\begin{theindex}
\item \ttall, \bold{197}
\item \texttt{?}, \bold{197}
\item \isasymuniqex, \bold{197}
\item \ttuniquex, \bold{197}
\item {\texttt {\&}}, \bold{197}
\item \verb$~$, \bold{197}
\item \verb$~=$, \bold{197}
\item \ttor, \bold{197}
\item \texttt{[]}, \bold{9}
\item \texttt{\#}, \bold{9}
\item \texttt{\at}, \bold{10}, 197
\item \isasymnotin, \bold{197}
\item \verb$~:$, \bold{197}
\item \isasymInter, \bold{197}
\item \isasymUnion, \bold{197}
\item \isasyminverse, \bold{197}
\item \verb$^-1$, \bold{197}
\item \isactrlsup{\isacharasterisk}, \bold{197}
\item \verb$^$\texttt{*}, \bold{197}
\item \isasymAnd, \bold{12}, \bold{197}
\item \ttAnd, \bold{197}
\item \isasymrightleftharpoons, 26
\item \isasymrightharpoonup, 26
\item \isasymleftharpoondown, 26
\item \emph {$\Rightarrow $}, \bold{5}
\item \ttlbr, \bold{197}
\item \ttrbr, \bold{197}
\item \texttt {\%}, \bold{197}
\item \texttt {;}, \bold{7}
\item \isa {()} (constant), 24
\item \isa {+} (tactical), 89
\item \isa {<*lex*>}, \see{lexicographic product}{1}
\item \isa {?} (tactical), 89
\item \texttt{|} (tactical), 89
\indexspace
\item \isa {0} (constant), 22, 23, 140
\item \isa {1} (constant), 23, 140, 141
\indexspace
\item abandoning a proof, \bold{13}
\item abandoning a theory, \bold{16}
\item \isa {abs} (constant), 143
\item \texttt {abs}, \bold{197}
\item absolute value, 143
\item \isa {add} (modifier), 29
\item \isa {add_ac} (theorems), 142
\item \isa {add_assoc} (theorem), \bold{142}
\item \isa {add_commute} (theorem), \bold{142}
\item \isa {add_mult_distrib} (theorem), \bold{141}
\item \texttt {ALL}, \bold{197}
\item \isa {All} (constant), 99
\item \isa {allE} (theorem), \bold{71}
\item \isa {allI} (theorem), \bold{70}
\item append function, 10--14
\item \isacommand {apply} (command), 15
\item \isa {arg_cong} (theorem), \bold{86}
\item \isa {arith} (method), 23, 139
\item arithmetic operations
\subitem for \protect\isa{nat}, 23
\item \textsc {ascii} symbols, \bold{197}
\item associative-commutative function, 166
\item \isa {assumption} (method), 59
\item assumptions
\subitem of subgoal, 12
\subitem renaming, 72--73
\subitem reusing, 73
\item \isa {auto} (method), 37, 82
\item \isa {axclass}, 153--159
\item axiom of choice, 76
\item axiomatic type classes, 153--159
\indexspace
\item \isacommand {back} (command), 68
\item \isa {Ball} (constant), 99
\item \isa {ballI} (theorem), \bold{98}
\item \isa {best} (method), 82
\item \isa {Bex} (constant), 99
\item \isa {bexE} (theorem), \bold{98}
\item \isa {bexI} (theorem), \bold{98}
\item \isa {bij_def} (theorem), \bold{100}
\item bijections, 100
\item binary trees, 18
\item binomial coefficients, 99
\item bisimulations, 106
\item \isa {blast} (method), 79--80, 82
\item \isa {bool} (type), 4, 5
\item boolean expressions example, 20--22
\item \isa {bspec} (theorem), \bold{98}
\item \isacommand{by} (command), 63
\indexspace
\item \isa {card} (constant), 99
\item \isa {card_Pow} (theorem), \bold{99}
\item \isa {card_Un_Int} (theorem), \bold{99}
\item cardinality, 99
\item \isa {case} (symbol), 32, 33
\item \isa {case} expressions, 5, 6, 18
\item case distinctions, 19
\item case splits, \bold{31}
\item \isa {case_tac} (method), 19, 91, 147
\item \isa {cases} (method), 151
\item \isa {clarify} (method), 81, 82
\item \isa {clarsimp} (method), 81, 82
\item \isa {classical} (theorem), \bold{63}
\item coinduction, \bold{106}
\item \isa {Collect} (constant), 99
\item \isa {comp_def} (theorem), \bold{102}
\item compiling expressions example, 36--38
\item \isa {Compl_iff} (theorem), \bold{96}
\item complement
\subitem of a set, 95
\item composition
\subitem of functions, \bold{100}
\subitem of relations, \bold{102}
\item conclusion
\subitem of subgoal, 12
\item conditional expressions, \see{\isa{if} expressions}{1}
\item conditional simplification rules, 31
\item \isa {cong} (attribute), 166
\item congruence rules, \bold{165}
\item \isa {conjE} (theorem), \bold{61}
\item \isa {conjI} (theorem), \bold{58}
\item \isa {Cons} (constant), 9
\item \isacommand {constdefs} (command), 25
\item \isacommand {consts} (command), 10
\item contrapositives, 63
\item converse
\subitem of a relation, \bold{102}
\item \isa {converse_iff} (theorem), \bold{102}
\item CTL, 111--116, 181--183
\indexspace
\item \isacommand {datatype} (command), 9, 38--43
\item datatypes, 17--22
\subitem and nested recursion, 40, 44
\subitem mutually recursive, 38
\subitem nested, 170
\item \isacommand {defer} (command), 16, 90
\item Definitional Approach, 26
\item definitions, \bold{25}
\subitem unfolding, \bold{30}
\item \isacommand {defs} (command), 25
\item \isa {del} (modifier), 29
\item description operators, 75--77
\item descriptions
\subitem definite, 75
\subitem indefinite, 76
\item \isa {dest} (attribute), 92
\item destruction rules, 61
\item \isa {diff_mult_distrib} (theorem), \bold{141}
\item difference
\subitem of sets, \bold{96}
\item \isa {disjCI} (theorem), \bold{64}
\item \isa {disjE} (theorem), \bold{60}
\item \isa {div} (symbol), 23
\item divides relation, 74, 85, 91--94, 142
\item division
\subitem by negative numbers, 143
\subitem by zero, 142
\subitem for type \protect\isa{nat}, 141
\item domain
\subitem of a relation, 102
\item \isa {Domain_iff} (theorem), \bold{102}
\item \isacommand {done} (command), 13
\item \isa {drule_tac} (method), 66, 86
\item \isa {dvd_add} (theorem), \bold{142}
\item \isa {dvd_anti_sym} (theorem), \bold{142}
\item \isa {dvd_def} (theorem), \bold{142}
\indexspace
\item \isa {elim!} (attribute), 121
\item elimination rules, 59--60
\item \isacommand {end} (command), 14
\item \isa {Eps} (constant), 99
\item equality, 5
\subitem of functions, \bold{99}
\subitem of records, 151
\subitem of sets, \bold{96}
\item \isa {equalityE} (theorem), \bold{96}
\item \isa {equalityI} (theorem), \bold{96}
\item \isa {erule} (method), 60
\item \isa {erule_tac} (method), 66
\item Euclid's algorithm, 91--94
\item even numbers
\subitem defining inductively, 117--121
\item \texttt {EX}, \bold{197}
\item \isa {Ex} (constant), 99
\item \isa {exE} (theorem), \bold{72}
\item \isa {exI} (theorem), \bold{72}
\item \isa {ext} (theorem), \bold{99}
\item extensionality
\subitem for functions, \bold{99, 100}
\subitem for records, 151
\subitem for sets, \bold{96}
\item \ttEXU, \bold{197}
\indexspace
\item \isa {False} (constant), 5
\item \isa {fast} (method), 82, 114
\item Fibonacci function, 46
\item \isa {finite} (symbol), 99
\item \isa {Finites} (constant), 99
\item fixed points, 106
\item flags, 5, 6, 33
\subitem setting and resetting, 5
\item \isa {force} (method), 81, 82
\item formulae, 5--6
\item forward proof, 82--88
\item \isa {frule} (method), 73
\item \isa {frule_tac} (method), 66
\item \isa {fst} (constant), 24
\item function types, 5
\item functions, 99--101
\subitem partial, 172
\subitem total, 11, 46--52
\subitem underdefined, 173
\indexspace
\item \isa {gcd} (constant), 83--84, 91--94
\item generalizing for induction, 119
\item generalizing induction formulae, 34
\item Girard, Jean-Yves, \fnote{61}
\item Gordon, Mike, 3
\item grammars
\subitem defining inductively, 130--135
\item ground terms example, 125--130
\indexspace
\item \isa {hd} (constant), 17, 37
\item Hilbert's $\varepsilon$-operator, 76
\item HOLCF, 43
\item Hopcroft, J. E., 135
\item \isa {hypreal} (type), 145
\indexspace
\item \isa {Id_def} (theorem), \bold{102}
\item \isa {id_def} (theorem), \bold{100}
\item identifiers, \bold{6}
\subitem qualified, \bold{4}
\item identity function, \bold{100}
\item identity relation, \bold{102}
\item \isa {if} expressions, 5, 6
\subitem simplification of, 33
\subitem splitting of, 31, 49
\item if-and-only-if, 6
\item \isa {iff} (attribute), 80, 92, 120
\item \isa {iffD1} (theorem), \bold{84}
\item \isa {iffD2} (theorem), \bold{84}
\item image
\subitem under a function, \bold{101}
\subitem under a relation, \bold{102}
\item \isa {image_def} (theorem), \bold{101}
\item \isa {Image_iff} (theorem), \bold{102}
\item \isa {impI} (theorem), \bold{62}
\item implication, 62--63
\item \isa {ind_cases} (method), 121
\item \isa {induct_tac} (method), 12, 19, 51, 180
\item induction, 176--183
\subitem complete, 178
\subitem deriving new schemas, 180
\subitem on a term, 177
\subitem recursion, 51--52
\subitem structural, 19
\subitem well-founded, 105
\item induction heuristics, 33--35
\item \isacommand {inductive} (command), 117
\item inductive definition
\subitem simultaneous, 131
\item inductive definitions, 117--135
\item \isacommand {inductive\_cases} (command), 121, 129
\item infinitely branching trees, 42
\item \isacommand{infixr} (annotation), 10
\item \isa {inj_on_def} (theorem), \bold{100}
\item injections, 100
\item \isa {insert} (constant), 97
\item \isa {insert} (method), 87--88
\item instance, \bold{154}
\item \texttt {INT}, \bold{197}
\item \texttt {Int}, \bold{197}
\item \isa {int} (type), 143--144
\item \isa {INT_iff} (theorem), \bold{98}
\item \isa {IntD1} (theorem), \bold{95}
\item \isa {IntD2} (theorem), \bold{95}
\item integers, 143--144
\item \isa {INTER} (constant), 99
\item \texttt {Inter}, \bold{197}
\item \isa {Inter_iff} (theorem), \bold{98}
\item intersection, 95
\subitem indexed, 98
\item \isa {IntI} (theorem), \bold{95}
\item \isa {intro} (method), 64
\item \isa {intro!} (attribute), 118
\item \isa {intro_classes} (method), 154
\item introduction rules, 58--59
\item \isa {inv} (constant), 76
\item \isa {inv_image_def} (theorem), \bold{105}
\item inverse
\subitem of a function, \bold{100}
\subitem of a relation, \bold{102}
\item inverse image
\subitem of a function, 101
\subitem of a relation, 104
\item \isa {itrev} (constant), 34
\indexspace
\item \isacommand {kill} (command), 16
\indexspace
\item $\lambda$ expressions, 5
\item LCF, 43
\item \isa {LEAST} (symbol), 23, 75
\item least number operator, \see{\protect\isa{LEAST}}{75}
\item \isacommand {lemma} (command), 13
\item \isacommand {lemmas} (command), 83, 92
\item \isa {length} (symbol), 18
\item \isa {length_induct}, \bold{180}
\item \isa {less_than} (constant), 104
\item \isa {less_than_iff} (theorem), \bold{104}
\item \isa {let} expressions, 5, 6, 31
\item \isa {Let_def} (theorem), 31
\item \isa {lex_prod_def} (theorem), \bold{105}
\item lexicographic product, \bold{105}, 168
\item {\texttt{lfp}}
\subitem applications of, \see{CTL}{106}
\item Library, 4
\item linear arithmetic, 22--24, 139
\item \isa {List} (theory), 17
\item \isa {list} (type), 5, 9, 17
\item \isa {list.split} (theorem), 32
\item \isa {lists_mono} (theorem), \bold{127}
\item Lowe, Gavin, 186--187
\indexspace
\item \isa {Main} (theory), 4
\item major premise, \bold{65}
\item \isa {max} (constant), 23, 24
\item measure functions, 47, 104
\item \isa {measure_def} (theorem), \bold{105}
\item meta-logic, \bold{70}
\item methods, \bold{16}
\item \isa {min} (constant), 23, 24
\item \isa {mod} (symbol), 23
\item \isa {mod_div_equality} (theorem), \bold{141}
\item \isa {mod_mult_distrib} (theorem), \bold{141}
\item model checking example, 106--116
\item \emph{modus ponens}, 57, 62
\item \isa {mono_def} (theorem), \bold{106}
\item monotone functions, \bold{106}, 129
\subitem and inductive definitions, 127--128
\item \isa {more} (constant), 148--150
\item \isa {mp} (theorem), \bold{62}
\item \isa {mult_ac} (theorems), 142
\item multiple inheritance, \bold{158}
\item multiset ordering, \bold{105}
\indexspace
\item \isa {nat} (type), 4, 22, 141--143
\item \isa {nat_less_induct} (theorem), 178
\item natural deduction, 57--58
\item natural numbers, 22, 141--143
\item Needham-Schroeder protocol, 185--187
\item negation, 63--65
\item \isa {Nil} (constant), 9
\item \isa {no_asm} (modifier), 29
\item \isa {no_asm_simp} (modifier), 30
\item \isa {no_asm_use} (modifier), 30
\item non-standard reals, 145
\item \isa {None} (constant), \bold{24}
\item \isa {notE} (theorem), \bold{63}
\item \isa {notI} (theorem), \bold{63}
\item numbers, 139--145
\item numeric literals, 140
\subitem for type \protect\isa{nat}, 141
\subitem for type \protect\isa{real}, 145
\indexspace
\item \isa {O} (symbol), 102
\item \texttt {o}, \bold{197}
\item \isa {o_def} (theorem), \bold{100}
\item \isa {OF} (attribute), 85--86
\item \isa {of} (attribute), 83, 86
\item \isa {only} (modifier), 29
\item \isacommand {oops} (command), 13
\item \isa {option} (type), \bold{24}
\item ordered rewriting, \bold{166}
\item overloading, 23, 153--156
\subitem and arithmetic, 140
\indexspace
\item pairs and tuples, 24, 145--148
\item parent theories, \bold{4}
\item pattern matching
\subitem and \isacommand{recdef}, 47
\item patterns
\subitem higher-order, \bold{167}
\item PDL, 108--110
\item \isacommand {pr} (command), 16, 90
\item \isacommand {prefer} (command), 16, 90
\item primitive recursion, \see{recursion, primitive}{1}
\item \isacommand {primrec} (command), 10, 18, 38--43
\item product type, \see{pairs and tuples}{1}
\item Proof General, \bold{7}
\item proof state, 12
\item proofs
\subitem abandoning, \bold{13}
\subitem examples of failing, 77--79
\item protocols
\subitem security, 185--195
\indexspace
\item quantifiers, 6
\subitem and inductive definitions, 125--127
\subitem existential, 72
\subitem for sets, 98
\subitem instantiating, 74
\subitem universal, 69--72
\indexspace
\item \isa {r_into_rtrancl} (theorem), \bold{102}
\item \isa {r_into_trancl} (theorem), \bold{103}
\item range
\subitem of a function, 101
\subitem of a relation, 102
\item \isa {range} (symbol), 101
\item \isa {Range_iff} (theorem), \bold{102}
\item \isa {Real} (theory), 145
\item \isa {real} (type), 144--145
\item real numbers, 144--145
\item \isacommand {recdef} (command), 46--52, 104, 168--176
\subitem and numeric literals, 140
\item \isa {recdef_cong} (attribute), 172
\item \isa {recdef_simp} (attribute), 48
\item \isa {recdef_wf} (attribute), 170
\item \isacommand {record} (command), 148
\item records, 148--153
\subitem extensible, 149--150
\item recursion
\subitem guarded, 173
\subitem primitive, 18
\subitem well-founded, \bold{169}
\item recursion induction, 51--52
\item \isacommand {redo} (command), 16
\item reflexive and transitive closure, 102--104
\item reflexive transitive closure
\subitem defining inductively, 122--125
\item relations, 101--104
\subitem well-founded, 104--105
\item \isa {rename_tac} (method), 72--73
\item \isa {rev} (constant), 10--14, 34
\item rewrite rules, \bold{27}
\subitem permutative, \bold{166}
\item rewriting, \bold{27}
\item \isa {rotate_tac} (method), 30
\item \isa {rtrancl_refl} (theorem), \bold{102}
\item \isa {rtrancl_trans} (theorem), \bold{102}
\item rule induction, 118--120
\item rule inversion, 120--121, 129--130
\item \isa {rule_format} (attribute), 177
\item \isa {rule_tac} (method), 66
\subitem and renaming, 73
\indexspace
\item \isa {safe} (method), 81, 82
\item safe rules, \bold{80}
\item \isa {set} (type), 5, 95
\item set comprehensions, 97--98
\item \isa {set_ext} (theorem), \bold{96}
\item sets, 95--99
\subitem finite, 99
\subitem notation for finite, \bold{97}
\item settings, \see{flags}{1}
\item \isa {show_brackets} (flag), 6
\item \isa {show_types} (flag), 5, 16
\item \isa {simp} (attribute), 11, 28
\item \isa {simp} (method), \bold{28}
\item \isa {simp} del (attribute), 28
\item \isa {simp_all} (method), 29, 37
\item simplification, 27--33, 165--168
\subitem of \isa{let}-expressions, 31
\subitem with definitions, 30
\subitem with/of assumptions, 29
\item simplification rule, 167--168
\item simplification rules, 28
\subitem adding and deleting, 29
\item \isa {simplified} (attribute), 83, 86
\item \isa {size} (constant), 17
\item \isa {snd} (constant), 24
\item \isa {SOME} (symbol), 76
\item \texttt {SOME}, \bold{197}
\item \isa {Some} (constant), \bold{24}
\item \isa {some_equality} (theorem), \bold{76}
\item \isa {someI} (theorem), \bold{76}
\item \isa {someI2} (theorem), \bold{76}
\item \isa {someI_ex} (theorem), \bold{77}
\item sorts, 159
\item \isa {spec} (theorem), \bold{70}
\item \isa {split} (attribute), 32
\item \isa {split} (constant), 146
\item \isa {split} (method), 31, 146
\item \isa {split} (modifier), 32
\item split rule, \bold{32}
\item \isa {split_if} (theorem), 32
\item \isa {split_if_asm} (theorem), 32
\item \isa {ssubst} (theorem), \bold{67}
\item structural induction, \see{induction, structural}{1}
\item subclasses, 153, 157
\item subgoal numbering, 46
\item \isa {subgoal_tac} (method), 88
\item subgoals, 12
\item subset relation, \bold{96}
\item \isa {subsetD} (theorem), \bold{96}
\item \isa {subsetI} (theorem), \bold{96}
\item \isa {subst} (method), 67
\item substitution, 67--69
\item \isa {Suc} (constant), 22
\item \isa {surj_def} (theorem), \bold{100}
\item surjections, 100
\item \isa {sym} (theorem), \bold{84}
\item syntax, 6, 11
\item syntax translations, 26
\indexspace
\item tacticals, 89
\item tactics, 12
\item \isacommand {term} (command), 16
\item term rewriting, \bold{27}
\item termination, \see{functions, total}{1}
\item terms, 5
\item \isa {THE} (symbol), 75
\item \isa {the_equality} (theorem), \bold{75}
\item \isa {THEN} (attribute), \bold{84}, 86, 92
\item \isacommand {theorem} (command), \bold{11}, 13
\item theories, 4
\subitem abandoning, \bold{16}
\item \isacommand {theory} (command), 16
\item theory files, 4
\item \isacommand {thm} (command), 16
\item \isa {tl} (constant), 17
\item \isa {ToyList} example, 9--14
\item \isa {trace_simp} (flag), 33
\item tracing the simplifier, \bold{33}
\item \isa {trancl_trans} (theorem), \bold{103}
\item transition systems, 107
\item \isacommand {translations} (command), 26
\item tries, 43--46
\item \isa {True} (constant), 5
\item tuples, \see{pairs and tuples}{1}
\item \isacommand {typ} (command), 16
\item type constraints, \bold{6}
\item type constructors, 5
\item type inference, \bold{5}
\item type synonyms, 25
\item type variables, 5
\item \isacommand {typedecl} (command), 107, 159
\item \isacommand {typedef} (command), 160--163
\item types, 4--5
\subitem declaring, 159--160
\subitem defining, 160--163
\item \isacommand {types} (command), 25
\indexspace
\item Ullman, J. D., 135
\item \texttt {UN}, \bold{197}
\item \texttt {Un}, \bold{197}
\item \isa {UN_E} (theorem), \bold{98}
\item \isa {UN_I} (theorem), \bold{98}
\item \isa {UN_iff} (theorem), \bold{98}
\item \isa {Un_subset_iff} (theorem), \bold{96}
\item \isacommand {undo} (command), 16
\item unification, 66--69
\item \isa {UNION} (constant), 99
\item \texttt {Union}, \bold{197}
\item union
\subitem indexed, 98
\item \isa {Union_iff} (theorem), \bold{98}
\item \isa {unit} (type), 24
\item unknowns, 7, \bold{58}
\item unsafe rules, \bold{80}
\item updating a function, \bold{99}
\indexspace
\item variables, 7
\subitem schematic, 7
\subitem type, 5
\item \isa {vimage_def} (theorem), \bold{101}
\indexspace
\item Wenzel, Markus, vii
\item \isa {wf_induct} (theorem), \bold{105}
\item \isa {wf_inv_image} (theorem), \bold{105}
\item \isa {wf_less_than} (theorem), \bold{104}
\item \isa {wf_lex_prod} (theorem), \bold{105}
\item \isa {wf_measure} (theorem), \bold{105}
\item \isa {wf_subset} (theorem), 170
\item \isa {while} (constant), 175
\item \isa {While_Combinator} (theory), 175
\item \isa {while_rule} (theorem), 175
\indexspace
\item \isa {zadd_ac} (theorems), 143
\item \isa {zmult_ac} (theorems), 143
\end{theindex}