NEWS

antisym first;

Isabelle NEWS -- history user-relevant changes
==============================================

New in this Isabelle version
----------------------------

*** Overview of INCOMPATIBILITIES (see below for more details) ***

* HOL: Removed the obsolete syntax "Compl A"; use -A for set
complement;

* HOL: the predicate "inj" is now defined by translation to "inj_on";

* HOL/typedef: fixed type inference for representing set; type
arguments now have to occur explicitly on the rhs as type constraints;

* ZF: The con_defs part of an inductive definition may no longer refer
to constants declared in the same theory;

* HOL, ZF: the function mk_cases, generated by the inductive
definition package, has lost an argument.  To simplify its result, it
uses the default simpset instead of a supplied list of theorems.


*** Proof tools ***

* Provers/Arith/fast_lin_arith.ML contains a functor for creating a
decision procedure for linear arithmetic. Currently it is used for
types `nat' and `int' in HOL (see below) but can, should and will be
instantiated for other types and logics as well.


*** General ***

* Isabelle manuals now also available as PDF;

* improved browser info generation: better HTML markup (including
colors), graph views in several sizes; isatool usedir now provides a
proper interface for user theories (via -P option);

* theory loader rewritten from scratch (may not be fully
bug-compatible); old loadpath variable has been replaced by show_path,
add_path, del_path, reset_path functions; new operations such as
update_thy, touch_thy, remove_thy (see also isatool doc ref);

* in locales, the "assumes" and "defines" parts may be omitted if
empty;

* new print_mode "xsymbols" for extended symbol support (e.g. genuine
long arrows);

* new print_mode "HTML";

* path element specification '~~' refers to '$ISABELLE_HOME';

* new flag show_tags controls display of tags of theorems (which are
basically just comments that may be attached by some tools);

* improved isatool install: option -k creates KDE application icon,
option -p DIR installs standalone binaries;

* added ML_PLATFORM setting (useful for cross-platform installations);
more robust handling of platform specific ML images for SML/NJ;

* Isamode 2.6 requires patch to accomodate change of Isabelle font
mode and goal output format:

diff -r Isamode-2.6/elisp/isa-load.el Isamode/elisp/isa-load.el
244c244
<       (list (isa-getenv "ISABELLE") "-msymbols" logic-name)
---
>       (list (isa-getenv "ISABELLE") "-misabelle_font" "-msymbols" logic-name)
diff -r Isabelle-2.6/elisp/isa-proofstate.el Isamode/elisp/isa-proofstate.el
181c181
< (defconst proofstate-proofstart-regexp "^Level [0-9]+$"
---
> (defconst proofstate-proofstart-regexp "^Level [0-9]+"


*** HOL ***

* There are now decision procedures for linear arithmetic over nat and
int:

1. arith_tac copes with arbitrary formulae involving `=', `<', `<=',
`+', `-', `Suc', `min', `max' and numerical constants; other subterms
are treated as atomic; subformulae not involving type `nat' or `int'
are ignored; quantified subformulae are ignored unless they are
positive universal or negative existential. The tactic has to be
invoked by hand and can be a little bit slow. In particular, the
running time is exponential in the number of occurrences of `min' and
`max', and `-' on `nat'.

2. fast_arith_tac is a cut-down version of arith_tac: it only takes
(negated) (in)equalities among the premises and the conclusion into
account (i.e. no compound formulae) and does not know about `min' and
`max', and `-' on `nat'. It is fast and is used automatically by the
simplifier.

NB: At the moment, these decision procedures do not cope with mixed
nat/int formulae where the two parts interact, such as `m < n ==>
int(m) < int(n)'.

* New bounded quantifier syntax (input only):
  ! x < y. P, ! x <= y. P, ? x < y. P, ? x <= y. P

* HOL/TLA (Lamport's Temporal Logic of Actions): major reorganization
-- avoids syntactic ambiguities and treats state, transition, and
temporal levels more uniformly; introduces INCOMPATIBILITIES due to
changed syntax and (many) tactics;

* HOL/typedef: fixed type inference for representing set; type
arguments now have to occur explicitly on the rhs as type constraints;

* HOL/recdef (TFL): requires theory Recdef; 'congs' syntax now expects
comma separated list of theorem names rather than an ML expression;

* reset HOL_quantifiers by default, i.e. quantifiers are printed as
ALL/EX rather than !/?;


*** ZF ***

* new primrec section allows primitive recursive functions to be given
directly (as in HOL) over datatypes and the natural numbers;

* new tactics induct_tac and exhaust_tac for induction (or case
analysis) over datatypes and the natural numbers;

* the datatype declaration of type T now defines the recursor T_rec;

* simplification automatically does freeness reasoning for datatype
constructors;

* automatic type-inference, with AddTCs command to insert new
type-checking rules;

* datatype introduction rules are now added as Safe Introduction rules
to the claset;

* the syntax "if P then x else y" is now available in addition to
if(P,x,y);


*** Internal programming interfaces ***

* AxClass.axclass_tac lost the theory argument;

* tuned current_goals_markers semantics: begin / end goal avoids
printing empty lines;

* removed prs and prs_fn hook, which was broken because it did not
include \n in its semantics, forcing writeln to add one
uncoditionally; replaced prs_fn by writeln_fn; consider std_output:
string -> unit if you really want to output text without newline;

* Symbol.output subject to print mode; INCOMPATIBILITY: defaults to
plain output, interface builders may have to enable 'isabelle_font'
mode to get Isabelle font glyphs as before;

* refined token_translation interface; INCOMPATIBILITY: output length
now of type real instead of int;



New in Isabelle98-1 (October 1998)
----------------------------------

*** Overview of INCOMPATIBILITIES (see below for more details) ***

* several changes of automated proof tools;

* HOL: major changes to the inductive and datatype packages, including
some minor incompatibilities of theory syntax;

* HOL: renamed r^-1 to 'converse' from 'inverse'; 'inj_onto' is now
called `inj_on';

* HOL: removed duplicate thms in Arith:
  less_imp_add_less  should be replaced by  trans_less_add1
  le_imp_add_le      should be replaced by  trans_le_add1

* HOL: unary minus is now overloaded (new type constraints may be
required);

* HOL and ZF: unary minus for integers is now #- instead of #~.  In
ZF, expressions such as n#-1 must be changed to n#- 1, since #-1 is
now taken as an integer constant.

* Pure: ML function 'theory_of' renamed to 'theory';


*** Proof tools ***

* Simplifier:
  1. Asm_full_simp_tac is now more aggressive.
     1. It will sometimes reorient premises if that increases their power to
        simplify.
     2. It does no longer proceed strictly from left to right but may also
        rotate premises to achieve further simplification.
     For compatibility reasons there is now Asm_lr_simp_tac which is like the
     old Asm_full_simp_tac in that it does not rotate premises.
  2. The simplifier now knows a little bit about nat-arithmetic.

* Classical reasoner: wrapper mechanism for the classical reasoner now
allows for selected deletion of wrappers, by introduction of names for
wrapper functionals.  This implies that addbefore, addSbefore,
addaltern, and addSaltern now take a pair (name, tactic) as argument,
and that adding two tactics with the same name overwrites the first
one (emitting a warning).
  type wrapper = (int -> tactic) -> (int -> tactic)
  setWrapper, setSWrapper, compWrapper and compSWrapper are replaced by
  addWrapper, addSWrapper: claset * (string * wrapper) -> claset
  delWrapper, delSWrapper: claset *  string            -> claset
  getWrapper is renamed to appWrappers, getSWrapper to appSWrappers;

* Classical reasoner: addbefore/addSbefore now have APPEND/ORELSE
semantics; addbefore now affects only the unsafe part of step_tac
etc.; this affects addss/auto_tac/force_tac, so EXISTING PROOFS MAY
FAIL, but proofs should be fixable easily, e.g. by replacing Auto_tac
by Force_tac;

* Classical reasoner: setwrapper to setWrapper and compwrapper to
compWrapper; added safe wrapper (and access functions for it);

* HOL/split_all_tac is now much faster and fails if there is nothing
to split.  Some EXISTING PROOFS MAY REQUIRE ADAPTION because the order
and the names of the automatically generated variables have changed.
split_all_tac has moved within claset() from unsafe wrappers to safe
wrappers, which means that !!-bound variables are split much more
aggressively, and safe_tac and clarify_tac now split such variables.
If this splitting is not appropriate, use delSWrapper "split_all_tac".
Note: the same holds for record_split_tac, which does the job of
split_all_tac for record fields.

* HOL/Simplifier: Rewrite rules for case distinctions can now be added
permanently to the default simpset using Addsplits just like
Addsimps. They can be removed via Delsplits just like
Delsimps. Lower-case versions are also available.

* HOL/Simplifier: The rule split_if is now part of the default
simpset. This means that the simplifier will eliminate all occurrences
of if-then-else in the conclusion of a goal. To prevent this, you can
either remove split_if completely from the default simpset by
`Delsplits [split_if]' or remove it in a specific call of the
simplifier using `... delsplits [split_if]'.  You can also add/delete
other case splitting rules to/from the default simpset: every datatype
generates suitable rules `split_t_case' and `split_t_case_asm' (where
t is the name of the datatype).

* Classical reasoner / Simplifier combination: new force_tac (and
derivatives Force_tac, force) combines rewriting and classical
reasoning (and whatever other tools) similarly to auto_tac, but is
aimed to solve the given subgoal completely.


*** General ***

* new top-level commands `Goal' and `Goalw' that improve upon `goal'
and `goalw': the theory is no longer needed as an explicit argument -
the current theory context is used; assumptions are no longer returned
at the ML-level unless one of them starts with ==> or !!; it is
recommended to convert to these new commands using isatool fixgoal
(backup your sources first!);

* new top-level commands 'thm' and 'thms' for retrieving theorems from
the current theory context, and 'theory' to lookup stored theories;

* new theory section 'locale' for declaring constants, assumptions and
definitions that have local scope;

* new theory section 'nonterminals' for purely syntactic types;

* new theory section 'setup' for generic ML setup functions
(e.g. package initialization);

* the distribution now includes Isabelle icons: see
lib/logo/isabelle-{small,tiny}.xpm;

* isatool install - install binaries with absolute references to
ISABELLE_HOME/bin;

* isatool logo -- create instances of the Isabelle logo (as EPS);

* print mode 'emacs' reserved for Isamode;

* support multiple print (ast) translations per constant name;


*** HOL ***

* there is now a tutorial on Isabelle/HOL (do 'isatool doc tutorial');

* HOL/inductive package reorganized and improved: now supports mutual
definitions such as

  inductive EVEN ODD
    intrs
      null "0 : EVEN"
      oddI "n : EVEN ==> Suc n : ODD"
      evenI "n : ODD ==> Suc n : EVEN"

new theorem list "elims" contains an elimination rule for each of the
recursive sets; inductive definitions now handle disjunctive premises
correctly (also ZF);

INCOMPATIBILITIES: requires Inductive as an ancestor; component
"mutual_induct" no longer exists - the induction rule is always
contained in "induct";


* HOL/datatype package re-implemented and greatly improved: now
supports mutually recursive datatypes such as

  datatype
    'a aexp = IF_THEN_ELSE ('a bexp) ('a aexp) ('a aexp)
            | SUM ('a aexp) ('a aexp)
            | DIFF ('a aexp) ('a aexp)
            | NUM 'a
  and
    'a bexp = LESS ('a aexp) ('a aexp)
            | AND ('a bexp) ('a bexp)
            | OR ('a bexp) ('a bexp)

as well as indirectly recursive datatypes such as

  datatype
    ('a, 'b) term = Var 'a
                  | App 'b ((('a, 'b) term) list)

The new tactic  mutual_induct_tac [<var_1>, ..., <var_n>] i  performs
induction on mutually / indirectly recursive datatypes.

Primrec equations are now stored in theory and can be accessed via
<function_name>.simps.

INCOMPATIBILITIES:

  - Theories using datatypes must now have theory Datatype as an
    ancestor.
  - The specific <typename>.induct_tac no longer exists - use the
    generic induct_tac instead.
  - natE has been renamed to nat.exhaust - use exhaust_tac
    instead of res_inst_tac ... natE. Note that the variable
    names in nat.exhaust differ from the names in natE, this
    may cause some "fragile" proofs to fail.
  - The theorems split_<typename>_case and split_<typename>_case_asm
    have been renamed to <typename>.split and <typename>.split_asm.
  - Since default sorts of type variables are now handled correctly,
    some datatype definitions may have to be annotated with explicit
    sort constraints.
  - Primrec definitions no longer require function name and type
    of recursive argument.

Consider using isatool fixdatatype to adapt your theories and proof
scripts to the new package (backup your sources first!).


* HOL/record package: considerably improved implementation; now
includes concrete syntax for record types, terms, updates; theorems
for surjective pairing and splitting !!-bound record variables; proof
support is as follows:

  1) standard conversions (selectors or updates applied to record
constructor terms) are part of the standard simpset;

  2) inject equations of the form ((x, y) = (x', y')) == x=x' & y=y' are
made part of standard simpset and claset via addIffs;

  3) a tactic for record field splitting (record_split_tac) is part of
the standard claset (addSWrapper);

To get a better idea about these rules you may retrieve them via
something like 'thms "foo.simps"' or 'thms "foo.iffs"', where "foo" is
the name of your record type.

The split tactic 3) conceptually simplifies by the following rule:

  "(!!x. PROP ?P x) == (!!a b. PROP ?P (a, b))"

Thus any record variable that is bound by meta-all will automatically
blow up into some record constructor term, consequently the
simplifications of 1), 2) apply.  Thus force_tac, auto_tac etc. shall
solve record problems automatically.


* reorganized the main HOL image: HOL/Integ and String loaded by
default; theory Main includes everything;

* automatic simplification of integer sums and comparisons, using cancellation;

* added option_map_eq_Some and not_Some_eq to the default simpset and claset;

* added disj_not1 = "(~P | Q) = (P --> Q)" to the default simpset;

* many new identities for unions, intersections, set difference, etc.;

* expand_if, expand_split, expand_sum_case and expand_nat_case are now
called split_if, split_split, split_sum_case and split_nat_case (to go
with add/delsplits);

* HOL/Prod introduces simplification procedure unit_eq_proc rewriting
(?x::unit) = (); this is made part of the default simpset, which COULD
MAKE EXISTING PROOFS FAIL under rare circumstances (consider
'Delsimprocs [unit_eq_proc];' as last resort); also note that
unit_abs_eta_conv is added in order to counter the effect of
unit_eq_proc on (%u::unit. f u), replacing it by f rather than by
%u.f();

* HOL/Fun INCOMPATIBILITY: `inj_onto' is now called `inj_on' (which
makes more sense);

* HOL/Set INCOMPATIBILITY: rule `equals0D' is now a well-formed destruct rule;
  It and 'sym RS equals0D' are now in the default  claset, giving automatic
  disjointness reasoning but breaking a few old proofs.

* HOL/Relation INCOMPATIBILITY: renamed the relational operator r^-1
to 'converse' from 'inverse' (for compatibility with ZF and some
literature);

* HOL/recdef can now declare non-recursive functions, with {} supplied as
the well-founded relation;

* HOL/Set INCOMPATIBILITY: the complement of set A is now written -A instead of
    Compl A.  The "Compl" syntax remains available as input syntax for this
    release ONLY.

* HOL/Update: new theory of function updates:
    f(a:=b) == %x. if x=a then b else f x
may also be iterated as in f(a:=b,c:=d,...);

* HOL/Vimage: new theory for inverse image of a function, syntax f-``B;

* HOL/List:
  - new function list_update written xs[i:=v] that updates the i-th
    list position. May also be iterated as in xs[i:=a,j:=b,...].
  - new function `upt' written [i..j(] which generates the list
    [i,i+1,...,j-1], i.e. the upper bound is excluded. To include the upper
    bound write [i..j], which is a shorthand for [i..j+1(].
  - new lexicographic orderings and corresponding wellfoundedness theorems.

* HOL/Arith:
  - removed 'pred' (predecessor) function;
  - generalized some theorems about n-1;
  - many new laws about "div" and "mod";
  - new laws about greatest common divisors (see theory ex/Primes);

* HOL/Relation: renamed the relational operator r^-1 "converse"
instead of "inverse";

* HOL/Induct/Multiset: a theory of multisets, including the wellfoundedness
  of the multiset ordering;

* directory HOL/Real: a construction of the reals using Dedekind cuts
  (not included by default);

* directory HOL/UNITY: Chandy and Misra's UNITY formalism;

* directory HOL/Hoare: a new version of Hoare logic which permits many-sorted
  programs, i.e. different program variables may have different types.

* calling (stac rew i) now fails if "rew" has no effect on the goal
  [previously, this check worked only if the rewrite rule was unconditional]
  Now rew can involve either definitions or equalities (either == or =).


*** ZF ***

* theory Main includes everything; INCOMPATIBILITY: theory ZF.thy contains
  only the theorems proved on ZF.ML;

* ZF INCOMPATIBILITY: rule `equals0D' is now a well-formed destruct rule;
  It and 'sym RS equals0D' are now in the default  claset, giving automatic
  disjointness reasoning but breaking a few old proofs.

* ZF/Update: new theory of function updates
    with default rewrite rule  f(x:=y) ` z = if(z=x, y, f`z)
  may also be iterated as in f(a:=b,c:=d,...);

* in  let x=t in u(x), neither t nor u(x) has to be an FOL term.

* calling (stac rew i) now fails if "rew" has no effect on the goal
  [previously, this check worked only if the rewrite rule was unconditional]
  Now rew can involve either definitions or equalities (either == or =).

* case_tac provided for compatibility with HOL
    (like the old excluded_middle_tac, but with subgoals swapped)


*** Internal programming interfaces ***

* Pure: several new basic modules made available for general use, see
also src/Pure/README;

* improved the theory data mechanism to support encapsulation (data
kind name replaced by private Object.kind, acting as authorization
key); new type-safe user interface via functor TheoryDataFun; generic
print_data function becomes basically useless;

* removed global_names compatibility flag -- all theory declarations
are qualified by default;

* module Pure/Syntax now offers quote / antiquote translation
functions (useful for Hoare logic etc. with implicit dependencies);
see HOL/ex/Antiquote for an example use;

* Simplifier now offers conversions (asm_)(full_)rewrite: simpset ->
cterm -> thm;

* new tactical CHANGED_GOAL for checking that a tactic modifies a
subgoal;

* Display.print_goals function moved to Locale.print_goals;

* standard print function for goals supports current_goals_markers
variable for marking begin of proof, end of proof, start of goal; the
default is ("", "", ""); setting current_goals_markers := ("<proof>",
"</proof>", "<goal>") causes SGML like tagged proof state printing,
for example;



New in Isabelle98 (January 1998)
--------------------------------

*** Overview of INCOMPATIBILITIES (see below for more details) ***

* changed lexical syntax of terms / types: dots made part of long
identifiers, e.g. "%x.x" no longer possible, should be "%x. x";

* simpset (and claset) reference variable replaced by functions
simpset / simpset_ref;

* no longer supports theory aliases (via merge) and non-trivial
implicit merge of thms' signatures;

* most internal names of constants changed due to qualified names;

* changed Pure/Sequence interface (see Pure/seq.ML);


*** General Changes ***

* hierachically structured name spaces (for consts, types, axms, thms
etc.); new lexical class 'longid' (e.g. Foo.bar.x) may render much of
old input syntactically incorrect (e.g. "%x.x"); COMPATIBILITY:
isatool fixdots ensures space after dots (e.g. "%x. x"); set
long_names for fully qualified output names; NOTE: ML programs
(special tactics, packages etc.) referring to internal names may have
to be adapted to cope with fully qualified names; in case of severe
backward campatibility problems try setting 'global_names' at compile
time to have enrything declared within a flat name space; one may also
fine tune name declarations in theories via the 'global' and 'local'
section;

* reimplemented the implicit simpset and claset using the new anytype
data filed in signatures; references simpset:simpset ref etc. are
replaced by functions simpset:unit->simpset and
simpset_ref:unit->simpset ref; COMPATIBILITY: use isatool fixclasimp
to patch your ML files accordingly;

* HTML output now includes theory graph data for display with Java
applet or isatool browser; data generated automatically via isatool
usedir (see -i option, ISABELLE_USEDIR_OPTIONS);

* defs may now be conditional; improved rewrite_goals_tac to handle
conditional equations;

* defs now admits additional type arguments, using TYPE('a) syntax;

* theory aliases via merge (e.g. M=A+B+C) no longer supported, always
creates a new theory node; implicit merge of thms' signatures is
restricted to 'trivial' ones; COMPATIBILITY: one may have to use
transfer:theory->thm->thm in (rare) cases;

* improved handling of draft signatures / theories; draft thms (and
ctyps, cterms) are automatically promoted to real ones;

* slightly changed interfaces for oracles: admit many per theory, named
(e.g. oracle foo = mlfun), additional name argument for invoke_oracle;

* print_goals: optional output of const types (set show_consts and
show_types);

* improved output of warnings (###) and errors (***);

* subgoal_tac displays a warning if the new subgoal has type variables;

* removed old README and Makefiles;

* replaced print_goals_ref hook by print_current_goals_fn and result_error_fn;

* removed obsolete init_pps and init_database;

* deleted the obsolete tactical STATE, which was declared by
    fun STATE tacfun st = tacfun st st;

* cd and use now support path variables, e.g. $ISABELLE_HOME, or ~
(which abbreviates $HOME);

* changed Pure/Sequence interface (see Pure/seq.ML); COMPATIBILITY:
use isatool fixseq to adapt your ML programs (this works for fully
qualified references to the Sequence structure only!);

* use_thy no longer requires writable current directory; it always
reloads .ML *and* .thy file, if either one is out of date;


*** Classical Reasoner ***

* Clarify_tac, clarify_tac, clarify_step_tac, Clarify_step_tac: new
tactics that use classical reasoning to simplify a subgoal without
splitting it into several subgoals;

* Safe_tac: like safe_tac but uses the default claset;


*** Simplifier ***

* added simplification meta rules:
    (asm_)(full_)simplify: simpset -> thm -> thm;

* simplifier.ML no longer part of Pure -- has to be loaded by object
logics (again);

* added prems argument to simplification procedures;

* HOL, FOL, ZF: added infix function `addsplits':
  instead of `<simpset> setloop (split_tac <thms>)'
  you can simply write `<simpset> addsplits <thms>'


*** Syntax ***

* TYPE('a) syntax for type reflection terms;

* no longer handles consts with name "" -- declare as 'syntax' instead;

* pretty printer: changed order of mixfix annotation preference (again!);

* Pure: fixed idt/idts vs. pttrn/pttrns syntactic categories;


*** HOL ***

* HOL: there is a new splitter `split_asm_tac' that can be used e.g.
  with `addloop' of the simplifier to faciliate case splitting in premises.

* HOL/TLA: Stephan Merz's formalization of Lamport's Temporal Logic of Actions;

* HOL/Auth: new protocol proofs including some for the Internet
  protocol TLS;

* HOL/Map: new theory of `maps' a la VDM;

* HOL/simplifier: simplification procedures nat_cancel_sums for
cancelling out common nat summands from =, <, <= (in)equalities, or
differences; simplification procedures nat_cancel_factor for
cancelling common factor from =, <, <= (in)equalities over natural
sums; nat_cancel contains both kinds of procedures, it is installed by
default in Arith.thy -- this COULD MAKE EXISTING PROOFS FAIL;

* HOL/simplifier: terms of the form
  `? x. P1(x) & ... & Pn(x) & x=t & Q1(x) & ... Qn(x)'  (or t=x)
  are rewritten to
  `P1(t) & ... & Pn(t) & Q1(t) & ... Qn(t)',
  and those of the form
  `! x. P1(x) & ... & Pn(x) & x=t & Q1(x) & ... Qn(x) --> R(x)'  (or t=x)
  are rewritten to
  `P1(t) & ... & Pn(t) & Q1(t) & ... Qn(t) --> R(t)',

* HOL/datatype
  Each datatype `t' now comes with a theorem `split_t_case' of the form

  P(t_case f1 ... fn x) =
     ( (!y1 ... ym1. x = C1 y1 ... ym1 --> P(f1 y1 ... ym1)) &
        ...
       (!y1 ... ymn. x = Cn y1 ... ymn --> P(f1 y1 ... ymn))
     )

  and a theorem `split_t_case_asm' of the form

  P(t_case f1 ... fn x) =
    ~( (? y1 ... ym1. x = C1 y1 ... ym1 & ~P(f1 y1 ... ym1)) |
        ...
       (? y1 ... ymn. x = Cn y1 ... ymn & ~P(f1 y1 ... ymn))
     )
  which can be added to a simpset via `addsplits'. The existing theorems
  expand_list_case and expand_option_case have been renamed to
  split_list_case and split_option_case.

* HOL/Arithmetic:
  - `pred n' is automatically converted to `n-1'.
    Users are strongly encouraged not to use `pred' any longer,
    because it will disappear altogether at some point.
  - Users are strongly encouraged to write "0 < n" rather than
    "n ~= 0". Theorems and proof tools have been modified towards this
    `standard'.

* HOL/Lists:
  the function "set_of_list" has been renamed "set" (and its theorems too);
  the function "nth" now takes its arguments in the reverse order and
  has acquired the infix notation "!" as in "xs!n".

* HOL/Set: UNIV is now a constant and is no longer translated to Compl{};

* HOL/Set: The operator (UN x.B x) now abbreviates (UN x:UNIV. B x) and its
  specialist theorems (like UN1_I) are gone.  Similarly for (INT x.B x);

* HOL/record: extensible records with schematic structural subtyping
(single inheritance); EXPERIMENTAL version demonstrating the encoding,
still lacks various theorems and concrete record syntax;


*** HOLCF ***

* removed "axioms" and "generated by" sections;

* replaced "ops" section by extended "consts" section, which is capable of
  handling the continuous function space "->" directly;

* domain package:
  . proves theorems immediately and stores them in the theory,
  . creates hierachical name space,
  . now uses normal mixfix annotations (instead of cinfix...),
  . minor changes to some names and values (for consistency),
  . e.g. cases -> casedist, dists_eq -> dist_eqs, [take_lemma] -> take_lemmas,
  . separator between mutual domain defs: changed "," to "and",
  . improved handling of sort constraints;  now they have to
    appear on the left-hand side of the equations only;

* fixed LAM <x,y,zs>.b syntax;

* added extended adm_tac to simplifier in HOLCF -- can now discharge
adm (%x. P (t x)), where P is chainfinite and t continuous;


*** FOL and ZF ***

* FOL: there is a new splitter `split_asm_tac' that can be used e.g.
  with `addloop' of the simplifier to faciliate case splitting in premises.

* qed_spec_mp, qed_goal_spec_mp, qed_goalw_spec_mp are available, as
in HOL, they strip ALL and --> from proved theorems;



New in Isabelle94-8 (May 1997)
------------------------------

*** General Changes ***

* new utilities to build / run / maintain Isabelle etc. (in parts
still somewhat experimental); old Makefiles etc. still functional;

* new 'Isabelle System Manual';

* INSTALL text, together with ./configure and ./build scripts;

* reimplemented type inference for greater efficiency, better error
messages and clean internal interface;

* prlim command for dealing with lots of subgoals (an easier way of
setting goals_limit);


*** Syntax ***

* supports alternative (named) syntax tables (parser and pretty
printer); internal interface is provided by add_modesyntax(_i);

* Pure, FOL, ZF, HOL, HOLCF now support symbolic input and output; to
be used in conjunction with the Isabelle symbol font; uses the
"symbols" syntax table;

* added token_translation interface (may translate name tokens in
arbitrary ways, dependent on their type (free, bound, tfree, ...) and
the current print_mode); IMPORTANT: user print translation functions
are responsible for marking newly introduced bounds
(Syntax.mark_boundT);

* token translations for modes "xterm" and "xterm_color" that display
names in bold, underline etc. or colors (which requires a color
version of xterm);

* infixes may now be declared with names independent of their syntax;

* added typed_print_translation (like print_translation, but may
access type of constant);


*** Classical Reasoner ***

Blast_tac: a new tactic!  It is often more powerful than fast_tac, but has
some limitations.  Blast_tac...
  + ignores addss, addbefore, addafter; this restriction is intrinsic
  + ignores elimination rules that don't have the correct format
        (the conclusion MUST be a formula variable)
  + ignores types, which can make HOL proofs fail
  + rules must not require higher-order unification, e.g. apply_type in ZF
    [message "Function Var's argument not a bound variable" relates to this]
  + its proof strategy is more general but can actually be slower

* substitution with equality assumptions no longer permutes other
assumptions;

* minor changes in semantics of addafter (now called addaltern); renamed
setwrapper to setWrapper and compwrapper to compWrapper; added safe wrapper
(and access functions for it);

* improved combination of classical reasoner and simplifier:
  + functions for handling clasimpsets
  + improvement of addss: now the simplifier is called _after_ the
    safe steps.
  + safe variant of addss called addSss: uses safe simplifications
    _during_ the safe steps. It is more complete as it allows multiple
    instantiations of unknowns (e.g. with slow_tac).

*** Simplifier ***

* added interface for simplification procedures (functions that
produce *proven* rewrite rules on the fly, depending on current
redex);

* ordering on terms as parameter (used for ordered rewriting);

* new functions delcongs, deleqcongs, and Delcongs. richer rep_ss;

* the solver is now split into a safe and an unsafe part.
This should be invisible for the normal user, except that the
functions setsolver and addsolver have been renamed to setSolver and
addSolver; added safe_asm_full_simp_tac;


*** HOL ***

* a generic induction tactic `induct_tac' which works for all datatypes and
also for type `nat';

* a generic case distinction tactic `exhaust_tac' which works for all
datatypes and also for type `nat';

* each datatype comes with a function `size';

* patterns in case expressions allow tuple patterns as arguments to
constructors, for example `case x of [] => ... | (x,y,z)#ps => ...';

* primrec now also works with type nat;

* recdef: a new declaration form, allows general recursive functions to be
defined in theory files.  See HOL/ex/Fib, HOL/ex/Primes, HOL/Subst/Unify.

* the constant for negation has been renamed from "not" to "Not" to
harmonize with FOL, ZF, LK, etc.;

* HOL/ex/LFilter theory of a corecursive "filter" functional for
infinite lists;

* HOL/Modelcheck demonstrates invocation of model checker oracle;

* HOL/ex/Ring.thy declares cring_simp, which solves equational
problems in commutative rings, using axiomatic type classes for + and *;

* more examples in HOL/MiniML and HOL/Auth;

* more default rewrite rules for quantifiers, union/intersection;

* a new constant `arbitrary == @x.False';

* HOLCF/IOA replaces old HOL/IOA;

* HOLCF changes: derived all rules and arities
  + axiomatic type classes instead of classes
  + typedef instead of faking type definitions
  + eliminated the internal constants less_fun, less_cfun, UU_fun, UU_cfun etc.
  + new axclasses cpo, chfin, flat with flat < chfin < pcpo < cpo < po
  + eliminated the types void, one, tr
  + use unit lift and bool lift (with translations) instead of one and tr
  + eliminated blift from Lift3.thy (use Def instead of blift)
  all eliminated rules are derived as theorems --> no visible changes ;


*** ZF ***

* ZF now has Fast_tac, Simp_tac and Auto_tac.  Union_iff is a now a default
rewrite rule; this may affect some proofs.  eq_cs is gone but can be put back
as ZF_cs addSIs [equalityI];



New in Isabelle94-7 (November 96)
---------------------------------

* allowing negative levels (as offsets) in prlev and choplev;

* super-linear speedup for large simplifications;

* FOL, ZF and HOL now use miniscoping: rewriting pushes
quantifications in as far as possible (COULD MAKE EXISTING PROOFS
FAIL); can suppress it using the command Delsimps (ex_simps @
all_simps); De Morgan laws are also now included, by default;

* improved printing of ==>  :  ~:

* new object-logic "Sequents" adds linear logic, while replacing LK
and Modal (thanks to Sara Kalvala);

* HOL/Auth: correctness proofs for authentication protocols;

* HOL: new auto_tac combines rewriting and classical reasoning (many
examples on HOL/Auth);

* HOL: new command AddIffs for declaring theorems of the form P=Q to
the rewriter and classical reasoner simultaneously;

* function uresult no longer returns theorems in "standard" format;
regain previous version by: val uresult = standard o uresult;



New in Isabelle94-6
-------------------

* oracles -- these establish an interface between Isabelle and trusted
external reasoners, which may deliver results as theorems;

* proof objects (in particular record all uses of oracles);

* Simp_tac, Fast_tac, etc. that refer to implicit simpset / claset;

* "constdefs" section in theory files;

* "primrec" section (HOL) no longer requires names;

* internal type "tactic" now simply "thm -> thm Sequence.seq";



New in Isabelle94-5
-------------------

* reduced space requirements;

* automatic HTML generation from theories;

* theory files no longer require "..." (quotes) around most types;

* new examples, including two proofs of the Church-Rosser theorem;

* non-curried (1994) version of HOL is no longer distributed;



New in Isabelle94-4
-------------------

* greatly reduced space requirements;

* theory files (.thy) no longer require \...\ escapes at line breaks;

* searchable theorem database (see the section "Retrieving theorems" on
page 8 of the Reference Manual);

* new examples, including Grabczewski's monumental case study of the
Axiom of Choice;

* The previous version of HOL renamed to Old_HOL;

* The new version of HOL (previously called CHOL) uses a curried syntax
for functions.  Application looks like f a b instead of f(a,b);

* Mutually recursive inductive definitions finally work in HOL;

* In ZF, pattern-matching on tuples is now available in all abstractions and
translates to the operator "split";



New in Isabelle94-3
-------------------

* new infix operator, addss, allowing the classical reasoner to
perform simplification at each step of its search.  Example:
        fast_tac (cs addss ss)

* a new logic, CHOL, the same as HOL, but with a curried syntax
for functions.  Application looks like f a b instead of f(a,b).  Also pairs
look like (a,b) instead of <a,b>;

* PLEASE NOTE: CHOL will eventually replace HOL!

* In CHOL, pattern-matching on tuples is now available in all abstractions.
It translates to the operator "split".  A new theory of integers is available;

* In ZF, integer numerals now denote two's-complement binary integers.
Arithmetic operations can be performed by rewriting.  See ZF/ex/Bin.ML;

* Many new examples: I/O automata, Church-Rosser theorem, equivalents
of the Axiom of Choice;



New in Isabelle94-2
-------------------

* Significantly faster resolution;

* the different sections in a .thy file can now be mixed and repeated
freely;

* Database of theorems for FOL, HOL and ZF.  New
commands including qed, qed_goal and bind_thm store theorems in the database.

* Simple database queries: return a named theorem (get_thm) or all theorems of
a given theory (thms_of), or find out what theory a theorem was proved in
(theory_of_thm);

* Bugs fixed in the inductive definition and datatype packages;

* The classical reasoner provides deepen_tac and depth_tac, making FOL_dup_cs
and HOL_dup_cs obsolete;

* Syntactic ambiguities caused by the new treatment of syntax in Isabelle94-1
have been removed;

* Simpler definition of function space in ZF;

* new results about cardinal and ordinal arithmetic in ZF;

* 'subtype' facility in HOL for introducing new types as subsets of existing
types;


$Id$