Parallelization of assert*, term*, value*, first try

Now class invariants names use internally the class name
as a user Binding.qualifier.
This way one can use the same name for an invariant
in two different classes in the same theory:

doc_class "hypothesis"  = math_content +
   referentiable :: bool <= "True"
   level         :: "int option"         <= "Some 2"
   mcc           :: "math_content_class" <= "hypt"
   invariant d :: "mcc σ = hypt"

doc_class "math_proof"  = math_content +
   referentiable :: bool <= "True"
   level         :: "int option"         <= "Some 2"
   mcc           :: "math_content_class" <= "prf_stmt"
   invariant d :: "mcc σ = prf_stmt"

find_consts name:"math_proof.d_inv"
find_consts name:"hypothesis.d_inv"

.gitignore

@@ -2,3 +2,4 @@ output
 .afp
 *~
 *#
+Isabelle_DOF-Unit-Tests/latex_test/

.woodpecker/build.yml

@@ -2,14 +2,19 @@ pipeline:
   build:
     image: docker.io/logicalhacking/isabelle2022
     commands:
+      - ./.woodpecker/check_dangling_theories
+      - ./.woodpecker/check_external_file_refs
+      - ./.woodpecker/check_quick_and_dirty
       - export ARTIFACT_DIR=$CI_WORKSPACE/.artifacts/$CI_REPO/$CI_BRANCH/$CI_BUILD_NUMBER/$LATEX
       - mkdir -p $ARTIFACT_DIR
       - export `isabelle getenv ISABELLE_HOME_USER`
       - mkdir -p $ISABELLE_HOME_USER/etc
       - echo "ISABELLE_PDFLATEX=\"$LATEX --file-line-error\"" >> $ISABELLE_HOME_USER/etc/settings
-      - isabelle components -u `pwd` 
-      - isabelle build -D . -o browser_info
-      - isabelle dof_mkroot DOF_test
+      - isabelle build -x HOL-Proofs -x Isabelle_DOF-Proofs -D . -o browser_info
+      - if [ "$LATEX" = "lualatex" ]; then isabelle build -o 'timeout_scale=2' -D . -o browser_info; else echo "Skipping Isabelle_DOF-Proofs for pdflatex build."; fi
+      - find . -name 'root.tex' -prune -o -name 'output' -type f | xargs latexmk -$LATEX -cd  -quiet -Werror
+      - isabelle components -u .
+      - isabelle dof_mkroot -q DOF_test
       - isabelle build -D DOF_test
       - cp -r $ISABELLE_HOME_USER/browser_info $ARTIFACT_DIR
       - cd $ARTIFACT_DIR
@@ -38,7 +43,7 @@ pipeline:
         from_secret: artifacts_ssh
       user: artifacts
   notify:
-    image: drillster/drone-email
+    image: docker.io/drillster/drone-email
     settings:
       host: smtp.0x5f.org
       username: woodpecker

.woodpecker/check_dangling_theories

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+set -e
+
+failuremsg="Error"
+failurecode=1
+
+while [ $# -gt 0 ]
+do
+    case "$1" in
+        --warning|-w)
+            failuremsg="Warning"
+            failurecode=0;;
+    esac
+    shift
+done
+
+echo "Checking for theories that are not part of an Isabelle session:"
+echo "==============================================================="
+
+PWD=`pwd`
+TMPDIR=`mktemp -d`
+isabelle build  -D . -l -n | grep $PWD | sed -e "s| *${PWD}/||" | sort -u | grep thy$ > ${TMPDIR}/sessions-thy-files.txt
+find * -type f | sort -u | grep thy$ > ${TMPDIR}/actual-thy-files.txt
+thylist=`comm -13 ${TMPDIR}/sessions-thy-files.txt ${TMPDIR}/actual-thy-files.txt`
+if [ -z "$thylist" ] ; then
+    echo "  * Success: No dangling theories found."
+    exit 0
+else
+    echo -e "$thylist"
+    echo "$failuremsg: Dangling theories found (see list above)!" 
+    exit $failurecode 
+fi

.woodpecker/check_external_file_refs

@@ -0,0 +1,45 @@
+#!/bin/sh
+
+
+
+failuremsg="Error"
+failurecode=1
+
+while [ $# -gt 0 ]
+do
+    case "$1" in
+        --warning|-w)
+            failuremsg="Warning"
+            failurecode=0;;
+    esac
+    shift
+done
+
+DIRREGEXP="\\.\\./"
+
+echo "Checking for references pointing outside of session directory:"
+echo "=============================================================="
+
+REGEXP=$DIRREGEXP
+DIR=$DIRMATCH
+failed=0
+for i in $(seq 1 10); do 
+  FILES=`find * -mindepth $((i-1)) -maxdepth $i -type f | xargs`
+  if [ -n "$FILES" ]; then 
+    grep -s ${REGEXP} ${FILES}
+    exit=$?
+    if [ "$exit" -eq 0 ] ; then
+      failed=1
+    fi
+  fi
+  REGEXP="${DIRREGEXP}${REGEXP}"
+done
+
+
+if [ "$failed" -ne 0 ] ; then
+    echo "$failuremsg: Forbidden reference to files outside of their session directory!" 
+    exit $failurecode 
+fi
+
+echo "  * Success: No relative references to files outside of their session directory found."
+exit 0

.woodpecker/check_quick_and_dirty

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -e
+
+failuremsg="Error"
+failurecode=1
+
+while [ $# -gt 0 ]
+do
+    case "$1" in
+        --warning|-w)
+            failuremsg="Warning"
+            failurecode=0;;
+    esac
+    shift
+done
+
+echo "Checking for sessions with quick_and_dirty mode enabled:"
+echo "========================================================"
+
+rootlist=`find -name 'ROOT' -exec grep -l 'quick_and_dirty *= *true' {} \;`
+
+if [ -z "$rootlist" ] ; then
+    echo "  * Success: No sessions with quick_and_dirty mode enabled found."
+    exit 0
+else
+    echo -e "$rootlist"
+    echo "$failuremsg: Sessions with quick_and_dirty mode enabled found (see list above)!" 
+    exit $failurecode 
+fi

.woodpecker/mk_release

@@ -83,22 +83,22 @@ build_and_install_manuals()
     if [ "$DIRTY" = "true" ]; then
         if [ -z ${ARTIFACT_DIR+x} ]; then
             echo "  * Quick and Dirty Mode (local build)"
-            $ISABELLE build -d . Isabelle_DOF-Manual 2018-cicm-isabelle_dof-applications
-            mkdir -p $ISADOF_WORK_DIR/examples/scholarly_paper/2018-cicm-isabelle_dof-applications/output/
-            cp examples/scholarly_paper/2018-cicm-isabelle_dof-applications/output/document.pdf \
-               $ISADOF_WORK_DIR/examples/scholarly_paper/2018-cicm-isabelle_dof-applications/output/
-            mkdir -p $ISADOF_WORK_DIR/examples/technical_report/Isabelle_DOF-Manual/output/
-            cp examples/technical_report/Isabelle_DOF-Manual/output/document.pdf \
-               $ISADOF_WORK_DIR/examples/technical_report/Isabelle_DOF-Manual/output/;
+            $ISABELLE build -d . Isabelle_DOF Isabelle_DOF-Example-I
+            mkdir -p $ISADOF_WORK_DIR/Isabelle_DOF-Example-I/output/
+            cp Isabelle_DOF-Example-I/output/document.pdf \
+               $ISADOF_WORK_DIR/Isabelle_DOF-Example-I/output/
+            mkdir -p $ISADOF_WORK_DIR/Isabelle_DOF/output/
+            cp Isabelle_DOF/output/document.pdf \
+               $ISADOF_WORK_DIR/Isabelle_DOF/output/;
         else
             echo "  * Quick and Dirty Mode (running on CI)"
-            mkdir -p $ISADOF_WORK_DIR/examples/scholarly_paper/2018-cicm-isabelle_dof-applications/output/
-            cp $ARTIFACT_DIR/browser_info/Unsorted/2018-cicm-isabelle_dof-applications/document.pdf \
-               $ISADOF_WORK_DIR/examples/scholarly_paper/2018-cicm-isabelle_dof-applications/output/
+            mkdir -p $ISADOF_WORK_DIR/Isabelle_DOF-Example-I/output/
+            cp $ARTIFACT_DIR/browser_info/Unsorted/Isabelle_DOF-Example-I/document.pdf \
+               $ISADOF_WORK_DIR/Isabelle_DOF-Example-I/output/
  
-            mkdir -p $ISADOF_WORK_DIR/examples/technical_report/Isabelle_DOF-Manual/output/
-            cp $ARTIFACT_DIR/browser_info/Unsorted/Isabelle_DOF-Manual/document.pdf \
-               $ISADOF_WORK_DIR/examples/technical_report/Isabelle_DOF-Manual/output/;
+            mkdir -p $ISADOF_WORK_DIR/Isabelle_DOF/output/
+            cp $ARTIFACT_DIR/browser_info/Unsorted/Isabelle_DOF/document.pdf \
+               $ISADOF_WORK_DIR/Isabelle_DOF/output/;
         fi
     else
         (cd $ISADOF_WORK_DIR && $ISABELLE env ./install-afp)
@@ -107,13 +107,13 @@ build_and_install_manuals()
     mkdir -p $ISADOF_WORK_DIR/doc
     echo "Isabelle/DOF Manuals!" > $ISADOF_WORK_DIR/doc/Contents
     
-    cp $ISADOF_WORK_DIR/examples/technical_report/Isabelle_DOF-Manual/output/document.pdf \
+    cp $ISADOF_WORK_DIR/Isabelle_DOF/output/document.pdf \
         $ISADOF_WORK_DIR/doc/Isabelle_DOF-Manual.pdf
     echo "  Isabelle_DOF-Manual                       User and Implementation Manual for Isabelle/DOF" >> $ISADOF_WORK_DIR/doc/Contents
 
-    cp $ISADOF_WORK_DIR/examples/scholarly_paper/2018-cicm-isabelle_dof-applications/output/document.pdf \
-        $ISADOF_WORK_DIR/doc/2018-cicm-isabelle_dof-applications.pdf
-    echo "  2018-cicm-isabelle_dof-applications       Example academic paper" >> $ISADOF_WORK_DIR/doc/Contents
+    cp $ISADOF_WORK_DIR/Isabelle_DOF-Example-I/output/document.pdf \
+        $ISADOF_WORK_DIR/doc/Isabelle_DOF-Example-I.pdf
+    echo "  Isabelle_DOF-Example-I       Example academic paper" >> $ISADOF_WORK_DIR/doc/Contents
 
     find $ISADOF_WORK_DIR -type d -name "output" -exec rm -rf {} \; &> /dev/null || true
     rm -rf $ISADOF_WORK_DIR/.git* $ISADOF_WORK_DIR/.woodpecker $ISADOF_WORK_DIR/.afp 
@@ -143,7 +143,6 @@ publish_archive()
     ssh 0x5f.org chmod go+u-w -R www/$DOF_ARTIFACT_HOST/htdocs/$DOF_ARTIFACT_DIR
 }
 
-
 ISABELLE=`which isabelle`
 USE_TAG="false"
 SIGN="false"
@@ -194,8 +193,8 @@ for i in $VARS; do
         export "$i"
 done
 
-ISABELLE_VERSION="Isabelle$($ISABELLE_TOOL options -g dof_isabelle)"
-DOF_VERSION="$($ISABELLE_TOOL options -g dof_version)"
+ISABELLE_VERSION="Isabelle$($ISABELLE_TOOL dof_param -b isabelle_version)"
+DOF_VERSION="$($ISABELLE_TOOL dof_param -b dof_version)"
 
 ISABELLE_SHORT_VERSION=`echo $ISABELLE_VERSION | sed -e 's/:.*$//'`
 ISADOF_TAR="Isabelle_DOF-"$DOF_VERSION"_"$ISABELLE_SHORT_VERSION
@@ -221,4 +220,3 @@ fi
 
 rm -rf $BUILD_DIR
 
-exit 0 

Isabelle_DOF-Example-I/IsaDofApplications.thy

@@ -16,6 +16,9 @@ theory IsaDofApplications
   imports "Isabelle_DOF.scholarly_paper"
 begin
 
+use_template "lncs"
+use_ontology "Isabelle_DOF.scholarly_paper"
+
 open_monitor*[this::article] 
 declare[[strict_monitor_checking=false]]
 
@@ -27,6 +30,61 @@ define_shortcut* isadof   \<rightleftharpoons> \<open>\isadof\<close>
 
 (* slanted text in contrast to italics *)
 define_macro* slanted_text \<rightleftharpoons> \<open>\textsl{\<close> _ \<open>}\<close>
+define_macro* unchecked_label \<rightleftharpoons> \<open>\autoref{\<close> _ \<open>}\<close>
+
+ML\<open>
+
+fun boxed_text_antiquotation name (* redefined in these more abstract terms *) =
+    DOF_lib.gen_text_antiquotation name DOF_lib.report_text 
+                           (fn ctxt => DOF_lib.string_2_text_antiquotation ctxt
+                                       #> DOF_lib.enclose_env false ctxt "isarbox")
+
+val neant = K(Latex.text("",\<^here>))
+
+fun boxed_theory_text_antiquotation name (* redefined in these more abstract terms *) =
+    DOF_lib.gen_text_antiquotation name DOF_lib.report_theory_text 
+                           (fn ctxt => DOF_lib.string_2_theory_text_antiquotation ctxt 
+                                        #> DOF_lib.enclose_env false ctxt "isarbox"
+                                        (* #> neant *)) (*debugging *)
+
+fun boxed_sml_text_antiquotation name  =
+    DOF_lib.gen_text_antiquotation name (K(K())) 
+                           (fn ctxt => Input.source_content 
+                                        #> Latex.text 
+                                        #> DOF_lib.enclose_env true ctxt "sml") 
+                           (* the simplest conversion possible *)
+
+fun boxed_pdf_antiquotation name =
+    DOF_lib.gen_text_antiquotation name (K(K())) 
+                           (fn ctxt => Input.source_content 
+                                        #> Latex.text 
+                                        #> DOF_lib.enclose_env true ctxt "out") 
+                           (* the simplest conversion possible *)
+
+fun boxed_latex_antiquotation name =
+    DOF_lib.gen_text_antiquotation name (K(K())) 
+                           (fn ctxt => Input.source_content 
+                                        #> Latex.text 
+                                        #> DOF_lib.enclose_env true ctxt "ltx") 
+                           (* the simplest conversion possible *)
+
+fun boxed_bash_antiquotation name =
+    DOF_lib.gen_text_antiquotation name (K(K())) 
+                           (fn ctxt => Input.source_content 
+                                        #> Latex.text 
+                                        #> DOF_lib.enclose_env true ctxt "bash") 
+                           (* the simplest conversion possible *)
+\<close>
+
+setup\<open>boxed_text_antiquotation         \<^binding>\<open>boxed_text\<close> #>
+      boxed_text_antiquotation         \<^binding>\<open>boxed_cartouche\<close> #>
+      boxed_theory_text_antiquotation  \<^binding>\<open>boxed_theory_text\<close> #>
+
+      boxed_sml_text_antiquotation     \<^binding>\<open>boxed_sml\<close> #>
+      boxed_pdf_antiquotation          \<^binding>\<open>boxed_pdf\<close> #>
+      boxed_latex_antiquotation        \<^binding>\<open>boxed_latex\<close>#>
+      boxed_bash_antiquotation         \<^binding>\<open>boxed_bash\<close> 
+     \<close>
 
 (*>*)
 
@@ -71,7 +129,7 @@ abstract*[abs::abstract, keywordlist="[''Ontology'',''Ontological Modeling'',''I
 \<close>
 
 section*[intro::introduction]\<open> Introduction \<close>  
-text*[introtext::introduction]\<open> 
+text*[introtext::introduction, level = "Some 1"]\<open> 
 The linking of the \<^emph>\<open>formal\<close> to the \<^emph>\<open>informal\<close> is perhaps the
 most pervasive challenge in the digitization of knowledge and its
 propagation. This challenge incites numerous research efforts
@@ -99,20 +157,18 @@ document evolution. Based on Isabelle infrastructures, ontologies may refer to
 types, terms, proven theorems, code, or established assertions.
 Based on a novel adaption of the Isabelle IDE, a document is checked to be 
 \<^emph>\<open>conform\<close> to a particular ontology---\<^isadof> is designed to give fast user-feedback 
-\<^emph>\<open>during the capture of content\<close>. This is particularly valuable in case of document 
+\<^emph>\<open>during the capture of content\<close>. This is particularly valuable for document 
 changes, where the \<^emph>\<open>coherence\<close> between the formal and the informal parts of the
 content can be mechanically checked.
 
-To avoid any misunderstanding: \<^isadof>  is \<^emph>\<open>not a theory in HOL\<close>   
-on ontologies and operations to track and trace links in texts,
-it is an \<^emph>\<open>environment to write structured text\<close> which \<^emph>\<open>may contain\<close>  
-\<^isabelle> definitions and proofs like mathematical articles, tech-reports and
-scientific papers---as the present one, which is written in \<^isadof> 
-itself. \<^isadof> is a plugin into the Isabelle/Isar
-framework in the style of~@{cite "wenzel.ea:building:2007"}.
+To avoid any misunderstanding: \<^isadof>  is \<^emph>\<open>not a theory in HOL\<close> on ontologies and operations 
+to track and trace links in texts, it is an \<^emph>\<open>environment to write structured text\<close> which 
+\<^emph>\<open>may contain\<close> \<^isabelle> definitions and proofs like mathematical articles, tech-reports and
+scientific papers---as the present one, which is written in \<^isadof> itself. \<^isadof> is a plugin 
+into the Isabelle/Isar framework in the style of~@{cite "wenzel.ea:building:2007"}.
 \<close>
 
-(* declaring the forward references used in the subsequent section *)  
+(* declaring the forward references used in the subsequent sections *)  
 (*<*)
 declare_reference*[bgrnd::text_section]
 declare_reference*[isadof::text_section]
@@ -120,9 +176,9 @@ declare_reference*[ontomod::text_section]
 declare_reference*[ontopide::text_section]
 declare_reference*[conclusion::text_section]
 (*>*)
-text*[plan::introduction]\<open> The plan of the paper is follows: we start by introducing  the underlying 
-Isabelle system (@{text_section (unchecked) \<open>bgrnd\<close>}) followed by presenting the 
-essentials of  \<^isadof> and its ontology language (@{text_section (unchecked) \<open>isadof\<close>}). 
+text*[plan::introduction, level="Some 1"]\<open> The plan of the paper is as follows: we start by 
+introducing the underlying Isabelle system (@{text_section (unchecked) \<open>bgrnd\<close>}) followed by 
+presenting the essentials of  \<^isadof> and its ontology language (@{text_section (unchecked) \<open>isadof\<close>}). 
 It follows @{text_section (unchecked) \<open>ontomod\<close>}, where we present three application 
 scenarios from the point of view of the ontology modeling. In @{text_section (unchecked) \<open>ontopide\<close>}
 we discuss the user-interaction generated from the ontological definitions.  Finally, we draw 
@@ -130,19 +186,15 @@ conclusions and discuss related work in @{text_section (unchecked) \<open>conclu
 
 section*[bgrnd::text_section,main_author="Some(@{docitem ''bu''}::author)"]
         \<open> Background: The Isabelle System \<close>
-text*[background::introduction]\<open>
-While Isabelle is widely perceived as an interactive theorem prover
-for HOL (Higher-order Logic)~@{cite "nipkow.ea:isabelle:2002"}, we
-would like to emphasize the view that Isabelle is far more than that:
-it is the \<^emph>\<open>Eclipse of Formal Methods Tools\<close>.  This refers to the
-``\<^slanted_text>\<open>generic system framework of Isabelle/Isar underlying recent
-  versions of Isabelle.  Among other things, Isar provides an
-  infrastructure for Isabelle plug-ins, comprising extensible state
-  components and extensible syntax that can be bound to ML
-  programs. Thus, the Isabelle/Isar architecture may be understood as
-  an extension and refinement of the traditional `LCF approach', with
-  explicit infrastructure for building derivative
-  \<^emph>\<open>systems\<close>.\<close>''~@{cite "wenzel.ea:building:2007"} 
+text*[background::introduction, level="Some 1"]\<open>
+While Isabelle is widely perceived as an interactive theorem prover for HOL 
+(Higher-order Logic)~@{cite "nipkow.ea:isabelle:2002"}, we would like to emphasize the view that 
+Isabelle is far more than that: it is the \<^emph>\<open>Eclipse of Formal Methods Tools\<close>.  This refers to the
+``\<^slanted_text>\<open>generic system framework of Isabelle/Isar underlying recent versions of Isabelle.  
+  Among other things, Isar provides an infrastructure for Isabelle plug-ins, comprising extensible 
+  state components and extensible syntax that can be bound to ML programs. Thus, the Isabelle/Isar 
+  architecture may be understood as an extension and refinement of the traditional `LCF approach', 
+  with explicit infrastructure for building derivative \<^emph>\<open>systems\<close>.\<close>''~@{cite "wenzel.ea:building:2007"} 
 
 The current system framework offers moreover the following features:
 
@@ -154,12 +206,12 @@ The current system framework offers moreover the following features:
   the most prominent and deeply integrated system component.
 \<close>  
 
-figure*[architecture::figure,relative_width="100",src="''figures/isabelle-architecture''"]\<open> 
+figure*[architecture::figure,relative_width="100",file_src="''figures/isabelle-architecture.pdf''"]\<open> 
      The system architecture of Isabelle (left-hand side) and the 
      asynchronous communication between the Isabelle system and 
      the IDE (right-hand side). \<close>
 
-text*[blug::introduction]\<open> The Isabelle system architecture shown in @{figure \<open>architecture\<close>}
+text*[blug::introduction, level="Some 1"]\<open> The Isabelle system architecture shown in @{figure \<open>architecture\<close>}
  comes with many layers, with Standard ML (SML) at the bottom layer as implementation 
 language. The architecture actually foresees a \<^emph>\<open>Nano-Kernel\<close> (our terminology) which 
 resides in the SML structure \<^ML_structure>\<open>Context\<close>. This structure provides a kind of container called 
@@ -169,32 +221,30 @@ automated proof procedures as well as specific support for higher specification
 were built. \<close>
     
 text\<open> We would like to detail the documentation generation of the architecture,
-which is based on literate specification commands such as \inlineisar+section+ \<^dots>, 
-\inlineisar+subsection+ \<^dots>, \inlineisar+text+ \<^dots>, etc.
+which is based on literate specification commands such as \<^theory_text>\<open>section\<close> \<^dots>, 
+\<^theory_text>\<open>subsection\<close> \<^dots>, \<^theory_text>\<open>text\<close> \<^dots>, etc.
 Thus, a user can add a simple text:
-\begin{isar}
-  text\<Open>This is a description.\<Close>
-\end{isar}
+  @{boxed_theory_text [display]\<open>
+text\<open> This is a description.\<close>\<close>}
 These text-commands can be arbitrarily mixed with other commands stating definitions, proofs, code, etc.,
 and will result in the corresponding output in generated \<^LaTeX> or HTML documents. 
 Now, \<^emph>\<open>inside\<close> the textual content, it is possible to embed a \<^emph>\<open>text-antiquotation\<close>:
-\begin{isar}
-  text\<Open>According to the reflexivity axiom \at{thm refl}, we obtain in \<Gamma> 
-           for \at{term "fac 5"} the result \at{value "fac 5"}.\<Close>
-\end{isar}
+@{boxed_theory_text [display]\<open>
+   text\<open> According to the \<^emph>\<open>reflexivity\<close> axiom @{thm refl}, 
+         we obtain in \<Gamma> for @{term "fac 5"} the result @{value "fac 5"}.\<close>\<close>}
+
 which is represented in the generated output by:
-\begin{out}
-  According to the reflexivity axiom $x = x$, we obtain in $\Gamma$ for $\operatorname{fac} 5$ the result $120$.
-\end{out}
-where \inlineisar+refl+ is actually the reference to the axiom of reflexivity in HOL. 
-For the antiquotation \inlineisar+\at{value "fac 5"}+  we assume the usual definition for 
-\inlineisar+fac+ in HOL.
+@{boxed_pdf [display]\<open>According to the reflexivity axiom $x = x$, we obtain in $\Gamma$ for $\operatorname{fac} 5$ the result $120$.\<close>}
+
+where \<^theory_text>\<open>refl\<close> is actually the reference to the axiom of reflexivity in HOL. 
+For the antiquotation \<^theory_text>\<open>@{value "''fac 5''"}\<close>  we assume the usual definition for 
+\<^theory_text>\<open>fac\<close> in HOL.
 \<close>
 
-text*[anti]\<open> Thus, antiquotations can refer to formal content, can be type-checked before being 
-displayed and can be used for calculations before actually being typeset. When editing, 
-Isabelle's PIDE offers auto-completion and error-messages while typing the above 
-\<^emph>\<open>semi-formal\<close> content.  \<close>
+text*[anti::introduction, level = "Some 1"]\<open> Thus, antiquotations can refer to formal content, 
+can be type-checked before being displayed and can be used for calculations before actually being 
+typeset. When editing, Isabelle's PIDE offers auto-completion and error-messages while typing the 
+above \<^emph>\<open>semi-formal\<close> content.\<close>
 
 section*[isadof::technical,main_author="Some(@{docitem ''adb''}::author)"]\<open> \<^isadof> \<close>
    
@@ -203,7 +253,7 @@ text\<open> An \<^isadof> document consists of three components:
   for document-classes and all auxiliary datatypes.  
 \<^item> the \<^emph>\<open>core\<close> of the document itself which is an Isabelle theory
   importing the ontology definition. \<^isadof> provides an own family of text-element
-  commands such as \inlineisar+title*+, \inlineisar+section*+,  \inlineisar+text*+, etc., 
+  commands such as \<^theory_text>\<open>title*\<close>, \<^theory_text>\<open>section*\<close>, \<^theory_text>\<open>text*\<close>, etc., 
   which can be annotated with meta-information defined in the underlying  ontology definition.
 \<^item> the \<^emph>\<open>layout definition\<close> for the given ontology exploiting this meta-information.
 \<close>
@@ -212,7 +262,7 @@ three parts. Note that the document core \<^emph>\<open>may\<close>, but \<^emph
 use Isabelle definitions or proofs for checking the formal content---the 
 present paper is actually an example of a document not containing any proof.
 
- The document generation process of \<^isadof> is currently restricted to \LaTeX, which means
+ The document generation process of \<^isadof> is currently restricted to \<^LaTeX>, which means
 that the layout is defined by a set of \<^LaTeX> style files. Several layout 
 definitions for one ontology are possible and pave the way that different \<^emph>\<open>views\<close> for
 the same central document were generated, addressing the needs of different purposes `
@@ -226,65 +276,47 @@ style-files (\<^verbatim>\<open>.sty\<close>-files). In the document core author
 their source, but this limits the possibility of using different representation technologies, 
 \<^eg>, HTML, and increases the risk of arcane error-messages in generated \<^LaTeX>. 
 
- The \<^isadof> ontology specification language consists basically on a notation for
-document classes, where the attributes were typed with HOL-types and can be instantiated 
-by terms HOL-terms, \<^ie>, the actual parsers and type-checkers of the Isabelle system were reused.
-This has the particular advantage that \<^isadof> commands can be arbitrarily mixed with 
-Isabelle/HOL commands providing the machinery for type declarations and term specifications such
-as enumerations. In particular, document class definitions provide:
+The \<^isadof> ontology specification language consists basically on a notation for document classes, 
+where the attributes were typed with HOL-types and can be instantiated by terms HOL-terms, \<^ie>, 
+the actual parsers and type-checkers of the Isabelle system were reused. This has the particular 
+advantage that \<^isadof> commands can be arbitrarily mixed with Isabelle/HOL commands providing the 
+machinery for type declarations and term specifications such as enumerations. In particular, 
+document class definitions provide:
 \<^item>  a HOL-type for each document class as well as inheritance, 
 \<^item>  support for attributes with HOL-types and optional default values,
 \<^item>  support for overriding of attribute defaults but not overloading, and
 \<^item>  text-elements annotated with document classes; they are mutable 
-   instances of document classes.
-\<close>
+   instances of document classes.\<close>
+
 text\<open>
-Attributes referring to other ontological concepts are called \<^emph>\<open>links\<close>.
-The HOL-types inside the document specification language support built-in types for Isabelle/HOL 
-\inlineisar+typ+'s,  \inlineisar+term+'s, and \inlineisar+thm+'s reflecting internal Isabelle's 
-internal types  for these entities; when denoted in HOL-terms to instantiate an attribute, for 
-example, there is a  specific syntax (called \<^emph>\<open>inner syntax antiquotations\<close>) that is checked by 
-\<^isadof> for consistency.
+Attributes referring to other ontological concepts are called \<^emph>\<open>links\<close>. The HOL-types inside the 
+document specification language support built-in types for Isabelle/HOL \<^theory_text>\<open>typ\<close>'s, \<^theory_text>\<open>term\<close>'s, and
+\<^theory_text>\<open>thm\<close>'s reflecting internal Isabelle's internal types  for these entities; when denoted in 
+HOL-terms  to instantiate an attribute, for example, there is a  specific syntax 
+(called \<^emph>\<open>inner syntax antiquotations\<close>) that is checked by \<^isadof> for consistency.
 
-Document classes can have a \inlineisar+where+ clause containing a regular 
-expression over class names. Classes with such a \inlineisar+where+ were called \<^emph>\<open>monitor classes\<close>.
-While document classes and their inheritance relation structure meta-data of text-elements
-in an object-oriented manner, monitor classes enforce structural organization
-of documents via the language specified by the regular expression 
-enforcing a sequence of text-elements that must belong to the corresponding classes. 
-
-To start using \<^isadof>, one creates an Isabelle project (with the name 
-\inlinebash{IsaDofApplications}):
-\begin{bash}
-  isabelle dof_mkroot -o scholarly_paper -t lncs IsaDofApplications
-\end{bash}
-where the \inlinebash{-o scholarly_paper} specifies the ontology for writing scientific articles and 
-\inlinebash{-t lncs} specifies the use of Springer's \LaTeX-configuration for the Lecture Notes in 
-Computer Science series. The project can be formally checked, including the generation of the 
-article in PDF using the  following command:
-\begin{bash}
-  isabelle build -d . IsaDofApplications
-\end{bash}
-\<close>
+Document classes can have a \<^theory_text>\<open>where\<close> clause containing a regular expression over class names. 
+Classes with such a \<^theory_text>\<open>where\<close>  were called \<^emph>\<open>monitor classes\<close>. While document classes and their 
+inheritance relation structure meta-data of text-elements in an object-oriented manner, monitor 
+classes enforce structural organization of documents via the language specified by the regular 
+expression enforcing a sequence of text-elements that belong to the corresponding classes.  \<^vs>\<open>-0.4cm\<close>\<close>
 
 section*[ontomod::text_section]\<open> Modeling Ontologies in \<^isadof> \<close> 
-text\<open> In this section, we will use the \<^isadof> document ontology language
-for three different application scenarios: for scholarly papers, for mathematical 
-exam sheets as well as standardization documents where the concepts of the
-standard are captured in the ontology. For space reasons, we will concentrate in all three
-cases on aspects of the modeling due to space limitations.\<close>
+text\<open> In this section, we will use the \<^isadof> document ontology language for three different 
+application scenarios: for scholarly papers, for mathematical exam sheets as well as standardization 
+documents where the concepts of the standard are captured in the ontology. For space reasons, we 
+will concentrate in all three cases on aspects of the modeling due to space limitations.\<close>
 
 subsection*[scholar_onto::example]\<open> The Scholar Paper Scenario: Eating One's Own Dog Food. \<close>  
 text\<open> The following ontology is a simple ontology modeling scientific papers. In this 
 \<^isadof> application scenario, we deliberately refrain from integrating references to
 (Isabelle) formal content in order  demonstrate that \<^isadof> is not a framework from 
-Isabelle users to Isabelle users only.
-Of course, such references can be added easily and represent a particular strength  
-of \<^isadof>.
+Isabelle users to Isabelle users only. Of course, such references can be added easily and 
+represent a particular strength of \<^isadof>.\<close>
 
-
-\begin{figure}
-\begin{isar}
+text*["paper_onto_core"::float, 
+      main_caption="\<open>The core of the ontology definition for writing scholarly papers.\<close>"]
+\<open>@{boxed_theory_text [display]\<open>
 doc_class title =
    short_title :: "string option"  <=  None
      
@@ -299,64 +331,62 @@ doc_class abstract =
 
 doc_class text_section = 
    main_author :: "author option"  <=  None
-   todo_list   :: "string list"    <=  "[]"
-\end{isar}
-\caption{The core of the ontology definition for writing scholarly papers.}
-\label{fig:paper-onto-core}
-\end{figure}
-The first part of the ontology \inlineisar+scholarly_paper+ (see \autoref{fig:paper-onto-core})
+   todo_list   :: "string list"    <=  "[]" 
+\<close>}\<close>
+
+text\<open> The first part of the ontology \<^theory_text>\<open>scholarly_paper\<close> 
+(see @{float "paper_onto_core"})
 contains the document class definitions
-with the usual text-elements of a scientific paper. The attributes \inlineisar+short_title+, 
-\inlineisar+abbrev+ etc are introduced with their types as well as their default values.
-Our model prescribes an optional \inlineisar+main_author+ and a todo-list attached to an arbitrary 
+with the usual text-elements of a scientific paper. The attributes \<^theory_text>\<open>short_title\<close>, 
+\<^theory_text>\<open>abbrev\<close> etc are introduced with their types as well as their default values.
+Our model prescribes an optional \<^theory_text>\<open>main_author\<close> and a todo-list attached to an arbitrary 
 text section; since instances of this class are mutable (meta)-objects of text-elements, they
 can be modified arbitrarily through subsequent text and of course globally during text evolution.
-Since \inlineisar+author+ is a HOL-type internally generated by \<^isadof> framework and can therefore
-appear in the \inlineisar+main_author+ attribute of the \inlineisar+text_section+ class; 
+Since \<^theory_text>\<open>author\<close> is a HOL-type internally generated by \<^isadof> framework and can therefore
+appear in the \<^theory_text>\<open>main_author\<close> attribute  of the \<^theory_text>\<open>text_section\<close> class; 
 semantic links between concepts can be modeled this way.
 
 The translation of its content to, \<^eg>, Springer's \<^LaTeX> setup for the Lecture Notes in Computer 
-Science Series, as required by many scientific conferences, is mostly straight-forward. \<close>
+Science Series, as required by many scientific conferences, is mostly straight-forward. 
+\<^vs>\<open>-0.8cm\<close>\<close>
 
-figure*[fig1::figure,spawn_columns=False,relative_width="95",src="''figures/Dogfood-Intro''"]
+figure*[fig1::figure,relative_width="95",file_src="''figures/Dogfood-Intro.png''"]
        \<open> Ouroboros I: This paper from inside \<^dots> \<close>  
 
-text\<open> @{figure \<open>fig1\<close>} shows the corresponding view in the Isabelle/PIDE of thqqe present paper.
+(*<*)declare_reference*[paper_onto_sections::float](*>*)
+text\<open>\<^vs>\<open>-0.8cm\<close> @{figure \<open>fig1\<close>} shows the corresponding view in the Isabelle/PIDE of the present paper.
 Note that the text uses \<^isadof>'s own text-commands containing the meta-information provided by
 the underlying ontology.
-We proceed by a definition of \inlineisar+introduction+'s, which we define as the extension of
-\inlineisar+text_section+ which is intended to capture common infrastructure:
-\begin{isar}
+We proceed by a definition of \<^theory_text>\<open>introduction\<close>'s, which we define as the extension of
+\<^theory_text>\<open>text_section\<close> which is intended to capture common infrastructure:
+@{boxed_theory_text [display]\<open>
 doc_class introduction = text_section +
    comment :: string
-\end{isar}
-As a consequence of the definition as extension, the \inlineisar+introduction+ class
-inherits the attributes \inlineisar+main_author+ and \inlineisar+todo_list+ together with 
+\<close>}
+As a consequence of the definition as extension, the \<^theory_text>\<open>introduction\<close> class
+inherits the attributes \<^theory_text>\<open>main_author\<close> and \<^theory_text>\<open>todo_list\<close> together with 
 the corresponding default values.
 
 As a variant of the introduction, we could add here an attribute that contains the formal 
 claims of the article --- either here, or, for example, in the keyword list of the abstract. 
-As type, one could use either the built-in type \inlineisar+term+ (for syntactically correct, 
-but not necessarily proven entity) or \inlineisar+thm+ (for formally proven entities). It suffices 
+As type, one could use either the built-in type \<^theory_text>\<open>term\<close> (for syntactically correct, 
+but not necessarily proven entity) or \<^theory_text>\<open>thm\<close> (for formally proven entities). It suffices 
 to add the line:
-\begin{isar}
+@{boxed_theory_text [display]\<open>
    claims  :: "thm list"
-\end{isar}
-and to extent the \LaTeX-style accordingly to handle the additional field. 
-Note that \inlineisar+term+ and \inlineisar+thm+ are types reflecting the core-types of the
+\<close>}
+and to extent the \<^LaTeX>-style accordingly to handle the additional field. 
+Note that \<^theory_text>\<open>term\<close> and \<^theory_text>\<open>thm\<close> are types reflecting the core-types of the
 Isabelle kernel. In a corresponding conclusion section, one could model analogously an 
 achievement section; by programming a specific compliance check in SML, the implementation 
 of automated forms of validation check for specific categories of papers is envisageable. 
 Since this requires deeper knowledge in Isabelle programming, however, we consider this out 
 of the scope of this paper.
 
-
-We proceed more or less conventionally by the subsequent sections (\autoref{fig:paper-onto-sections})
-\begin{figure}
-\begin{isar}
-doc_class technical = text_section +
-   definition_list :: "string list" <=  "[]"
-
+We proceed more or less conventionally by the subsequent sections (@{float (unchecked)\<open>paper_onto_sections\<close>})\<close>  
+text*["paper_onto_sections"::float, 
+      main_caption = "''Various types of sections of a scholarly papers.''"]\<open>
+@{boxed_theory_text [display]\<open>
 doc_class example   = text_section +
    comment :: string
 
@@ -368,14 +398,13 @@ doc_class related_work = conclusion +
 
 doc_class bibliography =
    style :: "string option"  <=  "''LNCS''"
-\end{isar}
-\caption{Various types of sections of a scholarly papers.}
-\label{fig:paper-onto-sections}
-\end{figure}
- and finish with a monitor class definition that enforces a textual ordering
-in the document core by a regular expression (\autoref{fig:paper-onto-monitor}).
-\begin{figure}
-\begin{isar}
+\<close>}\<close>
+(*<*)declare_reference*[paper_onto_monitor::float](*>*)
+text\<open>... and finish with a monitor class definition that enforces a textual ordering
+in the document core by a regular expression (@{float (unchecked) "paper_onto_monitor"}).\<close>  
+text*["paper_onto_monitor"::float, 
+      main_caption = "''A monitor for the scholarly paper ontology.''"]\<open>
+@{boxed_theory_text [display]\<open>
 doc_class article = 
    trace :: "(title + subtitle + author+ abstract +
               introduction + technical + example +
@@ -383,23 +412,20 @@ doc_class article =
    where "(title       ~~ \<lbrakk>subtitle\<rbrakk>   ~~ \<lbrace>author\<rbrace>$^+$+  ~~  abstract    ~~
              introduction ~~  \<lbrace>technical || example\<rbrace>$^+$  ~~  conclusion ~~  
              bibliography)"
-\end{isar}
-\caption{A monitor for the scholarly paper ontology.}
-\label{fig:paper-onto-monitor}
-\end{figure}
+\<close>}
 \<close>
 text\<open> We might wish to add a component into our ontology that models figures to be included into 
 the document. This boils down to the exercise of modeling structured data in the style of a 
 functional programming language in HOL and to reuse the implicit HOL-type inside a suitable document 
-class \inlineisar+figure+:
-\begin{isar}
+class \<^theory_text>\<open>figure\<close>:
+@{boxed_theory_text [display]\<open>
 datatype placement = h | t | b | ht | hb   
 doc_class figure   = text_section +
    relative_width   :: "int" (* percent of textwidth *)    
    src     :: "string"
    placement :: placement 
    spawn_columns :: bool <= True 
-\end{isar}
+\<close>}
 \<close>
 
 text\<open> Alternatively, by including the HOL-libraries for rationals, it is possible to 
@@ -407,11 +433,11 @@ use fractions or even mathematical reals. This must be counterbalanced by syntac
 and semantic convenience. Choosing the mathematical reals, \<^eg>, would have the drawback that 
 attribute evaluation could be substantially more complicated.\<close>
 
-figure*[fig_figures::figure,spawn_columns=False,relative_width="85",src="''figures/Dogfood-figures''"]
+figure*[fig_figures::figure,relative_width="85",file_src="''figures/Dogfood-figures.png''"]
        \<open> Ouroboros II: figures \<^dots> \<close>
 
-text\<open> The document class \inlineisar+figure+ --- supported by the \<^isadof> text command 
-\inlineisar+figure*+ --- makes it possible to express the pictures and diagrams in this paper 
+text\<open> The document class \<^theory_text>\<open>figure\<close> --- supported by the \<^isadof> text command 
+\<^theory_text>\<open>figure*\<close> --- makes it possible to express the pictures and diagrams in this paper 
 such as @{figure \<open>fig_figures\<close>}.
 \<close>
          
@@ -434,10 +460,10 @@ We assume that the content has four different types of addressees, which have a
 text\<open> The latter quality assurance mechanism is used in many universities,
 where for organizational reasons the execution of an exam takes place in facilities
 where the author of the exam is not expected to be physically present.
-Furthermore, we assume a simple grade system (thus, some calculation is required). 
-
-\begin{figure}
-\begin{isar}
+Furthermore, we assume a simple grade system (thus, some calculation is required). \<close>  
+text*["onto_exam"::float, 
+      main_caption = "''The core of the ontology modeling math exams.''"]\<open>
+@{boxed_theory_text [display]\<open>
 doc_class Author = ...
 datatype Subject =  algebra | geometry | statistical
 datatype Grade =  A1 | A2 | A3
@@ -459,18 +485,18 @@ doc_class Exam_item =
   concerns :: "ContentClass set"  
 
 type_synonym SubQuestion = string
-\end{isar}
-\caption{The core of the ontology modeling math exams.}
-\label{fig:onto-exam}
-\end{figure}
-The heart of this ontology (see \autoref{fig:onto-exam}) is an alternation of questions and answers, 
+\<close>}\<close>
+
+(*<*)declare_reference*[onto_questions::float](*>*)
+text\<open>The heart of this ontology (see @{float "onto_exam"}) is an alternation of questions and answers, 
 where the answers can consist of simple yes-no answers (QCM style check-boxes) or lists of formulas. 
 Since we do not
-assume familiarity of the students with Isabelle (\inlineisar+term+ would assume that this is a 
+assume familiarity of the students with Isabelle (\<^theory_text>\<open>term\<close> would assume that this is a 
 parse-able and type-checkable entity), we basically model a derivation as a sequence of strings
-(see \autoref{fig:onto-questions}).
-\begin{figure}
-\begin{isar}
+(see @{float (unchecked)"onto_questions"}).\<close>  
+text*["onto_questions"::float, 
+      main_caption = "''An exam can contain different types of questions.''"]\<open>
+@{boxed_theory_text [display]\<open>
 doc_class Answer_Formal_Step =  Exam_item +
   justification :: string
   "term"        :: "string" 
@@ -494,19 +520,18 @@ doc_class Exercise = Exam_item +
   content  :: "(Task) list"
   concerns :: "ContentClass set" <= "UNIV" 
   mark     :: int
-\end{isar}
-\caption{An exam can contain different types of questions.}
-\label{fig:onto-questions}
-\end{figure}
-
+\<close>}\<close>
+(*<*)declare_reference*[onto_exam_monitor::float](*>*)
+text\<open>
 In many institutions, it makes sense to have a rigorous process of validation
 for exam subjects: is the initial question correct? Is a proof in the sense of the
 question possible? We model the possibility that the @{term examiner} validates a 
-question by a sample proof validated by Isabelle (see \autoref{fig:onto-exam-monitor}). 
+question by a sample proof validated by Isabelle (see @{float (unchecked) "onto_exam_monitor"}). 
 In our scenario this sample proofs are completely \<^emph>\<open>intern\<close>, \<^ie>, not exposed to the 
-students but just additional material for the internal review process of the exam.
-\begin{figure}
-\begin{isar}
+students but just additional material for the internal review process of the exam.\<close>  
+text*["onto_exam_monitor"::float, 
+      main_caption = "''Validating exams.''"]\<open>
+@{boxed_theory_text [display]\<open>
 doc_class Validation = 
    tests  :: "term list"  <="[]"
    proofs :: "thm list"   <="[]"
@@ -520,14 +545,9 @@ doc_class MathExam=
   content :: "(Header + Author + Exercise) list"
   global_grade :: Grade 
   where "\<lbrace>Author\<rbrace>$^+$  ~~  Header ~~  \<lbrace>Exercise ~~ Solution\<rbrace>$^+$ "
-\end{isar}
-\caption{Validating exams.}
-\label{fig:onto-exam-monitor}
-\end{figure}
-\<close>
-
+\<close>}\<close>
   
-declare_reference*["fig_qcm"::figure]
+(*<*)declare_reference*["fig_qcm"::figure](*>*)
 
 text\<open> Using the \<^LaTeX> package hyperref, it is possible to conceive an interactive 
 exam-sheets with multiple-choice and/or free-response elements 
@@ -535,14 +555,14 @@ exam-sheets with multiple-choice and/or free-response elements
 help of the latter, it is possible that students write in a browser a formal mathematical 
 derivation---as part of an algebra exercise, for example---which is submitted to the examiners 
 electronically. \<close>
-figure*[fig_qcm::figure,spawn_columns=False,
-        relative_width="90",src="''figures/InteractiveMathSheet''"]
-        \<open> A Generated QCM Fragment \<^dots> \<close>  
+figure*[fig_qcm::figure,
+        relative_width="90",file_src="''figures/InteractiveMathSheet.png''"]
+        \<open>A Generated QCM Fragment \<^dots> \<close>  
 
 subsection*[cenelec_onto::example]\<open> The Certification Scenario following CENELEC \<close>
 text\<open> Documents to be provided in formal certifications (such as CENELEC
-50126/50128, the DO-178B/C, or Common Criteria) can much profit from the control of ontological consistency: 
-a lot of an evaluators work consists in tracing down the links from requirements over 
+50126/50128, the DO-178B/C, or Common Criteria) can much profit from the control of ontological 
+consistency: a lot of an evaluators work consists in tracing down the links from requirements over 
 assumptions down to elements of evidence, be it in the models, the code, or the tests. 
 In a certification process, traceability becomes a major concern; and providing
 mechanisms to ensure complete traceability already at the development of the
@@ -554,15 +574,17 @@ of developments targeting certifications. Continuously checking the links betwee
 and the semi-formal parts of such documents is particularly valuable during the (usually
 collaborative) development effort. 
 
-As in many other cases, formal certification documents come with an own terminology and
-pragmatics of what has to be demonstrated and where, and how the trace-ability of requirements through
+As in many other cases, formal certification documents come with an own terminology and pragmatics 
+of what has to be demonstrated and where, and how the trace-ability of requirements through
 design-models over code to system environment assumptions has to be assured.  
 \<close>
+(*<*)declare_reference*["conceptual"::float](*>*)
 text\<open> In the sequel, we present a simplified version of an ontological model used in a 
 case-study~ @{cite "bezzecchi.ea:making:2018"}. We start with an introduction of the concept of requirement 
-(see \autoref{fig:conceptual}). 
-\begin{figure}
-\begin{isar}
+(see @{float (unchecked) "conceptual"}). \<close>  
+text*["conceptual"::float, 
+      main_caption = "''Modeling requirements.''"]\<open>
+@{boxed_theory_text [display]\<open>
 doc_class requirement = long_name :: "string option"
 
 doc_class requirement_analysis = no :: "nat"
@@ -575,11 +597,9 @@ datatype ass_kind = informal | semiformal | formal
   
 doc_class assumption = requirement +
      assumption_kind :: ass_kind <= informal 
-\end{isar}
-\caption{Modeling requirements.}
-\label{fig:conceptual}
-\end{figure}
-Such ontologies can be enriched by larger explanations and examples, which may help
+\<close>}\<close>
+
+text\<open>Such ontologies can be enriched by larger explanations and examples, which may help
 the team of engineers substantially when developing the central document for a certification, 
 like an explication what is precisely the difference between an \<^emph>\<open>hypothesis\<close> and an 
 \<^emph>\<open>assumption\<close> in the context of the evaluation standard. Since the PIDE makes for each 
@@ -601,71 +621,70 @@ is the category \<^emph>\<open>safety related application condition\<close> (or
 for short) which is used for \<^emph>\<open>ec\<close>'s that establish safety properties
 of the evaluation target. Their track-ability throughout the certification
 is therefore particularly critical. This is naturally modeled as follows:
-\begin{isar}  
+@{boxed_theory_text [display]\<open>  
 doc_class ec = assumption  +
      assumption_kind :: ass_kind <= (*default *) formal
                         
 doc_class srac = ec  +
      assumption_kind :: ass_kind <= (*default *) formal
-\end{isar}
+\<close>}
 \<close>
    
 section*[ontopide::technical]\<open> Ontology-based IDE support \<close>  
 text\<open> We present a selection of interaction scenarios  @{example \<open>scholar_onto\<close>}
 and @{example \<open>cenelec_onto\<close>} with Isabelle/PIDE instrumented by \<^isadof>. \<close>
 
+(*<*)
+declare_reference*["text-elements"::float]
+declare_reference*["hyperlinks"::float]
+(*>*)
+
 subsection*[scholar_pide::example]\<open> A Scholarly Paper \<close>  
-text\<open> In \autoref{fig-Dogfood-II-bgnd1} and \autoref{fig-bgnd-text_section} we show how
+text\<open> In @{float (unchecked) "text-elements"}~(a)
+and @{float (unchecked) "text-elements"}~(b)we show how
 hovering over links permits to explore its meta-information. 
 Clicking on a document class identifier permits to hyperlink into the corresponding
-class definition (\autoref{fig:Dogfood-IV-jumpInDocCLass}); hovering over an attribute-definition
-(which is qualified in order to disambiguate; \autoref{fig:Dogfood-V-attribute}).
+class definition (@{float (unchecked) "hyperlinks"}~(a)); hovering over an attribute-definition
+(which is qualified in order to disambiguate; @{float (unchecked) "hyperlinks"}~(b)).
 \<close>
-     
-side_by_side_figure*["text-elements"::side_by_side_figure,anchor="''fig-Dogfood-II-bgnd1''",
-                      caption="''Exploring a Reference of a Text-Element.''",relative_width="48",
-                      src="''figures/Dogfood-II-bgnd1''",anchor2="''fig-bgnd-text_section''",
-                      caption2="''Exploring the class of a text element.''",relative_width2="47",
-                      src2="''figures/Dogfood-III-bgnd-text_section''"]\<open> Exploring text elements. \<close>
 
-side_by_side_figure*["hyperlinks"::side_by_side_figure,anchor="''fig:Dogfood-IV-jumpInDocCLass''",
-                      caption="''Hyperlink to Class-Definition.''",relative_width="48",
-                      src="''figures/Dogfood-IV-jumpInDocCLass''",anchor2="''fig:Dogfood-V-attribute''",
-                      caption2="''Exploring an attribute.''",relative_width2="47",
-                      src2="''figures/Dogfood-III-bgnd-text_section''"]\<open> Hyperlinks.\<close>
+text*["text-elements"::float, 
+      main_caption="\<open>Exploring text elements.\<close>"]
+\<open>
+@{fig_content (width=53, height=5, caption="Exploring a reference of a text element.") "figures/Dogfood-II-bgnd1.png"
+}\<^hfill>@{fig_content (width=47, height=5, caption="Exploring the class of a text element.") "figures/Dogfood-III-bgnd-text_section.png"} 
+\<close>
 
+text*["hyperlinks"::float, 
+      main_caption="\<open>Hyperlinks.\<close>"]
+\<open>
+@{fig_content (width=48, caption="Hyperlink to Class-Definition.") "figures/Dogfood-IV-jumpInDocCLass.png"
+}\<^hfill>@{fig_content (width=47, caption="Exploring an attribute.") "figures/Dogfood-V-attribute.png"} 
+\<close>
 
-declare_reference*["figDogfoodVIlinkappl"::figure]
-text\<open> An ontological reference application in \autoref{figDogfoodVIlinkappl}: the ontology-dependant 
-antiquotation \inlineisar|@ {example ...}| refers to the corresponding text-elements. Hovering allows 
-for inspection, clicking for jumping to the definition.  If the link does not exist or has a 
-non-compatible type, the text is not validated.  \<close>
-
-figure*[figDogfoodVIlinkappl::figure,relative_width="80",src="''figures/Dogfood-V-attribute''"]
-       \<open> Exploring an attribute (hyperlinked to the class). \<close> 
 subsection*[cenelec_pide::example]\<open> CENELEC  \<close>
-declare_reference*[figfig3::figure]  
-text\<open> The corresponding view in @{docitem (unchecked) \<open>figfig3\<close>} shows core part of a document,  
+(*<*)declare_reference*[figfig3::figure](*>*)  
+text\<open> The corresponding view in @{figure (unchecked) \<open>figfig3\<close>} shows core part of a document,  
 coherent to the @{example \<open>cenelec_onto\<close>}. The first sample shows standard Isabelle antiquotations 
 @{cite "wenzel:isabelle-isar:2017"} into formal entities of a theory. This way, the informal parts 
 of a document get ``formal content'' and become more robust under change.\<close>
 
-figure*[figfig3::figure,relative_width="80",src="''figures/antiquotations-PIDE''"]
+figure*[figfig3::figure,relative_width="80",file_src="''figures/antiquotations-PIDE.png''"]
 \<open> Standard antiquotations referring to theory elements.\<close>
 
-declare_reference*[figfig5::figure]  
+(*<*)declare_reference*[figfig5::figure]  (*>*)
 text\<open> The subsequent sample in @{figure (unchecked) \<open>figfig5\<close>} shows the definition of an 
 \<^emph>\<open>safety-related application condition\<close>, a side-condition of a theorem which 
 has the consequence that a certain calculation must be executed sufficiently fast on an embedded 
 device. This condition can not be established inside the formal theory but has to be 
 checked by system integration tests.\<close>
   
-figure*[figfig5::figure, relative_width="80", src="''figures/srac-definition''"]
+figure*[figfig5::figure, relative_width="80", file_src="''figures/srac-definition.png''"]
         \<open> Defining a SRAC reference \<^dots> \<close>
-figure*[figfig7::figure, relative_width="80", src="''figures/srac-as-es-application''"]
+figure*[figfig7::figure, relative_width="80", file_src="''figures/srac-as-es-application.png''"]
         \<open> Using a SRAC as EC document reference. \<close>
        
-text\<open> Now we reference in @{figure (unchecked) \<open>figfig7\<close>} this safety-related condition; 
+text\<open> Now we reference in @{figure \<open>figfig7\<close>} this safety-related condition; 
 however, this happens in a context where general \<^emph>\<open>exported constraints\<close> are listed. 
 \<^isadof>'s checks establish that this is legal in the given ontology. 
 
@@ -677,7 +696,7 @@ informal parts. \<close>
 section*[onto_future::technical]\<open> Monitor Classes \<close>  
 text\<open> Besides sub-typing, there is another relation between
 document classes: a class can be a \<^emph>\<open>monitor\<close> to other ones,
-which is expressed by the occurrence of a \inlineisar+where+ clause
+which is expressed by the occurrence of a @{theory_text \<open>where\<close>} clause
 in the document class definition containing a regular
 expression (see @{example \<open>scholar_onto\<close>}).
 While class-extension refers to data-inheritance of attributes,
@@ -686,8 +705,8 @@ in which instances of monitored classes may occur. \<close>
 
 text\<open>
 The control of monitors is done by the commands:
-\<^item> \inlineisar+open_monitor* +  <doc-class>
-\<^item> \inlineisar+close_monitor* + <doc-class> 
+\<^item> \<^theory_text>\<open>open_monitor*\<close> \<^emph>\<open><doc-class>\<close>  
+\<^item> \<^theory_text>\<open>close_monitor*\<close> \<^emph>\<open><doc-class>\<close> 
 \<close>
 text\<open>
 where the automaton of the monitor class is expected to be in a final state. In the final state, 
@@ -735,8 +754,7 @@ work in this area we are aware of is rOntorium~@{cite "rontorium"}, a plugin
 for \<^Protege> that integrates R~@{cite "adler:r:2010"} into an
 ontology environment. Here, the main motivation behind this
 integration is to allow for statistically analyze ontological
-documents. Thus, this is complementary to our work.
-\<close>
+documents. Thus, this is complementary to our work.\<close>
 
 text\<open> \<^isadof> in its present form has a number of technical short-comings as well 
   as potentials not yet explored. On the long list of the short-comings is the 

Isabelle_DOF-Example-I/ROOT

@@ -1,15 +1,14 @@
-session "2018-cicm-isabelle_dof-applications" = "Isabelle_DOF" + 
-  options  [document = pdf, document_output = "output", document_build = dof,
-   dof_ontologies = "Isabelle_DOF.scholarly_paper", dof_template = Isabelle_DOF.lncs, 
-   quick_and_dirty = true]
+chapter AFP
+
+session "Isabelle_DOF-Example-I" (AFP) = "Isabelle_DOF" + 
+  options [document = pdf, document_output = "output", document_build = dof, timeout = 300]
   theories
     IsaDofApplications
   document_files
     "root.bib"
     "authorarchive.sty"
     "preamble.tex"
-    "lstisadof.sty"
-    "vector_iD_icon.pdf"
+    "lstisadof-manual.sty"
     "figures/isabelle-architecture.pdf"
     "figures/Dogfood-Intro.png"
     "figures/InteractiveMathSheet.png"

Isabelle_DOF-Example-I/document/authorarchive.sty

@@ -1,4 +1,4 @@
-%% Copyright (C) 2008-2019 Achim D. Brucker, https://www.brucker.ch
+%% Copyright (C) 2008-2023 Achim D. Brucker, https://www.brucker.ch
 %%
 %% License:
 %%   This program can be redistributed and/or modified under the terms
@@ -11,21 +11,22 @@
 %%   SPDX-License-Identifier: LPPL-1.3c+ OR BSD-2-Clause
 \NeedsTeXFormat{LaTeX2e}\relax
 \ProvidesPackage{authorarchive}
-  [0000/00/00 Unreleased v1.1.1+%
+  [2023/02/10 v1.3.0
   Self-archiving information for scientific publications.]
 %
 \PassOptionsToPackage{hyphens}{url}
 %
 \RequirePackage{ifthen}
 \RequirePackage[inline]{enumitem}
-\RequirePackage{graphicx}
+\RequirePackage{orcidlink}
 \RequirePackage{eso-pic}
 \RequirePackage{intopdf}
 \RequirePackage{kvoptions}
 \RequirePackage{hyperref}
 \RequirePackage{calc}
 \RequirePackage{qrcode}
-\RequirePackage{hvlogos}
+\RequirePackage{etoolbox}
+\newrobustcmd\BibTeX{Bib\TeX}
 %
 %Better url breaking
 \g@addto@macro{\UrlBreaks}{\UrlOrds}
@@ -80,31 +81,51 @@
 }
 \ProcessKeyvalOptions*
 
-% Provide command for dynamic configuration seutp
-\def\authorsetup{\kvsetkeys{AA}}
+\newcommand{\AA@defIncludeFiles}{
+  \def\AA@bibBibTeX{\AA@bibtexdir/\AA@key.bib}
+  \def\AA@bibBibTeXLong{\AA@bibtexdir/\AA@key.bibtex}
+  \def\AA@bibWord{\AA@bibtexdir/\AA@key.word.xml}
+  \def\AA@bibEndnote{\AA@bibtexdir/\AA@key.enw}
+  \def\AA@bibRIS{\AA@bibtexdir/\AA@key.ris}
+}
+\AA@defIncludeFiles
+
+\newboolean{AA@bibExists}
+\setboolean{AA@bibExists}{false}
+\newcommand{\AA@defIncludeSwitches}{
+  \IfFileExists{\AA@bibBibTeX}{\setboolean{AA@bibExists}{true}}{}
+  \IfFileExists{\AA@bibBibTeXLong}{\setboolean{AA@bibExists}{true}}{}
+  \IfFileExists{\AA@bibWord}{\setboolean{AA@bibExists}{true}}{}
+  \IfFileExists{\AA@bibEndnote}{\setboolean{AA@bibExists}{true}}{}
+  \IfFileExists{\AA@bibRIS}{\setboolean{AA@bibExists}{true}}{}
+}
+\AA@defIncludeSwitches
+
+
+% Provide command for dynamic configuration setup
+% \def\authorsetup{\kvsetkeys{AA}}
+\newcommand{\authorsetup}[1]{%
+  \kvsetkeys{AA}{#1}
+  \AA@defIncludeFiles
+  \AA@defIncludeSwitches
+}
 
 % Load local configuration
 \InputIfFileExists{authorarchive.config}{}{}
 
+%  define proxy command for setting PDF attributes
+\ExplSyntaxOn
+\@ifundefined{pdfmanagement_add:nnn}{%
+    \newcommand{\AA@pdfpagesattribute}[2]{\pdfpagesattr{/#1 #2}}%
+ }{%
+    \newcommand{\AA@pdfpagesattribute}[2]{\pdfmanagement_add:nnn{Pages}{#1}{#2}}%
+ }%
+\ExplSyntaxOff
 
 \newlength\AA@x
 \newlength\AA@y
 \newlength\AA@width
 
-\def\AA@bibBibTeX{\AA@bibtexdir/\AA@key.bib}
-\def\AA@bibBibTeXLong{\AA@bibtexdir/\AA@key.bibtex}
-\def\AA@bibWord{\AA@bibtexdir/\AA@key.word.xml}
-\def\AA@bibEndnote{\AA@bibtexdir/\AA@key.enw}
-\def\AA@bibRIS{\AA@bibtexdir/\AA@key.ris}
-
-\newboolean{AA@bibExists}
-\setboolean{AA@bibExists}{false}
-\IfFileExists{\AA@bibBibTeX}{\setboolean{AA@bibExists}{true}}{}
-\IfFileExists{\AA@bibBibTeXLong}{\setboolean{AA@bibExists}{true}}{}
-\IfFileExists{\AA@bibWord}{\setboolean{AA@bibExists}{true}}{}
-\IfFileExists{\AA@bibEndnote}{\setboolean{AA@bibExists}{true}}{}
-\IfFileExists{\AA@bibRIS}{\setboolean{AA@bibExists}{true}}{}
-
 \setlength\AA@x{1in+\hoffset+\oddsidemargin}
 
 \newcommand{\authorcrfont}{\footnotesize}
@@ -148,8 +169,7 @@
 %%%% LNCS
 \ifAA@LNCS%
   \ifAA@orcidicon%
-    \renewcommand{\orcidID}[1]{\href{https://orcid.org/#1}{%
-      \textsuperscript{\,\includegraphics[height=2\fontcharht\font`A]{vector_iD_icon}}}}
+    \renewcommand{\orcidID}[1]{\orcidlink{#1}}
   \else\relax\fi%
 %  
   \ifthenelse{\equal{\AA@publisher}{UNKNOWN PUBLISHER}}{%
@@ -157,23 +177,11 @@
   }{}
   \renewcommand{\authorcrfont}{\scriptsize}
   \@ifclasswith{llncs}{a4paper}{%
-    \ExplSyntaxOn
-    \@ifundefined{pdfmanagement_add:nnn}{%
-      \pdfpagesattr{/CropBox [92 114 523 780]}%
-    }{%
-      \pdfmanagement_add:nnn {Pages}{CropBox}{[92~114~523~780]}
-    }%
-    \ExplSyntaxOff
+    \AA@pdfpagesattribute{CropBox}{[92 114 523 780]}%
     \renewcommand{\authorat}[1]{\put(\LenToUnit{\AA@x},40){#1}}%
   }{%
-    \ExplSyntaxOn
-    \@ifundefined{pdfmanagement_add:nnn}{%
-      \pdfpagesattr{/CropBox [92 65 523 731]}% LNCS page: 152x235 mm
-    }{%
-      \pdfmanagement_add:nnn {Pages}{CropBox}{[92~62~523~731]}
-    }%
-    \ExplSyntaxOff
-    \renewcommand{\authorat}[1]{\put(\LenToUnit{\AA@x},23){#1}}
+    \AA@pdfpagesattribute{CropBox}{[92 65 523 731]}%
+    \renewcommand{\authorat}[1]{\put(\LenToUnit{\AA@x},23){#1}}%
   }
   \setlength{\AA@width}{\textwidth}
   \setcounter{tocdepth}{2}
@@ -186,7 +194,7 @@
   }{}
   \renewcommand{\authorat}[1]{\put(\LenToUnit{\AA@x},35){#1}}
   \renewcommand{\authorcrfont}{\scriptsize}
-  \pdfpagesattr{/CropBox [70 65 526.378 748.15]} % TODO
+  \AA@pdfpagesattribute{CropBox}{[70 65 526.378 748.15]}
   \setlength{\AA@width}{\textwidth}
   \setcounter{tocdepth}{2}
 \fi
@@ -218,8 +226,6 @@
   draft         = false,
   bookmarksopen = true,
   bookmarksnumbered= true,
-  pdfauthor     = {\@author},
-  pdftitle      = {\@title},
 }
 
 \@ifpackageloaded{totpages}{%
@@ -305,26 +311,26 @@
           \hfill
           \begin{itemize*}[label={}, itemjoin={,}]
             \IfFileExists{\AA@bibBibTeX}{%
-              \item \attachandlink{\AA@bibBibTeX}[application/x-bibtex]{BibTeX entry of this paper}{\BibTeX}%
+              \item \expanded{\attachandlink[\AA@key.bib]{\AA@bibBibTeX}[application/x-bibtex]{BibTeX entry of this paper}{\BibTeX}}%
             }{%
               \IfFileExists{\AA@bibBibTeXLong}{%
-                \item \attachandlink[\AA@key.bib]{\AA@bibBibTeXLong}[application/x-bibtex]{BibTeX entry of this paper}{\BibTeX}%
+                \item \expanded{\attachandlink[\AA@key.bib]{\AA@bibBibTeXLong}[application/x-bibtex]{BibTeX entry of this paper}{\BibTeX}}%
               }{%
                 \typeout{No file \AA@bibBibTeX{} (and no \AA@bibBibTeXLong) found. Not embedded reference in BibTeX format.}%
               }%
             }%
             \IfFileExists{\AA@bibWord}{%
-              \item \attachandlink{\AA@bibWord}[application/xml]{XML entry of this paper (e.g., for Word 2007 and later)}{Word}%
+              \item \expanded{\attachandlink[\AA@key.word.xml]{\AA@bibWord}[application/xml]{XML entry of this paper (e.g., for Word 2007 and later)}{Word}}%
             }{%
               \typeout{No file \AA@bibWord{} found. Not embedded reference for Word 2007 and later.}%
             }%
             \IfFileExists{\AA@bibEndnote}{%
-              \item \attachandlink{\AA@bibEndnote}[application/x-endnote-refer]{Endnote entry of this paper}{EndNote}%
+              \item \expanded{\attachandlink[\AA@key.enw]{\AA@bibEndnote}[application/x-endnote-refer]{Endnote entry of this paper}{EndNote}}%
             }{%
               \typeout{No file \AA@bibEndnote{} found. Not embedded reference in Endnote format.}%
             }%
             \IfFileExists{\AA@bibRIS}{%
-              \item \attachandlink{\AA@bibRIS}[application/x-research-info-systems]{RIS entry of this paper}{RIS}%
+              \item \expanded{\attachandlink[\AA@key.ris]{\AA@bibRIS}[application/x-research-info-systems]{RIS entry of this paper}{RIS}}%
             }{%
               \typeout{No file \AA@bibRIS{} found. Not embedded reference in RIS format.}%
             }%

Isabelle_DOF-Example-I/document/lstisadof-manual.sty

@@ -90,9 +90,7 @@
      ,enhanced jigsaw
      ,borderline west={2pt}{0pt}{isar!60!black}
      ,sharp corners
-     ,before skip balanced=0.5\baselineskip plus 2pt
-     % ,before skip=10pt
-     % ,after skip=10pt
+     %,before skip balanced=0.5\baselineskip plus 2pt % works only with Tex Live 2020 and later
      ,enlarge top by=0mm
      ,enhanced
      ,overlay={\node[draw,fill=isar!60!black,xshift=0pt,anchor=north
@@ -136,11 +134,12 @@
 \lstloadlanguages{ML}
 \providecolor{sml}{named}{red}
 \lstdefinestyle{sml}{
-   basicstyle=\ttfamily,%
-   commentstyle=\itshape,%
-   keywordstyle=\bfseries\color{CornflowerBlue},%
-   ndkeywordstyle=\color{green},%
-   language=ML
+   ,escapechar=ë%
+   ,basicstyle=\ttfamily%
+   ,commentstyle=\itshape%
+   ,keywordstyle=\bfseries\color{CornflowerBlue}%
+   ,ndkeywordstyle=\color{green}%
+   ,language=ML
 %  ,literate={%
 %     {<@>}{@}1%
 %    }
@@ -150,7 +149,7 @@
    ,tagstyle=\color{CornflowerBlue}%
    ,markfirstintag=true%
 }%
-\def\inlinesml{\lstinline[style=sml,breaklines=true,mathescape,breakatwhitespace=true]}
+\def\inlinesml{\lstinline[style=sml,breaklines=true,breakatwhitespace=true]}
 \newtcblisting{sml}[1][]{%
       listing only%
      ,boxrule=0pt
@@ -170,7 +169,6 @@
           style=sml
           ,columns=flexible%
           ,basicstyle=\small\ttfamily
-          ,mathescape
           ,#1
       }
   }%
@@ -296,3 +294,34 @@
   }%
 %% </bash>
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+%% <config>
+\providecolor{config}{named}{gray}
+\newtcblisting{config}[2][]{%
+      listing only%
+     ,boxrule=0pt
+     ,boxsep=0pt
+     ,colback=white!90!config
+     ,enhanced jigsaw
+     ,borderline west={2pt}{0pt}{config!60!black}
+     ,sharp corners
+     % ,before skip=10pt
+     % ,after skip=10pt
+     ,enlarge top by=0mm
+     ,enhanced
+     ,overlay={\node[draw,fill=config!60!black,xshift=0pt,anchor=north
+       east,font=\bfseries\footnotesize\color{white}]
+                at (frame.north east) {#2};}
+        ,listing options={
+           breakatwhitespace=true
+          ,columns=flexible%
+          ,basicstyle=\small\ttfamily
+          ,mathescape
+          ,#1
+      }
+  }%
+%% </config>
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+
+

Isabelle_DOF-Example-I/document/preamble.tex

@@ -20,39 +20,9 @@
 \usepackage{xcolor}
 \usepackage{paralist}
 \usepackage{listings}
-\usepackage{lstisadof}
-\usepackage{xspace}
-
-\lstloadlanguages{bash}
-\lstdefinestyle{bash}{language=bash,
-  ,basicstyle=\ttfamily%
-  ,showspaces=false%
-  ,showlines=false%
-  ,columns=flexible%
- %  ,keywordstyle=\bfseries%
-   % Defining 2-keywords
-   ,keywordstyle=[1]{\color{BrickRed!60}\bfseries}%
-   % Defining 3-keywords
-   ,keywordstyle=[2]{\color{OliveGreen!60}\bfseries}%
-   % Defining 4-keywords
-   ,keywordstyle=[3]{\color{black!60}\bfseries}%
-   % Defining 5-keywords
-   ,keywordstyle=[4]{\color{Blue!70}\bfseries}%
-   % Defining 6-keywords
-   ,keywordstyle=[5]{\itshape}%
-  % 
-}
-\lstdefinestyle{displaybash}{style=bash,
-                basicstyle=\ttfamily\footnotesize,
-                backgroundcolor=\color{black!2}, frame=lines}%
-
-\lstnewenvironment{bash}[1][]{\lstset{style=displaybash, #1}}{}
-\def\inlinebash{\lstinline[style=bash, breaklines=true,columns=fullflexible]}
-
-\usepackage[caption]{subfig}
-\usepackage[size=footnotesize]{caption}
-
+\usepackage{lstisadof-manual}
 
+\providecommand{\isactrlemph}[1]{\emph{#1}}
 \usepackage[LNCS,
    orcidicon,
    key=brucker.ea-isabelle-ontologies-2018,

Isabelle_DOF-Example-II/ROOT

@@ -0,0 +1,9 @@
+chapter AFP 
+
+session "Isabelle_DOF-Example-II" (AFP) = "Isabelle_DOF" +
+  options [document = pdf, document_output = "output", document_build = dof, timeout = 300]
+  theories
+    "paper"
+  document_files
+    "root.bib"
+    "preamble.tex"

Isabelle_DOF-Example-II/document/preamble.tex

@@ -1,6 +1,8 @@
 %% This is a placeholder for user-specific configuration and packages.
 
 \usepackage{stmaryrd}
+\usepackage{pifont}% http://ctan.org/pkg/pifont
+
 
 \title{<TITLE>}
 \author{<AUTHOR>}

Isabelle_DOF-Example-II/document/root.bib

@@ -6870,7 +6870,7 @@ isbn="978-3-540-48509-4"
   title		= {{Isabelle's} Logic: {HOL}},
   author	= {Tobias Nipkow and Lawrence C. Paulson and Markus Wenzel},
   year		= 2009,
-  misc		= {\url{http://isabelle.in.tum.de/library/HOL/}}
+  misc		= {\url{https://isabelle.in.tum.de/library/HOL/}}
 }
 
 @InProceedings{	  garson.ea:security:2008,
@@ -11000,7 +11000,7 @@ isbn="978-1-4471-3182-3"
   journal = {Archive of Formal Proofs},
   month   = apr,
   year    = 2019,
-  note    = {\url{http://isa-afp.org/entries/HOL-CSP.html}},
+  note    = {\url{https://isa-afp.org/entries/HOL-CSP.html}},
   ISSN    = {2150-914x},
 }
 

Isabelle_DOF-Example-II/paper.thy

@@ -3,6 +3,8 @@ theory "paper"
   imports "Isabelle_DOF.scholarly_paper"
 begin
 
+use_template "scrartcl"
+use_ontology "scholarly_paper"
 
 open_monitor*[this::article]
 
@@ -10,10 +12,13 @@ declare[[ strict_monitor_checking  = false]]
 declare[[ Definition_default_class = "definition"]]
 declare[[ Lemma_default_class      = "lemma"]]
 declare[[ Theorem_default_class    = "theorem"]]
+declare[[ Corollary_default_class  = "corollary"]]
 
 define_shortcut* csp      \<rightleftharpoons> \<open>CSP\<close>
                  holcsp   \<rightleftharpoons> \<open>HOL-CSP\<close>
                  isabelle \<rightleftharpoons> \<open>Isabelle/HOL\<close>
+                 hfill    \<rightleftharpoons> \<open>\hfill\<close>
+                 br    \<rightleftharpoons> \<open>\break\<close>
 
 (*>*)
 
@@ -25,7 +30,7 @@ author*[lina,email="\<open>lina.ye@lri.fr\<close>",affiliation="\<open>LRI, Inri
                
 abstract*[abs, keywordlist="[\<open>Shallow Embedding\<close>,\<open>Process-Algebra\<close>,
                              \<open>Concurrency\<close>,\<open>Computational Models\<close>]"]
-\<open>  The theory of Communicating Sequential Processes going back to Hoare and Roscoe is still today 
+\<open>  The theory of Communicating Sequential Processes going back to Hoare and Roscoe is still today  
    one of the reference theories for concurrent specification and computing. In 1997, a first 
    formalization in \<^isabelle> of the denotational semantics of the  Failure/Divergence Model of
    \<^csp> was undertaken; in particular, this model can cope with infinite alphabets, in contrast 
@@ -50,32 +55,31 @@ abstract*[abs, keywordlist="[\<open>Shallow Embedding\<close>,\<open>Process-Alg
 \<close>
 text\<open>\<close>
 section*[introheader::introduction,main_author="Some(@{docitem ''bu''}::author)"]\<open> Introduction \<close> 
-text*[introtext::introduction]\<open>
-Communicating Sequential Processes (\<^csp>) is a language 
-to specify and verify patterns of interaction of concurrent systems.
-Together with CCS and LOTOS, it belongs to the family of \<^emph>\<open>process algebras\<close>. 
-\<^csp>'s rich theory comprises denotational, operational and algebraic semantic facets 
-and has influenced programming languages such as Limbo, Crystal, Clojure and
-most notably Golang @{cite "donovan2015go"}. \<^csp> has been applied in 
-industry as a tool for specifying and verifying the concurrent aspects of hardware 
-systems, such as the T9000 transansputer @{cite "Barret95"}. 
+text*[introtext::introduction, level="Some 1"]\<open>
+Communicating Sequential Processes (\<^csp>) is a language to specify and verify patterns of 
+interaction of concurrent systems. Together with CCS and LOTOS, it belongs to the family of 
+\<^emph>\<open>process algebras\<close>. \<^csp>'s rich theory comprises denotational, operational and algebraic semantic 
+facets and has influenced programming languages such as Limbo, Crystal, Clojure and most notably 
+Golang @{cite "donovan2015go"}. \<^csp> has been applied in industry as a tool for specifying and 
+verifying the concurrent aspects of hardware systems, such as the T9000 transansputer 
+@{cite "Barret95"}. 
 
 The theory of \<^csp> was first described in 1978 in a book by Tony Hoare @{cite "Hoare:1985:CSP:3921"}, 
 but has since evolved substantially @{cite "BrookesHR84" and "brookes-roscoe85" and "roscoe:csp:1998"}.
-\<^csp> describes the most common communication and synchronization mechanisms
-with one single language primitive: synchronous communication written \<open>_\<lbrakk>_\<rbrakk>_\<close>. \<^csp> semantics is 
-described by a fully abstract model of behaviour designed to be \<^emph>\<open>compositional\<close>: the denotational
-semantics of a process \<open>P\<close> encompasses all possible behaviours of this process in the context of all 
-possible environments \<open>P \<lbrakk>S\<rbrakk> Env\<close> (where \<open>S\<close> is the set of \<open>atomic events\<close> both \<open>P\<close> and \<open>Env\<close> must
-synchronize). This design objective has the consequence that two kinds of choice have to 
-be distinguished: 
-  \<^enum> the \<^emph>\<open>external choice\<close>, written \<open>_\<box>_\<close>, which forces a process "to follow" whatever
-    the environment offers, and
-  \<^enum> the \<^emph>\<open>internal choice\<close>, written \<open>_\<sqinter>_\<close>, which imposes on the environment of a process 
-    "to follow" the non-deterministic choices made.
+\<^csp> describes the most common communication and synchronization mechanisms with one single language 
+primitive: synchronous communication written \<open>_\<lbrakk>_\<rbrakk>_\<close>. \<^csp> semantics is described by a fully abstract 
+model of behaviour designed to be \<^emph>\<open>compositional\<close>: the denotational semantics of a process \<open>P\<close> 
+encompasses all possible behaviours of this process in the context of all possible environments 
+\<open>P \<lbrakk>S\<rbrakk> Env\<close> (where \<open>S\<close> is the set of \<open>atomic events\<close> both \<open>P\<close> and \<open>Env\<close> must synchronize). This 
+design objective has the consequence that two kinds of choice have to be distinguished: \<^vs>\<open>0.1cm\<close>
 
+  \<^enum> the \<^emph>\<open>external choice\<close>, written \<open>_\<box>_\<close>, which forces a process "to follow" whatever
+    the environment offers, and \<^vs>\<open>-0.4cm\<close>
+  \<^enum> the \<^emph>\<open>internal choice\<close>, written \<open>_\<sqinter>_\<close>, which imposes on the environment of a process 
+    "to follow" the non-deterministic choices made.\<^vs>\<open>0.3cm\<close>
 \<close>
-text\<open>
+
+text\<open> \<^vs>\<open>-0.6cm\<close>
 Generalizations of these two operators \<open>\<box>x\<in>A. P(x)\<close> and \<open>\<Sqinter>x\<in>A. P(x)\<close> allow for modeling the concepts 
 of \<^emph>\<open>input\<close> and \<^emph>\<open>output\<close>: Based on the prefix operator \<open>a\<rightarrow>P\<close> (event \<open>a\<close> happens, then the process 
 proceeds with \<open>P\<close>), receiving input is modeled by \<open>\<box>x\<in>A. x\<rightarrow>P(x)\<close> while sending output is represented 
@@ -121,25 +125,11 @@ attempt to formalize denotational \<^csp> semantics covering a part of Bill Rosc
     \<^url>\<open>https://gitlri.lri.fr/burkhart.wolff/hol-csp2.0\<close>. In this paper, all Isabelle proofs are 
     omitted.\<close>}. 
 \<close>
-(*
-% Moreover, decomposition rules of the form:
-% \begin{center}
-% \begin{minipage}[c]{10cm}
-%    @{cartouche [display] \<open>C \<Longrightarrow> A \<sqsubseteq>\<^sub>F\<^sub>D A' \<Longrightarrow> B \<sqsubseteq>\<^sub>F\<^sub>D B' \<Longrightarrow> A \<lbrakk>S\<rbrakk> B \<sqsubseteq>\<^sub>F\<^sub>D A' \<lbrakk>S\<rbrakk> B'\<close>}
-% \end{minipage}
-% \end{center} 
-% are of particular interest since they allow to avoid the costly automata-product construction 
-% of model-checkers and to separate infinite sub-systems from finite (model-checkable) ones; however,
-% their side-conditions \<open>C\<close> are particularly tricky to work out. Decomposition rules  may pave the 
-% way for future tool combinations for model-checkers such as FDR4~@{cite "fdr4"} or 
-% PAT~@{cite "SunLDP09"} based on proof certifications.*)
 
-section*["pre"::tc,main_author="Some(@{docitem \<open>bu\<close>}::author)"]
+section*["pre"::tc,main_author="Some(@{author \<open>bu\<close>}::author)"]
 \<open>Preliminaries\<close>
 
-text\<open>\<close>
-
-subsection*[cspsemantics::tc, main_author="Some(@{docitem ''bu''})"]\<open>Denotational \<^csp> Semantics\<close>
+subsection*[cspsemantics::tc, main_author="Some(@{author ''bu''})"]\<open>Denotational \<^csp> Semantics\<close>
 
 text\<open> The denotational semantics (following @{cite "roscoe:csp:1998"}) comes in three layers: 
 the \<^emph>\<open>trace model\<close>, the \<^emph>\<open>(stable) failures model\<close> and the \<^emph>\<open>failure/divergence model\<close>.
@@ -152,10 +142,10 @@ processes \<open>Skip\<close> (successful termination) and \<open>Stop\<close> (
 \<open>\<T>(Skip) = \<T>(Stop) = {[]}\<close>.
 Note that the trace sets, representing all \<^emph>\<open>partial\<close> history, is in general prefix closed.\<close>
 
-text*[ex1::math_example, status=semiformal] \<open>
-Let two processes be defined as follows:
+text*[ex1::math_example, status=semiformal, level="Some 1"] \<open>
+Let two processes be defined as follows:\<^vs>\<open>0.2cm\<close>
 
-  \<^enum>  \<open>P\<^sub>d\<^sub>e\<^sub>t = (a \<rightarrow> Stop) \<box> (b \<rightarrow> Stop)\<close>
+  \<^enum> \<open>P\<^sub>d\<^sub>e\<^sub>t = (a \<rightarrow> Stop) \<box> (b \<rightarrow> Stop)\<close>
   \<^enum> \<open>P\<^sub>n\<^sub>d\<^sub>e\<^sub>t = (a \<rightarrow> Stop) \<sqinter> (b \<rightarrow> Stop)\<close> 
 \<close> 
 
@@ -181,7 +171,6 @@ The following process \<open>P\<^sub>i\<^sub>n\<^sub>f\<close> is an infinite pr
 many times. However, using the \<^csp> hiding operator \<open>_\_\<close>, this activity is concealed: 
 
   \<^enum>  \<open>P\<^sub>i\<^sub>n\<^sub>f = (\<mu> X. a \<rightarrow> X) \ {a}\<close>
-
 \<close>
 
 text\<open>where \<open>P\<^sub>i\<^sub>n\<^sub>f\<close> will be equivalent to \<open>\<bottom>\<close> in the process cpo ordering. 
@@ -200,7 +189,7 @@ of @{cite "IsobeRoggenbach2010"} is restricted to a variant of the failures mode
  
 \<close>
 
-subsection*["isabelleHol"::tc, main_author="Some(@{docitem ''bu''})"]\<open>Isabelle/HOL\<close>
+subsection*["isabelleHol"::tc, main_author="Some(@{author ''bu''})"]\<open>Isabelle/HOL\<close>
 text\<open> Nowadays, Isabelle/HOL is one of the major interactive theory development environments
 @{cite "nipkow.ea:isabelle:2002"}. HOL stands for Higher-Order Logic, a logic based on simply-typed
 \<open>\<lambda>\<close>-calculus extended by parametric polymorphism and Haskell-like type-classes.
@@ -212,7 +201,6 @@ in the plethora of work done and has been a key factor for the success of the Ar
 For the work presented here, one relevant construction is :
 
    \<^item> \<^theory_text>\<open>typedef  (\<alpha>\<^sub>1,...,\<alpha>\<^sub>n)t = E\<close>
-
  
 It creates a fresh type that is isomorphic to a set \<open>E\<close> involving \<open>\<alpha>\<^sub>1,...,\<alpha>\<^sub>n\<close> types.
 Isabelle/HOL performs a number of syntactic checks for these constructions that guarantee the logical
@@ -223,25 +211,23 @@ distribution comes with rich libraries comprising Sets, Numbers, Lists, etc. whi
 For this work, a particular library called \<^theory_text>\<open>HOLCF\<close> is intensively used. It provides classical 
 domain theory for a particular type-class \<open>\<alpha>::pcpo\<close>, \<^ie> the class of types  \<open>\<alpha>\<close> for which 
 
-   \<^enum>  a least element \<open>\<bottom>\<close> is defined, and
+   \<^enum> a least element \<open>\<bottom>\<close> is defined, and
    \<^enum> a complete partial order \<open>_\<sqsubseteq>_\<close> is defined.
 
  For these types, \<^theory_text>\<open>HOLCF\<close> provides a fixed-point operator \<open>\<mu>X. f X\<close> as well as the 
 fixed-point induction and other (automated) proof infrastructure. Isabelle's type-inference can 
 automatically infer, for example, that if \<open>\<alpha>::pcpo\<close>, then \<open>(\<beta> \<Rightarrow> \<alpha>)::pcpo\<close>. \<close>
   
-section*["csphol"::tc,main_author="Some(@{docitem ''bu''}::author)", level="Some 2"]
+section*["csphol"::tc,main_author="Some(@{author ''bu''}::author)", level="Some 2"]
 \<open>Formalising Denotational \<^csp> Semantics in HOL \<close>
 
-text\<open>\<close>
-
-subsection*["processinv"::tc, main_author="Some(@{docitem ''bu''})"]
+subsection*["processinv"::tc, main_author="Some(@{author ''bu''})"]
 \<open>Process Invariant and Process Type\<close>
 text\<open> First, we need a slight revision of the concept
 of \<^emph>\<open>trace\<close>: if \<open>\<Sigma>\<close> is the type of the atomic events (represented by a type variable), then
-we need to extend this type by a special event \<open>\<surd>\<close> (called "tick") signaling termination.
-Thus, traces have the type \<open>(\<Sigma>+\<surd>)\<^sup>*\<close>, written \<open>\<Sigma>\<^sup>\<surd>\<^sup>*\<close>; since \<open>\<surd>\<close> may only occur at the end of a trace, 
-we need to define a predicate \<open>front\<^sub>-tickFree t\<close> that requires from traces that \<open>\<surd>\<close> can only occur 
+we need to extend this type by a special event \<open>\<checkmark>\<close> (called "tick") signaling termination.
+Thus, traces have the type \<open>(\<Sigma>\<uplus>\<checkmark>)\<^sup>*\<close>, written \<open>\<Sigma>\<^sup>\<checkmark>\<^sup>*\<close>; since \<open>\<checkmark>\<close> may only occur at the end of a trace, 
+we need to define a predicate \<open>front\<^sub>-tickFree t\<close> that requires from traces that \<open>\<checkmark>\<close> can only occur 
 at the end.
 
 Second, in the traditional literature, the semantic domain is implicitly described by 9 "axioms" 
@@ -256,38 +242,37 @@ Informally, these are:
    \<^item> the tick accepted after a trace \<open>s\<close> implies that all other events are refused; 
    \<^item> a divergence trace with any suffix is itself a divergence one
    \<^item> once a process has diverged, it can engage in or refuse any sequence of events.
-   \<^item> a trace ending with \<open>\<surd>\<close> belonging to divergence set implies that its 
-     maximum prefix without \<open>\<surd>\<close> is also a divergent trace.
+   \<^item> a trace ending with \<open>\<checkmark>\<close> belonging to divergence set implies that its 
+     maximum prefix without \<open>\<checkmark>\<close> is also a divergent trace.
 
 More formally, a process \<open>P\<close> of the type \<open>\<Sigma> process\<close> should have the following properties:
 
-
-@{cartouche [display] \<open>([],{}) \<in> \<F> P \<and>
+@{cartouche [display, indent=10] \<open>([],{}) \<in> \<F> P \<and>
 (\<forall> s X.  (s,X) \<in> \<F> P \<longrightarrow> front_tickFree s) \<and>
 (\<forall> s t . (s@t,{}) \<in> \<F> P \<longrightarrow> (s,{}) \<in> \<F> P) \<and>
 (\<forall> s X Y. (s,Y) \<in> \<F> P \<and> X\<subseteq>Y \<longrightarrow> (s,X) \<in> \<F> P) \<and> 
 (\<forall> s X Y. (s,X) \<in> \<F> P \<and> (\<forall>c \<in> Y. ((s@[c],{}) \<notin> \<F> P)) \<longrightarrow> (s,X \<union> Y) \<in> \<F> P) \<and>
-(\<forall> s X.  (s@[\<surd>],{}) \<in> \<F> P \<longrightarrow> (s,X-{\<surd>}) \<in> \<F> P) \<and>
+(\<forall> s X.  (s@[\<checkmark>],{}) \<in> \<F> P \<longrightarrow> (s,X-{\<checkmark>}) \<in> \<F> P) \<and>
 (\<forall> s t. s \<in> \<D> P \<and> tickFree s \<and> front_tickFree t \<longrightarrow> s@t \<in> \<D> P)  \<and>
 (\<forall> s X. s \<in> \<D> P \<longrightarrow> (s,X) \<in> \<F> P) \<and>
-(\<forall> s. s@[\<surd>] \<in> \<D> P \<longrightarrow> s \<in> \<D> P)\<close>}
+(\<forall> s. s@[\<checkmark>] \<in> \<D> P \<longrightarrow> s \<in> \<D> P)\<close>}
 
 Our objective is to encapsulate this wishlist into a type constructed as a conservative
 theory extension in our theory \<^holcsp>.
-Therefore third, we define a pre-type for processes \<open>\<Sigma> process\<^sub>0\<close> by \<open> \<P>(\<Sigma>\<^sup>\<surd>\<^sup>* \<times> \<P>(\<Sigma>\<^sup>\<surd>)) \<times> \<P>(\<Sigma>\<^sup>\<surd>)\<close>.
+Therefore third, we define a pre-type for processes \<open>\<Sigma> process\<^sub>0\<close> by \<open> \<P>(\<Sigma>\<^sup>\<checkmark>\<^sup>* \<times> \<P>(\<Sigma>\<^sup>\<checkmark>)) \<times> \<P>(\<Sigma>\<^sup>\<checkmark>)\<close>.
 Forth, we turn our wishlist of "axioms" above into the definition of a predicate \<open>is_process P\<close> 
 of type \<open>\<Sigma> process\<^sub>0 \<Rightarrow> bool\<close> deciding if its conditions are fulfilled. Since \<open>P\<close> is a pre-process,
 we replace \<open>\<F>\<close> by \<open>fst\<close> and  \<open>\<D>\<close> by \<open>snd\<close> (the HOL projections into a pair).
 And last not least fifth, we use the following type definition:
-  \<^item> \<^theory_text>\<open>typedef '\<alpha> process = "{P :: '\<alpha> process\<^sub>0 . is_process P}"\<close>
 
+  \<^item> \<^theory_text>\<open>typedef '\<alpha> process = "{P :: '\<alpha> process\<^sub>0 . is_process P}"\<close>
 
 Isabelle requires a proof for the existence of a witness for this set,
 but this can be constructed in a straight-forward manner. Suitable definitions for 
 \<open>\<T>\<close>, \<open>\<F>\<close> and \<open>\<D>\<close> lifting \<open>fst\<close> and \<open>snd\<close> on the new \<open>'\<alpha> process\<close>-type allows to derive
 the above properties for any \<open>P::'\<alpha> process\<close>. \<close>
 
-subsection*["operator"::tc, main_author="Some(@{docitem ''lina''})"]
+subsection*["operator"::tc, main_author="Some(@{author ''lina''})"]
 \<open>\<^csp> Operators over the Process Type\<close>
 text\<open> Now, the operators of \<^csp> \<open>Skip\<close>, \<open>Stop\<close>, \<open>_\<sqinter>_\<close>,  \<open>_\<box>_\<close>, \<open>_\<rightarrow>_\<close>,\<open>_\<lbrakk>_\<rbrakk>_\<close> etc. 
 for internal choice, external choice, prefix and parallel composition, can 
@@ -301,17 +286,18 @@ For example, we define \<open>_\<sqinter>_\<close> on the pre-process type as fo
 
   \<^item> \<^theory_text>\<open>definition "P \<sqinter> Q \<equiv> Abs_process(\<F> P \<union> \<F> Q , \<D> P \<union> \<D> Q)"\<close>
 
-where \<open>\<F> = fst \<circ> Rep_process\<close> and \<open>\<D> = snd \<circ> Rep_process\<close> and where \<open>Rep_process\<close> and
-\<open>Abs_process\<close> are the representation and abstraction morphisms resulting from the
-type definition linking \<open>'\<alpha> process\<close> isomorphically to \<open>'\<alpha> process\<^sub>0\<close>. Proving the above properties
-for  \<open>\<F> (P \<sqinter> Q)\<close> and \<open>\<D> (P \<sqinter> Q)\<close> requires a proof that \<open>(\<F> P \<union> \<F> Q , \<D> P \<union> \<D> Q)\<close>
-satisfies the 9 "axioms", which is fairly simple in this case.
+where \<open>Rep_process\<close> and \<open>Abs_process\<close> are the representation and abstraction morphisms resulting 
+from the type definition linking the type \<open>'\<alpha> process\<close> isomorphically to the set \<open>'\<alpha> process\<^sub>0\<close>. 
+The projection into \<^emph>\<open>failures\<close> is defined by \<open>\<F> = fst \<circ> Rep_process\<close>, whereas the 
+\<^emph>\<open>divergences\<close> are defined bz \<open>\<D> = snd \<circ> Rep_process\<close>. Proving the above properties for  
+\<open>\<F> (P \<sqinter> Q)\<close> and \<open>\<D> (P \<sqinter> Q)\<close> requires a proof that \<open>(\<F> P \<union> \<F> Q , \<D> P \<union> \<D> Q)\<close>
+satisfies the well-formedness conditions of \<open>is_process\<close>, which is fairly simple in this case.
 
 The definitional presentation of the \<^csp> process operators according to @{cite "roscoe:csp:1998"} 
 follows always this scheme. This part of the theory comprises around 2000 loc. 
 \<close>
 
-subsection*["orderings"::tc, main_author="Some(@{docitem ''bu''})"]
+subsection*["orderings"::tc, main_author="Some(@{author ''bu''})"]
 \<open>Refinement Orderings\<close>
 
 text\<open> \<^csp> is centered around the idea of process refinement; many critical properties, 
@@ -320,15 +306,16 @@ a conversion of processes in terms of (finite) labelled transition systems leads
 model-checking techniques based on graph-exploration. Essentially,  a process \<open>P\<close> \<^emph>\<open>refines\<close> 
 another process \<open>Q\<close> if and only if it is more deterministic and more defined (has less divergences).
 Consequently, each of the three semantics models (trace, failure and failure/divergence) 
-has its corresponding refinement orderings. 
+has its corresponding refinement orderings.\<close>
+Theorem*[th1::"theorem", short_name="\<open>Refinement properties\<close>"]\<open>
 What we are interested in this paper is the following refinement orderings for the 
 failure/divergence model.
 
    \<^enum> \<open>P \<sqsubseteq>\<^sub>\<F>\<^sub>\<D> Q \<equiv> \<F> P \<supseteq> \<F> Q \<and> \<D> P \<supseteq> \<D> Q\<close> 
    \<^enum> \<open>P \<sqsubseteq>\<^sub>\<T>\<^sub>\<D> Q \<equiv> \<T> P \<supseteq> \<T> Q \<and> \<D> P \<supseteq> \<D> Q\<close>
-   \<^enum> \<open>P \<sqsubseteq>\<^sub>\<FF> Q \<equiv>  \<FF> P \<supseteq> \<FF> Q, \<FF>\<in>{\<T>,\<F>,\<D>}\<close> 
+   \<^enum> \<open>P \<sqsubseteq>\<^sub>\<FF> Q \<equiv>  \<FF> P \<supseteq> \<FF> Q, \<FF>\<in>{\<T>,\<F>,\<D>}\<close>  \<close>
 
- Notice that in the \<^csp> literature, only \<open>\<sqsubseteq>\<^sub>\<F>\<^sub>\<D>\<close> is well studied for failure/divergence model. 
+text\<open> Notice that in the \<^csp> literature, only \<open>\<sqsubseteq>\<^sub>\<F>\<^sub>\<D>\<close> is well studied for failure/divergence model. 
 Our formal analysis of different granularities on the refinement orderings   
 allows deeper understanding of the same semantics model. For example, \<open>\<sqsubseteq>\<^sub>\<T>\<^sub>\<D>\<close> turns
 out to have in some cases better monotonicity properties and therefore allow for stronger proof
@@ -340,7 +327,7 @@ states, from which no internal progress is possible.
 \<close>
 
 
-subsection*["fixpoint"::tc, main_author="Some(@{docitem ''lina''})"]
+subsection*["fixpoint"::tc, main_author="Some(@{author ''lina''})"]
 \<open>Process Ordering and HOLCF\<close>
 text\<open> For any denotational semantics, the fixed point theory giving semantics to systems
 of recursive equations is considered as keystone. Its prerequisite is a complete partial ordering
@@ -352,17 +339,16 @@ Roscoe and Brooks @{cite "Roscoe1992AnAO"} finally proposed another ordering, ca
 that completeness could at least be assured for read-operations. This more complex ordering 
 is based on the concept \<^emph>\<open>refusals after\<close> a trace \<open>s\<close> and defined by \<open>\<R> P s \<equiv> {X | (s, X) \<in> \<F> P}\<close>.\<close>
 
-Definition*[process_ordering, short_name="''process ordering''"]\<open>
+Definition*[process_ordering, level= "Some 2", short_name="''process ordering''"]\<open>
 We define \<open>P \<sqsubseteq> Q \<equiv> \<psi>\<^sub>\<D> \<and> \<psi>\<^sub>\<R> \<and> \<psi>\<^sub>\<M> \<close>,  where 
-\<^enum>  \<open>\<psi>\<^sub>\<D> = \<D> P \<supseteq> \<D> Q \<close>
+\<^enum> \<open>\<psi>\<^sub>\<D> = \<D> P \<supseteq> \<D> Q \<close>
 \<^enum> \<open>\<psi>\<^sub>\<R> = s \<notin> \<D> P \<Rightarrow> \<R> P s = \<R> Q s\<close>  
-\<^enum> \<open>\<psi>\<^sub>\<M> = Mins(\<D> P) \<subseteq> \<T> Q \<close> 
-\<close>
+\<^enum> \<open>\<psi>\<^sub>\<M> = Mins(\<D> P) \<subseteq> \<T> Q \<close> \<close>
 
 text\<open>The third condition \<open>\<psi>\<^sub>\<M>\<close> implies that the set of minimal divergent traces 
 (ones with no proper prefix that is also a divergence) in  \<open>P\<close>,  denoted by \<open>Mins(\<D> P)\<close>, 
 should be a subset of the trace set of \<open>Q\<close>. 
-%One may note that each element in \<open>Mins(\<D> P)\<close> do actually not contain the \<open>\<surd>\<close>, 
+%One may note that each element in \<open>Mins(\<D> P)\<close> do actually not contain the \<open>\<checkmark>\<close>, 
 %which can be deduced from the process invariants described 
 %in the precedent @{technical "processinv"}. This can be explained by the fact that we are not 
 %really concerned with what a process does after it terminates. 
@@ -393,44 +379,45 @@ For most \<^csp> operators \<open>\<otimes>\<close> we derived rules of the form
 
 These rules allow to automatically infer for any process term if it is continuous or not.  
 The port of HOL-CSP 2 on HOLCF implied that the derivation of the entire continuity rules 
-had to be completely re-done (3000 loc).
-
- 
-HOL-CSP provides an important proof principle, the fixed-point induction:
+had to be completely re-done (3000 loc).\<close>
 
+Theorem*[th2,short_name="\<open>Fixpoint Induction\<close>"]
+\<open>HOL-CSP provides an important proof principle, the fixed-point induction:
 @{cartouche [display, indent=5] \<open>cont f \<Longrightarrow> adm P \<Longrightarrow> P \<bottom> \<Longrightarrow> (\<And>X. P X \<Longrightarrow> P(f X)) \<Longrightarrow> P(\<mu>X. f X)\<close>}
+\<close>
 
-Fixed-point induction requires a small side-calculus for establishing the admissibility
+text\<open>Fixed-point induction of @{theorem th2} requires a small side-calculus for establishing the admissibility
 of a predicate; basically, predicates are admissible if they are valid for any least upper bound 
 of a chain \<open>x\<^sub>1 \<sqsubseteq> x\<^sub>2 \<sqsubseteq> x\<^sub>3 ... \<close> provided that \<open>\<forall>i. P(x\<^sub>i)\<close>. It turns out that \<open>_\<sqsubseteq>_\<close> and \<open>_\<sqsubseteq>\<^sub>F\<^sub>D_\<close> as
 well as all other refinement orderings that we introduce in this paper are  admissible.
-Fixed-point inductions are the main proof weapon in verifications, 
-together with monotonicities and the \<^csp> laws. Denotational arguments can be hidden as they are not 
-needed in practical verifications. \<close>
+Fixed-point inductions are the main proof weapon in verifications, together with monotonicities 
+and the \<^csp> laws. Denotational arguments can be hidden as they are not needed in practical 
+verifications. \<close>
 
-subsection*["law"::tc, main_author="Some(@{docitem ''lina''})"]
+subsection*["law"::tc, main_author="Some(@{author ''lina''})"]
 \<open>\<^csp> Rules: Improved Proofs and New Results\<close>
 
 
-text\<open> The \<^csp> operators enjoy a number of algebraic properties: commutativity, 
+text\<open>The \<^csp> operators enjoy a number of algebraic properties: commutativity, 
 associativities, and idempotence in some cases. Moreover, there is a rich body of distribution
 laws between these operators. Our new version HOL-CSP 2 not only shortens and restructures the 
-proofs of @{cite "tej.ea:corrected:1997"}; the code reduces  
-to 8000 loc from 25000 loc. Some illustrative examples of new established rules are:
+proofs of @{cite "tej.ea:corrected:1997"}; the code reduces to 8000 loc from 25000 loc. \<close>
 
+Theorem*[th3, short_name="\<open>Examples of Derived Rules.\<close>"]\<open> 
   \<^item> \<open>\<box>x\<in>A\<union>B\<rightarrow>P(x) = (\<box>x\<in>A\<rightarrow>P x) \<box> (\<box>x\<in>B\<rightarrow>P x)\<close>
   \<^item> \<open>A\<union>B\<subseteq>C \<Longrightarrow> (\<box>x\<in>A\<rightarrow>P x \<lbrakk>C\<rbrakk> \<box>x\<in>B\<rightarrow>Q x) = \<box>x\<in>A\<inter>B\<rightarrow>(P x \<lbrakk>C\<rbrakk> Q x)\<close>
   \<^item> @{cartouche [display]\<open>A\<subseteq>C \<Longrightarrow> B\<inter>C={} \<Longrightarrow> 
                (\<box>x\<in>A\<rightarrow>P x \<lbrakk>C\<rbrakk> \<box>x\<in>B\<rightarrow>Q x) = \<box>x\<in>B\<rightarrow>(\<box>x\<in>A\<rightarrow>P x \<lbrakk>C\<rbrakk> Q x)\<close>}
-  \<^item> \<open>finite A \<Longrightarrow> A\<inter>C = {} \<Longrightarrow> ((P \<lbrakk>C\<rbrakk> Q) \ A) = ((P \ A) \<lbrakk>C\<rbrakk> (Q \ A)) ...\<close>
+  \<^item> \<open>finite A \<Longrightarrow> A\<inter>C = {} \<Longrightarrow> ((P \<lbrakk>C\<rbrakk> Q) \ A) = ((P \ A) \<lbrakk>C\<rbrakk> (Q \ A)) ...\<close>\<close>
 
- The continuity proof of the hiding operator is notorious. The proof is known
-to involve the classical König's lemma stating that every infinite tree with finite branching 
-has an infinite path. We adapt this lemma to our context as follows:
 
- @{cartouche [display, indent=5] 
+text\<open>The continuity proof of the hiding operator is notorious. The proof is known to involve the 
+classical König's lemma stating that every infinite tree with finite branching has an infinite path. 
+We adapt this lemma to our context as follows:
+
+@{cartouche [display, indent=5] 
  \<open>infinite tr \<Longrightarrow> \<forall>i. finite{t. \<exists>t'\<in>tr. t = take i t'} 
-             \<Longrightarrow> \<exists> f. strict_mono f \<and> range f \<subseteq> {t. \<exists>t'\<in>tr. t \<le> t'}\<close>}
+              \<Longrightarrow> \<exists> f. strict_mono f \<and> range f \<subseteq> {t. \<exists>t'\<in>tr. t \<le> t'}\<close>}
 
 in order to come up with the continuity rule: \<open>finite S \<Longrightarrow> cont P \<Longrightarrow> cont(\<lambda>X. P X \ S)\<close>.
 The original proof had been drastically shortened by a factor 10 and important immediate steps
@@ -449,12 +436,12 @@ cases to be considered as well as their complexity makes pen and paper proofs
 practically infeasible.
 \<close>
 
-section*["newResults"::tc,main_author="Some(@{docitem ''safouan''}::author)",
-                                 main_author="Some(@{docitem ''lina''}::author)", level= "Some 3"]
+section*["newResults"::tc,main_author="Some(@{author ''safouan''}::author)",
+                                 main_author="Some(@{author ''lina''}::author)", level= "Some 3"]
 \<open>Theoretical Results on Refinement\<close>
 text\<open>\<close>
-subsection*["adm"::tc,main_author="Some(@{docitem ''safouan''}::author)", 
-                                  main_author="Some(@{docitem ''lina''}::author)"]
+subsection*["adm"::tc,main_author="Some(@{author ''safouan''}::author)", 
+                                  main_author="Some(@{author ''lina''}::author)"]
 \<open>Decomposition Rules\<close>
 text\<open>
 In our framework, we implemented the pcpo process refinement together with the five refinement 
@@ -474,47 +461,23 @@ under all refinement orderings, while others are not.
 \<^item> Sequence operator is not monotonic under \<open>\<sqsubseteq>\<^sub>\<F>\<close>, \<open>\<sqsubseteq>\<^sub>\<D>\<close> or \<open>\<sqsubseteq>\<^sub>\<T>\<close>:
   @{cartouche [display,indent=5] 
     \<open>P \<sqsubseteq>\<^sub>\<FF> P'\<Longrightarrow> Q \<sqsubseteq>\<^sub>\<FF> Q' \<Longrightarrow> (P ; Q) \<sqsubseteq>\<^sub>\<FF> (P' ; Q') where \<FF>\<in>{\<T>\<D>,\<F>\<D>}\<close>}
-%All refinements are right-side monotonic but \<open>\<sqsubseteq>\<^sub>\<F>\<close>, \<open>\<sqsubseteq>\<^sub>\<D>\<close> and \<open>\<sqsubseteq>\<^sub>\<T>\<close> are not left-side monotonic,
-%which can be explained by 
-%the interdependence relationship of failure and divergence projections for the first component. 
-%We thus proved:
+
+All refinements are right-side monotonic but \<open>\<sqsubseteq>\<^sub>\<F>\<close>, \<open>\<sqsubseteq>\<^sub>\<D>\<close> and \<open>\<sqsubseteq>\<^sub>\<T>\<close> are not left-side monotonic,
+which can be explained by the interdependence relationship of failure and divergence projections 
+for the first component. We thus proved:
 \<^item> Hiding operator is not monotonic under \<open>\<sqsubseteq>\<^sub>\<D>\<close>:
   @{cartouche [display,indent=5] \<open>P \<sqsubseteq>\<^sub>\<FF> Q \<Longrightarrow> P \ A  \<sqsubseteq>\<^sub>\<FF> Q \ A where \<FF>\<in>{\<T>,\<F>,\<T>\<D>,\<F>\<D>}\<close>}
-%Intuitively, for the divergence refinement of the hiding operator, there may be
-%some trace \<open>s\<in>\<T> Q\<close> and \<open>s\<notin>\<T> P\<close> such that it becomes divergent in \<open>Q \ A\<close>  but 
-%not in \<open>P \ A\<close>.
-%when the condition in the corresponding projection laws is satisfied, which makes it is not monotonic.
+Intuitively, for the divergence refinement of the hiding operator, there may be
+some trace \<open>s\<in>\<T> Q\<close> and \<open>s\<notin>\<T> P\<close> such that it becomes divergent in \<open>Q \ A\<close>  but 
+not in \<open>P \ A\<close>. 
 \<^item> Parallel composition is not monotonic under \<open>\<sqsubseteq>\<^sub>\<F>\<close>, \<open>\<sqsubseteq>\<^sub>\<D>\<close> or \<open>\<sqsubseteq>\<^sub>\<T>\<close>:
   @{cartouche [display,indent=5] \<open>P \<sqsubseteq>\<^sub>\<FF> P' \<Longrightarrow> Q \<sqsubseteq>\<^sub>\<FF> Q' \<Longrightarrow> (P \<lbrakk>A\<rbrakk> Q) \<sqsubseteq>\<^sub>\<FF> (P' \<lbrakk>A\<rbrakk> Q') where \<FF>\<in>{\<T>\<D>,\<F>\<D>}\<close>}
-%The failure and divergence projections of this operator are also interdependent, similar to the 
-%sequence operator. 
-%Hence, this operator is not monotonic with \<open>\<sqsubseteq>\<^sub>\<F>\<close>, \<open>\<sqsubseteq>\<^sub>\<D>\<close> and \<open>\<sqsubseteq>\<^sub>\<T>\<close>, but monotonic when their 
-%combinations are considered. 
+The failure and divergence projections of this operator are also interdependent, similar to the 
+sequence operator. Hence, this operator is not monotonic with \<open>\<sqsubseteq>\<^sub>\<F>\<close>, \<open>\<sqsubseteq>\<^sub>\<D>\<close> and \<open>\<sqsubseteq>\<^sub>\<T>\<close>, but monotonic 
+when their combinations are considered. \<close>
 
-\<close>
-
-(* Besides the monotonicity results on the above \<^csp> operators, 
-we have also proved that for other \<^csp> operators, such as multi-prefix and non-deterministic choice, 
-they are all monotonic with these five refinement orderings. Such theoretical results provide significant indicators 
-for semantics choices when considering specification decomposition. 
-We want to emphasize that this is the first work on such substantial 
-analysis in a formal way, as far as we know. 
-
-%In the literature, these processes are defined in a way that does not distinguish the special event \<open>tick\<close>. To be consistent with the idea that ticks should be distinguished on the semantic level, besides the above
-three processes,
-
-one can directly prove 3 since for both \<open>CHAOS\<close> and \<open>DF\<close>,
-the version with \<open>SKIP\<close> is constructed exactly in the same way from that without \<open>SKIP\<close>. 
-And 4 is obtained based on the projection laws of internal choice \<open>\<sqinter>\<close>.
-Finally, for 5, the difference between \<open>DF\<close> and \<open>RUN\<close> is that the former applies internal choice 
-while the latter with external choice. From the projection laws of both operators, 
-the failure set of \<open>RUN\<close> has more constraints, thus being a subset of that of \<open>DF\<close>, 
-when the divergence set is empty, which is true for both processes. 
-
-*)
-
-subsection*["processes"::tc,main_author="Some(@{docitem ''safouan''}::author)", 
-                            main_author="Some(@{docitem ''lina''}::author)"]
+subsection*["processes"::tc,main_author="Some(@{author ''safouan''}::author)", 
+                            main_author="Some(@{author ''lina''}::author)"]
 \<open>Reference Processes and their Properties\<close>
 text\<open>
 We now present reference processes that exhibit basic behaviors, introduced in  
@@ -528,10 +491,10 @@ To handle termination better, we added two new processes \<open>CHAOS\<^sub>S\<^
 \<close>
 
 (*<*) (* a test ...*)
-text*[X22 ::math_content   ]\<open>\<open>RUN A \<equiv> \<mu> X. \<box> x \<in> A \<rightarrow> X\<close>                           \<close>
-text*[X32::"definition", mcc=defn]\<open>\<open>CHAOS A \<equiv> \<mu> X. (STOP \<sqinter> (\<box> x \<in> A \<rightarrow> X))\<close>        \<close>
-Definition*[X42]\<open>\<open>CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P A \<equiv> \<mu> X. (SKIP \<sqinter> STOP \<sqinter> (\<box> x \<in> A \<rightarrow> X))\<close>  \<close>
-Definition*[X52::"definition"]\<open>\<open>CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P A \<equiv> \<mu> X. (SKIP \<sqinter> STOP \<sqinter> (\<box> x \<in> A \<rightarrow> X))\<close> \<close>
+text*[X22 ::math_content, level="Some 2"  ]\<open>\<open>RUN A \<equiv> \<mu> X. \<box> x \<in> A \<rightarrow> X\<close>                           \<close>
+text*[X32::"definition", level="Some 2", mcc=defn]\<open>\<open>CHAOS A \<equiv> \<mu> X. (STOP \<sqinter> (\<box> x \<in> A \<rightarrow> X))\<close>        \<close>
+Definition*[X42, level="Some 2"]\<open>\<open>CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P A \<equiv> \<mu> X. (SKIP \<sqinter> STOP \<sqinter> (\<box> x \<in> A \<rightarrow> X))\<close>  \<close>
+Definition*[X52::"definition", level="Some 2"]\<open>\<open>CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P A \<equiv> \<mu> X. (SKIP \<sqinter> STOP \<sqinter> (\<box> x \<in> A \<rightarrow> X))\<close> \<close>
 
 text\<open> The \<open>RUN\<close>-process defined @{math_content X22} represents the process that accepts all 
 events, but never stops nor deadlocks. The \<open>CHAOS\<close>-process comes in two variants shown in 
@@ -539,51 +502,48 @@ events, but never stops nor deadlocks. The \<open>CHAOS\<close>-process comes in
 stops or accepts any offered event, whereas \<open>CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P\<close> can additionally terminate.\<close>
 (*>*)
 
-Definition*[X2]\<open>\<open>RUN A \<equiv> \<mu> X. \<box> x \<in> A \<rightarrow> X\<close>                    \<close>
-Definition*[X3]\<open>\<open>CHAOS A \<equiv> \<mu> X. (STOP \<sqinter> (\<box> x \<in> A \<rightarrow> X))\<close>         \<close>
-Definition*[X4]\<open>\<open>CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P A \<equiv> \<mu> X. (SKIP \<sqinter> STOP \<sqinter> (\<box> x \<in> A \<rightarrow> X))\<close>\<close>
-Definition*[X5]\<open>\<open>DF A \<equiv> \<mu> X. (\<sqinter> x \<in> A \<rightarrow> X)\<close>                       \<close>
-Definition*[X6]\<open>\<open>DF\<^sub>S\<^sub>K\<^sub>I\<^sub>P A \<equiv> \<mu> X. ((\<sqinter> x \<in> A \<rightarrow> X) \<sqinter> SKIP)\<close>          \<close> 
+Definition*[X2, level="Some 2"]\<open>\<open>RUN A \<equiv> \<mu> X. \<box> x \<in> A \<rightarrow> X\<close>                    \<close>
+Definition*[X3, level="Some 2"]\<open>\<open>CHAOS A \<equiv> \<mu> X. (STOP \<sqinter> (\<box> x \<in> A \<rightarrow> X))\<close>         \<close>
+Definition*[X4, level="Some 2"]\<open>\<open>CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P A \<equiv> \<mu> X. (SKIP \<sqinter> STOP \<sqinter> (\<box> x \<in> A \<rightarrow> X))\<close>\<close>
+Definition*[X5, level="Some 2"]\<open>\<open>DF A \<equiv> \<mu> X. (\<sqinter> x \<in> A \<rightarrow> X)\<close>                       \<close>
+Definition*[X6, level="Some 2"]\<open>\<open>DF\<^sub>S\<^sub>K\<^sub>I\<^sub>P A \<equiv> \<mu> X. ((\<sqinter> x \<in> A \<rightarrow> X) \<sqinter> SKIP)\<close>          \<close> 
 
 text\<open>In the following, we denote \<open> \<R>\<P> = {DF\<^sub>S\<^sub>K\<^sub>I\<^sub>P, DF, RUN, CHAOS, CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P}\<close>. 
 All five  reference processes are divergence-free.
-%which was done by using a particular lemma \<open>\<D> (\<mu> x. f x) = \<Inter>\<^sub>i\<^sub>\<in>\<^sub>\<nat> \<D> (f\<^sup>i \<bottom>)\<close>.  
+which was proven by using a particular lemma \<open>\<D> (\<mu> x. f x) = \<Inter>\<^sub>i\<^sub>\<in>\<^sub>\<nat> \<D> (f\<^sup>i \<bottom>)\<close>.  
 @{cartouche 
   [display,indent=8] \<open> D (\<PP> UNIV) = {} where \<PP> \<in> \<R>\<P> and UNIV is the set of all events\<close>
 }
 Regarding the failure refinement ordering, the set of failures \<open>\<F> P\<close> for any process \<open>P\<close> is
-a subset of  \<open>\<F> (CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P UNIV)\<close>.% and the following lemma was proved: 
-% This proof is performed by induction, based on the failure projection of \<open>STOP\<close> and that of 
-% internal choice.
-
+a subset of  \<open>\<F> (CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P UNIV)\<close>.
 
    @{cartouche [display, indent=25] \<open>CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P UNIV \<sqsubseteq>\<^sub>\<F> P\<close>}
 
-
-\<^noindent> Furthermore, the following 5 relationships were demonstrated from monotonicity results and 
-a denotational proof.  
-%among which 1 and 2 are immediate corollaries, 
-%4 and 5 are directly obtained from our monotonicity results while 3 requires a denotational proof.
-and thanks to transitivity, we can derive other relationships.
+Furthermore, the following 5 relationships were demonstrated from monotonicity results and
+a denotational proof.
+\<close>
 
 
+Corollary*[co1::"corollary", short_name="\<open>Corollaries on reference processes.\<close>",level="Some 2"]
+\<open> \<^hfill> \<^br>  \<^vs>\<open>-0.3cm\<close>
   \<^enum> \<open>CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P A \<sqsubseteq>\<^sub>\<F> CHAOS A\<close>
   \<^enum> \<open>CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P A \<sqsubseteq>\<^sub>\<F> DF\<^sub>S\<^sub>K\<^sub>I\<^sub>P A\<close>  
   \<^enum> \<open>CHAOS A \<sqsubseteq>\<^sub>\<F> DF A\<close>
   \<^enum> \<open>DF\<^sub>S\<^sub>K\<^sub>I\<^sub>P A \<sqsubseteq>\<^sub>\<F> DF A\<close>  
-  \<^enum> \<open>DF A \<sqsubseteq>\<^sub>\<F> RUN A\<close>  
+  \<^enum> \<open>DF A \<sqsubseteq>\<^sub>\<F> RUN A\<close> \<^vs>\<open>0.3cm\<close>
 
+where 1 and 2 are immediate, and where 4 and 5 are directly obtained from our monotonicity 
+results while 3 requires an argument over the denotational space.
+Thanks to transitivity, we can derive other relationships.\<close>          
 
-Last, regarding trace refinement, for any process P, 
+text\<open> Lastly, regarding trace refinement, for any process P, 
 its set of traces \<open>\<T> P\<close> is a subset of  \<open>\<T> (CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P UNIV)\<close> and of  \<open>\<T> (DF\<^sub>S\<^sub>K\<^sub>I\<^sub>P UNIV)\<close> as well.
 %As we already proved that \<open>CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P\<close> covers all failures, 
 %we can immediately infer that it also covers all traces. 
 %The \<open>DF\<^sub>S\<^sub>K\<^sub>I\<^sub>P\<close> case requires a longer denotational proof.
 
-
   \<^enum> \<open>CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P UNIV \<sqsubseteq>\<^sub>\<T> P\<close>
   \<^enum> \<open>DF\<^sub>S\<^sub>K\<^sub>I\<^sub>P UNIV \<sqsubseteq>\<^sub>\<T> P\<close>
-
 \<close>
 
 text\<open> 
@@ -596,39 +556,34 @@ verification. For example, if one wants to establish that a protocol implementat
 a non-deterministic specification \<open>SPEC\<close> it suffices to ask if \<open>IMPL || SPEC\<close> is deadlock-free.
 In this setting, \<open>SPEC\<close> becomes a kind of observer that signals non-conformance of \<open>IMPL\<close> by 
 deadlock.
-% A livelocked system looks similar to a deadlocked one from an external point of view. 
-% However, livelock is sometimes considered as worse since the user may be able to observe the internal 
-% activities and so hope that some output will happen eventually. 
 
 In the literature, deadlock and lifelock are phenomena that are often 
 handled separately. One contribution of our work is establish their precise relationship inside
 the Failure/Divergence Semantics of \<^csp>.\<close>
 
-(* bizarre: Definition* does not work for this single case *)
-text*[X10::"definition"]\<open> \<open>deadlock\<^sub>-free P \<equiv>  DF\<^sub>S\<^sub>K\<^sub>I\<^sub>P UNIV \<sqsubseteq>\<^sub>\<F> P\<close>  \<close>
+Definition*[X10::"definition", level="Some 2"]\<open> \<open>deadlock\<^sub>-free P \<equiv>  DF\<^sub>S\<^sub>K\<^sub>I\<^sub>P UNIV \<sqsubseteq>\<^sub>\<F> P\<close>  \<close>
 
-text\<open>\<^noindent> A process \<open>P\<close> is deadlock-free if and only if after any trace \<open>s\<close> without \<open>\<surd>\<close>, the union of \<open>\<surd>\<close> 
+text\<open>\<^noindent> A process \<open>P\<close> is deadlock-free if and only if after any trace \<open>s\<close> without \<open>\<checkmark>\<close>, the union of \<open>\<checkmark>\<close> 
 and all events of \<open>P\<close> can never be a refusal set associated to \<open>s\<close>, which means that \<open>P\<close> cannot 
 be deadlocked after any non-terminating trace.   
 \<close>
 
-Theorem*[T1, short_name="\<open>DF definition captures deadlock-freeness\<close>"]
-\<open> \hfill \break \<open>deadlock_free P \<longleftrightarrow> (\<forall>s\<in>\<T> P. tickFree s \<longrightarrow> (s, {\<surd>}\<union>events_of P) \<notin> \<F> P)\<close> \<close>   
-Definition*[X11]\<open>  \<open>livelock\<^sub>-free P \<equiv> \<D> P = {} \<close>   \<close>
+Theorem*[T1, short_name="\<open>DF definition captures deadlock-freeness\<close>", level="Some 2"]
+\<open> \<^hfill> \<^br> \<open>deadlock_free P \<longleftrightarrow> (\<forall>s\<in>\<T> P. tickFree s \<longrightarrow> (s, {\<checkmark>}\<union>events_of P) \<notin> \<F> P)\<close> \<close>   
+Definition*[X11, level="Some 2"]\<open>  \<open>livelock\<^sub>-free P \<equiv> \<D> P = {} \<close>   \<close>
 
 text\<open> Recall that all five reference processes are livelock-free. 
 We also have the following lemmas about the 
 livelock-freeness of processes: 
   \<^enum> \<open>livelock\<^sub>-free P \<longleftrightarrow> \<PP> UNIV \<sqsubseteq>\<^sub>\<D> P where \<PP> \<in> \<R>\<P>\<close> 
-  \<^enum> @{cartouche [display]\<open>livelock\<^sub>-free P \<longleftrightarrow> DF\<^sub>S\<^sub>K\<^sub>I\<^sub>P UNIV \<sqsubseteq>\<^sub>\<T>\<^sub>\<D> P 
-                    \<longleftrightarrow> CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P UNIV \<sqsubseteq>\<^sub>\<T>\<^sub>\<D> P\<close>}
+  \<^enum> \<open>livelock\<^sub>-free P \<longleftrightarrow> DF\<^sub>S\<^sub>K\<^sub>I\<^sub>P UNIV \<sqsubseteq>\<^sub>\<T>\<^sub>\<D> P  \<longleftrightarrow> CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P UNIV \<sqsubseteq>\<^sub>\<T>\<^sub>\<D> P\<close>
   \<^enum> \<open>livelock\<^sub>-free P \<longleftrightarrow> CHAOS\<^sub>S\<^sub>K\<^sub>I\<^sub>P UNIV \<sqsubseteq>\<^sub>\<F>\<^sub>\<D> P\<close> 
 \<close>
 text\<open>
 Finally, we proved the following theorem that confirms the relationship between the two vital
 properties:
 \<close>
-Theorem*[T2, short_name="''DF implies LF''"]
+Theorem*[T2, short_name="''DF implies LF''", level="Some 2"]
   \<open>  \<open>deadlock_free P \<longrightarrow> livelock_free P\<close>   \<close>
 
 text\<open>
@@ -642,11 +597,11 @@ then it may still be livelock-free. % This makes sense since livelocks are worse
 
 \<close>
 
-section*["advanced"::tc,main_author="Some(@{docitem ''safouan''}::author)",level="Some 3"]
+section*["advanced"::tc,main_author="Some(@{author ''safouan''}::author)",level="Some 3"]
 \<open>Advanced Verification Techniques\<close>
 
 text\<open>
- Based on the refinement framework discussed in @{docitem "newResults"}, we will now
+ Based on the refinement framework discussed in @{technical "newResults"}, we will now
 turn to some more advanced proof principles, tactics and verification techniques. 
 We will demonstrate them on two paradigmatic examples well-known in the \<^csp> literature: 
 The CopyBuffer and Dijkstra's Dining Philosophers. In both cases, we will exploit 
@@ -657,7 +612,7 @@ verification. In the latter case, we present an approach to a verification of a
 architecture, in this case a ring-structure of arbitrary size.
 \<close>
 
-subsection*["illustration"::tc,main_author="Some(@{docitem ''safouan''}::author)", level="Some 3"]
+subsection*["illustration"::tc,main_author="Some(@{author ''safouan''}::author)", level="Some 3"]
 \<open>The General CopyBuffer Example\<close>
 text\<open>
 We consider the paradigmatic copy buffer example @{cite "Hoare:1985:CSP:3921" and "Roscoe:UCS:2010"} 
@@ -705,7 +660,7 @@ of 2 lines proof-script involving the derived algebraic laws of \<^csp>.
 
 After proving that \<open>SYSTEM\<close> implements \<open>COPY\<close> for arbitrary alphabets, we aim to profit from this 
 first established result to check which relations \<open>SYSTEM\<close> has wrt. to the reference processes of 
-@{docitem "processes"}. Thus, we prove that \<open>COPY\<close> is deadlock-free which implies livelock-free, 
+@{technical "processes"}. Thus, we prove that \<open>COPY\<close> is deadlock-free which implies livelock-free, 
 (proof by fixed-induction  similar to \<open>lemma: COPY \<sqsubseteq> SYSTEM\<close>), from which we can immediately infer 
 from transitivity that \<open>SYSTEM\<close> is. Using refinement relations, we killed four birds with one stone 
 as we proved the deadlock-freeness and  the livelock-freeness for both \<open>COPY\<close> and \<open>SYSTEM\<close> processes. 
@@ -722,7 +677,7 @@ corollary deadlock_free COPY
 \<close>
 
 
-subsection*["inductions"::tc,main_author="Some(@{docitem ''safouan''}::author)"]
+subsection*["inductions"::tc,main_author="Some(@{author ''safouan''}::author)"]
 \<open>New Fixed-Point Inductions\<close>
 
 text\<open>
@@ -739,9 +694,8 @@ For this reason, we derived a number of alternative induction schemes (which are
 in the HOLCF library), which are also relevant for our final Dining Philophers example.
 These are essentially adaptions of k-induction schemes applied to domain-theoretic
 setting (so: requiring \<open>f\<close> continuous and \<open>P\<close> admissible; these preconditions are
-skipped here): 
-  \<^item> @{cartouche [display]\<open>... \<Longrightarrow> \<forall>i<k. P (f\<^sup>i \<bottom>) \<Longrightarrow> (\<forall>X. (\<forall>i<k. P (f\<^sup>i X)) \<longrightarrow> P (f\<^sup>k X)) 
-      \<Longrightarrow> P (\<mu>X. f X)\<close>}
+skipped here):\<^vs>\<open>0.2cm\<close> 
+  \<^item> \<open>... \<Longrightarrow> \<forall>i<k. P (f\<^sup>i \<bottom>) \<Longrightarrow> (\<forall>X. (\<forall>i<k. P (f\<^sup>i X)) \<longrightarrow> P (f\<^sup>k X)) \<Longrightarrow> P (\<mu>X. f X)\<close>
   \<^item> \<open>... \<Longrightarrow> \<forall>i<k. P (f\<^sup>i \<bottom>) \<Longrightarrow> (\<forall>X. P X \<longrightarrow> P (f\<^sup>k X)) \<Longrightarrow> P (\<mu>X. f X)\<close>
 
 
@@ -749,10 +703,9 @@ skipped here):
 it reduces the goal size.
 
 Another problem occasionally occurring in refinement proofs happens when the right side term 
-involves more than one  fixed-point  process (\<^eg> \<open>P \<lbrakk>{A}\<rbrakk> Q \<sqsubseteq> S\<close>). In this situation,
+involves more than one  fixed-point  process (\<^eg> \<open>P \<lbrakk>A\<rbrakk> Q \<sqsubseteq> S\<close>). In this situation,
 we need parallel fixed-point inductions. The HOLCF library offers only a basic one:
-  \<^item> @{cartouche [display]\<open>... \<Longrightarrow> P \<bottom> \<bottom> \<Longrightarrow> (\<forall>X Y. P X Y \<Longrightarrow> P (f X) (g Y)) 
-        \<Longrightarrow> P (\<mu>X. f X) (\<mu>X. g X)\<close>}
+  \<^item> \<open>... \<Longrightarrow> P \<bottom> \<bottom> \<Longrightarrow> (\<forall>X Y. P X Y \<Longrightarrow> P (f X) (g Y)) \<Longrightarrow> P (\<mu>X. f X) (\<mu>X. g X)\<close>
 
 
 \<^noindent> This form does not help in cases like in \<open>P \<lbrakk>\<emptyset>\<rbrakk> Q \<sqsubseteq> S\<close> with the interleaving operator on the 
@@ -774,7 +727,7 @@ The astute reader may notice here that if the induction step is weakened (having
 the base steps require enforcement.  
 \<close>
 
-subsection*["norm"::tc,main_author="Some(@{docitem ''safouan''}::author)"]
+subsection*["norm"::tc,main_author="Some(@{author ''safouan''}::author)"]
 \<open>Normalization\<close>
 text\<open>
  Our framework can reason not only over infinite alphabets, but also over processes parameterized
@@ -795,7 +748,7 @@ This normal form is closed under deterministic and  communication operators.
 The advantage of this format is that we can mimick the well-known product automata construction
 for an arbitrary number of synchronized processes under normal form.
 We only show the case of the synchronous product of two processes: \<close>
-text*[T3::"theorem", short_name="\<open>Product Construction\<close>"]\<open>
+Theorem*[T3, short_name="\<open>Product Construction\<close>", level="Some 2"]\<open>
 Parallel composition translates to normal form:
 @{cartouche [display,indent=5]\<open>(P\<^sub>n\<^sub>o\<^sub>r\<^sub>m\<lbrakk>\<tau>\<^sub>1,\<upsilon>\<^sub>1\<rbrakk> \<sigma>\<^sub>1) || (P\<^sub>n\<^sub>o\<^sub>r\<^sub>m\<lbrakk>\<tau>\<^sub>2,\<upsilon>\<^sub>2\<rbrakk> \<sigma>\<^sub>2) = 
     P\<^sub>n\<^sub>o\<^sub>r\<^sub>m\<lbrakk>\<lambda>(\<sigma>\<^sub>1,\<sigma>\<^sub>2). \<tau>\<^sub>1 \<sigma>\<^sub>1 \<inter> \<tau>\<^sub>2 \<sigma>\<^sub>2 , \<lambda>(\<sigma>\<^sub>1,\<sigma>\<^sub>2).\<lambda>e.(\<upsilon>\<^sub>1 \<sigma>\<^sub>1 e, \<upsilon>\<^sub>2 \<sigma>\<^sub>2 e)\<rbrakk> (\<sigma>\<^sub>1,\<sigma>\<^sub>2)\<close>}
@@ -815,7 +768,7 @@ states via the closure \<open>\<RR>\<close>, which is defined inductively over:
 Thus, normalization leads to a new characterization of deadlock-freeness inspired 
 from automata theory. We formally proved the following theorem:\<close>
 
-text*[T4::"theorem", short_name="\<open>DF vs. Reacheability\<close>"]
+text*[T4::"theorem", short_name="\<open>DF vs. Reacheability\<close>", level="Some 2"]
 \<open> If each reachable state \<open>s \<in> (\<RR> \<tau> \<upsilon>)\<close> has outgoing transitions,
 the \<^csp> process is deadlock-free: 
 @{cartouche [display,indent=10] \<open>\<forall>\<sigma> \<in> (\<RR> \<tau> \<upsilon> \<sigma>\<^sub>0). \<tau> \<sigma> \<noteq> {} \<Longrightarrow> deadlock_free (P\<^sub>n\<^sub>o\<^sub>r\<^sub>m\<lbrakk>\<tau>,\<upsilon>\<rbrakk> \<sigma>\<^sub>0)\<close>}
@@ -834,7 +787,7 @@ Summing up, our method consists of four stages:
 
 \<close>
 
-subsection*["dining_philosophers"::tc,main_author="Some(@{docitem ''safouan''}::author)",level="Some 3"]
+subsection*["dining_philosophers"::tc,main_author="Some(@{author ''safouan''}::author)",level="Some 3"]
 \<open>Generalized Dining Philosophers\<close>
 
 text\<open>  The dining philosophers problem is another paradigmatic example in the \<^csp> literature
@@ -926,7 +879,7 @@ for a dozen of philosophers (on a usual machine) due to the exponential combinat
 Furthermore, our proof is fairly stable against modifications like adding non synchronized events like
 thinking or sitting down in contrast to model-checking techniques. \<close>
 
-section*["relatedwork"::tc,main_author="Some(@{docitem ''lina''}::author)",level="Some 3"]
+section*["relatedwork"::tc,main_author="Some(@{author ''lina''}::author)",level="Some 3"]
 \<open>Related work\<close>
 
 text\<open>
@@ -993,7 +946,7 @@ restrictions on the structure of components. None of our paradigmatic examples c
 be automatically proven with any of the discussed SMT techniques without restrictions.
 \<close>
 
-section*["conclusion"::conclusion,main_author="Some(@{docitem ''bu''}::author)"]\<open>Conclusion\<close>
+section*["conclusion"::conclusion,main_author="Some(@{author ''bu''}::author)"]\<open>Conclusion\<close>
 text\<open>We presented a formalisation of the most comprehensive semantic model for \<^csp>, a 'classical' 
 language for the specification and analysis of concurrent systems studied in a rich body of 
 literature. For this purpose, we ported @{cite "tej.ea:corrected:1997"} to a modern version
@@ -1024,10 +977,6 @@ over finite sub-systems with globally infinite systems in a logically safe way.
 subsection*[bib::bibliography]\<open>References\<close>
 
 close_monitor*[this]
-(*
-term\<open>\<longrightarrow>\<close>
-term\<open> demon \<sigma>\<^sub>g\<^sub>l\<^sub>o\<^sub>b\<^sub>a\<^sub>l := \<Sqinter> \<Delta>t \<in> \<real>\<^sub>>\<^sub>0.     ||| i\<in>A. ACTOR i \<sigma>\<^sub>g\<^sub>l\<^sub>o\<^sub>b\<^sub>a\<^sub>l 
-                                   \<lbrakk>S\<rbrakk> sync!\<sigma>\<^sub>g\<^sub>l\<^sub>o\<^sub>b\<^sub>a\<^sub>l\<^sub>' \<longrightarrow> demon \<sigma>\<^sub>g\<^sub>l\<^sub>o\<^sub>b\<^sub>a\<^sub>l\<^sub>'   \<close>
-*)
+
 end
 (*>*) 

Isabelle_DOF-Examples-Extra/CC_ISO15408/PikeOS_study/PikeOS_ST.thy

@@ -1,7 +1,6 @@
 theory PikeOS_ST (*Security Target *)
 
-imports "../../../src/ontologies/CC_v3.1_R5/CC_v3_1_R5"
-        (*  Isabelle_DOF.CC_v3_1_R5 in the future.  *)
+imports "Isabelle_DOF-Ontologies.CC_v3_1_R5"
 
 begin 
 
@@ -18,18 +17,20 @@ text*[pkosstref::st_ref_cls, title="''PikeOS Security Target''", st_version ="(0
  It complies with the Common Criteria for Information Technology Security Evaluation 
  Version 3.1 Revision 4.\<close>
 
+
+
 subsection*[pkossttoerefsubsec::st_ref_cls]\<open>TOE Reference\<close>
 
 text*[pkostoeref::toe_ref_cls, dev_name="''''", toe_name="''PikeOS''",
       toe_version= "(0,3,4)", prod_name="Some ''S3725''"]
-\<open>The @{docitem toe_def} is the operating system PikeOS version 3.4 
+\<open>The @{docitem (unchecked) toeDef} is the operating system PikeOS version 3.4 
    running on the microprocessor family x86 hosting different applications. 
-   The @{docitem toe_def} is referenced as PikeOS 3.4 base
+   The @{docitem (unchecked) toeDef} is referenced as PikeOS 3.4 base
    product build S3725 for Linux and Windows development host with PikeOS 3.4
    Certification Kit build S4250 and PikeOS 3.4 Common Criteria Kit build S4388.\<close>
 
 subsection*[pkossttoeovrvwsubsec::st_ref_cls]\<open> TOE Overview \<close>
-text*[pkosovrw1::toe_ovrw_cls]\<open>The @{definition \<open>toe\<close> } is a special kind of operating 
+text*[pkosovrw1::toe_ovrw_cls]\<open>The @{docitem (unchecked) \<open>toeDef\<close> } is a special kind of operating 
 system, that allows to effectively separate
 different applications running on the same platform from each other. The TOE can host
 user applications that can also be operating systems. User applications can also be
@@ -87,4 +88,4 @@ open_monitor*[PikosSR::SEC_REQ_MNT]
 close_monitor*[PikosSR]
 
 close_monitor*[stpkos]
-end
+end

Isabelle_DOF-Examples-Extra/CC_ISO15408/PikeOS_study/ROOT

@@ -0,0 +1,4 @@
+session "PikeOS_study" = "Isabelle_DOF-Ontologies" +
+  options [document = false]
+  theories
+    "PikeOS_ST"

Isabelle_DOF-Examples-Extra/CC_ISO15408/ROOTS

@@ -0,0 +1 @@
+PikeOS_study

Isabelle_DOF-Examples-Extra/CENELEC_50128/mini_odo/ROOT

@@ -1,16 +1,16 @@
-session "mini_odo" = "Isabelle_DOF" +
-  options [document = pdf, document_output = "output", document_build = dof,
-           dof_ontologies = "Isabelle_DOF.technical_report Isabelle_DOF.cenelec_50128", 
-           dof_template = "Isabelle_DOF.scrreprt-modern"]
+session "mini_odo" = "Isabelle_DOF-Ontologies" +
+  options [document = pdf, document_output = "output", document_build = dof]
   sessions 
     "Physical_Quantities"
   theories
     "mini_odo"
+  document_theories
+    "Isabelle_DOF-Ontologies.CENELEC_50128" 
   document_files
+    "dof_session.tex"
     "preamble.tex"
     "root.bib"
     "root.mst"
-    "lstisadof.sty"
     "figures/df-numerics-encshaft.png"
     "figures/odometer.jpeg"
     "figures/three-phase-odo.pdf"

Isabelle_DOF-Examples-Extra/CENELEC_50128/mini_odo/document/dof_session.tex

@@ -0,0 +1,3 @@
+\input{mini_odo}
+\input{CENELEC_50128}
+

Isabelle_DOF-Examples-Extra/CENELEC_50128/mini_odo/document/preamble.tex

@@ -13,8 +13,6 @@
 %%   SPDX-License-Identifier: LPPL-1.3c+ OR BSD-2-Clause
 
 %% This is a placeholder for user-specific configuration and packages.
-\usepackage{listings}
-\usepackage{lstisadof}
 \usepackage{wrapfig}
 \usepackage{paralist}
 \usepackage{numprint}

Isabelle_DOF-Examples-Extra/CENELEC_50128/mini_odo/mini_odo.thy

@@ -15,10 +15,12 @@
 theory 
   mini_odo
 imports  
-  "Isabelle_DOF.CENELEC_50128" 
+  "Isabelle_DOF-Ontologies.CENELEC_50128" 
   "Isabelle_DOF.technical_report"
   "Physical_Quantities.SI" "Physical_Quantities.SI_Pretty"
 begin
+use_template "scrreprt-modern"
+use_ontology technical_report and "Isabelle_DOF-Ontologies.CENELEC_50128"
 declare[[strict_monitor_checking=true]]
 define_shortcut* dof     \<rightleftharpoons> \<open>\dof\<close>
                  isadof  \<rightleftharpoons> \<open>\isadof{}\<close>
@@ -124,7 +126,7 @@ text\<open>
 
 subsection\<open>Capturing ``System Architecture.''\<close>
 
-figure*["three-phase"::figure,relative_width="70",src="''figures/three-phase-odo''"]
+figure*["three-phase"::figure,relative_width="70",file_src="''figures/three-phase-odo.pdf''"]
 \<open>An odometer with three sensors \<open>C1\<close>, \<open>C2\<close>, and \<open>C3\<close>.\<close>
 
 text\<open>
@@ -160,7 +162,7 @@ text\<open>
   of the measuring device, and the required format and precision of the measurements of the odometry
   function as represented (see @{figure (unchecked) "df-numerics-encshaft"}).\<close>
 
-figure*["df-numerics-encshaft"::figure,relative_width="76",src="''figures/df-numerics-encshaft''"]
+figure*["df-numerics-encshaft"::figure,relative_width="76",file_src="''figures/df-numerics-encshaft.png''"]
 \<open>Real distance vs. discrete distance vs. shaft-encoder sequence\<close>
 
 
@@ -294,7 +296,7 @@ and the global model parameters such as wheel diameter, the number of teeth per
 sampling frequency etc., we can infer the maximal time of service as well the maximum distance 
 the device can measure.  As an example configuration, choosing:
 
-   \<^item> \<^term>\<open>(1 *\<^sub>Q metre)::real[m]\<close>      for  \<^term>\<open>w\<^sub>d\<close>   (wheel-diameter), 
+   \<^item> \<^term>\<open>(1 *\<^sub>Q metre):: real[m]\<close>      for  \<^term>\<open>w\<^sub>d\<close>   (wheel-diameter), 
    \<^item> \<^term>\<open>100         :: real\<close>        for  \<^term>\<open>tpw\<close> (teeth per wheel), 
    \<^item> \<^term>\<open>80 *\<^sub>Q kmh   :: real[m\<cdot>s\<^sup>-\<^sup>1]\<close>  for  \<^term>\<open>Speed\<^sub>M\<^sub>a\<^sub>x\<close>,
    \<^item> \<^term>\<open>14.4 *\<^sub>Q kHz :: real[s\<^sup>-\<^sup>1]\<close>    for the sampling frequency,
@@ -626,14 +628,14 @@ text\<open>
 \<close>
 
 text\<open>Examples for declaration of typed doc-classes "assumption" (sic!) and "hypothesis" (sic!!),
-     concepts defined in the underlying ontology @{theory "Isabelle_DOF.CENELEC_50128"}. \<close>
+     concepts defined in the underlying ontology @{theory "Isabelle_DOF-Ontologies.CENELEC_50128"}. \<close>
 text*[ass2::assumption, long_name="Some ''assumption one''"] \<open> The subsystem Y is safe. \<close>
 text*[hyp1::hypothesis] \<open> \<open>P \<noteq> NP\<close> \<close>
   
 text\<open>  
-   A real example fragment fsrom a larger project, declaring a text-element as a
+   A real example fragment from a larger project, declaring a text-element as a
    "safety-related application condition", a concept defined in the 
-   @{theory "Isabelle_DOF.CENELEC_50128"} ontology:\<close>  
+   @{theory "Isabelle_DOF-Ontologies.CENELEC_50128"} ontology:\<close>  
 
 text*[hyp2::hypothesis]\<open>Under the assumption @{assumption \<open>ass2\<close>} we establish the following: ... \<close>
 
@@ -654,11 +656,10 @@ text*[t10::test_result]
   test-execution via, \<^eg>, a makefile or specific calls to a test-environment or test-engine. \<close>
 
 
-text
-\<open>  Finally some examples of references to doc-items, i.e. text-elements 
-   with declared  meta-information and status. \<close> 
-text \<open> As established by @{test_result (unchecked) \<open>t10\<close>}, 
-                         @{test_result (define) \<open>t10\<close>} \<close>
+text \<open> Finally some examples of references to doc-items, i.e. text-elements 
+       with declared  meta-information and status. \<close> 
+
+text \<open> As established by @{test_result \<open>t10\<close>}\<close>
 text \<open> the               @{test_result \<open>t10\<close>}                      
        as well as the    @{SRAC \<open>ass122\<close>}\<close>  
 text \<open> represent a justification of the safety related applicability 
@@ -669,7 +670,6 @@ text \<open> due to notational conventions for antiquotations, one may even writ
        "represent a justification of the safety related applicability
         condition \<^SRAC>\<open>ass122\<close> aka exported constraint \<^EC>\<open>ass122\<close>."\<close> 
 
-
 (*<*)   
 end
 (*>*)

Isabelle_DOF-Examples-Extra/ROOTS

@@ -1,3 +1,4 @@
-scholarly_paper
 technical_report
 CENELEC_50128
+cytology
+CC_ISO15408

Isabelle_DOF-Examples-Extra/cytology/Cytology.thy

@@ -68,7 +68,7 @@ onto_class procaryotic_cells = cell +
 
 onto_class eucaryotic_cells = cell + 
     organelles :: "organelles' list"
-    invariant has_nucleus :: "\<lambda>\<sigma>::eucaryotic_cells. \<exists> org \<in> set (organelles \<sigma>). is\<^sub>n\<^sub>u\<^sub>c\<^sub>l\<^sub>e\<^sub>u\<^sub>s org"
+    invariant has_nucleus :: "\<exists> org \<in> set (organelles \<sigma>). is\<^sub>n\<^sub>u\<^sub>c\<^sub>l\<^sub>e\<^sub>u\<^sub>s org"
     \<comment> \<open>Cells must have at least one nucleus. However, this should be executable.\<close>
 
 find_theorems (70)name:"eucaryotic_cells"
@@ -78,13 +78,10 @@ value "is\<^sub>n\<^sub>u\<^sub>c\<^sub>l\<^sub>e\<^sub>u\<^sub>s (mk\<^sub>n\<^
 
 term \<open>eucaryotic_cells.organelles\<close>
 
-value \<open>(eucaryotic_cells.organelles(eucaryotic_cells.make X Y Z Z Z [] 3 []))\<close>
-
-value \<open>has_nucleus_inv(eucaryotic_cells.make X Y Z Z Z [] 3 [])\<close>
-
-value \<open>has_nucleus_inv(eucaryotic_cells.make X Y Z Z Z [] 3 
-                         [upcast\<^sub>n\<^sub>u\<^sub>c\<^sub>l\<^sub>e\<^sub>u\<^sub>s (nucleus.make a b c d [])])\<close>
+value \<open>(eucaryotic_cells.organelles(eucaryotic_cells.make X Y Z Z Z [] []))\<close>
 
+value \<open>has_nucleus_inv(eucaryotic_cells.make X Y Z Z Z [] [])\<close>
 
+value \<open>has_nucleus_inv(eucaryotic_cells.make X Y Z Z Z [] [upcast\<^sub>n\<^sub>u\<^sub>c\<^sub>l\<^sub>e\<^sub>u\<^sub>s (nucleus.make a b c )])\<close>
 
 end

Isabelle_DOF-Examples-Extra/cytology/ROOT

@@ -0,0 +1,4 @@
+session "Cytology" = "Isabelle_DOF" +
+  options [document = false]
+  theories
+    "Cytology"

Isabelle_DOF-Examples-Extra/technical_report/ROOTS

@@ -1,2 +1 @@
-Isabelle_DOF-Manual
 TR_my_commented_isabelle

Isabelle_DOF-Examples-Extra/technical_report/TR_my_commented_isabelle/ROOT

@@ -1,7 +1,5 @@
 session "TR_MyCommentedIsabelle" = "Isabelle_DOF" +
-  options [document = pdf, document_output = "output", document_build = dof,
-           dof_ontologies = "Isabelle_DOF.technical_report", dof_template = Isabelle_DOF.scrreprt,
-    quick_and_dirty = true]
+  options [document = pdf, document_output = "output", document_build = dof]
   theories
     "TR_MyCommentedIsabelle"
   document_files

Isabelle_DOF-Examples-Extra/technical_report/TR_my_commented_isabelle/TR_MyCommentedIsabelle.thy

@@ -14,9 +14,11 @@
 (*<*)
 theory TR_MyCommentedIsabelle
   imports "Isabelle_DOF.technical_report" 
-
 begin
 
+use_template "scrreprt"
+use_ontology "technical_report"
+
 define_shortcut* isabelle \<rightleftharpoons> \<open>Isabelle/HOL\<close>
 
 open_monitor*[this::report] 
@@ -62,7 +64,7 @@ text\<open> \<^vs>\<open>-0.5cm\<close>
   Isabelle and Isabelle/HOL, a complementary text to the unfortunately somewhat outdated 
   "The Isabelle Cookbook" in \<^url>\<open>https://nms.kcl.ac.uk/christian.urban/Cookbook/\<close>. 
   The present text is also complementary to the current version of 
-  \<^url>\<open>https://isabelle.in.tum.de/dist/Isabelle2021/doc/isar-ref.pdf\<close>
+  \<^url>\<open>https://isabelle.in.tum.de/doc/isar-ref.pdf\<close>
   "The Isabelle/Isar Implementation" by Makarius Wenzel in that it focusses on subjects
   not covered there, or presents alternative explanations for which I believe, based on my 
   experiences with students and Phds, that they are helpful.
@@ -77,7 +79,7 @@ text\<open> \<^vs>\<open>-0.5cm\<close>
   maximum of formal content which makes this text re-checkable at each load and easier 
   maintainable. \<close>
 
-figure*[architecture::figure,relative_width="70",src="''figures/isabelle-architecture''"]\<open> 
+figure*[architecture::figure,relative_width="70",file_src="''figures/isabelle-architecture.pdf''"]\<open> 
      The system architecture of Isabelle (left-hand side) and the  asynchronous communication 
      between the Isabelle system and the IDE (right-hand side). \<close>
 
@@ -146,7 +148,7 @@ text\<open> \<open>*\<open>This is a text.\<close>\<close>\<close>
 
 text\<open>and displayed in the Isabelle/jEdit front-end at the sceen by:\<close>
 
-figure*[fig2::figure, relative_width="60", placement="pl_h", src="''figures/text-element''"]
+figure*[fig2::figure, relative_width="60", file_src="''figures/text-element.pdf''"]
         \<open>A text-element as presented in Isabelle/jEdit.\<close>
 
 text\<open>The text-commands, ML-commands (and in principle any other command) can be seen as 
@@ -364,7 +366,7 @@ subsection*[t213::example]\<open>Mechanism 2 : Extending the Global Context \<op
 
 text\<open>A central mechanism for constructing user-defined data is by the \<^ML_functor>\<open>Generic_Data\<close>-functor.
   A plugin needing some data \<^verbatim>\<open>T\<close> and providing it with implementations for an 
-  \<^verbatim>\<open>empty\<close>, and operations  \<^verbatim>\<open>merge\<close> and \<^verbatim>\<open>extend\<close>, can construct a lense with operations
+  \<^verbatim>\<open>empty\<close>, and operation \<^verbatim>\<open>merge\<close>, can construct a lense with operations
   \<^verbatim>\<open>get\<close> and \<^verbatim>\<open>put\<close> that attach this data into the generic system context. Rather than using
   unsynchronized SML mutable variables, this is the mechanism to introduce component local
   data in Isabelle, which allows to manage this data for the necessary backtrack and synchronization
@@ -373,14 +375,12 @@ text\<open>A central mechanism for constructing user-defined data is by the \<^M
 ML \<open>
      datatype X = mt
      val init = mt;
-     val ext = I
      fun merge (X,Y) = mt
      
      structure Data = Generic_Data
      (
        type T = X
        val empty  = init
-       val extend = ext
        val merge  = merge
      );  
 \<close>
@@ -807,18 +807,13 @@ text\<open>  They reflect the Pure logic depicted in a number of presentations s
   Notated as logical inference rules, these operations were presented as follows:
 \<close>
 
-side_by_side_figure*["text-elements"::side_by_side_figure,anchor="''fig-kernel1''",
-                      caption="''Pure Kernel Inference Rules I ''",relative_width="48",
-                      src="''figures/pure-inferences-I''",anchor2="''fig-kernel2''",
-                      caption2="''Pure Kernel Inference Rules II''",relative_width2="47",
-                      src2="''figures/pure-inferences-II''"]\<open>  \<close>
+text*["text-elements"::float, 
+      main_caption="\<open>Kernel Inference Rules.\<close>"]
+\<open>
+@{fig_content (width=48, caption="Pure Kernel Inference Rules I.") "figures/pure-inferences-I.pdf"
+}\<^hfill>@{fig_content (width=47, caption="Pure Kernel Inference Rules II.") "figures/pure-inferences-II.pdf"} 
+\<close>
 
-(*
-figure*[kir1::figure,relative_width="100",src="''figures/pure-inferences-I''"]
-       \<open> Pure Kernel Inference Rules I.\<close>
-figure*[kir2::figure,relative_width="100",src="''figures/pure-inferences-II''"]
-       \<open> Pure Kernel Inference Rules II. \<close>
- *)
 
 text\<open>Note that the transfer rule:
 \[
@@ -1440,7 +1435,7 @@ text\<open>The document model forsees a number of text files, which are organize
   secondary formats can be \<^verbatim>\<open>.sty\<close>,\<^verbatim>\<open>.tex\<close>, \<^verbatim>\<open>.png\<close>, \<^verbatim>\<open>.pdf\<close>, or other files processed 
   by Isabelle and listed in a configuration processed by the build system.\<close>
 
-figure*[fig3::figure, relative_width="100",src="''figures/document-model''"]
+figure*[fig3::figure, relative_width="100",file_src="''figures/document-model.pdf''"]
         \<open>A Theory-Graph in the Document Model\<close>
 
 text\<open>A \<^verbatim>\<open>.thy\<close> file consists of a \<^emph>\<open>header\<close>, a \<^emph>\<open>context-definition\<close> and
@@ -1535,7 +1530,7 @@ text\<open> ... uses the antiquotation @{ML "@{here}"} to infer from the system
   of itself in the global document, converts it to markup (a string-representation of it) and sends
   it via the usual @{ML "writeln"} to the interface. \<close>
 
-figure*[hyplinkout::figure,relative_width="40",src="''figures/markup-demo''"]
+figure*[hyplinkout::figure,relative_width="40",file_src="''figures/markup-demo.png''"]
 \<open>Output with hyperlinked position.\<close>
 
 text\<open>@{figure \<open>hyplinkout\<close>} shows the produced output where the little house-like symbol in the 
@@ -1637,7 +1632,7 @@ val data = \<comment> \<open>Derived from Yakoub's example ;-)\<close>
   , (\<open>Frédéric II\<close>,   \<open>King of Sicily\<close>)
   , (\<open>Frédéric III\<close>,  \<open>the Handsome\<close>)
   , (\<open>Frédéric IV\<close>,   \<open>of the Empty Pockets\<close>)
-  , (\<open>Frédéric V\<close>,    \<open>King of Denmark–Norway\<close>)
+  , (\<open>Frédéric V\<close>,    \<open>King of Denmark-Norway\<close>)
   , (\<open>Frédéric VI\<close>,   \<open>the Knight\<close>)
   , (\<open>Frédéric VII\<close>,  \<open>Count of Toggenburg\<close>)
   , (\<open>Frédéric VIII\<close>, \<open>Count of Zollern\<close>)

Isabelle_DOF-Ontologies/CC_v3_1_R5/CC_terminology.thy

@@ -10,15 +10,20 @@
  *   SPDX-License-Identifier: BSD-2-Clause
  *************************************************************************)
 
-chapter\<open>Common Criteria Definitions\<close>
+chapter\<open>Common Criteria\<close>
+section\<open>Terminology\<close>
 
 (*<<*)
 theory CC_terminology
 
-imports  "Isabelle_DOF.technical_report" 
+imports  
+"Isabelle_DOF.technical_report" 
 
 begin
 
+define_ontology "DOF-CC_terminology.sty" "CC"
+
+(*>>*)
 text\<open>We re-use the class @\<open>typ math_content\<close>, which provides also a framework for
 semi-formal terminology, which we re-use by this definition.\<close>
 
@@ -35,20 +40,19 @@ type_synonym concept = concept_definition
 declare[[ Definition_default_class="concept_definition"]]
 
 
-(*>>*)
 
-section \<open>Terminology\<close>
+subsection \<open>Terminology\<close>
 
 
-subsection \<open>Terms and definitions common in the CC\<close>
+subsubsection \<open>Terms and definitions common in the CC\<close>
 
 Definition* [aas_def, tag= "''adverse actions''"]
  \<open>actions performed by a threat agent on an asset\<close>
 
-declare_reference*[toe_def]
+declare_reference*[toeDef]
 
 Definition* [assts_def, tag="''assets''"]
- \<open>entities that the owner of the @{docitem toe_def} presumably places value upon \<close>
+ \<open>entities that the owner of the @{docitem (unchecked) toeDef} presumably places value upon \<close>
 
 Definition* [asgn_def, tag="''assignment''"]
 \<open>the specification of an identified parameter in a component (of the CC) or requirement.\<close>
@@ -56,7 +60,8 @@ Definition* [asgn_def, tag="''assignment''"]
 declare_reference*[sfrs_def]
 
 Definition* [assrc_def, tag="''assurance''"]
-  \<open>grounds for confidence that a @{docitem toe_def} meets the @{docitem sfrs_def}\<close>
+  \<open>grounds for confidence that a @{docitem (unchecked) toeDef}
+   meets the @{docitem (unchecked) sfrs_def}\<close>
 
 Definition* [attptl_def, tag="''attack potential''"] 
   \<open>measure of the effort to be expended in attacking a TOE, expressed in terms of 
@@ -69,9 +74,10 @@ Definition* [authdata_def, tag="''authentication data''"]
   \<open>information used to verify the claimed identity of a user\<close>
 
 Definition* [authusr_def, tag = "''authorised user''"] 
-\<open>@{docitem toe_def} user who may, in accordance with the @{docitem sfrs_def}, perform an operation\<close>
+\<open>@{docitem (unchecked) toeDef} user who may,
+ in accordance with the @{docitem (unchecked) sfrs_def}, perform an operation\<close>
 
-Definition* [bpp_def, tag="''Base Protection Profile''"] 
+Definition* [bppDef, tag="''Base Protection Profile''"] 
 \<open>Protection Profile used as a basis to build a Protection Profile Configuration\<close>
 
 Definition* [cls_def,tag="''class''"]
@@ -104,8 +110,8 @@ Definition* [cfrm_def,tag="''confirm''"]
  term is only applied to evaluator actions.\<close>
 
 Definition* [cnnctvty_def, tag="''connectivity''"]
-\<open>property of the @{docitem toe_def} allowing interaction with IT entities external to the 
- @{docitem toe_def}
+\<open>property of the @{docitem (unchecked) toeDef} allowing interaction with IT entities external to the 
+ @{docitem (unchecked) toeDef}
 
  This includes exchange of data by wire or by wireless means, over any
  distance in any environment or configuration.\<close>
@@ -118,17 +124,20 @@ Definition* [cnt_vrb_def, tag="''counter, verb''"]
 \<open>meet an attack where the impact of a particular threat is mitigated 
  but not necessarily eradicated\<close>
 
-declare_reference*[st_def]
-declare_reference*[pp_def]
+declare_reference*[stDef]
+declare_reference*[ppDef]
 
 Definition* [dmnst_conf_def, tag="''demonstrable conformance''"] 
-\<open>relation between an @{docitem st_def} and a @{docitem pp_def}, where the @{docitem st_def} 
+\<open>relation between an @{docitem (unchecked) stDef} and a @{docitem (unchecked) ppDef},
+ where the @{docitem (unchecked) stDef} 
  provides a solution which solves the generic security problem in the PP
 
-The @{docitem pp_def} and the @{docitem st_def} may contain entirely different statements that discuss
+The @{docitem (unchecked) ppDef} and the @{docitem (unchecked) stDef} may contain
+entirely different statements that discuss
 different entities, use different concepts etc. Demonstrable conformance is
-also suitable for a @{docitem toe_def} type where several similar @{docitem pp_def}s already exist, thus
-allowing the ST author to claim conformance to these @{docitem pp_def}s simultaneously,
+also suitable for a @{docitem (unchecked) toeDef} type
+where several similar @{docitem (unchecked) ppDef}s already exist, thus
+allowing the ST author to claim conformance to these @{docitem (unchecked) ppDef}s simultaneously,
 thereby saving work.\<close>
 
 Definition* [dmstrt_def, tag="''demonstrate''"] 
@@ -136,9 +145,10 @@ Definition* [dmstrt_def, tag="''demonstrate''"]
 
 Definition* [dpndcy, tag="''dependency''"] 
 \<open>relationship between components such that if a requirement based on the depending 
- component is included in a @{docitem pp_def}, ST or package, a requirement based on 
- the component that is depended upon must normally also be included in the @{docitem pp_def}, 
- @{docitem st_def} or package\<close>
+ component is included in a @{docitem (unchecked) ppDef}, ST or package, a requirement based on 
+ the component that is depended upon must normally also be included
+ in the @{docitem (unchecked) ppDef}, 
+ @{docitem (unchecked) stDef} or package\<close>
 
 Definition* [dscrb_def, tag="''describe''"] 
 \<open>provide specific details of an entity\<close>
@@ -153,7 +163,7 @@ Definition* [dtrmn_def, tag="''determine''"]
  performed which needs to be reviewed\<close>
 
 Definition* [devenv_def, tag="''development environment''"] 
-\<open>environment in which the @{docitem toe_def} is developed\<close>
+\<open>environment in which the @{docitem (unchecked) toeDef} is developed\<close>
 
 Definition* [elmnt_def, tag="''element''"] 
 \<open>indivisible statement of a security need\<close>
@@ -165,26 +175,27 @@ Definition* [ensr_def, tag="''ensure''"]
  consequence is not fully certain, on the basis of that action alone.\<close>
 
 Definition* [eval_def, tag="''evaluation''"] 
-\<open>assessment of a @{docitem pp_def}, an @{docitem st_def} or a @{docitem toe_def}, 
- against defined criteria.\<close>
+\<open>assessment of a @{docitem (unchecked) ppDef}, an @{docitem (unchecked) stDef}
+ or a @{docitem (unchecked) toeDef}, against defined criteria.\<close>
 
 Definition* [eal_def, tag= "''evaluation assurance level''"] 
 \<open>set of assurance requirements drawn from CC Part 3, representing a point on the 
  CC predefined assurance scale, that form an assurance package\<close>
 
 Definition* [eval_auth_def, tag="''evaluation authority''"] 
-\<open>body that sets the standards and monitors the quality of evaluations conducted by bodies within a specific community and
- implements the CC for that community by means of an evaluation scheme\<close>
+\<open>body that sets the standards and monitors the quality of evaluations conducted 
+ by bodies within a specific community and implements the CC for that community 
+ by means of an evaluation scheme\<close>
 
 Definition* [eval_schm_def, tag="''evaluation scheme''"] 
 \<open>administrative and regulatory framework under which the CC is applied by an 
  evaluation authority within a specific community\<close>
 
-Definition* [exst_def, tag="''exhaustive''"]
+Definition* [exstDef, tag="''exhaustive''"]
 \<open>characteristic of a methodical approach taken to perform an
 analysis or activity according to an unambiguous plan
 This term is used in the CC with respect to conducting an analysis or other
-activity. It is related to “systematic” but is considerably stronger, in that it
+activity. It is related to ``systematic'' but is considerably stronger, in that it
 indicates not only that a methodical approach has been taken to perform the
 analysis or activity according to an unambiguous plan, but that the plan that
 was followed is sufficient to ensure that all possible avenues have been
@@ -235,7 +246,7 @@ Definition* [intl_com_chan_def, tag ="''internal communication channel''"]
 Definition* [int_toe_trans, tag="''internal TOE transfer''"] 
   \<open>communicating data between separated parts of the TOE\<close>
 
-Definition* [inter_consist_def, tag="''internally consistent''"] 
+Definition* [inter_consistDef, tag="''internally consistent''"] 
   \<open>no apparent contradictions exist between any aspects of an entity
 
    In terms of documentation, this means that there can be no statements within
@@ -270,7 +281,7 @@ Definition* [org_sec_po_def, tag="''organisational security policy''"]
 
 Definition* [pckg_def, tag="''package''"] 
 \<open>named set of either security functional or security assurance requirements 
- An example of a package is “EAL 3”.\<close>
+ An example of a package is ``EAL 3''.\<close>
 
 Definition* [pp_config_def, tag="''Protection Profile Configuration''"] 
 \<open>Protection Profile composed of Base Protection Profiles and Protection Profile Module\<close>
@@ -278,7 +289,7 @@ Definition* [pp_config_def, tag="''Protection Profile Configuration''"]
 Definition* [pp_eval_def, tag="''Protection Profile evaluation''"]
 \<open> assessment of a PP against defined criteria \<close>
 
-Definition* [pp_def, tag="''Protection Profile''"] 
+Definition* [ppDef, tag="''Protection Profile''"] 
 \<open>implementation-independent statement of security needs for a TOE type\<close>
 
 Definition* [ppm_def, tag="''Protection Profile Module''"] 
@@ -290,36 +301,37 @@ declare_reference*[tsf_def]
 Definition* [prv_def, tag="''prove''"] 
 \<open>show correspondence by formal analysis in its mathematical sense
  It is completely rigorous in all ways. Typically, “prove” is used when there is
- a desire to show correspondence between two @{docitem tsf_def} representations at a high
- level of rigour.\<close>
+ a desire to show correspondence between two @{docitem (unchecked) tsf_def}
+ representations at a high level of rigour.\<close>
 
 Definition* [ref_def, tag="''refinement''"] 
 \<open>addition of details to a component\<close>
 
 Definition* [role_def, tag="''role''"] 
 \<open>predefined set of rules establishing the allowed interactions between
- a user and the @{docitem toe_def}\<close>
+ a user and the @{docitem (unchecked) toeDef}\<close>
 
 declare_reference*[sfp_def]
 
 Definition* [scrt_def, tag="''secret''"]
 \<open>information that must be known only to authorised users and/or the
- @{docitem tsf_def} in order to enforce a specific @{docitem sfp_def}\<close>
+ @{docitem (unchecked) tsf_def} in order to enforce a specific @{docitem (unchecked) sfp_def}\<close>
 
 declare_reference*[sfr_def]
 
-Definition* [sec_st_def, tag="''secure state''"] 
-\<open>state in which the @{docitem tsf_def} data are consistent and the  @{docitem tsf_def} 
- continues correct enforcement of the  @{docitem sfr_def}s\<close>
+Definition* [sec_stDef, tag="''secure state''"] 
+\<open>state in which the @{docitem (unchecked) tsf_def} data are consistent
+  and the  @{docitem (unchecked) tsf_def} 
+ continues correct enforcement of the  @{docitem (unchecked) sfr_def}s\<close>
 
 Definition* [sec_att_def, tag="''security attribute''"] 
 \<open>property of subjects, users (including external IT products), objects, 
- information, sessions and/or resources that is used in defining the @{docitem sfr_def}s 
- and whose values are used in enforcing the @{docitem sfr_def}s\<close>
+ information, sessions and/or resources that is used in defining the @{docitem (unchecked) sfr_def}s 
+ and whose values are used in enforcing the @{docitem (unchecked) sfr_def}s\<close>
 
 Definition* [sec_def, tag="''security''"]
 \<open>function policy set of rules describing specific security behaviour enforced 
- by the @{docitem tsf_def} and expressible as a set of @{docitem sfr_def}s\<close>
+ by the @{docitem (unchecked) tsf_def} and expressible as a set of @{docitem (unchecked) sfr_def}s\<close>
 
 Definition* [sec_obj_def, tag="''security objective''"] 
 \<open>statement of an intent to counter identified threats and/or satisfy identified 
@@ -328,18 +340,21 @@ Definition* [sec_obj_def, tag="''security objective''"]
 Definition* [sec_prob_def, tag ="''security problem''"] 
 \<open>statement which in a formal manner defines the nature and scope of the security that 
 the TOE is intended to address This statement consists of a combination of:
-  \begin{itemize}
- \item threats to be countered by the TOE and its operational environment,
- \item the OSPs enforced by the TOE and its operational environment, and
- \item the assumptions that are upheld for the operational environment of the TOE.
- \end{itemize}\<close>
+\begin{itemize}
+\item threats to be countered by the TOE and its operational environment,
+\item the OSPs enforced by the TOE and its operational environment, and
+\item the assumptions that are upheld for the operational environment of the TOE.
+\end{itemize}\<close>
 
 Definition* [sr_def, tag="''security requirement''", short_tag="Some(''SR'')"] 
 \<open>requirement, stated in a standardised language, which is meant to contribute 
  to achieving the security objectives for a TOE\<close>
-text \<open>@{docitem toe_def}\<close>
-Definition* [st, tag="''Security Target''", short_tag="Some(''ST'')"] 
-\<open>implementation-dependent statement of security needs for a specific i\<section>dentified @{docitem toe_def}\<close>
+(*<*)
+text \<open>@{docitem  (unchecked) toeDef}\<close>
+(*>*)
+Definition* [st, tag="''Security Target''", short_tag="Some(''ST'')"]
+\<open>implementation-dependent statement of security needs for a specific identified
+ @{docitem (unchecked) toeDef}\<close>
 
 Definition* [slct_def, tag="''selection''"] 
 \<open>specification of one or more items from a list in a component\<close>
@@ -379,13 +394,13 @@ Definition* [toe_res_def, tag="''TOE resource''"]
 
 Definition* [toe_sf_def, tag="''TOE security functionality''", short_tag= "Some(''TSF'')"] 
 \<open>combined functionality of all hardware, software, and firmware of a TOE that must be relied upon 
- for the correct enforcement of the @{docitem sfr_def}s\<close>
+ for the correct enforcement of the @{docitem  (unchecked) sfr_def}s\<close>
 
 Definition* [tr_vrb_def, tag="''trace, verb''"] 
 \<open>perform an informal correspondence analysis between two entities with only a 
  minimal level of rigour\<close>
 
-Definition* [trnsfs_out_toe_def, tag="''transfers outside of the TOE''"] 
+Definition* [trnsfs_out_toeDef, tag="''transfers outside of the TOE''"] 
 \<open>TSF mediated communication of data to entities not under the control of the TSF\<close>
 
 Definition* [transl_def, tag= "''translation''"]
@@ -430,13 +445,22 @@ effort is required of the evaluator.\<close>
 
 Definition* [dev_def, tag="''Developer''"]
 \<open>who respond to actual or perceived consumer security requirements in 
- constructing a @{docitem toe_def}, reference this  CC_Part_3 
+ constructing a @{docitem  (unchecked) toeDef}, reference this  CC\_Part\_3 
  when interpreting statements of assurance requirements and determining
  assurance approaches of @{docitem toe}s.\<close>
 
 Definition*[evalu_def, tag="'' Evaluator''"]
-\<open>who use the assurance requirements defined in CC_Part_3 
+\<open>who use the assurance requirements defined in CC\_Part\_3 
  as mandatory statement of evaluation criteria when determining the assurance 
- of @{docitem toe_def}s and when evaluating @{docitem pp_def}s and @{docitem st_def}s.\<close>
+ of @{docitem  (unchecked) toeDef}s and when evaluating @{docitem ppDef}s
+ and @{docitem  (unchecked) stDef}s.\<close>
+
+
+Definition*[toeDef] \<open>\<close>
+Definition*[sfrs_def] \<open>\<close>
+Definition*[sfr_def] \<open>\<close>
+Definition*[stDef] \<open>\<close>
+Definition*[sfp_def] \<open>\<close>
+Definition*[tsf_def] \<open>\<close>
 
 end

Isabelle_DOF-Ontologies/CC_v3_1_R5/CC_v3_1_R5.thy

@@ -10,16 +10,18 @@
  *   SPDX-License-Identifier: BSD-2-Clause
  *************************************************************************)
 
+section\<open>CC 3.1.R5\<close>
 (*<*)
 theory  "CC_v3_1_R5"
-  imports  "Isabelle_DOF.technical_report" 
+  imports 
+ "Isabelle_DOF.technical_report" 
            "CC_terminology"
 
 
 begin
 (*>*)
 
-section \<open>General Infrastructure on CC Evaluations\<close>
+subsection \<open>General Infrastructure on CC Evaluations\<close>
 
 datatype EALs = EAL1 |  EAL2 |  EAL3 |  EAL4 |  EAL5 |  EAL6 | EAL7
 
@@ -30,7 +32,7 @@ doc_class CC_structure_element =(* text_element + *)
 doc_class CC_text_element = text_element +
           eval_level :: EALs
 
-section \<open>Security target ontology\<close>
+subsection \<open>Security target ontology\<close>
 
 
 doc_class st_ref_cls = CC_text_element +
@@ -53,12 +55,11 @@ doc_class toe_ovrw_cls = CC_text_element +
     firmeware_req:: "CC_text_element list" <= "[]"
     features_req :: "CC_text_element list" <= "[]"
     invariant  eal_consistency:: 
-                 "\<lambda> X::toe_ovrw_cls . 
-                        (case eval_level X  of 
-                           EAL1 \<Rightarrow> software_req  X \<noteq> [] 
-                      |    EAL2 \<Rightarrow> software_req  X \<noteq> [] 
-                      |    EAL3 \<Rightarrow> software_req  X \<noteq> [] 
-                      |    EAL4 \<Rightarrow> software_req  X \<noteq> [] 
+                 "(case eval_level \<sigma>  of 
+                           EAL1 \<Rightarrow> software_req  \<sigma> \<noteq> [] 
+                      |    EAL2 \<Rightarrow> software_req  \<sigma> \<noteq> [] 
+                      |    EAL3 \<Rightarrow> software_req  \<sigma> \<noteq> [] 
+                      |    EAL4 \<Rightarrow> software_req  \<sigma> \<noteq> [] 
                       |    _ \<Rightarrow>  undefined)"
 
 thm eal_consistency_inv_def

Isabelle_DOF-Ontologies/CC_v3_1_R5/DOF-CC_terminology.sty

@@ -0,0 +1,57 @@
+%% Copyright (C) University of Exeter
+%%               University of Paris-Saclay
+%%
+%% License:
+%%   This program can be redistributed and/or modified under the terms
+%%   of the LaTeX Project Public License Distributed from CTAN
+%%   archives in directory macros/latex/base/lppl.txt; either
+%%   version 1.3c of the License, or (at your option) any later version.
+%%   OR
+%%   The 2-clause BSD-style license.
+%%
+%%   SPDX-License-Identifier: LPPL-1.3c+ OR BSD-2-Clause
+
+\NeedsTeXFormat{LaTeX2e}\relax
+\ProvidesPackage{DOF-CC_terminology}
+  [00/00/0000 Document-Type Support Framework for Isabelle (CC).]
+
+\RequirePackage{DOF-COL}
+\usepackage{etex}
+\ifdef{\reserveinserts}{\reserveinserts{28}}{}
+
+
+
+
+\newkeycommand*{\mathcc}[label=,type=%
+ , scholarlyUNDERSCOREpaperDOTmathUNDERSCOREcontentDOTshortUNDERSCOREname ={}%
+ , scholarlyUNDERSCOREpaperDOTmathUNDERSCOREcontentDOTmcc     = % 
+ , IsaUNDERSCORECOLDOTtextUNDERSCOREelementDOTlevel         =%
+ , IsaUNDERSCORECOLDOTtextUNDERSCOREelementDOTreferentiable =%
+ , IsaUNDERSCORECOLDOTtextUNDERSCOREelementDOTvariants      =%
+ , scholarlyUNDERSCOREpaperDOTtextUNDERSCOREsectionDOTmainUNDERSCOREauthor  =%
+ , scholarlyUNDERSCOREpaperDOTtextUNDERSCOREsectionDOTfixmeUNDERSCORElist   =%
+ , IsaUNDERSCORECOLDOTtextUNDERSCOREelementDOTlevel                =%
+ , scholarlyUNDERSCOREpaperDOTtechnicalDOTdefinitionUNDERSCORElist =%
+ , scholarlyUNDERSCOREpaperDOTtechnicalDOTstatus          =%
+ , CCUNDERSCOREterminologyDOTconceptUNDERSCOREdefinitionDOTtag=%
+ , CCUNDERSCOREterminologyDOTconceptUNDERSCOREdefinitionDOTshortUNDERSCOREtag=%
+ ]
+ [1]
+ {%
+    \begin{isamarkuptext}%
+      \ifthenelse{\equal{\commandkey{scholarlyUNDERSCOREpaperDOTmathUNDERSCOREcontentDOTshortUNDERSCOREname}} {} }  
+        {%
+         \begin{\commandkey{scholarlyUNDERSCOREpaperDOTmathUNDERSCOREcontentDOTmcc}}\label{\commandkey{label}}
+           #1
+         \end{\commandkey{scholarlyUNDERSCOREpaperDOTmathUNDERSCOREcontentDOTmcc}}
+        }{%
+         \begin{\commandkey{scholarlyUNDERSCOREpaperDOTmathUNDERSCOREcontentDOTmcc}}[\commandkey{scholarlyUNDERSCOREpaperDOTmathUNDERSCOREcontentDOTshortUNDERSCOREname}]\label{\commandkey{label}} 
+           #1 
+         \end{\commandkey{scholarlyUNDERSCOREpaperDOTmathUNDERSCOREcontentDOTmcc}}
+        }
+    \end{isamarkuptext}%
+ } 
+
+\expandafter\def\csname isaDofDOTtextDOTscholarlyUNDERSCOREpaperDOTmathUNDERSCOREcontent\endcsname{\mathcc}
+
+

Isabelle_DOF-Ontologies/CENELEC_50128/CENELEC_50128.thy

@@ -24,10 +24,14 @@ identifies:
  \<close> 
 
 (*<<*)  
-theory CENELEC_50128
-  imports  "Isabelle_DOF.technical_report"
+theory 
+  CENELEC_50128
+  imports  
+  "Isabelle_DOF.technical_report" 
 begin
 
+define_ontology "DOF-CENELEC_50128.sty" "CENELEC 50128"
+
 (* this is a hack and should go into an own ontology, providing thingsd like:
   - Assumption*
   - Hypothesis*
@@ -155,10 +159,10 @@ which have the required safety integrity level.\<close>
 Definition*[entity]
 \<open>person, group or organisation who fulfils a role as defined in this European Standard.\<close>
 
-declare_reference*[fault]
+declare_reference*[fault::cenelec_term]
 Definition*[error]
 \<open>defect, mistake or inaccuracy which could result in failure or in a deviation 
-from the intended performance or behaviour (cf. @{cenelec_term (unchecked) \<open>fault\<close>})).\<close>
+from the intended performance or behaviour (cf. @{cenelec_term (unchecked) \<open>fault\<close>}).\<close>
 
 Definition*[fault]
 \<open>defect, mistake or inaccuracy which could result in failure or in a deviation 
@@ -521,9 +525,11 @@ text\<open>Figure 3 in Chapter 5: Illustrative Development Lifecycle 1\<close>
 
 text\<open>Global Overview\<close>
 
+(*
 figure*[fig3::figure, relative_width="100", 
  src="''examples/CENELEC_50128/mini_odo/document/figures/CENELEC-Fig.3-docStructure.png''"]
 \<open>Illustrative Development Lifecycle 1\<close>
+*)
 
 text\<open>Actually, the Figure 4 in Chapter 5: Illustrative Development Lifecycle 2 is more fidele
 to the remaining document: Software Architecture and Design phases are merged, like in 7.3.\<close>
@@ -614,9 +620,10 @@ doc_class cenelec_report = text_element +
    invariant must_be_chapter :: "text_element.level \<sigma> = Some(0)" 
    invariant three_eyes_prcpl:: "  written_by \<sigma> \<noteq> fst_check \<sigma> 
                                  \<and> written_by \<sigma> \<noteq> snd_check \<sigma>"
-   
+  
+(* 
 text\<open>see \<^figure>\<open>fig3\<close> and Fig 4 in Chapter 5: Illustrative Development Lifecycle 2\<close>
-
+*)
 doc_class external_specification =
   phase        :: "phase"  <= "SYSDEV_ext"
 
@@ -1007,14 +1014,16 @@ ML\<open>
 fun check_sil oid _ ctxt =
   let
     val ctxt' = Proof_Context.init_global(Context.theory_of ctxt)
-    val monitor_record_value = #value (the (DOF_core.get_object_local oid ctxt'))
+    val DOF_core.Instance {value = monitor_record_value, ...} =
+                          DOF_core.get_instance_global oid (Context.theory_of ctxt)
     val Const _ $ _ $ monitor_sil $ _ = monitor_record_value
-    val traces = AttributeAccess.compute_trace_ML ctxt oid \<^here> \<^here>
+    val traces = AttributeAccess.compute_trace_ML ctxt oid NONE \<^here>
     fun check_sil'' [] = true
       | check_sil'' (x::xs) =
           let
             val (_, doc_oid) = x
-            val doc_record_value = #value (the (DOF_core.get_object_local doc_oid ctxt'))
+            val DOF_core.Instance {value = doc_record_value, ...} =
+                      DOF_core.get_instance_global doc_oid (Context.theory_of ctxt)
             val Const _ $ _ $ _ $ _ $ _ $ cenelec_document_ext = doc_record_value
             val Const _ $ _ $ _ $ doc_sil $ _ $ _ $ _ $ _ $ _ $ _ = cenelec_document_ext
           in 
@@ -1026,27 +1035,37 @@ fun check_sil oid _ ctxt =
   in check_sil'' traces end
 \<close>
 
-setup\<open>DOF_core.update_class_invariant "CENELEC_50128.monitor_SIL0" check_sil\<close>
+setup\<open>
+(fn thy =>
+let val ctxt = Proof_Context.init_global thy
+    val cid = "monitor_SIL0"
+    val binding = DOF_core.binding_from_onto_class_pos cid thy
+    val cid_long = DOF_core.get_onto_class_name_global cid thy
+in  DOF_core.add_ml_invariant binding (DOF_core.make_ml_invariant (check_sil, cid_long)) thy end)
+\<close>
 
 text\<open>
-A more generic example of check_sil which can be generalized:
+A more generic example of check\_sil which can be generalized:
 it is decoupled from the CENELEC current implementation
 but is much less efficient regarding time computation by relying on Isabelle evaluation mechanism.\<close>
 ML\<open>
 fun check_sil_slow oid _ ctxt =
   let 
     val ctxt' = Proof_Context.init_global(Context.theory_of ctxt)
-    val monitor_record_value = #value (the (DOF_core.get_object_local oid ctxt'))
-    val monitor_cid = #cid (the (DOF_core.get_object_local oid ctxt'))
+    val DOF_core.Instance {value = monitor_record_value, ...} =
+                          DOF_core.get_instance_global oid (Context.theory_of ctxt)
+    val DOF_core.Instance {cid = monitor_cid, ...} =
+                          DOF_core.get_instance_global oid (Context.theory_of ctxt)
     val monitor_sil_typ = (Syntax.read_typ ctxt' monitor_cid) --> @{typ "sil"}
     val monitor_sil = Value_Command.value ctxt'
                     (Const("CENELEC_50128.monitor_SIL.sil", monitor_sil_typ) $ monitor_record_value)
-    val traces = AttributeAccess.compute_trace_ML ctxt oid \<^here> \<^here>
+    val traces = AttributeAccess.compute_trace_ML ctxt oid NONE \<^here>
     fun check_sil'  [] = true
       | check_sil' (x::xs) =
           let
             val (doc_cid, doc_oid) = x
-            val doc_record_value = #value (the (DOF_core.get_object_local doc_oid ctxt'))
+            val DOF_core.Instance {value = doc_record_value, ...} =
+                    DOF_core.get_instance_global doc_oid (Context.theory_of ctxt)
             val doc_sil_typ = (Syntax.read_typ ctxt' doc_cid) --> @{typ "sil"} 
             val doc_sil = Value_Command.value ctxt'
                     (Const ("CENELEC_50128.cenelec_document.sil", doc_sil_typ) $ doc_record_value)
@@ -1059,20 +1078,25 @@ fun check_sil_slow oid _ ctxt =
   in check_sil' traces end
 \<close>
 
-(*setup\<open>DOF_core.update_class_invariant "CENELEC_50128.monitor_SIL0" check_sil_slow\<close>*)
+(*setup\<open>
+(fn thy =>
+let val ctxt = Proof_Context.init_global thy
+    val binding = DOF_core.binding_from_onto_class_pos "monitor_SIL0" thy
+in  DOF_core.add_ml_invariant binding check_sil_slow thy end)
+\<close>*)
 
 (* As traces of monitor instances (docitems) are updated each time an instance is declared
-  (with text*, section*, etc.), invariants checking functions which use traces must
-  be declared as lazy invariants, to be checked only when closing a monitor, i.e.,
-  after the monitor traces are populated.
+  (with text*, section*, etc.), invariants checking functions which check the full list of traces
+  must be declared as lazy invariants, to be checked only when closing a monitor, i.e.,
+  after all the monitor traces are populated.
 *)
 ML\<open>
 fun check_required_documents oid _ ctxt = 
   let
     val ctxt' = Proof_Context.init_global(Context.theory_of ctxt)
-    val {monitor_tab,...} = DOF_core.get_data ctxt'
-    val {accepted_cids, ...} = the (Symtab.lookup monitor_tab oid)
-    val traces = AttributeAccess.compute_trace_ML ctxt oid \<^here> \<^here>
+    val DOF_core.Monitor_Info {accepted_cids, ...} =
+                      DOF_core.get_monitor_info_global oid (Context.theory_of ctxt)
+    val traces = AttributeAccess.compute_trace_ML ctxt oid NONE \<^here>
     fun check_required_documents' [] = true
       | check_required_documents' (cid::cids) =
           if exists (fn (doc_cid, _) => equal cid doc_cid) traces
@@ -1080,7 +1104,8 @@ fun check_required_documents oid _ ctxt =
           else
             let
               val ctxt' = Proof_Context.init_global(Context.theory_of ctxt)
-              val monitor_record_value = #value (the (DOF_core.get_object_local oid ctxt'))
+              val DOF_core.Instance {value = monitor_record_value, ...} =
+                          DOF_core.get_instance_global oid (Context.theory_of ctxt)
               val Const _ $ _ $ monitor_sil $ _ = monitor_record_value
             in error ("A " ^ cid ^ " cenelec document is required with "
                       ^ Syntax.string_of_term ctxt' monitor_sil)
@@ -1088,7 +1113,15 @@ fun check_required_documents oid _ ctxt =
   in check_required_documents' accepted_cids end
 \<close>
 
-setup\<open>DOF_core.update_class_lazy_invariant "CENELEC_50128.monitor_SIL0" check_required_documents\<close>
+setup\<open>
+fn thy =>
+let val ctxt = Proof_Context.init_global thy
+    val cid = "monitor_SIL0"
+    val binding = DOF_core.binding_from_onto_class_pos cid thy
+    val cid_long = DOF_core.get_onto_class_name_global cid thy
+in  DOF_core.add_closing_ml_invariant binding 
+      (DOF_core.make_ml_invariant (check_required_documents, cid_long)) thy end
+\<close>
 
 (* Test pattern matching for the records of the current CENELEC implementation classes,
    and used by checking functions.
@@ -1099,11 +1132,11 @@ text*[MonitorPatternMatchingTest::monitor_SIL0]\<open>\<close>
 text*[CenelecClassPatternMatchingTest::SQAP, sil = "SIL0"]\<open>\<close>
 ML\<open>
 val thy = @{theory}
-val monitor_record_value =
-      #value (the (DOF_core.get_object_global "MonitorPatternMatchingTest" thy))
+val DOF_core.Instance {value = monitor_record_value, ...} =
+                                        DOF_core.get_instance_global "MonitorPatternMatchingTest" thy
 val Const _ $ _ $ monitor_sil $ _ = monitor_record_value
-val doc_record_value = #value (the (DOF_core.get_object_global
-                                              "CenelecClassPatternMatchingTest" thy))
+val DOF_core.Instance {value = doc_record_value, ...} =
+                                    DOF_core.get_instance_global "CenelecClassPatternMatchingTest" thy
 val Const _ $ _ $ _ $ _ $ _ $ cenelec_document_ext = doc_record_value
 val Const _ $ _ $ _ $ doc_sil $ _ $ _ $ _ $ _ $ _ $ _ = cenelec_document_ext
 \<close>
@@ -1236,15 +1269,16 @@ doc_class test_documentation =    (* OUTDATED ? *)
 
 
 section\<open>Global Documentation Structure\<close>
-
+(*<<*)
 doc_class global_documentation_structure = text_element +
    level :: "int option" <= "Some(-1::int)"  \<comment> \<open>document must be a chapter\<close>
-   accepts "SYSREQS      ~~                  \<comment> \<open>system_requirements_specification\<close>
-            SYSSREQS     ~~                  \<comment> \<open>system_safety_requirements_specification\<close> 
-            SYSAD        ~~                  \<comment> \<open>system_architecture description\<close>
+   accepts "SYSREQS      ~~                  \<comment> \<open>system requiremens specification\<close>
+            SYSSREQS     ~~                  \<comment> \<open>system safety requirements specification\<close> 
+            SYSAD        ~~                  \<comment> \<open>system architecture description\<close>
             SYSS_pl      ~~                  \<comment> \<open>system safety plan\<close> 
             (SWRS || OSWTS)  "                \<comment> \<open>software requirements specification OR
                                                  overall software test specification\<close> 
+(*>>*)
 (* MORE TO COME : *)
 
 section\<open> META : Testing and Validation \<close>
@@ -1252,10 +1286,10 @@ section\<open> META : Testing and Validation \<close>
 text\<open>Test : @{semi_formal_content \<open>COTS\<close>}\<close>
 
 ML
-\<open> DOF_core.read_cid_global @{theory} "requirement";
-  DOF_core.read_cid_global @{theory} "SRAC";
-  DOF_core.is_defined_cid_global "SRAC" @{theory};
-  DOF_core.is_defined_cid_global "EC" @{theory}; \<close>
+\<open> DOF_core.get_onto_class_name_global "requirement" @{theory};
+  DOF_core.get_onto_class_name_global "SRAC" @{theory};
+  DOF_core.get_onto_class_global "SRAC" @{theory};
+  DOF_core.get_onto_class_global "EC" @{theory}; \<close>
 
 ML
 \<open> DOF_core.is_subclass @{context} "CENELEC_50128.EC"   "CENELEC_50128.EC";
@@ -1264,18 +1298,19 @@ ML
   DOF_core.is_subclass @{context} "CENELEC_50128.EC"   "CENELEC_50128.test_requirement"; \<close>
 
 ML
-\<open> val {docobj_tab={maxano, tab=ref_tab},docclass_tab=class_tab,...} = DOF_core.get_data @{context};
-  Symtab.dest ref_tab;
-  Symtab.dest class_tab; \<close>
+\<open> val ref_tab = DOF_core.get_instances \<^context> 
+  val docclass_tab = DOF_core.get_onto_classes @{context};
+  Name_Space.dest_table ref_tab;
+  Name_Space.dest_table docclass_tab; \<close>
 
 ML
 \<open> val internal_data_of_SRAC_definition = DOF_core.get_attributes_local "SRAC" @{context} \<close> 
 
 ML
-\<open> DOF_core.read_cid_global         @{theory}  "requirement";
+\<open> DOF_core.get_onto_class_name_global "requirement" @{theory};
   Syntax.parse_typ                 @{context} "requirement";
   val Type(t,_) = Syntax.parse_typ @{context} "requirement" handle ERROR _ => dummyT; 
   Syntax.read_typ                  @{context} "hypothesis"  handle  _ => dummyT;
   Proof_Context.init_global; \<close>
 
-end
+end

Isabelle_DOF-Ontologies/CENELEC_50128/CENELEC_50128_Documentation.thy

@@ -0,0 +1,397 @@
+(*************************************************************************
+ * Copyright (C) 
+ *               2019-2023      The University of Exeter 
+ *               2018-2023 The University of Paris-Saclay
+ *               2018      The University of Sheffield
+ *
+ * License:
+ *   This program can be redistributed and/or modified under the terms
+ *   of the 2-clause BSD-style license.
+ *
+ *   SPDX-License-Identifier: BSD-2-Clause
+ *************************************************************************)
+
+(*<<*)  
+theory 
+  CENELEC_50128_Documentation
+  imports  
+  CENELEC_50128
+           
+begin
+
+define_shortcut* dof     \<rightleftharpoons> \<open>\dof\<close>
+                 isadof  \<rightleftharpoons> \<open>\isadof{}\<close>
+define_shortcut* TeXLive \<rightleftharpoons> \<open>\TeXLive\<close>
+                 BibTeX  \<rightleftharpoons> \<open>\BibTeX{}\<close> 
+                 LaTeX   \<rightleftharpoons> \<open>\LaTeX{}\<close>
+                 TeX     \<rightleftharpoons> \<open>\TeX{}\<close>
+                 pdf     \<rightleftharpoons> \<open>PDF\<close>
+
+ML\<open>
+
+fun boxed_text_antiquotation name (* redefined in these more abstract terms *) =
+    DOF_lib.gen_text_antiquotation name DOF_lib.report_text
+                           (fn ctxt => DOF_lib.string_2_text_antiquotation ctxt
+                                       #> DOF_lib.enclose_env false ctxt "isarbox")
+
+val neant = K(Latex.text("",\<^here>))
+
+fun boxed_theory_text_antiquotation name (* redefined in these more abstract terms *) =
+    DOF_lib.gen_text_antiquotation name DOF_lib.report_theory_text
+                           (fn ctxt => DOF_lib.string_2_theory_text_antiquotation ctxt
+                                        #> DOF_lib.enclose_env false ctxt "isarbox"
+                                        (* #> neant *)) (*debugging *)
+
+fun boxed_sml_text_antiquotation name  =
+    DOF_lib.gen_text_antiquotation name (K(K()))
+                           (fn ctxt => Input.source_content
+                                        #> Latex.text
+                                        #> DOF_lib.enclose_env true ctxt "sml")
+                           (* the simplest conversion possible *)
+
+fun boxed_pdf_antiquotation name =
+    DOF_lib.gen_text_antiquotation name (K(K()))
+                           (fn ctxt => Input.source_content
+                                        #> Latex.text
+                                        #> DOF_lib.enclose_env true ctxt "out")
+                           (* the simplest conversion possible *)
+
+fun boxed_latex_antiquotation name =
+    DOF_lib.gen_text_antiquotation name (K(K()))
+                           (fn ctxt => Input.source_content
+                                        #> Latex.text
+                                        #> DOF_lib.enclose_env true ctxt "ltx")
+                           (* the simplest conversion possible *)
+
+fun boxed_bash_antiquotation name =
+    DOF_lib.gen_text_antiquotation name (K(K()))
+                           (fn ctxt => Input.source_content
+                                        #> Latex.text
+                                        #> DOF_lib.enclose_env true ctxt "bash")
+                           (* the simplest conversion possible *)
+\<close>
+
+setup\<open>(* std_text_antiquotation        \<^binding>\<open>my_text\<close> #> *)
+      boxed_text_antiquotation         \<^binding>\<open>boxed_text\<close> #>
+      (* std_text_antiquotation        \<^binding>\<open>my_cartouche\<close> #> *)
+      boxed_text_antiquotation         \<^binding>\<open>boxed_cartouche\<close> #>
+      (* std_theory_text_antiquotation \<^binding>\<open>my_theory_text\<close>#> *)
+      boxed_theory_text_antiquotation  \<^binding>\<open>boxed_theory_text\<close> #>
+
+      boxed_sml_text_antiquotation     \<^binding>\<open>boxed_sml\<close> #>
+      boxed_pdf_antiquotation          \<^binding>\<open>boxed_pdf\<close> #>
+      boxed_latex_antiquotation        \<^binding>\<open>boxed_latex\<close>#>
+      boxed_bash_antiquotation         \<^binding>\<open>boxed_bash\<close>
+     \<close>
+
+
+
+(*>>*)  
+
+section*[cenelec_onto::example]\<open>Writing Certification Documents \<^boxed_theory_text>\<open>CENELEC_50128\<close>\<close>
+subsection\<open>The CENELEC 50128 Example\<close>
+text\<open> 
+  The ontology \<^verbatim>\<open>CENELEC_50128\<close>\index{ontology!CENELEC\_50128} is a small ontology modeling 
+  documents for a certification following CENELEC 50128~@{cite "boulanger:cenelec-50128:2015"}.
+  The \<^isadof> distribution contains a small example  using the ontology ``CENELEC\_50128'' in 
+  the directory \nolinkurl{examples/CENELEC_50128/mini_odo/}. You can inspect/edit the 
+  integrated source example by either 
+  \<^item> starting Isabelle/jEdit using your graphical user interface (\<^eg>, by clicking on the 
+    Isabelle-Icon provided by the Isabelle installation) and loading the file 
+    \nolinkurl{examples/CENELEC_50128/mini_odo/mini_odo.thy}.
+  \<^item> starting Isabelle/jEdit from the command line by calling:
+
+@{boxed_bash [display]\<open>ë\prompt{\isadofdirn}ë 
+  isabelle jedit examples/CENELEC_50128/mini_odo/mini_odo.thy \<close>}
+\<close>
+text\<open>\<^noindent> Finally, you
+  \<^item>   can build the \<^pdf>-document by calling:
+@{boxed_bash [display]\<open>ë\prompt{\isadofdirn}ë isabelle build mini_odo \<close>}
+\<close>
+ 
+subsection\<open>Modeling CENELEC 50128\<close>
+
+text\<open>
+  Documents to be provided in formal certifications (such as CENELEC 
+  50128~@{cite "boulanger:cenelec-50128:2015"} or Common Criteria~@{cite "cc:cc-part3:2006"}) can 
+  much profit from the control of ontological consistency:  a substantial amount of the work
+  of evaluators in formal certification processes consists in  tracing down the links from 
+  requirements over assumptions down to elements of evidence, be it in form of semi-formal 
+  documentation, models, code, or tests.  In a certification process, traceability becomes a major 
+  concern; and providing mechanisms to ensure complete traceability already at the development of 
+  the integrated source can in our view increase the speed and reduce the risk certification 
+  processes. Making the link-structure machine-checkable, be it between requirements, assumptions, 
+  their implementation and their discharge by evidence (be it tests, proofs, or authoritative 
+  arguments), has the potential in our view to decrease the cost of software developments 
+  targeting certifications. 
+
+  As in many other cases, formal certification documents come with an own terminology and pragmatics
+  of what has to be demonstrated and where, and how the traceability of requirements through 
+  design-models over code to system environment assumptions has to be assured.  
+
+  In the sequel, we present a simplified version of an ontological model used in a 
+  case-study~@{cite "bezzecchi.ea:making:2018"}. We start with an introduction of the concept of 
+  requirement:
+
+@{boxed_theory_text [display]\<open>
+doc_class requirement = long_name :: "string option"
+
+doc_class hypothesis = requirement +
+      hyp_type :: hyp_type <= physical  (* default *)
+  
+datatype ass_kind = informal | semiformal | formal
+  
+doc_class assumption = requirement +
+     assumption_kind :: ass_kind <= informal 
+\<close>}
+
+Such ontologies can be enriched by larger explanations and examples, which may help
+the team of engineers substantially when developing the central document for a certification, 
+like an explication of what is precisely the difference between an \<^typ>\<open>hypothesis\<close> and an 
+\<^typ>\<open>assumption\<close> in the context of the evaluation standard. Since the PIDE makes for each 
+document class its definition available by a simple mouse-click, this kind on meta-knowledge 
+can be made far more accessible during the document evolution.
+
+For example, the term of category \<^typ>\<open>assumption\<close> is used for domain-specific assumptions. 
+It has \<^const>\<open>formal\<close>, \<^const>\<open>semiformal\<close> and \<^const>\<open>informal\<close> sub-categories. They have to be 
+tracked and discharged by appropriate validation procedures within a 
+certification process, be it by test or proof. It is different from a \<^typ>\<open>hypothesis\<close>, which is
+globally assumed and accepted.
+
+In the sequel, the category \<^typ>\<open>exported_constraint\<close> (or \<^typ>\<open>EC\<close> for short)
+is used for formal assumptions, that arise during the analysis,
+design or implementation and have to be tracked till the final
+evaluation target, and discharged by appropriate validation procedures 
+within the certification process, be it by test or proof.  A particular class of interest 
+is the category \<^typ>\<open>safety_related_application_condition\<close> (or \<^typ>\<open>SRAC\<close> 
+for short) which is used for \<^typ>\<open>EC\<close>'s that establish safety properties
+of the evaluation target. Their traceability throughout the certification
+is therefore particularly critical. This is naturally modeled as follows:
+@{boxed_theory_text [display]\<open>  
+doc_class EC = assumption  +
+     assumption_kind :: ass_kind <= (*default *) formal
+                        
+doc_class SRAC = EC  +
+     assumption_kind :: ass_kind <= (*default *) formal
+\<close>}
+
+We now can, \<^eg>, write 
+
+@{boxed_theory_text [display]\<open>
+text*[ass123::SRAC]\<open> 
+  The overall sampling frequence of the odometer subsystem is therefore 
+  14 khz, which includes sampling, computing and result communication 
+  times \ldots
+\<close>
+\<close>}
+
+This will be shown in the \<^pdf> as follows:
+\<close>
+text*[ass123::SRAC] \<open> The overall sampling frequency of the odometer
+subsystem is therefore 14 khz, which includes sampling, computing and
+result communication times \ldots \<close>
+
+text\<open>Note that this \<^pdf>-output is the result of a specific setup for \<^typ>\<open>SRAC\<close>s.\<close>
+
+subsection*[ontopide::technical]\<open>Editing Support for CENELEC 50128\<close>  
+figure*[figfig3::figure,relative_width="95",file_src="''figures/antiquotations-PIDE.png''"]
+\<open> Standard antiquotations referring to theory elements.\<close>
+text\<open> The corresponding view in @{docitem  \<open>figfig3\<close>} shows core part of a document 
+conforming to the \<^verbatim>\<open>CENELEC_50128\<close> ontology. The first sample shows standard Isabelle antiquotations 
+@{cite "wenzel:isabelle-isar:2020"} into formal entities of a theory. This way, the informal parts 
+of a document get ``formal content'' and become more robust under change.\<close>
+
+figure*[figfig5::figure, relative_width="95", file_src="''figures/srac-definition.png''"]
+        \<open> Defining a \<^typ>\<open>SRAC\<close> in the integrated source ... \<close>
+
+figure*[figfig7::figure, relative_width="95", file_src="''figures/srac-as-es-application.png''"]
+        \<open> Using a \<^typ>\<open>SRAC\<close> as \<^typ>\<open>EC\<close> document element. \<close>
+text\<open> The subsequent sample in @{figure \<open>figfig5\<close>} shows the definition of a
+\<^emph>\<open>safety-related application condition\<close>, a side-condition of a theorem which 
+has the consequence that a certain calculation must be executed sufficiently fast on an embedded 
+device. This condition can not be established inside the formal theory but has to be 
+checked by system integration tests. Now we reference in @{figure  \<open>figfig7\<close>} this 
+safety-related condition; however, this happens in a context where general \<^emph>\<open>exported constraints\<close> 
+are listed. \<^isadof>'s checks and establishes that this is legal in the given ontology. 
+\<close>    
+
+text\<open>
+\<^item> \<^theory_text>\<open>@{term_ \<open>term\<close> }\<close> parses and type-checks \<open>term\<close> with term antiquotations,
+  for instance \<^theory_text>\<open>@{term_ \<open>@{cenelec-term \<open>FT\<close>}\<close>}\<close> will parse and check
+  that \<open>FT\<close> is indeed an instance of the class \<^typ>\<open>cenelec_term\<close>,
+\<close>
+
+subsection\<open>A Domain-Specific Ontology: \<^verbatim>\<open>CENELEC_50128\<close>\<close>
+(*<*)
+ML\<open>val toLaTeX = String.translate (fn c => if c = #"_" then "\\_" else String.implode[c])\<close>     
+ML\<open>writeln (DOF_core.print_doc_class_tree 
+                 @{context} (fn (n,l) =>  true (*     String.isPrefix "technical_report" l 
+                                         orelse String.isPrefix "Isa_COL" l *)) 
+                 toLaTeX)\<close>
+(*>*)
+text\<open> The \<^verbatim>\<open>CENELEC_50128\<close> ontology in \<^theory>\<open>Isabelle_DOF-Ontologies.CENELEC_50128\<close>
+is an example of a domain-specific ontology.
+It is based on  \<^verbatim>\<open>technical_report\<close> since we assume that this kind of format will be most
+appropriate for this type of long-and-tedious documents,
+
+%
+\begin{center}
+\begin{minipage}{.9\textwidth}\footnotesize
+\dirtree{%
+.0 .
+.1 CENELEC\_50128.judgement\DTcomment{...}.
+.1 CENELEC\_50128.test\_item\DTcomment{...}.
+.2 CENELEC\_50128.test\_case\DTcomment{...}.
+.2 CENELEC\_50128.test\_tool\DTcomment{...}.
+.2 CENELEC\_50128.test\_result\DTcomment{...}.
+.2 CENELEC\_50128.test\_adm\_role\DTcomment{...}.
+.2 CENELEC\_50128.test\_environment\DTcomment{...}.
+.2 CENELEC\_50128.test\_requirement\DTcomment{...}.
+.2 CENELEC\_50128.test\_specification\DTcomment{...}.
+.1 CENELEC\_50128.objectives\DTcomment{...}.
+.1 CENELEC\_50128.design\_item\DTcomment{...}.
+.2 CENELEC\_50128.interface\DTcomment{...}.
+.1 CENELEC\_50128.sub\_requirement\DTcomment{...}.
+.1 CENELEC\_50128.test\_documentation\DTcomment{...}.
+.1 Isa\_COL.text\_element\DTcomment{...}.
+.2 CENELEC\_50128.requirement\DTcomment{...}.
+.3 CENELEC\_50128.TC\DTcomment{...}.
+.3 CENELEC\_50128.FnI\DTcomment{...}.
+.3 CENELEC\_50128.SIR\DTcomment{...}.
+.3 CENELEC\_50128.CoAS\DTcomment{...}.
+.3 CENELEC\_50128.HtbC\DTcomment{...}.
+.3 CENELEC\_50128.SILA\DTcomment{...}.
+.3 CENELEC\_50128.assumption\DTcomment{...}.
+.4 CENELEC\_50128.AC\DTcomment{...}.
+.5 CENELEC\_50128.EC\DTcomment{...}.
+.6 CENELEC\_50128.SRAC\DTcomment{...}.
+.3 CENELEC\_50128.hypothesis\DTcomment{...}.
+.4 CENELEC\_50128.security\_hyp\DTcomment{...}.
+.3 CENELEC\_50128.safety\_requirement\DTcomment{...}.
+.2 CENELEC\_50128.cenelec\_text\DTcomment{...}.
+.3 CENELEC\_50128.SWAS\DTcomment{...}.
+.3 [...].
+.2 scholarly\_paper.text\_section\DTcomment{...}.
+.3 scholarly\_paper.technical\DTcomment{...}.
+.4 scholarly\_paper.math\_content\DTcomment{...}.
+.5 CENELEC\_50128.semi\_formal\_content\DTcomment{...}.
+.1 ...
+}
+\end{minipage}
+\end{center}
+\<close>
+
+(* TODO : Rearrange ontology hierarchies. *)
+
+subsubsection\<open>Examples\<close>
+
+text\<open>
+The category ``exported constraint (EC)'' is, in the file 
+\<^file>\<open>CENELEC_50128.thy\<close> defined as follows:
+
+@{boxed_theory_text [display]\<open>
+doc_class requirement = text_element +
+   long_name    :: "string option"
+   is_concerned :: "role set"
+doc_class assumption = requirement +
+     assumption_kind :: ass_kind <= informal 
+doc_class AC = assumption +
+   is_concerned :: "role set" <= "UNIV"
+doc_class EC = AC  +
+     assumption_kind :: ass_kind <= (*default *) formal
+\<close>}
+\<close>
+text\<open>
+We now define the document representations, in the file 
+\<^file>\<open>DOF-CENELEC_50128.sty\<close>. Let us assume that we want to 
+register the definition of EC's in a dedicated table of contents (\<^boxed_latex>\<open>tos\<close>) 
+and use an earlier defined environment \inlineltx|\begin{EC}...\end{EC}| for their graphical 
+representation. Note that the \inlineltx|\newisadof{}[]{}|-command requires the 
+full-qualified names, \<^eg>, \<^boxed_theory_text>\<open>text.CENELEC_50128.EC\<close> for the document class and 
+\<^boxed_theory_text>\<open>CENELEC_50128.requirement.long_name\<close> for the  attribute \<^const>\<open>long_name\<close>, 
+inherited from the document class \<^typ>\<open>requirement\<close>. The representation of \<^typ>\<open>EC\<close>'s
+can now be defined as follows:
+% TODO:
+% Explain the text qualifier of the long_name text.CENELEC_50128.EC
+
+\begin{ltx}
+\newisadof{text.CENELEC_50128.EC}%
+[label=,type=%
+,Isa_COL.text_element.level=%
+,Isa_COL.text_element.referentiable=%
+,Isa_COL.text_element.variants=%
+,CENELEC_50128.requirement.is_concerned=%
+,CENELEC_50128.requirement.long_name=%
+,CENELEC_50128.EC.assumption_kind=][1]{%
+\begin{isamarkuptext}%
+   \ifthenelse{\equal{\commandkey{CENELEC_50128.requirement.long_name}}{}}{%
+      % If long_name is not defined, we only create an entry in the table tos
+      % using the auto-generated number of the EC 
+      \begin{EC}%
+          \addxcontentsline{tos}{chapter}[]{\autoref{\commandkey{label}}}%
+    }{%
+      % If long_name is defined, we use the long_name as title in the 
+      % layout of the EC, in the table "tos" and as index entry. .
+      \begin{EC}[\commandkey{CENELEC_50128.requirement.long_name}]%
+        \addxcontentsline{toe}{chapter}[]{\autoref{\commandkey{label}}: %
+              \commandkey{CENELEC_50128.requirement.long_name}}%
+        \DOFindex{EC}{\commandkey{CENELEC_50128.requirement.long_name}}%
+    }%
+    \label{\commandkey{label}}% we use the label attribute as anchor 
+    #1% The main text of the EC
+  \end{EC}
+\end{isamarkuptext}%
+}
+\end{ltx}
+\<close>
+text\<open>
+  For example, the @{docitem "ass123"} is mapped to
+
+@{boxed_latex [display]
+\<open>\begin{isamarkuptext*}%
+[label = {ass122},type = {CENELEC_50128.SRAC}, 
+ args={label = {ass122}, type = {CENELEC_50128.SRAC}, 
+       CENELEC_50128.EC.assumption_kind = {formal}}
+] The overall sampling frequence of the odometer subsystem is therefore 
+ 14 khz, which includes sampling, computing and result communication 
+ times ...
+\end{isamarkuptext*}\<close>}
+
+This environment is mapped to a plain \<^LaTeX> command via:
+@{boxed_latex [display]
+\<open> \NewEnviron{isamarkuptext*}[1][]{\isaDof[env={text},#1]{\BODY}} \<close>}
+\<close>
+text\<open>
+For the command-based setup, \<^isadof> provides a dispatcher that selects the most specific 
+implementation for a given \<^boxed_theory_text>\<open>doc_class\<close>:
+
+@{boxed_latex [display]
+\<open>%% The Isabelle/DOF dispatcher:
+\newkeycommand+[\|]\isaDof[env={UNKNOWN},label=,type={dummyT},args={}][1]{%
+  \ifcsname isaDof.\commandkey{type}\endcsname%
+      \csname isaDof.\commandkey{type}\endcsname%
+              [label=\commandkey{label},\commandkey{args}]{#1}%
+  \else\relax\fi%
+  \ifcsname isaDof.\commandkey{env}.\commandkey{type}\endcsname%
+      \csname isaDof.\commandkey{env}.\commandkey{type}\endcsname%
+              [label=\commandkey{label},\commandkey{args}]{#1}%
+  \else%
+      \message{Isabelle/DOF: Using default LaTeX representation for concept %
+        "\commandkey{env}.\commandkey{type}".}%
+      \ifcsname isaDof.\commandkey{env}\endcsname%
+         \csname isaDof.\commandkey{env}\endcsname%
+                [label=\commandkey{label}]{#1}%
+      \else%
+      \errmessage{Isabelle/DOF: No LaTeX representation for concept %
+        "\commandkey{env}.\commandkey{type}" defined and no default %
+        definition for "\commandkey{env}" available either.}%
+      \fi%
+  \fi%
+}\<close>}
+\<close>
+
+
+
+(*<<*)  
+end 
+(*>>*)  

Isabelle_DOF-Ontologies/CENELEC_50128/DOF-CENELEC_50128.sty

@@ -60,26 +60,26 @@
 }
 
 \newcommand{\SRACautorefname}{SRAC}
-\newisadof{text.CENELEC_50128.SRAC}%
+\newisadof{textDOTCENELECUNDERSCORE50128DOTSRAC}%
 [label=,type=%
-,Isa_COL.text_element.level=%
-,Isa_COL.text_element.referentiable=%
-,Isa_COL.text_element.variants=%
-,CENELEC_50128.requirement.is_concerned=%
-,CENELEC_50128.requirement.long_name=%
-,CENELEC_50128.SRAC.formal_repr=%
-,CENELEC_50128.SRAC.assumption_kind=%
-,CENELEC_50128.EC.assumption_kind=%
-,CENELEC_50128.assumption.assumption_kind=%
+,IsaUNDERSCORECOLDOTtextUNDERSCOREelementDOTlevel=%
+,IsaUNDERSCORECOLDOTtextUNDERSCOREelementDOTreferentiable=%
+,IsaUNDERSCORECOLDOTtextUNDERSCOREelementDOTvariants=%
+,CENELECUNDERSCORE50128DOTrequirementDOTisUNDERSCOREconcerned=%
+,CENELECUNDERSCORE50128DOTrequirementDOTlongUNDERSCOREname=%
+,CENELECUNDERSCORE50128DOTSRACDOTformalUNDERSCORErepr=%
+,CENELECUNDERSCORE50128DOTSRACDOTassumptionUNDERSCOREkind=%
+,CENELECUNDERSCORE50128DOTECDOTassumptionUNDERSCOREkind=%
+,CENELECUNDERSCORE50128DOTassumptionDOTassumptionUNDERSCOREkind=%
 ][1]{%
   \begin{isamarkuptext}%
-      \ifthenelse{\equal{\commandkey{CENELEC_50128.requirement.long_name}}{}}{%
+      \ifthenelse{\equal{\commandkey{CENELECUNDERSCORE50128DOTrequirementDOTlongUNDERSCOREname}}{}}{%
         \begin{SRAC}%
             \addxcontentsline{tos}{chapter}[]{\autoref{\commandkey{label}}}%
       }{%
-        \begin{SRAC}[\commandkey{CENELEC_50128.requirement.long_name}]%
-          \addxcontentsline{tos}{chapter}[]{\autoref{\commandkey{label}}: \commandkey{CENELEC_50128.requirement.long_name}}%
-          \DOFindex{SRAC}{\commandkey{CENELEC_50128.requirement.long_name}}%
+        \begin{SRAC}[\commandkey{CENELECUNDERSCORE50128DOTrequirementDOTlongUNDERSCOREname}]%
+          \addxcontentsline{tos}{chapter}[]{\autoref{\commandkey{label}}: \commandkey{CENELECUNDERSCORE50128DOTrequirementDOTlongUNDERSCOREname}}%
+          \DOFindex{SRAC}{\commandkey{CENELECUNDERSCORE50128DOTrequirementDOTlongUNDERSCOREname}}%
       }\label{\commandkey{label}}%
       #1%
     \end{SRAC}
@@ -113,26 +113,26 @@
 }
 
 \newcommand{\ECautorefname}{EC}
-\newisadof{text.CENELEC_50128.EC}%
+\newisadof{textDOTCENELECUNDERSCORE50128DOTEC}%
 [label=,type=%
-,Isa_COL.text_element.level=%
-,Isa_COL.text_element.referentiable=%
-,Isa_COL.text_element.variants=%
-,CENELEC_50128.requirement.is_concerned=%
-,CENELEC_50128.requirement.long_name=%
-,CENELEC_50128.SRAC.formal_repr=%
-,CENELEC_50128.SRAC.assumption_kind=%
-,CENELEC_50128.EC.assumption_kind=%
-,CENELEC_50128.assumption.assumption_kind=%
+,IsaUNDERSCORECOLDOTtextUNDERSCOREelementDOTlevel=%
+,IsaUNDERSCORECOLDOTtextUNDERSCOREelementDOTreferentiable=%
+,IsaUNDERSCORECOLDOTtextUNDERSCOREelementDOTvariants=%
+,CENELECUNDERSCORE50128DOTrequirementDOTisUNDERSCOREconcerned=%
+,CENELECUNDERSCORE50128DOTrequirementDOTlongUNDERSCOREname=%
+,CENELECUNDERSCORE50128DOTSRACDOTformalUNDERSCORErepr=%
+,CENELECUNDERSCORE50128DOTSRACDOTassumptionUNDERSCOREkind=%
+,CENELECUNDERSCORE50128DOTECDOTassumptionUNDERSCOREkind=%
+,CENELECUNDERSCORE50128DOTassumptionDOTassumptionUNDERSCOREkind=%
 ][1]{%
   \begin{isamarkuptext}%
-      \ifthenelse{\equal{\commandkey{CENELEC_50128.requirement.long_name}}{}}{%
+      \ifthenelse{\equal{\commandkey{CENELECUNDERSCORE50128DOTrequirementDOTlongUNDERSCOREname}}{}}{%
         \begin{EC}%
             \addxcontentsline{tos}{chapter}[]{\autoref{\commandkey{label}}}%
       }{%
-        \begin{EC}[\commandkey{CENELEC_50128.requirement.long_name}]%
-          \addxcontentsline{toe}{chapter}[]{\autoref{\commandkey{label}}: \commandkey{CENELEC_50128.requirement.long_name}}%
-          \DOFindex{EC}{\commandkey{CENELEC_50128.requirement.long_name}}%
+        \begin{EC}[\commandkey{CENELECUNDERSCORE50128DOTrequirementDOTlongUNDERSCOREname}]%
+          \addxcontentsline{toe}{chapter}[]{\autoref{\commandkey{label}}: \commandkey{CENELECUNDERSCORE50128DOTrequirementDOTlongUNDERSCOREname}}%
+          \DOFindex{EC}{\commandkey{CENELECUNDERSCORE50128DOTrequirementDOTlongUNDERSCOREname}}%
       }\label{\commandkey{label}}%
       #1%
     \end{EC}
@@ -155,23 +155,23 @@
 }
 
 \newcommand{\assumptionautorefname}{assumption}
-\newisadof{text.CENELEC_50128.assumption}%
+\newisadof{textDOTCENELECUNDERSCORE50128DOTassumption}%
 [label=,type=%
-,Isa_COL.text_element.level=%
-,Isa_COL.text_element.referentiable=%
-,Isa_COL.text_element.variants=%
-,CENELEC_50128.requirement.is_concerned=%
-,CENELEC_50128.requirement.long_name=%
-,CENELEC_50128.SRAC.formal_repr=%
-,CENELEC_50128.SRAC.assumption_kind=%
-,CENELEC_50128.assumption.assumption_kind=%
+,IsaUNDERSCORECOLDOTtextUNDERSCOREelementDOTlevel=%
+,IsaUNDERSCORECOLDOTtextUNDERSCOREelementDOTreferentiable=%
+,IsaUNDERSCORECOLDOTtextUNDERSCOREelementDOTvariants=%
+,CENELECUNDERSCORE50128DOTrequirementDOTisUNDERSCOREconcerned=%
+,CENELECUNDERSCORE50128DOTrequirementDOTlongUNDERSCOREname=%
+,CENELECUNDERSCORE50128DOTSRACDOTformalUNDERSCORErepr=%
+,CENELECUNDERSCORE50128DOTSRACDOTassumptionUNDERSCOREkind=%
+,CENELECUNDERSCORE50128DOTassumptionDOTassumptionUNDERSCOREkind=%
 ][1]{%
   \begin{isamarkuptext}%
-      \ifthenelse{\equal{\commandkey{CENELEC_50128.requirement.long_name}}{}}{%
+      \ifthenelse{\equal{\commandkey{CENELECUNDERSCORE50128DOTrequirementDOTlongUNDERSCOREname}}{}}{%
         \begin{assumption}%
       }{%
-        \begin{assumption}[\commandkey{CENELEC_50128.requirement.long_name}]%
-          \DOFindex{assumption}{\commandkey{CENELEC_50128.requirement.long_name}}%
+        \begin{assumption}[\commandkey{CENELECUNDERSCORE50128DOTrequirementDOTlongUNDERSCOREname}]%
+          \DOFindex{assumption}{\commandkey{CENELECUNDERSCORE50128DOTrequirementDOTlongUNDERSCOREname}}%
       }\label{\commandkey{label}}%
       #1%
     \end{assumption}
@@ -196,23 +196,23 @@
 
 
 \newcommand{\hypothesisautorefname}{hypothesis}
-\newisadof{text.CENELEC_50128.hypothesis}%
+\newisadof{textDOTCENELECUNDERSCORE50128DOThypothesis}%
 [label=,type=%
-,Isa_COL.text_element.level=%
-,Isa_COL.text_element.referentiable=%
-,Isa_COL.text_element.variants=%
-,CENELEC_50128.requirement.is_concerned=%
-,CENELEC_50128.requirement.long_name=%
-,CENELEC_50128.SRAC.formal_repr=%
-,CENELEC_50128.SRAC.hypothesis_kind=%
-,CENELEC_50128.hypothesis.hyp_type=%
+,IsaUNDERSCORECOLDOTtextUNDERSCOREelementDOTlevel=%
+,IsaUNDERSCORECOLDOTtextUNDERSCOREelementDOTreferentiable=%
+,IsaUNDERSCORECOLDOTtextUNDERSCOREelementDOTvariants=%
+,CENELECUNDERSCORE50128DOTrequirementDOTisUNDERSCOREconcerned=%
+,CENELECUNDERSCORE50128DOTrequirementDOTlongUNDERSCOREname=%
+,CENELECUNDERSCORE50128DOTSRACDOTformalUNDERSCORErepr=%
+,CENELECUNDERSCORE50128DOTSRACDOThypothesisUNDERSCOREkind=%
+,CENELECUNDERSCORE50128DOThypothesisDOThypUNDERSCOREtype=%
 ][1]{%
   \begin{isamarkuptext}%
-      \ifthenelse{\equal{\commandkey{CENELEC_50128.requirement.long_name}}{}}{%
+      \ifthenelse{\equal{\commandkey{CENELECUNDERSCORE50128DOTrequirementDOTlongUNDERSCOREname}}{}}{%
         \begin{hypothesis}%
       }{%
-        \begin{hypothesis}[\commandkey{CENELEC_50128.requirement.long_name}]%
-          \DOFindex{hypothesis}{\commandkey{CENELEC_50128.requirement.long_name}}%
+        \begin{hypothesis}[\commandkey{CENELECUNDERSCORE50128DOTrequirementDOTlongUNDERSCOREname}]%
+          \DOFindex{hypothesis}{\commandkey{CENELECUNDERSCORE50128DOTrequirementDOTlongUNDERSCOREname}}%
       }\label{\commandkey{label}}%
       #1%
     \end{hypothesis}

Isabelle_DOF-Ontologies/Conceptual/Conceptual.thy

@@ -11,7 +11,7 @@
  *   SPDX-License-Identifier: BSD-2-Clause
  *************************************************************************)
 
-section\<open>A conceptual introduction into DOF and its features:\<close>
+chapter\<open>A conceptual introduction into DOF and its features:\<close>
 
 theory 
   Conceptual
@@ -20,23 +20,25 @@ imports
   "Isabelle_DOF.Isa_COL"
 begin
 
+section\<open>Excursion: On the semantic consequences of this definition: \<close>
+
+text\<open>Consider the following document class definition and its consequences:\<close>
 
 doc_class A =
    level :: "int option"
    x :: int
 
-subsection\<open>Excursion: On the semantic consequences of this definition: \<close>
 
 text\<open>This class definition leads an implicit Isabelle/HOL  \<^theory_text>\<open>record\<close>  definition 
-(cf. \<^url>\<open>https://isabelle.in.tum.de/dist/Isabelle2021/doc/isar-ref.pdf\<close>, chapter 11.6.).
+(cf. \<^url>\<open>https://isabelle.in.tum.de/doc/isar-ref.pdf\<close>, chapter 11.6.).
 Consequently, \<^theory_text>\<open>doc_class\<close>'es inherit the entire theory-infrastructure from Isabelle records:
 \<^enum> there is a HOL-type \<^typ>\<open>A\<close> and its extensible version \<^typ>\<open>'a A_scheme\<close> 
-\<^enum> there are HOL-terms representing \<^emph>\<open>doc_class instances\<close> with the high-level syntax:
+\<^enum> there are HOL-terms representing \<^emph>\<open>doc\_class instances\<close> with the high-level syntax:
     \<^enum> \<^term>\<open>undefined\<lparr>level := Some (1::int), x := 5::int \<rparr> :: A\<close>
       (Note that this way to construct an instance is not necessarily computable
     \<^enum> \<^term>\<open>\<lparr>tag_attribute = X, level = Y, x = Z\<rparr> :: A\<close>
     \<^enum> \<^term>\<open>\<lparr>tag_attribute = X, level = Y, x = Z, \<dots> = M\<rparr> :: ('a A_scheme)\<close>
-\<^enum> there is an entire proof infra-structure allowing to reason about \<^emph>\<open>doc_class instances\<close>;
+\<^enum> there is an entire proof infra-structure allowing to reason about \<^emph>\<open>doc\_class instances\<close>;
   this involves the constructor, the selectors (representing the  \<^emph>\<open>attributes\<close> in OO lingo)
   the update functions, the rules to establish equality and, if possible the code generator
   setups:
@@ -49,23 +51,61 @@ Consequently, \<^theory_text>\<open>doc_class\<close>'es inherit the entire theo
     \<^enum> @{thm [display] A.simps(6)}
     \<^enum> ...
 \<close>
-(* the generated theory of the \<^theory_text>\<open>doc_class\<close> A can be inspected, of course, by *)
+
+text\<open>The generated theory of the \<^theory_text>\<open>doc_class\<close> A can be inspected, of course, by:\<close>  
 find_theorems (60) name:Conceptual name:A
 
+text\<open>A more abstract view on the state of the DOF machine can be found here:\<close>
+
+print_doc_classes
+
+print_doc_items
+
+text\<open>... and an ML-level output:\<close>
+
+ML\<open>
+val docitem_tab = DOF_core.get_instances \<^context>;
+val isa_transformer_tab = DOF_core.get_isa_transformers \<^context>;
+val docclass_tab = DOF_core.get_onto_classes \<^context>;
+
+\<close>
+
+ML\<open>
+Name_Space.dest_table docitem_tab;
+Name_Space.dest_table isa_transformer_tab;
+Name_Space.dest_table docclass_tab;
+\<close>
+text\<open>... or as ML assertion: \<close>
+ML\<open> 
+@{assert} (Name_Space.dest_table docitem_tab = []);
+fun match ("Conceptual.A", (* the long-name *)
+            DOF_core.Onto_Class {params, name, virtual,inherits_from=NONE, 
+                                 attribute_decl, rejectS=[],rex=[], invs=[]}) 
+            = (Binding.name_of name = "A")
+  | match _ = false;
+
+@{assert} (exists match (Name_Space.dest_table docclass_tab))
+\<close>
 
 text\<open>As a consequence of the theory of the \<^theory_text>\<open>doc_class\<close> \<open>A\<close>, the code-generator setup lets us 
 evaluate statements such as: \<close>
 
 value\<open> the(A.level (A.make 3 (Some 4) 5)) = 4\<close>
 
-text\<open>And finally, as a consequence of the above semantic construction of \<^theory_text>\<open>doc_class\<close>'es, the internal
+text\<open>And further, as a consequence of the above semantic construction of \<^theory_text>\<open>doc_class\<close>'es, the internal
 \<open>\<lambda>\<close>-calculus representation of class instances looks as follows:\<close>
 
 ML\<open>
-val tt = @{term \<open>the(A.level (A.make 3 (Some 4) 5))\<close>}
+@{term \<open>the(A.level (A.make 3 (Some 4) 5))\<close>};
+fun match (Const("Option.option.the",_) $ 
+      (Const ("Conceptual.A.level",_) $  
+         (Const ("Conceptual.A.make", _) $ u $ v $ w))) = true
+   |match _ = false;
+@{assert} (match @{term \<open>the(A.level (A.make 3 (Some 4) 5))\<close>})
 \<close>
 
-text\<open>For the code-generation, we have the following access to values representing class instances:\<close>
+text\<open>And finally, via the code-generation, we have the following programmable 
+     access to values representing class instances:\<close>
 ML\<open>
 val A_make = @{code A.make};
 val zero   = @{code "0::int"};
@@ -75,9 +115,9 @@ val add    = @{code "(+) :: int \<Rightarrow> int \<Rightarrow> int"};
 A_make zero (SOME one) (add one one)
 \<close>
 
+section\<open>Building up a conceptual class hierarchy:\<close>
 
-subsection\<open>An independent class-tree root: \<close>
-
+text\<open>An independent class-tree root: \<close>
 
 doc_class B =
    level :: "int option"
@@ -89,7 +129,7 @@ text\<open>We may even use type-synonyms for class synonyms ...\<close>
 type_synonym XX = B
 
 
-subsection\<open>Examples of inheritance \<close>
+section\<open>Examples of inheritance \<close>
 
 doc_class C = XX +                           
    z :: "A option"             <= None      (* A LINK, i.e. an attribute that has a type
@@ -125,7 +165,7 @@ doc_class F  =
         and  br':: "r \<sigma> \<noteq> [] \<and> length(b' \<sigma>) \<ge> 3"
         and  cr :: "properties \<sigma> \<noteq> []"
 
-text\<open>The effect of the invariant declaration is to provide intern definitions for validation 
+text\<open>The effect of the invariant declaration is to provide intern HOL definitions for validation 
 functions of this invariant. They can be referenced as follows:\<close>
 thm br_inv_def
 thm br'_inv_def
@@ -133,7 +173,7 @@ thm cr_inv_def
 
 term "\<lparr>F.tag_attribute = 5, properties = [], r = [], u = undefined, s = [], b = {}, b' = []\<rparr>"
 
-term "br' (\<lparr>F.tag_attribute = 5, properties = [], r = [], u = undefined, s = [], b = {}, b' = []\<rparr>) "
+term "br'_inv (\<lparr>F.tag_attribute = 5, properties = [], r = [], u = undefined, s = [], b = {}, b' = []\<rparr>) "
 
 text\<open>Now, we can use these definitions in order to generate code for these validation functions.
 Note, however, that not everything that we can write in an invariant (basically: HOL) is executable,
@@ -141,7 +181,7 @@ or even compilable by the code generator setup:\<close>
 
 ML\<open> val cr_inv_code = @{code "cr_inv"} \<close> \<comment> \<open>works albeit thm is abstract ...\<close>
 text\<open>while in :\<close>
-(* ML\<open> val br_inv_code = @{code "br_inv"} \<close> \<comment>\<open>this does not work ...\<close> *)
+ML\<open> val br_inv_code = @{code "br_inv"} \<close> \<comment>\<open>this does not work ...\<close> 
 
 text\<open>... the compilation fails due to the fact that nothing prevents the user 
      to define an infinite relation between \<^typ>\<open>A\<close> and  \<^typ>\<open>C\<close>. However, the alternative
@@ -151,30 +191,32 @@ ML\<open> val br'_inv_code = @{code "br'_inv"} \<close> \<comment> \<open>does w
 
 text\<open>... is compilable ...\<close>
 
-
-
 doc_class G = C +
-   g :: "thm"  <= "@{thm \<open>HOL.refl\<close>}"
+   g :: "thm"  <= "@{thm \<open>HOL.refl\<close>}"  (* warning overriding attribute expected*)
 
 doc_class M = 
    ok :: "unit"
    accepts "A ~~ \<lbrace>C || D\<rbrace>\<^sup>* ~~ \<lbrakk>F\<rbrakk>"
 
+text\<open>The final class and item tables look like this:\<close>
+print_doc_classes
+print_doc_items
 
-(*
-ML\<open> Document.state();\<close>
-ML\<open> Session.get_keywords(); (* this looks to be really session global. *)
-    Outer_Syntax.command; \<close>
-ML\<open> Thy_Header.get_keywords @{theory};(* this looks to be really theory global. *) \<close>
-*)
+ML\<open>
+map fst (Name_Space.dest_table (DOF_core.get_onto_classes \<^context>));
 
-open_monitor*[aaa::M]
-section*[test::A]\<open>Test and Validation\<close>
-term\<open>Conceptual.M.make\<close>
-text\<open>Defining some document elements to be referenced in later on in another theory: \<close>
-text*[sdf]\<open> Lorem ipsum @{thm refl}\<close> 
-text*[ sdfg :: F] \<open> Lorem ipsum @{thm refl}\<close>  
-text*[ xxxy ] \<open> Lorem ipsum @{F \<open>sdfg\<close>} rate @{thm refl}\<close>  
-close_monitor*[aaa]
+let  val class_ids_so_far = ["Conceptual.A", "Conceptual.B", "Conceptual.C", "Conceptual.D", 
+                             "Conceptual.E", "Conceptual.F", "Conceptual.G", "Conceptual.M", 
+                             "Isa_COL.float", "Isa_COL.figure", "Isa_COL.chapter", "Isa_COL.listing", 
+                             "Isa_COL.section", 
+                             "Isa_COL.paragraph", "Isa_COL.subsection", 
+                             "Isa_COL.text_element", "Isa_COL.subsubsection"]
+     val docclass_tab = map fst (Name_Space.dest_table (DOF_core.get_onto_classes \<^context>));
+in @{assert} (class_ids_so_far = docclass_tab) end\<close>
 
-end     
+section\<open>For Test and Validation\<close>
+
+text*[sdf]         \<open> Lorem ipsum ... \<close>         \<comment> \<open>anonymous reference\<close>
+text*[sdfg :: F]   \<open> Lorem ipsum ...\<close>          \<comment> \<open>some F instance \<close>  
+
+end

Isabelle_DOF-Ontologies/ROOT

@@ -0,0 +1,23 @@
+session "Isabelle_DOF-Ontologies" = "Isabelle_DOF" + 
+  options  [document = pdf, document_output = "output", document_build = dof]
+  directories
+    "CC_v3_1_R5"
+    "Conceptual"
+    "small_math"
+    "CENELEC_50128"
+  theories
+    "document_setup"
+    "document_templates"
+    "CC_v3_1_R5/CC_v3_1_R5"
+    "CC_v3_1_R5/CC_terminology"  
+    "Conceptual/Conceptual"
+    "small_math/small_math"
+    "CENELEC_50128/CENELEC_50128"
+    "CENELEC_50128/CENELEC_50128_Documentation"
+  document_files
+    "root.bib"
+    "lstisadof-manual.sty"
+    "preamble.tex"
+    "figures/antiquotations-PIDE.png"
+    "figures/srac-as-es-application.png"
+    "figures/srac-definition.png"

Isabelle_DOF-Ontologies/document-templates/root-eptcs-UNSUPPORTED.tex

@@ -66,7 +66,7 @@
 
 \begin{document}
 \maketitle
-\input{session}
+\IfFileExists{dof_session.tex}{\input{dof_session}}{\input{session}}
 % optional bibliography
 \IfFileExists{root.bib}{%
     \bibliography{root}

Isabelle_DOF-Ontologies/document-templates/root-lipics-v2021-UNSUPPORTED.tex

@@ -19,8 +19,6 @@
 %% you need to download lipics.cls from 
 %% https://www.dagstuhl.de/en/publications/lipics/instructions-for-authors/
 %% and add it manually to the praemble.tex and the ROOT file.
-%% Moreover, the option "document_comment_latex=true" needs to be set 
-%% in the ROOT file.
 %%
 %% All customization and/or additional packages should be added to the file
 %% preamble.tex.
@@ -64,7 +62,7 @@
 
 \begin{document}
 \maketitle
-\input{session}
+\IfFileExists{dof_session.tex}{\input{dof_session}}{\input{session}}
 % optional bibliography
 \IfFileExists{root.bib}{%
 \small  

Isabelle_DOF-Ontologies/document-templates/root-sn-article-UNSUPPORTED.tex

@@ -0,0 +1,66 @@
+%% Copyright (c) 2019-2022 University of Exeter
+%%               2018-2022 University of Paris-Saclay
+%%               2018-2019 The University of Sheffield
+%%
+%% License:
+%%   This program can be redistributed and/or modified under the terms
+%%   of the LaTeX Project Public License Distributed from CTAN
+%%   archives in directory macros/latex/base/lppl.txt; either
+%%   version 1.3c of the License, or (at your option) any later version.
+%%   OR
+%%   The 2-clause BSD-style license.
+%%
+%%   SPDX-License-Identifier: LPPL-1.3c+ OR BSD-2-Clause
+
+%% Warning: Do Not Edit!
+%% =====================
+%% This is the root file for the Isabelle/DOF using the scrartcl class.
+%%
+%% All customization and/or additional packages should be added to the file
+%% preamble.tex.
+
+\documentclass[iicol]{sn-jnl}
+\PassOptionsToPackage{force}{DOF-scholarly_paper}
+\usepackage{DOF-core}
+\bibliographystyle{sn-basic}
+\let\proof\relax
+\let\endproof\relax
+\newcommand{\institute}[1]{}
+\usepackage{manyfoot}
+\usepackage{DOF-core}
+\setcounter{tocdepth}{3} 
+\hypersetup{%
+   bookmarksdepth=3
+  ,pdfpagelabels
+  ,pageanchor=true
+  ,bookmarksnumbered
+  ,plainpages=false
+} % more detailed digital TOC (aka bookmarks)
+\sloppy
+\allowdisplaybreaks[4]
+
+\usepackage{subcaption}
+\usepackage[size=footnotesize]{caption}
+
+\let\DOFauthor\relax
+\begin{document}
+\selectlanguage{USenglish}%
+\renewcommand{\bibname}{References}%
+\renewcommand{\figurename}{Fig.}
+\renewcommand{\abstractname}{Abstract.}
+\renewcommand{\subsubsectionautorefname}{Sect.}
+\renewcommand{\subsectionautorefname}{Sect.}
+\renewcommand{\sectionautorefname}{Sect.}
+\renewcommand{\figureautorefname}{Fig.}
+\newcommand{\lstnumberautorefname}{Line}
+
+\maketitle
+\IfFileExists{dof_session.tex}{\input{dof_session}}{\input{session}}
+% optional bibliography
+\IfFileExists{root.bib}{{\bibliography{root}}}{}
+\end{document}
+
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: t
+%%% End:

Isabelle_DOF-Ontologies/document-templates/root-svjour3-UNSUPPORTED.tex

@@ -40,8 +40,6 @@
 } % more detailed digital TOC (aka bookmarks)
 \sloppy
 \allowdisplaybreaks[4]
-\usepackage[caption]{subfig}
-\usepackage[size=footnotesize]{caption}
 
 \begin{document}
 \selectlanguage{USenglish}%
@@ -52,12 +50,10 @@
 \renewcommand{\subsectionautorefname}{Sect.}
 \renewcommand{\sectionautorefname}{Sect.}
 \renewcommand{\figureautorefname}{Fig.}
-\newcommand{\subtableautorefname}{\tableautorefname}
-\newcommand{\subfigureautorefname}{\figureautorefname}
 \newcommand{\lstnumberautorefname}{Line}
 
 \maketitle
-\input{session}
+\IfFileExists{dof_session.tex}{\input{dof_session}}{\input{session}}
 % optional bibliography
 \IfFileExists{root.bib}{{\bibliography{root}}}{}
 \end{document}

Isabelle_DOF-Ontologies/document/lstisadof-manual.sty

@@ -0,0 +1,327 @@
+%% Copyright (C) 2018 The University of Sheffield
+%%               2018-2021 The University of Paris-Saclay
+%%               2019-2021 The University of Exeter
+%%
+%% License:
+%%   This program can be redistributed and/or modified under the terms
+%%   of the LaTeX Project Public License Distributed from CTAN
+%%   archives in directory macros/latex/base/lppl.txt; either
+%%   version 1.3c of the License, or (at your option) any later version.
+%%   OR
+%%   The 2-clause BSD-style license.
+%%
+%%   SPDX-License-Identifier: LPPL-1.3c+ OR BSD-2-Clause
+\usepackage{listings}
+\usepackage{listingsutf8}
+\usepackage{tikz}
+\usepackage[many]{tcolorbox}
+\tcbuselibrary{listings}
+\tcbuselibrary{skins}
+\usepackage{xstring}
+
+\definecolor{OliveGreen}    {cmyk}{0.64,0,0.95,0.40}
+\definecolor{BrickRed}      {cmyk}{0,0.89,0.94,0.28}
+\definecolor{Blue}          {cmyk}{1,1,0,0}
+\definecolor{CornflowerBlue}{cmyk}{0.65,0.13,0,0}
+
+
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% <antiquotations>
+%% Hack: re-defining tag types for supporting highlighting of antiquotations
+\gdef\lst@tagtypes{s}
+\gdef\lst@TagKey#1#2{%
+    \lst@Delim\lst@tagstyle #2\relax
+        {Tag}\lst@tagtypes #1%
+                     {\lst@BeginTag\lst@EndTag}%
+        \@@end\@empty{}}
+\lst@Key{tag}\relax{\lst@TagKey\@empty{#1}}
+\lst@Key{tagstyle}{}{\def\lst@tagstyle{#1}}
+\lst@AddToHook{EmptyStyle}{\let\lst@tagstyle\@empty}
+\gdef\lst@BeginTag{%
+    \lst@DelimOpen
+        \lst@ifextags\else
+        {\let\lst@ifkeywords\iftrue
+         \lst@ifmarkfirstintag \lst@firstintagtrue \fi}}
+\lst@AddToHookExe{ExcludeDelims}{\let\lst@ifextags\iffalse}
+\gdef\lst@EndTag{\lst@DelimClose\lst@ifextags\else}
+\lst@Key{usekeywordsintag}t[t]{\lstKV@SetIf{#1}\lst@ifusekeysintag}
+\lst@Key{markfirstintag}f[t]{\lstKV@SetIf{#1}\lst@ifmarkfirstintag}
+\gdef\lst@firstintagtrue{\global\let\lst@iffirstintag\iftrue}
+\global\let\lst@iffirstintag\iffalse
+ \lst@AddToHook{PostOutput}{\lst@tagresetfirst}
+ \lst@AddToHook{Output}
+     {\gdef\lst@tagresetfirst{\global\let\lst@iffirstintag\iffalse}}
+ \lst@AddToHook{OutputOther}{\gdef\lst@tagresetfirst{}}
+\lst@AddToHook{Output}
+    {\ifnum\lst@mode=\lst@tagmode
+         \lst@iffirstintag \let\lst@thestyle\lst@gkeywords@sty \fi
+         \lst@ifusekeysintag\else \let\lst@thestyle\lst@gkeywords@sty\fi
+     \fi}
+\lst@NewMode\lst@tagmode
+\gdef\lst@Tag@s#1#2\@empty#3#4#5{%
+    \lst@CArg #1\relax\lst@DefDelimB {}{}%
+        {\ifnum\lst@mode=\lst@tagmode \expandafter\@gobblethree \fi}%
+        #3\lst@tagmode{#5}%
+    \lst@CArg #2\relax\lst@DefDelimE {}{}{}#4\lst@tagmode}%
+\gdef\lst@BeginCDATA#1\@empty{%
+    \lst@TrackNewLines \lst@PrintToken
+    \lst@EnterMode\lst@GPmode{}\let\lst@ifmode\iffalse
+    \lst@mode\lst@tagmode #1\lst@mode\lst@GPmode\relax\lst@modetrue}
+%
+\def\beginlstdelim#1#2#3%
+{%
+    \def\endlstdelim{\texttt{\textbf{\color{black!60}#2}}\egroup}%
+    \ttfamily\textbf{\color{black!60}#1}\bgroup\rmfamily\color{#3}\aftergroup\endlstdelim%
+}
+%% </antiquotations>
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% <isar>
+\providecolor{isar}{named}{blue}
+\renewcommand{\isacommand}[1]{\textcolor{OliveGreen!60}{\ttfamily\bfseries #1}}
+\newcommand{\inlineisarbox}[1]{#1}
+\NewTColorBox[]{isarbox}{}{
+     ,boxrule=0pt
+     ,boxsep=0pt
+     ,colback=white!90!isar
+     ,enhanced jigsaw
+     ,borderline west={2pt}{0pt}{isar!60!black}
+     ,sharp corners
+     %,before skip balanced=0.5\baselineskip plus 2pt % works only with Tex Live 2020 and later
+     ,enlarge top by=0mm
+     ,enhanced
+     ,overlay={\node[draw,fill=isar!60!black,xshift=0pt,anchor=north
+       east,font=\bfseries\footnotesize\color{white}]
+                at (frame.north east) {Isar};}
+}
+%% </isar>
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+%% <out>
+\providecolor{out}{named}{green}
+\newtcblisting{out}[1][]{%
+      listing only%
+     ,boxrule=0pt
+     ,boxsep=0pt
+     ,colback=white!90!out
+     ,enhanced jigsaw
+     ,borderline west={2pt}{0pt}{out!60!black}
+     ,sharp corners
+     % ,before skip=10pt
+     % ,after skip=10pt
+     ,enlarge top by=0mm
+     ,enhanced
+     ,overlay={\node[draw,fill=out!60!black,xshift=0pt,anchor=north
+       east,font=\bfseries\footnotesize\color{white}]
+                at (frame.north east) {Document};}
+        ,listing options={
+           breakatwhitespace=true
+          ,columns=flexible%
+          ,basicstyle=\small\rmfamily
+          ,mathescape
+          ,#1
+      }
+  }%
+%% </out>
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+%% <sml>
+\lstloadlanguages{ML}
+\providecolor{sml}{named}{red}
+\lstdefinestyle{sml}{
+   ,escapechar=ë%
+   ,basicstyle=\ttfamily%
+   ,commentstyle=\itshape%
+   ,keywordstyle=\bfseries\color{CornflowerBlue}%
+   ,ndkeywordstyle=\color{green}%
+   ,language=ML
+%  ,literate={%
+%     {<@>}{@}1%
+%    }
+   ,keywordstyle=[6]{\itshape}%
+   ,morekeywords=[6]{args_type}%
+   ,tag=**[s]{@\{}{\}}%
+   ,tagstyle=\color{CornflowerBlue}%
+   ,markfirstintag=true%
+}%
+\def\inlinesml{\lstinline[style=sml,breaklines=true,breakatwhitespace=true]}
+\newtcblisting{sml}[1][]{%
+      listing only%
+     ,boxrule=0pt
+     ,boxsep=0pt
+     ,colback=white!90!sml
+     ,enhanced jigsaw
+     ,borderline west={2pt}{0pt}{sml!60!black}
+     ,sharp corners
+     % ,before skip=10pt
+     % ,after skip=10pt
+     ,enlarge top by=0mm
+     ,enhanced
+     ,overlay={\node[draw,fill=sml!60!black,xshift=0pt,anchor=north
+       east,font=\bfseries\footnotesize\color{white}]
+                at (frame.north east) {SML};}
+        ,listing options={
+          style=sml
+          ,columns=flexible%
+          ,basicstyle=\small\ttfamily
+          ,#1
+      }
+  }%
+%% </sml>
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+%% <latex>
+\lstloadlanguages{TeX}
+\providecolor{ltx}{named}{yellow}
+\lstdefinestyle{lltx}{language=[AlLaTeX]TeX,
+  ,basicstyle=\ttfamily%
+  ,showspaces=false%
+  ,escapechar=ë
+  ,showlines=false%
+  ,morekeywords={newisadof}
+ %  ,keywordstyle=\bfseries%
+   % Defining 2-keywords
+   ,keywordstyle=[1]{\color{BrickRed!60}\bfseries}%
+   % Defining 3-keywords
+   ,keywordstyle=[2]{\color{OliveGreen!60}\bfseries}%
+   % Defining 4-keywords
+   ,keywordstyle=[3]{\color{black!60}\bfseries}%
+   % Defining 5-keywords
+   ,keywordstyle=[4]{\color{Blue!70}\bfseries}%
+   % Defining 6-keywords
+   ,keywordstyle=[5]{\itshape}%
+  % 
+}
+\lstdefinestyle{ltx}{style=lltx,
+                basicstyle=\ttfamily\small}%
+\def\inlineltx{\lstinline[style=ltx, breaklines=true,columns=fullflexible]}
+% see
+% https://tex.stackexchange.com/questions/247643/problem-with-tcblisting-first-listed-latex-command-is-missing
+\NewTCBListing{ltx}{ !O{} }{%
+     listing only%
+     ,boxrule=0pt
+     ,boxsep=0pt
+     ,colback=white!90!ltx
+     ,enhanced jigsaw
+     ,borderline west={2pt}{0pt}{ltx!60!black}
+     ,sharp corners
+     % ,before skip=10pt
+     % ,after skip=10pt
+     ,enlarge top by=0mm
+     ,enhanced
+     ,overlay={\node[draw,fill=ltx!60!black,xshift=0pt,anchor=north
+       east,font=\bfseries\footnotesize\color{white}]
+                at (frame.north east) {\LaTeX};}
+      ,listing options={
+             style=lltx,
+            ,columns=flexible%
+            ,basicstyle=\small\ttfamily
+            ,#1
+       }
+  }%
+%% </latex>
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+%% <bash>
+\providecolor{bash}{named}{black}
+\lstloadlanguages{bash}
+\lstdefinestyle{bash}{%
+   language=bash
+  ,escapechar=ë
+  ,basicstyle=\ttfamily%
+  ,showspaces=false%
+  ,showlines=false%
+  ,columns=flexible%
+ %  ,keywordstyle=\bfseries%
+   % Defining 2-keywords
+   ,keywordstyle=[1]{\color{BrickRed!60}\bfseries}%
+   % Defining 3-keywords
+   ,keywordstyle=[2]{\color{OliveGreen!60}\bfseries}%
+   % Defining 4-keywords
+   ,keywordstyle=[3]{\color{black!60}\bfseries}%
+   % Defining 5-keywords
+   ,keywordstyle=[4]{\color{Blue!80}\bfseries}%
+   ,alsoletter={*,-,:,~,/}
+   ,morekeywords=[4]{}%
+   % Defining 6-keywords
+   ,keywordstyle=[5]{\itshape}%
+  % 
+}
+\def\inlinebash{\lstinline[style=bash, breaklines=true,columns=fullflexible]}
+\newcommand\@isabsolutepath[3]{%
+  \StrLeft{#1}{1}[\firstchar]%
+  \IfStrEq{\firstchar}{/}{#2}{#3}%
+}
+
+\newcommand{\@homeprefix}[1]{%
+  \ifthenelse{\equal{#1}{}}{\textasciitilde}{\textasciitilde/}%
+}
+
+\newcommand{\prompt}[1]{%
+  \color{Blue!80}\textbf{\texttt{%
+    achim@logicalhacking:{\@isabsolutepath{#1}{#1}{\@homeprefix{#1}#1}}\$}}%
+}
+\newtcblisting{bash}[1][]{%
+      listing only%
+     ,boxrule=0pt
+     ,boxsep=0pt
+     ,colback=white!90!bash
+     ,enhanced jigsaw
+     ,borderline west={2pt}{0pt}{bash!60!black}
+     ,sharp corners
+     % ,before skip=10pt
+     % ,after skip=10pt
+     ,enlarge top by=0mm
+     ,enhanced
+     ,overlay={\node[draw,fill=bash!60!black,xshift=0pt,anchor=north
+       east,font=\bfseries\footnotesize\color{white}]
+                at (frame.north east) {Bash};}
+     ,listing options={
+           style=bash
+           ,columns=flexible%
+           ,breaklines=true%
+           ,prebreak=\mbox{\space\textbackslash}%
+           ,basicstyle=\small\ttfamily%
+           ,#1
+      }
+  }%
+%% </bash>
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+%% <config>
+\providecolor{config}{named}{gray}
+\newtcblisting{config}[2][]{%
+      listing only%
+     ,boxrule=0pt
+     ,boxsep=0pt
+     ,colback=white!90!config
+     ,enhanced jigsaw
+     ,borderline west={2pt}{0pt}{config!60!black}
+     ,sharp corners
+     % ,before skip=10pt
+     % ,after skip=10pt
+     ,enlarge top by=0mm
+     ,enhanced
+     ,overlay={\node[draw,fill=config!60!black,xshift=0pt,anchor=north
+       east,font=\bfseries\footnotesize\color{white}]
+                at (frame.north east) {#2};}
+        ,listing options={
+           breakatwhitespace=true
+          ,columns=flexible%
+          ,basicstyle=\small\ttfamily
+          ,mathescape
+          ,#1
+      }
+  }%
+%% </config>
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+
+

Isabelle_DOF-Ontologies/document/preamble.tex

@@ -0,0 +1,4 @@
+\usepackage{dirtree}
+\renewcommand*\DTstylecomment{\ttfamily\itshape}
+
+\usepackage{lstisadof-manual}

Isabelle_DOF-Ontologies/document/root.bib

@@ -451,7 +451,7 @@
   journal	= {Archive of Formal Proofs},
   month		= may,
   year		= 2010,
-  note		= {\url{http://isa-afp.org/entries/Regular-Sets.html}, Formal
+  note		= {\url{https://isa-afp.org/entries/Regular-Sets.html}, Formal
 		  proof development},
   issn		= {2150-914x}
 }
@@ -462,7 +462,7 @@
   journal	= {Archive of Formal Proofs},
   month		= mar,
   year		= 2004,
-  note		= {\url{http://isa-afp.org/entries/Functional-Automata.html},
+  note		= {\url{https://isa-afp.org/entries/Functional-Automata.html},
 		  Formal proof development},
   issn		= {2150-914x}
 }

Isabelle_DOF-Ontologies/document_setup.thy

@@ -0,0 +1,20 @@
+(*<*)
+theory "document_setup"
+  imports
+  "Isabelle_DOF.technical_report"
+  "Isabelle_DOF-Ontologies.CENELEC_50128"
+  "Isabelle_DOF-Ontologies.CC_terminology"
+begin
+
+use_template "scrreprt-modern"
+use_ontology "Isabelle_DOF.technical_report" and "Isabelle_DOF-Ontologies.CENELEC_50128"
+         and "Isabelle_DOF-Ontologies.CC_terminology"
+
+(*>*)
+
+title*[title::title]         \<open>Isabelle/DOF\<close>
+subtitle*[subtitle::subtitle]\<open>Ontologies\<close>
+
+(*<*)
+end
+(*>*)

Isabelle_DOF-Ontologies/document_templates.thy

@@ -0,0 +1,28 @@
+(*************************************************************************
+ * Copyright (C) 
+ *               2019      The University of Exeter 
+ *               2018-2019 The University of Paris-Saclay
+ *               2018      The University of Sheffield
+ *
+ * License:
+ *   This program can be redistributed and/or modified under the terms
+ *   of the 2-clause BSD-style license.
+ *
+ *   SPDX-License-Identifier: BSD-2-Clause
+ *************************************************************************)
+
+theory 
+  "document_templates"
+imports
+  "Isabelle_DOF.Isa_DOF"
+begin
+
+define_template "./document-templates/root-eptcs-UNSUPPORTED.tex" 
+                "Unsupported template for the EPTCS class. Not for general use."
+define_template "./document-templates/root-lipics-v2021-UNSUPPORTED.tex" 
+                "Unsupported template for LIPICS (v2021). Not for general use."
+define_template "./document-templates/root-svjour3-UNSUPPORTED.tex" 
+                "Unsupported template for SVJOUR. Not for general use."
+define_template "./document-templates/root-sn-article-UNSUPPORTED.tex" 
+                "Unsupported template for Springer Nature's template. Not for general use."
+end

Isabelle_DOF-Ontologies/small_math/small_math.thy

@@ -11,10 +11,11 @@
  *   SPDX-License-Identifier: BSD-2-Clause
  *************************************************************************)
 
-section\<open>An example ontology for a math paper\<close>
+chapter\<open>An example ontology for a math paper\<close>
 
 theory small_math
-   imports "Isabelle_DOF.Isa_COL"
+   imports 
+"Isabelle_DOF.Isa_COL"
 begin
 
 doc_class title =
@@ -64,18 +65,25 @@ doc_class result = technical +
 
 
 
-ML\<open>fun check_invariant_invariant oid {is_monitor:bool} ctxt =
-      let val kind_term = AttributeAccess.compute_attr_access ctxt "kind" oid @{here} @{here} 
-          val property_termS = AttributeAccess.compute_attr_access ctxt "property" oid @{here} @{here} 
+ML\<open>
+fn thy =>
+let fun check_invariant_invariant oid {is_monitor:bool} ctxt =
+      let val kind_term = ISA_core.compute_attr_access ctxt "kind" oid NONE @{here} 
+          val property_termS = ISA_core.compute_attr_access ctxt "property" oid NONE @{here} 
           val tS = HOLogic.dest_list property_termS
       in  case kind_term of
             @{term "proof"} => if not(null tS) then true
                                else error("class class invariant violation") 
            | _ => false
       end
+      val cid = "result"
+    val cid_long = DOF_core.get_onto_class_name_global cid thy
+      val binding = DOF_core.binding_from_onto_class_pos cid thy
+in DOF_core.add_ml_invariant binding
+    (DOF_core.make_ml_invariant (check_invariant_invariant, cid_long)) thy end
 \<close>
 
-setup\<open>DOF_core.update_class_invariant "small_math.result" check_invariant_invariant\<close>
+(*setup\<open>DOF_core.add_ml_invariant "small_math.result" check_invariant_invariant\<close>*)
 
 
 doc_class example    = technical +
@@ -85,7 +93,7 @@ doc_class "conclusion" = text_section +
     establish   :: "(contribution_claim \<times> result) set"
 
 text\<open> Besides subtyping, there is another relation between
-doc_classes: a class can be a \<^emph>\<open>monitor\<close> to other ones,
+doc\_classes: a class can be a \<^emph>\<open>monitor\<close> to other ones,
 which is expressed by occurrence in the where clause.
 While sub-classing refers to data-inheritance of attributes,
 a monitor captures structural constraints -- the order --
@@ -137,10 +145,10 @@ fun dest_option _ (Const (@{const_name "None"}, _)) = NONE
 
 in 
 
-fun check ctxt cidS mon_id pos =
-    let val trace  = AttributeAccess.compute_trace_ML ctxt mon_id pos @{here}
+fun check ctxt cidS mon_id pos_opt =
+    let val trace  = AttributeAccess.compute_trace_ML ctxt mon_id pos_opt @{here}
         val groups = partition (Context.proof_of ctxt) cidS trace
-        fun get_level_raw oid = AttributeAccess.compute_attr_access ctxt "level" oid @{here} @{here};
+        fun get_level_raw oid = ISA_core.compute_attr_access ctxt "level" oid NONE @{here};
         fun get_level oid = dest_option (snd o HOLogic.dest_number) (get_level_raw (oid));
         fun check_level_hd a = case (get_level (snd a)) of
                                   NONE => error("Invariant violation: leading section" ^ snd a ^ 
@@ -164,10 +172,17 @@ end
 end
 \<close>
 
-setup\<open> let val cidS = ["small_math.introduction","small_math.technical", "small_math.conclusion"];
-           fun body moni_oid _ ctxt = (Small_Math_trace_invariant.check  ctxt cidS moni_oid @{here};
+setup\<open>
+fn thy =>
+let val cidS = ["small_math.introduction","small_math.technical", "small_math.conclusion"];
+           fun body moni_oid _ ctxt = (Small_Math_trace_invariant.check  ctxt cidS moni_oid NONE;
                                        true)
-       in  DOF_core.update_class_invariant "small_math.article" body end\<close>
+    val ctxt = Proof_Context.init_global thy
+    val cid = "article"
+    val cid_long = DOF_core.get_onto_class_name_global cid thy
+    val binding = DOF_core.binding_from_onto_class_pos cid thy
+in DOF_core.add_ml_invariant binding (DOF_core.make_ml_invariant (body, cid_long)) thy end
+\<close>
 
 end
 

Isabelle_DOF-Proofs/ROOT

@@ -0,0 +1,10 @@
+session "Isabelle_DOF-Proofs" (proofs) = "HOL-Proofs" +
+  options [document = false,  record_proofs = 2, parallel_limit = 500, document_build = dof]
+  sessions
+    "Isabelle_DOF"
+    Metalogic_ProofChecker
+  theories
+    Isabelle_DOF.ontologies
+    Isabelle_DOF.Isa_DOF
+    Very_Deep_DOF
+    Reification_Test

Isabelle_DOF-Proofs/Reification_Test.thy

@@ -0,0 +1,739 @@
+theory Reification_Test
+  imports "Isabelle_DOF-Proofs.Very_Deep_DOF"
+
+begin
+
+ML\<open>
+val ty1 = Meta_ISA_core.reify_typ @{typ "int"}
+val ty2 = Meta_ISA_core.reify_typ @{typ "int \<Rightarrow> bool"}
+val ty3 = Meta_ISA_core.reify_typ @{typ "prop"}
+val ty4 = Meta_ISA_core.reify_typ @{typ "'a list"}
+\<close>
+
+term*\<open>@{typ \<open>int\<close>}\<close>
+value*\<open>@{typ \<open>int\<close>}\<close>
+value*\<open>@{typ \<open>int \<Rightarrow> bool\<close>}\<close>
+term*\<open>@{typ \<open>prop\<close>}\<close>
+value*\<open>@{typ \<open>prop\<close>}\<close>
+term*\<open>@{typ \<open>'a list\<close>}\<close>
+value*\<open>@{typ \<open>'a list\<close>}\<close>
+
+ML\<open>
+val t1 = Meta_ISA_core.reify_term @{term "1::int"}
+val t2 = Meta_ISA_core.reify_term @{term "\<lambda>x. x = 1"}
+val t3 = Meta_ISA_core.reify_term @{term "[2, 3::int]"}
+\<close>
+term*\<open>@{term \<open>1::int\<close>}\<close>
+value*\<open>@{term \<open>1::int\<close>}\<close>
+term*\<open>@{term \<open>\<lambda>x. x = 1\<close>}\<close>
+value*\<open>@{term \<open>\<lambda>x. x = 1\<close>}\<close>
+term*\<open>@{term \<open>[2, 3::int]\<close>}\<close>
+value*\<open>@{term \<open>[2, 3::int]\<close>}\<close>
+
+prf refl
+full_prf refl
+
+term*\<open>@{thm \<open>HOL.refl\<close>}\<close>
+value*\<open>proof @{thm \<open>HOL.refl\<close>}\<close>
+value*\<open>proof @{thm \<open>HOL.refl\<close>}\<close>
+value*\<open>depth (proof @{thm \<open>HOL.refl\<close>})\<close>
+value*\<open>size (proof @{thm \<open>HOL.refl\<close>})\<close>
+value*\<open>fv_Proof (proof @{thm \<open>HOL.refl\<close>})\<close>
+term*\<open>@{thms-of \<open>HOL.refl\<close>}\<close>
+value*\<open>@{thms-of \<open>HOL.refl\<close>}\<close>
+
+ML\<open>
+val t_schematic = TVar(("'a",0), [])
+val t = @{term "Tv (Var (STR '''a'', 0)) {}"}
+val rt_schematic = Meta_ISA_core.reify_typ t_schematic
+val true = rt_schematic = t
+\<close>
+
+lemma test : "A \<and> B \<longrightarrow> B \<and> A"
+  by auto
+
+lemma test2 : "A \<and> B \<Longrightarrow> B \<and> A"
+  by auto
+
+lemma test3: "A \<and> B \<longrightarrow> B \<and> A"
+proof
+  assume "A \<and> B"
+  then obtain B and A ..
+  then show "B \<and> A" ..
+qed
+
+lemma test4:
+  assumes "(A \<and> B)"
+  shows "B \<and> A"
+  apply (insert assms)
+  by auto
+
+lemma test_subst : "\<lbrakk>x = f x; odd(f x)\<rbrakk> \<Longrightarrow> odd x"
+  by (erule ssubst)
+
+inductive_set even' :: "nat set" where
+    "0 \<in> even'"
+  | "n \<in> even' \<Longrightarrow> (Suc (Suc n)) \<in> even'"
+
+find_theorems name:"even'.induct"
+
+
+(*lemma even_dvd : "n \<in> even' \<Longrightarrow> 2 dvd n"
+proof(induct n)
+  case 0 then show ?case by simp
+next 
+  case (Suc n) then show ?case
+    apply (simp add: dvd_def)
+    apply (rule_tac x ="Suc k" in exI)
+    apply clarify*)
+
+theorem "((A \<longrightarrow> B) \<longrightarrow> A) \<longrightarrow> A"
+proof
+  assume "(A \<longrightarrow> B) \<longrightarrow> A"
+  show A
+  proof (rule classical)
+    assume "\<not> A"
+    have "A \<longrightarrow> B"
+    proof
+      assume A
+      with \<open>\<not> A\<close> show B by contradiction
+    qed
+    with \<open>(A \<longrightarrow> B) \<longrightarrow> A\<close> show A ..
+  qed
+qed
+
+(*lemma even_dvd : "n \<in> even' \<Longrightarrow> 2 dvd n"
+using [[simp_trace]]
+  apply (induct n)
+   apply (subst even_zero)
+  apply(rule TrueI)
+
+  apply(simp)*)
+
+lemma even_dvd : "n \<in> even' \<Longrightarrow> 2 dvd n"
+  apply (erule even'.induct)
+   apply (simp_all add: dvd_def)
+  using [[simp_trace]]
+  apply clarify
+  find_theorems name:"_ = 2 * _"
+  apply (rule_tac x ="Suc k" in exI)
+using [[simp_trace]]
+  apply simp
+  done
+
+(*
+lemma even_dvd : "n \<in> even' \<Longrightarrow> 2 dvd n"
+apply (induct_tac rule:even'.induct)*)
+
+inductive ev :: " nat \<Rightarrow> bool " where
+  ev0: " ev 0 " |
+  evSS: " ev n \<Longrightarrow> ev (n + 2) "
+
+fun evn :: " nat \<Rightarrow> bool " where
+  " evn 0 = True " |
+  " evn (Suc 0) = False " |
+  " evn (Suc (Suc n)) = evn n "
+
+(*lemma assumes a: " ev (Suc(Suc m)) " shows" ev m "
+proof(induction  "Suc (Suc m)" arbitrary: " m " rule: ev.induct)*)
+
+(*lemma " ev (Suc (Suc m)) \<Longrightarrow> ev m " 
+proof(induction " Suc (Suc m) " arbitrary: " m " rule: ev.induct)
+  case ev0
+  then show ?case sorry
+next
+  case (evSS n)
+  then show ?case sorry
+qed*)
+
+(* And neither of these can apply the induction *)
+(*
+lemma assumes a1: " ev n " and a2: " n = (Suc (Suc m)) " shows " ev m "
+proof (induction " n " arbitrary: " m " rule: ev.induct)
+
+lemma assumes a1: " n = (Suc (Suc m)) " and a2: "ev n " shows " ev m "
+proof (induction " n " arbitrary: " m " rule: ev.induct)
+*)
+
+(* But this one can ?! *)
+(*
+lemma assumes a1: " ev n " and a2: " n = (Suc (Suc m)) " shows " ev m "
+proof -
+  from a1 and a2 show " ev m "
+  proof (induction " n " arbitrary: " m " rule: ev.induct)
+    case ev0
+    then show ?case by simp
+  next
+    case (evSS n) thus ?case by simp
+  qed
+qed
+*)
+
+inductive_set even :: "int set" where
+zero[intro!]: "0 \<in> even" |
+plus[intro!]: "n \<in> even \<Longrightarrow> n+2 \<in> even " |
+min[intro!]: "n \<in> even \<Longrightarrow> n-2 \<in> even "
+
+lemma a : "2+2=4" by simp
+
+lemma b : "(0::int)+2=2" by simp
+
+lemma test_subst_2 : "4 \<in> even"
+  apply (subst a[symmetric])
+  apply (rule plus)
+  apply (subst b[symmetric])
+  apply (rule plus)
+  apply (rule zero)
+  done
+
+
+(*lemma "\<lbrakk>P x y z; Suc x < y\<rbrakk> \<Longrightarrow> f z = x * y"
+  (*using [[simp_trace]]*)
+  (*apply (simp add: mult.commute)*)
+  apply (subst mult.commute)
+  apply (rule mult.commute [THEN ssubst])*)
+
+datatype 'a seq = Empty | Seq 'a "'a seq"
+find_consts name:"Reification_Test*seq*"
+fun conc :: "'a seq \<Rightarrow> 'a seq \<Rightarrow> 'a seq"
+where
+  c1 :  "conc Empty ys = ys"
+| c2 : "conc (Seq x xs) ys = Seq x (conc xs ys)"
+
+lemma seq_not_eq : "Seq x xs \<noteq> xs"
+using [[simp_trace]]
+proof (induct xs arbitrary: x)
+  case Empty
+  show "Seq x Empty \<noteq> Empty" by simp
+next
+  case (Seq y ys)
+  show "Seq x (Seq y ys) \<noteq> Seq y ys"
+    using \<open>Seq y ys \<noteq> ys\<close> by simp
+qed
+
+lemma identity_conc : "conc xs Empty = xs"
+  using [[simp_trace]]
+  using[[simp_trace_depth_limit=8]]
+  using [[unify_trace_simp]]
+  using[[unify_trace_types]]
+  using [[unify_trace_bound=0]]
+  (* using [[simp_trace_new depth=10]] *)
+  apply (induct xs)
+   apply (subst c1)
+   apply (rule refl)
+  apply (subst c2)
+  apply (rule_tac s="xs" and P="\<lambda>X. Seq x1 X = Seq x1 xs" in subst)
+   apply (rule sym)
+   apply assumption
+  apply (rule refl)
+  done
+
+lemma imp_ex : "(\<exists>x. \<forall>y. P x y) \<longrightarrow> (\<forall>y. \<exists>x. P x y)"
+  using [[simp_trace]]
+  using[[simp_trace_depth_limit=8]]
+  apply (auto)
+done
+
+lemma length_0_conv' [iff]: "(length [] = 0)"
+  apply (subst List.list.size(3))
+  apply (rule refl)
+  done
+
+lemma cons_list : "a#xs = [a]@xs"
+  using [[simp_trace]]
+  apply (subst List.append.append_Cons)
+  apply (subst List.append.append_Nil)
+  apply (rule refl)
+  done
+lemma replacement: "\<lbrakk> a = b; c = d \<rbrakk> \<Longrightarrow> f a c = f b d"
+apply (erule ssubst)+
+apply (rule refl )
+ done
+lemma assoc_append : "k @ (l @ m) = (k @ l ) @ m"
+apply (induct_tac k )
+apply (subst append_Nil )+
+apply (rule refl )
+apply (subst append_Cons)
+apply (subst append_Cons)
+apply (subst append_Cons)
+apply (rule_tac f ="Cons" in replacement)
+apply (rule refl)
+apply assumption
+  done
+
+lemma length_cons : "length (xs @ ys) = length xs + length ys"
+  using [[simp_trace]]
+  apply (subst List.length_append)
+  apply (rule refl)
+  done
+lemma length_plus : "(length [a] + length xs = 0) = ([a] @ xs = [])"
+  using [[simp_trace]]
+  apply (subst List.list.size(4))
+  apply (subst List.list.size(3))
+  apply (subst Nat.add_Suc_right)
+  apply (subst Groups.monoid_add_class.add.right_neutral)
+  apply (subst Nat.plus_nat.add_Suc)
+  apply (subst Groups.monoid_add_class.add.left_neutral)
+apply (subst Nat.old.nat.distinct(2))
+  by simp
+lemma empty_list : "(length [] = 0) = ([] = []) = True"
+  using [[simp_trace]]
+  by simp
+lemma TrueI: True
+using [[simp_trace]]
+  unfolding True_def
+  by (rule refl)
+
+lemma length_0_conv [iff]: "(length xs = 0) = (xs = [])"
+  using [[simp_trace]]
+  apply (induct xs)
+   apply (subst List.list.size(3))
+   apply(subst HOL.simp_thms(6))
+   apply(subst HOL.simp_thms(6))
+   apply(rule refl)
+
+  apply (subst cons_list)
+  apply (subst(2) cons_list)
+  apply (subst length_cons)
+  apply (subst length_plus)
+  apply (subst HOL.simp_thms(6))
+  apply (rule TrueI)
+  done
+(*by (induct xs) auto*)
+
+find_theorems (50) name:"HOL.simp_thms"
+find_theorems (50) name:"List.list*size"
+find_theorems (50) name:"List.list*length"
+find_theorems "_ @ _"
+find_theorems (500) "List.length [] = 0"
+find_theorems (550) "length _ = length _ + length _"
+
+
+lemma identity_list : "xs @ [] = xs"
+  using [[simp_trace]]
+  using[[simp_trace_depth_limit=8]]
+  using [[unify_trace_simp]]
+  using[[unify_trace_types]]
+  using [[unify_trace_bound=0]]
+  apply (induct xs)
+  apply (subst List.append_Nil2)
+   apply (subst HOL.simp_thms(6))
+  apply(rule TrueI)
+  apply (subst List.append_Nil2)
+  apply (subst HOL.simp_thms(6))
+  apply(rule TrueI)
+  done
+
+lemma identity_list' : "xs @ [] = xs"
+  using [[simp_trace]]
+  using[[simp_trace_depth_limit=8]]
+  using [[unify_trace_simp]]
+  using[[unify_trace_types]]
+  using [[unify_trace_bound=0]]
+  (* using [[simp_trace_new depth=10]] *)
+  apply (induct "length xs")
+  apply (subst (asm) zero_reorient)
+  apply(subst(asm) length_0_conv)
+   apply (subst List.append_Nil2)
+   apply (subst HOL.simp_thms(6))
+  apply (rule TrueI)
+     apply (subst List.append_Nil2)
+  apply (subst HOL.simp_thms(6))
+  apply (rule TrueI)
+  done
+
+lemma conj_test : "A \<and> B \<and> C \<longrightarrow> B \<and> A"
+  apply (rule impI)
+  apply (rule conjI)
+  apply (drule conjunct2)
+   apply (drule conjunct1)
+   apply assumption
+    apply (drule conjunct1)
+  apply assumption
+  done
+
+declare[[show_sorts]]
+declare[[ML_print_depth = 20]]
+
+ML\<open>
+val full = true
+val thm = @{thm "test"}
+val hyps = Thm.hyps_of thm
+val prems = Thm.prems_of thm
+val reconstruct_proof = Thm.reconstruct_proof_of thm
+val standard_proof = Proof_Syntax.standard_proof_of
+          {full = full, expand_name = Thm.expand_name thm} thm
+val term_of_proof = Proof_Syntax.term_of_proof standard_proof
+\<close>
+
+lemma identity_conc' : "conc xs Empty = xs"
+  using [[simp_trace]]
+  using[[simp_trace_depth_limit=8]]
+  using [[unify_trace_simp]]
+  using[[unify_trace_types]]
+  using [[unify_trace_bound=0]]
+  (* using [[simp_trace_new depth=10]] *)
+  apply (induct xs)
+   apply (subst c1)
+   apply (rule refl)
+  apply (subst c2)
+  apply (rule_tac s="xs" and P="\<lambda>X. Seq x1 X = Seq x1 xs" in subst)
+   apply (rule sym)
+   apply assumption
+  apply (rule refl)
+  done
+
+declare[[show_sorts = false]]
+
+ML\<open> (*See: *) \<^file>\<open>~~/src/HOL/Proofs/ex/Proof_Terms.thy\<close>\<close>
+ML\<open>
+  val thm = @{thm "identity_conc'"};
+
+  (*proof body with digest*)
+  val body = Proofterm.strip_thm_body (Thm.proof_body_of thm);
+
+  (*proof term only*)
+  val prf = Proofterm.proof_of body;
+
+  (*clean output*)
+  Pretty.writeln (Proof_Syntax.pretty_proof \<^context> prf);
+  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> false thm);
+  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> true thm);
+
+  (*all theorems used in the graph of nested proofs*)
+  val all_thms =
+    Proofterm.fold_body_thms
+      (fn {name, ...} => insert (op =) name) [body] [];
+\<close>
+
+term*\<open>@{thm \<open>Reification_Test.identity_conc\<close>}\<close>
+value*\<open>proof @{thm \<open>Reification_Test.identity_conc\<close>}\<close>
+
+lemma cons_list' : "a#xs = [a]@xs"
+  using [[simp_trace]]
+  apply (subst List.append.append_Cons)
+  apply (subst List.append.append_Nil)
+  apply (rule refl)
+  done
+
+ML\<open> (*See: *) \<^file>\<open>~~/src/HOL/Proofs/ex/Proof_Terms.thy\<close>\<close>
+ML\<open>
+  val thm = @{thm "cons_list'"};
+
+  (*proof body with digest*)
+  val body = Proofterm.strip_thm_body (Thm.proof_body_of thm);
+
+  (*proof term only*)
+  val prf = Proofterm.proof_of body;
+
+  (*clean output*)
+  Pretty.writeln (Proof_Syntax.pretty_proof \<^context> prf);
+  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> false thm);
+  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> true thm);
+
+  (*all theorems used in the graph of nested proofs*)
+  val all_thms =
+    Proofterm.fold_body_thms
+      (fn {name, ...} => insert (op =) name) [body] [];
+\<close>
+
+declare[[show_sorts = false]]
+declare[[ML_print_depth = 20]]
+
+ML\<open> (*See: *) \<^file>\<open>~~/src/HOL/Proofs/ex/Proof_Terms.thy\<close>\<close>
+ML\<open>
+  val thm = @{thm "test"};
+
+  (*proof body with digest*)
+  val body = Proofterm.strip_thm_body (Thm.proof_body_of thm);
+
+  (*proof term only*)
+  val prf = Proofterm.proof_of body;
+
+  (*clean output*)
+  Pretty.writeln (Proof_Syntax.pretty_proof \<^context> prf);
+  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> false thm);
+  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> true thm);
+
+  (*all theorems used in the graph of nested proofs*)
+  val all_thms =
+    Proofterm.fold_body_thms
+      (fn {name, ...} => insert (op =) name) [body] [];
+\<close>
+
+prf test
+full_prf test
+term*\<open>@{thm \<open>Reification_Test.test\<close>}\<close>
+value*\<open>proof @{thm \<open>Reification_Test.test\<close>}\<close>
+term*\<open>@{thms-of \<open>Reification_Test.test\<close>}\<close>
+value*\<open>@{thms-of \<open>Reification_Test.test\<close>}\<close>
+
+ML\<open> (*See: *) \<^file>\<open>~~/src/HOL/Proofs/ex/Proof_Terms.thy\<close>\<close>
+ML\<open>
+  val thm = @{thm test2};
+
+  (*proof body with digest*)
+  val body = Proofterm.strip_thm_body (Thm.proof_body_of thm);
+
+  (*proof term only*)
+  val prf = Proofterm.proof_of body;
+
+  (*clean output*)
+  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> false thm);
+  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> true thm);
+
+  (*all theorems used in the graph of nested proofs*)
+  val all_thms =
+    Proofterm.fold_body_thms
+      (fn {name, ...} => insert (op =) name) [body] [];
+\<close>
+
+prf test2
+full_prf test2
+term*\<open>@{thm \<open>Reification_Test.test2\<close>}\<close>
+value*\<open>proof @{thm \<open>Reification_Test.test2\<close>}\<close>
+
+ML\<open> (*See: *) \<^file>\<open>~~/src/HOL/Proofs/ex/Proof_Terms.thy\<close>\<close>
+ML\<open>
+  val thm = @{thm test3};
+
+  (*proof body with digest*)
+  val body = Proofterm.strip_thm_body (Thm.proof_body_of thm);
+
+  (*proof term only*)
+  val prf = Proofterm.proof_of body;
+
+  (*clean output*)
+  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> false thm);
+  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> true thm);
+
+  (*all theorems used in the graph of nested proofs*)
+  val all_thms =
+    Proofterm.fold_body_thms
+      (fn {name, ...} => insert (op =) name) [body] [];
+\<close>
+
+prf test3
+full_prf test3
+term*\<open>@{thm \<open>Reification_Test.test3\<close>}\<close>
+value*\<open>@{thm \<open>Reification_Test.test3\<close>}\<close>
+
+ML\<open> (*See: *) \<^file>\<open>~~/src/HOL/Proofs/ex/Proof_Terms.thy\<close>\<close>
+ML\<open>
+  val thm = @{thm test4};
+
+  (*proof body with digest*)
+  val body = Proofterm.strip_thm_body (Thm.proof_body_of thm);
+
+  (*proof term only*)
+  val prf = Proofterm.proof_of body;
+
+  (*clean output*)
+  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> false thm);
+  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> true thm);
+
+  (*all theorems used in the graph of nested proofs*)
+  val all_thms =
+    Proofterm.fold_body_thms
+      (fn {name, ...} => insert (op =) name) [body] [];
+\<close>
+
+prf test4
+full_prf test4
+term*\<open>@{thm \<open>Reification_Test.test4\<close>}\<close>
+value*\<open>@{thm \<open>Reification_Test.test4\<close>}\<close>
+
+ML\<open> (*See: *) \<^file>\<open>~~/src/HOL/Proofs/ex/Proof_Terms.thy\<close>\<close>
+ML\<open>
+  val thm = @{thm Pure.symmetric};
+
+  (*proof body with digest*)
+  val body = Proofterm.strip_thm_body (Thm.proof_body_of thm);
+
+  (*proof term only*)
+  val prf = Proofterm.proof_of body;
+
+  (*clean output*)
+  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> false thm);
+  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> true thm);
+
+  (*all theorems used in the graph of nested proofs*)
+  val all_thms =
+    Proofterm.fold_body_thms
+      (fn {name, ...} => insert (op =) name) [body] [];
+\<close>
+
+prf symmetric
+full_prf symmetric
+term*\<open>@{thm \<open>Pure.symmetric\<close>}\<close>
+value*\<open>proof @{thm \<open>Pure.symmetric\<close>}\<close>
+
+ML\<open>
+val full = true
+val thm = @{thm "Groups.minus_class.super"}
+val standard_proof = Proof_Syntax.standard_proof_of
+          {full = full, expand_name = Thm.expand_name thm} thm
+val term_of_proof = Proof_Syntax.term_of_proof standard_proof
+\<close>
+
+ML\<open>
+val thm = Proof_Context.get_thm \<^context> "Groups.minus_class.super"
+val prop = Thm.prop_of thm
+val proof = Thm.proof_of thm
+\<close>
+
+prf Groups.minus_class.super
+full_prf Groups.minus_class.super
+term*\<open>@{thm \<open>Groups.minus_class.super\<close>}\<close>
+value*\<open>@{thm \<open>Groups.minus_class.super\<close>}\<close>
+
+(*ML\<open>
+val full = true
+val thm = @{thm "Homotopy.starlike_imp_contractible"}
+val standard_proof = Proof_Syntax.standard_proof_of
+          {full = full, expand_name = Thm.expand_name thm} thm
+val term_of_proof = Proof_Syntax.term_of_proof standard_proof
+\<close>
+
+ML\<open>
+val thm = Proof_Context.get_thm \<^context> "Homotopy.starlike_imp_contractible"
+val prop = Thm.prop_of thm
+val proof = Thm.proof_of thm
+\<close>
+
+prf Homotopy.starlike_imp_contractible
+full_prf Homotopy.starlike_imp_contractible
+term*\<open>@{thm \<open>Homotopy.starlike_imp_contractible\<close>}\<close>
+value*\<open>@{thm \<open>Homotopy.starlike_imp_contractible\<close>}\<close>*)
+
+(* stefan bergofer phd thesis example proof construction 2.3.2 *)
+
+lemma stefan_example : "(\<exists>x. \<forall>y. P x y) \<longrightarrow> (\<forall>y. \<exists>x. P x y)"
+  apply (rule impI)
+  apply(rule allI)
+  apply (erule exE)
+   apply(rule exI)
+  apply(erule allE)
+  apply (assumption)
+  done
+
+ML\<open> (*See: *) \<^file>\<open>~~/src/HOL/Proofs/ex/Proof_Terms.thy\<close>\<close>
+ML\<open>
+  val thm = @{thm stefan_example};
+
+  (*proof body with digest*)
+  val body = Proofterm.strip_thm_body (Thm.proof_body_of thm);
+
+  (*proof term only*)
+  val prf = Proofterm.proof_of body;
+
+  (*clean output*)
+  Pretty.writeln (Proof_Syntax.pretty_proof \<^context> prf);
+  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> false thm);
+  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> true thm);
+
+  (*all theorems used in the graph of nested proofs*)
+  val all_thms =
+    Proofterm.fold_body_thms
+      (fn {name, ...} => insert (op =) name) [body] [];
+\<close>
+ML\<open>
+val thy = \<^theory>;
+  val prf =
+    Proof_Syntax.read_proof thy true false
+      "mp \<cdot> _ \<cdot> _ \<bullet> (impI \<cdot> _ \<cdot> _ \<bullet> (conjI \<cdot> _ \<cdot> _ ))";
+      (*"conjI \<cdot> _ \<cdot> _ ";*)
+      (*"(\<^bold>\<lambda>(H: _) Ha: _. conjI \<cdot> _ \<cdot> _ \<bullet> Ha \<bullet> H)";*)
+(*val t = Proofterm.reconstruct_proof thy \<^prop>\<open>(A \<longrightarrow> B) \<Longrightarrow> A \<Longrightarrow> B\<close> prf*)
+(*  val thm =  
+    Proofterm.reconstruct_proof thy \<^prop>\<open>A \<Longrightarrow> B\<close> prf
+    |> Proof_Checker.thm_of_proof thy
+    |> Drule.export_without_context
+val pretty =  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> true thm);*)
+\<close>
+
+extract_type
+  "typeof (Trueprop P) \<equiv> typeof P"
+
+realizers
+  impI (P, Q): "\<lambda>pq. pq"
+    "\<^bold>\<lambda>(c: _) (d: _) P Q pq (h: _). allI \<cdot> _ \<bullet> c \<bullet> (\<^bold>\<lambda>x. impI \<cdot> _ \<cdot> _ \<bullet> (h \<cdot> x))"
+find_consts name:"MinProof"
+
+ML_val \<open>
+  val thy = \<^theory>;
+  val prf =
+    Proof_Syntax.read_proof thy true false
+      "impI \<cdot> _ \<cdot> _ \<bullet> \
+      \   (\<^bold>\<lambda>H: _. \
+      \     conjE \<cdot> _ \<cdot> _ \<cdot> _ \<bullet> H \<bullet> \
+      \       (\<^bold>\<lambda>(H: _) Ha: _. conjI \<cdot> _ \<cdot> _ \<bullet> Ha \<bullet> H))";
+  val thm =
+    Proofterm.reconstruct_proof thy \<^prop>\<open>A \<and> B \<longrightarrow> B \<and> A\<close> prf
+    |> Proof_Checker.thm_of_proof thy
+    |> Drule.export_without_context;
+val pretty =  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> true thm);
+\<close>
+ML_file "~~/src/Provers/classical.ML"
+lemma testtest : "A \<and> B \<longrightarrow> B \<and> A"
+  apply (rule impI)
+  apply (erule conjE)
+  apply(erule conjI)
+  apply assumption
+  done
+
+ML\<open> (*See: *) \<^file>\<open>~~/src/HOL/Proofs/ex/Proof_Terms.thy\<close>\<close>
+ML\<open>
+  val thm = @{thm testtest};
+
+  (*proof body with digest*)
+  val body = Proofterm.strip_thm_body (Thm.proof_body_of thm);
+
+  (*proof term only*)
+  val prf = Proofterm.proof_of body;
+
+  (*clean output*)
+  Pretty.writeln (Proof_Syntax.pretty_proof \<^context> prf);
+  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> false thm);
+  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> true thm);
+
+  (*all theorems used in the graph of nested proofs*)
+  val all_thms =
+    Proofterm.fold_body_thms
+      (fn {name, ...} => insert (op =) name) [body] [];
+\<close>
+
+ML\<open>
+val thy = \<^theory>
+val prf =
+    Proof_Syntax.read_proof thy true false
+      "impI \<cdot> _ \<cdot> _ \<bullet> \
+      \   (\<^bold>\<lambda>H: _. \
+      \     conjE \<cdot> _ \<cdot> _ \<cdot> _ \<bullet> H \<bullet> \
+      \       (\<^bold>\<lambda>(H: _) Ha: _. conjI \<cdot> _ \<cdot> _ \<bullet> Ha \<bullet> H))";
+\<close>
+
+ML\<open>
+val thy = \<^theory>
+val prf =
+    Proof_Syntax.read_proof thy true false
+      "\<^bold>\<lambda>(H: A \<and> B). conjE \<cdot> A \<cdot> B \<cdot> A \<and> B \<bullet> H";
+(*  val thm =
+    Proofterm.reconstruct_proof thy \<^prop>\<open>A \<Longrightarrow> B \<Longrightarrow> B \<and> A\<close> prf
+    |> Proof_Checker.thm_of_proof thy
+    |> Drule.export_without_context;
+val pretty =  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> true thm);*)
+\<close>
+ML\<open>
+val thy = \<^theory>
+val prf =
+    Proof_Syntax.read_proof thy true false
+      "\<^bold>\<lambda>(H: _) Ha: _. conjI \<cdot> _ \<cdot> _ \<bullet> Ha \<bullet> H";
+  val thm =
+    Proofterm.reconstruct_proof thy \<^prop>\<open>A \<Longrightarrow> B \<Longrightarrow> B \<and> A\<close> prf
+    |> Proof_Checker.thm_of_proof thy
+    |> Drule.export_without_context;
+val pretty =  Pretty.writeln (Proof_Syntax.pretty_standard_proof_of \<^context> true thm);
+\<close>
+ 
+end

Isabelle_DOF-Proofs/Very_Deep_DOF.thy

@@ -0,0 +1,19 @@
+theory Very_Deep_DOF
+  imports "Isabelle_DOF-Proofs.Very_Deep_Interpretation"
+
+begin
+
+(* tests *)
+term "@{typ  ''int => int''}"  
+term "@{term ''Bound 0''}"  
+term "@{thm  ''refl''}"  
+term "@{docitem  ''<doc_ref>''}"
+ML\<open>   @{term "@{docitem  ''<doc_ref>''}"}\<close>
+
+term "@{typ  \<open>int \<Rightarrow> int\<close>}"  
+term "@{term \<open>\<forall>x. P x \<longrightarrow> Q\<close>}"  
+term "@{thm  \<open>refl\<close>}"  
+term "@{docitem  \<open>doc_ref\<close>}"
+ML\<open>   @{term "@{docitem  \<open>doc_ref\<close>}"}\<close>
+
+end

Isabelle_DOF-Proofs/Very_Deep_Interpretation.thy

@@ -0,0 +1,237 @@
+theory Very_Deep_Interpretation
+  imports "Isabelle_DOF.Isa_COL"
+          Metalogic_ProofChecker.ProofTerm
+
+begin
+
+subsection\<open> Syntax \<close>
+
+\<comment> \<open>and others in the future : file, http, thy, ...\<close> 
+
+(* Delete shallow interpretation notations (mixfixes) of the term anti-quotations,
+  so we can use them for the deep interpretation *)
+no_notation "Isabelle_DOF_typ" ("@{typ _}")
+no_notation "Isabelle_DOF_term" ("@{term _}")
+no_notation "Isabelle_DOF_thm" ("@{thm _}")
+no_notation "Isabelle_DOF_file" ("@{file _}")
+no_notation "Isabelle_DOF_thy" ("@{thy _}")
+no_notation "Isabelle_DOF_docitem" ("@{docitem _}")
+no_notation "Isabelle_DOF_docitem_attr" ("@{docitemattr (_) :: (_)}")
+no_notation "Isabelle_DOF_trace_attribute" ("@{trace-attribute _}")
+
+consts Isabelle_DOF_typ :: "string \<Rightarrow> typ" ("@{typ _}")
+consts Isabelle_DOF_term :: "string \<Rightarrow> term" ("@{term _}")
+datatype "thm" = Isabelle_DOF_thm string ("@{thm _}") | Thm_content ("proof":proofterm)
+datatype "thms_of" = Isabelle_DOF_thms_of string ("@{thms-of _}")
+datatype "file" = Isabelle_DOF_file string  ("@{file _}")
+datatype "thy" = Isabelle_DOF_thy string  ("@{thy _}")
+consts Isabelle_DOF_docitem      :: "string \<Rightarrow> 'a"                ("@{docitem _}")
+datatype "docitem_attr" = Isabelle_DOF_docitem_attr string  string ("@{docitemattr (_) :: (_)}")
+consts Isabelle_DOF_trace_attribute :: "string \<Rightarrow> (string * string) list" ("@{trace-attribute _}")
+
+subsection\<open> Semantics \<close>
+
+ML\<open>
+structure Meta_ISA_core = 
+struct
+
+fun ML_isa_check_trace_attribute thy (term, _, pos) s =
+  let
+    val oid = (HOLogic.dest_string term
+                  handle TERM(_,[t]) => error ("wrong term format: must be string constant: " 
+                                               ^ Syntax.string_of_term_global thy t ))
+    val _ = DOF_core.get_instance_global oid thy
+  in SOME term end
+
+fun reify_typ (Type (s, typ_list)) =
+      \<^Const>\<open>Ty\<close> $ HOLogic.mk_literal s $ HOLogic.mk_list \<^Type>\<open>typ\<close> (map reify_typ typ_list)
+  | reify_typ (TFree (name, sort)) =
+      \<^Const>\<open>Tv\<close> $(\<^Const>\<open>Free\<close> $ HOLogic.mk_literal name)
+      $ (HOLogic.mk_set \<^typ>\<open>class\<close> (map HOLogic.mk_literal sort))
+  | reify_typ (TVar (indexname, sort)) =
+      let val (name, index_value) = indexname
+      in  \<^Const>\<open>Tv\<close>
+          $ (\<^Const>\<open>Var\<close>
+             $ HOLogic.mk_prod (HOLogic.mk_literal name, HOLogic.mk_number \<^Type>\<open>int\<close> index_value))
+          $ (HOLogic.mk_set \<^typ>\<open>class\<close> (map HOLogic.mk_literal sort)) end
+
+fun ML_isa_elaborate_typ (thy:theory) _ _ term_option _ =
+  case term_option of
+      NONE => error("Wrong term option. You must use a defined term")
+    | SOME term => let 
+                     val typ_name = HOLogic.dest_string term
+                     val typ = Syntax.read_typ_global thy typ_name
+                   in reify_typ typ end
+
+fun reify_term (Const (name, typ)) =\<^Const>\<open>Ct\<close> $ HOLogic.mk_literal name $ reify_typ typ
+  | reify_term (Free (name, typ)) =
+      \<^Const>\<open>Fv\<close> $ (\<^Const>\<open>Free\<close> $ HOLogic.mk_literal name) $ reify_typ typ
+  | reify_term (Var (indexname, typ)) =
+      let val (name, index_value) = indexname
+      in  \<^Const>\<open>Fv\<close>
+          $ (\<^Const>\<open>Var\<close>
+             $ HOLogic.mk_prod (HOLogic.mk_literal name, HOLogic.mk_number \<^Type>\<open>int\<close> index_value))
+          $ reify_typ typ end
+  | reify_term (Bound i) = \<^Const>\<open>Bv\<close> $ HOLogic.mk_nat i
+  | reify_term (Abs (_, typ, term)) = \<^Const>\<open>Abs\<close> $ reify_typ typ $ reify_term term
+  | reify_term (Term.$ (t1, t2)) = \<^Const>\<open>App\<close> $ reify_term t1 $ reify_term t2
+
+fun ML_isa_elaborate_term (thy:theory) _ _ term_option _ =
+  case term_option of
+      NONE => error("Wrong term option. You must use a defined term")
+    | SOME term => let 
+                     val term_name = HOLogic.dest_string term
+                     val term = Syntax.read_term_global thy term_name
+                   in reify_term term end
+
+fun reify_proofterm (PBound i) =\<^Const>\<open>PBound\<close> $ (HOLogic.mk_nat i)
+  | reify_proofterm (Abst (_, typ_option, proof)) =
+      \<^Const>\<open>Abst\<close> $ reify_typ (the typ_option) $ reify_proofterm proof
+  | reify_proofterm (AbsP (_, term_option, proof)) =
+      \<^Const>\<open>AbsP\<close> $ reify_term (the term_option) $ reify_proofterm proof
+  | reify_proofterm (op % (proof, term_option)) =
+      \<^Const>\<open>Appt\<close> $ reify_proofterm proof $ reify_term (the term_option)
+  | reify_proofterm (op %% (proof1, proof2)) =
+      \<^Const>\<open>AppP\<close> $ reify_proofterm proof1 $ reify_proofterm proof2
+  | reify_proofterm (Hyp term) = \<^Const>\<open>Hyp\<close> $ (reify_term term)
+  | reify_proofterm (PAxm (_, term, typ_list_option)) =
+      let 
+          val tvars = rev (Term.add_tvars term [])
+          val meta_tvars = map (fn ((name, index_value), sort) =>
+                HOLogic.mk_prod
+                  (\<^Const>\<open>Var\<close>                    
+                   $ HOLogic.mk_prod
+                      (HOLogic.mk_literal name, HOLogic.mk_number \<^Type>\<open>int\<close> index_value)
+                       , HOLogic.mk_set \<^typ>\<open>class\<close> (map HOLogic.mk_literal sort))) tvars
+          val meta_typ_list = 
+            HOLogic.mk_list @{typ "tyinst"} (map2 (fn x => fn y => HOLogic.mk_prod (x, y))
+                                              meta_tvars (map reify_typ (the typ_list_option)))
+      in \<^Const>\<open>PAxm\<close> $ reify_term term $ meta_typ_list end
+  | reify_proofterm (PClass (typ, class)) =
+      \<^Const>\<open>OfClass\<close> $ reify_typ typ $ HOLogic.mk_literal class
+  | reify_proofterm (PThm ({prop = prop, types = types, ...}, _)) =
+      let
+        val tvars = rev (Term.add_tvars prop [])
+        val meta_tvars = map (fn ((name, index_value), sort) =>
+                HOLogic.mk_prod
+                  (\<^Const>\<open>Var\<close>                    
+                  $ HOLogic.mk_prod
+                      (HOLogic.mk_literal name, HOLogic.mk_number \<^Type>\<open>int\<close> index_value)
+                  , HOLogic.mk_set \<^typ>\<open>class\<close> (map HOLogic.mk_literal sort))) tvars
+        val meta_typ_list = 
+            HOLogic.mk_list \<^typ>\<open>tyinst\<close> (map2 (fn x => fn y => HOLogic.mk_prod (x, y))
+                                          meta_tvars (map reify_typ (the types)))
+      in \<^Const>\<open>PAxm\<close> $ reify_term prop $ meta_typ_list end
+
+fun ML_isa_elaborate_thm (thy:theory) _ _ term_option pos =
+  case term_option of
+      NONE => ISA_core.err ("Malformed term annotation") pos
+    | SOME term =>
+        let
+          val thm_name = HOLogic.dest_string term
+          val _ = writeln ("In ML_isa_elaborate_thm thm_name: " ^ \<^make_string> thm_name)
+          val thm = Proof_Context.get_thm (Proof_Context.init_global thy) thm_name
+          val _ = writeln ("In ML_isa_elaborate_thm thm: " ^ \<^make_string> thm)
+          val body = Proofterm.strip_thm_body (Thm.proof_body_of thm);
+          val prf = Proofterm.proof_of body;
+          (* Proof_Syntax.standard_proof_of reconstructs the proof and seems to rewrite
+             the option arguments (with a value NONE) of the proof datatype constructors,
+             at least for PAxm, with "SOME (typ/term)",
+             allowing us the use the projection function "the".
+             Maybe the function can deal with
+             all the option types of the proof datatype constructors *)
+          val proof = Proof_Syntax.standard_proof_of
+                                   {full = true, expand_name = Thm.expand_name thm} thm
+          val _ = writeln ("In ML_isa_elaborate_thm proof: " ^ \<^make_string> proof)
+          (* After a small discussion with Simon Roßkopf, It seems preferable to use
+             Thm.reconstruct_proof_of instead of Proof_Syntax.standard_proof_of
+             whose operation is not well known.
+             Thm.reconstruct_proof_of seems sufficient to have a reifiable PAxm
+             in the metalogic. *)
+          val proof' = Thm.reconstruct_proof_of thm 
+        (*in \<^Const>\<open>Thm_content\<close> $ reify_proofterm prf end*)        
+        (*in \<^Const>\<open>Thm_content\<close> $ reify_proofterm proof end*)
+        in \<^Const>\<open>Thm_content\<close> $ reify_proofterm proof end
+
+
+fun ML_isa_elaborate_thms_of (thy:theory) _ _ term_option pos =
+  case term_option of
+      NONE => ISA_core.err ("Malformed term annotation") pos
+    | SOME term =>
+        let
+          val thm_name = HOLogic.dest_string term
+          val thm = Proof_Context.get_thm (Proof_Context.init_global thy) thm_name
+          val body = Proofterm.strip_thm_body (Thm.proof_body_of thm)
+          val all_thms_name = Proofterm.fold_body_thms (fn {name, ...} => insert (op =) name) [body] []
+          (*val all_thms = map (Proof_Context.get_thm (Proof_Context.init_global thy)) all_thms_name*)
+          (*val all_proofs = map (Proof_Syntax.standard_proof_of
+                                   {full = true, expand_name = Thm.expand_name thm}) all_thms*)
+        (*in HOLogic.mk_list \<^Type>\<open>thm\<close> (map (fn proof => \<^Const>\<open>Thm_content\<close> $ reify_proofterm proof) all_proofs) end*)
+        in HOLogic.mk_list \<^typ>\<open>string\<close> (map HOLogic.mk_string all_thms_name) end
+
+fun ML_isa_elaborate_trace_attribute (thy:theory) _ _ term_option pos =
+case term_option of
+    NONE => ISA_core.err ("Malformed term annotation") pos
+  | SOME term => 
+      let
+        val oid = HOLogic.dest_string term
+        val traces = ISA_core.compute_attr_access (Context.Theory thy) "trace" oid NONE pos
+        fun conv (\<^Const>\<open>Pair \<^typ>\<open>doc_class rexp\<close> \<^typ>\<open>string\<close>\<close>
+                    $ (\<^Const>\<open>Atom \<^typ>\<open>doc_class\<close>\<close> $ (\<^Const>\<open>mk\<close> $ s)) $ S) =
+          let val s' =  DOF_core.get_onto_class_name_global (HOLogic.dest_string s) thy 
+          in \<^Const>\<open>Pair \<^typ>\<open>string\<close> \<^typ>\<open>string\<close>\<close> $ HOLogic.mk_string s' $ S end
+        val traces' = map conv (HOLogic.dest_list traces)
+      in HOLogic.mk_list \<^Type>\<open>prod \<^typ>\<open>string\<close> \<^typ>\<open>string\<close>\<close> traces' end
+
+end; (* struct *)
+
+\<close>
+
+ML\<open>
+val ty1 = Meta_ISA_core.reify_typ @{typ "int"}
+val ty2 = Meta_ISA_core.reify_typ @{typ "int \<Rightarrow> bool"}
+val ty3 = Meta_ISA_core.reify_typ @{typ "prop"}
+val ty4 = Meta_ISA_core.reify_typ @{typ "'a list"}
+\<close>
+
+ML\<open>
+val t1 = Meta_ISA_core.reify_term @{term "1::int"}
+val t2 = Meta_ISA_core.reify_term @{term "\<lambda>x. x = 1"}
+val t3 = Meta_ISA_core.reify_term @{term "[2, 3::int]"}
+\<close>
+
+subsection\<open> Isar - Setup\<close>
+(* Isa_transformers declaration for Isabelle_DOF term anti-quotations (typ, term, thm, etc.).
+   They must be declared in the same theory file as the one of the declaration
+   of Isabelle_DOF term anti-quotations !!! *)
+setup\<open>
+[(\<^type_name>\<open>thm\<close>, ISA_core.ML_isa_check_thm, Meta_ISA_core.ML_isa_elaborate_thm)
+ , (\<^type_name>\<open>thms_of\<close>, ISA_core.ML_isa_check_thm, Meta_ISA_core.ML_isa_elaborate_thms_of)
+ , (\<^type_name>\<open>file\<close>, ISA_core.ML_isa_check_file, ISA_core.ML_isa_elaborate_generic)]
+|> fold (fn (n, check, elaborate) => fn thy =>
+let val ns = Sign.tsig_of thy |> Type.type_space
+    val name = n
+    val {pos, ...} = Name_Space.the_entry ns name
+    val bname = Long_Name.base_name name
+    val binding = Binding.make (bname, pos)
+                   |> Binding.prefix_name DOF_core.ISA_prefix
+                   |> Binding.prefix false bname
+in  DOF_core.add_isa_transformer binding ((check, elaborate) |> DOF_core.make_isa_transformer) thy
+end)
+#>
+([(\<^const_name>\<open>Isabelle_DOF_typ\<close>, ISA_core.ML_isa_check_typ, Meta_ISA_core.ML_isa_elaborate_typ)
+  ,(\<^const_name>\<open>Isabelle_DOF_term\<close>, ISA_core.ML_isa_check_term, Meta_ISA_core.ML_isa_elaborate_term)
+  ,(\<^const_name>\<open>Isabelle_DOF_docitem\<close>,
+      ISA_core.ML_isa_check_docitem, ISA_core.ML_isa_elaborate_generic)
+  ,(\<^const_name>\<open>Isabelle_DOF_trace_attribute\<close>,
+      ISA_core.ML_isa_check_trace_attribute, ISA_core.ML_isa_elaborate_trace_attribute)]
+|> fold (fn (n, check, elaborate) => fn thy =>
+let val ns = Sign.consts_of thy |> Consts.space_of
+    val name = n
+    val {pos, ...} = Name_Space.the_entry ns name
+    val bname =  Long_Name.base_name name
+    val binding = Binding.make (bname, pos)
+in  DOF_core.add_isa_transformer binding ((check, elaborate) |> DOF_core.make_isa_transformer) thy
+end))
+\<close>
+end

Isabelle_DOF-Unit-Tests/AssnsLemmaThmEtc.thy

@@ -0,0 +1,237 @@
+(*************************************************************************
+ * Copyright (C) 
+ *               2019      The University of Exeter 
+ *               2018-2019 The University of Paris-Saclay
+ *               2018      The University of Sheffield
+ *
+ * License:
+ *   This program can be redistributed and/or modified under the terms
+ *   of the 2-clause BSD-style license.
+ *
+ *   SPDX-License-Identifier: BSD-2-Clause
+ *************************************************************************)
+
+chapter\<open>Testing Freeform and Formal Elements from the scholarly-paper Ontology\<close>
+
+theory 
+  AssnsLemmaThmEtc
+imports 
+  "Isabelle_DOF-Ontologies.Conceptual"  
+  "Isabelle_DOF.scholarly_paper"
+  "Isabelle_DOF_Unit_Tests_document"
+  TestKit
+begin
+
+section\<open>Test Objective\<close>
+
+text\<open>Testing Core Elements for \<^theory>\<open>Isabelle_DOF.scholarly_paper\<close> wrt. to 
+existance, controlability via implicit and explicit default classes, and potential 
+LaTeX Layout.\<close>
+
+text\<open>Current status:\<close>
+print_doc_classes
+print_doc_items
+
+
+section\<open>An Example for use-before-declaration of Formal Content\<close>
+
+text*[aa::F, properties = "[@{term ''True''}]"]
+\<open>Our definition of the HOL-Logic has the following properties:\<close>
+assert*\<open>F.properties @{F \<open>aa\<close>} = [@{term ''True''}]\<close>
+
+text\<open>For now, as the term annotation is not bound to a meta logic which will translate
+\<^term>\<open>[@{term ''True''}]\<close> to \<^term>\<open>[True]\<close>, we can not use the HOL \<^const>\<open>True\<close> constant
+in the assertion.\<close>
+
+ML\<open> @{term_ "[@{term \<open>True \<longrightarrow> True \<close>}]"}; (* with isa-check *)  \<close>
+
+ML\<open> 
+    (* Checking the default classes which should be in a neutral(unset) state. *)
+    (* Note that in this state, the "implicit default" is "math_content". *) 
+    @{assert} (Config.get_global @{theory} Definition_default_class = "");
+    @{assert} (Config.get_global @{theory} Lemma_default_class = "");
+    @{assert} (Config.get_global @{theory} Theorem_default_class = "");
+    @{assert} (Config.get_global @{theory} Proposition_default_class = "");
+    @{assert} (Config.get_global @{theory} Premise_default_class = "");
+    @{assert} (Config.get_global @{theory} Corollary_default_class = "");
+    @{assert} (Config.get_global @{theory} Consequence_default_class = "");
+    @{assert} (Config.get_global @{theory} Assumption_default_class = "");
+    @{assert} (Config.get_global @{theory} Hypothesis_default_class = "");
+    @{assert} (Config.get_global @{theory} Consequence_default_class = "");
+    @{assert} (Config.get_global @{theory} Assertion_default_class = "");
+    @{assert} (Config.get_global @{theory} Proof_default_class = "");
+    @{assert} (Config.get_global @{theory} Example_default_class = "");
+\<close>
+
+
+Definition*[e1]\<open>Lorem ipsum dolor sit amet, ... \<close>
+text\<open>Note that this should yield a warning since \<^theory_text>\<open>Definition*\<close>  uses as "implicit default" the class
+    \<^doc_class>\<open>math_content\<close> which has no \<^term>\<open>text_element.level\<close> set, however in this context,
+    it is required to be a positive number since it is \<^term>\<open>text_element.referentiable\<close> . 
+    This is intended behaviour in order to give the user a nudge to be more specific.\<close> 
+
+text\<open>A repair looks like this:\<close>
+declare [[Definition_default_class = "definition"]]
+
+text\<open>Now, define a forward reference to the formal content: \<close>
+
+declare_reference*[e1bisbis::"definition"]
+
+text\<open>... which makes it possible to refer in a freeform definition to its formal counterpart
+which will appear textually later. With this pragmatics, an "out-of-    order-presentation" 
+can be achieved within \<^theory>\<open>Isabelle_DOF.scholarly_paper\<close> for the most common cases.\<close>
+
+
+(*<*) (* PDF references to definition* not implemented *)
+Definition*[e1bis::"definition", short_name="\<open>Nice lemma.\<close>"]
+   \<open>Lorem ipsum dolor sit amet, ... 
+    This is formally defined as follows in @{definition (unchecked) "e1bisbis"}\<close>
+definition*[e1bisbis, status=formal] e :: int where "e = 2"
+(*>*)
+section\<open>Tests for Theorems, Assertions, Assumptions, Hypothesis, etc.\<close>
+
+declare [[Theorem_default_class     = "theorem",
+          Premise_default_class     = "premise",
+          Hypothesis_default_class  = "hypothesis",
+          Assumption_default_class  = "assumption",
+          Conclusion_default_class  = "conclusion",
+          Consequence_default_class = "consequence",
+          Assertion_default_class   = "assertion",
+          Corollary_default_class   = "corollary",
+          Proof_default_class       = "math_proof",
+          Conclusion_default_class  = "conclusion_stmt"]]
+
+Theorem*[e2]\<open>... suspendisse non arcu malesuada mollis, nibh morbi, ... \<close>
+
+theorem*[e2bis::"theorem", status=formal] f : "e = 1+1" unfolding e_def by simp
+
+(*<*) (* @{theorem "e2bis"} breaks LaTeX generation ... *)
+Lemma*[e3,level="Some 2"]
+\<open>... phasellus amet id massa nunc, pede suscipit repellendus, ... @{theorem "e2bis"} \<close>
+(*>*) 
+Proof*[d10, short_name="\<open>Induction over Tinea pedis.\<close>"]\<open>Freeform Proof\<close>
+
+lemma*[dfgd::"lemma"] q: "All (\<lambda>x. X \<and> Y \<longrightarrow> True)" oops
+text-assert-error\<open>@{lemma dfgd} \<close>\<open>Undefined instance:\<close> \<comment> \<open>oops‘ed objects are not referentiable.\<close>
+
+text\<open>... in ut tortor eleifend augue pretium consectetuer...  
+     Lectus accumsan velit ultrices, ...\<close>
+
+Proposition*[d2::"proposition"]\<open>"Freeform Proposition"\<close> 
+
+Assumption*[d3] \<open>"Freeform Assertion"\<close>
+
+Premise*[d4]\<open>"Freeform Premise"\<close> 
+
+Corollary*[d5]\<open>"Freeform Corollary"\<close> 
+
+Consequence*[d6::scholarly_paper.consequence]\<open>"Freeform Consequence"\<close> \<comment> \<open>longname just for test\<close>
+
+(*<*)
+declare_reference*[ababa::scholarly_paper.assertion]
+Assertion*[d7]\<open>Freeform Assumption with forward reference to the formal  
+               @{assertion (unchecked) ababa}.\<close>  
+assert*[ababa::assertion] "3 < (4::int)"
+assert*[ababab::assertion] "0 < (4::int)"
+(*>*)
+
+Conclusion*[d8]\<open>"Freeform Conclusion"\<close>
+
+Hypothesis*[d9]\<open>"Freeform Hypothesis"\<close> 
+
+Example*[d11::math_example]\<open>"Freeform Example"\<close> 
+
+text\<open>An example for the ontology specification character of the short-cuts such as 
+@{command  "assert*"}: in the following, we use the same notation referring to a completely
+different class. "F" and "assertion" have only in common that they posses the attribute
+@{const [names_short] \<open>properties\<close>}: \<close>
+
+section\<open>Exhaustive Scholarly\_paper Test\<close>
+
+subsection\<open>Global Structural Elements\<close>
+(* maybe it is neither necessary nor possible to test these here... title is unique in
+   a document, for example. To be commented out of needed. *)
+text*[tt1::scholarly_paper.title]\<open>Lectus accumsan velit ultrices, ...\<close> 
+text*[tt2::scholarly_paper.author]\<open>Lectus accumsan velit ultrices, ...\<close>  
+text*[tt3::scholarly_paper.article]\<open>Lectus accumsan velit ultrices, ...\<close> 
+text*[tt4::scholarly_paper.annex]\<open>Lectus accumsan velit ultrices, ...\<close>  
+text*[tt5::scholarly_paper.abstract]\<open>Lectus accumsan velit ultrices, ...\<close>  
+text*[tt6::scholarly_paper.subtitle]\<open>Lectus accumsan velit ultrices, ...\<close> 
+text*[tt7::scholarly_paper.bibliography]\<open>Lectus accumsan velit ultrices, ...\<close>        
+text*[tt8::scholarly_paper.introduction]\<open>Lectus accumsan velit ultrices, ...\<close> 
+text*[tt9::scholarly_paper.related_work]\<open>Lectus accumsan velit ultrices, ...\<close>        
+text*[tt11::scholarly_paper.text_section]\<open>Lectus accumsan velit ultrices, ...\<close>        
+text*[tt12::scholarly_paper.background ]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tt13::scholarly_paper.conclusion ]\<open>Lectus accumsan velit ultrices, ...\<close>
+
+subsection\<open>Technical Content Specific Elements\<close>
+
+text*[tu1::scholarly_paper.axiom    ]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu1bis::scholarly_paper.math_content, mcc="axm"   ]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu2::scholarly_paper.lemma    ]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu3::scholarly_paper.example  ]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu4::scholarly_paper.premise  ]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu5::scholarly_paper.theorem  ]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu6::scholarly_paper.assertion]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu7::scholarly_paper.corollary]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu9::scholarly_paper.technical]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu10::scholarly_paper.assumption ]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu13::scholarly_paper.definition ]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu15::scholarly_paper.experiment ]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu16::scholarly_paper.hypothesis ]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu17::scholarly_paper.math_proof ]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu18::scholarly_paper.consequence]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu19::scholarly_paper.math_formal]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu20::scholarly_paper.proposition]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu21::scholarly_paper.math_content    ]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu22::scholarly_paper.math_example    ]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu23::scholarly_paper.conclusion_stmt ]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu24::scholarly_paper.math_motivation ]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu25::scholarly_paper.tech_definition ]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu28::scholarly_paper.eng_example     ]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tt10::scholarly_paper.tech_example]\<open>Lectus accumsan velit ultrices, ...\<close>        
+text*[tu8::scholarly_paper.tech_code]        \<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu27::scholarly_paper.engineering_content]\<open>Lectus accumsan velit ultrices, ...\<close>
+text*[tu14::scholarly_paper.evaluation ]\<open>Lectus accumsan velit ultrices, ...\<close>
+
+text\<open> @{axiom tu1} @{lemma tu2} @{example tu3} @{premise tu4} @{theorem tu5} @{assertion tu6} 
+      @{technical tu9} @{assumption             tu10 }  @{definition             tu13 }
+      @{experiment      tu15 } @{hypothesis      tu16 } @{math_proof      tu17 }
+      @{consequence     tu18 } @{math_formal     tu19 } @{proposition     tu20 }
+      @{math_content    tu21 } @{math_example    tu22 } @{conclusion_stmt tu23 }
+      @{math_motivation tu24 } @{tech_definition tu25 } @{eng_example     tu28 }
+      @{tech_example    tt10 } @{tech_code       tu8 }  @{engineering_content tu27 }
+      @{evaluation      tu14 }
+    \<close>
+
+subsection\<open>The Use in Macros\<close>
+
+Lemma*[ttu2::scholarly_paper.lemma    ]\<open>Lectus accumsan velit ultrices, ...\<close>
+Example*[ttu3::scholarly_paper.math_example  ]\<open>Lectus accumsan velit ultrices, ...\<close>
+Premise*[ttu4::scholarly_paper.premise  ]\<open>Lectus accumsan velit ultrices, ...\<close>
+Theorem*[ttu5::scholarly_paper.theorem  ]\<open>Lectus accumsan velit ultrices, ...\<close>
+Assertion*[ttu6::scholarly_paper.assertion]\<open>Lectus accumsan velit ultrices, ...\<close>
+Corollary*[ttu7::scholarly_paper.corollary]\<open>Lectus accumsan velit ultrices, ...\<close>
+Assumption*[ttu10::scholarly_paper.assumption ]\<open>Lectus accumsan velit ultrices, ...\<close>
+Definition*[ttu13::scholarly_paper.definition ]\<open>Lectus accumsan velit ultrices, ...\<close>
+Hypothesis*[ttu16::scholarly_paper.hypothesis ]\<open>Lectus accumsan velit ultrices, ...\<close>
+Proof*[ttu17::scholarly_paper.math_proof ]\<open>Lectus accumsan velit ultrices, ...\<close>
+Consequence*[ttu18::scholarly_paper.consequence]\<open>Lectus accumsan velit ultrices, ...\<close>
+Proposition*[ttu20::scholarly_paper.proposition]\<open>Lectus accumsan velit ultrices, ...\<close>
+Conclusion*[ttu23::scholarly_paper.conclusion_stmt ]\<open>Lectus accumsan velit ultrices, ...\<close>
+(* Definition*[ttu25::scholarly_paper.tech_definition ]\<open>Lectus accumsan velit ultrices, ...\<close> 
+   interesting modeling bug.
+*)
+(*Example*[ttu28::scholarly_paper.eng_example     ]\<open>Lectus accumsan velit ultrices, ...\<close>
+   interesting modeling bug.
+*)  
+text\<open> @{lemma ttu2} @{math_example ttu3} @{premise ttu4} @{theorem ttu5} @{assertion ttu6} 
+      @{assumption ttu10 }  @{definition ttu13 }
+      @{hypothesis      ttu16 } @{math_proof      ttu17 }
+      @{consequence     ttu18 } @{proposition     ttu20 }
+      @{math_content    tu21 }  @{conclusion_stmt ttu23 }
+      @ \<open>{eng_example     ttu28 }\<close>
+      @ \<open>{tech_example    tt10 }\<close>  
+    \<close>
+
+end

Isabelle_DOF-Unit-Tests/Attributes.thy

@@ -13,11 +13,13 @@
 
 theory 
   Attributes
-imports 
-  "Isabelle_DOF.Conceptual"
+  imports 
+  "Isabelle_DOF_Unit_Tests_document"
+  "Isabelle_DOF-Ontologies.Conceptual"
+  Concept_MonitorTest1
 begin
-
-section\<open>Elementary Creation of Doc-items and Access of their Attibutes\<close>
+ML\<open>@{assert} (1 = 1)\<close>
+section\<open>Elementar Creation of Doc-items and Access of their Attibutes\<close>
 
 text\<open>Current status:\<close>
 print_doc_classes
@@ -25,25 +27,27 @@ print_doc_items
 
 (* this corresponds to low-level accesses : *)
 ML\<open>  
-val {docobj_tab={tab = docitem_tab, ...},docclass_tab, ISA_transformer_tab, monitor_tab,...} 
-    = DOF_core.get_data @{context};
-Symtab.dest docitem_tab;
-Symtab.dest docclass_tab;
+val docitem_tab = DOF_core.get_instances \<^context>
+val isa_transformer_tab = DOF_core.get_isa_transformers \<^context>
+val docclass_tab = DOF_core.get_onto_classes @{context};
 \<close>
 ML\<open>
-#value(the(the(Symtab.lookup docitem_tab "aaa")))
+map fst (Name_Space.dest_table docitem_tab);
+Name_Space.dest_table docclass_tab;
 
 \<close>
 
+
+
 find_theorems (60) name:"Conceptual.M." 
 
-value [simp]"trace(M.make undefined [] ())"
-value "ok(M.make undefined_AAA [] ())"
-value "trace(M.make undefined_AAA [] ())"
-value "tag_attribute(M.make undefined_AAA [] ())"
+value [simp]"M.trace(M.make undefined [] ())"
+value "M.ok(M.make undefined_AAA [] ())"
+value "M.trace(M.make undefined_AAA [] ())"
+value "M.tag_attribute(M.make undefined_AAA [] ())"
 
 
-value "ok(M.make 0 [] ())"
+value "M.ok(M.make 0 [] ())"
 (*
 value "ok(M.make undefined [] ())"
 value "ok(M.make 0 [] undefined)"
@@ -124,11 +128,10 @@ DOF_core.get_attribute_info  "Conceptual.C" "z" @{theory};
 
 
 ML\<open>
-DOF_core.get_value_local "sdf"   @{context};
-DOF_core.get_value_local "sdfg"  @{context};
-DOF_core.get_value_local "xxxy"  @{context};
-DOF_core.get_value_local "dfgdfg" @{context};
-DOF_core.get_value_local "omega" @{context};
+DOF_core.value_of "sdf" \<^theory>;
+DOF_core.value_of "sdfg" \<^theory>;
+DOF_core.value_of "dfgdfg" \<^theory>;
+DOF_core.value_of "omega" \<^theory>;
 \<close>
 
 text\<open>A not too trivial test: default y -> [].
@@ -168,30 +171,56 @@ update_instance*[omega::E, y+="[''en'']"]
 ML\<open> val s =  map HOLogic.dest_string (HOLogic.dest_list @{docitem_attribute y::omega}); \<close>
 
 subsection\<open> Example text antiquotation:\<close>
-text\<open> @{docitem_attribute omega::y}  \<close>
+text\<open> @{docitem_attribute y::omega}  \<close>
 
 
 section\<open>Simulation of a Monitor\<close>
 
-open_monitor*[figs1::figure_group, 
-              caption="''Sample ''"]  
+declare[[free_class_in_monitor_checking]]
 
-figure*[fig_A::figure, spawn_columns=False,
+
+ML\<open>val monitor_infos = DOF_core.get_monitor_infos \<^context>\<close>
+figure*[fig_C::figure, 
         relative_width="90",
-        src="''figures/A.png''"]
-       \<open> The A train \ldots \<close>
+        file_src="''figures/A.png''"]
+       \<open> The C train \ldots \<close>
 
-figure*[fig_B::figure, 
-        spawn_columns=False,relative_width="90",
-        src="''figures/B.png''"]
-       \<open> The B train \ldots \<close>  
 
-close_monitor*[figs1]  
+ML\<open>val monitor_infos = DOF_core.get_monitor_infos \<^context>\<close>
+
+
+
+declare[[free_class_in_monitor_checking = false]]
 
 text\<open>Resulting trace of figs1 as ML antiquotation: \<close>
-ML  \<open>@{trace_attribute figs1}\<close>
+
 text\<open>Resulting trace of figs as text antiquotation:\<close>
-text\<open>@{trace_attribute figs1}\<close>
+
+
+
+section\<open>A Complex Evaluation involving Automatas\<close>
+
+text\<open>Test trace\_attribute term antiquotation:\<close>
+
+notation Star  ("\<lbrace>(_)\<rbrace>\<^sup>*" [0]100)
+notation Plus  (infixr "||" 55)
+notation Times (infixr "~~" 60)
+notation Atom  ("\<lfloor>_\<rfloor>" 65)
+
+definition example_expression where "example_expression \<equiv> \<lbrace>\<lfloor>''Conceptual.A''\<rfloor> || \<lfloor>''Conceptual.F''\<rfloor>\<rbrace>\<^sup>*"
+
+no_notation Star  ("\<lbrace>(_)\<rbrace>\<^sup>*" [0]100)
+no_notation Plus  (infixr "||" 55)
+no_notation Times (infixr "~~" 60)
+no_notation Atom  ("\<lfloor>_\<rfloor>" 65)
+
+value* \<open> DA.accepts (na2da (rexp2na example_expression)) (map fst @{trace-attribute \<open>aaa\<close>}) \<close>
+
+definition word_test  :: "'a list \<Rightarrow> 'a rexp \<Rightarrow> bool" (infix "is-in" 60)
+  where " w is-in rexp \<equiv>  DA.accepts (na2da (rexp2na rexp)) (w)"
+
+value* \<open> (map fst @{trace-attribute \<open>aaa\<close>}) is-in example_expression \<close>
+
 
 (*<*)
 text\<open>Final Status:\<close>

Isabelle_DOF-Unit-Tests/COL_Test.thy

@@ -0,0 +1,59 @@
+theory 
+  COL_Test
+imports 
+  "Isabelle_DOF_Unit_Tests_document"
+begin
+
+
+print_doc_items
+print_doc_classes
+
+section\<open>General Heading COL Elements\<close> 
+
+chapter*[S1::"chapter"]\<open>Chapter\<close>
+text*[S1'::"chapter"]\<open>Chapter\<close>
+
+section*[S2::"section"]\<open>Section\<close>
+text*[S2'::"section"]\<open>Section\<close>
+
+subsection*[S3::"subsection"]\<open>Subsection\<close>
+text*[S3'::"subsection"]\<open>Subsection\<close>
+
+subsubsection*[S4::"subsubsection"]\<open>Subsubsection\<close>
+text*[S4'::"subsubsection"]\<open>Subsubsection\<close>
+
+paragraph*[S5::"paragraph"]\<open>PAragraph\<close>
+text*[S5'::"paragraph"]\<open>Paragraph\<close>
+
+
+section\<open>General Figure COL Elements\<close> 
+
+figure*[fig1_test,relative_width="95",file_src="''figures/A.png''"]
+       \<open> This is the label text  \<^term>\<open>\<sigma>\<^sub>i+2\<close> \<close>  
+
+(*<*) (* text* with type figure not supported *)
+text*[fig2_test::figure, relative_width="95",file_src="''figures/A.png''"
+]\<open> This is the label text\<close>
+
+text\<open>check @{figure fig1_test} cmp to @{figure fig2_test}\<close>
+(*>*)
+
+
+(* And a side-chick ... *)
+
+text*[inlinefig::float, 
+      main_caption="\<open>The Caption.\<close>"]
+     \<open>@{theory_text [display, margin = 5] \<open>lemma A :: "a \<longrightarrow> b"\<close>}\<close>
+
+text*[dupl_graphics::float, 
+      main_caption="\<open>The Caption.\<close>"]
+\<open>
+@{fig_content (width=40, height=35, caption="This is a left test") "figures/A.png"
+}\<^hfill>@{fig_content (width=40, height=35, caption="This is a right \<^term>\<open>\<sigma>\<^sub>i + 1\<close> test") "figures/B.png"} 
+\<close>
+
+
+
+end
+(*>*)
+

Isabelle_DOF-Unit-Tests/Cenelec_Test.thy

@@ -0,0 +1,70 @@
+theory 
+  Cenelec_Test
+imports 
+  "Isabelle_DOF_Unit_Tests_document"
+  "Isabelle_DOF-Ontologies.CENELEC_50128"
+begin
+
+declare[[strict_monitor_checking = true]]
+declare[[invariants_checking = true]]
+declare[[invariants_checking_with_tactics = true]]
+
+print_doc_items
+print_doc_classes
+
+open_monitor*[SIL0Test::monitor_SIL0]
+
+text*[sqap_instance::SQAP, sil="SIL0", written_by="Some RQM", fst_check="Some VER", snd_check="Some VAL"]\<open>\<close>
+text*[sqavr_instance::SQAVR, sil= "SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[scmp_instance::SCMP, sil="SIL0", written_by="Some CM", fst_check="Some VER", snd_check="Some VAL"]\<open>\<close>
+text*[svp_instance::SVP, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[svap_instance::SVAP, sil="SIL0", written_by="Some VAL", fst_check="Some VER", snd_check="None"]\<open>\<close>
+text*[swrs_instance::SWRS, sil="SIL0", written_by="Some RQM", fst_check="Some VER", snd_check="Some VAL"]\<open>\<close>
+text*[oswts_instance::OSWTS, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swrvr_instance::SWRVR, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swas_instance::SWAS, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swds_instance::SWDS, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swis_instance::SWIS, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swits_instance::SWITS, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swhits_instance::SWHITS, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swadvr_instance::SWADVR, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swcds_instance::SWCDS, sil="SIL0", nlvl="R", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swcts_instance::SWCTS, sil="SIL0", nlvl="R", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swcdvr_instance::SWCDVR, sil="SIL0", nlvl="R", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swscd_instance::SWSCD, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swctr_instance::SWCTR, sil="SIL0", nlvl="R", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swscvr_instance::SWSCVR, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[switr_instance::SWITR, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swhaitr_instance::SWHAITR, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swivr_instance::SWIVR, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[oswtr_instance::OSWTR, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swvalr_instance::SWVALR, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[tvalr_instance::TVALR, sil="SIL0", nlvl="R", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swvrn_instance::SWVRN, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[ars_instance::ARS, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[app_instance::APP, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[ats_instance::ATS, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[aad_instance::AAD, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[apvr_instance::APVR, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[atr_instance::ATR, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[socoada_instance::SOCOADA, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[adavr_instance::ADAVR, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swrdp_instance::SWRDP, sil="SIL0", nlvl="R", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swdm_instance::SWDM, sil="SIL0", nlvl="R", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swdrn_instance::SWDRN, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swdr_instance::SWDR, sil="SIL0", nlvl="R", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swdvr_instance::SWDVR, sil="SIL0", nlvl="R", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swmp_instance::SWMP, sil="SIL0", nlvl="R", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swcr_instance::SWCR, sil="SIL0", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swmr_instance::SWMR, sil="SIL0", nlvl="R", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swmvr_instance::SWMVR, sil="SIL0", nlvl="R", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swap_instance::SWAP, sil="SIL0", nlvl="R", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+text*[swar_instance::SWAR, sil="SIL0", nlvl="R", written_by="Some VER", fst_check="None", snd_check="Some VAL"]\<open>\<close>
+
+close_monitor*[SIL0Test]
+
+declare[[strict_monitor_checking = true]]
+declare[[invariants_checking = true]]
+declare[[invariants_checking_with_tactics = true]]
+
+end 

Isabelle_DOF-Unit-Tests/Concept_Example_Low_Level_Invariant.thy

@@ -0,0 +1,162 @@
+(*************************************************************************
+ * Copyright (C) 
+ *               2019-2023 The University of Exeter 
+ *               2018-2023 The University of Paris-Saclay
+ *               2018      The University of Sheffield
+ *
+ * License:
+ *   This program can be redistributed and/or modified under the terms
+ *   of the 2-clause BSD-style license.
+ *
+ *   SPDX-License-Identifier: BSD-2-Clause
+ *************************************************************************)
+
+chapter\<open>Testing hand-programmed (low-level) Invariants\<close>
+
+theory Concept_Example_Low_Level_Invariant
+  imports 
+  "Isabelle_DOF_Unit_Tests_document"
+  "Isabelle_DOF-Ontologies.Conceptual" (* we use the generic "Conceptual" ontology *)
+  TestKit
+begin
+
+section\<open>Test Purpose.\<close>
+text\<open> Via @{ML "DOF_core.add_ml_invariant"} it is possible to attach user-defined
+      ML-code to classes which is executed at each creation or modification of 
+      class instances. We test exection  of creation  and updates. \<close>
+
+text\<open>Consult the status of the DOF engine:\<close>
+print_doc_classes
+print_doc_items
+
+
+section\<open>Example: Standard Class Invariant\<close>
+
+
+text\<open>Watch out: The current programming interface to document class invariants is pretty low-level:
+\<^item> No inheritance principle
+\<^item> No high-level notation in HOL
+\<^item> Typing on ML level is assumed to be correct.
+The implementor of an ontology must know what he does ...
+\<close>
+
+text\<open>Setting a sample invariant, which simply produces some side-effect:\<close>
+
+setup\<open>
+fn thy =>
+let val ctxt = Proof_Context.init_global thy
+    val cid_long = DOF_core.get_onto_class_name_global "A" thy
+    val bind = Binding.name "Sample_Echo"
+    val exec = (fn oid =>  fn {is_monitor = b} => fn ctxt => 
+                  (writeln ("sample echo : "^oid); true))
+in DOF_core.add_ml_invariant bind (DOF_core.make_ml_invariant (exec, cid_long)) thy end
+\<close>
+
+text\<open>The checker \<open>exec\<close> above is set. Just used to provoke output: "sample echo : b"\<close>
+text*[b::A, x = "5"] \<open> Lorem ipsum dolor sit amet, ... \<close>
+
+text\<open>Setting a sample invariant, referring to attribute value "x":\<close>
+setup\<open>
+fn thy =>
+let fun check_A_invariant oid {is_monitor:bool} ctxt =
+      let val term =  ISA_core.compute_attr_access ctxt "x" oid NONE @{here} 
+          val (@{typ "int"},x_value) = HOLogic.dest_number term
+      in  if x_value > 5 then error("class A invariant violation") else true end
+    val cid_long = DOF_core.get_onto_class_name_global "A" thy    
+    val bind = Binding.name "Check_A_Invariant"
+in DOF_core.add_ml_invariant bind (DOF_core.make_ml_invariant (check_A_invariant, cid_long)) thy end
+\<close>
+
+(* borderline test *)
+text*[d0::A, x = "5"]            \<open>Lorem ipsum dolor sit amet, ...\<close>
+text-assert-error[d1::A, x = "6"]\<open>Lorem ipsum dolor sit amet, ...\<close>\<open>class A invariant violation\<close>
+
+subsection*[d::A, x = "4"] \<open> Lorem ipsum dolor sit amet, ... \<close>
+
+(* invariant still valid *)
+update_instance*[d::A, x += "1"]
+
+(* invariant no longer holds*)
+update_instance-assert-error[d::A, x += "1"]\<open>class A invariant violation\<close>
+
+
+section\<open>Example: Monitor Class Invariant\<close>
+
+text\<open>Of particular interest are class invariants attached to monitor classes: since the
+latter manage a trace-attribute, a class invariant on them can assure a global form of consistency. 
+It is possible to express:
+\<^item> that attributes of a document element must satisfy particular conditions depending on the
+  prior document elements --- as long they have been observed in a monitor.
+\<^item> non-regular properties on a trace not expressible in a regular expression 
+  (like balanced ness of opening and closing text elements)
+\<^item> etc.
+\<close>
+
+text\<open>A simple global trace-invariant is expressed in the following: it requires
+that instances of class C occur more often as those of class D; note that this is meant
+to take sub-classing into account:
+\<close>
+
+setup\<open>
+fn thy =>
+let fun check_M_invariant oid {is_monitor} ctxt =
+      let val term =  ISA_core.compute_attr_access ctxt "trace" oid NONE @{here} 
+          fun conv (\<^Const>\<open>Pair \<^typ>\<open>doc_class rexp\<close> \<^typ>\<open>string\<close>\<close>
+                      $ (\<^Const>\<open>Atom \<^typ>\<open>doc_class\<close>\<close> $ (\<^Const>\<open>mk\<close> $ s)) $ S) =
+            let val s' =  DOF_core.get_onto_class_name_global' (HOLogic.dest_string s) thy
+            in (s', HOLogic.dest_string S) end
+          val string_pair_list = map conv (HOLogic.dest_list term) 
+          val cid_list = map fst string_pair_list
+          val ctxt' = Proof_Context.init_global(Context.theory_of ctxt)
+          fun is_C x = DOF_core.is_subclass ctxt' x "Conceptual.C"
+          fun is_D x = DOF_core.is_subclass ctxt' x "Conceptual.D"
+          val n = length (filter is_C cid_list)
+          val m = length (filter is_D cid_list)
+      in  if m > n then error("class M invariant violation") else true end
+    val cid_long = DOF_core.get_onto_class_name_global "M" thy
+    val binding = Binding.name "Check_M_Invariant"
+in DOF_core.add_ml_invariant binding (DOF_core.make_ml_invariant (check_M_invariant, cid_long)) thy end
+\<close>
+
+
+section\<open>Example: Monitor Class Invariant\<close>
+
+open_monitor*[struct::M]
+                                   
+subsection*[a::A, x = "3"]       \<open> Lorem ipsum dolor sit amet, ... \<close>
+
+text*[c1::C, x = "''beta''"]     \<open> ... suspendisse non arcu malesuada mollis, nibh morbi, ...  \<close>
+
+text*[d1::E, a1 = "X3"]          \<open> ... phasellus amet id massa nunc, pede suscipit repellendus, ... \<close>
+    
+text*[c2:: C, x = "''delta''"]   \<open> ... in ut tortor eleifend augue pretium consectetuer...  \<close>
+
+subsection*[f::E]                \<open> Lectus accumsan velit ultrices, ... \<close>
+
+
+text-assert-error[f2::E]         \<open> Lectus accumsan velit ultrices, ... \<close>\<open>class M invariant violation\<close>
+
+
+ML\<open>val ctxt = @{context}
+   val term = ISA_core.compute_attr_access 
+                  (Context.Proof ctxt) "trace" "struct" NONE @{here} ;
+   fun conv (Const(@{const_name "Pair"},_) $ Const(s,_) $ S) = (s, HOLogic.dest_string S)
+   fun conv' (\<^Const>\<open>Pair \<^typ>\<open>doc_class rexp\<close> \<^typ>\<open>string\<close>\<close>
+                      $ (\<^Const>\<open>Atom \<^typ>\<open>doc_class\<close>\<close> $ (\<^Const>\<open>mk\<close> $ s)) $ S) =
+     let val s' =  DOF_core.get_onto_class_name_global' 
+                                     (HOLogic.dest_string s)
+                                     (Proof_Context.theory_of ctxt)
+     in (s', HOLogic.dest_string S) end
+   val string_pair_list = map conv' (HOLogic.dest_list term);
+   @{assert} (string_pair_list = 
+                     [("Conceptual.A", "a"), ("Conceptual.C", "c1"), 
+                      ("Conceptual.E", "d1"), ("Conceptual.C", "c2"),
+                      ("Conceptual.E", "f")])
+  \<close>
+
+
+close_monitor*[struct]
+
+
+end 
+  

Isabelle_DOF-Unit-Tests/Concept_High_Level_Invariants.thy

@@ -1,9 +1,52 @@
-chapter\<open>High level syntax Invariants\<close>
+(*************************************************************************
+ * Copyright (C) 
+ *               2019-2023 The University of Exeter 
+ *               2018-2023 The University of Paris-Saclay
+ *               2018      The University of Sheffield
+ *
+ * License:
+ *   This program can be redistributed and/or modified under the terms
+ *   of the 2-clause BSD-style license.
+ *
+ *   SPDX-License-Identifier: BSD-2-Clause
+ *************************************************************************)
 
-theory High_Level_Syntax_Invariants
+chapter\<open>High-level Class Invariants\<close>
+
+theory Concept_High_Level_Invariants
   imports "Isabelle_DOF.Isa_DOF"
+          "Isabelle_DOF_Unit_Tests_document"
+          TestKit
 begin
 
+section\<open>Test Purpose.\<close>
+text\<open>
+  Without invariants, ontological classes as such are too liberal in many situations.
+  Similarly to UML constraints, invariants or hand-programmed checking functions
+  can be added in ODL ontologies in order to constrain class instances or
+  (via monitor traces) impose structural constraints over an entire document.
+
+  While hand-programmed checking functions were tested in test-case 
+  \<^verbatim>\<open>Concept_Example_Low_Level_Invariant\<close>, in this text case, we test 
+  high-level invariants, i.e. data-constraints speicified as executable 
+  HOL-predicates in the @{theory_text \<open>invariant\<close>} clause of ODL definitions.
+
+  To enable the checking of the invariants, the \<open>invariants_checking\<close>
+  theory attribute must be set:\<close>
+
+
+section\<open>The Scenario.\<close>
+
+text\<open> This is merely an example that shows that the generated invariants
+      fit nicely together; i.e. allow for sensible consistency and invariant
+      preservation proofs related to ontological matchings. \<close>
+
+
+text\<open>Using HOL, we can define a mapping between two ontologies.
+  It is called ontology matching or ontology alignment.
+  Here is an example which show how to map two classes.
+  HOL also allows us to map the invariants (ontological rules) of the classes!\<close>
+
 text\<open>
   Ontological classes as described so far are too liberal in many situations.
   There is a first high-level syntax implementation for class invariants.
@@ -12,7 +55,7 @@ text\<open>
   theory attribute must be set:\<close>
 
 
-declare[[invariants_checking = true]]
+declare[[invariants_strict_checking = true]]
 
 text\<open>For example, let's define the following two classes:\<close>
 
@@ -47,6 +90,42 @@ text\<open>
   it inherits @{doc_class class_inv1} invariants.
   Hence the \<^term>\<open>int1\<close> invariant is checked when the instance @{docitem testinv2} is defined.\<close>
 
+text\<open>Test invariant for attributes of attributes: \<close>
+
+doc_class inv_test1 =
+  a :: int
+
+doc_class inv_test2 =
+  b :: "inv_test1"
+  c:: int
+  invariant inv_test2 :: "c \<sigma> = 1"
+  invariant inv_test2' :: "a (b \<sigma>) = 2"
+
+doc_class inv_test3 = inv_test1 +
+  b :: "inv_test1"
+  c:: int
+  invariant inv_test3 :: "a \<sigma> = 2"
+  invariant inv_test3' :: "a (b \<sigma>) = 2"
+
+doc_class inv_test4 = inv_test2 +
+  d :: "inv_test3"
+  invariant inv_test4 :: "a (inv_test2.b \<sigma>) = 2"
+  invariant inv_test4' :: "a (d \<sigma>) = 2"
+
+text*[inv_test1_instance::inv_test1, a=2]\<open>\<close>
+text*[inv_test3_instance::inv_test3, a=2, b="@{inv-test1 \<open>inv_test1_instance\<close>}" ]\<open>\<close>
+text*[inv_test4_instance::inv_test4, b="@{inv-test1 \<open>inv_test1_instance\<close>}"
+                                   , c=1, d="@{inv-test3 \<open>inv_test3_instance\<close>}"]\<open>\<close>
+
+text\<open>To support invariant on attributes in attributes
+and invariant on attributes of the superclasses,
+we check that the type of the attribute of the subclass is ground:\<close>
+ML\<open>
+val Type(st, [ty]) = \<^typ>\<open>inv_test1\<close>
+val Type(st', [ty']) = \<^typ>\<open>'a inv_test1_scheme\<close>
+val t = ty = \<^typ>\<open>unit\<close>
+\<close>
+
 text\<open>Now assume the following ontology:\<close>
 
 doc_class title =
@@ -71,7 +150,7 @@ doc_class introduction = text_section +
   authored_by :: "author set"  <= "UNIV" 
   uses :: "notion set"
   invariant author_finite :: "finite (authored_by \<sigma>)"
-  and force_level :: "the (level \<sigma>) > 1"
+  and force_level :: "(level \<sigma>) \<noteq> None \<and> the (level \<sigma>) > 1"
 
 doc_class claim = introduction +
   based_on :: "notion list"
@@ -104,6 +183,9 @@ declare[[invariants_checking_with_tactics = true]]
 
 text*[church::author, email="\<open>church@lambda.org\<close>"]\<open>\<close>
 
+text\<open>We can also reference instances of classes defined in parent theories:\<close>
+text*[church'::scholarly_paper.author, email="\<open>church'@lambda.org\<close>"]\<open>\<close>
+
 text*[resultProof::result, evidence = "proof", property="[@{thm \<open>HOL.refl\<close>}]"]\<open>\<close>
 text*[resultArgument::result, evidence = "argument"]\<open>\<close>
 
@@ -115,12 +197,25 @@ text\<open>The invariants \<^theory_text>\<open>author_finite\<close> and \<^the
 declare[[invariants_checking_with_tactics = true]]
 
 text*[curry::author, email="\<open>curry@lambda.org\<close>"]\<open>\<close>
+
 text*[introduction2::introduction, authored_by = "{@{author \<open>church\<close>}}", level = "Some 2"]\<open>\<close>
 (* When not commented, should violated the invariant:
-update_instance*[introduction2::introduction
-                  , authored_by := "{@{author \<open>church\<close>}}"
+update_instance*[introduction2::Introduction
+                  , authored_by := "{@{Author \<open>church\<close>}}"
                   , level := "Some 1"]
 *)
+text\<open>Use of the instance @{docitem_name "church'"}
+     to instantiate a \<^doc_class>\<open>scholarly_paper.introduction\<close> class:\<close>
+text*[introduction2'::scholarly_paper.introduction,
+      main_author = "Some @{scholarly-paper.author \<open>church'\<close>}", level = "Some 2"]\<open>\<close>
+
+value*\<open>@{scholarly-paper.author \<open>church'\<close>}\<close>
+value*\<open>@{author \<open>church\<close>}\<close>
+value*\<open>@{Concept-High-Level-Invariants.author \<open>church\<close>}\<close>
+
+value*\<open>@{scholarly-paper.author-instances}\<close>
+value*\<open>@{author-instances}\<close>
+value*\<open>@{Concept-High-Level-Invariants.author-instances}\<close>
 
 text*[introduction3::introduction, authored_by = "{@{author \<open>church\<close>}}", level = "Some 2"]\<open>\<close>
 text*[introduction4::introduction, authored_by = "{@{author \<open>curry\<close>}}", level = "Some 4"]\<open>\<close>
@@ -144,6 +239,6 @@ value*\<open>evidence @{result \<open>resultProof\<close>} = evidence @{result \
 
 declare[[invariants_checking_with_tactics = false]]
 
-declare[[invariants_checking = false]]
+declare[[invariants_strict_checking = false]]
 
 end

Isabelle_DOF-Unit-Tests/Concept_MonitorTest1.thy

@@ -0,0 +1,127 @@
+(*************************************************************************
+ * Copyright (C) 
+ *               2019-2023 The University of Exeter 
+ *               2018-2023 The University of Paris-Saclay
+ *               2018      The University of Sheffield
+ *
+ * License:
+ *   This program can be redistributed and/or modified under the terms
+ *   of the 2-clause BSD-style license.
+ *
+ *   SPDX-License-Identifier: BSD-2-Clause
+ *************************************************************************)
+
+chapter\<open>Testing Nested Monitors\<close>
+
+theory 
+  Concept_MonitorTest1
+  imports 
+  "Isabelle_DOF_Unit_Tests_document"
+  "Isabelle_DOF-Ontologies.Conceptual" (* we use the generic "Conceptual" ontology *)
+  TestKit
+begin
+
+section\<open>Test Purpose.\<close>
+text\<open> Creation of document parts that are controlled by (nested, locally defined) monitors. \<close>
+
+open_monitor*[aaa::Conceptual.M]  
+text*[test::A]\<open>For Test and Validation\<close>
+
+text\<open>Defining some document elements to be referenced in later on in another theory: \<close>
+text*[sdf]         \<open> Lorem ipsum ... \<close>         \<comment> \<open>anonymous reference, ignored by monitor.\<close>
+text*[sdfg :: F]   \<open> Lorem ipsum ...\<close>          \<comment> \<open>causes just warnings for invariant violations  
+                                                   due to non-strict checking mode\<close>
+close_monitor*[aaa]                            \<comment> \<open>causes warning: accept clause 1 
+                                                   not in final state .\<close>
+
+section\<open>A Local Monitor Class Definition\<close>
+
+doc_class test_monitor_free =
+  tmhd :: int
+doc_class test_monitor_head =
+  tmhd :: int
+doc_class test_monitor_A = test_monitor_head +
+  tmA :: int
+doc_class test_monitor_B = test_monitor_A +
+  tmB :: int
+doc_class test_monitor_C = test_monitor_A +
+  tmC :: int
+doc_class test_monitor_D = test_monitor_B +
+  tmD :: int
+doc_class test_monitor_E = test_monitor_D +
+  tmE :: int
+
+doc_class monitor_M =
+  tmM :: int
+  rejects "test_monitor_A"
+  accepts "test_monitor_head ~~ test_monitor_B ~~ test_monitor_C"
+
+section\<open>A more Complex Monitoring Example \<close>
+
+text\<open>Consult the status of the DOF engine:\<close>
+print_doc_classes
+print_doc_items
+
+
+
+declare[[free_class_in_monitor_checking]]
+
+open_monitor*[test_monitor_M::monitor_M]
+
+text*[testFree::test_monitor_free]\<open>...\<close>
+
+open_monitor*[test_monitor_M2::monitor_M]
+
+declare[[strict_monitor_checking]]
+text-assert-error[test_monitor_A1::test_monitor_A]\<open>\<close> 
+                  \<open>accepts clause 1 of monitor Concept_MonitorTest1.test_monitor_M rejected\<close>
+declare[[strict_monitor_checking=false]]
+text*[test_monitor_A1::test_monitor_A]\<open>\<close> \<comment> \<open>the same in non-strict monitor checking.\<close>
+declare[[free_class_in_monitor_strict_checking]]
+text-assert-error[testFree2::test_monitor_free]\<open>\<close>
+                  \<open>accepts clause 1 of monitor Concept_MonitorTest1.test_monitor_M not enabled\<close>
+declare[[free_class_in_monitor_strict_checking=false]]
+text*[test_monitor_head1::test_monitor_head]\<open>\<close>
+text*[testFree3::test_monitor_free]\<open>\<close>
+text*[test_monitor_B1::test_monitor_B]\<open>\<close>
+text*[testFree4::test_monitor_free]\<open>\<close>
+text*[test_monitor_D1::test_monitor_D]\<open>\<close>
+text*[testFree5::test_monitor_free]\<open>\<close>
+text*[test_monitor_C1::test_monitor_C]\<open>\<close>
+text*[testFree6::test_monitor_free]\<open>\<close>
+
+close_monitor*[test_monitor_M2]
+
+close_monitor*[test_monitor_M]
+
+declare[[free_class_in_monitor_checking = false]]
+
+text\<open>Consult the final status of the DOF engine:\<close>
+print_doc_classes
+print_doc_items
+
+ML\<open>
+val (oid, DOF_core.Instance {value, ...}) =
+    Name_Space.check (Context.Proof \<^context>) (DOF_core.get_instances \<^context>) ("aaa", Position.none)
+\<close>
+term*\<open>map fst @{trace-attribute \<open>test_monitor_M\<close>}\<close>
+value*\<open>map fst @{trace-attribute \<open>test_monitor_M\<close>}\<close>
+
+ML\<open>@{assert} ([("Conceptual.A", "test"), ("Conceptual.F", "sdfg")] =  @{trace_attribute aaa})       \<close>
+
+
+open_monitor*[test_monitor_M3::monitor_M]
+
+declare[[strict_monitor_checking]]
+text-assert-error[test_monitor_A2::test_monitor_A]\<open>\<close> 
+                  \<open>accepts clause 1 of monitor Concept_MonitorTest1.test_monitor_M3 rejected\<close>
+declare[[strict_monitor_checking=false]]
+text*[test_monitor_A3::test_monitor_A]\<open>\<close> \<comment> \<open>the same in non-strict monitor checking.\<close>
+declare[[free_class_in_monitor_strict_checking]]
+text-assert-error[testFree7::test_monitor_free]\<open>\<close>
+                  \<open>accepts clause 1 of monitor Concept_MonitorTest1.test_monitor_M3 not enabled\<close>
+declare[[free_class_in_monitor_strict_checking=false]]
+
+
+end 
+  

Isabelle_DOF-Unit-Tests/Concept_MonitorTest2.thy

@@ -0,0 +1,68 @@
+(*************************************************************************
+ * Copyright (C) 
+ *               2019-2023 The University of Exeter 
+ *               2018-2023 The University of Paris-Saclay
+ *               2018      The University of Sheffield
+ *
+ * License:
+ *   This program can be redistributed and/or modified under the terms
+ *   of the 2-clause BSD-style license.
+ *
+ *   SPDX-License-Identifier: BSD-2-Clause
+ *************************************************************************)
+
+chapter\<open>Testing Nested Monitors\<close>
+
+theory 
+  Concept_MonitorTest2
+  imports
+  Concept_MonitorTest1
+begin
+
+section\<open>Test Purpose.\<close>
+text\<open> Creation of document parts that are controlled by (nested, locally defined) monitors. \<close>
+
+doc_class test_monitor_B =
+  tmB :: int
+
+doc_class monitor_M =
+  tmM :: int
+  rejects "Concept_MonitorTest1.test_monitor_B"
+  accepts "test_monitor_E ~~ test_monitor_C"
+
+doc_class test_monitor_head =
+  tmhd :: int
+
+declare[[free_class_in_monitor_checking]]
+
+declare[[free_class_in_monitor_strict_checking]]
+text-assert-error[test_monitor_head1::test_monitor_head]\<open>\<close>
+                  \<open>accepts clause 1 of monitor Concept_MonitorTest1.test_monitor_M3 not enabled\<close>
+declare[[free_class_in_monitor_strict_checking=false]]
+text*[test_monitor_head2::Concept_MonitorTest1.test_monitor_head]\<open>\<close>
+
+open_monitor*[test_monitor_M3::monitor_M]
+
+text*[test_monitor_head3::Concept_MonitorTest1.test_monitor_head]\<open>\<close>
+text*[testFree3::test_monitor_free]\<open>\<close>
+declare[[strict_monitor_checking]]
+text-assert-error[test_monitor_B1::test_monitor_B]\<open>\<close>
+                  \<open>accepts clause 1 of monitor Concept_MonitorTest2.test_monitor_M3 rejected\<close>
+declare[[strict_monitor_checking=false]]
+text*[testFree4::test_monitor_free]\<open>\<close>
+declare[[strict_monitor_checking]]
+text-assert-error[test_monitor_D1::test_monitor_D]\<open>\<close>
+                  \<open>accepts clause 1 of monitor Concept_MonitorTest2.test_monitor_M3 rejected\<close>
+declare[[strict_monitor_checking=false]]
+text*[testFree5::test_monitor_free]\<open>\<close>
+text*[test_monitor_E1::test_monitor_E]\<open>\<close>
+text*[test_monitor_C1::test_monitor_C]\<open>\<close>
+text*[testFree6::test_monitor_free]\<open>\<close>
+
+close_monitor*[Concept_MonitorTest1.test_monitor_M3]
+
+close_monitor*[test_monitor_M3]
+
+declare[[free_class_in_monitor_checking = false]]
+
+end

Isabelle_DOF-Unit-Tests/Concept_OntoReferencing.thy

@@ -0,0 +1,177 @@
+(*************************************************************************
+ * Copyright (C) 
+ *               2019-2023 The University of Exeter 
+ *               2018-2023 The University of Paris-Saclay
+ *               2018      The University of Sheffield
+ *
+ * License:
+ *   This program can be redistributed and/or modified under the terms
+ *   of the 2-clause BSD-style license.
+ *
+ *   SPDX-License-Identifier: BSD-2-Clause
+ *************************************************************************)
+
+chapter\<open>Creating and Referencing Ontological Instances\<close>
+
+theory   Concept_OntoReferencing
+  imports   "TestKit"
+            "Isabelle_DOF_Unit_Tests_document"
+            "Isabelle_DOF-Ontologies.Conceptual" 
+begin
+
+section\<open>Test Purpose.\<close>
+text\<open> Creation of ontological instances along the \<^theory>\<open>Isabelle_DOF-Ontologies.Conceptual\<close> 
+Ontology. Emphasis is put on type-safe (ontologically consistent) referencing of text, code and
+proof elements. Some tests cover also the critical cases concerning name spaces of oid's. \<close>
+
+section\<open>Setting up a monitor.\<close>
+text\<open>\<^theory>\<open>Isabelle_DOF-Ontologies.Conceptual\<close> provides a monitor \<^typ>\<open>M\<close>  enforcing a 
+     particular document structure. Here, we say: From now on, this structural rules are 
+     respected wrt. all \<^theory_text>\<open>doc_classes M\<close> is enabled for.\<close>
+
+open_monitor*[struct::M]  
+
+section\<open>Defining Text Elements and Referring to them... \<close>
+
+text\<open> This uses elements of two ontologies, notably 
+      \<^theory>\<open>Isabelle_DOF-Ontologies.Conceptual\<close> and \<^theory>\<open>Isabelle_DOF.Isa_COL\<close>.\<close>
+
+(*<*)
+
+title*[ag::title, short_title="Some\<open>ooups.\<close>"]\<open>Lorem ipsum dolor sit amet ...\<close>
+subtitle*[af::subtitle, abbrev = "Some\<open>ooups-oups.\<close>"]\<open>Lorem ipsum dolor sit amet ...\<close>
+chapter*[a0::A, x = "3"]   \<open> Lorem ipsum dolor sit amet ... \<close>
+section*[a::A, x = "3"]         \<open> Lorem ipsum dolor sit amet, ... \<close>
+subsection*[ab::A, x = "3"]     \<open> Lorem ipsum dolor sit amet, ... 
+                                  As mentioned in the @{title \<open>ag\<close>}... \<close> \<comment> \<open>old-style and ...\<close>
+subsubsection*[ac::A, x = "3"]  \<open> Lorem ipsum dolor sit amet, ... 
+                                  As mentioned in the \<^title>\<open>ag\<close>\<close>    \<comment> \<open>new-style references to
+                                                                          ontological instances 
+                                                                          assigned to text 
+                                                                          elements ...\<close>
+
+
+text\<open>Meta-Objects are typed, and references have to respect this : \<close>
+text-assert-error[ad]\<open> \<^title>\<open>a\<close> \<close>    \<open>reference ontologically inconsistent\<close>
+text-assert-error[ae]\<open> \<^title>\<open>af\<close> \<close>\<open>reference ontologically inconsistent\<close> 
+                       \<comment> \<open>erroneous reference: please consider class hierarchy!\<close>
+(*>*)
+
+text\<open>References to Meta-Objects can be forward-declared:\<close>
+
+text-assert-error[ae1]\<open>@{C \<open>c1\<close>}\<close>\<open>Undefined instance:\<close>
+
+declare_reference*[c1::C]     \<comment> \<open>forward declaration\<close>
+
+text-assert-error\<open>@{C \<open>c1\<close>} \<close>\<open>Instance declared but not defined, try option unchecked\<close>
+
+text\<open>@{C (unchecked) \<open>c1\<close>} \<close>
+
+text*[a1::A, level="Some 0", x = 3]\<open>... phasellus amet id massa nunc, ...\<close>
+text*[c1::C, x = "''beta''"] \<open> ... suspendisse non arcu malesuada mollis, nibh morbi, ...  \<close>
+
+text-assert-error[c1::C, x = "''gamma''"] 
+                             \<open> ... suspendisse non arcu malesuada mollis, nibh morbi, ...  \<close>
+                             \<open>Duplicate instance declaration\<close>
+
+\<comment> \<open>Referencing from a text context:\<close>
+text*[d::D, a1 = "X3"] \<open> ... phasellus amet id massa nunc, pede suscipit repellendus, 
+                         ... @{C "c1"} or @{C \<open>c1\<close>} or \<^C>\<open>c1\<close>
+                             similar to @{thm "refl"} and \<^thm>"refl"\<close>  \<comment> \<open>ontological and built-in
+                                                                          references\<close>
+
+text\<open>Not only text-elements are "ontology-aware", proofs and code can this be too !\<close>
+
+\<comment> \<open>Referencing from and to a ML-code context:\<close>
+
+ML*[c4::C, z = "Some @{A \<open>a1\<close>}"]\<open>
+fun fac x = if x  = 0  then 1 else x * (fac(x-1))
+val v = \<^value_>\<open>A.x (the (z @{C \<open>c4\<close>}))\<close> |> HOLogic.dest_number |> snd |> fac
+\<close>
+
+definition*[a2::A, x=5, level="Some 1"] xx' where "xx' \<equiv> A.x @{A \<open>a1\<close>}" if "A.x @{A \<open>a1\<close>} = 5"
+
+lemma*[e5::E] testtest : "xx + A.x @{A \<open>a1\<close>} = yy + A.x @{A \<open>a1\<close>} \<Longrightarrow> xx = yy" by simp
+
+doc_class cc_assumption_test =
+a :: int
+text*[cc_assumption_test_ref::cc_assumption_test]\<open>\<close>
+
+definition tag_l :: "'a \<Rightarrow> 'b \<Rightarrow> 'b" where "tag_l \<equiv> \<lambda>x y. y"
+
+lemma* tagged : "tag_l @{cc-assumption-test \<open>cc_assumption_test_ref\<close>} AA \<Longrightarrow> AA"
+  by (simp add: tag_l_def)
+
+find_theorems name:tagged "(_::cc_assumption_test \<Rightarrow> _ \<Rightarrow> _) _ _ \<Longrightarrow>_"
+
+declare_reference-assert-error[c1::C]\<open>Duplicate instance declaration\<close>     \<comment> \<open>forward declaration\<close>
+
+declare_reference*[e6::E] 
+(*<*)  (* pdf GENERATION NEEDS TO BE IMPLEMENTED IN FRONT AND BACKEND *)
+text\<open>This is the answer to the "OutOfOrder Presentation Problem": @{E (unchecked) \<open>e6\<close>} \<close>
+
+definition*[e6::E] facu :: "nat \<Rightarrow> nat" where "facu arg = undefined"
+
+text\<open>As shown in @{E \<open>e5\<close>} following from  @{E \<open>e6\<close>}\<close> 
+
+
+text\<open>As shown in @{C \<open>c4\<close>}\<close>
+(*>*)
+
+
+
+text\<open>Ontological information ("class instances") is mutable: \<close>
+
+update_instance*[d::D, a1 := X2]
+(*<*)
+text\<open> ... in ut tortor ... @{docitem \<open>a\<close>} ... @{A \<open>a\<close>} ... \<close> \<comment> \<open>untyped or typed referencing \<close>
+(*>*)
+text-assert-error[ae::text_element]\<open>the function @{C [display] "c4"} \<close>\<open>referred text-element is no macro!\<close>
+
+text*[c2::C, x = "\<open>delta\<close>"]  \<open> ... in ut tortor eleifend augue pretium consectetuer.  \<close>
+
+text\<open>Note that both the notations @{term "''beta''"} and @{term "\<open>beta\<close>"} are possible;
+the former is a more ancient format only supporting pure ascii, while the latter also supports
+fancy unicode such as: @{term "\<open>\<beta>\<^sub>i''\<close>"} \<close>
+
+text*[f::F] \<open> Lectus accumsan velit ultrices, ... \<close>
+  
+theorem some_proof : "True" by simp
+
+text\<open>This is an example where we add a theorem into a kind of "result-list" of the doc-item f.\<close>
+update_instance*[f::F,r:="[@{thm ''Concept_OntoReferencing.some_proof''}]"]
+(*<*)
+text\<open> ..., mauris amet, id elit aliquam aptent id,  ... @{docitem \<open>a\<close>} \<close>
+(*>*)
+text\<open>Here we add and maintain a link that is actually modeled as m-to-n relation ...\<close>
+update_instance*[f::F,b:="{(@{docitem  \<open>a\<close>}::A,@{docitem  \<open>c1\<close>}::C), 
+                           (@{docitem  \<open>a\<close>},   @{docitem  \<open>c2\<close>})}"] 
+
+section\<open>Closing the Monitor and testing the Results.\<close>
+
+close_monitor*[struct]
+
+text\<open>And the trace of the monitor is:\<close>
+ML\<open>val trace = @{trace_attribute struct}\<close>
+ML\<open>@{assert} (trace = 
+   [("Conceptual.A", "a0"), ("Conceptual.A", "a"), ("Conceptual.A", "ab"),
+    ("Conceptual.A", "ac"), ("Conceptual.A", "a1"),
+    ("Conceptual.C", "c1"), ("Conceptual.D", "d"), ("Conceptual.C", "c4"),
+    ("Conceptual.A", "a2"), ("Conceptual.E", "e5"), 
+    ("Conceptual.E", "e6"), ("Conceptual.C", "c2"), ("Conceptual.F", "f")]) \<close>
+
+
+text\<open>Note that the monitor \<^typ>\<open>M\<close> of the ontology \<^theory>\<open>Isabelle_DOF-Ontologies.Conceptual\<close> does
+     not observe the common entities of \<^theory>\<open>Isabelle_DOF.Isa_COL\<close>, but just those defined in the 
+     accept- clause of \<^typ>\<open>M\<close>.\<close>
+
+text\<open>One final check of the status DOF core: observe that no new classes have been defined,
+     just a couple of new document elements have been introduced.\<close>
+
+print_doc_classes
+print_doc_items
+
+
+
+end 
+  

Isabelle_DOF-Unit-Tests/Concept_TermAntiquotations.thy

@@ -0,0 +1,183 @@
+(*************************************************************************
+ * Copyright (C) 
+ *               2019-2023 The University of Exeter 
+ *               2018-2023 The University of Paris-Saclay
+ *               2018      The University of Sheffield
+ *
+ * License:
+ *   This program can be redistributed and/or modified under the terms
+ *   of the 2-clause BSD-style license.
+ *
+ *   SPDX-License-Identifier: BSD-2-Clause
+ *************************************************************************)
+
+chapter\<open>Term Antiquotations\<close>
+
+text\<open>Terms are represented by "Inner Syntax" parsed by an Earley parser in Isabelle.
+For historical reasons, \<^emph>\<open>term antiquotations\<close> are called therefore somewhat misleadingly
+"Inner Syntax Antiquotations". \<close>
+
+theory 
+  Concept_TermAntiquotations
+imports 
+  "Isabelle_DOF_Unit_Tests_document"
+  "Isabelle_DOF-Ontologies.Conceptual"
+   TestKit
+begin
+
+section\<open>Context\<close>
+
+text\<open>Since the syntax chosen for values of doc-class attributes is HOL-syntax --- requiring
+a fast read on the ``What's in Main''-documentation, but not additional knowledge on, say, 
+SML --- an own syntax for references to types, terms, theorems, etc. are necessary. These are 
+the ``Term Antiquotations'' (in earlier papers also called: ``Inner Syntax Antiquotations'').
+
+They are the key-mechanism to denote 
+\<^item> Ontological Links, i.e. attributes refering to document classes defined by the ontology
+\<^item> Ontological F-Links, i.e. attributes referring to formal entities inside Isabelle (such as thm's)
+
+This file contains a number of examples resulting from the 
+@{theory "Isabelle_DOF-Ontologies.Conceptual"} - ontology; the emphasis of this presentation is to 
+present the expressivity of ODL on a paradigmatical example.
+\<close>
+
+
+section\<open>Test Purpose.\<close>
+
+text\<open>Testing Standard Term-Antiquotations and Code-Term-Antiquotations. \<close>
+
+text\<open>Just a check of the status DOF core: observe that no new classes have been defined.\<close>
+
+print_doc_classes
+print_doc_items
+
+
+section\<open>Term-Antiquotations Referring to \<^verbatim>\<open>thm\<close>‘s\<close>
+
+text\<open>Some sample lemma:\<close>
+lemma*[l::E] murks : "Example = @{thm ''refl''}" oops
+
+text-assert-error\<open>... @{E "l"}\<close>\<open>Undefined instance:\<close>   \<comment> \<open>oops retracts the ENTIRE system state,
+                                                          thus also the creation of an instance of E\<close>
+
+lemma*[l::E] local_sample_lemma : 
+       "@{thm \<open>refl\<close>} = @{thm ''refl''}" by simp
+                                                       \<comment> \<open>un-evaluated references are similar to
+                                                           uninterpreted constants. Not much is known
+                                                           about them, but that doesn't mean that we
+                                                           can't prove some basics over them...\<close>
+
+
+lemma*[l2::E] local_sample_lemma2 :
+      "@{thm ''local_sample_lemma''} = @{thm ''local_sample_lemma''}" by simp
+
+
+value*\<open>@{thm ''local_sample_lemma''}\<close>
+value-assert-error\<open> @{thm \<open>Conxept_TermAntiquotations.local_sample_lemma\<close>}\<close>\<open>Undefined fact\<close>
+
+section\<open>Testing the Standard ("Built-in") Term-Antiquotations\<close>
+
+text\<open>Example for a meta-attribute of ODL-type @{typ "file"} with an 
+     appropriate ISA for the file @{file "Concept_TermAntiquotations.thy"}\<close>
+
+
+
+text*[xcv1::A, x=5]\<open>Lorem ipsum ...\<close>
+text*[xcv3::A, x=7]\<open>Lorem ipsum ...\<close>
+
+text\<open>Example for a meta-attribute of ODL-type @{typ "typ"} with an appropriate ISA for the
+     theorem @{thm "refl"}\<close>
+text*[xcv2::C, g="@{thm ''HOL.refl''}"]\<open>Lorem ipsum ...\<close>
+
+text\<open>A warning about the usage of the \<open>docitem\<close> TA:
+The \<open>docitem\<close> TA offers a way to check the reference of class instances
+without checking the instances type.
+So one will be able to reference \<open>docitem\<close>s (class instances) and have them checked,
+without the burden of the type checking required otherwise.
+But it may give rise to unwanted behaviors, due to its polymorphic type.
+It must not be used for certification.
+\<close>
+
+section\<open>Other Built-In Term Antiquotations\<close>
+text-assert-error[ae::text_element]\<open>@{file "non-existing.thy"}\<close>\<open>No such file: \<close>
+text\<open>A text-antiquotation from Main: @{file "TestKit.thy"}\<close>
+
+value-assert-error\<open>@{file \<open>non-existing.thy\<close>}\<close>\<open>No such file: \<close>
+value*\<open>@{file \<open>TestKit.thy\<close>}\<close>
+
+text*[xcv::F, u="@{file ''TestKit.thy''}"]\<open>Lorem ipsum ...\<close>
+
+
+value*\<open>@{term \<open>aa + bb\<close>}\<close>
+value*\<open>@{typ \<open>'a list\<close>}\<close>
+
+
+section\<open>Putting everything together\<close>
+
+text\<open>Major sample: test-item of doc-class \<open>F\<close> with a relational link between class instances, 
+     and links to formal Isabelle items like \<open>typ\<close>, \<open>term\<close> and \<open>thm\<close>. \<close>
+text*[xcv4::F, r="[@{thm ''HOL.refl''}, 
+                   @{thm \<open>Concept_TermAntiquotations.local_sample_lemma\<close>}]", (* long names required *)
+               b="{(@{docitem ''xcv1''},@{docitem \<open>xcv2\<close>})}",  (* notations \<open>...\<close> vs. ''...'' *)
+               s="[@{typ \<open>int list\<close>}]",                        
+               properties = "[@{term \<open>H \<longrightarrow> H\<close>}]"              (* notation \<open>...\<close> required for UTF8*)
+]\<open>Lorem ipsum ...\<close>
+
+text*[xcv5::G, g="@{thm \<open>HOL.sym\<close>}"]\<open>Lorem ipsum ...\<close>
+
+text\<open>... and here we add a relation between @{docitem \<open>xcv3\<close>} and @{docitem \<open>xcv2\<close>} 
+into the relation \verb+b+ of @{docitem \<open>xcv5\<close>}. Note that in the link-relation,
+a @{typ "C"}-type is required, but a  @{typ "G"}-type is offered which is legal in
+\verb+Isa_DOF+ because of the sub-class relation between those classes: \<close>
+update_instance*[xcv4::F, b+="{(@{docitem ''xcv3''},@{docitem ''xcv5''})}"]
+
+text\<open>And here is the results of some ML-term antiquotations:\<close>
+ML\<open> @{docitem_attribute b::xcv4} \<close>
+ML\<open> @{docitem xcv4}              \<close>
+ML\<open> @{docitem_name xcv4}         \<close>
+
+text\<open>Now we might need to reference a class instance in a term command and we would like
+Isabelle to check that this instance is indeed an instance of this class.
+Here, we want to reference the instance @{docitem_name "xcv4"} previously defined.
+We can use the term* command which extends the classic term command
+and does the appropriate checking.\<close>
+term*\<open>@{F \<open>xcv4\<close>}\<close>
+
+text\<open>We can also reference an attribute of the instance.
+Here we reference the attribute r of the class F which has the type @{typ \<open>thm list\<close>}.\<close>
+term*\<open>r @{F \<open>xcv4\<close>}\<close>
+
+text\<open>We declare a new text element. Note that the class name contains an underscore "\_".\<close>
+text*[te::text_element]\<open>Lorem ipsum...\<close>
+
+text\<open>Unfortunately due to different lexical conventions for constant symbols and mixfix symbols
+     this term antiquotation has to be denoted like this: @{term_ \<open>@{text-element \<open>te\<close>}\<close>}.
+     We need to substitute an hyphen "-" for the underscore "\_".\<close>
+term*\<open>@{text-element \<open>te\<close>}\<close>
+
+text\<open>Terms containing term antiquotations can be checked and evaluated
+using \<^theory_text>\<open>term_\<close> and \<^theory_text>\<open>value_\<close> text antiquotations respectively:
+We can print the term @{term_ \<open>r @{F \<open>xcv4\<close>}\<close>} with \<open>@{term_ \<open>r @{F \<open>xcv4\<close>}\<close>}\<close>
+or get the value of the \<^const>\<open>F.r\<close> attribute of @{docitem \<open>xcv4\<close>} with \<open>@{value_ \<open>r @{F \<open>xcv4\<close>}\<close>}\<close>
+\<^theory_text>\<open>value_\<close> may have an optional argument between square brackets to specify the evaluator but this
+argument must be specified after a default optional argument already defined
+by the text antiquotation implementation.
+So one must use the following syntax if he does not want to specify the first optional argument:
+\<open>@{value_ [] [nbe] \<open>r @{F \<open>xcv4\<close>}\<close>}\<close>. Note the empty brackets.
+
+\<close>
+
+text\<open>There also are \<^theory_text>\<open>term_\<close> and \<^theory_text>\<open>value_\<close> ML antiquotations:
+\<^ML>\<open>@{term_ \<open>r @{F \<open>xcv4\<close>}\<close>}\<close> will return the ML representation of the term \<^term_>\<open>r @{F \<open>xcv4\<close>}\<close>,
+and \<^ML>\<open>@{value_ \<open>r @{F \<open>xcv4\<close>}\<close>}\<close> will return the ML representation
+of the value of the \<^const>\<open>F.r\<close> attribute of @{docitem \<open>xcv4\<close>}.
+\<^theory_text>\<open>value_\<close> may have an optional argument between square brackets to specify the evaluator:
+\<close>
+
+ML\<open>
+val t = @{term_ \<open>r @{F \<open>xcv4\<close>}\<close>}
+val tt = @{value_ [nbe] \<open>r @{F \<open>xcv4\<close>}\<close>}
+\<close>
+
+end
+

Isabelle_DOF-Unit-Tests/Concept_TermEvaluation.thy

@@ -1,27 +1,47 @@
-chapter\<open>Evaluation\<close>
+(*************************************************************************
+ * Copyright (C) 
+ *               2019-2023 The University of Exeter 
+ *               2018-2023 The University of Paris-Saclay
+ *               2018      The University of Sheffield
+ *
+ * License:
+ *   This program can be redistributed and/or modified under the terms
+ *   of the 2-clause BSD-style license.
+ *
+ *   SPDX-License-Identifier: BSD-2-Clause
+ *************************************************************************)
 
-text\<open>Term Annotation Antiquotations (TA) can be evaluated with the help of the value* command.\<close>
+chapter\<open>Term-Antiquotation Expansions and Evaluation\<close>
 
 theory 
-  Evaluation
+  Concept_TermEvaluation
 imports 
-  "Isabelle_DOF-tests.TermAntiquotations"
-  "Isabelle_DOF-tests.High_Level_Syntax_Invariants"
-begin
+  "Isabelle_DOF-Unit-Tests.Concept_TermAntiquotations"
+  "Isabelle_DOF-Unit-Tests.Concept_High_Level_Invariants"
+  TestKit
+begin 
+
+section\<open>Test Purpose.\<close>
+text\<open> Creation of ontological instances along the \<^theory>\<open>Isabelle_DOF-Ontologies.Conceptual\<close> 
+Ontology. Emphasis is put on type-safe (ontologically consistent) referencing of text, code and
+proof elements. Some tests cover also the critical cases concerning name spaces of oid's. \<close>
+
 
 section\<open>\<^theory_text>\<open>ML*\<close>-Annotated SML-commands\<close>
-ML*[the_function::B,x=\<open>\<open>dfg\<close>\<close>]\<open>fun fac x = if x = 0 then 1 else x * fac(x-1);
-                               val t = @{const_name "List.Nil"}\<close>
+(*<*)
+ML*[thefunction::B,x=\<open>\<open>dfg\<close>\<close>]\<open>fun fac x = if x = 0 then 1 else x * fac(x-1);
+                               val t = \<^value_>\<open>x @{B \<open>thefunction\<close>}\<close>\<close>
 ML\<open>fac 5; t\<close> \<comment> \<open>this is a test that ML* is actually evaluated and the 
                  resulting toplevel state is preserved.\<close>
-ML*\<open>3+4\<close>     \<comment> \<open>meta-args are optional\<close> 
+text*[the::C]\<open> @{B "thefunction"} \<close>
+text\<open>... and here we reference @{B \<open>thefunction\<close>}.\<close>
+(*>*)
 
-text-macro*[the::C]\<open> @{B [display] "the_function"} \<close>
 
-text\<open>... and here we reference @{B [display] \<open>the_function\<close>}.\<close>
 
-section\<open>\<^theory_text>\<open>value*\<close>-Annotated evaluation-commands\<close>
+section\<open>Term-Annotation and its Evaluation\<close>
 
+text\<open>Term Annotation Antiquotations (TA) can be evaluated with the help of the value* command.\<close>
 
 text\<open>The value* command uses the same code as the value command
 and adds the possibility to evaluate Term Annotation Antiquotations (TA).
@@ -33,16 +53,9 @@ Some built-ins remain as unspecified constants:
 \<^item> the docitem TA offers a way to check the reference of class instances
   without checking the instances type.
   It must be avoided for certification
-\<^item> the termrepr TA is left as unspecified constant for now.
-   A major refactoring of code should be done to enable
-  referential equivalence for termrepr, by changing the dependency
-  between the Isa_DOF theory and the Assert theory.
-  The assert_cmd function in Assert should use the value* command
-  functions, which make the elaboration of the term
-  referenced by the TA before passing it to the evaluator
 
 We also have the possibility to make some requests on classes instances, i.e. on docitems
-by specifying the doc_class.
+by specifying the doc class.
 The TA denotes the HOL list of the values of the instances.
 The value of an instance is the record of every attributes of the instance.
 This way, we can use the usual functions on lists to make our request.
@@ -52,11 +65,11 @@ of the current implementation.
 \<close>
 
 section\<open>Term Annotation evaluation\<close>
-
+(*<*)
 text\<open>We can validate a term with TA:\<close>
 term*[axx::A]\<open>@{thm \<open>HOL.refl\<close>}\<close>
 
-text\<open>check : @{A [display] "axx"}\<close>
+text\<open>check : @{A "axx"}\<close>
 
 text\<open>Now we can evaluate a term with TA:
 the current implementation return the term which references the object referenced by the TA.
@@ -66,8 +79,8 @@ value*\<open>@{thm \<open>HOL.refl\<close>}\<close> \<comment> \<open>syntax che
 
 value*[axxx::A]\<open>@{thm \<open>HOL.refl\<close>}\<close> \<comment> \<open>defining a reference of class A\<close> 
 
-text\<open>check : @{A [display] "axxx"}\<close> \<comment> \<open>using it\<close> 
-
+text\<open>check : @{A "axxx"}\<close> \<comment> \<open>using it\<close> 
+(*>*)
 text\<open>An instance class is an object which allows us to define the concepts we want in an ontology.
 It is a concept which will be used to implement an ontology. It has roughly the same meaning as
 an individual in an OWL ontology.
@@ -76,14 +89,11 @@ an instance of the class @{doc_class A}:
 \<close>
 term*\<open>@{A \<open>xcv1\<close>}\<close>
 
-text\<open>The instance class @{docitem \<open>xcv1\<close>} is not an instance of the class @{doc_class B}:
-\<close>
-(* Error:
-term*\<open>@{B \<open>xcv1\<close>}\<close>*)
+text\<open>The instance class @{docitem \<open>xcv1\<close>} is not an instance of the class @{doc_class B}:\<close>
+value-assert-error\<open>@{B \<open>xcv1\<close>}\<close>\<open>xcv1 is not an instance of Conceptual.B\<close>
 
 text\<open>We can evaluate the instance class. The current implementation returns
-the value of the instance, i.e. a collection of every attribute of the instance: 
-\<close>
+the value of the instance, i.e. a collection of every attribute of the instance: \<close>
 value*\<open>@{A \<open>xcv1\<close>}\<close>
 
 text\<open>We can also get the value of an attribute of the instance:\<close>
@@ -102,30 +112,27 @@ text\<open>Some terms can be validated, i.e. the term will be checked,
 and the existence of every object referenced by a TA will be checked,
 and can be evaluated by using referential equivalence.
 The existence of the instance @{docitem \<open>xcv4\<close>} can be validated,
-and the fact that it is an instance of the class @{doc_class F} } will be checked:\<close>
+and the fact that it is an instance of the class @{doc_class F} will be checked:\<close>
 term*\<open>@{F \<open>xcv4\<close>}\<close>
 
 text\<open>We can also evaluate the instance @{docitem \<open>xcv4\<close>}.
 The attribute \<open>b\<close> of the instance @{docitem \<open>xcv4\<close>} is of type @{typ "(A \<times> C) set"}
 but the instance @{docitem \<open>xcv4\<close>} initializes the attribute by using the \<open>docitem\<close> TA.
 Then the instance can be evaluate but only the references of the classes of the set
-used in the \<open>b\<close> attribute will be checked, and the type of these classes will not:
-\<close>
+used in the \<open>b\<close> attribute will be checked, and the type of these classes will not:\<close>
 value* \<open>@{F \<open>xcv4\<close>}\<close>
 
+
 text\<open>If we want the classes to be checked,
 we can use the TA which will also check the type of the instances.
-The instance @{A \<open>xcv3\<close>} is of type @{typ "A"} and the instance @{C \<open>xcv2\<close>} is of type @{typ "C"}:
-\<close>
+The instance @{A \<open>xcv3\<close>} is of type @{typ "A"} and the instance @{C \<open>xcv2\<close>} is of type @{typ "C"}:\<close>
 update_instance*[xcv4::F, b+="{(@{A ''xcv3''},@{C ''xcv2''})}"]
 
 text\<open>Using a TA in terms is possible, and the term is evaluated:\<close>
 value*\<open>[@{thm \<open>HOL.refl\<close>}, @{thm \<open>HOL.refl\<close>}]\<close>
 value*\<open>@{thm ''HOL.refl''} = @{thm (''HOL.refl'')}\<close>
 
-ML\<open>
-@{thm "refl"}
-\<close>
+ML\<open>@{thm "refl"}\<close>
 
 section\<open>Request on instances\<close>
 
@@ -151,45 +158,55 @@ value*\<open>filter (\<lambda>\<sigma>. Z.z \<sigma> > 2) @{Z-instances} = [@{Z
 text\<open>Now, we want to get all the instances of the @{doc_class A}\<close>
 value*\<open>@{A-instances}\<close>
 
+(*<*)
 text\<open>Warning: If you make a request on attributes that are undefined in some instances,
 you will get a result which includes these unresolved cases.
 In the following example, we request the instances of the @{doc_class A}.
-But we have defined an instance @{docitem \<open>test\<close>} in theory @{theory Isabelle_DOF.Conceptual}
+But we have defined an instance @{docitem \<open>sdf\<close>} in theory @{theory "Isabelle_DOF-Ontologies.Conceptual"}
 whose our theory inherits from, and this docitem instance does not initialize its attribute \<^emph>\<open>x\<close>.
 So in the request result we get an unresolved case because the evaluator can not get
-the value of the \<^emph>\<open>x\<close> attribute of the instance @{docitem \<open>test\<close>}:\<close>
+the value of the \<^emph>\<open>x\<close> attribute of the instance @{docitem \<open>sdf\<close>}:\<close>
 value*\<open>filter (\<lambda>\<sigma>. A.x \<sigma> > 5) @{A-instances}\<close>
-
+(*>*)
 section\<open>Limitations\<close>
 
 text\<open>There are still some limitations.
-The terms passed as arguments to the TA are not simplified and their evaluation fails:
+The terms passed as arguments to a TA are not simplified \<open>before\<close> expansion
+and their evaluation therefore fails:
 \<close>
-(* Error:
-value*\<open>@{thm (''HOL.re'' @ ''fl'')}\<close>
-value*\<open>@{thm ''HOL.refl''} = @{thm (''HOL.re'' @ ''fl'')}\<close>*)
+
+value\<open>@{thm (''HOL.re'' @ ''fl'')}\<close>
+value-assert-error\<open>@{thm (''HOL.re'' @ ''fl'')}\<close>
+                  \<open>wrong term format: must be string constant\<close>
+value-assert-error\<open>@{thm ''HOL.refl''} = @{thm (''HOL.re'' @ ''fl'')}\<close>
+                  \<open>wrong term format: must be string constant\<close>
 
 text\<open>The type checking is unaware that a class is subclass of another one.
 The @{doc_class "G"} is a subclass of the class @{doc_class "C"}, but one can not use it
 to update the instance @{docitem \<open>xcv4\<close>}:
 \<close>
-(* Error:
-update_instance*[xcv4::F, b+="{(@{A ''xcv3''},@{G ''xcv5''})}"]*)
+
+update_instance-assert-error[xcv4::F, b+="{(@{A ''xcv3''},@{G ''xcv5''})}"]
+                  \<open>type of attribute: Conceptual.F.b does not fit to term\<close>
 
 
 section\<open>\<^theory_text>\<open>assert*\<close>-Annotated assertion-commands\<close>
 
 text\<open>The \<^emph>\<open>assert*\<close>-command allows for logical statements to be checked in the global context.
-It uses the same implementation as the \<^emph>\<open>value*\<close>-command and has the same limitations.
+Recall that it uses the same mechanism as the \<^emph>\<open>value*\<close>-command but requires that the evaluation 
+reduces the argument term to true.
+Consequently, it has the same limitations as \<^emph>\<open>value*\<close>.
 \<close>
 
-text\<open>Using the ontology defined in \<^theory>\<open>Isabelle_DOF-tests.High_Level_Syntax_Invariants\<close>
+text\<open>Using the ontology defined in \<^theory>\<open>Isabelle_DOF-Unit-Tests.Concept_High_Level_Invariants\<close>
 we can check logical statements:\<close>
 
-term*\<open>authored_by @{introduction \<open>introduction2\<close>} = authored_by @{introduction \<open>introduction3\<close>}\<close>
-assert*\<open>authored_by @{introduction \<open>introduction2\<close>} = authored_by @{introduction \<open>introduction3\<close>}\<close>
-assert*\<open>\<not>(authored_by @{introduction \<open>introduction2\<close>}
-          = authored_by @{introduction \<open>introduction4\<close>})\<close>
+term*\<open>authored_by @{Concept-High-Level-Invariants.introduction \<open>introduction2\<close>}
+      = authored_by @{Concept-High-Level-Invariants.introduction \<open>introduction3\<close>}\<close>
+assert*\<open>authored_by @{Concept-High-Level-Invariants.introduction \<open>introduction2\<close>}
+        = authored_by @{Concept-High-Level-Invariants.introduction \<open>introduction3\<close>}\<close>
+assert*\<open>\<not>(authored_by @{Concept-High-Level-Invariants.introduction \<open>introduction2\<close>}
+          = authored_by @{Concept-High-Level-Invariants.introduction \<open>introduction4\<close>})\<close>
 
 text\<open>Assertions must be boolean expressions, so the following assertion triggers an error:\<close>
 (* Error:
@@ -202,9 +219,25 @@ assert*\<open>{@{author \<open>curry\<close>}} = {@{author \<open>church\<close>
 term*\<open>property @{result \<open>resultProof\<close>} = property @{result \<open>resultProof2\<close>}\<close>
 assert*[assertionA::A]\<open>\<not> property @{result \<open>resultProof\<close>} = property @{result \<open>resultProof2\<close>}\<close>
 
-text-macro*[assertionAA::A]\<open>@{A [display] "assertionA"}\<close> 
-text\<open>... and here we reference @{A [display] \<open>assertionA\<close>}.\<close>
-
+(*<*)
+text*[assertionAA::A]\<open>@{A "assertionA"}\<close> 
+text\<open>... and here we reference @{A \<open>assertionA\<close>}.\<close>
+(*>*)
 assert*\<open>evidence @{result \<open>resultProof\<close>} = evidence @{result \<open>resultProof2\<close>}\<close>
 
+text\<open>The optional evaluator of \<open>value*\<close> and \<open>assert*\<close> must be specified after the meta arguments:\<close>
+value* [optional_test_A::A, x=6] [nbe] \<open>filter (\<lambda>\<sigma>. A.x \<sigma> > 5) @{A-instances}\<close>
+
+assert* [resultProof3::result, evidence = "proof", property="[@{thm \<open>HOL.sym\<close>}]"] [nbe]
+        \<open>evidence @{result \<open>resultProof3\<close>} = evidence @{result \<open>resultProof2\<close>}\<close>
+
+text\<open>
+The evaluation of @{command "assert*"} can be disabled
+using the *\<open>disable_assert_evaluation\<close> theory attribute.
+Then only the checking of the term is done:
+\<close>
+declare[[disable_assert_evaluation]]
+assert*\<open>evidence @{result \<open>resultProof3\<close>} = evidence @{result \<open>resultProof2\<close>}\<close>
+declare[[disable_assert_evaluation = false]]
+
 end

Isabelle_DOF-Unit-Tests/Isabelle_DOF_Unit_Tests_document.thy

@@ -0,0 +1,30 @@
+(*<*)
+(*************************************************************************
+ * Copyright (C) 
+ *               2019-2023 The University of Exeter 
+ *               2018-2023 The University of Paris-Saclay
+ *               2018      The University of Sheffield
+ *
+ * License:
+ *   This program can be redistributed and/or modified under the terms
+ *   of the 2-clause BSD-style license.
+ *
+ *   SPDX-License-Identifier: BSD-2-Clause
+ *************************************************************************)
+theory "Isabelle_DOF_Unit_Tests_document"
+  imports
+    "Isabelle_DOF.technical_report"
+    (* "Isabelle_DOF-Ontologies.CENELEC_50128"  where do we use this - bu *)
+  
+begin
+
+use_template "scrreprt-modern"
+use_ontology "technical_report" (* and "Isabelle_DOF-Ontologies.CENELEC_50128" *)
+(*>*)
+
+title*[title::title]         \<open>The Isabelle/DOF Implementation\<close>
+subtitle*[subtitle::subtitle]\<open>The Unit-Test Suite\<close>
+
+(*<*)
+end
+(*>*)

Isabelle_DOF-Unit-Tests/Latex_Tests.thy

@@ -0,0 +1,444 @@
+(*************************************************************************
+ * Copyright (C) 
+ *               2019-2023 The University of Exeter 
+ *               2018-2023 The University of Paris-Saclay
+ *               2018      The University of Sheffield
+ *
+ * License:
+ *   This program can be redistributed and/or modified under the terms
+ *   of the 2-clause BSD-style license.
+ *
+ *   SPDX-License-Identifier: BSD-2-Clause
+ *************************************************************************)
+
+chapter\<open>LaTeX Generation Tests\<close>
+
+
+theory   Latex_Tests
+  imports    "TestKit"
+             "Isabelle_DOF_Unit_Tests_document"  
+  keywords   "Figure*"          :: document_body  (* still experimental feature *)
+
+begin
+
+
+section\<open>Test Purpose.\<close>
+text\<open> Testing the generation of LaTeX code. Serves in particular during development. \<close>
+
+text\<open>Output status:\<close>
+print_doc_classes
+print_doc_items
+
+
+section\<open>Elementary Creation of Doc-items and Access of their Attibutes\<close>
+
+
+text\<open>And here a tex - text macro.\<close>
+text\<open>Pythons ReStructuredText (RST). 
+     @{url \<open>https://de.wikipedia.org/wiki/ReStructuredText\<close>}. Tool: Sphinx.
+    \<close>
+
+text*[aaaa::B]\<open>dfg @{thm [display] refl}\<close>
+(*<*)                            
+text-[dfgdfg::B]
+\<open> Lorem ipsum ...  @{thm [display] refl}  Frédéric \textbf{TEST} \verb+sdf+ \<open>dfgdfg\<close>  \<close>
+
+text-latex\<open> Lorem ipsum ...  @{thm [display] refl}  Frédéric \textbf{TEST} \verb+sdf+ \<open>dfgdfg\<close>  \<close>
+text-[asd::B]
+\<open>... and here is its application macro expansion: 
+     @{B [display] "dfgdfg"} 
+     \textbf{TEST}
+     @{cartouche [display] 
+         \<open>text*[dfgdfg::B]
+           \<open> Lorem ipsum ...  @{thm refl} Frederic \textbf{TEST} \verb+sdf+ \<open>dfgdfg\<close>  \<close>
+          \<close>}
+\<close>
+
+text-latex\<open>... and here is its application macro expansion: 
+     @{B [display] "dfgdfg"} 
+     \textbf{TEST}
+     @{cartouche [display] 
+         \<open>text*[dfgdfg::B]
+           \<open> Lorem ipsum ...  @{thm refl}  Fr\'ed\'eric \textbf{TEST} \verb+sdf+ \<open>dfgdfg\<close>  \<close>
+          \<close>}\<close>
+
+text-latex\<open> \<^theory_text>\<open>definition df = ...  
+        \<close>
+       @{ML      [display] \<open> let val x = 3 + 4 in true end 
+                           \<close>}
+
+       @{ML_text [display] \<open> val x = ...  
+                           \<close>}
+
+       @{verbatim [display] \<open> Lorem ipsum ...  @{thm refl} 
+                              Fr\'ed\'eric \textbf{TEST} \verb+sdf+ \<open>dfgdfg\<close> \<close>}
+       @{theory_text [display] \<open>definition df = ... \<lambda>x.  
+                               \<close>}
+       @{cartouche [display]   \<open> @{figure "cfgdfg"}\<close>} \<close>
+(*>*)
+
+text\<open>Final Status:\<close>
+print_doc_items
+print_doc_classes 
+
+section\<open>Experiments on Inline-Textelements\<close>
+text\<open>Std Abbreviations. Inspired by the block *\<open>control spacing\<close> 
+     in @{file \<open>$ISABELLE_HOME/src/Pure/Thy/document_antiquotations.ML\<close>}.
+     We mechanize the table-construction and even attach the LaTeX 
+     quirks to be dumped into the prelude.  \<close>
+
+ML\<open>
+val _ =
+  Theory.setup
+   (   Document_Output.antiquotation_raw \<^binding>\<open>doof\<close> (Scan.succeed ())
+          (fn _ => fn () => Latex.string "\\emph{doof}")
+    #> Document_Output.antiquotation_raw \<^binding>\<open>LATEX\<close> (Scan.succeed ())
+          (fn _ => fn () => Latex.string "\\textbf{LaTeX}") 
+   )
+\<close>
+
+text-latex\<open> \<^doof> \<^LATEX> \<close>
+
+(* the same effect is achieved with : *)
+setup \<open>DOF_lib.define_shortcut (Binding.make("bla",\<^here>)) "\\blabla"\<close>
+(* Note that this assumes that the generated LaTeX macro call "\blabla" is defined somewhere in the
+   target document, for example, in the tex prelude. Note that the "Binding.make" can be avoided
+   using the alternative \<^binding> notation (see above).*)
+
+
+setup\<open>DOF_lib.define_macro (Binding.make("blong",\<^here>)) "\\blong{" "}" (K(K()))\<close>
+
+(*<*)
+text-latex\<open> \<^blong>\<open>asd\<close> outer  \<^blong>\<open>syntax| ! see {syntax, outer}\<close> \<close>
+(*>*)
+
+section\<open>Experimental Code and Test of advanced LaTeX for free-form text units\<close>
+
+ML\<open>
+
+fun report_text ctxt text =
+    let val pos = Input.pos_of text in
+       Context_Position.reports ctxt
+         [(pos, Markup.language_text (Input.is_delimited text)),
+          (pos, Markup.raw_text)]
+    end;
+
+fun report_theory_text ctxt text =
+    let val keywords = Thy_Header.get_keywords' ctxt;
+        val _ = report_text ctxt text;
+        val _ =
+          Input.source_explode text
+          |> Token.tokenize keywords {strict = true}
+          |> maps (Token.reports keywords)
+          |> Context_Position.reports_text ctxt;
+    in () end
+
+fun prepare_text ctxt =
+  Input.source_content #> #1 #> Document_Antiquotation.prepare_lines ctxt;
+(* This also produces indent-expansion and changes space to "\_" and the introduction of "\newline",
+   I believe. Otherwise its in Thy_Output.output_source, the compiler from string to LaTeX.text. *)
+
+fun string_2_text_antiquotation ctxt text = 
+        prepare_text ctxt text
+        |> Document_Output.output_source ctxt
+        |> Document_Output.isabelle ctxt
+
+fun string_2_theory_text_antiquotation ctxt text =
+      let
+        val keywords = Thy_Header.get_keywords' ctxt;
+      in
+        prepare_text ctxt text
+        |> Token.explode0 keywords
+        |> maps (Document_Output.output_token ctxt)
+        |> Document_Output.isabelle ctxt
+      end
+
+fun gen_text_antiquotation name reportNcheck compile =
+  Document_Output.antiquotation_raw_embedded name (Scan.lift Parse.embedded_input)
+    (fn ctxt => fn text:Input.source =>
+      let
+        val _ = reportNcheck ctxt text;
+      in
+        compile ctxt text    
+      end);
+
+fun std_text_antiquotation name (* redefined in these more abstract terms *) =
+    gen_text_antiquotation name report_text string_2_text_antiquotation
+
+(* should be the same as (2020):
+fun text_antiquotation name =
+  Thy_Output.antiquotation_raw_embedded name (Scan.lift Parse.embedded_input)
+    (fn ctxt => fn text =>
+      let
+        val _ = report_text ctxt text;
+      in
+        prepare_text ctxt text
+        |> Thy_Output.output_source ctxt
+        |> Thy_Output.isabelle ctxt
+      end);
+*)
+
+fun std_theory_text_antiquotation name (* redefined in these more abstract terms *) =
+    gen_text_antiquotation name report_theory_text string_2_theory_text_antiquotation
+
+(* should be the same as (2020):
+fun theory_text_antiquotation name =
+  Thy_Output.antiquotation_raw_embedded name (Scan.lift Parse.embedded_input)
+    (fn ctxt => fn text =>
+      let
+        val keywords = Thy_Header.get_keywords' ctxt;
+
+        val _ = report_text ctxt text;
+        val _ =
+          Input.source_explode text
+          |> Token.tokenize keywords {strict = true}
+          |> maps (Token.reports keywords)
+          |> Context_Position.reports_text ctxt;
+      in
+        prepare_text ctxt text
+        |> Token.explode0 keywords
+        |> maps (Thy_Output.output_token ctxt)
+        |> Thy_Output.isabelle ctxt
+        |> enclose_env ctxt "isarbox"
+      end);
+*)
+
+
+
+fun enclose_env ctxt block_env body =
+  if Config.get ctxt Document_Antiquotation.thy_output_display
+  then Latex.environment block_env body
+  else body;
+
+
+fun boxed_text_antiquotation name (* redefined in these more abstract terms *) =
+    gen_text_antiquotation name report_text 
+                           (fn ctxt => string_2_text_antiquotation ctxt
+                                       #> enclose_env ctxt "isarbox")
+
+
+fun boxed_theory_text_antiquotation name (* redefined in these more abstract terms *) =
+    gen_text_antiquotation name report_theory_text 
+                           (fn ctxt => string_2_theory_text_antiquotation ctxt 
+                                        #> enclose_env ctxt "isarbox")
+
+
+(*   #> enclose_env ctxt "isarbox" *)
+
+val _ = Theory.setup
+   (std_text_antiquotation          \<^binding>\<open>my_text\<close> #>
+    boxed_text_antiquotation        \<^binding>\<open>boxed_text\<close> #>
+    std_text_antiquotation          \<^binding>\<open>my_cartouche\<close> #>
+    boxed_text_antiquotation        \<^binding>\<open>boxed_cartouche\<close> #>
+    std_theory_text_antiquotation   \<^binding>\<open>my_theory_text\<close>#>
+    boxed_theory_text_antiquotation \<^binding>\<open>boxed_theory_text\<close>); (* is overriding possible ?*)
+
+\<close>
+(*<*)
+text-latex\<open> 
+      @{boxed_cartouche   [display] \<open>definition dfg = \<lambda>x. x\<close>}
+      @{boxed_theory_text [display] \<open>doc_class dfg = \<lambda>x... \<Gamma>\<close>}  \<close>
+(*>*)
+
+
+
+section\<open>Experimental Section for Multiple Figure Content\<close>
+
+ML\<open>
+
+val thy_output_display = Attrib.setup_option_bool ("thy_output_display", \<^here>);
+
+val caption_param = Config.declare_string ("caption", \<^here>) (K "");
+val width_param   = Config.declare_int    ("width", \<^here>)   (K 80);  \<comment> \<open>char per line\<close>
+val scale_param   = Config.declare_int    ("scale", \<^here>)   (K 100); \<comment> \<open>in percent\<close>
+
+Config.put caption_param;
+Config.put_global;
+Config.get ;
+
+(*
+      Latex.string (enclose "[" "]" (String.concat [ label_and_type, ", args={", (commas str_args), "}"]))
+*)
+
+(*
+\begin{figure}[h]
+     \centering
+
+     \includegraphics[scale=0.5]{graph_a}
+     \caption{An example graph}
+
+     \label{fig:x cubed graph}
+\end{figure}
+
+
+\begin{figure}
+     \centering
+
+     \begin{subfigure}[b]{0.3\textwidth}
+
+         \centering
+         \includegraphics[width=\textwidth]{graph1}
+         \caption{$y=x$}
+
+         \label{fig:y equals x}   (* PROBLEM *)
+     \end{subfigure}
+
+     \hfill
+
+     \begin{subfigure}[b]{0.3\textwidth}
+
+         \centering
+         \includegraphics[width=\textwidth]{graph2}
+         \caption{$y=3sinx$}
+
+         \label{fig:three sin x}  (* PROBLEM *)
+     \end{subfigure}
+
+     \hfill
+
+     \begin{subfigure}[b]{0.3\textwidth}
+
+         \centering
+         \includegraphics[width=\textwidth]{graph3}
+         \caption{$y=5/x$}
+
+         \label{fig:five over x} (* PROBLEM *)
+     \end{subfigure}
+
+  \caption{Three simple graphs}
+  \label{fig:three graphs}
+\end{figure}
+
+
+\begin{wrapfigure}{l}{0.5\textwidth}
+
+     \centering
+     \includegraphics[width=1.5cm]{logo.png}
+     \caption{$y=5/x$}
+
+\end{wrapfigure}
+
+*)
+
+datatype figure_type   = single | subfigure | float_embedded
+
+(* to check if this can be done more properly: user-state or attributes ??? *)
+val figure_mode        = Unsynchronized.ref(float_embedded)
+val figure_label       = Unsynchronized.ref(NONE:string option)
+val figure_proportions = Unsynchronized.ref([]:int list)
+(* invariant : !figure_mode = subfigure_embedded ==> length(!figure_proportions) > 1 *)
+
+fun figure_antiq (check: Proof.context -> Path.T option -> Input.source -> Path.T) =
+  Args.context -- Scan.lift Parse.path_input >> (fn (ctxt, source) =>
+   (check ctxt NONE source;
+    let val cap = Config.get ctxt caption_param
+        val cap_txt = if cap = "" then "" else (Library.enclose "\n\\caption{" "}\n" cap)
+                      \<comment> \<open>this is naive. one should add an evaluation of doc antiquotations here\<close>
+        val wdth= Config.get ctxt width_param
+        val wdth_ltx = (if wdth = 100 then "" 
+                       else if 10<=wdth andalso wdth<=99 
+                            then "width=0."^(Int.toString wdth)
+                            else if 1<=wdth then "width=0.0"^(Int.toString wdth)
+                                 else error "width out of range (must be between 1 and 100"
+                       )^"\\textwidth"
+        val scl = Config.get ctxt scale_param
+        val scl_ltx = if scl = 100 then "" 
+                       else if 10<=scl andalso scl<=99 then "scale=0."^(Int.toString scl)
+                            else if 1<=scl then "scale=0.0"^(Int.toString scl)
+                                 else error "scale out of range (must be between 1 and 100"
+        val fig_args = Library.enclose "[" "]" (commas [wdth_ltx,scl_ltx])
+        val _ = writeln cap
+        fun proportion () = "0."^ (Int.toString (100 div List.length(!figure_proportions)))
+                             \<comment> \<open>naive: assumes equal proportions\<close>
+        fun core arg = "\n\\centering\n"
+                       ^"\\includegraphics"
+                       ^fig_args^(Library.enclose "{" "}" arg)
+                       ^cap_txt
+                       \<comment> \<open>add internal labels here\<close>
+        fun pat arg = case !figure_mode of
+                       single => core arg   
+                      |subfigure =>   "\n\\begin{subfigure}[b]{"^proportion ()^"\\textwidth}"
+                                     ^ core arg 
+                                     ^"\n\\end{subfigure}\n"
+                      |float_embedded => "\n\\begin{wrapfigure}{r}{"^wdth_ltx^"}"
+                                         ^ core arg 
+                                         ^"\n\\end{wrapfigure}\n"
+                   
+    in   (Latex.output_ascii_breakable "/" (Input.string_of source))
+        |> pat
+        |> Latex.string
+    end));
+
+val _ = Theory.setup
+ (Document_Antiquotation.setup_option \<^binding>\<open>width\<close> 
+       (Config.put width_param o Document_Antiquotation.integer) #>
+  Document_Antiquotation.setup_option \<^binding>\<open>scale\<close> 
+       (Config.put scale_param o Document_Antiquotation.integer) #>
+  Document_Antiquotation.setup_option \<^binding>\<open>caption\<close> 
+       (Config.put caption_param) #>
+  Document_Output.antiquotation_raw_embedded \<^binding>\<open>figure_content\<close> 
+       (figure_antiq Resources.check_file) (K I)
+
+ );
+\<close>
+
+(*<*)
+text-latex\<open>
+@{figure_content [width=40, scale=35, caption="This is a test"] "ROOT"}
+\<close>
+(*>*)
+ML\<open>
+
+fun gen_enriched_document_command3 name {body} cid_transform attr_transform markdown
+                                  (((((oid,pos),cid_pos), doc_attrs) : ODL_Meta_Args_Parser.meta_args_t,
+                                     xstring_opt:(xstring * Position.T) option),
+                                    toks:Input.source list)
+= gen_enriched_document_command2 name {body=body} cid_transform attr_transform markdown
+                                  (((((oid,pos),cid_pos), doc_attrs) : ODL_Meta_Args_Parser.meta_args_t,
+                                     xstring_opt:(xstring * Position.T) option),
+                                     toks) \<comment> \<open>Hack : drop second and thrd args.\<close>
+
+val _ =
+  Outer_Syntax.command ("Figure*", @{here}) "multiple figure"
+    (ODL_Meta_Args_Parser.attributes -- Parse.opt_target -- Scan.repeat1 Parse.document_source 
+      >> (Toplevel.theory o (gen_enriched_document_command2 "TTT" {body=true} I I {markdown = true} )));
+
+
+\<close>
+(*
+Figure*[fff::figure,src="\<open>this is a side-by-side\<close>"]
+   \<open>@{figure_content [width=40, scale=35, caption="This is a test"] "ROOT"}\<close> 
+   \<open> \<^doof> \<^LATEX> \<close>  
+   \<open> \<^theory_text>\<open>definition df = ... \<close>
+     @{ML        [display]   \<open> let val x = 3 + 4 in true end\<close>}
+     @{cartouche [display]   \<open> @{figure "cfgdfg"}\<close>}
+   \<close>  
+*)
+
+
+(*<*)
+
+Figure*[figxxx::float,main_caption="\<open>Proofs establishing an Invariant Preservation.\<close>"]
+\<open>  @{fig_content (width=40, height=35, caption="This is a right test") "figures/A.png"}  
+   @{fig_content (width=40, height=35, caption="This is a left \<^term>\<open>\<sigma>\<^sub>i + 1\<close> test") "figures/A.png"} 
+\<close>
+
+
+
+(* proposed syntax for sub-figure labels : text\<open> @{figure "ffff(2)"}\<close> *)
+
+Figure*[figxxxx::float,main_caption="\<open>Proofs establishing an Invariant Preservation.\<close>"]
+\<open>@{boxed_theory_text [display]
+\<open>lemma inv_c2_preserved :  "c2_inv \<sigma> \<Longrightarrow> c1_inv (\<sigma> \<langle>Hardware\<rangle>\<^sub>C\<^sub>o\<^sub>m\<^sub>p\<^sub>u\<^sub>t\<^sub>e\<^sub>r\<^sub>H\<^sub>a\<^sub>r\<^sub>d\<^sub>w\<^sub>a\<^sub>r\<^sub>e)"
+  unfolding c1_inv_def c2_inv_def 
+            Computer_Hardware_to_Hardware_morphism_def
+            Product_to_Component_morphism_def  
+  by (auto simp: comp_def)
+
+lemma Computer_Hardware_to_Hardware_total :
+         "Computer_Hardware_to_Hardware_morphism ` ({X. c2_inv X}) 
+      \<subseteq> ({X::Hardware. c1_inv X})"
+  using inv_c2_preserved by auto\<close>}\<close> 
+
+end
+(*>*)

Isabelle_DOF-Unit-Tests/Ontology_Matching_Example.thy

@@ -0,0 +1,95 @@
+(*************************************************************************
+ * Copyright (C) 
+ *               2019-2023 The University of Exeter 
+ *               2018-2023 The University of Paris-Saclay
+ *               2018      The University of Sheffield
+ *
+ * License:
+ *   This program can be redistributed and/or modified under the terms
+ *   of the 2-clause BSD-style license.
+ *
+ *   SPDX-License-Identifier: BSD-2-Clause
+ *************************************************************************)
+
+chapter\<open>Ontologys Matching\<close>
+
+theory Ontology_Matching_Example
+  imports TestKit
+          "Isabelle_DOF.Isa_DOF"
+          "Isabelle_DOF_Unit_Tests_document"
+
+begin
+
+section\<open>Test Purpose.\<close>
+text\<open> This is merely an example that shows that the generated invariants 
+      fit nicely together; i.e. allow for sensible consistency and invariant
+      preservation proofs related to ontological matchings. \<close>
+
+section\<open>The Scenario.\<close>
+
+text\<open>Using HOL, we can define a mapping between two ontologies.
+  It is called ontology matching or ontology alignment.
+  Here is an example which show how to map two classes.
+  HOL also allows us to map the invariants (ontological rules) of the classes!\<close>
+
+type_synonym UTF8 = string
+
+definition utf8_to_string
+  where "utf8_to_string xx = xx"
+
+
+doc_class A =
+  first_name  :: UTF8
+  last_name   :: UTF8
+  age         :: nat
+  married_to  :: "string option"
+  invariant a :: "age \<sigma> < 18 \<longrightarrow> married_to \<sigma> = None"
+
+
+doc_class B =
+  name        :: string 
+  adult       :: bool
+  is_married  :: bool
+  invariant b :: "is_married \<sigma> \<longrightarrow> adult \<sigma>"
+
+text\<open>We define the mapping between the two classes,
+  i.e. how to transform the class @{doc_class A} in to the class @{doc_class B}:\<close>
+
+definition A_to_B_morphism
+  where "A_to_B_morphism X =
+        \<lparr> tag_attribute = A.tag_attribute X
+          , name = utf8_to_string (first_name X) @ '' ''  @ utf8_to_string (last_name X)
+          , adult = (age X \<ge> 18)
+          , is_married = (married_to X \<noteq> None) \<rparr>" 
+
+text\<open>Sanity check: Invariants are non-contradictory, i.e. there is a witness.\<close>
+
+lemma inv_a_satisfyable : " Ex (a_inv::A \<Rightarrow> bool)"
+  unfolding a_inv_def
+  apply(rule_tac x ="\<lparr>Ontology_Matching_Example.A.tag_attribute = xxx, 
+                      first_name = yyy, last_name = zzz, age = 17, 
+                      married_to = None\<rparr>" in exI)
+  by auto
+
+text\<open>Now we check that the invariant is preserved through the morphism:\<close>
+
+lemma inv_a_preserved :
+  "a_inv X \<Longrightarrow> b_inv (A_to_B_morphism X)"
+  unfolding a_inv_def b_inv_def A_to_B_morphism_def
+  by auto
+
+text\<open>This also implies that B invariants are non-contradictory: \<close>
+
+lemma inv_b_preserved : "\<exists>x. (b_inv::B \<Rightarrow> bool) x"
+   apply(rule_tac x ="A_to_B_morphism \<lparr>Ontology_Matching_Example.A.tag_attribute = xxx, 
+                                       first_name = yyy, last_name = zzz, age = 17, 
+                                        married_to = None\<rparr>" in exI)
+   by(rule inv_a_preserved,auto simp: a_inv_def)
+
+
+lemma A_morphism_B_total :
+  "A_to_B_morphism ` ({X::A. a_inv X}) \<subseteq> ({X::B. b_inv X})"
+  using inv_a_preserved
+  by auto
+
+end

Isabelle_DOF-Unit-Tests/OutOfOrderPresntn.thy

@@ -14,117 +14,16 @@
 theory 
   OutOfOrderPresntn
 imports 
-  "Isabelle_DOF.Conceptual"
-keywords "text-" "textN"    :: document_body  
-    and  "Figure*"          :: document_body 
+  "Isabelle_DOF_Unit_Tests_document"
+  "TestKit"
+  "Isabelle_DOF-Ontologies.Conceptual"
+keywords  "Figure*"          :: document_body 
 
 begin
 
 section\<open>Elementary Creation of Doc-items and Access of their Attibutes\<close>
 
 
-text\<open>Current status:\<close>
-print_doc_classes
-print_doc_items
-
-(* this corresponds to low-level accesses : *)
-ML\<open>  
-val {docobj_tab={tab = docitem_tab, ...},docclass_tab, ISA_transformer_tab, monitor_tab,...} 
-    = DOF_core.get_data @{context};
-Symtab.dest docitem_tab;
-Symtab.dest docclass_tab;
-app;
-\<close>
-
-
-ML\<open> 
-
-val _ = Document_Output.document_output
-
-fun gen_enriched_document_command2 name {body} cid_transform attr_transform markdown
-                                  (((((oid,pos),cid_pos), doc_attrs) : ODL_Meta_Args_Parser.meta_args_t,
-                                     xstring_opt:(xstring * Position.T) option),
-                                    toks_list:Input.source list) 
-                                  : theory -> theory =
-  let  val toplvl = Toplevel.theory_toplevel
-
-       (* as side-effect, generates markup *)
-       fun check_n_tex_text thy toks = let val ctxt = Toplevel.presentation_context (toplvl thy);
-                                      val pos = Input.pos_of toks;
-                                      val _ =   Context_Position.reports ctxt
-                                                [(pos, Markup.language_document (Input.is_delimited toks)),
-                                                 (pos, Markup.plain_text)];
-                                      fun markup xml = let val m = if body then Markup.latex_body 
-                                                                   else Markup.latex_heading
-                                                       in [XML.Elem (m (Latex.output_name name), 
-                                                           xml)] end;
-
-                                      val text = Document_Output.output_document 
-                                                                 (Proof_Context.init_global thy) 
-                                                                 markdown toks
-(*   type file = {path: Path.T, pos: Position.T, content: string} *) 
-
-                                      val strg = XML.string_of (hd (Latex.output text))
-                                      val file = {path = Path.make [oid ^ "_snippet.tex"],
-                                                  pos = @{here}, 
-                                                  content = strg}
-                                      
-                                      val _ = Generated_Files.write_file (Path.make ["latex_test"]) 
-                                                                         file
-                                      val _ = writeln (strg)
-                                  in  () end \<comment> \<open>important observation: thy is not modified.
-                                                  This implies that several text block can be 
-                                                  processed in parallel in a future, as long
-                                                  as they are associated to one meta arg.\<close>
-       
-       (* ... generating the level-attribute syntax *)
-  in   
-       (   Value_Command.Docitem_Parser.create_and_check_docitem 
-                              {is_monitor = false} {is_inline = false} 
-                              oid pos (cid_transform cid_pos) (attr_transform doc_attrs)
-        #> (fn thy => (app (check_n_tex_text thy) toks_list; thy))) 
-  end;
-
-val _ =
-  Outer_Syntax.command ("text-", @{here}) "formal comment macro"
-    (ODL_Meta_Args_Parser.attributes -- Parse.opt_target -- Scan.repeat1 Parse.document_source 
-      >> (Toplevel.theory o (gen_enriched_document_command2 "TTT" {body=true} I I {markdown = true} )));
-
-(* copied from Pure_syn for experiments *)
-
-fun output_document2 state markdown txt =
-  let
-    val ctxt = Toplevel.presentation_context state;
-    val pos = Input.pos_of txt;
-    val _ =
-      Context_Position.reports ctxt
-        [(pos, Markup.language_document (Input.is_delimited txt)),
-         (pos, Markup.plain_text)];
-    val txt' = Document_Output.output_document ctxt markdown txt
-    val strg = XML.string_of (hd (Latex.output txt'))
-
-    val _ = writeln (strg)
-  in Document_Output.output_document ctxt markdown txt end;
-
-fun document_command2 markdown (loc, txt) =
-  Toplevel.keep (fn state =>
-                    (case loc of
-                      NONE => ignore (output_document2 state markdown txt)
-                    | SOME (_, pos) =>
-                        error ("Illegal target specification -- not a theory context" 
-                               ^ Position.here pos))) 
- o 
-  Toplevel.present_local_theory loc 
-                (fn state =>  (output_document2 state markdown txt));
-
-
-val _ =
-  Outer_Syntax.command ("textN", \<^here>) "formal comment (primary style)"
-    (Parse.opt_target -- Parse.document_source >> document_command2 {markdown = true});
-
-
-\<close>
-
 
 text\<open>And here a tex - text macro.\<close>
 text\<open>Pythons ReStructuredText (RST). 
@@ -132,11 +31,13 @@ text\<open>Pythons ReStructuredText (RST).
     \<close>
 
 text*[aaaa::B]\<open>dfg @{thm [display] refl}\<close>
+
+(*<*)
                             
 text-[dfgdfg::B]
-\<open> Lorem ipsum ...  @{thm [display] refl} _ Frédéric \textbf{TEST} \verb+sdf+ \<open>dfgdfg\<close>  \<close>
+\<open> Lorem ipsum ...  @{thm [display] refl}  Frédéric \textbf{TEST} \verb+sdf+ \<open>dfgdfg\<close>  \<close>
 
-textN\<open> Lorem ipsum ...  @{thm [display] refl} _ Frédéric \textbf{TEST} \verb+sdf+ \<open>dfgdfg\<close>  \<close>
+text-latex\<open> Lorem ipsum ...  @{thm [display] refl}  Frédéric \textbf{TEST} \verb+sdf+ \<open>dfgdfg\<close>  \<close>
 
 text-[asd::B]
 \<open>... and here is its application macro expansion: 
@@ -144,19 +45,19 @@ text-[asd::B]
      \textbf{TEST}
      @{cartouche [display] 
          \<open>text*[dfgdfg::B]
-           \<open> Lorem ipsum ...  @{thm refl} _ Frédéric \textbf{TEST} \verb+sdf+ \<open>dfgdfg\<close>  \<close>
+           \<open> Lorem ipsum ...  @{thm refl} Frédéric \textbf{TEST} \verb+sdf+ \<open>dfgdfg\<close>  \<close>
           \<close>}
 \<close>
 
-textN\<open>... and here is its application macro expansion: 
+text-latex\<open>... and here is its application macro expansion: 
      @{B [display] "dfgdfg"} 
      \textbf{TEST}
      @{cartouche [display] 
          \<open>text*[dfgdfg::B]
-           \<open> Lorem ipsum ...  @{thm refl} _ Frédéric \textbf{TEST} \verb+sdf+ \<open>dfgdfg\<close>  \<close>
+           \<open> Lorem ipsum ...  @{thm refl}  Frédéric \textbf{TEST} \verb+sdf+ \<open>dfgdfg\<close>  \<close>
           \<close>}\<close>
 
-textN\<open> \<^theory_text>\<open>definition df = ...  
+text-latex\<open> \<^theory_text>\<open>definition df = ...  
         \<close>
        @{ML      [display] \<open> let val x = 3 + 4 in true end 
                            \<close>}
@@ -164,13 +65,13 @@ textN\<open> \<^theory_text>\<open>definition df = ...
        @{ML_text [display] \<open> val x = ...  
                            \<close>}
 
-       @{verbatim [display] \<open> Lorem ipsum ...  @{thm refl} _ 
+       @{verbatim [display] \<open> Lorem ipsum ...  @{thm refl} 
                               Frédéric \textbf{TEST} \verb+sdf+ \<open>dfgdfg\<close> \<close>}
        @{theory_text [display] \<open>definition df = ... \<lambda>x.  
                                \<close>}
        @{cartouche [display]   \<open> @{figure "cfgdfg"}\<close>} \<close>
 
-(*<*)
+
 text\<open>Final Status:\<close>
 print_doc_items
 print_doc_classes 
@@ -191,7 +92,7 @@ val _ =
    )
 \<close>
 
-textN\<open> \<^doof> \<^LATEX> \<close>
+text-latex\<open> \<^doof> \<^LATEX> \<close>
 
 (* the same effect is achieved with : *)
 setup \<open>DOF_lib.define_shortcut (Binding.make("bla",\<^here>)) "\\blabla"\<close>
@@ -199,10 +100,10 @@ setup \<open>DOF_lib.define_shortcut (Binding.make("bla",\<^here>)) "\\blabla"\<
    target document, for example, in the tex prelude. Note that the "Binding.make" can be avoided
    using the alternative \<^binding> notation (see above).*)
 
-
 setup\<open>DOF_lib.define_macro (Binding.make("blong",\<^here>)) "\\blong{" "}" (K(K()))\<close>
 
-textN\<open> \<^blong>\<open>asd\<close> outer  \<^blong>\<open>syntax| ! see {syntax, outer}\<close> \<close>
+text-latex\<open> \<^blong>\<open>asd\<close> outer  \<^blong>\<open>syntax| ! see {syntax, outer}\<close> \<close>
+(*>*)
 
 ML\<open>
 
@@ -325,14 +226,16 @@ val _ = Theory.setup
 
 \<close>
 
-textN\<open> 
+(*<*)
+text-latex\<open> 
       @{boxed_cartouche   [display] \<open>definition dfg = \<lambda>x. x\<close>}
       @{boxed_theory_text [display] \<open>doc_class dfg = \<lambda>x... \<Gamma>\<close>}  \<close>
-
+(*>*)
 
 
 section\<open>Section Experiments of picture-content\<close>
 
+(*<*)
 
 ML\<open>
 
@@ -352,8 +255,8 @@ Config.get ;
 
 (*
 \begin{figure}[h]
-
      \centering
+
      \includegraphics[scale=0.5]{graph_a}
      \caption{An example graph}
 
@@ -362,35 +265,37 @@ Config.get ;
 
 
 \begin{figure}
-
      \centering
+
      \begin{subfigure}[b]{0.3\textwidth}
 
          \centering
          \includegraphics[width=\textwidth]{graph1}
          \caption{$y=x$}
 
-         \label{fig:y equals x}
+         \label{fig:y equals x}   (* PROBLEM *)
      \end{subfigure}
 
      \hfill
+
      \begin{subfigure}[b]{0.3\textwidth}
 
          \centering
          \includegraphics[width=\textwidth]{graph2}
          \caption{$y=3sinx$}
 
-         \label{fig:three sin x}
+         \label{fig:three sin x}  (* PROBLEM *)
      \end{subfigure}
 
      \hfill
+
      \begin{subfigure}[b]{0.3\textwidth}
 
          \centering
          \includegraphics[width=\textwidth]{graph3}
          \caption{$y=5/x$}
 
-         \label{fig:five over x}
+         \label{fig:five over x} (* PROBLEM *)
      \end{subfigure}
 
   \caption{Three simple graphs}
@@ -436,7 +341,7 @@ fun figure_antiq (check: Proof.context -> Path.T option -> Input.source -> Path.
                                  else error "scale out of range (must be between 1 and 100"
         val fig_args = Library.enclose "[" "]" (commas [wdth_ltx,scl_ltx])
         val _ = writeln cap
-        fun proportion () = "0."^ (Int.toString (100 div length(!figure_proportions)))
+        fun proportion () = "0."^ (Int.toString (100 div List.length(!figure_proportions)))
                              \<comment> \<open>naive: assumes equal proportions\<close>
         fun core arg = "\n\\centering\n"
                        ^"\\includegraphics"
@@ -470,8 +375,8 @@ val _ = Theory.setup
  );
 \<close>
 
-textN\<open>
-@{figure_content [width=40, scale=35, caption="This is a test"] "../ROOT"}
+text-latex\<open>
+@{figure_content [width=40, scale=35, caption="This is a test"] "ROOT"}
 \<close>
 
 ML\<open>
@@ -492,23 +397,37 @@ val _ =
 
 
 \<close>
-
+(*
 Figure*[fff::figure,src="\<open>this is a side-by-side\<close>"]
-   \<open>@{figure_content [width=40, scale=35, caption="This is a test"] "../ROOT"}\<close> 
+   \<open>@{figure_content [width=40, scale=35, caption="This is a test"] "ROOT"}\<close> 
    \<open> \<^doof> \<^LATEX> \<close>  
    \<open> \<^theory_text>\<open>definition df = ... \<close>
      @{ML        [display]   \<open> let val x = 3 + 4 in true end\<close>}
      @{cartouche [display]   \<open> @{figure "cfgdfg"}\<close>}
    \<close>  
+*)
 
 
-Figure*[ffff::figure,(* caption *) src="\<open>this is another 2 side-by-side\<close>"]
-   \<open>@{figure_content [width=40, scale=35, caption="This is a left test"] "../ROOT"}\<close> 
-   \<open>@{figure_content [width=40, scale=35, caption="This is a right test"] "../ROOT"}\<close>  
+Figure*[ffff::float, main_caption="\<open>this is another 2 side-by-side\<close>"]
+   \<open>@{figure_content [width=40, scale=35, caption="This is a left test"] "ROOT"}\<close> 
+   \<open>@{figure_content [width=40, scale=35, caption="This is a right test"] "ROOT"}\<close>  
 
 (* proposed syntax for sub-figure labels :
 text\<open> @{figure "ffff(2)"}\<close>
  *)
 
+Figure*[figxxx::float,main_caption="\<open>Proofs establishing an Invariant Preservation.\<close>"]
+\<open>@{boxed_theory_text [display]
+\<open>lemma inv_c2_preserved :  "c2_inv \<sigma> \<Longrightarrow> c1_inv (\<sigma> \<langle>Hardware\<rangle>\<^sub>C\<^sub>o\<^sub>m\<^sub>p\<^sub>u\<^sub>t\<^sub>e\<^sub>r\<^sub>H\<^sub>a\<^sub>r\<^sub>d\<^sub>w\<^sub>a\<^sub>r\<^sub>e)"
+  unfolding c1_inv_def c2_inv_def 
+            Computer_Hardware_to_Hardware_morphism_def
+            Product_to_Component_morphism_def  
+  by (auto simp: comp_def)
+
+lemma Computer_Hardware_to_Hardware_total :
+         "Computer_Hardware_to_Hardware_morphism ` ({X. c2_inv X}) 
+      \<subseteq> ({X::Hardware. c1_inv X})"
+  using inv_c2_preserved by auto\<close>}\<close> 
+
 end
 (*>*)

Isabelle_DOF-Unit-Tests/ROOT

@@ -0,0 +1,22 @@
+session "Isabelle_DOF-Unit-Tests" = "Isabelle_DOF-Ontologies" + 
+  options [document = pdf, document_output = "output", document_build = dof, document_variants = "document:overview=-proof,-ML,-unimportant"]
+  theories
+    "TestKit"
+    "Latex_Tests"
+    "Concept_OntoReferencing"
+    "Concept_Example_Low_Level_Invariant"
+    "Concept_High_Level_Invariants"
+    "Concept_MonitorTest1"
+    "Concept_MonitorTest2"
+    "Concept_TermAntiquotations"
+    "Concept_TermEvaluation"
+    "Attributes"
+    "AssnsLemmaThmEtc" 
+    "Ontology_Matching_Example"
+    "Cenelec_Test"  
+    "OutOfOrderPresntn"
+    "COL_Test"
+  document_files
+    "root.bib"
+    "figures/A.png"
+    "figures/B.png"