Isabelle NEWS -- history user-relevant changes

==============================================

New in this Isabelle version

----------------------------

*** General ***

* More uniform information about legacy features, notably a

warning/error of "Legacy feature: ...", depending on the state of the

tolerate_legacy_features flag (default true). FUTURE INCOMPATIBILITY:

legacy features will disappear eventually.

* Theory syntax: the header format ``theory A = B + C:'' has been

discontinued in favour of ``theory A imports B C begin''.  Use isatool

fixheaders to convert existing theory files.  INCOMPATIBILITY.

* Theory syntax: the old non-Isar theory file format has been

discontinued altogether.  Note that ML proof scripts may still be used

with Isar theories; migration is usually quite simple with the ML

function use_legacy_bindings.  INCOMPATIBILITY.

* Theory syntax: some popular names (e.g. 'class', 'declaration',

'fun', 'help', 'if') are now keywords.  INCOMPATIBILITY, use double

quotes.

* Theory loader: be more serious about observing the static theory

header specifications (including optional directories), but not the

accidental file locations of previously successful loads.  The strict

update policy of former update_thy is now already performed by

use_thy, so the former has been removed; use_thys updates several

theories simultaneously, just as 'imports' within a theory header

specification, but without merging the results.  Potential

INCOMPATIBILITY: may need to refine theory headers and commands

ROOT.ML which depend on load order.

* Theory loader: optional support for content-based file

identification, instead of the traditional scheme of full physical

path plus date stamp; configured by the ISABELLE_FILE_IDENT setting

(cf. the system manual).  The new scheme allows to work with

non-finished theories in persistent session images, such that source

files may be moved later on without requiring reloads.

* Theory loader: old-style ML proof scripts being *attached* to a thy

file (with the same base name as the theory) are considered a legacy

feature, which will disappear eventually. Even now, the theory loader no

longer maintains dependencies on such files.

* Syntax: the scope for resolving ambiguities via type-inference is now

limited to individual terms, instead of whole simultaneous

specifications as before. This greatly reduces the complexity of the

syntax module and improves flexibility by separating parsing and

type-checking. INCOMPATIBILITY: additional type-constraints (explicit

'fixes' etc.) are required in rare situations.

* Legacy goal package: reduced interface to the bare minimum required

to keep existing proof scripts running.  Most other user-level

functions are now part of the OldGoals structure, which is *not* open

by default (consider isatool expandshort before open OldGoals).

Removed top_sg, prin, printyp, pprint_term/typ altogether, because

these tend to cause confusion about the actual goal (!) context being

used here, which is not necessarily the same as the_context().

* Command 'find_theorems': supports "*" wild-card in "name:"

criterion; "with_dups" option.  Certain ProofGeneral versions might

support a specific search form (see ProofGeneral/CHANGES).

* The ``prems limit'' option (cf. ProofContext.prems_limit) is now -1

by default, which means that "prems" (and also "fixed variables") are

suppressed from proof state output.  Note that the ProofGeneral

settings mechanism allows to change and save options persistently, but

older versions of Isabelle will fail to start up if a negative prems

limit is imposed.

* Local theory targets may be specified by non-nested blocks of

``context/locale/class ... begin'' followed by ``end''.  The body may

contain definitions, theorems etc., including any derived mechanism

that has been implemented on top of these primitives.  This concept

generalizes the existing ``theorem (in ...)'' towards more versatility

and scalability.

* Proof General interface: proper undo of final 'end' command;

discontinued Isabelle/classic mode (ML proof scripts).

*** Document preparation ***

* Added antiquotation @{theory name} which prints the given name,

after checking that it refers to a valid ancestor theory in the

current context.

* Added antiquotations @{ML_type text} and @{ML_struct text} which

check the given source text as ML type/structure, printing verbatim.

* Added antiquotation @{abbrev "c args"} which prints the abbreviation

"c args == rhs" given in the current context.  (Any number of

arguments may be given on the LHS.)

*** Pure ***

* code generator: consts in 'consts_code' Isar commands are now referred

  to by usual term syntax (including optional type annotations).

* code generator: 

  - Isar 'definition's, 'constdef's and primitive instance definitions are added

    explicitly to the table of defining equations

  - primitive definitions are not used as defining equations by default any longer

  - defining equations are now definitly restricted to meta "==" and object

        equality "="

  - HOL theories have been adopted accordingly

* class_package.ML offers a combination of axclasses and locales to

achieve Haskell-like type classes in Isabelle.  See

HOL/ex/Classpackage.thy for examples.

* Yet another code generator framework allows to generate executable

code for ML and Haskell (including "class"es).  A short usage sketch:

    internal compilation:

        code_gen <list of constants (term syntax)> in SML

    writing SML code to a file:

        code_gen <list of constants (term syntax)> in SML <filename>

    writing OCaml code to a file:

        code_gen <list of constants (term syntax)> in OCaml <filename>

    writing Haskell code to a bunch of files:

        code_gen <list of constants (term syntax)> in Haskell <filename>

Reasonable default setup of framework in HOL/Main.

Theorem attributs for selecting and transforming function equations theorems:

    [code fun]:        select a theorem as function equation for a specific constant

    [code fun del]:    deselect a theorem as function equation for a specific constant

    [code inline]:     select an equation theorem for unfolding (inlining) in place

    [code inline del]: deselect an equation theorem for unfolding (inlining) in place

User-defined serializations (target in {SML, OCaml, Haskell}):

    code_const <and-list of constants (term syntax)>

      {(target) <and-list of const target syntax>}+

    code_type <and-list of type constructors>

      {(target) <and-list of type target syntax>}+

    code_instance <and-list of instances>

      {(target)}+

        where instance ::= <type constructor> :: <class>

    code_class <and_list of classes>

      {(target) <and-list of class target syntax>}+

        where class target syntax ::= <class name> {where {<classop> == <target syntax>}+}?

code_instance and code_class only apply to target Haskell.

See HOL theories and HOL/ex/Codegenerator*.thy for usage examples.

Doc/Isar/Advanced/Codegen/ provides a tutorial.

* Command 'no_translations' removes translation rules from theory

syntax.

* Overloaded definitions are now actually checked for acyclic

dependencies.  The overloading scheme is slightly more general than

that of Haskell98, although Isabelle does not demand an exact

correspondence to type class and instance declarations.

INCOMPATIBILITY, use ``defs (unchecked overloaded)'' to admit more

exotic versions of overloading -- at the discretion of the user!

Polymorphic constants are represented via type arguments, i.e. the

instantiation that matches an instance against the most general

declaration given in the signature.  For example, with the declaration

c :: 'a => 'a => 'a, an instance c :: nat => nat => nat is represented

as c(nat).  Overloading is essentially simultaneous structural

recursion over such type arguments.  Incomplete specification patterns

impose global constraints on all occurrences, e.g. c('a * 'a) on the

LHS means that more general c('a * 'b) will be disallowed on any RHS.

Command 'print_theory' outputs the normalized system of recursive

equations, see section "definitions".

* Configuration options are maintained within the theory or proof

context (with name and type bool/int/string), providing a very simple

interface to a poor-man's version of general context data.  Tools may

declare options in ML (e.g. using Attrib.config_int) and then refer to

these values using Config.get etc.  Users may change options via an

associated attribute of the same name.  This form of context

declaration works particularly well with commands 'declare' or

'using', for example ``declare [[foo = 42]]''.  Thus it has become

very easy to avoid global references, which would not observe Isar

toplevel undo/redo and fail to work with multithreading.

Various global ML references of Pure and HOL have been turned into

configuration options:

  Unify.search_bound		unify_search_bound

  Unify.trace_bound		unify_trace_bound

  Unify.trace_simp		unify_trace_simp

  Unify.trace_types		unify_trace_types

  Simplifier.simp_depth_limit	simp_depth_limit

  Blast.depth_limit		blast_depth_limit

  DatatypeProp.dtK		datatype_distinctness_limit

  fast_arith_neq_limit  	fast_arith_neq_limit

  fast_arith_split_limit	fast_arith_split_limit

* Named collections of theorems may be easily installed as context

data using the functor NamedThmsFun (see

src/Pure/Tools/named_thms.ML).  The user may add or delete facts via

attributes; there is also a toplevel print command.  This facility is

just a common case of general context data, which is the preferred way

for anything more complex than just a list of facts in canonical

order.

* Isar: command 'declaration' augments a local theory by generic

declaration functions written in ML.  This enables arbitrary content

being added to the context, depending on a morphism that tells the

difference of the original declaration context wrt. the application

context encountered later on.

* Isar: proper interfaces for simplification procedures.  Command

'simproc_setup' declares named simprocs (with match patterns, and body

text in ML).  Attribute "simproc" adds/deletes simprocs in the current

context.  ML antiquotation @{simproc name} retrieves named simprocs.

* Isar: an extra pair of brackets around attribute declarations

abbreviates a theorem reference involving an internal dummy fact,

which will be ignored later --- only the effect of the attribute on

the background context will persist.  This form of in-place

declarations is particularly useful with commands like 'declare' and

'using', for example ``have A using [[simproc a]] by simp''.

* Isar: method "assumption" (and implicit closing of subproofs) now

takes simple non-atomic goal assumptions into account: after applying

an assumption as a rule the resulting subgoals are solved by atomic

assumption steps.  This is particularly useful to finish 'obtain'

goals, such as "!!x. (!!x. P x ==> thesis) ==> P x ==> thesis",

without referring to the original premise "!!x. P x ==> thesis" in the

Isar proof context.  POTENTIAL INCOMPATIBILITY: method "assumption" is

more permissive.

* Isar: implicit use of prems from the Isar proof context is

considered a legacy feature.  Common applications like ``have A .''

may be replaced by ``have A by fact'' or ``note `A`''.  In general,

referencing facts explicitly here improves readability and

maintainability of proof texts.

* Isar: improper proof element 'guess' is like 'obtain', but derives

the obtained context from the course of reasoning!  For example:

  assume "EX x y. A x & B y"   -- "any previous fact"

  then guess x and y by clarify

This technique is potentially adventurous, depending on the facts and

proof tools being involved here.

* Isar: known facts from the proof context may be specified as literal

propositions, using ASCII back-quote syntax.  This works wherever

named facts used to be allowed so far, in proof commands, proof

methods, attributes etc.  Literal facts are retrieved from the context

according to unification of type and term parameters.  For example,

provided that "A" and "A ==> B" and "!!x. P x ==> Q x" are known

theorems in the current context, then these are valid literal facts:

`A` and `A ==> B` and `!!x. P x ==> Q x" as well as `P a ==> Q a` etc.

There is also a proof method "fact" which does the same composition

for explicit goal states, e.g. the following proof texts coincide with

certain special cases of literal facts:

  have "A" by fact                 ==  note `A`

  have "A ==> B" by fact           ==  note `A ==> B`

  have "!!x. P x ==> Q x" by fact  ==  note `!!x. P x ==> Q x`

  have "P a ==> Q a" by fact       ==  note `P a ==> Q a`

* Isar: ":" (colon) is no longer a symbolic identifier character in

outer syntax.  Thus symbolic identifiers may be used without

additional white space in declarations like this: ``assume *: A''.

* Isar: 'print_facts' prints all local facts of the current context,

both named and unnamed ones.

* Isar: 'def' now admits simultaneous definitions, e.g.:

  def x == "t" and y == "u"

* Isar: added command 'unfolding', which is structurally similar to

'using', but affects both the goal state and facts by unfolding given

rewrite rules.  Thus many occurrences of the 'unfold' method or

'unfolded' attribute may be replaced by first-class proof text.

* Isar: methods 'unfold' / 'fold', attributes 'unfolded' / 'folded',

and command 'unfolding' now all support object-level equalities

(potentially conditional).  The underlying notion of rewrite rule is

analogous to the 'rule_format' attribute, but *not* that of the

Simplifier (which is usually more generous).

* Isar: the new attribute [rotated n] (default n = 1) rotates the

premises of a theorem by n. Useful in conjunction with drule.

* Isar: the goal restriction operator [N] (default N = 1) evaluates a

method expression within a sandbox consisting of the first N

sub-goals, which need to exist.  For example, ``simp_all [3]''

simplifies the first three sub-goals, while (rule foo, simp_all)[]

simplifies all new goals that emerge from applying rule foo to the

originally first one.

* Isar: schematic goals are no longer restricted to higher-order

patterns; e.g. ``lemma "?P(?x)" by (rule TrueI)'' now works as

expected.

* Isar: the conclusion of a long theorem statement is now either

'shows' (a simultaneous conjunction, as before), or 'obtains'

(essentially a disjunction of cases with local parameters and

assumptions).  The latter allows to express general elimination rules

adequately; in this notation common elimination rules look like this:

  lemma exE:    -- "EX x. P x ==> (!!x. P x ==> thesis) ==> thesis"

    assumes "EX x. P x"

    obtains x where "P x"

  lemma conjE:  -- "A & B ==> (A ==> B ==> thesis) ==> thesis"

    assumes "A & B"

    obtains A and B

  lemma disjE:  -- "A | B ==> (A ==> thesis) ==> (B ==> thesis) ==> thesis"

    assumes "A | B"

    obtains

      A

    | B

The subsequent classical rules even refer to the formal "thesis"

explicitly:

  lemma classical:     -- "(~ thesis ==> thesis) ==> thesis"

    obtains "~ thesis"

  lemma Peirce's_Law:  -- "((thesis ==> something) ==> thesis) ==> thesis"

    obtains "thesis ==> something"

The actual proof of an 'obtains' statement is analogous to that of the

Isar proof element 'obtain', only that there may be several cases.

Optional case names may be specified in parentheses; these will be

available both in the present proof and as annotations in the

resulting rule, for later use with the 'cases' method (cf. attribute

case_names).

* Isar: the assumptions of a long theorem statement are available as

"assms" fact in the proof context.  This is more appropriate than the

(historical) "prems", which refers to all assumptions of the current

context, including those from the target locale, proof body etc.

* Isar: 'print_statement' prints theorems from the current theory or

proof context in long statement form, according to the syntax of a

top-level lemma.

* Isar: 'obtain' takes an optional case name for the local context

introduction rule (default "that").

* Isar: removed obsolete 'concl is' patterns.  INCOMPATIBILITY, use

explicit (is "_ ==> ?foo") in the rare cases where this still happens

to occur.

* Pure: syntax "CONST name" produces a fully internalized constant

according to the current context.  This is particularly useful for

syntax translations that should refer to internal constant

representations independently of name spaces.

* Pure: syntax constant for foo (binder "FOO ") is called "foo_binder"

instead of "FOO ". This allows multiple binder declarations to coexist

in the same context.  INCOMPATIBILITY.

* Isar/locales: 'notation' provides a robust interface to the 'syntax'

primitive that also works in a locale context (both for constants and

fixed variables).  Type declaration and internal syntactic

representation of given constants retrieved from the context.

* Isar/locales: new derived specification elements 'axiomatization',

'definition', 'abbreviation', which support type-inference, admit

object-level specifications (equality, equivalence).  See also the

isar-ref manual.  Examples:

  axiomatization

    eq  (infix "===" 50) where

    eq_refl: "x === x" and eq_subst: "x === y ==> P x ==> P y"

  definition "f x y = x + y + 1"

  definition g where "g x = f x x"

  abbreviation

    neq  (infix "=!=" 50) where

    "x =!= y == ~ (x === y)"

These specifications may be also used in a locale context.  Then the

constants being introduced depend on certain fixed parameters, and the

constant name is qualified by the locale base name.  An internal

abbreviation takes care for convenient input and output, making the

parameters implicit and using the original short name.  See also

HOL/ex/Abstract_NAT.thy for an example of deriving polymorphic

entities from a monomorphic theory.

Presently, abbreviations are only available 'in' a target locale, but

not inherited by general import expressions.  Also note that

'abbreviation' may be used as a type-safe replacement for 'syntax' +

'translations' in common applications.

Concrete syntax is attached to specified constants in internal form,

independently of name spaces.  The parse tree representation is

slightly different -- use 'notation' instead of raw 'syntax', and

'translations' with explicit "CONST" markup to accommodate this.

* Pure: command 'print_abbrevs' prints all constant abbreviations of

the current context.  Print mode "no_abbrevs" prevents inversion of

abbreviations on output.

* Isar/locales: improved parameter handling:

- use of locales "var" and "struct" no longer necessary;

- parameter renamings are no longer required to be injective.

  This enables, for example, to define a locale for endomorphisms thus:

  locale endom = homom mult mult h.

* Isar/locales: changed the way locales with predicates are defined.

Instead of accumulating the specification, the imported expression is

now an interpretation.  INCOMPATIBILITY: different normal form of

locale expressions.  In particular, in interpretations of locales with

predicates, goals repesenting already interpreted fragments are not

removed automatically.  Use methods `intro_locales' and

`unfold_locales'; see below.

* Isar/locales: new methods `intro_locales' and `unfold_locales'

provide backward reasoning on locales predicates.  The methods are

aware of interpretations and discharge corresponding goals.

`intro_locales' is less aggressive then `unfold_locales' and does not

unfold predicates to assumptions.

* Isar/locales: the order in which locale fragments are accumulated

has changed.  This enables to override declarations from fragments due

to interpretations -- for example, unwanted simp rules.

* Isar/locales: interpretation in theories and proof contexts has been

extended.  One may now specify (and prove) equations, which are

unfolded in interpreted theorems.  This is useful for replacing

defined concepts (constants depending on locale parameters) by

concepts already existing in the target context.  Example:

  interpretation partial_order ["op <= :: [int, int] => bool"]

    where "partial_order.less (op <=) (x::int) y = (x < y)"

Typically, the constant `partial_order.less' is created by a definition

specification element in the context of locale partial_order.

* Provers/induct: improved internal context management to support

local fixes and defines on-the-fly.  Thus explicit meta-level

connectives !! and ==> are rarely required anymore in inductive goals

(using object-logic connectives for this purpose has been long

obsolete anyway).  The subsequent proof patterns illustrate advanced

techniques of natural induction; general datatypes and inductive sets

work analogously (see also src/HOL/Lambda for realistic examples).

(1) This is how to ``strengthen'' an inductive goal wrt. certain

parameters:

  lemma

    fixes n :: nat and x :: 'a

    assumes a: "A n x"

    shows "P n x"

    using a                     -- {* make induct insert fact a *}

  proof (induct n arbitrary: x) -- {* generalize goal to "!!x. A n x ==> P n x" *}

    case 0

    show ?case sorry

  next

    case (Suc n)

    note `!!x. A n x ==> P n x` -- {* induction hypothesis, according to induction rule *}

    note `A (Suc n) x`          -- {* induction premise, stemming from fact a *}

    show ?case sorry

  qed

(2) This is how to perform induction over ``expressions of a certain

form'', using a locally defined inductive parameter n == "a x"

together with strengthening (the latter is usually required to get

sufficiently flexible induction hypotheses):

  lemma

    fixes a :: "'a => nat"

    assumes a: "A (a x)"

    shows "P (a x)"

    using a

  proof (induct n == "a x" arbitrary: x)

    ...

See also HOL/Isar_examples/Puzzle.thy for an application of the this

particular technique.

(3) This is how to perform existential reasoning ('obtains' or

'obtain') by induction, while avoiding explicit object-logic

encodings:

  lemma

    fixes n :: nat

    obtains x :: 'a where "P n x" and "Q n x"

  proof (induct n arbitrary: thesis)

    case 0

    obtain x where "P 0 x" and "Q 0 x" sorry

    then show thesis by (rule 0)

  next

    case (Suc n)

    obtain x where "P n x" and "Q n x" by (rule Suc.hyps)

    obtain x where "P (Suc n) x" and "Q (Suc n) x" sorry

    then show thesis by (rule Suc.prems)

  qed

Here the 'arbitrary: thesis' specification essentially modifies the

scope of the formal thesis parameter, in order to the get the whole

existence statement through the induction as expected.

* Provers/induct: mutual induction rules are now specified as a list

of rule sharing the same induction cases.  HOL packages usually

provide foo_bar.inducts for mutually defined items foo and bar

(e.g. inductive sets or datatypes).  INCOMPATIBILITY, users need to

specify mutual induction rules differently, i.e. like this:

  (induct rule: foo_bar.inducts)

  (induct set: foo bar)

  (induct type: foo bar)

The ML function ProjectRule.projections turns old-style rules into the

new format.

* Provers/induct: improved handling of simultaneous goals.  Instead of

introducing object-level conjunction, the statement is now split into

several conclusions, while the corresponding symbolic cases are

nested accordingly.  INCOMPATIBILITY, proofs need to be structured

explicitly.  For example:

  lemma

    fixes n :: nat

    shows "P n" and "Q n"

  proof (induct n)

    case 0 case 1

    show "P 0" sorry

  next

    case 0 case 2

    show "Q 0" sorry

  next

    case (Suc n) case 1

    note `P n` and `Q n`

    show "P (Suc n)" sorry

  next

    case (Suc n) case 2

    note `P n` and `Q n`

    show "Q (Suc n)" sorry

  qed

The split into subcases may be deferred as follows -- this is

particularly relevant for goal statements with local premises.

  lemma

    fixes n :: nat

    shows "A n ==> P n" and "B n ==> Q n"

  proof (induct n)

    case 0

    {

      case 1

      note `A 0`

      show "P 0" sorry

    next

      case 2

      note `B 0`

      show "Q 0" sorry

    }

  next

    case (Suc n)

    note `A n ==> P n` and `B n ==> Q n`

    {

      case 1

      note `A (Suc n)`

      show "P (Suc n)" sorry

    next

      case 2

      note `B (Suc n)`

      show "Q (Suc n)" sorry

    }

  qed

If simultaneous goals are to be used with mutual rules, the statement

needs to be structured carefully as a two-level conjunction, using

lists of propositions separated by 'and':

  lemma

    shows "a : A ==> P1 a"

          "a : A ==> P2 a"

      and "b : B ==> Q1 b"

          "b : B ==> Q2 b"

          "b : B ==> Q3 b"

  proof (induct set: A B)

* Provers/induct: support coinduction as well.  See

src/HOL/Library/Coinductive_List.thy for various examples.

* Attribute "symmetric" produces result with standardized schematic

variables (index 0).  Potential INCOMPATIBILITY.

* Simplifier: by default the simplifier trace only shows top level

rewrites now. That is, trace_simp_depth_limit is set to 1 by

default. Thus there is less danger of being flooded by the trace. The

trace indicates where parts have been suppressed.

* Provers/classical: removed obsolete classical version of elim_format

attribute; classical elim/dest rules are now treated uniformly when

manipulating the claset.

* Provers/classical: stricter checks to ensure that supplied intro,

dest and elim rules are well-formed; dest and elim rules must have at

least one premise.

* Provers/classical: attributes dest/elim/intro take an optional

weight argument for the rule (just as the Pure versions).  Weights are

ignored by automated tools, but determine the search order of single

rule steps.

* Syntax: input syntax now supports dummy variable binding "%_. b",

where the body does not mention the bound variable.  Note that dummy

patterns implicitly depend on their context of bounds, which makes

"{_. _}" match any set comprehension as expected.  Potential

INCOMPATIBILITY -- parse translations need to cope with syntactic

constant "_idtdummy" in the binding position.

* Syntax: removed obsolete syntactic constant "_K" and its associated

parse translation.  INCOMPATIBILITY -- use dummy abstraction instead,

for example "A -> B" => "Pi A (%_. B)".

* Pure: 'class_deps' command visualizes the subclass relation, using

the graph browser tool.

* Pure: 'print_theory' now suppresses entities with internal name

(trailing "_") by default; use '!' option for full details.

*** HOL ***

* Formulation of theorem "dense" changed slightly due to integration with new

class dense_linear_order.

* theory Finite_Set: "name-space" locales Lattice, Distrib_lattice, Linorder etc.

have disappeared; operations defined in terms of fold_set now are named

Inf_fin, Sup_fin.  INCOMPATIBILITY.

* HOL-Word:

  New extensive library and type for generic, fixed size machine

  words, with arithemtic, bit-wise, shifting and rotating operations,

  reflection into int, nat, and bool lists, automation for linear

  arithmetic (by automatic reflection into nat or int), including

  lemmas on overflow and monotonicity. Instantiated to all appropriate

  arithmetic type classes, supporting automatic simplification of

  numerals on all operations. Jointly developed by NICTA, Galois, and

  PSU.

* Library/Boolean_Algebra: locales for abstract boolean algebras.

* Library/Numeral_Type: numbers as types, e.g. TYPE(32).

* Code generator library theories:

  * Pretty_Int represents HOL integers by big integer literals in target

    languages.

  * Pretty_Char represents HOL characters by character literals in target

    languages.

  * Pretty_Char_chr like Pretty_Char, but also offers treatment of character

    codes; includes Pretty_Int.

  * Executable_Set allows to generate code for finite sets using lists.

  * Executable_Rat implements rational numbers as triples (sign, enumerator,

    denominator).

  * Executable_Real implements a subset of real numbers, namly those

    representable by rational numbers.

  * Efficient_Nat implements natural numbers by integers, which in general will

    result in higher efficency; pattern matching with 0/Suc is eliminated;

    includes Pretty_Int.

  * ML_String provides an additional datatype ml_string; in the HOL default

    setup, strings in HOL are mapped to lists of HOL characters in SML; values

    of type ml_string are mapped to strings in SML.

  * ML_Int provides an additional datatype ml_int which is mapped to to SML

    built-in integers.

* New package for inductive predicates

  An n-ary predicate p with m parameters z_1, ..., z_m can now be defined via

    inductive

      p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool"

      for z_1 :: U_1 and ... and z_n :: U_m

    where

      rule_1: "... ==> p z_1 ... z_m t_1_1 ... t_1_n"

    | ...

  rather than

    consts s :: "U_1 => ... => U_m => (T_1 * ... * T_n) set"

    abbreviation p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool"

    where "p z_1 ... z_m x_1 ... x_n == (x_1, ..., x_n) : s z_1 ... z_m"

    inductive "s z_1 ... z_m"

    intros

      rule_1: "... ==> (t_1_1, ..., t_1_n) : s z_1 ... z_m"

      ...

  For backward compatibility, there is a wrapper allowing inductive

  sets to be defined with the new package via

    inductive_set

      s :: "U_1 => ... => U_m => (T_1 * ... * T_n) set"

      for z_1 :: U_1 and ... and z_n :: U_m

    where

      rule_1: "... ==> (t_1_1, ..., t_1_n) : s z_1 ... z_m"

    | ...

  or

    inductive_set

      s :: "U_1 => ... => U_m => (T_1 * ... * T_n) set"

      and p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool"

      for z_1 :: U_1 and ... and z_n :: U_m

    where

      "p z_1 ... z_m x_1 ... x_n == (x_1, ..., x_n) : s z_1 ... z_m"

    | rule_1: "... ==> p z_1 ... z_m t_1_1 ... t_1_n"

    | ...

  if the additional syntax "p ..." is required.

  Many examples can be found in the subdirectories Auth, Bali, Induct,

  or MicroJava.

  INCOMPATIBILITIES:

  - Since declaration and definition of inductive sets or predicates

    is no longer separated, abbreviations involving the newly introduced

    sets or predicates must be specified together with the introduction

    rules after the "where" keyword (see example above), rather than before

    the actual inductive definition.

  - The variables in induction and elimination rules are now quantified

    in the order of their occurrence in the introduction rules, rather than

    in alphabetical order. Since this may break some proofs, these proofs

    either have to be repaired, e.g. by reordering the variables

    a_i_1 ... a_i_{k_i} in Isar "case" statements of the form

      case (rule_i a_i_1 ... a_i_{k_i})

    or the old order of quantification has to be restored by explicitly adding

    meta-level quantifiers in the introduction rules, i.e.

      | rule_i: "!!a_i_1 ... a_i_{k_i}. ... ==> p z_1 ... z_m t_i_1 ... t_i_n"

  - The format of the elimination rules is now

      p z_1 ... z_m x_1 ... x_n ==>

        (!!a_1_1 ... a_1_{k_1}. x_1 = t_1_1 ==> ... ==> x_n = t_1_n ==> ... ==> P)

        ==> ... ==> P

    for predicates and

      (x_1, ..., x_n) : s z_1 ... z_m ==>

        (!!a_1_1 ... a_1_{k_1}. x_1 = t_1_1 ==> ... ==> x_n = t_1_n ==> ... ==> P)

        ==> ... ==> P

    for sets rather than

      x : s z_1 ... z_m ==>

        (!!a_1_1 ... a_1_{k_1}. x = (t_1_1, ..., t_1_n) ==> ... ==> P)

        ==> ... ==> P

    This may require terms in goals to be expanded to n-tuples (e.g. using case_tac

    or simplification with the split_paired_all rule) before the above elimination

    rule is applicable.

  - The elimination or case analysis rules for (mutually) inductive sets or

    predicates are now called "p_1.cases" ... "p_k.cases". The list of rules

    "p_1_..._p_k.elims" is no longer available.

* Method "metis" proves goals by applying the Metis general-purpose

resolution prover.  Examples are in the directory MetisExamples.  See

also http://gilith.com/software/metis/

* Command 'sledgehammer' invokes external automatic theorem provers as

background processes.  It generates calls to the "metis" method if

successful. These can be pasted into the proof.  Users do not have to

wait for the automatic provers to return.

* Case-expressions allow arbitrary constructor-patterns (including "_") and

  take their order into account, like in functional programming.

  Internally, this is translated into nested case-expressions; missing cases

  are added and mapped to the predefined constant "undefined". In complicated

  cases printing may no longer show the original input but the internal

  form. Lambda-abstractions allow the same form of pattern matching:

  "% pat1 => e1 | ..." is an abbreviation for

  "%x. case x of pat1 => e1 | ..." where x is a new variable.

* IntDef: The constant "int :: nat => int" has been removed; now "int"

  is an abbreviation for "of_nat :: nat => int". The simplification rules

  for "of_nat" have been changed to work like "int" did previously.

  (potential INCOMPATIBILITY)

  - "of_nat (Suc m)" simplifies to "1 + of_nat m" instead of "of_nat m + 1"

  - of_nat_diff and of_nat_mult are no longer default simp rules

* Method "algebra" solves polynomial equations over (semi)rings using

  Groebner bases. The (semi)ring structure is defined by locales and

  the tool setup depends on that generic context. Installing the

  method for a specific type involves instantiating the locale and

  possibly adding declarations for computation on the coefficients.

  The method is already instantiated for natural numbers and for the

  axiomatic class of idoms with numerals.  See also the paper by

  Chaieb and Wenzel at CALCULEMUS 2007 for the general principles

  underlying this architecture of context-aware proof-tools.

* constant "List.op @" now named "List.append".  Use ML antiquotations

@{const_name List.append} or @{term " ... @ ... "} to circumvent

possible incompatibilities when working on ML level.

* Constant renames due to introduction of canonical name prefixing for

  class package:

    HOL.abs ~> HOL.minus_class.abs

    HOL.divide ~> HOL.divide_class.divide

    Nat.power ~> Nat.power_class.power

    Nat.size ~> Nat.size_class.size

    Numeral.number_of ~> Numeral.number_class.number_of

    FixedPoint.Inf ~> FixedPoint.complete_lattice_class.Inf

    FixedPoint.Sup ~> FixedPoint.complete_lattice_class.Sup

* Rudimentary class target mechanism involves constant renames:

    Orderings.min ~> Orderings.ord_class.min

    Orderings.max ~> Orderings.ord_class.max

* primrec: missing cases mapped to "undefined" instead of "arbitrary"

* new constant "undefined" with axiom "undefined x = undefined"

* new class "default" with associated constant "default"

* new function listsum :: 'a list => 'a for arbitrary monoids.

  Special syntax: "SUM x <- xs. f x" (and latex variants)

* new (input only) syntax for Haskell-like list comprehension, eg

  [(x,y). x <- xs, y <- ys, x ~= y]

  For details see List.thy.

* The special syntax for function "filter" has changed from [x : xs. P] to

  [x <- xs. P] to avoid an ambiguity caused by list comprehension syntax,

  and for uniformity. INCOMPATIBILITY

* Lemma "set_take_whileD" renamed to "set_takeWhileD"

* function "sgn" is now overloaded and available on int, real, complex

  (and other numeric types).

  The details: new class "sgn" with function "sgn";

  two possible defs of sgn in the classes sgn_if and sgn_div_norm

  (as equational assumptions);

  ordered_idom now also inherits from sgn_if - INCOMPATIBILITY.

* New lemma collection field_simps (an extension of ring_simps)

  for manipulating (in)equations involving division. Multiplies

  with all denominators that can be proved to be non-zero (in equations)

  or positive/negative (in inequations).

* Lemma collections ring_eq_simps, group_eq_simps and ring_distrib

  have been improved and renamed to ring_simps, group_simps and ring_distribs.

  Removed lemmas field_xyz in Ring_and_Field

  because they were subsumed by lemmas xyz.

INCOMPATIBILITY.

* Library/Pretty_Int.thy: maps HOL numerals on target language integer literals

  when generating code.

* Library/Pretty_Char.thy: maps HOL characters on target language character literals

  when generating code.

* Library/Commutative_Ring.thy: switched from recdef to function package;

  constants add, mul, pow now curried.  Infix syntax for algebraic operations.

* Some steps towards more uniform lattice theory development in HOL.

    constants "meet" and "join" now named "inf" and "sup"

    constant "Meet" now named "Inf"

    classes "meet_semilorder" and "join_semilorder" now named

      "lower_semilattice" and "upper_semilattice"

    class "lorder" now named "lattice"

    class "comp_lat" now named "complete_lattice"

    Instantiation of lattice classes allows explicit definitions

    for "inf" and "sup" operations (or "Inf" and "Sup" for complete lattices).

  INCOMPATIBILITY.  Theorem renames:

    meet_left_le            ~> inf_le1

    meet_right_le           ~> inf_le2

    join_left_le            ~> sup_ge1

    join_right_le           ~> sup_ge2

    meet_join_le            ~> inf_sup_ord

    le_meetI                ~> le_infI

    join_leI                ~> le_supI

    le_meet                 ~> le_inf_iff

    le_join                 ~> ge_sup_conv

    meet_idempotent         ~> inf_idem

    join_idempotent         ~> sup_idem

    meet_comm               ~> inf_commute

    join_comm               ~> sup_commute

    meet_leI1               ~> le_infI1

    meet_leI2               ~> le_infI2

    le_joinI1               ~> le_supI1

    le_joinI2               ~> le_supI2

    meet_assoc              ~> inf_assoc

    join_assoc              ~> sup_assoc

    meet_left_comm          ~> inf_left_commute

    meet_left_idempotent    ~> inf_left_idem

    join_left_comm          ~> sup_left_commute

    join_left_idempotent    ~> sup_left_idem

    meet_aci                ~> inf_aci

    join_aci                ~> sup_aci

    le_def_meet             ~> le_iff_inf

    le_def_join             ~> le_iff_sup

    join_absorp2            ~> sup_absorb2

    join_absorp1            ~> sup_absorb1

    meet_absorp1            ~> inf_absorb1

    meet_absorp2            ~> inf_absorb2

    meet_join_absorp        ~> inf_sup_absorb

    join_meet_absorp        ~> sup_inf_absorb

    distrib_join_le         ~> distrib_sup_le

    distrib_meet_le         ~> distrib_inf_le

    add_meet_distrib_left   ~> add_inf_distrib_left

    add_join_distrib_left   ~> add_sup_distrib_left

    is_join_neg_meet        ~> is_join_neg_inf

    is_meet_neg_join        ~> is_meet_neg_sup

    add_meet_distrib_right  ~> add_inf_distrib_right

    add_join_distrib_right  ~> add_sup_distrib_right

    add_meet_join_distribs  ~> add_sup_inf_distribs

    join_eq_neg_meet        ~> sup_eq_neg_inf

    meet_eq_neg_join        ~> inf_eq_neg_sup

    add_eq_meet_join        ~> add_eq_inf_sup

    meet_0_imp_0            ~> inf_0_imp_0

    join_0_imp_0            ~> sup_0_imp_0

    meet_0_eq_0             ~> inf_0_eq_0

    join_0_eq_0             ~> sup_0_eq_0

    neg_meet_eq_join        ~> neg_inf_eq_sup

    neg_join_eq_meet        ~> neg_sup_eq_inf

    join_eq_if              ~> sup_eq_if

    mono_meet               ~> mono_inf

    mono_join               ~> mono_sup

    meet_bool_eq            ~> inf_bool_eq

    join_bool_eq            ~> sup_bool_eq

    meet_fun_eq             ~> inf_fun_eq

    join_fun_eq             ~> sup_fun_eq

    meet_set_eq             ~> inf_set_eq

    join_set_eq             ~> sup_set_eq

    meet1_iff               ~> inf1_iff

    meet2_iff               ~> inf2_iff

    meet1I                  ~> inf1I

    meet2I                  ~> inf2I

    meet1D1                 ~> inf1D1

    meet2D1                 ~> inf2D1

    meet1D2                 ~> inf1D2

    meet2D2                 ~> inf2D2

    meet1E                  ~> inf1E

    meet2E                  ~> inf2E

    join1_iff               ~> sup1_iff

    join2_iff               ~> sup2_iff

    join1I1                 ~> sup1I1

    join2I1                 ~> sup2I1

    join1I1                 ~> sup1I1

    join2I2                 ~> sup1I2

    join1CI                 ~> sup1CI

    join2CI                 ~> sup2CI

    join1E                  ~> sup1E

    join2E                  ~> sup2E

    is_meet_Meet            ~> is_meet_Inf

    Meet_bool_def           ~> Inf_bool_def

    Meet_fun_def            ~> Inf_fun_def

    Meet_greatest           ~> Inf_greatest

    Meet_lower              ~> Inf_lower

    Meet_set_def            ~> Inf_set_def

    Sup_def                 ~> Sup_Inf

    Sup_bool_eq             ~> Sup_bool_def

    Sup_fun_eq              ~> Sup_fun_def

    Sup_set_eq              ~> Sup_set_def

    listsp_meetI            ~> listsp_infI

    listsp_meet_eq          ~> listsp_inf_eq

    meet_min                ~> inf_min

    join_max                ~> sup_max

* Classes "order" and "linorder": facts "refl", "trans" and

"cases" renamed ro "order_refl", "order_trans" and "linorder_cases", to