\begin{theindex}
\item \ttall, \bold{187}
\item \texttt{?}, \bold{187}
\item \isasymuniqex, \bold{187}
\item \ttuniquex, \bold{187}
\item {\texttt {\&}}, \bold{187}
\item \verb$~$, \bold{187}
\item \verb$~=$, \bold{187}
\item \ttor, \bold{187}
\item \texttt{[]}, \bold{7}
\item \texttt{\#}, \bold{7}
\item \texttt{\at}, \bold{8}, 187
\item \isasymnotin, \bold{187}
\item \verb$~:$, \bold{187}
\item \isasymInter, \bold{187}
\item \isasymUnion, \bold{187}
\item \isasyminverse, \bold{187}
\item \verb$^-1$, \bold{187}
\item \isactrlsup{\isacharasterisk}, \bold{187}
\item \verb$^$\texttt{*}, \bold{187}
\item \isasymAnd, \bold{10}, \bold{187}
\item \ttAnd, \bold{187}
\item \isasymrightleftharpoons, 24
\item \isasymrightharpoonup, 24
\item \isasymleftharpoondown, 24
\item \emph {$\Rightarrow $}, \bold{3}
\item \ttlbr, \bold{187}
\item \ttrbr, \bold{187}
\item \texttt {\%}, \bold{187}
\item \texttt {;}, \bold{5}
\item \isa {()} (constant), 22
\item \isa {+} (tactical), 83
\item \isa {<*lex*>}, \see{lexicographic product}{1}
\item \isa {?} (tactical), 83
\item \texttt{|} (tactical), 83
\indexspace
\item \isa {0} (constant), 20, 21, 133
\item \isa {1} (symbol), 133
\item \isa {2} (symbol), 133
\indexspace
\item abandoning a proof, \bold{11}
\item abandoning a theory, \bold{14}
\item \isa {abs} (constant), 135
\item \texttt {abs}, \bold{187}
\item absolute value, 135
\item \isa {add} (modifier), 27
\item \isa {add_ac} (theorems), 134
\item \isa {add_assoc} (theorem), \bold{134}
\item \isa {add_commute} (theorem), \bold{134}
\item \isa {add_mult_distrib} (theorem), \bold{133}
\item \texttt {ALL}, \bold{187}
\item \isa {All} (constant), 93
\item \isa {allE} (theorem), \bold{65}
\item \isa {allI} (theorem), \bold{64}
\item append function, 8--12
\item \isacommand {apply} (command), 13
\item \isa {arg_cong} (theorem), \bold{80}
\item \isa {arith} (method), 21, 131
\item arithmetic operations
\subitem for \protect\isa{nat}, 21
\item \textsc {ascii} symbols, \bold{187}
\item associative-commutative function, 156
\item \isa {assumption} (method), 53
\item assumptions
\subitem of subgoal, 10
\subitem renaming, 66--67
\subitem reusing, 67
\item \isa {auto} (method), 35, 76
\item \isa {axclass}, 144--150
\item axiom of choice, 70
\item axiomatic type classes, 144--150
\indexspace
\item \isacommand {back} (command), 62
\item \isa {Ball} (constant), 93
\item \isa {ballI} (theorem), \bold{92}
\item \isa {best} (method), 76
\item \isa {Bex} (constant), 93
\item \isa {bexE} (theorem), \bold{92}
\item \isa {bexI} (theorem), \bold{92}
\item \isa {bij_def} (theorem), \bold{94}
\item bijections, 94
\item binary trees, 16
\item binomial coefficients, 93
\item bisimulations, 100
\item \isa {blast} (method), 73--74, 76
\item \isa {bool} (type), 2, 3
\item boolean expressions example, 18--20
\item \isa {bspec} (theorem), \bold{92}
\item \isacommand{by} (command), 57
\indexspace
\item \isa {card} (constant), 93
\item \isa {card_Pow} (theorem), \bold{93}
\item \isa {card_Un_Int} (theorem), \bold{93}
\item cardinality, 93
\item \isa {case} (symbol), 30, 31
\item \isa {case} expressions, 3, 4, 16
\item case distinctions, 17
\item case splits, \bold{29}
\item \isa {case_tac} (method), 17, 85, 139
\item \isa {clarify} (method), 75, 76
\item \isa {clarsimp} (method), 75, 76
\item \isa {classical} (theorem), \bold{57}
\item coinduction, \bold{100}
\item \isa {Collect} (constant), 93
\item \isa {comp_def} (theorem), \bold{96}
\item compiling expressions example, 34--36
\item \isa {Compl_iff} (theorem), \bold{90}
\item complement
\subitem of a set, 89
\item composition
\subitem of functions, \bold{94}
\subitem of relations, \bold{96}
\item conclusion
\subitem of subgoal, 10
\item conditional expressions, \see{\isa{if} expressions}{1}
\item conditional simplification rules, 29
\item \isa {cong} (attribute), 156
\item congruence rules, \bold{155}
\item \isa {conjE} (theorem), \bold{55}
\item \isa {conjI} (theorem), \bold{52}
\item \isa {Cons} (constant), 7
\item \isacommand {constdefs} (command), 23
\item \isacommand {consts} (command), 8
\item contrapositives, 57
\item converse
\subitem of a relation, \bold{96}
\item \isa {converse_iff} (theorem), \bold{96}
\item CTL, 105--110, 171--173
\indexspace
\item \isacommand {datatype} (command), 7, 36--41
\item datatypes, 15--20
\subitem and nested recursion, 38, 42
\subitem mutually recursive, 36
\subitem nested, 160
\item \isacommand {defer} (command), 14, 84
\item Definitional Approach, 24
\item definitions, \bold{23}
\subitem unfolding, \bold{28}
\item \isacommand {defs} (command), 23
\item \isa {del} (modifier), 27
\item description operators, 69--71
\item descriptions
\subitem definite, 69
\subitem indefinite, 70
\item \isa {dest} (attribute), 86
\item destruction rules, 55
\item \isa {diff_mult_distrib} (theorem), \bold{133}
\item difference
\subitem of sets, \bold{90}
\item \isa {disjCI} (theorem), \bold{58}
\item \isa {disjE} (theorem), \bold{54}
\item \isa {div} (symbol), 21
\item divides relation, 68, 79, 85--88, 134
\item division
\subitem by negative numbers, 135
\subitem by zero, 134
\subitem for type \protect\isa{nat}, 133
\item domain
\subitem of a relation, 96
\item \isa {Domain_iff} (theorem), \bold{96}
\item \isacommand {done} (command), 11
\item \isa {drule_tac} (method), 60, 80
\item \isa {dvd_add} (theorem), \bold{134}
\item \isa {dvd_anti_sym} (theorem), \bold{134}
\item \isa {dvd_def} (theorem), \bold{134}
\indexspace
\item \isa {elim!} (attribute), 115
\item elimination rules, 53--54
\item \isacommand {end} (command), 12
\item \isa {Eps} (constant), 93
\item equality, 3
\subitem of functions, \bold{93}
\subitem of records, 143
\subitem of sets, \bold{90}
\item \isa {equalityE} (theorem), \bold{90}
\item \isa {equalityI} (theorem), \bold{90}
\item \isa {erule} (method), 54
\item \isa {erule_tac} (method), 60
\item Euclid's algorithm, 85--88
\item even numbers
\subitem defining inductively, 111--115
\item \texttt {EX}, \bold{187}
\item \isa {Ex} (constant), 93
\item \isa {exE} (theorem), \bold{66}
\item \isa {exI} (theorem), \bold{66}
\item \isa {ext} (theorem), \bold{93}
\item extensionality
\subitem for functions, \bold{93, 94}
\subitem for records, 143
\subitem for sets, \bold{90}
\item \ttEXU, \bold{187}
\indexspace
\item \isa {False} (constant), 3
\item \isa {fast} (method), 76, 108
\item Fibonacci function, 44
\item \isa {finite} (symbol), 93
\item \isa {Finites} (constant), 93
\item fixed points, 100
\item flags, 3, 4, 31
\subitem setting and resetting, 3
\item \isa {force} (method), 75, 76
\item formulae, 3
\item forward proof, 76--82
\item \isa {frule} (method), 67
\item \isa {frule_tac} (method), 60
\item \isa {fst} (constant), 22
\item function types, 3
\item functions, 93--95
\subitem partial, 162
\subitem total, 9, 44--50
\subitem underdefined, 163
\indexspace
\item \isa {gcd} (constant), 77--78, 85--88
\item generalizing for induction, 113
\item generalizing induction formulae, 32
\item Girard, Jean-Yves, \fnote{55}
\item Gordon, Mike, 1
\item grammars
\subitem defining inductively, 124--129
\item ground terms example, 119--124
\indexspace
\item \isa {hd} (constant), 15, 35
\item Hilbert's $\varepsilon$-operator, 70
\item HOLCF, 41
\item Hopcroft, J. E., 129
\item \isa {hypreal} (type), 137
\indexspace
\item \isa {Id_def} (theorem), \bold{96}
\item \isa {id_def} (theorem), \bold{94}
\item identifiers, \bold{4}
\subitem qualified, \bold{2}
\item identity function, \bold{94}
\item identity relation, \bold{96}
\item \isa {if} expressions, 3, 4
\subitem simplification of, 31
\subitem splitting of, 29, 47
\item if-and-only-if, 3
\item \isa {iff} (attribute), 74, 86, 114
\item \isa {iffD1} (theorem), \bold{78}
\item \isa {iffD2} (theorem), \bold{78}
\item image
\subitem under a function, \bold{95}
\subitem under a relation, \bold{96}
\item \isa {image_def} (theorem), \bold{95}
\item \isa {Image_iff} (theorem), \bold{96}
\item \isa {impI} (theorem), \bold{56}
\item implication, 56--57
\item \isa {ind_cases} (method), 115
\item \isa {induct_tac} (method), 10, 17, 50, 170
\item induction, 166--173
\subitem complete, 168
\subitem deriving new schemas, 170
\subitem on a term, 167
\subitem recursion, 49--50
\subitem structural, 17
\subitem well-founded, 99
\item induction heuristics, 31--33
\item \isacommand {inductive} (command), 111
\item inductive definition
\subitem simultaneous, 125
\item inductive definitions, 111--129
\item \isacommand {inductive\_cases} (command), 115, 123
\item infinitely branching trees, 40
\item \isacommand{infixr} (annotation), 8
\item \isa {inj_on_def} (theorem), \bold{94}
\item injections, 94
\item \isa {insert} (constant), 91
\item \isa {insert} (method), 81--82
\item instance, \bold{145}
\item \texttt {INT}, \bold{187}
\item \texttt {Int}, \bold{187}
\item \isa {int} (type), 135
\item \isa {INT_iff} (theorem), \bold{92}
\item \isa {IntD1} (theorem), \bold{89}
\item \isa {IntD2} (theorem), \bold{89}
\item integers, 135
\item \isa {INTER} (constant), 93
\item \texttt {Inter}, \bold{187}
\item \isa {Inter_iff} (theorem), \bold{92}
\item intersection, 89
\subitem indexed, 92
\item \isa {IntI} (theorem), \bold{89}
\item \isa {intro} (method), 58
\item \isa {intro!} (attribute), 112
\item \isa {intro_classes} (method), 145
\item introduction rules, 52--53
\item \isa {inv} (constant), 70
\item \isa {inv_image_def} (theorem), \bold{99}
\item inverse
\subitem of a function, \bold{94}
\subitem of a relation, \bold{96}
\item inverse image
\subitem of a function, 95
\subitem of a relation, 98
\item \isa {itrev} (constant), 32
\indexspace
\item \isacommand {kill} (command), 14
\indexspace
\item $\lambda$ expressions, 3
\item LCF, 41
\item \isa {LEAST} (symbol), 21, 69
\item least number operator, \see{\protect\isa{LEAST}}{69}
\item \isacommand {lemma} (command), 11
\item \isacommand {lemmas} (command), 77, 86
\item \isa {length} (symbol), 16
\item \isa {length_induct}, \bold{170}
\item \isa {less_than} (constant), 98
\item \isa {less_than_iff} (theorem), \bold{98}
\item \isa {let} expressions, 3, 4, 29
\item \isa {Let_def} (theorem), 29
\item \isa {lex_prod_def} (theorem), \bold{99}
\item lexicographic product, \bold{99}, 158
\item {\texttt{lfp}}
\subitem applications of, \see{CTL}{100}
\item linear arithmetic, 20--22, 131
\item \isa {List} (theory), 15
\item \isa {list} (type), 2, 7, 15
\item \isa {list.split} (theorem), 30
\item \isa {lists_mono} (theorem), \bold{121}
\item Lowe, Gavin, 176--177
\indexspace
\item \isa {Main} (theory), 2
\item major premise, \bold{59}
\item \isa {max} (constant), 21, 22
\item measure functions, 45, 98
\item \isa {measure_def} (theorem), \bold{99}
\item meta-logic, \bold{64}
\item methods, \bold{14}
\item \isa {min} (constant), 21, 22
\item \isa {mod} (symbol), 21
\item \isa {mod_div_equality} (theorem), \bold{133}
\item \isa {mod_mult_distrib} (theorem), \bold{133}
\item model checking example, 100--110
\item \emph{modus ponens}, 51, 56
\item \isa {mono_def} (theorem), \bold{100}
\item monotone functions, \bold{100}, 123
\subitem and inductive definitions, 121--122
\item \isa {more} (constant), 140, 141
\item \isa {mp} (theorem), \bold{56}
\item \isa {mult_ac} (theorems), 134
\item multiple inheritance, \bold{149}
\item multiset ordering, \bold{99}
\indexspace
\item \isa {nat} (type), 2, 20, 133--134
\item \isa {nat_less_induct} (theorem), 168
\item natural deduction, 51--52
\item natural numbers, 20, 133--134
\item Needham-Schroeder protocol, 175--177
\item negation, 57--59
\item \isa {Nil} (constant), 7
\item \isa {no_asm} (modifier), 27
\item \isa {no_asm_simp} (modifier), 27
\item \isa {no_asm_use} (modifier), 27
\item non-standard reals, 137
\item \isa {None} (constant), \bold{22}
\item \isa {notE} (theorem), \bold{57}
\item \isa {notI} (theorem), \bold{57}
\item numbers, 131--137
\item numeric literals, 132
\subitem for type \protect\isa{nat}, 133
\subitem for type \protect\isa{real}, 136
\indexspace
\item \isa {O} (symbol), 96
\item \texttt {o}, \bold{187}
\item \isa {o_def} (theorem), \bold{94}
\item \isa {OF} (attribute), 79--80
\item \isa {of} (attribute), 77, 80
\item \isa {only} (modifier), 27
\item \isacommand {oops} (command), 11
\item \isa {option} (type), \bold{22}
\item ordered rewriting, \bold{156}
\item overloading, 21, 144--146
\subitem and arithmetic, 132
\indexspace
\item pairs and tuples, 22, 137--140
\item parent theories, \bold{2}
\item pattern matching
\subitem and \isacommand{recdef}, 45
\item patterns
\subitem higher-order, \bold{157}
\item PDL, 102--104
\item \isacommand {pr} (command), 14, 84
\item \isacommand {prefer} (command), 14, 84
\item primitive recursion, \see{recursion, primitive}{1}
\item \isacommand {primrec} (command), 8, 16, 36--41
\item product type, \see{pairs and tuples}{1}
\item Proof General, \bold{5}
\item proof state, 10
\item proofs
\subitem abandoning, \bold{11}
\subitem examples of failing, 71--73
\item protocols
\subitem security, 175--185
\indexspace
\item quantifiers, 3
\subitem and inductive definitions, 119--121
\subitem existential, 66
\subitem for sets, 92
\subitem instantiating, 68
\subitem universal, 63--66
\indexspace
\item \isa {r_into_rtrancl} (theorem), \bold{96}
\item \isa {r_into_trancl} (theorem), \bold{97}
\item range
\subitem of a function, 95
\subitem of a relation, 96
\item \isa {range} (symbol), 95
\item \isa {Range_iff} (theorem), \bold{96}
\item \isa {Real} (theory), 137
\item \isa {real} (type), 136--137
\item real numbers, 136--137
\item \isacommand {recdef} (command), 44--50, 98, 158--166
\subitem and numeric literals, 132
\item \isa {recdef_cong} (attribute), 162
\item \isa {recdef_simp} (attribute), 46
\item \isa {recdef_wf} (attribute), 160
\item \isacommand {record} (command), 140
\item \isa {record_split} (method), 143
\item records, 140--144
\subitem extensible, 141--142
\item recursion
\subitem guarded, 163
\subitem primitive, 16
\subitem well-founded, \bold{159}
\item recursion induction, 49--50
\item \isacommand {redo} (command), 14
\item reflexive and transitive closure, 96--98
\item reflexive transitive closure
\subitem defining inductively, 116--119
\item relations, 95--98
\subitem well-founded, 98--99
\item \isa {rename_tac} (method), 66--67
\item \isa {rev} (constant), 8--12, 32
\item rewrite rules, \bold{25}
\subitem permutative, \bold{156}
\item rewriting, \bold{25}
\item \isa {rotate_tac} (method), 28
\item \isa {rtrancl_refl} (theorem), \bold{96}
\item \isa {rtrancl_trans} (theorem), \bold{96}
\item rule induction, 112--114
\item rule inversion, 114--115, 123--124
\item \isa {rule_format} (attribute), 167
\item \isa {rule_tac} (method), 60
\subitem and renaming, 67
\indexspace
\item \isa {safe} (method), 75, 76
\item safe rules, \bold{74}
\item \isa {set} (type), 2, 89
\item set comprehensions, 91--92
\item \isa {set_ext} (theorem), \bold{90}
\item sets, 89--93
\subitem finite, 93
\subitem notation for finite, \bold{91}
\item settings, \see{flags}{1}
\item \isa {show_brackets} (flag), 4
\item \isa {show_types} (flag), 3, 14
\item \isa {simp} (attribute), 9, 26
\item \isa {simp} (method), \bold{26}
\item \isa {simp} del (attribute), 26
\item \isa {simp_all} (method), 26, 35
\item simplification, 25--31, 155--158
\subitem of \isa{let}-expressions, 29
\subitem with definitions, 28
\subitem with/of assumptions, 27
\item simplification rule, 157--158
\item simplification rules, 26
\subitem adding and deleting, 27
\item \isa {simplified} (attribute), 77, 80
\item \isa {size} (constant), 15
\item \isa {snd} (constant), 22
\item \isa {SOME} (symbol), 70
\item \texttt {SOME}, \bold{187}
\item \isa {Some} (constant), \bold{22}
\item \isa {some_equality} (theorem), \bold{70}
\item \isa {someI} (theorem), \bold{70}
\item \isa {someI2} (theorem), \bold{70}
\item \isa {someI_ex} (theorem), \bold{71}
\item sorts, 150
\item \isa {spec} (theorem), \bold{64}
\item \isa {split} (attribute), 30
\item \isa {split} (constant), 137
\item \isa {split} (method), 29, 138
\item \isa {split} (modifier), 30
\item split rule, \bold{30}
\item \isa {split_if} (theorem), 30
\item \isa {split_if_asm} (theorem), 30
\item \isa {ssubst} (theorem), \bold{61}
\item structural induction, \see{induction, structural}{1}
\item subclasses, 144, 148
\item subgoal numbering, 44
\item \isa {subgoal_tac} (method), 82
\item subgoals, 10
\item subset relation, \bold{90}
\item \isa {subsetD} (theorem), \bold{90}
\item \isa {subsetI} (theorem), \bold{90}
\item \isa {subst} (method), 61
\item substitution, 61--63
\item \isa {Suc} (constant), 20
\item \isa {surj_def} (theorem), \bold{94}
\item surjections, 94
\item \isa {sym} (theorem), \bold{78}
\item syntax, 4, 9
\item syntax translations, 24
\indexspace
\item tacticals, 83
\item tactics, 10
\item \isacommand {term} (command), 14
\item term rewriting, \bold{25}
\item termination, \see{functions, total}{1}
\item terms, 3
\item \isa {THE} (symbol), 69
\item \isa {the_equality} (theorem), \bold{69}
\item \isa {THEN} (attribute), \bold{78}, 80, 86
\item \isacommand {theorem} (command), \bold{9}, 11
\item theories, 2
\subitem abandoning, \bold{14}
\item \isacommand {theory} (command), 14
\item theory files, 2
\item \isacommand {thm} (command), 14
\item \isa {tl} (constant), 15
\item \isa {ToyList} example, 7--13
\item \isa {trace_simp} (flag), 31
\item tracing the simplifier, \bold{31}
\item \isa {trancl_trans} (theorem), \bold{97}
\item transition systems, 101
\item \isacommand {translations} (command), 24
\item tries, 41--44
\item \isa {True} (constant), 3
\item tuples, \see{pairs and tuples}{1}
\item \isacommand {typ} (command), 14
\item type constraints, \bold{4}
\item type constructors, 2
\item type inference, \bold{3}
\item type synonyms, 23
\item type variables, 3
\item \isacommand {typedecl} (command), 101, 150
\item \isacommand {typedef} (command), 151--154
\item types, 2--3
\subitem declaring, 150--151
\subitem defining, 151--154
\item \isacommand {types} (command), 23
\indexspace
\item Ullman, J. D., 129
\item \texttt {UN}, \bold{187}
\item \texttt {Un}, \bold{187}
\item \isa {UN_E} (theorem), \bold{92}
\item \isa {UN_I} (theorem), \bold{92}
\item \isa {UN_iff} (theorem), \bold{92}
\item \isa {Un_subset_iff} (theorem), \bold{90}
\item \isacommand {undo} (command), 14
\item unification, 60--63
\item \isa {UNION} (constant), 93
\item \texttt {Union}, \bold{187}
\item union
\subitem indexed, 92
\item \isa {Union_iff} (theorem), \bold{92}
\item \isa {unit} (type), 22
\item unknowns, 4, \bold{52}
\item unsafe rules, \bold{74}
\item updating a function, \bold{93}
\indexspace
\item variables, 4--5
\subitem schematic, 4
\subitem type, 3
\item \isa {vimage_def} (theorem), \bold{95}
\indexspace
\item Wenzel, Markus, vii
\item \isa {wf_induct} (theorem), \bold{99}
\item \isa {wf_inv_image} (theorem), \bold{99}
\item \isa {wf_less_than} (theorem), \bold{98}
\item \isa {wf_lex_prod} (theorem), \bold{99}
\item \isa {wf_measure} (theorem), \bold{99}
\item \isa {wf_subset} (theorem), 160
\item \isa {while} (constant), 165
\item \isa {While_Combinator} (theory), 165
\item \isa {while_rule} (theorem), 165
\indexspace
\item \isa {zadd_ac} (theorems), 135
\item \isa {zmult_ac} (theorems), 135
\end{theindex}