Add a quantifier elimination for parametric linear arithmetic over ordered fields (parameters are multivariate polynomials)
authorchaieb
Sun Oct 25 08:57:35 2009 +0100 (2009-10-25)
changeset 33152241cfaed158f
parent 33081 fe29679cabc2
child 33153 92080294beb8
Add a quantifier elimination for parametric linear arithmetic over ordered fields (parameters are multivariate polynomials)
src/HOL/Decision_Procs/Decision_Procs.thy
src/HOL/Decision_Procs/Parametric_Ferrante_Rackoff.thy
     1.1 --- a/src/HOL/Decision_Procs/Decision_Procs.thy	Fri Oct 23 10:11:56 2009 +0200
     1.2 +++ b/src/HOL/Decision_Procs/Decision_Procs.thy	Sun Oct 25 08:57:35 2009 +0100
     1.3 @@ -1,7 +1,7 @@
     1.4  header {* Various decision procedures. typically involving reflection *}
     1.5  
     1.6  theory Decision_Procs
     1.7 -imports Cooper Ferrack MIR Approximation Dense_Linear_Order "ex/Approximation_Ex" "ex/Dense_Linear_Order_Ex"
     1.8 +imports Cooper Ferrack MIR Approximation Dense_Linear_Order "ex/Approximation_Ex" "ex/Dense_Linear_Order_Ex" Parametric_Ferrante_Rackoff
     1.9  begin
    1.10  
    1.11  end
    1.12 \ No newline at end of file
     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/src/HOL/Decision_Procs/Parametric_Ferrante_Rackoff.thy	Sun Oct 25 08:57:35 2009 +0100
     2.3 @@ -0,0 +1,3227 @@
     2.4 +(*  Title:      HOL/Decision_Procs/Parametric_Ferrante_Rackoff.thy
     2.5 +    Author:     Amine Chaieb
     2.6 +*)
     2.7 +
     2.8 +header{* A formalization of Ferrante and Rackoff's procedure with polynomial parameters, see Paper in CALCULEMUS 2008 *}
     2.9 +
    2.10 +theory Parametric_Ferrante_Rackoff
    2.11 +imports Reflected_Multivariate_Polynomial 
    2.12 +  "~~/src/HOL/Decision_Procs/Dense_Linear_Order"
    2.13 +begin
    2.14 +
    2.15 +
    2.16 +subsection {* Terms *}
    2.17 +
    2.18 +datatype tm = CP poly | Bound nat | Add tm tm | Mul poly tm 
    2.19 +  | Neg tm | Sub tm tm | CNP nat poly tm
    2.20 +  (* A size for poly to make inductive proofs simpler*)
    2.21 +
    2.22 +consts tmsize :: "tm \<Rightarrow> nat"
    2.23 +primrec 
    2.24 +  "tmsize (CP c) = polysize c"
    2.25 +  "tmsize (Bound n) = 1"
    2.26 +  "tmsize (Neg a) = 1 + tmsize a"
    2.27 +  "tmsize (Add a b) = 1 + tmsize a + tmsize b"
    2.28 +  "tmsize (Sub a b) = 3 + tmsize a + tmsize b"
    2.29 +  "tmsize (Mul c a) = 1 + polysize c + tmsize a"
    2.30 +  "tmsize (CNP n c a) = 3 + polysize c + tmsize a "
    2.31 +
    2.32 +  (* Semantics of terms tm *)
    2.33 +consts Itm :: "'a::{ring_char_0,division_by_zero,field} list \<Rightarrow> 'a list \<Rightarrow> tm \<Rightarrow> 'a"
    2.34 +primrec
    2.35 +  "Itm vs bs (CP c) = (Ipoly vs c)"
    2.36 +  "Itm vs bs (Bound n) = bs!n"
    2.37 +  "Itm vs bs (Neg a) = -(Itm vs bs a)"
    2.38 +  "Itm vs bs (Add a b) = Itm vs bs a + Itm vs bs b"
    2.39 +  "Itm vs bs (Sub a b) = Itm vs bs a - Itm vs bs b"
    2.40 +  "Itm vs bs (Mul c a) = (Ipoly vs c) * Itm vs bs a"
    2.41 +  "Itm vs bs (CNP n c t) = (Ipoly vs c)*(bs!n) + Itm vs bs t"	
    2.42 +
    2.43 +
    2.44 +fun allpolys:: "(poly \<Rightarrow> bool) \<Rightarrow> tm \<Rightarrow> bool"  where
    2.45 +  "allpolys P (CP c) = P c"
    2.46 +| "allpolys P (CNP n c p) = (P c \<and> allpolys P p)"
    2.47 +| "allpolys P (Mul c p) = (P c \<and> allpolys P p)"
    2.48 +| "allpolys P (Neg p) = allpolys P p"
    2.49 +| "allpolys P (Add p q) = (allpolys P p \<and> allpolys P q)"
    2.50 +| "allpolys P (Sub p q) = (allpolys P p \<and> allpolys P q)"
    2.51 +| "allpolys P p = True"
    2.52 +
    2.53 +consts 
    2.54 +  tmboundslt:: "nat \<Rightarrow> tm \<Rightarrow> bool"
    2.55 +  tmbound0:: "tm \<Rightarrow> bool" (* a tm is INDEPENDENT of Bound 0 *)
    2.56 +  tmbound:: "nat \<Rightarrow> tm \<Rightarrow> bool" (* a tm is INDEPENDENT of Bound n *)
    2.57 +  incrtm0:: "tm \<Rightarrow> tm"
    2.58 +  incrtm:: "nat \<Rightarrow> tm \<Rightarrow> tm"
    2.59 +  decrtm0:: "tm \<Rightarrow> tm" 
    2.60 +  decrtm:: "nat \<Rightarrow> tm \<Rightarrow> tm" 
    2.61 +primrec
    2.62 +  "tmboundslt n (CP c) = True"
    2.63 +  "tmboundslt n (Bound m) = (m < n)"
    2.64 +  "tmboundslt n (CNP m c a) = (m < n \<and> tmboundslt n a)"
    2.65 +  "tmboundslt n (Neg a) = tmboundslt n a"
    2.66 +  "tmboundslt n (Add a b) = (tmboundslt n a \<and> tmboundslt n b)"
    2.67 +  "tmboundslt n (Sub a b) = (tmboundslt n a \<and> tmboundslt n b)" 
    2.68 +  "tmboundslt n (Mul i a) = tmboundslt n a"
    2.69 +primrec
    2.70 +  "tmbound0 (CP c) = True"
    2.71 +  "tmbound0 (Bound n) = (n>0)"
    2.72 +  "tmbound0 (CNP n c a) = (n\<noteq>0 \<and> tmbound0 a)"
    2.73 +  "tmbound0 (Neg a) = tmbound0 a"
    2.74 +  "tmbound0 (Add a b) = (tmbound0 a \<and> tmbound0 b)"
    2.75 +  "tmbound0 (Sub a b) = (tmbound0 a \<and> tmbound0 b)" 
    2.76 +  "tmbound0 (Mul i a) = tmbound0 a"
    2.77 +lemma tmbound0_I:
    2.78 +  assumes nb: "tmbound0 a"
    2.79 +  shows "Itm vs (b#bs) a = Itm vs (b'#bs) a"
    2.80 +using nb
    2.81 +by (induct a rule: tmbound0.induct,auto simp add: nth_pos2)
    2.82 +
    2.83 +primrec
    2.84 +  "tmbound n (CP c) = True"
    2.85 +  "tmbound n (Bound m) = (n \<noteq> m)"
    2.86 +  "tmbound n (CNP m c a) = (n\<noteq>m \<and> tmbound n a)"
    2.87 +  "tmbound n (Neg a) = tmbound n a"
    2.88 +  "tmbound n (Add a b) = (tmbound n a \<and> tmbound n b)"
    2.89 +  "tmbound n (Sub a b) = (tmbound n a \<and> tmbound n b)" 
    2.90 +  "tmbound n (Mul i a) = tmbound n a"
    2.91 +lemma tmbound0_tmbound_iff: "tmbound 0 t = tmbound0 t" by (induct t, auto)
    2.92 +
    2.93 +lemma tmbound_I: 
    2.94 +  assumes bnd: "tmboundslt (length bs) t" and nb: "tmbound n t" and le: "n \<le> length bs"
    2.95 +  shows "Itm vs (bs[n:=x]) t = Itm vs bs t"
    2.96 +  using nb le bnd
    2.97 +  by (induct t rule: tmbound.induct , auto)
    2.98 +
    2.99 +recdef decrtm0 "measure size"
   2.100 +  "decrtm0 (Bound n) = Bound (n - 1)"
   2.101 +  "decrtm0 (Neg a) = Neg (decrtm0 a)"
   2.102 +  "decrtm0 (Add a b) = Add (decrtm0 a) (decrtm0 b)"
   2.103 +  "decrtm0 (Sub a b) = Sub (decrtm0 a) (decrtm0 b)"
   2.104 +  "decrtm0 (Mul c a) = Mul c (decrtm0 a)"
   2.105 +  "decrtm0 (CNP n c a) = CNP (n - 1) c (decrtm0 a)"
   2.106 +  "decrtm0 a = a"
   2.107 +recdef incrtm0 "measure size"
   2.108 +  "incrtm0 (Bound n) = Bound (n + 1)"
   2.109 +  "incrtm0 (Neg a) = Neg (incrtm0 a)"
   2.110 +  "incrtm0 (Add a b) = Add (incrtm0 a) (incrtm0 b)"
   2.111 +  "incrtm0 (Sub a b) = Sub (incrtm0 a) (incrtm0 b)"
   2.112 +  "incrtm0 (Mul c a) = Mul c (incrtm0 a)"
   2.113 +  "incrtm0 (CNP n c a) = CNP (n + 1) c (incrtm0 a)"
   2.114 +  "incrtm0 a = a"
   2.115 +lemma decrtm0: assumes nb: "tmbound0 t"
   2.116 +  shows "Itm vs (x#bs) t = Itm vs bs (decrtm0 t)"
   2.117 +  using nb by (induct t rule: decrtm0.induct, simp_all add: nth_pos2)
   2.118 +lemma incrtm0: "Itm vs (x#bs) (incrtm0 t) = Itm vs bs t"
   2.119 +  by (induct t rule: decrtm0.induct, simp_all add: nth_pos2)
   2.120 +
   2.121 +primrec
   2.122 +  "decrtm m (CP c) = (CP c)"
   2.123 +  "decrtm m (Bound n) = (if n < m then Bound n else Bound (n - 1))"
   2.124 +  "decrtm m (Neg a) = Neg (decrtm m a)"
   2.125 +  "decrtm m (Add a b) = Add (decrtm m a) (decrtm m b)"
   2.126 +  "decrtm m (Sub a b) = Sub (decrtm m a) (decrtm m b)"
   2.127 +  "decrtm m (Mul c a) = Mul c (decrtm m a)"
   2.128 +  "decrtm m (CNP n c a) = (if n < m then CNP n c (decrtm m a) else CNP (n - 1) c (decrtm m a))"
   2.129 +
   2.130 +consts removen:: "nat \<Rightarrow> 'a list \<Rightarrow> 'a list"
   2.131 +primrec
   2.132 +  "removen n [] = []"
   2.133 +  "removen n (x#xs) = (if n=0 then xs else (x#(removen (n - 1) xs)))"
   2.134 +
   2.135 +lemma removen_same: "n \<ge> length xs \<Longrightarrow> removen n xs = xs"
   2.136 +  by (induct xs arbitrary: n, auto)
   2.137 +
   2.138 +lemma nth_length_exceeds: "n \<ge> length xs \<Longrightarrow> xs!n = []!(n - length xs)"
   2.139 +  by (induct xs arbitrary: n, auto)
   2.140 +
   2.141 +lemma removen_length: "length (removen n xs) = (if n \<ge> length xs then length xs else length xs - 1)"
   2.142 +  by (induct xs arbitrary: n, auto)
   2.143 +lemma removen_nth: "(removen n xs)!m = (if n \<ge> length xs then xs!m 
   2.144 +  else if m < n then xs!m else if m \<le> length xs then xs!(Suc m) else []!(m - (length xs - 1)))"
   2.145 +proof(induct xs arbitrary: n m)
   2.146 +  case Nil thus ?case by simp
   2.147 +next
   2.148 +  case (Cons x xs n m)
   2.149 +  {assume nxs: "n \<ge> length (x#xs)" hence ?case using removen_same[OF nxs] by simp}
   2.150 +  moreover
   2.151 +  {assume nxs: "\<not> (n \<ge> length (x#xs))" 
   2.152 +    {assume mln: "m < n" hence ?case using prems by (cases m, auto)}
   2.153 +    moreover
   2.154 +    {assume mln: "\<not> (m < n)" 
   2.155 +      
   2.156 +      {assume mxs: "m \<le> length (x#xs)" hence ?case using prems by (cases m, auto)}
   2.157 +      moreover
   2.158 +      {assume mxs: "\<not> (m \<le> length (x#xs))" 
   2.159 +	have th: "length (removen n (x#xs)) = length xs" 
   2.160 +	  using removen_length[where n="n" and xs="x#xs"] nxs by simp
   2.161 +	with mxs have mxs':"m \<ge> length (removen n (x#xs))" by auto
   2.162 +	hence "(removen n (x#xs))!m = [] ! (m - length xs)" 
   2.163 +	  using th nth_length_exceeds[OF mxs'] by auto
   2.164 +	hence th: "(removen n (x#xs))!m = [] ! (m - (length (x#xs) - 1))" 
   2.165 +	  by auto
   2.166 +	hence ?case using nxs mln mxs by auto }
   2.167 +      ultimately have ?case by blast
   2.168 +    }
   2.169 +    ultimately have ?case by blast
   2.170 +    
   2.171 +  }      ultimately show ?case by blast
   2.172 +qed
   2.173 +
   2.174 +lemma decrtm: assumes bnd: "tmboundslt (length bs) t" and nb: "tmbound m t" 
   2.175 +  and nle: "m \<le> length bs" 
   2.176 +  shows "Itm vs (removen m bs) (decrtm m t) = Itm vs bs t"
   2.177 +  using bnd nb nle
   2.178 +  by (induct t rule: decrtm.induct, auto simp add: removen_nth)
   2.179 +
   2.180 +consts tmsubst0:: "tm \<Rightarrow> tm \<Rightarrow> tm"
   2.181 +primrec
   2.182 +  "tmsubst0 t (CP c) = CP c"
   2.183 +  "tmsubst0 t (Bound n) = (if n=0 then t else Bound n)"
   2.184 +  "tmsubst0 t (CNP n c a) = (if n=0 then Add (Mul c t) (tmsubst0 t a) else CNP n c (tmsubst0 t a))"
   2.185 +  "tmsubst0 t (Neg a) = Neg (tmsubst0 t a)"
   2.186 +  "tmsubst0 t (Add a b) = Add (tmsubst0 t a) (tmsubst0 t b)"
   2.187 +  "tmsubst0 t (Sub a b) = Sub (tmsubst0 t a) (tmsubst0 t b)" 
   2.188 +  "tmsubst0 t (Mul i a) = Mul i (tmsubst0 t a)"
   2.189 +lemma tmsubst0:
   2.190 +  shows "Itm vs (x#bs) (tmsubst0 t a) = Itm vs ((Itm vs (x#bs) t)#bs) a"
   2.191 +by (induct a rule: tmsubst0.induct,auto simp add: nth_pos2)
   2.192 +
   2.193 +lemma tmsubst0_nb: "tmbound0 t \<Longrightarrow> tmbound0 (tmsubst0 t a)"
   2.194 +by (induct a rule: tmsubst0.induct,auto simp add: nth_pos2)
   2.195 +
   2.196 +consts tmsubst:: "nat \<Rightarrow> tm \<Rightarrow> tm \<Rightarrow> tm" 
   2.197 +
   2.198 +primrec
   2.199 +  "tmsubst n t (CP c) = CP c"
   2.200 +  "tmsubst n t (Bound m) = (if n=m then t else Bound m)"
   2.201 +  "tmsubst n t (CNP m c a) = (if n=m then Add (Mul c t) (tmsubst n t a) 
   2.202 +             else CNP m c (tmsubst n t a))"
   2.203 +  "tmsubst n t (Neg a) = Neg (tmsubst n t a)"
   2.204 +  "tmsubst n t (Add a b) = Add (tmsubst n t a) (tmsubst n t b)"
   2.205 +  "tmsubst n t (Sub a b) = Sub (tmsubst n t a) (tmsubst n t b)" 
   2.206 +  "tmsubst n t (Mul i a) = Mul i (tmsubst n t a)"
   2.207 +
   2.208 +lemma tmsubst: assumes nb: "tmboundslt (length bs) a" and nlt: "n \<le> length bs"
   2.209 +  shows "Itm vs bs (tmsubst n t a) = Itm vs (bs[n:= Itm vs bs t]) a"
   2.210 +using nb nlt
   2.211 +by (induct a rule: tmsubst0.induct,auto simp add: nth_pos2)
   2.212 +
   2.213 +lemma tmsubst_nb0: assumes tnb: "tmbound0 t"
   2.214 +shows "tmbound0 (tmsubst 0 t a)"
   2.215 +using tnb
   2.216 +by (induct a rule: tmsubst.induct, auto)
   2.217 +
   2.218 +lemma tmsubst_nb: assumes tnb: "tmbound m t"
   2.219 +shows "tmbound m (tmsubst m t a)"
   2.220 +using tnb
   2.221 +by (induct a rule: tmsubst.induct, auto)
   2.222 +lemma incrtm0_tmbound: "tmbound n t \<Longrightarrow> tmbound (Suc n) (incrtm0 t)"
   2.223 +  by (induct t, auto)
   2.224 +  (* Simplification *)
   2.225 +
   2.226 +consts
   2.227 +  simptm:: "tm \<Rightarrow> tm"
   2.228 +  tmadd:: "tm \<times> tm \<Rightarrow> tm"
   2.229 +  tmmul:: "tm \<Rightarrow> poly \<Rightarrow> tm"
   2.230 +recdef tmadd "measure (\<lambda> (t,s). size t + size s)"
   2.231 +  "tmadd (CNP n1 c1 r1,CNP n2 c2 r2) =
   2.232 +  (if n1=n2 then 
   2.233 +  (let c = c1 +\<^sub>p c2
   2.234 +  in if c = 0\<^sub>p then tmadd(r1,r2) else CNP n1 c (tmadd (r1,r2)))
   2.235 +  else if n1 \<le> n2 then (CNP n1 c1 (tmadd (r1,CNP n2 c2 r2))) 
   2.236 +  else (CNP n2 c2 (tmadd (CNP n1 c1 r1,r2))))"
   2.237 +  "tmadd (CNP n1 c1 r1,t) = CNP n1 c1 (tmadd (r1, t))"  
   2.238 +  "tmadd (t,CNP n2 c2 r2) = CNP n2 c2 (tmadd (t,r2))" 
   2.239 +  "tmadd (CP b1, CP b2) = CP (b1 +\<^sub>p b2)"
   2.240 +  "tmadd (a,b) = Add a b"
   2.241 +
   2.242 +lemma tmadd[simp]: "Itm vs bs (tmadd (t,s)) = Itm vs bs (Add t s)"
   2.243 +apply (induct t s rule: tmadd.induct, simp_all add: Let_def)
   2.244 +apply (case_tac "c1 +\<^sub>p c2 = 0\<^sub>p",case_tac "n1 \<le> n2", simp_all)
   2.245 +apply (case_tac "n1 = n2", simp_all add: ring_simps)
   2.246 +apply (simp only: right_distrib[symmetric]) 
   2.247 +by (auto simp del: polyadd simp add: polyadd[symmetric])
   2.248 +
   2.249 +lemma tmadd_nb0[simp]: "\<lbrakk> tmbound0 t ; tmbound0 s\<rbrakk> \<Longrightarrow> tmbound0 (tmadd (t,s))"
   2.250 +by (induct t s rule: tmadd.induct, auto simp add: Let_def)
   2.251 +
   2.252 +lemma tmadd_nb[simp]: "\<lbrakk> tmbound n t ; tmbound n s\<rbrakk> \<Longrightarrow> tmbound n (tmadd (t,s))"
   2.253 +by (induct t s rule: tmadd.induct, auto simp add: Let_def)
   2.254 +lemma tmadd_blt[simp]: "\<lbrakk>tmboundslt n t ; tmboundslt n s\<rbrakk> \<Longrightarrow> tmboundslt n (tmadd (t,s))"
   2.255 +by (induct t s rule: tmadd.induct, auto simp add: Let_def)
   2.256 +
   2.257 +lemma tmadd_allpolys_npoly[simp]: "allpolys isnpoly t \<Longrightarrow> allpolys isnpoly s \<Longrightarrow> allpolys isnpoly (tmadd(t,s))" by (induct t s rule: tmadd.induct, simp_all add: Let_def polyadd_norm)
   2.258 +
   2.259 +recdef tmmul "measure size"
   2.260 +  "tmmul (CP j) = (\<lambda> i. CP (i *\<^sub>p j))"
   2.261 +  "tmmul (CNP n c a) = (\<lambda> i. CNP n (i *\<^sub>p c) (tmmul a i))"
   2.262 +  "tmmul t = (\<lambda> i. Mul i t)"
   2.263 +
   2.264 +lemma tmmul[simp]: "Itm vs bs (tmmul t i) = Itm vs bs (Mul i t)"
   2.265 +by (induct t arbitrary: i rule: tmmul.induct, simp_all add: ring_simps)
   2.266 +
   2.267 +lemma tmmul_nb0[simp]: "tmbound0 t \<Longrightarrow> tmbound0 (tmmul t i)"
   2.268 +by (induct t arbitrary: i rule: tmmul.induct, auto )
   2.269 +
   2.270 +lemma tmmul_nb[simp]: "tmbound n t \<Longrightarrow> tmbound n (tmmul t i)"
   2.271 +by (induct t arbitrary: n rule: tmmul.induct, auto )
   2.272 +lemma tmmul_blt[simp]: "tmboundslt n t \<Longrightarrow> tmboundslt n (tmmul t i)"
   2.273 +by (induct t arbitrary: i rule: tmmul.induct, auto simp add: Let_def)
   2.274 +
   2.275 +lemma tmmul_allpolys_npoly[simp]: 
   2.276 +  assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero, field})"
   2.277 +  shows "allpolys isnpoly t \<Longrightarrow> isnpoly c \<Longrightarrow> allpolys isnpoly (tmmul t c)" by (induct t rule: tmmul.induct, simp_all add: Let_def polymul_norm)
   2.278 +
   2.279 +constdefs tmneg :: "tm \<Rightarrow> tm"
   2.280 +  "tmneg t \<equiv> tmmul t (C (- 1,1))"
   2.281 +
   2.282 +constdefs tmsub :: "tm \<Rightarrow> tm \<Rightarrow> tm"
   2.283 +  "tmsub s t \<equiv> (if s = t then CP 0\<^sub>p else tmadd (s,tmneg t))"
   2.284 +
   2.285 +lemma tmneg[simp]: "Itm vs bs (tmneg t) = Itm vs bs (Neg t)"
   2.286 +using tmneg_def[of t] 
   2.287 +apply simp
   2.288 +apply (subst number_of_Min)
   2.289 +apply (simp only: of_int_minus)
   2.290 +apply simp
   2.291 +done
   2.292 +
   2.293 +lemma tmneg_nb0[simp]: "tmbound0 t \<Longrightarrow> tmbound0 (tmneg t)"
   2.294 +using tmneg_def by simp
   2.295 +
   2.296 +lemma tmneg_nb[simp]: "tmbound n t \<Longrightarrow> tmbound n (tmneg t)"
   2.297 +using tmneg_def by simp
   2.298 +lemma tmneg_blt[simp]: "tmboundslt n t \<Longrightarrow> tmboundslt n (tmneg t)"
   2.299 +using tmneg_def by simp
   2.300 +lemma [simp]: "isnpoly (C (-1,1))" unfolding isnpoly_def by simp
   2.301 +lemma tmneg_allpolys_npoly[simp]: 
   2.302 +  assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero, field})"
   2.303 +  shows "allpolys isnpoly t \<Longrightarrow> allpolys isnpoly (tmneg t)" 
   2.304 +  unfolding tmneg_def by auto
   2.305 +
   2.306 +lemma tmsub[simp]: "Itm vs bs (tmsub a b) = Itm vs bs (Sub a b)"
   2.307 +using tmsub_def by simp
   2.308 +
   2.309 +lemma tmsub_nb0[simp]: "\<lbrakk> tmbound0 t ; tmbound0 s\<rbrakk> \<Longrightarrow> tmbound0 (tmsub t s)"
   2.310 +using tmsub_def by simp
   2.311 +lemma tmsub_nb[simp]: "\<lbrakk> tmbound n t ; tmbound n s\<rbrakk> \<Longrightarrow> tmbound n (tmsub t s)"
   2.312 +using tmsub_def by simp
   2.313 +lemma tmsub_blt[simp]: "\<lbrakk>tmboundslt n t ; tmboundslt n s\<rbrakk> \<Longrightarrow> tmboundslt n (tmsub t s )"
   2.314 +using tmsub_def by simp
   2.315 +lemma tmsub_allpolys_npoly[simp]: 
   2.316 +  assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero, field})"
   2.317 +  shows "allpolys isnpoly t \<Longrightarrow> allpolys isnpoly s \<Longrightarrow> allpolys isnpoly (tmsub t s)" 
   2.318 +  unfolding tmsub_def by (simp add: isnpoly_def)
   2.319 +
   2.320 +recdef simptm "measure size"
   2.321 +  "simptm (CP j) = CP (polynate j)"
   2.322 +  "simptm (Bound n) = CNP n 1\<^sub>p (CP 0\<^sub>p)"
   2.323 +  "simptm (Neg t) = tmneg (simptm t)"
   2.324 +  "simptm (Add t s) = tmadd (simptm t,simptm s)"
   2.325 +  "simptm (Sub t s) = tmsub (simptm t) (simptm s)"
   2.326 +  "simptm (Mul i t) = (let i' = polynate i in if i' = 0\<^sub>p then CP 0\<^sub>p else tmmul (simptm t) i')"
   2.327 +  "simptm (CNP n c t) = (let c' = polynate c in if c' = 0\<^sub>p then simptm t else tmadd (CNP n c' (CP 0\<^sub>p ), simptm t))"
   2.328 +
   2.329 +lemma polynate_stupid: 
   2.330 +  assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero, field})"
   2.331 +  shows "polynate t = 0\<^sub>p \<Longrightarrow> Ipoly bs t = (0::'a::{ring_char_0,division_by_zero, field})" 
   2.332 +apply (subst polynate[symmetric])
   2.333 +apply simp
   2.334 +done
   2.335 +
   2.336 +lemma simptm_ci[simp]: "Itm vs bs (simptm t) = Itm vs bs t"
   2.337 +by (induct t rule: simptm.induct, auto simp add: tmneg tmadd tmsub tmmul Let_def polynate_stupid) 
   2.338 +
   2.339 +lemma simptm_tmbound0[simp]: 
   2.340 +  "tmbound0 t \<Longrightarrow> tmbound0 (simptm t)"
   2.341 +by (induct t rule: simptm.induct, auto simp add: Let_def)
   2.342 +
   2.343 +lemma simptm_nb[simp]: "tmbound n t \<Longrightarrow> tmbound n (simptm t)"
   2.344 +by (induct t rule: simptm.induct, auto simp add: Let_def)
   2.345 +lemma simptm_nlt[simp]: "tmboundslt n t \<Longrightarrow> tmboundslt n (simptm t)"
   2.346 +by (induct t rule: simptm.induct, auto simp add: Let_def)
   2.347 +
   2.348 +lemma [simp]: "isnpoly 0\<^sub>p" and [simp]: "isnpoly (C(1,1))" 
   2.349 +  by (simp_all add: isnpoly_def)
   2.350 +lemma simptm_allpolys_npoly[simp]: 
   2.351 +  assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero, field})"
   2.352 +  shows "allpolys isnpoly (simptm p)"
   2.353 +  by (induct p rule: simptm.induct, auto simp add: Let_def)
   2.354 +
   2.355 +consts split0 :: "tm \<Rightarrow> (poly \<times> tm)"
   2.356 +recdef split0 "measure tmsize"
   2.357 +  "split0 (Bound 0) = (1\<^sub>p, CP 0\<^sub>p)"
   2.358 +  "split0 (CNP 0 c t) = (let (c',t') = split0 t in (c +\<^sub>p c',t'))"
   2.359 +  "split0 (Neg t) = (let (c,t') = split0 t in (~\<^sub>p c,Neg t'))"
   2.360 +  "split0 (CNP n c t) = (let (c',t') = split0 t in (c',CNP n c t'))"
   2.361 +  "split0 (Add s t) = (let (c1,s') = split0 s ; (c2,t') = split0 t in (c1 +\<^sub>p c2, Add s' t'))"
   2.362 +  "split0 (Sub s t) = (let (c1,s') = split0 s ; (c2,t') = split0 t in (c1 -\<^sub>p c2, Sub s' t'))"
   2.363 +  "split0 (Mul c t) = (let (c',t') = split0 t in (c *\<^sub>p c', Mul c t'))"
   2.364 +  "split0 t = (0\<^sub>p, t)"
   2.365 +
   2.366 +lemma split0_stupid[simp]: "\<exists>x y. (x,y) = split0 p"
   2.367 +  apply (rule exI[where x="fst (split0 p)"])
   2.368 +  apply (rule exI[where x="snd (split0 p)"])
   2.369 +  by simp
   2.370 +
   2.371 +lemma split0:
   2.372 +  "tmbound 0 (snd (split0 t)) \<and> (Itm vs bs (CNP 0 (fst (split0 t)) (snd (split0 t))) = Itm vs bs t)"
   2.373 +  apply (induct t rule: split0.induct)
   2.374 +  apply simp
   2.375 +  apply (simp add: Let_def split_def ring_simps)
   2.376 +  apply (simp add: Let_def split_def ring_simps)
   2.377 +  apply (simp add: Let_def split_def ring_simps)
   2.378 +  apply (simp add: Let_def split_def ring_simps)
   2.379 +  apply (simp add: Let_def split_def ring_simps)
   2.380 +  apply (simp add: Let_def split_def mult_assoc right_distrib[symmetric])
   2.381 +  apply (simp add: Let_def split_def ring_simps)
   2.382 +  apply (simp add: Let_def split_def ring_simps)
   2.383 +  done
   2.384 +
   2.385 +lemma split0_ci: "split0 t = (c',t') \<Longrightarrow> Itm vs bs t = Itm vs bs (CNP 0 c' t')"
   2.386 +proof-
   2.387 +  fix c' t'
   2.388 +  assume "split0 t = (c', t')" hence "c' = fst (split0 t)" and "t' = snd (split0 t)" by auto
   2.389 +  with split0[where t="t" and bs="bs"] show "Itm vs bs t = Itm vs bs (CNP 0 c' t')" by simp
   2.390 +qed
   2.391 +
   2.392 +lemma split0_nb0: 
   2.393 +  assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero, field})"
   2.394 +  shows "split0 t = (c',t') \<Longrightarrow>  tmbound 0 t'"
   2.395 +proof-
   2.396 +  fix c' t'
   2.397 +  assume "split0 t = (c', t')" hence "c' = fst (split0 t)" and "t' = snd (split0 t)" by auto
   2.398 +  with conjunct1[OF split0[where t="t"]] show "tmbound 0 t'" by simp
   2.399 +qed
   2.400 +
   2.401 +lemma split0_nb0'[simp]:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero, field})"
   2.402 +  shows "tmbound0 (snd (split0 t))"
   2.403 +  using split0_nb0[of t "fst (split0 t)" "snd (split0 t)"] by (simp add: tmbound0_tmbound_iff)
   2.404 +
   2.405 +
   2.406 +lemma split0_nb: assumes nb:"tmbound n t" shows "tmbound n (snd (split0 t))"
   2.407 +  using nb by (induct t rule: split0.induct, auto simp add: Let_def split_def split0_stupid)
   2.408 +
   2.409 +lemma split0_blt: assumes nb:"tmboundslt n t" shows "tmboundslt n (snd (split0 t))"
   2.410 +  using nb by (induct t rule: split0.induct, auto simp add: Let_def split_def split0_stupid)
   2.411 +
   2.412 +lemma tmbound_split0: "tmbound 0 t \<Longrightarrow> Ipoly vs (fst(split0 t)) = 0"
   2.413 + by (induct t rule: split0.induct, auto simp add: Let_def split_def split0_stupid)
   2.414 +
   2.415 +lemma tmboundslt_split0: "tmboundslt n t \<Longrightarrow> Ipoly vs (fst(split0 t)) = 0 \<or> n > 0"
   2.416 +by (induct t rule: split0.induct, auto simp add: Let_def split_def split0_stupid)
   2.417 +
   2.418 +lemma tmboundslt0_split0: "tmboundslt 0 t \<Longrightarrow> Ipoly vs (fst(split0 t)) = 0"
   2.419 + by (induct t rule: split0.induct, auto simp add: Let_def split_def split0_stupid)
   2.420 +
   2.421 +lemma allpolys_split0: "allpolys isnpoly p \<Longrightarrow> allpolys isnpoly (snd (split0 p))"
   2.422 +by (induct p rule: split0.induct, auto simp  add: isnpoly_def Let_def split_def split0_stupid)
   2.423 +
   2.424 +lemma isnpoly_fst_split0:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero, field})"
   2.425 +  shows 
   2.426 +  "allpolys isnpoly p \<Longrightarrow> isnpoly (fst (split0 p))"
   2.427 +  by (induct p rule: split0.induct, 
   2.428 +    auto simp  add: polyadd_norm polysub_norm polyneg_norm polymul_norm 
   2.429 +    Let_def split_def split0_stupid)
   2.430 +
   2.431 +subsection{* Formulae *}
   2.432 +
   2.433 +datatype fm  =  T| F| Le tm | Lt tm | Eq tm | NEq tm|
   2.434 +  NOT fm| And fm fm|  Or fm fm| Imp fm fm| Iff fm fm| E fm| A fm
   2.435 +
   2.436 +
   2.437 +  (* A size for fm *)
   2.438 +consts fmsize :: "fm \<Rightarrow> nat"
   2.439 +recdef fmsize "measure size"
   2.440 +  "fmsize (NOT p) = 1 + fmsize p"
   2.441 +  "fmsize (And p q) = 1 + fmsize p + fmsize q"
   2.442 +  "fmsize (Or p q) = 1 + fmsize p + fmsize q"
   2.443 +  "fmsize (Imp p q) = 3 + fmsize p + fmsize q"
   2.444 +  "fmsize (Iff p q) = 3 + 2*(fmsize p + fmsize q)"
   2.445 +  "fmsize (E p) = 1 + fmsize p"
   2.446 +  "fmsize (A p) = 4+ fmsize p"
   2.447 +  "fmsize p = 1"
   2.448 +  (* several lemmas about fmsize *)
   2.449 +lemma fmsize_pos: "fmsize p > 0"	
   2.450 +by (induct p rule: fmsize.induct) simp_all
   2.451 +
   2.452 +  (* Semantics of formulae (fm) *)
   2.453 +consts Ifm ::"'a::{division_by_zero,ordered_field} list \<Rightarrow> 'a list \<Rightarrow> fm \<Rightarrow> bool"
   2.454 +primrec
   2.455 +  "Ifm vs bs T = True"
   2.456 +  "Ifm vs bs F = False"
   2.457 +  "Ifm vs bs (Lt a) = (Itm vs bs a < 0)"
   2.458 +  "Ifm vs bs (Le a) = (Itm vs bs a \<le> 0)"
   2.459 +  "Ifm vs bs (Eq a) = (Itm vs bs a = 0)"
   2.460 +  "Ifm vs bs (NEq a) = (Itm vs bs a \<noteq> 0)"
   2.461 +  "Ifm vs bs (NOT p) = (\<not> (Ifm vs bs p))"
   2.462 +  "Ifm vs bs (And p q) = (Ifm vs bs p \<and> Ifm vs bs q)"
   2.463 +  "Ifm vs bs (Or p q) = (Ifm vs bs p \<or> Ifm vs bs q)"
   2.464 +  "Ifm vs bs (Imp p q) = ((Ifm vs bs p) \<longrightarrow> (Ifm vs bs q))"
   2.465 +  "Ifm vs bs (Iff p q) = (Ifm vs bs p = Ifm vs bs q)"
   2.466 +  "Ifm vs bs (E p) = (\<exists> x. Ifm vs (x#bs) p)"
   2.467 +  "Ifm vs bs (A p) = (\<forall> x. Ifm vs (x#bs) p)"
   2.468 +
   2.469 +consts not:: "fm \<Rightarrow> fm"
   2.470 +recdef not "measure size"
   2.471 +  "not (NOT (NOT p)) = not p"
   2.472 +  "not (NOT p) = p"
   2.473 +  "not T = F"
   2.474 +  "not F = T"
   2.475 +  "not (Lt t) = Le (tmneg t)"
   2.476 +  "not (Le t) = Lt (tmneg t)"
   2.477 +  "not (Eq t) = NEq t"
   2.478 +  "not (NEq t) = Eq t"
   2.479 +  "not p = NOT p"
   2.480 +lemma not[simp]: "Ifm vs bs (not p) = Ifm vs bs (NOT p)"
   2.481 +by (induct p rule: not.induct) auto
   2.482 +
   2.483 +constdefs conj :: "fm \<Rightarrow> fm \<Rightarrow> fm"
   2.484 +  "conj p q \<equiv> (if (p = F \<or> q=F) then F else if p=T then q else if q=T then p else 
   2.485 +   if p = q then p else And p q)"
   2.486 +lemma conj[simp]: "Ifm vs bs (conj p q) = Ifm vs bs (And p q)"
   2.487 +by (cases "p=F \<or> q=F",simp_all add: conj_def) (cases p,simp_all)
   2.488 +
   2.489 +constdefs disj :: "fm \<Rightarrow> fm \<Rightarrow> fm"
   2.490 +  "disj p q \<equiv> (if (p = T \<or> q=T) then T else if p=F then q else if q=F then p 
   2.491 +       else if p=q then p else Or p q)"
   2.492 +
   2.493 +lemma disj[simp]: "Ifm vs bs (disj p q) = Ifm vs bs (Or p q)"
   2.494 +by (cases "p=T \<or> q=T",simp_all add: disj_def) (cases p,simp_all)
   2.495 +
   2.496 +constdefs  imp :: "fm \<Rightarrow> fm \<Rightarrow> fm"
   2.497 +  "imp p q \<equiv> (if (p = F \<or> q=T \<or> p=q) then T else if p=T then q else if q=F then not p 
   2.498 +    else Imp p q)"
   2.499 +lemma imp[simp]: "Ifm vs bs (imp p q) = Ifm vs bs (Imp p q)"
   2.500 +by (cases "p=F \<or> q=T",simp_all add: imp_def) 
   2.501 +
   2.502 +constdefs   iff :: "fm \<Rightarrow> fm \<Rightarrow> fm"
   2.503 +  "iff p q \<equiv> (if (p = q) then T else if (p = NOT q \<or> NOT p = q) then F else 
   2.504 +       if p=F then not q else if q=F then not p else if p=T then q else if q=T then p else 
   2.505 +  Iff p q)"
   2.506 +lemma iff[simp]: "Ifm vs bs (iff p q) = Ifm vs bs (Iff p q)"
   2.507 +  by (unfold iff_def,cases "p=q", simp,cases "p=NOT q", simp) (cases "NOT p= q", auto)
   2.508 +  (* Quantifier freeness *)
   2.509 +consts qfree:: "fm \<Rightarrow> bool"
   2.510 +recdef qfree "measure size"
   2.511 +  "qfree (E p) = False"
   2.512 +  "qfree (A p) = False"
   2.513 +  "qfree (NOT p) = qfree p" 
   2.514 +  "qfree (And p q) = (qfree p \<and> qfree q)" 
   2.515 +  "qfree (Or  p q) = (qfree p \<and> qfree q)" 
   2.516 +  "qfree (Imp p q) = (qfree p \<and> qfree q)" 
   2.517 +  "qfree (Iff p q) = (qfree p \<and> qfree q)"
   2.518 +  "qfree p = True"
   2.519 +
   2.520 +  (* Boundedness and substitution *)
   2.521 +
   2.522 +consts boundslt :: "nat \<Rightarrow> fm \<Rightarrow> bool"
   2.523 +primrec
   2.524 +  "boundslt n T = True"
   2.525 +  "boundslt n F = True"
   2.526 +  "boundslt n (Lt t) = (tmboundslt n t)"
   2.527 +  "boundslt n (Le t) = (tmboundslt n t)"
   2.528 +  "boundslt n (Eq t) = (tmboundslt n t)"
   2.529 +  "boundslt n (NEq t) = (tmboundslt n t)"
   2.530 +  "boundslt n (NOT p) = boundslt n p"
   2.531 +  "boundslt n (And p q) = (boundslt n p \<and> boundslt n q)"
   2.532 +  "boundslt n (Or p q) = (boundslt n p \<and> boundslt n q)"
   2.533 +  "boundslt n (Imp p q) = ((boundslt n p) \<and> (boundslt n q))"
   2.534 +  "boundslt n (Iff p q) = (boundslt n p \<and> boundslt n q)"
   2.535 +  "boundslt n (E p) = boundslt (Suc n) p"
   2.536 +  "boundslt n (A p) = boundslt (Suc n) p"
   2.537 +
   2.538 +consts 
   2.539 +  bound0:: "fm \<Rightarrow> bool" (* A Formula is independent of Bound 0 *)
   2.540 +  bound:: "nat \<Rightarrow> fm \<Rightarrow> bool" (* A Formula is independent of Bound n *)
   2.541 +  decr0 :: "fm \<Rightarrow> fm"
   2.542 +  decr :: "nat \<Rightarrow> fm \<Rightarrow> fm"
   2.543 +recdef bound0 "measure size"
   2.544 +  "bound0 T = True"
   2.545 +  "bound0 F = True"
   2.546 +  "bound0 (Lt a) = tmbound0 a"
   2.547 +  "bound0 (Le a) = tmbound0 a"
   2.548 +  "bound0 (Eq a) = tmbound0 a"
   2.549 +  "bound0 (NEq a) = tmbound0 a"
   2.550 +  "bound0 (NOT p) = bound0 p"
   2.551 +  "bound0 (And p q) = (bound0 p \<and> bound0 q)"
   2.552 +  "bound0 (Or p q) = (bound0 p \<and> bound0 q)"
   2.553 +  "bound0 (Imp p q) = ((bound0 p) \<and> (bound0 q))"
   2.554 +  "bound0 (Iff p q) = (bound0 p \<and> bound0 q)"
   2.555 +  "bound0 p = False"
   2.556 +lemma bound0_I:
   2.557 +  assumes bp: "bound0 p"
   2.558 +  shows "Ifm vs (b#bs) p = Ifm vs (b'#bs) p"
   2.559 +using bp tmbound0_I[where b="b" and bs="bs" and b'="b'"]
   2.560 +by (induct p rule: bound0.induct,auto simp add: nth_pos2)
   2.561 +
   2.562 +primrec
   2.563 +  "bound m T = True"
   2.564 +  "bound m F = True"
   2.565 +  "bound m (Lt t) = tmbound m t"
   2.566 +  "bound m (Le t) = tmbound m t"
   2.567 +  "bound m (Eq t) = tmbound m t"
   2.568 +  "bound m (NEq t) = tmbound m t"
   2.569 +  "bound m (NOT p) = bound m p"
   2.570 +  "bound m (And p q) = (bound m p \<and> bound m q)"
   2.571 +  "bound m (Or p q) = (bound m p \<and> bound m q)"
   2.572 +  "bound m (Imp p q) = ((bound m p) \<and> (bound m q))"
   2.573 +  "bound m (Iff p q) = (bound m p \<and> bound m q)"
   2.574 +  "bound m (E p) = bound (Suc m) p"
   2.575 +  "bound m (A p) = bound (Suc m) p"
   2.576 +
   2.577 +lemma bound_I:
   2.578 +  assumes bnd: "boundslt (length bs) p" and nb: "bound n p" and le: "n \<le> length bs"
   2.579 +  shows "Ifm vs (bs[n:=x]) p = Ifm vs bs p"
   2.580 +  using bnd nb le tmbound_I[where bs=bs and vs = vs]
   2.581 +proof(induct p arbitrary: bs n rule: bound.induct)
   2.582 +  case (E p bs n) 
   2.583 +  {fix y
   2.584 +    from prems have bnd: "boundslt (length (y#bs)) p" 
   2.585 +      and nb: "bound (Suc n) p" and le: "Suc n \<le> length (y#bs)" by simp+
   2.586 +    from E.hyps[OF bnd nb le tmbound_I] have "Ifm vs ((y#bs)[Suc n:=x]) p = Ifm vs (y#bs) p" .   }
   2.587 +  thus ?case by simp 
   2.588 +next
   2.589 +  case (A p bs n) {fix y
   2.590 +    from prems have bnd: "boundslt (length (y#bs)) p" 
   2.591 +      and nb: "bound (Suc n) p" and le: "Suc n \<le> length (y#bs)" by simp+
   2.592 +    from A.hyps[OF bnd nb le tmbound_I] have "Ifm vs ((y#bs)[Suc n:=x]) p = Ifm vs (y#bs) p" .   }
   2.593 +  thus ?case by simp 
   2.594 +qed auto
   2.595 +
   2.596 +recdef decr0 "measure size"
   2.597 +  "decr0 (Lt a) = Lt (decrtm0 a)"
   2.598 +  "decr0 (Le a) = Le (decrtm0 a)"
   2.599 +  "decr0 (Eq a) = Eq (decrtm0 a)"
   2.600 +  "decr0 (NEq a) = NEq (decrtm0 a)"
   2.601 +  "decr0 (NOT p) = NOT (decr0 p)" 
   2.602 +  "decr0 (And p q) = conj (decr0 p) (decr0 q)"
   2.603 +  "decr0 (Or p q) = disj (decr0 p) (decr0 q)"
   2.604 +  "decr0 (Imp p q) = imp (decr0 p) (decr0 q)"
   2.605 +  "decr0 (Iff p q) = iff (decr0 p) (decr0 q)"
   2.606 +  "decr0 p = p"
   2.607 +
   2.608 +lemma decr0: assumes nb: "bound0 p"
   2.609 +  shows "Ifm vs (x#bs) p = Ifm vs bs (decr0 p)"
   2.610 +  using nb 
   2.611 +  by (induct p rule: decr0.induct, simp_all add: decrtm0)
   2.612 +
   2.613 +primrec
   2.614 +  "decr m T = T"
   2.615 +  "decr m F = F"
   2.616 +  "decr m (Lt t) = (Lt (decrtm m t))"
   2.617 +  "decr m (Le t) = (Le (decrtm m t))"
   2.618 +  "decr m (Eq t) = (Eq (decrtm m t))"
   2.619 +  "decr m (NEq t) = (NEq (decrtm m t))"
   2.620 +  "decr m (NOT p) = NOT (decr m p)" 
   2.621 +  "decr m (And p q) = conj (decr m p) (decr m q)"
   2.622 +  "decr m (Or p q) = disj (decr m p) (decr m q)"
   2.623 +  "decr m (Imp p q) = imp (decr m p) (decr m q)"
   2.624 +  "decr m (Iff p q) = iff (decr m p) (decr m q)"
   2.625 +  "decr m (E p) = E (decr (Suc m) p)"
   2.626 +  "decr m (A p) = A (decr (Suc m) p)"
   2.627 +
   2.628 +lemma decr: assumes  bnd: "boundslt (length bs) p" and nb: "bound m p" 
   2.629 +  and nle: "m < length bs" 
   2.630 +  shows "Ifm vs (removen m bs) (decr m p) = Ifm vs bs p"
   2.631 +  using bnd nb nle
   2.632 +proof(induct p arbitrary: bs m rule: decr.induct)
   2.633 +  case (E p bs m) 
   2.634 +  {fix x
   2.635 +    from prems have bnd: "boundslt (length (x#bs)) p" and nb: "bound (Suc m) p" 
   2.636 +  and nle: "Suc m < length (x#bs)" by auto
   2.637 +    from prems(4)[OF bnd nb nle] have "Ifm vs (removen (Suc m) (x#bs)) (decr (Suc m) p) = Ifm vs (x#bs) p".
   2.638 +  } thus ?case by auto 
   2.639 +next
   2.640 +  case (A p bs m)  
   2.641 +  {fix x
   2.642 +    from prems have bnd: "boundslt (length (x#bs)) p" and nb: "bound (Suc m) p" 
   2.643 +  and nle: "Suc m < length (x#bs)" by auto
   2.644 +    from prems(4)[OF bnd nb nle] have "Ifm vs (removen (Suc m) (x#bs)) (decr (Suc m) p) = Ifm vs (x#bs) p".
   2.645 +  } thus ?case by auto
   2.646 +qed (auto simp add: decrtm removen_nth)
   2.647 +
   2.648 +consts
   2.649 +  subst0:: "tm \<Rightarrow> fm \<Rightarrow> fm"
   2.650 +
   2.651 +primrec
   2.652 +  "subst0 t T = T"
   2.653 +  "subst0 t F = F"
   2.654 +  "subst0 t (Lt a) = Lt (tmsubst0 t a)"
   2.655 +  "subst0 t (Le a) = Le (tmsubst0 t a)"
   2.656 +  "subst0 t (Eq a) = Eq (tmsubst0 t a)"
   2.657 +  "subst0 t (NEq a) = NEq (tmsubst0 t a)"
   2.658 +  "subst0 t (NOT p) = NOT (subst0 t p)"
   2.659 +  "subst0 t (And p q) = And (subst0 t p) (subst0 t q)"
   2.660 +  "subst0 t (Or p q) = Or (subst0 t p) (subst0 t q)"
   2.661 +  "subst0 t (Imp p q) = Imp (subst0 t p)  (subst0 t q)"
   2.662 +  "subst0 t (Iff p q) = Iff (subst0 t p) (subst0 t q)"
   2.663 +  "subst0 t (E p) = E p"
   2.664 +  "subst0 t (A p) = A p"
   2.665 +
   2.666 +lemma subst0: assumes qf: "qfree p"
   2.667 +  shows "Ifm vs (x#bs) (subst0 t p) = Ifm vs ((Itm vs (x#bs) t)#bs) p"
   2.668 +using qf tmsubst0[where x="x" and bs="bs" and t="t"]
   2.669 +by (induct p rule: subst0.induct, auto)
   2.670 +
   2.671 +lemma subst0_nb:
   2.672 +  assumes bp: "tmbound0 t" and qf: "qfree p"
   2.673 +  shows "bound0 (subst0 t p)"
   2.674 +using qf tmsubst0_nb[OF bp] bp
   2.675 +by (induct p rule: subst0.induct, auto)
   2.676 +
   2.677 +consts   subst:: "nat \<Rightarrow> tm \<Rightarrow> fm \<Rightarrow> fm" 
   2.678 +primrec
   2.679 +  "subst n t T = T"
   2.680 +  "subst n t F = F"
   2.681 +  "subst n t (Lt a) = Lt (tmsubst n t a)"
   2.682 +  "subst n t (Le a) = Le (tmsubst n t a)"
   2.683 +  "subst n t (Eq a) = Eq (tmsubst n t a)"
   2.684 +  "subst n t (NEq a) = NEq (tmsubst n t a)"
   2.685 +  "subst n t (NOT p) = NOT (subst n t p)"
   2.686 +  "subst n t (And p q) = And (subst n t p) (subst n t q)"
   2.687 +  "subst n t (Or p q) = Or (subst n t p) (subst n t q)"
   2.688 +  "subst n t (Imp p q) = Imp (subst n t p)  (subst n t q)"
   2.689 +  "subst n t (Iff p q) = Iff (subst n t p) (subst n t q)"
   2.690 +  "subst n t (E p) = E (subst (Suc n) (incrtm0 t) p)"
   2.691 +  "subst n t (A p) = A (subst (Suc n) (incrtm0 t) p)"
   2.692 +
   2.693 +lemma subst: assumes nb: "boundslt (length bs) p" and nlm: "n \<le> length bs"
   2.694 +  shows "Ifm vs bs (subst n t p) = Ifm vs (bs[n:= Itm vs bs t]) p"
   2.695 +  using nb nlm
   2.696 +proof (induct p arbitrary: bs n t rule: subst0.induct)
   2.697 +  case (E p bs n) 
   2.698 +  {fix x 
   2.699 +    from prems have bn: "boundslt (length (x#bs)) p" by simp 
   2.700 +      from prems have nlm: "Suc n \<le> length (x#bs)" by simp
   2.701 +    from prems(3)[OF bn nlm] have "Ifm vs (x#bs) (subst (Suc n) (incrtm0 t) p) = Ifm vs ((x#bs)[Suc n:= Itm vs (x#bs) (incrtm0 t)]) p" by simp 
   2.702 +    hence "Ifm vs (x#bs) (subst (Suc n) (incrtm0 t) p) = Ifm vs (x#bs[n:= Itm vs bs t]) p"
   2.703 +    by (simp add: incrtm0[where x="x" and bs="bs" and t="t"]) }  
   2.704 +thus ?case by simp 
   2.705 +next
   2.706 +  case (A p bs n)   
   2.707 +  {fix x 
   2.708 +    from prems have bn: "boundslt (length (x#bs)) p" by simp 
   2.709 +      from prems have nlm: "Suc n \<le> length (x#bs)" by simp
   2.710 +    from prems(3)[OF bn nlm] have "Ifm vs (x#bs) (subst (Suc n) (incrtm0 t) p) = Ifm vs ((x#bs)[Suc n:= Itm vs (x#bs) (incrtm0 t)]) p" by simp 
   2.711 +    hence "Ifm vs (x#bs) (subst (Suc n) (incrtm0 t) p) = Ifm vs (x#bs[n:= Itm vs bs t]) p"
   2.712 +    by (simp add: incrtm0[where x="x" and bs="bs" and t="t"]) }  
   2.713 +thus ?case by simp 
   2.714 +qed(auto simp add: tmsubst)
   2.715 +
   2.716 +lemma subst_nb: assumes tnb: "tmbound m t"
   2.717 +shows "bound m (subst m t p)"
   2.718 +using tnb tmsubst_nb incrtm0_tmbound
   2.719 +by (induct p arbitrary: m t rule: subst.induct, auto)
   2.720 +
   2.721 +lemma not_qf[simp]: "qfree p \<Longrightarrow> qfree (not p)"
   2.722 +by (induct p rule: not.induct, auto)
   2.723 +lemma not_bn0[simp]: "bound0 p \<Longrightarrow> bound0 (not p)"
   2.724 +by (induct p rule: not.induct, auto)
   2.725 +lemma not_nb[simp]: "bound n p \<Longrightarrow> bound n (not p)"
   2.726 +by (induct p rule: not.induct, auto)
   2.727 +lemma not_blt[simp]: "boundslt n p \<Longrightarrow> boundslt n (not p)"
   2.728 + by (induct p rule: not.induct, auto)
   2.729 +
   2.730 +lemma conj_qf[simp]: "\<lbrakk>qfree p ; qfree q\<rbrakk> \<Longrightarrow> qfree (conj p q)"
   2.731 +using conj_def by auto 
   2.732 +lemma conj_nb0[simp]: "\<lbrakk>bound0 p ; bound0 q\<rbrakk> \<Longrightarrow> bound0 (conj p q)"
   2.733 +using conj_def by auto 
   2.734 +lemma conj_nb[simp]: "\<lbrakk>bound n p ; bound n q\<rbrakk> \<Longrightarrow> bound n (conj p q)"
   2.735 +using conj_def by auto 
   2.736 +lemma conj_blt[simp]: "boundslt n p \<Longrightarrow> boundslt n q \<Longrightarrow> boundslt n (conj p q)"
   2.737 +using conj_def by auto 
   2.738 +
   2.739 +lemma disj_qf[simp]: "\<lbrakk>qfree p ; qfree q\<rbrakk> \<Longrightarrow> qfree (disj p q)"
   2.740 +using disj_def by auto 
   2.741 +lemma disj_nb0[simp]: "\<lbrakk>bound0 p ; bound0 q\<rbrakk> \<Longrightarrow> bound0 (disj p q)"
   2.742 +using disj_def by auto 
   2.743 +lemma disj_nb[simp]: "\<lbrakk>bound n p ; bound n q\<rbrakk> \<Longrightarrow> bound n (disj p q)"
   2.744 +using disj_def by auto 
   2.745 +lemma disj_blt[simp]: "boundslt n p \<Longrightarrow> boundslt n q \<Longrightarrow> boundslt n (disj p q)"
   2.746 +using disj_def by auto 
   2.747 +
   2.748 +lemma imp_qf[simp]: "\<lbrakk>qfree p ; qfree q\<rbrakk> \<Longrightarrow> qfree (imp p q)"
   2.749 +using imp_def by (cases "p=F \<or> q=T",simp_all add: imp_def)
   2.750 +lemma imp_nb0[simp]: "\<lbrakk>bound0 p ; bound0 q\<rbrakk> \<Longrightarrow> bound0 (imp p q)"
   2.751 +using imp_def by (cases "p=F \<or> q=T \<or> p=q",simp_all add: imp_def)
   2.752 +lemma imp_nb[simp]: "\<lbrakk>bound n p ; bound n q\<rbrakk> \<Longrightarrow> bound n (imp p q)"
   2.753 +using imp_def by (cases "p=F \<or> q=T \<or> p=q",simp_all add: imp_def)
   2.754 +lemma imp_blt[simp]: "boundslt n p \<Longrightarrow> boundslt n q \<Longrightarrow> boundslt n (imp p q)"
   2.755 +using imp_def by auto 
   2.756 +
   2.757 +lemma iff_qf[simp]: "\<lbrakk>qfree p ; qfree q\<rbrakk> \<Longrightarrow> qfree (iff p q)"
   2.758 +  by (unfold iff_def,cases "p=q", auto)
   2.759 +lemma iff_nb0[simp]: "\<lbrakk>bound0 p ; bound0 q\<rbrakk> \<Longrightarrow> bound0 (iff p q)"
   2.760 +using iff_def by (unfold iff_def,cases "p=q", auto)
   2.761 +lemma iff_nb[simp]: "\<lbrakk>bound n p ; bound n q\<rbrakk> \<Longrightarrow> bound n (iff p q)"
   2.762 +using iff_def by (unfold iff_def,cases "p=q", auto)
   2.763 +lemma iff_blt[simp]: "boundslt n p \<Longrightarrow> boundslt n q \<Longrightarrow> boundslt n (iff p q)"
   2.764 +using iff_def by auto 
   2.765 +lemma decr0_qf: "bound0 p \<Longrightarrow> qfree (decr0 p)"
   2.766 +by (induct p, simp_all)
   2.767 +
   2.768 +consts 
   2.769 +  isatom :: "fm \<Rightarrow> bool" (* test for atomicity *)
   2.770 +recdef isatom "measure size"
   2.771 +  "isatom T = True"
   2.772 +  "isatom F = True"
   2.773 +  "isatom (Lt a) = True"
   2.774 +  "isatom (Le a) = True"
   2.775 +  "isatom (Eq a) = True"
   2.776 +  "isatom (NEq a) = True"
   2.777 +  "isatom p = False"
   2.778 +
   2.779 +lemma bound0_qf: "bound0 p \<Longrightarrow> qfree p"
   2.780 +by (induct p, simp_all)
   2.781 +
   2.782 +constdefs djf:: "('a \<Rightarrow> fm) \<Rightarrow> 'a \<Rightarrow> fm \<Rightarrow> fm"
   2.783 +  "djf f p q \<equiv> (if q=T then T else if q=F then f p else 
   2.784 +  (let fp = f p in case fp of T \<Rightarrow> T | F \<Rightarrow> q | _ \<Rightarrow> Or (f p) q))"
   2.785 +constdefs evaldjf:: "('a \<Rightarrow> fm) \<Rightarrow> 'a list \<Rightarrow> fm"
   2.786 +  "evaldjf f ps \<equiv> foldr (djf f) ps F"
   2.787 +
   2.788 +lemma djf_Or: "Ifm vs bs (djf f p q) = Ifm vs bs (Or (f p) q)"
   2.789 +by (cases "q=T", simp add: djf_def,cases "q=F",simp add: djf_def) 
   2.790 +(cases "f p", simp_all add: Let_def djf_def) 
   2.791 +
   2.792 +lemma evaldjf_ex: "Ifm vs bs (evaldjf f ps) = (\<exists> p \<in> set ps. Ifm vs bs (f p))"
   2.793 +  by(induct ps, simp_all add: evaldjf_def djf_Or)
   2.794 +
   2.795 +lemma evaldjf_bound0: 
   2.796 +  assumes nb: "\<forall> x\<in> set xs. bound0 (f x)"
   2.797 +  shows "bound0 (evaldjf f xs)"
   2.798 +  using nb by (induct xs, auto simp add: evaldjf_def djf_def Let_def) (case_tac "f a", auto) 
   2.799 +
   2.800 +lemma evaldjf_qf: 
   2.801 +  assumes nb: "\<forall> x\<in> set xs. qfree (f x)"
   2.802 +  shows "qfree (evaldjf f xs)"
   2.803 +  using nb by (induct xs, auto simp add: evaldjf_def djf_def Let_def) (case_tac "f a", auto) 
   2.804 +
   2.805 +consts disjuncts :: "fm \<Rightarrow> fm list"
   2.806 +recdef disjuncts "measure size"
   2.807 +  "disjuncts (Or p q) = (disjuncts p) @ (disjuncts q)"
   2.808 +  "disjuncts F = []"
   2.809 +  "disjuncts p = [p]"
   2.810 +
   2.811 +lemma disjuncts: "(\<exists> q\<in> set (disjuncts p). Ifm vs bs q) = Ifm vs bs p"
   2.812 +by(induct p rule: disjuncts.induct, auto)
   2.813 +
   2.814 +lemma disjuncts_nb: "bound0 p \<Longrightarrow> \<forall> q\<in> set (disjuncts p). bound0 q"
   2.815 +proof-
   2.816 +  assume nb: "bound0 p"
   2.817 +  hence "list_all bound0 (disjuncts p)" by (induct p rule:disjuncts.induct,auto)
   2.818 +  thus ?thesis by (simp only: list_all_iff)
   2.819 +qed
   2.820 +
   2.821 +lemma disjuncts_qf: "qfree p \<Longrightarrow> \<forall> q\<in> set (disjuncts p). qfree q"
   2.822 +proof-
   2.823 +  assume qf: "qfree p"
   2.824 +  hence "list_all qfree (disjuncts p)"
   2.825 +    by (induct p rule: disjuncts.induct, auto)
   2.826 +  thus ?thesis by (simp only: list_all_iff)
   2.827 +qed
   2.828 +
   2.829 +constdefs DJ :: "(fm \<Rightarrow> fm) \<Rightarrow> fm \<Rightarrow> fm"
   2.830 +  "DJ f p \<equiv> evaldjf f (disjuncts p)"
   2.831 +
   2.832 +lemma DJ: assumes fdj: "\<forall> p q. Ifm vs bs (f (Or p q)) = Ifm vs bs (Or (f p) (f q))"
   2.833 +  and fF: "f F = F"
   2.834 +  shows "Ifm vs bs (DJ f p) = Ifm vs bs (f p)"
   2.835 +proof-
   2.836 +  have "Ifm vs bs (DJ f p) = (\<exists> q \<in> set (disjuncts p). Ifm vs bs (f q))"
   2.837 +    by (simp add: DJ_def evaldjf_ex) 
   2.838 +  also have "\<dots> = Ifm vs bs (f p)" using fdj fF by (induct p rule: disjuncts.induct, auto)
   2.839 +  finally show ?thesis .
   2.840 +qed
   2.841 +
   2.842 +lemma DJ_qf: assumes 
   2.843 +  fqf: "\<forall> p. qfree p \<longrightarrow> qfree (f p)"
   2.844 +  shows "\<forall>p. qfree p \<longrightarrow> qfree (DJ f p) "
   2.845 +proof(clarify)
   2.846 +  fix  p assume qf: "qfree p"
   2.847 +  have th: "DJ f p = evaldjf f (disjuncts p)" by (simp add: DJ_def)
   2.848 +  from disjuncts_qf[OF qf] have "\<forall> q\<in> set (disjuncts p). qfree q" .
   2.849 +  with fqf have th':"\<forall> q\<in> set (disjuncts p). qfree (f q)" by blast
   2.850 +  
   2.851 +  from evaldjf_qf[OF th'] th show "qfree (DJ f p)" by simp
   2.852 +qed
   2.853 +
   2.854 +lemma DJ_qe: assumes qe: "\<forall> bs p. qfree p \<longrightarrow> qfree (qe p) \<and> (Ifm vs bs (qe p) = Ifm vs bs (E p))"
   2.855 +  shows "\<forall> bs p. qfree p \<longrightarrow> qfree (DJ qe p) \<and> (Ifm vs bs ((DJ qe p)) = Ifm vs bs (E p))"
   2.856 +proof(clarify)
   2.857 +  fix p::fm and bs
   2.858 +  assume qf: "qfree p"
   2.859 +  from qe have qth: "\<forall> p. qfree p \<longrightarrow> qfree (qe p)" by blast
   2.860 +  from DJ_qf[OF qth] qf have qfth:"qfree (DJ qe p)" by auto
   2.861 +  have "Ifm vs bs (DJ qe p) = (\<exists> q\<in> set (disjuncts p). Ifm vs bs (qe q))"
   2.862 +    by (simp add: DJ_def evaldjf_ex)
   2.863 +  also have "\<dots> = (\<exists> q \<in> set(disjuncts p). Ifm vs bs (E q))" using qe disjuncts_qf[OF qf] by auto
   2.864 +  also have "\<dots> = Ifm vs bs (E p)" by (induct p rule: disjuncts.induct, auto)
   2.865 +  finally show "qfree (DJ qe p) \<and> Ifm vs bs (DJ qe p) = Ifm vs bs (E p)" using qfth by blast
   2.866 +qed
   2.867 +
   2.868 +consts conjuncts :: "fm \<Rightarrow> fm list"
   2.869 +
   2.870 +recdef conjuncts "measure size"
   2.871 +  "conjuncts (And p q) = (conjuncts p) @ (conjuncts q)"
   2.872 +  "conjuncts T = []"
   2.873 +  "conjuncts p = [p]"
   2.874 +
   2.875 +constdefs list_conj :: "fm list \<Rightarrow> fm"
   2.876 +  "list_conj ps \<equiv> foldr conj ps T"
   2.877 +
   2.878 +constdefs CJNB:: "(fm \<Rightarrow> fm) \<Rightarrow> fm \<Rightarrow> fm"
   2.879 +  "CJNB f p \<equiv> (let cjs = conjuncts p ; (yes,no) = partition bound0 cjs
   2.880 +                   in conj (decr0 (list_conj yes)) (f (list_conj no)))"
   2.881 +
   2.882 +lemma conjuncts_qf: "qfree p \<Longrightarrow> \<forall> q\<in> set (conjuncts p). qfree q"
   2.883 +proof-
   2.884 +  assume qf: "qfree p"
   2.885 +  hence "list_all qfree (conjuncts p)"
   2.886 +    by (induct p rule: conjuncts.induct, auto)
   2.887 +  thus ?thesis by (simp only: list_all_iff)
   2.888 +qed
   2.889 +
   2.890 +lemma conjuncts: "(\<forall> q\<in> set (conjuncts p). Ifm vs bs q) = Ifm vs bs p"
   2.891 +by(induct p rule: conjuncts.induct, auto)
   2.892 +
   2.893 +lemma conjuncts_nb: "bound0 p \<Longrightarrow> \<forall> q\<in> set (conjuncts p). bound0 q"
   2.894 +proof-
   2.895 +  assume nb: "bound0 p"
   2.896 +  hence "list_all bound0 (conjuncts p)" by (induct p rule:conjuncts.induct,auto)
   2.897 +  thus ?thesis by (simp only: list_all_iff)
   2.898 +qed
   2.899 +
   2.900 +fun islin :: "fm \<Rightarrow> bool" where
   2.901 +  "islin (And p q) = (islin p \<and> islin q \<and> p \<noteq> T \<and> p \<noteq> F \<and> q \<noteq> T \<and> q \<noteq> F)"
   2.902 +| "islin (Or p q) = (islin p \<and> islin q \<and> p \<noteq> T \<and> p \<noteq> F \<and> q \<noteq> T \<and> q \<noteq> F)"
   2.903 +| "islin (Eq (CNP 0 c s)) = (isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s)"
   2.904 +| "islin (NEq (CNP 0 c s)) = (isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s)"
   2.905 +| "islin (Lt (CNP 0 c s)) = (isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s)"
   2.906 +| "islin (Le (CNP 0 c s)) = (isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s)"
   2.907 +| "islin (NOT p) = False"
   2.908 +| "islin (Imp p q) = False"
   2.909 +| "islin (Iff p q) = False"
   2.910 +| "islin p = bound0 p"
   2.911 +
   2.912 +lemma islin_stupid: assumes nb: "tmbound0 p"
   2.913 +  shows "islin (Lt p)" and "islin (Le p)" and "islin (Eq p)" and "islin (NEq p)"
   2.914 +  using nb by (cases p, auto, case_tac nat, auto)+
   2.915 +
   2.916 +definition "lt p = (case p of CP (C c) \<Rightarrow> if 0>\<^sub>N c then T else F| _ \<Rightarrow> Lt p)"
   2.917 +definition "le p = (case p of CP (C c) \<Rightarrow> if 0\<ge>\<^sub>N c then T else F | _ \<Rightarrow> Le p)"
   2.918 +definition "eq p = (case p of CP (C c) \<Rightarrow> if c = 0\<^sub>N then T else F | _ \<Rightarrow> Eq p)"
   2.919 +definition "neq p = not (eq p)"
   2.920 +
   2.921 +lemma lt: "allpolys isnpoly p \<Longrightarrow> Ifm vs bs (lt p) = Ifm vs bs (Lt p)"
   2.922 +  apply(simp add: lt_def)
   2.923 +  apply(cases p, simp_all)
   2.924 +  apply (case_tac poly, simp_all add: isnpoly_def)
   2.925 +  done
   2.926 +
   2.927 +lemma le: "allpolys isnpoly p \<Longrightarrow> Ifm vs bs (le p) = Ifm vs bs (Le p)"
   2.928 +  apply(simp add: le_def)
   2.929 +  apply(cases p, simp_all)
   2.930 +  apply (case_tac poly, simp_all add: isnpoly_def)
   2.931 +  done
   2.932 +
   2.933 +lemma eq: "allpolys isnpoly p \<Longrightarrow> Ifm vs bs (eq p) = Ifm vs bs (Eq p)"
   2.934 +  apply(simp add: eq_def)
   2.935 +  apply(cases p, simp_all)
   2.936 +  apply (case_tac poly, simp_all add: isnpoly_def)
   2.937 +  done
   2.938 +
   2.939 +lemma neq: "allpolys isnpoly p \<Longrightarrow> Ifm vs bs (neq p) = Ifm vs bs (NEq p)"
   2.940 +  by(simp add: neq_def eq)
   2.941 +
   2.942 +lemma lt_lin: "tmbound0 p \<Longrightarrow> islin (lt p)"
   2.943 +  apply (simp add: lt_def)
   2.944 +  apply (cases p, simp_all)
   2.945 +  apply (case_tac poly, simp_all)
   2.946 +  apply (case_tac nat, simp_all)
   2.947 +  done
   2.948 +
   2.949 +lemma le_lin: "tmbound0 p \<Longrightarrow> islin (le p)"
   2.950 +  apply (simp add: le_def)
   2.951 +  apply (cases p, simp_all)
   2.952 +  apply (case_tac poly, simp_all)
   2.953 +  apply (case_tac nat, simp_all)
   2.954 +  done
   2.955 +
   2.956 +lemma eq_lin: "tmbound0 p \<Longrightarrow> islin (eq p)"
   2.957 +  apply (simp add: eq_def)
   2.958 +  apply (cases p, simp_all)
   2.959 +  apply (case_tac poly, simp_all)
   2.960 +  apply (case_tac nat, simp_all)
   2.961 +  done
   2.962 +
   2.963 +lemma neq_lin: "tmbound0 p \<Longrightarrow> islin (neq p)"
   2.964 +  apply (simp add: neq_def eq_def)
   2.965 +  apply (cases p, simp_all)
   2.966 +  apply (case_tac poly, simp_all)
   2.967 +  apply (case_tac nat, simp_all)
   2.968 +  done
   2.969 +
   2.970 +definition "simplt t = (let (c,s) = split0 (simptm t) in if c= 0\<^sub>p then lt s else Lt (CNP 0 c s))"
   2.971 +definition "simple t = (let (c,s) = split0 (simptm t) in if c= 0\<^sub>p then le s else Le (CNP 0 c s))"
   2.972 +definition "simpeq t = (let (c,s) = split0 (simptm t) in if c= 0\<^sub>p then eq s else Eq (CNP 0 c s))"
   2.973 +definition "simpneq t = (let (c,s) = split0 (simptm t) in if c= 0\<^sub>p then neq s else NEq (CNP 0 c s))"
   2.974 +
   2.975 +lemma simplt_islin[simp]:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
   2.976 +  shows "islin (simplt t)"
   2.977 +  unfolding simplt_def 
   2.978 +  using split0_nb0'
   2.979 +by (auto simp add: lt_lin Let_def split_def isnpoly_fst_split0[OF simptm_allpolys_npoly] islin_stupid allpolys_split0[OF simptm_allpolys_npoly])
   2.980 +  
   2.981 +lemma simple_islin[simp]:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
   2.982 +  shows "islin (simple t)"
   2.983 +  unfolding simple_def 
   2.984 +  using split0_nb0'
   2.985 +by (auto simp add: Let_def split_def isnpoly_fst_split0[OF simptm_allpolys_npoly] islin_stupid allpolys_split0[OF simptm_allpolys_npoly] le_lin)
   2.986 +lemma simpeq_islin[simp]:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
   2.987 +  shows "islin (simpeq t)"
   2.988 +  unfolding simpeq_def 
   2.989 +  using split0_nb0'
   2.990 +by (auto simp add: Let_def split_def isnpoly_fst_split0[OF simptm_allpolys_npoly] islin_stupid allpolys_split0[OF simptm_allpolys_npoly] eq_lin)
   2.991 +
   2.992 +lemma simpneq_islin[simp]:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
   2.993 +  shows "islin (simpneq t)"
   2.994 +  unfolding simpneq_def 
   2.995 +  using split0_nb0'
   2.996 +by (auto simp add: Let_def split_def isnpoly_fst_split0[OF simptm_allpolys_npoly] islin_stupid allpolys_split0[OF simptm_allpolys_npoly] neq_lin)
   2.997 +
   2.998 +lemma really_stupid: "\<not> (\<forall>c1 s'. (c1, s') \<noteq> split0 s)"
   2.999 +  by (cases "split0 s", auto)
  2.1000 +lemma split0_npoly:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
  2.1001 +  and n: "allpolys isnpoly t"
  2.1002 +  shows "isnpoly (fst (split0 t))" and "allpolys isnpoly (snd (split0 t))"
  2.1003 +  using n
  2.1004 +  by (induct t rule: split0.induct, auto simp add: Let_def split_def polyadd_norm polymul_norm polyneg_norm polysub_norm really_stupid)
  2.1005 +lemma simplt[simp]:
  2.1006 +  shows "Ifm vs bs (simplt t) = Ifm vs bs (Lt t)"
  2.1007 +proof-
  2.1008 +  have n: "allpolys isnpoly (simptm t)" by simp
  2.1009 +  let ?t = "simptm t"
  2.1010 +  {assume "fst (split0 ?t) = 0\<^sub>p" hence ?thesis
  2.1011 +      using split0[of "simptm t" vs bs] lt[OF split0_npoly(2)[OF n], of vs bs]
  2.1012 +      by (simp add: simplt_def Let_def split_def lt)}
  2.1013 +  moreover
  2.1014 +  {assume "fst (split0 ?t) \<noteq> 0\<^sub>p"
  2.1015 +    hence ?thesis using  split0[of "simptm t" vs bs] by (simp add: simplt_def Let_def split_def)
  2.1016 +  }
  2.1017 +  ultimately show ?thesis by blast
  2.1018 +qed
  2.1019 +
  2.1020 +lemma simple[simp]:
  2.1021 +  shows "Ifm vs bs (simple t) = Ifm vs bs (Le t)"
  2.1022 +proof-
  2.1023 +  have n: "allpolys isnpoly (simptm t)" by simp
  2.1024 +  let ?t = "simptm t"
  2.1025 +  {assume "fst (split0 ?t) = 0\<^sub>p" hence ?thesis
  2.1026 +      using split0[of "simptm t" vs bs] le[OF split0_npoly(2)[OF n], of vs bs]
  2.1027 +      by (simp add: simple_def Let_def split_def le)}
  2.1028 +  moreover
  2.1029 +  {assume "fst (split0 ?t) \<noteq> 0\<^sub>p"
  2.1030 +    hence ?thesis using  split0[of "simptm t" vs bs] by (simp add: simple_def Let_def split_def)
  2.1031 +  }
  2.1032 +  ultimately show ?thesis by blast
  2.1033 +qed
  2.1034 +
  2.1035 +lemma simpeq[simp]:
  2.1036 +  shows "Ifm vs bs (simpeq t) = Ifm vs bs (Eq t)"
  2.1037 +proof-
  2.1038 +  have n: "allpolys isnpoly (simptm t)" by simp
  2.1039 +  let ?t = "simptm t"
  2.1040 +  {assume "fst (split0 ?t) = 0\<^sub>p" hence ?thesis
  2.1041 +      using split0[of "simptm t" vs bs] eq[OF split0_npoly(2)[OF n], of vs bs]
  2.1042 +      by (simp add: simpeq_def Let_def split_def)}
  2.1043 +  moreover
  2.1044 +  {assume "fst (split0 ?t) \<noteq> 0\<^sub>p"
  2.1045 +    hence ?thesis using  split0[of "simptm t" vs bs] by (simp add: simpeq_def Let_def split_def)
  2.1046 +  }
  2.1047 +  ultimately show ?thesis by blast
  2.1048 +qed
  2.1049 +
  2.1050 +lemma simpneq[simp]:
  2.1051 +  shows "Ifm vs bs (simpneq t) = Ifm vs bs (NEq t)"
  2.1052 +proof-
  2.1053 +  have n: "allpolys isnpoly (simptm t)" by simp
  2.1054 +  let ?t = "simptm t"
  2.1055 +  {assume "fst (split0 ?t) = 0\<^sub>p" hence ?thesis
  2.1056 +      using split0[of "simptm t" vs bs] neq[OF split0_npoly(2)[OF n], of vs bs]
  2.1057 +      by (simp add: simpneq_def Let_def split_def )}
  2.1058 +  moreover
  2.1059 +  {assume "fst (split0 ?t) \<noteq> 0\<^sub>p"
  2.1060 +    hence ?thesis using  split0[of "simptm t" vs bs] by (simp add: simpneq_def Let_def split_def)
  2.1061 +  }
  2.1062 +  ultimately show ?thesis by blast
  2.1063 +qed
  2.1064 +
  2.1065 +lemma lt_nb: "tmbound0 t \<Longrightarrow> bound0 (lt t)"
  2.1066 +  apply (simp add: lt_def)
  2.1067 +  apply (cases t, auto)
  2.1068 +  apply (case_tac poly, auto)
  2.1069 +  done
  2.1070 +
  2.1071 +lemma le_nb: "tmbound0 t \<Longrightarrow> bound0 (le t)"
  2.1072 +  apply (simp add: le_def)
  2.1073 +  apply (cases t, auto)
  2.1074 +  apply (case_tac poly, auto)
  2.1075 +  done
  2.1076 +
  2.1077 +lemma eq_nb: "tmbound0 t \<Longrightarrow> bound0 (eq t)"
  2.1078 +  apply (simp add: eq_def)
  2.1079 +  apply (cases t, auto)
  2.1080 +  apply (case_tac poly, auto)
  2.1081 +  done
  2.1082 +
  2.1083 +lemma neq_nb: "tmbound0 t \<Longrightarrow> bound0 (neq t)"
  2.1084 +  apply (simp add: neq_def eq_def)
  2.1085 +  apply (cases t, auto)
  2.1086 +  apply (case_tac poly, auto)
  2.1087 +  done
  2.1088 +
  2.1089 +lemma simplt_nb[simp]:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
  2.1090 +  shows "tmbound0 t \<Longrightarrow> bound0 (simplt t)"
  2.1091 +  using split0 [of "simptm t" vs bs]
  2.1092 +proof(simp add: simplt_def Let_def split_def)
  2.1093 +  assume nb: "tmbound0 t"
  2.1094 +  hence nb': "tmbound0 (simptm t)" by simp
  2.1095 +  let ?c = "fst (split0 (simptm t))"
  2.1096 +  from tmbound_split0[OF nb'[unfolded tmbound0_tmbound_iff[symmetric]]]
  2.1097 +  have th: "\<forall>bs. Ipoly bs ?c = Ipoly bs 0\<^sub>p" by auto
  2.1098 +  from isnpoly_fst_split0[OF simptm_allpolys_npoly[of t]]
  2.1099 +  have ths: "isnpolyh ?c 0" "isnpolyh 0\<^sub>p 0" by (simp_all add: isnpoly_def)
  2.1100 +  from iffD1[OF isnpolyh_unique[OF ths] th]
  2.1101 +  have "fst (split0 (simptm t)) = 0\<^sub>p" . 
  2.1102 +  thus "(fst (split0 (simptm t)) = 0\<^sub>p \<longrightarrow> bound0 (lt (snd (split0 (simptm t))))) \<and>
  2.1103 +       fst (split0 (simptm t)) = 0\<^sub>p" by (simp add: simplt_def Let_def split_def lt_nb)
  2.1104 +qed
  2.1105 +
  2.1106 +lemma simple_nb[simp]:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
  2.1107 +  shows "tmbound0 t \<Longrightarrow> bound0 (simple t)"
  2.1108 +  using split0 [of "simptm t" vs bs]
  2.1109 +proof(simp add: simple_def Let_def split_def)
  2.1110 +  assume nb: "tmbound0 t"
  2.1111 +  hence nb': "tmbound0 (simptm t)" by simp
  2.1112 +  let ?c = "fst (split0 (simptm t))"
  2.1113 +  from tmbound_split0[OF nb'[unfolded tmbound0_tmbound_iff[symmetric]]]
  2.1114 +  have th: "\<forall>bs. Ipoly bs ?c = Ipoly bs 0\<^sub>p" by auto
  2.1115 +  from isnpoly_fst_split0[OF simptm_allpolys_npoly[of t]]
  2.1116 +  have ths: "isnpolyh ?c 0" "isnpolyh 0\<^sub>p 0" by (simp_all add: isnpoly_def)
  2.1117 +  from iffD1[OF isnpolyh_unique[OF ths] th]
  2.1118 +  have "fst (split0 (simptm t)) = 0\<^sub>p" . 
  2.1119 +  thus "(fst (split0 (simptm t)) = 0\<^sub>p \<longrightarrow> bound0 (le (snd (split0 (simptm t))))) \<and>
  2.1120 +       fst (split0 (simptm t)) = 0\<^sub>p" by (simp add: simplt_def Let_def split_def le_nb)
  2.1121 +qed
  2.1122 +
  2.1123 +lemma simpeq_nb[simp]:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
  2.1124 +  shows "tmbound0 t \<Longrightarrow> bound0 (simpeq t)"
  2.1125 +  using split0 [of "simptm t" vs bs]
  2.1126 +proof(simp add: simpeq_def Let_def split_def)
  2.1127 +  assume nb: "tmbound0 t"
  2.1128 +  hence nb': "tmbound0 (simptm t)" by simp
  2.1129 +  let ?c = "fst (split0 (simptm t))"
  2.1130 +  from tmbound_split0[OF nb'[unfolded tmbound0_tmbound_iff[symmetric]]]
  2.1131 +  have th: "\<forall>bs. Ipoly bs ?c = Ipoly bs 0\<^sub>p" by auto
  2.1132 +  from isnpoly_fst_split0[OF simptm_allpolys_npoly[of t]]
  2.1133 +  have ths: "isnpolyh ?c 0" "isnpolyh 0\<^sub>p 0" by (simp_all add: isnpoly_def)
  2.1134 +  from iffD1[OF isnpolyh_unique[OF ths] th]
  2.1135 +  have "fst (split0 (simptm t)) = 0\<^sub>p" . 
  2.1136 +  thus "(fst (split0 (simptm t)) = 0\<^sub>p \<longrightarrow> bound0 (eq (snd (split0 (simptm t))))) \<and>
  2.1137 +       fst (split0 (simptm t)) = 0\<^sub>p" by (simp add: simpeq_def Let_def split_def eq_nb)
  2.1138 +qed
  2.1139 +
  2.1140 +lemma simpneq_nb[simp]:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
  2.1141 +  shows "tmbound0 t \<Longrightarrow> bound0 (simpneq t)"
  2.1142 +  using split0 [of "simptm t" vs bs]
  2.1143 +proof(simp add: simpneq_def Let_def split_def)
  2.1144 +  assume nb: "tmbound0 t"
  2.1145 +  hence nb': "tmbound0 (simptm t)" by simp
  2.1146 +  let ?c = "fst (split0 (simptm t))"
  2.1147 +  from tmbound_split0[OF nb'[unfolded tmbound0_tmbound_iff[symmetric]]]
  2.1148 +  have th: "\<forall>bs. Ipoly bs ?c = Ipoly bs 0\<^sub>p" by auto
  2.1149 +  from isnpoly_fst_split0[OF simptm_allpolys_npoly[of t]]
  2.1150 +  have ths: "isnpolyh ?c 0" "isnpolyh 0\<^sub>p 0" by (simp_all add: isnpoly_def)
  2.1151 +  from iffD1[OF isnpolyh_unique[OF ths] th]
  2.1152 +  have "fst (split0 (simptm t)) = 0\<^sub>p" . 
  2.1153 +  thus "(fst (split0 (simptm t)) = 0\<^sub>p \<longrightarrow> bound0 (neq (snd (split0 (simptm t))))) \<and>
  2.1154 +       fst (split0 (simptm t)) = 0\<^sub>p" by (simp add: simpneq_def Let_def split_def neq_nb)
  2.1155 +qed
  2.1156 +
  2.1157 +consts conjs   :: "fm \<Rightarrow> fm list"
  2.1158 +recdef conjs "measure size"
  2.1159 +  "conjs (And p q) = (conjs p)@(conjs q)"
  2.1160 +  "conjs T = []"
  2.1161 +  "conjs p = [p]"
  2.1162 +lemma conjs_ci: "(\<forall> q \<in> set (conjs p). Ifm vs bs q) = Ifm vs bs p"
  2.1163 +by (induct p rule: conjs.induct, auto)
  2.1164 +constdefs list_disj :: "fm list \<Rightarrow> fm"
  2.1165 +  "list_disj ps \<equiv> foldr disj ps F"
  2.1166 +
  2.1167 +lemma list_conj: "Ifm vs bs (list_conj ps) = (\<forall>p\<in> set ps. Ifm vs bs p)"
  2.1168 +  by (induct ps, auto simp add: list_conj_def)
  2.1169 +lemma list_conj_qf: " \<forall>p\<in> set ps. qfree p \<Longrightarrow> qfree (list_conj ps)"
  2.1170 +  by (induct ps, auto simp add: list_conj_def conj_qf)
  2.1171 +lemma list_disj: "Ifm vs bs (list_disj ps) = (\<exists>p\<in> set ps. Ifm vs bs p)"
  2.1172 +  by (induct ps, auto simp add: list_disj_def)
  2.1173 +
  2.1174 +lemma conj_boundslt: "boundslt n p \<Longrightarrow> boundslt n q \<Longrightarrow> boundslt n (conj p q)"
  2.1175 +  unfolding conj_def by auto
  2.1176 +
  2.1177 +lemma conjs_nb: "bound n p \<Longrightarrow> \<forall>q\<in> set (conjs p). bound n q"
  2.1178 +  apply (induct p rule: conjs.induct) 
  2.1179 +  apply (unfold conjs.simps)
  2.1180 +  apply (unfold set_append)
  2.1181 +  apply (unfold ball_Un)
  2.1182 +  apply (unfold bound.simps)
  2.1183 +  apply auto
  2.1184 +  done
  2.1185 +
  2.1186 +lemma conjs_boundslt: "boundslt n p \<Longrightarrow> \<forall>q\<in> set (conjs p). boundslt n q"
  2.1187 +  apply (induct p rule: conjs.induct) 
  2.1188 +  apply (unfold conjs.simps)
  2.1189 +  apply (unfold set_append)
  2.1190 +  apply (unfold ball_Un)
  2.1191 +  apply (unfold boundslt.simps)
  2.1192 +  apply blast
  2.1193 +by simp_all
  2.1194 +
  2.1195 +lemma list_conj_boundslt: " \<forall>p\<in> set ps. boundslt n p \<Longrightarrow> boundslt n (list_conj ps)"
  2.1196 +  unfolding list_conj_def
  2.1197 +  by (induct ps, auto simp add: conj_boundslt)
  2.1198 +
  2.1199 +lemma list_conj_nb: assumes bnd: "\<forall>p\<in> set ps. bound n p"
  2.1200 +  shows "bound n (list_conj ps)"
  2.1201 +  using bnd
  2.1202 +  unfolding list_conj_def
  2.1203 +  by (induct ps, auto simp add: conj_nb)
  2.1204 +
  2.1205 +lemma list_conj_nb': "\<forall>p\<in>set ps. bound0 p \<Longrightarrow> bound0 (list_conj ps)"
  2.1206 +unfolding list_conj_def by (induct ps , auto)
  2.1207 +
  2.1208 +lemma CJNB_qe: 
  2.1209 +  assumes qe: "\<forall> bs p. qfree p \<longrightarrow> qfree (qe p) \<and> (Ifm vs bs (qe p) = Ifm vs bs (E p))"
  2.1210 +  shows "\<forall> bs p. qfree p \<longrightarrow> qfree (CJNB qe p) \<and> (Ifm vs bs ((CJNB qe p)) = Ifm vs bs (E p))"
  2.1211 +proof(clarify)
  2.1212 +  fix bs p
  2.1213 +  assume qfp: "qfree p"
  2.1214 +  let ?cjs = "conjuncts p"
  2.1215 +  let ?yes = "fst (partition bound0 ?cjs)"
  2.1216 +  let ?no = "snd (partition bound0 ?cjs)"
  2.1217 +  let ?cno = "list_conj ?no"
  2.1218 +  let ?cyes = "list_conj ?yes"
  2.1219 +  have part: "partition bound0 ?cjs = (?yes,?no)" by simp
  2.1220 +  from partition_P[OF part] have "\<forall> q\<in> set ?yes. bound0 q" by blast 
  2.1221 +  hence yes_nb: "bound0 ?cyes" by (simp add: list_conj_nb') 
  2.1222 +  hence yes_qf: "qfree (decr0 ?cyes )" by (simp add: decr0_qf)
  2.1223 +  from conjuncts_qf[OF qfp] partition_set[OF part] 
  2.1224 +  have " \<forall>q\<in> set ?no. qfree q" by auto
  2.1225 +  hence no_qf: "qfree ?cno"by (simp add: list_conj_qf)
  2.1226 +  with qe have cno_qf:"qfree (qe ?cno )" 
  2.1227 +    and noE: "Ifm vs bs (qe ?cno) = Ifm vs bs (E ?cno)" by blast+
  2.1228 +  from cno_qf yes_qf have qf: "qfree (CJNB qe p)" 
  2.1229 +    by (simp add: CJNB_def Let_def conj_qf split_def)
  2.1230 +  {fix bs
  2.1231 +    from conjuncts have "Ifm vs bs p = (\<forall>q\<in> set ?cjs. Ifm vs bs q)" by blast
  2.1232 +    also have "\<dots> = ((\<forall>q\<in> set ?yes. Ifm vs bs q) \<and> (\<forall>q\<in> set ?no. Ifm vs bs q))"
  2.1233 +      using partition_set[OF part] by auto
  2.1234 +    finally have "Ifm vs bs p = ((Ifm vs bs ?cyes) \<and> (Ifm vs bs ?cno))" using list_conj[of vs bs] by simp}
  2.1235 +  hence "Ifm vs bs (E p) = (\<exists>x. (Ifm vs (x#bs) ?cyes) \<and> (Ifm vs (x#bs) ?cno))" by simp
  2.1236 +  also have "\<dots> = (\<exists>x. (Ifm vs (y#bs) ?cyes) \<and> (Ifm vs (x#bs) ?cno))"
  2.1237 +    using bound0_I[OF yes_nb, where bs="bs" and b'="y"] by blast
  2.1238 +  also have "\<dots> = (Ifm vs bs (decr0 ?cyes) \<and> Ifm vs bs (E ?cno))"
  2.1239 +    by (auto simp add: decr0[OF yes_nb])
  2.1240 +  also have "\<dots> = (Ifm vs bs (conj (decr0 ?cyes) (qe ?cno)))"
  2.1241 +    using qe[rule_format, OF no_qf] by auto
  2.1242 +  finally have "Ifm vs bs (E p) = Ifm vs bs (CJNB qe p)" 
  2.1243 +    by (simp add: Let_def CJNB_def split_def)
  2.1244 +  with qf show "qfree (CJNB qe p) \<and> Ifm vs bs (CJNB qe p) = Ifm vs bs (E p)" by blast
  2.1245 +qed
  2.1246 +
  2.1247 +consts simpfm :: "fm \<Rightarrow> fm"
  2.1248 +recdef simpfm "measure fmsize"
  2.1249 +  "simpfm (Lt t) = simplt (simptm t)"
  2.1250 +  "simpfm (Le t) = simple (simptm t)"
  2.1251 +  "simpfm (Eq t) = simpeq(simptm t)"
  2.1252 +  "simpfm (NEq t) = simpneq(simptm t)"
  2.1253 +  "simpfm (And p q) = conj (simpfm p) (simpfm q)"
  2.1254 +  "simpfm (Or p q) = disj (simpfm p) (simpfm q)"
  2.1255 +  "simpfm (Imp p q) = disj (simpfm (NOT p)) (simpfm q)"
  2.1256 +  "simpfm (Iff p q) = disj (conj (simpfm p) (simpfm q)) (conj (simpfm (NOT p)) (simpfm (NOT q)))"
  2.1257 +  "simpfm (NOT (And p q)) = disj (simpfm (NOT p)) (simpfm (NOT q))"
  2.1258 +  "simpfm (NOT (Or p q)) = conj (simpfm (NOT p)) (simpfm (NOT q))"
  2.1259 +  "simpfm (NOT (Imp p q)) = conj (simpfm p) (simpfm (NOT q))"
  2.1260 +  "simpfm (NOT (Iff p q)) = disj (conj (simpfm p) (simpfm (NOT q))) (conj (simpfm (NOT p)) (simpfm q))"
  2.1261 +  "simpfm (NOT (Eq t)) = simpneq t"
  2.1262 +  "simpfm (NOT (NEq t)) = simpeq t"
  2.1263 +  "simpfm (NOT (Le t)) = simplt (Neg t)"
  2.1264 +  "simpfm (NOT (Lt t)) = simple (Neg t)"
  2.1265 +  "simpfm (NOT (NOT p)) = simpfm p"
  2.1266 +  "simpfm (NOT T) = F"
  2.1267 +  "simpfm (NOT F) = T"
  2.1268 +  "simpfm p = p"
  2.1269 +
  2.1270 +lemma simpfm[simp]: "Ifm vs bs (simpfm p) = Ifm vs bs p"
  2.1271 +by(induct p arbitrary: bs rule: simpfm.induct, auto)
  2.1272 +
  2.1273 +lemma simpfm_bound0:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
  2.1274 +  shows "bound0 p \<Longrightarrow> bound0 (simpfm p)"
  2.1275 +by (induct p rule: simpfm.induct, auto)
  2.1276 +
  2.1277 +lemma lt_qf[simp]: "qfree (lt t)"
  2.1278 +  apply (cases t, auto simp add: lt_def)
  2.1279 +  by (case_tac poly, auto)
  2.1280 +
  2.1281 +lemma le_qf[simp]: "qfree (le t)"
  2.1282 +  apply (cases t, auto simp add: le_def)
  2.1283 +  by (case_tac poly, auto)
  2.1284 +
  2.1285 +lemma eq_qf[simp]: "qfree (eq t)"
  2.1286 +  apply (cases t, auto simp add: eq_def)
  2.1287 +  by (case_tac poly, auto)
  2.1288 +
  2.1289 +lemma neq_qf[simp]: "qfree (neq t)" by (simp add: neq_def)
  2.1290 +
  2.1291 +lemma simplt_qf[simp]: "qfree (simplt t)" by (simp add: simplt_def Let_def split_def)
  2.1292 +lemma simple_qf[simp]: "qfree (simple t)" by (simp add: simple_def Let_def split_def)
  2.1293 +lemma simpeq_qf[simp]: "qfree (simpeq t)" by (simp add: simpeq_def Let_def split_def)
  2.1294 +lemma simpneq_qf[simp]: "qfree (simpneq t)" by (simp add: simpneq_def Let_def split_def)
  2.1295 +
  2.1296 +lemma simpfm_qf[simp]: "qfree p \<Longrightarrow> qfree (simpfm p)"
  2.1297 +by (induct p rule: simpfm.induct, auto simp add: disj_qf imp_qf iff_qf conj_qf not_qf Let_def)
  2.1298 +
  2.1299 +lemma disj_lin: "islin p \<Longrightarrow> islin q \<Longrightarrow> islin (disj p q)" by (simp add: disj_def)
  2.1300 +lemma conj_lin: "islin p \<Longrightarrow> islin q \<Longrightarrow> islin (conj p q)" by (simp add: conj_def)
  2.1301 +
  2.1302 +lemma   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
  2.1303 +  shows "qfree p \<Longrightarrow> islin (simpfm p)" 
  2.1304 +  apply (induct p rule: simpfm.induct)
  2.1305 +  apply (simp_all add: conj_lin disj_lin)
  2.1306 +  done
  2.1307 +
  2.1308 +consts prep :: "fm \<Rightarrow> fm"
  2.1309 +recdef prep "measure fmsize"
  2.1310 +  "prep (E T) = T"
  2.1311 +  "prep (E F) = F"
  2.1312 +  "prep (E (Or p q)) = disj (prep (E p)) (prep (E q))"
  2.1313 +  "prep (E (Imp p q)) = disj (prep (E (NOT p))) (prep (E q))"
  2.1314 +  "prep (E (Iff p q)) = disj (prep (E (And p q))) (prep (E (And (NOT p) (NOT q))))" 
  2.1315 +  "prep (E (NOT (And p q))) = disj (prep (E (NOT p))) (prep (E(NOT q)))"
  2.1316 +  "prep (E (NOT (Imp p q))) = prep (E (And p (NOT q)))"
  2.1317 +  "prep (E (NOT (Iff p q))) = disj (prep (E (And p (NOT q)))) (prep (E(And (NOT p) q)))"
  2.1318 +  "prep (E p) = E (prep p)"
  2.1319 +  "prep (A (And p q)) = conj (prep (A p)) (prep (A q))"
  2.1320 +  "prep (A p) = prep (NOT (E (NOT p)))"
  2.1321 +  "prep (NOT (NOT p)) = prep p"
  2.1322 +  "prep (NOT (And p q)) = disj (prep (NOT p)) (prep (NOT q))"
  2.1323 +  "prep (NOT (A p)) = prep (E (NOT p))"
  2.1324 +  "prep (NOT (Or p q)) = conj (prep (NOT p)) (prep (NOT q))"
  2.1325 +  "prep (NOT (Imp p q)) = conj (prep p) (prep (NOT q))"
  2.1326 +  "prep (NOT (Iff p q)) = disj (prep (And p (NOT q))) (prep (And (NOT p) q))"
  2.1327 +  "prep (NOT p) = not (prep p)"
  2.1328 +  "prep (Or p q) = disj (prep p) (prep q)"
  2.1329 +  "prep (And p q) = conj (prep p) (prep q)"
  2.1330 +  "prep (Imp p q) = prep (Or (NOT p) q)"
  2.1331 +  "prep (Iff p q) = disj (prep (And p q)) (prep (And (NOT p) (NOT q)))"
  2.1332 +  "prep p = p"
  2.1333 +(hints simp add: fmsize_pos)
  2.1334 +lemma prep: "Ifm vs bs (prep p) = Ifm vs bs p"
  2.1335 +by (induct p arbitrary: bs rule: prep.induct, auto)
  2.1336 +
  2.1337 +
  2.1338 +
  2.1339 +  (* Generic quantifier elimination *)
  2.1340 +consts qelim :: "fm \<Rightarrow> (fm \<Rightarrow> fm) \<Rightarrow> fm"
  2.1341 +recdef qelim "measure fmsize"
  2.1342 +  "qelim (E p) = (\<lambda> qe. DJ (CJNB qe) (qelim p qe))"
  2.1343 +  "qelim (A p) = (\<lambda> qe. not (qe ((qelim (NOT p) qe))))"
  2.1344 +  "qelim (NOT p) = (\<lambda> qe. not (qelim p qe))"
  2.1345 +  "qelim (And p q) = (\<lambda> qe. conj (qelim p qe) (qelim q qe))" 
  2.1346 +  "qelim (Or  p q) = (\<lambda> qe. disj (qelim p qe) (qelim q qe))" 
  2.1347 +  "qelim (Imp p q) = (\<lambda> qe. imp (qelim p qe) (qelim q qe))"
  2.1348 +  "qelim (Iff p q) = (\<lambda> qe. iff (qelim p qe) (qelim q qe))"
  2.1349 +  "qelim p = (\<lambda> y. simpfm p)"
  2.1350 +
  2.1351 +
  2.1352 +lemma qelim:
  2.1353 +  assumes qe_inv: "\<forall> bs p. qfree p \<longrightarrow> qfree (qe p) \<and> (Ifm vs bs (qe p) = Ifm vs bs (E p))"
  2.1354 +  shows "\<And> bs. qfree (qelim p qe) \<and> (Ifm vs bs (qelim p qe) = Ifm vs bs p)"
  2.1355 +using qe_inv DJ_qe[OF CJNB_qe[OF qe_inv]]
  2.1356 +by (induct p rule: qelim.induct) auto
  2.1357 +
  2.1358 +subsection{* Core Procedure *}
  2.1359 +
  2.1360 +consts 
  2.1361 +  plusinf:: "fm \<Rightarrow> fm" (* Virtual substitution of +\<infinity>*)
  2.1362 +  minusinf:: "fm \<Rightarrow> fm" (* Virtual substitution of -\<infinity>*)
  2.1363 +recdef minusinf "measure size"
  2.1364 +  "minusinf (And p q) = conj (minusinf p) (minusinf q)" 
  2.1365 +  "minusinf (Or p q) = disj (minusinf p) (minusinf q)" 
  2.1366 +  "minusinf (Eq  (CNP 0 c e)) = conj (eq (CP c)) (eq e)"
  2.1367 +  "minusinf (NEq (CNP 0 c e)) = disj (not (eq e)) (not (eq (CP c)))"
  2.1368 +  "minusinf (Lt  (CNP 0 c e)) = disj (conj (eq (CP c)) (lt e)) (lt (CP (~\<^sub>p c)))"
  2.1369 +  "minusinf (Le  (CNP 0 c e)) = disj (conj (eq (CP c)) (le e)) (lt (CP (~\<^sub>p c)))"
  2.1370 +  "minusinf p = p"
  2.1371 +
  2.1372 +recdef plusinf "measure size"
  2.1373 +  "plusinf (And p q) = conj (plusinf p) (plusinf q)" 
  2.1374 +  "plusinf (Or p q) = disj (plusinf p) (plusinf q)" 
  2.1375 +  "plusinf (Eq  (CNP 0 c e)) = conj (eq (CP c)) (eq e)"
  2.1376 +  "plusinf (NEq (CNP 0 c e)) = disj (not (eq e)) (not (eq (CP c)))"
  2.1377 +  "plusinf (Lt  (CNP 0 c e)) = disj (conj (eq (CP c)) (lt e)) (lt (CP c))"
  2.1378 +  "plusinf (Le  (CNP 0 c e)) = disj (conj (eq (CP c)) (le e)) (lt (CP c))"
  2.1379 +  "plusinf p = p"
  2.1380 +
  2.1381 +lemma minusinf_inf: assumes lp:"islin p"
  2.1382 +  shows "\<exists>z. \<forall>x < z. Ifm vs (x#bs) (minusinf p) \<longleftrightarrow> Ifm vs (x#bs) p"
  2.1383 +  using lp
  2.1384 +proof (induct p rule: minusinf.induct)
  2.1385 +  case 1 thus ?case by (auto,rule_tac x="min z za" in exI, auto)
  2.1386 +next
  2.1387 +  case 2 thus ?case by (auto,rule_tac x="min z za" in exI, auto)
  2.1388 +next
  2.1389 +  case (3 c e) hence nbe: "tmbound0 e" by simp
  2.1390 +  from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
  2.1391 +  note eqs = eq[OF nc(1), where ?'a = 'a] eq[OF nc(2), where ?'a = 'a]
  2.1392 +  let ?c = "Ipoly vs c"
  2.1393 +  let ?e = "Itm vs (y#bs) e"
  2.1394 +  have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
  2.1395 +  moreover {assume "?c = 0" hence ?case 
  2.1396 +      using eq[OF nc(2), of vs] eq[OF nc(1), of vs] by auto}
  2.1397 +  moreover {assume cp: "?c > 0"
  2.1398 +    {fix x assume xz: "x < -?e / ?c" hence "?c * x < - ?e"
  2.1399 +	using pos_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  2.1400 +      hence "?c * x + ?e < 0" by simp
  2.1401 +      hence "Ifm vs (x#bs) (Eq (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (Eq (CNP 0 c e)))"
  2.1402 +	using eqs tmbound0_I[OF nbe, where b="y" and b'="x" and vs=vs and bs=bs] by auto} hence ?case by auto}
  2.1403 +  moreover {assume cp: "?c < 0"
  2.1404 +    {fix x assume xz: "x < -?e / ?c" hence "?c * x > - ?e"
  2.1405 +	using neg_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  2.1406 +      hence "?c * x + ?e > 0" by simp
  2.1407 +      hence "Ifm vs (x#bs) (Eq (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (Eq (CNP 0 c e)))"
  2.1408 +	using tmbound0_I[OF nbe, where b="y" and b'="x"] eqs by auto} hence ?case by auto}
  2.1409 +  ultimately show ?case by blast
  2.1410 +next
  2.1411 +  case (4 c e)  hence nbe: "tmbound0 e" by simp
  2.1412 +  from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
  2.1413 +  note eqs = eq[OF nc(1), where ?'a = 'a] eq[OF nc(2), where ?'a = 'a]
  2.1414 +  let ?c = "Ipoly vs c"
  2.1415 +  let ?e = "Itm vs (y#bs) e"
  2.1416 +  have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
  2.1417 +  moreover {assume "?c = 0" hence ?case using eqs by auto}
  2.1418 +  moreover {assume cp: "?c > 0"
  2.1419 +    {fix x assume xz: "x < -?e / ?c" hence "?c * x < - ?e"
  2.1420 +	using pos_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  2.1421 +      hence "?c * x + ?e < 0" by simp
  2.1422 +      hence "Ifm vs (x#bs) (NEq (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (NEq (CNP 0 c e)))"
  2.1423 +	using eqs tmbound0_I[OF nbe, where b="y" and b'="x"] by auto} hence ?case by auto}
  2.1424 +  moreover {assume cp: "?c < 0"
  2.1425 +    {fix x assume xz: "x < -?e / ?c" hence "?c * x > - ?e"
  2.1426 +	using neg_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  2.1427 +      hence "?c * x + ?e > 0" by simp
  2.1428 +      hence "Ifm vs (x#bs) (NEq (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (NEq (CNP 0 c e)))"
  2.1429 +	using eqs tmbound0_I[OF nbe, where b="y" and b'="x"] by auto} hence ?case by auto}
  2.1430 +  ultimately show ?case by blast
  2.1431 +next
  2.1432 +  case (5 c e)  hence nbe: "tmbound0 e" by simp
  2.1433 +  from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
  2.1434 +  hence nc': "allpolys isnpoly (CP (~\<^sub>p c))" by (simp add: polyneg_norm)
  2.1435 +  note eqs = lt[OF nc', where ?'a = 'a] eq [OF nc(1), where ?'a = 'a] lt[OF nc(2), where ?'a = 'a]
  2.1436 +  let ?c = "Ipoly vs c"
  2.1437 +  let ?e = "Itm vs (y#bs) e"
  2.1438 +  have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
  2.1439 +  moreover {assume "?c = 0" hence ?case using eqs by auto}
  2.1440 +  moreover {assume cp: "?c > 0"
  2.1441 +    {fix x assume xz: "x < -?e / ?c" hence "?c * x < - ?e"
  2.1442 +	using pos_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  2.1443 +      hence "?c * x + ?e < 0" by simp
  2.1444 +      hence "Ifm vs (x#bs) (Lt (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (Lt (CNP 0 c e)))"
  2.1445 +	using tmbound0_I[OF nbe, where b="y" and b'="x"] cp eqs by auto} hence ?case by auto}
  2.1446 +  moreover {assume cp: "?c < 0"
  2.1447 +    {fix x assume xz: "x < -?e / ?c" hence "?c * x > - ?e"
  2.1448 +	using neg_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  2.1449 +      hence "?c * x + ?e > 0" by simp
  2.1450 +      hence "Ifm vs (x#bs) (Lt (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (Lt (CNP 0 c e)))"
  2.1451 +	using eqs tmbound0_I[OF nbe, where b="y" and b'="x"] cp by auto} hence ?case by auto}
  2.1452 +  ultimately show ?case by blast
  2.1453 +next
  2.1454 +  case (6 c e)  hence nbe: "tmbound0 e" by simp
  2.1455 +  from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
  2.1456 +  hence nc': "allpolys isnpoly (CP (~\<^sub>p c))" by (simp add: polyneg_norm)
  2.1457 +  note eqs = lt[OF nc', where ?'a = 'a] eq [OF nc(1), where ?'a = 'a] le[OF nc(2), where ?'a = 'a]
  2.1458 +  let ?c = "Ipoly vs c"
  2.1459 +  let ?e = "Itm vs (y#bs) e"
  2.1460 +  have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
  2.1461 +  moreover {assume "?c = 0" hence ?case using eqs by auto}
  2.1462 +  moreover {assume cp: "?c > 0"
  2.1463 +    {fix x assume xz: "x < -?e / ?c" hence "?c * x < - ?e"
  2.1464 +	using pos_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  2.1465 +      hence "?c * x + ?e < 0" by simp
  2.1466 +      hence "Ifm vs (x#bs) (Le (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (Le (CNP 0 c e)))"
  2.1467 +	using tmbound0_I[OF nbe, where b="y" and b'="x"] cp eqs by auto} hence ?case by auto}
  2.1468 +  moreover {assume cp: "?c < 0"
  2.1469 +    {fix x assume xz: "x < -?e / ?c" hence "?c * x > - ?e"
  2.1470 +	using neg_less_divide_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  2.1471 +      hence "?c * x + ?e > 0" by simp
  2.1472 +      hence "Ifm vs (x#bs) (Le (CNP 0 c e)) = Ifm vs (x#bs) (minusinf (Le (CNP 0 c e)))"
  2.1473 +	using tmbound0_I[OF nbe, where b="y" and b'="x"] cp eqs by auto} hence ?case by auto}
  2.1474 +  ultimately show ?case by blast
  2.1475 +qed (auto)
  2.1476 +
  2.1477 +lemma plusinf_inf: assumes lp:"islin p"
  2.1478 +  shows "\<exists>z. \<forall>x > z. Ifm vs (x#bs) (plusinf p) \<longleftrightarrow> Ifm vs (x#bs) p"
  2.1479 +  using lp
  2.1480 +proof (induct p rule: plusinf.induct)
  2.1481 +  case 1 thus ?case by (auto,rule_tac x="max z za" in exI, auto)
  2.1482 +next
  2.1483 +  case 2 thus ?case by (auto,rule_tac x="max z za" in exI, auto)
  2.1484 +next
  2.1485 +  case (3 c e) hence nbe: "tmbound0 e" by simp
  2.1486 +  from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
  2.1487 +  note eqs = eq[OF nc(1), where ?'a = 'a] eq[OF nc(2), where ?'a = 'a]
  2.1488 +  let ?c = "Ipoly vs c"
  2.1489 +  let ?e = "Itm vs (y#bs) e"
  2.1490 +  have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
  2.1491 +  moreover {assume "?c = 0" hence ?case 
  2.1492 +      using eq[OF nc(2), of vs] eq[OF nc(1), of vs] by auto}
  2.1493 +  moreover {assume cp: "?c > 0"
  2.1494 +    {fix x assume xz: "x > -?e / ?c" hence "?c * x > - ?e" 
  2.1495 +	using pos_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  2.1496 +      hence "?c * x + ?e > 0" by simp
  2.1497 +      hence "Ifm vs (x#bs) (Eq (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (Eq (CNP 0 c e)))"
  2.1498 +	using eqs tmbound0_I[OF nbe, where b="y" and b'="x" and vs=vs and bs=bs] by auto} hence ?case by auto}
  2.1499 +  moreover {assume cp: "?c < 0"
  2.1500 +    {fix x assume xz: "x > -?e / ?c" hence "?c * x < - ?e"
  2.1501 +	using neg_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  2.1502 +      hence "?c * x + ?e < 0" by simp
  2.1503 +      hence "Ifm vs (x#bs) (Eq (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (Eq (CNP 0 c e)))"
  2.1504 +	using tmbound0_I[OF nbe, where b="y" and b'="x"] eqs by auto} hence ?case by auto}
  2.1505 +  ultimately show ?case by blast
  2.1506 +next
  2.1507 +  case (4 c e)  hence nbe: "tmbound0 e" by simp
  2.1508 +  from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
  2.1509 +  note eqs = eq[OF nc(1), where ?'a = 'a] eq[OF nc(2), where ?'a = 'a]
  2.1510 +  let ?c = "Ipoly vs c"
  2.1511 +  let ?e = "Itm vs (y#bs) e"
  2.1512 +  have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
  2.1513 +  moreover {assume "?c = 0" hence ?case using eqs by auto}
  2.1514 +  moreover {assume cp: "?c > 0"
  2.1515 +    {fix x assume xz: "x > -?e / ?c" hence "?c * x > - ?e"
  2.1516 +	using pos_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  2.1517 +      hence "?c * x + ?e > 0" by simp
  2.1518 +      hence "Ifm vs (x#bs) (NEq (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (NEq (CNP 0 c e)))"
  2.1519 +	using eqs tmbound0_I[OF nbe, where b="y" and b'="x"] by auto} hence ?case by auto}
  2.1520 +  moreover {assume cp: "?c < 0"
  2.1521 +    {fix x assume xz: "x > -?e / ?c" hence "?c * x < - ?e"
  2.1522 +	using neg_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  2.1523 +      hence "?c * x + ?e < 0" by simp
  2.1524 +      hence "Ifm vs (x#bs) (NEq (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (NEq (CNP 0 c e)))"
  2.1525 +	using eqs tmbound0_I[OF nbe, where b="y" and b'="x"] by auto} hence ?case by auto}
  2.1526 +  ultimately show ?case by blast
  2.1527 +next
  2.1528 +  case (5 c e)  hence nbe: "tmbound0 e" by simp
  2.1529 +  from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
  2.1530 +  hence nc': "allpolys isnpoly (CP (~\<^sub>p c))" by (simp add: polyneg_norm)
  2.1531 +  note eqs = lt[OF nc(1), where ?'a = 'a] lt[OF nc', where ?'a = 'a] eq [OF nc(1), where ?'a = 'a] lt[OF nc(2), where ?'a = 'a]
  2.1532 +  let ?c = "Ipoly vs c"
  2.1533 +  let ?e = "Itm vs (y#bs) e"
  2.1534 +  have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
  2.1535 +  moreover {assume "?c = 0" hence ?case using eqs by auto}
  2.1536 +  moreover {assume cp: "?c > 0"
  2.1537 +    {fix x assume xz: "x > -?e / ?c" hence "?c * x > - ?e"
  2.1538 +	using pos_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  2.1539 +      hence "?c * x + ?e > 0" by simp
  2.1540 +      hence "Ifm vs (x#bs) (Lt (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (Lt (CNP 0 c e)))"
  2.1541 +	using tmbound0_I[OF nbe, where b="y" and b'="x"] cp eqs by auto} hence ?case by auto}
  2.1542 +  moreover {assume cp: "?c < 0"
  2.1543 +    {fix x assume xz: "x > -?e / ?c" hence "?c * x < - ?e"
  2.1544 +	using neg_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  2.1545 +      hence "?c * x + ?e < 0" by simp
  2.1546 +      hence "Ifm vs (x#bs) (Lt (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (Lt (CNP 0 c e)))"
  2.1547 +	using eqs tmbound0_I[OF nbe, where b="y" and b'="x"] cp by auto} hence ?case by auto}
  2.1548 +  ultimately show ?case by blast
  2.1549 +next
  2.1550 +  case (6 c e)  hence nbe: "tmbound0 e" by simp
  2.1551 +  from prems have nc: "allpolys isnpoly (CP c)" "allpolys isnpoly e" by simp_all
  2.1552 +  hence nc': "allpolys isnpoly (CP (~\<^sub>p c))" by (simp add: polyneg_norm)
  2.1553 +  note eqs = lt[OF nc(1), where ?'a = 'a] eq [OF nc(1), where ?'a = 'a] le[OF nc(2), where ?'a = 'a]
  2.1554 +  let ?c = "Ipoly vs c"
  2.1555 +  let ?e = "Itm vs (y#bs) e"
  2.1556 +  have "?c=0 \<or> ?c > 0 \<or> ?c < 0" by arith
  2.1557 +  moreover {assume "?c = 0" hence ?case using eqs by auto}
  2.1558 +  moreover {assume cp: "?c > 0"
  2.1559 +    {fix x assume xz: "x > -?e / ?c" hence "?c * x > - ?e"
  2.1560 +	using pos_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  2.1561 +      hence "?c * x + ?e > 0" by simp
  2.1562 +      hence "Ifm vs (x#bs) (Le (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (Le (CNP 0 c e)))"
  2.1563 +	using tmbound0_I[OF nbe, where b="y" and b'="x"] cp eqs by auto} hence ?case by auto}
  2.1564 +  moreover {assume cp: "?c < 0"
  2.1565 +    {fix x assume xz: "x > -?e / ?c" hence "?c * x < - ?e"
  2.1566 +	using neg_divide_less_eq[OF cp, where a="x" and b="-?e"] by (simp add: mult_commute)
  2.1567 +      hence "?c * x + ?e < 0" by simp
  2.1568 +      hence "Ifm vs (x#bs) (Le (CNP 0 c e)) = Ifm vs (x#bs) (plusinf (Le (CNP 0 c e)))"
  2.1569 +	using tmbound0_I[OF nbe, where b="y" and b'="x"] cp eqs by auto} hence ?case by auto}
  2.1570 +  ultimately show ?case by blast
  2.1571 +qed (auto)
  2.1572 +
  2.1573 +lemma minusinf_nb: "islin p \<Longrightarrow> bound0 (minusinf p)" 
  2.1574 +  by (induct p rule: minusinf.induct, auto simp add: eq_nb lt_nb le_nb)
  2.1575 +lemma plusinf_nb: "islin p \<Longrightarrow> bound0 (plusinf p)" 
  2.1576 +  by (induct p rule: minusinf.induct, auto simp add: eq_nb lt_nb le_nb)
  2.1577 +
  2.1578 +lemma minusinf_ex: assumes lp: "islin p" and ex: "Ifm vs (x#bs) (minusinf p)"
  2.1579 +  shows "\<exists>x. Ifm vs (x#bs) p"
  2.1580 +proof-
  2.1581 +  from bound0_I [OF minusinf_nb[OF lp], where b="a" and bs ="bs"] ex
  2.1582 +  have th: "\<forall> x. Ifm vs (x#bs) (minusinf p)" by auto
  2.1583 +  from minusinf_inf[OF lp, where bs="bs"] 
  2.1584 +  obtain z where z_def: "\<forall>x<z. Ifm vs (x # bs) (minusinf p) = Ifm vs (x # bs) p" by blast
  2.1585 +  from th have "Ifm vs ((z - 1)#bs) (minusinf p)" by simp
  2.1586 +  moreover have "z - 1 < z" by simp
  2.1587 +  ultimately show ?thesis using z_def by auto
  2.1588 +qed
  2.1589 +
  2.1590 +lemma plusinf_ex: assumes lp: "islin p" and ex: "Ifm vs (x#bs) (plusinf p)"
  2.1591 +  shows "\<exists>x. Ifm vs (x#bs) p"
  2.1592 +proof-
  2.1593 +  from bound0_I [OF plusinf_nb[OF lp], where b="a" and bs ="bs"] ex
  2.1594 +  have th: "\<forall> x. Ifm vs (x#bs) (plusinf p)" by auto
  2.1595 +  from plusinf_inf[OF lp, where bs="bs"] 
  2.1596 +  obtain z where z_def: "\<forall>x>z. Ifm vs (x # bs) (plusinf p) = Ifm vs (x # bs) p" by blast
  2.1597 +  from th have "Ifm vs ((z + 1)#bs) (plusinf p)" by simp
  2.1598 +  moreover have "z + 1 > z" by simp
  2.1599 +  ultimately show ?thesis using z_def by auto
  2.1600 +qed
  2.1601 +
  2.1602 +fun uset :: "fm \<Rightarrow> (poly \<times> tm) list" where
  2.1603 +  "uset (And p q) = uset p @ uset q"
  2.1604 +| "uset (Or p q) = uset p @ uset q"
  2.1605 +| "uset (Eq (CNP 0 a e))  = [(a,e)]"
  2.1606 +| "uset (Le (CNP 0 a e))  = [(a,e)]"
  2.1607 +| "uset (Lt (CNP 0 a e))  = [(a,e)]"
  2.1608 +| "uset (NEq (CNP 0 a e)) = [(a,e)]"
  2.1609 +| "uset p = []"
  2.1610 +
  2.1611 +lemma uset_l:
  2.1612 +  assumes lp: "islin p"
  2.1613 +  shows "\<forall> (c,s) \<in> set (uset p). isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s"
  2.1614 +using lp by(induct p rule: uset.induct,auto)
  2.1615 +
  2.1616 +lemma minusinf_uset0:
  2.1617 +  assumes lp: "islin p"
  2.1618 +  and nmi: "\<not> (Ifm vs (x#bs) (minusinf p))"
  2.1619 +  and ex: "Ifm vs (x#bs) p" (is "?I x p")
  2.1620 +  shows "\<exists> (c,s) \<in> set (uset p). x \<ge> - Itm vs (x#bs) s / Ipoly vs c" 
  2.1621 +proof-
  2.1622 +  have "\<exists> (c,s) \<in> set (uset p). (Ipoly vs c < 0 \<and> Ipoly vs c * x \<le> - Itm vs (x#bs) s) \<or>  (Ipoly vs c > 0 \<and> Ipoly vs c * x \<ge> - Itm vs (x#bs) s)" 
  2.1623 +    using lp nmi ex
  2.1624 +    apply (induct p rule: minusinf.induct, auto simp add: eq le lt nth_pos2 polyneg_norm)
  2.1625 +    apply (auto simp add: linorder_not_less order_le_less)
  2.1626 +    done 
  2.1627 +  then obtain c s where csU: "(c,s) \<in> set (uset p)" and x: "(Ipoly vs c < 0 \<and> Ipoly vs c * x \<le> - Itm vs (x#bs) s) \<or>  (Ipoly vs c > 0 \<and> Ipoly vs c * x \<ge> - Itm vs (x#bs) s)" by blast
  2.1628 +  hence "x \<ge> (- Itm vs (x#bs) s) / Ipoly vs c"
  2.1629 +    using divide_le_eq[of "- Itm vs (x#bs) s" "Ipoly vs c" x]
  2.1630 +    by (auto simp add: mult_commute del: divide_minus_left)
  2.1631 +  thus ?thesis using csU by auto
  2.1632 +qed
  2.1633 +
  2.1634 +lemma minusinf_uset:
  2.1635 +  assumes lp: "islin p"
  2.1636 +  and nmi: "\<not> (Ifm vs (a#bs) (minusinf p))"
  2.1637 +  and ex: "Ifm vs (x#bs) p" (is "?I x p")
  2.1638 +  shows "\<exists> (c,s) \<in> set (uset p). x \<ge> - Itm vs (a#bs) s / Ipoly vs c" 
  2.1639 +proof-
  2.1640 +  from nmi have nmi': "\<not> (Ifm vs (x#bs) (minusinf p))" 
  2.1641 +    by (simp add: bound0_I[OF minusinf_nb[OF lp], where b=x and b'=a])
  2.1642 +  from minusinf_uset0[OF lp nmi' ex] 
  2.1643 +  obtain c s where csU: "(c,s) \<in> set (uset p)" and th: "x \<ge> - Itm vs (x#bs) s / Ipoly vs c" by blast
  2.1644 +  from uset_l[OF lp, rule_format, OF csU] have nb: "tmbound0 s" by simp
  2.1645 +  from th tmbound0_I[OF nb, of vs x bs a] csU show ?thesis by auto
  2.1646 +qed
  2.1647 +
  2.1648 +
  2.1649 +lemma plusinf_uset0:
  2.1650 +  assumes lp: "islin p"
  2.1651 +  and nmi: "\<not> (Ifm vs (x#bs) (plusinf p))"
  2.1652 +  and ex: "Ifm vs (x#bs) p" (is "?I x p")
  2.1653 +  shows "\<exists> (c,s) \<in> set (uset p). x \<le> - Itm vs (x#bs) s / Ipoly vs c" 
  2.1654 +proof-
  2.1655 +  have "\<exists> (c,s) \<in> set (uset p). (Ipoly vs c < 0 \<and> Ipoly vs c * x \<ge> - Itm vs (x#bs) s) \<or>  (Ipoly vs c > 0 \<and> Ipoly vs c * x \<le> - Itm vs (x#bs) s)" 
  2.1656 +    using lp nmi ex
  2.1657 +    apply (induct p rule: minusinf.induct, auto simp add: eq le lt nth_pos2 polyneg_norm)
  2.1658 +    apply (auto simp add: linorder_not_less order_le_less)
  2.1659 +    done 
  2.1660 +  then obtain c s where csU: "(c,s) \<in> set (uset p)" and x: "(Ipoly vs c < 0 \<and> Ipoly vs c * x \<ge> - Itm vs (x#bs) s) \<or>  (Ipoly vs c > 0 \<and> Ipoly vs c * x \<le> - Itm vs (x#bs) s)" by blast
  2.1661 +  hence "x \<le> (- Itm vs (x#bs) s) / Ipoly vs c"
  2.1662 +    using le_divide_eq[of x "- Itm vs (x#bs) s" "Ipoly vs c"]
  2.1663 +    by (auto simp add: mult_commute del: divide_minus_left)
  2.1664 +  thus ?thesis using csU by auto
  2.1665 +qed
  2.1666 +
  2.1667 +lemma plusinf_uset:
  2.1668 +  assumes lp: "islin p"
  2.1669 +  and nmi: "\<not> (Ifm vs (a#bs) (plusinf p))"
  2.1670 +  and ex: "Ifm vs (x#bs) p" (is "?I x p")
  2.1671 +  shows "\<exists> (c,s) \<in> set (uset p). x \<le> - Itm vs (a#bs) s / Ipoly vs c" 
  2.1672 +proof-
  2.1673 +  from nmi have nmi': "\<not> (Ifm vs (x#bs) (plusinf p))" 
  2.1674 +    by (simp add: bound0_I[OF plusinf_nb[OF lp], where b=x and b'=a])
  2.1675 +  from plusinf_uset0[OF lp nmi' ex] 
  2.1676 +  obtain c s where csU: "(c,s) \<in> set (uset p)" and th: "x \<le> - Itm vs (x#bs) s / Ipoly vs c" by blast
  2.1677 +  from uset_l[OF lp, rule_format, OF csU] have nb: "tmbound0 s" by simp
  2.1678 +  from th tmbound0_I[OF nb, of vs x bs a] csU show ?thesis by auto
  2.1679 +qed
  2.1680 +
  2.1681 +lemma lin_dense: 
  2.1682 +  assumes lp: "islin p"
  2.1683 +  and noS: "\<forall> t. l < t \<and> t< u \<longrightarrow> t \<notin> (\<lambda> (c,t). - Itm vs (x#bs) t / Ipoly vs c) ` set (uset p)" 
  2.1684 +  (is "\<forall> t. _ \<and> _ \<longrightarrow> t \<notin> (\<lambda> (c,t). - ?Nt x t / ?N c) ` ?U p")
  2.1685 +  and lx: "l < x" and xu:"x < u" and px:" Ifm vs (x#bs) p"
  2.1686 +  and ly: "l < y" and yu: "y < u"
  2.1687 +  shows "Ifm vs (y#bs) p"
  2.1688 +using lp px noS
  2.1689 +proof (induct p rule: islin.induct) 
  2.1690 +  case (5 c s)
  2.1691 +  from "5.prems" 
  2.1692 +  have lin: "isnpoly c" "c \<noteq> 0\<^sub>p" "tmbound0 s" "allpolys isnpoly s"
  2.1693 +    and px: "Ifm vs (x # bs) (Lt (CNP 0 c s))"
  2.1694 +    and noS: "\<forall>t. l < t \<and> t < u \<longrightarrow> t \<noteq> - Itm vs (x # bs) s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp_all
  2.1695 +  from ly yu noS have yne: "y \<noteq> - ?Nt x s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp
  2.1696 +  hence ycs: "y < - ?Nt x s / ?N c \<or> y > -?Nt x s / ?N c" by auto
  2.1697 +  have ccs: "?N c = 0 \<or> ?N c < 0 \<or> ?N c > 0" by dlo
  2.1698 +  moreover
  2.1699 +  {assume "?N c = 0" hence ?case using px by (simp add: tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"])}
  2.1700 +  moreover
  2.1701 +  {assume c: "?N c > 0"
  2.1702 +      from px pos_less_divide_eq[OF c, where a="x" and b="-?Nt x s"]  
  2.1703 +      have px': "x < - ?Nt x s / ?N c" 
  2.1704 +	by (auto simp add: not_less ring_simps) 
  2.1705 +    {assume y: "y < - ?Nt x s / ?N c" 
  2.1706 +      hence "y * ?N c < - ?Nt x s"
  2.1707 +	by (simp add: pos_less_divide_eq[OF c, where a="y" and b="-?Nt x s", symmetric])
  2.1708 +      hence "?N c * y + ?Nt x s < 0" by (simp add: ring_simps)
  2.1709 +      hence ?case using tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"] by simp}
  2.1710 +    moreover
  2.1711 +    {assume y: "y > -?Nt x s / ?N c" 
  2.1712 +      with yu have eu: "u > - ?Nt x s / ?N c" by auto
  2.1713 +      with noS ly yu have th: "- ?Nt x s / ?N c \<le> l" by (cases "- ?Nt x s / ?N c > l", auto)
  2.1714 +      with lx px' have "False" by simp  hence ?case by simp }
  2.1715 +    ultimately have ?case using ycs by blast
  2.1716 +  }
  2.1717 +  moreover
  2.1718 +  {assume c: "?N c < 0"
  2.1719 +      from px neg_divide_less_eq[OF c, where a="x" and b="-?Nt x s"]  
  2.1720 +      have px': "x > - ?Nt x s / ?N c" 
  2.1721 +	by (auto simp add: not_less ring_simps) 
  2.1722 +    {assume y: "y > - ?Nt x s / ?N c" 
  2.1723 +      hence "y * ?N c < - ?Nt x s"
  2.1724 +	by (simp add: neg_divide_less_eq[OF c, where a="y" and b="-?Nt x s", symmetric])
  2.1725 +      hence "?N c * y + ?Nt x s < 0" by (simp add: ring_simps)
  2.1726 +      hence ?case using tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"] by simp}
  2.1727 +    moreover
  2.1728 +    {assume y: "y < -?Nt x s / ?N c" 
  2.1729 +      with ly have eu: "l < - ?Nt x s / ?N c" by auto
  2.1730 +      with noS ly yu have th: "- ?Nt x s / ?N c \<ge> u" by (cases "- ?Nt x s / ?N c < u", auto)
  2.1731 +      with xu px' have "False" by simp  hence ?case by simp }
  2.1732 +    ultimately have ?case using ycs by blast
  2.1733 +  }
  2.1734 +  ultimately show ?case by blast
  2.1735 +next
  2.1736 +  case (6 c s)
  2.1737 +  from "6.prems" 
  2.1738 +  have lin: "isnpoly c" "c \<noteq> 0\<^sub>p" "tmbound0 s" "allpolys isnpoly s"
  2.1739 +    and px: "Ifm vs (x # bs) (Le (CNP 0 c s))"
  2.1740 +    and noS: "\<forall>t. l < t \<and> t < u \<longrightarrow> t \<noteq> - Itm vs (x # bs) s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp_all
  2.1741 +  from ly yu noS have yne: "y \<noteq> - ?Nt x s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp
  2.1742 +  hence ycs: "y < - ?Nt x s / ?N c \<or> y > -?Nt x s / ?N c" by auto
  2.1743 +  have ccs: "?N c = 0 \<or> ?N c < 0 \<or> ?N c > 0" by dlo
  2.1744 +  moreover
  2.1745 +  {assume "?N c = 0" hence ?case using px by (simp add: tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"])}
  2.1746 +  moreover
  2.1747 +  {assume c: "?N c > 0"
  2.1748 +      from px pos_le_divide_eq[OF c, where a="x" and b="-?Nt x s"]  
  2.1749 +      have px': "x <= - ?Nt x s / ?N c" by (simp add: not_less ring_simps) 
  2.1750 +    {assume y: "y < - ?Nt x s / ?N c" 
  2.1751 +      hence "y * ?N c < - ?Nt x s"
  2.1752 +	by (simp add: pos_less_divide_eq[OF c, where a="y" and b="-?Nt x s", symmetric])
  2.1753 +      hence "?N c * y + ?Nt x s < 0" by (simp add: ring_simps)
  2.1754 +      hence ?case using tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"] by simp}
  2.1755 +    moreover
  2.1756 +    {assume y: "y > -?Nt x s / ?N c" 
  2.1757 +      with yu have eu: "u > - ?Nt x s / ?N c" by auto
  2.1758 +      with noS ly yu have th: "- ?Nt x s / ?N c \<le> l" by (cases "- ?Nt x s / ?N c > l", auto)
  2.1759 +      with lx px' have "False" by simp  hence ?case by simp }
  2.1760 +    ultimately have ?case using ycs by blast
  2.1761 +  }
  2.1762 +  moreover
  2.1763 +  {assume c: "?N c < 0"
  2.1764 +      from px neg_divide_le_eq[OF c, where a="x" and b="-?Nt x s"]  
  2.1765 +      have px': "x >= - ?Nt x s / ?N c" by (simp add: ring_simps) 
  2.1766 +    {assume y: "y > - ?Nt x s / ?N c" 
  2.1767 +      hence "y * ?N c < - ?Nt x s"
  2.1768 +	by (simp add: neg_divide_less_eq[OF c, where a="y" and b="-?Nt x s", symmetric])
  2.1769 +      hence "?N c * y + ?Nt x s < 0" by (simp add: ring_simps)
  2.1770 +      hence ?case using tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"] by simp}
  2.1771 +    moreover
  2.1772 +    {assume y: "y < -?Nt x s / ?N c" 
  2.1773 +      with ly have eu: "l < - ?Nt x s / ?N c" by auto
  2.1774 +      with noS ly yu have th: "- ?Nt x s / ?N c \<ge> u" by (cases "- ?Nt x s / ?N c < u", auto)
  2.1775 +      with xu px' have "False" by simp  hence ?case by simp }
  2.1776 +    ultimately have ?case using ycs by blast
  2.1777 +  }
  2.1778 +  ultimately show ?case by blast
  2.1779 +next
  2.1780 +    case (3 c s)
  2.1781 +  from "3.prems" 
  2.1782 +  have lin: "isnpoly c" "c \<noteq> 0\<^sub>p" "tmbound0 s" "allpolys isnpoly s"
  2.1783 +    and px: "Ifm vs (x # bs) (Eq (CNP 0 c s))"
  2.1784 +    and noS: "\<forall>t. l < t \<and> t < u \<longrightarrow> t \<noteq> - Itm vs (x # bs) s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp_all
  2.1785 +  from ly yu noS have yne: "y \<noteq> - ?Nt x s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp
  2.1786 +  hence ycs: "y < - ?Nt x s / ?N c \<or> y > -?Nt x s / ?N c" by auto
  2.1787 +  have ccs: "?N c = 0 \<or> ?N c < 0 \<or> ?N c > 0" by dlo
  2.1788 +  moreover
  2.1789 +  {assume "?N c = 0" hence ?case using px by (simp add: tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"])}
  2.1790 +  moreover
  2.1791 +  {assume c: "?N c > 0" hence cnz: "?N c \<noteq> 0" by simp
  2.1792 +    from px eq_divide_eq[of "x" "-?Nt x s" "?N c"]  cnz
  2.1793 +    have px': "x = - ?Nt x s / ?N c" by (simp add: ring_simps)
  2.1794 +    {assume y: "y < -?Nt x s / ?N c" 
  2.1795 +      with ly have eu: "l < - ?Nt x s / ?N c" by auto
  2.1796 +      with noS ly yu have th: "- ?Nt x s / ?N c \<ge> u" by (cases "- ?Nt x s / ?N c < u", auto)
  2.1797 +      with xu px' have "False" by simp  hence ?case by simp }
  2.1798 +    moreover
  2.1799 +    {assume y: "y > -?Nt x s / ?N c" 
  2.1800 +      with yu have eu: "u > - ?Nt x s / ?N c" by auto
  2.1801 +      with noS ly yu have th: "- ?Nt x s / ?N c \<le> l" by (cases "- ?Nt x s / ?N c > l", auto)
  2.1802 +      with lx px' have "False" by simp  hence ?case by simp }
  2.1803 +    ultimately have ?case using ycs by blast
  2.1804 +  }
  2.1805 +  moreover
  2.1806 +  {assume c: "?N c < 0" hence cnz: "?N c \<noteq> 0" by simp
  2.1807 +    from px eq_divide_eq[of "x" "-?Nt x s" "?N c"]  cnz
  2.1808 +    have px': "x = - ?Nt x s / ?N c" by (simp add: ring_simps)
  2.1809 +    {assume y: "y < -?Nt x s / ?N c" 
  2.1810 +      with ly have eu: "l < - ?Nt x s / ?N c" by auto
  2.1811 +      with noS ly yu have th: "- ?Nt x s / ?N c \<ge> u" by (cases "- ?Nt x s / ?N c < u", auto)
  2.1812 +      with xu px' have "False" by simp  hence ?case by simp }
  2.1813 +    moreover
  2.1814 +    {assume y: "y > -?Nt x s / ?N c" 
  2.1815 +      with yu have eu: "u > - ?Nt x s / ?N c" by auto
  2.1816 +      with noS ly yu have th: "- ?Nt x s / ?N c \<le> l" by (cases "- ?Nt x s / ?N c > l", auto)
  2.1817 +      with lx px' have "False" by simp  hence ?case by simp }
  2.1818 +    ultimately have ?case using ycs by blast
  2.1819 +  }
  2.1820 +  ultimately show ?case by blast
  2.1821 +next
  2.1822 +    case (4 c s)
  2.1823 +  from "4.prems" 
  2.1824 +  have lin: "isnpoly c" "c \<noteq> 0\<^sub>p" "tmbound0 s" "allpolys isnpoly s"
  2.1825 +    and px: "Ifm vs (x # bs) (NEq (CNP 0 c s))"
  2.1826 +    and noS: "\<forall>t. l < t \<and> t < u \<longrightarrow> t \<noteq> - Itm vs (x # bs) s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp_all
  2.1827 +  from ly yu noS have yne: "y \<noteq> - ?Nt x s / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" by simp
  2.1828 +  hence ycs: "y < - ?Nt x s / ?N c \<or> y > -?Nt x s / ?N c" by auto
  2.1829 +  have ccs: "?N c = 0 \<or> ?N c \<noteq> 0" by dlo
  2.1830 +  moreover
  2.1831 +  {assume "?N c = 0" hence ?case using px by (simp add: tmbound0_I[OF lin(3), where bs="bs" and b="x" and b'="y"])}
  2.1832 +  moreover
  2.1833 +  {assume c: "?N c \<noteq> 0"
  2.1834 +    from yne c eq_divide_eq[of "y" "- ?Nt x s" "?N c"] have ?case
  2.1835 +      by (simp add: ring_simps tmbound0_I[OF lin(3), of vs x bs y] sum_eq[symmetric]) }
  2.1836 +  ultimately show ?case by blast
  2.1837 +qed (auto simp add: nth_pos2 tmbound0_I[where vs=vs and bs="bs" and b="y" and b'="x"] bound0_I[where vs=vs and bs="bs" and b="y" and b'="x"])
  2.1838 +
  2.1839 +lemma one_plus_one_pos[simp]: "(1::'a::{ordered_field}) + 1 > 0"
  2.1840 +proof-
  2.1841 +  have op: "(1::'a) > 0" by simp
  2.1842 +  from add_pos_pos[OF op op] show ?thesis . 
  2.1843 +qed
  2.1844 +
  2.1845 +lemma one_plus_one_nonzero[simp]: "(1::'a::{ordered_field}) + 1 \<noteq> 0" 
  2.1846 +  using one_plus_one_pos[where ?'a = 'a] by (simp add: less_le) 
  2.1847 +
  2.1848 +lemma half_sum_eq: "(u + u) / (1+1) = (u::'a::{ordered_field})" 
  2.1849 +proof-
  2.1850 +  have "(u + u) = (1 + 1) * u" by (simp add: ring_simps)
  2.1851 +  hence "(u + u) / (1+1) = (1 + 1)*u / (1 + 1)" by simp
  2.1852 +  with nonzero_mult_divide_cancel_left[OF one_plus_one_nonzero, of u] show ?thesis by simp
  2.1853 +qed
  2.1854 +
  2.1855 +lemma inf_uset:
  2.1856 +  assumes lp: "islin p"
  2.1857 +  and nmi: "\<not> (Ifm vs (x#bs) (minusinf p))" (is "\<not> (Ifm vs (x#bs) (?M p))")
  2.1858 +  and npi: "\<not> (Ifm vs (x#bs) (plusinf p))" (is "\<not> (Ifm vs (x#bs) (?P p))")
  2.1859 +  and ex: "\<exists> x.  Ifm vs (x#bs) p" (is "\<exists> x. ?I x p")
  2.1860 +  shows "\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). ?I ((- Itm vs (x#bs) t / Ipoly vs c + - Itm vs (x#bs) s / Ipoly vs d) / (1 + 1)) p" 
  2.1861 +proof-
  2.1862 +  let ?Nt = "\<lambda> x t. Itm vs (x#bs) t"
  2.1863 +  let ?N = "Ipoly vs"
  2.1864 +  let ?U = "set (uset p)"
  2.1865 +  from ex obtain a where pa: "?I a p" by blast
  2.1866 +  from bound0_I[OF minusinf_nb[OF lp], where bs="bs" and b="x" and b'="a"] nmi
  2.1867 +  have nmi': "\<not> (?I a (?M p))" by simp
  2.1868 +  from bound0_I[OF plusinf_nb[OF lp], where bs="bs" and b="x" and b'="a"] npi
  2.1869 +  have npi': "\<not> (?I a (?P p))" by simp
  2.1870 +  have "\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). ?I ((- ?Nt a t/?N c + - ?Nt a s /?N d) / (1 + 1)) p"
  2.1871 +  proof-
  2.1872 +    let ?M = "(\<lambda> (c,t). - ?Nt a t / ?N c) ` ?U"
  2.1873 +    have fM: "finite ?M" by auto
  2.1874 +    from minusinf_uset[OF lp nmi pa] plusinf_uset[OF lp npi pa] 
  2.1875 +    have "\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). a \<le> - ?Nt x t / ?N c \<and> a \<ge> - ?Nt x s / ?N d" by blast
  2.1876 +    then obtain "c" "t" "d" "s" where 
  2.1877 +      ctU: "(c,t) \<in> ?U" and dsU: "(d,s) \<in> ?U" 
  2.1878 +      and xs1: "a \<le> - ?Nt x s / ?N d" and tx1: "a \<ge> - ?Nt x t / ?N c" by blast
  2.1879 +    from uset_l[OF lp] ctU dsU tmbound0_I[where bs="bs" and b="x" and b'="a"] xs1 tx1 
  2.1880 +    have xs: "a \<le> - ?Nt a s / ?N d" and tx: "a \<ge> - ?Nt a t / ?N c" by auto
  2.1881 +    from ctU have Mne: "?M \<noteq> {}" by auto
  2.1882 +    hence Une: "?U \<noteq> {}" by simp
  2.1883 +    let ?l = "Min ?M"
  2.1884 +    let ?u = "Max ?M"
  2.1885 +    have linM: "?l \<in> ?M" using fM Mne by simp
  2.1886 +    have uinM: "?u \<in> ?M" using fM Mne by simp
  2.1887 +    have ctM: "- ?Nt a t / ?N c \<in> ?M" using ctU by auto
  2.1888 +    have dsM: "- ?Nt a s / ?N d \<in> ?M" using dsU by auto 
  2.1889 +    have lM: "\<forall> t\<in> ?M. ?l \<le> t" using Mne fM by auto
  2.1890 +    have Mu: "\<forall> t\<in> ?M. t \<le> ?u" using Mne fM by auto
  2.1891 +    have "?l \<le> - ?Nt a t / ?N c" using ctM Mne by simp hence lx: "?l \<le> a" using tx by simp
  2.1892 +    have "- ?Nt a s / ?N d \<le> ?u" using dsM Mne by simp hence xu: "a \<le> ?u" using xs by simp
  2.1893 +    from finite_set_intervals2[where P="\<lambda> x. ?I x p",OF pa lx xu linM uinM fM lM Mu]
  2.1894 +    have "(\<exists> s\<in> ?M. ?I s p) \<or> 
  2.1895 +      (\<exists> t1\<in> ?M. \<exists> t2 \<in> ?M. (\<forall> y. t1 < y \<and> y < t2 \<longrightarrow> y \<notin> ?M) \<and> t1 < a \<and> a < t2 \<and> ?I a p)" .
  2.1896 +    moreover {fix u assume um: "u\<in> ?M" and pu: "?I u p"
  2.1897 +      hence "\<exists> (nu,tu) \<in> ?U. u = - ?Nt a tu / ?N nu" by auto
  2.1898 +      then obtain "tu" "nu" where tuU: "(nu,tu) \<in> ?U" and tuu:"u= - ?Nt a tu / ?N nu" by blast
  2.1899 +      from half_sum_eq[of u] pu tuu 
  2.1900 +      have "?I (((- ?Nt a tu / ?N nu) + (- ?Nt a tu / ?N nu)) / (1 + 1)) p" by simp
  2.1901 +      with tuU have ?thesis by blast}
  2.1902 +    moreover{
  2.1903 +      assume "\<exists> t1\<in> ?M. \<exists> t2 \<in> ?M. (\<forall> y. t1 < y \<and> y < t2 \<longrightarrow> y \<notin> ?M) \<and> t1 < a \<and> a < t2 \<and> ?I a p"
  2.1904 +      then obtain t1 and t2 where t1M: "t1 \<in> ?M" and t2M: "t2\<in> ?M" 
  2.1905 +	and noM: "\<forall> y. t1 < y \<and> y < t2 \<longrightarrow> y \<notin> ?M" and t1x: "t1 < a" and xt2: "a < t2" and px: "?I a p"
  2.1906 +	by blast
  2.1907 +      from t1M have "\<exists> (t1n,t1u) \<in> ?U. t1 = - ?Nt a t1u / ?N t1n" by auto
  2.1908 +      then obtain "t1u" "t1n" where t1uU: "(t1n,t1u) \<in> ?U" and t1u: "t1 = - ?Nt a t1u / ?N t1n" by blast
  2.1909 +      from t2M have "\<exists> (t2n,t2u) \<in> ?U. t2 = - ?Nt a t2u / ?N t2n" by auto
  2.1910 +      then obtain "t2u" "t2n" where t2uU: "(t2n,t2u) \<in> ?U" and t2u: "t2 = - ?Nt a t2u / ?N t2n" by blast
  2.1911 +      from t1x xt2 have t1t2: "t1 < t2" by simp
  2.1912 +      let ?u = "(t1 + t2) / (1 + 1)"
  2.1913 +      from less_half_sum[OF t1t2] gt_half_sum[OF t1t2] have t1lu: "t1 < ?u" and ut2: "?u < t2" by auto
  2.1914 +      from lin_dense[OF lp noM t1x xt2 px t1lu ut2] have "?I ?u p" .
  2.1915 +      with t1uU t2uU t1u t2u have ?thesis by blast}
  2.1916 +    ultimately show ?thesis by blast
  2.1917 +  qed
  2.1918 +  then obtain "l" "n" "s"  "m" where lnU: "(n,l) \<in> ?U" and smU:"(m,s) \<in> ?U" 
  2.1919 +    and pu: "?I ((- ?Nt a l / ?N n + - ?Nt a s / ?N m) / (1 + 1)) p" by blast
  2.1920 +  from lnU smU uset_l[OF lp] have nbl: "tmbound0 l" and nbs: "tmbound0 s" by auto
  2.1921 +  from tmbound0_I[OF nbl, where bs="bs" and b="a" and b'="x"] 
  2.1922 +    tmbound0_I[OF nbs, where bs="bs" and b="a" and b'="x"] pu
  2.1923 +  have "?I ((- ?Nt x l / ?N n + - ?Nt x s / ?N m) / (1 + 1)) p" by simp
  2.1924 +  with lnU smU
  2.1925 +  show ?thesis by auto
  2.1926 +qed
  2.1927 +
  2.1928 +    (* The Ferrante - Rackoff Theorem *)
  2.1929 +
  2.1930 +theorem fr_eq: 
  2.1931 +  assumes lp: "islin p"
  2.1932 +  shows "(\<exists> x. Ifm vs (x#bs) p) = ((Ifm vs (x#bs) (minusinf p)) \<or> (Ifm vs (x#bs) (plusinf p)) \<or> (\<exists> (n,t) \<in> set (uset p). \<exists> (m,s) \<in> set (uset p). Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs n + - Itm vs (x#bs) s / Ipoly vs m) /(1 + 1))#bs) p))"
  2.1933 +  (is "(\<exists> x. ?I x p) = (?M \<or> ?P \<or> ?F)" is "?E = ?D")
  2.1934 +proof
  2.1935 +  assume px: "\<exists> x. ?I x p"
  2.1936 +  have "?M \<or> ?P \<or> (\<not> ?M \<and> \<not> ?P)" by blast
  2.1937 +  moreover {assume "?M \<or> ?P" hence "?D" by blast}
  2.1938 +  moreover {assume nmi: "\<not> ?M" and npi: "\<not> ?P"
  2.1939 +    from inf_uset[OF lp nmi npi] have "?F" using px by blast hence "?D" by blast}
  2.1940 +  ultimately show "?D" by blast
  2.1941 +next
  2.1942 +  assume "?D" 
  2.1943 +  moreover {assume m:"?M" from minusinf_ex[OF lp m] have "?E" .}
  2.1944 +  moreover {assume p: "?P" from plusinf_ex[OF lp p] have "?E" . }
  2.1945 +  moreover {assume f:"?F" hence "?E" by blast}
  2.1946 +  ultimately show "?E" by blast
  2.1947 +qed
  2.1948 +
  2.1949 +section{* First implementation : Naive by encoding all case splits locally *}
  2.1950 +definition "msubsteq c t d s a r = 
  2.1951 +  evaldjf (split conj) 
  2.1952 +  [(let cd = c *\<^sub>p d in (NEq (CP cd), Eq (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2.1953 +   (conj (Eq (CP c)) (NEq (CP d)) , Eq (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2.1954 +   (conj (NEq (CP c)) (Eq (CP d)) , Eq (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2.1955 +   (conj (Eq (CP c)) (Eq (CP d)) , Eq r)]"
  2.1956 +
  2.1957 +lemma msubsteq_nb: assumes lp: "islin (Eq (CNP 0 a r))" and t: "tmbound0 t" and s: "tmbound0 s"
  2.1958 +  shows "bound0 (msubsteq c t d s a r)"
  2.1959 +proof-
  2.1960 +  have th: "\<forall>x\<in> set [(let cd = c *\<^sub>p d in (NEq (CP cd), Eq (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2.1961 +   (conj (Eq (CP c)) (NEq (CP d)) , Eq (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2.1962 +   (conj (NEq (CP c)) (Eq (CP d)) , Eq (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2.1963 +   (conj (Eq (CP c)) (Eq (CP d)) , Eq r)]. bound0 (split conj x)"
  2.1964 +    using lp by (simp add: Let_def t s )
  2.1965 +  from evaldjf_bound0[OF th] show ?thesis by (simp add: msubsteq_def)
  2.1966 +qed
  2.1967 +
  2.1968 +lemma msubsteq: assumes lp: "islin (Eq (CNP 0 a r))"
  2.1969 +  shows "Ifm vs (x#bs) (msubsteq c t d s a r) = Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs c + - Itm vs (x#bs) s / Ipoly vs d) /(1 + 1))#bs) (Eq (CNP 0 a r))" (is "?lhs = ?rhs")
  2.1970 +proof-
  2.1971 +  let ?Nt = "\<lambda>(x::'a) t. Itm vs (x#bs) t"
  2.1972 +  let ?N = "\<lambda>p. Ipoly vs p"
  2.1973 +  let ?c = "?N c"
  2.1974 +  let ?d = "?N d"
  2.1975 +  let ?t = "?Nt x t"
  2.1976 +  let ?s = "?Nt x s"
  2.1977 +  let ?a = "?N a"
  2.1978 +  let ?r = "?Nt x r"
  2.1979 +  from lp have lin:"isnpoly a" "a \<noteq> 0\<^sub>p" "tmbound0 r" "allpolys isnpoly r" by simp_all
  2.1980 +  note r= tmbound0_I[OF lin(3), of vs _ bs x]
  2.1981 +  have cd_cs: "?c * ?d \<noteq> 0 \<or> (?c = 0 \<and> ?d = 0) \<or> (?c = 0 \<and> ?d \<noteq> 0) \<or> (?c \<noteq> 0 \<and> ?d = 0)" by auto
  2.1982 +  moreover
  2.1983 +  {assume c: "?c = 0" and d: "?d=0"
  2.1984 +    hence ?thesis  by (simp add: r[of 0] msubsteq_def Let_def evaldjf_ex)}
  2.1985 +  moreover 
  2.1986 +  {assume c: "?c = 0" and d: "?d\<noteq>0"
  2.1987 +    from c have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = -?s / ((1 + 1)*?d)" by simp
  2.1988 +    have "?rhs = Ifm vs (-?s / ((1 + 1)*?d) # bs) (Eq (CNP 0 a r))" by (simp only: th)
  2.1989 +    also have "\<dots> \<longleftrightarrow> ?a * (-?s / ((1 + 1)*?d)) + ?r = 0" by (simp add: r[of "- (Itm vs (x # bs) s / ((1 + 1) * \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>))"])
  2.1990 +    also have "\<dots> \<longleftrightarrow> (1 + 1)*?d * (?a * (-?s / ((1 + 1)*?d)) + ?r) = 0" 
  2.1991 +      using d mult_cancel_left[of "(1 + 1)*?d" "(?a * (-?s / ((1 + 1)*?d)) + ?r)" 0] by simp
  2.1992 +    also have "\<dots> \<longleftrightarrow> (- ?a * ?s) * ((1 + 1)*?d / ((1 + 1)*?d)) + (1 + 1)*?d*?r= 0"
  2.1993 +      by (simp add: ring_simps right_distrib[of "(1 + 1)*?d"] del: right_distrib)
  2.1994 +    
  2.1995 +    also have "\<dots> \<longleftrightarrow> - (?a * ?s) + (1 + 1)*?d*?r = 0" using d by simp 
  2.1996 +    finally have ?thesis using c d 
  2.1997 +      apply (simp add: r[of "- (Itm vs (x # bs) s / ((1 + 1) * \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>))"] msubsteq_def Let_def evaldjf_ex del: one_add_one_is_two)
  2.1998 +      apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2.1999 +      apply simp
  2.2000 +      done}
  2.2001 +  moreover
  2.2002 +  {assume c: "?c \<noteq> 0" and d: "?d=0"
  2.2003 +    from d have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = -?t / ((1 + 1)*?c)" by simp
  2.2004 +    have "?rhs = Ifm vs (-?t / ((1 + 1)*?c) # bs) (Eq (CNP 0 a r))" by (simp only: th)
  2.2005 +    also have "\<dots> \<longleftrightarrow> ?a * (-?t / ((1 + 1)*?c)) + ?r = 0" by (simp add: r[of "- (?t/ ((1 + 1)* ?c))"])
  2.2006 +    also have "\<dots> \<longleftrightarrow> (1 + 1)*?c * (?a * (-?t / ((1 + 1)*?c)) + ?r) = 0" 
  2.2007 +      using c mult_cancel_left[of "(1 + 1)*?c" "(?a * (-?t / ((1 + 1)*?c)) + ?r)" 0] by simp
  2.2008 +    also have "\<dots> \<longleftrightarrow> (?a * -?t)* ((1 + 1)*?c) / ((1 + 1)*?c) + (1 + 1)*?c*?r= 0"
  2.2009 +      by (simp add: ring_simps right_distrib[of "(1 + 1)*?c"] del: right_distrib)
  2.2010 +    also have "\<dots> \<longleftrightarrow> - (?a * ?t) + (1 + 1)*?c*?r = 0" using c by simp 
  2.2011 +    finally have ?thesis using c d 
  2.2012 +      apply (simp add: r[of "- (?t/ ((1 + 1)*?c))"] msubsteq_def Let_def evaldjf_ex del: one_add_one_is_two)
  2.2013 +      apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2.2014 +      apply simp
  2.2015 +      done }
  2.2016 +  moreover
  2.2017 +  {assume c: "?c \<noteq> 0" and d: "?d\<noteq>0" hence dc: "?c * ?d *(1 + 1) \<noteq> 0" by simp
  2.2018 +    from add_frac_eq[OF c d, of "- ?t" "- ?s"]
  2.2019 +    have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)" 
  2.2020 +      by (simp add: ring_simps)
  2.2021 +    have "?rhs \<longleftrightarrow> Ifm vs (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d) # bs) (Eq (CNP 0 a r))" by (simp only: th)
  2.2022 +    also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r = 0" 
  2.2023 +      by (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"])
  2.2024 +    also have "\<dots> \<longleftrightarrow> ((1 + 1) * ?c * ?d) * (?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r) =0 "
  2.2025 +      using c d mult_cancel_left[of "(1 + 1) * ?c * ?d" "?a * (- (?d * ?t + ?c* ?s)/ ((1 + 1)*?c*?d)) + ?r" 0] by simp
  2.2026 +    also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )) + (1 + 1)*?c*?d*?r =0" 
  2.2027 +      using nonzero_mult_divide_cancel_left[OF dc] c d
  2.2028 +      by (simp add: ring_simps diff_divide_distrib del: left_distrib)
  2.2029 +    finally  have ?thesis using c d 
  2.2030 +      apply (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"] msubsteq_def Let_def evaldjf_ex ring_simps)
  2.2031 +      apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2.2032 +      apply (simp add: ring_simps)
  2.2033 +      done }
  2.2034 +  ultimately show ?thesis by blast
  2.2035 +qed
  2.2036 +
  2.2037 +
  2.2038 +definition "msubstneq c t d s a r = 
  2.2039 +  evaldjf (split conj) 
  2.2040 +  [(let cd = c *\<^sub>p d in (NEq (CP cd), NEq (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2.2041 +   (conj (Eq (CP c)) (NEq (CP d)) , NEq (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2.2042 +   (conj (NEq (CP c)) (Eq (CP d)) , NEq (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2.2043 +   (conj (Eq (CP c)) (Eq (CP d)) , NEq r)]"
  2.2044 +
  2.2045 +lemma msubstneq_nb: assumes lp: "islin (NEq (CNP 0 a r))" and t: "tmbound0 t" and s: "tmbound0 s"
  2.2046 +  shows "bound0 (msubstneq c t d s a r)"
  2.2047 +proof-
  2.2048 +  have th: "\<forall>x\<in> set [(let cd = c *\<^sub>p d in (NEq (CP cd), NEq (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))), 
  2.2049 +    (conj (Eq (CP c)) (NEq (CP d)) , NEq (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2.2050 +    (conj (NEq (CP c)) (Eq (CP d)) , NEq (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2.2051 +    (conj (Eq (CP c)) (Eq (CP d)) , NEq r)]. bound0 (split conj x)"
  2.2052 +    using lp by (simp add: Let_def t s )
  2.2053 +  from evaldjf_bound0[OF th] show ?thesis by (simp add: msubstneq_def)
  2.2054 +qed
  2.2055 +
  2.2056 +lemma msubstneq: assumes lp: "islin (Eq (CNP 0 a r))"
  2.2057 +  shows "Ifm vs (x#bs) (msubstneq c t d s a r) = Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs c + - Itm vs (x#bs) s / Ipoly vs d) /(1 + 1))#bs) (NEq (CNP 0 a r))" (is "?lhs = ?rhs")
  2.2058 +proof-
  2.2059 +  let ?Nt = "\<lambda>(x::'a) t. Itm vs (x#bs) t"
  2.2060 +  let ?N = "\<lambda>p. Ipoly vs p"
  2.2061 +  let ?c = "?N c"
  2.2062 +  let ?d = "?N d"
  2.2063 +  let ?t = "?Nt x t"
  2.2064 +  let ?s = "?Nt x s"
  2.2065 +  let ?a = "?N a"
  2.2066 +  let ?r = "?Nt x r"
  2.2067 +  from lp have lin:"isnpoly a" "a \<noteq> 0\<^sub>p" "tmbound0 r" "allpolys isnpoly r" by simp_all
  2.2068 +  note r= tmbound0_I[OF lin(3), of vs _ bs x]
  2.2069 +  have cd_cs: "?c * ?d \<noteq> 0 \<or> (?c = 0 \<and> ?d = 0) \<or> (?c = 0 \<and> ?d \<noteq> 0) \<or> (?c \<noteq> 0 \<and> ?d = 0)" by auto
  2.2070 +  moreover
  2.2071 +  {assume c: "?c = 0" and d: "?d=0"
  2.2072 +    hence ?thesis  by (simp add: r[of 0] msubstneq_def Let_def evaldjf_ex)}
  2.2073 +  moreover 
  2.2074 +  {assume c: "?c = 0" and d: "?d\<noteq>0"
  2.2075 +    from c have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = -?s / ((1 + 1)*?d)" by simp
  2.2076 +    have "?rhs = Ifm vs (-?s / ((1 + 1)*?d) # bs) (NEq (CNP 0 a r))" by (simp only: th)
  2.2077 +    also have "\<dots> \<longleftrightarrow> ?a * (-?s / ((1 + 1)*?d)) + ?r \<noteq> 0" by (simp add: r[of "- (Itm vs (x # bs) s / ((1 + 1) * \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>))"])
  2.2078 +    also have "\<dots> \<longleftrightarrow> (1 + 1)*?d * (?a * (-?s / ((1 + 1)*?d)) + ?r) \<noteq> 0" 
  2.2079 +      using d mult_cancel_left[of "(1 + 1)*?d" "(?a * (-?s / ((1 + 1)*?d)) + ?r)" 0] by simp
  2.2080 +    also have "\<dots> \<longleftrightarrow> (- ?a * ?s) * ((1 + 1)*?d / ((1 + 1)*?d)) + (1 + 1)*?d*?r\<noteq> 0"
  2.2081 +      by (simp add: ring_simps right_distrib[of "(1 + 1)*?d"] del: right_distrib)
  2.2082 +    
  2.2083 +    also have "\<dots> \<longleftrightarrow> - (?a * ?s) + (1 + 1)*?d*?r \<noteq> 0" using d by simp 
  2.2084 +    finally have ?thesis using c d 
  2.2085 +      apply (simp add: r[of "- (Itm vs (x # bs) s / ((1 + 1) * \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>))"] msubstneq_def Let_def evaldjf_ex del: one_add_one_is_two)
  2.2086 +      apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2.2087 +      apply simp
  2.2088 +      done}
  2.2089 +  moreover
  2.2090 +  {assume c: "?c \<noteq> 0" and d: "?d=0"
  2.2091 +    from d have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = -?t / ((1 + 1)*?c)" by simp
  2.2092 +    have "?rhs = Ifm vs (-?t / ((1 + 1)*?c) # bs) (NEq (CNP 0 a r))" by (simp only: th)
  2.2093 +    also have "\<dots> \<longleftrightarrow> ?a * (-?t / ((1 + 1)*?c)) + ?r \<noteq> 0" by (simp add: r[of "- (?t/ ((1 + 1)* ?c))"])
  2.2094 +    also have "\<dots> \<longleftrightarrow> (1 + 1)*?c * (?a * (-?t / ((1 + 1)*?c)) + ?r) \<noteq> 0" 
  2.2095 +      using c mult_cancel_left[of "(1 + 1)*?c" "(?a * (-?t / ((1 + 1)*?c)) + ?r)" 0] by simp
  2.2096 +    also have "\<dots> \<longleftrightarrow> (?a * -?t)* ((1 + 1)*?c) / ((1 + 1)*?c) + (1 + 1)*?c*?r \<noteq> 0"
  2.2097 +      by (simp add: ring_simps right_distrib[of "(1 + 1)*?c"] del: right_distrib)
  2.2098 +    also have "\<dots> \<longleftrightarrow> - (?a * ?t) + (1 + 1)*?c*?r \<noteq> 0" using c by simp 
  2.2099 +    finally have ?thesis using c d 
  2.2100 +      apply (simp add: r[of "- (?t/ ((1 + 1)*?c))"] msubstneq_def Let_def evaldjf_ex del: one_add_one_is_two)
  2.2101 +      apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2.2102 +      apply simp
  2.2103 +      done }
  2.2104 +  moreover
  2.2105 +  {assume c: "?c \<noteq> 0" and d: "?d\<noteq>0" hence dc: "?c * ?d *(1 + 1) \<noteq> 0" by simp
  2.2106 +    from add_frac_eq[OF c d, of "- ?t" "- ?s"]
  2.2107 +    have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)" 
  2.2108 +      by (simp add: ring_simps)
  2.2109 +    have "?rhs \<longleftrightarrow> Ifm vs (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d) # bs) (NEq (CNP 0 a r))" by (simp only: th)
  2.2110 +    also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r \<noteq> 0" 
  2.2111 +      by (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"])
  2.2112 +    also have "\<dots> \<longleftrightarrow> ((1 + 1) * ?c * ?d) * (?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r) \<noteq> 0 "
  2.2113 +      using c d mult_cancel_left[of "(1 + 1) * ?c * ?d" "?a * (- (?d * ?t + ?c* ?s)/ ((1 + 1)*?c*?d)) + ?r" 0] by simp
  2.2114 +    also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )) + (1 + 1)*?c*?d*?r \<noteq> 0" 
  2.2115 +      using nonzero_mult_divide_cancel_left[OF dc] c d
  2.2116 +      by (simp add: ring_simps diff_divide_distrib del: left_distrib)
  2.2117 +    finally  have ?thesis using c d 
  2.2118 +      apply (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"] msubstneq_def Let_def evaldjf_ex ring_simps)
  2.2119 +      apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2.2120 +      apply (simp add: ring_simps)
  2.2121 +      done }
  2.2122 +  ultimately show ?thesis by blast
  2.2123 +qed
  2.2124 +
  2.2125 +definition "msubstlt c t d s a r = 
  2.2126 +  evaldjf (split conj) 
  2.2127 +  [(let cd = c *\<^sub>p d in (lt (CP (~\<^sub>p cd)), Lt (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2.2128 +  (let cd = c *\<^sub>p d in (lt (CP cd), Lt (Sub (Mul a (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2.2129 +   (conj (lt (CP (~\<^sub>p c))) (Eq (CP d)) , Lt (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2.2130 +   (conj (lt (CP c)) (Eq (CP d)) , Lt (Sub (Mul a t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2.2131 +   (conj (lt (CP (~\<^sub>p d))) (Eq (CP c)) , Lt (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2.2132 +   (conj (lt (CP d)) (Eq (CP c)) , Lt (Sub (Mul a s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2.2133 +   (conj (Eq (CP c)) (Eq (CP d)) , Lt r)]"
  2.2134 +
  2.2135 +lemma msubstlt_nb: assumes lp: "islin (Lt (CNP 0 a r))" and t: "tmbound0 t" and s: "tmbound0 s"
  2.2136 +  shows "bound0 (msubstlt c t d s a r)"
  2.2137 +proof-
  2.2138 +  have th: "\<forall>x\<in> set [(let cd = c *\<^sub>p d in (lt (CP (~\<^sub>p cd)), Lt (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2.2139 +  (let cd = c *\<^sub>p d in (lt (CP cd), Lt (Sub (Mul a (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2.2140 +   (conj (lt (CP (~\<^sub>p c))) (Eq (CP d)) , Lt (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2.2141 +   (conj (lt (CP c)) (Eq (CP d)) , Lt (Sub (Mul a t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2.2142 +   (conj (lt (CP (~\<^sub>p d))) (Eq (CP c)) , Lt (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2.2143 +   (conj (lt (CP d)) (Eq (CP c)) , Lt (Sub (Mul a s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2.2144 +   (conj (Eq (CP c)) (Eq (CP d)) , Lt r)]. bound0 (split conj x)"
  2.2145 +    using lp by (simp add: Let_def t s lt_nb )
  2.2146 +  from evaldjf_bound0[OF th] show ?thesis by (simp add: msubstlt_def)
  2.2147 +qed
  2.2148 +
  2.2149 +
  2.2150 +lemma msubstlt: assumes nc: "isnpoly c" and nd: "isnpoly d" and lp: "islin (Lt (CNP 0 a r))" 
  2.2151 +  shows "Ifm vs (x#bs) (msubstlt c t d s a r) \<longleftrightarrow> 
  2.2152 +  Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs c + - Itm vs (x#bs) s / Ipoly vs d) /(1 + 1))#bs) (Lt (CNP 0 a r))" (is "?lhs = ?rhs")
  2.2153 +proof-
  2.2154 +  let ?Nt = "\<lambda>x t. Itm vs (x#bs) t"
  2.2155 +  let ?N = "\<lambda>p. Ipoly vs p"
  2.2156 +  let ?c = "?N c"
  2.2157 +  let ?d = "?N d"
  2.2158 +  let ?t = "?Nt x t"
  2.2159 +  let ?s = "?Nt x s"
  2.2160 +  let ?a = "?N a"
  2.2161 +  let ?r = "?Nt x r"
  2.2162 +  from lp have lin:"isnpoly a" "a \<noteq> 0\<^sub>p" "tmbound0 r" "allpolys isnpoly r" by simp_all
  2.2163 +  note r= tmbound0_I[OF lin(3), of vs _ bs x]
  2.2164 +  have cd_cs: "?c * ?d < 0 \<or> ?c * ?d > 0 \<or> (?c = 0 \<and> ?d = 0) \<or> (?c = 0 \<and> ?d < 0) \<or> (?c = 0 \<and> ?d > 0) \<or> (?c < 0 \<and> ?d = 0) \<or> (?c > 0 \<and> ?d = 0)" by auto
  2.2165 +  moreover
  2.2166 +  {assume c: "?c=0" and d: "?d=0"
  2.2167 +    hence ?thesis  using nc nd by (simp add: polyneg_norm lt r[of 0] msubstlt_def Let_def evaldjf_ex)}
  2.2168 +  moreover
  2.2169 +  {assume dc: "?c*?d > 0" 
  2.2170 +    from mult_pos_pos[OF one_plus_one_pos dc] have dc': "(1 + 1)*?c *?d > 0" by simp
  2.2171 +    hence c:"?c \<noteq> 0" and d: "?d\<noteq> 0" by auto
  2.2172 +    from dc' have dc'': "\<not> (1 + 1)*?c *?d < 0" by simp
  2.2173 +    from add_frac_eq[OF c d, of "- ?t" "- ?s"]
  2.2174 +    have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)" 
  2.2175 +      by (simp add: ring_simps)
  2.2176 +    have "?rhs \<longleftrightarrow> Ifm vs (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d) # bs) (Lt (CNP 0 a r))" by (simp only: th)
  2.2177 +    also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r < 0" 
  2.2178 +      by (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"])
  2.2179 +    also have "\<dots> \<longleftrightarrow> ((1 + 1) * ?c * ?d) * (?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r) < 0"
  2.2180 +      
  2.2181 +      using dc' dc'' mult_less_cancel_left_disj[of "(1 + 1) * ?c * ?d" "?a * (- (?d * ?t + ?c* ?s)/ ((1 + 1)*?c*?d)) + ?r" 0] by simp
  2.2182 +    also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )) + (1 + 1)*?c*?d*?r < 0" 
  2.2183 +      using nonzero_mult_divide_cancel_left[of "(1 + 1)*?c*?d"] c d
  2.2184 +      by (simp add: ring_simps diff_divide_distrib del: left_distrib)
  2.2185 +    finally  have ?thesis using dc c d  nc nd dc'
  2.2186 +      apply (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"] msubstlt_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm) 
  2.2187 +    apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2.2188 +    by (simp add: ring_simps order_less_not_sym[OF dc])}
  2.2189 +  moreover
  2.2190 +  {assume dc: "?c*?d < 0" 
  2.2191 +
  2.2192 +    from dc one_plus_one_pos[where ?'a='a] have dc': "(1 + 1)*?c *?d < 0"
  2.2193 +      apply (simp add: mult_less_0_iff field_simps) 
  2.2194 +      apply (rule add_neg_neg)
  2.2195 +      apply (simp_all add: mult_less_0_iff)
  2.2196 +      done
  2.2197 +    hence c:"?c \<noteq> 0" and d: "?d\<noteq> 0" by auto
  2.2198 +    from add_frac_eq[OF c d, of "- ?t" "- ?s"]
  2.2199 +    have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)" 
  2.2200 +      by (simp add: ring_simps)
  2.2201 +    have "?rhs \<longleftrightarrow> Ifm vs (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d) # bs) (Lt (CNP 0 a r))" by (simp only: th)
  2.2202 +    also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r < 0" 
  2.2203 +      by (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"])
  2.2204 +
  2.2205 +    also have "\<dots> \<longleftrightarrow> ((1 + 1) * ?c * ?d) * (?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r) > 0"
  2.2206 +      
  2.2207 +      using dc' order_less_not_sym[OF dc'] mult_less_cancel_left_disj[of "(1 + 1) * ?c * ?d" 0 "?a * (- (?d * ?t + ?c* ?s)/ ((1 + 1)*?c*?d)) + ?r"] by simp
  2.2208 +    also have "\<dots> \<longleftrightarrow> ?a * ((?d * ?t + ?c* ?s )) - (1 + 1)*?c*?d*?r < 0" 
  2.2209 +      using nonzero_mult_divide_cancel_left[of "(1 + 1)*?c*?d"] c d
  2.2210 +      by (simp add: ring_simps diff_divide_distrib del: left_distrib)
  2.2211 +    finally  have ?thesis using dc c d  nc nd
  2.2212 +      apply (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"] msubstlt_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm) 
  2.2213 +      apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2.2214 +      by (simp add: ring_simps order_less_not_sym[OF dc]) }
  2.2215 +  moreover
  2.2216 +  {assume c: "?c > 0" and d: "?d=0"  
  2.2217 +    from c have c'': "(1 + 1)*?c > 0" by (simp add: zero_less_mult_iff)
  2.2218 +    from c have c': "(1 + 1)*?c \<noteq> 0" by simp
  2.2219 +    from d have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?t / ((1 + 1)*?c)"  by (simp add: ring_simps)
  2.2220 +    have "?rhs \<longleftrightarrow> Ifm vs (- ?t / ((1 + 1)*?c) # bs) (Lt (CNP 0 a r))" by (simp only: th)
  2.2221 +    also have "\<dots> \<longleftrightarrow> ?a* (- ?t / ((1 + 1)*?c))+ ?r < 0" by (simp add: r[of "- (?t / ((1 + 1)*?c))"])
  2.2222 +    also have "\<dots> \<longleftrightarrow> (1 + 1)*?c * (?a* (- ?t / ((1 + 1)*?c))+ ?r) < 0"
  2.2223 +      using c mult_less_cancel_left_disj[of "(1 + 1) * ?c" "?a* (- ?t / ((1 + 1)*?c))+ ?r" 0] c' c'' order_less_not_sym[OF c''] by simp
  2.2224 +    also have "\<dots> \<longleftrightarrow> - ?a*?t+  (1 + 1)*?c *?r < 0" 
  2.2225 +      using nonzero_mult_divide_cancel_left[OF c'] c
  2.2226 +      by (simp add: ring_simps diff_divide_distrib less_le del: left_distrib)
  2.2227 +    finally have ?thesis using c d nc nd 
  2.2228 +      apply(simp add: r[of "- (?t / ((1 + 1)*?c))"] msubstlt_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
  2.2229 +      apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2.2230 +      using c order_less_not_sym[OF c] less_imp_neq[OF c]
  2.2231 +      by (simp add: ring_simps )  }
  2.2232 +  moreover
  2.2233 +  {assume c: "?c < 0" and d: "?d=0"  hence c': "(1 + 1)*?c \<noteq> 0" by simp
  2.2234 +    from c have c'': "(1 + 1)*?c < 0" by (simp add: mult_less_0_iff)
  2.2235 +    from d have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?t / ((1 + 1)*?c)"  by (simp add: ring_simps)
  2.2236 +    have "?rhs \<longleftrightarrow> Ifm vs (- ?t / ((1 + 1)*?c) # bs) (Lt (CNP 0 a r))" by (simp only: th)
  2.2237 +    also have "\<dots> \<longleftrightarrow> ?a* (- ?t / ((1 + 1)*?c))+ ?r < 0" by (simp add: r[of "- (?t / ((1 + 1)*?c))"])
  2.2238 +    also have "\<dots> \<longleftrightarrow> (1 + 1)*?c * (?a* (- ?t / ((1 + 1)*?c))+ ?r) > 0"
  2.2239 +      using c order_less_not_sym[OF c''] less_imp_neq[OF c''] c'' mult_less_cancel_left_disj[of "(1 + 1) * ?c" 0 "?a* (- ?t / ((1 + 1)*?c))+ ?r"] by simp
  2.2240 +    also have "\<dots> \<longleftrightarrow> ?a*?t -  (1 + 1)*?c *?r < 0" 
  2.2241 +      using nonzero_mult_divide_cancel_left[OF c'] c order_less_not_sym[OF c''] less_imp_neq[OF c''] c''
  2.2242 +	by (simp add: ring_simps diff_divide_distrib del:  left_distrib)
  2.2243 +    finally have ?thesis using c d nc nd 
  2.2244 +      apply(simp add: r[of "- (?t / ((1 + 1)*?c))"] msubstlt_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
  2.2245 +      apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2.2246 +      using c order_less_not_sym[OF c] less_imp_neq[OF c]
  2.2247 +      by (simp add: ring_simps )    }
  2.2248 +  moreover
  2.2249 +  moreover
  2.2250 +  {assume c: "?c = 0" and d: "?d>0"  
  2.2251 +    from d have d'': "(1 + 1)*?d > 0" by (simp add: zero_less_mult_iff)
  2.2252 +    from d have d': "(1 + 1)*?d \<noteq> 0" by simp
  2.2253 +    from c have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?s / ((1 + 1)*?d)"  by (simp add: ring_simps)
  2.2254 +    have "?rhs \<longleftrightarrow> Ifm vs (- ?s / ((1 + 1)*?d) # bs) (Lt (CNP 0 a r))" by (simp only: th)
  2.2255 +    also have "\<dots> \<longleftrightarrow> ?a* (- ?s / ((1 + 1)*?d))+ ?r < 0" by (simp add: r[of "- (?s / ((1 + 1)*?d))"])
  2.2256 +    also have "\<dots> \<longleftrightarrow> (1 + 1)*?d * (?a* (- ?s / ((1 + 1)*?d))+ ?r) < 0"
  2.2257 +      using d mult_less_cancel_left_disj[of "(1 + 1) * ?d" "?a* (- ?s / ((1 + 1)*?d))+ ?r" 0] d' d'' order_less_not_sym[OF d''] by simp
  2.2258 +    also have "\<dots> \<longleftrightarrow> - ?a*?s+  (1 + 1)*?d *?r < 0" 
  2.2259 +      using nonzero_mult_divide_cancel_left[OF d'] d
  2.2260 +      by (simp add: ring_simps diff_divide_distrib less_le del: left_distrib)
  2.2261 +    finally have ?thesis using c d nc nd 
  2.2262 +      apply(simp add: r[of "- (?s / ((1 + 1)*?d))"] msubstlt_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
  2.2263 +      apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2.2264 +      using d order_less_not_sym[OF d] less_imp_neq[OF d]
  2.2265 +      by (simp add: ring_simps )  }
  2.2266 +  moreover
  2.2267 +  {assume c: "?c = 0" and d: "?d<0"  hence d': "(1 + 1)*?d \<noteq> 0" by simp
  2.2268 +    from d have d'': "(1 + 1)*?d < 0" by (simp add: mult_less_0_iff)
  2.2269 +    from c have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?s / ((1 + 1)*?d)"  by (simp add: ring_simps)
  2.2270 +    have "?rhs \<longleftrightarrow> Ifm vs (- ?s / ((1 + 1)*?d) # bs) (Lt (CNP 0 a r))" by (simp only: th)
  2.2271 +    also have "\<dots> \<longleftrightarrow> ?a* (- ?s / ((1 + 1)*?d))+ ?r < 0" by (simp add: r[of "- (?s / ((1 + 1)*?d))"])
  2.2272 +    also have "\<dots> \<longleftrightarrow> (1 + 1)*?d * (?a* (- ?s / ((1 + 1)*?d))+ ?r) > 0"
  2.2273 +      using d order_less_not_sym[OF d''] less_imp_neq[OF d''] d'' mult_less_cancel_left_disj[of "(1 + 1) * ?d" 0 "?a* (- ?s / ((1 + 1)*?d))+ ?r"] by simp
  2.2274 +    also have "\<dots> \<longleftrightarrow> ?a*?s -  (1 + 1)*?d *?r < 0" 
  2.2275 +      using nonzero_mult_divide_cancel_left[OF d'] d order_less_not_sym[OF d''] less_imp_neq[OF d''] d''
  2.2276 +	by (simp add: ring_simps diff_divide_distrib del:  left_distrib)
  2.2277 +    finally have ?thesis using c d nc nd 
  2.2278 +      apply(simp add: r[of "- (?s / ((1 + 1)*?d))"] msubstlt_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
  2.2279 +      apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2.2280 +      using d order_less_not_sym[OF d] less_imp_neq[OF d]
  2.2281 +      by (simp add: ring_simps )    }
  2.2282 +ultimately show ?thesis by blast
  2.2283 +qed
  2.2284 +
  2.2285 +definition "msubstle c t d s a r = 
  2.2286 +  evaldjf (split conj) 
  2.2287 +  [(let cd = c *\<^sub>p d in (lt (CP (~\<^sub>p cd)), Le (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2.2288 +  (let cd = c *\<^sub>p d in (lt (CP cd), Le (Sub (Mul a (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2.2289 +   (conj (lt (CP (~\<^sub>p c))) (Eq (CP d)) , Le (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2.2290 +   (conj (lt (CP c)) (Eq (CP d)) , Le (Sub (Mul a t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2.2291 +   (conj (lt (CP (~\<^sub>p d))) (Eq (CP c)) , Le (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2.2292 +   (conj (lt (CP d)) (Eq (CP c)) , Le (Sub (Mul a s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2.2293 +   (conj (Eq (CP c)) (Eq (CP d)) , Le r)]"
  2.2294 +
  2.2295 +lemma msubstle_nb: assumes lp: "islin (Le (CNP 0 a r))" and t: "tmbound0 t" and s: "tmbound0 s"
  2.2296 +  shows "bound0 (msubstle c t d s a r)"
  2.2297 +proof-
  2.2298 +  have th: "\<forall>x\<in> set [(let cd = c *\<^sub>p d in (lt (CP (~\<^sub>p cd)), Le (Add (Mul (~\<^sub>p a) (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2.2299 +  (let cd = c *\<^sub>p d in (lt (CP cd), Le (Sub (Mul a (Add (Mul d t) (Mul c s))) (Mul (2\<^sub>p *\<^sub>p cd) r)))),
  2.2300 +   (conj (lt (CP (~\<^sub>p c))) (Eq (CP d)) , Le (Add (Mul (~\<^sub>p a) t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2.2301 +   (conj (lt (CP c)) (Eq (CP d)) , Le (Sub (Mul a t) (Mul (2\<^sub>p *\<^sub>p c) r))),
  2.2302 +   (conj (lt (CP (~\<^sub>p d))) (Eq (CP c)) , Le (Add (Mul (~\<^sub>p a) s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2.2303 +   (conj (lt (CP d)) (Eq (CP c)) , Le (Sub (Mul a s) (Mul (2\<^sub>p *\<^sub>p d) r))),
  2.2304 +   (conj (Eq (CP c)) (Eq (CP d)) , Le r)]. bound0 (split conj x)"
  2.2305 +    using lp by (simp add: Let_def t s lt_nb )
  2.2306 +  from evaldjf_bound0[OF th] show ?thesis by (simp add: msubstle_def)
  2.2307 +qed
  2.2308 +
  2.2309 +lemma msubstle: assumes nc: "isnpoly c" and nd: "isnpoly d" and lp: "islin (Le (CNP 0 a r))" 
  2.2310 +  shows "Ifm vs (x#bs) (msubstle c t d s a r) \<longleftrightarrow> 
  2.2311 +  Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs c + - Itm vs (x#bs) s / Ipoly vs d) /(1 + 1))#bs) (Le (CNP 0 a r))" (is "?lhs = ?rhs")
  2.2312 +proof-
  2.2313 +  let ?Nt = "\<lambda>x t. Itm vs (x#bs) t"
  2.2314 +  let ?N = "\<lambda>p. Ipoly vs p"
  2.2315 +  let ?c = "?N c"
  2.2316 +  let ?d = "?N d"
  2.2317 +  let ?t = "?Nt x t"
  2.2318 +  let ?s = "?Nt x s"
  2.2319 +  let ?a = "?N a"
  2.2320 +  let ?r = "?Nt x r"
  2.2321 +  from lp have lin:"isnpoly a" "a \<noteq> 0\<^sub>p" "tmbound0 r" "allpolys isnpoly r" by simp_all
  2.2322 +  note r= tmbound0_I[OF lin(3), of vs _ bs x]
  2.2323 +  have cd_cs: "?c * ?d < 0 \<or> ?c * ?d > 0 \<or> (?c = 0 \<and> ?d = 0) \<or> (?c = 0 \<and> ?d < 0) \<or> (?c = 0 \<and> ?d > 0) \<or> (?c < 0 \<and> ?d = 0) \<or> (?c > 0 \<and> ?d = 0)" by auto
  2.2324 +  moreover
  2.2325 +  {assume c: "?c=0" and d: "?d=0"
  2.2326 +    hence ?thesis  using nc nd by (simp add: polyneg_norm polymul_norm lt r[of 0] msubstle_def Let_def evaldjf_ex)}
  2.2327 +  moreover
  2.2328 +  {assume dc: "?c*?d > 0" 
  2.2329 +    from mult_pos_pos[OF one_plus_one_pos dc] have dc': "(1 + 1)*?c *?d > 0" by simp
  2.2330 +    hence c:"?c \<noteq> 0" and d: "?d\<noteq> 0" by auto
  2.2331 +    from dc' have dc'': "\<not> (1 + 1)*?c *?d < 0" by simp
  2.2332 +    from add_frac_eq[OF c d, of "- ?t" "- ?s"]
  2.2333 +    have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)" 
  2.2334 +      by (simp add: ring_simps)
  2.2335 +    have "?rhs \<longleftrightarrow> Ifm vs (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d) # bs) (Le (CNP 0 a r))" by (simp only: th)
  2.2336 +    also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r <= 0" 
  2.2337 +      by (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"])
  2.2338 +    also have "\<dots> \<longleftrightarrow> ((1 + 1) * ?c * ?d) * (?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r) <= 0"
  2.2339 +      
  2.2340 +      using dc' dc'' mult_le_cancel_left[of "(1 + 1) * ?c * ?d" "?a * (- (?d * ?t + ?c* ?s)/ ((1 + 1)*?c*?d)) + ?r" 0] by simp
  2.2341 +    also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )) + (1 + 1)*?c*?d*?r <= 0" 
  2.2342 +      using nonzero_mult_divide_cancel_left[of "(1 + 1)*?c*?d"] c d
  2.2343 +      by (simp add: ring_simps diff_divide_distrib del: left_distrib)
  2.2344 +    finally  have ?thesis using dc c d  nc nd dc'
  2.2345 +      apply (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"] msubstle_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm) 
  2.2346 +    apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2.2347 +    by (simp add: ring_simps order_less_not_sym[OF dc])}
  2.2348 +  moreover
  2.2349 +  {assume dc: "?c*?d < 0" 
  2.2350 +
  2.2351 +    from dc one_plus_one_pos[where ?'a='a] have dc': "(1 + 1)*?c *?d < 0"
  2.2352 +      by (simp add: mult_less_0_iff field_simps add_neg_neg add_pos_pos)
  2.2353 +    hence c:"?c \<noteq> 0" and d: "?d\<noteq> 0" by auto
  2.2354 +    from add_frac_eq[OF c d, of "- ?t" "- ?s"]
  2.2355 +    have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)" 
  2.2356 +      by (simp add: ring_simps)
  2.2357 +    have "?rhs \<longleftrightarrow> Ifm vs (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d) # bs) (Le (CNP 0 a r))" by (simp only: th)
  2.2358 +    also have "\<dots> \<longleftrightarrow> ?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r <= 0" 
  2.2359 +      by (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"])
  2.2360 +
  2.2361 +    also have "\<dots> \<longleftrightarrow> ((1 + 1) * ?c * ?d) * (?a * (- (?d * ?t + ?c* ?s )/ ((1 + 1)*?c*?d)) + ?r) >= 0"
  2.2362 +      
  2.2363 +      using dc' order_less_not_sym[OF dc'] mult_le_cancel_left[of "(1 + 1) * ?c * ?d" 0 "?a * (- (?d * ?t + ?c* ?s)/ ((1 + 1)*?c*?d)) + ?r"] by simp
  2.2364 +    also have "\<dots> \<longleftrightarrow> ?a * ((?d * ?t + ?c* ?s )) - (1 + 1)*?c*?d*?r <= 0" 
  2.2365 +      using nonzero_mult_divide_cancel_left[of "(1 + 1)*?c*?d"] c d
  2.2366 +      by (simp add: ring_simps diff_divide_distrib del: left_distrib)
  2.2367 +    finally  have ?thesis using dc c d  nc nd
  2.2368 +      apply (simp add: r[of "(- (?d * ?t) + - (?c *?s)) / ((1 + 1) * ?c * ?d)"] msubstle_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm) 
  2.2369 +      apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2.2370 +      by (simp add: ring_simps order_less_not_sym[OF dc]) }
  2.2371 +  moreover
  2.2372 +  {assume c: "?c > 0" and d: "?d=0"  
  2.2373 +    from c have c'': "(1 + 1)*?c > 0" by (simp add: zero_less_mult_iff)
  2.2374 +    from c have c': "(1 + 1)*?c \<noteq> 0" by simp
  2.2375 +    from d have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?t / ((1 + 1)*?c)"  by (simp add: ring_simps)
  2.2376 +    have "?rhs \<longleftrightarrow> Ifm vs (- ?t / ((1 + 1)*?c) # bs) (Le (CNP 0 a r))" by (simp only: th)
  2.2377 +    also have "\<dots> \<longleftrightarrow> ?a* (- ?t / ((1 + 1)*?c))+ ?r <= 0" by (simp add: r[of "- (?t / ((1 + 1)*?c))"])
  2.2378 +    also have "\<dots> \<longleftrightarrow> (1 + 1)*?c * (?a* (- ?t / ((1 + 1)*?c))+ ?r) <= 0"
  2.2379 +      using c mult_le_cancel_left[of "(1 + 1) * ?c" "?a* (- ?t / ((1 + 1)*?c))+ ?r" 0] c' c'' order_less_not_sym[OF c''] by simp
  2.2380 +    also have "\<dots> \<longleftrightarrow> - ?a*?t+  (1 + 1)*?c *?r <= 0" 
  2.2381 +      using nonzero_mult_divide_cancel_left[OF c'] c
  2.2382 +      by (simp add: ring_simps diff_divide_distrib less_le del: left_distrib)
  2.2383 +    finally have ?thesis using c d nc nd 
  2.2384 +      apply(simp add: r[of "- (?t / ((1 + 1)*?c))"] msubstle_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
  2.2385 +      apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2.2386 +      using c order_less_not_sym[OF c] less_imp_neq[OF c]
  2.2387 +      by (simp add: ring_simps )  }
  2.2388 +  moreover
  2.2389 +  {assume c: "?c < 0" and d: "?d=0"  hence c': "(1 + 1)*?c \<noteq> 0" by simp
  2.2390 +    from c have c'': "(1 + 1)*?c < 0" by (simp add: mult_less_0_iff)
  2.2391 +    from d have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?t / ((1 + 1)*?c)"  by (simp add: ring_simps)
  2.2392 +    have "?rhs \<longleftrightarrow> Ifm vs (- ?t / ((1 + 1)*?c) # bs) (Le (CNP 0 a r))" by (simp only: th)
  2.2393 +    also have "\<dots> \<longleftrightarrow> ?a* (- ?t / ((1 + 1)*?c))+ ?r <= 0" by (simp add: r[of "- (?t / ((1 + 1)*?c))"])
  2.2394 +    also have "\<dots> \<longleftrightarrow> (1 + 1)*?c * (?a* (- ?t / ((1 + 1)*?c))+ ?r) >= 0"
  2.2395 +      using c order_less_not_sym[OF c''] less_imp_neq[OF c''] c'' mult_le_cancel_left[of "(1 + 1) * ?c" 0 "?a* (- ?t / ((1 + 1)*?c))+ ?r"] by simp
  2.2396 +    also have "\<dots> \<longleftrightarrow> ?a*?t -  (1 + 1)*?c *?r <= 0" 
  2.2397 +      using nonzero_mult_divide_cancel_left[OF c'] c order_less_not_sym[OF c''] less_imp_neq[OF c''] c''
  2.2398 +	by (simp add: ring_simps diff_divide_distrib del:  left_distrib)
  2.2399 +    finally have ?thesis using c d nc nd 
  2.2400 +      apply(simp add: r[of "- (?t / ((1 + 1)*?c))"] msubstle_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
  2.2401 +      apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2.2402 +      using c order_less_not_sym[OF c] less_imp_neq[OF c]
  2.2403 +      by (simp add: ring_simps )    }
  2.2404 +  moreover
  2.2405 +  moreover
  2.2406 +  {assume c: "?c = 0" and d: "?d>0"  
  2.2407 +    from d have d'': "(1 + 1)*?d > 0" by (simp add: zero_less_mult_iff)
  2.2408 +    from d have d': "(1 + 1)*?d \<noteq> 0" by simp
  2.2409 +    from c have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?s / ((1 + 1)*?d)"  by (simp add: ring_simps)
  2.2410 +    have "?rhs \<longleftrightarrow> Ifm vs (- ?s / ((1 + 1)*?d) # bs) (Le (CNP 0 a r))" by (simp only: th)
  2.2411 +    also have "\<dots> \<longleftrightarrow> ?a* (- ?s / ((1 + 1)*?d))+ ?r <= 0" by (simp add: r[of "- (?s / ((1 + 1)*?d))"])
  2.2412 +    also have "\<dots> \<longleftrightarrow> (1 + 1)*?d * (?a* (- ?s / ((1 + 1)*?d))+ ?r) <= 0"
  2.2413 +      using d mult_le_cancel_left[of "(1 + 1) * ?d" "?a* (- ?s / ((1 + 1)*?d))+ ?r" 0] d' d'' order_less_not_sym[OF d''] by simp
  2.2414 +    also have "\<dots> \<longleftrightarrow> - ?a*?s+  (1 + 1)*?d *?r <= 0" 
  2.2415 +      using nonzero_mult_divide_cancel_left[OF d'] d
  2.2416 +      by (simp add: ring_simps diff_divide_distrib less_le del: left_distrib)
  2.2417 +    finally have ?thesis using c d nc nd 
  2.2418 +      apply(simp add: r[of "- (?s / ((1 + 1)*?d))"] msubstle_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
  2.2419 +      apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2.2420 +      using d order_less_not_sym[OF d] less_imp_neq[OF d]
  2.2421 +      by (simp add: ring_simps )  }
  2.2422 +  moreover
  2.2423 +  {assume c: "?c = 0" and d: "?d<0"  hence d': "(1 + 1)*?d \<noteq> 0" by simp
  2.2424 +    from d have d'': "(1 + 1)*?d < 0" by (simp add: mult_less_0_iff)
  2.2425 +    from c have th: "(- ?t / ?c + - ?s / ?d)/(1 + 1) = - ?s / ((1 + 1)*?d)"  by (simp add: ring_simps)
  2.2426 +    have "?rhs \<longleftrightarrow> Ifm vs (- ?s / ((1 + 1)*?d) # bs) (Le (CNP 0 a r))" by (simp only: th)
  2.2427 +    also have "\<dots> \<longleftrightarrow> ?a* (- ?s / ((1 + 1)*?d))+ ?r <= 0" by (simp add: r[of "- (?s / ((1 + 1)*?d))"])
  2.2428 +    also have "\<dots> \<longleftrightarrow> (1 + 1)*?d * (?a* (- ?s / ((1 + 1)*?d))+ ?r) >= 0"
  2.2429 +      using d order_less_not_sym[OF d''] less_imp_neq[OF d''] d'' mult_le_cancel_left[of "(1 + 1) * ?d" 0 "?a* (- ?s / ((1 + 1)*?d))+ ?r"] by simp
  2.2430 +    also have "\<dots> \<longleftrightarrow> ?a*?s -  (1 + 1)*?d *?r <= 0" 
  2.2431 +      using nonzero_mult_divide_cancel_left[OF d'] d order_less_not_sym[OF d''] less_imp_neq[OF d''] d''
  2.2432 +	by (simp add: ring_simps diff_divide_distrib del:  left_distrib)
  2.2433 +    finally have ?thesis using c d nc nd 
  2.2434 +      apply(simp add: r[of "- (?s / ((1 + 1)*?d))"] msubstle_def Let_def evaldjf_ex ring_simps lt polyneg_norm polymul_norm)
  2.2435 +      apply (simp only: one_add_one_is_two[symmetric] of_int_add)
  2.2436 +      using d order_less_not_sym[OF d] less_imp_neq[OF d]
  2.2437 +      by (simp add: ring_simps )    }
  2.2438 +ultimately show ?thesis by blast
  2.2439 +qed
  2.2440 +
  2.2441 +
  2.2442 +fun msubst :: "fm \<Rightarrow> (poly \<times> tm) \<times> (poly \<times> tm) \<Rightarrow> fm" where
  2.2443 +  "msubst (And p q) ((c,t), (d,s)) = conj (msubst p ((c,t),(d,s))) (msubst q ((c,t),(d,s)))"
  2.2444 +| "msubst (Or p q) ((c,t), (d,s)) = disj (msubst p ((c,t),(d,s))) (msubst q ((c,t), (d,s)))"
  2.2445 +| "msubst (Eq (CNP 0 a r)) ((c,t),(d,s)) = msubsteq c t d s a r"
  2.2446 +| "msubst (NEq (CNP 0 a r)) ((c,t),(d,s)) = msubstneq c t d s a r"
  2.2447 +| "msubst (Lt (CNP 0 a r)) ((c,t),(d,s)) = msubstlt c t d s a r"
  2.2448 +| "msubst (Le (CNP 0 a r)) ((c,t),(d,s)) = msubstle c t d s a r"
  2.2449 +| "msubst p ((c,t),(d,s)) = p"
  2.2450 +
  2.2451 +lemma msubst_I: assumes lp: "islin p" and nc: "isnpoly c" and nd: "isnpoly d"
  2.2452 +  shows "Ifm vs (x#bs) (msubst p ((c,t),(d,s))) = Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs c + - Itm vs (x#bs) s / Ipoly vs d) /(1 + 1))#bs) p"
  2.2453 +  using lp
  2.2454 +by (induct p rule: islin.induct, auto simp add: tmbound0_I[where b="(- (Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>) + - (Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>)) /(1 + 1)" and b'=x and bs = bs and vs=vs] bound0_I[where b="(- (Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>) + - (Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>)) /(1 + 1)" and b'=x and bs = bs and vs=vs] msubsteq msubstneq msubstlt[OF nc nd] msubstle[OF nc nd])
  2.2455 +
  2.2456 +lemma msubst_nb: assumes lp: "islin p" and t: "tmbound0 t" and s: "tmbound0 s"
  2.2457 +  shows "bound0 (msubst p ((c,t),(d,s)))"
  2.2458 +  using lp t s
  2.2459 +  by (induct p rule: islin.induct, auto simp add: msubsteq_nb msubstneq_nb msubstlt_nb msubstle_nb)
  2.2460 +
  2.2461 +lemma fr_eq_msubst: 
  2.2462 +  assumes lp: "islin p"
  2.2463 +  shows "(\<exists> x. Ifm vs (x#bs) p) = ((Ifm vs (x#bs) (minusinf p)) \<or> (Ifm vs (x#bs) (plusinf p)) \<or> (\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). Ifm vs (x#bs) (msubst p ((c,t),(d,s)))))"
  2.2464 +  (is "(\<exists> x. ?I x p) = (?M \<or> ?P \<or> ?F)" is "?E = ?D")
  2.2465 +proof-
  2.2466 +from uset_l[OF lp] have th: "\<forall>(c, s)\<in>set (uset p). isnpoly c \<and> tmbound0 s" by blast
  2.2467 +{fix c t d s assume ctU: "(c,t) \<in>set (uset p)" and dsU: "(d,s) \<in>set (uset p)" 
  2.2468 +  and pts: "Ifm vs ((- Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / (1+1) # bs) p"
  2.2469 +  from th[rule_format, OF ctU] th[rule_format, OF dsU] have norm:"isnpoly c" "isnpoly d" by simp_all
  2.2470 +  from msubst_I[OF lp norm, of vs x bs t s] pts
  2.2471 +  have "Ifm vs (x # bs) (msubst p ((c, t), d, s))" ..}
  2.2472 +moreover
  2.2473 +{fix c t d s assume ctU: "(c,t) \<in>set (uset p)" and dsU: "(d,s) \<in>set (uset p)" 
  2.2474 +  and pts: "Ifm vs (x # bs) (msubst p ((c, t), d, s))"
  2.2475 +  from th[rule_format, OF ctU] th[rule_format, OF dsU] have norm:"isnpoly c" "isnpoly d" by simp_all
  2.2476 +  from msubst_I[OF lp norm, of vs x bs t s] pts
  2.2477 +  have "Ifm vs ((- Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / (1+1) # bs) p" ..}
  2.2478 +ultimately have th': "(\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). Ifm vs ((- Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / (1+1) # bs) p) \<longleftrightarrow> ?F" by blast
  2.2479 +from fr_eq[OF lp, of vs bs x, simplified th'] show ?thesis .
  2.2480 +qed 
  2.2481 +
  2.2482 +text {* Rest of the implementation *}
  2.2483 +
  2.2484 +consts alluopairs:: "'a list \<Rightarrow> ('a \<times> 'a) list"
  2.2485 +primrec
  2.2486 +  "alluopairs [] = []"
  2.2487 +  "alluopairs (x#xs) = (map (Pair x) (x#xs))@(alluopairs xs)"
  2.2488 +
  2.2489 +lemma alluopairs_set1: "set (alluopairs xs) \<le> {(x,y). x\<in> set xs \<and> y\<in> set xs}"
  2.2490 +by (induct xs, auto)
  2.2491 +
  2.2492 +lemma alluopairs_set:
  2.2493 +  "\<lbrakk>x\<in> set xs ; y \<in> set xs\<rbrakk> \<Longrightarrow> (x,y) \<in> set (alluopairs xs) \<or> (y,x) \<in> set (alluopairs xs) "
  2.2494 +by (induct xs, auto)
  2.2495 +
  2.2496 +lemma alluopairs_ex:
  2.2497 +  assumes Pc: "\<forall> x \<in> set xs. \<forall>y\<in> set xs. P x y = P y x"
  2.2498 +  shows "(\<exists> x \<in> set xs. \<exists> y \<in> set xs. P x y) = (\<exists> (x,y) \<in> set (alluopairs xs). P x y)"
  2.2499 +proof
  2.2500 +  assume "\<exists>x\<in>set xs. \<exists>y\<in>set xs. P x y"
  2.2501 +  then obtain x y where x: "x \<in> set xs" and y:"y \<in> set xs" and P: "P x y"  by blast
  2.2502 +  from alluopairs_set[OF x y] P Pc x y show"\<exists>(x, y)\<in>set (alluopairs xs). P x y" 
  2.2503 +    by auto
  2.2504 +next
  2.2505 +  assume "\<exists>(x, y)\<in>set (alluopairs xs). P x y"
  2.2506 +  then obtain "x" and "y"  where xy:"(x,y) \<in> set (alluopairs xs)" and P: "P x y" by blast+
  2.2507 +  from xy have "x \<in> set xs \<and> y\<in> set xs" using alluopairs_set1 by blast
  2.2508 +  with P show "\<exists>x\<in>set xs. \<exists>y\<in>set xs. P x y" by blast
  2.2509 +qed
  2.2510 +
  2.2511 +lemma nth_pos2: "0 < n \<Longrightarrow> (x#xs) ! n = xs ! (n - 1)"
  2.2512 +using Nat.gr0_conv_Suc
  2.2513 +by clarsimp
  2.2514 +
  2.2515 +lemma filter_length: "length (List.filter P xs) < Suc (length xs)"
  2.2516 +  apply (induct xs, auto) done
  2.2517 +
  2.2518 +consts remdps:: "'a list \<Rightarrow> 'a list"
  2.2519 +
  2.2520 +recdef remdps "measure size"
  2.2521 +  "remdps [] = []"
  2.2522 +  "remdps (x#xs) = (x#(remdps (List.filter (\<lambda> y. y \<noteq> x) xs)))"
  2.2523 +(hints simp add: filter_length[rule_format])
  2.2524 +
  2.2525 +lemma remdps_set[simp]: "set (remdps xs) = set xs"
  2.2526 +  by (induct xs rule: remdps.induct, auto)
  2.2527 +
  2.2528 +lemma simpfm_lin:   assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})"
  2.2529 +  shows "qfree p \<Longrightarrow> islin (simpfm p)"
  2.2530 +  by (induct p rule: simpfm.induct, auto simp add: conj_lin disj_lin)
  2.2531 +
  2.2532 +definition 
  2.2533 +  "ferrack p \<equiv> let q = simpfm p ; mp = minusinf q ; pp = plusinf q
  2.2534 +  in if (mp = T \<or> pp = T) then T 
  2.2535 +     else (let U = alluopairs (remdps (uset  q))
  2.2536 +           in decr0 (disj mp (disj pp (evaldjf (simpfm o (msubst q)) U ))))"
  2.2537 +
  2.2538 +lemma ferrack: 
  2.2539 +  assumes qf: "qfree p"
  2.2540 +  shows "qfree (ferrack p) \<and> ((Ifm vs bs (ferrack p)) = (Ifm vs bs (E p)))"
  2.2541 +  (is "_ \<and> (?rhs = ?lhs)")
  2.2542 +proof-
  2.2543 +  let ?I = "\<lambda> x p. Ifm vs (x#bs) p"
  2.2544 +  let ?N = "\<lambda> t. Ipoly vs t"
  2.2545 +  let ?Nt = "\<lambda>x t. Itm vs (x#bs) t"
  2.2546 +  let ?q = "simpfm p" 
  2.2547 +  let ?U = "remdps(uset ?q)"
  2.2548 +  let ?Up = "alluopairs ?U"
  2.2549 +  let ?mp = "minusinf ?q"
  2.2550 +  let ?pp = "plusinf ?q"
  2.2551 +  let ?I = "\<lambda>p. Ifm vs (x#bs) p"
  2.2552 +  from simpfm_lin[OF qf] simpfm_qf[OF qf] have lq: "islin ?q" and q_qf: "qfree ?q" .
  2.2553 +  from minusinf_nb[OF lq] plusinf_nb[OF lq] have mp_nb: "bound0 ?mp" and pp_nb: "bound0 ?pp" .
  2.2554 +  from bound0_qf[OF mp_nb] bound0_qf[OF pp_nb] have mp_qf: "qfree ?mp" and pp_qf: "qfree ?pp" .
  2.2555 +  from uset_l[OF lq] have U_l: "\<forall>(c, s)\<in>set ?U. isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s"
  2.2556 +    by simp
  2.2557 +  {fix c t d s assume ctU: "(c,t) \<in> set ?U" and dsU: "(d,s) \<in> set ?U"
  2.2558 +    from U_l ctU dsU have norm: "isnpoly c" "isnpoly d" by auto
  2.2559 +    from msubst_I[OF lq norm, of vs x bs t s] msubst_I[OF lq norm(2,1), of vs x bs s t]
  2.2560 +    have "?I (msubst ?q ((c,t),(d,s))) = ?I (msubst ?q ((d,s),(c,t)))" by (simp add: ring_simps)}
  2.2561 +  hence th0: "\<forall>x \<in> set ?U. \<forall>y \<in> set ?U. ?I (msubst ?q (x, y)) \<longleftrightarrow> ?I (msubst ?q (y, x))" by clarsimp
  2.2562 +  {fix x assume xUp: "x \<in> set ?Up" 
  2.2563 +    then  obtain c t d s where ctU: "(c,t) \<in> set ?U" and dsU: "(d,s) \<in> set ?U" 
  2.2564 +      and x: "x = ((c,t),(d,s))" using alluopairs_set1[of ?U] by auto  
  2.2565 +    from U_l[rule_format, OF ctU] U_l[rule_format, OF dsU] 
  2.2566 +    have nbs: "tmbound0 t" "tmbound0 s" by simp_all
  2.2567 +    from simpfm_bound0[OF msubst_nb[OF lq nbs, of c d]] 
  2.2568 +    have "bound0 ((simpfm o (msubst (simpfm p))) x)" using x by simp}
  2.2569 +  with evaldjf_bound0[of ?Up "(simpfm o (msubst (simpfm p)))"]
  2.2570 +  have "bound0 (evaldjf (simpfm o (msubst (simpfm p))) ?Up)" by blast
  2.2571 +  with mp_nb pp_nb 
  2.2572 +  have th1: "bound0 (disj ?mp (disj ?pp (evaldjf (simpfm o (msubst ?q)) ?Up )))" by (simp add: disj_nb)
  2.2573 +  from decr0_qf[OF th1] have thqf: "qfree (ferrack p)" by (simp add: ferrack_def Let_def)
  2.2574 +  have "?lhs \<longleftrightarrow> (\<exists>x. Ifm vs (x#bs) ?q)" by simp
  2.2575 +  also have "\<dots> \<longleftrightarrow> ?I ?mp \<or> ?I ?pp \<or> (\<exists>(c, t)\<in>set ?U. \<exists>(d, s)\<in>set ?U. ?I (msubst (simpfm p) ((c, t), d, s)))" using fr_eq_msubst[OF lq, of vs bs x] by simp
  2.2576 +  also have "\<dots> \<longleftrightarrow> ?I ?mp \<or> ?I ?pp \<or> (\<exists> (x,y) \<in> set ?Up. ?I ((simpfm o (msubst ?q)) (x,y)))" using alluopairs_ex[OF th0] by simp
  2.2577 +  also have "\<dots> \<longleftrightarrow> ?I ?mp \<or> ?I ?pp \<or> ?I (evaldjf (simpfm o (msubst ?q)) ?Up)" 
  2.2578 +    by (simp add: evaldjf_ex)
  2.2579 +  also have "\<dots> \<longleftrightarrow> ?I (disj ?mp (disj ?pp (evaldjf (simpfm o (msubst ?q)) ?Up)))" by simp
  2.2580 +  also have "\<dots> \<longleftrightarrow> ?rhs" using decr0[OF th1, of vs x bs]
  2.2581 +    apply (simp add: ferrack_def Let_def)
  2.2582 +    by (cases "?mp = T \<or> ?pp = T", auto)
  2.2583 +  finally show ?thesis using thqf by blast
  2.2584 +qed
  2.2585 +
  2.2586 +definition "frpar p = simpfm (qelim p ferrack)"
  2.2587 +lemma frpar: "qfree (frpar p) \<and> (Ifm vs bs (frpar p) \<longleftrightarrow> Ifm vs bs p)"
  2.2588 +proof-
  2.2589 +  from ferrack have th: "\<forall>bs p. qfree p \<longrightarrow> qfree (ferrack p) \<and> Ifm vs bs (ferrack p) = Ifm vs bs (E p)" by blast
  2.2590 +  from qelim[OF th, of p bs] show ?thesis  unfolding frpar_def by auto
  2.2591 +qed
  2.2592 +
  2.2593 +declare polyadd.simps[code]
  2.2594 +lemma [simp,code]: "polyadd (CN c n p, CN c' n' p') = 
  2.2595 +    (if n < n' then CN (polyadd(c,CN c' n' p')) n p
  2.2596 +     else if n'<n then CN (polyadd(CN c n p, c')) n' p'
  2.2597 +     else (let cc' = polyadd (c,c') ; 
  2.2598 +               pp' = polyadd (p,p')
  2.2599 +           in (if pp' = 0\<^sub>p then cc' else CN cc' n pp')))"
  2.2600 +  by (simp add: Let_def stupid)
  2.2601 +
  2.2602 +
  2.2603 +
  2.2604 +(*
  2.2605 +lemmas [code func] = polysub_def
  2.2606 +lemmas [code func del] = Zero_nat_def
  2.2607 +code_gen  "frpar" in SML to FRParTest
  2.2608 +*)
  2.2609 +
  2.2610 +section{* Second implemenation: Case splits not local *}
  2.2611 +
  2.2612 +lemma fr_eq2:  assumes lp: "islin p"
  2.2613 +  shows "(\<exists> x. Ifm vs (x#bs) p) \<longleftrightarrow> 
  2.2614 +   ((Ifm vs (x#bs) (minusinf p)) \<or> (Ifm vs (x#bs) (plusinf p)) \<or> 
  2.2615 +    (Ifm vs (0#bs) p) \<or> 
  2.2616 +    (\<exists> (n,t) \<in> set (uset p). Ipoly vs n \<noteq> 0 \<and> Ifm vs ((- Itm vs (x#bs) t /  (Ipoly vs n * (1 + 1)))#bs) p) \<or> 
  2.2617 +    (\<exists> (n,t) \<in> set (uset p). \<exists> (m,s) \<in> set (uset p). Ipoly vs n \<noteq> 0 \<and> Ipoly vs m \<noteq> 0 \<and> Ifm vs (((- Itm vs (x#bs) t /  Ipoly vs n + - Itm vs (x#bs) s / Ipoly vs m) /(1 + 1))#bs) p))"
  2.2618 +  (is "(\<exists> x. ?I x p) = (?M \<or> ?P \<or> ?Z \<or> ?U \<or> ?F)" is "?E = ?D")
  2.2619 +proof
  2.2620 +  assume px: "\<exists> x. ?I x p"
  2.2621 +  have "?M \<or> ?P \<or> (\<not> ?M \<and> \<not> ?P)" by blast
  2.2622 +  moreover {assume "?M \<or> ?P" hence "?D" by blast}
  2.2623 +  moreover {assume nmi: "\<not> ?M" and npi: "\<not> ?P"
  2.2624 +    from inf_uset[OF lp nmi npi, OF px] 
  2.2625 +    obtain c t d s where ct: "(c,t) \<in> set (uset p)" "(d,s) \<in> set (uset p)" "?I ((- Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / ((1\<Colon>'a) + (1\<Colon>'a))) p"
  2.2626 +      by auto
  2.2627 +    let ?c = "\<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>"
  2.2628 +    let ?d = "\<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>"
  2.2629 +    let ?s = "Itm vs (x # bs) s"
  2.2630 +    let ?t = "Itm vs (x # bs) t"
  2.2631 +    have eq2: "\<And>(x::'a). x + x = (1 + 1) * x"
  2.2632 +      by  (simp add: ring_simps)
  2.2633 +    {assume "?c = 0 \<and> ?d = 0"
  2.2634 +      with ct have ?D by simp}
  2.2635 +    moreover
  2.2636 +    {assume z: "?c = 0" "?d \<noteq> 0"
  2.2637 +      from z have ?D using ct by auto}
  2.2638 +    moreover
  2.2639 +    {assume z: "?c \<noteq> 0" "?d = 0"
  2.2640 +      with ct have ?D by auto }
  2.2641 +    moreover
  2.2642 +    {assume z: "?c \<noteq> 0" "?d \<noteq> 0"
  2.2643 +      from z have ?F using ct
  2.2644 +	apply - apply (rule bexI[where x = "(c,t)"], simp_all)
  2.2645 +	by (rule bexI[where x = "(d,s)"], simp_all)
  2.2646 +      hence ?D by blast}
  2.2647 +    ultimately have ?D by auto}
  2.2648 +  ultimately show "?D" by blast
  2.2649 +next
  2.2650 +  assume "?D" 
  2.2651 +  moreover {assume m:"?M" from minusinf_ex[OF lp m] have "?E" .}
  2.2652 +  moreover {assume p: "?P" from plusinf_ex[OF lp p] have "?E" . }
  2.2653 +  moreover {assume f:"?F" hence "?E" by blast}
  2.2654 +  ultimately show "?E" by blast
  2.2655 +qed
  2.2656 +
  2.2657 +definition "msubsteq2 c t a b = Eq (Add (Mul a t) (Mul c b))"
  2.2658 +definition "msubstltpos c t a b = Lt (Add (Mul a t) (Mul c b))"
  2.2659 +definition "msubstlepos c t a b = Le (Add (Mul a t) (Mul c b))"
  2.2660 +definition "msubstltneg c t a b = Lt (Neg (Add (Mul a t) (Mul c b)))"
  2.2661 +definition "msubstleneg c t a b = Le (Neg (Add (Mul a t) (Mul c b)))"
  2.2662 +
  2.2663 +lemma msubsteq2: 
  2.2664 +  assumes nz: "Ipoly vs c \<noteq> 0" and l: "islin (Eq (CNP 0 a b))"
  2.2665 +  shows "Ifm vs (x#bs) (msubsteq2 c t a b) = Ifm vs (((Itm vs (x#bs) t /  Ipoly vs c ))#bs) (Eq (CNP 0 a b))" (is "?lhs = ?rhs")
  2.2666 +  using nz l tmbound0_I[of b vs x bs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" , symmetric]
  2.2667 +  by (simp add: msubsteq2_def field_simps)
  2.2668 +
  2.2669 +lemma msubstltpos: 
  2.2670 +  assumes nz: "Ipoly vs c > 0" and l: "islin (Lt (CNP 0 a b))"
  2.2671 +  shows "Ifm vs (x#bs) (msubstltpos c t a b) = Ifm vs (((Itm vs (x#bs) t /  Ipoly vs c ))#bs) (Lt (CNP 0 a b))" (is "?lhs = ?rhs")
  2.2672 +  using nz l tmbound0_I[of b vs x bs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" , symmetric]
  2.2673 +  by (simp add: msubstltpos_def field_simps)
  2.2674 +
  2.2675 +lemma msubstlepos: 
  2.2676 +  assumes nz: "Ipoly vs c > 0" and l: "islin (Le (CNP 0 a b))"
  2.2677 +  shows "Ifm vs (x#bs) (msubstlepos c t a b) = Ifm vs (((Itm vs (x#bs) t /  Ipoly vs c ))#bs) (Le (CNP 0 a b))" (is "?lhs = ?rhs")
  2.2678 +  using nz l tmbound0_I[of b vs x bs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" , symmetric]
  2.2679 +  by (simp add: msubstlepos_def field_simps)
  2.2680 +
  2.2681 +lemma msubstltneg: 
  2.2682 +  assumes nz: "Ipoly vs c < 0" and l: "islin (Lt (CNP 0 a b))"
  2.2683 +  shows "Ifm vs (x#bs) (msubstltneg c t a b) = Ifm vs (((Itm vs (x#bs) t /  Ipoly vs c ))#bs) (Lt (CNP 0 a b))" (is "?lhs = ?rhs")
  2.2684 +  using nz l tmbound0_I[of b vs x bs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" , symmetric]
  2.2685 +  by (simp add: msubstltneg_def field_simps del: minus_add_distrib)
  2.2686 +
  2.2687 +lemma msubstleneg: 
  2.2688 +  assumes nz: "Ipoly vs c < 0" and l: "islin (Le (CNP 0 a b))"
  2.2689 +  shows "Ifm vs (x#bs) (msubstleneg c t a b) = Ifm vs (((Itm vs (x#bs) t /  Ipoly vs c ))#bs) (Le (CNP 0 a b))" (is "?lhs = ?rhs")
  2.2690 +  using nz l tmbound0_I[of b vs x bs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" , symmetric]
  2.2691 +  by (simp add: msubstleneg_def field_simps del: minus_add_distrib)
  2.2692 +
  2.2693 +fun msubstpos :: "fm \<Rightarrow> poly \<Rightarrow> tm \<Rightarrow> fm" where
  2.2694 +  "msubstpos (And p q) c t = And (msubstpos p c t) (msubstpos q c t)"
  2.2695 +| "msubstpos (Or p q) c t = Or (msubstpos p c t) (msubstpos q c t)"
  2.2696 +| "msubstpos (Eq (CNP 0 a r)) c t = msubsteq2 c t a r"
  2.2697 +| "msubstpos (NEq (CNP 0 a r)) c t = NOT (msubsteq2 c t a r)"
  2.2698 +| "msubstpos (Lt (CNP 0 a r)) c t = msubstltpos c t a r"
  2.2699 +| "msubstpos (Le (CNP 0 a r)) c t = msubstlepos c t a r"
  2.2700 +| "msubstpos p c t = p"
  2.2701 +    
  2.2702 +lemma msubstpos_I: 
  2.2703 +  assumes lp: "islin p" and pos: "Ipoly vs c > 0"
  2.2704 +  shows "Ifm vs (x#bs) (msubstpos p c t) = Ifm vs (Itm vs (x#bs) t /  Ipoly vs c #bs) p"
  2.2705 +  using lp pos
  2.2706 +  by (induct p rule: islin.induct, auto simp add: msubsteq2 msubstltpos[OF pos] msubstlepos[OF pos] tmbound0_I[of _ vs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" bs x] bound0_I[of _ vs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" bs x] field_simps)
  2.2707 +
  2.2708 +fun msubstneg :: "fm \<Rightarrow> poly \<Rightarrow> tm \<Rightarrow> fm" where
  2.2709 +  "msubstneg (And p q) c t = And (msubstneg p c t) (msubstneg q c t)"
  2.2710 +| "msubstneg (Or p q) c t = Or (msubstneg p c t) (msubstneg q c t)"
  2.2711 +| "msubstneg (Eq (CNP 0 a r)) c t = msubsteq2 c t a r"
  2.2712 +| "msubstneg (NEq (CNP 0 a r)) c t = NOT (msubsteq2 c t a r)"
  2.2713 +| "msubstneg (Lt (CNP 0 a r)) c t = msubstltneg c t a r"
  2.2714 +| "msubstneg (Le (CNP 0 a r)) c t = msubstleneg c t a r"
  2.2715 +| "msubstneg p c t = p"
  2.2716 +
  2.2717 +lemma msubstneg_I: 
  2.2718 +  assumes lp: "islin p" and pos: "Ipoly vs c < 0"
  2.2719 +  shows "Ifm vs (x#bs) (msubstneg p c t) = Ifm vs (Itm vs (x#bs) t /  Ipoly vs c #bs) p"
  2.2720 +  using lp pos
  2.2721 +  by (induct p rule: islin.induct, auto simp add: msubsteq2 msubstltneg[OF pos] msubstleneg[OF pos] tmbound0_I[of _ vs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" bs x] bound0_I[of _ vs "Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup>" bs x] field_simps)
  2.2722 +
  2.2723 +
  2.2724 +definition "msubst2 p c t = disj (conj (lt (CP (polyneg c))) (simpfm (msubstpos p c t))) (conj (lt (CP c)) (simpfm (msubstneg p c t)))"
  2.2725 +
  2.2726 +lemma msubst2: assumes lp: "islin p" and nc: "isnpoly c" and nz: "Ipoly vs c \<noteq> 0"
  2.2727 +  shows "Ifm vs (x#bs) (msubst2 p c t) = Ifm vs (Itm vs (x#bs) t /  Ipoly vs c #bs) p"
  2.2728 +proof-
  2.2729 +  let ?c = "Ipoly vs c"
  2.2730 +  from nc have anc: "allpolys isnpoly (CP c)" "allpolys isnpoly (CP (~\<^sub>p c))" 
  2.2731 +    by (simp_all add: polyneg_norm)
  2.2732 +  from nz have "?c > 0 \<or> ?c < 0" by arith
  2.2733 +  moreover
  2.2734 +  {assume c: "?c < 0"
  2.2735 +    from c msubstneg_I[OF lp c, of x bs t] lt[OF anc(1), of vs "x#bs"] lt[OF anc(2), of vs "x#bs"]
  2.2736 +    have ?thesis by (auto simp add: msubst2_def)}
  2.2737 +  moreover
  2.2738 +  {assume c: "?c > 0"
  2.2739 +    from c msubstpos_I[OF lp c, of x bs t] lt[OF anc(1), of vs "x#bs"] lt[OF anc(2), of vs "x#bs"]
  2.2740 +    have ?thesis by (auto simp add: msubst2_def)}
  2.2741 +  ultimately show ?thesis by blast
  2.2742 +qed
  2.2743 +
  2.2744 +term msubsteq2
  2.2745 +lemma msubsteq2_nb: "tmbound0 t \<Longrightarrow> islin (Eq (CNP 0 a r)) \<Longrightarrow> bound0 (msubsteq2 c t a r)"
  2.2746 +  by (simp add: msubsteq2_def)
  2.2747 +
  2.2748 +lemma msubstltpos_nb: "tmbound0 t \<Longrightarrow> islin (Lt (CNP 0 a r)) \<Longrightarrow> bound0 (msubstltpos c t a r)"
  2.2749 +  by (simp add: msubstltpos_def)
  2.2750 +lemma msubstltneg_nb: "tmbound0 t \<Longrightarrow> islin (Lt (CNP 0 a r)) \<Longrightarrow> bound0 (msubstltneg c t a r)"
  2.2751 +  by (simp add: msubstltneg_def)
  2.2752 +
  2.2753 +lemma msubstlepos_nb: "tmbound0 t \<Longrightarrow> islin (Le (CNP 0 a r)) \<Longrightarrow> bound0 (msubstlepos c t a r)"
  2.2754 +  by (simp add: msubstlepos_def)
  2.2755 +lemma msubstleneg_nb: "tmbound0 t \<Longrightarrow> islin (Le (CNP 0 a r)) \<Longrightarrow> bound0 (msubstleneg c t a r)"
  2.2756 +  by (simp add: msubstleneg_def)
  2.2757 +
  2.2758 +lemma msubstpos_nb: assumes lp: "islin p" and tnb: "tmbound0 t"
  2.2759 +  shows "bound0 (msubstpos p c t)"
  2.2760 +using lp tnb
  2.2761 +by (induct p c t rule: msubstpos.induct, auto simp add: msubsteq2_nb msubstltpos_nb msubstlepos_nb)
  2.2762 +
  2.2763 +lemma msubstneg_nb: assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})" and lp: "islin p" and tnb: "tmbound0 t"
  2.2764 +  shows "bound0 (msubstneg p c t)"
  2.2765 +using lp tnb
  2.2766 +by (induct p c t rule: msubstneg.induct, auto simp add: msubsteq2_nb msubstltneg_nb msubstleneg_nb)
  2.2767 +
  2.2768 +lemma msubst2_nb: assumes "SORT_CONSTRAINT('a::{ring_char_0,division_by_zero,field})" and lp: "islin p" and tnb: "tmbound0 t"
  2.2769 +  shows "bound0 (msubst2 p c t)"
  2.2770 +using lp tnb
  2.2771 +by (simp add: msubst2_def msubstneg_nb msubstpos_nb conj_nb disj_nb lt_nb simpfm_bound0)
  2.2772 +    
  2.2773 +lemma of_int2: "of_int 2 = 1 + 1"
  2.2774 +proof-
  2.2775 +  have "(2::int) = 1 + 1" by simp
  2.2776 +  hence "of_int 2 = of_int (1 + 1)" by simp
  2.2777 +  thus ?thesis unfolding of_int_add by simp
  2.2778 +qed
  2.2779 +
  2.2780 +lemma of_int_minus2: "of_int (-2) = - (1 + 1)"
  2.2781 +proof-
  2.2782 +  have th: "(-2::int) = - 2" by simp
  2.2783 +  show ?thesis unfolding th by (simp only: of_int_minus of_int2)
  2.2784 +qed
  2.2785 +
  2.2786 +
  2.2787 +lemma islin_qf: "islin p \<Longrightarrow> qfree p"
  2.2788 +  by (induct p rule: islin.induct, auto simp add: bound0_qf)
  2.2789 +lemma fr_eq_msubst2: 
  2.2790 +  assumes lp: "islin p"
  2.2791 +  shows "(\<exists> x. Ifm vs (x#bs) p) \<longleftrightarrow> ((Ifm vs (x#bs) (minusinf p)) \<or> (Ifm vs (x#bs) (plusinf p)) \<or> Ifm vs (x#bs) (subst0 (CP 0\<^sub>p) p) \<or> (\<exists>(n, t)\<in>set (uset p). Ifm vs (x# bs) (msubst2 p (n *\<^sub>p (C (-2,1))) t)) \<or> (\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). Ifm vs (x#bs) (msubst2 p (C (-2, 1) *\<^sub>p c*\<^sub>p d) (Add (Mul d t) (Mul c s)))))"
  2.2792 +  (is "(\<exists> x. ?I x p) = (?M \<or> ?P \<or> ?Pz \<or> ?PU \<or> ?F)" is "?E = ?D")
  2.2793 +proof-
  2.2794 +  from uset_l[OF lp] have th: "\<forall>(c, s)\<in>set (uset p). isnpoly c \<and> tmbound0 s" by blast
  2.2795 +  let ?I = "\<lambda>p. Ifm vs (x#bs) p"
  2.2796 +  have n2: "isnpoly (C (-2,1))" by (simp add: isnpoly_def)
  2.2797 +  note eq0 = subst0[OF islin_qf[OF lp], of vs x bs "CP 0\<^sub>p", simplified]
  2.2798 +  
  2.2799 +  have eq1: "(\<exists>(n, t)\<in>set (uset p). ?I (msubst2 p (n *\<^sub>p (C (-2,1))) t)) \<longleftrightarrow> (\<exists>(n, t)\<in>set (uset p). \<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0 \<and> Ifm vs (- Itm vs (x # bs) t / (\<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> * (1 + 1)) # bs) p)"
  2.2800 +  proof-
  2.2801 +    {fix n t assume H: "(n, t)\<in>set (uset p)" "?I(msubst2 p (n *\<^sub>p C (-2, 1)) t)"
  2.2802 +      from H(1) th have "isnpoly n" by blast
  2.2803 +      hence nn: "isnpoly (n *\<^sub>p (C (-2,1)))" by (simp_all add: polymul_norm n2)
  2.2804 +      have nn': "allpolys isnpoly (CP (~\<^sub>p (n *\<^sub>p C (-2, 1))))"
  2.2805 +	by (simp add: polyneg_norm nn)
  2.2806 +      hence nn2: "\<lparr>n *\<^sub>p(C (-2,1)) \<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "\<lparr>n \<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" using H(2) nn' nn 
  2.2807 +	by (auto simp add: msubst2_def lt zero_less_mult_iff mult_less_0_iff)
  2.2808 +      from msubst2[OF lp nn nn2(1), of x bs t]
  2.2809 +      have "\<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0 \<and> Ifm vs (- Itm vs (x # bs) t / (\<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> * (1 + 1)) # bs) p"
  2.2810 +	using H(2) nn2 by (simp add: of_int_minus2 del: minus_add_distrib)}
  2.2811 +    moreover
  2.2812 +    {fix n t assume H: "(n, t)\<in>set (uset p)" "\<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "Ifm vs (- Itm vs (x # bs) t / (\<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> * (1 + 1)) # bs) p"
  2.2813 +      from H(1) th have "isnpoly n" by blast
  2.2814 +      hence nn: "isnpoly (n *\<^sub>p (C (-2,1)))" "\<lparr>n *\<^sub>p(C (-2,1)) \<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0"
  2.2815 +	using H(2) by (simp_all add: polymul_norm n2)
  2.2816 +      from msubst2[OF lp nn, of x bs t] have "?I (msubst2 p (n *\<^sub>p (C (-2,1))) t)" using H(2,3) by (simp add: of_int_minus2 del: minus_add_distrib)}
  2.2817 +    ultimately show ?thesis by blast
  2.2818 +  qed
  2.2819 +  have eq2: "(\<exists> (c,t) \<in> set (uset p). \<exists> (d,s) \<in> set (uset p). Ifm vs (x#bs) (msubst2 p (C (-2, 1) *\<^sub>p c*\<^sub>p d) (Add (Mul d t) (Mul c s)))) \<longleftrightarrow> (\<exists>(n, t)\<in>set (uset p).
  2.2820 +     \<exists>(m, s)\<in>set (uset p). \<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0 \<and> \<lparr>m\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0 \<and> Ifm vs ((- Itm vs (x # bs) t / \<lparr>n\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>m\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / (1 + 1) # bs) p)" 
  2.2821 +  proof-
  2.2822 +    {fix c t d s assume H: "(c,t) \<in> set (uset p)" "(d,s) \<in> set (uset p)" 
  2.2823 +     "Ifm vs (x#bs) (msubst2 p (C (-2, 1) *\<^sub>p c*\<^sub>p d) (Add (Mul d t) (Mul c s)))"
  2.2824 +      from H(1,2) th have "isnpoly c" "isnpoly d" by blast+
  2.2825 +      hence nn: "isnpoly (C (-2, 1) *\<^sub>p c*\<^sub>p d)" 
  2.2826 +	by (simp_all add: polymul_norm n2)
  2.2827 +      have stupid: "allpolys isnpoly (CP (~\<^sub>p (C (-2, 1) *\<^sub>p c *\<^sub>p d)))" "allpolys isnpoly (CP ((C (-2, 1) *\<^sub>p c *\<^sub>p d)))"
  2.2828 +	by (simp_all add: polyneg_norm nn)
  2.2829 +      have nn': "\<lparr>(C (-2, 1) *\<^sub>p c*\<^sub>p d)\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "\<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "\<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0"
  2.2830 +	using H(3) by (auto simp add: msubst2_def lt[OF stupid(1)]  lt[OF stupid(2)] zero_less_mult_iff mult_less_0_iff)
  2.2831 +      from msubst2[OF lp nn nn'(1), of x bs ] H(3) nn'
  2.2832 +      have "\<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0 \<and> \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0 \<and> Ifm vs ((- Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / (1 + 1) # bs) p" 
  2.2833 +	apply (simp add: add_divide_distrib of_int_minus2 del: minus_add_distrib)
  2.2834 +	by (simp add: mult_commute)}
  2.2835 +    moreover
  2.2836 +    {fix c t d s assume H: "(c,t) \<in> set (uset p)" "(d,s) \<in> set (uset p)" 
  2.2837 +      "\<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "\<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "Ifm vs ((- Itm vs (x # bs) t / \<lparr>c\<rparr>\<^sub>p\<^bsup>vs\<^esup> + - Itm vs (x # bs) s / \<lparr>d\<rparr>\<^sub>p\<^bsup>vs\<^esup>) / (1 + 1) # bs) p"
  2.2838 +     from H(1,2) th have "isnpoly c" "isnpoly d" by blast+
  2.2839 +      hence nn: "isnpoly (C (-2, 1) *\<^sub>p c*\<^sub>p d)" "\<lparr>(C (-2, 1) *\<^sub>p c*\<^sub>p d)\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0"
  2.2840 +	using H(3,4) by (simp_all add: polymul_norm n2)
  2.2841 +      from msubst2[OF lp nn, of x bs ] H(3,4,5) 
  2.2842 +      have "Ifm vs (x#bs) (msubst2 p (C (-2, 1) *\<^sub>p c*\<^sub>p d) (Add (Mul d t) (Mul c s)))" apply (simp add: add_divide_distrib of_int_minus2 del: minus_add_distrib)by (simp add: mult_commute)}
  2.2843 +    ultimately show ?thesis by blast
  2.2844 +  qed
  2.2845 +  from fr_eq2[OF lp, of vs bs x] show ?thesis
  2.2846 +    unfolding eq0 eq1 eq2 by blast  
  2.2847 +qed
  2.2848 +
  2.2849 +definition 
  2.2850 +"ferrack2 p \<equiv> let q = simpfm p ; mp = minusinf q ; pp = plusinf q
  2.2851 + in if (mp = T \<or> pp = T) then T 
  2.2852 +  else (let U = remdps (uset  q)
  2.2853 +    in decr0 (list_disj [mp, pp, simpfm (subst0 (CP 0\<^sub>p) q), evaldjf (\<lambda>(c,t). msubst2 q (c *\<^sub>p C (-2, 1)) t) U, 
  2.2854 +   evaldjf (\<lambda>((b,a),(d,c)). msubst2 q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))) (alluopairs U)]))"
  2.2855 +
  2.2856 +definition "frpar2 p = simpfm (qelim (prep p) ferrack2)"
  2.2857 +
  2.2858 +lemma ferrack2: assumes qf: "qfree p"
  2.2859 +  shows "qfree (ferrack2 p) \<and> ((Ifm vs bs (ferrack2 p)) = (Ifm vs bs (E p)))"
  2.2860 +  (is "_ \<and> (?rhs = ?lhs)")
  2.2861 +proof-
  2.2862 +  let ?J = "\<lambda> x p. Ifm vs (x#bs) p"
  2.2863 +  let ?N = "\<lambda> t. Ipoly vs t"
  2.2864 +  let ?Nt = "\<lambda>x t. Itm vs (x#bs) t"
  2.2865 +  let ?q = "simpfm p" 
  2.2866 +  let ?qz = "subst0 (CP 0\<^sub>p) ?q"
  2.2867 +  let ?U = "remdps(uset ?q)"
  2.2868 +  let ?Up = "alluopairs ?U"
  2.2869 +  let ?mp = "minusinf ?q"
  2.2870 +  let ?pp = "plusinf ?q"
  2.2871 +  let ?I = "\<lambda>p. Ifm vs (x#bs) p"
  2.2872 +  from simpfm_lin[OF qf] simpfm_qf[OF qf] have lq: "islin ?q" and q_qf: "qfree ?q" .
  2.2873 +  from minusinf_nb[OF lq] plusinf_nb[OF lq] have mp_nb: "bound0 ?mp" and pp_nb: "bound0 ?pp" .
  2.2874 +  from bound0_qf[OF mp_nb] bound0_qf[OF pp_nb] have mp_qf: "qfree ?mp" and pp_qf: "qfree ?pp" .
  2.2875 +  from uset_l[OF lq] have U_l: "\<forall>(c, s)\<in>set ?U. isnpoly c \<and> c \<noteq> 0\<^sub>p \<and> tmbound0 s \<and> allpolys isnpoly s"
  2.2876 +    by simp
  2.2877 +  have bnd0: "\<forall>x \<in> set ?U. bound0 ((\<lambda>(c,t). msubst2 ?q (c *\<^sub>p C (-2, 1)) t) x)" 
  2.2878 +  proof-
  2.2879 +    {fix c t assume ct: "(c,t) \<in> set ?U"
  2.2880 +      hence tnb: "tmbound0 t" using U_l by blast
  2.2881 +      from msubst2_nb[OF lq tnb]
  2.2882 +      have "bound0 ((\<lambda>(c,t). msubst2 ?q (c *\<^sub>p C (-2, 1)) t) (c,t))" by simp}
  2.2883 +    thus ?thesis by auto
  2.2884 +  qed
  2.2885 +  have bnd1: "\<forall>x \<in> set ?Up. bound0 ((\<lambda>((b,a),(d,c)). msubst2 ?q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))) x)" 
  2.2886 +  proof-
  2.2887 +    {fix b a d c assume badc: "((b,a),(d,c)) \<in> set ?Up"
  2.2888 +      from badc U_l alluopairs_set1[of ?U] 
  2.2889 +      have nb: "tmbound0 (Add (Mul d a) (Mul b c))" by auto
  2.2890 +      from msubst2_nb[OF lq nb] have "bound0 ((\<lambda>((b,a),(d,c)). msubst2 ?q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))) ((b,a),(d,c)))" by simp}
  2.2891 +    thus ?thesis by auto
  2.2892 +  qed
  2.2893 +  have stupid: "bound0 F" by simp
  2.2894 +  let ?R = "list_disj [?mp, ?pp, simpfm (subst0 (CP 0\<^sub>p) ?q), evaldjf (\<lambda>(c,t). msubst2 ?q (c *\<^sub>p C (-2, 1)) t) ?U, 
  2.2895 +   evaldjf (\<lambda>((b,a),(d,c)). msubst2 ?q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))) (alluopairs ?U)]"
  2.2896 +  from subst0_nb[of "CP 0\<^sub>p" ?q] q_qf evaldjf_bound0[OF bnd1] evaldjf_bound0[OF bnd0] mp_nb pp_nb stupid
  2.2897 +  have nb: "bound0 ?R "
  2.2898 +    by (simp add: list_disj_def disj_nb0 simpfm_bound0)
  2.2899 +  let ?s = "\<lambda>((b,a),(d,c)). msubst2 ?q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))"
  2.2900 +
  2.2901 +  {fix b a d c assume baU: "(b,a) \<in> set ?U" and dcU: "(d,c) \<in> set ?U"
  2.2902 +    from U_l baU dcU have norm: "isnpoly b" "isnpoly d" "isnpoly (C (-2, 1))" 
  2.2903 +      by auto (simp add: isnpoly_def)
  2.2904 +    have norm2: "isnpoly (C (-2, 1) *\<^sub>p b*\<^sub>p d)" "isnpoly (C (-2, 1) *\<^sub>p d*\<^sub>p b)"
  2.2905 +      using norm by (simp_all add: polymul_norm)
  2.2906 +    have stupid: "allpolys isnpoly (CP (C (-2, 1) *\<^sub>p b*\<^sub>p d))" "allpolys isnpoly (CP (C (-2, 1) *\<^sub>p d*\<^sub>p b))" "allpolys isnpoly (CP (~\<^sub>p(C (-2, 1) *\<^sub>p b*\<^sub>p d)))" "allpolys isnpoly (CP (~\<^sub>p(C (-2, 1) *\<^sub>p d*\<^sub>p b)))"
  2.2907 +      by (simp_all add: polyneg_norm norm2)
  2.2908 +    have "?I (msubst2 ?q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))) = ?I (msubst2 ?q (C (-2, 1) *\<^sub>p d*\<^sub>p b) (Add (Mul b c) (Mul d a)))" (is "?lhs \<longleftrightarrow> ?rhs")
  2.2909 +    proof
  2.2910 +      assume H: ?lhs
  2.2911 +      hence z: "\<lparr>C (-2, 1) *\<^sub>p b *\<^sub>p d\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "\<lparr>C (-2, 1) *\<^sub>p d *\<^sub>p b\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" 
  2.2912 +	by (auto simp add: msubst2_def lt[OF stupid(3)] lt[OF stupid(1)] mult_less_0_iff zero_less_mult_iff)
  2.2913 +      from msubst2[OF lq norm2(1) z(1), of x bs] 
  2.2914 +	msubst2[OF lq norm2(2) z(2), of x bs] H 
  2.2915 +      show ?rhs by (simp add: ring_simps)
  2.2916 +    next
  2.2917 +      assume H: ?rhs
  2.2918 +      hence z: "\<lparr>C (-2, 1) *\<^sub>p b *\<^sub>p d\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" "\<lparr>C (-2, 1) *\<^sub>p d *\<^sub>p b\<rparr>\<^sub>p\<^bsup>vs\<^esup> \<noteq> 0" 
  2.2919 +	by (auto simp add: msubst2_def lt[OF stupid(4)] lt[OF stupid(2)] mult_less_0_iff zero_less_mult_iff)
  2.2920 +      from msubst2[OF lq norm2(1) z(1), of x bs] 
  2.2921 +	msubst2[OF lq norm2(2) z(2), of x bs] H 
  2.2922 +      show ?lhs by (simp add: ring_simps)
  2.2923 +    qed}
  2.2924 +  hence th0: "\<forall>x \<in> set ?U. \<forall>y \<in> set ?U. ?I (?s (x, y)) \<longleftrightarrow> ?I (?s (y, x))"
  2.2925 +    by clarsimp
  2.2926 +
  2.2927 +  have "?lhs \<longleftrightarrow> (\<exists>x. Ifm vs (x#bs) ?q)" by simp
  2.2928 +  also have "\<dots> \<longleftrightarrow> ?I ?mp \<or> ?I ?pp \<or> ?I (subst0 (CP 0\<^sub>p) ?q) \<or> (\<exists>(n,t) \<in> set ?U. ?I (msubst2 ?q (n *\<^sub>p C (-2, 1)) t)) \<or> (\<exists>(b, a)\<in>set ?U. \<exists>(d, c)\<in>set ?U. ?I (msubst2 ?q (C (-2, 1) *\<^sub>p b*\<^sub>p d) (Add (Mul d a) (Mul b c))))"
  2.2929 +    using fr_eq_msubst2[OF lq, of vs bs x] by simp
  2.2930 +  also have "\<dots> \<longleftrightarrow> ?I ?mp \<or> ?I ?pp \<or> ?I (subst0 (CP 0\<^sub>p) ?q) \<or> (\<exists>(n,t) \<in> set ?U. ?I (msubst2 ?q (n *\<^sub>p C (-2, 1)) t)) \<or> (\<exists> x\<in>set ?U. \<exists> y \<in>set ?U. ?I (?s (x,y)))"
  2.2931 +    by (simp add: split_def)
  2.2932 +  also have "\<dots> \<longleftrightarrow> ?I ?mp \<or> ?I ?pp \<or> ?I (subst0 (CP 0\<^sub>p) ?q) \<or> (\<exists>(n,t) \<in> set ?U. ?I (msubst2 ?q (n *\<^sub>p C (-2, 1)) t)) \<or> (\<exists> (x,y) \<in> set ?Up. ?I (?s (x,y)))"
  2.2933 +    using alluopairs_ex[OF th0] by simp 
  2.2934 +  also have "\<dots> \<longleftrightarrow> ?I ?R" 
  2.2935 +    by (simp add: list_disj_def evaldjf_ex split_def)
  2.2936 +  also have "\<dots> \<longleftrightarrow> ?rhs"
  2.2937 +    unfolding ferrack2_def
  2.2938 +    apply (cases "?mp = T") 
  2.2939 +    apply (simp add: list_disj_def)
  2.2940 +    apply (cases "?pp = T") 
  2.2941 +    apply (simp add: list_disj_def)
  2.2942 +    by (simp_all add: Let_def decr0[OF nb])
  2.2943 +  finally show ?thesis using decr0_qf[OF nb]  
  2.2944 +    by (simp  add: ferrack2_def Let_def)
  2.2945 +qed
  2.2946 +
  2.2947 +lemma frpar2: "qfree (frpar2 p) \<and> (Ifm vs bs (frpar2 p) \<longleftrightarrow> Ifm vs bs p)"
  2.2948 +proof-
  2.2949 +  from ferrack2 have th: "\<forall>bs p. qfree p \<longrightarrow> qfree (ferrack2 p) \<and> Ifm vs bs (ferrack2 p) = Ifm vs bs (E p)" by blast
  2.2950 +  from qelim[OF th, of "prep p" bs] 
  2.2951 +show ?thesis  unfolding frpar2_def by (auto simp add: prep)
  2.2952 +qed
  2.2953 +
  2.2954 +code_module FRPar
  2.2955 +  contains 
  2.2956 +  frpar = "frpar"
  2.2957 +  frpar2 = "frpar2"
  2.2958 +  test = "%x . frpar (E(Lt (Mul 1\<^sub>p (Bound 0))))"
  2.2959 +
  2.2960 +ML{* 
  2.2961 +
  2.2962 +structure ReflectedFRPar = 
  2.2963 +struct
  2.2964 +
  2.2965 +val bT = HOLogic.boolT;
  2.2966 +fun num rT x = HOLogic.mk_number rT x;
  2.2967 +fun rrelT rT = [rT,rT] ---> rT;
  2.2968 +fun rrT rT = [rT, rT] ---> bT;
  2.2969 +fun divt rT = Const(@{const_name "HOL.divide"},rrelT rT);
  2.2970 +fun timest rT = Const(@{const_name "HOL.times"},rrelT rT);
  2.2971 +fun plust rT = Const(@{const_name "HOL.plus"},rrelT rT);
  2.2972 +fun minust rT = Const(@{const_name "HOL.minus"},rrelT rT);
  2.2973 +fun uminust rT = Const(@{const_name "HOL.uminus"}, rT --> rT);
  2.2974 +fun powt rT = Const(@{const_name "power"}, [rT,@{typ "nat"}] ---> rT);
  2.2975 +val brT = [bT, bT] ---> bT;
  2.2976 +val nott = @{term "Not"};
  2.2977 +val conjt = @{term "op &"};
  2.2978 +val disjt = @{term "op |"};
  2.2979 +val impt = @{term "op -->"};
  2.2980 +val ifft = @{term "op = :: bool => _"}
  2.2981 +fun llt rT = Const(@{const_name "HOL.less"},rrT rT);
  2.2982 +fun lle rT = Const(@{const_name "HOL.less"},rrT rT);
  2.2983 +fun eqt rT = Const("op =",rrT rT);
  2.2984 +fun rz rT = Const(@{const_name "HOL.zero"},rT);
  2.2985 +
  2.2986 +fun dest_nat t = case t of
  2.2987 +  Const ("Suc",_)$t' => 1 + dest_nat t'
  2.2988 +| _ => (snd o HOLogic.dest_number) t;
  2.2989 +
  2.2990 +fun num_of_term m t = 
  2.2991 + case t of
  2.2992 +   Const(@{const_name "uminus"},_)$t => FRPar.Neg (num_of_term m t)
  2.2993 + | Const(@{const_name "HOL.plus"},_)$a$b => FRPar.Add (num_of_term m a, num_of_term m b)
  2.2994 + | Const(@{const_name "HOL.minus"},_)$a$b => FRPar.Sub (num_of_term m a, num_of_term m b)
  2.2995 + | Const(@{const_name "HOL.times"},_)$a$b => FRPar.Mul (num_of_term m a, num_of_term m b)
  2.2996 + | Const(@{const_name "power"},_)$a$n => FRPar.Pw (num_of_term m a, dest_nat n)
  2.2997 + | Const(@{const_name "HOL.divide"},_)$a$b => FRPar.C (HOLogic.dest_number a |> snd, HOLogic.dest_number b |> snd)
  2.2998 + | _ => (FRPar.C (HOLogic.dest_number t |> snd,1) 
  2.2999 +         handle TERM _ => FRPar.Bound (AList.lookup (op aconv) m t |> valOf));
  2.3000 +
  2.3001 +fun tm_of_term m m' t = 
  2.3002 + case t of
  2.3003 +   Const(@{const_name "uminus"},_)$t => FRPar.tm_Neg (tm_of_term m m' t)
  2.3004 + | Const(@{const_name "HOL.plus"},_)$a$b => FRPar.tm_Add (tm_of_term m m' a, tm_of_term m m' b)
  2.3005 + | Const(@{const_name "HOL.minus"},_)$a$b => FRPar.tm_Sub (tm_of_term m m' a, tm_of_term m m' b)
  2.3006 + | Const(@{const_name "HOL.times"},_)$a$b => FRPar.tm_Mul (num_of_term m' a, tm_of_term m m' b)
  2.3007 + | _ => (FRPar.CP (num_of_term m' t) 
  2.3008 +         handle TERM _ => FRPar.tm_Bound (AList.lookup (op aconv) m t |> valOf)
  2.3009 +              | Option => FRPar.tm_Bound (AList.lookup (op aconv) m t |> valOf));
  2.3010 +
  2.3011 +fun term_of_num T m t = 
  2.3012 + case t of
  2.3013 +  FRPar.C (a,b) => (if b = 1 then num T a else if b=0 then (rz T) 
  2.3014 +                                        else (divt T) $ num T a $ num T b)
  2.3015 +| FRPar.Bound i => AList.lookup (op = : int*int -> bool) m i |> valOf
  2.3016 +| FRPar.Add(a,b) => (plust T)$(term_of_num T m a)$(term_of_num T m b)
  2.3017 +| FRPar.Mul(a,b) => (timest T)$(term_of_num T m a)$(term_of_num T m b)
  2.3018 +| FRPar.Sub(a,b) => (minust T)$(term_of_num T m a)$(term_of_num T m b)
  2.3019 +| FRPar.Neg a => (uminust T)$(term_of_num T m a)
  2.3020 +| FRPar.Pw(a,n) => (powt T)$(term_of_num T m t)$(HOLogic.mk_number HOLogic.natT n)
  2.3021 +| FRPar.CN(c,n,p) => term_of_num T m (FRPar.Add(c,FRPar.Mul(FRPar.Bound n, p)))
  2.3022 +| _ => error "term_of_num: Unknown term";
  2.3023 +
  2.3024 +fun term_of_tm T m m' t = 
  2.3025 + case t of
  2.3026 +  FRPar.CP p => term_of_num T m' p
  2.3027 +| FRPar.tm_Bound i => AList.lookup (op = : int*int -> bool) m i |> valOf
  2.3028 +| FRPar.tm_Add(a,b) => (plust T)$(term_of_tm T m m' a)$(term_of_tm T m m' b)
  2.3029 +| FRPar.tm_Mul(a,b) => (timest T)$(term_of_num T m' a)$(term_of_tm T m m' b)
  2.3030 +| FRPar.tm_Sub(a,b) => (minust T)$(term_of_tm T m m' a)$(term_of_tm T m m' b)
  2.3031 +| FRPar.tm_Neg a => (uminust T)$(term_of_tm T m m' a)
  2.3032 +| FRPar.CNP(n,c,p) => term_of_tm T m m' (FRPar.tm_Add(FRPar.tm_Mul(c, FRPar.tm_Bound n), p))
  2.3033 +| _ => error "term_of_tm: Unknown term";
  2.3034 +
  2.3035 +fun fm_of_term m m' fm = 
  2.3036 + case fm of
  2.3037 +    Const("True",_) => FRPar.T
  2.3038 +  | Const("False",_) => FRPar.F
  2.3039 +  | Const("Not",_)$p => FRPar.NOT (fm_of_term m m' p)
  2.3040 +  | Const("op &",_)$p$q => FRPar.And(fm_of_term m m' p, fm_of_term m m' q)
  2.3041 +  | Const("op |",_)$p$q => FRPar.Or(fm_of_term m m' p, fm_of_term m m' q)
  2.3042 +  | Const("op -->",_)$p$q => FRPar.Imp(fm_of_term m m' p, fm_of_term m m' q)
  2.3043 +  | Const("op =",ty)$p$q => 
  2.3044 +       if domain_type ty = bT then FRPar.Iff(fm_of_term m m' p, fm_of_term m m' q)
  2.3045 +       else FRPar.Eq (FRPar.tm_Sub(tm_of_term m m' p, tm_of_term m m' q))
  2.3046 +  | Const(@{const_name "HOL.less"},_)$p$q => 
  2.3047 +        FRPar.Lt (FRPar.tm_Sub(tm_of_term m m' p, tm_of_term m m' q))
  2.3048 +  | Const(@{const_name "HOL.less_eq"},_)$p$q => 
  2.3049 +        FRPar.Le (FRPar.tm_Sub(tm_of_term m m' p, tm_of_term m m' q))
  2.3050 +  | Const("Ex",_)$Abs(xn,xT,p) => 
  2.3051 +     let val (xn', p') =  variant_abs (xn,xT,p)
  2.3052 +         val x = Free(xn',xT)
  2.3053 +         fun incr i = i + 1
  2.3054 +         val m0 = (x,0):: (map (apsnd incr) m)
  2.3055 +      in FRPar.E (fm_of_term m0 m' p') end
  2.3056 +  | Const("All",_)$Abs(xn,xT,p) => 
  2.3057 +     let val (xn', p') =  variant_abs (xn,xT,p)
  2.3058 +         val x = Free(xn',xT)
  2.3059 +         fun incr i = i + 1
  2.3060 +         val m0 = (x,0):: (map (apsnd incr) m)
  2.3061 +      in FRPar.A (fm_of_term m0 m' p') end
  2.3062 +  | _ => error "fm_of_term";
  2.3063 +
  2.3064 +
  2.3065 +fun term_of_fm T m m' t = 
  2.3066 +  case t of
  2.3067 +    FRPar.T => Const("True",bT)
  2.3068 +  | FRPar.F => Const("False",bT)
  2.3069 +  | FRPar.NOT p => nott $ (term_of_fm T m m' p)
  2.3070 +  | FRPar.And (p,q) => conjt $ (term_of_fm T m m' p) $ (term_of_fm T m m' q)
  2.3071 +  | FRPar.Or (p,q) => disjt $ (term_of_fm T m m' p) $ (term_of_fm T m m' q)
  2.3072 +  | FRPar.Imp (p,q) => impt $ (term_of_fm T m m' p) $ (term_of_fm T m m' q)
  2.3073 +  | FRPar.Iff (p,q) => ifft $ (term_of_fm T m m' p) $ (term_of_fm T m m' q)
  2.3074 +  | FRPar.Lt p => (llt T) $ (term_of_tm T m m' p) $ (rz T)
  2.3075 +  | FRPar.Le p => (lle T) $ (term_of_tm T m m' p) $ (rz T)
  2.3076 +  | FRPar.Eq p => (eqt T) $ (term_of_tm T m m' p) $ (rz T)
  2.3077 +  | FRPar.NEq p => nott $ ((eqt T) $ (term_of_tm T m m' p) $ (rz T))
  2.3078 +  | _ => error "term_of_fm: quantifiers!!!!???";
  2.3079 +
  2.3080 +fun frpar_oracle (T,m, m', fm) = 
  2.3081 + let 
  2.3082 +   val t = HOLogic.dest_Trueprop fm
  2.3083 +   val im = 0 upto (length m - 1)
  2.3084 +   val im' = 0 upto (length m' - 1)   
  2.3085 + in HOLogic.mk_Trueprop (HOLogic.mk_eq(t, term_of_fm T (im ~~ m) (im' ~~ m')  
  2.3086 +                                                     (FRPar.frpar (fm_of_term (m ~~ im) (m' ~~ im') t))))
  2.3087 + end;
  2.3088 +
  2.3089 +fun frpar_oracle2 (T,m, m', fm) = 
  2.3090 + let 
  2.3091 +   val t = HOLogic.dest_Trueprop fm
  2.3092 +   val im = 0 upto (length m - 1)
  2.3093 +   val im' = 0 upto (length m' - 1)   
  2.3094 + in HOLogic.mk_Trueprop (HOLogic.mk_eq(t, term_of_fm T (im ~~ m) (im' ~~ m')  
  2.3095 +                                                     (FRPar.frpar2 (fm_of_term (m ~~ im) (m' ~~ im') t))))
  2.3096 + end;
  2.3097 +
  2.3098 +end;
  2.3099 +
  2.3100 +
  2.3101 +*}
  2.3102 +
  2.3103 +oracle frpar_oracle = {* fn (ty, ts, ts', ct) => 
  2.3104 + let 
  2.3105 +  val thy = Thm.theory_of_cterm ct
  2.3106 + in cterm_of thy (ReflectedFRPar.frpar_oracle (ty,ts, ts', term_of ct))
  2.3107 + end *}
  2.3108 +
  2.3109 +oracle frpar_oracle2 = {* fn (ty, ts, ts', ct) => 
  2.3110 + let 
  2.3111 +  val thy = Thm.theory_of_cterm ct
  2.3112 + in cterm_of thy (ReflectedFRPar.frpar_oracle2 (ty,ts, ts', term_of ct))
  2.3113 + end *}
  2.3114 +
  2.3115 +ML{* 
  2.3116 +structure FRParTac = 
  2.3117 +struct
  2.3118 +
  2.3119 +fun frpar_tac T ps ctxt i = 
  2.3120 + (ObjectLogic.full_atomize_tac i) 
  2.3121 + THEN (fn st =>
  2.3122 +  let
  2.3123 +    val g = List.nth (cprems_of st, i - 1)
  2.3124 +    val thy = ProofContext.theory_of ctxt
  2.3125 +    val fs = subtract (op aconv) (map Free (Term.add_frees (term_of g) [])) ps
  2.3126 +    val th = frpar_oracle (T, fs,ps, (* Pattern.eta_long [] *)g)
  2.3127 +  in rtac (th RS iffD2) i st end);
  2.3128 +
  2.3129 +fun frpar2_tac T ps ctxt i = 
  2.3130 + (ObjectLogic.full_atomize_tac i) 
  2.3131 + THEN (fn st =>
  2.3132 +  let
  2.3133 +    val g = List.nth (cprems_of st, i - 1)
  2.3134 +    val thy = ProofContext.theory_of ctxt
  2.3135 +    val fs = subtract (op aconv) (map Free (Term.add_frees (term_of g) [])) ps
  2.3136 +    val th = frpar_oracle2 (T, fs,ps, (* Pattern.eta_long [] *)g)
  2.3137 +  in rtac (th RS iffD2) i st end);
  2.3138 +
  2.3139 +end;
  2.3140 +
  2.3141 +*}
  2.3142 +
  2.3143 +method_setup frpar = {*
  2.3144 +let
  2.3145 + fun keyword k = Scan.lift (Args.$$$ k -- Args.colon) >> K ()
  2.3146 + fun simple_keyword k = Scan.lift (Args.$$$ k) >> K ()
  2.3147 + val parsN = "pars"
  2.3148 + val typN = "type"
  2.3149 + val any_keyword = keyword parsN || keyword typN
  2.3150 + val thms = Scan.repeat (Scan.unless any_keyword Attrib.multi_thm) >> flat
  2.3151 + val cterms = thms >> map Drule.dest_term;
  2.3152 + val terms = Scan.repeat (Scan.unless any_keyword Args.term)
  2.3153 + val typ = Scan.unless any_keyword Args.typ
  2.3154 +in
  2.3155 + (keyword typN |-- typ) -- (keyword parsN |-- terms) >>
  2.3156 +  (fn (T,ps) => fn ctxt => SIMPLE_METHOD' (FRParTac.frpar_tac T ps ctxt))
  2.3157 +end
  2.3158 +*} "Parametric QE for linear Arithmetic over fields, Version 1"
  2.3159 +
  2.3160 +method_setup frpar2 = {*
  2.3161 +let
  2.3162 + fun keyword k = Scan.lift (Args.$$$ k -- Args.colon) >> K ()
  2.3163 + fun simple_keyword k = Scan.lift (Args.$$$ k) >> K ()
  2.3164 + val parsN = "pars"
  2.3165 + val typN = "type"
  2.3166 + val any_keyword = keyword parsN || keyword typN
  2.3167 + val thms = Scan.repeat (Scan.unless any_keyword Attrib.multi_thm) >> flat
  2.3168 + val cterms = thms >> map Drule.dest_term;
  2.3169 + val terms = Scan.repeat (Scan.unless any_keyword Args.term)
  2.3170 + val typ = Scan.unless any_keyword Args.typ
  2.3171 +in
  2.3172 + (keyword typN |-- typ) -- (keyword parsN |-- terms) >>
  2.3173 +  (fn (T,ps) => fn ctxt => SIMPLE_METHOD' (FRParTac.frpar2_tac T ps ctxt))
  2.3174 +end
  2.3175 +*} "Parametric QE for linear Arithmetic over fields, Version 2"
  2.3176 +
  2.3177 +
  2.3178 +lemma "\<exists>(x::'a::{division_by_zero,ordered_field,number_ring}). y \<noteq> -1 \<longrightarrow> (y + 1)*x < 0"
  2.3179 +  apply (frpar type: "'a::{division_by_zero,ordered_field,number_ring}" pars: "y::'a::{division_by_zero,ordered_field,number_ring}")
  2.3180 +  apply (simp add: ring_simps)
  2.3181 +  apply (rule spec[where x=y])
  2.3182 +  apply (frpar type: "'a::{division_by_zero,ordered_field,number_ring}" pars: "z::'a::{division_by_zero,ordered_field,number_ring}")
  2.3183 +  by simp
  2.3184 +
  2.3185 +text{* Collins/Jones Problem *}
  2.3186 +(*
  2.3187 +lemma "\<exists>(r::'a::{division_by_zero,ordered_field,number_ring}). 0 < r \<and> r < 1 \<and> 0 < (2 - 3*r) *(a^2 + b^2) + (2*a)*r \<and> (2 - 3*r) *(a^2 + b^2) + 4*a*r - 2*a - r < 0"
  2.3188 +proof-
  2.3189 +  have "(\<exists>(r::'a::{division_by_zero,ordered_field,number_ring}). 0 < r \<and> r < 1 \<and> 0 < (2 - 3*r) *(a^2 + b^2) + (2*a)*r \<and> (2 - 3*r) *(a^2 + b^2) + 4*a*r - 2*a - r < 0) \<longleftrightarrow> (\<exists>(r::'a::{division_by_zero,ordered_field,number_ring}). 0 < r \<and> r < 1 \<and> 0 < 2 *(a^2 + b^2) - (3*(a^2 + b^2)) * r + (2*a)*r \<and> 2*(a^2 + b^2) - (3*(a^2 + b^2) - 4*a + 1)*r - 2*a < 0)" (is "?lhs \<longleftrightarrow> ?rhs")
  2.3190 +by (simp add: ring_simps)
  2.3191 +have "?rhs"
  2.3192 +
  2.3193 +  apply (frpar type: "'a::{division_by_zero,ordered_field,number_ring}" pars: "a::'a::{division_by_zero,ordered_field,number_ring}" "b::'a::{division_by_zero,ordered_field,number_ring}")
  2.3194 +  apply (simp add: ring_simps)
  2.3195 +oops
  2.3196 +*)
  2.3197 +(*
  2.3198 +lemma "ALL (x::'a::{division_by_zero,ordered_field,number_ring}) y. (1 - t)*x \<le> (1+t)*y \<and> (1 - t)*y \<le> (1+t)*x --> 0 \<le> y"
  2.3199 +apply (frpar type: "'a::{division_by_zero,ordered_field,number_ring}" pars: "t::'a::{division_by_zero,ordered_field,number_ring}")
  2.3200 +oops
  2.3201 +*)
  2.3202 +
  2.3203 +lemma "\<exists>(x::'a::{division_by_zero,ordered_field,number_ring}). y \<noteq> -1 \<longrightarrow> (y + 1)*x < 0"
  2.3204 +  apply (frpar2 type: "'a::{division_by_zero,ordered_field,number_ring}" pars: "y::'a::{division_by_zero,ordered_field,number_ring}")
  2.3205 +  apply (simp add: ring_simps)
  2.3206 +  apply (rule spec[where x=y])
  2.3207 +  apply (frpar2 type: "'a::{division_by_zero,ordered_field,number_ring}" pars: "z::'a::{division_by_zero,ordered_field,number_ring}")
  2.3208 +  by simp
  2.3209 +
  2.3210 +text{* Collins/Jones Problem *}
  2.3211 +
  2.3212 +(*
  2.3213 +lemma "\<exists>(r::'a::{division_by_zero,ordered_field,number_ring}). 0 < r \<and> r < 1 \<and> 0 < (2 - 3*r) *(a^2 + b^2) + (2*a)*r \<and> (2 - 3*r) *(a^2 + b^2) + 4*a*r - 2*a - r < 0"
  2.3214 +proof-
  2.3215 +  have "(\<exists>(r::'a::{division_by_zero,ordered_field,number_ring}). 0 < r \<and> r < 1 \<and> 0 < (2 - 3*r) *(a^2 + b^2) + (2*a)*r \<and> (2 - 3*r) *(a^2 + b^2) + 4*a*r - 2*a - r < 0) \<longleftrightarrow> (\<exists>(r::'a::{division_by_zero,ordered_field,number_ring}). 0 < r \<and> r < 1 \<and> 0 < 2 *(a^2 + b^2) - (3*(a^2 + b^2)) * r + (2*a)*r \<and> 2*(a^2 + b^2) - (3*(a^2 + b^2) - 4*a + 1)*r - 2*a < 0)" (is "?lhs \<longleftrightarrow> ?rhs")
  2.3216 +by (simp add: ring_simps)
  2.3217 +have "?rhs"
  2.3218 +  apply (frpar2 type: "'a::{division_by_zero,ordered_field,number_ring}" pars: "a::'a::{division_by_zero,ordered_field,number_ring}" "b::'a::{division_by_zero,ordered_field,number_ring}")
  2.3219 +  apply simp
  2.3220 +oops
  2.3221 +*)
  2.3222 +
  2.3223 +(*
  2.3224 +lemma "ALL (x::'a::{division_by_zero,ordered_field,number_ring}) y. (1 - t)*x \<le> (1+t)*y \<and> (1 - t)*y \<le> (1+t)*x --> 0 \<le> y"
  2.3225 +apply (frpar2 type: "'a::{division_by_zero,ordered_field,number_ring}" pars: "t::'a::{division_by_zero,ordered_field,number_ring}")
  2.3226 +apply (simp add: field_simps linorder_neq_iff[symmetric])
  2.3227 +apply ferrack
  2.3228 +oops
  2.3229 +*)
  2.3230 +end
  2.3231 \ No newline at end of file