src/HOL/Decision_Procs/Parametric_Ferrante_Rackoff.thy
 author haftmann Mon Mar 01 13:40:23 2010 +0100 (2010-03-01) changeset 35416 d8d7d1b785af parent 35267 8dfd816713c6 child 35625 9c818cab0dd0 permissions -rw-r--r--
replaced a couple of constsdefs by definitions (also some old primrecs by modern ones)
```     1 (*  Title:      HOL/Decision_Procs/Parametric_Ferrante_Rackoff.thy
```
```     2     Author:     Amine Chaieb
```
```     3 *)
```
```     4
```
```     5 header{* A formalization of Ferrante and Rackoff's procedure with polynomial parameters, see Paper in CALCULEMUS 2008 *}
```
```     6
```
```     7 theory Parametric_Ferrante_Rackoff
```
```     8 imports Reflected_Multivariate_Polynomial
```
```     9   "~~/src/HOL/Decision_Procs/Dense_Linear_Order"
```
```    10   Efficient_Nat
```
```    11 begin
```
```    12
```
```    13 subsection {* Terms *}
```
```    14
```
```    15 datatype tm = CP poly | Bound nat | Add tm tm | Mul poly tm
```
```    16   | Neg tm | Sub tm tm | CNP nat poly tm
```
```    17   (* A size for poly to make inductive proofs simpler*)
```
```    18
```
```    19 consts tmsize :: "tm \<Rightarrow> nat"
```
```    20 primrec
```
```    21   "tmsize (CP c) = polysize c"
```
```    22   "tmsize (Bound n) = 1"
```
```    23   "tmsize (Neg a) = 1 + tmsize a"
```
```    24   "tmsize (Add a b) = 1 + tmsize a + tmsize b"
```
```    25   "tmsize (Sub a b) = 3 + tmsize a + tmsize b"
```
```    26   "tmsize (Mul c a) = 1 + polysize c + tmsize a"
```
```    27   "tmsize (CNP n c a) = 3 + polysize c + tmsize a "
```
```    28
```
```    29   (* Semantics of terms tm *)
```
```    30 consts Itm :: "'a::{ring_char_0,division_by_zero,field} list \<Rightarrow> 'a list \<Rightarrow> tm \<Rightarrow> 'a"
```
```    31 primrec
```
```    32   "Itm vs bs (CP c) = (Ipoly vs c)"
```
```    33   "Itm vs bs (Bound n) = bs!n"
```
```    34   "Itm vs bs (Neg a) = -(Itm vs bs a)"
```
```    35   "Itm vs bs (Add a b) = Itm vs bs a + Itm vs bs b"
```
```    36   "Itm vs bs (Sub a b) = Itm vs bs a - Itm vs bs b"
```
```    37   "Itm vs bs (Mul c a) = (Ipoly vs c) * Itm vs bs a"
```
```    38   "Itm vs bs (CNP n c t) = (Ipoly vs c)*(bs!n) + Itm vs bs t"
```
```    39
```
```    40
```
```    41 fun allpolys:: "(poly \<Rightarrow> bool) \<Rightarrow> tm \<Rightarrow> bool"  where
```
```    42   "allpolys P (CP c) = P c"
```
```    43 | "allpolys P (CNP n c p) = (P c \<and> allpolys P p)"
```
```    44 | "allpolys P (Mul c p) = (P c \<and> allpolys P p)"
```
```    45 | "allpolys P (Neg p) = allpolys P p"
```
```    46 | "allpolys P (Add p q) = (allpolys P p \<and> allpolys P q)"
```
```    47 | "allpolys P (Sub p q) = (allpolys P p \<and> allpolys P q)"
```
```    48 | "allpolys P p = True"
```
```    49
```
```    50 consts
```
```    51   tmboundslt:: "nat \<Rightarrow> tm \<Rightarrow> bool"
```
```    52   tmbound0:: "tm \<Rightarrow> bool" (* a tm is INDEPENDENT of Bound 0 *)
```
```    53   tmbound:: "nat \<Rightarrow> tm \<Rightarrow> bool" (* a tm is INDEPENDENT of Bound n *)
```
```    54   incrtm0:: "tm \<Rightarrow> tm"
```
```    55   incrtm:: "nat \<Rightarrow> tm \<Rightarrow> tm"
```
```    56   decrtm0:: "tm \<Rightarrow> tm"
```
```    57   decrtm:: "nat \<Rightarrow> tm \<Rightarrow> tm"
```
```    58 primrec
```
```    59   "tmboundslt n (CP c) = True"
```
```    60   "tmboundslt n (Bound m) = (m < n)"
```
```    61   "tmboundslt n (CNP m c a) = (m < n \<and> tmboundslt n a)"
```
```    62   "tmboundslt n (Neg a) = tmboundslt n a"
```
```    63   "tmboundslt n (Add a b) = (tmboundslt n a \<and> tmboundslt n b)"
```
```    64   "tmboundslt n (Sub a b) = (tmboundslt n a \<and> tmboundslt n b)"
```
```    65   "tmboundslt n (Mul i a) = tmboundslt n a"
```
```    66 primrec
```
```    67   "tmbound0 (CP c) = True"
```
```    68   "tmbound0 (Bound n) = (n>0)"
```
```    69   "tmbound0 (CNP n c a) = (n\<noteq>0 \<and> tmbound0 a)"
```
```    70   "tmbound0 (Neg a) = tmbound0 a"
```
```    71   "tmbound0 (Add a b) = (tmbound0 a \<and> tmbound0 b)"
```
```    72   "tmbound0 (Sub a b) = (tmbound0 a \<and> tmbound0 b)"
```
```    73   "tmbound0 (Mul i a) = tmbound0 a"
```
```    74 lemma tmbound0_I:
```
```    75   assumes nb: "tmbound0 a"
```
```    76   shows "Itm vs (b#bs) a = Itm vs (b'#bs) a"
```
```    77 using nb
```
```    78 by (induct a rule: tmbound0.induct,auto simp add: nth_pos2)
```
```    79
```
```    80 primrec
```
```    81   "tmbound n (CP c) = True"
```
```    82   "tmbound n (Bound m) = (n \<noteq> m)"
```
```    83   "tmbound n (CNP m c a) = (n\<noteq>m \<and> tmbound n a)"
```
```    84   "tmbound n (Neg a) = tmbound n a"
```
```    85   "tmbound n (Add a b) = (tmbound n a \<and> tmbound n b)"
```
```    86   "tmbound n (Sub a b) = (tmbound n a \<and> tmbound n b)"
```
```    87   "tmbound n (Mul i a) = tmbound n a"
```
```    88 lemma tmbound0_tmbound_iff: "tmbound 0 t = tmbound0 t" by (induct t, auto)
```
```    89
```
```    90 lemma tmbound_I:
```
```    91   assumes bnd: "tmboundslt (length bs) t" and nb: "tmbound n t" and le: "n \<le> length bs"
```
```    92   shows "Itm vs (bs[n:=x]) t = Itm vs bs t"
```
```    93   using nb le bnd
```
```    94   by (induct t rule: tmbound.induct , auto)
```
```    95
```
```    96 recdef decrtm0 "measure size"
```
```    97   "decrtm0 (Bound n) = Bound (n - 1)"
```
```    98   "decrtm0 (Neg a) = Neg (decrtm0 a)"
```
```    99   "decrtm0 (Add a b) = Add (decrtm0 a) (decrtm0 b)"
```
```   100   "decrtm0 (Sub a b) = Sub (decrtm0 a) (decrtm0 b)"
```
```   101   "decrtm0 (Mul c a) = Mul c (decrtm0 a)"
```
```   102   "decrtm0 (CNP n c a) = CNP (n - 1) c (decrtm0 a)"
```
```   103   "decrtm0 a = a"
```
```   104 recdef incrtm0 "measure size"
```
```   105   "incrtm0 (Bound n) = Bound (n + 1)"
```
```   106   "incrtm0 (Neg a) = Neg (incrtm0 a)"
```
```   107   "incrtm0 (Add a b) = Add (incrtm0 a) (incrtm0 b)"
```
```   108   "incrtm0 (Sub a b) = Sub (incrtm0 a) (incrtm0 b)"
```
```   109   "incrtm0 (Mul c a) = Mul c (incrtm0 a)"
```
```   110   "incrtm0 (CNP n c a) = CNP (n + 1) c (incrtm0 a)"
```
```   111   "incrtm0 a = a"
```
```   112 lemma decrtm0: assumes nb: "tmbound0 t"
```
```   113   shows "Itm vs (x#bs) t = Itm vs bs (decrtm0 t)"
```
```   114   using nb by (induct t rule: decrtm0.induct, simp_all add: nth_pos2)
```
```   115 lemma incrtm0: "Itm vs (x#bs) (incrtm0 t) = Itm vs bs t"
```
```   116   by (induct t rule: decrtm0.induct, simp_all add: nth_pos2)
```
```   117
```
```   118 primrec
```
```   119   "decrtm m (CP c) = (CP c)"
```
```   120   "decrtm m (Bound n) = (if n < m then Bound n else Bound (n - 1))"
```
```   121   "decrtm m (Neg a) = Neg (decrtm m a)"
```
```   122   "decrtm m (Add a b) = Add (decrtm m a) (decrtm m b)"
```
```   123   "decrtm m (Sub a b) = Sub (decrtm m a) (decrtm m b)"
```
```   124   "decrtm m (Mul c a) = Mul c (decrtm m a)"
```
```   125   "decrtm m (CNP n c a) = (if n < m then CNP n c (decrtm m a) else CNP (n - 1) c (decrtm m a))"
```
```   126
```
```   127 consts removen:: "nat \<Rightarrow> 'a list \<Rightarrow> 'a list"
```
```   128 primrec
```
```   129   "removen n [] = []"
```
```   130   "removen n (x#xs) = (if n=0 then xs else (x#(removen (n - 1) xs)))"
```
```   131
```
```   132 lemma removen_same: "n \<ge> length xs \<Longrightarrow> removen n xs = xs"
```
```   133   by (induct xs arbitrary: n, auto)
```
```   134
```
```   135 lemma nth_length_exceeds: "n \<ge> length xs \<Longrightarrow> xs!n = []!(n - length xs)"
```
```   136   by (induct xs arbitrary: n, auto)
```
```   137
```
```   138 lemma removen_length: "length (removen n xs) = (if n \<ge> length xs then length xs else length xs - 1)"
```
```   139   by (induct xs arbitrary: n, auto)
```
```   140 lemma removen_nth: "(removen n xs)!m = (if n \<ge> length xs then xs!m
```
```   141   else if m < n then xs!m else if m \<le> length xs then xs!(Suc m) else []!(m - (length xs - 1)))"
```
```   142 proof(induct xs arbitrary: n m)
```
```   143   case Nil thus ?case by simp
```
```   144 next
```
```   145   case (Cons x xs n m)
```
```   146   {assume nxs: "n \<ge> length (x#xs)" hence ?case using removen_same[OF nxs] by simp}
```
```   147   moreover
```
```   148   {assume nxs: "\<not> (n \<ge> length (x#xs))"
```
```   149     {assume mln: "m < n" hence ?case using prems by (cases m, auto)}
```
```   150     moreover
```
```   151     {assume mln: "\<not> (m < n)"
```
```   152
```
```   153       {assume mxs: "m \<le> length (x#xs)" hence ?case using prems by (cases m, auto)}
```
```   154       moreover
```
```   155       {assume mxs: "\<not> (m \<le> length (x#xs))"
```
```   156         have th: "length (removen n (x#xs)) = length xs"
```
```   157           using removen_length[where n="n" and xs="x#xs"] nxs by simp
```
```   158         with mxs have mxs':"m \<ge> length (removen n (x#xs))" by auto
```
```   159         hence "(removen n (x#xs))!m = [] ! (m - length xs)"
```
```   160           using th nth_length_exceeds[OF mxs'] by auto
```
```   161         hence th: "(removen n (x#xs))!m = [] ! (m - (length (x#xs) - 1))"
```
```   162           by auto
```
```   163         hence ?case using nxs mln mxs by auto }
```
```   164       ultimately have ?case by blast
```
```   165     }
```
```   166     ultimately have ?case by blast
```
```   167
```
```   168   }      ultimately show ?case by blast
```
```   169 qed
```
```   170
```
```   171 lemma decrtm: assumes bnd: "tmboundslt (length bs) t" and nb: "tmbound m t"
```
```   172   and nle: "m \<le> length bs"
```
```   173   shows "Itm vs (removen m bs) (decrtm m t) = Itm vs bs t"
```
```   174   using bnd nb nle
```
```   175   by (induct t rule: decrtm.induct, auto simp add: removen_nth)
```
```   176
```
```   177 consts tmsubst0:: "tm \<Rightarrow> tm \<Rightarrow> tm"
```
```   178 primrec
```
```   179   "tmsubst0 t (CP c) = CP c"
```
```   180   "tmsubst0 t (Bound n) = (if n=0 then t else Bound n)"
```
```   181   "tmsubst0 t (CNP n c a) = (if n=0 then Add (Mul c t) (tmsubst0 t a) else CNP n c (tmsubst0 t a))"
```
```   182   "tmsubst0 t (Neg a) = Neg (tmsubst0 t a)"
```
```   183   "tmsubst0 t (Add a b) = Add (tmsubst0 t a) (tmsubst0 t b)"
```
```   184   "tmsubst0 t (Sub a b) = Sub (tmsubst0 t a) (tmsubst0 t b)"
```
```   185   "tmsubst0 t (Mul i a) = Mul i (tmsubst0 t a)"
```
```   186 lemma tmsubst0:
```
```   187   shows "Itm vs (x#bs) (tmsubst0 t a) = Itm vs ((Itm vs (x#bs) t)#bs) a"
```
```   188 by (induct a rule: tmsubst0.induct,auto simp add: nth_pos2)
```
```   189
```
```   190 lemma tmsubst0_nb: "tmbound0 t \<Longrightarrow> tmbound0 (tmsubst0 t a)"
```
```   191 by (induct a rule: tmsubst0.induct,auto simp add: nth_pos2)
```
```   192
```
```   193 consts tmsubst:: "nat \<Rightarrow> tm \<Rightarrow> tm \<Rightarrow> tm"
```
```   194
```
```   195 primrec
```
```   196   "tmsubst n t (CP c) = CP c"
```
```   197   "tmsubst n t (Bound m) = (if n=m then t else Bound m)"
```
```   198   "tmsubst n t (CNP m c a) = (if n=m then Add (Mul c t) (tmsubst n t a)
```
```   199              else CNP m c (tmsubst n t a))"
```
```   200   "tmsubst n t (Neg a) = Neg (tmsubst n t a)"
```
```   201   "tmsubst n t (Add a b) = Add (tmsubst n t a) (tmsubst n t b)"
```
```   202   "tmsubst n t (Sub a b) = Sub (tmsubst n t a) (tmsubst n t b)"
```
```   203   "tmsubst n t (Mul i a) = Mul i (tmsubst n t a)"
```
```   204
```
```   205 lemma tmsubst: assumes nb: "tmboundslt (length bs) a" and nlt: "n \<le> length bs"
```
```   206   shows "Itm vs bs (tmsubst n t a) = Itm vs (bs[n:= Itm vs bs t]) a"
```
```   207 using nb nlt
```
```   208 by (induct a rule: tmsubst0.induct,auto simp add: nth_pos2)
```
```   209
```
```   210 lemma tmsubst_nb0: assumes tnb: "tmbound0 t"
```
```   211 shows "tmbound0 (tmsubst 0 t a)"
```
```   212 using tnb
```
```   213 by (induct a rule: tmsubst.induct, auto)
```
```   214
```
```   215 lemma tmsubst_nb: assumes tnb: "tmbound m t"
```
```   216 shows "tmbound m (tmsubst m t a)"
```
```   217 using tnb
```
```   218 by (induct a rule: tmsubst.induct, auto)
```
```   219 lemma incrtm0_tmbound: "tmbound n t \<Longrightarrow> tmbound (Suc n) (incrtm0 t)"
```
```   220   by (induct t, auto)
```
```   221   (* Simplification *)
```
```   222
```
```   223 consts
```
```   224   simptm:: "tm \<Rightarrow> tm"
```
```   225   tmadd:: "tm \<times> tm \<Rightarrow> tm"
```
```   226   tmmul:: "tm \<Rightarrow> poly \<Rightarrow> tm"
```
```   227 recdef tmadd "measure (\<lambda> (t,s). size t + size s)"
```
```   228   "tmadd (CNP n1 c1 r1,CNP n2 c2 r2) =
```
```   229   (if n1=n2 then
```
```   230   (let c = c1 +\<^sub>p c2
```
```   231   in if c = 0\<^sub>p then tmadd(r1,r2) else CNP n1 c (tmadd (r1,r2)))
```
```   232   else if n1 \<le> n2 then (CNP n1 c1 (tmadd (r1,CNP n2 c2 r2)))
```
```   233   else (CNP n2 c2 (tmadd (CNP n1 c1 r1,r2))))"
```
```   234   "tmadd (CNP n1 c1 r1,t) = CNP n1 c1 (tmadd (r1, t))"
```
```   235   "tmadd (t,CNP n2 c2 r2) = CNP n2 c2 (tmadd (t,r2))"
```
```   236   "tmadd (CP b1, CP b2) = CP (b1 +\<^sub>p b2)"
```
```   237   "tmadd (a,b) = Add a b"
```
```   238
```
```   239 lemma tmadd[simp]: "Itm vs bs (tmadd (t,s)) = Itm vs bs (Add t s)"
```
```   240 apply (induct t s rule: tmadd.induct, simp_all add: Let_def)
```
```   241 apply (case_tac "c1 +\<^sub>p c2 = 0\<^sub>p",case_tac "n1 \<le> n2", simp_all)
```
```   242 apply (case_tac "n1 = n2", simp_all add: ring_simps)
```
```   243 apply (simp only: right_distrib[symmetric])
```
```   244 by (auto simp del: polyadd simp add: polyadd[symmetric])
```
```   245
```
```   246 lemma tmadd_nb0[simp]: "\<lbrakk> tmbound0 t ; tmbound0 s\<rbrakk> \<Longrightarrow> tmbound0 (tmadd (t,s))"
```
```   247 by (induct t s rule: tmadd.induct, auto simp add: Let_def)
```
```   248
```
```   249 lemma tmadd_nb[simp]: "\<lbrakk> tmbound n t ; tmbound n s\<rbrakk> \<Longrightarrow> tmbound n (tmadd (t,s))"
```
```   250 by (induct t s rule: tmadd.induct, auto simp add: Let_def)
```
```   251 lemma tmadd_blt[simp]: "\<lbrakk>tmboundslt n t ; tmboundslt n s\<rbrakk> \<Longrightarrow> tmboundslt n (tmadd (t,s))"
```
```   252 by (induct t s rule: tmadd.induct, auto simp add: Let_def)
```
```   253
```
```   254 lemma tmadd_allpolys_npoly[simp]: "allpolys isnpoly t \<Longrightarrow> allpolys isnpoly s \<Longrightarrow> allpolys isnpoly (tmadd(t,s))" by (induct t s rule: tmadd.induct, simp_all add: Let_def polyadd_norm)
```
```   255
```
```   256 recdef tmmul "measure size"
```
```   257   "tmmul (CP j) = (\<lambda> i. CP (i *\<^sub>p j))"
```
```   258   "tmmul (CNP n c a) = (\<lambda> i. CNP n (i *\<^sub>p c) (tmmul a i))"
```
```   259   "tmmul t = (\<lambda> i. Mul i t)"
```
```   260
```
```   261 lemma tmmul[simp]: "Itm vs bs (tmmul t i) = Itm vs bs (Mul i t)"
```
```   262 by (induct t arbitrary: i rule: tmmul.induct, simp_all add: ring_simps)
```
```   263
```
```   264 lemma tmmul_nb0[simp]: "tmbound0 t \<Longrightarrow> tmbound0 (tmmul t i)"
```
```   265 by (induct t arbitrary: i rule: tmmul.induct, auto )
```
```   266
```
```   267 lemma tmmul_nb[simp]: "tmbound n t \<Longrightarrow> tmbound n (tmmul t i)"
```
```   268 by (induct t arbitrary: n rule: tmmul.induct, auto )
```
```   269 lemma tmmul_blt[simp]: "tmboundslt n t \<Longrightarrow> tmboundslt n (tmmul t i)"
```
```   270 by (induct t arbitrary: i rule: tmmul.induct, auto simp add: Let_def)
```
```   271
```
```   272 lemma tmmul_allpolys_npoly[simp]:
```
```   273   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero, field})"
```
```   274   shows "allpolys isnpoly t \<Longrightarrow> isnpoly c \<Longrightarrow> allpolys isnpoly (tmmul t c)" by (induct t rule: tmmul.induct, simp_all add: Let_def polymul_norm)
```
```   275
```
```   276 definition tmneg :: "tm \<Rightarrow> tm" where
```
```   277   "tmneg t \<equiv> tmmul t (C (- 1,1))"
```
```   278
```
```   279 definition tmsub :: "tm \<Rightarrow> tm \<Rightarrow> tm" where
```
```   280   "tmsub s t \<equiv> (if s = t then CP 0\<^sub>p else tmadd (s,tmneg t))"
```
```   281
```
```   282 lemma tmneg[simp]: "Itm vs bs (tmneg t) = Itm vs bs (Neg t)"
```
```   283 using tmneg_def[of t]
```
```   284 apply simp
```
```   285 apply (subst number_of_Min)
```
```   286 apply (simp only: of_int_minus)
```
```   287 apply simp
```
```   288 done
```
```   289
```
```   290 lemma tmneg_nb0[simp]: "tmbound0 t \<Longrightarrow> tmbound0 (tmneg t)"
```
```   291 using tmneg_def by simp
```
```   292
```
```   293 lemma tmneg_nb[simp]: "tmbound n t \<Longrightarrow> tmbound n (tmneg t)"
```
```   294 using tmneg_def by simp
```
```   295 lemma tmneg_blt[simp]: "tmboundslt n t \<Longrightarrow> tmboundslt n (tmneg t)"
```
```   296 using tmneg_def by simp
```
```   297 lemma [simp]: "isnpoly (C (-1,1))" unfolding isnpoly_def by simp
```
```   298 lemma tmneg_allpolys_npoly[simp]:
```
```   299   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero, field})"
```
```   300   shows "allpolys isnpoly t \<Longrightarrow> allpolys isnpoly (tmneg t)"
```
```   301   unfolding tmneg_def by auto
```
```   302
```
```   303 lemma tmsub[simp]: "Itm vs bs (tmsub a b) = Itm vs bs (Sub a b)"
```
```   304 using tmsub_def by simp
```
```   305
```
```   306 lemma tmsub_nb0[simp]: "\<lbrakk> tmbound0 t ; tmbound0 s\<rbrakk> \<Longrightarrow> tmbound0 (tmsub t s)"
```
```   307 using tmsub_def by simp
```
```   308 lemma tmsub_nb[simp]: "\<lbrakk> tmbound n t ; tmbound n s\<rbrakk> \<Longrightarrow> tmbound n (tmsub t s)"
```
```   309 using tmsub_def by simp
```
```   310 lemma tmsub_blt[simp]: "\<lbrakk>tmboundslt n t ; tmboundslt n s\<rbrakk> \<Longrightarrow> tmboundslt n (tmsub t s )"
```
```   311 using tmsub_def by simp
```
```   312 lemma tmsub_allpolys_npoly[simp]:
```
```   313   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero, field})"
```
```   314   shows "allpolys isnpoly t \<Longrightarrow> allpolys isnpoly s \<Longrightarrow> allpolys isnpoly (tmsub t s)"
```
```   315   unfolding tmsub_def by (simp add: isnpoly_def)
```
```   316
```
```   317 recdef simptm "measure size"
```
```   318   "simptm (CP j) = CP (polynate j)"
```
```   319   "simptm (Bound n) = CNP n 1\<^sub>p (CP 0\<^sub>p)"
```
```   320   "simptm (Neg t) = tmneg (simptm t)"
```
```   321   "simptm (Add t s) = tmadd (simptm t,simptm s)"
```
```   322   "simptm (Sub t s) = tmsub (simptm t) (simptm s)"
```
```   323   "simptm (Mul i t) = (let i' = polynate i in if i' = 0\<^sub>p then CP 0\<^sub>p else tmmul (simptm t) i')"
```
```   324   "simptm (CNP n c t) = (let c' = polynate c in if c' = 0\<^sub>p then simptm t else tmadd (CNP n c' (CP 0\<^sub>p ), simptm t))"
```
```   325
```
```   326 lemma polynate_stupid:
```
```   327   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero, field})"
```
```   328   shows "polynate t = 0\<^sub>p \<Longrightarrow> Ipoly bs t = (0::'a::{ring_char_0,division_by_zero, field})"
```
```   329 apply (subst polynate[symmetric])
```
```   330 apply simp
```
```   331 done
```
```   332
```
```   333 lemma simptm_ci[simp]: "Itm vs bs (simptm t) = Itm vs bs t"
```
```   334 by (induct t rule: simptm.induct, auto simp add: tmneg tmadd tmsub tmmul Let_def polynate_stupid)
```
```   335
```
```   336 lemma simptm_tmbound0[simp]:
```
```   337   "tmbound0 t \<Longrightarrow> tmbound0 (simptm t)"
```
```   338 by (induct t rule: simptm.induct, auto simp add: Let_def)
```
```   339
```
```   340 lemma simptm_nb[simp]: "tmbound n t \<Longrightarrow> tmbound n (simptm t)"
```
```   341 by (induct t rule: simptm.induct, auto simp add: Let_def)
```
```   342 lemma simptm_nlt[simp]: "tmboundslt n t \<Longrightarrow> tmboundslt n (simptm t)"
```
```   343 by (induct t rule: simptm.induct, auto simp add: Let_def)
```
```   344
```
```   345 lemma [simp]: "isnpoly 0\<^sub>p" and [simp]: "isnpoly (C(1,1))"
```
```   346   by (simp_all add: isnpoly_def)
```
```   347 lemma simptm_allpolys_npoly[simp]:
```
```   348   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero, field})"
```
```   349   shows "allpolys isnpoly (simptm p)"
```
```   350   by (induct p rule: simptm.induct, auto simp add: Let_def)
```
```   351
```
```   352 consts split0 :: "tm \<Rightarrow> (poly \<times> tm)"
```
```   353 recdef split0 "measure tmsize"
```
```   354   "split0 (Bound 0) = (1\<^sub>p, CP 0\<^sub>p)"
```
```   355   "split0 (CNP 0 c t) = (let (c',t') = split0 t in (c +\<^sub>p c',t'))"
```
```   356   "split0 (Neg t) = (let (c,t') = split0 t in (~\<^sub>p c,Neg t'))"
```
```   357   "split0 (CNP n c t) = (let (c',t') = split0 t in (c',CNP n c t'))"
```
```   358   "split0 (Add s t) = (let (c1,s') = split0 s ; (c2,t') = split0 t in (c1 +\<^sub>p c2, Add s' t'))"
```
```   359   "split0 (Sub s t) = (let (c1,s') = split0 s ; (c2,t') = split0 t in (c1 -\<^sub>p c2, Sub s' t'))"
```
```   360   "split0 (Mul c t) = (let (c',t') = split0 t in (c *\<^sub>p c', Mul c t'))"
```
```   361   "split0 t = (0\<^sub>p, t)"
```
```   362
```
```   363 lemma split0_stupid[simp]: "\<exists>x y. (x,y) = split0 p"
```
```   364   apply (rule exI[where x="fst (split0 p)"])
```
```   365   apply (rule exI[where x="snd (split0 p)"])
```
```   366   by simp
```
```   367
```
```   368 lemma split0:
```
```   369   "tmbound 0 (snd (split0 t)) \<and> (Itm vs bs (CNP 0 (fst (split0 t)) (snd (split0 t))) = Itm vs bs t)"
```
```   370   apply (induct t rule: split0.induct)
```
```   371   apply simp
```
```   372   apply (simp add: Let_def split_def ring_simps)
```
```   373   apply (simp add: Let_def split_def ring_simps)
```
```   374   apply (simp add: Let_def split_def ring_simps)
```
```   375   apply (simp add: Let_def split_def ring_simps)
```
```   376   apply (simp add: Let_def split_def ring_simps)
```
```   377   apply (simp add: Let_def split_def mult_assoc right_distrib[symmetric])
```
```   378   apply (simp add: Let_def split_def ring_simps)
```
```   379   apply (simp add: Let_def split_def ring_simps)
```
```   380   done
```
```   381
```
```   382 lemma split0_ci: "split0 t = (c',t') \<Longrightarrow> Itm vs bs t = Itm vs bs (CNP 0 c' t')"
```
```   383 proof-
```
```   384   fix c' t'
```
```   385   assume "split0 t = (c', t')" hence "c' = fst (split0 t)" and "t' = snd (split0 t)" by auto
```
```   386   with split0[where t="t" and bs="bs"] show "Itm vs bs t = Itm vs bs (CNP 0 c' t')" by simp
```
```   387 qed
```
```   388
```
```   389 lemma split0_nb0:
```
```   390   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero, field})"
```
```   391   shows "split0 t = (c',t') \<Longrightarrow>  tmbound 0 t'"
```
```   392 proof-
```
```   393   fix c' t'
```
```   394   assume "split0 t = (c', t')" hence "c' = fst (split0 t)" and "t' = snd (split0 t)" by auto
```
```   395   with conjunct1[OF split0[where t="t"]] show "tmbound 0 t'" by simp
```
```   396 qed
```
```   397
```
```   398 lemma split0_nb0'[simp]:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero, field})"
```
```   399   shows "tmbound0 (snd (split0 t))"
```
```   400   using split0_nb0[of t "fst (split0 t)" "snd (split0 t)"] by (simp add: tmbound0_tmbound_iff)
```
```   401
```
```   402
```
```   403 lemma split0_nb: assumes nb:"tmbound n t" shows "tmbound n (snd (split0 t))"
```
```   404   using nb by (induct t rule: split0.induct, auto simp add: Let_def split_def split0_stupid)
```
```   405
```
```   406 lemma split0_blt: assumes nb:"tmboundslt n t" shows "tmboundslt n (snd (split0 t))"
```
```   407   using nb by (induct t rule: split0.induct, auto simp add: Let_def split_def split0_stupid)
```
```   408
```
```   409 lemma tmbound_split0: "tmbound 0 t \<Longrightarrow> Ipoly vs (fst(split0 t)) = 0"
```
```   410  by (induct t rule: split0.induct, auto simp add: Let_def split_def split0_stupid)
```
```   411
```
```   412 lemma tmboundslt_split0: "tmboundslt n t \<Longrightarrow> Ipoly vs (fst(split0 t)) = 0 \<or> n > 0"
```
```   413 by (induct t rule: split0.induct, auto simp add: Let_def split_def split0_stupid)
```
```   414
```
```   415 lemma tmboundslt0_split0: "tmboundslt 0 t \<Longrightarrow> Ipoly vs (fst(split0 t)) = 0"
```
```   416  by (induct t rule: split0.induct, auto simp add: Let_def split_def split0_stupid)
```
```   417
```
```   418 lemma allpolys_split0: "allpolys isnpoly p \<Longrightarrow> allpolys isnpoly (snd (split0 p))"
```
```   419 by (induct p rule: split0.induct, auto simp  add: isnpoly_def Let_def split_def split0_stupid)
```
```   420
```
```   421 lemma isnpoly_fst_split0:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero, field})"
```
```   422   shows
```
```   423   "allpolys isnpoly p \<Longrightarrow> isnpoly (fst (split0 p))"
```
```   424   by (induct p rule: split0.induct,
```
```   425     auto simp  add: polyadd_norm polysub_norm polyneg_norm polymul_norm
```
```   426     Let_def split_def split0_stupid)
```
```   427
```
```   428 subsection{* Formulae *}
```
```   429
```
```   430 datatype fm  =  T| F| Le tm | Lt tm | Eq tm | NEq tm|
```
```   431   NOT fm| And fm fm|  Or fm fm| Imp fm fm| Iff fm fm| E fm| A fm
```
```   432
```
```   433
```
```   434   (* A size for fm *)
```
```   435 consts fmsize :: "fm \<Rightarrow> nat"
```
```   436 recdef fmsize "measure size"
```
```   437   "fmsize (NOT p) = 1 + fmsize p"
```
```   438   "fmsize (And p q) = 1 + fmsize p + fmsize q"
```
```   439   "fmsize (Or p q) = 1 + fmsize p + fmsize q"
```
```   440   "fmsize (Imp p q) = 3 + fmsize p + fmsize q"
```
```   441   "fmsize (Iff p q) = 3 + 2*(fmsize p + fmsize q)"
```
```   442   "fmsize (E p) = 1 + fmsize p"
```
```   443   "fmsize (A p) = 4+ fmsize p"
```
```   444   "fmsize p = 1"
```
```   445   (* several lemmas about fmsize *)
```
```   446 lemma fmsize_pos: "fmsize p > 0"
```
```   447 by (induct p rule: fmsize.induct) simp_all
```
```   448
```
```   449   (* Semantics of formulae (fm) *)
```
```   450 consts Ifm ::"'a::{division_by_zero,linordered_field} list \<Rightarrow> 'a list \<Rightarrow> fm \<Rightarrow> bool"
```
```   451 primrec
```
```   452   "Ifm vs bs T = True"
```
```   453   "Ifm vs bs F = False"
```
```   454   "Ifm vs bs (Lt a) = (Itm vs bs a < 0)"
```
```   455   "Ifm vs bs (Le a) = (Itm vs bs a \<le> 0)"
```
```   456   "Ifm vs bs (Eq a) = (Itm vs bs a = 0)"
```
```   457   "Ifm vs bs (NEq a) = (Itm vs bs a \<noteq> 0)"
```
```   458   "Ifm vs bs (NOT p) = (\<not> (Ifm vs bs p))"
```
```   459   "Ifm vs bs (And p q) = (Ifm vs bs p \<and> Ifm vs bs q)"
```
```   460   "Ifm vs bs (Or p q) = (Ifm vs bs p \<or> Ifm vs bs q)"
```
```   461   "Ifm vs bs (Imp p q) = ((Ifm vs bs p) \<longrightarrow> (Ifm vs bs q))"
```
```   462   "Ifm vs bs (Iff p q) = (Ifm vs bs p = Ifm vs bs q)"
```
```   463   "Ifm vs bs (E p) = (\<exists> x. Ifm vs (x#bs) p)"
```
```   464   "Ifm vs bs (A p) = (\<forall> x. Ifm vs (x#bs) p)"
```
```   465
```
```   466 consts not:: "fm \<Rightarrow> fm"
```
```   467 recdef not "measure size"
```
```   468   "not (NOT (NOT p)) = not p"
```
```   469   "not (NOT p) = p"
```
```   470   "not T = F"
```
```   471   "not F = T"
```
```   472   "not (Lt t) = Le (tmneg t)"
```
```   473   "not (Le t) = Lt (tmneg t)"
```
```   474   "not (Eq t) = NEq t"
```
```   475   "not (NEq t) = Eq t"
```
```   476   "not p = NOT p"
```
```   477 lemma not[simp]: "Ifm vs bs (not p) = Ifm vs bs (NOT p)"
```
```   478 by (induct p rule: not.induct) auto
```
```   479
```
```   480 definition conj :: "fm \<Rightarrow> fm \<Rightarrow> fm" where
```
```   481   "conj p q \<equiv> (if (p = F \<or> q=F) then F else if p=T then q else if q=T then p else
```
```   482    if p = q then p else And p q)"
```
```   483 lemma conj[simp]: "Ifm vs bs (conj p q) = Ifm vs bs (And p q)"
```
```   484 by (cases "p=F \<or> q=F",simp_all add: conj_def) (cases p,simp_all)
```
```   485
```
```   486 definition disj :: "fm \<Rightarrow> fm \<Rightarrow> fm" where
```
```   487   "disj p q \<equiv> (if (p = T \<or> q=T) then T else if p=F then q else if q=F then p
```
```   488        else if p=q then p else Or p q)"
```
```   489
```
```   490 lemma disj[simp]: "Ifm vs bs (disj p q) = Ifm vs bs (Or p q)"
```
```   491 by (cases "p=T \<or> q=T",simp_all add: disj_def) (cases p,simp_all)
```
```   492
```
```   493 definition imp :: "fm \<Rightarrow> fm \<Rightarrow> fm" where
```
```   494   "imp p q \<equiv> (if (p = F \<or> q=T \<or> p=q) then T else if p=T then q else if q=F then not p
```
```   495     else Imp p q)"
```
```   496 lemma imp[simp]: "Ifm vs bs (imp p q) = Ifm vs bs (Imp p q)"
```
```   497 by (cases "p=F \<or> q=T",simp_all add: imp_def)
```
```   498
```
```   499 definition iff :: "fm \<Rightarrow> fm \<Rightarrow> fm" where
```
```   500   "iff p q \<equiv> (if (p = q) then T else if (p = NOT q \<or> NOT p = q) then F else
```
```   501        if p=F then not q else if q=F then not p else if p=T then q else if q=T then p else
```
```   502   Iff p q)"
```
```   503 lemma iff[simp]: "Ifm vs bs (iff p q) = Ifm vs bs (Iff p q)"
```
```   504   by (unfold iff_def,cases "p=q", simp,cases "p=NOT q", simp) (cases "NOT p= q", auto)
```
```   505   (* Quantifier freeness *)
```
```   506 consts qfree:: "fm \<Rightarrow> bool"
```
```   507 recdef qfree "measure size"
```
```   508   "qfree (E p) = False"
```
```   509   "qfree (A p) = False"
```
```   510   "qfree (NOT p) = qfree p"
```
```   511   "qfree (And p q) = (qfree p \<and> qfree q)"
```
```   512   "qfree (Or  p q) = (qfree p \<and> qfree q)"
```
```   513   "qfree (Imp p q) = (qfree p \<and> qfree q)"
```
```   514   "qfree (Iff p q) = (qfree p \<and> qfree q)"
```
```   515   "qfree p = True"
```
```   516
```
```   517   (* Boundedness and substitution *)
```
```   518
```
```   519 consts boundslt :: "nat \<Rightarrow> fm \<Rightarrow> bool"
```
```   520 primrec
```
```   521   "boundslt n T = True"
```
```   522   "boundslt n F = True"
```
```   523   "boundslt n (Lt t) = (tmboundslt n t)"
```
```   524   "boundslt n (Le t) = (tmboundslt n t)"
```
```   525   "boundslt n (Eq t) = (tmboundslt n t)"
```
```   526   "boundslt n (NEq t) = (tmboundslt n t)"
```
```   527   "boundslt n (NOT p) = boundslt n p"
```
```   528   "boundslt n (And p q) = (boundslt n p \<and> boundslt n q)"
```
```   529   "boundslt n (Or p q) = (boundslt n p \<and> boundslt n q)"
```
```   530   "boundslt n (Imp p q) = ((boundslt n p) \<and> (boundslt n q))"
```
```   531   "boundslt n (Iff p q) = (boundslt n p \<and> boundslt n q)"
```
```   532   "boundslt n (E p) = boundslt (Suc n) p"
```
```   533   "boundslt n (A p) = boundslt (Suc n) p"
```
```   534
```
```   535 consts
```
```   536   bound0:: "fm \<Rightarrow> bool" (* A Formula is independent of Bound 0 *)
```
```   537   bound:: "nat \<Rightarrow> fm \<Rightarrow> bool" (* A Formula is independent of Bound n *)
```
```   538   decr0 :: "fm \<Rightarrow> fm"
```
```   539   decr :: "nat \<Rightarrow> fm \<Rightarrow> fm"
```
```   540 recdef bound0 "measure size"
```
```   541   "bound0 T = True"
```
```   542   "bound0 F = True"
```
```   543   "bound0 (Lt a) = tmbound0 a"
```
```   544   "bound0 (Le a) = tmbound0 a"
```
```   545   "bound0 (Eq a) = tmbound0 a"
```
```   546   "bound0 (NEq a) = tmbound0 a"
```
```   547   "bound0 (NOT p) = bound0 p"
```
```   548   "bound0 (And p q) = (bound0 p \<and> bound0 q)"
```
```   549   "bound0 (Or p q) = (bound0 p \<and> bound0 q)"
```
```   550   "bound0 (Imp p q) = ((bound0 p) \<and> (bound0 q))"
```
```   551   "bound0 (Iff p q) = (bound0 p \<and> bound0 q)"
```
```   552   "bound0 p = False"
```
```   553 lemma bound0_I:
```
```   554   assumes bp: "bound0 p"
```
```   555   shows "Ifm vs (b#bs) p = Ifm vs (b'#bs) p"
```
```   556 using bp tmbound0_I[where b="b" and bs="bs" and b'="b'"]
```
```   557 by (induct p rule: bound0.induct,auto simp add: nth_pos2)
```
```   558
```
```   559 primrec
```
```   560   "bound m T = True"
```
```   561   "bound m F = True"
```
```   562   "bound m (Lt t) = tmbound m t"
```
```   563   "bound m (Le t) = tmbound m t"
```
```   564   "bound m (Eq t) = tmbound m t"
```
```   565   "bound m (NEq t) = tmbound m t"
```
```   566   "bound m (NOT p) = bound m p"
```
```   567   "bound m (And p q) = (bound m p \<and> bound m q)"
```
```   568   "bound m (Or p q) = (bound m p \<and> bound m q)"
```
```   569   "bound m (Imp p q) = ((bound m p) \<and> (bound m q))"
```
```   570   "bound m (Iff p q) = (bound m p \<and> bound m q)"
```
```   571   "bound m (E p) = bound (Suc m) p"
```
```   572   "bound m (A p) = bound (Suc m) p"
```
```   573
```
```   574 lemma bound_I:
```
```   575   assumes bnd: "boundslt (length bs) p" and nb: "bound n p" and le: "n \<le> length bs"
```
```   576   shows "Ifm vs (bs[n:=x]) p = Ifm vs bs p"
```
```   577   using bnd nb le tmbound_I[where bs=bs and vs = vs]
```
```   578 proof(induct p arbitrary: bs n rule: bound.induct)
```
```   579   case (E p bs n)
```
```   580   {fix y
```
```   581     from prems have bnd: "boundslt (length (y#bs)) p"
```
```   582       and nb: "bound (Suc n) p" and le: "Suc n \<le> length (y#bs)" by simp+
```
```   583     from E.hyps[OF bnd nb le tmbound_I] have "Ifm vs ((y#bs)[Suc n:=x]) p = Ifm vs (y#bs) p" .   }
```
```   584   thus ?case by simp
```
```   585 next
```
```   586   case (A p bs n) {fix y
```
```   587     from prems have bnd: "boundslt (length (y#bs)) p"
```
```   588       and nb: "bound (Suc n) p" and le: "Suc n \<le> length (y#bs)" by simp+
```
```   589     from A.hyps[OF bnd nb le tmbound_I] have "Ifm vs ((y#bs)[Suc n:=x]) p = Ifm vs (y#bs) p" .   }
```
```   590   thus ?case by simp
```
```   591 qed auto
```
```   592
```
```   593 recdef decr0 "measure size"
```
```   594   "decr0 (Lt a) = Lt (decrtm0 a)"
```
```   595   "decr0 (Le a) = Le (decrtm0 a)"
```
```   596   "decr0 (Eq a) = Eq (decrtm0 a)"
```
```   597   "decr0 (NEq a) = NEq (decrtm0 a)"
```
```   598   "decr0 (NOT p) = NOT (decr0 p)"
```
```   599   "decr0 (And p q) = conj (decr0 p) (decr0 q)"
```
```   600   "decr0 (Or p q) = disj (decr0 p) (decr0 q)"
```
```   601   "decr0 (Imp p q) = imp (decr0 p) (decr0 q)"
```
```   602   "decr0 (Iff p q) = iff (decr0 p) (decr0 q)"
```
```   603   "decr0 p = p"
```
```   604
```
```   605 lemma decr0: assumes nb: "bound0 p"
```
```   606   shows "Ifm vs (x#bs) p = Ifm vs bs (decr0 p)"
```
```   607   using nb
```
```   608   by (induct p rule: decr0.induct, simp_all add: decrtm0)
```
```   609
```
```   610 primrec
```
```   611   "decr m T = T"
```
```   612   "decr m F = F"
```
```   613   "decr m (Lt t) = (Lt (decrtm m t))"
```
```   614   "decr m (Le t) = (Le (decrtm m t))"
```
```   615   "decr m (Eq t) = (Eq (decrtm m t))"
```
```   616   "decr m (NEq t) = (NEq (decrtm m t))"
```
```   617   "decr m (NOT p) = NOT (decr m p)"
```
```   618   "decr m (And p q) = conj (decr m p) (decr m q)"
```
```   619   "decr m (Or p q) = disj (decr m p) (decr m q)"
```
```   620   "decr m (Imp p q) = imp (decr m p) (decr m q)"
```
```   621   "decr m (Iff p q) = iff (decr m p) (decr m q)"
```
```   622   "decr m (E p) = E (decr (Suc m) p)"
```
```   623   "decr m (A p) = A (decr (Suc m) p)"
```
```   624
```
```   625 lemma decr: assumes  bnd: "boundslt (length bs) p" and nb: "bound m p"
```
```   626   and nle: "m < length bs"
```
```   627   shows "Ifm vs (removen m bs) (decr m p) = Ifm vs bs p"
```
```   628   using bnd nb nle
```
```   629 proof(induct p arbitrary: bs m rule: decr.induct)
```
```   630   case (E p bs m)
```
```   631   {fix x
```
```   632     from prems have bnd: "boundslt (length (x#bs)) p" and nb: "bound (Suc m) p"
```
```   633   and nle: "Suc m < length (x#bs)" by auto
```
```   634     from prems(4)[OF bnd nb nle] have "Ifm vs (removen (Suc m) (x#bs)) (decr (Suc m) p) = Ifm vs (x#bs) p".
```
```   635   } thus ?case by auto
```
```   636 next
```
```   637   case (A p bs m)
```
```   638   {fix x
```
```   639     from prems have bnd: "boundslt (length (x#bs)) p" and nb: "bound (Suc m) p"
```
```   640   and nle: "Suc m < length (x#bs)" by auto
```
```   641     from prems(4)[OF bnd nb nle] have "Ifm vs (removen (Suc m) (x#bs)) (decr (Suc m) p) = Ifm vs (x#bs) p".
```
```   642   } thus ?case by auto
```
```   643 qed (auto simp add: decrtm removen_nth)
```
```   644
```
```   645 consts
```
```   646   subst0:: "tm \<Rightarrow> fm \<Rightarrow> fm"
```
```   647
```
```   648 primrec
```
```   649   "subst0 t T = T"
```
```   650   "subst0 t F = F"
```
```   651   "subst0 t (Lt a) = Lt (tmsubst0 t a)"
```
```   652   "subst0 t (Le a) = Le (tmsubst0 t a)"
```
```   653   "subst0 t (Eq a) = Eq (tmsubst0 t a)"
```
```   654   "subst0 t (NEq a) = NEq (tmsubst0 t a)"
```
```   655   "subst0 t (NOT p) = NOT (subst0 t p)"
```
```   656   "subst0 t (And p q) = And (subst0 t p) (subst0 t q)"
```
```   657   "subst0 t (Or p q) = Or (subst0 t p) (subst0 t q)"
```
```   658   "subst0 t (Imp p q) = Imp (subst0 t p)  (subst0 t q)"
```
```   659   "subst0 t (Iff p q) = Iff (subst0 t p) (subst0 t q)"
```
```   660   "subst0 t (E p) = E p"
```
```   661   "subst0 t (A p) = A p"
```
```   662
```
```   663 lemma subst0: assumes qf: "qfree p"
```
```   664   shows "Ifm vs (x#bs) (subst0 t p) = Ifm vs ((Itm vs (x#bs) t)#bs) p"
```
```   665 using qf tmsubst0[where x="x" and bs="bs" and t="t"]
```
```   666 by (induct p rule: subst0.induct, auto)
```
```   667
```
```   668 lemma subst0_nb:
```
```   669   assumes bp: "tmbound0 t" and qf: "qfree p"
```
```   670   shows "bound0 (subst0 t p)"
```
```   671 using qf tmsubst0_nb[OF bp] bp
```
```   672 by (induct p rule: subst0.induct, auto)
```
```   673
```
```   674 consts   subst:: "nat \<Rightarrow> tm \<Rightarrow> fm \<Rightarrow> fm"
```
```   675 primrec
```
```   676   "subst n t T = T"
```
```   677   "subst n t F = F"
```
```   678   "subst n t (Lt a) = Lt (tmsubst n t a)"
```
```   679   "subst n t (Le a) = Le (tmsubst n t a)"
```
```   680   "subst n t (Eq a) = Eq (tmsubst n t a)"
```
```   681   "subst n t (NEq a) = NEq (tmsubst n t a)"
```
```   682   "subst n t (NOT p) = NOT (subst n t p)"
```
```   683   "subst n t (And p q) = And (subst n t p) (subst n t q)"
```
```   684   "subst n t (Or p q) = Or (subst n t p) (subst n t q)"
```
```   685   "subst n t (Imp p q) = Imp (subst n t p)  (subst n t q)"
```
```   686   "subst n t (Iff p q) = Iff (subst n t p) (subst n t q)"
```
```   687   "subst n t (E p) = E (subst (Suc n) (incrtm0 t) p)"
```
```   688   "subst n t (A p) = A (subst (Suc n) (incrtm0 t) p)"
```
```   689
```
```   690 lemma subst: assumes nb: "boundslt (length bs) p" and nlm: "n \<le> length bs"
```
```   691   shows "Ifm vs bs (subst n t p) = Ifm vs (bs[n:= Itm vs bs t]) p"
```
```   692   using nb nlm
```
```   693 proof (induct p arbitrary: bs n t rule: subst0.induct)
```
```   694   case (E p bs n)
```
```   695   {fix x
```
```   696     from prems have bn: "boundslt (length (x#bs)) p" by simp
```
```   697       from prems have nlm: "Suc n \<le> length (x#bs)" by simp
```
```   698     from prems(3)[OF bn nlm] have "Ifm vs (x#bs) (subst (Suc n) (incrtm0 t) p) = Ifm vs ((x#bs)[Suc n:= Itm vs (x#bs) (incrtm0 t)]) p" by simp
```
```   699     hence "Ifm vs (x#bs) (subst (Suc n) (incrtm0 t) p) = Ifm vs (x#bs[n:= Itm vs bs t]) p"
```
```   700     by (simp add: incrtm0[where x="x" and bs="bs" and t="t"]) }
```
```   701 thus ?case by simp
```
```   702 next
```
```   703   case (A p bs n)
```
```   704   {fix x
```
```   705     from prems have bn: "boundslt (length (x#bs)) p" by simp
```
```   706       from prems have nlm: "Suc n \<le> length (x#bs)" by simp
```
```   707     from prems(3)[OF bn nlm] have "Ifm vs (x#bs) (subst (Suc n) (incrtm0 t) p) = Ifm vs ((x#bs)[Suc n:= Itm vs (x#bs) (incrtm0 t)]) p" by simp
```
```   708     hence "Ifm vs (x#bs) (subst (Suc n) (incrtm0 t) p) = Ifm vs (x#bs[n:= Itm vs bs t]) p"
```
```   709     by (simp add: incrtm0[where x="x" and bs="bs" and t="t"]) }
```
```   710 thus ?case by simp
```
```   711 qed(auto simp add: tmsubst)
```
```   712
```
```   713 lemma subst_nb: assumes tnb: "tmbound m t"
```
```   714 shows "bound m (subst m t p)"
```
```   715 using tnb tmsubst_nb incrtm0_tmbound
```
```   716 by (induct p arbitrary: m t rule: subst.induct, auto)
```
```   717
```
```   718 lemma not_qf[simp]: "qfree p \<Longrightarrow> qfree (not p)"
```
```   719 by (induct p rule: not.induct, auto)
```
```   720 lemma not_bn0[simp]: "bound0 p \<Longrightarrow> bound0 (not p)"
```
```   721 by (induct p rule: not.induct, auto)
```
```   722 lemma not_nb[simp]: "bound n p \<Longrightarrow> bound n (not p)"
```
```   723 by (induct p rule: not.induct, auto)
```
```   724 lemma not_blt[simp]: "boundslt n p \<Longrightarrow> boundslt n (not p)"
```
```   725  by (induct p rule: not.induct, auto)
```
```   726
```
```   727 lemma conj_qf[simp]: "\<lbrakk>qfree p ; qfree q\<rbrakk> \<Longrightarrow> qfree (conj p q)"
```
```   728 using conj_def by auto
```
```   729 lemma conj_nb0[simp]: "\<lbrakk>bound0 p ; bound0 q\<rbrakk> \<Longrightarrow> bound0 (conj p q)"
```
```   730 using conj_def by auto
```
```   731 lemma conj_nb[simp]: "\<lbrakk>bound n p ; bound n q\<rbrakk> \<Longrightarrow> bound n (conj p q)"
```
```   732 using conj_def by auto
```
```   733 lemma conj_blt[simp]: "boundslt n p \<Longrightarrow> boundslt n q \<Longrightarrow> boundslt n (conj p q)"
```
```   734 using conj_def by auto
```
```   735
```
```   736 lemma disj_qf[simp]: "\<lbrakk>qfree p ; qfree q\<rbrakk> \<Longrightarrow> qfree (disj p q)"
```
```   737 using disj_def by auto
```
```   738 lemma disj_nb0[simp]: "\<lbrakk>bound0 p ; bound0 q\<rbrakk> \<Longrightarrow> bound0 (disj p q)"
```
```   739 using disj_def by auto
```
```   740 lemma disj_nb[simp]: "\<lbrakk>bound n p ; bound n q\<rbrakk> \<Longrightarrow> bound n (disj p q)"
```
```   741 using disj_def by auto
```
```   742 lemma disj_blt[simp]: "boundslt n p \<Longrightarrow> boundslt n q \<Longrightarrow> boundslt n (disj p q)"
```
```   743 using disj_def by auto
```
```   744
```
```   745 lemma imp_qf[simp]: "\<lbrakk>qfree p ; qfree q\<rbrakk> \<Longrightarrow> qfree (imp p q)"
```
```   746 using imp_def by (cases "p=F \<or> q=T",simp_all add: imp_def)
```
```   747 lemma imp_nb0[simp]: "\<lbrakk>bound0 p ; bound0 q\<rbrakk> \<Longrightarrow> bound0 (imp p q)"
```
```   748 using imp_def by (cases "p=F \<or> q=T \<or> p=q",simp_all add: imp_def)
```
```   749 lemma imp_nb[simp]: "\<lbrakk>bound n p ; bound n q\<rbrakk> \<Longrightarrow> bound n (imp p q)"
```
```   750 using imp_def by (cases "p=F \<or> q=T \<or> p=q",simp_all add: imp_def)
```
```   751 lemma imp_blt[simp]: "boundslt n p \<Longrightarrow> boundslt n q \<Longrightarrow> boundslt n (imp p q)"
```
```   752 using imp_def by auto
```
```   753
```
```   754 lemma iff_qf[simp]: "\<lbrakk>qfree p ; qfree q\<rbrakk> \<Longrightarrow> qfree (iff p q)"
```
```   755   by (unfold iff_def,cases "p=q", auto)
```
```   756 lemma iff_nb0[simp]: "\<lbrakk>bound0 p ; bound0 q\<rbrakk> \<Longrightarrow> bound0 (iff p q)"
```
```   757 using iff_def by (unfold iff_def,cases "p=q", auto)
```
```   758 lemma iff_nb[simp]: "\<lbrakk>bound n p ; bound n q\<rbrakk> \<Longrightarrow> bound n (iff p q)"
```
```   759 using iff_def by (unfold iff_def,cases "p=q", auto)
```
```   760 lemma iff_blt[simp]: "boundslt n p \<Longrightarrow> boundslt n q \<Longrightarrow> boundslt n (iff p q)"
```
```   761 using iff_def by auto
```
```   762 lemma decr0_qf: "bound0 p \<Longrightarrow> qfree (decr0 p)"
```
```   763 by (induct p, simp_all)
```
```   764
```
```   765 consts
```
```   766   isatom :: "fm \<Rightarrow> bool" (* test for atomicity *)
```
```   767 recdef isatom "measure size"
```
```   768   "isatom T = True"
```
```   769   "isatom F = True"
```
```   770   "isatom (Lt a) = True"
```
```   771   "isatom (Le a) = True"
```
```   772   "isatom (Eq a) = True"
```
```   773   "isatom (NEq a) = True"
```
```   774   "isatom p = False"
```
```   775
```
```   776 lemma bound0_qf: "bound0 p \<Longrightarrow> qfree p"
```
```   777 by (induct p, simp_all)
```
```   778
```
```   779 definition djf :: "('a \<Rightarrow> fm) \<Rightarrow> 'a \<Rightarrow> fm \<Rightarrow> fm" where
```
```   780   "djf f p q \<equiv> (if q=T then T else if q=F then f p else
```
```   781   (let fp = f p in case fp of T \<Rightarrow> T | F \<Rightarrow> q | _ \<Rightarrow> Or (f p) q))"
```
```   782 definition evaldjf :: "('a \<Rightarrow> fm) \<Rightarrow> 'a list \<Rightarrow> fm" where
```
```   783   "evaldjf f ps \<equiv> foldr (djf f) ps F"
```
```   784
```
```   785 lemma djf_Or: "Ifm vs bs (djf f p q) = Ifm vs bs (Or (f p) q)"
```
```   786 by (cases "q=T", simp add: djf_def,cases "q=F",simp add: djf_def)
```
```   787 (cases "f p", simp_all add: Let_def djf_def)
```
```   788
```
```   789 lemma evaldjf_ex: "Ifm vs bs (evaldjf f ps) = (\<exists> p \<in> set ps. Ifm vs bs (f p))"
```
```   790   by(induct ps, simp_all add: evaldjf_def djf_Or)
```
```   791
```
```   792 lemma evaldjf_bound0:
```
```   793   assumes nb: "\<forall> x\<in> set xs. bound0 (f x)"
```
```   794   shows "bound0 (evaldjf f xs)"
```
```   795   using nb by (induct xs, auto simp add: evaldjf_def djf_def Let_def) (case_tac "f a", auto)
```
```   796
```
```   797 lemma evaldjf_qf:
```
```   798   assumes nb: "\<forall> x\<in> set xs. qfree (f x)"
```
```   799   shows "qfree (evaldjf f xs)"
```
```   800   using nb by (induct xs, auto simp add: evaldjf_def djf_def Let_def) (case_tac "f a", auto)
```
```   801
```
```   802 consts disjuncts :: "fm \<Rightarrow> fm list"
```
```   803 recdef disjuncts "measure size"
```
```   804   "disjuncts (Or p q) = (disjuncts p) @ (disjuncts q)"
```
```   805   "disjuncts F = []"
```
```   806   "disjuncts p = [p]"
```
```   807
```
```   808 lemma disjuncts: "(\<exists> q\<in> set (disjuncts p). Ifm vs bs q) = Ifm vs bs p"
```
```   809 by(induct p rule: disjuncts.induct, auto)
```
```   810
```
```   811 lemma disjuncts_nb: "bound0 p \<Longrightarrow> \<forall> q\<in> set (disjuncts p). bound0 q"
```
```   812 proof-
```
```   813   assume nb: "bound0 p"
```
```   814   hence "list_all bound0 (disjuncts p)" by (induct p rule:disjuncts.induct,auto)
```
```   815   thus ?thesis by (simp only: list_all_iff)
```
```   816 qed
```
```   817
```
```   818 lemma disjuncts_qf: "qfree p \<Longrightarrow> \<forall> q\<in> set (disjuncts p). qfree q"
```
```   819 proof-
```
```   820   assume qf: "qfree p"
```
```   821   hence "list_all qfree (disjuncts p)"
```
```   822     by (induct p rule: disjuncts.induct, auto)
```
```   823   thus ?thesis by (simp only: list_all_iff)
```
```   824 qed
```
```   825
```
```   826 definition DJ :: "(fm \<Rightarrow> fm) \<Rightarrow> fm \<Rightarrow> fm" where
```
```   827   "DJ f p \<equiv> evaldjf f (disjuncts p)"
```
```   828
```
```   829 lemma DJ: assumes fdj: "\<forall> p q. Ifm vs bs (f (Or p q)) = Ifm vs bs (Or (f p) (f q))"
```
```   830   and fF: "f F = F"
```
```   831   shows "Ifm vs bs (DJ f p) = Ifm vs bs (f p)"
```
```   832 proof-
```
```   833   have "Ifm vs bs (DJ f p) = (\<exists> q \<in> set (disjuncts p). Ifm vs bs (f q))"
```
```   834     by (simp add: DJ_def evaldjf_ex)
```
```   835   also have "\<dots> = Ifm vs bs (f p)" using fdj fF by (induct p rule: disjuncts.induct, auto)
```
```   836   finally show ?thesis .
```
```   837 qed
```
```   838
```
```   839 lemma DJ_qf: assumes
```
```   840   fqf: "\<forall> p. qfree p \<longrightarrow> qfree (f p)"
```
```   841   shows "\<forall>p. qfree p \<longrightarrow> qfree (DJ f p) "
```
```   842 proof(clarify)
```
```   843   fix  p assume qf: "qfree p"
```
```   844   have th: "DJ f p = evaldjf f (disjuncts p)" by (simp add: DJ_def)
```
```   845   from disjuncts_qf[OF qf] have "\<forall> q\<in> set (disjuncts p). qfree q" .
```
```   846   with fqf have th':"\<forall> q\<in> set (disjuncts p). qfree (f q)" by blast
```
```   847
```
```   848   from evaldjf_qf[OF th'] th show "qfree (DJ f p)" by simp
```
```   849 qed
```
```   850
```
```   851 lemma DJ_qe: assumes qe: "\<forall> bs p. qfree p \<longrightarrow> qfree (qe p) \<and> (Ifm vs bs (qe p) = Ifm vs bs (E p))"
```
```   852   shows "\<forall> bs p. qfree p \<longrightarrow> qfree (DJ qe p) \<and> (Ifm vs bs ((DJ qe p)) = Ifm vs bs (E p))"
```
```   853 proof(clarify)
```
```   854   fix p::fm and bs
```
```   855   assume qf: "qfree p"
```
```   856   from qe have qth: "\<forall> p. qfree p \<longrightarrow> qfree (qe p)" by blast
```
```   857   from DJ_qf[OF qth] qf have qfth:"qfree (DJ qe p)" by auto
```
```   858   have "Ifm vs bs (DJ qe p) = (\<exists> q\<in> set (disjuncts p). Ifm vs bs (qe q))"
```
```   859     by (simp add: DJ_def evaldjf_ex)
```
```   860   also have "\<dots> = (\<exists> q \<in> set(disjuncts p). Ifm vs bs (E q))" using qe disjuncts_qf[OF qf] by auto
```
```   861   also have "\<dots> = Ifm vs bs (E p)" by (induct p rule: disjuncts.induct, auto)
```
```   862   finally show "qfree (DJ qe p) \<and> Ifm vs bs (DJ qe p) = Ifm vs bs (E p)" using qfth by blast
```
```   863 qed
```
```   864
```
```   865 consts conjuncts :: "fm \<Rightarrow> fm list"
```
```   866
```
```   867 recdef conjuncts "measure size"
```
```   868   "conjuncts (And p q) = (conjuncts p) @ (conjuncts q)"
```
```   869   "conjuncts T = []"
```
```   870   "conjuncts p = [p]"
```
```   871
```
```   872 definition list_conj :: "fm list \<Rightarrow> fm" where
```
```   873   "list_conj ps \<equiv> foldr conj ps T"
```
```   874
```
```   875 definition CJNB :: "(fm \<Rightarrow> fm) \<Rightarrow> fm \<Rightarrow> fm" where
```
```   876   "CJNB f p \<equiv> (let cjs = conjuncts p ; (yes,no) = partition bound0 cjs
```
```   877                    in conj (decr0 (list_conj yes)) (f (list_conj no)))"
```
```   878
```
```   879 lemma conjuncts_qf: "qfree p \<Longrightarrow> \<forall> q\<in> set (conjuncts p). qfree q"
```
```   880 proof-
```
```   881   assume qf: "qfree p"
```
```   882   hence "list_all qfree (conjuncts p)"
```
```   883     by (induct p rule: conjuncts.induct, auto)
```
```   884   thus ?thesis by (simp only: list_all_iff)
```
```   885 qed
```
```   886
```
```   887 lemma conjuncts: "(\<forall> q\<in> set (conjuncts p). Ifm vs bs q) = Ifm vs bs p"
```
```   888 by(induct p rule: conjuncts.induct, auto)
```
```   889
```
```   890 lemma conjuncts_nb: "bound0 p \<Longrightarrow> \<forall> q\<in> set (conjuncts p). bound0 q"
```
```   891 proof-
```
```   892   assume nb: "bound0 p"
```
```   893   hence "list_all bound0 (conjuncts p)" by (induct p rule:conjuncts.induct,auto)
```
```   894   thus ?thesis by (simp only: list_all_iff)
```
```   895 qed
```
```   896
```
```   897 fun islin :: "fm \<Rightarrow> bool" where
```
```   898   "islin (And p q) = (islin p \<and> islin q \<and> p \<noteq> T \<and> p \<noteq> F \<and> q \<noteq> T \<and> q \<noteq> F)"
```
```   899 | "islin (Or p q) = (islin p \<and> islin q \<and> p \<noteq> T \<and> p \<noteq> F \<and> q \<noteq> T \<and> q \<noteq> F)"
```
```   900 | "islin (Eq (CNP 0 c s)) = (isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s)"
```
```   901 | "islin (NEq (CNP 0 c s)) = (isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s)"
```
```   902 | "islin (Lt (CNP 0 c s)) = (isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s)"
```
```   903 | "islin (Le (CNP 0 c s)) = (isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s)"
```
```   904 | "islin (NOT p) = False"
```
```   905 | "islin (Imp p q) = False"
```
```   906 | "islin (Iff p q) = False"
```
```   907 | "islin p = bound0 p"
```
```   908
```
```   909 lemma islin_stupid: assumes nb: "tmbound0 p"
```
```   910   shows "islin (Lt p)" and "islin (Le p)" and "islin (Eq p)" and "islin (NEq p)"
```
```   911   using nb by (cases p, auto, case_tac nat, auto)+
```
```   912
```
```   913 definition "lt p = (case p of CP (C c) \<Rightarrow> if 0>\<^sub>N c then T else F| _ \<Rightarrow> Lt p)"
```
```   914 definition "le p = (case p of CP (C c) \<Rightarrow> if 0\<ge>\<^sub>N c then T else F | _ \<Rightarrow> Le p)"
```
```   915 definition "eq p = (case p of CP (C c) \<Rightarrow> if c = 0\<^sub>N then T else F | _ \<Rightarrow> Eq p)"
```
```   916 definition "neq p = not (eq p)"
```
```   917
```
```   918 lemma lt: "allpolys isnpoly p \<Longrightarrow> Ifm vs bs (lt p) = Ifm vs bs (Lt p)"
```
```   919   apply(simp add: lt_def)
```
```   920   apply(cases p, simp_all)
```
```   921   apply (case_tac poly, simp_all add: isnpoly_def)
```
```   922   done
```
```   923
```
```   924 lemma le: "allpolys isnpoly p \<Longrightarrow> Ifm vs bs (le p) = Ifm vs bs (Le p)"
```
```   925   apply(simp add: le_def)
```
```   926   apply(cases p, simp_all)
```
```   927   apply (case_tac poly, simp_all add: isnpoly_def)
```
```   928   done
```
```   929
```
```   930 lemma eq: "allpolys isnpoly p \<Longrightarrow> Ifm vs bs (eq p) = Ifm vs bs (Eq p)"
```
```   931   apply(simp add: eq_def)
```
```   932   apply(cases p, simp_all)
```
```   933   apply (case_tac poly, simp_all add: isnpoly_def)
```
```   934   done
```
```   935
```
```   936 lemma neq: "allpolys isnpoly p \<Longrightarrow> Ifm vs bs (neq p) = Ifm vs bs (NEq p)"
```
```   937   by(simp add: neq_def eq)
```
```   938
```
```   939 lemma lt_lin: "tmbound0 p \<Longrightarrow> islin (lt p)"
```
```   940   apply (simp add: lt_def)
```
```   941   apply (cases p, simp_all)
```
```   942   apply (case_tac poly, simp_all)
```
```   943   apply (case_tac nat, simp_all)
```
```   944   done
```
```   945
```
```   946 lemma le_lin: "tmbound0 p \<Longrightarrow> islin (le p)"
```
```   947   apply (simp add: le_def)
```
```   948   apply (cases p, simp_all)
```
```   949   apply (case_tac poly, simp_all)
```
```   950   apply (case_tac nat, simp_all)
```
```   951   done
```
```   952
```
```   953 lemma eq_lin: "tmbound0 p \<Longrightarrow> islin (eq p)"
```
```   954   apply (simp add: eq_def)
```
```   955   apply (cases p, simp_all)
```
```   956   apply (case_tac poly, simp_all)
```
```   957   apply (case_tac nat, simp_all)
```
```   958   done
```
```   959
```
```   960 lemma neq_lin: "tmbound0 p \<Longrightarrow> islin (neq p)"
```
```   961   apply (simp add: neq_def eq_def)
```
```   962   apply (cases p, simp_all)
```
```   963   apply (case_tac poly, simp_all)
```
```   964   apply (case_tac nat, simp_all)
```
```   965   done
```
```   966
```
```   967 definition "simplt t = (let (c,s) = split0 (simptm t) in if c= 0\<^sub>p then lt s else Lt (CNP 0 c s))"
```
```   968 definition "simple t = (let (c,s) = split0 (simptm t) in if c= 0\<^sub>p then le s else Le (CNP 0 c s))"
```
```   969 definition "simpeq t = (let (c,s) = split0 (simptm t) in if c= 0\<^sub>p then eq s else Eq (CNP 0 c s))"
```
```   970 definition "simpneq t = (let (c,s) = split0 (simptm t) in if c= 0\<^sub>p then neq s else NEq (CNP 0 c s))"
```
```   971
```
```   972 lemma simplt_islin[simp]:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
```
```   973   shows "islin (simplt t)"
```
```   974   unfolding simplt_def
```
```   975   using split0_nb0'
```
```   976 by (auto simp add: lt_lin Let_def split_def isnpoly_fst_split0[OF simptm_allpolys_npoly] islin_stupid allpolys_split0[OF simptm_allpolys_npoly])
```
```   977
```
```   978 lemma simple_islin[simp]:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
```
```   979   shows "islin (simple t)"
```
```   980   unfolding simple_def
```
```   981   using split0_nb0'
```
```   982 by (auto simp add: Let_def split_def isnpoly_fst_split0[OF simptm_allpolys_npoly] islin_stupid allpolys_split0[OF simptm_allpolys_npoly] le_lin)
```
```   983 lemma simpeq_islin[simp]:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
```
```   984   shows "islin (simpeq t)"
```
```   985   unfolding simpeq_def
```
```   986   using split0_nb0'
```
```   987 by (auto simp add: Let_def split_def isnpoly_fst_split0[OF simptm_allpolys_npoly] islin_stupid allpolys_split0[OF simptm_allpolys_npoly] eq_lin)
```
```   988
```
```   989 lemma simpneq_islin[simp]:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
```
```   990   shows "islin (simpneq t)"
```
```   991   unfolding simpneq_def
```
```   992   using split0_nb0'
```
```   993 by (auto simp add: Let_def split_def isnpoly_fst_split0[OF simptm_allpolys_npoly] islin_stupid allpolys_split0[OF simptm_allpolys_npoly] neq_lin)
```
```   994
```
```   995 lemma really_stupid: "\<not> (\<forall>c1 s'. (c1, s') \<noteq> split0 s)"
```
```   996   by (cases "split0 s", auto)
```
```   997 lemma split0_npoly:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
```
```   998   and n: "allpolys isnpoly t"
```
```   999   shows "isnpoly (fst (split0 t))" and "allpolys isnpoly (snd (split0 t))"
```
```  1000   using n
```
```  1001   by (induct t rule: split0.induct, auto simp add: Let_def split_def polyadd_norm polymul_norm polyneg_norm polysub_norm really_stupid)
```
```  1002 lemma simplt[simp]:
```
```  1003   shows "Ifm vs bs (simplt t) = Ifm vs bs (Lt t)"
```
```  1004 proof-
```
```  1005   have n: "allpolys isnpoly (simptm t)" by simp
```
```  1006   let ?t = "simptm t"
```
```  1007   {assume "fst (split0 ?t) = 0\<^sub>p" hence ?thesis
```
```  1008       using split0[of "simptm t" vs bs] lt[OF split0_npoly(2)[OF n], of vs bs]
```
```  1009       by (simp add: simplt_def Let_def split_def lt)}
```
```  1010   moreover
```
```  1011   {assume "fst (split0 ?t) \<noteq> 0\<^sub>p"
```
```  1012     hence ?thesis using  split0[of "simptm t" vs bs] by (simp add: simplt_def Let_def split_def)
```
```  1013   }
```
```  1014   ultimately show ?thesis by blast
```
```  1015 qed
```
```  1016
```
```  1017 lemma simple[simp]:
```
```  1018   shows "Ifm vs bs (simple t) = Ifm vs bs (Le t)"
```
```  1019 proof-
```
```  1020   have n: "allpolys isnpoly (simptm t)" by simp
```
```  1021   let ?t = "simptm t"
```
```  1022   {assume "fst (split0 ?t) = 0\<^sub>p" hence ?thesis
```
```  1023       using split0[of "simptm t" vs bs] le[OF split0_npoly(2)[OF n], of vs bs]
```
```  1024       by (simp add: simple_def Let_def split_def le)}
```
```  1025   moreover
```
```  1026   {assume "fst (split0 ?t) \<noteq> 0\<^sub>p"
```
```  1027     hence ?thesis using  split0[of "simptm t" vs bs] by (simp add: simple_def Let_def split_def)
```
```  1028   }
```
```  1029   ultimately show ?thesis by blast
```
```  1030 qed
```
```  1031
```
```  1032 lemma simpeq[simp]:
```
```  1033   shows "Ifm vs bs (simpeq t) = Ifm vs bs (Eq t)"
```
```  1034 proof-
```
```  1035   have n: "allpolys isnpoly (simptm t)" by simp
```
```  1036   let ?t = "simptm t"
```
```  1037   {assume "fst (split0 ?t) = 0\<^sub>p" hence ?thesis
```
```  1038       using split0[of "simptm t" vs bs] eq[OF split0_npoly(2)[OF n], of vs bs]
```
```  1039       by (simp add: simpeq_def Let_def split_def)}
```
```  1040   moreover
```
```  1041   {assume "fst (split0 ?t) \<noteq> 0\<^sub>p"
```
```  1042     hence ?thesis using  split0[of "simptm t" vs bs] by (simp add: simpeq_def Let_def split_def)
```
```  1043   }
```
```  1044   ultimately show ?thesis by blast
```
```  1045 qed
```
```  1046
```
```  1047 lemma simpneq[simp]:
```
```  1048   shows "Ifm vs bs (simpneq t) = Ifm vs bs (NEq t)"
```
```  1049 proof-
```
```  1050   have n: "allpolys isnpoly (simptm t)" by simp
```
```  1051   let ?t = "simptm t"
```
```  1052   {assume "fst (split0 ?t) = 0\<^sub>p" hence ?thesis
```
```  1053       using split0[of "simptm t" vs bs] neq[OF split0_npoly(2)[OF n], of vs bs]
```
```  1054       by (simp add: simpneq_def Let_def split_def )}
```
```  1055   moreover
```
```  1056   {assume "fst (split0 ?t) \<noteq> 0\<^sub>p"
```
```  1057     hence ?thesis using  split0[of "simptm t" vs bs] by (simp add: simpneq_def Let_def split_def)
```
```  1058   }
```
```  1059   ultimately show ?thesis by blast
```
```  1060 qed
```
```  1061
```
```  1062 lemma lt_nb: "tmbound0 t \<Longrightarrow> bound0 (lt t)"
```
```  1063   apply (simp add: lt_def)
```
```  1064   apply (cases t, auto)
```
```  1065   apply (case_tac poly, auto)
```
```  1066   done
```
```  1067
```
```  1068 lemma le_nb: "tmbound0 t \<Longrightarrow> bound0 (le t)"
```
```  1069   apply (simp add: le_def)
```
```  1070   apply (cases t, auto)
```
```  1071   apply (case_tac poly, auto)
```
```  1072   done
```
```  1073
```
```  1074 lemma eq_nb: "tmbound0 t \<Longrightarrow> bound0 (eq t)"
```
```  1075   apply (simp add: eq_def)
```
```  1076   apply (cases t, auto)
```
```  1077   apply (case_tac poly, auto)
```
```  1078   done
```
```  1079
```
```  1080 lemma neq_nb: "tmbound0 t \<Longrightarrow> bound0 (neq t)"
```
```  1081   apply (simp add: neq_def eq_def)
```
```  1082   apply (cases t, auto)
```
```  1083   apply (case_tac poly, auto)
```
```  1084   done
```
```  1085
```
```  1086 lemma simplt_nb[simp]:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
```
```  1087   shows "tmbound0 t \<Longrightarrow> bound0 (simplt t)"
```
```  1088   using split0 [of "simptm t" vs bs]
```
```  1089 proof(simp add: simplt_def Let_def split_def)
```
```  1090   assume nb: "tmbound0 t"
```
```  1091   hence nb': "tmbound0 (simptm t)" by simp
```
```  1092   let ?c = "fst (split0 (simptm t))"
```
```  1093   from tmbound_split0[OF nb'[unfolded tmbound0_tmbound_iff[symmetric]]]
```
```  1094   have th: "\<forall>bs. Ipoly bs ?c = Ipoly bs 0\<^sub>p" by auto
```
```  1095   from isnpoly_fst_split0[OF simptm_allpolys_npoly[of t]]
```
```  1096   have ths: "isnpolyh ?c 0" "isnpolyh 0\<^sub>p 0" by (simp_all add: isnpoly_def)
```
```  1097   from iffD1[OF isnpolyh_unique[OF ths] th]
```
```  1098   have "fst (split0 (simptm t)) = 0\<^sub>p" .
```
```  1099   thus "(fst (split0 (simptm t)) = 0\<^sub>p \<longrightarrow> bound0 (lt (snd (split0 (simptm t))))) \<and>
```
```  1100        fst (split0 (simptm t)) = 0\<^sub>p" by (simp add: simplt_def Let_def split_def lt_nb)
```
```  1101 qed
```
```  1102
```
```  1103 lemma simple_nb[simp]:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
```
```  1104   shows "tmbound0 t \<Longrightarrow> bound0 (simple t)"
```
```  1105   using split0 [of "simptm t" vs bs]
```
```  1106 proof(simp add: simple_def Let_def split_def)
```
```  1107   assume nb: "tmbound0 t"
```
```  1108   hence nb': "tmbound0 (simptm t)" by simp
```
```  1109   let ?c = "fst (split0 (simptm t))"
```
```  1110   from tmbound_split0[OF nb'[unfolded tmbound0_tmbound_iff[symmetric]]]
```
```  1111   have th: "\<forall>bs. Ipoly bs ?c = Ipoly bs 0\<^sub>p" by auto
```
```  1112   from isnpoly_fst_split0[OF simptm_allpolys_npoly[of t]]
```
```  1113   have ths: "isnpolyh ?c 0" "isnpolyh 0\<^sub>p 0" by (simp_all add: isnpoly_def)
```
```  1114   from iffD1[OF isnpolyh_unique[OF ths] th]
```
```  1115   have "fst (split0 (simptm t)) = 0\<^sub>p" .
```
```  1116   thus "(fst (split0 (simptm t)) = 0\<^sub>p \<longrightarrow> bound0 (le (snd (split0 (simptm t))))) \<and>
```
```  1117        fst (split0 (simptm t)) = 0\<^sub>p" by (simp add: simplt_def Let_def split_def le_nb)
```
```  1118 qed
```
```  1119
```
```  1120 lemma simpeq_nb[simp]:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
```
```  1121   shows "tmbound0 t \<Longrightarrow> bound0 (simpeq t)"
```
```  1122   using split0 [of "simptm t" vs bs]
```
```  1123 proof(simp add: simpeq_def Let_def split_def)
```
```  1124   assume nb: "tmbound0 t"
```
```  1125   hence nb': "tmbound0 (simptm t)" by simp
```
```  1126   let ?c = "fst (split0 (simptm t))"
```
```  1127   from tmbound_split0[OF nb'[unfolded tmbound0_tmbound_iff[symmetric]]]
```
```  1128   have th: "\<forall>bs. Ipoly bs ?c = Ipoly bs 0\<^sub>p" by auto
```
```  1129   from isnpoly_fst_split0[OF simptm_allpolys_npoly[of t]]
```
```  1130   have ths: "isnpolyh ?c 0" "isnpolyh 0\<^sub>p 0" by (simp_all add: isnpoly_def)
```
```  1131   from iffD1[OF isnpolyh_unique[OF ths] th]
```
```  1132   have "fst (split0 (simptm t)) = 0\<^sub>p" .
```
```  1133   thus "(fst (split0 (simptm t)) = 0\<^sub>p \<longrightarrow> bound0 (eq (snd (split0 (simptm t))))) \<and>
```
```  1134        fst (split0 (simptm t)) = 0\<^sub>p" by (simp add: simpeq_def Let_def split_def eq_nb)
```
```  1135 qed
```
```  1136
```
```  1137 lemma simpneq_nb[simp]:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
```
```  1138   shows "tmbound0 t \<Longrightarrow> bound0 (simpneq t)"
```
```  1139   using split0 [of "simptm t" vs bs]
```
```  1140 proof(simp add: simpneq_def Let_def split_def)
```
```  1141   assume nb: "tmbound0 t"
```
```  1142   hence nb': "tmbound0 (simptm t)" by simp
```
```  1143   let ?c = "fst (split0 (simptm t))"
```
```  1144   from tmbound_split0[OF nb'[unfolded tmbound0_tmbound_iff[symmetric]]]
```
```  1145   have th: "\<forall>bs. Ipoly bs ?c = Ipoly bs 0\<^sub>p" by auto
```
```  1146   from isnpoly_fst_split0[OF simptm_allpolys_npoly[of t]]
```
```  1147   have ths: "isnpolyh ?c 0" "isnpolyh 0\<^sub>p 0" by (simp_all add: isnpoly_def)
```
```  1148   from iffD1[OF isnpolyh_unique[OF ths] th]
```
```  1149   have "fst (split0 (simptm t)) = 0\<^sub>p" .
```
```  1150   thus "(fst (split0 (simptm t)) = 0\<^sub>p \<longrightarrow> bound0 (neq (snd (split0 (simptm t))))) \<and>
```
```  1151        fst (split0 (simptm t)) = 0\<^sub>p" by (simp add: simpneq_def Let_def split_def neq_nb)
```
```  1152 qed
```
```  1153
```
```  1154 consts conjs   :: "fm \<Rightarrow> fm list"
```
```  1155 recdef conjs "measure size"
```
```  1156   "conjs (And p q) = (conjs p)@(conjs q)"
```
```  1157   "conjs T = []"
```
```  1158   "conjs p = [p]"
```
```  1159 lemma conjs_ci: "(\<forall> q \<in> set (conjs p). Ifm vs bs q) = Ifm vs bs p"
```
```  1160 by (induct p rule: conjs.induct, auto)
```
```  1161 definition list_disj :: "fm list \<Rightarrow> fm" where
```
```  1162   "list_disj ps \<equiv> foldr disj ps F"
```
```  1163
```
```  1164 lemma list_conj: "Ifm vs bs (list_conj ps) = (\<forall>p\<in> set ps. Ifm vs bs p)"
```
```  1165   by (induct ps, auto simp add: list_conj_def)
```
```  1166 lemma list_conj_qf: " \<forall>p\<in> set ps. qfree p \<Longrightarrow> qfree (list_conj ps)"
```
```  1167   by (induct ps, auto simp add: list_conj_def conj_qf)
```
```  1168 lemma list_disj: "Ifm vs bs (list_disj ps) = (\<exists>p\<in> set ps. Ifm vs bs p)"
```
```  1169   by (induct ps, auto simp add: list_disj_def)
```
```  1170
```
```  1171 lemma conj_boundslt: "boundslt n p \<Longrightarrow> boundslt n q \<Longrightarrow> boundslt n (conj p q)"
```
```  1172   unfolding conj_def by auto
```
```  1173
```
```  1174 lemma conjs_nb: "bound n p \<Longrightarrow> \<forall>q\<in> set (conjs p). bound n q"
```
```  1175   apply (induct p rule: conjs.induct)
```
```  1176   apply (unfold conjs.simps)
```
```  1177   apply (unfold set_append)
```
```  1178   apply (unfold ball_Un)
```
```  1179   apply (unfold bound.simps)
```
```  1180   apply auto
```
```  1181   done
```
```  1182
```
```  1183 lemma conjs_boundslt: "boundslt n p \<Longrightarrow> \<forall>q\<in> set (conjs p). boundslt n q"
```
```  1184   apply (induct p rule: conjs.induct)
```
```  1185   apply (unfold conjs.simps)
```
```  1186   apply (unfold set_append)
```
```  1187   apply (unfold ball_Un)
```
```  1188   apply (unfold boundslt.simps)
```
```  1189   apply blast
```
```  1190 by simp_all
```
```  1191
```
```  1192 lemma list_conj_boundslt: " \<forall>p\<in> set ps. boundslt n p \<Longrightarrow> boundslt n (list_conj ps)"
```
```  1193   unfolding list_conj_def
```
```  1194   by (induct ps, auto simp add: conj_boundslt)
```
```  1195
```
```  1196 lemma list_conj_nb: assumes bnd: "\<forall>p\<in> set ps. bound n p"
```
```  1197   shows "bound n (list_conj ps)"
```
```  1198   using bnd
```
```  1199   unfolding list_conj_def
```
```  1200   by (induct ps, auto simp add: conj_nb)
```
```  1201
```
```  1202 lemma list_conj_nb': "\<forall>p\<in>set ps. bound0 p \<Longrightarrow> bound0 (list_conj ps)"
```
```  1203 unfolding list_conj_def by (induct ps , auto)
```
```  1204
```
```  1205 lemma CJNB_qe:
```
```  1206   assumes qe: "\<forall> bs p. qfree p \<longrightarrow> qfree (qe p) \<and> (Ifm vs bs (qe p) = Ifm vs bs (E p))"
```
```  1207   shows "\<forall> bs p. qfree p \<longrightarrow> qfree (CJNB qe p) \<and> (Ifm vs bs ((CJNB qe p)) = Ifm vs bs (E p))"
```
```  1208 proof(clarify)
```
```  1209   fix bs p
```
```  1210   assume qfp: "qfree p"
```
```  1211   let ?cjs = "conjuncts p"
```
```  1212   let ?yes = "fst (partition bound0 ?cjs)"
```
```  1213   let ?no = "snd (partition bound0 ?cjs)"
```
```  1214   let ?cno = "list_conj ?no"
```
```  1215   let ?cyes = "list_conj ?yes"
```
```  1216   have part: "partition bound0 ?cjs = (?yes,?no)" by simp
```
```  1217   from partition_P[OF part] have "\<forall> q\<in> set ?yes. bound0 q" by blast
```
```  1218   hence yes_nb: "bound0 ?cyes" by (simp add: list_conj_nb')
```
```  1219   hence yes_qf: "qfree (decr0 ?cyes )" by (simp add: decr0_qf)
```
```  1220   from conjuncts_qf[OF qfp] partition_set[OF part]
```
```  1221   have " \<forall>q\<in> set ?no. qfree q" by auto
```
```  1222   hence no_qf: "qfree ?cno"by (simp add: list_conj_qf)
```
```  1223   with qe have cno_qf:"qfree (qe ?cno )"
```
```  1224     and noE: "Ifm vs bs (qe ?cno) = Ifm vs bs (E ?cno)" by blast+
```
```  1225   from cno_qf yes_qf have qf: "qfree (CJNB qe p)"
```
```  1226     by (simp add: CJNB_def Let_def conj_qf split_def)
```
```  1227   {fix bs
```
```  1228     from conjuncts have "Ifm vs bs p = (\<forall>q\<in> set ?cjs. Ifm vs bs q)" by blast
```
```  1229     also have "\<dots> = ((\<forall>q\<in> set ?yes. Ifm vs bs q) \<and> (\<forall>q\<in> set ?no. Ifm vs bs q))"
```
```  1230       using partition_set[OF part] by auto
```
```  1231     finally have "Ifm vs bs p = ((Ifm vs bs ?cyes) \<and> (Ifm vs bs ?cno))" using list_conj[of vs bs] by simp}
```
```  1232   hence "Ifm vs bs (E p) = (\<exists>x. (Ifm vs (x#bs) ?cyes) \<and> (Ifm vs (x#bs) ?cno))" by simp
```
```  1233   also have "\<dots> = (\<exists>x. (Ifm vs (y#bs) ?cyes) \<and> (Ifm vs (x#bs) ?cno))"
```
```  1234     using bound0_I[OF yes_nb, where bs="bs" and b'="y"] by blast
```
```  1235   also have "\<dots> = (Ifm vs bs (decr0 ?cyes) \<and> Ifm vs bs (E ?cno))"
```
```  1236     by (auto simp add: decr0[OF yes_nb] simp del: partition_filter_conv)
```
```  1237   also have "\<dots> = (Ifm vs bs (conj (decr0 ?cyes) (qe ?cno)))"
```
```  1238     using qe[rule_format, OF no_qf] by auto
```
```  1239   finally have "Ifm vs bs (E p) = Ifm vs bs (CJNB qe p)"
```
```  1240     by (simp add: Let_def CJNB_def split_def)
```
```  1241   with qf show "qfree (CJNB qe p) \<and> Ifm vs bs (CJNB qe p) = Ifm vs bs (E p)" by blast
```
```  1242 qed
```
```  1243
```
```  1244 consts simpfm :: "fm \<Rightarrow> fm"
```
```  1245 recdef simpfm "measure fmsize"
```
```  1246   "simpfm (Lt t) = simplt (simptm t)"
```
```  1247   "simpfm (Le t) = simple (simptm t)"
```
```  1248   "simpfm (Eq t) = simpeq(simptm t)"
```
```  1249   "simpfm (NEq t) = simpneq(simptm t)"
```
```  1250   "simpfm (And p q) = conj (simpfm p) (simpfm q)"
```
```  1251   "simpfm (Or p q) = disj (simpfm p) (simpfm q)"
```
```  1252   "simpfm (Imp p q) = disj (simpfm (NOT p)) (simpfm q)"
```
```  1253   "simpfm (Iff p q) = disj (conj (simpfm p) (simpfm q)) (conj (simpfm (NOT p)) (simpfm (NOT q)))"
```
```  1254   "simpfm (NOT (And p q)) = disj (simpfm (NOT p)) (simpfm (NOT q))"
```
```  1255   "simpfm (NOT (Or p q)) = conj (simpfm (NOT p)) (simpfm (NOT q))"
```
```  1256   "simpfm (NOT (Imp p q)) = conj (simpfm p) (simpfm (NOT q))"
```
```  1257   "simpfm (NOT (Iff p q)) = disj (conj (simpfm p) (simpfm (NOT q))) (conj (simpfm (NOT p)) (simpfm q))"
```
```  1258   "simpfm (NOT (Eq t)) = simpneq t"
```
```  1259   "simpfm (NOT (NEq t)) = simpeq t"
```
```  1260   "simpfm (NOT (Le t)) = simplt (Neg t)"
```
```  1261   "simpfm (NOT (Lt t)) = simple (Neg t)"
```
```  1262   "simpfm (NOT (NOT p)) = simpfm p"
```
```  1263   "simpfm (NOT T) = F"
```
```  1264   "simpfm (NOT F) = T"
```
```  1265   "simpfm p = p"
```
```  1266
```
```  1267 lemma simpfm[simp]: "Ifm vs bs (simpfm p) = Ifm vs bs p"
```
```  1268 by(induct p arbitrary: bs rule: simpfm.induct, auto)
```
```  1269
```
```  1270 lemma simpfm_bound0:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
```
```  1271   shows "bound0 p \<Longrightarrow> bound0 (simpfm p)"
```
```  1272 by (induct p rule: simpfm.induct, auto)
```
```  1273
```
```  1274 lemma lt_qf[simp]: "qfree (lt t)"
```
```  1275   apply (cases t, auto simp add: lt_def)
```
```  1276   by (case_tac poly, auto)
```
```  1277
```
```  1278 lemma le_qf[simp]: "qfree (le t)"
```
```  1279   apply (cases t, auto simp add: le_def)
```
```  1280   by (case_tac poly, auto)
```
```  1281
```
```  1282 lemma eq_qf[simp]: "qfree (eq t)"
```
```  1283   apply (cases t, auto simp add: eq_def)
```
```  1284   by (case_tac poly, auto)
```
```  1285
```
```  1286 lemma neq_qf[simp]: "qfree (neq t)" by (simp add: neq_def)
```
```  1287
```
```  1288 lemma simplt_qf[simp]: "qfree (simplt t)" by (simp add: simplt_def Let_def split_def)
```
```  1289 lemma simple_qf[simp]: "qfree (simple t)" by (simp add: simple_def Let_def split_def)
```
```  1290 lemma simpeq_qf[simp]: "qfree (simpeq t)" by (simp add: simpeq_def Let_def split_def)
```
```  1291 lemma simpneq_qf[simp]: "qfree (simpneq t)" by (simp add: simpneq_def Let_def split_def)
```
```  1292
```
```  1293 lemma simpfm_qf[simp]: "qfree p \<Longrightarrow> qfree (simpfm p)"
```
```  1294 by (induct p rule: simpfm.induct, auto simp add: disj_qf imp_qf iff_qf conj_qf not_qf Let_def)
```
```  1295
```
```  1296 lemma disj_lin: "islin p \<Longrightarrow> islin q \<Longrightarrow> islin (disj p q)" by (simp add: disj_def)
```
```  1297 lemma conj_lin: "islin p \<Longrightarrow> islin q \<Longrightarrow> islin (conj p q)" by (simp add: conj_def)
```
```  1298
```
```  1299 lemma   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
```
```  1300   shows "qfree p \<Longrightarrow> islin (simpfm p)"
```
```  1301   apply (induct p rule: simpfm.induct)
```
```  1302   apply (simp_all add: conj_lin disj_lin)
```
```  1303   done
```
```  1304
```
```  1305 consts prep :: "fm \<Rightarrow> fm"
```
```  1306 recdef prep "measure fmsize"
```
```  1307   "prep (E T) = T"
```
```  1308   "prep (E F) = F"
```
```  1309   "prep (E (Or p q)) = disj (prep (E p)) (prep (E q))"
```
```  1310   "prep (E (Imp p q)) = disj (prep (E (NOT p))) (prep (E q))"
```
```  1311   "prep (E (Iff p q)) = disj (prep (E (And p q))) (prep (E (And (NOT p) (NOT q))))"
```
```  1312   "prep (E (NOT (And p q))) = disj (prep (E (NOT p))) (prep (E(NOT q)))"
```
```  1313   "prep (E (NOT (Imp p q))) = prep (E (And p (NOT q)))"
```
```  1314   "prep (E (NOT (Iff p q))) = disj (prep (E (And p (NOT q)))) (prep (E(And (NOT p) q)))"
```
```  1315   "prep (E p) = E (prep p)"
```
```  1316   "prep (A (And p q)) = conj (prep (A p)) (prep (A q))"
```
```  1317   "prep (A p) = prep (NOT (E (NOT p)))"
```
```  1318   "prep (NOT (NOT p)) = prep p"
```
```  1319   "prep (NOT (And p q)) = disj (prep (NOT p)) (prep (NOT q))"
```
```  1320   "prep (NOT (A p)) = prep (E (NOT p))"
```
```  1321   "prep (NOT (Or p q)) = conj (prep (NOT p)) (prep (NOT q))"
```
```  1322   "prep (NOT (Imp p q)) = conj (prep p) (prep (NOT q))"
```
```  1323   "prep (NOT (Iff p q)) = disj (prep (And p (NOT q))) (prep (And (NOT p) q))"
```
```  1324   "prep (NOT p) = not (prep p)"
```
```  1325   "prep (Or p q) = disj (prep p) (prep q)"
```
```  1326   "prep (And p q) = conj (prep p) (prep q)"
```
```  1327   "prep (Imp p q) = prep (Or (NOT p) q)"
```
```  1328   "prep (Iff p q) = disj (prep (And p q)) (prep (And (NOT p) (NOT q)))"
```
```  1329   "prep p = p"
```
```  1330 (hints simp add: fmsize_pos)
```
```  1331 lemma prep: "Ifm vs bs (prep p) = Ifm vs bs p"
```
```  1332 by (induct p arbitrary: bs rule: prep.induct, auto)
```
```  1333
```
```  1334
```
```  1335
```
```  1336   (* Generic quantifier elimination *)
```
```  1337 consts qelim :: "fm \<Rightarrow> (fm \<Rightarrow> fm) \<Rightarrow> fm"
```
```  1338 recdef qelim "measure fmsize"
```
```  1339   "qelim (E p) = (\<lambda> qe. DJ (CJNB qe) (qelim p qe))"
```
```  1340   "qelim (A p) = (\<lambda> qe. not (qe ((qelim (NOT p) qe))))"
```
```  1341   "qelim (NOT p) = (\<lambda> qe. not (qelim p qe))"
```
```  1342   "qelim (And p q) = (\<lambda> qe. conj (qelim p qe) (qelim q qe))"
```
```  1343   "qelim (Or  p q) = (\<lambda> qe. disj (qelim p qe) (qelim q qe))"
```
```  1344   "qelim (Imp p q) = (\<lambda> qe. imp (qelim p qe) (qelim q qe))"
```
```  1345   "qelim (Iff p q) = (\<lambda> qe. iff (qelim p qe) (qelim q qe))"
```
```  1346   "qelim p = (\<lambda> y. simpfm p)"
```
```  1347
```
```  1348
```
```  1349 lemma qelim:
```
```  1350   assumes qe_inv: "\<forall> bs p. qfree p \<longrightarrow> qfree (qe p) \<and> (Ifm vs bs (qe p) = Ifm vs bs (E p))"
```
```  1351   shows "\<And> bs. qfree (qelim p qe) \<and> (Ifm vs bs (qelim p qe) = Ifm vs bs p)"
```
```  1352 using qe_inv DJ_qe[OF CJNB_qe[OF qe_inv]]
```
```  1353 by (induct p rule: qelim.induct) auto
```
```  1354
```
```  1355 subsection{* Core Procedure *}
```
```  1356
```
```  1357 consts
```
```  1358   plusinf:: "fm \<Rightarrow> fm" (* Virtual substitution of +\<infinity>*)
```
```  1359   minusinf:: "fm \<Rightarrow> fm" (* Virtual substitution of -\<infinity>*)
```
```  1360 recdef minusinf "measure size"
```
```  1361   "minusinf (And p q) = conj (minusinf p) (minusinf q)"
```
```  1362   "minusinf (Or p q) = disj (minusinf p) (minusinf q)"
```
```  1363   "minusinf (Eq  (CNP 0 c e)) = conj (eq (CP c)) (eq e)"
```
```  1364   "minusinf (NEq (CNP 0 c e)) = disj (not (eq e)) (not (eq (CP c)))"
```
```  1365   "minusinf (Lt  (CNP 0 c e)) = disj (conj (eq (CP c)) (lt e)) (lt (CP (~\<^sub>p c)))"
```
```  1366   "minusinf (Le  (CNP 0 c e)) = disj (conj (eq (CP c)) (le e)) (lt (CP (~\<^sub>p c)))"
```
```  1367   "minusinf p = p"
```
```  1368
```
```  1369 recdef plusinf "measure size"
```
```  1370   "plusinf (And p q) = conj (plusinf p) (plusinf q)"
```
```  1371   "plusinf (Or p q) = disj (plusinf p) (plusinf q)"
```
```  1372   "plusinf (Eq  (CNP 0 c e)) = conj (eq (CP c)) (eq e)"
```
```  1373   "plusinf (NEq (CNP 0 c e)) = disj (not (eq e)) (not (eq (CP c)))"
```
```  1374   "plusinf (Lt  (CNP 0 c e)) = disj (conj (eq (CP c)) (lt e)) (lt (CP c))"
```
```  1375   "plusinf (Le  (CNP 0 c e)) = disj (conj (eq (CP c)) (le e)) (lt (CP c))"
```
```  1376   "plusinf p = p"
```
```  1377
```
```  1378 lemma minusinf_inf: assumes lp:"islin p"
```
```  1379   shows "\<exists>z. \<forall>x < z. Ifm vs (x#bs) (minusinf p) \<longleftrightarrow> Ifm vs (x#bs) p"
```
```  1380   using lp
```
```  1381 proof (induct p rule: minusinf.induct)
```
```  1382   case 1 thus ?case by (auto,rule_tac x="min z za" in exI, auto)
```
```  1383 next
```
```  1384   case 2 thus ?case by (auto,rule_tac x="min z za" in exI, auto)
```
```  1385 next
```
```  1386   case (3 c e) hence nbe: "tmbound0 e" by simp
```
```  1387   from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
```
```  1388   note eqs = eq[OF nc(1), where ?'a = 'a] eq[OF nc(2), where ?'a = 'a]
```
```  1389   let ?c = "Ipoly vs c"
```
```  1390   let ?e = "Itm vs (y#bs) e"
```
```  1391   have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
```
```  1392   moreover {assume "?c = 0" hence ?case
```
```  1393       using eq[OF nc(2), of vs] eq[OF nc(1), of vs] by auto}
```
```  1394   moreover {assume cp: "?c > 0"
```
```  1395     {fix x assume xz: "x < -?e / ?c" hence "?c * x < - ?e"
```
```  1396         using pos_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
```
```  1397       hence "?c * x + ?e < 0" by simp
```
```  1398       hence "Ifm vs (x#bs) (Eq (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (Eq (CNP 0 c e)))"
```
```  1399         using eqs tmbound0_I[OF nbe, where b="y" and b'="x" and vs=vs and bs=bs] by auto} hence ?case by auto}
```
```  1400   moreover {assume cp: "?c < 0"
```
```  1401     {fix x assume xz: "x < -?e / ?c" hence "?c * x > - ?e"
```
```  1402         using neg_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
```
```  1403       hence "?c * x + ?e > 0" by simp
```
```  1404       hence "Ifm vs (x#bs) (Eq (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (Eq (CNP 0 c e)))"
```
```  1405         using tmbound0_I[OF nbe, where b="y" and b'="x"] eqs by auto} hence ?case by auto}
```
```  1406   ultimately show ?case by blast
```
```  1407 next
```
```  1408   case (4 c e)  hence nbe: "tmbound0 e" by simp
```
```  1409   from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
```
```  1410   note eqs = eq[OF nc(1), where ?'a = 'a] eq[OF nc(2), where ?'a = 'a]
```
```  1411   let ?c = "Ipoly vs c"
```
```  1412   let ?e = "Itm vs (y#bs) e"
```
```  1413   have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
```
```  1414   moreover {assume "?c = 0" hence ?case using eqs by auto}
```
```  1415   moreover {assume cp: "?c > 0"
```
```  1416     {fix x assume xz: "x < -?e / ?c" hence "?c * x < - ?e"
```
```  1417         using pos_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
```
```  1418       hence "?c * x + ?e < 0" by simp
```
```  1419       hence "Ifm vs (x#bs) (NEq (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (NEq (CNP 0 c e)))"
```
```  1420         using eqs tmbound0_I[OF nbe, where b="y" and b'="x"] by auto} hence ?case by auto}
```
```  1421   moreover {assume cp: "?c < 0"
```
```  1422     {fix x assume xz: "x < -?e / ?c" hence "?c * x > - ?e"
```
```  1423         using neg_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
```
```  1424       hence "?c * x + ?e > 0" by simp
```
```  1425       hence "Ifm vs (x#bs) (NEq (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (NEq (CNP 0 c e)))"
```
```  1426         using eqs tmbound0_I[OF nbe, where b="y" and b'="x"] by auto} hence ?case by auto}
```
```  1427   ultimately show ?case by blast
```
```  1428 next
```
```  1429   case (5 c e)  hence nbe: "tmbound0 e" by simp
```
```  1430   from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
```
```  1431   hence nc': "allpolys isnpoly (CP (~\<^sub>p c))" by (simp add: polyneg_norm)
```
```  1432   note eqs = lt[OF nc', where ?'a = 'a] eq [OF nc(1), where ?'a = 'a] lt[OF nc(2), where ?'a = 'a]
```
```  1433   let ?c = "Ipoly vs c"
```
```  1434   let ?e = "Itm vs (y#bs) e"
```
```  1435   have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
```
```  1436   moreover {assume "?c = 0" hence ?case using eqs by auto}
```
```  1437   moreover {assume cp: "?c > 0"
```
```  1438     {fix x assume xz: "x < -?e / ?c" hence "?c * x < - ?e"
```
```  1439         using pos_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
```
```  1440       hence "?c * x + ?e < 0" by simp
```
```  1441       hence "Ifm vs (x#bs) (Lt (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (Lt (CNP 0 c e)))"
```
```  1442         using tmbound0_I[OF nbe, where b="y" and b'="x"] cp eqs by auto} hence ?case by auto}
```
```  1443   moreover {assume cp: "?c < 0"
```
```  1444     {fix x assume xz: "x < -?e / ?c" hence "?c * x > - ?e"
```
```  1445         using neg_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
```
```  1446       hence "?c * x + ?e > 0" by simp
```
```  1447       hence "Ifm vs (x#bs) (Lt (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (Lt (CNP 0 c e)))"
```
```  1448         using eqs tmbound0_I[OF nbe, where b="y" and b'="x"] cp by auto} hence ?case by auto}
```
```  1449   ultimately show ?case by blast
```
```  1450 next
```
```  1451   case (6 c e)  hence nbe: "tmbound0 e" by simp
```
```  1452   from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
```
```  1453   hence nc': "allpolys isnpoly (CP (~\<^sub>p c))" by (simp add: polyneg_norm)
```
```  1454   note eqs = lt[OF nc', where ?'a = 'a] eq [OF nc(1), where ?'a = 'a] le[OF nc(2), where ?'a = 'a]
```
```  1455   let ?c = "Ipoly vs c"
```
```  1456   let ?e = "Itm vs (y#bs) e"
```
```  1457   have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
```
```  1458   moreover {assume "?c = 0" hence ?case using eqs by auto}
```
```  1459   moreover {assume cp: "?c > 0"
```
```  1460     {fix x assume xz: "x < -?e / ?c" hence "?c * x < - ?e"
```
```  1461         using pos_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
```
```  1462       hence "?c * x + ?e < 0" by simp
```
```  1463       hence "Ifm vs (x#bs) (Le (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (Le (CNP 0 c e)))"
```
```  1464         using tmbound0_I[OF nbe, where b="y" and b'="x"] cp eqs by auto} hence ?case by auto}
```
```  1465   moreover {assume cp: "?c < 0"
```
```  1466     {fix x assume xz: "x < -?e / ?c" hence "?c * x > - ?e"
```
```  1467         using neg_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
```
```  1468       hence "?c * x + ?e > 0" by simp
```
```  1469       hence "Ifm vs (x#bs) (Le (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (Le (CNP 0 c e)))"
```
```  1470         using tmbound0_I[OF nbe, where b="y" and b'="x"] cp eqs by auto} hence ?case by auto}
```
```  1471   ultimately show ?case by blast
```
```  1472 qed (auto)
```
```  1473
```
```  1474 lemma plusinf_inf: assumes lp:"islin p"
```
```  1475   shows "\<exists>z. \<forall>x > z. Ifm vs (x#bs) (plusinf p) \<longleftrightarrow> Ifm vs (x#bs) p"
```
```  1476   using lp
```
```  1477 proof (induct p rule: plusinf.induct)
```
```  1478   case 1 thus ?case by (auto,rule_tac x="max z za" in exI, auto)
```
```  1479 next
```
```  1480   case 2 thus ?case by (auto,rule_tac x="max z za" in exI, auto)
```
```  1481 next
```
```  1482   case (3 c e) hence nbe: "tmbound0 e" by simp
```
```  1483   from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
```
```  1484   note eqs = eq[OF nc(1), where ?'a = 'a] eq[OF nc(2), where ?'a = 'a]
```
```  1485   let ?c = "Ipoly vs c"
```
```  1486   let ?e = "Itm vs (y#bs) e"
```
```  1487   have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
```
```  1488   moreover {assume "?c = 0" hence ?case
```
```  1489       using eq[OF nc(2), of vs] eq[OF nc(1), of vs] by auto}
```
```  1490   moreover {assume cp: "?c > 0"
```
```  1491     {fix x assume xz: "x > -?e / ?c" hence "?c * x > - ?e"
```
```  1492         using pos_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
```
```  1493       hence "?c * x + ?e > 0" by simp
```
```  1494       hence "Ifm vs (x#bs) (Eq (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (Eq (CNP 0 c e)))"
```
```  1495         using eqs tmbound0_I[OF nbe, where b="y" and b'="x" and vs=vs and bs=bs] by auto} hence ?case by auto}
```
```  1496   moreover {assume cp: "?c < 0"
```
```  1497     {fix x assume xz: "x > -?e / ?c" hence "?c * x < - ?e"
```
```  1498         using neg_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
```
```  1499       hence "?c * x + ?e < 0" by simp
```
```  1500       hence "Ifm vs (x#bs) (Eq (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (Eq (CNP 0 c e)))"
```
```  1501         using tmbound0_I[OF nbe, where b="y" and b'="x"] eqs by auto} hence ?case by auto}
```
```  1502   ultimately show ?case by blast
```
```  1503 next
```
```  1504   case (4 c e)  hence nbe: "tmbound0 e" by simp
```
```  1505   from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
```
```  1506   note eqs = eq[OF nc(1), where ?'a = 'a] eq[OF nc(2), where ?'a = 'a]
```
```  1507   let ?c = "Ipoly vs c"
```
```  1508   let ?e = "Itm vs (y#bs) e"
```
```  1509   have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
```
```  1510   moreover {assume "?c = 0" hence ?case using eqs by auto}
```
```  1511   moreover {assume cp: "?c > 0"
```
```  1512     {fix x assume xz: "x > -?e / ?c" hence "?c * x > - ?e"
```
```  1513         using pos_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
```
```  1514       hence "?c * x + ?e > 0" by simp
```
```  1515       hence "Ifm vs (x#bs) (NEq (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (NEq (CNP 0 c e)))"
```
```  1516         using eqs tmbound0_I[OF nbe, where b="y" and b'="x"] by auto} hence ?case by auto}
```
```  1517   moreover {assume cp: "?c < 0"
```
```  1518     {fix x assume xz: "x > -?e / ?c" hence "?c * x < - ?e"
```
```  1519         using neg_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
```
```  1520       hence "?c * x + ?e < 0" by simp
```
```  1521       hence "Ifm vs (x#bs) (NEq (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (NEq (CNP 0 c e)))"
```
```  1522         using eqs tmbound0_I[OF nbe, where b="y" and b'="x"] by auto} hence ?case by auto}
```
```  1523   ultimately show ?case by blast
```
```  1524 next
```
```  1525   case (5 c e)  hence nbe: "tmbound0 e" by simp
```
```  1526   from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
```
```  1527   hence nc': "allpolys isnpoly (CP (~\<^sub>p c))" by (simp add: polyneg_norm)
```
```  1528   note eqs = lt[OF nc(1), where ?'a = 'a] lt[OF nc', where ?'a = 'a] eq [OF nc(1), where ?'a = 'a] lt[OF nc(2), where ?'a = 'a]
```
```  1529   let ?c = "Ipoly vs c"
```
```  1530   let ?e = "Itm vs (y#bs) e"
```
```  1531   have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
```
```  1532   moreover {assume "?c = 0" hence ?case using eqs by auto}
```
```  1533   moreover {assume cp: "?c > 0"
```
```  1534     {fix x assume xz: "x > -?e / ?c" hence "?c * x > - ?e"
```
```  1535         using pos_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
```
```  1536       hence "?c * x + ?e > 0" by simp
```
```  1537       hence "Ifm vs (x#bs) (Lt (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (Lt (CNP 0 c e)))"
```
```  1538         using tmbound0_I[OF nbe, where b="y" and b'="x"] cp eqs by auto} hence ?case by auto}
```
```  1539   moreover {assume cp: "?c < 0"
```
```  1540     {fix x assume xz: "x > -?e / ?c" hence "?c * x < - ?e"
```
```  1541         using neg_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
```
```  1542       hence "?c * x + ?e < 0" by simp
```
```  1543       hence "Ifm vs (x#bs) (Lt (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (Lt (CNP 0 c e)))"
```
```  1544         using eqs tmbound0_I[OF nbe, where b="y" and b'="x"] cp by auto} hence ?case by auto}
```
```  1545   ultimately show ?case by blast
```
```  1546 next
```
```  1547   case (6 c e)  hence nbe: "tmbound0 e" by simp
```
```  1548   from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
```
```  1549   hence nc': "allpolys isnpoly (CP (~\<^sub>p c))" by (simp add: polyneg_norm)
```
```  1550   note eqs = lt[OF nc(1), where ?'a = 'a] eq [OF nc(1), where ?'a = 'a] le[OF nc(2), where ?'a = 'a]
```
```  1551   let ?c = "Ipoly vs c"
```
```  1552   let ?e = "Itm vs (y#bs) e"
```
```  1553   have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
```
```  1554   moreover {assume "?c = 0" hence ?case using eqs by auto}
```
```  1555   moreover {assume cp: "?c > 0"
```
```  1556     {fix x assume xz: "x > -?e / ?c" hence "?c * x > - ?e"
```
```  1557         using pos_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
```
```  1558       hence "?c * x + ?e > 0" by simp
```
```  1559       hence "Ifm vs (x#bs) (Le (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (Le (CNP 0 c e)))"
```
```  1560         using tmbound0_I[OF nbe, where b="y" and b'="x"] cp eqs by auto} hence ?case by auto}
```
```  1561   moreover {assume cp: "?c < 0"
```
```  1562     {fix x assume xz: "x > -?e / ?c" hence "?c * x < - ?e"
```
```  1563         using neg_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
```
```  1564       hence "?c * x + ?e < 0" by simp
```
```  1565       hence "Ifm vs (x#bs) (Le (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (Le (CNP 0 c e)))"
```
```  1566         using tmbound0_I[OF nbe, where b="y" and b'="x"] cp eqs by auto} hence ?case by auto}
```
```  1567   ultimately show ?case by blast
```
```  1568 qed (auto)
```
```  1569
```
```  1570 lemma minusinf_nb: "islin p \<Longrightarrow> bound0 (minusinf p)"
```
```  1571   by (induct p rule: minusinf.induct, auto simp add: eq_nb lt_nb le_nb)
```
```  1572 lemma plusinf_nb: "islin p \<Longrightarrow> bound0 (plusinf p)"
```
```  1573   by (induct p rule: minusinf.induct, auto simp add: eq_nb lt_nb le_nb)
```
```  1574
```
```  1575 lemma minusinf_ex: assumes lp: "islin p" and ex: "Ifm vs (x#bs) (minusinf p)"
```
```  1576   shows "\<exists>x. Ifm vs (x#bs) p"
```
```  1577 proof-
```
```  1578   from bound0_I [OF minusinf_nb[OF lp], where b="a" and bs ="bs"] ex
```
```  1579   have th: "\<forall> x. Ifm vs (x#bs) (minusinf p)" by auto
```
```  1580   from minusinf_inf[OF lp, where bs="bs"]
```
```  1581   obtain z where z_def: "\<forall>x<z. Ifm vs (x # bs) (minusinf p) = Ifm vs (x # bs) p" by blast
```
```  1582   from th have "Ifm vs ((z - 1)#bs) (minusinf p)" by simp
```
```  1583   moreover have "z - 1 < z" by simp
```
```  1584   ultimately show ?thesis using z_def by auto
```
```  1585 qed
```
```  1586
```
```  1587 lemma plusinf_ex: assumes lp: "islin p" and ex: "Ifm vs (x#bs) (plusinf p)"
```
```  1588   shows "\<exists>x. Ifm vs (x#bs) p"
```
```  1589 proof-
```
```  1590   from bound0_I [OF plusinf_nb[OF lp], where b="a" and bs ="bs"] ex
```
```  1591   have th: "\<forall> x. Ifm vs (x#bs) (plusinf p)" by auto
```
```  1592   from plusinf_inf[OF lp, where bs="bs"]
```
```  1593   obtain z where z_def: "\<forall>x>z. Ifm vs (x # bs) (plusinf p) = Ifm vs (x # bs) p" by blast
```
```  1594   from th have "Ifm vs ((z + 1)#bs) (plusinf p)" by simp
```
```  1595   moreover have "z + 1 > z" by simp
```
```  1596   ultimately show ?thesis using z_def by auto
```
```  1597 qed
```
```  1598
```
```  1599 fun uset :: "fm \<Rightarrow> (poly \<times> tm) list" where
```
```  1600   "uset (And p q) = uset p @ uset q"
```
```  1601 | "uset (Or p q) = uset p @ uset q"
```
```  1602 | "uset (Eq (CNP 0 a e))  = [(a,e)]"
```
```  1603 | "uset (Le (CNP 0 a e))  = [(a,e)]"
```
```  1604 | "uset (Lt (CNP 0 a e))  = [(a,e)]"
```
```  1605 | "uset (NEq (CNP 0 a e)) = [(a,e)]"
```
```  1606 | "uset p = []"
```
```  1607
```
```  1608 lemma uset_l:
```
```  1609   assumes lp: "islin p"
```
```  1610   shows "\<forall> (c,s) \<in> set (uset p). isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s"
```
```  1611 using lp by(induct p rule: uset.induct,auto)
```
```  1612
```
```  1613 lemma minusinf_uset0:
```
```  1614   assumes lp: "islin p"
```
```  1615   and nmi: "\<not> (Ifm vs (x#bs) (minusinf p))"
```
```  1616   and ex: "Ifm vs (x#bs) p" (is "?I x p")
```
```  1617   shows "\<exists> (c,s) \<in> set (uset p). x \<ge> - Itm vs (x#bs) s / Ipoly vs c"
```
```  1618 proof-
```
```  1619   have "\<exists> (c,s) \<in> set (uset p). (Ipoly vs c < 0 \<and> Ipoly vs c * x \<le> - Itm vs (x#bs) s) \<or>  (Ipoly vs c > 0 \<and> Ipoly vs c * x \<ge> - Itm vs (x#bs) s)"
```
```  1620     using lp nmi ex
```
```  1621     apply (induct p rule: minusinf.induct, auto simp add: eq le lt nth_pos2 polyneg_norm)
```
```  1622     apply (auto simp add: linorder_not_less order_le_less)
```
```  1623     done
```
```  1624   then obtain c s where csU: "(c,s) \<in> set (uset p)" and x: "(Ipoly vs c < 0 \<and> Ipoly vs c * x \<le> - Itm vs (x#bs) s) \<or>  (Ipoly vs c > 0 \<and> Ipoly vs c * x \<ge> - Itm vs (x#bs) s)" by blast
```
```  1625   hence "x \<ge> (- Itm vs (x#bs) s) / Ipoly vs c"
```
```  1626     using divide_le_eq[of "- Itm vs (x#bs) s" "Ipoly vs c" x]
```
```  1627     by (auto simp add: mult_commute del: divide_minus_left)
```
```  1628   thus ?thesis using csU by auto
```
```  1629 qed
```
```  1630
```
```  1631 lemma minusinf_uset:
```
```  1632   assumes lp: "islin p"
```
```  1633   and nmi: "\<not> (Ifm vs (a#bs) (minusinf p))"
```
```  1634   and ex: "Ifm vs (x#bs) p" (is "?I x p")
```
```  1635   shows "\<exists> (c,s) \<in> set (uset p). x \<ge> - Itm vs (a#bs) s / Ipoly vs c"
```
```  1636 proof-
```
```  1637   from nmi have nmi': "\<not> (Ifm vs (x#bs) (minusinf p))"
```
```  1638     by (simp add: bound0_I[OF minusinf_nb[OF lp], where b=x and b'=a])
```
```  1639   from minusinf_uset0[OF lp nmi' ex]
```
```  1640   obtain c s where csU: "(c,s) \<in> set (uset p)" and th: "x \<ge> - Itm vs (x#bs) s / Ipoly vs c" by blast
```
```  1641   from uset_l[OF lp, rule_format, OF csU] have nb: "tmbound0 s" by simp
```
```  1642   from th tmbound0_I[OF nb, of vs x bs a] csU show ?thesis by auto
```
```  1643 qed
```
```  1644
```
```  1645
```
```  1646 lemma plusinf_uset0:
```
```  1647   assumes lp: "islin p"
```
```  1648   and nmi: "\<not> (Ifm vs (x#bs) (plusinf p))"
```
```  1649   and ex: "Ifm vs (x#bs) p" (is "?I x p")
```
```  1650   shows "\<exists> (c,s) \<in> set (uset p). x \<le> - Itm vs (x#bs) s / Ipoly vs c"
```
```  1651 proof-
```
```  1652   have "\<exists> (c,s) \<in> set (uset p). (Ipoly vs c < 0 \<and> Ipoly vs c * x \<ge> - Itm vs (x#bs) s) \<or>  (Ipoly vs c > 0 \<and> Ipoly vs c * x \<le> - Itm vs (x#bs) s)"
```
```  1653     using lp nmi ex
```
```  1654     apply (induct p rule: minusinf.induct, auto simp add: eq le lt nth_pos2 polyneg_norm)
```
```  1655     apply (auto simp add: linorder_not_less order_le_less)
```
```  1656     done
```
```  1657   then obtain c s where csU: "(c,s) \<in> set (uset p)" and x: "(Ipoly vs c < 0 \<and> Ipoly vs c * x \<ge> - Itm vs (x#bs) s) \<or>  (Ipoly vs c > 0 \<and> Ipoly vs c * x \<le> - Itm vs (x#bs) s)" by blast
```
```  1658   hence "x \<le> (- Itm vs (x#bs) s) / Ipoly vs c"
```
```  1659     using le_divide_eq[of x "- Itm vs (x#bs) s" "Ipoly vs c"]
```
```  1660     by (auto simp add: mult_commute del: divide_minus_left)
```
```  1661   thus ?thesis using csU by auto
```
```  1662 qed
```
```  1663
```
```  1664 lemma plusinf_uset:
```
```  1665   assumes lp: "islin p"
```
```  1666   and nmi: "\<not> (Ifm vs (a#bs) (plusinf p))"
```
```  1667   and ex: "Ifm vs (x#bs) p" (is "?I x p")
```
```  1668   shows "\<exists> (c,s) \<in> set (uset p). x \<le> - Itm vs (a#bs) s / Ipoly vs c"
```
```  1669 proof-
```
```  1670   from nmi have nmi': "\<not> (Ifm vs (x#bs) (plusinf p))"
```
```  1671     by (simp add: bound0_I[OF plusinf_nb[OF lp], where b=x and b'=a])
```
```  1672   from plusinf_uset0[OF lp nmi' ex]
```
```  1673   obtain c s where csU: "(c,s) \<in> set (uset p)" and th: "x \<le> - Itm vs (x#bs) s / Ipoly vs c" by blast
```
```  1674   from uset_l[OF lp, rule_format, OF csU] have nb: "tmbound0 s" by simp
```
```  1675   from th tmbound0_I[OF nb, of vs x bs a] csU show ?thesis by auto
```
```  1676 qed
```
```  1677
```
```  1678 lemma lin_dense:
```
```  1679   assumes lp: "islin p"
```
```  1680   and noS: "\<forall> t. l < t \<and> t< u \<longrightarrow> t \<notin> (\<lambda> (c,t). - Itm vs (x#bs) t / Ipoly vs c) ` set (uset p)"
```
```  1681   (is "\<forall> t. _ \<and> _ \<longrightarrow> t \<notin> (\<lambda> (c,t). - ?Nt x t / ?N c) ` ?U p")
```
```  1682   and lx: "l < x" and xu:"x < u" and px:" Ifm vs (x#bs) p"
```
```  1683   and ly: "l < y" and yu: "y < u"
```
```  1684   shows "Ifm vs (y#bs) p"
```
```  1685 using lp px noS
```
```  1686 proof (induct p rule: islin.induct)
```
```  1687   case (5 c s)
```
```  1688   from "5.prems"
```
```  1689   have lin: "isnpoly c" "c \<noteq> 0\<^sub>p" "tmbound0 s" "allpolys isnpoly s"
```
```  1690     and px: "Ifm vs (x # bs) (Lt (CNP 0 c s))"
```
```  1691     and noS: "\<forall>t. l < t \<and> t < u \<longrightarrow> t \<noteq> - Itm vs (x # bs) s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp_all
```
```  1692   from ly yu noS have yne: "y \<noteq> - ?Nt x s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp
```
```  1693   hence ycs: "y < - ?Nt x s / ?N c \<or> y > -?Nt x s / ?N c" by auto
```
```  1694   have ccs: "?N c = 0 \<or> ?N c < 0 \<or> ?N c > 0" by dlo
```
```  1695   moreover
```
```  1696   {assume "?N c = 0" hence ?case using px by (simp add: tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"])}
```
```  1697   moreover
```
```  1698   {assume c: "?N c > 0"
```
```  1699       from px pos_less_divide_eq[OF c, where a="x" and b="-?Nt x s"]
```
```  1700       have px': "x < - ?Nt x s / ?N c"
```
```  1701         by (auto simp add: not_less ring_simps)
```
```  1702     {assume y: "y < - ?Nt x s / ?N c"
```
```  1703       hence "y * ?N c < - ?Nt x s"
```
```  1704         by (simp add: pos_less_divide_eq[OF c, where a="y" and b="-?Nt x s", symmetric])
```
```  1705       hence "?N c * y + ?Nt x s < 0" by (simp add: ring_simps)
```
```  1706       hence ?case using tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"] by simp}
```
```  1707     moreover
```
```  1708     {assume y: "y > -?Nt x s / ?N c"
```
```  1709       with yu have eu: "u > - ?Nt x s / ?N c" by auto
```
```  1710       with noS ly yu have th: "- ?Nt x s / ?N c \<le> l" by (cases "- ?Nt x s / ?N c > l", auto)
```
```  1711       with lx px' have "False" by simp  hence ?case by simp }
```
```  1712     ultimately have ?case using ycs by blast
```
```  1713   }
```
```  1714   moreover
```
```  1715   {assume c: "?N c < 0"
```
```  1716       from px neg_divide_less_eq[OF c, where a="x" and b="-?Nt x s"]
```
```  1717       have px': "x > - ?Nt x s / ?N c"
```
```  1718         by (auto simp add: not_less ring_simps)
```
```  1719     {assume y: "y > - ?Nt x s / ?N c"
```
```  1720       hence "y * ?N c < - ?Nt x s"
```
```  1721         by (simp add: neg_divide_less_eq[OF c, where a="y" and b="-?Nt x s", symmetric])
```
```  1722       hence "?N c * y + ?Nt x s < 0" by (simp add: ring_simps)
```
```  1723       hence ?case using tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"] by simp}
```
```  1724     moreover
```
```  1725     {assume y: "y < -?Nt x s / ?N c"
```
```  1726       with ly have eu: "l < - ?Nt x s / ?N c" by auto
```
```  1727       with noS ly yu have th: "- ?Nt x s / ?N c \<ge> u" by (cases "- ?Nt x s / ?N c < u", auto)
```
```  1728       with xu px' have "False" by simp  hence ?case by simp }
```
```  1729     ultimately have ?case using ycs by blast
```
```  1730   }
```
```  1731   ultimately show ?case by blast
```
```  1732 next
```
```  1733   case (6 c s)
```
```  1734   from "6.prems"
```
```  1735   have lin: "isnpoly c" "c \<noteq> 0\<^sub>p" "tmbound0 s" "allpolys isnpoly s"
```
```  1736     and px: "Ifm vs (x # bs) (Le (CNP 0 c s))"
```
```  1737     and noS: "\<forall>t. l < t \<and> t < u \<longrightarrow> t \<noteq> - Itm vs (x # bs) s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp_all
```
```  1738   from ly yu noS have yne: "y \<noteq> - ?Nt x s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp
```
```  1739   hence ycs: "y < - ?Nt x s / ?N c \<or> y > -?Nt x s / ?N c" by auto
```
```  1740   have ccs: "?N c = 0 \<or> ?N c < 0 \<or> ?N c > 0" by dlo
```
```  1741   moreover
```
```  1742   {assume "?N c = 0" hence ?case using px by (simp add: tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"])}
```
```  1743   moreover
```
```  1744   {assume c: "?N c > 0"
```
```  1745       from px pos_le_divide_eq[OF c, where a="x" and b="-?Nt x s"]
```
```  1746       have px': "x <= - ?Nt x s / ?N c" by (simp add: not_less ring_simps)
```
```  1747     {assume y: "y < - ?Nt x s / ?N c"
```
```  1748       hence "y * ?N c < - ?Nt x s"
```
```  1749         by (simp add: pos_less_divide_eq[OF c, where a="y" and b="-?Nt x s", symmetric])
```
```  1750       hence "?N c * y + ?Nt x s < 0" by (simp add: ring_simps)
```
```  1751       hence ?case using tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"] by simp}
```
```  1752     moreover
```
```  1753     {assume y: "y > -?Nt x s / ?N c"
```
```  1754       with yu have eu: "u > - ?Nt x s / ?N c" by auto
```
```  1755       with noS ly yu have th: "- ?Nt x s / ?N c \<le> l" by (cases "- ?Nt x s / ?N c > l", auto)
```
```  1756       with lx px' have "False" by simp  hence ?case by simp }
```
```  1757     ultimately have ?case using ycs by blast
```
```  1758   }
```
```  1759   moreover
```
```  1760   {assume c: "?N c < 0"
```
```  1761       from px neg_divide_le_eq[OF c, where a="x" and b="-?Nt x s"]
```
```  1762       have px': "x >= - ?Nt x s / ?N c" by (simp add: ring_simps)
```
```  1763     {assume y: "y > - ?Nt x s / ?N c"
```
```  1764       hence "y * ?N c < - ?Nt x s"
```
```  1765         by (simp add: neg_divide_less_eq[OF c, where a="y" and b="-?Nt x s", symmetric])
```
```  1766       hence "?N c * y + ?Nt x s < 0" by (simp add: ring_simps)
```
```  1767       hence ?case using tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"] by simp}
```
```  1768     moreover
```
```  1769     {assume y: "y < -?Nt x s / ?N c"
```
```  1770       with ly have eu: "l < - ?Nt x s / ?N c" by auto
```
```  1771       with noS ly yu have th: "- ?Nt x s / ?N c \<ge> u" by (cases "- ?Nt x s / ?N c < u", auto)
```
```  1772       with xu px' have "False" by simp  hence ?case by simp }
```
```  1773     ultimately have ?case using ycs by blast
```
```  1774   }
```
```  1775   ultimately show ?case by blast
```
```  1776 next
```
```  1777     case (3 c s)
```
```  1778   from "3.prems"
```
```  1779   have lin: "isnpoly c" "c \<noteq> 0\<^sub>p" "tmbound0 s" "allpolys isnpoly s"
```
```  1780     and px: "Ifm vs (x # bs) (Eq (CNP 0 c s))"
```
```  1781     and noS: "\<forall>t. l < t \<and> t < u \<longrightarrow> t \<noteq> - Itm vs (x # bs) s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp_all
```
```  1782   from ly yu noS have yne: "y \<noteq> - ?Nt x s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp
```
```  1783   hence ycs: "y < - ?Nt x s / ?N c \<or> y > -?Nt x s / ?N c" by auto
```
```  1784   have ccs: "?N c = 0 \<or> ?N c < 0 \<or> ?N c > 0" by dlo
```
```  1785   moreover
```
```  1786   {assume "?N c = 0" hence ?case using px by (simp add: tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"])}
```
```  1787   moreover
```
```  1788   {assume c: "?N c > 0" hence cnz: "?N c \<noteq> 0" by simp
```
```  1789     from px eq_divide_eq[of "x" "-?Nt x s" "?N c"]  cnz
```
```  1790     have px': "x = - ?Nt x s / ?N c" by (simp add: ring_simps)
```
```  1791     {assume y: "y < -?Nt x s / ?N c"
```
```  1792       with ly have eu: "l < - ?Nt x s / ?N c" by auto
```
```  1793       with noS ly yu have th: "- ?Nt x s / ?N c \<ge> u" by (cases "- ?Nt x s / ?N c < u", auto)
```
```  1794       with xu px' have "False" by simp  hence ?case by simp }
```
```  1795     moreover
```
```  1796     {assume y: "y > -?Nt x s / ?N c"
```
```  1797       with yu have eu: "u > - ?Nt x s / ?N c" by auto
```
```  1798       with noS ly yu have th: "- ?Nt x s / ?N c \<le> l" by (cases "- ?Nt x s / ?N c > l", auto)
```
```  1799       with lx px' have "False" by simp  hence ?case by simp }
```
```  1800     ultimately have ?case using ycs by blast
```
```  1801   }
```
```  1802   moreover
```
```  1803   {assume c: "?N c < 0" hence cnz: "?N c \<noteq> 0" by simp
```
```  1804     from px eq_divide_eq[of "x" "-?Nt x s" "?N c"]  cnz
```
```  1805     have px': "x = - ?Nt x s / ?N c" by (simp add: ring_simps)
```
```  1806     {assume y: "y < -?Nt x s / ?N c"
```
```  1807       with ly have eu: "l < - ?Nt x s / ?N c" by auto
```
```  1808       with noS ly yu have th: "- ?Nt x s / ?N c \<ge> u" by (cases "- ?Nt x s / ?N c < u", auto)
```
```  1809       with xu px' have "False" by simp  hence ?case by simp }
```
```  1810     moreover
```
```  1811     {assume y: "y > -?Nt x s / ?N c"
```
```  1812       with yu have eu: "u > - ?Nt x s / ?N c" by auto
```
```  1813       with noS ly yu have th: "- ?Nt x s / ?N c \<le> l" by (cases "- ?Nt x s / ?N c > l", auto)
```
```  1814       with lx px' have "False" by simp  hence ?case by simp }
```
```  1815     ultimately have ?case using ycs by blast
```
```  1816   }
```
```  1817   ultimately show ?case by blast
```
```  1818 next
```
```  1819     case (4 c s)
```
```  1820   from "4.prems"
```
```  1821   have lin: "isnpoly c" "c \<noteq> 0\<^sub>p" "tmbound0 s" "allpolys isnpoly s"
```
```  1822     and px: "Ifm vs (x # bs) (NEq (CNP 0 c s))"
```
```  1823     and noS: "\<forall>t. l < t \<and> t < u \<longrightarrow> t \<noteq> - Itm vs (x # bs) s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp_all
```
```  1824   from ly yu noS have yne: "y \<noteq> - ?Nt x s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp
```
```  1825   hence ycs: "y < - ?Nt x s / ?N c \<or> y > -?Nt x s / ?N c" by auto
```
```  1826   have ccs: "?N c = 0 \<or> ?N c \<noteq> 0" by dlo
```
```  1827   moreover
```
```  1828   {assume "?N c = 0" hence ?case using px by (simp add: tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"])}
```
```  1829   moreover
```
```  1830   {assume c: "?N c \<noteq> 0"
```
```  1831     from yne c eq_divide_eq[of "y" "- ?Nt x s" "?N c"] have ?case
```
```  1832       by (simp add: ring_simps tmbound0_I[OF lin(3), of vs x bs y] sum_eq[symmetric]) }
```
```  1833   ultimately show ?case by blast
```
```  1834 qed (auto simp add: nth_pos2 tmbound0_I[where vs=vs and bs="bs" and b="y" and b'="x"] bound0_I[where vs=vs and bs="bs" and b="y" and b'="x"])
```
```  1835
```
```  1836 lemma one_plus_one_pos[simp]: "(1::'a::{linordered_field}) + 1 > 0"
```
```  1837 proof-
```
```  1838   have op: "(1::'a) > 0" by simp
```
```  1839   from add_pos_pos[OF op op] show ?thesis .
```
```  1840 qed
```
```  1841
```
```  1842 lemma one_plus_one_nonzero[simp]: "(1::'a::{linordered_field}) + 1 \<noteq> 0"
```
```  1843   using one_plus_one_pos[where ?'a = 'a] by (simp add: less_le)
```
```  1844
```
```  1845 lemma half_sum_eq: "(u + u) / (1+1) = (u::'a::{linordered_field})"
```
```  1846 proof-
```
```  1847   have "(u + u) = (1 + 1) * u" by (simp add: ring_simps)
```
```  1848   hence "(u + u) / (1+1) = (1 + 1)*u / (1 + 1)" by simp
```
```  1849   with nonzero_mult_divide_cancel_left[OF one_plus_one_nonzero, of u] show ?thesis by simp
```
```  1850 qed
```
```  1851
```
```  1852 lemma inf_uset:
```
```  1853   assumes lp: "islin p"
```
```  1854   and nmi: "\<not> (Ifm vs (x#bs) (minusinf p))" (is "\<not> (Ifm vs (x#bs) (?M p))")
```
```  1855   and npi: "\<not> (Ifm vs (x#bs) (plusinf p))" (is "\<not> (Ifm vs (x#bs) (?P p))")
```
```  1856   and ex: "\<exists> x.  Ifm vs (x#bs) p" (is "\<exists> x. ?I x p")
```
```  1857   shows "\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). ?I ((- Itm vs (x#bs) t / Ipoly vs c + - Itm vs (x#bs) s / Ipoly vs d) / (1 + 1)) p"
```
```  1858 proof-
```
```  1859   let ?Nt = "\<lambda> x t. Itm vs (x#bs) t"
```
```  1860   let ?N = "Ipoly vs"
```
```  1861   let ?U = "set (uset p)"
```
```  1862   from ex obtain a where pa: "?I a p" by blast
```
```  1863   from bound0_I[OF minusinf_nb[OF lp], where bs="bs" and b="x" and b'="a"] nmi
```
```  1864   have nmi': "\<not> (?I a (?M p))" by simp
```
```  1865   from bound0_I[OF plusinf_nb[OF lp], where bs="bs" and b="x" and b'="a"] npi
```
```  1866   have npi': "\<not> (?I a (?P p))" by simp
```
```  1867   have "\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). ?I ((- ?Nt a t/?N c + - ?Nt a s /?N d) / (1 + 1)) p"
```
```  1868   proof-
```
```  1869     let ?M = "(\<lambda> (c,t). - ?Nt a t / ?N c) ` ?U"
```
```  1870     have fM: "finite ?M" by auto
```
```  1871     from minusinf_uset[OF lp nmi pa] plusinf_uset[OF lp npi pa]
```
```  1872     have "\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). a \<le> - ?Nt x t / ?N c \<and> a \<ge> - ?Nt x s / ?N d" by blast
```
```  1873     then obtain "c" "t" "d" "s" where
```
```  1874       ctU: "(c,t) \<in> ?U" and dsU: "(d,s) \<in> ?U"
```
```  1875       and xs1: "a \<le> - ?Nt x s / ?N d" and tx1: "a \<ge> - ?Nt x t / ?N c" by blast
```
```  1876     from uset_l[OF lp] ctU dsU tmbound0_I[where bs="bs" and b="x" and b'="a"] xs1 tx1
```
```  1877     have xs: "a \<le> - ?Nt a s / ?N d" and tx: "a \<ge> - ?Nt a t / ?N c" by auto
```
```  1878     from ctU have Mne: "?M \<noteq> {}" by auto
```
```  1879     hence Une: "?U \<noteq> {}" by simp
```
```  1880     let ?l = "Min ?M"
```
```  1881     let ?u = "Max ?M"
```
```  1882     have linM: "?l \<in> ?M" using fM Mne by simp
```
```  1883     have uinM: "?u \<in> ?M" using fM Mne by simp
```
```  1884     have ctM: "- ?Nt a t / ?N c \<in> ?M" using ctU by auto
```
```  1885     have dsM: "- ?Nt a s / ?N d \<in> ?M" using dsU by auto
```
```  1886     have lM: "\<forall> t\<in> ?M. ?l \<le> t" using Mne fM by auto
```
```  1887     have Mu: "\<forall> t\<in> ?M. t \<le> ?u" using Mne fM by auto
```
```  1888     have "?l \<le> - ?Nt a t / ?N c" using ctM Mne by simp hence lx: "?l \<le> a" using tx by simp
```
```  1889     have "- ?Nt a s / ?N d \<le> ?u" using dsM Mne by simp hence xu: "a \<le> ?u" using xs by simp
```
```  1890     from finite_set_intervals2[where P="\<lambda> x. ?I x p",OF pa lx xu linM uinM fM lM Mu]
```
```  1891     have "(\<exists> s\<in> ?M. ?I s p) \<or>
```
```  1892       (\<exists> t1\<in> ?M. \<exists> t2 \<in> ?M. (\<forall> y. t1 < y \<and> y < t2 \<longrightarrow> y \<notin> ?M) \<and> t1 < a \<and> a < t2 \<and> ?I a p)" .
```
```  1893     moreover {fix u assume um: "u\<in> ?M" and pu: "?I u p"
```
```  1894       hence "\<exists> (nu,tu) \<in> ?U. u = - ?Nt a tu / ?N nu" by auto
```
```  1895       then obtain "tu" "nu" where tuU: "(nu,tu) \<in> ?U" and tuu:"u= - ?Nt a tu / ?N nu" by blast
```
```  1896       from half_sum_eq[of u] pu tuu
```
```  1897       have "?I (((- ?Nt a tu / ?N nu) + (- ?Nt a tu / ?N nu)) / (1 + 1)) p" by simp
```
```  1898       with tuU have ?thesis by blast}
```
```  1899     moreover{
```
```  1900       assume "\<exists> t1\<in> ?M. \<exists> t2 \<in> ?M. (\<forall> y. t1 < y \<and> y < t2 \<longrightarrow> y \<notin> ?M) \<and> t1 < a \<and> a < t2 \<and> ?I a p"
```
```  1901       then obtain t1 and t2 where t1M: "t1 \<in> ?M" and t2M: "t2\<in> ?M"
```
```  1902         and noM: "\<forall> y. t1 < y \<and> y < t2 \<longrightarrow> y \<notin> ?M" and t1x: "t1 < a" and xt2: "a < t2" and px: "?I a p"
```
```  1903         by blast
```
```  1904       from t1M have "\<exists> (t1n,t1u) \<in> ?U. t1 = - ?Nt a t1u / ?N t1n" by auto
```
```  1905       then obtain "t1u" "t1n" where t1uU: "(t1n,t1u) \<in> ?U" and t1u: "t1 = - ?Nt a t1u / ?N t1n" by blast
```
```  1906       from t2M have "\<exists> (t2n,t2u) \<in> ?U. t2 = - ?Nt a t2u / ?N t2n" by auto
```
```  1907       then obtain "t2u" "t2n" where t2uU: "(t2n,t2u) \<in> ?U" and t2u: "t2 = - ?Nt a t2u / ?N t2n" by blast
```
```  1908       from t1x xt2 have t1t2: "t1 < t2" by simp
```
```  1909       let ?u = "(t1 + t2) / (1 + 1)"
```
```  1910       from less_half_sum[OF t1t2] gt_half_sum[OF t1t2] have t1lu: "t1 < ?u" and ut2: "?u < t2" by auto
```
```  1911       from lin_dense[OF lp noM t1x xt2 px t1lu ut2] have "?I ?u p" .
```
```  1912       with t1uU t2uU t1u t2u have ?thesis by blast}
```
```  1913     ultimately show ?thesis by blast
```
```  1914   qed
```
```  1915   then obtain "l" "n" "s"  "m" where lnU: "(n,l) \<in> ?U" and smU:"(m,s) \<in> ?U"
```
```  1916     and pu: "?I ((- ?Nt a l / ?N n + - ?Nt a s / ?N m) / (1 + 1)) p" by blast
```
```  1917   from lnU smU uset_l[OF lp] have nbl: "tmbound0 l" and nbs: "tmbound0 s" by auto
```
```  1918   from tmbound0_I[OF nbl, where bs="bs" and b="a" and b'="x"]
```
```  1919     tmbound0_I[OF nbs, where bs="bs" and b="a" and b'="x"] pu
```
```  1920   have "?I ((- ?Nt x l / ?N n + - ?Nt x s / ?N m) / (1 + 1)) p" by simp
```
```  1921   with lnU smU
```
```  1922   show ?thesis by auto
```
```  1923 qed
```
```  1924
```
```  1925     (* The Ferrante - Rackoff Theorem *)
```
```  1926
```
```  1927 theorem fr_eq:
```
```  1928   assumes lp: "islin p"
```
```  1929   shows "(\<exists> x. Ifm vs (x#bs) p) = ((Ifm vs (x#bs) (minusinf p)) \<or> (Ifm vs (x#bs) (plusinf p)) \<or> (\<exists> (n,t) \<in> set (uset p). \<exists> (m,s) \<in> set (uset p). Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs n + - Itm vs (x#bs) s / Ipoly vs m) /(1 + 1))#bs) p))"
```
```  1930   (is "(\<exists> x. ?I x p) = (?M \<or> ?P \<or> ?F)" is "?E = ?D")
```
```  1931 proof
```
```  1932   assume px: "\<exists> x. ?I x p"
```
```  1933   have "?M \<or> ?P \<or> (\<not> ?M \<and> \<not> ?P)" by blast
```
```  1934   moreover {assume "?M \<or> ?P" hence "?D" by blast}
```
```  1935   moreover {assume nmi: "\<not> ?M" and npi: "\<not> ?P"
```
```  1936     from inf_uset[OF lp nmi npi] have "?F" using px by blast hence "?D" by blast}
```
```  1937   ultimately show "?D" by blast
```
```  1938 next
```
```  1939   assume "?D"
```
```  1940   moreover {assume m:"?M" from minusinf_ex[OF lp m] have "?E" .}
```
```  1941   moreover {assume p: "?P" from plusinf_ex[OF lp p] have "?E" . }
```
```  1942   moreover {assume f:"?F" hence "?E" by blast}
```
```  1943   ultimately show "?E" by blast
```
```  1944 qed
```
```  1945
```
```  1946 section{* First implementation : Naive by encoding all case splits locally *}
```
```  1947 definition "msubsteq c t d s a r =
```
```  1948   evaldjf (split conj)
```
```  1949   [(let cd = c *\<^sub>p d in (NEq (CP cd), Eq (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
```
```  1950    (conj (Eq (CP c)) (NEq (CP d)) , Eq (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
```
```  1951    (conj (NEq (CP c)) (Eq (CP d)) , Eq (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
```
```  1952    (conj (Eq (CP c)) (Eq (CP d)) , Eq r)]"
```
```  1953
```
```  1954 lemma msubsteq_nb: assumes lp: "islin (Eq (CNP 0 a r))" and t: "tmbound0 t" and s: "tmbound0 s"
```
```  1955   shows "bound0 (msubsteq c t d s a r)"
```
```  1956 proof-
```
```  1957   have th: "\<forall>x\<in> set [(let cd = c *\<^sub>p d in (NEq (CP cd), Eq (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
```
```  1958    (conj (Eq (CP c)) (NEq (CP d)) , Eq (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
```
```  1959    (conj (NEq (CP c)) (Eq (CP d)) , Eq (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
```
```  1960    (conj (Eq (CP c)) (Eq (CP d)) , Eq r)]. bound0 (split conj x)"
```
```  1961     using lp by (simp add: Let_def t s )
```
```  1962   from evaldjf_bound0[OF th] show ?thesis by (simp add: msubsteq_def)
```
```  1963 qed
```
```  1964
```
```  1965 lemma msubsteq: assumes lp: "islin (Eq (CNP 0 a r))"
```
```  1966   shows "Ifm vs (x#bs) (msubsteq c t d s a r) = Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs c + - Itm vs (x#bs) s / Ipoly vs d) /(1 + 1))#bs) (Eq (CNP 0 a r))" (is "?lhs = ?rhs")
```
```  1967 proof-
```
```  1968   let ?Nt = "\<lambda>(x::'a) t. Itm vs (x#bs) t"
```
```  1969   let ?N = "\<lambda>p. Ipoly vs p"
```
```  1970   let ?c = "?N c"
```
```  1971   let ?d = "?N d"
```
```  1972   let ?t = "?Nt x t"
```
```  1973   let ?s = "?Nt x s"
```
```  1974   let ?a = "?N a"
```
```  1975   let ?r = "?Nt x r"
```
```  1976   from lp have lin:"isnpoly a" "a \<noteq> 0\<^sub>p" "tmbound0 r" "allpolys isnpoly r" by simp_all
```
```  1977   note r= tmbound0_I[OF lin(3), of vs _ bs x]
```
```  1978   have cd_cs: "?c * ?d \<noteq> 0 \<or> (?c = 0 \<and> ?d = 0) \<or> (?c = 0 \<and> ?d \<noteq> 0) \<or> (?c \<noteq> 0 \<and> ?d = 0)" by auto
```
```  1979   moreover
```
```  1980   {assume c: "?c = 0" and d: "?d=0"
```
```  1981     hence ?thesis  by (simp add: r[of 0] msubsteq_def Let_def evaldjf_ex)}
```
```  1982   moreover
```
```  1983   {assume c: "?c = 0" and d: "?d\<noteq>0"
```
```  1984     from c have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = -?s / ((1 + 1)*?d)" by simp
```
```  1985     have "?rhs = Ifm vs (-?s / ((1 + 1)*?d) # bs) (Eq (CNP 0 a r))" by (simp only: th)
```
```  1986     also have "\<dots> \<longleftrightarrow> ?a * (-?s / ((1 + 1)*?d)) + ?r = 0" by (simp add: r[of "- (Itm vs (x # bs) s / ((1 + 1) * \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>))"])
```
```  1987     also have "\<dots> \<longleftrightarrow> (1 + 1)*?d * (?a * (-?s / ((1 + 1)*?d)) + ?r) = 0"
```
```  1988       using d mult_cancel_left[of "(1 + 1)*?d" "(?a * (-?s / ((1 + 1)*?d)) + ?r)" 0] by simp
```
```  1989     also have "\<dots> \<longleftrightarrow> (- ?a * ?s) * ((1 + 1)*?d / ((1 + 1)*?d)) + (1 + 1)*?d*?r= 0"
```
```  1990       by (simp add: ring_simps right_distrib[of "(1 + 1)*?d"] del: right_distrib)
```
```  1991
```
```  1992     also have "\<dots> \<longleftrightarrow> - (?a * ?s) + (1 + 1)*?d*?r = 0" using d by simp
```
```  1993     finally have ?thesis using c d
```
```  1994       apply (simp add: r[of "- (Itm vs (x # bs) s / ((1 + 1) * \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>))"] msubsteq_def Let_def evaldjf_ex del: one_add_one_is_two)
```
```  1995       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
```
```  1996       apply simp
```
```  1997       done}
```
```  1998   moreover
```
```  1999   {assume c: "?c \<noteq> 0" and d: "?d=0"
```
```  2000     from d have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = -?t / ((1 + 1)*?c)" by simp
```
```  2001     have "?rhs = Ifm vs (-?t / ((1 + 1)*?c) # bs) (Eq (CNP 0 a r))" by (simp only: th)
```
```  2002     also have "\<dots> \<longleftrightarrow> ?a * (-?t / ((1 + 1)*?c)) + ?r = 0" by (simp add: r[of "- (?t/ ((1 + 1)* ?c))"])
```
```  2003     also have "\<dots> \<longleftrightarrow> (1 + 1)*?c * (?a * (-?t / ((1 + 1)*?c)) + ?r) = 0"
```
```  2004       using c mult_cancel_left[of "(1 + 1)*?c" "(?a * (-?t / ((1 + 1)*?c)) + ?r)" 0] by simp
```
```  2005     also have "\<dots> \<longleftrightarrow> (?a * -?t)* ((1 + 1)*?c) / ((1 + 1)*?c) + (1 + 1)*?c*?r= 0"
```
```  2006       by (simp add: ring_simps right_distrib[of "(1 + 1)*?c"] del: right_distrib)
```
```  2007     also have "\<dots> \<longleftrightarrow> - (?a * ?t) + (1 + 1)*?c*?r = 0" using c by simp
```
```  2008     finally have ?thesis using c d
```
```  2009       apply (simp add: r[of "- (?t/ ((1 + 1)*?c))"] msubsteq_def Let_def evaldjf_ex del: one_add_one_is_two)
```
```  2010       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
```
```  2011       apply simp
```
```  2012       done }
```
```  2013   moreover
```
```  2014   {assume c: "?c \<noteq> 0" and d: "?d\<noteq>0" hence dc: "?c * ?d *(1 + 1) \<noteq> 0" by simp
```
```  2015     from add_frac_eq[OF c d, of "- ?t" "- ?s"]
```
```  2016     have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)"
```
```  2017       by (simp add: ring_simps)
```
```  2018     have "?rhs \<longleftrightarrow> Ifm vs (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d) # bs) (Eq (CNP 0 a r))" by (simp only: th)
```
```  2019     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r = 0"
```
```  2020       by (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"])
```
```  2021     also have "\<dots> \<longleftrightarrow> ((1 + 1) * ?c * ?d) * (?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r) =0 "
```
```  2022       using c d mult_cancel_left[of "(1 + 1) * ?c * ?d" "?a * (- (?d * ?t + ?c* ?s)/ ((1 + 1)*?c*?d)) + ?r" 0] by simp
```
```  2023     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )) + (1 + 1)*?c*?d*?r =0"
```
```  2024       using nonzero_mult_divide_cancel_left[OF dc] c d
```
```  2025       by (simp add: ring_simps diff_divide_distrib del: left_distrib)
```
```  2026     finally  have ?thesis using c d
```
```  2027       apply (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"] msubsteq_def Let_def evaldjf_ex ring_simps)
```
```  2028       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
```
```  2029       apply (simp add: ring_simps)
```
```  2030       done }
```
```  2031   ultimately show ?thesis by blast
```
```  2032 qed
```
```  2033
```
```  2034
```
```  2035 definition "msubstneq c t d s a r =
```
```  2036   evaldjf (split conj)
```
```  2037   [(let cd = c *\<^sub>p d in (NEq (CP cd), NEq (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
```
```  2038    (conj (Eq (CP c)) (NEq (CP d)) , NEq (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
```
```  2039    (conj (NEq (CP c)) (Eq (CP d)) , NEq (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
```
```  2040    (conj (Eq (CP c)) (Eq (CP d)) , NEq r)]"
```
```  2041
```
```  2042 lemma msubstneq_nb: assumes lp: "islin (NEq (CNP 0 a r))" and t: "tmbound0 t" and s: "tmbound0 s"
```
```  2043   shows "bound0 (msubstneq c t d s a r)"
```
```  2044 proof-
```
```  2045   have th: "\<forall>x\<in> set [(let cd = c *\<^sub>p d in (NEq (CP cd), NEq (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
```
```  2046     (conj (Eq (CP c)) (NEq (CP d)) , NEq (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
```
```  2047     (conj (NEq (CP c)) (Eq (CP d)) , NEq (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
```
```  2048     (conj (Eq (CP c)) (Eq (CP d)) , NEq r)]. bound0 (split conj x)"
```
```  2049     using lp by (simp add: Let_def t s )
```
```  2050   from evaldjf_bound0[OF th] show ?thesis by (simp add: msubstneq_def)
```
```  2051 qed
```
```  2052
```
```  2053 lemma msubstneq: assumes lp: "islin (Eq (CNP 0 a r))"
```
```  2054   shows "Ifm vs (x#bs) (msubstneq c t d s a r) = Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs c + - Itm vs (x#bs) s / Ipoly vs d) /(1 + 1))#bs) (NEq (CNP 0 a r))" (is "?lhs = ?rhs")
```
```  2055 proof-
```
```  2056   let ?Nt = "\<lambda>(x::'a) t. Itm vs (x#bs) t"
```
```  2057   let ?N = "\<lambda>p. Ipoly vs p"
```
```  2058   let ?c = "?N c"
```
```  2059   let ?d = "?N d"
```
```  2060   let ?t = "?Nt x t"
```
```  2061   let ?s = "?Nt x s"
```
```  2062   let ?a = "?N a"
```
```  2063   let ?r = "?Nt x r"
```
```  2064   from lp have lin:"isnpoly a" "a \<noteq> 0\<^sub>p" "tmbound0 r" "allpolys isnpoly r" by simp_all
```
```  2065   note r= tmbound0_I[OF lin(3), of vs _ bs x]
```
```  2066   have cd_cs: "?c * ?d \<noteq> 0 \<or> (?c = 0 \<and> ?d = 0) \<or> (?c = 0 \<and> ?d \<noteq> 0) \<or> (?c \<noteq> 0 \<and> ?d = 0)" by auto
```
```  2067   moreover
```
```  2068   {assume c: "?c = 0" and d: "?d=0"
```
```  2069     hence ?thesis  by (simp add: r[of 0] msubstneq_def Let_def evaldjf_ex)}
```
```  2070   moreover
```
```  2071   {assume c: "?c = 0" and d: "?d\<noteq>0"
```
```  2072     from c have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = -?s / ((1 + 1)*?d)" by simp
```
```  2073     have "?rhs = Ifm vs (-?s / ((1 + 1)*?d) # bs) (NEq (CNP 0 a r))" by (simp only: th)
```
```  2074     also have "\<dots> \<longleftrightarrow> ?a * (-?s / ((1 + 1)*?d)) + ?r \<noteq> 0" by (simp add: r[of "- (Itm vs (x # bs) s / ((1 + 1) * \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>))"])
```
```  2075     also have "\<dots> \<longleftrightarrow> (1 + 1)*?d * (?a * (-?s / ((1 + 1)*?d)) + ?r) \<noteq> 0"
```
```  2076       using d mult_cancel_left[of "(1 + 1)*?d" "(?a * (-?s / ((1 + 1)*?d)) + ?r)" 0] by simp
```
```  2077     also have "\<dots> \<longleftrightarrow> (- ?a * ?s) * ((1 + 1)*?d / ((1 + 1)*?d)) + (1 + 1)*?d*?r\<noteq> 0"
```
```  2078       by (simp add: ring_simps right_distrib[of "(1 + 1)*?d"] del: right_distrib)
```
```  2079
```
```  2080     also have "\<dots> \<longleftrightarrow> - (?a * ?s) + (1 + 1)*?d*?r \<noteq> 0" using d by simp
```
```  2081     finally have ?thesis using c d
```
```  2082       apply (simp add: r[of "- (Itm vs (x # bs) s / ((1 + 1) * \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>))"] msubstneq_def Let_def evaldjf_ex del: one_add_one_is_two)
```
```  2083       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
```
```  2084       apply simp
```
```  2085       done}
```
```  2086   moreover
```
```  2087   {assume c: "?c \<noteq> 0" and d: "?d=0"
```
```  2088     from d have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = -?t / ((1 + 1)*?c)" by simp
```
```  2089     have "?rhs = Ifm vs (-?t / ((1 + 1)*?c) # bs) (NEq (CNP 0 a r))" by (simp only: th)
```
```  2090     also have "\<dots> \<longleftrightarrow> ?a * (-?t / ((1 + 1)*?c)) + ?r \<noteq> 0" by (simp add: r[of "- (?t/ ((1 + 1)* ?c))"])
```
```  2091     also have "\<dots> \<longleftrightarrow> (1 + 1)*?c * (?a * (-?t / ((1 + 1)*?c)) + ?r) \<noteq> 0"
```
```  2092       using c mult_cancel_left[of "(1 + 1)*?c" "(?a * (-?t / ((1 + 1)*?c)) + ?r)" 0] by simp
```
```  2093     also have "\<dots> \<longleftrightarrow> (?a * -?t)* ((1 + 1)*?c) / ((1 + 1)*?c) + (1 + 1)*?c*?r \<noteq> 0"
```
```  2094       by (simp add: ring_simps right_distrib[of "(1 + 1)*?c"] del: right_distrib)
```
```  2095     also have "\<dots> \<longleftrightarrow> - (?a * ?t) + (1 + 1)*?c*?r \<noteq> 0" using c by simp
```
```  2096     finally have ?thesis using c d
```
```  2097       apply (simp add: r[of "- (?t/ ((1 + 1)*?c))"] msubstneq_def Let_def evaldjf_ex del: one_add_one_is_two)
```
```  2098       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
```
```  2099       apply simp
```
```  2100       done }
```
```  2101   moreover
```
```  2102   {assume c: "?c \<noteq> 0" and d: "?d\<noteq>0" hence dc: "?c * ?d *(1 + 1) \<noteq> 0" by simp
```
```  2103     from add_frac_eq[OF c d, of "- ?t" "- ?s"]
```
```  2104     have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)"
```
```  2105       by (simp add: ring_simps)
```
```  2106     have "?rhs \<longleftrightarrow> Ifm vs (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d) # bs) (NEq (CNP 0 a r))" by (simp only: th)
```
```  2107     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r \<noteq> 0"
```
```  2108       by (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"])
```
```  2109     also have "\<dots> \<longleftrightarrow> ((1 + 1) * ?c * ?d) * (?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r) \<noteq> 0 "
```
```  2110       using c d mult_cancel_left[of "(1 + 1) * ?c * ?d" "?a * (- (?d * ?t + ?c* ?s)/ ((1 + 1)*?c*?d)) + ?r" 0] by simp
```
```  2111     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )) + (1 + 1)*?c*?d*?r \<noteq> 0"
```
```  2112       using nonzero_mult_divide_cancel_left[OF dc] c d
```
```  2113       by (simp add: ring_simps diff_divide_distrib del: left_distrib)
```
```  2114     finally  have ?thesis using c d
```
```  2115       apply (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"] msubstneq_def Let_def evaldjf_ex ring_simps)
```
```  2116       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
```
```  2117       apply (simp add: ring_simps)
```
```  2118       done }
```
```  2119   ultimately show ?thesis by blast
```
```  2120 qed
```
```  2121
```
```  2122 definition "msubstlt c t d s a r =
```
```  2123   evaldjf (split conj)
```
```  2124   [(let cd = c *\<^sub>p d in (lt (CP (~\<^sub>p cd)), Lt (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
```
```  2125   (let cd = c *\<^sub>p d in (lt (CP cd), Lt (Sub (Mul a (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
```
```  2126    (conj (lt (CP (~\<^sub>p c))) (Eq (CP d)) , Lt (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
```
```  2127    (conj (lt (CP c)) (Eq (CP d)) , Lt (Sub (Mul a t) (Mul (2\<^sub>p *\<^sub>p c) r))),
```
```  2128    (conj (lt (CP (~\<^sub>p d))) (Eq (CP c)) , Lt (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
```
```  2129    (conj (lt (CP d)) (Eq (CP c)) , Lt (Sub (Mul a s) (Mul (2\<^sub>p *\<^sub>p d) r))),
```
```  2130    (conj (Eq (CP c)) (Eq (CP d)) , Lt r)]"
```
```  2131
```
```  2132 lemma msubstlt_nb: assumes lp: "islin (Lt (CNP 0 a r))" and t: "tmbound0 t" and s: "tmbound0 s"
```
```  2133   shows "bound0 (msubstlt c t d s a r)"
```
```  2134 proof-
```
```  2135   have th: "\<forall>x\<in> set [(let cd = c *\<^sub>p d in (lt (CP (~\<^sub>p cd)), Lt (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
```
```  2136   (let cd = c *\<^sub>p d in (lt (CP cd), Lt (Sub (Mul a (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
```
```  2137    (conj (lt (CP (~\<^sub>p c))) (Eq (CP d)) , Lt (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
```
```  2138    (conj (lt (CP c)) (Eq (CP d)) , Lt (Sub (Mul a t) (Mul (2\<^sub>p *\<^sub>p c) r))),
```
```  2139    (conj (lt (CP (~\<^sub>p d))) (Eq (CP c)) , Lt (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
```
```  2140    (conj (lt (CP d)) (Eq (CP c)) , Lt (Sub (Mul a s) (Mul (2\<^sub>p *\<^sub>p d) r))),
```
```  2141    (conj (Eq (CP c)) (Eq (CP d)) , Lt r)]. bound0 (split conj x)"
```
```  2142     using lp by (simp add: Let_def t s lt_nb )
```
```  2143   from evaldjf_bound0[OF th] show ?thesis by (simp add: msubstlt_def)
```
```  2144 qed
```
```  2145
```
```  2146
```
```  2147 lemma msubstlt: assumes nc: "isnpoly c" and nd: "isnpoly d" and lp: "islin (Lt (CNP 0 a r))"
```
```  2148   shows "Ifm vs (x#bs) (msubstlt c t d s a r) \<longleftrightarrow>
```
```  2149   Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs c + - Itm vs (x#bs) s / Ipoly vs d) /(1 + 1))#bs) (Lt (CNP 0 a r))" (is "?lhs = ?rhs")
```
```  2150 proof-
```
```  2151   let ?Nt = "\<lambda>x t. Itm vs (x#bs) t"
```
```  2152   let ?N = "\<lambda>p. Ipoly vs p"
```
```  2153   let ?c = "?N c"
```
```  2154   let ?d = "?N d"
```
```  2155   let ?t = "?Nt x t"
```
```  2156   let ?s = "?Nt x s"
```
```  2157   let ?a = "?N a"
```
```  2158   let ?r = "?Nt x r"
```
```  2159   from lp have lin:"isnpoly a" "a \<noteq> 0\<^sub>p" "tmbound0 r" "allpolys isnpoly r" by simp_all
```
```  2160   note r= tmbound0_I[OF lin(3), of vs _ bs x]
```
```  2161   have cd_cs: "?c * ?d < 0 \<or> ?c * ?d > 0 \<or> (?c = 0 \<and> ?d = 0) \<or> (?c = 0 \<and> ?d < 0) \<or> (?c = 0 \<and> ?d > 0) \<or> (?c < 0 \<and> ?d = 0) \<or> (?c > 0 \<and> ?d = 0)" by auto
```
```  2162   moreover
```
```  2163   {assume c: "?c=0" and d: "?d=0"
```
```  2164     hence ?thesis  using nc nd by (simp add: polyneg_norm lt r[of 0] msubstlt_def Let_def evaldjf_ex)}
```
```  2165   moreover
```
```  2166   {assume dc: "?c*?d > 0"
```
```  2167     from mult_pos_pos[OF one_plus_one_pos dc] have dc': "(1 + 1)*?c *?d > 0" by simp
```
```  2168     hence c:"?c \<noteq> 0" and d: "?d\<noteq> 0" by auto
```
```  2169     from dc' have dc'': "\<not> (1 + 1)*?c *?d < 0" by simp
```
```  2170     from add_frac_eq[OF c d, of "- ?t" "- ?s"]
```
```  2171     have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)"
```
```  2172       by (simp add: ring_simps)
```
```  2173     have "?rhs \<longleftrightarrow> Ifm vs (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d) # bs) (Lt (CNP 0 a r))" by (simp only: th)
```
```  2174     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r < 0"
```
```  2175       by (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"])
```
```  2176     also have "\<dots> \<longleftrightarrow> ((1 + 1) * ?c * ?d) * (?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r) < 0"
```
```  2177
```
```  2178       using dc' dc'' mult_less_cancel_left_disj[of "(1 + 1) * ?c * ?d" "?a * (- (?d * ?t + ?c* ?s)/ ((1 + 1)*?c*?d)) + ?r" 0] by simp
```
```  2179     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )) + (1 + 1)*?c*?d*?r < 0"
```
```  2180       using nonzero_mult_divide_cancel_left[of "(1 + 1)*?c*?d"] c d
```
```  2181       by (simp add: ring_simps diff_divide_distrib del: left_distrib)
```
```  2182     finally  have ?thesis using dc c d  nc nd dc'
```
```  2183       apply (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"] msubstlt_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
```
```  2184     apply (simp only: one_add_one_is_two[symmetric] of_int_add)
```
```  2185     by (simp add: ring_simps order_less_not_sym[OF dc])}
```
```  2186   moreover
```
```  2187   {assume dc: "?c*?d < 0"
```
```  2188
```
```  2189     from dc one_plus_one_pos[where ?'a='a] have dc': "(1 + 1)*?c *?d < 0"
```
```  2190       by (simp add: mult_less_0_iff field_simps)
```
```  2191     hence c:"?c \<noteq> 0" and d: "?d\<noteq> 0" by auto
```
```  2192     from add_frac_eq[OF c d, of "- ?t" "- ?s"]
```
```  2193     have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)"
```
```  2194       by (simp add: ring_simps)
```
```  2195     have "?rhs \<longleftrightarrow> Ifm vs (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d) # bs) (Lt (CNP 0 a r))" by (simp only: th)
```
```  2196     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r < 0"
```
```  2197       by (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"])
```
```  2198
```
```  2199     also have "\<dots> \<longleftrightarrow> ((1 + 1) * ?c * ?d) * (?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r) > 0"
```
```  2200
```
```  2201       using dc' order_less_not_sym[OF dc'] mult_less_cancel_left_disj[of "(1 + 1) * ?c * ?d" 0 "?a * (- (?d * ?t + ?c* ?s)/ ((1 + 1)*?c*?d)) + ?r"] by simp
```
```  2202     also have "\<dots> \<longleftrightarrow> ?a * ((?d * ?t + ?c* ?s )) - (1 + 1)*?c*?d*?r < 0"
```
```  2203       using nonzero_mult_divide_cancel_left[of "(1 + 1)*?c*?d"] c d
```
```  2204       by (simp add: ring_simps diff_divide_distrib del: left_distrib)
```
```  2205     finally  have ?thesis using dc c d  nc nd
```
```  2206       apply (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"] msubstlt_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
```
```  2207       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
```
```  2208       by (simp add: ring_simps order_less_not_sym[OF dc]) }
```
```  2209   moreover
```
```  2210   {assume c: "?c > 0" and d: "?d=0"
```
```  2211     from c have c'': "(1 + 1)*?c > 0" by (simp add: zero_less_mult_iff)
```
```  2212     from c have c': "(1 + 1)*?c \<noteq> 0" by simp
```
```  2213     from d have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?t / ((1 + 1)*?c)"  by (simp add: ring_simps)
```
```  2214     have "?rhs \<longleftrightarrow> Ifm vs (- ?t / ((1 + 1)*?c) # bs) (Lt (CNP 0 a r))" by (simp only: th)
```
```  2215     also have "\<dots> \<longleftrightarrow> ?a* (- ?t / ((1 + 1)*?c))+ ?r < 0" by (simp add: r[of "- (?t / ((1 + 1)*?c))"])
```
```  2216     also have "\<dots> \<longleftrightarrow> (1 + 1)*?c * (?a* (- ?t / ((1 + 1)*?c))+ ?r) < 0"
```
```  2217       using c mult_less_cancel_left_disj[of "(1 + 1) * ?c" "?a* (- ?t / ((1 + 1)*?c))+ ?r" 0] c' c'' order_less_not_sym[OF c''] by simp
```
```  2218     also have "\<dots> \<longleftrightarrow> - ?a*?t+  (1 + 1)*?c *?r < 0"
```
```  2219       using nonzero_mult_divide_cancel_left[OF c'] c
```
```  2220       by (simp add: ring_simps diff_divide_distrib less_le del: left_distrib)
```
```  2221     finally have ?thesis using c d nc nd
```
```  2222       apply(simp add: r[of "- (?t / ((1 + 1)*?c))"] msubstlt_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
```
```  2223       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
```
```  2224       using c order_less_not_sym[OF c] less_imp_neq[OF c]
```
```  2225       by (simp add: ring_simps )  }
```
```  2226   moreover
```
```  2227   {assume c: "?c < 0" and d: "?d=0"  hence c': "(1 + 1)*?c \<noteq> 0" by simp
```
```  2228     from c have c'': "(1 + 1)*?c < 0" by (simp add: mult_less_0_iff)
```
```  2229     from d have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?t / ((1 + 1)*?c)"  by (simp add: ring_simps)
```
```  2230     have "?rhs \<longleftrightarrow> Ifm vs (- ?t / ((1 + 1)*?c) # bs) (Lt (CNP 0 a r))" by (simp only: th)
```
```  2231     also have "\<dots> \<longleftrightarrow> ?a* (- ?t / ((1 + 1)*?c))+ ?r < 0" by (simp add: r[of "- (?t / ((1 + 1)*?c))"])
```
```  2232     also have "\<dots> \<longleftrightarrow> (1 + 1)*?c * (?a* (- ?t / ((1 + 1)*?c))+ ?r) > 0"
```
```  2233       using c order_less_not_sym[OF c''] less_imp_neq[OF c''] c'' mult_less_cancel_left_disj[of "(1 + 1) * ?c" 0 "?a* (- ?t / ((1 + 1)*?c))+ ?r"] by simp
```
```  2234     also have "\<dots> \<longleftrightarrow> ?a*?t -  (1 + 1)*?c *?r < 0"
```
```  2235       using nonzero_mult_divide_cancel_left[OF c'] c order_less_not_sym[OF c''] less_imp_neq[OF c''] c''
```
```  2236         by (simp add: ring_simps diff_divide_distrib del:  left_distrib)
```
```  2237     finally have ?thesis using c d nc nd
```
```  2238       apply(simp add: r[of "- (?t / ((1 + 1)*?c))"] msubstlt_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
```
```  2239       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
```
```  2240       using c order_less_not_sym[OF c] less_imp_neq[OF c]
```
```  2241       by (simp add: ring_simps )    }
```
```  2242   moreover
```
```  2243   moreover
```
```  2244   {assume c: "?c = 0" and d: "?d>0"
```
```  2245     from d have d'': "(1 + 1)*?d > 0" by (simp add: zero_less_mult_iff)
```
```  2246     from d have d': "(1 + 1)*?d \<noteq> 0" by simp
```
```  2247     from c have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?s / ((1 + 1)*?d)"  by (simp add: ring_simps)
```
```  2248     have "?rhs \<longleftrightarrow> Ifm vs (- ?s / ((1 + 1)*?d) # bs) (Lt (CNP 0 a r))" by (simp only: th)
```
```  2249     also have "\<dots> \<longleftrightarrow> ?a* (- ?s / ((1 + 1)*?d))+ ?r < 0" by (simp add: r[of "- (?s / ((1 + 1)*?d))"])
```
```  2250     also have "\<dots> \<longleftrightarrow> (1 + 1)*?d * (?a* (- ?s / ((1 + 1)*?d))+ ?r) < 0"
```
```  2251       using d mult_less_cancel_left_disj[of "(1 + 1) * ?d" "?a* (- ?s / ((1 + 1)*?d))+ ?r" 0] d' d'' order_less_not_sym[OF d''] by simp
```
```  2252     also have "\<dots> \<longleftrightarrow> - ?a*?s+  (1 + 1)*?d *?r < 0"
```
```  2253       using nonzero_mult_divide_cancel_left[OF d'] d
```
```  2254       by (simp add: ring_simps diff_divide_distrib less_le del: left_distrib)
```
```  2255     finally have ?thesis using c d nc nd
```
```  2256       apply(simp add: r[of "- (?s / ((1 + 1)*?d))"] msubstlt_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
```
```  2257       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
```
```  2258       using d order_less_not_sym[OF d] less_imp_neq[OF d]
```
```  2259       by (simp add: ring_simps )  }
```
```  2260   moreover
```
```  2261   {assume c: "?c = 0" and d: "?d<0"  hence d': "(1 + 1)*?d \<noteq> 0" by simp
```
```  2262     from d have d'': "(1 + 1)*?d < 0" by (simp add: mult_less_0_iff)
```
```  2263     from c have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?s / ((1 + 1)*?d)"  by (simp add: ring_simps)
```
```  2264     have "?rhs \<longleftrightarrow> Ifm vs (- ?s / ((1 + 1)*?d) # bs) (Lt (CNP 0 a r))" by (simp only: th)
```
```  2265     also have "\<dots> \<longleftrightarrow> ?a* (- ?s / ((1 + 1)*?d))+ ?r < 0" by (simp add: r[of "- (?s / ((1 + 1)*?d))"])
```
```  2266     also have "\<dots> \<longleftrightarrow> (1 + 1)*?d * (?a* (- ?s / ((1 + 1)*?d))+ ?r) > 0"
```
```  2267       using d order_less_not_sym[OF d''] less_imp_neq[OF d''] d'' mult_less_cancel_left_disj[of "(1 + 1) * ?d" 0 "?a* (- ?s / ((1 + 1)*?d))+ ?r"] by simp
```
```  2268     also have "\<dots> \<longleftrightarrow> ?a*?s -  (1 + 1)*?d *?r < 0"
```
```  2269       using nonzero_mult_divide_cancel_left[OF d'] d order_less_not_sym[OF d''] less_imp_neq[OF d''] d''
```
```  2270         by (simp add: ring_simps diff_divide_distrib del:  left_distrib)
```
```  2271     finally have ?thesis using c d nc nd
```
```  2272       apply(simp add: r[of "- (?s / ((1 + 1)*?d))"] msubstlt_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
```
```  2273       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
```
```  2274       using d order_less_not_sym[OF d] less_imp_neq[OF d]
```
```  2275       by (simp add: ring_simps )    }
```
```  2276 ultimately show ?thesis by blast
```
```  2277 qed
```
```  2278
```
```  2279 definition "msubstle c t d s a r =
```
```  2280   evaldjf (split conj)
```
```  2281   [(let cd = c *\<^sub>p d in (lt (CP (~\<^sub>p cd)), Le (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
```
```  2282   (let cd = c *\<^sub>p d in (lt (CP cd), Le (Sub (Mul a (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
```
```  2283    (conj (lt (CP (~\<^sub>p c))) (Eq (CP d)) , Le (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
```
```  2284    (conj (lt (CP c)) (Eq (CP d)) , Le (Sub (Mul a t) (Mul (2\<^sub>p *\<^sub>p c) r))),
```
```  2285    (conj (lt (CP (~\<^sub>p d))) (Eq (CP c)) , Le (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
```
```  2286    (conj (lt (CP d)) (Eq (CP c)) , Le (Sub (Mul a s) (Mul (2\<^sub>p *\<^sub>p d) r))),
```
```  2287    (conj (Eq (CP c)) (Eq (CP d)) , Le r)]"
```
```  2288
```
```  2289 lemma msubstle_nb: assumes lp: "islin (Le (CNP 0 a r))" and t: "tmbound0 t" and s: "tmbound0 s"
```
```  2290   shows "bound0 (msubstle c t d s a r)"
```
```  2291 proof-
```
```  2292   have th: "\<forall>x\<in> set [(let cd = c *\<^sub>p d in (lt (CP (~\<^sub>p cd)), Le (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
```
```  2293   (let cd = c *\<^sub>p d in (lt (CP cd), Le (Sub (Mul a (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
```
```  2294    (conj (lt (CP (~\<^sub>p c))) (Eq (CP d)) , Le (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
```
```  2295    (conj (lt (CP c)) (Eq (CP d)) , Le (Sub (Mul a t) (Mul (2\<^sub>p *\<^sub>p c) r))),
```
```  2296    (conj (lt (CP (~\<^sub>p d))) (Eq (CP c)) , Le (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
```
```  2297    (conj (lt (CP d)) (Eq (CP c)) , Le (Sub (Mul a s) (Mul (2\<^sub>p *\<^sub>p d) r))),
```
```  2298    (conj (Eq (CP c)) (Eq (CP d)) , Le r)]. bound0 (split conj x)"
```
```  2299     using lp by (simp add: Let_def t s lt_nb )
```
```  2300   from evaldjf_bound0[OF th] show ?thesis by (simp add: msubstle_def)
```
```  2301 qed
```
```  2302
```
```  2303 lemma msubstle: assumes nc: "isnpoly c" and nd: "isnpoly d" and lp: "islin (Le (CNP 0 a r))"
```
```  2304   shows "Ifm vs (x#bs) (msubstle c t d s a r) \<longleftrightarrow>
```
```  2305   Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs c + - Itm vs (x#bs) s / Ipoly vs d) /(1 + 1))#bs) (Le (CNP 0 a r))" (is "?lhs = ?rhs")
```
```  2306 proof-
```
```  2307   let ?Nt = "\<lambda>x t. Itm vs (x#bs) t"
```
```  2308   let ?N = "\<lambda>p. Ipoly vs p"
```
```  2309   let ?c = "?N c"
```
```  2310   let ?d = "?N d"
```
```  2311   let ?t = "?Nt x t"
```
```  2312   let ?s = "?Nt x s"
```
```  2313   let ?a = "?N a"
```
```  2314   let ?r = "?Nt x r"
```
```  2315   from lp have lin:"isnpoly a" "a \<noteq> 0\<^sub>p" "tmbound0 r" "allpolys isnpoly r" by simp_all
```
```  2316   note r= tmbound0_I[OF lin(3), of vs _ bs x]
```
```  2317   have cd_cs: "?c * ?d < 0 \<or> ?c * ?d > 0 \<or> (?c = 0 \<and> ?d = 0) \<or> (?c = 0 \<and> ?d < 0) \<or> (?c = 0 \<and> ?d > 0) \<or> (?c < 0 \<and> ?d = 0) \<or> (?c > 0 \<and> ?d = 0)" by auto
```
```  2318   moreover
```
```  2319   {assume c: "?c=0" and d: "?d=0"
```
```  2320     hence ?thesis  using nc nd by (simp add: polyneg_norm polymul_norm lt r[of 0] msubstle_def Let_def evaldjf_ex)}
```
```  2321   moreover
```
```  2322   {assume dc: "?c*?d > 0"
```
```  2323     from mult_pos_pos[OF one_plus_one_pos dc] have dc': "(1 + 1)*?c *?d > 0" by simp
```
```  2324     hence c:"?c \<noteq> 0" and d: "?d\<noteq> 0" by auto
```
```  2325     from dc' have dc'': "\<not> (1 + 1)*?c *?d < 0" by simp
```
```  2326     from add_frac_eq[OF c d, of "- ?t" "- ?s"]
```
```  2327     have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)"
```
```  2328       by (simp add: ring_simps)
```
```  2329     have "?rhs \<longleftrightarrow> Ifm vs (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d) # bs) (Le (CNP 0 a r))" by (simp only: th)
```
```  2330     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r <= 0"
```
```  2331       by (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"])
```
```  2332     also have "\<dots> \<longleftrightarrow> ((1 + 1) * ?c * ?d) * (?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r) <= 0"
```
```  2333
```
```  2334       using dc' dc'' mult_le_cancel_left[of "(1 + 1) * ?c * ?d" "?a * (- (?d * ?t + ?c* ?s)/ ((1 + 1)*?c*?d)) + ?r" 0] by simp
```
```  2335     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )) + (1 + 1)*?c*?d*?r <= 0"
```
```  2336       using nonzero_mult_divide_cancel_left[of "(1 + 1)*?c*?d"] c d
```
```  2337       by (simp add: ring_simps diff_divide_distrib del: left_distrib)
```
```  2338     finally  have ?thesis using dc c d  nc nd dc'
```
```  2339       apply (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"] msubstle_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
```
```  2340     apply (simp only: one_add_one_is_two[symmetric] of_int_add)
```
```  2341     by (simp add: ring_simps order_less_not_sym[OF dc])}
```
```  2342   moreover
```
```  2343   {assume dc: "?c*?d < 0"
```
```  2344
```
```  2345     from dc one_plus_one_pos[where ?'a='a] have dc': "(1 + 1)*?c *?d < 0"
```
```  2346       by (simp add: mult_less_0_iff field_simps add_neg_neg add_pos_pos)
```
```  2347     hence c:"?c \<noteq> 0" and d: "?d\<noteq> 0" by auto
```
```  2348     from add_frac_eq[OF c d, of "- ?t" "- ?s"]
```
```  2349     have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)"
```
```  2350       by (simp add: ring_simps)
```
```  2351     have "?rhs \<longleftrightarrow> Ifm vs (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d) # bs) (Le (CNP 0 a r))" by (simp only: th)
```
```  2352     also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r <= 0"
```
```  2353       by (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"])
```
```  2354
```
```  2355     also have "\<dots> \<longleftrightarrow> ((1 + 1) * ?c * ?d) * (?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r) >= 0"
```
```  2356
```
```  2357       using dc' order_less_not_sym[OF dc'] mult_le_cancel_left[of "(1 + 1) * ?c * ?d" 0 "?a * (- (?d * ?t + ?c* ?s)/ ((1 + 1)*?c*?d)) + ?r"] by simp
```
```  2358     also have "\<dots> \<longleftrightarrow> ?a * ((?d * ?t + ?c* ?s )) - (1 + 1)*?c*?d*?r <= 0"
```
```  2359       using nonzero_mult_divide_cancel_left[of "(1 + 1)*?c*?d"] c d
```
```  2360       by (simp add: ring_simps diff_divide_distrib del: left_distrib)
```
```  2361     finally  have ?thesis using dc c d  nc nd
```
```  2362       apply (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"] msubstle_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
```
```  2363       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
```
```  2364       by (simp add: ring_simps order_less_not_sym[OF dc]) }
```
```  2365   moreover
```
```  2366   {assume c: "?c > 0" and d: "?d=0"
```
```  2367     from c have c'': "(1 + 1)*?c > 0" by (simp add: zero_less_mult_iff)
```
```  2368     from c have c': "(1 + 1)*?c \<noteq> 0" by simp
```
```  2369     from d have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?t / ((1 + 1)*?c)"  by (simp add: ring_simps)
```
```  2370     have "?rhs \<longleftrightarrow> Ifm vs (- ?t / ((1 + 1)*?c) # bs) (Le (CNP 0 a r))" by (simp only: th)
```
```  2371     also have "\<dots> \<longleftrightarrow> ?a* (- ?t / ((1 + 1)*?c))+ ?r <= 0" by (simp add: r[of "- (?t / ((1 + 1)*?c))"])
```
```  2372     also have "\<dots> \<longleftrightarrow> (1 + 1)*?c * (?a* (- ?t / ((1 + 1)*?c))+ ?r) <= 0"
```
```  2373       using c mult_le_cancel_left[of "(1 + 1) * ?c" "?a* (- ?t / ((1 + 1)*?c))+ ?r" 0] c' c'' order_less_not_sym[OF c''] by simp
```
```  2374     also have "\<dots> \<longleftrightarrow> - ?a*?t+  (1 + 1)*?c *?r <= 0"
```
```  2375       using nonzero_mult_divide_cancel_left[OF c'] c
```
```  2376       by (simp add: ring_simps diff_divide_distrib less_le del: left_distrib)
```
```  2377     finally have ?thesis using c d nc nd
```
```  2378       apply(simp add: r[of "- (?t / ((1 + 1)*?c))"] msubstle_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
```
```  2379       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
```
```  2380       using c order_less_not_sym[OF c] less_imp_neq[OF c]
```
```  2381       by (simp add: ring_simps )  }
```
```  2382   moreover
```
```  2383   {assume c: "?c < 0" and d: "?d=0"  hence c': "(1 + 1)*?c \<noteq> 0" by simp
```
```  2384     from c have c'': "(1 + 1)*?c < 0" by (simp add: mult_less_0_iff)
```
```  2385     from d have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?t / ((1 + 1)*?c)"  by (simp add: ring_simps)
```
```  2386     have "?rhs \<longleftrightarrow> Ifm vs (- ?t / ((1 + 1)*?c) # bs) (Le (CNP 0 a r))" by (simp only: th)
```
```  2387     also have "\<dots> \<longleftrightarrow> ?a* (- ?t / ((1 + 1)*?c))+ ?r <= 0" by (simp add: r[of "- (?t / ((1 + 1)*?c))"])
```
```  2388     also have "\<dots> \<longleftrightarrow> (1 + 1)*?c * (?a* (- ?t / ((1 + 1)*?c))+ ?r) >= 0"
```
```  2389       using c order_less_not_sym[OF c''] less_imp_neq[OF c''] c'' mult_le_cancel_left[of "(1 + 1) * ?c" 0 "?a* (- ?t / ((1 + 1)*?c))+ ?r"] by simp
```
```  2390     also have "\<dots> \<longleftrightarrow> ?a*?t -  (1 + 1)*?c *?r <= 0"
```
```  2391       using nonzero_mult_divide_cancel_left[OF c'] c order_less_not_sym[OF c''] less_imp_neq[OF c''] c''
```
```  2392         by (simp add: ring_simps diff_divide_distrib del:  left_distrib)
```
```  2393     finally have ?thesis using c d nc nd
```
```  2394       apply(simp add: r[of "- (?t / ((1 + 1)*?c))"] msubstle_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
```
```  2395       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
```
```  2396       using c order_less_not_sym[OF c] less_imp_neq[OF c]
```
```  2397       by (simp add: ring_simps )    }
```
```  2398   moreover
```
```  2399   moreover
```
```  2400   {assume c: "?c = 0" and d: "?d>0"
```
```  2401     from d have d'': "(1 + 1)*?d > 0" by (simp add: zero_less_mult_iff)
```
```  2402     from d have d': "(1 + 1)*?d \<noteq> 0" by simp
```
```  2403     from c have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?s / ((1 + 1)*?d)"  by (simp add: ring_simps)
```
```  2404     have "?rhs \<longleftrightarrow> Ifm vs (- ?s / ((1 + 1)*?d) # bs) (Le (CNP 0 a r))" by (simp only: th)
```
```  2405     also have "\<dots> \<longleftrightarrow> ?a* (- ?s / ((1 + 1)*?d))+ ?r <= 0" by (simp add: r[of "- (?s / ((1 + 1)*?d))"])
```
```  2406     also have "\<dots> \<longleftrightarrow> (1 + 1)*?d * (?a* (- ?s / ((1 + 1)*?d))+ ?r) <= 0"
```
```  2407       using d mult_le_cancel_left[of "(1 + 1) * ?d" "?a* (- ?s / ((1 + 1)*?d))+ ?r" 0] d' d'' order_less_not_sym[OF d''] by simp
```
```  2408     also have "\<dots> \<longleftrightarrow> - ?a*?s+  (1 + 1)*?d *?r <= 0"
```
```  2409       using nonzero_mult_divide_cancel_left[OF d'] d
```
```  2410       by (simp add: ring_simps diff_divide_distrib less_le del: left_distrib)
```
```  2411     finally have ?thesis using c d nc nd
```
```  2412       apply(simp add: r[of "- (?s / ((1 + 1)*?d))"] msubstle_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
```
```  2413       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
```
```  2414       using d order_less_not_sym[OF d] less_imp_neq[OF d]
```
```  2415       by (simp add: ring_simps )  }
```
```  2416   moreover
```
```  2417   {assume c: "?c = 0" and d: "?d<0"  hence d': "(1 + 1)*?d \<noteq> 0" by simp
```
```  2418     from d have d'': "(1 + 1)*?d < 0" by (simp add: mult_less_0_iff)
```
```  2419     from c have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?s / ((1 + 1)*?d)"  by (simp add: ring_simps)
```
```  2420     have "?rhs \<longleftrightarrow> Ifm vs (- ?s / ((1 + 1)*?d) # bs) (Le (CNP 0 a r))" by (simp only: th)
```
```  2421     also have "\<dots> \<longleftrightarrow> ?a* (- ?s / ((1 + 1)*?d))+ ?r <= 0" by (simp add: r[of "- (?s / ((1 + 1)*?d))"])
```
```  2422     also have "\<dots> \<longleftrightarrow> (1 + 1)*?d * (?a* (- ?s / ((1 + 1)*?d))+ ?r) >= 0"
```
```  2423       using d order_less_not_sym[OF d''] less_imp_neq[OF d''] d'' mult_le_cancel_left[of "(1 + 1) * ?d" 0 "?a* (- ?s / ((1 + 1)*?d))+ ?r"] by simp
```
```  2424     also have "\<dots> \<longleftrightarrow> ?a*?s -  (1 + 1)*?d *?r <= 0"
```
```  2425       using nonzero_mult_divide_cancel_left[OF d'] d order_less_not_sym[OF d''] less_imp_neq[OF d''] d''
```
```  2426         by (simp add: ring_simps diff_divide_distrib del:  left_distrib)
```
```  2427     finally have ?thesis using c d nc nd
```
```  2428       apply(simp add: r[of "- (?s / ((1 + 1)*?d))"] msubstle_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
```
```  2429       apply (simp only: one_add_one_is_two[symmetric] of_int_add)
```
```  2430       using d order_less_not_sym[OF d] less_imp_neq[OF d]
```
```  2431       by (simp add: ring_simps )    }
```
```  2432 ultimately show ?thesis by blast
```
```  2433 qed
```
```  2434
```
```  2435
```
```  2436 fun msubst :: "fm \<Rightarrow> (poly \<times> tm) \<times> (poly \<times> tm) \<Rightarrow> fm" where
```
```  2437   "msubst (And p q) ((c,t), (d,s)) = conj (msubst p ((c,t),(d,s))) (msubst q ((c,t),(d,s)))"
```
```  2438 | "msubst (Or p q) ((c,t), (d,s)) = disj (msubst p ((c,t),(d,s))) (msubst q ((c,t), (d,s)))"
```
```  2439 | "msubst (Eq (CNP 0 a r)) ((c,t),(d,s)) = msubsteq c t d s a r"
```
```  2440 | "msubst (NEq (CNP 0 a r)) ((c,t),(d,s)) = msubstneq c t d s a r"
```
```  2441 | "msubst (Lt (CNP 0 a r)) ((c,t),(d,s)) = msubstlt c t d s a r"
```
```  2442 | "msubst (Le (CNP 0 a r)) ((c,t),(d,s)) = msubstle c t d s a r"
```
```  2443 | "msubst p ((c,t),(d,s)) = p"
```
```  2444
```
```  2445 lemma msubst_I: assumes lp: "islin p" and nc: "isnpoly c" and nd: "isnpoly d"
```
```  2446   shows "Ifm vs (x#bs) (msubst p ((c,t),(d,s))) = Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs c + - Itm vs (x#bs) s / Ipoly vs d) /(1 + 1))#bs) p"
```
```  2447   using lp
```
```  2448 by (induct p rule: islin.induct, auto simp add: tmbound0_I[where b="(- (Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>) + - (Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>)) /(1 + 1)" and b'=x and bs = bs and vs=vs] bound0_I[where b="(- (Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>) + - (Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>)) /(1 + 1)" and b'=x and bs = bs and vs=vs] msubsteq msubstneq msubstlt[OF nc nd] msubstle[OF nc nd])
```
```  2449
```
```  2450 lemma msubst_nb: assumes lp: "islin p" and t: "tmbound0 t" and s: "tmbound0 s"
```
```  2451   shows "bound0 (msubst p ((c,t),(d,s)))"
```
```  2452   using lp t s
```
```  2453   by (induct p rule: islin.induct, auto simp add: msubsteq_nb msubstneq_nb msubstlt_nb msubstle_nb)
```
```  2454
```
```  2455 lemma fr_eq_msubst:
```
```  2456   assumes lp: "islin p"
```
```  2457   shows "(\<exists> x. Ifm vs (x#bs) p) = ((Ifm vs (x#bs) (minusinf p)) \<or> (Ifm vs (x#bs) (plusinf p)) \<or> (\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). Ifm vs (x#bs) (msubst p ((c,t),(d,s)))))"
```
```  2458   (is "(\<exists> x. ?I x p) = (?M \<or> ?P \<or> ?F)" is "?E = ?D")
```
```  2459 proof-
```
```  2460 from uset_l[OF lp] have th: "\<forall>(c, s)\<in>set (uset p). isnpoly c \<and> tmbound0 s" by blast
```
```  2461 {fix c t d s assume ctU: "(c,t) \<in>set (uset p)" and dsU: "(d,s) \<in>set (uset p)"
```
```  2462   and pts: "Ifm vs ((- Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / (1+1) # bs) p"
```
```  2463   from th[rule_format, OF ctU] th[rule_format, OF dsU] have norm:"isnpoly c" "isnpoly d" by simp_all
```
```  2464   from msubst_I[OF lp norm, of vs x bs t s] pts
```
```  2465   have "Ifm vs (x # bs) (msubst p ((c, t), d, s))" ..}
```
```  2466 moreover
```
```  2467 {fix c t d s assume ctU: "(c,t) \<in>set (uset p)" and dsU: "(d,s) \<in>set (uset p)"
```
```  2468   and pts: "Ifm vs (x # bs) (msubst p ((c, t), d, s))"
```
```  2469   from th[rule_format, OF ctU] th[rule_format, OF dsU] have norm:"isnpoly c" "isnpoly d" by simp_all
```
```  2470   from msubst_I[OF lp norm, of vs x bs t s] pts
```
```  2471   have "Ifm vs ((- Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / (1+1) # bs) p" ..}
```
```  2472 ultimately have th': "(\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). Ifm vs ((- Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / (1+1) # bs) p) \<longleftrightarrow> ?F" by blast
```
```  2473 from fr_eq[OF lp, of vs bs x, simplified th'] show ?thesis .
```
```  2474 qed
```
```  2475
```
```  2476 text {* Rest of the implementation *}
```
```  2477
```
```  2478 consts alluopairs:: "'a list \<Rightarrow> ('a \<times> 'a) list"
```
```  2479 primrec
```
```  2480   "alluopairs [] = []"
```
```  2481   "alluopairs (x#xs) = (map (Pair x) (x#xs))@(alluopairs xs)"
```
```  2482
```
```  2483 lemma alluopairs_set1: "set (alluopairs xs) \<le> {(x,y). x\<in> set xs \<and> y\<in> set xs}"
```
```  2484 by (induct xs, auto)
```
```  2485
```
```  2486 lemma alluopairs_set:
```
```  2487   "\<lbrakk>x\<in> set xs ; y \<in> set xs\<rbrakk> \<Longrightarrow> (x,y) \<in> set (alluopairs xs) \<or> (y,x) \<in> set (alluopairs xs) "
```
```  2488 by (induct xs, auto)
```
```  2489
```
```  2490 lemma alluopairs_ex:
```
```  2491   assumes Pc: "\<forall> x \<in> set xs. \<forall>y\<in> set xs. P x y = P y x"
```
```  2492   shows "(\<exists> x \<in> set xs. \<exists> y \<in> set xs. P x y) = (\<exists> (x,y) \<in> set (alluopairs xs). P x y)"
```
```  2493 proof
```
```  2494   assume "\<exists>x\<in>set xs. \<exists>y\<in>set xs. P x y"
```
```  2495   then obtain x y where x: "x \<in> set xs" and y:"y \<in> set xs" and P: "P x y"  by blast
```
```  2496   from alluopairs_set[OF x y] P Pc x y show"\<exists>(x, y)\<in>set (alluopairs xs). P x y"
```
```  2497     by auto
```
```  2498 next
```
```  2499   assume "\<exists>(x, y)\<in>set (alluopairs xs). P x y"
```
```  2500   then obtain "x" and "y"  where xy:"(x,y) \<in> set (alluopairs xs)" and P: "P x y" by blast+
```
```  2501   from xy have "x \<in> set xs \<and> y\<in> set xs" using alluopairs_set1 by blast
```
```  2502   with P show "\<exists>x\<in>set xs. \<exists>y\<in>set xs. P x y" by blast
```
```  2503 qed
```
```  2504
```
```  2505 lemma nth_pos2: "0 < n \<Longrightarrow> (x#xs) ! n = xs ! (n - 1)"
```
```  2506 using Nat.gr0_conv_Suc
```
```  2507 by clarsimp
```
```  2508
```
```  2509 lemma filter_length: "length (List.filter P xs) < Suc (length xs)"
```
```  2510   apply (induct xs, auto) done
```
```  2511
```
```  2512 consts remdps:: "'a list \<Rightarrow> 'a list"
```
```  2513
```
```  2514 recdef remdps "measure size"
```
```  2515   "remdps [] = []"
```
```  2516   "remdps (x#xs) = (x#(remdps (List.filter (\<lambda> y. y \<noteq> x) xs)))"
```
```  2517 (hints simp add: filter_length[rule_format])
```
```  2518
```
```  2519 lemma remdps_set[simp]: "set (remdps xs) = set xs"
```
```  2520   by (induct xs rule: remdps.induct, auto)
```
```  2521
```
```  2522 lemma simpfm_lin:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
```
```  2523   shows "qfree p \<Longrightarrow> islin (simpfm p)"
```
```  2524   by (induct p rule: simpfm.induct, auto simp add: conj_lin disj_lin)
```
```  2525
```
```  2526 definition
```
```  2527   "ferrack p \<equiv> let q = simpfm p ; mp = minusinf q ; pp = plusinf q
```
```  2528   in if (mp = T \<or> pp = T) then T
```
```  2529      else (let U = alluopairs (remdps (uset  q))
```
```  2530            in decr0 (disj mp (disj pp (evaldjf (simpfm o (msubst q)) U ))))"
```
```  2531
```
```  2532 lemma ferrack:
```
```  2533   assumes qf: "qfree p"
```
```  2534   shows "qfree (ferrack p) \<and> ((Ifm vs bs (ferrack p)) = (Ifm vs bs (E p)))"
```
```  2535   (is "_ \<and> (?rhs = ?lhs)")
```
```  2536 proof-
```
```  2537   let ?I = "\<lambda> x p. Ifm vs (x#bs) p"
```
```  2538   let ?N = "\<lambda> t. Ipoly vs t"
```
```  2539   let ?Nt = "\<lambda>x t. Itm vs (x#bs) t"
```
```  2540   let ?q = "simpfm p"
```
```  2541   let ?U = "remdps(uset ?q)"
```
```  2542   let ?Up = "alluopairs ?U"
```
```  2543   let ?mp = "minusinf ?q"
```
```  2544   let ?pp = "plusinf ?q"
```
```  2545   let ?I = "\<lambda>p. Ifm vs (x#bs) p"
```
```  2546   from simpfm_lin[OF qf] simpfm_qf[OF qf] have lq: "islin ?q" and q_qf: "qfree ?q" .
```
```  2547   from minusinf_nb[OF lq] plusinf_nb[OF lq] have mp_nb: "bound0 ?mp" and pp_nb: "bound0 ?pp" .
```
```  2548   from bound0_qf[OF mp_nb] bound0_qf[OF pp_nb] have mp_qf: "qfree ?mp" and pp_qf: "qfree ?pp" .
```
```  2549   from uset_l[OF lq] have U_l: "\<forall>(c, s)\<in>set ?U. isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s"
```
```  2550     by simp
```
```  2551   {fix c t d s assume ctU: "(c,t) \<in> set ?U" and dsU: "(d,s) \<in> set ?U"
```
```  2552     from U_l ctU dsU have norm: "isnpoly c" "isnpoly d" by auto
```
```  2553     from msubst_I[OF lq norm, of vs x bs t s] msubst_I[OF lq norm(2,1), of vs x bs s t]
```
```  2554     have "?I (msubst ?q ((c,t),(d,s))) = ?I (msubst ?q ((d,s),(c,t)))" by (simp add: ring_simps)}
```
```  2555   hence th0: "\<forall>x \<in> set ?U. \<forall>y \<in> set ?U. ?I (msubst ?q (x, y)) \<longleftrightarrow> ?I (msubst ?q (y, x))" by clarsimp
```
```  2556   {fix x assume xUp: "x \<in> set ?Up"
```
```  2557     then  obtain c t d s where ctU: "(c,t) \<in> set ?U" and dsU: "(d,s) \<in> set ?U"
```
```  2558       and x: "x = ((c,t),(d,s))" using alluopairs_set1[of ?U] by auto
```
```  2559     from U_l[rule_format, OF ctU] U_l[rule_format, OF dsU]
```
```  2560     have nbs: "tmbound0 t" "tmbound0 s" by simp_all
```
```  2561     from simpfm_bound0[OF msubst_nb[OF lq nbs, of c d]]
```
```  2562     have "bound0 ((simpfm o (msubst (simpfm p))) x)" using x by simp}
```
```  2563   with evaldjf_bound0[of ?Up "(simpfm o (msubst (simpfm p)))"]
```
```  2564   have "bound0 (evaldjf (simpfm o (msubst (simpfm p))) ?Up)" by blast
```
```  2565   with mp_nb pp_nb
```
```  2566   have th1: "bound0 (disj ?mp (disj ?pp (evaldjf (simpfm o (msubst ?q)) ?Up )))" by (simp add: disj_nb)
```
```  2567   from decr0_qf[OF th1] have thqf: "qfree (ferrack p)" by (simp add: ferrack_def Let_def)
```
```  2568   have "?lhs \<longleftrightarrow> (\<exists>x. Ifm vs (x#bs) ?q)" by simp
```
```  2569   also have "\<dots> \<longleftrightarrow> ?I ?mp \<or> ?I ?pp \<or> (\<exists>(c, t)\<in>set ?U. \<exists>(d, s)\<in>set ?U. ?I (msubst (simpfm p) ((c, t), d, s)))" using fr_eq_msubst[OF lq, of vs bs x] by simp
```
```  2570   also have "\<dots> \<longleftrightarrow> ?I ?mp \<or> ?I ?pp \<or> (\<exists> (x,y) \<in> set ?Up. ?I ((simpfm o (msubst ?q)) (x,y)))" using alluopairs_ex[OF th0] by simp
```
```  2571   also have "\<dots> \<longleftrightarrow> ?I ?mp \<or> ?I ?pp \<or> ?I (evaldjf (simpfm o (msubst ?q)) ?Up)"
```
```  2572     by (simp add: evaldjf_ex)
```
```  2573   also have "\<dots> \<longleftrightarrow> ?I (disj ?mp (disj ?pp (evaldjf (simpfm o (msubst ?q)) ?Up)))" by simp
```
```  2574   also have "\<dots> \<longleftrightarrow> ?rhs" using decr0[OF th1, of vs x bs]
```
```  2575     apply (simp add: ferrack_def Let_def)
```
```  2576     by (cases "?mp = T \<or> ?pp = T", auto)
```
```  2577   finally show ?thesis using thqf by blast
```
```  2578 qed
```
```  2579
```
```  2580 definition "frpar p = simpfm (qelim p ferrack)"
```
```  2581 lemma frpar: "qfree (frpar p) \<and> (Ifm vs bs (frpar p) \<longleftrightarrow> Ifm vs bs p)"
```
```  2582 proof-
```
```  2583   from ferrack have th: "\<forall>bs p. qfree p \<longrightarrow> qfree (ferrack p) \<and> Ifm vs bs (ferrack p) = Ifm vs bs (E p)" by blast
```
```  2584   from qelim[OF th, of p bs] show ?thesis  unfolding frpar_def by auto
```
```  2585 qed
```
```  2586
```
```  2587 declare polyadd.simps[code]
```
```  2588 lemma [simp,code]: "polyadd (CN c n p, CN c' n' p') =
```
```  2589     (if n < n' then CN (polyadd(c,CN c' n' p')) n p
```
```  2590      else if n'<n then CN (polyadd(CN c n p, c')) n' p'
```
```  2591      else (let cc' = polyadd (c,c') ;
```
```  2592                pp' = polyadd (p,p')
```
```  2593            in (if pp' = 0\<^sub>p then cc' else CN cc' n pp')))"
```
```  2594   by (simp add: Let_def stupid)
```
```  2595
```
```  2596
```
```  2597 section{* Second implemenation: Case splits not local *}
```
```  2598
```
```  2599 lemma fr_eq2:  assumes lp: "islin p"
```
```  2600   shows "(\<exists> x. Ifm vs (x#bs) p) \<longleftrightarrow>
```
```  2601    ((Ifm vs (x#bs) (minusinf p)) \<or> (Ifm vs (x#bs) (plusinf p)) \<or>
```
```  2602     (Ifm vs (0#bs) p) \<or>
```
```  2603     (\<exists> (n,t) \<in> set (uset p). Ipoly vs n \<noteq> 0 \<and> Ifm vs ((- Itm vs (x#bs) t /  (Ipoly vs n * (1 + 1)))#bs) p) \<or>
```
```  2604     (\<exists> (n,t) \<in> set (uset p). \<exists> (m,s) \<in> set (uset p). Ipoly vs n \<noteq> 0 \<and> Ipoly vs m \<noteq> 0 \<and> Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs n + - Itm vs (x#bs) s / Ipoly vs m) /(1 + 1))#bs) p))"
```
```  2605   (is "(\<exists> x. ?I x p) = (?M \<or> ?P \<or> ?Z \<or> ?U \<or> ?F)" is "?E = ?D")
```
```  2606 proof
```
```  2607   assume px: "\<exists> x. ?I x p"
```
```  2608   have "?M \<or> ?P \<or> (\<not> ?M \<and> \<not> ?P)" by blast
```
```  2609   moreover {assume "?M \<or> ?P" hence "?D" by blast}
```
```  2610   moreover {assume nmi: "\<not> ?M" and npi: "\<not> ?P"
```
```  2611     from inf_uset[OF lp nmi npi, OF px]
```
```  2612     obtain c t d s where ct: "(c,t) \<in> set (uset p)" "(d,s) \<in> set (uset p)" "?I ((- Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / ((1\<Colon>'a) + (1\<Colon>'a))) p"
```
```  2613       by auto
```
```  2614     let ?c = "\<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>"
```
```  2615     let ?d = "\<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>"
```
```  2616     let ?s = "Itm vs (x # bs) s"
```
```  2617     let ?t = "Itm vs (x # bs) t"
```
```  2618     have eq2: "\<And>(x::'a). x + x = (1 + 1) * x"
```
```  2619       by  (simp add: ring_simps)
```
```  2620     {assume "?c = 0 \<and> ?d = 0"
```
```  2621       with ct have ?D by simp}
```
```  2622     moreover
```
```  2623     {assume z: "?c = 0" "?d \<noteq> 0"
```
```  2624       from z have ?D using ct by auto}
```
```  2625     moreover
```
```  2626     {assume z: "?c \<noteq> 0" "?d = 0"
```
```  2627       with ct have ?D by auto }
```
```  2628     moreover
```
```  2629     {assume z: "?c \<noteq> 0" "?d \<noteq> 0"
```
```  2630       from z have ?F using ct
```
```  2631         apply - apply (rule bexI[where x = "(c,t)"], simp_all)
```
```  2632         by (rule bexI[where x = "(d,s)"], simp_all)
```
```  2633       hence ?D by blast}
```
```  2634     ultimately have ?D by auto}
```
```  2635   ultimately show "?D" by blast
```
```  2636 next
```
```  2637   assume "?D"
```
```  2638   moreover {assume m:"?M" from minusinf_ex[OF lp m] have "?E" .}
```
```  2639   moreover {assume p: "?P" from plusinf_ex[OF lp p] have "?E" . }
```
```  2640   moreover {assume f:"?F" hence "?E" by blast}
```
```  2641   ultimately show "?E" by blast
```
```  2642 qed
```
```  2643
```
```  2644 definition "msubsteq2 c t a b = Eq (Add (Mul a t) (Mul c b))"
```
```  2645 definition "msubstltpos c t a b = Lt (Add (Mul a t) (Mul c b))"
```
```  2646 definition "msubstlepos c t a b = Le (Add (Mul a t) (Mul c b))"
```
```  2647 definition "msubstltneg c t a b = Lt (Neg (Add (Mul a t) (Mul c b)))"
```
```  2648 definition "msubstleneg c t a b = Le (Neg (Add (Mul a t) (Mul c b)))"
```
```  2649
```
```  2650 lemma msubsteq2:
```
```  2651   assumes nz: "Ipoly vs c \<noteq> 0" and l: "islin (Eq (CNP 0 a b))"
```
```  2652   shows "Ifm vs (x#bs) (msubsteq2 c t a b) = Ifm vs (((Itm vs (x#bs) t /  Ipoly vs c ))#bs) (Eq (CNP 0 a b))" (is "?lhs = ?rhs")
```
```  2653   using nz l tmbound0_I[of b vs x bs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" , symmetric]
```
```  2654   by (simp add: msubsteq2_def field_simps)
```
```  2655
```
```  2656 lemma msubstltpos:
```
```  2657   assumes nz: "Ipoly vs c > 0" and l: "islin (Lt (CNP 0 a b))"
```
```  2658   shows "Ifm vs (x#bs) (msubstltpos c t a b) = Ifm vs (((Itm vs (x#bs) t /  Ipoly vs c ))#bs) (Lt (CNP 0 a b))" (is "?lhs = ?rhs")
```
```  2659   using nz l tmbound0_I[of b vs x bs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" , symmetric]
```
```  2660   by (simp add: msubstltpos_def field_simps)
```
```  2661
```
```  2662 lemma msubstlepos:
```
```  2663   assumes nz: "Ipoly vs c > 0" and l: "islin (Le (CNP 0 a b))"
```
```  2664   shows "Ifm vs (x#bs) (msubstlepos c t a b) = Ifm vs (((Itm vs (x#bs) t /  Ipoly vs c ))#bs) (Le (CNP 0 a b))" (is "?lhs = ?rhs")
```
```  2665   using nz l tmbound0_I[of b vs x bs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" , symmetric]
```
```  2666   by (simp add: msubstlepos_def field_simps)
```
```  2667
```
```  2668 lemma msubstltneg:
```
```  2669   assumes nz: "Ipoly vs c < 0" and l: "islin (Lt (CNP 0 a b))"
```
```  2670   shows "Ifm vs (x#bs) (msubstltneg c t a b) = Ifm vs (((Itm vs (x#bs) t /  Ipoly vs c ))#bs) (Lt (CNP 0 a b))" (is "?lhs = ?rhs")
```
```  2671   using nz l tmbound0_I[of b vs x bs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" , symmetric]
```
```  2672   by (simp add: msubstltneg_def field_simps del: minus_add_distrib)
```
```  2673
```
```  2674 lemma msubstleneg:
```
```  2675   assumes nz: "Ipoly vs c < 0" and l: "islin (Le (CNP 0 a b))"
```
```  2676   shows "Ifm vs (x#bs) (msubstleneg c t a b) = Ifm vs (((Itm vs (x#bs) t /  Ipoly vs c ))#bs) (Le (CNP 0 a b))" (is "?lhs = ?rhs")
```
```  2677   using nz l tmbound0_I[of b vs x bs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" , symmetric]
```
```  2678   by (simp add: msubstleneg_def field_simps del: minus_add_distrib)
```
```  2679
```
```  2680 fun msubstpos :: "fm \<Rightarrow> poly \<Rightarrow> tm \<Rightarrow> fm" where
```
```  2681   "msubstpos (And p q) c t = And (msubstpos p c t) (msubstpos q c t)"
```
```  2682 | "msubstpos (Or p q) c t = Or (msubstpos p c t) (msubstpos q c t)"
```
```  2683 | "msubstpos (Eq (CNP 0 a r)) c t = msubsteq2 c t a r"
```
```  2684 | "msubstpos (NEq (CNP 0 a r)) c t = NOT (msubsteq2 c t a r)"
```
```  2685 | "msubstpos (Lt (CNP 0 a r)) c t = msubstltpos c t a r"
```
```  2686 | "msubstpos (Le (CNP 0 a r)) c t = msubstlepos c t a r"
```
```  2687 | "msubstpos p c t = p"
```
```  2688
```
```  2689 lemma msubstpos_I:
```
```  2690   assumes lp: "islin p" and pos: "Ipoly vs c > 0"
```
```  2691   shows "Ifm vs (x#bs) (msubstpos p c t) = Ifm vs (Itm vs (x#bs) t /  Ipoly vs c #bs) p"
```
```  2692   using lp pos
```
```  2693   by (induct p rule: islin.induct, auto simp add: msubsteq2 msubstltpos[OF pos] msubstlepos[OF pos] tmbound0_I[of _ vs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" bs x] bound0_I[of _ vs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" bs x] field_simps)
```
```  2694
```
```  2695 fun msubstneg :: "fm \<Rightarrow> poly \<Rightarrow> tm \<Rightarrow> fm" where
```
```  2696   "msubstneg (And p q) c t = And (msubstneg p c t) (msubstneg q c t)"
```
```  2697 | "msubstneg (Or p q) c t = Or (msubstneg p c t) (msubstneg q c t)"
```
```  2698 | "msubstneg (Eq (CNP 0 a r)) c t = msubsteq2 c t a r"
```
```  2699 | "msubstneg (NEq (CNP 0 a r)) c t = NOT (msubsteq2 c t a r)"
```
```  2700 | "msubstneg (Lt (CNP 0 a r)) c t = msubstltneg c t a r"
```
```  2701 | "msubstneg (Le (CNP 0 a r)) c t = msubstleneg c t a r"
```
```  2702 | "msubstneg p c t = p"
```
```  2703
```
```  2704 lemma msubstneg_I:
```
```  2705   assumes lp: "islin p" and pos: "Ipoly vs c < 0"
```
```  2706   shows "Ifm vs (x#bs) (msubstneg p c t) = Ifm vs (Itm vs (x#bs) t /  Ipoly vs c #bs) p"
```
```  2707   using lp pos
```
```  2708   by (induct p rule: islin.induct, auto simp add: msubsteq2 msubstltneg[OF pos] msubstleneg[OF pos] tmbound0_I[of _ vs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" bs x] bound0_I[of _ vs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" bs x] field_simps)
```
```  2709
```
```  2710
```
```  2711 definition "msubst2 p c t = disj (conj (lt (CP (polyneg c))) (simpfm (msubstpos p c t))) (conj (lt (CP c)) (simpfm (msubstneg p c t)))"
```
```  2712
```
```  2713 lemma msubst2: assumes lp: "islin p" and nc: "isnpoly c" and nz: "Ipoly vs c \<noteq> 0"
```
```  2714   shows "Ifm vs (x#bs) (msubst2 p c t) = Ifm vs (Itm vs (x#bs) t /  Ipoly vs c #bs) p"
```
```  2715 proof-
```
```  2716   let ?c = "Ipoly vs c"
```
```  2717   from nc have anc: "allpolys isnpoly (CP c)" "allpolys isnpoly (CP (~\<^sub>p c))"
```
```  2718     by (simp_all add: polyneg_norm)
```
```  2719   from nz have "?c > 0 \<or> ?c < 0" by arith
```
```  2720   moreover
```
```  2721   {assume c: "?c < 0"
```
```  2722     from c msubstneg_I[OF lp c, of x bs t] lt[OF anc(1), of vs "x#bs"] lt[OF anc(2), of vs "x#bs"]
```
```  2723     have ?thesis by (auto simp add: msubst2_def)}
```
```  2724   moreover
```
```  2725   {assume c: "?c > 0"
```
```  2726     from c msubstpos_I[OF lp c, of x bs t] lt[OF anc(1), of vs "x#bs"] lt[OF anc(2), of vs "x#bs"]
```
```  2727     have ?thesis by (auto simp add: msubst2_def)}
```
```  2728   ultimately show ?thesis by blast
```
```  2729 qed
```
```  2730
```
```  2731 term msubsteq2
```
```  2732 lemma msubsteq2_nb: "tmbound0 t \<Longrightarrow> islin (Eq (CNP 0 a r)) \<Longrightarrow> bound0 (msubsteq2 c t a r)"
```
```  2733   by (simp add: msubsteq2_def)
```
```  2734
```
```  2735 lemma msubstltpos_nb: "tmbound0 t \<Longrightarrow> islin (Lt (CNP 0 a r)) \<Longrightarrow> bound0 (msubstltpos c t a r)"
```
```  2736   by (simp add: msubstltpos_def)
```
```  2737 lemma msubstltneg_nb: "tmbound0 t \<Longrightarrow> islin (Lt (CNP 0 a r)) \<Longrightarrow> bound0 (msubstltneg c t a r)"
```
```  2738   by (simp add: msubstltneg_def)
```
```  2739
```
```  2740 lemma msubstlepos_nb: "tmbound0 t \<Longrightarrow> islin (Le (CNP 0 a r)) \<Longrightarrow> bound0 (msubstlepos c t a r)"
```
```  2741   by (simp add: msubstlepos_def)
```
```  2742 lemma msubstleneg_nb: "tmbound0 t \<Longrightarrow> islin (Le (CNP 0 a r)) \<Longrightarrow> bound0 (msubstleneg c t a r)"
```
```  2743   by (simp add: msubstleneg_def)
```
```  2744
```
```  2745 lemma msubstpos_nb: assumes lp: "islin p" and tnb: "tmbound0 t"
```
```  2746   shows "bound0 (msubstpos p c t)"
```
```  2747 using lp tnb
```
```  2748 by (induct p c t rule: msubstpos.induct, auto simp add: msubsteq2_nb msubstltpos_nb msubstlepos_nb)
```
```  2749
```
```  2750 lemma msubstneg_nb: assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})" and lp: "islin p" and tnb: "tmbound0 t"
```
```  2751   shows "bound0 (msubstneg p c t)"
```
```  2752 using lp tnb
```
```  2753 by (induct p c t rule: msubstneg.induct, auto simp add: msubsteq2_nb msubstltneg_nb msubstleneg_nb)
```
```  2754
```
```  2755 lemma msubst2_nb: assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})" and lp: "islin p" and tnb: "tmbound0 t"
```
```  2756   shows "bound0 (msubst2 p c t)"
```
```  2757 using lp tnb
```
```  2758 by (simp add: msubst2_def msubstneg_nb msubstpos_nb conj_nb disj_nb lt_nb simpfm_bound0)
```
```  2759
```
```  2760 lemma of_int2: "of_int 2 = 1 + 1"
```
```  2761 proof-
```
```  2762   have "(2::int) = 1 + 1" by simp
```
```  2763   hence "of_int 2 = of_int (1 + 1)" by simp
```
```  2764   thus ?thesis unfolding of_int_add by simp
```
```  2765 qed
```
```  2766
```
```  2767 lemma of_int_minus2: "of_int (-2) = - (1 + 1)"
```
```  2768 proof-
```
```  2769   have th: "(-2::int) = - 2" by simp
```
```  2770   show ?thesis unfolding th by (simp only: of_int_minus of_int2)
```
```  2771 qed
```
```  2772
```
```  2773
```
```  2774 lemma islin_qf: "islin p \<Longrightarrow> qfree p"
```
```  2775   by (induct p rule: islin.induct, auto simp add: bound0_qf)
```
```  2776 lemma fr_eq_msubst2:
```
```  2777   assumes lp: "islin p"
```
```  2778   shows "(\<exists> x. Ifm vs (x#bs) p) \<longleftrightarrow> ((Ifm vs (x#bs) (minusinf p)) \<or> (Ifm vs (x#bs) (plusinf p)) \<or> Ifm vs (x#bs) (subst0 (CP 0\<^sub>p) p) \<or> (\<exists>(n, t)\<in>set (uset p). Ifm vs (x# bs) (msubst2 p (n *\<^sub>p (C (-2,1))) t)) \<or> (\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). Ifm vs (x#bs) (msubst2 p (C (-2, 1) *\<^sub>p c*\<^sub>p d) (Add (Mul d t) (Mul c s)))))"
```
```  2779   (is "(\<exists> x. ?I x p) = (?M \<or> ?P \<or> ?Pz \<or> ?PU \<or> ?F)" is "?E = ?D")
```
```  2780 proof-
```
```  2781   from uset_l[OF lp] have th: "\<forall>(c, s)\<in>set (uset p). isnpoly c \<and> tmbound0 s" by blast
```
```  2782   let ?I = "\<lambda>p. Ifm vs (x#bs) p"
```
```  2783   have n2: "isnpoly (C (-2,1))" by (simp add: isnpoly_def)
```
```  2784   note eq0 = subst0[OF islin_qf[OF lp], of vs x bs "CP 0\<^sub>p", simplified]
```
```  2785
```
```  2786   have eq1: "(\<exists>(n, t)\<in>set (uset p). ?I (msubst2 p (n *\<^sub>p (C (-2,1))) t)) \<longleftrightarrow> (\<exists>(n, t)\<in>set (uset p). \<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0 \<and> Ifm vs (- Itm vs (x # bs) t / (\<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> * (1 + 1)) # bs) p)"
```
```  2787   proof-
```
```  2788     {fix n t assume H: "(n, t)\<in>set (uset p)" "?I(msubst2 p (n *\<^sub>p C (-2, 1)) t)"
```
```  2789       from H(1) th have "isnpoly n" by blast
```
```  2790       hence nn: "isnpoly (n *\<^sub>p (C (-2,1)))" by (simp_all add: polymul_norm n2)
```
```  2791       have nn': "allpolys isnpoly (CP (~\<^sub>p (n *\<^sub>p C (-2, 1))))"
```
```  2792         by (simp add: polyneg_norm nn)
```
```  2793       hence nn2: "\<lparr>n *\<^sub>p(C (-2,1)) \<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "\<lparr>n \<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" using H(2) nn' nn
```
```  2794         by (auto simp add: msubst2_def lt zero_less_mult_iff mult_less_0_iff)
```
```  2795       from msubst2[OF lp nn nn2(1), of x bs t]
```
```  2796       have "\<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0 \<and> Ifm vs (- Itm vs (x # bs) t / (\<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> * (1 + 1)) # bs) p"
```
```  2797         using H(2) nn2 by (simp add: of_int_minus2 del: minus_add_distrib)}
```
```  2798     moreover
```
```  2799     {fix n t assume H: "(n, t)\<in>set (uset p)" "\<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "Ifm vs (- Itm vs (x # bs) t / (\<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> * (1 + 1)) # bs) p"
```
```  2800       from H(1) th have "isnpoly n" by blast
```
```  2801       hence nn: "isnpoly (n *\<^sub>p (C (-2,1)))" "\<lparr>n *\<^sub>p(C (-2,1)) \<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0"
```
```  2802         using H(2) by (simp_all add: polymul_norm n2)
```
```  2803       from msubst2[OF lp nn, of x bs t] have "?I (msubst2 p (n *\<^sub>p (C (-2,1))) t)" using H(2,3) by (simp add: of_int_minus2 del: minus_add_distrib)}
```
```  2804     ultimately show ?thesis by blast
```
```  2805   qed
```
```  2806   have eq2: "(\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). Ifm vs (x#bs) (msubst2 p (C (-2, 1) *\<^sub>p c*\<^sub>p d) (Add (Mul d t) (Mul c s)))) \<longleftrightarrow> (\<exists>(n, t)\<in>set (uset p).
```
```  2807      \<exists>(m, s)\<in>set (uset p). \<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0 \<and> \<lparr>m\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0 \<and> Ifm vs ((- Itm vs (x # bs) t / \<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>m\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / (1 + 1) # bs) p)"
```
```  2808   proof-
```
```  2809     {fix c t d s assume H: "(c,t) \<in> set (uset p)" "(d,s) \<in> set (uset p)"
```
```  2810      "Ifm vs (x#bs) (msubst2 p (C (-2, 1) *\<^sub>p c*\<^sub>p d) (Add (Mul d t) (Mul c s)))"
```
```  2811       from H(1,2) th have "isnpoly c" "isnpoly d" by blast+
```
```  2812       hence nn: "isnpoly (C (-2, 1) *\<^sub>p c*\<^sub>p d)"
```
```  2813         by (simp_all add: polymul_norm n2)
```
```  2814       have stupid: "allpolys isnpoly (CP (~\<^sub>p (C (-2, 1) *\<^sub>p c *\<^sub>p d)))" "allpolys isnpoly (CP ((C (-2, 1) *\<^sub>p c *\<^sub>p d)))"
```
```  2815         by (simp_all add: polyneg_norm nn)
```
```  2816       have nn': "\<lparr>(C (-2, 1) *\<^sub>p c*\<^sub>p d)\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "\<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "\<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0"
```
```  2817         using H(3) by (auto simp add: msubst2_def lt[OF stupid(1)]  lt[OF stupid(2)] zero_less_mult_iff mult_less_0_iff)
```
```  2818       from msubst2[OF lp nn nn'(1), of x bs ] H(3) nn'
```
```  2819       have "\<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0 \<and> \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0 \<and> Ifm vs ((- Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / (1 + 1) # bs) p"
```
```  2820         apply (simp add: add_divide_distrib of_int_minus2 del: minus_add_distrib)
```
```  2821         by (simp add: mult_commute)}
```
```  2822     moreover
```
```  2823     {fix c t d s assume H: "(c,t) \<in> set (uset p)" "(d,s) \<in> set (uset p)"
```
```  2824       "\<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "\<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "Ifm vs ((- Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / (1 + 1) # bs) p"
```
```  2825      from H(1,2) th have "isnpoly c" "isnpoly d" by blast+
```
```  2826       hence nn: "isnpoly (C (-2, 1) *\<^sub>p c*\<^sub>p d)" "\<lparr>(C (-2, 1) *\<^sub>p c*\<^sub>p d)\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0"
```
```  2827         using H(3,4) by (simp_all add: polymul_norm n2)
```
```  2828       from msubst2[OF lp nn, of x bs ] H(3,4,5)
```
```  2829       have "Ifm vs (x#bs) (msubst2 p (C (-2, 1) *\<^sub>p c*\<^sub>p d) (Add (Mul d t) (Mul c s)))" apply (simp add: add_divide_distrib of_int_minus2 del: minus_add_distrib)by (simp add: mult_commute)}
```
```  2830     ultimately show ?thesis by blast
```
```  2831   qed
```
```  2832   from fr_eq2[OF lp, of vs bs x] show ?thesis
```
```  2833     unfolding eq0 eq1 eq2 by blast
```
```  2834 qed
```
```  2835
```
```  2836 definition
```
```  2837 "ferrack2 p \<equiv> let q = simpfm p ; mp = minusinf q ; pp = plusinf q
```
```  2838  in if (mp = T \<or> pp = T) then T
```
```  2839   else (let U = remdps (uset  q)
```
```  2840     in decr0 (list_disj [mp, pp, simpfm (subst0 (CP 0\<^sub>p) q), evaldjf (\<lambda>(c,t). msubst2 q (c *\<^sub>p C (-2, 1)) t) U,
```
```  2841    evaldjf (\<lambda>((b,a),(d,c)). msubst2 q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))) (alluopairs U)]))"
```
```  2842
```
```  2843 definition "frpar2 p = simpfm (qelim (prep p) ferrack2)"
```
```  2844
```
```  2845 lemma ferrack2: assumes qf: "qfree p"
```
```  2846   shows "qfree (ferrack2 p) \<and> ((Ifm vs bs (ferrack2 p)) = (Ifm vs bs (E p)))"
```
```  2847   (is "_ \<and> (?rhs = ?lhs)")
```
```  2848 proof-
```
```  2849   let ?J = "\<lambda> x p. Ifm vs (x#bs) p"
```
```  2850   let ?N = "\<lambda> t. Ipoly vs t"
```
```  2851   let ?Nt = "\<lambda>x t. Itm vs (x#bs) t"
```
```  2852   let ?q = "simpfm p"
```
```  2853   let ?qz = "subst0 (CP 0\<^sub>p) ?q"
```
```  2854   let ?U = "remdps(uset ?q)"
```
```  2855   let ?Up = "alluopairs ?U"
```
```  2856   let ?mp = "minusinf ?q"
```
```  2857   let ?pp = "plusinf ?q"
```
```  2858   let ?I = "\<lambda>p. Ifm vs (x#bs) p"
```
```  2859   from simpfm_lin[OF qf] simpfm_qf[OF qf] have lq: "islin ?q" and q_qf: "qfree ?q" .
```
```  2860   from minusinf_nb[OF lq] plusinf_nb[OF lq] have mp_nb: "bound0 ?mp" and pp_nb: "bound0 ?pp" .
```
```  2861   from bound0_qf[OF mp_nb] bound0_qf[OF pp_nb] have mp_qf: "qfree ?mp" and pp_qf: "qfree ?pp" .
```
```  2862   from uset_l[OF lq] have U_l: "\<forall>(c, s)\<in>set ?U. isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s"
```
```  2863     by simp
```
```  2864   have bnd0: "\<forall>x \<in> set ?U. bound0 ((\<lambda>(c,t). msubst2 ?q (c *\<^sub>p C (-2, 1)) t) x)"
```
```  2865   proof-
```
```  2866     {fix c t assume ct: "(c,t) \<in> set ?U"
```
```  2867       hence tnb: "tmbound0 t" using U_l by blast
```
```  2868       from msubst2_nb[OF lq tnb]
```
```  2869       have "bound0 ((\<lambda>(c,t). msubst2 ?q (c *\<^sub>p C (-2, 1)) t) (c,t))" by simp}
```
```  2870     thus ?thesis by auto
```
```  2871   qed
```
```  2872   have bnd1: "\<forall>x \<in> set ?Up. bound0 ((\<lambda>((b,a),(d,c)). msubst2 ?q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))) x)"
```
```  2873   proof-
```
```  2874     {fix b a d c assume badc: "((b,a),(d,c)) \<in> set ?Up"
```
```  2875       from badc U_l alluopairs_set1[of ?U]
```
```  2876       have nb: "tmbound0 (Add (Mul d a) (Mul b c))" by auto
```
```  2877       from msubst2_nb[OF lq nb] have "bound0 ((\<lambda>((b,a),(d,c)). msubst2 ?q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))) ((b,a),(d,c)))" by simp}
```
```  2878     thus ?thesis by auto
```
```  2879   qed
```
```  2880   have stupid: "bound0 F" by simp
```
```  2881   let ?R = "list_disj [?mp, ?pp, simpfm (subst0 (CP 0\<^sub>p) ?q), evaldjf (\<lambda>(c,t). msubst2 ?q (c *\<^sub>p C (-2, 1)) t) ?U,
```
```  2882    evaldjf (\<lambda>((b,a),(d,c)). msubst2 ?q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))) (alluopairs ?U)]"
```
```  2883   from subst0_nb[of "CP 0\<^sub>p" ?q] q_qf evaldjf_bound0[OF bnd1] evaldjf_bound0[OF bnd0] mp_nb pp_nb stupid
```
```  2884   have nb: "bound0 ?R "
```
```  2885     by (simp add: list_disj_def disj_nb0 simpfm_bound0)
```
```  2886   let ?s = "\<lambda>((b,a),(d,c)). msubst2 ?q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))"
```
```  2887
```
```  2888   {fix b a d c assume baU: "(b,a) \<in> set ?U" and dcU: "(d,c) \<in> set ?U"
```
```  2889     from U_l baU dcU have norm: "isnpoly b" "isnpoly d" "isnpoly (C (-2, 1))"
```
```  2890       by auto (simp add: isnpoly_def)
```
```  2891     have norm2: "isnpoly (C (-2, 1) *\<^sub>p b*\<^sub>p d)" "isnpoly (C (-2, 1) *\<^sub>p d*\<^sub>p b)"
```
```  2892       using norm by (simp_all add: polymul_norm)
```
```  2893     have stupid: "allpolys isnpoly (CP (C (-2, 1) *\<^sub>p b*\<^sub>p d))" "allpolys isnpoly (CP (C (-2, 1) *\<^sub>p d*\<^sub>p b))" "allpolys isnpoly (CP (~\<^sub>p(C (-2, 1) *\<^sub>p b*\<^sub>p d)))" "allpolys isnpoly (CP (~\<^sub>p(C (-2, 1) *\<^sub>p d*\<^sub>p b)))"
```
```  2894       by (simp_all add: polyneg_norm norm2)
```
```  2895     have "?I (msubst2 ?q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))) = ?I (msubst2 ?q (C (-2, 1) *\<^sub>p d*\<^sub>p b) (Add (Mul b c) (Mul d a)))" (is "?lhs \<longleftrightarrow> ?rhs")
```
```  2896     proof
```
```  2897       assume H: ?lhs
```
```  2898       hence z: "\<lparr>C (-2, 1) *\<^sub>p b *\<^sub>p d\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "\<lparr>C (-2, 1) *\<^sub>p d *\<^sub>p b\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0"
```
```  2899         by (auto simp add: msubst2_def lt[OF stupid(3)] lt[OF stupid(1)] mult_less_0_iff zero_less_mult_iff)
```
```  2900       from msubst2[OF lq norm2(1) z(1), of x bs]
```
```  2901         msubst2[OF lq norm2(2) z(2), of x bs] H
```
```  2902       show ?rhs by (simp add: ring_simps)
```
```  2903     next
```
```  2904       assume H: ?rhs
```
```  2905       hence z: "\<lparr>C (-2, 1) *\<^sub>p b *\<^sub>p d\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "\<lparr>C (-2, 1) *\<^sub>p d *\<^sub>p b\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0"
```
```  2906         by (auto simp add: msubst2_def lt[OF stupid(4)] lt[OF stupid(2)] mult_less_0_iff zero_less_mult_iff)
```
```  2907       from msubst2[OF lq norm2(1) z(1), of x bs]
```
```  2908         msubst2[OF lq norm2(2) z(2), of x bs] H
```
```  2909       show ?lhs by (simp add: ring_simps)
```
```  2910     qed}
```
```  2911   hence th0: "\<forall>x \<in> set ?U. \<forall>y \<in> set ?U. ?I (?s (x, y)) \<longleftrightarrow> ?I (?s (y, x))"
```
```  2912     by clarsimp
```
```  2913
```
```  2914   have "?lhs \<longleftrightarrow> (\<exists>x. Ifm vs (x#bs) ?q)" by simp
```
```  2915   also have "\<dots> \<longleftrightarrow> ?I ?mp \<or> ?I ?pp \<or> ?I (subst0 (CP 0\<^sub>p) ?q) \<or> (\<exists>(n,t) \<in> set ?U. ?I (msubst2 ?q (n *\<^sub>p C (-2, 1)) t)) \<or> (\<exists>(b, a)\<in>set ?U. \<exists>(d, c)\<in>set ?U. ?I (msubst2 ?q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))))"
```
```  2916     using fr_eq_msubst2[OF lq, of vs bs x] by simp
```
```  2917   also have "\<dots> \<longleftrightarrow> ?I ?mp \<or> ?I ?pp \<or> ?I (subst0 (CP 0\<^sub>p) ?q) \<or> (\<exists>(n,t) \<in> set ?U. ?I (msubst2 ?q (n *\<^sub>p C (-2, 1)) t)) \<or> (\<exists> x\<in>set ?U. \<exists> y \<in>set ?U. ?I (?s (x,y)))"
```
```  2918     by (simp add: split_def)
```
```  2919   also have "\<dots> \<longleftrightarrow> ?I ?mp \<or> ?I ?pp \<or> ?I (subst0 (CP 0\<^sub>p) ?q) \<or> (\<exists>(n,t) \<in> set ?U. ?I (msubst2 ?q (n *\<^sub>p C (-2, 1)) t)) \<or> (\<exists> (x,y) \<in> set ?Up. ?I (?s (x,y)))"
```
```  2920     using alluopairs_ex[OF th0] by simp
```
```  2921   also have "\<dots> \<longleftrightarrow> ?I ?R"
```
```  2922     by (simp add: list_disj_def evaldjf_ex split_def)
```
```  2923   also have "\<dots> \<longleftrightarrow> ?rhs"
```
```  2924     unfolding ferrack2_def
```
```  2925     apply (cases "?mp = T")
```
```  2926     apply (simp add: list_disj_def)
```
```  2927     apply (cases "?pp = T")
```
```  2928     apply (simp add: list_disj_def)
```
```  2929     by (simp_all add: Let_def decr0[OF nb])
```
```  2930   finally show ?thesis using decr0_qf[OF nb]
```
```  2931     by (simp  add: ferrack2_def Let_def)
```
```  2932 qed
```
```  2933
```
```  2934 lemma frpar2: "qfree (frpar2 p) \<and> (Ifm vs bs (frpar2 p) \<longleftrightarrow> Ifm vs bs p)"
```
```  2935 proof-
```
```  2936   from ferrack2 have th: "\<forall>bs p. qfree p \<longrightarrow> qfree (ferrack2 p) \<and> Ifm vs bs (ferrack2 p) = Ifm vs bs (E p)" by blast
```
```  2937   from qelim[OF th, of "prep p" bs]
```
```  2938 show ?thesis  unfolding frpar2_def by (auto simp add: prep)
```
```  2939 qed
```
```  2940
```
```  2941 ML {*
```
```  2942 structure ReflectedFRPar =
```
```  2943 struct
```
```  2944
```
```  2945 val bT = HOLogic.boolT;
```
```  2946 fun num rT x = HOLogic.mk_number rT x;
```
```  2947 fun rrelT rT = [rT,rT] ---> rT;
```
```  2948 fun rrT rT = [rT, rT] ---> bT;
```
```  2949 fun divt rT = Const(@{const_name Rings.divide},rrelT rT);
```
```  2950 fun timest rT = Const(@{const_name Groups.times},rrelT rT);
```
```  2951 fun plust rT = Const(@{const_name Groups.plus},rrelT rT);
```
```  2952 fun minust rT = Const(@{const_name Groups.minus},rrelT rT);
```
```  2953 fun uminust rT = Const(@{const_name Groups.uminus}, rT --> rT);
```
```  2954 fun powt rT = Const(@{const_name "power"}, [rT,@{typ "nat"}] ---> rT);
```
```  2955 val brT = [bT, bT] ---> bT;
```
```  2956 val nott = @{term "Not"};
```
```  2957 val conjt = @{term "op &"};
```
```  2958 val disjt = @{term "op |"};
```
```  2959 val impt = @{term "op -->"};
```
```  2960 val ifft = @{term "op = :: bool => _"}
```
```  2961 fun llt rT = Const(@{const_name Orderings.less},rrT rT);
```
```  2962 fun lle rT = Const(@{const_name Orderings.less},rrT rT);
```
```  2963 fun eqt rT = Const("op =",rrT rT);
```
```  2964 fun rz rT = Const(@{const_name Groups.zero},rT);
```
```  2965
```
```  2966 fun dest_nat t = case t of
```
```  2967   Const ("Suc",_)\$t' => 1 + dest_nat t'
```
```  2968 | _ => (snd o HOLogic.dest_number) t;
```
```  2969
```
```  2970 fun num_of_term m t =
```
```  2971  case t of
```
```  2972    Const(@{const_name Groups.uminus},_)\$t => @{code poly.Neg} (num_of_term m t)
```
```  2973  | Const(@{const_name Groups.plus},_)\$a\$b => @{code poly.Add} (num_of_term m a, num_of_term m b)
```
```  2974  | Const(@{const_name Groups.minus},_)\$a\$b => @{code poly.Sub} (num_of_term m a, num_of_term m b)
```
```  2975  | Const(@{const_name Groups.times},_)\$a\$b => @{code poly.Mul} (num_of_term m a, num_of_term m b)
```
```  2976  | Const(@{const_name Power.power},_)\$a\$n => @{code poly.Pw} (num_of_term m a, dest_nat n)
```
```  2977  | Const(@{const_name Rings.divide},_)\$a\$b => @{code poly.C} (HOLogic.dest_number a |> snd, HOLogic.dest_number b |> snd)
```
```  2978  | _ => (@{code poly.C} (HOLogic.dest_number t |> snd,1)
```
```  2979          handle TERM _ => @{code poly.Bound} (AList.lookup (op aconv) m t |> the));
```
```  2980
```
```  2981 fun tm_of_term m m' t =
```
```  2982  case t of
```
```  2983    Const(@{const_name Groups.uminus},_)\$t => @{code Neg} (tm_of_term m m' t)
```
```  2984  | Const(@{const_name Groups.plus},_)\$a\$b => @{code Add} (tm_of_term m m' a, tm_of_term m m' b)
```
```  2985  | Const(@{const_name Groups.minus},_)\$a\$b => @{code Sub} (tm_of_term m m' a, tm_of_term m m' b)
```
```  2986  | Const(@{const_name Groups.times},_)\$a\$b => @{code Mul} (num_of_term m' a, tm_of_term m m' b)
```
```  2987  | _ => (@{code CP} (num_of_term m' t)
```
```  2988          handle TERM _ => @{code Bound} (AList.lookup (op aconv) m t |> the)
```
```  2989               | Option => @{code Bound} (AList.lookup (op aconv) m t |> the));
```
```  2990
```
```  2991 fun term_of_num T m t =
```
```  2992  case t of
```
```  2993   @{code poly.C} (a,b) => (if b = 1 then num T a else if b=0 then (rz T)
```
```  2994                                         else (divt T) \$ num T a \$ num T b)
```
```  2995 | @{code poly.Bound} i => AList.lookup (op = : int*int -> bool) m i |> the
```
```  2996 | @{code poly.Add} (a,b) => (plust T)\$(term_of_num T m a)\$(term_of_num T m b)
```
```  2997 | @{code poly.Mul} (a,b) => (timest T)\$(term_of_num T m a)\$(term_of_num T m b)
```
```  2998 | @{code poly.Sub} (a,b) => (minust T)\$(term_of_num T m a)\$(term_of_num T m b)
```
```  2999 | @{code poly.Neg} a => (uminust T)\$(term_of_num T m a)
```
```  3000 | @{code poly.Pw} (a,n) => (powt T)\$(term_of_num T m t)\$(HOLogic.mk_number HOLogic.natT n)
```
```  3001 | @{code poly.CN} (c,n,p) => term_of_num T m (@{code poly.Add} (c, @{code poly.Mul} (@{code poly.Bound} n, p)))
```
```  3002 | _ => error "term_of_num: Unknown term";
```
```  3003
```
```  3004 fun term_of_tm T m m' t =
```
```  3005  case t of
```
```  3006   @{code CP} p => term_of_num T m' p
```
```  3007 | @{code Bound} i => AList.lookup (op = : int*int -> bool) m i |> the
```
```  3008 | @{code Add} (a,b) => (plust T)\$(term_of_tm T m m' a)\$(term_of_tm T m m' b)
```
```  3009 | @{code Mul} (a,b) => (timest T)\$(term_of_num T m' a)\$(term_of_tm T m m' b)
```
```  3010 | @{code Sub} (a,b) => (minust T)\$(term_of_tm T m m' a)\$(term_of_tm T m m' b)
```
```  3011 | @{code Neg} a => (uminust T)\$(term_of_tm T m m' a)
```
```  3012 | @{code CNP} (n,c,p) => term_of_tm T m m' (@{code Add}
```
```  3013      (@{code Mul} (c, @{code Bound} n), p))
```
```  3014 | _ => error "term_of_tm: Unknown term";
```
```  3015
```
```  3016 fun fm_of_term m m' fm =
```
```  3017  case fm of
```
```  3018     Const("True",_) => @{code T}
```
```  3019   | Const("False",_) => @{code F}
```
```  3020   | Const("Not",_)\$p => @{code NOT} (fm_of_term m m' p)
```
```  3021   | Const("op &",_)\$p\$q => @{code And} (fm_of_term m m' p, fm_of_term m m' q)
```
```  3022   | Const("op |",_)\$p\$q => @{code Or} (fm_of_term m m' p, fm_of_term m m' q)
```
```  3023   | Const("op -->",_)\$p\$q => @{code Imp} (fm_of_term m m' p, fm_of_term m m' q)
```
```  3024   | Const("op =",ty)\$p\$q =>
```
```  3025        if domain_type ty = bT then @{code Iff} (fm_of_term m m' p, fm_of_term m m' q)
```
```  3026        else @{code Eq} (@{code Sub} (tm_of_term m m' p, tm_of_term m m' q))
```
```  3027   | Const(@{const_name Orderings.less},_)\$p\$q =>
```
```  3028         @{code Lt} (@{code Sub} (tm_of_term m m' p, tm_of_term m m' q))
```
```  3029   | Const(@{const_name Orderings.less_eq},_)\$p\$q =>
```
```  3030         @{code Le} (@{code Sub} (tm_of_term m m' p, tm_of_term m m' q))
```
```  3031   | Const("Ex",_)\$Abs(xn,xT,p) =>
```
```  3032      let val (xn', p') =  variant_abs (xn,xT,p)
```
```  3033          val x = Free(xn',xT)
```
```  3034          fun incr i = i + 1
```
```  3035          val m0 = (x,0):: (map (apsnd incr) m)
```
```  3036       in @{code E} (fm_of_term m0 m' p') end
```
```  3037   | Const("All",_)\$Abs(xn,xT,p) =>
```
```  3038      let val (xn', p') =  variant_abs (xn,xT,p)
```
```  3039          val x = Free(xn',xT)
```
```  3040          fun incr i = i + 1
```
```  3041          val m0 = (x,0):: (map (apsnd incr) m)
```
```  3042       in @{code A} (fm_of_term m0 m' p') end
```
```  3043   | _ => error "fm_of_term";
```
```  3044
```
```  3045
```
```  3046 fun term_of_fm T m m' t =
```
```  3047   case t of
```
```  3048     @{code T} => Const("True",bT)
```
```  3049   | @{code F} => Const("False",bT)
```
```  3050   | @{code NOT} p => nott \$ (term_of_fm T m m' p)
```
```  3051   | @{code And} (p,q) => conjt \$ (term_of_fm T m m' p) \$ (term_of_fm T m m' q)
```
```  3052   | @{code Or} (p,q) => disjt \$ (term_of_fm T m m' p) \$ (term_of_fm T m m' q)
```
```  3053   | @{code Imp} (p,q) => impt \$ (term_of_fm T m m' p) \$ (term_of_fm T m m' q)
```
```  3054   | @{code Iff} (p,q) => ifft \$ (term_of_fm T m m' p) \$ (term_of_fm T m m' q)
```
```  3055   | @{code Lt} p => (llt T) \$ (term_of_tm T m m' p) \$ (rz T)
```
```  3056   | @{code Le} p => (lle T) \$ (term_of_tm T m m' p) \$ (rz T)
```
```  3057   | @{code Eq} p => (eqt T) \$ (term_of_tm T m m' p) \$ (rz T)
```
```  3058   | @{code NEq} p => nott \$ ((eqt T) \$ (term_of_tm T m m' p) \$ (rz T))
```
```  3059   | _ => error "term_of_fm: quantifiers!!!!???";
```
```  3060
```
```  3061 fun frpar_oracle (T,m, m', fm) =
```
```  3062  let
```
```  3063    val t = HOLogic.dest_Trueprop fm
```
```  3064    val im = 0 upto (length m - 1)
```
```  3065    val im' = 0 upto (length m' - 1)
```
```  3066  in HOLogic.mk_Trueprop (HOLogic.mk_eq(t, term_of_fm T (im ~~ m) (im' ~~ m')
```
```  3067                                                      (@{code frpar} (fm_of_term (m ~~ im) (m' ~~ im') t))))
```
```  3068  end;
```
```  3069
```
```  3070 fun frpar_oracle2 (T,m, m', fm) =
```
```  3071  let
```
```  3072    val t = HOLogic.dest_Trueprop fm
```
```  3073    val im = 0 upto (length m - 1)
```
```  3074    val im' = 0 upto (length m' - 1)
```
```  3075  in HOLogic.mk_Trueprop (HOLogic.mk_eq(t, term_of_fm T (im ~~ m) (im' ~~ m')
```
```  3076                                                      (@{code frpar2} (fm_of_term (m ~~ im) (m' ~~ im') t))))
```
```  3077  end;
```
```  3078
```
```  3079 end;
```
```  3080
```
```  3081
```
```  3082 *}
```
```  3083
```
```  3084 oracle frpar_oracle = {* fn (ty, ts, ts', ct) =>
```
```  3085  let
```
```  3086   val thy = Thm.theory_of_cterm ct
```
```  3087  in cterm_of thy (ReflectedFRPar.frpar_oracle (ty,ts, ts', term_of ct))
```
```  3088  end *}
```
```  3089
```
```  3090 oracle frpar_oracle2 = {* fn (ty, ts, ts', ct) =>
```
```  3091  let
```
```  3092   val thy = Thm.theory_of_cterm ct
```
```  3093  in cterm_of thy (ReflectedFRPar.frpar_oracle2 (ty,ts, ts', term_of ct))
```
```  3094  end *}
```
```  3095
```
```  3096 ML{*
```
```  3097 structure FRParTac =
```
```  3098 struct
```
```  3099
```
```  3100 fun frpar_tac T ps ctxt i =
```
```  3101  (ObjectLogic.full_atomize_tac i)
```
```  3102  THEN (fn st =>
```
```  3103   let
```
```  3104     val g = List.nth (cprems_of st, i - 1)
```
```  3105     val thy = ProofContext.theory_of ctxt
```
```  3106     val fs = subtract (op aconv) (map Free (Term.add_frees (term_of g) [])) ps
```
```  3107     val th = frpar_oracle (T, fs,ps, (* Pattern.eta_long [] *)g)
```
```  3108   in rtac (th RS iffD2) i st end);
```
```  3109
```
```  3110 fun frpar2_tac T ps ctxt i =
```
```  3111  (ObjectLogic.full_atomize_tac i)
```
```  3112  THEN (fn st =>
```
```  3113   let
```
```  3114     val g = List.nth (cprems_of st, i - 1)
```
```  3115     val thy = ProofContext.theory_of ctxt
```
```  3116     val fs = subtract (op aconv) (map Free (Term.add_frees (term_of g) [])) ps
```
```  3117     val th = frpar_oracle2 (T, fs,ps, (* Pattern.eta_long [] *)g)
```
```  3118   in rtac (th RS iffD2) i st end);
```
```  3119
```
```  3120 end;
```
```  3121
```
```  3122 *}
```
```  3123
```
```  3124 method_setup frpar = {*
```
```  3125 let
```
```  3126  fun keyword k = Scan.lift (Args.\$\$\$ k -- Args.colon) >> K ()
```
```  3127  fun simple_keyword k = Scan.lift (Args.\$\$\$ k) >> K ()
```
```  3128  val parsN = "pars"
```
```  3129  val typN = "type"
```
```  3130  val any_keyword = keyword parsN || keyword typN
```
```  3131  val thms = Scan.repeat (Scan.unless any_keyword Attrib.multi_thm) >> flat
```
```  3132  val cterms = thms >> map Drule.dest_term;
```
```  3133  val terms = Scan.repeat (Scan.unless any_keyword Args.term)
```
```  3134  val typ = Scan.unless any_keyword Args.typ
```
```  3135 in
```
```  3136  (keyword typN |-- typ) -- (keyword parsN |-- terms) >>
```
```  3137   (fn (T,ps) => fn ctxt => SIMPLE_METHOD' (FRParTac.frpar_tac T ps ctxt))
```
```  3138 end
```
```  3139 *} "Parametric QE for linear Arithmetic over fields, Version 1"
```
```  3140
```
```  3141 method_setup frpar2 = {*
```
```  3142 let
```
```  3143  fun keyword k = Scan.lift (Args.\$\$\$ k -- Args.colon) >> K ()
```
```  3144  fun simple_keyword k = Scan.lift (Args.\$\$\$ k) >> K ()
```
```  3145  val parsN = "pars"
```
```  3146  val typN = "type"
```
```  3147  val any_keyword = keyword parsN || keyword typN
```
```  3148  val thms = Scan.repeat (Scan.unless any_keyword Attrib.multi_thm) >> flat
```
```  3149  val cterms = thms >> map Drule.dest_term;
```
```  3150  val terms = Scan.repeat (Scan.unless any_keyword Args.term)
```
```  3151  val typ = Scan.unless any_keyword Args.typ
```
```  3152 in
```
```  3153  (keyword typN |-- typ) -- (keyword parsN |-- terms) >>
```
```  3154   (fn (T,ps) => fn ctxt => SIMPLE_METHOD' (FRParTac.frpar2_tac T ps ctxt))
```
```  3155 end
```
```  3156 *} "Parametric QE for linear Arithmetic over fields, Version 2"
```
```  3157
```
```  3158
```
```  3159 lemma "\<exists>(x::'a::{division_by_zero,linordered_field,number_ring}). y \<noteq> -1 \<longrightarrow> (y + 1)*x < 0"
```
```  3160   apply (frpar type: "'a::{division_by_zero,linordered_field,number_ring}" pars: "y::'a::{division_by_zero,linordered_field,number_ring}")
```
```  3161   apply (simp add: ring_simps)
```
```  3162   apply (rule spec[where x=y])
```
```  3163   apply (frpar type: "'a::{division_by_zero,linordered_field,number_ring}" pars: "z::'a::{division_by_zero,linordered_field,number_ring}")
```
```  3164   by simp
```
```  3165
```
```  3166 text{* Collins/Jones Problem *}
```
```  3167 (*
```
```  3168 lemma "\<exists>(r::'a::{division_by_zero,linordered_field,number_ring}). 0 < r \<and> r < 1 \<and> 0 < (2 - 3*r) *(a^2 + b^2) + (2*a)*r \<and> (2 - 3*r) *(a^2 + b^2) + 4*a*r - 2*a - r < 0"
```
```  3169 proof-
```
```  3170   have "(\<exists>(r::'a::{division_by_zero,linordered_field,number_ring}). 0 < r \<and> r < 1 \<and> 0 < (2 - 3*r) *(a^2 + b^2) + (2*a)*r \<and> (2 - 3*r) *(a^2 + b^2) + 4*a*r - 2*a - r < 0) \<longleftrightarrow> (\<exists>(r::'a::{division_by_zero,linordered_field,number_ring}). 0 < r \<and> r < 1 \<and> 0 < 2 *(a^2 + b^2) - (3*(a^2 + b^2)) * r + (2*a)*r \<and> 2*(a^2 + b^2) - (3*(a^2 + b^2) - 4*a + 1)*r - 2*a < 0)" (is "?lhs \<longleftrightarrow> ?rhs")
```
```  3171 by (simp add: ring_simps)
```
```  3172 have "?rhs"
```
```  3173
```
```  3174   apply (frpar type: "'a::{division_by_zero,linordered_field,number_ring}" pars: "a::'a::{division_by_zero,linordered_field,number_ring}" "b::'a::{division_by_zero,linordered_field,number_ring}")
```
```  3175   apply (simp add: ring_simps)
```
```  3176 oops
```
```  3177 *)
```
```  3178 (*
```
```  3179 lemma "ALL (x::'a::{division_by_zero,linordered_field,number_ring}) y. (1 - t)*x \<le> (1+t)*y \<and> (1 - t)*y \<le> (1+t)*x --> 0 \<le> y"
```
```  3180 apply (frpar type: "'a::{division_by_zero,linordered_field,number_ring}" pars: "t::'a::{division_by_zero,linordered_field,number_ring}")
```
```  3181 oops
```
```  3182 *)
```
```  3183
```
```  3184 lemma "\<exists>(x::'a::{division_by_zero,linordered_field,number_ring}). y \<noteq> -1 \<longrightarrow> (y + 1)*x < 0"
```
```  3185   apply (frpar2 type: "'a::{division_by_zero,linordered_field,number_ring}" pars: "y::'a::{division_by_zero,linordered_field,number_ring}")
```
```  3186   apply (simp add: ring_simps)
```
```  3187   apply (rule spec[where x=y])
```
```  3188   apply (frpar2 type: "'a::{division_by_zero,linordered_field,number_ring}" pars: "z::'a::{division_by_zero,linordered_field,number_ring}")
```
```  3189   by simp
```
```  3190
```
```  3191 text{* Collins/Jones Problem *}
```
```  3192
```
```  3193 (*
```
```  3194 lemma "\<exists>(r::'a::{division_by_zero,linordered_field,number_ring}). 0 < r \<and> r < 1 \<and> 0 < (2 - 3*r) *(a^2 + b^2) + (2*a)*r \<and> (2 - 3*r) *(a^2 + b^2) + 4*a*r - 2*a - r < 0"
```
```  3195 proof-
```
```  3196   have "(\<exists>(r::'a::{division_by_zero,linordered_field,number_ring}). 0 < r \<and> r < 1 \<and> 0 < (2 - 3*r) *(a^2 + b^2) + (2*a)*r \<and> (2 - 3*r) *(a^2 + b^2) + 4*a*r - 2*a - r < 0) \<longleftrightarrow> (\<exists>(r::'a::{division_by_zero,linordered_field,number_ring}). 0 < r \<and> r < 1 \<and> 0 < 2 *(a^2 + b^2) - (3*(a^2 + b^2)) * r + (2*a)*r \<and> 2*(a^2 + b^2) - (3*(a^2 + b^2) - 4*a + 1)*r - 2*a < 0)" (is "?lhs \<longleftrightarrow> ?rhs")
```
```  3197 by (simp add: ring_simps)
```
```  3198 have "?rhs"
```
```  3199   apply (frpar2 type: "'a::{division_by_zero,linordered_field,number_ring}" pars: "a::'a::{division_by_zero,linordered_field,number_ring}" "b::'a::{division_by_zero,linordered_field,number_ring}")
```
```  3200   apply simp
```
```  3201 oops
```
```  3202 *)
```
```  3203
```
```  3204 (*
```
```  3205 lemma "ALL (x::'a::{division_by_zero,linordered_field,number_ring}) y. (1 - t)*x \<le> (1+t)*y \<and> (1 - t)*y \<le> (1+t)*x --> 0 \<le> y"
```
```  3206 apply (frpar2 type: "'a::{division_by_zero,linordered_field,number_ring}" pars: "t::'a::{division_by_zero,linordered_field,number_ring}")
```
```  3207 apply (simp add: field_simps linorder_neq_iff[symmetric])
```
```  3208 apply ferrack
```
```  3209 oops
```
```  3210 *)
```
`  3211 end`