NEWS

some cleaning up to do with contexts

Isabelle NEWS -- history user-relevant changes
==============================================

New in this Isabelle version
----------------------------

*** General ***

* More uniform information about legacy features, notably a
warning/error of "Legacy feature: ...", depending on the state of the
tolerate_legacy_features flag (default true). FUTURE INCOMPATIBILITY:
legacy features will disappear eventually.

* Theory syntax: the header format ``theory A = B + C:'' has been
discontinued in favour of ``theory A imports B C begin''.  Use isatool
fixheaders to convert existing theory files.  INCOMPATIBILITY.

* Theory syntax: the old non-Isar theory file format has been
discontinued altogether.  Note that ML proof scripts may still be used
with Isar theories; migration is usually quite simple with the ML
function use_legacy_bindings.  INCOMPATIBILITY.

* Theory syntax: some popular names (e.g. 'class', 'declaration',
'fun', 'help', 'if') are now keywords.  INCOMPATIBILITY, use double
quotes.

* Theory loader: be more serious about observing the static theory
header specifications (including optional directories), but not the
accidental file locations of previously successful loads.  The strict
update policy of former update_thy is now already performed by
use_thy, so the former has been removed; use_thys updates several
theories simultaneously, just as 'imports' within a theory header
specification, but without merging the results.  Potential
INCOMPATIBILITY: may need to refine theory headers and commands
ROOT.ML which depend on load order.

* Theory loader: optional support for content-based file
identification, instead of the traditional scheme of full physical
path plus date stamp; configured by the ISABELLE_FILE_IDENT setting
(cf. the system manual).  The new scheme allows to work with
non-finished theories in persistent session images, such that source
files may be moved later on without requiring reloads.

* Theory loader: old-style ML proof scripts being *attached* to a thy
file (with the same base name as the theory) are considered a legacy
feature, which will disappear eventually. Even now, the theory loader no
longer maintains dependencies on such files.

* Syntax: the scope for resolving ambiguities via type-inference is now
limited to individual terms, instead of whole simultaneous
specifications as before. This greatly reduces the complexity of the
syntax module and improves flexibility by separating parsing and
type-checking. INCOMPATIBILITY: additional type-constraints (explicit
'fixes' etc.) are required in rare situations.

* Legacy goal package: reduced interface to the bare minimum required
to keep existing proof scripts running.  Most other user-level
functions are now part of the OldGoals structure, which is *not* open
by default (consider isatool expandshort before open OldGoals).
Removed top_sg, prin, printyp, pprint_term/typ altogether, because
these tend to cause confusion about the actual goal (!) context being
used here, which is not necessarily the same as the_context().

* Command 'find_theorems': supports "*" wild-card in "name:"
criterion; "with_dups" option.  Certain ProofGeneral versions might
support a specific search form (see ProofGeneral/CHANGES).

* The ``prems limit'' option (cf. ProofContext.prems_limit) is now -1
by default, which means that "prems" (and also "fixed variables") are
suppressed from proof state output.  Note that the ProofGeneral
settings mechanism allows to change and save options persistently, but
older versions of Isabelle will fail to start up if a negative prems
limit is imposed.

* Local theory targets may be specified by non-nested blocks of
``context/locale/class ... begin'' followed by ``end''.  The body may
contain definitions, theorems etc., including any derived mechanism
that has been implemented on top of these primitives.  This concept
generalizes the existing ``theorem (in ...)'' towards more versatility
and scalability.

* Proof General interface: proper undo of final 'end' command;
discontinued Isabelle/classic mode (ML proof scripts).


*** Document preparation ***

* Added antiquotation @{theory name} which prints the given name,
after checking that it refers to a valid ancestor theory in the
current context.

* Added antiquotations @{ML_type text} and @{ML_struct text} which
check the given source text as ML type/structure, printing verbatim.

* Added antiquotation @{abbrev "c args"} which prints the abbreviation
"c args == rhs" given in the current context.  (Any number of
arguments may be given on the LHS.)



*** Pure ***

* code generator: consts in 'consts_code' Isar commands are now referred
  to by usual term syntax (including optional type annotations).

* code generator: 
  - Isar 'definition's, 'constdef's and primitive instance definitions are added
    explicitly to the table of defining equations
  - primitive definitions are not used as defining equations by default any longer
  - defining equations are now definitly restricted to meta "==" and object
        equality "="
  - HOL theories have been adopted accordingly

* class_package.ML offers a combination of axclasses and locales to
achieve Haskell-like type classes in Isabelle.  See
HOL/ex/Classpackage.thy for examples.

* Yet another code generator framework allows to generate executable
code for ML and Haskell (including "class"es).  A short usage sketch:

    internal compilation:
        code_gen <list of constants (term syntax)> in SML
    writing SML code to a file:
        code_gen <list of constants (term syntax)> in SML <filename>
    writing OCaml code to a file:
        code_gen <list of constants (term syntax)> in OCaml <filename>
    writing Haskell code to a bunch of files:
        code_gen <list of constants (term syntax)> in Haskell <filename>

Reasonable default setup of framework in HOL/Main.

Theorem attributs for selecting and transforming function equations theorems:

    [code fun]:        select a theorem as function equation for a specific constant
    [code fun del]:    deselect a theorem as function equation for a specific constant
    [code inline]:     select an equation theorem for unfolding (inlining) in place
    [code inline del]: deselect an equation theorem for unfolding (inlining) in place

User-defined serializations (target in {SML, OCaml, Haskell}):

    code_const <and-list of constants (term syntax)>
      {(target) <and-list of const target syntax>}+

    code_type <and-list of type constructors>
      {(target) <and-list of type target syntax>}+

    code_instance <and-list of instances>
      {(target)}+
        where instance ::= <type constructor> :: <class>

    code_class <and_list of classes>
      {(target) <and-list of class target syntax>}+
        where class target syntax ::= <class name> {where {<classop> == <target syntax>}+}?

code_instance and code_class only apply to target Haskell.

See HOL theories and HOL/ex/Codegenerator*.thy for usage examples.
Doc/Isar/Advanced/Codegen/ provides a tutorial.

* Command 'no_translations' removes translation rules from theory
syntax.

* Overloaded definitions are now actually checked for acyclic
dependencies.  The overloading scheme is slightly more general than
that of Haskell98, although Isabelle does not demand an exact
correspondence to type class and instance declarations.
INCOMPATIBILITY, use ``defs (unchecked overloaded)'' to admit more
exotic versions of overloading -- at the discretion of the user!

Polymorphic constants are represented via type arguments, i.e. the
instantiation that matches an instance against the most general
declaration given in the signature.  For example, with the declaration
c :: 'a => 'a => 'a, an instance c :: nat => nat => nat is represented
as c(nat).  Overloading is essentially simultaneous structural
recursion over such type arguments.  Incomplete specification patterns
impose global constraints on all occurrences, e.g. c('a * 'a) on the
LHS means that more general c('a * 'b) will be disallowed on any RHS.
Command 'print_theory' outputs the normalized system of recursive
equations, see section "definitions".

* Configuration options are maintained within the theory or proof
context (with name and type bool/int/string), providing a very simple
interface to a poor-man's version of general context data.  Tools may
declare options in ML (e.g. using Attrib.config_int) and then refer to
these values using Config.get etc.  Users may change options via an
associated attribute of the same name.  This form of context
declaration works particularly well with commands 'declare' or
'using', for example ``declare [[foo = 42]]''.  Thus it has become
very easy to avoid global references, which would not observe Isar
toplevel undo/redo and fail to work with multithreading.

Various global ML references of Pure and HOL have been turned into
configuration options:

  Unify.search_bound		unify_search_bound
  Unify.trace_bound		unify_trace_bound
  Unify.trace_simp		unify_trace_simp
  Unify.trace_types		unify_trace_types
  Simplifier.simp_depth_limit	simp_depth_limit
  Blast.depth_limit		blast_depth_limit
  DatatypeProp.dtK		datatype_distinctness_limit
  fast_arith_neq_limit  	fast_arith_neq_limit
  fast_arith_split_limit	fast_arith_split_limit

* Named collections of theorems may be easily installed as context
data using the functor NamedThmsFun (see
src/Pure/Tools/named_thms.ML).  The user may add or delete facts via
attributes; there is also a toplevel print command.  This facility is
just a common case of general context data, which is the preferred way
for anything more complex than just a list of facts in canonical
order.

* Isar: command 'declaration' augments a local theory by generic
declaration functions written in ML.  This enables arbitrary content
being added to the context, depending on a morphism that tells the
difference of the original declaration context wrt. the application
context encountered later on.

* Isar: proper interfaces for simplification procedures.  Command
'simproc_setup' declares named simprocs (with match patterns, and body
text in ML).  Attribute "simproc" adds/deletes simprocs in the current
context.  ML antiquotation @{simproc name} retrieves named simprocs.

* Isar: an extra pair of brackets around attribute declarations
abbreviates a theorem reference involving an internal dummy fact,
which will be ignored later --- only the effect of the attribute on
the background context will persist.  This form of in-place
declarations is particularly useful with commands like 'declare' and
'using', for example ``have A using [[simproc a]] by simp''.

* Isar: method "assumption" (and implicit closing of subproofs) now
takes simple non-atomic goal assumptions into account: after applying
an assumption as a rule the resulting subgoals are solved by atomic
assumption steps.  This is particularly useful to finish 'obtain'
goals, such as "!!x. (!!x. P x ==> thesis) ==> P x ==> thesis",
without referring to the original premise "!!x. P x ==> thesis" in the
Isar proof context.  POTENTIAL INCOMPATIBILITY: method "assumption" is
more permissive.

* Isar: implicit use of prems from the Isar proof context is
considered a legacy feature.  Common applications like ``have A .''
may be replaced by ``have A by fact'' or ``note `A`''.  In general,
referencing facts explicitly here improves readability and
maintainability of proof texts.

* Isar: improper proof element 'guess' is like 'obtain', but derives
the obtained context from the course of reasoning!  For example:

  assume "EX x y. A x & B y"   -- "any previous fact"
  then guess x and y by clarify

This technique is potentially adventurous, depending on the facts and
proof tools being involved here.

* Isar: known facts from the proof context may be specified as literal
propositions, using ASCII back-quote syntax.  This works wherever
named facts used to be allowed so far, in proof commands, proof
methods, attributes etc.  Literal facts are retrieved from the context
according to unification of type and term parameters.  For example,
provided that "A" and "A ==> B" and "!!x. P x ==> Q x" are known
theorems in the current context, then these are valid literal facts:
`A` and `A ==> B` and `!!x. P x ==> Q x" as well as `P a ==> Q a` etc.

There is also a proof method "fact" which does the same composition
for explicit goal states, e.g. the following proof texts coincide with
certain special cases of literal facts:

  have "A" by fact                 ==  note `A`
  have "A ==> B" by fact           ==  note `A ==> B`
  have "!!x. P x ==> Q x" by fact  ==  note `!!x. P x ==> Q x`
  have "P a ==> Q a" by fact       ==  note `P a ==> Q a`

* Isar: ":" (colon) is no longer a symbolic identifier character in
outer syntax.  Thus symbolic identifiers may be used without
additional white space in declarations like this: ``assume *: A''.

* Isar: 'print_facts' prints all local facts of the current context,
both named and unnamed ones.

* Isar: 'def' now admits simultaneous definitions, e.g.:

  def x == "t" and y == "u"

* Isar: added command 'unfolding', which is structurally similar to
'using', but affects both the goal state and facts by unfolding given
rewrite rules.  Thus many occurrences of the 'unfold' method or
'unfolded' attribute may be replaced by first-class proof text.

* Isar: methods 'unfold' / 'fold', attributes 'unfolded' / 'folded',
and command 'unfolding' now all support object-level equalities
(potentially conditional).  The underlying notion of rewrite rule is
analogous to the 'rule_format' attribute, but *not* that of the
Simplifier (which is usually more generous).

* Isar: the new attribute [rotated n] (default n = 1) rotates the
premises of a theorem by n. Useful in conjunction with drule.

* Isar: the goal restriction operator [N] (default N = 1) evaluates a
method expression within a sandbox consisting of the first N
sub-goals, which need to exist.  For example, ``simp_all [3]''
simplifies the first three sub-goals, while (rule foo, simp_all)[]
simplifies all new goals that emerge from applying rule foo to the
originally first one.

* Isar: schematic goals are no longer restricted to higher-order
patterns; e.g. ``lemma "?P(?x)" by (rule TrueI)'' now works as
expected.

* Isar: the conclusion of a long theorem statement is now either
'shows' (a simultaneous conjunction, as before), or 'obtains'
(essentially a disjunction of cases with local parameters and
assumptions).  The latter allows to express general elimination rules
adequately; in this notation common elimination rules look like this:

  lemma exE:    -- "EX x. P x ==> (!!x. P x ==> thesis) ==> thesis"
    assumes "EX x. P x"
    obtains x where "P x"

  lemma conjE:  -- "A & B ==> (A ==> B ==> thesis) ==> thesis"
    assumes "A & B"
    obtains A and B

  lemma disjE:  -- "A | B ==> (A ==> thesis) ==> (B ==> thesis) ==> thesis"
    assumes "A | B"
    obtains
      A
    | B

The subsequent classical rules even refer to the formal "thesis"
explicitly:

  lemma classical:     -- "(~ thesis ==> thesis) ==> thesis"
    obtains "~ thesis"

  lemma Peirce's_Law:  -- "((thesis ==> something) ==> thesis) ==> thesis"
    obtains "thesis ==> something"

The actual proof of an 'obtains' statement is analogous to that of the
Isar proof element 'obtain', only that there may be several cases.
Optional case names may be specified in parentheses; these will be
available both in the present proof and as annotations in the
resulting rule, for later use with the 'cases' method (cf. attribute
case_names).

* Isar: the assumptions of a long theorem statement are available as
"assms" fact in the proof context.  This is more appropriate than the
(historical) "prems", which refers to all assumptions of the current
context, including those from the target locale, proof body etc.

* Isar: 'print_statement' prints theorems from the current theory or
proof context in long statement form, according to the syntax of a
top-level lemma.

* Isar: 'obtain' takes an optional case name for the local context
introduction rule (default "that").

* Isar: removed obsolete 'concl is' patterns.  INCOMPATIBILITY, use
explicit (is "_ ==> ?foo") in the rare cases where this still happens
to occur.

* Pure: syntax "CONST name" produces a fully internalized constant
according to the current context.  This is particularly useful for
syntax translations that should refer to internal constant
representations independently of name spaces.

* Pure: syntax constant for foo (binder "FOO ") is called "foo_binder"
instead of "FOO ". This allows multiple binder declarations to coexist
in the same context.  INCOMPATIBILITY.

* Isar/locales: 'notation' provides a robust interface to the 'syntax'
primitive that also works in a locale context (both for constants and
fixed variables).  Type declaration and internal syntactic
representation of given constants retrieved from the context.

* Isar/locales: new derived specification elements 'axiomatization',
'definition', 'abbreviation', which support type-inference, admit
object-level specifications (equality, equivalence).  See also the
isar-ref manual.  Examples:

  axiomatization
    eq  (infix "===" 50) where
    eq_refl: "x === x" and eq_subst: "x === y ==> P x ==> P y"

  definition "f x y = x + y + 1"
  definition g where "g x = f x x"

  abbreviation
    neq  (infix "=!=" 50) where
    "x =!= y == ~ (x === y)"

These specifications may be also used in a locale context.  Then the
constants being introduced depend on certain fixed parameters, and the
constant name is qualified by the locale base name.  An internal
abbreviation takes care for convenient input and output, making the
parameters implicit and using the original short name.  See also
HOL/ex/Abstract_NAT.thy for an example of deriving polymorphic
entities from a monomorphic theory.

Presently, abbreviations are only available 'in' a target locale, but
not inherited by general import expressions.  Also note that
'abbreviation' may be used as a type-safe replacement for 'syntax' +
'translations' in common applications.

Concrete syntax is attached to specified constants in internal form,
independently of name spaces.  The parse tree representation is
slightly different -- use 'notation' instead of raw 'syntax', and
'translations' with explicit "CONST" markup to accommodate this.

* Pure: command 'print_abbrevs' prints all constant abbreviations of
the current context.  Print mode "no_abbrevs" prevents inversion of
abbreviations on output.

* Isar/locales: improved parameter handling:
- use of locales "var" and "struct" no longer necessary;
- parameter renamings are no longer required to be injective.
  This enables, for example, to define a locale for endomorphisms thus:
  locale endom = homom mult mult h.

* Isar/locales: changed the way locales with predicates are defined.
Instead of accumulating the specification, the imported expression is
now an interpretation.  INCOMPATIBILITY: different normal form of
locale expressions.  In particular, in interpretations of locales with
predicates, goals repesenting already interpreted fragments are not
removed automatically.  Use methods `intro_locales' and
`unfold_locales'; see below.

* Isar/locales: new methods `intro_locales' and `unfold_locales'
provide backward reasoning on locales predicates.  The methods are
aware of interpretations and discharge corresponding goals.
`intro_locales' is less aggressive then `unfold_locales' and does not
unfold predicates to assumptions.

* Isar/locales: the order in which locale fragments are accumulated
has changed.  This enables to override declarations from fragments due
to interpretations -- for example, unwanted simp rules.

* Isar/locales: interpretation in theories and proof contexts has been
extended.  One may now specify (and prove) equations, which are
unfolded in interpreted theorems.  This is useful for replacing
defined concepts (constants depending on locale parameters) by
concepts already existing in the target context.  Example:

  interpretation partial_order ["op <= :: [int, int] => bool"]
    where "partial_order.less (op <=) (x::int) y = (x < y)"

Typically, the constant `partial_order.less' is created by a definition
specification element in the context of locale partial_order.

* Provers/induct: improved internal context management to support
local fixes and defines on-the-fly.  Thus explicit meta-level
connectives !! and ==> are rarely required anymore in inductive goals
(using object-logic connectives for this purpose has been long
obsolete anyway).  The subsequent proof patterns illustrate advanced
techniques of natural induction; general datatypes and inductive sets
work analogously (see also src/HOL/Lambda for realistic examples).

(1) This is how to ``strengthen'' an inductive goal wrt. certain
parameters:

  lemma
    fixes n :: nat and x :: 'a
    assumes a: "A n x"
    shows "P n x"
    using a                     -- {* make induct insert fact a *}
  proof (induct n arbitrary: x) -- {* generalize goal to "!!x. A n x ==> P n x" *}
    case 0
    show ?case sorry
  next
    case (Suc n)
    note `!!x. A n x ==> P n x` -- {* induction hypothesis, according to induction rule *}
    note `A (Suc n) x`          -- {* induction premise, stemming from fact a *}
    show ?case sorry
  qed

(2) This is how to perform induction over ``expressions of a certain
form'', using a locally defined inductive parameter n == "a x"
together with strengthening (the latter is usually required to get
sufficiently flexible induction hypotheses):

  lemma
    fixes a :: "'a => nat"
    assumes a: "A (a x)"
    shows "P (a x)"
    using a
  proof (induct n == "a x" arbitrary: x)
    ...

See also HOL/Isar_examples/Puzzle.thy for an application of the this
particular technique.

(3) This is how to perform existential reasoning ('obtains' or
'obtain') by induction, while avoiding explicit object-logic
encodings:

  lemma
    fixes n :: nat
    obtains x :: 'a where "P n x" and "Q n x"
  proof (induct n arbitrary: thesis)
    case 0
    obtain x where "P 0 x" and "Q 0 x" sorry
    then show thesis by (rule 0)
  next
    case (Suc n)
    obtain x where "P n x" and "Q n x" by (rule Suc.hyps)
    obtain x where "P (Suc n) x" and "Q (Suc n) x" sorry
    then show thesis by (rule Suc.prems)
  qed

Here the 'arbitrary: thesis' specification essentially modifies the
scope of the formal thesis parameter, in order to the get the whole
existence statement through the induction as expected.

* Provers/induct: mutual induction rules are now specified as a list
of rule sharing the same induction cases.  HOL packages usually
provide foo_bar.inducts for mutually defined items foo and bar
(e.g. inductive sets or datatypes).  INCOMPATIBILITY, users need to
specify mutual induction rules differently, i.e. like this:

  (induct rule: foo_bar.inducts)
  (induct set: foo bar)
  (induct type: foo bar)

The ML function ProjectRule.projections turns old-style rules into the
new format.

* Provers/induct: improved handling of simultaneous goals.  Instead of
introducing object-level conjunction, the statement is now split into
several conclusions, while the corresponding symbolic cases are
nested accordingly.  INCOMPATIBILITY, proofs need to be structured
explicitly.  For example:

  lemma
    fixes n :: nat
    shows "P n" and "Q n"
  proof (induct n)
    case 0 case 1
    show "P 0" sorry
  next
    case 0 case 2
    show "Q 0" sorry
  next
    case (Suc n) case 1
    note `P n` and `Q n`
    show "P (Suc n)" sorry
  next
    case (Suc n) case 2
    note `P n` and `Q n`
    show "Q (Suc n)" sorry
  qed

The split into subcases may be deferred as follows -- this is
particularly relevant for goal statements with local premises.

  lemma
    fixes n :: nat
    shows "A n ==> P n" and "B n ==> Q n"
  proof (induct n)
    case 0
    {
      case 1
      note `A 0`
      show "P 0" sorry
    next
      case 2
      note `B 0`
      show "Q 0" sorry
    }
  next
    case (Suc n)
    note `A n ==> P n` and `B n ==> Q n`
    {
      case 1
      note `A (Suc n)`
      show "P (Suc n)" sorry
    next
      case 2
      note `B (Suc n)`
      show "Q (Suc n)" sorry
    }
  qed

If simultaneous goals are to be used with mutual rules, the statement
needs to be structured carefully as a two-level conjunction, using
lists of propositions separated by 'and':

  lemma
    shows "a : A ==> P1 a"
          "a : A ==> P2 a"
      and "b : B ==> Q1 b"
          "b : B ==> Q2 b"
          "b : B ==> Q3 b"
  proof (induct set: A B)

* Provers/induct: support coinduction as well.  See
src/HOL/Library/Coinductive_List.thy for various examples.

* Attribute "symmetric" produces result with standardized schematic
variables (index 0).  Potential INCOMPATIBILITY.

* Simplifier: by default the simplifier trace only shows top level
rewrites now. That is, trace_simp_depth_limit is set to 1 by
default. Thus there is less danger of being flooded by the trace. The
trace indicates where parts have been suppressed.
  
* Provers/classical: removed obsolete classical version of elim_format
attribute; classical elim/dest rules are now treated uniformly when
manipulating the claset.

* Provers/classical: stricter checks to ensure that supplied intro,
dest and elim rules are well-formed; dest and elim rules must have at
least one premise.

* Provers/classical: attributes dest/elim/intro take an optional
weight argument for the rule (just as the Pure versions).  Weights are
ignored by automated tools, but determine the search order of single
rule steps.

* Syntax: input syntax now supports dummy variable binding "%_. b",
where the body does not mention the bound variable.  Note that dummy
patterns implicitly depend on their context of bounds, which makes
"{_. _}" match any set comprehension as expected.  Potential
INCOMPATIBILITY -- parse translations need to cope with syntactic
constant "_idtdummy" in the binding position.

* Syntax: removed obsolete syntactic constant "_K" and its associated
parse translation.  INCOMPATIBILITY -- use dummy abstraction instead,
for example "A -> B" => "Pi A (%_. B)".

* Pure: 'class_deps' command visualizes the subclass relation, using
the graph browser tool.

* Pure: 'print_theory' now suppresses entities with internal name
(trailing "_") by default; use '!' option for full details.


*** HOL ***

* Formulation of theorem "dense" changed slightly due to integration with new
class dense_linear_order.

* theory Finite_Set: "name-space" locales Lattice, Distrib_lattice, Linorder etc.
have disappeared; operations defined in terms of fold_set now are named
Inf_fin, Sup_fin.  INCOMPATIBILITY.

* HOL-Word:
  New extensive library and type for generic, fixed size machine
  words, with arithemtic, bit-wise, shifting and rotating operations,
  reflection into int, nat, and bool lists, automation for linear
  arithmetic (by automatic reflection into nat or int), including
  lemmas on overflow and monotonicity. Instantiated to all appropriate
  arithmetic type classes, supporting automatic simplification of
  numerals on all operations. Jointly developed by NICTA, Galois, and
  PSU.

* Library/Boolean_Algebra: locales for abstract boolean algebras.

* Library/Numeral_Type: numbers as types, e.g. TYPE(32).

* Code generator library theories:
  * Pretty_Int represents HOL integers by big integer literals in target
    languages.
  * Pretty_Char represents HOL characters by character literals in target
    languages.
  * Pretty_Char_chr like Pretty_Char, but also offers treatment of character
    codes; includes Pretty_Int.
  * Executable_Set allows to generate code for finite sets using lists.
  * Executable_Rat implements rational numbers as triples (sign, enumerator,
    denominator).
  * Executable_Real implements a subset of real numbers, namly those
    representable by rational numbers.
  * Efficient_Nat implements natural numbers by integers, which in general will
    result in higher efficency; pattern matching with 0/Suc is eliminated;
    includes Pretty_Int.
  * ML_String provides an additional datatype ml_string; in the HOL default
    setup, strings in HOL are mapped to lists of HOL characters in SML; values
    of type ml_string are mapped to strings in SML.
  * ML_Int provides an additional datatype ml_int which is mapped to to SML
    built-in integers.

* New package for inductive predicates

  An n-ary predicate p with m parameters z_1, ..., z_m can now be defined via

    inductive
      p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool"
      for z_1 :: U_1 and ... and z_n :: U_m
    where
      rule_1: "... ==> p z_1 ... z_m t_1_1 ... t_1_n"
    | ...

  rather than

    consts s :: "U_1 => ... => U_m => (T_1 * ... * T_n) set"

    abbreviation p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool"
    where "p z_1 ... z_m x_1 ... x_n == (x_1, ..., x_n) : s z_1 ... z_m"

    inductive "s z_1 ... z_m"
    intros
      rule_1: "... ==> (t_1_1, ..., t_1_n) : s z_1 ... z_m"
      ...

  For backward compatibility, there is a wrapper allowing inductive
  sets to be defined with the new package via

    inductive_set
      s :: "U_1 => ... => U_m => (T_1 * ... * T_n) set"
      for z_1 :: U_1 and ... and z_n :: U_m
    where
      rule_1: "... ==> (t_1_1, ..., t_1_n) : s z_1 ... z_m"
    | ...

  or

    inductive_set
      s :: "U_1 => ... => U_m => (T_1 * ... * T_n) set"
      and p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool"
      for z_1 :: U_1 and ... and z_n :: U_m
    where
      "p z_1 ... z_m x_1 ... x_n == (x_1, ..., x_n) : s z_1 ... z_m"
    | rule_1: "... ==> p z_1 ... z_m t_1_1 ... t_1_n"
    | ...

  if the additional syntax "p ..." is required.

  Many examples can be found in the subdirectories Auth, Bali, Induct,
  or MicroJava.

  INCOMPATIBILITIES:

  - Since declaration and definition of inductive sets or predicates
    is no longer separated, abbreviations involving the newly introduced
    sets or predicates must be specified together with the introduction
    rules after the "where" keyword (see example above), rather than before
    the actual inductive definition.

  - The variables in induction and elimination rules are now quantified
    in the order of their occurrence in the introduction rules, rather than
    in alphabetical order. Since this may break some proofs, these proofs
    either have to be repaired, e.g. by reordering the variables
    a_i_1 ... a_i_{k_i} in Isar "case" statements of the form

      case (rule_i a_i_1 ... a_i_{k_i})

    or the old order of quantification has to be restored by explicitly adding
    meta-level quantifiers in the introduction rules, i.e.

      | rule_i: "!!a_i_1 ... a_i_{k_i}. ... ==> p z_1 ... z_m t_i_1 ... t_i_n"

  - The format of the elimination rules is now

      p z_1 ... z_m x_1 ... x_n ==>
        (!!a_1_1 ... a_1_{k_1}. x_1 = t_1_1 ==> ... ==> x_n = t_1_n ==> ... ==> P)
        ==> ... ==> P

    for predicates and

      (x_1, ..., x_n) : s z_1 ... z_m ==>
        (!!a_1_1 ... a_1_{k_1}. x_1 = t_1_1 ==> ... ==> x_n = t_1_n ==> ... ==> P)
        ==> ... ==> P

    for sets rather than

      x : s z_1 ... z_m ==>
        (!!a_1_1 ... a_1_{k_1}. x = (t_1_1, ..., t_1_n) ==> ... ==> P)
        ==> ... ==> P

    This may require terms in goals to be expanded to n-tuples (e.g. using case_tac
    or simplification with the split_paired_all rule) before the above elimination
    rule is applicable.

  - The elimination or case analysis rules for (mutually) inductive sets or
    predicates are now called "p_1.cases" ... "p_k.cases". The list of rules
    "p_1_..._p_k.elims" is no longer available.

* Method "metis" proves goals by applying the Metis general-purpose
resolution prover.  Examples are in the directory MetisExamples.  See
also http://gilith.com/software/metis/
  
* Command 'sledgehammer' invokes external automatic theorem provers as
background processes.  It generates calls to the "metis" method if
successful. These can be pasted into the proof.  Users do not have to
wait for the automatic provers to return.

* Case-expressions allow arbitrary constructor-patterns (including "_") and
  take their order into account, like in functional programming.
  Internally, this is translated into nested case-expressions; missing cases
  are added and mapped to the predefined constant "undefined". In complicated
  cases printing may no longer show the original input but the internal
  form. Lambda-abstractions allow the same form of pattern matching:
  "% pat1 => e1 | ..." is an abbreviation for
  "%x. case x of pat1 => e1 | ..." where x is a new variable.

* IntDef: The constant "int :: nat => int" has been removed; now "int"
  is an abbreviation for "of_nat :: nat => int". The simplification rules
  for "of_nat" have been changed to work like "int" did previously.
  (potential INCOMPATIBILITY)
  - "of_nat (Suc m)" simplifies to "1 + of_nat m" instead of "of_nat m + 1"
  - of_nat_diff and of_nat_mult are no longer default simp rules

* Method "algebra" solves polynomial equations over (semi)rings using
  Groebner bases. The (semi)ring structure is defined by locales and
  the tool setup depends on that generic context. Installing the
  method for a specific type involves instantiating the locale and
  possibly adding declarations for computation on the coefficients.
  The method is already instantiated for natural numbers and for the
  axiomatic class of idoms with numerals.  See also the paper by
  Chaieb and Wenzel at CALCULEMUS 2007 for the general principles
  underlying this architecture of context-aware proof-tools.

* constant "List.op @" now named "List.append".  Use ML antiquotations
@{const_name List.append} or @{term " ... @ ... "} to circumvent
possible incompatibilities when working on ML level.

* Constant renames due to introduction of canonical name prefixing for
  class package:

    HOL.abs ~> HOL.minus_class.abs
    HOL.divide ~> HOL.divide_class.divide
    Nat.power ~> Nat.power_class.power
    Nat.size ~> Nat.size_class.size
    Numeral.number_of ~> Numeral.number_class.number_of
    FixedPoint.Inf ~> FixedPoint.complete_lattice_class.Inf
    FixedPoint.Sup ~> FixedPoint.complete_lattice_class.Sup

* Rudimentary class target mechanism involves constant renames:

    Orderings.min ~> Orderings.ord_class.min
    Orderings.max ~> Orderings.ord_class.max

* primrec: missing cases mapped to "undefined" instead of "arbitrary"

* new constant "undefined" with axiom "undefined x = undefined"

* new class "default" with associated constant "default"

* new function listsum :: 'a list => 'a for arbitrary monoids.
  Special syntax: "SUM x <- xs. f x" (and latex variants)

* new (input only) syntax for Haskell-like list comprehension, eg
  [(x,y). x <- xs, y <- ys, x ~= y]
  For details see List.thy.

* The special syntax for function "filter" has changed from [x : xs. P] to
  [x <- xs. P] to avoid an ambiguity caused by list comprehension syntax,
  and for uniformity. INCOMPATIBILITY

* Lemma "set_take_whileD" renamed to "set_takeWhileD"

* function "sgn" is now overloaded and available on int, real, complex
  (and other numeric types).
  The details: new class "sgn" with function "sgn";
  two possible defs of sgn in the classes sgn_if and sgn_div_norm
  (as equational assumptions);
  ordered_idom now also inherits from sgn_if - INCOMPATIBILITY.

* New lemma collection field_simps (an extension of ring_simps)
  for manipulating (in)equations involving division. Multiplies
  with all denominators that can be proved to be non-zero (in equations)
  or positive/negative (in inequations).

* Lemma collections ring_eq_simps, group_eq_simps and ring_distrib
  have been improved and renamed to ring_simps, group_simps and ring_distribs.
  Removed lemmas field_xyz in Ring_and_Field
  because they were subsumed by lemmas xyz.
INCOMPATIBILITY.

* Library/Pretty_Int.thy: maps HOL numerals on target language integer literals
  when generating code.

* Library/Pretty_Char.thy: maps HOL characters on target language character literals
  when generating code.

* Library/Commutative_Ring.thy: switched from recdef to function package;
  constants add, mul, pow now curried.  Infix syntax for algebraic operations.

* Some steps towards more uniform lattice theory development in HOL.

    constants "meet" and "join" now named "inf" and "sup"
    constant "Meet" now named "Inf"

    classes "meet_semilorder" and "join_semilorder" now named
      "lower_semilattice" and "upper_semilattice"
    class "lorder" now named "lattice"
    class "comp_lat" now named "complete_lattice"

    Instantiation of lattice classes allows explicit definitions
    for "inf" and "sup" operations (or "Inf" and "Sup" for complete lattices).

  INCOMPATIBILITY.  Theorem renames:

    meet_left_le            ~> inf_le1
    meet_right_le           ~> inf_le2
    join_left_le            ~> sup_ge1
    join_right_le           ~> sup_ge2
    meet_join_le            ~> inf_sup_ord
    le_meetI                ~> le_infI
    join_leI                ~> le_supI
    le_meet                 ~> le_inf_iff
    le_join                 ~> ge_sup_conv
    meet_idempotent         ~> inf_idem
    join_idempotent         ~> sup_idem
    meet_comm               ~> inf_commute
    join_comm               ~> sup_commute
    meet_leI1               ~> le_infI1
    meet_leI2               ~> le_infI2
    le_joinI1               ~> le_supI1
    le_joinI2               ~> le_supI2
    meet_assoc              ~> inf_assoc
    join_assoc              ~> sup_assoc
    meet_left_comm          ~> inf_left_commute
    meet_left_idempotent    ~> inf_left_idem
    join_left_comm          ~> sup_left_commute
    join_left_idempotent    ~> sup_left_idem
    meet_aci                ~> inf_aci
    join_aci                ~> sup_aci
    le_def_meet             ~> le_iff_inf
    le_def_join             ~> le_iff_sup
    join_absorp2            ~> sup_absorb2
    join_absorp1            ~> sup_absorb1
    meet_absorp1            ~> inf_absorb1
    meet_absorp2            ~> inf_absorb2
    meet_join_absorp        ~> inf_sup_absorb
    join_meet_absorp        ~> sup_inf_absorb
    distrib_join_le         ~> distrib_sup_le
    distrib_meet_le         ~> distrib_inf_le

    add_meet_distrib_left   ~> add_inf_distrib_left
    add_join_distrib_left   ~> add_sup_distrib_left
    is_join_neg_meet        ~> is_join_neg_inf
    is_meet_neg_join        ~> is_meet_neg_sup
    add_meet_distrib_right  ~> add_inf_distrib_right
    add_join_distrib_right  ~> add_sup_distrib_right
    add_meet_join_distribs  ~> add_sup_inf_distribs
    join_eq_neg_meet        ~> sup_eq_neg_inf
    meet_eq_neg_join        ~> inf_eq_neg_sup
    add_eq_meet_join        ~> add_eq_inf_sup
    meet_0_imp_0            ~> inf_0_imp_0
    join_0_imp_0            ~> sup_0_imp_0
    meet_0_eq_0             ~> inf_0_eq_0
    join_0_eq_0             ~> sup_0_eq_0
    neg_meet_eq_join        ~> neg_inf_eq_sup
    neg_join_eq_meet        ~> neg_sup_eq_inf
    join_eq_if              ~> sup_eq_if

    mono_meet               ~> mono_inf
    mono_join               ~> mono_sup
    meet_bool_eq            ~> inf_bool_eq
    join_bool_eq            ~> sup_bool_eq
    meet_fun_eq             ~> inf_fun_eq
    join_fun_eq             ~> sup_fun_eq
    meet_set_eq             ~> inf_set_eq
    join_set_eq             ~> sup_set_eq
    meet1_iff               ~> inf1_iff
    meet2_iff               ~> inf2_iff
    meet1I                  ~> inf1I
    meet2I                  ~> inf2I
    meet1D1                 ~> inf1D1
    meet2D1                 ~> inf2D1
    meet1D2                 ~> inf1D2
    meet2D2                 ~> inf2D2
    meet1E                  ~> inf1E
    meet2E                  ~> inf2E
    join1_iff               ~> sup1_iff
    join2_iff               ~> sup2_iff
    join1I1                 ~> sup1I1
    join2I1                 ~> sup2I1
    join1I1                 ~> sup1I1
    join2I2                 ~> sup1I2
    join1CI                 ~> sup1CI
    join2CI                 ~> sup2CI
    join1E                  ~> sup1E
    join2E                  ~> sup2E

    is_meet_Meet            ~> is_meet_Inf
    Meet_bool_def           ~> Inf_bool_def
    Meet_fun_def            ~> Inf_fun_def
    Meet_greatest           ~> Inf_greatest
    Meet_lower              ~> Inf_lower
    Meet_set_def            ~> Inf_set_def

    Sup_def                 ~> Sup_Inf
    Sup_bool_eq             ~> Sup_bool_def
    Sup_fun_eq              ~> Sup_fun_def
    Sup_set_eq              ~> Sup_set_def

    listsp_meetI            ~> listsp_infI
    listsp_meet_eq          ~> listsp_inf_eq

    meet_min                ~> inf_min
    join_max                ~> sup_max

* Classes "order" and "linorder": facts "refl", "trans" and
"cases" renamed ro "order_refl", "order_trans" and "linorder_cases", to
avoid clashes with HOL "refl" and "trans". INCOMPATIBILITY.

* Classes "order" and "linorder": 
potential INCOMPATIBILITY: order of proof goals in order/linorder instance
proofs changed.

* Dropped lemma duplicate def_imp_eq in favor of meta_eq_to_obj_eq.
INCOMPATIBILITY.

* Dropped lemma duplicate if_def2 in favor of if_bool_eq_conj.
INCOMPATIBILITY.

* Added syntactic class "size"; overloaded constant "size" now has
type "'a::size ==> bool"

* Renamed constants "Divides.op div", "Divides.op mod" and "Divides.op
dvd" to "Divides.div_class.div", "Divides.div_class.mod" and "Divides.dvd". INCOMPATIBILITY.

* Added method "lexicographic_order" automatically synthesizes
termination relations as lexicographic combinations of size measures
-- 'function' package.

* HOL/records: generalised field-update to take a function on the
field rather than the new value: r(|A := x|) is translated to A_update
(K x) r The K-combinator that is internally used is called K_record.
INCOMPATIBILITY: Usage of the plain update functions has to be
adapted.
 
* axclass "semiring_0" now contains annihilation axioms x * 0 = 0 and
0 * x = 0, which are required for a semiring.  Richer structures do
not inherit from semiring_0 anymore, because this property is a
theorem there, not an axiom.  INCOMPATIBILITY: In instances of
semiring_0, there is more to prove, but this is mostly trivial.

* axclass "recpower" was generalized to arbitrary monoids, not just
commutative semirings.  INCOMPATIBILITY: If you use recpower and need
commutativity or a semiring property, add the corresponding classes.

* Unified locale partial_order with class definition (cf. theory
Orderings), added parameter ``less''.  INCOMPATIBILITY.

* Constant "List.list_all2" in List.thy now uses authentic syntax.
INCOMPATIBILITY: translations containing list_all2 may go wrong.  On
Isar level, use abbreviations instead.

* Renamed constant "List.op mem" to "List.memberl" INCOMPATIBILITY:
rarely occuring name references (e.g. ``List.op mem.simps'') require
renaming (e.g. ``List.memberl.simps'').

* Renamed constants "0" to "HOL.zero_class.zero" and "1" to "HOL.one_class.one".
INCOMPATIBILITY.

* Added class "HOL.eq", allowing for code generation with polymorphic equality.

* Numeral syntax: type 'bin' which was a mere type copy of 'int' has
been abandoned in favour of plain 'int'. INCOMPATIBILITY --
significant changes for setting up numeral syntax for types:

  - new constants Numeral.pred and Numeral.succ instead
      of former Numeral.bin_pred and Numeral.bin_succ.
  - Use integer operations instead of bin_add, bin_mult and so on.
  - Numeral simplification theorems named Numeral.numeral_simps instead of Bin_simps.
  - ML structure Bin_Simprocs now named Int_Numeral_Base_Simprocs.

See HOL/Integ/IntArith.thy for an example setup.

* New top level command 'normal_form' computes the normal form of a
term that may contain free variables. For example ``normal_form
"rev[a,b,c]"'' produces ``[b,c,a]'' (without proof).  This command is
suitable for heavy-duty computations because the functions are
compiled to ML first.

* Alternative iff syntax "A <-> B" for equality on bool (with priority
25 like -->); output depends on the "iff" print_mode, the default is
"A = B" (with priority 50).

* Renamed constants in HOL.thy and Orderings.thy:
    op +   ~> HOL.plus_class.plus
    op -   ~> HOL.minus_class.minus
    uminus ~> HOL.minus_class.uminus
    abs    ~> HOL.abs_class.abs
    op *   ~> HOL.times_class.times
    op <   ~> HOL.ord_class.less
    op <=  ~> HOL.ord_class.less_eq

Adaptions may be required in the following cases:

a) User-defined constants using any of the names "plus", "minus", "times",
"less" or "less_eq". The standard syntax translations for "+", "-" and "*"
may go wrong.
INCOMPATIBILITY: use more specific names.

b) Variables named "plus", "minus", "times", "less", "less_eq"
INCOMPATIBILITY: use more specific names.

c) Permutative equations (e.g. "a + b = b + a")
Since the change of names also changes the order of terms, permutative
rewrite rules may get applied in a different order. Experience shows that
this is rarely the case (only two adaptions in the whole Isabelle
distribution).
INCOMPATIBILITY: rewrite proofs

d) ML code directly refering to constant names
This in general only affects hand-written proof tactics, simprocs and so on.
INCOMPATIBILITY: grep your sourcecode and replace names.  Consider use
of const_name ML antiquotations.

* Relations less (<) and less_eq (<=) are also available on type bool.
Modified syntax to disallow nesting without explicit parentheses,
e.g. "(x < y) < z" or "x < (y < z)", but NOT "x < y < z".

* "LEAST x:A. P" expands to "LEAST x. x:A & P" (input only).

* Relation composition operator "op O" now has precedence 75 and binds
stronger than union and intersection. INCOMPATIBILITY.

* The old set interval syntax "{m..n(}" (and relatives) has been
removed.  Use "{m..<n}" (and relatives) instead.

* In the context of the assumption "~(s = t)" the Simplifier rewrites
"t = s" to False (by simproc "neq_simproc").  For backward
compatibility this can be disabled by ML "reset use_neq_simproc".

* "m dvd n" where m and n are numbers is evaluated to True/False by
simp.

* Theorem Cons_eq_map_conv no longer declared as ``simp''.

* Theorem setsum_mult renamed to setsum_right_distrib.

* Prefer ex1I over ex_ex1I in single-step reasoning, e.g. by the
``rule'' method.

* Reimplemented methods ``sat'' and ``satx'', with several
improvements: goals no longer need to be stated as "<prems> ==>
False", equivalences (i.e. "=" on type bool) are handled, variable
names of the form "lit_<n>" are no longer reserved, significant
speedup.

* Methods ``sat'' and ``satx'' can now replay MiniSat proof traces.
zChaff is still supported as well.

* 'inductive' and 'datatype': provide projections of mutual rules,
bundled as foo_bar.inducts;

* Library: moved theories Parity, GCD, Binomial, Infinite_Set to
Library.

* Library: moved theory Accessible_Part to main HOL.

* Library: added theory Coinductive_List of potentially infinite lists
as greatest fixed-point.

* Library: added theory AssocList which implements (finite) maps as
association lists.

* Added proof method ``evaluation'' for efficiently solving a goal
(i.e. a boolean expression) by compiling it to ML. The goal is
"proved" (via an oracle) if it evaluates to True.

* Linear arithmetic now splits certain operators (e.g. min, max, abs)
also when invoked by the simplifier.  This results in the simplifier
being more powerful on arithmetic goals.  INCOMPATIBILITY.  Set
fast_arith_split_limit to 0 to obtain the old behavior.

* Support for hex (0x20) and binary (0b1001) numerals.

* New method: reify eqs (t), where eqs are equations for an
interpretation I :: 'a list => 'b => 'c and t::'c is an optional
parameter, computes a term s::'b and a list xs::'a list and proves the
theorem I xs s = t. This is also known as reification or quoting. The
resulting theorem is applied to the subgoal to substitute t with I xs
s.  If t is omitted, the subgoal itself is reified.

* New method: reflection corr_thm eqs (t). The parameters eqs and (t)
are as explained above. corr_thm is a theorem for I vs (f t) = I vs t,
where f is supposed to be a computable function (in the sense of code
generattion). The method uses reify to compute s and xs as above then
applies corr_thm and uses normalization by evaluation to "prove" f s =
r and finally gets the theorem t = r, which is again applied to the
subgoal. An Example is available in HOL/ex/ReflectionEx.thy.

* Reflection: Automatic reification now handels binding, an example
is available in HOL/ex/ReflectionEx.thy


*** HOL-Algebra ***

* Formalisation of ideals and the quotient construction over rings.

* Order and lattice theory no longer based on records.
INCOMPATIBILITY.

* Renamed lemmas least_carrier -> least_closed and greatest_carrier ->
greatest_closed.  INCOMPATIBILITY.

* Method algebra is now set up via an attribute.  For examples see
Ring.thy.  INCOMPATIBILITY: the method is now weaker on combinations
of algebraic structures.

* Renamed theory CRing to Ring.


*** HOL-Complex ***

* Theory Real: new method ferrack implements quantifier elimination
for linear arithmetic over the reals. The quantifier elimination
feature is used only for decision, for compatibility with arith. This
means a goal is either solved or left unchanged, no simplification.

* Hyperreal: Functions root and sqrt are now defined on negative real
inputs so that root n (- x) = - root n x and sqrt (- x) = - sqrt x.
Nonnegativity side conditions have been removed from many lemmas, so
that more subgoals may now be solved by simplification; potential
INCOMPATIBILITY.

* Real: New axiomatic classes formalize real normed vector spaces and
algebras, using new overloaded constants scaleR :: real => 'a => 'a
and norm :: 'a => real.

* Real: New constant of_real :: real => 'a::real_algebra_1 injects
from reals into other types. The overloaded constant Reals :: 'a set
is now defined as range of_real; potential INCOMPATIBILITY.

* Real: ML code generation is supported now and hence also quickcheck.
Reals are implemented as arbitrary precision rationals.

* Hyperreal: Several constants that previously worked only for the
reals have been generalized, so they now work over arbitrary vector
spaces. Type annotations may need to be added in some cases; potential
INCOMPATIBILITY.

  Infinitesimal  :: ('a::real_normed_vector) star set
  HFinite        :: ('a::real_normed_vector) star set
  HInfinite      :: ('a::real_normed_vector) star set
  approx         :: ('a::real_normed_vector) star => 'a star => bool
  monad          :: ('a::real_normed_vector) star => 'a star set
  galaxy         :: ('a::real_normed_vector) star => 'a star set
  (NS)LIMSEQ     :: [nat => 'a::real_normed_vector, 'a] => bool
  (NS)convergent :: (nat => 'a::real_normed_vector) => bool
  (NS)Bseq       :: (nat => 'a::real_normed_vector) => bool
  (NS)Cauchy     :: (nat => 'a::real_normed_vector) => bool
  (NS)LIM        :: ['a::real_normed_vector => 'b::real_normed_vector, 'a, 'b] => bool
  is(NS)Cont     :: ['a::real_normed_vector => 'b::real_normed_vector, 'a] => bool
  deriv          :: ['a::real_normed_field => 'a, 'a, 'a] => bool
  sgn            :: 'a::real_normed_vector => 'a
  exp            :: 'a::{recpower,real_normed_field,banach} => 'a

* Complex: Some complex-specific constants are now abbreviations for
overloaded ones: complex_of_real = of_real, cmod = norm, hcmod =
hnorm.  Other constants have been entirely removed in favor of the
polymorphic versions (INCOMPATIBILITY):

  approx        <-- capprox
  HFinite       <-- CFinite
  HInfinite     <-- CInfinite
  Infinitesimal <-- CInfinitesimal
  monad         <-- cmonad
  galaxy        <-- cgalaxy
  (NS)LIM       <-- (NS)CLIM, (NS)CRLIM
  is(NS)Cont    <-- is(NS)Contc, is(NS)contCR
  (ns)deriv     <-- (ns)cderiv


*** ML ***

* Generic arithmetic modules: Tools/integer.ML, Tools/rat.ML, Tools/float.ML

* Context data interfaces (Theory/Proof/GenericDataFun): removed
name/print, uninitialized data defaults to ad-hoc copy of empty value,
init only required for impure data.  INCOMPATIBILITY: empty really
need to be empty (no dependencies on theory content!)

* ML within Isar: antiquotations allow to embed statically-checked
formal entities in the source, referring to the context available at
compile-time.  For example:

ML {* @{typ "'a => 'b"} *}
ML {* @{term "%x. x"} *}
ML {* @{prop "x == y"} *}
ML {* @{ctyp "'a => 'b"} *}
ML {* @{cterm "%x. x"} *}
ML {* @{cprop "x == y"} *}
ML {* @{thm asm_rl} *}
ML {* @{thms asm_rl} *}
ML {* @{const_name c} *}
ML {* @{const_syntax c} *}
ML {* @{context} *}
ML {* @{theory} *}
ML {* @{theory Pure} *}
ML {* @{simpset} *}
ML {* @{claset} *}
ML {* @{clasimpset} *}

The same works for sources being ``used'' within an Isar context.

* ML in Isar: improved error reporting; extra verbosity with
Toplevel.debug enabled.

* Pure/library:

  val burrow: ('a list -> 'b list) -> 'a list list -> 'b list list
  val fold_burrow: ('a list -> 'c -> 'b list * 'd) -> 'a list list -> 'c -> 'b list list * 'd

The semantics of "burrow" is: "take a function with *simulatanously*
transforms a list of value, and apply it *simulatanously* to a list of
list of values of the appropriate type". Compare this with "map" which
would *not* apply its argument function simulatanously but in
sequence; "fold_burrow" has an additional context.

* Pure/library: functions map2 and fold2 with curried syntax for
simultanous mapping and folding:

    val map2: ('a -> 'b -> 'c) -> 'a list -> 'b list -> 'c list
    val fold2: ('a -> 'b -> 'c -> 'c) -> 'a list -> 'b list -> 'c -> 'c

* Pure/library: indexed lists - some functions in the Isabelle library
treating lists over 'a as finite mappings from [0...n] to 'a have been
given more convenient names and signatures reminiscent of similar
functions for alists, tables, etc:

  val nth: 'a list -> int -> 'a 
  val nth_map: int -> ('a -> 'a) -> 'a list -> 'a list
  val fold_index: (int * 'a -> 'b -> 'b) -> 'a list -> 'b -> 'b

Note that fold_index starts counting at index 0, not 1 like foldln
used to.

* Pure/library: added general ``divide_and_conquer'' combinator on
lists.

* Pure/General/table.ML: the join operations now works via exceptions
DUP/SAME instead of type option.  This is simpler in simple cases, and
admits slightly more efficient complex applications.

* Pure: datatype Context.generic joins theory/Proof.context and
provides some facilities for code that works in either kind of
context, notably GenericDataFun for uniform theory and proof data.

* Pure: 'advanced' translation functions (parse_translation etc.) now
use Context.generic instead of just theory.

* Pure: simplified internal attribute type, which is now always
Context.generic * thm -> Context.generic * thm.  Global (theory)
vs. local (Proof.context) attributes have been discontinued, while
minimizing code duplication.  Thm.rule_attribute and
Thm.declaration_attribute build canonical attributes; see also
structure Context for further operations on Context.generic, notably
GenericDataFun.  INCOMPATIBILITY, need to adapt attribute type
declarations and definitions.

* Pure/kernel: consts certification ignores sort constraints given in
signature declarations.  (This information is not relevant to the
logic, but only for type inference.)  IMPORTANT INTERNAL CHANGE,
potential INCOMPATIBILITY.

* Pure: axiomatic type classes are now purely definitional, with
explicit proofs of class axioms and super class relations performed
internally.  See Pure/axclass.ML for the main internal interfaces --
notably AxClass.define_class supercedes AxClass.add_axclass, and
AxClass.axiomatize_class/classrel/arity supercede
Sign.add_classes/classrel/arities.

* Pure/Isar: Args/Attrib parsers operate on Context.generic --
global/local versions on theory vs. Proof.context have been
discontinued; Attrib.syntax and Method.syntax have been adapted
accordingly.  INCOMPATIBILITY, need to adapt parser expressions for
attributes, methods, etc.

* Pure: several functions of signature "... -> theory -> theory * ..."
have been reoriented to "... -> theory -> ... * theory" in order to
allow natural usage in combination with the ||>, ||>>, |-> and
fold_map combinators.

* Pure: official theorem names (closed derivations) and additional
comments (tags) are now strictly separate.  Name hints -- which are
maintained as tags -- may be attached any time without affecting the
derivation.

* Pure: primitive rule lift_rule now takes goal cterm instead of an
actual goal state (thm).  Use Thm.lift_rule (Thm.cprem_of st i) to
achieve the old behaviour.

* Pure: the "Goal" constant is now called "prop", supporting a
slightly more general idea of ``protecting'' meta-level rule
statements.

* Pure: Logic.(un)varify only works in a global context, which is now
enforced instead of silently assumed.  INCOMPATIBILITY, may use
Logic.legacy_(un)varify as temporary workaround.

* Pure: structure Name provides scalable operations for generating
internal variable names, notably Name.variants etc.  This replaces
some popular functions from term.ML:

  Term.variant		->  Name.variant
  Term.variantlist	->  Name.variant_list  (*canonical argument order*)
  Term.invent_names	->  Name.invent_list

Note that low-level renaming rarely occurs in new code -- operations
from structure Variable are used instead (see below).

* Pure: structure Variable provides fundamental operations for proper
treatment of fixed/schematic variables in a context.  For example,
Variable.import introduces fixes for schematics of given facts and
Variable.export reverses the effect (up to renaming) -- this replaces
various freeze_thaw operations.

* Pure: structure Goal provides simple interfaces for
init/conclude/finish and tactical prove operations (replacing former
Tactic.prove).  Goal.prove is the canonical way to prove results
within a given context; Goal.prove_global is a degraded version for
theory level goals, including a global Drule.standard.  Note that
OldGoals.prove_goalw_cterm has long been obsolete, si