(*<*) theory "paper" imports "Isabelle_DOF.scholarly_paper" begin open_monitor*[this::article] declare[[ strict_monitor_checking = false]] declare[[ Definition_default_class = "definition"]] declare[[ Lemma_default_class = "lemma"]] declare[[ Theorem_default_class = "theorem"]] define_shortcut* hol \ \HOL\ isabelle \ \Isabelle/HOL\ dof \ \Isabelle/DOF\ LaTeX \ \LaTeX\ html \ \HTML\ csp \ \CSP\ \\obsolete\ holcsp \ \HOL-CSP\ \\obsolete\ ML\ fun boxed_text_antiquotation name (* redefined in these more abstract terms *) = DOF_lib.gen_text_antiquotation name DOF_lib.report_text (fn ctxt => DOF_lib.string_2_text_antiquotation ctxt #> DOF_lib.enclose_env false ctxt "isarbox") val neant = K(Latex.text("",\<^here>)) fun boxed_theory_text_antiquotation name (* redefined in these more abstract terms *) = DOF_lib.gen_text_antiquotation name DOF_lib.report_theory_text (fn ctxt => DOF_lib.string_2_theory_text_antiquotation ctxt #> DOF_lib.enclose_env false ctxt "isarbox" (* #> neant *)) (*debugging *) fun boxed_sml_text_antiquotation name = DOF_lib.gen_text_antiquotation name (K(K())) (fn ctxt => Input.source_content #> Latex.text #> DOF_lib.enclose_env true ctxt "sml") (* the simplest conversion possible *) fun boxed_pdf_antiquotation name = DOF_lib.gen_text_antiquotation name (K(K())) (fn ctxt => Input.source_content #> Latex.text #> DOF_lib.enclose_env true ctxt "out") (* the simplest conversion possible *) fun boxed_latex_antiquotation name = DOF_lib.gen_text_antiquotation name (K(K())) (fn ctxt => Input.source_content #> Latex.text #> DOF_lib.enclose_env true ctxt "ltx") (* the simplest conversion possible *) fun boxed_bash_antiquotation name = DOF_lib.gen_text_antiquotation name (K(K())) (fn ctxt => Input.source_content #> Latex.text #> DOF_lib.enclose_env true ctxt "bash") (* the simplest conversion possible *) \ setup\(* std_text_antiquotation \<^binding>\my_text\ #> *) boxed_text_antiquotation \<^binding>\boxed_text\ #> (* std_text_antiquotation \<^binding>\my_cartouche\ #> *) boxed_text_antiquotation \<^binding>\boxed_cartouche\ #> (* std_theory_text_antiquotation \<^binding>\my_theory_text\#> *) boxed_theory_text_antiquotation \<^binding>\boxed_theory_text\ #> boxed_sml_text_antiquotation \<^binding>\boxed_sml\ #> boxed_pdf_antiquotation \<^binding>\boxed_pdf\ #> boxed_latex_antiquotation \<^binding>\boxed_latex\#> boxed_bash_antiquotation \<^binding>\boxed_bash\ \ (*>*) title*[tit::title]\A Framework for Proving Ontology-Relations and Runtime Testing Ontology Instances\ author*[idir,email="\idir.aitsadoune@lri.fr\",affiliation="\LMF, CentraleSupelec\"]\Idir Ait-Sadoune\ author*[nic,email="\nicolas.meric@lri.fr\",affiliation="\LRI, Université Paris-Saclay\"]\Nicolas Méric\ author*[bu,email="\wolff@lri.fr\",affiliation = "\LRI, Université Paris-Saclay\"]\Burkhart Wolff\ abstract*[abs, keywordlist="[\Ontologies\,\Formal Documents\,\Formal Development\,\\<^isabelle>\,\Ontology Mapping\]"] \ \<^dof> is a novel ontology framework on top of Isabelle @{cite "brucker.ea:isabelledof:2019" and "brucker.ea:isabelle-ontologies:2018"}. \<^dof> allows for the formal development of ontologies as well as continuous checking that a formal document under development conforms to an underlying ontology. Such a document may contain text and code elements as well as formal Isabelle definitions and proofs. Thus, \<^dof> is designed to annotate and interact with typed meta-data within formal developments in Isabelle. % While prior versions of \<^dof> provided already a mechanism to check ontological \<^emph>\rules\ % (in OWL terminology) or \<^emph>\class invariants\ (in UML/OCL terminology) via hand-written SML test-code, % we provide in this paper a novel mechanism to specify \<^emph>\invariants\ in \<^hol> via a reflection % mechanism. In this paper we extend \<^dof> with \<^emph>\invariants\ via a reflection mechanism, which serve as equivalent to the concept of ontological \<^emph>\rules\ (in OWL terminology) or \<^emph>\class invariants\ (in UML/OCL terminology). This allows for both efficient run-time checking of abstract properties of formal content \<^bold>\as well as\ formal proofs that establish mappings between different ontologies in general and specific ontology instances in concrete cases. With this feature widely called \<^emph>\ontology mapping\ in the literature, our framework paves the way for a deeper integration of ontological information in, for example, the articles of the Archive of Formal Proofs. \ section*[introheader::introduction,main_author="Some(@{author ''bu''})"] \ Introduction \ text*[introtext::introduction]\ The linking of \<^emph>\formal\ and \<^emph>\informal\ information is perhaps the most pervasive challenge in the digitization of knowledge and its propagation. Unsurprisingly, this problem reappears in the libraries with formalized mathematics and engineering such as the Isabelle Archive of Formal Proofs @{cite "AFP-ref22"}, which passed the impressive numbers of 650 articles, written by 420 authors at the beginning of 2022. Still, while the problem of logical consistency even under system-changes and pervasive theory evolution is technically solved via continuous proof-checking, the problem of knowledge retrieval and of linking semi-formal explanations to definitions and proofs remains largely open. The \<^emph>\knowledge\ problem of the increasingly massive \<^emph>\digital information\ available incites numerous research efforts summarized under the labels ``semantic web'', ``integrated document management'', or any form of advanced ``semantic'' text processing. These technologies are increasingly important in jurisprudence, medical research and life-sciences in order to tame their respective publication tsunamies. The central role in these technologies is played by \<^emph>\document ontologies\, \<^ie>, a machine-readable form of meta-data attached to document-elements as well as their document discourse. In order to make these techniques applicable to the area of \<^emph>\formal theory development\, the following is needed: \<^vs>\0.2cm\ \<^item> a general mechanism to define and develop \<^emph>\domain-specific\ ontologies, \<^item> ... that should be adapted to entities occurring in formal theories, \<^ie>, provide built-in support for types, terms, theorems, proofs, etc., \<^item> ways to annotate meta-data generated by ontologies to the document elements, as ``deep'' as possible, together with strong validation checks, \<^item> a smooth integration into the theory document development process, and \<^item> ways to relate ontologies and ontology-conform documents along different ontologies by \<^emph>\ontological mappings\ and \<^emph>\data translations\ @{footnote \We follow throughout this text the terminology established in @{cite "books/daglib/0032976"}, pp. 39 ff.\}. \ text\ \<^vs>\-0.2cm\ Recently, \<^dof> @{cite "brucker.ea:isabelledof:2019" and "brucker.ea:isabelle-ontologies:2018"} \<^footnote>\The official releases are available at \<^url>\https://zenodo.org/record/3370483#.YfWg6S-B1qt\, the developer version at \<^url>\https://github.com/logicalhacking/Isabelle_DOF\.\ has been designed as an Isabelle component that attempts to answer these needs. \<^dof> generates from ontology definitions directly integrated into Isabelle theories typed meta-data, that may be annotated to a number of document elements and that were validated ``on-the-fly'' during the general continuous type and proof-checking process in an IDE (Isabelle/PIDE). Thus, we extend the document-centric view on code, definitions, proofs, text-elements, etc., prevailing in the Isabelle system framework. In more detail, \<^dof> introduces a number of ``ontology aware'' text-elements with analogous syntax to standard ones. The difference is a bracket with meta-data of the form: \<^vs>\-0.3cm\ @{theory_text [display,indent=10, margin=70] \ text*[label::classid, attr\<^sub>1=E\<^sub>1, ... attr\<^sub>n=E\<^sub>n]\ some semi-formal text \ ML*[label::classid, attr\<^sub>1=E\<^sub>1, ... attr\<^sub>n=E\<^sub>n]\ some SML code \ ... \} \<^vs>\-0.3cm\ In these \<^dof> elements, a meta-data object is created and associated to it. This meta-data can be referenced via its label and used in further computations in text or code. %; the details will be explained in the subsequent section. Admittedly, Isabelle is not the first system that comes into one's mind when writing a scientific paper, a book, or a larger technical documentation. However, it has a typesetting system inside which is in the tradition of document generation systems such as mkd, Document! X, Doxygen, Javadoc, etc., and which embed formal content such as formula pretty-prints into semi-formal text or code. The analogous mechanism the Isabelle system provides is a machine-checked macro called \<^emph>\antiquotation\ that depends on the logical context of the document element. With standard Isabelle antiquotations, for example, the following text element of the integrated source will appear in Isabelle/PIDE as follows: \<^vs>\-0.3cm\ @{theory_text [display,indent=10, margin=70] \ text\ According to the reflexivity axiom @{thm refl}, we obtain in \ for @{term "fac 5"} the result @{value "fac 5"}.\ \} \<^vs>\-0.5cm\ In the corresponding generated \<^LaTeX> or HTML output, this looks like this: \<^vs>\-0.1cm\ @{theory_text [display,indent=10, margin=70] \According to the reflexivity axiom \x = x\, we obtain in \ for \fac 5\ the result \120\.\ } \<^vs>\-0.1cm\where the meta-texts \@{thm refl}\ (``give the presentation of theorem `refl'\,\!''), \@{term "fac 5"}\ (``parse and type-check `fac 5' in the previous logical context'') and \@{value "fac 5"}\ (``compile and execute `fac 5' according to its definitions'') are built-in antiquotations in \<^hol>. One distinguishing feature of \<^dof> is that specific antiquotations \<^emph>\were generated from an ontology\ rather than being hard-coded into the Isabelle system infrastructure. \ (* text \ %too long ! This leads to an evolution strategy we call "integrate the document, strengthen the links" (IDSL): integrate all sources into the Isabelle document model, and replace \<^emph>\text\ by appropriate \<^emph>\meta-text\ wherever you can. Developers are rewarded for applying IDSL by specific IDE-support, by additional semantic checks and thus by a more robust document consistency which is easier to maintain under collaborative changes. %For example, if someone changes the theorem name, an error would result when processing %the text. On the other hand, \@{value "fac 5"}\ would not guard against a change of definition %of \fac\. If this is desirable, an antiquotation like \@{assert "fac 5 = 120"}\ would be more appropriate. %too long ! Antiquotations do not only occur in text-elements in Isabelle; they are also heavily used in the code-elements of Isabelle's SML implementation, or were specifically supported in C-program contexts in Isabelle/C @{cite "Tuong-IsabelleC:2019"}. However, programming antiquotations on the intern Isabelle API's is nothing for the faint-hearted. Recently, \<^dof> @{cite "brucker.ea:isabelledof:2019" and "brucker.ea:isabelle-ontologies:2018"} has been designed as an Isabelle component that \<^emph>\generates\ antiquotation languages from a more abstract description, namely an \<^emph>\ontology\ that provides typed meta-data and typed reference mechanisms inside text- and ML-contexts. *) text\As novel contribution, this work extends prior versions of \<^dof> by \<^enum> support of antiquotions in a new class of contexts, namely \<^emph>\term contexts\ (rather than SML code or semi-formal text). Thus, annotations generated from \<^dof> may also occur in \\\-terms used to denote meta-data. \<^enum> formal, machine-checked invariants on meta-data, which correspond to the concept of ``rules'' in OWL or ``constraints'' in UML, and which can be specified in common \<^hol> \\\-term syntax. \ text\ For example, the \<^dof> evaluation command taking a \<^hol>-expression: @{theory_text [display,indent=6, margin=70] \ value*[ass::Assertion, relvce=2::int] \filter (\ \. relvce \ > 2) @{Assertion-instances}\\ } where \<^dof> command \value*\ type-checks, expands in an own validation phase the \Assertion-instances\-term antiquotation, and evaluates the resulting \<^hol> expression above. Assuming an ontology providing the class \Assertion\ having at least the integer attribute \relvce\, the command finally creates an instance of \Assertion\ and binds this to the label \ass\ for further use. Beyond the gain of expressivity in \<^dof> ontologies, term-antiquotations pave the way for advanced queries of elements inside an integrated source, and invariants allow for formal proofs over the relations/translations of ontologies and ontology-instances. The latter question raised scientific interest under the label ``ontology mapping'' for which we therefore present a formal solution. To sum up, we completed \<^dof> to a fairly rich, ITP-oriented ontology language, which is a concrete proposal for the ITP community allowing a deeper structuring of mathematical libraries such as the Archive of Formal Proofs (AFP). \ (*<*) declare_reference*[casestudy::text_section] (*>*) section*[bgrnd::background,main_author="Some(@{docitem ''bu''}::author)"] \ Background\ (* subsection\Isabelle/DOF Design and Implementation\ text\ In this section, we provide a guided tour through the underlying technologies of this paper: \begin{inparaenum} \item Isabelle and Isabelle/HOL, \item \<^dof> and its Ontology Definition Language (ODL). \end{inparaenum} \ subsection*[bgrnd_isabelle::text_section]\Isabelle and HOL\ text\ While still widely perceived as an interactive theorem proving environment, Isabelle @{cite "nipkow.ea:isabelle:2002"} has become a generic system framework providing an infrastructure for plug-ins. This comprises extensible state components, extensible syntax, code-generation, and advanced documentation support. The plugin Isabelle/HOL offers a modeling language similar to functional programming languages extended by a logic and automated proof and animation techniques. \ *) subsection*[bgrnd_isadof::background]\The \<^dof> Framework\ text\ \<^dof>~@{cite "brucker.ea:isabelle-ontologies:2018" and "brucker.ea:isabelledof:2019"} is a document ontology framework that extends \<^isabelle>. \<^dof> offers basically two things: a language called Ontology Definition Language (ODL) to \<^emph>\specify\ a formal ontology, and ways to \<^emph>\annotate\ an integrated document written in \<^isabelle> with the specified meta-data. Additionally, \<^dof> generates from an ontology a family of \<^emph>\antiquotations\ allowing to establish machine-checked links between classified entities. % Unlike UML, however, \<^dof> allows for integrated documents with informal and formal elements % including the necessary management of logical contexts. The perhaps most attractive aspect of \<^dof> is its deep integration into the IDE of Isabelle (Isabelle/PIDE), which allows a hypertext-like navigation as well as fast user-feedback during development and evolution of the integrated source. This includes rich editing support, including on-the-fly semantics checks, hinting, or auto-completion. \<^dof> supports \<^LaTeX> - based document generation as well as ontology-aware ``views'' on the integrated document, \<^ie>, specific versions of generated PDF addressing, for example, different stake-holders. \ (*<*) figure*[isadof_screenshot::figure, relative_width="100", src="''figures/cicm2018-combined''"]\ The \<^dof> IDE (left) and the corresponding PDF(right). \ text*[description_scrrenshot::background]\ @{docitem \isadof_screenshot\} shows \<^dof> in action: the left-hand side shows the IDE of \<^dof> in the context of a user session maintaining our case study (see @{docitem (unchecked) "casestudy"}) where a user is editing a semi-formal requirement. The right-hand side show the generated PDF document that can be used within a certification process. \ (*>*) subsection*[bgrnd_ODL::background]\A Guided Tour through ODL\ text\ \<^dof> provides a strongly typed OLD that provides the usual concepts of ontologies such as \<^item> \<^emph>\document class\ (using the \<^theory_text>\doc_class\ keyword) that describes a concept, \<^item> \<^emph>\attributes\ specific to document classes (attributes might be initialized with default values), and \<^item> a special link, the reference to a super-class, establishes an \<^emph>\is-a\ relation between classes. % classes may refer to other classes via a regular expression in an optional \<^emph>\where\ clause % (a class with a where clause is called \<^emph>\monitor\). \fixIsarList The types of attributes are \<^hol>-types. Thus, ODL can refer to any predefined type from the \<^hol> library, \<^eg>, \<^type>\string\, \<^type>\int\ as well as parameterized types, \<^eg>, \<^type>\option\, \<^type>\list\. As a consequence of the Isabelle document model, ODL definitions may be arbitrarily mixed with standard \<^hol> type definitions. Document class definitions are \<^hol>-types, allowing for formal \<^emph>\links\ to and between ontological concepts. For example, the basic concept of requirements from CENELEC 50128~@{cite "bsi:50128:2014"} is captured in ODL as follows: @{theory_text [display,indent=10, margin=70] \ doc_class requirement = text_element + (* derived from text_element *) long_name ::"string option" (* an optional string attribute *) is_concerned::"role set" (* roles working with this req. *) \} This ODL class definition maybe part of one or more Isabelle theory--files capturing the entire ontology definition. Isabelle's session management allows for pre-compiling them before being imported in the actual target documentation required to be compliant to this ontology. %\vspace{-0.7cm}\ side_by_side_figure*["text-elements"::side_by_side_figure,anchor="''fig-Req-Def-ex''", caption="''A Text-Element as Requirement.''",relative_width="48", src="''figures/Req-Def-ex''",anchor2="''fig-Req-Appl-ex''", caption2="''Referencing a Requirement.''",relative_width2="48", src2="''figures/Req-Appl-ex''"]\Referencing a Requirement. \ text\\autoref{text-elements} shows an ontological annotation of a requirement and the referencing via an antiquotation \<^theory_text>\requirement \req1\\ generated by \<^dof> from the above class definition. Undefined or ill-typed references were rejected, the high-lighting displays the hyperlinking which is activated on a click. Revising the actual definition of \requirement\, it suffices to click on its keyword: the IDE will display the class-definition and its surrounding documentation in the ontology.\ (* text\\<^dof>'s generated antiquotations are part of a general mechanism of Isabelle's standard antiquotations heavily used in various papers and technical reports. For example, in the following informal text, the antiquotation \<^verbatim>\thm refl\ refers to the reflexivity axiom from HOL: @{theory_text [display,indent=10, margin=70] \ textAccording to the reflexivity axiom <@>{thm refl}, we obtain in \ for <@>{term fac 5} the result <@>{value fac 5}.\} In the PDF output, this is represented as follows: \begin{out} According to the reflexivity axiom $x = x$, we obtain in \\\ for $\operatorname{fac} 5$ the result $120$. \end{out} The antiquotation \inlineisar|<@>{value fac 5}| refers to a function that is defined in the preceding logical context (and parsed as inner syntax) to compute the value of $5!$, \ie, $120$. Summing up, antiquotations can refer to formal content, can be type-checked before being displayed and can be used for calculations before actually being typeset. All these features can be used for the calculation of attribute values (as in @{docitem \text-elements\}, observe the value \UNIV\ used to set the attribute \is_concerned\ is a HOL-constant denoting the universal set). Finally, for each ontological concept, a custom representation, using \<^LaTeX>-notation, for the generated PDF document can be defined. The latter includes, \<^eg>, the possibility to automatically generated glossaries or lists of concepts. \ *) (*<*) type_synonym A = int type_synonym B = int record T = x :: A y :: B term "\x = a,y = b\" (*>*) subsection\Meta-Objects as Extensible Records\ (* too fat ? what do we need of this ? *) text\ \<^isabelle> supports both fixed and schematic records at the level of terms and types. The notation for terms and types is as follows: \<^item> fixed record terms \<^term>\\x = a,y = b\\; fixed record types \\x::A, y::B\\, \<^item> schematic record terms \<^term>\\x = a,y = b, \ = m::'a\\; schematic record types: \\x::A, y::B, \ = 'a\\ which were usually abbreviated to \<^typ>\'a T_scheme\, \<^item> selectors are written \<^term>\x(R::'a T_scheme)\, \<^term>\y(R::'a T_scheme)\, and \<^item> updates were denoted \<^theory_text>\r\x := a\\y := b\\ or just \<^term>\r\x:=a, y:=b\\. \ text\ ... where the so-called more-field \\\ is used to 'fill-in' record-extensions. Schematic record types @{cite "naraschewski1998object"} allow for simulating object-oriented features such as (single-)inheritance while maintaining a compositional style of verification: it is possible to prove a property \<^term>\P (a::'a T_scheme)\ which will remain true for all extensions (which are just instances of the \<^typ>\'a T_scheme\-type). \ text\In \<^dof>, \<^verbatim>\onto_class\es and the logically equivalent \<^verbatim>\doc_class\es were represented by schematic record types and instances thereof by schematic terms. Invariants of an \<^verbatim>\onto_class\ are thus predicates over schematic record types and can therefore be inherited in a subclass. \<^dof> handles the parametric polymorphism implicitly. \ subsection\Advanced Evaluation in Isabelle\ text\Besides the powerful, but relatively slow rewriting-based proof method \<^theory_text>\simp\, there are basically two other techniques for the evaluation of terms: \<^item> evaluation via reflection into SML (\<^theory_text>\eval\), and \<^item> normalization by evaluation @{cite "AehligHN12"} (\<^theory_text>\nbe\).\ text\ The former is based on a nearly one-to-one compilation of datatype specification constructs and recursive function definitions into SML datatypes and functions. The generated code is directly compiled by the underlying SML compiler of the Isabelle platform. This way, pattern-matching becomes natively compiled rather than interpreted as in the matching process of \<^theory_text>\simp\. @{cite "AehligHN12"} describes scenarios where \<^theory_text>\eval\ is five orders of magnitude faster than \<^theory_text>\simp\. However, it is restricted to ground terms. The latter is based on a compilation of datatype specifications into a uniform data-universe enriched by closures and explicit variables. Recursive function definitions in \<^hol> were compiled to SML functions where the argument terms were represented in the data-universe. Pattern-matching is still compiled to native functions executed if closures are completed. \<^theory_text>\nbe\ is not restricted to ground terms, but lies in its efficiency between \<^theory_text>\simp\ and \<^theory_text>\eval\. \<^dof> uses a combination of these three techniques in order to check invariants for ontological classes on the fly during editing, paving the way for both a uniform specification language of ontological data --- namely \<^hol> --- as well as the possibility to \<^emph>\prove\ properties over and relations between classes.\ section*[invariants::technical,main_author="Some(@{docitem ''nic''}::author)"] \Term-Context Support, Invariants and Queries in DOF\ (*<*) (* Ontology example for mathematical papers *) doc_class myauthor = email :: "string" <= "''''" doc_class mytext_section = authored_by :: "myauthor set" <= "{}" level :: "int option" <= "None" doc_class myintroduction = mytext_section + authored_by :: "myauthor set" <= "UNIV" uses :: "string set" invariant author_finite :: "finite (authored_by \)" and force_level :: "the (level \) > 1" doc_class myclaim = myintroduction + based_on :: "string list" doc_class mytechnical = text_section + formal_results :: "thm list" datatype kind = expert_opinion | argument | "proof" doc_class myresult = mytechnical + evidence :: kind property :: "thm list" <= "[]" invariant has_property :: "evidence \ = proof \ property \ \ []" doc_class myconclusion = text_section + establish :: "(myclaim \ myresult) set" invariant establish_defined :: "\ x. x \ Domain (establish \) \ (\ y \ Range (establish \). (x, y) \ establish \)" declare[[invariants_checking = true]] declare[[invariants_checking_with_tactics = true]] text*[church::myauthor, email="\church@lambda.org\"]\\ text*[resultProof::myresult, evidence = "proof", property="[@{thm \HOL.refl\}]"]\\ text*[resultProof2::myresult, evidence = "proof", property="[@{thm \HOL.sym\}]"]\\ (*text*[introduction1::myintroduction, authored_by = "{@{myauthor \church\}}", level = "Some 0"]\\*) (*text*[claimNotion::myclaim, authored_by = "{@{myauthor \church\}}", based_on= "[\Notion1\, \Notion2\]", level = "Some 0"]\\*) text*[introduction2::myintroduction, authored_by = "{@{myauthor \church\}}", level = "Some 2"]\\ declare[[invariants_checking = false]] declare[[invariants_checking_with_tactics = false]] (*>*) text\ To offer a smooth integration into the \<^emph>\formal\ theory development process, \<^isabelle> should be able to dynamically interpret the source document. But the specific antiquotations introduced by \<^dof> are not directly recognized by \<^isabelle>, and the process of term checking and evaluation must be enriched. Previous works~@{cite "brucker.ea:isabelle-ontologies:2018" and "brucker.ea:isabelledof:2019"} added a validation step for the SML and semi-formal text contexts. To support \<^dof> antiquotations in the term contexts, the validation step should be improved and a new step, which we call \<^emph>\elaboration\ must be added to allow these antiquotations in \\\-terms. The resulting process encompasses the following steps: \<^item> Parse the term which represents the object in \<^hol>, \<^item> Infer the type of the term, \<^item> Certify the term, \<^item> Validate the term: the \<^dof> antiquotations terms are parsed and type-checked, \<^item> Elaborate: the \<^dof> antiquotations terms are expanded. The antiquotations are replaced by the object in \<^hol> they reference i.e. a \\\-calculus term, \<^item> Pass on the information to Isabelle/PIDE, and \<^item> Code generation: \<^vs>\-0.3cm\ \<^item> Evaluation of \<^hol> expressions with ontological annotations, \<^item> Generation of ontological invariants processed simultaneously with the generation of the document (a theory in \<^hol>). \<^isabelle> provides commands to type-check and print terms (the command \<^theory_text>\term\) and evaluate and print a term (the command \<^theory_text>\value\). We provide the equivalent commands, respectively \<^theory_text>\term*\ and \<^theory_text>\value*\, which support the validation and elaboration phase. This allow a smooth integration into the \<^emph>\formal\ theory development process. \ (*<*) declare_reference*["type-checking-example"::side_by_side_figure] (*>*) text\ If we take back the ontology example for mathematical papers of~@{cite "brucker.ea:isabelledof:2019"} shown in \autoref{fig-ontology-example} \begin{figure} @{boxed_theory_text [display] \ doc_class myauthor = email :: "string" <= "''''" doc_class mytext_section = authored_by :: "myauthor set" <= "{}" level :: "int option" <= "None" doc_class myintroduction = mytext_section + authored_by :: "myauthor set" <= "UNIV" uses :: "string set" invariant author_finite :: "finite (authored_by \)" and force_level :: "the (level \) > 1" doc_class myclaim = myintroduction + based_on :: "string list" doc_class mytechnical = text_section + formal_results :: "thm list" datatype kind = expert_opinion | argument | "proof" doc_class myresult = mytechnical + evidence :: kind property :: "thm list" <= "[]" invariant has_property :: "evidence \ = proof \ property \ \ []" doc_class myconclusion = text_section + establish :: "(myclaim \ myresult) set" invariant establish_defined :: "\ x. x \ Domain (establish \) \ (\ y \ Range (establish \). (x, y) \ establish \)" \} \caption{Excerpt of an ontology example for mathematical papers.} \label{fig-ontology-example} \end{figure} we can define some class instances for this ontology with the \<^theory_text>\text*\ command, as in \autoref{fig-instances-example}. \begin{figure} @{boxed_theory_text [display] \ text*[church::myauthor, email="\church@lambda.org\"]\\ text*[resultProof::myresult, evidence = "proof", property="[@{thm \HOL.refl\}]"]\\ text*[resultProof2::myresult, evidence = "proof", property="[@{thm \HOL.sym\}]"]\\ text*[introduction1::myintroduction, authored_by = "{@{myauthor \church\}}", level = "Some 0"]\\ text*[introduction2::myintroduction, authored_by = "{@{myauthor \church\}}", level = "Some 2"]\\ text*[claimNotion::myclaim, authored_by = "{@{myauthor \church\}}", based_on= "[\Notion1\, \Notion2\]", level = "Some 0"]\\ \} \caption{Some instances of the classes of the ontology in the \autoref{fig-ontology-example}.} \label{fig-instances-example} \end{figure} In the instance \<^theory_text>\introduction1\, \<^term>\@{myauthor \church\}\ denotes the instance \<^theory_text>\church\ of the class \<^typ>\myauthor\. One can now reference a class instance in a \<^theory_text>\term*\ command. In the command \<^theory_text>\term*\@{myauthor \church\}\\ the term \<^term>\@{myauthor \church\}\ is type-checked, \<^ie>, the command \<^theory_text>\term*\ checks that \<^theory_text>\church\ references a term of type \<^typ>\myauthor\ (see \<^side_by_side_figure>\type-checking-example\). \ side_by_side_figure*[ "type-checking-example"::side_by_side_figure , anchor="''fig-term-type-checking-ex''" , caption="''church is an existing instance.''" , relative_width="48" , src="''figures/term-context-checking-example''" , anchor2="''fig-term-type-checking-failed-ex''" , caption2="''The churche instance is not defined.''" , relative_width2="48" , src2="''figures/term-context-failed-checking-example''" ]\Type-checking of antiquotations in term context.\ (*<*) declare_reference*["evaluation-example"::side_by_side_figure] (*>*) text\ The command \<^theory_text>\value*\email @{author \church\}\\ type-checks the antiquotation \<^term>\@{myauthor \church\}\, and then returns the value of the attribute \<^const>\email\ for the \<^theory_text>\church\ instance, \<^ie> the \<^hol> string \<^term>\''church@lambda.org''\ (see \<^side_by_side_figure>\evaluation-example\). \ side_by_side_figure*[ "evaluation-example"::side_by_side_figure , anchor="''fig-term-evaluation-ex''" , caption="''The evaluation succeeds and returns the value.''" , relative_width="48" , src="''figures/term-context-evaluation-example''" , anchor2="''fig-term-failed-evaluation-ex''" , caption2="''The evaluation fails, due to the undefined instance.''" , relative_width2="48" , src2="''figures/term-context-failed-evaluation-example''" ]\Evaluation of antiquotations in term context.\ (* figure*[ "term-context-checking-example-figure"::figure , relative_width="99" , src="''figures/term-context-checking-example''" ]\The invariant \<^theory_text>\force_level\ of the class claim is inherited from the class \<^theory_text>\introduction\ and is violated by the instance \<^theory_text>\claimNotion\. \ figure*[ "term-context-evaluation-figure"::figure , relative_width="99" , src="''figures/term-context-evaluation-example''" ]\The invariant \<^theory_text>\force_level\ of the class claim is inherited from the class \<^theory_text>\introduction\ and is violated by the instance \<^theory_text>\claimNotion\. \ *) (*<*) declare_reference*["term-context-equality-evaluation"::figure] (*>*) text\ We can even compare class instances. \<^figure>\term-context-equality-evaluation\ shows that the two class instances \<^theory_text>\resultProof\ and \<^theory_text>\resultProof2\ are not equivalent because their attribute \<^term>\property\ differ. \ figure*[ "term-context-equality-evaluation"::figure , relative_width="80" , src="''figures/term-context-equality-evaluation-example''" ]\Evaluation of the equivalence of two class instances. \ text\ A novel mechanism to specify constraints as invariants is implemented and can now be specified in common \<^hol> syntax, using the keyword \<^theory_text>\invariant\ in the class definition (recall \autoref{fig-ontology-example}). Following the constraints proposed in @{cite "brucker.ea:isabelle-ontologies:2018"}, one can specify that any instance of a class \<^typ>\myresult\ finally has a non-empty property list, if its \<^typ>\kind\ is \<^const>\proof\ (see the \<^theory_text>\invariant has_property\), or that the relation between \<^typ>\myclaim\ and \<^typ>\myresult\ expressed in the attribute \<^const>\establish\ must be defined when an instance of the class \<^typ>\myconclusion\ is defined (see the \<^theory_text>\invariant establish_defined\). In our example, the \<^theory_text>\invariant author_finite\ of the class \<^typ>\myintroduction\ enforces that the user sets the \<^const>\authored_by\ set. The \\\ symbol is reserved and references the future class instance. By relying on the implementation of the Records in \<^isabelle>~@{cite "wenzel:isabelle-isar:2020"}, one can reference an attribute of an instance using its selector function. For example, \<^term>\establish \\ denotes the value of the attribute \<^const>\establish\ of the future instance of the class \<^typ>\myconclusion\. \ (*<*) declare_reference*["invariant-checking-figure"::figure] (*>*) text\ The value of each attribute defined for the instances is checked at run-time against their class invariants. The instance \<^theory_text>\resultProof\ respects the \<^theory_text>\invariant has_property\, because we specify its attribute \<^const>\evidence\ to the \<^typ>\kind\ \<^const>\proof\, we also specify its attribute \<^const>\property\ with a suited value as a \<^type>\list\ of \<^type>\thm\. In \<^figure>\invariant-checking-figure\, we try to specify a new instance \<^theory_text>\introduction1\ of the class \<^typ>\myintroduction\. But an invariant checking error is triggered because we do not respect the constraint specified in the \<^theory_text>\invariant force_level\, when we specify the attribute \<^const>\level\ of \<^theory_text>\introduction1\ to \<^term>\Some (0::int)\. The \<^theory_text>\invariant force_level\ forces the value of the argument of the attribute \<^const>\level\ to be greater than 1. \ figure*[ "invariant-checking-figure"::figure , relative_width="99" , src="''figures/invariant-checking-violated-example''" ]\The \<^theory_text>\invariant force_level\ of the class \<^typ>\myintroduction\ is violated by the instance \<^theory_text>\introduction1\.\ (*<*) declare_reference*["inherited-invariant-checking-figure"::figure] (*>*) text\ Classes inherit the invariants from their super-class. As the class \<^typ>\myclaim\ is a subclass of the class \<^typ>\myintroduction\, it inherits the \<^typ>\myintroduction\ invariants. Hence the \<^theory_text>\invariant force_level\ is checked when the instance \<^theory_text>\claimNotion\ is defined, like in \<^figure>\inherited-invariant-checking-figure\. \ figure*[ "inherited-invariant-checking-figure"::figure , relative_width="99" , src="''figures/inherited-invariant-checking-violated-example''" ]\The \<^theory_text>\invariant force_level\ of the class \<^typ>\myclaim\ is inherited from the class \<^typ>\myintroduction\ and is violated by the instance \<^theory_text>\claimNotion\. \ (*<*) value*\map (myresult.property) @{myresult-instances}\ value*\map (mytext_section.authored_by) @{myintroduction-instances}\ value*\filter (\\. myresult.evidence \ = proof) @{myresult-instances}\ value*\filter (\\. the (mytext_section.level \) > 1) @{myintroduction-instances}\ value*\filter (\\. myresult.evidence \ = argument) @{myresult-instances}\ (*>*) text\ A new mechanism to make query on instances is available and uses the \<^hol> implementation of \<^type>\list\s. Complex queries can then be defined using functions over the instances list. To get the list of the properties of the instances of the class \<^typ>\myresult\, and the list of the authors of the instances of the class \<^typ>\myintroduction\, one can use the commands: @{theory_text [display,indent=10, margin=70] \ value*\map (myresult.property) @{myresult-instances}\ value*\map (mytext_section.authored_by) @{myintroduction-instances}\ \} To get the list of the instances of the class \<^typ>\myresult\ whose \<^const>\evidence\ is a \<^const>\proof\, on can use the command: @{theory_text [display,indent=10, margin=70] \ value*\filter (\\. myresult.evidence \ = proof) @{myresult-instances}\ \} To get the list of the instances of the class \<^typ>\myintroduction\ whose \<^const>\level\ > 1, on can use the command: @{theory_text [display,indent=10, margin=70] \ value*\filter (\\. the (mytext_section.level \) > 1) @{myintroduction-instances}\ \} \ section*["morphisms"::technical,main_author="Some(@{docitem ''idir''}::author)"] \Proving Morphisms on Ontologies\ text\ \<^dof> framework does not assume that all documents reference the same ontology. Each document may build its local ontology without any external reference. It may also build it based upon one or several reference ontologies (i.e., standard ones). The relationship between the local ontology and the reference one is formalised using a morphism function. More precisely, a class of a local ontology may be described as a consequence of a transformation applied to one or several other class(es) defined in other ontologies. This means that each instance of the former can be computed from one or more instances of the latter. Thanks to the morphism relationship, the obtained class may either import properties (definitions are preserved) or map properties (the properties are different but are semantically equivalent) that are defined in the referenced class(es). It may also define additional properties. \ (*<*) (* Reference Ontology *) definition sum where "sum S = (fold (+) S 0)" datatype Hardware_Type = Motherboard | Expansion_Card | Storage_Device | Fixed_Media | Removable_Media | Input_Device | Output_Device onto_class Resource = name :: string onto_class Electronic = Resource + provider :: string manufacturer :: string onto_class Component = Electronic + mass :: int dimensions :: "int list" onto_class Simulation_Model = Electronic + type :: string onto_class Informatic = Resource + description :: string onto_class Hardware = Informatic + type :: Hardware_Type mass :: int composed_of :: "Component list" invariant c1 :: "mass \ = sum(map Component.mass (composed_of \))" onto_class R_Software = Informatic + version :: int (*>*) text\ To illustrate this process, we use the reference ontology (considered as a standard) described in the listing X, defining the Resource, Electronic, Component, Informatic, Hardware and Software concepts (or classes). Each class contains a set of attributes or properties and some local invariants. In our example, we focus on the Hardware class containing a mass attribute and composed of a list of components with a mass attribute formalising the mass value of each component. The Hardware class also contains a local invariant ''c1'' to define a constraint linking the global mass of a Hardware object with the masses of its own components. \ (*<*) (* Local Ontology *) onto_class Item = name :: string onto_class Product = Item + serial_number :: int provider :: string mass :: int onto_class Computer_Software = Item + version :: int onto_class Electronic_Component = Product + dimensions :: "int set" onto_class Computer_Hardware = Product + type :: Hardware_Type composed_of :: "Product list" invariant c2 :: "Product.mass \ = sum(map Product.mass (composed_of \))" (*>*) text\ For the needs of our document, we have defined a simple ontology to classify Software and Hardware objects. This ontology is described in listing X and defines the \Item\, \Product\, \Computer_Software\ and \Computer_Hardware\ concepts. As for the reference ontology, we focus on the \Computer_Hardware\ class defined as a list of products characterised by their mass value. This class contains a local invariant ''c2'' to guarantee that its own mass value equals the sum of all the masses of the products composing the object. \ section*[ontoexample::text_section,main_author="Some(@{docitem ''idir''}::author)"] \Applications\ subsection\Engineering Example : An Extract from PLib\ subsection\Mathematics Example : An Extract from OntoMath\textsuperscript{PRO}\ (*<*) (* OntoMathPro_Ontology example *) datatype dc = creator string | title string datatype owl = backwardCompatibleWith string | deprecated string | incompatibleWith string | priorVersion string | versionInfo string datatype rdfs = comment string | isDefinedBy string | label string | seeAlso string datatype annotation = DC dc | OWL owl | RDFS rdfs onto_class Top = Annotations :: "annotation list" onto_class Field_of_mathematics = Annotations :: "annotation list" invariant restrict_annotation_F ::"set (Annotations \) \ range (RDFS o label) \ range (RDFS o comment)" onto_class Mathematical_knowledge_object = Annotations :: "annotation list" invariant restrict_annotation_M ::"set (Annotations \) \ range (RDFS o label) \ range (RDFS o comment)" onto_class assoc_F_M = contains:: "(Field_of_mathematics \ Mathematical_knowledge_object) set" invariant contains_defined :: "\ x. x \ Domain (contains \) \ (\ y \ Range (contains \). (x, y) \ contains \)" onto_class assoc_M_F = belongs_to :: "(Mathematical_knowledge_object \ Field_of_mathematics) set" invariant belong_to_defined :: "\ x. x \ Domain (belongs_to \) \ (\ y \ Range (belongs_to \). (x, y) \ belongs_to \)" onto_class assoc_M_M = is_defined_by :: "(Mathematical_knowledge_object \ Mathematical_knowledge_object) set" invariant is_defined_by_defined :: "\ x. x \ Domain (is_defined_by \) \ (\ y \ Range (is_defined_by \). (x, y) \ is_defined_by \)" (*typedef 'a A'_scheme = "{x :: 'a A_scheme. " *) onto_class assoc_M_M' = "defines" :: "(Mathematical_knowledge_object \ Mathematical_knowledge_object) set" invariant defines_defined :: "\ x. x \ Domain (defines \) \ (\ y \ Range (defines \). (x, y) \ defines \)" onto_class assoc_M_M_see_also = see_also :: "(Mathematical_knowledge_object rel) set" invariant see_also_trans :: "\ r \ (see_also \). trans r" invariant see_also_sym :: "\ r \ (see_also \). sym r" onto_class Problem = Mathematical_knowledge_object + Annotations :: "annotation list" onto_class Method = Mathematical_knowledge_object + Annotations :: "annotation list" onto_class assoc_Problem_Method = is_solved_by :: "(Problem \ Method) set" invariant is_solved_by_defined :: "\ x. x \ Domain (is_solved_by \) \ (\ y \ Range (is_solved_by \). (x, y) \ is_solved_by \)" onto_class assoc_Method_Problem = solves :: "(Method \ Problem) set" invariant solves_defined :: "\ x. x \ Domain (solves \) \ (\ y \ Range (solves \). (x, y) \ solves \)" (*>*) text\ The ontology \<^emph>\OntoMath\textsuperscript{PRO}\ @{cite "DBLP:journals/corr/NevzorovaZKL14"} is an OWL ontology of mathematical knowledge concepts. It posits the IS-A semantics for hierarchies of mathematical knowledge elements, and defines these elements as two hierarchies of classes: a taxonomy of the fields of mathematics and a taxonomy of mathematical knowledge objects. It defines two main type of relations for these two taxonomies: directed relations between elements of the two hierarchies like \<^const>\belongs_to\, \<^const>\contains\, \<^const>\defines\, \<^const>\is_defined_by\, \<^const>\solves\, \<^const>\is_solved_by\, and a symmetric transitive associative relation \<^const>\see_also\ between two mathematical knowledge objects. It also represents links with external resources such as DBpedia with annotations properties @{cite "Parsia:12:OWO"}. \<^dof> covers a wide range of the OWL concepts used by the ontology OntoMath\textsuperscript{PRO}. We can represent the annotations properties as datatypes and then attach them as an attributes list to a class. For example the declaration: @{theory_text [display,indent=10, margin=70] \ datatype dc = creator string | title string datatype owl = backwardCompatibleWith string | deprecated string | incompatibleWith string | priorVersion string | versionInfo string datatype rdfs = comment string | isDefinedBy string | label string | seeAlso string datatype annotation = DC dc | OWL owl | RDFS rdfs onto_class Field_of_mathematics = Annotations :: "annotation list" invariant restrict_annotation_F ::"set (Annotations \) \ range (RDFS o label) \ range (RDFS o comment)" \} defines the class \<^typ>\Field_of_mathematics\ with an attribute \<^const>\Annotations\ which is a \<^type>\list\ of \<^typ>\annotation\s. We can even constraint the type of allowed \<^typ>\annotation\s with an invariant. Here the \<^theory_text>\invariant restrict_annotation_F\ forces the \<^typ>\annotation\s to be a \<^const>\label\ or a \<^const>\comment\. Subsumption relation is straightforward. The ontology OntoMath\textsuperscript{PRO} defines a \<^typ>\Problem\ and a \<^typ>\Method\ as subclasses of the class \<^typ>\Mathematical_knowledge_object\. It gives in \<^dof>: @{theory_text [display,indent=10, margin=70] \ onto_class Problem = Mathematical_knowledge_object + Annotations :: "annotation list" onto_class Method = Mathematical_knowledge_object + Annotations :: "annotation list" \} We can express the relations between the two taxonomies with association \<^theory_text>\onto_class\es which specify the relation as an attribute and enforces the relation with an \<^theory_text>\invariant\. The two directed relations \<^const>\is_solved_by\ and \<^const>\solves\ between \<^typ>\Problem\ and a \<^typ>\Method\ can be represented in \<^dof> like this: @{theory_text [display,indent=10, margin=70] \ onto_class assoc_Problem_Method = is_solved_by :: "(Problem \ Method) set" invariant is_solved_by_defined :: "\ x. x \ Domain (is_solved_by \) \ (\ y \ Range (is_solved_by \). (x, y) \ is_solved_by \)" onto_class assoc_Method_Problem = solves :: "(Method \ Problem) set" invariant solves_defined :: "\ x. x \ Domain (solves \) \ (\ y \ Range (solves \). (x, y) \ solves \)" \} where the attributes \<^const>\is_solved_by\ and \<^const>\solves\ define the relations of the classes and the invariants \<^theory_text>\is_solved_by_defined\ and \<^theory_text>\solves_defined\ enforce the existence of the relations when one define instances of the classes. \<^dof> allows to define ontologies and specify constraints on their concepts. Additionally it dynamically checks at run-time the concepts when defining instances. It offers an environment to define and test ontologies in an integrated document, where all the knowledge and the proof-checking can be specified, and thus can be a solution to go over the trade-off between plain vocabularies and highly formalized models. \ section*[concl::conclusion]\Conclusion\ text\We presented \<^dof>, an ontology framework deeply integrating continuous-check/continuous-build functionality into the formal development process in \<^hol>. The novel feature of term-contexts in \<^dof>, which permits term-antiquotations elaborated in the parsing process, paves the way for the abstract specification of meta-data constraints as well the possibility of advanced search in the meta-data of document elements. Thus it profits and extends Isabelle's document-centric view on formal development. Many ontological languages such OWL @{cite "owl2012"} as well as the meta-modeling technology available for UML/OCL provide concepts for semantic rules and constraints, but leave the validation checking usually to external tools (if implementing them at all). This limits their practical usefulness drastically. Our approach treats invariants as first-class citizens, and turns them into an object of formal study in, for example, ontological mappings. Such a technology exists, to our knowledge, for the first time. Our experiments with adaptions of existing ontologies from engineering and mathematics show that \<^dof>'s ODL has sufficient expressive power to cover all aspects of languages such as OWL (with perhaps the exception of multiple inheritance on classes). However, these ontologies have been developed specifically \<^emph>\in\ OWL and target its specific support, the Protege editor @{cite "protege"}. We argue that \<^dof> might ask for a re-engineering of these ontologies: less deep hierarchies, rather deeper structure in meta-data and stronger invariants. \ subsection*[rw::related_work]\Related Work\ text\There are a number of approaches to use ontologies for structuring the link between information and knowledge, and to make it amenable to "semantic" search in or consistency checking of documents: \<^item> The search engine \<^url>\http://shinh.org/wfs\ uses a quite brute-force, but practical approach. It is getting its raw-data from Wikipedia and PlanetMath and similar sites, and uses clever text-based search methods in a large number of formulas, agnostic of their logical context, and of formal proof. \<^item> The OAF project @{cite "KohlhaseR21"} comes closest to our ideal of wide-spread use of ontologies for search in mathematical libraries. The project developed a common ontological format, called OMDoc/MMT, and developed six \<^emph>\export\ functions from major ITP systems into it. The more difficult task to develop \<^emph>\import\ functions has not been addressed, not to mention the construction of imported proofs in a native tactic proof format. Rather, the emphasis was put on building a server infrastructure based on conventional, rather heavy-weight database- and OWL technology. Our approach targets so far only one ITP system and its libraries, and emphasizes type-safeness, expressive power and "depth" of meta-data, which is adapted to the specific needs of ITP systems and theory developments. \<^item> There are meanwhile a number of proposals of ontologies targeting mathematics: \<^item> \OntoMath\<^sup>P\<^sup>R\<^sup>O\ @{cite "Nevzorova2014OntoMathPO"} proposes a ``taxonomy of the fields of mathematics'' (pp 110). In total, \OntoMath\<^sup>P\<^sup>R\<^sup>O\ contains the daunting number of 3,449 classes, which is in part due to the need to compensate the lack of general datatype definition methods for meta-data. It is inspired from a translation of the Russian Federal Standard for Higher Education on mathematics for master students \<^url>\http://www.edu.ru/db-mon/mo/Data/d_10/prm40-1.pdf\, which makes it nevertheless an interesting starting point for a future development of a mathematics ontology in the \<^dof> framework. \<^item> Other ontologies worth mentioning are DBpedia @{cite "10.1007/978-3-540-76298-0_52"}, which provides with the \<^emph>\SPARQL endpoint\ \<^url>\http://dbpedia.org/sparql\ a search engine, and the more general ScienceWISE (see \<^url>\http://sciencewise.info/ontology/\ linked to the ArXiv.org project) that allows users to introduce their own category concepts. Both suffer from the lack of deeper meta-data modeling, and the latter is still at the beginning (ScienceWISE marks the Mathematics part as "under construction"). % \<^url>\https://github.com/CLLKazan/OntoMathPro\ % % ITEM The "Ontology for Engineering Mathematics" % \<^url>\https://tomgruber.org/writing/an-ontology-for-engineering-mathematics\ is % is unfortunately only a half-baked approach to model physical quantities % and SI-measurements. Instead of using ontologies for this purpose, there % exist approaches based on strong type systems \ subsection*[fw::related_work]\Future Work\ text\ We plan to complement \<^dof> with incremental LaTeX generation and a previewing facility that will further increase the usability of our framework for the ontology-conform editing of formal content, be it in the engineering or the mathematics domain. \<^footnote>\This paper has been edited in \<^dof>, of course.\ Another line of future application is to increase the "depth" of build-in term antiquotations such \@{typ \'\\}\, \@{term \a + b\}\ and \@{thm \HOL.refl\}\, which are currently implemented just as validations in the current logical context. In the future, they could optionally be expanded to the types, terms and theorems (with proof objects attached) in a meta-model of the Isabelle Kernel such as the one presented in @{cite "10.1007/978-3-030-79876-5_6"} (also available in the AFP). This will allow for the HOL-specification of query-functions in, \<^eg>, proof-objects, and pave the way to annotate them with typed meta-data. Such a technology could be relevant for the interoperability of proofs across different ITP platforms. \ (*<*) close_monitor*[this] end (*>*)