doc-src/TutorialI/CTL/document/Base.tex

 %
 \begin{isabellebody}%
 \def\isabellecontext{Base}%
 %
-\isamarkupsection{Case study: Verified model checkers}
+\isamarkupsection{Case study: Verified model checking}
 %
 \begin{isamarkuptext}%
 Model checking is a very popular technique for the verification of finite
 state systems (implementations) w.r.t.\ temporal logic formulae
 (specifications) \cite{ClarkeGP-book,Huth-Ryan-book}. Its foundations are completely set theoretic

 path starting from $s_2$ leading to a state where $p$ or $q$
 are true'', which is true, and ``on all paths starting from $s_0$ $q$ is always true'',
 which is false.
 
 Abstracting from this concrete example, we assume there is some type of
-states%
+states:%
 \end{isamarkuptext}%
 \isacommand{typedecl}\ state%
 \begin{isamarkuptext}%
 \noindent
-which we merely declare rather than define because it is an implicit
-parameter of our model.  Of course it would have been more generic to make
-\isa{state} a type parameter of everything but fixing \isa{state} as above
-reduces clutter.
-Similarly we declare an arbitrary but fixed transition system, i.e.\
-relation between states:%
+Command \isacommand{typedecl} merely declares a new type but without
+defining it (see also \S\ref{sec:typedecl}). Thus we know nothing
+about the type other than its existence. That is exactly what we need
+because \isa{state} really is an implicit parameter of our model.  Of
+course it would have been more generic to make \isa{state} a type
+parameter of everything but declaring \isa{state} globally as above
+reduces clutter.  Similarly we declare an arbitrary but fixed
+transition system, i.e.\ relation between states:%
 \end{isamarkuptext}%
 \isacommand{consts}\ M\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequote}{\isacharparenleft}state\ {\isasymtimes}\ state{\isacharparenright}set{\isachardoublequote}%
 \begin{isamarkuptext}%
 \noindent
 Again, we could have made \isa{M} a parameter of everything.