src/HOL/Decision_Procs/Parametric_Ferrante_Rackoff.thy
author wenzelm
Wed Dec 29 17:34:41 2010 +0100 (2010-12-29)
changeset 41413 64cd30d6b0b8
parent 39246 9e58f0499f57
child 41807 ab5d2d81f9fb
child 41809 6799f95479e2
permissions -rw-r--r--
explicit file specifications -- avoid secondary load path;
     1 (*  Title:      HOL/Decision_Procs/Parametric_Ferrante_Rackoff.thy
     2     Author:     Amine Chaieb
     3 *)
     4 
     5 header{* A formalization of Ferrante and Rackoff's procedure with polynomial parameters, see Paper in CALCULEMUS 2008 *}
     6 
     7 theory Parametric_Ferrante_Rackoff
     8 imports
     9   Reflected_Multivariate_Polynomial
    10   Dense_Linear_Order
    11   "~~/src/HOL/Library/Efficient_Nat"
    12 begin
    13 
    14 subsection {* Terms *}
    15 
    16 datatype tm = CP poly | Bound nat | Add tm tm | Mul poly tm 
    17   | Neg tm | Sub tm tm | CNP nat poly tm
    18   (* A size for poly to make inductive proofs simpler*)
    19 
    20 primrec tmsize :: "tm \<Rightarrow> nat" where
    21   "tmsize (CP c) = polysize c"
    22 | "tmsize (Bound n) = 1"
    23 | "tmsize (Neg a) = 1 + tmsize a"
    24 | "tmsize (Add a b) = 1 + tmsize a + tmsize b"
    25 | "tmsize (Sub a b) = 3 + tmsize a + tmsize b"
    26 | "tmsize (Mul c a) = 1 + polysize c + tmsize a"
    27 | "tmsize (CNP n c a) = 3 + polysize c + tmsize a "
    28 
    29   (* Semantics of terms tm *)
    30 primrec Itm :: "'a::{field_char_0, field_inverse_zero} list \<Rightarrow> 'a list \<Rightarrow> tm \<Rightarrow> 'a" where
    31   "Itm vs bs (CP c) = (Ipoly vs c)"
    32 | "Itm vs bs (Bound n) = bs!n"
    33 | "Itm vs bs (Neg a) = -(Itm vs bs a)"
    34 | "Itm vs bs (Add a b) = Itm vs bs a + Itm vs bs b"
    35 | "Itm vs bs (Sub a b) = Itm vs bs a - Itm vs bs b"
    36 | "Itm vs bs (Mul c a) = (Ipoly vs c) * Itm vs bs a"
    37 | "Itm vs bs (CNP n c t) = (Ipoly vs c)*(bs!n) + Itm vs bs t"   
    38 
    39 
    40 fun allpolys:: "(poly \<Rightarrow> bool) \<Rightarrow> tm \<Rightarrow> bool"  where
    41   "allpolys P (CP c) = P c"
    42 | "allpolys P (CNP n c p) = (P c \<and> allpolys P p)"
    43 | "allpolys P (Mul c p) = (P c \<and> allpolys P p)"
    44 | "allpolys P (Neg p) = allpolys P p"
    45 | "allpolys P (Add p q) = (allpolys P p \<and> allpolys P q)"
    46 | "allpolys P (Sub p q) = (allpolys P p \<and> allpolys P q)"
    47 | "allpolys P p = True"
    48 
    49 primrec tmboundslt:: "nat \<Rightarrow> tm \<Rightarrow> bool" where
    50   "tmboundslt n (CP c) = True"
    51 | "tmboundslt n (Bound m) = (m < n)"
    52 | "tmboundslt n (CNP m c a) = (m < n \<and> tmboundslt n a)"
    53 | "tmboundslt n (Neg a) = tmboundslt n a"
    54 | "tmboundslt n (Add a b) = (tmboundslt n a \<and> tmboundslt n b)"
    55 | "tmboundslt n (Sub a b) = (tmboundslt n a \<and> tmboundslt n b)" 
    56 | "tmboundslt n (Mul i a) = tmboundslt n a"
    57 
    58 primrec tmbound0:: "tm \<Rightarrow> bool" (* a tm is INDEPENDENT of Bound 0 *) where
    59   "tmbound0 (CP c) = True"
    60 | "tmbound0 (Bound n) = (n>0)"
    61 | "tmbound0 (CNP n c a) = (n\<noteq>0 \<and> tmbound0 a)"
    62 | "tmbound0 (Neg a) = tmbound0 a"
    63 | "tmbound0 (Add a b) = (tmbound0 a \<and> tmbound0 b)"
    64 | "tmbound0 (Sub a b) = (tmbound0 a \<and> tmbound0 b)" 
    65 | "tmbound0 (Mul i a) = tmbound0 a"
    66 lemma tmbound0_I:
    67   assumes nb: "tmbound0 a"
    68   shows "Itm vs (b#bs) a = Itm vs (b'#bs) a"
    69 using nb
    70 by (induct a rule: tm.induct,auto simp add: nth_pos2)
    71 
    72 primrec tmbound:: "nat \<Rightarrow> tm \<Rightarrow> bool" (* a tm is INDEPENDENT of Bound n *) where
    73   "tmbound n (CP c) = True"
    74 | "tmbound n (Bound m) = (n \<noteq> m)"
    75 | "tmbound n (CNP m c a) = (n\<noteq>m \<and> tmbound n a)"
    76 | "tmbound n (Neg a) = tmbound n a"
    77 | "tmbound n (Add a b) = (tmbound n a \<and> tmbound n b)"
    78 | "tmbound n (Sub a b) = (tmbound n a \<and> tmbound n b)" 
    79 | "tmbound n (Mul i a) = tmbound n a"
    80 lemma tmbound0_tmbound_iff: "tmbound 0 t = tmbound0 t" by (induct t, auto)
    81 
    82 lemma tmbound_I: 
    83   assumes bnd: "tmboundslt (length bs) t" and nb: "tmbound n t" and le: "n \<le> length bs"
    84   shows "Itm vs (bs[n:=x]) t = Itm vs bs t"
    85   using nb le bnd
    86   by (induct t rule: tm.induct , auto)
    87 
    88 consts 
    89   incrtm0:: "tm \<Rightarrow> tm"
    90   decrtm0:: "tm \<Rightarrow> tm" 
    91 
    92 recdef decrtm0 "measure size"
    93   "decrtm0 (Bound n) = Bound (n - 1)"
    94   "decrtm0 (Neg a) = Neg (decrtm0 a)"
    95   "decrtm0 (Add a b) = Add (decrtm0 a) (decrtm0 b)"
    96   "decrtm0 (Sub a b) = Sub (decrtm0 a) (decrtm0 b)"
    97   "decrtm0 (Mul c a) = Mul c (decrtm0 a)"
    98   "decrtm0 (CNP n c a) = CNP (n - 1) c (decrtm0 a)"
    99   "decrtm0 a = a"
   100 
   101 recdef incrtm0 "measure size"
   102   "incrtm0 (Bound n) = Bound (n + 1)"
   103   "incrtm0 (Neg a) = Neg (incrtm0 a)"
   104   "incrtm0 (Add a b) = Add (incrtm0 a) (incrtm0 b)"
   105   "incrtm0 (Sub a b) = Sub (incrtm0 a) (incrtm0 b)"
   106   "incrtm0 (Mul c a) = Mul c (incrtm0 a)"
   107   "incrtm0 (CNP n c a) = CNP (n + 1) c (incrtm0 a)"
   108   "incrtm0 a = a"
   109 
   110 lemma decrtm0: assumes nb: "tmbound0 t"
   111   shows "Itm vs (x#bs) t = Itm vs bs (decrtm0 t)"
   112   using nb by (induct t rule: decrtm0.induct, simp_all add: nth_pos2)
   113 
   114 lemma incrtm0: "Itm vs (x#bs) (incrtm0 t) = Itm vs bs t"
   115   by (induct t rule: decrtm0.induct, simp_all add: nth_pos2)
   116 
   117 primrec decrtm:: "nat \<Rightarrow> tm \<Rightarrow> tm" where
   118   "decrtm m (CP c) = (CP c)"
   119 | "decrtm m (Bound n) = (if n < m then Bound n else Bound (n - 1))"
   120 | "decrtm m (Neg a) = Neg (decrtm m a)"
   121 | "decrtm m (Add a b) = Add (decrtm m a) (decrtm m b)"
   122 | "decrtm m (Sub a b) = Sub (decrtm m a) (decrtm m b)"
   123 | "decrtm m (Mul c a) = Mul c (decrtm m a)"
   124 | "decrtm m (CNP n c a) = (if n < m then CNP n c (decrtm m a) else CNP (n - 1) c (decrtm m a))"
   125 
   126 primrec removen:: "nat \<Rightarrow> 'a list \<Rightarrow> 'a list" where
   127   "removen n [] = []"
   128 | "removen n (x#xs) = (if n=0 then xs else (x#(removen (n - 1) xs)))"
   129 
   130 lemma removen_same: "n \<ge> length xs \<Longrightarrow> removen n xs = xs"
   131   by (induct xs arbitrary: n, auto)
   132 
   133 lemma nth_length_exceeds: "n \<ge> length xs \<Longrightarrow> xs!n = []!(n - length xs)"
   134   by (induct xs arbitrary: n, auto)
   135 
   136 lemma removen_length: "length (removen n xs) = (if n \<ge> length xs then length xs else length xs - 1)"
   137   by (induct xs arbitrary: n, auto)
   138 lemma removen_nth: "(removen n xs)!m = (if n \<ge> length xs then xs!m 
   139   else if m < n then xs!m else if m \<le> length xs then xs!(Suc m) else []!(m - (length xs - 1)))"
   140 proof(induct xs arbitrary: n m)
   141   case Nil thus ?case by simp
   142 next
   143   case (Cons x xs n m)
   144   {assume nxs: "n \<ge> length (x#xs)" hence ?case using removen_same[OF nxs] by simp}
   145   moreover
   146   {assume nxs: "\<not> (n \<ge> length (x#xs))" 
   147     {assume mln: "m < n" hence ?case using prems by (cases m, auto)}
   148     moreover
   149     {assume mln: "\<not> (m < n)" 
   150       
   151       {assume mxs: "m \<le> length (x#xs)" hence ?case using prems by (cases m, auto)}
   152       moreover
   153       {assume mxs: "\<not> (m \<le> length (x#xs))" 
   154         have th: "length (removen n (x#xs)) = length xs" 
   155           using removen_length[where n="n" and xs="x#xs"] nxs by simp
   156         with mxs have mxs':"m \<ge> length (removen n (x#xs))" by auto
   157         hence "(removen n (x#xs))!m = [] ! (m - length xs)" 
   158           using th nth_length_exceeds[OF mxs'] by auto
   159         hence th: "(removen n (x#xs))!m = [] ! (m - (length (x#xs) - 1))" 
   160           by auto
   161         hence ?case using nxs mln mxs by auto }
   162       ultimately have ?case by blast
   163     }
   164     ultimately have ?case by blast
   165     
   166   }      ultimately show ?case by blast
   167 qed
   168 
   169 lemma decrtm: assumes bnd: "tmboundslt (length bs) t" and nb: "tmbound m t" 
   170   and nle: "m \<le> length bs" 
   171   shows "Itm vs (removen m bs) (decrtm m t) = Itm vs bs t"
   172   using bnd nb nle
   173   by (induct t rule: tm.induct, auto simp add: removen_nth)
   174 
   175 primrec tmsubst0:: "tm \<Rightarrow> tm \<Rightarrow> tm" where
   176   "tmsubst0 t (CP c) = CP c"
   177 | "tmsubst0 t (Bound n) = (if n=0 then t else Bound n)"
   178 | "tmsubst0 t (CNP n c a) = (if n=0 then Add (Mul c t) (tmsubst0 t a) else CNP n c (tmsubst0 t a))"
   179 | "tmsubst0 t (Neg a) = Neg (tmsubst0 t a)"
   180 | "tmsubst0 t (Add a b) = Add (tmsubst0 t a) (tmsubst0 t b)"
   181 | "tmsubst0 t (Sub a b) = Sub (tmsubst0 t a) (tmsubst0 t b)" 
   182 | "tmsubst0 t (Mul i a) = Mul i (tmsubst0 t a)"
   183 lemma tmsubst0:
   184   shows "Itm vs (x#bs) (tmsubst0 t a) = Itm vs ((Itm vs (x#bs) t)#bs) a"
   185 by (induct a rule: tm.induct,auto simp add: nth_pos2)
   186 
   187 lemma tmsubst0_nb: "tmbound0 t \<Longrightarrow> tmbound0 (tmsubst0 t a)"
   188 by (induct a rule: tm.induct,auto simp add: nth_pos2)
   189 
   190 primrec tmsubst:: "nat \<Rightarrow> tm \<Rightarrow> tm \<Rightarrow> tm" where
   191   "tmsubst n t (CP c) = CP c"
   192 | "tmsubst n t (Bound m) = (if n=m then t else Bound m)"
   193 | "tmsubst n t (CNP m c a) = (if n=m then Add (Mul c t) (tmsubst n t a) 
   194              else CNP m c (tmsubst n t a))"
   195 | "tmsubst n t (Neg a) = Neg (tmsubst n t a)"
   196 | "tmsubst n t (Add a b) = Add (tmsubst n t a) (tmsubst n t b)"
   197 | "tmsubst n t (Sub a b) = Sub (tmsubst n t a) (tmsubst n t b)" 
   198 | "tmsubst n t (Mul i a) = Mul i (tmsubst n t a)"
   199 
   200 lemma tmsubst: assumes nb: "tmboundslt (length bs) a" and nlt: "n \<le> length bs"
   201   shows "Itm vs bs (tmsubst n t a) = Itm vs (bs[n:= Itm vs bs t]) a"
   202 using nb nlt
   203 by (induct a rule: tm.induct,auto simp add: nth_pos2)
   204 
   205 lemma tmsubst_nb0: assumes tnb: "tmbound0 t"
   206 shows "tmbound0 (tmsubst 0 t a)"
   207 using tnb
   208 by (induct a rule: tm.induct, auto)
   209 
   210 lemma tmsubst_nb: assumes tnb: "tmbound m t"
   211 shows "tmbound m (tmsubst m t a)"
   212 using tnb
   213 by (induct a rule: tm.induct, auto)
   214 lemma incrtm0_tmbound: "tmbound n t \<Longrightarrow> tmbound (Suc n) (incrtm0 t)"
   215   by (induct t, auto)
   216   (* Simplification *)
   217 
   218 consts
   219   simptm:: "tm \<Rightarrow> tm"
   220   tmadd:: "tm \<times> tm \<Rightarrow> tm"
   221   tmmul:: "tm \<Rightarrow> poly \<Rightarrow> tm"
   222 recdef tmadd "measure (\<lambda> (t,s). size t + size s)"
   223   "tmadd (CNP n1 c1 r1,CNP n2 c2 r2) =
   224   (if n1=n2 then 
   225   (let c = c1 +\<^sub>p c2
   226   in if c = 0\<^sub>p then tmadd(r1,r2) else CNP n1 c (tmadd (r1,r2)))
   227   else if n1 \<le> n2 then (CNP n1 c1 (tmadd (r1,CNP n2 c2 r2))) 
   228   else (CNP n2 c2 (tmadd (CNP n1 c1 r1,r2))))"
   229   "tmadd (CNP n1 c1 r1,t) = CNP n1 c1 (tmadd (r1, t))"  
   230   "tmadd (t,CNP n2 c2 r2) = CNP n2 c2 (tmadd (t,r2))" 
   231   "tmadd (CP b1, CP b2) = CP (b1 +\<^sub>p b2)"
   232   "tmadd (a,b) = Add a b"
   233 
   234 lemma tmadd[simp]: "Itm vs bs (tmadd (t,s)) = Itm vs bs (Add t s)"
   235 apply (induct t s rule: tmadd.induct, simp_all add: Let_def)
   236 apply (case_tac "c1 +\<^sub>p c2 = 0\<^sub>p",case_tac "n1 \<le> n2", simp_all)
   237 apply (case_tac "n1 = n2", simp_all add: field_simps)
   238 apply (simp only: right_distrib[symmetric]) 
   239 by (auto simp del: polyadd simp add: polyadd[symmetric])
   240 
   241 lemma tmadd_nb0[simp]: "\<lbrakk> tmbound0 t ; tmbound0 s\<rbrakk> \<Longrightarrow> tmbound0 (tmadd (t,s))"
   242 by (induct t s rule: tmadd.induct, auto simp add: Let_def)
   243 
   244 lemma tmadd_nb[simp]: "\<lbrakk> tmbound n t ; tmbound n s\<rbrakk> \<Longrightarrow> tmbound n (tmadd (t,s))"
   245 by (induct t s rule: tmadd.induct, auto simp add: Let_def)
   246 lemma tmadd_blt[simp]: "\<lbrakk>tmboundslt n t ; tmboundslt n s\<rbrakk> \<Longrightarrow> tmboundslt n (tmadd (t,s))"
   247 by (induct t s rule: tmadd.induct, auto simp add: Let_def)
   248 
   249 lemma tmadd_allpolys_npoly[simp]: "allpolys isnpoly t \<Longrightarrow> allpolys isnpoly s \<Longrightarrow> allpolys isnpoly (tmadd(t,s))" by (induct t s rule: tmadd.induct, simp_all add: Let_def polyadd_norm)
   250 
   251 recdef tmmul "measure size"
   252   "tmmul (CP j) = (\<lambda> i. CP (i *\<^sub>p j))"
   253   "tmmul (CNP n c a) = (\<lambda> i. CNP n (i *\<^sub>p c) (tmmul a i))"
   254   "tmmul t = (\<lambda> i. Mul i t)"
   255 
   256 lemma tmmul[simp]: "Itm vs bs (tmmul t i) = Itm vs bs (Mul i t)"
   257 by (induct t arbitrary: i rule: tmmul.induct, simp_all add: field_simps)
   258 
   259 lemma tmmul_nb0[simp]: "tmbound0 t \<Longrightarrow> tmbound0 (tmmul t i)"
   260 by (induct t arbitrary: i rule: tmmul.induct, auto )
   261 
   262 lemma tmmul_nb[simp]: "tmbound n t \<Longrightarrow> tmbound n (tmmul t i)"
   263 by (induct t arbitrary: n rule: tmmul.induct, auto )
   264 lemma tmmul_blt[simp]: "tmboundslt n t \<Longrightarrow> tmboundslt n (tmmul t i)"
   265 by (induct t arbitrary: i rule: tmmul.induct, auto simp add: Let_def)
   266 
   267 lemma tmmul_allpolys_npoly[simp]: 
   268   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
   269   shows "allpolys isnpoly t \<Longrightarrow> isnpoly c \<Longrightarrow> allpolys isnpoly (tmmul t c)" by (induct t rule: tmmul.induct, simp_all add: Let_def polymul_norm)
   270 
   271 definition tmneg :: "tm \<Rightarrow> tm" where
   272   "tmneg t \<equiv> tmmul t (C (- 1,1))"
   273 
   274 definition tmsub :: "tm \<Rightarrow> tm \<Rightarrow> tm" where
   275   "tmsub s t \<equiv> (if s = t then CP 0\<^sub>p else tmadd (s,tmneg t))"
   276 
   277 lemma tmneg[simp]: "Itm vs bs (tmneg t) = Itm vs bs (Neg t)"
   278 using tmneg_def[of t] 
   279 apply simp
   280 apply (subst number_of_Min)
   281 apply (simp only: of_int_minus)
   282 apply simp
   283 done
   284 
   285 lemma tmneg_nb0[simp]: "tmbound0 t \<Longrightarrow> tmbound0 (tmneg t)"
   286 using tmneg_def by simp
   287 
   288 lemma tmneg_nb[simp]: "tmbound n t \<Longrightarrow> tmbound n (tmneg t)"
   289 using tmneg_def by simp
   290 lemma tmneg_blt[simp]: "tmboundslt n t \<Longrightarrow> tmboundslt n (tmneg t)"
   291 using tmneg_def by simp
   292 lemma [simp]: "isnpoly (C (-1,1))" unfolding isnpoly_def by simp
   293 lemma tmneg_allpolys_npoly[simp]: 
   294   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
   295   shows "allpolys isnpoly t \<Longrightarrow> allpolys isnpoly (tmneg t)" 
   296   unfolding tmneg_def by auto
   297 
   298 lemma tmsub[simp]: "Itm vs bs (tmsub a b) = Itm vs bs (Sub a b)"
   299 using tmsub_def by simp
   300 
   301 lemma tmsub_nb0[simp]: "\<lbrakk> tmbound0 t ; tmbound0 s\<rbrakk> \<Longrightarrow> tmbound0 (tmsub t s)"
   302 using tmsub_def by simp
   303 lemma tmsub_nb[simp]: "\<lbrakk> tmbound n t ; tmbound n s\<rbrakk> \<Longrightarrow> tmbound n (tmsub t s)"
   304 using tmsub_def by simp
   305 lemma tmsub_blt[simp]: "\<lbrakk>tmboundslt n t ; tmboundslt n s\<rbrakk> \<Longrightarrow> tmboundslt n (tmsub t s )"
   306 using tmsub_def by simp
   307 lemma tmsub_allpolys_npoly[simp]: 
   308   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
   309   shows "allpolys isnpoly t \<Longrightarrow> allpolys isnpoly s \<Longrightarrow> allpolys isnpoly (tmsub t s)" 
   310   unfolding tmsub_def by (simp add: isnpoly_def)
   311 
   312 recdef simptm "measure size"
   313   "simptm (CP j) = CP (polynate j)"
   314   "simptm (Bound n) = CNP n 1\<^sub>p (CP 0\<^sub>p)"
   315   "simptm (Neg t) = tmneg (simptm t)"
   316   "simptm (Add t s) = tmadd (simptm t,simptm s)"
   317   "simptm (Sub t s) = tmsub (simptm t) (simptm s)"
   318   "simptm (Mul i t) = (let i' = polynate i in if i' = 0\<^sub>p then CP 0\<^sub>p else tmmul (simptm t) i')"
   319   "simptm (CNP n c t) = (let c' = polynate c in if c' = 0\<^sub>p then simptm t else tmadd (CNP n c' (CP 0\<^sub>p ), simptm t))"
   320 
   321 lemma polynate_stupid: 
   322   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
   323   shows "polynate t = 0\<^sub>p \<Longrightarrow> Ipoly bs t = (0::'a::{field_char_0, field_inverse_zero})" 
   324 apply (subst polynate[symmetric])
   325 apply simp
   326 done
   327 
   328 lemma simptm_ci[simp]: "Itm vs bs (simptm t) = Itm vs bs t"
   329 by (induct t rule: simptm.induct, auto simp add: tmneg tmadd tmsub tmmul Let_def polynate_stupid) 
   330 
   331 lemma simptm_tmbound0[simp]: 
   332   "tmbound0 t \<Longrightarrow> tmbound0 (simptm t)"
   333 by (induct t rule: simptm.induct, auto simp add: Let_def)
   334 
   335 lemma simptm_nb[simp]: "tmbound n t \<Longrightarrow> tmbound n (simptm t)"
   336 by (induct t rule: simptm.induct, auto simp add: Let_def)
   337 lemma simptm_nlt[simp]: "tmboundslt n t \<Longrightarrow> tmboundslt n (simptm t)"
   338 by (induct t rule: simptm.induct, auto simp add: Let_def)
   339 
   340 lemma [simp]: "isnpoly 0\<^sub>p" and [simp]: "isnpoly (C(1,1))" 
   341   by (simp_all add: isnpoly_def)
   342 lemma simptm_allpolys_npoly[simp]: 
   343   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
   344   shows "allpolys isnpoly (simptm p)"
   345   by (induct p rule: simptm.induct, auto simp add: Let_def)
   346 
   347 consts split0 :: "tm \<Rightarrow> (poly \<times> tm)"
   348 recdef split0 "measure tmsize"
   349   "split0 (Bound 0) = (1\<^sub>p, CP 0\<^sub>p)"
   350   "split0 (CNP 0 c t) = (let (c',t') = split0 t in (c +\<^sub>p c',t'))"
   351   "split0 (Neg t) = (let (c,t') = split0 t in (~\<^sub>p c,Neg t'))"
   352   "split0 (CNP n c t) = (let (c',t') = split0 t in (c',CNP n c t'))"
   353   "split0 (Add s t) = (let (c1,s') = split0 s ; (c2,t') = split0 t in (c1 +\<^sub>p c2, Add s' t'))"
   354   "split0 (Sub s t) = (let (c1,s') = split0 s ; (c2,t') = split0 t in (c1 -\<^sub>p c2, Sub s' t'))"
   355   "split0 (Mul c t) = (let (c',t') = split0 t in (c *\<^sub>p c', Mul c t'))"
   356   "split0 t = (0\<^sub>p, t)"
   357 
   358 lemma split0_stupid[simp]: "\<exists>x y. (x,y) = split0 p"
   359   apply (rule exI[where x="fst (split0 p)"])
   360   apply (rule exI[where x="snd (split0 p)"])
   361   by simp
   362 
   363 lemma split0:
   364   "tmbound 0 (snd (split0 t)) \<and> (Itm vs bs (CNP 0 (fst (split0 t)) (snd (split0 t))) = Itm vs bs t)"
   365   apply (induct t rule: split0.induct)
   366   apply simp
   367   apply (simp add: Let_def split_def field_simps)
   368   apply (simp add: Let_def split_def field_simps)
   369   apply (simp add: Let_def split_def field_simps)
   370   apply (simp add: Let_def split_def field_simps)
   371   apply (simp add: Let_def split_def field_simps)
   372   apply (simp add: Let_def split_def mult_assoc right_distrib[symmetric])
   373   apply (simp add: Let_def split_def field_simps)
   374   apply (simp add: Let_def split_def field_simps)
   375   done
   376 
   377 lemma split0_ci: "split0 t = (c',t') \<Longrightarrow> Itm vs bs t = Itm vs bs (CNP 0 c' t')"
   378 proof-
   379   fix c' t'
   380   assume "split0 t = (c', t')" hence "c' = fst (split0 t)" and "t' = snd (split0 t)" by auto
   381   with split0[where t="t" and bs="bs"] show "Itm vs bs t = Itm vs bs (CNP 0 c' t')" by simp
   382 qed
   383 
   384 lemma split0_nb0: 
   385   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
   386   shows "split0 t = (c',t') \<Longrightarrow>  tmbound 0 t'"
   387 proof-
   388   fix c' t'
   389   assume "split0 t = (c', t')" hence "c' = fst (split0 t)" and "t' = snd (split0 t)" by auto
   390   with conjunct1[OF split0[where t="t"]] show "tmbound 0 t'" by simp
   391 qed
   392 
   393 lemma split0_nb0'[simp]:   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
   394   shows "tmbound0 (snd (split0 t))"
   395   using split0_nb0[of t "fst (split0 t)" "snd (split0 t)"] by (simp add: tmbound0_tmbound_iff)
   396 
   397 
   398 lemma split0_nb: assumes nb:"tmbound n t" shows "tmbound n (snd (split0 t))"
   399   using nb by (induct t rule: split0.induct, auto simp add: Let_def split_def split0_stupid)
   400 
   401 lemma split0_blt: assumes nb:"tmboundslt n t" shows "tmboundslt n (snd (split0 t))"
   402   using nb by (induct t rule: split0.induct, auto simp add: Let_def split_def split0_stupid)
   403 
   404 lemma tmbound_split0: "tmbound 0 t \<Longrightarrow> Ipoly vs (fst(split0 t)) = 0"
   405  by (induct t rule: split0.induct, auto simp add: Let_def split_def split0_stupid)
   406 
   407 lemma tmboundslt_split0: "tmboundslt n t \<Longrightarrow> Ipoly vs (fst(split0 t)) = 0 \<or> n > 0"
   408 by (induct t rule: split0.induct, auto simp add: Let_def split_def split0_stupid)
   409 
   410 lemma tmboundslt0_split0: "tmboundslt 0 t \<Longrightarrow> Ipoly vs (fst(split0 t)) = 0"
   411  by (induct t rule: split0.induct, auto simp add: Let_def split_def split0_stupid)
   412 
   413 lemma allpolys_split0: "allpolys isnpoly p \<Longrightarrow> allpolys isnpoly (snd (split0 p))"
   414 by (induct p rule: split0.induct, auto simp  add: isnpoly_def Let_def split_def split0_stupid)
   415 
   416 lemma isnpoly_fst_split0:   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
   417   shows 
   418   "allpolys isnpoly p \<Longrightarrow> isnpoly (fst (split0 p))"
   419   by (induct p rule: split0.induct, 
   420     auto simp  add: polyadd_norm polysub_norm polyneg_norm polymul_norm 
   421     Let_def split_def split0_stupid)
   422 
   423 subsection{* Formulae *}
   424 
   425 datatype fm  =  T| F| Le tm | Lt tm | Eq tm | NEq tm|
   426   NOT fm| And fm fm|  Or fm fm| Imp fm fm| Iff fm fm| E fm| A fm
   427 
   428 
   429   (* A size for fm *)
   430 consts fmsize :: "fm \<Rightarrow> nat"
   431 recdef fmsize "measure size"
   432   "fmsize (NOT p) = 1 + fmsize p"
   433   "fmsize (And p q) = 1 + fmsize p + fmsize q"
   434   "fmsize (Or p q) = 1 + fmsize p + fmsize q"
   435   "fmsize (Imp p q) = 3 + fmsize p + fmsize q"
   436   "fmsize (Iff p q) = 3 + 2*(fmsize p + fmsize q)"
   437   "fmsize (E p) = 1 + fmsize p"
   438   "fmsize (A p) = 4+ fmsize p"
   439   "fmsize p = 1"
   440   (* several lemmas about fmsize *)
   441 lemma fmsize_pos: "fmsize p > 0"        
   442 by (induct p rule: fmsize.induct) simp_all
   443 
   444   (* Semantics of formulae (fm) *)
   445 primrec Ifm ::"'a::{linordered_field_inverse_zero} list \<Rightarrow> 'a list \<Rightarrow> fm \<Rightarrow> bool" where
   446   "Ifm vs bs T = True"
   447 | "Ifm vs bs F = False"
   448 | "Ifm vs bs (Lt a) = (Itm vs bs a < 0)"
   449 | "Ifm vs bs (Le a) = (Itm vs bs a \<le> 0)"
   450 | "Ifm vs bs (Eq a) = (Itm vs bs a = 0)"
   451 | "Ifm vs bs (NEq a) = (Itm vs bs a \<noteq> 0)"
   452 | "Ifm vs bs (NOT p) = (\<not> (Ifm vs bs p))"
   453 | "Ifm vs bs (And p q) = (Ifm vs bs p \<and> Ifm vs bs q)"
   454 | "Ifm vs bs (Or p q) = (Ifm vs bs p \<or> Ifm vs bs q)"
   455 | "Ifm vs bs (Imp p q) = ((Ifm vs bs p) \<longrightarrow> (Ifm vs bs q))"
   456 | "Ifm vs bs (Iff p q) = (Ifm vs bs p = Ifm vs bs q)"
   457 | "Ifm vs bs (E p) = (\<exists> x. Ifm vs (x#bs) p)"
   458 | "Ifm vs bs (A p) = (\<forall> x. Ifm vs (x#bs) p)"
   459 
   460 consts not:: "fm \<Rightarrow> fm"
   461 recdef not "measure size"
   462   "not (NOT (NOT p)) = not p"
   463   "not (NOT p) = p"
   464   "not T = F"
   465   "not F = T"
   466   "not (Lt t) = Le (tmneg t)"
   467   "not (Le t) = Lt (tmneg t)"
   468   "not (Eq t) = NEq t"
   469   "not (NEq t) = Eq t"
   470   "not p = NOT p"
   471 lemma not[simp]: "Ifm vs bs (not p) = Ifm vs bs (NOT p)"
   472 by (induct p rule: not.induct) auto
   473 
   474 definition conj :: "fm \<Rightarrow> fm \<Rightarrow> fm" where
   475   "conj p q \<equiv> (if (p = F \<or> q=F) then F else if p=T then q else if q=T then p else 
   476    if p = q then p else And p q)"
   477 lemma conj[simp]: "Ifm vs bs (conj p q) = Ifm vs bs (And p q)"
   478 by (cases "p=F \<or> q=F",simp_all add: conj_def) (cases p,simp_all)
   479 
   480 definition disj :: "fm \<Rightarrow> fm \<Rightarrow> fm" where
   481   "disj p q \<equiv> (if (p = T \<or> q=T) then T else if p=F then q else if q=F then p 
   482        else if p=q then p else Or p q)"
   483 
   484 lemma disj[simp]: "Ifm vs bs (disj p q) = Ifm vs bs (Or p q)"
   485 by (cases "p=T \<or> q=T",simp_all add: disj_def) (cases p,simp_all)
   486 
   487 definition imp :: "fm \<Rightarrow> fm \<Rightarrow> fm" where
   488   "imp p q \<equiv> (if (p = F \<or> q=T \<or> p=q) then T else if p=T then q else if q=F then not p 
   489     else Imp p q)"
   490 lemma imp[simp]: "Ifm vs bs (imp p q) = Ifm vs bs (Imp p q)"
   491 by (cases "p=F \<or> q=T",simp_all add: imp_def) 
   492 
   493 definition iff :: "fm \<Rightarrow> fm \<Rightarrow> fm" where
   494   "iff p q \<equiv> (if (p = q) then T else if (p = NOT q \<or> NOT p = q) then F else 
   495        if p=F then not q else if q=F then not p else if p=T then q else if q=T then p else 
   496   Iff p q)"
   497 lemma iff[simp]: "Ifm vs bs (iff p q) = Ifm vs bs (Iff p q)"
   498   by (unfold iff_def,cases "p=q", simp,cases "p=NOT q", simp) (cases "NOT p= q", auto)
   499   (* Quantifier freeness *)
   500 consts qfree:: "fm \<Rightarrow> bool"
   501 recdef qfree "measure size"
   502   "qfree (E p) = False"
   503   "qfree (A p) = False"
   504   "qfree (NOT p) = qfree p" 
   505   "qfree (And p q) = (qfree p \<and> qfree q)" 
   506   "qfree (Or  p q) = (qfree p \<and> qfree q)" 
   507   "qfree (Imp p q) = (qfree p \<and> qfree q)" 
   508   "qfree (Iff p q) = (qfree p \<and> qfree q)"
   509   "qfree p = True"
   510 
   511   (* Boundedness and substitution *)
   512 
   513 primrec boundslt :: "nat \<Rightarrow> fm \<Rightarrow> bool" where
   514   "boundslt n T = True"
   515 | "boundslt n F = True"
   516 | "boundslt n (Lt t) = (tmboundslt n t)"
   517 | "boundslt n (Le t) = (tmboundslt n t)"
   518 | "boundslt n (Eq t) = (tmboundslt n t)"
   519 | "boundslt n (NEq t) = (tmboundslt n t)"
   520 | "boundslt n (NOT p) = boundslt n p"
   521 | "boundslt n (And p q) = (boundslt n p \<and> boundslt n q)"
   522 | "boundslt n (Or p q) = (boundslt n p \<and> boundslt n q)"
   523 | "boundslt n (Imp p q) = ((boundslt n p) \<and> (boundslt n q))"
   524 | "boundslt n (Iff p q) = (boundslt n p \<and> boundslt n q)"
   525 | "boundslt n (E p) = boundslt (Suc n) p"
   526 | "boundslt n (A p) = boundslt (Suc n) p"
   527 
   528 consts 
   529   bound0:: "fm \<Rightarrow> bool" (* A Formula is independent of Bound 0 *)
   530   decr0 :: "fm \<Rightarrow> fm"
   531 recdef bound0 "measure size"
   532   "bound0 T = True"
   533   "bound0 F = True"
   534   "bound0 (Lt a) = tmbound0 a"
   535   "bound0 (Le a) = tmbound0 a"
   536   "bound0 (Eq a) = tmbound0 a"
   537   "bound0 (NEq a) = tmbound0 a"
   538   "bound0 (NOT p) = bound0 p"
   539   "bound0 (And p q) = (bound0 p \<and> bound0 q)"
   540   "bound0 (Or p q) = (bound0 p \<and> bound0 q)"
   541   "bound0 (Imp p q) = ((bound0 p) \<and> (bound0 q))"
   542   "bound0 (Iff p q) = (bound0 p \<and> bound0 q)"
   543   "bound0 p = False"
   544 lemma bound0_I:
   545   assumes bp: "bound0 p"
   546   shows "Ifm vs (b#bs) p = Ifm vs (b'#bs) p"
   547 using bp tmbound0_I[where b="b" and bs="bs" and b'="b'"]
   548 by (induct p rule: bound0.induct,auto simp add: nth_pos2)
   549 
   550 primrec bound:: "nat \<Rightarrow> fm \<Rightarrow> bool" (* A Formula is independent of Bound n *) where
   551   "bound m T = True"
   552 | "bound m F = True"
   553 | "bound m (Lt t) = tmbound m t"
   554 | "bound m (Le t) = tmbound m t"
   555 | "bound m (Eq t) = tmbound m t"
   556 | "bound m (NEq t) = tmbound m t"
   557 | "bound m (NOT p) = bound m p"
   558 | "bound m (And p q) = (bound m p \<and> bound m q)"
   559 | "bound m (Or p q) = (bound m p \<and> bound m q)"
   560 | "bound m (Imp p q) = ((bound m p) \<and> (bound m q))"
   561 | "bound m (Iff p q) = (bound m p \<and> bound m q)"
   562 | "bound m (E p) = bound (Suc m) p"
   563 | "bound m (A p) = bound (Suc m) p"
   564 
   565 lemma bound_I:
   566   assumes bnd: "boundslt (length bs) p" and nb: "bound n p" and le: "n \<le> length bs"
   567   shows "Ifm vs (bs[n:=x]) p = Ifm vs bs p"
   568   using bnd nb le tmbound_I[where bs=bs and vs = vs]
   569 proof(induct p arbitrary: bs n rule: fm.induct)
   570   case (E p bs n) 
   571   {fix y
   572     from prems have bnd: "boundslt (length (y#bs)) p" 
   573       and nb: "bound (Suc n) p" and le: "Suc n \<le> length (y#bs)" by simp+
   574     from E.hyps[OF bnd nb le tmbound_I] have "Ifm vs ((y#bs)[Suc n:=x]) p = Ifm vs (y#bs) p" .   }
   575   thus ?case by simp 
   576 next
   577   case (A p bs n) {fix y
   578     from prems have bnd: "boundslt (length (y#bs)) p" 
   579       and nb: "bound (Suc n) p" and le: "Suc n \<le> length (y#bs)" by simp+
   580     from A.hyps[OF bnd nb le tmbound_I] have "Ifm vs ((y#bs)[Suc n:=x]) p = Ifm vs (y#bs) p" .   }
   581   thus ?case by simp 
   582 qed auto
   583 
   584 recdef decr0 "measure size"
   585   "decr0 (Lt a) = Lt (decrtm0 a)"
   586   "decr0 (Le a) = Le (decrtm0 a)"
   587   "decr0 (Eq a) = Eq (decrtm0 a)"
   588   "decr0 (NEq a) = NEq (decrtm0 a)"
   589   "decr0 (NOT p) = NOT (decr0 p)" 
   590   "decr0 (And p q) = conj (decr0 p) (decr0 q)"
   591   "decr0 (Or p q) = disj (decr0 p) (decr0 q)"
   592   "decr0 (Imp p q) = imp (decr0 p) (decr0 q)"
   593   "decr0 (Iff p q) = iff (decr0 p) (decr0 q)"
   594   "decr0 p = p"
   595 
   596 lemma decr0: assumes nb: "bound0 p"
   597   shows "Ifm vs (x#bs) p = Ifm vs bs (decr0 p)"
   598   using nb 
   599   by (induct p rule: decr0.induct, simp_all add: decrtm0)
   600 
   601 primrec decr :: "nat \<Rightarrow> fm \<Rightarrow> fm" where
   602   "decr m T = T"
   603 | "decr m F = F"
   604 | "decr m (Lt t) = (Lt (decrtm m t))"
   605 | "decr m (Le t) = (Le (decrtm m t))"
   606 | "decr m (Eq t) = (Eq (decrtm m t))"
   607 | "decr m (NEq t) = (NEq (decrtm m t))"
   608 | "decr m (NOT p) = NOT (decr m p)" 
   609 | "decr m (And p q) = conj (decr m p) (decr m q)"
   610 | "decr m (Or p q) = disj (decr m p) (decr m q)"
   611 | "decr m (Imp p q) = imp (decr m p) (decr m q)"
   612 | "decr m (Iff p q) = iff (decr m p) (decr m q)"
   613 | "decr m (E p) = E (decr (Suc m) p)"
   614 | "decr m (A p) = A (decr (Suc m) p)"
   615 
   616 lemma decr: assumes  bnd: "boundslt (length bs) p" and nb: "bound m p" 
   617   and nle: "m < length bs" 
   618   shows "Ifm vs (removen m bs) (decr m p) = Ifm vs bs p"
   619   using bnd nb nle
   620 proof(induct p arbitrary: bs m rule: fm.induct)
   621   case (E p bs m) 
   622   {fix x
   623     from prems have bnd: "boundslt (length (x#bs)) p" and nb: "bound (Suc m) p" 
   624   and nle: "Suc m < length (x#bs)" by auto
   625     from prems(4)[OF bnd nb nle] have "Ifm vs (removen (Suc m) (x#bs)) (decr (Suc m) p) = Ifm vs (x#bs) p".
   626   } thus ?case by auto 
   627 next
   628   case (A p bs m)  
   629   {fix x
   630     from prems have bnd: "boundslt (length (x#bs)) p" and nb: "bound (Suc m) p" 
   631   and nle: "Suc m < length (x#bs)" by auto
   632     from prems(4)[OF bnd nb nle] have "Ifm vs (removen (Suc m) (x#bs)) (decr (Suc m) p) = Ifm vs (x#bs) p".
   633   } thus ?case by auto
   634 qed (auto simp add: decrtm removen_nth)
   635 
   636 primrec subst0:: "tm \<Rightarrow> fm \<Rightarrow> fm" where
   637   "subst0 t T = T"
   638 | "subst0 t F = F"
   639 | "subst0 t (Lt a) = Lt (tmsubst0 t a)"
   640 | "subst0 t (Le a) = Le (tmsubst0 t a)"
   641 | "subst0 t (Eq a) = Eq (tmsubst0 t a)"
   642 | "subst0 t (NEq a) = NEq (tmsubst0 t a)"
   643 | "subst0 t (NOT p) = NOT (subst0 t p)"
   644 | "subst0 t (And p q) = And (subst0 t p) (subst0 t q)"
   645 | "subst0 t (Or p q) = Or (subst0 t p) (subst0 t q)"
   646 | "subst0 t (Imp p q) = Imp (subst0 t p)  (subst0 t q)"
   647 | "subst0 t (Iff p q) = Iff (subst0 t p) (subst0 t q)"
   648 | "subst0 t (E p) = E p"
   649 | "subst0 t (A p) = A p"
   650 
   651 lemma subst0: assumes qf: "qfree p"
   652   shows "Ifm vs (x#bs) (subst0 t p) = Ifm vs ((Itm vs (x#bs) t)#bs) p"
   653 using qf tmsubst0[where x="x" and bs="bs" and t="t"]
   654 by (induct p rule: fm.induct, auto)
   655 
   656 lemma subst0_nb:
   657   assumes bp: "tmbound0 t" and qf: "qfree p"
   658   shows "bound0 (subst0 t p)"
   659 using qf tmsubst0_nb[OF bp] bp
   660 by (induct p rule: fm.induct, auto)
   661 
   662 primrec subst:: "nat \<Rightarrow> tm \<Rightarrow> fm \<Rightarrow> fm" where
   663   "subst n t T = T"
   664 | "subst n t F = F"
   665 | "subst n t (Lt a) = Lt (tmsubst n t a)"
   666 | "subst n t (Le a) = Le (tmsubst n t a)"
   667 | "subst n t (Eq a) = Eq (tmsubst n t a)"
   668 | "subst n t (NEq a) = NEq (tmsubst n t a)"
   669 | "subst n t (NOT p) = NOT (subst n t p)"
   670 | "subst n t (And p q) = And (subst n t p) (subst n t q)"
   671 | "subst n t (Or p q) = Or (subst n t p) (subst n t q)"
   672 | "subst n t (Imp p q) = Imp (subst n t p)  (subst n t q)"
   673 | "subst n t (Iff p q) = Iff (subst n t p) (subst n t q)"
   674 | "subst n t (E p) = E (subst (Suc n) (incrtm0 t) p)"
   675 | "subst n t (A p) = A (subst (Suc n) (incrtm0 t) p)"
   676 
   677 lemma subst: assumes nb: "boundslt (length bs) p" and nlm: "n \<le> length bs"
   678   shows "Ifm vs bs (subst n t p) = Ifm vs (bs[n:= Itm vs bs t]) p"
   679   using nb nlm
   680 proof (induct p arbitrary: bs n t rule: fm.induct)
   681   case (E p bs n) 
   682   {fix x 
   683     from prems have bn: "boundslt (length (x#bs)) p" by simp 
   684       from prems have nlm: "Suc n \<le> length (x#bs)" by simp
   685     from prems(3)[OF bn nlm] have "Ifm vs (x#bs) (subst (Suc n) (incrtm0 t) p) = Ifm vs ((x#bs)[Suc n:= Itm vs (x#bs) (incrtm0 t)]) p" by simp 
   686     hence "Ifm vs (x#bs) (subst (Suc n) (incrtm0 t) p) = Ifm vs (x#bs[n:= Itm vs bs t]) p"
   687     by (simp add: incrtm0[where x="x" and bs="bs" and t="t"]) }  
   688 thus ?case by simp 
   689 next
   690   case (A p bs n)   
   691   {fix x 
   692     from prems have bn: "boundslt (length (x#bs)) p" by simp 
   693       from prems have nlm: "Suc n \<le> length (x#bs)" by simp
   694     from prems(3)[OF bn nlm] have "Ifm vs (x#bs) (subst (Suc n) (incrtm0 t) p) = Ifm vs ((x#bs)[Suc n:= Itm vs (x#bs) (incrtm0 t)]) p" by simp 
   695     hence "Ifm vs (x#bs) (subst (Suc n) (incrtm0 t) p) = Ifm vs (x#bs[n:= Itm vs bs t]) p"
   696     by (simp add: incrtm0[where x="x" and bs="bs" and t="t"]) }  
   697 thus ?case by simp 
   698 qed(auto simp add: tmsubst)
   699 
   700 lemma subst_nb: assumes tnb: "tmbound m t"
   701 shows "bound m (subst m t p)"
   702 using tnb tmsubst_nb incrtm0_tmbound
   703 by (induct p arbitrary: m t rule: fm.induct, auto)
   704 
   705 lemma not_qf[simp]: "qfree p \<Longrightarrow> qfree (not p)"
   706 by (induct p rule: not.induct, auto)
   707 lemma not_bn0[simp]: "bound0 p \<Longrightarrow> bound0 (not p)"
   708 by (induct p rule: not.induct, auto)
   709 lemma not_nb[simp]: "bound n p \<Longrightarrow> bound n (not p)"
   710 by (induct p rule: not.induct, auto)
   711 lemma not_blt[simp]: "boundslt n p \<Longrightarrow> boundslt n (not p)"
   712  by (induct p rule: not.induct, auto)
   713 
   714 lemma conj_qf[simp]: "\<lbrakk>qfree p ; qfree q\<rbrakk> \<Longrightarrow> qfree (conj p q)"
   715 using conj_def by auto 
   716 lemma conj_nb0[simp]: "\<lbrakk>bound0 p ; bound0 q\<rbrakk> \<Longrightarrow> bound0 (conj p q)"
   717 using conj_def by auto 
   718 lemma conj_nb[simp]: "\<lbrakk>bound n p ; bound n q\<rbrakk> \<Longrightarrow> bound n (conj p q)"
   719 using conj_def by auto 
   720 lemma conj_blt[simp]: "boundslt n p \<Longrightarrow> boundslt n q \<Longrightarrow> boundslt n (conj p q)"
   721 using conj_def by auto 
   722 
   723 lemma disj_qf[simp]: "\<lbrakk>qfree p ; qfree q\<rbrakk> \<Longrightarrow> qfree (disj p q)"
   724 using disj_def by auto 
   725 lemma disj_nb0[simp]: "\<lbrakk>bound0 p ; bound0 q\<rbrakk> \<Longrightarrow> bound0 (disj p q)"
   726 using disj_def by auto 
   727 lemma disj_nb[simp]: "\<lbrakk>bound n p ; bound n q\<rbrakk> \<Longrightarrow> bound n (disj p q)"
   728 using disj_def by auto 
   729 lemma disj_blt[simp]: "boundslt n p \<Longrightarrow> boundslt n q \<Longrightarrow> boundslt n (disj p q)"
   730 using disj_def by auto 
   731 
   732 lemma imp_qf[simp]: "\<lbrakk>qfree p ; qfree q\<rbrakk> \<Longrightarrow> qfree (imp p q)"
   733 using imp_def by (cases "p=F \<or> q=T",simp_all add: imp_def)
   734 lemma imp_nb0[simp]: "\<lbrakk>bound0 p ; bound0 q\<rbrakk> \<Longrightarrow> bound0 (imp p q)"
   735 using imp_def by (cases "p=F \<or> q=T \<or> p=q",simp_all add: imp_def)
   736 lemma imp_nb[simp]: "\<lbrakk>bound n p ; bound n q\<rbrakk> \<Longrightarrow> bound n (imp p q)"
   737 using imp_def by (cases "p=F \<or> q=T \<or> p=q",simp_all add: imp_def)
   738 lemma imp_blt[simp]: "boundslt n p \<Longrightarrow> boundslt n q \<Longrightarrow> boundslt n (imp p q)"
   739 using imp_def by auto 
   740 
   741 lemma iff_qf[simp]: "\<lbrakk>qfree p ; qfree q\<rbrakk> \<Longrightarrow> qfree (iff p q)"
   742   by (unfold iff_def,cases "p=q", auto)
   743 lemma iff_nb0[simp]: "\<lbrakk>bound0 p ; bound0 q\<rbrakk> \<Longrightarrow> bound0 (iff p q)"
   744 using iff_def by (unfold iff_def,cases "p=q", auto)
   745 lemma iff_nb[simp]: "\<lbrakk>bound n p ; bound n q\<rbrakk> \<Longrightarrow> bound n (iff p q)"
   746 using iff_def by (unfold iff_def,cases "p=q", auto)
   747 lemma iff_blt[simp]: "boundslt n p \<Longrightarrow> boundslt n q \<Longrightarrow> boundslt n (iff p q)"
   748 using iff_def by auto 
   749 lemma decr0_qf: "bound0 p \<Longrightarrow> qfree (decr0 p)"
   750 by (induct p, simp_all)
   751 
   752 consts 
   753   isatom :: "fm \<Rightarrow> bool" (* test for atomicity *)
   754 recdef isatom "measure size"
   755   "isatom T = True"
   756   "isatom F = True"
   757   "isatom (Lt a) = True"
   758   "isatom (Le a) = True"
   759   "isatom (Eq a) = True"
   760   "isatom (NEq a) = True"
   761   "isatom p = False"
   762 
   763 lemma bound0_qf: "bound0 p \<Longrightarrow> qfree p"
   764 by (induct p, simp_all)
   765 
   766 definition djf :: "('a \<Rightarrow> fm) \<Rightarrow> 'a \<Rightarrow> fm \<Rightarrow> fm" where
   767   "djf f p q \<equiv> (if q=T then T else if q=F then f p else 
   768   (let fp = f p in case fp of T \<Rightarrow> T | F \<Rightarrow> q | _ \<Rightarrow> Or (f p) q))"
   769 definition evaldjf :: "('a \<Rightarrow> fm) \<Rightarrow> 'a list \<Rightarrow> fm" where
   770   "evaldjf f ps \<equiv> foldr (djf f) ps F"
   771 
   772 lemma djf_Or: "Ifm vs bs (djf f p q) = Ifm vs bs (Or (f p) q)"
   773 by (cases "q=T", simp add: djf_def,cases "q=F",simp add: djf_def) 
   774 (cases "f p", simp_all add: Let_def djf_def) 
   775 
   776 lemma evaldjf_ex: "Ifm vs bs (evaldjf f ps) = (\<exists> p \<in> set ps. Ifm vs bs (f p))"
   777   by(induct ps, simp_all add: evaldjf_def djf_Or)
   778 
   779 lemma evaldjf_bound0: 
   780   assumes nb: "\<forall> x\<in> set xs. bound0 (f x)"
   781   shows "bound0 (evaldjf f xs)"
   782   using nb by (induct xs, auto simp add: evaldjf_def djf_def Let_def) (case_tac "f a", auto) 
   783 
   784 lemma evaldjf_qf: 
   785   assumes nb: "\<forall> x\<in> set xs. qfree (f x)"
   786   shows "qfree (evaldjf f xs)"
   787   using nb by (induct xs, auto simp add: evaldjf_def djf_def Let_def) (case_tac "f a", auto) 
   788 
   789 consts disjuncts :: "fm \<Rightarrow> fm list"
   790 recdef disjuncts "measure size"
   791   "disjuncts (Or p q) = (disjuncts p) @ (disjuncts q)"
   792   "disjuncts F = []"
   793   "disjuncts p = [p]"
   794 
   795 lemma disjuncts: "(\<exists> q\<in> set (disjuncts p). Ifm vs bs q) = Ifm vs bs p"
   796 by(induct p rule: disjuncts.induct, auto)
   797 
   798 lemma disjuncts_nb: "bound0 p \<Longrightarrow> \<forall> q\<in> set (disjuncts p). bound0 q"
   799 proof-
   800   assume nb: "bound0 p"
   801   hence "list_all bound0 (disjuncts p)" by (induct p rule:disjuncts.induct,auto)
   802   thus ?thesis by (simp only: list_all_iff)
   803 qed
   804 
   805 lemma disjuncts_qf: "qfree p \<Longrightarrow> \<forall> q\<in> set (disjuncts p). qfree q"
   806 proof-
   807   assume qf: "qfree p"
   808   hence "list_all qfree (disjuncts p)"
   809     by (induct p rule: disjuncts.induct, auto)
   810   thus ?thesis by (simp only: list_all_iff)
   811 qed
   812 
   813 definition DJ :: "(fm \<Rightarrow> fm) \<Rightarrow> fm \<Rightarrow> fm" where
   814   "DJ f p \<equiv> evaldjf f (disjuncts p)"
   815 
   816 lemma DJ: assumes fdj: "\<forall> p q. Ifm vs bs (f (Or p q)) = Ifm vs bs (Or (f p) (f q))"
   817   and fF: "f F = F"
   818   shows "Ifm vs bs (DJ f p) = Ifm vs bs (f p)"
   819 proof-
   820   have "Ifm vs bs (DJ f p) = (\<exists> q \<in> set (disjuncts p). Ifm vs bs (f q))"
   821     by (simp add: DJ_def evaldjf_ex) 
   822   also have "\<dots> = Ifm vs bs (f p)" using fdj fF by (induct p rule: disjuncts.induct, auto)
   823   finally show ?thesis .
   824 qed
   825 
   826 lemma DJ_qf: assumes 
   827   fqf: "\<forall> p. qfree p \<longrightarrow> qfree (f p)"
   828   shows "\<forall>p. qfree p \<longrightarrow> qfree (DJ f p) "
   829 proof(clarify)
   830   fix  p assume qf: "qfree p"
   831   have th: "DJ f p = evaldjf f (disjuncts p)" by (simp add: DJ_def)
   832   from disjuncts_qf[OF qf] have "\<forall> q\<in> set (disjuncts p). qfree q" .
   833   with fqf have th':"\<forall> q\<in> set (disjuncts p). qfree (f q)" by blast
   834   
   835   from evaldjf_qf[OF th'] th show "qfree (DJ f p)" by simp
   836 qed
   837 
   838 lemma DJ_qe: assumes qe: "\<forall> bs p. qfree p \<longrightarrow> qfree (qe p) \<and> (Ifm vs bs (qe p) = Ifm vs bs (E p))"
   839   shows "\<forall> bs p. qfree p \<longrightarrow> qfree (DJ qe p) \<and> (Ifm vs bs ((DJ qe p)) = Ifm vs bs (E p))"
   840 proof(clarify)
   841   fix p::fm and bs
   842   assume qf: "qfree p"
   843   from qe have qth: "\<forall> p. qfree p \<longrightarrow> qfree (qe p)" by blast
   844   from DJ_qf[OF qth] qf have qfth:"qfree (DJ qe p)" by auto
   845   have "Ifm vs bs (DJ qe p) = (\<exists> q\<in> set (disjuncts p). Ifm vs bs (qe q))"
   846     by (simp add: DJ_def evaldjf_ex)
   847   also have "\<dots> = (\<exists> q \<in> set(disjuncts p). Ifm vs bs (E q))" using qe disjuncts_qf[OF qf] by auto
   848   also have "\<dots> = Ifm vs bs (E p)" by (induct p rule: disjuncts.induct, auto)
   849   finally show "qfree (DJ qe p) \<and> Ifm vs bs (DJ qe p) = Ifm vs bs (E p)" using qfth by blast
   850 qed
   851 
   852 consts conjuncts :: "fm \<Rightarrow> fm list"
   853 
   854 recdef conjuncts "measure size"
   855   "conjuncts (And p q) = (conjuncts p) @ (conjuncts q)"
   856   "conjuncts T = []"
   857   "conjuncts p = [p]"
   858 
   859 definition list_conj :: "fm list \<Rightarrow> fm" where
   860   "list_conj ps \<equiv> foldr conj ps T"
   861 
   862 definition CJNB :: "(fm \<Rightarrow> fm) \<Rightarrow> fm \<Rightarrow> fm" where
   863   "CJNB f p \<equiv> (let cjs = conjuncts p ; (yes,no) = partition bound0 cjs
   864                    in conj (decr0 (list_conj yes)) (f (list_conj no)))"
   865 
   866 lemma conjuncts_qf: "qfree p \<Longrightarrow> \<forall> q\<in> set (conjuncts p). qfree q"
   867 proof-
   868   assume qf: "qfree p"
   869   hence "list_all qfree (conjuncts p)"
   870     by (induct p rule: conjuncts.induct, auto)
   871   thus ?thesis by (simp only: list_all_iff)
   872 qed
   873 
   874 lemma conjuncts: "(\<forall> q\<in> set (conjuncts p). Ifm vs bs q) = Ifm vs bs p"
   875 by(induct p rule: conjuncts.induct, auto)
   876 
   877 lemma conjuncts_nb: "bound0 p \<Longrightarrow> \<forall> q\<in> set (conjuncts p). bound0 q"
   878 proof-
   879   assume nb: "bound0 p"
   880   hence "list_all bound0 (conjuncts p)" by (induct p rule:conjuncts.induct,auto)
   881   thus ?thesis by (simp only: list_all_iff)
   882 qed
   883 
   884 fun islin :: "fm \<Rightarrow> bool" where
   885   "islin (And p q) = (islin p \<and> islin q \<and> p \<noteq> T \<and> p \<noteq> F \<and> q \<noteq> T \<and> q \<noteq> F)"
   886 | "islin (Or p q) = (islin p \<and> islin q \<and> p \<noteq> T \<and> p \<noteq> F \<and> q \<noteq> T \<and> q \<noteq> F)"
   887 | "islin (Eq (CNP 0 c s)) = (isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s)"
   888 | "islin (NEq (CNP 0 c s)) = (isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s)"
   889 | "islin (Lt (CNP 0 c s)) = (isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s)"
   890 | "islin (Le (CNP 0 c s)) = (isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s)"
   891 | "islin (NOT p) = False"
   892 | "islin (Imp p q) = False"
   893 | "islin (Iff p q) = False"
   894 | "islin p = bound0 p"
   895 
   896 lemma islin_stupid: assumes nb: "tmbound0 p"
   897   shows "islin (Lt p)" and "islin (Le p)" and "islin (Eq p)" and "islin (NEq p)"
   898   using nb by (cases p, auto, case_tac nat, auto)+
   899 
   900 definition "lt p = (case p of CP (C c) \<Rightarrow> if 0>\<^sub>N c then T else F| _ \<Rightarrow> Lt p)"
   901 definition "le p = (case p of CP (C c) \<Rightarrow> if 0\<ge>\<^sub>N c then T else F | _ \<Rightarrow> Le p)"
   902 definition eq where "eq p = (case p of CP (C c) \<Rightarrow> if c = 0\<^sub>N then T else F | _ \<Rightarrow> Eq p)"
   903 definition "neq p = not (eq p)"
   904 
   905 lemma lt: "allpolys isnpoly p \<Longrightarrow> Ifm vs bs (lt p) = Ifm vs bs (Lt p)"
   906   apply(simp add: lt_def)
   907   apply(cases p, simp_all)
   908   apply (case_tac poly, simp_all add: isnpoly_def)
   909   done
   910 
   911 lemma le: "allpolys isnpoly p \<Longrightarrow> Ifm vs bs (le p) = Ifm vs bs (Le p)"
   912   apply(simp add: le_def)
   913   apply(cases p, simp_all)
   914   apply (case_tac poly, simp_all add: isnpoly_def)
   915   done
   916 
   917 lemma eq: "allpolys isnpoly p \<Longrightarrow> Ifm vs bs (eq p) = Ifm vs bs (Eq p)"
   918   apply(simp add: eq_def)
   919   apply(cases p, simp_all)
   920   apply (case_tac poly, simp_all add: isnpoly_def)
   921   done
   922 
   923 lemma neq: "allpolys isnpoly p \<Longrightarrow> Ifm vs bs (neq p) = Ifm vs bs (NEq p)"
   924   by(simp add: neq_def eq)
   925 
   926 lemma lt_lin: "tmbound0 p \<Longrightarrow> islin (lt p)"
   927   apply (simp add: lt_def)
   928   apply (cases p, simp_all)
   929   apply (case_tac poly, simp_all)
   930   apply (case_tac nat, simp_all)
   931   done
   932 
   933 lemma le_lin: "tmbound0 p \<Longrightarrow> islin (le p)"
   934   apply (simp add: le_def)
   935   apply (cases p, simp_all)
   936   apply (case_tac poly, simp_all)
   937   apply (case_tac nat, simp_all)
   938   done
   939 
   940 lemma eq_lin: "tmbound0 p \<Longrightarrow> islin (eq p)"
   941   apply (simp add: eq_def)
   942   apply (cases p, simp_all)
   943   apply (case_tac poly, simp_all)
   944   apply (case_tac nat, simp_all)
   945   done
   946 
   947 lemma neq_lin: "tmbound0 p \<Longrightarrow> islin (neq p)"
   948   apply (simp add: neq_def eq_def)
   949   apply (cases p, simp_all)
   950   apply (case_tac poly, simp_all)
   951   apply (case_tac nat, simp_all)
   952   done
   953 
   954 definition "simplt t = (let (c,s) = split0 (simptm t) in if c= 0\<^sub>p then lt s else Lt (CNP 0 c s))"
   955 definition "simple t = (let (c,s) = split0 (simptm t) in if c= 0\<^sub>p then le s else Le (CNP 0 c s))"
   956 definition "simpeq t = (let (c,s) = split0 (simptm t) in if c= 0\<^sub>p then eq s else Eq (CNP 0 c s))"
   957 definition "simpneq t = (let (c,s) = split0 (simptm t) in if c= 0\<^sub>p then neq s else NEq (CNP 0 c s))"
   958 
   959 lemma simplt_islin[simp]:   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
   960   shows "islin (simplt t)"
   961   unfolding simplt_def 
   962   using split0_nb0'
   963 by (auto simp add: lt_lin Let_def split_def isnpoly_fst_split0[OF simptm_allpolys_npoly] islin_stupid allpolys_split0[OF simptm_allpolys_npoly])
   964   
   965 lemma simple_islin[simp]:   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
   966   shows "islin (simple t)"
   967   unfolding simple_def 
   968   using split0_nb0'
   969 by (auto simp add: Let_def split_def isnpoly_fst_split0[OF simptm_allpolys_npoly] islin_stupid allpolys_split0[OF simptm_allpolys_npoly] le_lin)
   970 lemma simpeq_islin[simp]:   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
   971   shows "islin (simpeq t)"
   972   unfolding simpeq_def 
   973   using split0_nb0'
   974 by (auto simp add: Let_def split_def isnpoly_fst_split0[OF simptm_allpolys_npoly] islin_stupid allpolys_split0[OF simptm_allpolys_npoly] eq_lin)
   975 
   976 lemma simpneq_islin[simp]:   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
   977   shows "islin (simpneq t)"
   978   unfolding simpneq_def 
   979   using split0_nb0'
   980 by (auto simp add: Let_def split_def isnpoly_fst_split0[OF simptm_allpolys_npoly] islin_stupid allpolys_split0[OF simptm_allpolys_npoly] neq_lin)
   981 
   982 lemma really_stupid: "\<not> (\<forall>c1 s'. (c1, s') \<noteq> split0 s)"
   983   by (cases "split0 s", auto)
   984 lemma split0_npoly:   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
   985   and n: "allpolys isnpoly t"
   986   shows "isnpoly (fst (split0 t))" and "allpolys isnpoly (snd (split0 t))"
   987   using n
   988   by (induct t rule: split0.induct, auto simp add: Let_def split_def polyadd_norm polymul_norm polyneg_norm polysub_norm really_stupid)
   989 lemma simplt[simp]:
   990   shows "Ifm vs bs (simplt t) = Ifm vs bs (Lt t)"
   991 proof-
   992   have n: "allpolys isnpoly (simptm t)" by simp
   993   let ?t = "simptm t"
   994   {assume "fst (split0 ?t) = 0\<^sub>p" hence ?thesis
   995       using split0[of "simptm t" vs bs] lt[OF split0_npoly(2)[OF n], of vs bs]
   996       by (simp add: simplt_def Let_def split_def lt)}
   997   moreover
   998   {assume "fst (split0 ?t) \<noteq> 0\<^sub>p"
   999     hence ?thesis using  split0[of "simptm t" vs bs] by (simp add: simplt_def Let_def split_def)
  1000   }
  1001   ultimately show ?thesis by blast
  1002 qed
  1003 
  1004 lemma simple[simp]:
  1005   shows "Ifm vs bs (simple t) = Ifm vs bs (Le t)"
  1006 proof-
  1007   have n: "allpolys isnpoly (simptm t)" by simp
  1008   let ?t = "simptm t"
  1009   {assume "fst (split0 ?t) = 0\<^sub>p" hence ?thesis
  1010       using split0[of "simptm t" vs bs] le[OF split0_npoly(2)[OF n], of vs bs]
  1011       by (simp add: simple_def Let_def split_def le)}
  1012   moreover
  1013   {assume "fst (split0 ?t) \<noteq> 0\<^sub>p"
  1014     hence ?thesis using  split0[of "simptm t" vs bs] by (simp add: simple_def Let_def split_def)
  1015   }
  1016   ultimately show ?thesis by blast
  1017 qed
  1018 
  1019 lemma simpeq[simp]:
  1020   shows "Ifm vs bs (simpeq t) = Ifm vs bs (Eq t)"
  1021 proof-
  1022   have n: "allpolys isnpoly (simptm t)" by simp
  1023   let ?t = "simptm t"
  1024   {assume "fst (split0 ?t) = 0\<^sub>p" hence ?thesis
  1025       using split0[of "simptm t" vs bs] eq[OF split0_npoly(2)[OF n], of vs bs]
  1026       by (simp add: simpeq_def Let_def split_def)}
  1027   moreover
  1028   {assume "fst (split0 ?t) \<noteq> 0\<^sub>p"
  1029     hence ?thesis using  split0[of "simptm t" vs bs] by (simp add: simpeq_def Let_def split_def)
  1030   }
  1031   ultimately show ?thesis by blast
  1032 qed
  1033 
  1034 lemma simpneq[simp]:
  1035   shows "Ifm vs bs (simpneq t) = Ifm vs bs (NEq t)"
  1036 proof-
  1037   have n: "allpolys isnpoly (simptm t)" by simp
  1038   let ?t = "simptm t"
  1039   {assume "fst (split0 ?t) = 0\<^sub>p" hence ?thesis
  1040       using split0[of "simptm t" vs bs] neq[OF split0_npoly(2)[OF n], of vs bs]
  1041       by (simp add: simpneq_def Let_def split_def )}
  1042   moreover
  1043   {assume "fst (split0 ?t) \<noteq> 0\<^sub>p"
  1044     hence ?thesis using  split0[of "simptm t" vs bs] by (simp add: simpneq_def Let_def split_def)
  1045   }
  1046   ultimately show ?thesis by blast
  1047 qed
  1048 
  1049 lemma lt_nb: "tmbound0 t \<Longrightarrow> bound0 (lt t)"
  1050   apply (simp add: lt_def)
  1051   apply (cases t, auto)
  1052   apply (case_tac poly, auto)
  1053   done
  1054 
  1055 lemma le_nb: "tmbound0 t \<Longrightarrow> bound0 (le t)"
  1056   apply (simp add: le_def)
  1057   apply (cases t, auto)
  1058   apply (case_tac poly, auto)
  1059   done
  1060 
  1061 lemma eq_nb: "tmbound0 t \<Longrightarrow> bound0 (eq t)"
  1062   apply (simp add: eq_def)
  1063   apply (cases t, auto)
  1064   apply (case_tac poly, auto)
  1065   done
  1066 
  1067 lemma neq_nb: "tmbound0 t \<Longrightarrow> bound0 (neq t)"
  1068   apply (simp add: neq_def eq_def)
  1069   apply (cases t, auto)
  1070   apply (case_tac poly, auto)
  1071   done
  1072 
  1073 lemma simplt_nb[simp]:   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
  1074   shows "tmbound0 t \<Longrightarrow> bound0 (simplt t)"
  1075   using split0 [of "simptm t" vs bs]
  1076 proof(simp add: simplt_def Let_def split_def)
  1077   assume nb: "tmbound0 t"
  1078   hence nb': "tmbound0 (simptm t)" by simp
  1079   let ?c = "fst (split0 (simptm t))"
  1080   from tmbound_split0[OF nb'[unfolded tmbound0_tmbound_iff[symmetric]]]
  1081   have th: "\<forall>bs. Ipoly bs ?c = Ipoly bs 0\<^sub>p" by auto
  1082   from isnpoly_fst_split0[OF simptm_allpolys_npoly[of t]]
  1083   have ths: "isnpolyh ?c 0" "isnpolyh 0\<^sub>p 0" by (simp_all add: isnpoly_def)
  1084   from iffD1[OF isnpolyh_unique[OF ths] th]
  1085   have "fst (split0 (simptm t)) = 0\<^sub>p" . 
  1086   thus "(fst (split0 (simptm t)) = 0\<^sub>p \<longrightarrow> bound0 (lt (snd (split0 (simptm t))))) \<and>
  1087        fst (split0 (simptm t)) = 0\<^sub>p" by (simp add: simplt_def Let_def split_def lt_nb)
  1088 qed
  1089 
  1090 lemma simple_nb[simp]:   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
  1091   shows "tmbound0 t \<Longrightarrow> bound0 (simple t)"
  1092   using split0 [of "simptm t" vs bs]
  1093 proof(simp add: simple_def Let_def split_def)
  1094   assume nb: "tmbound0 t"
  1095   hence nb': "tmbound0 (simptm t)" by simp
  1096   let ?c = "fst (split0 (simptm t))"
  1097   from tmbound_split0[OF nb'[unfolded tmbound0_tmbound_iff[symmetric]]]
  1098   have th: "\<forall>bs. Ipoly bs ?c = Ipoly bs 0\<^sub>p" by auto
  1099   from isnpoly_fst_split0[OF simptm_allpolys_npoly[of t]]
  1100   have ths: "isnpolyh ?c 0" "isnpolyh 0\<^sub>p 0" by (simp_all add: isnpoly_def)
  1101   from iffD1[OF isnpolyh_unique[OF ths] th]
  1102   have "fst (split0 (simptm t)) = 0\<^sub>p" . 
  1103   thus "(fst (split0 (simptm t)) = 0\<^sub>p \<longrightarrow> bound0 (le (snd (split0 (simptm t))))) \<and>
  1104        fst (split0 (simptm t)) = 0\<^sub>p" by (simp add: simplt_def Let_def split_def le_nb)
  1105 qed
  1106 
  1107 lemma simpeq_nb[simp]:   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
  1108   shows "tmbound0 t \<Longrightarrow> bound0 (simpeq t)"
  1109   using split0 [of "simptm t" vs bs]
  1110 proof(simp add: simpeq_def Let_def split_def)
  1111   assume nb: "tmbound0 t"
  1112   hence nb': "tmbound0 (simptm t)" by simp
  1113   let ?c = "fst (split0 (simptm t))"
  1114   from tmbound_split0[OF nb'[unfolded tmbound0_tmbound_iff[symmetric]]]
  1115   have th: "\<forall>bs. Ipoly bs ?c = Ipoly bs 0\<^sub>p" by auto
  1116   from isnpoly_fst_split0[OF simptm_allpolys_npoly[of t]]
  1117   have ths: "isnpolyh ?c 0" "isnpolyh 0\<^sub>p 0" by (simp_all add: isnpoly_def)
  1118   from iffD1[OF isnpolyh_unique[OF ths] th]
  1119   have "fst (split0 (simptm t)) = 0\<^sub>p" . 
  1120   thus "(fst (split0 (simptm t)) = 0\<^sub>p \<longrightarrow> bound0 (eq (snd (split0 (simptm t))))) \<and>
  1121        fst (split0 (simptm t)) = 0\<^sub>p" by (simp add: simpeq_def Let_def split_def eq_nb)
  1122 qed
  1123 
  1124 lemma simpneq_nb[simp]:   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
  1125   shows "tmbound0 t \<Longrightarrow> bound0 (simpneq t)"
  1126   using split0 [of "simptm t" vs bs]
  1127 proof(simp add: simpneq_def Let_def split_def)
  1128   assume nb: "tmbound0 t"
  1129   hence nb': "tmbound0 (simptm t)" by simp
  1130   let ?c = "fst (split0 (simptm t))"
  1131   from tmbound_split0[OF nb'[unfolded tmbound0_tmbound_iff[symmetric]]]
  1132   have th: "\<forall>bs. Ipoly bs ?c = Ipoly bs 0\<^sub>p" by auto
  1133   from isnpoly_fst_split0[OF simptm_allpolys_npoly[of t]]
  1134   have ths: "isnpolyh ?c 0" "isnpolyh 0\<^sub>p 0" by (simp_all add: isnpoly_def)
  1135   from iffD1[OF isnpolyh_unique[OF ths] th]
  1136   have "fst (split0 (simptm t)) = 0\<^sub>p" . 
  1137   thus "(fst (split0 (simptm t)) = 0\<^sub>p \<longrightarrow> bound0 (neq (snd (split0 (simptm t))))) \<and>
  1138        fst (split0 (simptm t)) = 0\<^sub>p" by (simp add: simpneq_def Let_def split_def neq_nb)
  1139 qed
  1140 
  1141 consts conjs   :: "fm \<Rightarrow> fm list"
  1142 recdef conjs "measure size"
  1143   "conjs (And p q) = (conjs p)@(conjs q)"
  1144   "conjs T = []"
  1145   "conjs p = [p]"
  1146 lemma conjs_ci: "(\<forall> q \<in> set (conjs p). Ifm vs bs q) = Ifm vs bs p"
  1147 by (induct p rule: conjs.induct, auto)
  1148 definition list_disj :: "fm list \<Rightarrow> fm" where
  1149   "list_disj ps \<equiv> foldr disj ps F"
  1150 
  1151 lemma list_conj: "Ifm vs bs (list_conj ps) = (\<forall>p\<in> set ps. Ifm vs bs p)"
  1152   by (induct ps, auto simp add: list_conj_def)
  1153 lemma list_conj_qf: " \<forall>p\<in> set ps. qfree p \<Longrightarrow> qfree (list_conj ps)"
  1154   by (induct ps, auto simp add: list_conj_def conj_qf)
  1155 lemma list_disj: "Ifm vs bs (list_disj ps) = (\<exists>p\<in> set ps. Ifm vs bs p)"
  1156   by (induct ps, auto simp add: list_disj_def)
  1157 
  1158 lemma conj_boundslt: "boundslt n p \<Longrightarrow> boundslt n q \<Longrightarrow> boundslt n (conj p q)"
  1159   unfolding conj_def by auto
  1160 
  1161 lemma conjs_nb: "bound n p \<Longrightarrow> \<forall>q\<in> set (conjs p). bound n q"
  1162   apply (induct p rule: conjs.induct) 
  1163   apply (unfold conjs.simps)
  1164   apply (unfold set_append)
  1165   apply (unfold ball_Un)
  1166   apply (unfold bound.simps)
  1167   apply auto
  1168   done
  1169 
  1170 lemma conjs_boundslt: "boundslt n p \<Longrightarrow> \<forall>q\<in> set (conjs p). boundslt n q"
  1171   apply (induct p rule: conjs.induct) 
  1172   apply (unfold conjs.simps)
  1173   apply (unfold set_append)
  1174   apply (unfold ball_Un)
  1175   apply (unfold boundslt.simps)
  1176   apply blast
  1177 by simp_all
  1178 
  1179 lemma list_conj_boundslt: " \<forall>p\<in> set ps. boundslt n p \<Longrightarrow> boundslt n (list_conj ps)"
  1180   unfolding list_conj_def
  1181   by (induct ps, auto simp add: conj_boundslt)
  1182 
  1183 lemma list_conj_nb: assumes bnd: "\<forall>p\<in> set ps. bound n p"
  1184   shows "bound n (list_conj ps)"
  1185   using bnd
  1186   unfolding list_conj_def
  1187   by (induct ps, auto simp add: conj_nb)
  1188 
  1189 lemma list_conj_nb': "\<forall>p\<in>set ps. bound0 p \<Longrightarrow> bound0 (list_conj ps)"
  1190 unfolding list_conj_def by (induct ps , auto)
  1191 
  1192 lemma CJNB_qe: 
  1193   assumes qe: "\<forall> bs p. qfree p \<longrightarrow> qfree (qe p) \<and> (Ifm vs bs (qe p) = Ifm vs bs (E p))"
  1194   shows "\<forall> bs p. qfree p \<longrightarrow> qfree (CJNB qe p) \<and> (Ifm vs bs ((CJNB qe p)) = Ifm vs bs (E p))"
  1195 proof(clarify)
  1196   fix bs p
  1197   assume qfp: "qfree p"
  1198   let ?cjs = "conjuncts p"
  1199   let ?yes = "fst (partition bound0 ?cjs)"
  1200   let ?no = "snd (partition bound0 ?cjs)"
  1201   let ?cno = "list_conj ?no"
  1202   let ?cyes = "list_conj ?yes"
  1203   have part: "partition bound0 ?cjs = (?yes,?no)" by simp
  1204   from partition_P[OF part] have "\<forall> q\<in> set ?yes. bound0 q" by blast 
  1205   hence yes_nb: "bound0 ?cyes" by (simp add: list_conj_nb') 
  1206   hence yes_qf: "qfree (decr0 ?cyes )" by (simp add: decr0_qf)
  1207   from conjuncts_qf[OF qfp] partition_set[OF part] 
  1208   have " \<forall>q\<in> set ?no. qfree q" by auto
  1209   hence no_qf: "qfree ?cno"by (simp add: list_conj_qf)
  1210   with qe have cno_qf:"qfree (qe ?cno )" 
  1211     and noE: "Ifm vs bs (qe ?cno) = Ifm vs bs (E ?cno)" by blast+
  1212   from cno_qf yes_qf have qf: "qfree (CJNB qe p)" 
  1213     by (simp add: CJNB_def Let_def conj_qf split_def)
  1214   {fix bs
  1215     from conjuncts have "Ifm vs bs p = (\<forall>q\<in> set ?cjs. Ifm vs bs q)" by blast
  1216     also have "\<dots> = ((\<forall>q\<in> set ?yes. Ifm vs bs q) \<and> (\<forall>q\<in> set ?no. Ifm vs bs q))"
  1217       using partition_set[OF part] by auto
  1218     finally have "Ifm vs bs p = ((Ifm vs bs ?cyes) \<and> (Ifm vs bs ?cno))" using list_conj[of vs bs] by simp}
  1219   hence "Ifm vs bs (E p) = (\<exists>x. (Ifm vs (x#bs) ?cyes) \<and> (Ifm vs (x#bs) ?cno))" by simp
  1220   also have "\<dots> = (\<exists>x. (Ifm vs (y#bs) ?cyes) \<and> (Ifm vs (x#bs) ?cno))"
  1221     using bound0_I[OF yes_nb, where bs="bs" and b'="y"] by blast
  1222   also have "\<dots> = (Ifm vs bs (decr0 ?cyes) \<and> Ifm vs bs (E ?cno))"
  1223     by (auto simp add: decr0[OF yes_nb] simp del: partition_filter_conv)
  1224   also have "\<dots> = (Ifm vs bs (conj (decr0 ?cyes) (qe ?cno)))"
  1225     using qe[rule_format, OF no_qf] by auto
  1226   finally have "Ifm vs bs (E p) = Ifm vs bs (CJNB qe p)" 
  1227     by (simp add: Let_def CJNB_def split_def)
  1228   with qf show "qfree (CJNB qe p) \<and> Ifm vs bs (CJNB qe p) = Ifm vs bs (E p)" by blast
  1229 qed
  1230 
  1231 consts simpfm :: "fm \<Rightarrow> fm"
  1232 recdef simpfm "measure fmsize"
  1233   "simpfm (Lt t) = simplt (simptm t)"
  1234   "simpfm (Le t) = simple (simptm t)"
  1235   "simpfm (Eq t) = simpeq(simptm t)"
  1236   "simpfm (NEq t) = simpneq(simptm t)"
  1237   "simpfm (And p q) = conj (simpfm p) (simpfm q)"
  1238   "simpfm (Or p q) = disj (simpfm p) (simpfm q)"
  1239   "simpfm (Imp p q) = disj (simpfm (NOT p)) (simpfm q)"
  1240   "simpfm (Iff p q) = disj (conj (simpfm p) (simpfm q)) (conj (simpfm (NOT p)) (simpfm (NOT q)))"
  1241   "simpfm (NOT (And p q)) = disj (simpfm (NOT p)) (simpfm (NOT q))"
  1242   "simpfm (NOT (Or p q)) = conj (simpfm (NOT p)) (simpfm (NOT q))"
  1243   "simpfm (NOT (Imp p q)) = conj (simpfm p) (simpfm (NOT q))"
  1244   "simpfm (NOT (Iff p q)) = disj (conj (simpfm p) (simpfm (NOT q))) (conj (simpfm (NOT p)) (simpfm q))"
  1245   "simpfm (NOT (Eq t)) = simpneq t"
  1246   "simpfm (NOT (NEq t)) = simpeq t"
  1247   "simpfm (NOT (Le t)) = simplt (Neg t)"
  1248   "simpfm (NOT (Lt t)) = simple (Neg t)"
  1249   "simpfm (NOT (NOT p)) = simpfm p"
  1250   "simpfm (NOT T) = F"
  1251   "simpfm (NOT F) = T"
  1252   "simpfm p = p"
  1253 
  1254 lemma simpfm[simp]: "Ifm vs bs (simpfm p) = Ifm vs bs p"
  1255 by(induct p arbitrary: bs rule: simpfm.induct, auto)
  1256 
  1257 lemma simpfm_bound0:   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
  1258   shows "bound0 p \<Longrightarrow> bound0 (simpfm p)"
  1259 by (induct p rule: simpfm.induct, auto)
  1260 
  1261 lemma lt_qf[simp]: "qfree (lt t)"
  1262   apply (cases t, auto simp add: lt_def)
  1263   by (case_tac poly, auto)
  1264 
  1265 lemma le_qf[simp]: "qfree (le t)"
  1266   apply (cases t, auto simp add: le_def)
  1267   by (case_tac poly, auto)
  1268 
  1269 lemma eq_qf[simp]: "qfree (eq t)"
  1270   apply (cases t, auto simp add: eq_def)
  1271   by (case_tac poly, auto)
  1272 
  1273 lemma neq_qf[simp]: "qfree (neq t)" by (simp add: neq_def)
  1274 
  1275 lemma simplt_qf[simp]: "qfree (simplt t)" by (simp add: simplt_def Let_def split_def)
  1276 lemma simple_qf[simp]: "qfree (simple t)" by (simp add: simple_def Let_def split_def)
  1277 lemma simpeq_qf[simp]: "qfree (simpeq t)" by (simp add: simpeq_def Let_def split_def)
  1278 lemma simpneq_qf[simp]: "qfree (simpneq t)" by (simp add: simpneq_def Let_def split_def)
  1279 
  1280 lemma simpfm_qf[simp]: "qfree p \<Longrightarrow> qfree (simpfm p)"
  1281 by (induct p rule: simpfm.induct, auto simp add: disj_qf imp_qf iff_qf conj_qf not_qf Let_def)
  1282 
  1283 lemma disj_lin: "islin p \<Longrightarrow> islin q \<Longrightarrow> islin (disj p q)" by (simp add: disj_def)
  1284 lemma conj_lin: "islin p \<Longrightarrow> islin q \<Longrightarrow> islin (conj p q)" by (simp add: conj_def)
  1285 
  1286 lemma   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
  1287   shows "qfree p \<Longrightarrow> islin (simpfm p)" 
  1288   apply (induct p rule: simpfm.induct)
  1289   apply (simp_all add: conj_lin disj_lin)
  1290   done
  1291 
  1292 consts prep :: "fm \<Rightarrow> fm"
  1293 recdef prep "measure fmsize"
  1294   "prep (E T) = T"
  1295   "prep (E F) = F"
  1296   "prep (E (Or p q)) = disj (prep (E p)) (prep (E q))"
  1297   "prep (E (Imp p q)) = disj (prep (E (NOT p))) (prep (E q))"
  1298   "prep (E (Iff p q)) = disj (prep (E (And p q))) (prep (E (And (NOT p) (NOT q))))" 
  1299   "prep (E (NOT (And p q))) = disj (prep (E (NOT p))) (prep (E(NOT q)))"
  1300   "prep (E (NOT (Imp p q))) = prep (E (And p (NOT q)))"
  1301   "prep (E (NOT (Iff p q))) = disj (prep (E (And p (NOT q)))) (prep (E(And (NOT p) q)))"
  1302   "prep (E p) = E (prep p)"
  1303   "prep (A (And p q)) = conj (prep (A p)) (prep (A q))"
  1304   "prep (A p) = prep (NOT (E (NOT p)))"
  1305   "prep (NOT (NOT p)) = prep p"
  1306   "prep (NOT (And p q)) = disj (prep (NOT p)) (prep (NOT q))"
  1307   "prep (NOT (A p)) = prep (E (NOT p))"
  1308   "prep (NOT (Or p q)) = conj (prep (NOT p)) (prep (NOT q))"
  1309   "prep (NOT (Imp p q)) = conj (prep p) (prep (NOT q))"
  1310   "prep (NOT (Iff p q)) = disj (prep (And p (NOT q))) (prep (And (NOT p) q))"
  1311   "prep (NOT p) = not (prep p)"
  1312   "prep (Or p q) = disj (prep p) (prep q)"
  1313   "prep (And p q) = conj (prep p) (prep q)"
  1314   "prep (Imp p q) = prep (Or (NOT p) q)"
  1315   "prep (Iff p q) = disj (prep (And p q)) (prep (And (NOT p) (NOT q)))"
  1316   "prep p = p"
  1317 (hints simp add: fmsize_pos)
  1318 lemma prep: "Ifm vs bs (prep p) = Ifm vs bs p"
  1319 by (induct p arbitrary: bs rule: prep.induct, auto)
  1320 
  1321 
  1322 
  1323   (* Generic quantifier elimination *)
  1324 consts qelim :: "fm \<Rightarrow> (fm \<Rightarrow> fm) \<Rightarrow> fm"
  1325 recdef qelim "measure fmsize"
  1326   "qelim (E p) = (\<lambda> qe. DJ (CJNB qe) (qelim p qe))"
  1327   "qelim (A p) = (\<lambda> qe. not (qe ((qelim (NOT p) qe))))"
  1328   "qelim (NOT p) = (\<lambda> qe. not (qelim p qe))"
  1329   "qelim (And p q) = (\<lambda> qe. conj (qelim p qe) (qelim q qe))" 
  1330   "qelim (Or  p q) = (\<lambda> qe. disj (qelim p qe) (qelim q qe))" 
  1331   "qelim (Imp p q) = (\<lambda> qe. imp (qelim p qe) (qelim q qe))"
  1332   "qelim (Iff p q) = (\<lambda> qe. iff (qelim p qe) (qelim q qe))"
  1333   "qelim p = (\<lambda> y. simpfm p)"
  1334 
  1335 
  1336 lemma qelim:
  1337   assumes qe_inv: "\<forall> bs p. qfree p \<longrightarrow> qfree (qe p) \<and> (Ifm vs bs (qe p) = Ifm vs bs (E p))"
  1338   shows "\<And> bs. qfree (qelim p qe) \<and> (Ifm vs bs (qelim p qe) = Ifm vs bs p)"
  1339 using qe_inv DJ_qe[OF CJNB_qe[OF qe_inv]]
  1340 by (induct p rule: qelim.induct) auto
  1341 
  1342 subsection{* Core Procedure *}
  1343 
  1344 consts 
  1345   plusinf:: "fm \<Rightarrow> fm" (* Virtual substitution of +\<infinity>*)
  1346   minusinf:: "fm \<Rightarrow> fm" (* Virtual substitution of -\<infinity>*)
  1347 recdef minusinf "measure size"
  1348   "minusinf (And p q) = conj (minusinf p) (minusinf q)" 
  1349   "minusinf (Or p q) = disj (minusinf p) (minusinf q)" 
  1350   "minusinf (Eq  (CNP 0 c e)) = conj (eq (CP c)) (eq e)"
  1351   "minusinf (NEq (CNP 0 c e)) = disj (not (eq e)) (not (eq (CP c)))"
  1352   "minusinf (Lt  (CNP 0 c e)) = disj (conj (eq (CP c)) (lt e)) (lt (CP (~\<^sub>p c)))"
  1353   "minusinf (Le  (CNP 0 c e)) = disj (conj (eq (CP c)) (le e)) (lt (CP (~\<^sub>p c)))"
  1354   "minusinf p = p"
  1355 
  1356 recdef plusinf "measure size"
  1357   "plusinf (And p q) = conj (plusinf p) (plusinf q)" 
  1358   "plusinf (Or p q) = disj (plusinf p) (plusinf q)" 
  1359   "plusinf (Eq  (CNP 0 c e)) = conj (eq (CP c)) (eq e)"
  1360   "plusinf (NEq (CNP 0 c e)) = disj (not (eq e)) (not (eq (CP c)))"
  1361   "plusinf (Lt  (CNP 0 c e)) = disj (conj (eq (CP c)) (lt e)) (lt (CP c))"
  1362   "plusinf (Le  (CNP 0 c e)) = disj (conj (eq (CP c)) (le e)) (lt (CP c))"
  1363   "plusinf p = p"
  1364 
  1365 lemma minusinf_inf: assumes lp:"islin p"
  1366   shows "\<exists>z. \<forall>x < z. Ifm vs (x#bs) (minusinf p) \<longleftrightarrow> Ifm vs (x#bs) p"
  1367   using lp
  1368 proof (induct p rule: minusinf.induct)
  1369   case 1 thus ?case by (auto,rule_tac x="min z za" in exI, auto)
  1370 next
  1371   case 2 thus ?case by (auto,rule_tac x="min z za" in exI, auto)
  1372 next
  1373   case (3 c e) hence nbe: "tmbound0 e" by simp
  1374   from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
  1375   note eqs = eq[OF nc(1), where ?'a = 'a] eq[OF nc(2), where ?'a = 'a]
  1376   let ?c = "Ipoly vs c"
  1377   let ?e = "Itm vs (y#bs) e"
  1378   have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
  1379   moreover {assume "?c = 0" hence ?case 
  1380       using eq[OF nc(2), of vs] eq[OF nc(1), of vs] by auto}
  1381   moreover {assume cp: "?c > 0"
  1382     {fix x assume xz: "x < -?e / ?c" hence "?c * x < - ?e"
  1383         using pos_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  1384       hence "?c * x + ?e < 0" by simp
  1385       hence "Ifm vs (x#bs) (Eq (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (Eq (CNP 0 c e)))"
  1386         using eqs tmbound0_I[OF nbe, where b="y" and b'="x" and vs=vs and bs=bs] by auto} hence ?case by auto}
  1387   moreover {assume cp: "?c < 0"
  1388     {fix x assume xz: "x < -?e / ?c" hence "?c * x > - ?e"
  1389         using neg_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  1390       hence "?c * x + ?e > 0" by simp
  1391       hence "Ifm vs (x#bs) (Eq (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (Eq (CNP 0 c e)))"
  1392         using tmbound0_I[OF nbe, where b="y" and b'="x"] eqs by auto} hence ?case by auto}
  1393   ultimately show ?case by blast
  1394 next
  1395   case (4 c e)  hence nbe: "tmbound0 e" by simp
  1396   from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
  1397   note eqs = eq[OF nc(1), where ?'a = 'a] eq[OF nc(2), where ?'a = 'a]
  1398   let ?c = "Ipoly vs c"
  1399   let ?e = "Itm vs (y#bs) e"
  1400   have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
  1401   moreover {assume "?c = 0" hence ?case using eqs by auto}
  1402   moreover {assume cp: "?c > 0"
  1403     {fix x assume xz: "x < -?e / ?c" hence "?c * x < - ?e"
  1404         using pos_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  1405       hence "?c * x + ?e < 0" by simp
  1406       hence "Ifm vs (x#bs) (NEq (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (NEq (CNP 0 c e)))"
  1407         using eqs tmbound0_I[OF nbe, where b="y" and b'="x"] by auto} hence ?case by auto}
  1408   moreover {assume cp: "?c < 0"
  1409     {fix x assume xz: "x < -?e / ?c" hence "?c * x > - ?e"
  1410         using neg_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  1411       hence "?c * x + ?e > 0" by simp
  1412       hence "Ifm vs (x#bs) (NEq (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (NEq (CNP 0 c e)))"
  1413         using eqs tmbound0_I[OF nbe, where b="y" and b'="x"] by auto} hence ?case by auto}
  1414   ultimately show ?case by blast
  1415 next
  1416   case (5 c e)  hence nbe: "tmbound0 e" by simp
  1417   from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
  1418   hence nc': "allpolys isnpoly (CP (~\<^sub>p c))" by (simp add: polyneg_norm)
  1419   note eqs = lt[OF nc', where ?'a = 'a] eq [OF nc(1), where ?'a = 'a] lt[OF nc(2), where ?'a = 'a]
  1420   let ?c = "Ipoly vs c"
  1421   let ?e = "Itm vs (y#bs) e"
  1422   have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
  1423   moreover {assume "?c = 0" hence ?case using eqs by auto}
  1424   moreover {assume cp: "?c > 0"
  1425     {fix x assume xz: "x < -?e / ?c" hence "?c * x < - ?e"
  1426         using pos_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  1427       hence "?c * x + ?e < 0" by simp
  1428       hence "Ifm vs (x#bs) (Lt (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (Lt (CNP 0 c e)))"
  1429         using tmbound0_I[OF nbe, where b="y" and b'="x"] cp eqs by auto} hence ?case by auto}
  1430   moreover {assume cp: "?c < 0"
  1431     {fix x assume xz: "x < -?e / ?c" hence "?c * x > - ?e"
  1432         using neg_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  1433       hence "?c * x + ?e > 0" by simp
  1434       hence "Ifm vs (x#bs) (Lt (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (Lt (CNP 0 c e)))"
  1435         using eqs tmbound0_I[OF nbe, where b="y" and b'="x"] cp by auto} hence ?case by auto}
  1436   ultimately show ?case by blast
  1437 next
  1438   case (6 c e)  hence nbe: "tmbound0 e" by simp
  1439   from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
  1440   hence nc': "allpolys isnpoly (CP (~\<^sub>p c))" by (simp add: polyneg_norm)
  1441   note eqs = lt[OF nc', where ?'a = 'a] eq [OF nc(1), where ?'a = 'a] le[OF nc(2), where ?'a = 'a]
  1442   let ?c = "Ipoly vs c"
  1443   let ?e = "Itm vs (y#bs) e"
  1444   have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
  1445   moreover {assume "?c = 0" hence ?case using eqs by auto}
  1446   moreover {assume cp: "?c > 0"
  1447     {fix x assume xz: "x < -?e / ?c" hence "?c * x < - ?e"
  1448         using pos_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  1449       hence "?c * x + ?e < 0" by simp
  1450       hence "Ifm vs (x#bs) (Le (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (Le (CNP 0 c e)))"
  1451         using tmbound0_I[OF nbe, where b="y" and b'="x"] cp eqs by auto} hence ?case by auto}
  1452   moreover {assume cp: "?c < 0"
  1453     {fix x assume xz: "x < -?e / ?c" hence "?c * x > - ?e"
  1454         using neg_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  1455       hence "?c * x + ?e > 0" by simp
  1456       hence "Ifm vs (x#bs) (Le (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (Le (CNP 0 c e)))"
  1457         using tmbound0_I[OF nbe, where b="y" and b'="x"] cp eqs by auto} hence ?case by auto}
  1458   ultimately show ?case by blast
  1459 qed (auto)
  1460 
  1461 lemma plusinf_inf: assumes lp:"islin p"
  1462   shows "\<exists>z. \<forall>x > z. Ifm vs (x#bs) (plusinf p) \<longleftrightarrow> Ifm vs (x#bs) p"
  1463   using lp
  1464 proof (induct p rule: plusinf.induct)
  1465   case 1 thus ?case by (auto,rule_tac x="max z za" in exI, auto)
  1466 next
  1467   case 2 thus ?case by (auto,rule_tac x="max z za" in exI, auto)
  1468 next
  1469   case (3 c e) hence nbe: "tmbound0 e" by simp
  1470   from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
  1471   note eqs = eq[OF nc(1), where ?'a = 'a] eq[OF nc(2), where ?'a = 'a]
  1472   let ?c = "Ipoly vs c"
  1473   let ?e = "Itm vs (y#bs) e"
  1474   have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
  1475   moreover {assume "?c = 0" hence ?case 
  1476       using eq[OF nc(2), of vs] eq[OF nc(1), of vs] by auto}
  1477   moreover {assume cp: "?c > 0"
  1478     {fix x assume xz: "x > -?e / ?c" hence "?c * x > - ?e" 
  1479         using pos_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  1480       hence "?c * x + ?e > 0" by simp
  1481       hence "Ifm vs (x#bs) (Eq (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (Eq (CNP 0 c e)))"
  1482         using eqs tmbound0_I[OF nbe, where b="y" and b'="x" and vs=vs and bs=bs] by auto} hence ?case by auto}
  1483   moreover {assume cp: "?c < 0"
  1484     {fix x assume xz: "x > -?e / ?c" hence "?c * x < - ?e"
  1485         using neg_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  1486       hence "?c * x + ?e < 0" by simp
  1487       hence "Ifm vs (x#bs) (Eq (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (Eq (CNP 0 c e)))"
  1488         using tmbound0_I[OF nbe, where b="y" and b'="x"] eqs by auto} hence ?case by auto}
  1489   ultimately show ?case by blast
  1490 next
  1491   case (4 c e)  hence nbe: "tmbound0 e" by simp
  1492   from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
  1493   note eqs = eq[OF nc(1), where ?'a = 'a] eq[OF nc(2), where ?'a = 'a]
  1494   let ?c = "Ipoly vs c"
  1495   let ?e = "Itm vs (y#bs) e"
  1496   have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
  1497   moreover {assume "?c = 0" hence ?case using eqs by auto}
  1498   moreover {assume cp: "?c > 0"
  1499     {fix x assume xz: "x > -?e / ?c" hence "?c * x > - ?e"
  1500         using pos_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  1501       hence "?c * x + ?e > 0" by simp
  1502       hence "Ifm vs (x#bs) (NEq (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (NEq (CNP 0 c e)))"
  1503         using eqs tmbound0_I[OF nbe, where b="y" and b'="x"] by auto} hence ?case by auto}
  1504   moreover {assume cp: "?c < 0"
  1505     {fix x assume xz: "x > -?e / ?c" hence "?c * x < - ?e"
  1506         using neg_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  1507       hence "?c * x + ?e < 0" by simp
  1508       hence "Ifm vs (x#bs) (NEq (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (NEq (CNP 0 c e)))"
  1509         using eqs tmbound0_I[OF nbe, where b="y" and b'="x"] by auto} hence ?case by auto}
  1510   ultimately show ?case by blast
  1511 next
  1512   case (5 c e)  hence nbe: "tmbound0 e" by simp
  1513   from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
  1514   hence nc': "allpolys isnpoly (CP (~\<^sub>p c))" by (simp add: polyneg_norm)
  1515   note eqs = lt[OF nc(1), where ?'a = 'a] lt[OF nc', where ?'a = 'a] eq [OF nc(1), where ?'a = 'a] lt[OF nc(2), where ?'a = 'a]
  1516   let ?c = "Ipoly vs c"
  1517   let ?e = "Itm vs (y#bs) e"
  1518   have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
  1519   moreover {assume "?c = 0" hence ?case using eqs by auto}
  1520   moreover {assume cp: "?c > 0"
  1521     {fix x assume xz: "x > -?e / ?c" hence "?c * x > - ?e"
  1522         using pos_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  1523       hence "?c * x + ?e > 0" by simp
  1524       hence "Ifm vs (x#bs) (Lt (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (Lt (CNP 0 c e)))"
  1525         using tmbound0_I[OF nbe, where b="y" and b'="x"] cp eqs by auto} hence ?case by auto}
  1526   moreover {assume cp: "?c < 0"
  1527     {fix x assume xz: "x > -?e / ?c" hence "?c * x < - ?e"
  1528         using neg_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  1529       hence "?c * x + ?e < 0" by simp
  1530       hence "Ifm vs (x#bs) (Lt (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (Lt (CNP 0 c e)))"
  1531         using eqs tmbound0_I[OF nbe, where b="y" and b'="x"] cp by auto} hence ?case by auto}
  1532   ultimately show ?case by blast
  1533 next
  1534   case (6 c e)  hence nbe: "tmbound0 e" by simp
  1535   from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
  1536   hence nc': "allpolys isnpoly (CP (~\<^sub>p c))" by (simp add: polyneg_norm)
  1537   note eqs = lt[OF nc(1), where ?'a = 'a] eq [OF nc(1), where ?'a = 'a] le[OF nc(2), where ?'a = 'a]
  1538   let ?c = "Ipoly vs c"
  1539   let ?e = "Itm vs (y#bs) e"
  1540   have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
  1541   moreover {assume "?c = 0" hence ?case using eqs by auto}
  1542   moreover {assume cp: "?c > 0"
  1543     {fix x assume xz: "x > -?e / ?c" hence "?c * x > - ?e"
  1544         using pos_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  1545       hence "?c * x + ?e > 0" by simp
  1546       hence "Ifm vs (x#bs) (Le (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (Le (CNP 0 c e)))"
  1547         using tmbound0_I[OF nbe, where b="y" and b'="x"] cp eqs by auto} hence ?case by auto}
  1548   moreover {assume cp: "?c < 0"
  1549     {fix x assume xz: "x > -?e / ?c" hence "?c * x < - ?e"
  1550         using neg_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  1551       hence "?c * x + ?e < 0" by simp
  1552       hence "Ifm vs (x#bs) (Le (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (Le (CNP 0 c e)))"
  1553         using tmbound0_I[OF nbe, where b="y" and b'="x"] cp eqs by auto} hence ?case by auto}
  1554   ultimately show ?case by blast
  1555 qed (auto)
  1556 
  1557 lemma minusinf_nb: "islin p \<Longrightarrow> bound0 (minusinf p)" 
  1558   by (induct p rule: minusinf.induct, auto simp add: eq_nb lt_nb le_nb)
  1559 lemma plusinf_nb: "islin p \<Longrightarrow> bound0 (plusinf p)" 
  1560   by (induct p rule: minusinf.induct, auto simp add: eq_nb lt_nb le_nb)
  1561 
  1562 lemma minusinf_ex: assumes lp: "islin p" and ex: "Ifm vs (x#bs) (minusinf p)"
  1563   shows "\<exists>x. Ifm vs (x#bs) p"
  1564 proof-
  1565   from bound0_I [OF minusinf_nb[OF lp], where b="a" and bs ="bs"] ex
  1566   have th: "\<forall> x. Ifm vs (x#bs) (minusinf p)" by auto
  1567   from minusinf_inf[OF lp, where bs="bs"] 
  1568   obtain z where z_def: "\<forall>x<z. Ifm vs (x # bs) (minusinf p) = Ifm vs (x # bs) p" by blast
  1569   from th have "Ifm vs ((z - 1)#bs) (minusinf p)" by simp
  1570   moreover have "z - 1 < z" by simp
  1571   ultimately show ?thesis using z_def by auto
  1572 qed
  1573 
  1574 lemma plusinf_ex: assumes lp: "islin p" and ex: "Ifm vs (x#bs) (plusinf p)"
  1575   shows "\<exists>x. Ifm vs (x#bs) p"
  1576 proof-
  1577   from bound0_I [OF plusinf_nb[OF lp], where b="a" and bs ="bs"] ex
  1578   have th: "\<forall> x. Ifm vs (x#bs) (plusinf p)" by auto
  1579   from plusinf_inf[OF lp, where bs="bs"] 
  1580   obtain z where z_def: "\<forall>x>z. Ifm vs (x # bs) (plusinf p) = Ifm vs (x # bs) p" by blast
  1581   from th have "Ifm vs ((z + 1)#bs) (plusinf p)" by simp
  1582   moreover have "z + 1 > z" by simp
  1583   ultimately show ?thesis using z_def by auto
  1584 qed
  1585 
  1586 fun uset :: "fm \<Rightarrow> (poly \<times> tm) list" where
  1587   "uset (And p q) = uset p @ uset q"
  1588 | "uset (Or p q) = uset p @ uset q"
  1589 | "uset (Eq (CNP 0 a e))  = [(a,e)]"
  1590 | "uset (Le (CNP 0 a e))  = [(a,e)]"
  1591 | "uset (Lt (CNP 0 a e))  = [(a,e)]"
  1592 | "uset (NEq (CNP 0 a e)) = [(a,e)]"
  1593 | "uset p = []"
  1594 
  1595 lemma uset_l:
  1596   assumes lp: "islin p"
  1597   shows "\<forall> (c,s) \<in> set (uset p). isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s"
  1598 using lp by(induct p rule: uset.induct,auto)
  1599 
  1600 lemma minusinf_uset0:
  1601   assumes lp: "islin p"
  1602   and nmi: "\<not> (Ifm vs (x#bs) (minusinf p))"
  1603   and ex: "Ifm vs (x#bs) p" (is "?I x p")
  1604   shows "\<exists> (c,s) \<in> set (uset p). x \<ge> - Itm vs (x#bs) s / Ipoly vs c" 
  1605 proof-
  1606   have "\<exists> (c,s) \<in> set (uset p). (Ipoly vs c < 0 \<and> Ipoly vs c * x \<le> - Itm vs (x#bs) s) \<or>  (Ipoly vs c > 0 \<and> Ipoly vs c * x \<ge> - Itm vs (x#bs) s)" 
  1607     using lp nmi ex
  1608     apply (induct p rule: minusinf.induct, auto simp add: eq le lt nth_pos2 polyneg_norm)
  1609     apply (auto simp add: linorder_not_less order_le_less)
  1610     done 
  1611   then obtain c s where csU: "(c,s) \<in> set (uset p)" and x: "(Ipoly vs c < 0 \<and> Ipoly vs c * x \<le> - Itm vs (x#bs) s) \<or>  (Ipoly vs c > 0 \<and> Ipoly vs c * x \<ge> - Itm vs (x#bs) s)" by blast
  1612   hence "x \<ge> (- Itm vs (x#bs) s) / Ipoly vs c"
  1613     using divide_le_eq[of "- Itm vs (x#bs) s" "Ipoly vs c" x]
  1614     by (auto simp add: mult_commute del: divide_minus_left)
  1615   thus ?thesis using csU by auto
  1616 qed
  1617 
  1618 lemma minusinf_uset:
  1619   assumes lp: "islin p"
  1620   and nmi: "\<not> (Ifm vs (a#bs) (minusinf p))"
  1621   and ex: "Ifm vs (x#bs) p" (is "?I x p")
  1622   shows "\<exists> (c,s) \<in> set (uset p). x \<ge> - Itm vs (a#bs) s / Ipoly vs c" 
  1623 proof-
  1624   from nmi have nmi': "\<not> (Ifm vs (x#bs) (minusinf p))" 
  1625     by (simp add: bound0_I[OF minusinf_nb[OF lp], where b=x and b'=a])
  1626   from minusinf_uset0[OF lp nmi' ex] 
  1627   obtain c s where csU: "(c,s) \<in> set (uset p)" and th: "x \<ge> - Itm vs (x#bs) s / Ipoly vs c" by blast
  1628   from uset_l[OF lp, rule_format, OF csU] have nb: "tmbound0 s" by simp
  1629   from th tmbound0_I[OF nb, of vs x bs a] csU show ?thesis by auto
  1630 qed
  1631 
  1632 
  1633 lemma plusinf_uset0:
  1634   assumes lp: "islin p"
  1635   and nmi: "\<not> (Ifm vs (x#bs) (plusinf p))"
  1636   and ex: "Ifm vs (x#bs) p" (is "?I x p")
  1637   shows "\<exists> (c,s) \<in> set (uset p). x \<le> - Itm vs (x#bs) s / Ipoly vs c" 
  1638 proof-
  1639   have "\<exists> (c,s) \<in> set (uset p). (Ipoly vs c < 0 \<and> Ipoly vs c * x \<ge> - Itm vs (x#bs) s) \<or>  (Ipoly vs c > 0 \<and> Ipoly vs c * x \<le> - Itm vs (x#bs) s)" 
  1640     using lp nmi ex
  1641     apply (induct p rule: minusinf.induct, auto simp add: eq le lt nth_pos2 polyneg_norm)
  1642     apply (auto simp add: linorder_not_less order_le_less)
  1643     done 
  1644   then obtain c s where csU: "(c,s) \<in> set (uset p)" and x: "(Ipoly vs c < 0 \<and> Ipoly vs c * x \<ge> - Itm vs (x#bs) s) \<or>  (Ipoly vs c > 0 \<and> Ipoly vs c * x \<le> - Itm vs (x#bs) s)" by blast
  1645   hence "x \<le> (- Itm vs (x#bs) s) / Ipoly vs c"
  1646     using le_divide_eq[of x "- Itm vs (x#bs) s" "Ipoly vs c"]
  1647     by (auto simp add: mult_commute del: divide_minus_left)
  1648   thus ?thesis using csU by auto
  1649 qed
  1650 
  1651 lemma plusinf_uset:
  1652   assumes lp: "islin p"
  1653   and nmi: "\<not> (Ifm vs (a#bs) (plusinf p))"
  1654   and ex: "Ifm vs (x#bs) p" (is "?I x p")
  1655   shows "\<exists> (c,s) \<in> set (uset p). x \<le> - Itm vs (a#bs) s / Ipoly vs c" 
  1656 proof-
  1657   from nmi have nmi': "\<not> (Ifm vs (x#bs) (plusinf p))" 
  1658     by (simp add: bound0_I[OF plusinf_nb[OF lp], where b=x and b'=a])
  1659   from plusinf_uset0[OF lp nmi' ex] 
  1660   obtain c s where csU: "(c,s) \<in> set (uset p)" and th: "x \<le> - Itm vs (x#bs) s / Ipoly vs c" by blast
  1661   from uset_l[OF lp, rule_format, OF csU] have nb: "tmbound0 s" by simp
  1662   from th tmbound0_I[OF nb, of vs x bs a] csU show ?thesis by auto
  1663 qed
  1664 
  1665 lemma lin_dense: 
  1666   assumes lp: "islin p"
  1667   and noS: "\<forall> t. l < t \<and> t< u \<longrightarrow> t \<notin> (\<lambda> (c,t). - Itm vs (x#bs) t / Ipoly vs c) ` set (uset p)" 
  1668   (is "\<forall> t. _ \<and> _ \<longrightarrow> t \<notin> (\<lambda> (c,t). - ?Nt x t / ?N c) ` ?U p")
  1669   and lx: "l < x" and xu:"x < u" and px:" Ifm vs (x#bs) p"
  1670   and ly: "l < y" and yu: "y < u"
  1671   shows "Ifm vs (y#bs) p"
  1672 using lp px noS
  1673 proof (induct p rule: islin.induct) 
  1674   case (5 c s)
  1675   from "5.prems" 
  1676   have lin: "isnpoly c" "c \<noteq> 0\<^sub>p" "tmbound0 s" "allpolys isnpoly s"
  1677     and px: "Ifm vs (x # bs) (Lt (CNP 0 c s))"
  1678     and noS: "\<forall>t. l < t \<and> t < u \<longrightarrow> t \<noteq> - Itm vs (x # bs) s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp_all
  1679   from ly yu noS have yne: "y \<noteq> - ?Nt x s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp
  1680   hence ycs: "y < - ?Nt x s / ?N c \<or> y > -?Nt x s / ?N c" by auto
  1681   have ccs: "?N c = 0 \<or> ?N c < 0 \<or> ?N c > 0" by dlo
  1682   moreover
  1683   {assume "?N c = 0" hence ?case using px by (simp add: tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"])}
  1684   moreover
  1685   {assume c: "?N c > 0"
  1686       from px pos_less_divide_eq[OF c, where a="x" and b="-?Nt x s"]  
  1687       have px': "x < - ?Nt x s / ?N c" 
  1688         by (auto simp add: not_less field_simps) 
  1689     {assume y: "y < - ?Nt x s / ?N c" 
  1690       hence "y * ?N c < - ?Nt x s"
  1691         by (simp add: pos_less_divide_eq[OF c, where a="y" and b="-?Nt x s", symmetric])
  1692       hence "?N c * y + ?Nt x s < 0" by (simp add: field_simps)
  1693       hence ?case using tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"] by simp}
  1694     moreover
  1695     {assume y: "y > -?Nt x s / ?N c" 
  1696       with yu have eu: "u > - ?Nt x s / ?N c" by auto
  1697       with noS ly yu have th: "- ?Nt x s / ?N c \<le> l" by (cases "- ?Nt x s / ?N c > l", auto)
  1698       with lx px' have "False" by simp  hence ?case by simp }
  1699     ultimately have ?case using ycs by blast
  1700   }
  1701   moreover
  1702   {assume c: "?N c < 0"
  1703       from px neg_divide_less_eq[OF c, where a="x" and b="-?Nt x s"]  
  1704       have px': "x > - ?Nt x s / ?N c" 
  1705         by (auto simp add: not_less field_simps) 
  1706     {assume y: "y > - ?Nt x s / ?N c" 
  1707       hence "y * ?N c < - ?Nt x s"
  1708         by (simp add: neg_divide_less_eq[OF c, where a="y" and b="-?Nt x s", symmetric])
  1709       hence "?N c * y + ?Nt x s < 0" by (simp add: field_simps)
  1710       hence ?case using tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"] by simp}
  1711     moreover
  1712     {assume y: "y < -?Nt x s / ?N c" 
  1713       with ly have eu: "l < - ?Nt x s / ?N c" by auto
  1714       with noS ly yu have th: "- ?Nt x s / ?N c \<ge> u" by (cases "- ?Nt x s / ?N c < u", auto)
  1715       with xu px' have "False" by simp  hence ?case by simp }
  1716     ultimately have ?case using ycs by blast
  1717   }
  1718   ultimately show ?case by blast
  1719 next
  1720   case (6 c s)
  1721   from "6.prems" 
  1722   have lin: "isnpoly c" "c \<noteq> 0\<^sub>p" "tmbound0 s" "allpolys isnpoly s"
  1723     and px: "Ifm vs (x # bs) (Le (CNP 0 c s))"
  1724     and noS: "\<forall>t. l < t \<and> t < u \<longrightarrow> t \<noteq> - Itm vs (x # bs) s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp_all
  1725   from ly yu noS have yne: "y \<noteq> - ?Nt x s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp
  1726   hence ycs: "y < - ?Nt x s / ?N c \<or> y > -?Nt x s / ?N c" by auto
  1727   have ccs: "?N c = 0 \<or> ?N c < 0 \<or> ?N c > 0" by dlo
  1728   moreover
  1729   {assume "?N c = 0" hence ?case using px by (simp add: tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"])}
  1730   moreover
  1731   {assume c: "?N c > 0"
  1732       from px pos_le_divide_eq[OF c, where a="x" and b="-?Nt x s"]  
  1733       have px': "x <= - ?Nt x s / ?N c" by (simp add: not_less field_simps) 
  1734     {assume y: "y < - ?Nt x s / ?N c" 
  1735       hence "y * ?N c < - ?Nt x s"
  1736         by (simp add: pos_less_divide_eq[OF c, where a="y" and b="-?Nt x s", symmetric])
  1737       hence "?N c * y + ?Nt x s < 0" by (simp add: field_simps)
  1738       hence ?case using tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"] by simp}
  1739     moreover
  1740     {assume y: "y > -?Nt x s / ?N c" 
  1741       with yu have eu: "u > - ?Nt x s / ?N c" by auto
  1742       with noS ly yu have th: "- ?Nt x s / ?N c \<le> l" by (cases "- ?Nt x s / ?N c > l", auto)
  1743       with lx px' have "False" by simp  hence ?case by simp }
  1744     ultimately have ?case using ycs by blast
  1745   }
  1746   moreover
  1747   {assume c: "?N c < 0"
  1748       from px neg_divide_le_eq[OF c, where a="x" and b="-?Nt x s"]  
  1749       have px': "x >= - ?Nt x s / ?N c" by (simp add: field_simps) 
  1750     {assume y: "y > - ?Nt x s / ?N c" 
  1751       hence "y * ?N c < - ?Nt x s"
  1752         by (simp add: neg_divide_less_eq[OF c, where a="y" and b="-?Nt x s", symmetric])
  1753       hence "?N c * y + ?Nt x s < 0" by (simp add: field_simps)
  1754       hence ?case using tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"] by simp}
  1755     moreover
  1756     {assume y: "y < -?Nt x s / ?N c" 
  1757       with ly have eu: "l < - ?Nt x s / ?N c" by auto
  1758       with noS ly yu have th: "- ?Nt x s / ?N c \<ge> u" by (cases "- ?Nt x s / ?N c < u", auto)
  1759       with xu px' have "False" by simp  hence ?case by simp }
  1760     ultimately have ?case using ycs by blast
  1761   }
  1762   ultimately show ?case by blast
  1763 next
  1764     case (3 c s)
  1765   from "3.prems" 
  1766   have lin: "isnpoly c" "c \<noteq> 0\<^sub>p" "tmbound0 s" "allpolys isnpoly s"
  1767     and px: "Ifm vs (x # bs) (Eq (CNP 0 c s))"
  1768     and noS: "\<forall>t. l < t \<and> t < u \<longrightarrow> t \<noteq> - Itm vs (x # bs) s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp_all
  1769   from ly yu noS have yne: "y \<noteq> - ?Nt x s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp
  1770   hence ycs: "y < - ?Nt x s / ?N c \<or> y > -?Nt x s / ?N c" by auto
  1771   have ccs: "?N c = 0 \<or> ?N c < 0 \<or> ?N c > 0" by dlo
  1772   moreover
  1773   {assume "?N c = 0" hence ?case using px by (simp add: tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"])}
  1774   moreover
  1775   {assume c: "?N c > 0" hence cnz: "?N c \<noteq> 0" by simp
  1776     from px eq_divide_eq[of "x" "-?Nt x s" "?N c"]  cnz
  1777     have px': "x = - ?Nt x s / ?N c" by (simp add: field_simps)
  1778     {assume y: "y < -?Nt x s / ?N c" 
  1779       with ly have eu: "l < - ?Nt x s / ?N c" by auto
  1780       with noS ly yu have th: "- ?Nt x s / ?N c \<ge> u" by (cases "- ?Nt x s / ?N c < u", auto)
  1781       with xu px' have "False" by simp  hence ?case by simp }
  1782     moreover
  1783     {assume y: "y > -?Nt x s / ?N c" 
  1784       with yu have eu: "u > - ?Nt x s / ?N c" by auto
  1785       with noS ly yu have th: "- ?Nt x s / ?N c \<le> l" by (cases "- ?Nt x s / ?N c > l", auto)
  1786       with lx px' have "False" by simp  hence ?case by simp }
  1787     ultimately have ?case using ycs by blast
  1788   }
  1789   moreover
  1790   {assume c: "?N c < 0" hence cnz: "?N c \<noteq> 0" by simp
  1791     from px eq_divide_eq[of "x" "-?Nt x s" "?N c"]  cnz
  1792     have px': "x = - ?Nt x s / ?N c" by (simp add: field_simps)
  1793     {assume y: "y < -?Nt x s / ?N c" 
  1794       with ly have eu: "l < - ?Nt x s / ?N c" by auto
  1795       with noS ly yu have th: "- ?Nt x s / ?N c \<ge> u" by (cases "- ?Nt x s / ?N c < u", auto)
  1796       with xu px' have "False" by simp  hence ?case by simp }
  1797     moreover
  1798     {assume y: "y > -?Nt x s / ?N c" 
  1799       with yu have eu: "u > - ?Nt x s / ?N c" by auto
  1800       with noS ly yu have th: "- ?Nt x s / ?N c \<le> l" by (cases "- ?Nt x s / ?N c > l", auto)
  1801       with lx px' have "False" by simp  hence ?case by simp }
  1802     ultimately have ?case using ycs by blast
  1803   }
  1804   ultimately show ?case by blast
  1805 next
  1806     case (4 c s)
  1807   from "4.prems" 
  1808   have lin: "isnpoly c" "c \<noteq> 0\<^sub>p" "tmbound0 s" "allpolys isnpoly s"
  1809     and px: "Ifm vs (x # bs) (NEq (CNP 0 c s))"
  1810     and noS: "\<forall>t. l < t \<and> t < u \<longrightarrow> t \<noteq> - Itm vs (x # bs) s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp_all
  1811   from ly yu noS have yne: "y \<noteq> - ?Nt x s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp
  1812   hence ycs: "y < - ?Nt x s / ?N c \<or> y > -?Nt x s / ?N c" by auto
  1813   have ccs: "?N c = 0 \<or> ?N c \<noteq> 0" by dlo
  1814   moreover
  1815   {assume "?N c = 0" hence ?case using px by (simp add: tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"])}
  1816   moreover
  1817   {assume c: "?N c \<noteq> 0"
  1818     from yne c eq_divide_eq[of "y" "- ?Nt x s" "?N c"] have ?case
  1819       by (simp add: field_simps tmbound0_I[OF lin(3), of vs x bs y] sum_eq[symmetric]) }
  1820   ultimately show ?case by blast
  1821 qed (auto simp add: nth_pos2 tmbound0_I[where vs=vs and bs="bs" and b="y" and b'="x"] bound0_I[where vs=vs and bs="bs" and b="y" and b'="x"])
  1822 
  1823 lemma one_plus_one_pos[simp]: "(1::'a::{linordered_field}) + 1 > 0"
  1824 proof-
  1825   have op: "(1::'a) > 0" by simp
  1826   from add_pos_pos[OF op op] show ?thesis . 
  1827 qed
  1828 
  1829 lemma one_plus_one_nonzero[simp]: "(1::'a::{linordered_field}) + 1 \<noteq> 0" 
  1830   using one_plus_one_pos[where ?'a = 'a] by (simp add: less_le) 
  1831 
  1832 lemma half_sum_eq: "(u + u) / (1+1) = (u::'a::{linordered_field})" 
  1833 proof-
  1834   have "(u + u) = (1 + 1) * u" by (simp add: field_simps)
  1835   hence "(u + u) / (1+1) = (1 + 1)*u / (1 + 1)" by simp
  1836   with nonzero_mult_divide_cancel_left[OF one_plus_one_nonzero, of u] show ?thesis by simp
  1837 qed
  1838 
  1839 lemma inf_uset:
  1840   assumes lp: "islin p"
  1841   and nmi: "\<not> (Ifm vs (x#bs) (minusinf p))" (is "\<not> (Ifm vs (x#bs) (?M p))")
  1842   and npi: "\<not> (Ifm vs (x#bs) (plusinf p))" (is "\<not> (Ifm vs (x#bs) (?P p))")
  1843   and ex: "\<exists> x.  Ifm vs (x#bs) p" (is "\<exists> x. ?I x p")
  1844   shows "\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). ?I ((- Itm vs (x#bs) t / Ipoly vs c + - Itm vs (x#bs) s / Ipoly vs d) / (1 + 1)) p" 
  1845 proof-
  1846   let ?Nt = "\<lambda> x t. Itm vs (x#bs) t"
  1847   let ?N = "Ipoly vs"
  1848   let ?U = "set (uset p)"
  1849   from ex obtain a where pa: "?I a p" by blast
  1850   from bound0_I[OF minusinf_nb[OF lp], where bs="bs" and b="x" and b'="a"] nmi
  1851   have nmi': "\<not> (?I a (?M p))" by simp
  1852   from bound0_I[OF plusinf_nb[OF lp], where bs="bs" and b="x" and b'="a"] npi
  1853   have npi': "\<not> (?I a (?P p))" by simp
  1854   have "\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). ?I ((- ?Nt a t/?N c + - ?Nt a s /?N d) / (1 + 1)) p"
  1855   proof-
  1856     let ?M = "(\<lambda> (c,t). - ?Nt a t / ?N c) ` ?U"
  1857     have fM: "finite ?M" by auto
  1858     from minusinf_uset[OF lp nmi pa] plusinf_uset[OF lp npi pa] 
  1859     have "\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). a \<le> - ?Nt x t / ?N c \<and> a \<ge> - ?Nt x s / ?N d" by blast
  1860     then obtain "c" "t" "d" "s" where 
  1861       ctU: "(c,t) \<in> ?U" and dsU: "(d,s) \<in> ?U" 
  1862       and xs1: "a \<le> - ?Nt x s / ?N d" and tx1: "a \<ge> - ?Nt x t / ?N c" by blast
  1863     from uset_l[OF lp] ctU dsU tmbound0_I[where bs="bs" and b="x" and b'="a"] xs1 tx1 
  1864     have xs: "a \<le> - ?Nt a s / ?N d" and tx: "a \<ge> - ?Nt a t / ?N c" by auto
  1865     from ctU have Mne: "?M \<noteq> {}" by auto
  1866     hence Une: "?U \<noteq> {}" by simp
  1867     let ?l = "Min ?M"
  1868     let ?u = "Max ?M"
  1869     have linM: "?l \<in> ?M" using fM Mne by simp
  1870     have uinM: "?u \<in> ?M" using fM Mne by simp
  1871     have ctM: "- ?Nt a t / ?N c \<in> ?M" using ctU by auto
  1872     have dsM: "- ?Nt a s / ?N d \<in> ?M" using dsU by auto 
  1873     have lM: "\<forall> t\<in> ?M. ?l \<le> t" using Mne fM by auto
  1874     have Mu: "\<forall> t\<in> ?M. t \<le> ?u" using Mne fM by auto
  1875     have "?l \<le> - ?Nt a t / ?N c" using ctM Mne by simp hence lx: "?l \<le> a" using tx by simp
  1876     have "- ?Nt a s / ?N d \<le> ?u" using dsM Mne by simp hence xu: "a \<le> ?u" using xs by simp
  1877     from finite_set_intervals2[where P="\<lambda> x. ?I x p",OF pa lx xu linM uinM fM lM Mu]
  1878     have "(\<exists> s\<in> ?M. ?I s p) \<or> 
  1879       (\<exists> t1\<in> ?M. \<exists> t2 \<in> ?M. (\<forall> y. t1 < y \<and> y < t2 \<longrightarrow> y \<notin> ?M) \<and> t1 < a \<and> a < t2 \<and> ?I a p)" .
  1880     moreover {fix u assume um: "u\<in> ?M" and pu: "?I u p"
  1881       hence "\<exists> (nu,tu) \<in> ?U. u = - ?Nt a tu / ?N nu" by auto
  1882       then obtain "tu" "nu" where tuU: "(nu,tu) \<in> ?U" and tuu:"u= - ?Nt a tu / ?N nu" by blast
  1883       from half_sum_eq[of u] pu tuu 
  1884       have "?I (((- ?Nt a tu / ?N nu) + (- ?Nt a tu / ?N nu)) / (1 + 1)) p" by simp
  1885       with tuU have ?thesis by blast}
  1886     moreover{
  1887       assume "\<exists> t1\<in> ?M. \<exists> t2 \<in> ?M. (\<forall> y. t1 < y \<and> y < t2 \<longrightarrow> y \<notin> ?M) \<and> t1 < a \<and> a < t2 \<and> ?I a p"
  1888       then obtain t1 and t2 where t1M: "t1 \<in> ?M" and t2M: "t2\<in> ?M" 
  1889         and noM: "\<forall> y. t1 < y \<and> y < t2 \<longrightarrow> y \<notin> ?M" and t1x: "t1 < a" and xt2: "a < t2" and px: "?I a p"
  1890         by blast
  1891       from t1M have "\<exists> (t1n,t1u) \<in> ?U. t1 = - ?Nt a t1u / ?N t1n" by auto
  1892       then obtain "t1u" "t1n" where t1uU: "(t1n,t1u) \<in> ?U" and t1u: "t1 = - ?Nt a t1u / ?N t1n" by blast
  1893       from t2M have "\<exists> (t2n,t2u) \<in> ?U. t2 = - ?Nt a t2u / ?N t2n" by auto
  1894       then obtain "t2u" "t2n" where t2uU: "(t2n,t2u) \<in> ?U" and t2u: "t2 = - ?Nt a t2u / ?N t2n" by blast
  1895       from t1x xt2 have t1t2: "t1 < t2" by simp
  1896       let ?u = "(t1 + t2) / (1 + 1)"
  1897       from less_half_sum[OF t1t2] gt_half_sum[OF t1t2] have t1lu: "t1 < ?u" and ut2: "?u < t2" by auto
  1898       from lin_dense[OF lp noM t1x xt2 px t1lu ut2] have "?I ?u p" .
  1899       with t1uU t2uU t1u t2u have ?thesis by blast}
  1900     ultimately show ?thesis by blast
  1901   qed
  1902   then obtain "l" "n" "s"  "m" where lnU: "(n,l) \<in> ?U" and smU:"(m,s) \<in> ?U" 
  1903     and pu: "?I ((- ?Nt a l / ?N n + - ?Nt a s / ?N m) / (1 + 1)) p" by blast
  1904   from lnU smU uset_l[OF lp] have nbl: "tmbound0 l" and nbs: "tmbound0 s" by auto
  1905   from tmbound0_I[OF nbl, where bs="bs" and b="a" and b'="x"] 
  1906     tmbound0_I[OF nbs, where bs="bs" and b="a" and b'="x"] pu
  1907   have "?I ((- ?Nt x l / ?N n + - ?Nt x s / ?N m) / (1 + 1)) p" by simp
  1908   with lnU smU
  1909   show ?thesis by auto
  1910 qed
  1911 
  1912     (* The Ferrante - Rackoff Theorem *)
  1913 
  1914 theorem fr_eq: 
  1915   assumes lp: "islin p"
  1916   shows "(\<exists> x. Ifm vs (x#bs) p) = ((Ifm vs (x#bs) (minusinf p)) \<or> (Ifm vs (x#bs) (plusinf p)) \<or> (\<exists> (n,t) \<in> set (uset p). \<exists> (m,s) \<in> set (uset p). Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs n + - Itm vs (x#bs) s / Ipoly vs m) /(1 + 1))#bs) p))"
  1917   (is "(\<exists> x. ?I x p) = (?M \<or> ?P \<or> ?F)" is "?E = ?D")
  1918 proof
  1919   assume px: "\<exists> x. ?I x p"
  1920   have "?M \<or> ?P \<or> (\<not> ?M \<and> \<not> ?P)" by blast
  1921   moreover {assume "?M \<or> ?P" hence "?D" by blast}
  1922   moreover {assume nmi: "\<not> ?M" and npi: "\<not> ?P"
  1923     from inf_uset[OF lp nmi npi] have "?F" using px by blast hence "?D" by blast}
  1924   ultimately show "?D" by blast
  1925 next
  1926   assume "?D" 
  1927   moreover {assume m:"?M" from minusinf_ex[OF lp m] have "?E" .}
  1928   moreover {assume p: "?P" from plusinf_ex[OF lp p] have "?E" . }
  1929   moreover {assume f:"?F" hence "?E" by blast}
  1930   ultimately show "?E" by blast
  1931 qed
  1932 
  1933 section{* First implementation : Naive by encoding all case splits locally *}
  1934 definition "msubsteq c t d s a r = 
  1935   evaldjf (split conj) 
  1936   [(let cd = c *\<^sub>p d in (NEq (CP cd), Eq (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  1937    (conj (Eq (CP c)) (NEq (CP d)) , Eq (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  1938    (conj (NEq (CP c)) (Eq (CP d)) , Eq (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  1939    (conj (Eq (CP c)) (Eq (CP d)) , Eq r)]"
  1940 
  1941 lemma msubsteq_nb: assumes lp: "islin (Eq (CNP 0 a r))" and t: "tmbound0 t" and s: "tmbound0 s"
  1942   shows "bound0 (msubsteq c t d s a r)"
  1943 proof-
  1944   have th: "\<forall>x\<in> set [(let cd = c *\<^sub>p d in (NEq (CP cd), Eq (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  1945    (conj (Eq (CP c)) (NEq (CP d)) , Eq (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  1946    (conj (NEq (CP c)) (Eq (CP d)) , Eq (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  1947    (conj (Eq (CP c)) (Eq (CP d)) , Eq r)]. bound0 (split conj x)"
  1948     using lp by (simp add: Let_def t s )
  1949   from evaldjf_bound0[OF th] show ?thesis by (simp add: msubsteq_def)
  1950 qed
  1951 
  1952 lemma msubsteq: assumes lp: "islin (Eq (CNP 0 a r))"
  1953   shows "Ifm vs (x#bs) (msubsteq c t d s a r) = Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs c + - Itm vs (x#bs) s / Ipoly vs d) /(1 + 1))#bs) (Eq (CNP 0 a r))" (is "?lhs = ?rhs")
  1954 proof-
  1955   let ?Nt = "\<lambda>(x::'a) t. Itm vs (x#bs) t"
  1956   let ?N = "\<lambda>p. Ipoly vs p"
  1957   let ?c = "?N c"
  1958   let ?d = "?N d"
  1959   let ?t = "?Nt x t"
  1960   let ?s = "?Nt x s"
  1961   let ?a = "?N a"
  1962   let ?r = "?Nt x r"
  1963   from lp have lin:"isnpoly a" "a \<noteq> 0\<^sub>p" "tmbound0 r" "allpolys isnpoly r" by simp_all
  1964   note r= tmbound0_I[OF lin(3), of vs _ bs x]
  1965   have cd_cs: "?c * ?d \<noteq> 0 \<or> (?c = 0 \<and> ?d = 0) \<or> (?c = 0 \<and> ?d \<noteq> 0) \<or> (?c \<noteq> 0 \<and> ?d = 0)" by auto
  1966   moreover
  1967   {assume c: "?c = 0" and d: "?d=0"
  1968     hence ?thesis  by (simp add: r[of 0] msubsteq_def Let_def evaldjf_ex)}
  1969   moreover 
  1970   {assume c: "?c = 0" and d: "?d\<noteq>0"
  1971     from c have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = -?s / ((1 + 1)*?d)" by simp
  1972     have "?rhs = Ifm vs (-?s / ((1 + 1)*?d) # bs) (Eq (CNP 0 a r))" by (simp only: th)
  1973     also have "\<dots> \<longleftrightarrow> ?a * (-?s / ((1 + 1)*?d)) + ?r = 0" by (simp add: r[of "- (Itm vs (x # bs) s / ((1 + 1) * \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>))"])
  1974     also have "\<dots> \<longleftrightarrow> (1 + 1)*?d * (?a * (-?s / ((1 + 1)*?d)) + ?r) = 0" 
  1975       using d mult_cancel_left[of "(1 + 1)*?d" "(?a * (-?s / ((1 + 1)*?d)) + ?r)" 0] by simp
  1976     also have "\<dots> \<longleftrightarrow> (- ?a * ?s) * ((1 + 1)*?d / ((1 + 1)*?d)) + (1 + 1)*?d*?r= 0"
  1977       by (simp add: field_simps right_distrib[of "(1 + 1)*?d"] del: right_distrib)
  1978     
  1979     also have "\<dots> \<longleftrightarrow> - (?a * ?s) + (1 + 1)*?d*?r = 0" using d by simp 
  1980     finally have ?thesis using c d 
  1981       apply (simp add: r[of "- (Itm vs (x # bs) s / ((1 + 1) * \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>))"] msubsteq_def Let_def evaldjf_ex del: one_add_one_is_two)
  1982       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  1983       apply simp
  1984       done}
  1985   moreover
  1986   {assume c: "?c \<noteq> 0" and d: "?d=0"
  1987     from d have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = -?t / ((1 + 1)*?c)" by simp
  1988     have "?rhs = Ifm vs (-?t / ((1 + 1)*?c) # bs) (Eq (CNP 0 a r))" by (simp only: th)
  1989     also have "\<dots> \<longleftrightarrow> ?a * (-?t / ((1 + 1)*?c)) + ?r = 0" by (simp add: r[of "- (?t/ ((1 + 1)* ?c))"])
  1990     also have "\<dots> \<longleftrightarrow> (1 + 1)*?c * (?a * (-?t / ((1 + 1)*?c)) + ?r) = 0" 
  1991       using c mult_cancel_left[of "(1 + 1)*?c" "(?a * (-?t / ((1 + 1)*?c)) + ?r)" 0] by simp
  1992     also have "\<dots> \<longleftrightarrow> (?a * -?t)* ((1 + 1)*?c) / ((1 + 1)*?c) + (1 + 1)*?c*?r= 0"
  1993       by (simp add: field_simps right_distrib[of "(1 + 1)*?c"] del: right_distrib)
  1994     also have "\<dots> \<longleftrightarrow> - (?a * ?t) + (1 + 1)*?c*?r = 0" using c by simp 
  1995     finally have ?thesis using c d 
  1996       apply (simp add: r[of "- (?t/ ((1 + 1)*?c))"] msubsteq_def Let_def evaldjf_ex del: one_add_one_is_two)
  1997       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  1998       apply simp
  1999       done }
  2000   moreover
  2001   {assume c: "?c \<noteq> 0" and d: "?d\<noteq>0" hence dc: "?c * ?d *(1 + 1) \<noteq> 0" by simp
  2002     from add_frac_eq[OF c d, of "- ?t" "- ?s"]
  2003     have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)" 
  2004       by (simp add: field_simps)
  2005     have "?rhs \<longleftrightarrow> Ifm vs (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d) # bs) (Eq (CNP 0 a r))" by (simp only: th)
  2006     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r = 0" 
  2007       by (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"])
  2008     also have "\<dots> \<longleftrightarrow> ((1 + 1) * ?c * ?d) * (?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r) =0 "
  2009       using c d mult_cancel_left[of "(1 + 1) * ?c * ?d" "?a * (- (?d * ?t + ?c* ?s)/ ((1 + 1)*?c*?d)) + ?r" 0] by simp
  2010     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )) + (1 + 1)*?c*?d*?r =0" 
  2011       using nonzero_mult_divide_cancel_left [OF dc] c d
  2012       by (simp add: algebra_simps diff_divide_distrib del: left_distrib)
  2013     finally  have ?thesis using c d 
  2014       apply (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"] msubsteq_def Let_def evaldjf_ex field_simps)
  2015       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2016       apply (simp add: field_simps)
  2017       done }
  2018   ultimately show ?thesis by blast
  2019 qed
  2020 
  2021 
  2022 definition "msubstneq c t d s a r = 
  2023   evaldjf (split conj) 
  2024   [(let cd = c *\<^sub>p d in (NEq (CP cd), NEq (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2025    (conj (Eq (CP c)) (NEq (CP d)) , NEq (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2026    (conj (NEq (CP c)) (Eq (CP d)) , NEq (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2027    (conj (Eq (CP c)) (Eq (CP d)) , NEq r)]"
  2028 
  2029 lemma msubstneq_nb: assumes lp: "islin (NEq (CNP 0 a r))" and t: "tmbound0 t" and s: "tmbound0 s"
  2030   shows "bound0 (msubstneq c t d s a r)"
  2031 proof-
  2032   have th: "\<forall>x\<in> set [(let cd = c *\<^sub>p d in (NEq (CP cd), NEq (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))), 
  2033     (conj (Eq (CP c)) (NEq (CP d)) , NEq (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2034     (conj (NEq (CP c)) (Eq (CP d)) , NEq (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2035     (conj (Eq (CP c)) (Eq (CP d)) , NEq r)]. bound0 (split conj x)"
  2036     using lp by (simp add: Let_def t s )
  2037   from evaldjf_bound0[OF th] show ?thesis by (simp add: msubstneq_def)
  2038 qed
  2039 
  2040 lemma msubstneq: assumes lp: "islin (Eq (CNP 0 a r))"
  2041   shows "Ifm vs (x#bs) (msubstneq c t d s a r) = Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs c + - Itm vs (x#bs) s / Ipoly vs d) /(1 + 1))#bs) (NEq (CNP 0 a r))" (is "?lhs = ?rhs")
  2042 proof-
  2043   let ?Nt = "\<lambda>(x::'a) t. Itm vs (x#bs) t"
  2044   let ?N = "\<lambda>p. Ipoly vs p"
  2045   let ?c = "?N c"
  2046   let ?d = "?N d"
  2047   let ?t = "?Nt x t"
  2048   let ?s = "?Nt x s"
  2049   let ?a = "?N a"
  2050   let ?r = "?Nt x r"
  2051   from lp have lin:"isnpoly a" "a \<noteq> 0\<^sub>p" "tmbound0 r" "allpolys isnpoly r" by simp_all
  2052   note r= tmbound0_I[OF lin(3), of vs _ bs x]
  2053   have cd_cs: "?c * ?d \<noteq> 0 \<or> (?c = 0 \<and> ?d = 0) \<or> (?c = 0 \<and> ?d \<noteq> 0) \<or> (?c \<noteq> 0 \<and> ?d = 0)" by auto
  2054   moreover
  2055   {assume c: "?c = 0" and d: "?d=0"
  2056     hence ?thesis  by (simp add: r[of 0] msubstneq_def Let_def evaldjf_ex)}
  2057   moreover 
  2058   {assume c: "?c = 0" and d: "?d\<noteq>0"
  2059     from c have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = -?s / ((1 + 1)*?d)" by simp
  2060     have "?rhs = Ifm vs (-?s / ((1 + 1)*?d) # bs) (NEq (CNP 0 a r))" by (simp only: th)
  2061     also have "\<dots> \<longleftrightarrow> ?a * (-?s / ((1 + 1)*?d)) + ?r \<noteq> 0" by (simp add: r[of "- (Itm vs (x # bs) s / ((1 + 1) * \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>))"])
  2062     also have "\<dots> \<longleftrightarrow> (1 + 1)*?d * (?a * (-?s / ((1 + 1)*?d)) + ?r) \<noteq> 0" 
  2063       using d mult_cancel_left[of "(1 + 1)*?d" "(?a * (-?s / ((1 + 1)*?d)) + ?r)" 0] by simp
  2064     also have "\<dots> \<longleftrightarrow> (- ?a * ?s) * ((1 + 1)*?d / ((1 + 1)*?d)) + (1 + 1)*?d*?r\<noteq> 0"
  2065       by (simp add: field_simps right_distrib[of "(1 + 1)*?d"] del: right_distrib)
  2066     
  2067     also have "\<dots> \<longleftrightarrow> - (?a * ?s) + (1 + 1)*?d*?r \<noteq> 0" using d by simp 
  2068     finally have ?thesis using c d 
  2069       apply (simp add: r[of "- (Itm vs (x # bs) s / ((1 + 1) * \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>))"] msubstneq_def Let_def evaldjf_ex del: one_add_one_is_two)
  2070       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2071       apply simp
  2072       done}
  2073   moreover
  2074   {assume c: "?c \<noteq> 0" and d: "?d=0"
  2075     from d have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = -?t / ((1 + 1)*?c)" by simp
  2076     have "?rhs = Ifm vs (-?t / ((1 + 1)*?c) # bs) (NEq (CNP 0 a r))" by (simp only: th)
  2077     also have "\<dots> \<longleftrightarrow> ?a * (-?t / ((1 + 1)*?c)) + ?r \<noteq> 0" by (simp add: r[of "- (?t/ ((1 + 1)* ?c))"])
  2078     also have "\<dots> \<longleftrightarrow> (1 + 1)*?c * (?a * (-?t / ((1 + 1)*?c)) + ?r) \<noteq> 0" 
  2079       using c mult_cancel_left[of "(1 + 1)*?c" "(?a * (-?t / ((1 + 1)*?c)) + ?r)" 0] by simp
  2080     also have "\<dots> \<longleftrightarrow> (?a * -?t)* ((1 + 1)*?c) / ((1 + 1)*?c) + (1 + 1)*?c*?r \<noteq> 0"
  2081       by (simp add: field_simps right_distrib[of "(1 + 1)*?c"] del: right_distrib)
  2082     also have "\<dots> \<longleftrightarrow> - (?a * ?t) + (1 + 1)*?c*?r \<noteq> 0" using c by simp 
  2083     finally have ?thesis using c d 
  2084       apply (simp add: r[of "- (?t/ ((1 + 1)*?c))"] msubstneq_def Let_def evaldjf_ex del: one_add_one_is_two)
  2085       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2086       apply simp
  2087       done }
  2088   moreover
  2089   {assume c: "?c \<noteq> 0" and d: "?d\<noteq>0" hence dc: "?c * ?d *(1 + 1) \<noteq> 0" by simp
  2090     from add_frac_eq[OF c d, of "- ?t" "- ?s"]
  2091     have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)" 
  2092       by (simp add: field_simps)
  2093     have "?rhs \<longleftrightarrow> Ifm vs (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d) # bs) (NEq (CNP 0 a r))" by (simp only: th)
  2094     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r \<noteq> 0" 
  2095       by (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"])
  2096     also have "\<dots> \<longleftrightarrow> ((1 + 1) * ?c * ?d) * (?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r) \<noteq> 0 "
  2097       using c d mult_cancel_left[of "(1 + 1) * ?c * ?d" "?a * (- (?d * ?t + ?c* ?s)/ ((1 + 1)*?c*?d)) + ?r" 0] by simp
  2098     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )) + (1 + 1)*?c*?d*?r \<noteq> 0" 
  2099       using nonzero_mult_divide_cancel_left[OF dc] c d
  2100       by (simp add: algebra_simps diff_divide_distrib del: left_distrib)
  2101     finally  have ?thesis using c d 
  2102       apply (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"] msubstneq_def Let_def evaldjf_ex field_simps)
  2103       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2104       apply (simp add: field_simps)
  2105       done }
  2106   ultimately show ?thesis by blast
  2107 qed
  2108 
  2109 definition "msubstlt c t d s a r = 
  2110   evaldjf (split conj) 
  2111   [(let cd = c *\<^sub>p d in (lt (CP (~\<^sub>p cd)), Lt (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2112   (let cd = c *\<^sub>p d in (lt (CP cd), Lt (Sub (Mul a (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2113    (conj (lt (CP (~\<^sub>p c))) (Eq (CP d)) , Lt (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2114    (conj (lt (CP c)) (Eq (CP d)) , Lt (Sub (Mul a t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2115    (conj (lt (CP (~\<^sub>p d))) (Eq (CP c)) , Lt (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2116    (conj (lt (CP d)) (Eq (CP c)) , Lt (Sub (Mul a s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2117    (conj (Eq (CP c)) (Eq (CP d)) , Lt r)]"
  2118 
  2119 lemma msubstlt_nb: assumes lp: "islin (Lt (CNP 0 a r))" and t: "tmbound0 t" and s: "tmbound0 s"
  2120   shows "bound0 (msubstlt c t d s a r)"
  2121 proof-
  2122   have th: "\<forall>x\<in> set [(let cd = c *\<^sub>p d in (lt (CP (~\<^sub>p cd)), Lt (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2123   (let cd = c *\<^sub>p d in (lt (CP cd), Lt (Sub (Mul a (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2124    (conj (lt (CP (~\<^sub>p c))) (Eq (CP d)) , Lt (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2125    (conj (lt (CP c)) (Eq (CP d)) , Lt (Sub (Mul a t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2126    (conj (lt (CP (~\<^sub>p d))) (Eq (CP c)) , Lt (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2127    (conj (lt (CP d)) (Eq (CP c)) , Lt (Sub (Mul a s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2128    (conj (Eq (CP c)) (Eq (CP d)) , Lt r)]. bound0 (split conj x)"
  2129     using lp by (simp add: Let_def t s lt_nb )
  2130   from evaldjf_bound0[OF th] show ?thesis by (simp add: msubstlt_def)
  2131 qed
  2132 
  2133 
  2134 lemma msubstlt: assumes nc: "isnpoly c" and nd: "isnpoly d" and lp: "islin (Lt (CNP 0 a r))" 
  2135   shows "Ifm vs (x#bs) (msubstlt c t d s a r) \<longleftrightarrow> 
  2136   Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs c + - Itm vs (x#bs) s / Ipoly vs d) /(1 + 1))#bs) (Lt (CNP 0 a r))" (is "?lhs = ?rhs")
  2137 proof-
  2138   let ?Nt = "\<lambda>x t. Itm vs (x#bs) t"
  2139   let ?N = "\<lambda>p. Ipoly vs p"
  2140   let ?c = "?N c"
  2141   let ?d = "?N d"
  2142   let ?t = "?Nt x t"
  2143   let ?s = "?Nt x s"
  2144   let ?a = "?N a"
  2145   let ?r = "?Nt x r"
  2146   from lp have lin:"isnpoly a" "a \<noteq> 0\<^sub>p" "tmbound0 r" "allpolys isnpoly r" by simp_all
  2147   note r= tmbound0_I[OF lin(3), of vs _ bs x]
  2148   have cd_cs: "?c * ?d < 0 \<or> ?c * ?d > 0 \<or> (?c = 0 \<and> ?d = 0) \<or> (?c = 0 \<and> ?d < 0) \<or> (?c = 0 \<and> ?d > 0) \<or> (?c < 0 \<and> ?d = 0) \<or> (?c > 0 \<and> ?d = 0)" by auto
  2149   moreover
  2150   {assume c: "?c=0" and d: "?d=0"
  2151     hence ?thesis  using nc nd by (simp add: polyneg_norm lt r[of 0] msubstlt_def Let_def evaldjf_ex)}
  2152   moreover
  2153   {assume dc: "?c*?d > 0" 
  2154     from mult_pos_pos[OF one_plus_one_pos dc] have dc': "(1 + 1)*?c *?d > 0" by simp
  2155     hence c:"?c \<noteq> 0" and d: "?d\<noteq> 0" by auto
  2156     from dc' have dc'': "\<not> (1 + 1)*?c *?d < 0" by simp
  2157     from add_frac_eq[OF c d, of "- ?t" "- ?s"]
  2158     have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)" 
  2159       by (simp add: field_simps)
  2160     have "?rhs \<longleftrightarrow> Ifm vs (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d) # bs) (Lt (CNP 0 a r))" by (simp only: th)
  2161     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r < 0" 
  2162       by (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"])
  2163     also have "\<dots> \<longleftrightarrow> ((1 + 1) * ?c * ?d) * (?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r) < 0"
  2164       
  2165       using dc' dc'' mult_less_cancel_left_disj[of "(1 + 1) * ?c * ?d" "?a * (- (?d * ?t + ?c* ?s)/ ((1 + 1)*?c*?d)) + ?r" 0] by simp
  2166     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )) + (1 + 1)*?c*?d*?r < 0" 
  2167       using nonzero_mult_divide_cancel_left[of "(1 + 1)*?c*?d"] c d
  2168       by (simp add: algebra_simps diff_divide_distrib del: left_distrib)
  2169     finally  have ?thesis using dc c d  nc nd dc'
  2170       apply (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"] msubstlt_def Let_def evaldjf_ex field_simps lt polyneg_norm polymul_norm) 
  2171     apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2172     by (simp add: field_simps order_less_not_sym[OF dc])}
  2173   moreover
  2174   {assume dc: "?c*?d < 0" 
  2175 
  2176     from dc one_plus_one_pos[where ?'a='a] have dc': "(1 + 1)*?c *?d < 0"
  2177       by (simp add: mult_less_0_iff field_simps) 
  2178     hence c:"?c \<noteq> 0" and d: "?d\<noteq> 0" by auto
  2179     from add_frac_eq[OF c d, of "- ?t" "- ?s"]
  2180     have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)" 
  2181       by (simp add: field_simps)
  2182     have "?rhs \<longleftrightarrow> Ifm vs (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d) # bs) (Lt (CNP 0 a r))" by (simp only: th)
  2183     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r < 0" 
  2184       by (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"])
  2185 
  2186     also have "\<dots> \<longleftrightarrow> ((1 + 1) * ?c * ?d) * (?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r) > 0"
  2187       
  2188       using dc' order_less_not_sym[OF dc'] mult_less_cancel_left_disj[of "(1 + 1) * ?c * ?d" 0 "?a * (- (?d * ?t + ?c* ?s)/ ((1 + 1)*?c*?d)) + ?r"] by simp
  2189     also have "\<dots> \<longleftrightarrow> ?a * ((?d * ?t + ?c* ?s )) - (1 + 1)*?c*?d*?r < 0" 
  2190       using nonzero_mult_divide_cancel_left[of "(1 + 1)*?c*?d"] c d
  2191       by (simp add: algebra_simps diff_divide_distrib del: left_distrib)
  2192     finally  have ?thesis using dc c d  nc nd
  2193       apply (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"] msubstlt_def Let_def evaldjf_ex field_simps lt polyneg_norm polymul_norm) 
  2194       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2195       by (simp add: field_simps order_less_not_sym[OF dc]) }
  2196   moreover
  2197   {assume c: "?c > 0" and d: "?d=0"  
  2198     from c have c'': "(1 + 1)*?c > 0" by (simp add: zero_less_mult_iff)
  2199     from c have c': "(1 + 1)*?c \<noteq> 0" by simp
  2200     from d have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?t / ((1 + 1)*?c)"  by (simp add: field_simps)
  2201     have "?rhs \<longleftrightarrow> Ifm vs (- ?t / ((1 + 1)*?c) # bs) (Lt (CNP 0 a r))" by (simp only: th)
  2202     also have "\<dots> \<longleftrightarrow> ?a* (- ?t / ((1 + 1)*?c))+ ?r < 0" by (simp add: r[of "- (?t / ((1 + 1)*?c))"])
  2203     also have "\<dots> \<longleftrightarrow> (1 + 1)*?c * (?a* (- ?t / ((1 + 1)*?c))+ ?r) < 0"
  2204       using c mult_less_cancel_left_disj[of "(1 + 1) * ?c" "?a* (- ?t / ((1 + 1)*?c))+ ?r" 0] c' c'' order_less_not_sym[OF c''] by simp
  2205     also have "\<dots> \<longleftrightarrow> - ?a*?t+  (1 + 1)*?c *?r < 0" 
  2206       using nonzero_mult_divide_cancel_left[OF c'] c
  2207       by (simp add: algebra_simps diff_divide_distrib less_le del: left_distrib)
  2208     finally have ?thesis using c d nc nd 
  2209       apply(simp add: r[of "- (?t / ((1 + 1)*?c))"] msubstlt_def Let_def evaldjf_ex field_simps lt polyneg_norm polymul_norm)
  2210       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2211       using c order_less_not_sym[OF c] less_imp_neq[OF c]
  2212       by (simp add: field_simps )  }
  2213   moreover
  2214   {assume c: "?c < 0" and d: "?d=0"  hence c': "(1 + 1)*?c \<noteq> 0" by simp
  2215     from c have c'': "(1 + 1)*?c < 0" by (simp add: mult_less_0_iff)
  2216     from d have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?t / ((1 + 1)*?c)"  by (simp add: field_simps)
  2217     have "?rhs \<longleftrightarrow> Ifm vs (- ?t / ((1 + 1)*?c) # bs) (Lt (CNP 0 a r))" by (simp only: th)
  2218     also have "\<dots> \<longleftrightarrow> ?a* (- ?t / ((1 + 1)*?c))+ ?r < 0" by (simp add: r[of "- (?t / ((1 + 1)*?c))"])
  2219     also have "\<dots> \<longleftrightarrow> (1 + 1)*?c * (?a* (- ?t / ((1 + 1)*?c))+ ?r) > 0"
  2220       using c order_less_not_sym[OF c''] less_imp_neq[OF c''] c'' mult_less_cancel_left_disj[of "(1 + 1) * ?c" 0 "?a* (- ?t / ((1 + 1)*?c))+ ?r"] by simp
  2221     also have "\<dots> \<longleftrightarrow> ?a*?t -  (1 + 1)*?c *?r < 0" 
  2222       using nonzero_mult_divide_cancel_left[OF c'] c order_less_not_sym[OF c''] less_imp_neq[OF c''] c''
  2223         by (simp add: algebra_simps diff_divide_distrib del:  left_distrib)
  2224     finally have ?thesis using c d nc nd 
  2225       apply(simp add: r[of "- (?t / ((1 + 1)*?c))"] msubstlt_def Let_def evaldjf_ex field_simps lt polyneg_norm polymul_norm)
  2226       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2227       using c order_less_not_sym[OF c] less_imp_neq[OF c]
  2228       by (simp add: field_simps )    }
  2229   moreover
  2230   moreover
  2231   {assume c: "?c = 0" and d: "?d>0"  
  2232     from d have d'': "(1 + 1)*?d > 0" by (simp add: zero_less_mult_iff)
  2233     from d have d': "(1 + 1)*?d \<noteq> 0" by simp
  2234     from c have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?s / ((1 + 1)*?d)"  by (simp add: field_simps)
  2235     have "?rhs \<longleftrightarrow> Ifm vs (- ?s / ((1 + 1)*?d) # bs) (Lt (CNP 0 a r))" by (simp only: th)
  2236     also have "\<dots> \<longleftrightarrow> ?a* (- ?s / ((1 + 1)*?d))+ ?r < 0" by (simp add: r[of "- (?s / ((1 + 1)*?d))"])
  2237     also have "\<dots> \<longleftrightarrow> (1 + 1)*?d * (?a* (- ?s / ((1 + 1)*?d))+ ?r) < 0"
  2238       using d mult_less_cancel_left_disj[of "(1 + 1) * ?d" "?a* (- ?s / ((1 + 1)*?d))+ ?r" 0] d' d'' order_less_not_sym[OF d''] by simp
  2239     also have "\<dots> \<longleftrightarrow> - ?a*?s+  (1 + 1)*?d *?r < 0" 
  2240       using nonzero_mult_divide_cancel_left[OF d'] d
  2241       by (simp add: algebra_simps diff_divide_distrib less_le del: left_distrib)
  2242     finally have ?thesis using c d nc nd 
  2243       apply(simp add: r[of "- (?s / ((1 + 1)*?d))"] msubstlt_def Let_def evaldjf_ex field_simps lt polyneg_norm polymul_norm)
  2244       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2245       using d order_less_not_sym[OF d] less_imp_neq[OF d]
  2246       by (simp add: field_simps)  }
  2247   moreover
  2248   {assume c: "?c = 0" and d: "?d<0"  hence d': "(1 + 1)*?d \<noteq> 0" by simp
  2249     from d have d'': "(1 + 1)*?d < 0" by (simp add: mult_less_0_iff)
  2250     from c have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?s / ((1 + 1)*?d)"  by (simp add: field_simps)
  2251     have "?rhs \<longleftrightarrow> Ifm vs (- ?s / ((1 + 1)*?d) # bs) (Lt (CNP 0 a r))" by (simp only: th)
  2252     also have "\<dots> \<longleftrightarrow> ?a* (- ?s / ((1 + 1)*?d))+ ?r < 0" by (simp add: r[of "- (?s / ((1 + 1)*?d))"])
  2253     also have "\<dots> \<longleftrightarrow> (1 + 1)*?d * (?a* (- ?s / ((1 + 1)*?d))+ ?r) > 0"
  2254       using d order_less_not_sym[OF d''] less_imp_neq[OF d''] d'' mult_less_cancel_left_disj[of "(1 + 1) * ?d" 0 "?a* (- ?s / ((1 + 1)*?d))+ ?r"] by simp
  2255     also have "\<dots> \<longleftrightarrow> ?a*?s -  (1 + 1)*?d *?r < 0" 
  2256       using nonzero_mult_divide_cancel_left[OF d'] d order_less_not_sym[OF d''] less_imp_neq[OF d''] d''
  2257         by (simp add: algebra_simps diff_divide_distrib del:  left_distrib)
  2258     finally have ?thesis using c d nc nd 
  2259       apply(simp add: r[of "- (?s / ((1 + 1)*?d))"] msubstlt_def Let_def evaldjf_ex field_simps lt polyneg_norm polymul_norm)
  2260       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2261       using d order_less_not_sym[OF d] less_imp_neq[OF d]
  2262       by (simp add: field_simps )    }
  2263 ultimately show ?thesis by blast
  2264 qed
  2265 
  2266 definition "msubstle c t d s a r = 
  2267   evaldjf (split conj) 
  2268   [(let cd = c *\<^sub>p d in (lt (CP (~\<^sub>p cd)), Le (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2269   (let cd = c *\<^sub>p d in (lt (CP cd), Le (Sub (Mul a (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2270    (conj (lt (CP (~\<^sub>p c))) (Eq (CP d)) , Le (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2271    (conj (lt (CP c)) (Eq (CP d)) , Le (Sub (Mul a t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2272    (conj (lt (CP (~\<^sub>p d))) (Eq (CP c)) , Le (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2273    (conj (lt (CP d)) (Eq (CP c)) , Le (Sub (Mul a s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2274    (conj (Eq (CP c)) (Eq (CP d)) , Le r)]"
  2275 
  2276 lemma msubstle_nb: assumes lp: "islin (Le (CNP 0 a r))" and t: "tmbound0 t" and s: "tmbound0 s"
  2277   shows "bound0 (msubstle c t d s a r)"
  2278 proof-
  2279   have th: "\<forall>x\<in> set [(let cd = c *\<^sub>p d in (lt (CP (~\<^sub>p cd)), Le (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2280   (let cd = c *\<^sub>p d in (lt (CP cd), Le (Sub (Mul a (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2281    (conj (lt (CP (~\<^sub>p c))) (Eq (CP d)) , Le (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2282    (conj (lt (CP c)) (Eq (CP d)) , Le (Sub (Mul a t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2283    (conj (lt (CP (~\<^sub>p d))) (Eq (CP c)) , Le (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2284    (conj (lt (CP d)) (Eq (CP c)) , Le (Sub (Mul a s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2285    (conj (Eq (CP c)) (Eq (CP d)) , Le r)]. bound0 (split conj x)"
  2286     using lp by (simp add: Let_def t s lt_nb )
  2287   from evaldjf_bound0[OF th] show ?thesis by (simp add: msubstle_def)
  2288 qed
  2289 
  2290 lemma msubstle: assumes nc: "isnpoly c" and nd: "isnpoly d" and lp: "islin (Le (CNP 0 a r))" 
  2291   shows "Ifm vs (x#bs) (msubstle c t d s a r) \<longleftrightarrow> 
  2292   Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs c + - Itm vs (x#bs) s / Ipoly vs d) /(1 + 1))#bs) (Le (CNP 0 a r))" (is "?lhs = ?rhs")
  2293 proof-
  2294   let ?Nt = "\<lambda>x t. Itm vs (x#bs) t"
  2295   let ?N = "\<lambda>p. Ipoly vs p"
  2296   let ?c = "?N c"
  2297   let ?d = "?N d"
  2298   let ?t = "?Nt x t"
  2299   let ?s = "?Nt x s"
  2300   let ?a = "?N a"
  2301   let ?r = "?Nt x r"
  2302   from lp have lin:"isnpoly a" "a \<noteq> 0\<^sub>p" "tmbound0 r" "allpolys isnpoly r" by simp_all
  2303   note r= tmbound0_I[OF lin(3), of vs _ bs x]
  2304   have cd_cs: "?c * ?d < 0 \<or> ?c * ?d > 0 \<or> (?c = 0 \<and> ?d = 0) \<or> (?c = 0 \<and> ?d < 0) \<or> (?c = 0 \<and> ?d > 0) \<or> (?c < 0 \<and> ?d = 0) \<or> (?c > 0 \<and> ?d = 0)" by auto
  2305   moreover
  2306   {assume c: "?c=0" and d: "?d=0"
  2307     hence ?thesis  using nc nd by (simp add: polyneg_norm polymul_norm lt r[of 0] msubstle_def Let_def evaldjf_ex)}
  2308   moreover
  2309   {assume dc: "?c*?d > 0" 
  2310     from mult_pos_pos[OF one_plus_one_pos dc] have dc': "(1 + 1)*?c *?d > 0" by simp
  2311     hence c:"?c \<noteq> 0" and d: "?d\<noteq> 0" by auto
  2312     from dc' have dc'': "\<not> (1 + 1)*?c *?d < 0" by simp
  2313     from add_frac_eq[OF c d, of "- ?t" "- ?s"]
  2314     have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)" 
  2315       by (simp add: field_simps)
  2316     have "?rhs \<longleftrightarrow> Ifm vs (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d) # bs) (Le (CNP 0 a r))" by (simp only: th)
  2317     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r <= 0" 
  2318       by (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"])
  2319     also have "\<dots> \<longleftrightarrow> ((1 + 1) * ?c * ?d) * (?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r) <= 0"
  2320       
  2321       using dc' dc'' mult_le_cancel_left[of "(1 + 1) * ?c * ?d" "?a * (- (?d * ?t + ?c* ?s)/ ((1 + 1)*?c*?d)) + ?r" 0] by simp
  2322     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )) + (1 + 1)*?c*?d*?r <= 0" 
  2323       using nonzero_mult_divide_cancel_left[of "(1 + 1)*?c*?d"] c d
  2324       by (simp add: algebra_simps diff_divide_distrib del: left_distrib)
  2325     finally  have ?thesis using dc c d  nc nd dc'
  2326       apply (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"] msubstle_def Let_def evaldjf_ex field_simps lt polyneg_norm polymul_norm) 
  2327     apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2328     by (simp add: field_simps order_less_not_sym[OF dc])}
  2329   moreover
  2330   {assume dc: "?c*?d < 0" 
  2331 
  2332     from dc one_plus_one_pos[where ?'a='a] have dc': "(1 + 1)*?c *?d < 0"
  2333       by (simp add: mult_less_0_iff field_simps add_neg_neg add_pos_pos)
  2334     hence c:"?c \<noteq> 0" and d: "?d\<noteq> 0" by auto
  2335     from add_frac_eq[OF c d, of "- ?t" "- ?s"]
  2336     have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)" 
  2337       by (simp add: field_simps)
  2338     have "?rhs \<longleftrightarrow> Ifm vs (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d) # bs) (Le (CNP 0 a r))" by (simp only: th)
  2339     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r <= 0" 
  2340       by (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"])
  2341 
  2342     also have "\<dots> \<longleftrightarrow> ((1 + 1) * ?c * ?d) * (?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r) >= 0"
  2343       
  2344       using dc' order_less_not_sym[OF dc'] mult_le_cancel_left[of "(1 + 1) * ?c * ?d" 0 "?a * (- (?d * ?t + ?c* ?s)/ ((1 + 1)*?c*?d)) + ?r"] by simp
  2345     also have "\<dots> \<longleftrightarrow> ?a * ((?d * ?t + ?c* ?s )) - (1 + 1)*?c*?d*?r <= 0" 
  2346       using nonzero_mult_divide_cancel_left[of "(1 + 1)*?c*?d"] c d
  2347       by (simp add: algebra_simps diff_divide_distrib del: left_distrib)
  2348     finally  have ?thesis using dc c d  nc nd
  2349       apply (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"] msubstle_def Let_def evaldjf_ex field_simps lt polyneg_norm polymul_norm) 
  2350       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2351       by (simp add: field_simps order_less_not_sym[OF dc]) }
  2352   moreover
  2353   {assume c: "?c > 0" and d: "?d=0"  
  2354     from c have c'': "(1 + 1)*?c > 0" by (simp add: zero_less_mult_iff)
  2355     from c have c': "(1 + 1)*?c \<noteq> 0" by simp
  2356     from d have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?t / ((1 + 1)*?c)"  by (simp add: field_simps)
  2357     have "?rhs \<longleftrightarrow> Ifm vs (- ?t / ((1 + 1)*?c) # bs) (Le (CNP 0 a r))" by (simp only: th)
  2358     also have "\<dots> \<longleftrightarrow> ?a* (- ?t / ((1 + 1)*?c))+ ?r <= 0" by (simp add: r[of "- (?t / ((1 + 1)*?c))"])
  2359     also have "\<dots> \<longleftrightarrow> (1 + 1)*?c * (?a* (- ?t / ((1 + 1)*?c))+ ?r) <= 0"
  2360       using c mult_le_cancel_left[of "(1 + 1) * ?c" "?a* (- ?t / ((1 + 1)*?c))+ ?r" 0] c' c'' order_less_not_sym[OF c''] by simp
  2361     also have "\<dots> \<longleftrightarrow> - ?a*?t+  (1 + 1)*?c *?r <= 0" 
  2362       using nonzero_mult_divide_cancel_left[OF c'] c
  2363       by (simp add: algebra_simps diff_divide_distrib less_le del: left_distrib)
  2364     finally have ?thesis using c d nc nd 
  2365       apply(simp add: r[of "- (?t / ((1 + 1)*?c))"] msubstle_def Let_def evaldjf_ex field_simps lt polyneg_norm polymul_norm)
  2366       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2367       using c order_less_not_sym[OF c] less_imp_neq[OF c]
  2368       by (simp add: field_simps )  }
  2369   moreover
  2370   {assume c: "?c < 0" and d: "?d=0"  hence c': "(1 + 1)*?c \<noteq> 0" by simp
  2371     from c have c'': "(1 + 1)*?c < 0" by (simp add: mult_less_0_iff)
  2372     from d have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?t / ((1 + 1)*?c)"  by (simp add: field_simps)
  2373     have "?rhs \<longleftrightarrow> Ifm vs (- ?t / ((1 + 1)*?c) # bs) (Le (CNP 0 a r))" by (simp only: th)
  2374     also have "\<dots> \<longleftrightarrow> ?a* (- ?t / ((1 + 1)*?c))+ ?r <= 0" by (simp add: r[of "- (?t / ((1 + 1)*?c))"])
  2375     also have "\<dots> \<longleftrightarrow> (1 + 1)*?c * (?a* (- ?t / ((1 + 1)*?c))+ ?r) >= 0"
  2376       using c order_less_not_sym[OF c''] less_imp_neq[OF c''] c'' mult_le_cancel_left[of "(1 + 1) * ?c" 0 "?a* (- ?t / ((1 + 1)*?c))+ ?r"] by simp
  2377     also have "\<dots> \<longleftrightarrow> ?a*?t -  (1 + 1)*?c *?r <= 0" 
  2378       using nonzero_mult_divide_cancel_left[OF c'] c order_less_not_sym[OF c''] less_imp_neq[OF c''] c''
  2379         by (simp add: algebra_simps diff_divide_distrib del:  left_distrib)
  2380     finally have ?thesis using c d nc nd 
  2381       apply(simp add: r[of "- (?t / ((1 + 1)*?c))"] msubstle_def Let_def evaldjf_ex field_simps lt polyneg_norm polymul_norm)
  2382       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2383       using c order_less_not_sym[OF c] less_imp_neq[OF c]
  2384       by (simp add: field_simps )    }
  2385   moreover
  2386   moreover
  2387   {assume c: "?c = 0" and d: "?d>0"  
  2388     from d have d'': "(1 + 1)*?d > 0" by (simp add: zero_less_mult_iff)
  2389     from d have d': "(1 + 1)*?d \<noteq> 0" by simp
  2390     from c have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?s / ((1 + 1)*?d)"  by (simp add: field_simps)
  2391     have "?rhs \<longleftrightarrow> Ifm vs (- ?s / ((1 + 1)*?d) # bs) (Le (CNP 0 a r))" by (simp only: th)
  2392     also have "\<dots> \<longleftrightarrow> ?a* (- ?s / ((1 + 1)*?d))+ ?r <= 0" by (simp add: r[of "- (?s / ((1 + 1)*?d))"])
  2393     also have "\<dots> \<longleftrightarrow> (1 + 1)*?d * (?a* (- ?s / ((1 + 1)*?d))+ ?r) <= 0"
  2394       using d mult_le_cancel_left[of "(1 + 1) * ?d" "?a* (- ?s / ((1 + 1)*?d))+ ?r" 0] d' d'' order_less_not_sym[OF d''] by simp
  2395     also have "\<dots> \<longleftrightarrow> - ?a*?s+  (1 + 1)*?d *?r <= 0" 
  2396       using nonzero_mult_divide_cancel_left[OF d'] d
  2397       by (simp add: algebra_simps diff_divide_distrib less_le del: left_distrib)
  2398     finally have ?thesis using c d nc nd 
  2399       apply(simp add: r[of "- (?s / ((1 + 1)*?d))"] msubstle_def Let_def evaldjf_ex field_simps lt polyneg_norm polymul_norm)
  2400       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2401       using d order_less_not_sym[OF d] less_imp_neq[OF d]
  2402       by (simp add: field_simps )  }
  2403   moreover
  2404   {assume c: "?c = 0" and d: "?d<0"  hence d': "(1 + 1)*?d \<noteq> 0" by simp
  2405     from d have d'': "(1 + 1)*?d < 0" by (simp add: mult_less_0_iff)
  2406     from c have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?s / ((1 + 1)*?d)"  by (simp add: field_simps)
  2407     have "?rhs \<longleftrightarrow> Ifm vs (- ?s / ((1 + 1)*?d) # bs) (Le (CNP 0 a r))" by (simp only: th)
  2408     also have "\<dots> \<longleftrightarrow> ?a* (- ?s / ((1 + 1)*?d))+ ?r <= 0" by (simp add: r[of "- (?s / ((1 + 1)*?d))"])
  2409     also have "\<dots> \<longleftrightarrow> (1 + 1)*?d * (?a* (- ?s / ((1 + 1)*?d))+ ?r) >= 0"
  2410       using d order_less_not_sym[OF d''] less_imp_neq[OF d''] d'' mult_le_cancel_left[of "(1 + 1) * ?d" 0 "?a* (- ?s / ((1 + 1)*?d))+ ?r"] by simp
  2411     also have "\<dots> \<longleftrightarrow> ?a*?s -  (1 + 1)*?d *?r <= 0" 
  2412       using nonzero_mult_divide_cancel_left[OF d'] d order_less_not_sym[OF d''] less_imp_neq[OF d''] d''
  2413         by (simp add: algebra_simps diff_divide_distrib del:  left_distrib)
  2414     finally have ?thesis using c d nc nd 
  2415       apply(simp add: r[of "- (?s / ((1 + 1)*?d))"] msubstle_def Let_def evaldjf_ex field_simps lt polyneg_norm polymul_norm)
  2416       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2417       using d order_less_not_sym[OF d] less_imp_neq[OF d]
  2418       by (simp add: field_simps )    }
  2419 ultimately show ?thesis by blast
  2420 qed
  2421 
  2422 
  2423 fun msubst :: "fm \<Rightarrow> (poly \<times> tm) \<times> (poly \<times> tm) \<Rightarrow> fm" where
  2424   "msubst (And p q) ((c,t), (d,s)) = conj (msubst p ((c,t),(d,s))) (msubst q ((c,t),(d,s)))"
  2425 | "msubst (Or p q) ((c,t), (d,s)) = disj (msubst p ((c,t),(d,s))) (msubst q ((c,t), (d,s)))"
  2426 | "msubst (Eq (CNP 0 a r)) ((c,t),(d,s)) = msubsteq c t d s a r"
  2427 | "msubst (NEq (CNP 0 a r)) ((c,t),(d,s)) = msubstneq c t d s a r"
  2428 | "msubst (Lt (CNP 0 a r)) ((c,t),(d,s)) = msubstlt c t d s a r"
  2429 | "msubst (Le (CNP 0 a r)) ((c,t),(d,s)) = msubstle c t d s a r"
  2430 | "msubst p ((c,t),(d,s)) = p"
  2431 
  2432 lemma msubst_I: assumes lp: "islin p" and nc: "isnpoly c" and nd: "isnpoly d"
  2433   shows "Ifm vs (x#bs) (msubst p ((c,t),(d,s))) = Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs c + - Itm vs (x#bs) s / Ipoly vs d) /(1 + 1))#bs) p"
  2434   using lp
  2435 by (induct p rule: islin.induct, auto simp add: tmbound0_I[where b="(- (Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>) + - (Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>)) /(1 + 1)" and b'=x and bs = bs and vs=vs] bound0_I[where b="(- (Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>) + - (Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>)) /(1 + 1)" and b'=x and bs = bs and vs=vs] msubsteq msubstneq msubstlt[OF nc nd] msubstle[OF nc nd])
  2436 
  2437 lemma msubst_nb: assumes lp: "islin p" and t: "tmbound0 t" and s: "tmbound0 s"
  2438   shows "bound0 (msubst p ((c,t),(d,s)))"
  2439   using lp t s
  2440   by (induct p rule: islin.induct, auto simp add: msubsteq_nb msubstneq_nb msubstlt_nb msubstle_nb)
  2441 
  2442 lemma fr_eq_msubst: 
  2443   assumes lp: "islin p"
  2444   shows "(\<exists> x. Ifm vs (x#bs) p) = ((Ifm vs (x#bs) (minusinf p)) \<or> (Ifm vs (x#bs) (plusinf p)) \<or> (\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). Ifm vs (x#bs) (msubst p ((c,t),(d,s)))))"
  2445   (is "(\<exists> x. ?I x p) = (?M \<or> ?P \<or> ?F)" is "?E = ?D")
  2446 proof-
  2447 from uset_l[OF lp] have th: "\<forall>(c, s)\<in>set (uset p). isnpoly c \<and> tmbound0 s" by blast
  2448 {fix c t d s assume ctU: "(c,t) \<in>set (uset p)" and dsU: "(d,s) \<in>set (uset p)" 
  2449   and pts: "Ifm vs ((- Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / (1+1) # bs) p"
  2450   from th[rule_format, OF ctU] th[rule_format, OF dsU] have norm:"isnpoly c" "isnpoly d" by simp_all
  2451   from msubst_I[OF lp norm, of vs x bs t s] pts
  2452   have "Ifm vs (x # bs) (msubst p ((c, t), d, s))" ..}
  2453 moreover
  2454 {fix c t d s assume ctU: "(c,t) \<in>set (uset p)" and dsU: "(d,s) \<in>set (uset p)" 
  2455   and pts: "Ifm vs (x # bs) (msubst p ((c, t), d, s))"
  2456   from th[rule_format, OF ctU] th[rule_format, OF dsU] have norm:"isnpoly c" "isnpoly d" by simp_all
  2457   from msubst_I[OF lp norm, of vs x bs t s] pts
  2458   have "Ifm vs ((- Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / (1+1) # bs) p" ..}
  2459 ultimately have th': "(\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). Ifm vs ((- Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / (1+1) # bs) p) \<longleftrightarrow> ?F" by blast
  2460 from fr_eq[OF lp, of vs bs x, simplified th'] show ?thesis .
  2461 qed 
  2462 
  2463 text {* Rest of the implementation *}
  2464 
  2465 primrec alluopairs:: "'a list \<Rightarrow> ('a \<times> 'a) list" where
  2466   "alluopairs [] = []"
  2467 | "alluopairs (x#xs) = (map (Pair x) (x#xs))@(alluopairs xs)"
  2468 
  2469 lemma alluopairs_set1: "set (alluopairs xs) \<le> {(x,y). x\<in> set xs \<and> y\<in> set xs}"
  2470 by (induct xs, auto)
  2471 
  2472 lemma alluopairs_set:
  2473   "\<lbrakk>x\<in> set xs ; y \<in> set xs\<rbrakk> \<Longrightarrow> (x,y) \<in> set (alluopairs xs) \<or> (y,x) \<in> set (alluopairs xs) "
  2474 by (induct xs, auto)
  2475 
  2476 lemma alluopairs_ex:
  2477   assumes Pc: "\<forall> x \<in> set xs. \<forall>y\<in> set xs. P x y = P y x"
  2478   shows "(\<exists> x \<in> set xs. \<exists> y \<in> set xs. P x y) = (\<exists> (x,y) \<in> set (alluopairs xs). P x y)"
  2479 proof
  2480   assume "\<exists>x\<in>set xs. \<exists>y\<in>set xs. P x y"
  2481   then obtain x y where x: "x \<in> set xs" and y:"y \<in> set xs" and P: "P x y"  by blast
  2482   from alluopairs_set[OF x y] P Pc x y show"\<exists>(x, y)\<in>set (alluopairs xs). P x y" 
  2483     by auto
  2484 next
  2485   assume "\<exists>(x, y)\<in>set (alluopairs xs). P x y"
  2486   then obtain "x" and "y"  where xy:"(x,y) \<in> set (alluopairs xs)" and P: "P x y" by blast+
  2487   from xy have "x \<in> set xs \<and> y\<in> set xs" using alluopairs_set1 by blast
  2488   with P show "\<exists>x\<in>set xs. \<exists>y\<in>set xs. P x y" by blast
  2489 qed
  2490 
  2491 lemma nth_pos2: "0 < n \<Longrightarrow> (x#xs) ! n = xs ! (n - 1)"
  2492 using Nat.gr0_conv_Suc
  2493 by clarsimp
  2494 
  2495 lemma filter_length: "length (List.filter P xs) < Suc (length xs)"
  2496   apply (induct xs, auto) done
  2497 
  2498 consts remdps:: "'a list \<Rightarrow> 'a list"
  2499 
  2500 recdef remdps "measure size"
  2501   "remdps [] = []"
  2502   "remdps (x#xs) = (x#(remdps (List.filter (\<lambda> y. y \<noteq> x) xs)))"
  2503 (hints simp add: filter_length[rule_format])
  2504 
  2505 lemma remdps_set[simp]: "set (remdps xs) = set xs"
  2506   by (induct xs rule: remdps.induct, auto)
  2507 
  2508 lemma simpfm_lin:   assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})"
  2509   shows "qfree p \<Longrightarrow> islin (simpfm p)"
  2510   by (induct p rule: simpfm.induct, auto simp add: conj_lin disj_lin)
  2511 
  2512 definition 
  2513   "ferrack p \<equiv> let q = simpfm p ; mp = minusinf q ; pp = plusinf q
  2514   in if (mp = T \<or> pp = T) then T 
  2515      else (let U = alluopairs (remdps (uset  q))
  2516            in decr0 (disj mp (disj pp (evaldjf (simpfm o (msubst q)) U ))))"
  2517 
  2518 lemma ferrack: 
  2519   assumes qf: "qfree p"
  2520   shows "qfree (ferrack p) \<and> ((Ifm vs bs (ferrack p)) = (Ifm vs bs (E p)))"
  2521   (is "_ \<and> (?rhs = ?lhs)")
  2522 proof-
  2523   let ?I = "\<lambda> x p. Ifm vs (x#bs) p"
  2524   let ?N = "\<lambda> t. Ipoly vs t"
  2525   let ?Nt = "\<lambda>x t. Itm vs (x#bs) t"
  2526   let ?q = "simpfm p" 
  2527   let ?U = "remdps(uset ?q)"
  2528   let ?Up = "alluopairs ?U"
  2529   let ?mp = "minusinf ?q"
  2530   let ?pp = "plusinf ?q"
  2531   let ?I = "\<lambda>p. Ifm vs (x#bs) p"
  2532   from simpfm_lin[OF qf] simpfm_qf[OF qf] have lq: "islin ?q" and q_qf: "qfree ?q" .
  2533   from minusinf_nb[OF lq] plusinf_nb[OF lq] have mp_nb: "bound0 ?mp" and pp_nb: "bound0 ?pp" .
  2534   from bound0_qf[OF mp_nb] bound0_qf[OF pp_nb] have mp_qf: "qfree ?mp" and pp_qf: "qfree ?pp" .
  2535   from uset_l[OF lq] have U_l: "\<forall>(c, s)\<in>set ?U. isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s"
  2536     by simp
  2537   {fix c t d s assume ctU: "(c,t) \<in> set ?U" and dsU: "(d,s) \<in> set ?U"
  2538     from U_l ctU dsU have norm: "isnpoly c" "isnpoly d" by auto
  2539     from msubst_I[OF lq norm, of vs x bs t s] msubst_I[OF lq norm(2,1), of vs x bs s t]
  2540     have "?I (msubst ?q ((c,t),(d,s))) = ?I (msubst ?q ((d,s),(c,t)))" by (simp add: field_simps)}
  2541   hence th0: "\<forall>x \<in> set ?U. \<forall>y \<in> set ?U. ?I (msubst ?q (x, y)) \<longleftrightarrow> ?I (msubst ?q (y, x))" by clarsimp
  2542   {fix x assume xUp: "x \<in> set ?Up" 
  2543     then  obtain c t d s where ctU: "(c,t) \<in> set ?U" and dsU: "(d,s) \<in> set ?U" 
  2544       and x: "x = ((c,t),(d,s))" using alluopairs_set1[of ?U] by auto  
  2545     from U_l[rule_format, OF ctU] U_l[rule_format, OF dsU] 
  2546     have nbs: "tmbound0 t" "tmbound0 s" by simp_all
  2547     from simpfm_bound0[OF msubst_nb[OF lq nbs, of c d]] 
  2548     have "bound0 ((simpfm o (msubst (simpfm p))) x)" using x by simp}
  2549   with evaldjf_bound0[of ?Up "(simpfm o (msubst (simpfm p)))"]
  2550   have "bound0 (evaldjf (simpfm o (msubst (simpfm p))) ?Up)" by blast
  2551   with mp_nb pp_nb 
  2552   have th1: "bound0 (disj ?mp (disj ?pp (evaldjf (simpfm o (msubst ?q)) ?Up )))" by (simp add: disj_nb)
  2553   from decr0_qf[OF th1] have thqf: "qfree (ferrack p)" by (simp add: ferrack_def Let_def)
  2554   have "?lhs \<longleftrightarrow> (\<exists>x. Ifm vs (x#bs) ?q)" by simp
  2555   also have "\<dots> \<longleftrightarrow> ?I ?mp \<or> ?I ?pp \<or> (\<exists>(c, t)\<in>set ?U. \<exists>(d, s)\<in>set ?U. ?I (msubst (simpfm p) ((c, t), d, s)))" using fr_eq_msubst[OF lq, of vs bs x] by simp
  2556   also have "\<dots> \<longleftrightarrow> ?I ?mp \<or> ?I ?pp \<or> (\<exists> (x,y) \<in> set ?Up. ?I ((simpfm o (msubst ?q)) (x,y)))" using alluopairs_ex[OF th0] by simp
  2557   also have "\<dots> \<longleftrightarrow> ?I ?mp \<or> ?I ?pp \<or> ?I (evaldjf (simpfm o (msubst ?q)) ?Up)" 
  2558     by (simp add: evaldjf_ex)
  2559   also have "\<dots> \<longleftrightarrow> ?I (disj ?mp (disj ?pp (evaldjf (simpfm o (msubst ?q)) ?Up)))" by simp
  2560   also have "\<dots> \<longleftrightarrow> ?rhs" using decr0[OF th1, of vs x bs]
  2561     apply (simp add: ferrack_def Let_def)
  2562     by (cases "?mp = T \<or> ?pp = T", auto)
  2563   finally show ?thesis using thqf by blast
  2564 qed
  2565 
  2566 definition "frpar p = simpfm (qelim p ferrack)"
  2567 lemma frpar: "qfree (frpar p) \<and> (Ifm vs bs (frpar p) \<longleftrightarrow> Ifm vs bs p)"
  2568 proof-
  2569   from ferrack have th: "\<forall>bs p. qfree p \<longrightarrow> qfree (ferrack p) \<and> Ifm vs bs (ferrack p) = Ifm vs bs (E p)" by blast
  2570   from qelim[OF th, of p bs] show ?thesis  unfolding frpar_def by auto
  2571 qed
  2572 
  2573 declare polyadd.simps[code]
  2574 lemma [simp,code]: "polyadd (CN c n p, CN c' n' p') = 
  2575     (if n < n' then CN (polyadd(c,CN c' n' p')) n p
  2576      else if n'<n then CN (polyadd(CN c n p, c')) n' p'
  2577      else (let cc' = polyadd (c,c') ; 
  2578                pp' = polyadd (p,p')
  2579            in (if pp' = 0\<^sub>p then cc' else CN cc' n pp')))"
  2580   by (simp add: Let_def stupid)
  2581 
  2582 
  2583 section{* Second implemenation: Case splits not local *}
  2584 
  2585 lemma fr_eq2:  assumes lp: "islin p"
  2586   shows "(\<exists> x. Ifm vs (x#bs) p) \<longleftrightarrow> 
  2587    ((Ifm vs (x#bs) (minusinf p)) \<or> (Ifm vs (x#bs) (plusinf p)) \<or> 
  2588     (Ifm vs (0#bs) p) \<or> 
  2589     (\<exists> (n,t) \<in> set (uset p). Ipoly vs n \<noteq> 0 \<and> Ifm vs ((- Itm vs (x#bs) t /  (Ipoly vs n * (1 + 1)))#bs) p) \<or> 
  2590     (\<exists> (n,t) \<in> set (uset p). \<exists> (m,s) \<in> set (uset p). Ipoly vs n \<noteq> 0 \<and> Ipoly vs m \<noteq> 0 \<and> Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs n + - Itm vs (x#bs) s / Ipoly vs m) /(1 + 1))#bs) p))"
  2591   (is "(\<exists> x. ?I x p) = (?M \<or> ?P \<or> ?Z \<or> ?U \<or> ?F)" is "?E = ?D")
  2592 proof
  2593   assume px: "\<exists> x. ?I x p"
  2594   have "?M \<or> ?P \<or> (\<not> ?M \<and> \<not> ?P)" by blast
  2595   moreover {assume "?M \<or> ?P" hence "?D" by blast}
  2596   moreover {assume nmi: "\<not> ?M" and npi: "\<not> ?P"
  2597     from inf_uset[OF lp nmi npi, OF px] 
  2598     obtain c t d s where ct: "(c,t) \<in> set (uset p)" "(d,s) \<in> set (uset p)" "?I ((- Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / ((1\<Colon>'a) + (1\<Colon>'a))) p"
  2599       by auto
  2600     let ?c = "\<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>"
  2601     let ?d = "\<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>"
  2602     let ?s = "Itm vs (x # bs) s"
  2603     let ?t = "Itm vs (x # bs) t"
  2604     have eq2: "\<And>(x::'a). x + x = (1 + 1) * x"
  2605       by  (simp add: field_simps)
  2606     {assume "?c = 0 \<and> ?d = 0"
  2607       with ct have ?D by simp}
  2608     moreover
  2609     {assume z: "?c = 0" "?d \<noteq> 0"
  2610       from z have ?D using ct by auto}
  2611     moreover
  2612     {assume z: "?c \<noteq> 0" "?d = 0"
  2613       with ct have ?D by auto }
  2614     moreover
  2615     {assume z: "?c \<noteq> 0" "?d \<noteq> 0"
  2616       from z have ?F using ct
  2617         apply - apply (rule bexI[where x = "(c,t)"], simp_all)
  2618         by (rule bexI[where x = "(d,s)"], simp_all)
  2619       hence ?D by blast}
  2620     ultimately have ?D by auto}
  2621   ultimately show "?D" by blast
  2622 next
  2623   assume "?D" 
  2624   moreover {assume m:"?M" from minusinf_ex[OF lp m] have "?E" .}
  2625   moreover {assume p: "?P" from plusinf_ex[OF lp p] have "?E" . }
  2626   moreover {assume f:"?F" hence "?E" by blast}
  2627   ultimately show "?E" by blast
  2628 qed
  2629 
  2630 definition "msubsteq2 c t a b = Eq (Add (Mul a t) (Mul c b))"
  2631 definition "msubstltpos c t a b = Lt (Add (Mul a t) (Mul c b))"
  2632 definition "msubstlepos c t a b = Le (Add (Mul a t) (Mul c b))"
  2633 definition "msubstltneg c t a b = Lt (Neg (Add (Mul a t) (Mul c b)))"
  2634 definition "msubstleneg c t a b = Le (Neg (Add (Mul a t) (Mul c b)))"
  2635 
  2636 lemma msubsteq2: 
  2637   assumes nz: "Ipoly vs c \<noteq> 0" and l: "islin (Eq (CNP 0 a b))"
  2638   shows "Ifm vs (x#bs) (msubsteq2 c t a b) = Ifm vs (((Itm vs (x#bs) t /  Ipoly vs c ))#bs) (Eq (CNP 0 a b))" (is "?lhs = ?rhs")
  2639   using nz l tmbound0_I[of b vs x bs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" , symmetric]
  2640   by (simp add: msubsteq2_def field_simps)
  2641 
  2642 lemma msubstltpos: 
  2643   assumes nz: "Ipoly vs c > 0" and l: "islin (Lt (CNP 0 a b))"
  2644   shows "Ifm vs (x#bs) (msubstltpos c t a b) = Ifm vs (((Itm vs (x#bs) t /  Ipoly vs c ))#bs) (Lt (CNP 0 a b))" (is "?lhs = ?rhs")
  2645   using nz l tmbound0_I[of b vs x bs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" , symmetric]
  2646   by (simp add: msubstltpos_def field_simps)
  2647 
  2648 lemma msubstlepos: 
  2649   assumes nz: "Ipoly vs c > 0" and l: "islin (Le (CNP 0 a b))"
  2650   shows "Ifm vs (x#bs) (msubstlepos c t a b) = Ifm vs (((Itm vs (x#bs) t /  Ipoly vs c ))#bs) (Le (CNP 0 a b))" (is "?lhs = ?rhs")
  2651   using nz l tmbound0_I[of b vs x bs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" , symmetric]
  2652   by (simp add: msubstlepos_def field_simps)
  2653 
  2654 lemma msubstltneg: 
  2655   assumes nz: "Ipoly vs c < 0" and l: "islin (Lt (CNP 0 a b))"
  2656   shows "Ifm vs (x#bs) (msubstltneg c t a b) = Ifm vs (((Itm vs (x#bs) t /  Ipoly vs c ))#bs) (Lt (CNP 0 a b))" (is "?lhs = ?rhs")
  2657   using nz l tmbound0_I[of b vs x bs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" , symmetric]
  2658   by (simp add: msubstltneg_def field_simps del: minus_add_distrib)
  2659 
  2660 lemma msubstleneg: 
  2661   assumes nz: "Ipoly vs c < 0" and l: "islin (Le (CNP 0 a b))"
  2662   shows "Ifm vs (x#bs) (msubstleneg c t a b) = Ifm vs (((Itm vs (x#bs) t /  Ipoly vs c ))#bs) (Le (CNP 0 a b))" (is "?lhs = ?rhs")
  2663   using nz l tmbound0_I[of b vs x bs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" , symmetric]
  2664   by (simp add: msubstleneg_def field_simps del: minus_add_distrib)
  2665 
  2666 fun msubstpos :: "fm \<Rightarrow> poly \<Rightarrow> tm \<Rightarrow> fm" where
  2667   "msubstpos (And p q) c t = And (msubstpos p c t) (msubstpos q c t)"
  2668 | "msubstpos (Or p q) c t = Or (msubstpos p c t) (msubstpos q c t)"
  2669 | "msubstpos (Eq (CNP 0 a r)) c t = msubsteq2 c t a r"
  2670 | "msubstpos (NEq (CNP 0 a r)) c t = NOT (msubsteq2 c t a r)"
  2671 | "msubstpos (Lt (CNP 0 a r)) c t = msubstltpos c t a r"
  2672 | "msubstpos (Le (CNP 0 a r)) c t = msubstlepos c t a r"
  2673 | "msubstpos p c t = p"
  2674     
  2675 lemma msubstpos_I: 
  2676   assumes lp: "islin p" and pos: "Ipoly vs c > 0"
  2677   shows "Ifm vs (x#bs) (msubstpos p c t) = Ifm vs (Itm vs (x#bs) t /  Ipoly vs c #bs) p"
  2678   using lp pos
  2679   by (induct p rule: islin.induct, auto simp add: msubsteq2 msubstltpos[OF pos] msubstlepos[OF pos] tmbound0_I[of _ vs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" bs x] bound0_I[of _ vs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" bs x] field_simps)
  2680 
  2681 fun msubstneg :: "fm \<Rightarrow> poly \<Rightarrow> tm \<Rightarrow> fm" where
  2682   "msubstneg (And p q) c t = And (msubstneg p c t) (msubstneg q c t)"
  2683 | "msubstneg (Or p q) c t = Or (msubstneg p c t) (msubstneg q c t)"
  2684 | "msubstneg (Eq (CNP 0 a r)) c t = msubsteq2 c t a r"
  2685 | "msubstneg (NEq (CNP 0 a r)) c t = NOT (msubsteq2 c t a r)"
  2686 | "msubstneg (Lt (CNP 0 a r)) c t = msubstltneg c t a r"
  2687 | "msubstneg (Le (CNP 0 a r)) c t = msubstleneg c t a r"
  2688 | "msubstneg p c t = p"
  2689 
  2690 lemma msubstneg_I: 
  2691   assumes lp: "islin p" and pos: "Ipoly vs c < 0"
  2692   shows "Ifm vs (x#bs) (msubstneg p c t) = Ifm vs (Itm vs (x#bs) t /  Ipoly vs c #bs) p"
  2693   using lp pos
  2694   by (induct p rule: islin.induct, auto simp add: msubsteq2 msubstltneg[OF pos] msubstleneg[OF pos] tmbound0_I[of _ vs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" bs x] bound0_I[of _ vs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" bs x] field_simps)
  2695 
  2696 
  2697 definition "msubst2 p c t = disj (conj (lt (CP (polyneg c))) (simpfm (msubstpos p c t))) (conj (lt (CP c)) (simpfm (msubstneg p c t)))"
  2698 
  2699 lemma msubst2: assumes lp: "islin p" and nc: "isnpoly c" and nz: "Ipoly vs c \<noteq> 0"
  2700   shows "Ifm vs (x#bs) (msubst2 p c t) = Ifm vs (Itm vs (x#bs) t /  Ipoly vs c #bs) p"
  2701 proof-
  2702   let ?c = "Ipoly vs c"
  2703   from nc have anc: "allpolys isnpoly (CP c)" "allpolys isnpoly (CP (~\<^sub>p c))" 
  2704     by (simp_all add: polyneg_norm)
  2705   from nz have "?c > 0 \<or> ?c < 0" by arith
  2706   moreover
  2707   {assume c: "?c < 0"
  2708     from c msubstneg_I[OF lp c, of x bs t] lt[OF anc(1), of vs "x#bs"] lt[OF anc(2), of vs "x#bs"]
  2709     have ?thesis by (auto simp add: msubst2_def)}
  2710   moreover
  2711   {assume c: "?c > 0"
  2712     from c msubstpos_I[OF lp c, of x bs t] lt[OF anc(1), of vs "x#bs"] lt[OF anc(2), of vs "x#bs"]
  2713     have ?thesis by (auto simp add: msubst2_def)}
  2714   ultimately show ?thesis by blast
  2715 qed
  2716 
  2717 term msubsteq2
  2718 lemma msubsteq2_nb: "tmbound0 t \<Longrightarrow> islin (Eq (CNP 0 a r)) \<Longrightarrow> bound0 (msubsteq2 c t a r)"
  2719   by (simp add: msubsteq2_def)
  2720 
  2721 lemma msubstltpos_nb: "tmbound0 t \<Longrightarrow> islin (Lt (CNP 0 a r)) \<Longrightarrow> bound0 (msubstltpos c t a r)"
  2722   by (simp add: msubstltpos_def)
  2723 lemma msubstltneg_nb: "tmbound0 t \<Longrightarrow> islin (Lt (CNP 0 a r)) \<Longrightarrow> bound0 (msubstltneg c t a r)"
  2724   by (simp add: msubstltneg_def)
  2725 
  2726 lemma msubstlepos_nb: "tmbound0 t \<Longrightarrow> islin (Le (CNP 0 a r)) \<Longrightarrow> bound0 (msubstlepos c t a r)"
  2727   by (simp add: msubstlepos_def)
  2728 lemma msubstleneg_nb: "tmbound0 t \<Longrightarrow> islin (Le (CNP 0 a r)) \<Longrightarrow> bound0 (msubstleneg c t a r)"
  2729   by (simp add: msubstleneg_def)
  2730 
  2731 lemma msubstpos_nb: assumes lp: "islin p" and tnb: "tmbound0 t"
  2732   shows "bound0 (msubstpos p c t)"
  2733 using lp tnb
  2734 by (induct p c t rule: msubstpos.induct, auto simp add: msubsteq2_nb msubstltpos_nb msubstlepos_nb)
  2735 
  2736 lemma msubstneg_nb: assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})" and lp: "islin p" and tnb: "tmbound0 t"
  2737   shows "bound0 (msubstneg p c t)"
  2738 using lp tnb
  2739 by (induct p c t rule: msubstneg.induct, auto simp add: msubsteq2_nb msubstltneg_nb msubstleneg_nb)
  2740 
  2741 lemma msubst2_nb: assumes "SORT_CONSTRAINT('a::{field_char_0, field_inverse_zero})" and lp: "islin p" and tnb: "tmbound0 t"
  2742   shows "bound0 (msubst2 p c t)"
  2743 using lp tnb
  2744 by (simp add: msubst2_def msubstneg_nb msubstpos_nb conj_nb disj_nb lt_nb simpfm_bound0)
  2745     
  2746 lemma of_int2: "of_int 2 = 1 + 1"
  2747 proof-
  2748   have "(2::int) = 1 + 1" by simp
  2749   hence "of_int 2 = of_int (1 + 1)" by simp
  2750   thus ?thesis unfolding of_int_add by simp
  2751 qed
  2752 
  2753 lemma of_int_minus2: "of_int (-2) = - (1 + 1)"
  2754 proof-
  2755   have th: "(-2::int) = - 2" by simp
  2756   show ?thesis unfolding th by (simp only: of_int_minus of_int2)
  2757 qed
  2758 
  2759 
  2760 lemma islin_qf: "islin p \<Longrightarrow> qfree p"
  2761   by (induct p rule: islin.induct, auto simp add: bound0_qf)
  2762 lemma fr_eq_msubst2: 
  2763   assumes lp: "islin p"
  2764   shows "(\<exists> x. Ifm vs (x#bs) p) \<longleftrightarrow> ((Ifm vs (x#bs) (minusinf p)) \<or> (Ifm vs (x#bs) (plusinf p)) \<or> Ifm vs (x#bs) (subst0 (CP 0\<^sub>p) p) \<or> (\<exists>(n, t)\<in>set (uset p). Ifm vs (x# bs) (msubst2 p (n *\<^sub>p (C (-2,1))) t)) \<or> (\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). Ifm vs (x#bs) (msubst2 p (C (-2, 1) *\<^sub>p c*\<^sub>p d) (Add (Mul d t) (Mul c s)))))"
  2765   (is "(\<exists> x. ?I x p) = (?M \<or> ?P \<or> ?Pz \<or> ?PU \<or> ?F)" is "?E = ?D")
  2766 proof-
  2767   from uset_l[OF lp] have th: "\<forall>(c, s)\<in>set (uset p). isnpoly c \<and> tmbound0 s" by blast
  2768   let ?I = "\<lambda>p. Ifm vs (x#bs) p"
  2769   have n2: "isnpoly (C (-2,1))" by (simp add: isnpoly_def)
  2770   note eq0 = subst0[OF islin_qf[OF lp], of vs x bs "CP 0\<^sub>p", simplified]
  2771   
  2772   have eq1: "(\<exists>(n, t)\<in>set (uset p). ?I (msubst2 p (n *\<^sub>p (C (-2,1))) t)) \<longleftrightarrow> (\<exists>(n, t)\<in>set (uset p). \<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0 \<and> Ifm vs (- Itm vs (x # bs) t / (\<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> * (1 + 1)) # bs) p)"
  2773   proof-
  2774     {fix n t assume H: "(n, t)\<in>set (uset p)" "?I(msubst2 p (n *\<^sub>p C (-2, 1)) t)"
  2775       from H(1) th have "isnpoly n" by blast
  2776       hence nn: "isnpoly (n *\<^sub>p (C (-2,1)))" by (simp_all add: polymul_norm n2)
  2777       have nn': "allpolys isnpoly (CP (~\<^sub>p (n *\<^sub>p C (-2, 1))))"
  2778         by (simp add: polyneg_norm nn)
  2779       hence nn2: "\<lparr>n *\<^sub>p(C (-2,1)) \<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "\<lparr>n \<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" using H(2) nn' nn 
  2780         by (auto simp add: msubst2_def lt zero_less_mult_iff mult_less_0_iff)
  2781       from msubst2[OF lp nn nn2(1), of x bs t]
  2782       have "\<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0 \<and> Ifm vs (- Itm vs (x # bs) t / (\<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> * (1 + 1)) # bs) p"
  2783         using H(2) nn2 by (simp add: of_int_minus2 del: minus_add_distrib)}
  2784     moreover
  2785     {fix n t assume H: "(n, t)\<in>set (uset p)" "\<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "Ifm vs (- Itm vs (x # bs) t / (\<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> * (1 + 1)) # bs) p"
  2786       from H(1) th have "isnpoly n" by blast
  2787       hence nn: "isnpoly (n *\<^sub>p (C (-2,1)))" "\<lparr>n *\<^sub>p(C (-2,1)) \<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0"
  2788         using H(2) by (simp_all add: polymul_norm n2)
  2789       from msubst2[OF lp nn, of x bs t] have "?I (msubst2 p (n *\<^sub>p (C (-2,1))) t)" using H(2,3) by (simp add: of_int_minus2 del: minus_add_distrib)}
  2790     ultimately show ?thesis by blast
  2791   qed
  2792   have eq2: "(\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). Ifm vs (x#bs) (msubst2 p (C (-2, 1) *\<^sub>p c*\<^sub>p d) (Add (Mul d t) (Mul c s)))) \<longleftrightarrow> (\<exists>(n, t)\<in>set (uset p).
  2793      \<exists>(m, s)\<in>set (uset p). \<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0 \<and> \<lparr>m\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0 \<and> Ifm vs ((- Itm vs (x # bs) t / \<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>m\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / (1 + 1) # bs) p)" 
  2794   proof-
  2795     {fix c t d s assume H: "(c,t) \<in> set (uset p)" "(d,s) \<in> set (uset p)" 
  2796      "Ifm vs (x#bs) (msubst2 p (C (-2, 1) *\<^sub>p c*\<^sub>p d) (Add (Mul d t) (Mul c s)))"
  2797       from H(1,2) th have "isnpoly c" "isnpoly d" by blast+
  2798       hence nn: "isnpoly (C (-2, 1) *\<^sub>p c*\<^sub>p d)" 
  2799         by (simp_all add: polymul_norm n2)
  2800       have stupid: "allpolys isnpoly (CP (~\<^sub>p (C (-2, 1) *\<^sub>p c *\<^sub>p d)))" "allpolys isnpoly (CP ((C (-2, 1) *\<^sub>p c *\<^sub>p d)))"
  2801         by (simp_all add: polyneg_norm nn)
  2802       have nn': "\<lparr>(C (-2, 1) *\<^sub>p c*\<^sub>p d)\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "\<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "\<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0"
  2803         using H(3) by (auto simp add: msubst2_def lt[OF stupid(1)]  lt[OF stupid(2)] zero_less_mult_iff mult_less_0_iff)
  2804       from msubst2[OF lp nn nn'(1), of x bs ] H(3) nn'
  2805       have "\<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0 \<and> \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0 \<and> Ifm vs ((- Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / (1 + 1) # bs) p" 
  2806         apply (simp add: add_divide_distrib of_int_minus2 del: minus_add_distrib)
  2807         by (simp add: mult_commute)}
  2808     moreover
  2809     {fix c t d s assume H: "(c,t) \<in> set (uset p)" "(d,s) \<in> set (uset p)" 
  2810       "\<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "\<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "Ifm vs ((- Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / (1 + 1) # bs) p"
  2811      from H(1,2) th have "isnpoly c" "isnpoly d" by blast+
  2812       hence nn: "isnpoly (C (-2, 1) *\<^sub>p c*\<^sub>p d)" "\<lparr>(C (-2, 1) *\<^sub>p c*\<^sub>p d)\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0"
  2813         using H(3,4) by (simp_all add: polymul_norm n2)
  2814       from msubst2[OF lp nn, of x bs ] H(3,4,5) 
  2815       have "Ifm vs (x#bs) (msubst2 p (C (-2, 1) *\<^sub>p c*\<^sub>p d) (Add (Mul d t) (Mul c s)))" apply (simp add: add_divide_distrib of_int_minus2 del: minus_add_distrib)by (simp add: mult_commute)}
  2816     ultimately show ?thesis by blast
  2817   qed
  2818   from fr_eq2[OF lp, of vs bs x] show ?thesis
  2819     unfolding eq0 eq1 eq2 by blast  
  2820 qed
  2821 
  2822 definition 
  2823 "ferrack2 p \<equiv> let q = simpfm p ; mp = minusinf q ; pp = plusinf q
  2824  in if (mp = T \<or> pp = T) then T 
  2825   else (let U = remdps (uset  q)
  2826     in decr0 (list_disj [mp, pp, simpfm (subst0 (CP 0\<^sub>p) q), evaldjf (\<lambda>(c,t). msubst2 q (c *\<^sub>p C (-2, 1)) t) U, 
  2827    evaldjf (\<lambda>((b,a),(d,c)). msubst2 q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))) (alluopairs U)]))"
  2828 
  2829 definition "frpar2 p = simpfm (qelim (prep p) ferrack2)"
  2830 
  2831 lemma ferrack2: assumes qf: "qfree p"
  2832   shows "qfree (ferrack2 p) \<and> ((Ifm vs bs (ferrack2 p)) = (Ifm vs bs (E p)))"
  2833   (is "_ \<and> (?rhs = ?lhs)")
  2834 proof-
  2835   let ?J = "\<lambda> x p. Ifm vs (x#bs) p"
  2836   let ?N = "\<lambda> t. Ipoly vs t"
  2837   let ?Nt = "\<lambda>x t. Itm vs (x#bs) t"
  2838   let ?q = "simpfm p" 
  2839   let ?qz = "subst0 (CP 0\<^sub>p) ?q"
  2840   let ?U = "remdps(uset ?q)"
  2841   let ?Up = "alluopairs ?U"
  2842   let ?mp = "minusinf ?q"
  2843   let ?pp = "plusinf ?q"
  2844   let ?I = "\<lambda>p. Ifm vs (x#bs) p"
  2845   from simpfm_lin[OF qf] simpfm_qf[OF qf] have lq: "islin ?q" and q_qf: "qfree ?q" .
  2846   from minusinf_nb[OF lq] plusinf_nb[OF lq] have mp_nb: "bound0 ?mp" and pp_nb: "bound0 ?pp" .
  2847   from bound0_qf[OF mp_nb] bound0_qf[OF pp_nb] have mp_qf: "qfree ?mp" and pp_qf: "qfree ?pp" .
  2848   from uset_l[OF lq] have U_l: "\<forall>(c, s)\<in>set ?U. isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s"
  2849     by simp
  2850   have bnd0: "\<forall>x \<in> set ?U. bound0 ((\<lambda>(c,t). msubst2 ?q (c *\<^sub>p C (-2, 1)) t) x)" 
  2851   proof-
  2852     {fix c t assume ct: "(c,t) \<in> set ?U"
  2853       hence tnb: "tmbound0 t" using U_l by blast
  2854       from msubst2_nb[OF lq tnb]
  2855       have "bound0 ((\<lambda>(c,t). msubst2 ?q (c *\<^sub>p C (-2, 1)) t) (c,t))" by simp}
  2856     thus ?thesis by auto
  2857   qed
  2858   have bnd1: "\<forall>x \<in> set ?Up. bound0 ((\<lambda>((b,a),(d,c)). msubst2 ?q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))) x)" 
  2859   proof-
  2860     {fix b a d c assume badc: "((b,a),(d,c)) \<in> set ?Up"
  2861       from badc U_l alluopairs_set1[of ?U] 
  2862       have nb: "tmbound0 (Add (Mul d a) (Mul b c))" by auto
  2863       from msubst2_nb[OF lq nb] have "bound0 ((\<lambda>((b,a),(d,c)). msubst2 ?q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))) ((b,a),(d,c)))" by simp}
  2864     thus ?thesis by auto
  2865   qed
  2866   have stupid: "bound0 F" by simp
  2867   let ?R = "list_disj [?mp, ?pp, simpfm (subst0 (CP 0\<^sub>p) ?q), evaldjf (\<lambda>(c,t). msubst2 ?q (c *\<^sub>p C (-2, 1)) t) ?U, 
  2868    evaldjf (\<lambda>((b,a),(d,c)). msubst2 ?q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))) (alluopairs ?U)]"
  2869   from subst0_nb[of "CP 0\<^sub>p" ?q] q_qf evaldjf_bound0[OF bnd1] evaldjf_bound0[OF bnd0] mp_nb pp_nb stupid
  2870   have nb: "bound0 ?R "
  2871     by (simp add: list_disj_def disj_nb0 simpfm_bound0)
  2872   let ?s = "\<lambda>((b,a),(d,c)). msubst2 ?q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))"
  2873 
  2874   {fix b a d c assume baU: "(b,a) \<in> set ?U" and dcU: "(d,c) \<in> set ?U"
  2875     from U_l baU dcU have norm: "isnpoly b" "isnpoly d" "isnpoly (C (-2, 1))" 
  2876       by auto (simp add: isnpoly_def)
  2877     have norm2: "isnpoly (C (-2, 1) *\<^sub>p b*\<^sub>p d)" "isnpoly (C (-2, 1) *\<^sub>p d*\<^sub>p b)"
  2878       using norm by (simp_all add: polymul_norm)
  2879     have stupid: "allpolys isnpoly (CP (C (-2, 1) *\<^sub>p b*\<^sub>p d))" "allpolys isnpoly (CP (C (-2, 1) *\<^sub>p d*\<^sub>p b))" "allpolys isnpoly (CP (~\<^sub>p(C (-2, 1) *\<^sub>p b*\<^sub>p d)))" "allpolys isnpoly (CP (~\<^sub>p(C (-2, 1) *\<^sub>p d*\<^sub>p b)))"
  2880       by (simp_all add: polyneg_norm norm2)
  2881     have "?I (msubst2 ?q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))) = ?I (msubst2 ?q (C (-2, 1) *\<^sub>p d*\<^sub>p b) (Add (Mul b c) (Mul d a)))" (is "?lhs \<longleftrightarrow> ?rhs")
  2882     proof
  2883       assume H: ?lhs
  2884       hence z: "\<lparr>C (-2, 1) *\<^sub>p b *\<^sub>p d\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "\<lparr>C (-2, 1) *\<^sub>p d *\<^sub>p b\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" 
  2885         by (auto simp add: msubst2_def lt[OF stupid(3)] lt[OF stupid(1)] mult_less_0_iff zero_less_mult_iff)
  2886       from msubst2[OF lq norm2(1) z(1), of x bs] 
  2887         msubst2[OF lq norm2(2) z(2), of x bs] H 
  2888       show ?rhs by (simp add: field_simps)
  2889     next
  2890       assume H: ?rhs
  2891       hence z: "\<lparr>C (-2, 1) *\<^sub>p b *\<^sub>p d\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "\<lparr>C (-2, 1) *\<^sub>p d *\<^sub>p b\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" 
  2892         by (auto simp add: msubst2_def lt[OF stupid(4)] lt[OF stupid(2)] mult_less_0_iff zero_less_mult_iff)
  2893       from msubst2[OF lq norm2(1) z(1), of x bs] 
  2894         msubst2[OF lq norm2(2) z(2), of x bs] H 
  2895       show ?lhs by (simp add: field_simps)
  2896     qed}
  2897   hence th0: "\<forall>x \<in> set ?U. \<forall>y \<in> set ?U. ?I (?s (x, y)) \<longleftrightarrow> ?I (?s (y, x))"
  2898     by clarsimp
  2899 
  2900   have "?lhs \<longleftrightarrow> (\<exists>x. Ifm vs (x#bs) ?q)" by simp
  2901   also have "\<dots> \<longleftrightarrow> ?I ?mp \<or> ?I ?pp \<or> ?I (subst0 (CP 0\<^sub>p) ?q) \<or> (\<exists>(n,t) \<in> set ?U. ?I (msubst2 ?q (n *\<^sub>p C (-2, 1)) t)) \<or> (\<exists>(b, a)\<in>set ?U. \<exists>(d, c)\<in>set ?U. ?I (msubst2 ?q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))))"
  2902     using fr_eq_msubst2[OF lq, of vs bs x] by simp
  2903   also have "\<dots> \<longleftrightarrow> ?I ?mp \<or> ?I ?pp \<or> ?I (subst0 (CP 0\<^sub>p) ?q) \<or> (\<exists>(n,t) \<in> set ?U. ?I (msubst2 ?q (n *\<^sub>p C (-2, 1)) t)) \<or> (\<exists> x\<in>set ?U. \<exists> y \<in>set ?U. ?I (?s (x,y)))"
  2904     by (simp add: split_def)
  2905   also have "\<dots> \<longleftrightarrow> ?I ?mp \<or> ?I ?pp \<or> ?I (subst0 (CP 0\<^sub>p) ?q) \<or> (\<exists>(n,t) \<in> set ?U. ?I (msubst2 ?q (n *\<^sub>p C (-2, 1)) t)) \<or> (\<exists> (x,y) \<in> set ?Up. ?I (?s (x,y)))"
  2906     using alluopairs_ex[OF th0] by simp 
  2907   also have "\<dots> \<longleftrightarrow> ?I ?R" 
  2908     by (simp add: list_disj_def evaldjf_ex split_def)
  2909   also have "\<dots> \<longleftrightarrow> ?rhs"
  2910     unfolding ferrack2_def
  2911     apply (cases "?mp = T") 
  2912     apply (simp add: list_disj_def)
  2913     apply (cases "?pp = T") 
  2914     apply (simp add: list_disj_def)
  2915     by (simp_all add: Let_def decr0[OF nb])
  2916   finally show ?thesis using decr0_qf[OF nb]  
  2917     by (simp  add: ferrack2_def Let_def)
  2918 qed
  2919 
  2920 lemma frpar2: "qfree (frpar2 p) \<and> (Ifm vs bs (frpar2 p) \<longleftrightarrow> Ifm vs bs p)"
  2921 proof-
  2922   from ferrack2 have th: "\<forall>bs p. qfree p \<longrightarrow> qfree (ferrack2 p) \<and> Ifm vs bs (ferrack2 p) = Ifm vs bs (E p)" by blast
  2923   from qelim[OF th, of "prep p" bs] 
  2924 show ?thesis  unfolding frpar2_def by (auto simp add: prep)
  2925 qed
  2926 
  2927 ML {* 
  2928 structure ReflectedFRPar = 
  2929 struct
  2930 
  2931 val bT = HOLogic.boolT;
  2932 fun num rT x = HOLogic.mk_number rT x;
  2933 fun rrelT rT = [rT,rT] ---> rT;
  2934 fun rrT rT = [rT, rT] ---> bT;
  2935 fun divt rT = Const(@{const_name Rings.divide},rrelT rT);
  2936 fun timest rT = Const(@{const_name Groups.times},rrelT rT);
  2937 fun plust rT = Const(@{const_name Groups.plus},rrelT rT);
  2938 fun minust rT = Const(@{const_name Groups.minus},rrelT rT);
  2939 fun uminust rT = Const(@{const_name Groups.uminus}, rT --> rT);
  2940 fun powt rT = Const(@{const_name "power"}, [rT,@{typ "nat"}] ---> rT);
  2941 val brT = [bT, bT] ---> bT;
  2942 val nott = @{term "Not"};
  2943 val conjt = @{term HOL.conj};
  2944 val disjt = @{term HOL.disj};
  2945 val impt = @{term HOL.implies};
  2946 val ifft = @{term "op = :: bool => _"}
  2947 fun llt rT = Const(@{const_name Orderings.less},rrT rT);
  2948 fun lle rT = Const(@{const_name Orderings.less},rrT rT);
  2949 fun eqt rT = Const(@{const_name HOL.eq},rrT rT);
  2950 fun rz rT = Const(@{const_name Groups.zero},rT);
  2951 
  2952 fun dest_nat t = case t of
  2953   Const (@{const_name Suc}, _) $ t' => 1 + dest_nat t'
  2954 | _ => (snd o HOLogic.dest_number) t;
  2955 
  2956 fun num_of_term m t = 
  2957  case t of
  2958    Const(@{const_name Groups.uminus},_)$t => @{code poly.Neg} (num_of_term m t)
  2959  | Const(@{const_name Groups.plus},_)$a$b => @{code poly.Add} (num_of_term m a, num_of_term m b)
  2960  | Const(@{const_name Groups.minus},_)$a$b => @{code poly.Sub} (num_of_term m a, num_of_term m b)
  2961  | Const(@{const_name Groups.times},_)$a$b => @{code poly.Mul} (num_of_term m a, num_of_term m b)
  2962  | Const(@{const_name Power.power},_)$a$n => @{code poly.Pw} (num_of_term m a, dest_nat n)
  2963  | Const(@{const_name Rings.divide},_)$a$b => @{code poly.C} (HOLogic.dest_number a |> snd, HOLogic.dest_number b |> snd)
  2964  | _ => (@{code poly.C} (HOLogic.dest_number t |> snd,1) 
  2965          handle TERM _ => @{code poly.Bound} (AList.lookup (op aconv) m t |> the));
  2966 
  2967 fun tm_of_term m m' t = 
  2968  case t of
  2969    Const(@{const_name Groups.uminus},_)$t => @{code Neg} (tm_of_term m m' t)
  2970  | Const(@{const_name Groups.plus},_)$a$b => @{code Add} (tm_of_term m m' a, tm_of_term m m' b)
  2971  | Const(@{const_name Groups.minus},_)$a$b => @{code Sub} (tm_of_term m m' a, tm_of_term m m' b)
  2972  | Const(@{const_name Groups.times},_)$a$b => @{code Mul} (num_of_term m' a, tm_of_term m m' b)
  2973  | _ => (@{code CP} (num_of_term m' t) 
  2974          handle TERM _ => @{code Bound} (AList.lookup (op aconv) m t |> the)
  2975               | Option => @{code Bound} (AList.lookup (op aconv) m t |> the));
  2976 
  2977 fun term_of_num T m t = 
  2978  case t of
  2979   @{code poly.C} (a,b) => (if b = 1 then num T a else if b=0 then (rz T) 
  2980                                         else (divt T) $ num T a $ num T b)
  2981 | @{code poly.Bound} i => AList.lookup (op = : int*int -> bool) m i |> the
  2982 | @{code poly.Add} (a,b) => (plust T)$(term_of_num T m a)$(term_of_num T m b)
  2983 | @{code poly.Mul} (a,b) => (timest T)$(term_of_num T m a)$(term_of_num T m b)
  2984 | @{code poly.Sub} (a,b) => (minust T)$(term_of_num T m a)$(term_of_num T m b)
  2985 | @{code poly.Neg} a => (uminust T)$(term_of_num T m a)
  2986 | @{code poly.Pw} (a,n) => (powt T)$(term_of_num T m t)$(HOLogic.mk_number HOLogic.natT n)
  2987 | @{code poly.CN} (c,n,p) => term_of_num T m (@{code poly.Add} (c, @{code poly.Mul} (@{code poly.Bound} n, p)))
  2988 | _ => error "term_of_num: Unknown term";
  2989 
  2990 fun term_of_tm T m m' t = 
  2991  case t of
  2992   @{code CP} p => term_of_num T m' p
  2993 | @{code Bound} i => AList.lookup (op = : int*int -> bool) m i |> the
  2994 | @{code Add} (a,b) => (plust T)$(term_of_tm T m m' a)$(term_of_tm T m m' b)
  2995 | @{code Mul} (a,b) => (timest T)$(term_of_num T m' a)$(term_of_tm T m m' b)
  2996 | @{code Sub} (a,b) => (minust T)$(term_of_tm T m m' a)$(term_of_tm T m m' b)
  2997 | @{code Neg} a => (uminust T)$(term_of_tm T m m' a)
  2998 | @{code CNP} (n,c,p) => term_of_tm T m m' (@{code Add}
  2999      (@{code Mul} (c, @{code Bound} n), p))
  3000 | _ => error "term_of_tm: Unknown term";
  3001 
  3002 fun fm_of_term m m' fm = 
  3003  case fm of
  3004     Const(@{const_name True},_) => @{code T}
  3005   | Const(@{const_name False},_) => @{code F}
  3006   | Const(@{const_name Not},_)$p => @{code NOT} (fm_of_term m m' p)
  3007   | Const(@{const_name HOL.conj},_)$p$q => @{code And} (fm_of_term m m' p, fm_of_term m m' q)
  3008   | Const(@{const_name HOL.disj},_)$p$q => @{code Or} (fm_of_term m m' p, fm_of_term m m' q)
  3009   | Const(@{const_name HOL.implies},_)$p$q => @{code Imp} (fm_of_term m m' p, fm_of_term m m' q)
  3010   | Const(@{const_name HOL.eq},ty)$p$q => 
  3011        if domain_type ty = bT then @{code Iff} (fm_of_term m m' p, fm_of_term m m' q)
  3012        else @{code Eq} (@{code Sub} (tm_of_term m m' p, tm_of_term m m' q))
  3013   | Const(@{const_name Orderings.less},_)$p$q => 
  3014         @{code Lt} (@{code Sub} (tm_of_term m m' p, tm_of_term m m' q))
  3015   | Const(@{const_name Orderings.less_eq},_)$p$q => 
  3016         @{code Le} (@{code Sub} (tm_of_term m m' p, tm_of_term m m' q))
  3017   | Const(@{const_name Ex},_)$Abs(xn,xT,p) => 
  3018      let val (xn', p') =  variant_abs (xn,xT,p)
  3019          val x = Free(xn',xT)
  3020          fun incr i = i + 1
  3021          val m0 = (x,0):: (map (apsnd incr) m)
  3022       in @{code E} (fm_of_term m0 m' p') end
  3023   | Const(@{const_name All},_)$Abs(xn,xT,p) => 
  3024      let val (xn', p') =  variant_abs (xn,xT,p)
  3025          val x = Free(xn',xT)
  3026          fun incr i = i + 1
  3027          val m0 = (x,0):: (map (apsnd incr) m)
  3028       in @{code A} (fm_of_term m0 m' p') end
  3029   | _ => error "fm_of_term";
  3030 
  3031 
  3032 fun term_of_fm T m m' t = 
  3033   case t of
  3034     @{code T} => Const(@{const_name True},bT)
  3035   | @{code F} => Const(@{const_name False},bT)
  3036   | @{code NOT} p => nott $ (term_of_fm T m m' p)
  3037   | @{code And} (p,q) => conjt $ (term_of_fm T m m' p) $ (term_of_fm T m m' q)
  3038   | @{code Or} (p,q) => disjt $ (term_of_fm T m m' p) $ (term_of_fm T m m' q)
  3039   | @{code Imp} (p,q) => impt $ (term_of_fm T m m' p) $ (term_of_fm T m m' q)
  3040   | @{code Iff} (p,q) => ifft $ (term_of_fm T m m' p) $ (term_of_fm T m m' q)
  3041   | @{code Lt} p => (llt T) $ (term_of_tm T m m' p) $ (rz T)
  3042   | @{code Le} p => (lle T) $ (term_of_tm T m m' p) $ (rz T)
  3043   | @{code Eq} p => (eqt T) $ (term_of_tm T m m' p) $ (rz T)
  3044   | @{code NEq} p => nott $ ((eqt T) $ (term_of_tm T m m' p) $ (rz T))
  3045   | _ => error "term_of_fm: quantifiers!!!!???";
  3046 
  3047 fun frpar_oracle (T,m, m', fm) = 
  3048  let 
  3049    val t = HOLogic.dest_Trueprop fm
  3050    val im = 0 upto (length m - 1)
  3051    val im' = 0 upto (length m' - 1)   
  3052  in HOLogic.mk_Trueprop (HOLogic.mk_eq(t, term_of_fm T (im ~~ m) (im' ~~ m')  
  3053                                                      (@{code frpar} (fm_of_term (m ~~ im) (m' ~~ im') t))))
  3054  end;
  3055 
  3056 fun frpar_oracle2 (T,m, m', fm) = 
  3057  let 
  3058    val t = HOLogic.dest_Trueprop fm
  3059    val im = 0 upto (length m - 1)
  3060    val im' = 0 upto (length m' - 1)   
  3061  in HOLogic.mk_Trueprop (HOLogic.mk_eq(t, term_of_fm T (im ~~ m) (im' ~~ m')  
  3062                                                      (@{code frpar2} (fm_of_term (m ~~ im) (m' ~~ im') t))))
  3063  end;
  3064 
  3065 end;
  3066 
  3067 
  3068 *}
  3069 
  3070 oracle frpar_oracle = {* fn (ty, ts, ts', ct) => 
  3071  let 
  3072   val thy = Thm.theory_of_cterm ct
  3073  in cterm_of thy (ReflectedFRPar.frpar_oracle (ty,ts, ts', term_of ct))
  3074  end *}
  3075 
  3076 oracle frpar_oracle2 = {* fn (ty, ts, ts', ct) => 
  3077  let 
  3078   val thy = Thm.theory_of_cterm ct
  3079  in cterm_of thy (ReflectedFRPar.frpar_oracle2 (ty,ts, ts', term_of ct))
  3080  end *}
  3081 
  3082 ML{* 
  3083 structure FRParTac = 
  3084 struct
  3085 
  3086 fun frpar_tac T ps ctxt i = 
  3087  Object_Logic.full_atomize_tac i
  3088  THEN (fn st =>
  3089   let
  3090     val g = List.nth (cprems_of st, i - 1)
  3091     val thy = ProofContext.theory_of ctxt
  3092     val fs = subtract (op aconv) (map Free (Term.add_frees (term_of g) [])) ps
  3093     val th = frpar_oracle (T, fs,ps, (* Pattern.eta_long [] *)g)
  3094   in rtac (th RS iffD2) i st end);
  3095 
  3096 fun frpar2_tac T ps ctxt i = 
  3097  Object_Logic.full_atomize_tac i
  3098  THEN (fn st =>
  3099   let
  3100     val g = List.nth (cprems_of st, i - 1)
  3101     val thy = ProofContext.theory_of ctxt
  3102     val fs = subtract (op aconv) (map Free (Term.add_frees (term_of g) [])) ps
  3103     val th = frpar_oracle2 (T, fs,ps, (* Pattern.eta_long [] *)g)
  3104   in rtac (th RS iffD2) i st end);
  3105 
  3106 end;
  3107 
  3108 *}
  3109 
  3110 method_setup frpar = {*
  3111 let
  3112  fun keyword k = Scan.lift (Args.$$$ k -- Args.colon) >> K ()
  3113  fun simple_keyword k = Scan.lift (Args.$$$ k) >> K ()
  3114  val parsN = "pars"
  3115  val typN = "type"
  3116  val any_keyword = keyword parsN || keyword typN
  3117  val thms = Scan.repeat (Scan.unless any_keyword Attrib.multi_thm) >> flat
  3118  val cterms = thms >> map Drule.dest_term;
  3119  val terms = Scan.repeat (Scan.unless any_keyword Args.term)
  3120  val typ = Scan.unless any_keyword Args.typ
  3121 in
  3122  (keyword typN |-- typ) -- (keyword parsN |-- terms) >>
  3123   (fn (T,ps) => fn ctxt => SIMPLE_METHOD' (FRParTac.frpar_tac T ps ctxt))
  3124 end
  3125 *} "Parametric QE for linear Arithmetic over fields, Version 1"
  3126 
  3127 method_setup frpar2 = {*
  3128 let
  3129  fun keyword k = Scan.lift (Args.$$$ k -- Args.colon) >> K ()
  3130  fun simple_keyword k = Scan.lift (Args.$$$ k) >> K ()
  3131  val parsN = "pars"
  3132  val typN = "type"
  3133  val any_keyword = keyword parsN || keyword typN
  3134  val thms = Scan.repeat (Scan.unless any_keyword Attrib.multi_thm) >> flat
  3135  val cterms = thms >> map Drule.dest_term;
  3136  val terms = Scan.repeat (Scan.unless any_keyword Args.term)
  3137  val typ = Scan.unless any_keyword Args.typ
  3138 in
  3139  (keyword typN |-- typ) -- (keyword parsN |-- terms) >>
  3140   (fn (T,ps) => fn ctxt => SIMPLE_METHOD' (FRParTac.frpar2_tac T ps ctxt))
  3141 end
  3142 *} "Parametric QE for linear Arithmetic over fields, Version 2"
  3143 
  3144 
  3145 lemma "\<exists>(x::'a::{linordered_field_inverse_zero, number_ring}). y \<noteq> -1 \<longrightarrow> (y + 1)*x < 0"
  3146   apply (frpar type: "'a::{linordered_field_inverse_zero, number_ring}" pars: "y::'a::{linordered_field_inverse_zero, number_ring}")
  3147   apply (simp add: field_simps)
  3148   apply (rule spec[where x=y])
  3149   apply (frpar type: "'a::{linordered_field_inverse_zero, number_ring}" pars: "z::'a::{linordered_field_inverse_zero, number_ring}")
  3150   by simp
  3151 
  3152 text{* Collins/Jones Problem *}
  3153 (*
  3154 lemma "\<exists>(r::'a::{linordered_field_inverse_zero, number_ring}). 0 < r \<and> r < 1 \<and> 0 < (2 - 3*r) *(a^2 + b^2) + (2*a)*r \<and> (2 - 3*r) *(a^2 + b^2) + 4*a*r - 2*a - r < 0"
  3155 proof-
  3156   have "(\<exists>(r::'a::{linordered_field_inverse_zero, number_ring}). 0 < r \<and> r < 1 \<and> 0 < (2 - 3*r) *(a^2 + b^2) + (2*a)*r \<and> (2 - 3*r) *(a^2 + b^2) + 4*a*r - 2*a - r < 0) \<longleftrightarrow> (\<exists>(r::'a::{linordered_field_inverse_zero, number_ring}). 0 < r \<and> r < 1 \<and> 0 < 2 *(a^2 + b^2) - (3*(a^2 + b^2)) * r + (2*a)*r \<and> 2*(a^2 + b^2) - (3*(a^2 + b^2) - 4*a + 1)*r - 2*a < 0)" (is "?lhs \<longleftrightarrow> ?rhs")
  3157 by (simp add: field_simps)
  3158 have "?rhs"
  3159 
  3160   apply (frpar type: "'a::{linordered_field_inverse_zero, number_ring}" pars: "a::'a::{linordered_field_inverse_zero, number_ring}" "b::'a::{linordered_field_inverse_zero, number_ring}")
  3161   apply (simp add: field_simps)
  3162 oops
  3163 *)
  3164 (*
  3165 lemma "ALL (x::'a::{linordered_field_inverse_zero, number_ring}) y. (1 - t)*x \<le> (1+t)*y \<and> (1 - t)*y \<le> (1+t)*x --> 0 \<le> y"
  3166 apply (frpar type: "'a::{linordered_field_inverse_zero, number_ring}" pars: "t::'a::{linordered_field_inverse_zero, number_ring}")
  3167 oops
  3168 *)
  3169 
  3170 lemma "\<exists>(x::'a::{linordered_field_inverse_zero, number_ring}). y \<noteq> -1 \<longrightarrow> (y + 1)*x < 0"
  3171   apply (frpar2 type: "'a::{linordered_field_inverse_zero, number_ring}" pars: "y::'a::{linordered_field_inverse_zero, number_ring}")
  3172   apply (simp add: field_simps)
  3173   apply (rule spec[where x=y])
  3174   apply (frpar2 type: "'a::{linordered_field_inverse_zero, number_ring}" pars: "z::'a::{linordered_field_inverse_zero, number_ring}")
  3175   by simp
  3176 
  3177 text{* Collins/Jones Problem *}
  3178 
  3179 (*
  3180 lemma "\<exists>(r::'a::{linordered_field_inverse_zero, number_ring}). 0 < r \<and> r < 1 \<and> 0 < (2 - 3*r) *(a^2 + b^2) + (2*a)*r \<and> (2 - 3*r) *(a^2 + b^2) + 4*a*r - 2*a - r < 0"
  3181 proof-
  3182   have "(\<exists>(r::'a::{linordered_field_inverse_zero, number_ring}). 0 < r \<and> r < 1 \<and> 0 < (2 - 3*r) *(a^2 + b^2) + (2*a)*r \<and> (2 - 3*r) *(a^2 + b^2) + 4*a*r - 2*a - r < 0) \<longleftrightarrow> (\<exists>(r::'a::{linordered_field_inverse_zero, number_ring}). 0 < r \<and> r < 1 \<and> 0 < 2 *(a^2 + b^2) - (3*(a^2 + b^2)) * r + (2*a)*r \<and> 2*(a^2 + b^2) - (3*(a^2 + b^2) - 4*a + 1)*r - 2*a < 0)" (is "?lhs \<longleftrightarrow> ?rhs")
  3183 by (simp add: field_simps)
  3184 have "?rhs"
  3185   apply (frpar2 type: "'a::{linordered_field_inverse_zero, number_ring}" pars: "a::'a::{linordered_field_inverse_zero, number_ring}" "b::'a::{linordered_field_inverse_zero, number_ring}")
  3186   apply simp
  3187 oops
  3188 *)
  3189 
  3190 (*
  3191 lemma "ALL (x::'a::{linordered_field_inverse_zero, number_ring}) y. (1 - t)*x \<le> (1+t)*y \<and> (1 - t)*y \<le> (1+t)*x --> 0 \<le> y"
  3192 apply (frpar2 type: "'a::{linordered_field_inverse_zero, number_ring}" pars: "t::'a::{linordered_field_inverse_zero, number_ring}")
  3193 apply (simp add: field_simps linorder_neq_iff[symmetric])
  3194 apply ferrack
  3195 oops
  3196 *)
  3197 end