# HG changeset patch # User Lukas Stevens # Date 1664534492 -7200 # Node ID 2aad8698f82fc43a81ea21ac827fb740fd78476b # Parent fb2be77a7819e77630d6e327471ec908af7dfdcb tweaked diff -r fb2be77a7819 -r 2aad8698f82f NEWS --- a/NEWS Fri Sep 30 09:27:25 2022 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,17146 +0,0 @@ -Isabelle NEWS -- history of user-relevant changes -================================================= - -(Note: Isabelle/jEdit shows a tree-view of the NEWS file in Sidekick.) - - -New in Isabelle2022 (October 2022) ----------------------------------- - -*** General *** - -* The instantiation of schematic goals is now displayed explicitly as a -list of variable assignments. This works for proof state output, and at -the end of a toplevel proof. In rare situations, a proof command or -proof method may violate the intended goal discipline, by not producing -an instance of the original goal, but there is only a warning, no hard -error. - -* Session ROOT files support 'chapter_definition' entries (optional). -This allows to associate additional information as follows: - - - "chapter_definition NAME (GROUPS)" to make all sessions that belong - to this chapter members of the given groups - - - "chapter_definition NAME description TEXT" to provide a description - for presentation purposes - -* Old-style {* verbatim *} tokens have been discontinued (legacy feature -since Isabelle2019). INCOMPATIBILITY, use \cartouche\ syntax instead. - - -*** Isabelle/jEdit Prover IDE *** - -* Command 'print_state' outputs a plain message, i.e. "writeln" instead -of "state". Thus it is displayed in the Output panel, even if the option -"editor_output_state" is disabled. - - -*** Isabelle/VSCode Prover IDE *** - -* VSCodium, an open-source distribution of VSCode without MS telemetry, -has been bundled with Isabelle as add-on component. The command-line -tool "isabelle vscode" automatically configures it as Isabelle/VSCode -and starts the application. This includes special support for the -UTF-8-Isabelle encoding and the corresponding Isabelle fonts. - -* Command-line tools "isabelle electron" and "isabelle node" provide -access to the underlying technologies of VSCodium, for use in other -applications. This essentially provides a freely programmable Chromium -browser engine that works uniformly on all platforms. - -Example: - - URL="https://isabelle.in.tum.de" isabelle electron \ - --app="$(isabelle getenv -b ISABELLE_HOME)"/src/Tools/Electron/test - - -*** HTML/PDF presentation *** - -* Management of dependencies has become more robust and accurate, -following the session build hierarchy, and the up-to-date notion of -"isabelle build". Changed sessions and updated builds will cause new -HTML presentation, when that is enabled eventually. Unchanged sessions -retain their HTML output that is already present. Thus HTML presentation -for basic sessions like "HOL" and "HOL-Analysis" is produced at most -once, as required by user sessions. - -* HTML presentation no longer supports README.html, which was meant as -add-on to the index.html of a session. Rare INCOMPATIBILITY, consider -using a separate theory "README" with Isabelle document markup/markdown. - -* ML files (and other auxiliary files) are presented with detailed -hyperlinks, just like regular theory sources. - -* Support for external hyperlinks (URLs). - -* Support for internal hyperlinks to files that belong formally to the -presented session. - - -*** HOL *** - -* HOL record types: new simproc that sorts update expressions, guarded -by configuration option "record_sort_updates" (default: false). Some -examples are in theory "HOL-Examples.Records". - -* Meson: added support for polymorphic "using" facts. Minor -INCOMPATIBILITY. - -* Moved auxiliary computation constant "divmod_nat" to theory -"HOL.Euclidean_Division". Minor INCOMPATIBILITY. - -* Renamed attribute "arith_split" to "linarith_split". Minor -INCOMPATIBILITY. - -* Theory "HOL.Rings": rule split_of_bool_asm is not split any longer, -analogously to split_if_asm. INCOMPATIBILITY. - -* Theory "HOL.Bit_Operations": rule bit_0 is not default [simp] any -longer. INCOMPATIBILITY. - -* Streamlined primitive definitions of division and modulus on integers. -INCOMPATIBILITY. - -* Theory "HOL.Fun": - - Added predicate monotone_on and redefined monotone to be an - abbreviation. Lemma monotone_def is explicitly provided for backward - compatibility but its usage is discouraged. Minor INCOMPATIBILITY. - - Changed argument order of mono_on and strict_mono_on to uniformize - with monotone_on and the general "characterizing set at the beginning - of predicates" preference. Also change them to be abbreviations - of monotone_of. Lemmas mono_on_def and strict_mono_on_def are - explicitly provided for backward compatibility but their usage is - discouraged. INCOMPATIBILITY. - - Move mono, strict_mono, antimono, and relevant lemmas to Fun theory. - Also change them to be abbreviations of mono_on, strict_mono_on, - and monotone, respectively. Lemmas mono_def, strict_mono_def, and - antimono_def are explicitly provided for backward compatibility but - their usage is discouraged. Minor INCOMPATIBILITY. - - Added lemmas. - monotone_onD - monotone_onI - monotone_on_empty[simp] - monotone_on_o - monotone_on_subset - -* Theory "HOL.Relation": - - Added predicate reflp_on and redefined reflp to be an abbreviation. - Lemma reflp_def is explicitly provided for backward compatibility - but its usage is discouraged. Minor INCOMPATIBILITY. - - Added predicate totalp_on and abbreviation totalp. - - Replaced HOL.implies by Pure.imp in lemma reflp_mono for consistency - with other lemmas. Minor INCOMPATIBILITY. - - Added lemmas. - preorder.asymp_greater - preorder.asymp_less - reflp_onD - reflp_onI - reflp_on_Inf - reflp_on_Sup - reflp_on_empty[simp] - reflp_on_inf - reflp_on_mono - reflp_on_subset - reflp_on_sup - total_on_subset - totalpD - totalpI - totalp_onD - totalp_onI - totalp_on_empty[simp] - totalp_on_subset - totalp_on_total_on_eq[pred_set_conv] - -* Theory "HOL.Transitive_Closure": - - Added lemmas. - total_on_trancl - totalp_on_tranclp - -* New theory "HOL-Library.NList" of fixed length lists. - -* New Theory "HOL-Library.Code_Abstract_Char" implements characters by -target language integers, sacrificing pattern patching in exchange for -dramatically increased performance for comparisons. - -* Theory "HOL-Library.Char_ord": streamlined logical specifications. -Minor INCOMPATIBILITY. - -* Theory "HOL-Library.Multiset": - - Consolidated operation and fact names. - multp ~> multp_code - multeqp ~> multeqp_code - multp_cancel_add_mset ~> multp_cancel_add_mset0 - multp_cancel_add_mset0[simplified] ~> multp_cancel_add_mset - multp_code_iff ~> multp_code_iff_mult - multeqp_code_iff ~> multeqp_code_iff_reflcl_mult - Minor INCOMPATIBILITY. - - Moved mult1_lessE out of preorder type class and add explicit - assumption. Minor INCOMPATIBILITY. - - Added predicate multp equivalent to set mult. Reuse name previously - used for what is now called multp_code. Minor INCOMPATIBILITY. - - Lifted multiple lemmas from mult to multp. - - Redefined less_multiset to be based on multp. INCOMPATIBILITY. - - Added lemmas. - Multiset.bex_greatest_element - Multiset.bex_least_element - filter_mset_cong - filter_mset_cong0 - image_mset_eq_image_mset_plusD - image_mset_eq_plusD - image_mset_eq_plus_image_msetD - image_mset_filter_mset_swap - monotone_multp_multp_image_mset - monotone_on_multp_multp_image_mset - multp_image_mset_image_msetD - -* Theory "HOL-Library.Sublist": added lemma map_mono_strict_suffix. - -* Theory "HOL-ex.Sum_of_Powers" has been deleted. The same material is -in the AFP as Bernoulli. - -* Session HOL-Algebra: some facts have been renamed to avoid fact name -clashes on interpretation: - - is_ring ~> ring_axioms - cring ~> cring_axioms - R_def ~> R_m_def - -INCOMPATIBILITY. - -* Nitpick: To avoid technical issues, prefer non-JNI solvers to JNI -solvers by default. Minor INCOMPATIBILITY. - -* Sledgehammer: - - Redesigned multithreading to provide more fine grained prover - schedules. The binary option 'slice' has been replaced by a numeric - value 'slices' indicating the number of desired slices. Stronger - provers can now be run by more than one thread simultaneously. The - new option 'max_proofs' controls the number of proofs shown. - INCOMPATIBILITY. - - Introduced sledgehammer_outcome data type and changed return type of - ML function Sledgehammer.run_sledgehammer from "bool * (string * - string list)" to "bool * (sledgehammer_outcome * string)". The - former value can be recomputed with "apsnd (ATP_Util.map_prod - Sledgehammer.short_string_of_sledgehammer_outcome single)". - INCOMPATIBILITY. - - Added support for TX0 and TX1 TPTP formats and $ite/$let expressions - in TH0 and TH1. - - Added support for cvc5. - - Generate Isar proofs by default when and only when the one-liner - proof fails to replay and the Isar proof succeeds. - - Replaced option "sledgehammer_atp_dest_dir" by - "sledgehammer_atp_problem_dest_dir", for problem files, and - "sledgehammer_atp_proof_dest_dir", for proof files. Minor - INCOMPATIBILITY. - - Removed support for experimental prover 'z3_tptp'. - - The fastest successfully preplayed proof is always suggested. - - All SMT solvers but Z3 now resort to suggest (smt (verit)) when no - proof could be preplayed. - - Added new "some_preplayed" value to "expect" option to specify that - some successfully preplayed proof is expected. This is in contrast - to the "some" value which doesn't specify whether preplay succeeds - or not. - -* Mirabelle: - - Replaced sledgehammer option "keep" by "keep_probs", for problems - files, and "keep_proofs" for proof files. Minor INCOMPATIBILITY. - - Added option "-r INT" to randomize the goals with a given 64-bit - seed before selection. - - Added option "-y" for a dry run. - - Renamed run_action to run in Mirabelle.action record. Minor - INCOMPATIBILITY. - - Run the actions on goals before commands "unfolding" and "using". - -* (Co)datatype package: - - BNFs now require a strict cardinality bound (o). - Minor INCOMPATIBILITY for existing manual BNF declarations. - - Lemma map_ident_strong is now generated for all BNFs. - -* More ambitious minimization of case expressions in generated code. - -* Code generation for Scala: type annotations in pattern bindings are -printed in a way suitable for Scala 3. - - -*** ML *** - -* Type Bytes.T supports scalable byte strings, beyond the limit of -String.maxSize (approx. 64 MB on 64_32 architecture). - -* Operations for XZ compression (via Isabelle/Scala): - - XZ.compress: Bytes.T -> Bytes.T - XZ.uncompress: Bytes.T -> Bytes.T - - -*** System *** - -* Isabelle/Scala is now based on Scala 3. This is a completely different -compiler ("dotty") and a quite different source language (we are using -the classic Java-style syntax, not the new Python-style syntax). -Occasional INCOMPATIBILITY, see also the official Scala documentation -https://docs.scala-lang.org/scala3/guides/migration/compatibility-intro.html - -* External Isabelle tools implemented as .scala scripts are no longer -supported. INCOMPATIBILITY, instead provide a proper Isabelle/Scala -module with etc/build.props and "services" for a suitable class instance -of isabelle.Isabelle_Scala_Tools. For example, see -$ISABELLE_HOME/etc/build.props and its isabelle.Tools, which defines the -standard Isabelle tools. - -* The session build database now maintains an additional "uuid" column -to identity the original build process uniquely. Thus other tools may -dependent symbolically on a particular build instance. - -* Command-line tool "isabelle build_docker" supports Docker within Snap -more robustly; see also option -W. - -* Command-line tool "isabelle scala_project" supports Gradle as -alternative to Maven: either option -G or -M needs to be specified -explicitly. This increases the chances that the Java/Scala IDE project -works properly. - -* Command-line tool "isabelle hg_sync" synchronizes the working -directory of a local Mercurial repository with a target directory, using -rsync notation for destinations. - -* Command-line tool "isabelle sync" synchronizes Isabelle + AFP -repositories with a target directory, based on "isabelle hg_sync". Local -jars and sessions images may be uploaded as well, to avoid redundant -builds on the remote side. This tool requires a Mercurial clone of the -Isabelle repository: a regular download of the distribution will not -work! - -* Command-line tool "isabelle log" has been refined to support multiple -sessions, and to match messages against regular expressions (using Java -Pattern syntax). - -* System option "show_states" controls output of toplevel command states -(notably proof states) in batch-builds; in interactive mode this is -always done on demand. The option is relevant for tools that operate on -exported PIDE markup, e.g. document presentation or diagnostics. For -example: - - isabelle build -o show_states FOL-ex - isabelle log -v -U FOL-ex - -Option "show_states" is also the default for the configuration option -"show_results" within the formal context. - -Note that printing intermediate states may cause considerable slowdown -in building a session. - -* Session ROOT entries support 'export_classpath' to augment the -Java/Scala name space for tools that allow dynamic loading of service -classes within a session context. A notable example is document -preparation, which works via the class isabelle.Document_Build.Engine -and is configured by the corresponding system option "document_build". -The Isabelle/Isar command 'scala_build_generated_files' helps to produce -a suitable .jar module for inclusion via 'export_classpath'. - -* Isabelle/Scala SSH connections now use regular OpenSSH executables -from the local system: ssh, scp, sftp; the old ssh-java component has -been discontinued. This has various practical consequences: - - - Authentication and configuration works accurately via the official - .ssh/known_hosts and .ssh/config files. - - - Host connections are usually shared (via multiplexed channels), to - reduce the overhead for multiple commands. This also works for SSH - connections for rsync (e.g. "isabelle sync"). Windows/Cygwin does - not support multiplexing: the functionality should be the same, but - slower, with a new connection for each command. - - - Multiple hops via "bastion hosts" can be easily configured in - .ssh/config via ProxyJump declarations. The former Isabelle/Scala - parameters for proxy_host etc. have been discontinued: minor - INCOMPATIBILITY. - -* The MLton compiler for x86_64-linux has been bundled as Isabelle -component, since Ubuntu 22.04 no longer provides a suitable package. -Note that on macOS, MLton is readily available via Homebrew: -https://formulae.brew.sh/formula/mlton - -The Isabelle settings refer to an executable "$ISABELLE_MLTON" and -command-line options $ISABELLE_MLTON_OPTIONS, which need to fit -together. Potential INCOMPATIBILITY for existing -$ISABELLE_HOME_USER/etc/settings. - - - -New in Isabelle2021-1 (December 2021) -------------------------------------- - -*** General *** - -* The Isabelle/Haskell library ($ISABELLE_HOME/src/Tools/Haskell) has -been significantly improved. In particular, module Isabelle.Bytes -provides type Bytes for light-weight byte strings (with optional UTF8 -interpretation), similar to type string in Isabelle/ML. Isabelle symbols -now work uniformly in Isabelle/Haskell vs. Isabelle/ML vs. -Isabelle/Scala/PIDE. - -* Configuration option "show_results" controls output of final results -in commands like 'definition' or 'theorem'. Output is normally enabled -in interactive mode, but it could occasionally cause unnecessary -slowdown. It can be disabled like this: - - context notes [[show_results = false]] - begin - definition "test = True" - theorem test by (simp add: test_def) - end - -* Theory_Data / Generic_Data: "val extend = I" has been removed; -obsolete since Isabelle2021. - -* More symbol definitions for the Z Notation (Isabelle fonts and LaTeX). -See also the group "Z Notation" in the Symbols dockable of -Isabelle/jEdit. - - -*** Isar *** - -* Commands 'syntax' and 'no_syntax' now work in a local theory context, -but in contrast to 'notation' and 'no_notation' there is no proper way -to refer to local entities. Note that local syntax works well with -'bundle', e.g. see "lattice_syntax" vs. "no_lattice_syntax" in theory -Main of Isabelle/HOL. - -* The improper proof command 'guess' is no longer part of by Pure, but -provided by the separate theory "Pure-ex.Guess". INCOMPATIBILITY, -existing applications need to import session "Pure-ex" and theory -"Pure-ex.Guess". Afterwards it is usually better eliminate the 'guess' -command, using explicit 'obtain' instead. - -* More robust 'proof' outline for method "induct": support nested cases. - - -*** Isabelle/jEdit Prover IDE *** - -* The main plugin for Isabelle/jEdit can be deactivated and reactivated -as documented --- was broken at least since Isabelle2018. - -* Isabelle/jEdit is now composed more conventionally from the original -jEdit text editor in $JEDIT_HOME (with minor patches), plus two Isabelle -plugins that are produced in $JEDIT_SETTINGS/jars on demand. The main -isabelle.jedit module is now part of Isabelle/Scala (as one big -$ISABELLE_SCALA_JAR). - -* Add-on components may provide their own jEdit plugins, via the new -Scala/Java module concept: instances of class -isabelle.Scala_Project.Plugin that are declared as "services" within -etc/build.props are activated on Isabelle/jEdit startup. E.g. see -existing isabelle.jedit.JEdit_Plugin0 (for isabelle_jedit_base.jar) and -isabelle.jedit.JEdit_Plugin1 (for isabelle_jedit_main.jar). - -* Support for built-in font substitution of jEdit text area. - - -*** Document preparation *** - -* HTML presentation now includes links to formal entities. - -* High-quality blackboard-bold symbols from font "txmia" (LaTeX package -"pxfonts"): \\\\\\\\\\\\\\\\\\\\\\\\\\. - -* More predefined symbols: \ \ \ (package "stmaryrd"), \ \ (LaTeX -package "pifont"). - -* Document antiquotations for ML text have been refined: "def" and "ref" -variants support index entries, e.g. @{ML} (no entry) vs. @{ML_def} -(bold entry) vs. @{ML_ref} (regular entry); @{ML_type} supports explicit -type arguments for constructors (only relevant for index), e.g. -@{ML_type \'a list\} vs. @{ML_type 'a \list\}; @{ML_op} has been renamed -to @{ML_infix}. Minor INCOMPATIBILITY concerning name and syntax. - -* Option "document_logo" determines if an instance of the Isabelle logo -should be created in the document output directory. The given string -specifies the name of the logo variant, while "_" (underscore) refers to -the unnamed variant. The output file name is always "isabelle_logo.pdf". - -* Option "document_build" determines the document build engine, as -defined in Isabelle/Scala (as system service). The subsequent engines -are provided by the Isabelle distribution: - - - "lualatex" (default): use ISABELLE_LUALATEX for a standard LaTeX - build with optional ISABELLE_BIBTEX and ISABELLE_MAKEINDEX - - - "pdflatex": as above, but use ISABELLE_PDFLATEX (legacy mode for - special LaTeX styles) - - - "build": delegate to the executable "./build pdf" - -The presence of a "build" command within the document output directory -explicitly requires document_build=build. Minor INCOMPATIBILITY, need to -adjust session ROOT options. - -* Option "document_comment_latex" enables regular LaTeX comment.sty, -instead of the historic version for plain TeX (default). The latter is -much faster, but in conflict with LaTeX classes like Dagstuhl LIPIcs. - -* Option "document_echo" informs about document file names during -session presentation. - -* Option "document_heading_prefix" specifies a prefix for the LaTeX -macro names generated from document heading commands like 'chapter', -'section' etc. The default is "isamarkup", so 'section' becomes -"\isamarkupsection" for example. - -* The command-line tool "isabelle latex" has been discontinued, -INCOMPATIBILITY for old document build scripts. - - - Former "isabelle latex -o sty" has become obsolete: Isabelle .sty - files are automatically generated within the document output - directory. - - - Former "isabelle latex -o pdf" should be replaced by - "$ISABELLE_LUALATEX root" or "$ISABELLE_PDFLATEX root" (without - quotes), according to the intended LaTeX engine. - - - Former "isabelle latex -o bbl" should be replaced by - "$ISABELLE_BIBTEX root" (without quotes). - - - Former "isabelle latex -o idx" should be replaced by - "$ISABELLE_MAKEINDEX root" (without quotes). - -* Option "document_bibliography" explicitly enables the use of bibtex; -the default is to check the presence of root.bib, but it could have a -different name. - -* Improved LaTeX typesetting of \...\ using \guilsinglleft ... -\guilsinglright. INCOMPATIBILITY, need to use \usepackage[T1]{fontenc} -(which is now also the default in "isabelle mkroot"). - -* Simplified typesetting of \...\ using \guillemotleft ... -\guillemotright from \usepackage[T1]{fontenc} --- \usepackage{babel} is -no longer required. - - -*** Pure *** - -* "global_interpretation" is applicable in instantiation and overloading -targets and in any nested target built on top of a target supporting -"global_interpretation". - - -*** HOL *** - -* New order prover. - -* Theorems "antisym" and "eq_iff" in class "order" have been renamed to -"order.antisym" and "order.eq_iff", to coexist locally with "antisym" -and "eq_iff" from locale "ordering". INCOMPATIBILITY: significant -potential for change can be avoided if interpretations of type class -"order" are replaced or augmented by interpretations of locale -"ordering". - -* Theorem "swap_def" now is always qualified as "Fun.swap_def". Minor -INCOMPATIBILITY; note that for most applications less elementary lemmas -exists. - -* Lemma "permutes_induct" has been given stronger hypotheses and named -premises. INCOMPATIBILITY. - -* Combinator "Fun.swap" resolved into a mere input abbreviation in -separate theory "Transposition" in HOL-Combinatorics. INCOMPATIBILITY. - -* Theory Bit_Operations is now part of HOL-Main. Minor INCOMPATIBILITY. - -* Infix syntax for bit operations AND, OR, XOR, NOT is now organized in -bundle bit_operations_syntax. INCOMPATIBILITY. - -* Bit operations set_bit, unset_bit and flip_bit are now class -operations. INCOMPATIBILITY. - -* Simplified class hierarchy for bit operations: bit operations reside -in classes (semi)ring_bit_operations, class semiring_bit_shifts is gone. - -* Consecutive conversions to and from words are not collapsed in any -case: rules unsigned_of_nat, unsigned_of_int, signed_of_int, -signed_of_nat, word_of_nat_eq_0_iff, word_of_int_eq_0_iff are not simp -by default any longer. INCOMPATIBILITY. - -* Abbreviation "max_word" has been moved to session Word_Lib in the AFP, -as also have constants "shiftl1", "shiftr1", "sshiftr1", "bshiftr1", -"setBit", "clearBit". See there further the changelog in theory Guide. -INCOMPATIBILITY. - -* Reorganized classes and locales for boolean algebras. INCOMPATIBILITY. - -* New simp rules: less_exp, min.absorb1, min.absorb2, min.absorb3, -min.absorb4, max.absorb1, max.absorb2, max.absorb3, max.absorb4. Minor -INCOMPATIBILITY. - -* The Mirabelle testing tool is now part of Main HOL, and accessible via -the command-line tool "isabelle mirabelle" (implemented in -Isabelle/Scala). It has become more robust and supports parallelism -within Isabelle/ML. - -* Nitpick: External solver "MiniSat" is available for all supported -Isabelle platforms (including 64bit Windows and ARM); while -"MiniSat_JNI" only works for Intel Linux and macOS. - -* Nitpick/Kodkod: default is back to external Java process (option -kodkod_scala = false), both for PIDE and batch builds. This reduces -confusion and increases robustness of timeouts, despite substantial -overhead to run an external JVM. For more fine-grained control, the -kodkod_scala option can be modified within the formal theory context -like this: - - declare [[kodkod_scala = false]] - -* Sledgehammer: - - Update of bundled provers: - . E 2.6 - . Vampire 4.6 (with Open Source license) - . veriT 2021.06.1-rmx - . Zipperposition 2.1 - . Z3 4.4.1 for arm64-linux, which approximates Z3 4.4.0pre, - but sometimes fails or crashes - - Adjusted default provers: - cvc4 vampire verit e spass z3 zipperposition - - Adjusted Zipperposition's slicing. - - Removed legacy "lam_lifting" (synonym for "lifting") from option - "lam_trans". Minor INCOMPATIBILITY. - - Renamed "hide_lams" to "opaque_lifting" in option "lam_trans". Minor - INCOMPATIBILITY. - - Added "opaque_combs" to option "lam_trans": lambda expressions are - rewritten using combinators, but the combinators are kept opaque, - i.e. without definitions. - -* Metis: - - Renamed option "hide_lams" to "opaque_lifting". Minor INCOMPATIBILITY. - - Updated the Metis prover underlying the "metis" proof method to - version 2.4 (release 20200713). The new version fixes one - implementation defect. Very slight INCOMPATIBILITY. - -* Theory HOL-Library.Lattice_Syntax has been superseded by bundle -"lattice_syntax": it can be used in a local context via 'include' or in -a global theory via 'unbundle'. The opposite declarations are bundled as -"no_lattice_syntax". Minor INCOMPATIBILITY. - -* Theory "HOL-Library.Multiset": dedicated predicate "multiset" is gone, -use explict expression instead. Minor INCOMPATIBILITY. - -* Theory "HOL-Library.Multiset": consolidated abbreviations Mempty, -Melem, not_Melem to empty_mset, member_mset, not_member_mset -respectively. Minor INCOMPATIBILITY. - -* Theory "HOL-Library.Multiset": consolidated operation and fact names: - inf_subset_mset ~> inter_mset - sup_subset_mset ~> union_mset - multiset_inter_def ~> inter_mset_def - sup_subset_mset_def ~> union_mset_def - multiset_inter_count ~> count_inter_mset - sup_subset_mset_count ~> count_union_mset - -* Theory "HOL-Library.Complex_Order": Defines less, less_eq on complex -numbers. Not imported by default. - -* Theory "HOL-Library.Multiset": syntax precendence for membership -operations has been adjusted to match the corresponding precendences on -sets. Rare INCOMPATIBILITY. - -* Theory "HOL-Library.Cardinality": code generator setup based on the -type classes finite_UNIV and card_UNIV has been moved to -"HOL-Library.Code_Cardinality", to avoid incompatibilities with -other code setups for sets in AFP/Containers. Applications relying on -this code setup should import "HOL-Library.Code_Cardinality". Minor -INCOMPATIBILITY. - -* Theory "HOL-Library.Permutation" has been renamed to the more specific -"HOL-Library.List_Permutation". Note that most notions from that theory -are already present in theory "HOL-Combinatorics.Permutations". -INCOMPATIBILITY. - -* Dedicated session "HOL-Combinatorics". INCOMPATIBILITY: theories -"Permutations", "List_Permutation" (formerly "Permutation"), "Stirling", -"Multiset_Permutations", "Perm" have been moved there from session -HOL-Library. - -* Theory "HOL-Combinatorics.Transposition" provides elementary swap -operation "transpose". - -* Theory "HOL-Analysis.Infinite_Sum": new theory for infinite sums with -a more general definition than the existing theory Infinite_Set_Sum. -(Infinite_Set_Sum contains theorems relating the two definitions.) - -* Theory "HOL-Analysis.Product_Vector": Instantiation of the product of -uniform spaces as a uniform space. Minor INCOMPATIBILITY: the old -definition "uniformity_prod_def" is available as a derived fact -"uniformity_dist". - -* Session "HOL-Analysis" and "HOL-Probability": indexed products of -discrete distributions, negative binomial distribution, Hoeffding's -inequality, Chernoff bounds, Cauchy–Schwarz inequality for nn_integral, -and some more small lemmas. Some theorems that were stated awkwardly -before were corrected. Minor INCOMPATIBILITY. - -* Session "HOL-Analysis": the complex Arg function has been identified -with the function "arg" of Complex_Main, renaming arg ~> Arg also in the -names of arg_bounded. Minor INCOMPATIBILITY. - -* Session "HOL-Statespace": various improvements and cleanup. - - -*** ML *** - -* External bash processes are always managed by Isabelle/Scala, in -contrast to Isabelle2021 where this was only done for macOS on Apple -Silicon. - -The main Isabelle/ML interface is Isabelle_System.bash_process with -result type Process_Result.T (resembling class Process_Result in Scala); -derived operations Isabelle_System.bash and Isabelle_System.bash_output -provide similar functionality as before. The underlying TCP/IP server -within Isabelle/Scala is available to other programming languages as -well, notably Isabelle/Haskell. - -Rare INCOMPATIBILITY due to subtle semantic differences: - - - Processes invoked from Isabelle/ML actually run in the context of - the Java VM of Isabelle/Scala. The settings environment and current - working directory are usually the same on both sides, but there can be - subtle corner cases (e.g. unexpected uses of "cd" or "putenv" in ML). - - - Output via stdout and stderr is line-oriented: Unix vs. Windows - line-endings are normalized towards Unix; presence or absence of a - final newline is irrelevant. The original lines are available as - Process_Result.out_lines/err_lines; the concatenated versions - Process_Result.out/err *omit* a trailing newline (using - Library.trim_line, which was occasional seen in applications before, - but is no longer necessary). - - - Output needs to be plain text encoded in UTF-8: Isabelle/Scala - recodes it temporarily as UTF-16. This works for well-formed Unicode - text, but not for arbitrary byte strings. In such cases, the bash - script should write tempory files, managed by Isabelle/ML operations - like Isabelle_System.with_tmp_file to create a file name and - File.read to retrieve its content. - - - The Isabelle/Scala "bash_process" server requires a PIDE session - context. This could be a regular batch session (e.g. "isabelle - build"), a PIDE editor session (e.g. "isabelle jedit"), or headless - PIDE (e.g. "isabelle dump" or "isabelle server"). Note that old - "isabelle console" or raw "isabelle process" don't have that. - -New Process_Result.timing works as in Isabelle/Scala, based on direct -measurements of the bash_process wrapper in C: elapsed time is always -available, CPU time is only available on Linux and macOS, GC time is -unavailable. - -* The following Isabelle/ML system operations are run in the context of -Isabelle/Scala, within a PIDE session context: - - - Isabelle_System.make_directory - - Isabelle_System.copy_dir - - Isabelle_System.copy_file - - Isabelle_System.copy_base_file - - Isabelle_System.rm_tree - - Isabelle_System.download - -* Term operations under abstractions are now more robust (and more -strict) by using the formal proof context in subsequent operations: - - Variable.dest_abs - Variable.dest_abs_cterm - Variable.dest_all - Variable.dest_all_cterm - -This works under the assumption that terms are always properly declared -to the proof context (e.g. via Variable.declare_term). Failure to do so, -or working with the wrong context, will cause an error (exception Fail, -based on Term.USED_FREE from Term.dest_abs_fresh). - -The Simplifier and equational conversions now use the above operations -routinely, and thus require user-space tools to be serious about the -proof context (notably in their use of Goal.prove, SUBPROOF etc.). -INCOMPATIBILITY in add-on tools is to be expected occasionally: a proper -context discipline needs to be followed. - -* Former operations Term.dest_abs and Logic.dest_all (without a proper -context) have been discontinued. INCOMPATIBILITY, either use -Variable.dest_abs etc. above, or the following operations that imitate -the old behavior to a great extent: - - Term.dest_abs_global - Logic.dest_all_global - -This works under the assumption that the given (sub-)term directly shows -all free variables that need to be avoided when generating a fresh name. -A violation of the assumption are variables stemming from the enclosing -context that get involved in a proof only later. - -* ML structures TFrees, TVars, Frees, Vars, Names provide scalable -operations to accumulate items from types and terms, using a fast -syntactic order. The original order of occurrences may be recovered as -well, e.g. via TFrees.list_set. - -* Thm.instantiate, Thm.generalize and related operations (e.g. -Variable.import) now use scalable data structures from structure TVars, -Vars, Names etc. INCOMPATIBILITY: e.g. use TVars.empty and TVars.make -for immediate adoption; better use TVars.add, TVars.add_tfrees etc. for -scalable accumulation of items. - -* Thm.instantiate_beta applies newly emerging abstractions to their -arguments in the term, but leaves other beta-redexes unchanged --- in -contrast to Drule.instantiate_normalize. - -* ML antiquotation "instantiate" allows to instantiate formal entities -(types, terms, theorems) with values given ML. This works uniformly for -"typ", "term", "prop", "ctyp", "cterm", "cprop", "lemma" --- given as a -keyword after the instantiation. - -A mode "(schematic)" behind the keyword means that some variables may -remain uninstantiated (fixed in the specification and schematic in the -result); by default, all variables need to be instantiated. - -Newly emerging abstractions are applied to their arguments in the term -(using Thm.instantiate_beta). - -Examples in HOL: - - fun make_assoc_type (A, B) = - \<^instantiate>\'a = A and 'b = B in typ \('a \ 'b) list\\; - - val make_assoc_list = - map (fn (x, y) => - \<^instantiate>\'a = \fastype_of x\ and 'b = \fastype_of y\ and - x and y in term \(x, y)\ for x :: 'a and y :: 'b\); - - fun symmetry x y = - \<^instantiate>\'a = \Thm.ctyp_of_cterm x\ and x and y in - lemma \x = y \ y = x\ for x y :: 'a by simp\ - - fun symmetry_schematic A = - \<^instantiate>\'a = A in - lemma (schematic) \x = y \ y = x\ for x y :: 'a by simp\ - -* ML antiquotation for embedded lemma supports local fixes, as usual in -many other Isar language elements. For example: - - @{lemma "x = x" for x :: nat by (rule refl)} - -* ML antiquotations for type constructors and term constants: - - \<^Type>\c\ - \<^Type>\c T \\ \ \same with type arguments\ - \<^Type_fn>\c T \\ \ \fn abstraction, failure via exception TYPE\ - \<^Const>\c\ - \<^Const>\c T \\ \ \same with type arguments\ - \<^Const>\c for t \\ \ \same with term arguments\ - \<^Const_>\c \\ \ \same for patterns: case, let, fn\ - \<^Const_fn>\c T \\ \ \fn abstraction, failure via exception TERM\ - -The type/term arguments refer to nested ML source, which may contain -antiquotations recursively. The following argument syntax is supported: - - - an underscore (dummy pattern) - - an atomic item of "embedded" syntax, e.g. identifier or cartouche - - an antiquotation in control-symbol/cartouche form, e.g. \<^Type>\c\ - as short form of \\<^Type>\c\\. - -Examples in HOL: - - val natT = \<^Type>\nat\; - fun mk_funT (A, B) = \<^Type>\fun A B\; - val dest_funT = \<^Type_fn>\fun A B => \(A, B)\\; - fun mk_conj (A, B) = \<^Const>\conj for A B\; - val dest_conj = \<^Const_fn>\conj for A B => \(A, B)\\; - fun mk_eq T (t, u) = \<^Const>\HOL.eq T for t u\; - val dest_eq = \<^Const_fn>\HOL.eq T for t u => \(T, (t, u))\\; - -* ML antiquotations \<^make_judgment> and \<^dest_judgment> refer to -corresponding functions for the object-logic of the ML compilation -context. This supersedes older mk_Trueprop / dest_Trueprop operations. - -* The "build" combinators of various data structures help to build -content from bottom-up, by applying an "add" function the "empty" value. -For example: - - - type 'a Symtab.table etc.: build - - type 'a Names.table etc.: build - - type 'a list: build and build_rev - - type Buffer.T: build and build_content - -For example, see src/Pure/PIDE/xml.ML: - - val content_of = Buffer.build_content o fold add_content; - -* ML antiquotations \<^try>\expr\ and \<^can>\expr\ operate directly on -the given ML expression, in contrast to functions "try" and "can" that -modify application of a function. - -* ML antiquotations for conditional ML text: - - \<^if_linux>\...\ - \<^if_macos>\...\ - \<^if_windows>\...\ - \<^if_unix>\...\ - -* ML profiling has been updated and reactivated, after some degration in -Isabelle2021: - - - "isabelle build -o threads=1 -o profiling=..." works properly - within the PIDE session context; - - - "isabelle profiling_report" now uses the session build database - (like "isabelle log"); - - - output uses non-intrusive tracing messages, instead of warnings. - - -*** System *** - -* Almost complete support for arm64-linux platform. The reference -platform is Raspberry Pi 4 with 8 GB RAM running Pi OS (64 bit). - -* Update to OpenJDK 17: the current long-term support version of Java. - -* Update to Poly/ML 5.9 with improved support for ARM on Linux. On -macOS, the Intel version works more smoothly with Rosetta 2, as already -used in Isabelle2021. Further changes to Poly/ML are documented here: -http://lists.inf.ed.ac.uk/pipermail/polyml/2021-May/002451.html - -* Perl is no longer required by Isabelle proper, and no longer provided -by specific Isabelle execution environments (Docker, Cygwin on Windows). -Minor INCOMPATIBILITY, add-on applications involving perl need to -provide it by different means. (Note that proper Isabelle systems -programming works via Scala/Java, without perl, python, ruby etc.). - -* Each Isabelle component may specify a Scala/Java jar module -declaratively via etc/build.props (file names are relative to the -component directory). E.g. see $ISABELLE_HOME/etc/build.props with -further explanations in the "system" manual. - -* Command-line tool "isabelle scala_build" allows to invoke the build -process of all Scala/Java modules explicitly. Normally this is done -implicitly on demand, e.g. for "isabelle scala" or "isabelle jedit". - -* Command-line tool "isabelle scala_project" is has been improved in -various ways: - - sources from all components with etc/build.props are included, - - sources of for the jEdit text editor and the Isabelle/jEdit - plugins (jedit_base and jedit_main) are included by default, - - more sources may be given on the command-line, - - options -f and -D make the tool more convenient, - - Gradle has been replaced by Maven (less ambitious and more robust). - -* Remote provers from SystemOnTPTP (notably for Sledgehammer) are now -managed via Isabelle/Scala instead of perl; the dependency on -libwww-perl has been eliminated (notably on Linux). Rare -INCOMPATIBILITY: HTTP proxy configuration now works via JVM properties -https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/net/doc-files/net-properties.html - -* System options may declare an implicit standard value, which is used -when the option is activated without providing an explicit value, e.g. -"isabelle build -o document -o document_output" instead of -"isabelle build -o document=true -o document_output=output". For options -of type "bool", the standard is always "true" and cannot be specified -differently. - -* System option "document=true" is an alias for "document=pdf", and -"document=false" is an alias for "document=" (empty string). - -* System option "system_log" specifies an optional log file for internal -messages produced by Output.system_message in Isabelle/ML; the standard -value "-" refers to console progress of the build job. This works for -"isabelle build" or any derivative of it. - -* Command-line tool "isabelle version" supports repository archives -(without full .hg directory). It also provides more options. - -* Obsolete settings variable ISABELLE_PLATFORM32 has been discontinued. -Note that only Windows supports old 32 bit executables, via settings -variable ISABELLE_WINDOWS_PLATFORM32. Everything else should be -ISABELLE_PLATFORM64 (generic Posix) or ISABELLE_WINDOWS_PLATFORM64 -(native Windows) or ISABELLE_APPLE_PLATFORM64 (Apple Silicon). - -* Timeouts for Isabelle/ML tools are subject to system option -"timeout_scale", to support adjustments to slow machines. Before, -timeout_scale was only used for the overall session build process, now -it affects the underlying Timeout.apply in Isabelle/ML as well. It -treats a timeout specification 0 as "no timeout", instead of "immediate -timeout". Rare INCOMPATIBILITY in boundary cases. - - - -New in Isabelle2021 (February 2021) ------------------------------------ - -*** General *** - -* On macOS, the IsabelleXYZ.app directory layout now follows the other -platforms, without indirection via Contents/Resources/. INCOMPATIBILITY, -use e.g. IsabelleXYZ.app/bin/isabelle instead of former -IsabelleXYZ.app/Isabelle/bin/isabelle or -IsabelleXYZ.app/Isabelle/Contents/Resources/IsabelleXYZ/bin/isabelle. - -* HTML presentation uses rich markup produced by Isabelle/PIDE, -resulting in more colors and links. - -* HTML presentation includes auxiliary files (e.g. ML) for each theory. - -* Proof method "subst" is confined to the original subgoal range: its -included distinct_subgoals_tac no longer affects unrelated subgoals. -Rare INCOMPATIBILITY. - -* Theory_Data extend operation is obsolete and needs to be the identity -function; merge should be conservative and not reset to the empty value. -Subtle INCOMPATIBILITY and change of semantics (due to -Theory.join_theory from Isabelle2020). Special extend/merge behaviour at -the begin of a new theory can be achieved via Theory.at_begin. - - -*** Isabelle/jEdit Prover IDE *** - -* Improved GUI look-and-feel: the portable and scalable "FlatLaf Light" -is used by default on all platforms (appearance similar to IntelliJ -IDEA). - -* Improved markup for theory header imports: hyperlinks for theory files -work without formal checking of content. - -* The prover process can download auxiliary files (e.g. 'ML_file') for -theories with remote URL. This requires the external "curl" program. - -* Action "isabelle.goto-entity" (shortcut CS+d) jumps to the definition -of the formal entity at the caret position. - -* The visual feedback on caret entity focus is normally restricted to -definitions within the visible text area. The keyboard modifier "CS" -overrides this: then all defining and referencing positions are shown. -See also option "jedit_focus_modifier". - -* The jEdit status line includes widgets both for JVM and ML heap usage. -Ongoing ML ongoing garbage collection is shown as "ML cleanup". - -* The Monitor dockable provides buttons to request a full garbage -collection and sharing of live data on the ML heap. It also includes -information about the Java Runtime system. - -* PIDE support for session ROOTS: markup for directories. - -* Update to jedit-5.6.0, the latest release. This version works properly -on macOS by default, without the special MacOSX plugin. - -* Action "full-screen-mode" (shortcut F11 or S+F11) has been modified -for better approximate window size on macOS and Linux/X11. - -* Improved GUI support for macOS 11.1 Big Sur: native fullscreen mode, -but non-native look-and-feel (FlatLaf). - -* Hyperlinks to various file-formats (.pdf, .png, etc.) open an external -viewer, instead of re-using the jEdit text editor. - -* IDE support for Naproche-SAD: Proof Checking of Natural Mathematical -Documents. See also $NAPROCHE_HOME/examples for files with .ftl or -.ftl.tex extension. The corresponding Naproche-SAD server process can be -disabled by setting the system option naproche_server=false and -restarting the Isabelle application. - - -*** Document preparation *** - -* Keyword 'document_theories' within ROOT specifies theories from other -sessions that should be included in the generated document source -directory. This does not affect the generated session.tex: \input{...} -needs to be used separately. - -* The standard LaTeX engine is now lualatex, according to settings -variable ISABELLE_PDFLATEX. This is mostly upwards compatible with old -pdflatex, but text encoding needs to conform strictly to utf8. Rare -INCOMPATIBILITY. - -* Discontinued obsolete DVI format and ISABELLE_LATEX settings variable: -document output is always PDF. - -* Antiquotation @{tool} refers to Isabelle command-line tools, with -completion and formal reference to the source (external script or -internal Scala function). - -* Antiquotation @{bash_function} refers to GNU bash functions that are -checked within the Isabelle settings environment. - -* Antiquotations @{scala}, @{scala_object}, @{scala_type}, -@{scala_method} refer to checked Isabelle/Scala entities. - - -*** Pure *** - -* Session Pure-Examples contains notable examples for Isabelle/Pure -(former entries of HOL-Isar_Examples). - -* Named contexts (locale and class specifications, locale and class -context blocks) allow bundle mixins for the surface context. This allows -syntax notations to be organized within bundles conveniently. See theory -"HOL-ex.Specifications_with_bundle_mixins" for examples and the isar-ref -manual for syntax descriptions. - -* Definitions in locales produce rule which can be added as congruence -rule to protect foundational terms during simplification. - -* Consolidated terminology and function signatures for nested targets: - - - Local_Theory.begin_nested replaces Local_Theory.open_target - - - Local_Theory.end_nested replaces Local_Theory.close_target - - - Combination of Local_Theory.begin_nested and - Local_Theory.end_nested(_result) replaces - Local_Theory.subtarget(_result) - -INCOMPATIBILITY. - -* Local_Theory.init replaces Generic_Target.init. Minor INCOMPATIBILITY. - - -*** HOL *** - -* Session HOL-Examples contains notable examples for Isabelle/HOL -(former entries of HOL-Isar_Examples, HOL-ex etc.). - -* An updated version of the veriT solver is now included as Isabelle -component. It can be used in the "smt" proof method via "smt (verit)" or -via "declare [[smt_solver = verit]]" in the context; see also session -HOL-Word-SMT_Examples. - -* Zipperposition 2.0 is now included as Isabelle component for -experimentation, e.g. in "sledgehammer [prover = zipperposition]". - -* Sledgehammer: - - support veriT in proof preplay - - take adventage of more cores in proof preplay - -* Updated the Metis prover underlying the "metis" proof method to -version 2.4 (release 20180810). The new version fixes one soundness -defect and two incompleteness defects. Very slight INCOMPATIBILITY. - -* Nitpick/Kodkod may be invoked directly within the running -Isabelle/Scala session (instead of an external Java process): this -improves reactivity and saves resources. This experimental feature is -guarded by system option "kodkod_scala" (default: true in PIDE -interaction, false in batch builds). - -* Simproc "defined_all" and rewrite rule "subst_all" perform more -aggressive substitution with variables from assumptions. -INCOMPATIBILITY, consider repairing proofs locally like this: - - supply subst_all [simp del] [[simproc del: defined_all]] - -* Simproc "datatype_no_proper_subterm" rewrites equalities "lhs = rhs" -on datatypes to "False" if either side is a proper subexpression of the -other (for any datatype with a reasonable size function). - -* Syntax for state monad combinators fcomp and scomp is organized in -bundle state_combinator_syntax. Minor INCOMPATIBILITY. - -* Syntax for reflected term syntax is organized in bundle term_syntax, -discontinuing previous locale term_syntax. Minor INCOMPATIBILITY. - -* New constant "power_int" for exponentiation with integer exponent, -written as "x powi n". - -* Added the "at most 1" quantifier, Uniq. - -* For the natural numbers, "Sup {} = 0". - -* New constant semiring_char gives the characteristic of any type of -class semiring_1, with the convenient notation CHAR('a). For example, -CHAR(nat) = CHAR(int) = CHAR(real) = 0, CHAR(17) = 17. - -* HOL-Computational_Algebra.Polynomial: Definition and basic properties -of algebraic integers. - -* Library theory "Bit_Operations" with generic bit operations. - -* Library theory "Signed_Division" provides operations for signed -division, instantiated for type int. - -* Theory "Multiset": removed misleading notation \# for sum_mset; -replaced with \\<^sub>#. Analogous notation for prod_mset also exists now. - -* New theory "HOL-Library.Word" takes over material from former session -"HOL-Word". INCOMPATIBILITY: need to adjust imports. - -* Theory "HOL-Library.Word": Type word is restricted to bit strings -consisting of at least one bit. INCOMPATIBILITY. - -* Theory "HOL-Library.Word": Bit operations NOT, AND, OR, XOR are based -on generic algebraic bit operations from theory -"HOL-Library.Bit_Operations". INCOMPATIBILITY. - -* Theory "HOL-Library.Word": Most operations on type word are set up for -transfer and lifting. INCOMPATIBILITY. - -* Theory "HOL-Library.Word": Generic type conversions. INCOMPATIBILITY, -sometimes additional rewrite rules must be added to applications to get -a confluent system again. - -* Theory "HOL-Library.Word": Uniform polymorphic "mask" operation for -both types int and word. INCOMPATIBILITY. - -* Theory "HOL-Library.Word": Syntax for signed compare operators has -been consolidated with syntax of regular compare operators. Minor -INCOMPATIBILITY. - -* Former session "HOL-Word": Various operations dealing with bit values -represented as reversed lists of bools are separated into theory -Reversed_Bit_Lists in session Word_Lib in the AFP. INCOMPATIBILITY. - -* Former session "HOL-Word": Theory "Word_Bitwise" has been moved to AFP -entry Word_Lib as theory "Bitwise". INCOMPATIBILITY. - -* Former session "HOL-Word": Compound operation "bin_split" simplifies -by default into its components "drop_bit" and "take_bit". -INCOMPATIBILITY. - -* Former session "HOL-Word": Operations lsb, msb and set_bit are -separated into theories Least_significant_bit, Most_significant_bit and -Generic_set_bit respectively in session Word_Lib in the AFP. -INCOMPATIBILITY. - -* Former session "HOL-Word": Ancient int numeral representation has been -factored out in separate theory "Ancient_Numeral" in session Word_Lib in -the AFP. INCOMPATIBILITY. - -* Former session "HOL-Word": Operations "bin_last", "bin_rest", -"bin_nth", "bintrunc", "sbintrunc", "norm_sint", "bin_cat" and -"max_word" are now mere input abbreviations. Minor INCOMPATIBILITY. - -* Former session "HOL-Word": Misc ancient material has been factored out -into separate theories and moved to session Word_Lib in the AFP. See -theory "Guide" there for further information. INCOMPATIBILITY. - -* Session HOL-TPTP: The "tptp_isabelle" and "tptp_sledgehammer" commands -are in working order again, as opposed to outputting "GaveUp" on nearly -all problems. - -* Session "HOL-Hoare": concrete syntax only for Hoare triples, not -abstract language constructors. - -* Session "HOL-Hoare": now provides a total correctness logic as well. - - -*** FOL *** - -* Added the "at most 1" quantifier, Uniq, as in HOL. - -* Simproc "defined_all" and rewrite rule "subst_all" have been changed -as in HOL. - - -*** ML *** - -* Antiquotations @{scala_function}, @{scala}, @{scala_thread} refer to -registered Isabelle/Scala functions (of type String => String): -invocation works via the PIDE protocol. - -* Path.append is available as overloaded "+" operator, similar to -corresponding Isabelle/Scala operation. - -* ML statistics via an external Poly/ML process: this allows monitoring -the runtime system while the ML program sleeps. - - -*** System *** - -* Isabelle server allows user-defined commands via -isabelle_scala_service. - -* Update/rebuild external provers on currently supported OS platforms, -notably CVC4 1.8, E prover 2.5, SPASS 3.8ds, CSDP 6.1.1. - -* The command-line tool "isabelle log" prints prover messages from the -build database of the given session, following the the order of theory -sources, instead of erratic parallel evaluation. Consequently, the -session log file is restricted to system messages of the overall build -process, and thus becomes more informative. - -* Discontinued obsolete isabelle display tool, and DVI_VIEWER settings -variable. - -* The command-line tool "isabelle logo" only outputs PDF; obsolete EPS -(for DVI documents) has been discontinued. Former option -n has been -turned into -o with explicit file name. Minor INCOMPATIBILITY. - -* The command-line tool "isabelle components" supports new options -u -and -x to manage $ISABELLE_HOME_USER/etc/components without manual -editing of Isabelle configuration files. - -* The shell function "isabelle_directory" (within etc/settings of -components) augments the list of special directories for persistent -symbolic path names. This improves portability of heap images and -session databases. It used to be hard-wired for Isabelle + AFP, but -other projects may now participate on equal terms. - -* The command-line tool "isabelle process" now prints output to -stdout/stderr separately and incrementally, instead of just one bulk to -stdout after termination. Potential INCOMPATIBILITY for external tools. - -* The command-line tool "isabelle console" now supports interrupts -properly (on Linux and macOS). - -* Batch-builds via "isabelle build" use a PIDE session with special -protocol: this allows to invoke Isabelle/Scala operations from -Isabelle/ML. Big build jobs (e.g. AFP) require extra heap space for the -java process, e.g. like this in $ISABELLE_HOME_USER/etc/settings: - - ISABELLE_TOOL_JAVA_OPTIONS="$ISABELLE_TOOL_JAVA_OPTIONS -Xmx8g" - -This includes full PIDE markup, if option "build_pide_reports" is -enabled. - -* The command-line tool "isabelle build" provides option -P DIR to -produce PDF/HTML presentation in the specified directory; -P: refers to -the standard directory according to ISABELLE_BROWSER_INFO / -ISABELLE_BROWSER_INFO_SYSTEM settings. Generated PDF documents are taken -from the build database -- from this or earlier builds with option -document=pdf. - -* The command-line tool "isabelle document" generates theory documents -on the spot, using the underlying session build database (exported -LaTeX sources or existing PDF files). INCOMPATIBILITY, the former -"isabelle document" tool was rather different and has been discontinued. - -* The command-line tool "isabelle sessions" explores the structure of -Isabelle sessions and prints result names in topological order (on -stdout). - -* The Isabelle/Scala "Progress" interface changed slightly and -"No_Progress" has been discontinued. INCOMPATIBILITY, use "new Progress" -instead. - -* General support for Isabelle/Scala system services, configured via the -shell function "isabelle_scala_service" in etc/settings (e.g. of an -Isabelle component); see implementations of class -Isabelle_System.Service in Isabelle/Scala. This supersedes former -"isabelle_scala_tools" and "isabelle_file_format": minor -INCOMPATIBILITY. - -* The syntax of theory load commands (for auxiliary files) is now -specified in Isabelle/Scala, as instance of class -isabelle.Command_Span.Load_Command registered via isabelle_scala_service -in etc/settings. This allows more flexible schemes than just a list of -file extensions. Minor INCOMPATIBILITY, e.g. see theory -HOL-SPARK.SPARK_Setup to emulate the old behaviour. - -* JVM system property "isabelle.laf" has been discontinued; the default -Swing look-and-feel is ""FlatLaf Light". - -* Isabelle/Phabricator supports Ubuntu 20.04 LTS. - -* Isabelle/Phabricator setup has been updated to follow ongoing -development: libphutil has been discontinued. Minor INCOMPATIBILITY: -existing server installations should remove libphutil from -/usr/local/bin/isabelle-phabricator-upgrade and each installation root -directory (e.g. /var/www/phabricator-vcs/libphutil). - -* Experimental support for arm64-linux platform. The reference platform -is Raspberry Pi 4 with 8 GB RAM running Pi OS (64 bit). - -* Support for Apple Silicon, using mostly x86_64-darwin runtime -translation via Rosetta 2 (e.g. Poly/ML and external provers), but also -some native arm64-darwin executables (e.g. Java). - - - -New in Isabelle2020 (April 2020) --------------------------------- - -*** General *** - -* Session ROOT files need to specify explicit 'directories' for import -of theory files. Directories cannot be shared by different sessions. -(Recall that import of theories from other sessions works via -session-qualified theory names, together with suitable 'sessions' -declarations in the ROOT.) - -* Internal derivations record dependencies on oracles and other theorems -accurately, including the implicit type-class reasoning wrt. proven -class relations and type arities. In particular, the formal tagging with -"Pure.skip_proofs" of results stemming from "instance ... sorry" is now -propagated properly to theorems depending on such type instances. - -* Command 'sorry' (oracle "Pure.skip_proofs") is more precise about the -actual proposition that is assumed in the goal and proof context. This -requires at least Proofterm.proofs = 1 to show up in theorem -dependencies. - -* Command 'thm_oracles' prints all oracles used in given theorems, -covering the full graph of transitive dependencies. - -* Command 'thm_deps' prints immediate theorem dependencies of the given -facts. The former graph visualization has been discontinued, because it -was hardly usable. - -* Refined treatment of proof terms, including type-class proofs for -minor object-logics (FOL, FOLP, Sequents). - -* The inference kernel is now confined to one main module: structure -Thm, without the former circular dependency on structure Axclass. - -* Mixfix annotations may use "' " (single quote followed by space) to -separate delimiters (as documented in the isar-ref manual), without -requiring an auxiliary empty block. A literal single quote needs to be -escaped properly. Minor INCOMPATIBILITY. - - -*** Isar *** - -* The proof method combinator (subproofs m) applies the method -expression m consecutively to each subgoal, constructing individual -subproofs internally. This impacts the internal construction of proof -terms: it makes a cascade of let-expressions within the derivation tree -and may thus improve scalability. - -* Attribute "trace_locales" activates tracing of locale instances during -roundup. It replaces the diagnostic command 'print_dependencies', which -has been discontinued. - - -*** Isabelle/jEdit Prover IDE *** - -* Prover IDE startup is now much faster, because theory dependencies are -no longer explored in advance. The overall session structure with its -declarations of 'directories' is sufficient to locate theory files. Thus -the "session focus" of option "isabelle jedit -S" has become obsolete -(likewise for "isabelle vscode_server -S"). Existing option "-R" is both -sufficient and more convenient to start editing a particular session. - -* Actions isabelle.tooltip (CS+b) and isabelle.message (CS+m) display -tooltip message popups, corresponding to mouse hovering with/without the -CONTROL/COMMAND key pressed. - -* The following actions allow to navigate errors within the current -document snapshot: - - isabelle.first-error (CS+a) - isabelle.last-error (CS+z) - isabelle.next-error (CS+n) - isabelle.prev-error (CS+p) - -* Support more brackets: \ \ (intended for implicit argument syntax). - -* Action isabelle.jconsole (menu item Plugins / Isabelle / Java/VM -Monitor) applies the jconsole tool on the running Isabelle/jEdit -process. This allows to monitor resource usage etc. - -* More adequate default font sizes for Linux on HD / UHD displays: -automatic font scaling is usually absent on Linux, in contrast to -Windows and macOS. - -* The default value for the jEdit property "view.antiAlias" (menu item -Utilities / Global Options / Text Area / Anti Aliased smooth text) is -now "subpixel HRGB", instead of former "standard". Especially on Linux -this often leads to faster text rendering, but can also cause problems -with odd color shades. An alternative is to switch back to "standard" -here, and set the following Java system property: - - isabelle jedit -Dsun.java2d.opengl=true - -This can be made persistent via JEDIT_JAVA_OPTIONS in -$ISABELLE_HOME_USER/etc/settings. For the "Isabelle2020" desktop -application there is a corresponding options file in the same directory. - - -*** Isabelle/VSCode Prover IDE *** - -* Update of State and Preview panels to use new WebviewPanel API of -VSCode. - - -*** HOL *** - -* Improvements of the 'lift_bnf' command: - - Add support for quotient types. - - Generate transfer rules for the lifted map/set/rel/pred constants - (theorems "._transfer_raw"). - -* Term_XML.Encode/Decode.term uses compact representation of Const -"typargs" from the given declaration environment. This also makes more -sense for translations to lambda-calculi with explicit polymorphism. -INCOMPATIBILITY, use Term_XML.Encode/Decode.term_raw in special -applications. - -* ASCII membership syntax concerning big operators for infimum and -supremum has been discontinued. INCOMPATIBILITY. - -* Removed multiplicativity assumption from class -"normalization_semidom". Introduced various new intermediate classes -with the multiplicativity assumption; many theorem statements -(especially involving GCD/LCM) had to be adapted. This allows for a more -natural instantiation of the algebraic typeclasses for e.g. Gaussian -integers. INCOMPATIBILITY. - -* Clear distinction between types for bits (False / True) and Z2 (0 / -1): theory HOL-Library.Bit has been renamed accordingly. -INCOMPATIBILITY. - -* Dynamic facts "algebra_split_simps" and "field_split_simps" correspond -to algebra_simps and field_simps but contain more aggressive rules -potentially splitting goals; algebra_split_simps roughly replaces -sign_simps and field_split_simps can be used instead of divide_simps. -INCOMPATIBILITY. - -* Theory HOL.Complete_Lattices: -renamed Inf_Sup -> Inf_eq_Sup and Sup_Inf -> Sup_eq_Inf - -* Theory HOL-Library.Monad_Syntax: infix operation "bind" (\) -associates to the left now as is customary. - -* Theory HOL-Library.Ramsey: full finite Ramsey's theorem with -multiple colours and arbitrary exponents. - -* Session HOL-Proofs: build faster thanks to better treatment of proof -terms in Isabelle/Pure. - -* Session HOL-Word: bitwise NOT-operator has proper prefix syntax. Minor -INCOMPATIBILITY. - -* Session HOL-Analysis: proof method "metric" implements a decision -procedure for simple linear statements in metric spaces. - -* Session HOL-Complex_Analysis has been split off from HOL-Analysis. - - -*** ML *** - -* Theory construction may be forked internally, the operation -Theory.join_theory recovers a single result theory. See also the example -in theory "HOL-ex.Join_Theory". - -* Antiquotation @{oracle_name} inlines a formally checked oracle name. - -* Minimal support for a soft-type system within the Isabelle logical -framework (module Soft_Type_System). - -* Former Variable.auto_fixes has been replaced by slightly more general -Proof_Context.augment: it is subject to an optional soft-type system of -the underlying object-logic. Minor INCOMPATIBILITY. - -* More scalable Export.export using XML.tree to avoid premature string -allocations, with convenient shortcut XML.blob. Minor INCOMPATIBILITY. - -* Prover IDE support for the underlying Poly/ML compiler (not the basis -library). Open $ML_SOURCES/ROOT.ML in Isabelle/jEdit to browse the -implementation with full markup. - - -*** System *** - -* Standard rendering for more Isabelle symbols: \ \ \ \ - -* The command-line tool "isabelle scala_project" creates a Gradle -project configuration for Isabelle/Scala/jEdit, to support Scala IDEs -such as IntelliJ IDEA. - -* The command-line tool "isabelle phabricator_setup" facilitates -self-hosting of the Phabricator software-development platform, with -support for Git, Mercurial, Subversion repositories. This helps to avoid -monoculture and to escape the gravity of centralized version control by -Github and/or Bitbucket. For further documentation, see chapter -"Phabricator server administration" in the "system" manual. A notable -example installation is https://isabelle-dev.sketis.net/. - -* The command-line tool "isabelle hg_setup" simplifies the setup of -Mercurial repositories, with hosting via Phabricator or SSH file server -access. - -* The command-line tool "isabelle imports" has been discontinued: strict -checking of session directories enforces session-qualified theory names -in applications -- users are responsible to specify session ROOT entries -properly. - -* The command-line tool "isabelle dump" and its underlying -Isabelle/Scala module isabelle.Dump has become more scalable, by -splitting sessions and supporting a base logic image. Minor -INCOMPATIBILITY in options and parameters. - -* The command-line tool "isabelle build_docker" has been slightly -improved: it is now properly documented in the "system" manual. - -* Isabelle/Scala support for the Linux platform (Ubuntu): packages, -users, system services. - -* Isabelle/Scala support for proof terms (with full type/term -information) in module isabelle.Term. - -* Isabelle/Scala: more scalable output of YXML files, e.g. relevant for -"isabelle dump". - -* Theory export via Isabelle/Scala has been reworked. The former "fact" -name space is now split into individual "thm" items: names are -potentially indexed, such as "foo" for singleton facts, or "bar(1)", -"bar(2)", "bar(3)" for multi-facts. Theorem dependencies are now -exported as well: this spans an overall dependency graph of internal -inferences; it might help to reconstruct the formal structure of theory -libraries. See also the module isabelle.Export_Theory in Isabelle/Scala. - -* Theory export of structured specifications, based on internal -declarations of Spec_Rules by packages like 'definition', 'inductive', -'primrec', 'function'. - -* Old settings variables ISABELLE_PLATFORM and ISABELLE_WINDOWS_PLATFORM -have been discontinued -- deprecated since Isabelle2018. - -* More complete x86_64 platform support on macOS, notably Catalina where -old x86 has been discontinued. - -* Update to GHC stack 2.1.3 with stackage lts-13.19/ghc-8.6.4. - -* Update to OCaml Opam 2.0.6 (using ocaml 4.05.0 as before). - - - -New in Isabelle2019 (June 2019) -------------------------------- - -*** General *** - -* The font collection "Isabelle DejaVu" is systematically derived from -the existing "DejaVu" fonts, with variants "Sans Mono", "Sans", "Serif" -and styles "Normal", "Bold", "Italic/Oblique", "Bold-Italic/Oblique". -The DejaVu base fonts are retricted to well-defined Unicode ranges and -augmented by special Isabelle symbols, taken from the former -"IsabelleText" font (which is no longer provided separately). The line -metrics and overall rendering quality is closer to original DejaVu. -INCOMPATIBILITY with display configuration expecting the old -"IsabelleText" font: use e.g. "Isabelle DejaVu Sans Mono" instead. - -* The Isabelle fonts render "\" properly as superscript "-1". - -* Old-style inner comments (* ... *) within the term language are no -longer supported (legacy feature in Isabelle2018). - -* Old-style {* verbatim *} tokens are explicitly marked as legacy -feature and will be removed soon. Use \cartouche\ syntax instead, e.g. -via "isabelle update_cartouches -t" (available since Isabelle2015). - -* Infix operators that begin or end with a "*" are now parenthesized -without additional spaces, e.g. "(*)" instead of "( * )". Minor -INCOMPATIBILITY. - -* Mixfix annotations may use cartouches instead of old-style double -quotes, e.g. (infixl \+\ 60). The command-line tool "isabelle update -u -mixfix_cartouches" allows to update existing theory sources -automatically. - -* ML setup commands (e.g. 'setup', 'method_setup', 'parse_translation') -need to provide a closed expression -- without trailing semicolon. Minor -INCOMPATIBILITY. - -* Commands 'generate_file', 'export_generated_files', and -'compile_generated_files' support a stateless (PIDE-conformant) model -for generated sources and compiled binaries of other languages. The -compilation process is managed in Isabelle/ML, and results exported to -the session database for further use (e.g. with "isabelle export" or -"isabelle build -e"). - - -*** Isabelle/jEdit Prover IDE *** - -* Fonts for the text area, gutter, GUI elements etc. use the "Isabelle -DejaVu" collection by default, which provides uniform rendering quality -with the usual Isabelle symbols. Line spacing no longer needs to be -adjusted: properties for the old IsabelleText font had "Global Options / -Text Area / Extra vertical line spacing (in pixels): -2", it now -defaults to 1, but 0 works as well. - -* The jEdit File Browser is more prominent in the default GUI layout of -Isabelle/jEdit: various virtual file-systems provide access to Isabelle -resources, notably via "favorites:" (or "Edit Favorites"). - -* Further markup and rendering for "plain text" (e.g. informal prose) -and "raw text" (e.g. verbatim sources). This improves the visual -appearance of formal comments inside the term language, or in general -for repeated alternation of formal and informal text. - -* Action "isabelle-export-browser" points the File Browser to the theory -exports of the current buffer, based on the "isabelle-export:" virtual -file-system. The directory view needs to be reloaded manually to follow -ongoing document processing. - -* Action "isabelle-session-browser" points the File Browser to session -information, based on the "isabelle-session:" virtual file-system. Its -entries are structured according to chapter / session names, the open -operation is redirected to the session ROOT file. - -* Support for user-defined file-formats via class isabelle.File_Format -in Isabelle/Scala (e.g. see isabelle.Bibtex.File_Format), configured via -the shell function "isabelle_file_format" in etc/settings (e.g. of an -Isabelle component). - -* System option "jedit_text_overview" allows to disable the text -overview column. - -* Command-line options "-s" and "-u" of "isabelle jedit" override the -default for system option "system_heaps" that determines the heap -storage directory for "isabelle build". Option "-n" is now clearly -separated from option "-s". - -* The Isabelle/jEdit desktop application uses the same options as -"isabelle jedit" for its internal "isabelle build" process: the implicit -option "-o system_heaps" (or "-s") has been discontinued. This reduces -the potential for surprise wrt. command-line tools. - -* The official download of the Isabelle/jEdit application already -contains heap images for Isabelle/HOL within its main directory: thus -the first encounter becomes faster and more robust (e.g. when run from a -read-only directory). - -* Isabelle DejaVu fonts are available with hinting by default, which is -relevant for low-resolution displays. This may be disabled via system -option "isabelle_fonts_hinted = false" in -$ISABELLE_HOME_USER/etc/preferences -- it occasionally yields better -results. - -* OpenJDK 11 has quite different font rendering, with better glyph -shapes and improved sub-pixel anti-aliasing. In some situations results -might be *worse* than Oracle Java 8, though -- a proper HiDPI / UHD -display is recommended. - -* OpenJDK 11 supports GTK version 2.2 and 3 (according to system -property jdk.gtk.version). The factory default is version 3, but -ISABELLE_JAVA_SYSTEM_OPTIONS includes "-Djdk.gtk.version=2.2" to make -this more conservative (as in Java 8). Depending on the GTK theme -configuration, "-Djdk.gtk.version=3" might work better or worse. - - -*** Document preparation *** - -* Document markers are formal comments of the form \<^marker>\marker_body\ that -are stripped from document output: the effect is to modify the semantic -presentation context or to emit markup to the PIDE document. Some -predefined markers are taken from the Dublin Core Metadata Initiative, -e.g. \<^marker>\contributor arg\ or \<^marker>\license arg\ and produce PIDE markup that -can be retrieved from the document database. - -* Old-style command tags %name are re-interpreted as markers with -proof-scope \<^marker>\tag (proof) name\ and produce LaTeX environments as -before. Potential INCOMPATIBILITY: multiple markers are composed in -canonical order, resulting in a reversed list of tags in the -presentation context. - -* Marker \<^marker>\tag name\ does not apply to the proof of a top-level goal -statement by default (e.g. 'theorem', 'lemma'). This is a subtle change -of semantics wrt. old-style %name. - -* In Isabelle/jEdit, the string "\tag" may be completed to a "\<^marker>\tag \" -template. - -* Document antiquotation option "cartouche" indicates if the output -should be delimited as cartouche; this takes precedence over the -analogous option "quotes". - -* Many document antiquotations are internally categorized as "embedded" -and expect one cartouche argument, which is typically used with the -\<^control>\cartouche\ notation (e.g. \<^term>\\x y. x\). The cartouche -delimiters are stripped in output of the source (antiquotation option -"source"), but it is possible to enforce delimiters via option -"source_cartouche", e.g. @{term [source_cartouche] \\x y. x\}. - - -*** Isar *** - -* Implicit cases goal1, goal2, goal3, etc. have been discontinued -(legacy feature since Isabelle2016). - -* More robust treatment of structural errors: begin/end blocks take -precedence over goal/proof. This is particularly relevant for the -headless PIDE session and server. - -* Command keywords of kind thy_decl / thy_goal may be more specifically -fit into the traditional document model of "definition-statement-proof" -via thy_defn / thy_stmt / thy_goal_defn / thy_goal_stmt. - - -*** HOL *** - -* Command 'export_code' produces output as logical files within the -theory context, as well as formal session exports that can be -materialized via command-line tools "isabelle export" or "isabelle build --e" (with 'export_files' in the session ROOT). Isabelle/jEdit also -provides a virtual file-system "isabelle-export:" that can be explored -in the regular file-browser. A 'file_prefix' argument allows to specify -an explicit name prefix for the target file (SML, OCaml, Scala) or -directory (Haskell); the default is "export" with a consecutive number -within each theory. - -* Command 'export_code': the 'file' argument is now legacy and will be -removed soon: writing to the physical file-system is not well-defined in -a reactive/parallel application like Isabelle. The empty 'file' argument -has been discontinued already: it is superseded by the file-browser in -Isabelle/jEdit on "isabelle-export:". Minor INCOMPATIBILITY. - -* Command 'code_reflect' no longer supports the 'file' argument: it has -been superseded by 'file_prefix' for stateless file management as in -'export_code'. Minor INCOMPATIBILITY. - -* Code generation for OCaml: proper strings are used for literals. -Minor INCOMPATIBILITY. - -* Code generation for OCaml: Zarith supersedes Nums as library for -proper integer arithmetic. The library is located via standard -invocations of "ocamlfind" (via ISABELLE_OCAMLFIND settings variable). -The environment provided by "isabelle ocaml_setup" already contains this -tool and the required packages. Minor INCOMPATIBILITY. - -* Code generation for Haskell: code includes for Haskell must contain -proper module frame, nothing is added magically any longer. -INCOMPATIBILITY. - -* Code generation: slightly more conventional syntax for 'code_stmts' -antiquotation. Minor INCOMPATIBILITY. - -* Theory List: the precedence of the list_update operator has changed: -"f a [n := x]" now needs to be written "(f a)[n := x]". - -* The functions \, \, \, \ (not the corresponding binding operators) -now have the same precedence as any other prefix function symbol. Minor -INCOMPATIBILITY. - -* Simplified syntax setup for big operators under image. In rare -situations, type conversions are not inserted implicitly any longer -and need to be given explicitly. Auxiliary abbreviations INFIMUM, -SUPREMUM, UNION, INTER should now rarely occur in output and are just -retained as migration auxiliary. Abbreviations MINIMUM and MAXIMUM -are gone INCOMPATIBILITY. - -* The simplifier uses image_cong_simp as a congruence rule. The historic -and not really well-formed congruence rules INF_cong*, SUP_cong*, are -not used by default any longer. INCOMPATIBILITY; consider using declare -image_cong_simp [cong del] in extreme situations. - -* INF_image and SUP_image are no default simp rules any longer. -INCOMPATIBILITY, prefer image_comp as simp rule if needed. - -* Strong congruence rules (with =simp=> in the premises) for constant f -are now uniformly called f_cong_simp, in accordance with congruence -rules produced for mappers by the datatype package. INCOMPATIBILITY. - -* Retired lemma card_Union_image; use the simpler card_UN_disjoint -instead. INCOMPATIBILITY. - -* Facts sum_mset.commute and prod_mset.commute have been renamed to -sum_mset.swap and prod_mset.swap, similarly to sum.swap and prod.swap. -INCOMPATIBILITY. - -* ML structure Inductive: slightly more conventional naming schema. -Minor INCOMPATIBILITY. - -* ML: Various _global variants of specification tools have been removed. -Minor INCOMPATIBILITY, prefer combinators -Named_Target.theory_map[_result] to lift specifications to the global -theory level. - -* Theory HOL-Library.Simps_Case_Conv: 'case_of_simps' now supports -overlapping and non-exhaustive patterns and handles arbitrarily nested -patterns. It uses on the same algorithm as HOL-Library.Code_Lazy, which -assumes sequential left-to-right pattern matching. The generated -equation no longer tuples the arguments on the right-hand side. -INCOMPATIBILITY. - -* Theory HOL-Library.Multiset: the \# operator now has the same -precedence as any other prefix function symbol. - -* Theory HOL-Library.Cardinal_Notations has been discontinued in favor -of the bundle cardinal_syntax (available in theory Main). Minor -INCOMPATIBILITY. - -* Session HOL-Library and HOL-Number_Theory: Exponentiation by squaring, -used for computing powers in class "monoid_mult" and modular -exponentiation. - -* Session HOL-Computational_Algebra: Formal Laurent series and overhaul -of Formal power series. - -* Session HOL-Number_Theory: More material on residue rings in -Carmichael's function, primitive roots, more properties for "ord". - -* Session HOL-Analysis: Better organization and much more material -at the level of abstract topological spaces. - -* Session HOL-Algebra: Free abelian groups, etc., ported from HOL Light; - algebraic closure of a field by de Vilhena and Baillon. - -* Session HOL-Homology has been added. It is a port of HOL Light's -homology library, with new proofs of "invariance of domain" and related -results. - -* Session HOL-SPARK: .prv files are no longer written to the -file-system, but exported to the session database. Results may be -retrieved via "isabelle build -e HOL-SPARK-Examples" on the -command-line. - -* Sledgehammer: - - The URL for SystemOnTPTP, which is used by remote provers, has been - updated. - - The machine-learning-based filter MaSh has been optimized to take - less time (in most cases). - -* SMT: reconstruction is now possible using the SMT solver veriT. - -* Session HOL-Word: - * New theory More_Word as comprehensive entrance point. - * Merged type class bitss into type class bits. - INCOMPATIBILITY. - - -*** ML *** - -* Command 'generate_file' allows to produce sources for other languages, -with antiquotations in the Isabelle context (only the control-cartouche -form). The default "cartouche" antiquotation evaluates an ML expression -of type string and inlines the result as a string literal of the target -language. For example, this works for Haskell as follows: - - generate_file "Pure.hs" = \ - module Isabelle.Pure where - allConst, impConst, eqConst :: String - allConst = \\<^const_name>\Pure.all\\ - impConst = \\<^const_name>\Pure.imp\\ - eqConst = \\<^const_name>\Pure.eq\\ - \ - -See also commands 'export_generated_files' and 'compile_generated_files' -to use the results. - -* ML evaluation (notably via command 'ML' or 'ML_file') is subject to -option ML_environment to select a named environment, such as "Isabelle" -for Isabelle/ML, or "SML" for official Standard ML. - -* ML antiquotation @{master_dir} refers to the master directory of the -underlying theory, i.e. the directory of the theory file. - -* ML antiquotation @{verbatim} inlines its argument as string literal, -preserving newlines literally. The short form \<^verbatim>\abc\ is particularly -useful. - -* Local_Theory.reset is no longer available in user space. Regular -definitional packages should use balanced blocks of -Local_Theory.open_target versus Local_Theory.close_target instead, or -the Local_Theory.subtarget(_result) combinator. Rare INCOMPATIBILITY. - -* Original PolyML.pointerEq is retained as a convenience for tools that -don't use Isabelle/ML (where this is called "pointer_eq"). - - -*** System *** - -* Update to OpenJDK 11: the current long-term support version of Java. - -* Update to Poly/ML 5.8 allows to use the native x86_64 platform without -the full overhead of 64-bit values everywhere. This special x86_64_32 -mode provides up to 16GB ML heap, while program code and stacks are -allocated elsewhere. Thus approx. 5 times more memory is available for -applications compared to old x86 mode (which is no longer used by -Isabelle). The switch to the x86_64 CPU architecture also avoids -compatibility problems with Linux and macOS, where 32-bit applications -are gradually phased out. - -* System option "checkpoint" has been discontinued: obsolete thanks to -improved memory management in Poly/ML. - -* System option "system_heaps" determines where to store the session -image of "isabelle build" (and other tools using that internally). -Former option "-s" is superseded by option "-o system_heaps". -INCOMPATIBILITY in command-line syntax. - -* Session directory $ISABELLE_HOME/src/Tools/Haskell provides some -source modules for Isabelle tools implemented in Haskell, notably for -Isabelle/PIDE. - -* The command-line tool "isabelle build -e" retrieves theory exports -from the session build database, using 'export_files' in session ROOT -entries. - -* The command-line tool "isabelle update" uses Isabelle/PIDE in -batch-mode to update theory sources based on semantic markup produced in -Isabelle/ML. Actual updates depend on system options that may be enabled -via "-u OPT" (for "update_OPT"), see also $ISABELLE_HOME/etc/options -section "Theory update". Theory sessions are specified as in "isabelle -dump". - -* The command-line tool "isabelle update -u control_cartouches" changes -antiquotations into control-symbol format (where possible): @{NAME} -becomes \<^NAME> and @{NAME ARG} becomes \<^NAME>\ARG\. - -* Support for Isabelle command-line tools defined in Isabelle/Scala. -Instances of class Isabelle_Scala_Tools may be configured via the shell -function "isabelle_scala_tools" in etc/settings (e.g. of an Isabelle -component). - -* Isabelle Server command "use_theories" supports "nodes_status_delay" -for continuous output of node status information. The time interval is -specified in seconds; a negative value means it is disabled (default). - -* Isabelle Server command "use_theories" terminates more robustly in the -presence of structurally broken sources: full consolidation of theories -is no longer required. - -* OCaml tools and libraries are now accesed via ISABELLE_OCAMLFIND, -which needs to point to a suitable version of "ocamlfind" (e.g. via -OPAM, see below). INCOMPATIBILITY: settings variables ISABELLE_OCAML and -ISABELLE_OCAMLC are no longer supported. - -* Support for managed installations of Glasgow Haskell Compiler and -OCaml via the following command-line tools: - - isabelle ghc_setup - isabelle ghc_stack - - isabelle ocaml_setup - isabelle ocaml_opam - -The global installation state is determined by the following settings -(and corresponding directory contents): - - ISABELLE_STACK_ROOT - ISABELLE_STACK_RESOLVER - ISABELLE_GHC_VERSION - - ISABELLE_OPAM_ROOT - ISABELLE_OCAML_VERSION - -After setup, the following Isabelle settings are automatically -redirected (overriding existing user settings): - - ISABELLE_GHC - - ISABELLE_OCAMLFIND - -The old meaning of these settings as locally installed executables may -be recovered by purging the directories ISABELLE_STACK_ROOT / -ISABELLE_OPAM_ROOT, or by resetting these variables in -$ISABELLE_HOME_USER/etc/settings. - - - -New in Isabelle2018 (August 2018) ---------------------------------- - -*** General *** - -* Session-qualified theory names are mandatory: it is no longer possible -to refer to unqualified theories from the parent session. -INCOMPATIBILITY for old developments that have not been updated to -Isabelle2017 yet (using the "isabelle imports" tool). - -* Only the most fundamental theory names are global, usually the entry -points to major logic sessions: Pure, Main, Complex_Main, HOLCF, IFOL, -FOL, ZF, ZFC etc. INCOMPATIBILITY, need to use qualified names for -formerly global "HOL-Probability.Probability" and "HOL-SPARK.SPARK". - -* Global facts need to be closed: no free variables and no hypotheses. -Rare INCOMPATIBILITY. - -* Facts stemming from locale interpretation are subject to lazy -evaluation for improved performance. Rare INCOMPATIBILITY: errors -stemming from interpretation morphisms might be deferred and thus -difficult to locate; enable system option "strict_facts" temporarily to -avoid this. - -* Marginal comments need to be written exclusively in the new-style form -"\ \text\", old ASCII variants like "-- {* ... *}" are no longer -supported. INCOMPATIBILITY, use the command-line tool "isabelle -update_comments" to update existing theory files. - -* Old-style inner comments (* ... *) within the term language are legacy -and will be discontinued soon: use formal comments "\ \...\" or "\<^cancel>\...\" -instead. - -* The "op " syntax for infix operators has been replaced by -"()". If begins or ends with a "*", there needs to -be a space between the "*" and the corresponding parenthesis. -INCOMPATIBILITY, use the command-line tool "isabelle update_op" to -convert theory and ML files to the new syntax. Because it is based on -regular expression matching, the result may need a bit of manual -postprocessing. Invoking "isabelle update_op" converts all files in the -current directory (recursively). In case you want to exclude conversion -of ML files (because the tool frequently also converts ML's "op" -syntax), use option "-m". - -* Theory header 'abbrevs' specifications need to be separated by 'and'. -INCOMPATIBILITY. - -* Command 'external_file' declares the formal dependency on the given -file name, such that the Isabelle build process knows about it, but -without specific Prover IDE management. - -* Session ROOT entries no longer allow specification of 'files'. Rare -INCOMPATIBILITY, use command 'external_file' within a proper theory -context. - -* Session root directories may be specified multiple times: each -accessible ROOT file is processed only once. This facilitates -specification of $ISABELLE_HOME_USER/ROOTS or command-line options like --d or -D for "isabelle build" and "isabelle jedit". Example: - - isabelle build -D '~~/src/ZF' - -* The command 'display_drafts' has been discontinued. INCOMPATIBILITY, -use action "isabelle.draft" (or "print") in Isabelle/jEdit instead. - -* In HTML output, the Isabelle symbol "\" is rendered as explicit -Unicode hyphen U+2010, to avoid unclear meaning of the old "soft hyphen" -U+00AD. Rare INCOMPATIBILITY, e.g. copy-paste of historic Isabelle HTML -output. - - -*** Isabelle/jEdit Prover IDE *** - -* The command-line tool "isabelle jedit" provides more flexible options -for session management: - - - option -R builds an auxiliary logic image with all theories from - other sessions that are not already present in its parent - - - option -S is like -R, with a focus on the selected session and its - descendants (this reduces startup time for big projects like AFP) - - - option -A specifies an alternative ancestor session for options -R - and -S - - - option -i includes additional sessions into the name-space of - theories - - Examples: - isabelle jedit -R HOL-Number_Theory - isabelle jedit -R HOL-Number_Theory -A HOL - isabelle jedit -d '$AFP' -S Formal_SSA -A HOL - isabelle jedit -d '$AFP' -S Formal_SSA -A HOL-Analysis - isabelle jedit -d '$AFP' -S Formal_SSA -A HOL-Analysis -i CryptHOL - -* PIDE markup for session ROOT files: allows to complete session names, -follow links to theories and document files etc. - -* Completion supports theory header imports, using theory base name. -E.g. "Prob" may be completed to "HOL-Probability.Probability". - -* Named control symbols (without special Unicode rendering) are shown as -bold-italic keyword. This is particularly useful for the short form of -antiquotations with control symbol: \<^name>\argument\. The action -"isabelle.antiquoted_cartouche" turns an antiquotation with 0 or 1 -arguments into this format. - -* Completion provides templates for named symbols with arguments, -e.g. "\ \ARGUMENT\" or "\<^emph>\ARGUMENT\". - -* Slightly more parallel checking, notably for high priority print -functions (e.g. State output). - -* The view title is set dynamically, according to the Isabelle -distribution and the logic session name. The user can override this via -set-view-title (stored persistently in $JEDIT_SETTINGS/perspective.xml). - -* System options "spell_checker_include" and "spell_checker_exclude" -supersede former "spell_checker_elements" to determine regions of text -that are subject to spell-checking. Minor INCOMPATIBILITY. - -* Action "isabelle.preview" is able to present more file formats, -notably bibtex database files and ML files. - -* Action "isabelle.draft" is similar to "isabelle.preview", but shows a -plain-text document draft. Both are available via the menu "Plugins / -Isabelle". - -* When loading text files, the Isabelle symbols encoding UTF-8-Isabelle -is only used if there is no conflict with existing Unicode sequences in -the file. Otherwise, the fallback encoding is plain UTF-8 and Isabelle -symbols remain in literal \ form. This avoids accidental loss of -Unicode content when saving the file. - -* Bibtex database files (.bib) are semantically checked. - -* Update to jedit-5.5.0, the latest release. - - -*** Isabelle/VSCode Prover IDE *** - -* HTML preview of theories and other file-formats similar to -Isabelle/jEdit. - -* Command-line tool "isabelle vscode_server" accepts the same options --A, -R, -S, -i for session selection as "isabelle jedit". This is -relevant for isabelle.args configuration settings in VSCode. The former -option -A (explore all known session files) has been discontinued: it is -enabled by default, unless option -S is used to focus on a particular -spot in the session structure. INCOMPATIBILITY. - - -*** Document preparation *** - -* Formal comments work uniformly in outer syntax, inner syntax (term -language), Isabelle/ML and some other embedded languages of Isabelle. -See also "Document comments" in the isar-ref manual. The following forms -are supported: - - - marginal text comment: \ \\\ - - canceled source: \<^cancel>\\\ - - raw LaTeX: \<^latex>\\\ - -* Outside of the inner theory body, the default presentation context is -theory Pure. Thus elementary antiquotations may be used in markup -commands (e.g. 'chapter', 'section', 'text') and formal comments. - -* System option "document_tags" specifies alternative command tags. This -is occasionally useful to control the global visibility of commands via -session options (e.g. in ROOT). - -* Document markup commands ('section', 'text' etc.) are implicitly -tagged as "document" and visible by default. This avoids the application -of option "document_tags" to these commands. - -* Isabelle names are mangled into LaTeX macro names to allow the full -identifier syntax with underscore, prime, digits. This is relevant for -antiquotations in control symbol notation, e.g. \<^const_name> becomes -\isactrlconstUNDERSCOREname. - -* Document preparation with skip_proofs option now preserves the content -more accurately: only terminal proof steps ('by' etc.) are skipped. - -* Document antiquotation @{theory name} requires the long -session-qualified theory name: this is what users reading the text -normally need to import. - -* Document antiquotation @{session name} checks and prints the given -session name verbatim. - -* Document antiquotation @{cite} now checks the given Bibtex entries -against the Bibtex database files -- only in batch-mode session builds. - -* Command-line tool "isabelle document" has been re-implemented in -Isabelle/Scala, with simplified arguments and explicit errors from the -latex and bibtex process. Minor INCOMPATIBILITY. - -* Session ROOT entry: empty 'document_files' means there is no document -for this session. There is no need to specify options [document = false] -anymore. - - -*** Isar *** - -* Command 'interpret' no longer exposes resulting theorems as literal -facts, notably for the \prop\ notation or the "fact" proof method. This -improves modularity of proofs and scalability of locale interpretation. -Rare INCOMPATIBILITY, need to refer to explicitly named facts instead -(e.g. use 'find_theorems' or 'try' to figure this out). - -* The old 'def' command has been discontinued (legacy since -Isbelle2016-1). INCOMPATIBILITY, use 'define' instead -- usually with -object-logic equality or equivalence. - - -*** Pure *** - -* The inner syntax category "sort" now includes notation "_" for the -dummy sort: it is effectively ignored in type-inference. - -* Rewrites clauses (keyword 'rewrites') were moved into the locale -expression syntax, where they are part of locale instances. In -interpretation commands rewrites clauses now need to occur before 'for' -and 'defines'. Rare INCOMPATIBILITY; definitions immediately subject to -rewriting may need to be pulled up into the surrounding theory. - -* For 'rewrites' clauses, if activating a locale instance fails, fall -back to reading the clause first. This helps avoid qualification of -locale instances where the qualifier's sole purpose is avoiding -duplicate constant declarations. - -* Proof method "simp" now supports a new modifier "flip:" followed by a -list of theorems. Each of these theorems is removed from the simpset -(without warning if it is not there) and the symmetric version of the -theorem (i.e. lhs and rhs exchanged) is added to the simpset. For "auto" -and friends the modifier is "simp flip:". - - -*** HOL *** - -* Sledgehammer: bundled version of "vampire" (for non-commercial users) -helps to avoid fragility of "remote_vampire" service. - -* Clarified relationship of characters, strings and code generation: - - - Type "char" is now a proper datatype of 8-bit values. - - - Conversions "nat_of_char" and "char_of_nat" are gone; use more - general conversions "of_char" and "char_of" with suitable type - constraints instead. - - - The zero character is just written "CHR 0x00", not "0" any longer. - - - Type "String.literal" (for code generation) is now isomorphic to - lists of 7-bit (ASCII) values; concrete values can be written as - "STR ''...''" for sequences of printable characters and "STR 0x..." - for one single ASCII code point given as hexadecimal numeral. - - - Type "String.literal" supports concatenation "... + ..." for all - standard target languages. - - - Theory HOL-Library.Code_Char is gone; study the explanations - concerning "String.literal" in the tutorial on code generation to - get an idea how target-language string literals can be converted to - HOL string values and vice versa. - - - Session Imperative-HOL: operation "raise" directly takes a value of - type "String.literal" as argument, not type "string". - -INCOMPATIBILITY. - -* Code generation: Code generation takes an explicit option -"case_insensitive" to accomodate case-insensitive file systems. - -* Abstract bit operations as part of Main: push_bit, take_bit, drop_bit. - -* New, more general, axiomatization of complete_distrib_lattice. The -former axioms: - - "sup x (Inf X) = Inf (sup x ` X)" and "inf x (Sup X) = Sup (inf x ` X)" - -are replaced by: - - "Inf (Sup ` A) <= Sup (Inf ` {f ` A | f . (! Y \ A . f Y \ Y)})" - -The instantiations of sets and functions as complete_distrib_lattice are -moved to Hilbert_Choice.thy because their proofs need the Hilbert choice -operator. The dual of this property is also proved in theory -HOL.Hilbert_Choice. - -* New syntax for the minimum/maximum of a function over a finite set: -MIN x\A. B and even MIN x. B (only useful for finite types), also MAX. - -* Clarifed theorem names: - - Min.antimono ~> Min.subset_imp - Max.antimono ~> Max.subset_imp - -Minor INCOMPATIBILITY. - -* SMT module: - - - The 'smt_oracle' option is now necessary when using the 'smt' method - with a solver other than Z3. INCOMPATIBILITY. - - - The encoding to first-order logic is now more complete in the - presence of higher-order quantifiers. An 'smt_explicit_application' - option has been added to control this. INCOMPATIBILITY. - -* Facts sum.commute(_restrict) and prod.commute(_restrict) renamed to -sum.swap(_restrict) and prod.swap(_restrict), to avoid name clashes on -interpretation of abstract locales. INCOMPATIBILITY. - -* Predicate coprime is now a real definition, not a mere abbreviation. -INCOMPATIBILITY. - -* Predicate pairwise_coprime abolished, use "pairwise coprime" instead. -INCOMPATIBILITY. - -* The relator rel_filter on filters has been strengthened to its -canonical categorical definition with better properties. -INCOMPATIBILITY. - -* Generalized linear algebra involving linear, span, dependent, dim -from type class real_vector to locales module and vector_space. -Renamed: - - span_inc ~> span_superset - span_superset ~> span_base - span_eq ~> span_eq_iff - -INCOMPATIBILITY. - -* Class linordered_semiring_1 covers zero_less_one also, ruling out -pathologic instances. Minor INCOMPATIBILITY. - -* Theory HOL.List: functions "sorted_wrt" and "sorted" now compare every -element in a list to all following elements, not just the next one. - -* Theory HOL.List syntax: - - - filter-syntax "[x <- xs. P]" is no longer output syntax, but only - input syntax - - - list comprehension syntax now supports tuple patterns in "pat <- xs" - -* Theory Map: "empty" must now be qualified as "Map.empty". - -* Removed nat-int transfer machinery. Rare INCOMPATIBILITY. - -* Fact mod_mult_self4 (on nat) renamed to Suc_mod_mult_self3, to avoid -clash with fact mod_mult_self4 (on more generic semirings). -INCOMPATIBILITY. - -* Eliminated some theorem aliasses: - even_times_iff ~> even_mult_iff - mod_2_not_eq_zero_eq_one_nat ~> not_mod_2_eq_0_eq_1 - even_of_nat ~> even_int_iff - -INCOMPATIBILITY. - -* Eliminated some theorem duplicate variations: - - - dvd_eq_mod_eq_0_numeral can be replaced by dvd_eq_mod_eq_0 - - mod_Suc_eq_Suc_mod can be replaced by mod_Suc - - mod_Suc_eq_Suc_mod [symmetrict] can be replaced by mod_simps - - mod_eq_0_iff can be replaced by mod_eq_0_iff_dvd and dvd_def - - the witness of mod_eqD can be given directly as "_ div _" - -INCOMPATIBILITY. - -* Classical setup: Assumption "m mod d = 0" (for m d :: nat) is no -longer aggresively destroyed to "\q. m = d * q". INCOMPATIBILITY, adding -"elim!: dvd" to classical proof methods in most situations restores -broken proofs. - -* Theory HOL-Library.Conditional_Parametricity provides command -'parametric_constant' for proving parametricity of non-recursive -definitions. For constants that are not fully parametric the command -will infer conditions on relations (e.g., bi_unique, bi_total, or type -class conditions such as "respects 0") sufficient for parametricity. See -theory HOL-ex.Conditional_Parametricity_Examples for some examples. - -* Theory HOL-Library.Code_Lazy provides a new preprocessor for the code -generator to generate code for algebraic types with lazy evaluation -semantics even in call-by-value target languages. See the theories -HOL-ex.Code_Lazy_Demo and HOL-Codegenerator_Test.Code_Lazy_Test for some -examples. - -* Theory HOL-Library.Landau_Symbols has been moved here from AFP. - -* Theory HOL-Library.Old_Datatype no longer provides the legacy command -'old_datatype'. INCOMPATIBILITY. - -* Theory HOL-Computational_Algebra.Polynomial_Factorial does not provide -instances of rat, real, complex as factorial rings etc. Import -HOL-Computational_Algebra.Field_as_Ring explicitly in case of need. -INCOMPATIBILITY. - -* Session HOL-Algebra: renamed (^) to [^] to avoid conflict with new -infix/prefix notation. - -* Session HOL-Algebra: revamped with much new material. The set of -isomorphisms between two groups is now denoted iso rather than iso_set. -INCOMPATIBILITY. - -* Session HOL-Analysis: the Arg function now respects the same interval -as Ln, namely (-pi,pi]; the old Arg function has been renamed Arg2pi. -INCOMPATIBILITY. - -* Session HOL-Analysis: the functions zorder, zer_poly, porder and -pol_poly have been redefined. All related lemmas have been reworked. -INCOMPATIBILITY. - -* Session HOL-Analysis: infinite products, Moebius functions, the -Riemann mapping theorem, the Vitali covering theorem, -change-of-variables results for integration and measures. - -* Session HOL-Real_Asymp: proof method "real_asymp" proves asymptotics -or real-valued functions (limits, "Big-O", etc.) automatically. -See also ~~/src/HOL/Real_Asymp/Manual for some documentation. - -* Session HOL-Types_To_Sets: more tool support (unoverload_type combines -internalize_sorts and unoverload) and larger experimental application -(type based linear algebra transferred to linear algebra on subspaces). - - -*** ML *** - -* Operation Export.export emits theory exports (arbitrary blobs), which -are stored persistently in the session build database. - -* Command 'ML_export' exports ML toplevel bindings to the global -bootstrap environment of the ML process. This allows ML evaluation -without a formal theory context, e.g. in command-line tools like -"isabelle process". - - -*** System *** - -* Mac OS X 10.10 Yosemite is now the baseline version; Mavericks is no -longer supported. - -* Linux and Windows/Cygwin is for x86_64 only, old 32bit platform -support has been discontinued. - -* Java runtime is for x86_64 only. Corresponding Isabelle settings have -been renamed to ISABELLE_TOOL_JAVA_OPTIONS and JEDIT_JAVA_OPTIONS, -instead of former 32/64 variants. INCOMPATIBILITY. - -* Old settings ISABELLE_PLATFORM and ISABELLE_WINDOWS_PLATFORM should be -phased out due to unclear preference of 32bit vs. 64bit architecture. -Explicit GNU bash expressions are now preferred, for example (with -quotes): - - #Posix executables (Unix or Cygwin), with preference for 64bit - "${ISABELLE_PLATFORM64:-$ISABELLE_PLATFORM32}" - - #native Windows or Unix executables, with preference for 64bit - "${ISABELLE_WINDOWS_PLATFORM64:-${ISABELLE_WINDOWS_PLATFORM32:-${ISABELLE_PLATFORM64:-$ISABELLE_PLATFORM32}}}" - - #native Windows (32bit) or Unix executables (preference for 64bit) - "${ISABELLE_WINDOWS_PLATFORM32:-${ISABELLE_PLATFORM64:-$ISABELLE_PLATFORM32}}" - -* Command-line tool "isabelle build" supports new options: - - option -B NAME: include session NAME and all descendants - - option -S: only observe changes of sources, not heap images - - option -f: forces a fresh build - -* Command-line tool "isabelle build" options -c -x -B refer to -descendants wrt. the session parent or import graph. Subtle -INCOMPATIBILITY: options -c -x used to refer to the session parent graph -only. - -* Command-line tool "isabelle build" takes "condition" options with the -corresponding environment values into account, when determining the -up-to-date status of a session. - -* The command-line tool "dump" dumps information from the cumulative -PIDE session database: many sessions may be loaded into a given logic -image, results from all loaded theories are written to the output -directory. - -* Command-line tool "isabelle imports -I" also reports actual session -imports. This helps to minimize the session dependency graph. - -* The command-line tool "export" and 'export_files' in session ROOT -entries retrieve theory exports from the session build database. - -* The command-line tools "isabelle server" and "isabelle client" provide -access to the Isabelle Server: it supports responsive session management -and concurrent use of theories, based on Isabelle/PIDE infrastructure. -See also the "system" manual. - -* The command-line tool "isabelle update_comments" normalizes formal -comments in outer syntax as follows: \ \text\ (whith a single space to -approximate the appearance in document output). This is more specific -than former "isabelle update_cartouches -c": the latter tool option has -been discontinued. - -* The command-line tool "isabelle mkroot" now always produces a document -outline: its options have been adapted accordingly. INCOMPATIBILITY. - -* The command-line tool "isabelle mkroot -I" initializes a Mercurial -repository for the generated session files. - -* Settings ISABELLE_HEAPS + ISABELLE_BROWSER_INFO (or -ISABELLE_HEAPS_SYSTEM + ISABELLE_BROWSER_INFO_SYSTEM in "system build -mode") determine the directory locations of the main build artefacts -- -instead of hard-wired directories in ISABELLE_HOME_USER (or -ISABELLE_HOME). - -* Settings ISABELLE_PATH and ISABELLE_OUTPUT have been discontinued: -heap images and session databases are always stored in -$ISABELLE_HEAPS/$ML_IDENTIFIER (command-line default) or -$ISABELLE_HEAPS_SYSTEM/$ML_IDENTIFIER (main Isabelle application or -"isabelle jedit -s" or "isabelle build -s"). - -* ISABELLE_LATEX and ISABELLE_PDFLATEX now include platform-specific -options for improved error reporting. Potential INCOMPATIBILITY with -unusual LaTeX installations, may have to adapt these settings. - -* Update to Poly/ML 5.7.1 with slightly improved performance and PIDE -markup for identifier bindings. It now uses The GNU Multiple Precision -Arithmetic Library (libgmp) on all platforms, notably Mac OS X with -32/64 bit. - - - -New in Isabelle2017 (October 2017) ----------------------------------- - -*** General *** - -* Experimental support for Visual Studio Code (VSCode) as alternative -Isabelle/PIDE front-end, see also -https://marketplace.visualstudio.com/items?itemName=makarius.Isabelle2017 - -VSCode is a new type of application that continues the concepts of -"programmer's editor" and "integrated development environment" towards -fully semantic editing and debugging -- in a relatively light-weight -manner. Thus it fits nicely on top of the Isabelle/PIDE infrastructure. -Technically, VSCode is based on the Electron application framework -(Node.js + Chromium browser + V8), which is implemented in JavaScript -and TypeScript, while Isabelle/VSCode mainly consists of Isabelle/Scala -modules around a Language Server implementation. - -* Theory names are qualified by the session name that they belong to. -This affects imports, but not the theory name space prefix (which is -just the theory base name as before). - -In order to import theories from other sessions, the ROOT file format -provides a new 'sessions' keyword. In contrast, a theory that is -imported in the old-fashioned manner via an explicit file-system path -belongs to the current session, and might cause theory name conflicts -later on. Theories that are imported from other sessions are excluded -from the current session document. The command-line tool "isabelle -imports" helps to update theory imports. - -* The main theory entry points for some non-HOL sessions have changed, -to avoid confusion with the global name "Main" of the session HOL. This -leads to the follow renamings: - - CTT/Main.thy ~> CTT/CTT.thy - ZF/Main.thy ~> ZF/ZF.thy - ZF/Main_ZF.thy ~> ZF/ZF.thy - ZF/Main_ZFC.thy ~> ZF/ZFC.thy - ZF/ZF.thy ~> ZF/ZF_Base.thy - -INCOMPATIBILITY. - -* Commands 'alias' and 'type_alias' introduce aliases for constants and -type constructors, respectively. This allows adhoc changes to name-space -accesses within global or local theory contexts, e.g. within a 'bundle'. - -* Document antiquotations @{prf} and @{full_prf} output proof terms -(again) in the same way as commands 'prf' and 'full_prf'. - -* Computations generated by the code generator can be embedded directly -into ML, alongside with @{code} antiquotations, using the following -antiquotations: - - @{computation ... terms: ... datatypes: ...} : - ((term -> term) -> 'ml option -> 'a) -> Proof.context -> term -> 'a - @{computation_conv ... terms: ... datatypes: ...} : - (Proof.context -> 'ml -> conv) -> Proof.context -> conv - @{computation_check terms: ... datatypes: ...} : Proof.context -> conv - -See src/HOL/ex/Computations.thy, -src/HOL/Decision_Procs/Commutative_Ring.thy and -src/HOL/Decision_Procs/Reflective_Field.thy for examples and the -tutorial on code generation. - - -*** Prover IDE -- Isabelle/Scala/jEdit *** - -* Session-qualified theory imports allow the Prover IDE to process -arbitrary theory hierarchies independently of the underlying logic -session image (e.g. option "isabelle jedit -l"), but the directory -structure needs to be known in advance (e.g. option "isabelle jedit -d" -or a line in the file $ISABELLE_HOME_USER/ROOTS). - -* The PIDE document model maintains file content independently of the -status of jEdit editor buffers. Reloading jEdit buffers no longer causes -changes of formal document content. Theory dependencies are always -resolved internally, without the need for corresponding editor buffers. -The system option "jedit_auto_load" has been discontinued: it is -effectively always enabled. - -* The Theories dockable provides a "Purge" button, in order to restrict -the document model to theories that are required for open editor -buffers. - -* The Theories dockable indicates the overall status of checking of each -entry. When all forked tasks of a theory are finished, the border is -painted with thick lines; remaining errors in this situation are -represented by a different border color. - -* Automatic indentation is more careful to avoid redundant spaces in -intermediate situations. Keywords are indented after input (via typed -characters or completion); see also option "jedit_indent_input". - -* Action "isabelle.preview" opens an HTML preview of the current theory -document in the default web browser. - -* Command-line invocation "isabelle jedit -R -l LOGIC" opens the ROOT -entry of the specified logic session in the editor, while its parent is -used for formal checking. - -* The main Isabelle/jEdit plugin may be restarted manually (using the -jEdit Plugin Manager), as long as the "Isabelle Base" plugin remains -enabled at all times. - -* Update to current jedit-5.4.0. - - -*** Pure *** - -* Deleting the last code equations for a particular function using -[code del] results in function with no equations (runtime abort) rather -than an unimplemented function (generation time abort). Use explicit -[[code drop:]] to enforce the latter. Minor INCOMPATIBILITY. - -* Proper concept of code declarations in code.ML: - - Regular code declarations act only on the global theory level, being - ignored with warnings if syntactically malformed. - - Explicitly global code declarations yield errors if syntactically - malformed. - - Default code declarations are silently ignored if syntactically - malformed. -Minor INCOMPATIBILITY. - -* Clarified and standardized internal data bookkeeping of code -declarations: history of serials allows to track potentially -non-monotonous declarations appropriately. Minor INCOMPATIBILITY. - - -*** HOL *** - -* The Nunchaku model finder is now part of "Main". - -* SMT module: - - A new option, 'smt_nat_as_int', has been added to translate 'nat' to - 'int' and benefit from the SMT solver's theory reasoning. It is - disabled by default. - - The legacy module "src/HOL/Library/Old_SMT.thy" has been removed. - - Several small issues have been rectified in the 'smt' command. - -* (Co)datatype package: The 'size_gen_o_map' lemma is no longer -generated for datatypes with type class annotations. As a result, the -tactic that derives it no longer fails on nested datatypes. Slight -INCOMPATIBILITY. - -* Command and antiquotation "value" with modified default strategy: -terms without free variables are always evaluated using plain evaluation -only, with no fallback on normalization by evaluation. Minor -INCOMPATIBILITY. - -* Theories "GCD" and "Binomial" are already included in "Main" (instead -of "Complex_Main"). - -* Constant "surj" is a full input/output abbreviation (again). -Minor INCOMPATIBILITY. - -* Dropped aliasses RangeP, DomainP for Rangep, Domainp respectively. -INCOMPATIBILITY. - -* Renamed ii to imaginary_unit in order to free up ii as a variable -name. The syntax \ remains available. INCOMPATIBILITY. - -* Dropped abbreviations transP, antisymP, single_valuedP; use constants -transp, antisymp, single_valuedp instead. INCOMPATIBILITY. - -* Constant "subseq" in Topological_Spaces has been removed -- it is -subsumed by "strict_mono". Some basic lemmas specific to "subseq" have -been renamed accordingly, e.g. "subseq_o" -> "strict_mono_o" etc. - -* Theory List: "sublist" renamed to "nths" in analogy with "nth", and -"sublisteq" renamed to "subseq". Minor INCOMPATIBILITY. - -* Theory List: new generic function "sorted_wrt". - -* Named theorems mod_simps covers various congruence rules concerning -mod, replacing former zmod_simps. INCOMPATIBILITY. - -* Swapped orientation of congruence rules mod_add_left_eq, -mod_add_right_eq, mod_add_eq, mod_mult_left_eq, mod_mult_right_eq, -mod_mult_eq, mod_minus_eq, mod_diff_left_eq, mod_diff_right_eq, -mod_diff_eq. INCOMPATIBILITY. - -* Generalized some facts: - measure_induct_rule - measure_induct - zminus_zmod ~> mod_minus_eq - zdiff_zmod_left ~> mod_diff_left_eq - zdiff_zmod_right ~> mod_diff_right_eq - zmod_eq_dvd_iff ~> mod_eq_dvd_iff -INCOMPATIBILITY. - -* Algebraic type class hierarchy of euclidean (semi)rings in HOL: -euclidean_(semi)ring, euclidean_(semi)ring_cancel, -unique_euclidean_(semi)ring; instantiation requires provision of a -euclidean size. - -* Theory "HOL-Number_Theory.Euclidean_Algorithm" has been reworked: - - Euclidean induction is available as rule eucl_induct. - - Constants Euclidean_Algorithm.gcd, Euclidean_Algorithm.lcm, - Euclidean_Algorithm.Gcd and Euclidean_Algorithm.Lcm allow - easy instantiation of euclidean (semi)rings as GCD (semi)rings. - - Coefficients obtained by extended euclidean algorithm are - available as "bezout_coefficients". -INCOMPATIBILITY. - -* Theory "Number_Theory.Totient" introduces basic notions about Euler's -totient function previously hidden as solitary example in theory -Residues. Definition changed so that "totient 1 = 1" in agreement with -the literature. Minor INCOMPATIBILITY. - -* New styles in theory "HOL-Library.LaTeXsugar": - - "dummy_pats" for printing equations with "_" on the lhs; - - "eta_expand" for printing eta-expanded terms. - -* Theory "HOL-Library.Permutations": theorem bij_swap_ompose_bij has -been renamed to bij_swap_compose_bij. INCOMPATIBILITY. - -* New theory "HOL-Library.Going_To_Filter" providing the "f going_to F" -filter for describing points x such that f(x) is in the filter F. - -* Theory "HOL-Library.Formal_Power_Series": constants X/E/L/F have been -renamed to fps_X/fps_exp/fps_ln/fps_hypergeo to avoid polluting the name -space. INCOMPATIBILITY. - -* Theory "HOL-Library.FinFun" has been moved to AFP (again). -INCOMPATIBILITY. - -* Theory "HOL-Library.FuncSet": some old and rarely used ASCII -replacement syntax has been removed. INCOMPATIBILITY, standard syntax -with symbols should be used instead. The subsequent commands help to -reproduce the old forms, e.g. to simplify porting old theories: - -syntax (ASCII) - "_PiE" :: "pttrn \ 'a set \ 'b set \ ('a \ 'b) set" ("(3PIE _:_./ _)" 10) - "_Pi" :: "pttrn \ 'a set \ 'b set \ ('a \ 'b) set" ("(3PI _:_./ _)" 10) - "_lam" :: "pttrn \ 'a set \ 'a \ 'b \ ('a \ 'b)" ("(3%_:_./ _)" [0,0,3] 3) - -* Theory "HOL-Library.Multiset": the simprocs on subsets operators of -multisets have been renamed: - - msetless_cancel_numerals ~> msetsubset_cancel - msetle_cancel_numerals ~> msetsubset_eq_cancel - -INCOMPATIBILITY. - -* Theory "HOL-Library.Pattern_Aliases" provides input and output syntax -for pattern aliases as known from Haskell, Scala and ML. - -* Theory "HOL-Library.Uprod" formalizes the type of unordered pairs. - -* Session HOL-Analysis: more material involving arcs, paths, covering -spaces, innessential maps, retracts, infinite products, simplicial -complexes. Baire Category theorem. Major results include the Jordan -Curve Theorem and the Great Picard Theorem. - -* Session HOL-Algebra has been extended by additional lattice theory: -the Knaster-Tarski fixed point theorem and Galois Connections. - -* Sessions HOL-Computational_Algebra and HOL-Number_Theory: new notions -of squarefreeness, n-th powers, and prime powers. - -* Session "HOL-Computional_Algebra" covers many previously scattered -theories, notably Euclidean_Algorithm, Factorial_Ring, -Formal_Power_Series, Fraction_Field, Fundamental_Theorem_Algebra, -Normalized_Fraction, Polynomial_FPS, Polynomial, Primes. Minor -INCOMPATIBILITY. - - -*** System *** - -* Isabelle/Scala: the SQL module supports access to relational -databases, either as plain file (SQLite) or full-scale server -(PostgreSQL via local port or remote ssh connection). - -* Results of "isabelle build" are recorded as SQLite database (i.e. -"Application File Format" in the sense of -https://www.sqlite.org/appfileformat.html). This allows systematic -access via operations from module Sessions.Store in Isabelle/Scala. - -* System option "parallel_proofs" is 1 by default (instead of more -aggressive 2). This requires less heap space and avoids burning parallel -CPU cycles, while full subproof parallelization is enabled for repeated -builds (according to parallel_subproofs_threshold). - -* System option "record_proofs" allows to change the global -Proofterm.proofs variable for a session. Regular values are are 0, 1, 2; -a negative value means the current state in the ML heap image remains -unchanged. - -* Isabelle settings variable ISABELLE_SCALA_BUILD_OPTIONS has been -renamed to ISABELLE_SCALAC_OPTIONS. Rare INCOMPATIBILITY. - -* Isabelle settings variables ISABELLE_WINDOWS_PLATFORM, -ISABELLE_WINDOWS_PLATFORM32, ISABELLE_WINDOWS_PLATFORM64 indicate the -native Windows platform (independently of the Cygwin installation). This -is analogous to ISABELLE_PLATFORM, ISABELLE_PLATFORM32, -ISABELLE_PLATFORM64. - -* Command-line tool "isabelle build_docker" builds a Docker image from -the Isabelle application bundle for Linux. See also -https://hub.docker.com/r/makarius/isabelle - -* Command-line tool "isabelle vscode_server" provides a Language Server -Protocol implementation, e.g. for the Visual Studio Code editor. It -serves as example for alternative PIDE front-ends. - -* Command-line tool "isabelle imports" helps to maintain theory imports -wrt. session structure. Examples for the main Isabelle distribution: - - isabelle imports -I -a - isabelle imports -U -a - isabelle imports -U -i -a - isabelle imports -M -a -d '~~/src/Benchmarks' - - - -New in Isabelle2016-1 (December 2016) -------------------------------------- - -*** General *** - -* Splitter in proof methods "simp", "auto" and friends: - - The syntax "split add" has been discontinued, use plain "split", - INCOMPATIBILITY. - - For situations with many conditional or case expressions, there is - an alternative splitting strategy that can be much faster. It is - selected by writing "split!" instead of "split". It applies safe - introduction and elimination rules after each split rule. As a - result the subgoal may be split into several subgoals. - -* Command 'bundle' provides a local theory target to define a bundle -from the body of specification commands (such as 'declare', -'declaration', 'notation', 'lemmas', 'lemma'). For example: - -bundle foo -begin - declare a [simp] - declare b [intro] -end - -* Command 'unbundle' is like 'include', but works within a local theory -context. Unlike "context includes ... begin", the effect of 'unbundle' -on the target context persists, until different declarations are given. - -* Simplified outer syntax: uniform category "name" includes long -identifiers. Former "xname" / "nameref" / "name reference" has been -discontinued. - -* Embedded content (e.g. the inner syntax of types, terms, props) may be -delimited uniformly via cartouches. This works better than old-fashioned -quotes when sub-languages are nested. - -* Mixfix annotations support general block properties, with syntax -"(\x=a y=b z \\". Notable property names are "indent", "consistent", -"unbreakable", "markup". The existing notation "(DIGITS" is equivalent -to "(\indent=DIGITS\". The former notation "(00" for unbreakable blocks -is superseded by "(\unbreabable\" --- rare INCOMPATIBILITY. - -* Proof method "blast" is more robust wrt. corner cases of Pure -statements without object-logic judgment. - -* Commands 'prf' and 'full_prf' are somewhat more informative (again): -proof terms are reconstructed and cleaned from administrative thm nodes. - -* Code generator: config option "code_timing" triggers measurements of -different phases of code generation. See src/HOL/ex/Code_Timing.thy for -examples. - -* Code generator: implicits in Scala (stemming from type class -instances) are generated into companion object of corresponding type -class, to resolve some situations where ambiguities may occur. - -* Solve direct: option "solve_direct_strict_warnings" gives explicit -warnings for lemma statements with trivial proofs. - - -*** Prover IDE -- Isabelle/Scala/jEdit *** - -* More aggressive flushing of machine-generated input, according to -system option editor_generated_input_delay (in addition to existing -editor_input_delay for regular user edits). This may affect overall PIDE -reactivity and CPU usage. - -* Syntactic indentation according to Isabelle outer syntax. Action -"indent-lines" (shortcut C+i) indents the current line according to -command keywords and some command substructure. Action -"isabelle.newline" (shortcut ENTER) indents the old and the new line -according to command keywords only; see also option -"jedit_indent_newline". - -* Semantic indentation for unstructured proof scripts ('apply' etc.) via -number of subgoals. This requires information of ongoing document -processing and may thus lag behind, when the user is editing too -quickly; see also option "jedit_script_indent" and -"jedit_script_indent_limit". - -* Refined folding mode "isabelle" based on Isar syntax: 'next' and 'qed' -are treated as delimiters for fold structure; 'begin' and 'end' -structure of theory specifications is treated as well. - -* Command 'proof' provides information about proof outline with cases, -e.g. for proof methods "cases", "induct", "goal_cases". - -* Completion templates for commands involving "begin ... end" blocks, -e.g. 'context', 'notepad'. - -* Sidekick parser "isabelle-context" shows nesting of context blocks -according to 'begin' and 'end' structure. - -* Highlighting of entity def/ref positions wrt. cursor. - -* Action "isabelle.select-entity" (shortcut CS+ENTER) selects all -occurrences of the formal entity at the caret position. This facilitates -systematic renaming. - -* PIDE document markup works across multiple Isar commands, e.g. the -results established at the end of a proof are properly identified in the -theorem statement. - -* Cartouche abbreviations work both for " and ` to accomodate typical -situations where old ASCII notation may be updated. - -* Dockable window "Symbols" also provides access to 'abbrevs' from the -outer syntax of the current theory buffer. This provides clickable -syntax templates, including entries with empty abbrevs name (which are -inaccessible via keyboard completion). - -* IDE support for the Isabelle/Pure bootstrap process, with the -following independent stages: - - src/Pure/ROOT0.ML - src/Pure/ROOT.ML - src/Pure/Pure.thy - src/Pure/ML_Bootstrap.thy - -The ML ROOT files act like quasi-theories in the context of theory -ML_Bootstrap: this allows continuous checking of all loaded ML files. -The theory files are presented with a modified header to import Pure -from the running Isabelle instance. Results from changed versions of -each stage are *not* propagated to the next stage, and isolated from the -actual Isabelle/Pure that runs the IDE itself. The sequential -dependencies of the above files are only observed for batch build. - -* Isabelle/ML and Standard ML files are presented in Sidekick with the -tree structure of section headings: this special comment format is -described in "implementation" chapter 0, e.g. (*** section ***). - -* Additional abbreviations for syntactic completion may be specified -within the theory header as 'abbrevs'. The theory syntax for 'keywords' -has been simplified accordingly: optional abbrevs need to go into the -new 'abbrevs' section. - -* Global abbreviations via $ISABELLE_HOME/etc/abbrevs and -$ISABELLE_HOME_USER/etc/abbrevs are no longer supported. Minor -INCOMPATIBILITY, use 'abbrevs' within theory header instead. - -* Action "isabelle.keymap-merge" asks the user to resolve pending -Isabelle keymap changes that are in conflict with the current jEdit -keymap; non-conflicting changes are always applied implicitly. This -action is automatically invoked on Isabelle/jEdit startup and thus -increases chances that users see new keyboard shortcuts when re-using -old keymaps. - -* ML and document antiquotations for file-systems paths are more uniform -and diverse: - - @{path NAME} -- no file-system check - @{file NAME} -- check for plain file - @{dir NAME} -- check for directory - -Minor INCOMPATIBILITY, former uses of @{file} and @{file_unchecked} may -have to be changed. - - -*** Document preparation *** - -* New symbol \, e.g. for temporal operator. - -* New document and ML antiquotation @{locale} for locales, similar to -existing antiquotation @{class}. - -* Mixfix annotations support delimiters like \<^control>\cartouche\ -- -this allows special forms of document output. - -* Raw LaTeX output now works via \<^latex>\...\ instead of raw control -symbol \<^raw:...>. INCOMPATIBILITY, notably for LaTeXsugar.thy and its -derivatives. - -* \<^raw:...> symbols are no longer supported. - -* Old 'header' command is no longer supported (legacy since -Isabelle2015). - - -*** Isar *** - -* Many specification elements support structured statements with 'if' / -'for' eigen-context, e.g. 'axiomatization', 'abbreviation', -'definition', 'inductive', 'function'. - -* Toplevel theorem statements support eigen-context notation with 'if' / -'for' (in postfix), which corresponds to 'assumes' / 'fixes' in the -traditional long statement form (in prefix). Local premises are called -"that" or "assms", respectively. Empty premises are *not* bound in the -context: INCOMPATIBILITY. - -* Command 'define' introduces a local (non-polymorphic) definition, with -optional abstraction over local parameters. The syntax resembles -'definition' and 'obtain'. It fits better into the Isar language than -old 'def', which is now a legacy feature. - -* Command 'obtain' supports structured statements with 'if' / 'for' -context. - -* Command '\' is an alias for 'sorry', with different -typesetting. E.g. to produce proof holes in examples and documentation. - -* The defining position of a literal fact \prop\ is maintained more -carefully, and made accessible as hyperlink in the Prover IDE. - -* Commands 'finally' and 'ultimately' used to expose the result as -literal fact: this accidental behaviour has been discontinued. Rare -INCOMPATIBILITY, use more explicit means to refer to facts in Isar. - -* Command 'axiomatization' has become more restrictive to correspond -better to internal axioms as singleton facts with mandatory name. Minor -INCOMPATIBILITY. - -* Proof methods may refer to the main facts via the dynamic fact -"method_facts". This is particularly useful for Eisbach method -definitions. - -* Proof method "use" allows to modify the main facts of a given method -expression, e.g. - - (use facts in simp) - (use facts in \simp add: ...\) - -* The old proof method "default" has been removed (legacy since -Isabelle2016). INCOMPATIBILITY, use "standard" instead. - - -*** Pure *** - -* Pure provides basic versions of proof methods "simp" and "simp_all" -that only know about meta-equality (==). Potential INCOMPATIBILITY in -theory imports that merge Pure with e.g. Main of Isabelle/HOL: the order -is relevant to avoid confusion of Pure.simp vs. HOL.simp. - -* The command 'unfolding' and proof method "unfold" include a second -stage where given equations are passed through the attribute "abs_def" -before rewriting. This ensures that definitions are fully expanded, -regardless of the actual parameters that are provided. Rare -INCOMPATIBILITY in some corner cases: use proof method (simp only:) -instead, or declare [[unfold_abs_def = false]] in the proof context. - -* Type-inference improves sorts of newly introduced type variables for -the object-logic, using its base sort (i.e. HOL.type for Isabelle/HOL). -Thus terms like "f x" or "\x. P x" without any further syntactic context -produce x::'a::type in HOL instead of x::'a::{} in Pure. Rare -INCOMPATIBILITY, need to provide explicit type constraints for Pure -types where this is really intended. - - -*** HOL *** - -* New proof method "argo" using the built-in Argo solver based on SMT -technology. The method can be used to prove goals of quantifier-free -propositional logic, goals based on a combination of quantifier-free -propositional logic with equality, and goals based on a combination of -quantifier-free propositional logic with linear real arithmetic -including min/max/abs. See HOL/ex/Argo_Examples.thy for examples. - -* The new "nunchaku" command integrates the Nunchaku model finder. The -tool is experimental. See ~~/src/HOL/Nunchaku/Nunchaku.thy for details. - -* Metis: The problem encoding has changed very slightly. This might -break existing proofs. INCOMPATIBILITY. - -* Sledgehammer: - - The MaSh relevance filter is now faster than before. - - Produce syntactically correct Vampire 4.0 problem files. - -* (Co)datatype package: - - New commands for defining corecursive functions and reasoning about - them in "~~/src/HOL/Library/BNF_Corec.thy": 'corec', 'corecursive', - 'friend_of_corec', and 'corecursion_upto'; and 'corec_unique' proof - method. See 'isabelle doc corec'. - - The predicator :: ('a \ bool) \ 'a F \ bool is now a first-class - citizen in bounded natural functors. - - 'primrec' now allows nested calls through the predicator in addition - to the map function. - - 'bnf' automatically discharges reflexive proof obligations. - - 'bnf' outputs a slightly modified proof obligation expressing rel in - terms of map and set - (not giving a specification for rel makes this one reflexive). - - 'bnf' outputs a new proof obligation expressing pred in terms of set - (not giving a specification for pred makes this one reflexive). - INCOMPATIBILITY: manual 'bnf' declarations may need adjustment. - - Renamed lemmas: - rel_prod_apply ~> rel_prod_inject - pred_prod_apply ~> pred_prod_inject - INCOMPATIBILITY. - - The "size" plugin has been made compatible again with locales. - - The theorems about "rel" and "set" may have a slightly different (but - equivalent) form. - INCOMPATIBILITY. - -* The 'coinductive' command produces a proper coinduction rule for -mutual coinductive predicates. This new rule replaces the old rule, -which exposed details of the internal fixpoint construction and was -hard to use. INCOMPATIBILITY. - -* New abbreviations for negated existence (but not bounded existence): - - \x. P x \ \ (\x. P x) - \!x. P x \ \ (\!x. P x) - -* The print mode "HOL" for ASCII syntax of binders "!", "?", "?!", "@" -has been removed for output. It is retained for input only, until it is -eliminated altogether. - -* The unique existence quantifier no longer provides 'binder' syntax, -but uses syntax translations (as for bounded unique existence). Thus -iterated quantification \!x y. P x y with its slightly confusing -sequential meaning \!x. \!y. P x y is no longer possible. Instead, -pattern abstraction admits simultaneous unique existence \!(x, y). P x y -(analogous to existing notation \!(x, y)\A. P x y). Potential -INCOMPATIBILITY in rare situations. - -* Conventional syntax "%(). t" for unit abstractions. Slight syntactic -INCOMPATIBILITY. - -* Renamed constants and corresponding theorems: - - setsum ~> sum - setprod ~> prod - listsum ~> sum_list - listprod ~> prod_list - -INCOMPATIBILITY. - -* Sligthly more standardized theorem names: - sgn_times ~> sgn_mult - sgn_mult' ~> Real_Vector_Spaces.sgn_mult - divide_zero_left ~> div_0 - zero_mod_left ~> mod_0 - divide_zero ~> div_by_0 - divide_1 ~> div_by_1 - nonzero_mult_divide_cancel_left ~> nonzero_mult_div_cancel_left - div_mult_self1_is_id ~> nonzero_mult_div_cancel_left - nonzero_mult_divide_cancel_right ~> nonzero_mult_div_cancel_right - div_mult_self2_is_id ~> nonzero_mult_div_cancel_right - is_unit_divide_mult_cancel_left ~> is_unit_div_mult_cancel_left - is_unit_divide_mult_cancel_right ~> is_unit_div_mult_cancel_right - mod_div_equality ~> div_mult_mod_eq - mod_div_equality2 ~> mult_div_mod_eq - mod_div_equality3 ~> mod_div_mult_eq - mod_div_equality4 ~> mod_mult_div_eq - minus_div_eq_mod ~> minus_div_mult_eq_mod - minus_div_eq_mod2 ~> minus_mult_div_eq_mod - minus_mod_eq_div ~> minus_mod_eq_div_mult - minus_mod_eq_div2 ~> minus_mod_eq_mult_div - div_mod_equality' ~> minus_mod_eq_div_mult [symmetric] - mod_div_equality' ~> minus_div_mult_eq_mod [symmetric] - zmod_zdiv_equality ~> mult_div_mod_eq [symmetric] - zmod_zdiv_equality' ~> minus_div_mult_eq_mod [symmetric] - Divides.mult_div_cancel ~> minus_mod_eq_mult_div [symmetric] - mult_div_cancel ~> minus_mod_eq_mult_div [symmetric] - zmult_div_cancel ~> minus_mod_eq_mult_div [symmetric] - div_1 ~> div_by_Suc_0 - mod_1 ~> mod_by_Suc_0 -INCOMPATIBILITY. - -* New type class "idom_abs_sgn" specifies algebraic properties -of sign and absolute value functions. Type class "sgn_if" has -disappeared. Slight INCOMPATIBILITY. - -* Dedicated syntax LENGTH('a) for length of types. - -* Characters (type char) are modelled as finite algebraic type -corresponding to {0..255}. - - - Logical representation: - * 0 is instantiated to the ASCII zero character. - * All other characters are represented as "Char n" - with n being a raw numeral expression less than 256. - * Expressions of the form "Char n" with n greater than 255 - are non-canonical. - - Printing and parsing: - * Printable characters are printed and parsed as "CHR ''\''" - (as before). - * The ASCII zero character is printed and parsed as "0". - * All other canonical characters are printed as "CHR 0xXX" - with XX being the hexadecimal character code. "CHR n" - is parsable for every numeral expression n. - * Non-canonical characters have no special syntax and are - printed as their logical representation. - - Explicit conversions from and to the natural numbers are - provided as char_of_nat, nat_of_char (as before). - - The auxiliary nibble type has been discontinued. - -INCOMPATIBILITY. - -* Type class "div" with operation "mod" renamed to type class "modulo" -with operation "modulo", analogously to type class "divide". This -eliminates the need to qualify any of those names in the presence of -infix "mod" syntax. INCOMPATIBILITY. - -* Statements and proofs of Knaster-Tarski fixpoint combinators lfp/gfp -have been clarified. The fixpoint properties are lfp_fixpoint, its -symmetric lfp_unfold (as before), and the duals for gfp. Auxiliary items -for the proof (lfp_lemma2 etc.) are no longer exported, but can be -easily recovered by composition with eq_refl. Minor INCOMPATIBILITY. - -* Constant "surj" is a mere input abbreviation, to avoid hiding an -equation in term output. Minor INCOMPATIBILITY. - -* Command 'code_reflect' accepts empty constructor lists for datatypes, -which renders those abstract effectively. - -* Command 'export_code' checks given constants for abstraction -violations: a small guarantee that given constants specify a safe -interface for the generated code. - -* Code generation for Scala: ambiguous implicts in class diagrams are -spelt out explicitly. - -* Static evaluators (Code_Evaluation.static_* in Isabelle/ML) rely on -explicitly provided auxiliary definitions for required type class -dictionaries rather than half-working magic. INCOMPATIBILITY, see the -tutorial on code generation for details. - -* Theory Set_Interval: substantial new theorems on indexed sums and -products. - -* Locale bijection establishes convenient default simp rules such as -"inv f (f a) = a" for total bijections. - -* Abstract locales semigroup, abel_semigroup, semilattice, -semilattice_neutr, ordering, ordering_top, semilattice_order, -semilattice_neutr_order, comm_monoid_set, semilattice_set, -semilattice_neutr_set, semilattice_order_set, -semilattice_order_neutr_set monoid_list, comm_monoid_list, -comm_monoid_list_set, comm_monoid_mset, comm_monoid_fun use boldified -syntax uniformly that does not clash with corresponding global syntax. -INCOMPATIBILITY. - -* Former locale lifting_syntax is now a bundle, which is easier to -include in a local context or theorem statement, e.g. "context includes -lifting_syntax begin ... end". Minor INCOMPATIBILITY. - -* Some old / obsolete theorems have been renamed / removed, potential -INCOMPATIBILITY. - - nat_less_cases -- removed, use linorder_cases instead - inv_image_comp -- removed, use image_inv_f_f instead - image_surj_f_inv_f ~> image_f_inv_f - -* Some theorems about groups and orders have been generalised from - groups to semi-groups that are also monoids: - le_add_same_cancel1 - le_add_same_cancel2 - less_add_same_cancel1 - less_add_same_cancel2 - add_le_same_cancel1 - add_le_same_cancel2 - add_less_same_cancel1 - add_less_same_cancel2 - -* Some simplifications theorems about rings have been removed, since - superseeded by a more general version: - less_add_cancel_left_greater_zero ~> less_add_same_cancel1 - less_add_cancel_right_greater_zero ~> less_add_same_cancel2 - less_eq_add_cancel_left_greater_eq_zero ~> le_add_same_cancel1 - less_eq_add_cancel_right_greater_eq_zero ~> le_add_same_cancel2 - less_eq_add_cancel_left_less_eq_zero ~> add_le_same_cancel1 - less_eq_add_cancel_right_less_eq_zero ~> add_le_same_cancel2 - less_add_cancel_left_less_zero ~> add_less_same_cancel1 - less_add_cancel_right_less_zero ~> add_less_same_cancel2 -INCOMPATIBILITY. - -* Renamed split_if -> if_split and split_if_asm -> if_split_asm to -resemble the f.split naming convention, INCOMPATIBILITY. - -* Added class topological_monoid. - -* The following theorems have been renamed: - - setsum_left_distrib ~> sum_distrib_right - setsum_right_distrib ~> sum_distrib_left - -INCOMPATIBILITY. - -* Compound constants INFIMUM and SUPREMUM are mere abbreviations now. -INCOMPATIBILITY. - -* "Gcd (f ` A)" and "Lcm (f ` A)" are printed with optional -comprehension-like syntax analogously to "Inf (f ` A)" and "Sup (f ` -A)". - -* Class semiring_Lcd merged into semiring_Gcd. INCOMPATIBILITY. - -* The type class ordered_comm_monoid_add is now called -ordered_cancel_comm_monoid_add. A new type class ordered_comm_monoid_add -is introduced as the combination of ordered_ab_semigroup_add + -comm_monoid_add. INCOMPATIBILITY. - -* Introduced the type classes canonically_ordered_comm_monoid_add and -dioid. - -* Introduced the type class ordered_ab_semigroup_monoid_add_imp_le. When -instantiating linordered_semiring_strict and ordered_ab_group_add, an -explicit instantiation of ordered_ab_semigroup_monoid_add_imp_le might -be required. INCOMPATIBILITY. - -* Dropped various legacy fact bindings, whose replacements are often -of a more general type also: - lcm_left_commute_nat ~> lcm.left_commute - lcm_left_commute_int ~> lcm.left_commute - gcd_left_commute_nat ~> gcd.left_commute - gcd_left_commute_int ~> gcd.left_commute - gcd_greatest_iff_nat ~> gcd_greatest_iff - gcd_greatest_iff_int ~> gcd_greatest_iff - coprime_dvd_mult_nat ~> coprime_dvd_mult - coprime_dvd_mult_int ~> coprime_dvd_mult - zpower_numeral_even ~> power_numeral_even - gcd_mult_cancel_nat ~> gcd_mult_cancel - gcd_mult_cancel_int ~> gcd_mult_cancel - div_gcd_coprime_nat ~> div_gcd_coprime - div_gcd_coprime_int ~> div_gcd_coprime - zpower_numeral_odd ~> power_numeral_odd - zero_less_int_conv ~> of_nat_0_less_iff - gcd_greatest_nat ~> gcd_greatest - gcd_greatest_int ~> gcd_greatest - coprime_mult_nat ~> coprime_mult - coprime_mult_int ~> coprime_mult - lcm_commute_nat ~> lcm.commute - lcm_commute_int ~> lcm.commute - int_less_0_conv ~> of_nat_less_0_iff - gcd_commute_nat ~> gcd.commute - gcd_commute_int ~> gcd.commute - Gcd_insert_nat ~> Gcd_insert - Gcd_insert_int ~> Gcd_insert - of_int_int_eq ~> of_int_of_nat_eq - lcm_least_nat ~> lcm_least - lcm_least_int ~> lcm_least - lcm_assoc_nat ~> lcm.assoc - lcm_assoc_int ~> lcm.assoc - int_le_0_conv ~> of_nat_le_0_iff - int_eq_0_conv ~> of_nat_eq_0_iff - Gcd_empty_nat ~> Gcd_empty - Gcd_empty_int ~> Gcd_empty - gcd_assoc_nat ~> gcd.assoc - gcd_assoc_int ~> gcd.assoc - zero_zle_int ~> of_nat_0_le_iff - lcm_dvd2_nat ~> dvd_lcm2 - lcm_dvd2_int ~> dvd_lcm2 - lcm_dvd1_nat ~> dvd_lcm1 - lcm_dvd1_int ~> dvd_lcm1 - gcd_zero_nat ~> gcd_eq_0_iff - gcd_zero_int ~> gcd_eq_0_iff - gcd_dvd2_nat ~> gcd_dvd2 - gcd_dvd2_int ~> gcd_dvd2 - gcd_dvd1_nat ~> gcd_dvd1 - gcd_dvd1_int ~> gcd_dvd1 - int_numeral ~> of_nat_numeral - lcm_ac_nat ~> ac_simps - lcm_ac_int ~> ac_simps - gcd_ac_nat ~> ac_simps - gcd_ac_int ~> ac_simps - abs_int_eq ~> abs_of_nat - zless_int ~> of_nat_less_iff - zdiff_int ~> of_nat_diff - zadd_int ~> of_nat_add - int_mult ~> of_nat_mult - int_Suc ~> of_nat_Suc - inj_int ~> inj_of_nat - int_1 ~> of_nat_1 - int_0 ~> of_nat_0 - Lcm_empty_nat ~> Lcm_empty - Lcm_empty_int ~> Lcm_empty - Lcm_insert_nat ~> Lcm_insert - Lcm_insert_int ~> Lcm_insert - comp_fun_idem_gcd_nat ~> comp_fun_idem_gcd - comp_fun_idem_gcd_int ~> comp_fun_idem_gcd - comp_fun_idem_lcm_nat ~> comp_fun_idem_lcm - comp_fun_idem_lcm_int ~> comp_fun_idem_lcm - Lcm_eq_0 ~> Lcm_eq_0_I - Lcm0_iff ~> Lcm_0_iff - Lcm_dvd_int ~> Lcm_least - divides_mult_nat ~> divides_mult - divides_mult_int ~> divides_mult - lcm_0_nat ~> lcm_0_right - lcm_0_int ~> lcm_0_right - lcm_0_left_nat ~> lcm_0_left - lcm_0_left_int ~> lcm_0_left - dvd_gcd_D1_nat ~> dvd_gcdD1 - dvd_gcd_D1_int ~> dvd_gcdD1 - dvd_gcd_D2_nat ~> dvd_gcdD2 - dvd_gcd_D2_int ~> dvd_gcdD2 - coprime_dvd_mult_iff_nat ~> coprime_dvd_mult_iff - coprime_dvd_mult_iff_int ~> coprime_dvd_mult_iff - realpow_minus_mult ~> power_minus_mult - realpow_Suc_le_self ~> power_Suc_le_self - dvd_Gcd, dvd_Gcd_nat, dvd_Gcd_int removed in favour of Gcd_greatest -INCOMPATIBILITY. - -* Renamed HOL/Quotient_Examples/FSet.thy to -HOL/Quotient_Examples/Quotient_FSet.thy INCOMPATIBILITY. - -* Session HOL-Library: theory FinFun bundles "finfun_syntax" and -"no_finfun_syntax" allow to control optional syntax in local contexts; -this supersedes former theory FinFun_Syntax. INCOMPATIBILITY, e.g. use -"unbundle finfun_syntax" to imitate import of -"~~/src/HOL/Library/FinFun_Syntax". - -* Session HOL-Library: theory Multiset_Permutations (executably) defines -the set of permutations of a given set or multiset, i.e. the set of all -lists that contain every element of the carrier (multi-)set exactly -once. - -* Session HOL-Library: multiset membership is now expressed using -set_mset rather than count. - - - Expressions "count M a > 0" and similar simplify to membership - by default. - - - Converting between "count M a = 0" and non-membership happens using - equations count_eq_zero_iff and not_in_iff. - - - Rules count_inI and in_countE obtain facts of the form - "count M a = n" from membership. - - - Rules count_in_diffI and in_diff_countE obtain facts of the form - "count M a = n + count N a" from membership on difference sets. - -INCOMPATIBILITY. - -* Session HOL-Library: theory LaTeXsugar uses new-style "dummy_pats" for -displaying equations in functional programming style --- variables -present on the left-hand but not on the righ-hand side are replaced by -underscores. - -* Session HOL-Library: theory Combinator_PER provides combinator to -build partial equivalence relations from a predicate and an equivalence -relation. - -* Session HOL-Library: theory Perm provides basic facts about almost -everywhere fix bijections. - -* Session HOL-Library: theory Normalized_Fraction allows viewing an -element of a field of fractions as a normalized fraction (i.e. a pair of -numerator and denominator such that the two are coprime and the -denominator is normalized wrt. unit factors). - -* Session HOL-NSA has been renamed to HOL-Nonstandard_Analysis. - -* Session HOL-Multivariate_Analysis has been renamed to HOL-Analysis. - -* Session HOL-Analysis: measure theory has been moved here from -HOL-Probability. When importing HOL-Analysis some theorems need -additional name spaces prefixes due to name clashes. INCOMPATIBILITY. - -* Session HOL-Analysis: more complex analysis including Cauchy's -inequality, Liouville theorem, open mapping theorem, maximum modulus -principle, Residue theorem, Schwarz Lemma. - -* Session HOL-Analysis: Theory of polyhedra: faces, extreme points, -polytopes, and the Krein–Milman Minkowski theorem. - -* Session HOL-Analysis: Numerous results ported from the HOL Light -libraries: homeomorphisms, continuous function extensions, invariance of -domain. - -* Session HOL-Probability: the type of emeasure and nn_integral was -changed from ereal to ennreal, INCOMPATIBILITY. - - emeasure :: 'a measure \ 'a set \ ennreal - nn_integral :: 'a measure \ ('a \ ennreal) \ ennreal - -* Session HOL-Probability: Code generation and QuickCheck for -Probability Mass Functions. - -* Session HOL-Probability: theory Random_Permutations contains some -theory about choosing a permutation of a set uniformly at random and -folding over a list in random order. - -* Session HOL-Probability: theory SPMF formalises discrete -subprobability distributions. - -* Session HOL-Library: the names of multiset theorems have been -normalised to distinguish which ordering the theorems are about - - mset_less_eqI ~> mset_subset_eqI - mset_less_insertD ~> mset_subset_insertD - mset_less_eq_count ~> mset_subset_eq_count - mset_less_diff_self ~> mset_subset_diff_self - mset_le_exists_conv ~> mset_subset_eq_exists_conv - mset_le_mono_add_right_cancel ~> mset_subset_eq_mono_add_right_cancel - mset_le_mono_add_left_cancel ~> mset_subset_eq_mono_add_left_cancel - mset_le_mono_add ~> mset_subset_eq_mono_add - mset_le_add_left ~> mset_subset_eq_add_left - mset_le_add_right ~> mset_subset_eq_add_right - mset_le_single ~> mset_subset_eq_single - mset_le_multiset_union_diff_commute ~> mset_subset_eq_multiset_union_diff_commute - diff_le_self ~> diff_subset_eq_self - mset_leD ~> mset_subset_eqD - mset_lessD ~> mset_subsetD - mset_le_insertD ~> mset_subset_eq_insertD - mset_less_of_empty ~> mset_subset_of_empty - mset_less_size ~> mset_subset_size - wf_less_mset_rel ~> wf_subset_mset_rel - count_le_replicate_mset_le ~> count_le_replicate_mset_subset_eq - mset_remdups_le ~> mset_remdups_subset_eq - ms_lesseq_impl ~> subset_eq_mset_impl - -Some functions have been renamed: - ms_lesseq_impl -> subset_eq_mset_impl - -* HOL-Library: multisets are now ordered with the multiset ordering - #\# ~> \ - #\# ~> < - le_multiset ~> less_eq_multiset - less_multiset ~> le_multiset -INCOMPATIBILITY. - -* Session HOL-Library: the prefix multiset_order has been discontinued: -the theorems can be directly accessed. As a consequence, the lemmas -"order_multiset" and "linorder_multiset" have been discontinued, and the -interpretations "multiset_linorder" and "multiset_wellorder" have been -replaced by instantiations. INCOMPATIBILITY. - -* Session HOL-Library: some theorems about the multiset ordering have -been renamed: - - le_multiset_def ~> less_eq_multiset_def - less_multiset_def ~> le_multiset_def - less_eq_imp_le_multiset ~> subset_eq_imp_le_multiset - mult_less_not_refl ~> mset_le_not_refl - mult_less_trans ~> mset_le_trans - mult_less_not_sym ~> mset_le_not_sym - mult_less_asym ~> mset_le_asym - mult_less_irrefl ~> mset_le_irrefl - union_less_mono2{,1,2} ~> union_le_mono2{,1,2} - - le_multiset\<^sub>H\<^sub>O ~> less_eq_multiset\<^sub>H\<^sub>O - le_multiset_total ~> less_eq_multiset_total - less_multiset_right_total ~> subset_eq_imp_le_multiset - le_multiset_empty_left ~> less_eq_multiset_empty_left - le_multiset_empty_right ~> less_eq_multiset_empty_right - less_multiset_empty_right ~> le_multiset_empty_left - less_multiset_empty_left ~> le_multiset_empty_right - union_less_diff_plus ~> union_le_diff_plus - ex_gt_count_imp_less_multiset ~> ex_gt_count_imp_le_multiset - less_multiset_plus_left_nonempty ~> le_multiset_plus_left_nonempty - le_multiset_plus_right_nonempty ~> le_multiset_plus_right_nonempty -INCOMPATIBILITY. - -* Session HOL-Library: the lemma mset_map has now the attribute [simp]. -INCOMPATIBILITY. - -* Session HOL-Library: some theorems about multisets have been removed. -INCOMPATIBILITY, use the following replacements: - - le_multiset_plus_plus_left_iff ~> add_less_cancel_right - less_multiset_plus_plus_left_iff ~> add_less_cancel_right - le_multiset_plus_plus_right_iff ~> add_less_cancel_left - less_multiset_plus_plus_right_iff ~> add_less_cancel_left - add_eq_self_empty_iff ~> add_cancel_left_right - mset_subset_add_bothsides ~> subset_mset.add_less_cancel_right - mset_less_add_bothsides ~> subset_mset.add_less_cancel_right - mset_le_add_bothsides ~> subset_mset.add_less_cancel_right - empty_inter ~> subset_mset.inf_bot_left - inter_empty ~> subset_mset.inf_bot_right - empty_sup ~> subset_mset.sup_bot_left - sup_empty ~> subset_mset.sup_bot_right - bdd_below_multiset ~> subset_mset.bdd_above_bot - subset_eq_empty ~> subset_mset.le_zero_eq - le_empty ~> subset_mset.le_zero_eq - mset_subset_empty_nonempty ~> subset_mset.zero_less_iff_neq_zero - mset_less_empty_nonempty ~> subset_mset.zero_less_iff_neq_zero - -* Session HOL-Library: some typeclass constraints about multisets have -been reduced from ordered or linordered to preorder. Multisets have the -additional typeclasses order_bot, no_top, -ordered_ab_semigroup_add_imp_le, ordered_cancel_comm_monoid_add, -linordered_cancel_ab_semigroup_add, and -ordered_ab_semigroup_monoid_add_imp_le. INCOMPATIBILITY. - -* Session HOL-Library: there are some new simplification rules about -multisets, the multiset ordering, and the subset ordering on multisets. -INCOMPATIBILITY. - -* Session HOL-Library: the subset ordering on multisets has now the -interpretations ordered_ab_semigroup_monoid_add_imp_le and -bounded_lattice_bot. INCOMPATIBILITY. - -* Session HOL-Library, theory Multiset: single has been removed in favor -of add_mset that roughly corresponds to Set.insert. Some theorems have -removed or changed: - - single_not_empty ~> add_mset_not_empty or empty_not_add_mset - fold_mset_insert ~> fold_mset_add_mset - image_mset_insert ~> image_mset_add_mset - union_single_eq_diff - multi_self_add_other_not_self - diff_single_eq_union -INCOMPATIBILITY. - -* Session HOL-Library, theory Multiset: some theorems have been changed -to use add_mset instead of single: - - mset_add - multi_self_add_other_not_self - diff_single_eq_union - union_single_eq_diff - union_single_eq_member - add_eq_conv_diff - insert_noteq_member - add_eq_conv_ex - multi_member_split - multiset_add_sub_el_shuffle - mset_subset_eq_insertD - mset_subset_insertD - insert_subset_eq_iff - insert_union_subset_iff - multi_psub_of_add_self - inter_add_left1 - inter_add_left2 - inter_add_right1 - inter_add_right2 - sup_union_left1 - sup_union_left2 - sup_union_right1 - sup_union_right2 - size_eq_Suc_imp_eq_union - multi_nonempty_split - mset_insort - mset_update - mult1I - less_add - mset_zip_take_Cons_drop_twice - rel_mset_Zero - msed_map_invL - msed_map_invR - msed_rel_invL - msed_rel_invR - le_multiset_right_total - multiset_induct - multiset_induct2_size - multiset_induct2 -INCOMPATIBILITY. - -* Session HOL-Library, theory Multiset: the definitions of some -constants have changed to use add_mset instead of adding a single -element: - - image_mset - mset - replicate_mset - mult1 - pred_mset - rel_mset' - mset_insort - -INCOMPATIBILITY. - -* Session HOL-Library, theory Multiset: due to the above changes, the -attributes of some multiset theorems have been changed: - - insert_DiffM [] ~> [simp] - insert_DiffM2 [simp] ~> [] - diff_add_mset_swap [simp] - fold_mset_add_mset [simp] - diff_diff_add [simp] (for multisets only) - diff_cancel [simp] ~> [] - count_single [simp] ~> [] - set_mset_single [simp] ~> [] - size_multiset_single [simp] ~> [] - size_single [simp] ~> [] - image_mset_single [simp] ~> [] - mset_subset_eq_mono_add_right_cancel [simp] ~> [] - mset_subset_eq_mono_add_left_cancel [simp] ~> [] - fold_mset_single [simp] ~> [] - subset_eq_empty [simp] ~> [] - empty_sup [simp] ~> [] - sup_empty [simp] ~> [] - inter_empty [simp] ~> [] - empty_inter [simp] ~> [] -INCOMPATIBILITY. - -* Session HOL-Library, theory Multiset: the order of the variables in -the second cases of multiset_induct, multiset_induct2_size, -multiset_induct2 has been changed (e.g. Add A a ~> Add a A). -INCOMPATIBILITY. - -* Session HOL-Library, theory Multiset: there is now a simplification -procedure on multisets. It mimics the behavior of the procedure on -natural numbers. INCOMPATIBILITY. - -* Session HOL-Library, theory Multiset: renamed sums and products of -multisets: - - msetsum ~> sum_mset - msetprod ~> prod_mset - -* Session HOL-Library, theory Multiset: the notation for intersection -and union of multisets have been changed: - - #\ ~> \# - #\ ~> \# - -INCOMPATIBILITY. - -* Session HOL-Library, theory Multiset: the lemma -one_step_implies_mult_aux on multisets has been removed, use -one_step_implies_mult instead. INCOMPATIBILITY. - -* Session HOL-Library: theory Complete_Partial_Order2 provides reasoning -support for monotonicity and continuity in chain-complete partial orders -and about admissibility conditions for fixpoint inductions. - -* Session HOL-Library: theory Library/Polynomial contains also -derivation of polynomials (formerly in Library/Poly_Deriv) but not -gcd/lcm on polynomials over fields. This has been moved to a separate -theory Library/Polynomial_GCD_euclidean.thy, to pave way for a possible -future different type class instantiation for polynomials over factorial -rings. INCOMPATIBILITY. - -* Session HOL-Library: theory Sublist provides function "prefixes" with -the following renaming - - prefixeq -> prefix - prefix -> strict_prefix - suffixeq -> suffix - suffix -> strict_suffix - -Added theory of longest common prefixes. - -* Session HOL-Number_Theory: algebraic foundation for primes: -Generalisation of predicate "prime" and introduction of predicates -"prime_elem", "irreducible", a "prime_factorization" function, and the -"factorial_ring" typeclass with instance proofs for nat, int, poly. Some -theorems now have different names, most notably "prime_def" is now -"prime_nat_iff". INCOMPATIBILITY. - -* Session Old_Number_Theory has been removed, after porting remaining -theories. - -* Session HOL-Types_To_Sets provides an experimental extension of -Higher-Order Logic to allow translation of types to sets. - - -*** ML *** - -* Integer.gcd and Integer.lcm use efficient operations from the Poly/ML -library (notably for big integers). Subtle change of semantics: -Integer.gcd and Integer.lcm both normalize the sign, results are never -negative. This coincides with the definitions in HOL/GCD.thy. -INCOMPATIBILITY. - -* Structure Rat for rational numbers is now an integral part of -Isabelle/ML, with special notation @int/nat or @int for numerals (an -abbreviation for antiquotation @{Pure.rat argument}) and ML pretty -printing. Standard operations on type Rat.rat are provided via ad-hoc -overloading of + - * / < <= > >= ~ abs. INCOMPATIBILITY, need to -use + instead of +/ etc. Moreover, exception Rat.DIVZERO has been -superseded by General.Div. - -* ML antiquotation @{path} is superseded by @{file}, which ensures that -the argument is a plain file. Minor INCOMPATIBILITY. - -* Antiquotation @{make_string} is available during Pure bootstrap -- -with approximative output quality. - -* Low-level ML system structures (like PolyML and RunCall) are no longer -exposed to Isabelle/ML user-space. Potential INCOMPATIBILITY. - -* The ML function "ML" provides easy access to run-time compilation. -This is particularly useful for conditional compilation, without -requiring separate files. - -* Option ML_exception_debugger controls detailed exception trace via the -Poly/ML debugger. Relevant ML modules need to be compiled beforehand -with ML_file_debug, or with ML_file and option ML_debugger enabled. Note -debugger information requires consirable time and space: main -Isabelle/HOL with full debugger support may need ML_system_64. - -* Local_Theory.restore has been renamed to Local_Theory.reset to -emphasize its disruptive impact on the cumulative context, notably the -scope of 'private' or 'qualified' names. Note that Local_Theory.reset is -only appropriate when targets are managed, e.g. starting from a global -theory and returning to it. Regular definitional packages should use -balanced blocks of Local_Theory.open_target versus -Local_Theory.close_target instead. Rare INCOMPATIBILITY. - -* Structure TimeLimit (originally from the SML/NJ library) has been -replaced by structure Timeout, with slightly different signature. -INCOMPATIBILITY. - -* Discontinued cd and pwd operations, which are not well-defined in a -multi-threaded environment. Note that files are usually located -relatively to the master directory of a theory (see also -File.full_path). Potential INCOMPATIBILITY. - -* Binding.empty_atts supersedes Thm.empty_binding and -Attrib.empty_binding. Minor INCOMPATIBILITY. - - -*** System *** - -* SML/NJ and old versions of Poly/ML are no longer supported. - -* Poly/ML heaps now follow the hierarchy of sessions, and thus require -much less disk space. - -* The Isabelle ML process is now managed directly by Isabelle/Scala, and -shell scripts merely provide optional command-line access. In -particular: - - . Scala module ML_Process to connect to the raw ML process, - with interaction via stdin/stdout/stderr or in batch mode; - . command-line tool "isabelle console" as interactive wrapper; - . command-line tool "isabelle process" as batch mode wrapper. - -* The executable "isabelle_process" has been discontinued. Tools and -prover front-ends should use ML_Process or Isabelle_Process in -Isabelle/Scala. INCOMPATIBILITY. - -* New command-line tool "isabelle process" supports ML evaluation of -literal expressions (option -e) or files (option -f) in the context of a -given heap image. Errors lead to premature exit of the ML process with -return code 1. - -* The command-line tool "isabelle build" supports option -N for cyclic -shuffling of NUMA CPU nodes. This may help performance tuning on Linux -servers with separate CPU/memory modules. - -* System option "threads" (for the size of the Isabelle/ML thread farm) -is also passed to the underlying ML runtime system as --gcthreads, -unless there is already a default provided via ML_OPTIONS settings. - -* System option "checkpoint" helps to fine-tune the global heap space -management of isabelle build. This is relevant for big sessions that may -exhaust the small 32-bit address space of the ML process (which is used -by default). - -* System option "profiling" specifies the mode for global ML profiling -in "isabelle build". Possible values are "time", "allocations". The -command-line tool "isabelle profiling_report" helps to digest the -resulting log files. - -* System option "ML_process_policy" specifies an optional command prefix -for the underlying ML process, e.g. to control CPU affinity on -multiprocessor systems. The "isabelle jedit" tool allows to override the -implicit default via option -p. - -* Command-line tool "isabelle console" provides option -r to help to -bootstrapping Isabelle/Pure interactively. - -* Command-line tool "isabelle yxml" has been discontinued. -INCOMPATIBILITY, use operations from the modules "XML" and "YXML" in -Isabelle/ML or Isabelle/Scala. - -* Many Isabelle tools that require a Java runtime system refer to the -settings ISABELLE_TOOL_JAVA_OPTIONS32 / ISABELLE_TOOL_JAVA_OPTIONS64, -depending on the underlying platform. The settings for "isabelle build" -ISABELLE_BUILD_JAVA_OPTIONS32 / ISABELLE_BUILD_JAVA_OPTIONS64 have been -discontinued. Potential INCOMPATIBILITY. - -* The Isabelle system environment always ensures that the main -executables are found within the shell search $PATH: "isabelle" and -"isabelle_scala_script". - -* Isabelle tools may consist of .scala files: the Scala compiler is -invoked on the spot. The source needs to define some object that extends -Isabelle_Tool.Body. - -* File.bash_string, File.bash_path etc. represent Isabelle/ML and -Isabelle/Scala strings authentically within GNU bash. This is useful to -produce robust shell scripts under program control, without worrying -about spaces or special characters. Note that user output works via -Path.print (ML) or Path.toString (Scala). INCOMPATIBILITY, the old (and -less versatile) operations File.shell_quote, File.shell_path etc. have -been discontinued. - -* The isabelle_java executable allows to run a Java process within the -name space of Java and Scala components that are bundled with Isabelle, -but without the Isabelle settings environment. - -* Isabelle/Scala: the SSH module supports ssh and sftp connections, for -remote command-execution and file-system access. This resembles -operations from module File and Isabelle_System to some extent. Note -that Path specifications need to be resolved remotely via -ssh.remote_path instead of File.standard_path: the implicit process -environment is different, Isabelle settings are not available remotely. - -* Isabelle/Scala: the Mercurial module supports repositories via the -regular hg command-line interface. The repositroy clone and working -directory may reside on a local or remote file-system (via ssh -connection). - - - -New in Isabelle2016 (February 2016) ------------------------------------ - -*** General *** - -* Eisbach is now based on Pure instead of HOL. Objects-logics may import -either the theory ~~/src/HOL/Eisbach/Eisbach (for HOL etc.) or -~~/src/HOL/Eisbach/Eisbach_Old_Appl_Syntax (for FOL, ZF etc.). Note that -the HOL-Eisbach session located in ~~/src/HOL/Eisbach/ contains further -examples that do require HOL. - -* Better resource usage on all platforms (Linux, Windows, Mac OS X) for -both Isabelle/ML and Isabelle/Scala. Slightly reduced heap space usage. - -* Former "xsymbols" syntax with Isabelle symbols is used by default, -without any special print mode. Important ASCII replacement syntax -remains available under print mode "ASCII", but less important syntax -has been removed (see below). - -* Support for more arrow symbols, with rendering in LaTeX and Isabelle -fonts: \ \ \ \ \ \. - -* Special notation \ for the first implicit 'structure' in the -context has been discontinued. Rare INCOMPATIBILITY, use explicit -structure name instead, notably in indexed notation with block-subscript -(e.g. \\<^bsub>A\<^esub>). - -* The glyph for \ in the IsabelleText font now corresponds better to its -counterpart \ as quantifier-like symbol. A small diamond is available as -\; the old symbol \ loses this rendering and any special -meaning. - -* Syntax for formal comments "-- text" now also supports the symbolic -form "\ text". Command-line tool "isabelle update_cartouches -c" helps -to update old sources. - -* Toplevel theorem statements have been simplified as follows: - - theorems ~> lemmas - schematic_lemma ~> schematic_goal - schematic_theorem ~> schematic_goal - schematic_corollary ~> schematic_goal - -Command-line tool "isabelle update_theorems" updates theory sources -accordingly. - -* Toplevel theorem statement 'proposition' is another alias for -'theorem'. - -* The old 'defs' command has been removed (legacy since Isabelle2014). -INCOMPATIBILITY, use regular 'definition' instead. Overloaded and/or -deferred definitions require a surrounding 'overloading' block. - - -*** Prover IDE -- Isabelle/Scala/jEdit *** - -* IDE support for the source-level debugger of Poly/ML, to work with -Isabelle/ML and official Standard ML. Option "ML_debugger" and commands -'ML_file_debug', 'ML_file_no_debug', 'SML_file_debug', -'SML_file_no_debug' control compilation of sources with or without -debugging information. The Debugger panel allows to set breakpoints (via -context menu), step through stopped threads, evaluate local ML -expressions etc. At least one Debugger view needs to be active to have -any effect on the running ML program. - -* The State panel manages explicit proof state output, with dynamic -auto-update according to cursor movement. Alternatively, the jEdit -action "isabelle.update-state" (shortcut S+ENTER) triggers manual -update. - -* The Output panel no longer shows proof state output by default, to -avoid GUI overcrowding. INCOMPATIBILITY, use the State panel instead or -enable option "editor_output_state". - -* The text overview column (status of errors, warnings etc.) is updated -asynchronously, leading to much better editor reactivity. Moreover, the -full document node content is taken into account. The width of the -column is scaled according to the main text area font, for improved -visibility. - -* The main text area no longer changes its color hue in outdated -situations. The text overview column takes over the role to indicate -unfinished edits in the PIDE pipeline. This avoids flashing text display -due to ad-hoc updates by auxiliary GUI components, such as the State -panel. - -* Slightly improved scheduling for urgent print tasks (e.g. command -state output, interactive queries) wrt. long-running background tasks. - -* Completion of symbols via prefix of \ or \<^name> or \name is -always possible, independently of the language context. It is never -implicit: a popup will show up unconditionally. - -* Additional abbreviations for syntactic completion may be specified in -$ISABELLE_HOME/etc/abbrevs and $ISABELLE_HOME_USER/etc/abbrevs, with -support for simple templates using ASCII 007 (bell) as placeholder. - -* Symbols \, \, \, \, \, \, \, \ no longer provide abbreviations for -completion like "+o", "*o", ".o" etc. -- due to conflicts with other -ASCII syntax. INCOMPATIBILITY, use plain backslash-completion or define -suitable abbreviations in $ISABELLE_HOME_USER/etc/abbrevs. - -* Action "isabelle-emph" (with keyboard shortcut C+e LEFT) controls -emphasized text style; the effect is visible in document output, not in -the editor. - -* Action "isabelle-reset" now uses keyboard shortcut C+e BACK_SPACE, -instead of former C+e LEFT. - -* The command-line tool "isabelle jedit" and the isabelle.Main -application wrapper treat the default $USER_HOME/Scratch.thy more -uniformly, and allow the dummy file argument ":" to open an empty buffer -instead. - -* New command-line tool "isabelle jedit_client" allows to connect to an -already running Isabelle/jEdit process. This achieves the effect of -single-instance applications seen on common GUI desktops. - -* The default look-and-feel for Linux is the traditional "Metal", which -works better with GUI scaling for very high-resolution displays (e.g. -4K). Moreover, it is generally more robust than "Nimbus". - -* Update to jedit-5.3.0, with improved GUI scaling and support of -high-resolution displays (e.g. 4K). - -* The main Isabelle executable is managed as single-instance Desktop -application uniformly on all platforms: Linux, Windows, Mac OS X. - - -*** Document preparation *** - -* Commands 'paragraph' and 'subparagraph' provide additional section -headings. Thus there are 6 levels of standard headings, as in HTML. - -* Command 'text_raw' has been clarified: input text is processed as in -'text' (with antiquotations and control symbols). The key difference is -the lack of the surrounding isabelle markup environment in output. - -* Text is structured in paragraphs and nested lists, using notation that -is similar to Markdown. The control symbols for list items are as -follows: - - \<^item> itemize - \<^enum> enumerate - \<^descr> description - -* There is a new short form for antiquotations with a single argument -that is a cartouche: \<^name>\...\ is equivalent to @{name \...\} and -\...\ without control symbol is equivalent to @{cartouche \...\}. -\<^name> without following cartouche is equivalent to @{name}. The -standard Isabelle fonts provide glyphs to render important control -symbols, e.g. "\<^verbatim>", "\<^emph>", "\<^bold>". - -* Antiquotations @{noindent}, @{smallskip}, @{medskip}, @{bigskip} with -corresponding control symbols \<^noindent>, \<^smallskip>, \<^medskip>, \<^bigskip> specify spacing formally, using -standard LaTeX macros of the same names. - -* Antiquotation @{cartouche} in Isabelle/Pure is the same as @{text}. -Consequently, \...\ without any decoration prints literal quasi-formal -text. Command-line tool "isabelle update_cartouches -t" helps to update -old sources, by approximative patching of the content of string and -cartouche tokens seen in theory sources. - -* The @{text} antiquotation now ignores the antiquotation option -"source". The given text content is output unconditionally, without any -surrounding quotes etc. Subtle INCOMPATIBILITY, put quotes into the -argument where they are really intended, e.g. @{text \"foo"\}. Initial -or terminal spaces are ignored. - -* Antiquotations @{emph} and @{bold} output LaTeX source recursively, -adding appropriate text style markup. These may be used in the short -form \<^emph>\...\ and \<^bold>\...\. - -* Document antiquotation @{footnote} outputs LaTeX source recursively, -marked as \footnote{}. This may be used in the short form \<^footnote>\...\. - -* Antiquotation @{verbatim [display]} supports option "indent". - -* Antiquotation @{theory_text} prints uninterpreted theory source text -(Isar outer syntax with command keywords etc.). This may be used in the -short form \<^theory_text>\...\. @{theory_text [display]} supports option "indent". - -* Antiquotation @{doc ENTRY} provides a reference to the given -documentation, with a hyperlink in the Prover IDE. - -* Antiquotations @{command}, @{method}, @{attribute} print checked -entities of the Isar language. - -* HTML presentation uses the standard IsabelleText font and Unicode -rendering of Isabelle symbols like Isabelle/Scala/jEdit. The former -print mode "HTML" loses its special meaning. - - -*** Isar *** - -* Local goals ('have', 'show', 'hence', 'thus') allow structured rule -statements like fixes/assumes/shows in theorem specifications, but the -notation is postfix with keywords 'if' (or 'when') and 'for'. For -example: - - have result: "C x y" - if "A x" and "B y" - for x :: 'a and y :: 'a - - -The local assumptions are bound to the name "that". The result is -exported from context of the statement as usual. The above roughly -corresponds to a raw proof block like this: - - { - fix x :: 'a and y :: 'a - assume that: "A x" "B y" - have "C x y" - } - note result = this - -The keyword 'when' may be used instead of 'if', to indicate 'presume' -instead of 'assume' above. - -* Assumptions ('assume', 'presume') allow structured rule statements -using 'if' and 'for', similar to 'have' etc. above. For example: - - assume result: "C x y" - if "A x" and "B y" - for x :: 'a and y :: 'a - -This assumes "\x y::'a. A x \ B y \ C x y" and produces a general -result as usual: "A ?x \ B ?y \ C ?x ?y". - -Vacuous quantification in assumptions is omitted, i.e. a for-context -only effects propositions according to actual use of variables. For -example: - - assume "A x" and "B y" for x and y - -is equivalent to: - - assume "\x. A x" and "\y. B y" - -* The meaning of 'show' with Pure rule statements has changed: premises -are treated in the sense of 'assume', instead of 'presume'. This means, -a goal like "\x. A x \ B x \ C x" can be solved completely as -follows: - - show "\x. A x \ B x \ C x" - -or: - - show "C x" if "A x" "B x" for x - -Rare INCOMPATIBILITY, the old behaviour may be recovered as follows: - - show "C x" when "A x" "B x" for x - -* New command 'consider' states rules for generalized elimination and -case splitting. This is like a toplevel statement "theorem obtains" used -within a proof body; or like a multi-branch 'obtain' without activation -of the local context elements yet. - -* Proof method "cases" allows to specify the rule as first entry of -chained facts. This is particularly useful with 'consider': - - consider (a) A | (b) B | (c) C - then have something - proof cases - case a - then show ?thesis - next - case b - then show ?thesis - next - case c - then show ?thesis - qed - -* Command 'case' allows fact name and attribute specification like this: - - case a: (c xs) - case a [attributes]: (c xs) - -Facts that are introduced by invoking the case context are uniformly -qualified by "a"; the same name is used for the cumulative fact. The old -form "case (c xs) [attributes]" is no longer supported. Rare -INCOMPATIBILITY, need to adapt uses of case facts in exotic situations, -and always put attributes in front. - -* The standard proof method of commands 'proof' and '..' is now called -"standard" to make semantically clear what it is; the old name "default" -is still available as legacy for some time. Documentation now explains -'..' more accurately as "by standard" instead of "by rule". - -* Nesting of Isar goal structure has been clarified: the context after -the initial backwards refinement is retained for the whole proof, within -all its context sections (as indicated via 'next'). This is e.g. -relevant for 'using', 'including', 'supply': - - have "A \ A" if a: A for A - supply [simp] = a - proof - show A by simp - next - show A by simp - qed - -* Command 'obtain' binds term abbreviations (via 'is' patterns) in the -proof body as well, abstracted over relevant parameters. - -* Improved type-inference for theorem statement 'obtains': separate -parameter scope for of each clause. - -* Term abbreviations via 'is' patterns also work for schematic -statements: result is abstracted over unknowns. - -* Command 'subgoal' allows to impose some structure on backward -refinements, to avoid proof scripts degenerating into long of 'apply' -sequences. Further explanations and examples are given in the isar-ref -manual. - -* Command 'supply' supports fact definitions during goal refinement -('apply' scripts). - -* Proof method "goal_cases" turns the current subgoals into cases within -the context; the conclusion is bound to variable ?case in each case. For -example: - -lemma "\x. A x \ B x \ C x" - and "\y z. U y \ V z \ W y z" -proof goal_cases - case (1 x) - then show ?case using \A x\ \B x\ sorry -next - case (2 y z) - then show ?case using \U y\ \V z\ sorry -qed - -lemma "\x. A x \ B x \ C x" - and "\y z. U y \ V z \ W y z" -proof goal_cases - case prems: 1 - then show ?case using prems sorry -next - case prems: 2 - then show ?case using prems sorry -qed - -* The undocumented feature of implicit cases goal1, goal2, goal3, etc. -is marked as legacy, and will be removed eventually. The proof method -"goals" achieves a similar effect within regular Isar; often it can be -done more adequately by other means (e.g. 'consider'). - -* The vacuous fact "TERM x" may be established "by fact" or as `TERM x` -as well, not just "by this" or "." as before. - -* Method "sleep" succeeds after a real-time delay (in seconds). This is -occasionally useful for demonstration and testing purposes. - - -*** Pure *** - -* Qualifiers in locale expressions default to mandatory ('!') regardless -of the command. Previously, for 'locale' and 'sublocale' the default was -optional ('?'). The old synatx '!' has been discontinued. -INCOMPATIBILITY, remove '!' and add '?' as required. - -* Keyword 'rewrites' identifies rewrite morphisms in interpretation -commands. Previously, the keyword was 'where'. INCOMPATIBILITY. - -* More gentle suppression of syntax along locale morphisms while -printing terms. Previously 'abbreviation' and 'notation' declarations -would be suppressed for morphisms except term identity. Now -'abbreviation' is also kept for morphims that only change the involved -parameters, and only 'notation' is suppressed. This can be of great help -when working with complex locale hierarchies, because proof states are -displayed much more succinctly. It also means that only notation needs -to be redeclared if desired, as illustrated by this example: - - locale struct = fixes composition :: "'a => 'a => 'a" (infixl "\" 65) - begin - definition derived (infixl "\" 65) where ... - end - - locale morphism = - left: struct composition + right: struct composition' - for composition (infix "\" 65) and composition' (infix "\''" 65) - begin - notation right.derived ("\''") - end - -* Command 'global_interpretation' issues interpretations into global -theories, with optional rewrite definitions following keyword 'defines'. - -* Command 'sublocale' accepts optional rewrite definitions after keyword -'defines'. - -* Command 'permanent_interpretation' has been discontinued. Use -'global_interpretation' or 'sublocale' instead. INCOMPATIBILITY. - -* Command 'print_definitions' prints dependencies of definitional -specifications. This functionality used to be part of 'print_theory'. - -* Configuration option rule_insts_schematic has been discontinued -(intermediate legacy feature in Isabelle2015). INCOMPATIBILITY. - -* Abbreviations in type classes now carry proper sort constraint. Rare -INCOMPATIBILITY in situations where the previous misbehaviour has been -exploited. - -* Refinement of user-space type system in type classes: pseudo-local -operations behave more similar to abbreviations. Potential -INCOMPATIBILITY in exotic situations. - - -*** HOL *** - -* The 'typedef' command has been upgraded from a partially checked -"axiomatization", to a full definitional specification that takes the -global collection of overloaded constant / type definitions into -account. Type definitions with open dependencies on overloaded -definitions need to be specified as "typedef (overloaded)". This -provides extra robustness in theory construction. Rare INCOMPATIBILITY. - -* Qualification of various formal entities in the libraries is done more -uniformly via "context begin qualified definition ... end" instead of -old-style "hide_const (open) ...". Consequently, both the defined -constant and its defining fact become qualified, e.g. Option.is_none and -Option.is_none_def. Occasional INCOMPATIBILITY in applications. - -* Some old and rarely used ASCII replacement syntax has been removed. -INCOMPATIBILITY, standard syntax with symbols should be used instead. -The subsequent commands help to reproduce the old forms, e.g. to -simplify porting old theories: - - notation iff (infixr "<->" 25) - - notation Times (infixr "<*>" 80) - - type_notation Map.map (infixr "~=>" 0) - notation Map.map_comp (infixl "o'_m" 55) - - type_notation FinFun.finfun ("(_ =>f /_)" [22, 21] 21) - - notation FuncSet.funcset (infixr "->" 60) - notation FuncSet.extensional_funcset (infixr "->\<^sub>E" 60) - - notation Omega_Words_Fun.conc (infixr "conc" 65) - - notation Preorder.equiv ("op ~~") - and Preorder.equiv ("(_/ ~~ _)" [51, 51] 50) - - notation (in topological_space) tendsto (infixr "--->" 55) - notation (in topological_space) LIMSEQ ("((_)/ ----> (_))" [60, 60] 60) - notation LIM ("((_)/ -- (_)/ --> (_))" [60, 0, 60] 60) - - notation NSA.approx (infixl "@=" 50) - notation NSLIMSEQ ("((_)/ ----NS> (_))" [60, 60] 60) - notation NSLIM ("((_)/ -- (_)/ --NS> (_))" [60, 0, 60] 60) - -* The alternative notation "\" for type and sort constraints has been -removed: in LaTeX document output it looks the same as "::". -INCOMPATIBILITY, use plain "::" instead. - -* Commands 'inductive' and 'inductive_set' work better when names for -intro rules are omitted: the "cases" and "induct" rules no longer -declare empty case_names, but no case_names at all. This allows to use -numbered cases in proofs, without requiring method "goal_cases". - -* Inductive definitions ('inductive', 'coinductive', etc.) expose -low-level facts of the internal construction only if the option -"inductive_internals" is enabled. This refers to the internal predicate -definition and its monotonicity result. Rare INCOMPATIBILITY. - -* Recursive function definitions ('fun', 'function', 'partial_function') -expose low-level facts of the internal construction only if the option -"function_internals" is enabled. Its internal inductive definition is -also subject to "inductive_internals". Rare INCOMPATIBILITY. - -* BNF datatypes ('datatype', 'codatatype', etc.) expose low-level facts -of the internal construction only if the option "bnf_internals" is -enabled. This supersedes the former option "bnf_note_all". Rare -INCOMPATIBILITY. - -* Combinator to represent case distinction on products is named -"case_prod", uniformly, discontinuing any input aliasses. Very popular -theorem aliasses have been retained. - -Consolidated facts: - PairE ~> prod.exhaust - Pair_eq ~> prod.inject - pair_collapse ~> prod.collapse - Pair_fst_snd_eq ~> prod_eq_iff - split_twice ~> prod.case_distrib - split_weak_cong ~> prod.case_cong_weak - split_split ~> prod.split - split_split_asm ~> prod.split_asm - splitI ~> case_prodI - splitD ~> case_prodD - splitI2 ~> case_prodI2 - splitI2' ~> case_prodI2' - splitE ~> case_prodE - splitE' ~> case_prodE' - split_pair ~> case_prod_Pair - split_eta ~> case_prod_eta - split_comp ~> case_prod_comp - mem_splitI ~> mem_case_prodI - mem_splitI2 ~> mem_case_prodI2 - mem_splitE ~> mem_case_prodE - The_split ~> The_case_prod - cond_split_eta ~> cond_case_prod_eta - Collect_split_in_rel_leE ~> Collect_case_prod_in_rel_leE - Collect_split_in_rel_leI ~> Collect_case_prod_in_rel_leI - in_rel_Collect_split_eq ~> in_rel_Collect_case_prod_eq - Collect_split_Grp_eqD ~> Collect_case_prod_Grp_eqD - Collect_split_Grp_inD ~> Collect_case_prod_Grp_in - Domain_Collect_split ~> Domain_Collect_case_prod - Image_Collect_split ~> Image_Collect_case_prod - Range_Collect_split ~> Range_Collect_case_prod - Eps_split ~> Eps_case_prod - Eps_split_eq ~> Eps_case_prod_eq - split_rsp ~> case_prod_rsp - curry_split ~> curry_case_prod - split_curry ~> case_prod_curry - -Changes in structure HOLogic: - split_const ~> case_prod_const - mk_split ~> mk_case_prod - mk_psplits ~> mk_ptupleabs - strip_psplits ~> strip_ptupleabs - -INCOMPATIBILITY. - -* The coercions to type 'real' have been reorganised. The function -'real' is no longer overloaded, but has type 'nat => real' and -abbreviates of_nat for that type. Also 'real_of_int :: int => real' -abbreviates of_int for that type. Other overloaded instances of 'real' -have been replaced by 'real_of_ereal' and 'real_of_float'. - -Consolidated facts (among others): - real_of_nat_le_iff -> of_nat_le_iff - real_of_nat_numeral of_nat_numeral - real_of_int_zero of_int_0 - real_of_nat_zero of_nat_0 - real_of_one of_int_1 - real_of_int_add of_int_add - real_of_nat_add of_nat_add - real_of_int_diff of_int_diff - real_of_nat_diff of_nat_diff - floor_subtract floor_diff_of_int - real_of_int_inject of_int_eq_iff - real_of_int_gt_zero_cancel_iff of_int_0_less_iff - real_of_int_ge_zero_cancel_iff of_int_0_le_iff - real_of_nat_ge_zero of_nat_0_le_iff - real_of_int_ceiling_ge le_of_int_ceiling - ceiling_less_eq ceiling_less_iff - ceiling_le_eq ceiling_le_iff - less_floor_eq less_floor_iff - floor_less_eq floor_less_iff - floor_divide_eq_div floor_divide_of_int_eq - real_of_int_zero_cancel of_nat_eq_0_iff - ceiling_real_of_int ceiling_of_int - -INCOMPATIBILITY. - -* Theory Map: lemma map_of_is_SomeD was a clone of map_of_SomeD and has -been removed. INCOMPATIBILITY. - -* Quickcheck setup for finite sets. - -* Discontinued simp_legacy_precond. Potential INCOMPATIBILITY. - -* Sledgehammer: - - The MaSh relevance filter has been sped up. - - Proof reconstruction has been improved, to minimize the incidence of - cases where Sledgehammer gives a proof that does not work. - - Auto Sledgehammer now minimizes and preplays the results. - - Handle Vampire 4.0 proof output without raising exception. - - Eliminated "MASH" environment variable. Use the "MaSh" option in - Isabelle/jEdit instead. INCOMPATIBILITY. - - Eliminated obsolete "blocking" option and related subcommands. - -* Nitpick: - - Fixed soundness bug in translation of "finite" predicate. - - Fixed soundness bug in "destroy_constrs" optimization. - - Fixed soundness bug in translation of "rat" type. - - Removed "check_potential" and "check_genuine" options. - - Eliminated obsolete "blocking" option. - -* (Co)datatype package: - - New commands "lift_bnf" and "copy_bnf" for lifting (copying) a BNF - structure on the raw type to an abstract type defined using typedef. - - Always generate "case_transfer" theorem. - - For mutual types, generate slightly stronger "rel_induct", - "rel_coinduct", and "coinduct" theorems. INCOMPATIBILITY. - - Allow discriminators and selectors with the same name as the type - being defined. - - Avoid various internal name clashes (e.g., 'datatype f = f'). - -* Transfer: new methods for interactive debugging of 'transfer' and -'transfer_prover': 'transfer_start', 'transfer_step', 'transfer_end', -'transfer_prover_start' and 'transfer_prover_end'. - -* New diagnostic command print_record for displaying record definitions. - -* Division on integers is bootstrapped directly from division on -naturals and uses generic numeral algorithm for computations. Slight -INCOMPATIBILITY, simproc numeral_divmod replaces and generalizes former -simprocs binary_int_div and binary_int_mod - -* Tightened specification of class semiring_no_zero_divisors. Minor -INCOMPATIBILITY. - -* Class algebraic_semidom introduces common algebraic notions of -integral (semi)domains, particularly units. Although logically subsumed -by fields, is is not a super class of these in order not to burden -fields with notions that are trivial there. - -* Class normalization_semidom specifies canonical representants for -equivalence classes of associated elements in an integral (semi)domain. -This formalizes associated elements as well. - -* Abstract specification of gcd/lcm operations in classes semiring_gcd, -semiring_Gcd, semiring_Lcd. Minor INCOMPATIBILITY: facts gcd_nat.commute -and gcd_int.commute are subsumed by gcd.commute, as well as -gcd_nat.assoc and gcd_int.assoc by gcd.assoc. - -* Former constants Fields.divide (_ / _) and Divides.div (_ div _) are -logically unified to Rings.divide in syntactic type class Rings.divide, -with infix syntax (_ div _). Infix syntax (_ / _) for field division is -added later as abbreviation in class Fields.inverse. INCOMPATIBILITY, -instantiations must refer to Rings.divide rather than the former -separate constants, hence infix syntax (_ / _) is usually not available -during instantiation. - -* New cancellation simprocs for boolean algebras to cancel complementary -terms for sup and inf. For example, "sup x (sup y (- x))" simplifies to -"top". INCOMPATIBILITY. - -* Class uniform_space introduces uniform spaces btw topological spaces -and metric spaces. Minor INCOMPATIBILITY: open__def needs to be -introduced in the form of an uniformity. Some constants are more general -now, it may be necessary to add type class constraints. - - open_real_def \ open_dist - open_complex_def \ open_dist - -* Library/Monad_Syntax: notation uses symbols \ and \. INCOMPATIBILITY. - -* Library/Multiset: - - Renamed multiset inclusion operators: - < ~> <# - > ~> ># - <= ~> <=# - >= ~> >=# - \ ~> \# - \ ~> \# - INCOMPATIBILITY. - - Added multiset inclusion operator syntax: - \# - \# - \# - \# - - "'a multiset" is no longer an instance of the "order", - "ordered_ab_semigroup_add_imp_le", "ordered_cancel_comm_monoid_diff", - "semilattice_inf", and "semilattice_sup" type classes. The theorems - previously provided by these type classes (directly or indirectly) - are now available through the "subset_mset" interpretation - (e.g. add_mono ~> subset_mset.add_mono). - INCOMPATIBILITY. - - Renamed conversions: - multiset_of ~> mset - multiset_of_set ~> mset_set - set_of ~> set_mset - INCOMPATIBILITY - - Renamed lemmas: - mset_le_def ~> subseteq_mset_def - mset_less_def ~> subset_mset_def - less_eq_multiset.rep_eq ~> subseteq_mset_def - INCOMPATIBILITY - - Removed lemmas generated by lift_definition: - less_eq_multiset.abs_eq, less_eq_multiset.rsp, - less_eq_multiset.transfer, less_eq_multiset_def - INCOMPATIBILITY - -* Library/Omega_Words_Fun: Infinite words modeled as functions nat \ 'a. - -* Library/Bourbaki_Witt_Fixpoint: Added formalisation of the -Bourbaki-Witt fixpoint theorem for increasing functions in -chain-complete partial orders. - -* Library/Old_Recdef: discontinued obsolete 'defer_recdef' command. -Minor INCOMPATIBILITY, use 'function' instead. - -* Library/Periodic_Fun: a locale that provides convenient lemmas for -periodic functions. - -* Library/Formal_Power_Series: proper definition of division (with -remainder) for formal power series; instances for Euclidean Ring and -GCD. - -* HOL-Imperative_HOL: obsolete theory Legacy_Mrec has been removed. - -* HOL-Statespace: command 'statespace' uses mandatory qualifier for -import of parent, as for general 'locale' expressions. INCOMPATIBILITY, -remove '!' and add '?' as required. - -* HOL-Decision_Procs: The "approximation" method works with "powr" -(exponentiation on real numbers) again. - -* HOL-Multivariate_Analysis: theory Cauchy_Integral_Thm with Contour -integrals (= complex path integrals), Cauchy's integral theorem, winding -numbers and Cauchy's integral formula, Liouville theorem, Fundamental -Theorem of Algebra. Ported from HOL Light. - -* HOL-Multivariate_Analysis: topological concepts such as connected -components, homotopic paths and the inside or outside of a set. - -* HOL-Multivariate_Analysis: radius of convergence of power series and -various summability tests; Harmonic numbers and the Euler–Mascheroni -constant; the Generalised Binomial Theorem; the complex and real -Gamma/log-Gamma/Digamma/ Polygamma functions and their most important -properties. - -* HOL-Probability: The central limit theorem based on Levy's uniqueness -and continuity theorems, weak convergence, and characterisitc functions. - -* HOL-Data_Structures: new and growing session of standard data -structures. - - -*** ML *** - -* The following combinators for low-level profiling of the ML runtime -system are available: - - profile_time (*CPU time*) - profile_time_thread (*CPU time on this thread*) - profile_allocations (*overall heap allocations*) - -* Antiquotation @{undefined} or \<^undefined> inlines (raise Match). - -* Antiquotation @{method NAME} inlines the (checked) name of the given -Isar proof method. - -* Pretty printing of Poly/ML compiler output in Isabelle has been -improved: proper treatment of break offsets and blocks with consistent -breaks. - -* The auxiliary module Pure/display.ML has been eliminated. Its -elementary thm print operations are now in Pure/more_thm.ML and thus -called Thm.pretty_thm, Thm.string_of_thm etc. INCOMPATIBILITY. - -* Simproc programming interfaces have been simplified: -Simplifier.make_simproc and Simplifier.define_simproc supersede various -forms of Simplifier.mk_simproc, Simplifier.simproc_global etc. Note that -term patterns for the left-hand sides are specified with implicitly -fixed variables, like top-level theorem statements. INCOMPATIBILITY. - -* Instantiation rules have been re-organized as follows: - - Thm.instantiate (*low-level instantiation with named arguments*) - Thm.instantiate' (*version with positional arguments*) - - Drule.infer_instantiate (*instantiation with type inference*) - Drule.infer_instantiate' (*version with positional arguments*) - -The LHS only requires variable specifications, instead of full terms. -Old cterm_instantiate is superseded by infer_instantiate. -INCOMPATIBILITY, need to re-adjust some ML names and types accordingly. - -* Old tactic shorthands atac, rtac, etac, dtac, ftac have been -discontinued. INCOMPATIBILITY, use regular assume_tac, resolve_tac etc. -instead (with proper context). - -* Thm.instantiate (and derivatives) no longer require the LHS of the -instantiation to be certified: plain variables are given directly. - -* Subgoal.SUBPROOF and Subgoal.FOCUS combinators use anonymous -quasi-bound variables (like the Simplifier), instead of accidentally -named local fixes. This has the potential to improve stability of proof -tools, but can also cause INCOMPATIBILITY for tools that don't observe -the proof context discipline. - -* Isar proof methods are based on a slightly more general type -context_tactic, which allows to change the proof context dynamically -(e.g. to update cases) and indicate explicit Seq.Error results. Former -METHOD_CASES is superseded by CONTEXT_METHOD; further combinators are -provided in src/Pure/Isar/method.ML for convenience. INCOMPATIBILITY. - - -*** System *** - -* Command-line tool "isabelle console" enables print mode "ASCII". - -* Command-line tool "isabelle update_then" expands old Isar command -conflations: - - hence ~> then have - thus ~> then show - -This syntax is more orthogonal and improves readability and -maintainability of proofs. - -* Global session timeout is multiplied by timeout_scale factor. This -allows to adjust large-scale tests (e.g. AFP) to overall hardware -performance. - -* Property values in etc/symbols may contain spaces, if written with the -replacement character "␣" (Unicode point 0x2324). For example: - - \ code: 0x0022c6 group: operator font: Deja␣Vu␣Sans␣Mono - -* Java runtime environment for x86_64-windows allows to use larger heap -space. - -* Java runtime options are determined separately for 32bit vs. 64bit -platforms as follows. - - - Isabelle desktop application: platform-specific files that are - associated with the main app bundle - - - isabelle jedit: settings - JEDIT_JAVA_SYSTEM_OPTIONS - JEDIT_JAVA_OPTIONS32 vs. JEDIT_JAVA_OPTIONS64 - - - isabelle build: settings - ISABELLE_BUILD_JAVA_OPTIONS32 vs. ISABELLE_BUILD_JAVA_OPTIONS64 - -* Bash shell function "jvmpath" has been renamed to "platform_path": it -is relevant both for Poly/ML and JVM processes. - -* Poly/ML default platform architecture may be changed from 32bit to -64bit via system option ML_system_64. A system restart (and rebuild) is -required after change. - -* Poly/ML 5.6 runs natively on x86-windows and x86_64-windows, which -both allow larger heap space than former x86-cygwin. - -* Heap images are 10-15% smaller due to less wasteful persistent theory -content (using ML type theory_id instead of theory); - - - -New in Isabelle2015 (May 2015) ------------------------------- - -*** General *** - -* Local theory specification commands may have a 'private' or -'qualified' modifier to restrict name space accesses to the local scope, -as provided by some "context begin ... end" block. For example: - - context - begin - - private definition ... - private lemma ... - - qualified definition ... - qualified lemma ... - - lemma ... - theorem ... - - end - -* Command 'experiment' opens an anonymous locale context with private -naming policy. - -* Command 'notepad' requires proper nesting of begin/end and its proof -structure in the body: 'oops' is no longer supported here. Minor -INCOMPATIBILITY, use 'sorry' instead. - -* Command 'named_theorems' declares a dynamic fact within the context, -together with an attribute to maintain the content incrementally. This -supersedes functor Named_Thms in Isabelle/ML, but with a subtle change -of semantics due to external visual order vs. internal reverse order. - -* 'find_theorems': search patterns which are abstractions are -schematically expanded before search. Search results match the naive -expectation more closely, particularly wrt. abbreviations. -INCOMPATIBILITY. - -* Commands 'method_setup' and 'attribute_setup' now work within a local -theory context. - -* Outer syntax commands are managed authentically within the theory -context, without implicit global state. Potential for accidental -INCOMPATIBILITY, make sure that required theories are really imported. - -* Historical command-line terminator ";" is no longer accepted (and -already used differently in Isar). Minor INCOMPATIBILITY, use "isabelle -update_semicolons" to remove obsolete semicolons from old theory -sources. - -* Structural composition of proof methods (meth1; meth2) in Isar -corresponds to (tac1 THEN_ALL_NEW tac2) in ML. - -* The Eisbach proof method language allows to define new proof methods -by combining existing ones with their usual syntax. The "match" proof -method provides basic fact/term matching in addition to -premise/conclusion matching through Subgoal.focus, and binds fact names -from matches as well as term patterns within matches. The Isabelle -documentation provides an entry "eisbach" for the Eisbach User Manual. -Sources and various examples are in ~~/src/HOL/Eisbach/. - - -*** Prover IDE -- Isabelle/Scala/jEdit *** - -* Improved folding mode "isabelle" based on Isar syntax. Alternatively, -the "sidekick" mode may be used for document structure. - -* Extended bracket matching based on Isar language structure. System -option jedit_structure_limit determines maximum number of lines to scan -in the buffer. - -* Support for BibTeX files: context menu, context-sensitive token -marker, SideKick parser. - -* Document antiquotation @{cite} provides formal markup, which is -interpreted semi-formally based on .bib files that happen to be open in -the editor (hyperlinks, completion etc.). - -* Less waste of vertical space via negative line spacing (see Global -Options / Text Area). - -* Improved graphview panel with optional output of PNG or PDF, for -display of 'thy_deps', 'class_deps' etc. - -* The commands 'thy_deps' and 'class_deps' allow optional bounds to -restrict the visualized hierarchy. - -* Improved scheduling for asynchronous print commands (e.g. provers -managed by the Sledgehammer panel) wrt. ongoing document processing. - - -*** Document preparation *** - -* Document markup commands 'chapter', 'section', 'subsection', -'subsubsection', 'text', 'txt', 'text_raw' work uniformly in any -context, even before the initial 'theory' command. Obsolete proof -commands 'sect', 'subsect', 'subsubsect', 'txt_raw' have been -discontinued, use 'section', 'subsection', 'subsubsection', 'text_raw' -instead. The old 'header' command is still retained for some time, but -should be replaced by 'chapter', 'section' etc. (using "isabelle -update_header"). Minor INCOMPATIBILITY. - -* Official support for "tt" style variants, via \isatt{...} or -\begin{isabellett}...\end{isabellett}. The somewhat fragile \verb or -verbatim environment of LaTeX is no longer used. This allows @{ML} etc. -as argument to other macros (such as footnotes). - -* Document antiquotation @{verbatim} prints ASCII text literally in "tt" -style. - -* Discontinued obsolete option "document_graph": session_graph.pdf is -produced unconditionally for HTML browser_info and PDF-LaTeX document. - -* Diagnostic commands and document markup commands within a proof do not -affect the command tag for output. Thus commands like 'thm' are subject -to proof document structure, and no longer "stick out" accidentally. -Commands 'text' and 'txt' merely differ in the LaTeX style, not their -tags. Potential INCOMPATIBILITY in exotic situations. - -* System option "pretty_margin" is superseded by "thy_output_margin", -which is also accessible via document antiquotation option "margin". -Only the margin for document output may be changed, but not the global -pretty printing: that is 76 for plain console output, and adapted -dynamically in GUI front-ends. Implementations of document -antiquotations need to observe the margin explicitly according to -Thy_Output.string_of_margin. Minor INCOMPATIBILITY. - -* Specification of 'document_files' in the session ROOT file is -mandatory for document preparation. The legacy mode with implicit -copying of the document/ directory is no longer supported. Minor -INCOMPATIBILITY. - - -*** Pure *** - -* Proof methods with explicit instantiation ("rule_tac", "subgoal_tac" -etc.) allow an optional context of local variables ('for' declaration): -these variables become schematic in the instantiated theorem; this -behaviour is analogous to 'for' in attributes "where" and "of". -Configuration option rule_insts_schematic (default false) controls use -of schematic variables outside the context. Minor INCOMPATIBILITY, -declare rule_insts_schematic = true temporarily and update to use local -variable declarations or dummy patterns instead. - -* Explicit instantiation via attributes "where", "of", and proof methods -"rule_tac" with derivatives like "subgoal_tac" etc. admit dummy patterns -("_") that stand for anonymous local variables. - -* Generated schematic variables in standard format of exported facts are -incremented to avoid material in the proof context. Rare -INCOMPATIBILITY, explicit instantiation sometimes needs to refer to -different index. - -* Lexical separation of signed and unsigned numerals: categories "num" -and "float" are unsigned. INCOMPATIBILITY: subtle change in precedence -of numeral signs, particularly in expressions involving infix syntax -like "(- 1) ^ n". - -* Old inner token category "xnum" has been discontinued. Potential -INCOMPATIBILITY for exotic syntax: may use mixfix grammar with "num" -token category instead. - - -*** HOL *** - -* New (co)datatype package: - - The 'datatype_new' command has been renamed 'datatype'. The old - command of that name is now called 'old_datatype' and is provided - by "~~/src/HOL/Library/Old_Datatype.thy". See - 'isabelle doc datatypes' for information on porting. - INCOMPATIBILITY. - - Renamed theorems: - disc_corec ~> corec_disc - disc_corec_iff ~> corec_disc_iff - disc_exclude ~> distinct_disc - disc_exhaust ~> exhaust_disc - disc_map_iff ~> map_disc_iff - sel_corec ~> corec_sel - sel_exhaust ~> exhaust_sel - sel_map ~> map_sel - sel_set ~> set_sel - sel_split ~> split_sel - sel_split_asm ~> split_sel_asm - strong_coinduct ~> coinduct_strong - weak_case_cong ~> case_cong_weak - INCOMPATIBILITY. - - The "no_code" option to "free_constructors", "datatype_new", and - "codatatype" has been renamed "plugins del: code". - INCOMPATIBILITY. - - The rules "set_empty" have been removed. They are easy - consequences of other set rules "by auto". - INCOMPATIBILITY. - - The rule "set_cases" is now registered with the "[cases set]" - attribute. This can influence the behavior of the "cases" proof - method when more than one case rule is applicable (e.g., an - assumption is of the form "w : set ws" and the method "cases w" - is invoked). The solution is to specify the case rule explicitly - (e.g. "cases w rule: widget.exhaust"). - INCOMPATIBILITY. - - Renamed theories: - BNF_Comp ~> BNF_Composition - BNF_FP_Base ~> BNF_Fixpoint_Base - BNF_GFP ~> BNF_Greatest_Fixpoint - BNF_LFP ~> BNF_Least_Fixpoint - BNF_Constructions_on_Wellorders ~> BNF_Wellorder_Constructions - Cardinals/Constructions_on_Wellorders ~> Cardinals/Wellorder_Constructions - INCOMPATIBILITY. - - Lifting and Transfer setup for basic HOL types sum and prod (also - option) is now performed by the BNF package. Theories Lifting_Sum, - Lifting_Product and Lifting_Option from Main became obsolete and - were removed. Changed definitions of the relators rel_prod and - rel_sum (using inductive). - INCOMPATIBILITY: use rel_prod.simps and rel_sum.simps instead - of rel_prod_def and rel_sum_def. - Minor INCOMPATIBILITY: (rarely used by name) transfer theorem names - changed (e.g. map_prod_transfer ~> prod.map_transfer). - - Parametricity theorems for map functions, relators, set functions, - constructors, case combinators, discriminators, selectors and - (co)recursors are automatically proved and registered as transfer - rules. - -* Old datatype package: - - The old 'datatype' command has been renamed 'old_datatype', and - 'rep_datatype' has been renamed 'old_rep_datatype'. They are - provided by "~~/src/HOL/Library/Old_Datatype.thy". See - 'isabelle doc datatypes' for information on porting. - INCOMPATIBILITY. - - Renamed theorems: - weak_case_cong ~> case_cong_weak - INCOMPATIBILITY. - - Renamed theory: - ~~/src/HOL/Datatype.thy ~> ~~/src/HOL/Library/Old_Datatype.thy - INCOMPATIBILITY. - -* Nitpick: - - Fixed soundness bug related to the strict and non-strict subset - operations. - -* Sledgehammer: - - CVC4 is now included with Isabelle instead of CVC3 and run by - default. - - Z3 is now always enabled by default, now that it is fully open - source. The "z3_non_commercial" option is discontinued. - - Minimization is now always enabled by default. - Removed sub-command: - min - - Proof reconstruction, both one-liners and Isar, has been - dramatically improved. - - Improved support for CVC4 and veriT. - -* Old and new SMT modules: - - The old 'smt' method has been renamed 'old_smt' and moved to - 'src/HOL/Library/Old_SMT.thy'. It is provided for compatibility, - until applications have been ported to use the new 'smt' method. For - the method to work, an older version of Z3 (e.g. Z3 3.2 or 4.0) must - be installed, and the environment variable "OLD_Z3_SOLVER" must - point to it. - INCOMPATIBILITY. - - The 'smt2' method has been renamed 'smt'. - INCOMPATIBILITY. - - New option 'smt_reconstruction_step_timeout' to limit the - reconstruction time of Z3 proof steps in the new 'smt' method. - - New option 'smt_statistics' to display statistics of the new 'smt' - method, especially runtime statistics of Z3 proof reconstruction. - -* Lifting: command 'lift_definition' allows to execute lifted constants -that have as a return type a datatype containing a subtype. This -overcomes long-time limitations in the area of code generation and -lifting, and avoids tedious workarounds. - -* Command and antiquotation "value" provide different evaluation slots -(again), where the previous strategy (NBE after ML) serves as default. -Minor INCOMPATIBILITY. - -* Add NO_MATCH-simproc, allows to check for syntactic non-equality. - -* field_simps: Use NO_MATCH-simproc for distribution rules, to avoid -non-termination in case of distributing a division. With this change -field_simps is in some cases slightly less powerful, if it fails try to -add algebra_simps, or use divide_simps. Minor INCOMPATIBILITY. - -* Separate class no_zero_divisors has been given up in favour of fully -algebraic semiring_no_zero_divisors. INCOMPATIBILITY. - -* Class linordered_semidom really requires no zero divisors. -INCOMPATIBILITY. - -* Classes division_ring, field and linordered_field always demand -"inverse 0 = 0". Given up separate classes division_ring_inverse_zero, -field_inverse_zero and linordered_field_inverse_zero. INCOMPATIBILITY. - -* Classes cancel_ab_semigroup_add / cancel_monoid_add specify explicit -additive inverse operation. INCOMPATIBILITY. - -* Complex powers and square roots. The functions "ln" and "powr" are now -overloaded for types real and complex, and 0 powr y = 0 by definition. -INCOMPATIBILITY: type constraints may be necessary. - -* The functions "sin" and "cos" are now defined for any type of sort -"{real_normed_algebra_1,banach}" type, so in particular on "real" and -"complex" uniformly. Minor INCOMPATIBILITY: type constraints may be -needed. - -* New library of properties of the complex transcendental functions sin, -cos, tan, exp, Ln, Arctan, Arcsin, Arccos. Ported from HOL Light. - -* The factorial function, "fact", now has type "nat => 'a" (of a sort -that admits numeric types including nat, int, real and complex. -INCOMPATIBILITY: an expression such as "fact 3 = 6" may require a type -constraint, and the combination "real (fact k)" is likely to be -unsatisfactory. If a type conversion is still necessary, then use -"of_nat (fact k)" or "real_of_nat (fact k)". - -* Removed functions "natfloor" and "natceiling", use "nat o floor" and -"nat o ceiling" instead. A few of the lemmas have been retained and -adapted: in their names "natfloor"/"natceiling" has been replaced by -"nat_floor"/"nat_ceiling". - -* Qualified some duplicated fact names required for boostrapping the -type class hierarchy: - ab_add_uminus_conv_diff ~> diff_conv_add_uminus - field_inverse_zero ~> inverse_zero - field_divide_inverse ~> divide_inverse - field_inverse ~> left_inverse -Minor INCOMPATIBILITY. - -* Eliminated fact duplicates: - mult_less_imp_less_right ~> mult_right_less_imp_less - mult_less_imp_less_left ~> mult_left_less_imp_less -Minor INCOMPATIBILITY. - -* Fact consolidation: even_less_0_iff is subsumed by -double_add_less_zero_iff_single_add_less_zero (simp by default anyway). - -* Generalized and consolidated some theorems concerning divsibility: - dvd_reduce ~> dvd_add_triv_right_iff - dvd_plus_eq_right ~> dvd_add_right_iff - dvd_plus_eq_left ~> dvd_add_left_iff -Minor INCOMPATIBILITY. - -* "even" and "odd" are mere abbreviations for "2 dvd _" and "~ 2 dvd _" -and part of theory Main. - even_def ~> even_iff_mod_2_eq_zero -INCOMPATIBILITY. - -* Lemma name consolidation: divide_Numeral1 ~> divide_numeral_1. Minor -INCOMPATIBILITY. - -* Bootstrap of listsum as special case of abstract product over lists. -Fact rename: - listsum_def ~> listsum.eq_foldr -INCOMPATIBILITY. - -* Product over lists via constant "listprod". - -* Theory List: renamed drop_Suc_conv_tl and nth_drop' to -Cons_nth_drop_Suc. - -* New infrastructure for compiling, running, evaluating and testing -generated code in target languages in HOL/Library/Code_Test. See -HOL/Codegenerator_Test/Code_Test* for examples. - -* Library/Multiset: - - Introduced "replicate_mset" operation. - - Introduced alternative characterizations of the multiset ordering in - "Library/Multiset_Order". - - Renamed multiset ordering: - <# ~> #<# - <=# ~> #<=# - \# ~> #\# - \# ~> #\# - INCOMPATIBILITY. - - Introduced abbreviations for ill-named multiset operations: - <#, \# abbreviate < (strict subset) - <=#, \#, \# abbreviate <= (subset or equal) - INCOMPATIBILITY. - - Renamed - in_multiset_of ~> in_multiset_in_set - Multiset.fold ~> fold_mset - Multiset.filter ~> filter_mset - INCOMPATIBILITY. - - Removed mcard, is equal to size. - - Added attributes: - image_mset.id [simp] - image_mset_id [simp] - elem_multiset_of_set [simp, intro] - comp_fun_commute_plus_mset [simp] - comp_fun_commute.fold_mset_insert [OF comp_fun_commute_plus_mset, simp] - in_mset_fold_plus_iff [iff] - set_of_Union_mset [simp] - in_Union_mset_iff [iff] - INCOMPATIBILITY. - -* Library/Sum_of_Squares: simplified and improved "sos" method. Always -use local CSDP executable, which is much faster than the NEOS server. -The "sos_cert" functionality is invoked as "sos" with additional -argument. Minor INCOMPATIBILITY. - -* HOL-Decision_Procs: New counterexample generator quickcheck -[approximation] for inequalities of transcendental functions. Uses -hardware floating point arithmetic to randomly discover potential -counterexamples. Counterexamples are certified with the "approximation" -method. See HOL/Decision_Procs/ex/Approximation_Quickcheck_Ex.thy for -examples. - -* HOL-Probability: Reworked measurability prover - - applies destructor rules repeatedly - - removed application splitting (replaced by destructor rule) - - added congruence rules to rewrite measure spaces under the sets - projection - -* New proof method "rewrite" (in theory ~~/src/HOL/Library/Rewrite) for -single-step rewriting with subterm selection based on patterns. - - -*** ML *** - -* Subtle change of name space policy: undeclared entries are now -considered inaccessible, instead of accessible via the fully-qualified -internal name. This mainly affects Name_Space.intern (and derivatives), -which may produce an unexpected Long_Name.hidden prefix. Note that -contemporary applications use the strict Name_Space.check (and -derivatives) instead, which is not affected by the change. Potential -INCOMPATIBILITY in rare applications of Name_Space.intern. - -* Subtle change of error semantics of Toplevel.proof_of: regular user -ERROR instead of internal Toplevel.UNDEF. - -* Basic combinators map, fold, fold_map, split_list, apply are available -as parameterized antiquotations, e.g. @{map 4} for lists of quadruples. - -* Renamed "pairself" to "apply2", in accordance to @{apply 2}. -INCOMPATIBILITY. - -* Former combinators NAMED_CRITICAL and CRITICAL for central critical -sections have been discontinued, in favour of the more elementary -Multithreading.synchronized and its high-level derivative -Synchronized.var (which is usually sufficient in applications). Subtle -INCOMPATIBILITY: synchronized access needs to be atomic and cannot be -nested. - -* Synchronized.value (ML) is actually synchronized (as in Scala): subtle -change of semantics with minimal potential for INCOMPATIBILITY. - -* The main operations to certify logical entities are Thm.ctyp_of and -Thm.cterm_of with a local context; old-style global theory variants are -available as Thm.global_ctyp_of and Thm.global_cterm_of. -INCOMPATIBILITY. - -* Elementary operations in module Thm are no longer pervasive. -INCOMPATIBILITY, need to use qualified Thm.prop_of, Thm.cterm_of, -Thm.term_of etc. - -* Proper context for various elementary tactics: assume_tac, -resolve_tac, eresolve_tac, dresolve_tac, forward_tac, match_tac, -compose_tac, Splitter.split_tac etc. INCOMPATIBILITY. - -* Tactical PARALLEL_ALLGOALS is the most common way to refer to -PARALLEL_GOALS. - -* Goal.prove_multi is superseded by the fully general Goal.prove_common, -which also allows to specify a fork priority. - -* Antiquotation @{command_spec "COMMAND"} is superseded by -@{command_keyword COMMAND} (usually without quotes and with PIDE -markup). Minor INCOMPATIBILITY. - -* Cartouches within ML sources are turned into values of type -Input.source (with formal position information). - - -*** System *** - -* The Isabelle tool "update_cartouches" changes theory files to use -cartouches instead of old-style {* verbatim *} or `alt_string` tokens. - -* The Isabelle tool "build" provides new options -X, -k, -x. - -* Discontinued old-fashioned "codegen" tool. Code generation can always -be externally triggered using an appropriate ROOT file plus a -corresponding theory. Parametrization is possible using environment -variables, or ML snippets in the most extreme cases. Minor -INCOMPATIBILITY. - -* JVM system property "isabelle.threads" determines size of Scala thread -pool, like Isabelle system option "threads" for ML. - -* JVM system property "isabelle.laf" determines the default Swing -look-and-feel, via internal class name or symbolic name as in the jEdit -menu Global Options / Appearance. - -* Support for Proof General and Isar TTY loop has been discontinued. -Minor INCOMPATIBILITY, use standard PIDE infrastructure instead. - - - -New in Isabelle2014 (August 2014) ---------------------------------- - -*** General *** - -* Support for official Standard ML within the Isabelle context. -Command 'SML_file' reads and evaluates the given Standard ML file. -Toplevel bindings are stored within the theory context; the initial -environment is restricted to the Standard ML implementation of -Poly/ML, without the add-ons of Isabelle/ML. Commands 'SML_import' -and 'SML_export' allow to exchange toplevel bindings between the two -separate environments. See also ~~/src/Tools/SML/Examples.thy for -some examples. - -* Standard tactics and proof methods such as "clarsimp", "auto" and -"safe" now preserve equality hypotheses "x = expr" where x is a free -variable. Locale assumptions and chained facts containing "x" -continue to be useful. The new method "hypsubst_thin" and the -configuration option "hypsubst_thin" (within the attribute name space) -restore the previous behavior. INCOMPATIBILITY, especially where -induction is done after these methods or when the names of free and -bound variables clash. As first approximation, old proofs may be -repaired by "using [[hypsubst_thin = true]]" in the critical spot. - -* More static checking of proof methods, which allows the system to -form a closure over the concrete syntax. Method arguments should be -processed in the original proof context as far as possible, before -operating on the goal state. In any case, the standard discipline for -subgoal-addressing needs to be observed: no subgoals or a subgoal -number that is out of range produces an empty result sequence, not an -exception. Potential INCOMPATIBILITY for non-conformant tactical -proof tools. - -* Lexical syntax (inner and outer) supports text cartouches with -arbitrary nesting, and without escapes of quotes etc. The Prover IDE -supports input via ` (backquote). - -* The outer syntax categories "text" (for formal comments and document -markup commands) and "altstring" (for literal fact references) allow -cartouches as well, in addition to the traditional mix of quotations. - -* Syntax of document antiquotation @{rail} now uses \ instead -of "\\", to avoid the optical illusion of escaped backslash within -string token. General renovation of its syntax using text cartouches. -Minor INCOMPATIBILITY. - -* Discontinued legacy_isub_isup, which was a temporary workaround for -Isabelle/ML in Isabelle2013-1. The prover process no longer accepts -old identifier syntax with \<^isub> or \<^isup>. Potential -INCOMPATIBILITY. - -* Document antiquotation @{url} produces markup for the given URL, -which results in an active hyperlink within the text. - -* Document antiquotation @{file_unchecked} is like @{file}, but does -not check existence within the file-system. - -* Updated and extended manuals: codegen, datatypes, implementation, -isar-ref, jedit, system. - - -*** Prover IDE -- Isabelle/Scala/jEdit *** - -* Improved Document panel: simplified interaction where every single -mouse click (re)opens document via desktop environment or as jEdit -buffer. - -* Support for Navigator plugin (with toolbar buttons), with connection -to PIDE hyperlinks. - -* Auxiliary files ('ML_file' etc.) are managed by the Prover IDE. -Open text buffers take precedence over copies within the file-system. - -* Improved support for Isabelle/ML, with jEdit mode "isabelle-ml" for -auxiliary ML files. - -* Improved syntactic and semantic completion mechanism, with simple -templates, completion language context, name-space completion, -file-name completion, spell-checker completion. - -* Refined GUI popup for completion: more robust key/mouse event -handling and propagation to enclosing text area -- avoid loosing -keystrokes with slow / remote graphics displays. - -* Completion popup supports both ENTER and TAB (default) to select an -item, depending on Isabelle options. - -* Refined insertion of completion items wrt. jEdit text: multiple -selections, rectangular selections, rectangular selection as "tall -caret". - -* Integrated spell-checker for document text, comments etc. with -completion popup and context-menu. - -* More general "Query" panel supersedes "Find" panel, with GUI access -to commands 'find_theorems' and 'find_consts', as well as print -operations for the context. Minor incompatibility in keyboard -shortcuts etc.: replace action isabelle-find by isabelle-query. - -* Search field for all output panels ("Output", "Query", "Info" etc.) -to highlight text via regular expression. - -* Option "jedit_print_mode" (see also "Plugin Options / Isabelle / -General") allows to specify additional print modes for the prover -process, without requiring old-fashioned command-line invocation of -"isabelle jedit -m MODE". - -* More support for remote files (e.g. http) using standard Java -networking operations instead of jEdit virtual file-systems. - -* Empty editors buffers that are no longer required (e.g.\ via theory -imports) are automatically removed from the document model. - -* Improved monitor panel. - -* Improved Console/Scala plugin: more uniform scala.Console output, -more robust treatment of threads and interrupts. - -* Improved management of dockable windows: clarified keyboard focus -and window placement wrt. main editor view; optional menu item to -"Detach" a copy where this makes sense. - -* New Simplifier Trace panel provides an interactive view of the -simplification process, enabled by the "simp_trace_new" attribute -within the context. - - -*** Pure *** - -* Low-level type-class commands 'classes', 'classrel', 'arities' have -been discontinued to avoid the danger of non-trivial axiomatization -that is not immediately visible. INCOMPATIBILITY, use regular -'instance' command with proof. The required OFCLASS(...) theorem -might be postulated via 'axiomatization' beforehand, or the proof -finished trivially if the underlying class definition is made vacuous -(without any assumptions). See also Isabelle/ML operations -Axclass.class_axiomatization, Axclass.classrel_axiomatization, -Axclass.arity_axiomatization. - -* Basic constants of Pure use more conventional names and are always -qualified. Rare INCOMPATIBILITY, but with potentially serious -consequences, notably for tools in Isabelle/ML. The following -renaming needs to be applied: - - == ~> Pure.eq - ==> ~> Pure.imp - all ~> Pure.all - TYPE ~> Pure.type - dummy_pattern ~> Pure.dummy_pattern - -Systematic porting works by using the following theory setup on a -*previous* Isabelle version to introduce the new name accesses for the -old constants: - -setup {* - fn thy => thy - |> Sign.root_path - |> Sign.const_alias (Binding.qualify true "Pure" @{binding eq}) "==" - |> Sign.const_alias (Binding.qualify true "Pure" @{binding imp}) "==>" - |> Sign.const_alias (Binding.qualify true "Pure" @{binding all}) "all" - |> Sign.restore_naming thy -*} - -Thus ML antiquotations like @{const_name Pure.eq} may be used already. -Later the application is moved to the current Isabelle version, and -the auxiliary aliases are deleted. - -* Attributes "where" and "of" allow an optional context of local -variables ('for' declaration): these variables become schematic in the -instantiated theorem. - -* Obsolete attribute "standard" has been discontinued (legacy since -Isabelle2012). Potential INCOMPATIBILITY, use explicit 'for' context -where instantiations with schematic variables are intended (for -declaration commands like 'lemmas' or attributes like "of"). The -following temporary definition may help to port old applications: - - attribute_setup standard = - "Scan.succeed (Thm.rule_attribute (K Drule.export_without_context))" - -* More thorough check of proof context for goal statements and -attributed fact expressions (concerning background theory, declared -hyps). Potential INCOMPATIBILITY, tools need to observe standard -context discipline. See also Assumption.add_assumes and the more -primitive Thm.assume_hyps. - -* Inner syntax token language allows regular quoted strings "..." -(only makes sense in practice, if outer syntax is delimited -differently, e.g. via cartouches). - -* Command 'print_term_bindings' supersedes 'print_binds' for clarity, -but the latter is retained some time as Proof General legacy. - -* Code generator preprocessor: explicit control of simp tracing on a -per-constant basis. See attribute "code_preproc". - - -*** HOL *** - -* Code generator: enforce case of identifiers only for strict target -language requirements. INCOMPATIBILITY. - -* Code generator: explicit proof contexts in many ML interfaces. -INCOMPATIBILITY. - -* Code generator: minimize exported identifiers by default. Minor -INCOMPATIBILITY. - -* Code generation for SML and OCaml: dropped arcane "no_signatures" -option. Minor INCOMPATIBILITY. - -* "declare [[code abort: ...]]" replaces "code_abort ...". -INCOMPATIBILITY. - -* "declare [[code drop: ...]]" drops all code equations associated -with the given constants. - -* Code generations are provided for make, fields, extend and truncate -operations on records. - -* Command and antiquotation "value" are now hardcoded against nbe and -ML. Minor INCOMPATIBILITY. - -* Renamed command 'enriched_type' to 'functor'. INCOMPATIBILITY. - -* The symbol "\" may be used within char or string literals -to represent (Char Nibble0 NibbleA), i.e. ASCII newline. - -* Qualified String.implode and String.explode. INCOMPATIBILITY. - -* Simplifier: Enhanced solver of preconditions of rewrite rules can -now deal with conjunctions. For help with converting proofs, the old -behaviour of the simplifier can be restored like this: declare/using -[[simp_legacy_precond]]. This configuration option will disappear -again in the future. INCOMPATIBILITY. - -* Simproc "finite_Collect" is no longer enabled by default, due to -spurious crashes and other surprises. Potential INCOMPATIBILITY. - -* Moved new (co)datatype package and its dependencies from session - "HOL-BNF" to "HOL". The commands 'bnf', 'wrap_free_constructors', - 'datatype_new', 'codatatype', 'primcorec', 'primcorecursive' are now - part of theory "Main". - - Theory renamings: - FunDef.thy ~> Fun_Def.thy (and Fun_Def_Base.thy) - Library/Wfrec.thy ~> Wfrec.thy - Library/Zorn.thy ~> Zorn.thy - Cardinals/Order_Relation.thy ~> Order_Relation.thy - Library/Order_Union.thy ~> Cardinals/Order_Union.thy - Cardinals/Cardinal_Arithmetic_Base.thy ~> BNF_Cardinal_Arithmetic.thy - Cardinals/Cardinal_Order_Relation_Base.thy ~> BNF_Cardinal_Order_Relation.thy - Cardinals/Constructions_on_Wellorders_Base.thy ~> BNF_Constructions_on_Wellorders.thy - Cardinals/Wellorder_Embedding_Base.thy ~> BNF_Wellorder_Embedding.thy - Cardinals/Wellorder_Relation_Base.thy ~> BNF_Wellorder_Relation.thy - BNF/Ctr_Sugar.thy ~> Ctr_Sugar.thy - BNF/Basic_BNFs.thy ~> Basic_BNFs.thy - BNF/BNF_Comp.thy ~> BNF_Comp.thy - BNF/BNF_Def.thy ~> BNF_Def.thy - BNF/BNF_FP_Base.thy ~> BNF_FP_Base.thy - BNF/BNF_GFP.thy ~> BNF_GFP.thy - BNF/BNF_LFP.thy ~> BNF_LFP.thy - BNF/BNF_Util.thy ~> BNF_Util.thy - BNF/Coinduction.thy ~> Coinduction.thy - BNF/More_BNFs.thy ~> Library/More_BNFs.thy - BNF/Countable_Type.thy ~> Library/Countable_Set_Type.thy - BNF/Examples/* ~> BNF_Examples/* - - New theories: - Wellorder_Extension.thy (split from Zorn.thy) - Library/Cardinal_Notations.thy - Library/BNF_Axomatization.thy - BNF_Examples/Misc_Primcorec.thy - BNF_Examples/Stream_Processor.thy - - Discontinued theories: - BNF/BNF.thy - BNF/Equiv_Relations_More.thy - -INCOMPATIBILITY. - -* New (co)datatype package: - - Command 'primcorec' is fully implemented. - - Command 'datatype_new' generates size functions ("size_xxx" and - "size") as required by 'fun'. - - BNFs are integrated with the Lifting tool and new-style - (co)datatypes with Transfer. - - Renamed commands: - datatype_new_compat ~> datatype_compat - primrec_new ~> primrec - wrap_free_constructors ~> free_constructors - INCOMPATIBILITY. - - The generated constants "xxx_case" and "xxx_rec" have been renamed - "case_xxx" and "rec_xxx" (e.g., "prod_case" ~> "case_prod"). - INCOMPATIBILITY. - - The constant "xxx_(un)fold" and related theorems are no longer - generated. Use "xxx_(co)rec" or define "xxx_(un)fold" manually - using "prim(co)rec". - INCOMPATIBILITY. - - No discriminators are generated for nullary constructors by - default, eliminating the need for the odd "=:" syntax. - INCOMPATIBILITY. - - No discriminators or selectors are generated by default by - "datatype_new", unless custom names are specified or the new - "discs_sels" option is passed. - INCOMPATIBILITY. - -* Old datatype package: - - The generated theorems "xxx.cases" and "xxx.recs" have been - renamed "xxx.case" and "xxx.rec" (e.g., "sum.cases" -> - "sum.case"). INCOMPATIBILITY. - - The generated constants "xxx_case", "xxx_rec", and "xxx_size" have - been renamed "case_xxx", "rec_xxx", and "size_xxx" (e.g., - "prod_case" ~> "case_prod"). INCOMPATIBILITY. - -* The types "'a list" and "'a option", their set and map functions, - their relators, and their selectors are now produced using the new - BNF-based datatype package. - - Renamed constants: - Option.set ~> set_option - Option.map ~> map_option - option_rel ~> rel_option - - Renamed theorems: - set_def ~> set_rec[abs_def] - map_def ~> map_rec[abs_def] - Option.map_def ~> map_option_case[abs_def] (with "case_option" instead of "rec_option") - option.recs ~> option.rec - list_all2_def ~> list_all2_iff - set.simps ~> set_simps (or the slightly different "list.set") - map.simps ~> list.map - hd.simps ~> list.sel(1) - tl.simps ~> list.sel(2-3) - the.simps ~> option.sel - -INCOMPATIBILITY. - -* The following map functions and relators have been renamed: - sum_map ~> map_sum - map_pair ~> map_prod - prod_rel ~> rel_prod - sum_rel ~> rel_sum - fun_rel ~> rel_fun - set_rel ~> rel_set - filter_rel ~> rel_filter - fset_rel ~> rel_fset (in "src/HOL/Library/FSet.thy") - cset_rel ~> rel_cset (in "src/HOL/Library/Countable_Set_Type.thy") - vset ~> rel_vset (in "src/HOL/Library/Quotient_Set.thy") - -INCOMPATIBILITY. - -* Lifting and Transfer: - - a type variable as a raw type is supported - - stronger reflexivity prover - - rep_eq is always generated by lift_definition - - setup for Lifting/Transfer is now automated for BNFs - + holds for BNFs that do not contain a dead variable - + relator_eq, relator_mono, relator_distr, relator_domain, - relator_eq_onp, quot_map, transfer rules for bi_unique, bi_total, - right_unique, right_total, left_unique, left_total are proved - automatically - + definition of a predicator is generated automatically - + simplification rules for a predicator definition are proved - automatically for datatypes - - consolidation of the setup of Lifting/Transfer - + property that a relator preservers reflexivity is not needed any - more - Minor INCOMPATIBILITY. - + left_total and left_unique rules are now transfer rules - (reflexivity_rule attribute not needed anymore) - INCOMPATIBILITY. - + Domainp does not have to be a separate assumption in - relator_domain theorems (=> more natural statement) - INCOMPATIBILITY. - - registration of code equations is more robust - Potential INCOMPATIBILITY. - - respectfulness proof obligation is preprocessed to a more readable - form - Potential INCOMPATIBILITY. - - eq_onp is always unfolded in respectfulness proof obligation - Potential INCOMPATIBILITY. - - unregister lifting setup for Code_Numeral.integer and - Code_Numeral.natural - Potential INCOMPATIBILITY. - - Lifting.invariant -> eq_onp - INCOMPATIBILITY. - -* New internal SAT solver "cdclite" that produces models and proof -traces. This solver replaces the internal SAT solvers "enumerate" and -"dpll". Applications that explicitly used one of these two SAT -solvers should use "cdclite" instead. In addition, "cdclite" is now -the default SAT solver for the "sat" and "satx" proof methods and -corresponding tactics; the old default can be restored using "declare -[[sat_solver = zchaff_with_proofs]]". Minor INCOMPATIBILITY. - -* SMT module: A new version of the SMT module, temporarily called -"SMT2", uses SMT-LIB 2 and supports recent versions of Z3 (e.g., -4.3). The new proof method is called "smt2". CVC3 and CVC4 are also -supported as oracles. Yices is no longer supported, because no version -of the solver can handle both SMT-LIB 2 and quantifiers. - -* Activation of Z3 now works via "z3_non_commercial" system option -(without requiring restart), instead of former settings variable -"Z3_NON_COMMERCIAL". The option can be edited in Isabelle/jEdit menu -Plugin Options / Isabelle / General. - -* Sledgehammer: - - Z3 can now produce Isar proofs. - - MaSh overhaul: - . New SML-based learning algorithms eliminate the dependency on - Python and increase performance and reliability. - . MaSh and MeSh are now used by default together with the - traditional MePo (Meng-Paulson) relevance filter. To disable - MaSh, set the "MaSh" system option in Isabelle/jEdit Plugin - Options / Isabelle / General to "none". - - New option: - smt_proofs - - Renamed options: - isar_compress ~> compress - isar_try0 ~> try0 - -INCOMPATIBILITY. - -* Removed solvers remote_cvc3 and remote_z3. Use cvc3 and z3 instead. - -* Nitpick: - - Fixed soundness bug whereby mutually recursive datatypes could - take infinite values. - - Fixed soundness bug with low-level number functions such as - "Abs_Integ" and "Rep_Integ". - - Removed "std" option. - - Renamed "show_datatypes" to "show_types" and "hide_datatypes" to - "hide_types". - -* Metis: Removed legacy proof method 'metisFT'. Use 'metis -(full_types)' instead. INCOMPATIBILITY. - -* Try0: Added 'algebra' and 'meson' to the set of proof methods. - -* Adjustion of INF and SUP operations: - - Elongated constants INFI and SUPR to INFIMUM and SUPREMUM. - - Consolidated theorem names containing INFI and SUPR: have INF and - SUP instead uniformly. - - More aggressive normalization of expressions involving INF and Inf - or SUP and Sup. - - INF_image and SUP_image do not unfold composition. - - Dropped facts INF_comp, SUP_comp. - - Default congruence rules strong_INF_cong and strong_SUP_cong, with - simplifier implication in premises. Generalize and replace former - INT_cong, SUP_cong - -INCOMPATIBILITY. - -* SUP and INF generalized to conditionally_complete_lattice. - -* Swapped orientation of facts image_comp and vimage_comp: - - image_compose ~> image_comp [symmetric] - image_comp ~> image_comp [symmetric] - vimage_compose ~> vimage_comp [symmetric] - vimage_comp ~> vimage_comp [symmetric] - -INCOMPATIBILITY. - -* Theory reorganization: split of Big_Operators.thy into -Groups_Big.thy and Lattices_Big.thy. - -* Consolidated some facts about big group operators: - - setsum_0' ~> setsum.neutral - setsum_0 ~> setsum.neutral_const - setsum_addf ~> setsum.distrib - setsum_cartesian_product ~> setsum.cartesian_product - setsum_cases ~> setsum.If_cases - setsum_commute ~> setsum.commute - setsum_cong ~> setsum.cong - setsum_delta ~> setsum.delta - setsum_delta' ~> setsum.delta' - setsum_diff1' ~> setsum.remove - setsum_empty ~> setsum.empty - setsum_infinite ~> setsum.infinite - setsum_insert ~> setsum.insert - setsum_inter_restrict'' ~> setsum.inter_filter - setsum_mono_zero_cong_left ~> setsum.mono_neutral_cong_left - setsum_mono_zero_cong_right ~> setsum.mono_neutral_cong_right - setsum_mono_zero_left ~> setsum.mono_neutral_left - setsum_mono_zero_right ~> setsum.mono_neutral_right - setsum_reindex ~> setsum.reindex - setsum_reindex_cong ~> setsum.reindex_cong - setsum_reindex_nonzero ~> setsum.reindex_nontrivial - setsum_restrict_set ~> setsum.inter_restrict - setsum_Plus ~> setsum.Plus - setsum_setsum_restrict ~> setsum.commute_restrict - setsum_Sigma ~> setsum.Sigma - setsum_subset_diff ~> setsum.subset_diff - setsum_Un_disjoint ~> setsum.union_disjoint - setsum_UN_disjoint ~> setsum.UNION_disjoint - setsum_Un_Int ~> setsum.union_inter - setsum_Union_disjoint ~> setsum.Union_disjoint - setsum_UNION_zero ~> setsum.Union_comp - setsum_Un_zero ~> setsum.union_inter_neutral - strong_setprod_cong ~> setprod.strong_cong - strong_setsum_cong ~> setsum.strong_cong - setprod_1' ~> setprod.neutral - setprod_1 ~> setprod.neutral_const - setprod_cartesian_product ~> setprod.cartesian_product - setprod_cong ~> setprod.cong - setprod_delta ~> setprod.delta - setprod_delta' ~> setprod.delta' - setprod_empty ~> setprod.empty - setprod_infinite ~> setprod.infinite - setprod_insert ~> setprod.insert - setprod_mono_one_cong_left ~> setprod.mono_neutral_cong_left - setprod_mono_one_cong_right ~> setprod.mono_neutral_cong_right - setprod_mono_one_left ~> setprod.mono_neutral_left - setprod_mono_one_right ~> setprod.mono_neutral_right - setprod_reindex ~> setprod.reindex - setprod_reindex_cong ~> setprod.reindex_cong - setprod_reindex_nonzero ~> setprod.reindex_nontrivial - setprod_Sigma ~> setprod.Sigma - setprod_subset_diff ~> setprod.subset_diff - setprod_timesf ~> setprod.distrib - setprod_Un2 ~> setprod.union_diff2 - setprod_Un_disjoint ~> setprod.union_disjoint - setprod_UN_disjoint ~> setprod.UNION_disjoint - setprod_Un_Int ~> setprod.union_inter - setprod_Union_disjoint ~> setprod.Union_disjoint - setprod_Un_one ~> setprod.union_inter_neutral - - Dropped setsum_cong2 (simple variant of setsum.cong). - Dropped setsum_inter_restrict' (simple variant of setsum.inter_restrict) - Dropped setsum_reindex_id, setprod_reindex_id - (simple variants of setsum.reindex [symmetric], setprod.reindex [symmetric]). - -INCOMPATIBILITY. - -* Abolished slightly odd global lattice interpretation for min/max. - - Fact consolidations: - min_max.inf_assoc ~> min.assoc - min_max.inf_commute ~> min.commute - min_max.inf_left_commute ~> min.left_commute - min_max.inf_idem ~> min.idem - min_max.inf_left_idem ~> min.left_idem - min_max.inf_right_idem ~> min.right_idem - min_max.sup_assoc ~> max.assoc - min_max.sup_commute ~> max.commute - min_max.sup_left_commute ~> max.left_commute - min_max.sup_idem ~> max.idem - min_max.sup_left_idem ~> max.left_idem - min_max.sup_inf_distrib1 ~> max_min_distrib2 - min_max.sup_inf_distrib2 ~> max_min_distrib1 - min_max.inf_sup_distrib1 ~> min_max_distrib2 - min_max.inf_sup_distrib2 ~> min_max_distrib1 - min_max.distrib ~> min_max_distribs - min_max.inf_absorb1 ~> min.absorb1 - min_max.inf_absorb2 ~> min.absorb2 - min_max.sup_absorb1 ~> max.absorb1 - min_max.sup_absorb2 ~> max.absorb2 - min_max.le_iff_inf ~> min.absorb_iff1 - min_max.le_iff_sup ~> max.absorb_iff2 - min_max.inf_le1 ~> min.cobounded1 - min_max.inf_le2 ~> min.cobounded2 - le_maxI1, min_max.sup_ge1 ~> max.cobounded1 - le_maxI2, min_max.sup_ge2 ~> max.cobounded2 - min_max.le_infI1 ~> min.coboundedI1 - min_max.le_infI2 ~> min.coboundedI2 - min_max.le_supI1 ~> max.coboundedI1 - min_max.le_supI2 ~> max.coboundedI2 - min_max.less_infI1 ~> min.strict_coboundedI1 - min_max.less_infI2 ~> min.strict_coboundedI2 - min_max.less_supI1 ~> max.strict_coboundedI1 - min_max.less_supI2 ~> max.strict_coboundedI2 - min_max.inf_mono ~> min.mono - min_max.sup_mono ~> max.mono - min_max.le_infI, min_max.inf_greatest ~> min.boundedI - min_max.le_supI, min_max.sup_least ~> max.boundedI - min_max.le_inf_iff ~> min.bounded_iff - min_max.le_sup_iff ~> max.bounded_iff - -For min_max.inf_sup_aci, prefer (one of) min.commute, min.assoc, -min.left_commute, min.left_idem, max.commute, max.assoc, -max.left_commute, max.left_idem directly. - -For min_max.inf_sup_ord, prefer (one of) min.cobounded1, -min.cobounded2, max.cobounded1m max.cobounded2 directly. - -For min_ac or max_ac, prefer more general collection ac_simps. - -INCOMPATIBILITY. - -* Theorem disambiguation Inf_le_Sup (on finite sets) ~> -Inf_fin_le_Sup_fin. INCOMPATIBILITY. - -* Qualified constant names Wellfounded.acc, Wellfounded.accp. -INCOMPATIBILITY. - -* Fact generalization and consolidation: - neq_one_mod_two, mod_2_not_eq_zero_eq_one_int ~> not_mod_2_eq_0_eq_1 - -INCOMPATIBILITY. - -* Purely algebraic definition of even. Fact generalization and - consolidation: - nat_even_iff_2_dvd, int_even_iff_2_dvd ~> even_iff_2_dvd - even_zero_(nat|int) ~> even_zero - -INCOMPATIBILITY. - -* Abolished neg_numeral. - - Canonical representation for minus one is "- 1". - - Canonical representation for other negative numbers is "- (numeral _)". - - When devising rule sets for number calculation, consider the - following canonical cases: 0, 1, numeral _, - 1, - numeral _. - - HOLogic.dest_number also recognizes numerals in non-canonical forms - like "numeral One", "- numeral One", "- 0" and even "- ... - _". - - Syntax for negative numerals is mere input syntax. - -INCOMPATIBILITY. - -* Reduced name variants for rules on associativity and commutativity: - - add_assoc ~> add.assoc - add_commute ~> add.commute - add_left_commute ~> add.left_commute - mult_assoc ~> mult.assoc - mult_commute ~> mult.commute - mult_left_commute ~> mult.left_commute - nat_add_assoc ~> add.assoc - nat_add_commute ~> add.commute - nat_add_left_commute ~> add.left_commute - nat_mult_assoc ~> mult.assoc - nat_mult_commute ~> mult.commute - eq_assoc ~> iff_assoc - eq_left_commute ~> iff_left_commute - -INCOMPATIBILITY. - -* Fact collections add_ac and mult_ac are considered old-fashioned. -Prefer ac_simps instead, or specify rules -(add|mult).(assoc|commute|left_commute) individually. - -* Elimination of fact duplicates: - equals_zero_I ~> minus_unique - diff_eq_0_iff_eq ~> right_minus_eq - nat_infinite ~> infinite_UNIV_nat - int_infinite ~> infinite_UNIV_int - -INCOMPATIBILITY. - -* Fact name consolidation: - diff_def, diff_minus, ab_diff_minus ~> diff_conv_add_uminus - minus_le_self_iff ~> neg_less_eq_nonneg - le_minus_self_iff ~> less_eq_neg_nonpos - neg_less_nonneg ~> neg_less_pos - less_minus_self_iff ~> less_neg_neg [simp] - -INCOMPATIBILITY. - -* More simplification rules on unary and binary minus: -add_diff_cancel, add_diff_cancel_left, add_le_same_cancel1, -add_le_same_cancel2, add_less_same_cancel1, add_less_same_cancel2, -add_minus_cancel, diff_add_cancel, le_add_same_cancel1, -le_add_same_cancel2, less_add_same_cancel1, less_add_same_cancel2, -minus_add_cancel, uminus_add_conv_diff. These correspondingly have -been taken away from fact collections algebra_simps and field_simps. -INCOMPATIBILITY. - -To restore proofs, the following patterns are helpful: - -a) Arbitrary failing proof not involving "diff_def": -Consider simplification with algebra_simps or field_simps. - -b) Lifting rules from addition to subtraction: -Try with "using of [... "- _" ...]" by simp". - -c) Simplification with "diff_def": just drop "diff_def". -Consider simplification with algebra_simps or field_simps; -or the brute way with -"simp add: diff_conv_add_uminus del: add_uminus_conv_diff". - -* Introduce bdd_above and bdd_below in theory -Conditionally_Complete_Lattices, use them instead of explicitly -stating boundedness of sets. - -* ccpo.admissible quantifies only over non-empty chains to allow more -syntax-directed proof rules; the case of the empty chain shows up as -additional case in fixpoint induction proofs. INCOMPATIBILITY. - -* Removed and renamed theorems in Series: - summable_le ~> suminf_le - suminf_le ~> suminf_le_const - series_pos_le ~> setsum_le_suminf - series_pos_less ~> setsum_less_suminf - suminf_ge_zero ~> suminf_nonneg - suminf_gt_zero ~> suminf_pos - suminf_gt_zero_iff ~> suminf_pos_iff - summable_sumr_LIMSEQ_suminf ~> summable_LIMSEQ - suminf_0_le ~> suminf_nonneg [rotate] - pos_summable ~> summableI_nonneg_bounded - ratio_test ~> summable_ratio_test - - removed series_zero, replaced by sums_finite - - removed auxiliary lemmas: - - sumr_offset, sumr_offset2, sumr_offset3, sumr_offset4, sumr_group, - half, le_Suc_ex_iff, lemma_realpow_diff_sumr, - real_setsum_nat_ivl_bounded, summable_le2, ratio_test_lemma2, - sumr_minus_one_realpow_zerom, sumr_one_lb_realpow_zero, - summable_convergent_sumr_iff, sumr_diff_mult_const - -INCOMPATIBILITY. - -* Replace (F)DERIV syntax by has_derivative: - - "(f has_derivative f') (at x within s)" replaces "FDERIV f x : s : f'" - - - "(f has_field_derivative f') (at x within s)" replaces "DERIV f x : s : f'" - - - "f differentiable at x within s" replaces "_ differentiable _ in _" syntax - - - removed constant isDiff - - - "DERIV f x : f'" and "FDERIV f x : f'" syntax is only available as - input syntax. - - - "DERIV f x : s : f'" and "FDERIV f x : s : f'" syntax removed. - - - Renamed FDERIV_... lemmas to has_derivative_... - - - renamed deriv (the syntax constant used for "DERIV _ _ :> _") to DERIV - - - removed DERIV_intros, has_derivative_eq_intros - - - introduced derivative_intros and deriative_eq_intros which - includes now rules for DERIV, has_derivative and - has_vector_derivative. - - - Other renamings: - differentiable_def ~> real_differentiable_def - differentiableE ~> real_differentiableE - fderiv_def ~> has_derivative_at - field_fderiv_def ~> field_has_derivative_at - isDiff_der ~> differentiable_def - deriv_fderiv ~> has_field_derivative_def - deriv_def ~> DERIV_def - -INCOMPATIBILITY. - -* Include more theorems in continuous_intros. Remove the -continuous_on_intros, isCont_intros collections, these facts are now -in continuous_intros. - -* Theorems about complex numbers are now stated only using Re and Im, -the Complex constructor is not used anymore. It is possible to use -primcorec to defined the behaviour of a complex-valued function. - -Removed theorems about the Complex constructor from the simpset, they -are available as the lemma collection legacy_Complex_simps. This -especially removes - - i_complex_of_real: "ii * complex_of_real r = Complex 0 r". - -Instead the reverse direction is supported with - Complex_eq: "Complex a b = a + \ * b" - -Moved csqrt from Fundamental_Algebra_Theorem to Complex. - - Renamings: - Re/Im ~> complex.sel - complex_Re/Im_zero ~> zero_complex.sel - complex_Re/Im_add ~> plus_complex.sel - complex_Re/Im_minus ~> uminus_complex.sel - complex_Re/Im_diff ~> minus_complex.sel - complex_Re/Im_one ~> one_complex.sel - complex_Re/Im_mult ~> times_complex.sel - complex_Re/Im_inverse ~> inverse_complex.sel - complex_Re/Im_scaleR ~> scaleR_complex.sel - complex_Re/Im_i ~> ii.sel - complex_Re/Im_cnj ~> cnj.sel - Re/Im_cis ~> cis.sel - - complex_divide_def ~> divide_complex_def - complex_norm_def ~> norm_complex_def - cmod_def ~> norm_complex_de - - Removed theorems: - complex_zero_def - complex_add_def - complex_minus_def - complex_diff_def - complex_one_def - complex_mult_def - complex_inverse_def - complex_scaleR_def - -INCOMPATIBILITY. - -* Theory Lubs moved HOL image to HOL-Library. It is replaced by -Conditionally_Complete_Lattices. INCOMPATIBILITY. - -* HOL-Library: new theory src/HOL/Library/Tree.thy. - -* HOL-Library: removed theory src/HOL/Library/Kleene_Algebra.thy; it -is subsumed by session Kleene_Algebra in AFP. - -* HOL-Library / theory RBT: various constants and facts are hidden; -lifting setup is unregistered. INCOMPATIBILITY. - -* HOL-Cardinals: new theory src/HOL/Cardinals/Ordinal_Arithmetic.thy. - -* HOL-Word: bit representations prefer type bool over type bit. -INCOMPATIBILITY. - -* HOL-Word: - - Abandoned fact collection "word_arith_alts", which is a duplicate - of "word_arith_wis". - - Dropped first (duplicated) element in fact collections - "sint_word_ariths", "word_arith_alts", "uint_word_ariths", - "uint_word_arith_bintrs". - -* HOL-Number_Theory: - - consolidated the proofs of the binomial theorem - - the function fib is again of type nat => nat and not overloaded - - no more references to Old_Number_Theory in the HOL libraries - (except the AFP) - -INCOMPATIBILITY. - -* HOL-Multivariate_Analysis: - - Type class ordered_real_vector for ordered vector spaces. - - New theory Complex_Basic_Analysis defining complex derivatives, - holomorphic functions, etc., ported from HOL Light's canal.ml. - - Changed order of ordered_euclidean_space to be compatible with - pointwise ordering on products. Therefore instance of - conditionally_complete_lattice and ordered_real_vector. - INCOMPATIBILITY: use box instead of greaterThanLessThan or - explicit set-comprehensions with eucl_less for other (half-)open - intervals. - - removed dependencies on type class ordered_euclidean_space with - introduction of "cbox" on euclidean_space - - renamed theorems: - interval ~> box - mem_interval ~> mem_box - interval_eq_empty ~> box_eq_empty - interval_ne_empty ~> box_ne_empty - interval_sing(1) ~> cbox_sing - interval_sing(2) ~> box_sing - subset_interval_imp ~> subset_box_imp - subset_interval ~> subset_box - open_interval ~> open_box - closed_interval ~> closed_cbox - interior_closed_interval ~> interior_cbox - bounded_closed_interval ~> bounded_cbox - compact_interval ~> compact_cbox - bounded_subset_closed_interval_symmetric ~> bounded_subset_cbox_symmetric - bounded_subset_closed_interval ~> bounded_subset_cbox - mem_interval_componentwiseI ~> mem_box_componentwiseI - convex_box ~> convex_prod - rel_interior_real_interval ~> rel_interior_real_box - convex_interval ~> convex_box - convex_hull_eq_real_interval ~> convex_hull_eq_real_cbox - frechet_derivative_within_closed_interval ~> frechet_derivative_within_cbox - content_closed_interval' ~> content_cbox' - elementary_subset_interval ~> elementary_subset_box - diameter_closed_interval ~> diameter_cbox - frontier_closed_interval ~> frontier_cbox - frontier_open_interval ~> frontier_box - bounded_subset_open_interval_symmetric ~> bounded_subset_box_symmetric - closure_open_interval ~> closure_box - open_closed_interval_convex ~> open_cbox_convex - open_interval_midpoint ~> box_midpoint - content_image_affinity_interval ~> content_image_affinity_cbox - is_interval_interval ~> is_interval_cbox + is_interval_box + is_interval_closed_interval - bounded_interval ~> bounded_closed_interval + bounded_boxes - - - respective theorems for intervals over the reals: - content_closed_interval + content_cbox - has_integral + has_integral_real - fine_division_exists + fine_division_exists_real - has_integral_null + has_integral_null_real - tagged_division_union_interval + tagged_division_union_interval_real - has_integral_const + has_integral_const_real - integral_const + integral_const_real - has_integral_bound + has_integral_bound_real - integrable_continuous + integrable_continuous_real - integrable_subinterval + integrable_subinterval_real - has_integral_reflect_lemma + has_integral_reflect_lemma_real - integrable_reflect + integrable_reflect_real - integral_reflect + integral_reflect_real - image_affinity_interval + image_affinity_cbox - image_smult_interval + image_smult_cbox - integrable_const + integrable_const_ivl - integrable_on_subinterval + integrable_on_subcbox - - - renamed theorems: - derivative_linear ~> has_derivative_bounded_linear - derivative_is_linear ~> has_derivative_linear - bounded_linear_imp_linear ~> bounded_linear.linear - -* HOL-Probability: - - Renamed positive_integral to nn_integral: - - . Renamed all lemmas "*positive_integral*" to *nn_integral*" - positive_integral_positive ~> nn_integral_nonneg - - . Renamed abbreviation integral\<^sup>P to integral\<^sup>N. - - - replaced the Lebesgue integral on real numbers by the more general - Bochner integral for functions into a real-normed vector space. - - integral_zero ~> integral_zero / integrable_zero - integral_minus ~> integral_minus / integrable_minus - integral_add ~> integral_add / integrable_add - integral_diff ~> integral_diff / integrable_diff - integral_setsum ~> integral_setsum / integrable_setsum - integral_multc ~> integral_mult_left / integrable_mult_left - integral_cmult ~> integral_mult_right / integrable_mult_right - integral_triangle_inequality~> integral_norm_bound - integrable_nonneg ~> integrableI_nonneg - integral_positive ~> integral_nonneg_AE - integrable_abs_iff ~> integrable_abs_cancel - positive_integral_lim_INF ~> nn_integral_liminf - lebesgue_real_affine ~> lborel_real_affine - borel_integral_has_integral ~> has_integral_lebesgue_integral - integral_indicator ~> - integral_real_indicator / integrable_real_indicator - positive_integral_fst ~> nn_integral_fst' - positive_integral_fst_measurable ~> nn_integral_fst - positive_integral_snd_measurable ~> nn_integral_snd - - integrable_fst_measurable ~> - integral_fst / integrable_fst / AE_integrable_fst - - integrable_snd_measurable ~> - integral_snd / integrable_snd / AE_integrable_snd - - integral_monotone_convergence ~> - integral_monotone_convergence / integrable_monotone_convergence - - integral_monotone_convergence_at_top ~> - integral_monotone_convergence_at_top / - integrable_monotone_convergence_at_top - - has_integral_iff_positive_integral_lebesgue ~> - has_integral_iff_has_bochner_integral_lebesgue_nonneg - - lebesgue_integral_has_integral ~> - has_integral_integrable_lebesgue_nonneg - - positive_integral_lebesgue_has_integral ~> - integral_has_integral_lebesgue_nonneg / - integrable_has_integral_lebesgue_nonneg - - lebesgue_integral_real_affine ~> - nn_integral_real_affine - - has_integral_iff_positive_integral_lborel ~> - integral_has_integral_nonneg / integrable_has_integral_nonneg - - The following theorems where removed: - - lebesgue_integral_nonneg - lebesgue_integral_uminus - lebesgue_integral_cmult - lebesgue_integral_multc - lebesgue_integral_cmult_nonneg - integral_cmul_indicator - integral_real - - - Formalized properties about exponentially, Erlang, and normal - distributed random variables. - -* HOL-Decision_Procs: Separate command 'approximate' for approximative -computation in src/HOL/Decision_Procs/Approximation. Minor -INCOMPATIBILITY. - - -*** Scala *** - -* The signature and semantics of Document.Snapshot.cumulate_markup / -select_markup have been clarified. Markup is now traversed in the -order of reports given by the prover: later markup is usually more -specific and may override results accumulated so far. The elements -guard is mandatory and checked precisely. Subtle INCOMPATIBILITY. - -* Substantial reworking of internal PIDE protocol communication -channels. INCOMPATIBILITY. - - -*** ML *** - -* Subtle change of semantics of Thm.eq_thm: theory stamps are not -compared (according to Thm.thm_ord), but assumed to be covered by the -current background theory. Thus equivalent data produced in different -branches of the theory graph usually coincides (e.g. relevant for -theory merge). Note that the softer Thm.eq_thm_prop is often more -appropriate than Thm.eq_thm. - -* Proper context for basic Simplifier operations: rewrite_rule, -rewrite_goals_rule, rewrite_goals_tac etc. INCOMPATIBILITY, need to -pass runtime Proof.context (and ensure that the simplified entity -actually belongs to it). - -* Proper context discipline for read_instantiate and instantiate_tac: -variables that are meant to become schematic need to be given as -fixed, and are generalized by the explicit context of local variables. -This corresponds to Isar attributes "where" and "of" with 'for' -declaration. INCOMPATIBILITY, also due to potential change of indices -of schematic variables. - -* Moved ML_Compiler.exn_trace and other operations on exceptions to -structure Runtime. Minor INCOMPATIBILITY. - -* Discontinued old Toplevel.debug in favour of system option -"ML_exception_trace", which may be also declared within the context -via "declare [[ML_exception_trace = true]]". Minor INCOMPATIBILITY. - -* Renamed configuration option "ML_trace" to "ML_source_trace". Minor -INCOMPATIBILITY. - -* Configuration option "ML_print_depth" controls the pretty-printing -depth of the ML compiler within the context. The old print_depth in -ML is still available as default_print_depth, but rarely used. Minor -INCOMPATIBILITY. - -* Toplevel function "use" refers to raw ML bootstrap environment, -without Isar context nor antiquotations. Potential INCOMPATIBILITY. -Note that 'ML_file' is the canonical command to load ML files into the -formal context. - -* Simplified programming interface to define ML antiquotations, see -structure ML_Antiquotation. Minor INCOMPATIBILITY. - -* ML antiquotation @{here} refers to its source position, which is -occasionally useful for experimentation and diagnostic purposes. - -* ML antiquotation @{path} produces a Path.T value, similarly to -Path.explode, but with compile-time check against the file-system and -some PIDE markup. Note that unlike theory source, ML does not have a -well-defined master directory, so an absolute symbolic path -specification is usually required, e.g. "~~/src/HOL". - -* ML antiquotation @{print} inlines a function to print an arbitrary -ML value, which is occasionally useful for diagnostic or demonstration -purposes. - - -*** System *** - -* Proof General with its traditional helper scripts is now an optional -Isabelle component, e.g. see ProofGeneral-4.2-2 from the Isabelle -component repository http://isabelle.in.tum.de/components/. Note that -the "system" manual provides general explanations about add-on -components, especially those that are not bundled with the release. - -* The raw Isabelle process executable has been renamed from -"isabelle-process" to "isabelle_process", which conforms to common -shell naming conventions, and allows to define a shell function within -the Isabelle environment to avoid dynamic path lookup. Rare -incompatibility for old tools that do not use the ISABELLE_PROCESS -settings variable. - -* Former "isabelle tty" has been superseded by "isabelle console", -with implicit build like "isabelle jedit", and without the mostly -obsolete Isar TTY loop. - -* Simplified "isabelle display" tool. Settings variables DVI_VIEWER -and PDF_VIEWER now refer to the actual programs, not shell -command-lines. Discontinued option -c: invocation may be asynchronous -via desktop environment, without any special precautions. Potential -INCOMPATIBILITY with ambitious private settings. - -* Removed obsolete "isabelle unsymbolize". Note that the usual format -for email communication is the Unicode rendering of Isabelle symbols, -as produced by Isabelle/jEdit, for example. - -* Removed obsolete tool "wwwfind". Similar functionality may be -integrated into Isabelle/jEdit eventually. - -* Improved 'display_drafts' concerning desktop integration and -repeated invocation in PIDE front-end: re-use single file -$ISABELLE_HOME_USER/tmp/drafts.pdf and corresponding views. - -* Session ROOT specifications require explicit 'document_files' for -robust dependencies on LaTeX sources. Only these explicitly given -files are copied to the document output directory, before document -processing is started. - -* Windows: support for regular TeX installation (e.g. MiKTeX) instead -of TeX Live from Cygwin. - - - -New in Isabelle2013-2 (December 2013) -------------------------------------- - -*** Prover IDE -- Isabelle/Scala/jEdit *** - -* More robust editing of running commands with internal forks, -e.g. non-terminating 'by' steps. - -* More relaxed Sledgehammer panel: avoid repeated application of query -after edits surrounding the command location. - -* More status information about commands that are interrupted -accidentally (via physical event or Poly/ML runtime system signal, -e.g. out-of-memory). - - -*** System *** - -* More robust termination of external processes managed by -Isabelle/ML: support cancellation of tasks within the range of -milliseconds, as required for PIDE document editing with automatically -tried tools (e.g. Sledgehammer). - -* Reactivated Isabelle/Scala kill command for external processes on -Mac OS X, which was accidentally broken in Isabelle2013-1 due to a -workaround for some Debian/Ubuntu Linux versions from 2013. - - - -New in Isabelle2013-1 (November 2013) -------------------------------------- - -*** General *** - -* Discontinued obsolete 'uses' within theory header. Note that -commands like 'ML_file' work without separate declaration of file -dependencies. Minor INCOMPATIBILITY. - -* Discontinued redundant 'use' command, which was superseded by -'ML_file' in Isabelle2013. Minor INCOMPATIBILITY. - -* Simplified subscripts within identifiers, using plain \<^sub> -instead of the second copy \<^isub> and \<^isup>. Superscripts are -only for literal tokens within notation; explicit mixfix annotations -for consts or fixed variables may be used as fall-back for unusual -names. Obsolete \ has been expanded to \<^sup>2 in -Isabelle/HOL. INCOMPATIBILITY, use "isabelle update_sub_sup" to -standardize symbols as a starting point for further manual cleanup. -The ML reference variable "legacy_isub_isup" may be set as temporary -workaround, to make the prover accept a subset of the old identifier -syntax. - -* Document antiquotations: term style "isub" has been renamed to -"sub". Minor INCOMPATIBILITY. - -* Uniform management of "quick_and_dirty" as system option (see also -"isabelle options"), configuration option within the context (see also -Config.get in Isabelle/ML), and attribute in Isabelle/Isar. Minor -INCOMPATIBILITY, need to use more official Isabelle means to access -quick_and_dirty, instead of historical poking into mutable reference. - -* Renamed command 'print_configs' to 'print_options'. Minor -INCOMPATIBILITY. - -* Proper diagnostic command 'print_state'. Old 'pr' (with its -implicit change of some global references) is retained for now as -control command, e.g. for ProofGeneral 3.7.x. - -* Discontinued 'print_drafts' command with its old-fashioned PS output -and Unix command-line print spooling. Minor INCOMPATIBILITY: use -'display_drafts' instead and print via the regular document viewer. - -* Updated and extended "isar-ref" and "implementation" manual, -eliminated old "ref" manual. - - -*** Prover IDE -- Isabelle/Scala/jEdit *** - -* New manual "jedit" for Isabelle/jEdit, see isabelle doc or -Documentation panel. - -* Dockable window "Documentation" provides access to Isabelle -documentation. - -* Dockable window "Find" provides query operations for formal entities -(GUI front-end to 'find_theorems' command). - -* Dockable window "Sledgehammer" manages asynchronous / parallel -sledgehammer runs over existing document sources, independently of -normal editing and checking process. - -* Dockable window "Timing" provides an overview of relevant command -timing information, depending on option jedit_timing_threshold. The -same timing information is shown in the extended tooltip of the -command keyword, when hovering the mouse over it while the CONTROL or -COMMAND modifier is pressed. - -* Improved dockable window "Theories": Continuous checking of proof -document (visible and required parts) may be controlled explicitly, -using check box or shortcut "C+e ENTER". Individual theory nodes may -be marked explicitly as required and checked in full, using check box -or shortcut "C+e SPACE". - -* Improved completion mechanism, which is now managed by the -Isabelle/jEdit plugin instead of SideKick. Refined table of Isabelle -symbol abbreviations (see $ISABELLE_HOME/etc/symbols). - -* Standard jEdit keyboard shortcut C+b complete-word is remapped to -isabelle.complete for explicit completion in Isabelle sources. -INCOMPATIBILITY wrt. jEdit defaults, may have to invent new shortcuts -to resolve conflict. - -* Improved support of various "minor modes" for Isabelle NEWS, -options, session ROOT etc., with completion and SideKick tree view. - -* Strictly monotonic document update, without premature cancellation of -running transactions that are still needed: avoid reset/restart of -such command executions while editing. - -* Support for asynchronous print functions, as overlay to existing -document content. - -* Support for automatic tools in HOL, which try to prove or disprove -toplevel theorem statements. - -* Action isabelle.reset-font-size resets main text area font size -according to Isabelle/Scala plugin option "jedit_font_reset_size" (see -also "Plugin Options / Isabelle / General"). It can be bound to some -keyboard shortcut by the user (e.g. C+0 and/or C+NUMPAD0). - -* File specifications in jEdit (e.g. file browser) may refer to -$ISABELLE_HOME and $ISABELLE_HOME_USER on all platforms. Discontinued -obsolete $ISABELLE_HOME_WINDOWS variable. - -* Improved support for Linux look-and-feel "GTK+", see also "Utilities -/ Global Options / Appearance". - -* Improved support of native Mac OS X functionality via "MacOSX" -plugin, which is now enabled by default. - - -*** Pure *** - -* Commands 'interpretation' and 'sublocale' are now target-sensitive. -In particular, 'interpretation' allows for non-persistent -interpretation within "context ... begin ... end" blocks offering a -light-weight alternative to 'sublocale'. See "isar-ref" manual for -details. - -* Improved locales diagnostic command 'print_dependencies'. - -* Discontinued obsolete 'axioms' command, which has been marked as -legacy since Isabelle2009-2. INCOMPATIBILITY, use 'axiomatization' -instead, while observing its uniform scope for polymorphism. - -* Discontinued empty name bindings in 'axiomatization'. -INCOMPATIBILITY. - -* System option "proofs" has been discontinued. Instead the global -state of Proofterm.proofs is persistently compiled into logic images -as required, notably HOL-Proofs. Users no longer need to change -Proofterm.proofs dynamically. Minor INCOMPATIBILITY. - -* Syntax translation functions (print_translation etc.) always depend -on Proof.context. Discontinued former "(advanced)" option -- this is -now the default. Minor INCOMPATIBILITY. - -* Former global reference trace_unify_fail is now available as -configuration option "unify_trace_failure" (global context only). - -* SELECT_GOAL now retains the syntactic context of the overall goal -state (schematic variables etc.). Potential INCOMPATIBILITY in rare -situations. - - -*** HOL *** - -* Stronger precedence of syntax for big intersection and union on -sets, in accordance with corresponding lattice operations. -INCOMPATIBILITY. - -* Notation "{p:A. P}" now allows tuple patterns as well. - -* Nested case expressions are now translated in a separate check phase -rather than during parsing. The data for case combinators is separated -from the datatype package. The declaration attribute -"case_translation" can be used to register new case combinators: - - declare [[case_translation case_combinator constructor1 ... constructorN]] - -* Code generator: - - 'code_printing' unifies 'code_const' / 'code_type' / 'code_class' / - 'code_instance'. - - 'code_identifier' declares name hints for arbitrary identifiers in - generated code, subsuming 'code_modulename'. - -See the isar-ref manual for syntax diagrams, and the HOL theories for -examples. - -* Attibute 'code': 'code' now declares concrete and abstract code -equations uniformly. Use explicit 'code equation' and 'code abstract' -to distinguish both when desired. - -* Discontinued theories Code_Integer and Efficient_Nat by a more -fine-grain stack of theories Code_Target_Int, Code_Binary_Nat, -Code_Target_Nat and Code_Target_Numeral. See the tutorial on code -generation for details. INCOMPATIBILITY. - -* Numeric types are mapped by default to target language numerals: -natural (replaces former code_numeral) and integer (replaces former -code_int). Conversions are available as integer_of_natural / -natural_of_integer / integer_of_nat / nat_of_integer (in HOL) and -Code_Numeral.integer_of_natural / Code_Numeral.natural_of_integer (in -ML). INCOMPATIBILITY. - -* Function package: For mutually recursive functions f and g, separate -cases rules f.cases and g.cases are generated instead of unusable -f_g.cases which exposed internal sum types. Potential INCOMPATIBILITY, -in the case that the unusable rule was used nevertheless. - -* Function package: For each function f, new rules f.elims are -generated, which eliminate equalities of the form "f x = t". - -* New command 'fun_cases' derives ad-hoc elimination rules for -function equations as simplified instances of f.elims, analogous to -inductive_cases. See ~~/src/HOL/ex/Fundefs.thy for some examples. - -* Lifting: - - parametrized correspondence relations are now supported: - + parametricity theorems for the raw term can be specified in - the command lift_definition, which allow us to generate stronger - transfer rules - + setup_lifting generates stronger transfer rules if parametric - correspondence relation can be generated - + various new properties of the relator must be specified to support - parametricity - + parametricity theorem for the Quotient relation can be specified - - setup_lifting generates domain rules for the Transfer package - - stronger reflexivity prover of respectfulness theorems for type - copies - - ===> and --> are now local. The symbols can be introduced - by interpreting the locale lifting_syntax (typically in an - anonymous context) - - Lifting/Transfer relevant parts of Library/Quotient_* are now in - Main. Potential INCOMPATIBILITY - - new commands for restoring and deleting Lifting/Transfer context: - lifting_forget, lifting_update - - the command print_quotmaps was renamed to print_quot_maps. - INCOMPATIBILITY - -* Transfer: - - better support for domains in Transfer: replace Domainp T - by the actual invariant in a transferred goal - - transfer rules can have as assumptions other transfer rules - - Experimental support for transferring from the raw level to the - abstract level: Transfer.transferred attribute - - Attribute version of the transfer method: untransferred attribute - -* Reification and reflection: - - Reification is now directly available in HOL-Main in structure - "Reification". - - Reflection now handles multiple lists with variables also. - - The whole reflection stack has been decomposed into conversions. -INCOMPATIBILITY. - -* Revised devices for recursive definitions over finite sets: - - Only one fundamental fold combinator on finite set remains: - Finite_Set.fold :: ('a => 'b => 'b) => 'b => 'a set => 'b - This is now identity on infinite sets. - - Locales ("mini packages") for fundamental definitions with - Finite_Set.fold: folding, folding_idem. - - Locales comm_monoid_set, semilattice_order_set and - semilattice_neutr_order_set for big operators on sets. - See theory Big_Operators for canonical examples. - Note that foundational constants comm_monoid_set.F and - semilattice_set.F correspond to former combinators fold_image - and fold1 respectively. These are now gone. You may use - those foundational constants as substitutes, but it is - preferable to interpret the above locales accordingly. - - Dropped class ab_semigroup_idem_mult (special case of lattice, - no longer needed in connection with Finite_Set.fold etc.) - - Fact renames: - card.union_inter ~> card_Un_Int [symmetric] - card.union_disjoint ~> card_Un_disjoint -INCOMPATIBILITY. - -* Locale hierarchy for abstract orderings and (semi)lattices. - -* Complete_Partial_Order.admissible is defined outside the type class -ccpo, but with mandatory prefix ccpo. Admissibility theorems lose the -class predicate assumption or sort constraint when possible. -INCOMPATIBILITY. - -* Introduce type class "conditionally_complete_lattice": Like a -complete lattice but does not assume the existence of the top and -bottom elements. Allows to generalize some lemmas about reals and -extended reals. Removed SupInf and replaced it by the instantiation -of conditionally_complete_lattice for real. Renamed lemmas about -conditionally-complete lattice from Sup_... to cSup_... and from -Inf_... to cInf_... to avoid hidding of similar complete lattice -lemmas. - -* Introduce type class linear_continuum as combination of -conditionally-complete lattices and inner dense linorders which have -more than one element. INCOMPATIBILITY. - -* Introduced type classes order_top and order_bot. The old classes top -and bot only contain the syntax without assumptions. INCOMPATIBILITY: -Rename bot -> order_bot, top -> order_top - -* Introduce type classes "no_top" and "no_bot" for orderings without -top and bottom elements. - -* Split dense_linorder into inner_dense_order and no_top, no_bot. - -* Complex_Main: Unify and move various concepts from -HOL-Multivariate_Analysis to HOL-Complex_Main. - - - Introduce type class (lin)order_topology and - linear_continuum_topology. Allows to generalize theorems about - limits and order. Instances are reals and extended reals. - - - continuous and continuos_on from Multivariate_Analysis: - "continuous" is the continuity of a function at a filter. "isCont" - is now an abbrevitation: "isCont x f == continuous (at _) f". - - Generalized continuity lemmas from isCont to continuous on an - arbitrary filter. - - - compact from Multivariate_Analysis. Use Bolzano's lemma to prove - compactness of closed intervals on reals. Continuous functions - attain infimum and supremum on compact sets. The inverse of a - continuous function is continuous, when the function is continuous - on a compact set. - - - connected from Multivariate_Analysis. Use it to prove the - intermediate value theorem. Show connectedness of intervals on - linear_continuum_topology). - - - first_countable_topology from Multivariate_Analysis. Is used to - show equivalence of properties on the neighbourhood filter of x and - on all sequences converging to x. - - - FDERIV: Definition of has_derivative moved to Deriv.thy. Moved - theorems from Library/FDERIV.thy to Deriv.thy and base the - definition of DERIV on FDERIV. Add variants of DERIV and FDERIV - which are restricted to sets, i.e. to represent derivatives from - left or right. - - - Removed the within-filter. It is replaced by the principal filter: - - F within X = inf F (principal X) - - - Introduce "at x within U" as a single constant, "at x" is now an - abbreviation for "at x within UNIV" - - - Introduce named theorem collections tendsto_intros, - continuous_intros, continuous_on_intros and FDERIV_intros. Theorems - in tendsto_intros (or FDERIV_intros) are also available as - tendsto_eq_intros (or FDERIV_eq_intros) where the right-hand side - is replaced by a congruence rule. This allows to apply them as - intro rules and then proving equivalence by the simplifier. - - - Restructured theories in HOL-Complex_Main: - - + Moved RealDef and RComplete into Real - - + Introduced Topological_Spaces and moved theorems about - topological spaces, filters, limits and continuity to it - - + Renamed RealVector to Real_Vector_Spaces - - + Split Lim, SEQ, Series into Topological_Spaces, - Real_Vector_Spaces, and Limits - - + Moved Ln and Log to Transcendental - - + Moved theorems about continuity from Deriv to Topological_Spaces - - - Remove various auxiliary lemmas. - -INCOMPATIBILITY. - -* Nitpick: - - Added option "spy". - - Reduce incidence of "too high arity" errors. - -* Sledgehammer: - - Renamed option: - isar_shrink ~> isar_compress - INCOMPATIBILITY. - - Added options "isar_try0", "spy". - - Better support for "isar_proofs". - - MaSh has been fined-tuned and now runs as a local server. - -* Improved support for ad hoc overloading of constants (see also -isar-ref manual and ~~/src/HOL/ex/Adhoc_Overloading_Examples.thy). - -* Library/Polynomial.thy: - - Use lifting for primitive definitions. - - Explicit conversions from and to lists of coefficients, used for - generated code. - - Replaced recursion operator poly_rec by fold_coeffs. - - Prefer pre-existing gcd operation for gcd. - - Fact renames: - poly_eq_iff ~> poly_eq_poly_eq_iff - poly_ext ~> poly_eqI - expand_poly_eq ~> poly_eq_iff -IMCOMPATIBILITY. - -* New Library/Simps_Case_Conv.thy: Provides commands simps_of_case and -case_of_simps to convert function definitions between a list of -equations with patterns on the lhs and a single equation with case -expressions on the rhs. See also Ex/Simps_Case_Conv_Examples.thy. - -* New Library/FSet.thy: type of finite sets defined as a subtype of -sets defined by Lifting/Transfer. - -* Discontinued theory src/HOL/Library/Eval_Witness. INCOMPATIBILITY. - -* Consolidation of library theories on product orders: - - Product_Lattice ~> Product_Order -- pointwise order on products - Product_ord ~> Product_Lexorder -- lexicographic order on products - -INCOMPATIBILITY. - -* Imperative-HOL: The MREC combinator is considered legacy and no -longer included by default. INCOMPATIBILITY, use partial_function -instead, or import theory Legacy_Mrec as a fallback. - -* HOL-Algebra: Discontinued theories ~~/src/HOL/Algebra/abstract and -~~/src/HOL/Algebra/poly. Existing theories should be based on -~~/src/HOL/Library/Polynomial instead. The latter provides -integration with HOL's type classes for rings. INCOMPATIBILITY. - -* HOL-BNF: - - Various improvements to BNF-based (co)datatype package, including - new commands "primrec_new", "primcorec", and - "datatype_new_compat", as well as documentation. See - "datatypes.pdf" for details. - - New "coinduction" method to avoid some boilerplate (compared to - coinduct). - - Renamed keywords: - data ~> datatype_new - codata ~> codatatype - bnf_def ~> bnf - - Renamed many generated theorems, including - discs ~> disc - map_comp' ~> map_comp - map_id' ~> map_id - sels ~> sel - set_map' ~> set_map - sets ~> set -IMCOMPATIBILITY. - - -*** ML *** - -* Spec_Check is a Quickcheck tool for Isabelle/ML. The ML function -"check_property" allows to check specifications of the form "ALL x y -z. prop x y z". See also ~~/src/Tools/Spec_Check/ with its -Examples.thy in particular. - -* Improved printing of exception trace in Poly/ML 5.5.1, with regular -tracing output in the command transaction context instead of physical -stdout. See also Toplevel.debug, Toplevel.debugging and -ML_Compiler.exn_trace. - -* ML type "theory" is now immutable, without any special treatment of -drafts or linear updates (which could lead to "stale theory" errors in -the past). Discontinued obsolete operations like Theory.copy, -Theory.checkpoint, and the auxiliary type theory_ref. Minor -INCOMPATIBILITY. - -* More uniform naming of goal functions for skipped proofs: - - Skip_Proof.prove ~> Goal.prove_sorry - Skip_Proof.prove_global ~> Goal.prove_sorry_global - -Minor INCOMPATIBILITY. - -* Simplifier tactics and tools use proper Proof.context instead of -historic type simpset. Old-style declarations like addsimps, -addsimprocs etc. operate directly on Proof.context. Raw type simpset -retains its use as snapshot of the main Simplifier context, using -simpset_of and put_simpset on Proof.context. INCOMPATIBILITY -- port -old tools by making them depend on (ctxt : Proof.context) instead of -(ss : simpset), then turn (simpset_of ctxt) into ctxt. - -* Modifiers for classical wrappers (e.g. addWrapper, delWrapper) -operate on Proof.context instead of claset, for uniformity with addIs, -addEs, addDs etc. Note that claset_of and put_claset allow to manage -clasets separately from the context. - -* Discontinued obsolete ML antiquotations @{claset} and @{simpset}. -INCOMPATIBILITY, use @{context} instead. - -* Antiquotation @{theory_context A} is similar to @{theory A}, but -presents the result as initial Proof.context. - - -*** System *** - -* Discontinued obsolete isabelle usedir, mkdir, make -- superseded by -"isabelle build" in Isabelle2013. INCOMPATIBILITY. - -* Discontinued obsolete isabelle-process options -f and -u (former -administrative aliases of option -e). Minor INCOMPATIBILITY. - -* Discontinued obsolete isabelle print tool, and PRINT_COMMAND -settings variable. - -* Discontinued ISABELLE_DOC_FORMAT settings variable and historic -document formats: dvi.gz, ps, ps.gz -- the default document format is -always pdf. - -* Isabelle settings variable ISABELLE_BUILD_JAVA_OPTIONS allows to -specify global resources of the JVM process run by isabelle build. - -* Toplevel executable $ISABELLE_HOME/bin/isabelle_scala_script allows -to run Isabelle/Scala source files as standalone programs. - -* Improved "isabelle keywords" tool (for old-style ProofGeneral -keyword tables): use Isabelle/Scala operations, which inspect outer -syntax without requiring to build sessions first. - -* Sessions may be organized via 'chapter' specifications in the ROOT -file, which determines a two-level hierarchy of browser info. The old -tree-like organization via implicit sub-session relation (with its -tendency towards erratic fluctuation of URLs) has been discontinued. -The default chapter is called "Unsorted". Potential INCOMPATIBILITY -for HTML presentation of theories. - - - -New in Isabelle2013 (February 2013) ------------------------------------ - -*** General *** - -* Theorem status about oracles and unfinished/failed future proofs is -no longer printed by default, since it is incompatible with -incremental / parallel checking of the persistent document model. ML -function Thm.peek_status may be used to inspect a snapshot of the -ongoing evaluation process. Note that in batch mode --- notably -isabelle build --- the system ensures that future proofs of all -accessible theorems in the theory context are finished (as before). - -* Configuration option show_markup controls direct inlining of markup -into the printed representation of formal entities --- notably type -and sort constraints. This enables Prover IDE users to retrieve that -information via tooltips in the output window, for example. - -* Command 'ML_file' evaluates ML text from a file directly within the -theory, without any predeclaration via 'uses' in the theory header. - -* Old command 'use' command and corresponding keyword 'uses' in the -theory header are legacy features and will be discontinued soon. -Tools that load their additional source files may imitate the -'ML_file' implementation, such that the system can take care of -dependencies properly. - -* Discontinued obsolete method fastsimp / tactic fast_simp_tac, which -is called fastforce / fast_force_tac already since Isabelle2011-1. - -* Updated and extended "isar-ref" and "implementation" manual, reduced -remaining material in old "ref" manual. - -* Improved support for auxiliary contexts that indicate block structure -for specifications. Nesting of "context fixes ... context assumes ..." -and "class ... context ...". - -* Attribute "consumes" allows a negative value as well, which is -interpreted relatively to the total number of premises of the rule in -the target context. This form of declaration is stable when exported -from a nested 'context' with additional assumptions. It is the -preferred form for definitional packages, notably cases/rules produced -in HOL/inductive and HOL/function. - -* More informative error messages for Isar proof commands involving -lazy enumerations (method applications etc.). - -* Refined 'help' command to retrieve outer syntax commands according -to name patterns (with clickable results). - - -*** Prover IDE -- Isabelle/Scala/jEdit *** - -* Parallel terminal proofs ('by') are enabled by default, likewise -proofs that are built into packages like 'datatype', 'function'. This -allows to "run ahead" checking the theory specifications on the -surface, while the prover is still crunching on internal -justifications. Unfinished / cancelled proofs are restarted as -required to complete full proof checking eventually. - -* Improved output panel with tooltips, hyperlinks etc. based on the -same Rich_Text_Area as regular Isabelle/jEdit buffers. Activation of -tooltips leads to some window that supports the same recursively, -which can lead to stacks of tooltips as the semantic document content -is explored. ESCAPE closes the whole stack, individual windows may be -closed separately, or detached to become independent jEdit dockables. - -* Improved support for commands that produce graph output: the text -message contains a clickable area to open a new instance of the graph -browser on demand. - -* More robust incremental parsing of outer syntax (partial comments, -malformed symbols). Changing the balance of open/close quotes and -comment delimiters works more conveniently with unfinished situations -that frequently occur in user interaction. - -* More efficient painting and improved reactivity when editing large -files. More scalable management of formal document content. - -* Smarter handling of tracing messages: prover process pauses after -certain number of messages per command transaction, with some user -dialog to stop or continue. This avoids swamping the front-end with -potentially infinite message streams. - -* More plugin options and preferences, based on Isabelle/Scala. The -jEdit plugin option panel provides access to some Isabelle/Scala -options, including tuning parameters for editor reactivity and color -schemes. - -* Dockable window "Symbols" provides some editing support for Isabelle -symbols. - -* Dockable window "Monitor" shows ML runtime statistics. Note that -continuous display of the chart slows down the system. - -* Improved editing support for control styles: subscript, superscript, -bold, reset of style -- operating on single symbols or text -selections. Cf. keyboard shortcuts C+e DOWN/UP/RIGHT/LEFT. - -* Actions isabelle.increase-font-size and isabelle.decrease-font-size -adjust the main text area font size, and its derivatives for output, -tooltips etc. Cf. keyboard shortcuts C-PLUS and C-MINUS, which often -need to be adapted to local keyboard layouts. - -* More reactive completion popup by default: use \t (TAB) instead of -\n (NEWLINE) to minimize intrusion into regular flow of editing. See -also "Plugin Options / SideKick / General / Code Completion Options". - -* Implicit check and build dialog of the specified logic session -image. For example, HOL, HOLCF, HOL-Nominal can be produced on -demand, without bundling big platform-dependent heap images in the -Isabelle distribution. - -* Uniform Java 7 platform on Linux, Mac OS X, Windows: recent updates -from Oracle provide better multi-platform experience. This version is -now bundled exclusively with Isabelle. - - -*** Pure *** - -* Code generation for Haskell: restrict unqualified imports from -Haskell Prelude to a small set of fundamental operations. - -* Command 'export_code': relative file names are interpreted -relatively to master directory of current theory rather than the -rather arbitrary current working directory. INCOMPATIBILITY. - -* Discontinued obsolete attribute "COMP". Potential INCOMPATIBILITY, -use regular rule composition via "OF" / "THEN", or explicit proof -structure instead. Note that Isabelle/ML provides a variety of -operators like COMP, INCR_COMP, COMP_INCR, which need to be applied -with some care where this is really required. - -* Command 'typ' supports an additional variant with explicit sort -constraint, to infer and check the most general type conforming to a -given sort. Example (in HOL): - - typ "_ * _ * bool * unit" :: finite - -* Command 'locale_deps' visualizes all locales and their relations as -a Hasse diagram. - - -*** HOL *** - -* Sledgehammer: - - - Added MaSh relevance filter based on machine-learning; see the - Sledgehammer manual for details. - - Polished Isar proofs generated with "isar_proofs" option. - - Rationalized type encodings ("type_enc" option). - - Renamed "kill_provers" subcommand to "kill_all". - - Renamed options: - isar_proof ~> isar_proofs - isar_shrink_factor ~> isar_shrink - max_relevant ~> max_facts - relevance_thresholds ~> fact_thresholds - -* Quickcheck: added an optimisation for equality premises. It is -switched on by default, and can be switched off by setting the -configuration quickcheck_optimise_equality to false. - -* Quotient: only one quotient can be defined by quotient_type -INCOMPATIBILITY. - -* Lifting: - - generation of an abstraction function equation in lift_definition - - quot_del attribute - - renamed no_abs_code -> no_code (INCOMPATIBILITY.) - -* Simproc "finite_Collect" rewrites set comprehensions into pointfree -expressions. - -* Preprocessing of the code generator rewrites set comprehensions into -pointfree expressions. - -* The SMT solver Z3 has now by default a restricted set of directly -supported features. For the full set of features (div/mod, nonlinear -arithmetic, datatypes/records) with potential proof reconstruction -failures, enable the configuration option "z3_with_extensions". Minor -INCOMPATIBILITY. - -* Simplified 'typedef' specifications: historical options for implicit -set definition and alternative name have been discontinued. The -former behavior of "typedef (open) t = A" is now the default, but -written just "typedef t = A". INCOMPATIBILITY, need to adapt theories -accordingly. - -* Removed constant "chars"; prefer "Enum.enum" on type "char" -directly. INCOMPATIBILITY. - -* Moved operation product, sublists and n_lists from theory Enum to -List. INCOMPATIBILITY. - -* Theorem UN_o generalized to SUP_comp. INCOMPATIBILITY. - -* Class "comm_monoid_diff" formalises properties of bounded -subtraction, with natural numbers and multisets as typical instances. - -* Added combinator "Option.these" with type "'a option set => 'a set". - -* Theory "Transitive_Closure": renamed lemmas - - reflcl_tranclp -> reflclp_tranclp - rtranclp_reflcl -> rtranclp_reflclp - -INCOMPATIBILITY. - -* Theory "Rings": renamed lemmas (in class semiring) - - left_distrib ~> distrib_right - right_distrib ~> distrib_left - -INCOMPATIBILITY. - -* Generalized the definition of limits: - - - Introduced the predicate filterlim (LIM x F. f x :> G) which - expresses that when the input values x converge to F then the - output f x converges to G. - - - Added filters for convergence to positive (at_top) and negative - infinity (at_bot). - - - Moved infinity in the norm (at_infinity) from - Multivariate_Analysis to Complex_Main. - - - Removed real_tendsto_inf, it is superseded by "LIM x F. f x :> - at_top". - -INCOMPATIBILITY. - -* Theory "Library/Option_ord" provides instantiation of option type to -lattice type classes. - -* Theory "Library/Multiset": renamed - - constant fold_mset ~> Multiset.fold - fact fold_mset_commute ~> fold_mset_comm - -INCOMPATIBILITY. - -* Renamed theory Library/List_Prefix to Library/Sublist, with related -changes as follows. - - - Renamed constants (and related lemmas) - - prefix ~> prefixeq - strict_prefix ~> prefix - - - Replaced constant "postfix" by "suffixeq" with swapped argument - order (i.e., "postfix xs ys" is now "suffixeq ys xs") and dropped - old infix syntax "xs >>= ys"; use "suffixeq ys xs" instead. - Renamed lemmas accordingly. - - - Added constant "list_hembeq" for homeomorphic embedding on - lists. Added abbreviation "sublisteq" for special case - "list_hembeq (op =)". - - - Theory Library/Sublist no longer provides "order" and "bot" type - class instances for the prefix order (merely corresponding locale - interpretations). The type class instances are now in theory - Library/Prefix_Order. - - - The sublist relation of theory Library/Sublist_Order is now based - on "Sublist.sublisteq". Renamed lemmas accordingly: - - le_list_append_le_same_iff ~> Sublist.sublisteq_append_le_same_iff - le_list_append_mono ~> Sublist.list_hembeq_append_mono - le_list_below_empty ~> Sublist.list_hembeq_Nil, Sublist.list_hembeq_Nil2 - le_list_Cons_EX ~> Sublist.list_hembeq_ConsD - le_list_drop_Cons2 ~> Sublist.sublisteq_Cons2' - le_list_drop_Cons_neq ~> Sublist.sublisteq_Cons2_neq - le_list_drop_Cons ~> Sublist.sublisteq_Cons' - le_list_drop_many ~> Sublist.sublisteq_drop_many - le_list_filter_left ~> Sublist.sublisteq_filter_left - le_list_rev_drop_many ~> Sublist.sublisteq_rev_drop_many - le_list_rev_take_iff ~> Sublist.sublisteq_append - le_list_same_length ~> Sublist.sublisteq_same_length - le_list_take_many_iff ~> Sublist.sublisteq_append' - less_eq_list.drop ~> less_eq_list_drop - less_eq_list.induct ~> less_eq_list_induct - not_le_list_length ~> Sublist.not_sublisteq_length - -INCOMPATIBILITY. - -* New theory Library/Countable_Set. - -* Theory Library/Debug and Library/Parallel provide debugging and -parallel execution for code generated towards Isabelle/ML. - -* Theory Library/FuncSet: Extended support for Pi and extensional and -introduce the extensional dependent function space "PiE". Replaced -extensional_funcset by an abbreviation, and renamed lemmas from -extensional_funcset to PiE as follows: - - extensional_empty ~> PiE_empty - extensional_funcset_empty_domain ~> PiE_empty_domain - extensional_funcset_empty_range ~> PiE_empty_range - extensional_funcset_arb ~> PiE_arb - extensional_funcset_mem ~> PiE_mem - extensional_funcset_extend_domainI ~> PiE_fun_upd - extensional_funcset_restrict_domain ~> fun_upd_in_PiE - extensional_funcset_extend_domain_eq ~> PiE_insert_eq - card_extensional_funcset ~> card_PiE - finite_extensional_funcset ~> finite_PiE - -INCOMPATIBILITY. - -* Theory Library/FinFun: theory of almost everywhere constant -functions (supersedes the AFP entry "Code Generation for Functions as -Data"). - -* Theory Library/Phantom: generic phantom type to make a type -parameter appear in a constant's type. This alternative to adding -TYPE('a) as another parameter avoids unnecessary closures in generated -code. - -* Theory Library/RBT_Impl: efficient construction of red-black trees -from sorted associative lists. Merging two trees with rbt_union may -return a structurally different tree than before. Potential -INCOMPATIBILITY. - -* Theory Library/IArray: immutable arrays with code generation. - -* Theory Library/Finite_Lattice: theory of finite lattices. - -* HOL/Multivariate_Analysis: replaced - - "basis :: 'a::euclidean_space => nat => real" - "\\ :: (nat => real) => 'a::euclidean_space" - -on euclidean spaces by using the inner product "_ \ _" with -vectors from the Basis set: "\\ i. f i" is superseded by -"SUM i : Basis. f i * r i". - - With this change the following constants are also changed or removed: - - DIM('a) :: nat ~> card (Basis :: 'a set) (is an abbreviation) - a $$ i ~> inner a i (where i : Basis) - cart_base i removed - \, \' removed - - Theorems about these constants where removed. - - Renamed lemmas: - - component_le_norm ~> Basis_le_norm - euclidean_eq ~> euclidean_eq_iff - differential_zero_maxmin_component ~> differential_zero_maxmin_cart - euclidean_simps ~> inner_simps - independent_basis ~> independent_Basis - span_basis ~> span_Basis - in_span_basis ~> in_span_Basis - norm_bound_component_le ~> norm_boound_Basis_le - norm_bound_component_lt ~> norm_boound_Basis_lt - component_le_infnorm ~> Basis_le_infnorm - -INCOMPATIBILITY. - -* HOL/Probability: - - - Added simproc "measurable" to automatically prove measurability. - - - Added induction rules for sigma sets with disjoint union - (sigma_sets_induct_disjoint) and for Borel-measurable functions - (borel_measurable_induct). - - - Added the Daniell-Kolmogorov theorem (the existence the limit of a - projective family). - -* HOL/Cardinals: Theories of ordinals and cardinals (supersedes the -AFP entry "Ordinals_and_Cardinals"). - -* HOL/BNF: New (co)datatype package based on bounded natural functors -with support for mixed, nested recursion and interesting non-free -datatypes. - -* HOL/Finite_Set and Relation: added new set and relation operations -expressed by Finite_Set.fold. - -* New theory HOL/Library/RBT_Set: implementation of sets by red-black -trees for the code generator. - -* HOL/Library/RBT and HOL/Library/Mapping have been converted to -Lifting/Transfer. -possible INCOMPATIBILITY. - -* HOL/Set: renamed Set.project -> Set.filter -INCOMPATIBILITY. - - -*** Document preparation *** - -* Dropped legacy antiquotations "term_style" and "thm_style", since -styles may be given as arguments to "term" and "thm" already. -Discontinued legacy styles "prem1" .. "prem19". - -* Default LaTeX rendering for \ is now based on eurosym package, -instead of slightly exotic babel/greek. - -* Document variant NAME may use different LaTeX entry point -document/root_NAME.tex if that file exists, instead of the common -document/root.tex. - -* Simplified custom document/build script, instead of old-style -document/IsaMakefile. Minor INCOMPATIBILITY. - - -*** ML *** - -* The default limit for maximum number of worker threads is now 8, -instead of 4, in correspondence to capabilities of contemporary -hardware and Poly/ML runtime system. - -* Type Seq.results and related operations support embedded error -messages within lazy enumerations, and thus allow to provide -informative errors in the absence of any usable results. - -* Renamed Position.str_of to Position.here to emphasize that this is a -formal device to inline positions into message text, but not -necessarily printing visible text. - - -*** System *** - -* Advanced support for Isabelle sessions and build management, see -"system" manual for the chapter of that name, especially the "isabelle -build" tool and its examples. The "isabelle mkroot" tool prepares -session root directories for use with "isabelle build", similar to -former "isabelle mkdir" for "isabelle usedir". Note that this affects -document preparation as well. INCOMPATIBILITY, isabelle usedir / -mkdir / make are rendered obsolete. - -* Discontinued obsolete Isabelle/build script, it is superseded by the -regular isabelle build tool. For example: - - isabelle build -s -b HOL - -* Discontinued obsolete "isabelle makeall". - -* Discontinued obsolete IsaMakefile and ROOT.ML files from the -Isabelle distribution, except for rudimentary src/HOL/IsaMakefile that -provides some traditional targets that invoke "isabelle build". Note -that this is inefficient! Applications of Isabelle/HOL involving -"isabelle make" should be upgraded to use "isabelle build" directly. - -* The "isabelle options" tool prints Isabelle system options, as -required for "isabelle build", for example. - -* The "isabelle logo" tool produces EPS and PDF format simultaneously. -Minor INCOMPATIBILITY in command-line options. - -* The "isabelle install" tool has now a simpler command-line. Minor -INCOMPATIBILITY. - -* The "isabelle components" tool helps to resolve add-on components -that are not bundled, or referenced from a bare-bones repository -version of Isabelle. - -* Settings variable ISABELLE_PLATFORM_FAMILY refers to the general -platform family: "linux", "macos", "windows". - -* The ML system is configured as regular component, and no longer -picked up from some surrounding directory. Potential INCOMPATIBILITY -for home-made settings. - -* Improved ML runtime statistics (heap, threads, future tasks etc.). - -* Discontinued support for Poly/ML 5.2.1, which was the last version -without exception positions and advanced ML compiler/toplevel -configuration. - -* Discontinued special treatment of Proof General -- no longer guess -PROOFGENERAL_HOME based on accidental file-system layout. Minor -INCOMPATIBILITY: provide PROOFGENERAL_HOME and PROOFGENERAL_OPTIONS -settings manually, or use a Proof General version that has been -bundled as Isabelle component. - - - -New in Isabelle2012 (May 2012) ------------------------------- - -*** General *** - -* Prover IDE (PIDE) improvements: - - - more robust Sledgehammer integration (as before the sledgehammer - command-line needs to be typed into the source buffer) - - markup for bound variables - - markup for types of term variables (displayed as tooltips) - - support for user-defined Isar commands within the running session - - improved support for Unicode outside original 16bit range - e.g. glyph for \ (thanks to jEdit 4.5.1) - -* Forward declaration of outer syntax keywords within the theory -header -- minor INCOMPATIBILITY for user-defined commands. Allow new -commands to be used in the same theory where defined. - -* Auxiliary contexts indicate block structure for specifications with -additional parameters and assumptions. Such unnamed contexts may be -nested within other targets, like 'theory', 'locale', 'class', -'instantiation' etc. Results from the local context are generalized -accordingly and applied to the enclosing target context. Example: - - context - fixes x y z :: 'a - assumes xy: "x = y" and yz: "y = z" - begin - - lemma my_trans: "x = z" using xy yz by simp - - end - - thm my_trans - -The most basic application is to factor-out context elements of -several fixes/assumes/shows theorem statements, e.g. see -~~/src/HOL/Isar_Examples/Group_Context.thy - -Any other local theory specification element works within the "context -... begin ... end" block as well. - -* Bundled declarations associate attributed fact expressions with a -given name in the context. These may be later included in other -contexts. This allows to manage context extensions casually, without -the logical dependencies of locales and locale interpretation. See -commands 'bundle', 'include', 'including' etc. in the isar-ref manual. - -* Commands 'lemmas' and 'theorems' allow local variables using 'for' -declaration, and results are standardized before being stored. Thus -old-style "standard" after instantiation or composition of facts -becomes obsolete. Minor INCOMPATIBILITY, due to potential change of -indices of schematic variables. - -* Rule attributes in local theory declarations (e.g. locale or class) -are now statically evaluated: the resulting theorem is stored instead -of the original expression. INCOMPATIBILITY in rare situations, where -the historic accident of dynamic re-evaluation in interpretations -etc. was exploited. - -* New tutorial "Programming and Proving in Isabelle/HOL" -("prog-prove"). It completely supersedes "A Tutorial Introduction to -Structured Isar Proofs" ("isar-overview"), which has been removed. It -also supersedes "Isabelle/HOL, A Proof Assistant for Higher-Order -Logic" as the recommended beginners tutorial, but does not cover all -of the material of that old tutorial. - -* Updated and extended reference manuals: "isar-ref", -"implementation", "system"; reduced remaining material in old "ref" -manual. - - -*** Pure *** - -* Command 'definition' no longer exports the foundational "raw_def" -into the user context. Minor INCOMPATIBILITY, may use the regular -"def" result with attribute "abs_def" to imitate the old version. - -* Attribute "abs_def" turns an equation of the form "f x y == t" into -"f == %x y. t", which ensures that "simp" or "unfold" steps always -expand it. This also works for object-logic equality. (Formerly -undocumented feature.) - -* Sort constraints are now propagated in simultaneous statements, just -like type constraints. INCOMPATIBILITY in rare situations, where -distinct sorts used to be assigned accidentally. For example: - - lemma "P (x::'a::foo)" and "Q (y::'a::bar)" -- "now illegal" - - lemma "P (x::'a)" and "Q (y::'a::bar)" - -- "now uniform 'a::bar instead of default sort for first occurrence (!)" - -* Rule composition via attribute "OF" (or ML functions OF/MRS) is more -tolerant against multiple unifiers, as long as the final result is -unique. (As before, rules are composed in canonical right-to-left -order to accommodate newly introduced premises.) - -* Renamed some inner syntax categories: - - num ~> num_token - xnum ~> xnum_token - xstr ~> str_token - -Minor INCOMPATIBILITY. Note that in practice "num_const" or -"num_position" etc. are mainly used instead (which also include -position information via constraints). - -* Simplified configuration options for syntax ambiguity: see -"syntax_ambiguity_warning" and "syntax_ambiguity_limit" in isar-ref -manual. Minor INCOMPATIBILITY. - -* Discontinued configuration option "syntax_positions": atomic terms -in parse trees are always annotated by position constraints. - -* Old code generator for SML and its commands 'code_module', -'code_library', 'consts_code', 'types_code' have been discontinued. -Use commands of the generic code generator instead. INCOMPATIBILITY. - -* Redundant attribute "code_inline" has been discontinued. Use -"code_unfold" instead. INCOMPATIBILITY. - -* Dropped attribute "code_unfold_post" in favor of the its dual -"code_abbrev", which yields a common pattern in definitions like - - definition [code_abbrev]: "f = t" - -INCOMPATIBILITY. - -* Obsolete 'types' command has been discontinued. Use 'type_synonym' -instead. INCOMPATIBILITY. - -* Discontinued old "prems" fact, which used to refer to the accidental -collection of foundational premises in the context (already marked as -legacy since Isabelle2011). - - -*** HOL *** - -* Type 'a set is now a proper type constructor (just as before -Isabelle2008). Definitions mem_def and Collect_def have disappeared. -Non-trivial INCOMPATIBILITY. For developments keeping predicates and -sets separate, it is often sufficient to rephrase some set S that has -been accidentally used as predicates by "%x. x : S", and some -predicate P that has been accidentally used as set by "{x. P x}". -Corresponding proofs in a first step should be pruned from any -tinkering with former theorems mem_def and Collect_def as far as -possible. - -For developments which deliberately mix predicates and sets, a -planning step is necessary to determine what should become a predicate -and what a set. It can be helpful to carry out that step in -Isabelle2011-1 before jumping right into the current release. - -* Code generation by default implements sets as container type rather -than predicates. INCOMPATIBILITY. - -* New type synonym 'a rel = ('a * 'a) set - -* The representation of numerals has changed. Datatype "num" -represents strictly positive binary numerals, along with functions -"numeral :: num => 'a" and "neg_numeral :: num => 'a" to represent -positive and negated numeric literals, respectively. See also -definitions in ~~/src/HOL/Num.thy. Potential INCOMPATIBILITY, some -user theories may require adaptations as follows: - - - Theorems with number_ring or number_semiring constraints: These - classes are gone; use comm_ring_1 or comm_semiring_1 instead. - - - Theories defining numeric types: Remove number, number_semiring, - and number_ring instances. Defer all theorems about numerals until - after classes one and semigroup_add have been instantiated. - - - Numeral-only simp rules: Replace each rule having a "number_of v" - pattern with two copies, one for numeral and one for neg_numeral. - - - Theorems about subclasses of semiring_1 or ring_1: These classes - automatically support numerals now, so more simp rules and - simprocs may now apply within the proof. - - - Definitions and theorems using old constructors Pls/Min/Bit0/Bit1: - Redefine using other integer operations. - -* Transfer: New package intended to generalize the existing -"descending" method and related theorem attributes from the Quotient -package. (Not all functionality is implemented yet, but future -development will focus on Transfer as an eventual replacement for the -corresponding parts of the Quotient package.) - - - transfer_rule attribute: Maintains a collection of transfer rules, - which relate constants at two different types. Transfer rules may - relate different type instances of the same polymorphic constant, - or they may relate an operation on a raw type to a corresponding - operation on an abstract type (quotient or subtype). For example: - - ((A ===> B) ===> list_all2 A ===> list_all2 B) map map - (cr_int ===> cr_int ===> cr_int) (%(x,y) (u,v). (x+u, y+v)) plus_int - - - transfer method: Replaces a subgoal on abstract types with an - equivalent subgoal on the corresponding raw types. Constants are - replaced with corresponding ones according to the transfer rules. - Goals are generalized over all free variables by default; this is - necessary for variables whose types change, but can be overridden - for specific variables with e.g. "transfer fixing: x y z". The - variant transfer' method allows replacing a subgoal with one that - is logically stronger (rather than equivalent). - - - relator_eq attribute: Collects identity laws for relators of - various type constructors, e.g. "list_all2 (op =) = (op =)". The - transfer method uses these lemmas to infer transfer rules for - non-polymorphic constants on the fly. - - - transfer_prover method: Assists with proving a transfer rule for a - new constant, provided the constant is defined in terms of other - constants that already have transfer rules. It should be applied - after unfolding the constant definitions. - - - HOL/ex/Transfer_Int_Nat.thy: Example theory demonstrating transfer - from type nat to type int. - -* Lifting: New package intended to generalize the quotient_definition -facility of the Quotient package; designed to work with Transfer. - - - lift_definition command: Defines operations on an abstract type in - terms of a corresponding operation on a representation - type. Example syntax: - - lift_definition dlist_insert :: "'a => 'a dlist => 'a dlist" - is List.insert - - Users must discharge a respectfulness proof obligation when each - constant is defined. (For a type copy, i.e. a typedef with UNIV, - the proof is discharged automatically.) The obligation is - presented in a user-friendly, readable form; a respectfulness - theorem in the standard format and a transfer rule are generated - by the package. - - - Integration with code_abstype: For typedefs (e.g. subtypes - corresponding to a datatype invariant, such as dlist), - lift_definition generates a code certificate theorem and sets up - code generation for each constant. - - - setup_lifting command: Sets up the Lifting package to work with a - user-defined type. The user must provide either a quotient theorem - or a type_definition theorem. The package configures transfer - rules for equality and quantifiers on the type, and sets up the - lift_definition command to work with the type. - - - Usage examples: See Quotient_Examples/Lift_DList.thy, - Quotient_Examples/Lift_RBT.thy, Quotient_Examples/Lift_FSet.thy, - Word/Word.thy and Library/Float.thy. - -* Quotient package: - - - The 'quotient_type' command now supports a 'morphisms' option with - rep and abs functions, similar to typedef. - - - 'quotient_type' sets up new types to work with the Lifting and - Transfer packages, as with 'setup_lifting'. - - - The 'quotient_definition' command now requires the user to prove a - respectfulness property at the point where the constant is - defined, similar to lift_definition; INCOMPATIBILITY. - - - Renamed predicate 'Quotient' to 'Quotient3', and renamed theorems - accordingly, INCOMPATIBILITY. - -* New diagnostic command 'find_unused_assms' to find potentially -superfluous assumptions in theorems using Quickcheck. - -* Quickcheck: - - - Quickcheck returns variable assignments as counterexamples, which - allows to reveal the underspecification of functions under test. - For example, refuting "hd xs = x", it presents the variable - assignment xs = [] and x = a1 as a counterexample, assuming that - any property is false whenever "hd []" occurs in it. - - These counterexample are marked as potentially spurious, as - Quickcheck also returns "xs = []" as a counterexample to the - obvious theorem "hd xs = hd xs". - - After finding a potentially spurious counterexample, Quickcheck - continues searching for genuine ones. - - By default, Quickcheck shows potentially spurious and genuine - counterexamples. The option "genuine_only" sets quickcheck to only - show genuine counterexamples. - - - The command 'quickcheck_generator' creates random and exhaustive - value generators for a given type and operations. - - It generates values by using the operations as if they were - constructors of that type. - - - Support for multisets. - - - Added "use_subtype" options. - - - Added "quickcheck_locale" configuration to specify how to process - conjectures in a locale context. - -* Nitpick: Fixed infinite loop caused by the 'peephole_optim' option -and affecting 'rat' and 'real'. - -* Sledgehammer: - - Integrated more tightly with SPASS, as described in the ITP 2012 - paper "More SPASS with Isabelle". - - Made it try "smt" as a fallback if "metis" fails or times out. - - Added support for the following provers: Alt-Ergo (via Why3 and - TFF1), iProver, iProver-Eq. - - Sped up the minimizer. - - Added "lam_trans", "uncurry_aliases", and "minimize" options. - - Renamed "slicing" ("no_slicing") option to "slice" ("dont_slice"). - - Renamed "sound" option to "strict". - -* Metis: Added possibility to specify lambda translations scheme as a -parenthesized argument (e.g., "by (metis (lifting) ...)"). - -* SMT: Renamed "smt_fixed" option to "smt_read_only_certificates". - -* Command 'try0': Renamed from 'try_methods'. INCOMPATIBILITY. - -* New "case_product" attribute to generate a case rule doing multiple -case distinctions at the same time. E.g. - - list.exhaust [case_product nat.exhaust] - -produces a rule which can be used to perform case distinction on both -a list and a nat. - -* New "eventually_elim" method as a generalized variant of the -eventually_elim* rules. Supports structured proofs. - -* Typedef with implicit set definition is considered legacy. Use -"typedef (open)" form instead, which will eventually become the -default. - -* Record: code generation can be switched off manually with - - declare [[record_coden = false]] -- "default true" - -* Datatype: type parameters allow explicit sort constraints. - -* Concrete syntax for case expressions includes constraints for source -positions, and thus produces Prover IDE markup for its bindings. -INCOMPATIBILITY for old-style syntax translations that augment the -pattern notation; e.g. see src/HOL/HOLCF/One.thy for translations of -one_case. - -* Clarified attribute "mono_set": pure declaration without modifying -the result of the fact expression. - -* More default pred/set conversions on a couple of relation operations -and predicates. Added powers of predicate relations. Consolidation -of some relation theorems: - - converse_def ~> converse_unfold - rel_comp_def ~> relcomp_unfold - symp_def ~> (modified, use symp_def and sym_def instead) - transp_def ~> transp_trans - Domain_def ~> Domain_unfold - Range_def ~> Domain_converse [symmetric] - -Generalized theorems INF_INT_eq, INF_INT_eq2, SUP_UN_eq, SUP_UN_eq2. - -See theory "Relation" for examples for making use of pred/set -conversions by means of attributes "to_set" and "to_pred". - -INCOMPATIBILITY. - -* Renamed facts about the power operation on relations, i.e., relpow -to match the constant's name: - - rel_pow_1 ~> relpow_1 - rel_pow_0_I ~> relpow_0_I - rel_pow_Suc_I ~> relpow_Suc_I - rel_pow_Suc_I2 ~> relpow_Suc_I2 - rel_pow_0_E ~> relpow_0_E - rel_pow_Suc_E ~> relpow_Suc_E - rel_pow_E ~> relpow_E - rel_pow_Suc_D2 ~> relpow_Suc_D2 - rel_pow_Suc_E2 ~> relpow_Suc_E2 - rel_pow_Suc_D2' ~> relpow_Suc_D2' - rel_pow_E2 ~> relpow_E2 - rel_pow_add ~> relpow_add - rel_pow_commute ~> relpow - rel_pow_empty ~> relpow_empty: - rtrancl_imp_UN_rel_pow ~> rtrancl_imp_UN_relpow - rel_pow_imp_rtrancl ~> relpow_imp_rtrancl - rtrancl_is_UN_rel_pow ~> rtrancl_is_UN_relpow - rtrancl_imp_rel_pow ~> rtrancl_imp_relpow - rel_pow_fun_conv ~> relpow_fun_conv - rel_pow_finite_bounded1 ~> relpow_finite_bounded1 - rel_pow_finite_bounded ~> relpow_finite_bounded - rtrancl_finite_eq_rel_pow ~> rtrancl_finite_eq_relpow - trancl_finite_eq_rel_pow ~> trancl_finite_eq_relpow - single_valued_rel_pow ~> single_valued_relpow - -INCOMPATIBILITY. - -* Theory Relation: Consolidated constant name for relation composition -and corresponding theorem names: - - - Renamed constant rel_comp to relcomp. - - - Dropped abbreviation pred_comp. Use relcompp instead. - - - Renamed theorems: - - rel_compI ~> relcompI - rel_compEpair ~> relcompEpair - rel_compE ~> relcompE - pred_comp_rel_comp_eq ~> relcompp_relcomp_eq - rel_comp_empty1 ~> relcomp_empty1 - rel_comp_mono ~> relcomp_mono - rel_comp_subset_Sigma ~> relcomp_subset_Sigma - rel_comp_distrib ~> relcomp_distrib - rel_comp_distrib2 ~> relcomp_distrib2 - rel_comp_UNION_distrib ~> relcomp_UNION_distrib - rel_comp_UNION_distrib2 ~> relcomp_UNION_distrib2 - single_valued_rel_comp ~> single_valued_relcomp - rel_comp_def ~> relcomp_unfold - converse_rel_comp ~> converse_relcomp - pred_compI ~> relcomppI - pred_compE ~> relcomppE - pred_comp_bot1 ~> relcompp_bot1 - pred_comp_bot2 ~> relcompp_bot2 - transp_pred_comp_less_eq ~> transp_relcompp_less_eq - pred_comp_mono ~> relcompp_mono - pred_comp_distrib ~> relcompp_distrib - pred_comp_distrib2 ~> relcompp_distrib2 - converse_pred_comp ~> converse_relcompp - - finite_rel_comp ~> finite_relcomp - - set_rel_comp ~> set_relcomp - -INCOMPATIBILITY. - -* Theory Divides: Discontinued redundant theorems about div and mod. -INCOMPATIBILITY, use the corresponding generic theorems instead. - - DIVISION_BY_ZERO ~> div_by_0, mod_by_0 - zdiv_self ~> div_self - zmod_self ~> mod_self - zdiv_zero ~> div_0 - zmod_zero ~> mod_0 - zdiv_zmod_equality ~> div_mod_equality2 - zdiv_zmod_equality2 ~> div_mod_equality - zmod_zdiv_trivial ~> mod_div_trivial - zdiv_zminus_zminus ~> div_minus_minus - zmod_zminus_zminus ~> mod_minus_minus - zdiv_zminus2 ~> div_minus_right - zmod_zminus2 ~> mod_minus_right - zdiv_minus1_right ~> div_minus1_right - zmod_minus1_right ~> mod_minus1_right - zdvd_mult_div_cancel ~> dvd_mult_div_cancel - zmod_zmult1_eq ~> mod_mult_right_eq - zpower_zmod ~> power_mod - zdvd_zmod ~> dvd_mod - zdvd_zmod_imp_zdvd ~> dvd_mod_imp_dvd - mod_mult_distrib ~> mult_mod_left - mod_mult_distrib2 ~> mult_mod_right - -* Removed redundant theorems nat_mult_2 and nat_mult_2_right; use -generic mult_2 and mult_2_right instead. INCOMPATIBILITY. - -* Finite_Set.fold now qualified. INCOMPATIBILITY. - -* Consolidated theorem names concerning fold combinators: - - inf_INFI_fold_inf ~> inf_INF_fold_inf - sup_SUPR_fold_sup ~> sup_SUP_fold_sup - INFI_fold_inf ~> INF_fold_inf - SUPR_fold_sup ~> SUP_fold_sup - union_set ~> union_set_fold - minus_set ~> minus_set_fold - INFI_set_fold ~> INF_set_fold - SUPR_set_fold ~> SUP_set_fold - INF_code ~> INF_set_foldr - SUP_code ~> SUP_set_foldr - foldr.simps ~> foldr.simps (in point-free formulation) - foldr_fold_rev ~> foldr_conv_fold - foldl_fold ~> foldl_conv_fold - foldr_foldr ~> foldr_conv_foldl - foldl_foldr ~> foldl_conv_foldr - fold_set_remdups ~> fold_set_fold_remdups - fold_set ~> fold_set_fold - fold1_set ~> fold1_set_fold - -INCOMPATIBILITY. - -* Dropped rarely useful theorems concerning fold combinators: -foldl_apply, foldl_fun_comm, foldl_rev, fold_weak_invariant, -rev_foldl_cons, fold_set_remdups, fold_set, fold_set1, -concat_conv_foldl, foldl_weak_invariant, foldl_invariant, -foldr_invariant, foldl_absorb0, foldl_foldr1_lemma, foldl_foldr1, -listsum_conv_fold, listsum_foldl, sort_foldl_insort, foldl_assoc, -foldr_conv_foldl, start_le_sum, elem_le_sum, sum_eq_0_conv. -INCOMPATIBILITY. For the common phrases "%xs. List.foldr plus xs 0" -and "List.foldl plus 0", prefer "List.listsum". Otherwise it can be -useful to boil down "List.foldr" and "List.foldl" to "List.fold" by -unfolding "foldr_conv_fold" and "foldl_conv_fold". - -* Dropped lemmas minus_set_foldr, union_set_foldr, union_coset_foldr, -inter_coset_foldr, Inf_fin_set_foldr, Sup_fin_set_foldr, -Min_fin_set_foldr, Max_fin_set_foldr, Inf_set_foldr, Sup_set_foldr, -INF_set_foldr, SUP_set_foldr. INCOMPATIBILITY. Prefer corresponding -lemmas over fold rather than foldr, or make use of lemmas -fold_conv_foldr and fold_rev. - -* Congruence rules Option.map_cong and Option.bind_cong for recursion -through option types. - -* "Transitive_Closure.ntrancl": bounded transitive closure on -relations. - -* Constant "Set.not_member" now qualified. INCOMPATIBILITY. - -* Theory Int: Discontinued many legacy theorems specific to type int. -INCOMPATIBILITY, use the corresponding generic theorems instead. - - zminus_zminus ~> minus_minus - zminus_0 ~> minus_zero - zminus_zadd_distrib ~> minus_add_distrib - zadd_commute ~> add_commute - zadd_assoc ~> add_assoc - zadd_left_commute ~> add_left_commute - zadd_ac ~> add_ac - zmult_ac ~> mult_ac - zadd_0 ~> add_0_left - zadd_0_right ~> add_0_right - zadd_zminus_inverse2 ~> left_minus - zmult_zminus ~> mult_minus_left - zmult_commute ~> mult_commute - zmult_assoc ~> mult_assoc - zadd_zmult_distrib ~> left_distrib - zadd_zmult_distrib2 ~> right_distrib - zdiff_zmult_distrib ~> left_diff_distrib - zdiff_zmult_distrib2 ~> right_diff_distrib - zmult_1 ~> mult_1_left - zmult_1_right ~> mult_1_right - zle_refl ~> order_refl - zle_trans ~> order_trans - zle_antisym ~> order_antisym - zle_linear ~> linorder_linear - zless_linear ~> linorder_less_linear - zadd_left_mono ~> add_left_mono - zadd_strict_right_mono ~> add_strict_right_mono - zadd_zless_mono ~> add_less_le_mono - int_0_less_1 ~> zero_less_one - int_0_neq_1 ~> zero_neq_one - zless_le ~> less_le - zpower_zadd_distrib ~> power_add - zero_less_zpower_abs_iff ~> zero_less_power_abs_iff - zero_le_zpower_abs ~> zero_le_power_abs - -* Theory Deriv: Renamed - - DERIV_nonneg_imp_nonincreasing ~> DERIV_nonneg_imp_nondecreasing - -* Theory Library/Multiset: Improved code generation of multisets. - -* Theory HOL/Library/Set_Algebras: Addition and multiplication on sets -are expressed via type classes again. The special syntax -\/\ has been replaced by plain +/*. Removed constant -setsum_set, which is now subsumed by Big_Operators.setsum. -INCOMPATIBILITY. - -* Theory HOL/Library/Diagonalize has been removed. INCOMPATIBILITY, -use theory HOL/Library/Nat_Bijection instead. - -* Theory HOL/Library/RBT_Impl: Backing implementation of red-black -trees is now inside a type class context. Names of affected -operations and lemmas have been prefixed by rbt_. INCOMPATIBILITY for -theories working directly with raw red-black trees, adapt the names as -follows: - - Operations: - bulkload -> rbt_bulkload - del_from_left -> rbt_del_from_left - del_from_right -> rbt_del_from_right - del -> rbt_del - delete -> rbt_delete - ins -> rbt_ins - insert -> rbt_insert - insertw -> rbt_insert_with - insert_with_key -> rbt_insert_with_key - map_entry -> rbt_map_entry - lookup -> rbt_lookup - sorted -> rbt_sorted - tree_greater -> rbt_greater - tree_less -> rbt_less - tree_less_symbol -> rbt_less_symbol - union -> rbt_union - union_with -> rbt_union_with - union_with_key -> rbt_union_with_key - - Lemmas: - balance_left_sorted -> balance_left_rbt_sorted - balance_left_tree_greater -> balance_left_rbt_greater - balance_left_tree_less -> balance_left_rbt_less - balance_right_sorted -> balance_right_rbt_sorted - balance_right_tree_greater -> balance_right_rbt_greater - balance_right_tree_less -> balance_right_rbt_less - balance_sorted -> balance_rbt_sorted - balance_tree_greater -> balance_rbt_greater - balance_tree_less -> balance_rbt_less - bulkload_is_rbt -> rbt_bulkload_is_rbt - combine_sorted -> combine_rbt_sorted - combine_tree_greater -> combine_rbt_greater - combine_tree_less -> combine_rbt_less - delete_in_tree -> rbt_delete_in_tree - delete_is_rbt -> rbt_delete_is_rbt - del_from_left_tree_greater -> rbt_del_from_left_rbt_greater - del_from_left_tree_less -> rbt_del_from_left_rbt_less - del_from_right_tree_greater -> rbt_del_from_right_rbt_greater - del_from_right_tree_less -> rbt_del_from_right_rbt_less - del_in_tree -> rbt_del_in_tree - del_inv1_inv2 -> rbt_del_inv1_inv2 - del_sorted -> rbt_del_rbt_sorted - del_tree_greater -> rbt_del_rbt_greater - del_tree_less -> rbt_del_rbt_less - dom_lookup_Branch -> dom_rbt_lookup_Branch - entries_lookup -> entries_rbt_lookup - finite_dom_lookup -> finite_dom_rbt_lookup - insert_sorted -> rbt_insert_rbt_sorted - insertw_is_rbt -> rbt_insertw_is_rbt - insertwk_is_rbt -> rbt_insertwk_is_rbt - insertwk_sorted -> rbt_insertwk_rbt_sorted - insertw_sorted -> rbt_insertw_rbt_sorted - ins_sorted -> ins_rbt_sorted - ins_tree_greater -> ins_rbt_greater - ins_tree_less -> ins_rbt_less - is_rbt_sorted -> is_rbt_rbt_sorted - lookup_balance -> rbt_lookup_balance - lookup_bulkload -> rbt_lookup_rbt_bulkload - lookup_delete -> rbt_lookup_rbt_delete - lookup_Empty -> rbt_lookup_Empty - lookup_from_in_tree -> rbt_lookup_from_in_tree - lookup_in_tree -> rbt_lookup_in_tree - lookup_ins -> rbt_lookup_ins - lookup_insert -> rbt_lookup_rbt_insert - lookup_insertw -> rbt_lookup_rbt_insertw - lookup_insertwk -> rbt_lookup_rbt_insertwk - lookup_keys -> rbt_lookup_keys - lookup_map -> rbt_lookup_map - lookup_map_entry -> rbt_lookup_rbt_map_entry - lookup_tree_greater -> rbt_lookup_rbt_greater - lookup_tree_less -> rbt_lookup_rbt_less - lookup_union -> rbt_lookup_rbt_union - map_entry_color_of -> rbt_map_entry_color_of - map_entry_inv1 -> rbt_map_entry_inv1 - map_entry_inv2 -> rbt_map_entry_inv2 - map_entry_is_rbt -> rbt_map_entry_is_rbt - map_entry_sorted -> rbt_map_entry_rbt_sorted - map_entry_tree_greater -> rbt_map_entry_rbt_greater - map_entry_tree_less -> rbt_map_entry_rbt_less - map_tree_greater -> map_rbt_greater - map_tree_less -> map_rbt_less - map_sorted -> map_rbt_sorted - paint_sorted -> paint_rbt_sorted - paint_lookup -> paint_rbt_lookup - paint_tree_greater -> paint_rbt_greater - paint_tree_less -> paint_rbt_less - sorted_entries -> rbt_sorted_entries - tree_greater_eq_trans -> rbt_greater_eq_trans - tree_greater_nit -> rbt_greater_nit - tree_greater_prop -> rbt_greater_prop - tree_greater_simps -> rbt_greater_simps - tree_greater_trans -> rbt_greater_trans - tree_less_eq_trans -> rbt_less_eq_trans - tree_less_nit -> rbt_less_nit - tree_less_prop -> rbt_less_prop - tree_less_simps -> rbt_less_simps - tree_less_trans -> rbt_less_trans - tree_ord_props -> rbt_ord_props - union_Branch -> rbt_union_Branch - union_is_rbt -> rbt_union_is_rbt - unionw_is_rbt -> rbt_unionw_is_rbt - unionwk_is_rbt -> rbt_unionwk_is_rbt - unionwk_sorted -> rbt_unionwk_rbt_sorted - -* Theory HOL/Library/Float: Floating point numbers are now defined as -a subset of the real numbers. All operations are defined using the -lifing-framework and proofs use the transfer method. INCOMPATIBILITY. - - Changed Operations: - float_abs -> abs - float_nprt -> nprt - float_pprt -> pprt - pow2 -> use powr - round_down -> float_round_down - round_up -> float_round_up - scale -> exponent - - Removed Operations: - ceiling_fl, lb_mult, lb_mod, ub_mult, ub_mod - - Renamed Lemmas: - abs_float_def -> Float.compute_float_abs - bitlen_ge0 -> bitlen_nonneg - bitlen.simps -> Float.compute_bitlen - float_components -> Float_mantissa_exponent - float_divl.simps -> Float.compute_float_divl - float_divr.simps -> Float.compute_float_divr - float_eq_odd -> mult_powr_eq_mult_powr_iff - float_power -> real_of_float_power - lapprox_posrat_def -> Float.compute_lapprox_posrat - lapprox_rat.simps -> Float.compute_lapprox_rat - le_float_def' -> Float.compute_float_le - le_float_def -> less_eq_float.rep_eq - less_float_def' -> Float.compute_float_less - less_float_def -> less_float.rep_eq - normfloat_def -> Float.compute_normfloat - normfloat_imp_odd_or_zero -> mantissa_not_dvd and mantissa_noteq_0 - normfloat -> normfloat_def - normfloat_unique -> use normfloat_def - number_of_float_Float -> Float.compute_float_numeral, Float.compute_float_neg_numeral - one_float_def -> Float.compute_float_one - plus_float_def -> Float.compute_float_plus - rapprox_posrat_def -> Float.compute_rapprox_posrat - rapprox_rat.simps -> Float.compute_rapprox_rat - real_of_float_0 -> zero_float.rep_eq - real_of_float_1 -> one_float.rep_eq - real_of_float_abs -> abs_float.rep_eq - real_of_float_add -> plus_float.rep_eq - real_of_float_minus -> uminus_float.rep_eq - real_of_float_mult -> times_float.rep_eq - real_of_float_simp -> Float.rep_eq - real_of_float_sub -> minus_float.rep_eq - round_down.simps -> Float.compute_float_round_down - round_up.simps -> Float.compute_float_round_up - times_float_def -> Float.compute_float_times - uminus_float_def -> Float.compute_float_uminus - zero_float_def -> Float.compute_float_zero - - Lemmas not necessary anymore, use the transfer method: - bitlen_B0, bitlen_B1, bitlen_ge1, bitlen_Min, bitlen_Pls, float_divl, - float_divr, float_le_simp, float_less1_mantissa_bound, - float_less_simp, float_less_zero, float_le_zero, - float_pos_less1_e_neg, float_pos_m_pos, float_split, float_split2, - floor_pos_exp, lapprox_posrat, lapprox_posrat_bottom, lapprox_rat, - lapprox_rat_bottom, normalized_float, rapprox_posrat, - rapprox_posrat_le1, rapprox_rat, real_of_float_ge0_exp, - real_of_float_neg_exp, real_of_float_nge0_exp, round_down floor_fl, - round_up, zero_le_float, zero_less_float - -* New theory HOL/Library/DAList provides an abstract type for -association lists with distinct keys. - -* Session HOL/IMP: Added new theory of abstract interpretation of -annotated commands. - -* Session HOL-Import: Re-implementation from scratch is faster, -simpler, and more scalable. Requires a proof bundle, which is -available as an external component. Discontinued old (and mostly -dead) Importer for HOL4 and HOL Light. INCOMPATIBILITY. - -* Session HOL-Word: Discontinued many redundant theorems specific to -type 'a word. INCOMPATIBILITY, use the corresponding generic theorems -instead. - - word_sub_alt ~> word_sub_wi - word_add_alt ~> word_add_def - word_mult_alt ~> word_mult_def - word_minus_alt ~> word_minus_def - word_0_alt ~> word_0_wi - word_1_alt ~> word_1_wi - word_add_0 ~> add_0_left - word_add_0_right ~> add_0_right - word_mult_1 ~> mult_1_left - word_mult_1_right ~> mult_1_right - word_add_commute ~> add_commute - word_add_assoc ~> add_assoc - word_add_left_commute ~> add_left_commute - word_mult_commute ~> mult_commute - word_mult_assoc ~> mult_assoc - word_mult_left_commute ~> mult_left_commute - word_left_distrib ~> left_distrib - word_right_distrib ~> right_distrib - word_left_minus ~> left_minus - word_diff_0_right ~> diff_0_right - word_diff_self ~> diff_self - word_sub_def ~> diff_minus - word_diff_minus ~> diff_minus - word_add_ac ~> add_ac - word_mult_ac ~> mult_ac - word_plus_ac0 ~> add_0_left add_0_right add_ac - word_times_ac1 ~> mult_1_left mult_1_right mult_ac - word_order_trans ~> order_trans - word_order_refl ~> order_refl - word_order_antisym ~> order_antisym - word_order_linear ~> linorder_linear - lenw1_zero_neq_one ~> zero_neq_one - word_number_of_eq ~> number_of_eq - word_of_int_add_hom ~> wi_hom_add - word_of_int_sub_hom ~> wi_hom_sub - word_of_int_mult_hom ~> wi_hom_mult - word_of_int_minus_hom ~> wi_hom_neg - word_of_int_succ_hom ~> wi_hom_succ - word_of_int_pred_hom ~> wi_hom_pred - word_of_int_0_hom ~> word_0_wi - word_of_int_1_hom ~> word_1_wi - -* Session HOL-Word: New proof method "word_bitwise" for splitting -machine word equalities and inequalities into logical circuits, -defined in HOL/Word/WordBitwise.thy. Supports addition, subtraction, -multiplication, shifting by constants, bitwise operators and numeric -constants. Requires fixed-length word types, not 'a word. Solves -many standard word identities outright and converts more into first -order problems amenable to blast or similar. See also examples in -HOL/Word/Examples/WordExamples.thy. - -* Session HOL-Probability: Introduced the type "'a measure" to -represent measures, this replaces the records 'a algebra and 'a -measure_space. The locales based on subset_class now have two -locale-parameters the space \ and the set of measurable sets M. -The product of probability spaces uses now the same constant as the -finite product of sigma-finite measure spaces "PiM :: ('i => 'a) -measure". Most constants are defined now outside of locales and gain -an additional parameter, like null_sets, almost_eventually or \'. -Measure space constructions for distributions and densities now got -their own constants distr and density. Instead of using locales to -describe measure spaces with a finite space, the measure count_space -and point_measure is introduced. INCOMPATIBILITY. - - Renamed constants: - measure -> emeasure - finite_measure.\' -> measure - product_algebra_generator -> prod_algebra - product_prob_space.emb -> prod_emb - product_prob_space.infprod_algebra -> PiM - - Removed locales: - completeable_measure_space - finite_measure_space - finite_prob_space - finite_product_finite_prob_space - finite_product_sigma_algebra - finite_sigma_algebra - measure_space - pair_finite_prob_space - pair_finite_sigma_algebra - pair_finite_space - pair_sigma_algebra - product_sigma_algebra - - Removed constants: - conditional_space - distribution -> use distr measure, or distributed predicate - image_space - joint_distribution -> use distr measure, or distributed predicate - pair_measure_generator - product_prob_space.infprod_algebra -> use PiM - subvimage - - Replacement theorems: - finite_additivity_sufficient -> ring_of_sets.countably_additiveI_finite - finite_measure.empty_measure -> measure_empty - finite_measure.finite_continuity_from_above -> finite_measure.finite_Lim_measure_decseq - finite_measure.finite_continuity_from_below -> finite_measure.finite_Lim_measure_incseq - finite_measure.finite_measure_countably_subadditive -> finite_measure.finite_measure_subadditive_countably - finite_measure.finite_measure_eq -> finite_measure.emeasure_eq_measure - finite_measure.finite_measure -> finite_measure.emeasure_finite - finite_measure.finite_measure_finite_singleton -> finite_measure.finite_measure_eq_setsum_singleton - finite_measure.positive_measure' -> measure_nonneg - finite_measure.real_measure -> finite_measure.emeasure_real - finite_product_prob_space.finite_measure_times -> finite_product_prob_space.finite_measure_PiM_emb - finite_product_sigma_algebra.in_P -> sets_PiM_I_finite - finite_product_sigma_algebra.P_empty -> space_PiM_empty, sets_PiM_empty - information_space.conditional_entropy_eq -> information_space.conditional_entropy_simple_distributed - information_space.conditional_entropy_positive -> information_space.conditional_entropy_nonneg_simple - information_space.conditional_mutual_information_eq_mutual_information -> information_space.conditional_mutual_information_eq_mutual_information_simple - information_space.conditional_mutual_information_generic_positive -> information_space.conditional_mutual_information_nonneg_simple - information_space.conditional_mutual_information_positive -> information_space.conditional_mutual_information_nonneg_simple - information_space.entropy_commute -> information_space.entropy_commute_simple - information_space.entropy_eq -> information_space.entropy_simple_distributed - information_space.entropy_generic_eq -> information_space.entropy_simple_distributed - information_space.entropy_positive -> information_space.entropy_nonneg_simple - information_space.entropy_uniform_max -> information_space.entropy_uniform - information_space.KL_eq_0_imp -> information_space.KL_eq_0_iff_eq - information_space.KL_eq_0 -> information_space.KL_same_eq_0 - information_space.KL_ge_0 -> information_space.KL_nonneg - information_space.mutual_information_eq -> information_space.mutual_information_simple_distributed - information_space.mutual_information_positive -> information_space.mutual_information_nonneg_simple - Int_stable_cuboids -> Int_stable_atLeastAtMost - Int_stable_product_algebra_generator -> positive_integral - measure_preserving -> equality "distr M N f = N" "f : measurable M N" - measure_space.additive -> emeasure_additive - measure_space.AE_iff_null_set -> AE_iff_null - measure_space.almost_everywhere_def -> eventually_ae_filter - measure_space.almost_everywhere_vimage -> AE_distrD - measure_space.continuity_from_above -> INF_emeasure_decseq - measure_space.continuity_from_above_Lim -> Lim_emeasure_decseq - measure_space.continuity_from_below_Lim -> Lim_emeasure_incseq - measure_space.continuity_from_below -> SUP_emeasure_incseq - measure_space_density -> emeasure_density - measure_space.density_is_absolutely_continuous -> absolutely_continuousI_density - measure_space.integrable_vimage -> integrable_distr - measure_space.integral_translated_density -> integral_density - measure_space.integral_vimage -> integral_distr - measure_space.measure_additive -> plus_emeasure - measure_space.measure_compl -> emeasure_compl - measure_space.measure_countable_increasing -> emeasure_countable_increasing - measure_space.measure_countably_subadditive -> emeasure_subadditive_countably - measure_space.measure_decseq -> decseq_emeasure - measure_space.measure_Diff -> emeasure_Diff - measure_space.measure_Diff_null_set -> emeasure_Diff_null_set - measure_space.measure_eq_0 -> emeasure_eq_0 - measure_space.measure_finitely_subadditive -> emeasure_subadditive_finite - measure_space.measure_finite_singleton -> emeasure_eq_setsum_singleton - measure_space.measure_incseq -> incseq_emeasure - measure_space.measure_insert -> emeasure_insert - measure_space.measure_mono -> emeasure_mono - measure_space.measure_not_negative -> emeasure_not_MInf - measure_space.measure_preserving_Int_stable -> measure_eqI_generator_eq - measure_space.measure_setsum -> setsum_emeasure - measure_space.measure_setsum_split -> setsum_emeasure_cover - measure_space.measure_space_vimage -> emeasure_distr - measure_space.measure_subadditive_finite -> emeasure_subadditive_finite - measure_space.measure_subadditive -> subadditive - measure_space.measure_top -> emeasure_space - measure_space.measure_UN_eq_0 -> emeasure_UN_eq_0 - measure_space.measure_Un_null_set -> emeasure_Un_null_set - measure_space.positive_integral_translated_density -> positive_integral_density - measure_space.positive_integral_vimage -> positive_integral_distr - measure_space.real_continuity_from_above -> Lim_measure_decseq - measure_space.real_continuity_from_below -> Lim_measure_incseq - measure_space.real_measure_countably_subadditive -> measure_subadditive_countably - measure_space.real_measure_Diff -> measure_Diff - measure_space.real_measure_finite_Union -> measure_finite_Union - measure_space.real_measure_setsum_singleton -> measure_eq_setsum_singleton - measure_space.real_measure_subadditive -> measure_subadditive - measure_space.real_measure_Union -> measure_Union - measure_space.real_measure_UNION -> measure_UNION - measure_space.simple_function_vimage -> simple_function_comp - measure_space.simple_integral_vimage -> simple_integral_distr - measure_space.simple_integral_vimage -> simple_integral_distr - measure_unique_Int_stable -> measure_eqI_generator_eq - measure_unique_Int_stable_vimage -> measure_eqI_generator_eq - pair_sigma_algebra.measurable_cut_fst -> sets_Pair1 - pair_sigma_algebra.measurable_cut_snd -> sets_Pair2 - pair_sigma_algebra.measurable_pair_image_fst -> measurable_Pair1 - pair_sigma_algebra.measurable_pair_image_snd -> measurable_Pair2 - pair_sigma_algebra.measurable_product_swap -> measurable_pair_swap_iff - pair_sigma_algebra.pair_sigma_algebra_measurable -> measurable_pair_swap - pair_sigma_algebra.pair_sigma_algebra_swap_measurable -> measurable_pair_swap' - pair_sigma_algebra.sets_swap -> sets_pair_swap - pair_sigma_finite.measure_cut_measurable_fst -> pair_sigma_finite.measurable_emeasure_Pair1 - pair_sigma_finite.measure_cut_measurable_snd -> pair_sigma_finite.measurable_emeasure_Pair2 - pair_sigma_finite.measure_preserving_swap -> pair_sigma_finite.distr_pair_swap - pair_sigma_finite.pair_measure_alt2 -> pair_sigma_finite.emeasure_pair_measure_alt2 - pair_sigma_finite.pair_measure_alt -> pair_sigma_finite.emeasure_pair_measure_alt - pair_sigma_finite.pair_measure_times -> pair_sigma_finite.emeasure_pair_measure_Times - prob_space.indep_distribution_eq_measure -> prob_space.indep_vars_iff_distr_eq_PiM - prob_space.indep_var_distributionD -> prob_space.indep_var_distribution_eq - prob_space.measure_space_1 -> prob_space.emeasure_space_1 - prob_space.prob_space_vimage -> prob_space_distr - prob_space.random_variable_restrict -> measurable_restrict - prob_space_unique_Int_stable -> measure_eqI_prob_space - product_algebraE -> prod_algebraE_all - product_algebra_generator_der -> prod_algebra_eq_finite - product_algebra_generator_into_space -> prod_algebra_sets_into_space - product_algebraI -> sets_PiM_I_finite - product_measure_exists -> product_sigma_finite.sigma_finite - product_prob_space.finite_index_eq_finite_product -> product_prob_space.sets_PiM_generator - product_prob_space.finite_measure_infprod_emb_Pi -> product_prob_space.measure_PiM_emb - product_prob_space.infprod_spec -> product_prob_space.emeasure_PiM_emb_not_empty - product_prob_space.measurable_component -> measurable_component_singleton - product_prob_space.measurable_emb -> measurable_prod_emb - product_prob_space.measurable_into_infprod_algebra -> measurable_PiM_single - product_prob_space.measurable_singleton_infprod -> measurable_component_singleton - product_prob_space.measure_emb -> emeasure_prod_emb - product_prob_space.measure_preserving_restrict -> product_prob_space.distr_restrict - product_sigma_algebra.product_algebra_into_space -> space_closed - product_sigma_finite.measure_fold -> product_sigma_finite.distr_merge - product_sigma_finite.measure_preserving_component_singelton -> product_sigma_finite.distr_singleton - product_sigma_finite.measure_preserving_merge -> product_sigma_finite.distr_merge - sequence_space.measure_infprod -> sequence_space.measure_PiM_countable - sets_product_algebra -> sets_PiM - sigma_algebra.measurable_sigma -> measurable_measure_of - sigma_finite_measure.disjoint_sigma_finite -> sigma_finite_disjoint - sigma_finite_measure.RN_deriv_vimage -> sigma_finite_measure.RN_deriv_distr - sigma_product_algebra_sigma_eq -> sigma_prod_algebra_sigma_eq - space_product_algebra -> space_PiM - -* Session HOL-TPTP: support to parse and import TPTP problems (all -languages) into Isabelle/HOL. - - -*** FOL *** - -* New "case_product" attribute (see HOL). - - -*** ZF *** - -* Greater support for structured proofs involving induction or case -analysis. - -* Much greater use of mathematical symbols. - -* Removal of many ML theorem bindings. INCOMPATIBILITY. - - -*** ML *** - -* Antiquotation @{keyword "name"} produces a parser for outer syntax -from a minor keyword introduced via theory header declaration. - -* Antiquotation @{command_spec "name"} produces the -Outer_Syntax.command_spec from a major keyword introduced via theory -header declaration; it can be passed to Outer_Syntax.command etc. - -* Local_Theory.define no longer hard-wires default theorem name -"foo_def", but retains the binding as given. If that is Binding.empty -/ Attrib.empty_binding, the result is not registered as user-level -fact. The Local_Theory.define_internal variant allows to specify a -non-empty name (used for the foundation in the background theory), -while omitting the fact binding in the user-context. Potential -INCOMPATIBILITY for derived definitional packages: need to specify -naming policy for primitive definitions more explicitly. - -* Renamed Thm.capply to Thm.apply, and Thm.cabs to Thm.lambda in -conformance with similar operations in structure Term and Logic. - -* Antiquotation @{attributes [...]} embeds attribute source -representation into the ML text, which is particularly useful with -declarations like Local_Theory.note. - -* Structure Proof_Context follows standard naming scheme. Old -ProofContext has been discontinued. INCOMPATIBILITY. - -* Refined Local_Theory.declaration {syntax, pervasive}, with subtle -change of semantics: update is applied to auxiliary local theory -context as well. - -* Modernized some old-style infix operations: - - addeqcongs ~> Simplifier.add_eqcong - deleqcongs ~> Simplifier.del_eqcong - addcongs ~> Simplifier.add_cong - delcongs ~> Simplifier.del_cong - setmksimps ~> Simplifier.set_mksimps - setmkcong ~> Simplifier.set_mkcong - setmksym ~> Simplifier.set_mksym - setmkeqTrue ~> Simplifier.set_mkeqTrue - settermless ~> Simplifier.set_termless - setsubgoaler ~> Simplifier.set_subgoaler - addsplits ~> Splitter.add_split - delsplits ~> Splitter.del_split - - -*** System *** - -* USER_HOME settings variable points to cross-platform user home -directory, which coincides with HOME on POSIX systems only. Likewise, -the Isabelle path specification "~" now expands to $USER_HOME, instead -of former $HOME. A different default for USER_HOME may be set -explicitly in shell environment, before Isabelle settings are -evaluated. Minor INCOMPATIBILITY: need to adapt Isabelle path where -the generic user home was intended. - -* ISABELLE_HOME_WINDOWS refers to ISABELLE_HOME in windows file name -notation, which is useful for the jEdit file browser, for example. - -* ISABELLE_JDK_HOME settings variable points to JDK with javac and jar -(not just JRE). - - - -New in Isabelle2011-1 (October 2011) ------------------------------------- - -*** General *** - -* Improved Isabelle/jEdit Prover IDE (PIDE), which can be invoked as -"isabelle jedit" or "ISABELLE_HOME/Isabelle" on the command line. - - - Management of multiple theory files directly from the editor - buffer store -- bypassing the file-system (no requirement to save - files for checking). - - - Markup of formal entities within the text buffer, with semantic - highlighting, tooltips and hyperlinks to jump to defining source - positions. - - - Improved text rendering, with sub/superscripts in the source - buffer (including support for copy/paste wrt. output panel, HTML - theory output and other non-Isabelle text boxes). - - - Refined scheduling of proof checking and printing of results, - based on interactive editor view. (Note: jEdit folding and - narrowing allows to restrict buffer perspectives explicitly.) - - - Reduced CPU performance requirements, usable on machines with few - cores. - - - Reduced memory requirements due to pruning of unused document - versions (garbage collection). - -See also ~~/src/Tools/jEdit/README.html for further information, -including some remaining limitations. - -* Theory loader: source files are exclusively located via the master -directory of each theory node (where the .thy file itself resides). -The global load path (such as src/HOL/Library) has been discontinued. -Note that the path element ~~ may be used to reference theories in the -Isabelle home folder -- for instance, "~~/src/HOL/Library/FuncSet". -INCOMPATIBILITY. - -* Theory loader: source files are identified by content via SHA1 -digests. Discontinued former path/modtime identification and optional -ISABELLE_FILE_IDENT plugin scripts. - -* Parallelization of nested Isar proofs is subject to -Goal.parallel_proofs_threshold (default 100). See also isabelle -usedir option -Q. - -* Name space: former unsynchronized references are now proper -configuration options, with more conventional names: - - long_names ~> names_long - short_names ~> names_short - unique_names ~> names_unique - -Minor INCOMPATIBILITY, need to declare options in context like this: - - declare [[names_unique = false]] - -* Literal facts `prop` may contain dummy patterns, e.g. `_ = _`. Note -that the result needs to be unique, which means fact specifications -may have to be refined after enriching a proof context. - -* Attribute "case_names" has been refined: the assumptions in each case -can be named now by following the case name with [name1 name2 ...]. - -* Isabelle/Isar reference manual has been updated and extended: - - "Synopsis" provides a catalog of main Isar language concepts. - - Formal references in syntax diagrams, via @{rail} antiquotation. - - Updated material from classic "ref" manual, notably about - "Classical Reasoner". - - -*** HOL *** - -* Class bot and top require underlying partial order rather than -preorder: uniqueness of bot and top is guaranteed. INCOMPATIBILITY. - -* Class complete_lattice: generalized a couple of lemmas from sets; -generalized theorems INF_cong and SUP_cong. New type classes for -complete boolean algebras and complete linear orders. Lemmas -Inf_less_iff, less_Sup_iff, INF_less_iff, less_SUP_iff now reside in -class complete_linorder. - -Changed proposition of lemmas Inf_bool_def, Sup_bool_def, Inf_fun_def, -Sup_fun_def, Inf_apply, Sup_apply. - -Removed redundant lemmas (the right hand side gives hints how to -replace them for (metis ...), or (simp only: ...) proofs): - - Inf_singleton ~> Inf_insert [where A="{}", unfolded Inf_empty inf_top_right] - Sup_singleton ~> Sup_insert [where A="{}", unfolded Sup_empty sup_bot_right] - Inf_binary ~> Inf_insert, Inf_empty, and inf_top_right - Sup_binary ~> Sup_insert, Sup_empty, and sup_bot_right - Int_eq_Inter ~> Inf_insert, Inf_empty, and inf_top_right - Un_eq_Union ~> Sup_insert, Sup_empty, and sup_bot_right - Inter_def ~> INF_def, image_def - Union_def ~> SUP_def, image_def - INT_eq ~> INF_def, and image_def - UN_eq ~> SUP_def, and image_def - INF_subset ~> INF_superset_mono [OF _ order_refl] - -More consistent and comprehensive names: - - INTER_eq_Inter_image ~> INF_def - UNION_eq_Union_image ~> SUP_def - INFI_def ~> INF_def - SUPR_def ~> SUP_def - INF_leI ~> INF_lower - INF_leI2 ~> INF_lower2 - le_INFI ~> INF_greatest - le_SUPI ~> SUP_upper - le_SUPI2 ~> SUP_upper2 - SUP_leI ~> SUP_least - INFI_bool_eq ~> INF_bool_eq - SUPR_bool_eq ~> SUP_bool_eq - INFI_apply ~> INF_apply - SUPR_apply ~> SUP_apply - INTER_def ~> INTER_eq - UNION_def ~> UNION_eq - -INCOMPATIBILITY. - -* Renamed theory Complete_Lattice to Complete_Lattices. -INCOMPATIBILITY. - -* Theory Complete_Lattices: lemmas Inf_eq_top_iff, INF_eq_top_iff, -INF_image, Inf_insert, INF_top, Inf_top_conv, INF_top_conv, SUP_bot, -Sup_bot_conv, SUP_bot_conv, Sup_eq_top_iff, SUP_eq_top_iff, SUP_image, -Sup_insert are now declared as [simp]. INCOMPATIBILITY. - -* Theory Lattice: lemmas compl_inf_bot, compl_le_comp_iff, -compl_sup_top, inf_idem, inf_left_idem, inf_sup_absorb, sup_idem, -sup_inf_absob, sup_left_idem are now declared as [simp]. Minor -INCOMPATIBILITY. - -* Added syntactic classes "inf" and "sup" for the respective -constants. INCOMPATIBILITY: Changes in the argument order of the -(mostly internal) locale predicates for some derived classes. - -* Theorem collections ball_simps and bex_simps do not contain theorems -referring to UNION any longer; these have been moved to collection -UN_ball_bex_simps. INCOMPATIBILITY. - -* Theory Archimedean_Field: floor now is defined as parameter of a -separate type class floor_ceiling. - -* Theory Finite_Set: more coherent development of fold_set locales: - - locale fun_left_comm ~> locale comp_fun_commute - locale fun_left_comm_idem ~> locale comp_fun_idem - -Both use point-free characterization; interpretation proofs may need -adjustment. INCOMPATIBILITY. - -* Theory Limits: Type "'a net" has been renamed to "'a filter", in -accordance with standard mathematical terminology. INCOMPATIBILITY. - -* Theory Complex_Main: The locale interpretations for the -bounded_linear and bounded_bilinear locales have been removed, in -order to reduce the number of duplicate lemmas. Users must use the -original names for distributivity theorems, potential INCOMPATIBILITY. - - divide.add ~> add_divide_distrib - divide.diff ~> diff_divide_distrib - divide.setsum ~> setsum_divide_distrib - mult.add_right ~> right_distrib - mult.diff_right ~> right_diff_distrib - mult_right.setsum ~> setsum_right_distrib - mult_left.diff ~> left_diff_distrib - -* Theory Complex_Main: Several redundant theorems have been removed or -replaced by more general versions. INCOMPATIBILITY. - - real_diff_def ~> minus_real_def - real_divide_def ~> divide_real_def - real_less_def ~> less_le - real_abs_def ~> abs_real_def - real_sgn_def ~> sgn_real_def - real_mult_commute ~> mult_commute - real_mult_assoc ~> mult_assoc - real_mult_1 ~> mult_1_left - real_add_mult_distrib ~> left_distrib - real_zero_not_eq_one ~> zero_neq_one - real_mult_inverse_left ~> left_inverse - INVERSE_ZERO ~> inverse_zero - real_le_refl ~> order_refl - real_le_antisym ~> order_antisym - real_le_trans ~> order_trans - real_le_linear ~> linear - real_le_eq_diff ~> le_iff_diff_le_0 - real_add_left_mono ~> add_left_mono - real_mult_order ~> mult_pos_pos - real_mult_less_mono2 ~> mult_strict_left_mono - real_of_int_real_of_nat ~> real_of_int_of_nat_eq - real_0_le_divide_iff ~> zero_le_divide_iff - realpow_two_disj ~> power2_eq_iff - real_squared_diff_one_factored ~> square_diff_one_factored - realpow_two_diff ~> square_diff_square_factored - reals_complete2 ~> complete_real - real_sum_squared_expand ~> power2_sum - exp_ln_eq ~> ln_unique - expi_add ~> exp_add - expi_zero ~> exp_zero - lemma_DERIV_subst ~> DERIV_cong - LIMSEQ_Zfun_iff ~> tendsto_Zfun_iff - LIMSEQ_const ~> tendsto_const - LIMSEQ_norm ~> tendsto_norm - LIMSEQ_add ~> tendsto_add - LIMSEQ_minus ~> tendsto_minus - LIMSEQ_minus_cancel ~> tendsto_minus_cancel - LIMSEQ_diff ~> tendsto_diff - bounded_linear.LIMSEQ ~> bounded_linear.tendsto - bounded_bilinear.LIMSEQ ~> bounded_bilinear.tendsto - LIMSEQ_mult ~> tendsto_mult - LIMSEQ_inverse ~> tendsto_inverse - LIMSEQ_divide ~> tendsto_divide - LIMSEQ_pow ~> tendsto_power - LIMSEQ_setsum ~> tendsto_setsum - LIMSEQ_setprod ~> tendsto_setprod - LIMSEQ_norm_zero ~> tendsto_norm_zero_iff - LIMSEQ_rabs_zero ~> tendsto_rabs_zero_iff - LIMSEQ_imp_rabs ~> tendsto_rabs - LIMSEQ_add_minus ~> tendsto_add [OF _ tendsto_minus] - LIMSEQ_add_const ~> tendsto_add [OF _ tendsto_const] - LIMSEQ_diff_const ~> tendsto_diff [OF _ tendsto_const] - LIMSEQ_Complex ~> tendsto_Complex - LIM_ident ~> tendsto_ident_at - LIM_const ~> tendsto_const - LIM_add ~> tendsto_add - LIM_add_zero ~> tendsto_add_zero - LIM_minus ~> tendsto_minus - LIM_diff ~> tendsto_diff - LIM_norm ~> tendsto_norm - LIM_norm_zero ~> tendsto_norm_zero - LIM_norm_zero_cancel ~> tendsto_norm_zero_cancel - LIM_norm_zero_iff ~> tendsto_norm_zero_iff - LIM_rabs ~> tendsto_rabs - LIM_rabs_zero ~> tendsto_rabs_zero - LIM_rabs_zero_cancel ~> tendsto_rabs_zero_cancel - LIM_rabs_zero_iff ~> tendsto_rabs_zero_iff - LIM_compose ~> tendsto_compose - LIM_mult ~> tendsto_mult - LIM_scaleR ~> tendsto_scaleR - LIM_of_real ~> tendsto_of_real - LIM_power ~> tendsto_power - LIM_inverse ~> tendsto_inverse - LIM_sgn ~> tendsto_sgn - isCont_LIM_compose ~> isCont_tendsto_compose - bounded_linear.LIM ~> bounded_linear.tendsto - bounded_linear.LIM_zero ~> bounded_linear.tendsto_zero - bounded_bilinear.LIM ~> bounded_bilinear.tendsto - bounded_bilinear.LIM_prod_zero ~> bounded_bilinear.tendsto_zero - bounded_bilinear.LIM_left_zero ~> bounded_bilinear.tendsto_left_zero - bounded_bilinear.LIM_right_zero ~> bounded_bilinear.tendsto_right_zero - LIM_inverse_fun ~> tendsto_inverse [OF tendsto_ident_at] - -* Theory Complex_Main: The definition of infinite series was -generalized. Now it is defined on the type class {topological_space, -comm_monoid_add}. Hence it is useable also for extended real numbers. - -* Theory Complex_Main: The complex exponential function "expi" is now -a type-constrained abbreviation for "exp :: complex => complex"; thus -several polymorphic lemmas about "exp" are now applicable to "expi". - -* Code generation: - - - Theory Library/Code_Char_ord provides native ordering of - characters in the target language. - - - Commands code_module and code_library are legacy, use export_code - instead. - - - Method "evaluation" is legacy, use method "eval" instead. - - - Legacy evaluator "SML" is deactivated by default. May be - reactivated by the following theory command: - - setup {* Value.add_evaluator ("SML", Codegen.eval_term) *} - -* Declare ext [intro] by default. Rare INCOMPATIBILITY. - -* New proof method "induction" that gives induction hypotheses the -name "IH", thus distinguishing them from further hypotheses that come -from rule induction. The latter are still called "hyps". Method -"induction" is a thin wrapper around "induct" and follows the same -syntax. - -* Method "fastsimp" has been renamed to "fastforce", but "fastsimp" is -still available as a legacy feature for some time. - -* Nitpick: - - Added "need" and "total_consts" options. - - Reintroduced "show_skolems" option by popular demand. - - Renamed attribute: nitpick_def ~> nitpick_unfold. - INCOMPATIBILITY. - -* Sledgehammer: - - Use quasi-sound (and efficient) translations by default. - - Added support for the following provers: E-ToFoF, LEO-II, - Satallax, SNARK, Waldmeister, and Z3 with TPTP syntax. - - Automatically preplay and minimize proofs before showing them if - this can be done within reasonable time. - - sledgehammer available_provers ~> sledgehammer supported_provers. - INCOMPATIBILITY. - - Added "preplay_timeout", "slicing", "type_enc", "sound", - "max_mono_iters", and "max_new_mono_instances" options. - - Removed "explicit_apply" and "full_types" options as well as "Full - Types" Proof General menu item. INCOMPATIBILITY. - -* Metis: - - Removed "metisF" -- use "metis" instead. INCOMPATIBILITY. - - Obsoleted "metisFT" -- use "metis (full_types)" instead. - INCOMPATIBILITY. - -* Command 'try': - - Renamed 'try_methods' and added "simp:", "intro:", "dest:", and - "elim:" options. INCOMPATIBILITY. - - Introduced 'try' that not only runs 'try_methods' but also - 'solve_direct', 'sledgehammer', 'quickcheck', and 'nitpick'. - -* Quickcheck: - - Added "eval" option to evaluate terms for the found counterexample - (currently only supported by the default (exhaustive) tester). - - Added post-processing of terms to obtain readable counterexamples - (currently only supported by the default (exhaustive) tester). - - New counterexample generator quickcheck[narrowing] enables - narrowing-based testing. Requires the Glasgow Haskell compiler - with its installation location defined in the Isabelle settings - environment as ISABELLE_GHC. - - Removed quickcheck tester "SML" based on the SML code generator - (formly in HOL/Library). - -* Function package: discontinued option "tailrec". INCOMPATIBILITY, -use 'partial_function' instead. - -* Theory Library/Extended_Reals replaces now the positive extended -reals found in probability theory. This file is extended by -Multivariate_Analysis/Extended_Real_Limits. - -* Theory Library/Old_Recdef: old 'recdef' package has been moved here, -from where it must be imported explicitly if it is really required. -INCOMPATIBILITY. - -* Theory Library/Wfrec: well-founded recursion combinator "wfrec" has -been moved here. INCOMPATIBILITY. - -* Theory Library/Saturated provides type of numbers with saturated -arithmetic. - -* Theory Library/Product_Lattice defines a pointwise ordering for the -product type 'a * 'b, and provides instance proofs for various order -and lattice type classes. - -* Theory Library/Countable now provides the "countable_datatype" proof -method for proving "countable" class instances for datatypes. - -* Theory Library/Cset_Monad allows do notation for computable sets -(cset) via the generic monad ad-hoc overloading facility. - -* Library: Theories of common data structures are split into theories -for implementation, an invariant-ensuring type, and connection to an -abstract type. INCOMPATIBILITY. - - - RBT is split into RBT and RBT_Mapping. - - AssocList is split and renamed into AList and AList_Mapping. - - DList is split into DList_Impl, DList, and DList_Cset. - - Cset is split into Cset and List_Cset. - -* Theory Library/Nat_Infinity has been renamed to -Library/Extended_Nat, with name changes of the following types and -constants: - - type inat ~> type enat - Fin ~> enat - Infty ~> infinity (overloaded) - iSuc ~> eSuc - the_Fin ~> the_enat - -Every theorem name containing "inat", "Fin", "Infty", or "iSuc" has -been renamed accordingly. INCOMPATIBILITY. - -* Session Multivariate_Analysis: The euclidean_space type class now -fixes a constant "Basis :: 'a set" consisting of the standard -orthonormal basis for the type. Users now have the option of -quantifying over this set instead of using the "basis" function, e.g. -"ALL x:Basis. P x" vs "ALL i vec_eq_iff - dist_nth_le_cart ~> dist_vec_nth_le - tendsto_vector ~> vec_tendstoI - Cauchy_vector ~> vec_CauchyI - -* Session Multivariate_Analysis: Several duplicate theorems have been -removed, and other theorems have been renamed or replaced with more -general versions. INCOMPATIBILITY. - - finite_choice ~> finite_set_choice - eventually_conjI ~> eventually_conj - eventually_and ~> eventually_conj_iff - eventually_false ~> eventually_False - setsum_norm ~> norm_setsum - Lim_sequentially ~> LIMSEQ_def - Lim_ident_at ~> LIM_ident - Lim_const ~> tendsto_const - Lim_cmul ~> tendsto_scaleR [OF tendsto_const] - Lim_neg ~> tendsto_minus - Lim_add ~> tendsto_add - Lim_sub ~> tendsto_diff - Lim_mul ~> tendsto_scaleR - Lim_vmul ~> tendsto_scaleR [OF _ tendsto_const] - Lim_null_norm ~> tendsto_norm_zero_iff [symmetric] - Lim_linear ~> bounded_linear.tendsto - Lim_component ~> tendsto_euclidean_component - Lim_component_cart ~> tendsto_vec_nth - Lim_inner ~> tendsto_inner [OF tendsto_const] - dot_lsum ~> inner_setsum_left - dot_rsum ~> inner_setsum_right - continuous_cmul ~> continuous_scaleR [OF continuous_const] - continuous_neg ~> continuous_minus - continuous_sub ~> continuous_diff - continuous_vmul ~> continuous_scaleR [OF _ continuous_const] - continuous_mul ~> continuous_scaleR - continuous_inv ~> continuous_inverse - continuous_at_within_inv ~> continuous_at_within_inverse - continuous_at_inv ~> continuous_at_inverse - continuous_at_norm ~> continuous_norm [OF continuous_at_id] - continuous_at_infnorm ~> continuous_infnorm [OF continuous_at_id] - continuous_at_component ~> continuous_component [OF continuous_at_id] - continuous_on_neg ~> continuous_on_minus - continuous_on_sub ~> continuous_on_diff - continuous_on_cmul ~> continuous_on_scaleR [OF continuous_on_const] - continuous_on_vmul ~> continuous_on_scaleR [OF _ continuous_on_const] - continuous_on_mul ~> continuous_on_scaleR - continuous_on_mul_real ~> continuous_on_mult - continuous_on_inner ~> continuous_on_inner [OF continuous_on_const] - continuous_on_norm ~> continuous_on_norm [OF continuous_on_id] - continuous_on_inverse ~> continuous_on_inv - uniformly_continuous_on_neg ~> uniformly_continuous_on_minus - uniformly_continuous_on_sub ~> uniformly_continuous_on_diff - subset_interior ~> interior_mono - subset_closure ~> closure_mono - closure_univ ~> closure_UNIV - real_arch_lt ~> reals_Archimedean2 - real_arch ~> reals_Archimedean3 - real_abs_norm ~> abs_norm_cancel - real_abs_sub_norm ~> norm_triangle_ineq3 - norm_cauchy_schwarz_abs ~> Cauchy_Schwarz_ineq2 - -* Session HOL-Probability: - - Caratheodory's extension lemma is now proved for ring_of_sets. - - Infinite products of probability measures are now available. - - Sigma closure is independent, if the generator is independent - - Use extended reals instead of positive extended - reals. INCOMPATIBILITY. - -* Session HOLCF: Discontinued legacy theorem names, INCOMPATIBILITY. - - expand_fun_below ~> fun_below_iff - below_fun_ext ~> fun_belowI - expand_cfun_eq ~> cfun_eq_iff - ext_cfun ~> cfun_eqI - expand_cfun_below ~> cfun_below_iff - below_cfun_ext ~> cfun_belowI - monofun_fun_fun ~> fun_belowD - monofun_fun_arg ~> monofunE - monofun_lub_fun ~> adm_monofun [THEN admD] - cont_lub_fun ~> adm_cont [THEN admD] - cont2cont_Rep_CFun ~> cont2cont_APP - cont_Rep_CFun_app ~> cont_APP_app - cont_Rep_CFun_app_app ~> cont_APP_app_app - cont_cfun_fun ~> cont_Rep_cfun1 [THEN contE] - cont_cfun_arg ~> cont_Rep_cfun2 [THEN contE] - contlub_cfun ~> lub_APP [symmetric] - contlub_LAM ~> lub_LAM [symmetric] - thelubI ~> lub_eqI - UU_I ~> bottomI - lift_distinct1 ~> lift.distinct(1) - lift_distinct2 ~> lift.distinct(2) - Def_not_UU ~> lift.distinct(2) - Def_inject ~> lift.inject - below_UU_iff ~> below_bottom_iff - eq_UU_iff ~> eq_bottom_iff - - -*** Document preparation *** - -* Antiquotation @{rail} layouts railroad syntax diagrams, see also -isar-ref manual, both for description and actual application of the -same. - -* Antiquotation @{value} evaluates the given term and presents its -result. - -* Antiquotations: term style "isub" provides ad-hoc conversion of -variables x1, y23 into subscripted form x\<^isub>1, -y\<^isub>2\<^isub>3. - -* Predefined LaTeX macros for Isabelle symbols \ and \ -(e.g. see ~~/src/HOL/Library/Monad_Syntax.thy). - -* Localized \isabellestyle switch can be used within blocks or groups -like this: - - \isabellestyle{it} %preferred default - {\isabellestylett @{text "typewriter stuff"}} - -* Discontinued special treatment of hard tabulators. Implicit -tab-width is now defined as 1. Potential INCOMPATIBILITY for visual -layouts. - - -*** ML *** - -* The inner syntax of sort/type/term/prop supports inlined YXML -representations within quoted string tokens. By encoding logical -entities via Term_XML (in ML or Scala) concrete syntax can be -bypassed, which is particularly useful for producing bits of text -under external program control. - -* Antiquotations for ML and document preparation are managed as theory -data, which requires explicit setup. - -* Isabelle_Process.is_active allows tools to check if the official -process wrapper is running (Isabelle/Scala/jEdit) or the old TTY loop -(better known as Proof General). - -* Structure Proof_Context follows standard naming scheme. Old -ProofContext is still available for some time as legacy alias. - -* Structure Timing provides various operations for timing; supersedes -former start_timing/end_timing etc. - -* Path.print is the official way to show file-system paths to users -(including quotes etc.). - -* Inner syntax: identifiers in parse trees of generic categories -"logic", "aprop", "idt" etc. carry position information (disguised as -type constraints). Occasional INCOMPATIBILITY with non-compliant -translations that choke on unexpected type constraints. Positions can -be stripped in ML translations via Syntax.strip_positions / -Syntax.strip_positions_ast, or via the syntax constant -"_strip_positions" within parse trees. As last resort, positions can -be disabled via the configuration option Syntax.positions, which is -called "syntax_positions" in Isar attribute syntax. - -* Discontinued special status of various ML structures that contribute -to structure Syntax (Ast, Lexicon, Mixfix, Parser, Printer etc.): less -pervasive content, no inclusion in structure Syntax. INCOMPATIBILITY, -refer directly to Ast.Constant, Lexicon.is_identifier, -Syntax_Trans.mk_binder_tr etc. - -* Typed print translation: discontinued show_sorts argument, which is -already available via context of "advanced" translation. - -* Refined PARALLEL_GOALS tactical: degrades gracefully for schematic -goal states; body tactic needs to address all subgoals uniformly. - -* Slightly more special eq_list/eq_set, with shortcut involving -pointer equality (assumes that eq relation is reflexive). - -* Classical tactics use proper Proof.context instead of historic types -claset/clasimpset. Old-style declarations like addIs, addEs, addDs -operate directly on Proof.context. Raw type claset retains its use as -snapshot of the classical context, which can be recovered via -(put_claset HOL_cs) etc. Type clasimpset has been discontinued. -INCOMPATIBILITY, classical tactics and derived proof methods require -proper Proof.context. - - -*** System *** - -* Discontinued support for Poly/ML 5.2, which was the last version -without proper multithreading and TimeLimit implementation. - -* Discontinued old lib/scripts/polyml-platform, which has been -obsolete since Isabelle2009-2. - -* Various optional external tools are referenced more robustly and -uniformly by explicit Isabelle settings as follows: - - ISABELLE_CSDP (formerly CSDP_EXE) - ISABELLE_GHC (formerly EXEC_GHC or GHC_PATH) - ISABELLE_OCAML (formerly EXEC_OCAML) - ISABELLE_SWIPL (formerly EXEC_SWIPL) - ISABELLE_YAP (formerly EXEC_YAP) - -Note that automated detection from the file-system or search path has -been discontinued. INCOMPATIBILITY. - -* Scala layer provides JVM method invocation service for static -methods of type (String)String, see Invoke_Scala.method in ML. For -example: - - Invoke_Scala.method "java.lang.System.getProperty" "java.home" - -Together with YXML.string_of_body/parse_body and XML.Encode/Decode -this allows to pass structured values between ML and Scala. - -* The IsabelleText fonts includes some further glyphs to support the -Prover IDE. Potential INCOMPATIBILITY: users who happen to have -installed a local copy (which is normally *not* required) need to -delete or update it from ~~/lib/fonts/. - - - -New in Isabelle2011 (January 2011) ----------------------------------- - -*** General *** - -* Experimental Prover IDE based on Isabelle/Scala and jEdit (see -src/Tools/jEdit). This also serves as IDE for Isabelle/ML, with -useful tooltips and hyperlinks produced from its static analysis. The -bundled component provides an executable Isabelle tool that can be run -like this: - - Isabelle2011/bin/isabelle jedit - -* Significantly improved Isabelle/Isar implementation manual. - -* System settings: ISABELLE_HOME_USER now includes ISABELLE_IDENTIFIER -(and thus refers to something like $HOME/.isabelle/Isabelle2011), -while the default heap location within that directory lacks that extra -suffix. This isolates multiple Isabelle installations from each -other, avoiding problems with old settings in new versions. -INCOMPATIBILITY, need to copy/upgrade old user settings manually. - -* Source files are always encoded as UTF-8, instead of old-fashioned -ISO-Latin-1. INCOMPATIBILITY. Isabelle LaTeX documents might require -the following package declarations: - - \usepackage[utf8]{inputenc} - \usepackage{textcomp} - -* Explicit treatment of UTF-8 sequences as Isabelle symbols, such that -a Unicode character is treated as a single symbol, not a sequence of -non-ASCII bytes as before. Since Isabelle/ML string literals may -contain symbols without further backslash escapes, Unicode can now be -used here as well. Recall that Symbol.explode in ML provides a -consistent view on symbols, while raw explode (or String.explode) -merely give a byte-oriented representation. - -* Theory loader: source files are primarily located via the master -directory of each theory node (where the .thy file itself resides). -The global load path is still partially available as legacy feature. -Minor INCOMPATIBILITY due to subtle change in file lookup: use -explicit paths, relatively to the theory. - -* Special treatment of ML file names has been discontinued. -Historically, optional extensions .ML or .sml were added on demand -- -at the cost of clarity of file dependencies. Recall that Isabelle/ML -files exclusively use the .ML extension. Minor INCOMPATIBILITY. - -* Various options that affect pretty printing etc. are now properly -handled within the context via configuration options, instead of -unsynchronized references or print modes. There are both ML Config.T -entities and Isar declaration attributes to access these. - - ML (Config.T) Isar (attribute) - - eta_contract eta_contract - show_brackets show_brackets - show_sorts show_sorts - show_types show_types - show_question_marks show_question_marks - show_consts show_consts - show_abbrevs show_abbrevs - - Syntax.ast_trace syntax_ast_trace - Syntax.ast_stat syntax_ast_stat - Syntax.ambiguity_level syntax_ambiguity_level - - Goal_Display.goals_limit goals_limit - Goal_Display.show_main_goal show_main_goal - - Method.rule_trace rule_trace - - Thy_Output.display thy_output_display - Thy_Output.quotes thy_output_quotes - Thy_Output.indent thy_output_indent - Thy_Output.source thy_output_source - Thy_Output.break thy_output_break - -Note that corresponding "..._default" references in ML may only be -changed globally at the ROOT session setup, but *not* within a theory. -The option "show_abbrevs" supersedes the former print mode -"no_abbrevs" with inverted meaning. - -* More systematic naming of some configuration options. -INCOMPATIBILITY. - - trace_simp ~> simp_trace - debug_simp ~> simp_debug - -* Support for real valued configuration options, using simplistic -floating-point notation that coincides with the inner syntax for -float_token. - -* Support for real valued preferences (with approximative PGIP type): -front-ends need to accept "pgint" values in float notation. -INCOMPATIBILITY. - -* The IsabelleText font now includes Cyrillic, Hebrew, Arabic from -DejaVu Sans. - -* Discontinued support for Poly/ML 5.0 and 5.1 versions. - - -*** Pure *** - -* Command 'type_synonym' (with single argument) replaces somewhat -outdated 'types', which is still available as legacy feature for some -time. - -* Command 'nonterminal' (with 'and' separated list of arguments) -replaces somewhat outdated 'nonterminals'. INCOMPATIBILITY. - -* Command 'notepad' replaces former 'example_proof' for -experimentation in Isar without any result. INCOMPATIBILITY. - -* Locale interpretation commands 'interpret' and 'sublocale' accept -lists of equations to map definitions in a locale to appropriate -entities in the context of the interpretation. The 'interpretation' -command already provided this functionality. - -* Diagnostic command 'print_dependencies' prints the locale instances -that would be activated if the specified expression was interpreted in -the current context. Variant "print_dependencies!" assumes a context -without interpretations. - -* Diagnostic command 'print_interps' prints interpretations in proofs -in addition to interpretations in theories. - -* Discontinued obsolete 'global' and 'local' commands to manipulate -the theory name space. Rare INCOMPATIBILITY. The ML functions -Sign.root_path and Sign.local_path may be applied directly where this -feature is still required for historical reasons. - -* Discontinued obsolete 'constdefs' command. INCOMPATIBILITY, use -'definition' instead. - -* The "prems" fact, which refers to the accidental collection of -foundational premises in the context, is now explicitly marked as -legacy feature and will be discontinued soon. Consider using "assms" -of the head statement or reference facts by explicit names. - -* Document antiquotations @{class} and @{type} print classes and type -constructors. - -* Document antiquotation @{file} checks file/directory entries within -the local file system. - - -*** HOL *** - -* Coercive subtyping: functions can be declared as coercions and type -inference will add them as necessary upon input of a term. Theory -Complex_Main declares real :: nat => real and real :: int => real as -coercions. A coercion function f is declared like this: - - declare [[coercion f]] - -To lift coercions through type constructors (e.g. from nat => real to -nat list => real list), map functions can be declared, e.g. - - declare [[coercion_map map]] - -Currently coercion inference is activated only in theories including -real numbers, i.e. descendants of Complex_Main. This is controlled by -the configuration option "coercion_enabled", e.g. it can be enabled in -other theories like this: - - declare [[coercion_enabled]] - -* Command 'partial_function' provides basic support for recursive -function definitions over complete partial orders. Concrete instances -are provided for i) the option type, ii) tail recursion on arbitrary -types, and iii) the heap monad of Imperative_HOL. See -src/HOL/ex/Fundefs.thy and src/HOL/Imperative_HOL/ex/Linked_Lists.thy -for examples. - -* Function package: f.psimps rules are no longer implicitly declared -as [simp]. INCOMPATIBILITY. - -* Datatype package: theorems generated for executable equality (class -"eq") carry proper names and are treated as default code equations. - -* Inductive package: now offers command 'inductive_simps' to -automatically derive instantiated and simplified equations for -inductive predicates, similar to 'inductive_cases'. - -* Command 'enriched_type' allows to register properties of the -functorial structure of types. - -* Improved infrastructure for term evaluation using code generator -techniques, in particular static evaluation conversions. - -* Code generator: Scala (2.8 or higher) has been added to the target -languages. - -* Code generator: globbing constant expressions "*" and "Theory.*" -have been replaced by the more idiomatic "_" and "Theory._". -INCOMPATIBILITY. - -* Code generator: export_code without explicit file declaration prints -to standard output. INCOMPATIBILITY. - -* Code generator: do not print function definitions for case -combinators any longer. - -* Code generator: simplification with rules determined with -src/Tools/Code/code_simp.ML and method "code_simp". - -* Code generator for records: more idiomatic representation of record -types. Warning: records are not covered by ancient SML code -generation any longer. INCOMPATIBILITY. In cases of need, a suitable -rep_datatype declaration helps to succeed then: - - record 'a foo = ... - ... - rep_datatype foo_ext ... - -* Records: logical foundation type for records does not carry a -'_type' suffix any longer (obsolete due to authentic syntax). -INCOMPATIBILITY. - -* Quickcheck now by default uses exhaustive testing instead of random -testing. Random testing can be invoked by "quickcheck [random]", -exhaustive testing by "quickcheck [exhaustive]". - -* Quickcheck instantiates polymorphic types with small finite -datatypes by default. This enables a simple execution mechanism to -handle quantifiers and function equality over the finite datatypes. - -* Quickcheck random generator has been renamed from "code" to -"random". INCOMPATIBILITY. - -* Quickcheck now has a configurable time limit which is set to 30 -seconds by default. This can be changed by adding [timeout = n] to the -quickcheck command. The time limit for Auto Quickcheck is still set -independently. - -* Quickcheck in locales considers interpretations of that locale for -counter example search. - -* Sledgehammer: - - Added "smt" and "remote_smt" provers based on the "smt" proof - method. See the Sledgehammer manual for details ("isabelle doc - sledgehammer"). - - Renamed commands: - sledgehammer atp_info ~> sledgehammer running_provers - sledgehammer atp_kill ~> sledgehammer kill_provers - sledgehammer available_atps ~> sledgehammer available_provers - INCOMPATIBILITY. - - Renamed options: - sledgehammer [atps = ...] ~> sledgehammer [provers = ...] - sledgehammer [atp = ...] ~> sledgehammer [prover = ...] - sledgehammer [timeout = 77 s] ~> sledgehammer [timeout = 77] - (and "ms" and "min" are no longer supported) - INCOMPATIBILITY. - -* Nitpick: - - Renamed options: - nitpick [timeout = 77 s] ~> nitpick [timeout = 77] - nitpick [tac_timeout = 777 ms] ~> nitpick [tac_timeout = 0.777] - INCOMPATIBILITY. - - Added support for partial quotient types. - - Added local versions of the "Nitpick.register_xxx" functions. - - Added "whack" option. - - Allow registration of quotient types as codatatypes. - - Improved "merge_type_vars" option to merge more types. - - Removed unsound "fast_descrs" option. - - Added custom symmetry breaking for datatypes, making it possible to reach - higher cardinalities. - - Prevent the expansion of too large definitions. - -* Proof methods "metis" and "meson" now have configuration options -"meson_trace", "metis_trace", and "metis_verbose" that can be enabled -to diagnose these tools. E.g. - - using [[metis_trace = true]] - -* Auto Solve: Renamed "Auto Solve Direct". The tool is now available -manually as command 'solve_direct'. - -* The default SMT solver Z3 must be enabled explicitly (due to -licensing issues) by setting the environment variable -Z3_NON_COMMERCIAL in etc/settings of the component, for example. For -commercial applications, the SMT solver CVC3 is provided as fall-back; -changing the SMT solver is done via the configuration option -"smt_solver". - -* Remote SMT solvers need to be referred to by the "remote_" prefix, -i.e. "remote_cvc3" and "remote_z3". - -* Added basic SMT support for datatypes, records, and typedefs using -the oracle mode (no proofs). Direct support of pairs has been dropped -in exchange (pass theorems fst_conv snd_conv pair_collapse to the SMT -support for a similar behavior). Minor INCOMPATIBILITY. - -* Changed SMT configuration options: - - Renamed: - z3_proofs ~> smt_oracle (with inverted meaning) - z3_trace_assms ~> smt_trace_used_facts - INCOMPATIBILITY. - - Added: - smt_verbose - smt_random_seed - smt_datatypes - smt_infer_triggers - smt_monomorph_limit - cvc3_options - remote_cvc3_options - remote_z3_options - yices_options - -* Boogie output files (.b2i files) need to be declared in the theory -header. - -* Simplification procedure "list_to_set_comprehension" rewrites list -comprehensions applied to List.set to set comprehensions. Occasional -INCOMPATIBILITY, may be deactivated like this: - - declare [[simproc del: list_to_set_comprehension]] - -* Removed old version of primrec package. INCOMPATIBILITY. - -* Removed simplifier congruence rule of "prod_case", as has for long -been the case with "split". INCOMPATIBILITY. - -* String.literal is a type, but not a datatype. INCOMPATIBILITY. - -* Removed [split_format ... and ... and ...] version of -[split_format]. Potential INCOMPATIBILITY. - -* Predicate "sorted" now defined inductively, with nice induction -rules. INCOMPATIBILITY: former sorted.simps now named sorted_simps. - -* Constant "contents" renamed to "the_elem", to free the generic name -contents for other uses. INCOMPATIBILITY. - -* Renamed class eq and constant eq (for code generation) to class -equal and constant equal, plus renaming of related facts and various -tuning. INCOMPATIBILITY. - -* Dropped type classes mult_mono and mult_mono1. INCOMPATIBILITY. - -* Removed output syntax "'a ~=> 'b" for "'a => 'b option". -INCOMPATIBILITY. - -* Renamed theory Fset to Cset, type Fset.fset to Cset.set, in order to -avoid confusion with finite sets. INCOMPATIBILITY. - -* Abandoned locales equiv, congruent and congruent2 for equivalence -relations. INCOMPATIBILITY: use equivI rather than equiv_intro (same -for congruent(2)). - -* Some previously unqualified names have been qualified: - - types - bool ~> HOL.bool - nat ~> Nat.nat - - constants - Trueprop ~> HOL.Trueprop - True ~> HOL.True - False ~> HOL.False - op & ~> HOL.conj - op | ~> HOL.disj - op --> ~> HOL.implies - op = ~> HOL.eq - Not ~> HOL.Not - The ~> HOL.The - All ~> HOL.All - Ex ~> HOL.Ex - Ex1 ~> HOL.Ex1 - Let ~> HOL.Let - If ~> HOL.If - Ball ~> Set.Ball - Bex ~> Set.Bex - Suc ~> Nat.Suc - Pair ~> Product_Type.Pair - fst ~> Product_Type.fst - snd ~> Product_Type.snd - curry ~> Product_Type.curry - op : ~> Set.member - Collect ~> Set.Collect - -INCOMPATIBILITY. - -* More canonical naming convention for some fundamental definitions: - - bot_bool_eq ~> bot_bool_def - top_bool_eq ~> top_bool_def - inf_bool_eq ~> inf_bool_def - sup_bool_eq ~> sup_bool_def - bot_fun_eq ~> bot_fun_def - top_fun_eq ~> top_fun_def - inf_fun_eq ~> inf_fun_def - sup_fun_eq ~> sup_fun_def - -INCOMPATIBILITY. - -* More stylized fact names: - - expand_fun_eq ~> fun_eq_iff - expand_set_eq ~> set_eq_iff - set_ext ~> set_eqI - nat_number ~> eval_nat_numeral - -INCOMPATIBILITY. - -* Refactoring of code-generation specific operations in theory List: - - constants - null ~> List.null - - facts - mem_iff ~> member_def - null_empty ~> null_def - -INCOMPATIBILITY. Note that these were not supposed to be used -regularly unless for striking reasons; their main purpose was code -generation. - -Various operations from the Haskell prelude are used for generating -Haskell code. - -* Term "bij f" is now an abbreviation of "bij_betw f UNIV UNIV". Term -"surj f" is now an abbreviation of "range f = UNIV". The theorems -bij_def and surj_def are unchanged. INCOMPATIBILITY. - -* Abolished some non-alphabetic type names: "prod" and "sum" replace -"*" and "+" respectively. INCOMPATIBILITY. - -* Name "Plus" of disjoint sum operator "<+>" is now hidden. Write -"Sum_Type.Plus" instead. - -* Constant "split" has been merged with constant "prod_case"; names of -ML functions, facts etc. involving split have been retained so far, -though. INCOMPATIBILITY. - -* Dropped old infix syntax "_ mem _" for List.member; use "_ : set _" -instead. INCOMPATIBILITY. - -* Removed lemma "Option.is_none_none" which duplicates "is_none_def". -INCOMPATIBILITY. - -* Former theory Library/Enum is now part of the HOL-Main image. -INCOMPATIBILITY: all constants of the Enum theory now have to be -referred to by its qualified name. - - enum ~> Enum.enum - nlists ~> Enum.nlists - product ~> Enum.product - -* Theory Library/Monad_Syntax provides do-syntax for monad types. -Syntax in Library/State_Monad has been changed to avoid ambiguities. -INCOMPATIBILITY. - -* Theory Library/SetsAndFunctions has been split into -Library/Function_Algebras and Library/Set_Algebras; canonical names -for instance definitions for functions; various improvements. -INCOMPATIBILITY. - -* Theory Library/Multiset provides stable quicksort implementation of -sort_key. - -* Theory Library/Multiset: renamed empty_idemp ~> empty_neutral. -INCOMPATIBILITY. - -* Session Multivariate_Analysis: introduced a type class for euclidean -space. Most theorems are now stated in terms of euclidean spaces -instead of finite cartesian products. - - types - real ^ 'n ~> 'a::real_vector - ~> 'a::euclidean_space - ~> 'a::ordered_euclidean_space - (depends on your needs) - - constants - _ $ _ ~> _ $$ _ - \ x. _ ~> \\ x. _ - CARD('n) ~> DIM('a) - -Also note that the indices are now natural numbers and not from some -finite type. Finite cartesian products of euclidean spaces, products -of euclidean spaces the real and complex numbers are instantiated to -be euclidean_spaces. INCOMPATIBILITY. - -* Session Probability: introduced pextreal as positive extended real -numbers. Use pextreal as value for measures. Introduce the -Radon-Nikodym derivative, product spaces and Fubini's theorem for -arbitrary sigma finite measures. Introduces Lebesgue measure based on -the integral in Multivariate Analysis. INCOMPATIBILITY. - -* Session Imperative_HOL: revamped, corrected dozens of inadequacies. -INCOMPATIBILITY. - -* Session SPARK (with image HOL-SPARK) provides commands to load and -prove verification conditions generated by the SPARK Ada program -verifier. See also src/HOL/SPARK and src/HOL/SPARK/Examples. - - -*** HOL-Algebra *** - -* Theorems for additive ring operations (locale abelian_monoid and -descendants) are generated by interpretation from their multiplicative -counterparts. Names (in particular theorem names) have the mandatory -qualifier 'add'. Previous theorem names are redeclared for -compatibility. - -* Structure "int_ring" is now an abbreviation (previously a -definition). This fits more natural with advanced interpretations. - - -*** HOLCF *** - -* The domain package now runs in definitional mode by default: The -former command 'new_domain' is now called 'domain'. To use the domain -package in its original axiomatic mode, use 'domain (unsafe)'. -INCOMPATIBILITY. - -* The new class "domain" is now the default sort. Class "predomain" -is an unpointed version of "domain". Theories can be updated by -replacing sort annotations as shown below. INCOMPATIBILITY. - - 'a::type ~> 'a::countable - 'a::cpo ~> 'a::predomain - 'a::pcpo ~> 'a::domain - -* The old type class "rep" has been superseded by class "domain". -Accordingly, users of the definitional package must remove any -"default_sort rep" declarations. INCOMPATIBILITY. - -* The domain package (definitional mode) now supports unpointed -predomain argument types, as long as they are marked 'lazy'. (Strict -arguments must be in class "domain".) For example, the following -domain definition now works: - - domain natlist = nil | cons (lazy "nat discr") (lazy "natlist") - -* Theory HOLCF/Library/HOL_Cpo provides cpo and predomain class -instances for types from main HOL: bool, nat, int, char, 'a + 'b, -'a option, and 'a list. Additionally, it configures fixrec and the -domain package to work with these types. For example: - - fixrec isInl :: "('a + 'b) u -> tr" - where "isInl$(up$(Inl x)) = TT" | "isInl$(up$(Inr y)) = FF" - - domain V = VFun (lazy "V -> V") | VCon (lazy "nat") (lazy "V list") - -* The "(permissive)" option of fixrec has been replaced with a -per-equation "(unchecked)" option. See -src/HOL/HOLCF/Tutorial/Fixrec_ex.thy for examples. INCOMPATIBILITY. - -* The "bifinite" class no longer fixes a constant "approx"; the class -now just asserts that such a function exists. INCOMPATIBILITY. - -* Former type "alg_defl" has been renamed to "defl". HOLCF no longer -defines an embedding of type 'a defl into udom by default; instances -of "bifinite" and "domain" classes are available in -src/HOL/HOLCF/Library/Defl_Bifinite.thy. - -* The syntax "REP('a)" has been replaced with "DEFL('a)". - -* The predicate "directed" has been removed. INCOMPATIBILITY. - -* The type class "finite_po" has been removed. INCOMPATIBILITY. - -* The function "cprod_map" has been renamed to "prod_map". -INCOMPATIBILITY. - -* The monadic bind operator on each powerdomain has new binder syntax -similar to sets, e.g. "\\x\xs. t" represents -"upper_bind\xs\(\ x. t)". - -* The infix syntax for binary union on each powerdomain has changed -from e.g. "+\" to "\\", for consistency with set -syntax. INCOMPATIBILITY. - -* The constant "UU" has been renamed to "bottom". The syntax "UU" is -still supported as an input translation. - -* Renamed some theorems (the original names are also still available). - - expand_fun_below ~> fun_below_iff - below_fun_ext ~> fun_belowI - expand_cfun_eq ~> cfun_eq_iff - ext_cfun ~> cfun_eqI - expand_cfun_below ~> cfun_below_iff - below_cfun_ext ~> cfun_belowI - cont2cont_Rep_CFun ~> cont2cont_APP - -* The Abs and Rep functions for various types have changed names. -Related theorem names have also changed to match. INCOMPATIBILITY. - - Rep_CFun ~> Rep_cfun - Abs_CFun ~> Abs_cfun - Rep_Sprod ~> Rep_sprod - Abs_Sprod ~> Abs_sprod - Rep_Ssum ~> Rep_ssum - Abs_Ssum ~> Abs_ssum - -* Lemmas with names of the form *_defined_iff or *_strict_iff have -been renamed to *_bottom_iff. INCOMPATIBILITY. - -* Various changes to bisimulation/coinduction with domain package: - - - Definitions of "bisim" constants no longer mention definedness. - - With mutual recursion, "bisim" predicate is now curried. - - With mutual recursion, each type gets a separate coind theorem. - - Variable names in bisim_def and coinduct rules have changed. - -INCOMPATIBILITY. - -* Case combinators generated by the domain package for type "foo" are -now named "foo_case" instead of "foo_when". INCOMPATIBILITY. - -* Several theorems have been renamed to more accurately reflect the -names of constants and types involved. INCOMPATIBILITY. - - thelub_const ~> lub_const - lub_const ~> is_lub_const - thelubI ~> lub_eqI - is_lub_lub ~> is_lubD2 - lubI ~> is_lub_lub - unique_lub ~> is_lub_unique - is_ub_lub ~> is_lub_rangeD1 - lub_bin_chain ~> is_lub_bin_chain - lub_fun ~> is_lub_fun - thelub_fun ~> lub_fun - thelub_cfun ~> lub_cfun - thelub_Pair ~> lub_Pair - lub_cprod ~> is_lub_prod - thelub_cprod ~> lub_prod - minimal_cprod ~> minimal_prod - inst_cprod_pcpo ~> inst_prod_pcpo - UU_I ~> bottomI - compact_UU ~> compact_bottom - deflation_UU ~> deflation_bottom - finite_deflation_UU ~> finite_deflation_bottom - -* Many legacy theorem names have been discontinued. INCOMPATIBILITY. - - sq_ord_less_eq_trans ~> below_eq_trans - sq_ord_eq_less_trans ~> eq_below_trans - refl_less ~> below_refl - trans_less ~> below_trans - antisym_less ~> below_antisym - antisym_less_inverse ~> po_eq_conv [THEN iffD1] - box_less ~> box_below - rev_trans_less ~> rev_below_trans - not_less2not_eq ~> not_below2not_eq - less_UU_iff ~> below_UU_iff - flat_less_iff ~> flat_below_iff - adm_less ~> adm_below - adm_not_less ~> adm_not_below - adm_compact_not_less ~> adm_compact_not_below - less_fun_def ~> below_fun_def - expand_fun_less ~> fun_below_iff - less_fun_ext ~> fun_belowI - less_discr_def ~> below_discr_def - discr_less_eq ~> discr_below_eq - less_unit_def ~> below_unit_def - less_cprod_def ~> below_prod_def - prod_lessI ~> prod_belowI - Pair_less_iff ~> Pair_below_iff - fst_less_iff ~> fst_below_iff - snd_less_iff ~> snd_below_iff - expand_cfun_less ~> cfun_below_iff - less_cfun_ext ~> cfun_belowI - injection_less ~> injection_below - less_up_def ~> below_up_def - not_Iup_less ~> not_Iup_below - Iup_less ~> Iup_below - up_less ~> up_below - Def_inject_less_eq ~> Def_below_Def - Def_less_is_eq ~> Def_below_iff - spair_less_iff ~> spair_below_iff - less_sprod ~> below_sprod - spair_less ~> spair_below - sfst_less_iff ~> sfst_below_iff - ssnd_less_iff ~> ssnd_below_iff - fix_least_less ~> fix_least_below - dist_less_one ~> dist_below_one - less_ONE ~> below_ONE - ONE_less_iff ~> ONE_below_iff - less_sinlD ~> below_sinlD - less_sinrD ~> below_sinrD - - -*** FOL and ZF *** - -* All constant names are now qualified internally and use proper -identifiers, e.g. "IFOL.eq" instead of "op =". INCOMPATIBILITY. - - -*** ML *** - -* Antiquotation @{assert} inlines a function bool -> unit that raises -Fail if the argument is false. Due to inlining the source position of -failed assertions is included in the error output. - -* Discontinued antiquotation @{theory_ref}, which is obsolete since ML -text is in practice always evaluated with a stable theory checkpoint. -Minor INCOMPATIBILITY, use (Theory.check_thy @{theory}) instead. - -* Antiquotation @{theory A} refers to theory A from the ancestry of -the current context, not any accidental theory loader state as before. -Potential INCOMPATIBILITY, subtle change in semantics. - -* Syntax.pretty_priority (default 0) configures the required priority -of pretty-printed output and thus affects insertion of parentheses. - -* Syntax.default_root (default "any") configures the inner syntax -category (nonterminal symbol) for parsing of terms. - -* Former exception Library.UnequalLengths now coincides with -ListPair.UnequalLengths. - -* Renamed structure MetaSimplifier to Raw_Simplifier. Note that the -main functionality is provided by structure Simplifier. - -* Renamed raw "explode" function to "raw_explode" to emphasize its -meaning. Note that internally to Isabelle, Symbol.explode is used in -almost all situations. - -* Discontinued obsolete function sys_error and exception SYS_ERROR. -See implementation manual for further details on exceptions in -Isabelle/ML. - -* Renamed setmp_noncritical to Unsynchronized.setmp to emphasize its -meaning. - -* Renamed structure PureThy to Pure_Thy and moved most of its -operations to structure Global_Theory, to emphasize that this is -rarely-used global-only stuff. - -* Discontinued Output.debug. Minor INCOMPATIBILITY, use plain writeln -instead (or tracing for high-volume output). - -* Configuration option show_question_marks only affects regular pretty -printing of types and terms, not raw Term.string_of_vname. - -* ML_Context.thm and ML_Context.thms are no longer pervasive. Rare -INCOMPATIBILITY, superseded by static antiquotations @{thm} and -@{thms} for most purposes. - -* ML structure Unsynchronized is never opened, not even in Isar -interaction mode as before. Old Unsynchronized.set etc. have been -discontinued -- use plain := instead. This should be *rare* anyway, -since modern tools always work via official context data, notably -configuration options. - -* Parallel and asynchronous execution requires special care concerning -interrupts. Structure Exn provides some convenience functions that -avoid working directly with raw Interrupt. User code must not absorb -interrupts -- intermediate handling (for cleanup etc.) needs to be -followed by re-raising of the original exception. Another common -source of mistakes are "handle _" patterns, which make the meaning of -the program subject to physical effects of the environment. - - - -New in Isabelle2009-2 (June 2010) ---------------------------------- - -*** General *** - -* Authentic syntax for *all* logical entities (type classes, type -constructors, term constants): provides simple and robust -correspondence between formal entities and concrete syntax. Within -the parse tree / AST representations, "constants" are decorated by -their category (class, type, const) and spelled out explicitly with -their full internal name. - -Substantial INCOMPATIBILITY concerning low-level syntax declarations -and translations (translation rules and translation functions in ML). -Some hints on upgrading: - - - Many existing uses of 'syntax' and 'translations' can be replaced - by more modern 'type_notation', 'notation' and 'abbreviation', - which are independent of this issue. - - - 'translations' require markup within the AST; the term syntax - provides the following special forms: - - CONST c -- produces syntax version of constant c from context - XCONST c -- literally c, checked as constant from context - c -- literally c, if declared by 'syntax' - - Plain identifiers are treated as AST variables -- occasionally the - system indicates accidental variables via the error "rhs contains - extra variables". - - Type classes and type constructors are marked according to their - concrete syntax. Some old translations rules need to be written - for the "type" category, using type constructor application - instead of pseudo-term application of the default category - "logic". - - - 'parse_translation' etc. in ML may use the following - antiquotations: - - @{class_syntax c} -- type class c within parse tree / AST - @{term_syntax c} -- type constructor c within parse tree / AST - @{const_syntax c} -- ML version of "CONST c" above - @{syntax_const c} -- literally c (checked wrt. 'syntax' declarations) - - - Literal types within 'typed_print_translations', i.e. those *not* - represented as pseudo-terms are represented verbatim. Use @{class - c} or @{type_name c} here instead of the above syntax - antiquotations. - -Note that old non-authentic syntax was based on unqualified base -names, so all of the above "constant" names would coincide. Recall -that 'print_syntax' and ML_command "set Syntax.trace_ast" help to -diagnose syntax problems. - -* Type constructors admit general mixfix syntax, not just infix. - -* Concrete syntax may be attached to local entities without a proof -body, too. This works via regular mixfix annotations for 'fix', -'def', 'obtain' etc. or via the explicit 'write' command, which is -similar to the 'notation' command in theory specifications. - -* Discontinued unnamed infix syntax (legacy feature for many years) -- -need to specify constant name and syntax separately. Internal ML -datatype constructors have been renamed from InfixName to Infix etc. -Minor INCOMPATIBILITY. - -* Schematic theorem statements need to be explicitly markup as such, -via commands 'schematic_lemma', 'schematic_theorem', -'schematic_corollary'. Thus the relevance of the proof is made -syntactically clear, which impacts performance in a parallel or -asynchronous interactive environment. Minor INCOMPATIBILITY. - -* Use of cumulative prems via "!" in some proof methods has been -discontinued (old legacy feature). - -* References 'trace_simp' and 'debug_simp' have been replaced by -configuration options stored in the context. Enabling tracing (the -case of debugging is similar) in proofs works via - - using [[trace_simp = true]] - -Tracing is then active for all invocations of the simplifier in -subsequent goal refinement steps. Tracing may also still be enabled or -disabled via the ProofGeneral settings menu. - -* Separate commands 'hide_class', 'hide_type', 'hide_const', -'hide_fact' replace the former 'hide' KIND command. Minor -INCOMPATIBILITY. - -* Improved parallelism of proof term normalization: usedir -p2 -q0 is -more efficient than combinations with -q1 or -q2. - - -*** Pure *** - -* Proofterms record type-class reasoning explicitly, using the -"unconstrain" operation internally. This eliminates all sort -constraints from a theorem and proof, introducing explicit -OFCLASS-premises. On the proof term level, this operation is -automatically applied at theorem boundaries, such that closed proofs -are always free of sort constraints. INCOMPATIBILITY for tools that -inspect proof terms. - -* Local theory specifications may depend on extra type variables that -are not present in the result type -- arguments TYPE('a) :: 'a itself -are added internally. For example: - - definition unitary :: bool where "unitary = (ALL (x::'a) y. x = y)" - -* Predicates of locales introduced by classes carry a mandatory -"class" prefix. INCOMPATIBILITY. - -* Vacuous class specifications observe default sort. INCOMPATIBILITY. - -* Old 'axclass' command has been discontinued. INCOMPATIBILITY, use -'class' instead. - -* Command 'code_reflect' allows to incorporate generated ML code into -runtime environment; replaces immature code_datatype antiquotation. -INCOMPATIBILITY. - -* Code generator: simple concept for abstract datatypes obeying -invariants. - -* Code generator: details of internal data cache have no impact on the -user space functionality any longer. - -* Methods "unfold_locales" and "intro_locales" ignore non-locale -subgoals. This is more appropriate for interpretations with 'where'. -INCOMPATIBILITY. - -* Command 'example_proof' opens an empty proof body. This allows to -experiment with Isar, without producing any persistent result. - -* Commands 'type_notation' and 'no_type_notation' declare type syntax -within a local theory context, with explicit checking of the -constructors involved (in contrast to the raw 'syntax' versions). - -* Commands 'types' and 'typedecl' now work within a local theory -context -- without introducing dependencies on parameters or -assumptions, which is not possible in Isabelle/Pure. - -* Command 'defaultsort' has been renamed to 'default_sort', it works -within a local theory context. Minor INCOMPATIBILITY. - - -*** HOL *** - -* Command 'typedef' now works within a local theory context -- without -introducing dependencies on parameters or assumptions, which is not -possible in Isabelle/Pure/HOL. Note that the logical environment may -contain multiple interpretations of local typedefs (with different -non-emptiness proofs), even in a global theory context. - -* New package for quotient types. Commands 'quotient_type' and -'quotient_definition' may be used for defining types and constants by -quotient constructions. An example is the type of integers created by -quotienting pairs of natural numbers: - - fun - intrel :: "(nat * nat) => (nat * nat) => bool" - where - "intrel (x, y) (u, v) = (x + v = u + y)" - - quotient_type int = "nat * nat" / intrel - by (auto simp add: equivp_def expand_fun_eq) - - quotient_definition - "0::int" is "(0::nat, 0::nat)" - -The method "lifting" can be used to lift of theorems from the -underlying "raw" type to the quotient type. The example -src/HOL/Quotient_Examples/FSet.thy includes such a quotient -construction and provides a reasoning infrastructure for finite sets. - -* Renamed Library/Quotient.thy to Library/Quotient_Type.thy to avoid -clash with new theory Quotient in Main HOL. - -* Moved the SMT binding into the main HOL session, eliminating -separate HOL-SMT session. - -* List membership infix mem operation is only an input abbreviation. -INCOMPATIBILITY. - -* Theory Library/Word.thy has been removed. Use library Word/Word.thy -for future developements; former Library/Word.thy is still present in -the AFP entry RSAPPS. - -* Theorem Int.int_induct renamed to Int.int_of_nat_induct and is no -longer shadowed. INCOMPATIBILITY. - -* Dropped theorem duplicate comp_arith; use semiring_norm instead. -INCOMPATIBILITY. - -* Dropped theorem RealPow.real_sq_order; use power2_le_imp_le instead. -INCOMPATIBILITY. - -* Dropped normalizing_semiring etc; use the facts in semiring classes -instead. INCOMPATIBILITY. - -* Dropped several real-specific versions of lemmas about floor and -ceiling; use the generic lemmas from theory "Archimedean_Field" -instead. INCOMPATIBILITY. - - floor_number_of_eq ~> floor_number_of - le_floor_eq_number_of ~> number_of_le_floor - le_floor_eq_zero ~> zero_le_floor - le_floor_eq_one ~> one_le_floor - floor_less_eq_number_of ~> floor_less_number_of - floor_less_eq_zero ~> floor_less_zero - floor_less_eq_one ~> floor_less_one - less_floor_eq_number_of ~> number_of_less_floor - less_floor_eq_zero ~> zero_less_floor - less_floor_eq_one ~> one_less_floor - floor_le_eq_number_of ~> floor_le_number_of - floor_le_eq_zero ~> floor_le_zero - floor_le_eq_one ~> floor_le_one - floor_subtract_number_of ~> floor_diff_number_of - floor_subtract_one ~> floor_diff_one - ceiling_number_of_eq ~> ceiling_number_of - ceiling_le_eq_number_of ~> ceiling_le_number_of - ceiling_le_zero_eq ~> ceiling_le_zero - ceiling_le_eq_one ~> ceiling_le_one - less_ceiling_eq_number_of ~> number_of_less_ceiling - less_ceiling_eq_zero ~> zero_less_ceiling - less_ceiling_eq_one ~> one_less_ceiling - ceiling_less_eq_number_of ~> ceiling_less_number_of - ceiling_less_eq_zero ~> ceiling_less_zero - ceiling_less_eq_one ~> ceiling_less_one - le_ceiling_eq_number_of ~> number_of_le_ceiling - le_ceiling_eq_zero ~> zero_le_ceiling - le_ceiling_eq_one ~> one_le_ceiling - ceiling_subtract_number_of ~> ceiling_diff_number_of - ceiling_subtract_one ~> ceiling_diff_one - -* Theory "Finite_Set": various folding_XXX locales facilitate the -application of the various fold combinators on finite sets. - -* Library theory "RBT" renamed to "RBT_Impl"; new library theory "RBT" -provides abstract red-black tree type which is backed by "RBT_Impl" as -implementation. INCOMPATIBILITY. - -* Theory Library/Coinductive_List has been removed -- superseded by -AFP/thys/Coinductive. - -* Theory PReal, including the type "preal" and related operations, has -been removed. INCOMPATIBILITY. - -* Real: new development using Cauchy Sequences. - -* Split off theory "Big_Operators" containing setsum, setprod, -Inf_fin, Sup_fin, Min, Max from theory Finite_Set. INCOMPATIBILITY. - -* Theory "Rational" renamed to "Rat", for consistency with "Nat", -"Int" etc. INCOMPATIBILITY. - -* Constant Rat.normalize needs to be qualified. INCOMPATIBILITY. - -* New set of rules "ac_simps" provides combined assoc / commute -rewrites for all interpretations of the appropriate generic locales. - -* Renamed theory "OrderedGroup" to "Groups" and split theory -"Ring_and_Field" into theories "Rings" and "Fields"; for more -appropriate and more consistent names suitable for name prefixes -within the HOL theories. INCOMPATIBILITY. - -* Some generic constants have been put to appropriate theories: - - less_eq, less: Orderings - - zero, one, plus, minus, uminus, times, abs, sgn: Groups - - inverse, divide: Rings -INCOMPATIBILITY. - -* More consistent naming of type classes involving orderings (and -lattices): - - lower_semilattice ~> semilattice_inf - upper_semilattice ~> semilattice_sup - - dense_linear_order ~> dense_linorder - - pordered_ab_group_add ~> ordered_ab_group_add - pordered_ab_group_add_abs ~> ordered_ab_group_add_abs - pordered_ab_semigroup_add ~> ordered_ab_semigroup_add - pordered_ab_semigroup_add_imp_le ~> ordered_ab_semigroup_add_imp_le - pordered_cancel_ab_semigroup_add ~> ordered_cancel_ab_semigroup_add - pordered_cancel_comm_semiring ~> ordered_cancel_comm_semiring - pordered_cancel_semiring ~> ordered_cancel_semiring - pordered_comm_monoid_add ~> ordered_comm_monoid_add - pordered_comm_ring ~> ordered_comm_ring - pordered_comm_semiring ~> ordered_comm_semiring - pordered_ring ~> ordered_ring - pordered_ring_abs ~> ordered_ring_abs - pordered_semiring ~> ordered_semiring - - ordered_ab_group_add ~> linordered_ab_group_add - ordered_ab_semigroup_add ~> linordered_ab_semigroup_add - ordered_cancel_ab_semigroup_add ~> linordered_cancel_ab_semigroup_add - ordered_comm_semiring_strict ~> linordered_comm_semiring_strict - ordered_field ~> linordered_field - ordered_field_no_lb ~> linordered_field_no_lb - ordered_field_no_ub ~> linordered_field_no_ub - ordered_field_dense_linear_order ~> dense_linordered_field - ordered_idom ~> linordered_idom - ordered_ring ~> linordered_ring - ordered_ring_le_cancel_factor ~> linordered_ring_le_cancel_factor - ordered_ring_less_cancel_factor ~> linordered_ring_less_cancel_factor - ordered_ring_strict ~> linordered_ring_strict - ordered_semidom ~> linordered_semidom - ordered_semiring ~> linordered_semiring - ordered_semiring_1 ~> linordered_semiring_1 - ordered_semiring_1_strict ~> linordered_semiring_1_strict - ordered_semiring_strict ~> linordered_semiring_strict - - The following slightly odd type classes have been moved to a - separate theory Library/Lattice_Algebras: - - lordered_ab_group_add ~> lattice_ab_group_add - lordered_ab_group_add_abs ~> lattice_ab_group_add_abs - lordered_ab_group_add_meet ~> semilattice_inf_ab_group_add - lordered_ab_group_add_join ~> semilattice_sup_ab_group_add - lordered_ring ~> lattice_ring - -INCOMPATIBILITY. - -* Refined field classes: - - classes division_ring_inverse_zero, field_inverse_zero, - linordered_field_inverse_zero include rule inverse 0 = 0 -- - subsumes former division_by_zero class; - - numerous lemmas have been ported from field to division_ring. -INCOMPATIBILITY. - -* Refined algebra theorem collections: - - dropped theorem group group_simps, use algebra_simps instead; - - dropped theorem group ring_simps, use field_simps instead; - - proper theorem collection field_simps subsumes former theorem - groups field_eq_simps and field_simps; - - dropped lemma eq_minus_self_iff which is a duplicate for - equal_neg_zero. -INCOMPATIBILITY. - -* Theory Finite_Set and List: some lemmas have been generalized from -sets to lattices: - - fun_left_comm_idem_inter ~> fun_left_comm_idem_inf - fun_left_comm_idem_union ~> fun_left_comm_idem_sup - inter_Inter_fold_inter ~> inf_Inf_fold_inf - union_Union_fold_union ~> sup_Sup_fold_sup - Inter_fold_inter ~> Inf_fold_inf - Union_fold_union ~> Sup_fold_sup - inter_INTER_fold_inter ~> inf_INFI_fold_inf - union_UNION_fold_union ~> sup_SUPR_fold_sup - INTER_fold_inter ~> INFI_fold_inf - UNION_fold_union ~> SUPR_fold_sup - -* Theory "Complete_Lattice": lemmas top_def and bot_def have been -replaced by the more convenient lemmas Inf_empty and Sup_empty. -Dropped lemmas Inf_insert_simp and Sup_insert_simp, which are subsumed -by Inf_insert and Sup_insert. Lemmas Inf_UNIV and Sup_UNIV replace -former Inf_Univ and Sup_Univ. Lemmas inf_top_right and sup_bot_right -subsume inf_top and sup_bot respectively. INCOMPATIBILITY. - -* Reorganized theory Multiset: swapped notation of pointwise and -multiset order: - - - pointwise ordering is instance of class order with standard syntax - <= and <; - - multiset ordering has syntax <=# and <#; partial order properties - are provided by means of interpretation with prefix - multiset_order; - - less duplication, less historical organization of sections, - conversion from associations lists to multisets, rudimentary code - generation; - - use insert_DiffM2 [symmetric] instead of elem_imp_eq_diff_union, - if needed. - -Renamed: - - multiset_eq_conv_count_eq ~> multiset_ext_iff - multi_count_ext ~> multiset_ext - diff_union_inverse2 ~> diff_union_cancelR - -INCOMPATIBILITY. - -* Theory Permutation: replaced local "remove" by List.remove1. - -* Code generation: ML and OCaml code is decorated with signatures. - -* Theory List: added transpose. - -* Library/Nat_Bijection.thy is a collection of bijective functions -between nat and other types, which supersedes the older libraries -Library/Nat_Int_Bij.thy and HOLCF/NatIso.thy. INCOMPATIBILITY. - - Constants: - Nat_Int_Bij.nat2_to_nat ~> prod_encode - Nat_Int_Bij.nat_to_nat2 ~> prod_decode - Nat_Int_Bij.int_to_nat_bij ~> int_encode - Nat_Int_Bij.nat_to_int_bij ~> int_decode - Countable.pair_encode ~> prod_encode - NatIso.prod2nat ~> prod_encode - NatIso.nat2prod ~> prod_decode - NatIso.sum2nat ~> sum_encode - NatIso.nat2sum ~> sum_decode - NatIso.list2nat ~> list_encode - NatIso.nat2list ~> list_decode - NatIso.set2nat ~> set_encode - NatIso.nat2set ~> set_decode - - Lemmas: - Nat_Int_Bij.bij_nat_to_int_bij ~> bij_int_decode - Nat_Int_Bij.nat2_to_nat_inj ~> inj_prod_encode - Nat_Int_Bij.nat2_to_nat_surj ~> surj_prod_encode - Nat_Int_Bij.nat_to_nat2_inj ~> inj_prod_decode - Nat_Int_Bij.nat_to_nat2_surj ~> surj_prod_decode - Nat_Int_Bij.i2n_n2i_id ~> int_encode_inverse - Nat_Int_Bij.n2i_i2n_id ~> int_decode_inverse - Nat_Int_Bij.surj_nat_to_int_bij ~> surj_int_encode - Nat_Int_Bij.surj_int_to_nat_bij ~> surj_int_decode - Nat_Int_Bij.inj_nat_to_int_bij ~> inj_int_encode - Nat_Int_Bij.inj_int_to_nat_bij ~> inj_int_decode - Nat_Int_Bij.bij_nat_to_int_bij ~> bij_int_encode - Nat_Int_Bij.bij_int_to_nat_bij ~> bij_int_decode - -* Sledgehammer: - - Renamed ATP commands: - atp_info ~> sledgehammer running_atps - atp_kill ~> sledgehammer kill_atps - atp_messages ~> sledgehammer messages - atp_minimize ~> sledgehammer minimize - print_atps ~> sledgehammer available_atps - INCOMPATIBILITY. - - Added user's manual ("isabelle doc sledgehammer"). - - Added option syntax and "sledgehammer_params" to customize - Sledgehammer's behavior. See the manual for details. - - Modified the Isar proof reconstruction code so that it produces - direct proofs rather than proofs by contradiction. (This feature - is still experimental.) - - Made Isar proof reconstruction work for SPASS, remote ATPs, and in - full-typed mode. - - Added support for TPTP syntax for SPASS via the "spass_tptp" ATP. - -* Nitpick: - - Added and implemented "binary_ints" and "bits" options. - - Added "std" option and implemented support for nonstandard models. - - Added and implemented "finitize" option to improve the precision - of infinite datatypes based on a monotonicity analysis. - - Added support for quotient types. - - Added support for "specification" and "ax_specification" - constructs. - - Added support for local definitions (for "function" and - "termination" proofs). - - Added support for term postprocessors. - - Optimized "Multiset.multiset" and "FinFun.finfun". - - Improved efficiency of "destroy_constrs" optimization. - - Fixed soundness bugs related to "destroy_constrs" optimization and - record getters. - - Fixed soundness bug related to higher-order constructors. - - Fixed soundness bug when "full_descrs" is enabled. - - Improved precision of set constructs. - - Added "atoms" option. - - Added cache to speed up repeated Kodkod invocations on the same - problems. - - Renamed "MiniSatJNI", "zChaffJNI", "BerkMinAlloy", and - "SAT4JLight" to "MiniSat_JNI", "zChaff_JNI", "BerkMin_Alloy", and - "SAT4J_Light". INCOMPATIBILITY. - - Removed "skolemize", "uncurry", "sym_break", "flatten_prop", - "sharing_depth", and "show_skolems" options. INCOMPATIBILITY. - - Removed "nitpick_intro" attribute. INCOMPATIBILITY. - -* Method "induct" now takes instantiations of the form t, where t is not - a variable, as a shorthand for "x == t", where x is a fresh variable. - If this is not intended, t has to be enclosed in parentheses. - By default, the equalities generated by definitional instantiations - are pre-simplified, which may cause parameters of inductive cases - to disappear, or may even delete some of the inductive cases. - Use "induct (no_simp)" instead of "induct" to restore the old - behaviour. The (no_simp) option is also understood by the "cases" - and "nominal_induct" methods, which now perform pre-simplification, too. - INCOMPATIBILITY. - - -*** HOLCF *** - -* Variable names in lemmas generated by the domain package have -changed; the naming scheme is now consistent with the HOL datatype -package. Some proof scripts may be affected, INCOMPATIBILITY. - -* The domain package no longer defines the function "foo_copy" for -recursive domain "foo". The reach lemma is now stated directly in -terms of "foo_take". Lemmas and proofs that mention "foo_copy" must -be reformulated in terms of "foo_take", INCOMPATIBILITY. - -* Most definedness lemmas generated by the domain package (previously -of the form "x ~= UU ==> foo$x ~= UU") now have an if-and-only-if form -like "foo$x = UU <-> x = UU", which works better as a simp rule. -Proofs that used definedness lemmas as intro rules may break, -potential INCOMPATIBILITY. - -* Induction and casedist rules generated by the domain package now -declare proper case_names (one called "bottom", and one named for each -constructor). INCOMPATIBILITY. - -* For mutually-recursive domains, separate "reach" and "take_lemma" -rules are generated for each domain, INCOMPATIBILITY. - - foo_bar.reach ~> foo.reach bar.reach - foo_bar.take_lemmas ~> foo.take_lemma bar.take_lemma - -* Some lemmas generated by the domain package have been renamed for -consistency with the datatype package, INCOMPATIBILITY. - - foo.ind ~> foo.induct - foo.finite_ind ~> foo.finite_induct - foo.coind ~> foo.coinduct - foo.casedist ~> foo.exhaust - foo.exhaust ~> foo.nchotomy - -* For consistency with other definition packages, the fixrec package -now generates qualified theorem names, INCOMPATIBILITY. - - foo_simps ~> foo.simps - foo_unfold ~> foo.unfold - foo_induct ~> foo.induct - -* The "fixrec_simp" attribute has been removed. The "fixrec_simp" -method and internal fixrec proofs now use the default simpset instead. -INCOMPATIBILITY. - -* The "contlub" predicate has been removed. Proof scripts should use -lemma contI2 in place of monocontlub2cont, INCOMPATIBILITY. - -* The "admw" predicate has been removed, INCOMPATIBILITY. - -* The constants cpair, cfst, and csnd have been removed in favor of -Pair, fst, and snd from Isabelle/HOL, INCOMPATIBILITY. - - -*** ML *** - -* Antiquotations for basic formal entities: - - @{class NAME} -- type class - @{class_syntax NAME} -- syntax representation of the above - - @{type_name NAME} -- logical type - @{type_abbrev NAME} -- type abbreviation - @{nonterminal NAME} -- type of concrete syntactic category - @{type_syntax NAME} -- syntax representation of any of the above - - @{const_name NAME} -- logical constant (INCOMPATIBILITY) - @{const_abbrev NAME} -- abbreviated constant - @{const_syntax NAME} -- syntax representation of any of the above - -* Antiquotation @{syntax_const NAME} ensures that NAME refers to a raw -syntax constant (cf. 'syntax' command). - -* Antiquotation @{make_string} inlines a function to print arbitrary -values similar to the ML toplevel. The result is compiler dependent -and may fall back on "?" in certain situations. - -* Diagnostic commands 'ML_val' and 'ML_command' may refer to -antiquotations @{Isar.state} and @{Isar.goal}. This replaces impure -Isar.state() and Isar.goal(), which belong to the old TTY loop and do -not work with the asynchronous Isar document model. - -* Configuration options now admit dynamic default values, depending on -the context or even global references. - -* SHA1.digest digests strings according to SHA-1 (see RFC 3174). It -uses an efficient external library if available (for Poly/ML). - -* Renamed some important ML structures, while keeping the old names -for some time as aliases within the structure Legacy: - - OuterKeyword ~> Keyword - OuterLex ~> Token - OuterParse ~> Parse - OuterSyntax ~> Outer_Syntax - PrintMode ~> Print_Mode - SpecParse ~> Parse_Spec - ThyInfo ~> Thy_Info - ThyLoad ~> Thy_Load - ThyOutput ~> Thy_Output - TypeInfer ~> Type_Infer - -Note that "open Legacy" simplifies porting of sources, but forgetting -to remove it again will complicate porting again in the future. - -* Most operations that refer to a global context are named -accordingly, e.g. Simplifier.global_context or -ProofContext.init_global. There are some situations where a global -context actually works, but under normal circumstances one needs to -pass the proper local context through the code! - -* Discontinued old TheoryDataFun with its copy/init operation -- data -needs to be pure. Functor Theory_Data_PP retains the traditional -Pretty.pp argument to merge, which is absent in the standard -Theory_Data version. - -* Sorts.certify_sort and derived "cert" operations for types and terms -no longer minimize sorts. Thus certification at the boundary of the -inference kernel becomes invariant under addition of class relations, -which is an important monotonicity principle. Sorts are now minimized -in the syntax layer only, at the boundary between the end-user and the -system. Subtle INCOMPATIBILITY, may have to use Sign.minimize_sort -explicitly in rare situations. - -* Renamed old-style Drule.standard to Drule.export_without_context, to -emphasize that this is in no way a standard operation. -INCOMPATIBILITY. - -* Subgoal.FOCUS (and variants): resulting goal state is normalized as -usual for resolution. Rare INCOMPATIBILITY. - -* Renamed varify/unvarify operations to varify_global/unvarify_global -to emphasize that these only work in a global situation (which is -quite rare). - -* Curried take and drop in library.ML; negative length is interpreted -as infinity (as in chop). Subtle INCOMPATIBILITY. - -* Proof terms: type substitutions on proof constants now use canonical -order of type variables. INCOMPATIBILITY for tools working with proof -terms. - -* Raw axioms/defs may no longer carry sort constraints, and raw defs -may no longer carry premises. User-level specifications are -transformed accordingly by Thm.add_axiom/add_def. - - -*** System *** - -* Discontinued special HOL_USEDIR_OPTIONS for the main HOL image; -ISABELLE_USEDIR_OPTIONS applies uniformly to all sessions. Note that -proof terms are enabled unconditionally in the new HOL-Proofs image. - -* Discontinued old ISABELLE and ISATOOL environment settings (legacy -feature since Isabelle2009). Use ISABELLE_PROCESS and ISABELLE_TOOL, -respectively. - -* Old lib/scripts/polyml-platform is superseded by the -ISABELLE_PLATFORM setting variable, which defaults to the 32 bit -variant, even on a 64 bit machine. The following example setting -prefers 64 bit if available: - - ML_PLATFORM="${ISABELLE_PLATFORM64:-$ISABELLE_PLATFORM}" - -* The preliminary Isabelle/jEdit application demonstrates the emerging -Isabelle/Scala layer for advanced prover interaction and integration. -See src/Tools/jEdit or "isabelle jedit" provided by the properly built -component. - -* "IsabelleText" is a Unicode font derived from Bitstream Vera Mono -and Bluesky TeX fonts. It provides the usual Isabelle symbols, -similar to the default assignment of the document preparation system -(cf. isabellesym.sty). The Isabelle/Scala class Isabelle_System -provides some operations for direct access to the font without asking -the user for manual installation. - - - -New in Isabelle2009-1 (December 2009) -------------------------------------- - -*** General *** - -* Discontinued old form of "escaped symbols" such as \\. Only -one backslash should be used, even in ML sources. - - -*** Pure *** - -* Locale interpretation propagates mixins along the locale hierarchy. -The currently only available mixins are the equations used to map -local definitions to terms of the target domain of an interpretation. - -* Reactivated diagnostic command 'print_interps'. Use "print_interps -loc" to print all interpretations of locale "loc" in the theory. -Interpretations in proofs are not shown. - -* Thoroughly revised locales tutorial. New section on conditional -interpretation. - -* On instantiation of classes, remaining undefined class parameters -are formally declared. INCOMPATIBILITY. - - -*** Document preparation *** - -* New generalized style concept for printing terms: @{foo (style) ...} -instead of @{foo_style style ...} (old form is still retained for -backward compatibility). Styles can be also applied for -antiquotations prop, term_type and typeof. - - -*** HOL *** - -* New proof method "smt" for a combination of first-order logic with -equality, linear and nonlinear (natural/integer/real) arithmetic, and -fixed-size bitvectors; there is also basic support for higher-order -features (esp. lambda abstractions). It is an incomplete decision -procedure based on external SMT solvers using the oracle mechanism; -for the SMT solver Z3, this method is proof-producing. Certificates -are provided to avoid calling the external solvers solely for -re-checking proofs. Due to a remote SMT service there is no need for -installing SMT solvers locally. See src/HOL/SMT. - -* New commands to load and prove verification conditions generated by -the Boogie program verifier or derived systems (e.g. the Verifying C -Compiler (VCC) or Spec#). See src/HOL/Boogie. - -* New counterexample generator tool 'nitpick' based on the Kodkod -relational model finder. See src/HOL/Tools/Nitpick and -src/HOL/Nitpick_Examples. - -* New commands 'code_pred' and 'values' to invoke the predicate -compiler and to enumerate values of inductive predicates. - -* A tabled implementation of the reflexive transitive closure. - -* New implementation of quickcheck uses generic code generator; -default generators are provided for all suitable HOL types, records -and datatypes. Old quickcheck can be re-activated importing theory -Library/SML_Quickcheck. - -* New testing tool Mirabelle for automated proof tools. Applies -several tools and tactics like sledgehammer, metis, or quickcheck, to -every proof step in a theory. To be used in batch mode via the -"mirabelle" utility. - -* New proof method "sos" (sum of squares) for nonlinear real -arithmetic (originally due to John Harison). It requires theory -Library/Sum_Of_Squares. It is not a complete decision procedure but -works well in practice on quantifier-free real arithmetic with +, -, -*, ^, =, <= and <, i.e. boolean combinations of equalities and -inequalities between polynomials. It makes use of external -semidefinite programming solvers. Method "sos" generates a -certificate that can be pasted into the proof thus avoiding the need -to call an external tool every time the proof is checked. See -src/HOL/Library/Sum_Of_Squares. - -* New method "linarith" invokes existing linear arithmetic decision -procedure only. - -* New command 'atp_minimal' reduces result produced by Sledgehammer. - -* New Sledgehammer option "Full Types" in Proof General settings menu. -Causes full type information to be output to the ATPs. This slows -ATPs down considerably but eliminates a source of unsound "proofs" -that fail later. - -* New method "metisFT": A version of metis that uses full type -information in order to avoid failures of proof reconstruction. - -* New evaluator "approximate" approximates an real valued term using -the same method as the approximation method. - -* Method "approximate" now supports arithmetic expressions as -boundaries of intervals and implements interval splitting and Taylor -series expansion. - -* ML antiquotation @{code_datatype} inserts definition of a datatype -generated by the code generator; e.g. see src/HOL/Predicate.thy. - -* New theory SupInf of the supremum and infimum operators for sets of -reals. - -* New theory Probability, which contains a development of measure -theory, eventually leading to Lebesgue integration and probability. - -* Extended Multivariate Analysis to include derivation and Brouwer's -fixpoint theorem. - -* Reorganization of number theory, INCOMPATIBILITY: - - new number theory development for nat and int, in theories Divides - and GCD as well as in new session Number_Theory - - some constants and facts now suffixed with _nat and _int - accordingly - - former session NumberTheory now named Old_Number_Theory, including - theories Legacy_GCD and Primes (prefer Number_Theory if possible) - - moved theory Pocklington from src/HOL/Library to - src/HOL/Old_Number_Theory - -* Theory GCD includes functions Gcd/GCD and Lcm/LCM for the gcd and -lcm of finite and infinite sets. It is shown that they form a complete -lattice. - -* Class semiring_div requires superclass no_zero_divisors and proof of -div_mult_mult1; theorems div_mult_mult1, div_mult_mult2, -div_mult_mult1_if, div_mult_mult1 and div_mult_mult2 have been -generalized to class semiring_div, subsuming former theorems -zdiv_zmult_zmult1, zdiv_zmult_zmult1_if, zdiv_zmult_zmult1 and -zdiv_zmult_zmult2. div_mult_mult1 is now [simp] by default. -INCOMPATIBILITY. - -* Refinements to lattice classes and sets: - - less default intro/elim rules in locale variant, more default - intro/elim rules in class variant: more uniformity - - lemma ge_sup_conv renamed to le_sup_iff, in accordance with - le_inf_iff - - dropped lemma alias inf_ACI for inf_aci (same for sup_ACI and - sup_aci) - - renamed ACI to inf_sup_aci - - new class "boolean_algebra" - - class "complete_lattice" moved to separate theory - "Complete_Lattice"; corresponding constants (and abbreviations) - renamed and with authentic syntax: - Set.Inf ~> Complete_Lattice.Inf - Set.Sup ~> Complete_Lattice.Sup - Set.INFI ~> Complete_Lattice.INFI - Set.SUPR ~> Complete_Lattice.SUPR - Set.Inter ~> Complete_Lattice.Inter - Set.Union ~> Complete_Lattice.Union - Set.INTER ~> Complete_Lattice.INTER - Set.UNION ~> Complete_Lattice.UNION - - authentic syntax for - Set.Pow - Set.image - - mere abbreviations: - Set.empty (for bot) - Set.UNIV (for top) - Set.inter (for inf, formerly Set.Int) - Set.union (for sup, formerly Set.Un) - Complete_Lattice.Inter (for Inf) - Complete_Lattice.Union (for Sup) - Complete_Lattice.INTER (for INFI) - Complete_Lattice.UNION (for SUPR) - - object-logic definitions as far as appropriate - -INCOMPATIBILITY. Care is required when theorems Int_subset_iff or -Un_subset_iff are explicitly deleted as default simp rules; then also -their lattice counterparts le_inf_iff and le_sup_iff have to be -deleted to achieve the desired effect. - -* Rules inf_absorb1, inf_absorb2, sup_absorb1, sup_absorb2 are no simp -rules by default any longer; the same applies to min_max.inf_absorb1 -etc. INCOMPATIBILITY. - -* Rules sup_Int_eq and sup_Un_eq are no longer declared as -pred_set_conv by default. INCOMPATIBILITY. - -* Power operations on relations and functions are now one dedicated -constant "compow" with infix syntax "^^". Power operation on -multiplicative monoids retains syntax "^" and is now defined generic -in class power. INCOMPATIBILITY. - -* Relation composition "R O S" now has a more standard argument order: -"R O S = {(x, z). EX y. (x, y) : R & (y, z) : S}". INCOMPATIBILITY, -rewrite propositions with "S O R" --> "R O S". Proofs may occasionally -break, since the O_assoc rule was not rewritten like this. Fix using -O_assoc[symmetric]. The same applies to the curried version "R OO S". - -* Function "Inv" is renamed to "inv_into" and function "inv" is now an -abbreviation for "inv_into UNIV". Lemmas are renamed accordingly. -INCOMPATIBILITY. - -* Most rules produced by inductive and datatype package have mandatory -prefixes. INCOMPATIBILITY. - -* Changed "DERIV_intros" to a dynamic fact, which can be augmented by -the attribute of the same name. Each of the theorems in the list -DERIV_intros assumes composition with an additional function and -matches a variable to the derivative, which has to be solved by the -Simplifier. Hence (auto intro!: DERIV_intros) computes the derivative -of most elementary terms. Former Maclauren.DERIV_tac and -Maclauren.deriv_tac should be replaced by (auto intro!: DERIV_intros). -INCOMPATIBILITY. - -* Code generator attributes follow the usual underscore convention: - code_unfold replaces code unfold - code_post replaces code post - etc. - INCOMPATIBILITY. - -* Renamed methods: - sizechange -> size_change - induct_scheme -> induction_schema - INCOMPATIBILITY. - -* Discontinued abbreviation "arbitrary" of constant "undefined". -INCOMPATIBILITY, use "undefined" directly. - -* Renamed theorems: - Suc_eq_add_numeral_1 -> Suc_eq_plus1 - Suc_eq_add_numeral_1_left -> Suc_eq_plus1_left - Suc_plus1 -> Suc_eq_plus1 - *anti_sym -> *antisym* - vector_less_eq_def -> vector_le_def - INCOMPATIBILITY. - -* Added theorem List.map_map as [simp]. Removed List.map_compose. -INCOMPATIBILITY. - -* Removed predicate "M hassize n" (<--> card M = n & finite M). -INCOMPATIBILITY. - - -*** HOLCF *** - -* Theory Representable defines a class "rep" of domains that are -representable (via an ep-pair) in the universal domain type "udom". -Instances are provided for all type constructors defined in HOLCF. - -* The 'new_domain' command is a purely definitional version of the -domain package, for representable domains. Syntax is identical to the -old domain package. The 'new_domain' package also supports indirect -recursion using previously-defined type constructors. See -src/HOLCF/ex/New_Domain.thy for examples. - -* Method "fixrec_simp" unfolds one step of a fixrec-defined constant -on the left-hand side of an equation, and then performs -simplification. Rewriting is done using rules declared with the -"fixrec_simp" attribute. The "fixrec_simp" method is intended as a -replacement for "fixpat"; see src/HOLCF/ex/Fixrec_ex.thy for examples. - -* The pattern-match compiler in 'fixrec' can now handle constructors -with HOL function types. Pattern-match combinators for the Pair -constructor are pre-configured. - -* The 'fixrec' package now produces better fixed-point induction rules -for mutually-recursive definitions: Induction rules have conclusions -of the form "P foo bar" instead of "P ". - -* The constant "sq_le" (with infix syntax "<<" or "\") has -been renamed to "below". The name "below" now replaces "less" in many -theorem names. (Legacy theorem names using "less" are still supported -as well.) - -* The 'fixrec' package now supports "bottom patterns". Bottom -patterns can be used to generate strictness rules, or to make -functions more strict (much like the bang-patterns supported by the -Glasgow Haskell Compiler). See src/HOLCF/ex/Fixrec_ex.thy for -examples. - - -*** ML *** - -* Support for Poly/ML 5.3.0, with improved reporting of compiler -errors and run-time exceptions, including detailed source positions. - -* Structure Name_Space (formerly NameSpace) now manages uniquely -identified entries, with some additional information such as source -position, logical grouping etc. - -* Theory and context data is now introduced by the simplified and -modernized functors Theory_Data, Proof_Data, Generic_Data. Data needs -to be pure, but the old TheoryDataFun for mutable data (with explicit -copy operation) is still available for some time. - -* Structure Synchronized (cf. src/Pure/Concurrent/synchronized.ML) -provides a high-level programming interface to synchronized state -variables with atomic update. This works via pure function -application within a critical section -- its runtime should be as -short as possible; beware of deadlocks if critical code is nested, -either directly or indirectly via other synchronized variables! - -* Structure Unsynchronized (cf. src/Pure/ML-Systems/unsynchronized.ML) -wraps raw ML references, explicitly indicating their non-thread-safe -behaviour. The Isar toplevel keeps this structure open, to -accommodate Proof General as well as quick and dirty interactive -experiments with references. - -* PARALLEL_CHOICE and PARALLEL_GOALS provide basic support for -parallel tactical reasoning. - -* Tacticals Subgoal.FOCUS, Subgoal.FOCUS_PREMS, Subgoal.FOCUS_PARAMS -are similar to SUBPROOF, but are slightly more flexible: only the -specified parts of the subgoal are imported into the context, and the -body tactic may introduce new subgoals and schematic variables. - -* Old tactical METAHYPS, which does not observe the proof context, has -been renamed to Old_Goals.METAHYPS and awaits deletion. Use SUBPROOF -or Subgoal.FOCUS etc. - -* Renamed functor TableFun to Table, and GraphFun to Graph. (Since -functors have their own ML name space there is no point to mark them -separately.) Minor INCOMPATIBILITY. - -* Renamed NamedThmsFun to Named_Thms. INCOMPATIBILITY. - -* Renamed several structures FooBar to Foo_Bar. Occasional, -INCOMPATIBILITY. - -* Operations of structure Skip_Proof no longer require quick_and_dirty -mode, which avoids critical setmp. - -* Eliminated old Attrib.add_attributes, Method.add_methods and related -combinators for "args". INCOMPATIBILITY, need to use simplified -Attrib/Method.setup introduced in Isabelle2009. - -* Proper context for simpset_of, claset_of, clasimpset_of. May fall -back on global_simpset_of, global_claset_of, global_clasimpset_of as -last resort. INCOMPATIBILITY. - -* Display.pretty_thm now requires a proper context (cf. former -ProofContext.pretty_thm). May fall back on Display.pretty_thm_global -or even Display.pretty_thm_without_context as last resort. -INCOMPATIBILITY. - -* Discontinued Display.pretty_ctyp/cterm etc. INCOMPATIBILITY, use -Syntax.pretty_typ/term directly, preferably with proper context -instead of global theory. - - -*** System *** - -* Further fine tuning of parallel proof checking, scales up to 8 cores -(max. speedup factor 5.0). See also Goal.parallel_proofs in ML and -usedir option -q. - -* Support for additional "Isabelle components" via etc/components, see -also the system manual. - -* The isabelle makeall tool now operates on all components with -IsaMakefile, not just hardwired "logics". - -* Removed "compress" option from isabelle-process and isabelle usedir; -this is always enabled. - -* Discontinued support for Poly/ML 4.x versions. - -* Isabelle tool "wwwfind" provides web interface for 'find_theorems' -on a given logic image. This requires the lighttpd webserver and is -currently supported on Linux only. - - - -New in Isabelle2009 (April 2009) --------------------------------- - -*** General *** - -* Simplified main Isabelle executables, with less surprises on -case-insensitive file-systems (such as Mac OS). - - - The main Isabelle tool wrapper is now called "isabelle" instead of - "isatool." - - - The former "isabelle" alias for "isabelle-process" has been - removed (should rarely occur to regular users). - - - The former "isabelle-interface" and its alias "Isabelle" have been - removed (interfaces are now regular Isabelle tools). - -Within scripts and make files, the Isabelle environment variables -ISABELLE_TOOL and ISABELLE_PROCESS replace old ISATOOL and ISABELLE, -respectively. (The latter are still available as legacy feature.) - -The old isabelle-interface wrapper could react in confusing ways if -the interface was uninstalled or changed otherwise. Individual -interface tool configuration is now more explicit, see also the -Isabelle system manual. In particular, Proof General is now available -via "isabelle emacs". - -INCOMPATIBILITY, need to adapt derivative scripts. Users may need to -purge installed copies of Isabelle executables and re-run "isabelle -install -p ...", or use symlinks. - -* The default for ISABELLE_HOME_USER is now ~/.isabelle instead of the -old ~/isabelle, which was slightly non-standard and apt to cause -surprises on case-insensitive file-systems (such as Mac OS). - -INCOMPATIBILITY, need to move existing ~/isabelle/etc, -~/isabelle/heaps, ~/isabelle/browser_info to the new place. Special -care is required when using older releases of Isabelle. Note that -ISABELLE_HOME_USER can be changed in Isabelle/etc/settings of any -Isabelle distribution, in order to use the new ~/.isabelle uniformly. - -* Proofs of fully specified statements are run in parallel on -multi-core systems. A speedup factor of 2.5 to 3.2 can be expected on -a regular 4-core machine, if the initial heap space is made reasonably -large (cf. Poly/ML option -H). (Requires Poly/ML 5.2.1 or later.) - -* The main reference manuals ("isar-ref", "implementation", and -"system") have been updated and extended. Formally checked references -as hyperlinks are now available uniformly. - - -*** Pure *** - -* Complete re-implementation of locales. INCOMPATIBILITY in several -respects. The most important changes are listed below. See the -Tutorial on Locales ("locales" manual) for details. - -- In locale expressions, instantiation replaces renaming. Parameters -must be declared in a for clause. To aid compatibility with previous -parameter inheritance, in locale declarations, parameters that are not -'touched' (instantiation position "_" or omitted) are implicitly added -with their syntax at the beginning of the for clause. - -- Syntax from abbreviations and definitions in locales is available in -locale expressions and context elements. The latter is particularly -useful in locale declarations. - -- More flexible mechanisms to qualify names generated by locale -expressions. Qualifiers (prefixes) may be specified in locale -expressions, and can be marked as mandatory (syntax: "name!:") or -optional (syntax "name?:"). The default depends for plain "name:" -depends on the situation where a locale expression is used: in -commands 'locale' and 'sublocale' prefixes are optional, in -'interpretation' and 'interpret' prefixes are mandatory. The old -implicit qualifiers derived from the parameter names of a locale are -no longer generated. - -- Command "sublocale l < e" replaces "interpretation l < e". The -instantiation clause in "interpretation" and "interpret" (square -brackets) is no longer available. Use locale expressions. - -- When converting proof scripts, mandatory qualifiers in -'interpretation' and 'interpret' should be retained by default, even -if this is an INCOMPATIBILITY compared to former behavior. In the -worst case, use the "name?:" form for non-mandatory ones. Qualifiers -in locale expressions range over a single locale instance only. - -- Dropped locale element "includes". This is a major INCOMPATIBILITY. -In existing theorem specifications replace the includes element by the -respective context elements of the included locale, omitting those -that are already present in the theorem specification. Multiple -assume elements of a locale should be replaced by a single one -involving the locale predicate. In the proof body, declarations (most -notably theorems) may be regained by interpreting the respective -locales in the proof context as required (command "interpret"). - -If using "includes" in replacement of a target solely because the -parameter types in the theorem are not as general as in the target, -consider declaring a new locale with additional type constraints on -the parameters (context element "constrains"). - -- Discontinued "locale (open)". INCOMPATIBILITY. - -- Locale interpretation commands no longer attempt to simplify goal. -INCOMPATIBILITY: in rare situations the generated goal differs. Use -methods intro_locales and unfold_locales to clarify. - -- Locale interpretation commands no longer accept interpretation -attributes. INCOMPATIBILITY. - -* Class declaration: so-called "base sort" must not be given in import -list any longer, but is inferred from the specification. Particularly -in HOL, write - - class foo = ... - -instead of - - class foo = type + ... - -* Class target: global versions of theorems stemming do not carry a -parameter prefix any longer. INCOMPATIBILITY. - -* Class 'instance' command no longer accepts attached definitions. -INCOMPATIBILITY, use proper 'instantiation' target instead. - -* Recovered hiding of consts, which was accidentally broken in -Isabelle2007. Potential INCOMPATIBILITY, ``hide const c'' really -makes c inaccessible; consider using ``hide (open) const c'' instead. - -* Slightly more coherent Pure syntax, with updated documentation in -isar-ref manual. Removed locales meta_term_syntax and -meta_conjunction_syntax: TERM and &&& (formerly &&) are now permanent, -INCOMPATIBILITY in rare situations. Note that &&& should not be used -directly in regular applications. - -* There is a new syntactic category "float_const" for signed decimal -fractions (e.g. 123.45 or -123.45). - -* Removed exotic 'token_translation' command. INCOMPATIBILITY, use ML -interface with 'setup' command instead. - -* Command 'local_setup' is similar to 'setup', but operates on a local -theory context. - -* The 'axiomatization' command now only works within a global theory -context. INCOMPATIBILITY. - -* Goal-directed proof now enforces strict proof irrelevance wrt. sort -hypotheses. Sorts required in the course of reasoning need to be -covered by the constraints in the initial statement, completed by the -type instance information of the background theory. Non-trivial sort -hypotheses, which rarely occur in practice, may be specified via -vacuous propositions of the form SORT_CONSTRAINT('a::c). For example: - - lemma assumes "SORT_CONSTRAINT('a::empty)" shows False ... - -The result contains an implicit sort hypotheses as before -- -SORT_CONSTRAINT premises are eliminated as part of the canonical rule -normalization. - -* Generalized Isar history, with support for linear undo, direct state -addressing etc. - -* Changed defaults for unify configuration options: - - unify_trace_bound = 50 (formerly 25) - unify_search_bound = 60 (formerly 30) - -* Different bookkeeping for code equations (INCOMPATIBILITY): - - a) On theory merge, the last set of code equations for a particular - constant is taken (in accordance with the policy applied by other - parts of the code generator framework). - - b) Code equations stemming from explicit declarations (e.g. code - attribute) gain priority over default code equations stemming - from definition, primrec, fun etc. - -* Keyword 'code_exception' now named 'code_abort'. INCOMPATIBILITY. - -* Unified theorem tables for both code generators. Thus [code -func] has disappeared and only [code] remains. INCOMPATIBILITY. - -* Command 'find_consts' searches for constants based on type and name -patterns, e.g. - - find_consts "_ => bool" - -By default, matching is against subtypes, but it may be restricted to -the whole type. Searching by name is possible. Multiple queries are -conjunctive and queries may be negated by prefixing them with a -hyphen: - - find_consts strict: "_ => bool" name: "Int" -"int => int" - -* New 'find_theorems' criterion "solves" matches theorems that -directly solve the current goal (modulo higher-order unification). - -* Auto solve feature for main theorem statements: whenever a new goal -is stated, "find_theorems solves" is called; any theorems that could -solve the lemma directly are listed as part of the goal state. -Cf. associated options in Proof General Isabelle settings menu, -enabled by default, with reasonable timeout for pathological cases of -higher-order unification. - - -*** Document preparation *** - -* Antiquotation @{lemma} now imitates a regular terminal proof, -demanding keyword 'by' and supporting the full method expression -syntax just like the Isar command 'by'. - - -*** HOL *** - -* Integrated main parts of former image HOL-Complex with HOL. Entry -points Main and Complex_Main remain as before. - -* Logic image HOL-Plain provides a minimal HOL with the most important -tools available (inductive, datatype, primrec, ...). This facilitates -experimentation and tool development. Note that user applications -(and library theories) should never refer to anything below theory -Main, as before. - -* Logic image HOL-Main stops at theory Main, and thus facilitates -experimentation due to shorter build times. - -* Logic image HOL-NSA contains theories of nonstandard analysis which -were previously part of former HOL-Complex. Entry point Hyperreal -remains valid, but theories formerly using Complex_Main should now use -new entry point Hypercomplex. - -* Generic ATP manager for Sledgehammer, based on ML threads instead of -Posix processes. Avoids potentially expensive forking of the ML -process. New thread-based implementation also works on non-Unix -platforms (Cygwin). Provers are no longer hardwired, but defined -within the theory via plain ML wrapper functions. Basic Sledgehammer -commands are covered in the isar-ref manual. - -* Wrapper scripts for remote SystemOnTPTP service allows to use -sledgehammer without local ATP installation (Vampire etc.). Other -provers may be included via suitable ML wrappers, see also -src/HOL/ATP_Linkup.thy. - -* ATP selection (E/Vampire/Spass) is now via Proof General's settings -menu. - -* The metis method no longer fails because the theorem is too trivial -(contains the empty clause). - -* The metis method now fails in the usual manner, rather than raising -an exception, if it determines that it cannot prove the theorem. - -* Method "coherent" implements a prover for coherent logic (see also -src/Tools/coherent.ML). - -* Constants "undefined" and "default" replace "arbitrary". Usually -"undefined" is the right choice to replace "arbitrary", though -logically there is no difference. INCOMPATIBILITY. - -* Command "value" now integrates different evaluation mechanisms. The -result of the first successful evaluation mechanism is printed. In -square brackets a particular named evaluation mechanisms may be -specified (currently, [SML], [code] or [nbe]). See further -src/HOL/ex/Eval_Examples.thy. - -* Normalization by evaluation now allows non-leftlinear equations. -Declare with attribute [code nbe]. - -* Methods "case_tac" and "induct_tac" now refer to the very same rules -as the structured Isar versions "cases" and "induct", cf. the -corresponding "cases" and "induct" attributes. Mutual induction rules -are now presented as a list of individual projections -(e.g. foo_bar.inducts for types foo and bar); the old format with -explicit HOL conjunction is no longer supported. INCOMPATIBILITY, in -rare situations a different rule is selected --- notably nested tuple -elimination instead of former prod.exhaust: use explicit (case_tac t -rule: prod.exhaust) here. - -* Attributes "cases", "induct", "coinduct" support "del" option. - -* Removed fact "case_split_thm", which duplicates "case_split". - -* The option datatype has been moved to a new theory Option. Renamed -option_map to Option.map, and o2s to Option.set, INCOMPATIBILITY. - -* New predicate "strict_mono" classifies strict functions on partial -orders. With strict functions on linear orders, reasoning about -(in)equalities is facilitated by theorems "strict_mono_eq", -"strict_mono_less_eq" and "strict_mono_less". - -* Some set operations are now proper qualified constants with -authentic syntax. INCOMPATIBILITY: - - op Int ~> Set.Int - op Un ~> Set.Un - INTER ~> Set.INTER - UNION ~> Set.UNION - Inter ~> Set.Inter - Union ~> Set.Union - {} ~> Set.empty - UNIV ~> Set.UNIV - -* Class complete_lattice with operations Inf, Sup, INFI, SUPR now in -theory Set. - -* Auxiliary class "itself" has disappeared -- classes without any -parameter are treated as expected by the 'class' command. - -* Leibnitz's Series for Pi and the arcus tangens and logarithm series. - -* Common decision procedures (Cooper, MIR, Ferrack, Approximation, -Dense_Linear_Order) are now in directory HOL/Decision_Procs. - -* Theory src/HOL/Decision_Procs/Approximation provides the new proof -method "approximation". It proves formulas on real values by using -interval arithmetic. In the formulas are also the transcendental -functions sin, cos, tan, atan, ln, exp and the constant pi are -allowed. For examples see -src/HOL/Descision_Procs/ex/Approximation_Ex.thy. - -* Theory "Reflection" now resides in HOL/Library. - -* Entry point to Word library now simply named "Word". -INCOMPATIBILITY. - -* Made source layout more coherent with logical distribution -structure: - - src/HOL/Library/RType.thy ~> src/HOL/Typerep.thy - src/HOL/Library/Code_Message.thy ~> src/HOL/ - src/HOL/Library/GCD.thy ~> src/HOL/ - src/HOL/Library/Order_Relation.thy ~> src/HOL/ - src/HOL/Library/Parity.thy ~> src/HOL/ - src/HOL/Library/Univ_Poly.thy ~> src/HOL/ - src/HOL/Real/ContNotDenum.thy ~> src/HOL/Library/ - src/HOL/Real/Lubs.thy ~> src/HOL/ - src/HOL/Real/PReal.thy ~> src/HOL/ - src/HOL/Real/Rational.thy ~> src/HOL/ - src/HOL/Real/RComplete.thy ~> src/HOL/ - src/HOL/Real/RealDef.thy ~> src/HOL/ - src/HOL/Real/RealPow.thy ~> src/HOL/ - src/HOL/Real/Real.thy ~> src/HOL/ - src/HOL/Complex/Complex_Main.thy ~> src/HOL/ - src/HOL/Complex/Complex.thy ~> src/HOL/ - src/HOL/Complex/FrechetDeriv.thy ~> src/HOL/Library/ - src/HOL/Complex/Fundamental_Theorem_Algebra.thy ~> src/HOL/Library/ - src/HOL/Hyperreal/Deriv.thy ~> src/HOL/ - src/HOL/Hyperreal/Fact.thy ~> src/HOL/ - src/HOL/Hyperreal/Integration.thy ~> src/HOL/ - src/HOL/Hyperreal/Lim.thy ~> src/HOL/ - src/HOL/Hyperreal/Ln.thy ~> src/HOL/ - src/HOL/Hyperreal/Log.thy ~> src/HOL/ - src/HOL/Hyperreal/MacLaurin.thy ~> src/HOL/ - src/HOL/Hyperreal/NthRoot.thy ~> src/HOL/ - src/HOL/Hyperreal/Series.thy ~> src/HOL/ - src/HOL/Hyperreal/SEQ.thy ~> src/HOL/ - src/HOL/Hyperreal/Taylor.thy ~> src/HOL/ - src/HOL/Hyperreal/Transcendental.thy ~> src/HOL/ - src/HOL/Real/Float ~> src/HOL/Library/ - src/HOL/Real/HahnBanach ~> src/HOL/HahnBanach - src/HOL/Real/RealVector.thy ~> src/HOL/ - - src/HOL/arith_data.ML ~> src/HOL/Tools - src/HOL/hologic.ML ~> src/HOL/Tools - src/HOL/simpdata.ML ~> src/HOL/Tools - src/HOL/int_arith1.ML ~> src/HOL/Tools/int_arith.ML - src/HOL/int_factor_simprocs.ML ~> src/HOL/Tools - src/HOL/nat_simprocs.ML ~> src/HOL/Tools - src/HOL/Real/float_arith.ML ~> src/HOL/Tools - src/HOL/Real/float_syntax.ML ~> src/HOL/Tools - src/HOL/Real/rat_arith.ML ~> src/HOL/Tools - src/HOL/Real/real_arith.ML ~> src/HOL/Tools - - src/HOL/Library/Array.thy ~> src/HOL/Imperative_HOL - src/HOL/Library/Heap_Monad.thy ~> src/HOL/Imperative_HOL - src/HOL/Library/Heap.thy ~> src/HOL/Imperative_HOL - src/HOL/Library/Imperative_HOL.thy ~> src/HOL/Imperative_HOL - src/HOL/Library/Ref.thy ~> src/HOL/Imperative_HOL - src/HOL/Library/Relational.thy ~> src/HOL/Imperative_HOL - -* If methods "eval" and "evaluation" encounter a structured proof -state with !!/==>, only the conclusion is evaluated to True (if -possible), avoiding strange error messages. - -* Method "sizechange" automates termination proofs using (a -modification of) the size-change principle. Requires SAT solver. See -src/HOL/ex/Termination.thy for examples. - -* Simplifier: simproc for let expressions now unfolds if bound -variable occurs at most once in let expression body. INCOMPATIBILITY. - -* Method "arith": Linear arithmetic now ignores all inequalities when -fast_arith_neq_limit is exceeded, instead of giving up entirely. - -* New attribute "arith" for facts that should always be used -automatically by arithmetic. It is intended to be used locally in -proofs, e.g. - - assumes [arith]: "x > 0" - -Global usage is discouraged because of possible performance impact. - -* New classes "top" and "bot" with corresponding operations "top" and -"bot" in theory Orderings; instantiation of class "complete_lattice" -requires instantiation of classes "top" and "bot". INCOMPATIBILITY. - -* Changed definition lemma "less_fun_def" in order to provide an -instance for preorders on functions; use lemma "less_le" instead. -INCOMPATIBILITY. - -* Theory Orderings: class "wellorder" moved here, with explicit -induction rule "less_induct" as assumption. For instantiation of -"wellorder" by means of predicate "wf", use rule wf_wellorderI. -INCOMPATIBILITY. - -* Theory Orderings: added class "preorder" as superclass of "order". -INCOMPATIBILITY: Instantiation proofs for order, linorder -etc. slightly changed. Some theorems named order_class.* now named -preorder_class.*. - -* Theory Relation: renamed "refl" to "refl_on", "reflexive" to "refl, -"diag" to "Id_on". - -* Theory Finite_Set: added a new fold combinator of type - - ('a => 'b => 'b) => 'b => 'a set => 'b - -Occasionally this is more convenient than the old fold combinator -which is now defined in terms of the new one and renamed to -fold_image. - -* Theories Ring_and_Field and OrderedGroup: The lemmas "group_simps" -and "ring_simps" have been replaced by "algebra_simps" (which can be -extended with further lemmas!). At the moment both still exist but -the former will disappear at some point. - -* Theory Power: Lemma power_Suc is now declared as a simp rule in -class recpower. Type-specific simp rules for various recpower types -have been removed. INCOMPATIBILITY, rename old lemmas as follows: - -rat_power_0 -> power_0 -rat_power_Suc -> power_Suc -realpow_0 -> power_0 -realpow_Suc -> power_Suc -complexpow_0 -> power_0 -complexpow_Suc -> power_Suc -power_poly_0 -> power_0 -power_poly_Suc -> power_Suc - -* Theories Ring_and_Field and Divides: Definition of "op dvd" has been -moved to separate class dvd in Ring_and_Field; a couple of lemmas on -dvd has been generalized to class comm_semiring_1. Likewise a bunch -of lemmas from Divides has been generalized from nat to class -semiring_div. INCOMPATIBILITY. This involves the following theorem -renames resulting from duplicate elimination: - - dvd_def_mod ~> dvd_eq_mod_eq_0 - zero_dvd_iff ~> dvd_0_left_iff - dvd_0 ~> dvd_0_right - DIVISION_BY_ZERO_DIV ~> div_by_0 - DIVISION_BY_ZERO_MOD ~> mod_by_0 - mult_div ~> div_mult_self2_is_id - mult_mod ~> mod_mult_self2_is_0 - -* Theory IntDiv: removed many lemmas that are instances of class-based -generalizations (from Divides and Ring_and_Field). INCOMPATIBILITY, -rename old lemmas as follows: - -dvd_diff -> nat_dvd_diff -dvd_zminus_iff -> dvd_minus_iff -mod_add1_eq -> mod_add_eq -mod_mult1_eq -> mod_mult_right_eq -mod_mult1_eq' -> mod_mult_left_eq -mod_mult_distrib_mod -> mod_mult_eq -nat_mod_add_left_eq -> mod_add_left_eq -nat_mod_add_right_eq -> mod_add_right_eq -nat_mod_div_trivial -> mod_div_trivial -nat_mod_mod_trivial -> mod_mod_trivial -zdiv_zadd_self1 -> div_add_self1 -zdiv_zadd_self2 -> div_add_self2 -zdiv_zmult_self1 -> div_mult_self2_is_id -zdiv_zmult_self2 -> div_mult_self1_is_id -zdvd_triv_left -> dvd_triv_left -zdvd_triv_right -> dvd_triv_right -zdvd_zmult_cancel_disj -> dvd_mult_cancel_left -zmod_eq0_zdvd_iff -> dvd_eq_mod_eq_0[symmetric] -zmod_zadd_left_eq -> mod_add_left_eq -zmod_zadd_right_eq -> mod_add_right_eq -zmod_zadd_self1 -> mod_add_self1 -zmod_zadd_self2 -> mod_add_self2 -zmod_zadd1_eq -> mod_add_eq -zmod_zdiff1_eq -> mod_diff_eq -zmod_zdvd_zmod -> mod_mod_cancel -zmod_zmod_cancel -> mod_mod_cancel -zmod_zmult_self1 -> mod_mult_self2_is_0 -zmod_zmult_self2 -> mod_mult_self1_is_0 -zmod_1 -> mod_by_1 -zdiv_1 -> div_by_1 -zdvd_abs1 -> abs_dvd_iff -zdvd_abs2 -> dvd_abs_iff -zdvd_refl -> dvd_refl -zdvd_trans -> dvd_trans -zdvd_zadd -> dvd_add -zdvd_zdiff -> dvd_diff -zdvd_zminus_iff -> dvd_minus_iff -zdvd_zminus2_iff -> minus_dvd_iff -zdvd_zmultD -> dvd_mult_right -zdvd_zmultD2 -> dvd_mult_left -zdvd_zmult_mono -> mult_dvd_mono -zdvd_0_right -> dvd_0_right -zdvd_0_left -> dvd_0_left_iff -zdvd_1_left -> one_dvd -zminus_dvd_iff -> minus_dvd_iff - -* Theory Rational: 'Fract k 0' now equals '0'. INCOMPATIBILITY. - -* The real numbers offer decimal input syntax: 12.34 is translated -into 1234/10^2. This translation is not reversed upon output. - -* Theory Library/Polynomial defines an abstract type 'a poly of -univariate polynomials with coefficients of type 'a. In addition to -the standard ring operations, it also supports div and mod. Code -generation is also supported, using list-style constructors. - -* Theory Library/Inner_Product defines a class of real_inner for real -inner product spaces, with an overloaded operation inner :: 'a => 'a -=> real. Class real_inner is a subclass of real_normed_vector from -theory RealVector. - -* Theory Library/Product_Vector provides instances for the product -type 'a * 'b of several classes from RealVector and Inner_Product. -Definitions of addition, subtraction, scalar multiplication, norms, -and inner products are included. - -* Theory Library/Bit defines the field "bit" of integers modulo 2. In -addition to the field operations, numerals and case syntax are also -supported. - -* Theory Library/Diagonalize provides constructive version of Cantor's -first diagonalization argument. - -* Theory Library/GCD: Curried operations gcd, lcm (for nat) and zgcd, -zlcm (for int); carried together from various gcd/lcm developements in -the HOL Distribution. Constants zgcd and zlcm replace former igcd and -ilcm; corresponding theorems renamed accordingly. INCOMPATIBILITY, -may recover tupled syntax as follows: - - hide (open) const gcd - abbreviation gcd where - "gcd == (%(a, b). GCD.gcd a b)" - notation (output) - GCD.gcd ("gcd '(_, _')") - -The same works for lcm, zgcd, zlcm. - -* Theory Library/Nat_Infinity: added addition, numeral syntax and more -instantiations for algebraic structures. Removed some duplicate -theorems. Changes in simp rules. INCOMPATIBILITY. - -* ML antiquotation @{code} takes a constant as argument and generates -corresponding code in background and inserts name of the corresponding -resulting ML value/function/datatype constructor binding in place. -All occurrences of @{code} with a single ML block are generated -simultaneously. Provides a generic and safe interface for -instrumentalizing code generation. See -src/HOL/Decision_Procs/Ferrack.thy for a more ambitious application. -In future you ought to refrain from ad-hoc compiling generated SML -code on the ML toplevel. Note that (for technical reasons) @{code} -cannot refer to constants for which user-defined serializations are -set. Refer to the corresponding ML counterpart directly in that -cases. - -* Command 'rep_datatype': instead of theorem names the command now -takes a list of terms denoting the constructors of the type to be -represented as datatype. The characteristic theorems have to be -proven. INCOMPATIBILITY. Also observe that the following theorems -have disappeared in favour of existing ones: - - unit_induct ~> unit.induct - prod_induct ~> prod.induct - sum_induct ~> sum.induct - Suc_Suc_eq ~> nat.inject - Suc_not_Zero Zero_not_Suc ~> nat.distinct - - -*** HOL-Algebra *** - -* New locales for orders and lattices where the equivalence relation -is not restricted to equality. INCOMPATIBILITY: all order and lattice -locales use a record structure with field eq for the equivalence. - -* New theory of factorial domains. - -* Units_l_inv and Units_r_inv are now simp rules by default. -INCOMPATIBILITY. Simplifier proof that require deletion of l_inv -and/or r_inv will now also require deletion of these lemmas. - -* Renamed the following theorems, INCOMPATIBILITY: - -UpperD ~> Upper_memD -LowerD ~> Lower_memD -least_carrier ~> least_closed -greatest_carrier ~> greatest_closed -greatest_Lower_above ~> greatest_Lower_below -one_zero ~> carrier_one_zero -one_not_zero ~> carrier_one_not_zero (collision with assumption) - - -*** HOL-Nominal *** - -* Nominal datatypes can now contain type-variables. - -* Commands 'nominal_inductive' and 'equivariance' work with local -theory targets. - -* Nominal primrec can now works with local theory targets and its -specification syntax now conforms to the general format as seen in -'inductive' etc. - -* Method "perm_simp" honours the standard simplifier attributes -(no_asm), (no_asm_use) etc. - -* The new predicate #* is defined like freshness, except that on the -left hand side can be a set or list of atoms. - -* Experimental command 'nominal_inductive2' derives strong induction -principles for inductive definitions. In contrast to -'nominal_inductive', which can only deal with a fixed number of -binders, it can deal with arbitrary expressions standing for sets of -atoms to be avoided. The only inductive definition we have at the -moment that needs this generalisation is the typing rule for Lets in -the algorithm W: - - Gamma |- t1 : T1 (x,close Gamma T1)::Gamma |- t2 : T2 x#Gamma - ----------------------------------------------------------------- - Gamma |- Let x be t1 in t2 : T2 - -In this rule one wants to avoid all the binders that are introduced by -"close Gamma T1". We are looking for other examples where this -feature might be useful. Please let us know. - - -*** HOLCF *** - -* Reimplemented the simplification procedure for proving continuity -subgoals. The new simproc is extensible; users can declare additional -continuity introduction rules with the attribute [cont2cont]. - -* The continuity simproc now uses a different introduction rule for -solving continuity subgoals on terms with lambda abstractions. In -some rare cases the new simproc may fail to solve subgoals that the -old one could solve, and "simp add: cont2cont_LAM" may be necessary. -Potential INCOMPATIBILITY. - -* Command 'fixrec': specification syntax now conforms to the general -format as seen in 'inductive' etc. See src/HOLCF/ex/Fixrec_ex.thy for -examples. INCOMPATIBILITY. - - -*** ZF *** - -* Proof of Zorn's Lemma for partial orders. - - -*** ML *** - -* Multithreading for Poly/ML 5.1/5.2 is no longer supported, only for -Poly/ML 5.2.1 or later. Important note: the TimeLimit facility -depends on multithreading, so timouts will not work before Poly/ML -5.2.1! - -* High-level support for concurrent ML programming, see -src/Pure/Cuncurrent. The data-oriented model of "future values" is -particularly convenient to organize independent functional -computations. The concept of "synchronized variables" provides a -higher-order interface for components with shared state, avoiding the -delicate details of mutexes and condition variables. (Requires -Poly/ML 5.2.1 or later.) - -* ML bindings produced via Isar commands are stored within the Isar -context (theory or proof). Consequently, commands like 'use' and 'ML' -become thread-safe and work with undo as expected (concerning -top-level bindings, not side-effects on global references). -INCOMPATIBILITY, need to provide proper Isar context when invoking the -compiler at runtime; really global bindings need to be given outside a -theory. (Requires Poly/ML 5.2 or later.) - -* Command 'ML_prf' is analogous to 'ML' but works within a proof -context. Top-level ML bindings are stored within the proof context in -a purely sequential fashion, disregarding the nested proof structure. -ML bindings introduced by 'ML_prf' are discarded at the end of the -proof. (Requires Poly/ML 5.2 or later.) - -* Simplified ML attribute and method setup, cf. functions Attrib.setup -and Method.setup, as well as Isar commands 'attribute_setup' and -'method_setup'. INCOMPATIBILITY for 'method_setup', need to simplify -existing code accordingly, or use plain 'setup' together with old -Method.add_method. - -* Simplified ML oracle interface Thm.add_oracle promotes 'a -> cterm -to 'a -> thm, while results are always tagged with an authentic oracle -name. The Isar command 'oracle' is now polymorphic, no argument type -is specified. INCOMPATIBILITY, need to simplify existing oracle code -accordingly. Note that extra performance may be gained by producing -the cterm carefully, avoiding slow Thm.cterm_of. - -* Simplified interface for defining document antiquotations via -ThyOutput.antiquotation, ThyOutput.output, and optionally -ThyOutput.maybe_pretty_source. INCOMPATIBILITY, need to simplify user -antiquotations accordingly, see src/Pure/Thy/thy_output.ML for common -examples. - -* More systematic treatment of long names, abstract name bindings, and -name space operations. Basic operations on qualified names have been -move from structure NameSpace to Long_Name, e.g. Long_Name.base_name, -Long_Name.append. Old type bstring has been mostly replaced by -abstract type binding (see structure Binding), which supports precise -qualification by packages and local theory targets, as well as proper -tracking of source positions. INCOMPATIBILITY, need to wrap old -bstring values into Binding.name, or better pass through abstract -bindings everywhere. See further src/Pure/General/long_name.ML, -src/Pure/General/binding.ML and src/Pure/General/name_space.ML - -* Result facts (from PureThy.note_thms, ProofContext.note_thms, -LocalTheory.note etc.) now refer to the *full* internal name, not the -bstring as before. INCOMPATIBILITY, not detected by ML type-checking! - -* Disposed old type and term read functions (Sign.read_def_typ, -Sign.read_typ, Sign.read_def_terms, Sign.read_term, -Thm.read_def_cterms, Thm.read_cterm etc.). INCOMPATIBILITY, should -use regular Syntax.read_typ, Syntax.read_term, Syntax.read_typ_global, -Syntax.read_term_global etc.; see also OldGoals.read_term as last -resort for legacy applications. - -* Disposed old declarations, tactics, tactic combinators that refer to -the simpset or claset of an implicit theory (such as Addsimps, -Simp_tac, SIMPSET). INCOMPATIBILITY, should use @{simpset} etc. in -embedded ML text, or local_simpset_of with a proper context passed as -explicit runtime argument. - -* Rules and tactics that read instantiations (read_instantiate, -res_inst_tac, thin_tac, subgoal_tac etc.) now demand a proper proof -context, which is required for parsing and type-checking. Moreover, -the variables are specified as plain indexnames, not string encodings -thereof. INCOMPATIBILITY. - -* Generic Toplevel.add_hook interface allows to analyze the result of -transactions. E.g. see src/Pure/ProofGeneral/proof_general_pgip.ML -for theorem dependency output of transactions resulting in a new -theory state. - -* ML antiquotations: block-structured compilation context indicated by -\ ... \; additional antiquotation forms: - - @{binding name} - basic name binding - @{let ?pat = term} - term abbreviation (HO matching) - @{note name = fact} - fact abbreviation - @{thm fact} - singleton fact (with attributes) - @{thms fact} - general fact (with attributes) - @{lemma prop by method} - singleton goal - @{lemma prop by meth1 meth2} - singleton goal - @{lemma prop1 ... propN by method} - general goal - @{lemma prop1 ... propN by meth1 meth2} - general goal - @{lemma (open) ...} - open derivation - - -*** System *** - -* The Isabelle "emacs" tool provides a specific interface to invoke -Proof General / Emacs, with more explicit failure if that is not -installed (the old isabelle-interface script silently falls back on -isabelle-process). The PROOFGENERAL_HOME setting determines the -installation location of the Proof General distribution. - -* Isabelle/lib/classes/Pure.jar provides basic support to integrate -the Isabelle process into a JVM/Scala application. See -Isabelle/lib/jedit/plugin for a minimal example. (The obsolete Java -process wrapper has been discontinued.) - -* Added homegrown Isabelle font with unicode layout, see lib/fonts. - -* Various status messages (with exact source position information) are -emitted, if proper markup print mode is enabled. This allows -user-interface components to provide detailed feedback on internal -prover operations. - - - -New in Isabelle2008 (June 2008) -------------------------------- - -*** General *** - -* The Isabelle/Isar Reference Manual (isar-ref) has been reorganized -and updated, with formally checked references as hyperlinks. - -* Theory loader: use_thy (and similar operations) no longer set the -implicit ML context, which was occasionally hard to predict and in -conflict with concurrency. INCOMPATIBILITY, use ML within Isar which -provides a proper context already. - -* Theory loader: old-style ML proof scripts being *attached* to a thy -file are no longer supported. INCOMPATIBILITY, regular 'uses' and -'use' within a theory file will do the job. - -* Name space merge now observes canonical order, i.e. the second space -is inserted into the first one, while existing entries in the first -space take precedence. INCOMPATIBILITY in rare situations, may try to -swap theory imports. - -* Syntax: symbol \ is now considered a letter. Potential -INCOMPATIBILITY in identifier syntax etc. - -* Outer syntax: string tokens no longer admit escaped white space, -which was an accidental (undocumented) feature. INCOMPATIBILITY, use -white space without escapes. - -* Outer syntax: string tokens may contain arbitrary character codes -specified via 3 decimal digits (as in SML). E.g. "foo\095bar" for -"foo_bar". - - -*** Pure *** - -* Context-dependent token translations. Default setup reverts locally -fixed variables, and adds hilite markup for undeclared frees. - -* Unused theorems can be found using the new command 'unused_thms'. -There are three ways of invoking it: - -(1) unused_thms - Only finds unused theorems in the current theory. - -(2) unused_thms thy_1 ... thy_n - - Finds unused theorems in the current theory and all of its ancestors, - excluding the theories thy_1 ... thy_n and all of their ancestors. - -(3) unused_thms thy_1 ... thy_n - thy'_1 ... thy'_m - Finds unused theorems in the theories thy'_1 ... thy'_m and all of - their ancestors, excluding the theories thy_1 ... thy_n and all of - their ancestors. - -In order to increase the readability of the list produced by -unused_thms, theorems that have been created by a particular instance -of a theory command such as 'inductive' or 'function' are considered -to belong to the same "group", meaning that if at least one theorem in -this group is used, the other theorems in the same group are no longer -reported as unused. Moreover, if all theorems in the group are -unused, only one theorem in the group is displayed. - -Note that proof objects have to be switched on in order for -unused_thms to work properly (i.e. !proofs must be >= 1, which is -usually the case when using Proof General with the default settings). - -* Authentic naming of facts disallows ad-hoc overwriting of previous -theorems within the same name space. INCOMPATIBILITY, need to remove -duplicate fact bindings, or even accidental fact duplications. Note -that tools may maintain dynamically scoped facts systematically, using -PureThy.add_thms_dynamic. - -* Command 'hide' now allows to hide from "fact" name space as well. - -* Eliminated destructive theorem database, simpset, claset, and -clasimpset. Potential INCOMPATIBILITY, really need to observe linear -update of theories within ML code. - -* Eliminated theory ProtoPure and CPure, leaving just one Pure theory. -INCOMPATIBILITY, object-logics depending on former Pure require -additional setup PureThy.old_appl_syntax_setup; object-logics -depending on former CPure need to refer to Pure. - -* Commands 'use' and 'ML' are now purely functional, operating on -theory/local_theory. Removed former 'ML_setup' (on theory), use 'ML' -instead. Added 'ML_val' as mere diagnostic replacement for 'ML'. -INCOMPATIBILITY. - -* Command 'setup': discontinued implicit version with ML reference. - -* Instantiation target allows for simultaneous specification of class -instance operations together with an instantiation proof. -Type-checking phase allows to refer to class operations uniformly. -See src/HOL/Complex/Complex.thy for an Isar example and -src/HOL/Library/Eval.thy for an ML example. - -* Indexing of literal facts: be more serious about including only -facts from the visible specification/proof context, but not the -background context (locale etc.). Affects `prop` notation and method -"fact". INCOMPATIBILITY: need to name facts explicitly in rare -situations. - -* Method "cases", "induct", "coinduct": removed obsolete/undocumented -"(open)" option, which used to expose internal bound variables to the -proof text. - -* Isar statements: removed obsolete case "rule_context". -INCOMPATIBILITY, better use explicit fixes/assumes. - -* Locale proofs: default proof step now includes 'unfold_locales'; -hence 'proof' without argument may be used to unfold locale -predicates. - - -*** Document preparation *** - -* Simplified pdfsetup.sty: color/hyperref is used unconditionally for -both pdf and dvi (hyperlinks usually work in xdvi as well); removed -obsolete thumbpdf setup (contemporary PDF viewers do this on the -spot); renamed link color from "darkblue" to "linkcolor" (default -value unchanged, can be redefined via \definecolor); no longer sets -"a4paper" option (unnecessary or even intrusive). - -* Antiquotation @{lemma A method} proves proposition A by the given -method (either a method name or a method name plus (optional) method -arguments in parentheses) and prints A just like @{prop A}. - - -*** HOL *** - -* New primrec package. Specification syntax conforms in style to -definition/function/.... No separate induction rule is provided. The -"primrec" command distinguishes old-style and new-style specifications -by syntax. The former primrec package is now named OldPrimrecPackage. -When adjusting theories, beware: constants stemming from new-style -primrec specifications have authentic syntax. - -* Metis prover is now an order of magnitude faster, and also works -with multithreading. - -* Metis: the maximum number of clauses that can be produced from a -theorem is now given by the attribute max_clauses. Theorems that -exceed this number are ignored, with a warning printed. - -* Sledgehammer no longer produces structured proofs by default. To -enable, declare [[sledgehammer_full = true]]. Attributes -reconstruction_modulus, reconstruction_sorts renamed -sledgehammer_modulus, sledgehammer_sorts. INCOMPATIBILITY. - -* Method "induct_scheme" derives user-specified induction rules -from well-founded induction and completeness of patterns. This factors -out some operations that are done internally by the function package -and makes them available separately. See -src/HOL/ex/Induction_Scheme.thy for examples. - -* More flexible generation of measure functions for termination -proofs: Measure functions can be declared by proving a rule of the -form "is_measure f" and giving it the [measure_function] attribute. -The "is_measure" predicate is logically meaningless (always true), and -just guides the heuristic. To find suitable measure functions, the -termination prover sets up the goal "is_measure ?f" of the appropriate -type and generates all solutions by Prolog-style backward proof using -the declared rules. - -This setup also deals with rules like - - "is_measure f ==> is_measure (list_size f)" - -which accommodates nested datatypes that recurse through lists. -Similar rules are predeclared for products and option types. - -* Turned the type of sets "'a set" into an abbreviation for "'a => bool" - - INCOMPATIBILITIES: - - - Definitions of overloaded constants on sets have to be replaced by - definitions on => and bool. - - - Some definitions of overloaded operators on sets can now be proved - using the definitions of the operators on => and bool. Therefore, - the following theorems have been renamed: - - subset_def -> subset_eq - psubset_def -> psubset_eq - set_diff_def -> set_diff_eq - Compl_def -> Compl_eq - Sup_set_def -> Sup_set_eq - Inf_set_def -> Inf_set_eq - sup_set_def -> sup_set_eq - inf_set_def -> inf_set_eq - - - Due to the incompleteness of the HO unification algorithm, some - rules such as subst may require manual instantiation, if some of - the unknowns in the rule is a set. - - - Higher order unification and forward proofs: - The proof pattern - - have "P (S::'a set)" <...> - then have "EX S. P S" .. - - no longer works (due to the incompleteness of the HO unification - algorithm) and must be replaced by the pattern - - have "EX S. P S" - proof - show "P S" <...> - qed - - - Calculational reasoning with subst (or similar rules): - The proof pattern - - have "P (S::'a set)" <...> - also have "S = T" <...> - finally have "P T" . - - no longer works (for similar reasons as the previous example) and - must be replaced by something like - - have "P (S::'a set)" <...> - moreover have "S = T" <...> - ultimately have "P T" by simp - - - Tactics or packages written in ML code: - Code performing pattern matching on types via - - Type ("set", [T]) => ... - - must be rewritten. Moreover, functions like strip_type or - binder_types no longer return the right value when applied to a - type of the form - - T1 => ... => Tn => U => bool - - rather than - - T1 => ... => Tn => U set - -* Merged theories Wellfounded_Recursion, Accessible_Part and -Wellfounded_Relations to theory Wellfounded. - -* Explicit class "eq" for executable equality. INCOMPATIBILITY. - -* Class finite no longer treats UNIV as class parameter. Use class -enum from theory Library/Enum instead to achieve a similar effect. -INCOMPATIBILITY. - -* Theory List: rule list_induct2 now has explicitly named cases "Nil" -and "Cons". INCOMPATIBILITY. - -* HOL (and FOL): renamed variables in rules imp_elim and swap. -Potential INCOMPATIBILITY. - -* Theory Product_Type: duplicated lemmas split_Pair_apply and -injective_fst_snd removed, use split_eta and prod_eqI instead. -Renamed upd_fst to apfst and upd_snd to apsnd. INCOMPATIBILITY. - -* Theory Nat: removed redundant lemmas that merely duplicate lemmas of -the same name in theory Orderings: - - less_trans - less_linear - le_imp_less_or_eq - le_less_trans - less_le_trans - less_not_sym - less_asym - -Renamed less_imp_le to less_imp_le_nat, and less_irrefl to -less_irrefl_nat. Potential INCOMPATIBILITY due to more general types -and different variable names. - -* Library/Option_ord.thy: Canonical order on option type. - -* Library/RBT.thy: Red-black trees, an efficient implementation of -finite maps. - -* Library/Countable.thy: Type class for countable types. - -* Theory Int: The representation of numerals has changed. The infix -operator BIT and the bit datatype with constructors B0 and B1 have -disappeared. INCOMPATIBILITY, use "Int.Bit0 x" and "Int.Bit1 y" in -place of "x BIT bit.B0" and "y BIT bit.B1", respectively. Theorems -involving BIT, B0, or B1 have been renamed with "Bit0" or "Bit1" -accordingly. - -* Theory Nat: definition of <= and < on natural numbers no longer -depend on well-founded relations. INCOMPATIBILITY. Definitions -le_def and less_def have disappeared. Consider lemmas not_less -[symmetric, where ?'a = nat] and less_eq [symmetric] instead. - -* Theory Finite_Set: locales ACf, ACe, ACIf, ACIfSL and ACIfSLlin -(whose purpose mainly is for various fold_set functionals) have been -abandoned in favor of the existing algebraic classes -ab_semigroup_mult, comm_monoid_mult, ab_semigroup_idem_mult, -lower_semilattice (resp. upper_semilattice) and linorder. -INCOMPATIBILITY. - -* Theory Transitive_Closure: induct and cases rules now declare proper -case_names ("base" and "step"). INCOMPATIBILITY. - -* Theorem Inductive.lfp_ordinal_induct generalized to complete -lattices. The form set-specific version is available as -Inductive.lfp_ordinal_induct_set. - -* Renamed theorems "power.simps" to "power_int.simps". -INCOMPATIBILITY. - -* Class semiring_div provides basic abstract properties of semirings -with division and modulo operations. Subsumes former class dvd_mod. - -* Merged theories IntDef, Numeral and IntArith into unified theory -Int. INCOMPATIBILITY. - -* Theory Library/Code_Index: type "index" now represents natural -numbers rather than integers. INCOMPATIBILITY. - -* New class "uminus" with operation "uminus" (split of from class -"minus" which now only has operation "minus", binary). -INCOMPATIBILITY. - -* Constants "card", "internal_split", "option_map" now with authentic -syntax. INCOMPATIBILITY. - -* Definitions subset_def, psubset_def, set_diff_def, Compl_def, -le_bool_def, less_bool_def, le_fun_def, less_fun_def, inf_bool_def, -sup_bool_def, Inf_bool_def, Sup_bool_def, inf_fun_def, sup_fun_def, -Inf_fun_def, Sup_fun_def, inf_set_def, sup_set_def, Inf_set_def, -Sup_set_def, le_def, less_def, option_map_def now with object -equality. INCOMPATIBILITY. - -* Records. Removed K_record, and replaced it by pure lambda term -%x. c. The simplifier setup is now more robust against eta expansion. -INCOMPATIBILITY: in cases explicitly referring to K_record. - -* Library/Multiset: {#a, b, c#} abbreviates {#a#} + {#b#} + {#c#}. - -* Library/ListVector: new theory of arithmetic vector operations. - -* Library/Order_Relation: new theory of various orderings as sets of -pairs. Defines preorders, partial orders, linear orders and -well-orders on sets and on types. - - -*** ZF *** - -* Renamed some theories to allow to loading both ZF and HOL in the -same session: - - Datatype -> Datatype_ZF - Inductive -> Inductive_ZF - Int -> Int_ZF - IntDiv -> IntDiv_ZF - Nat -> Nat_ZF - List -> List_ZF - Main -> Main_ZF - -INCOMPATIBILITY: ZF theories that import individual theories below -Main might need to be adapted. Regular theory Main is still -available, as trivial extension of Main_ZF. - - -*** ML *** - -* ML within Isar: antiquotation @{const name} or @{const -name(typargs)} produces statically-checked Const term. - -* Functor NamedThmsFun: data is available to the user as dynamic fact -(of the same name). Removed obsolete print command. - -* Removed obsolete "use_legacy_bindings" function. - -* The ``print mode'' is now a thread-local value derived from a global -template (the former print_mode reference), thus access becomes -non-critical. The global print_mode reference is for session -management only; user-code should use print_mode_value, -print_mode_active, PrintMode.setmp etc. INCOMPATIBILITY. - -* Functions system/system_out provide a robust way to invoke external -shell commands, with propagation of interrupts (requires Poly/ML -5.2.1). Do not use OS.Process.system etc. from the basis library! - - -*** System *** - -* Default settings: PROOFGENERAL_OPTIONS no longer impose xemacs --- -in accordance with Proof General 3.7, which prefers GNU emacs. - -* isatool tty runs Isabelle process with plain tty interaction; -optional line editor may be specified via ISABELLE_LINE_EDITOR -setting, the default settings attempt to locate "ledit" and "rlwrap". - -* isatool browser now works with Cygwin as well, using general -"javapath" function defined in Isabelle process environment. - -* YXML notation provides a simple and efficient alternative to -standard XML transfer syntax. See src/Pure/General/yxml.ML and -isatool yxml as described in the Isabelle system manual. - -* JVM class isabelle.IsabelleProcess (located in Isabelle/lib/classes) -provides general wrapper for managing an Isabelle process in a robust -fashion, with ``cooked'' output from stdin/stderr. - -* Rudimentary Isabelle plugin for jEdit (see Isabelle/lib/jedit), -based on Isabelle/JVM process wrapper (see Isabelle/lib/classes). - -* Removed obsolete THIS_IS_ISABELLE_BUILD feature. NB: the documented -way of changing the user's settings is via -ISABELLE_HOME_USER/etc/settings, which is a fully featured bash -script. - -* Multithreading.max_threads := 0 refers to the number of actual CPU -cores of the underlying machine, which is a good starting point for -optimal performance tuning. The corresponding usedir option -M allows -"max" as an alias for "0". WARNING: does not work on certain versions -of Mac OS (with Poly/ML 5.1). - -* isabelle-process: non-ML sessions are run with "nice", to reduce the -adverse effect of Isabelle flooding interactive front-ends (notably -ProofGeneral / XEmacs). - - - -New in Isabelle2007 (November 2007) ------------------------------------ - -*** General *** - -* More uniform information about legacy features, notably a -warning/error of "Legacy feature: ...", depending on the state of the -tolerate_legacy_features flag (default true). FUTURE INCOMPATIBILITY: -legacy features will disappear eventually. - -* Theory syntax: the header format ``theory A = B + C:'' has been -discontinued in favour of ``theory A imports B C begin''. Use isatool -fixheaders to convert existing theory files. INCOMPATIBILITY. - -* Theory syntax: the old non-Isar theory file format has been -discontinued altogether. Note that ML proof scripts may still be used -with Isar theories; migration is usually quite simple with the ML -function use_legacy_bindings. INCOMPATIBILITY. - -* Theory syntax: some popular names (e.g. 'class', 'declaration', -'fun', 'help', 'if') are now keywords. INCOMPATIBILITY, use double -quotes. - -* Theory loader: be more serious about observing the static theory -header specifications (including optional directories), but not the -accidental file locations of previously successful loads. The strict -update policy of former update_thy is now already performed by -use_thy, so the former has been removed; use_thys updates several -theories simultaneously, just as 'imports' within a theory header -specification, but without merging the results. Potential -INCOMPATIBILITY: may need to refine theory headers and commands -ROOT.ML which depend on load order. - -* Theory loader: optional support for content-based file -identification, instead of the traditional scheme of full physical -path plus date stamp; configured by the ISABELLE_FILE_IDENT setting -(cf. the system manual). The new scheme allows to work with -non-finished theories in persistent session images, such that source -files may be moved later on without requiring reloads. - -* Theory loader: old-style ML proof scripts being *attached* to a thy -file (with the same base name as the theory) are considered a legacy -feature, which will disappear eventually. Even now, the theory loader -no longer maintains dependencies on such files. - -* Syntax: the scope for resolving ambiguities via type-inference is -now limited to individual terms, instead of whole simultaneous -specifications as before. This greatly reduces the complexity of the -syntax module and improves flexibility by separating parsing and -type-checking. INCOMPATIBILITY: additional type-constraints (explicit -'fixes' etc.) are required in rare situations. - -* Syntax: constants introduced by new-style packages ('definition', -'abbreviation' etc.) are passed through the syntax module in -``authentic mode''. This means that associated mixfix annotations -really stick to such constants, independently of potential name space -ambiguities introduced later on. INCOMPATIBILITY: constants in parse -trees are represented slightly differently, may need to adapt syntax -translations accordingly. Use CONST marker in 'translations' and -@{const_syntax} antiquotation in 'parse_translation' etc. - -* Legacy goal package: reduced interface to the bare minimum required -to keep existing proof scripts running. Most other user-level -functions are now part of the OldGoals structure, which is *not* open -by default (consider isatool expandshort before open OldGoals). -Removed top_sg, prin, printyp, pprint_term/typ altogether, because -these tend to cause confusion about the actual goal (!) context being -used here, which is not necessarily the same as the_context(). - -* Command 'find_theorems': supports "*" wild-card in "name:" -criterion; "with_dups" option. Certain ProofGeneral versions might -support a specific search form (see ProofGeneral/CHANGES). - -* The ``prems limit'' option (cf. ProofContext.prems_limit) is now -1 -by default, which means that "prems" (and also "fixed variables") are -suppressed from proof state output. Note that the ProofGeneral -settings mechanism allows to change and save options persistently, but -older versions of Isabelle will fail to start up if a negative prems -limit is imposed. - -* Local theory targets may be specified by non-nested blocks of -``context/locale/class ... begin'' followed by ``end''. The body may -contain definitions, theorems etc., including any derived mechanism -that has been implemented on top of these primitives. This concept -generalizes the existing ``theorem (in ...)'' towards more versatility -and scalability. - -* Proof General interface: proper undo of final 'end' command; -discontinued Isabelle/classic mode (ML proof scripts). - - -*** Document preparation *** - -* Added antiquotation @{theory name} which prints the given name, -after checking that it refers to a valid ancestor theory in the -current context. - -* Added antiquotations @{ML_type text} and @{ML_struct text} which -check the given source text as ML type/structure, printing verbatim. - -* Added antiquotation @{abbrev "c args"} which prints the abbreviation -"c args == rhs" given in the current context. (Any number of -arguments may be given on the LHS.) - - -*** Pure *** - -* The 'class' package offers a combination of axclass and locale to -achieve Haskell-like type classes in Isabelle. Definitions and -theorems within a class context produce both relative results (with -implicit parameters according to the locale context), and polymorphic -constants with qualified polymorphism (according to the class -context). Within the body context of a 'class' target, a separate -syntax layer ("user space type system") takes care of converting -between global polymorphic consts and internal locale representation. -See src/HOL/ex/Classpackage.thy for examples (as well as main HOL). -"isatool doc classes" provides a tutorial. - -* Generic code generator framework allows to generate executable -code for ML and Haskell (including Isabelle classes). A short usage -sketch: - - internal compilation: - export_code in SML - writing SML code to a file: - export_code in SML - writing OCaml code to a file: - export_code in OCaml - writing Haskell code to a bunch of files: - export_code in Haskell - - evaluating closed propositions to True/False using code generation: - method ``eval'' - -Reasonable default setup of framework in HOL. - -Theorem attributs for selecting and transforming function equations theorems: - - [code fun]: select a theorem as function equation for a specific constant - [code fun del]: deselect a theorem as function equation for a specific constant - [code inline]: select an equation theorem for unfolding (inlining) in place - [code inline del]: deselect an equation theorem for unfolding (inlining) in place - -User-defined serializations (target in {SML, OCaml, Haskell}): - - code_const - {(target) }+ - - code_type - {(target) }+ - - code_instance - {(target)}+ - where instance ::= :: - - code_class - {(target) }+ - where class target syntax ::= {where { == }+}? - -code_instance and code_class only are effective to target Haskell. - -For example usage see src/HOL/ex/Codegenerator.thy and -src/HOL/ex/Codegenerator_Pretty.thy. A separate tutorial on code -generation from Isabelle/HOL theories is available via "isatool doc -codegen". - -* Code generator: consts in 'consts_code' Isar commands are now -referred to by usual term syntax (including optional type -annotations). - -* Command 'no_translations' removes translation rules from theory -syntax. - -* Overloaded definitions are now actually checked for acyclic -dependencies. The overloading scheme is slightly more general than -that of Haskell98, although Isabelle does not demand an exact -correspondence to type class and instance declarations. -INCOMPATIBILITY, use ``defs (unchecked overloaded)'' to admit more -exotic versions of overloading -- at the discretion of the user! - -Polymorphic constants are represented via type arguments, i.e. the -instantiation that matches an instance against the most general -declaration given in the signature. For example, with the declaration -c :: 'a => 'a => 'a, an instance c :: nat => nat => nat is represented -as c(nat). Overloading is essentially simultaneous structural -recursion over such type arguments. Incomplete specification patterns -impose global constraints on all occurrences, e.g. c('a * 'a) on the -LHS means that more general c('a * 'b) will be disallowed on any RHS. -Command 'print_theory' outputs the normalized system of recursive -equations, see section "definitions". - -* Configuration options are maintained within the theory or proof -context (with name and type bool/int/string), providing a very simple -interface to a poor-man's version of general context data. Tools may -declare options in ML (e.g. using Attrib.config_int) and then refer to -these values using Config.get etc. Users may change options via an -associated attribute of the same name. This form of context -declaration works particularly well with commands 'declare' or -'using', for example ``declare [[foo = 42]]''. Thus it has become -very easy to avoid global references, which would not observe Isar -toplevel undo/redo and fail to work with multithreading. - -Various global ML references of Pure and HOL have been turned into -configuration options: - - Unify.search_bound unify_search_bound - Unify.trace_bound unify_trace_bound - Unify.trace_simp unify_trace_simp - Unify.trace_types unify_trace_types - Simplifier.simp_depth_limit simp_depth_limit - Blast.depth_limit blast_depth_limit - DatatypeProp.dtK datatype_distinctness_limit - fast_arith_neq_limit fast_arith_neq_limit - fast_arith_split_limit fast_arith_split_limit - -* Named collections of theorems may be easily installed as context -data using the functor NamedThmsFun (see also -src/Pure/Tools/named_thms.ML). The user may add or delete facts via -attributes; there is also a toplevel print command. This facility is -just a common case of general context data, which is the preferred way -for anything more complex than just a list of facts in canonical -order. - -* Isar: command 'declaration' augments a local theory by generic -declaration functions written in ML. This enables arbitrary content -being added to the context, depending on a morphism that tells the -difference of the original declaration context wrt. the application -context encountered later on. - -* Isar: proper interfaces for simplification procedures. Command -'simproc_setup' declares named simprocs (with match patterns, and body -text in ML). Attribute "simproc" adds/deletes simprocs in the current -context. ML antiquotation @{simproc name} retrieves named simprocs. - -* Isar: an extra pair of brackets around attribute declarations -abbreviates a theorem reference involving an internal dummy fact, -which will be ignored later --- only the effect of the attribute on -the background context will persist. This form of in-place -declarations is particularly useful with commands like 'declare' and -'using', for example ``have A using [[simproc a]] by simp''. - -* Isar: method "assumption" (and implicit closing of subproofs) now -takes simple non-atomic goal assumptions into account: after applying -an assumption as a rule the resulting subgoals are solved by atomic -assumption steps. This is particularly useful to finish 'obtain' -goals, such as "!!x. (!!x. P x ==> thesis) ==> P x ==> thesis", -without referring to the original premise "!!x. P x ==> thesis" in the -Isar proof context. POTENTIAL INCOMPATIBILITY: method "assumption" is -more permissive. - -* Isar: implicit use of prems from the Isar proof context is -considered a legacy feature. Common applications like ``have A .'' -may be replaced by ``have A by fact'' or ``note `A`''. In general, -referencing facts explicitly here improves readability and -maintainability of proof texts. - -* Isar: improper proof element 'guess' is like 'obtain', but derives -the obtained context from the course of reasoning! For example: - - assume "EX x y. A x & B y" -- "any previous fact" - then guess x and y by clarify - -This technique is potentially adventurous, depending on the facts and -proof tools being involved here. - -* Isar: known facts from the proof context may be specified as literal -propositions, using ASCII back-quote syntax. This works wherever -named facts used to be allowed so far, in proof commands, proof -methods, attributes etc. Literal facts are retrieved from the context -according to unification of type and term parameters. For example, -provided that "A" and "A ==> B" and "!!x. P x ==> Q x" are known -theorems in the current context, then these are valid literal facts: -`A` and `A ==> B` and `!!x. P x ==> Q x" as well as `P a ==> Q a` etc. - -There is also a proof method "fact" which does the same composition -for explicit goal states, e.g. the following proof texts coincide with -certain special cases of literal facts: - - have "A" by fact == note `A` - have "A ==> B" by fact == note `A ==> B` - have "!!x. P x ==> Q x" by fact == note `!!x. P x ==> Q x` - have "P a ==> Q a" by fact == note `P a ==> Q a` - -* Isar: ":" (colon) is no longer a symbolic identifier character in -outer syntax. Thus symbolic identifiers may be used without -additional white space in declarations like this: ``assume *: A''. - -* Isar: 'print_facts' prints all local facts of the current context, -both named and unnamed ones. - -* Isar: 'def' now admits simultaneous definitions, e.g.: - - def x == "t" and y == "u" - -* Isar: added command 'unfolding', which is structurally similar to -'using', but affects both the goal state and facts by unfolding given -rewrite rules. Thus many occurrences of the 'unfold' method or -'unfolded' attribute may be replaced by first-class proof text. - -* Isar: methods 'unfold' / 'fold', attributes 'unfolded' / 'folded', -and command 'unfolding' now all support object-level equalities -(potentially conditional). The underlying notion of rewrite rule is -analogous to the 'rule_format' attribute, but *not* that of the -Simplifier (which is usually more generous). - -* Isar: the new attribute [rotated n] (default n = 1) rotates the -premises of a theorem by n. Useful in conjunction with drule. - -* Isar: the goal restriction operator [N] (default N = 1) evaluates a -method expression within a sandbox consisting of the first N -sub-goals, which need to exist. For example, ``simp_all [3]'' -simplifies the first three sub-goals, while (rule foo, simp_all)[] -simplifies all new goals that emerge from applying rule foo to the -originally first one. - -* Isar: schematic goals are no longer restricted to higher-order -patterns; e.g. ``lemma "?P(?x)" by (rule TrueI)'' now works as -expected. - -* Isar: the conclusion of a long theorem statement is now either -'shows' (a simultaneous conjunction, as before), or 'obtains' -(essentially a disjunction of cases with local parameters and -assumptions). The latter allows to express general elimination rules -adequately; in this notation common elimination rules look like this: - - lemma exE: -- "EX x. P x ==> (!!x. P x ==> thesis) ==> thesis" - assumes "EX x. P x" - obtains x where "P x" - - lemma conjE: -- "A & B ==> (A ==> B ==> thesis) ==> thesis" - assumes "A & B" - obtains A and B - - lemma disjE: -- "A | B ==> (A ==> thesis) ==> (B ==> thesis) ==> thesis" - assumes "A | B" - obtains - A - | B - -The subsequent classical rules even refer to the formal "thesis" -explicitly: - - lemma classical: -- "(~ thesis ==> thesis) ==> thesis" - obtains "~ thesis" - - lemma Peirce's_Law: -- "((thesis ==> something) ==> thesis) ==> thesis" - obtains "thesis ==> something" - -The actual proof of an 'obtains' statement is analogous to that of the -Isar proof element 'obtain', only that there may be several cases. -Optional case names may be specified in parentheses; these will be -available both in the present proof and as annotations in the -resulting rule, for later use with the 'cases' method (cf. attribute -case_names). - -* Isar: the assumptions of a long theorem statement are available as -"assms" fact in the proof context. This is more appropriate than the -(historical) "prems", which refers to all assumptions of the current -context, including those from the target locale, proof body etc. - -* Isar: 'print_statement' prints theorems from the current theory or -proof context in long statement form, according to the syntax of a -top-level lemma. - -* Isar: 'obtain' takes an optional case name for the local context -introduction rule (default "that"). - -* Isar: removed obsolete 'concl is' patterns. INCOMPATIBILITY, use -explicit (is "_ ==> ?foo") in the rare cases where this still happens -to occur. - -* Pure: syntax "CONST name" produces a fully internalized constant -according to the current context. This is particularly useful for -syntax translations that should refer to internal constant -representations independently of name spaces. - -* Pure: syntax constant for foo (binder "FOO ") is called "foo_binder" -instead of "FOO ". This allows multiple binder declarations to coexist -in the same context. INCOMPATIBILITY. - -* Isar/locales: 'notation' provides a robust interface to the 'syntax' -primitive that also works in a locale context (both for constants and -fixed variables). Type declaration and internal syntactic representation -of given constants retrieved from the context. Likewise, the -'no_notation' command allows to remove given syntax annotations from the -current context. - -* Isar/locales: new derived specification elements 'axiomatization', -'definition', 'abbreviation', which support type-inference, admit -object-level specifications (equality, equivalence). See also the -isar-ref manual. Examples: - - axiomatization - eq (infix "===" 50) where - eq_refl: "x === x" and eq_subst: "x === y ==> P x ==> P y" - - definition "f x y = x + y + 1" - definition g where "g x = f x x" - - abbreviation - neq (infix "=!=" 50) where - "x =!= y == ~ (x === y)" - -These specifications may be also used in a locale context. Then the -constants being introduced depend on certain fixed parameters, and the -constant name is qualified by the locale base name. An internal -abbreviation takes care for convenient input and output, making the -parameters implicit and using the original short name. See also -src/HOL/ex/Abstract_NAT.thy for an example of deriving polymorphic -entities from a monomorphic theory. - -Presently, abbreviations are only available 'in' a target locale, but -not inherited by general import expressions. Also note that -'abbreviation' may be used as a type-safe replacement for 'syntax' + -'translations' in common applications. The "no_abbrevs" print mode -prevents folding of abbreviations in term output. - -Concrete syntax is attached to specified constants in internal form, -independently of name spaces. The parse tree representation is -slightly different -- use 'notation' instead of raw 'syntax', and -'translations' with explicit "CONST" markup to accommodate this. - -* Pure/Isar: unified syntax for new-style specification mechanisms -(e.g. 'definition', 'abbreviation', or 'inductive' in HOL) admits -full type inference and dummy patterns ("_"). For example: - - definition "K x _ = x" - - inductive conj for A B - where "A ==> B ==> conj A B" - -* Pure: command 'print_abbrevs' prints all constant abbreviations of -the current context. Print mode "no_abbrevs" prevents inversion of -abbreviations on output. - -* Isar/locales: improved parameter handling: use of locales "var" and -"struct" no longer necessary; - parameter renamings are no longer -required to be injective. For example, this allows to define -endomorphisms as locale endom = homom mult mult h. - -* Isar/locales: changed the way locales with predicates are defined. -Instead of accumulating the specification, the imported expression is -now an interpretation. INCOMPATIBILITY: different normal form of -locale expressions. In particular, in interpretations of locales with -predicates, goals repesenting already interpreted fragments are not -removed automatically. Use methods `intro_locales' and -`unfold_locales'; see below. - -* Isar/locales: new methods `intro_locales' and `unfold_locales' -provide backward reasoning on locales predicates. The methods are -aware of interpretations and discharge corresponding goals. -`intro_locales' is less aggressive then `unfold_locales' and does not -unfold predicates to assumptions. - -* Isar/locales: the order in which locale fragments are accumulated -has changed. This enables to override declarations from fragments due -to interpretations -- for example, unwanted simp rules. - -* Isar/locales: interpretation in theories and proof contexts has been -extended. One may now specify (and prove) equations, which are -unfolded in interpreted theorems. This is useful for replacing -defined concepts (constants depending on locale parameters) by -concepts already existing in the target context. Example: - - interpretation partial_order ["op <= :: [int, int] => bool"] - where "partial_order.less (op <=) (x::int) y = (x < y)" - -Typically, the constant `partial_order.less' is created by a -definition specification element in the context of locale -partial_order. - -* Method "induct": improved internal context management to support -local fixes and defines on-the-fly. Thus explicit meta-level -connectives !! and ==> are rarely required anymore in inductive goals -(using object-logic connectives for this purpose has been long -obsolete anyway). Common proof patterns are explained in -src/HOL/Induct/Common_Patterns.thy, see also -src/HOL/Isar_examples/Puzzle.thy and src/HOL/Lambda for realistic -examples. - -* Method "induct": improved handling of simultaneous goals. Instead of -introducing object-level conjunction, the statement is now split into -several conclusions, while the corresponding symbolic cases are nested -accordingly. INCOMPATIBILITY, proofs need to be structured explicitly, -see src/HOL/Induct/Common_Patterns.thy, for example. - -* Method "induct": mutual induction rules are now specified as a list -of rule sharing the same induction cases. HOL packages usually provide -foo_bar.inducts for mutually defined items foo and bar (e.g. inductive -predicates/sets or datatypes). INCOMPATIBILITY, users need to specify -mutual induction rules differently, i.e. like this: - - (induct rule: foo_bar.inducts) - (induct set: foo bar) - (induct pred: foo bar) - (induct type: foo bar) - -The ML function ProjectRule.projections turns old-style rules into the -new format. - -* Method "coinduct": dual of induction, see -src/HOL/Library/Coinductive_List.thy for various examples. - -* Method "cases", "induct", "coinduct": the ``(open)'' option is -considered a legacy feature. - -* Attribute "symmetric" produces result with standardized schematic -variables (index 0). Potential INCOMPATIBILITY. - -* Simplifier: by default the simplifier trace only shows top level -rewrites now. That is, trace_simp_depth_limit is set to 1 by -default. Thus there is less danger of being flooded by the trace. The -trace indicates where parts have been suppressed. - -* Provers/classical: removed obsolete classical version of elim_format -attribute; classical elim/dest rules are now treated uniformly when -manipulating the claset. - -* Provers/classical: stricter checks to ensure that supplied intro, -dest and elim rules are well-formed; dest and elim rules must have at -least one premise. - -* Provers/classical: attributes dest/elim/intro take an optional -weight argument for the rule (just as the Pure versions). Weights are -ignored by automated tools, but determine the search order of single -rule steps. - -* Syntax: input syntax now supports dummy variable binding "%_. b", -where the body does not mention the bound variable. Note that dummy -patterns implicitly depend on their context of bounds, which makes -"{_. _}" match any set comprehension as expected. Potential -INCOMPATIBILITY -- parse translations need to cope with syntactic -constant "_idtdummy" in the binding position. - -* Syntax: removed obsolete syntactic constant "_K" and its associated -parse translation. INCOMPATIBILITY -- use dummy abstraction instead, -for example "A -> B" => "Pi A (%_. B)". - -* Pure: 'class_deps' command visualizes the subclass relation, using -the graph browser tool. - -* Pure: 'print_theory' now suppresses certain internal declarations by -default; use '!' option for full details. - - -*** HOL *** - -* Method "metis" proves goals by applying the Metis general-purpose -resolution prover (see also http://gilith.com/software/metis/). -Examples are in the directory MetisExamples. WARNING: the -Isabelle/HOL-Metis integration does not yet work properly with -multi-threading. - -* Command 'sledgehammer' invokes external automatic theorem provers as -background processes. It generates calls to the "metis" method if -successful. These can be pasted into the proof. Users do not have to -wait for the automatic provers to return. WARNING: does not really -work with multi-threading. - -* New "auto_quickcheck" feature tests outermost goal statements for -potential counter-examples. Controlled by ML references -auto_quickcheck (default true) and auto_quickcheck_time_limit (default -5000 milliseconds). Fails silently if statements is outside of -executable fragment, or any other codgenerator problem occurs. - -* New constant "undefined" with axiom "undefined x = undefined". - -* Added class "HOL.eq", allowing for code generation with polymorphic -equality. - -* Some renaming of class constants due to canonical name prefixing in -the new 'class' package: - - HOL.abs ~> HOL.abs_class.abs - HOL.divide ~> HOL.divide_class.divide - 0 ~> HOL.zero_class.zero - 1 ~> HOL.one_class.one - op + ~> HOL.plus_class.plus - op - ~> HOL.minus_class.minus - uminus ~> HOL.minus_class.uminus - op * ~> HOL.times_class.times - op < ~> HOL.ord_class.less - op <= > HOL.ord_class.less_eq - Nat.power ~> Power.power_class.power - Nat.size ~> Nat.size_class.size - Numeral.number_of ~> Numeral.number_class.number_of - FixedPoint.Inf ~> Lattices.complete_lattice_class.Inf - FixedPoint.Sup ~> Lattices.complete_lattice_class.Sup - Orderings.min ~> Orderings.ord_class.min - Orderings.max ~> Orderings.ord_class.max - Divides.op div ~> Divides.div_class.div - Divides.op mod ~> Divides.div_class.mod - Divides.op dvd ~> Divides.div_class.dvd - -INCOMPATIBILITY. Adaptions may be required in the following cases: - -a) User-defined constants using any of the names "plus", "minus", -"times", "less" or "less_eq". The standard syntax translations for -"+", "-" and "*" may go wrong. INCOMPATIBILITY: use more specific -names. - -b) Variables named "plus", "minus", "times", "less", "less_eq" -INCOMPATIBILITY: use more specific names. - -c) Permutative equations (e.g. "a + b = b + a") -Since the change of names also changes the order of terms, permutative -rewrite rules may get applied in a different order. Experience shows -that this is rarely the case (only two adaptions in the whole Isabelle -distribution). INCOMPATIBILITY: rewrite proofs - -d) ML code directly refering to constant names -This in general only affects hand-written proof tactics, simprocs and -so on. INCOMPATIBILITY: grep your sourcecode and replace names. -Consider using @{const_name} antiquotation. - -* New class "default" with associated constant "default". - -* Function "sgn" is now overloaded and available on int, real, complex -(and other numeric types), using class "sgn". Two possible defs of -sgn are given as equational assumptions in the classes sgn_if and -sgn_div_norm; ordered_idom now also inherits from sgn_if. -INCOMPATIBILITY. - -* Locale "partial_order" now unified with class "order" (cf. theory -Orderings), added parameter "less". INCOMPATIBILITY. - -* Renamings in classes "order" and "linorder": facts "refl", "trans" and -"cases" to "order_refl", "order_trans" and "linorder_cases", to avoid -clashes with HOL "refl" and "trans". INCOMPATIBILITY. - -* Classes "order" and "linorder": potential INCOMPATIBILITY due to -changed order of proof goals in instance proofs. - -* The transitivity reasoner for partial and linear orders is set up -for classes "order" and "linorder". Instances of the reasoner are available -in all contexts importing or interpreting the corresponding locales. -Method "order" invokes the reasoner separately; the reasoner -is also integrated with the Simplifier as a solver. Diagnostic -command 'print_orders' shows the available instances of the reasoner -in the current context. - -* Localized monotonicity predicate in theory "Orderings"; integrated -lemmas max_of_mono and min_of_mono with this predicate. -INCOMPATIBILITY. - -* Formulation of theorem "dense" changed slightly due to integration -with new class dense_linear_order. - -* Uniform lattice theory development in HOL. - - constants "meet" and "join" now named "inf" and "sup" - constant "Meet" now named "Inf" - - classes "meet_semilorder" and "join_semilorder" now named - "lower_semilattice" and "upper_semilattice" - class "lorder" now named "lattice" - class "comp_lat" now named "complete_lattice" - - Instantiation of lattice classes allows explicit definitions - for "inf" and "sup" operations (or "Inf" and "Sup" for complete lattices). - - INCOMPATIBILITY. Theorem renames: - - meet_left_le ~> inf_le1 - meet_right_le ~> inf_le2 - join_left_le ~> sup_ge1 - join_right_le ~> sup_ge2 - meet_join_le ~> inf_sup_ord - le_meetI ~> le_infI - join_leI ~> le_supI - le_meet ~> le_inf_iff - le_join ~> ge_sup_conv - meet_idempotent ~> inf_idem - join_idempotent ~> sup_idem - meet_comm ~> inf_commute - join_comm ~> sup_commute - meet_leI1 ~> le_infI1 - meet_leI2 ~> le_infI2 - le_joinI1 ~> le_supI1 - le_joinI2 ~> le_supI2 - meet_assoc ~> inf_assoc - join_assoc ~> sup_assoc - meet_left_comm ~> inf_left_commute - meet_left_idempotent ~> inf_left_idem - join_left_comm ~> sup_left_commute - join_left_idempotent ~> sup_left_idem - meet_aci ~> inf_aci - join_aci ~> sup_aci - le_def_meet ~> le_iff_inf - le_def_join ~> le_iff_sup - join_absorp2 ~> sup_absorb2 - join_absorp1 ~> sup_absorb1 - meet_absorp1 ~> inf_absorb1 - meet_absorp2 ~> inf_absorb2 - meet_join_absorp ~> inf_sup_absorb - join_meet_absorp ~> sup_inf_absorb - distrib_join_le ~> distrib_sup_le - distrib_meet_le ~> distrib_inf_le - - add_meet_distrib_left ~> add_inf_distrib_left - add_join_distrib_left ~> add_sup_distrib_left - is_join_neg_meet ~> is_join_neg_inf - is_meet_neg_join ~> is_meet_neg_sup - add_meet_distrib_right ~> add_inf_distrib_right - add_join_distrib_right ~> add_sup_distrib_right - add_meet_join_distribs ~> add_sup_inf_distribs - join_eq_neg_meet ~> sup_eq_neg_inf - meet_eq_neg_join ~> inf_eq_neg_sup - add_eq_meet_join ~> add_eq_inf_sup - meet_0_imp_0 ~> inf_0_imp_0 - join_0_imp_0 ~> sup_0_imp_0 - meet_0_eq_0 ~> inf_0_eq_0 - join_0_eq_0 ~> sup_0_eq_0 - neg_meet_eq_join ~> neg_inf_eq_sup - neg_join_eq_meet ~> neg_sup_eq_inf - join_eq_if ~> sup_eq_if - - mono_meet ~> mono_inf - mono_join ~> mono_sup - meet_bool_eq ~> inf_bool_eq - join_bool_eq ~> sup_bool_eq - meet_fun_eq ~> inf_fun_eq - join_fun_eq ~> sup_fun_eq - meet_set_eq ~> inf_set_eq - join_set_eq ~> sup_set_eq - meet1_iff ~> inf1_iff - meet2_iff ~> inf2_iff - meet1I ~> inf1I - meet2I ~> inf2I - meet1D1 ~> inf1D1 - meet2D1 ~> inf2D1 - meet1D2 ~> inf1D2 - meet2D2 ~> inf2D2 - meet1E ~> inf1E - meet2E ~> inf2E - join1_iff ~> sup1_iff - join2_iff ~> sup2_iff - join1I1 ~> sup1I1 - join2I1 ~> sup2I1 - join1I1 ~> sup1I1 - join2I2 ~> sup1I2 - join1CI ~> sup1CI - join2CI ~> sup2CI - join1E ~> sup1E - join2E ~> sup2E - - is_meet_Meet ~> is_meet_Inf - Meet_bool_def ~> Inf_bool_def - Meet_fun_def ~> Inf_fun_def - Meet_greatest ~> Inf_greatest - Meet_lower ~> Inf_lower - Meet_set_def ~> Inf_set_def - - Sup_def ~> Sup_Inf - Sup_bool_eq ~> Sup_bool_def - Sup_fun_eq ~> Sup_fun_def - Sup_set_eq ~> Sup_set_def - - listsp_meetI ~> listsp_infI - listsp_meet_eq ~> listsp_inf_eq - - meet_min ~> inf_min - join_max ~> sup_max - -* Added syntactic class "size"; overloaded constant "size" now has -type "'a::size ==> bool" - -* Internal reorganisation of `size' of datatypes: size theorems -"foo.size" are no longer subsumed by "foo.simps" (but are still -simplification rules by default!); theorems "prod.size" now named -"*.size". - -* Class "div" now inherits from class "times" rather than "type". -INCOMPATIBILITY. - -* HOL/Finite_Set: "name-space" locales Lattice, Distrib_lattice, -Linorder etc. have disappeared; operations defined in terms of -fold_set now are named Inf_fin, Sup_fin. INCOMPATIBILITY. - -* HOL/Nat: neq0_conv no longer declared as iff. INCOMPATIBILITY. - -* HOL-Word: New extensive library and type for generic, fixed size -machine words, with arithmetic, bit-wise, shifting and rotating -operations, reflection into int, nat, and bool lists, automation for -linear arithmetic (by automatic reflection into nat or int), including -lemmas on overflow and monotonicity. Instantiated to all appropriate -arithmetic type classes, supporting automatic simplification of -numerals on all operations. - -* Library/Boolean_Algebra: locales for abstract boolean algebras. - -* Library/Numeral_Type: numbers as types, e.g. TYPE(32). - -* Code generator library theories: - - Code_Integer represents HOL integers by big integer literals in target - languages. - - Code_Char represents HOL characters by character literals in target - languages. - - Code_Char_chr like Code_Char, but also offers treatment of character - codes; includes Code_Integer. - - Executable_Set allows to generate code for finite sets using lists. - - Executable_Rat implements rational numbers as triples (sign, enumerator, - denominator). - - Executable_Real implements a subset of real numbers, namly those - representable by rational numbers. - - Efficient_Nat implements natural numbers by integers, which in general will - result in higher efficency; pattern matching with 0/Suc is eliminated; - includes Code_Integer. - - Code_Index provides an additional datatype index which is mapped to - target-language built-in integers. - - Code_Message provides an additional datatype message_string which is isomorphic to - strings; messages are mapped to target-language strings. - -* New package for inductive predicates - - An n-ary predicate p with m parameters z_1, ..., z_m can now be defined via - - inductive - p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool" - for z_1 :: U_1 and ... and z_n :: U_m - where - rule_1: "... ==> p z_1 ... z_m t_1_1 ... t_1_n" - | ... - - with full support for type-inference, rather than - - consts s :: "U_1 => ... => U_m => (T_1 * ... * T_n) set" - - abbreviation p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool" - where "p z_1 ... z_m x_1 ... x_n == (x_1, ..., x_n) : s z_1 ... z_m" - - inductive "s z_1 ... z_m" - intros - rule_1: "... ==> (t_1_1, ..., t_1_n) : s z_1 ... z_m" - ... - - For backward compatibility, there is a wrapper allowing inductive - sets to be defined with the new package via - - inductive_set - s :: "U_1 => ... => U_m => (T_1 * ... * T_n) set" - for z_1 :: U_1 and ... and z_n :: U_m - where - rule_1: "... ==> (t_1_1, ..., t_1_n) : s z_1 ... z_m" - | ... - - or - - inductive_set - s :: "U_1 => ... => U_m => (T_1 * ... * T_n) set" - and p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool" - for z_1 :: U_1 and ... and z_n :: U_m - where - "p z_1 ... z_m x_1 ... x_n == (x_1, ..., x_n) : s z_1 ... z_m" - | rule_1: "... ==> p z_1 ... z_m t_1_1 ... t_1_n" - | ... - - if the additional syntax "p ..." is required. - - Numerous examples can be found in the subdirectories src/HOL/Auth, - src/HOL/Bali, src/HOL/Induct, and src/HOL/MicroJava. - - INCOMPATIBILITIES: - - - Since declaration and definition of inductive sets or predicates - is no longer separated, abbreviations involving the newly - introduced sets or predicates must be specified together with the - introduction rules after the 'where' keyword (see above), rather - than before the actual inductive definition. - - - The variables in induction and elimination rules are now - quantified in the order of their occurrence in the introduction - rules, rather than in alphabetical order. Since this may break - some proofs, these proofs either have to be repaired, e.g. by - reordering the variables a_i_1 ... a_i_{k_i} in Isar 'case' - statements of the form - - case (rule_i a_i_1 ... a_i_{k_i}) - - or the old order of quantification has to be restored by explicitly adding - meta-level quantifiers in the introduction rules, i.e. - - | rule_i: "!!a_i_1 ... a_i_{k_i}. ... ==> p z_1 ... z_m t_i_1 ... t_i_n" - - - The format of the elimination rules is now - - p z_1 ... z_m x_1 ... x_n ==> - (!!a_1_1 ... a_1_{k_1}. x_1 = t_1_1 ==> ... ==> x_n = t_1_n ==> ... ==> P) - ==> ... ==> P - - for predicates and - - (x_1, ..., x_n) : s z_1 ... z_m ==> - (!!a_1_1 ... a_1_{k_1}. x_1 = t_1_1 ==> ... ==> x_n = t_1_n ==> ... ==> P) - ==> ... ==> P - - for sets rather than - - x : s z_1 ... z_m ==> - (!!a_1_1 ... a_1_{k_1}. x = (t_1_1, ..., t_1_n) ==> ... ==> P) - ==> ... ==> P - - This may require terms in goals to be expanded to n-tuples - (e.g. using case_tac or simplification with the split_paired_all - rule) before the above elimination rule is applicable. - - - The elimination or case analysis rules for (mutually) inductive - sets or predicates are now called "p_1.cases" ... "p_k.cases". The - list of rules "p_1_..._p_k.elims" is no longer available. - -* New package "function"/"fun" for general recursive functions, -supporting mutual and nested recursion, definitions in local contexts, -more general pattern matching and partiality. See HOL/ex/Fundefs.thy -for small examples, and the separate tutorial on the function -package. The old recdef "package" is still available as before, but -users are encouraged to use the new package. - -* Method "lexicographic_order" automatically synthesizes termination -relations as lexicographic combinations of size measures. - -* Case-expressions allow arbitrary constructor-patterns (including -"_") and take their order into account, like in functional -programming. Internally, this is translated into nested -case-expressions; missing cases are added and mapped to the predefined -constant "undefined". In complicated cases printing may no longer show -the original input but the internal form. Lambda-abstractions allow -the same form of pattern matching: "% pat1 => e1 | ..." is an -abbreviation for "%x. case x of pat1 => e1 | ..." where x is a new -variable. - -* IntDef: The constant "int :: nat => int" has been removed; now "int" -is an abbreviation for "of_nat :: nat => int". The simplification -rules for "of_nat" have been changed to work like "int" did -previously. Potential INCOMPATIBILITY: - - "of_nat (Suc m)" simplifies to "1 + of_nat m" instead of "of_nat m + 1" - - of_nat_diff and of_nat_mult are no longer default simp rules - -* Method "algebra" solves polynomial equations over (semi)rings using -Groebner bases. The (semi)ring structure is defined by locales and the -tool setup depends on that generic context. Installing the method for -a specific type involves instantiating the locale and possibly adding -declarations for computation on the coefficients. The method is -already instantiated for natural numbers and for the axiomatic class -of idoms with numerals. See also the paper by Chaieb and Wenzel at -CALCULEMUS 2007 for the general principles underlying this -architecture of context-aware proof-tools. - -* Method "ferrack" implements quantifier elimination over -special-purpose dense linear orders using locales (analogous to -"algebra"). The method is already installed for class -{ordered_field,recpower,number_ring} which subsumes real, hyperreal, -rat, etc. - -* Former constant "List.op @" now named "List.append". Use ML -antiquotations @{const_name List.append} or @{term " ... @ ... "} to -circumvent possible incompatibilities when working on ML level. - -* primrec: missing cases mapped to "undefined" instead of "arbitrary". - -* New function listsum :: 'a list => 'a for arbitrary monoids. -Special syntax: "SUM x <- xs. f x" (and latex variants) - -* New syntax for Haskell-like list comprehension (input only), eg. -[(x,y). x <- xs, y <- ys, x ~= y], see also src/HOL/List.thy. - -* The special syntax for function "filter" has changed from [x : -xs. P] to [x <- xs. P] to avoid an ambiguity caused by list -comprehension syntax, and for uniformity. INCOMPATIBILITY. - -* [a..b] is now defined for arbitrary linear orders. It used to be -defined on nat only, as an abbreviation for [a.. B" for equality on bool (with priority -25 like -->); output depends on the "iff" print_mode, the default is -"A = B" (with priority 50). - -* Relations less (<) and less_eq (<=) are also available on type bool. -Modified syntax to disallow nesting without explicit parentheses, -e.g. "(x < y) < z" or "x < (y < z)", but NOT "x < y < z". Potential -INCOMPATIBILITY. - -* "LEAST x:A. P" expands to "LEAST x. x:A & P" (input only). - -* Relation composition operator "op O" now has precedence 75 and binds -stronger than union and intersection. INCOMPATIBILITY. - -* The old set interval syntax "{m..n(}" (and relatives) has been -removed. Use "{m.. ==> False", equivalences -(i.e. "=" on type bool) are handled, variable names of the form -"lit_" are no longer reserved, significant speedup. - -* Methods "sat" and "satx" can now replay MiniSat proof traces. -zChaff is still supported as well. - -* 'inductive' and 'datatype': provide projections of mutual rules, -bundled as foo_bar.inducts; - -* Library: moved theories Parity, GCD, Binomial, Infinite_Set to -Library. - -* Library: moved theory Accessible_Part to main HOL. - -* Library: added theory Coinductive_List of potentially infinite lists -as greatest fixed-point. - -* Library: added theory AssocList which implements (finite) maps as -association lists. - -* Method "evaluation" solves goals (i.e. a boolean expression) -efficiently by compiling it to ML. The goal is "proved" (via an -oracle) if it evaluates to True. - -* Linear arithmetic now splits certain operators (e.g. min, max, abs) -also when invoked by the simplifier. This results in the Simplifier -being more powerful on arithmetic goals. INCOMPATIBILITY. -Configuration option fast_arith_split_limit=0 recovers the old -behavior. - -* Support for hex (0x20) and binary (0b1001) numerals. - -* New method: reify eqs (t), where eqs are equations for an -interpretation I :: 'a list => 'b => 'c and t::'c is an optional -parameter, computes a term s::'b and a list xs::'a list and proves the -theorem I xs s = t. This is also known as reification or quoting. The -resulting theorem is applied to the subgoal to substitute t with I xs -s. If t is omitted, the subgoal itself is reified. - -* New method: reflection corr_thm eqs (t). The parameters eqs and (t) -are as explained above. corr_thm is a theorem for I vs (f t) = I vs t, -where f is supposed to be a computable function (in the sense of code -generattion). The method uses reify to compute s and xs as above then -applies corr_thm and uses normalization by evaluation to "prove" f s = -r and finally gets the theorem t = r, which is again applied to the -subgoal. An Example is available in src/HOL/ex/ReflectionEx.thy. - -* Reflection: Automatic reification now handels binding, an example is -available in src/HOL/ex/ReflectionEx.thy - -* HOL-Statespace: ``State Spaces: The Locale Way'' introduces a -command 'statespace' that is similar to 'record', but introduces an -abstract specification based on the locale infrastructure instead of -HOL types. This leads to extra flexibility in composing state spaces, -in particular multiple inheritance and renaming of components. - - -*** HOL-Complex *** - -* Hyperreal: Functions root and sqrt are now defined on negative real -inputs so that root n (- x) = - root n x and sqrt (- x) = - sqrt x. -Nonnegativity side conditions have been removed from many lemmas, so -that more subgoals may now be solved by simplification; potential -INCOMPATIBILITY. - -* Real: new type classes formalize real normed vector spaces and -algebras, using new overloaded constants scaleR :: real => 'a => 'a -and norm :: 'a => real. - -* Real: constant of_real :: real => 'a::real_algebra_1 injects from -reals into other types. The overloaded constant Reals :: 'a set is now -defined as range of_real; potential INCOMPATIBILITY. - -* Real: proper support for ML code generation, including 'quickcheck'. -Reals are implemented as arbitrary precision rationals. - -* Hyperreal: Several constants that previously worked only for the -reals have been generalized, so they now work over arbitrary vector -spaces. Type annotations may need to be added in some cases; potential -INCOMPATIBILITY. - - Infinitesimal :: ('a::real_normed_vector) star set - HFinite :: ('a::real_normed_vector) star set - HInfinite :: ('a::real_normed_vector) star set - approx :: ('a::real_normed_vector) star => 'a star => bool - monad :: ('a::real_normed_vector) star => 'a star set - galaxy :: ('a::real_normed_vector) star => 'a star set - (NS)LIMSEQ :: [nat => 'a::real_normed_vector, 'a] => bool - (NS)convergent :: (nat => 'a::real_normed_vector) => bool - (NS)Bseq :: (nat => 'a::real_normed_vector) => bool - (NS)Cauchy :: (nat => 'a::real_normed_vector) => bool - (NS)LIM :: ['a::real_normed_vector => 'b::real_normed_vector, 'a, 'b] => bool - is(NS)Cont :: ['a::real_normed_vector => 'b::real_normed_vector, 'a] => bool - deriv :: ['a::real_normed_field => 'a, 'a, 'a] => bool - sgn :: 'a::real_normed_vector => 'a - exp :: 'a::{recpower,real_normed_field,banach} => 'a - -* Complex: Some complex-specific constants are now abbreviations for -overloaded ones: complex_of_real = of_real, cmod = norm, hcmod = -hnorm. Other constants have been entirely removed in favor of the -polymorphic versions (INCOMPATIBILITY): - - approx <-- capprox - HFinite <-- CFinite - HInfinite <-- CInfinite - Infinitesimal <-- CInfinitesimal - monad <-- cmonad - galaxy <-- cgalaxy - (NS)LIM <-- (NS)CLIM, (NS)CRLIM - is(NS)Cont <-- is(NS)Contc, is(NS)contCR - (ns)deriv <-- (ns)cderiv - - -*** HOL-Algebra *** - -* Formalisation of ideals and the quotient construction over rings. - -* Order and lattice theory no longer based on records. -INCOMPATIBILITY. - -* Renamed lemmas least_carrier -> least_closed and greatest_carrier -> -greatest_closed. INCOMPATIBILITY. - -* Method algebra is now set up via an attribute. For examples see -Ring.thy. INCOMPATIBILITY: the method is now weaker on combinations -of algebraic structures. - -* Renamed theory CRing to Ring. - - -*** HOL-Nominal *** - -* Substantial, yet incomplete support for nominal datatypes (binding -structures) based on HOL-Nominal logic. See src/HOL/Nominal and -src/HOL/Nominal/Examples. Prospective users should consult -http://isabelle.in.tum.de/nominal/ - - -*** ML *** - -* ML basics: just one true type int, which coincides with IntInf.int -(even on SML/NJ). - -* ML within Isar: antiquotations allow to embed statically-checked -formal entities in the source, referring to the context available at -compile-time. For example: - -ML {* @{sort "{zero,one}"} *} -ML {* @{typ "'a => 'b"} *} -ML {* @{term "%x. x"} *} -ML {* @{prop "x == y"} *} -ML {* @{ctyp "'a => 'b"} *} -ML {* @{cterm "%x. x"} *} -ML {* @{cprop "x == y"} *} -ML {* @{thm asm_rl} *} -ML {* @{thms asm_rl} *} -ML {* @{type_name c} *} -ML {* @{type_syntax c} *} -ML {* @{const_name c} *} -ML {* @{const_syntax c} *} -ML {* @{context} *} -ML {* @{theory} *} -ML {* @{theory Pure} *} -ML {* @{theory_ref} *} -ML {* @{theory_ref Pure} *} -ML {* @{simpset} *} -ML {* @{claset} *} -ML {* @{clasimpset} *} - -The same works for sources being ``used'' within an Isar context. - -* ML in Isar: improved error reporting; extra verbosity with -ML_Context.trace enabled. - -* Pure/General/table.ML: the join operations now works via exceptions -DUP/SAME instead of type option. This is simpler in simple cases, and -admits slightly more efficient complex applications. - -* Pure: 'advanced' translation functions (parse_translation etc.) now -use Context.generic instead of just theory. - -* Pure: datatype Context.generic joins theory/Proof.context and -provides some facilities for code that works in either kind of -context, notably GenericDataFun for uniform theory and proof data. - -* Pure: simplified internal attribute type, which is now always -Context.generic * thm -> Context.generic * thm. Global (theory) vs. -local (Proof.context) attributes have been discontinued, while -minimizing code duplication. Thm.rule_attribute and -Thm.declaration_attribute build canonical attributes; see also structure -Context for further operations on Context.generic, notably -GenericDataFun. INCOMPATIBILITY, need to adapt attribute type -declarations and definitions. - -* Context data interfaces (Theory/Proof/GenericDataFun): removed -name/print, uninitialized data defaults to ad-hoc copy of empty value, -init only required for impure data. INCOMPATIBILITY: empty really need -to be empty (no dependencies on theory content!) - -* Pure/kernel: consts certification ignores sort constraints given in -signature declarations. (This information is not relevant to the -logic, but only for type inference.) SIGNIFICANT INTERNAL CHANGE, -potential INCOMPATIBILITY. - -* Pure: axiomatic type classes are now purely definitional, with -explicit proofs of class axioms and super class relations performed -internally. See Pure/axclass.ML for the main internal interfaces -- -notably AxClass.define_class supercedes AxClass.add_axclass, and -AxClass.axiomatize_class/classrel/arity supersede -Sign.add_classes/classrel/arities. - -* Pure/Isar: Args/Attrib parsers operate on Context.generic -- -global/local versions on theory vs. Proof.context have been -discontinued; Attrib.syntax and Method.syntax have been adapted -accordingly. INCOMPATIBILITY, need to adapt parser expressions for -attributes, methods, etc. - -* Pure: several functions of signature "... -> theory -> theory * ..." -have been reoriented to "... -> theory -> ... * theory" in order to -allow natural usage in combination with the ||>, ||>>, |-> and -fold_map combinators. - -* Pure: official theorem names (closed derivations) and additional -comments (tags) are now strictly separate. Name hints -- which are -maintained as tags -- may be attached any time without affecting the -derivation. - -* Pure: primitive rule lift_rule now takes goal cterm instead of an -actual goal state (thm). Use Thm.lift_rule (Thm.cprem_of st i) to -achieve the old behaviour. - -* Pure: the "Goal" constant is now called "prop", supporting a -slightly more general idea of ``protecting'' meta-level rule -statements. - -* Pure: Logic.(un)varify only works in a global context, which is now -enforced instead of silently assumed. INCOMPATIBILITY, may use -Logic.legacy_(un)varify as temporary workaround. - -* Pure: structure Name provides scalable operations for generating -internal variable names, notably Name.variants etc. This replaces -some popular functions from term.ML: - - Term.variant -> Name.variant - Term.variantlist -> Name.variant_list - Term.invent_names -> Name.invent_list - -Note that low-level renaming rarely occurs in new code -- operations -from structure Variable are used instead (see below). - -* Pure: structure Variable provides fundamental operations for proper -treatment of fixed/schematic variables in a context. For example, -Variable.import introduces fixes for schematics of given facts and -Variable.export reverses the effect (up to renaming) -- this replaces -various freeze_thaw operations. - -* Pure: structure Goal provides simple interfaces for -init/conclude/finish and tactical prove operations (replacing former -Tactic.prove). Goal.prove is the canonical way to prove results -within a given context; Goal.prove_global is a degraded version for -theory level goals, including a global Drule.standard. Note that -OldGoals.prove_goalw_cterm has long been obsolete, since it is -ill-behaved in a local proof context (e.g. with local fixes/assumes or -in a locale context). - -* Pure/Syntax: generic interfaces for parsing (Syntax.parse_term etc.) -and type checking (Syntax.check_term etc.), with common combinations -(Syntax.read_term etc.). These supersede former Sign.read_term etc. -which are considered legacy and await removal. - -* Pure/Syntax: generic interfaces for type unchecking -(Syntax.uncheck_terms etc.) and unparsing (Syntax.unparse_term etc.), -with common combinations (Syntax.pretty_term, Syntax.string_of_term -etc.). Former Sign.pretty_term, Sign.string_of_term etc. are still -available for convenience, but refer to the very same operations using -a mere theory instead of a full context. - -* Isar: simplified treatment of user-level errors, using exception -ERROR of string uniformly. Function error now merely raises ERROR, -without any side effect on output channels. The Isar toplevel takes -care of proper display of ERROR exceptions. ML code may use plain -handle/can/try; cat_error may be used to concatenate errors like this: - - ... handle ERROR msg => cat_error msg "..." - -Toplevel ML code (run directly or through the Isar toplevel) may be -embedded into the Isar toplevel with exception display/debug like -this: - - Isar.toplevel (fn () => ...) - -INCOMPATIBILITY, removed special transform_error facilities, removed -obsolete variants of user-level exceptions (ERROR_MESSAGE, -Context.PROOF, ProofContext.CONTEXT, Proof.STATE, ProofHistory.FAIL) --- use plain ERROR instead. - -* Isar: theory setup now has type (theory -> theory), instead of a -list. INCOMPATIBILITY, may use #> to compose setup functions. - -* Isar: ML toplevel pretty printer for type Proof.context, subject to -ProofContext.debug/verbose flags. - -* Isar: Toplevel.theory_to_proof admits transactions that modify the -theory before entering a proof state. Transactions now always see a -quasi-functional intermediate checkpoint, both in interactive and -batch mode. - -* Isar: simplified interfaces for outer syntax. Renamed -OuterSyntax.add_keywords to OuterSyntax.keywords. Removed -OuterSyntax.add_parsers -- this functionality is now included in -OuterSyntax.command etc. INCOMPATIBILITY. - -* Simplifier: the simpset of a running simplification process now -contains a proof context (cf. Simplifier.the_context), which is the -very context that the initial simpset has been retrieved from (by -simpset_of/local_simpset_of). Consequently, all plug-in components -(solver, looper etc.) may depend on arbitrary proof data. - -* Simplifier.inherit_context inherits the proof context (plus the -local bounds) of the current simplification process; any simproc -etc. that calls the Simplifier recursively should do this! Removed -former Simplifier.inherit_bounds, which is already included here -- -INCOMPATIBILITY. Tools based on low-level rewriting may even have to -specify an explicit context using Simplifier.context/theory_context. - -* Simplifier/Classical Reasoner: more abstract interfaces -change_simpset/claset for modifying the simpset/claset reference of a -theory; raw versions simpset/claset_ref etc. have been discontinued -- -INCOMPATIBILITY. - -* Provers: more generic wrt. syntax of object-logics, avoid hardwired -"Trueprop" etc. - - -*** System *** - -* settings: the default heap location within ISABELLE_HOME_USER now -includes ISABELLE_IDENTIFIER. This simplifies use of multiple -Isabelle installations. - -* isabelle-process: option -S (secure mode) disables some critical -operations, notably runtime compilation and evaluation of ML source -code. - -* Basic Isabelle mode for jEdit, see Isabelle/lib/jedit/. - -* Support for parallel execution, using native multicore support of -Poly/ML 5.1. The theory loader exploits parallelism when processing -independent theories, according to the given theory header -specifications. The maximum number of worker threads is specified via -usedir option -M or the "max-threads" setting in Proof General. A -speedup factor of 1.5--3.5 can be expected on a 4-core machine, and up -to 6 on a 8-core machine. User-code needs to observe certain -guidelines for thread-safe programming, see appendix A in the Isar -Implementation manual. - - - -New in Isabelle2005 (October 2005) ----------------------------------- - -*** General *** - -* Theory headers: the new header syntax for Isar theories is - - theory - imports ... - uses ... - begin - -where the 'uses' part is optional. The previous syntax - - theory = + ... + : - -will disappear in the next release. Use isatool fixheaders to convert -existing theory files. Note that there is no change in ancient -non-Isar theories now, but these will disappear soon. - -* Theory loader: parent theories can now also be referred to via -relative and absolute paths. - -* Command 'find_theorems' searches for a list of criteria instead of a -list of constants. Known criteria are: intro, elim, dest, name:string, -simp:term, and any term. Criteria can be preceded by '-' to select -theorems that do not match. Intro, elim, dest select theorems that -match the current goal, name:s selects theorems whose fully qualified -name contain s, and simp:term selects all simplification rules whose -lhs match term. Any other term is interpreted as pattern and selects -all theorems matching the pattern. Available in ProofGeneral under -'ProofGeneral -> Find Theorems' or C-c C-f. Example: - - C-c C-f (100) "(_::nat) + _ + _" intro -name: "HOL." - -prints the last 100 theorems matching the pattern "(_::nat) + _ + _", -matching the current goal as introduction rule and not having "HOL." -in their name (i.e. not being defined in theory HOL). - -* Command 'thms_containing' has been discontinued in favour of -'find_theorems'; INCOMPATIBILITY. - -* Communication with Proof General is now 8bit clean, which means that -Unicode text in UTF-8 encoding may be used within theory texts (both -formal and informal parts). Cf. option -U of the Isabelle Proof -General interface. Here are some simple examples (cf. src/HOL/ex): - - http://isabelle.in.tum.de/library/HOL/ex/Hebrew.html - http://isabelle.in.tum.de/library/HOL/ex/Chinese.html - -* Improved efficiency of the Simplifier and, to a lesser degree, the -Classical Reasoner. Typical big applications run around 2 times -faster. - - -*** Document preparation *** - -* Commands 'display_drafts' and 'print_drafts' perform simple output -of raw sources. Only those symbols that do not require additional -LaTeX packages (depending on comments in isabellesym.sty) are -displayed properly, everything else is left verbatim. isatool display -and isatool print are used as front ends (these are subject to the -DVI/PDF_VIEWER and PRINT_COMMAND settings, respectively). - -* Command tags control specific markup of certain regions of text, -notably folding and hiding. Predefined tags include "theory" (for -theory begin and end), "proof" for proof commands, and "ML" for -commands involving ML code; the additional tags "visible" and -"invisible" are unused by default. Users may give explicit tag -specifications in the text, e.g. ''by %invisible (auto)''. The -interpretation of tags is determined by the LaTeX job during document -preparation: see option -V of isatool usedir, or options -n and -t of -isatool document, or even the LaTeX macros \isakeeptag, \isafoldtag, -\isadroptag. - -Several document versions may be produced at the same time via isatool -usedir (the generated index.html will link all of them). Typical -specifications include ''-V document=theory,proof,ML'' to present -theory/proof/ML parts faithfully, ''-V outline=/proof,/ML'' to fold -proof and ML commands, and ''-V mutilated=-theory,-proof,-ML'' to omit -these parts without any formal replacement text. The Isabelle site -default settings produce ''document'' and ''outline'' versions as -specified above. - -* Several new antiquotations: - - @{term_type term} prints a term with its type annotated; - - @{typeof term} prints the type of a term; - - @{const const} is the same as @{term const}, but checks that the - argument is a known logical constant; - - @{term_style style term} and @{thm_style style thm} print a term or - theorem applying a "style" to it - - @{ML text} - -Predefined styles are 'lhs' and 'rhs' printing the lhs/rhs of -definitions, equations, inequations etc., 'concl' printing only the -conclusion of a meta-logical statement theorem, and 'prem1' .. 'prem19' -to print the specified premise. TermStyle.add_style provides an ML -interface for introducing further styles. See also the "LaTeX Sugar" -document practical applications. The ML antiquotation prints -type-checked ML expressions verbatim. - -* Markup commands 'chapter', 'section', 'subsection', 'subsubsection', -and 'text' support optional locale specification '(in loc)', which -specifies the default context for interpreting antiquotations. For -example: 'text (in lattice) {* @{thm inf_assoc}*}'. - -* Option 'locale=NAME' of antiquotations specifies an alternative -context interpreting the subsequent argument. For example: @{thm -[locale=lattice] inf_assoc}. - -* Proper output of proof terms (@{prf ...} and @{full_prf ...}) within -a proof context. - -* Proper output of antiquotations for theory commands involving a -proof context (such as 'locale' or 'theorem (in loc) ...'). - -* Delimiters of outer tokens (string etc.) now produce separate LaTeX -macros (\isachardoublequoteopen, isachardoublequoteclose etc.). - -* isatool usedir: new option -C (default true) controls whether option --D should include a copy of the original document directory; -C false -prevents unwanted effects such as copying of administrative CVS data. - - -*** Pure *** - -* Considerably improved version of 'constdefs' command. Now performs -automatic type-inference of declared constants; additional support for -local structure declarations (cf. locales and HOL records), see also -isar-ref manual. Potential INCOMPATIBILITY: need to observe strictly -sequential dependencies of definitions within a single 'constdefs' -section; moreover, the declared name needs to be an identifier. If -all fails, consider to fall back on 'consts' and 'defs' separately. - -* Improved indexed syntax and implicit structures. First of all, -indexed syntax provides a notational device for subscripted -application, using the new syntax \<^bsub>term\<^esub> for arbitrary -expressions. Secondly, in a local context with structure -declarations, number indexes \<^sub>n or the empty index (default -number 1) refer to a certain fixed variable implicitly; option -show_structs controls printing of implicit structures. Typical -applications of these concepts involve record types and locales. - -* New command 'no_syntax' removes grammar declarations (and -translations) resulting from the given syntax specification, which is -interpreted in the same manner as for the 'syntax' command. - -* 'Advanced' translation functions (parse_translation etc.) may depend -on the signature of the theory context being presently used for -parsing/printing, see also isar-ref manual. - -* Improved 'oracle' command provides a type-safe interface to turn an -ML expression of type theory -> T -> term into a primitive rule of -type theory -> T -> thm (i.e. the functionality of Thm.invoke_oracle -is already included here); see also FOL/ex/IffExample.thy; -INCOMPATIBILITY. - -* axclass: name space prefix for class "c" is now "c_class" (was "c" -before); "cI" is no longer bound, use "c.intro" instead. -INCOMPATIBILITY. This change avoids clashes of fact bindings for -axclasses vs. locales. - -* Improved internal renaming of symbolic identifiers -- attach primes -instead of base 26 numbers. - -* New flag show_question_marks controls printing of leading question -marks in schematic variable names. - -* In schematic variable names, *any* symbol following \<^isub> or -\<^isup> is now treated as part of the base name. For example, the -following works without printing of awkward ".0" indexes: - - lemma "x\<^isub>1 = x\<^isub>2 ==> x\<^isub>2 = x\<^isub>1" - by simp - -* Inner syntax includes (*(*nested*) comments*). - -* Pretty printer now supports unbreakable blocks, specified in mixfix -annotations as "(00...)". - -* Clear separation of logical types and nonterminals, where the latter -may only occur in 'syntax' specifications or type abbreviations. -Before that distinction was only partially implemented via type class -"logic" vs. "{}". Potential INCOMPATIBILITY in rare cases of improper -use of 'types'/'consts' instead of 'nonterminals'/'syntax'. Some very -exotic syntax specifications may require further adaption -(e.g. Cube/Cube.thy). - -* Removed obsolete type class "logic", use the top sort {} instead. -Note that non-logical types should be declared as 'nonterminals' -rather than 'types'. INCOMPATIBILITY for new object-logic -specifications. - -* Attributes 'induct' and 'cases': type or set names may now be -locally fixed variables as well. - -* Simplifier: can now control the depth to which conditional rewriting -is traced via the PG menu Isabelle -> Settings -> Trace Simp Depth -Limit. - -* Simplifier: simplification procedures may now take the current -simpset into account (cf. Simplifier.simproc(_i) / mk_simproc -interface), which is very useful for calling the Simplifier -recursively. Minor INCOMPATIBILITY: the 'prems' argument of simprocs -is gone -- use prems_of_ss on the simpset instead. Moreover, the -low-level mk_simproc no longer applies Logic.varify internally, to -allow for use in a context of fixed variables. - -* thin_tac now works even if the assumption being deleted contains !! -or ==>. More generally, erule now works even if the major premise of -the elimination rule contains !! or ==>. - -* Method 'rules' has been renamed to 'iprover'. INCOMPATIBILITY. - -* Reorganized bootstrapping of the Pure theories; CPure is now derived -from Pure, which contains all common declarations already. Both -theories are defined via plain Isabelle/Isar .thy files. -INCOMPATIBILITY: elements of CPure (such as the CPure.intro / -CPure.elim / CPure.dest attributes) now appear in the Pure name space; -use isatool fixcpure to adapt your theory and ML sources. - -* New syntax 'name(i-j, i-, i, ...)' for referring to specific -selections of theorems in named facts via index ranges. - -* 'print_theorems': in theory mode, really print the difference -wrt. the last state (works for interactive theory development only), -in proof mode print all local facts (cf. 'print_facts'); - -* 'hide': option '(open)' hides only base names. - -* More efficient treatment of intermediate checkpoints in interactive -theory development. - -* Code generator is now invoked via code_module (incremental code -generation) and code_library (modular code generation, ML structures -for each theory). INCOMPATIBILITY: new keywords 'file' and 'contains' -must be quoted when used as identifiers. - -* New 'value' command for reading, evaluating and printing terms using -the code generator. INCOMPATIBILITY: command keyword 'value' must be -quoted when used as identifier. - - -*** Locales *** - -* New commands for the interpretation of locale expressions in -theories (1), locales (2) and proof contexts (3). These generate -proof obligations from the expression specification. After the -obligations have been discharged, theorems of the expression are added -to the theory, target locale or proof context. The synopsis of the -commands is a follows: - - (1) interpretation expr inst - (2) interpretation target < expr - (3) interpret expr inst - -Interpretation in theories and proof contexts require a parameter -instantiation of terms from the current context. This is applied to -specifications and theorems of the interpreted expression. -Interpretation in locales only permits parameter renaming through the -locale expression. Interpretation is smart in that interpretations -that are active already do not occur in proof obligations, neither are -instantiated theorems stored in duplicate. Use 'print_interps' to -inspect active interpretations of a particular locale. For details, -see the Isar Reference manual. Examples can be found in -HOL/Finite_Set.thy and HOL/Algebra/UnivPoly.thy. - -INCOMPATIBILITY: former 'instantiate' has been withdrawn, use -'interpret' instead. - -* New context element 'constrains' for adding type constraints to -parameters. - -* Context expressions: renaming of parameters with syntax -redeclaration. - -* Locale declaration: 'includes' disallowed. - -* Proper static binding of attribute syntax -- i.e. types / terms / -facts mentioned as arguments are always those of the locale definition -context, independently of the context of later invocations. Moreover, -locale operations (renaming and type / term instantiation) are applied -to attribute arguments as expected. - -INCOMPATIBILITY of the ML interface: always pass Attrib.src instead of -actual attributes; rare situations may require Attrib.attribute to -embed those attributes into Attrib.src that lack concrete syntax. -Attribute implementations need to cooperate properly with the static -binding mechanism. Basic parsers Args.XXX_typ/term/prop and -Attrib.XXX_thm etc. already do the right thing without further -intervention. Only unusual applications -- such as "where" or "of" -(cf. src/Pure/Isar/attrib.ML), which process arguments depending both -on the context and the facts involved -- may have to assign parsed -values to argument tokens explicitly. - -* Changed parameter management in theorem generation for long goal -statements with 'includes'. INCOMPATIBILITY: produces a different -theorem statement in rare situations. - -* Locale inspection command 'print_locale' omits notes elements. Use -'print_locale!' to have them included in the output. - - -*** Provers *** - -* Provers/hypsubst.ML: improved version of the subst method, for -single-step rewriting: it now works in bound variable contexts. New is -'subst (asm)', for rewriting an assumption. INCOMPATIBILITY: may -rewrite a different subterm than the original subst method, which is -still available as 'simplesubst'. - -* Provers/quasi.ML: new transitivity reasoners for transitivity only -and quasi orders. - -* Provers/trancl.ML: new transitivity reasoner for transitive and -reflexive-transitive closure of relations. - -* Provers/blast.ML: new reference depth_limit to make blast's depth -limit (previously hard-coded with a value of 20) user-definable. - -* Provers/simplifier.ML has been moved to Pure, where Simplifier.setup -is peformed already. Object-logics merely need to finish their -initial simpset configuration as before. INCOMPATIBILITY. - - -*** HOL *** - -* Symbolic syntax of Hilbert Choice Operator is now as follows: - - syntax (epsilon) - "_Eps" :: "[pttrn, bool] => 'a" ("(3\_./ _)" [0, 10] 10) - -The symbol \ is displayed as the alternative epsilon of LaTeX -and x-symbol; use option '-m epsilon' to get it actually printed. -Moreover, the mathematically important symbolic identifier \ -becomes available as variable, constant etc. INCOMPATIBILITY, - -* "x > y" abbreviates "y < x" and "x >= y" abbreviates "y <= x". -Similarly for all quantifiers: "ALL x > y" etc. The x-symbol for >= -is \. New transitivity rules have been added to HOL/Orderings.thy to -support corresponding Isar calculations. - -* "{x:A. P}" abbreviates "{x. x:A & P}", and similarly for "\" -instead of ":". - -* theory SetInterval: changed the syntax for open intervals: - - Old New - {..n(} {.. {\1<\.\.} - \.\.\([^(}]*\)(} -> \.\.<\1} - -* Theory Commutative_Ring (in Library): method comm_ring for proving -equalities in commutative rings; method 'algebra' provides a generic -interface. - -* Theory Finite_Set: changed the syntax for 'setsum', summation over -finite sets: "setsum (%x. e) A", which used to be "\x:A. e", is -now either "SUM x:A. e" or "\x \ A. e". The bound variable can -be a tuple pattern. - -Some new syntax forms are available: - - "\x | P. e" for "setsum (%x. e) {x. P}" - "\x = a..b. e" for "setsum (%x. e) {a..b}" - "\x = a..x < k. e" for "setsum (%x. e) {..x < k. e" used to be based on a separate -function "Summation", which has been discontinued. - -* theory Finite_Set: in structured induction proofs, the insert case -is now 'case (insert x F)' instead of the old counterintuitive 'case -(insert F x)'. - -* The 'refute' command has been extended to support a much larger -fragment of HOL, including axiomatic type classes, constdefs and -typedefs, inductive datatypes and recursion. - -* New tactics 'sat' and 'satx' to prove propositional tautologies. -Requires zChaff with proof generation to be installed. See -HOL/ex/SAT_Examples.thy for examples. - -* Datatype induction via method 'induct' now preserves the name of the -induction variable. For example, when proving P(xs::'a list) by -induction on xs, the induction step is now P(xs) ==> P(a#xs) rather -than P(list) ==> P(a#list) as previously. Potential INCOMPATIBILITY -in unstructured proof scripts. - -* Reworked implementation of records. Improved scalability for -records with many fields, avoiding performance problems for type -inference. Records are no longer composed of nested field types, but -of nested extension types. Therefore the record type only grows linear -in the number of extensions and not in the number of fields. The -top-level (users) view on records is preserved. Potential -INCOMPATIBILITY only in strange cases, where the theory depends on the -old record representation. The type generated for a record is called -_ext_type. - -Flag record_quick_and_dirty_sensitive can be enabled to skip the -proofs triggered by a record definition or a simproc (if -quick_and_dirty is enabled). Definitions of large records can take -quite long. - -New simproc record_upd_simproc for simplification of multiple record -updates enabled by default. Moreover, trivial updates are also -removed: r(|x := x r|) = r. INCOMPATIBILITY: old proofs break -occasionally, since simplification is more powerful by default. - -* typedef: proper support for polymorphic sets, which contain extra -type-variables in the term. - -* Simplifier: automatically reasons about transitivity chains -involving "trancl" (r^+) and "rtrancl" (r^*) by setting up tactics -provided by Provers/trancl.ML as additional solvers. INCOMPATIBILITY: -old proofs break occasionally as simplification may now solve more -goals than previously. - -* Simplifier: converts x <= y into x = y if assumption y <= x is -present. Works for all partial orders (class "order"), in particular -numbers and sets. For linear orders (e.g. numbers) it treats ~ x < y -just like y <= x. - -* Simplifier: new simproc for "let x = a in f x". If a is a free or -bound variable or a constant then the let is unfolded. Otherwise -first a is simplified to b, and then f b is simplified to g. If -possible we abstract b from g arriving at "let x = b in h x", -otherwise we unfold the let and arrive at g. The simproc can be -enabled/disabled by the reference use_let_simproc. Potential -INCOMPATIBILITY since simplification is more powerful by default. - -* Classical reasoning: the meson method now accepts theorems as arguments. - -* Prover support: pre-release of the Isabelle-ATP linkup, which runs background -jobs to provide advice on the provability of subgoals. - -* Theory OrderedGroup and Ring_and_Field: various additions and -improvements to faciliate calculations involving equalities and -inequalities. - -The following theorems have been eliminated or modified -(INCOMPATIBILITY): - - abs_eq now named abs_of_nonneg - abs_of_ge_0 now named abs_of_nonneg - abs_minus_eq now named abs_of_nonpos - imp_abs_id now named abs_of_nonneg - imp_abs_neg_id now named abs_of_nonpos - mult_pos now named mult_pos_pos - mult_pos_le now named mult_nonneg_nonneg - mult_pos_neg_le now named mult_nonneg_nonpos - mult_pos_neg2_le now named mult_nonneg_nonpos2 - mult_neg now named mult_neg_neg - mult_neg_le now named mult_nonpos_nonpos - -* The following lemmas in Ring_and_Field have been added to the simplifier: - - zero_le_square - not_square_less_zero - - The following lemmas have been deleted from Real/RealPow: - - realpow_zero_zero - realpow_two - realpow_less - zero_le_power - realpow_two_le - abs_realpow_two - realpow_two_abs - -* Theory Parity: added rules for simplifying exponents. - -* Theory List: - -The following theorems have been eliminated or modified -(INCOMPATIBILITY): - - list_all_Nil now named list_all.simps(1) - list_all_Cons now named list_all.simps(2) - list_all_conv now named list_all_iff - set_mem_eq now named mem_iff - -* Theories SetsAndFunctions and BigO (see HOL/Library) support -asymptotic "big O" calculations. See the notes in BigO.thy. - - -*** HOL-Complex *** - -* Theory RealDef: better support for embedding natural numbers and -integers in the reals. - -The following theorems have been eliminated or modified -(INCOMPATIBILITY): - - exp_ge_add_one_self now requires no hypotheses - real_of_int_add reversed direction of equality (use [symmetric]) - real_of_int_minus reversed direction of equality (use [symmetric]) - real_of_int_diff reversed direction of equality (use [symmetric]) - real_of_int_mult reversed direction of equality (use [symmetric]) - -* Theory RComplete: expanded support for floor and ceiling functions. - -* Theory Ln is new, with properties of the natural logarithm - -* Hyperreal: There is a new type constructor "star" for making -nonstandard types. The old type names are now type synonyms: - - hypreal = real star - hypnat = nat star - hcomplex = complex star - -* Hyperreal: Many groups of similarly-defined constants have been -replaced by polymorphic versions (INCOMPATIBILITY): - - star_of <-- hypreal_of_real, hypnat_of_nat, hcomplex_of_complex - - starset <-- starsetNat, starsetC - *s* <-- *sNat*, *sc* - starset_n <-- starsetNat_n, starsetC_n - *sn* <-- *sNatn*, *scn* - InternalSets <-- InternalNatSets, InternalCSets - - starfun <-- starfun{Nat,Nat2,C,RC,CR} - *f* <-- *fNat*, *fNat2*, *fc*, *fRc*, *fcR* - starfun_n <-- starfun{Nat,Nat2,C,RC,CR}_n - *fn* <-- *fNatn*, *fNat2n*, *fcn*, *fRcn*, *fcRn* - InternalFuns <-- InternalNatFuns, InternalNatFuns2, Internal{C,RC,CR}Funs - -* Hyperreal: Many type-specific theorems have been removed in favor of -theorems specific to various axiomatic type classes (INCOMPATIBILITY): - - add_commute <-- {hypreal,hypnat,hcomplex}_add_commute - add_assoc <-- {hypreal,hypnat,hcomplex}_add_assocs - OrderedGroup.add_0 <-- {hypreal,hypnat,hcomplex}_add_zero_left - OrderedGroup.add_0_right <-- {hypreal,hcomplex}_add_zero_right - right_minus <-- hypreal_add_minus - left_minus <-- {hypreal,hcomplex}_add_minus_left - mult_commute <-- {hypreal,hypnat,hcomplex}_mult_commute - mult_assoc <-- {hypreal,hypnat,hcomplex}_mult_assoc - mult_1_left <-- {hypreal,hypnat}_mult_1, hcomplex_mult_one_left - mult_1_right <-- hcomplex_mult_one_right - mult_zero_left <-- hcomplex_mult_zero_left - left_distrib <-- {hypreal,hypnat,hcomplex}_add_mult_distrib - right_distrib <-- hypnat_add_mult_distrib2 - zero_neq_one <-- {hypreal,hypnat,hcomplex}_zero_not_eq_one - right_inverse <-- hypreal_mult_inverse - left_inverse <-- hypreal_mult_inverse_left, hcomplex_mult_inv_left - order_refl <-- {hypreal,hypnat}_le_refl - order_trans <-- {hypreal,hypnat}_le_trans - order_antisym <-- {hypreal,hypnat}_le_anti_sym - order_less_le <-- {hypreal,hypnat}_less_le - linorder_linear <-- {hypreal,hypnat}_le_linear - add_left_mono <-- {hypreal,hypnat}_add_left_mono - mult_strict_left_mono <-- {hypreal,hypnat}_mult_less_mono2 - add_nonneg_nonneg <-- hypreal_le_add_order - -* Hyperreal: Separate theorems having to do with type-specific -versions of constants have been merged into theorems that apply to the -new polymorphic constants (INCOMPATIBILITY): - - STAR_UNIV_set <-- {STAR_real,NatStar_real,STARC_complex}_set - STAR_empty_set <-- {STAR,NatStar,STARC}_empty_set - STAR_Un <-- {STAR,NatStar,STARC}_Un - STAR_Int <-- {STAR,NatStar,STARC}_Int - STAR_Compl <-- {STAR,NatStar,STARC}_Compl - STAR_subset <-- {STAR,NatStar,STARC}_subset - STAR_mem <-- {STAR,NatStar,STARC}_mem - STAR_mem_Compl <-- {STAR,STARC}_mem_Compl - STAR_diff <-- {STAR,STARC}_diff - STAR_star_of_image_subset <-- {STAR_hypreal_of_real, NatStar_hypreal_of_real, - STARC_hcomplex_of_complex}_image_subset - starset_n_Un <-- starset{Nat,C}_n_Un - starset_n_Int <-- starset{Nat,C}_n_Int - starset_n_Compl <-- starset{Nat,C}_n_Compl - starset_n_diff <-- starset{Nat,C}_n_diff - InternalSets_Un <-- Internal{Nat,C}Sets_Un - InternalSets_Int <-- Internal{Nat,C}Sets_Int - InternalSets_Compl <-- Internal{Nat,C}Sets_Compl - InternalSets_diff <-- Internal{Nat,C}Sets_diff - InternalSets_UNIV_diff <-- Internal{Nat,C}Sets_UNIV_diff - InternalSets_starset_n <-- Internal{Nat,C}Sets_starset{Nat,C}_n - starset_starset_n_eq <-- starset{Nat,C}_starset{Nat,C}_n_eq - starset_n_starset <-- starset{Nat,C}_n_starset{Nat,C} - starfun_n_starfun <-- starfun{Nat,Nat2,C,RC,CR}_n_starfun{Nat,Nat2,C,RC,CR} - starfun <-- starfun{Nat,Nat2,C,RC,CR} - starfun_mult <-- starfun{Nat,Nat2,C,RC,CR}_mult - starfun_add <-- starfun{Nat,Nat2,C,RC,CR}_add - starfun_minus <-- starfun{Nat,Nat2,C,RC,CR}_minus - starfun_diff <-- starfun{C,RC,CR}_diff - starfun_o <-- starfun{NatNat2,Nat2,_stafunNat,C,C_starfunRC,_starfunCR}_o - starfun_o2 <-- starfun{NatNat2,_stafunNat,C,C_starfunRC,_starfunCR}_o2 - starfun_const_fun <-- starfun{Nat,Nat2,C,RC,CR}_const_fun - starfun_inverse <-- starfun{Nat,C,RC,CR}_inverse - starfun_eq <-- starfun{Nat,Nat2,C,RC,CR}_eq - starfun_eq_iff <-- starfun{C,RC,CR}_eq_iff - starfun_Id <-- starfunC_Id - starfun_approx <-- starfun{Nat,CR}_approx - starfun_capprox <-- starfun{C,RC}_capprox - starfun_abs <-- starfunNat_rabs - starfun_lambda_cancel <-- starfun{C,CR,RC}_lambda_cancel - starfun_lambda_cancel2 <-- starfun{C,CR,RC}_lambda_cancel2 - starfun_mult_HFinite_approx <-- starfunCR_mult_HFinite_capprox - starfun_mult_CFinite_capprox <-- starfun{C,RC}_mult_CFinite_capprox - starfun_add_capprox <-- starfun{C,RC}_add_capprox - starfun_add_approx <-- starfunCR_add_approx - starfun_inverse_inverse <-- starfunC_inverse_inverse - starfun_divide <-- starfun{C,CR,RC}_divide - starfun_n <-- starfun{Nat,C}_n - starfun_n_mult <-- starfun{Nat,C}_n_mult - starfun_n_add <-- starfun{Nat,C}_n_add - starfun_n_add_minus <-- starfunNat_n_add_minus - starfun_n_const_fun <-- starfun{Nat,C}_n_const_fun - starfun_n_minus <-- starfun{Nat,C}_n_minus - starfun_n_eq <-- starfun{Nat,C}_n_eq - - star_n_add <-- {hypreal,hypnat,hcomplex}_add - star_n_minus <-- {hypreal,hcomplex}_minus - star_n_diff <-- {hypreal,hcomplex}_diff - star_n_mult <-- {hypreal,hcomplex}_mult - star_n_inverse <-- {hypreal,hcomplex}_inverse - star_n_le <-- {hypreal,hypnat}_le - star_n_less <-- {hypreal,hypnat}_less - star_n_zero_num <-- {hypreal,hypnat,hcomplex}_zero_num - star_n_one_num <-- {hypreal,hypnat,hcomplex}_one_num - star_n_abs <-- hypreal_hrabs - star_n_divide <-- hcomplex_divide - - star_of_add <-- {hypreal_of_real,hypnat_of_nat,hcomplex_of_complex}_add - star_of_minus <-- {hypreal_of_real,hcomplex_of_complex}_minus - star_of_diff <-- hypreal_of_real_diff - star_of_mult <-- {hypreal_of_real,hypnat_of_nat,hcomplex_of_complex}_mult - star_of_one <-- {hypreal_of_real,hcomplex_of_complex}_one - star_of_zero <-- {hypreal_of_real,hypnat_of_nat,hcomplex_of_complex}_zero - star_of_le <-- {hypreal_of_real,hypnat_of_nat}_le_iff - star_of_less <-- {hypreal_of_real,hypnat_of_nat}_less_iff - star_of_eq <-- {hypreal_of_real,hypnat_of_nat,hcomplex_of_complex}_eq_iff - star_of_inverse <-- {hypreal_of_real,hcomplex_of_complex}_inverse - star_of_divide <-- {hypreal_of_real,hcomplex_of_complex}_divide - star_of_of_nat <-- {hypreal_of_real,hcomplex_of_complex}_of_nat - star_of_of_int <-- {hypreal_of_real,hcomplex_of_complex}_of_int - star_of_number_of <-- {hypreal,hcomplex}_number_of - star_of_number_less <-- number_of_less_hypreal_of_real_iff - star_of_number_le <-- number_of_le_hypreal_of_real_iff - star_of_eq_number <-- hypreal_of_real_eq_number_of_iff - star_of_less_number <-- hypreal_of_real_less_number_of_iff - star_of_le_number <-- hypreal_of_real_le_number_of_iff - star_of_power <-- hypreal_of_real_power - star_of_eq_0 <-- hcomplex_of_complex_zero_iff - -* Hyperreal: new method "transfer" that implements the transfer -principle of nonstandard analysis. With a subgoal that mentions -nonstandard types like "'a star", the command "apply transfer" -replaces it with an equivalent one that mentions only standard types. -To be successful, all free variables must have standard types; non- -standard variables must have explicit universal quantifiers. - -* Hyperreal: A theory of Taylor series. - - -*** HOLCF *** - -* Discontinued special version of 'constdefs' (which used to support -continuous functions) in favor of the general Pure one with full -type-inference. - -* New simplification procedure for solving continuity conditions; it -is much faster on terms with many nested lambda abstractions (cubic -instead of exponential time). - -* New syntax for domain package: selector names are now optional. -Parentheses should be omitted unless argument is lazy, for example: - - domain 'a stream = cons "'a" (lazy "'a stream") - -* New command 'fixrec' for defining recursive functions with pattern -matching; defining multiple functions with mutual recursion is also -supported. Patterns may include the constants cpair, spair, up, sinl, -sinr, or any data constructor defined by the domain package. The given -equations are proven as rewrite rules. See HOLCF/ex/Fixrec_ex.thy for -syntax and examples. - -* New commands 'cpodef' and 'pcpodef' for defining predicate subtypes -of cpo and pcpo types. Syntax is exactly like the 'typedef' command, -but the proof obligation additionally includes an admissibility -requirement. The packages generate instances of class cpo or pcpo, -with continuity and strictness theorems for Rep and Abs. - -* HOLCF: Many theorems have been renamed according to a more standard naming -scheme (INCOMPATIBILITY): - - foo_inject: "foo$x = foo$y ==> x = y" - foo_eq: "(foo$x = foo$y) = (x = y)" - foo_less: "(foo$x << foo$y) = (x << y)" - foo_strict: "foo$UU = UU" - foo_defined: "... ==> foo$x ~= UU" - foo_defined_iff: "(foo$x = UU) = (x = UU)" - - -*** ZF *** - -* ZF/ex: theories Group and Ring provide examples in abstract algebra, -including the First Isomorphism Theorem (on quotienting by the kernel -of a homomorphism). - -* ZF/Simplifier: install second copy of type solver that actually -makes use of TC rules declared to Isar proof contexts (or locales); -the old version is still required for ML proof scripts. - - -*** Cube *** - -* Converted to Isar theory format; use locales instead of axiomatic -theories. - - -*** ML *** - -* Pure/library.ML: added ##>, ##>>, #>> -- higher-order counterparts -for ||>, ||>>, |>>, - -* Pure/library.ML no longer defines its own option datatype, but uses -that of the SML basis, which has constructors NONE and SOME instead of -None and Some, as well as exception Option.Option instead of OPTION. -The functions the, if_none, is_some, is_none have been adapted -accordingly, while Option.map replaces apsome. - -* Pure/library.ML: the exception LIST has been given up in favour of -the standard exceptions Empty and Subscript, as well as -Library.UnequalLengths. Function like Library.hd and Library.tl are -superceded by the standard hd and tl functions etc. - -A number of basic list functions are no longer exported to the ML -toplevel, as they are variants of predefined functions. The following -suggests how one can translate existing code: - - rev_append xs ys = List.revAppend (xs, ys) - nth_elem (i, xs) = List.nth (xs, i) - last_elem xs = List.last xs - flat xss = List.concat xss - seq fs = List.app fs - partition P xs = List.partition P xs - mapfilter f xs = List.mapPartial f xs - -* Pure/library.ML: several combinators for linear functional -transformations, notably reverse application and composition: - - x |> f f #> g - (x, y) |-> f f #-> g - -* Pure/library.ML: introduced/changed precedence of infix operators: - - infix 1 |> |-> ||> ||>> |>> |>>> #> #->; - infix 2 ?; - infix 3 o oo ooo oooo; - infix 4 ~~ upto downto; - -Maybe INCOMPATIBILITY when any of those is used in conjunction with other -infix operators. - -* Pure/library.ML: natural list combinators fold, fold_rev, and -fold_map support linear functional transformations and nesting. For -example: - - fold f [x1, ..., xN] y = - y |> f x1 |> ... |> f xN - - (fold o fold) f [xs1, ..., xsN] y = - y |> fold f xs1 |> ... |> fold f xsN - - fold f [x1, ..., xN] = - f x1 #> ... #> f xN - - (fold o fold) f [xs1, ..., xsN] = - fold f xs1 #> ... #> fold f xsN - -* Pure/library.ML: the following selectors on type 'a option are -available: - - the: 'a option -> 'a (*partial*) - these: 'a option -> 'a where 'a = 'b list - the_default: 'a -> 'a option -> 'a - the_list: 'a option -> 'a list - -* Pure/General: structure AList (cf. Pure/General/alist.ML) provides -basic operations for association lists, following natural argument -order; moreover the explicit equality predicate passed here avoids -potentially expensive polymorphic runtime equality checks. -The old functions may be expressed as follows: - - assoc = uncurry (AList.lookup (op =)) - assocs = these oo AList.lookup (op =) - overwrite = uncurry (AList.update (op =)) o swap - -* Pure/General: structure AList (cf. Pure/General/alist.ML) provides - - val make: ('a -> 'b) -> 'a list -> ('a * 'b) list - val find: ('a * 'b -> bool) -> ('c * 'b) list -> 'a -> 'c list - -replacing make_keylist and keyfilter (occassionally used) -Naive rewrites: - - make_keylist = AList.make - keyfilter = AList.find (op =) - -* eq_fst and eq_snd now take explicit equality parameter, thus - avoiding eqtypes. Naive rewrites: - - eq_fst = eq_fst (op =) - eq_snd = eq_snd (op =) - -* Removed deprecated apl and apr (rarely used). - Naive rewrites: - - apl (n, op) =>>= curry op n - apr (op, m) =>>= fn n => op (n, m) - -* Pure/General: structure OrdList (cf. Pure/General/ord_list.ML) -provides a reasonably efficient light-weight implementation of sets as -lists. - -* Pure/General: generic tables (cf. Pure/General/table.ML) provide a -few new operations; existing lookup and update are now curried to -follow natural argument order (for use with fold etc.); -INCOMPATIBILITY, use (uncurry Symtab.lookup) etc. as last resort. - -* Pure/General: output via the Isabelle channels of -writeln/warning/error etc. is now passed through Output.output, with a -hook for arbitrary transformations depending on the print_mode -(cf. Output.add_mode -- the first active mode that provides a output -function wins). Already formatted output may be embedded into further -text via Output.raw; the result of Pretty.string_of/str_of and derived -functions (string_of_term/cterm/thm etc.) is already marked raw to -accommodate easy composition of diagnostic messages etc. Programmers -rarely need to care about Output.output or Output.raw at all, with -some notable exceptions: Output.output is required when bypassing the -standard channels (writeln etc.), or in token translations to produce -properly formatted results; Output.raw is required when capturing -already output material that will eventually be presented to the user -a second time. For the default print mode, both Output.output and -Output.raw have no effect. - -* Pure/General: Output.time_accumulator NAME creates an operator ('a --> 'b) -> 'a -> 'b to measure runtime and count invocations; the -cumulative results are displayed at the end of a batch session. - -* Pure/General: File.sysify_path and File.quote_sysify path have been -replaced by File.platform_path and File.shell_path (with appropriate -hooks). This provides a clean interface for unusual systems where the -internal and external process view of file names are different. - -* Pure: more efficient orders for basic syntactic entities: added -fast_string_ord, fast_indexname_ord, fast_term_ord; changed sort_ord -and typ_ord to use fast_string_ord and fast_indexname_ord (term_ord is -NOT affected); structures Symtab, Vartab, Typtab, Termtab use the fast -orders now -- potential INCOMPATIBILITY for code that depends on a -particular order for Symtab.keys, Symtab.dest, etc. (consider using -Library.sort_strings on result). - -* Pure/term.ML: combinators fold_atyps, fold_aterms, fold_term_types, -fold_types traverse types/terms from left to right, observing natural -argument order. Supercedes previous foldl_XXX versions, add_frees, -add_vars etc. have been adapted as well: INCOMPATIBILITY. - -* Pure: name spaces have been refined, with significant changes of the -internal interfaces -- INCOMPATIBILITY. Renamed cond_extern(_table) -to extern(_table). The plain name entry path is superceded by a -general 'naming' context, which also includes the 'policy' to produce -a fully qualified name and external accesses of a fully qualified -name; NameSpace.extend is superceded by context dependent -Sign.declare_name. Several theory and proof context operations modify -the naming context. Especially note Theory.restore_naming and -ProofContext.restore_naming to get back to a sane state; note that -Theory.add_path is no longer sufficient to recover from -Theory.absolute_path in particular. - -* Pure: new flags short_names (default false) and unique_names -(default true) for controlling output of qualified names. If -short_names is set, names are printed unqualified. If unique_names is -reset, the name prefix is reduced to the minimum required to achieve -the original result when interning again, even if there is an overlap -with earlier declarations. - -* Pure/TheoryDataFun: change of the argument structure; 'prep_ext' is -now 'extend', and 'merge' gets an additional Pretty.pp argument -(useful for printing error messages). INCOMPATIBILITY. - -* Pure: major reorganization of the theory context. Type Sign.sg and -Theory.theory are now identified, referring to the universal -Context.theory (see Pure/context.ML). Actual signature and theory -content is managed as theory data. The old code and interfaces were -spread over many files and structures; the new arrangement introduces -considerable INCOMPATIBILITY to gain more clarity: - - Context -- theory management operations (name, identity, inclusion, - parents, ancestors, merge, etc.), plus generic theory data; - - Sign -- logical signature and syntax operations (declaring consts, - types, etc.), plus certify/read for common entities; - - Theory -- logical theory operations (stating axioms, definitions, - oracles), plus a copy of logical signature operations (consts, - types, etc.); also a few basic management operations (Theory.copy, - Theory.merge, etc.) - -The most basic sign_of operations (Theory.sign_of, Thm.sign_of_thm -etc.) as well as the sign field in Thm.rep_thm etc. have been retained -for convenience -- they merely return the theory. - -* Pure: type Type.tsig is superceded by theory in most interfaces. - -* Pure: the Isar proof context type is already defined early in Pure -as Context.proof (note that ProofContext.context and Proof.context are -aliases, where the latter is the preferred name). This enables other -Isabelle components to refer to that type even before Isar is present. - -* Pure/sign/theory: discontinued named name spaces (i.e. classK, -typeK, constK, axiomK, oracleK), but provide explicit operations for -any of these kinds. For example, Sign.intern typeK is now -Sign.intern_type, Theory.hide_space Sign.typeK is now -Theory.hide_types. Also note that former -Theory.hide_classes/types/consts are now -Theory.hide_classes_i/types_i/consts_i, while the non '_i' versions -internalize their arguments! INCOMPATIBILITY. - -* Pure: get_thm interface (of PureThy and ProofContext) expects -datatype thmref (with constructors Name and NameSelection) instead of -plain string -- INCOMPATIBILITY; - -* Pure: cases produced by proof methods specify options, where NONE -means to remove case bindings -- INCOMPATIBILITY in -(RAW_)METHOD_CASES. - -* Pure: the following operations retrieve axioms or theorems from a -theory node or theory hierarchy, respectively: - - Theory.axioms_of: theory -> (string * term) list - Theory.all_axioms_of: theory -> (string * term) list - PureThy.thms_of: theory -> (string * thm) list - PureThy.all_thms_of: theory -> (string * thm) list - -* Pure: print_tac now outputs the goal through the trace channel. - -* Isar toplevel: improved diagnostics, mostly for Poly/ML only. -Reference Toplevel.debug (default false) controls detailed printing -and tracing of low-level exceptions; Toplevel.profiling (default 0) -controls execution profiling -- set to 1 for time and 2 for space -(both increase the runtime). - -* Isar session: The initial use of ROOT.ML is now always timed, -i.e. the log will show the actual process times, in contrast to the -elapsed wall-clock time that the outer shell wrapper produces. - -* Simplifier: improved handling of bound variables (nameless -representation, avoid allocating new strings). Simprocs that invoke -the Simplifier recursively should use Simplifier.inherit_bounds to -avoid local name clashes. Failure to do so produces warnings -"Simplifier: renamed bound variable ..."; set Simplifier.debug_bounds -for further details. - -* ML functions legacy_bindings and use_legacy_bindings produce ML fact -bindings for all theorems stored within a given theory; this may help -in porting non-Isar theories to Isar ones, while keeping ML proof -scripts for the time being. - -* ML operator HTML.with_charset specifies the charset begin used for -generated HTML files. For example: - - HTML.with_charset "utf-8" use_thy "Hebrew"; - HTML.with_charset "utf-8" use_thy "Chinese"; - - -*** System *** - -* Allow symlinks to all proper Isabelle executables (Isabelle, -isabelle, isatool etc.). - -* ISABELLE_DOC_FORMAT setting specifies preferred document format (for -isatool doc, isatool mkdir, display_drafts etc.). - -* isatool usedir: option -f allows specification of the ML file to be -used by Isabelle; default is ROOT.ML. - -* New isatool version outputs the version identifier of the Isabelle -distribution being used. - -* HOL: new isatool dimacs2hol converts files in DIMACS CNF format -(containing Boolean satisfiability problems) into Isabelle/HOL -theories. - - - -New in Isabelle2004 (April 2004) --------------------------------- - -*** General *** - -* Provers/order.ML: new efficient reasoner for partial and linear orders. - Replaces linorder.ML. - -* Pure: Greek letters (except small lambda, \), as well as Gothic - (\...\\...\), calligraphic (\...\), and Euler - (\...\), are now considered normal letters, and can therefore - be used anywhere where an ASCII letter (a...zA...Z) has until - now. COMPATIBILITY: This obviously changes the parsing of some - terms, especially where a symbol has been used as a binder, say - '\x. ...', which is now a type error since \x will be parsed - as an identifier. Fix it by inserting a space around former - symbols. Call 'isatool fixgreek' to try to fix parsing errors in - existing theory and ML files. - -* Pure: Macintosh and Windows line-breaks are now allowed in theory files. - -* Pure: single letter sub/superscripts (\<^isub> and \<^isup>) are now - allowed in identifiers. Similar to Greek letters \<^isub> is now considered - a normal (but invisible) letter. For multiple letter subscripts repeat - \<^isub> like this: x\<^isub>1\<^isub>2. - -* Pure: There are now sub-/superscripts that can span more than one - character. Text between \<^bsub> and \<^esub> is set in subscript in - ProofGeneral and LaTeX, text between \<^bsup> and \<^esup> in - superscript. The new control characters are not identifier parts. - -* Pure: Control-symbols of the form \<^raw:...> will literally print the - content of "..." to the latex file instead of \isacntrl... . The "..." - may consist of any printable characters excluding the end bracket >. - -* Pure: Using new Isar command "finalconsts" (or the ML functions - Theory.add_finals or Theory.add_finals_i) it is now possible to - declare constants "final", which prevents their being given a definition - later. It is useful for constants whose behaviour is fixed axiomatically - rather than definitionally, such as the meta-logic connectives. - -* Pure: 'instance' now handles general arities with general sorts - (i.e. intersections of classes), - -* Presentation: generated HTML now uses a CSS style sheet to make layout - (somewhat) independent of content. It is copied from lib/html/isabelle.css. - It can be changed to alter the colors/layout of generated pages. - - -*** Isar *** - -* Tactic emulation methods rule_tac, erule_tac, drule_tac, frule_tac, - cut_tac, subgoal_tac and thin_tac: - - Now understand static (Isar) contexts. As a consequence, users of Isar - locales are no longer forced to write Isar proof scripts. - For details see Isar Reference Manual, paragraph 4.3.2: Further tactic - emulations. - - INCOMPATIBILITY: names of variables to be instantiated may no - longer be enclosed in quotes. Instead, precede variable name with `?'. - This is consistent with the instantiation attribute "where". - -* Attributes "where" and "of": - - Now take type variables of instantiated theorem into account when reading - the instantiation string. This fixes a bug that caused instantiated - theorems to have too special types in some circumstances. - - "where" permits explicit instantiations of type variables. - -* Calculation commands "moreover" and "also" no longer interfere with - current facts ("this"), admitting arbitrary combinations with "then" - and derived forms. - -* Locales: - - Goal statements involving the context element "includes" no longer - generate theorems with internal delta predicates (those ending on - "_axioms") in the premise. - Resolve particular premise with .intro to obtain old form. - - Fixed bug in type inference ("unify_frozen") that prevented mix of target - specification and "includes" elements in goal statement. - - Rule sets .intro and .axioms no longer declared as - [intro?] and [elim?] (respectively) by default. - - Experimental command for instantiation of locales in proof contexts: - instantiate