NEWS

moved op dvd to theory Ring_and_Field; generalized a couple of lemmas

Isabelle NEWS -- history user-relevant changes
==============================================

New in this Isabelle version
----------------------------

*** General ***

* Generalized Isar history, with support for linear undo, direct state
addressing etc.

* Recovered hiding of consts, which was accidentally broken in
Isabelle2007.  Potential INCOMPATIBILITY, ``hide const c'' really
makes c inaccessible; consider using ``hide (open) const c'' instead.

* Removed exotic 'token_translation' command.  INCOMPATIBILITY, use ML
interface instead.


*** Pure ***

* Command 'instance': attached definitions no longer accepted.
INCOMPATIBILITY, use proper 'instantiation' target.

* Keyword 'code_exception' now named 'code_abort'.  INCOMPATIBILITY.


*** Document preparation ***

* Antiquotation @{lemma} now imitates a regular terminal proof,
demanding keyword 'by' and supporting the full method expression
syntax just like the Isar command 'by'.


*** HOL ***

* HOL/Ring_and_Field and HOL/Divides: Definition of "op dvd" has been moved
to separate class dvd in Ring_and_Field;  a couple of lemmas on dvd has been
generalized to class comm_semiring_1.  Likewise a bunch of lemmas from Divides
has been generalized from nat to class semiring_div.  INCOMPATIBILITY.
This involves the following theorem renames resulting from duplicate elimination:

    dvd_def_mod ~>          dvd_eq_mod_eq_0
    zero_dvd_iff ~>         dvd_0_left_iff
    DIVISION_BY_ZERO_DIV ~> div_by_0
    DIVISION_BY_ZERO_MOD ~> mod_by_0
    mult_div ~>             div_mult_self2_is_id
    mult_mod ~>             mod_mult_self2_is_0

* HOL/Library/GCD: Curried operations gcd, lcm (for nat) and zgcd,
zlcm (for int); carried together from various gcd/lcm developements in
the HOL Distribution.  zgcd and zlcm replace former igcd and ilcm;
corresponding theorems renamed accordingly.  INCOMPATIBILY.  To
recover tupled syntax, use syntax declarations like:

    hide (open) const gcd
    abbreviation gcd where
      "gcd == (%(a, b). GCD.gcd a b)"
    notation (output)
      GCD.gcd ("gcd '(_, _')")

(analogously for lcm, zgcd, zlcm).

* HOL/Real/Rational: 'Fract k 0' now equals '0'.  INCOMPATIBILITY.

* New ML antiquotation @{code}: takes constant as argument, generates
corresponding code in background and inserts name of the corresponding
resulting ML value/function/datatype constructor binding in place.
All occurrences of @{code} with a single ML block are generated
simultaneously.  Provides a generic and safe interface for
instrumentalizing code generation.  See HOL/ex/Code_Antiq for a toy
example, or HOL/Complex/ex/ReflectedFerrack for a more ambitious
application.  In future you ought refrain from ad-hoc compiling
generated SML code on the ML toplevel.  Note that (for technical
reasons) @{code} cannot refer to constants for which user-defined
serializations are set.  Refer to the corresponding ML counterpart
directly in that cases.

* Integrated image HOL-Complex with HOL.  Entry points Main.thy and
Complex_Main.thy remain as they are.

* New image HOL-Plain provides a minimal HOL with the most important
tools available (inductive, datatype, primrec, ...).  By convention
the corresponding theory Plain should be ancestor of every further
(library) theory.  Some library theories now have ancestor Plain
(instead of Main), thus theory Main occasionally has to be imported
explicitly.

* Methods "case_tac" and "induct_tac" now refer to the very same rules
as the structured Isar versions "cases" and "induct", cf. the
corresponding "cases" and "induct" attributes.  Mutual induction rules
are now presented as a list of individual projections
(e.g. foo_bar.inducts for types foo and bar); the old format with
explicit HOL conjunction is no longer supported.  INCOMPATIBILITY, in
rare situations a different rule is selected --- notably nested tuple
elimination instead of former prod.exhaust: use explicit (case_tac t
rule: prod.exhaust) here.

* Attributes "cases", "induct", "coinduct" support "del" option.

* Removed fact "case_split_thm", which duplicates "case_split".

* Command 'rep_datatype': instead of theorem names the command now
takes a list of terms denoting the constructors of the type to be
represented as datatype.  The characteristic theorems have to be
proven.  INCOMPATIBILITY.  Also observe that the following theorems
have disappeared in favour of existing ones:

    unit_induct                 ~> unit.induct
    prod_induct                 ~> prod.induct
    sum_induct                  ~> sum.induct
    Suc_Suc_eq                  ~> nat.inject
    Suc_not_Zero Zero_not_Suc   ~> nat.distinct

* Library/Nat_Infinity: added addition, numeral syntax and more
instantiations for algebraic structures.  Removed some duplicate
theorems.  Changes in simp rules.  INCOMPATIBILITY.


*** HOL-NSA ***

* Created new image HOL-NSA, containing theories of nonstandard
analysis which were previously part of HOL-Complex.  Entry point
Hyperreal.thy remains valid, but theories formerly using
Complex_Main.thy should now use new entry point Hypercomplex.thy.


*** ML ***
 
* Rules and tactics that read instantiations (read_instantiate,
res_inst_tac, thin_tac, subgoal_tac etc.) now demand a proper proof
context, which is required for parsing and type-checking.  Moreover,
the variables are specified as plain indexnames, not string encodings
thereof.  INCOMPATIBILITY.

* Disposed old type and term read functions (Sign.read_def_typ,
Sign.read_typ, Sign.read_def_terms, Sign.read_term,
Thm.read_def_cterms, Thm.read_cterm etc.).  INCOMPATIBILITY, should
use regular Syntax.read_typ, Syntax.read_term, Syntax.read_typ_global,
Syntax.read_term_global etc.; see also OldGoals.read_term as last
resort for legacy applications.

* Antiquotations: block-structured compilation context indicated by
\<lbrace> ... \<rbrace>; additional antiquotation forms:

  @{let ?pat = term}                      - term abbreviation (HO matching)
  @{note name = fact}                     - fact abbreviation
  @{thm fact}                             - singleton fact (with attributes)
  @{thms fact}                            - general fact (with attributes)
  @{lemma prop by method}                 - singleton goal
  @{lemma prop by meth1 meth2}            - singleton goal
  @{lemma prop1 ... propN by method}      - general goal
  @{lemma prop1 ... propN by meth1 meth2} - general goal
  @{lemma (open) ...}                     - open derivation



New in Isabelle2008 (June 2008)
-------------------------------

*** General ***

* The Isabelle/Isar Reference Manual (isar-ref) has been reorganized
and updated, with formally checked references as hyperlinks.

* Theory loader: use_thy (and similar operations) no longer set the
implicit ML context, which was occasionally hard to predict and in
conflict with concurrency.  INCOMPATIBILITY, use ML within Isar which
provides a proper context already.

* Theory loader: old-style ML proof scripts being *attached* to a thy
file are no longer supported.  INCOMPATIBILITY, regular 'uses' and
'use' within a theory file will do the job.

* Name space merge now observes canonical order, i.e. the second space
is inserted into the first one, while existing entries in the first
space take precedence.  INCOMPATIBILITY in rare situations, may try to
swap theory imports.

* Syntax: symbol \<chi> is now considered a letter.  Potential
INCOMPATIBILITY in identifier syntax etc.

* Outer syntax: string tokens no longer admit escaped white space,
which was an accidental (undocumented) feature.  INCOMPATIBILITY, use
white space without escapes.

* Outer syntax: string tokens may contain arbitrary character codes
specified via 3 decimal digits (as in SML).  E.g. "foo\095bar" for
"foo_bar".


*** Pure ***

* Context-dependent token translations.  Default setup reverts locally
fixed variables, and adds hilite markup for undeclared frees.

* Unused theorems can be found using the new command 'unused_thms'.
There are three ways of invoking it:

(1) unused_thms
     Only finds unused theorems in the current theory.

(2) unused_thms thy_1 ... thy_n -
     Finds unused theorems in the current theory and all of its ancestors,
     excluding the theories thy_1 ... thy_n and all of their ancestors.

(3) unused_thms thy_1 ... thy_n - thy'_1 ... thy'_m
     Finds unused theorems in the theories thy'_1 ... thy'_m and all of
     their ancestors, excluding the theories thy_1 ... thy_n and all of
     their ancestors.

In order to increase the readability of the list produced by
unused_thms, theorems that have been created by a particular instance
of a theory command such as 'inductive' or 'function' are considered
to belong to the same "group", meaning that if at least one theorem in
this group is used, the other theorems in the same group are no longer
reported as unused.  Moreover, if all theorems in the group are
unused, only one theorem in the group is displayed.

Note that proof objects have to be switched on in order for
unused_thms to work properly (i.e. !proofs must be >= 1, which is
usually the case when using Proof General with the default settings).

* Authentic naming of facts disallows ad-hoc overwriting of previous
theorems within the same name space.  INCOMPATIBILITY, need to remove
duplicate fact bindings, or even accidental fact duplications.  Note
that tools may maintain dynamically scoped facts systematically, using
PureThy.add_thms_dynamic.

* Command 'hide' now allows to hide from "fact" name space as well.

* Eliminated destructive theorem database, simpset, claset, and
clasimpset.  Potential INCOMPATIBILITY, really need to observe linear
update of theories within ML code.

* Eliminated theory ProtoPure and CPure, leaving just one Pure theory.
INCOMPATIBILITY, object-logics depending on former Pure require
additional setup PureThy.old_appl_syntax_setup; object-logics
depending on former CPure need to refer to Pure.

* Commands 'use' and 'ML' are now purely functional, operating on
theory/local_theory.  Removed former 'ML_setup' (on theory), use 'ML'
instead.  Added 'ML_val' as mere diagnostic replacement for 'ML'.
INCOMPATIBILITY.

* Command 'setup': discontinued implicit version with ML reference.

* Instantiation target allows for simultaneous specification of class
instance operations together with an instantiation proof.
Type-checking phase allows to refer to class operations uniformly.
See src/HOL/Complex/Complex.thy for an Isar example and
src/HOL/Library/Eval.thy for an ML example.

* Indexing of literal facts: be more serious about including only
facts from the visible specification/proof context, but not the
background context (locale etc.).  Affects `prop` notation and method
"fact".  INCOMPATIBILITY: need to name facts explicitly in rare
situations.

* Method "cases", "induct", "coinduct": removed obsolete/undocumented
"(open)" option, which used to expose internal bound variables to the
proof text.

* Isar statements: removed obsolete case "rule_context".
INCOMPATIBILITY, better use explicit fixes/assumes.

* Locale proofs: default proof step now includes 'unfold_locales';
hence 'proof' without argument may be used to unfold locale
predicates.


*** Document preparation ***

* Simplified pdfsetup.sty: color/hyperref is used unconditionally for
both pdf and dvi (hyperlinks usually work in xdvi as well); removed
obsolete thumbpdf setup (contemporary PDF viewers do this on the
spot); renamed link color from "darkblue" to "linkcolor" (default
value unchanged, can be redefined via \definecolor); no longer sets
"a4paper" option (unnecessary or even intrusive).

* Antiquotation @{lemma A method} proves proposition A by the given
method (either a method name or a method name plus (optional) method
arguments in parentheses) and prints A just like @{prop A}.


*** HOL ***

* New primrec package.  Specification syntax conforms in style to
definition/function/....  No separate induction rule is provided.  The
"primrec" command distinguishes old-style and new-style specifications
by syntax.  The former primrec package is now named OldPrimrecPackage.
When adjusting theories, beware: constants stemming from new-style
primrec specifications have authentic syntax.

* Metis prover is now an order of magnitude faster, and also works
with multithreading.

* Metis: the maximum number of clauses that can be produced from a
theorem is now given by the attribute max_clauses.  Theorems that
exceed this number are ignored, with a warning printed.

* Sledgehammer no longer produces structured proofs by default. To
enable, declare [[sledgehammer_full = true]].  Attributes
reconstruction_modulus, reconstruction_sorts renamed
sledgehammer_modulus, sledgehammer_sorts.  INCOMPATIBILITY.

* Method "induct_scheme" derives user-specified induction rules
from well-founded induction and completeness of patterns. This factors
out some operations that are done internally by the function package
and makes them available separately.  See
src/HOL/ex/Induction_Scheme.thy for examples.

* More flexible generation of measure functions for termination
proofs: Measure functions can be declared by proving a rule of the
form "is_measure f" and giving it the [measure_function] attribute.
The "is_measure" predicate is logically meaningless (always true), and
just guides the heuristic.  To find suitable measure functions, the
termination prover sets up the goal "is_measure ?f" of the appropriate
type and generates all solutions by prolog-style backwards proof using
the declared rules.

This setup also deals with rules like 

  "is_measure f ==> is_measure (list_size f)"

which accommodates nested datatypes that recurse through lists.
Similar rules are predeclared for products and option types.

* Turned the type of sets "'a set" into an abbreviation for "'a => bool"

  INCOMPATIBILITIES:

  - Definitions of overloaded constants on sets have to be replaced by
    definitions on => and bool.

  - Some definitions of overloaded operators on sets can now be proved
    using the definitions of the operators on => and bool.  Therefore,
    the following theorems have been renamed:

      subset_def   -> subset_eq
      psubset_def  -> psubset_eq
      set_diff_def -> set_diff_eq
      Compl_def    -> Compl_eq
      Sup_set_def  -> Sup_set_eq
      Inf_set_def  -> Inf_set_eq
      sup_set_def  -> sup_set_eq
      inf_set_def  -> inf_set_eq

  - Due to the incompleteness of the HO unification algorithm, some
    rules such as subst may require manual instantiation, if some of
    the unknowns in the rule is a set.

  - Higher order unification and forward proofs:
    The proof pattern

      have "P (S::'a set)" <...>
      then have "EX S. P S" ..

    no longer works (due to the incompleteness of the HO unification
    algorithm) and must be replaced by the pattern

      have "EX S. P S"
      proof
        show "P S" <...>
      qed

  - Calculational reasoning with subst (or similar rules):
    The proof pattern

      have "P (S::'a set)" <...>
      also have "S = T" <...>
      finally have "P T" .

    no longer works (for similar reasons as the previous example) and
    must be replaced by something like

      have "P (S::'a set)" <...>
      moreover have "S = T" <...>
      ultimately have "P T" by simp

  - Tactics or packages written in ML code:
    Code performing pattern matching on types via

      Type ("set", [T]) => ...

    must be rewritten. Moreover, functions like strip_type or
    binder_types no longer return the right value when applied to a
    type of the form

      T1 => ... => Tn => U => bool

    rather than

      T1 => ... => Tn => U set

* Merged theories Wellfounded_Recursion, Accessible_Part and
Wellfounded_Relations to theory Wellfounded.

* Explicit class "eq" for executable equality.  INCOMPATIBILITY.

* Class finite no longer treats UNIV as class parameter.  Use class
enum from theory Library/Enum instead to achieve a similar effect.
INCOMPATIBILITY.

* Theory List: rule list_induct2 now has explicitly named cases "Nil"
and "Cons".  INCOMPATIBILITY.

* HOL (and FOL): renamed variables in rules imp_elim and swap.
Potential INCOMPATIBILITY.

* Theory Product_Type: duplicated lemmas split_Pair_apply and
injective_fst_snd removed, use split_eta and prod_eqI instead.
Renamed upd_fst to apfst and upd_snd to apsnd.  INCOMPATIBILITY.

* Theory Nat: removed redundant lemmas that merely duplicate lemmas of
the same name in theory Orderings:

  less_trans
  less_linear
  le_imp_less_or_eq
  le_less_trans
  less_le_trans
  less_not_sym
  less_asym

Renamed less_imp_le to less_imp_le_nat, and less_irrefl to
less_irrefl_nat.  Potential INCOMPATIBILITY due to more general types
and different variable names.

* Library/Option_ord.thy: Canonical order on option type.

* Library/RBT.thy: Red-black trees, an efficient implementation of
finite maps.

* Library/Countable.thy: Type class for countable types.

* Theory Int: The representation of numerals has changed.  The infix
operator BIT and the bit datatype with constructors B0 and B1 have
disappeared.  INCOMPATIBILITY, use "Int.Bit0 x" and "Int.Bit1 y" in
place of "x BIT bit.B0" and "y BIT bit.B1", respectively.  Theorems
involving BIT, B0, or B1 have been renamed with "Bit0" or "Bit1"
accordingly.

* Theory Nat: definition of <= and < on natural numbers no longer
depend on well-founded relations.  INCOMPATIBILITY.  Definitions
le_def and less_def have disappeared.  Consider lemmas not_less
[symmetric, where ?'a = nat] and less_eq [symmetric] instead.

* Theory Finite_Set: locales ACf, ACe, ACIf, ACIfSL and ACIfSLlin
(whose purpose mainly is for various fold_set functionals) have been
abandoned in favor of the existing algebraic classes
ab_semigroup_mult, comm_monoid_mult, ab_semigroup_idem_mult,
lower_semilattice (resp. upper_semilattice) and linorder.
INCOMPATIBILITY.

* Theory Transitive_Closure: induct and cases rules now declare proper
case_names ("base" and "step").  INCOMPATIBILITY.

* Theorem Inductive.lfp_ordinal_induct generalized to complete
lattices.  The form set-specific version is available as
Inductive.lfp_ordinal_induct_set.

* Renamed theorems "power.simps" to "power_int.simps".
INCOMPATIBILITY.

* Class semiring_div provides basic abstract properties of semirings
with division and modulo operations.  Subsumes former class dvd_mod.

* Merged theories IntDef, Numeral and IntArith into unified theory
Int.  INCOMPATIBILITY.

* Theory Library/Code_Index: type "index" now represents natural
numbers rather than integers.  INCOMPATIBILITY.

* New class "uminus" with operation "uminus" (split of from class
"minus" which now only has operation "minus", binary).
INCOMPATIBILITY.

* Constants "card", "internal_split", "option_map" now with authentic
syntax.  INCOMPATIBILITY.

* Definitions subset_def, psubset_def, set_diff_def, Compl_def,
le_bool_def, less_bool_def, le_fun_def, less_fun_def, inf_bool_def,
sup_bool_def, Inf_bool_def, Sup_bool_def, inf_fun_def, sup_fun_def,
Inf_fun_def, Sup_fun_def, inf_set_def, sup_set_def, Inf_set_def,
Sup_set_def, le_def, less_def, option_map_def now with object
equality.  INCOMPATIBILITY.

* Records. Removed K_record, and replaced it by pure lambda term
%x. c. The simplifier setup is now more robust against eta expansion.
INCOMPATIBILITY: in cases explicitly referring to K_record.

* Library/Multiset: {#a, b, c#} abbreviates {#a#} + {#b#} + {#c#}.

* Library/ListVector: new theory of arithmetic vector operations.

* Library/Order_Relation: new theory of various orderings as sets of
pairs.  Defines preorders, partial orders, linear orders and
well-orders on sets and on types.


*** ZF ***

* Renamed some theories to allow to loading both ZF and HOL in the
same session:

  Datatype  -> Datatype_ZF
  Inductive -> Inductive_ZF
  Int       -> Int_ZF
  IntDiv    -> IntDiv_ZF
  Nat       -> Nat_ZF
  List      -> List_ZF
  Main      -> Main_ZF

INCOMPATIBILITY: ZF theories that import individual theories below
Main might need to be adapted.  Regular theory Main is still
available, as trivial extension of Main_ZF.


*** ML ***

* ML within Isar: antiquotation @{const name} or @{const
name(typargs)} produces statically-checked Const term.

* Functor NamedThmsFun: data is available to the user as dynamic fact
(of the same name).  Removed obsolete print command.

* Removed obsolete "use_legacy_bindings" function.

* The ``print mode'' is now a thread-local value derived from a global
template (the former print_mode reference), thus access becomes
non-critical.  The global print_mode reference is for session
management only; user-code should use print_mode_value,
print_mode_active, PrintMode.setmp etc.  INCOMPATIBILITY.

* Functions system/system_out provide a robust way to invoke external
shell commands, with propagation of interrupts (requires Poly/ML 5.2).
Do not use OS.Process.system etc. from the basis library!


*** System ***

* Default settings: PROOFGENERAL_OPTIONS no longer impose xemacs ---
in accordance with Proof General 3.7, which prefers GNU emacs.

* isatool tty runs Isabelle process with plain tty interaction;
optional line editor may be specified via ISABELLE_LINE_EDITOR
setting, the default settings attempt to locate "ledit" and "rlwrap".

* isatool browser now works with Cygwin as well, using general
"javapath" function defined in Isabelle process environment.

* YXML notation provides a simple and efficient alternative to
standard XML transfer syntax.  See src/Pure/General/yxml.ML and
isatool yxml as described in the Isabelle system manual.

* JVM class isabelle.IsabelleProcess (located in Isabelle/lib/classes)
provides general wrapper for managing an Isabelle process in a robust
fashion, with ``cooked'' output from stdin/stderr.

* Rudimentary Isabelle plugin for jEdit (see Isabelle/lib/jedit),
based on Isabelle/JVM process wrapper (see Isabelle/lib/classes).

* Removed obsolete THIS_IS_ISABELLE_BUILD feature.  NB: the documented
way of changing the user's settings is via
ISABELLE_HOME_USER/etc/settings, which is a fully featured bash
script.

* Multithreading.max_threads := 0 refers to the number of actual CPU
cores of the underlying machine, which is a good starting point for
optimal performance tuning.  The corresponding usedir option -M allows
"max" as an alias for "0".  WARNING: does not work on certain versions
of Mac OS (with Poly/ML 5.1).

* isabelle-process: non-ML sessions are run with "nice", to reduce the
adverse effect of Isabelle flooding interactive front-ends (notably
ProofGeneral / XEmacs).



New in Isabelle2007 (November 2007)
-----------------------------------

*** General ***

* More uniform information about legacy features, notably a
warning/error of "Legacy feature: ...", depending on the state of the
tolerate_legacy_features flag (default true). FUTURE INCOMPATIBILITY:
legacy features will disappear eventually.

* Theory syntax: the header format ``theory A = B + C:'' has been
discontinued in favour of ``theory A imports B C begin''.  Use isatool
fixheaders to convert existing theory files.  INCOMPATIBILITY.

* Theory syntax: the old non-Isar theory file format has been
discontinued altogether.  Note that ML proof scripts may still be used
with Isar theories; migration is usually quite simple with the ML
function use_legacy_bindings.  INCOMPATIBILITY.

* Theory syntax: some popular names (e.g. 'class', 'declaration',
'fun', 'help', 'if') are now keywords.  INCOMPATIBILITY, use double
quotes.

* Theory loader: be more serious about observing the static theory
header specifications (including optional directories), but not the
accidental file locations of previously successful loads.  The strict
update policy of former update_thy is now already performed by
use_thy, so the former has been removed; use_thys updates several
theories simultaneously, just as 'imports' within a theory header
specification, but without merging the results.  Potential
INCOMPATIBILITY: may need to refine theory headers and commands
ROOT.ML which depend on load order.

* Theory loader: optional support for content-based file
identification, instead of the traditional scheme of full physical
path plus date stamp; configured by the ISABELLE_FILE_IDENT setting
(cf. the system manual).  The new scheme allows to work with
non-finished theories in persistent session images, such that source
files may be moved later on without requiring reloads.

* Theory loader: old-style ML proof scripts being *attached* to a thy
file (with the same base name as the theory) are considered a legacy
feature, which will disappear eventually. Even now, the theory loader
no longer maintains dependencies on such files.

* Syntax: the scope for resolving ambiguities via type-inference is
now limited to individual terms, instead of whole simultaneous
specifications as before. This greatly reduces the complexity of the
syntax module and improves flexibility by separating parsing and
type-checking. INCOMPATIBILITY: additional type-constraints (explicit
'fixes' etc.) are required in rare situations.

* Syntax: constants introduced by new-style packages ('definition',
'abbreviation' etc.) are passed through the syntax module in
``authentic mode''. This means that associated mixfix annotations
really stick to such constants, independently of potential name space
ambiguities introduced later on. INCOMPATIBILITY: constants in parse
trees are represented slightly differently, may need to adapt syntax
translations accordingly. Use CONST marker in 'translations' and
@{const_syntax} antiquotation in 'parse_translation' etc.

* Legacy goal package: reduced interface to the bare minimum required
to keep existing proof scripts running.  Most other user-level
functions are now part of the OldGoals structure, which is *not* open
by default (consider isatool expandshort before open OldGoals).
Removed top_sg, prin, printyp, pprint_term/typ altogether, because
these tend to cause confusion about the actual goal (!) context being
used here, which is not necessarily the same as the_context().

* Command 'find_theorems': supports "*" wild-card in "name:"
criterion; "with_dups" option.  Certain ProofGeneral versions might
support a specific search form (see ProofGeneral/CHANGES).

* The ``prems limit'' option (cf. ProofContext.prems_limit) is now -1
by default, which means that "prems" (and also "fixed variables") are
suppressed from proof state output.  Note that the ProofGeneral
settings mechanism allows to change and save options persistently, but
older versions of Isabelle will fail to start up if a negative prems
limit is imposed.

* Local theory targets may be specified by non-nested blocks of
``context/locale/class ... begin'' followed by ``end''.  The body may
contain definitions, theorems etc., including any derived mechanism
that has been implemented on top of these primitives.  This concept
generalizes the existing ``theorem (in ...)'' towards more versatility
and scalability.

* Proof General interface: proper undo of final 'end' command;
discontinued Isabelle/classic mode (ML proof scripts).


*** Document preparation ***

* Added antiquotation @{theory name} which prints the given name,
after checking that it refers to a valid ancestor theory in the
current context.

* Added antiquotations @{ML_type text} and @{ML_struct text} which
check the given source text as ML type/structure, printing verbatim.

* Added antiquotation @{abbrev "c args"} which prints the abbreviation
"c args == rhs" given in the current context.  (Any number of
arguments may be given on the LHS.)


*** Pure ***

* The 'class' package offers a combination of axclass and locale to
achieve Haskell-like type classes in Isabelle.  Definitions and
theorems within a class context produce both relative results (with
implicit parameters according to the locale context), and polymorphic
constants with qualified polymorphism (according to the class
context).  Within the body context of a 'class' target, a separate
syntax layer ("user space type system") takes care of converting
between global polymorphic consts and internal locale representation.
See src/HOL/ex/Classpackage.thy for examples (as well as main HOL).
"isatool doc classes" provides a tutorial.

* Generic code generator framework allows to generate executable
code for ML and Haskell (including Isabelle classes).  A short usage
sketch:

    internal compilation:
        export_code <list of constants (term syntax)> in SML
    writing SML code to a file:
        export_code <list of constants (term syntax)> in SML <filename>
    writing OCaml code to a file:
        export_code <list of constants (term syntax)> in OCaml <filename>
    writing Haskell code to a bunch of files:
        export_code <list of constants (term syntax)> in Haskell <filename>

    evaluating closed propositions to True/False using code generation:
        method ``eval''

Reasonable default setup of framework in HOL.

Theorem attributs for selecting and transforming function equations theorems:

    [code fun]:        select a theorem as function equation for a specific constant
    [code fun del]:    deselect a theorem as function equation for a specific constant
    [code inline]:     select an equation theorem for unfolding (inlining) in place
    [code inline del]: deselect an equation theorem for unfolding (inlining) in place

User-defined serializations (target in {SML, OCaml, Haskell}):

    code_const <and-list of constants (term syntax)>
      {(target) <and-list of const target syntax>}+

    code_type <and-list of type constructors>
      {(target) <and-list of type target syntax>}+

    code_instance <and-list of instances>
      {(target)}+
        where instance ::= <type constructor> :: <class>

    code_class <and_list of classes>
      {(target) <and-list of class target syntax>}+
        where class target syntax ::= <class name> {where {<classop> == <target syntax>}+}?

code_instance and code_class only are effective to target Haskell.

For example usage see src/HOL/ex/Codegenerator.thy and
src/HOL/ex/Codegenerator_Pretty.thy.  A separate tutorial on code
generation from Isabelle/HOL theories is available via "isatool doc
codegen".

* Code generator: consts in 'consts_code' Isar commands are now
referred to by usual term syntax (including optional type
annotations).

* Command 'no_translations' removes translation rules from theory
syntax.

* Overloaded definitions are now actually checked for acyclic
dependencies.  The overloading scheme is slightly more general than
that of Haskell98, although Isabelle does not demand an exact
correspondence to type class and instance declarations.
INCOMPATIBILITY, use ``defs (unchecked overloaded)'' to admit more
exotic versions of overloading -- at the discretion of the user!

Polymorphic constants are represented via type arguments, i.e. the
instantiation that matches an instance against the most general
declaration given in the signature.  For example, with the declaration
c :: 'a => 'a => 'a, an instance c :: nat => nat => nat is represented
as c(nat).  Overloading is essentially simultaneous structural
recursion over such type arguments.  Incomplete specification patterns
impose global constraints on all occurrences, e.g. c('a * 'a) on the
LHS means that more general c('a * 'b) will be disallowed on any RHS.
Command 'print_theory' outputs the normalized system of recursive
equations, see section "definitions".

* Configuration options are maintained within the theory or proof
context (with name and type bool/int/string), providing a very simple
interface to a poor-man's version of general context data.  Tools may
declare options in ML (e.g. using Attrib.config_int) and then refer to
these values using Config.get etc.  Users may change options via an
associated attribute of the same name.  This form of context
declaration works particularly well with commands 'declare' or
'using', for example ``declare [[foo = 42]]''.  Thus it has become
very easy to avoid global references, which would not observe Isar
toplevel undo/redo and fail to work with multithreading.

Various global ML references of Pure and HOL have been turned into
configuration options:

  Unify.search_bound		unify_search_bound
  Unify.trace_bound		unify_trace_bound
  Unify.trace_simp		unify_trace_simp
  Unify.trace_types		unify_trace_types
  Simplifier.simp_depth_limit	simp_depth_limit
  Blast.depth_limit		blast_depth_limit
  DatatypeProp.dtK		datatype_distinctness_limit
  fast_arith_neq_limit  	fast_arith_neq_limit
  fast_arith_split_limit	fast_arith_split_limit

* Named collections of theorems may be easily installed as context
data using the functor NamedThmsFun (see also
src/Pure/Tools/named_thms.ML).  The user may add or delete facts via
attributes; there is also a toplevel print command.  This facility is
just a common case of general context data, which is the preferred way
for anything more complex than just a list of facts in canonical
order.

* Isar: command 'declaration' augments a local theory by generic
declaration functions written in ML.  This enables arbitrary content
being added to the context, depending on a morphism that tells the
difference of the original declaration context wrt. the application
context encountered later on.

* Isar: proper interfaces for simplification procedures.  Command
'simproc_setup' declares named simprocs (with match patterns, and body
text in ML).  Attribute "simproc" adds/deletes simprocs in the current
context.  ML antiquotation @{simproc name} retrieves named simprocs.

* Isar: an extra pair of brackets around attribute declarations
abbreviates a theorem reference involving an internal dummy fact,
which will be ignored later --- only the effect of the attribute on
the background context will persist.  This form of in-place
declarations is particularly useful with commands like 'declare' and
'using', for example ``have A using [[simproc a]] by simp''.

* Isar: method "assumption" (and implicit closing of subproofs) now
takes simple non-atomic goal assumptions into account: after applying
an assumption as a rule the resulting subgoals are solved by atomic
assumption steps.  This is particularly useful to finish 'obtain'
goals, such as "!!x. (!!x. P x ==> thesis) ==> P x ==> thesis",
without referring to the original premise "!!x. P x ==> thesis" in the
Isar proof context.  POTENTIAL INCOMPATIBILITY: method "assumption" is
more permissive.

* Isar: implicit use of prems from the Isar proof context is
considered a legacy feature.  Common applications like ``have A .''
may be replaced by ``have A by fact'' or ``note `A`''.  In general,
referencing facts explicitly here improves readability and
maintainability of proof texts.

* Isar: improper proof element 'guess' is like 'obtain', but derives
the obtained context from the course of reasoning!  For example:

  assume "EX x y. A x & B y"   -- "any previous fact"
  then guess x and y by clarify

This technique is potentially adventurous, depending on the facts and
proof tools being involved here.

* Isar: known facts from the proof context may be specified as literal
propositions, using ASCII back-quote syntax.  This works wherever
named facts used to be allowed so far, in proof commands, proof
methods, attributes etc.  Literal facts are retrieved from the context
according to unification of type and term parameters.  For example,
provided that "A" and "A ==> B" and "!!x. P x ==> Q x" are known
theorems in the current context, then these are valid literal facts:
`A` and `A ==> B` and `!!x. P x ==> Q x" as well as `P a ==> Q a` etc.

There is also a proof method "fact" which does the same composition
for explicit goal states, e.g. the following proof texts coincide with
certain special cases of literal facts:

  have "A" by fact                 ==  note `A`
  have "A ==> B" by fact           ==  note `A ==> B`
  have "!!x. P x ==> Q x" by fact  ==  note `!!x. P x ==> Q x`
  have "P a ==> Q a" by fact       ==  note `P a ==> Q a`

* Isar: ":" (colon) is no longer a symbolic identifier character in
outer syntax.  Thus symbolic identifiers may be used without
additional white space in declarations like this: ``assume *: A''.

* Isar: 'print_facts' prints all local facts of the current context,
both named and unnamed ones.

* Isar: 'def' now admits simultaneous definitions, e.g.:

  def x == "t" and y == "u"

* Isar: added command 'unfolding', which is structurally similar to
'using', but affects both the goal state and facts by unfolding given
rewrite rules.  Thus many occurrences of the 'unfold' method or
'unfolded' attribute may be replaced by first-class proof text.

* Isar: methods 'unfold' / 'fold', attributes 'unfolded' / 'folded',
and command 'unfolding' now all support object-level equalities
(potentially conditional).  The underlying notion of rewrite rule is
analogous to the 'rule_format' attribute, but *not* that of the
Simplifier (which is usually more generous).

* Isar: the new attribute [rotated n] (default n = 1) rotates the
premises of a theorem by n. Useful in conjunction with drule.

* Isar: the goal restriction operator [N] (default N = 1) evaluates a
method expression within a sandbox consisting of the first N
sub-goals, which need to exist.  For example, ``simp_all [3]''
simplifies the first three sub-goals, while (rule foo, simp_all)[]
simplifies all new goals that emerge from applying rule foo to the
originally first one.

* Isar: schematic goals are no longer restricted to higher-order
patterns; e.g. ``lemma "?P(?x)" by (rule TrueI)'' now works as
expected.

* Isar: the conclusion of a long theorem statement is now either
'shows' (a simultaneous conjunction, as before), or 'obtains'
(essentially a disjunction of cases with local parameters and
assumptions).  The latter allows to express general elimination rules
adequately; in this notation common elimination rules look like this:

  lemma exE:    -- "EX x. P x ==> (!!x. P x ==> thesis) ==> thesis"
    assumes "EX x. P x"
    obtains x where "P x"

  lemma conjE:  -- "A & B ==> (A ==> B ==> thesis) ==> thesis"
    assumes "A & B"
    obtains A and B

  lemma disjE:  -- "A | B ==> (A ==> thesis) ==> (B ==> thesis) ==> thesis"
    assumes "A | B"
    obtains
      A
    | B

The subsequent classical rules even refer to the formal "thesis"
explicitly:

  lemma classical:     -- "(~ thesis ==> thesis) ==> thesis"
    obtains "~ thesis"

  lemma Peirce's_Law:  -- "((thesis ==> something) ==> thesis) ==> thesis"
    obtains "thesis ==> something"

The actual proof of an 'obtains' statement is analogous to that of the
Isar proof element 'obtain', only that there may be several cases.
Optional case names may be specified in parentheses; these will be
available both in the present proof and as annotations in the
resulting rule, for later use with the 'cases' method (cf. attribute
case_names).

* Isar: the assumptions of a long theorem statement are available as
"assms" fact in the proof context.  This is more appropriate than the
(historical) "prems", which refers to all assumptions of the current
context, including those from the target locale, proof body etc.

* Isar: 'print_statement' prints theorems from the current theory or
proof context in long statement form, according to the syntax of a
top-level lemma.

* Isar: 'obtain' takes an optional case name for the local context
introduction rule (default "that").

* Isar: removed obsolete 'concl is' patterns.  INCOMPATIBILITY, use
explicit (is "_ ==> ?foo") in the rare cases where this still happens
to occur.

* Pure: syntax "CONST name" produces a fully internalized constant
according to the current context.  This is particularly useful for
syntax translations that should refer to internal constant
representations independently of name spaces.

* Pure: syntax constant for foo (binder "FOO ") is called "foo_binder"
instead of "FOO ". This allows multiple binder declarations to coexist
in the same context.  INCOMPATIBILITY.

* Isar/locales: 'notation' provides a robust interface to the 'syntax'
primitive that also works in a locale context (both for constants and
fixed variables). Type declaration and internal syntactic representation
of given constants retrieved from the context. Likewise, the
'no_notation' command allows to remove given syntax annotations from the
current context.

* Isar/locales: new derived specification elements 'axiomatization',
'definition', 'abbreviation', which support type-inference, admit
object-level specifications (equality, equivalence).  See also the
isar-ref manual.  Examples:

  axiomatization
    eq  (infix "===" 50) where
    eq_refl: "x === x" and eq_subst: "x === y ==> P x ==> P y"

  definition "f x y = x + y + 1"
  definition g where "g x = f x x"

  abbreviation
    neq  (infix "=!=" 50) where
    "x =!= y == ~ (x === y)"

These specifications may be also used in a locale context.  Then the
constants being introduced depend on certain fixed parameters, and the
constant name is qualified by the locale base name.  An internal
abbreviation takes care for convenient input and output, making the
parameters implicit and using the original short name.  See also
src/HOL/ex/Abstract_NAT.thy for an example of deriving polymorphic
entities from a monomorphic theory.

Presently, abbreviations are only available 'in' a target locale, but
not inherited by general import expressions.  Also note that
'abbreviation' may be used as a type-safe replacement for 'syntax' +
'translations' in common applications.  The "no_abbrevs" print mode
prevents folding of abbreviations in term output.

Concrete syntax is attached to specified constants in internal form,
independently of name spaces.  The parse tree representation is
slightly different -- use 'notation' instead of raw 'syntax', and
'translations' with explicit "CONST" markup to accommodate this.

* Pure/Isar: unified syntax for new-style specification mechanisms
(e.g.  'definition', 'abbreviation', or 'inductive' in HOL) admits
full type inference and dummy patterns ("_").  For example:

  definition "K x _ = x"

  inductive conj for A B
  where "A ==> B ==> conj A B"

* Pure: command 'print_abbrevs' prints all constant abbreviations of
the current context.  Print mode "no_abbrevs" prevents inversion of
abbreviations on output.

* Isar/locales: improved parameter handling: use of locales "var" and
"struct" no longer necessary; - parameter renamings are no longer
required to be injective.  For example, this allows to define
endomorphisms as locale endom = homom mult mult h.

* Isar/locales: changed the way locales with predicates are defined.
Instead of accumulating the specification, the imported expression is
now an interpretation.  INCOMPATIBILITY: different normal form of
locale expressions.  In particular, in interpretations of locales with
predicates, goals repesenting already interpreted fragments are not
removed automatically.  Use methods `intro_locales' and
`unfold_locales'; see below.

* Isar/locales: new methods `intro_locales' and `unfold_locales'
provide backward reasoning on locales predicates.  The methods are
aware of interpretations and discharge corresponding goals.
`intro_locales' is less aggressive then `unfold_locales' and does not
unfold predicates to assumptions.

* Isar/locales: the order in which locale fragments are accumulated
has changed.  This enables to override declarations from fragments due
to interpretations -- for example, unwanted simp rules.

* Isar/locales: interpretation in theories and proof contexts has been
extended.  One may now specify (and prove) equations, which are
unfolded in interpreted theorems.  This is useful for replacing
defined concepts (constants depending on locale parameters) by
concepts already existing in the target context.  Example:

  interpretation partial_order ["op <= :: [int, int] => bool"]
    where "partial_order.less (op <=) (x::int) y = (x < y)"

Typically, the constant `partial_order.less' is created by a
definition specification element in the context of locale
partial_order.

* Method "induct": improved internal context management to support
local fixes and defines on-the-fly. Thus explicit meta-level
connectives !!  and ==> are rarely required anymore in inductive goals
(using object-logic connectives for this purpose has been long
obsolete anyway). Common proof patterns are explained in
src/HOL/Induct/Common_Patterns.thy, see also
src/HOL/Isar_examples/Puzzle.thy and src/HOL/Lambda for realistic
examples.

* Method "induct": improved handling of simultaneous goals. Instead of
introducing object-level conjunction, the statement is now split into
several conclusions, while the corresponding symbolic cases are nested
accordingly. INCOMPATIBILITY, proofs need to be structured explicitly,
see src/HOL/Induct/Common_Patterns.thy, for example.

* Method "induct": mutual induction rules are now specified as a list
of rule sharing the same induction cases. HOL packages usually provide
foo_bar.inducts for mutually defined items foo and bar (e.g. inductive
predicates/sets or datatypes). INCOMPATIBILITY, users need to specify
mutual induction rules differently, i.e. like this:

  (induct rule: foo_bar.inducts)
  (induct set: foo bar)
  (induct pred: foo bar)
  (induct type: foo bar)

The ML function ProjectRule.projections turns old-style rules into the
new format.

* Method "coinduct": dual of induction, see
src/HOL/Library/Coinductive_List.thy for various examples.

* Method "cases", "induct", "coinduct": the ``(open)'' option is
considered a legacy feature.

* Attribute "symmetric" produces result with standardized schematic
variables (index 0).  Potential INCOMPATIBILITY.

* Simplifier: by default the simplifier trace only shows top level
rewrites now. That is, trace_simp_depth_limit is set to 1 by
default. Thus there is less danger of being flooded by the trace. The
trace indicates where parts have been suppressed.
  
* Provers/classical: removed obsolete classical version of elim_format
attribute; classical elim/dest rules are now treated uniformly when
manipulating the claset.

* Provers/classical: stricter checks to ensure that supplied intro,
dest and elim rules are well-formed; dest and elim rules must have at
least one premise.

* Provers/classical: attributes dest/elim/intro take an optional
weight argument for the rule (just as the Pure versions).  Weights are
ignored by automated tools, but determine the search order of single
rule steps.

* Syntax: input syntax now supports dummy variable binding "%_. b",
where the body does not mention the bound variable.  Note that dummy
patterns implicitly depend on their context of bounds, which makes
"{_. _}" match any set comprehension as expected.  Potential
INCOMPATIBILITY -- parse translations need to cope with syntactic
constant "_idtdummy" in the binding position.

* Syntax: removed obsolete syntactic constant "_K" and its associated
parse translation.  INCOMPATIBILITY -- use dummy abstraction instead,
for example "A -> B" => "Pi A (%_. B)".

* Pure: 'class_deps' command visualizes the subclass relation, using
the graph browser tool.

* Pure: 'print_theory' now suppresses certain internal declarations by
default; use '!' option for full details.


*** HOL ***

* Method "metis" proves goals by applying the Metis general-purpose
resolution prover (see also http://gilith.com/software/metis/).
Examples are in the directory MetisExamples.  WARNING: the
Isabelle/HOL-Metis integration does not yet work properly with
multi-threading.
  
* Command 'sledgehammer' invokes external automatic theorem provers as
background processes.  It generates calls to the "metis" method if
successful. These can be pasted into the proof.  Users do not have to
wait for the automatic provers to return.  WARNING: does not really
work with multi-threading.

* New "auto_quickcheck" feature tests outermost goal statements for
potential counter-examples.  Controlled by ML references
auto_quickcheck (default true) and auto_quickcheck_time_limit (default
5000 milliseconds).  Fails silently if statements is outside of
executable fragment, or any other codgenerator problem occurs.

* New constant "undefined" with axiom "undefined x = undefined".

* Added class "HOL.eq", allowing for code generation with polymorphic
equality.

* Some renaming of class constants due to canonical name prefixing in
the new 'class' package:

    HOL.abs ~> HOL.abs_class.abs
    HOL.divide ~> HOL.divide_class.divide
    0 ~> HOL.zero_class.zero
    1 ~> HOL.one_class.one
    op + ~> HOL.plus_class.plus
    op - ~> HOL.minus_class.minus
    uminus ~> HOL.minus_class.uminus
    op * ~> HOL.times_class.times
    op < ~> HOL.ord_class.less
    op <= > HOL.ord_class.less_eq
    Nat.power ~> Power.power_class.power
    Nat.size ~> Nat.size_class.size
    Numeral.number_of ~> Numeral.number_class.number_of
    FixedPoint.Inf ~> Lattices.complete_lattice_class.Inf
    FixedPoint.Sup ~> Lattices.complete_lattice_class.Sup
    Orderings.min ~> Orderings.ord_class.min
    Orderings.max ~> Orderings.ord_class.max
    Divides.op div ~> Divides.div_class.div
    Divides.op mod ~> Divides.div_class.mod
    Divides.op dvd ~> Divides.div_class.dvd

INCOMPATIBILITY.  Adaptions may be required in the following cases:

a) User-defined constants using any of the names "plus", "minus",
"times", "less" or "less_eq". The standard syntax translations for
"+", "-" and "*" may go wrong.  INCOMPATIBILITY: use more specific
names.

b) Variables named "plus", "minus", "times", "less", "less_eq"
INCOMPATIBILITY: use more specific names.

c) Permutative equations (e.g. "a + b = b + a")
Since the change of names also changes the order of terms, permutative
rewrite rules may get applied in a different order. Experience shows
that this is rarely the case (only two adaptions in the whole Isabelle
distribution).  INCOMPATIBILITY: rewrite proofs

d) ML code directly refering to constant names
This in general only affects hand-written proof tactics, simprocs and
so on.  INCOMPATIBILITY: grep your sourcecode and replace names.
Consider using @{const_name} antiquotation.

* New class "default" with associated constant "default".

* Function "sgn" is now overloaded and available on int, real, complex
(and other numeric types), using class "sgn".  Two possible defs of
sgn are given as equational assumptions in the classes sgn_if and
sgn_div_norm; ordered_idom now also inherits from sgn_if.
INCOMPATIBILITY.

* Locale "partial_order" now unified with class "order" (cf. theory
Orderings), added parameter "less".  INCOMPATIBILITY.

* Renamings in classes "order" and "linorder": facts "refl", "trans" and
"cases" to "order_refl", "order_trans" and "linorder_cases", to avoid
clashes with HOL "refl" and "trans".  INCOMPATIBILITY.

* Classes "order" and "linorder": potential INCOMPATIBILITY due to
changed order of proof goals in instance proofs.

* The transitivity reasoner for partial and linear orders is set up
for classes "order" and "linorder".  Instances of the reasoner are available
in all contexts importing or interpreting the corresponding locales.
Method "order" invokes the reasoner separately; the reasoner
is also integrated with the Simplifier as a solver.  Diagnostic
command 'print_orders' shows the available instances of the reasoner
in the current context.

* Localized monotonicity predicate in theory "Orderings"; integrated
lemmas max_of_mono and min_of_mono with this predicate.
INCOMPATIBILITY.

* Formulation of theorem "dense" changed slightly due to integration
with new class dense_linear_order.

* Uniform lattice theory development in HOL.

    constants "meet" and "join" now named "inf" and "sup"
    constant "Meet" now named "Inf"

    classes "meet_semilorder" and "join_semilorder" now named
      "lower_semilattice" and "upper_semilattice"
    class "lorder" now named "lattice"
    class "comp_lat" now named "complete_lattice"

    Instantiation of lattice classes allows explicit definitions
    for "inf" and "sup" operations (or "Inf" and "Sup" for complete lattices).

  INCOMPATIBILITY.  Theorem renames:

    meet_left_le            ~> inf_le1
    meet_right_le           ~> inf_le2
    join_left_le            ~> sup_ge1
    join_right_le           ~> sup_ge2
    meet_join_le            ~> inf_sup_ord
    le_meetI                ~> le_infI
    join_leI                ~> le_supI
    le_meet                 ~> le_inf_iff
    le_join                 ~> ge_sup_conv
    meet_idempotent         ~> inf_idem
    join_idempotent         ~> sup_idem
    meet_comm               ~> inf_commute
    join_comm               ~> sup_commute
    meet_leI1               ~> le_infI1
    meet_leI2               ~> le_infI2
    le_joinI1               ~> le_supI1
    le_joinI2               ~> le_supI2
    meet_assoc              ~> inf_assoc
    join_assoc              ~> sup_assoc
    meet_left_comm          ~> inf_left_commute
    meet_left_idempotent    ~> inf_left_idem
    join_left_comm          ~> sup_left_commute
    join_left_idempotent    ~> sup_left_idem
    meet_aci                ~> inf_aci
    join_aci                ~> sup_aci
    le_def_meet             ~> le_iff_inf
    le_def_join             ~> le_iff_sup
    join_absorp2            ~> sup_absorb2
    join_absorp1            ~> sup_absorb1
    meet_absorp1            ~> inf_absorb1
    meet_absorp2            ~> inf_absorb2
    meet_join_absorp        ~> inf_sup_absorb
    join_meet_absorp        ~> sup_inf_absorb
    distrib_join_le         ~> distrib_sup_le
    distrib_meet_le         ~> distrib_inf_le

    add_meet_distrib_left   ~> add_inf_distrib_left
    add_join_distrib_left   ~> add_sup_distrib_left
    is_join_neg_meet        ~> is_join_neg_inf
    is_meet_neg_join        ~> is_meet_neg_sup
    add_meet_distrib_right  ~> add_inf_distrib_right
    add_join_distrib_right  ~> add_sup_distrib_right
    add_meet_join_distribs  ~> add_sup_inf_distribs
    join_eq_neg_meet        ~> sup_eq_neg_inf
    meet_eq_neg_join        ~> inf_eq_neg_sup
    add_eq_meet_join        ~> add_eq_inf_sup
    meet_0_imp_0            ~> inf_0_imp_0
    join_0_imp_0            ~> sup_0_imp_0
    meet_0_eq_0             ~> inf_0_eq_0
    join_0_eq_0             ~> sup_0_eq_0
    neg_meet_eq_join        ~> neg_inf_eq_sup
    neg_join_eq_meet        ~> neg_sup_eq_inf
    join_eq_if              ~> sup_eq_if

    mono_meet               ~> mono_inf
    mono_join               ~> mono_sup
    meet_bool_eq            ~> inf_bool_eq
    join_bool_eq            ~> sup_bool_eq
    meet_fun_eq             ~> inf_fun_eq
    join_fun_eq             ~> sup_fun_eq
    meet_set_eq             ~> inf_set_eq
    join_set_eq             ~> sup_set_eq
    meet1_iff               ~> inf1_iff
    meet2_iff               ~> inf2_iff
    meet1I                  ~> inf1I
    meet2I                  ~> inf2I
    meet1D1                 ~> inf1D1
    meet2D1                 ~> inf2D1
    meet1D2                 ~> inf1D2
    meet2D2                 ~> inf2D2
    meet1E                  ~> inf1E
    meet2E                  ~> inf2E
    join1_iff               ~> sup1_iff
    join2_iff               ~> sup2_iff
    join1I1                 ~> sup1I1
    join2I1                 ~> sup2I1
    join1I1                 ~> sup1I1
    join2I2                 ~> sup1I2
    join1CI                 ~> sup1CI
    join2CI                 ~> sup2CI
    join1E                  ~> sup1E
    join2E                  ~> sup2E

    is_meet_Meet            ~> is_meet_Inf
    Meet_bool_def           ~> Inf_bool_def
    Meet_fun_def            ~> Inf_fun_def
    Meet_greatest           ~> Inf_greatest
    Meet_lower              ~> Inf_lower
    Meet_set_def            ~> Inf_set_def

    Sup_def                 ~> Sup_Inf
    Sup_bool_eq             ~> Sup_bool_def
    Sup_fun_eq              ~> Sup_fun_def
    Sup_set_eq              ~> Sup_set_def

    listsp_meetI            ~> listsp_infI
    listsp_meet_eq          ~> listsp_inf_eq

    meet_min                ~> inf_min
    join_max                ~> sup_max

* Added syntactic class "size"; overloaded constant "size" now has
type "'a::size ==> bool"

* Internal reorganisation of `size' of datatypes: size theorems
"foo.size" are no longer subsumed by "foo.simps" (but are still
simplification rules by default!); theorems "prod.size" now named
"*.size".

* Class "div" now inherits from class "times" rather than "type".
INCOMPATIBILITY.

* HOL/Finite_Set: "name-space" locales Lattice, Distrib_lattice,
Linorder etc.  have disappeared; operations defined in terms of
fold_set now are named Inf_fin, Sup_fin.  INCOMPATIBILITY.

* HOL/Nat: neq0_conv no longer declared as iff.  INCOMPATIBILITY.

* HOL-Word: New extensive library and type for generic, fixed size
machine words, with arithemtic, bit-wise, shifting and rotating
operations, reflection into int, nat, and bool lists, automation for
linear arithmetic (by automatic reflection into nat or int), including
lemmas on overflow and monotonicity.  Instantiated to all appropriate
arithmetic type classes, supporting automatic simplification of
numerals on all operations.

* Library/Boolean_Algebra: locales for abstract boolean algebras.

* Library/Numeral_Type: numbers as types, e.g. TYPE(32).

* Code generator library theories:
  - Code_Integer represents HOL integers by big integer literals in target
    languages.
  - Code_Char represents HOL characters by character literals in target
    languages.
  - Code_Char_chr like Code_Char, but also offers treatment of character
    codes; includes Code_Integer.
  - Executable_Set allows to generate code for finite sets using lists.
  - Executable_Rat implements rational numbers as triples (sign, enumerator,
    denominator).
  - Executable_Real implements a subset of real numbers, namly those
    representable by rational numbers.
  - Efficient_Nat implements natural numbers by integers, which in general will
    result in higher efficency; pattern matching with 0/Suc is eliminated;
    includes Code_Integer.
  - Code_Index provides an additional datatype index which is mapped to
    target-language built-in integers.
  - Code_Message provides an additional datatype message_string which is isomorphic to
    strings; messages are mapped to target-language strings.

* New package for inductive predicates

  An n-ary predicate p with m parameters z_1, ..., z_m can now be defined via

    inductive
      p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool"
      for z_1 :: U_1 and ... and z_n :: U_m
    where
      rule_1: "... ==> p z_1 ... z_m t_1_1 ... t_1_n"