Isabelle NEWS -- history of user-visible changes

 ================================================

 New in Isabelle??? (FIXME)

 --------------------------

 * Rewrite rules for case distinctions can now be added permanently to the

   default simpset using Addsplits just like Addsimps. They can be removed via

   Delsplits just like Delsimps. Lower-case versions are also available.

   For applications see HOL below.

 * Changed wrapper mechanism for the classical reasoner now allows for selected

   deletion of wrappers, by introduction of names for wrapper functionals.

   This implies that addbefore, addSbefore, addaltern, and addSaltern now take

   a pair (name, tactic) as argument, and that adding two tactics with the same

   name overwrites the first one (emitting a warning).

   type wrapper = (int -> tactic) -> (int -> tactic)

   setWrapper, setSWrapper, compWrapper and compSWrapper are replaced by

   addWrapper, addSWrapper: claset * (string * wrapper) -> claset

   delWrapper, delSWrapper: claset *  string            -> claset

   getWrapper is renamed to appWrappers, getSWrapper to appSWrappers;

 * Inductive definitions now handle disjunctive premises correctly (HOL and ZF)

 *** HOL ***

 * new force_tac (and its derivations Force_tac, force) 

   combines rewriting and classical reasoning (and whatever other tools)

   similarly to auto_tac, but is aimed to solve the given subgoal totally.

 * added option_map_eq_Some to simpset(), option_map_eq_Some RS iffD1 to claset()

 * New directory HOL/UNITY: Chandy and Misra's UNITY formalism

 * split_all_tac is now much faster and fails if there is nothing to split

   split_all_tac has moved within claset() from usafe wrappers to safe wrappers,

   which means that !!-bound variables are splitted much more aggressively.

   If this splitting is not appropriate, use delSWrapper "split_all_tac".

 * added disj_not1 = "(~P | Q) = (P --> Q)" to the default simpset

 * HOL/Arithmetic: removed 'pred' (predecessor) function; and generalized

   some theorems about n-1

 * HOL/Relation: renamed the relational operatotr r^-1 "converse" instead of

   "inverse"

 * HOL/equalities: added many new laws involving unions, intersectinos,

   difference, etc.

 * recdef can now declare non-recursive functions, with {} supplied as the 

   well-founded relation

 * Simplifier:

  -The rule expand_if is now part of the default simpset. This means that

   the simplifier will eliminate all ocurrences of if-then-else in the

   conclusion of a goal. To prevent this, you can either remove expand_if

   completely from the default simpset by `Delsplits [expand_if]' or

   remove it in a specific call of the simplifier using

   `... delsplits [expand_if]'.

   You can also add/delete other case splitting rules to/from the default

   simpset: every datatype generates a suitable rule `split_t_case' (where t

   is the name of the datatype).

  -Asm_full_simp_tac is now more aggressive:

   1. It will sometimes reorient premises if that increases their power to

      simplify.

   2. It does no longer proceed strictly from left to right but may also

      rotate premises to achieve further simplification.

   For compatibility reasons there is now Asm_lr_simp_tac which is like the

   old Asm_full_simp_tac in that it does not rotate premises.

 * new theory Vimage (inverse image of a function, syntax f-``B);

 * many new identities for unions, intersections, etc.;

 New in Isabelle98 (January 1998)

 --------------------------------

 *** Overview of INCOMPATIBILITIES (see below for more details) ***

 * changed lexical syntax of terms / types: dots made part of long

 identifiers, e.g. "%x.x" no longer possible, should be "%x. x";

 * simpset (and claset) reference variable replaced by functions

 simpset / simpset_ref;

 * no longer supports theory aliases (via merge) and non-trivial

 implicit merge of thms' signatures;

 * most internal names of constants changed due to qualified names;

 * changed Pure/Sequence interface (see Pure/seq.ML);

 *** General Changes ***

 * hierachically structured name spaces (for consts, types, axms, thms

 etc.); new lexical class 'longid' (e.g. Foo.bar.x) may render much of

 old input syntactically incorrect (e.g. "%x.x"); COMPATIBILITY:

 isatool fixdots ensures space after dots (e.g. "%x. x"); set

 long_names for fully qualified output names; NOTE: ML programs

 (special tactics, packages etc.) referring to internal names may have

 to be adapted to cope with fully qualified names; in case of severe

 backward campatibility problems try setting 'global_names' at compile

 time to have enrything declared within a flat name space; one may also

 fine tune name declarations in theories via the 'global' and 'local'

 section;

 * reimplemented the implicit simpset and claset using the new anytype

 data filed in signatures; references simpset:simpset ref etc. are

 replaced by functions simpset:unit->simpset and

 simpset_ref:unit->simpset ref; COMPATIBILITY: use isatool fixclasimp

 to patch your ML files accordingly;

 * HTML output now includes theory graph data for display with Java

 applet or isatool browser; data generated automatically via isatool

 usedir (see -i option, ISABELLE_USEDIR_OPTIONS);

 * defs may now be conditional; improved rewrite_goals_tac to handle

 conditional equations;

 * defs now admits additional type arguments, using TYPE('a) syntax;

 * theory aliases via merge (e.g. M=A+B+C) no longer supported, always

 creates a new theory node; implicit merge of thms' signatures is

 restricted to 'trivial' ones; COMPATIBILITY: one may have to use

 transfer:theory->thm->thm in (rare) cases;

 * improved handling of draft signatures / theories; draft thms (and

 ctyps, cterms) are automatically promoted to real ones;

 * slightly changed interfaces for oracles: admit many per theory, named

 (e.g. oracle foo = mlfun), additional name argument for invoke_oracle;

 * print_goals: optional output of const types (set show_consts and

 show_types);

 * improved output of warnings (###) and errors (***);

 * subgoal_tac displays a warning if the new subgoal has type variables;

 * removed old README and Makefiles;

 * replaced print_goals_ref hook by print_current_goals_fn and result_error_fn;

 * removed obsolete init_pps and init_database;

 * deleted the obsolete tactical STATE, which was declared by

     fun STATE tacfun st = tacfun st st;

 * cd and use now support path variables, e.g. $ISABELLE_HOME, or ~

 (which abbreviates $HOME);

 * changed Pure/Sequence interface (see Pure/seq.ML); COMPATIBILITY:

 use isatool fixseq to adapt your ML programs (this works for fully

 qualified references to the Sequence structure only!);

 * use_thy no longer requires writable current directory; it always

 reloads .ML *and* .thy file, if either one is out of date;

 *** Classical Reasoner ***

 * Clarify_tac, clarify_tac, clarify_step_tac, Clarify_step_tac: new

 tactics that use classical reasoning to simplify a subgoal without

 splitting it into several subgoals;

 * Safe_tac: like safe_tac but uses the default claset;

 *** Simplifier ***

 * added simplification meta rules:

     (asm_)(full_)simplify: simpset -> thm -> thm;

 * simplifier.ML no longer part of Pure -- has to be loaded by object

 logics (again);

 * added prems argument to simplification procedures;

 * HOL, FOL, ZF: added infix function `addsplits':

   instead of `<simpset> setloop (split_tac <thms>)'

   you can simply write `<simpset> addsplits <thms>'

 *** Syntax ***

 * TYPE('a) syntax for type reflection terms;

 * no longer handles consts with name "" -- declare as 'syntax' instead;

 * pretty printer: changed order of mixfix annotation preference (again!);

 * Pure: fixed idt/idts vs. pttrn/pttrns syntactic categories;

 *** HOL ***

 * HOL: there is a new splitter `split_asm_tac' that can be used e.g. 

   with `addloop' of the simplifier to faciliate case splitting in premises.

 * HOL/TLA: Stephan Merz's formalization of Lamport's Temporal Logic of Actions;

 * HOL/Auth: new protocol proofs including some for the Internet

   protocol TLS;

 * HOL/Map: new theory of `maps' a la VDM;

 * HOL/simplifier: simplification procedures nat_cancel_sums for

 cancelling out common nat summands from =, <, <= (in)equalities, or

 differences; simplification procedures nat_cancel_factor for

 cancelling common factor from =, <, <= (in)equalities over natural

 sums; nat_cancel contains both kinds of procedures, it is installed by

 default in Arith.thy -- this COULD MAKE EXISTING PROOFS FAIL;

 * HOL/simplifier: terms of the form

   `? x. P1(x) & ... & Pn(x) & x=t & Q1(x) & ... Qn(x)'  (or t=x)

   are rewritten to

   `P1(t) & ... & Pn(t) & Q1(t) & ... Qn(t)',

   and those of the form

   `! x. P1(x) & ... & Pn(x) & x=t & Q1(x) & ... Qn(x) --> R(x)'  (or t=x)

   are rewritten to

   `P1(t) & ... & Pn(t) & Q1(t) & ... Qn(t) --> R(t)',

 * HOL/datatype

   Each datatype `t' now comes with a theorem `split_t_case' of the form

   P(t_case f1 ... fn x) =

      ( (!y1 ... ym1. x = C1 y1 ... ym1 --> P(f1 y1 ... ym1)) &

         ...

        (!y1 ... ymn. x = Cn y1 ... ymn --> P(f1 y1 ... ymn))

      )

   which can be added to a simpset via `addsplits'. The existing theorems

   expand_list_case and expand_option_case have been renamed to

   split_list_case and split_option_case.

   Additionally, there is a theorem `split_t_case_asm' of the form

   P(t_case f1 ... fn x) =

     ~( (? y1 ... ym1. x = C1 y1 ... ym1 & ~P(f1 y1 ... ym1)) |

         ...

        (? y1 ... ymn. x = Cn y1 ... ymn & ~P(f1 y1 ... ymn))

      )

   it be used with the new `split_asm_tac'.

 * HOL/Arithmetic:

   - `pred n' is automatically converted to `n-1'.

     Users are strongly encouraged not to use `pred' any longer,

     because it will disappear altogether at some point.

   - Users are strongly encouraged to write "0 < n" rather than

     "n ~= 0". Theorems and proof tools have been modified towards this

     `standard'.

 * HOL/Lists:

   the function "set_of_list" has been renamed "set" (and its theorems too);

   the function "nth" now takes its arguments in the reverse order and

   has acquired the infix notation "!" as in "xs!n".

 * HOL/Set: UNIV is now a constant and is no longer translated to Compl{};

 * HOL/Set: The operator (UN x.B x) now abbreviates (UN x:UNIV. B x) and its

   specialist theorems (like UN1_I) are gone.  Similarly for (INT x.B x);

 * HOL/record: extensible records with schematic structural subtyping

 (single inheritance); EXPERIMENTAL version demonstrating the encoding,

 still lacks various theorems and concrete record syntax;

 *** HOLCF ***

 * removed "axioms" and "generated by" sections;

 * replaced "ops" section by extended "consts" section, which is capable of

   handling the continuous function space "->" directly;

 * domain package:

   . proves theorems immediately and stores them in the theory,

   . creates hierachical name space,

   . now uses normal mixfix annotations (instead of cinfix...),

   . minor changes to some names and values (for consistency),

   . e.g. cases -> casedist, dists_eq -> dist_eqs, [take_lemma] -> take_lemmas,

   . separator between mutual domain defs: changed "," to "and",

   . improved handling of sort constraints;  now they have to

     appear on the left-hand side of the equations only;

 * fixed LAM <x,y,zs>.b syntax;

 * added extended adm_tac to simplifier in HOLCF -- can now discharge

 adm (%x. P (t x)), where P is chainfinite and t continuous;

 *** FOL and ZF ***

 * FOL: there is a new splitter `split_asm_tac' that can be used e.g. 

   with `addloop' of the simplifier to faciliate case splitting in premises.

 * qed_spec_mp, qed_goal_spec_mp, qed_goalw_spec_mp are available, as

 in HOL, they strip ALL and --> from proved theorems;

 New in Isabelle94-8 (May 1997)

 ------------------------------

 *** General Changes ***

 * new utilities to build / run / maintain Isabelle etc. (in parts

 still somewhat experimental); old Makefiles etc. still functional;

 * new 'Isabelle System Manual';

 * INSTALL text, together with ./configure and ./build scripts;

 * reimplemented type inference for greater efficiency, better error

 messages and clean internal interface;

 * prlim command for dealing with lots of subgoals (an easier way of

 setting goals_limit);

 *** Syntax ***

 * supports alternative (named) syntax tables (parser and pretty

 printer); internal interface is provided by add_modesyntax(_i);

 * Pure, FOL, ZF, HOL, HOLCF now support symbolic input and output; to

 be used in conjunction with the Isabelle symbol font; uses the

 "symbols" syntax table;

 * added token_translation interface (may translate name tokens in

 arbitrary ways, dependent on their type (free, bound, tfree, ...) and

 the current print_mode); IMPORTANT: user print translation functions

 are responsible for marking newly introduced bounds

 (Syntax.mark_boundT);

 * token translations for modes "xterm" and "xterm_color" that display

 names in bold, underline etc. or colors (which requires a color

 version of xterm);

 * infixes may now be declared with names independent of their syntax;

 * added typed_print_translation (like print_translation, but may

 access type of constant);

 *** Classical Reasoner ***

 Blast_tac: a new tactic!  It is often more powerful than fast_tac, but has

 some limitations.  Blast_tac...

   + ignores addss, addbefore, addafter; this restriction is intrinsic

   + ignores elimination rules that don't have the correct format

 	(the conclusion MUST be a formula variable)

   + ignores types, which can make HOL proofs fail

   + rules must not require higher-order unification, e.g. apply_type in ZF

     [message "Function Var's argument not a bound variable" relates to this]

   + its proof strategy is more general but can actually be slower

 * substitution with equality assumptions no longer permutes other

 assumptions;

 * minor changes in semantics of addafter (now called addaltern); renamed

 setwrapper to setWrapper and compwrapper to compWrapper; added safe wrapper

 (and access functions for it);

 * improved combination of classical reasoner and simplifier: 

   + functions for handling clasimpsets

   + improvement of addss: now the simplifier is called _after_ the

     safe steps.

   + safe variant of addss called addSss: uses safe simplifications

     _during_ the safe steps. It is more complete as it allows multiple 

     instantiations of unknowns (e.g. with slow_tac).

 *** Simplifier ***

 * added interface for simplification procedures (functions that

 produce *proven* rewrite rules on the fly, depending on current

 redex);

 * ordering on terms as parameter (used for ordered rewriting);

 * new functions delcongs, deleqcongs, and Delcongs. richer rep_ss;

 * the solver is now split into a safe and an unsafe part.

 This should be invisible for the normal user, except that the

 functions setsolver and addsolver have been renamed to setSolver and

 addSolver; added safe_asm_full_simp_tac;

 *** HOL ***

 * a generic induction tactic `induct_tac' which works for all datatypes and

 also for type `nat';

 * a generic case distinction tactic `exhaust_tac' which works for all

 datatypes and also for type `nat';

 * each datatype comes with a function `size';

 * patterns in case expressions allow tuple patterns as arguments to

 constructors, for example `case x of [] => ... | (x,y,z)#ps => ...';

 * primrec now also works with type nat;

 * recdef: a new declaration form, allows general recursive functions to be

 defined in theory files.  See HOL/ex/Fib, HOL/ex/Primes, HOL/Subst/Unify.

 * the constant for negation has been renamed from "not" to "Not" to

 harmonize with FOL, ZF, LK, etc.;

 * HOL/ex/LFilter theory of a corecursive "filter" functional for

 infinite lists;

 * HOL/Modelcheck demonstrates invocation of model checker oracle;

 * HOL/ex/Ring.thy declares cring_simp, which solves equational

 problems in commutative rings, using axiomatic type classes for + and *;

 * more examples in HOL/MiniML and HOL/Auth;

 * more default rewrite rules for quantifiers, union/intersection;

 * a new constant `arbitrary == @x.False';

 * HOLCF/IOA replaces old HOL/IOA;

 * HOLCF changes: derived all rules and arities 

   + axiomatic type classes instead of classes 

   + typedef instead of faking type definitions

   + eliminated the internal constants less_fun, less_cfun, UU_fun, UU_cfun etc.

   + new axclasses cpo, chfin, flat with flat < chfin < pcpo < cpo < po

   + eliminated the types void, one, tr

   + use unit lift and bool lift (with translations) instead of one and tr

   + eliminated blift from Lift3.thy (use Def instead of blift)

   all eliminated rules are derived as theorems --> no visible changes ;

 *** ZF ***

 * ZF now has Fast_tac, Simp_tac and Auto_tac.  Union_iff is a now a default

 rewrite rule; this may affect some proofs.  eq_cs is gone but can be put back

 as ZF_cs addSIs [equalityI];

 New in Isabelle94-7 (November 96)

 ---------------------------------

 * allowing negative levels (as offsets) in prlev and choplev;

 * super-linear speedup for large simplifications;

 * FOL, ZF and HOL now use miniscoping: rewriting pushes

 quantifications in as far as possible (COULD MAKE EXISTING PROOFS

 FAIL); can suppress it using the command Delsimps (ex_simps @

 all_simps); De Morgan laws are also now included, by default;

 * improved printing of ==>  :  ~:

 * new object-logic "Sequents" adds linear logic, while replacing LK

 and Modal (thanks to Sara Kalvala);

 * HOL/Auth: correctness proofs for authentication protocols;

 * HOL: new auto_tac combines rewriting and classical reasoning (many

 examples on HOL/Auth);

 * HOL: new command AddIffs for declaring theorems of the form P=Q to

 the rewriter and classical reasoner simultaneously;

 * function uresult no longer returns theorems in "standard" format;

 regain previous version by: val uresult = standard o uresult;

 New in Isabelle94-6

 -------------------

 * oracles -- these establish an interface between Isabelle and trusted

 external reasoners, which may deliver results as theorems;

 * proof objects (in particular record all uses of oracles);

 * Simp_tac, Fast_tac, etc. that refer to implicit simpset / claset;

 * "constdefs" section in theory files;

 * "primrec" section (HOL) no longer requires names;

 * internal type "tactic" now simply "thm -> thm Sequence.seq";

 New in Isabelle94-5

 -------------------

 * reduced space requirements;

 * automatic HTML generation from theories;

 * theory files no longer require "..." (quotes) around most types;

 * new examples, including two proofs of the Church-Rosser theorem;

 * non-curried (1994) version of HOL is no longer distributed;

 New in Isabelle94-4

 -------------------

 * greatly reduced space requirements;

 * theory files (.thy) no longer require \...\ escapes at line breaks;

 * searchable theorem database (see the section "Retrieving theorems" on 

 page 8 of the Reference Manual);

 * new examples, including Grabczewski's monumental case study of the

 Axiom of Choice;

 * The previous version of HOL renamed to Old_HOL;

 * The new version of HOL (previously called CHOL) uses a curried syntax 

 for functions.  Application looks like f a b instead of f(a,b);

 * Mutually recursive inductive definitions finally work in HOL;

 * In ZF, pattern-matching on tuples is now available in all abstractions and

 translates to the operator "split";

 New in Isabelle94-3

 -------------------

 * new infix operator, addss, allowing the classical reasoner to 

 perform simplification at each step of its search.  Example:

 	fast_tac (cs addss ss)

 * a new logic, CHOL, the same as HOL, but with a curried syntax 

 for functions.  Application looks like f a b instead of f(a,b).  Also pairs 

 look like (a,b) instead of <a,b>;

 * PLEASE NOTE: CHOL will eventually replace HOL!

 * In CHOL, pattern-matching on tuples is now available in all abstractions.

 It translates to the operator "split".  A new theory of integers is available;

 * In ZF, integer numerals now denote two's-complement binary integers.

 Arithmetic operations can be performed by rewriting.  See ZF/ex/Bin.ML;

 * Many new examples: I/O automata, Church-Rosser theorem, equivalents 

 of the Axiom of Choice;

 New in Isabelle94-2

 -------------------

 * Significantly faster resolution;  

 * the different sections in a .thy file can now be mixed and repeated

 freely;

 * Database of theorems for FOL, HOL and ZF.  New

 commands including qed, qed_goal and bind_thm store theorems in the database.

 * Simple database queries: return a named theorem (get_thm) or all theorems of

 a given theory (thms_of), or find out what theory a theorem was proved in

 (theory_of_thm);

 * Bugs fixed in the inductive definition and datatype packages;

 * The classical reasoner provides deepen_tac and depth_tac, making FOL_dup_cs

 and HOL_dup_cs obsolete;

 * Syntactic ambiguities caused by the new treatment of syntax in Isabelle94-1

 have been removed;

 * Simpler definition of function space in ZF;

 * new results about cardinal and ordinal arithmetic in ZF;

 * 'subtype' facility in HOL for introducing new types as subsets of existing

 types;

 $Id$