NEWS
author wenzelm
Mon Jun 27 22:23:44 2011 +0200 (2011-06-27)
changeset 43565 486b56f2139c
parent 43527 1aacef7471c2
child 43581 c3e4d280bdeb
permissions -rw-r--r--
NEWS;
     1 Isabelle NEWS -- history user-relevant changes
     2 ==============================================
     3 
     4 New in this Isabelle version
     5 ----------------------------
     6 
     7 *** General ***
     8 
     9 * Theory loader: source files are identified by content via SHA1
    10 digests.  Discontinued former path/modtime identification and optional
    11 ISABELLE_FILE_IDENT plugin scripts.
    12 
    13 * Parallelization of nested Isar proofs is subject to
    14 Goal.parallel_proofs_threshold (default 100).  See also isabelle
    15 usedir option -Q.
    16 
    17 * Discontinued support for Poly/ML 5.2, which was the last version
    18 without proper multithreading and TimeLimit implementation.
    19 
    20 * Discontinued old lib/scripts/polyml-platform, which has been
    21 obsolete since Isabelle2009-2.
    22 
    23 * Theory loader: source files are exclusively located via the master
    24 directory of each theory node (where the .thy file itself resides).
    25 The global load path (such as src/HOL/Library) has been discontinued.
    26 Note that the path element ~~ may be used to reference theories in the
    27 Isabelle home folder -- for instance, "~~/src/HOL/Library/FuncSet".
    28 INCOMPATIBILITY.
    29 
    30 * Various optional external tools are referenced more robustly and
    31 uniformly by explicit Isabelle settings as follows:
    32 
    33   ISABELLE_CSDP   (formerly CSDP_EXE)
    34   ISABELLE_GHC    (formerly EXEC_GHC or GHC_PATH)
    35   ISABELLE_OCAML  (formerly EXEC_OCAML)
    36   ISABELLE_SWIPL  (formerly EXEC_SWIPL)
    37   ISABELLE_YAP    (formerly EXEC_YAP)
    38 
    39 Note that automated detection from the file-system or search path has
    40 been discontinued.  INCOMPATIBILITY.
    41 
    42 * Name space: former unsynchronized references are now proper
    43 configuration options, with more conventional names:
    44 
    45   long_names   ~> names_long
    46   short_names  ~> names_short
    47   unique_names ~> names_unique
    48 
    49 Minor INCOMPATIBILITY, need to declare options in context like this:
    50 
    51   declare [[names_unique = false]]
    52 
    53 * Literal facts `prop` may contain dummy patterns, e.g. `_ = _`.  Note
    54 that the result needs to be unique, which means fact specifications
    55 may have to be refined after enriching a proof context.
    56 
    57 * Isabelle/Isar reference manual provides more formal references in
    58 syntax diagrams.
    59 
    60 
    61 *** HOL ***
    62 
    63 * Finite_Set.thy: more coherent development of fold_set locales:
    64 
    65     locale fun_left_comm ~> locale comp_fun_commute
    66     locale fun_left_comm_idem ~> locale comp_fun_idem
    67     
    68 Both use point-free characterisation; interpretation proofs may need adjustment.
    69 INCOMPATIBILITY.
    70 
    71 * Code generation:
    72   - theory Library/Code_Char_ord provides native ordering of characters
    73     in the target language.
    74     
    75 * Declare ext [intro] by default.  Rare INCOMPATIBILITY.
    76 
    77 * Nitpick:
    78   - Added "need" and "total_consts" options.
    79   - Reintroduced "show_skolems" option by popular demand.
    80   - Renamed attribute: nitpick_def ~> nitpick_unfold.
    81     INCOMPATIBILITY.
    82 
    83 * Sledgehammer:
    84   - sledgehammer available_provers ~> sledgehammer supported_provers
    85     INCOMPATIBILITY.
    86   - Added support for SNARK and ToFoF-E on SystemOnTPTP and for simply typed
    87     TPTP problems (TFF).
    88   - Added "type_sys", "max_mono_iters", and "max_new_mono_instances" options.
    89 
    90 * Metis:
    91   - Removed "metisF" -- use "metis" instead.
    92   - Obsoleted "metisFT" -- use "metis (full_types)" instead.
    93 
    94 * "try":
    95   - Added "simp:", "intro:", and "elim:" options.
    96 
    97 * Quickcheck:
    98   - Added "eval" option to evaluate terms for the found counterexample
    99     (currently only supported by the default (exhaustive) tester)
   100   - Added post-processing of terms to obtain readable counterexamples
   101     (currently only supported by the default (exhaustive) tester)
   102   - New counterexample generator quickcheck[narrowing] enables
   103     narrowing-based testing.
   104     It requires that the Glasgow Haskell compiler is installed and
   105     its location is known to Isabelle with the environment variable
   106     ISABELLE_GHC.
   107 
   108 * Function package: discontinued option "tailrec".
   109 INCOMPATIBILITY. Use partial_function instead.
   110 
   111 * HOL-Probability:
   112   - Caratheodory's extension lemma is now proved for ring_of_sets.
   113   - Infinite products of probability measures are now available.
   114   - Use extended reals instead of positive extended reals.
   115     INCOMPATIBILITY.
   116 
   117 
   118 *** Document preparation ***
   119 
   120 * Antiquotation @{rail} layouts railroad syntax diagrams, see also
   121 isar-ref manual.
   122 
   123 * Localized \isabellestyle switch can be used within blocks or groups
   124 like this:
   125 
   126   \isabellestyle{it}  %preferred default
   127   {\isabellestylett @{text "typewriter stuff"}}
   128 
   129 * New term style "isub" as ad-hoc conversion of variables x1, y23 into
   130 subscripted form x\<^isub>1, y\<^isub>2\<^isub>3.
   131 
   132 * Predefined LaTeX macros for Isabelle symbols \<bind> and \<then>
   133 (e.g. see ~~/src/HOL/Library/Monad_Syntax.thy).
   134 
   135 
   136 *** ML ***
   137 
   138 * Antiquotations for ML and document preparation are managed as theory
   139 data, which requires explicit setup.
   140 
   141 * Isabelle_Process.is_active allows tools to check if the official
   142 process wrapper is running (Isabelle/Scala/jEdit) or the old TTY loop
   143 (better known as Proof General).
   144 
   145 * Structure Proof_Context follows standard naming scheme.  Old
   146 ProofContext is still available for some time as legacy alias.
   147 
   148 * Structure Timing provides various operations for timing; supersedes
   149 former start_timing/end_timing etc.
   150 
   151 * Path.print is the official way to show file-system paths to users
   152 (including quotes etc.).
   153 
   154 * Inner syntax: identifiers in parse trees of generic categories
   155 "logic", "aprop", "idt" etc. carry position information (disguised as
   156 type constraints).  Occasional INCOMPATIBILITY with non-compliant
   157 translations that choke on unexpected type constraints.  Positions can
   158 be stripped in ML translations via Syntax.strip_positions /
   159 Syntax.strip_positions_ast, or via the syntax constant
   160 "_strip_positions" within parse trees.  As last resort, positions can
   161 be disabled via the configuration option Syntax.positions, which is
   162 called "syntax_positions" in Isar attribute syntax.
   163 
   164 * Discontinued special status of various ML structures that contribute
   165 to structure Syntax (Ast, Lexicon, Mixfix, Parser, Printer etc.): less
   166 pervasive content, no inclusion in structure Syntax.  INCOMPATIBILITY,
   167 refer directly to Ast.Constant, Lexicon.is_identifier,
   168 Syntax_Trans.mk_binder_tr etc.
   169 
   170 * Typed print translation: discontinued show_sorts argument, which is
   171 already available via context of "advanced" translation.
   172 
   173 * Refined PARALLEL_GOALS tactical: degrades gracefully for schematic
   174 goal states; body tactic needs to address all subgoals uniformly.
   175 
   176 * Slightly more special eq_list/eq_set, with shortcut involving
   177 pointer equality (assumes that eq relation is reflexive).
   178 
   179 * Classical tactics use proper Proof.context instead of historic types
   180 claset/clasimpset.  Old-style declarations like addIs, addEs, addDs
   181 operate directly on Proof.context.  Raw type claset retains its use as
   182 snapshot of the classical context, which can be recovered via
   183 (put_claset HOL_cs) etc.  Type clasimpset has been discontinued.
   184 INCOMPATIBILITY, classical tactics and derived proof methods require
   185 proper Proof.context.
   186 
   187 
   188 
   189 New in Isabelle2011 (January 2011)
   190 ----------------------------------
   191 
   192 *** General ***
   193 
   194 * Experimental Prover IDE based on Isabelle/Scala and jEdit (see
   195 src/Tools/jEdit).  This also serves as IDE for Isabelle/ML, with
   196 useful tooltips and hyperlinks produced from its static analysis.  The
   197 bundled component provides an executable Isabelle tool that can be run
   198 like this:
   199 
   200   Isabelle2011/bin/isabelle jedit
   201 
   202 * Significantly improved Isabelle/Isar implementation manual.
   203 
   204 * System settings: ISABELLE_HOME_USER now includes ISABELLE_IDENTIFIER
   205 (and thus refers to something like $HOME/.isabelle/Isabelle2011),
   206 while the default heap location within that directory lacks that extra
   207 suffix.  This isolates multiple Isabelle installations from each
   208 other, avoiding problems with old settings in new versions.
   209 INCOMPATIBILITY, need to copy/upgrade old user settings manually.
   210 
   211 * Source files are always encoded as UTF-8, instead of old-fashioned
   212 ISO-Latin-1.  INCOMPATIBILITY.  Isabelle LaTeX documents might require
   213 the following package declarations:
   214 
   215   \usepackage[utf8]{inputenc}
   216   \usepackage{textcomp}
   217 
   218 * Explicit treatment of UTF-8 sequences as Isabelle symbols, such that
   219 a Unicode character is treated as a single symbol, not a sequence of
   220 non-ASCII bytes as before.  Since Isabelle/ML string literals may
   221 contain symbols without further backslash escapes, Unicode can now be
   222 used here as well.  Recall that Symbol.explode in ML provides a
   223 consistent view on symbols, while raw explode (or String.explode)
   224 merely give a byte-oriented representation.
   225 
   226 * Theory loader: source files are primarily located via the master
   227 directory of each theory node (where the .thy file itself resides).
   228 The global load path is still partially available as legacy feature.
   229 Minor INCOMPATIBILITY due to subtle change in file lookup: use
   230 explicit paths, relatively to the theory.
   231 
   232 * Special treatment of ML file names has been discontinued.
   233 Historically, optional extensions .ML or .sml were added on demand --
   234 at the cost of clarity of file dependencies.  Recall that Isabelle/ML
   235 files exclusively use the .ML extension.  Minor INCOMPATIBILTY.
   236 
   237 * Various options that affect pretty printing etc. are now properly
   238 handled within the context via configuration options, instead of
   239 unsynchronized references or print modes.  There are both ML Config.T
   240 entities and Isar declaration attributes to access these.
   241 
   242   ML (Config.T)                 Isar (attribute)
   243 
   244   eta_contract                  eta_contract
   245   show_brackets                 show_brackets
   246   show_sorts                    show_sorts
   247   show_types                    show_types
   248   show_question_marks           show_question_marks
   249   show_consts                   show_consts
   250   show_abbrevs                  show_abbrevs
   251 
   252   Syntax.ast_trace              syntax_ast_trace
   253   Syntax.ast_stat               syntax_ast_stat
   254   Syntax.ambiguity_level        syntax_ambiguity_level
   255 
   256   Goal_Display.goals_limit      goals_limit
   257   Goal_Display.show_main_goal   show_main_goal
   258 
   259   Method.rule_trace             rule_trace
   260 
   261   Thy_Output.display            thy_output_display
   262   Thy_Output.quotes             thy_output_quotes
   263   Thy_Output.indent             thy_output_indent
   264   Thy_Output.source             thy_output_source
   265   Thy_Output.break              thy_output_break
   266 
   267 Note that corresponding "..._default" references in ML may only be
   268 changed globally at the ROOT session setup, but *not* within a theory.
   269 The option "show_abbrevs" supersedes the former print mode
   270 "no_abbrevs" with inverted meaning.
   271 
   272 * More systematic naming of some configuration options.
   273 INCOMPATIBILITY.
   274 
   275   trace_simp  ~>  simp_trace
   276   debug_simp  ~>  simp_debug
   277 
   278 * Support for real valued configuration options, using simplistic
   279 floating-point notation that coincides with the inner syntax for
   280 float_token.
   281 
   282 * Support for real valued preferences (with approximative PGIP type):
   283 front-ends need to accept "pgint" values in float notation.
   284 INCOMPATIBILITY.
   285 
   286 * The IsabelleText font now includes Cyrillic, Hebrew, Arabic from
   287 DejaVu Sans.
   288 
   289 * Discontinued support for Poly/ML 5.0 and 5.1 versions.
   290 
   291 
   292 *** Pure ***
   293 
   294 * Command 'type_synonym' (with single argument) replaces somewhat
   295 outdated 'types', which is still available as legacy feature for some
   296 time.
   297 
   298 * Command 'nonterminal' (with 'and' separated list of arguments)
   299 replaces somewhat outdated 'nonterminals'.  INCOMPATIBILITY.
   300 
   301 * Command 'notepad' replaces former 'example_proof' for
   302 experimentation in Isar without any result.  INCOMPATIBILITY.
   303 
   304 * Locale interpretation commands 'interpret' and 'sublocale' accept
   305 lists of equations to map definitions in a locale to appropriate
   306 entities in the context of the interpretation.  The 'interpretation'
   307 command already provided this functionality.
   308 
   309 * Diagnostic command 'print_dependencies' prints the locale instances
   310 that would be activated if the specified expression was interpreted in
   311 the current context.  Variant "print_dependencies!" assumes a context
   312 without interpretations.
   313 
   314 * Diagnostic command 'print_interps' prints interpretations in proofs
   315 in addition to interpretations in theories.
   316 
   317 * Discontinued obsolete 'global' and 'local' commands to manipulate
   318 the theory name space.  Rare INCOMPATIBILITY.  The ML functions
   319 Sign.root_path and Sign.local_path may be applied directly where this
   320 feature is still required for historical reasons.
   321 
   322 * Discontinued obsolete 'constdefs' command.  INCOMPATIBILITY, use
   323 'definition' instead.
   324 
   325 * The "prems" fact, which refers to the accidental collection of
   326 foundational premises in the context, is now explicitly marked as
   327 legacy feature and will be discontinued soon.  Consider using "assms"
   328 of the head statement or reference facts by explicit names.
   329 
   330 * Document antiquotations @{class} and @{type} print classes and type
   331 constructors.
   332 
   333 * Document antiquotation @{file} checks file/directory entries within
   334 the local file system.
   335 
   336 
   337 *** HOL ***
   338 
   339 * Coercive subtyping: functions can be declared as coercions and type
   340 inference will add them as necessary upon input of a term.  Theory
   341 Complex_Main declares real :: nat => real and real :: int => real as
   342 coercions. A coercion function f is declared like this:
   343 
   344   declare [[coercion f]]
   345 
   346 To lift coercions through type constructors (e.g. from nat => real to
   347 nat list => real list), map functions can be declared, e.g.
   348 
   349   declare [[coercion_map map]]
   350 
   351 Currently coercion inference is activated only in theories including
   352 real numbers, i.e. descendants of Complex_Main.  This is controlled by
   353 the configuration option "coercion_enabled", e.g. it can be enabled in
   354 other theories like this:
   355 
   356   declare [[coercion_enabled]]
   357 
   358 * Command 'partial_function' provides basic support for recursive
   359 function definitions over complete partial orders.  Concrete instances
   360 are provided for i) the option type, ii) tail recursion on arbitrary
   361 types, and iii) the heap monad of Imperative_HOL.  See
   362 src/HOL/ex/Fundefs.thy and src/HOL/Imperative_HOL/ex/Linked_Lists.thy
   363 for examples.
   364 
   365 * Function package: f.psimps rules are no longer implicitly declared
   366 as [simp].  INCOMPATIBILITY.
   367 
   368 * Datatype package: theorems generated for executable equality (class
   369 "eq") carry proper names and are treated as default code equations.
   370 
   371 * Inductive package: now offers command 'inductive_simps' to
   372 automatically derive instantiated and simplified equations for
   373 inductive predicates, similar to 'inductive_cases'.
   374 
   375 * Command 'enriched_type' allows to register properties of the
   376 functorial structure of types.
   377 
   378 * Improved infrastructure for term evaluation using code generator
   379 techniques, in particular static evaluation conversions.
   380 
   381 * Code generator: Scala (2.8 or higher) has been added to the target
   382 languages.
   383 
   384 * Code generator: globbing constant expressions "*" and "Theory.*"
   385 have been replaced by the more idiomatic "_" and "Theory._".
   386 INCOMPATIBILITY.
   387 
   388 * Code generator: export_code without explicit file declaration prints
   389 to standard output.  INCOMPATIBILITY.
   390 
   391 * Code generator: do not print function definitions for case
   392 combinators any longer.
   393 
   394 * Code generator: simplification with rules determined with
   395 src/Tools/Code/code_simp.ML and method "code_simp".
   396 
   397 * Code generator for records: more idiomatic representation of record
   398 types.  Warning: records are not covered by ancient SML code
   399 generation any longer.  INCOMPATIBILITY.  In cases of need, a suitable
   400 rep_datatype declaration helps to succeed then:
   401 
   402   record 'a foo = ...
   403   ...
   404   rep_datatype foo_ext ...
   405 
   406 * Records: logical foundation type for records does not carry a
   407 '_type' suffix any longer (obsolete due to authentic syntax).
   408 INCOMPATIBILITY.
   409 
   410 * Quickcheck now by default uses exhaustive testing instead of random
   411 testing.  Random testing can be invoked by "quickcheck [random]",
   412 exhaustive testing by "quickcheck [exhaustive]".
   413 
   414 * Quickcheck instantiates polymorphic types with small finite
   415 datatypes by default. This enables a simple execution mechanism to
   416 handle quantifiers and function equality over the finite datatypes.
   417 
   418 * Quickcheck random generator has been renamed from "code" to
   419 "random".  INCOMPATIBILITY.
   420 
   421 * Quickcheck now has a configurable time limit which is set to 30
   422 seconds by default. This can be changed by adding [timeout = n] to the
   423 quickcheck command. The time limit for Auto Quickcheck is still set
   424 independently.
   425 
   426 * Quickcheck in locales considers interpretations of that locale for
   427 counter example search.
   428 
   429 * Sledgehammer:
   430   - Added "smt" and "remote_smt" provers based on the "smt" proof
   431     method. See the Sledgehammer manual for details ("isabelle doc
   432     sledgehammer").
   433   - Renamed commands:
   434     sledgehammer atp_info ~> sledgehammer running_provers
   435     sledgehammer atp_kill ~> sledgehammer kill_provers
   436     sledgehammer available_atps ~> sledgehammer available_provers
   437     INCOMPATIBILITY.
   438   - Renamed options:
   439     sledgehammer [atps = ...] ~> sledgehammer [provers = ...]
   440     sledgehammer [atp = ...] ~> sledgehammer [prover = ...]
   441     sledgehammer [timeout = 77 s] ~> sledgehammer [timeout = 77]
   442     (and "ms" and "min" are no longer supported)
   443     INCOMPATIBILITY.
   444 
   445 * Nitpick:
   446   - Renamed options:
   447     nitpick [timeout = 77 s] ~> nitpick [timeout = 77]
   448     nitpick [tac_timeout = 777 ms] ~> nitpick [tac_timeout = 0.777]
   449     INCOMPATIBILITY.
   450   - Added support for partial quotient types.
   451   - Added local versions of the "Nitpick.register_xxx" functions.
   452   - Added "whack" option.
   453   - Allow registration of quotient types as codatatypes.
   454   - Improved "merge_type_vars" option to merge more types.
   455   - Removed unsound "fast_descrs" option.
   456   - Added custom symmetry breaking for datatypes, making it possible to reach
   457     higher cardinalities.
   458   - Prevent the expansion of too large definitions.
   459 
   460 * Proof methods "metis" and "meson" now have configuration options
   461 "meson_trace", "metis_trace", and "metis_verbose" that can be enabled
   462 to diagnose these tools. E.g.
   463 
   464     using [[metis_trace = true]]
   465 
   466 * Auto Solve: Renamed "Auto Solve Direct".  The tool is now available
   467 manually as command 'solve_direct'.
   468 
   469 * The default SMT solver Z3 must be enabled explicitly (due to
   470 licensing issues) by setting the environment variable
   471 Z3_NON_COMMERCIAL in etc/settings of the component, for example.  For
   472 commercial applications, the SMT solver CVC3 is provided as fall-back;
   473 changing the SMT solver is done via the configuration option
   474 "smt_solver".
   475 
   476 * Remote SMT solvers need to be referred to by the "remote_" prefix,
   477 i.e. "remote_cvc3" and "remote_z3".
   478 
   479 * Added basic SMT support for datatypes, records, and typedefs using
   480 the oracle mode (no proofs).  Direct support of pairs has been dropped
   481 in exchange (pass theorems fst_conv snd_conv pair_collapse to the SMT
   482 support for a similar behavior).  Minor INCOMPATIBILITY.
   483 
   484 * Changed SMT configuration options:
   485   - Renamed:
   486     z3_proofs ~> smt_oracle (with inverted meaning)
   487     z3_trace_assms ~> smt_trace_used_facts
   488     INCOMPATIBILITY.
   489   - Added:
   490     smt_verbose
   491     smt_random_seed
   492     smt_datatypes
   493     smt_infer_triggers
   494     smt_monomorph_limit
   495     cvc3_options
   496     remote_cvc3_options
   497     remote_z3_options
   498     yices_options
   499 
   500 * Boogie output files (.b2i files) need to be declared in the theory
   501 header.
   502 
   503 * Simplification procedure "list_to_set_comprehension" rewrites list
   504 comprehensions applied to List.set to set comprehensions.  Occasional
   505 INCOMPATIBILITY, may be deactivated like this:
   506 
   507   declare [[simproc del: list_to_set_comprehension]]
   508 
   509 * Removed old version of primrec package.  INCOMPATIBILITY.
   510 
   511 * Removed simplifier congruence rule of "prod_case", as has for long
   512 been the case with "split".  INCOMPATIBILITY.
   513 
   514 * String.literal is a type, but not a datatype.  INCOMPATIBILITY.
   515 
   516 * Removed [split_format ... and ... and ...] version of
   517 [split_format].  Potential INCOMPATIBILITY.
   518 
   519 * Predicate "sorted" now defined inductively, with nice induction
   520 rules.  INCOMPATIBILITY: former sorted.simps now named sorted_simps.
   521 
   522 * Constant "contents" renamed to "the_elem", to free the generic name
   523 contents for other uses.  INCOMPATIBILITY.
   524 
   525 * Renamed class eq and constant eq (for code generation) to class
   526 equal and constant equal, plus renaming of related facts and various
   527 tuning.  INCOMPATIBILITY.
   528 
   529 * Dropped type classes mult_mono and mult_mono1.  INCOMPATIBILITY.
   530 
   531 * Removed output syntax "'a ~=> 'b" for "'a => 'b option".
   532 INCOMPATIBILITY.
   533 
   534 * Renamed theory Fset to Cset, type Fset.fset to Cset.set, in order to
   535 avoid confusion with finite sets.  INCOMPATIBILITY.
   536 
   537 * Abandoned locales equiv, congruent and congruent2 for equivalence
   538 relations.  INCOMPATIBILITY: use equivI rather than equiv_intro (same
   539 for congruent(2)).
   540 
   541 * Some previously unqualified names have been qualified:
   542 
   543   types
   544     bool ~> HOL.bool
   545     nat ~> Nat.nat
   546 
   547   constants
   548     Trueprop ~> HOL.Trueprop
   549     True ~> HOL.True
   550     False ~> HOL.False
   551     op & ~> HOL.conj
   552     op | ~> HOL.disj
   553     op --> ~> HOL.implies
   554     op = ~> HOL.eq
   555     Not ~> HOL.Not
   556     The ~> HOL.The
   557     All ~> HOL.All
   558     Ex ~> HOL.Ex
   559     Ex1 ~> HOL.Ex1
   560     Let ~> HOL.Let
   561     If ~> HOL.If
   562     Ball ~> Set.Ball
   563     Bex ~> Set.Bex
   564     Suc ~> Nat.Suc
   565     Pair ~> Product_Type.Pair
   566     fst ~> Product_Type.fst
   567     snd ~> Product_Type.snd
   568     curry ~> Product_Type.curry
   569     op : ~> Set.member
   570     Collect ~> Set.Collect
   571 
   572 INCOMPATIBILITY.
   573 
   574 * More canonical naming convention for some fundamental definitions:
   575 
   576     bot_bool_eq ~> bot_bool_def
   577     top_bool_eq ~> top_bool_def
   578     inf_bool_eq ~> inf_bool_def
   579     sup_bool_eq ~> sup_bool_def
   580     bot_fun_eq  ~> bot_fun_def
   581     top_fun_eq  ~> top_fun_def
   582     inf_fun_eq  ~> inf_fun_def
   583     sup_fun_eq  ~> sup_fun_def
   584 
   585 INCOMPATIBILITY.
   586 
   587 * More stylized fact names:
   588 
   589   expand_fun_eq ~> fun_eq_iff
   590   expand_set_eq ~> set_eq_iff
   591   set_ext       ~> set_eqI
   592   nat_number    ~> eval_nat_numeral
   593 
   594 INCOMPATIBILITY.
   595 
   596 * Refactoring of code-generation specific operations in theory List:
   597 
   598   constants
   599     null ~> List.null
   600 
   601   facts
   602     mem_iff ~> member_def
   603     null_empty ~> null_def
   604 
   605 INCOMPATIBILITY.  Note that these were not supposed to be used
   606 regularly unless for striking reasons; their main purpose was code
   607 generation.
   608 
   609 Various operations from the Haskell prelude are used for generating
   610 Haskell code.
   611 
   612 * Term "bij f" is now an abbreviation of "bij_betw f UNIV UNIV".  Term
   613 "surj f" is now an abbreviation of "range f = UNIV".  The theorems
   614 bij_def and surj_def are unchanged.  INCOMPATIBILITY.
   615 
   616 * Abolished some non-alphabetic type names: "prod" and "sum" replace
   617 "*" and "+" respectively.  INCOMPATIBILITY.
   618 
   619 * Name "Plus" of disjoint sum operator "<+>" is now hidden.  Write
   620 "Sum_Type.Plus" instead.
   621 
   622 * Constant "split" has been merged with constant "prod_case"; names of
   623 ML functions, facts etc. involving split have been retained so far,
   624 though.  INCOMPATIBILITY.
   625 
   626 * Dropped old infix syntax "_ mem _" for List.member; use "_ : set _"
   627 instead.  INCOMPATIBILITY.
   628 
   629 * Removed lemma "Option.is_none_none" which duplicates "is_none_def".
   630 INCOMPATIBILITY.
   631 
   632 * Former theory Library/Enum is now part of the HOL-Main image.
   633 INCOMPATIBILITY: all constants of the Enum theory now have to be
   634 referred to by its qualified name.
   635 
   636   enum    ~>  Enum.enum
   637   nlists  ~>  Enum.nlists
   638   product ~>  Enum.product
   639 
   640 * Theory Library/Monad_Syntax provides do-syntax for monad types.
   641 Syntax in Library/State_Monad has been changed to avoid ambiguities.
   642 INCOMPATIBILITY.
   643 
   644 * Theory Library/SetsAndFunctions has been split into
   645 Library/Function_Algebras and Library/Set_Algebras; canonical names
   646 for instance definitions for functions; various improvements.
   647 INCOMPATIBILITY.
   648 
   649 * Theory Library/Multiset provides stable quicksort implementation of
   650 sort_key.
   651 
   652 * Theory Library/Multiset: renamed empty_idemp ~> empty_neutral.
   653 INCOMPATIBILITY.
   654 
   655 * Session Multivariate_Analysis: introduced a type class for euclidean
   656 space.  Most theorems are now stated in terms of euclidean spaces
   657 instead of finite cartesian products.
   658 
   659   types
   660     real ^ 'n ~>  'a::real_vector
   661               ~>  'a::euclidean_space
   662               ~>  'a::ordered_euclidean_space
   663         (depends on your needs)
   664 
   665   constants
   666      _ $ _        ~> _ $$ _
   667      \<chi> x. _  ~> \<chi>\<chi> x. _
   668      CARD('n)     ~> DIM('a)
   669 
   670 Also note that the indices are now natural numbers and not from some
   671 finite type. Finite cartesian products of euclidean spaces, products
   672 of euclidean spaces the real and complex numbers are instantiated to
   673 be euclidean_spaces.  INCOMPATIBILITY.
   674 
   675 * Session Probability: introduced pextreal as positive extended real
   676 numbers.  Use pextreal as value for measures.  Introduce the
   677 Radon-Nikodym derivative, product spaces and Fubini's theorem for
   678 arbitrary sigma finite measures.  Introduces Lebesgue measure based on
   679 the integral in Multivariate Analysis.  INCOMPATIBILITY.
   680 
   681 * Session Imperative_HOL: revamped, corrected dozens of inadequacies.
   682 INCOMPATIBILITY.
   683 
   684 * Session SPARK (with image HOL-SPARK) provides commands to load and
   685 prove verification conditions generated by the SPARK Ada program
   686 verifier.  See also src/HOL/SPARK and src/HOL/SPARK/Examples.
   687 
   688 
   689 *** HOL-Algebra ***
   690 
   691 * Theorems for additive ring operations (locale abelian_monoid and
   692 descendants) are generated by interpretation from their multiplicative
   693 counterparts.  Names (in particular theorem names) have the mandatory
   694 qualifier 'add'.  Previous theorem names are redeclared for
   695 compatibility.
   696 
   697 * Structure "int_ring" is now an abbreviation (previously a
   698 definition).  This fits more natural with advanced interpretations.
   699 
   700 
   701 *** HOLCF ***
   702 
   703 * The domain package now runs in definitional mode by default: The
   704 former command 'new_domain' is now called 'domain'.  To use the domain
   705 package in its original axiomatic mode, use 'domain (unsafe)'.
   706 INCOMPATIBILITY.
   707 
   708 * The new class "domain" is now the default sort.  Class "predomain"
   709 is an unpointed version of "domain". Theories can be updated by
   710 replacing sort annotations as shown below.  INCOMPATIBILITY.
   711 
   712   'a::type ~> 'a::countable
   713   'a::cpo  ~> 'a::predomain
   714   'a::pcpo ~> 'a::domain
   715 
   716 * The old type class "rep" has been superseded by class "domain".
   717 Accordingly, users of the definitional package must remove any
   718 "default_sort rep" declarations.  INCOMPATIBILITY.
   719 
   720 * The domain package (definitional mode) now supports unpointed
   721 predomain argument types, as long as they are marked 'lazy'. (Strict
   722 arguments must be in class "domain".) For example, the following
   723 domain definition now works:
   724 
   725   domain natlist = nil | cons (lazy "nat discr") (lazy "natlist")
   726 
   727 * Theory HOLCF/Library/HOL_Cpo provides cpo and predomain class
   728 instances for types from main HOL: bool, nat, int, char, 'a + 'b,
   729 'a option, and 'a list.  Additionally, it configures fixrec and the
   730 domain package to work with these types.  For example:
   731 
   732   fixrec isInl :: "('a + 'b) u -> tr"
   733     where "isInl$(up$(Inl x)) = TT" | "isInl$(up$(Inr y)) = FF"
   734 
   735   domain V = VFun (lazy "V -> V") | VCon (lazy "nat") (lazy "V list")
   736 
   737 * The "(permissive)" option of fixrec has been replaced with a
   738 per-equation "(unchecked)" option. See
   739 src/HOL/HOLCF/Tutorial/Fixrec_ex.thy for examples. INCOMPATIBILITY.
   740 
   741 * The "bifinite" class no longer fixes a constant "approx"; the class
   742 now just asserts that such a function exists.  INCOMPATIBILITY.
   743 
   744 * Former type "alg_defl" has been renamed to "defl".  HOLCF no longer
   745 defines an embedding of type 'a defl into udom by default; instances
   746 of "bifinite" and "domain" classes are available in
   747 src/HOL/HOLCF/Library/Defl_Bifinite.thy.
   748 
   749 * The syntax "REP('a)" has been replaced with "DEFL('a)".
   750 
   751 * The predicate "directed" has been removed.  INCOMPATIBILITY.
   752 
   753 * The type class "finite_po" has been removed.  INCOMPATIBILITY.
   754 
   755 * The function "cprod_map" has been renamed to "prod_map".
   756 INCOMPATIBILITY.
   757 
   758 * The monadic bind operator on each powerdomain has new binder syntax
   759 similar to sets, e.g. "\<Union>\<sharp>x\<in>xs. t" represents
   760 "upper_bind\<cdot>xs\<cdot>(\<Lambda> x. t)".
   761 
   762 * The infix syntax for binary union on each powerdomain has changed
   763 from e.g. "+\<sharp>" to "\<union>\<sharp>", for consistency with set
   764 syntax.  INCOMPATIBILITY.
   765 
   766 * The constant "UU" has been renamed to "bottom".  The syntax "UU" is
   767 still supported as an input translation.
   768 
   769 * Renamed some theorems (the original names are also still available).
   770 
   771   expand_fun_below   ~> fun_below_iff
   772   below_fun_ext      ~> fun_belowI
   773   expand_cfun_eq     ~> cfun_eq_iff
   774   ext_cfun           ~> cfun_eqI
   775   expand_cfun_below  ~> cfun_below_iff
   776   below_cfun_ext     ~> cfun_belowI
   777   cont2cont_Rep_CFun ~> cont2cont_APP
   778 
   779 * The Abs and Rep functions for various types have changed names.
   780 Related theorem names have also changed to match. INCOMPATIBILITY.
   781 
   782   Rep_CFun  ~> Rep_cfun
   783   Abs_CFun  ~> Abs_cfun
   784   Rep_Sprod ~> Rep_sprod
   785   Abs_Sprod ~> Abs_sprod
   786   Rep_Ssum  ~> Rep_ssum
   787   Abs_Ssum  ~> Abs_ssum
   788 
   789 * Lemmas with names of the form *_defined_iff or *_strict_iff have
   790 been renamed to *_bottom_iff.  INCOMPATIBILITY.
   791 
   792 * Various changes to bisimulation/coinduction with domain package:
   793 
   794   - Definitions of "bisim" constants no longer mention definedness.
   795   - With mutual recursion, "bisim" predicate is now curried.
   796   - With mutual recursion, each type gets a separate coind theorem.
   797   - Variable names in bisim_def and coinduct rules have changed.
   798 
   799 INCOMPATIBILITY.
   800 
   801 * Case combinators generated by the domain package for type "foo" are
   802 now named "foo_case" instead of "foo_when".  INCOMPATIBILITY.
   803 
   804 * Several theorems have been renamed to more accurately reflect the
   805 names of constants and types involved.  INCOMPATIBILITY.
   806 
   807   thelub_const    ~> lub_const
   808   lub_const       ~> is_lub_const
   809   thelubI         ~> lub_eqI
   810   is_lub_lub      ~> is_lubD2
   811   lubI            ~> is_lub_lub
   812   unique_lub      ~> is_lub_unique
   813   is_ub_lub       ~> is_lub_rangeD1
   814   lub_bin_chain   ~> is_lub_bin_chain
   815   lub_fun         ~> is_lub_fun
   816   thelub_fun      ~> lub_fun
   817   thelub_cfun     ~> lub_cfun
   818   thelub_Pair     ~> lub_Pair
   819   lub_cprod       ~> is_lub_prod
   820   thelub_cprod    ~> lub_prod
   821   minimal_cprod   ~> minimal_prod
   822   inst_cprod_pcpo ~> inst_prod_pcpo
   823   UU_I            ~> bottomI
   824   compact_UU      ~> compact_bottom
   825   deflation_UU    ~> deflation_bottom
   826   finite_deflation_UU ~> finite_deflation_bottom
   827 
   828 * Many legacy theorem names have been discontinued.  INCOMPATIBILITY.
   829 
   830   sq_ord_less_eq_trans ~> below_eq_trans
   831   sq_ord_eq_less_trans ~> eq_below_trans
   832   refl_less            ~> below_refl
   833   trans_less           ~> below_trans
   834   antisym_less         ~> below_antisym
   835   antisym_less_inverse ~> po_eq_conv [THEN iffD1]
   836   box_less             ~> box_below
   837   rev_trans_less       ~> rev_below_trans
   838   not_less2not_eq      ~> not_below2not_eq
   839   less_UU_iff          ~> below_UU_iff
   840   flat_less_iff        ~> flat_below_iff
   841   adm_less             ~> adm_below
   842   adm_not_less         ~> adm_not_below
   843   adm_compact_not_less ~> adm_compact_not_below
   844   less_fun_def         ~> below_fun_def
   845   expand_fun_less      ~> fun_below_iff
   846   less_fun_ext         ~> fun_belowI
   847   less_discr_def       ~> below_discr_def
   848   discr_less_eq        ~> discr_below_eq
   849   less_unit_def        ~> below_unit_def
   850   less_cprod_def       ~> below_prod_def
   851   prod_lessI           ~> prod_belowI
   852   Pair_less_iff        ~> Pair_below_iff
   853   fst_less_iff         ~> fst_below_iff
   854   snd_less_iff         ~> snd_below_iff
   855   expand_cfun_less     ~> cfun_below_iff
   856   less_cfun_ext        ~> cfun_belowI
   857   injection_less       ~> injection_below
   858   less_up_def          ~> below_up_def
   859   not_Iup_less         ~> not_Iup_below
   860   Iup_less             ~> Iup_below
   861   up_less              ~> up_below
   862   Def_inject_less_eq   ~> Def_below_Def
   863   Def_less_is_eq       ~> Def_below_iff
   864   spair_less_iff       ~> spair_below_iff
   865   less_sprod           ~> below_sprod
   866   spair_less           ~> spair_below
   867   sfst_less_iff        ~> sfst_below_iff
   868   ssnd_less_iff        ~> ssnd_below_iff
   869   fix_least_less       ~> fix_least_below
   870   dist_less_one        ~> dist_below_one
   871   less_ONE             ~> below_ONE
   872   ONE_less_iff         ~> ONE_below_iff
   873   less_sinlD           ~> below_sinlD
   874   less_sinrD           ~> below_sinrD
   875 
   876 
   877 *** FOL and ZF ***
   878 
   879 * All constant names are now qualified internally and use proper
   880 identifiers, e.g. "IFOL.eq" instead of "op =".  INCOMPATIBILITY.
   881 
   882 
   883 *** ML ***
   884 
   885 * Antiquotation @{assert} inlines a function bool -> unit that raises
   886 Fail if the argument is false.  Due to inlining the source position of
   887 failed assertions is included in the error output.
   888 
   889 * Discontinued antiquotation @{theory_ref}, which is obsolete since ML
   890 text is in practice always evaluated with a stable theory checkpoint.
   891 Minor INCOMPATIBILITY, use (Theory.check_thy @{theory}) instead.
   892 
   893 * Antiquotation @{theory A} refers to theory A from the ancestry of
   894 the current context, not any accidental theory loader state as before.
   895 Potential INCOMPATIBILITY, subtle change in semantics.
   896 
   897 * Syntax.pretty_priority (default 0) configures the required priority
   898 of pretty-printed output and thus affects insertion of parentheses.
   899 
   900 * Syntax.default_root (default "any") configures the inner syntax
   901 category (nonterminal symbol) for parsing of terms.
   902 
   903 * Former exception Library.UnequalLengths now coincides with
   904 ListPair.UnequalLengths.
   905 
   906 * Renamed structure MetaSimplifier to Raw_Simplifier.  Note that the
   907 main functionality is provided by structure Simplifier.
   908 
   909 * Renamed raw "explode" function to "raw_explode" to emphasize its
   910 meaning.  Note that internally to Isabelle, Symbol.explode is used in
   911 almost all situations.
   912 
   913 * Discontinued obsolete function sys_error and exception SYS_ERROR.
   914 See implementation manual for further details on exceptions in
   915 Isabelle/ML.
   916 
   917 * Renamed setmp_noncritical to Unsynchronized.setmp to emphasize its
   918 meaning.
   919 
   920 * Renamed structure PureThy to Pure_Thy and moved most of its
   921 operations to structure Global_Theory, to emphasize that this is
   922 rarely-used global-only stuff.
   923 
   924 * Discontinued Output.debug.  Minor INCOMPATIBILITY, use plain writeln
   925 instead (or tracing for high-volume output).
   926 
   927 * Configuration option show_question_marks only affects regular pretty
   928 printing of types and terms, not raw Term.string_of_vname.
   929 
   930 * ML_Context.thm and ML_Context.thms are no longer pervasive.  Rare
   931 INCOMPATIBILITY, superseded by static antiquotations @{thm} and
   932 @{thms} for most purposes.
   933 
   934 * ML structure Unsynchronized is never opened, not even in Isar
   935 interaction mode as before.  Old Unsynchronized.set etc. have been
   936 discontinued -- use plain := instead.  This should be *rare* anyway,
   937 since modern tools always work via official context data, notably
   938 configuration options.
   939 
   940 * Parallel and asynchronous execution requires special care concerning
   941 interrupts.  Structure Exn provides some convenience functions that
   942 avoid working directly with raw Interrupt.  User code must not absorb
   943 interrupts -- intermediate handling (for cleanup etc.) needs to be
   944 followed by re-raising of the original exception.  Another common
   945 source of mistakes are "handle _" patterns, which make the meaning of
   946 the program subject to physical effects of the environment.
   947 
   948 
   949 
   950 New in Isabelle2009-2 (June 2010)
   951 ---------------------------------
   952 
   953 *** General ***
   954 
   955 * Authentic syntax for *all* logical entities (type classes, type
   956 constructors, term constants): provides simple and robust
   957 correspondence between formal entities and concrete syntax.  Within
   958 the parse tree / AST representations, "constants" are decorated by
   959 their category (class, type, const) and spelled out explicitly with
   960 their full internal name.
   961 
   962 Substantial INCOMPATIBILITY concerning low-level syntax declarations
   963 and translations (translation rules and translation functions in ML).
   964 Some hints on upgrading:
   965 
   966   - Many existing uses of 'syntax' and 'translations' can be replaced
   967     by more modern 'type_notation', 'notation' and 'abbreviation',
   968     which are independent of this issue.
   969 
   970   - 'translations' require markup within the AST; the term syntax
   971     provides the following special forms:
   972 
   973       CONST c   -- produces syntax version of constant c from context
   974       XCONST c  -- literally c, checked as constant from context
   975       c         -- literally c, if declared by 'syntax'
   976 
   977     Plain identifiers are treated as AST variables -- occasionally the
   978     system indicates accidental variables via the error "rhs contains
   979     extra variables".
   980 
   981     Type classes and type constructors are marked according to their
   982     concrete syntax.  Some old translations rules need to be written
   983     for the "type" category, using type constructor application
   984     instead of pseudo-term application of the default category
   985     "logic".
   986 
   987   - 'parse_translation' etc. in ML may use the following
   988     antiquotations:
   989 
   990       @{class_syntax c}   -- type class c within parse tree / AST
   991       @{term_syntax c}    -- type constructor c within parse tree / AST
   992       @{const_syntax c}   -- ML version of "CONST c" above
   993       @{syntax_const c}   -- literally c (checked wrt. 'syntax' declarations)
   994 
   995   - Literal types within 'typed_print_translations', i.e. those *not*
   996     represented as pseudo-terms are represented verbatim.  Use @{class
   997     c} or @{type_name c} here instead of the above syntax
   998     antiquotations.
   999 
  1000 Note that old non-authentic syntax was based on unqualified base
  1001 names, so all of the above "constant" names would coincide.  Recall
  1002 that 'print_syntax' and ML_command "set Syntax.trace_ast" help to
  1003 diagnose syntax problems.
  1004 
  1005 * Type constructors admit general mixfix syntax, not just infix.
  1006 
  1007 * Concrete syntax may be attached to local entities without a proof
  1008 body, too.  This works via regular mixfix annotations for 'fix',
  1009 'def', 'obtain' etc. or via the explicit 'write' command, which is
  1010 similar to the 'notation' command in theory specifications.
  1011 
  1012 * Discontinued unnamed infix syntax (legacy feature for many years) --
  1013 need to specify constant name and syntax separately.  Internal ML
  1014 datatype constructors have been renamed from InfixName to Infix etc.
  1015 Minor INCOMPATIBILITY.
  1016 
  1017 * Schematic theorem statements need to be explicitly markup as such,
  1018 via commands 'schematic_lemma', 'schematic_theorem',
  1019 'schematic_corollary'.  Thus the relevance of the proof is made
  1020 syntactically clear, which impacts performance in a parallel or
  1021 asynchronous interactive environment.  Minor INCOMPATIBILITY.
  1022 
  1023 * Use of cumulative prems via "!" in some proof methods has been
  1024 discontinued (old legacy feature).
  1025 
  1026 * References 'trace_simp' and 'debug_simp' have been replaced by
  1027 configuration options stored in the context. Enabling tracing (the
  1028 case of debugging is similar) in proofs works via
  1029 
  1030   using [[trace_simp = true]]
  1031 
  1032 Tracing is then active for all invocations of the simplifier in
  1033 subsequent goal refinement steps. Tracing may also still be enabled or
  1034 disabled via the ProofGeneral settings menu.
  1035 
  1036 * Separate commands 'hide_class', 'hide_type', 'hide_const',
  1037 'hide_fact' replace the former 'hide' KIND command.  Minor
  1038 INCOMPATIBILITY.
  1039 
  1040 * Improved parallelism of proof term normalization: usedir -p2 -q0 is
  1041 more efficient than combinations with -q1 or -q2.
  1042 
  1043 
  1044 *** Pure ***
  1045 
  1046 * Proofterms record type-class reasoning explicitly, using the
  1047 "unconstrain" operation internally.  This eliminates all sort
  1048 constraints from a theorem and proof, introducing explicit
  1049 OFCLASS-premises.  On the proof term level, this operation is
  1050 automatically applied at theorem boundaries, such that closed proofs
  1051 are always free of sort constraints.  INCOMPATIBILITY for tools that
  1052 inspect proof terms.
  1053 
  1054 * Local theory specifications may depend on extra type variables that
  1055 are not present in the result type -- arguments TYPE('a) :: 'a itself
  1056 are added internally.  For example:
  1057 
  1058   definition unitary :: bool where "unitary = (ALL (x::'a) y. x = y)"
  1059 
  1060 * Predicates of locales introduced by classes carry a mandatory
  1061 "class" prefix.  INCOMPATIBILITY.
  1062 
  1063 * Vacuous class specifications observe default sort.  INCOMPATIBILITY.
  1064 
  1065 * Old 'axclass' command has been discontinued.  INCOMPATIBILITY, use
  1066 'class' instead.
  1067 
  1068 * Command 'code_reflect' allows to incorporate generated ML code into
  1069 runtime environment; replaces immature code_datatype antiquotation.
  1070 INCOMPATIBILITY.
  1071 
  1072 * Code generator: simple concept for abstract datatypes obeying
  1073 invariants.
  1074 
  1075 * Code generator: details of internal data cache have no impact on the
  1076 user space functionality any longer.
  1077 
  1078 * Methods "unfold_locales" and "intro_locales" ignore non-locale
  1079 subgoals.  This is more appropriate for interpretations with 'where'.
  1080 INCOMPATIBILITY.
  1081 
  1082 * Command 'example_proof' opens an empty proof body.  This allows to
  1083 experiment with Isar, without producing any persistent result.
  1084 
  1085 * Commands 'type_notation' and 'no_type_notation' declare type syntax
  1086 within a local theory context, with explicit checking of the
  1087 constructors involved (in contrast to the raw 'syntax' versions).
  1088 
  1089 * Commands 'types' and 'typedecl' now work within a local theory
  1090 context -- without introducing dependencies on parameters or
  1091 assumptions, which is not possible in Isabelle/Pure.
  1092 
  1093 * Command 'defaultsort' has been renamed to 'default_sort', it works
  1094 within a local theory context.  Minor INCOMPATIBILITY.
  1095 
  1096 
  1097 *** HOL ***
  1098 
  1099 * Command 'typedef' now works within a local theory context -- without
  1100 introducing dependencies on parameters or assumptions, which is not
  1101 possible in Isabelle/Pure/HOL.  Note that the logical environment may
  1102 contain multiple interpretations of local typedefs (with different
  1103 non-emptiness proofs), even in a global theory context.
  1104 
  1105 * New package for quotient types.  Commands 'quotient_type' and
  1106 'quotient_definition' may be used for defining types and constants by
  1107 quotient constructions.  An example is the type of integers created by
  1108 quotienting pairs of natural numbers:
  1109 
  1110   fun
  1111     intrel :: "(nat * nat) => (nat * nat) => bool"
  1112   where
  1113     "intrel (x, y) (u, v) = (x + v = u + y)"
  1114 
  1115   quotient_type int = "nat * nat" / intrel
  1116     by (auto simp add: equivp_def expand_fun_eq)
  1117 
  1118   quotient_definition
  1119     "0::int" is "(0::nat, 0::nat)"
  1120 
  1121 The method "lifting" can be used to lift of theorems from the
  1122 underlying "raw" type to the quotient type.  The example
  1123 src/HOL/Quotient_Examples/FSet.thy includes such a quotient
  1124 construction and provides a reasoning infrastructure for finite sets.
  1125 
  1126 * Renamed Library/Quotient.thy to Library/Quotient_Type.thy to avoid
  1127 clash with new theory Quotient in Main HOL.
  1128 
  1129 * Moved the SMT binding into the main HOL session, eliminating
  1130 separate HOL-SMT session.
  1131 
  1132 * List membership infix mem operation is only an input abbreviation.
  1133 INCOMPATIBILITY.
  1134 
  1135 * Theory Library/Word.thy has been removed.  Use library Word/Word.thy
  1136 for future developements; former Library/Word.thy is still present in
  1137 the AFP entry RSAPPS.
  1138 
  1139 * Theorem Int.int_induct renamed to Int.int_of_nat_induct and is no
  1140 longer shadowed.  INCOMPATIBILITY.
  1141 
  1142 * Dropped theorem duplicate comp_arith; use semiring_norm instead.
  1143 INCOMPATIBILITY.
  1144 
  1145 * Dropped theorem RealPow.real_sq_order; use power2_le_imp_le instead.
  1146 INCOMPATIBILITY.
  1147 
  1148 * Dropped normalizing_semiring etc; use the facts in semiring classes
  1149 instead.  INCOMPATIBILITY.
  1150 
  1151 * Dropped several real-specific versions of lemmas about floor and
  1152 ceiling; use the generic lemmas from theory "Archimedean_Field"
  1153 instead.  INCOMPATIBILITY.
  1154 
  1155   floor_number_of_eq         ~> floor_number_of
  1156   le_floor_eq_number_of      ~> number_of_le_floor
  1157   le_floor_eq_zero           ~> zero_le_floor
  1158   le_floor_eq_one            ~> one_le_floor
  1159   floor_less_eq_number_of    ~> floor_less_number_of
  1160   floor_less_eq_zero         ~> floor_less_zero
  1161   floor_less_eq_one          ~> floor_less_one
  1162   less_floor_eq_number_of    ~> number_of_less_floor
  1163   less_floor_eq_zero         ~> zero_less_floor
  1164   less_floor_eq_one          ~> one_less_floor
  1165   floor_le_eq_number_of      ~> floor_le_number_of
  1166   floor_le_eq_zero           ~> floor_le_zero
  1167   floor_le_eq_one            ~> floor_le_one
  1168   floor_subtract_number_of   ~> floor_diff_number_of
  1169   floor_subtract_one         ~> floor_diff_one
  1170   ceiling_number_of_eq       ~> ceiling_number_of
  1171   ceiling_le_eq_number_of    ~> ceiling_le_number_of
  1172   ceiling_le_zero_eq         ~> ceiling_le_zero
  1173   ceiling_le_eq_one          ~> ceiling_le_one
  1174   less_ceiling_eq_number_of  ~> number_of_less_ceiling
  1175   less_ceiling_eq_zero       ~> zero_less_ceiling
  1176   less_ceiling_eq_one        ~> one_less_ceiling
  1177   ceiling_less_eq_number_of  ~> ceiling_less_number_of
  1178   ceiling_less_eq_zero       ~> ceiling_less_zero
  1179   ceiling_less_eq_one        ~> ceiling_less_one
  1180   le_ceiling_eq_number_of    ~> number_of_le_ceiling
  1181   le_ceiling_eq_zero         ~> zero_le_ceiling
  1182   le_ceiling_eq_one          ~> one_le_ceiling
  1183   ceiling_subtract_number_of ~> ceiling_diff_number_of
  1184   ceiling_subtract_one       ~> ceiling_diff_one
  1185 
  1186 * Theory "Finite_Set": various folding_XXX locales facilitate the
  1187 application of the various fold combinators on finite sets.
  1188 
  1189 * Library theory "RBT" renamed to "RBT_Impl"; new library theory "RBT"
  1190 provides abstract red-black tree type which is backed by "RBT_Impl" as
  1191 implementation.  INCOMPATIBILTY.
  1192 
  1193 * Theory Library/Coinductive_List has been removed -- superseded by
  1194 AFP/thys/Coinductive.
  1195 
  1196 * Theory PReal, including the type "preal" and related operations, has
  1197 been removed.  INCOMPATIBILITY.
  1198 
  1199 * Real: new development using Cauchy Sequences.
  1200 
  1201 * Split off theory "Big_Operators" containing setsum, setprod,
  1202 Inf_fin, Sup_fin, Min, Max from theory Finite_Set.  INCOMPATIBILITY.
  1203 
  1204 * Theory "Rational" renamed to "Rat", for consistency with "Nat",
  1205 "Int" etc.  INCOMPATIBILITY.
  1206 
  1207 * Constant Rat.normalize needs to be qualified.  INCOMPATIBILITY.
  1208 
  1209 * New set of rules "ac_simps" provides combined assoc / commute
  1210 rewrites for all interpretations of the appropriate generic locales.
  1211 
  1212 * Renamed theory "OrderedGroup" to "Groups" and split theory
  1213 "Ring_and_Field" into theories "Rings" and "Fields"; for more
  1214 appropriate and more consistent names suitable for name prefixes
  1215 within the HOL theories.  INCOMPATIBILITY.
  1216 
  1217 * Some generic constants have been put to appropriate theories:
  1218   - less_eq, less: Orderings
  1219   - zero, one, plus, minus, uminus, times, abs, sgn: Groups
  1220   - inverse, divide: Rings
  1221 INCOMPATIBILITY.
  1222 
  1223 * More consistent naming of type classes involving orderings (and
  1224 lattices):
  1225 
  1226     lower_semilattice                   ~> semilattice_inf
  1227     upper_semilattice                   ~> semilattice_sup
  1228 
  1229     dense_linear_order                  ~> dense_linorder
  1230 
  1231     pordered_ab_group_add               ~> ordered_ab_group_add
  1232     pordered_ab_group_add_abs           ~> ordered_ab_group_add_abs
  1233     pordered_ab_semigroup_add           ~> ordered_ab_semigroup_add
  1234     pordered_ab_semigroup_add_imp_le    ~> ordered_ab_semigroup_add_imp_le
  1235     pordered_cancel_ab_semigroup_add    ~> ordered_cancel_ab_semigroup_add
  1236     pordered_cancel_comm_semiring       ~> ordered_cancel_comm_semiring
  1237     pordered_cancel_semiring            ~> ordered_cancel_semiring
  1238     pordered_comm_monoid_add            ~> ordered_comm_monoid_add
  1239     pordered_comm_ring                  ~> ordered_comm_ring
  1240     pordered_comm_semiring              ~> ordered_comm_semiring
  1241     pordered_ring                       ~> ordered_ring
  1242     pordered_ring_abs                   ~> ordered_ring_abs
  1243     pordered_semiring                   ~> ordered_semiring
  1244 
  1245     ordered_ab_group_add                ~> linordered_ab_group_add
  1246     ordered_ab_semigroup_add            ~> linordered_ab_semigroup_add
  1247     ordered_cancel_ab_semigroup_add     ~> linordered_cancel_ab_semigroup_add
  1248     ordered_comm_semiring_strict        ~> linordered_comm_semiring_strict
  1249     ordered_field                       ~> linordered_field
  1250     ordered_field_no_lb                 ~> linordered_field_no_lb
  1251     ordered_field_no_ub                 ~> linordered_field_no_ub
  1252     ordered_field_dense_linear_order    ~> dense_linordered_field
  1253     ordered_idom                        ~> linordered_idom
  1254     ordered_ring                        ~> linordered_ring
  1255     ordered_ring_le_cancel_factor       ~> linordered_ring_le_cancel_factor
  1256     ordered_ring_less_cancel_factor     ~> linordered_ring_less_cancel_factor
  1257     ordered_ring_strict                 ~> linordered_ring_strict
  1258     ordered_semidom                     ~> linordered_semidom
  1259     ordered_semiring                    ~> linordered_semiring
  1260     ordered_semiring_1                  ~> linordered_semiring_1
  1261     ordered_semiring_1_strict           ~> linordered_semiring_1_strict
  1262     ordered_semiring_strict             ~> linordered_semiring_strict
  1263 
  1264   The following slightly odd type classes have been moved to a
  1265   separate theory Library/Lattice_Algebras:
  1266 
  1267     lordered_ab_group_add               ~> lattice_ab_group_add
  1268     lordered_ab_group_add_abs           ~> lattice_ab_group_add_abs
  1269     lordered_ab_group_add_meet          ~> semilattice_inf_ab_group_add
  1270     lordered_ab_group_add_join          ~> semilattice_sup_ab_group_add
  1271     lordered_ring                       ~> lattice_ring
  1272 
  1273 INCOMPATIBILITY.
  1274 
  1275 * Refined field classes:
  1276   - classes division_ring_inverse_zero, field_inverse_zero,
  1277     linordered_field_inverse_zero include rule inverse 0 = 0 --
  1278     subsumes former division_by_zero class;
  1279   - numerous lemmas have been ported from field to division_ring.
  1280 INCOMPATIBILITY.
  1281 
  1282 * Refined algebra theorem collections:
  1283   - dropped theorem group group_simps, use algebra_simps instead;
  1284   - dropped theorem group ring_simps, use field_simps instead;
  1285   - proper theorem collection field_simps subsumes former theorem
  1286     groups field_eq_simps and field_simps;
  1287   - dropped lemma eq_minus_self_iff which is a duplicate for
  1288     equal_neg_zero.
  1289 INCOMPATIBILITY.
  1290 
  1291 * Theory Finite_Set and List: some lemmas have been generalized from
  1292 sets to lattices:
  1293 
  1294   fun_left_comm_idem_inter      ~> fun_left_comm_idem_inf
  1295   fun_left_comm_idem_union      ~> fun_left_comm_idem_sup
  1296   inter_Inter_fold_inter        ~> inf_Inf_fold_inf
  1297   union_Union_fold_union        ~> sup_Sup_fold_sup
  1298   Inter_fold_inter              ~> Inf_fold_inf
  1299   Union_fold_union              ~> Sup_fold_sup
  1300   inter_INTER_fold_inter        ~> inf_INFI_fold_inf
  1301   union_UNION_fold_union        ~> sup_SUPR_fold_sup
  1302   INTER_fold_inter              ~> INFI_fold_inf
  1303   UNION_fold_union              ~> SUPR_fold_sup
  1304 
  1305 * Theory "Complete_Lattice": lemmas top_def and bot_def have been
  1306 replaced by the more convenient lemmas Inf_empty and Sup_empty.
  1307 Dropped lemmas Inf_insert_simp and Sup_insert_simp, which are subsumed
  1308 by Inf_insert and Sup_insert.  Lemmas Inf_UNIV and Sup_UNIV replace
  1309 former Inf_Univ and Sup_Univ.  Lemmas inf_top_right and sup_bot_right
  1310 subsume inf_top and sup_bot respectively.  INCOMPATIBILITY.
  1311 
  1312 * Reorganized theory Multiset: swapped notation of pointwise and
  1313 multiset order:
  1314 
  1315   - pointwise ordering is instance of class order with standard syntax
  1316     <= and <;
  1317   - multiset ordering has syntax <=# and <#; partial order properties
  1318     are provided by means of interpretation with prefix
  1319     multiset_order;
  1320   - less duplication, less historical organization of sections,
  1321     conversion from associations lists to multisets, rudimentary code
  1322     generation;
  1323   - use insert_DiffM2 [symmetric] instead of elem_imp_eq_diff_union,
  1324     if needed.
  1325 
  1326 Renamed:
  1327 
  1328   multiset_eq_conv_count_eq  ~>  multiset_ext_iff
  1329   multi_count_ext  ~>  multiset_ext
  1330   diff_union_inverse2  ~>  diff_union_cancelR
  1331 
  1332 INCOMPATIBILITY.
  1333 
  1334 * Theory Permutation: replaced local "remove" by List.remove1.
  1335 
  1336 * Code generation: ML and OCaml code is decorated with signatures.
  1337 
  1338 * Theory List: added transpose.
  1339 
  1340 * Library/Nat_Bijection.thy is a collection of bijective functions
  1341 between nat and other types, which supersedes the older libraries
  1342 Library/Nat_Int_Bij.thy and HOLCF/NatIso.thy.  INCOMPATIBILITY.
  1343 
  1344   Constants:
  1345   Nat_Int_Bij.nat2_to_nat         ~> prod_encode
  1346   Nat_Int_Bij.nat_to_nat2         ~> prod_decode
  1347   Nat_Int_Bij.int_to_nat_bij      ~> int_encode
  1348   Nat_Int_Bij.nat_to_int_bij      ~> int_decode
  1349   Countable.pair_encode           ~> prod_encode
  1350   NatIso.prod2nat                 ~> prod_encode
  1351   NatIso.nat2prod                 ~> prod_decode
  1352   NatIso.sum2nat                  ~> sum_encode
  1353   NatIso.nat2sum                  ~> sum_decode
  1354   NatIso.list2nat                 ~> list_encode
  1355   NatIso.nat2list                 ~> list_decode
  1356   NatIso.set2nat                  ~> set_encode
  1357   NatIso.nat2set                  ~> set_decode
  1358 
  1359   Lemmas:
  1360   Nat_Int_Bij.bij_nat_to_int_bij  ~> bij_int_decode
  1361   Nat_Int_Bij.nat2_to_nat_inj     ~> inj_prod_encode
  1362   Nat_Int_Bij.nat2_to_nat_surj    ~> surj_prod_encode
  1363   Nat_Int_Bij.nat_to_nat2_inj     ~> inj_prod_decode
  1364   Nat_Int_Bij.nat_to_nat2_surj    ~> surj_prod_decode
  1365   Nat_Int_Bij.i2n_n2i_id          ~> int_encode_inverse
  1366   Nat_Int_Bij.n2i_i2n_id          ~> int_decode_inverse
  1367   Nat_Int_Bij.surj_nat_to_int_bij ~> surj_int_encode
  1368   Nat_Int_Bij.surj_int_to_nat_bij ~> surj_int_decode
  1369   Nat_Int_Bij.inj_nat_to_int_bij  ~> inj_int_encode
  1370   Nat_Int_Bij.inj_int_to_nat_bij  ~> inj_int_decode
  1371   Nat_Int_Bij.bij_nat_to_int_bij  ~> bij_int_encode
  1372   Nat_Int_Bij.bij_int_to_nat_bij  ~> bij_int_decode
  1373 
  1374 * Sledgehammer:
  1375   - Renamed ATP commands:
  1376     atp_info     ~> sledgehammer running_atps
  1377     atp_kill     ~> sledgehammer kill_atps
  1378     atp_messages ~> sledgehammer messages
  1379     atp_minimize ~> sledgehammer minimize
  1380     print_atps   ~> sledgehammer available_atps
  1381     INCOMPATIBILITY.
  1382   - Added user's manual ("isabelle doc sledgehammer").
  1383   - Added option syntax and "sledgehammer_params" to customize
  1384     Sledgehammer's behavior.  See the manual for details.
  1385   - Modified the Isar proof reconstruction code so that it produces
  1386     direct proofs rather than proofs by contradiction.  (This feature
  1387     is still experimental.)
  1388   - Made Isar proof reconstruction work for SPASS, remote ATPs, and in
  1389     full-typed mode.
  1390   - Added support for TPTP syntax for SPASS via the "spass_tptp" ATP.
  1391 
  1392 * Nitpick:
  1393   - Added and implemented "binary_ints" and "bits" options.
  1394   - Added "std" option and implemented support for nonstandard models.
  1395   - Added and implemented "finitize" option to improve the precision
  1396     of infinite datatypes based on a monotonicity analysis.
  1397   - Added support for quotient types.
  1398   - Added support for "specification" and "ax_specification"
  1399     constructs.
  1400   - Added support for local definitions (for "function" and
  1401     "termination" proofs).
  1402   - Added support for term postprocessors.
  1403   - Optimized "Multiset.multiset" and "FinFun.finfun".
  1404   - Improved efficiency of "destroy_constrs" optimization.
  1405   - Fixed soundness bugs related to "destroy_constrs" optimization and
  1406     record getters.
  1407   - Fixed soundness bug related to higher-order constructors.
  1408   - Fixed soundness bug when "full_descrs" is enabled.
  1409   - Improved precision of set constructs.
  1410   - Added "atoms" option.
  1411   - Added cache to speed up repeated Kodkod invocations on the same
  1412     problems.
  1413   - Renamed "MiniSatJNI", "zChaffJNI", "BerkMinAlloy", and
  1414     "SAT4JLight" to "MiniSat_JNI", "zChaff_JNI", "BerkMin_Alloy", and
  1415     "SAT4J_Light".  INCOMPATIBILITY.
  1416   - Removed "skolemize", "uncurry", "sym_break", "flatten_prop",
  1417     "sharing_depth", and "show_skolems" options.  INCOMPATIBILITY.
  1418   - Removed "nitpick_intro" attribute.  INCOMPATIBILITY.
  1419 
  1420 * Method "induct" now takes instantiations of the form t, where t is not
  1421   a variable, as a shorthand for "x == t", where x is a fresh variable.
  1422   If this is not intended, t has to be enclosed in parentheses.
  1423   By default, the equalities generated by definitional instantiations
  1424   are pre-simplified, which may cause parameters of inductive cases
  1425   to disappear, or may even delete some of the inductive cases.
  1426   Use "induct (no_simp)" instead of "induct" to restore the old
  1427   behaviour. The (no_simp) option is also understood by the "cases"
  1428   and "nominal_induct" methods, which now perform pre-simplification, too.
  1429   INCOMPATIBILITY.
  1430 
  1431 
  1432 *** HOLCF ***
  1433 
  1434 * Variable names in lemmas generated by the domain package have
  1435 changed; the naming scheme is now consistent with the HOL datatype
  1436 package.  Some proof scripts may be affected, INCOMPATIBILITY.
  1437 
  1438 * The domain package no longer defines the function "foo_copy" for
  1439 recursive domain "foo".  The reach lemma is now stated directly in
  1440 terms of "foo_take".  Lemmas and proofs that mention "foo_copy" must
  1441 be reformulated in terms of "foo_take", INCOMPATIBILITY.
  1442 
  1443 * Most definedness lemmas generated by the domain package (previously
  1444 of the form "x ~= UU ==> foo$x ~= UU") now have an if-and-only-if form
  1445 like "foo$x = UU <-> x = UU", which works better as a simp rule.
  1446 Proofs that used definedness lemmas as intro rules may break,
  1447 potential INCOMPATIBILITY.
  1448 
  1449 * Induction and casedist rules generated by the domain package now
  1450 declare proper case_names (one called "bottom", and one named for each
  1451 constructor).  INCOMPATIBILITY.
  1452 
  1453 * For mutually-recursive domains, separate "reach" and "take_lemma"
  1454 rules are generated for each domain, INCOMPATIBILITY.
  1455 
  1456   foo_bar.reach       ~> foo.reach  bar.reach
  1457   foo_bar.take_lemmas ~> foo.take_lemma  bar.take_lemma
  1458 
  1459 * Some lemmas generated by the domain package have been renamed for
  1460 consistency with the datatype package, INCOMPATIBILITY.
  1461 
  1462   foo.ind        ~> foo.induct
  1463   foo.finite_ind ~> foo.finite_induct
  1464   foo.coind      ~> foo.coinduct
  1465   foo.casedist   ~> foo.exhaust
  1466   foo.exhaust    ~> foo.nchotomy
  1467 
  1468 * For consistency with other definition packages, the fixrec package
  1469 now generates qualified theorem names, INCOMPATIBILITY.
  1470 
  1471   foo_simps  ~> foo.simps
  1472   foo_unfold ~> foo.unfold
  1473   foo_induct ~> foo.induct
  1474 
  1475 * The "fixrec_simp" attribute has been removed.  The "fixrec_simp"
  1476 method and internal fixrec proofs now use the default simpset instead.
  1477 INCOMPATIBILITY.
  1478 
  1479 * The "contlub" predicate has been removed.  Proof scripts should use
  1480 lemma contI2 in place of monocontlub2cont, INCOMPATIBILITY.
  1481 
  1482 * The "admw" predicate has been removed, INCOMPATIBILITY.
  1483 
  1484 * The constants cpair, cfst, and csnd have been removed in favor of
  1485 Pair, fst, and snd from Isabelle/HOL, INCOMPATIBILITY.
  1486 
  1487 
  1488 *** ML ***
  1489 
  1490 * Antiquotations for basic formal entities:
  1491 
  1492     @{class NAME}         -- type class
  1493     @{class_syntax NAME}  -- syntax representation of the above
  1494 
  1495     @{type_name NAME}     -- logical type
  1496     @{type_abbrev NAME}   -- type abbreviation
  1497     @{nonterminal NAME}   -- type of concrete syntactic category
  1498     @{type_syntax NAME}   -- syntax representation of any of the above
  1499 
  1500     @{const_name NAME}    -- logical constant (INCOMPATIBILITY)
  1501     @{const_abbrev NAME}  -- abbreviated constant
  1502     @{const_syntax NAME}  -- syntax representation of any of the above
  1503 
  1504 * Antiquotation @{syntax_const NAME} ensures that NAME refers to a raw
  1505 syntax constant (cf. 'syntax' command).
  1506 
  1507 * Antiquotation @{make_string} inlines a function to print arbitrary
  1508 values similar to the ML toplevel.  The result is compiler dependent
  1509 and may fall back on "?" in certain situations.
  1510 
  1511 * Diagnostic commands 'ML_val' and 'ML_command' may refer to
  1512 antiquotations @{Isar.state} and @{Isar.goal}.  This replaces impure
  1513 Isar.state() and Isar.goal(), which belong to the old TTY loop and do
  1514 not work with the asynchronous Isar document model.
  1515 
  1516 * Configuration options now admit dynamic default values, depending on
  1517 the context or even global references.
  1518 
  1519 * SHA1.digest digests strings according to SHA-1 (see RFC 3174).  It
  1520 uses an efficient external library if available (for Poly/ML).
  1521 
  1522 * Renamed some important ML structures, while keeping the old names
  1523 for some time as aliases within the structure Legacy:
  1524 
  1525   OuterKeyword  ~>  Keyword
  1526   OuterLex      ~>  Token
  1527   OuterParse    ~>  Parse
  1528   OuterSyntax   ~>  Outer_Syntax
  1529   PrintMode     ~>  Print_Mode
  1530   SpecParse     ~>  Parse_Spec
  1531   ThyInfo       ~>  Thy_Info
  1532   ThyLoad       ~>  Thy_Load
  1533   ThyOutput     ~>  Thy_Output
  1534   TypeInfer     ~>  Type_Infer
  1535 
  1536 Note that "open Legacy" simplifies porting of sources, but forgetting
  1537 to remove it again will complicate porting again in the future.
  1538 
  1539 * Most operations that refer to a global context are named
  1540 accordingly, e.g. Simplifier.global_context or
  1541 ProofContext.init_global.  There are some situations where a global
  1542 context actually works, but under normal circumstances one needs to
  1543 pass the proper local context through the code!
  1544 
  1545 * Discontinued old TheoryDataFun with its copy/init operation -- data
  1546 needs to be pure.  Functor Theory_Data_PP retains the traditional
  1547 Pretty.pp argument to merge, which is absent in the standard
  1548 Theory_Data version.
  1549 
  1550 * Sorts.certify_sort and derived "cert" operations for types and terms
  1551 no longer minimize sorts.  Thus certification at the boundary of the
  1552 inference kernel becomes invariant under addition of class relations,
  1553 which is an important monotonicity principle.  Sorts are now minimized
  1554 in the syntax layer only, at the boundary between the end-user and the
  1555 system.  Subtle INCOMPATIBILITY, may have to use Sign.minimize_sort
  1556 explicitly in rare situations.
  1557 
  1558 * Renamed old-style Drule.standard to Drule.export_without_context, to
  1559 emphasize that this is in no way a standard operation.
  1560 INCOMPATIBILITY.
  1561 
  1562 * Subgoal.FOCUS (and variants): resulting goal state is normalized as
  1563 usual for resolution.  Rare INCOMPATIBILITY.
  1564 
  1565 * Renamed varify/unvarify operations to varify_global/unvarify_global
  1566 to emphasize that these only work in a global situation (which is
  1567 quite rare).
  1568 
  1569 * Curried take and drop in library.ML; negative length is interpreted
  1570 as infinity (as in chop).  Subtle INCOMPATIBILITY.
  1571 
  1572 * Proof terms: type substitutions on proof constants now use canonical
  1573 order of type variables.  INCOMPATIBILITY for tools working with proof
  1574 terms.
  1575 
  1576 * Raw axioms/defs may no longer carry sort constraints, and raw defs
  1577 may no longer carry premises.  User-level specifications are
  1578 transformed accordingly by Thm.add_axiom/add_def.
  1579 
  1580 
  1581 *** System ***
  1582 
  1583 * Discontinued special HOL_USEDIR_OPTIONS for the main HOL image;
  1584 ISABELLE_USEDIR_OPTIONS applies uniformly to all sessions.  Note that
  1585 proof terms are enabled unconditionally in the new HOL-Proofs image.
  1586 
  1587 * Discontinued old ISABELLE and ISATOOL environment settings (legacy
  1588 feature since Isabelle2009).  Use ISABELLE_PROCESS and ISABELLE_TOOL,
  1589 respectively.
  1590 
  1591 * Old lib/scripts/polyml-platform is superseded by the
  1592 ISABELLE_PLATFORM setting variable, which defaults to the 32 bit
  1593 variant, even on a 64 bit machine.  The following example setting
  1594 prefers 64 bit if available:
  1595 
  1596   ML_PLATFORM="${ISABELLE_PLATFORM64:-$ISABELLE_PLATFORM}"
  1597 
  1598 * The preliminary Isabelle/jEdit application demonstrates the emerging
  1599 Isabelle/Scala layer for advanced prover interaction and integration.
  1600 See src/Tools/jEdit or "isabelle jedit" provided by the properly built
  1601 component.
  1602 
  1603 * "IsabelleText" is a Unicode font derived from Bitstream Vera Mono
  1604 and Bluesky TeX fonts.  It provides the usual Isabelle symbols,
  1605 similar to the default assignment of the document preparation system
  1606 (cf. isabellesym.sty).  The Isabelle/Scala class Isabelle_System
  1607 provides some operations for direct access to the font without asking
  1608 the user for manual installation.
  1609 
  1610 
  1611 
  1612 New in Isabelle2009-1 (December 2009)
  1613 -------------------------------------
  1614 
  1615 *** General ***
  1616 
  1617 * Discontinued old form of "escaped symbols" such as \\<forall>.  Only
  1618 one backslash should be used, even in ML sources.
  1619 
  1620 
  1621 *** Pure ***
  1622 
  1623 * Locale interpretation propagates mixins along the locale hierarchy.
  1624 The currently only available mixins are the equations used to map
  1625 local definitions to terms of the target domain of an interpretation.
  1626 
  1627 * Reactivated diagnostic command 'print_interps'.  Use "print_interps
  1628 loc" to print all interpretations of locale "loc" in the theory.
  1629 Interpretations in proofs are not shown.
  1630 
  1631 * Thoroughly revised locales tutorial.  New section on conditional
  1632 interpretation.
  1633 
  1634 * On instantiation of classes, remaining undefined class parameters
  1635 are formally declared.  INCOMPATIBILITY.
  1636 
  1637 
  1638 *** Document preparation ***
  1639 
  1640 * New generalized style concept for printing terms: @{foo (style) ...}
  1641 instead of @{foo_style style ...}  (old form is still retained for
  1642 backward compatibility).  Styles can be also applied for
  1643 antiquotations prop, term_type and typeof.
  1644 
  1645 
  1646 *** HOL ***
  1647 
  1648 * New proof method "smt" for a combination of first-order logic with
  1649 equality, linear and nonlinear (natural/integer/real) arithmetic, and
  1650 fixed-size bitvectors; there is also basic support for higher-order
  1651 features (esp. lambda abstractions).  It is an incomplete decision
  1652 procedure based on external SMT solvers using the oracle mechanism;
  1653 for the SMT solver Z3, this method is proof-producing.  Certificates
  1654 are provided to avoid calling the external solvers solely for
  1655 re-checking proofs.  Due to a remote SMT service there is no need for
  1656 installing SMT solvers locally.  See src/HOL/SMT.
  1657 
  1658 * New commands to load and prove verification conditions generated by
  1659 the Boogie program verifier or derived systems (e.g. the Verifying C
  1660 Compiler (VCC) or Spec#).  See src/HOL/Boogie.
  1661 
  1662 * New counterexample generator tool 'nitpick' based on the Kodkod
  1663 relational model finder.  See src/HOL/Tools/Nitpick and
  1664 src/HOL/Nitpick_Examples.
  1665 
  1666 * New commands 'code_pred' and 'values' to invoke the predicate
  1667 compiler and to enumerate values of inductive predicates.
  1668 
  1669 * A tabled implementation of the reflexive transitive closure.
  1670 
  1671 * New implementation of quickcheck uses generic code generator;
  1672 default generators are provided for all suitable HOL types, records
  1673 and datatypes.  Old quickcheck can be re-activated importing theory
  1674 Library/SML_Quickcheck.
  1675 
  1676 * New testing tool Mirabelle for automated proof tools.  Applies
  1677 several tools and tactics like sledgehammer, metis, or quickcheck, to
  1678 every proof step in a theory.  To be used in batch mode via the
  1679 "mirabelle" utility.
  1680 
  1681 * New proof method "sos" (sum of squares) for nonlinear real
  1682 arithmetic (originally due to John Harison). It requires theory
  1683 Library/Sum_Of_Squares.  It is not a complete decision procedure but
  1684 works well in practice on quantifier-free real arithmetic with +, -,
  1685 *, ^, =, <= and <, i.e. boolean combinations of equalities and
  1686 inequalities between polynomials.  It makes use of external
  1687 semidefinite programming solvers.  Method "sos" generates a
  1688 certificate that can be pasted into the proof thus avoiding the need
  1689 to call an external tool every time the proof is checked.  See
  1690 src/HOL/Library/Sum_Of_Squares.
  1691 
  1692 * New method "linarith" invokes existing linear arithmetic decision
  1693 procedure only.
  1694 
  1695 * New command 'atp_minimal' reduces result produced by Sledgehammer.
  1696 
  1697 * New Sledgehammer option "Full Types" in Proof General settings menu.
  1698 Causes full type information to be output to the ATPs.  This slows
  1699 ATPs down considerably but eliminates a source of unsound "proofs"
  1700 that fail later.
  1701 
  1702 * New method "metisFT": A version of metis that uses full type
  1703 information in order to avoid failures of proof reconstruction.
  1704 
  1705 * New evaluator "approximate" approximates an real valued term using
  1706 the same method as the approximation method.
  1707 
  1708 * Method "approximate" now supports arithmetic expressions as
  1709 boundaries of intervals and implements interval splitting and Taylor
  1710 series expansion.
  1711 
  1712 * ML antiquotation @{code_datatype} inserts definition of a datatype
  1713 generated by the code generator; e.g. see src/HOL/Predicate.thy.
  1714 
  1715 * New theory SupInf of the supremum and infimum operators for sets of
  1716 reals.
  1717 
  1718 * New theory Probability, which contains a development of measure
  1719 theory, eventually leading to Lebesgue integration and probability.
  1720 
  1721 * Extended Multivariate Analysis to include derivation and Brouwer's
  1722 fixpoint theorem.
  1723 
  1724 * Reorganization of number theory, INCOMPATIBILITY:
  1725   - new number theory development for nat and int, in theories Divides
  1726     and GCD as well as in new session Number_Theory
  1727   - some constants and facts now suffixed with _nat and _int
  1728     accordingly
  1729   - former session NumberTheory now named Old_Number_Theory, including
  1730     theories Legacy_GCD and Primes (prefer Number_Theory if possible)
  1731   - moved theory Pocklington from src/HOL/Library to
  1732     src/HOL/Old_Number_Theory
  1733 
  1734 * Theory GCD includes functions Gcd/GCD and Lcm/LCM for the gcd and
  1735 lcm of finite and infinite sets. It is shown that they form a complete
  1736 lattice.
  1737 
  1738 * Class semiring_div requires superclass no_zero_divisors and proof of
  1739 div_mult_mult1; theorems div_mult_mult1, div_mult_mult2,
  1740 div_mult_mult1_if, div_mult_mult1 and div_mult_mult2 have been
  1741 generalized to class semiring_div, subsuming former theorems
  1742 zdiv_zmult_zmult1, zdiv_zmult_zmult1_if, zdiv_zmult_zmult1 and
  1743 zdiv_zmult_zmult2.  div_mult_mult1 is now [simp] by default.
  1744 INCOMPATIBILITY.
  1745 
  1746 * Refinements to lattice classes and sets:
  1747   - less default intro/elim rules in locale variant, more default
  1748     intro/elim rules in class variant: more uniformity
  1749   - lemma ge_sup_conv renamed to le_sup_iff, in accordance with
  1750     le_inf_iff
  1751   - dropped lemma alias inf_ACI for inf_aci (same for sup_ACI and
  1752     sup_aci)
  1753   - renamed ACI to inf_sup_aci
  1754   - new class "boolean_algebra"
  1755   - class "complete_lattice" moved to separate theory
  1756     "Complete_Lattice"; corresponding constants (and abbreviations)
  1757     renamed and with authentic syntax:
  1758     Set.Inf ~>    Complete_Lattice.Inf
  1759     Set.Sup ~>    Complete_Lattice.Sup
  1760     Set.INFI ~>   Complete_Lattice.INFI
  1761     Set.SUPR ~>   Complete_Lattice.SUPR
  1762     Set.Inter ~>  Complete_Lattice.Inter
  1763     Set.Union ~>  Complete_Lattice.Union
  1764     Set.INTER ~>  Complete_Lattice.INTER
  1765     Set.UNION ~>  Complete_Lattice.UNION
  1766   - authentic syntax for
  1767     Set.Pow
  1768     Set.image
  1769   - mere abbreviations:
  1770     Set.empty               (for bot)
  1771     Set.UNIV                (for top)
  1772     Set.inter               (for inf, formerly Set.Int)
  1773     Set.union               (for sup, formerly Set.Un)
  1774     Complete_Lattice.Inter  (for Inf)
  1775     Complete_Lattice.Union  (for Sup)
  1776     Complete_Lattice.INTER  (for INFI)
  1777     Complete_Lattice.UNION  (for SUPR)
  1778   - object-logic definitions as far as appropriate
  1779 
  1780 INCOMPATIBILITY.  Care is required when theorems Int_subset_iff or
  1781 Un_subset_iff are explicitly deleted as default simp rules; then also
  1782 their lattice counterparts le_inf_iff and le_sup_iff have to be
  1783 deleted to achieve the desired effect.
  1784 
  1785 * Rules inf_absorb1, inf_absorb2, sup_absorb1, sup_absorb2 are no simp
  1786 rules by default any longer; the same applies to min_max.inf_absorb1
  1787 etc.  INCOMPATIBILITY.
  1788 
  1789 * Rules sup_Int_eq and sup_Un_eq are no longer declared as
  1790 pred_set_conv by default.  INCOMPATIBILITY.
  1791 
  1792 * Power operations on relations and functions are now one dedicated
  1793 constant "compow" with infix syntax "^^".  Power operation on
  1794 multiplicative monoids retains syntax "^" and is now defined generic
  1795 in class power.  INCOMPATIBILITY.
  1796 
  1797 * Relation composition "R O S" now has a more standard argument order:
  1798 "R O S = {(x, z). EX y. (x, y) : R & (y, z) : S}".  INCOMPATIBILITY,
  1799 rewrite propositions with "S O R" --> "R O S". Proofs may occasionally
  1800 break, since the O_assoc rule was not rewritten like this.  Fix using
  1801 O_assoc[symmetric].  The same applies to the curried version "R OO S".
  1802 
  1803 * Function "Inv" is renamed to "inv_into" and function "inv" is now an
  1804 abbreviation for "inv_into UNIV".  Lemmas are renamed accordingly.
  1805 INCOMPATIBILITY.
  1806 
  1807 * Most rules produced by inductive and datatype package have mandatory
  1808 prefixes.  INCOMPATIBILITY.
  1809 
  1810 * Changed "DERIV_intros" to a dynamic fact, which can be augmented by
  1811 the attribute of the same name.  Each of the theorems in the list
  1812 DERIV_intros assumes composition with an additional function and
  1813 matches a variable to the derivative, which has to be solved by the
  1814 Simplifier.  Hence (auto intro!: DERIV_intros) computes the derivative
  1815 of most elementary terms.  Former Maclauren.DERIV_tac and
  1816 Maclauren.deriv_tac should be replaced by (auto intro!: DERIV_intros).
  1817 INCOMPATIBILITY.
  1818 
  1819 * Code generator attributes follow the usual underscore convention:
  1820     code_unfold     replaces    code unfold
  1821     code_post       replaces    code post
  1822     etc.
  1823   INCOMPATIBILITY.
  1824 
  1825 * Renamed methods:
  1826     sizechange -> size_change
  1827     induct_scheme -> induction_schema
  1828   INCOMPATIBILITY.
  1829 
  1830 * Discontinued abbreviation "arbitrary" of constant "undefined".
  1831 INCOMPATIBILITY, use "undefined" directly.
  1832 
  1833 * Renamed theorems:
  1834     Suc_eq_add_numeral_1 -> Suc_eq_plus1
  1835     Suc_eq_add_numeral_1_left -> Suc_eq_plus1_left
  1836     Suc_plus1 -> Suc_eq_plus1
  1837     *anti_sym -> *antisym*
  1838     vector_less_eq_def -> vector_le_def
  1839   INCOMPATIBILITY.
  1840 
  1841 * Added theorem List.map_map as [simp].  Removed List.map_compose.
  1842 INCOMPATIBILITY.
  1843 
  1844 * Removed predicate "M hassize n" (<--> card M = n & finite M).
  1845 INCOMPATIBILITY.
  1846 
  1847 
  1848 *** HOLCF ***
  1849 
  1850 * Theory Representable defines a class "rep" of domains that are
  1851 representable (via an ep-pair) in the universal domain type "udom".
  1852 Instances are provided for all type constructors defined in HOLCF.
  1853 
  1854 * The 'new_domain' command is a purely definitional version of the
  1855 domain package, for representable domains.  Syntax is identical to the
  1856 old domain package.  The 'new_domain' package also supports indirect
  1857 recursion using previously-defined type constructors.  See
  1858 src/HOLCF/ex/New_Domain.thy for examples.
  1859 
  1860 * Method "fixrec_simp" unfolds one step of a fixrec-defined constant
  1861 on the left-hand side of an equation, and then performs
  1862 simplification.  Rewriting is done using rules declared with the
  1863 "fixrec_simp" attribute.  The "fixrec_simp" method is intended as a
  1864 replacement for "fixpat"; see src/HOLCF/ex/Fixrec_ex.thy for examples.
  1865 
  1866 * The pattern-match compiler in 'fixrec' can now handle constructors
  1867 with HOL function types.  Pattern-match combinators for the Pair
  1868 constructor are pre-configured.
  1869 
  1870 * The 'fixrec' package now produces better fixed-point induction rules
  1871 for mutually-recursive definitions:  Induction rules have conclusions
  1872 of the form "P foo bar" instead of "P <foo, bar>".
  1873 
  1874 * The constant "sq_le" (with infix syntax "<<" or "\<sqsubseteq>") has
  1875 been renamed to "below".  The name "below" now replaces "less" in many
  1876 theorem names.  (Legacy theorem names using "less" are still supported
  1877 as well.)
  1878 
  1879 * The 'fixrec' package now supports "bottom patterns".  Bottom
  1880 patterns can be used to generate strictness rules, or to make
  1881 functions more strict (much like the bang-patterns supported by the
  1882 Glasgow Haskell Compiler).  See src/HOLCF/ex/Fixrec_ex.thy for
  1883 examples.
  1884 
  1885 
  1886 *** ML ***
  1887 
  1888 * Support for Poly/ML 5.3.0, with improved reporting of compiler
  1889 errors and run-time exceptions, including detailed source positions.
  1890 
  1891 * Structure Name_Space (formerly NameSpace) now manages uniquely
  1892 identified entries, with some additional information such as source
  1893 position, logical grouping etc.
  1894 
  1895 * Theory and context data is now introduced by the simplified and
  1896 modernized functors Theory_Data, Proof_Data, Generic_Data.  Data needs
  1897 to be pure, but the old TheoryDataFun for mutable data (with explicit
  1898 copy operation) is still available for some time.
  1899 
  1900 * Structure Synchronized (cf. src/Pure/Concurrent/synchronized.ML)
  1901 provides a high-level programming interface to synchronized state
  1902 variables with atomic update.  This works via pure function
  1903 application within a critical section -- its runtime should be as
  1904 short as possible; beware of deadlocks if critical code is nested,
  1905 either directly or indirectly via other synchronized variables!
  1906 
  1907 * Structure Unsynchronized (cf. src/Pure/ML-Systems/unsynchronized.ML)
  1908 wraps raw ML references, explicitly indicating their non-thread-safe
  1909 behaviour.  The Isar toplevel keeps this structure open, to
  1910 accommodate Proof General as well as quick and dirty interactive
  1911 experiments with references.
  1912 
  1913 * PARALLEL_CHOICE and PARALLEL_GOALS provide basic support for
  1914 parallel tactical reasoning.
  1915 
  1916 * Tacticals Subgoal.FOCUS, Subgoal.FOCUS_PREMS, Subgoal.FOCUS_PARAMS
  1917 are similar to SUBPROOF, but are slightly more flexible: only the
  1918 specified parts of the subgoal are imported into the context, and the
  1919 body tactic may introduce new subgoals and schematic variables.
  1920 
  1921 * Old tactical METAHYPS, which does not observe the proof context, has
  1922 been renamed to Old_Goals.METAHYPS and awaits deletion.  Use SUBPROOF
  1923 or Subgoal.FOCUS etc.
  1924 
  1925 * Renamed functor TableFun to Table, and GraphFun to Graph.  (Since
  1926 functors have their own ML name space there is no point to mark them
  1927 separately.)  Minor INCOMPATIBILITY.
  1928 
  1929 * Renamed NamedThmsFun to Named_Thms.  INCOMPATIBILITY.
  1930 
  1931 * Renamed several structures FooBar to Foo_Bar.  Occasional,
  1932 INCOMPATIBILITY.
  1933 
  1934 * Operations of structure Skip_Proof no longer require quick_and_dirty
  1935 mode, which avoids critical setmp.
  1936 
  1937 * Eliminated old Attrib.add_attributes, Method.add_methods and related
  1938 combinators for "args".  INCOMPATIBILITY, need to use simplified
  1939 Attrib/Method.setup introduced in Isabelle2009.
  1940 
  1941 * Proper context for simpset_of, claset_of, clasimpset_of.  May fall
  1942 back on global_simpset_of, global_claset_of, global_clasimpset_of as
  1943 last resort.  INCOMPATIBILITY.
  1944 
  1945 * Display.pretty_thm now requires a proper context (cf. former
  1946 ProofContext.pretty_thm).  May fall back on Display.pretty_thm_global
  1947 or even Display.pretty_thm_without_context as last resort.
  1948 INCOMPATIBILITY.
  1949 
  1950 * Discontinued Display.pretty_ctyp/cterm etc.  INCOMPATIBILITY, use
  1951 Syntax.pretty_typ/term directly, preferably with proper context
  1952 instead of global theory.
  1953 
  1954 
  1955 *** System ***
  1956 
  1957 * Further fine tuning of parallel proof checking, scales up to 8 cores
  1958 (max. speedup factor 5.0).  See also Goal.parallel_proofs in ML and
  1959 usedir option -q.
  1960 
  1961 * Support for additional "Isabelle components" via etc/components, see
  1962 also the system manual.
  1963 
  1964 * The isabelle makeall tool now operates on all components with
  1965 IsaMakefile, not just hardwired "logics".
  1966 
  1967 * Removed "compress" option from isabelle-process and isabelle usedir;
  1968 this is always enabled.
  1969 
  1970 * Discontinued support for Poly/ML 4.x versions.
  1971 
  1972 * Isabelle tool "wwwfind" provides web interface for 'find_theorems'
  1973 on a given logic image.  This requires the lighttpd webserver and is
  1974 currently supported on Linux only.
  1975 
  1976 
  1977 
  1978 New in Isabelle2009 (April 2009)
  1979 --------------------------------
  1980 
  1981 *** General ***
  1982 
  1983 * Simplified main Isabelle executables, with less surprises on
  1984 case-insensitive file-systems (such as Mac OS).
  1985 
  1986   - The main Isabelle tool wrapper is now called "isabelle" instead of
  1987     "isatool."
  1988 
  1989   - The former "isabelle" alias for "isabelle-process" has been
  1990     removed (should rarely occur to regular users).
  1991 
  1992   - The former "isabelle-interface" and its alias "Isabelle" have been
  1993     removed (interfaces are now regular Isabelle tools).
  1994 
  1995 Within scripts and make files, the Isabelle environment variables
  1996 ISABELLE_TOOL and ISABELLE_PROCESS replace old ISATOOL and ISABELLE,
  1997 respectively.  (The latter are still available as legacy feature.)
  1998 
  1999 The old isabelle-interface wrapper could react in confusing ways if
  2000 the interface was uninstalled or changed otherwise.  Individual
  2001 interface tool configuration is now more explicit, see also the
  2002 Isabelle system manual.  In particular, Proof General is now available
  2003 via "isabelle emacs".
  2004 
  2005 INCOMPATIBILITY, need to adapt derivative scripts.  Users may need to
  2006 purge installed copies of Isabelle executables and re-run "isabelle
  2007 install -p ...", or use symlinks.
  2008 
  2009 * The default for ISABELLE_HOME_USER is now ~/.isabelle instead of the
  2010 old ~/isabelle, which was slightly non-standard and apt to cause
  2011 surprises on case-insensitive file-systems (such as Mac OS).
  2012 
  2013 INCOMPATIBILITY, need to move existing ~/isabelle/etc,
  2014 ~/isabelle/heaps, ~/isabelle/browser_info to the new place.  Special
  2015 care is required when using older releases of Isabelle.  Note that
  2016 ISABELLE_HOME_USER can be changed in Isabelle/etc/settings of any
  2017 Isabelle distribution, in order to use the new ~/.isabelle uniformly.
  2018 
  2019 * Proofs of fully specified statements are run in parallel on
  2020 multi-core systems.  A speedup factor of 2.5 to 3.2 can be expected on
  2021 a regular 4-core machine, if the initial heap space is made reasonably
  2022 large (cf. Poly/ML option -H).  (Requires Poly/ML 5.2.1 or later.)
  2023 
  2024 * The main reference manuals ("isar-ref", "implementation", and
  2025 "system") have been updated and extended.  Formally checked references
  2026 as hyperlinks are now available uniformly.
  2027 
  2028 
  2029 *** Pure ***
  2030 
  2031 * Complete re-implementation of locales.  INCOMPATIBILITY in several
  2032 respects.  The most important changes are listed below.  See the
  2033 Tutorial on Locales ("locales" manual) for details.
  2034 
  2035 - In locale expressions, instantiation replaces renaming.  Parameters
  2036 must be declared in a for clause.  To aid compatibility with previous
  2037 parameter inheritance, in locale declarations, parameters that are not
  2038 'touched' (instantiation position "_" or omitted) are implicitly added
  2039 with their syntax at the beginning of the for clause.
  2040 
  2041 - Syntax from abbreviations and definitions in locales is available in
  2042 locale expressions and context elements.  The latter is particularly
  2043 useful in locale declarations.
  2044 
  2045 - More flexible mechanisms to qualify names generated by locale
  2046 expressions.  Qualifiers (prefixes) may be specified in locale
  2047 expressions, and can be marked as mandatory (syntax: "name!:") or
  2048 optional (syntax "name?:").  The default depends for plain "name:"
  2049 depends on the situation where a locale expression is used: in
  2050 commands 'locale' and 'sublocale' prefixes are optional, in
  2051 'interpretation' and 'interpret' prefixes are mandatory.  The old
  2052 implicit qualifiers derived from the parameter names of a locale are
  2053 no longer generated.
  2054 
  2055 - Command "sublocale l < e" replaces "interpretation l < e".  The
  2056 instantiation clause in "interpretation" and "interpret" (square
  2057 brackets) is no longer available.  Use locale expressions.
  2058 
  2059 - When converting proof scripts, mandatory qualifiers in
  2060 'interpretation' and 'interpret' should be retained by default, even
  2061 if this is an INCOMPATIBILITY compared to former behavior.  In the
  2062 worst case, use the "name?:" form for non-mandatory ones.  Qualifiers
  2063 in locale expressions range over a single locale instance only.
  2064 
  2065 - Dropped locale element "includes".  This is a major INCOMPATIBILITY.
  2066 In existing theorem specifications replace the includes element by the
  2067 respective context elements of the included locale, omitting those
  2068 that are already present in the theorem specification.  Multiple
  2069 assume elements of a locale should be replaced by a single one
  2070 involving the locale predicate.  In the proof body, declarations (most
  2071 notably theorems) may be regained by interpreting the respective
  2072 locales in the proof context as required (command "interpret").
  2073 
  2074 If using "includes" in replacement of a target solely because the
  2075 parameter types in the theorem are not as general as in the target,
  2076 consider declaring a new locale with additional type constraints on
  2077 the parameters (context element "constrains").
  2078 
  2079 - Discontinued "locale (open)".  INCOMPATIBILITY.
  2080 
  2081 - Locale interpretation commands no longer attempt to simplify goal.
  2082 INCOMPATIBILITY: in rare situations the generated goal differs.  Use
  2083 methods intro_locales and unfold_locales to clarify.
  2084 
  2085 - Locale interpretation commands no longer accept interpretation
  2086 attributes.  INCOMPATIBILITY.
  2087 
  2088 * Class declaration: so-called "base sort" must not be given in import
  2089 list any longer, but is inferred from the specification.  Particularly
  2090 in HOL, write
  2091 
  2092     class foo = ...
  2093 
  2094 instead of
  2095 
  2096     class foo = type + ...
  2097 
  2098 * Class target: global versions of theorems stemming do not carry a
  2099 parameter prefix any longer.  INCOMPATIBILITY.
  2100 
  2101 * Class 'instance' command no longer accepts attached definitions.
  2102 INCOMPATIBILITY, use proper 'instantiation' target instead.
  2103 
  2104 * Recovered hiding of consts, which was accidentally broken in
  2105 Isabelle2007.  Potential INCOMPATIBILITY, ``hide const c'' really
  2106 makes c inaccessible; consider using ``hide (open) const c'' instead.
  2107 
  2108 * Slightly more coherent Pure syntax, with updated documentation in
  2109 isar-ref manual.  Removed locales meta_term_syntax and
  2110 meta_conjunction_syntax: TERM and &&& (formerly &&) are now permanent,
  2111 INCOMPATIBILITY in rare situations.  Note that &&& should not be used
  2112 directly in regular applications.
  2113 
  2114 * There is a new syntactic category "float_const" for signed decimal
  2115 fractions (e.g. 123.45 or -123.45).
  2116 
  2117 * Removed exotic 'token_translation' command.  INCOMPATIBILITY, use ML
  2118 interface with 'setup' command instead.
  2119 
  2120 * Command 'local_setup' is similar to 'setup', but operates on a local
  2121 theory context.
  2122 
  2123 * The 'axiomatization' command now only works within a global theory
  2124 context.  INCOMPATIBILITY.
  2125 
  2126 * Goal-directed proof now enforces strict proof irrelevance wrt. sort
  2127 hypotheses.  Sorts required in the course of reasoning need to be
  2128 covered by the constraints in the initial statement, completed by the
  2129 type instance information of the background theory.  Non-trivial sort
  2130 hypotheses, which rarely occur in practice, may be specified via
  2131 vacuous propositions of the form SORT_CONSTRAINT('a::c).  For example:
  2132 
  2133   lemma assumes "SORT_CONSTRAINT('a::empty)" shows False ...
  2134 
  2135 The result contains an implicit sort hypotheses as before --
  2136 SORT_CONSTRAINT premises are eliminated as part of the canonical rule
  2137 normalization.
  2138 
  2139 * Generalized Isar history, with support for linear undo, direct state
  2140 addressing etc.
  2141 
  2142 * Changed defaults for unify configuration options:
  2143 
  2144   unify_trace_bound = 50 (formerly 25)
  2145   unify_search_bound = 60 (formerly 30)
  2146 
  2147 * Different bookkeeping for code equations (INCOMPATIBILITY):
  2148 
  2149   a) On theory merge, the last set of code equations for a particular
  2150      constant is taken (in accordance with the policy applied by other
  2151      parts of the code generator framework).
  2152 
  2153   b) Code equations stemming from explicit declarations (e.g. code
  2154      attribute) gain priority over default code equations stemming
  2155      from definition, primrec, fun etc.
  2156 
  2157 * Keyword 'code_exception' now named 'code_abort'.  INCOMPATIBILITY.
  2158 
  2159 * Unified theorem tables for both code generators.  Thus [code
  2160 func] has disappeared and only [code] remains.  INCOMPATIBILITY.
  2161 
  2162 * Command 'find_consts' searches for constants based on type and name
  2163 patterns, e.g.
  2164 
  2165     find_consts "_ => bool"
  2166 
  2167 By default, matching is against subtypes, but it may be restricted to
  2168 the whole type.  Searching by name is possible.  Multiple queries are
  2169 conjunctive and queries may be negated by prefixing them with a
  2170 hyphen:
  2171 
  2172     find_consts strict: "_ => bool" name: "Int" -"int => int"
  2173 
  2174 * New 'find_theorems' criterion "solves" matches theorems that
  2175 directly solve the current goal (modulo higher-order unification).
  2176 
  2177 * Auto solve feature for main theorem statements: whenever a new goal
  2178 is stated, "find_theorems solves" is called; any theorems that could
  2179 solve the lemma directly are listed as part of the goal state.
  2180 Cf. associated options in Proof General Isabelle settings menu,
  2181 enabled by default, with reasonable timeout for pathological cases of
  2182 higher-order unification.
  2183 
  2184 
  2185 *** Document preparation ***
  2186 
  2187 * Antiquotation @{lemma} now imitates a regular terminal proof,
  2188 demanding keyword 'by' and supporting the full method expression
  2189 syntax just like the Isar command 'by'.
  2190 
  2191 
  2192 *** HOL ***
  2193 
  2194 * Integrated main parts of former image HOL-Complex with HOL.  Entry
  2195 points Main and Complex_Main remain as before.
  2196 
  2197 * Logic image HOL-Plain provides a minimal HOL with the most important
  2198 tools available (inductive, datatype, primrec, ...).  This facilitates
  2199 experimentation and tool development.  Note that user applications
  2200 (and library theories) should never refer to anything below theory
  2201 Main, as before.
  2202 
  2203 * Logic image HOL-Main stops at theory Main, and thus facilitates
  2204 experimentation due to shorter build times.
  2205 
  2206 * Logic image HOL-NSA contains theories of nonstandard analysis which
  2207 were previously part of former HOL-Complex.  Entry point Hyperreal
  2208 remains valid, but theories formerly using Complex_Main should now use
  2209 new entry point Hypercomplex.
  2210 
  2211 * Generic ATP manager for Sledgehammer, based on ML threads instead of
  2212 Posix processes.  Avoids potentially expensive forking of the ML
  2213 process.  New thread-based implementation also works on non-Unix
  2214 platforms (Cygwin).  Provers are no longer hardwired, but defined
  2215 within the theory via plain ML wrapper functions.  Basic Sledgehammer
  2216 commands are covered in the isar-ref manual.
  2217 
  2218 * Wrapper scripts for remote SystemOnTPTP service allows to use
  2219 sledgehammer without local ATP installation (Vampire etc.). Other
  2220 provers may be included via suitable ML wrappers, see also
  2221 src/HOL/ATP_Linkup.thy.
  2222 
  2223 * ATP selection (E/Vampire/Spass) is now via Proof General's settings
  2224 menu.
  2225 
  2226 * The metis method no longer fails because the theorem is too trivial
  2227 (contains the empty clause).
  2228 
  2229 * The metis method now fails in the usual manner, rather than raising
  2230 an exception, if it determines that it cannot prove the theorem.
  2231 
  2232 * Method "coherent" implements a prover for coherent logic (see also
  2233 src/Tools/coherent.ML).
  2234 
  2235 * Constants "undefined" and "default" replace "arbitrary".  Usually
  2236 "undefined" is the right choice to replace "arbitrary", though
  2237 logically there is no difference.  INCOMPATIBILITY.
  2238 
  2239 * Command "value" now integrates different evaluation mechanisms.  The
  2240 result of the first successful evaluation mechanism is printed.  In
  2241 square brackets a particular named evaluation mechanisms may be
  2242 specified (currently, [SML], [code] or [nbe]).  See further
  2243 src/HOL/ex/Eval_Examples.thy.
  2244 
  2245 * Normalization by evaluation now allows non-leftlinear equations.
  2246 Declare with attribute [code nbe].
  2247 
  2248 * Methods "case_tac" and "induct_tac" now refer to the very same rules
  2249 as the structured Isar versions "cases" and "induct", cf. the
  2250 corresponding "cases" and "induct" attributes.  Mutual induction rules
  2251 are now presented as a list of individual projections
  2252 (e.g. foo_bar.inducts for types foo and bar); the old format with
  2253 explicit HOL conjunction is no longer supported.  INCOMPATIBILITY, in
  2254 rare situations a different rule is selected --- notably nested tuple
  2255 elimination instead of former prod.exhaust: use explicit (case_tac t
  2256 rule: prod.exhaust) here.
  2257 
  2258 * Attributes "cases", "induct", "coinduct" support "del" option.
  2259 
  2260 * Removed fact "case_split_thm", which duplicates "case_split".
  2261 
  2262 * The option datatype has been moved to a new theory Option.  Renamed
  2263 option_map to Option.map, and o2s to Option.set, INCOMPATIBILITY.
  2264 
  2265 * New predicate "strict_mono" classifies strict functions on partial
  2266 orders.  With strict functions on linear orders, reasoning about
  2267 (in)equalities is facilitated by theorems "strict_mono_eq",
  2268 "strict_mono_less_eq" and "strict_mono_less".
  2269 
  2270 * Some set operations are now proper qualified constants with
  2271 authentic syntax.  INCOMPATIBILITY:
  2272 
  2273     op Int ~>   Set.Int
  2274     op Un ~>    Set.Un
  2275     INTER ~>    Set.INTER
  2276     UNION ~>    Set.UNION
  2277     Inter ~>    Set.Inter
  2278     Union ~>    Set.Union
  2279     {} ~>       Set.empty
  2280     UNIV ~>     Set.UNIV
  2281 
  2282 * Class complete_lattice with operations Inf, Sup, INFI, SUPR now in
  2283 theory Set.
  2284 
  2285 * Auxiliary class "itself" has disappeared -- classes without any
  2286 parameter are treated as expected by the 'class' command.
  2287 
  2288 * Leibnitz's Series for Pi and the arcus tangens and logarithm series.
  2289 
  2290 * Common decision procedures (Cooper, MIR, Ferrack, Approximation,
  2291 Dense_Linear_Order) are now in directory HOL/Decision_Procs.
  2292 
  2293 * Theory src/HOL/Decision_Procs/Approximation provides the new proof
  2294 method "approximation".  It proves formulas on real values by using
  2295 interval arithmetic.  In the formulas are also the transcendental
  2296 functions sin, cos, tan, atan, ln, exp and the constant pi are
  2297 allowed. For examples see
  2298 src/HOL/Descision_Procs/ex/Approximation_Ex.thy.
  2299 
  2300 * Theory "Reflection" now resides in HOL/Library.
  2301 
  2302 * Entry point to Word library now simply named "Word".
  2303 INCOMPATIBILITY.
  2304 
  2305 * Made source layout more coherent with logical distribution
  2306 structure:
  2307 
  2308     src/HOL/Library/RType.thy ~> src/HOL/Typerep.thy
  2309     src/HOL/Library/Code_Message.thy ~> src/HOL/
  2310     src/HOL/Library/GCD.thy ~> src/HOL/
  2311     src/HOL/Library/Order_Relation.thy ~> src/HOL/
  2312     src/HOL/Library/Parity.thy ~> src/HOL/
  2313     src/HOL/Library/Univ_Poly.thy ~> src/HOL/
  2314     src/HOL/Real/ContNotDenum.thy ~> src/HOL/Library/
  2315     src/HOL/Real/Lubs.thy ~> src/HOL/
  2316     src/HOL/Real/PReal.thy ~> src/HOL/
  2317     src/HOL/Real/Rational.thy ~> src/HOL/
  2318     src/HOL/Real/RComplete.thy ~> src/HOL/
  2319     src/HOL/Real/RealDef.thy ~> src/HOL/
  2320     src/HOL/Real/RealPow.thy ~> src/HOL/
  2321     src/HOL/Real/Real.thy ~> src/HOL/
  2322     src/HOL/Complex/Complex_Main.thy ~> src/HOL/
  2323     src/HOL/Complex/Complex.thy ~> src/HOL/
  2324     src/HOL/Complex/FrechetDeriv.thy ~> src/HOL/Library/
  2325     src/HOL/Complex/Fundamental_Theorem_Algebra.thy ~> src/HOL/Library/
  2326     src/HOL/Hyperreal/Deriv.thy ~> src/HOL/
  2327     src/HOL/Hyperreal/Fact.thy ~> src/HOL/
  2328     src/HOL/Hyperreal/Integration.thy ~> src/HOL/
  2329     src/HOL/Hyperreal/Lim.thy ~> src/HOL/
  2330     src/HOL/Hyperreal/Ln.thy ~> src/HOL/
  2331     src/HOL/Hyperreal/Log.thy ~> src/HOL/
  2332     src/HOL/Hyperreal/MacLaurin.thy ~> src/HOL/
  2333     src/HOL/Hyperreal/NthRoot.thy ~> src/HOL/
  2334     src/HOL/Hyperreal/Series.thy ~> src/HOL/
  2335     src/HOL/Hyperreal/SEQ.thy ~> src/HOL/
  2336     src/HOL/Hyperreal/Taylor.thy ~> src/HOL/
  2337     src/HOL/Hyperreal/Transcendental.thy ~> src/HOL/
  2338     src/HOL/Real/Float ~> src/HOL/Library/
  2339     src/HOL/Real/HahnBanach ~> src/HOL/HahnBanach
  2340     src/HOL/Real/RealVector.thy ~> src/HOL/
  2341 
  2342     src/HOL/arith_data.ML ~> src/HOL/Tools
  2343     src/HOL/hologic.ML ~> src/HOL/Tools
  2344     src/HOL/simpdata.ML ~> src/HOL/Tools
  2345     src/HOL/int_arith1.ML ~> src/HOL/Tools/int_arith.ML
  2346     src/HOL/int_factor_simprocs.ML ~> src/HOL/Tools
  2347     src/HOL/nat_simprocs.ML ~> src/HOL/Tools
  2348     src/HOL/Real/float_arith.ML ~> src/HOL/Tools
  2349     src/HOL/Real/float_syntax.ML ~> src/HOL/Tools
  2350     src/HOL/Real/rat_arith.ML ~> src/HOL/Tools
  2351     src/HOL/Real/real_arith.ML ~> src/HOL/Tools
  2352 
  2353     src/HOL/Library/Array.thy ~> src/HOL/Imperative_HOL
  2354     src/HOL/Library/Heap_Monad.thy ~> src/HOL/Imperative_HOL
  2355     src/HOL/Library/Heap.thy ~> src/HOL/Imperative_HOL
  2356     src/HOL/Library/Imperative_HOL.thy ~> src/HOL/Imperative_HOL
  2357     src/HOL/Library/Ref.thy ~> src/HOL/Imperative_HOL
  2358     src/HOL/Library/Relational.thy ~> src/HOL/Imperative_HOL
  2359 
  2360 * If methods "eval" and "evaluation" encounter a structured proof
  2361 state with !!/==>, only the conclusion is evaluated to True (if
  2362 possible), avoiding strange error messages.
  2363 
  2364 * Method "sizechange" automates termination proofs using (a
  2365 modification of) the size-change principle.  Requires SAT solver.  See
  2366 src/HOL/ex/Termination.thy for examples.
  2367 
  2368 * Simplifier: simproc for let expressions now unfolds if bound
  2369 variable occurs at most once in let expression body.  INCOMPATIBILITY.
  2370 
  2371 * Method "arith": Linear arithmetic now ignores all inequalities when
  2372 fast_arith_neq_limit is exceeded, instead of giving up entirely.
  2373 
  2374 * New attribute "arith" for facts that should always be used
  2375 automatically by arithmetic. It is intended to be used locally in
  2376 proofs, e.g.
  2377 
  2378   assumes [arith]: "x > 0"
  2379 
  2380 Global usage is discouraged because of possible performance impact.
  2381 
  2382 * New classes "top" and "bot" with corresponding operations "top" and
  2383 "bot" in theory Orderings; instantiation of class "complete_lattice"
  2384 requires instantiation of classes "top" and "bot".  INCOMPATIBILITY.
  2385 
  2386 * Changed definition lemma "less_fun_def" in order to provide an
  2387 instance for preorders on functions; use lemma "less_le" instead.
  2388 INCOMPATIBILITY.
  2389 
  2390 * Theory Orderings: class "wellorder" moved here, with explicit
  2391 induction rule "less_induct" as assumption.  For instantiation of
  2392 "wellorder" by means of predicate "wf", use rule wf_wellorderI.
  2393 INCOMPATIBILITY.
  2394 
  2395 * Theory Orderings: added class "preorder" as superclass of "order".
  2396 INCOMPATIBILITY: Instantiation proofs for order, linorder
  2397 etc. slightly changed.  Some theorems named order_class.* now named
  2398 preorder_class.*.
  2399 
  2400 * Theory Relation: renamed "refl" to "refl_on", "reflexive" to "refl,
  2401 "diag" to "Id_on".
  2402 
  2403 * Theory Finite_Set: added a new fold combinator of type
  2404 
  2405   ('a => 'b => 'b) => 'b => 'a set => 'b
  2406 
  2407 Occasionally this is more convenient than the old fold combinator
  2408 which is now defined in terms of the new one and renamed to
  2409 fold_image.
  2410 
  2411 * Theories Ring_and_Field and OrderedGroup: The lemmas "group_simps"
  2412 and "ring_simps" have been replaced by "algebra_simps" (which can be
  2413 extended with further lemmas!).  At the moment both still exist but
  2414 the former will disappear at some point.
  2415 
  2416 * Theory Power: Lemma power_Suc is now declared as a simp rule in
  2417 class recpower.  Type-specific simp rules for various recpower types
  2418 have been removed.  INCOMPATIBILITY, rename old lemmas as follows:
  2419 
  2420 rat_power_0    -> power_0
  2421 rat_power_Suc  -> power_Suc
  2422 realpow_0      -> power_0
  2423 realpow_Suc    -> power_Suc
  2424 complexpow_0   -> power_0
  2425 complexpow_Suc -> power_Suc
  2426 power_poly_0   -> power_0
  2427 power_poly_Suc -> power_Suc
  2428 
  2429 * Theories Ring_and_Field and Divides: Definition of "op dvd" has been
  2430 moved to separate class dvd in Ring_and_Field; a couple of lemmas on
  2431 dvd has been generalized to class comm_semiring_1.  Likewise a bunch
  2432 of lemmas from Divides has been generalized from nat to class
  2433 semiring_div.  INCOMPATIBILITY.  This involves the following theorem
  2434 renames resulting from duplicate elimination:
  2435 
  2436     dvd_def_mod ~>          dvd_eq_mod_eq_0
  2437     zero_dvd_iff ~>         dvd_0_left_iff
  2438     dvd_0 ~>                dvd_0_right
  2439     DIVISION_BY_ZERO_DIV ~> div_by_0
  2440     DIVISION_BY_ZERO_MOD ~> mod_by_0
  2441     mult_div ~>             div_mult_self2_is_id
  2442     mult_mod ~>             mod_mult_self2_is_0
  2443 
  2444 * Theory IntDiv: removed many lemmas that are instances of class-based
  2445 generalizations (from Divides and Ring_and_Field).  INCOMPATIBILITY,
  2446 rename old lemmas as follows:
  2447 
  2448 dvd_diff               -> nat_dvd_diff
  2449 dvd_zminus_iff         -> dvd_minus_iff
  2450 mod_add1_eq            -> mod_add_eq
  2451 mod_mult1_eq           -> mod_mult_right_eq
  2452 mod_mult1_eq'          -> mod_mult_left_eq
  2453 mod_mult_distrib_mod   -> mod_mult_eq
  2454 nat_mod_add_left_eq    -> mod_add_left_eq
  2455 nat_mod_add_right_eq   -> mod_add_right_eq
  2456 nat_mod_div_trivial    -> mod_div_trivial
  2457 nat_mod_mod_trivial    -> mod_mod_trivial
  2458 zdiv_zadd_self1        -> div_add_self1
  2459 zdiv_zadd_self2        -> div_add_self2
  2460 zdiv_zmult_self1       -> div_mult_self2_is_id
  2461 zdiv_zmult_self2       -> div_mult_self1_is_id
  2462 zdvd_triv_left         -> dvd_triv_left
  2463 zdvd_triv_right        -> dvd_triv_right
  2464 zdvd_zmult_cancel_disj -> dvd_mult_cancel_left
  2465 zmod_eq0_zdvd_iff      -> dvd_eq_mod_eq_0[symmetric]
  2466 zmod_zadd_left_eq      -> mod_add_left_eq
  2467 zmod_zadd_right_eq     -> mod_add_right_eq
  2468 zmod_zadd_self1        -> mod_add_self1
  2469 zmod_zadd_self2        -> mod_add_self2
  2470 zmod_zadd1_eq          -> mod_add_eq
  2471 zmod_zdiff1_eq         -> mod_diff_eq
  2472 zmod_zdvd_zmod         -> mod_mod_cancel
  2473 zmod_zmod_cancel       -> mod_mod_cancel
  2474 zmod_zmult_self1       -> mod_mult_self2_is_0
  2475 zmod_zmult_self2       -> mod_mult_self1_is_0
  2476 zmod_1                 -> mod_by_1
  2477 zdiv_1                 -> div_by_1
  2478 zdvd_abs1              -> abs_dvd_iff
  2479 zdvd_abs2              -> dvd_abs_iff
  2480 zdvd_refl              -> dvd_refl
  2481 zdvd_trans             -> dvd_trans
  2482 zdvd_zadd              -> dvd_add
  2483 zdvd_zdiff             -> dvd_diff
  2484 zdvd_zminus_iff        -> dvd_minus_iff
  2485 zdvd_zminus2_iff       -> minus_dvd_iff
  2486 zdvd_zmultD            -> dvd_mult_right
  2487 zdvd_zmultD2           -> dvd_mult_left
  2488 zdvd_zmult_mono        -> mult_dvd_mono
  2489 zdvd_0_right           -> dvd_0_right
  2490 zdvd_0_left            -> dvd_0_left_iff
  2491 zdvd_1_left            -> one_dvd
  2492 zminus_dvd_iff         -> minus_dvd_iff
  2493 
  2494 * Theory Rational: 'Fract k 0' now equals '0'.  INCOMPATIBILITY.
  2495 
  2496 * The real numbers offer decimal input syntax: 12.34 is translated
  2497 into 1234/10^2. This translation is not reversed upon output.
  2498 
  2499 * Theory Library/Polynomial defines an abstract type 'a poly of
  2500 univariate polynomials with coefficients of type 'a.  In addition to
  2501 the standard ring operations, it also supports div and mod.  Code
  2502 generation is also supported, using list-style constructors.
  2503 
  2504 * Theory Library/Inner_Product defines a class of real_inner for real
  2505 inner product spaces, with an overloaded operation inner :: 'a => 'a
  2506 => real.  Class real_inner is a subclass of real_normed_vector from
  2507 theory RealVector.
  2508 
  2509 * Theory Library/Product_Vector provides instances for the product
  2510 type 'a * 'b of several classes from RealVector and Inner_Product.
  2511 Definitions of addition, subtraction, scalar multiplication, norms,
  2512 and inner products are included.
  2513 
  2514 * Theory Library/Bit defines the field "bit" of integers modulo 2.  In
  2515 addition to the field operations, numerals and case syntax are also
  2516 supported.
  2517 
  2518 * Theory Library/Diagonalize provides constructive version of Cantor's
  2519 first diagonalization argument.
  2520 
  2521 * Theory Library/GCD: Curried operations gcd, lcm (for nat) and zgcd,
  2522 zlcm (for int); carried together from various gcd/lcm developements in
  2523 the HOL Distribution.  Constants zgcd and zlcm replace former igcd and
  2524 ilcm; corresponding theorems renamed accordingly.  INCOMPATIBILITY,
  2525 may recover tupled syntax as follows:
  2526 
  2527     hide (open) const gcd
  2528     abbreviation gcd where
  2529       "gcd == (%(a, b). GCD.gcd a b)"
  2530     notation (output)
  2531       GCD.gcd ("gcd '(_, _')")
  2532 
  2533 The same works for lcm, zgcd, zlcm.
  2534 
  2535 * Theory Library/Nat_Infinity: added addition, numeral syntax and more
  2536 instantiations for algebraic structures.  Removed some duplicate
  2537 theorems.  Changes in simp rules.  INCOMPATIBILITY.
  2538 
  2539 * ML antiquotation @{code} takes a constant as argument and generates
  2540 corresponding code in background and inserts name of the corresponding
  2541 resulting ML value/function/datatype constructor binding in place.
  2542 All occurrences of @{code} with a single ML block are generated
  2543 simultaneously.  Provides a generic and safe interface for
  2544 instrumentalizing code generation.  See
  2545 src/HOL/Decision_Procs/Ferrack.thy for a more ambitious application.
  2546 In future you ought to refrain from ad-hoc compiling generated SML
  2547 code on the ML toplevel.  Note that (for technical reasons) @{code}
  2548 cannot refer to constants for which user-defined serializations are
  2549 set.  Refer to the corresponding ML counterpart directly in that
  2550 cases.
  2551 
  2552 * Command 'rep_datatype': instead of theorem names the command now
  2553 takes a list of terms denoting the constructors of the type to be
  2554 represented as datatype.  The characteristic theorems have to be
  2555 proven.  INCOMPATIBILITY.  Also observe that the following theorems
  2556 have disappeared in favour of existing ones:
  2557 
  2558     unit_induct                 ~> unit.induct
  2559     prod_induct                 ~> prod.induct
  2560     sum_induct                  ~> sum.induct
  2561     Suc_Suc_eq                  ~> nat.inject
  2562     Suc_not_Zero Zero_not_Suc   ~> nat.distinct
  2563 
  2564 
  2565 *** HOL-Algebra ***
  2566 
  2567 * New locales for orders and lattices where the equivalence relation
  2568 is not restricted to equality.  INCOMPATIBILITY: all order and lattice
  2569 locales use a record structure with field eq for the equivalence.
  2570 
  2571 * New theory of factorial domains.
  2572 
  2573 * Units_l_inv and Units_r_inv are now simp rules by default.
  2574 INCOMPATIBILITY.  Simplifier proof that require deletion of l_inv
  2575 and/or r_inv will now also require deletion of these lemmas.
  2576 
  2577 * Renamed the following theorems, INCOMPATIBILITY:
  2578 
  2579 UpperD ~> Upper_memD
  2580 LowerD ~> Lower_memD
  2581 least_carrier ~> least_closed
  2582 greatest_carrier ~> greatest_closed
  2583 greatest_Lower_above ~> greatest_Lower_below
  2584 one_zero ~> carrier_one_zero
  2585 one_not_zero ~> carrier_one_not_zero  (collision with assumption)
  2586 
  2587 
  2588 *** HOL-Nominal ***
  2589 
  2590 * Nominal datatypes can now contain type-variables.
  2591 
  2592 * Commands 'nominal_inductive' and 'equivariance' work with local
  2593 theory targets.
  2594 
  2595 * Nominal primrec can now works with local theory targets and its
  2596 specification syntax now conforms to the general format as seen in
  2597 'inductive' etc.
  2598 
  2599 * Method "perm_simp" honours the standard simplifier attributes
  2600 (no_asm), (no_asm_use) etc.
  2601 
  2602 * The new predicate #* is defined like freshness, except that on the
  2603 left hand side can be a set or list of atoms.
  2604 
  2605 * Experimental command 'nominal_inductive2' derives strong induction
  2606 principles for inductive definitions.  In contrast to
  2607 'nominal_inductive', which can only deal with a fixed number of
  2608 binders, it can deal with arbitrary expressions standing for sets of
  2609 atoms to be avoided.  The only inductive definition we have at the
  2610 moment that needs this generalisation is the typing rule for Lets in
  2611 the algorithm W:
  2612 
  2613  Gamma |- t1 : T1   (x,close Gamma T1)::Gamma |- t2 : T2   x#Gamma
  2614  -----------------------------------------------------------------
  2615          Gamma |- Let x be t1 in t2 : T2
  2616 
  2617 In this rule one wants to avoid all the binders that are introduced by
  2618 "close Gamma T1".  We are looking for other examples where this
  2619 feature might be useful.  Please let us know.
  2620 
  2621 
  2622 *** HOLCF ***
  2623 
  2624 * Reimplemented the simplification procedure for proving continuity
  2625 subgoals.  The new simproc is extensible; users can declare additional
  2626 continuity introduction rules with the attribute [cont2cont].
  2627 
  2628 * The continuity simproc now uses a different introduction rule for
  2629 solving continuity subgoals on terms with lambda abstractions.  In
  2630 some rare cases the new simproc may fail to solve subgoals that the
  2631 old one could solve, and "simp add: cont2cont_LAM" may be necessary.
  2632 Potential INCOMPATIBILITY.
  2633 
  2634 * Command 'fixrec': specification syntax now conforms to the general
  2635 format as seen in 'inductive' etc.  See src/HOLCF/ex/Fixrec_ex.thy for
  2636 examples.  INCOMPATIBILITY.
  2637 
  2638 
  2639 *** ZF ***
  2640 
  2641 * Proof of Zorn's Lemma for partial orders.
  2642 
  2643 
  2644 *** ML ***
  2645 
  2646 * Multithreading for Poly/ML 5.1/5.2 is no longer supported, only for
  2647 Poly/ML 5.2.1 or later.  Important note: the TimeLimit facility
  2648 depends on multithreading, so timouts will not work before Poly/ML
  2649 5.2.1!
  2650 
  2651 * High-level support for concurrent ML programming, see
  2652 src/Pure/Cuncurrent.  The data-oriented model of "future values" is
  2653 particularly convenient to organize independent functional
  2654 computations.  The concept of "synchronized variables" provides a
  2655 higher-order interface for components with shared state, avoiding the
  2656 delicate details of mutexes and condition variables.  (Requires
  2657 Poly/ML 5.2.1 or later.)
  2658 
  2659 * ML bindings produced via Isar commands are stored within the Isar
  2660 context (theory or proof).  Consequently, commands like 'use' and 'ML'
  2661 become thread-safe and work with undo as expected (concerning
  2662 top-level bindings, not side-effects on global references).
  2663 INCOMPATIBILITY, need to provide proper Isar context when invoking the
  2664 compiler at runtime; really global bindings need to be given outside a
  2665 theory.  (Requires Poly/ML 5.2 or later.)
  2666 
  2667 * Command 'ML_prf' is analogous to 'ML' but works within a proof
  2668 context.  Top-level ML bindings are stored within the proof context in
  2669 a purely sequential fashion, disregarding the nested proof structure.
  2670 ML bindings introduced by 'ML_prf' are discarded at the end of the
  2671 proof.  (Requires Poly/ML 5.2 or later.)
  2672 
  2673 * Simplified ML attribute and method setup, cf. functions Attrib.setup
  2674 and Method.setup, as well as Isar commands 'attribute_setup' and
  2675 'method_setup'.  INCOMPATIBILITY for 'method_setup', need to simplify
  2676 existing code accordingly, or use plain 'setup' together with old
  2677 Method.add_method.
  2678 
  2679 * Simplified ML oracle interface Thm.add_oracle promotes 'a -> cterm
  2680 to 'a -> thm, while results are always tagged with an authentic oracle
  2681 name.  The Isar command 'oracle' is now polymorphic, no argument type
  2682 is specified.  INCOMPATIBILITY, need to simplify existing oracle code
  2683 accordingly.  Note that extra performance may be gained by producing
  2684 the cterm carefully, avoiding slow Thm.cterm_of.
  2685 
  2686 * Simplified interface for defining document antiquotations via
  2687 ThyOutput.antiquotation, ThyOutput.output, and optionally
  2688 ThyOutput.maybe_pretty_source.  INCOMPATIBILITY, need to simplify user
  2689 antiquotations accordingly, see src/Pure/Thy/thy_output.ML for common
  2690 examples.
  2691 
  2692 * More systematic treatment of long names, abstract name bindings, and
  2693 name space operations.  Basic operations on qualified names have been
  2694 move from structure NameSpace to Long_Name, e.g. Long_Name.base_name,
  2695 Long_Name.append.  Old type bstring has been mostly replaced by
  2696 abstract type binding (see structure Binding), which supports precise
  2697 qualification by packages and local theory targets, as well as proper
  2698 tracking of source positions.  INCOMPATIBILITY, need to wrap old
  2699 bstring values into Binding.name, or better pass through abstract
  2700 bindings everywhere.  See further src/Pure/General/long_name.ML,
  2701 src/Pure/General/binding.ML and src/Pure/General/name_space.ML
  2702 
  2703 * Result facts (from PureThy.note_thms, ProofContext.note_thms,
  2704 LocalTheory.note etc.) now refer to the *full* internal name, not the
  2705 bstring as before.  INCOMPATIBILITY, not detected by ML type-checking!
  2706 
  2707 * Disposed old type and term read functions (Sign.read_def_typ,
  2708 Sign.read_typ, Sign.read_def_terms, Sign.read_term,
  2709 Thm.read_def_cterms, Thm.read_cterm etc.).  INCOMPATIBILITY, should
  2710 use regular Syntax.read_typ, Syntax.read_term, Syntax.read_typ_global,
  2711 Syntax.read_term_global etc.; see also OldGoals.read_term as last
  2712 resort for legacy applications.
  2713 
  2714 * Disposed old declarations, tactics, tactic combinators that refer to
  2715 the simpset or claset of an implicit theory (such as Addsimps,
  2716 Simp_tac, SIMPSET).  INCOMPATIBILITY, should use @{simpset} etc. in
  2717 embedded ML text, or local_simpset_of with a proper context passed as
  2718 explicit runtime argument.
  2719 
  2720 * Rules and tactics that read instantiations (read_instantiate,
  2721 res_inst_tac, thin_tac, subgoal_tac etc.) now demand a proper proof
  2722 context, which is required for parsing and type-checking.  Moreover,
  2723 the variables are specified as plain indexnames, not string encodings
  2724 thereof.  INCOMPATIBILITY.
  2725 
  2726 * Generic Toplevel.add_hook interface allows to analyze the result of
  2727 transactions.  E.g. see src/Pure/ProofGeneral/proof_general_pgip.ML
  2728 for theorem dependency output of transactions resulting in a new
  2729 theory state.
  2730 
  2731 * ML antiquotations: block-structured compilation context indicated by
  2732 \<lbrace> ... \<rbrace>; additional antiquotation forms:
  2733 
  2734   @{binding name}                         - basic name binding
  2735   @{let ?pat = term}                      - term abbreviation (HO matching)
  2736   @{note name = fact}                     - fact abbreviation
  2737   @{thm fact}                             - singleton fact (with attributes)
  2738   @{thms fact}                            - general fact (with attributes)
  2739   @{lemma prop by method}                 - singleton goal
  2740   @{lemma prop by meth1 meth2}            - singleton goal
  2741   @{lemma prop1 ... propN by method}      - general goal
  2742   @{lemma prop1 ... propN by meth1 meth2} - general goal
  2743   @{lemma (open) ...}                     - open derivation
  2744 
  2745 
  2746 *** System ***
  2747 
  2748 * The Isabelle "emacs" tool provides a specific interface to invoke
  2749 Proof General / Emacs, with more explicit failure if that is not
  2750 installed (the old isabelle-interface script silently falls back on
  2751 isabelle-process).  The PROOFGENERAL_HOME setting determines the
  2752 installation location of the Proof General distribution.
  2753 
  2754 * Isabelle/lib/classes/Pure.jar provides basic support to integrate
  2755 the Isabelle process into a JVM/Scala application.  See
  2756 Isabelle/lib/jedit/plugin for a minimal example.  (The obsolete Java
  2757 process wrapper has been discontinued.)
  2758 
  2759 * Added homegrown Isabelle font with unicode layout, see lib/fonts.
  2760 
  2761 * Various status messages (with exact source position information) are
  2762 emitted, if proper markup print mode is enabled.  This allows
  2763 user-interface components to provide detailed feedback on internal
  2764 prover operations.
  2765 
  2766 
  2767 
  2768 New in Isabelle2008 (June 2008)
  2769 -------------------------------
  2770 
  2771 *** General ***
  2772 
  2773 * The Isabelle/Isar Reference Manual (isar-ref) has been reorganized
  2774 and updated, with formally checked references as hyperlinks.
  2775 
  2776 * Theory loader: use_thy (and similar operations) no longer set the
  2777 implicit ML context, which was occasionally hard to predict and in
  2778 conflict with concurrency.  INCOMPATIBILITY, use ML within Isar which
  2779 provides a proper context already.
  2780 
  2781 * Theory loader: old-style ML proof scripts being *attached* to a thy
  2782 file are no longer supported.  INCOMPATIBILITY, regular 'uses' and
  2783 'use' within a theory file will do the job.
  2784 
  2785 * Name space merge now observes canonical order, i.e. the second space
  2786 is inserted into the first one, while existing entries in the first
  2787 space take precedence.  INCOMPATIBILITY in rare situations, may try to
  2788 swap theory imports.
  2789 
  2790 * Syntax: symbol \<chi> is now considered a letter.  Potential
  2791 INCOMPATIBILITY in identifier syntax etc.
  2792 
  2793 * Outer syntax: string tokens no longer admit escaped white space,
  2794 which was an accidental (undocumented) feature.  INCOMPATIBILITY, use
  2795 white space without escapes.
  2796 
  2797 * Outer syntax: string tokens may contain arbitrary character codes
  2798 specified via 3 decimal digits (as in SML).  E.g. "foo\095bar" for
  2799 "foo_bar".
  2800 
  2801 
  2802 *** Pure ***
  2803 
  2804 * Context-dependent token translations.  Default setup reverts locally
  2805 fixed variables, and adds hilite markup for undeclared frees.
  2806 
  2807 * Unused theorems can be found using the new command 'unused_thms'.
  2808 There are three ways of invoking it:
  2809 
  2810 (1) unused_thms
  2811      Only finds unused theorems in the current theory.
  2812 
  2813 (2) unused_thms thy_1 ... thy_n -
  2814      Finds unused theorems in the current theory and all of its ancestors,
  2815      excluding the theories thy_1 ... thy_n and all of their ancestors.
  2816 
  2817 (3) unused_thms thy_1 ... thy_n - thy'_1 ... thy'_m
  2818      Finds unused theorems in the theories thy'_1 ... thy'_m and all of
  2819      their ancestors, excluding the theories thy_1 ... thy_n and all of
  2820      their ancestors.
  2821 
  2822 In order to increase the readability of the list produced by
  2823 unused_thms, theorems that have been created by a particular instance
  2824 of a theory command such as 'inductive' or 'function' are considered
  2825 to belong to the same "group", meaning that if at least one theorem in
  2826 this group is used, the other theorems in the same group are no longer
  2827 reported as unused.  Moreover, if all theorems in the group are
  2828 unused, only one theorem in the group is displayed.
  2829 
  2830 Note that proof objects have to be switched on in order for
  2831 unused_thms to work properly (i.e. !proofs must be >= 1, which is
  2832 usually the case when using Proof General with the default settings).
  2833 
  2834 * Authentic naming of facts disallows ad-hoc overwriting of previous
  2835 theorems within the same name space.  INCOMPATIBILITY, need to remove
  2836 duplicate fact bindings, or even accidental fact duplications.  Note
  2837 that tools may maintain dynamically scoped facts systematically, using
  2838 PureThy.add_thms_dynamic.
  2839 
  2840 * Command 'hide' now allows to hide from "fact" name space as well.
  2841 
  2842 * Eliminated destructive theorem database, simpset, claset, and
  2843 clasimpset.  Potential INCOMPATIBILITY, really need to observe linear
  2844 update of theories within ML code.
  2845 
  2846 * Eliminated theory ProtoPure and CPure, leaving just one Pure theory.
  2847 INCOMPATIBILITY, object-logics depending on former Pure require
  2848 additional setup PureThy.old_appl_syntax_setup; object-logics
  2849 depending on former CPure need to refer to Pure.
  2850 
  2851 * Commands 'use' and 'ML' are now purely functional, operating on
  2852 theory/local_theory.  Removed former 'ML_setup' (on theory), use 'ML'
  2853 instead.  Added 'ML_val' as mere diagnostic replacement for 'ML'.
  2854 INCOMPATIBILITY.
  2855 
  2856 * Command 'setup': discontinued implicit version with ML reference.
  2857 
  2858 * Instantiation target allows for simultaneous specification of class
  2859 instance operations together with an instantiation proof.
  2860 Type-checking phase allows to refer to class operations uniformly.
  2861 See src/HOL/Complex/Complex.thy for an Isar example and
  2862 src/HOL/Library/Eval.thy for an ML example.
  2863 
  2864 * Indexing of literal facts: be more serious about including only
  2865 facts from the visible specification/proof context, but not the
  2866 background context (locale etc.).  Affects `prop` notation and method
  2867 "fact".  INCOMPATIBILITY: need to name facts explicitly in rare
  2868 situations.
  2869 
  2870 * Method "cases", "induct", "coinduct": removed obsolete/undocumented
  2871 "(open)" option, which used to expose internal bound variables to the
  2872 proof text.
  2873 
  2874 * Isar statements: removed obsolete case "rule_context".
  2875 INCOMPATIBILITY, better use explicit fixes/assumes.
  2876 
  2877 * Locale proofs: default proof step now includes 'unfold_locales';
  2878 hence 'proof' without argument may be used to unfold locale
  2879 predicates.
  2880 
  2881 
  2882 *** Document preparation ***
  2883 
  2884 * Simplified pdfsetup.sty: color/hyperref is used unconditionally for
  2885 both pdf and dvi (hyperlinks usually work in xdvi as well); removed
  2886 obsolete thumbpdf setup (contemporary PDF viewers do this on the
  2887 spot); renamed link color from "darkblue" to "linkcolor" (default
  2888 value unchanged, can be redefined via \definecolor); no longer sets
  2889 "a4paper" option (unnecessary or even intrusive).
  2890 
  2891 * Antiquotation @{lemma A method} proves proposition A by the given
  2892 method (either a method name or a method name plus (optional) method
  2893 arguments in parentheses) and prints A just like @{prop A}.
  2894 
  2895 
  2896 *** HOL ***
  2897 
  2898 * New primrec package.  Specification syntax conforms in style to
  2899 definition/function/....  No separate induction rule is provided.  The
  2900 "primrec" command distinguishes old-style and new-style specifications
  2901 by syntax.  The former primrec package is now named OldPrimrecPackage.
  2902 When adjusting theories, beware: constants stemming from new-style
  2903 primrec specifications have authentic syntax.
  2904 
  2905 * Metis prover is now an order of magnitude faster, and also works
  2906 with multithreading.
  2907 
  2908 * Metis: the maximum number of clauses that can be produced from a
  2909 theorem is now given by the attribute max_clauses.  Theorems that
  2910 exceed this number are ignored, with a warning printed.
  2911 
  2912 * Sledgehammer no longer produces structured proofs by default. To
  2913 enable, declare [[sledgehammer_full = true]].  Attributes
  2914 reconstruction_modulus, reconstruction_sorts renamed
  2915 sledgehammer_modulus, sledgehammer_sorts.  INCOMPATIBILITY.
  2916 
  2917 * Method "induct_scheme" derives user-specified induction rules
  2918 from well-founded induction and completeness of patterns. This factors
  2919 out some operations that are done internally by the function package
  2920 and makes them available separately.  See
  2921 src/HOL/ex/Induction_Scheme.thy for examples.
  2922 
  2923 * More flexible generation of measure functions for termination
  2924 proofs: Measure functions can be declared by proving a rule of the
  2925 form "is_measure f" and giving it the [measure_function] attribute.
  2926 The "is_measure" predicate is logically meaningless (always true), and
  2927 just guides the heuristic.  To find suitable measure functions, the
  2928 termination prover sets up the goal "is_measure ?f" of the appropriate
  2929 type and generates all solutions by prolog-style backwards proof using
  2930 the declared rules.
  2931 
  2932 This setup also deals with rules like 
  2933 
  2934   "is_measure f ==> is_measure (list_size f)"
  2935 
  2936 which accommodates nested datatypes that recurse through lists.
  2937 Similar rules are predeclared for products and option types.
  2938 
  2939 * Turned the type of sets "'a set" into an abbreviation for "'a => bool"
  2940 
  2941   INCOMPATIBILITIES:
  2942 
  2943   - Definitions of overloaded constants on sets have to be replaced by
  2944     definitions on => and bool.
  2945 
  2946   - Some definitions of overloaded operators on sets can now be proved
  2947     using the definitions of the operators on => and bool.  Therefore,
  2948     the following theorems have been renamed:
  2949 
  2950       subset_def   -> subset_eq
  2951       psubset_def  -> psubset_eq
  2952       set_diff_def -> set_diff_eq
  2953       Compl_def    -> Compl_eq
  2954       Sup_set_def  -> Sup_set_eq
  2955       Inf_set_def  -> Inf_set_eq
  2956       sup_set_def  -> sup_set_eq
  2957       inf_set_def  -> inf_set_eq
  2958 
  2959   - Due to the incompleteness of the HO unification algorithm, some
  2960     rules such as subst may require manual instantiation, if some of
  2961     the unknowns in the rule is a set.
  2962 
  2963   - Higher order unification and forward proofs:
  2964     The proof pattern
  2965 
  2966       have "P (S::'a set)" <...>
  2967       then have "EX S. P S" ..
  2968 
  2969     no longer works (due to the incompleteness of the HO unification
  2970     algorithm) and must be replaced by the pattern
  2971 
  2972       have "EX S. P S"
  2973       proof
  2974         show "P S" <...>
  2975       qed
  2976 
  2977   - Calculational reasoning with subst (or similar rules):
  2978     The proof pattern
  2979 
  2980       have "P (S::'a set)" <...>
  2981       also have "S = T" <...>
  2982       finally have "P T" .
  2983 
  2984     no longer works (for similar reasons as the previous example) and
  2985     must be replaced by something like
  2986 
  2987       have "P (S::'a set)" <...>
  2988       moreover have "S = T" <...>
  2989       ultimately have "P T" by simp
  2990 
  2991   - Tactics or packages written in ML code:
  2992     Code performing pattern matching on types via
  2993 
  2994       Type ("set", [T]) => ...
  2995 
  2996     must be rewritten. Moreover, functions like strip_type or
  2997     binder_types no longer return the right value when applied to a
  2998     type of the form
  2999 
  3000       T1 => ... => Tn => U => bool
  3001 
  3002     rather than
  3003 
  3004       T1 => ... => Tn => U set
  3005 
  3006 * Merged theories Wellfounded_Recursion, Accessible_Part and
  3007 Wellfounded_Relations to theory Wellfounded.
  3008 
  3009 * Explicit class "eq" for executable equality.  INCOMPATIBILITY.
  3010 
  3011 * Class finite no longer treats UNIV as class parameter.  Use class
  3012 enum from theory Library/Enum instead to achieve a similar effect.
  3013 INCOMPATIBILITY.
  3014 
  3015 * Theory List: rule list_induct2 now has explicitly named cases "Nil"
  3016 and "Cons".  INCOMPATIBILITY.
  3017 
  3018 * HOL (and FOL): renamed variables in rules imp_elim and swap.
  3019 Potential INCOMPATIBILITY.
  3020 
  3021 * Theory Product_Type: duplicated lemmas split_Pair_apply and
  3022 injective_fst_snd removed, use split_eta and prod_eqI instead.
  3023 Renamed upd_fst to apfst and upd_snd to apsnd.  INCOMPATIBILITY.
  3024 
  3025 * Theory Nat: removed redundant lemmas that merely duplicate lemmas of
  3026 the same name in theory Orderings:
  3027 
  3028   less_trans
  3029   less_linear
  3030   le_imp_less_or_eq
  3031   le_less_trans
  3032   less_le_trans
  3033   less_not_sym
  3034   less_asym
  3035 
  3036 Renamed less_imp_le to less_imp_le_nat, and less_irrefl to
  3037 less_irrefl_nat.  Potential INCOMPATIBILITY due to more general types
  3038 and different variable names.
  3039 
  3040 * Library/Option_ord.thy: Canonical order on option type.
  3041 
  3042 * Library/RBT.thy: Red-black trees, an efficient implementation of
  3043 finite maps.
  3044 
  3045 * Library/Countable.thy: Type class for countable types.
  3046 
  3047 * Theory Int: The representation of numerals has changed.  The infix
  3048 operator BIT and the bit datatype with constructors B0 and B1 have
  3049 disappeared.  INCOMPATIBILITY, use "Int.Bit0 x" and "Int.Bit1 y" in
  3050 place of "x BIT bit.B0" and "y BIT bit.B1", respectively.  Theorems
  3051 involving BIT, B0, or B1 have been renamed with "Bit0" or "Bit1"
  3052 accordingly.
  3053 
  3054 * Theory Nat: definition of <= and < on natural numbers no longer
  3055 depend on well-founded relations.  INCOMPATIBILITY.  Definitions
  3056 le_def and less_def have disappeared.  Consider lemmas not_less
  3057 [symmetric, where ?'a = nat] and less_eq [symmetric] instead.
  3058 
  3059 * Theory Finite_Set: locales ACf, ACe, ACIf, ACIfSL and ACIfSLlin
  3060 (whose purpose mainly is for various fold_set functionals) have been
  3061 abandoned in favor of the existing algebraic classes
  3062 ab_semigroup_mult, comm_monoid_mult, ab_semigroup_idem_mult,
  3063 lower_semilattice (resp. upper_semilattice) and linorder.
  3064 INCOMPATIBILITY.
  3065 
  3066 * Theory Transitive_Closure: induct and cases rules now declare proper
  3067 case_names ("base" and "step").  INCOMPATIBILITY.
  3068 
  3069 * Theorem Inductive.lfp_ordinal_induct generalized to complete
  3070 lattices.  The form set-specific version is available as
  3071 Inductive.lfp_ordinal_induct_set.
  3072 
  3073 * Renamed theorems "power.simps" to "power_int.simps".
  3074 INCOMPATIBILITY.
  3075 
  3076 * Class semiring_div provides basic abstract properties of semirings
  3077 with division and modulo operations.  Subsumes former class dvd_mod.
  3078 
  3079 * Merged theories IntDef, Numeral and IntArith into unified theory
  3080 Int.  INCOMPATIBILITY.
  3081 
  3082 * Theory Library/Code_Index: type "index" now represents natural
  3083 numbers rather than integers.  INCOMPATIBILITY.
  3084 
  3085 * New class "uminus" with operation "uminus" (split of from class
  3086 "minus" which now only has operation "minus", binary).
  3087 INCOMPATIBILITY.
  3088 
  3089 * Constants "card", "internal_split", "option_map" now with authentic
  3090 syntax.  INCOMPATIBILITY.
  3091 
  3092 * Definitions subset_def, psubset_def, set_diff_def, Compl_def,
  3093 le_bool_def, less_bool_def, le_fun_def, less_fun_def, inf_bool_def,
  3094 sup_bool_def, Inf_bool_def, Sup_bool_def, inf_fun_def, sup_fun_def,
  3095 Inf_fun_def, Sup_fun_def, inf_set_def, sup_set_def, Inf_set_def,
  3096 Sup_set_def, le_def, less_def, option_map_def now with object
  3097 equality.  INCOMPATIBILITY.
  3098 
  3099 * Records. Removed K_record, and replaced it by pure lambda term
  3100 %x. c. The simplifier setup is now more robust against eta expansion.
  3101 INCOMPATIBILITY: in cases explicitly referring to K_record.
  3102 
  3103 * Library/Multiset: {#a, b, c#} abbreviates {#a#} + {#b#} + {#c#}.
  3104 
  3105 * Library/ListVector: new theory of arithmetic vector operations.
  3106 
  3107 * Library/Order_Relation: new theory of various orderings as sets of
  3108 pairs.  Defines preorders, partial orders, linear orders and
  3109 well-orders on sets and on types.
  3110 
  3111 
  3112 *** ZF ***
  3113 
  3114 * Renamed some theories to allow to loading both ZF and HOL in the
  3115 same session:
  3116 
  3117   Datatype  -> Datatype_ZF
  3118   Inductive -> Inductive_ZF
  3119   Int       -> Int_ZF
  3120   IntDiv    -> IntDiv_ZF
  3121   Nat       -> Nat_ZF
  3122   List      -> List_ZF
  3123   Main      -> Main_ZF
  3124 
  3125 INCOMPATIBILITY: ZF theories that import individual theories below
  3126 Main might need to be adapted.  Regular theory Main is still
  3127 available, as trivial extension of Main_ZF.
  3128 
  3129 
  3130 *** ML ***
  3131 
  3132 * ML within Isar: antiquotation @{const name} or @{const
  3133 name(typargs)} produces statically-checked Const term.
  3134 
  3135 * Functor NamedThmsFun: data is available to the user as dynamic fact
  3136 (of the same name).  Removed obsolete print command.
  3137 
  3138 * Removed obsolete "use_legacy_bindings" function.
  3139 
  3140 * The ``print mode'' is now a thread-local value derived from a global
  3141 template (the former print_mode reference), thus access becomes
  3142 non-critical.  The global print_mode reference is for session
  3143 management only; user-code should use print_mode_value,
  3144 print_mode_active, PrintMode.setmp etc.  INCOMPATIBILITY.
  3145 
  3146 * Functions system/system_out provide a robust way to invoke external
  3147 shell commands, with propagation of interrupts (requires Poly/ML
  3148 5.2.1).  Do not use OS.Process.system etc. from the basis library!
  3149 
  3150 
  3151 *** System ***
  3152 
  3153 * Default settings: PROOFGENERAL_OPTIONS no longer impose xemacs ---
  3154 in accordance with Proof General 3.7, which prefers GNU emacs.
  3155 
  3156 * isatool tty runs Isabelle process with plain tty interaction;
  3157 optional line editor may be specified via ISABELLE_LINE_EDITOR
  3158 setting, the default settings attempt to locate "ledit" and "rlwrap".
  3159 
  3160 * isatool browser now works with Cygwin as well, using general
  3161 "javapath" function defined in Isabelle process environment.
  3162 
  3163 * YXML notation provides a simple and efficient alternative to
  3164 standard XML transfer syntax.  See src/Pure/General/yxml.ML and
  3165 isatool yxml as described in the Isabelle system manual.
  3166 
  3167 * JVM class isabelle.IsabelleProcess (located in Isabelle/lib/classes)
  3168 provides general wrapper for managing an Isabelle process in a robust
  3169 fashion, with ``cooked'' output from stdin/stderr.
  3170 
  3171 * Rudimentary Isabelle plugin for jEdit (see Isabelle/lib/jedit),
  3172 based on Isabelle/JVM process wrapper (see Isabelle/lib/classes).
  3173 
  3174 * Removed obsolete THIS_IS_ISABELLE_BUILD feature.  NB: the documented
  3175 way of changing the user's settings is via
  3176 ISABELLE_HOME_USER/etc/settings, which is a fully featured bash
  3177 script.
  3178 
  3179 * Multithreading.max_threads := 0 refers to the number of actual CPU
  3180 cores of the underlying machine, which is a good starting point for
  3181 optimal performance tuning.  The corresponding usedir option -M allows
  3182 "max" as an alias for "0".  WARNING: does not work on certain versions
  3183 of Mac OS (with Poly/ML 5.1).
  3184 
  3185 * isabelle-process: non-ML sessions are run with "nice", to reduce the
  3186 adverse effect of Isabelle flooding interactive front-ends (notably
  3187 ProofGeneral / XEmacs).
  3188 
  3189 
  3190 
  3191 New in Isabelle2007 (November 2007)
  3192 -----------------------------------
  3193 
  3194 *** General ***
  3195 
  3196 * More uniform information about legacy features, notably a
  3197 warning/error of "Legacy feature: ...", depending on the state of the
  3198 tolerate_legacy_features flag (default true). FUTURE INCOMPATIBILITY:
  3199 legacy features will disappear eventually.
  3200 
  3201 * Theory syntax: the header format ``theory A = B + C:'' has been
  3202 discontinued in favour of ``theory A imports B C begin''.  Use isatool
  3203 fixheaders to convert existing theory files.  INCOMPATIBILITY.
  3204 
  3205 * Theory syntax: the old non-Isar theory file format has been
  3206 discontinued altogether.  Note that ML proof scripts may still be used
  3207 with Isar theories; migration is usually quite simple with the ML
  3208 function use_legacy_bindings.  INCOMPATIBILITY.
  3209 
  3210 * Theory syntax: some popular names (e.g. 'class', 'declaration',
  3211 'fun', 'help', 'if') are now keywords.  INCOMPATIBILITY, use double
  3212 quotes.
  3213 
  3214 * Theory loader: be more serious about observing the static theory
  3215 header specifications (including optional directories), but not the
  3216 accidental file locations of previously successful loads.  The strict
  3217 update policy of former update_thy is now already performed by
  3218 use_thy, so the former has been removed; use_thys updates several
  3219 theories simultaneously, just as 'imports' within a theory header
  3220 specification, but without merging the results.  Potential
  3221 INCOMPATIBILITY: may need to refine theory headers and commands
  3222 ROOT.ML which depend on load order.
  3223 
  3224 * Theory loader: optional support for content-based file
  3225 identification, instead of the traditional scheme of full physical
  3226 path plus date stamp; configured by the ISABELLE_FILE_IDENT setting
  3227 (cf. the system manual).  The new scheme allows to work with
  3228 non-finished theories in persistent session images, such that source
  3229 files may be moved later on without requiring reloads.
  3230 
  3231 * Theory loader: old-style ML proof scripts being *attached* to a thy
  3232 file (with the same base name as the theory) are considered a legacy
  3233 feature, which will disappear eventually. Even now, the theory loader
  3234 no longer maintains dependencies on such files.
  3235 
  3236 * Syntax: the scope for resolving ambiguities via type-inference is
  3237 now limited to individual terms, instead of whole simultaneous
  3238 specifications as before. This greatly reduces the complexity of the
  3239 syntax module and improves flexibility by separating parsing and
  3240 type-checking. INCOMPATIBILITY: additional type-constraints (explicit
  3241 'fixes' etc.) are required in rare situations.
  3242 
  3243 * Syntax: constants introduced by new-style packages ('definition',
  3244 'abbreviation' etc.) are passed through the syntax module in
  3245 ``authentic mode''. This means that associated mixfix annotations
  3246 really stick to such constants, independently of potential name space
  3247 ambiguities introduced later on. INCOMPATIBILITY: constants in parse
  3248 trees are represented slightly differently, may need to adapt syntax
  3249 translations accordingly. Use CONST marker in 'translations' and
  3250 @{const_syntax} antiquotation in 'parse_translation' etc.
  3251 
  3252 * Legacy goal package: reduced interface to the bare minimum required
  3253 to keep existing proof scripts running.  Most other user-level
  3254 functions are now part of the OldGoals structure, which is *not* open
  3255 by default (consider isatool expandshort before open OldGoals).
  3256 Removed top_sg, prin, printyp, pprint_term/typ altogether, because
  3257 these tend to cause confusion about the actual goal (!) context being
  3258 used here, which is not necessarily the same as the_context().
  3259 
  3260 * Command 'find_theorems': supports "*" wild-card in "name:"
  3261 criterion; "with_dups" option.  Certain ProofGeneral versions might
  3262 support a specific search form (see ProofGeneral/CHANGES).
  3263 
  3264 * The ``prems limit'' option (cf. ProofContext.prems_limit) is now -1
  3265 by default, which means that "prems" (and also "fixed variables") are
  3266 suppressed from proof state output.  Note that the ProofGeneral
  3267 settings mechanism allows to change and save options persistently, but
  3268 older versions of Isabelle will fail to start up if a negative prems
  3269 limit is imposed.
  3270 
  3271 * Local theory targets may be specified by non-nested blocks of
  3272 ``context/locale/class ... begin'' followed by ``end''.  The body may
  3273 contain definitions, theorems etc., including any derived mechanism
  3274 that has been implemented on top of these primitives.  This concept
  3275 generalizes the existing ``theorem (in ...)'' towards more versatility
  3276 and scalability.
  3277 
  3278 * Proof General interface: proper undo of final 'end' command;
  3279 discontinued Isabelle/classic mode (ML proof scripts).
  3280 
  3281 
  3282 *** Document preparation ***
  3283 
  3284 * Added antiquotation @{theory name} which prints the given name,
  3285 after checking that it refers to a valid ancestor theory in the
  3286 current context.
  3287 
  3288 * Added antiquotations @{ML_type text} and @{ML_struct text} which
  3289 check the given source text as ML type/structure, printing verbatim.
  3290 
  3291 * Added antiquotation @{abbrev "c args"} which prints the abbreviation
  3292 "c args == rhs" given in the current context.  (Any number of
  3293 arguments may be given on the LHS.)
  3294 
  3295 
  3296 *** Pure ***
  3297 
  3298 * The 'class' package offers a combination of axclass and locale to
  3299 achieve Haskell-like type classes in Isabelle.  Definitions and
  3300 theorems within a class context produce both relative results (with
  3301 implicit parameters according to the locale context), and polymorphic
  3302 constants with qualified polymorphism (according to the class
  3303 context).  Within the body context of a 'class' target, a separate
  3304 syntax layer ("user space type system") takes care of converting
  3305 between global polymorphic consts and internal locale representation.
  3306 See src/HOL/ex/Classpackage.thy for examples (as well as main HOL).
  3307 "isatool doc classes" provides a tutorial.
  3308 
  3309 * Generic code generator framework allows to generate executable
  3310 code for ML and Haskell (including Isabelle classes).  A short usage
  3311 sketch:
  3312 
  3313     internal compilation:
  3314         export_code <list of constants (term syntax)> in SML
  3315     writing SML code to a file:
  3316         export_code <list of constants (term syntax)> in SML <filename>
  3317     writing OCaml code to a file:
  3318         export_code <list of constants (term syntax)> in OCaml <filename>
  3319     writing Haskell code to a bunch of files:
  3320         export_code <list of constants (term syntax)> in Haskell <filename>
  3321 
  3322     evaluating closed propositions to True/False using code generation:
  3323         method ``eval''
  3324 
  3325 Reasonable default setup of framework in HOL.
  3326 
  3327 Theorem attributs for selecting and transforming function equations theorems:
  3328 
  3329     [code fun]:        select a theorem as function equation for a specific constant
  3330     [code fun del]:    deselect a theorem as function equation for a specific constant
  3331     [code inline]:     select an equation theorem for unfolding (inlining) in place
  3332     [code inline del]: deselect an equation theorem for unfolding (inlining) in place
  3333 
  3334 User-defined serializations (target in {SML, OCaml, Haskell}):
  3335 
  3336     code_const <and-list of constants (term syntax)>
  3337       {(target) <and-list of const target syntax>}+
  3338 
  3339     code_type <and-list of type constructors>
  3340       {(target) <and-list of type target syntax>}+
  3341 
  3342     code_instance <and-list of instances>
  3343       {(target)}+
  3344         where instance ::= <type constructor> :: <class>
  3345 
  3346     code_class <and_list of classes>
  3347       {(target) <and-list of class target syntax>}+
  3348         where class target syntax ::= <class name> {where {<classop> == <target syntax>}+}?
  3349 
  3350 code_instance and code_class only are effective to target Haskell.
  3351 
  3352 For example usage see src/HOL/ex/Codegenerator.thy and
  3353 src/HOL/ex/Codegenerator_Pretty.thy.  A separate tutorial on code
  3354 generation from Isabelle/HOL theories is available via "isatool doc
  3355 codegen".
  3356 
  3357 * Code generator: consts in 'consts_code' Isar commands are now
  3358 referred to by usual term syntax (including optional type
  3359 annotations).
  3360 
  3361 * Command 'no_translations' removes translation rules from theory
  3362 syntax.
  3363 
  3364 * Overloaded definitions are now actually checked for acyclic
  3365 dependencies.  The overloading scheme is slightly more general than
  3366 that of Haskell98, although Isabelle does not demand an exact
  3367 correspondence to type class and instance declarations.
  3368 INCOMPATIBILITY, use ``defs (unchecked overloaded)'' to admit more
  3369 exotic versions of overloading -- at the discretion of the user!
  3370 
  3371 Polymorphic constants are represented via type arguments, i.e. the
  3372 instantiation that matches an instance against the most general
  3373 declaration given in the signature.  For example, with the declaration
  3374 c :: 'a => 'a => 'a, an instance c :: nat => nat => nat is represented
  3375 as c(nat).  Overloading is essentially simultaneous structural
  3376 recursion over such type arguments.  Incomplete specification patterns
  3377 impose global constraints on all occurrences, e.g. c('a * 'a) on the
  3378 LHS means that more general c('a * 'b) will be disallowed on any RHS.
  3379 Command 'print_theory' outputs the normalized system of recursive
  3380 equations, see section "definitions".
  3381 
  3382 * Configuration options are maintained within the theory or proof
  3383 context (with name and type bool/int/string), providing a very simple
  3384 interface to a poor-man's version of general context data.  Tools may
  3385 declare options in ML (e.g. using Attrib.config_int) and then refer to
  3386 these values using Config.get etc.  Users may change options via an
  3387 associated attribute of the same name.  This form of context
  3388 declaration works particularly well with commands 'declare' or
  3389 'using', for example ``declare [[foo = 42]]''.  Thus it has become
  3390 very easy to avoid global references, which would not observe Isar
  3391 toplevel undo/redo and fail to work with multithreading.
  3392 
  3393 Various global ML references of Pure and HOL have been turned into
  3394 configuration options:
  3395 
  3396   Unify.search_bound		unify_search_bound
  3397   Unify.trace_bound		unify_trace_bound
  3398   Unify.trace_simp		unify_trace_simp
  3399   Unify.trace_types		unify_trace_types
  3400   Simplifier.simp_depth_limit	simp_depth_limit
  3401   Blast.depth_limit		blast_depth_limit
  3402   DatatypeProp.dtK		datatype_distinctness_limit
  3403   fast_arith_neq_limit  	fast_arith_neq_limit
  3404   fast_arith_split_limit	fast_arith_split_limit
  3405 
  3406 * Named collections of theorems may be easily installed as context
  3407 data using the functor NamedThmsFun (see also
  3408 src/Pure/Tools/named_thms.ML).  The user may add or delete facts via
  3409 attributes; there is also a toplevel print command.  This facility is
  3410 just a common case of general context data, which is the preferred way
  3411 for anything more complex than just a list of facts in canonical
  3412 order.
  3413 
  3414 * Isar: command 'declaration' augments a local theory by generic
  3415 declaration functions written in ML.  This enables arbitrary content
  3416 being added to the context, depending on a morphism that tells the
  3417 difference of the original declaration context wrt. the application
  3418 context encountered later on.
  3419 
  3420 * Isar: proper interfaces for simplification procedures.  Command
  3421 'simproc_setup' declares named simprocs (with match patterns, and body
  3422 text in ML).  Attribute "simproc" adds/deletes simprocs in the current
  3423 context.  ML antiquotation @{simproc name} retrieves named simprocs.
  3424 
  3425 * Isar: an extra pair of brackets around attribute declarations
  3426 abbreviates a theorem reference involving an internal dummy fact,
  3427 which will be ignored later --- only the effect of the attribute on
  3428 the background context will persist.  This form of in-place
  3429 declarations is particularly useful with commands like 'declare' and
  3430 'using', for example ``have A using [[simproc a]] by simp''.
  3431 
  3432 * Isar: method "assumption" (and implicit closing of subproofs) now
  3433 takes simple non-atomic goal assumptions into account: after applying
  3434 an assumption as a rule the resulting subgoals are solved by atomic
  3435 assumption steps.  This is particularly useful to finish 'obtain'
  3436 goals, such as "!!x. (!!x. P x ==> thesis) ==> P x ==> thesis",
  3437 without referring to the original premise "!!x. P x ==> thesis" in the
  3438 Isar proof context.  POTENTIAL INCOMPATIBILITY: method "assumption" is
  3439 more permissive.
  3440 
  3441 * Isar: implicit use of prems from the Isar proof context is
  3442 considered a legacy feature.  Common applications like ``have A .''
  3443 may be replaced by ``have A by fact'' or ``note `A`''.  In general,
  3444 referencing facts explicitly here improves readability and
  3445 maintainability of proof texts.
  3446 
  3447 * Isar: improper proof element 'guess' is like 'obtain', but derives
  3448 the obtained context from the course of reasoning!  For example:
  3449 
  3450   assume "EX x y. A x & B y"   -- "any previous fact"
  3451   then guess x and y by clarify
  3452 
  3453 This technique is potentially adventurous, depending on the facts and
  3454 proof tools being involved here.
  3455 
  3456 * Isar: known facts from the proof context may be specified as literal
  3457 propositions, using ASCII back-quote syntax.  This works wherever
  3458 named facts used to be allowed so far, in proof commands, proof
  3459 methods, attributes etc.  Literal facts are retrieved from the context
  3460 according to unification of type and term parameters.  For example,
  3461 provided that "A" and "A ==> B" and "!!x. P x ==> Q x" are known
  3462 theorems in the current context, then these are valid literal facts:
  3463 `A` and `A ==> B` and `!!x. P x ==> Q x" as well as `P a ==> Q a` etc.
  3464 
  3465 There is also a proof method "fact" which does the same composition
  3466 for explicit goal states, e.g. the following proof texts coincide with
  3467 certain special cases of literal facts:
  3468 
  3469   have "A" by fact                 ==  note `A`
  3470   have "A ==> B" by fact           ==  note `A ==> B`
  3471   have "!!x. P x ==> Q x" by fact  ==  note `!!x. P x ==> Q x`
  3472   have "P a ==> Q a" by fact       ==  note `P a ==> Q a`
  3473 
  3474 * Isar: ":" (colon) is no longer a symbolic identifier character in
  3475 outer syntax.  Thus symbolic identifiers may be used without
  3476 additional white space in declarations like this: ``assume *: A''.
  3477 
  3478 * Isar: 'print_facts' prints all local facts of the current context,
  3479 both named and unnamed ones.
  3480 
  3481 * Isar: 'def' now admits simultaneous definitions, e.g.:
  3482 
  3483   def x == "t" and y == "u"
  3484 
  3485 * Isar: added command 'unfolding', which is structurally similar to
  3486 'using', but affects both the goal state and facts by unfolding given
  3487 rewrite rules.  Thus many occurrences of the 'unfold' method or
  3488 'unfolded' attribute may be replaced by first-class proof text.
  3489 
  3490 * Isar: methods 'unfold' / 'fold', attributes 'unfolded' / 'folded',
  3491 and command 'unfolding' now all support object-level equalities
  3492 (potentially conditional).  The underlying notion of rewrite rule is
  3493 analogous to the 'rule_format' attribute, but *not* that of the
  3494 Simplifier (which is usually more generous).
  3495 
  3496 * Isar: the new attribute [rotated n] (default n = 1) rotates the
  3497 premises of a theorem by n. Useful in conjunction with drule.
  3498 
  3499 * Isar: the goal restriction operator [N] (default N = 1) evaluates a
  3500 method expression within a sandbox consisting of the first N
  3501 sub-goals, which need to exist.  For example, ``simp_all [3]''
  3502 simplifies the first three sub-goals, while (rule foo, simp_all)[]
  3503 simplifies all new goals that emerge from applying rule foo to the
  3504 originally first one.
  3505 
  3506 * Isar: schematic goals are no longer restricted to higher-order
  3507 patterns; e.g. ``lemma "?P(?x)" by (rule TrueI)'' now works as
  3508 expected.
  3509 
  3510 * Isar: the conclusion of a long theorem statement is now either
  3511 'shows' (a simultaneous conjunction, as before), or 'obtains'
  3512 (essentially a disjunction of cases with local parameters and
  3513 assumptions).  The latter allows to express general elimination rules
  3514 adequately; in this notation common elimination rules look like this:
  3515 
  3516   lemma exE:    -- "EX x. P x ==> (!!x. P x ==> thesis) ==> thesis"
  3517     assumes "EX x. P x"
  3518     obtains x where "P x"
  3519 
  3520   lemma conjE:  -- "A & B ==> (A ==> B ==> thesis) ==> thesis"
  3521     assumes "A & B"
  3522     obtains A and B
  3523 
  3524   lemma disjE:  -- "A | B ==> (A ==> thesis) ==> (B ==> thesis) ==> thesis"
  3525     assumes "A | B"
  3526     obtains
  3527       A
  3528     | B
  3529 
  3530 The subsequent classical rules even refer to the formal "thesis"
  3531 explicitly:
  3532 
  3533   lemma classical:     -- "(~ thesis ==> thesis) ==> thesis"
  3534     obtains "~ thesis"
  3535 
  3536   lemma Peirce's_Law:  -- "((thesis ==> something) ==> thesis) ==> thesis"
  3537     obtains "thesis ==> something"
  3538 
  3539 The actual proof of an 'obtains' statement is analogous to that of the
  3540 Isar proof element 'obtain', only that there may be several cases.
  3541 Optional case names may be specified in parentheses; these will be
  3542 available both in the present proof and as annotations in the
  3543 resulting rule, for later use with the 'cases' method (cf. attribute
  3544 case_names).
  3545 
  3546 * Isar: the assumptions of a long theorem statement are available as
  3547 "assms" fact in the proof context.  This is more appropriate than the
  3548 (historical) "prems", which refers to all assumptions of the current
  3549 context, including those from the target locale, proof body etc.
  3550 
  3551 * Isar: 'print_statement' prints theorems from the current theory or
  3552 proof context in long statement form, according to the syntax of a
  3553 top-level lemma.
  3554 
  3555 * Isar: 'obtain' takes an optional case name for the local context
  3556 introduction rule (default "that").
  3557 
  3558 * Isar: removed obsolete 'concl is' patterns.  INCOMPATIBILITY, use
  3559 explicit (is "_ ==> ?foo") in the rare cases where this still happens
  3560 to occur.
  3561 
  3562 * Pure: syntax "CONST name" produces a fully internalized constant
  3563 according to the current context.  This is particularly useful for
  3564 syntax translations that should refer to internal constant
  3565 representations independently of name spaces.
  3566 
  3567 * Pure: syntax constant for foo (binder "FOO ") is called "foo_binder"
  3568 instead of "FOO ". This allows multiple binder declarations to coexist
  3569 in the same context.  INCOMPATIBILITY.
  3570 
  3571 * Isar/locales: 'notation' provides a robust interface to the 'syntax'
  3572 primitive that also works in a locale context (both for constants and
  3573 fixed variables). Type declaration and internal syntactic representation
  3574 of given constants retrieved from the context. Likewise, the
  3575 'no_notation' command allows to remove given syntax annotations from the
  3576 current context.
  3577 
  3578 * Isar/locales: new derived specification elements 'axiomatization',
  3579 'definition', 'abbreviation', which support type-inference, admit
  3580 object-level specifications (equality, equivalence).  See also the
  3581 isar-ref manual.  Examples:
  3582 
  3583   axiomatization
  3584     eq  (infix "===" 50) where
  3585     eq_refl: "x === x" and eq_subst: "x === y ==> P x ==> P y"
  3586 
  3587   definition "f x y = x + y + 1"
  3588   definition g where "g x = f x x"
  3589 
  3590   abbreviation
  3591     neq  (infix "=!=" 50) where
  3592     "x =!= y == ~ (x === y)"
  3593 
  3594 These specifications may be also used in a locale context.  Then the
  3595 constants being introduced depend on certain fixed parameters, and the
  3596 constant name is qualified by the locale base name.  An internal
  3597 abbreviation takes care for convenient input and output, making the
  3598 parameters implicit and using the original short name.  See also
  3599 src/HOL/ex/Abstract_NAT.thy for an example of deriving polymorphic
  3600 entities from a monomorphic theory.
  3601 
  3602 Presently, abbreviations are only available 'in' a target locale, but
  3603 not inherited by general import expressions.  Also note that
  3604 'abbreviation' may be used as a type-safe replacement for 'syntax' +
  3605 'translations' in common applications.  The "no_abbrevs" print mode
  3606 prevents folding of abbreviations in term output.
  3607 
  3608 Concrete syntax is attached to specified constants in internal form,
  3609 independently of name spaces.  The parse tree representation is
  3610 slightly different -- use 'notation' instead of raw 'syntax', and
  3611 'translations' with explicit "CONST" markup to accommodate this.
  3612 
  3613 * Pure/Isar: unified syntax for new-style specification mechanisms
  3614 (e.g.  'definition', 'abbreviation', or 'inductive' in HOL) admits
  3615 full type inference and dummy patterns ("_").  For example:
  3616 
  3617   definition "K x _ = x"
  3618 
  3619   inductive conj for A B
  3620   where "A ==> B ==> conj A B"
  3621 
  3622 * Pure: command 'print_abbrevs' prints all constant abbreviations of
  3623 the current context.  Print mode "no_abbrevs" prevents inversion of
  3624 abbreviations on output.
  3625 
  3626 * Isar/locales: improved parameter handling: use of locales "var" and
  3627 "struct" no longer necessary; - parameter renamings are no longer
  3628 required to be injective.  For example, this allows to define
  3629 endomorphisms as locale endom = homom mult mult h.
  3630 
  3631 * Isar/locales: changed the way locales with predicates are defined.
  3632 Instead of accumulating the specification, the imported expression is
  3633 now an interpretation.  INCOMPATIBILITY: different normal form of
  3634 locale expressions.  In particular, in interpretations of locales with
  3635 predicates, goals repesenting already interpreted fragments are not
  3636 removed automatically.  Use methods `intro_locales' and
  3637 `unfold_locales'; see below.
  3638 
  3639 * Isar/locales: new methods `intro_locales' and `unfold_locales'
  3640 provide backward reasoning on locales predicates.  The methods are
  3641 aware of interpretations and discharge corresponding goals.
  3642 `intro_locales' is less aggressive then `unfold_locales' and does not
  3643 unfold predicates to assumptions.
  3644 
  3645 * Isar/locales: the order in which locale fragments are accumulated
  3646 has changed.  This enables to override declarations from fragments due
  3647 to interpretations -- for example, unwanted simp rules.
  3648 
  3649 * Isar/locales: interpretation in theories and proof contexts has been
  3650 extended.  One may now specify (and prove) equations, which are
  3651 unfolded in interpreted theorems.  This is useful for replacing
  3652 defined concepts (constants depending on locale parameters) by
  3653 concepts already existing in the target context.  Example:
  3654 
  3655   interpretation partial_order ["op <= :: [int, int] => bool"]
  3656     where "partial_order.less (op <=) (x::int) y = (x < y)"
  3657 
  3658 Typically, the constant `partial_order.less' is created by a
  3659 definition specification element in the context of locale
  3660 partial_order.
  3661 
  3662 * Method "induct": improved internal context management to support
  3663 local fixes and defines on-the-fly. Thus explicit meta-level
  3664 connectives !!  and ==> are rarely required anymore in inductive goals
  3665 (using object-logic connectives for this purpose has been long
  3666 obsolete anyway). Common proof patterns are explained in
  3667 src/HOL/Induct/Common_Patterns.thy, see also
  3668 src/HOL/Isar_examples/Puzzle.thy and src/HOL/Lambda for realistic
  3669 examples.
  3670 
  3671 * Method "induct": improved handling of simultaneous goals. Instead of
  3672 introducing object-level conjunction, the statement is now split into
  3673 several conclusions, while the corresponding symbolic cases are nested
  3674 accordingly. INCOMPATIBILITY, proofs need to be structured explicitly,
  3675 see src/HOL/Induct/Common_Patterns.thy, for example.
  3676 
  3677 * Method "induct": mutual induction rules are now specified as a list
  3678 of rule sharing the same induction cases. HOL packages usually provide
  3679 foo_bar.inducts for mutually defined items foo and bar (e.g. inductive
  3680 predicates/sets or datatypes). INCOMPATIBILITY, users need to specify
  3681 mutual induction rules differently, i.e. like this:
  3682 
  3683   (induct rule: foo_bar.inducts)
  3684   (induct set: foo bar)
  3685   (induct pred: foo bar)
  3686   (induct type: foo bar)
  3687 
  3688 The ML function ProjectRule.projections turns old-style rules into the
  3689 new format.
  3690 
  3691 * Method "coinduct": dual of induction, see
  3692 src/HOL/Library/Coinductive_List.thy for various examples.
  3693 
  3694 * Method "cases", "induct", "coinduct": the ``(open)'' option is
  3695 considered a legacy feature.
  3696 
  3697 * Attribute "symmetric" produces result with standardized schematic
  3698 variables (index 0).  Potential INCOMPATIBILITY.
  3699 
  3700 * Simplifier: by default the simplifier trace only shows top level
  3701 rewrites now. That is, trace_simp_depth_limit is set to 1 by
  3702 default. Thus there is less danger of being flooded by the trace. The
  3703 trace indicates where parts have been suppressed.
  3704   
  3705 * Provers/classical: removed obsolete classical version of elim_format
  3706 attribute; classical elim/dest rules are now treated uniformly when
  3707 manipulating the claset.
  3708 
  3709 * Provers/classical: stricter checks to ensure that supplied intro,
  3710 dest and elim rules are well-formed; dest and elim rules must have at
  3711 least one premise.
  3712 
  3713 * Provers/classical: attributes dest/elim/intro take an optional
  3714 weight argument for the rule (just as the Pure versions).  Weights are
  3715 ignored by automated tools, but determine the search order of single
  3716 rule steps.
  3717 
  3718 * Syntax: input syntax now supports dummy variable binding "%_. b",
  3719 where the body does not mention the bound variable.  Note that dummy
  3720 patterns implicitly depend on their context of bounds, which makes
  3721 "{_. _}" match any set comprehension as expected.  Potential
  3722 INCOMPATIBILITY -- parse translations need to cope with syntactic
  3723 constant "_idtdummy" in the binding position.
  3724 
  3725 * Syntax: removed obsolete syntactic constant "_K" and its associated
  3726 parse translation.  INCOMPATIBILITY -- use dummy abstraction instead,
  3727 for example "A -> B" => "Pi A (%_. B)".
  3728 
  3729 * Pure: 'class_deps' command visualizes the subclass relation, using
  3730 the graph browser tool.
  3731 
  3732 * Pure: 'print_theory' now suppresses certain internal declarations by
  3733 default; use '!' option for full details.
  3734 
  3735 
  3736 *** HOL ***
  3737 
  3738 * Method "metis" proves goals by applying the Metis general-purpose
  3739 resolution prover (see also http://gilith.com/software/metis/).
  3740 Examples are in the directory MetisExamples.  WARNING: the
  3741 Isabelle/HOL-Metis integration does not yet work properly with
  3742 multi-threading.
  3743   
  3744 * Command 'sledgehammer' invokes external automatic theorem provers as
  3745 background processes.  It generates calls to the "metis" method if
  3746 successful. These can be pasted into the proof.  Users do not have to
  3747 wait for the automatic provers to return.  WARNING: does not really
  3748 work with multi-threading.
  3749 
  3750 * New "auto_quickcheck" feature tests outermost goal statements for
  3751 potential counter-examples.  Controlled by ML references
  3752 auto_quickcheck (default true) and auto_quickcheck_time_limit (default
  3753 5000 milliseconds).  Fails silently if statements is outside of
  3754 executable fragment, or any other codgenerator problem occurs.
  3755 
  3756 * New constant "undefined" with axiom "undefined x = undefined".
  3757 
  3758 * Added class "HOL.eq", allowing for code generation with polymorphic
  3759 equality.
  3760 
  3761 * Some renaming of class constants due to canonical name prefixing in
  3762 the new 'class' package:
  3763 
  3764     HOL.abs ~> HOL.abs_class.abs
  3765     HOL.divide ~> HOL.divide_class.divide
  3766     0 ~> HOL.zero_class.zero
  3767     1 ~> HOL.one_class.one
  3768     op + ~> HOL.plus_class.plus
  3769     op - ~> HOL.minus_class.minus
  3770     uminus ~> HOL.minus_class.uminus
  3771     op * ~> HOL.times_class.times
  3772     op < ~> HOL.ord_class.less
  3773     op <= > HOL.ord_class.less_eq
  3774     Nat.power ~> Power.power_class.power
  3775     Nat.size ~> Nat.size_class.size
  3776     Numeral.number_of ~> Numeral.number_class.number_of
  3777     FixedPoint.Inf ~> Lattices.complete_lattice_class.Inf
  3778     FixedPoint.Sup ~> Lattices.complete_lattice_class.Sup
  3779     Orderings.min ~> Orderings.ord_class.min
  3780     Orderings.max ~> Orderings.ord_class.max
  3781     Divides.op div ~> Divides.div_class.div
  3782     Divides.op mod ~> Divides.div_class.mod
  3783     Divides.op dvd ~> Divides.div_class.dvd
  3784 
  3785 INCOMPATIBILITY.  Adaptions may be required in the following cases:
  3786 
  3787 a) User-defined constants using any of the names "plus", "minus",
  3788 "times", "less" or "less_eq". The standard syntax translations for
  3789 "+", "-" and "*" may go wrong.  INCOMPATIBILITY: use more specific
  3790 names.
  3791 
  3792 b) Variables named "plus", "minus", "times", "less", "less_eq"
  3793 INCOMPATIBILITY: use more specific names.
  3794 
  3795 c) Permutative equations (e.g. "a + b = b + a")
  3796 Since the change of names also changes the order of terms, permutative
  3797 rewrite rules may get applied in a different order. Experience shows
  3798 that this is rarely the case (only two adaptions in the whole Isabelle
  3799 distribution).  INCOMPATIBILITY: rewrite proofs
  3800 
  3801 d) ML code directly refering to constant names
  3802 This in general only affects hand-written proof tactics, simprocs and
  3803 so on.  INCOMPATIBILITY: grep your sourcecode and replace names.
  3804 Consider using @{const_name} antiquotation.
  3805 
  3806 * New class "default" with associated constant "default".
  3807 
  3808 * Function "sgn" is now overloaded and available on int, real, complex
  3809 (and other numeric types), using class "sgn".  Two possible defs of
  3810 sgn are given as equational assumptions in the classes sgn_if and
  3811 sgn_div_norm; ordered_idom now also inherits from sgn_if.
  3812 INCOMPATIBILITY.
  3813 
  3814 * Locale "partial_order" now unified with class "order" (cf. theory
  3815 Orderings), added parameter "less".  INCOMPATIBILITY.
  3816 
  3817 * Renamings in classes "order" and "linorder": facts "refl", "trans" and
  3818 "cases" to "order_refl", "order_trans" and "linorder_cases", to avoid
  3819 clashes with HOL "refl" and "trans".  INCOMPATIBILITY.
  3820 
  3821 * Classes "order" and "linorder": potential INCOMPATIBILITY due to
  3822 changed order of proof goals in instance proofs.
  3823 
  3824 * The transitivity reasoner for partial and linear orders is set up
  3825 for classes "order" and "linorder".  Instances of the reasoner are available
  3826 in all contexts importing or interpreting the corresponding locales.
  3827 Method "order" invokes the reasoner separately; the reasoner
  3828 is also integrated with the Simplifier as a solver.  Diagnostic
  3829 command 'print_orders' shows the available instances of the reasoner
  3830 in the current context.
  3831 
  3832 * Localized monotonicity predicate in theory "Orderings"; integrated
  3833 lemmas max_of_mono and min_of_mono with this predicate.
  3834 INCOMPATIBILITY.
  3835 
  3836 * Formulation of theorem "dense" changed slightly due to integration
  3837 with new class dense_linear_order.
  3838 
  3839 * Uniform lattice theory development in HOL.
  3840 
  3841     constants "meet" and "join" now named "inf" and "sup"
  3842     constant "Meet" now named "Inf"
  3843 
  3844     classes "meet_semilorder" and "join_semilorder" now named
  3845       "lower_semilattice" and "upper_semilattice"
  3846     class "lorder" now named "lattice"
  3847     class "comp_lat" now named "complete_lattice"
  3848 
  3849     Instantiation of lattice classes allows explicit definitions
  3850     for "inf" and "sup" operations (or "Inf" and "Sup" for complete lattices).
  3851 
  3852   INCOMPATIBILITY.  Theorem renames:
  3853 
  3854     meet_left_le            ~> inf_le1
  3855     meet_right_le           ~> inf_le2
  3856     join_left_le            ~> sup_ge1
  3857     join_right_le           ~> sup_ge2
  3858     meet_join_le            ~> inf_sup_ord
  3859     le_meetI                ~> le_infI
  3860     join_leI                ~> le_supI
  3861     le_meet                 ~> le_inf_iff
  3862     le_join                 ~> ge_sup_conv
  3863     meet_idempotent         ~> inf_idem
  3864     join_idempotent         ~> sup_idem
  3865     meet_comm               ~> inf_commute
  3866     join_comm               ~> sup_commute
  3867     meet_leI1               ~> le_infI1
  3868     meet_leI2               ~> le_infI2
  3869     le_joinI1               ~> le_supI1
  3870     le_joinI2               ~> le_supI2
  3871     meet_assoc              ~> inf_assoc
  3872     join_assoc              ~> sup_assoc
  3873     meet_left_comm          ~> inf_left_commute
  3874     meet_left_idempotent    ~> inf_left_idem
  3875     join_left_comm          ~> sup_left_commute
  3876     join_left_idempotent    ~> sup_left_idem
  3877     meet_aci                ~> inf_aci
  3878     join_aci                ~> sup_aci
  3879     le_def_meet             ~> le_iff_inf
  3880     le_def_join             ~> le_iff_sup
  3881     join_absorp2            ~> sup_absorb2
  3882     join_absorp1            ~> sup_absorb1
  3883     meet_absorp1            ~> inf_absorb1
  3884     meet_absorp2            ~> inf_absorb2
  3885     meet_join_absorp        ~> inf_sup_absorb
  3886     join_meet_absorp        ~> sup_inf_absorb
  3887     distrib_join_le         ~> distrib_sup_le
  3888     distrib_meet_le         ~> distrib_inf_le
  3889 
  3890     add_meet_distrib_left   ~> add_inf_distrib_left
  3891     add_join_distrib_left   ~> add_sup_distrib_left
  3892     is_join_neg_meet        ~> is_join_neg_inf
  3893     is_meet_neg_join        ~> is_meet_neg_sup
  3894     add_meet_distrib_right  ~> add_inf_distrib_right
  3895     add_join_distrib_right  ~> add_sup_distrib_right
  3896     add_meet_join_distribs  ~> add_sup_inf_distribs
  3897     join_eq_neg_meet        ~> sup_eq_neg_inf
  3898     meet_eq_neg_join        ~> inf_eq_neg_sup
  3899     add_eq_meet_join        ~> add_eq_inf_sup
  3900     meet_0_imp_0            ~> inf_0_imp_0
  3901     join_0_imp_0            ~> sup_0_imp_0
  3902     meet_0_eq_0             ~> inf_0_eq_0
  3903     join_0_eq_0             ~> sup_0_eq_0
  3904     neg_meet_eq_join        ~> neg_inf_eq_sup
  3905     neg_join_eq_meet        ~> neg_sup_eq_inf
  3906     join_eq_if              ~> sup_eq_if
  3907 
  3908     mono_meet               ~> mono_inf
  3909     mono_join               ~> mono_sup
  3910     meet_bool_eq            ~> inf_bool_eq
  3911     join_bool_eq            ~> sup_bool_eq
  3912     meet_fun_eq             ~> inf_fun_eq
  3913     join_fun_eq             ~> sup_fun_eq
  3914     meet_set_eq             ~> inf_set_eq
  3915     join_set_eq             ~> sup_set_eq
  3916     meet1_iff               ~> inf1_iff
  3917     meet2_iff               ~> inf2_iff
  3918     meet1I                  ~> inf1I
  3919     meet2I                  ~> inf2I
  3920     meet1D1                 ~> inf1D1
  3921     meet2D1                 ~> inf2D1
  3922     meet1D2                 ~> inf1D2
  3923     meet2D2                 ~> inf2D2
  3924     meet1E                  ~> inf1E
  3925     meet2E                  ~> inf2E
  3926     join1_iff               ~> sup1_iff
  3927     join2_iff               ~> sup2_iff
  3928     join1I1                 ~> sup1I1
  3929     join2I1                 ~> sup2I1
  3930     join1I1                 ~> sup1I1
  3931     join2I2                 ~> sup1I2
  3932     join1CI                 ~> sup1CI
  3933     join2CI                 ~> sup2CI
  3934     join1E                  ~> sup1E
  3935     join2E                  ~> sup2E
  3936 
  3937     is_meet_Meet            ~> is_meet_Inf
  3938     Meet_bool_def           ~> Inf_bool_def
  3939     Meet_fun_def            ~> Inf_fun_def
  3940     Meet_greatest           ~> Inf_greatest
  3941     Meet_lower              ~> Inf_lower
  3942     Meet_set_def            ~> Inf_set_def
  3943 
  3944     Sup_def                 ~> Sup_Inf
  3945     Sup_bool_eq             ~> Sup_bool_def
  3946     Sup_fun_eq              ~> Sup_fun_def
  3947     Sup_set_eq              ~> Sup_set_def
  3948 
  3949     listsp_meetI            ~> listsp_infI
  3950     listsp_meet_eq          ~> listsp_inf_eq
  3951 
  3952     meet_min                ~> inf_min
  3953     join_max                ~> sup_max
  3954 
  3955 * Added syntactic class "size"; overloaded constant "size" now has
  3956 type "'a::size ==> bool"
  3957 
  3958 * Internal reorganisation of `size' of datatypes: size theorems
  3959 "foo.size" are no longer subsumed by "foo.simps" (but are still
  3960 simplification rules by default!); theorems "prod.size" now named
  3961 "*.size".
  3962 
  3963 * Class "div" now inherits from class "times" rather than "type".
  3964 INCOMPATIBILITY.
  3965 
  3966 * HOL/Finite_Set: "name-space" locales Lattice, Distrib_lattice,
  3967 Linorder etc.  have disappeared; operations defined in terms of
  3968 fold_set now are named Inf_fin, Sup_fin.  INCOMPATIBILITY.
  3969 
  3970 * HOL/Nat: neq0_conv no longer declared as iff.  INCOMPATIBILITY.
  3971 
  3972 * HOL-Word: New extensive library and type for generic, fixed size
  3973 machine words, with arithemtic, bit-wise, shifting and rotating
  3974 operations, reflection into int, nat, and bool lists, automation for
  3975 linear arithmetic (by automatic reflection into nat or int), including
  3976 lemmas on overflow and monotonicity.  Instantiated to all appropriate
  3977 arithmetic type classes, supporting automatic simplification of
  3978 numerals on all operations.
  3979 
  3980 * Library/Boolean_Algebra: locales for abstract boolean algebras.
  3981 
  3982 * Library/Numeral_Type: numbers as types, e.g. TYPE(32).
  3983 
  3984 * Code generator library theories:
  3985   - Code_Integer represents HOL integers by big integer literals in target
  3986     languages.
  3987   - Code_Char represents HOL characters by character literals in target
  3988     languages.
  3989   - Code_Char_chr like Code_Char, but also offers treatment of character
  3990     codes; includes Code_Integer.
  3991   - Executable_Set allows to generate code for finite sets using lists.
  3992   - Executable_Rat implements rational numbers as triples (sign, enumerator,
  3993     denominator).
  3994   - Executable_Real implements a subset of real numbers, namly those
  3995     representable by rational numbers.
  3996   - Efficient_Nat implements natural numbers by integers, which in general will
  3997     result in higher efficency; pattern matching with 0/Suc is eliminated;
  3998     includes Code_Integer.
  3999   - Code_Index provides an additional datatype index which is mapped to
  4000     target-language built-in integers.
  4001   - Code_Message provides an additional datatype message_string which is isomorphic to
  4002     strings; messages are mapped to target-language strings.
  4003 
  4004 * New package for inductive predicates
  4005 
  4006   An n-ary predicate p with m parameters z_1, ..., z_m can now be defined via
  4007 
  4008     inductive
  4009       p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool"
  4010       for z_1 :: U_1 and ... and z_n :: U_m
  4011     where
  4012       rule_1: "... ==> p z_1 ... z_m t_1_1 ... t_1_n"
  4013     | ...
  4014 
  4015   with full support for type-inference, rather than
  4016 
  4017     consts s :: "U_1 => ... => U_m => (T_1 * ... * T_n) set"
  4018 
  4019     abbreviation p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool"
  4020     where "p z_1 ... z_m x_1 ... x_n == (x_1, ..., x_n) : s z_1 ... z_m"
  4021 
  4022     inductive "s z_1 ... z_m"
  4023     intros
  4024       rule_1: "... ==> (t_1_1, ..., t_1_n) : s z_1 ... z_m"
  4025       ...
  4026 
  4027   For backward compatibility, there is a wrapper allowing inductive
  4028   sets to be defined with the new package via
  4029 
  4030     inductive_set
  4031       s :: "U_1 => ... => U_m => (T_1 * ... * T_n) set"
  4032       for z_1 :: U_1 and ... and z_n :: U_m
  4033     where
  4034       rule_1: "... ==> (t_1_1, ..., t_1_n) : s z_1 ... z_m"
  4035     | ...
  4036 
  4037   or
  4038 
  4039     inductive_set
  4040       s :: "U_1 => ... => U_m => (T_1 * ... * T_n) set"
  4041       and p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool"
  4042       for z_1 :: U_1 and ... and z_n :: U_m
  4043     where
  4044       "p z_1 ... z_m x_1 ... x_n == (x_1, ..., x_n) : s z_1 ... z_m"
  4045     | rule_1: "... ==> p z_1 ... z_m t_1_1 ... t_1_n"
  4046     | ...
  4047 
  4048   if the additional syntax "p ..." is required.
  4049 
  4050   Numerous examples can be found in the subdirectories src/HOL/Auth,
  4051   src/HOL/Bali, src/HOL/Induct, and src/HOL/MicroJava.
  4052 
  4053   INCOMPATIBILITIES:
  4054 
  4055   - Since declaration and definition of inductive sets or predicates
  4056     is no longer separated, abbreviations involving the newly
  4057     introduced sets or predicates must be specified together with the
  4058     introduction rules after the 'where' keyword (see above), rather
  4059     than before the actual inductive definition.
  4060 
  4061   - The variables in induction and elimination rules are now
  4062     quantified in the order of their occurrence in the introduction
  4063     rules, rather than in alphabetical order. Since this may break
  4064     some proofs, these proofs either have to be repaired, e.g. by
  4065     reordering the variables a_i_1 ... a_i_{k_i} in Isar 'case'
  4066     statements of the form
  4067 
  4068       case (rule_i a_i_1 ... a_i_{k_i})
  4069 
  4070     or the old order of quantification has to be restored by explicitly adding
  4071     meta-level quantifiers in the introduction rules, i.e.
  4072 
  4073       | rule_i: "!!a_i_1 ... a_i_{k_i}. ... ==> p z_1 ... z_m t_i_1 ... t_i_n"
  4074 
  4075   - The format of the elimination rules is now
  4076 
  4077       p z_1 ... z_m x_1 ... x_n ==>
  4078         (!!a_1_1 ... a_1_{k_1}. x_1 = t_1_1 ==> ... ==> x_n = t_1_n ==> ... ==> P)
  4079         ==> ... ==> P
  4080 
  4081     for predicates and
  4082 
  4083       (x_1, ..., x_n) : s z_1 ... z_m ==>
  4084         (!!a_1_1 ... a_1_{k_1}. x_1 = t_1_1 ==> ... ==> x_n = t_1_n ==> ... ==> P)
  4085         ==> ... ==> P
  4086 
  4087     for sets rather than
  4088 
  4089       x : s z_1 ... z_m ==>
  4090         (!!a_1_1 ... a_1_{k_1}. x = (t_1_1, ..., t_1_n) ==> ... ==> P)
  4091         ==> ... ==> P
  4092 
  4093     This may require terms in goals to be expanded to n-tuples
  4094     (e.g. using case_tac or simplification with the split_paired_all
  4095     rule) before the above elimination rule is applicable.
  4096 
  4097   - The elimination or case analysis rules for (mutually) inductive
  4098     sets or predicates are now called "p_1.cases" ... "p_k.cases". The
  4099     list of rules "p_1_..._p_k.elims" is no longer available.
  4100 
  4101 * New package "function"/"fun" for general recursive functions,
  4102 supporting mutual and nested recursion, definitions in local contexts,
  4103 more general pattern matching and partiality. See HOL/ex/Fundefs.thy
  4104 for small examples, and the separate tutorial on the function
  4105 package. The old recdef "package" is still available as before, but
  4106 users are encouraged to use the new package.
  4107 
  4108 * Method "lexicographic_order" automatically synthesizes termination
  4109 relations as lexicographic combinations of size measures. 
  4110 
  4111 * Case-expressions allow arbitrary constructor-patterns (including
  4112 "_") and take their order into account, like in functional
  4113 programming.  Internally, this is translated into nested
  4114 case-expressions; missing cases are added and mapped to the predefined
  4115 constant "undefined". In complicated cases printing may no longer show
  4116 the original input but the internal form. Lambda-abstractions allow
  4117 the same form of pattern matching: "% pat1 => e1 | ..." is an
  4118 abbreviation for "%x. case x of pat1 => e1 | ..." where x is a new
  4119 variable.
  4120 
  4121 * IntDef: The constant "int :: nat => int" has been removed; now "int"
  4122 is an abbreviation for "of_nat :: nat => int". The simplification
  4123 rules for "of_nat" have been changed to work like "int" did
  4124 previously.  Potential INCOMPATIBILITY:
  4125   - "of_nat (Suc m)" simplifies to "1 + of_nat m" instead of "of_nat m + 1"
  4126   - of_nat_diff and of_nat_mult are no longer default simp rules
  4127 
  4128 * Method "algebra" solves polynomial equations over (semi)rings using
  4129 Groebner bases. The (semi)ring structure is defined by locales and the
  4130 tool setup depends on that generic context. Installing the method for
  4131 a specific type involves instantiating the locale and possibly adding
  4132 declarations for computation on the coefficients.  The method is
  4133 already instantiated for natural numbers and for the axiomatic class
  4134 of idoms with numerals.  See also the paper by Chaieb and Wenzel at
  4135 CALCULEMUS 2007 for the general principles underlying this
  4136 architecture of context-aware proof-tools.
  4137 
  4138 * Method "ferrack" implements quantifier elimination over
  4139 special-purpose dense linear orders using locales (analogous to
  4140 "algebra"). The method is already installed for class
  4141 {ordered_field,recpower,number_ring} which subsumes real, hyperreal,
  4142 rat, etc.
  4143 
  4144 * Former constant "List.op @" now named "List.append".  Use ML
  4145 antiquotations @{const_name List.append} or @{term " ... @ ... "} to
  4146 circumvent possible incompatibilities when working on ML level.
  4147 
  4148 * primrec: missing cases mapped to "undefined" instead of "arbitrary".
  4149 
  4150 * New function listsum :: 'a list => 'a for arbitrary monoids.
  4151 Special syntax: "SUM x <- xs. f x" (and latex variants)
  4152 
  4153 * New syntax for Haskell-like list comprehension (input only), eg.
  4154 [(x,y). x <- xs, y <- ys, x ~= y], see also src/HOL/List.thy.
  4155 
  4156 * The special syntax for function "filter" has changed from [x :
  4157 xs. P] to [x <- xs. P] to avoid an ambiguity caused by list
  4158 comprehension syntax, and for uniformity.  INCOMPATIBILITY.
  4159 
  4160 * [a..b] is now defined for arbitrary linear orders.  It used to be
  4161 defined on nat only, as an abbreviation for [a..<Suc b]
  4162 INCOMPATIBILITY.
  4163 
  4164 * Renamed lemma "set_take_whileD"  to "set_takeWhileD".
  4165 
  4166 * New functions "sorted" and "sort" in src/HOL/List.thy.
  4167 
  4168 * New lemma collection field_simps (an extension of ring_simps) for
  4169 manipulating (in)equations involving division. Multiplies with all
  4170 denominators that can be proved to be non-zero (in equations) or
  4171 positive/negative (in inequations).
  4172 
  4173 * Lemma collections ring_eq_simps, group_eq_simps and ring_distrib
  4174 have been improved and renamed to ring_simps, group_simps and
  4175 ring_distribs.  Removed lemmas field_xyz in theory Ring_and_Field
  4176 because they were subsumed by lemmas xyz.  INCOMPATIBILITY.
  4177 
  4178 * Theory Library/Commutative_Ring: switched from recdef to function
  4179 package; constants add, mul, pow now curried.  Infix syntax for
  4180 algebraic operations.
  4181 
  4182 * Dropped redundant lemma def_imp_eq in favor of meta_eq_to_obj_eq.
  4183 INCOMPATIBILITY.
  4184 
  4185 * Dropped redundant lemma if_def2 in favor of if_bool_eq_conj.
  4186 INCOMPATIBILITY.
  4187 
  4188 * HOL/records: generalised field-update to take a function on the
  4189 field rather than the new value: r(|A := x|) is translated to A_update
  4190 (K x) r The K-combinator that is internally used is called K_record.
  4191 INCOMPATIBILITY: Usage of the plain update functions has to be
  4192 adapted.
  4193  
  4194 * Class "semiring_0" now contains annihilation axioms x * 0 = 0 and 0
  4195 * x = 0, which are required for a semiring.  Richer structures do not
  4196 inherit from semiring_0 anymore, because this property is a theorem
  4197 there, not an axiom.  INCOMPATIBILITY: In instances of semiring_0,
  4198 there is more to prove, but this is mostly trivial.
  4199 
  4200 * Class "recpower" is generalized to arbitrary monoids, not just
  4201 commutative semirings.  INCOMPATIBILITY: may need to incorporate
  4202 commutativity or semiring properties additionally.
  4203 
  4204 * Constant "List.list_all2" in List.thy now uses authentic syntax.
  4205 INCOMPATIBILITY: translations containing list_all2 may go wrong,
  4206 better use 'abbreviation'.
  4207 
  4208 * Renamed constant "List.op mem" to "List.member".  INCOMPATIBILITY.
  4209 
  4210 * Numeral syntax: type 'bin' which was a mere type copy of 'int' has
  4211 been abandoned in favour of plain 'int'.  INCOMPATIBILITY --
  4212 significant changes for setting up numeral syntax for types:
  4213   - New constants Numeral.pred and Numeral.succ instead
  4214       of former Numeral.bin_pred and Numeral.bin_succ.
  4215   - Use integer operations instead of bin_add, bin_mult and so on.
  4216   - Numeral simplification theorems named Numeral.numeral_simps instead of Bin_simps.
  4217   - ML structure Bin_Simprocs now named Int_Numeral_Base_Simprocs.
  4218 
  4219 See src/HOL/Integ/IntArith.thy for an example setup.
  4220 
  4221 * Command 'normal_form' computes the normal form of a term that may
  4222 contain free variables.  For example ``normal_form "rev [a, b, c]"''
  4223 produces ``[b, c, a]'' (without proof).  This command is suitable for
  4224 heavy-duty computations because the functions are compiled to ML
  4225 first.  Correspondingly, a method "normalization" is provided.  See
  4226 further src/HOL/ex/NormalForm.thy and src/Tools/nbe.ML.
  4227 
  4228 * Alternative iff syntax "A <-> B" for equality on bool (with priority
  4229 25 like -->); output depends on the "iff" print_mode, the default is
  4230 "A = B" (with priority 50).
  4231 
  4232 * Relations less (<) and less_eq (<=) are also available on type bool.
  4233 Modified syntax to disallow nesting without explicit parentheses,
  4234 e.g. "(x < y) < z" or "x < (y < z)", but NOT "x < y < z".  Potential
  4235 INCOMPATIBILITY.
  4236 
  4237 * "LEAST x:A. P" expands to "LEAST x. x:A & P" (input only).
  4238 
  4239 * Relation composition operator "op O" now has precedence 75 and binds
  4240 stronger than union and intersection. INCOMPATIBILITY.
  4241 
  4242 * The old set interval syntax "{m..n(}" (and relatives) has been
  4243 removed.  Use "{m..<n}" (and relatives) instead.
  4244 
  4245 * In the context of the assumption "~(s = t)" the Simplifier rewrites
  4246 "t = s" to False (by simproc "neq").  INCOMPATIBILITY, consider using
  4247 ``declare [[simproc del: neq]]''.
  4248 
  4249 * Simplifier: "m dvd n" where m and n are numbers is evaluated to
  4250 True/False.
  4251 
  4252 * Theorem Cons_eq_map_conv no longer declared as "simp".
  4253 
  4254 * Theorem setsum_mult renamed to setsum_right_distrib.
  4255 
  4256 * Prefer ex1I over ex_ex1I in single-step reasoning, e.g. by the
  4257 ``rule'' method.
  4258 
  4259 * Reimplemented methods "sat" and "satx", with several improvements:
  4260 goals no longer need to be stated as "<prems> ==> False", equivalences
  4261 (i.e. "=" on type bool) are handled, variable names of the form
  4262 "lit_<n>" are no longer reserved, significant speedup.
  4263 
  4264 * Methods "sat" and "satx" can now replay MiniSat proof traces.
  4265 zChaff is still supported as well.
  4266 
  4267 * 'inductive' and 'datatype': provide projections of mutual rules,
  4268 bundled as foo_bar.inducts;
  4269 
  4270 * Library: moved theories Parity, GCD, Binomial, Infinite_Set to
  4271 Library.
  4272 
  4273 * Library: moved theory Accessible_Part to main HOL.
  4274 
  4275 * Library: added theory Coinductive_List of potentially infinite lists
  4276 as greatest fixed-point.
  4277 
  4278 * Library: added theory AssocList which implements (finite) maps as
  4279 association lists.
  4280 
  4281 * Method "evaluation" solves goals (i.e. a boolean expression)
  4282 efficiently by compiling it to ML.  The goal is "proved" (via an
  4283 oracle) if it evaluates to True.
  4284 
  4285 * Linear arithmetic now splits certain operators (e.g. min, max, abs)
  4286 also when invoked by the simplifier.  This results in the Simplifier
  4287 being more powerful on arithmetic goals.  INCOMPATIBILITY.
  4288 Configuration option fast_arith_split_limit=0 recovers the old
  4289 behavior.
  4290 
  4291 * Support for hex (0x20) and binary (0b1001) numerals.
  4292 
  4293 * New method: reify eqs (t), where eqs are equations for an
  4294 interpretation I :: 'a list => 'b => 'c and t::'c is an optional
  4295 parameter, computes a term s::'b and a list xs::'a list and proves the
  4296 theorem I xs s = t. This is also known as reification or quoting. The
  4297 resulting theorem is applied to the subgoal to substitute t with I xs
  4298 s.  If t is omitted, the subgoal itself is reified.
  4299 
  4300 * New method: reflection corr_thm eqs (t). The parameters eqs and (t)
  4301 are as explained above. corr_thm is a theorem for I vs (f t) = I vs t,
  4302 where f is supposed to be a computable function (in the sense of code
  4303 generattion). The method uses reify to compute s and xs as above then
  4304 applies corr_thm and uses normalization by evaluation to "prove" f s =
  4305 r and finally gets the theorem t = r, which is again applied to the
  4306 subgoal. An Example is available in src/HOL/ex/ReflectionEx.thy.
  4307 
  4308 * Reflection: Automatic reification now handels binding, an example is
  4309 available in src/HOL/ex/ReflectionEx.thy
  4310 
  4311 * HOL-Statespace: ``State Spaces: The Locale Way'' introduces a
  4312 command 'statespace' that is similar to 'record', but introduces an
  4313 abstract specification based on the locale infrastructure instead of
  4314 HOL types.  This leads to extra flexibility in composing state spaces,
  4315 in particular multiple inheritance and renaming of components.
  4316 
  4317 
  4318 *** HOL-Complex ***
  4319 
  4320 * Hyperreal: Functions root and sqrt are now defined on negative real
  4321 inputs so that root n (- x) = - root n x and sqrt (- x) = - sqrt x.
  4322 Nonnegativity side conditions have been removed from many lemmas, so
  4323 that more subgoals may now be solved by simplification; potential
  4324 INCOMPATIBILITY.
  4325 
  4326 * Real: new type classes formalize real normed vector spaces and
  4327 algebras, using new overloaded constants scaleR :: real => 'a => 'a
  4328 and norm :: 'a => real.
  4329 
  4330 * Real: constant of_real :: real => 'a::real_algebra_1 injects from
  4331 reals into other types. The overloaded constant Reals :: 'a set is now
  4332 defined as range of_real; potential INCOMPATIBILITY.
  4333 
  4334 * Real: proper support for ML code generation, including 'quickcheck'.
  4335 Reals are implemented as arbitrary precision rationals.
  4336 
  4337 * Hyperreal: Several constants that previously worked only for the
  4338 reals have been generalized, so they now work over arbitrary vector
  4339 spaces. Type annotations may need to be added in some cases; potential
  4340 INCOMPATIBILITY.
  4341 
  4342   Infinitesimal  :: ('a::real_normed_vector) star set
  4343   HFinite        :: ('a::real_normed_vector) star set
  4344   HInfinite      :: ('a::real_normed_vector) star set
  4345   approx         :: ('a::real_normed_vector) star => 'a star => bool
  4346   monad          :: ('a::real_normed_vector) star => 'a star set
  4347   galaxy         :: ('a::real_normed_vector) star => 'a star set
  4348   (NS)LIMSEQ     :: [nat => 'a::real_normed_vector, 'a] => bool
  4349   (NS)convergent :: (nat => 'a::real_normed_vector) => bool
  4350   (NS)Bseq       :: (nat => 'a::real_normed_vector) => bool
  4351   (NS)Cauchy     :: (nat => 'a::real_normed_vector) => bool
  4352   (NS)LIM        :: ['a::real_normed_vector => 'b::real_normed_vector, 'a, 'b] => bool
  4353   is(NS)Cont     :: ['a::real_normed_vector => 'b::real_normed_vector, 'a] => bool
  4354   deriv          :: ['a::real_normed_field => 'a, 'a, 'a] => bool
  4355   sgn            :: 'a::real_normed_vector => 'a
  4356   exp            :: 'a::{recpower,real_normed_field,banach} => 'a
  4357 
  4358 * Complex: Some complex-specific constants are now abbreviations for
  4359 overloaded ones: complex_of_real = of_real, cmod = norm, hcmod =
  4360 hnorm.  Other constants have been entirely removed in favor of the
  4361 polymorphic versions (INCOMPATIBILITY):
  4362 
  4363   approx        <-- capprox
  4364   HFinite       <-- CFinite
  4365   HInfinite     <-- CInfinite
  4366   Infinitesimal <-- CInfinitesimal
  4367   monad         <-- cmonad
  4368   galaxy        <-- cgalaxy
  4369   (NS)LIM       <-- (NS)CLIM, (NS)CRLIM
  4370   is(NS)Cont    <-- is(NS)Contc, is(NS)contCR
  4371   (ns)deriv     <-- (ns)cderiv
  4372 
  4373 
  4374 *** HOL-Algebra ***
  4375 
  4376 * Formalisation of ideals and the quotient construction over rings.
  4377 
  4378 * Order and lattice theory no longer based on records.
  4379 INCOMPATIBILITY.
  4380 
  4381 * Renamed lemmas least_carrier -> least_closed and greatest_carrier ->
  4382 greatest_closed.  INCOMPATIBILITY.
  4383 
  4384 * Method algebra is now set up via an attribute.  For examples see
  4385 Ring.thy.  INCOMPATIBILITY: the method is now weaker on combinations
  4386 of algebraic structures.
  4387 
  4388 * Renamed theory CRing to Ring.
  4389 
  4390 
  4391 *** HOL-Nominal ***
  4392 
  4393 * Substantial, yet incomplete support for nominal datatypes (binding
  4394 structures) based on HOL-Nominal logic.  See src/HOL/Nominal and
  4395 src/HOL/Nominal/Examples.  Prospective users should consult
  4396 http://isabelle.in.tum.de/nominal/
  4397 
  4398 
  4399 *** ML ***
  4400 
  4401 * ML basics: just one true type int, which coincides with IntInf.int
  4402 (even on SML/NJ).
  4403 
  4404 * ML within Isar: antiquotations allow to embed statically-checked
  4405 formal entities in the source, referring to the context available at
  4406 compile-time.  For example:
  4407 
  4408 ML {* @{sort "{zero,one}"} *}
  4409 ML {* @{typ "'a => 'b"} *}
  4410 ML {* @{term "%x. x"} *}
  4411 ML {* @{prop "x == y"} *}
  4412 ML {* @{ctyp "'a => 'b"} *}
  4413 ML {* @{cterm "%x. x"} *}
  4414 ML {* @{cprop "x == y"} *}
  4415 ML {* @{thm asm_rl} *}
  4416 ML {* @{thms asm_rl} *}
  4417 ML {* @{type_name c} *}
  4418 ML {* @{type_syntax c} *}
  4419 ML {* @{const_name c} *}
  4420 ML {* @{const_syntax c} *}
  4421 ML {* @{context} *}
  4422 ML {* @{theory} *}
  4423 ML {* @{theory Pure} *}
  4424 ML {* @{theory_ref} *}
  4425 ML {* @{theory_ref Pure} *}
  4426 ML {* @{simpset} *}
  4427 ML {* @{claset} *}
  4428 ML {* @{clasimpset} *}
  4429 
  4430 The same works for sources being ``used'' within an Isar context.
  4431 
  4432 * ML in Isar: improved error reporting; extra verbosity with
  4433 ML_Context.trace enabled.
  4434 
  4435 * Pure/General/table.ML: the join operations now works via exceptions
  4436 DUP/SAME instead of type option. This is simpler in simple cases, and
  4437 admits slightly more efficient complex applications.
  4438 
  4439 * Pure: 'advanced' translation functions (parse_translation etc.) now
  4440 use Context.generic instead of just theory.
  4441 
  4442 * Pure: datatype Context.generic joins theory/Proof.context and
  4443 provides some facilities for code that works in either kind of
  4444 context, notably GenericDataFun for uniform theory and proof data.
  4445 
  4446 * Pure: simplified internal attribute type, which is now always
  4447 Context.generic * thm -> Context.generic * thm. Global (theory) vs.
  4448 local (Proof.context) attributes have been discontinued, while
  4449 minimizing code duplication. Thm.rule_attribute and
  4450 Thm.declaration_attribute build canonical attributes; see also structure
  4451 Context for further operations on Context.generic, notably
  4452 GenericDataFun. INCOMPATIBILITY, need to adapt attribute type
  4453 declarations and definitions.
  4454 
  4455 * Context data interfaces (Theory/Proof/GenericDataFun): removed
  4456 name/print, uninitialized data defaults to ad-hoc copy of empty value,
  4457 init only required for impure data. INCOMPATIBILITY: empty really need
  4458 to be empty (no dependencies on theory content!)
  4459 
  4460 * Pure/kernel: consts certification ignores sort constraints given in
  4461 signature declarations. (This information is not relevant to the
  4462 logic, but only for type inference.) SIGNIFICANT INTERNAL CHANGE,
  4463 potential INCOMPATIBILITY.
  4464 
  4465 * Pure: axiomatic type classes are now purely definitional, with
  4466 explicit proofs of class axioms and super class relations performed
  4467 internally. See Pure/axclass.ML for the main internal interfaces --
  4468 notably AxClass.define_class supercedes AxClass.add_axclass, and
  4469 AxClass.axiomatize_class/classrel/arity supersede
  4470 Sign.add_classes/classrel/arities.
  4471 
  4472 * Pure/Isar: Args/Attrib parsers operate on Context.generic --
  4473 global/local versions on theory vs. Proof.context have been
  4474 discontinued; Attrib.syntax and Method.syntax have been adapted
  4475 accordingly.  INCOMPATIBILITY, need to adapt parser expressions for
  4476 attributes, methods, etc.
  4477 
  4478 * Pure: several functions of signature "... -> theory -> theory * ..."
  4479 have been reoriented to "... -> theory -> ... * theory" in order to
  4480 allow natural usage in combination with the ||>, ||>>, |-> and
  4481 fold_map combinators.
  4482 
  4483 * Pure: official theorem names (closed derivations) and additional
  4484 comments (tags) are now strictly separate.  Name hints -- which are
  4485 maintained as tags -- may be attached any time without affecting the
  4486 derivation.
  4487 
  4488 * Pure: primitive rule lift_rule now takes goal cterm instead of an
  4489 actual goal state (thm).  Use Thm.lift_rule (Thm.cprem_of st i) to
  4490 achieve the old behaviour.
  4491 
  4492 * Pure: the "Goal" constant is now called "prop", supporting a
  4493 slightly more general idea of ``protecting'' meta-level rule
  4494 statements.
  4495 
  4496 * Pure: Logic.(un)varify only works in a global context, which is now
  4497 enforced instead of silently assumed.  INCOMPATIBILITY, may use
  4498 Logic.legacy_(un)varify as temporary workaround.
  4499 
  4500 * Pure: structure Name provides scalable operations for generating
  4501 internal variable names, notably Name.variants etc.  This replaces
  4502 some popular functions from term.ML:
  4503 
  4504   Term.variant		->  Name.variant
  4505   Term.variantlist	->  Name.variant_list
  4506   Term.invent_names	->  Name.invent_list
  4507 
  4508 Note that low-level renaming rarely occurs in new code -- operations
  4509 from structure Variable are used instead (see below).
  4510 
  4511 * Pure: structure Variable provides fundamental operations for proper
  4512 treatment of fixed/schematic variables in a context.  For example,
  4513 Variable.import introduces fixes for schematics of given facts and
  4514 Variable.export reverses the effect (up to renaming) -- this replaces
  4515 various freeze_thaw operations.
  4516 
  4517 * Pure: structure Goal provides simple interfaces for
  4518 init/conclude/finish and tactical prove operations (replacing former
  4519 Tactic.prove).  Goal.prove is the canonical way to prove results
  4520 within a given context; Goal.prove_global is a degraded version for
  4521 theory level goals, including a global Drule.standard.  Note that
  4522 OldGoals.prove_goalw_cterm has long been obsolete, since it is
  4523 ill-behaved in a local proof context (e.g. with local fixes/assumes or
  4524 in a locale context).
  4525 
  4526 * Pure/Syntax: generic interfaces for parsing (Syntax.parse_term etc.)
  4527 and type checking (Syntax.check_term etc.), with common combinations
  4528 (Syntax.read_term etc.). These supersede former Sign.read_term etc.
  4529 which are considered legacy and await removal.
  4530 
  4531 * Pure/Syntax: generic interfaces for type unchecking
  4532 (Syntax.uncheck_terms etc.) and unparsing (Syntax.unparse_term etc.),
  4533 with common combinations (Syntax.pretty_term, Syntax.string_of_term
  4534 etc.).  Former Sign.pretty_term, Sign.string_of_term etc. are still
  4535 available for convenience, but refer to the very same operations using
  4536 a mere theory instead of a full context.
  4537 
  4538 * Isar: simplified treatment of user-level errors, using exception
  4539 ERROR of string uniformly.  Function error now merely raises ERROR,
  4540 without any side effect on output channels.  The Isar toplevel takes
  4541 care of proper display of ERROR exceptions.  ML code may use plain
  4542 handle/can/try; cat_error may be used to concatenate errors like this:
  4543 
  4544   ... handle ERROR msg => cat_error msg "..."
  4545 
  4546 Toplevel ML code (run directly or through the Isar toplevel) may be
  4547 embedded into the Isar toplevel with exception display/debug like
  4548 this:
  4549 
  4550   Isar.toplevel (fn () => ...)
  4551 
  4552 INCOMPATIBILITY, removed special transform_error facilities, removed
  4553 obsolete variants of user-level exceptions (ERROR_MESSAGE,
  4554 Context.PROOF, ProofContext.CONTEXT, Proof.STATE, ProofHistory.FAIL)
  4555 -- use plain ERROR instead.
  4556 
  4557 * Isar: theory setup now has type (theory -> theory), instead of a
  4558 list.  INCOMPATIBILITY, may use #> to compose setup functions.
  4559 
  4560 * Isar: ML toplevel pretty printer for type Proof.context, subject to
  4561 ProofContext.debug/verbose flags.
  4562 
  4563 * Isar: Toplevel.theory_to_proof admits transactions that modify the
  4564 theory before entering a proof state.  Transactions now always see a
  4565 quasi-functional intermediate checkpoint, both in interactive and
  4566 batch mode.
  4567 
  4568 * Isar: simplified interfaces for outer syntax.  Renamed
  4569 OuterSyntax.add_keywords to OuterSyntax.keywords.  Removed
  4570 OuterSyntax.add_parsers -- this functionality is now included in
  4571 OuterSyntax.command etc.  INCOMPATIBILITY.
  4572 
  4573 * Simplifier: the simpset of a running simplification process now
  4574 contains a proof context (cf. Simplifier.the_context), which is the
  4575 very context that the initial simpset has been retrieved from (by
  4576 simpset_of/local_simpset_of).  Consequently, all plug-in components
  4577 (solver, looper etc.) may depend on arbitrary proof data.
  4578 
  4579 * Simplifier.inherit_context inherits the proof context (plus the
  4580 local bounds) of the current simplification process; any simproc
  4581 etc. that calls the Simplifier recursively should do this!  Removed
  4582 former Simplifier.inherit_bounds, which is already included here --
  4583 INCOMPATIBILITY.  Tools based on low-level rewriting may even have to
  4584 specify an explicit context using Simplifier.context/theory_context.
  4585 
  4586 * Simplifier/Classical Reasoner: more abstract interfaces
  4587 change_simpset/claset for modifying the simpset/claset reference of a
  4588 theory; raw versions simpset/claset_ref etc. have been discontinued --
  4589 INCOMPATIBILITY.
  4590 
  4591 * Provers: more generic wrt. syntax of object-logics, avoid hardwired
  4592 "Trueprop" etc.
  4593 
  4594 
  4595 *** System ***
  4596 
  4597 * settings: the default heap location within ISABELLE_HOME_USER now
  4598 includes ISABELLE_IDENTIFIER.  This simplifies use of multiple
  4599 Isabelle installations.
  4600 
  4601 * isabelle-process: option -S (secure mode) disables some critical
  4602 operations, notably runtime compilation and evaluation of ML source
  4603 code.
  4604 
  4605 * Basic Isabelle mode for jEdit, see Isabelle/lib/jedit/.
  4606 
  4607 * Support for parallel execution, using native multicore support of
  4608 Poly/ML 5.1.  The theory loader exploits parallelism when processing
  4609 independent theories, according to the given theory header
  4610 specifications. The maximum number of worker threads is specified via
  4611 usedir option -M or the "max-threads" setting in Proof General. A
  4612 speedup factor of 1.5--3.5 can be expected on a 4-core machine, and up
  4613 to 6 on a 8-core machine.  User-code needs to observe certain
  4614 guidelines for thread-safe programming, see appendix A in the Isar
  4615 Implementation manual.
  4616 
  4617 
  4618 
  4619 New in Isabelle2005 (October 2005)
  4620 ----------------------------------
  4621 
  4622 *** General ***
  4623 
  4624 * Theory headers: the new header syntax for Isar theories is
  4625 
  4626   theory <name>
  4627   imports <theory1> ... <theoryN>
  4628   uses <file1> ... <fileM>
  4629   begin
  4630 
  4631 where the 'uses' part is optional.  The previous syntax
  4632 
  4633   theory <name> = <theory1> + ... + <theoryN>:
  4634 
  4635 will disappear in the next release.  Use isatool fixheaders to convert
  4636 existing theory files.  Note that there is no change in ancient
  4637 non-Isar theories now, but these will disappear soon.
  4638 
  4639 * Theory loader: parent theories can now also be referred to via
  4640 relative and absolute paths.
  4641 
  4642 * Command 'find_theorems' searches for a list of criteria instead of a
  4643 list of constants. Known criteria are: intro, elim, dest, name:string,
  4644 simp:term, and any term. Criteria can be preceded by '-' to select
  4645 theorems that do not match. Intro, elim, dest select theorems that
  4646 match the current goal, name:s selects theorems whose fully qualified
  4647 name contain s, and simp:term selects all simplification rules whose
  4648 lhs match term.  Any other term is interpreted as pattern and selects
  4649 all theorems matching the pattern. Available in ProofGeneral under
  4650 'ProofGeneral -> Find Theorems' or C-c C-f.  Example:
  4651 
  4652   C-c C-f (100) "(_::nat) + _ + _" intro -name: "HOL."
  4653 
  4654 prints the last 100 theorems matching the pattern "(_::nat) + _ + _",
  4655 matching the current goal as introduction rule and not having "HOL."
  4656 in their name (i.e. not being defined in theory HOL).
  4657 
  4658 * Command 'thms_containing' has been discontinued in favour of
  4659 'find_theorems'; INCOMPATIBILITY.
  4660 
  4661 * Communication with Proof General is now 8bit clean, which means that
  4662 Unicode text in UTF-8 encoding may be used within theory texts (both
  4663 formal and informal parts).  Cf. option -U of the Isabelle Proof
  4664 General interface.  Here are some simple examples (cf. src/HOL/ex):
  4665 
  4666   http://isabelle.in.tum.de/library/HOL/ex/Hebrew.html
  4667   http://isabelle.in.tum.de/library/HOL/ex/Chinese.html
  4668 
  4669 * Improved efficiency of the Simplifier and, to a lesser degree, the
  4670 Classical Reasoner.  Typical big applications run around 2 times
  4671 faster.
  4672 
  4673 
  4674 *** Document preparation ***
  4675 
  4676 * Commands 'display_drafts' and 'print_drafts' perform simple output
  4677 of raw sources.  Only those symbols that do not require additional
  4678 LaTeX packages (depending on comments in isabellesym.sty) are
  4679 displayed properly, everything else is left verbatim.  isatool display
  4680 and isatool print are used as front ends (these are subject to the
  4681 DVI/PDF_VIEWER and PRINT_COMMAND settings, respectively).
  4682 
  4683 * Command tags control specific markup of certain regions of text,
  4684 notably folding and hiding.  Predefined tags include "theory" (for
  4685 theory begin and end), "proof" for proof commands, and "ML" for
  4686 commands involving ML code; the additional tags "visible" and
  4687 "invisible" are unused by default.  Users may give explicit tag
  4688 specifications in the text, e.g. ''by %invisible (auto)''.  The
  4689 interpretation of tags is determined by the LaTeX job during document
  4690 preparation: see option -V of isatool usedir, or options -n and -t of
  4691 isatool document, or even the LaTeX macros \isakeeptag, \isafoldtag,
  4692 \isadroptag.
  4693 
  4694 Several document versions may be produced at the same time via isatool
  4695 usedir (the generated index.html will link all of them).  Typical
  4696 specifications include ''-V document=theory,proof,ML'' to present
  4697 theory/proof/ML parts faithfully, ''-V outline=/proof,/ML'' to fold
  4698 proof and ML commands, and ''-V mutilated=-theory,-proof,-ML'' to omit
  4699 these parts without any formal replacement text.  The Isabelle site
  4700 default settings produce ''document'' and ''outline'' versions as
  4701 specified above.
  4702 
  4703 * Several new antiquotations:
  4704 
  4705   @{term_type term} prints a term with its type annotated;
  4706 
  4707   @{typeof term} prints the type of a term;
  4708 
  4709   @{const const} is the same as @{term const}, but checks that the
  4710   argument is a known logical constant;
  4711 
  4712   @{term_style style term} and @{thm_style style thm} print a term or
  4713   theorem applying a "style" to it
  4714 
  4715   @{ML text}
  4716 
  4717 Predefined styles are 'lhs' and 'rhs' printing the lhs/rhs of
  4718 definitions, equations, inequations etc., 'concl' printing only the
  4719 conclusion of a meta-logical statement theorem, and 'prem1' .. 'prem19'
  4720 to print the specified premise.  TermStyle.add_style provides an ML
  4721 interface for introducing further styles.  See also the "LaTeX Sugar"
  4722 document practical applications.  The ML antiquotation prints
  4723 type-checked ML expressions verbatim.
  4724 
  4725 * Markup commands 'chapter', 'section', 'subsection', 'subsubsection',
  4726 and 'text' support optional locale specification '(in loc)', which
  4727 specifies the default context for interpreting antiquotations.  For
  4728 example: 'text (in lattice) {* @{thm inf_assoc}*}'.
  4729 
  4730 * Option 'locale=NAME' of antiquotations specifies an alternative
  4731 context interpreting the subsequent argument.  For example: @{thm
  4732 [locale=lattice] inf_assoc}.
  4733 
  4734 * Proper output of proof terms (@{prf ...} and @{full_prf ...}) within
  4735 a proof context.
  4736 
  4737 * Proper output of antiquotations for theory commands involving a
  4738 proof context (such as 'locale' or 'theorem (in loc) ...').
  4739 
  4740 * Delimiters of outer tokens (string etc.) now produce separate LaTeX
  4741 macros (\isachardoublequoteopen, isachardoublequoteclose etc.).
  4742 
  4743 * isatool usedir: new option -C (default true) controls whether option
  4744 -D should include a copy of the original document directory; -C false
  4745 prevents unwanted effects such as copying of administrative CVS data.
  4746 
  4747 
  4748 *** Pure ***
  4749 
  4750 * Considerably improved version of 'constdefs' command.  Now performs
  4751 automatic type-inference of declared constants; additional support for
  4752 local structure declarations (cf. locales and HOL records), see also
  4753 isar-ref manual.  Potential INCOMPATIBILITY: need to observe strictly
  4754 sequential dependencies of definitions within a single 'constdefs'
  4755 section; moreover, the declared name needs to be an identifier.  If
  4756 all fails, consider to fall back on 'consts' and 'defs' separately.
  4757 
  4758 * Improved indexed syntax and implicit structures.  First of all,
  4759 indexed syntax provides a notational device for subscripted
  4760 application, using the new syntax \<^bsub>term\<^esub> for arbitrary
  4761 expressions.  Secondly, in a local context with structure
  4762 declarations, number indexes \<^sub>n or the empty index (default
  4763 number 1) refer to a certain fixed variable implicitly; option
  4764 show_structs controls printing of implicit structures.  Typical
  4765 applications of these concepts involve record types and locales.
  4766 
  4767 * New command 'no_syntax' removes grammar declarations (and
  4768 translations) resulting from the given syntax specification, which is
  4769 interpreted in the same manner as for the 'syntax' command.
  4770 
  4771 * 'Advanced' translation functions (parse_translation etc.) may depend
  4772 on the signature of the theory context being presently used for
  4773 parsing/printing, see also isar-ref manual.
  4774 
  4775 * Improved 'oracle' command provides a type-safe interface to turn an
  4776 ML expression of type theory -> T -> term into a primitive rule of
  4777 type theory -> T -> thm (i.e. the functionality of Thm.invoke_oracle
  4778 is already included here); see also FOL/ex/IffExample.thy;
  4779 INCOMPATIBILITY.
  4780 
  4781 * axclass: name space prefix for class "c" is now "c_class" (was "c"
  4782 before); "cI" is no longer bound, use "c.intro" instead.
  4783 INCOMPATIBILITY.  This change avoids clashes of fact bindings for
  4784 axclasses vs. locales.
  4785 
  4786 * Improved internal renaming of symbolic identifiers -- attach primes
  4787 instead of base 26 numbers.
  4788 
  4789 * New flag show_question_marks controls printing of leading question
  4790 marks in schematic variable names.
  4791 
  4792 * In schematic variable names, *any* symbol following \<^isub> or
  4793 \<^isup> is now treated as part of the base name.  For example, the
  4794 following works without printing of awkward ".0" indexes:
  4795 
  4796   lemma "x\<^isub>1 = x\<^isub>2 ==> x\<^isub>2 = x\<^isub>1"
  4797     by simp
  4798 
  4799 * Inner syntax includes (*(*nested*) comments*).
  4800 
  4801 * Pretty printer now supports unbreakable blocks, specified in mixfix
  4802 annotations as "(00...)".
  4803 
  4804 * Clear separation of logical types and nonterminals, where the latter
  4805 may only occur in 'syntax' specifications or type abbreviations.
  4806 Before that distinction was only partially implemented via type class
  4807 "logic" vs. "{}".  Potential INCOMPATIBILITY in rare cases of improper
  4808 use of 'types'/'consts' instead of 'nonterminals'/'syntax'.  Some very
  4809 exotic syntax specifications may require further adaption
  4810 (e.g. Cube/Cube.thy).
  4811 
  4812 * Removed obsolete type class "logic", use the top sort {} instead.
  4813 Note that non-logical types should be declared as 'nonterminals'
  4814 rather than 'types'.  INCOMPATIBILITY for new object-logic
  4815 specifications.
  4816 
  4817 * Attributes 'induct' and 'cases': type or set names may now be
  4818 locally fixed variables as well.
  4819 
  4820 * Simplifier: can now control the depth to which conditional rewriting
  4821 is traced via the PG menu Isabelle -> Settings -> Trace Simp Depth
  4822 Limit.
  4823 
  4824 * Simplifier: simplification procedures may now take the current
  4825 simpset into account (cf. Simplifier.simproc(_i) / mk_simproc
  4826 interface), which is very useful for calling the Simplifier
  4827 recursively.  Minor INCOMPATIBILITY: the 'prems' argument of simprocs
  4828 is gone -- use prems_of_ss on the simpset instead.  Moreover, the
  4829 low-level mk_simproc no longer applies Logic.varify internally, to
  4830 allow for use in a context of fixed variables.
  4831 
  4832 * thin_tac now works even if the assumption being deleted contains !!
  4833 or ==>.  More generally, erule now works even if the major premise of
  4834 the elimination rule contains !! or ==>.
  4835 
  4836 * Method 'rules' has been renamed to 'iprover'. INCOMPATIBILITY.
  4837 
  4838 * Reorganized bootstrapping of the Pure theories; CPure is now derived
  4839 from Pure, which contains all common declarations already.  Both
  4840 theories are defined via plain Isabelle/Isar .thy files.
  4841 INCOMPATIBILITY: elements of CPure (such as the CPure.intro /
  4842 CPure.elim / CPure.dest attributes) now appear in the Pure name space;
  4843 use isatool fixcpure to adapt your theory and ML sources.
  4844 
  4845 * New syntax 'name(i-j, i-, i, ...)' for referring to specific
  4846 selections of theorems in named facts via index ranges.
  4847 
  4848 * 'print_theorems': in theory mode, really print the difference
  4849 wrt. the last state (works for interactive theory development only),
  4850 in proof mode print all local facts (cf. 'print_facts');
  4851 
  4852 * 'hide': option '(open)' hides only base names.
  4853 
  4854 * More efficient treatment of intermediate checkpoints in interactive
  4855 theory development.
  4856 
  4857 * Code generator is now invoked via code_module (incremental code
  4858 generation) and code_library (modular code generation, ML structures
  4859 for each theory).  INCOMPATIBILITY: new keywords 'file' and 'contains'
  4860 must be quoted when used as identifiers.
  4861 
  4862 * New 'value' command for reading, evaluating and printing terms using
  4863 the code generator.  INCOMPATIBILITY: command keyword 'value' must be
  4864 quoted when used as identifier.
  4865 
  4866 
  4867 *** Locales ***
  4868 
  4869 * New commands for the interpretation of locale expressions in
  4870 theories (1), locales (2) and proof contexts (3).  These generate
  4871 proof obligations from the expression specification.  After the
  4872 obligations have been discharged, theorems of the expression are added
  4873 to the theory, target locale or proof context.  The synopsis of the
  4874 commands is a follows:
  4875 
  4876   (1) interpretation expr inst
  4877   (2) interpretation target < expr
  4878   (3) interpret expr inst
  4879 
  4880 Interpretation in theories and proof contexts require a parameter
  4881 instantiation of terms from the current context.  This is applied to
  4882 specifications and theorems of the interpreted expression.
  4883 Interpretation in locales only permits parameter renaming through the
  4884 locale expression.  Interpretation is smart in that interpretations
  4885 that are active already do not occur in proof obligations, neither are
  4886 instantiated theorems stored in duplicate.  Use 'print_interps' to
  4887 inspect active interpretations of a particular locale.  For details,
  4888 see the Isar Reference manual.  Examples can be found in
  4889 HOL/Finite_Set.thy and HOL/Algebra/UnivPoly.thy.
  4890 
  4891 INCOMPATIBILITY: former 'instantiate' has been withdrawn, use
  4892 'interpret' instead.
  4893 
  4894 * New context element 'constrains' for adding type constraints to
  4895 parameters.
  4896 
  4897 * Context expressions: renaming of parameters with syntax
  4898 redeclaration.
  4899 
  4900 * Locale declaration: 'includes' disallowed.
  4901 
  4902 * Proper static binding of attribute syntax -- i.e. types / terms /
  4903 facts mentioned as arguments are always those of the locale definition
  4904 context, independently of the context of later invocations.  Moreover,
  4905 locale operations (renaming and type / term instantiation) are applied
  4906 to attribute arguments as expected.
  4907 
  4908 INCOMPATIBILITY of the ML interface: always pass Attrib.src instead of
  4909 actual attributes; rare situations may require Attrib.attribute to
  4910 embed those attributes into Attrib.src that lack concrete syntax.
  4911 Attribute implementations need to cooperate properly with the static
  4912 binding mechanism.  Basic parsers Args.XXX_typ/term/prop and
  4913 Attrib.XXX_thm etc. already do the right thing without further
  4914 intervention.  Only unusual applications -- such as "where" or "of"
  4915 (cf. src/Pure/Isar/attrib.ML), which process arguments depending both
  4916 on the context and the facts involved -- may have to assign parsed
  4917 values to argument tokens explicitly.
  4918 
  4919 * Changed parameter management in theorem generation for long goal
  4920 statements with 'includes'.  INCOMPATIBILITY: produces a different
  4921 theorem statement in rare situations.
  4922 
  4923 * Locale inspection command 'print_locale' omits notes elements.  Use
  4924 'print_locale!' to have them included in the output.
  4925 
  4926 
  4927 *** Provers ***
  4928 
  4929 * Provers/hypsubst.ML: improved version of the subst method, for
  4930 single-step rewriting: it now works in bound variable contexts. New is
  4931 'subst (asm)', for rewriting an assumption.  INCOMPATIBILITY: may
  4932 rewrite a different subterm than the original subst method, which is
  4933 still available as 'simplesubst'.
  4934 
  4935 * Provers/quasi.ML: new transitivity reasoners for transitivity only
  4936 and quasi orders.
  4937 
  4938 * Provers/trancl.ML: new transitivity reasoner for transitive and
  4939 reflexive-transitive closure of relations.
  4940 
  4941 * Provers/blast.ML: new reference depth_limit to make blast's depth
  4942 limit (previously hard-coded with a value of 20) user-definable.
  4943 
  4944 * Provers/simplifier.ML has been moved to Pure, where Simplifier.setup
  4945 is peformed already.  Object-logics merely need to finish their
  4946 initial simpset configuration as before.  INCOMPATIBILITY.
  4947 
  4948 
  4949 *** HOL ***
  4950 
  4951 * Symbolic syntax of Hilbert Choice Operator is now as follows:
  4952 
  4953   syntax (epsilon)
  4954     "_Eps" :: "[pttrn, bool] => 'a"    ("(3\<some>_./ _)" [0, 10] 10)
  4955 
  4956 The symbol \<some> is displayed as the alternative epsilon of LaTeX
  4957 and x-symbol; use option '-m epsilon' to get it actually printed.
  4958 Moreover, the mathematically important symbolic identifier \<epsilon>
  4959 becomes available as variable, constant etc.  INCOMPATIBILITY,
  4960 
  4961 * "x > y" abbreviates "y < x" and "x >= y" abbreviates "y <= x".
  4962 Similarly for all quantifiers: "ALL x > y" etc.  The x-symbol for >=
  4963 is \<ge>. New transitivity rules have been added to HOL/Orderings.thy to
  4964 support corresponding Isar calculations.
  4965 
  4966 * "{x:A. P}" abbreviates "{x. x:A & P}", and similarly for "\<in>"
  4967 instead of ":".
  4968 
  4969 * theory SetInterval: changed the syntax for open intervals:
  4970 
  4971   Old       New
  4972   {..n(}    {..<n}
  4973   {)n..}    {n<..}
  4974   {m..n(}   {m..<n}
  4975   {)m..n}   {m<..n}
  4976   {)m..n(}  {m<..<n}
  4977 
  4978 The old syntax is still supported but will disappear in the next
  4979 release.  For conversion use the following Emacs search and replace
  4980 patterns (these are not perfect but work quite well):
  4981 
  4982   {)\([^\.]*\)\.\.  ->  {\1<\.\.}
  4983   \.\.\([^(}]*\)(}  ->  \.\.<\1}
  4984 
  4985 * Theory Commutative_Ring (in Library): method comm_ring for proving
  4986 equalities in commutative rings; method 'algebra' provides a generic
  4987 interface.
  4988 
  4989 * Theory Finite_Set: changed the syntax for 'setsum', summation over
  4990 finite sets: "setsum (%x. e) A", which used to be "\<Sum>x:A. e", is
  4991 now either "SUM x:A. e" or "\<Sum>x \<in> A. e". The bound variable can
  4992 be a tuple pattern.
  4993 
  4994 Some new syntax forms are available:
  4995 
  4996   "\<Sum>x | P. e"      for     "setsum (%x. e) {x. P}"
  4997   "\<Sum>x = a..b. e"   for     "setsum (%x. e) {a..b}"
  4998   "\<Sum>x = a..<b. e"  for     "setsum (%x. e) {a..<b}"
  4999   "\<Sum>x < k. e"      for     "setsum (%x. e) {..<k}"
  5000 
  5001 The latter form "\<Sum>x < k. e" used to be based on a separate
  5002 function "Summation", which has been discontinued.
  5003 
  5004 * theory Finite_Set: in structured induction proofs, the insert case
  5005 is now 'case (insert x F)' instead of the old counterintuitive 'case
  5006 (insert F x)'.
  5007 
  5008 * The 'refute' command has been extended to support a much larger
  5009 fragment of HOL, including axiomatic type classes, constdefs and
  5010 typedefs, inductive datatypes and recursion.
  5011 
  5012 * New tactics 'sat' and 'satx' to prove propositional tautologies.
  5013 Requires zChaff with proof generation to be installed.  See
  5014 HOL/ex/SAT_Examples.thy for examples.
  5015 
  5016 * Datatype induction via method 'induct' now preserves the name of the
  5017 induction variable. For example, when proving P(xs::'a list) by
  5018 induction on xs, the induction step is now P(xs) ==> P(a#xs) rather
  5019 than P(list) ==> P(a#list) as previously.  Potential INCOMPATIBILITY
  5020 in unstructured proof scripts.
  5021 
  5022 * Reworked implementation of records.  Improved scalability for
  5023 records with many fields, avoiding performance problems for type
  5024 inference. Records are no longer composed of nested field types, but
  5025 of nested extension types. Therefore the record type only grows linear
  5026 in the number of extensions and not in the number of fields.  The
  5027 top-level (users) view on records is preserved.  Potential
  5028 INCOMPATIBILITY only in strange cases, where the theory depends on the
  5029 old record representation. The type generated for a record is called
  5030 <record_name>_ext_type.
  5031 
  5032 Flag record_quick_and_dirty_sensitive can be enabled to skip the
  5033 proofs triggered by a record definition or a simproc (if
  5034 quick_and_dirty is enabled).  Definitions of large records can take
  5035 quite long.
  5036 
  5037 New simproc record_upd_simproc for simplification of multiple record
  5038 updates enabled by default.  Moreover, trivial updates are also
  5039 removed: r(|x := x r|) = r.  INCOMPATIBILITY: old proofs break
  5040 occasionally, since simplification is more powerful by default.
  5041 
  5042 * typedef: proper support for polymorphic sets, which contain extra
  5043 type-variables in the term.
  5044 
  5045 * Simplifier: automatically reasons about transitivity chains
  5046 involving "trancl" (r^+) and "rtrancl" (r^*) by setting up tactics
  5047 provided by Provers/trancl.ML as additional solvers.  INCOMPATIBILITY:
  5048 old proofs break occasionally as simplification may now solve more
  5049 goals than previously.
  5050 
  5051 * Simplifier: converts x <= y into x = y if assumption y <= x is
  5052 present.  Works for all partial orders (class "order"), in particular
  5053 numbers and sets.  For linear orders (e.g. numbers) it treats ~ x < y
  5054 just like y <= x.
  5055 
  5056 * Simplifier: new simproc for "let x = a in f x".  If a is a free or
  5057 bound variable or a constant then the let is unfolded.  Otherwise
  5058 first a is simplified to b, and then f b is simplified to g. If
  5059 possible we abstract b from g arriving at "let x = b in h x",
  5060 otherwise we unfold the let and arrive at g.  The simproc can be
  5061 enabled/disabled by the reference use_let_simproc.  Potential
  5062 INCOMPATIBILITY since simplification is more powerful by default.
  5063 
  5064 * Classical reasoning: the meson method now accepts theorems as arguments.
  5065 
  5066 * Prover support: pre-release of the Isabelle-ATP linkup, which runs background
  5067 jobs to provide advice on the provability of subgoals.
  5068 
  5069 * Theory OrderedGroup and Ring_and_Field: various additions and
  5070 improvements to faciliate calculations involving equalities and
  5071 inequalities.
  5072 
  5073 The following theorems have been eliminated or modified
  5074 (INCOMPATIBILITY):
  5075 
  5076   abs_eq             now named abs_of_nonneg
  5077   abs_of_ge_0        now named abs_of_nonneg
  5078   abs_minus_eq       now named abs_of_nonpos
  5079   imp_abs_id         now named abs_of_nonneg
  5080   imp_abs_neg_id     now named abs_of_nonpos
  5081   mult_pos           now named mult_pos_pos
  5082   mult_pos_le        now named mult_nonneg_nonneg
  5083   mult_pos_neg_le    now named mult_nonneg_nonpos
  5084   mult_pos_neg2_le   now named mult_nonneg_nonpos2
  5085   mult_neg           now named mult_neg_neg
  5086   mult_neg_le        now named mult_nonpos_nonpos
  5087 
  5088 * The following lemmas in Ring_and_Field have been added to the simplifier:
  5089      
  5090      zero_le_square
  5091      not_square_less_zero 
  5092 
  5093   The following lemmas have been deleted from Real/RealPow:
  5094   
  5095      realpow_zero_zero
  5096      realpow_two
  5097      realpow_less
  5098      zero_le_power
  5099      realpow_two_le
  5100      abs_realpow_two
  5101      realpow_two_abs     
  5102 
  5103 * Theory Parity: added rules for simplifying exponents.
  5104 
  5105 * Theory List:
  5106 
  5107 The following theorems have been eliminated or modified
  5108 (INCOMPATIBILITY):
  5109 
  5110   list_all_Nil       now named list_all.simps(1)
  5111   list_all_Cons      now named list_all.simps(2)
  5112   list_all_conv      now named list_all_iff
  5113   set_mem_eq         now named mem_iff
  5114 
  5115 * Theories SetsAndFunctions and BigO (see HOL/Library) support
  5116 asymptotic "big O" calculations.  See the notes in BigO.thy.
  5117 
  5118 
  5119 *** HOL-Complex ***
  5120 
  5121 * Theory RealDef: better support for embedding natural numbers and
  5122 integers in the reals.
  5123 
  5124 The following theorems have been eliminated or modified
  5125 (INCOMPATIBILITY):
  5126 
  5127   exp_ge_add_one_self  now requires no hypotheses
  5128   real_of_int_add      reversed direction of equality (use [symmetric])
  5129   real_of_int_minus    reversed direction of equality (use [symmetric])
  5130   real_of_int_diff     reversed direction of equality (use [symmetric])
  5131   real_of_int_mult     reversed direction of equality (use [symmetric])
  5132 
  5133 * Theory RComplete: expanded support for floor and ceiling functions.
  5134 
  5135 * Theory Ln is new, with properties of the natural logarithm
  5136 
  5137 * Hyperreal: There is a new type constructor "star" for making
  5138 nonstandard types.  The old type names are now type synonyms:
  5139 
  5140   hypreal = real star
  5141   hypnat = nat star
  5142   hcomplex = complex star
  5143 
  5144 * Hyperreal: Many groups of similarly-defined constants have been
  5145 replaced by polymorphic versions (INCOMPATIBILITY):
  5146 
  5147   star_of <-- hypreal_of_real, hypnat_of_nat, hcomplex_of_complex
  5148 
  5149   starset      <-- starsetNat, starsetC
  5150   *s*          <-- *sNat*, *sc*
  5151   starset_n    <-- starsetNat_n, starsetC_n
  5152   *sn*         <-- *sNatn*, *scn*
  5153   InternalSets <-- InternalNatSets, InternalCSets
  5154 
  5155   starfun      <-- starfun{Nat,Nat2,C,RC,CR}
  5156   *f*          <-- *fNat*, *fNat2*, *fc*, *fRc*, *fcR*
  5157   starfun_n    <-- starfun{Nat,Nat2,C,RC,CR}_n
  5158   *fn*         <-- *fNatn*, *fNat2n*, *fcn*, *fRcn*, *fcRn*
  5159   InternalFuns <-- InternalNatFuns, InternalNatFuns2, Internal{C,RC,CR}Funs
  5160 
  5161 * Hyperreal: Many type-specific theorems have been removed in favor of
  5162 theorems specific to various axiomatic type classes (INCOMPATIBILITY):
  5163 
  5164   add_commute <-- {hypreal,hypnat,hcomplex}_add_commute
  5165   add_assoc   <-- {hypreal,hypnat,hcomplex}_add_assocs
  5166   OrderedGroup.add_0 <-- {hypreal,hypnat,hcomplex}_add_zero_left
  5167   OrderedGroup.add_0_right <-- {hypreal,hcomplex}_add_zero_right
  5168   right_minus <-- hypreal_add_minus
  5169   left_minus <-- {hypreal,hcomplex}_add_minus_left
  5170   mult_commute <-- {hypreal,hypnat,hcomplex}_mult_commute
  5171   mult_assoc <-- {hypreal,hypnat,hcomplex}_mult_assoc
  5172   mult_1_left <-- {hypreal,hypnat}_mult_1, hcomplex_mult_one_left
  5173   mult_1_right <-- hcomplex_mult_one_right
  5174   mult_zero_left <-- hcomplex_mult_zero_left
  5175   left_distrib <-- {hypreal,hypnat,hcomplex}_add_mult_distrib
  5176   right_distrib <-- hypnat_add_mult_distrib2
  5177   zero_neq_one <-- {hypreal,hypnat,hcomplex}_zero_not_eq_one
  5178   right_inverse <-- hypreal_mult_inverse
  5179   left_inverse <-- hypreal_mult_inverse_left, hcomplex_mult_inv_left
  5180   order_refl <-- {hypreal,hypnat}_le_refl
  5181   order_trans <-- {hypreal,hypnat}_le_trans
  5182   order_antisym <-- {hypreal,hypnat}_le_anti_sym
  5183   order_less_le <-- {hypreal,hypnat}_less_le
  5184   linorder_linear <-- {hypreal,hypnat}_le_linear
  5185   add_left_mono <-- {hypreal,hypnat}_add_left_mono
  5186   mult_strict_left_mono <-- {hypreal,hypnat}_mult_less_mono2
  5187   add_nonneg_nonneg <-- hypreal_le_add_order
  5188 
  5189 * Hyperreal: Separate theorems having to do with type-specific
  5190 versions of constants have been merged into theorems that apply to the
  5191 new polymorphic constants (INCOMPATIBILITY):
  5192 
  5193   STAR_UNIV_set <-- {STAR_real,NatStar_real,STARC_complex}_set
  5194   STAR_empty_set <-- {STAR,NatStar,STARC}_empty_set
  5195   STAR_Un <-- {STAR,NatStar,STARC}_Un
  5196   STAR_Int <-- {STAR,NatStar,STARC}_Int
  5197   STAR_Compl <-- {STAR,NatStar,STARC}_Compl
  5198   STAR_subset <-- {STAR,NatStar,STARC}_subset
  5199   STAR_mem <-- {STAR,NatStar,STARC}_mem
  5200   STAR_mem_Compl <-- {STAR,STARC}_mem_Compl
  5201   STAR_diff <-- {STAR,STARC}_diff
  5202   STAR_star_of_image_subset <-- {STAR_hypreal_of_real, NatStar_hypreal_of_real,
  5203     STARC_hcomplex_of_complex}_image_subset
  5204   starset_n_Un <-- starset{Nat,C}_n_Un
  5205   starset_n_Int <-- starset{Nat,C}_n_Int
  5206   starset_n_Compl <-- starset{Nat,C}_n_Compl
  5207   starset_n_diff <-- starset{Nat,C}_n_diff
  5208   InternalSets_Un <-- Internal{Nat,C}Sets_Un
  5209   InternalSets_Int <-- Internal{Nat,C}Sets_Int
  5210   InternalSets_Compl <-- Internal{Nat,C}Sets_Compl
  5211   InternalSets_diff <-- Internal{Nat,C}Sets_diff
  5212   InternalSets_UNIV_diff <-- Internal{Nat,C}Sets_UNIV_diff
  5213   InternalSets_starset_n <-- Internal{Nat,C}Sets_starset{Nat,C}_n
  5214   starset_starset_n_eq <-- starset{Nat,C}_starset{Nat,C}_n_eq
  5215   starset_n_starset <-- starset{Nat,C}_n_starset{Nat,C}
  5216   starfun_n_starfun <-- starfun{Nat,Nat2,C,RC,CR}_n_starfun{Nat,Nat2,C,RC,CR}
  5217   starfun <-- starfun{Nat,Nat2,C,RC,CR}
  5218   starfun_mult <-- starfun{Nat,Nat2,C,RC,CR}_mult
  5219   starfun_add <-- starfun{Nat,Nat2,C,RC,CR}_add
  5220   starfun_minus <-- starfun{Nat,Nat2,C,RC,CR}_minus
  5221   starfun_diff <-- starfun{C,RC,CR}_diff
  5222   starfun_o <-- starfun{NatNat2,Nat2,_stafunNat,C,C_starfunRC,_starfunCR}_o
  5223   starfun_o2 <-- starfun{NatNat2,_stafunNat,C,C_starfunRC,_starfunCR}_o2
  5224   starfun_const_fun <-- starfun{Nat,Nat2,C,RC,CR}_const_fun
  5225   starfun_inverse <-- starfun{Nat,C,RC,CR}_inverse
  5226   starfun_eq <-- starfun{Nat,Nat2,C,RC,CR}_eq
  5227   starfun_eq_iff <-- starfun{C,RC,CR}_eq_iff
  5228   starfun_Id <-- starfunC_Id
  5229   starfun_approx <-- starfun{Nat,CR}_approx
  5230   starfun_capprox <-- starfun{C,RC}_capprox
  5231   starfun_abs <-- starfunNat_rabs
  5232   starfun_lambda_cancel <-- starfun{C,CR,RC}_lambda_cancel
  5233   starfun_lambda_cancel2 <-- starfun{C,CR,RC}_lambda_cancel2
  5234   starfun_mult_HFinite_approx <-- starfunCR_mult_HFinite_capprox
  5235   starfun_mult_CFinite_capprox <-- starfun{C,RC}_mult_CFinite_capprox
  5236   starfun_add_capprox <-- starfun{C,RC}_add_capprox
  5237   starfun_add_approx <-- starfunCR_add_approx
  5238   starfun_inverse_inverse <-- starfunC_inverse_inverse
  5239   starfun_divide <-- starfun{C,CR,RC}_divide
  5240   starfun_n <-- starfun{Nat,C}_n
  5241   starfun_n_mult <-- starfun{Nat,C}_n_mult
  5242   starfun_n_add <-- starfun{Nat,C}_n_add
  5243   starfun_n_add_minus <-- starfunNat_n_add_minus
  5244   starfun_n_const_fun <-- starfun{Nat,C}_n_const_fun
  5245   starfun_n_minus <-- starfun{Nat,C}_n_minus
  5246   starfun_n_eq <-- starfun{Nat,C}_n_eq
  5247 
  5248   star_n_add <-- {hypreal,hypnat,hcomplex}_add
  5249   star_n_minus <-- {hypreal,hcomplex}_minus
  5250   star_n_diff <-- {hypreal,hcomplex}_diff
  5251   star_n_mult <-- {hypreal,hcomplex}_mult
  5252   star_n_inverse <-- {hypreal,hcomplex}_inverse
  5253   star_n_le <-- {hypreal,hypnat}_le
  5254   star_n_less <-- {hypreal,hypnat}_less
  5255   star_n_zero_num <-- {hypreal,hypnat,hcomplex}_zero_num
  5256   star_n_one_num <-- {hypreal,hypnat,hcomplex}_one_num
  5257   star_n_abs <-- hypreal_hrabs
  5258   star_n_divide <-- hcomplex_divide
  5259 
  5260   star_of_add <-- {hypreal_of_real,hypnat_of_nat,hcomplex_of_complex}_add
  5261   star_of_minus <-- {hypreal_of_real,hcomplex_of_complex}_minus
  5262   star_of_diff <-- hypreal_of_real_diff
  5263   star_of_mult <-- {hypreal_of_real,hypnat_of_nat,hcomplex_of_complex}_mult
  5264   star_of_one <-- {hypreal_of_real,hcomplex_of_complex}_one
  5265   star_of_zero <-- {hypreal_of_real,hypnat_of_nat,hcomplex_of_complex}_zero
  5266   star_of_le <-- {hypreal_of_real,hypnat_of_nat}_le_iff
  5267   star_of_less <-- {hypreal_of_real,hypnat_of_nat}_less_iff
  5268   star_of_eq <-- {hypreal_of_real,hypnat_of_nat,hcomplex_of_complex}_eq_iff
  5269   star_of_inverse <-- {hypreal_of_real,hcomplex_of_complex}_inverse
  5270   star_of_divide <-- {hypreal_of_real,hcomplex_of_complex}_divide
  5271   star_of_of_nat <-- {hypreal_of_real,hcomplex_of_complex}_of_nat
  5272   star_of_of_int <-- {hypreal_of_real,hcomplex_of_complex}_of_int
  5273   star_of_number_of <-- {hypreal,hcomplex}_number_of
  5274   star_of_number_less <-- number_of_less_hypreal_of_real_iff
  5275   star_of_number_le <-- number_of_le_hypreal_of_real_iff
  5276   star_of_eq_number <-- hypreal_of_real_eq_number_of_iff
  5277   star_of_less_number <-- hypreal_of_real_less_number_of_iff
  5278   star_of_le_number <-- hypreal_of_real_le_number_of_iff
  5279   star_of_power <-- hypreal_of_real_power
  5280   star_of_eq_0 <-- hcomplex_of_complex_zero_iff
  5281 
  5282 * Hyperreal: new method "transfer" that implements the transfer
  5283 principle of nonstandard analysis. With a subgoal that mentions
  5284 nonstandard types like "'a star", the command "apply transfer"
  5285 replaces it with an equivalent one that mentions only standard types.
  5286 To be successful, all free variables must have standard types; non-
  5287 standard variables must have explicit universal quantifiers.
  5288 
  5289 * Hyperreal: A theory of Taylor series.
  5290 
  5291 
  5292 *** HOLCF ***
  5293 
  5294 * Discontinued special version of 'constdefs' (which used to support
  5295 continuous functions) in favor of the general Pure one with full
  5296 type-inference.
  5297 
  5298 * New simplification procedure for solving continuity conditions; it
  5299 is much faster on terms with many nested lambda abstractions (cubic
  5300 instead of exponential time).
  5301 
  5302 * New syntax for domain package: selector names are now optional.
  5303 Parentheses should be omitted unless argument is lazy, for example:
  5304 
  5305   domain 'a stream = cons "'a" (lazy "'a stream")
  5306 
  5307 * New command 'fixrec' for defining recursive functions with pattern
  5308 matching; defining multiple functions with mutual recursion is also
  5309 supported.  Patterns may include the constants cpair, spair, up, sinl,
  5310 sinr, or any data constructor defined by the domain package. The given
  5311 equations are proven as rewrite rules. See HOLCF/ex/Fixrec_ex.thy for
  5312 syntax and examples.
  5313 
  5314 * New commands 'cpodef' and 'pcpodef' for defining predicate subtypes
  5315 of cpo and pcpo types. Syntax is exactly like the 'typedef' command,
  5316 but the proof obligation additionally includes an admissibility
  5317 requirement. The packages generate instances of class cpo or pcpo,
  5318 with continuity and strictness theorems for Rep and Abs.
  5319 
  5320 * HOLCF: Many theorems have been renamed according to a more standard naming
  5321 scheme (INCOMPATIBILITY):
  5322 
  5323   foo_inject:  "foo$x = foo$y ==> x = y"
  5324   foo_eq:      "(foo$x = foo$y) = (x = y)"
  5325   foo_less:    "(foo$x << foo$y) = (x << y)"
  5326   foo_strict:  "foo$UU = UU"
  5327   foo_defined: "... ==> foo$x ~= UU"
  5328   foo_defined_iff: "(foo$x = UU) = (x = UU)"
  5329 
  5330 
  5331 *** ZF ***
  5332 
  5333 * ZF/ex: theories Group and Ring provide examples in abstract algebra,
  5334 including the First Isomorphism Theorem (on quotienting by the kernel
  5335 of a homomorphism).
  5336 
  5337 * ZF/Simplifier: install second copy of type solver that actually
  5338 makes use of TC rules declared to Isar proof contexts (or locales);
  5339 the old version is still required for ML proof scripts.
  5340 
  5341 
  5342 *** Cube ***
  5343 
  5344 * Converted to Isar theory format; use locales instead of axiomatic
  5345 theories.
  5346 
  5347 
  5348 *** ML ***
  5349 
  5350 * Pure/library.ML: added ##>, ##>>, #>> -- higher-order counterparts
  5351 for ||>, ||>>, |>>,
  5352 
  5353 * Pure/library.ML no longer defines its own option datatype, but uses
  5354 that of the SML basis, which has constructors NONE and SOME instead of
  5355 None and Some, as well as exception Option.Option instead of OPTION.
  5356 The functions the, if_none, is_some, is_none have been adapted
  5357 accordingly, while Option.map replaces apsome.
  5358 
  5359 * Pure/library.ML: the exception LIST has been given up in favour of
  5360 the standard exceptions Empty and Subscript, as well as
  5361 Library.UnequalLengths.  Function like Library.hd and Library.tl are
  5362 superceded by the standard hd and tl functions etc.
  5363 
  5364 A number of basic list functions are no longer exported to the ML
  5365 toplevel, as they are variants of predefined functions.  The following
  5366 suggests how one can translate existing code:
  5367 
  5368     rev_append xs ys = List.revAppend (xs, ys)
  5369     nth_elem (i, xs) = List.nth (xs, i)
  5370     last_elem xs = List.last xs
  5371     flat xss = List.concat xss
  5372     seq fs = List.app fs
  5373     partition P xs = List.partition P xs
  5374     mapfilter f xs = List.mapPartial f xs
  5375 
  5376 * Pure/library.ML: several combinators for linear functional
  5377 transformations, notably reverse application and composition:
  5378 
  5379   x |> f                f #> g
  5380   (x, y) |-> f          f #-> g
  5381 
  5382 * Pure/library.ML: introduced/changed precedence of infix operators:
  5383 
  5384   infix 1 |> |-> ||> ||>> |>> |>>> #> #->;
  5385   infix 2 ?;
  5386   infix 3 o oo ooo oooo;
  5387   infix 4 ~~ upto downto;
  5388 
  5389 Maybe INCOMPATIBILITY when any of those is used in conjunction with other
  5390 infix operators.
  5391 
  5392 * Pure/library.ML: natural list combinators fold, fold_rev, and
  5393 fold_map support linear functional transformations and nesting.  For
  5394 example:
  5395 
  5396   fold f [x1, ..., xN] y =
  5397     y |> f x1 |> ... |> f xN
  5398 
  5399   (fold o fold) f [xs1, ..., xsN] y =
  5400     y |> fold f xs1 |> ... |> fold f xsN
  5401 
  5402   fold f [x1, ..., xN] =
  5403     f x1 #> ... #> f xN
  5404 
  5405   (fold o fold) f [xs1, ..., xsN] =
  5406     fold f xs1 #> ... #> fold f xsN
  5407 
  5408 * Pure/library.ML: the following selectors on type 'a option are
  5409 available:
  5410 
  5411   the:               'a option -> 'a  (*partial*)
  5412   these:             'a option -> 'a  where 'a = 'b list
  5413   the_default: 'a -> 'a option -> 'a
  5414   the_list:          'a option -> 'a list
  5415 
  5416 * Pure/General: structure AList (cf. Pure/General/alist.ML) provides
  5417 basic operations for association lists, following natural argument
  5418 order; moreover the explicit equality predicate passed here avoids
  5419 potentially expensive polymorphic runtime equality checks.
  5420 The old functions may be expressed as follows:
  5421 
  5422   assoc = uncurry (AList.lookup (op =))
  5423   assocs = these oo AList.lookup (op =)
  5424   overwrite = uncurry (AList.update (op =)) o swap
  5425 
  5426 * Pure/General: structure AList (cf. Pure/General/alist.ML) provides
  5427 
  5428   val make: ('a -> 'b) -> 'a list -> ('a * 'b) list
  5429   val find: ('a * 'b -> bool) -> ('c * 'b) list -> 'a -> 'c list
  5430 
  5431 replacing make_keylist and keyfilter (occassionally used)
  5432 Naive rewrites:
  5433 
  5434   make_keylist = AList.make
  5435   keyfilter = AList.find (op =)
  5436 
  5437 * eq_fst and eq_snd now take explicit equality parameter, thus
  5438   avoiding eqtypes. Naive rewrites:
  5439 
  5440     eq_fst = eq_fst (op =)
  5441     eq_snd = eq_snd (op =)
  5442 
  5443 * Removed deprecated apl and apr (rarely used).
  5444   Naive rewrites:
  5445 
  5446     apl (n, op) =>>= curry op n
  5447     apr (op, m) =>>= fn n => op (n, m)
  5448 
  5449 * Pure/General: structure OrdList (cf. Pure/General/ord_list.ML)
  5450 provides a reasonably efficient light-weight implementation of sets as
  5451 lists.
  5452 
  5453 * Pure/General: generic tables (cf. Pure/General/table.ML) provide a
  5454 few new operations; existing lookup and update are now curried to
  5455 follow natural argument order (for use with fold etc.);
  5456 INCOMPATIBILITY, use (uncurry Symtab.lookup) etc. as last resort.
  5457 
  5458 * Pure/General: output via the Isabelle channels of
  5459 writeln/warning/error etc. is now passed through Output.output, with a
  5460 hook for arbitrary transformations depending on the print_mode
  5461 (cf. Output.add_mode -- the first active mode that provides a output
  5462 function wins).  Already formatted output may be embedded into further
  5463 text via Output.raw; the result of Pretty.string_of/str_of and derived
  5464 functions (string_of_term/cterm/thm etc.) is already marked raw to
  5465 accommodate easy composition of diagnostic messages etc.  Programmers
  5466 rarely need to care about Output.output or Output.raw at all, with
  5467 some notable exceptions: Output.output is required when bypassing the
  5468 standard channels (writeln etc.), or in token translations to produce
  5469 properly formatted results; Output.raw is required when capturing
  5470 already output material that will eventually be presented to the user
  5471 a second time.  For the default print mode, both Output.output and
  5472 Output.raw have no effect.
  5473 
  5474 * Pure/General: Output.time_accumulator NAME creates an operator ('a
  5475 -> 'b) -> 'a -> 'b to measure runtime and count invocations; the
  5476 cumulative results are displayed at the end of a batch session.
  5477 
  5478 * Pure/General: File.sysify_path and File.quote_sysify path have been
  5479 replaced by File.platform_path and File.shell_path (with appropriate
  5480 hooks).  This provides a clean interface for unusual systems where the
  5481 internal and external process view of file names are different.
  5482 
  5483 * Pure: more efficient orders for basic syntactic entities: added
  5484 fast_string_ord, fast_indexname_ord, fast_term_ord; changed sort_ord
  5485 and typ_ord to use fast_string_ord and fast_indexname_ord (term_ord is
  5486 NOT affected); structures Symtab, Vartab, Typtab, Termtab use the fast
  5487 orders now -- potential INCOMPATIBILITY for code that depends on a
  5488 particular order for Symtab.keys, Symtab.dest, etc. (consider using
  5489 Library.sort_strings on result).
  5490 
  5491 * Pure/term.ML: combinators fold_atyps, fold_aterms, fold_term_types,
  5492 fold_types traverse types/terms from left to right, observing natural
  5493 argument order.  Supercedes previous foldl_XXX versions, add_frees,
  5494 add_vars etc. have been adapted as well: INCOMPATIBILITY.
  5495 
  5496 * Pure: name spaces have been refined, with significant changes of the
  5497 internal interfaces -- INCOMPATIBILITY.  Renamed cond_extern(_table)
  5498 to extern(_table).  The plain name entry path is superceded by a
  5499 general 'naming' context, which also includes the 'policy' to produce
  5500 a fully qualified name and external accesses of a fully qualified
  5501 name; NameSpace.extend is superceded by context dependent
  5502 Sign.declare_name.  Several theory and proof context operations modify
  5503 the naming context.  Especially note Theory.restore_naming and
  5504 ProofContext.restore_naming to get back to a sane state; note that
  5505 Theory.add_path is no longer sufficient to recover from
  5506 Theory.absolute_path in particular.
  5507 
  5508 * Pure: new flags short_names (default false) and unique_names
  5509 (default true) for controlling output of qualified names.  If
  5510 short_names is set, names are printed unqualified.  If unique_names is
  5511 reset, the name prefix is reduced to the minimum required to achieve
  5512 the original result when interning again, even if there is an overlap
  5513 with earlier declarations.
  5514 
  5515 * Pure/TheoryDataFun: change of the argument structure; 'prep_ext' is
  5516 now 'extend', and 'merge' gets an additional Pretty.pp argument
  5517 (useful for printing error messages).  INCOMPATIBILITY.
  5518 
  5519 * Pure: major reorganization of the theory context.  Type Sign.sg and
  5520 Theory.theory are now identified, referring to the universal
  5521 Context.theory (see Pure/context.ML).  Actual signature and theory
  5522 content is managed as theory data.  The old code and interfaces were
  5523 spread over many files and structures; the new arrangement introduces
  5524 considerable INCOMPATIBILITY to gain more clarity:
  5525 
  5526   Context -- theory management operations (name, identity, inclusion,
  5527     parents, ancestors, merge, etc.), plus generic theory data;
  5528 
  5529   Sign -- logical signature and syntax operations (declaring consts,
  5530     types, etc.), plus certify/read for common entities;
  5531 
  5532   Theory -- logical theory operations (stating axioms, definitions,
  5533     oracles), plus a copy of logical signature operations (consts,
  5534     types, etc.); also a few basic management operations (Theory.copy,
  5535     Theory.merge, etc.)
  5536 
  5537 The most basic sign_of operations (Theory.sign_of, Thm.sign_of_thm
  5538 etc.) as well as the sign field in Thm.rep_thm etc. have been retained
  5539 for convenience -- they merely return the theory.
  5540 
  5541 * Pure: type Type.tsig is superceded by theory in most interfaces.
  5542 
  5543 * Pure: the Isar proof context type is already defined early in Pure
  5544 as Context.proof (note that ProofContext.context and Proof.context are
  5545 aliases, where the latter is the preferred name).  This enables other
  5546 Isabelle components to refer to that type even before Isar is present.
  5547 
  5548 * Pure/sign/theory: discontinued named name spaces (i.e. classK,
  5549 typeK, constK, axiomK, oracleK), but provide explicit operations for
  5550 any of these kinds.  For example, Sign.intern typeK is now
  5551 Sign.intern_type, Theory.hide_space Sign.typeK is now
  5552 Theory.hide_types.  Also note that former
  5553 Theory.hide_classes/types/consts are now
  5554 Theory.hide_classes_i/types_i/consts_i, while the non '_i' versions
  5555 internalize their arguments!  INCOMPATIBILITY.
  5556 
  5557 * Pure: get_thm interface (of PureThy and ProofContext) expects
  5558 datatype thmref (with constructors Name and NameSelection) instead of
  5559 plain string -- INCOMPATIBILITY;
  5560 
  5561 * Pure: cases produced by proof methods specify options, where NONE
  5562 means to remove case bindings -- INCOMPATIBILITY in
  5563 (RAW_)METHOD_CASES.
  5564 
  5565 * Pure: the following operations retrieve axioms or theorems from a
  5566 theory node or theory hierarchy, respectively:
  5567 
  5568   Theory.axioms_of: theory -> (string * term) list
  5569   Theory.all_axioms_of: theory -> (string * term) list
  5570   PureThy.thms_of: theory -> (string * thm) list
  5571   PureThy.all_thms_of: theory -> (string * thm) list
  5572 
  5573 * Pure: print_tac now outputs the goal through the trace channel.
  5574 
  5575 * Isar toplevel: improved diagnostics, mostly for Poly/ML only.
  5576 Reference Toplevel.debug (default false) controls detailed printing
  5577 and tracing of low-level exceptions; Toplevel.profiling (default 0)
  5578 controls execution profiling -- set to 1 for time and 2 for space
  5579 (both increase the runtime).
  5580 
  5581 * Isar session: The initial use of ROOT.ML is now always timed,
  5582 i.e. the log will show the actual process times, in contrast to the
  5583 elapsed wall-clock time that the outer shell wrapper produces.
  5584 
  5585 * Simplifier: improved handling of bound variables (nameless
  5586 representation, avoid allocating new strings).  Simprocs that invoke
  5587 the Simplifier recursively should use Simplifier.inherit_bounds to
  5588 avoid local name clashes.  Failure to do so produces warnings
  5589 "Simplifier: renamed bound variable ..."; set Simplifier.debug_bounds
  5590 for further details.
  5591 
  5592 * ML functions legacy_bindings and use_legacy_bindings produce ML fact
  5593 bindings for all theorems stored within a given theory; this may help
  5594 in porting non-Isar theories to Isar ones, while keeping ML proof
  5595 scripts for the time being.
  5596 
  5597 * ML operator HTML.with_charset specifies the charset begin used for
  5598 generated HTML files.  For example:
  5599 
  5600   HTML.with_charset "utf-8" use_thy "Hebrew";
  5601   HTML.with_charset "utf-8" use_thy "Chinese";
  5602 
  5603 
  5604 *** System ***
  5605 
  5606 * Allow symlinks to all proper Isabelle executables (Isabelle,
  5607 isabelle, isatool etc.).
  5608 
  5609 * ISABELLE_DOC_FORMAT setting specifies preferred document format (for
  5610 isatool doc, isatool mkdir, display_drafts etc.).
  5611 
  5612 * isatool usedir: option -f allows specification of the ML file to be
  5613 used by Isabelle; default is ROOT.ML.
  5614 
  5615 * New isatool version outputs the version identifier of the Isabelle
  5616 distribution being used.
  5617 
  5618 * HOL: new isatool dimacs2hol converts files in DIMACS CNF format
  5619 (containing Boolean satisfiability problems) into Isabelle/HOL
  5620 theories.
  5621 
  5622 
  5623 
  5624 New in Isabelle2004 (April 2004)
  5625 --------------------------------
  5626 
  5627 *** General ***
  5628 
  5629 * Provers/order.ML:  new efficient reasoner for partial and linear orders.
  5630   Replaces linorder.ML.
  5631 
  5632 * Pure: Greek letters (except small lambda, \<lambda>), as well as Gothic
  5633   (\<aa>...\<zz>\<AA>...\<ZZ>), calligraphic (\<A>...\<Z>), and Euler
  5634   (\<a>...\<z>), are now considered normal letters, and can therefore
  5635   be used anywhere where an ASCII letter (a...zA...Z) has until
  5636   now. COMPATIBILITY: This obviously changes the parsing of some
  5637   terms, especially where a symbol has been used as a binder, say
  5638   '\<Pi>x. ...', which is now a type error since \<Pi>x will be parsed
  5639   as an identifier.  Fix it by inserting a space around former
  5640   symbols.  Call 'isatool fixgreek' to try to fix parsing errors in
  5641   existing theory and ML files.
  5642 
  5643 * Pure: Macintosh and Windows line-breaks are now allowed in theory files.
  5644 
  5645 * Pure: single letter sub/superscripts (\<^isub> and \<^isup>) are now
  5646   allowed in identifiers. Similar to Greek letters \<^isub> is now considered
  5647   a normal (but invisible) letter. For multiple letter subscripts repeat
  5648   \<^isub> like this: x\<^isub>1\<^isub>2.
  5649 
  5650 * Pure: There are now sub-/superscripts that can span more than one
  5651   character. Text between \<^bsub> and \<^esub> is set in subscript in
  5652   ProofGeneral and LaTeX, text between \<^bsup> and \<^esup> in
  5653   superscript. The new control characters are not identifier parts.
  5654 
  5655 * Pure: Control-symbols of the form \<^raw:...> will literally print the
  5656   content of "..." to the latex file instead of \isacntrl... . The "..."
  5657   may consist of any printable characters excluding the end bracket >.
  5658 
  5659 * Pure: Using new Isar command "finalconsts" (or the ML functions
  5660   Theory.add_finals or Theory.add_finals_i) it is now possible to
  5661   declare constants "final", which prevents their being given a definition
  5662   later.  It is useful for constants whose behaviour is fixed axiomatically
  5663   rather than definitionally, such as the meta-logic connectives.
  5664 
  5665 * Pure: 'instance' now handles general arities with general sorts
  5666   (i.e. intersections of classes),
  5667 
  5668 * Presentation: generated HTML now uses a CSS style sheet to make layout
  5669   (somewhat) independent of content. It is copied from lib/html/isabelle.css.
  5670   It can be changed to alter the colors/layout of generated pages.
  5671 
  5672 
  5673 *** Isar ***
  5674 
  5675 * Tactic emulation methods rule_tac, erule_tac, drule_tac, frule_tac,
  5676   cut_tac, subgoal_tac and thin_tac:
  5677   - Now understand static (Isar) contexts.  As a consequence, users of Isar
  5678     locales are no longer forced to write Isar proof scripts.
  5679     For details see Isar Reference Manual, paragraph 4.3.2: Further tactic
  5680     emulations.
  5681   - INCOMPATIBILITY: names of variables to be instantiated may no
  5682     longer be enclosed in quotes.  Instead, precede variable name with `?'.
  5683     This is consistent with the instantiation attribute "where".
  5684 
  5685 * Attributes "where" and "of":
  5686   - Now take type variables of instantiated theorem into account when reading
  5687     the instantiation string.  This fixes a bug that caused instantiated
  5688     theorems to have too special types in some circumstances.
  5689   - "where" permits explicit instantiations of type variables.
  5690 
  5691 * Calculation commands "moreover" and "also" no longer interfere with
  5692   current facts ("this"), admitting arbitrary combinations with "then"
  5693   and derived forms.
  5694 
  5695 * Locales:
  5696   - Goal statements involving the context element "includes" no longer
  5697     generate theorems with internal delta predicates (those ending on
  5698     "_axioms") in the premise.
  5699     Resolve particular premise with <locale>.intro to obtain old form.
  5700   - Fixed bug in type inference ("unify_frozen") that prevented mix of target
  5701     specification and "includes" elements in goal statement.
  5702   - Rule sets <locale>.intro and <locale>.axioms no longer declared as
  5703     [intro?] and [elim?] (respectively) by default.
  5704   - Experimental command for instantiation of locales in proof contexts:
  5705         instantiate <label>[<attrs>]: <loc>
  5706     Instantiates locale <loc> and adds all its theorems to the current context
  5707     taking into account their attributes.  Label and attrs are optional
  5708     modifiers, like in theorem declarations.  If present, names of
  5709     instantiated theorems are qualified with <label>, and the attributes
  5710     <attrs> are applied after any attributes these theorems might have already.
  5711       If the locale has assumptions, a chained fact of the form
  5712     "<loc> t1 ... tn" is expected from which instantiations of the parameters
  5713     are derived.  The command does not support old-style locales declared
  5714     with "locale (open)".
  5715       A few (very simple) examples can be found in FOL/ex/LocaleInst.thy.
  5716 
  5717 * HOL: Tactic emulation methods induct_tac and case_tac understand static
  5718   (Isar) contexts.
  5719 
  5720 
  5721 *** HOL ***
  5722 
  5723 * Proof import: new image HOL4 contains the imported library from
  5724   the HOL4 system with about 2500 theorems. It is imported by
  5725   replaying proof terms produced by HOL4 in Isabelle. The HOL4 image
  5726   can be used like any other Isabelle image.  See
  5727   HOL/Import/HOL/README for more information.
  5728 
  5729 * Simplifier:
  5730   - Much improved handling of linear and partial orders.
  5731     Reasoners for linear and partial orders are set up for type classes
  5732     "linorder" and "order" respectively, and are added to the default simpset
  5733     as solvers.  This means that the simplifier can build transitivity chains
  5734     to solve goals from the assumptions.
  5735   - INCOMPATIBILITY: old proofs break occasionally.  Typically, applications
  5736     of blast or auto after simplification become unnecessary because the goal
  5737     is solved by simplification already.
  5738 
  5739 * Numerics: new theory Ring_and_Field contains over 250 basic numerical laws,
  5740     all proved in axiomatic type classes for semirings, rings and fields.
  5741 
  5742 * Numerics:
  5743   - Numeric types (nat, int, and in HOL-Complex rat, real, complex, etc.) are
  5744     now formalized using the Ring_and_Field theory mentioned above.
  5745   - INCOMPATIBILITY: simplification and arithmetic behaves somewhat differently
  5746     than before, because now they are set up once in a generic manner.
  5747   - INCOMPATIBILITY: many type-specific arithmetic laws have gone.
  5748     Look for the general versions in Ring_and_Field (and Power if they concern
  5749     exponentiation).
  5750 
  5751 * Type "rat" of the rational numbers is now available in HOL-Complex.
  5752 
  5753 * Records:
  5754   - Record types are now by default printed with their type abbreviation
  5755     instead of the list of all field types. This can be configured via
  5756     the reference "print_record_type_abbr".
  5757   - Simproc "record_upd_simproc" for simplification of multiple updates added
  5758     (not enabled by default).
  5759   - Simproc "record_ex_sel_eq_simproc" to simplify EX x. sel r = x resp.
  5760     EX x. x = sel r to True (not enabled by default).
  5761   - Tactic "record_split_simp_tac" to split and simplify records added.
  5762 
  5763 * 'specification' command added, allowing for definition by
  5764   specification.  There is also an 'ax_specification' command that
  5765   introduces the new constants axiomatically.
  5766 
  5767 * arith(_tac) is now able to generate counterexamples for reals as well.
  5768 
  5769 * HOL-Algebra: new locale "ring" for non-commutative rings.
  5770 
  5771 * HOL-ex: InductiveInvariant_examples illustrates advanced recursive function
  5772   definitions, thanks to Sava Krsti\'{c} and John Matthews.
  5773 
  5774 * HOL-Matrix: a first theory for matrices in HOL with an application of
  5775   matrix theory to linear programming.
  5776 
  5777 * Unions and Intersections:
  5778   The latex output syntax of UN and INT has been changed
  5779   from "\Union x \in A. B" to "\Union_{x \in A} B"
  5780   i.e. the index formulae has become a subscript.
  5781   Similarly for "\Union x. B", and for \Inter instead of \Union.
  5782 
  5783 * Unions and Intersections over Intervals:
  5784   There is new short syntax "UN i<=n. A" for "UN i:{0..n}. A". There is
  5785   also an x-symbol version with subscripts "\<Union>\<^bsub>i <= n\<^esub>. A"
  5786   like in normal math, and corresponding versions for < and for intersection.
  5787 
  5788 * HOL/List: Ordering "lexico" is renamed "lenlex" and the standard
  5789   lexicographic dictonary ordering has been added as "lexord".
  5790 
  5791 * ML: the legacy theory structures Int and List have been removed. They had
  5792   conflicted with ML Basis Library structures having the same names.
  5793 
  5794 * 'refute' command added to search for (finite) countermodels.  Only works
  5795   for a fragment of HOL.  The installation of an external SAT solver is
  5796   highly recommended.  See "HOL/Refute.thy" for details.
  5797 
  5798 * 'quickcheck' command: Allows to find counterexamples by evaluating
  5799   formulae under an assignment of free variables to random values.
  5800   In contrast to 'refute', it can deal with inductive datatypes,
  5801   but cannot handle quantifiers. See "HOL/ex/Quickcheck_Examples.thy"
  5802   for examples.
  5803 
  5804 
  5805 *** HOLCF ***
  5806 
  5807 * Streams now come with concatenation and are part of the HOLCF image
  5808 
  5809 
  5810 
  5811 New in Isabelle2003 (May 2003)
  5812 ------------------------------
  5813 
  5814 *** General ***
  5815 
  5816 * Provers/simplifier:
  5817 
  5818   - Completely reimplemented method simp (ML: Asm_full_simp_tac):
  5819     Assumptions are now subject to complete mutual simplification,
  5820     not just from left to right. The simplifier now preserves
  5821     the order of assumptions.
  5822 
  5823     Potential INCOMPATIBILITY:
  5824 
  5825     -- simp sometimes diverges where the old version did
  5826        not, e.g. invoking simp on the goal
  5827 
  5828         [| P (f x); y = x; f x = f y |] ==> Q
  5829 
  5830        now gives rise to the infinite reduction sequence
  5831 
  5832         P(f x) --(f x = f y)--> P(f y) --(y = x)--> P(f x) --(f x = f y)--> ...
  5833 
  5834        Using "simp (asm_lr)" (ML: Asm_lr_simp_tac) instead often solves this
  5835        kind of problem.
  5836 
  5837     -- Tactics combining classical reasoner and simplification (such as auto)
  5838        are also affected by this change, because many of them rely on
  5839        simp. They may sometimes diverge as well or yield a different numbers
  5840        of subgoals. Try to use e.g. force, fastsimp, or safe instead of auto
  5841        in case of problems. Sometimes subsequent calls to the classical
  5842        reasoner will fail because a preceeding call to the simplifier too
  5843        eagerly simplified the goal, e.g. deleted redundant premises.
  5844 
  5845   - The simplifier trace now shows the names of the applied rewrite rules
  5846 
  5847   - You can limit the number of recursive invocations of the simplifier
  5848     during conditional rewriting (where the simplifie tries to solve the
  5849     conditions before applying the rewrite rule):
  5850     ML "simp_depth_limit := n"
  5851     where n is an integer. Thus you can force termination where previously
  5852     the simplifier would diverge.
  5853 
  5854   - Accepts free variables as head terms in congruence rules.  Useful in Isar.
  5855 
  5856   - No longer aborts on failed congruence proof.  Instead, the
  5857     congruence is ignored.
  5858 
  5859 * Pure: New generic framework for extracting programs from constructive
  5860   proofs. See HOL/Extraction.thy for an example instantiation, as well
  5861   as HOL/Extraction for some case studies.
  5862 
  5863 * Pure: The main goal of the proof state is no longer shown by default, only
  5864 the subgoals. This behaviour is controlled by a new flag.
  5865    PG menu: Isabelle/Isar -> Settings -> Show Main Goal
  5866 (ML: Proof.show_main_goal).
  5867 
  5868 * Pure: You can find all matching introduction rules for subgoal 1, i.e. all
  5869 rules whose conclusion matches subgoal 1:
  5870       PG menu: Isabelle/Isar -> Show me -> matching rules
  5871 The rules are ordered by how closely they match the subgoal.
  5872 In particular, rules that solve a subgoal outright are displayed first
  5873 (or rather last, the way they are printed).
  5874 (ML: ProofGeneral.print_intros())
  5875 
  5876 * Pure: New flag trace_unify_fail causes unification to print
  5877 diagnostic information (PG: in trace buffer) when it fails. This is
  5878 useful for figuring out why single step proofs like rule, erule or
  5879 assumption failed.
  5880 
  5881 * Pure: Locale specifications now produce predicate definitions
  5882 according to the body of text (covering assumptions modulo local
  5883 definitions); predicate "loc_axioms" covers newly introduced text,
  5884 while "loc" is cumulative wrt. all included locale expressions; the
  5885 latter view is presented only on export into the global theory
  5886 context; potential INCOMPATIBILITY, use "(open)" option to fall back
  5887 on the old view without predicates;
  5888 
  5889 * Pure: predefined locales "var" and "struct" are useful for sharing
  5890 parameters (as in CASL, for example); just specify something like
  5891 ``var x + var y + struct M'' as import;
  5892 
  5893 * Pure: improved thms_containing: proper indexing of facts instead of
  5894 raw theorems; check validity of results wrt. current name space;
  5895 include local facts of proof configuration (also covers active
  5896 locales), cover fixed variables in index; may use "_" in term
  5897 specification; an optional limit for the number of printed facts may
  5898 be given (the default is 40);
  5899 
  5900 * Pure: disallow duplicate fact bindings within new-style theory files
  5901 (batch-mode only);
  5902 
  5903 * Provers: improved induct method: assumptions introduced by case
  5904 "foo" are split into "foo.hyps" (from the rule) and "foo.prems" (from
  5905 the goal statement); "foo" still refers to all facts collectively;
  5906 
  5907 * Provers: the function blast.overloaded has been removed: all constants
  5908 are regarded as potentially overloaded, which improves robustness in exchange
  5909 for slight decrease in efficiency;
  5910 
  5911 * Provers/linorder: New generic prover for transitivity reasoning over
  5912 linear orders.  Note: this prover is not efficient!
  5913 
  5914 * Isar: preview of problems to finish 'show' now produce an error
  5915 rather than just a warning (in interactive mode);
  5916 
  5917 
  5918 *** HOL ***
  5919 
  5920 * arith(_tac)
  5921 
  5922  - Produces a counter example if it cannot prove a goal.
  5923    Note that the counter example may be spurious if the goal is not a formula
  5924    of quantifier-free linear arithmetic.
  5925    In ProofGeneral the counter example appears in the trace buffer.
  5926 
  5927  - Knows about div k and mod k where k is a numeral of type nat or int.
  5928 
  5929  - Calls full Presburger arithmetic (by Amine Chaieb) if quantifier-free
  5930    linear arithmetic fails. This takes account of quantifiers and divisibility.
  5931    Presburger arithmetic can also be called explicitly via presburger(_tac).
  5932 
  5933 * simp's arithmetic capabilities have been enhanced a bit: it now
  5934 takes ~= in premises into account (by performing a case split);
  5935 
  5936 * simp reduces "m*(n div m) + n mod m" to n, even if the two summands
  5937 are distributed over a sum of terms;
  5938 
  5939 * New tactic "trans_tac" and method "trans" instantiate
  5940 Provers/linorder.ML for axclasses "order" and "linorder" (predicates
  5941 "<=", "<" and "=").
  5942 
  5943 * function INCOMPATIBILITIES: Pi-sets have been redefined and moved from main
  5944 HOL to Library/FuncSet; constant "Fun.op o" is now called "Fun.comp";
  5945 
  5946 * 'typedef' command has new option "open" to suppress the set
  5947 definition;
  5948 
  5949 * functions Min and Max on finite sets have been introduced (theory
  5950 Finite_Set);
  5951 
  5952 * attribute [symmetric] now works for relations as well; it turns
  5953 (x,y) : R^-1 into (y,x) : R, and vice versa;
  5954 
  5955 * induct over a !!-quantified statement (say !!x1..xn):
  5956   each "case" automatically performs "fix x1 .. xn" with exactly those names.
  5957 
  5958 * Map: `empty' is no longer a constant but a syntactic abbreviation for
  5959 %x. None. Warning: empty_def now refers to the previously hidden definition
  5960 of the empty set.
  5961 
  5962 * Algebra: formalization of classical algebra.  Intended as base for
  5963 any algebraic development in Isabelle.  Currently covers group theory
  5964 (up to Sylow's theorem) and ring theory (Universal Property of
  5965 Univariate Polynomials).  Contributions welcome;
  5966 
  5967 * GroupTheory: deleted, since its material has been moved to Algebra;
  5968 
  5969 * Complex: new directory of the complex numbers with numeric constants,
  5970 nonstandard complex numbers, and some complex analysis, standard and
  5971 nonstandard (Jacques Fleuriot);
  5972 
  5973 * HOL-Complex: new image for analysis, replacing HOL-Real and HOL-Hyperreal;
  5974 
  5975 * Hyperreal: introduced Gauge integration and hyperreal logarithms (Jacques
  5976 Fleuriot);
  5977 
  5978 * Real/HahnBanach: updated and adapted to locales;
  5979 
  5980 * NumberTheory: added Gauss's law of quadratic reciprocity (by Avigad,
  5981 Gray and Kramer);
  5982 
  5983 * UNITY: added the Meier-Sanders theory of progress sets;
  5984 
  5985 * MicroJava: bytecode verifier and lightweight bytecode verifier
  5986 as abstract algorithms, instantiated to the JVM;
  5987 
  5988 * Bali: Java source language formalization. Type system, operational
  5989 semantics, axiomatic semantics. Supported language features:
  5990 classes, interfaces, objects,virtual methods, static methods,
  5991 static/instance fields, arrays, access modifiers, definite
  5992 assignment, exceptions.
  5993 
  5994 
  5995 *** ZF ***
  5996 
  5997 * ZF/Constructible: consistency proof for AC (Gdel's constructible
  5998 universe, etc.);
  5999 
  6000 * Main ZF: virtually all theories converted to new-style format;
  6001 
  6002 
  6003 *** ML ***
  6004 
  6005 * Pure: Tactic.prove provides sane interface for internal proofs;
  6006 omits the infamous "standard" operation, so this is more appropriate
  6007 than prove_goalw_cterm in many situations (e.g. in simprocs);
  6008 
  6009 * Pure: improved error reporting of simprocs;
  6010 
  6011 * Provers: Simplifier.simproc(_i) provides sane interface for setting
  6012 up simprocs;
  6013 
  6014 
  6015 *** Document preparation ***
  6016 
  6017 * uses \par instead of \\ for line breaks in theory text. This may
  6018 shift some page breaks in large documents. To get the old behaviour
  6019 use \renewcommand{\isanewline}{\mbox{}\\\mbox{}} in root.tex.
  6020 
  6021 * minimized dependencies of isabelle.sty and isabellesym.sty on
  6022 other packages
  6023 
  6024 * \<euro> now needs package babel/greek instead of marvosym (which
  6025 broke \Rightarrow)
  6026 
  6027 * normal size for \<zero>...\<nine> (uses \mathbf instead of
  6028 textcomp package)
  6029 
  6030 
  6031 
  6032 New in Isabelle2002 (March 2002)
  6033 --------------------------------
  6034 
  6035 *** Document preparation ***
  6036 
  6037 * greatly simplified document preparation setup, including more
  6038 graceful interpretation of isatool usedir -i/-d/-D options, and more
  6039 instructive isatool mkdir; users should basically be able to get
  6040 started with "isatool mkdir HOL Test && isatool make"; alternatively,
  6041 users may run a separate document processing stage manually like this:
  6042 "isatool usedir -D output HOL Test && isatool document Test/output";
  6043 
  6044 * theory dependency graph may now be incorporated into documents;
  6045 isatool usedir -g true will produce session_graph.eps/.pdf for use
  6046 with \includegraphics of LaTeX;
  6047 
  6048 * proper spacing of consecutive markup elements, especially text
  6049 blocks after section headings;
  6050 
  6051 * support bold style (for single symbols only), input syntax is like
  6052 this: "\<^bold>\<alpha>" or "\<^bold>A";
  6053 
  6054 * \<bullet> is now output as bold \cdot by default, which looks much
  6055 better in printed text;
  6056 
  6057 * added default LaTeX bindings for \<tturnstile> and \<TTurnstile>;
  6058 note that these symbols are currently unavailable in Proof General /
  6059 X-Symbol; new symbols \<zero>, \<one>, ..., \<nine>, and \<euro>;
  6060 
  6061 * isatool latex no longer depends on changed TEXINPUTS, instead
  6062 isatool document copies the Isabelle style files to the target
  6063 location;
  6064 
  6065 
  6066 *** Isar ***
  6067 
  6068 * Pure/Provers: improved proof by cases and induction;
  6069   - 'case' command admits impromptu naming of parameters (such as
  6070     "case (Suc n)");
  6071   - 'induct' method divinates rule instantiation from the inductive
  6072     claim; no longer requires excessive ?P bindings for proper
  6073     instantiation of cases;
  6074   - 'induct' method properly enumerates all possibilities of set/type
  6075     rules; as a consequence facts may be also passed through *type*
  6076     rules without further ado;
  6077   - 'induct' method now derives symbolic cases from the *rulified*
  6078     rule (before it used to rulify cases stemming from the internal
  6079     atomized version); this means that the context of a non-atomic
  6080     statement becomes is included in the hypothesis, avoiding the
  6081     slightly cumbersome show "PROP ?case" form;
  6082   - 'induct' may now use elim-style induction rules without chaining
  6083     facts, using ``missing'' premises from the goal state; this allows
  6084     rules stemming from inductive sets to be applied in unstructured
  6085     scripts, while still benefitting from proper handling of non-atomic
  6086     statements; NB: major inductive premises need to be put first, all
  6087     the rest of the goal is passed through the induction;
  6088   - 'induct' proper support for mutual induction involving non-atomic
  6089     rule statements (uses the new concept of simultaneous goals, see
  6090     below);
  6091   - append all possible rule selections, but only use the first
  6092     success (no backtracking);
  6093   - removed obsolete "(simplified)" and "(stripped)" options of methods;
  6094   - undeclared rule case names default to numbers 1, 2, 3, ...;
  6095   - added 'print_induct_rules' (covered by help item in recent Proof
  6096     General versions);
  6097   - moved induct/cases attributes to Pure, methods to Provers;
  6098   - generic method setup instantiated for FOL and HOL;
  6099 
  6100 * Pure: support multiple simultaneous goal statements, for example
  6101 "have a: A and b: B" (same for 'theorem' etc.); being a pure
  6102 meta-level mechanism, this acts as if several individual goals had
  6103 been stated separately; in particular common proof methods need to be
  6104 repeated in order to cover all claims; note that a single elimination
  6105 step is *not* sufficient to establish the two conjunctions, so this
  6106 fails:
  6107 
  6108   assume "A & B" then have A and B ..   (*".." fails*)
  6109 
  6110 better use "obtain" in situations as above; alternative refer to
  6111 multi-step methods like 'auto', 'simp_all', 'blast+' etc.;
  6112 
  6113 * Pure: proper integration with ``locales''; unlike the original
  6114 version by Florian Kammller, Isar locales package high-level proof
  6115 contexts rather than raw logical ones (e.g. we admit to include
  6116 attributes everywhere); operations on locales include merge and
  6117 rename; support for implicit arguments (``structures''); simultaneous
  6118 type-inference over imports and text; see also HOL/ex/Locales.thy for
  6119 some examples;
  6120 
  6121 * Pure: the following commands have been ``localized'', supporting a
  6122 target locale specification "(in name)": 'lemma', 'theorem',
  6123 'corollary', 'lemmas', 'theorems', 'declare'; the results will be
  6124 stored both within the locale and at the theory level (exported and
  6125 qualified by the locale name);
  6126 
  6127 * Pure: theory goals may now be specified in ``long'' form, with
  6128 ad-hoc contexts consisting of arbitrary locale elements. for example
  6129 ``lemma foo: fixes x assumes "A x" shows "B x"'' (local syntax and
  6130 definitions may be given, too); the result is a meta-level rule with
  6131 the context elements being discharged in the obvious way;
  6132 
  6133 * Pure: new proof command 'using' allows to augment currently used
  6134 facts after a goal statement ('using' is syntactically analogous to
  6135 'apply', but acts on the goal's facts only); this allows chained facts
  6136 to be separated into parts given before and after a claim, as in
  6137 ``from a and b have C using d and e <proof>'';
  6138 
  6139 * Pure: renamed "antecedent" case to "rule_context";
  6140 
  6141 * Pure: new 'judgment' command records explicit information about the
  6142 object-logic embedding (used by several tools internally); no longer
  6143 use hard-wired "Trueprop";
  6144 
  6145 * Pure: added 'corollary' command;
  6146 
  6147 * Pure: fixed 'token_translation' command;
  6148 
  6149 * Pure: removed obsolete 'exported' attribute;
  6150 
  6151 * Pure: dummy pattern "_" in is/let is now automatically lifted over
  6152 bound variables: "ALL x. P x --> Q x" (is "ALL x. _ --> ?C x")
  6153 supersedes more cumbersome ... (is "ALL x. _ x --> ?C x");
  6154 
  6155 * Pure: method 'atomize' presents local goal premises as object-level
  6156 statements (atomic meta-level propositions); setup controlled via
  6157 rewrite rules declarations of 'atomize' attribute; example
  6158 application: 'induct' method with proper rule statements in improper
  6159 proof *scripts*;
  6160 
  6161 * Pure: emulation of instantiation tactics (rule_tac, cut_tac, etc.)
  6162 now consider the syntactic context of assumptions, giving a better
  6163 chance to get type-inference of the arguments right (this is
  6164 especially important for locales);
  6165 
  6166 * Pure: "sorry" no longer requires quick_and_dirty in interactive
  6167 mode;
  6168 
  6169 * Pure/obtain: the formal conclusion "thesis", being marked as
  6170 ``internal'', may no longer be reference directly in the text;
  6171 potential INCOMPATIBILITY, may need to use "?thesis" in rare
  6172 situations;
  6173 
  6174 * Pure: generic 'sym' attribute which declares a rule both as pure
  6175 'elim?' and for the 'symmetric' operation;
  6176 
  6177 * Pure: marginal comments ``--'' may now occur just anywhere in the
  6178 text; the fixed correlation with particular command syntax has been
  6179 discontinued;
  6180 
  6181 * Pure: new method 'rules' is particularly well-suited for proof
  6182 search in intuitionistic logic; a bit slower than 'blast' or 'fast',
  6183 but often produces more compact proof terms with less detours;
  6184 
  6185 * Pure/Provers/classical: simplified integration with pure rule
  6186 attributes and methods; the classical "intro?/elim?/dest?"
  6187 declarations coincide with the pure ones; the "rule" method no longer
  6188 includes classically swapped intros; "intro" and "elim" methods no
  6189 longer pick rules from the context; also got rid of ML declarations
  6190 AddXIs/AddXEs/AddXDs; all of this has some potential for
  6191 INCOMPATIBILITY;
  6192 
  6193 * Provers/classical: attribute 'swapped' produces classical inversions
  6194 of introduction rules;
  6195 
  6196 * Provers/simplifier: 'simplified' attribute may refer to explicit
  6197 rules instead of full simplifier context; 'iff' attribute handles
  6198 conditional rules;
  6199 
  6200 * HOL: 'typedef' now allows alternative names for Rep/Abs morphisms;
  6201 
  6202 * HOL: 'recdef' now fails on unfinished automated proofs, use
  6203 "(permissive)" option to recover old behavior;
  6204 
  6205 * HOL: 'inductive' no longer features separate (collective) attributes
  6206 for 'intros' (was found too confusing);
  6207 
  6208 * HOL: properly declared induction rules less_induct and
  6209 wf_induct_rule;
  6210 
  6211 
  6212 *** HOL ***
  6213 
  6214 * HOL: moved over to sane numeral syntax; the new policy is as
  6215 follows:
  6216 
  6217   - 0 and 1 are polymorphic constants, which are defined on any
  6218   numeric type (nat, int, real etc.);
  6219 
  6220   - 2, 3, 4, ... and -1, -2, -3, ... are polymorphic numerals, based
  6221   binary representation internally;
  6222 
  6223   - type nat has special constructor Suc, and generally prefers Suc 0
  6224   over 1::nat and Suc (Suc 0) over 2::nat;
  6225 
  6226 This change may cause significant problems of INCOMPATIBILITY; here
  6227 are some hints on converting existing sources:
  6228 
  6229   - due to the new "num" token, "-0" and "-1" etc. are now atomic
  6230   entities, so expressions involving "-" (unary or binary minus) need
  6231   to be spaced properly;
  6232 
  6233   - existing occurrences of "1" may need to be constraint "1::nat" or