1% Release notes for HOL4, Kananaskis-13
2
3<!-- search and replace Kananaskis-13 strings corresponding to release name -->
4<!-- indent code within bulleted lists to column 11 -->
5
6(Released: 20 August 2019)
7
8We are pleased to announce the Kananaskis-13 release of HOL 4.
9
10Contents
11--------
12
13-   [New features](#new-features)
14-   [Bugs fixed](#bugs-fixed)
15-   [New theories](#new-theories)
16-   [New tools](#new-tools)
17-   [New Examples](#new-examples)
18-   [Incompatibilities](#incompatibilities)
19
20New features:
21-------------
22
23*   We have implemented new syntaxes for `store_thm` and `save_thm`, which better satisfy the recommendation that `name1` and `name2` below should be the same:
24
25           val name1 = store_thm("name2", tm, tac);
26
27    Now we can remove the ���code smell��� by writing
28
29           Theorem name: term-syntax
30           Proof tac
31           QED
32
33    which might look like
34
35           Theorem name:
36             ���x. P x ��� Q x
37           Proof
38             rpt strip_tac >> ...
39           QED
40
41    This latter form must have the `Proof` and `QED` keywords in column 0 in order for the lexing machinery to detect the end of the term and tactic respectively.
42    Both forms map to applications of `Q.store_thm` underneath, with an ML binding also made to the appropriate name.
43    Both forms allow for theorem attributes to be associated with the name, so that one can write
44
45           Theorem ADD0[simp]: ���x. x + 0 = x
46           Proof tactic
47           QED
48
49    Finally, to replace
50
51           val nm = save_thm(���nm���, thm_expr);
52
53    one can now write
54
55           Theorem nm = thm_expr
56
57    These names can also be given attributes in the same way.
58
59    There is also a new `local` attribute available for use with `store_thm`, `save_thm` and the `Theorem` syntax above.
60    This attribute causes a theorem to not be exported when `export_theory` is called, making it local-only.
61    Use of `Theorem`-`local` is thus an alternative to using `prove` or `Q.prove`.
62    In addition, the `Theorem`-`local` combination can be abbreviated with `Triviality`; one can write `Triviality foo[...]` instead of `Theorem foo[local,...]`.
63
64-   Relatedly, there is a similar syntax for making definitions.
65    The idiom is to write
66
67           Definition name[attrs]:
68             def
69           End
70
71    Or
72
73           Definition name[attrs]:
74             def
75           Termination
76             tactic
77           End
78
79    The latter form maps to a call to `tDefine`; the former to `xDefine`.
80    In both cases, the `name` is taken to be the name of the theorem stored to disk (it does *not* have a suffix such as `_def` appended to it), and is also the name of the local SML binding.
81    The attributes given by `attrs` can be any standard attribute (such as `simp`), and/or drawn from `Definition`-specific options:
82
83    -   the attribute `schematic` alllows the definition to be schematic;
84    -   the attribute `nocompute` stops the definition from being added to the global compset used by `EVAL`
85    -   the attribute `induction=iname` makes the induction theorem that is automatically derived for definitions with interesting termination be called `iname`.
86        If this is omitted, the name chosen will be derived from the `name` of the definition: if `name` ends with `_def` or `_DEF`, the induction name will replace this suffix with `_ind` or `_IND` respectively; otherwise the induction name will simply be `name` with `_ind` appended.
87
88    Whether or not the `induction=` attribute is used, the induction theorem is also made available as an SML binding under the appropriate name.
89    This means that one does not need to follow one���s definition with a call to something like `DB.fetch` or `theorem` just to make the induction theorem available at the SML level.
90
91-   Similarly, there are analogous `Inductive` and `CoInductive` syntaxes for defining inductive and coinductive relations (using `Hol_reln` and `Hol_coreln` underneath).
92    The syntax is
93
94           Inductive stem:
95              quoted term material
96           End
97
98    or
99
100           CoInductive stem:
101              quoted term material
102           End
103
104    where, as above, the `Inductive`, `CoInductive` and `End` keywords must be in the leftmost column of the script file.
105    The `stem` part of the syntax drives the selection of the various theorem names (*e.g.*, `stem_rules`, `stem_ind`, `stem_cases` and `stem_strongind` for inductive definitions) for both the SML environment and the exported theory.
106    The actual names of new constants in the quoted term material do not affect these bindings.
107
108-   Finally, there are new syntaxes for `Datatype` and type-abbreviation.
109    Users can replace ``val _ = Datatype`...` `` with
110
111           Datatype: ...
112           End
113
114    and `val _ = type_abbrev("name", ty)` with
115
116           Type name = ty
117
118    if the abbreviation should introduce pretty-printing (which would be done with `type_abbrev_pp`), the syntax is
119
120           Type name[pp] = ty
121
122    Note that in both `Type` forms the `ty` is a correct ML value, and may thus require quoting.
123    For example, the `set` abbreviation is established with
124
125           Type set = ���:�� -> bool���
126
127-   Holmake now understands targets whose suffixes are the string `Theory` to be instructions to build all of the files associated with a theory.
128    Previously, to specifically get `fooTheory` built, it was necessary to write
129
130           Holmake fooTheory.uo
131
132    which is not particularly intuitive.
133
134    Thanks to Magnus Myreen for the feature suggestion.
135
136-   Users can now remove rewrites from simpsets, adjusting the behaviour of the simplifier.
137    This can be done with the `-*` operator
138
139           SIMP_TAC (bool_ss -* [���APPEND_ASSOC���]) [] >> ...
140
141    or with the `Excl` form in a theorem list:
142
143           simp[Excl ���APPEND_ASSOC���] >> ...
144
145    The stateful simpset (which is behind `srw_ss()` and tactics such as `simp`, `rw` and `fs`) can also be affected more permanently by making calls to `delsimps`:
146
147           val _ = delsimps [���APPEND_ASSOC���]
148
149    Such a call will affect the stateful simpset for the rest of the containing script-file and in all scripts that inherit this theory.
150    As is typical, there is a `temp_delsimps` that removes the rewrite for the containing script-file only.
151
152-   Users can now require that a simplification tactic use particular rewrites.
153    This is done with the `Req0` and `ReqD` special forms.
154    The `Req0` form requires that the goalstate(s) pertaining after the application of the tactic have no sub-terms that match the pattern of the theorems��� left-hand sides.
155    The `ReqD` form requires that the number of matching sub-terms should have decreased.
156    (This latter is implicitly a requirement that the original goal *did* have some matching sub-terms.)
157    We hope that both forms will be useful in creating maintainable tactics.
158    See the *DESCRIPTION* manual for more details.
159
160    Thanks to Magnus Myreen for this feature suggestion ([Github issue](https://github.com/HOL-Theorem-Prover/HOL/issues/680)).
161
162-   The `emacs` editor mode now automatically switches new HOL sessions to the directory of the (presumably script) file where the command is invoked.
163    Relatedly there is a backwards incompatibility: the commands for creating new sessions now also *always* create fresh sessions (previously, they would try to make an existing session visible if there was one running).
164
165-   The `emacs` mode���s `M-h H` command used to try to send the whole buffer to the new HOL session when there was no region high-lighted.
166    Now the behaviour is to send everything up to the cursor.
167    This seems preferable: it helps when debugging to be able to have everything up to a problem-point immediately fed into a fresh session.
168    (The loading of the material (whole prefix or selected region) is done ���quietly���, with the interactive flag false.)
169
170-   Holmakefiles can now refer to the new variable `DEFAULT_TARGETS` in order to generate a list of the targets in the current directory that Holmake would attempt to build by default.
171    This provides an easier way to adjust makefiles than that suggested in the [release notes for Kananaskis-10](http://hol-theorem-prover.org/kananaskis-10.release.html).
172
173-   String literals can now be injected into other types (in much the same way as numeric literals are injected into types such as `real` and `rat`).
174    Either the standard double-quotes can be used, or two flavours of guillemet, allowing *e.g.*, `������foo bar������`, and `�����injected-HOL-string\n�����`.
175    Ambiguous situations are resolved with the standard overloading resolution machinery.
176    See the *REFERENCE* manual���s description of the `add_strliteral_form` function for details.
177
178-   The `Q.SPEC_THEN` function (also available as `qspec_then` in `bossLib`) now type-instantiates provided theorems �� la `ISPEC`, and tries all possible parses of the provided quotation in order to make this work.
179    The `Q.ISPEC_THEN` function is deprecated.
180
181Bugs fixed:
182-----------
183
184*   `smlTimeout.timeout`: The thread attributes are now given which eliminates concurrency issues during TacticToe recording.
185    This function now raises the exception `FunctionTimeout` instead of `Interrupt` if the argument function exceeds the time limit.
186
187New theories:
188-------------
189
190*   `real_topologyTheory`: a rather complete theory of Elementary
191    Topology in Euclidean Space, ported by Muhammad Qasim and Osman
192    Hasan from HOL-light (up to 2015). The part of General Topology
193    (independent of `realTheory`) is now available at
194    `topologyTheory`; the old `topologyTheory` is renamed to
195    `metricTheory`.
196
197    There is a minor backwards-incompatibility: old proof scripts using
198    the metric-related results in previous `topologyTheory` should now
199    open `metricTheory` instead. (Thanks to Chun Tian for this work.)
200
201*   `nlistTheory`: a development of the bijection between lists of natural numbers and natural numbers.
202    Many operations on lists transfer across to the numbers in obvious ways.
203    The functions demonstrating the bijection are
204
205           listOfN : num -> num list
206
207    and
208
209           nlist_of : num list -> num
210
211    This material is an extension of a basic treatment that was already part of the computability example.
212    Thanks to Elliot Catt and Yiming Xu for help with this theory���s development.
213
214*   `bisimulationTheory`: a basic theory of bisimulation (strong and weak)
215    defined on general labeled transitions (of type `:'a->'b->'a->bool`),
216    mostly abstracted from `examples/CCS`.
217    (Thanks to James Shaker and Chun Tian for this work.)
218
219New tools:
220----------
221
222*   HolyHammer is now able to exports HOL4 formulas to the TPTP formats: TFF0, TFF1, THF0 and THF1.
223    Type encodings have been adapted from the existing FOF translation to make use of the increase in type
224    expressivity provided by these different formats.
225
226*   It is now possible to train feedforward neural networks with `mlNeuralNetwork` and tree neural networks with `mlTreeNeuralNetwork`.
227    The shape of a tree neural network is described by a term, making it handy to train
228    functions from terms to real numbers.
229
230*   An implementation of Monte Carlo tree search relying on an existing policy and value is now provided in `psMCTS`.
231    The policy is a function that given a particular situation returns a prior probability for each possible choice.
232    The value is a function that evaluates how promising a situation is by a real number between 0 and 1.
233
234*   Tactic to automate some routine `pred_set` theorems by reduction
235    to FOL (`bossLib`): `SET_TAC`, `ASM_SET_TAC` and `SET_RULE`,
236    ported from HOL Light. Many simple set-theoretic results can be
237    directly proved without finding needed lemmas in `pred_setTheory`.
238    (Thanks to HVG concordia and Chun Tian for this work.)
239
240New examples:
241-------------
242
243*   [`examples/logic/folcompactness`] A port of some material from HOL Light ([this commit](https://github.com/jrh13/hol-light/commit/013324af7ff715346383fb963d323138)), about compactness and canonical models for First Order Logic.
244    This is work described in John Harrison���s [*Formalizing Basic First Order Model Theory*](https://doi.org/10.1007/BFb0055135).
245
246    Results include
247
248           ��� INFINITE ����(:��) ��� ffinsat (:��) s ��� satisfiable (:��) s
249
250    and
251
252           ��� INFINITE ����(:��) ���
253               (entails (:��) �� �� ��� ��������. FINITE ����� ��� ����� ��� �� ��� entails (:��) ����� ��)
254
255
256
257Incompatibilities:
258------------------
259
260*   The `term` type is now declared so that it is no longer what SML refers to as an ���equality type���.
261    This means that SML code that attempts to use `=` or `<>` on types that include terms will now fail to compile.
262    Unlike in Haskell, we cannot redefine the behaviour of equality and must accept the SML implementation���s best guess as to what equality is.
263    Unfortunately, the SML equality on terms is *not* correct.
264    As has long been appreciated, it distinguishes `�����x.x���` and `�����y.y���`, which is bad enough.
265    However, in the standard kernel, where explicit substitutions may be present in a term representation, it can also distinguish terms that are not only semantically identical, but also even print the same.
266
267    This incompatibility will mostly affect people writing SML code.
268    If broken code is directly calling `=` on terms, the `~~` infix operator can be used instead (this is the tupled version of `aconv`).
269    Similarly, `<>` can be replaced by `!~`.
270    If broken code includes something like `expr <> NONE` and `expr` has type `term option`, then combinators from `Portable` for building equality tests should be used.
271    In particular, the above could be rewritten to
272
273           not (option_eq aconv expr NONE)
274
275    It is possible that a tool will want to compare terms for exact syntactic equality up to choice of bound names.
276    The `identical` function can be used for this.
277    Note that we strongly believe that uses of this function will only occur in very niche cases.
278    For example, it is used just twice in the distribution as of February 2019.
279
280    There are a number of term-specific helper functions defined in `boolLib` to help in writing specific cases.
281    For example
282
283           val memt : term list -> term -> bool
284           val goal_eq : (term list * term) -> (term list * term) -> bool
285           val tassoc : term -> (term * ���a) list -> ���a
286           val xtm_eq : (������a * term) -> (������a * term) -> bool
287
288*   The `Holmake` tool now behaves with the `--qof` behaviour enabled by default.
289    This means that script files which have a tactic failure occur will cause the building of the corresponding theory to fail, rather than having the build continue with the theorem ���cheated���.
290    We think this will be less confusing for new users.
291    Experts who *do* want to have script files continue past such errors can use the `--noqof` option to enable the old behaviour.
292
293*   When running with Poly/ML, we now require at least version 5.7.0.
294
295*   The `type_abbrev` function now affects only the type parser.
296    The pretty-printer will not use the new abbreviation when printing types.
297    If the old behaviour of printing the abbreviations as well as parsing them is desired, the new entrypoint `type_abbrev_pp` should be used.
298
299*   The `Globals.priming` reference variable has been removed.
300    All priming done by the kernel is now by appending extra prime (apostrophe) characters to the names of variables.
301    This also means that this is the only form of variation introduced by the `variant` function.
302    However, there is also a new `numvariant` function, which makes the varying function behave as if the old `Globals.priming` was set to `SOME ""` (introduces and increments a numeric suffix).
303
304*   We have made equality a tightly binding infix rather than a loose one.
305    This means that a term like `���p = q ��� r���` now parses differently, and means `���(p = q) ��� r���`, rather than `���p = (q ��� r)���`.
306    For the weak binding, the ���iff��� alternative is probably better; thus: `���p <=> q ��� r���` (or use the Unicode `���`).
307    To fix a whole script file at one stroke, one can revert to the old, loosely binding equality with
308
309           val _ = ParseExtras.temp_loose_equality()
310
311    To fix a whole family of theories that inherit from a few ancestors, add
312
313           val _ = ParseExtras.loose_equality()
314
315    to the ancestral script files, and then the reversion to the old style of grammar will be inherited by all subsequent theories as well.
316
317*   By default, goals are now printed with the trace variable `"Goalstack.print_goal_at_top"` set to false.
318    This means goals now print like
319
320            0.  p
321            1.  q
322           ------------------------------------
323                r
324
325    The motivation is that when goal-states are very large, the conclusion (which we assume is the most important part of the state) runs no risk of disappearing off the top of the screen.
326    We also believe that having the conclusion and most recent assumption at the bottom of the screen is easier for human eyes to track.
327    The trace variable can be changed back to the old behaviour with:
328
329           val _ = set_trace "Goalstack.print_goal_at_top" 1;
330
331    This instruction can be put into script files, or (better) put into your `~/.hol-config.sml` file so that all interactive sessions are automatically adjusted.
332
333*   This is arguably also a bug-fix: it is now impossible to rebind a theorem to a name that was associated with a definition, and have the new theorem silently be added to the `EVAL` compset for future theories��� benefit.
334    In other words, it was previously possible to do
335
336           val _ = Define`foo x = x + 1`;
337           EVAL ���foo 6���;     (* returns ��� foo 6 = 7 *)
338
339           val _ = Q.save_thm (���foo_def���, thm);
340
341    and have the effect be that `thm` goes into `EVAL`���s compset in descendent theories.
342
343    Now, when this happens, the change to the persistent compset is dropped.
344    If the user wants the new `foo_def` to appear in the `EVAL`-compset in future theories, they must change the call to `save_thm` to use the name `"foo_def[compute]"`.
345    Now, as before, the old `foo_def` cannot be seen by future theories at all, and so certainly will not be in the `EVAL`-compset.
346
347*   In some circumstances, the function definition machinery would create a theorem called `foo_def_compute`.
348    (Such theorems would be rewrites for functions that were defined using the `SUC` constructor, and would be useful for rewriting with numeral arguments.)
349    Now, such theorems are called `foo_compute`.
350    As before, such theorems are automatically added to `EVAL`���s built-in compset.
351
352*   The global toggle `allow_schema_definition` has turned into a feedback trace variable.
353    Users typically use the `DefineSchema` entrypoint and can continue to do so.
354    Users can also pass the `schematic` attribute with the new `Definition` syntax (see above).
355    Programmers should change uses of `with_flag` to `Feedback.trace`.
356
357*   The theorem `MEM_DROP` in `listTheory` has been restated as
358
359           MEM x (DROP n ls) ��� ���m. m + n < LENGTH ls ��� x = EL (m + n) ls
360
361    The identically named `MEM_DROP` in `rich_listTheory` has been deleted because it is subsumed by `MEM_DROP_IMP` in `rich_listTheory`, which states
362
363           MEM x (DROP n ls) ��� MEM x ls
364
365*   The `drule` family of tactics (and the underlying `mp_then`) now generalise the implicational theorem argument (with `GEN_ALL`) before looking for instantiations.
366    If the old behaviour is desired, where free variables are fixed, replacing `drule` with `FREEZE_THEN drule` will stop generalisation of all the implicational theorem���s variables.
367    Unfortunately, this may then prevent the matching from occurring at all.
368    In this situation (where some free variables need to be instantiated to make the match go through and the remainder have to be appear as new ���local constants��� serendipitously linking up with existing free variables in the goal, or if there are type variables that need to be instantiated), `drule` may need to be replaced with
369
370           drule_then (qspecl_then [���a���, ���b���,...] mp_tac)
371
372    where `���a���`, `���b���` *etc.* respecialise the original theorem.
373
374    Alternatively, there is a more involved code that more robustly reimplements the old behaviour [available as part of the CakeML project](https://github.com/CakeML/cakeml/blob/349c6adc73366d9c689a0c8bd11d85c75fd0f71b/misc/preamble.sml#L534-L572).
375
376* * * * *
377
378<div class="footer">
379*[HOL4, Kananaskis-13](http://hol-theorem-prover.org)*
380
381[Release notes for the previous version](kananaskis-12.release.html)
382
383</div>
384