NEWS

support for YXML notation -- XML done right;

Isabelle NEWS -- history user-relevant changes
==============================================

New in this Isabelle version
----------------------------

*** General ***

* Syntax: symbol \<chi> is now considered a letter.  Potential
INCOMPATIBILITY in identifier syntax etc.

* Outer syntax: string tokens may contain arbitrary character codes
specified via 3 decimal digits (as in SML).  E.g. "foo\095bar" for
"foo_bar".

* Outer syntax: string tokens no longer admit escaped white space,
which was an accidental (undocumented) feature.  INCOMPATIBILITY, use
white space directly.

* Theory loader: use_thy (and similar operations) no longer set the
implicit ML context, which was occasionally hard to predict and in
conflict with concurrency.  INCOMPATIBILITY, use ML within Isar which
provides a proper context already.

* Theory loader: old-style ML proof scripts being *attached* to a thy
file are no longer supported.  INCOMPATIBILITY, regular 'uses' and
'use' within a theory file will do the job.


*** Pure ***

* Eliminated destructive theorem database, simpset, claset, and
clasimpset.  Potential INCOMPATIBILITY, really need to observe linear
update of theories within ML code.

* Commands 'use' and 'ML' are now purely functional, operating on
theory/local_theory.  Removed former 'ML_setup' (on theory), use 'ML'
instead.  Added 'ML_val' as mere diagnostic replacement for 'ML'.
INCOMPATIBILITY.

* Eliminated theory ProtoPure.  Potential INCOMPATIBILITY.

* Command 'setup': discontinued implicit version.

* Instantiation target allows for simultaneous specification of class
instance operations together with an instantiation proof.
Type-checking phase allows to refer to class operations uniformly.
See HOL/Complex/Complex.thy for an Isar example and
HOL/Library/Eval.thy for an ML example.

* Indexing of literal facts: be more serious about including only
facts from the visible specification/proof context, but not the
background context (locale etc.).  Affects `prop` notation and method
"fact".  INCOMPATIBILITY: need to name facts explicitly in rare
situations.


*** HOL ***

* Explicit class "eq" for executable equality.  INCOMPATIBILITY.

* Class finite no longer treats UNIV as class parameter.  Use class enum from
theory Library/Enum instead to achieve a similar effect.  INCOMPATIBILITY.

* Theory List: rule list_induct2 now has explicitly named cases "Nil" and "Cons".
INCOMPATIBILITY.

* HOL (and FOL): renamed variables in rules imp_elim and swap.
Potential INCOMPATIBILITY.

* Theory Product_Type: duplicated lemmas split_Pair_apply and injective_fst_snd
removed, use split_eta and prod_eqI instead.  Renamed upd_fst to apfst and upd_snd
to apsnd.  INCOMPATIBILITY.

* Theory Nat: removed redundant lemmas that merely duplicate lemmas of
the same name in theory Orderings:

  less_trans
  less_linear
  le_imp_less_or_eq
  le_less_trans
  less_le_trans
  less_not_sym
  less_asym

Renamed less_imp_le to less_imp_le_nat, and less_irrefl to
less_irrefl_nat.  Potential INCOMPATIBILITY due to more general types
and different variable names.

* Library/Option_ord.thy: Canonical order on option type.

* Library/RBT.thy: New theory of red-black trees, an efficient
implementation of finite maps.

* Library/Countable.thy: Type class for countable types.

* Theory Int: The representation of numerals has changed.  The infix
operator BIT and the bit datatype with constructors B0 and B1 have
disappeared.  INCOMPATIBILITY, use "Int.Bit0 x" and "Int.Bit1 y" in
place of "x BIT bit.B0" and "y BIT bit.B1", respectively.  Theorems
involving BIT, B0, or B1 have been renamed with "Bit0" or "Bit1"
accordingly.

* Theory Nat: definition of <= and < on natural numbers no longer
depend on well-founded relations.  INCOMPATIBILITY.  Definitions
le_def and less_def have disappeared.  Consider lemmas not_less
[symmetric, where ?'a = nat] and less_eq [symmetric] instead.

* Theory Finite_Set: locales ACf, ACe, ACIf, ACIfSL and ACIfSLlin
(whose purpose mainly is for various fold_set functionals) have been
abandoned in favour of the existing algebraic classes
ab_semigroup_mult, comm_monoid_mult, ab_semigroup_idem_mult,
lower_semilattice (resp. upper_semilattice) and linorder.
INCOMPATIBILITY.

* Theory Transitive_Closure: induct and cases rules now declare proper
case_names ("base" and "step").  INCOMPATIBILITY.

* Theorem Inductive.lfp_ordinal_induct generalized to complete
lattices.  The form set-specific version is available as
Inductive.lfp_ordinal_induct_set.

* Theorems "power.simps" renamed to "power_int.simps".

* Class semiring_div provides basic abstract properties of semirings
with division and modulo operations.  Subsumes former class dvd_mod.

* Merged theories IntDef, Numeral and IntArith into unified theory
Int.  INCOMPATIBILITY.

* Theory Library/Code_Index: type "index" now represents natural
numbers rather than integers.  INCOMPATIBILITY.

* New class "uminus" with operation "uminus" (split of from class
"minus" which now only has operation "minus", binary).
INCOMPATIBILITY.

* New primrec package.  Specification syntax conforms in style to
definition/function/....  No separate induction rule is provided.  The
"primrec" command distinguishes old-style and new-style specifications
by syntax.  The former primrec package is now named OldPrimrecPackage.
When adjusting theories, beware: constants stemming from new-style
primrec specifications have authentic syntax.

* Library/Multiset: {#a, b, c#} abbreviates {#a#} + {#b#} + {#c#}.

* Library/ListVector: new theory of arithmetic vector operations.

* Library/Order_Relation: new theory of various orderings as sets of pairs.
  Defines preorders, partial orders, linear orders and well-orders
  on sets and on types.

* Constants "card", "internal_split", "option_map" now with authentic
syntax.  INCOMPATIBILITY.

* Definitions subset_def, psubset_def, set_diff_def, Compl_def,
le_bool_def, less_bool_def, le_fun_def, less_fun_def, inf_bool_def,
sup_bool_def, Inf_bool_def, Sup_bool_def, inf_fun_def, sup_fun_def,
Inf_fun_def, Sup_fun_def, inf_set_def, sup_set_def, Inf_set_def,
Sup_set_def, le_def, less_def, option_map_def now with object
equality.  INCOMPATIBILITY.

* Method "induction_scheme" derives user-specified induction rules
from wellfounded induction and completeness of patterns. This factors
out some operations that are done internally by the function package
and makes them available separately. See "HOL/ex/Induction_Scheme.thy"
for examples,

* Records. Removed K_record, and replaced it by pure lambda term
%x. c. The simplifier setup is now more robust against eta expansion.
INCOMPATIBILITY: in cases explicitly referring to K_record.

* Metis prover is now an order of magnitude faster, and also works
with multithreading.

* Metis: the maximum number of clauses that can be produced from a theorem is now given by the attribute max_clauses. Theorems that exceed this number are ignored, with a warning printed.

* Sledgehammer no longer produces structured proofs by default. To enable, 
declare [[sledgehammer_full = true]]. Attributes reconstruction_modulus,  
reconstruction_sorts renamed sledgehammer_modulus, sledgehammer_sorts. 
INCOMPATIBILITY.

*** ZF ***

* Renamed theories:

  Datatype.thy  -> Datatype_ZF.thy
  Inductive.thy -> Inductive_ZF.thy
  Int.thy       -> Int_ZF.thy
  IntDiv.thy    -> IntDiv_ZF.thy
  Nat.thy       -> Nat_ZF.thy
  List.thy      -> List_ZF.thy
  Main.thy      -> Main_ZF.thy

 This is to allow to load both ZF and HOL in the same session.

 INCOMPATIBILITY: ZF theories that import individual theories below
 Main might need to be adapted. For compatibility, a new 
 "theory Main imports Main_ZF begin end" is provided, so if you just
 imported "Main", no changes are needed.


*** ML ***

* Functor NamedThmsFun: data is available to the user as dynamic fact
(of the same name).

* Removed obsolete "use_legacy_bindings" function.  INCOMPATIBILITY.

* ML within Isar: antiquotation @{const name} or @{const
name(typargs)} produces statically-checked Const term.

* The ``print mode'' is now a thread-local value derived from a global
template (the former print_mode reference), thus access becomes
non-critical.  The global print_mode reference is for session
management only; user-code should use print_mode_value,
print_mode_active, PrintMode.setmp etc.  INCOMPATIBILITY.

* system/system_out provides a robust way to invoke external shell
commands, with propagation of interrupts (after Poly/ML 5.2).  Do not
use OS.Process.system etc. directly.


*** System ***

* YXML notation provides a simple and efficient alternative to
standard XML transfer syntax.  See src/Pure/General/yxml.ML and
isatool yxml as described in the Isabelle system manual.

* Removed obsolete THIS_IS_ISABELLE_BUILD feature.  NB: the documented
way of changing the user's settings is via
ISABELLE_HOME_USER/etc/settings, which is a fully featured bash
script.

* Default settings: PROOFGENERAL_OPTIONS no longer impose xemacs ---
in accordance with Proof General 3.7, which prefers GNU emacs.

* Multithreading.max_threads := 0 refers to the number of actual CPU
cores of the underlying machine, which is a good starting point for
optimal performance tuning.  The corresponding usedir option -M allows
"max" as an alias for "0".  WARNING: does not work on certain versions
of Mac OS (with Poly/ML 5.1).

* isatool tty runs Isabelle process with plain tty interaction;
optional line editor may be specified via ISABELLE_LINE_EDITOR
setting, the default settings attempt to locate "ledit" and "rlwrap".

* isatool browser now works with Cygwin as well, using general
"javapath" function defined in Isabelle process environment.

* isabelle-process: non-ML sessions are run with "nice", to prevent
Isabelle from flooding interactive front-ends (notably ProofGeneral /
XEmacs).

* JVM class isabelle.IsabelleProcess (located in Isabelle/lib/classes)
provides general wrapper for managing an Isabelle process in a robust
fashion, with ``cooked'' output from stdin/stderr.

* Rudimentary Isabelle plugin for jEdit (see Isabelle/lib/jedit),
based on Isabelle/JVM process wrapper (see Isabelle/lib/classes).



New in Isabelle2007 (November 2007)
-----------------------------------

*** General ***

* More uniform information about legacy features, notably a
warning/error of "Legacy feature: ...", depending on the state of the
tolerate_legacy_features flag (default true). FUTURE INCOMPATIBILITY:
legacy features will disappear eventually.

* Theory syntax: the header format ``theory A = B + C:'' has been
discontinued in favour of ``theory A imports B C begin''.  Use isatool
fixheaders to convert existing theory files.  INCOMPATIBILITY.

* Theory syntax: the old non-Isar theory file format has been
discontinued altogether.  Note that ML proof scripts may still be used
with Isar theories; migration is usually quite simple with the ML
function use_legacy_bindings.  INCOMPATIBILITY.

* Theory syntax: some popular names (e.g. 'class', 'declaration',
'fun', 'help', 'if') are now keywords.  INCOMPATIBILITY, use double
quotes.

* Theory loader: be more serious about observing the static theory
header specifications (including optional directories), but not the
accidental file locations of previously successful loads.  The strict
update policy of former update_thy is now already performed by
use_thy, so the former has been removed; use_thys updates several
theories simultaneously, just as 'imports' within a theory header
specification, but without merging the results.  Potential
INCOMPATIBILITY: may need to refine theory headers and commands
ROOT.ML which depend on load order.

* Theory loader: optional support for content-based file
identification, instead of the traditional scheme of full physical
path plus date stamp; configured by the ISABELLE_FILE_IDENT setting
(cf. the system manual).  The new scheme allows to work with
non-finished theories in persistent session images, such that source
files may be moved later on without requiring reloads.

* Theory loader: old-style ML proof scripts being *attached* to a thy
file (with the same base name as the theory) are considered a legacy
feature, which will disappear eventually. Even now, the theory loader
no longer maintains dependencies on such files.

* Syntax: the scope for resolving ambiguities via type-inference is
now limited to individual terms, instead of whole simultaneous
specifications as before. This greatly reduces the complexity of the
syntax module and improves flexibility by separating parsing and
type-checking. INCOMPATIBILITY: additional type-constraints (explicit
'fixes' etc.) are required in rare situations.

* Syntax: constants introduced by new-style packages ('definition',
'abbreviation' etc.) are passed through the syntax module in
``authentic mode''. This means that associated mixfix annotations
really stick to such constants, independently of potential name space
ambiguities introduced later on. INCOMPATIBILITY: constants in parse
trees are represented slightly differently, may need to adapt syntax
translations accordingly. Use CONST marker in 'translations' and
@{const_syntax} antiquotation in 'parse_translation' etc.

* Legacy goal package: reduced interface to the bare minimum required
to keep existing proof scripts running.  Most other user-level
functions are now part of the OldGoals structure, which is *not* open
by default (consider isatool expandshort before open OldGoals).
Removed top_sg, prin, printyp, pprint_term/typ altogether, because
these tend to cause confusion about the actual goal (!) context being
used here, which is not necessarily the same as the_context().

* Command 'find_theorems': supports "*" wild-card in "name:"
criterion; "with_dups" option.  Certain ProofGeneral versions might
support a specific search form (see ProofGeneral/CHANGES).

* The ``prems limit'' option (cf. ProofContext.prems_limit) is now -1
by default, which means that "prems" (and also "fixed variables") are
suppressed from proof state output.  Note that the ProofGeneral
settings mechanism allows to change and save options persistently, but
older versions of Isabelle will fail to start up if a negative prems
limit is imposed.

* Local theory targets may be specified by non-nested blocks of
``context/locale/class ... begin'' followed by ``end''.  The body may
contain definitions, theorems etc., including any derived mechanism
that has been implemented on top of these primitives.  This concept
generalizes the existing ``theorem (in ...)'' towards more versatility
and scalability.

* Proof General interface: proper undo of final 'end' command;
discontinued Isabelle/classic mode (ML proof scripts).


*** Document preparation ***

* Added antiquotation @{theory name} which prints the given name,
after checking that it refers to a valid ancestor theory in the
current context.

* Added antiquotations @{ML_type text} and @{ML_struct text} which
check the given source text as ML type/structure, printing verbatim.

* Added antiquotation @{abbrev "c args"} which prints the abbreviation
"c args == rhs" given in the current context.  (Any number of
arguments may be given on the LHS.)


*** Pure ***

* The 'class' package offers a combination of axclass and locale to
achieve Haskell-like type classes in Isabelle.  Definitions and
theorems within a class context produce both relative results (with
implicit parameters according to the locale context), and polymorphic
constants with qualified polymorphism (according to the class
context).  Within the body context of a 'class' target, a separate
syntax layer ("user space type system") takes care of converting
between global polymorphic consts and internal locale representation.
See src/HOL/ex/Classpackage.thy for examples (as well as main HOL).
"isatool doc classes" provides a tutorial.

* Generic code generator framework allows to generate executable
code for ML and Haskell (including Isabelle classes).  A short usage
sketch:

    internal compilation:
        export_code <list of constants (term syntax)> in SML
    writing SML code to a file:
        export_code <list of constants (term syntax)> in SML <filename>
    writing OCaml code to a file:
        export_code <list of constants (term syntax)> in OCaml <filename>
    writing Haskell code to a bunch of files:
        export_code <list of constants (term syntax)> in Haskell <filename>

    evaluating closed propositions to True/False using code generation:
        method ``eval''

Reasonable default setup of framework in HOL.

Theorem attributs for selecting and transforming function equations theorems:

    [code fun]:        select a theorem as function equation for a specific constant
    [code fun del]:    deselect a theorem as function equation for a specific constant
    [code inline]:     select an equation theorem for unfolding (inlining) in place
    [code inline del]: deselect an equation theorem for unfolding (inlining) in place

User-defined serializations (target in {SML, OCaml, Haskell}):

    code_const <and-list of constants (term syntax)>
      {(target) <and-list of const target syntax>}+

    code_type <and-list of type constructors>
      {(target) <and-list of type target syntax>}+

    code_instance <and-list of instances>
      {(target)}+
        where instance ::= <type constructor> :: <class>

    code_class <and_list of classes>
      {(target) <and-list of class target syntax>}+
        where class target syntax ::= <class name> {where {<classop> == <target syntax>}+}?

code_instance and code_class only are effective to target Haskell.

For example usage see src/HOL/ex/Codegenerator.thy and
src/HOL/ex/Codegenerator_Pretty.thy.  A separate tutorial on code
generation from Isabelle/HOL theories is available via "isatool doc
codegen".

* Code generator: consts in 'consts_code' Isar commands are now
referred to by usual term syntax (including optional type
annotations).

* Command 'no_translations' removes translation rules from theory
syntax.

* Overloaded definitions are now actually checked for acyclic
dependencies.  The overloading scheme is slightly more general than
that of Haskell98, although Isabelle does not demand an exact
correspondence to type class and instance declarations.
INCOMPATIBILITY, use ``defs (unchecked overloaded)'' to admit more
exotic versions of overloading -- at the discretion of the user!

Polymorphic constants are represented via type arguments, i.e. the
instantiation that matches an instance against the most general
declaration given in the signature.  For example, with the declaration
c :: 'a => 'a => 'a, an instance c :: nat => nat => nat is represented
as c(nat).  Overloading is essentially simultaneous structural
recursion over such type arguments.  Incomplete specification patterns
impose global constraints on all occurrences, e.g. c('a * 'a) on the
LHS means that more general c('a * 'b) will be disallowed on any RHS.
Command 'print_theory' outputs the normalized system of recursive
equations, see section "definitions".

* Configuration options are maintained within the theory or proof
context (with name and type bool/int/string), providing a very simple
interface to a poor-man's version of general context data.  Tools may
declare options in ML (e.g. using Attrib.config_int) and then refer to
these values using Config.get etc.  Users may change options via an
associated attribute of the same name.  This form of context
declaration works particularly well with commands 'declare' or
'using', for example ``declare [[foo = 42]]''.  Thus it has become
very easy to avoid global references, which would not observe Isar
toplevel undo/redo and fail to work with multithreading.

Various global ML references of Pure and HOL have been turned into
configuration options:

  Unify.search_bound		unify_search_bound
  Unify.trace_bound		unify_trace_bound
  Unify.trace_simp		unify_trace_simp
  Unify.trace_types		unify_trace_types
  Simplifier.simp_depth_limit	simp_depth_limit
  Blast.depth_limit		blast_depth_limit
  DatatypeProp.dtK		datatype_distinctness_limit
  fast_arith_neq_limit  	fast_arith_neq_limit
  fast_arith_split_limit	fast_arith_split_limit

* Named collections of theorems may be easily installed as context
data using the functor NamedThmsFun (see also
src/Pure/Tools/named_thms.ML).  The user may add or delete facts via
attributes; there is also a toplevel print command.  This facility is
just a common case of general context data, which is the preferred way
for anything more complex than just a list of facts in canonical
order.

* Isar: command 'declaration' augments a local theory by generic
declaration functions written in ML.  This enables arbitrary content
being added to the context, depending on a morphism that tells the
difference of the original declaration context wrt. the application
context encountered later on.

* Isar: proper interfaces for simplification procedures.  Command
'simproc_setup' declares named simprocs (with match patterns, and body
text in ML).  Attribute "simproc" adds/deletes simprocs in the current
context.  ML antiquotation @{simproc name} retrieves named simprocs.

* Isar: an extra pair of brackets around attribute declarations
abbreviates a theorem reference involving an internal dummy fact,
which will be ignored later --- only the effect of the attribute on
the background context will persist.  This form of in-place
declarations is particularly useful with commands like 'declare' and
'using', for example ``have A using [[simproc a]] by simp''.

* Isar: method "assumption" (and implicit closing of subproofs) now
takes simple non-atomic goal assumptions into account: after applying
an assumption as a rule the resulting subgoals are solved by atomic
assumption steps.  This is particularly useful to finish 'obtain'
goals, such as "!!x. (!!x. P x ==> thesis) ==> P x ==> thesis",
without referring to the original premise "!!x. P x ==> thesis" in the
Isar proof context.  POTENTIAL INCOMPATIBILITY: method "assumption" is
more permissive.

* Isar: implicit use of prems from the Isar proof context is
considered a legacy feature.  Common applications like ``have A .''
may be replaced by ``have A by fact'' or ``note `A`''.  In general,
referencing facts explicitly here improves readability and
maintainability of proof texts.

* Isar: improper proof element 'guess' is like 'obtain', but derives
the obtained context from the course of reasoning!  For example:

  assume "EX x y. A x & B y"   -- "any previous fact"
  then guess x and y by clarify

This technique is potentially adventurous, depending on the facts and
proof tools being involved here.

* Isar: known facts from the proof context may be specified as literal
propositions, using ASCII back-quote syntax.  This works wherever
named facts used to be allowed so far, in proof commands, proof
methods, attributes etc.  Literal facts are retrieved from the context
according to unification of type and term parameters.  For example,
provided that "A" and "A ==> B" and "!!x. P x ==> Q x" are known
theorems in the current context, then these are valid literal facts:
`A` and `A ==> B` and `!!x. P x ==> Q x" as well as `P a ==> Q a` etc.

There is also a proof method "fact" which does the same composition
for explicit goal states, e.g. the following proof texts coincide with
certain special cases of literal facts:

  have "A" by fact                 ==  note `A`
  have "A ==> B" by fact           ==  note `A ==> B`
  have "!!x. P x ==> Q x" by fact  ==  note `!!x. P x ==> Q x`
  have "P a ==> Q a" by fact       ==  note `P a ==> Q a`

* Isar: ":" (colon) is no longer a symbolic identifier character in
outer syntax.  Thus symbolic identifiers may be used without
additional white space in declarations like this: ``assume *: A''.

* Isar: 'print_facts' prints all local facts of the current context,
both named and unnamed ones.

* Isar: 'def' now admits simultaneous definitions, e.g.:

  def x == "t" and y == "u"

* Isar: added command 'unfolding', which is structurally similar to
'using', but affects both the goal state and facts by unfolding given
rewrite rules.  Thus many occurrences of the 'unfold' method or
'unfolded' attribute may be replaced by first-class proof text.

* Isar: methods 'unfold' / 'fold', attributes 'unfolded' / 'folded',
and command 'unfolding' now all support object-level equalities
(potentially conditional).  The underlying notion of rewrite rule is
analogous to the 'rule_format' attribute, but *not* that of the
Simplifier (which is usually more generous).

* Isar: the new attribute [rotated n] (default n = 1) rotates the
premises of a theorem by n. Useful in conjunction with drule.

* Isar: the goal restriction operator [N] (default N = 1) evaluates a
method expression within a sandbox consisting of the first N
sub-goals, which need to exist.  For example, ``simp_all [3]''
simplifies the first three sub-goals, while (rule foo, simp_all)[]
simplifies all new goals that emerge from applying rule foo to the
originally first one.

* Isar: schematic goals are no longer restricted to higher-order
patterns; e.g. ``lemma "?P(?x)" by (rule TrueI)'' now works as
expected.

* Isar: the conclusion of a long theorem statement is now either
'shows' (a simultaneous conjunction, as before), or 'obtains'
(essentially a disjunction of cases with local parameters and
assumptions).  The latter allows to express general elimination rules
adequately; in this notation common elimination rules look like this:

  lemma exE:    -- "EX x. P x ==> (!!x. P x ==> thesis) ==> thesis"
    assumes "EX x. P x"
    obtains x where "P x"

  lemma conjE:  -- "A & B ==> (A ==> B ==> thesis) ==> thesis"
    assumes "A & B"
    obtains A and B

  lemma disjE:  -- "A | B ==> (A ==> thesis) ==> (B ==> thesis) ==> thesis"
    assumes "A | B"
    obtains
      A
    | B

The subsequent classical rules even refer to the formal "thesis"
explicitly:

  lemma classical:     -- "(~ thesis ==> thesis) ==> thesis"
    obtains "~ thesis"

  lemma Peirce's_Law:  -- "((thesis ==> something) ==> thesis) ==> thesis"
    obtains "thesis ==> something"

The actual proof of an 'obtains' statement is analogous to that of the
Isar proof element 'obtain', only that there may be several cases.
Optional case names may be specified in parentheses; these will be
available both in the present proof and as annotations in the
resulting rule, for later use with the 'cases' method (cf. attribute
case_names).

* Isar: the assumptions of a long theorem statement are available as
"assms" fact in the proof context.  This is more appropriate than the
(historical) "prems", which refers to all assumptions of the current
context, including those from the target locale, proof body etc.

* Isar: 'print_statement' prints theorems from the current theory or
proof context in long statement form, according to the syntax of a
top-level lemma.

* Isar: 'obtain' takes an optional case name for the local context
introduction rule (default "that").

* Isar: removed obsolete 'concl is' patterns.  INCOMPATIBILITY, use
explicit (is "_ ==> ?foo") in the rare cases where this still happens
to occur.

* Pure: syntax "CONST name" produces a fully internalized constant
according to the current context.  This is particularly useful for
syntax translations that should refer to internal constant
representations independently of name spaces.

* Pure: syntax constant for foo (binder "FOO ") is called "foo_binder"
instead of "FOO ". This allows multiple binder declarations to coexist
in the same context.  INCOMPATIBILITY.

* Isar/locales: 'notation' provides a robust interface to the 'syntax'
primitive that also works in a locale context (both for constants and
fixed variables). Type declaration and internal syntactic representation
of given constants retrieved from the context. Likewise, the
'no_notation' command allows to remove given syntax annotations from the
current context.

* Isar/locales: new derived specification elements 'axiomatization',
'definition', 'abbreviation', which support type-inference, admit
object-level specifications (equality, equivalence).  See also the
isar-ref manual.  Examples:

  axiomatization
    eq  (infix "===" 50) where
    eq_refl: "x === x" and eq_subst: "x === y ==> P x ==> P y"

  definition "f x y = x + y + 1"
  definition g where "g x = f x x"

  abbreviation
    neq  (infix "=!=" 50) where
    "x =!= y == ~ (x === y)"

These specifications may be also used in a locale context.  Then the
constants being introduced depend on certain fixed parameters, and the
constant name is qualified by the locale base name.  An internal
abbreviation takes care for convenient input and output, making the
parameters implicit and using the original short name.  See also
src/HOL/ex/Abstract_NAT.thy for an example of deriving polymorphic
entities from a monomorphic theory.

Presently, abbreviations are only available 'in' a target locale, but
not inherited by general import expressions.  Also note that
'abbreviation' may be used as a type-safe replacement for 'syntax' +
'translations' in common applications.  The "no_abbrevs" print mode
prevents folding of abbreviations in term output.

Concrete syntax is attached to specified constants in internal form,
independently of name spaces.  The parse tree representation is
slightly different -- use 'notation' instead of raw 'syntax', and
'translations' with explicit "CONST" markup to accommodate this.

* Pure/Isar: unified syntax for new-style specification mechanisms
(e.g.  'definition', 'abbreviation', or 'inductive' in HOL) admits
full type inference and dummy patterns ("_").  For example:

  definition "K x _ = x"

  inductive conj for A B
  where "A ==> B ==> conj A B"

* Pure: command 'print_abbrevs' prints all constant abbreviations of
the current context.  Print mode "no_abbrevs" prevents inversion of
abbreviations on output.

* Isar/locales: improved parameter handling: use of locales "var" and
"struct" no longer necessary; - parameter renamings are no longer
required to be injective.  For example, this allows to define
endomorphisms as locale endom = homom mult mult h.

* Isar/locales: changed the way locales with predicates are defined.
Instead of accumulating the specification, the imported expression is
now an interpretation.  INCOMPATIBILITY: different normal form of
locale expressions.  In particular, in interpretations of locales with
predicates, goals repesenting already interpreted fragments are not
removed automatically.  Use methods `intro_locales' and
`unfold_locales'; see below.

* Isar/locales: new methods `intro_locales' and `unfold_locales'
provide backward reasoning on locales predicates.  The methods are
aware of interpretations and discharge corresponding goals.
`intro_locales' is less aggressive then `unfold_locales' and does not
unfold predicates to assumptions.

* Isar/locales: the order in which locale fragments are accumulated
has changed.  This enables to override declarations from fragments due
to interpretations -- for example, unwanted simp rules.

* Isar/locales: interpretation in theories and proof contexts has been
extended.  One may now specify (and prove) equations, which are
unfolded in interpreted theorems.  This is useful for replacing
defined concepts (constants depending on locale parameters) by
concepts already existing in the target context.  Example:

  interpretation partial_order ["op <= :: [int, int] => bool"]
    where "partial_order.less (op <=) (x::int) y = (x < y)"

Typically, the constant `partial_order.less' is created by a
definition specification element in the context of locale
partial_order.

* Method "induct": improved internal context management to support
local fixes and defines on-the-fly. Thus explicit meta-level
connectives !!  and ==> are rarely required anymore in inductive goals
(using object-logic connectives for this purpose has been long
obsolete anyway). Common proof patterns are explained in
src/HOL/Induct/Common_Patterns.thy, see also
src/HOL/Isar_examples/Puzzle.thy and src/HOL/Lambda for realistic
examples.

* Method "induct": improved handling of simultaneous goals. Instead of
introducing object-level conjunction, the statement is now split into
several conclusions, while the corresponding symbolic cases are nested
accordingly. INCOMPATIBILITY, proofs need to be structured explicitly,
see src/HOL/Induct/Common_Patterns.thy, for example.

* Method "induct": mutual induction rules are now specified as a list
of rule sharing the same induction cases. HOL packages usually provide
foo_bar.inducts for mutually defined items foo and bar (e.g. inductive
predicates/sets or datatypes). INCOMPATIBILITY, users need to specify
mutual induction rules differently, i.e. like this:

  (induct rule: foo_bar.inducts)
  (induct set: foo bar)
  (induct pred: foo bar)
  (induct type: foo bar)

The ML function ProjectRule.projections turns old-style rules into the
new format.

* Method "coinduct": dual of induction, see
src/HOL/Library/Coinductive_List.thy for various examples.

* Method "cases", "induct", "coinduct": the ``(open)'' option is
considered a legacy feature.

* Attribute "symmetric" produces result with standardized schematic
variables (index 0).  Potential INCOMPATIBILITY.

* Simplifier: by default the simplifier trace only shows top level
rewrites now. That is, trace_simp_depth_limit is set to 1 by
default. Thus there is less danger of being flooded by the trace. The
trace indicates where parts have been suppressed.
  
* Provers/classical: removed obsolete classical version of elim_format
attribute; classical elim/dest rules are now treated uniformly when
manipulating the claset.

* Provers/classical: stricter checks to ensure that supplied intro,
dest and elim rules are well-formed; dest and elim rules must have at
least one premise.

* Provers/classical: attributes dest/elim/intro take an optional
weight argument for the rule (just as the Pure versions).  Weights are
ignored by automated tools, but determine the search order of single
rule steps.

* Syntax: input syntax now supports dummy variable binding "%_. b",
where the body does not mention the bound variable.  Note that dummy
patterns implicitly depend on their context of bounds, which makes
"{_. _}" match any set comprehension as expected.  Potential
INCOMPATIBILITY -- parse translations need to cope with syntactic
constant "_idtdummy" in the binding position.

* Syntax: removed obsolete syntactic constant "_K" and its associated
parse translation.  INCOMPATIBILITY -- use dummy abstraction instead,
for example "A -> B" => "Pi A (%_. B)".

* Pure: 'class_deps' command visualizes the subclass relation, using
the graph browser tool.

* Pure: 'print_theory' now suppresses certain internal declarations by
default; use '!' option for full details.


*** HOL ***

* Method "metis" proves goals by applying the Metis general-purpose
resolution prover (see also http://gilith.com/software/metis/).
Examples are in the directory MetisExamples.  WARNING: the
Isabelle/HOL-Metis integration does not yet work properly with
multi-threading.
  
* Command 'sledgehammer' invokes external automatic theorem provers as
background processes.  It generates calls to the "metis" method if
successful. These can be pasted into the proof.  Users do not have to
wait for the automatic provers to return.  WARNING: does not really
work with multi-threading.

* New "auto_quickcheck" feature tests outermost goal statements for
potential counter-examples.  Controlled by ML references
auto_quickcheck (default true) and auto_quickcheck_time_limit (default
5000 milliseconds).  Fails silently if statements is outside of
executable fragment, or any other codgenerator problem occurs.

* New constant "undefined" with axiom "undefined x = undefined".

* Added class "HOL.eq", allowing for code generation with polymorphic
equality.

* Some renaming of class constants due to canonical name prefixing in
the new 'class' package:

    HOL.abs ~> HOL.abs_class.abs
    HOL.divide ~> HOL.divide_class.divide
    0 ~> HOL.zero_class.zero
    1 ~> HOL.one_class.one
    op + ~> HOL.plus_class.plus
    op - ~> HOL.minus_class.minus
    uminus ~> HOL.minus_class.uminus
    op * ~> HOL.times_class.times
    op < ~> HOL.ord_class.less
    op <= > HOL.ord_class.less_eq
    Nat.power ~> Power.power_class.power
    Nat.size ~> Nat.size_class.size
    Numeral.number_of ~> Numeral.number_class.number_of
    FixedPoint.Inf ~> Lattices.complete_lattice_class.Inf
    FixedPoint.Sup ~> Lattices.complete_lattice_class.Sup
    Orderings.min ~> Orderings.ord_class.min
    Orderings.max ~> Orderings.ord_class.max
    Divides.op div ~> Divides.div_class.div
    Divides.op mod ~> Divides.div_class.mod
    Divides.op dvd ~> Divides.div_class.dvd

INCOMPATIBILITY.  Adaptions may be required in the following cases:

a) User-defined constants using any of the names "plus", "minus",
"times", "less" or "less_eq". The standard syntax translations for
"+", "-" and "*" may go wrong.  INCOMPATIBILITY: use more specific
names.

b) Variables named "plus", "minus", "times", "less", "less_eq"
INCOMPATIBILITY: use more specific names.

c) Permutative equations (e.g. "a + b = b + a")
Since the change of names also changes the order of terms, permutative
rewrite rules may get applied in a different order. Experience shows
that this is rarely the case (only two adaptions in the whole Isabelle
distribution).  INCOMPATIBILITY: rewrite proofs

d) ML code directly refering to constant names
This in general only affects hand-written proof tactics, simprocs and
so on.  INCOMPATIBILITY: grep your sourcecode and replace names.
Consider using @{const_name} antiquotation.

* New class "default" with associated constant "default".

* Function "sgn" is now overloaded and available on int, real, complex
(and other numeric types), using class "sgn".  Two possible defs of
sgn are given as equational assumptions in the classes sgn_if and
sgn_div_norm; ordered_idom now also inherits from sgn_if.
INCOMPATIBILITY.

* Locale "partial_order" now unified with class "order" (cf. theory
Orderings), added parameter "less".  INCOMPATIBILITY.

* Renamings in classes "order" and "linorder": facts "refl", "trans" and
"cases" to "order_refl", "order_trans" and "linorder_cases", to avoid
clashes with HOL "refl" and "trans".  INCOMPATIBILITY.

* Classes "order" and "linorder": potential INCOMPATIBILITY due to
changed order of proof goals in instance proofs.

* The transitivity reasoner for partial and linear orders is set up
for classes "order" and "linorder".  Instances of the reasoner are available
in all contexts importing or interpreting the corresponding locales.
Method "order" invokes the reasoner separately; the reasoner
is also integrated with the Simplifier as a solver.  Diagnostic
command 'print_orders' shows the available instances of the reasoner
in the current context.

* Localized monotonicity predicate in theory "Orderings"; integrated
lemmas max_of_mono and min_of_mono with this predicate.
INCOMPATIBILITY.

* Formulation of theorem "dense" changed slightly due to integration
with new class dense_linear_order.

* Uniform lattice theory development in HOL.

    constants "meet" and "join" now named "inf" and "sup"
    constant "Meet" now named "Inf"

    classes "meet_semilorder" and "join_semilorder" now named
      "lower_semilattice" and "upper_semilattice"
    class "lorder" now named "lattice"
    class "comp_lat" now named "complete_lattice"

    Instantiation of lattice classes allows explicit definitions
    for "inf" and "sup" operations (or "Inf" and "Sup" for complete lattices).

  INCOMPATIBILITY.  Theorem renames:

    meet_left_le            ~> inf_le1
    meet_right_le           ~> inf_le2
    join_left_le            ~> sup_ge1
    join_right_le           ~> sup_ge2
    meet_join_le            ~> inf_sup_ord
    le_meetI                ~> le_infI
    join_leI                ~> le_supI
    le_meet                 ~> le_inf_iff
    le_join                 ~> ge_sup_conv
    meet_idempotent         ~> inf_idem
    join_idempotent         ~> sup_idem
    meet_comm               ~> inf_commute
    join_comm               ~> sup_commute
    meet_leI1               ~> le_infI1
    meet_leI2               ~> le_infI2
    le_joinI1               ~> le_supI1
    le_joinI2               ~> le_supI2
    meet_assoc              ~> inf_assoc
    join_assoc              ~> sup_assoc
    meet_left_comm          ~> inf_left_commute
    meet_left_idempotent    ~> inf_left_idem
    join_left_comm          ~> sup_left_commute
    join_left_idempotent    ~> sup_left_idem
    meet_aci                ~> inf_aci
    join_aci                ~> sup_aci
    le_def_meet             ~> le_iff_inf
    le_def_join             ~> le_iff_sup
    join_absorp2            ~> sup_absorb2
    join_absorp1            ~> sup_absorb1
    meet_absorp1            ~> inf_absorb1
    meet_absorp2            ~> inf_absorb2
    meet_join_absorp        ~> inf_sup_absorb
    join_meet_absorp        ~> sup_inf_absorb
    distrib_join_le         ~> distrib_sup_le
    distrib_meet_le         ~> distrib_inf_le

    add_meet_distrib_left   ~> add_inf_distrib_left
    add_join_distrib_left   ~> add_sup_distrib_left
    is_join_neg_meet        ~> is_join_neg_inf
    is_meet_neg_join        ~> is_meet_neg_sup
    add_meet_distrib_right  ~> add_inf_distrib_right
    add_join_distrib_right  ~> add_sup_distrib_right
    add_meet_join_distribs  ~> add_sup_inf_distribs
    join_eq_neg_meet        ~> sup_eq_neg_inf
    meet_eq_neg_join        ~> inf_eq_neg_sup
    add_eq_meet_join        ~> add_eq_inf_sup
    meet_0_imp_0            ~> inf_0_imp_0
    join_0_imp_0            ~> sup_0_imp_0
    meet_0_eq_0             ~> inf_0_eq_0
    join_0_eq_0             ~> sup_0_eq_0
    neg_meet_eq_join        ~> neg_inf_eq_sup
    neg_join_eq_meet        ~> neg_sup_eq_inf
    join_eq_if              ~> sup_eq_if

    mono_meet               ~> mono_inf
    mono_join               ~> mono_sup
    meet_bool_eq            ~> inf_bool_eq
    join_bool_eq            ~> sup_bool_eq
    meet_fun_eq             ~> inf_fun_eq
    join_fun_eq             ~> sup_fun_eq
    meet_set_eq             ~> inf_set_eq
    join_set_eq             ~> sup_set_eq
    meet1_iff               ~> inf1_iff
    meet2_iff               ~> inf2_iff
    meet1I                  ~> inf1I
    meet2I                  ~> inf2I
    meet1D1                 ~> inf1D1
    meet2D1                 ~> inf2D1
    meet1D2                 ~> inf1D2
    meet2D2                 ~> inf2D2
    meet1E                  ~> inf1E
    meet2E                  ~> inf2E
    join1_iff               ~> sup1_iff
    join2_iff               ~> sup2_iff
    join1I1                 ~> sup1I1
    join2I1                 ~> sup2I1
    join1I1                 ~> sup1I1
    join2I2                 ~> sup1I2
    join1CI                 ~> sup1CI
    join2CI                 ~> sup2CI
    join1E                  ~> sup1E
    join2E                  ~> sup2E

    is_meet_Meet            ~> is_meet_Inf
    Meet_bool_def           ~> Inf_bool_def
    Meet_fun_def            ~> Inf_fun_def
    Meet_greatest           ~> Inf_greatest
    Meet_lower              ~> Inf_lower
    Meet_set_def            ~> Inf_set_def

    Sup_def                 ~> Sup_Inf
    Sup_bool_eq             ~> Sup_bool_def
    Sup_fun_eq              ~> Sup_fun_def
    Sup_set_eq              ~> Sup_set_def

    listsp_meetI            ~> listsp_infI
    listsp_meet_eq          ~> listsp_inf_eq

    meet_min                ~> inf_min
    join_max                ~> sup_max

* Added syntactic class "size"; overloaded constant "size" now has
type "'a::size ==> bool"

* Internal reorganisation of `size' of datatypes: size theorems
"foo.size" are no longer subsumed by "foo.simps" (but are still
simplification rules by default!); theorems "prod.size" now named
"*.size".

* Class "div" now inherits from class "times" rather than "type".
INCOMPATIBILITY.

* HOL/Finite_Set: "name-space" locales Lattice, Distrib_lattice,
Linorder etc.  have disappeared; operations defined in terms of
fold_set now are named Inf_fin, Sup_fin.  INCOMPATIBILITY.

* HOL/Nat: neq0_conv no longer declared as iff.  INCOMPATIBILITY.

* HOL-Word: New extensive library and type for generic, fixed size
machine words, with arithemtic, bit-wise, shifting and rotating
operations, reflection into int, nat, and bool lists, automation for
linear arithmetic (by automatic reflection into nat or int), including
lemmas on overflow and monotonicity.  Instantiated to all appropriate
arithmetic type classes, supporting automatic simplification of
numerals on all operations.

* Library/Boolean_Algebra: locales for abstract boolean algebras.

* Library/Numeral_Type: numbers as types, e.g. TYPE(32).

* Code generator library theories:
  - Code_Integer represents HOL integers by big integer literals in target
    languages.
  - Code_Char represents HOL characters by character literals in target
    languages.
  - Code_Char_chr like Code_Char, but also offers treatment of character
    codes; includes Code_Integer.
  - Executable_Set allows to generate code for finite sets using lists.
  - Executable_Rat implements rational numbers as triples (sign, enumerator,
    denominator).
  - Executable_Real implements a subset of real numbers, namly those
    representable by rational numbers.
  - Efficient_Nat implements natural numbers by integers, which in general will
    result in higher efficency; pattern matching with 0/Suc is eliminated;
    includes Code_Integer.
  - Code_Index provides an additional datatype index which is mapped to
    target-language built-in integers.
  - Code_Message provides an additional datatype message_string which is isomorphic to
    strings; messages are mapped to target-language strings.

* New package for inductive predicates

  An n-ary predicate p with m parameters z_1, ..., z_m can now be defined via

    inductive
      p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool"
      for z_1 :: U_1 and ... and z_n :: U_m
    where
      rule_1: "... ==> p z_1 ... z_m t_1_1 ... t_1_n"
    | ...

  with full support for type-inference, rather than

    consts s :: "U_1 => ... => U_m => (T_1 * ... * T_n) set"

    abbreviation p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool"
    where "p z_1 ... z_m x_1 ... x_n == (x_1, ..., x_n) : s z_1 ... z_m"

    inductive "s z_1 ... z_m"
    intros
      rule_1: "... ==> (t_1_1, ..., t_1_n) : s z_1 ... z_m"
      ...

  For backward compatibility, there is a wrapper allowing inductive
  sets to be defined with the new package via

    inductive_set
      s :: "U_1 => ... => U_m => (T_1 * ... * T_n) set"
      for z_1 :: U_1 and ... and z_n :: U_m
    where
      rule_1: "... ==> (t_1_1, ..., t_1_n) : s z_1 ... z_m"
    | ...

  or

    inductive_set
      s :: "U_1 => ... => U_m => (T_1 * ... * T_n) set"
      and p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool"
      for z_1 :: U_1 and ... and z_n :: U_m
    where
      "p z_1 ... z_m x_1 ... x_n == (x_1, ..., x_n) : s z_1 ... z_m"
    | rule_1: "... ==> p z_1 ... z_m t_1_1 ... t_1_n"
    | ...

  if the additional syntax "p ..." is required.

  Numerous examples can be found in the subdirectories src/HOL/Auth,
  src/HOL/Bali, src/HOL/Induct, and src/HOL/MicroJava.

  INCOMPATIBILITIES:

  - Since declaration and definition of inductive sets or predicates
    is no longer separated, abbreviations involving the newly
    introduced sets or predicates must be specified together with the
    introduction rules after the 'where' keyword (see above), rather
    than before the actual inductive definition.

  - The variables in induction and elimination rules are now
    quantified in the order of their occurrence in the introduction
    rules, rather than in alphabetical order. Since this may break
    some proofs, these proofs either have to be repaired, e.g. by
    reordering the variables a_i_1 ... a_i_{k_i} in Isar 'case'
    statements of the form

      case (rule_i a_i_1 ... a_i_{k_i})

    or the old order of quantification has to be restored by explicitly adding
    meta-level quantifiers in the introduction rules, i.e.

      | rule_i: "!!a_i_1 ... a_i_{k_i}. ... ==> p z_1 ... z_m t_i_1 ... t_i_n"

  - The format of the elimination rules is now

      p z_1 ... z_m x_1 ... x_n ==>
        (!!a_1_1 ... a_1_{k_1}. x_1 = t_1_1 ==> ... ==> x_n = t_1_n ==> ... ==> P)
        ==> ... ==> P

    for predicates and

      (x_1, ..., x_n) : s z_1 ... z_m ==>
        (!!a_1_1 ... a_1_{k_1}. x_1 = t_1_1 ==> ... ==> x_n = t_1_n ==> ... ==> P)
        ==> ... ==> P

    for sets rather than

      x : s z_1 ... z_m ==>
        (!!a_1_1 ... a_1_{k_1}. x = (t_1_1, ..., t_1_n) ==> ... ==> P)
        ==> ... ==> P

    This may require terms in goals to be expanded to n-tuples
    (e.g. using case_tac or simplification with the split_paired_all
    rule) before the above elimination rule is applicable.

  - The elimination or case analysis rules for (mutually) inductive
    sets or predicates are now called "p_1.cases" ... "p_k.cases". The
    list of rules "p_1_..._p_k.elims" is no longer available.

* New package "function"/"fun" for general recursive functions,
supporting mutual and nested recursion, definitions in local contexts,
more general pattern matching and partiality. See HOL/ex/Fundefs.thy
for small examples, and the separate tutorial on the function
package. The old recdef "package" is still available as before, but
users are encouraged to use the new package.

* Method "lexicographic_order" automatically synthesizes termination
relations as lexicographic combinations of size measures. 

* Case-expressions allow arbitrary constructor-patterns (including
"_") and take their order into account, like in functional
programming.  Internally, this is translated into nested
case-expressions; missing cases are added and mapped to the predefined
constant "undefined". In complicated cases printing may no longer show
the original input but the internal form. Lambda-abstractions allow
the same form of pattern matching: "% pat1 => e1 | ..." is an
abbreviation for "%x. case x of pat1 => e1 | ..." where x is a new
variable.

* IntDef: The constant "int :: nat => int" has been removed; now "int"
is an abbreviation for "of_nat :: nat => int". The simplification
rules for "of_nat" have been changed to work like "int" did
previously.  Potential INCOMPATIBILITY:
  - "of_nat (Suc m)" simplifies to "1 + of_nat m" instead of "of_nat m + 1"
  - of_nat_diff and of_nat_mult are no longer default simp rules

* Method "algebra" solves polynomial equations over (semi)rings using
Groebner bases. The (semi)ring structure is defined by locales and the
tool setup depends on that generic context. Installing the method for
a specific type involves instantiating the locale and possibly adding
declarations for computation on the coefficients.  The method is
already instantiated for natural numbers and for the axiomatic class
of idoms with numerals.  See also the paper by Chaieb and Wenzel at
CALCULEMUS 2007 for the general principles underlying this
architecture of context-aware proof-tools.

* Method "ferrack" implements quantifier elimination over
special-purpose dense linear orders using locales (analogous to
"algebra"). The method is already installed for class
{ordered_field,recpower,number_ring} which subsumes real, hyperreal,
rat, etc.

* Former constant "List.op @" now named "List.append".  Use ML
antiquotations @{const_name List.append} or @{term " ... @ ... "} to
circumvent possible incompatibilities when working on ML level.

* primrec: missing cases mapped to "undefined" instead of "arbitrary".

* New function listsum :: 'a list => 'a for arbitrary monoids.
Special syntax: "SUM x <- xs. f x" (and latex variants)

* New syntax for Haskell-like list comprehension (input only), eg.
[(x,y). x <- xs, y <- ys, x ~= y], see also src/HOL/List.thy.

* The special syntax for function "filter" has changed from [x :
xs. P] to [x <- xs. P] to avoid an ambiguity caused by list
comprehension syntax, and for uniformity.  INCOMPATIBILITY.

* [a..b] is now defined for arbitrary linear orders.  It used to be
defined on nat only, as an abbreviation for [a..<Suc b]
INCOMPATIBILITY.

* Renamed lemma "set_take_whileD"  to "set_takeWhileD".

* New functions "sorted" and "sort" in src/HOL/List.thy.

* New lemma collection field_simps (an extension of ring_simps) for
manipulating (in)equations involving division. Multiplies with all
denominators that can be proved to be non-zero (in equations) or
positive/negative (in inequations).

* Lemma collections ring_eq_simps, group_eq_simps and ring_distrib
have been improved and renamed to ring_simps, group_simps and
ring_distribs.  Removed lemmas field_xyz in theory Ring_and_Field
because they were subsumed by lemmas xyz.  INCOMPATIBILITY.

* Theory Library/Commutative_Ring: switched from recdef to function
package; constants add, mul, pow now curried.  Infix syntax for
algebraic operations.

* Dropped redundant lemma def_imp_eq in favor of meta_eq_to_obj_eq.
INCOMPATIBILITY.

* Dropped redundant lemma if_def2 in favor of if_bool_eq_conj.
INCOMPATIBILITY.

* HOL/records: generalised field-update to take a function on the
field rather than the new value: r(|A := x|) is translated to A_update
(K x) r The K-combinator that is internally used is called K_record.
INCOMPATIBILITY: Usage of the plain update functions has to be
adapted.
 
* Class "semiring_0" now contains annihilation axioms x * 0 = 0 and 0
* x = 0, which are required for a semiring.  Richer structures do not
inherit from semiring_0 anymore, because this property is a theorem
there, not an axiom.  INCOMPATIBILITY: In instances of semiring_0,
there is more to prove, but this is mostly trivial.

* Class "recpower" is generalized to arbitrary monoids, not just
commutative semirings.  INCOMPATIBILITY: may need to incorporate
commutativity or semiring properties additionally.

* Constant "List.list_all2" in List.thy now uses authentic syntax.
INCOMPATIBILITY: translations containing list_all2 may go wrong,
better use 'abbreviation'.

* Renamed constant "List.op mem" to "List.member".  INCOMPATIBILITY.

* Numeral syntax: type 'bin' which was a mere type copy of 'int' has
been abandoned in favour of plain 'int'.  INCOMPATIBILITY --
significant changes for setting up numeral syntax for types:
  - New constants Numeral.pred and Numeral.succ instead
      of former Numeral.bin_pred and Numeral.bin_succ.
  - Use integer operations instead of bin_add, bin_mult and so on.
  - Numeral simplification theorems named Numeral.numeral_simps instead of Bin_simps.
  - ML structure Bin_Simprocs now named Int_Numeral_Base_Simprocs.

See src/HOL/Integ/IntArith.thy for an example setup.

* Command 'normal_form' computes the normal form of a term that may
contain free variables.  For example ``normal_form "rev [a, b, c]"''
produces ``[b, c, a]'' (without proof).  This command is suitable for
heavy-duty computations because the functions are compiled to ML
first.  Correspondingly, a method "normalization" is provided.  See
further src/HOL/ex/NormalForm.thy and src/Tools/nbe.ML.

* Alternative iff syntax "A <-> B" for equality on bool (with priority
25 like -->); output depends on the "iff" print_mode, the default is
"A = B" (with priority 50).

* Relations less (<) and less_eq (<=) are also available on type bool.
Modified syntax to disallow nesting without explicit parentheses,
e.g. "(x < y) < z" or "x < (y < z)", but NOT "x < y < z".  Potential
INCOMPATIBILITY.

* "LEAST x:A. P" expands to "LEAST x. x:A & P" (input only).

* Relation composition operator "op O" now has precedence 75 and binds
stronger than union and intersection. INCOMPATIBILITY.

* The old set interval syntax "{m..n(}" (and relatives) has been
removed.  Use "{m..<n}" (and relatives) instead.

* In the context of the assumption "~(s = t)" the Simplifier rewrites
"t = s" to False (by simproc "neq").  INCOMPATIBILITY, consider using
``declare [[simproc del: neq]]''.

* Simplifier: "m dvd n" where m and n are numbers is evaluated to
True/False.

* Theorem Cons_eq_map_conv no longer declared as "simp".

* Theorem setsum_mult renamed to setsum_right_distrib.

* Prefer ex1I over ex_ex1I in single-step reasoning, e.g. by the
``rule'' method.

* Reimplemented methods "sat" and "satx", with several improvements:
goals no longer need to be stated as "<prems> ==> False", equivalences
(i.e. "=" on type bool) are handled, variable names of the form
"lit_<n>" are no longer reserved, significant speedup.

* Methods "sat" and "satx" can now replay MiniSat proof traces.
zChaff is still supported as well.

* 'inductive' and 'datatype': provide projections of mutual rules,
bundled as foo_bar.inducts;

* Library: moved theories Parity, GCD, Binomial, Infinite_Set to
Library.

* Library: moved theory Accessible_Part to main HOL.

* Library: added theory Coinductive_List of potentially infinite lists
as greatest fixed-point.

* Library: added theory AssocList which implements (finite) maps as
association lists.

* Method "evaluation" solves goals (i.e. a boolean expression)
efficiently by compiling it to ML.  The goal is "proved" (via an
oracle) if it evaluates to True.

* Linear arithmetic now splits certain operators (e.g. min, max, abs)
also when invoked by the simplifier.  This results in the Simplifier
being more powerful on arithmetic goals.  INCOMPATIBILITY.
Configuration option fast_arith_split_limit=0 recovers the old
behavior.

* Support for hex (0x20) and binary (0b1001) numerals.

* New method: reify eqs (t), where eqs are equations for an
interpretation I :: 'a list => 'b => 'c and t::'c is an optional
parameter, computes a term s::'b and a list xs::'a list and proves the
theorem I xs s = t. This is also known as reification or quoting. The
resulting theorem is applied to the subgoal to substitute t with I xs
s.  If t is omitted, the subgoal itself is reified.

* New method: reflection corr_thm eqs (t). The parameters eqs and (t)
are as explained above. corr_thm is a theorem for I vs (f t) = I vs t,
where f is supposed to be a computable function (in the sense of code
generattion). The method uses reify to compute s and xs as above then
applies corr_thm and uses normalization by evaluation to "prove" f s =
r and finally gets the theorem t = r, which is again applied to the
subgoal. An Example is available in src/HOL/ex/ReflectionEx.thy.

* Reflection: Automatic reification now handels binding, an example is
available in src/HOL/ex/ReflectionEx.thy

* HOL-Statespace: ``State Spaces: The Locale Way'' introduces a
command 'statespace' that is similar to 'record', but introduces an
abstract specification based on the locale infrastructure instead of
HOL types.  This leads to extra flexibility in composing state spaces,
in particular multiple inheritance and renaming of components.


*** HOL-Complex ***

* Hyperreal: Functions root and sqrt are now defined on negative real
inputs so that root n (- x) = - root n x and sqrt (- x) = - sqrt x.
Nonnegativity side conditions have been removed from many lemmas, so
that more subgoals may now be solved by simplification; potential
INCOMPATIBILITY.

* Real: new type classes formalize real normed vector spaces and
algebras, using new overloaded constants scaleR :: real => 'a => 'a
and norm :: 'a => real.

* Real: constant of_real :: real => 'a::real_algebra_1 injects from
reals into other types. The overloaded constant Reals :: 'a set is now
defined as range of_real; potential INCOMPATIBILITY.

* Real: proper support for ML code generation, including 'quickcheck'.
Reals are implemented as arbitrary precision rationals.

* Hyperreal: Several constants that previously worked only for the
reals have been generalized, so they now work over arbitrary vector
spaces. Type annotations may need to be added in some cases; potential
INCOMPATIBILITY.