightarrow>\<^isub>1R1[x::=Q'''] \<and> P1''[x::=Q'']\<longrightarrow>\<^isub>1R1[x::=Q''']" 
  96.353 +    have "App P' Q'\<longrightarrow>\<^sub>1R1[x::=Q'''] \<and> P1''[x::=Q'']\<longrightarrow>\<^sub>1R1[x::=Q''']" 
  96.354        using vc i0' by (simp add: one_subst one_fresh_preserv)
  96.355 -    hence "\<exists>M3. App P' Q'\<longrightarrow>\<^isub>1M3 \<and> M2\<longrightarrow>\<^isub>1M3" using b1 by blast
  96.356 +    hence "\<exists>M3. App P' Q'\<longrightarrow>\<^sub>1M3 \<and> M2\<longrightarrow>\<^sub>1M3" using b1 by blast
  96.357    }
  96.358 -  ultimately show "\<exists>M3. App P' Q'\<longrightarrow>\<^isub>1M3 \<and> M2\<longrightarrow>\<^isub>1M3" by blast
  96.359 +  ultimately show "\<exists>M3. App P' Q'\<longrightarrow>\<^sub>1M3 \<and> M2\<longrightarrow>\<^sub>1M3" by blast
  96.360  next
  96.361    case (o3 P P' x) (* case 4 *)
  96.362 -  have i1: "P\<longrightarrow>\<^isub>1P'" by fact
  96.363 -  have i2: "\<And>M2. P \<longrightarrow>\<^isub>1M2 \<Longrightarrow> (\<exists>M3. P'\<longrightarrow>\<^isub>1M3 \<and> M2\<longrightarrow>\<^isub>1M3)" by fact
  96.364 -  have "(Lam [x].P)\<longrightarrow>\<^isub>1 M2" by fact
  96.365 -  hence "\<exists>P''. M2=Lam [x].P'' \<and> P\<longrightarrow>\<^isub>1P''" by (simp add: one_abs)
  96.366 -  then obtain P'' where b1: "M2=Lam [x].P''" and b2: "P\<longrightarrow>\<^isub>1P''" by blast
  96.367 -  from i2 b1 b2 have "\<exists>M3. (Lam [x].P')\<longrightarrow>\<^isub>1M3 \<and> (Lam [x].P'')\<longrightarrow>\<^isub>1M3" by blast
  96.368 -  then obtain M3 where c1: "(Lam [x].P')\<longrightarrow>\<^isub>1M3" and c2: "(Lam [x].P'')\<longrightarrow>\<^isub>1M3" by blast
  96.369 -  from c1 have "\<exists>R1. M3=Lam [x].R1 \<and> P'\<longrightarrow>\<^isub>1R1" by (simp add: one_abs)
  96.370 -  then obtain R1 where r1: "M3=Lam [x].R1" and r2: "P'\<longrightarrow>\<^isub>1R1" by blast
  96.371 -  from c2 have "\<exists>R2. M3=Lam [x].R2 \<and> P''\<longrightarrow>\<^isub>1R2" by (simp add: one_abs)
  96.372 -  then obtain R2 where r3: "M3=Lam [x].R2" and r4: "P''\<longrightarrow>\<^isub>1R2" by blast
  96.373 +  have i1: "P\<longrightarrow>\<^sub>1P'" by fact
  96.374 +  have i2: "\<And>M2. P \<longrightarrow>\<^sub>1M2 \<Longrightarrow> (\<exists>M3. P'\<longrightarrow>\<^sub>1M3 \<and> M2\<longrightarrow>\<^sub>1M3)" by fact
  96.375 +  have "(Lam [x].P)\<longrightarrow>\<^sub>1 M2" by fact
  96.376 +  hence "\<exists>P''. M2=Lam [x].P'' \<and> P\<longrightarrow>\<^sub>1P''" by (simp add: one_abs)
  96.377 +  then obtain P'' where b1: "M2=Lam [x].P''" and b2: "P\<longrightarrow>\<^sub>1P''" by blast
  96.378 +  from i2 b1 b2 have "\<exists>M3. (Lam [x].P')\<longrightarrow>\<^sub>1M3 \<and> (Lam [x].P'')\<longrightarrow>\<^sub>1M3" by blast
  96.379 +  then obtain M3 where c1: "(Lam [x].P')\<longrightarrow>\<^sub>1M3" and c2: "(Lam [x].P'')\<longrightarrow>\<^sub>1M3" by blast
  96.380 +  from c1 have "\<exists>R1. M3=Lam [x].R1 \<and> P'\<longrightarrow>\<^sub>1R1" by (simp add: one_abs)
  96.381 +  then obtain R1 where r1: "M3=Lam [x].R1" and r2: "P'\<longrightarrow>\<^sub>1R1" by blast
  96.382 +  from c2 have "\<exists>R2. M3=Lam [x].R2 \<and> P''\<longrightarrow>\<^sub>1R2" by (simp add: one_abs)
  96.383 +  then obtain R2 where r3: "M3=Lam [x].R2" and r4: "P''\<longrightarrow>\<^sub>1R2" by blast
  96.384    from r1 r3 have r5: "R1=R2" by (simp add: lam.inject alpha)
  96.385 -  from r2 r4 have "(Lam [x].P')\<longrightarrow>\<^isub>1(Lam [x].R1) \<and> (Lam [x].P'')\<longrightarrow>\<^isub>1(Lam [x].R2)" 
  96.386 +  from r2 r4 have "(Lam [x].P')\<longrightarrow>\<^sub>1(Lam [x].R1) \<and> (Lam [x].P'')\<longrightarrow>\<^sub>1(Lam [x].R2)" 
  96.387      by (simp add: one_subst)
  96.388 -  thus "\<exists>M3. (Lam [x].P')\<longrightarrow>\<^isub>1M3 \<and> M2\<longrightarrow>\<^isub>1M3" using b1 r5 by blast
  96.389 +  thus "\<exists>M3. (Lam [x].P')\<longrightarrow>\<^sub>1M3 \<and> M2\<longrightarrow>\<^sub>1M3" using b1 r5 by blast
  96.390  qed
  96.391  
  96.392  lemma one_lam_cong: 
  96.393 -  assumes a: "t1\<longrightarrow>\<^isub>\<beta>\<^sup>*t2" 
  96.394 -  shows "(Lam [a].t1)\<longrightarrow>\<^isub>\<beta>\<^sup>*(Lam [a].t2)"
  96.395 +  assumes a: "t1\<longrightarrow>\<^sub>\<beta>\<^sup>*t2" 
  96.396 +  shows "(Lam [a].t1)\<longrightarrow>\<^sub>\<beta>\<^sup>*(Lam [a].t2)"
  96.397    using a
  96.398  proof induct
  96.399    case bs1 thus ?case by simp
  96.400 @@ -476,8 +476,8 @@
  96.401  qed
  96.402  
  96.403  lemma one_app_congL: 
  96.404 -  assumes a: "t1\<longrightarrow>\<^isub>\<beta>\<^sup>*t2" 
  96.405 -  shows "App t1 s\<longrightarrow>\<^isub>\<beta>\<^sup>* App t2 s"
  96.406 +  assumes a: "t1\<longrightarrow>\<^sub>\<beta>\<^sup>*t2" 
  96.407 +  shows "App t1 s\<longrightarrow>\<^sub>\<beta>\<^sup>* App t2 s"
  96.408    using a
  96.409  proof induct
  96.410    case bs1 thus ?case by simp
  96.411 @@ -486,8 +486,8 @@
  96.412  qed
  96.413    
  96.414  lemma one_app_congR: 
  96.415 -  assumes a: "t1\<longrightarrow>\<^isub>\<beta>\<^sup>*t2" 
  96.416 -  shows "App s t1 \<longrightarrow>\<^isub>\<beta>\<^sup>* App s t2"
  96.417 +  assumes a: "t1\<longrightarrow>\<^sub>\<beta>\<^sup>*t2" 
  96.418 +  shows "App s t1 \<longrightarrow>\<^sub>\<beta>\<^sup>* App s t2"
  96.419  using a
  96.420  proof induct
  96.421    case bs1 thus ?case by simp
  96.422 @@ -496,19 +496,19 @@
  96.423  qed
  96.424  
  96.425  lemma one_app_cong: 
  96.426 -  assumes a1: "t1\<longrightarrow>\<^isub>\<beta>\<^sup>*t2" 
  96.427 -  and     a2: "s1\<longrightarrow>\<^isub>\<beta>\<^sup>*s2" 
  96.428 -  shows "App t1 s1\<longrightarrow>\<^isub>\<beta>\<^sup>* App t2 s2"
  96.429 +  assumes a1: "t1\<longrightarrow>\<^sub>\<beta>\<^sup>*t2" 
  96.430 +  and     a2: "s1\<longrightarrow>\<^sub>\<beta>\<^sup>*s2" 
  96.431 +  shows "App t1 s1\<longrightarrow>\<^sub>\<beta>\<^sup>* App t2 s2"
  96.432  proof -
  96.433 -  have "App t1 s1 \<longrightarrow>\<^isub>\<beta>\<^sup>* App t2 s1" using a1 by (rule one_app_congL)
  96.434 +  have "App t1 s1 \<longrightarrow>\<^sub>\<beta>\<^sup>* App t2 s1" using a1 by (rule one_app_congL)
  96.435    moreover
  96.436 -  have "App t2 s1 \<longrightarrow>\<^isub>\<beta>\<^sup>* App t2 s2" using a2 by (rule one_app_congR)
  96.437 +  have "App t2 s1 \<longrightarrow>\<^sub>\<beta>\<^sup>* App t2 s2" using a2 by (rule one_app_congR)
  96.438    ultimately show ?thesis by (rule beta_star_trans)
  96.439  qed
  96.440  
  96.441  lemma one_beta_star: 
  96.442 -  assumes a: "(t1\<longrightarrow>\<^isub>1t2)" 
  96.443 -  shows "(t1\<longrightarrow>\<^isub>\<beta>\<^sup>*t2)"
  96.444 +  assumes a: "(t1\<longrightarrow>\<^sub>1t2)" 
  96.445 +  shows "(t1\<longrightarrow>\<^sub>\<beta>\<^sup>*t2)"
  96.446    using a
  96.447  proof(nominal_induct rule: One.strong_induct)
  96.448    case o1 thus ?case by simp
  96.449 @@ -519,16 +519,16 @@
  96.450  next 
  96.451    case (o4 a s1 s2 t1 t2)
  96.452    have vc: "a\<sharp>s1" "a\<sharp>s2" by fact+
  96.453 -  have a1: "t1\<longrightarrow>\<^isub>\<beta>\<^sup>*t2" and a2: "s1\<longrightarrow>\<^isub>\<beta>\<^sup>*s2" by fact+
  96.454 -  have c1: "(App (Lam [a].t2) s2) \<longrightarrow>\<^isub>\<beta> (t2 [a::= s2])" using vc by (simp add: b4)
  96.455 -  from a1 a2 have c2: "App (Lam [a].t1 ) s1 \<longrightarrow>\<^isub>\<beta>\<^sup>* App (Lam [a].t2 ) s2" 
  96.456 +  have a1: "t1\<longrightarrow>\<^sub>\<beta>\<^sup>*t2" and a2: "s1\<longrightarrow>\<^sub>\<beta>\<^sup>*s2" by fact+
  96.457 +  have c1: "(App (Lam [a].t2) s2) \<longrightarrow>\<^sub>\<beta> (t2 [a::= s2])" using vc by (simp add: b4)
  96.458 +  from a1 a2 have c2: "App (Lam [a].t1 ) s1 \<longrightarrow>\<^sub>\<beta>\<^sup>* App (Lam [a].t2 ) s2" 
  96.459      by (blast intro!: one_app_cong one_lam_cong)
  96.460    show ?case using c2 c1 by (blast intro: beta_star_trans)
  96.461  qed
  96.462   
  96.463  lemma one_star_lam_cong: 
  96.464 -  assumes a: "t1\<longrightarrow>\<^isub>1\<^sup>*t2" 
  96.465 -  shows "(Lam  [a].t1)\<longrightarrow>\<^isub>1\<^sup>* (Lam [a].t2)"
  96.466 +  assumes a: "t1\<longrightarrow>\<^sub>1\<^sup>*t2" 
  96.467 +  shows "(Lam  [a].t1)\<longrightarrow>\<^sub>1\<^sup>* (Lam [a].t2)"
  96.468    using a
  96.469  proof induct
  96.470    case os1 thus ?case by simp
  96.471 @@ -537,8 +537,8 @@
  96.472  qed
  96.473  
  96.474  lemma one_star_app_congL: 
  96.475 -  assumes a: "t1\<longrightarrow>\<^isub>1\<^sup>*t2" 
  96.476 -  shows "App t1 s\<longrightarrow>\<^isub>1\<^sup>* App t2 s"
  96.477 +  assumes a: "t1\<longrightarrow>\<^sub>1\<^sup>*t2" 
  96.478 +  shows "App t1 s\<longrightarrow>\<^sub>1\<^sup>* App t2 s"
  96.479    using a
  96.480  proof induct
  96.481    case os1 thus ?case by simp
  96.482 @@ -547,8 +547,8 @@
  96.483  qed
  96.484  
  96.485  lemma one_star_app_congR: 
  96.486 -  assumes a: "t1\<longrightarrow>\<^isub>1\<^sup>*t2" 
  96.487 -  shows "App s t1 \<longrightarrow>\<^isub>1\<^sup>* App s t2"
  96.488 +  assumes a: "t1\<longrightarrow>\<^sub>1\<^sup>*t2" 
  96.489 +  shows "App s t1 \<longrightarrow>\<^sub>1\<^sup>* App s t2"
  96.490    using a
  96.491  proof induct
  96.492    case os1 thus ?case by simp
  96.493 @@ -557,8 +557,8 @@
  96.494  qed
  96.495  
  96.496  lemma beta_one_star: 
  96.497 -  assumes a: "t1\<longrightarrow>\<^isub>\<beta>t2" 
  96.498 -  shows "t1\<longrightarrow>\<^isub>1\<^sup>*t2"
  96.499 +  assumes a: "t1\<longrightarrow>\<^sub>\<beta>t2" 
  96.500 +  shows "t1\<longrightarrow>\<^sub>1\<^sup>*t2"
  96.501    using a
  96.502  proof(induct)
  96.503    case b1 thus ?case by (blast intro!: one_star_app_congL)
  96.504 @@ -571,88 +571,88 @@
  96.505  qed
  96.506  
  96.507  lemma trans_closure: 
  96.508 -  shows "(M1\<longrightarrow>\<^isub>1\<^sup>*M2) = (M1\<longrightarrow>\<^isub>\<beta>\<^sup>*M2)"
  96.509 +  shows "(M1\<longrightarrow>\<^sub>1\<^sup>*M2) = (M1\<longrightarrow>\<^sub>\<beta>\<^sup>*M2)"
  96.510  proof
  96.511 -  assume "M1 \<longrightarrow>\<^isub>1\<^sup>* M2"
  96.512 -  then show "M1\<longrightarrow>\<^isub>\<beta>\<^sup>*M2"
  96.513 +  assume "M1 \<longrightarrow>\<^sub>1\<^sup>* M2"
  96.514 +  then show "M1\<longrightarrow>\<^sub>\<beta>\<^sup>*M2"
  96.515    proof induct
  96.516 -    case (os1 M1) thus "M1\<longrightarrow>\<^isub>\<beta>\<^sup>*M1" by simp
  96.517 +    case (os1 M1) thus "M1\<longrightarrow>\<^sub>\<beta>\<^sup>*M1" by simp
  96.518    next
  96.519      case (os2 M1 M2 M3)
  96.520 -    have "M2\<longrightarrow>\<^isub>1M3" by fact
  96.521 -    then have "M2\<longrightarrow>\<^isub>\<beta>\<^sup>*M3" by (rule one_beta_star)
  96.522 -    moreover have "M1\<longrightarrow>\<^isub>\<beta>\<^sup>*M2" by fact
  96.523 -    ultimately show "M1\<longrightarrow>\<^isub>\<beta>\<^sup>*M3" by (auto intro: beta_star_trans)
  96.524 +    have "M2\<longrightarrow>\<^sub>1M3" by fact
  96.525 +    then have "M2\<longrightarrow>\<^sub>\<beta>\<^sup>*M3" by (rule one_beta_star)
  96.526 +    moreover have "M1\<longrightarrow>\<^sub>\<beta>\<^sup>*M2" by fact
  96.527 +    ultimately show "M1\<longrightarrow>\<^sub>\<beta>\<^sup>*M3" by (auto intro: beta_star_trans)
  96.528    qed
  96.529  next
  96.530 -  assume "M1 \<longrightarrow>\<^isub>\<beta>\<^sup>* M2" 
  96.531 -  then show "M1\<longrightarrow>\<^isub>1\<^sup>*M2"
  96.532 +  assume "M1 \<longrightarrow>\<^sub>\<beta>\<^sup>* M2" 
  96.533 +  then show "M1\<longrightarrow>\<^sub>1\<^sup>*M2"
  96.534    proof induct
  96.535 -    case (bs1 M1) thus  "M1\<longrightarrow>\<^isub>1\<^sup>*M1" by simp
  96.536 +    case (bs1 M1) thus  "M1\<longrightarrow>\<^sub>1\<^sup>*M1" by simp
  96.537    next
  96.538      case (bs2 M1 M2 M3) 
  96.539 -    have "M2\<longrightarrow>\<^isub>\<beta>M3" by fact
  96.540 -    then have "M2\<longrightarrow>\<^isub>1\<^sup>*M3" by (rule beta_one_star)
  96.541 -    moreover have "M1\<longrightarrow>\<^isub>1\<^sup>*M2" by fact
  96.542 -    ultimately show "M1\<longrightarrow>\<^isub>1\<^sup>*M3" by (auto intro: one_star_trans)
  96.543 +    have "M2\<longrightarrow>\<^sub>\<beta>M3" by fact
  96.544 +    then have "M2\<longrightarrow>\<^sub>1\<^sup>*M3" by (rule beta_one_star)
  96.545 +    moreover have "M1\<longrightarrow>\<^sub>1\<^sup>*M2" by fact
  96.546 +    ultimately show "M1\<longrightarrow>\<^sub>1\<^sup>*M3" by (auto intro: one_star_trans)
  96.547    qed
  96.548  qed
  96.549  
  96.550  lemma cr_one:
  96.551 -  assumes a: "t\<longrightarrow>\<^isub>1\<^sup>*t1" 
  96.552 -  and     b: "t\<longrightarrow>\<^isub>1t2"
  96.553 -  shows "\<exists>t3. t1\<longrightarrow>\<^isub>1t3 \<and> t2\<longrightarrow>\<^isub>1\<^sup>*t3"
  96.554 +  assumes a: "t\<longrightarrow>\<^sub>1\<^sup>*t1" 
  96.555 +  and     b: "t\<longrightarrow>\<^sub>1t2"
  96.556 +  shows "\<exists>t3. t1\<longrightarrow>\<^sub>1t3 \<and> t2\<longrightarrow>\<^sub>1\<^sup>*t3"
  96.557    using a b
  96.558  proof (induct arbitrary: t2)
  96.559    case os1 thus ?case by force
  96.560  next
  96.561    case (os2 t s1 s2 t2)  
  96.562 -  have b: "s1 \<longrightarrow>\<^isub>1 s2" by fact
  96.563 -  have h: "\<And>t2. t \<longrightarrow>\<^isub>1 t2 \<Longrightarrow> (\<exists>t3. s1 \<longrightarrow>\<^isub>1 t3 \<and> t2 \<longrightarrow>\<^isub>1\<^sup>* t3)" by fact
  96.564 -  have c: "t \<longrightarrow>\<^isub>1 t2" by fact
  96.565 -  show "\<exists>t3. s2 \<longrightarrow>\<^isub>1 t3 \<and>  t2 \<longrightarrow>\<^isub>1\<^sup>* t3" 
  96.566 +  have b: "s1 \<longrightarrow>\<^sub>1 s2" by fact
  96.567 +  have h: "\<And>t2. t \<longrightarrow>\<^sub>1 t2 \<Longrightarrow> (\<exists>t3. s1 \<longrightarrow>\<^sub>1 t3 \<and> t2 \<longrightarrow>\<^sub>1\<^sup>* t3)" by fact
  96.568 +  have c: "t \<longrightarrow>\<^sub>1 t2" by fact
  96.569 +  show "\<exists>t3. s2 \<longrightarrow>\<^sub>1 t3 \<and>  t2 \<longrightarrow>\<^sub>1\<^sup>* t3" 
  96.570    proof -
  96.571 -    from c h have "\<exists>t3. s1 \<longrightarrow>\<^isub>1 t3 \<and> t2 \<longrightarrow>\<^isub>1\<^sup>* t3" by blast
  96.572 -    then obtain t3 where c1: "s1 \<longrightarrow>\<^isub>1 t3" and c2: "t2 \<longrightarrow>\<^isub>1\<^sup>* t3" by blast
  96.573 -    have "\<exists>t4. s2 \<longrightarrow>\<^isub>1 t4 \<and> t3 \<longrightarrow>\<^isub>1 t4" using b c1 by (blast intro: diamond)
  96.574 +    from c h have "\<exists>t3. s1 \<longrightarrow>\<^sub>1 t3 \<and> t2 \<longrightarrow>\<^sub>1\<^sup>* t3" by blast
  96.575 +    then obtain t3 where c1: "s1 \<longrightarrow>\<^sub>1 t3" and c2: "t2 \<longrightarrow>\<^sub>1\<^sup>* t3" by blast
  96.576 +    have "\<exists>t4. s2 \<longrightarrow>\<^sub>1 t4 \<and> t3 \<longrightarrow>\<^sub>1 t4" using b c1 by (blast intro: diamond)
  96.577      thus ?thesis using c2 by (blast intro: one_star_trans)
  96.578    qed
  96.579  qed
  96.580  
  96.581  lemma cr_one_star: 
  96.582 -  assumes a: "t\<longrightarrow>\<^isub>1\<^sup>*t2"
  96.583 -      and b: "t\<longrightarrow>\<^isub>1\<^sup>*t1"
  96.584 -    shows "\<exists>t3. t1\<longrightarrow>\<^isub>1\<^sup>*t3\<and>t2\<longrightarrow>\<^isub>1\<^sup>*t3"
  96.585 +  assumes a: "t\<longrightarrow>\<^sub>1\<^sup>*t2"
  96.586 +      and b: "t\<longrightarrow>\<^sub>1\<^sup>*t1"
  96.587 +    shows "\<exists>t3. t1\<longrightarrow>\<^sub>1\<^sup>*t3\<and>t2\<longrightarrow>\<^sub>1\<^sup>*t3"
  96.588  using a b
  96.589  proof (induct arbitrary: t1)
  96.590    case (os1 t) then show ?case by force
  96.591  next 
  96.592    case (os2 t s1 s2 t1)
  96.593 -  have c: "t \<longrightarrow>\<^isub>1\<^sup>* s1" by fact
  96.594 -  have c': "t \<longrightarrow>\<^isub>1\<^sup>* t1" by fact
  96.595 -  have d: "s1 \<longrightarrow>\<^isub>1 s2" by fact
  96.596 -  have "t \<longrightarrow>\<^isub>1\<^sup>* t1 \<Longrightarrow> (\<exists>t3.  t1 \<longrightarrow>\<^isub>1\<^sup>* t3 \<and> s1 \<longrightarrow>\<^isub>1\<^sup>* t3)" by fact
  96.597 -  then obtain t3 where f1: "t1 \<longrightarrow>\<^isub>1\<^sup>* t3"
  96.598 -                   and f2: "s1 \<longrightarrow>\<^isub>1\<^sup>* t3" using c' by blast
  96.599 -  from cr_one d f2 have "\<exists>t4. t3\<longrightarrow>\<^isub>1t4 \<and> s2\<longrightarrow>\<^isub>1\<^sup>*t4" by blast
  96.600 -  then obtain t4 where g1: "t3\<longrightarrow>\<^isub>1t4"
  96.601 -                   and g2: "s2\<longrightarrow>\<^isub>1\<^sup>*t4" by blast
  96.602 -  have "t1\<longrightarrow>\<^isub>1\<^sup>*t4" using f1 g1 by (blast intro: one_star_trans)
  96.603 +  have c: "t \<longrightarrow>\<^sub>1\<^sup>* s1" by fact
  96.604 +  have c': "t \<longrightarrow>\<^sub>1\<^sup>* t1" by fact
  96.605 +  have d: "s1 \<longrightarrow>\<^sub>1 s2" by fact
  96.606 +  have "t \<longrightarrow>\<^sub>1\<^sup>* t1 \<Longrightarrow> (\<exists>t3.  t1 \<longrightarrow>\<^sub>1\<^sup>* t3 \<and> s1 \<longrightarrow>\<^sub>1\<^sup>* t3)" by fact
  96.607 +  then obtain t3 where f1: "t1 \<longrightarrow>\<^sub>1\<^sup>* t3"
  96.608 +                   and f2: "s1 \<longrightarrow>\<^sub>1\<^sup>* t3" using c' by blast
  96.609 +  from cr_one d f2 have "\<exists>t4. t3\<longrightarrow>\<^sub>1t4 \<and> s2\<longrightarrow>\<^sub>1\<^sup>*t4" by blast
  96.610 +  then obtain t4 where g1: "t3\<longrightarrow>\<^sub>1t4"
  96.611 +                   and g2: "s2\<longrightarrow>\<^sub>1\<^sup>*t4" by blast
  96.612 +  have "t1\<longrightarrow>\<^sub>1\<^sup>*t4" using f1 g1 by (blast intro: one_star_trans)
  96.613    thus ?case using g2 by blast
  96.614  qed
  96.615    
  96.616  lemma cr_beta_star: 
  96.617 -  assumes a1: "t\<longrightarrow>\<^isub>\<beta>\<^sup>*t1" 
  96.618 -  and     a2: "t\<longrightarrow>\<^isub>\<beta>\<^sup>*t2" 
  96.619 -  shows "\<exists>t3. t1\<longrightarrow>\<^isub>\<beta>\<^sup>*t3\<and>t2\<longrightarrow>\<^isub>\<beta>\<^sup>*t3"
  96.620 +  assumes a1: "t\<longrightarrow>\<^sub>\<beta>\<^sup>*t1" 
  96.621 +  and     a2: "t\<longrightarrow>\<^sub>\<beta>\<^sup>*t2" 
  96.622 +  shows "\<exists>t3. t1\<longrightarrow>\<^sub>\<beta>\<^sup>*t3\<and>t2\<longrightarrow>\<^sub>\<beta>\<^sup>*t3"
  96.623  proof -
  96.624 -  from a1 have "t\<longrightarrow>\<^isub>1\<^sup>*t1" by (simp only: trans_closure)
  96.625 +  from a1 have "t\<longrightarrow>\<^sub>1\<^sup>*t1" by (simp only: trans_closure)
  96.626    moreover
  96.627 -  from a2 have "t\<longrightarrow>\<^isub>1\<^sup>*t2" by (simp only: trans_closure)
  96.628 -  ultimately have "\<exists>t3. t1\<longrightarrow>\<^isub>1\<^sup>*t3 \<and> t2\<longrightarrow>\<^isub>1\<^sup>*t3" by (blast intro: cr_one_star) 
  96.629 -  then obtain t3 where "t1\<longrightarrow>\<^isub>1\<^sup>*t3" and "t2\<longrightarrow>\<^isub>1\<^sup>*t3" by blast
  96.630 -  hence "t1\<longrightarrow>\<^isub>\<beta>\<^sup>*t3" and "t2\<longrightarrow>\<^isub>\<beta>\<^sup>*t3" by (simp_all only: trans_closure)
  96.631 -  then show "\<exists>t3. t1\<longrightarrow>\<^isub>\<beta>\<^sup>*t3\<and>t2\<longrightarrow>\<^isub>\<beta>\<^sup>*t3" by blast
  96.632 +  from a2 have "t\<longrightarrow>\<^sub>1\<^sup>*t2" by (simp only: trans_closure)
  96.633 +  ultimately have "\<exists>t3. t1\<longrightarrow>\<^sub>1\<^sup>*t3 \<and> t2\<longrightarrow>\<^sub>1\<^sup>*t3" by (blast intro: cr_one_star) 
  96.634 +  then obtain t3 where "t1\<longrightarrow>\<^sub>1\<^sup>*t3" and "t2\<longrightarrow>\<^sub>1\<^sup>*t3" by blast
  96.635 +  hence "t1\<longrightarrow>\<^sub>\<beta>\<^sup>*t3" and "t2\<longrightarrow>\<^sub>\<beta>\<^sup>*t3" by (simp_all only: trans_closure)
  96.636 +  then show "\<exists>t3. t1\<longrightarrow>\<^sub>\<beta>\<^sup>*t3\<and>t2\<longrightarrow>\<^sub>\<beta>\<^sup>*t3" by blast
  96.637  qed
  96.638  
  96.639  end
    97.1 --- a/src/HOL/Nominal/Examples/CR_Takahashi.thy	Tue Aug 13 14:20:22 2013 +0200
    97.2 +++ b/src/HOL/Nominal/Examples/CR_Takahashi.thy	Tue Aug 13 16:25:47 2013 +0200
    97.3 @@ -22,7 +22,7 @@
    97.4    subst :: "lam \<Rightarrow> name \<Rightarrow> lam \<Rightarrow> lam"  ("_[_::=_]" [100,100,100] 100)
    97.5  where
    97.6    "(Var x)[y::=s] = (if x=y then s else (Var x))"
    97.7 -| "(App t\<^isub>1 t\<^isub>2)[y::=s] = App (t\<^isub>1[y::=s]) (t\<^isub>2[y::=s])"
    97.8 +| "(App t\<^sub>1 t\<^sub>2)[y::=s] = App (t\<^sub>1[y::=s]) (t\<^sub>2[y::=s])"
    97.9  | "x\<sharp>(y,s) \<Longrightarrow> (Lam [x].t)[y::=s] = Lam [x].(t[y::=s])"
   97.10  apply(finite_guess)+
   97.11  apply(rule TrueI)+
   97.12 @@ -66,81 +66,81 @@
   97.13  section {* Beta-Reduction *}
   97.14  
   97.15  inductive 
   97.16 -  "Beta" :: "lam\<Rightarrow>lam\<Rightarrow>bool" (" _ \<longrightarrow>\<^isub>\<beta> _" [80,80] 80)
   97.17 +  "Beta" :: "lam\<Rightarrow>lam\<Rightarrow>bool" (" _ \<longrightarrow>\<^sub>\<beta> _" [80,80] 80)
   97.18  where
   97.19 -  b1[intro]: "t1 \<longrightarrow>\<^isub>\<beta> t2 \<Longrightarrow> App t1 s \<longrightarrow>\<^isub>\<beta> App t2 s"
   97.20 -| b2[intro]: "s1 \<longrightarrow>\<^isub>\<beta> s2 \<Longrightarrow> App t s1 \<longrightarrow>\<^isub>\<beta> App t s2"
   97.21 -| b3[intro]: "t1 \<longrightarrow>\<^isub>\<beta> t2 \<Longrightarrow> Lam [x].t1 \<longrightarrow>\<^isub>\<beta> Lam [x].t2"
   97.22 -| b4[intro]: "App (Lam [x].t) s \<longrightarrow>\<^isub>\<beta> t[x::=s]"
   97.23 +  b1[intro]: "t1 \<longrightarrow>\<^sub>\<beta> t2 \<Longrightarrow> App t1 s \<longrightarrow>\<^sub>\<beta> App t2 s"
   97.24 +| b2[intro]: "s1 \<longrightarrow>\<^sub>\<beta> s2 \<Longrightarrow> App t s1 \<longrightarrow>\<^sub>\<beta> App t s2"
   97.25 +| b3[intro]: "t1 \<longrightarrow>\<^sub>\<beta> t2 \<Longrightarrow> Lam [x].t1 \<longrightarrow>\<^sub>\<beta> Lam [x].t2"
   97.26 +| b4[intro]: "App (Lam [x].t) s \<longrightarrow>\<^sub>\<beta> t[x::=s]"
   97.27  
   97.28  section {* Transitive Closure of Beta *}
   97.29  
   97.30  inductive 
   97.31 -  "Beta_star" :: "lam\<Rightarrow>lam\<Rightarrow>bool" (" _ \<longrightarrow>\<^isub>\<beta>\<^sup>* _" [80,80] 80)
   97.32 +  "Beta_star" :: "lam\<Rightarrow>lam\<Rightarrow>bool" (" _ \<longrightarrow>\<^sub>\<beta>\<^sup>* _" [80,80] 80)
   97.33  where
   97.34 -  bs1[intro]: "t \<longrightarrow>\<^isub>\<beta>\<^sup>* t"
   97.35 -| bs2[intro]: "t \<longrightarrow>\<^isub>\<beta> s \<Longrightarrow> t \<longrightarrow>\<^isub>\<beta>\<^sup>* s"
   97.36 -| bs3[intro,trans]: "\<lbrakk>t1\<longrightarrow>\<^isub>\<beta>\<^sup>* t2; t2 \<longrightarrow>\<^isub>\<beta>\<^sup>* t3\<rbrakk> \<Longrightarrow> t1 \<longrightarrow>\<^isub>\<beta>\<^sup>* t3"
   97.37 +  bs1[intro]: "t \<longrightarrow>\<^sub>\<beta>\<^sup>* t"
   97.38 +| bs2[intro]: "t \<longrightarrow>\<^sub>\<beta> s \<Longrightarrow> t \<longrightarrow>\<^sub>\<beta>\<^sup>* s"
   97.39 +| bs3[intro,trans]: "\<lbrakk>t1\<longrightarrow>\<^sub>\<beta>\<^sup>* t2; t2 \<longrightarrow>\<^sub>\<beta>\<^sup>* t3\<rbrakk> \<Longrightarrow> t1 \<longrightarrow>\<^sub>\<beta>\<^sup>* t3"
   97.40  
   97.41  section {* One-Reduction *}
   97.42  
   97.43  inductive 
   97.44 -  One :: "lam\<Rightarrow>lam\<Rightarrow>bool" (" _ \<longrightarrow>\<^isub>1 _" [80,80] 80)
   97.45 +  One :: "lam\<Rightarrow>lam\<Rightarrow>bool" (" _ \<longrightarrow>\<^sub>1 _" [80,80] 80)
   97.46  where
   97.47 -  o1[intro]: "Var x\<longrightarrow>\<^isub>1 Var x"
   97.48 -| o2[intro]: "\<lbrakk>t1\<longrightarrow>\<^isub>1t2; s1\<longrightarrow>\<^isub>1s2\<rbrakk> \<Longrightarrow> App t1 s1 \<longrightarrow>\<^isub>1 App t2 s2"
   97.49 -| o3[intro]: "t1\<longrightarrow>\<^isub>1t2 \<Longrightarrow> Lam [x].t1 \<longrightarrow>\<^isub>1 Lam [x].t2"
   97.50 -| o4[intro]: "\<lbrakk>x\<sharp>(s1,s2); t1\<longrightarrow>\<^isub>1t2; s1\<longrightarrow>\<^isub>1s2\<rbrakk> \<Longrightarrow> App (Lam [x].t1) s1 \<longrightarrow>\<^isub>1 t2[x::=s2]"
   97.51 +  o1[intro]: "Var x\<longrightarrow>\<^sub>1 Var x"
   97.52 +| o2[intro]: "\<lbrakk>t1\<longrightarrow>\<^sub>1t2; s1\<longrightarrow>\<^sub>1s2\<rbrakk> \<Longrightarrow> App t1 s1 \<longrightarrow>\<^sub>1 App t2 s2"
   97.53 +| o3[intro]: "t1\<longrightarrow>\<^sub>1t2 \<Longrightarrow> Lam [x].t1 \<longrightarrow>\<^sub>1 Lam [x].t2"
   97.54 +| o4[intro]: "\<lbrakk>x\<sharp>(s1,s2); t1\<longrightarrow>\<^sub>1t2; s1\<longrightarrow>\<^sub>1s2\<rbrakk> \<Longrightarrow> App (Lam [x].t1) s1 \<longrightarrow>\<^sub>1 t2[x::=s2]"
   97.55  
   97.56  equivariance One
   97.57  nominal_inductive One 
   97.58    by (simp_all add: abs_fresh fresh_fact)
   97.59  
   97.60  lemma One_refl:
   97.61 -  shows "t \<longrightarrow>\<^isub>1 t"
   97.62 +  shows "t \<longrightarrow>\<^sub>1 t"
   97.63  by (nominal_induct t rule: lam.strong_induct) (auto)
   97.64  
   97.65  lemma One_subst: 
   97.66 -  assumes a: "t1 \<longrightarrow>\<^isub>1 t2" "s1 \<longrightarrow>\<^isub>1 s2"
   97.67 -  shows "t1[x::=s1] \<longrightarrow>\<^isub>1 t2[x::=s2]" 
   97.68 +  assumes a: "t1 \<longrightarrow>\<^sub>1 t2" "s1 \<longrightarrow>\<^sub>1 s2"
   97.69 +  shows "t1[x::=s1] \<longrightarrow>\<^sub>1 t2[x::=s2]" 
   97.70  using a 
   97.71  by (nominal_induct t1 t2 avoiding: s1 s2 x rule: One.strong_induct)
   97.72     (auto simp add: substitution_lemma fresh_atm fresh_fact)
   97.73  
   97.74  lemma better_o4_intro:
   97.75 -  assumes a: "t1 \<longrightarrow>\<^isub>1 t2" "s1 \<longrightarrow>\<^isub>1 s2"
   97.76 -  shows "App (Lam [x].t1) s1 \<longrightarrow>\<^isub>1 t2[x::=s2]"
   97.77 +  assumes a: "t1 \<longrightarrow>\<^sub>1 t2" "s1 \<longrightarrow>\<^sub>1 s2"
   97.78 +  shows "App (Lam [x].t1) s1 \<longrightarrow>\<^sub>1 t2[x::=s2]"
   97.79  proof -
   97.80    obtain y::"name" where fs: "y\<sharp>(x,t1,s1,t2,s2)" by (rule exists_fresh, rule fin_supp, blast)
   97.81    have "App (Lam [x].t1) s1 = App (Lam [y].([(y,x)]\<bullet>t1)) s1" using fs
   97.82      by (auto simp add: lam.inject alpha' fresh_prod fresh_atm)
   97.83 -  also have "\<dots> \<longrightarrow>\<^isub>1  ([(y,x)]\<bullet>t2)[y::=s2]" using fs a by (auto simp add: One.eqvt)
   97.84 +  also have "\<dots> \<longrightarrow>\<^sub>1  ([(y,x)]\<bullet>t2)[y::=s2]" using fs a by (auto simp add: One.eqvt)
   97.85    also have "\<dots> = t2[x::=s2]" using fs by (simp add: subst_rename[symmetric])
   97.86 -  finally show "App (Lam [x].t1) s1 \<longrightarrow>\<^isub>1 t2[x::=s2]" by simp
   97.87 +  finally show "App (Lam [x].t1) s1 \<longrightarrow>\<^sub>1 t2[x::=s2]" by simp
   97.88  qed
   97.89  
   97.90  lemma One_Var:
   97.91 -  assumes a: "Var x \<longrightarrow>\<^isub>1 M"
   97.92 +  assumes a: "Var x \<longrightarrow>\<^sub>1 M"
   97.93    shows "M = Var x"
   97.94  using a by (cases rule: One.cases) (simp_all) 
   97.95  
   97.96  lemma One_Lam: 
   97.97 -  assumes a: "Lam [x].t \<longrightarrow>\<^isub>1 s" "x\<sharp>s"
   97.98 -  shows "\<exists>t'. s = Lam [x].t' \<and> t \<longrightarrow>\<^isub>1 t'"
   97.99 +  assumes a: "Lam [x].t \<longrightarrow>\<^sub>1 s" "x\<sharp>s"
  97.100 +  shows "\<exists>t'. s = Lam [x].t' \<and> t \<longrightarrow>\<^sub>1 t'"
  97.101  using a
  97.102  by (cases rule: One.strong_cases)
  97.103     (auto simp add: lam.inject abs_fresh alpha)
  97.104  
  97.105  lemma One_App: 
  97.106 -  assumes a: "App t s \<longrightarrow>\<^isub>1 r"
  97.107 -  shows "(\<exists>t' s'. r = App t' s' \<and> t \<longrightarrow>\<^isub>1 t' \<and> s \<longrightarrow>\<^isub>1 s') \<or> 
  97.108 -         (\<exists>x p p' s'. r = p'[x::=s'] \<and> t = Lam [x].p \<and> p \<longrightarrow>\<^isub>1 p' \<and> s \<longrightarrow>\<^isub>1 s' \<and> x\<sharp>(s,s'))" 
  97.109 +  assumes a: "App t s \<longrightarrow>\<^sub>1 r"
  97.110 +  shows "(\<exists>t' s'. r = App t' s' \<and> t \<longrightarrow>\<^sub>1 t' \<and> s \<longrightarrow>\<^sub>1 s') \<or> 
  97.111 +         (\<exists>x p p' s'. r = p'[x::=s'] \<and> t = Lam [x].p \<and> p \<longrightarrow>\<^sub>1 p' \<and> s \<longrightarrow>\<^sub>1 s' \<and> x\<sharp>(s,s'))" 
  97.112  using a by (cases rule: One.cases) (auto simp add: lam.inject)
  97.113  
  97.114  lemma One_Redex: 
  97.115 -  assumes a: "App (Lam [x].t) s \<longrightarrow>\<^isub>1 r" "x\<sharp>(s,r)"
  97.116 -  shows "(\<exists>t' s'. r = App (Lam [x].t') s' \<and> t \<longrightarrow>\<^isub>1 t' \<and> s \<longrightarrow>\<^isub>1 s') \<or> 
  97.117 -         (\<exists>t' s'. r = t'[x::=s'] \<and> t \<longrightarrow>\<^isub>1 t' \<and> s \<longrightarrow>\<^isub>1 s')" 
  97.118 +  assumes a: "App (Lam [x].t) s \<longrightarrow>\<^sub>1 r" "x\<sharp>(s,r)"
  97.119 +  shows "(\<exists>t' s'. r = App (Lam [x].t') s' \<and> t \<longrightarrow>\<^sub>1 t' \<and> s \<longrightarrow>\<^sub>1 s') \<or> 
  97.120 +         (\<exists>t' s'. r = t'[x::=s'] \<and> t \<longrightarrow>\<^sub>1 t' \<and> s \<longrightarrow>\<^sub>1 s')" 
  97.121  using a
  97.122  by (cases rule: One.strong_cases)
  97.123     (auto dest: One_Lam simp add: lam.inject abs_fresh alpha fresh_prod)
  97.124 @@ -148,162 +148,162 @@
  97.125  section {* Transitive Closure of One *}
  97.126  
  97.127  inductive 
  97.128 -  "One_star" :: "lam\<Rightarrow>lam\<Rightarrow>bool" (" _ \<longrightarrow>\<^isub>1\<^sup>* _" [80,80] 80)
  97.129 +  "One_star" :: "lam\<Rightarrow>lam\<Rightarrow>bool" (" _ \<longrightarrow>\<^sub>1\<^sup>* _" [80,80] 80)
  97.130  where
  97.131 -  os1[intro]: "t \<longrightarrow>\<^isub>1\<^sup>* t"
  97.132 -| os2[intro]: "t \<longrightarrow>\<^isub>1 s \<Longrightarrow> t \<longrightarrow>\<^isub>1\<^sup>* s"
  97.133 -| os3[intro]: "\<lbrakk>t1\<longrightarrow>\<^isub>1\<^sup>* t2; t2 \<longrightarrow>\<^isub>1\<^sup>* t3\<rbrakk> \<Longrightarrow> t1 \<longrightarrow>\<^isub>1\<^sup>* t3"
  97.134 +  os1[intro]: "t \<longrightarrow>\<^sub>1\<^sup>* t"
  97.135 +| os2[intro]: "t \<longrightarrow>\<^sub>1 s \<Longrightarrow> t \<longrightarrow>\<^sub>1\<^sup>* s"
  97.136 +| os3[intro]: "\<lbrakk>t1\<longrightarrow>\<^sub>1\<^sup>* t2; t2 \<longrightarrow>\<^sub>1\<^sup>* t3\<rbrakk> \<Longrightarrow> t1 \<longrightarrow>\<^sub>1\<^sup>* t3"
  97.137  
  97.138  section {* Complete Development Reduction *}
  97.139  
  97.140  inductive 
  97.141 -  Dev :: "lam \<Rightarrow> lam \<Rightarrow> bool" (" _ \<longrightarrow>\<^isub>d _" [80,80]80)
  97.142 +  Dev :: "lam \<Rightarrow> lam \<Rightarrow> bool" (" _ \<longrightarrow>\<^sub>d _" [80,80]80)
  97.143  where
  97.144 -  d1[intro]: "Var x \<longrightarrow>\<^isub>d Var x"
  97.145 -| d2[intro]: "t \<longrightarrow>\<^isub>d s \<Longrightarrow> Lam [x].t \<longrightarrow>\<^isub>d Lam[x].s"
  97.146 -| d3[intro]: "\<lbrakk>\<not>(\<exists>y t'. t1 = Lam [y].t'); t1 \<longrightarrow>\<^isub>d t2; s1 \<longrightarrow>\<^isub>d s2\<rbrakk> \<Longrightarrow> App t1 s1 \<longrightarrow>\<^isub>d App t2 s2"
  97.147 -| d4[intro]: "\<lbrakk>x\<sharp>(s1,s2); t1 \<longrightarrow>\<^isub>d t2; s1 \<longrightarrow>\<^isub>d s2\<rbrakk> \<Longrightarrow> App (Lam [x].t1) s1 \<longrightarrow>\<^isub>d t2[x::=s2]"
  97.148 +  d1[intro]: "Var x \<longrightarrow>\<^sub>d Var x"
  97.149 +| d2[intro]: "t \<longrightarrow>\<^sub>d s \<Longrightarrow> Lam [x].t \<longrightarrow>\<^sub>d Lam[x].s"
  97.150 +| d3[intro]: "\<lbrakk>\<not>(\<exists>y t'. t1 = Lam [y].t'); t1 \<longrightarrow>\<^sub>d t2; s1 \<longrightarrow>\<^sub>d s2\<rbrakk> \<Longrightarrow> App t1 s1 \<longrightarrow>\<^sub>d App t2 s2"
  97.151 +| d4[intro]: "\<lbrakk>x\<sharp>(s1,s2); t1 \<longrightarrow>\<^sub>d t2; s1 \<longrightarrow>\<^sub>d s2\<rbrakk> \<Longrightarrow> App (Lam [x].t1) s1 \<longrightarrow>\<^sub>d t2[x::=s2]"
  97.152  
  97.153  equivariance Dev
  97.154  nominal_inductive Dev 
  97.155    by (simp_all add: abs_fresh fresh_fact)
  97.156  
  97.157  lemma better_d4_intro:
  97.158 -  assumes a: "t1 \<longrightarrow>\<^isub>d t2" "s1 \<longrightarrow>\<^isub>d s2"
  97.159 -  shows "App (Lam [x].t1) s1 \<longrightarrow>\<^isub>d t2[x::=s2]"
  97.160 +  assumes a: "t1 \<longrightarrow>\<^sub>d t2" "s1 \<longrightarrow>\<^sub>d s2"
  97.161 +  shows "App (Lam [x].t1) s1 \<longrightarrow>\<^sub>d t2[x::=s2]"
  97.162  proof -
  97.163    obtain y::"name" where fs: "y\<sharp>(x,t1,s1,t2,s2)" by (rule exists_fresh, rule fin_supp,blast)
  97.164    have "App (Lam [x].t1) s1 = App (Lam [y].([(y,x)]\<bullet>t1)) s1" using fs
  97.165      by (auto simp add: lam.inject alpha' fresh_prod fresh_atm)
  97.166 -  also have "\<dots> \<longrightarrow>\<^isub>d  ([(y,x)]\<bullet>t2)[y::=s2]" using fs a by (auto simp add: Dev.eqvt)
  97.167 +  also have "\<dots> \<longrightarrow>\<^sub>d  ([(y,x)]\<bullet>t2)[y::=s2]" using fs a by (auto simp add: Dev.eqvt)
  97.168    also have "\<dots> = t2[x::=s2]" using fs by (simp add: subst_rename[symmetric])
  97.169 -  finally show "App (Lam [x].t1) s1 \<longrightarrow>\<^isub>d t2[x::=s2]" by simp
  97.170 +  finally show "App (Lam [x].t1) s1 \<longrightarrow>\<^sub>d t2[x::=s2]" by simp
  97.171  qed
  97.172  
  97.173  lemma Dev_preserves_fresh:
  97.174    fixes x::"name"
  97.175 -  assumes a: "M\<longrightarrow>\<^isub>d N"  
  97.176 +  assumes a: "M\<longrightarrow>\<^sub>d N"  
  97.177    shows "x\<sharp>M \<Longrightarrow> x\<sharp>N"
  97.178  using a
  97.179  by (induct) (auto simp add: abs_fresh fresh_fact)
  97.180  
  97.181  lemma Dev_Lam:
  97.182 -  assumes a: "Lam [x].M \<longrightarrow>\<^isub>d N" 
  97.183 -  shows "\<exists>N'. N = Lam [x].N' \<and> M \<longrightarrow>\<^isub>d N'"
  97.184 +  assumes a: "Lam [x].M \<longrightarrow>\<^sub>d N" 
  97.185 +  shows "\<exists>N'. N = Lam [x].N' \<and> M \<longrightarrow>\<^sub>d N'"
  97.186  proof -
  97.187    from a have "x\<sharp>Lam [x].M" by (simp add: abs_fresh)
  97.188    with a have "x\<sharp>N" by (simp add: Dev_preserves_fresh)
  97.189 -  with a show "\<exists>N'. N = Lam [x].N' \<and> M \<longrightarrow>\<^isub>d N'"
  97.190 +  with a show "\<exists>N'. N = Lam [x].N' \<and> M \<longrightarrow>\<^sub>d N'"
  97.191      by (cases rule: Dev.strong_cases)
  97.192         (auto simp add: lam.inject abs_fresh alpha)
  97.193  qed
  97.194  
  97.195  lemma Development_existence:
  97.196 -  shows "\<exists>M'. M \<longrightarrow>\<^isub>d M'"
  97.197 +  shows "\<exists>M'. M \<longrightarrow>\<^sub>d M'"
  97.198  by (nominal_induct M rule: lam.strong_induct)
  97.199     (auto dest!: Dev_Lam intro: better_d4_intro)
  97.200  
  97.201  lemma Triangle:
  97.202 -  assumes a: "t \<longrightarrow>\<^isub>d t1" "t \<longrightarrow>\<^isub>1 t2"
  97.203 -  shows "t2 \<longrightarrow>\<^isub>1 t1"
  97.204 +  assumes a: "t \<longrightarrow>\<^sub>d t1" "t \<longrightarrow>\<^sub>1 t2"
  97.205 +  shows "t2 \<longrightarrow>\<^sub>1 t1"
  97.206  using a 
  97.207  proof(nominal_induct avoiding: t2 rule: Dev.strong_induct)
  97.208    case (d4 x s1 s2 t1 t1' t2) 
  97.209    have  fc: "x\<sharp>t2" "x\<sharp>s1" by fact+ 
  97.210 -  have "App (Lam [x].t1) s1 \<longrightarrow>\<^isub>1 t2" by fact
  97.211 +  have "App (Lam [x].t1) s1 \<longrightarrow>\<^sub>1 t2" by fact
  97.212    then obtain t' s' where reds: 
  97.213 -             "(t2 = App (Lam [x].t') s' \<and> t1 \<longrightarrow>\<^isub>1 t' \<and> s1 \<longrightarrow>\<^isub>1 s') \<or> 
  97.214 -              (t2 = t'[x::=s'] \<and> t1 \<longrightarrow>\<^isub>1 t' \<and> s1 \<longrightarrow>\<^isub>1 s')"
  97.215 +             "(t2 = App (Lam [x].t') s' \<and> t1 \<longrightarrow>\<^sub>1 t' \<and> s1 \<longrightarrow>\<^sub>1 s') \<or> 
  97.216 +              (t2 = t'[x::=s'] \<and> t1 \<longrightarrow>\<^sub>1 t' \<and> s1 \<longrightarrow>\<^sub>1 s')"
  97.217    using fc by (auto dest!: One_Redex)
  97.218 -  have ih1: "t1 \<longrightarrow>\<^isub>1 t' \<Longrightarrow>  t' \<longrightarrow>\<^isub>1 t1'" by fact
  97.219 -  have ih2: "s1 \<longrightarrow>\<^isub>1 s' \<Longrightarrow>  s' \<longrightarrow>\<^isub>1 s2" by fact
  97.220 -  { assume "t1 \<longrightarrow>\<^isub>1 t'" "s1 \<longrightarrow>\<^isub>1 s'"
  97.221 -    then have "App (Lam [x].t') s' \<longrightarrow>\<^isub>1 t1'[x::=s2]" 
  97.222 +  have ih1: "t1 \<longrightarrow>\<^sub>1 t' \<Longrightarrow>  t' \<longrightarrow>\<^sub>1 t1'" by fact
  97.223 +  have ih2: "s1 \<longrightarrow>\<^sub>1 s' \<Longrightarrow>  s' \<longrightarrow>\<^sub>1 s2" by fact
  97.224 +  { assume "t1 \<longrightarrow>\<^sub>1 t'" "s1 \<longrightarrow>\<^sub>1 s'"
  97.225 +    then have "App (Lam [x].t') s' \<longrightarrow>\<^sub>1 t1'[x::=s2]" 
  97.226        using ih1 ih2 by (auto intro: better_o4_intro)
  97.227    }
  97.228    moreover
  97.229 -  { assume "t1 \<longrightarrow>\<^isub>1 t'" "s1 \<longrightarrow>\<^isub>1 s'"
  97.230 -    then have "t'[x::=s'] \<longrightarrow>\<^isub>1 t1'[x::=s2]" 
  97.231 +  { assume "t1 \<longrightarrow>\<^sub>1 t'" "s1 \<longrightarrow>\<^sub>1 s'"
  97.232 +    then have "t'[x::=s'] \<longrightarrow>\<^sub>1 t1'[x::=s2]" 
  97.233        using ih1 ih2 by (auto intro: One_subst)
  97.234    }
  97.235 -  ultimately show "t2 \<longrightarrow>\<^isub>1 t1'[x::=s2]" using reds by auto 
  97.236 +  ultimately show "t2 \<longrightarrow>\<^sub>1 t1'[x::=s2]" using reds by auto 
  97.237  qed (auto dest!: One_Lam One_Var One_App)
  97.238  
  97.239  lemma Diamond_for_One:
  97.240 -  assumes a: "t \<longrightarrow>\<^isub>1 t1" "t \<longrightarrow>\<^isub>1 t2"
  97.241 -  shows "\<exists>t3. t2 \<longrightarrow>\<^isub>1 t3 \<and> t1 \<longrightarrow>\<^isub>1 t3"
  97.242 +  assumes a: "t \<longrightarrow>\<^sub>1 t1" "t \<longrightarrow>\<^sub>1 t2"
  97.243 +  shows "\<exists>t3. t2 \<longrightarrow>\<^sub>1 t3 \<and> t1 \<longrightarrow>\<^sub>1 t3"
  97.244  proof -
  97.245 -  obtain tc where "t \<longrightarrow>\<^isub>d tc" using Development_existence by blast
  97.246 -  with a have "t2 \<longrightarrow>\<^isub>1 tc" and "t1 \<longrightarrow>\<^isub>1 tc" by (simp_all add: Triangle)
  97.247 -  then show "\<exists>t3. t2 \<longrightarrow>\<^isub>1 t3 \<and> t1 \<longrightarrow>\<^isub>1 t3" by blast
  97.248 +  obtain tc where "t \<longrightarrow>\<^sub>d tc" using Development_existence by blast
  97.249 +  with a have "t2 \<longrightarrow>\<^sub>1 tc" and "t1 \<longrightarrow>\<^sub>1 tc" by (simp_all add: Triangle)
  97.250 +  then show "\<exists>t3. t2 \<longrightarrow>\<^sub>1 t3 \<and> t1 \<longrightarrow>\<^sub>1 t3" by blast
  97.251  qed
  97.252  
  97.253  lemma Rectangle_for_One:
  97.254 -  assumes a:  "t \<longrightarrow>\<^isub>1\<^sup>* t1" "t \<longrightarrow>\<^isub>1 t2" 
  97.255 -  shows "\<exists>t3. t1 \<longrightarrow>\<^isub>1 t3 \<and> t2 \<longrightarrow>\<^isub>1\<^sup>* t3"
  97.256 +  assumes a:  "t \<longrightarrow>\<^sub>1\<^sup>* t1" "t \<longrightarrow>\<^sub>1 t2" 
  97.257 +  shows "\<exists>t3. t1 \<longrightarrow>\<^sub>1 t3 \<and> t2 \<longrightarrow>\<^sub>1\<^sup>* t3"
  97.258  using a Diamond_for_One by (induct arbitrary: t2) (blast)+
  97.259  
  97.260  lemma CR_for_One_star: 
  97.261 -  assumes a: "t \<longrightarrow>\<^isub>1\<^sup>* t1" "t \<longrightarrow>\<^isub>1\<^sup>* t2"
  97.262 -    shows "\<exists>t3. t2 \<longrightarrow>\<^isub>1\<^sup>* t3 \<and> t1 \<longrightarrow>\<^isub>1\<^sup>* t3"
  97.263 +  assumes a: "t \<longrightarrow>\<^sub>1\<^sup>* t1" "t \<longrightarrow>\<^sub>1\<^sup>* t2"
  97.264 +    shows "\<exists>t3. t2 \<longrightarrow>\<^sub>1\<^sup>* t3 \<and> t1 \<longrightarrow>\<^sub>1\<^sup>* t3"
  97.265  using a Rectangle_for_One by (induct arbitrary: t2) (blast)+
  97.266  
  97.267  section {* Establishing the Equivalence of Beta-star and One-star *}
  97.268  
  97.269  lemma Beta_Lam_cong: 
  97.270 -  assumes a: "t1 \<longrightarrow>\<^isub>\<beta>\<^sup>* t2" 
  97.271 -  shows "Lam [x].t1 \<longrightarrow>\<^isub>\<beta>\<^sup>* Lam [x].t2"
  97.272 +  assumes a: "t1 \<longrightarrow>\<^sub>\<beta>\<^sup>* t2" 
  97.273 +  shows "Lam [x].t1 \<longrightarrow>\<^sub>\<beta>\<^sup>* Lam [x].t2"
  97.274  using a by (induct) (blast)+
  97.275  
  97.276  lemma Beta_App_cong_aux: 
  97.277 -  assumes a: "t1 \<longrightarrow>\<^isub>\<beta>\<^sup>* t2" 
  97.278 -  shows "App t1 s\<longrightarrow>\<^isub>\<beta>\<^sup>* App t2 s"
  97.279 -    and "App s t1 \<longrightarrow>\<^isub>\<beta>\<^sup>* App s t2"
  97.280 +  assumes a: "t1 \<longrightarrow>\<^sub>\<beta>\<^sup>* t2" 
  97.281 +  shows "App t1 s\<longrightarrow>\<^sub>\<beta>\<^sup>* App t2 s"
  97.282 +    and "App s t1 \<longrightarrow>\<^sub>\<beta>\<^sup>* App s t2"
  97.283  using a by (induct) (blast)+
  97.284  
  97.285  lemma Beta_App_cong: 
  97.286 -  assumes a: "t1 \<longrightarrow>\<^isub>\<beta>\<^sup>* t2" "s1 \<longrightarrow>\<^isub>\<beta>\<^sup>* s2" 
  97.287 -  shows "App t1 s1 \<longrightarrow>\<^isub>\<beta>\<^sup>* App t2 s2"
  97.288 +  assumes a: "t1 \<longrightarrow>\<^sub>\<beta>\<^sup>* t2" "s1 \<longrightarrow>\<^sub>\<beta>\<^sup>* s2" 
  97.289 +  shows "App t1 s1 \<longrightarrow>\<^sub>\<beta>\<^sup>* App t2 s2"
  97.290  using a by (blast intro: Beta_App_cong_aux)
  97.291  
  97.292  lemmas Beta_congs = Beta_Lam_cong Beta_App_cong
  97.293  
  97.294  lemma One_implies_Beta_star: 
  97.295 -  assumes a: "t \<longrightarrow>\<^isub>1 s"
  97.296 -  shows "t \<longrightarrow>\<^isub>\<beta>\<^sup>* s"
  97.297 +  assumes a: "t \<longrightarrow>\<^sub>1 s"
  97.298 +  shows "t \<longrightarrow>\<^sub>\<beta>\<^sup>* s"
  97.299  using a by (induct) (auto intro!: Beta_congs)
  97.300  
  97.301  lemma One_congs: 
  97.302 -  assumes a: "t1 \<longrightarrow>\<^isub>1\<^sup>* t2" 
  97.303 -  shows "Lam [x].t1 \<longrightarrow>\<^isub>1\<^sup>* Lam [x].t2"
  97.304 -  and   "App t1 s \<longrightarrow>\<^isub>1\<^sup>* App t2 s"
  97.305 -  and   "App s t1 \<longrightarrow>\<^isub>1\<^sup>* App s t2"
  97.306 +  assumes a: "t1 \<longrightarrow>\<^sub>1\<^sup>* t2" 
  97.307 +  shows "Lam [x].t1 \<longrightarrow>\<^sub>1\<^sup>* Lam [x].t2"
  97.308 +  and   "App t1 s \<longrightarrow>\<^sub>1\<^sup>* App t2 s"
  97.309 +  and   "App s t1 \<longrightarrow>\<^sub>1\<^sup>* App s t2"
  97.310  using a by