183 Requires a proof bundle, which is available as an external component. |
183 Requires a proof bundle, which is available as an external component. |
184 Discontinued old (and mostly dead) Importer for HOL4 and HOL Light. |
184 Discontinued old (and mostly dead) Importer for HOL4 and HOL Light. |
185 INCOMPATIBILITY. |
185 INCOMPATIBILITY. |
186 |
186 |
187 * New type synonym 'a rel = ('a * 'a) set |
187 * New type synonym 'a rel = ('a * 'a) set |
|
188 |
|
189 * New "case_product" attribute to generate a case rule doing multiple |
|
190 case distinctions at the same time. E.g. |
|
191 |
|
192 list.exhaust [case_product nat.exhaust] |
|
193 |
|
194 produces a rule which can be used to perform case distinction on both |
|
195 a list and a nat. |
|
196 |
|
197 * New Transfer package: |
|
198 |
|
199 - transfer_rule attribute: Maintains a collection of transfer rules, |
|
200 which relate constants at two different types. Transfer rules may |
|
201 relate different type instances of the same polymorphic constant, |
|
202 or they may relate an operation on a raw type to a corresponding |
|
203 operation on an abstract type (quotient or subtype). For example: |
|
204 |
|
205 ((A ===> B) ===> list_all2 A ===> list_all2 B) map map |
|
206 (cr_int ===> cr_int ===> cr_int) (%(x,y) (u,v). (x+u, y+v)) plus_int |
|
207 |
|
208 - transfer method: Replaces a subgoal on abstract types with an |
|
209 equivalent subgoal on the corresponding raw types. Constants are |
|
210 replaced with corresponding ones according to the transfer rules. |
|
211 Goals are generalized over all free variables by default; this is |
|
212 necessary for variables whose types changes, but can be overridden |
|
213 for specific variables with e.g. 'transfer fixing: x y z'. The |
|
214 variant transfer' method allows replacing a subgoal with one that |
|
215 is logically stronger (rather than equivalent). |
|
216 |
|
217 - relator_eq attribute: Collects identity laws for relators of |
|
218 various type constructors, e.g. "list_all2 (op =) = (op =)". The |
|
219 transfer method uses these lemmas to infer transfer rules for |
|
220 non-polymorphic constants on the fly. |
|
221 |
|
222 - transfer_prover method: Assists with proving a transfer rule for a |
|
223 new constant, provided the constant is defined in terms of other |
|
224 constants that already have transfer rules. It should be applied |
|
225 after unfolding the constant definitions. |
|
226 |
|
227 - HOL/ex/Transfer_Int_Nat.thy: Example theory demonstrating transfer |
|
228 from type nat to type int. |
|
229 |
|
230 * New Lifting package: |
|
231 |
|
232 - lift_definition command: Defines operations on an abstract type in |
|
233 terms of a corresponding operation on a representation |
|
234 type. Example syntax: |
|
235 |
|
236 lift_definition dlist_insert :: "'a => 'a dlist => 'a dlist" |
|
237 is List.insert |
|
238 |
|
239 Users must discharge a respectfulness proof obligation when each |
|
240 constant is defined. (For a type copy, i.e. a typedef with UNIV, |
|
241 the proof is discharged automatically.) The obligation is |
|
242 presented in a user-friendly, readable form; a respectfulness |
|
243 theorem in the standard format and a transfer rule are generated |
|
244 by the package. |
|
245 |
|
246 - Integration with code_abstype: For typedefs (e.g. subtypes |
|
247 corresponding to a datatype invariant, such as dlist), |
|
248 lift_definition generates a code certificate theorem and sets up |
|
249 code generation for each constant. |
|
250 |
|
251 - setup_lifting command: Sets up the Lifting package to work with a |
|
252 user-defined type. The user must provide either a quotient theorem |
|
253 or a type_definition theorem. The package configures transfer |
|
254 rules for equality and quantifiers on the type, and sets up the |
|
255 lift_definition command to work with the type. |
|
256 |
|
257 - Usage examples: See Quotient_Examples/Lift_DList.thy, |
|
258 Quotient_Examples/Lift_RBT.thy, Word/Word.thy and |
|
259 Library/Float.thy. |
|
260 |
|
261 * Quotient package: |
|
262 |
|
263 - The 'quotient_type' command now supports a 'morphisms' option with |
|
264 rep and abs functions, similar to typedef. |
|
265 |
|
266 - 'quotient_type' sets up new types to work with the Lifting and |
|
267 Transfer packages, as with 'setup_lifting'. |
|
268 |
|
269 - The 'quotient_definition' command now requires the user to prove a |
|
270 respectfulness property at the point where the constant is |
|
271 defined, similar to lift_definition; INCOMPATIBILITY. |
|
272 |
|
273 - Renamed predicate 'Quotient' to 'Quotient3', and renamed theorems |
|
274 accordingly, INCOMPATIBILITY. |
|
275 |
|
276 * New diagnostic command 'find_unused_assms' to find potentially |
|
277 superfluous assumptions in theorems using Quickcheck. |
|
278 |
|
279 * Quickcheck: |
|
280 |
|
281 - Quickcheck returns variable assignments as counterexamples, which |
|
282 allows to reveal the underspecification of functions under test. |
|
283 For example, refuting "hd xs = x", it presents the variable |
|
284 assignment xs = [] and x = a1 as a counterexample, assuming that |
|
285 any property is false whenever "hd []" occurs in it. |
|
286 |
|
287 These counterexample are marked as potentially spurious, as |
|
288 Quickcheck also returns "xs = []" as a counterexample to the |
|
289 obvious theorem "hd xs = hd xs". |
|
290 |
|
291 After finding a potentially spurious counterexample, Quickcheck |
|
292 continues searching for genuine ones. |
|
293 |
|
294 By default, Quickcheck shows potentially spurious and genuine |
|
295 counterexamples. The option "genuine_only" sets quickcheck to only |
|
296 show genuine counterexamples. |
|
297 |
|
298 - The command 'quickcheck_generator' creates random and exhaustive |
|
299 value generators for a given type and operations. |
|
300 |
|
301 It generates values by using the operations as if they were |
|
302 constructors of that type. |
|
303 |
|
304 - Support for multisets. |
|
305 |
|
306 - Added "use_subtype" options. |
|
307 |
|
308 - Added "quickcheck_locale" configuration to specify how to process |
|
309 conjectures in a locale context. |
|
310 |
|
311 * Nitpick: |
|
312 - Fixed infinite loop caused by the 'peephole_optim' option and |
|
313 affecting 'rat' and 'real'. |
|
314 |
|
315 * Sledgehammer: |
|
316 - Integrated more tightly with SPASS, as described in the ITP 2012 |
|
317 paper "More SPASS with Isabelle". |
|
318 - Made it try "smt" as a fallback if "metis" fails or times out. |
|
319 - Added support for the following provers: Alt-Ergo (via Why3 and |
|
320 TFF1), iProver, iProver-Eq. |
|
321 - Replaced remote E-SInE with remote Satallax in the default setup. |
|
322 - Sped up the minimizer. |
|
323 - Added "lam_trans", "uncurry_aliases", and "minimize" options. |
|
324 - Renamed "slicing" ("no_slicing") option to "slice" ("dont_slice"). |
|
325 - Renamed "sound" option to "strict". |
|
326 |
|
327 * Metis: |
|
328 - Added possibility to specify lambda translations scheme as a |
|
329 parenthesized argument (e.g., "by (metis (lifting) ...)"). |
|
330 |
|
331 * SMT: |
|
332 - Renamed "smt_fixed" option to "smt_read_only_certificates". |
|
333 |
|
334 * Command 'try0': |
|
335 - Renamed from 'try_methods'. INCOMPATIBILITY. |
|
336 |
|
337 * New "eventually_elim" method as a generalized variant of the |
|
338 eventually_elim* rules. Supports structured proofs. |
188 |
339 |
189 * Typedef with implicit set definition is considered legacy. Use |
340 * Typedef with implicit set definition is considered legacy. Use |
190 "typedef (open)" form instead, which will eventually become the |
341 "typedef (open)" form instead, which will eventually become the |
191 default. |
342 default. |
192 |
343 |
655 * Theory Deriv: Renamed |
797 * Theory Deriv: Renamed |
656 |
798 |
657 DERIV_nonneg_imp_nonincreasing ~> DERIV_nonneg_imp_nondecreasing |
799 DERIV_nonneg_imp_nonincreasing ~> DERIV_nonneg_imp_nondecreasing |
658 |
800 |
659 * Theory Library/Multiset: Improved code generation of multisets. |
801 * Theory Library/Multiset: Improved code generation of multisets. |
|
802 |
|
803 * Session HOL-Word: New proof method "word_bitwise" for splitting |
|
804 machine word equalities and inequalities into logical circuits, |
|
805 defined in HOL/Word/WordBitwise.thy. Supports addition, subtraction, |
|
806 multiplication, shifting by constants, bitwise operators and numeric |
|
807 constants. Requires fixed-length word types, not 'a word. Solves |
|
808 many standard word identies outright and converts more into first |
|
809 order problems amenable to blast or similar. See also examples in |
|
810 HOL/Word/Examples/WordExamples.thy. |
660 |
811 |
661 * Session HOL-Probability: Introduced the type "'a measure" to |
812 * Session HOL-Probability: Introduced the type "'a measure" to |
662 represent measures, this replaces the records 'a algebra and 'a |
813 represent measures, this replaces the records 'a algebra and 'a |
663 measure_space. The locales based on subset_class now have two |
814 measure_space. The locales based on subset_class now have two |
664 locale-parameters the space \<Omega> and the set of measurables sets |
815 locale-parameters the space \<Omega> and the set of measurables sets |
829 sigma_finite_measure.disjoint_sigma_finite -> sigma_finite_disjoint |
980 sigma_finite_measure.disjoint_sigma_finite -> sigma_finite_disjoint |
830 sigma_finite_measure.RN_deriv_vimage -> sigma_finite_measure.RN_deriv_distr |
981 sigma_finite_measure.RN_deriv_vimage -> sigma_finite_measure.RN_deriv_distr |
831 sigma_product_algebra_sigma_eq -> sigma_prod_algebra_sigma_eq |
982 sigma_product_algebra_sigma_eq -> sigma_prod_algebra_sigma_eq |
832 space_product_algebra -> space_PiM |
983 space_product_algebra -> space_PiM |
833 |
984 |
834 * New "case_product" attribute to generate a case rule doing multiple |
|
835 case distinctions at the same time. E.g. |
|
836 |
|
837 list.exhaust [case_product nat.exhaust] |
|
838 |
|
839 produces a rule which can be used to perform case distinction on both |
|
840 a list and a nat. |
|
841 |
|
842 * New Transfer package: |
|
843 |
|
844 - transfer_rule attribute: Maintains a collection of transfer rules, |
|
845 which relate constants at two different types. Transfer rules may |
|
846 relate different type instances of the same polymorphic constant, |
|
847 or they may relate an operation on a raw type to a corresponding |
|
848 operation on an abstract type (quotient or subtype). For example: |
|
849 |
|
850 ((A ===> B) ===> list_all2 A ===> list_all2 B) map map |
|
851 (cr_int ===> cr_int ===> cr_int) (%(x,y) (u,v). (x+u, y+v)) plus_int |
|
852 |
|
853 - transfer method: Replaces a subgoal on abstract types with an |
|
854 equivalent subgoal on the corresponding raw types. Constants are |
|
855 replaced with corresponding ones according to the transfer rules. |
|
856 Goals are generalized over all free variables by default; this is |
|
857 necessary for variables whose types changes, but can be overridden |
|
858 for specific variables with e.g. 'transfer fixing: x y z'. The |
|
859 variant transfer' method allows replacing a subgoal with one that |
|
860 is logically stronger (rather than equivalent). |
|
861 |
|
862 - relator_eq attribute: Collects identity laws for relators of |
|
863 various type constructors, e.g. "list_all2 (op =) = (op =)". The |
|
864 transfer method uses these lemmas to infer transfer rules for |
|
865 non-polymorphic constants on the fly. |
|
866 |
|
867 - transfer_prover method: Assists with proving a transfer rule for a |
|
868 new constant, provided the constant is defined in terms of other |
|
869 constants that already have transfer rules. It should be applied |
|
870 after unfolding the constant definitions. |
|
871 |
|
872 - HOL/ex/Transfer_Int_Nat.thy: Example theory demonstrating transfer |
|
873 from type nat to type int. |
|
874 |
|
875 * New Lifting package: |
|
876 |
|
877 - lift_definition command: Defines operations on an abstract type in |
|
878 terms of a corresponding operation on a representation |
|
879 type. Example syntax: |
|
880 |
|
881 lift_definition dlist_insert :: "'a => 'a dlist => 'a dlist" |
|
882 is List.insert |
|
883 |
|
884 Users must discharge a respectfulness proof obligation when each |
|
885 constant is defined. (For a type copy, i.e. a typedef with UNIV, |
|
886 the proof is discharged automatically.) The obligation is |
|
887 presented in a user-friendly, readable form; a respectfulness |
|
888 theorem in the standard format and a transfer rule are generated |
|
889 by the package. |
|
890 |
|
891 - Integration with code_abstype: For typedefs (e.g. subtypes |
|
892 corresponding to a datatype invariant, such as dlist), |
|
893 lift_definition generates a code certificate theorem and sets up |
|
894 code generation for each constant. |
|
895 |
|
896 - setup_lifting command: Sets up the Lifting package to work with a |
|
897 user-defined type. The user must provide either a quotient theorem |
|
898 or a type_definition theorem. The package configures transfer |
|
899 rules for equality and quantifiers on the type, and sets up the |
|
900 lift_definition command to work with the type. |
|
901 |
|
902 - Usage examples: See Quotient_Examples/Lift_DList.thy, |
|
903 Quotient_Examples/Lift_RBT.thy, Word/Word.thy and |
|
904 Library/Float.thy. |
|
905 |
|
906 * Quotient package: |
|
907 |
|
908 - The 'quotient_type' command now supports a 'morphisms' option with |
|
909 rep and abs functions, similar to typedef. |
|
910 |
|
911 - 'quotient_type' sets up new types to work with the Lifting and |
|
912 Transfer packages, as with 'setup_lifting'. |
|
913 |
|
914 - The 'quotient_definition' command now requires the user to prove a |
|
915 respectfulness property at the point where the constant is |
|
916 defined, similar to lift_definition; INCOMPATIBILITY. |
|
917 |
|
918 - Renamed predicate 'Quotient' to 'Quotient3', and renamed theorems |
|
919 accordingly, INCOMPATIBILITY. |
|
920 |
|
921 * New diagnostic command 'find_unused_assms' to find potentially |
|
922 superfluous assumptions in theorems using Quickcheck. |
|
923 |
|
924 * Quickcheck: |
|
925 |
|
926 - Quickcheck returns variable assignments as counterexamples, which |
|
927 allows to reveal the underspecification of functions under test. |
|
928 For example, refuting "hd xs = x", it presents the variable |
|
929 assignment xs = [] and x = a1 as a counterexample, assuming that |
|
930 any property is false whenever "hd []" occurs in it. |
|
931 |
|
932 These counterexample are marked as potentially spurious, as |
|
933 Quickcheck also returns "xs = []" as a counterexample to the |
|
934 obvious theorem "hd xs = hd xs". |
|
935 |
|
936 After finding a potentially spurious counterexample, Quickcheck |
|
937 continues searching for genuine ones. |
|
938 |
|
939 By default, Quickcheck shows potentially spurious and genuine |
|
940 counterexamples. The option "genuine_only" sets quickcheck to only |
|
941 show genuine counterexamples. |
|
942 |
|
943 - The command 'quickcheck_generator' creates random and exhaustive |
|
944 value generators for a given type and operations. |
|
945 |
|
946 It generates values by using the operations as if they were |
|
947 constructors of that type. |
|
948 |
|
949 - Support for multisets. |
|
950 |
|
951 - Added "use_subtype" options. |
|
952 |
|
953 - Added "quickcheck_locale" configuration to specify how to process |
|
954 conjectures in a locale context. |
|
955 |
|
956 * Nitpick: |
|
957 - Fixed infinite loop caused by the 'peephole_optim' option and |
|
958 affecting 'rat' and 'real'. |
|
959 |
|
960 * Sledgehammer: |
|
961 - Integrated more tightly with SPASS, as described in the ITP 2012 |
|
962 paper "More SPASS with Isabelle". |
|
963 - Made it try "smt" as a fallback if "metis" fails or times out. |
|
964 - Added support for the following provers: Alt-Ergo (via Why3 and |
|
965 TFF1), iProver, iProver-Eq. |
|
966 - Replaced remote E-SInE with remote Satallax in the default setup. |
|
967 - Sped up the minimizer. |
|
968 - Added "lam_trans", "uncurry_aliases", and "minimize" options. |
|
969 - Renamed "slicing" ("no_slicing") option to "slice" ("dont_slice"). |
|
970 - Renamed "sound" option to "strict". |
|
971 |
|
972 * Metis: |
|
973 - Added possibility to specify lambda translations scheme as a |
|
974 parenthesized argument (e.g., "by (metis (lifting) ...)"). |
|
975 |
|
976 * SMT: |
|
977 - Renamed "smt_fixed" option to "smt_read_only_certificates". |
|
978 |
|
979 * Command 'try0': |
|
980 - Renamed from 'try_methods'. INCOMPATIBILITY. |
|
981 |
|
982 * New "eventually_elim" method as a generalized variant of the |
|
983 eventually_elim* rules. Supports structured proofs. |
|
984 |
|
985 * HOL/TPTP: support to parse and import TPTP problems (all languages) |
985 * HOL/TPTP: support to parse and import TPTP problems (all languages) |
986 into Isabelle/HOL. |
986 into Isabelle/HOL. |
987 |
987 |
988 |
988 |
989 *** FOL *** |
989 *** FOL *** |