================================================================================
ProofPower Changes History
18th June 2017
================================================================================
3.1w8

Installation:

This release is compatible with Poly/ML versions 5.5.1, 5.5.2, 5.6 and 5.7.

PPHol:

1) A bug with floating point literals in %real%$_anf_conv has been fixed.

2) An issue with the Unicode mapping has been fixed.

================================================================================
3.1w7

General:

The main purpose of this release is compatibility with Poly/ML 5.6.

PPDev:

1) The slrp parser generator can now be compiled with MLton.

PPHol:

1) Pretty-printers are now installed with PolyML.addPrettyPrinter.

================================================================================
3.1w6

Installation:

The xpp help code is now prebuilt which means that the installation
process does not depend on nroff (groff).

General:

The main purpose of this release was a major tidy-up of the documentation.
There are no significant functional changes.

================================================================================
3.1w5

Installation:

The PPTARGETS environment variable may now be used to specify which
packages you want when the configure script is run. This reinstates
a facility that was withdrawn as a temporary measure in version 3.1w2.

PPTex:

1) doctex now puts definitions of macros VCDate and VCVersion at the head
of the TeX file containing the date and version of the input file as
given by the version control system you are using. Currently only git
is supported. The current date and "Current" are used if the file is
not under version control.

PPHol:

1) The Reader/Writer now supports input and output in the UTF-8 encoding
of a Unicode representation of the mathematical symbols. This gives an
alternative to the ProofPower extended character set that is more
portable and convenient for many purposes. (This is not yet supported by
xpp or the document preparation system.)

================================================================================
3.1w4

1) There have been minor corrections to the installation scripts.

2) A bug in the rollback function has been fixed: it now exits with the
current theory the same as it was when the checkpoint was taken (as the
documentation said it should).

================================================================================
3.1w3

General:

1) Minor improvements to the distclean script.

2) Document change histories revamped to fit with the port to git.

================================================================================
3.1w2

General:

1) PPDaz is now included.

2) The configure script now just builds all available packages. This
change was made to simplify the port from RCS to git and the facility to
select packages may be reinstated in a future release.

3) The src directory now has subdirectories for each of the packages.

================================================================================
3.1w1

General:

1) All packages have now been built and tested on Cygwin.

PPHol:

1) simple_new_defn in the logical kernel has been replaced by
gen_new_spec.  There is a variant new_spec1 of new_spec derived from
gen_new_spec.  new_spec1 has a slightly more flexible interface than
new_spec.

================================================================================
2.9.1w8 (relative to 2.8.1)

General:

1) This release now builds on the Cygwin environment on Windows, but note
that the xpp user interface has not been compiled or tested on Cygwin.

PPTex:

1) A problem with doctex etc. when the installation directory name contained
spaces has been fixed.

2) You can now mark up a piece of formal text to be underlined. PPXpp provides
new underlining bracket characters to delimit underlined text, or you can
use the keywords %ulbegin% and %ulend%. Underlined text can spread over
any number of lines and nested underlining brackets cause multiple underlining.

PPXpp:

1) Typing and deleting are now always treated as separate undoable actions.

2) The appearance of a number of glyphs in the holnormal font has been
improved.

3) The XppKeyboard resource file now sets the keyboard bindings up so
that undo & redo work when caps lock or num lock is on. It also includes
some suggestions for configuring for Apple Macintosh keyboards.

4) The Windows menu now has a Show/Hide Journal entry that toggles
display of the Journal window.

5) A bug that could make xpp crash if invoked with a long path name
has been fixed.

6) The font now includes underlining bracket characters. These display
as underlined brackets (see also PPTex changes).

7) The method for setting the initial geometry and layout in app-defaults/Xpp
has changed. This is now done using application resources: Xpp.orientation,
Xpp.totalRows, Xpp.totalColumn and Xpp.journalRatio. This makes it possible
to choose settings that work well in both command and edit-only sessions.

8) The Window Menu in command sessions has two new items: Toggle Geometry.
which lets you switch between the horizontal and vertical layouts and Show
Geometry which prints out information about the geometry which you can feed
back into app-defaults/Xpp. The menu with just the Show Geometry item is now
also available in edit-only sessions.

9) The font now includes a special character for unary minus in Z. This
displays as a short minus sign.

10) There is an option to stop the text that you executed being echoed in
the Journal Window. This can be useful in demos and if you want to use xpp
as a front end to an interactive program (e.g., bc) that thinks xpp needs
the program to echo input text for it.

PPHol:

1) A new Theorem Finder module has been added providing functions that search
the theory database for theorems satisfying specified criteria.  See section
6.5 of the HOL or Z Reference Manual (USR029 or USR030) for more details.

2) A function simple_ho_match implementing Miller and Nipkow's higher-order
matching algorithm for linear patterns is now provided together with
a conversion simple_ho_eq_match_conv exploiting it. There is also a
new conversion simple_%beta%_%eta%_conv that proves equations s = t where
s and t are alpha-beta-eta-equivalent.

3) set_%exists%_cd_thms now allows the existence theorems to be formulated with
unique existential quantifiers or plain existential quantifiers. (Previously
unique existential quantifiers were required.)

4) A bug in type inference that prevented use of binder syntax in the
declaring occurrence of a HOL constant has been fixed.

5) There are new rules simple_%implies%_match_mp_rule2 and
%implies%_match_mp_rule2. These are like simple_%implies%_match_mp_rule1 and
%implies%_match_mp_rule1 except that they do some renaming to avoid variable
capture problems that make the results of those rules less general than they
might be. %implies%_match_mp_rule2 is now used (by default, see (6) below)
in the forward chaining rules and tactics. This change will affect proofs
that use the forward chaining tactics. The component proof context "'mmp1" may
be used to obtain the old behaviour (see (6) and (7) below). E.g.,
if the old behaviour is required in a call of all_asm_fc_tac, one
can use EXTEND_PC_T1 "'mmp1" all_asm_fc_tac.

6) The matching modus ponens rule used in forward chaining can now be changed
using the new "mmp" field in a proof context. New component proof contexts
"'mmp1" and "'mmp2" are provided that use %implies%_match_mp_rule1 and
%implies%_match_mp_rule2 respectively. Since %implies%_match_mp_rule2
rather than %implies%_match_mp_rule1 is now the default, proof context "'mmp1"
is useful for backwards compatibility.

7) It is now possible to extend the current proof context with one or
more additional proof contexts. See the entries for functions such as
set_extend_pcs and EXTEND_PC_T for more details.

8) Higher-order rewriting is supported. Use the proof context 'sho_rw
to enable it. This can be used, for example, to do conversion into
prenex normal form with the aid of the new theorem prenex_clauses:
	merge_pcs_rule1 ["predicates", "'sho_rw"] rewrite_rule
		[prenex_clauses] list_induction_thm;
Will convert the conclusion of list_induction_thm into prenex normal form.

9) A faster version of the rule v_%exists%_intro developed by Phil Clayton
is now used. This change also provides the theorem %exist%_intro_thm,

10) Depending on the setting of a new flag, pp_use_type_abbrev, the
pretty-printer now uses type abbreviations where appropriate in printing
out HOL types. The flag is true by default.

11) The theory combin now defines the function Pair that represents the
universal property of binary products. The theorem pair_clauses, the proof
context 'pair and those that include it are all able to simplify applications
of Pair.

12) A bug that made basic_prove_%exists%_conv sensitive to the proof
context has been fixed.

13) pp now requires "--" on the command line to separate its options
from the options to be passed on to the ML compiler.

14) There are now functions delete_kernel_inference_funs,
delete_on_kernel_state_change_fun and delete_before_kernel_state_change_fun
 allowing entries from thes list of functions set up with on_kernel_inference
on_kernel_state_change and before_kernel_state_change to be deleted.

15) There is a new tactic if_cases_tac (or more generally, IF_CASES_T) that
automatically does case splits on the conditions of any suitable conditionals
in the conclusion of a goal.

PPZed:

1) Schemas with empty signatures are now supported. These can arise, for
example, by hiding all the signature components of a schema. Empty signatures
are also allowed in the declaration part of axiomatic descriptions and other
paragraph forms.  This gives full compatibility with the ISO Z support for
empty signatures.

2) There are new syntax functions mk_z_%subset%, is_z_%subset% and
dest_z_%subset%.

3) Horizontal schemas where the declaration comprises a single schema reference
now always have the predicate part printed.

4) A bug in the inference of the type of the characteristic tuple in
set abstractions, lambda expression and mu expressions has been fixed.

5) Operands of fancy fix operators corresponding either to predicate stubs
("_?") or to context stubs ("_!") in a predicate context are now type-checked
as predicates, so that schema expressions are converted into predicates. Note
that this affects the treatment of conditionals, in particular, a quotation
like %SZT%if 1 = 2 then 3 else 4%>% will fail because the outer level of a
Z quotation is a predicate context: you now need a cast to force an expression
context: %SZT%(if 1 = 2 then 3 else 4) %bigcolon% %bbU%%>%.

6) == may now be used as an alternative to the %def% symbol in abbreviation
definitions and binding displays.

7) The guillemets brackets used in free type definitions in other dialects
of Z are now supported. They are just treated as general purpose brackets and
may be useful in their own right if you need a form of bracket that is not
eliminated by the type checker. (Rewrite with z_guillemets_thm to eliminate
them yourself).

8) Several problems with parsing of expressions involving fancyfix operators
with the special stubs (_? and _!) have been fixed.

9) A generalisation of the old convention that an underlined identifier acts
an infix relation is now supported. This has been done by defining a toolkit
operator "_ %ulbegin% _ %ulend% _" such that "x %ulbegin% R %ulend% y"
means (x, y) is a member of the relation R. (Here %ulbegin% %ulend% are
stand for the new underlining bracket characters.) With this operator,
an arbitrary expression can be used as an infix relation by underlining it.

10) A bug in the type-checking for characteristic tuples has been fixed.

11) z_%forall%_intro_conv1 and z_%exists%_intro_conv1 used to fail if
bound variables declared by schemas-as-declarations had been renamed.
They now introducing schema renamings where possible to rectify this
problem. This makes a number of conversions (such as z_%mem%_seta_conv)
and proof contexts that apply these conversions (such as z_sets_ext)
work in situations where they would previously have failed or produced
a result that was not fully simplified.

12) For compatibility with the ISO standard, %cat%/ is now defined in the Z
library theory of sequences as an alias for the distributed concatenation
operator %dcat%.

13) The new unary minus symbol is declared in the thoery z_numbers as
equal to the existing unary minus written as a tilde. This gives visual
compatibility with the ISO standard.

14) Z declarations can now be entered directly using the parser.
See USR005 section 6.2 for details.

================================================================================
2.8.1pN

PPXpp:

1) xpp now works with 64 bit implementations of X Windows and Motif
(and the code has been tidied up to make it more portable generally).

2) Bugs in the working of the options tool have been fixed.

PPHol:

1) With some interim versions of Poly/ML the build would loop because
of a problem with printing circular data structures. The make file has been
changed so that this no longer happens.

2.8.1

General: ProofPower now builds on Poly/ML version 5.2 or later.

PPXpp:

1) The Abandon menu entry has been removed - the facility it provided
is no longer needed under Poly/ML version 5.1 or later. The Interrupt
menu entry now causes execution of the current ML command to be abandoned
with no further interaction (just as it always has under Standard mL of
New Jersey).

2) Xpp no longer treats the text as modified if all changes made have
been undone.

3) If you try to quit or open a new file when the text has been modified,
xpp now gives you the opportunity to save your work rather than just
to proceed or cancel.

4) If you use another program to change the permissions but not the contents of
a file that you are editing with xpp, it no longer warns you when you try to
quit or open a new file.

5) In a command session, xpp now has a window menu which lets you control
whether or not the script window is displayed.

6) The names of panic backup files now include the name of the file you
are editing if any and the access mode bits are copied from the file
if known.

7) The keyboard layout files XppKeyboard3 and XppKeyboard4 have been
replaced by a new layout XppKeyboard (based on XppKeyboard4). The old
files will still work if you have them, but the new file is strongly
recommended.

PPTex:

1) docsml now removes indexing brackets from the names in paragraph headers
(e.g., the name of the schema in a Z schema box).

PPHol:

1) There is a new program pp-ml which takes the place of the poly
executable. It should not be called directly but only via the scripts
pp, hol zed etc.

2) There are changes to the signature of the save function reflecting
the port to Poly/ML. A new save_as function is provided.

3) The -c option of the script pp_make_database now does what it was
supposed to do and suppresses the attempt to compactify the parent
database.

4) Under Poly/ML compacting a database by sharing common data was
formally done using the "-c" option to poly. With Poly/ML 5.2, this should now
be done by asking pp to pass the -c option to pp-ml, i.e., with the command:

       pp -d <databasename> -- -c

5) The handling of interrupts has been simplified. A keyboard interrupt
now just abandons the current computation.

6) There is a new conversion %lambda%_pair_conv which eliminates
abstraction over pairs in favour of abstraction over elements of pairs.

6) There is a new derived rule list_simple_%exists%_intro and a new tactic
list_simple_%exists%_tac which are more efficient than iterated use of
simple_%exists%_intro and simple_%exists%_tac. 

7) A utility function Sort.merge is provided that merges two sorted lists.

8) The generic theory lister function gen_theory_lister now supports
nested structures, e.g., a lister could recursively process ancestor
theories. An additional function gen_theory_lister1 has been added which
is like gen_theory_lister but suppresses certain checks.

9) The handling of strings in ProofPower-ML has been simplified. Strings
containing the letter Q are no longer treated specially. 

PPZed:

1) Alphanumeric identifiers in Z may now start and end with underscores.
This means that spaces are now required in the names of infix operators
such as "_ div _".

2) The theory z_reals now includes the lower bound and upper bound relations
and the greatest lower bound and least upper bound functions.

3) There is a flag pp_quote_z_strings to control whether or not the Z
pretty-printer puts Quine corners around string literals. This is intended for
use in programming object language like the Compliance Tool notation which
include some or all of the Z language but with variant lexical rules for string
literalss.

PPDaz:

1) Child packages are now supported.

2) The concrete syntax for modular types is now recognised, but formal
support for modular types is not yet provided.

3) The programmable facilities for output of Compliance Notation web clauses
now produce valid Compliance Notation syntax.

4) SPARK annotations can now contain arbitrary text including non-ASCII
characters, unmatched quotation symbols etc.

================================================================================
2.7.8

PPTex:

1) The scripts doctex, docdvi, etc. will now accept any legal file name
(previously file names containing spaces were not processed properly).

PPHol:

1) The scripts pp, pp_list etc. will now accept any legal file name (previously
file names containing spaces were not processed properly).  The commands with
-i or -f options no longer accept comma-separated lists of file names, so that
file names may contain commas. A list of -i or -f options may be used to
achieve the effect of a single option with a list of file names.

2) A new function for constructing term orderings, make_term_order, has been
provided, which is much more powerful and easier to use than the old function
gen_term_order (which is retained for backwards compatibility). The repertoire
of functions for constructing orderings on ML types has been extended and moved
into a separate structure Order with its own section (2.10) in the reference
manual USR029. These facilities have been used to reimplement the term ordering
for the real numbers which fixes a number of problems with %R%_term_order.

This change may affect some proofs involving real numbers, since the change
affects the arithmetic normal form produced by %R%_anf_conv, but this is
expected to be quite rare (the ProofPower mathematical case studies only needed
1 small change).

3) A quantifier elimination procedure for real linear arithmetic is now
provided as a conversion %R$_lin_qep_conv. There are also a number of new
conversions and conversionals that are useful in implementing quantifier
elimination procedures (see USR029 section 8.7).

PPZed:

1) The scripts zed and zed_list have been changed to accept any legal file name
(see change (1) to PPHol above for details).

2) Functions mk_dollar_quoted_string and dest_dollar_quoted_string have been
provided to assist in programming applications that use the quoted identifier
syntax ($"..."). The implementation of quoted identifiers has been made more
robust. Quoted identifiers are no longer allowed as parts of fancyfix
identifiers.

3) ML names that refer to the integer range operator now uniformly refer to it
as dot_dot. The conversion formerly known as z_dots_conv is now called
z_simple_dot_dot_conv.

PPDaz:

1) Z quoted identifiers may now be used in pre- and post-conditions.

2) There is now a function delete_deferred_subprogram that allows
the development steps for a deferred subprogram to be undone.

================================================================================
2.7.7

PPDev:

1) The SLRP parser driver function slrp'parse now only calls the lexical
classifier function once for each token read.

2) The support for automatic generation of the reduction functions in SLRP has
been made more flexible. The command line interface has new options -b and -r
which make it easier to build a parser by mutating  the automatically generated
reduction functions.

PPXpp:

1) Symbols for set symmetric difference, sequence extraction and functional
composition in the ISO standard Z toolkit have been included in the fonts.

2) The file selection dialogue now retains its state if there is a problem
accessing the file rather than just cancelling the operation (so that you can
choose whether to fix the problem or to cancel the operation).

3) Dismissing an error dialogue using the ESC key now works properly for
all dialogues.

4) The Goto Line operation now selects and highlights the line you have
jumped to.

5) When you open a read-only file, xpp no longer prompts for confirmation
(unless you are working as super-user).

6) When you attempt to quit, xpp no longer checks whether the application
is running.

PPTex:

1) The symbols for set symmetric difference, sequence extraction and
functional composition in the ISO standard Z toolkit are now supported.
The ASCII keywords reflect the ISO standard in using %fcomp% for
functional (right-to-left) composition and %rcomp% for relational
(left-to-right) composition. The keyword %fcompose% formerly used
for relational composition has been withdrawn.

2) Underscore characters are no longer allowed in multi-character subscript
or superscript strings introduced by the %down% or %up% characters.

PPHol:

1) There is a new tactic intro_%forall%_tac1: intro_%forall%_tac1 x
being equivalent to the common idiom intro_%forall%_tac(x, x).

2) Names that were previously prefixed with "icl'" to indicate that
they are not for normal use are now prefixed with "pp'".

3) The signature of the logical kernel has been rationalised and the standard
kernel interface has been made more efficient. Apart from minor changes to
error messages, this change should be invisible in all normal use of the system
using the standard functions to access the logical kernel such as new_theory,
new_parent etc. There is now a function kernel_interface_diagnostics that can
be used to resolve problems caused by use of internal functions such as
pp'new_theory, pp'new_parent, etc.

4) The functions get_const_theory and get_type_arity have been moved from
the structure SymbolTable to the structure KernelInterface. This allows
a more logical and more efficient implementation. This change is only visible
to users doing very low level programming of the system.

5) Some extra theorems about finiteness and the size of finite sets have
been added to the theory fin_set. The theorem %union%_finite_thm has
been changed from an implication to a more useful bi-implication.

6) save_thm, new_conjecture and related functions now enforce the convention
that, if a theory contains a conjecture and a theorem stored under the same key,
then the theorem must prove the conjecture. This convention has been used to
provide new functions is_proved_conjecture, get_proved_conjectures and
get_unproved_conjectures.

7) The theory of real numbers now provides exponentiation for integer as
well as natural number exponents. Note that this overloads the symbol "^"
so you may need to add a type constraint to resolve the overloading.

8) The files specified in the `-i' option to pp are now processed after
calling any functions registered with new_init_fun.

9) The proof context '%bbR% now includes %bbR%_frac_norm_conv in its rewriting
conversions. This means, for example, that it will now automatically rewrite
2/4 to 1/2.

10) The function force_get_cache_theory now creates a new cache theory rather
than using the current theory if none of the existing cache theories is usable.

11) The script pp(1) now has a -q flag to suppress subgoal package output in a
batch run of ProofPower. This is complementary to the -v flag which now forces
subgoal package output.

12) By default, non-ASCII characters in HOL character and string literals are
now pretty-printed using the extended character set rather than using ML escape
sequences.  ML escape sequences are used if the flag pp_use_extended_chars is
false.

13) The ML types TYPE and TERM are now equality types. The functions "=$" and
"=:" have been retained for backwards compatibility, but ordinary ML equality
may now be used to compare TYPEs and TERMs. ("~=$" must of course still be used
to test for alpha-equivalence).

14) Floating point literals are now supported (see USR005, ProofPower
Description, for the syntax).

15) The theory of sets now includes the symmetric difference operator (using
the same symbol as in Z).

16) Functions Max%down%R and Min%down%R that give maxima and minima of lists
are now supplied in the theory of real numbers along with supporting
conversions etc.

PPZed:

1) The theory of sets in the Z library now provides the symmetric difference
operation in line with the ISO standard Z toolkit. All proof contexts that
previously contained rules for handling union, intersection and set difference
now include analogous rules for symmetric difference.

2) The theory of sequences is now in line with the ISO standard Z toolkit.
I.e., the squash operation that converts a finite partial function into a
sequence is defined and used in the new definition of the extraction operator
and in the revised definition of the filtering operator.

3) Names that were previously prefixed with "icl'" to indicate that
they are not for normal use are now prefixed with "pp'".

4) The syntax for let-expressions now uses ";" rather than "," to separate
the definitions (which brings the syntax closer to the ISO standard). A bug
in the processing of let-expressions has also been fixed.

5) Decorated fancyfix identifiers are now supported. E.g., if _ op _
is declared as an infix operator, you can use _ op _ as a signature
variable in a schema, and decorating the schema will produce schemas
with signature variables such as  _ op' _, _ op! _, _ op? _, etc.

6) "Decor" or "decor" is now used systematically as the abbreviation
for "decoration" in names such as is_decor%down%s (which was previously
called is_dec%down%s).

7) The Z lexical rules have been extended to allow a Z identifier to
be given as a `$` immediately followed by a string quotation. This
makes it possible to embed a complex namespace in the Z namespace without
having to encode names as alphanumeric strings.

8) The new symbol for functional composition is now used in the Z library
rather than an ASCII 'o'.

9) Floating point literals are now supported (see USR005, ProofPower
Description, for the syntax).

10) The proof context 'z_reals now includes z_%bbR%_lit in its rewriting
conversions. This means that it will now automatically normalise fractions
made up of numeric literals.

11) The change to force_get_cache_theory in PPHol (see above) means that when
Z terms are parsed, a new cache theory may be created, if necessary, to hold
any supporting HOL definitions (previously, the current theory was used as
the cache theory, if no other cache theory was available).

12) By default, non-ASCII characters in Z character literals are now
pretty-printed using the extended character set rather than using ML escape
sequences. ML escape sequences are used if the flag pp_use_extended_chars is
false.

13) The coverage of the conversion z_let_conv has been extended.

14) Several problems with type-checking of let-expressions have been fixed.

15) The bag bracket symbols are now treated as punctuation (or "stops" in the
terminology of USR005, ProofPower Description).

16) There is a new conversion z_dot_dot_conv which expands ranges with
signed integer constant bounds, into set displays, e.g., ~1 .. 1 = {~1, 0, 1}.

PPDaz:

1) A new keyword $IMPLICIT is supported that enables the user to declare
subprograms that are implicitly declared in Ada. This is for use in package
bodies when subprograms declared in the package specification are used
before the subprogram body has been introduced.

2) The functions fmt_exp and fmt_exp1 in the CNAdaOutput structure are
now made visible for use by implementors of extensions to the system.

3) Aggregates inside other aggregates are no longer required to occur
inside a qualified expression.

4) Names that were previously prefixed with "icl'" to indicate that
they are not for normal use are now prefixed with "pp'".

5) Unions arising from translating array aggregates now respect the
left-associativity of the union operator.

6) Some bug fixes, performance enhancements and enhancements to the error
handling have been implemented.

7) `$' characters may now be used in the Z parts of a Compliance Notation
script.

8) The definitions in the theory 'cn' have changed to accommodate the change to
the name of the functional composition operator in the Z library.

9) The mapping of the Ada namespace into Z has been adjusted so that a single
theory can be used to represent the contents of a package specification both
for the package body and for program units that refer to the package. This
means that the Z translation of the types, constants and variables declared in
a package specification is now the expanded name, i.e., it includes the package
name prefix.  Program units that refer to subprograms in the package do so
using the expanded names, whereas inside the package body the simple name is
used.

10) The names used for a Compliance Notation script must now be derived from
the name of the Ada compilation unit it contains. See USR504: Compliance
Notation Language Description section 3.5 Program Structure for details of
the naming conventions.

11) The names of Ada entities in Z expressions must now be given in their
canonical expanded form. This means that the names of types, constants and
variables that are declared in a package specification must now be referred
to with the package name prefix in all contexts. If you do use the form
without the required prefix, the error message will tell you what the
canonical name is.

12) Expanded names involving package names, subprogram names, block names
and loop names are now fully supported - any valid Ada name for an entity
may be used in the Ada parts of a script.

13) Z floating point literals are now used in the translation of Ada real
literal expressions.

14) Renaming definitions for functions and constants no longer give rise to
abbreviation definitions. Note that this means that pre- and post-conditions
must now refer to the renamed function or constant using its original name.

15) Every subprogram body and block is now associated with a theory to hold the
Z paragraphs arising from its declarative part and its sequence of statements.
This is the script theory for a subprogram body appearing as a compilation unit
and is an automatically generated theory for subprogramms and blocks appearing
in packages or other subprograms.  See section 3.5 of USR504, Compliance
Notation Language Description for more information. 

16) A function get_script_theories is provided to list all the theories
associated with a Compliance Notation script.

17) The name of the type in a use type clause may now be given as an
expanded name (i.e., prefixed with a package or subprogram name).

18) A string control cn_spark_annotation_char is now provided to control the
character that distinguishes SPARK annotations from other Ada comments.

19) The string control "case_of_ada_keywords" has been renamed as
"cn_case_of_ada_keywords" for uniformity with other control names.

20) The new command open_scope has been provided to navigage into
the scope of a nested subprogram.

21) It is now possible to defer the generation of Z for a nested
subprogram using a new keyword $deferred. This makes it possible
to give the formal development of the body of a nested subprogram
in a child database.

22) The parametrisation of new_script and related commands has been changed so
that the name and type of the compilation unit are given separately with the
name being given in Ada rather than in its Z translation.

23) Formal parameters may no longer be included in the global dependency
list of a subprogram. When a procedure is called, the global dependencies
of the called procedure must now appear either in the frame of the
specification statement being refined or in the global dependency list
of the calling procedure.

24) A theory is now introduced to represent the scope of a block statement.
The theory is named <block_name>'block, where <block_name> stands for the
expanded name of the block. This makes the treatment of the scope for
block statements uniform with subprograms.

25) The tool now attempts to check whether a range in a real type definition is
empty and reports an error if it is. If it is not possible to check
automatically whether the range is empty, a VC is generated. (Previously
this was only done for integral types).

================================================================================
2.7.6

PPXpp:

1) xpp should now work on recent Linux systems that support the grantpt
method for allocating pseudo-terminals and not the older /dev/ptyXXX method.

2) A bug whereby the Palette and the Templates Tool would sometimes insert
text in the wrong place has been fixed.

3) A bug under Mac OS X which made the Restart Application item in the
Command menu unreliable has been fixed.

4) A problem with the font files on some systems (duplicate/mismatched
FONT properties) has been corrected.

5) A keyboard accelerator (Ctrl+D, by default) is now defined to bring
up the Command Line Tool.

6) When you apply a change to the command line in the options tool, you
now get a dialogue asking if you want to restart the application.

7) The fonts now includes glyphs for blackboard bold B, C, and S.

PPTex:

1) The style and keyword files now support the font characters for
blackboard bold B, C and S.

PPHol:

1) The system initialisation interfaces have been tidied up. This gives
some minor improvements in the behaviour. For example, the function
Initialisation.new_init_fun now provides a general facility for registering
a function to be called at the start of a session.

2) A function on_kernel_inference is provided which lets you register functions
to track applications of the built-in inference rules.

3) The function app has been added to the ML utilities and is used in
a number of places where previously map was used.

4) Left associative operators are now supported in ProofPower-HOL. This
introduces new functions: declare_left_infix, declare_right_infix,
get_left_infixes and get_right_infixes. The function get_infixes is no longer
provided, but declare_infix remains as another name for declare_right_infix.
The datatypes FIXITY and ASSOC used by the parser and pretty-printer have also
been changed to accomodate parsing of left-associative oeprators.

5) Left associative operators are now used in the ProofPower-HOL theories to
make terms involving arithmetic subtraction, set difference and similar
operators associate as one would expect. Following HOL Light, this is done by
making the operators in question left-associative and giving them higher
precedence than the related associative operations (such as addition) which
remain right-associative.

6) A problem with arithmetic normalisation for the reals (%bbR%_anf_conv)
has been fixed, this also fixes some problems the linear arithmetic
decision procedure for the reals (prove_tac in the proof context "'%bbR%").
This may affect proofs involving terms of the form %bbN%%bbR% x or x/y where
x is not a numeric literal (the decision procedure may succeed in proving
goals that it previously could not).

7) The theory of reals now includes the embedding %bbZ%%bbR% of the integers
in the reals and some basic theorems about it.

8) A bug in pp_list that meant it would sometimes update the database if
interrupted has been fixed.

9) There are new functions oe_key_flatten, key_mk_const, key_dest_const,
key_mk_ctype key_dest_ctype, get_const_keys and get_type_keys. These have been
used to increase the performance of some operations with theories (such as
open_theory) when the theories involved contain very large numbers of types
and/or constants.

10) A bug leading to a possible variable capture problem in type instantiation
of terms (inst and rules such as inst_term_rule that use it) has been fixed.

PPZed:

1) The precedence and associativity of infix operators in the Z library
is now in line with the ISO Z toolkit.

2) The syntax for fixity paragraphs now allows the templates to be
enclosed in brackets (as required by the ISO standard syntax).

3) A handful of new theorems about finite cardinalities has been
added to the theory z_numbers1.

4) Schema projection is now a right-associative operator and no
longer fails in the (not very useful) case when the signature
of the second operand subsumes the signature of the first operand.

5) In a schema quantification, the schema text operand may now declare
variables that are not in the signature of the schema operand. This brings
this language feature in line with the intentions of the ISO Z standard.

6) The theorems z_dom_clauses and z_ran_clauses used only to apply to relations
whose domain and range have the same types. This restriction has been relaxed.
This makes the theorems and several proof contexts that use them more powerful.

7) Various restrictions on the operands of schema composition have been lifted.
Any combination of operands for which the defining property of schema
composition is well-typed is now allowed. This brings this language feature
in line with the ISO Z standard.

8) Let-expressions are now supported (see usr005.dvi for the syntax).
Conversions z_let_conv and z_let_conv1 are provided for reasoning
about let-expressions.

9) The global variables BOOL and CHAR have been renamed as blackboard
bold B and S (for "symbol" or "schriftzeichen").

10) The HOL types corresponding to given sets or free types in Z now
have their names decorated with a leading "z'".

11) The syntax for operator templates has been extended to allow
the Z standard from ",," as a synonym for "..." and to support
two new forms of stub: "_?" and "_!" which make higher-order
operators (i.e., operators whose operands can range over predicates)
easier to use. The Pi operator is now defined using "_?".

12) Conditional expressions and predicates are now supported (the
conditional is defined as a higher-order operator "if _? then _! else _!"
in the theory z_sets). The main proof contexts for Z will simplify
conditional expressions whose condition is given as "true" or "false".

13) A dollar character followed by a string quotation may now be used in Z in
much the same way as in HOL, to form a variable name whose syntax need not
conform with the lexical rules. Unlike HOL, no space is allowed after the
dollar character, so the dollar character can still be used to form ordinary
Z identifiers.

14) There is a new inference rule rule z_gen_pred_u_elim which can
simplify working with the definitions of generic global variables.

15) The schema operators that have the same names as logical connectives
(i.e., the three sorts of quantification, conjunction, disjunction,
implication and bi-implication) now have alternate names with a subscript
"s" (by analogy with the other schema operators like composition). This
can make complex expressions involving both logical and schema operators
easier to read. A flag subscript_z_schema_operators is provided, defaulting
to false. If the flag is true, the parser will not accept the unsubscripted
forms of the name as schema operators.

PPDaz:

1) Labelled statements are now supported (the label is ignored in the
formal treatment). This allows formal development of code containing
labels, but not goto statements, e.g., for documentary purposes.

2) Goto statements are supported informally.

3) VC generation now keeps a closer track of where in a sequence of
statements variables may change. This causes provable VCs to be
produced in several cases where correct code could not previously be
verified.

4) There has been a minor improvement to the generation of domain
conditions in VCs arising from for-loops with variable bounds.

5) The syntax of the Compliance Notation has been changed so that
keywords must be prefixed with a dollar sign.

6) A function create_package_spec_theory is provided which lets you
create the package specification theory before introducing compilation
units that refer to the package.

7) Derived types are now supported.

8) When generation of domain condition is enabled, domain conditions
are now produced asserting the type or subtype constraints that apply to: (i),
actual parameters of mode in or in out in a procedure call; (ii), the
right-hand sides of assignment statements; and, (iii) the returned
expression in return statements in function bodies.

9) The not and array_not operators in the theory cn now have precedence
50 (the same as "**" following the rules for the Ada operators).

10) Informal development steps now result in warnings. E.g., a warning
is produced if a specification statement is given for a subprogram
in a package specification but no specification statement is given
for it in the package body.

================================================================================
2.7.5

PPXpp:

1) The palette tool now avoids a problem with sprintf on some systems that
caused the buttons to be labelled with hex digits rather than mathematical
symbols.

2) Some default values in the example resource files have changed (width of
file name text field is now 24, maximum size of journal is now 1,000,000).

3) A number of minor changes have been made to the dialogue boxes, particularly
ones with text windows to make their behaviour more uniform.

4) Several minor bugs have been fixed, e.g., earlier releases gave
an incorrect warning that the file had been changed under some conditions.

5) If you try to open a binary file, the dialogue warning you that this
has drawbacks gives you the option not to continue.

6) The supplied example applications defaults files suppress the unintuitive
behaviour of the Home and End keys in file selection dialogues.

7) The file selection dialogues now reset the file name field whenever they
are popped up.

PPHol:

1) The theory fin_set now provides theorems giving the basic facts about sizes
of finite sets along the lines of those provided for ProofPower-Z.

2) File names with the letter `Q' in them are now supported properly
by use_file and the theory listers.

PPDaz:

1) It no longer causes an error to process a renaming declaration for a
informal subprogram.

2) It is no longer permitted to have an informal procedure and a formal
procedure of the same name. This fixes a potential unsoundness.

3) A flag cn_ignore_spark_annotations has been introduced which causes
Ada comments of the same form as SPARK annotations to be ignored.

4) Forward declarations of informal functions are now supported.

5) The Z paragraph that represents a function renaming in a package
specification is now an abbreviation definition (making this case
uniform with other places where function renaming occurs).

6) The force of use clauses in package specifications now propagate into the
package body.

================================================================================
2.7.4

General:

A file VERSION is now included in the ProofPower home directory identifying
the version of the system.

PPXpp:

1) The Search and Replace tool has been simplified: the rarely used buttons for
"search-then-replace" have been removed as have the ":= Selection" and "Empty"
buttons (the functionality of the latter two is available by right-clicking in
the text areas); the toggle buttons that control the options "ignore case" and
"use wildcards" (previously known as "use regular expressions") are now in the
Search and Replace tool window and so the "Options" button is no longer
necessary.

2) The execute function in the Command Line tool now reports back to you
if the application is not running.

3) A bug in the (non-wildcard) search function has been fixed.

4) A bug in the command-line option processing on Mac OS X and Solaris
has been fixed.

5) The file selection dialogues now reread the contents of the directory
whenever they are popped up.

6) The keyboard accelerators (e.g., Ctrl-X for Execute Selection) now
work when the CAPS lock or other shift keys are pressed. N.b., you will
need to update your Xpp resource file (~/app-defaults/Xpp) for these
features to work.

7) The appearance of several of the dialogue windows has been improved.

8) The layout of the palette tool is now user-configurable.

PPHol:

1) The functions list_e_enter and e_stats have been added to
the Standard ML utilities.

2) Type inference contexts are now implemented internally as efficient
dictionaries rather than association lists. The old interfaces for setting and
getting the context as lists are still supported but are supplemented by more
efficient interfaces that give access to the efficient dictionaries.

3) The handling of HOL aliases has been moved into the HOL pretty-printer
rather than the generic pretty-printer (this avoids a sometimes slow
computation with data types when other languages such as Z are pretty-printed).

PPZed:

1) Bracket elimination in the pretty-printing of binding and tuple
selection has been improved (a fix in 2.7.3 was causing unnecessary
brackets to be added).

2) A bug in the pretty-printing of theta-expressions has been fixed.

3) A function z_print_fixity is provided to print out information about
fancy-fix operator symbols (infix, postfix etc.).

PPDaz:

1) The internal representations of the data structures that represent
the Compliance Notation name-space have been radically revised in
the interests of performance and to make them more uniform.

2) It is now legal to repeat a use clauses for a package.

3) The treatment of forward declarations of subprograms is more liberal.

4) The pretty-printing of a package with an empty private part has been
corrected (and this construct will give a non-SPARK warning if those warnings
are requested).

5) Subject to the constraint that they must appear at the top level of a
package body, using declarations are now treated syntactically just like other
forms of declarations and may appear in the expansion of k-slots and may be
freely interleaved with other declarations.

6) The declarative force of some constructs was not previously propagated into
k-slots and specification statements in the scope of those constructs. These
constructs are now propagated in the same way as ordinary declarations. This
applies to use clauses, renames clauses and using declarations.

7) Various bugs have been fixed.

================================================================================
2.7.3

General:

The installation directory has been reorganised so that ProofPower database are
kept in a new directory $PPHOME/db and other non-executable files that were
formerly in $PPHOME/bin are now in a new directory $PPHOME/etc.

It is no longer necessary to set up any environment variables (other than
the search path) for basic use of ProofPower - the executables can now
automatically locate the installation directory and pass its name
to any programs that need it (e.g., the environment variable TEXINPUTS
is automatically set up by texdvi when it runs LaTeX). See the
README file for more details.

The information in the README files for the individual packages that
is still relevant has been moved into a single README file and the original
per-package README files have been withdrawn. The README file has been
reorganised to give a quick summary of what you need and what you do to
carry out a simple installation followed by a more structured description
of how to customize the installation to your needs.

The installation is no longer dependent on the transfig software (the PostScript
files it generates are pre-built when the Open Source packages are made). The
original fig sources are still supplied for developers.

PPXpp:

1) Various minor bugs and user interface glitches have been fixed.

2) xpp will now automatically load the ProofPower fonts for you, there is no
need to call xset in an X initialisation script.

3) The resource Xpp.addNewLineMode in the example resource
file has been changed to default to automatically add new-lines.

4) The xpp command line is now more closely integrated with the command
being run. A command to run by default can now be specified so
that, for example, "xpp -d database" will start an xpp session running pp
on the indicated database.

5) The Search-and-Replace tool has been redesigned: it is now two separate
tools, one for search-and-replace and one for navigating by line number.

6) The organisation of the menus has been changed to be more like other
editors and word-processors, e.g., the Edit menu is now immediately to
the right of the File menu and the Search-and-Replace tool is now started
from the Edit menu.

PPTex:

1) The findfile program now has an option for finding out the real
name of a file or directory specified using a symbolic link. This
is used in the various shell scripts in the PPTex and PPHol packages
to locate the ProofPower installation directory if the user has
not specified it using the environment variable PPHOME.

2) texdvi has a "-b" option which makes it run BiBTeX after running
LaTeX.

PPHol:

1) The theory of finite sets is now equipped with some basic theorems including
a principle of induction and with an induction tactic.

2) The shell scripts all use findfile to locate the ProofPower installation
directory if it has not been specified using the environment variable PPHOME.

PPZed:

1) The name of the generic universal set has been changed from "U"
to a blackboard bold "U" (%bbU%). This means that the only alphanumeric
names defined in the Z library are the ones such as "seq" 
defined in the standard Z toolkit.

2) A bug in the treatment of free variables with decoration by the
type checker has been fixed.

3) The pretty-printer now brackets expressions of the form "x op y op z"
where "op" is a right associative infix operator properly.

4) The fixity definition for sequence concatenation is now in the theory
z_sequences where it belongs.

PPDaz:

1) A number of bugs have been fixed and several error messages improved.

2) The SPARK program is now referred to as the Ada program throughout the documentation.
print_spark_program1 and output_spark_program have effectively been renamed as
print_ada_program and output_ada_program and the old print_spark_program and
output_spark_program have been withdrawn.

3) The name at the end of a package declaration or a proper body is now optional.

4) The private part of a package is now allowed to be empty.

================================================================================
2.7.2:

PPTex:

1) The superscript and subscript shift characters (%up% and %down%) are
now defined to superscript a following alphanumeric identifier or
multi-digit decimal number rather than just the immediately following
character.

2) It is now possible to define a percent keyword to be typeset using
a TeX command that takes as its argument the text following the keyword
matching or delimited by a regular expression.

PPXpp:

1) There are now items "New Editor Session" and "New Command Session" in
the Tools menu which start up new xpp sessions.

2) If either the command to run or the file name is specified on the
xpp command line as an empty string, xpp starts up with a dialogue
for you to supply the missing information interactively. This is used by xpp
itself to implement the New Editor Session and New Command Session features
and is also useful if you want to set up window manager menu items or desktop
shortcuts to start xpp.

3) When the Command Tool is first popped up, or popped up after being dismissed
with the dismiss button, the keyboard input focus is now directed to the
command line field.

4) When the Search & Replace Tool pops up, the keyboard input focus is now
directed to the last operation button pressed (or the search forwards button
the first time it pops up).

5) If you run xpp as super-user, it now considers that any file that you open
is read-only unless it is owned by super-user and has owner write access.

6) The sash control that used to appear under the replacement text in the
Search & Replace tool was not useful, and had counter-intuitive behaviour
in some cases. It has been removed.

7) A bug with the treatment of "^" in regular expressions has been fixed.

8) The names of the widgets that make up Xpp have been rationalised.
All widget names now conform to the syntax allowed in resource files.
A list of all the widgets (widgets.txt) has been provided for reference.

9) The support for regular expression searching in the GNU and FreeBSD
C libraries has been found to be very slow on long files. A work-around
for this has been implemented.

10) Dialogue boxes such as the Search Tool now conform better to the
Motif style - they are initially positioned more neatly and can be dismissed
using the osfCancel key (typically mapped to the ESCAPE key).

11) If you set the resource Xpp*journal.editable to True, typing in the
journal window automatically pops up the Command Line Tool and your
typing is diverted into that tool.

12) Xpp will now warn you if you the file you are editing has been modified by
some other process since it was last opened or saved by xpp when you ask
to open a new file or to quit. (Previously this condition was only checked
when you asked to save the file).

13) The handling of UN*X signals and X Windows errors has been made more
uniform and more comprehensive.

14) If you insert text into the command line tool containing newlines, e.g.,
by copy-and-paste, the newlines are now converted into spaces.

PPHol:

1) A bug in the Standard ML function oe_enter has been fixed.

2) When compiled with PolyML, the printing order for Standard ML
variables defined in the same binding now defaults to the order
of occurrence. I.e., PolyML.Compiler.printInAlphabeticalOrder
is set false.

PPZed:

1) The treatment of schemas-as-predicates and theta-terms that bind global
variables has been corrected. Such constructs were previously not always
translated correctly (the relevant signature variables became free variables in
some circumstances) and were not pretty-printed as Z.

2) There were two theorems in the theory z_functions that used to
have a free variable. The missing universal quantifiers have been
supplied.

3) The subscript shift character now applies to an immediately
following identifier or decimal number not just the following
character.

PPDaz:

1) PPDaz now has an explicit concrete syntax, "nothing;", for the implicit
null statements that have long been used in its abstract syntax as a
place-holder for a statement that is not present in the actual Ada program
(e.g., in an if statement with no else part).

2) A dollar sign may be used to escape one of the Compliance Notation
reserved words and use it as an Ada identifier.

3) A context clause of a package specification now also applies to the
corresponding package body whether or not the context clause is repeated
for the package body (in accordance with ALRM section 10.1.1). This applies
both to with clauses and use clauses.

4) New functions strings_from_fmt1 and make_output_fun1 are provided in the
structure CNSparkOutput. Together with two new integer controls
cn_left_margin and cn_tab_width, these give extra flexibility to users
programming extensions to the tool which need to map Ada abstract syntax
into concrete syntax. The treatment of the control
cn_automatic_line_splitting has been fixed to match the documentation
(setting it to 0 is now allowed and suppresses line-splitting).

5) The error reports when a specification statement is not type-correct
have been improved. Type-checking now requires the variables in a global
dependency list (Xi-list) in a function specification statement to
be in scope.

6) The parser error reports to do with invalid tags in refinement steps
and replacements have been improved.

================================================================================
2.7.1:

GENERAL:

All packages can now be built and run on Apple PowerPC systems running Mac OS X
as well as on the x86-Linux and Sparc-Solaris platforms.

Thanks to a contribution by John Murdie, the documentation packages for PPXpp,
PPTex, PPHol and PPZed now include manual pages for the UN*X command line
interfaces.

PPDev:

1) The SLRP parser generator is now more powerful and easier to use. It now
implements the LALR(1) algorithm in addition to SLR(1) and so can cope with the
same range of grammars as popular parser generators for C such as bison and
yacc. An API supporting an easy way to evolve from just having a grammar to
having a full parser has been provided and there is a user guide.

PPXpp:

1) Editing text files in MS-DOS and Macintosh format is now supported. A file
type menu is now provided in the options Tool to let you select the format in
which files are saved.

2) Files containing control characters can now be opened by xpp - the
uneditable characters are converted into question marks. This is intended to
help you fix corrupted text files or inspect files containing a mixture of
binary data and text.

3) Case-insensitive and regular expression searching are now supported. These
are selected by toggle-buttons in the Options Tool. An options button has been
added to the Search and Replace Tool to make it convenient to pop-up the
Options Tool to see or change the settings.

4) The Command/Execute Selection menu item no longer requires the selection to
be in the script window.

5) Menu items and buttons that refer to the `selection' can now take the
selection from other X applications that comply with the usual X conventions
for text selections. E.g., other instances of xpp and most standard X
applications that have text fields.

6) Xpp now defends itself against control characters appearing in the output
from the application that is displayed in the journal window.

7) The Command Line Tool now maintains a history of the commands that have been
executed. You can scroll through the history using the Page Up and Page Down
keys.

PPHol:

1) A contribution from Roger Jones which makes GEN_INDUCTION_T and related
tacticals and tactics more general has been incorporated.

2) New theories set_thms and fun_rel_thms have been introduced. These contain
more theorems abouts sets and functional relations, including Zorn's lemma and
the Schroeder-Bernstein theorem.

3) The definition of antisymmetry in the theory orders has been changed so that
it no longer entails irreflexivity. This results in the removal of the theorem
down_sets_dense_thm1 and a change in the statements of the theorems
down_sets_dense_thm and induced_order_antisym_thm. The spelling of the names of
theorems about down-sets has been rationalised. PartialOrder and LinearOrder
have changed their names to StrictPartialOrder and StrictLinearOrder.

4) Some theorems in the theories orders and %bbR% have been changed
to fit in with the policy of not saving theorems with free variables.

PPZed:

1) The symbols for refinement and replacement in the Compliance Notation
(square subset-equals and the three-bar equivalence symbol) are now defined as
valid characters for use in Z specifications.

2) A conversion z_seqd_eq_conv contributed by Phil Clayton to support
reasoning about equations between sequence displays is now provided. It
transforms an equation between two sequence displays into a conjunction of
equations relating the elements of the displays (or into false if the two
sequence displays have different lengths).

================================================================================

2.6.3: [Patch level A: 21/1/2003]

PPTex: None

PPXpp:

1) If the end of the text in the journal window is visible and you resize the
window using the sash button in the separator bar above it, the end of the text
will now remain visible so that resizing in this way does not affect the way
the text is scrolled up when new output arrives from the application being run.

2) There is now a read-only option which is set automatically if you open a
file for which you do not have write access. You can also set this option
yourself if you want to be warned about accidental changes to the file
you are working on.

3) Xpp will now warn you if you try to save a file that has been modified by
some other process since it was last opened or saved by xpp.

4) The Reset button in the Options Tool has been replaced by two buttons
labelled Original and Current. Pressing Original sets the values in the
form to the values in force when the xpp session was started (which is
what the Reset button did in earlier versions). Pressing Current sets
the values to the ones currently in force. The settings in the Options
Tool now only take effect when you press the Apply button (in earlier
versions some of the settings took effect as soon as you changed them).

5) Xpp can now be compiled to support the editres protocol. (Editres is a tool
that lets you examine the widget hierarchy of an X Toolkit application, which
can be useful to help you set X resources). Editres support is not compiled in
by default, since under Linux, a bug in the XFree86 implementation of the Xmu
library needs to be patched for this to be safe. Without the patch, editres
will cause xpp to crash if editres support is compiled in. Editres support is
safe under Solaris.

6) The Status Label in the File Name Bar is now more informative. It now
indicates independently whether the file is new or modified and also indicates
whether the file is read only.

7) The Revert item in the File Menu is now desensitized if the file you
are working on is new (i.e., does not exist in the file system yet).

8) Various optimisations for speed and space have been made. In particular, the
methods used to redraw the journal window visible when it is resized or when
new text arrives have been optimised to reduce unnecessary calculations and
screen refreshes. This greatly improves performance when the application in
the journal window generates a lot of output and avoids screen flicker and
delays under some window manager operations (in particular, when resizing using
KDE or Gnome/Sawfish with the default settings for resize behaviour).

9) The Palette Tool now directs characters to the text window that currently
has the keyboard focus. So, for example, you can use it to enter symbols
into the Command Line Tool.

10) If you use the horizontal layout for an xpp -command session (e.g., by
setting Xpp*mainpanes.orientation to HORIZONTAL in the app-defaults file), you
will find that the panes have been reorganised slightly to give you a few extra
text lines in the journal window.

[Patch level A: a bug in the calculation of the line number displayed in
the file name bar has been fixed. The format of this part of the file name bar
has also been improved.]

PPHol:

1) There is now a facility for checkpointing the state of a theory and its
descendants. This has entailed a few other small modifications, most
notably a small change to the type USER_DATA.

[Patch level A: the checkpointing system no longer imposes the restriction
that all the theories to be checkpointed must be writable.]

PPZed:

PPDaz:

1) The warnings for non-SPARK syntax have been corrected. No warning
is now produced for named number declarations.

2) It is now possible to implement a formal function in a package body when
the corresponding function in the package specification refers to auxiliary
variables.

3) An additional database "xdaz" is available under Poly/ML. This includes
the Compliance Tool together with X/Motif support and the VC browser.
A version of the poly program including X/Motif support is supplied
as an extra on the CD-ROM in the file xpoly.

4) A schema reference in the global dependency list of a function is
now interpreted specially. A schema reference now corresponds to a
single component in the Z function's first argument, given by a
theta-term.

5) A number of features for managing errors have been added or enhanced.
When a Compliance Notation clause is processed, a checkpoint is taken
of the theory "cn" and its descendants, and if an error occurs, the state
of the theory hierarchy under "cn" is restored. This means that it is now
always possible to correct and re-enter a clause after a previous
failed attempt. A flag cn_stop_on_exceptions can be used to enable
a simple error recovery scheme so that all the declarations and
statements in a clause can be checked even if earlier declarations or
statements contained errors. A log of errors is now maintained for
each script and functions are provided to inspect and manage these logs.


================================================================================

2.6.2:

PPTex: None

PPXpp:

A problem with the undo/redo feature which was causing unpredictable
behaviour has been fixed.

A bug which caused xpp to go into a loop printing an Xt warning message
under some circumstances has been fixed.

The Palette Tool now throws the keyboard focus back to the script window
after you click on a symbol button. This means that you can interleave
typing and selecting symbols from the palette without needing to
reselect the insertion position in the script window.

PPHol: None

PPZed: None

PPDaz:

A new function delete_script allows you to remove a script from
a compliance argument, e.g., to modify and reload it, without having
to reload scripts that are not dependent on it.

A new flag cn_spark_syntax_warnings is provided which you can
use to enable a check on whether your Ada code conforms to
the context-free grammar given in "High Integrity Ada: the SPARK
Approach".

You can now use block statements freely in code that is not
being processed formally. The rule that a block statement
must appear on its own on the right-hand side of a refinement
or replacement step still applies if you want the block
statement or the declarations in it to be processed formally.

A bug in the handling of subtypes of record types with
discriminant constraints has been fixed.

================================================================================

2.6.1:

This is the first open source release. There are cosmetic changes
to the source of all the packages. A number of bugs and infelicities
in PPXpp have been fixed. The other packages have no functional changes.

================================================================================
2.5.11:

PPTex: None

PPXpp:

1) Xpp now includes the name of the file you are working on in in the window
title bar as well as in the icon title. This is intended to be nicer with twm,
fvwm, KDE, and many other window managers which use the title bar title rather
than the icon title to identify an application.

2) If the application in the xpp journal window dies, the last bit of output
from the application used to get discarded. This omission has been fixed.

3) There is now no limit other than operating system memory limits
on the amount of text that can be executed by the Command/Execute
Selection (Ctrl-X) menu option. (In earlier versions there was a fixed
limit of 40,000 characters).

4) The current line number is displayed in the file name bar next to
the ProofPower logo. This feature may degrade response times when working
with very large files or on slow processors with limited physical
memory. The degradation is imperceptible on, say, files up to 10Mb
on a 450MHz processor with 256Mb of RAM. If you do experience problems,
you can turn off line number tracking by right-clicking on the line
number label.

PPHol:

1) new_flag, new_int_control and new_string_control now gives a warning rather
than a failure in the case where the flag or control already exists. If the
flag ignore_warnings is true, or if you answer `y' interactively when asked
whether to continue, the old flag or control is renamed (by decorating the old
name with 1 or more prime characters) and the new flag or control is added with
the specified name.

PPZed: As for PPHol

PPDaz: As for PPZed plus:

1) Default parameters to functions and procedures are now supported
provided the default expression contains no program variables.

2) Block statements are now supported. Block statements must
occur on their own on the right-hand side of a refinement or
replacement step.

3) The frames of logical constant statements were not being
checked in some circumstances. This bug has been fixed.

4) Record aggregates in qualified expression where the qualifying
type mark is a simple name introduced by a use clause were
not being handled properly (usually resulting in Z type-checking
errors). This bug has been fixed.

5) Incorrect VCs were being generated in some circumstances
where a procedure call was proceeded by other code. This bug
has been fixed.

6) Assertions are supported. An assertion is a kind of specification
statement with no post-condition and no frame introduced by
a capital gamma rather than a capital delta. An assertion is
allowed wherever a statement is allowed.

7) The Poly/ML binaries have been compiled under Poly/ML version
4.3. The new Poly/ML flag PolyML.Compiler.printTypesWithStructureName
is set false by default in the ProofPower ML databases.

8) Renaming of operator symbols where the original name has
no package name prefix is now supported.

================================================================================

2.5.10:

PPTex: None

PPXpp: None

PPHol: None

PPZed:

1) Several new theorems and a new induction tactic have been added
relating to Z sequences (in the theory z_sequences1).

PPDaz:

1) Ada constant declarations are now translated into Z axiomatic
descriptions rather than abbreviation definitions. This makes
the Ada type information in a constant declaration available
for reasoning about the constant.

2) In some circumstances, the checks on accesses to global variables
from procedures in package bodies were previously being circumvented.
This bug has been fixed.

3) Several deficiencies in the treatment of renaming declarations have
been fixed.

4) The treatment of use clauses has been changed to give more generality and a
better fit to the Ada scoping rules. Use clauses no longer give rise to Z
abbreviation definitions.

================================================================================

2.5.9:

PPTex: None

PPXpp: None

PPHol:

1) The efficient dictionary data type (E_DICT) now supports access
functions e_key_lookup, e_key_extend etc. that are more efficient
if the same string is to be used as an index into several dictionaries.

2) A new type of order-preserving dictionaries (OE_DICT) has been
provided. This combines the functionality of the E_DICT and
S_DICT data types.

3) The ML representation of theories has been enhanced
to make a number of operations more efficient. Associated with
this change are three new theory access functions get_defn_dict,
get_thm_dict and get_axiom_dict.

4) A "stopwatch" timer facility has been implemented to make it easier
to time sequences of ML commands that are not packaged up as a function
(see read_stopwatch in the Reference Manual).

5) The sort function (Sort.sort) and the string ordering function
(Sort.string_order) now use more efficient algorithms.

PPZed:

1) There have been code changes to allow for the changed representation
of theories but no functional changes.

PPDaz:

1) A bug has been fixed in the checks on certain constructs that must appear
first in their sequence of statements (see USR504, Compliance Tool Language
Description, section 3.3).

2) The treatment of use clauses has been liberalised.

3) Several bugs in the treatment of renaming clauses have been fixed.

================================================================================

2.5.8:

PPTex: None

PPXpp:

1) It is now possible to undo and redo multiple changes to the file being
edited.

2) An error in the font `holsans10' has been corrected (the Z injection arrow
had the wrong shape) and the appearance of some of the characters has been
improved.

PPHol, PPZed:

1) The Reader/Writer (the preprocessor that converts ProofPower-ML into
Standard ML) has been changed to avoid passing long string literals to the
Standard ML compiler. This results in a significant improvement in performance
when processing very long object language quotations.

PPDaz:

1) The performance of the lexical analyser has been improved. In conjunction
with the PPHol and PPZed performance improvements this means that it is now
feasible to input large fragments of Ada code without breaking them up into a
large number of separate web clauses.

2) The syntax-check-only mode has been extended to support storage and output
of the Ada program and to support all the Compliance Notation features for
literate programming. Pre- and post-conditions and other fragments of Z in a
script are parsed in this mode but not type-checked.

3) The restriction that aggregates must be given as qualified expressions no
longer applies to aggregates used as the initial values of variables and
constants.

================================================================================

2.5.7:

PPTex: None

PPXpp:

1) The yes/no/cancel dialogue that is popped up when a selection to be executed
does not end in a new-line now works properly.

2) A new font `holsans10' is available. This is a 10-pt sans-serif font that is
suitable for medium resolution screens (e.g., 1024x768 pixels on a 14' or 15'
laptop screen).

PPHol:

1) A bug in the printing of `Q's in file names has been fixed.

PPZed:

None.

PPDaz:

1) Use package clauses and all the forms of renaming declarations other than
exceptions are now supported formally provided they do not introduce duplicate
names into the name space.

2) Ada '95 use type clauses are now supported.

3) Discriminant parts and discriminant constraints are now supported formally.

4) The full Ada syntax for exit, exit-when and return statements is now
supported formally, including return statements in procedures. The
restrictions that required return statements in particular places in functions
have been dropped.

5) A subprogram declaration for a subprogram whose body will be provided later
in the same declarative part is now supported formally. This includes
full formal support for recursive and mutually recursive procedures and
functions.

6) A package name may now appear more than once in the with clauses at the head
of a compilation unit.

================================================================================

2.5.6:

PPTex: None

PPXpp: None

PPHol:

1) pp_make_database now accepts the parent database name with or
without the compiler/architecture-dependent suffix.

PPZed: None

PPDaz:

1) Capital `Q's are now pretty-printed properly by the Ada output
functions.

2) Capital `Q's in Ada strings are now translated properly.

================================================================================

2.5.5:

PPTex: None

PPXpp:

1) When started with the name of a non-existent file, xpp now gives you an
option to start editing an empty buffer with the file name set to the name of
the non-existent file.

2) A bug in the command-line processing has been fixed: you may now omit the
-file and -command option keywords. "xpp <file> <cmd> <args>" is equivalent to
"xpp -file <file> -comand <cmd> <args>".

3) xpp now sets the environment variable PPLINELENGTH to the width of the
journal window when the command is started or restarted. This effect can be
overridden by setting the environment variable explicitly before invoking xpp.

PPHol:

1) The function ExtendedIO.execute has been withdrawn and replaced by
ExtendedIO.system. The interface offered by ExtendedIO.execute did not allow
the spawned process to be reaped properly on termination. Equivalent
functionality to ExtendedIO.execute is available in the Standard ML Basis
library, if required.

2) The initial value of the line_length integer control is taken from the
environment variable PPLINELENGTH if that is set and contains a decimal integer
greater than 19. This control determines the length of lines produced by
various listing facilities such as print_theory.

3) A number of bugs have been fixed relating to ProofPower-HOL aliases.
undeclare_alias may now be used effectively to hide a constant name.

4) The scripts pp and pp_make_database have had a number of bug fixes and
enhancements. Thanks to Phil Clayton of QinetiQ for many of these. See the
reference manual pages for these scripts for more details.

5) A number of bugs in the system initialisation functions have been fixed. In
particular, the state of the system controls module (which manages flags,
integer controls and string controls) is properly preserved now.

6) The obsolete script pp_read has been withdrawn and is no longer supplied.

PPZed:

1) The implementation of the Z library no longer undeclares the aliases for the
HOL integer arithmetic operations.

2) Consecutive underscores are now allowed inside Z identifiers.

PPDaz:

1) The symbol for expansion of a statement label (i.e., for an informal
refinement step) has been changed to a refinement sign preceded by an
exclamation mark. This prevents the conceptual overloading of the symbol used
for expanding declaration k-slots, and means that all informal development
steps contain an exclamation mark.

2) SPARK program output function bug fixes: if a formal parameter mode is
omitted in the original Ada code, then it is now printed without an explicit
mode when the program is printed. All forms of loop statement are now pretty
printed correctly as are percent signs in string literals.

3) VC generator fixes: type conversions using the pre-defined real types are
now translated into Z correctly. A bug which prevented the same name being used
for formal parameters of different types in different subprograms under some
circumstances has been fixed.

4) A number of bugs which caused problems to do with the database hierarchy
under Poly/ML have been fixed.

5) A package name may now be given several times in a context clause.

6) The global variable INFORMAL_FUNCTION in the theory cn has been renamed to
Informal_Function to avoid the possibility of a clash with an Ada name.

7) The soundness checks made when the program is printed now allow a function
to end in a case statement without an others part. When the checks fail, the
program is now printed (or output) in its entirety.

8) The array sliding conversion introduced in version 2.5.4 is now also
being applied when array and record aggregates are used to construct
arrays of arrays.

================================================================================
