\begin{theindex}
\item \ttall, \bold{209}
\item \texttt{?}, \bold{209}
\item \isasymuniqex, \bold{209}
\item \ttuniquex, \bold{209}
\item {\texttt {\&}}, \bold{209}
\item \verb$~$, \bold{209}
\item \verb$~=$, \bold{209}
\item \ttor, \bold{209}
\item \texttt{[]}, \bold{9}
\item \texttt{\#}, \bold{9}
\item \texttt{\at}, \bold{10}, 209
\item \isasymnotin, \bold{209}
\item \verb$~:$, \bold{209}
\item \isasymInter, \bold{209}
\item \isasymUnion, \bold{209}
\item \isasyminverse, \bold{209}
\item \verb$^-1$, \bold{209}
\item \isactrlsup{\isacharasterisk}, \bold{209}
\item \verb$^$\texttt{*}, \bold{209}
\item \isasymAnd, \bold{12}, \bold{209}
\item \ttAnd, \bold{209}
\item \emph {$\Rightarrow $}, \bold{5}
\item \ttlbr, \bold{209}
\item \ttrbr, \bold{209}
\item \texttt {\%}, \bold{209}
\item \texttt {;}, \bold{7}
\item \isa {()} (constant), 24
\item \isa {+} (tactical), 99
\item \isa {<*lex*>}, \see{lexicographic product}{1}
\item \isa {?} (tactical), 99
\item \texttt{|} (tactical), 99
\indexspace
\item \isa {0} (constant), 22, 23, 150
\item \isa {1} (constant), 23, 150, 151
\indexspace
\item abandoning a proof, \bold{13}
\item abandoning a theory, \bold{16}
\item \isa {abs} (constant), 153
\item \texttt {abs}, \bold{209}
\item absolute value, 153
\item \isa {add} (modifier), 29
\item \isa {add_ac} (theorems), 152
\item \isa {add_assoc} (theorem), \bold{152}
\item \isa {add_commute} (theorem), \bold{152}
\item \isa {add_mult_distrib} (theorem), \bold{151}
\item \texttt {ALL}, \bold{209}
\item \isa {All} (constant), 109
\item \isa {allE} (theorem), \bold{81}
\item \isa {allI} (theorem), \bold{80}
\item antiquotation, \bold{61}
\item append function, 10--14
\item \isacommand {apply} (command), 15
\item \isa {arg_cong} (theorem), \bold{96}
\item \isa {arith} (method), 23, 149
\item arithmetic operations
\subitem for \protect\isa{nat}, 23
\item \textsc {ascii} symbols, \bold{209}
\item Aspinall, David, viii
\item associative-commutative function, 176
\item \isa {assumption} (method), 69
\item assumptions
\subitem of subgoal, 12
\subitem renaming, 82--83
\subitem reusing, 83
\item \isa {auto} (method), 38, 92
\item \isa {axclass}, 164--170
\item axiom of choice, 86
\item axiomatic type classes, 164--170
\indexspace
\item \isacommand {back} (command), 78
\item \isa {Ball} (constant), 109
\item \isa {ballI} (theorem), \bold{108}
\item \isa {best} (method), 92
\item \isa {Bex} (constant), 109
\item \isa {bexE} (theorem), \bold{108}
\item \isa {bexI} (theorem), \bold{108}
\item \isa {bij_def} (theorem), \bold{110}
\item bijections, 110
\item binary trees, 18
\item binomial coefficients, 109
\item bisimulations, 116
\item \isa {blast} (method), 89--90, 92
\item \isa {bool} (type), 4, 5
\item boolean expressions example, 20--22
\item \isa {bspec} (theorem), \bold{108}
\item \isacommand{by} (command), 73
\indexspace
\item \isa {card} (constant), 109
\item \isa {card_Pow} (theorem), \bold{109}
\item \isa {card_Un_Int} (theorem), \bold{109}
\item cardinality, 109
\item \isa {case} (symbol), 32, 33
\item \isa {case} expressions, 5, 6, 18
\item case distinctions, 19
\item case splits, \bold{31}
\item \isa {case_tac} (method), 19, 101, 157
\item \isa {cases} (method), 162
\item \isacommand {chapter} (command), 59
\item \isa {clarify} (method), 91, 92
\item \isa {clarsimp} (method), 91, 92
\item \isa {classical} (theorem), \bold{73}
\item coinduction, \bold{116}
\item \isa {Collect} (constant), 109
\item compiling expressions example, 36--38
\item \isa {Compl_iff} (theorem), \bold{106}
\item complement
\subitem of a set, 105
\item composition
\subitem of functions, \bold{110}
\subitem of relations, \bold{112}
\item conclusion
\subitem of subgoal, 12
\item conditional expressions, \see{\isa{if} expressions}{1}
\item conditional simplification rules, 31
\item \isa {cong} (attribute), 176
\item congruence rules, \bold{175}
\item \isa {conjE} (theorem), \bold{71}
\item \isa {conjI} (theorem), \bold{68}
\item \isa {Cons} (constant), 9
\item \isacommand {constdefs} (command), 25
\item \isacommand {consts} (command), 10
\item contrapositives, 73
\item converse
\subitem of a relation, \bold{112}
\item \isa {converse_iff} (theorem), \bold{112}
\item CTL, 121--126, 191--193
\indexspace
\item \isacommand {datatype} (command), 9, 38--43
\item datatypes, 17--22
\subitem and nested recursion, 40, 44
\subitem mutually recursive, 38
\subitem nested, 180
\item \isacommand {defer} (command), 16, 100
\item Definitional Approach, 26
\item definitions, \bold{25}
\subitem unfolding, \bold{30}
\item \isacommand {defs} (command), 25
\item \isa {del} (modifier), 29
\item description operators, 85--87
\item descriptions
\subitem definite, 85
\subitem indefinite, 86
\item \isa {dest} (attribute), 102
\item destruction rules, 71
\item \isa {diff_mult_distrib} (theorem), \bold{151}
\item difference
\subitem of sets, \bold{106}
\item \isa {disjCI} (theorem), \bold{74}
\item \isa {disjE} (theorem), \bold{70}
\item \isa {div} (symbol), 23
\item divides relation, 84, 95, 101--104, 152
\item division
\subitem by negative numbers, 153
\subitem by zero, 152
\subitem for type \protect\isa{nat}, 151
\item documents, \bold{57}
\item domain
\subitem of a relation, 112
\item \isa {Domain_iff} (theorem), \bold{112}
\item \isacommand {done} (command), 13
\item \isa {drule_tac} (method), 76, 96
\item \isa {dvd_add} (theorem), \bold{152}
\item \isa {dvd_anti_sym} (theorem), \bold{152}
\item \isa {dvd_def} (theorem), \bold{152}
\indexspace
\item \isa {elim!} (attribute), 131
\item elimination rules, 69--70
\item \isacommand {end} (command), 14
\item \isa {Eps} (constant), 109
\item equality, 5
\subitem of functions, \bold{109}
\subitem of records, 161
\subitem of sets, \bold{106}
\item \isa {equalityE} (theorem), \bold{106}
\item \isa {equalityI} (theorem), \bold{106}
\item \isa {erule} (method), 70
\item \isa {erule_tac} (method), 76
\item Euclid's algorithm, 101--104
\item even numbers
\subitem defining inductively, 127--131
\item \texttt {EX}, \bold{209}
\item \isa {Ex} (constant), 109
\item \isa {exE} (theorem), \bold{82}
\item \isa {exI} (theorem), \bold{82}
\item \isa {ext} (theorem), \bold{109}
\item \isa {extend} (constant), 163
\item extensionality
\subitem for functions, \bold{109, 110}
\subitem for records, 162
\subitem for sets, \bold{106}
\item \ttEXU, \bold{209}
\indexspace
\item \isa {False} (constant), 5
\item \isa {fast} (method), 92, 124
\item Fibonacci function, 47
\item \isa {fields} (constant), 163
\item \isa {finite} (symbol), 109
\item \isa {Finites} (constant), 109
\item fixed points, 116
\item flags, 5, 6, 33
\subitem setting and resetting, 5
\item \isa {force} (method), 91, 92
\item formal comments, \bold{61}
\item formal proof documents, \bold{57}
\item formulae, 5--6
\item forward proof, 92--98
\item \isa {frule} (method), 83
\item \isa {frule_tac} (method), 76
\item \isa {fst} (constant), 24
\item function types, 5
\item functions, 109--111
\subitem partial, 182
\subitem total, 11, 46--52
\subitem underdefined, 183
\indexspace
\item \isa {gcd} (constant), 93--94, 101--104
\item generalizing for induction, 129
\item generalizing induction formulae, 35
\item Girard, Jean-Yves, \fnote{71}
\item Gordon, Mike, 3
\item grammars
\subitem defining inductively, 140--145
\item ground terms example, 135--140
\indexspace
\item \isa {hd} (constant), 17, 37
\item \isacommand {header} (command), 59
\item Hilbert's $\varepsilon$-operator, 86
\item \isacommand {hints} (command), 49, 180, 182
\item HOLCF, 43
\item Hopcroft, J. E., 145
\item \isa {hypreal} (type), 155
\indexspace
\item \isa {Id_def} (theorem), \bold{112}
\item \isa {id_def} (theorem), \bold{110}
\item identifiers, \bold{6}
\subitem qualified, \bold{4}
\item identity function, \bold{110}
\item identity relation, \bold{112}
\item \isa {if} expressions, 5, 6
\subitem simplification of, 33
\subitem splitting of, 31, 49
\item if-and-only-if, 6
\item \isa {iff} (attribute), 90, 102, 130
\item \isa {iffD1} (theorem), \bold{94}
\item \isa {iffD2} (theorem), \bold{94}
\item ignored material, \bold{64}
\item image
\subitem under a function, \bold{111}
\subitem under a relation, \bold{112}
\item \isa {image_def} (theorem), \bold{111}
\item \isa {Image_iff} (theorem), \bold{112}
\item \isa {impI} (theorem), \bold{72}
\item implication, 72--73
\item \isa {ind_cases} (method), 131
\item \isa {induct_tac} (method), 12, 19, 52, 190
\item induction, 186--193
\subitem complete, 188
\subitem deriving new schemas, 190
\subitem on a term, 187
\subitem recursion, 51--52
\subitem structural, 19
\subitem well-founded, 115
\item induction heuristics, 34--36
\item \isacommand {inductive} (command), 127
\item inductive definition
\subitem simultaneous, 141
\item inductive definitions, 127--145
\item \isacommand {inductive\_cases} (command), 131, 139
\item infinitely branching trees, 43
\item infix annotations, 53
\item \isacommand{infixr} (annotation), 10
\item \isa {inj_on_def} (theorem), \bold{110}
\item injections, 110
\item \isa {insert} (constant), 107
\item \isa {insert} (method), 97--98
\item instance, \bold{166}
\item \texttt {INT}, \bold{209}
\item \texttt {Int}, \bold{209}
\item \isa {int} (type), 153--154
\item \isa {INT_iff} (theorem), \bold{108}
\item \isa {IntD1} (theorem), \bold{105}
\item \isa {IntD2} (theorem), \bold{105}
\item integers, 153--154
\item \isa {INTER} (constant), 109
\item \texttt {Inter}, \bold{209}
\item \isa {Inter_iff} (theorem), \bold{108}
\item intersection, 105
\subitem indexed, 108
\item \isa {IntI} (theorem), \bold{105}
\item \isa {intro} (method), 74
\item \isa {intro!} (attribute), 128
\item \isa {intro_classes} (method), 166
\item introduction rules, 68--69
\item \isa {inv} (constant), 86
\item \isa {inv_image_def} (theorem), \bold{115}
\item inverse
\subitem of a function, \bold{110}
\subitem of a relation, \bold{112}
\item inverse image
\subitem of a function, 111
\subitem of a relation, 114
\item \isa {itrev} (constant), 34
\indexspace
\item \isacommand {kill} (command), 16
\indexspace
\item $\lambda$ expressions, 5
\item LCF, 43
\item \isa {LEAST} (symbol), 23, 85
\item least number operator, \see{\protect\isa{LEAST}}{85}
\item Leibniz, Gottfried Wilhelm, 53
\item \isacommand {lemma} (command), 13
\item \isacommand {lemmas} (command), 93, 102
\item \isa {length} (symbol), 18
\item \isa {length_induct}, \bold{190}
\item \isa {less_than} (constant), 114
\item \isa {less_than_iff} (theorem), \bold{114}
\item \isa {let} expressions, 5, 6, 31
\item \isa {Let_def} (theorem), 31
\item \isa {lex_prod_def} (theorem), \bold{115}
\item lexicographic product, \bold{115}, 178
\item {\texttt{lfp}}
\subitem applications of, \see{CTL}{116}
\item Library, 4
\item linear arithmetic, 22--24, 149
\item \isa {List} (theory), 17
\item \isa {list} (type), 5, 9, 17
\item \isa {list.split} (theorem), 32
\item \isa {lists_mono} (theorem), \bold{137}
\item Lowe, Gavin, 196--197
\indexspace
\item \isa {Main} (theory), 4
\item major premise, \bold{75}
\item \isa {make} (constant), 163
\item marginal comments, \bold{61}
\item markup commands, \bold{59}
\item \isa {max} (constant), 23, 24
\item measure functions, 47, 114
\item \isa {measure_def} (theorem), \bold{115}
\item meta-logic, \bold{80}
\item methods, \bold{16}
\item \isa {min} (constant), 23, 24
\item mixfix annotations, \bold{53}
\item \isa {mod} (symbol), 23
\item \isa {mod_div_equality} (theorem), \bold{151}
\item \isa {mod_mult_distrib} (theorem), \bold{151}
\item model checking example, 116--126
\item \emph{modus ponens}, 67, 72
\item \isa {mono_def} (theorem), \bold{116}
\item monotone functions, \bold{116}, 139
\subitem and inductive definitions, 137--138
\item \isa {more} (constant), 158, 160
\item \isa {mp} (theorem), \bold{72}
\item \isa {mult_ac} (theorems), 152
\item multiple inheritance, \bold{169}
\item multiset ordering, \bold{115}
\indexspace
\item \isa {nat} (type), 4, 22, 151--153
\item \isa {nat_less_induct} (theorem), 188
\item natural deduction, 67--68
\item natural numbers, 22, 151--153
\item Needham-Schroeder protocol, 195--197
\item negation, 73--75
\item \isa {Nil} (constant), 9
\item \isa {no_asm} (modifier), 29
\item \isa {no_asm_simp} (modifier), 30
\item \isa {no_asm_use} (modifier), 30
\item \isa {no_vars} (attribute), 62
\item non-standard reals, 155
\item \isa {None} (constant), \bold{24}
\item \isa {notE} (theorem), \bold{73}
\item \isa {notI} (theorem), \bold{73}
\item numbers, 149--155
\item numeric literals, 150
\subitem for type \protect\isa{nat}, 151
\subitem for type \protect\isa{real}, 155
\indexspace
\item \isa {O} (symbol), 112
\item \texttt {o}, \bold{209}
\item \isa {o_def} (theorem), \bold{110}
\item \isa {OF} (attribute), 95--96
\item \isa {of} (attribute), 93, 96
\item \isa {only} (modifier), 29
\item \isacommand {oops} (command), 13
\item \isa {option} (type), \bold{24}
\item ordered rewriting, \bold{176}
\item overloading, 23, 165--167
\subitem and arithmetic, 150
\indexspace
\item pairs and tuples, 24, 155--158
\item parent theories, \bold{4}
\item pattern matching
\subitem and \isacommand{recdef}, 47
\item patterns
\subitem higher-order, \bold{177}
\item PDL, 118--120
\item \isacommand {pr} (command), 16, 100
\item \isacommand {prefer} (command), 16, 100
\item prefix annotation, 55
\item primitive recursion, \see{recursion, primitive}{1}
\item \isacommand {primrec} (command), 10, 18, 38--43
\item print mode, \bold{55}
\item product type, \see{pairs and tuples}{1}
\item Proof General, \bold{7}
\item proof state, 12
\item proofs
\subitem abandoning, \bold{13}
\subitem examples of failing, 87--89
\item protocols
\subitem security, 195--205
\indexspace
\item quantifiers, 6
\subitem and inductive definitions, 135--137
\subitem existential, 82
\subitem for sets, 108
\subitem instantiating, 84
\subitem universal, 79--82
\indexspace
\item \isa {r_into_rtrancl} (theorem), \bold{112}
\item \isa {r_into_trancl} (theorem), \bold{113}
\item range
\subitem of a function, 111
\subitem of a relation, 112
\item \isa {range} (symbol), 111
\item \isa {Range_iff} (theorem), \bold{112}
\item \isa {Real} (theory), 155
\item \isa {real} (type), 154--155
\item real numbers, 154--155
\item \isacommand {recdef} (command), 46--52, 114, 178--186
\subitem and numeric literals, 150
\item \isa {recdef_cong} (attribute), 182
\item \isa {recdef_simp} (attribute), 49
\item \isa {recdef_wf} (attribute), 180
\item \isacommand {record} (command), 159
\item records, 158--164
\subitem extensible, 160--161
\item recursion
\subitem guarded, 183
\subitem primitive, 18
\subitem well-founded, \bold{179}
\item recursion induction, 51--52
\item \isacommand {redo} (command), 16
\item reflexive and transitive closure, 112--114
\item reflexive transitive closure
\subitem defining inductively, 132--135
\item \isa {rel_comp_def} (theorem), \bold{112}
\item relations, 111--114
\subitem well-founded, 114--115
\item \isa {rename_tac} (method), 82--83
\item \isa {rev} (constant), 10--14, 34
\item rewrite rules, \bold{27}
\subitem permutative, \bold{176}
\item rewriting, \bold{27}
\item \isa {rotate_tac} (method), 30
\item \isa {rtrancl_refl} (theorem), \bold{112}
\item \isa {rtrancl_trans} (theorem), \bold{112}
\item rule induction, 128--130
\item rule inversion, 130--131, 139--140
\item \isa {rule_format} (attribute), 187
\item \isa {rule_tac} (method), 76
\subitem and renaming, 83
\indexspace
\item \isa {safe} (method), 91, 92
\item safe rules, \bold{90}
\item \isacommand {sect} (command), 59
\item \isacommand {section} (command), 59
\item selector
\subitem record, 159
\item session, \bold{58}
\item \isa {set} (type), 5, 105
\item set comprehensions, 107--108
\item \isa {set_ext} (theorem), \bold{106}
\item sets, 105--109
\subitem finite, 109
\subitem notation for finite, \bold{107}
\item settings, \see{flags}{1}
\item \isa {show_brackets} (flag), 6
\item \isa {show_types} (flag), 5, 16
\item \isa {simp} (attribute), 11, 28
\item \isa {simp} (method), \bold{28}
\item \isa {simp} del (attribute), 28
\item \isa {simp_all} (method), 29, 38
\item simplification, 27--33, 175--178
\subitem of \isa{let}-expressions, 31
\subitem with definitions, 30
\subitem with/of assumptions, 29
\item simplification rule, 177--178
\item simplification rules, 28
\subitem adding and deleting, 29
\item \isa {simplified} (attribute), 93, 96
\item \isa {size} (constant), 17
\item \isa {snd} (constant), 24
\item \isa {SOME} (symbol), 86
\item \texttt {SOME}, \bold{209}
\item \isa {Some} (constant), \bold{24}
\item \isa {some_equality} (theorem), \bold{86}
\item \isa {someI} (theorem), \bold{86}
\item \isa {someI2} (theorem), \bold{86}
\item \isa {someI_ex} (theorem), \bold{87}
\item sorts, 170
\item source comments, \bold{60}
\item \isa {spec} (theorem), \bold{80}
\item \isa {split} (attribute), 32
\item \isa {split} (constant), 156
\item \isa {split} (method), 31, 156
\item \isa {split} (modifier), 32
\item split rule, \bold{32}
\item \isa {split_if} (theorem), 32
\item \isa {split_if_asm} (theorem), 32
\item \isa {ssubst} (theorem), \bold{77}
\item structural induction, \see{induction, structural}{1}
\item subclasses, 164, 169
\item subgoal numbering, 46
\item \isa {subgoal_tac} (method), 98
\item subgoals, 12
\item \isacommand {subsect} (command), 59
\item \isacommand {subsection} (command), 59
\item subset relation, \bold{106}
\item \isa {subsetD} (theorem), \bold{106}
\item \isa {subsetI} (theorem), \bold{106}
\item \isa {subst} (method), 77
\item substitution, 77--79
\item \isacommand {subsubsect} (command), 59
\item \isacommand {subsubsection} (command), 59
\item \isa {Suc} (constant), 22
\item \isa {surj_def} (theorem), \bold{110}
\item surjections, 110
\item \isa {sym} (theorem), \bold{94}
\item symbols, \bold{54}
\item syntax, 6, 11
\item \isacommand {syntax} (command), 55
\item syntax (command), 56
\item syntax translations, \bold{56}
\indexspace
\item tacticals, 99
\item tactics, 12
\item \isacommand {term} (command), 16
\item term rewriting, \bold{27}
\item termination, \see{functions, total}{1}
\item terms, 5
\item text, \bold{61}
\item text blocks, \bold{61}
\item \isa {THE} (symbol), 85
\item \isa {the_equality} (theorem), \bold{85}
\item \isa {THEN} (attribute), \bold{94}, 96, 102
\item \isacommand {theorem} (command), \bold{11}, 13
\item theories, 4
\subitem abandoning, \bold{16}
\item \isacommand {theory} (command), 16
\item theory files, 4
\item \isacommand {thm} (command), 16
\item \isa {tl} (constant), 17
\item \isa {ToyList} example, 9--14
\item \isa {trace_simp} (flag), 33
\item tracing the simplifier, \bold{33}
\item \isa {trancl_trans} (theorem), \bold{113}
\item transition systems, 117
\item \isacommand {translations} (command), 56
\item tries, 44--46
\item \isa {True} (constant), 5
\item \isa {truncate} (constant), 163
\item tuples, \see{pairs and tuples}{1}
\item txt, \bold{61}
\item \isacommand {typ} (command), 16
\item type constraints, \bold{6}
\item type constructors, 5
\item type inference, \bold{5}
\item type synonyms, 25
\item type variables, 5
\item \isacommand {typedecl} (command), 117, 171
\item \isacommand {typedef} (command), 171--174
\item types, 4--5
\subitem declaring, 171
\subitem defining, 171--174
\item \isacommand {types} (command), 25
\indexspace
\item Ullman, J. D., 145
\item \texttt {UN}, \bold{209}
\item \texttt {Un}, \bold{209}
\item \isa {UN_E} (theorem), \bold{108}
\item \isa {UN_I} (theorem), \bold{108}
\item \isa {UN_iff} (theorem), \bold{108}
\item \isa {Un_subset_iff} (theorem), \bold{106}
\item \isacommand {undo} (command), 16
\item \isa {unfold} (method), \bold{31}
\item unification, 76--79
\item \isa {UNION} (constant), 109
\item \texttt {Union}, \bold{209}
\item union
\subitem indexed, 108
\item \isa {Union_iff} (theorem), \bold{108}
\item \isa {unit} (type), 24
\item unknowns, 7, \bold{68}
\item unsafe rules, \bold{90}
\item update
\subitem record, 159
\item updating a function, \bold{109}
\indexspace
\item variables, 7
\subitem schematic, 7
\subitem type, 5
\item \isa {vimage_def} (theorem), \bold{111}
\indexspace
\item \isa {wf_induct} (theorem), \bold{115}
\item \isa {wf_inv_image} (theorem), \bold{115}
\item \isa {wf_less_than} (theorem), \bold{114}
\item \isa {wf_lex_prod} (theorem), \bold{115}
\item \isa {wf_measure} (theorem), \bold{115}
\item \isa {wf_subset} (theorem), 180
\item \isa {while} (constant), 185
\item \isa {While_Combinator} (theory), 185
\item \isa {while_rule} (theorem), 185
\indexspace
\item \isa {zadd_ac} (theorems), 153
\item \isa {zmult_ac} (theorems), 153
\end{theindex}