NEWS

support for MiniSat proof traces added

Isabelle NEWS -- history user-relevant changes
==============================================

New in this Isabelle release
----------------------------

*** General ***

* Theory syntax: the header format ``theory A = B + C:'' has been
discontinued in favour of ``theory A imports B C begin''.  Use isatool
fixheaders to convert existing theory files.  INCOMPATIBILITY.

* Theory syntax: the old non-Isar theory file format has been
discontinued altogether.  Note that ML proof scripts may still be used
with Isar theories; migration is usually quite simple with the ML
function use_legacy_bindings.  INCOMPATIBILITY.

* Theory syntax: some popular names (e.g. "class", "if") are now
keywords.  INCOMPATIBILITY, use double quotes.

* Legacy goal package: reduced interface to the bare minimum required
to keep existing proof scripts running.  Most other user-level
functions are now part of the OldGoals structure, which is *not* open
by default (consider isatool expandshort before open OldGoals).
Removed top_sg, prin, printyp, pprint_term/typ altogether, because
these tend to cause confusion about the actual goal (!) context being
used here, which is not necessarily the same as the_context().

* Command 'find_theorems': support "*" wildcard in "name:" criterion.


*** Document preparation ***

* Added antiquotations @{ML_type text} and @{ML_struct text} which
check the given source text as ML type/structure, printing verbatim.


*** Pure ***

* Command 'no_translations' removes translation rules from theory
syntax.

* Overloaded definitions are now actually checked for acyclic
dependencies.  The overloading scheme is slightly more general than
that of Haskell98, although Isabelle does not demand an exact
correspondence to type class and instance declarations.
INCOMPATIBILITY, use ``defs (unchecked overloaded)'' to admit more
exotic versions of overloading -- at the discretion of the user!

Polymorphic constants are represented via type arguments, i.e. the
instantiation that matches an instance against the most general
declaration given in the signature.  For example, with the declaration
c :: 'a => 'a => 'a, an instance c :: nat => nat => nat is represented
as c(nat).  Overloading is essentially simultaneous structural
recursion over such type arguments.  Incomplete specification patterns
impose global constraints on all occurrences, e.g. c('a * 'a) on the
LHS means that more general c('a * 'b) will be disallowed on any RHS.
Command 'print_theory' outputs the normalized system of recursive
equations, see section "definitions".

* Isar: improper proof element 'guess' is like 'obtain', but derives
the obtained context from the course of reasoning!  For example:

  assume "EX x y. A x & B y"   -- "any previous fact"
  then guess x and y by clarify

This technique is potentially adventurous, depending on the facts and
proof tools being involved here.

* Isar: known facts from the proof context may be specified as literal
propositions, using ASCII back-quote syntax.  This works wherever
named facts used to be allowed so far, in proof commands, proof
methods, attributes etc.  Literal facts are retrieved from the context
according to unification of type and term parameters.  For example,
provided that "A" and "A ==> B" and "!!x. P x ==> Q x" are known
theorems in the current context, then these are valid literal facts:
`A` and `A ==> B` and `!!x. P x ==> Q x" as well as `P a ==> Q a` etc.

There is also a proof method "fact" which does the same composition
for explicit goal states, e.g. the following proof texts coincide with
certain special cases of literal facts:

  have "A" by fact                 ==  note `A`
  have "A ==> B" by fact           ==  note `A ==> B`
  have "!!x. P x ==> Q x" by fact  ==  note `!!x. P x ==> Q x`
  have "P a ==> Q a" by fact       ==  note `P a ==> Q a`

* Isar: ":" (colon) is no longer a symbolic identifier character in
outer syntax.  Thus symbolic identifiers may be used without
additional white space in declarations like this: ``assume *: A''.

* Isar: 'print_facts' prints all local facts of the current context,
both named and unnamed ones.

* Isar: 'def' now admits simultaneous definitions, e.g.:

  def x == "t" and y == "u"

* Isar: added command 'unfolding', which is structurally similar to
'using', but affects both the goal state and facts by unfolding given
rewrite rules.  Thus many occurrences of the 'unfold' method or
'unfolded' attribute may be replaced by first-class proof text.

* Isar: methods 'unfold' / 'fold', attributes 'unfolded' / 'folded',
and command 'unfolding' now all support object-level equalities
(potentially conditional).  The underlying notion of rewrite rule is
analogous to the 'rule_format' attribute, but *not* that of the
Simplifier (which is usually more generous).

* Isar: the goal restriction operator [N] (default N = 1) evaluates a
method expression within a sandbox consisting of the first N
sub-goals, which need to exist.  For example, ``simp_all [3]''
simplifies the first three sub-goals, while (rule foo, simp_all)[]
simplifies all new goals that emerge from applying rule foo to the
originally first one.

* Isar: schematic goals are no longer restricted to higher-order
patterns; e.g. ``lemma "?P(?x)" by (rule TrueI)'' now works as
expected.

* Isar: the conclusion of a long theorem statement is now either
'shows' (a simultaneous conjunction, as before), or 'obtains'
(essentially a disjunction of cases with local parameters and
assumptions).  The latter allows to express general elimination rules
adequately; in this notation common elimination rules look like this:

  lemma exE:    -- "EX x. P x ==> (!!x. P x ==> thesis) ==> thesis"
    assumes "EX x. P x"
    obtains x where "P x"

  lemma conjE:  -- "A & B ==> (A ==> B ==> thesis) ==> thesis"
    assumes "A & B"
    obtains A and B

  lemma disjE:  -- "A | B ==> (A ==> thesis) ==> (B ==> thesis) ==> thesis"
    assumes "A | B"
    obtains
      A
    | B

The subsequent classical rules even refer to the formal "thesis"
explicitly:

  lemma classical:     -- "(~ thesis ==> thesis) ==> thesis"
    obtains "~ thesis"

  lemma Peirce's_Law:  -- "((thesis ==> something) ==> thesis) ==> thesis"
    obtains "thesis ==> something"

The actual proof of an 'obtains' statement is analogous to that of the
Isar proof element 'obtain', only that there may be several cases.
Optional case names may be specified in parentheses; these will be
available both in the present proof and as annotations in the
resulting rule, for later use with the 'cases' method (cf. attribute
case_names).

* Isar: 'print_statement' prints theorems from the current theory or
proof context in long statement form, according to the syntax of a
top-level lemma.

* Isar: 'obtain' takes an optional case name for the local context
introduction rule (default "that").

* Isar: removed obsolete 'concl is' patterns.  INCOMPATIBILITY, use
explicit (is "_ ==> ?foo") in the rare cases where this still happens
to occur.

* Pure: syntax "CONST name" produces a fully internalized constant
according to the current context.  This is particularly useful for
syntax translations that should refer to internal constant
representations independently of name spaces.

* Isar/locales: 'const_syntax' provides a robust interface to the
'syntax' primitive that also works in a locale context.  Type
declaration and internal syntactic representation of given constants
retrieved from the context.

* Isar/locales: new derived specification elements 'axiomatization',
'definition', 'abbreviation', which support type-inference, admit
object-level specifications (equality, equivalence).  See also the
isar-ref manual.  Examples:

  axiomatization
    eq  (infix "===" 50)
    where eq_refl: "x === x" and eq_subst: "x === y ==> P x ==> P y"

  definition
    "f x y = x + y + 1"
    "g x = f x x"

  abbreviation
    neq  (infix "=!=" 50)
    "x =!= y == ~ (x === y)"

These specifications may be also used in a locale context.  Then the
constants being introduced depend on certain fixed parameters, and the
constant name is qualified by the locale base name.  An internal
abbreviation takes care for convenient input and output, making the
parameters implicit and using the original short name.  See also
HOL/ex/Abstract_NAT.thy for an example of deriving polymorphic
entities from a monomorphic theory.

Presently, abbreviations are only available 'in' a target locale, but
not inherited by general import expressions.  Also note that
'abbreviation' may be used as a type-safe replacement for 'syntax' +
'translations' in common applications.

Concrete syntax is attached to specified constants in internal form,
independently of name spaces.  The parse tree representation is
slightly different -- use 'const_syntax' instead of raw 'syntax', and
'translations' with explicit "CONST" markup to accommodate this.

* Isar/locales: improved parameter handling:
- use of locales "var" and "struct" no longer necessary;
- parameter renamings are no longer required to be injective.
  This enables, for example, to define a locale for endomorphisms thus:
  locale endom = homom mult mult h.

* Isar/locales: changed the way locales with predicates are defined.
Instead of accumulating the specification, the imported expression is
now an interpretation.
INCOMPATIBILITY: different normal form of locale expressions.
In particular, in interpretations of locales with predicates,
goals repesenting already interpreted fragments are not removed
automatically.  Use methods `intro_locales' and `unfold_locales'; see below.

* Isar/locales: new methods `intro_locales' and `unfold_locales' provide
backward reasoning on locales predicates.  The methods are aware of
interpretations and discharge corresponding goals.  `intro_locales' is
less aggressive then `unfold_locales' and does not unfold predicates to
assumptions.

* Isar/locales: the order in which locale fragments are accumulated
has changed.  This enables to override declarations from fragments
due to interpretations -- for example, unwanted simp rules.

* Provers/induct: improved internal context management to support
local fixes and defines on-the-fly.  Thus explicit meta-level
connectives !! and ==> are rarely required anymore in inductive goals
(using object-logic connectives for this purpose has been long
obsolete anyway).  The subsequent proof patterns illustrate advanced
techniques of natural induction; general datatypes and inductive sets
work analogously (see also src/HOL/Lambda for realistic examples).

(1) This is how to ``strengthen'' an inductive goal wrt. certain
parameters:

  lemma
    fixes n :: nat and x :: 'a
    assumes a: "A n x"
    shows "P n x"
    using a                     -- {* make induct insert fact a *}
  proof (induct n fixing: x)    -- {* generalize goal to "!!x. A n x ==> P n x" *}
    case 0
    show ?case sorry
  next
    case (Suc n)
    note `!!x. A n x ==> P n x` -- {* induction hypothesis, according to induction rule *}
    note `A (Suc n) x`          -- {* induction premise, stemming from fact a *}
    show ?case sorry
  qed

(2) This is how to perform induction over ``expressions of a certain
form'', using a locally defined inductive parameter n == "a x"
together with strengthening (the latter is usually required to get
sufficiently flexible induction hypotheses):

  lemma
    fixes a :: "'a => nat"
    assumes a: "A (a x)"
    shows "P (a x)"
    using a
  proof (induct n == "a x" fixing: x)
    ...

See also HOL/Isar_examples/Puzzle.thy for an application of the this
particular technique.

(3) This is how to perform existential reasoning ('obtains' or
'obtain') by induction, while avoiding explicit object-logic
encodings:

  lemma
    fixes n :: nat
    obtains x :: 'a where "P n x" and "Q n x"
  proof (induct n fixing: thesis)
    case 0
    obtain x where "P 0 x" and "Q 0 x" sorry
    then show thesis by (rule 0)
  next
    case (Suc n)
    obtain x where "P n x" and "Q n x" by (rule Suc.hyps)
    obtain x where "P (Suc n) x" and "Q (Suc n) x" sorry
    then show thesis by (rule Suc.prems)
  qed

Here the 'fixing: thesis' specification essentially modifies the scope
of the formal thesis parameter, in order to the get the whole
existence statement through the induction as expected.

* Provers/induct: mutual induction rules are now specified as a list
of rule sharing the same induction cases.  HOL packages usually
provide foo_bar.inducts for mutually defined items foo and bar
(e.g. inductive sets or datatypes).  INCOMPATIBILITY, users need to
specify mutual induction rules differently, i.e. like this:

  (induct rule: foo_bar.inducts)
  (induct set: foo bar)
  (induct type: foo bar)

The ML function ProjectRule.projections turns old-style rules into the
new format.

* Provers/induct: improved handling of simultaneous goals.  Instead of
introducing object-level conjunction, the statement is now split into
several conclusions, while the corresponding symbolic cases are
nested accordingly.  INCOMPATIBILITY, proofs need to be structured
explicitly.  For example:

  lemma
    fixes n :: nat
    shows "P n" and "Q n"
  proof (induct n)
    case 0 case 1
    show "P 0" sorry
  next
    case 0 case 2
    show "Q 0" sorry
  next
    case (Suc n) case 1
    note `P n` and `Q n`
    show "P (Suc n)" sorry
  next
    case (Suc n) case 2
    note `P n` and `Q n`
    show "Q (Suc n)" sorry
  qed

The split into subcases may be deferred as follows -- this is
particularly relevant for goal statements with local premises.

  lemma
    fixes n :: nat
    shows "A n ==> P n" and "B n ==> Q n"
  proof (induct n)
    case 0
    {
      case 1
      note `A 0`
      show "P 0" sorry
    next
      case 2
      note `B 0`
      show "Q 0" sorry
    }
  next
    case (Suc n)
    note `A n ==> P n` and `B n ==> Q n`
    {
      case 1
      note `A (Suc n)`
      show "P (Suc n)" sorry
    next
      case 2
      note `B (Suc n)`
      show "Q (Suc n)" sorry
    }
  qed

If simultaneous goals are to be used with mutual rules, the statement
needs to be structured carefully as a two-level conjunction, using
lists of propositions separated by 'and':

  lemma
    shows "a : A ==> P1 a"
          "a : A ==> P2 a"
      and "b : B ==> Q1 b"
          "b : B ==> Q2 b"
          "b : B ==> Q3 b"
  proof (induct set: A B)

* Provers/induct: support coinduction as well.  See
src/HOL/Library/Coinductive_List.thy for various examples.

* Simplifier: by default the simplifier trace only shows top level rewrites
now. That is, trace_simp_depth_limit is set to 1 by default. Thus there is
less danger of being flooded by the trace. The trace indicates where parts
have been suppressed.
  
* Provers/classical: removed obsolete classical version of elim_format
attribute; classical elim/dest rules are now treated uniformly when
manipulating the claset.

* Provers/classical: stricter checks to ensure that supplied intro,
dest and elim rules are well-formed; dest and elim rules must have at
least one premise.

* Provers/classical: attributes dest/elim/intro take an optional
weight argument for the rule (just as the Pure versions).  Weights are
ignored by automated tools, but determine the search order of single
rule steps.

* Syntax: input syntax now supports dummy variable binding "%_. b",
where the body does not mention the bound variable.  Note that dummy
patterns implicitly depend on their context of bounds, which makes
"{_. _}" match any set comprehension as expected.  Potential
INCOMPATIBILITY -- parse translations need to cope with syntactic
constant "_idtdummy" in the binding position.

* Syntax: removed obsolete syntactic constant "_K" and its associated
parse translation.  INCOMPATIBILITY -- use dummy abstraction instead,
for example "A -> B" => "Pi A (%_. B)".


*** HOL ***

* New top level command 'normal_form' computes the normal form of a term
that may contain free variables. For example 'normal_form "rev[a,b,c]"'
prints '[b,c,a]'. This command is suitable for heavy-duty computations
because the functions are compiled to ML first.
INCOMPATIBILITY: new keywords 'normal_form' must quoted when used as
an identifier.

* Alternative iff syntax "A <-> B" for equality on bool (with priority
25 like -->); output depends on the "iff" print_mode, the default is
"A = B" (with priority 50).

* Renamed constants in HOL.thy and Orderings.thy:
    op +   ~> HOL.plus
    op -   ~> HOL.minus
    uminus ~> HOL.uminus
    op *   ~> HOL.times
    op <   ~> Orderings.less
    op <=  ~> Orderings.less_eq

Adaptions may be required in the following cases:

a) User-defined constants using any of the names "plus", "minus", "times",
"less" or "less_eq". The standard syntax translations for "+", "-" and "*"
may go wrong.
INCOMPATIBILITY: use more specific names.

b) Variables named "plus", "minus", "times", "less", "less_eq"
INCOMPATIBILITY: use more specific names.

c) Permutative equations (e.g. "a + b = b + a")
Since the change of names also changes the order of terms, permutative
rewrite rules may get applied in a different order. Experience shows that
this is rarely the case (only two adaptions in the whole Isabelle
distribution).
INCOMPATIBILITY: rewrite proofs

d) ML code directly refering to constant names
This in general only affects hand-written proof tactics, simprocs and so on.
INCOMPATIBILITY: grep your sourcecode and replace names.

* "LEAST x:A. P" expands to "LEAST x. x:A & P" (input only).

* The old set interval syntax "{m..n(}" (and relatives) has been removed.
  Use "{m..<n}" (and relatives) instead.

* In the context of the assumption "~(s = t)" the Simplifier rewrites
"t = s" to False (by simproc "neq_simproc").  For backward
compatibility this can be disabled by ML "reset use_neq_simproc".

* "m dvd n" where m and n are numbers is evaluated to True/False by simp.

* Theorem Cons_eq_map_conv no longer has attribute `simp'.

* Theorem setsum_mult renamed to setsum_right_distrib.

* Prefer ex1I over ex_ex1I in single-step reasoning, e.g. by the
'rule' method.

* Tactics 'sat' and 'satx' reimplemented, several improvements: goals
no longer need to be stated as "<prems> ==> False", equivalences (i.e.
"=" on type bool) are handled, variable names of the form "lit_<n>"
are no longer reserved, significant speedup.

* Tactics 'sat' and 'satx' can now replay MiniSat proof traces.  zChaff is
still supported as well.

* inductive and datatype: provide projections of mutual rules, bundled
as foo_bar.inducts;

* Library: theory Accessible_Part has been move to main HOL.

* Library: added theory Coinductive_List of potentially infinite lists
as greatest fixed-point.

* Library: added theory AssocList which implements (finite) maps as
association lists.

* New proof method "evaluation" for efficiently solving a goal
  (i.e. a boolean expression) by compiling it to ML. The goal is
  "proved" (via the oracle "Evaluation") if it evaluates to True.

* Support for hex (0x20) and binary (0b1001) numerals. 

*** HOL-Complex ***

* Theory Real: new method ferrack implements quantifier elimination
for linear arithmetic over the reals. The quantifier elimination
feature is used only for decision, for compatibility with arith. This
means a goal is either solved or left unchanged, no simplification.


*** ML ***

* Pure/library:

  val burrow: ('a list -> 'b list) -> 'a list list -> 'b list list
  val fold_burrow: ('a list -> 'c -> 'b list * 'd) -> 'a list list -> 'c -> 'b list list * 'd

The semantics of "burrow" is: "take a function with *simulatanously*
transforms a list of value, and apply it *simulatanously* to a list of
list of values of the appropriate type". Confer this with "map" which
would *not* apply its argument function simulatanously but in
sequence. "fold_burrow" has an additional context.

Both actually avoid the usage of "unflat" since they hide away
"unflat" from the user.

* Pure/library: functions map2 and fold2 with curried syntax for
simultanous mapping and folding:

    val map2: ('a -> 'b -> 'c) -> 'a list -> 'b list -> 'c list
    val fold2: ('a -> 'b -> 'c -> 'c) -> 'a list -> 'b list -> 'c -> 'c

* Pure/library: indexed lists - some functions in the Isabelle library
treating lists over 'a as finite mappings from [0...n] to 'a have been
given more convenient names and signatures reminiscent of similar
functions for alists, tables, etc:

  val nth: 'a list -> int -> 'a 
  val nth_update: int * 'a -> 'a list -> 'a list
  val nth_map: int -> ('a -> 'a) -> 'a list -> 'a list
  val fold_index: (int * 'a -> 'b -> 'b) -> 'a list -> 'b -> 'b

Note that fold_index starts counting at index 0, not 1 like foldln
used to.

* Pure/library: general ``divide_and_conquer'' combinator on lists.

* Pure/General/name_mangler.ML provides a functor for generic name
mangling (bijective mapping from any expression values to strings).

* Pure/General/rat.ML implements rational numbers.

* Pure/General/table.ML: the join operations now works via exceptions
DUP/SAME instead of type option.  This is simpler in simple cases, and
admits slightly more efficient complex applications.

* Pure: datatype Context.generic joins theory/Proof.context and
provides some facilities for code that works in either kind of
context, notably GenericDataFun for uniform theory and proof data.

* Pure: 'advanced' translation functions (parse_translation etc.) now
use Context.generic instead of just theory.

* Pure: simplified internal attribute type, which is now always
Context.generic * thm -> Context.generic * thm.  Global (theory)
vs. local (Proof.context) attributes have been discontinued, while
minimizing code duplication.  Thm.rule_attribute and
Thm.declaration_attribute build canonical attributes; see also
structure Context for further operations on Context.generic, notably
GenericDataFun.  INCOMPATIBILITY, need to adapt attribute type
declarations and definitions.

* Pure/kernel: consts certification ignores sort constraints given in
signature declarations.  (This information is not relevant to the
logic, but only for type inference.)  IMPORTANT INTERNAL CHANGE.

* Pure: axiomatic type classes are now purely definitional, with
explicit proofs of class axioms and super class relations performed
internally.  See Pure/axclass.ML for the main internal interfaces --
notably AxClass.define_class supercedes AxClass.add_axclass, and
AxClass.axiomatize_class/classrel/arity supercede
Sign.add_classes/classrel/arities.

* Pure/Isar: Args/Attrib parsers operate on Context.generic --
global/local versions on theory vs. Proof.context have been
discontinued; Attrib.syntax and Method.syntax have been adapted
accordingly.  INCOMPATIBILITY, need to adapt parser expressions for
attributes, methods, etc.

* Pure: several functions of signature "... -> theory -> theory * ..."
have been reoriented to "... -> theory -> ... * theory" in order to
allow natural usage in combination with the ||>, ||>>, |-> and
fold_map combinators.

* Pure: primitive rule lift_rule now takes goal cterm instead of an
actual goal state (thm).  Use Thm.lift_rule (Thm.cprem_of st i) to
achieve the old behaviour.

* Pure: the "Goal" constant is now called "prop", supporting a
slightly more general idea of ``protecting'' meta-level rule
statements.

* Pure: Logic.(un)varify only works in a global context, which is now
enforced instead of silently assumed.  INCOMPATIBILITY, may use
Logic.legacy_(un)varify as temporary workaround.

* Pure: structure Name provides scalable operations for generating
internal variable names, notably Name.variants etc.  This replaces
some popular functions from term.ML:

  Term.variant		->  Name.variant
  Term.variantlist	->  Name.variant_list  (*canonical argument order*)
  Term.invent_names	->  Name.invent_list

Note that low-level renaming rarely occurs in new code -- operations
from structure Variable are used instead (see below).

* Pure: structure Variable provides fundamental operations for proper
treatment of fixed/schematic variables in a context.  For example,
Variable.import introduces fixes for schematics of given facts and
Variable.export reverses the effect (up to renaming) -- this replaces
various freeze_thaw operations.

* Pure: structure Goal provides simple interfaces for
init/conclude/finish and tactical prove operations (replacing former
Tactic.prove).  Goal.prove is the canonical way to prove results
within a given context; Goal.prove_global is a degraded version for
theory level goals, including a global Drule.standard.  Note that
OldGoals.prove_goalw_cterm has long been obsolete, since it is
ill-behaved in a local proof context (e.g. with local fixes/assumes or
in a locale context).

* Isar: simplified treatment of user-level errors, using exception
ERROR of string uniformly.  Function error now merely raises ERROR,
without any side effect on output channels.  The Isar toplevel takes
care of proper display of ERROR exceptions.  ML code may use plain
handle/can/try; cat_error may be used to concatenate errors like this:

  ... handle ERROR msg => cat_error msg "..."

Toplevel ML code (run directly or through the Isar toplevel) may be
embedded into the Isar toplevel with exception display/debug like
this:

  Isar.toplevel (fn () => ...)

INCOMPATIBILITY, removed special transform_error facilities, removed
obsolete variants of user-level exceptions (ERROR_MESSAGE,
Context.PROOF, ProofContext.CONTEXT, Proof.STATE, ProofHistory.FAIL)
-- use plain ERROR instead.

* Isar: theory setup now has type (theory -> theory), instead of a
list.  INCOMPATIBILITY, may use #> to compose setup functions.

* Isar: installed ML toplevel pretty printer for type Proof.context,
subject to ProofContext.debug/verbose flags.

* Isar: Toplevel.theory_to_proof admits transactions that modify the
theory before entering a proof state.  Transactions now always see a
quasi-functional intermediate checkpoint, both in interactive and
batch mode.

* Simplifier: the simpset of a running simplification process now
contains a proof context (cf. Simplifier.the_context), which is the
very context that the initial simpset has been retrieved from (by
simpset_of/local_simpset_of).  Consequently, all plug-in components
(solver, looper etc.) may depend on arbitrary proof data.

* Simplifier.inherit_context inherits the proof context (plus the
local bounds) of the current simplification process; any simproc
etc. that calls the Simplifier recursively should do this!  Removed
former Simplifier.inherit_bounds, which is already included here --
INCOMPATIBILITY.  Tools based on low-level rewriting may even have to
specify an explicit context using Simplifier.context/theory_context.

* Simplifier/Classical Reasoner: more abstract interfaces
change_simpset/claset for modifying the simpset/claset reference of a
theory; raw versions simpset/claset_ref etc. have been discontinued --
INCOMPATIBILITY.

* Provers: more generic wrt. syntax of object-logics, avoid hardwired
"Trueprop" etc.



New in Isabelle2005 (October 2005)
----------------------------------

*** General ***

* Theory headers: the new header syntax for Isar theories is

  theory <name>
  imports <theory1> ... <theoryN>
  uses <file1> ... <fileM>
  begin

where the 'uses' part is optional.  The previous syntax

  theory <name> = <theory1> + ... + <theoryN>:

will disappear in the next release.  Use isatool fixheaders to convert
existing theory files.  Note that there is no change in ancient
non-Isar theories now, but these will disappear soon.

* Theory loader: parent theories can now also be referred to via
relative and absolute paths.

* Command 'find_theorems' searches for a list of criteria instead of a
list of constants. Known criteria are: intro, elim, dest, name:string,
simp:term, and any term. Criteria can be preceded by '-' to select
theorems that do not match. Intro, elim, dest select theorems that
match the current goal, name:s selects theorems whose fully qualified
name contain s, and simp:term selects all simplification rules whose
lhs match term.  Any other term is interpreted as pattern and selects
all theorems matching the pattern. Available in ProofGeneral under
'ProofGeneral -> Find Theorems' or C-c C-f.  Example:

  C-c C-f (100) "(_::nat) + _ + _" intro -name: "HOL."

prints the last 100 theorems matching the pattern "(_::nat) + _ + _",
matching the current goal as introduction rule and not having "HOL."
in their name (i.e. not being defined in theory HOL).

* Command 'thms_containing' has been discontinued in favour of
'find_theorems'; INCOMPATIBILITY.

* Communication with Proof General is now 8bit clean, which means that
Unicode text in UTF-8 encoding may be used within theory texts (both
formal and informal parts).  Cf. option -U of the Isabelle Proof
General interface.  Here are some simple examples (cf. src/HOL/ex):

  http://isabelle.in.tum.de/library/HOL/ex/Hebrew.html
  http://isabelle.in.tum.de/library/HOL/ex/Chinese.html

* Improved efficiency of the Simplifier and, to a lesser degree, the
Classical Reasoner.  Typical big applications run around 2 times
faster.


*** Document preparation ***

* Commands 'display_drafts' and 'print_drafts' perform simple output
of raw sources.  Only those symbols that do not require additional
LaTeX packages (depending on comments in isabellesym.sty) are
displayed properly, everything else is left verbatim.  isatool display
and isatool print are used as front ends (these are subject to the
DVI/PDF_VIEWER and PRINT_COMMAND settings, respectively).

* Command tags control specific markup of certain regions of text,
notably folding and hiding.  Predefined tags include "theory" (for
theory begin and end), "proof" for proof commands, and "ML" for
commands involving ML code; the additional tags "visible" and
"invisible" are unused by default.  Users may give explicit tag
specifications in the text, e.g. ''by %invisible (auto)''.  The
interpretation of tags is determined by the LaTeX job during document
preparation: see option -V of isatool usedir, or options -n and -t of
isatool document, or even the LaTeX macros \isakeeptag, \isafoldtag,
\isadroptag.

Several document versions may be produced at the same time via isatool
usedir (the generated index.html will link all of them).  Typical
specifications include ''-V document=theory,proof,ML'' to present
theory/proof/ML parts faithfully, ''-V outline=/proof,/ML'' to fold
proof and ML commands, and ''-V mutilated=-theory,-proof,-ML'' to omit
these parts without any formal replacement text.  The Isabelle site
default settings produce ''document'' and ''outline'' versions as
specified above.

* Several new antiquotations:

  @{term_type term} prints a term with its type annotated;

  @{typeof term} prints the type of a term;

  @{const const} is the same as @{term const}, but checks that the
  argument is a known logical constant;

  @{term_style style term} and @{thm_style style thm} print a term or
  theorem applying a "style" to it

  @{ML text}

Predefined styles are 'lhs' and 'rhs' printing the lhs/rhs of
definitions, equations, inequations etc., 'concl' printing only the
conclusion of a meta-logical statement theorem, and 'prem1' .. 'prem19'
to print the specified premise.  TermStyle.add_style provides an ML
interface for introducing further styles.  See also the "LaTeX Sugar"
document practical applications.  The ML antiquotation prints
type-checked ML expressions verbatim.

* Markup commands 'chapter', 'section', 'subsection', 'subsubsection',
and 'text' support optional locale specification '(in loc)', which
specifies the default context for interpreting antiquotations.  For
example: 'text (in lattice) {* @{thm inf_assoc}*}'.

* Option 'locale=NAME' of antiquotations specifies an alternative
context interpreting the subsequent argument.  For example: @{thm
[locale=lattice] inf_assoc}.

* Proper output of proof terms (@{prf ...} and @{full_prf ...}) within
a proof context.

* Proper output of antiquotations for theory commands involving a
proof context (such as 'locale' or 'theorem (in loc) ...').

* Delimiters of outer tokens (string etc.) now produce separate LaTeX
macros (\isachardoublequoteopen, isachardoublequoteclose etc.).

* isatool usedir: new option -C (default true) controls whether option
-D should include a copy of the original document directory; -C false
prevents unwanted effects such as copying of administrative CVS data.


*** Pure ***

* Considerably improved version of 'constdefs' command.  Now performs
automatic type-inference of declared constants; additional support for
local structure declarations (cf. locales and HOL records), see also
isar-ref manual.  Potential INCOMPATIBILITY: need to observe strictly
sequential dependencies of definitions within a single 'constdefs'
section; moreover, the declared name needs to be an identifier.  If
all fails, consider to fall back on 'consts' and 'defs' separately.

* Improved indexed syntax and implicit structures.  First of all,
indexed syntax provides a notational device for subscripted
application, using the new syntax \<^bsub>term\<^esub> for arbitrary
expressions.  Secondly, in a local context with structure
declarations, number indexes \<^sub>n or the empty index (default
number 1) refer to a certain fixed variable implicitly; option
show_structs controls printing of implicit structures.  Typical
applications of these concepts involve record types and locales.

* New command 'no_syntax' removes grammar declarations (and
translations) resulting from the given syntax specification, which is
interpreted in the same manner as for the 'syntax' command.

* 'Advanced' translation functions (parse_translation etc.) may depend
on the signature of the theory context being presently used for
parsing/printing, see also isar-ref manual.

* Improved 'oracle' command provides a type-safe interface to turn an
ML expression of type theory -> T -> term into a primitive rule of
type theory -> T -> thm (i.e. the functionality of Thm.invoke_oracle
is already included here); see also FOL/ex/IffExample.thy;
INCOMPATIBILITY.

* axclass: name space prefix for class "c" is now "c_class" (was "c"
before); "cI" is no longer bound, use "c.intro" instead.
INCOMPATIBILITY.  This change avoids clashes of fact bindings for
axclasses vs. locales.

* Improved internal renaming of symbolic identifiers -- attach primes
instead of base 26 numbers.

* New flag show_question_marks controls printing of leading question
marks in schematic variable names.

* In schematic variable names, *any* symbol following \<^isub> or
\<^isup> is now treated as part of the base name.  For example, the
following works without printing of awkward ".0" indexes:

  lemma "x\<^isub>1 = x\<^isub>2 ==> x\<^isub>2 = x\<^isub>1"
    by simp

* Inner syntax includes (*(*nested*) comments*).

* Pretty printer now supports unbreakable blocks, specified in mixfix
annotations as "(00...)".

* Clear separation of logical types and nonterminals, where the latter
may only occur in 'syntax' specifications or type abbreviations.
Before that distinction was only partially implemented via type class
"logic" vs. "{}".  Potential INCOMPATIBILITY in rare cases of improper
use of 'types'/'consts' instead of 'nonterminals'/'syntax'.  Some very
exotic syntax specifications may require further adaption
(e.g. Cube/Cube.thy).

* Removed obsolete type class "logic", use the top sort {} instead.
Note that non-logical types should be declared as 'nonterminals'
rather than 'types'.  INCOMPATIBILITY for new object-logic
specifications.

* Attributes 'induct' and 'cases': type or set names may now be
locally fixed variables as well.

* Simplifier: can now control the depth to which conditional rewriting
is traced via the PG menu Isabelle -> Settings -> Trace Simp Depth
Limit.

* Simplifier: simplification procedures may now take the current
simpset into account (cf. Simplifier.simproc(_i) / mk_simproc
interface), which is very useful for calling the Simplifier
recursively.  Minor INCOMPATIBILITY: the 'prems' argument of simprocs
is gone -- use prems_of_ss on the simpset instead.  Moreover, the
low-level mk_simproc no longer applies Logic.varify internally, to
allow for use in a context of fixed variables.

* thin_tac now works even if the assumption being deleted contains !!
or ==>.  More generally, erule now works even if the major premise of
the elimination rule contains !! or ==>.

* Method 'rules' has been renamed to 'iprover'. INCOMPATIBILITY.

* Reorganized bootstrapping of the Pure theories; CPure is now derived
from Pure, which contains all common declarations already.  Both
theories are defined via plain Isabelle/Isar .thy files.
INCOMPATIBILITY: elements of CPure (such as the CPure.intro /
CPure.elim / CPure.dest attributes) now appear in the Pure name space;
use isatool fixcpure to adapt your theory and ML sources.

* New syntax 'name(i-j, i-, i, ...)' for referring to specific
selections of theorems in named facts via index ranges.

* 'print_theorems': in theory mode, really print the difference
wrt. the last state (works for interactive theory development only),
in proof mode print all local facts (cf. 'print_facts');

* 'hide': option '(open)' hides only base names.

* More efficient treatment of intermediate checkpoints in interactive
theory development.

* Code generator is now invoked via code_module (incremental code
generation) and code_library (modular code generation, ML structures
for each theory).  INCOMPATIBILITY: new keywords 'file' and 'contains'
must be quoted when used as identifiers.

* New 'value' command for reading, evaluating and printing terms using
the code generator.  INCOMPATIBILITY: command keyword 'value' must be
quoted when used as identifier.


*** Locales ***

* New commands for the interpretation of locale expressions in
theories (1), locales (2) and proof contexts (3).  These generate
proof obligations from the expression specification.  After the
obligations have been discharged, theorems of the expression are added
to the theory, target locale or proof context.  The synopsis of the
commands is a follows:

  (1) interpretation expr inst
  (2) interpretation target < expr
  (3) interpret expr inst

Interpretation in theories and proof contexts require a parameter
instantiation of terms from the current context.  This is applied to
specifications and theorems of the interpreted expression.
Interpretation in locales only permits parameter renaming through the
locale expression.  Interpretation is smart in that interpretations
that are active already do not occur in proof obligations, neither are
instantiated theorems stored in duplicate.  Use 'print_interps' to
inspect active interpretations of a particular locale.  For details,
see the Isar Reference manual.  Examples can be found in
HOL/Finite_Set.thy and HOL/Algebra/UnivPoly.thy.

INCOMPATIBILITY: former 'instantiate' has been withdrawn, use
'interpret' instead.

* New context element 'constrains' for adding type constraints to
parameters.

* Context expressions: renaming of parameters with syntax
redeclaration.

* Locale declaration: 'includes' disallowed.

* Proper static binding of attribute syntax -- i.e. types / terms /
facts mentioned as arguments are always those of the locale definition
context, independently of the context of later invocations.  Moreover,
locale operations (renaming and type / term instantiation) are applied
to attribute arguments as expected.

INCOMPATIBILITY of the ML interface: always pass Attrib.src instead of
actual attributes; rare situations may require Attrib.attribute to
embed those attributes into Attrib.src that lack concrete syntax.
Attribute implementations need to cooperate properly with the static
binding mechanism.  Basic parsers Args.XXX_typ/term/prop and
Attrib.XXX_thm etc. already do the right thing without further
intervention.  Only unusual applications -- such as "where" or "of"
(cf. src/Pure/Isar/attrib.ML), which process arguments depending both
on the context and the facts involved -- may have to assign parsed
values to argument tokens explicitly.

* Changed parameter management in theorem generation for long goal
statements with 'includes'.  INCOMPATIBILITY: produces a different
theorem statement in rare situations.

* Locale inspection command 'print_locale' omits notes elements.  Use
'print_locale!' to have them included in the output.


*** Provers ***

* Provers/hypsubst.ML: improved version of the subst method, for
single-step rewriting: it now works in bound variable contexts. New is
'subst (asm)', for rewriting an assumption.  INCOMPATIBILITY: may
rewrite a different subterm than the original subst method, which is
still available as 'simplesubst'.

* Provers/quasi.ML: new transitivity reasoners for transitivity only
and quasi orders.

* Provers/trancl.ML: new transitivity reasoner for transitive and
reflexive-transitive closure of relations.

* Provers/blast.ML: new reference depth_limit to make blast's depth
limit (previously hard-coded with a value of 20) user-definable.

* Provers/simplifier.ML has been moved to Pure, where Simplifier.setup
is peformed already.  Object-logics merely need to finish their
initial simpset configuration as before.  INCOMPATIBILITY.


*** HOL ***

* Symbolic syntax of Hilbert Choice Operator is now as follows:

  syntax (epsilon)
    "_Eps" :: "[pttrn, bool] => 'a"    ("(3\<some>_./ _)" [0, 10] 10)

The symbol \<some> is displayed as the alternative epsilon of LaTeX
and x-symbol; use option '-m epsilon' to get it actually printed.
Moreover, the mathematically important symbolic identifier \<epsilon>
becomes available as variable, constant etc.  INCOMPATIBILITY,

* "x > y" abbreviates "y < x" and "x >= y" abbreviates "y <= x".
Similarly for all quantifiers: "ALL x > y" etc.  The x-symbol for >=
is \<ge>. New transitivity rules have been added to HOL/Orderings.thy to
support corresponding Isar calculations.

* "{x:A. P}" abbreviates "{x. x:A & P}", and similarly for "\<in>"
instead of ":".

* theory SetInterval: changed the syntax for open intervals:

  Old       New
  {..n(}    {..<n}
  {)n..}    {n<..}
  {m..n(}   {m..<n}
  {)m..n}   {m<..n}
  {)m..n(}  {m<..<n}

The old syntax is still supported but will disappear in the next
release.  For conversion use the following Emacs search and replace
patterns (these are not perfect but work quite well):

  {)\([^\.]*\)\.\.  ->  {\1<\.\.}
  \.\.\([^(}]*\)(}  ->  \.\.<\1}

* Theory Commutative_Ring (in Library): method comm_ring for proving
equalities in commutative rings; method 'algebra' provides a generic
interface.

* Theory Finite_Set: changed the syntax for 'setsum', summation over
finite sets: "setsum (%x. e) A", which used to be "\<Sum>x:A. e", is
now either "SUM x:A. e" or "\<Sum>x \<in> A. e". The bound variable can
be a tuple pattern.

Some new syntax forms are available:

  "\<Sum>x | P. e"      for     "setsum (%x. e) {x. P}"
  "\<Sum>x = a..b. e"   for     "setsum (%x. e) {a..b}"
  "\<Sum>x = a..<b. e"  for     "setsum (%x. e) {a..<b}"
  "\<Sum>x < k. e"      for     "setsum (%x. e) {..<k}"

The latter form "\<Sum>x < k. e" used to be based on a separate
function "Summation", which has been discontinued.

* theory Finite_Set: in structured induction proofs, the insert case
is now 'case (insert x F)' instead of the old counterintuitive 'case
(insert F x)'.

* The 'refute' command has been extended to support a much larger
fragment of HOL, including axiomatic type classes, constdefs and
typedefs, inductive datatypes and recursion.

* New tactics 'sat' and 'satx' to prove propositional tautologies.
Requires zChaff with proof generation to be installed.  See
HOL/ex/SAT_Examples.thy for examples.

* Datatype induction via method 'induct' now preserves the name of the
induction variable. For example, when proving P(xs::'a list) by
induction on xs, the induction step is now P(xs) ==> P(a#xs) rather
than P(list) ==> P(a#list) as previously.  Potential INCOMPATIBILITY
in unstructured proof scripts.

* Reworked implementation of records.  Improved scalability for
records with many fields, avoiding performance problems for type
inference. Records are no longer composed of nested field types, but
of nested extension types. Therefore the record type only grows linear
in the number of extensions and not in the number of fields.  The
top-level (users) view on records is preserved.  Potential
INCOMPATIBILITY only in strange cases, where the theory depends on the
old record representation. The type generated for a record is called
<record_name>_ext_type.

Flag record_quick_and_dirty_sensitive can be enabled to skip the
proofs triggered by a record definition or a simproc (if
quick_and_dirty is enabled).  Definitions of large records can take
quite long.

New simproc record_upd_simproc for simplification of multiple record
updates enabled by default.  Moreover, trivial updates are also
removed: r(|x := x r|) = r.  INCOMPATIBILITY: old proofs break
occasionally, since simplification is more powerful by default.

* typedef: proper support for polymorphic sets, which contain extra
type-variables in the term.

* Simplifier: automatically reasons about transitivity chains
involving "trancl" (r^+) and "rtrancl" (r^*) by setting up tactics
provided by Provers/trancl.ML as additional solvers.  INCOMPATIBILITY:
old proofs break occasionally as simplification may now solve more
goals than previously.

* Simplifier: converts x <= y into x = y if assumption y <= x is
present.  Works for all partial orders (class "order"), in particular
numbers and sets.  For linear orders (e.g. numbers) it treats ~ x < y
just like y <= x.

* Simplifier: new simproc for "let x = a in f x".  If a is a free or
bound variable or a constant then the let is unfolded.  Otherwise
first a is simplified to b, and then f b is simplified to g. If
possible we abstract b from g arriving at "let x = b in h x",
otherwise we unfold the let and arrive at g.  The simproc can be
enabled/disabled by the reference use_let_simproc.  Potential
INCOMPATIBILITY since simplification is more powerful by default.

* Classical reasoning: the meson method now accepts theorems as arguments.

* Prover support: pre-release of the Isabelle-ATP linkup, which runs background
jobs to provide advice on the provability of subgoals.

* Theory OrderedGroup and Ring_and_Field: various additions and
improvements to faciliate calculations involving equalities and
inequalities.

The following theorems have been eliminated or modified
(INCOMPATIBILITY):

  abs_eq             now named abs_of_nonneg
  abs_of_ge_0        now named abs_of_nonneg
  abs_minus_eq       now named abs_of_nonpos
  imp_abs_id         now named abs_of_nonneg
  imp_abs_neg_id     now named abs_of_nonpos
  mult_pos           now named mult_pos_pos
  mult_pos_le        now named mult_nonneg_nonneg
  mult_pos_neg_le    now named mult_nonneg_nonpos
  mult_pos_neg2_le   now named mult_nonneg_nonpos2
  mult_neg           now named mult_neg_neg
  mult_neg_le        now named mult_nonpos_nonpos

* Theory Parity: added rules for simplifying exponents.

* Theory List:

The following theorems have been eliminated or modified
(INCOMPATIBILITY):

  list_all_Nil       now named list_all.simps(1)
  list_all_Cons      now named list_all.simps(2)
  list_all_conv      now named list_all_iff
  set_mem_eq         now named mem_iff

* Theories SetsAndFunctions and BigO (see HOL/Library) support
asymptotic "big O" calculations.  See the notes in BigO.thy.


*** HOL-Complex ***

* Theory RealDef: better support for embedding natural numbers and
integers in the reals.

The following theorems have been eliminated or modified
(INCOMPATIBILITY):

  exp_ge_add_one_self  now requires no hypotheses
  real_of_int_add      reversed direction of equality (use [symmetric])
  real_of_int_minus    reversed direction of equality (use [symmetric])
  real_of_int_diff     reversed direction of equality (use [symmetric])
  real_of_int_mult     reversed direction of equality (use [symmetric])

* Theory RComplete: expanded support for floor and ceiling functions.

* Theory Ln is new, with properties of the natural logarithm

* Hyperreal: There is a new type constructor "star" for making
nonstandard types.  The old type names are now type synonyms:

  hypreal = real star
  hypnat = nat star
  hcomplex = complex star

* Hyperreal: Many groups of similarly-defined constants have been
replaced by polymorphic versions (INCOMPATIBILITY):

  star_of <-- hypreal_of_real, hypnat_of_nat, hcomplex_of_complex

  starset      <-- starsetNat, starsetC
  *s*          <-- *sNat*, *sc*
  starset_n    <-- starsetNat_n, starsetC_n
  *sn*         <-- *sNatn*, *scn*
  InternalSets <-- InternalNatSets, InternalCSets

  starfun      <-- starfun{Nat,Nat2,C,RC,CR}
  *f*          <-- *fNat*, *fNat2*, *fc*, *fRc*, *fcR*
  starfun_n    <-- starfun{Nat,Nat2,C,RC,CR}_n
  *fn*         <-- *fNatn*, *fNat2n*, *fcn*, *fRcn*, *fcRn*
  InternalFuns <-- InternalNatFuns, InternalNatFuns2, Internal{C,RC,CR}Funs

* Hyperreal: Many type-specific theorems have been removed in favor of
theorems specific to various axiomatic type classes (INCOMPATIBILITY):

  add_commute <-- {hypreal,hypnat,hcomplex}_add_commute
  add_assoc   <-- {hypreal,hypnat,hcomplex}_add_assocs
  OrderedGroup.add_0 <-- {hypreal,hypnat,hcomplex}_add_zero_left
  OrderedGroup.add_0_right <-- {hypreal,hcomplex}_add_zero_right
  right_minus <-- hypreal_add_minus
  left_minus <-- {hypreal,hcomplex}_add_minus_left
  mult_commute <-- {hypreal,hypnat,hcomplex}_mult_commute
  mult_assoc <-- {hypreal,hypnat,hcomplex}_mult_assoc
  mult_1_left <-- {hypreal,hypnat}_mult_1, hcomplex_mult_one_left
  mult_1_right <-- hcomplex_mult_one_right
  mult_zero_left <-- hcomplex_mult_zero_left
  left_distrib <-- {hypreal,hypnat,hcomplex}_add_mult_distrib
  right_distrib <-- hypnat_add_mult_distrib2
  zero_neq_one <-- {hypreal,hypnat,hcomplex}_zero_not_eq_one
  right_inverse <-- hypreal_mult_inverse
  left_inverse <-- hypreal_mult_inverse_left, hcomplex_mult_inv_left
  order_refl <-- {hypreal,hypnat}_le_refl
  order_trans <-- {hypreal,hypnat}_le_trans
  order_antisym <-- {hypreal,hypnat}_le_anti_sym
  order_less_le <-- {hypreal,hypnat}_less_le
  linorder_linear <-- {hypreal,hypnat}_le_linear
  add_left_mono <-- {hypreal,hypnat}_add_left_mono
  mult_strict_left_mono <-- {hypreal,hypnat}_mult_less_mono2
  add_nonneg_nonneg <-- hypreal_le_add_order

* Hyperreal: Separate theorems having to do with type-specific
versions of constants have been merged into theorems that apply to the
new polymorphic constants (INCOMPATIBILITY):

  STAR_UNIV_set <-- {STAR_real,NatStar_real,STARC_complex}_set
  STAR_empty_set <-- {STAR,NatStar,STARC}_empty_set
  STAR_Un <-- {STAR,NatStar,STARC}_Un
  STAR_Int <-- {STAR,NatStar,STARC}_Int
  STAR_Compl <-- {STAR,NatStar,STARC}_Compl
  STAR_subset <-- {STAR,NatStar,STARC}_subset
  STAR_mem <-- {STAR,NatStar,STARC}_mem
  STAR_mem_Compl <-- {STAR,STARC}_mem_Compl
  STAR_diff <-- {STAR,STARC}_diff
  STAR_star_of_image_subset <-- {STAR_hypreal_of_real, NatStar_hypreal_of_real,
    STARC_hcomplex_of_complex}_image_subset
  starset_n_Un <-- starset{Nat,C}_n_Un
  starset_n_Int <-- starset{Nat,C}_n_Int
  starset_n_Compl <-- starset{Nat,C}_n_Compl
  starset_n_diff <-- starset{Nat,C}_n_diff
  InternalSets_Un <-- Internal{Nat,C}Sets_Un
  InternalSets_Int <-- Internal{Nat,C}Sets_Int
  InternalSets_Compl <-- Internal{Nat,C}Sets_Compl
  InternalSets_diff <-- Internal{Nat,C}Sets_diff
  InternalSets_UNIV_diff <-- Internal{Nat,C}Sets_UNIV_diff
  InternalSets_starset_n <-- Internal{Nat,C}Sets_starset{Nat,C}_n
  starset_starset_n_eq <-- starset{Nat,C}_starset{Nat,C}_n_eq
  starset_n_starset <-- starset{Nat,C}_n_starset{Nat,C}
  starfun_n_starfun <-- starfun{Nat,Nat2,C,RC,CR}_n_starfun{Nat,Nat2,C,RC,CR}
  starfun <-- starfun{Nat,Nat2,C,RC,CR}
  starfun_mult <-- starfun{Nat,Nat2,C,RC,CR}_mult
  starfun_add <-- starfun{Nat,Nat2,C,RC,CR}_add
  starfun_minus <-- starfun{Nat,Nat2,C,RC,CR}_minus
  starfun_diff <-- starfun{C,RC,CR}_diff
  starfun_o <-- starfun{NatNat2,Nat2,_stafunNat,C,C_starfunRC,_starfunCR}_o
  starfun_o2 <-- starfun{NatNat2,_stafunNat,C,C_starfunRC,_starfunCR}_o2
  starfun_const_fun <-- starfun{Nat,Nat2,C,RC,CR}_const_fun
  starfun_inverse <-- starfun{Nat,C,RC,CR}_inverse
  starfun_eq <-- starfun{Nat,Nat2,C,RC,CR}_eq
  starfun_eq_iff <-- starfun{C,RC,CR}_eq_iff
  starfun_Id <-- starfunC_Id
  starfun_approx <-- starfun{Nat,CR}_approx
  starfun_capprox <-- starfun{C,RC}_capprox
  starfun_abs <-- starfunNat_rabs
  starfun_lambda_cancel <-- starfun{C,CR,RC}_lambda_cancel
  starfun_lambda_cancel2 <-- starfun{C,CR,RC}_lambda_cancel2
  starfun_mult_HFinite_approx <-- starfunCR_mult_HFinite_capprox
  starfun_mult_CFinite_capprox <-- starfun{C,RC}_mult_CFinite_capprox
  starfun_add_capprox <-- starfun{C,RC}_add_capprox
  starfun_add_approx <-- starfunCR_add_approx
  starfun_inverse_inverse <-- starfunC_inverse_inverse
  starfun_divide <-- starfun{C,CR,RC}_divide
  starfun_n <-- starfun{Nat,C}_n
  starfun_n_mult <-- starfun{Nat,C}_n_mult
  starfun_n_add <-- starfun{Nat,C}_n_add
  starfun_n_add_minus <-- starfunNat_n_add_minus
  starfun_n_const_fun <-- starfun{Nat,C}_n_const_fun
  starfun_n_minus <-- starfun{Nat,C}_n_minus
  starfun_n_eq <-- starfun{Nat,C}_n_eq

  star_n_add <-- {hypreal,hypnat,hcomplex}_add
  star_n_minus <-- {hypreal,hcomplex}_minus
  star_n_diff <-- {hypreal,hcomplex}_diff
  star_n_mult <-- {hypreal,hcomplex}_mult
  star_n_inverse <-- {hypreal,hcomplex}_inverse
  star_n_le <-- {hypreal,hypnat}_le
  star_n_less <-- {hypreal,hypnat}_less
  star_n_zero_num <-- {hypreal,hypnat,hcomplex}_zero_num
  star_n_one_num <-- {hypreal,hypnat,hcomplex}_one_num
  star_n_abs <-- hypreal_hrabs
  star_n_divide <-- hcomplex_divide

  star_of_add <-- {hypreal_of_real,hypnat_of_nat,hcomplex_of_complex}_add
  star_of_minus <-- {hypreal_of_real,hcomplex_of_complex}_minus
  star_of_diff <-- hypreal_of_real_diff
  star_of_mult <-- {hypreal_of_real,hypnat_of_nat,hcomplex_of_complex}_mult
  star_of_one <-- {hypreal_of_real,hcomplex_of_complex}_one
  star_of_zero <-- {hypreal_of_real,hypnat_of_nat,hcomplex_of_complex}_zero
  star_of_le <-- {hypreal_of_real,hypnat_of_nat}_le_iff
  star_of_less <-- {hypreal_of_real,hypnat_of_nat}_less_iff
  star_of_eq <-- {hypreal_of_real,hypnat_of_nat,hcomplex_of_complex}_eq_iff
  star_of_inverse <-- {hypreal_of_real,hcomplex_of_complex}_inverse
  star_of_divide <-- {hypreal_of_real,hcomplex_of_complex}_divide
  star_of_of_nat <-- {hypreal_of_real,hcomplex_of_complex}_of_nat
  star_of_of_int <-- {hypreal_of_real,hcomplex_of_complex}_of_int
  star_of_number_of <-- {hypreal,hcomplex}_number_of
  star_of_number_less <-- number_of_less_hypreal_of_real_iff
  star_of_number_le <-- number_of_le_hypreal_of_real_iff
  star_of_eq_number <-- hypreal_of_real_eq_number_of_iff
  star_of_less_number <-- hypreal_of_real_less_number_of_iff
  star_of_le_number <-- hypreal_of_real_le_number_of_iff
  star_of_power <-- hypreal_of_real_power
  star_of_eq_0 <-- hcomplex_of_complex_zero_iff

* Hyperreal: new method "transfer" that implements the transfer
principle of nonstandard analysis. With a subgoal that mentions
nonstandard types like "'a star", the command "apply transfer"
replaces it with an equivalent one that mentions only standard types.
To be successful, all free variables must have standard types; non-
standard variables must have explicit universal quantifiers.

* Hyperreal: A theory of Taylor series.


*** HOLCF ***

* Discontinued special version of 'constdefs' (which used to support
continuous functions) in favor of the general Pure one with full
type-inference.

* New simplification procedure for solving continuity conditions; it
is much faster on terms with many nested lambda abstractions (cubic
instead of exponential time).

* New syntax for domain package: selector names are now optional.
Parentheses should be omitted unless argument is lazy, for example:

  domain 'a stream = cons "'a" (lazy "'a stream")

* New command 'fixrec' for defining recursive functions with pattern
matching; defining multiple functions with mutual recursion is also
supported.  Patterns may include the constants cpair, spair, up, sinl,
sinr, or any data constructor defined by the domain package. The given
equations are proven as rewrite rules. See HOLCF/ex/Fixrec_ex.thy for
syntax and examples.

* New commands 'cpodef' and 'pcpodef' for defining predicate subtypes
of cpo and pcpo types. Syntax is exactly like the 'typedef' command,
but the proof obligation additionally includes an admissibility
requirement. The packages generate instances of class cpo or pcpo,
with continuity and strictness theorems for Rep and Abs.

* HOLCF: Many theorems have been renamed according to a more standard naming
scheme (INCOMPATIBILITY):

  foo_inject:  "foo$x = foo$y ==> x = y"
  foo_eq:      "(foo$x = foo$y) = (x = y)"
  foo_less:    "(foo$x << foo$y) = (x << y)"
  foo_strict:  "foo$UU = UU"
  foo_defined: "... ==> foo$x ~= UU"
  foo_defined_iff: "(foo$x = UU) = (x = UU)"


*** ZF ***

* ZF/ex: theories Group and Ring provide examples in abstract algebra,
including the First Isomorphism Theorem (on quotienting by the kernel
of a homomorphism).

* ZF/Simplifier: install second copy of type solver that actually
makes use of TC rules declared to Isar proof contexts (or locales);
the old version is still required for ML proof scripts.


*** Cube ***

* Converted to Isar theory format; use locales instead of axiomatic
theories.


*** ML ***

* Pure/library.ML no longer defines its own option datatype, but uses
that of the SML basis, which has constructors NONE and SOME instead of
None and Some, as well as exception Option.Option instead of OPTION.
The functions the, if_none, is_some, is_none have been adapted
accordingly, while Option.map replaces apsome.

* Pure/library.ML: the exception LIST has been given up in favour of
the standard exceptions Empty and Subscript, as well as
Library.UnequalLengths.  Function like Library.hd and Library.tl are
superceded by the standard hd and tl functions etc.

A number of basic list functions are no longer exported to the ML
toplevel, as they are variants of predefined functions.  The following
suggests how one can translate existing code: