Page MenuHomeIsabelle/Phabricator
Files F1591001

No OneTemporary
Actions

View Options

This file is larger than 256 KB, so syntax highlighting was skipped.
diff --git a/metadata/authors.toml b/metadata/authors.toml
--- a/metadata/authors.toml
+++ b/metadata/authors.toml
@@ -1,6855 +1,6870 @@
[abdulaziz]
name = "Mohammad Abdulaziz"
[abdulaziz.emails]
[abdulaziz.emails.abdulaziz_email]
user = [
"mohammad",
"abdulaziz",
]
host = [
"in",
"tum",
"de",
]
[abdulaziz.emails.abdulaziz_email1]
user = [
"mohammad",
"abdulaziz8",
]
host = [
"gmail",
"com",
]
[abdulaziz.homepages]
abdulaziz_homepage = "http://home.in.tum.de/~mansour/"
[adelsberger]
name = "Stephan Adelsberger"
[adelsberger.emails]
[adelsberger.emails.adelsberger_email]
user = [
"stvienna",
]
host = [
"gmail",
"com",
]
[adelsberger.homepages]
adelsberger_homepage = "http://nm.wu.ac.at/nm/sadelsbe"
[aehlig]
name = "Klaus Aehlig"
[aehlig.emails]
[aehlig.homepages]
aehlig_homepage = "http://www.linta.de/~aehlig/"
[aissat]
name = "Romain Aissat"
[aissat.emails]
[aissat.homepages]
[amani]
name = "Sidney Amani"
[amani.emails]
[amani.emails.amani_email]
user = [
"sidney",
"amani",
]
host = [
"data61",
"csiro",
"au",
]
[amani.homepages]
[ammer]
name = "Thomas Ammer"
[ammer.emails]
[ammer.emails.ammer_email]
user = ["thomas","ammer"]
host = ["tum","de"]
[ammer.homepages]
[andronick]
name = "June Andronick"
[andronick.emails]
[andronick.homepages]
[aransay]
name = "Jesús Aransay"
[aransay.emails]
[aransay.emails.aransay_email]
user = [
"jesus-maria",
"aransay",
]
host = [
"unirioja",
"es",
]
[aransay.homepages]
aransay_homepage = "https://www.unirioja.es/cu/jearansa"
[argyraki]
name = "Angeliki Koutsoukou-Argyraki"
[argyraki.emails]
[argyraki.emails.argyraki_email]
user = [
"ak2110",
]
host = [
"cam",
"ac",
"uk",
]
[argyraki.homepages]
argyraki_homepage = "https://www.cl.cam.ac.uk/~ak2110/"
argyraki_homepage2 = "https://www.cst.cam.ac.uk/people/ak2110"
[armstrong]
name = "Alasdair Armstrong"
[armstrong.emails]
[armstrong.homepages]
[aspinall]
name = "David Aspinall"
[aspinall.emails]
[aspinall.homepages]
aspinall_homepage = "http://homepages.inf.ed.ac.uk/da/"
[ausaf]
name = "Fahad Ausaf"
[ausaf.emails]
[ausaf.homepages]
ausaf_homepage = "http://kcl.academia.edu/FahadAusaf"
[avigad]
name = "Jeremy Avigad"
[avigad.emails]
[avigad.emails.avigad_email]
user = [
"avigad",
]
host = [
"cmu",
"edu",
]
[avigad.homepages]
avigad_homepage = "http://www.andrew.cmu.edu/user/avigad/"
[back]
name = "Ralph-Johan Back"
[back.emails]
[back.homepages]
back_homepage = "http://users.abo.fi/Ralph-Johan.Back/"
[balbach]
name = "Frank J. Balbach"
[balbach.emails]
[balbach.emails.balbach_email]
user = [
"frank-balbach",
]
host = [
"gmx",
"de",
]
[balbach.homepages]
[ballarin]
name = "Clemens Ballarin"
[ballarin.emails]
[ballarin.emails.ballarin_email]
user = [
"ballarin",
]
host = [
"in",
"tum",
"de",
]
[ballarin.homepages]
ballarin_homepage = "http://www21.in.tum.de/~ballarin/"
[barsotti]
name = "Damián Barsotti"
[barsotti.emails]
[barsotti.homepages]
barsotti_homepage = "http://www.cs.famaf.unc.edu.ar/~damian/"
[bauer]
name = "Gertrud Bauer"
[bauer.emails]
[bauer.homepages]
[bauereiss]
name = "Thomas Bauereiss"
[bauereiss.emails]
[bauereiss.emails.bauereiss_email]
user = [
"thomas",
]
host = [
"bauereiss",
"name",
]
[bauereiss.homepages]
[bayer]
name = "Jonas Bayer"
[bayer.emails]
[bayer.emails.bayer_email]
user = [
"jonas",
"bayer999",
]
host = [
"gmail",
"com",
]
[bayer.homepages]
[becker]
name = "Heiko Becker"
[becker.emails]
[becker.emails.becker_email]
user = [
"hbecker",
]
host = [
"mpi-sws",
"org",
]
[becker.homepages]
[beeren]
name = "Joel Beeren"
[beeren.emails]
[beeren.homepages]
[bella]
name = "Giampaolo Bella"
[bella.emails]
[bella.emails.bella_email]
user = [
"giamp",
]
host = [
"dmi",
"unict",
"it",
]
[bella.homepages]
bella_homepage = "http://www.dmi.unict.it/~giamp/"
[bengtson]
name = "Jesper Bengtson"
[bengtson.emails]
[bengtson.homepages]
bengtson_homepage = "http://www.itu.dk/people/jebe"
[bentkamp]
name = "Alexander Bentkamp"
[bentkamp.emails]
[bentkamp.emails.bentkamp_email]
user = [
"bentkamp",
]
host = [
"gmail",
"com",
]
[bentkamp.emails.bentkamp_email1]
user = [
"a",
"bentkamp",
]
host = [
"vu",
"nl",
]
[bentkamp.homepages]
bentkamp_homepage = "https://www.cs.vu.nl/~abp290/"
[benzmueller]
name = "Christoph Benzmüller"
[benzmueller.emails]
[benzmueller.emails.benzmueller_email]
user = [
"c",
"benzmueller",
]
host = [
"gmail",
"com",
]
[benzmueller.emails.benzmueller_email1]
user = [
"c",
"benzmueller",
]
host = [
"fu-berlin",
"de",
]
[benzmueller.homepages]
benzmueller_homepage = "http://christoph-benzmueller.de"
benzmueller_homepage1 = "http://page.mi.fu-berlin.de/cbenzmueller/"
[beresford]
name = "Alastair R. Beresford"
[beresford.emails]
[beresford.emails.beresford_email]
user = [
"arb33",
]
host = [
"cam",
"ac",
"uk",
]
[beresford.homepages]
[berghofer]
name = "Stefan Berghofer"
[berghofer.emails]
[berghofer.emails.berghofer_email]
user = [
"berghofe",
]
host = [
"in",
"tum",
"de",
]
[berghofer.homepages]
berghofer_homepage = "http://www.in.tum.de/~berghofe"
[beringer]
name = "Lennart Beringer"
[beringer.emails]
[beringer.emails.beringer_email]
user = [
"lennart",
"beringer",
]
host = [
"ifi",
"lmu",
"de",
]
[beringer.homepages]
[bharadwaj]
name = "Abhijith Bharadwaj"
[bharadwaj.emails]
[bharadwaj.homepages]
[bhatt]
name = "Bhargav Bhatt"
[bhatt.emails]
[bhatt.emails.bhatt_email]
user = [
"bhargav",
"bhatt",
]
host = [
"inf",
"ethz",
"ch",
]
[bhatt.homepages]
[biendarra]
name = "Julian Biendarra"
[biendarra.emails]
[biendarra.homepages]
[bisping]
name = "Benjamin Bisping"
[bisping.emails]
[bisping.emails.bisping_email]
user = [
"benjamin",
"bisping",
]
host = [
"campus",
"tu-berlin",
"de",
]
[bisping.homepages]
[blanchette]
name = "Jasmin Christian Blanchette"
[blanchette.emails]
[blanchette.emails.blanchette_email]
user = [
"jasmin",
"blanchette",
]
host = [
"gmail",
"com",
]
[blanchette.emails.blanchette_email1]
user = [
"j",
"c",
"blanchette",
]
host = [
"vu",
"nl",
]
[blanchette.homepages]
blanchette_homepage = "http://www21.in.tum.de/~blanchet"
blanchette_homepage1 = "https://www.cs.vu.nl/~jbe248/"
[blasum]
name = "Holger Blasum"
[blasum.emails]
[blasum.emails.blasum_email]
user = [
"holger",
"blasum",
]
host = [
"sysgo",
"com",
]
[blasum.homepages]
[blumson]
name = "Ben Blumson"
[blumson.emails]
[blumson.emails.blumson_email]
user = [
"benblumson",
]
host = [
"gmail",
"com",
]
[blumson.homepages]
blumson_homepage = "https://philpeople.org/profiles/ben-blumson"
[bockenek]
name = "Joshua Bockenek"
[bockenek.emails]
[bockenek.homepages]
[boehme]
name = "Sascha Böhme"
[boehme.emails]
[boehme.emails.boehme_email]
user = [
"boehmes",
]
host = [
"in",
"tum",
"de",
]
[boehme.homepages]
boehme_homepage = "http://www21.in.tum.de/~boehmes/"
[bohrer]
name = "Rose Bohrer"
[bohrer.emails]
[bohrer.emails.bohrer_email]
user = [
"rose",
"bohrer",
"cs",
]
host = [
"gmail",
"com",
]
[bohrer.homepages]
[bordg]
name = "Anthony Bordg"
[bordg.emails]
[bordg.emails.bordg_email]
user = [
"apdb3",
]
host = [
"cam",
"ac",
"uk",
]
[bordg.homepages]
bordg_homepage = "https://sites.google.com/site/anthonybordg/"
[borgstroem]
name = "Johannes Borgström"
[borgstroem.emails]
[borgstroem.emails.borgstroem_email]
user = [
"johannes",
"borgstrom",
]
host = [
"it",
"uu",
"se",
]
[borgstroem.homepages]
[bortin]
name = "Maksym Bortin"
[bortin.emails]
[bortin.emails.bortin_email]
user = [
"maksym",
"bortin",
]
host = [
"nicta",
"com",
"au",
]
[bortin.emails.bortin_email1]
user = [
"mbortin",
]
host = [
"gmail",
"com",
]
[bortin.homepages]
[bottesch]
name = "Ralph Bottesch"
[bottesch.emails]
[bottesch.emails.bottesch_email]
user = [
"ralph",
"bottesch",
]
host = [
"uibk",
"ac",
"at",
]
[bottesch.homepages]
bottesch_homepage = "http://cl-informatik.uibk.ac.at/users/bottesch/"
[boulanger]
name = "Frédéric Boulanger"
[boulanger.emails]
[boulanger.emails.boulanger_email]
user = [
"frederic",
"boulanger",
]
host = [
"centralesupelec",
"fr",
]
[boulanger.homepages]
[bourke]
name = "Timothy Bourke"
[bourke.emails]
[bourke.emails.bourke_email]
user = [
"tim",
]
host = [
"tbrk",
"org",
]
[bourke.homepages]
bourke_homepage = "http://www.tbrk.org"
[boutry]
name = "Pierre Boutry"
[boutry.emails]
[boutry.emails.boutry_email]
user = [
"boutry",
]
host = [
"unistra",
"fr",
]
[boutry.homepages]
[boyton]
name = "Andrew Boyton"
[boyton.emails]
[boyton.emails.boyton_email]
user = [
"andrew",
"boyton",
]
host = [
"nicta",
"com",
"au",
]
[boyton.homepages]
[bracevac]
name = "Oliver Bračevac"
[bracevac.emails]
[bracevac.emails.bracevac_email]
user = [
"bracevac",
]
host = [
"st",
"informatik",
"tu-darmstadt",
"de",
]
[bracevac.homepages]
[brandt]
name = "Felix Brandt"
[brandt.emails]
[brandt.homepages]
brandt_homepage = "http://dss.in.tum.de/staff/brandt.html"
[breitner]
name = "Joachim Breitner"
[breitner.emails]
[breitner.emails.breitner_email]
user = [
"mail",
]
host = [
"joachim-breitner",
"de",
]
[breitner.emails.breitner_email1]
user = [
"joachim",
]
host = [
"cis",
"upenn",
"edu",
]
[breitner.homepages]
breitner_homepage = "http://pp.ipd.kit.edu/~breitner"
[brien]
name = "Nicolas Robinson-O'Brien"
[brien.emails]
[brien.homepages]
[brinkop]
name = "Hauke Brinkop"
[brinkop.emails]
[brinkop.emails.brinkop_email]
user = [
"hauke",
"brinkop",
]
host = [
"googlemail",
"com",
]
[brinkop.homepages]
[brodmann]
name = "Paul-David Brodmann"
[brodmann.emails]
[brodmann.emails.brodmann_email]
user = [
"p",
"brodmann",
]
host = [
"tu-berlin",
"de",
]
[brodmann.homepages]
[brucker]
name = "Achim D. Brucker"
[brucker.emails]
[brucker.emails.brucker_email]
user = [
"a",
"brucker",
]
host = [
"exeter",
"ac",
"uk",
]
[brucker.emails.brucker_email1]
user = [
"brucker",
]
host = [
"spamfence",
"net",
]
[brucker.emails.brucker_email2]
user = [
"adbrucker",
]
host = [
"0x5f",
"org",
]
[brucker.homepages]
brucker_homepage = "https://www.brucker.ch/"
[bruegger]
name = "Lukas Brügger"
[bruegger.emails]
[bruegger.emails.bruegger_email]
user = [
"lukas",
"a",
"bruegger",
]
host = [
"gmail",
"com",
]
[bruegger.homepages]
[brun]
name = "Matthias Brun"
[brun.emails]
[brun.emails.brun_email]
user = [
"matthias",
"brun",
]
host = [
"inf",
"ethz",
"ch",
]
[brun.homepages]
[brunner]
name = "Julian Brunner"
[brunner.emails]
[brunner.emails.brunner_email]
user = [
"brunnerj",
]
host = [
"in",
"tum",
"de",
]
[brunner.homepages]
brunner_homepage = "http://www21.in.tum.de/~brunnerj/"
[bulwahn]
name = "Lukas Bulwahn"
[bulwahn.emails]
[bulwahn.emails.bulwahn_email]
user = [
"lukas",
"bulwahn",
]
host = [
"gmail",
"com",
]
[bulwahn.homepages]
[butler]
name = "David Butler"
[butler.emails]
[butler.emails.butler_email]
user = [
"dbutler",
]
host = [
"turing",
"ac",
"uk",
]
[butler.homepages]
butler_homepage = "https://www.turing.ac.uk/people/doctoral-students/david-butler"
[buyse]
name = "Maxime Buyse"
[buyse.emails]
[buyse.emails.buyse_email]
user = [
"maxime",
"buyse",
]
host = [
"polytechnique",
"edu",
]
[buyse.homepages]
[caballero]
name = "José Manuel Rodríguez Caballero"
[caballero.emails]
[caballero.emails.caballero_email]
user = [
"jose",
"manuel",
"rodriguez",
"caballero",
]
host = [
"ut",
"ee",
]
[caballero.homepages]
caballero_homepage = "https://josephcmac.github.io/"
[caminati]
name = "Marco B. Caminati"
[caminati.emails]
[caminati.homepages]
[campo]
name = "Alejandro del Campo"
[campo.emails]
[campo.emails.campo_email]
user = [
"alejandro",
"del-campo",
]
host = [
"alum",
"unirioja",
"es",
]
[campo.homepages]
[chaieb]
name = "Amine Chaieb"
[chaieb.emails]
[chaieb.homepages]
[chapman]
name = "Peter Chapman"
[chapman.emails]
[chapman.emails.chapman_email]
user = [
"pc",
]
host = [
"cs",
"st-andrews",
"ac",
"uk",
]
[chapman.homepages]
[chen]
name = "L. Chen"
[chen.emails]
[chen.homepages]
[clouston]
name = "Ranald Clouston"
[clouston.emails]
[clouston.emails.clouston_email]
user = [
"ranald",
"clouston",
]
host = [
"cs",
"au",
"dk",
]
[clouston.homepages]
[cock]
name = "David Cock"
[cock.emails]
[cock.emails.cock_email]
user = [
"david",
"cock",
]
host = [
"nicta",
"com",
"au",
]
[cock.homepages]
[coghetto]
name = "Roland Coghetto"
[coghetto.emails]
[coghetto.emails.coghetto_email]
user = [
"roland_coghetto",
]
host = [
"hotmail",
"com",
]
[coghetto.homepages]
[coglio]
name = "Alessandro Coglio"
[coglio.emails]
[coglio.emails.coglio_email]
user = [
"coglio",
]
host = [
"kestrel",
"edu",
]
[coglio.homepages]
coglio_homepage = "http://www.kestrel.edu/~coglio"
[cohen]
name = "Ernie Cohen"
[cohen.emails]
[cohen.emails.cohen_email]
user = [
"ecohen",
]
host = [
"amazon",
"com",
]
[cohen.homepages]
[cordwell]
name = "Katherine Cordwell"
[cordwell.emails]
[cordwell.emails.cordwell_email]
user = [
"kcordwel",
]
host = [
"cs",
"cmu",
"edu",
]
[cordwell.homepages]
cordwell_homepage = "https://www.cs.cmu.edu/~kcordwel/"
[cousin]
name = "Marie Cousin"
[cousin.emails]
[cousin.emails.cousin_email]
user = [
"marie",
"cousin",
]
host = [
"grenoble-inp",
"org",
]
[cousin.homepages]
[crighton]
name = "Aaron Crighton"
[crighton.emails]
[crighton.emails.crighton_email]
user = [
"crightoa",
]
host = [
"mcmaster",
"ca",
]
[crighton.homepages]
[dardinier]
name = "Thibault Dardinier"
[dardinier.emails]
[dardinier.emails.dardinier_email]
user = [
"thibault",
"dardinier",
]
host = [
"inf",
"ethz",
"ch",
]
[dardinier.homepages]
dardinier_homepage = "https://dardinier.me/"
[david]
name = "Marco David"
[david.emails]
[david.emails.david_email]
user = [
"marco",
"david",
]
host = [
"hotmail",
"de",
]
[david.homepages]
[debrat]
name = "Henri Debrat"
[debrat.emails]
[debrat.emails.debrat_email]
user = [
"henri",
"debrat",
]
host = [
"loria",
"fr",
]
[debrat.homepages]
[decova]
name = "Sára Decova"
[decova.emails]
[decova.homepages]
[derrick]
name = "John Derrick"
[derrick.emails]
[derrick.emails.derrick_email]
user = [
"j",
"derrick",
]
host = [
"sheffield",
"ac",
"uk",
]
[derrick.homepages]
[desharnais]
name = "Martin Desharnais"
[desharnais.emails]
[desharnais.emails.desharnais_email]
user = [
"martin",
"desharnais",
]
host = [
"unibw",
"de",
]
[desharnais.homepages]
desharnais_homepage = "https://martin.desharnais.me"
[diaz]
name = "Javier Díaz"
[diaz.emails]
[diaz.emails.diaz_email]
user = [
"javier",
"diaz",
"manzi",
]
host = [
"gmail",
"com",
]
[diaz.homepages]
[diekmann]
name = "Cornelius Diekmann"
[diekmann.emails]
[diekmann.emails.diekmann_email]
user = [
"diekmann",
]
host = [
"net",
"in",
"tum",
"de",
]
[diekmann.homepages]
diekmann_homepage = "http://net.in.tum.de/~diekmann"
[dirix]
name = "Stefan Dirix"
[dirix.emails]
[dirix.homepages]
[dittmann]
name = "Christoph Dittmann"
[dittmann.emails]
[dittmann.emails.dittmann_email]
user = [
"isabelle",
]
host = [
"christoph-d",
"de",
]
[dittmann.homepages]
dittmann_homepage = "http://logic.las.tu-berlin.de/Members/Dittmann/"
[divason]
name = "Jose Divasón"
[divason.emails]
[divason.emails.divason_email]
user = [
"jose",
"divason",
]
host = [
"unirioja",
"es",
]
[divason.homepages]
divason_homepage = "https://www.unirioja.es/cu/jodivaso/"
[doczkal]
name = "Christian Doczkal"
[doczkal.emails]
[doczkal.emails.doczkal_email]
user = [
"doczkal",
]
host = [
"ps",
"uni-saarland",
"de",
]
[doczkal.homepages]
[dongol]
name = "Brijesh Dongol"
[dongol.emails]
[dongol.emails.dongol_email]
user = [
"brijesh",
"dongol",
]
host = [
"brunel",
"ac",
"uk",
]
[dongol.homepages]
[doty]
-name = "Matthew Wampler-Doty"
+name = "Matthew Doty"
[doty.emails]
+[doty.emails.doty_email]
+user = [
+ "matt",
+]
+host = [
+ "w-d",
+ "org",
+]
+
[doty.homepages]
[dubut]
name = "Jérémy Dubut"
[dubut.emails]
[dubut.emails.dubut_email]
user = [
"dubut",
]
host = [
"nii",
"ac",
"jp",
]
[dubut.homepages]
dubut_homepage = "http://group-mmm.org/~dubut/"
[dunaev]
name = "Georgy Dunaev"
[dunaev.emails]
[dunaev.emails.dunaev_email]
user = [
"georgedunaev",
]
host = [
"gmail",
"com",
]
[dunaev.homepages]
[dyckhoff]
name = "Roy Dyckhoff"
[dyckhoff.emails]
[dyckhoff.homepages]
dyckhoff_homepage = "https://rd.host.cs.st-andrews.ac.uk"
[eberl]
name = "Manuel Eberl"
orcid = "0000-0002-4263-6571"
[eberl.emails]
[eberl.emails.eberl_email]
user = [
"manuel",
]
host = [
"pruvisto",
"org",
]
[eberl.emails.eberl_email1]
user = [
"manuel",
"eberl",
]
host = [
"tum",
"de",
]
[eberl.emails.eberl_email2]
user = [
"manuel",
"eberl",
]
host = [
"uibk",
"ac",
"at",
]
[eberl.homepages]
eberl_homepage = "https://pruvisto.org/"
eberl_homepage2 = "https://www.in.tum.de/~eberlm"
[echenim]
name = "Mnacho Echenim"
[echenim.emails]
[echenim.emails.echenim_email]
user = [
"mnacho",
"echenim",
]
host = [
"univ-grenoble-alpes",
"fr",
]
[echenim.homepages]
echenim_homepage = "https://lig-membres.imag.fr/mechenim/"
[edmonds]
name = "Chelsea Edmonds"
[edmonds.emails]
[edmonds.emails.edmonds_email]
user = [
"cle47",
]
host = [
"cam",
"ac",
"uk",
]
[edmonds.homepages]
edmonds_homepage = "https://www.cst.cam.ac.uk/people/cle47"
[engelhardt]
name = "Kai Engelhardt"
[engelhardt.emails]
[engelhardt.homepages]
[eriksson]
name = "Lars-Henrik Eriksson"
[eriksson.emails]
[eriksson.emails.eriksson_email]
user = [
"lhe",
]
host = [
"it",
"uu",
"se",
]
[eriksson.homepages]
[esparza]
name = "Javier Esparza"
[esparza.emails]
[esparza.homepages]
esparza_homepage = "https://www7.in.tum.de/~esparza/"
[essmann]
name = "Robin Eßmann"
[essmann.emails]
[essmann.emails.essmann_email]
user = [
"robin",
"essmann",
]
host = [
"tum",
"de",
]
[essmann.homepages]
[felgenhauer]
name = "Bertram Felgenhauer"
[felgenhauer.emails]
[felgenhauer.emails.felgenhauer_email]
user = [
"bertram",
"felgenhauer",
]
host = [
"uibk",
"ac",
"at",
]
[felgenhauer.emails.felgenhauer_email1]
user = [
"int-e",
]
host = [
"gmx",
"de",
]
[felgenhauer.homepages]
[feliachi]
name = "Abderrahmane Feliachi"
[feliachi.emails]
[feliachi.emails.feliachi_email]
user = [
"abderrahmane",
"feliachi",
]
host = [
"lri",
"fr",
]
[feliachi.homepages]
[fell]
name = "Julian Fell"
[fell.emails]
[fell.emails.fell_email]
user = [
"julian",
"fell",
]
host = [
"uq",
"net",
"au",
]
[fell.homepages]
[fernandez]
name = "Matthew Fernandez"
[fernandez.emails]
[fernandez.homepages]
[fiedler]
name = "Ben Fiedler"
[fiedler.emails]
[fiedler.emails.fiedler_email]
user = [
"ben",
"fiedler",
]
host = [
"inf",
"ethz",
"ch",
]
[fiedler.homepages]
[fleuriot]
name = "Jacques D. Fleuriot"
[fleuriot.emails]
[fleuriot.emails.fleuriot_email]
user = [
"Jacques",
"Fleuriot",
]
host = [
"ed",
"ac",
"uk",
]
[fleuriot.emails.fleuriot_email1]
user = [
"jdf",
]
host = [
"ed",
"ac",
"uk",
]
[fleuriot.homepages]
fleuriot_homepage = "https://www.inf.ed.ac.uk/people/staff/Jacques_Fleuriot.html"
[fleury]
name = "Mathias Fleury"
[fleury.emails]
[fleury.emails.fleury_email]
user = [
"fleury",
]
host = [
"mpi-inf",
"mpg",
"de",
]
[fleury.emails.fleury_email1]
user = [
"mathias",
"fleury",
]
host = [
"jku",
"at",
]
[fleury.homepages]
fleury_homepage = "http://fmv.jku.at/fleury"
[foster]
name = "Michael Foster"
[foster.emails]
[foster.emails.foster_email]
user = [
"m",
"foster",
]
host = [
"sheffield",
"ac",
"uk",
]
[foster.homepages]
[fosterj]
name = "J. Nathan Foster"
[fosterj.emails]
[fosterj.homepages]
fosterj_homepage = "http://www.cs.cornell.edu/~jnfoster/"
[fosters]
name = "Simon Foster"
[fosters.emails]
[fosters.emails.fosters_email]
user = [
"simon",
"foster",
]
host = [
"york",
"ac",
"uk",
]
[fosters.homepages]
fosters_homepage = "https://www-users.cs.york.ac.uk/~simonf/"
[fouillard]
name = "Valentin Fouillard"
[fouillard.emails]
[fouillard.emails.fouillard_email]
user = [
"valentin",
"fouillard",
]
host = [
"limsi",
"fr",
]
[fouillard.homepages]
[friedrich]
name = "Stefan Friedrich"
[friedrich.emails]
[friedrich.homepages]
[from]
name = "Asta Halkjær From"
[from.emails]
[from.emails.from_email]
user = [
"ahfrom",
]
host = [
"dtu",
"dk",
]
[from.homepages]
from_homepage = "https://people.compute.dtu.dk/ahfrom/"
[fuenmayor]
name = "David Fuenmayor"
[fuenmayor.emails]
[fuenmayor.emails.fuenmayor_email]
user = [
"davfuenmayor",
]
host = [
"gmail",
"com",
]
[fuenmayor.homepages]
[furusawa]
name = "Hitoshi Furusawa"
[furusawa.emails]
[furusawa.homepages]
furusawa_homepage = "http://www.sci.kagoshima-u.ac.jp/~furusawa/"
[gammie]
name = "Peter Gammie"
[gammie.emails]
[gammie.emails.gammie_email]
user = [
"peteg42",
]
host = [
"gmail",
"com",
]
[gammie.homepages]
gammie_homepage = "http://peteg.org"
[gao]
name = "Xin Gao"
[gao.emails]
[gao.homepages]
[gaudel]
name = "Marie-Claude Gaudel"
[gaudel.emails]
[gaudel.emails.gaudel_email]
user = [
"mcg",
]
host = [
"lri",
"fr",
]
[gaudel.homepages]
[gay]
name = "Richard Gay"
[gay.emails]
[gay.emails.gay_email]
user = [
"gay",
]
host = [
"mais",
"informatik",
"tu-darmstadt",
"de",
]
[gay.homepages]
[georgescu]
name = "George Georgescu"
[georgescu.emails]
[georgescu.homepages]
[gheri]
name = "Lorenzo Gheri"
[gheri.emails]
[gheri.emails.gheri_email]
user = [
"lor",
"gheri",
]
host = [
"gmail",
"com",
]
[gheri.homepages]
[ghourabi]
name = "Fadoua Ghourabi"
[ghourabi.emails]
[ghourabi.emails.ghourabi_email]
user = [
"fadouaghourabi",
]
host = [
"gmail",
"com",
]
[ghourabi.homepages]
[gioiosa]
name = "Gianpaolo Gioiosa"
[gioiosa.emails]
[gioiosa.homepages]
[glabbeek]
name = "Rob van Glabbeek"
[glabbeek.emails]
[glabbeek.homepages]
glabbeek_homepage = "http://theory.stanford.edu/~rvg/"
[gomes]
name = "Victor B. F. Gomes"
[gomes.emails]
[gomes.emails.gomes_email]
user = [
"victor",
"gomes",
]
host = [
"cl",
"cam",
"ac",
"uk",
]
[gomes.emails.gomes_email2]
user = [
"victorborgesfg",
]
host = [
"gmail",
"com",
]
[gomes.emails.gomes_email4]
user = [
"vborgesferreiragomes1",
]
host = [
"sheffield",
"ac",
"uk",
]
[gomes.homepages]
gomes_homepage = "http://www.dcs.shef.ac.uk/~victor"
[gonzalez]
name = "Edgar Gonzàlez"
orcid = "0000-0002-9169-0769"
[gonzalez.emails]
[gonzalez.emails.gonzalez_email]
user = [
"edgargip",
]
host = [
"google",
"com",
]
[gonzalez.homepages]
[gore]
name = "Rajeev Gore"
[gore.emails]
[gore.emails.gore_email]
user = [
"rajeev",
"gore",
]
host = [
"anu",
"edu",
"au",
]
[gore.homepages]
[gouezel]
name = "Sebastien Gouezel"
[gouezel.emails]
[gouezel.emails.gouezel_email]
user = [
"sebastien",
"gouezel",
]
host = [
"univ-rennes1",
"fr",
]
[gouezel.homepages]
gouezel_homepage = "http://www.math.sciences.univ-nantes.fr/~gouezel/"
[grechuk]
name = "Bogdan Grechuk"
[grechuk.emails]
[grechuk.emails.grechuk_email]
user = [
"grechukbogdan",
]
host = [
"yandex",
"ru",
]
[grechuk.homepages]
[grewe]
name = "Sylvia Grewe"
[grewe.emails]
[grewe.emails.grewe_email]
user = [
"grewe",
]
host = [
"cs",
"tu-darmstadt",
"de",
]
[grewe.homepages]
[griebel]
name = "Simon Griebel"
[griebel.emails]
[griebel.emails.griebel_email]
user = [
"s",
"griebel",
]
host = [
"tum",
"de",
]
[griebel.homepages]
[grov]
name = "Gudmund Grov"
[grov.emails]
[grov.emails.grov_email]
user = [
"ggrov",
]
host = [
"inf",
"ed",
"ac",
"uk",
]
[grov.homepages]
grov_homepage = "http://homepages.inf.ed.ac.uk/ggrov"
[guerraoui]
name = "Rachid Guerraoui"
[guerraoui.emails]
[guerraoui.emails.guerraoui_email]
user = [
"rachid",
"guerraoui",
]
host = [
"epfl",
"ch",
]
[guerraoui.homepages]
[guiol]
name = "Hervé Guiol"
[guiol.emails]
[guiol.emails.guiol_email]
user = [
"herve",
"guiol",
]
host = [
"univ-grenoble-alpes",
"fr",
]
[guiol.homepages]
[gunther]
name = "Emmanuel Gunther"
[gunther.emails]
[gunther.emails.gunther_email]
user = [
"gunther",
]
host = [
"famaf",
"unc",
"edu",
"ar",
]
[gunther.homepages]
[gutkovas]
name = "Ramunas Gutkovas"
[gutkovas.emails]
[gutkovas.emails.gutkovas_email]
user = [
"ramunas",
"gutkovas",
]
host = [
"it",
"uu",
"se",
]
[gutkovas.homepages]
[guttmann]
name = "Walter Guttmann"
[guttmann.emails]
[guttmann.emails.guttmann_email]
user = [
"walter",
"guttmann",
]
host = [
"canterbury",
"ac",
"nz",
]
[guttmann.homepages]
guttmann_homepage = "https://www.cosc.canterbury.ac.nz/walter.guttmann/"
[haftmann]
name = "Florian Haftmann"
[haftmann.emails]
[haftmann.emails.haftmann_email]
user = [
"florian",
"haftmann",
]
host = [
"informatik",
"tu-muenchen",
"de",
]
[haftmann.homepages]
haftmann_homepage = "http://isabelle.in.tum.de/~haftmann"
[haslbeck]
name = "Max W. Haslbeck"
[haslbeck.emails]
[haslbeck.emails.haslbeck_email]
user = [
"maximilian",
"haslbeck",
]
host = [
"uibk",
"ac",
"at",
]
[haslbeck.emails.haslbeck_email1]
user = [
"haslbecm",
]
host = [
"in",
"tum",
"de",
]
[haslbeck.emails.haslbeck_email2]
user = [
"max",
"haslbeck",
]
host = [
"gmx",
"de",
]
[haslbeck.homepages]
haslbeck_homepage = "http://cl-informatik.uibk.ac.at/users/mhaslbeck/"
[haslbeckm]
name = "Maximilian P. L. Haslbeck"
[haslbeckm.emails]
[haslbeckm.emails.haslbeckm_email]
user = [
"haslbema",
]
host = [
"in",
"tum",
"de",
]
[haslbeckm.homepages]
haslbeckm_homepage = "http://in.tum.de/~haslbema/"
[havle]
name = "Oto Havle"
[havle.emails]
[havle.emails.havle_email]
user = [
"oha",
]
host = [
"sysgo",
"com",
]
[havle.homepages]
[hayes]
name = "Ian J. Hayes"
[hayes.emails]
[hayes.emails.hayes_email]
user = [
"ian",
"hayes",
]
host = [
"itee",
"uq",
"edu",
"au",
]
[hayes.homepages]
[he]
name = "Yijun He"
[he.emails]
[he.emails.he_email]
user = [
"yh403",
]
host = [
"cam",
"ac",
"uk",
]
[he.homepages]
[heimes]
name = "Lukas Heimes"
[heimes.emails]
[heimes.emails.heimes_email]
user = [
"heimesl",
]
host = [
"student",
"ethz",
"ch",
]
[heimes.homepages]
[helke]
name = "Steffen Helke"
[helke.emails]
[helke.emails.helke_email]
user = [
"helke",
]
host = [
"cs",
"tu-berlin",
"de",
]
[helke.homepages]
[hellauer]
name = "Fabian Hellauer"
[hellauer.emails]
[hellauer.emails.hellauer_email]
user = [
"hellauer",
]
host = [
"in",
"tum",
"de",
]
[hellauer.homepages]
[heller]
name = "Armin Heller"
[heller.emails]
[heller.homepages]
[henrio]
name = "Ludovic Henrio"
[henrio.emails]
[henrio.emails.henrio_email]
user = [
"Ludovic",
"Henrio",
]
host = [
"sophia",
"inria",
"fr",
]
[henrio.homepages]
[herzberg]
name = "Michael Herzberg"
[herzberg.emails]
[herzberg.emails.herzberg_email]
user = [
"mail",
]
host = [
"michael-herzberg",
"de",
]
[herzberg.homepages]
herzberg_homepage = "http://www.dcs.shef.ac.uk/cgi-bin/makeperson?M.Herzberg"
[hess]
name = "Andreas V. Hess"
[hess.emails]
[hess.emails.hess_email]
user = [
"avhe",
]
host = [
"dtu",
"dk",
]
[hess.emails.hess_email1]
user = [
"andreasvhess",
]
host = [
"gmail",
"com",
]
[hess.homepages]
[hetzl]
name = "Stefan Hetzl"
[hetzl.emails]
[hetzl.emails.hetzl_email]
user = [
"hetzl",
]
host = [
"logic",
"at",
]
[hetzl.homepages]
hetzl_homepage = "http://www.logic.at/people/hetzl/"
[hibon]
name = "Quentin Hibon"
[hibon.emails]
[hibon.emails.hibon_email]
user = [
"qh225",
]
host = [
"cl",
"cam",
"ac",
"uk",
]
[hibon.homepages]
[hirata]
name = "Michikazu Hirata"
[hirata.emails]
[hirata.emails.hirata_email]
user = [
"hirata",
"m",
"ac",
]
host = [
"m",
"titech",
"ac",
"jp",
]
[hirata.homepages]
[hoefner]
name = "Peter Höfner"
[hoefner.emails]
[hoefner.emails.hoefner_email]
user = [
"peter",
]
host = [
"hoefner-online",
"de",
]
[hoefner.homepages]
hoefner_homepage = "http://www.hoefner-online.de/"
[hoelzl]
name = "Johannes Hölzl"
[hoelzl.emails]
[hoelzl.emails.hoelzl_email]
user = [
"hoelzl",
]
host = [
"in",
"tum",
"de",
]
[hoelzl.homepages]
hoelzl_homepage = "http://home.in.tum.de/~hoelzl"
[hofmann]
name = "Martin Hofmann"
[hofmann.emails]
[hofmann.homepages]
hofmann_homepage = "http://www.tcs.informatik.uni-muenchen.de/~mhofmann"
[holub]
name = "Štěpán Holub"
[holub.emails]
[holub.emails.holub_email]
user = [
"holub",
]
host = [
"karlin",
"mff",
"cuni",
"cz",
]
[holub.homepages]
holub_homepage = "https://www2.karlin.mff.cuni.cz/~holub/"
[hosking]
name = "Tony Hosking"
[hosking.emails]
[hosking.homepages]
hosking_homepage = "https://www.cs.purdue.edu/homes/hosking/"
[hou]
name = "Zhe Hou"
[hou.emails]
[hou.emails.hou_email]
user = [
"zhe",
"hou",
]
host = [
"ntu",
"edu",
"sg",
]
[hou.homepages]
[hu]
name = "Shuwei Hu"
[hu.emails]
[hu.emails.hu_email]
user = [
"shuwei",
"hu",
]
host = [
"tum",
"de",
]
[hu.homepages]
[huffman]
name = "Brian Huffman"
[huffman.emails]
[huffman.emails.huffman_email]
user = [
"huffman",
]
host = [
"in",
"tum",
"de",
]
[huffman.emails.huffman_email1]
user = [
"brianh",
]
host = [
"cs",
"pdx",
"edu",
]
[huffman.homepages]
huffman_homepage = "http://cs.pdx.edu/~brianh/"
[hupel]
name = "Lars Hupel"
[hupel.emails]
[hupel.emails.hupel_email]
user = [
- "hupel",
-]
-host = [
- "in",
- "tum",
- "de",
-]
-
-[hupel.emails.hupel_email1]
-user = [
"lars",
]
host = [
"hupel",
"info",
]
[hupel.homepages]
-hupel_homepage = "https://www21.in.tum.de/~hupel/"
-hupel_homepage1 = "https://lars.hupel.info/"
+hupel_homepage = "https://lars.hupel.info/"
[ijbema]
name = "Mark Ijbema"
[ijbema.emails]
[ijbema.emails.ijbema_email]
user = [
"ijbema",
]
host = [
"fmf",
"nl",
]
[ijbema.homepages]
[immler]
name = "Fabian Immler"
[immler.emails]
[immler.emails.immler_email]
user = [
"immler",
]
host = [
"in",
"tum",
"de",
]
[immler.emails.immler_email1]
user = [
"fimmler",
]
host = [
"cs",
"cmu",
"edu",
]
[immler.homepages]
immler_homepage = "https://home.in.tum.de/~immler/"
[ito]
name = "Yosuke Ito"
[ito.emails]
[ito.emails.ito_email]
user = [
"glacier345",
]
host = [
"gmail",
"com",
]
[ito.homepages]
[iwama]
name = "Fumiya Iwama"
[iwama.emails]
[iwama.emails.iwama_email]
user = [
"d1623001",
]
host = [
"s",
"konan-u",
"ac",
"jp",
]
[iwama.homepages]
[jacobsen]
name = "Frederik Krogsdal Jacobsen"
[jacobsen.emails]
[jacobsen.emails.jacobsen_email]
user = [
"fkjac",
]
host = [
"dtu",
"dk",
]
[jacobsen.homepages]
jacobsen_homepage = "http://people.compute.dtu.dk/fkjac/"
[jaskelioff]
name = "Mauro Jaskelioff"
[jaskelioff.emails]
[jaskelioff.homepages]
jaskelioff_homepage = "http://www.fceia.unr.edu.ar/~mauro/"
[jaskolka]
name = "Jason Jaskolka"
[jaskolka.emails]
[jaskolka.emails.jaskolka_email]
user = [
"jason",
"jaskolka",
]
host = [
"carleton",
"ca",
]
[jaskolka.homepages]
jaskolka_homepage = "https://carleton.ca/jaskolka/"
[jensen]
name = "Alexander Birch Jensen"
[jensen.emails]
[jensen.emails.jensen_email]
user = [
"aleje",
]
host = [
"dtu",
"dk",
]
[jensen.homepages]
jensen_homepage = "https://people.compute.dtu.dk/aleje/"
[jiang]
name = "Nan Jiang"
[jiang.emails]
[jiang.emails.jiang_email]
user = [
"nanjiang",
]
host = [
"whu",
"edu",
"cn",
]
[jiang.homepages]
[jiangd]
name = "Dongchen Jiang"
[jiangd.emails]
[jiangd.emails.jiangd_email]
user = [
"dongchenjiang",
]
host = [
"googlemail",
"com",
]
[jiangd.homepages]
[joosten]
name = "Sebastiaan J. C. Joosten"
[joosten.emails]
[joosten.emails.joosten_email]
user = [
"sebastiaan",
"joosten",
]
host = [
"uibk",
"ac",
"at",
]
[joosten.emails.joosten_email1]
user = [
"sjcjoosten",
]
host = [
"gmail",
"com",
]
[joosten.emails.joosten_email2]
user = [
"s",
"j",
"c",
"joosten",
]
host = [
"utwente",
"nl",
]
[joosten.homepages]
joosten_homepage = "https://sjcjoosten.nl/"
[jungnickel]
name = "Tim Jungnickel"
[jungnickel.emails]
[jungnickel.emails.jungnickel_email]
user = [
"tim",
"jungnickel",
]
host = [
"tu-berlin",
"de",
]
[jungnickel.homepages]
[kadzioka]
name = "Maya Kądziołka"
[kadzioka.emails]
[kadzioka.emails.kadzioka_email]
user = [
"afp",
]
host = [
"compilercrim",
"es",
]
[kadzioka.homepages]
[kaliszyk]
name = "Cezary Kaliszyk"
[kaliszyk.emails]
[kaliszyk.emails.kaliszyk_email]
user = [
"cezary",
"kaliszyk",
]
host = [
"uibk",
"ac",
"at",
]
[kaliszyk.homepages]
kaliszyk_homepage = "http://cl-informatik.uibk.ac.at/users/cek/"
[kammueller]
name = "Florian Kammüller"
[kammueller.emails]
[kammueller.emails.kammueller_email]
user = [
"flokam",
]
host = [
"cs",
"tu-berlin",
"de",
]
[kammueller.emails.kammueller_email1]
user = [
"florian",
"kammuller",
]
host = [
"gmail",
"com",
]
[kammueller.homepages]
kammueller_homepage = "http://www.cs.mdx.ac.uk/people/florian-kammueller/"
[kappelmann]
name = "Kevin Kappelmann"
[kappelmann.emails]
[kappelmann.emails.kappelmann_email]
user = [
"kevin",
"kappelmann",
]
host = [
"tum",
"de",
]
[kappelmann.homepages]
kappelmann_homepage = "https://www21.in.tum.de/team/kappelmk/"
[karayel]
name = "Emin Karayel"
orcid = "0000-0003-3290-5034"
[karayel.emails]
[karayel.emails.karayel_email]
user = [
"me",
]
host = [
"eminkarayel",
"de",
]
[karayel.homepages]
karayel_homepage = "https://orcid.org/0000-0003-3290-5034"
[kastermans]
name = "Bart Kastermans"
[kastermans.emails]
[kastermans.homepages]
kastermans_homepage = "http://kasterma.net"
[katovsky]
name = "Alexander Katovsky"
[katovsky.emails]
[katovsky.emails.katovsky_email]
user = [
"apk32",
]
host = [
"cam",
"ac",
"uk",
]
[katovsky.emails.katovsky_email1]
user = [
"alexander",
"katovsky",
]
host = [
"cantab",
"net",
]
[katovsky.homepages]
[kaufmann]
name = "Daniela Kaufmann"
[kaufmann.emails]
[kaufmann.homepages]
kaufmann_homepage = "http://fmv.jku.at/kaufmann"
[keefe]
name = "Greg O'Keefe"
[keefe.emails]
[keefe.homepages]
keefe_homepage = "http://users.rsise.anu.edu.au/~okeefe/"
[keinholz]
name = "Jonas Keinholz"
[keinholz.emails]
[keinholz.homepages]
[kerber]
name = "Manfred Kerber"
[kerber.emails]
[kerber.emails.kerber_email]
user = [
"mnfrd",
"krbr",
]
host = [
"gmail",
"com",
]
[kerber.homepages]
kerber_homepage = "http://www.cs.bham.ac.uk/~mmk"
[ketland]
name = "Jeffrey Ketland"
[ketland.emails]
[ketland.emails.ketland_email]
user = [
"jeffreyketland",
]
host = [
"gmail",
"com",
]
[ketland.homepages]
[kirchner]
name = "Daniel Kirchner"
[kirchner.emails]
[kirchner.emails.kirchner_email]
user = [
"daniel",
]
host = [
"ekpyron",
"org",
]
[kirchner.homepages]
[klein]
name = "Gerwin Klein"
[klein.emails]
[klein.emails.klein_email]
user = [
"kleing",
]
host = [
"unsw",
"edu",
"au",
]
[klein.homepages]
klein_homepage = "http://www.cse.unsw.edu.au/~kleing/"
[klenze]
name = "Tobias Klenze"
[klenze.emails]
[klenze.emails.klenze_email]
user = [
"tobias",
"klenze",
]
host = [
"inf",
"ethz",
"ch",
]
[klenze.homepages]
[kleppmann]
name = "Martin Kleppmann"
[kleppmann.emails]
[kleppmann.emails.kleppmann_email]
user = [
"martin",
"kleppmann",
]
host = [
"cl",
"cam",
"ac",
"uk",
]
[kleppmann.homepages]
[kobayashi]
name = "Hidetsune Kobayashi"
[kobayashi.emails]
[kobayashi.homepages]
[koerner]
name = "Stefan Körner"
[koerner.emails]
[koerner.emails.koerner_email]
user = [
"s_koer03",
]
host = [
"uni-muenster",
"de",
]
[koerner.homepages]
[kolanski]
name = "Rafal Kolanski"
[kolanski.emails]
[kolanski.emails.kolanski_email]
user = [
"rafal",
"kolanski",
]
host = [
"nicta",
"com",
"au",
]
[kolanski.homepages]
[koller]
name = "Lukas Koller"
[koller.emails]
[koller.emails.koller_email]
user = [
"lukas",
"koller",
]
host = [
"tum",
"de",
]
[koller.homepages]
[krauss]
name = "Alexander Krauss"
[krauss.emails]
[krauss.emails.krauss_email]
user = [
"krauss",
]
host = [
"in",
"tum",
"de",
]
[krauss.homepages]
krauss_homepage = "http://www.in.tum.de/~krauss"
[kreuzer]
name = "Katharina Kreuzer"
[kreuzer.emails]
[kreuzer.emails.kreuzer_email]
user = [
"kreuzerk",
]
host = [
"in",
"tum",
"de",
]
[kreuzer.emails.kreuzer_email1]
user = [
"k",
"kreuzer",
]
host = [
"tum",
"de",
]
[kreuzer.homepages]
kreuzer_homepage = "https://www21.in.tum.de/team/kreuzer/"
[kuncak]
name = "Viktor Kuncak"
[kuncak.emails]
[kuncak.homepages]
kuncak_homepage = "http://lara.epfl.ch/~kuncak/"
[kuncar]
name = "Ondřej Kunčar"
[kuncar.emails]
[kuncar.homepages]
kuncar_homepage = "http://www21.in.tum.de/~kuncar/"
[kurz]
name = "Friedrich Kurz"
[kurz.emails]
[kurz.emails.kurz_email]
user = [
"friedrich",
"kurz",
]
host = [
"tum",
"de",
]
[kurz.homepages]
[lachnitt]
name = "Hanna Lachnitt"
[lachnitt.emails]
[lachnitt.emails.lachnitt_email]
user = [
"lachnitt",
]
host = [
"stanford",
"edu",
]
[lachnitt.homepages]
[lallemand]
name = "Joseph Lallemand"
[lallemand.emails]
[lallemand.emails.lallemand_email]
user = [
"joseph",
"lallemand",
]
host = [
"loria",
"fr",
]
[lallemand.homepages]
[lammich]
name = "Peter Lammich"
[lammich.emails]
[lammich.emails.lammich_email]
user = [
"lammich",
]
host = [
"in",
"tum",
"de",
]
[lammich.emails.lammich_email1]
user = [
"peter",
"lammich",
]
host = [
"uni-muenster",
"de",
]
[lammich.homepages]
lammich_homepage = "http://www21.in.tum.de/~lammich"
[lange]
name = "Christoph Lange"
[lange.emails]
[lange.emails.lange_email]
user = [
"math",
"semantic",
"web",
]
host = [
"gmail",
"com",
]
[lange.homepages]
[langenstein]
name = "Bruno Langenstein"
[langenstein.emails]
[langenstein.emails.langenstein_email]
user = [
"langenstein",
]
host = [
"dfki",
"de",
]
[langenstein.homepages]
[lattuada]
name = "Andrea Lattuada"
[lattuada.emails]
[lattuada.homepages]
lattuada_homepage = "https://andrea.lattuada.me"
[lee]
name = "Holden Lee"
[lee.emails]
[lee.emails.lee_email]
user = [
"holdenl",
]
host = [
"princeton",
"edu",
]
[lee.homepages]
[leustean]
name = "Laurentiu Leustean"
[leustean.emails]
[leustean.homepages]
[lewis]
name = "Corey Lewis"
[lewis.emails]
[lewis.emails.lewis_email]
user = [
"corey",
"lewis",
]
host = [
"data61",
"csiro",
"au",
]
[lewis.homepages]
[li]
name = "Wenda Li"
[li.emails]
[li.emails.li_email]
user = [
"wl302",
]
host = [
"cam",
"ac",
"uk",
]
[li.emails.li_email1]
user = [
"liwenda1990",
]
host = [
"hotmail",
"com",
]
[li.homepages]
li_homepage = "https://www.cl.cam.ac.uk/~wl302/"
[lim]
name = "Japheth Lim"
[lim.emails]
[lim.homepages]
[lindenberg]
name = "Christina Lindenberg"
[lindenberg.emails]
[lindenberg.homepages]
[linker]
name = "Sven Linker"
[linker.emails]
[linker.emails.linker_email]
user = [
"s",
"linker",
]
host = [
"liverpool",
"ac",
"uk",
]
[linker.homepages]
[liu]
name = "Junyi Liu"
[liu.emails]
[liu.homepages]
[liut]
name = "Tao Liu"
[liut.emails]
[liut.homepages]
[liuy]
name = "Yang Liu"
[liuy.emails]
[liuy.emails.liuy_email]
user = [
"yangliu",
]
host = [
"ntu",
"edu",
"sg",
]
[liuy.homepages]
[liy]
name = "Yangjia Li"
[liy.emails]
[liy.homepages]
[lochbihler]
name = "Andreas Lochbihler"
[lochbihler.emails]
[lochbihler.emails.lochbihler_email]
user = [
"andreas",
"lochbihler",
]
host = [
"digitalasset",
"com",
]
[lochbihler.emails.lochbihler_email1]
user = [
"mail",
]
host = [
"andreas-lochbihler",
"de",
]
[lochbihler.homepages]
lochbihler_homepage = "http://www.andreas-lochbihler.de/"
[lochmann]
name = "Alexander Lochmann"
[lochmann.emails]
[lochmann.emails.lochmann_email]
user = [
"alexander",
"lochmann",
]
host = [
"uibk",
"ac",
"at",
]
[lochmann.homepages]
[lohner]
name = "Denis Lohner"
[lohner.emails]
[lohner.emails.lohner_email]
user = [
"denis",
"lohner",
]
host = [
"kit",
"edu",
]
[lohner.homepages]
lohner_homepage = "http://pp.ipd.kit.edu/person.php?id=88"
[loibl]
name = "Matthias Loibl"
[loibl.emails]
[loibl.homepages]
[londono]
name = "Alejandro Gómez-Londoño"
[londono.emails]
[londono.emails.londono_email]
user = [
"alejandro",
"gomez",
]
host = [
"chalmers",
"se",
]
[londono.homepages]
[losa]
name = "Giuliano Losa"
[losa.emails]
[losa.emails.losa_email]
user = [
"giuliano",
"losa",
]
host = [
"epfl",
"ch",
]
[losa.emails.losa_email1]
user = [
"giuliano",
]
host = [
"galois",
"com",
]
[losa.emails.losa_email2]
user = [
"giuliano",
]
host = [
"losa",
"fr",
]
[losa.homepages]
[lutz]
name = "Bianca Lutz"
[lutz.emails]
[lutz.emails.lutz_email]
user = [
"sowilo",
]
host = [
"cs",
"tu-berlin",
"de",
]
[lutz.homepages]
[lux]
name = "Alexander Lux"
[lux.emails]
[lux.emails.lux_email]
user = [
"lux",
]
host = [
"mais",
"informatik",
"tu-darmstadt",
"de",
]
[lux.homepages]
[makarios]
name = "T. J. M. Makarios"
[makarios.emails]
[makarios.emails.makarios_email]
user = [
"tjm1983",
]
host = [
"gmail",
"com",
]
[makarios.homepages]
[maletzky]
name = "Alexander Maletzky"
[maletzky.emails]
[maletzky.emails.maletzky_email]
user = [
"alexander",
"maletzky",
]
host = [
"risc",
"jku",
"at",
]
[maletzky.emails.maletzky_email1]
user = [
"alexander",
"maletzky",
]
host = [
"risc-software",
"at",
]
[maletzky.homepages]
maletzky_homepage = "https://risc.jku.at/m/alexander-maletzky/"
[mansky]
name = "Susannah Mansky"
[mansky.emails]
[mansky.emails.mansky_email]
user = [
"sjohnsn2",
]
host = [
"illinois",
"edu",
]
[mansky.emails.mansky_email1]
user = [
"susannahej",
]
host = [
"gmail",
"com",
]
[mansky.homepages]
[mantel]
name = "Heiko Mantel"
[mantel.emails]
[mantel.emails.mantel_email]
user = [
"mantel",
]
host = [
"mais",
"informatik",
"tu-darmstadt",
"de",
]
[mantel.homepages]
[margetson]
name = "James Margetson"
[margetson.emails]
[margetson.homepages]
[maric]
name = "Ognjen Marić"
[maric.emails]
[maric.emails.maric_email]
user = [
"ogi",
"afp",
]
host = [
"mynosefroze",
"com",
]
[maric.homepages]
[maricf]
name = "Filip Marić"
[maricf.emails]
[maricf.emails.maricf_email]
user = [
"filip",
]
host = [
"matf",
"bg",
"ac",
"rs",
]
[maricf.homepages]
maricf_homepage = "http://www.matf.bg.ac.rs/~filip"
[marmsoler]
name = "Diego Marmsoler"
[marmsoler.emails]
[marmsoler.emails.marmsoler_email]
user = [
"diego",
"marmsoler",
]
host = [
"tum",
"de",
]
[marmsoler.emails.marmsoler_email1]
user = [
"d",
"marmsoler",
]
host = [
"exeter",
"ac",
"uk",
]
[marmsoler.homepages]
marmsoler_homepage = "http://marmsoler.com"
[matache]
name = "Cristina Matache"
[matache.emails]
[matache.emails.matache_email]
user = [
"cris",
"matache",
]
host = [
"gmail",
"com",
]
[matache.homepages]
[matichuk]
name = "Daniel Matichuk"
[matichuk.emails]
[matichuk.homepages]
[matiyasevich]
name = "Yuri Matiyasevich"
[matiyasevich.emails]
[matiyasevich.homepages]
[maximova]
name = "Alexandra Maximova"
[maximova.emails]
[maximova.emails.maximova_email]
user = [
"amaximov",
]
host = [
"student",
"ethz",
"ch",
]
[maximova.homepages]
[meis]
name = "Rene Meis"
[meis.emails]
[meis.emails.meis_email]
user = [
"rene",
"meis",
]
host = [
"uni-muenster",
"de",
]
[meis.emails.meis_email1]
user = [
"rene",
"meis",
]
host = [
"uni-due",
"de",
]
[meis.homepages]
[merz]
name = "Stephan Merz"
[merz.emails]
[merz.emails.merz_email]
user = [
"Stephan",
"Merz",
]
host = [
"loria",
"fr",
]
[merz.homepages]
merz_homepage = "http://www.loria.fr/~merz"
[messner]
name = "Florian Messner"
[messner.emails]
[messner.emails.messner_email]
user = [
"florian",
"g",
"messner",
]
host = [
"uibk",
"ac",
"at",
]
[messner.homepages]
[michaelis]
name = "Julius Michaelis"
[michaelis.emails]
[michaelis.emails.michaelis_email]
user = [
"isabelleopenflow",
]
host = [
"liftm",
"de",
]
[michaelis.emails.michaelis_email1]
user = [
"maintainafpppt",
]
host = [
"liftm",
"de",
]
[michaelis.emails.michaelis_email2]
user = [
"bdd",
]
host = [
"liftm",
"de",
]
[michaelis.emails.michaelis_email3]
user = [
"afp",
]
host = [
"liftm",
"de",
]
[michaelis.homepages]
michaelis_homepage = "http://liftm.de/"
[milehins]
name = "Mihails Milehins"
[milehins.emails]
[milehins.emails.milehins_email]
user = [
"mihailsmilehins",
]
host = [
"gmail",
"com",
]
[milehins.homepages]
[minamide]
name = "Yasuhiko Minamide"
[minamide.emails]
[minamide.emails.minamide_email]
user = [
"minamide",
]
host = [
"is",
"titech",
"ac",
"jp",
]
[minamide.homepages]
minamide_homepage = "https://sv.c.titech.ac.jp/minamide/index.en.html"
[mitchell]
name = "Neil Mitchell"
[mitchell.emails]
[mitchell.homepages]
[mitsch]
name = "Stefan Mitsch"
[mitsch.emails]
[mitsch.emails.mitsch_email]
user = [
"smitsch",
]
host = [
"cs",
"cmu",
"edu",
]
[mitsch.homepages]
[moedersheim]
name = "Sebastian Mödersheim"
[moedersheim.emails]
[moedersheim.emails.moedersheim_email]
user = [
"samo",
]
host = [
"dtu",
"dk",
]
[moedersheim.homepages]
moedersheim_homepage = "https://people.compute.dtu.dk/samo/"
[moeller]
name = "Bernhard Möller"
[moeller.emails]
[moeller.homepages]
moeller_homepage = "https://www.informatik.uni-augsburg.de/en/chairs/dbis/pmi/staff/moeller/"
[muendler]
name = "Niels Mündler"
[muendler.emails]
[muendler.emails.muendler_email]
user = [
"n",
"muendler",
]
host = [
"tum",
"de",
]
[muendler.homepages]
[mulligan]
name = "Dominic P. Mulligan"
[mulligan.emails]
[mulligan.emails.mulligan_email]
user = [
"dominic",
"p",
"mulligan",
]
host = [
"googlemail",
"com",
]
[mulligan.emails.mulligan_email1]
user = [
"Dominic",
"Mulligan",
]
host = [
"arm",
"com",
]
[mulligan.homepages]
[munive]
name = "Jonathan Julian Huerta y Munive"
[munive.emails]
[munive.emails.munive_email]
user = [
"jjhuertaymunive1",
]
host = [
"sheffield",
"ac",
"uk",
]
[munive.emails.munive_email1]
user = [
"jonjulian23",
]
host = [
"gmail",
"com",
]
[munive.homepages]
[murao]
name = "H. Murao"
[murao.emails]
[murao.homepages]
[murray]
name = "Toby Murray"
[murray.emails]
[murray.emails.murray_email]
user = [
"toby",
"murray",
]
host = [
"unimelb",
"edu",
"au",
]
[murray.homepages]
murray_homepage = "https://people.eng.unimelb.edu.au/tobym/"
[nagashima]
name = "Yutaka Nagashima"
[nagashima.emails]
[nagashima.emails.nagashima_email]
user = [
"Yutaka",
"Nagashima",
]
host = [
"data61",
"csiro",
"au",
]
[nagashima.homepages]
[nagele]
name = "Julian Nagele"
[nagele.emails]
[nagele.emails.nagele_email]
user = [
"julian",
"nagele",
]
host = [
"uibk",
"ac",
"at",
]
[nagele.homepages]
[naraschewski]
name = "Wolfgang Naraschewski"
[naraschewski.emails]
[naraschewski.homepages]
[nedzelsky]
name = "Michael Nedzelsky"
[nedzelsky.emails]
[nedzelsky.emails.nedzelsky_email]
user = [
"MichaelNedzelsky",
]
host = [
"yandex",
"ru",
]
[nedzelsky.homepages]
[nemeti]
name = "István Németi"
[nemeti.emails]
[nemeti.homepages]
nemeti_homepage = "http://www.renyi.hu/~nemeti/"
[nemouchi]
name = "Yakoub Nemouchi"
[nemouchi.emails]
[nemouchi.emails.nemouchi_email]
user = [
"nemouchi",
]
host = [
"lri",
"fr",
]
[nemouchi.emails.nemouchi_email1]
user = [
"yakoub",
"nemouchi",
]
host = [
"york",
"ac",
"uk",
]
[nemouchi.homepages]
[nestmann]
name = "Uwe Nestmann"
[nestmann.emails]
[nestmann.homepages]
nestmann_homepage = "https://www.mtv.tu-berlin.de/nestmann/"
[neumann]
name = "René Neumann"
[neumann.emails]
[neumann.emails.neumann_email]
user = [
"rene",
"neumann",
]
host = [
"in",
"tum",
"de",
]
[neumann.homepages]
[nielsen]
name = "Finn Nielsen"
[nielsen.emails]
[nielsen.emails.nielsen_email]
user = [
"finn",
"nielsen",
]
host = [
"uni-muenster",
"de",
]
[nielsen.homepages]
[nikiforov]
name = "Denis Nikiforov"
[nikiforov.emails]
[nikiforov.emails.nikiforov_email]
user = [
"denis",
"nikif",
]
host = [
"gmail",
"com",
]
[nikiforov.homepages]
[nipkow]
name = "Tobias Nipkow"
orcid = "0000-0003-0730-515X"
[nipkow.emails]
[nipkow.emails.nipkow_email]
user = [
"nipkow",
]
host = [
"in",
"tum",
"de",
]
[nipkow.homepages]
nipkow_homepage = "https://www.in.tum.de/~nipkow/"
[nishihara]
name = "Toshiaki Nishihara"
[nishihara.emails]
[nishihara.homepages]
[noce]
name = "Pasquale Noce"
[noce.emails]
[noce.emails.noce_email]
user = [
"pasquale",
"noce",
"lavoro",
]
host = [
"gmail",
"com",
]
[noce.homepages]
[nordhoff]
name = "Benedikt Nordhoff"
[nordhoff.emails]
[nordhoff.emails.nordhoff_email]
user = [
"b",
"n",
]
host = [
"wwu",
"de",
]
[nordhoff.emails.nordhoff_email1]
user = [
"b_nord01",
]
host = [
"uni-muenster",
"de",
]
[nordhoff.homepages]
[noschinski]
name = "Lars Noschinski"
[noschinski.emails]
[noschinski.emails.noschinski_email]
user = [
"noschinl",
]
host = [
"gmail",
"com",
]
[noschinski.homepages]
noschinski_homepage = "http://www21.in.tum.de/~noschinl/"
[obua]
name = "Steven Obua"
[obua.emails]
[obua.emails.obua_email]
user = [
"steven",
]
host = [
"recursivemind",
"com",
]
[obua.homepages]
[ogawa]
name = "Mizuhito Ogawa"
[ogawa.emails]
[ogawa.homepages]
[oldenburg]
name = "Lennart Oldenburg"
[oldenburg.emails]
[oldenburg.homepages]
[olm]
name = "Markus Müller-Olm"
[olm.emails]
[olm.homepages]
olm_homepage = "http://cs.uni-muenster.de/u/mmo/"
[oosterhuis]
name = "Roelof Oosterhuis"
[oosterhuis.emails]
[oosterhuis.emails.oosterhuis_email]
user = [
"roelofoosterhuis",
]
host = [
"gmail",
"com",
]
[oosterhuis.homepages]
[oostrom]
name = "Vincent van Oostrom"
[oostrom.emails]
[oostrom.homepages]
[ortner]
name = "Veronika Ortner"
[ortner.emails]
[ortner.homepages]
[overbeek]
name = "Roy Overbeek"
[overbeek.emails]
[overbeek.emails.overbeek_email]
user = [
"Roy",
"Overbeek",
]
host = [
"cwi",
"nl",
]
[overbeek.homepages]
[pagano]
name = "Miguel Pagano"
[pagano.emails]
[pagano.emails.pagano_email]
user = [
"miguel",
"pagano",
]
host = [
"unc",
"edu",
"ar",
]
[pagano.homepages]
pagano_homepage = "https://cs.famaf.unc.edu.ar/~mpagano/"
[pal]
name = "Abhik Pal"
[pal.emails]
[pal.homepages]
[paleo]
name = "Bruno Woltzenlogel Paleo"
[paleo.emails]
[paleo.homepages]
paleo_homepage = "http://www.logic.at/staff/bruno/"
[palmer]
name = "Jake Palmer"
[palmer.emails]
[palmer.emails.palmer_email]
user = [
"jake",
"palmer",
]
host = [
"ed",
"ac",
"uk",
]
[palmer.homepages]
[parkinson]
name = "Matthew Parkinson"
[parkinson.emails]
[parkinson.homepages]
parkinson_homepage = "http://research.microsoft.com/people/mattpark/"
[parrow]
name = "Joachim Parrow"
[parrow.emails]
[parrow.emails.parrow_email]
user = [
"joachim",
"parrow",
]
host = [
"it",
"uu",
"se",
]
[parrow.homepages]
[parsert]
name = "Julian Parsert"
[parsert.emails]
[parsert.emails.parsert_email]
user = [
"julian",
"parsert",
]
host = [
"gmail",
"com",
]
[parsert.emails.parsert_email1]
user = [
"julian",
"parsert",
]
host = [
"uibk",
"ac",
"at",
]
[parsert.homepages]
parsert_homepage = "http://www.parsert.com/"
[paulson]
name = "Lawrence C. Paulson"
[paulson.emails]
[paulson.emails.paulson_email]
user = [
"lp15",
]
host = [
"cam",
"ac",
"uk",
]
[paulson.homepages]
paulson_homepage = "https://www.cl.cam.ac.uk/~lp15/"
[peltier]
name = "Nicolas Peltier"
[peltier.emails]
[peltier.emails.peltier_email]
user = [
"Nicolas",
"Peltier",
]
host = [
"imag",
"fr",
]
[peltier.homepages]
peltier_homepage = "http://membres-lig.imag.fr/peltier/"
[peters]
name = "Kirstin Peters"
[peters.emails]
[peters.emails.peters_email]
user = [
"kirstin",
"peters",
]
host = [
"tu-berlin",
"de",
]
[peters.homepages]
[petrovic]
name = "Danijela Petrovic"
[petrovic.emails]
[petrovic.homepages]
petrovic_homepage = "http://www.matf.bg.ac.rs/~danijela"
[pierzchalski]
name = "Edward Pierzchalski"
[pierzchalski.emails]
[pierzchalski.homepages]
[platzer]
name = "André Platzer"
[platzer.emails]
[platzer.emails.platzer_email]
user = [
"aplatzer",
]
host = [
"cs",
"cmu",
"edu",
]
[platzer.homepages]
platzer_homepage = "https://www.cs.cmu.edu/~aplatzer/"
[pohjola]
name = "Johannes Åman Pohjola"
[pohjola.emails]
[pohjola.homepages]
[pollak]
name = "Florian Pollak"
[pollak.emails]
[pollak.emails.pollak_email]
user = [
"florian",
"pollak",
]
host = [
"gmail",
"com",
]
[pollak.homepages]
[popescu]
name = "Andrei Popescu"
[popescu.emails]
[popescu.emails.popescu_email]
user = [
"a",
"popescu",
]
host = [
"sheffield",
"ac",
"uk",
]
[popescu.emails.popescu_email1]
user = [
"uuomul",
]
host = [
"yahoo",
"com",
]
[popescu.emails.popescu_email2]
user = [
"a",
"popescu",
]
host = [
"mdx",
"ac",
"uk",
]
[popescu.homepages]
popescu_homepage = "https://www.andreipopescu.uk"
[porter]
name = "Benjamin Porter"
[porter.emails]
[porter.homepages]
[prathamesh]
name = "T.V.H. Prathamesh"
[prathamesh.emails]
[prathamesh.emails.prathamesh_email]
user = [
"prathamesh",
]
host = [
"imsc",
"res",
"in",
]
[prathamesh.homepages]
[preoteasa]
name = "Viorel Preoteasa"
[preoteasa.emails]
[preoteasa.emails.preoteasa_email]
user = [
"viorel",
"preoteasa",
]
host = [
"aalto",
"fi",
]
[preoteasa.homepages]
preoteasa_homepage = "http://users.abo.fi/vpreotea/"
[pusch]
name = "Cornelia Pusch"
[pusch.emails]
[pusch.homepages]
[rabe]
name = "Markus N. Rabe"
[rabe.emails]
[rabe.homepages]
rabe_homepage = "http://www.react.uni-saarland.de/people/rabe.html"
[raedle]
name = "Jonas Rädle"
[raedle.emails]
[raedle.emails.raedle_email]
user = [
"jonas",
"raedle",
]
host = [
"gmail",
"com",
]
[raedle.emails.raedle_email1]
user = [
"jonas",
"raedle",
]
host = [
"tum",
"de",
]
[raedle.homepages]
[raska]
name = "Martin Raška"
[raska.emails]
[raska.homepages]
[raszyk]
name = "Martin Raszyk"
[raszyk.emails]
[raszyk.emails.raszyk_email]
user = [
"martin",
"raszyk",
]
host = [
"inf",
"ethz",
"ch",
]
[raszyk.emails.raszyk_email1]
user = [
"m",
"raszyk",
]
host = [
"gmail",
"com",
]
[raszyk.homepages]
[rau]
name = "Martin Rau"
[rau.emails]
[rau.emails.rau_email]
user = [
"martin",
"rau",
]
host = [
"tum",
"de",
]
[rau.emails.rau_email1]
user = [
"mrtnrau",
]
host = [
"googlemail",
"com",
]
[rau.homepages]
[rauch]
name = "Nicole Rauch"
[rauch.emails]
[rauch.emails.rauch_email]
user = [
"rauch",
]
host = [
"informatik",
"uni-kl",
"de",
]
[rauch.homepages]
[raumer]
name = "Jakob von Raumer"
[raumer.emails]
[raumer.emails.raumer_email]
user = [
"psxjv4",
]
host = [
"nottingham",
"ac",
"uk",
]
[raumer.homepages]
[ravindran]
name = "Binoy Ravindran"
[ravindran.emails]
[ravindran.homepages]
[rawson]
name = "Michael Rawson"
[rawson.emails]
[rawson.emails.rawson_email]
user = [
"michaelrawson76",
]
host = [
"gmail",
"com",
]
[rawson.emails.rawson_email1]
user = [
"mr644",
]
host = [
"cam",
"ac",
"uk",
]
[rawson.homepages]
[raya]
name = "Rodrigo Raya"
[raya.emails]
[raya.homepages]
raya_homepage = "https://people.epfl.ch/rodrigo.raya"
[regensburger]
name = "Franz Regensburger"
[regensburger.emails]
[regensburger.emails.regensburger_email]
user = [
"Franz",
"Regensburger",
]
host = [
"thi",
"de"
]
[regensburger.homepages]
regensburger_homepage = "https://www.thi.de/suche/mitarbeiter/prof-dr-rer-nat-franz-regensburger"
[reiche]
name = "Sebastian Reiche"
[reiche.emails]
[reiche.homepages]
reiche_homepage = "https://www.linkedin.com/in/sebastian-reiche-0b2093178"
[reiter]
name = "Markus Reiter"
[reiter.emails]
[reiter.homepages]
[reynaud]
name = "Alban Reynaud"
[reynaud.emails]
[reynaud.homepages]
[ribeiro]
name = "Pedro Ribeiro"
[ribeiro.emails]
[ribeiro.homepages]
[richter]
name = "Stefan Richter"
[richter.emails]
[richter.emails.richter_email]
user = [
"richter",
]
host = [
"informatik",
"rwth-aachen",
"de",
]
[richter.homepages]
richter_homepage = "http://www-lti.informatik.rwth-aachen.de/~richter/"
[rickmann]
name = "Christina Rickmann"
[rickmann.emails]
[rickmann.emails.rickmann_email]
user = [
"c",
"rickmann",
]
host = [
"tu-berlin",
"de",
]
[rickmann.homepages]
[ridge]
name = "Tom Ridge"
[ridge.emails]
[ridge.homepages]
[rizaldi]
name = "Albert Rizaldi"
[rizaldi.emails]
[rizaldi.emails.rizaldi_email]
user = [
"albert",
"rizaldi",
]
host = [
"ntu",
"edu",
"sg",
]
[rizaldi.homepages]
[rizkallah]
name = "Christine Rizkallah"
[rizkallah.emails]
[rizkallah.homepages]
rizkallah_homepage = "https://www.mpi-inf.mpg.de/~crizkall/"
[robillard]
name = "Simon Robillard"
[robillard.emails]
[robillard.homepages]
robillard_homepage = "https://simon-robillard.net/"
[roessle]
name = "Ian Roessle"
[roessle.emails]
[roessle.homepages]
[romanos]
name = "Ralph Romanos"
[romanos.emails]
[romanos.emails.romanos_email]
user = [
"ralph",
"romanos",
]
host = [
"student",
"ecp",
"fr",
]
[romanos.homepages]
[rosskopf]
name = "Simon Roßkopf"
[rosskopf.emails]
[rosskopf.emails.rosskopf_email]
user = [
"rosskops",
]
host = [
"in",
"tum",
"de",
]
[rosskopf.homepages]
rosskopf_homepage = "http://www21.in.tum.de/~rosskops"
[rowat]
name = "Colin Rowat"
[rowat.emails]
[rowat.emails.rowat_email]
user = [
"c",
"rowat",
]
host = [
"bham",
"ac",
"uk",
]
[rowat.homepages]
[sabouret]
name = "Nicolas Sabouret"
[sabouret.emails]
[sabouret.homepages]
[sachtleben]
name = "Robert Sachtleben"
[sachtleben.emails]
[sachtleben.emails.sachtleben_email]
user = [
"rob_sac",
]
host = [
"uni-bremen",
"de",
]
[sachtleben.homepages]
[saile]
name = "Christian Saile"
[saile.emails]
[saile.homepages]
saile_homepage = "http://dss.in.tum.de/staff/christian-saile.html"
[sanan]
name = "David Sanan"
[sanan.emails]
[sanan.emails.sanan_email]
user = [
"sanan",
]
host = [
"ntu",
"edu",
"sg",
]
[sanan.homepages]
[sato]
name = "Tetsuya Sato"
[sato.emails]
[sato.emails.sato_email]
user = [
"tsato",
]
host = [
"c",
"titech",
"ac",
"jp",
]
[sato.homepages]
sato_homepage = "https://sites.google.com/view/tetsuyasato/"
[sauer]
name = "Jens Sauer"
[sauer.emails]
[sauer.emails.sauer_email]
user = [
"sauer",
]
host = [
"mais",
"informatik",
"tu-darmstadt",
"de",
]
[sauer.homepages]
[schaeffeler]
name = "Maximilian Schäffeler"
[schaeffeler.emails]
[schaeffeler.emails.schaeffeler_email]
user = [
"schaeffm",
]
host = [
"in",
"tum",
"de",
]
[schaeffeler.homepages]
[scharager]
name = "Matias Scharager"
[scharager.emails]
[scharager.emails.scharager_email]
user = [
"mscharag",
]
host = [
"cs",
"cmu",
"edu",
]
[scharager.homepages]
[schimpf]
name = "Alexander Schimpf"
[schimpf.emails]
[schimpf.emails.schimpf_email]
user = [
"schimpfa",
]
host = [
"informatik",
"uni-freiburg",
"de",
]
[schimpf.homepages]
[schirmer]
name = "Norbert Schirmer"
[schirmer.emails]
[schirmer.emails.schirmer_email]
user = [
"norbert",
"schirmer",
]
host = [
"web",
"de",
]
[schirmer.homepages]
[schleicher]
name = "Dierk Schleicher"
[schleicher.emails]
[schleicher.homepages]
[schlichtkrull]
name = "Anders Schlichtkrull"
[schlichtkrull.emails]
[schlichtkrull.emails.schlichtkrull_email]
user = [
"andschl",
]
host = [
"dtu",
"dk",
]
[schlichtkrull.homepages]
schlichtkrull_homepage = "https://people.compute.dtu.dk/andschl/"
[schmaltz]
name = "Julien Schmaltz"
[schmaltz.emails]
[schmaltz.emails.schmaltz_email]
user = [
"Julien",
"Schmaltz",
]
host = [
"ou",
"nl",
]
[schmaltz.homepages]
[schmidinger]
name = "Lukas Schmidinger"
[schmidinger.emails]
[schmidinger.homepages]
[schmoetten]
name = "Richard Schmoetten"
[schmoetten.emails]
[schmoetten.emails.schmoetten_email]
user = [
"s1311325",
]
host = [
"sms",
"ed",
"ac",
"uk",
]
[schmoetten.homepages]
[schneider]
name = "Joshua Schneider"
[schneider.emails]
[schneider.emails.schneider_email]
user = [
"joshua",
"schneider",
]
host = [
"inf",
"ethz",
"ch",
]
[schneider.homepages]
[schoepe]
name = "Daniel Schoepe"
[schoepe.emails]
[schoepe.emails.schoepe_email]
user = [
"daniel",
]
host = [
"schoepe",
"org",
]
[schoepe.homepages]
[schoepf]
name = "Jonas Schöpf"
[schoepf.emails]
[schoepf.emails.schoepf_email]
user = [
"jonas",
"schoepf",
]
host = [
"uibk",
"ac",
"at",
]
[schoepf.homepages]
[scott]
name = "Dana Scott"
[scott.emails]
[scott.homepages]
scott_homepage = "http://www.cs.cmu.edu/~scott/"
[sefidgar]
name = "S. Reza Sefidgar"
[sefidgar.emails]
[sefidgar.emails.sefidgar_email]
user = [
"reza",
"sefidgar",
]
host = [
"inf",
"ethz",
"ch",
]
[sefidgar.homepages]
[seidl]
name = "Benedikt Seidl"
[seidl.emails]
[seidl.emails.seidl_email]
user = [
"benedikt",
"seidl",
]
host = [
"tum",
"de",
]
[seidl.homepages]
[seidler]
name = "Henning Seidler"
[seidler.emails]
[seidler.emails.seidler_email]
user = [
"henning",
"seidler",
]
host = [
"mailbox",
"tu-berlin",
"de",
]
[seidler.homepages]
[sewell]
name = "Thomas Sewell"
[sewell.emails]
[sewell.homepages]
[sickert]
name = "Salomon Sickert"
[sickert.emails]
[sickert.emails.sickert_email]
user = [
"s",
"sickert",
]
host = [
"tum",
"de",
]
[sickert.homepages]
sickert_homepage = "https://www7.in.tum.de/~sickert"
[siek]
name = "Jeremy Siek"
[siek.emails]
[siek.emails.siek_email]
user = [
"jsiek",
]
host = [
"indiana",
"edu",
]
[siek.homepages]
siek_homepage = "http://homes.soic.indiana.edu/jsiek/"
[simic]
name = "Danijela Simić"
[simic.emails]
[simic.emails.simic_email]
user = [
"danijela",
]
host = [
"matf",
"bg",
"ac",
"rs",
]
[simic.homepages]
simic_homepage = "http://poincare.matf.bg.ac.rs/~danijela"
[sison]
name = "Robert Sison"
[sison.emails]
[sison.homepages]
[smaus]
name = "Jan-Georg Smaus"
[smaus.emails]
[smaus.homepages]
smaus_homepage = "http://www.irit.fr/~Jan-Georg.Smaus"
[smola]
name = "Filip Smola"
[smola.emails]
[smola.emails.smola_email]
user = [
"f",
"smola",
]
host = [
"sms",
"ed",
"ac",
"uk",
]
[smola.homepages]
[snelting]
name = "Gregor Snelting"
[snelting.emails]
[snelting.homepages]
snelting_homepage = "http://pp.info.uni-karlsruhe.de/personhp/gregor_snelting.php"
[somaini]
name = "Ivano Somaini"
[somaini.emails]
[somaini.homepages]
[somogyi]
name = "Dániel Somogyi"
[somogyi.emails]
[somogyi.homepages]
[spasic]
name = "Mirko Spasić"
[spasic.emails]
[spasic.emails.spasic_email]
user = [
"mirko",
]
host = [
"matf",
"bg",
"ac",
"rs",
]
[spasic.homepages]
[spichkova]
name = "Maria Spichkova"
[spichkova.emails]
[spichkova.emails.spichkova_email]
user = [
"maria",
"spichkova",
]
host = [
"rmit",
"edu",
"au",
]
[spichkova.homepages]
[sprenger]
name = "Christoph Sprenger"
[sprenger.emails]
[sprenger.emails.sprenger_email]
user = [
"sprenger",
]
host = [
"inf",
"ethz",
"ch",
]
[sprenger.homepages]
[stannett]
name = "Mike Stannett"
[stannett.emails]
[stannett.emails.stannett_email]
user = [
"m",
"stannett",
]
host = [
"sheffield",
"ac",
"uk",
]
[stannett.homepages]
[stark]
name = "Eugene W. Stark"
[stark.emails]
[stark.emails.stark_email]
user = [
"stark",
]
host = [
"cs",
"stonybrook",
"edu",
]
[stark.homepages]
[starosta]
name = "Štěpán Starosta"
[starosta.emails]
[starosta.emails.starosta_email]
user = [
"stepan",
"starosta",
]
host = [
"fit",
"cvut",
"cz",
]
[starosta.homepages]
starosta_homepage = "https://users.fit.cvut.cz/~staroste/"
[steinberg]
name = "Matías Steinberg"
[steinberg.emails]
[steinberg.emails.steinberg_email]
user = [
"matias",
"steinberg",
]
host = [
"mi",
"unc",
"edu",
"ar",
]
[steinberg.homepages]
[stephan]
name = "Werner Stephan"
[stephan.emails]
[stephan.emails.stephan_email]
user = [
"stephan",
]
host = [
"dfki",
"de",
]
[stephan.homepages]
[sternagel]
name = "Christian Sternagel"
[sternagel.emails]
[sternagel.emails.sternagel_email]
user = [
"c",
"sternagel",
]
host = [
"gmail",
"com",
]
[sternagel.emails.sternagel_email1]
user = [
"christian",
"sternagel",
]
host = [
"uibk",
"ac",
"at",
]
[sternagel.homepages]
sternagel_homepage = "http://cl-informatik.uibk.ac.at/users/griff/"
[sternagelt]
name = "Thomas Sternagel"
[sternagelt.emails]
[sternagelt.homepages]
[stevens]
name = "Lukas Stevens"
[stevens.emails]
[stevens.homepages]
stevens_homepage = "https://www21.in.tum.de/team/stevensl"
[stock]
name = "Benedikt Stock"
[stock.emails]
[stock.emails.stock_email]
user = [
"benedikt1999",
]
host = [
"freenet",
"de",
]
[stock.homepages]
[stricker]
name = "Christian Stricker"
[stricker.emails]
[stricker.homepages]
stricker_homepage = "http://dss.in.tum.de/staff/christian-stricker.html"
[strnisa]
name = "Rok Strniša"
[strnisa.emails]
[strnisa.emails.strnisa_email]
user = [
"rok",
]
host = [
"strnisa",
"com",
]
[strnisa.homepages]
strnisa_homepage = "http://rok.strnisa.com/lj/"
[struth]
name = "Georg Struth"
[struth.emails]
[struth.emails.struth_email]
user = [
"g",
"struth",
]
host = [
"sheffield",
"ac",
"uk",
]
[struth.homepages]
struth_homepage = "http://staffwww.dcs.shef.ac.uk/people/G.Struth/"
[stueber]
name = "Anke Stüber"
[stueber.emails]
[stueber.emails.stueber_email]
user = [
"anke",
"stueber",
]
host = [
"campus",
"tu-berlin",
"de",
]
[stueber.homepages]
[stuewe]
name = "Daniel Stüwe"
[stuewe.emails]
[stuewe.homepages]
[sudbrock]
name = "Henning Sudbrock"
[sudbrock.emails]
[sudbrock.emails.sudbrock_email]
user = [
"sudbrock",
]
host = [
"mais",
"informatik",
"tu-darmstadt",
"de",
]
[sudbrock.homepages]
[sudhof]
name = "Henry Sudhof"
[sudhof.emails]
[sudhof.emails.sudhof_email]
user = [
"hsudhof",
]
host = [
"cs",
"tu-berlin",
"de",
]
[sudhof.homepages]
[sulejmani]
name = "Ujkan Sulejmani"
[sulejmani.emails]
[sulejmani.emails.sulejmani_email]
user = [
"ujkan",
"sulejmani",
]
host = [
"tum",
"de",
]
[sulejmani.emails.sulejmani_email1]
user = [
"ujkan99",
]
host = [
"gmail",
"com",
]
[sulejmani.homepages]
[sylvestre]
name = "Jeremy Sylvestre"
[sylvestre.emails]
[sylvestre.emails.sylvestre_email]
user = [
"jeremy",
"sylvestre",
]
host = [
"ualberta",
"ca",
]
[sylvestre.emails.sylvestre_email1]
user = [
"jsylvest",
]
host = [
"ualberta",
"ca",
]
[sylvestre.homepages]
sylvestre_homepage = "http://ualberta.ca/~jsylvest/"
[taha]
name = "Safouan Taha"
[taha.emails]
[taha.emails.taha_email]
user = [
"safouan",
"taha",
]
host = [
"lri",
"fr",
]
[taha.homepages]
[tan]
name = "Yong Kiam Tan"
[tan.emails]
[tan.emails.tan_email]
user = [
"yongkiat",
]
host = [
"cs",
"cmu",
"edu",
]
[tan.homepages]
tan_homepage = "https://www.cs.cmu.edu/~yongkiat/"
[tasch]
name = "Markus Tasch"
[tasch.emails]
[tasch.emails.tasch_email]
user = [
"tasch",
]
host = [
"mais",
"informatik",
"tu-darmstadt",
"de",
]
[tasch.homepages]
[taylor]
name = "Ramsay G. Taylor"
[taylor.emails]
[taylor.emails.taylor_email]
user = [
"r",
"g",
"taylor",
]
host = [
"sheffield",
"ac",
"uk",
]
[taylor.homepages]
[terraf]
name = "Pedro Sánchez Terraf"
[terraf.emails]
[terraf.emails.terraf_email]
user = [
"psterraf",
]
host = [
"unc",
"edu",
"ar",
]
[terraf.homepages]
terraf_homepage = "https://cs.famaf.unc.edu.ar/~pedro/home_en.html"
[thiemann]
name = "René Thiemann"
[thiemann.emails]
[thiemann.emails.thiemann_email]
user = [
"rene",
"thiemann",
]
host = [
"uibk",
"ac",
"at",
]
[thiemann.homepages]
thiemann_homepage = "http://cl-informatik.uibk.ac.at/users/thiemann/"
[thommes]
name = "Joseph Thommes"
[thommes.emails]
[thommes.emails.thommes_email]
user = [
"joseph-thommes",
]
host = [
"gmx",
"de",
]
[thommes.homepages]
[thomson]
name = "Fox Thomson"
[thomson.emails]
[thomson.emails.thomson_email]
user = [
"foxthomson0",
]
host = [
"gmail",
"com",
]
[thomson.homepages]
[tiu]
name = "Alwen Tiu"
[tiu.emails]
[tiu.emails.tiu_email]
user = [
"ATiu",
]
host = [
"ntu",
"edu",
"sg",
]
[tiu.homepages]
tiu_homepage = "http://users.cecs.anu.edu.au/~tiu/"
[toth]
name = "Balazs Toth"
[toth.emails]
[toth.emails.toth_email]
user = [
"balazs",
"toth",
]
host = [
"tum",
"de",
]
[toth.homepages]
[tourret]
name = "Sophie Tourret"
[tourret.emails]
[tourret.emails.tourret_email]
user = [
"stourret",
]
host = [
"mpi-inf",
"mpg",
"de",
]
[tourret.homepages]
tourret_homepage = "https://www.mpi-inf.mpg.de/departments/automation-of-logic/people/sophie-tourret/"
[trachtenherz]
name = "David Trachtenherz"
[trachtenherz.emails]
[trachtenherz.homepages]
[traut]
name = "Christoph Traut"
[traut.emails]
[traut.homepages]
[traytel]
name = "Dmitriy Traytel"
[traytel.emails]
[traytel.emails.traytel_email]
user = [
"traytel",
]
host = [
"in",
"tum",
"de",
]
[traytel.emails.traytel_email1]
user = [
"traytel",
]
host = [
"inf",
"ethz",
"ch",
]
[traytel.emails.traytel_email2]
user = [
"traytel",
]
host = [
"di",
"ku",
"dk",
]
[traytel.homepages]
traytel_homepage = "https://traytel.bitbucket.io/"
+[trelat]
+name = "Vincent Trélat"
+
+[trelat.emails]
+
+[trelat.emails.trelat_email]
+user = [
+ "vincent",
+ "trelat",
+]
+host = [
+ "depinfonancy",
+ "net",
+]
+
+[trelat.homepages]
+
[tuerk]
name = "Thomas Tuerk"
[tuerk.emails]
[tuerk.homepages]
[tuong]
name = "Frédéric Tuong"
[tuong.emails]
[tuong.emails.tuong_email]
user = [
"tuong",
]
host = [
"users",
"gforge",
"inria",
"fr",
]
[tuong.emails.tuong_email1]
user = [
"ftuong",
]
host = [
"lri",
"fr",
]
[tuong.homepages]
tuong_homepage = "https://www.lri.fr/~ftuong/"
[tuongj]
name = "Joseph Tuong"
[tuongj.emails]
[tuongj.homepages]
[tverdyshev]
name = "Sergey Tverdyshev"
[tverdyshev.emails]
[tverdyshev.emails.tverdyshev_email]
user = [
"stv",
]
host = [
"sysgo",
"com",
]
[tverdyshev.homepages]
[ullrich]
name = "Sebastian Ullrich"
[ullrich.emails]
[ullrich.emails.ullrich_email]
user = [
"sebasti",
]
host = [
"nullri",
"ch",
]
[ullrich.homepages]
[unruh]
name = "Dominique Unruh"
[unruh.emails]
[unruh.emails.unruh_email]
user = [
"unruh",
]
host = [
"ut",
"ee",
]
[unruh.homepages]
unruh_homepage = "https://www.ut.ee/~unruh/"
[urban]
name = "Christian Urban"
[urban.emails]
[urban.emails.urban_email]
user = [
"christian",
"urban",
]
host = [
"kcl",
"ac",
"uk",
]
[urban.homepages]
urban_homepage = "https://nms.kcl.ac.uk/christian.urban/"
[van]
name = "Hai Nguyen Van"
[van.emails]
[van.emails.van_email]
user = [
"hai",
"nguyenvan",
"phie",
]
host = [
"gmail",
"com",
]
[van.homepages]
[velykis]
name = "Andrius Velykis"
[velykis.emails]
[velykis.homepages]
velykis_homepage = "http://andrius.velykis.lt"
[verbeek]
name = "Freek Verbeek"
[verbeek.emails]
[verbeek.emails.verbeek_email]
user = [
"Freek",
"Verbeek",
]
host = [
"ou",
"nl",
]
[verbeek.emails.verbeek_email1]
user = [
"freek",
]
host = [
"vt",
"edu",
]
[verbeek.homepages]
[villadsen]
name = "Jørgen Villadsen"
[villadsen.emails]
[villadsen.emails.villadsen_email]
user = [
"jovi",
]
host = [
"dtu",
"dk",
]
[villadsen.homepages]
villadsen_homepage = "https://people.compute.dtu.dk/jovi/"
[voisin]
name = "Frederic Voisin"
[voisin.emails]
[voisin.homepages]
[vytiniotis]
name = "Dimitrios Vytiniotis"
[vytiniotis.emails]
[vytiniotis.homepages]
vytiniotis_homepage = "http://research.microsoft.com/en-us/people/dimitris/"
[wagner]
name = "Max Wagner"
[wagner.emails]
[wagner.emails.wagner_email]
user = [
"max",
]
host = [
"trollbu",
"de",
]
[wagner.homepages]
[waldmann]
name = "Uwe Waldmann"
[waldmann.emails]
[waldmann.emails.waldmann_email]
user = [
"waldmann",
]
host = [
"mpi-inf",
"mpg",
"de",
]
[waldmann.homepages]
[wand]
name = "Daniel Wand"
[wand.emails]
[wand.emails.wand_email]
user = [
"dwand",
]
host = [
"mpi-inf",
"mpg",
"de",
]
[wand.homepages]
[wang]
name = "Shuling Wang"
[wang.emails]
[wang.homepages]
[wassell]
name = "Mark Wassell"
[wassell.emails]
[wassell.emails.wassell_email]
user = [
"mpwassell",
]
host = [
"gmail",
"com",
]
[wassell.homepages]
[wasserrab]
name = "Daniel Wasserrab"
[wasserrab.emails]
[wasserrab.homepages]
wasserrab_homepage = "http://pp.info.uni-karlsruhe.de/personhp/daniel_wasserrab.php"
[watt]
name = "Conrad Watt"
[watt.emails]
[watt.emails.watt_email]
user = [
"caw77",
]
host = [
"cam",
"ac",
"uk",
]
[watt.homepages]
watt_homepage = "http://www.cl.cam.ac.uk/~caw77/"
[weber]
name = "Tjark Weber"
[weber.emails]
[weber.emails.weber_email]
user = [
"tjark",
"weber",
]
host = [
"it",
"uu",
"se",
]
[weber.homepages]
weber_homepage = "http://user.it.uu.se/~tjawe125/"
[weerwag]
name = "Timmy Weerwag"
[weerwag.emails]
[weerwag.homepages]
[weidner]
name = "Arno Wilhelm-Weidner"
[weidner.emails]
[weidner.emails.weidner_email]
user = [
"arno",
"wilhelm-weidner",
]
host = [
"tu-berlin",
"de",
]
[weidner.homepages]
[wenzel]
name = "Makarius Wenzel"
[wenzel.emails]
[wenzel.emails.wenzel_email]
user = [
"makarius",
]
host = [
"sketis",
"net",
]
[wenzel.homepages]
wenzel_homepage = "https://sketis.net"
[wickerson]
name = "John Wickerson"
[wickerson.emails]
[wickerson.homepages]
wickerson_homepage = "http://www.doc.ic.ac.uk/~jpw48"
[willenbrink]
name = "Sebastian Willenbrink"
[willenbrink.emails]
[willenbrink.emails.willenbrink_email]
user = [
"sebastian",
"willenbrink",
]
host = [
"tum",
"de",
]
[willenbrink.homepages]
[wimmer]
name = "Simon Wimmer"
[wimmer.emails]
[wimmer.emails.wimmer_email]
user = [
"simon",
"wimmer",
]
host = [
"tum",
"de",
]
[wimmer.homepages]
wimmer_homepage = "http://home.in.tum.de/~wimmers/"
[wirt]
name = "Kai Wirt"
[wirt.emails]
[wirt.homepages]
[wolff]
name = "Burkhart Wolff"
[wolff.emails]
[wolff.emails.wolff_email]
user = [
"burkhart",
"wolff",
]
host = [
"lri",
"fr",
]
[wolff.homepages]
wolff_homepage = "https://www.lri.fr/~wolff/"
[wu]
name = "Chunhan Wu"
[wu.emails]
[wu.homepages]
[xu]
name = "Jian Xu"
[xu.emails]
[xu.homepages]
[yamada]
name = "Akihisa Yamada"
[yamada.emails]
[yamada.emails.yamada_email]
user = [
"akihisa",
"yamada",
]
host = [
"uibk",
"ac",
"at",
]
[yamada.emails.yamada_email1]
user = [
"ayamada",
]
host = [
"trs",
"cm",
"is",
"nagoya-u",
"ac",
"jp",
]
[yamada.emails.yamada_email2]
user = [
"akihisa",
"yamada",
]
host = [
"aist",
"go",
"jp",
]
[yamada.emails.yamada_email3]
user = [
"akihisayamada",
]
host = [
"nii",
"ac",
"jp",
]
[yamada.homepages]
yamada_homepage = "http://group-mmm.org/~ayamada/"
[ye]
name = "Lina Ye"
[ye.emails]
[ye.emails.ye_email]
user = [
"lina",
"ye",
]
host = [
"lri",
"fr",
]
[ye.homepages]
[ying]
name = "Shenggang Ying"
[ying.emails]
[ying.homepages]
[yingm]
name = "Mingsheng Ying"
[yingm.emails]
[yingm.homepages]
[yu]
name = "Lei Yu"
[yu.emails]
[yu.emails.yu_email]
user = [
"ly271",
]
host = [
"cam",
"ac",
"uk",
]
[yu.homepages]
[zankl]
name = "Harald Zankl"
[zankl.emails]
[zankl.emails.zankl_email]
user = [
"Harald",
"Zankl",
]
host = [
"uibk",
"ac",
"at",
]
[zankl.homepages]
zankl_homepage = "http://cl-informatik.uibk.ac.at/users/hzankl"
[zee]
name = "Karen Zee"
[zee.emails]
[zee.emails.zee_email]
user = [
"kkz",
]
host = [
"mit",
"edu",
]
[zee.homepages]
zee_homepage = "http://www.mit.edu/~kkz/"
[zeller]
name = "Peter Zeller"
[zeller.emails]
[zeller.emails.zeller_email]
user = [
"p_zeller",
]
host = [
"cs",
"uni-kl",
"de",
]
[zeller.homepages]
[zeyda]
name = "Frank Zeyda"
[zeyda.emails]
[zeyda.emails.zeyda_email]
user = [
"frank",
"zeyda",
]
host = [
"york",
"ac",
"uk",
]
[zeyda.homepages]
[zhan]
name = "Bohua Zhan"
[zhan.emails]
[zhan.emails.zhan_email]
user = [
"bzhan",
]
host = [
"ios",
"ac",
"cn",
]
[zhan.homepages]
zhan_homepage = "http://lcs.ios.ac.cn/~bzhan/"
[zhang]
name = "Yu Zhang"
[zhang.emails]
[zhang.homepages]
[zhangx]
name = "Xingyuan Zhang"
[zhangx.emails]
[zhangx.homepages]
[zhann]
name = "Naijun Zhan"
[zhann.emails]
[zhann.homepages]
diff --git a/metadata/entries/CakeML_Codegen.toml b/metadata/entries/CakeML_Codegen.toml
--- a/metadata/entries/CakeML_Codegen.toml
+++ b/metadata/entries/CakeML_Codegen.toml
@@ -1,31 +1,31 @@
title = "A Verified Code Generator from Isabelle/HOL to CakeML"
date = 2019-07-08
topics = [
"Computer science/Programming languages/Compiling",
"Logic/Rewriting",
]
abstract = """
This entry contains the formalization that accompanies my PhD thesis
(see https://lars.hupel.info/research/codegen/). I develop a verified
compilation toolchain from executable specifications in Isabelle/HOL
to CakeML abstract syntax trees. This improves over the
state-of-the-art in Isabelle by providing a trustworthy procedure for
code generation."""
license = "bsd"
note = ""
[authors]
[authors.hupel]
-homepage = "hupel_homepage1"
+homepage = "hupel_homepage"
[contributors]
[notify]
-hupel = "hupel_email1"
+hupel = "hupel_email"
[history]
[extra]
[related]
diff --git a/metadata/entries/Higher_Order_Terms.toml b/metadata/entries/Higher_Order_Terms.toml
--- a/metadata/entries/Higher_Order_Terms.toml
+++ b/metadata/entries/Higher_Order_Terms.toml
@@ -1,39 +1,39 @@
title = "An Algebra for Higher-Order Terms"
date = 2019-01-15
topics = [
"Computer science/Programming languages/Lambda calculi",
]
abstract = """
In this formalization, I introduce a higher-order term algebra,
generalizing the notions of free variables, matching, and
substitution. The need arose from the work on a <a
href=\"http://dx.doi.org/10.1007/978-3-319-89884-1_35\">verified
compiler from Isabelle to CakeML</a>. Terms can be thought of as
consisting of a generic (free variables, constants, application) and
a specific part. As example applications, this entry provides
instantiations for de-Bruijn terms, terms with named variables, and
<a
href=\"https://www.isa-afp.org/entries/Lambda_Free_RPOs.html\">Blanchette’s
&lambda;-free higher-order terms</a>. Furthermore, I
implement translation functions between de-Bruijn terms and named
terms and prove their correctness."""
license = "bsd"
note = ""
[authors]
[authors.hupel]
-homepage = "hupel_homepage1"
+homepage = "hupel_homepage"
[contributors]
[contributors.zhang]
[notify]
-hupel = "hupel_email1"
+hupel = "hupel_email"
[history]
[extra]
[related]
diff --git a/metadata/entries/Implicational_Logic.toml b/metadata/entries/Implicational_Logic.toml
new file mode 100644
--- /dev/null
+++ b/metadata/entries/Implicational_Logic.toml
@@ -0,0 +1,34 @@
+title = "Soundness and Completeness of Implicational Logic"
+date = 2022-09-13
+topics = [
+ "Logic/General logic/Classical propositional logic",
+ "Logic/Proof theory",
+]
+abstract = """
+This work is a formalization of soundness and completeness of the Bernays-Tarski
+axiom system for classical implicational logic. The completeness proof is
+constructive following the approach by László Kalmár, Elliott Mendelson and
+others. The result can be extended to full classical propositional logic by
+uncommenting a few lines for falsehood.
+"""
+license = "bsd"
+note = ""
+
+[authors]
+
+[authors.from]
+homepage = "from_homepage"
+
+[authors.villadsen]
+homepage = "villadsen_homepage"
+
+[contributors]
+
+[notify]
+from = "from_email"
+
+[history]
+
+[extra]
+
+[related]
diff --git a/metadata/entries/Padic_Field.toml b/metadata/entries/Padic_Field.toml
new file mode 100644
--- /dev/null
+++ b/metadata/entries/Padic_Field.toml
@@ -0,0 +1,35 @@
+title = "p-adic Fields and p-adic Semialgebraic Sets"
+date = 2022-09-22
+topics = [
+ "Mathematics/Number theory",
+ "Mathematics/Algebra",
+]
+abstract = """
+The field of p-adic numbers for a prime integer p is constructed.
+Basic facts about p-adic topology including Hensel's Lemma are
+proved, building on a prior submission by the author. The theory of
+semialgebraic sets and semialgebraic functions on cartesian powers of
+p-adic fields is also developed, following a formalization of these
+concepts due to Denef. This is done towards a formalization of
+Denef's proof of Macintyre's quantifier elimination theorem
+for p-adic fields. Theories developing general multivariable
+polynomial rings over a commutative ring are developed, as well as
+some general theory of cartesian powers of an arbitrary ring."""
+license = "bsd"
+note = ""
+
+[authors]
+
+[authors.crighton]
+
+
+[contributors]
+
+[notify]
+crighton = "crighton_email"
+
+[history]
+
+[extra]
+
+[related]
diff --git a/metadata/entries/Random_Graph_Subgraph_Threshold.toml b/metadata/entries/Random_Graph_Subgraph_Threshold.toml
--- a/metadata/entries/Random_Graph_Subgraph_Threshold.toml
+++ b/metadata/entries/Random_Graph_Subgraph_Threshold.toml
@@ -1,25 +1,25 @@
title = "Properties of Random Graphs -- Subgraph Containment"
date = 2014-02-13
topics = [
"Mathematics/Graph theory",
"Mathematics/Probability theory",
]
abstract = "Random graphs are graphs with a fixed number of vertices, where each edge is present with a fixed probability. We are interested in the probability that a random graph contains a certain pattern, for example a cycle or a clique. A very high edge probability gives rise to perhaps too many edges (which degrades performance for many algorithms), whereas a low edge probability might result in a disconnected graph. We prove a theorem about a threshold probability such that a higher edge probability will asymptotically almost surely produce a random graph with the desired subgraph."
license = "bsd"
note = ""
[authors]
[authors.hupel]
-email = "hupel_email"
+homepage = "hupel_homepage"
[contributors]
[notify]
hupel = "hupel_email"
[history]
[extra]
[related]
diff --git a/metadata/entries/Risk_Free_Lending.toml b/metadata/entries/Risk_Free_Lending.toml
new file mode 100644
--- /dev/null
+++ b/metadata/entries/Risk_Free_Lending.toml
@@ -0,0 +1,41 @@
+title = "Risk-Free Lending"
+date = 2022-09-18
+topics = [
+ "Mathematics/Games and economics",
+]
+abstract = """
+We construct an abstract ledger supporting the <em>risk-free
+lending</em> protocol. The risk-free lending protocol is a
+system for issuing and exchanging novel financial products we call
+<em>risk-free loan</em>. The system allows one party to
+lend money at 0&#37; APY to another party in exchange for a good
+or service. On every update of the ledger, accounts have interest
+distributed to them. Holders of lent assets keep interest accrued by
+those assets. After distributing interest, the system returns a fixed
+fraction of each loan. These fixed fractions determine <em>loan
+periods</em>. Loans for longer periods have a smaller fixed
+fraction returned. Loans may be re-lent or used as collateral for
+other loans. We give a sufficient criterion to enforce all accounts
+will forever be solvent. We give a protocol for maintaining this
+invariant when transferring or lending funds. We also show this
+invariant holds after update. Even though the system does not track
+counter-party obligations, we show that all credited and debited loans
+cancel and the monetary supply grows at a specified interest rate."""
+license = "bsd"
+note = ""
+
+[authors]
+
+[authors.doty]
+email = "doty_email"
+
+[contributors]
+
+[notify]
+doty = "doty_email" # matt@w-d.org
+
+[history]
+
+[extra]
+
+[related]
diff --git a/metadata/entries/SCC_Bloemen_Sequential.toml b/metadata/entries/SCC_Bloemen_Sequential.toml
new file mode 100644
--- /dev/null
+++ b/metadata/entries/SCC_Bloemen_Sequential.toml
@@ -0,0 +1,30 @@
+title = "Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph"
+date = 2022-08-17
+topics = [
+ "Computer science/Algorithms/Graph",
+]
+abstract = """
+We prove the correctness of a sequential algorithm for computing
+maximal strongly connected components (SCCs) of a graph due to Vincent
+Bloemen."""
+license = "bsd"
+note = ""
+
+[authors]
+
+[authors.merz]
+email = "merz_email"
+
+[authors.trelat]
+email = "trelat_email"
+
+[contributors]
+
+[notify]
+trelat = "trelat_email"
+
+[history]
+
+[extra]
+
+[related]
diff --git a/metadata/entries/Separation_Logic_Unbounded.toml b/metadata/entries/Separation_Logic_Unbounded.toml
new file mode 100644
--- /dev/null
+++ b/metadata/entries/Separation_Logic_Unbounded.toml
@@ -0,0 +1,54 @@
+title = "Unbounded Separation Logic"
+date = 2022-09-05
+topics = [
+ "Computer science/Programming languages/Logics",
+]
+abstract = """
+Many separation logics support fractional permissions to distinguish
+between read and write access to a heap location, for instance, to
+allow concurrent reads while enforcing exclusive writes. Fractional
+permissions extend to composite assertions such as (co)inductive
+predicates and magic wands by allowing those to be multiplied by a
+fraction. Typical separation logic proofs require that this
+multiplication has three key properties: it needs to distribute over
+assertions, it should permit fractions to be factored out from
+assertions, and two fractions of the same assertion should be
+combinable into one larger fraction. Existing formal semantics
+incorporating fractional assertions into a separation logic define
+multiplication semantically (via models), resulting in a semantics in
+which distributivity and combinability do not hold for key resource
+assertions such as magic wands, and fractions cannot be factored out
+from a separating conjunction. By contrast, existing automatic
+separation logic verifiers define multiplication syntactically,
+resulting in a different semantics for which it is unknown whether
+distributivity and combinability hold for all assertions. In this
+entry (which accompanies an <a
+href="https://dardinier.me/papers/multiplication.pdf">OOPSLA'22
+paper</a>), we present and formalize an unbounded version of
+separation logic, a novel semantics for separation logic assertions
+that allows states to hold more than a full permission to a heap
+location during the evaluation of an assertion. By reimposing upper
+bounds on the permissions held per location at statement boundaries,
+we retain key properties of separation logic, in particular, we prove
+that the frame rule still holds. We also prove that our assertion
+semantics unifies semantic and syntactic multiplication and thereby
+reconciles the discrepancy between separation logic theory and tools
+and enjoys distributivity, factorisability, and combinability."""
+license = "bsd"
+note = ""
+
+[authors]
+
+[authors.dardinier]
+homepage = "dardinier_homepage"
+
+[contributors]
+
+[notify]
+dardinier = "dardinier_email"
+
+[history]
+
+[extra]
+
+[related]
diff --git a/thys/Implicational_Logic/Implicational_Logic.thy b/thys/Implicational_Logic/Implicational_Logic.thy
new file mode 100644
--- /dev/null
+++ b/thys/Implicational_Logic/Implicational_Logic.thy
@@ -0,0 +1,218 @@
+(*
+ Authors: Asta Halkjær From & Jørgen Villadsen, DTU Compute
+*)
+
+section \<open>Formalization of the Bernays-Tarski Axiom System for Classical Implicational Logic\<close>
+
+(* Uncomment for Full Classical Propositional Logic *)
+
+subsection \<open>Syntax, Semantics and Axiom System\<close>
+
+theory Implicational_Logic imports Main begin
+
+datatype form =
+ (*Falsity (\<open>\<bottom>\<close>) |*)
+ Pro nat (\<open>\<cdot>\<close>) |
+ Imp form form (infixr \<open>\<rightarrow>\<close> 55)
+
+primrec semantics (infix \<open>\<Turnstile>\<close> 50) where
+ (*\<open>I \<Turnstile> \<bottom> = False\<close> |*)
+ \<open>I \<Turnstile> \<cdot> n = I n\<close> |
+ \<open>I \<Turnstile> p \<rightarrow> q = (I \<Turnstile> p \<longrightarrow> I \<Turnstile> q)\<close>
+
+inductive Ax (\<open>\<turnstile> _\<close> 50) where
+ (*Expl: \<open>\<turnstile> \<bottom> \<rightarrow> p\<close> |*)
+ Simp: \<open>\<turnstile> p \<rightarrow> q \<rightarrow> p\<close> |
+ Tran: \<open>\<turnstile> (p \<rightarrow> q) \<rightarrow> (q \<rightarrow> r) \<rightarrow> p \<rightarrow> r\<close> |
+ MP: \<open>\<turnstile> p \<rightarrow> q \<Longrightarrow> \<turnstile> p \<Longrightarrow> \<turnstile> q\<close> |
+ PR: \<open>\<turnstile> (p \<rightarrow> q) \<rightarrow> p \<Longrightarrow> \<turnstile> p\<close>
+
+subsection \<open>Soundness and Derived Formulas\<close>
+
+theorem soundness: \<open>\<turnstile> p \<Longrightarrow> I \<Turnstile> p\<close>
+ by (induct p rule: Ax.induct) auto
+
+lemma Swap: \<open>\<turnstile> (p \<rightarrow> q \<rightarrow> r) \<rightarrow> q \<rightarrow> p \<rightarrow> r\<close>
+proof -
+ have \<open>\<turnstile> q \<rightarrow> (q \<rightarrow> r) \<rightarrow> r\<close>
+ using MP PR Simp Tran by metis
+ then show ?thesis
+ using MP Tran by meson
+qed
+
+lemma Peirce: \<open>\<turnstile> ((p \<rightarrow> q) \<rightarrow> p) \<rightarrow> p\<close>
+ using MP PR Simp Swap Tran by meson
+
+lemma Hilbert: \<open>\<turnstile> (p \<rightarrow> p \<rightarrow> q) \<rightarrow> p \<rightarrow> q\<close>
+ using MP MP Tran Tran Peirce .
+
+lemma Id: \<open>\<turnstile> p \<rightarrow> p\<close>
+ using MP Hilbert Simp .
+
+lemma Tran': \<open>\<turnstile> (q \<rightarrow> r) \<rightarrow> (p \<rightarrow> q) \<rightarrow> p \<rightarrow> r\<close>
+ using MP Swap Tran .
+
+lemma Frege: \<open>\<turnstile> (p \<rightarrow> q \<rightarrow> r) \<rightarrow> (p \<rightarrow> q) \<rightarrow> p \<rightarrow> r\<close>
+ using MP MP Tran MP MP Tran Swap Tran' MP Tran' Hilbert .
+
+lemma Imp1: \<open>\<turnstile> (q \<rightarrow> s) \<rightarrow> ((q \<rightarrow> r) \<rightarrow> s) \<rightarrow> s\<close>
+ using MP Peirce Tran Tran' by meson
+
+lemma Imp2: \<open>\<turnstile> ((r \<rightarrow> s) \<rightarrow> s) \<rightarrow> ((q \<rightarrow> r) \<rightarrow> s) \<rightarrow> s\<close>
+ using MP Tran MP Tran Simp .
+
+lemma Imp3: \<open>\<turnstile> ((q \<rightarrow> s) \<rightarrow> s) \<rightarrow> (r \<rightarrow> s) \<rightarrow> (q \<rightarrow> r) \<rightarrow> s\<close>
+ using MP Swap Tran by meson
+
+subsection \<open>Completeness and Main Theorem\<close>
+
+fun pros where
+ \<open>pros (p \<rightarrow> q) = remdups (pros p @ pros q)\<close> |
+ \<open>pros p = (case p of (\<cdot> n) \<Rightarrow> [n] | _ \<Rightarrow> [])\<close>
+
+lemma distinct_pros: \<open>distinct (pros p)\<close>
+ by (induct p) simp_all
+
+primrec imply (infixr \<open>\<leadsto>\<close> 56) where
+ \<open>[] \<leadsto> q = q\<close> |
+ \<open>p # ps \<leadsto> q = p \<rightarrow> ps \<leadsto> q\<close>
+
+lemma imply_append: \<open>ps @ qs \<leadsto> r = ps \<leadsto> qs \<leadsto> r\<close>
+ by (induct ps) simp_all
+
+abbreviation Ax_assms (infix \<open>\<turnstile>\<close> 50) where \<open>ps \<turnstile> q \<equiv> \<turnstile> ps \<leadsto> q\<close>
+
+lemma imply_Cons: \<open>ps \<turnstile> q \<Longrightarrow> p # ps \<turnstile> q\<close>
+proof -
+ assume \<open>ps \<turnstile> q\<close>
+ with MP Simp have \<open>\<turnstile> p \<rightarrow> ps \<leadsto> q\<close> .
+ then show ?thesis
+ by simp
+qed
+
+lemma imply_head: \<open>p # ps \<turnstile> p\<close>
+ by (induct ps) (use MP Frege Simp imply.simps in metis)+
+
+lemma imply_mem: \<open>p \<in> set ps \<Longrightarrow> ps \<turnstile> p\<close>
+ by (induct ps) (use imply_Cons imply_head in auto)
+
+lemma imply_MP: \<open>\<turnstile> ps \<leadsto> (p \<rightarrow> q) \<rightarrow> ps \<leadsto> p \<rightarrow> ps \<leadsto> q\<close>
+proof (induct ps)
+ case (Cons r ps)
+ then have \<open>\<turnstile> (r \<rightarrow> ps \<leadsto> (p \<rightarrow> q)) \<rightarrow> (r \<rightarrow> ps \<leadsto> p) \<rightarrow> r \<rightarrow> ps \<leadsto> q\<close>
+ using MP Frege Simp by meson
+ then show ?case
+ by simp
+qed (auto intro: Id)
+
+lemma MP': \<open>ps \<turnstile> p \<rightarrow> q \<Longrightarrow> ps \<turnstile> p \<Longrightarrow> ps \<turnstile> q\<close>
+ using MP imply_MP by metis
+
+lemma imply_swap_append: \<open>ps @ qs \<turnstile> r \<Longrightarrow> qs @ ps \<turnstile> r\<close>
+ by (induct qs arbitrary: ps) (simp, metis MP' imply_append imply_Cons imply_head imply.simps(2))
+
+lemma imply_deduct: \<open>p # ps \<turnstile> q \<Longrightarrow> ps \<turnstile> p \<rightarrow> q\<close>
+ using imply_append imply_swap_append imply.simps by metis
+
+lemma add_imply [simp]: \<open>\<turnstile> p \<Longrightarrow> ps \<turnstile> p\<close>
+proof -
+ note MP
+ moreover have \<open>\<turnstile> p \<rightarrow> ps \<leadsto> p\<close>
+ using imply_head by simp
+ moreover assume \<open>\<turnstile> p\<close>
+ ultimately show ?thesis .
+qed
+
+lemma imply_weaken: \<open>ps \<turnstile> p \<Longrightarrow> set ps \<subseteq> set ps' \<Longrightarrow> ps' \<turnstile> p\<close>
+ by (induct ps arbitrary: p) (simp, metis MP' imply_deduct imply_mem insert_subset list.set(2))
+
+abbreviation \<open>lift t s p \<equiv> if t then (p \<rightarrow> s) \<rightarrow> s else p \<rightarrow> s\<close>
+
+abbreviation \<open>lifts I s \<equiv> map (\<lambda>n. lift (I n) s (\<cdot> n))\<close>
+
+lemma lifts_weaken: \<open>lifts I s l \<turnstile> p \<Longrightarrow> set l \<subseteq> set l' \<Longrightarrow> lifts I s l' \<turnstile> p\<close>
+ using imply_weaken by (metis (no_types, lifting) image_mono set_map)
+
+lemma lifts_pros_lift: \<open>lifts I s (pros p) \<turnstile> lift (I \<Turnstile> p) s p\<close>
+proof (induct p)
+ case (Imp q r)
+ consider \<open>\<not> I \<Turnstile> q\<close> | \<open>I \<Turnstile> r\<close> | \<open>I \<Turnstile> q\<close> \<open>\<not> I \<Turnstile> r\<close>
+ by blast
+ then show ?case
+ proof cases
+ case 1
+ then have \<open>lifts I s (pros (q \<rightarrow> r)) \<turnstile> q \<rightarrow> s\<close>
+ using Imp(1) lifts_weaken[where l' = \<open>pros (q \<rightarrow> r)\<close>] by simp
+ then have \<open>lifts I s (pros (q \<rightarrow> r)) \<turnstile> ((q \<rightarrow> r) \<rightarrow> s) \<rightarrow> s\<close>
+ using Imp1 MP' add_imply by blast
+ with 1 show ?thesis
+ by simp
+ next
+ case 2
+ then have \<open>lifts I s (pros (q \<rightarrow> r)) \<turnstile> (r \<rightarrow> s) \<rightarrow> s\<close>
+ using Imp(2) lifts_weaken[where l' = \<open>pros (q \<rightarrow> r)\<close>] by simp
+ then have \<open>lifts I s (pros (q \<rightarrow> r)) \<turnstile> ((q \<rightarrow> r) \<rightarrow> s) \<rightarrow> s\<close>
+ using Imp2 MP' add_imply by blast
+ with 2 show ?thesis
+ by simp
+ next
+ case 3
+ then have \<open>lifts I s (pros (q \<rightarrow> r)) \<turnstile> (q \<rightarrow> s) \<rightarrow> s\<close> \<open>lifts I s (pros (q \<rightarrow> r)) \<turnstile> r \<rightarrow> s\<close>
+ using Imp lifts_weaken[where l' = \<open>pros (q \<rightarrow> r)\<close>] by simp_all
+ then have \<open>lifts I s (pros (q \<rightarrow> r)) \<turnstile> (q \<rightarrow> r) \<rightarrow> s\<close>
+ using Imp3 MP' add_imply by blast
+ with 3 show ?thesis
+ by simp
+ qed
+qed (auto intro: Id Ax.intros)
+
+lemma lifts_pros: \<open>I \<Turnstile> p \<Longrightarrow> lifts I p (pros p) \<turnstile> p\<close>
+proof -
+ assume \<open>I \<Turnstile> p\<close>
+ then have \<open>lifts I p (pros p) \<turnstile> (p \<rightarrow> p) \<rightarrow> p\<close>
+ using lifts_pros_lift[of I p p] by simp
+ then show ?thesis
+ using Id MP' add_imply by blast
+qed
+
+theorem completeness: \<open>\<forall>I. I \<Turnstile> p \<Longrightarrow> \<turnstile> p\<close>
+proof -
+ let ?A = \<open>\<lambda>l I. lifts I p l \<turnstile> p\<close>
+ let ?B = \<open>\<lambda>l. \<forall>I. ?A l I \<and> distinct l\<close>
+ assume \<open>\<forall>I. I \<Turnstile> p\<close>
+ moreover have \<open>?B l \<Longrightarrow> (\<And>n l. ?B (n # l) \<Longrightarrow> ?B l) \<Longrightarrow> ?B []\<close> for l
+ by (induct l) blast+
+ moreover have \<open>?B (n # l) \<Longrightarrow> ?B l\<close> for n l
+ proof -
+ assume *: \<open>?B (n # l)\<close>
+ show \<open>?B l\<close>
+ proof
+ fix I
+ from * have \<open>?A (n # l) (I(n := True))\<close> \<open>?A (n # l) (I(n := False))\<close>
+ by blast+
+ moreover from * have \<open>\<forall>m \<in> set l. \<forall>t. (I(n := t)) m = I m\<close>
+ by simp
+ ultimately have \<open>((\<cdot> n \<rightarrow> p) \<rightarrow> p) # lifts I p l \<turnstile> p\<close> \<open>(\<cdot> n \<rightarrow> p) # lifts I p l \<turnstile> p\<close>
+ by (simp_all cong: map_cong)
+ then have \<open>?A l I\<close>
+ using MP' imply_deduct by blast
+ moreover from * have \<open>distinct (n # l)\<close>
+ by blast
+ ultimately show \<open>?A l I \<and> distinct l\<close>
+ by simp
+ qed
+ qed
+ ultimately have \<open>?B []\<close>
+ using lifts_pros distinct_pros by blast
+ then show ?thesis
+ by simp
+qed
+
+theorem main: \<open>(\<turnstile> p) = (\<forall>I. I \<Turnstile> p)\<close>
+ using soundness completeness by blast
+
+subsection \<open>Reference\<close>
+
+text \<open>Wikipedia \<^url>\<open>https://en.wikipedia.org/wiki/Implicational_propositional_calculus\<close> July 2022\<close>
+
+end
diff --git a/thys/Implicational_Logic/ROOT b/thys/Implicational_Logic/ROOT
new file mode 100644
--- /dev/null
+++ b/thys/Implicational_Logic/ROOT
@@ -0,0 +1,8 @@
+chapter AFP
+
+session Implicational_Logic (AFP) = HOL +
+ options [timeout = 3600]
+ theories
+ Implicational_Logic
+ document_files
+ "root.tex"
diff --git a/thys/Implicational_Logic/document/root.tex b/thys/Implicational_Logic/document/root.tex
new file mode 100644
--- /dev/null
+++ b/thys/Implicational_Logic/document/root.tex
@@ -0,0 +1,64 @@
+\documentclass[11pt,a4paper]{article}
+\usepackage[T1]{fontenc}
+\usepackage{isabelle,isabellesym}
+
+% further packages required for unusual symbols (see also
+% isabellesym.sty), use only when needed
+
+\usepackage{amssymb}
+ %for \<leadsto>, \<box>, \<diamond>, \<sqsupset>, \<mho>, \<Join>,
+ %\<lhd>, \<lesssim>, \<greatersim>, \<lessapprox>, \<greaterapprox>,
+ %\<triangleq>, \<yen>, \<lozenge>
+
+%\usepackage{eurosym}
+ %for \<euro>
+
+%\usepackage[only,bigsqcap,bigparallel,fatsemi,interleave,sslash]{stmaryrd}
+ %for \<Sqinter>, \<Parallel>, \<Zsemi>, \<Parallel>, \<sslash>
+
+%\usepackage{eufrak}
+ %for \<AA> ... \<ZZ>, \<aa> ... \<zz> (also included in amssymb)
+
+%\usepackage{textcomp}
+ %for \<onequarter>, \<onehalf>, \<threequarters>, \<degree>, \<cent>,
+ %\<currency>
+
+% this should be the last package used
+\usepackage{pdfsetup}
+
+% urls in roman style, theory text in math-similar italics
+\urlstyle{rm}
+\isabellestyle{it}
+
+% for uniform font size
+%\renewcommand{\isastyle}{\isastyleminor}
+
+
+\begin{document}
+
+\title{Soundness and Completeness of Implicational Logic}
+\author{Asta Halkjær From \and Jørgen Villadsen}
+\maketitle
+
+\tableofcontents
+
+% sane default for proof documents
+\parindent 0pt\parskip 0.5ex
+
+\begin{abstract}
+This work is a formalization of soundness and completeness of the Bernays-Tarski axiom system for classical implicational logic. The completeness proof is constructive following the approach by László Kalmár, Elliott Mendelson and others. The result can be extended to full classical propositional logic by uncommenting a few lines for falsehood.
+\end{abstract}
+
+% generated text of all theories
+\input{session}
+
+% optional bibliography
+%\bibliographystyle{abbrv}
+%\bibliography{root}
+
+\end{document}
+
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: t
+%%% End:
diff --git a/thys/Padic_Field/Cring_Multivariable_Poly.thy b/thys/Padic_Field/Cring_Multivariable_Poly.thy
new file mode 100755
--- /dev/null
+++ b/thys/Padic_Field/Cring_Multivariable_Poly.thy
@@ -0,0 +1,8548 @@
+theory Cring_Multivariable_Poly
+imports "HOL-Algebra.Indexed_Polynomials" Padic_Ints.Cring_Poly
+begin
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+section\<open>Multivariable Polynomials Over a Commutative Ring\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ This theory extends the content of \texttt{HOL-Algebra.Indexed\_Polynomials}, mainly in the
+ context of a commutative base ring. In particular, the ring of polynomials over an arbitrary
+ variable set is explicitly witnessed as a ring itself, which is commutative if the base is
+ commutative, and a domain if the base ring is a domain. A universal property for polynomial
+ evaluation is proved, which allows us to embed polynomial rings in a ring of functions over the
+ base ring, as well as construe multivariable polynomials as univariate polynomials over a small
+ base polynomial ring.
+\<close>
+
+type_synonym 'a monomial = "'a multiset"
+type_synonym ('b,'a) mvar_poly = "'a multiset \<Rightarrow> 'b"
+type_synonym ('a,'b) ring_hom = "'a \<Rightarrow> 'b"
+type_synonym 'a u_poly = "nat \<Rightarrow> 'a"
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Lemmas about multisets\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ Since multisets function as monomials in this formalization, we'll need some simple lemmas
+ about multisets in order to define degree functions and certain lemmas about factorizations.
+ Those are provided in this section.
+\<close>
+
+lemma count_size:
+ assumes "size m \<le> K"
+ shows "count m i \<le> K"
+ using assms
+ by (metis count_le_replicate_mset_subset_eq dual_order.trans order_refl size_mset_mono size_replicate_mset)
+
+text\<open>The following defines the set of monomials with nonzero coefficients for a given polynomial:\<close>
+
+definition monomials_of :: "('a,'c) ring_scheme \<Rightarrow> ('a, 'b) mvar_poly \<Rightarrow> ('b monomial) set" where
+"monomials_of R P = {m. P m \<noteq> \<zero>\<^bsub>R\<^esub>}"
+
+context ring
+begin
+
+lemma monomials_of_index_free:
+ assumes "index_free P i"
+ assumes "m \<in> monomials_of R P"
+ shows "count m i = 0"
+ using assms
+ unfolding monomials_of_def index_free_def
+ by (meson count_inI mem_Collect_eq)
+
+lemma index_freeI:
+ assumes "\<And>m. m \<in> monomials_of R P \<Longrightarrow> count m i = 0"
+ shows "index_free P i"
+ unfolding index_free_def
+proof safe
+ fix m
+ assume "i \<in># m"
+ then have "count m i \<noteq> 0"
+ by simp
+ then have "m \<notin> monomials_of R P"
+ using assms
+ by meson
+ then show "P m = \<zero>"
+ unfolding monomials_of_def
+ by blast
+qed
+
+text\<open>\texttt{monomials\_of} R is subadditive\<close>
+
+lemma monomials_of_add:
+"monomials_of R (P \<Oplus> Q) \<subseteq> (monomials_of R P) \<union> (monomials_of R Q)"
+proof
+ fix x
+ assume "x \<in> monomials_of R (P \<Oplus> Q) "
+ then have "P x \<oplus> Q x \<noteq>\<zero>"
+ by (simp add: indexed_padd_def monomials_of_def)
+ then have "P x \<noteq>\<zero> \<or> Q x \<noteq> \<zero>"
+ by auto
+ then show "x \<in> (monomials_of R P) \<union> (monomials_of R Q)"
+ by (simp add: monomials_of_def)
+qed
+
+lemma monomials_of_add_finite:
+ assumes "finite (monomials_of R P)"
+ assumes "finite (monomials_of R Q)"
+ shows "finite (monomials_of R (P \<Oplus> Q))"
+ by (meson assms(1) assms(2) finite_Un finite_subset monomials_of_add)
+
+lemma monomials_ofE:
+ assumes "m \<in> monomials_of R p"
+ shows "p m \<noteq> \<zero>"
+ using assms
+ unfolding monomials_of_def
+ by simp
+
+lemma complement_of_monomials_of:
+ assumes "m \<notin> monomials_of R P"
+ shows "P m = \<zero>"
+ using assms
+ unfolding monomials_of_def
+ by blast
+
+text\<open>Multiplication by an indexed variable corresponds to adding that index to each monomial:\<close>
+
+lemma monomials_of_p_mult:
+"monomials_of R (P \<Otimes> i) = {m. \<exists> n \<in> (monomials_of R P). m = add_mset i n}"
+proof
+ show "monomials_of R (P \<Otimes> i) \<subseteq> {m. \<exists>n\<in>monomials_of R P. m = add_mset i n}"
+ proof
+ fix m
+ assume A: "m \<in> monomials_of R (P \<Otimes> i)"
+ show "m \<in> {m. \<exists>n\<in>monomials_of R P. m = add_mset i n}"
+ proof-
+ have "(P \<Otimes> i) m \<noteq> \<zero>"
+ by (simp add: A monomials_ofE)
+ then have "P (m - {# i #}) \<noteq>\<zero>"
+ unfolding indexed_pmult_def
+ by presburger
+ then have 0: "(m - {# i #}) \<in> monomials_of R P"
+ by (meson complement_of_monomials_of)
+ have 1: " m = add_mset i (m - {# i #})"
+ by (metis \<open>(P \<Otimes> i) m \<noteq> \<zero>\<close> add_mset_remove_trivial_If indexed_pmult_def)
+ then show ?thesis using 0 1
+ by blast
+ qed
+ qed
+ show "{m. \<exists>n\<in>monomials_of R P. m = add_mset i n} \<subseteq> monomials_of R (P \<Otimes> i)"
+ unfolding monomials_of_def indexed_pmult_def
+ by auto
+qed
+
+lemma monomials_of_p_mult':
+"monomials_of R (p \<Otimes> i) = add_mset i ` (monomials_of R p)"
+ using monomials_of_p_mult
+ by (simp add: monomials_of_p_mult image_def)
+
+lemma monomials_of_p_mult_finite:
+ assumes "finite (monomials_of R P)"
+ shows "finite (monomials_of R (P \<Otimes> i))"
+ using assms monomials_of_p_mult'[of P i]
+ by simp
+
+text\<open>Monomials of a constant either consist of the empty multiset, or nothing:\<close>
+
+lemma monomials_of_const:
+"(monomials_of R (indexed_const k)) = (if (k = \<zero>) then {} else {{#}})"
+ unfolding monomials_of_def indexed_const_def
+ by simp
+
+lemma monomials_of_const_finite:
+"finite (monomials_of R (indexed_const k))"
+ by (simp add: monomials_of_const)
+
+text\<open>A polynomial always has finitely many monomials:\<close>
+lemma monomials_finite:
+ assumes "P \<in> indexed_pset K I"
+ shows "finite (monomials_of R P)"
+ using assms
+ apply(induction P)
+ using monomials_of_const_finite apply blast
+ using monomials_of_add_finite apply blast
+ by (simp add: monomials_of_p_mult_finite)
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+ subsection\<open>Turning monomials into polynomials\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>Constructor for turning a monomial into a polynomial\<close>
+
+definition mset_to_IP :: "('a, 'b) ring_scheme \<Rightarrow> 'c monomial \<Rightarrow> ('a,'c) mvar_poly" where
+"mset_to_IP R m n= (if (n = m) then \<one>\<^bsub>R\<^esub> else \<zero>\<^bsub>R\<^esub>)"
+
+definition var_to_IP :: "('a, 'b) ring_scheme \<Rightarrow> 'c \<Rightarrow> ('a,'c) mvar_poly" ("pvar") where
+"var_to_IP R i = mset_to_IP R {#i#}"
+
+context ring
+begin
+
+lemma mset_to_IP_simp[simp]:
+"mset_to_IP R m m = \<one>"
+ by (simp add: mset_to_IP_def)
+
+lemma mset_to_IP_simp'[simp]:
+ assumes "n \<noteq>m"
+ shows "mset_to_IP R m n = \<zero>"
+ by (simp add: assms mset_to_IP_def)
+
+lemma(in cring) monomials_of_mset_to_IP:
+ assumes "\<one> \<noteq>\<zero>"
+ shows "monomials_of R (mset_to_IP R m) = {m}"
+ unfolding monomials_of_def mset_to_IP_def
+proof
+ show "{ma. (if ma = m then \<one> else \<zero>) \<noteq> \<zero>} \<subseteq> {m}"
+ by auto
+ show "{m} \<subseteq> {ma. (if ma = m then \<one> else \<zero>) \<noteq> \<zero>}"
+ using assms by auto
+qed
+
+end
+
+text\<open>The set of monomials of a fixed \<open>P\<close> which include a given variable:\<close>
+
+definition monomials_with :: "('a, 'b) ring_scheme \<Rightarrow> 'c \<Rightarrow> ('a,'c) mvar_poly \<Rightarrow> ('c monomial) set" where
+"monomials_with R i P = {m. m \<in> monomials_of R P \<and> i \<in># m}"
+
+context ring
+begin
+
+lemma monomials_withE:
+ assumes "m \<in> monomials_with R i P"
+ shows "i \<in># m"
+ "m \<in> monomials_of R P"
+ using assms unfolding monomials_with_def
+ apply blast
+ using assms unfolding monomials_with_def
+ by blast
+
+lemma monomials_withI:
+ assumes "i \<in># m"
+ assumes "m \<in> monomials_of R P"
+ shows "m \<in> monomials_with R i P"
+ using assms
+ unfolding monomials_with_def
+ by blast
+
+end
+
+text\<open>Restricting a polynomial to be zero outside of a given monomial set:\<close>
+
+definition restrict_poly_to_monom_set ::
+ "('a, 'b) ring_scheme \<Rightarrow> ('a,'c) mvar_poly \<Rightarrow> ('c monomial) set \<Rightarrow>('a,'c) mvar_poly" where
+"restrict_poly_to_monom_set R P m_set m = (if m \<in> m_set then P m else \<zero>\<^bsub>R\<^esub>)"
+
+context ring
+begin
+
+lemma restrict_poly_to_monom_set_coeff:
+ assumes "carrier_coeff P"
+ shows "carrier_coeff (restrict_poly_to_monom_set R P Ms)"
+ by (metis assms carrier_coeff_def restrict_poly_to_monom_set_def zero_closed)
+
+lemma restrict_poly_to_monom_set_coeff':
+ assumes "P \<in> indexed_pset K I"
+ assumes "I \<noteq> {}"
+ assumes "\<And>m. P m \<in> S"
+ assumes "\<zero> \<in> S"
+ shows "\<And>m. (restrict_poly_to_monom_set R P m_set m) \<in> S"
+ using assms
+ unfolding restrict_poly_to_monom_set_def
+ by simp
+
+lemma restrict_poly_to_monom_set_monoms:
+ assumes "P \<in> indexed_pset I K"
+ assumes "m_set \<subseteq> monomials_of R P"
+ shows "monomials_of R (restrict_poly_to_monom_set R P m_set) = m_set"
+ using assms
+ unfolding monomials_of_def restrict_poly_to_monom_set_def
+ by (simp add: subset_iff)
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Degree Functions\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+ (**************************************************************************************************)
+ (**************************************************************************************************)
+ subsubsection\<open>Total Degree Function\<close>
+ (**************************************************************************************************)
+ (**************************************************************************************************)
+
+
+lemma multi_set_size_count:
+ fixes m :: "'c monomial"
+ shows "size m \<ge> count m i"
+ by (metis count_le_replicate_mset_subset_eq order_refl size_mset_mono size_replicate_mset)
+
+text\<open>Total degree function\<close>
+
+definition total_degree :: "('a, 'b) ring_scheme \<Rightarrow> ('a, 'c) mvar_poly \<Rightarrow> nat" where
+"total_degree R P = (if (monomials_of R P = {}) then 0 else Max (size ` (monomials_of R P)))"
+
+context ring
+begin
+
+lemma total_degree_ineq:
+ assumes "m \<in> monomials_of R P"
+ assumes "finite (monomials_of R P)"
+ shows "total_degree R P \<ge> size m"
+ unfolding total_degree_def using assms
+ by force
+
+lemma total_degree_in_monomials_of:
+ assumes "monomials_of R P \<noteq> {}"
+ assumes "finite (monomials_of R P)"
+ obtains m where "m \<in> monomials_of R P \<and> size m = total_degree R P"
+ using assms Max_in[of "(size ` monomials_of R P)"] unfolding total_degree_def
+ by (metis (mono_tags, lifting) empty_is_image finite_imageI image_iff)
+
+lemma total_degreeI:
+ assumes "finite (monomials_of R P)"
+ assumes "\<exists>m. m \<in> monomials_of R P \<and> size m = n"
+ assumes "\<And>m. m \<in> monomials_of R P \<Longrightarrow> size m \<le> n"
+ shows "n = total_degree R P"
+proof(cases "monomials_of R P = {}")
+ case True
+ then show ?thesis
+ using assms by blast
+next
+ case False
+ obtain m where m_def: "m \<in> monomials_of R P \<and> size m = n"
+ using assms by blast
+ have 0: "n \<in> (size ` (monomials_of R P))"
+ using m_def
+ by blast
+ have "\<And>k. k \<in> (size ` (monomials_of R P)) \<Longrightarrow> k \<le> n"
+ using assms
+ by blast
+ then have 1: "\<And>m. m \<in> (monomials_of R P) \<Longrightarrow> size m\<le> n"
+ by blast
+ obtain m' where m'_def: "m' \<in> monomials_of R P \<and> size m' = total_degree R P"
+ using assms total_degree_in_monomials_of
+ by blast
+ then have 2: "size m' \<le> n"
+ using 1
+ by blast
+ have 3: "n \<le>size m'"
+ using assms m'_def total_degree_ineq by auto
+ show ?thesis using 2 3
+ using dual_order.antisym m'_def by blast
+qed
+end
+
+ (**************************************************************************************************)
+ (**************************************************************************************************)
+ subsubsection\<open>Degree in One Variable\<close>
+ (**************************************************************************************************)
+ (**************************************************************************************************)
+
+definition degree_in_var ::
+ "('a, 'b) ring_scheme \<Rightarrow> ('a, 'c) mvar_poly \<Rightarrow> 'c \<Rightarrow> nat" where
+"degree_in_var R P i = (if (monomials_of R P = {}) then 0 else Max ((\<lambda>m. count m i) ` (monomials_of R P)))"
+
+context ring
+begin
+
+lemma degree_in_var_ineq:
+ assumes "m \<in> monomials_of R P"
+ assumes "finite (monomials_of R P)"
+ shows "degree_in_var R P i \<ge> count m i"
+ unfolding degree_in_var_def using assms
+ by force
+
+lemma degree_in_var_in_monomials_of:
+ assumes "monomials_of R P \<noteq> {}"
+ assumes "finite (monomials_of R P)"
+ obtains m where "m \<in> monomials_of R P \<and> count m i = degree_in_var R P i"
+ using assms Max_in[of "((\<lambda>m. count m i) ` (monomials_of R P))"] unfolding degree_in_var_def
+ by (metis (no_types, lifting) empty_is_image finite_imageI image_iff)
+
+lemma degree_in_varI:
+ assumes "finite (monomials_of R P)"
+ assumes "\<exists>m. m \<in> monomials_of R P \<and> count m i = n"
+ assumes "\<And>c. c \<in> monomials_of R P \<Longrightarrow> count c i \<le> n"
+ shows "n = degree_in_var R P i"
+proof-
+ obtain l where l_def: "l \<in> monomials_of R P \<and> count l i = degree_in_var R P i"
+ by (metis assms(1) assms(2) degree_in_var_in_monomials_of equals0D)
+ have "degree_in_var R P i \<le> n"
+ using assms(3) l_def
+ by force
+ then show ?thesis
+ using assms(1) assms(2) dual_order.antisym degree_in_var_ineq
+ by fastforce
+qed
+
+text\<open>Total degree bounds degree in a single variable:\<close>
+
+lemma total_degree_degree_in_var:
+ assumes "finite (monomials_of R P)"
+ shows "total_degree R P \<ge> degree_in_var R P i"
+proof(cases " (monomials_of R P) = {}")
+ case True
+ then show ?thesis
+ unfolding total_degree_def degree_in_var_def
+ by simp
+next
+ case False
+ then obtain m1 where m1_def: "m1 \<in> monomials_of R P \<and> count m1 i = degree_in_var R P i"
+ by (meson assms degree_in_var_in_monomials_of)
+ have "size m1 \<ge>count m1 i"
+ by (simp add: multi_set_size_count)
+ then show ?thesis
+ by (simp add: assms local.ring_axioms m1_def order.trans ring.total_degree_ineq)
+qed
+end
+
+text\<open>The set of monomials of maximal degree in variable \<open>i\<close>:\<close>
+
+definition max_degree_monoms_in_var ::
+ "('a, 'b) ring_scheme \<Rightarrow> ('a, 'c) mvar_poly \<Rightarrow> 'c \<Rightarrow> ('c monomial) set" where
+"max_degree_monoms_in_var R P i = {m. m \<in> monomials_of R P \<and> count m i = degree_in_var R P i}"
+
+context ring
+begin
+
+lemma max_degree_monoms_in_var_memI:
+ assumes "m \<in> monomials_of R P"
+ assumes "count m i = degree_in_var R P i"
+ shows "m \<in> max_degree_monoms_in_var R P i"
+ using assms unfolding max_degree_monoms_in_var_def
+ by blast
+
+lemma max_degree_monoms_in_var_memE:
+ assumes "m \<in> max_degree_monoms_in_var R P i"
+ shows "m \<in> monomials_of R P"
+ "count m i = degree_in_var R P i"
+ using assms unfolding max_degree_monoms_in_var_def
+ apply blast
+ using assms unfolding max_degree_monoms_in_var_def
+ by blast
+end
+
+text\<open>The set of monomials of \<open>P\<close> of fixed degree in variable \<open>i\<close>:\<close>
+
+definition fixed_degree_in_var ::
+ "('a, 'b) ring_scheme \<Rightarrow> ('a, 'c) mvar_poly \<Rightarrow> 'c \<Rightarrow> nat \<Rightarrow> ('c monomial) set" where
+"fixed_degree_in_var R P i n = {m. m \<in> monomials_of R P \<and> count m i = n}"
+
+context ring
+begin
+
+lemma fixed_degree_in_var_subset:
+"fixed_degree_in_var R P i n \<subseteq> monomials_of R P"
+ unfolding fixed_degree_in_var_def
+ by blast
+
+lemma fixed_degree_in_var_max_degree_monoms_in_var:
+"max_degree_monoms_in_var R P i = fixed_degree_in_var R P i (degree_in_var R P i)"
+ unfolding max_degree_monoms_in_var_def fixed_degree_in_var_def
+ by auto
+
+lemma fixed_degree_in_varI:
+ assumes "m \<in> monomials_of R P"
+ assumes "count m i = n"
+ shows "m \<in> fixed_degree_in_var R P i n"
+ unfolding fixed_degree_in_var_def
+ using assms
+ by blast
+
+lemma fixed_degree_in_varE:
+ assumes "m \<in> fixed_degree_in_var R P i n"
+ shows "m \<in> monomials_of R P"
+ "count m i = n"
+ apply (meson assms fixed_degree_in_var_subset in_mono)
+ using assms fixed_degree_in_var_def by force
+
+definition restrict_to_var_deg ::
+ "('a,'c) mvar_poly \<Rightarrow> 'c \<Rightarrow> nat \<Rightarrow> 'c monomial \<Rightarrow> 'a" where
+"restrict_to_var_deg P i n = restrict_poly_to_monom_set R P (fixed_degree_in_var R P i n)"
+
+lemma restrict_to_var_deg_var_deg:
+ assumes "finite (monomials_of R P)"
+ assumes "Q = restrict_to_var_deg P i n"
+ assumes "monomials_of R Q \<noteq> {}"
+ shows "n = degree_in_var R Q i"
+ apply(rule degree_in_varI)
+ apply (metis assms(1) assms(2) fixed_degree_in_varE(1) monomials_ofE restrict_poly_to_monom_set_def
+ restrict_to_var_deg_def rev_finite_subset subsetI)
+ apply (metis (full_types) assms(2) assms(3) equals0I fixed_degree_in_varE(2)
+ monomials_ofE restrict_poly_to_monom_set_def restrict_to_var_deg_def)
+ by (metis assms(2) eq_iff fixed_degree_in_varE(2) monomials_ofE restrict_poly_to_monom_set_def restrict_to_var_deg_def)
+
+lemma index_free_degree_in_var[simp]:
+ assumes "index_free P i"
+ shows "degree_in_var R P i = 0"
+proof(cases "monomials_of R P = {}")
+ case True
+ then show ?thesis
+ using assms
+ unfolding degree_in_var_def
+ by simp
+next
+ case False
+ then have 0: "degree_in_var R P i = Max ((\<lambda>m. count m i) ` (monomials_of R P))"
+ unfolding degree_in_var_def
+ by simp
+ have"((\<lambda>m. count m i) ` (monomials_of R P)) = {0}"
+ proof
+ show "(\<lambda>m. count m i) ` monomials_of R P \<subseteq> {0}"
+ using False assms monomials_of_index_free[of P i]
+ by auto
+ show "{0} \<subseteq> (\<lambda>m. count m i) ` monomials_of R P"
+ using False \<open>(\<lambda>m. count m i) ` monomials_of R P \<subseteq> {0}\<close>
+ by auto
+ qed
+ then show ?thesis using 0
+ by simp
+qed
+
+lemma degree_in_var_index_free:
+ assumes "degree_in_var R P i = 0"
+ assumes "finite (monomials_of R P)"
+ shows "index_free P i"
+ apply(rule index_freeI)
+ by (metis assms(1) assms(2) degree_in_var_ineq le_zero_eq)
+
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Constructing the Multiplication Operation on the Ring of Indexed Polynomials\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+ (**********************************************************************)
+ (**********************************************************************)
+ subsubsection\<open>The Set of Factors of a Fixed Monomial\<close>
+ (**********************************************************************)
+ (**********************************************************************)
+
+ text\<open>The following function maps a monomial to the set of monomials which divide it:\<close>
+
+definition mset_factors :: "'c monomial \<Rightarrow> ('c monomial) set" where
+"mset_factors m = {n. n \<subseteq># m}"
+
+context ring
+begin
+
+lemma monom_divides_factors:
+"n \<in> (mset_factors m)\<longleftrightarrow> n \<subseteq># m"
+ unfolding mset_factors_def by auto
+
+lemma mset_factors_mono:
+ assumes "n \<subseteq># m"
+ shows "mset_factors n \<subseteq> mset_factors m"
+ unfolding mset_factors_def
+ by (simp add: Collect_mono_iff assms subset_mset.order_trans)
+
+lemma mset_factors_size_bound:
+ assumes "n \<in> mset_factors m"
+ shows "size n \<le> size m"
+ using assms
+ unfolding mset_factors_def
+ by (simp add: size_mset_mono)
+
+lemma sets_to_inds_finite:
+ assumes "finite I"
+ shows "finite S \<Longrightarrow> finite (Pi\<^sub>E S (\<lambda>_. I))"
+ using assms
+ by (simp add: finite_PiE)
+
+end
+
+ (**********************************************************************************************)
+ (**********************************************************************************************)
+ subsubsection\<open>Finiteness of the Factor Set of a Monomial\<close>
+ (**********************************************************************************************)
+ (**********************************************************************************************)
+
+text\<open>
+ This section shows that any monomial m has only finitely many factors. This is done by mapping
+ the set of factors injectively into a finite extensional function set. Explicitly, a monomial is
+ just mapped to its count function, restricted to the set of indices where the count is nonzero.
+\<close>
+
+definition mset_factors_to_fun ::
+ "('a,'b) ring_scheme \<Rightarrow> 'c monomial \<Rightarrow> 'c monomial \<Rightarrow> ('c \<Rightarrow> nat)" where
+"mset_factors_to_fun R m n = (if (n \<in> mset_factors m) then
+ (restrict (count n) (set_mset m)) else undefined)"
+context ring
+begin
+
+lemma mset_factors_to_fun_prop:
+ assumes "size m = n"
+ shows "mset_factors_to_fun R m \<in> (mset_factors m) \<rightarrow> (Pi\<^sub>E (set_mset m) (\<lambda>_. {0.. n}))"
+proof
+ fix x
+ assume A: "x \<in> (mset_factors m)"
+ show "mset_factors_to_fun R m x \<in> (set_mset m) \<rightarrow>\<^sub>E {0..n} "
+ proof
+ show "\<And>xa. xa \<in># m \<Longrightarrow> mset_factors_to_fun R m x xa \<in> {0..n}"
+ proof-
+ fix y
+ assume Ay: "y \<in># m"
+ show P0: "mset_factors_to_fun R m x y \<in> {0..n}"
+ proof-
+ have "mset_factors_to_fun R m x = restrict (count x) (set_mset m)"
+ using A unfolding mset_factors_to_fun_def
+ by simp
+ then have "mset_factors_to_fun R m x y = count x y"
+ using Ay
+ by simp
+ then show ?thesis
+ using A INTEG.R.mset_factors_size_bound assms count_size by fastforce
+ qed
+ qed
+ fix z
+ assume Ay: "z \<notin>#m"
+ show "mset_factors_to_fun R m x z = undefined"
+ using A Ay unfolding mset_factors_to_fun_def
+ by simp
+ qed
+qed
+
+lemma mset_factors_to_fun_inj:
+ shows "inj_on (mset_factors_to_fun R m) (mset_factors m) "
+proof
+ fix x y
+ assume A: "x \<in> mset_factors m" "y \<in> mset_factors m"
+ show "mset_factors_to_fun R m x = mset_factors_to_fun R m y \<Longrightarrow> x = y"
+ proof-
+ assume A0: "mset_factors_to_fun R m x = mset_factors_to_fun R m y"
+ show " x = y"
+ proof-
+ have "\<And>i. count x i = count y i"
+ proof- fix i
+ show "count x i = count y i"
+ proof(cases "i \<in># m")
+ case True
+ then show ?thesis using A0 A unfolding mset_factors_to_fun_def
+ by (metis restrict_def)
+ next
+ case False
+ then show ?thesis
+ using A0 A unfolding mset_factors_to_fun_def
+ by (metis monom_divides_factors count_inI mset_subset_eqD)
+ qed
+ qed
+ then show ?thesis
+ using multiset_eqI by blast
+ qed
+ qed
+qed
+
+lemma finite_target:
+"finite (Pi\<^sub>E (set_mset m) (\<lambda>_. {0..(n::nat)}))"
+proof-
+ have 0: "finite (set_mset m)"
+ by simp
+ have 1: "finite ({0..n})"
+ by simp
+ then show ?thesis using 0
+ by (simp add: finite_PiE)
+qed
+
+text\<open>A multiset has only finitely many factors:\<close>
+
+lemma mset_factors_finite[simp]:
+"finite (mset_factors m)"
+proof-
+ have 0: "inj_on (mset_factors_to_fun R m) (mset_factors m) "
+ by (simp add: mset_factors_to_fun_inj)
+ have 1: "(mset_factors_to_fun R m) \<in> (mset_factors m) \<rightarrow> (Pi\<^sub>E (set_mset m) (\<lambda>_. {0 .. (size m)}))"
+ by (metis mset_factors_to_fun_prop)
+ have 2: "finite (Pi\<^sub>E (set_mset m) (\<lambda>_. {0 .. (size m)}))"
+ by (simp add: finite_target)
+ have 3: "((mset_factors_to_fun R m) ` (mset_factors m)) \<subseteq> (Pi\<^sub>E (set_mset m) (\<lambda>_. {0 .. (size m)}))"
+ using 1 2
+ by blast
+ then have "finite ((mset_factors_to_fun R m) ` (mset_factors m))"
+ using 2 finite_subset by auto
+ then show ?thesis using 0 1 2
+ finite_imageD[of "mset_factors_to_fun R m" "mset_factors m" ]
+ by blast
+qed
+
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Definition of Indexed Polynomial Multiplication.\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+context ring
+begin
+
+text\<open>Monomial division:\<close>
+
+lemma monom_divide:
+ assumes "n \<in> mset_factors m"
+ shows "(THE k. n + k = m ) = m - n "
+ apply(rule the_equality)
+ using assms unfolding mset_factors_def
+ apply simp
+ using assms unfolding mset_factors_def
+ by auto
+
+text\<open>A monomial is a factor of itself:\<close>
+
+lemma m_factor[simp]:
+"m \<in> mset_factors m"
+ using local.ring_axioms ring.monom_divides_factors by blast
+
+end
+
+text\<open>The definition of polynomial multiplication:\<close>
+
+definition P_ring_mult :: "('a, 'b) ring_scheme \<Rightarrow> ('a,'c) mvar_poly \<Rightarrow> ('a,'c) mvar_poly \<Rightarrow> 'c monomial \<Rightarrow> 'a"
+ where
+"P_ring_mult R P Q m = (finsum R (\<lambda>x. (P x) \<otimes>\<^bsub>R\<^esub> (Q (m - x))) (mset_factors m))"
+
+abbreviation(in ring) P_ring_mult_in_ring (infixl "\<Otimes>\<^sub>p" 65)where
+"P_ring_mult_in_ring \<equiv> P_ring_mult R"
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Distributivity Laws for Polynomial Multiplication\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+context ring
+begin
+
+lemma P_ring_rdistr:
+ assumes "carrier_coeff a"
+ assumes "carrier_coeff b"
+ assumes "carrier_coeff c"
+ shows "a \<Otimes>\<^sub>p (b \<Oplus> c) = (a \<Otimes>\<^sub>p b)\<Oplus> (a \<Otimes>\<^sub>p c)"
+proof
+ fix m
+ show "(a \<Otimes>\<^sub>p (b \<Oplus> c)) m = (a \<Otimes>\<^sub>p b \<Oplus> (a \<Otimes>\<^sub>p c)) m"
+ proof-
+ have RHS: "(a \<Otimes>\<^sub>p b \<Oplus> (a \<Otimes>\<^sub>p c)) m =
+ (\<Oplus>x\<in>mset_factors m. a x \<otimes> b (m - x)) \<oplus> (\<Oplus>x\<in>mset_factors m. a x \<otimes> c (m - x))"
+ unfolding indexed_padd_def P_ring_mult_def by auto
+ have LHS: "(a \<Otimes>\<^sub>p (b \<Oplus> c)) m=
+ ( \<Oplus>x\<in>mset_factors m. a x \<otimes> b (m - x) \<oplus> a x \<otimes> c (m - x))"
+ unfolding indexed_padd_def P_ring_mult_def
+ by (meson assms(1) assms(2) assms(3) local.ring_axioms r_distr ring.carrier_coeff_def)
+ have RHS': "(a \<Otimes>\<^sub>p b \<Oplus> (a \<Otimes>\<^sub>p c)) m =
+ (\<Oplus>x\<in>mset_factors m. a x \<otimes> b (m - x) \<oplus> a x \<otimes> c (m - x))"
+ proof-
+ have 0: "(\<lambda>x. a x \<otimes> b (m - x)) \<in> mset_factors m \<rightarrow> carrier R"
+ proof
+ fix x assume "x \<in> mset_factors m"
+ then show "a x \<otimes> b (m - x) \<in> carrier R"
+ using assms carrier_coeffE
+ by blast
+ qed
+ have 1: "(\<lambda>x. a x \<otimes> c (m - x)) \<in> mset_factors m \<rightarrow> carrier R"
+ proof
+ fix x assume "x \<in> mset_factors m"
+ then show "a x \<otimes> c (m - x) \<in> carrier R"
+ using assms carrier_coeffE
+ by blast
+ qed
+ then show ?thesis
+ using 0 1 RHS assms finsum_addf[of "\<lambda>x. a x \<otimes> b (m - x)" "mset_factors m"
+ "\<lambda>x. a x \<otimes> c (m - x)"]
+ by metis
+ qed
+ show ?thesis using LHS RHS' by auto
+ qed
+qed
+
+lemma P_ring_ldistr:
+ assumes "carrier_coeff a"
+ assumes "carrier_coeff b"
+ assumes "carrier_coeff c"
+ shows " (b \<Oplus> c) \<Otimes>\<^sub>p a = (b \<Otimes>\<^sub>p a)\<Oplus> (c \<Otimes>\<^sub>p a)"
+proof
+ fix m
+ show "((b \<Oplus> c) \<Otimes>\<^sub>p a) m = ((b \<Otimes>\<^sub>p a)\<Oplus> (c \<Otimes>\<^sub>p a)) m"
+ proof-
+ have RHS: "((b \<Otimes>\<^sub>p a)\<Oplus> (c \<Otimes>\<^sub>p a)) m =
+ (\<Oplus>x\<in>mset_factors m. b x \<otimes> a (m - x)) \<oplus> (\<Oplus>x\<in>mset_factors m. c x \<otimes> a (m - x))"
+ unfolding indexed_padd_def P_ring_mult_def by auto
+ have LHS: "((b \<Oplus> c) \<Otimes>\<^sub>p a) m=
+ ( \<Oplus>x\<in>mset_factors m. b x \<otimes> a (m - x) \<oplus> c x \<otimes> a (m - x))"
+ unfolding indexed_padd_def P_ring_mult_def
+ by (meson assms(1) assms(2) assms(3) l_distr local.ring_axioms ring.carrier_coeff_def)
+ have RHS': "((b \<Otimes>\<^sub>p a)\<Oplus> (c \<Otimes>\<^sub>p a)) m =
+ (\<Oplus>x\<in>mset_factors m. b x \<otimes> a (m - x) \<oplus> c x \<otimes> a (m - x))"
+ proof-
+ have 0: "(\<lambda>x. b x \<otimes> a (m - x)) \<in> mset_factors m \<rightarrow> carrier R"
+ proof
+ fix x assume "x \<in> mset_factors m"
+ then show "b x \<otimes> a (m - x) \<in> carrier R"
+ using assms carrier_coeffE
+ by blast
+ qed
+ have 1: "(\<lambda>x. c x \<otimes> a (m - x)) \<in> mset_factors m \<rightarrow> carrier R"
+ proof
+ fix x assume "x \<in> mset_factors m"
+ then show "c x \<otimes> a (m - x) \<in> carrier R"
+ using assms carrier_coeffE
+ by blast
+ qed
+ then show ?thesis
+ using 0 1 RHS assms finsum_addf[of "\<lambda>x. b x \<otimes> a (m - x)" "mset_factors m"
+ "\<lambda>x. c x \<otimes> a (m - x)"]
+ by metis
+ qed
+ show ?thesis using LHS RHS' by auto
+ qed
+qed
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Multiplication Commutes with \texttt{indexed\_pmult}\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+context ring
+begin
+
+text\<open>This lemma shows how we can write the factors of a monomial $m$ times a variable $i$ in terms
+ of the factors of m:\<close>
+
+lemma mset_factors_add_mset:
+"mset_factors (add_mset i m) = mset_factors m \<union> add_mset i ` (mset_factors m)"
+proof
+ show "mset_factors (add_mset i m) \<subseteq> mset_factors m \<union> add_mset i ` mset_factors m"
+ proof fix x
+ assume A: "x \<in> mset_factors (add_mset i m)"
+ show "x \<in> mset_factors m \<union> add_mset i ` mset_factors m"
+ proof(cases "i \<in># x")
+ case True
+ then have "x - {#i#} \<subseteq># m"
+ using A INTEG.R.monom_divides_factors subset_eq_diff_conv by force
+ then show ?thesis
+ by (metis INTEG.R.monom_divides_factors True UnI2 add_mset_remove_trivial image_iff multi_member_split)
+ next
+ case False
+ have 0: "x \<subseteq># add_mset i m"
+ using A INTEG.R.monom_divides_factors by blast
+ hence "x \<subseteq># m"
+ using mset_subset_eqI[of x m] 0 False
+ by (metis count_add_mset count_greater_zero_iff count_inI less_Suc_eq_le
+ subseteq_mset_def union_single_eq_member)
+ thus ?thesis
+ using INTEG.R.monom_divides_factors by blast
+ qed
+ qed
+ show "mset_factors m \<union> add_mset i ` mset_factors m \<subseteq> mset_factors (add_mset i m)"
+ proof fix x assume A: "x \<in> mset_factors m \<union> add_mset i ` mset_factors m"
+ have "x \<subseteq># add_mset i m"
+ proof(cases "x \<in> mset_factors m")
+ case True
+ then have "x \<subseteq># m"
+ by (simp add: INTEG.R.monom_divides_factors)
+ hence "(\<And>a. count x a \<le> count (add_mset i m) a)"
+ using mset_subset_eq_count[of x m] count_add_mset[of i m]
+ nat_le_linear not_less_eq_eq by fastforce
+ thus ?thesis
+ using mset_subset_eqI by blast
+ next
+ case False
+ then obtain n where n_def: "n \<in> mset_factors m \<and> x = add_mset i n"
+ using A by blast
+ then have "x \<subseteq># add_mset i m"
+ by (simp add: INTEG.R.monom_divides_factors)
+ then show ?thesis
+ by simp
+ qed
+ thus "x \<in> mset_factors (add_mset i m)"
+ by (simp add: INTEG.R.monom_divides_factors)
+ qed
+qed
+
+end
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Associativity of Polynomial Multiplication.\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+context ring
+begin
+
+lemma finsum_eq:
+ assumes "f \<in> S \<rightarrow> carrier R"
+ assumes "g \<in> S \<rightarrow> carrier R"
+ assumes "(\<lambda> x \<in> S. f x) = (\<lambda> x \<in> S. g x)"
+ shows " finsum R f S = finsum R g S"
+ by (metis assms(1) assms(3) finsum_cong' restrict_apply')
+
+lemma finsum_eq_induct:
+ assumes "f \<in> S \<rightarrow> carrier R"
+ assumes "g \<in> T \<rightarrow> carrier R"
+ assumes "finite S"
+ assumes "finite T"
+ assumes "bij_betw h S T"
+ assumes "\<And>s. s \<in> S \<Longrightarrow> f s = g (h s)"
+ shows "finite U \<Longrightarrow> U \<subseteq> S \<Longrightarrow> finsum R f U = finsum R g (h ` U)"
+ apply(induct rule: finite_induct)
+ apply (simp; fail)
+proof-
+ fix x
+ fix F :: "'c set"
+ assume F_fin: "finite F"
+ assume x_not_in: "x \<notin> F"
+ assume IH: "(F \<subseteq> S \<Longrightarrow> finsum R f F = finsum R g (h ` F)) "
+ show "insert x F \<subseteq> S \<Longrightarrow> finsum R f (insert x F) = finsum R g (h ` insert x F)"
+ proof-
+ assume A: "insert x F \<subseteq> S"
+ then have F_sub: "F \<subseteq>S"
+ by simp
+ have x_in: "x \<in> S"
+ using A by blast
+ have fx_in: "f x \<in> carrier R"
+ using x_in assms(1)
+ by auto
+ have ghx_fx_eq:
+ "f x = g (h x)"
+ using x_in assms
+ by blast
+ have I: "finsum R f F = finsum R g (h ` F)"
+ using F_sub IH by blast
+ have f_fact: "f \<in> F \<rightarrow> carrier R "
+ using assms(1) F_sub
+ by blast
+ have "finsum R f (insert x F) = (f x) \<otimes>\<^bsub>add_monoid R\<^esub> (finsum R f F) "
+ using F_fin x_not_in comm_monoid.finprod_insert[of "(add_monoid R)" F x f ]
+ unfolding finsum_def
+ using f_fact fx_in local.add.comm_monoid_axioms
+ by auto
+ have "finsum R g (h ` insert x F) = finsum R g (insert (h x) (h ` F))"
+ by simp
+ then have "finsum R g (h ` insert x F) = (g (h x)) \<otimes>\<^bsub>add_monoid R\<^esub> finsum R g (h ` F)"
+ proof-
+ have 0: "finite (h ` F)"
+ by (simp add: F_fin)
+ have 1: "h x \<notin> h ` F"
+ proof-
+ have 10: "bij_betw h F (h` F)"
+ using assms(5) F_sub bij_betw_subset
+ by blast
+ show ?thesis
+ proof
+ assume "h x \<in> h ` F "
+ then obtain s where s_def: "s \<in> F \<and> h s = h x"
+ using 10
+ by auto
+ have "s \<in> S"
+ using F_sub s_def by blast
+ then have "s = x"
+ using x_in assms(5)
+ s_def
+ unfolding bij_betw_def inj_on_def
+ by blast
+ then show False using x_not_in
+ using s_def by blast
+ qed
+ qed
+ have 2: "g \<in> h ` F \<rightarrow> carrier (add_monoid R)"
+ proof
+ fix y
+ assume Ay: "y \<in> h ` F"
+ then obtain s where s_def: "y = h s \<and> s \<in> F"
+ by blast
+ then have s_S: "s \<in> S"
+ using F_sub by blast
+ have "h ` F \<subseteq> T"
+ using F_sub assms(5)
+ unfolding bij_betw_def
+ by blast
+ then have "g y \<in> carrier R"
+ using Ay assms(2)
+ by blast
+ then show "g y \<in> carrier (add_monoid R)"
+ by simp
+ qed
+ have "g (h x) \<in> carrier (add_monoid R)"
+ using fx_in ghx_fx_eq
+ by auto
+ then show ?thesis
+ using 0 1 2 comm_monoid.finprod_insert[of "(add_monoid R)" "(h ` F)" "h x" g ]
+ unfolding finsum_def
+ by (simp add: local.add.comm_monoid_axioms)
+ qed
+ then have "finsum R g (h ` insert x F) = f x \<otimes>\<^bsub>add_monoid R\<^esub> (finsum R f F)"
+ using I ghx_fx_eq by auto
+ then show ?thesis
+ by (simp add: \<open>finsum R f (insert x F) = f x \<otimes>\<^bsub>add_monoid R\<^esub> finsum R f F\<close>)
+ qed
+qed
+
+lemma finsum_bij_eq:
+ assumes "f \<in> S \<rightarrow> carrier R"
+ assumes "g \<in> T \<rightarrow> carrier R"
+ assumes "finite S"
+ assumes "bij_betw h S T"
+ assumes "\<And>s. s \<in> S \<Longrightarrow> f s = g (h s)"
+ shows "finsum R f S = finsum R g T"
+proof-
+ have 0: "finite T"
+ using assms bij_betw_finite
+ by blast
+ have 1: "(\<And>s. s \<in> S \<Longrightarrow> f s = g (h s)) "
+ using assms
+ by blast
+ have "(\<And>s. s \<in> S \<Longrightarrow> f s = g (h s)) \<Longrightarrow> finite S \<Longrightarrow> S \<subseteq> S \<Longrightarrow> finsum R f S = finsum R g (h ` S)"
+ using 0 assms finsum_eq_induct[of f S g T h S ]
+ by blast
+ then have "finsum R f S = finsum R g (h ` S)"
+ using assms(5) assms(3)
+ by blast
+ then show ?thesis
+ using assms(5) assms(4) bij_betw_imp_surj_on
+ by blast
+qed
+
+lemma monom_comp:
+ assumes "x \<subseteq># m"
+ assumes "y \<subseteq># m - x"
+ shows "x \<subseteq># m - y"
+using assms
+ by (metis add_diff_cancel_left' subset_eq_diff_conv
+ subset_mset.le_diff_conv2 subset_mset.order_refl subset_mset.order_trans)
+
+lemma monom_comp':
+ assumes "x \<subseteq># m"
+ assumes "y = m - x"
+ shows "x = m - y"
+ using assms
+ by (metis add_diff_cancel_right' subset_mset.add_diff_inverse)
+
+text \<open>
+ This lemma turns iterated sums into sums over a product set. The first lemma is only a technical
+ phrasing of \texttt{double\_finsum'} to facilitate an inductive proof, and likely can and should
+ be simplified.
+\<close>
+
+lemma double_finsum_induct:
+ assumes "finite S"
+ assumes "\<And>s. s \<in> S \<Longrightarrow> finite (F s)"
+ assumes "P = (\<lambda>S. {(s, t). s \<in> S \<and> t \<in> (F s)})"
+ assumes "\<And>s y. s \<in> S \<Longrightarrow> y \<in> (F s) \<Longrightarrow> g s y \<in> carrier R"
+ shows "finite T \<Longrightarrow> T \<subseteq> S \<Longrightarrow> finsum R (\<lambda>s. finsum R (g s) (F s)) T =
+ finsum R (\<lambda> c. g (fst c) (snd c)) (P T)"
+ apply(induct rule: finite_induct)
+ apply (simp add: assms(3); fail)
+proof-
+ fix x
+ fix T :: "'c set"
+ assume AT: "finite T"
+ assume x_notin: "x \<notin> T"
+ assume IH: "(T \<subseteq> S \<Longrightarrow> (\<Oplus>s\<in>T. finsum R (g s) (F s)) = (\<Oplus>c\<in>P T. g (fst c) (snd c)))"
+ assume A: "insert x T \<subseteq>S"
+ show " (\<Oplus>s\<in>insert x T. finsum R (g s) (F s)) = (\<Oplus>c\<in>P (insert x T). g (fst c) (snd c))"
+ proof-
+ have 0: "(\<lambda>s. finsum R (g s) (F s)) \<in> T \<rightarrow> carrier R"
+ proof
+ fix v
+ assume A0: "v \<in> T"
+ then have A1: "v \<in> S"
+ using A by blast
+ then show "finsum R (g v) (F v) \<in> carrier R"
+ proof-
+ have 00: "finite (F v)"
+ using assms A
+ using \<open>v \<in> T\<close> by blast
+ have "g v \<in> F v \<rightarrow> carrier R"
+ proof
+ fix l assume "l \<in> F v"
+ then show "g v l \<in> carrier R"
+ using A1 assms(4)[of v l]
+ by blast
+ qed
+ then show ?thesis
+ using finsum_closed by blast
+ qed
+ qed
+ have 1: "finsum R (g x) (F x) \<in> carrier R"
+ proof-
+ have "x \<in> S"
+ using A by blast
+ then show ?thesis using assms(4) finsum_closed[of "(g x)" "F x"]
+ by blast
+ qed
+ have 2: " (\<Oplus>s\<in>insert x T. finsum R (g s) (F s)) = finsum R (g x) (F x) \<oplus> (\<Oplus>s\<in> T. finsum R (g s) (F s))"
+ using 0 1 finsum_insert[of T x "(\<lambda>s. finsum R (g s) (F s))"] AT x_notin
+ by blast
+ have 3: "P (insert x T) = P {x} \<union> P T"
+ proof
+ show "P (insert x T) \<subseteq> P {x} \<union> P T"
+ proof
+ fix y
+ assume "y \<in> P (insert x T)"
+ then show "y \<in> P {x} \<union> P T"
+ using assms
+ by blast
+ qed
+ show "P {x} \<union> P T \<subseteq> P (insert x T)"
+ proof
+ fix y
+ assume Ay: "y \<in> P {x} \<union> P T"
+ show "y \<in> P (insert x T)"
+ proof(cases "y \<in> P {x}")
+ case True
+ then have "y \<in> ({(s, t). s \<in> {x} \<and> t \<in> F s})"
+ using assms(3) by auto
+ then have "fst y = x \<and> snd y \<in> F x"
+ using Product_Type.Collect_case_prodD by auto
+ then show ?thesis using assms(3)
+ using fst_def by auto
+ next
+ case False
+ then have "y \<in> P T"
+ using Ay
+ by blast
+ then have "y \<in> ({(s, t). s \<in> T \<and> t \<in> F s})"
+ using assms(3) by blast
+ then obtain s t where st_def: "y = (s, t) \<and>s \<in> T \<and> t \<in> F s"
+ by blast
+ then have "y = (s, t) \<and>s \<in> (insert x T) \<and> t \<in> F s"
+ by blast
+ then show ?thesis using assms(3)
+ by simp
+ qed
+ qed
+ qed
+ have 4: "P {x} \<inter> P T = {}"
+ proof
+ show "P {x} \<inter> P T \<subseteq> {}"
+ proof
+ fix y
+ assume B: "y \<in> P {x} \<inter> P T"
+ then have "fst y = x"
+ proof-
+ have "y \<in> {(s, t). s \<in> {x} \<and> t \<in> F s}"
+ using assms(3) B by auto
+ then obtain s t where "y = (s, t) \<and> s \<in> {x} \<and> t \<in> F s"
+ by blast
+ then show ?thesis
+ by auto
+ qed
+ have "fst y \<in> T"
+ proof-
+ have "y \<in> {(s, t). s \<in> T \<and> t \<in> F s}"
+ using assms(3) B by auto
+ then obtain s t where "y = (s, t) \<and> s \<in> T \<and> t \<in> F s"
+ by blast
+ then show ?thesis
+ by simp
+ qed
+ then have False
+ using x_notin
+ by (simp add: \<open>fst y = x\<close>)
+ then show "y \<in> {}"
+ by simp
+ qed
+ show "{} \<subseteq> P {x} \<inter> P T"
+ by simp
+ qed
+ have 5: "(\<lambda>c. g (fst c) (snd c)) \<in> P {x} \<rightarrow> carrier R"
+ proof
+ fix y
+ assume X0: "y \<in> P {x}"
+ obtain s t where st_def: "y = (s, t) \<and> (s, t) \<in> P {x}"
+ by (metis X0 old.prod.exhaust)
+ then have st: "s = x \<and> t \<in> F x"
+ using assms(3) by blast
+ then have "g (fst y) (snd y) = g x t \<and>t \<in> F x"
+ by (simp add: st_def)
+ then show "g (fst y) (snd y) \<in> carrier R"
+ using assms(4)[of x t] A
+ by simp
+ qed
+ have 6: "(\<lambda>c. g (fst c) (snd c)) \<in> P T \<rightarrow> carrier R"
+ proof
+ fix y
+ assume X0: "y \<in> P T"
+ obtain s t where st_def: "y = (s, t) \<and> (s, t) \<in> P T"
+ by (metis X0 old.prod.exhaust)
+ then have st: "s \<in> T \<and> t \<in> F s"
+ using assms(3) by blast
+ then have "g (fst y) (snd y) = g s t \<and>t \<in> F s"
+ by (simp add: st_def)
+ then show "g (fst y) (snd y) \<in> carrier R"
+ using assms(4)[of s t] A st
+ by auto
+ qed
+ have 07: "\<And>x. x \<in> S \<Longrightarrow> finite (P {x})"
+ proof-
+ fix x
+ assume "x \<in> S"
+ have "bij_betw snd (P {x}) (F x)"
+ unfolding bij_betw_def
+ proof
+ show "inj_on snd (P {x})"
+ proof
+ fix a b
+ assume Aa: "a \<in> P {x}"
+ assume Ab: "b \<in> P {x}"
+ have 0: "fst a = x"
+ proof-
+ have" a \<in> {(s, t). s \<in> {x} \<and> t \<in> F s} "
+ using Aa assms(3)
+ by blast
+ then obtain s t where st_def: "a = (s, t) \<and> s \<in> {x} \<and> t \<in> F s"
+ by blast
+ then show ?thesis
+ by auto
+ qed
+ have 1: "fst b = x"
+ proof-
+ have" b \<in> {(s, t). s \<in> {x} \<and> t \<in> F s} "
+ using Ab assms(3)
+ by blast
+ then obtain s t where st_def: "b = (s, t) \<and> s \<in> {x} \<and> t \<in> F s"
+ by blast
+ then show ?thesis
+ by auto
+ qed
+ show "snd a = snd b \<Longrightarrow> a = b"
+ using 0 1
+ by (simp add: prod_eqI)
+ qed
+ show "snd ` P {x} = F x"
+ proof
+ show "snd ` P {x} \<subseteq> F x"
+ proof
+ fix y
+ assume 0: "y \<in> snd ` P {x}"
+ then obtain q where q_def: " q \<in> P {x} \<and> y = snd q"
+ by blast
+ then obtain s t where st: "q = (s, t) \<and> s \<in> {x} \<and> t \<in> F s"
+ using assms(3) by blast
+ then have 1: "s = x"
+ by blast
+ have 2: "snd q = t"
+ by (simp add: st)
+ then show "y \<in> F x"
+ using q_def st by blast
+ qed
+ show "F x \<subseteq> snd ` P {x}"
+ proof
+ fix y
+ assume "y \<in> F x"
+ then have C: "(x, y) \<in> P {x}"
+ using assms(3)
+ by simp
+ then have "y = snd (x, y)"
+ by auto
+ then show "y \<in> snd ` P {x}"
+ using C
+ by blast
+ qed
+ qed
+ qed
+ then show "finite (P {x})"
+ using assms(2)[of x] bij_betw_finite
+ \<open>x \<in> S\<close>
+ by blast
+ qed
+ have 7: "finite (P {x})"
+ using 07 A
+ by blast
+ have 8: "finite (P T)"
+ proof-
+ have "\<And>D. finite D \<Longrightarrow> D \<subseteq> S \<Longrightarrow> finite (P D)"
+ proof-
+ fix D
+ show "finite D \<Longrightarrow> D \<subseteq> S \<Longrightarrow> finite (P D)"
+ apply(induct rule: finite_induct)
+ proof-
+ have "P {} = {}" using assms(3)
+ by blast
+ then show "finite (P {})"
+ by auto
+ show "\<And>x F. finite F \<Longrightarrow> x \<notin> F \<Longrightarrow> (F \<subseteq> S \<Longrightarrow> finite (P F)) \<Longrightarrow> insert x F \<subseteq> S \<Longrightarrow> finite (P (insert x F))"
+ proof-
+ fix x
+ fix Q :: "'c set "
+ assume fin: "finite Q"
+ assume notin: "x \<notin> Q"
+ assume fin_pf: "(Q \<subseteq> S \<Longrightarrow> finite (P Q))"
+ assume I: "insert x Q \<subseteq> S "
+ show "finite (P (insert x Q))"
+ proof-
+ have x_in: "x \<in> S"
+ using I by blast
+ have 0: "(P (insert x Q)) \<subseteq> (P Q) \<union> P {x}"
+ proof
+ fix y
+ assume "y \<in> P (insert x Q)"
+ obtain s t where st: "y = (s, t) \<and> s \<in> (insert x Q) \<and> t \<in> F s"
+ using assms(3) x_in \<open>y \<in> P (insert x Q)\<close>
+ by blast
+ show "y \<in> (P Q) \<union> P {x}"
+ proof(cases "s \<in> Q")
+ case True
+ then have "y \<in> P Q"
+ using st assms(3)
+ by simp
+ then show ?thesis using st assms(3)
+ by blast
+ next
+ case False
+ then have "s = x"
+ using st by blast
+ then have "s \<in>{x} \<and> t \<in> F s"
+ using st by blast
+ then have "y \<in> P {x}"
+ using st assms(3)
+ by auto
+ then show ?thesis by auto
+ qed
+ qed
+ have 1: "finite (P Q)"
+ using I fin_pf by blast
+ have "finite (P {x})"
+ using "07" x_in by blast
+ then show ?thesis using 0 1
+ using finite_subset by auto
+ qed
+ qed
+ qed
+ qed
+ then show ?thesis
+ using A AT by blast
+ qed
+ have 9: "(\<Oplus>q\<in>P (insert x T). g (fst q) (snd q)) =
+ (\<Oplus>q\<in>P T. g (fst q) (snd q)) \<oplus> (\<Oplus>q\<in>P {x}. g (fst q) (snd q))"
+ using 8 7 6 5 4 3 finsum_Un_disjoint[of "P {x}" "P T" "\<lambda>q. g (fst q) (snd q)"]
+ by (simp add: "7" \<open>\<lbrakk>finite (P {x}); finite (P T); P {x} \<inter> P T = {}; (\<lambda>p. g (fst p) (snd p))
+ \<in> P {x} \<rightarrow> carrier R; (\<lambda>p. g (fst p) (snd p)) \<in> P T \<rightarrow> carrier R\<rbrakk> \<Longrightarrow>
+ (\<Oplus>p\<in>P {x} \<union> P T. g (fst p) (snd p)) = (\<Oplus>p\<in>P {x}. g (fst p) (snd p)) \<oplus>
+ (\<Oplus>p\<in>P T. g (fst p) (snd p))\<close> add.m_comm)
+ have 10: "(\<Oplus>p\<in>P (insert x T). g (fst p) (snd p))
+ = (\<Oplus>s\<in>T. finsum R (g s) (F s))\<oplus> (\<Oplus>p\<in>P {x}. g (fst p) (snd p))"
+ using IH 9 A
+ by auto
+ have 11: "(\<Oplus>p\<in>P {x}. g (fst p) (snd p)) = finsum R (g x) (F x)"
+ proof-
+ obtain h :: "('c \<times> 'd) \<Rightarrow> 'd" where h_def: "h = snd"
+ by simp
+ have 110: "bij_betw h (P {x}) (F x)"
+ unfolding bij_betw_def
+ proof
+ show "inj_on h (P {x})"
+ unfolding inj_on_def
+ proof
+ fix q
+ assume Ap: "q \<in> P {x}"
+ show " \<forall>y\<in>P {x}. h q = h y \<longrightarrow> q = y"
+ proof
+ fix y
+ assume q_def: "y \<in> P {x}"
+ then have C0: "fst y = x"
+ using assms(3)
+ by (simp add: case_prod_beta)
+ have C1: "fst q = x"
+ using assms(3) Ap
+ by (simp add: case_prod_beta)
+ show "h q = h y \<longrightarrow> q = y"
+ using C0 C1 h_def
+ by (simp add: prod_eq_iff)
+ qed
+ qed
+ show "h ` P {x} = F x"
+ proof
+ show "h ` P {x} \<subseteq> F x"
+ proof
+ fix y
+ assume "y \<in> h ` P {x}"
+ then obtain d where d_def: "y = h d \<and> d \<in> P {x}"
+ by blast
+ then obtain s t where st_def: "d = (s, t)"
+ by (meson surj_pair)
+ then have "s = x \<and> t \<in> F x"
+ using assms(3) d_def
+ by blast
+ then show "y \<in> F x"
+ using assms(3)
+ by (simp add: d_def h_def st_def)
+ qed
+ show "F x \<subseteq> h ` P {x}"
+ proof
+ fix y
+ assume E0: "y \<in> F x"
+ have E1: "y = h (x , y)"
+ by (simp add: h_def)
+ have "(x, y) \<in> P {x}"
+ using E0 assms(3) by blast
+ then show "y \<in> h ` P {x} "
+ using E1 assms(3) by blast
+ qed
+ qed
+ qed
+ have 111: "g x \<in> F x \<rightarrow> carrier R "
+ proof
+ fix y
+ assume "y \<in> F x"
+ then show "g x y \<in> carrier R"
+ using assms A
+ by blast
+ qed
+ have 112: "(\<And>s. s \<in> P {x} \<Longrightarrow> g (fst s) (snd s) = g x (h s))"
+ proof-
+ fix s
+ assume "s \<in> P{x}"
+ then have "s \<in> {(s, t). s = x \<and> t \<in> F s}"
+ using assms(3) by blast
+ then obtain t where "s = (x, t) \<and> t \<in> F x"
+ using assms(3)
+ by blast
+ then show "g (fst s) (snd s) = g x (h s)"
+ by (simp add: h_def)
+ qed
+
+
+
+ show ?thesis using 5 7 110 111 112 finsum_bij_eq[of "\<lambda>p. g (fst p) (snd p)" "P {x}" "g x" "F x" h ]
+ by auto
+ qed
+ have 12: "(\<Oplus>p\<in>P (insert x T). g (fst p) (snd p))
+ = (\<Oplus>s\<in>T. finsum R (g s) (F s))\<oplus> finsum R (g x) (F x)"
+ using 10 11 by auto
+ then show ?thesis using 2
+ by (simp add: "2" "0" "1" add.m_comm)
+ qed
+qed
+
+lemma double_finsum:
+ assumes "finite S"
+ assumes "\<And>s. s \<in> S \<Longrightarrow> finite (F s)"
+ assumes "P = {(s, t). s \<in> S \<and> t \<in> (F s)}"
+ assumes "\<And>s y. s \<in> S \<Longrightarrow> y \<in> (F s) \<Longrightarrow> g s y \<in> carrier R"
+ shows "finsum R (\<lambda>s. finsum R (g s) (F s)) S =
+ finsum R (\<lambda> p. g (fst p) (snd p)) P"
+proof-
+ obtain P' where P'_def: "P' = (\<lambda>S. {(s, t). s \<in> S \<and> t \<in> (F s)})"
+ by simp
+ have "finsum R (\<lambda>s. finsum R (g s) (F s)) S =
+ finsum R (\<lambda> p. g (fst p) (snd p)) (P' S)"
+ using double_finsum_induct[of S F P' g S]
+ assms P'_def
+ by blast
+ then show ?thesis
+ using P'_def assms
+ by blast
+qed
+
+end
+
+text\<open>
+ The product index set for the double sums in the coefficients of the
+ $((a \otimes_p b) \otimes_p c)$. It is the set of pairs $(x,y)$ of monomials, such that
+ $x$ is a factor of monomial $m$, and $y$ is a factor of monomial $x$.
+\<close>
+
+definition right_cuts :: "'c monomial \<Rightarrow> ('c monomial \<times> 'c monomial) set" where
+"right_cuts m = {(x, y). x \<subseteq># m \<and> y \<subseteq># x}"
+
+context ring
+begin
+
+lemma right_cuts_alt_def:
+"right_cuts m = {(x, y). x \<in> mset_factors m \<and> y \<in> mset_factors x}"
+ unfolding mset_factors_def right_cuts_def
+ by simp
+
+lemma right_cuts_finite:
+"finite (right_cuts m)"
+proof-
+ have "finite (mset_factors m \<times> mset_factors m)"
+ using mset_factors_finite
+ by blast
+ have "right_cuts m \<subseteq> (mset_factors m \<times> mset_factors m)"
+ proof
+ fix p
+ assume p_def: "p \<in> right_cuts m"
+ obtain x y where xy: "p = (x , y) \<and> x \<subseteq># m \<and> y \<subseteq>#x"
+ using p_def unfolding right_cuts_def
+ by blast
+ then have "x \<in> mset_factors m \<and> y \<in> mset_factors m"
+ using monom_divides_factors
+ by auto
+ then show "p \<in> (mset_factors m \<times> mset_factors m)"
+ by (simp add: xy)
+ qed
+ then show ?thesis
+ using \<open>finite (mset_factors m \<times> mset_factors m)\<close> finite_subset
+ by blast
+qed
+
+lemma assoc_aux0:
+ assumes "carrier_coeff a"
+ assumes "carrier_coeff b"
+ assumes "carrier_coeff c"
+ assumes "g = (\<lambda>x y. a x \<otimes> (b y \<otimes> c (m - x - y)))"
+ shows "\<And>s y. s \<in> mset_factors m \<Longrightarrow> y \<in> mset_factors (m - x)
+ \<Longrightarrow> g s y \<in> carrier R"
+ using assms carrier_coeffE by blast
+
+lemma assoc_aux1:
+ assumes "carrier_coeff a"
+ assumes "carrier_coeff b"
+ assumes "carrier_coeff c"
+ assumes "g = (\<lambda>x y. (a y \<otimes> b (x - y)) \<otimes> c (m - x))"
+ shows "\<And>s y. s \<in> mset_factors m \<Longrightarrow> y \<in> mset_factors x \<Longrightarrow> g s y \<in> carrier R"
+ using assms carrier_coeffE by blast
+end
+
+text\<open>
+ The product index set for the double sums in the coefficients of the
+ $(a \otimes_p (b \otimes_p c))$. It is the set of pairs $(x,y)$ such that $x$ is a factor
+ of $m$ and $y$ is a factor of $m/x$.
+\<close>
+
+definition left_cuts :: "'c monomial \<Rightarrow> ('c monomial \<times> 'c monomial) set" where
+"left_cuts m = {(x, y). x \<subseteq>#m \<and> y \<subseteq># (m - x)}"
+
+context ring
+begin
+
+lemma left_cuts_alt_def:
+"left_cuts m = {(x, y). x \<in> mset_factors m \<and> y \<in> mset_factors (m - x)}"
+ unfolding mset_factors_def left_cuts_def
+ by simp
+
+text\<open>This lemma witnesses the bijection between left and right cuts for the proof of associativity:\<close>
+
+lemma left_right_cuts_bij:
+"bij_betw (\<lambda> (x,y). (x + y, x)) (left_cuts m) (right_cuts m)"
+ unfolding bij_betw_def right_cuts_def left_cuts_def
+proof
+ show "inj_on (\<lambda>(x, y). (x + y, x)) {(x, y). x \<subseteq># m \<and> y \<subseteq># m - x}"
+ unfolding inj_on_def
+ by auto
+ show "(\<lambda>(x, y). (x + y, x)) ` {(x, y). x \<subseteq># m \<and> y \<subseteq># m - x} = {(x, y). x \<subseteq># m \<and> y \<subseteq># x}"
+ proof
+ show "(\<lambda>(x, y). (x + y, x)) ` {(x, y). x \<subseteq># m \<and> y \<subseteq># m - x} \<subseteq> {(x, y). x \<subseteq># m \<and> y \<subseteq># x}"
+ proof
+ fix p
+ assume "p \<in> (\<lambda>(x, y). (x + y, x)) ` {(x, y). x \<subseteq># m \<and> y \<subseteq># m - x}"
+ then obtain a b where ab: "a \<subseteq># m \<and> b \<subseteq># m - a \<and> p = (\<lambda>(x, y). (x + y, x)) (a, b)"
+ by blast
+ then have "p = (a + b, a)"
+ by simp
+ then show "p \<in> {(x, y). x \<subseteq># m \<and> y \<subseteq># x}"
+ using ab
+ by (metis (no_types, lifting) case_prodI mem_Collect_eq mset_subset_eq_add_left
+ subset_mset.le_diff_conv2 union_commute)
+ qed
+ show "{(x, y). x \<subseteq># m \<and> y \<subseteq># x} \<subseteq> (\<lambda>(x, y). (x + y, x)) ` {(x, y). x \<subseteq># m \<and> y \<subseteq># m - x}"
+ proof
+ fix p
+ assume p_def: "p \<in> {(x, y). x \<subseteq># m \<and> y \<subseteq># x}"
+ then obtain a b where ab: "p = (a, b) \<and> a \<subseteq># m \<and> b \<subseteq># a"
+ by blast
+ then have "p = (\<lambda>(x, y). (x + y, x)) (b, a - b)"
+ using ab
+ by simp
+ then show " p \<in> (\<lambda>(x, y). (x + y, x)) ` {(x, y). x \<subseteq># m \<and> y \<subseteq># m - x}"
+ by (metis (mono_tags, lifting) ab case_prodI image_eqI mem_Collect_eq
+ subset_mset.diff_add subset_mset.dual_order.trans subset_mset.le_diff_conv2)
+ qed
+ qed
+qed
+
+lemma left_cuts_sum:
+ assumes "carrier_coeff a"
+ assumes "carrier_coeff b"
+ assumes "carrier_coeff c"
+ shows "(a \<Otimes>\<^sub>p (b \<Otimes>\<^sub>p c)) m = (\<Oplus>p \<in> left_cuts m. a (fst p) \<otimes> (b (snd p) \<otimes> c (m - (fst p) - (snd p))))"
+proof-
+ have U: "(a \<Otimes>\<^sub>p (b \<Otimes>\<^sub>p c)) m = (\<Oplus>x\<in>mset_factors m. (\<Oplus>xa\<in>mset_factors (m - x). a x \<otimes> (b xa \<otimes> c (m - x - xa))))"
+ unfolding P_ring_mult_def
+ proof-
+ obtain f where f_def:
+ "f = (\<lambda>x . a x \<otimes> (\<Oplus>xa\<in>mset_factors (m - x). b xa \<otimes> c (m - x - xa)))"
+ by simp
+ obtain g where g_def:
+ "g = (\<lambda>x . \<Oplus>xa\<in>mset_factors (m - x). a x \<otimes> (b xa \<otimes> c (m - x - xa)))"
+ by simp
+ have 0: "restrict f (mset_factors m) = restrict g (mset_factors m)"
+ proof
+ fix x
+ show "restrict f (mset_factors m) x = restrict g (mset_factors m) x"
+ proof(cases "x \<in> mset_factors m")
+ case True
+ have T0: "restrict f (mset_factors m) x = a x \<otimes> (\<Oplus>xa\<in>mset_factors (m - x). b xa \<otimes> c (m - x - xa))"
+ using f_def True by auto
+ have T1: "restrict g (mset_factors m) x = (\<Oplus>xa\<in>mset_factors (m - x). a x \<otimes> (b xa \<otimes> c (m - x - xa)))"
+ using True g_def by auto
+ show "restrict f (mset_factors m) x = restrict g (mset_factors m) x"
+ using assms finsum_rdistr[of "mset_factors (m - x)" "a x" "\<lambda> xa. b xa \<otimes> c (m - x - xa)"]
+ by (metis (mono_tags, lifting) mset_factors_finite Pi_I T0 T1 carrier_coeffE m_closed)
+ next
+ case False
+ then have "restrict f (mset_factors m) x = undefined" using f_def
+ by (simp add: restrict_def)
+ have "restrict g (mset_factors m) x = undefined" using g_def False
+ using restrict_def by auto
+ then show ?thesis using f_def g_def
+ using \<open>restrict f (mset_factors m) x = undefined\<close>
+ by auto
+
+ qed
+ qed
+ have 1: "f \<in> mset_factors m \<rightarrow> carrier R"
+ using f_def assms
+ by (simp add: carrier_coeffE)
+ have 2: "g \<in> mset_factors m \<rightarrow> carrier R"
+ using g_def assms
+ by (simp add: carrier_coeffE)
+ show "(\<Oplus>x\<in>mset_factors m. a x \<otimes> (\<Oplus>xa\<in>mset_factors (m - x). b xa \<otimes> c (m - x - xa))) =
+ (\<Oplus>x\<in>mset_factors m. \<Oplus>xa\<in>mset_factors (m - x). a x \<otimes> (b xa \<otimes> c (m - x - xa)))"
+ using f_def g_def finsum_eq[of "f"
+ "mset_factors m" "g"] 0 1 2
+ by blast
+ qed
+ have 0: "(\<And>s. s \<in> mset_factors m \<Longrightarrow> finite (mset_factors (m - s)))"
+ by simp
+ have 1: "finite (mset_factors m)"
+ by simp
+ have 2: "(\<And>s y. s \<in> mset_factors m \<Longrightarrow> y \<in> mset_factors (m - s) \<Longrightarrow> a s \<otimes> (b y \<otimes> c (m - s - y)) \<in> carrier R)"
+ using assms assoc_aux0[of a b c ]
+ by blast
+ have "(\<Oplus>x\<in>mset_factors m. (\<Oplus>xa\<in>mset_factors (m - x). a x \<otimes> (b xa \<otimes> c (m - x - xa)))) =
+ (\<Oplus>p \<in> left_cuts m. a (fst p) \<otimes> (b (snd p) \<otimes> c (m - (fst p) - (snd p)))) "
+ using assms left_cuts_alt_def[of m] 0 1 2
+ double_finsum[of "mset_factors m" "\<lambda>x. mset_factors (m - x)" "left_cuts m" "(\<lambda>x y. a x \<otimes> (b y \<otimes> c (m - x - y)))"]
+ by blast
+ then show ?thesis using U
+ by auto
+qed
+
+lemma right_cuts_sum:
+ assumes "carrier_coeff a"
+ assumes "carrier_coeff b"
+ assumes "carrier_coeff c"
+ shows "(a \<Otimes>\<^sub>p b \<Otimes>\<^sub>p c) m = (\<Oplus>p \<in> right_cuts m. a (snd p) \<otimes> (b ((fst p) -(snd p)) \<otimes> c (m - (fst p))))"
+proof-
+ have 0: "finite (mset_factors m)"
+ by simp
+ have 1: "(\<And>s. s \<in> mset_factors m \<Longrightarrow> finite (mset_factors s))"
+ by auto
+ have 2: "right_cuts m = {(s, t). s \<in> mset_factors m \<and> t \<in> mset_factors s}"
+ unfolding right_cuts_def
+ by (simp add: monom_divides_factors)
+ have 3: "(\<And>s y. s \<in> mset_factors m \<Longrightarrow> y \<in> mset_factors s \<Longrightarrow> a y \<otimes> b (s - y) \<otimes> c (m - s) \<in> carrier R)"
+ using assoc_aux1 assms(1) assms(2) assms(3)
+ by blast
+ have 4: "(\<Oplus>s\<in>mset_factors m. (\<Oplus>y\<in>mset_factors s. a y \<otimes> b (s - y) \<otimes> c (m - s))) =
+ (\<Oplus>p\<in>right_cuts m. a (snd p) \<otimes> b (fst p - snd p) \<otimes> c (m - fst p))"
+ using 0 1 2 3
+ double_finsum[of "mset_factors m" _ "right_cuts m"
+ "(\<lambda>x y. (a y \<otimes> b (x - y)) \<otimes> c (m - x))"]
+ by auto
+ have 5: "(\<Oplus>x\<in>mset_factors m. (\<Oplus>xa\<in>mset_factors x. a xa \<otimes> b (x - xa)) \<otimes> c (m - x)) =
+ (\<Oplus>x\<in>mset_factors m. \<Oplus>xa\<in>mset_factors x. a xa \<otimes> b (x - xa) \<otimes> c (m - x))"
+ proof-
+ obtain f where f_def: "f =( \<lambda>x. (\<Oplus>xa\<in>mset_factors x. a xa \<otimes> b (x - xa)) \<otimes> c (m - x))"
+ by simp
+ obtain g where g_def: "g = (\<lambda>x. \<Oplus>xa\<in>mset_factors x. a xa \<otimes> b (x - xa) \<otimes> c (m - x))"
+ by simp
+ have 50: "\<And>s. s \<in> (mset_factors m) \<Longrightarrow> f s = g s"
+ proof-
+ fix x
+ assume As: "x \<in> mset_factors m"
+ show "f x = g x"
+ proof-
+ have f_eq: "f x = (\<Oplus>xa\<in>mset_factors x. a xa \<otimes> b (x - xa)) \<otimes> c (m - x)"
+ using f_def
+ by auto
+ have g_eq: "g x = (\<Oplus>xa\<in>mset_factors x. a xa \<otimes> b (x - xa) \<otimes> c (m - x))"
+ using g_def
+ by auto
+ have f_eq': "f x = (\<Oplus>xa\<in>mset_factors x. (a xa \<otimes> b (x - xa)) \<otimes> c (m - x))"
+ using f_eq finsum_ldistr[of "mset_factors x" "c (m - x)" "\<lambda>xa. (a xa \<otimes> b (x - xa))" ] assms
+ by (simp add: \<open>\<lbrakk>finite (mset_factors x); c (m - x) \<in> carrier R; (\<lambda>xa. a xa \<otimes> b (x - xa)) \<in> mset_factors x \<rightarrow> carrier R\<rbrakk> \<Longrightarrow> (\<Oplus>i\<in>mset_factors x. a i \<otimes> b (x - i)) \<otimes> c (m - x) = (\<Oplus>i\<in>mset_factors x. a i \<otimes> b (x - i) \<otimes> c (m - x))\<close> Pi_I carrier_coeffE)
+ then show "f x = g x"
+ by (simp add: g_eq)
+ qed
+ qed
+ have 51: "f \<in> mset_factors m \<rightarrow> carrier R"
+ proof
+ fix x
+ assume "x \<in> mset_factors m"
+ have "(\<Oplus>xa\<in>mset_factors x. a xa \<otimes> b (x - xa)) \<otimes> c (m - x )\<in> carrier R"
+ using assms carrier_coeffE finsum_closed[of "\<lambda>xa. a xa \<otimes> b (x - xa)" "mset_factors x"]
+ by blast
+ then show "f x \<in> carrier R" using assms f_def by auto
+ qed
+ have 52: "g \<in> mset_factors m \<rightarrow> carrier R"
+ proof
+ fix x
+ assume "x \<in> mset_factors m"
+ show "g x \<in> carrier R"
+ using assms finsum_closed[of "\<lambda>xa. a xa \<otimes> b (x - xa) \<otimes> c (m - x)" "mset_factors x"] g_def
+ by (metis (no_types, lifting) "50" "51" Pi_iff \<open>x \<in> mset_factors m\<close>)
+ qed
+
+ show ?thesis
+ using 50 51 52 finsum_eq[of f "(mset_factors m) " g]
+ by (metis (mono_tags, lifting) f_def finsum_cong' g_def)
+ qed
+ then have 6: "(\<Oplus>x\<in>mset_factors m. (\<Oplus>xa\<in>mset_factors x. a xa \<otimes> b (x - xa)) \<otimes> c (m - x)) =
+ (\<Oplus>p\<in>right_cuts m. a (snd p) \<otimes> b (fst p - snd p) \<otimes> c (m - fst p))"
+ by (simp add: "4")
+ have 7: "(\<Oplus>p\<in>right_cuts m. a (snd p) \<otimes> b (fst p - snd p) \<otimes> c (m - fst p))
+ = (\<Oplus>p\<in>right_cuts m. a (snd p) \<otimes> (b (fst p - snd p) \<otimes> c (m - fst p)))"
+ using assms
+ by (meson local.ring_axioms m_assoc ring.carrier_coeff_def)
+ then show ?thesis
+ using assms 5 6
+ unfolding P_ring_mult_def
+ by simp
+qed
+
+text\<open>The Associativity of Polynomial Multiplication:\<close>
+
+lemma P_ring_mult_assoc:
+ assumes "carrier_coeff a"
+ assumes "carrier_coeff b"
+ assumes "carrier_coeff c"
+ shows "a \<Otimes>\<^sub>p (b \<Otimes>\<^sub>p c) = (a \<Otimes>\<^sub>p b) \<Otimes>\<^sub>p c"
+proof
+ fix m
+ show "(a \<Otimes>\<^sub>p (b \<Otimes>\<^sub>p c)) m = (a \<Otimes>\<^sub>p b \<Otimes>\<^sub>p c) m"
+ proof-
+ obtain f where f_def: "f = (\<lambda>p. a (snd p) \<otimes> (b ((fst p) -(snd p)) \<otimes> c (m - (fst p))))"
+ by simp
+ obtain g where g_def: "g = (\<lambda>p. a (fst p) \<otimes> (b (snd p) \<otimes> c (m - (fst p) - (snd p))))"
+ by simp
+ have f_dom: "f \<in> right_cuts m \<rightarrow> carrier R"
+ using assms f_def unfolding right_cuts_def
+ by (simp add: carrier_coeffE)
+ have g_dom: "g \<in> left_cuts m \<rightarrow> carrier R"
+ using assms g_def unfolding left_cuts_def
+ by (simp add: carrier_coeffE)
+ have 0: "finite (right_cuts m)"
+ by (simp add: right_cuts_finite)
+ have 1: "bij_betw (\<lambda> (x,y). (x + y, x)) (left_cuts m) (right_cuts m)"
+ by (simp add: left_right_cuts_bij)
+ have 2: "(\<And>s. s \<in> left_cuts m \<Longrightarrow> g s = f (case s of (x, y) \<Rightarrow> (x + y, x)))"
+ proof-
+ fix s
+ assume "s \<in> left_cuts m"
+ then obtain x y where xy: "s = (x, y) \<and> x \<subseteq># m \<and> y \<subseteq># m - x"
+ using left_cuts_def
+ by blast
+ then have g_eq: "g s = a x \<otimes> (b y \<otimes> c (m - x - y))"
+ using g_def fst_conv
+ by auto
+ have f_eq: "f (case s of (x, y) \<Rightarrow> (x + y, x)) = f (x + y, x)"
+ by (simp add: xy)
+ then have f_eq': "f (case s of (x, y) \<Rightarrow> (x + y, x)) = a x \<otimes> (b ((x + y) - x) \<otimes> c (m - (x + y)))"
+ using f_def
+ by simp
+ then show "g s = f (case s of (x, y) \<Rightarrow> (x + y, x))"
+ by (simp add: g_eq)
+ qed
+ have 3: "finsum R g (left_cuts m) = finsum R f (right_cuts m)"
+ using 0 1 2 finsum_bij_eq[of g "left_cuts m" f "right_cuts m" "\<lambda> (x,y). (x + y, x)" ]
+ using bij_betw_finite f_dom g_dom by blast
+ then show ?thesis using assms right_cuts_sum left_cuts_sum
+ by (metis (mono_tags, lifting) f_def f_dom finsum_cong' g_def g_dom)
+ qed
+qed
+
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Commutativity of Polynomial Multiplication\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+context ring
+begin
+
+lemma mset_factors_bij:
+"bij_betw (\<lambda>x. m - x) (mset_factors m) (mset_factors m)"
+ apply(rule bij_betwI')
+ apply (metis monom_comp' monom_divides_factors)
+ apply (simp add: monom_divides_factors)
+ by (meson monom_comp' monom_divides_factors diff_subset_eq_self)
+
+lemma(in cring) P_ring_mult_comm:
+ assumes "carrier_coeff a"
+ assumes "carrier_coeff b"
+ shows "a \<Otimes>\<^sub>p b = b \<Otimes>\<^sub>p a"
+proof
+ fix m
+ show "(a \<Otimes>\<^sub>p b) m = (b \<Otimes>\<^sub>p a) m"
+ unfolding P_ring_mult_def
+ apply (rule finsum_bij_eq[of "\<lambda> x. a x \<otimes> b (m - x)" "mset_factors m"
+ "\<lambda>x. b x \<otimes> a (m - x)" "mset_factors m" "\<lambda>x. m - x"])
+ proof
+ show "\<And>x. x \<in> mset_factors m \<Longrightarrow> a x \<otimes> b (m - x) \<in> carrier R"
+ proof-
+ fix x
+ assume "x \<in> mset_factors m"
+ show "a x \<otimes> b (m - x) \<in> carrier R"
+ using assms carrier_coeffE
+ by blast
+ qed
+ show "(\<lambda>x. b x \<otimes> a (m - x)) \<in> mset_factors m \<rightarrow> carrier R"
+ proof
+ fix x
+ assume "x \<in> mset_factors m"
+ show "b x \<otimes> a (m - x) \<in> carrier R"
+ using assms carrier_coeffE
+ by blast
+ qed
+ show "finite (mset_factors m)"
+ by simp
+ show "bij_betw ((-) m) (mset_factors m) (mset_factors m)"
+ by (simp add: mset_factors_bij)
+ show "\<And>s. s \<in> mset_factors m \<Longrightarrow> a s \<otimes> b (m - s) = b (m - s) \<otimes> a (m - (m - s))"
+ proof-
+ fix s
+ assume "s \<in> mset_factors m"
+ then show "a s \<otimes> b (m - s) = b (m - s) \<otimes> a (m - (m - s))"
+ using assms carrier_coeffE
+ by (metis local.ring_axioms m_comm ring.monom_comp' ring.monom_divides_factors)
+ qed
+ qed
+qed
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Closure properties for multiplication\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>Building monomials from polynomials:\<close>
+
+lemma indexed_const_P_mult_eq:
+ assumes "a \<in> carrier R"
+ assumes "b \<in> carrier R"
+ shows "(indexed_const a) \<Otimes>\<^sub>p (indexed_const b) = indexed_const (a \<otimes> b)"
+proof-
+ have 0: "monomials_of R (indexed_const a) = (if (a = \<zero>) then {} else {{#}})"
+ unfolding monomials_of_def indexed_const_def
+ by auto
+ have 1: "monomials_of R (indexed_const b) = (if (b = \<zero>) then {} else {{#}})"
+ unfolding monomials_of_def indexed_const_def
+ by auto
+ show ?thesis
+ unfolding P_ring_mult_def
+ proof
+ fix m:: "'c monomial"
+ show "(\<Oplus>x\<in>mset_factors m. indexed_const a x \<otimes> indexed_const b (m - x)) = indexed_const (a \<otimes> b) m "
+ proof(cases "m = {#}")
+ case True
+ then have T0: "mset_factors m = {{#}}"
+ unfolding mset_factors_def
+ by simp
+ have "(\<Oplus>x\<in>mset_factors m. indexed_const a x \<otimes> indexed_const b (m - x)) =
+ indexed_const a {#} \<otimes> indexed_const b ({#} - {#}) "
+ proof-
+ have 0: "(\<lambda>x. indexed_const a x \<otimes> indexed_const b (m - x)) \<in> {} \<rightarrow> carrier R"
+ by blast
+ have 1: "indexed_const a {#} \<otimes> indexed_const b (m - {#}) \<in> carrier R"
+ by (simp add: assms(1) assms(2) indexed_const_def)
+ have 2: "(\<Oplus>x\<in>{{#}}. indexed_const a x \<otimes> indexed_const b (m - x)) =
+ indexed_const a {#} \<otimes> indexed_const b (m - {#}) \<oplus> (\<Oplus>x\<in>{}. indexed_const a x \<otimes> indexed_const b (m - x))"
+ using True T0 0 1 finsum_insert[of "{}" "{#}" "\<lambda>x. indexed_const a x \<otimes> indexed_const b (m - x)" ]
+ by (simp add: indexed_const_def)
+ then show ?thesis
+ using True T0 0 1 finsum_insert[of "{}" "{#}" "\<lambda>x. indexed_const a x \<otimes> indexed_const b (m - x)" ]
+ finsum_empty[of "\<lambda>x. indexed_const a x \<otimes> indexed_const b (m - x)"]
+ by (simp add: \<open>\<lbrakk>finite {}; {#} \<notin> {}; (\<lambda>x. indexed_const a x \<otimes> indexed_const b (m - x)) \<in> {} \<rightarrow> carrier R; indexed_const a {#} \<otimes> indexed_const b (m - {#}) \<in> carrier R\<rbrakk> \<Longrightarrow> (\<Oplus>x\<in>{{#}}. indexed_const a x \<otimes> indexed_const b (m - x)) = indexed_const a {#} \<otimes> indexed_const b (m - {#}) \<oplus> (\<Oplus>x\<in>{}. indexed_const a x \<otimes> indexed_const b (m - x))\<close> indexed_const_def)
+ qed
+ then show ?thesis
+ by (simp add: True indexed_const_def)
+ next
+ case False
+ then show ?thesis using 0 1
+ by (simp add: add.finprod_one_eqI assms(1) assms(2)
+ indexed_const_def )
+ qed
+ qed
+qed
+
+lemma indexed_const_P_multE:
+ assumes "P \<in> indexed_pset I (carrier R)"
+ assumes "c \<in> carrier R"
+ shows "(P \<Otimes>\<^sub>p (indexed_const c)) m = (P m) \<otimes> c"
+ unfolding P_ring_mult_def
+proof-
+ have 3: "m \<notin> mset_factors m - {m}"
+ by simp
+ have 4: "finite ((mset_factors m) - {m})"
+ by simp
+ have 5: "P m \<otimes> indexed_const c (m - m) \<in> carrier R "
+ by (metis assms(1) assms(2) cancel_comm_monoid_add_class.diff_cancel
+ carrier_coeffE indexed_const_def indexed_pset_in_carrier local.ring_axioms
+ ring.ring_simprules(5) subsetI)
+ have 0: "(\<lambda>x. P x \<otimes> indexed_const c (m - x)) \<in> mset_factors m - {m} \<rightarrow> carrier R"
+ proof
+ fix x
+ assume "x \<in> mset_factors m - {m}"
+ then show "P x \<otimes> indexed_const c (m - x) \<in> carrier R "
+ using assms
+ by (meson carrier_coeffE indexed_const_in_carrier indexed_pset_in_carrier m_closed subsetI)
+ qed
+ have 1: "P m \<otimes> indexed_const c ( m - m) = (P m \<otimes> c)"
+ by (simp add: indexed_const_def)
+ have 2: "\<And>x. x \<in> mset_factors m \<Longrightarrow> P x \<otimes> indexed_const c (m - x) = (if x = m then (P m \<otimes> c) else \<zero>)"
+ proof-
+ fix x
+ assume "x \<in> mset_factors m "
+ then have "indexed_const c (m - x) = (if x = m then c else \<zero>)"
+ unfolding indexed_const_def
+ by (metis cancel_comm_monoid_add_class.diff_cancel
+ diff_zero monom_comp' monom_divides_factors)
+ then show "P x \<otimes> indexed_const c (m - x) = (if x = m then (P m \<otimes> c) else \<zero>)"
+ by (metis assms(1) carrier_coeffE indexed_pset_in_carrier
+ local.semiring_axioms semiring.r_null set_eq_subset)
+ qed
+ then have "(\<Oplus>x\<in>(mset_factors m) - {m}. P x \<otimes> indexed_const c (m - x)) = \<zero>"
+ using assms
+ by (metis (no_types, lifting) DiffD1 DiffD2 add.finprod_one_eqI singletonI)
+ then show "(\<Oplus>x\<in>(mset_factors m). P x \<otimes> indexed_const c (m - x)) = P m \<otimes> c"
+ using assms 0 1 3 4 5 finsum_insert[of "(mset_factors m) - {m}"
+ m "\<lambda>x. P x \<otimes> indexed_const c (m - x) "]
+ by (metis (no_types, lifting) m_factor add.l_cancel_one
+ insert_Diff_single insert_absorb zero_closed)
+qed
+
+lemma indexed_const_var_mult:
+ assumes "P \<in> indexed_pset I (carrier R)"
+ assumes "c \<in> carrier R"
+ assumes "i \<in> I"
+ shows "P \<Otimes> i \<Otimes>\<^sub>p indexed_const c = (P \<Otimes>\<^sub>p (indexed_const c)) \<Otimes> i "
+proof
+ fix m
+ show "(P \<Otimes> i \<Otimes>\<^sub>p indexed_const c) m = (P \<Otimes>\<^sub>p indexed_const c \<Otimes> i) m"
+ proof(cases "i \<in># m")
+ case True
+ then have T0: "(P \<Otimes> i \<Otimes>\<^sub>p indexed_const c) m = (P \<Otimes> i) m \<otimes> c"
+ using assms indexed_const_P_multE[of "P \<Otimes> i" I c m]
+ by (simp add: indexed_pset.indexed_pmult)
+ then show ?thesis using assms indexed_const_P_multE[of P I c m]
+ unfolding indexed_pmult_def
+ using True indexed_const_P_multE by fastforce
+ next
+ case False
+ then have T0: "(P \<Otimes> i \<Otimes>\<^sub>p indexed_const c) m = (P \<Otimes> i) m \<otimes> c"
+ using assms indexed_const_P_multE[of "P \<Otimes> i" I c m]
+ by (simp add: indexed_pset.indexed_pmult)
+ then show ?thesis using assms indexed_const_P_multE[of P I c m]
+ unfolding indexed_pmult_def
+ using False by auto
+ qed
+qed
+
+lemma indexed_const_P_mult_closed:
+ assumes "a \<in> indexed_pset I (carrier R)"
+ assumes "c \<in> carrier R"
+ shows "a \<Otimes>\<^sub>p (indexed_const c) \<in> indexed_pset I (carrier R)"
+ apply(rule indexed_pset.induct[of a I "(carrier R)" ])
+ apply (simp add: assms(1); fail)
+proof-
+ show "\<And>k. (k \<in> carrier R) \<Longrightarrow> ((indexed_const k) \<Otimes>\<^sub>p (indexed_const c)) \<in> ((carrier R) [\<X>\<^bsub>I\<^esub>])"
+ using assms
+ by (metis indexed_const_P_mult_eq indexed_pset.simps m_closed)
+ show "\<And>P Q. P \<in> ((carrier R) [\<X>\<^bsub>I\<^esub>]) \<Longrightarrow>
+ P \<Otimes>\<^sub>p indexed_const c \<in> ((carrier R) [\<X>\<^bsub>I\<^esub>]) \<Longrightarrow>
+ Q \<in> ((carrier R) [\<X>\<^bsub>I\<^esub>]) \<Longrightarrow> Q \<Otimes>\<^sub>p indexed_const c \<in> ((carrier R) [\<X>\<^bsub>I\<^esub>]) \<Longrightarrow> P \<Oplus> Q \<Otimes>\<^sub>p indexed_const c \<in> ((carrier R) [\<X>\<^bsub>I\<^esub>])"
+ using P_ring_ldistr
+ by (metis assms(2) carrier_coeff_def indexed_const_in_carrier indexed_pset.indexed_padd indexed_pset_in_carrier subsetI)
+ show "\<And>P i. P \<in> ((carrier R) [\<X>\<^bsub>I\<^esub>]) \<Longrightarrow> P \<Otimes>\<^sub>p indexed_const c \<in> ((carrier R) [\<X>\<^bsub>I\<^esub>]) \<Longrightarrow> i \<in> I \<Longrightarrow> P \<Otimes> i \<Otimes>\<^sub>p indexed_const c \<in> ((carrier R) [\<X>\<^bsub>I\<^esub>])"
+ proof-
+ fix P i
+ assume A0: "P \<in> ((carrier R) [\<X>\<^bsub>I\<^esub>])"
+ assume A1: " (P \<Otimes>\<^sub>p indexed_const c) \<in> ((carrier R) [\<X>\<^bsub>I\<^esub>])"
+ assume A2: "i \<in> I"
+ show "P \<Otimes> i \<Otimes>\<^sub>p indexed_const c \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ using assms A0 A1 A2 indexed_const_var_mult local.ring_axioms ring.indexed_pset.simps
+ by (metis (no_types, opaque_lifting))
+ qed
+qed
+
+lemma monom_add_mset:
+"mset_to_IP R (add_mset i m) = mset_to_IP R m \<Otimes> i"
+ unfolding indexed_pmult_def
+ by (metis (no_types, opaque_lifting) add_mset_diff_bothsides diff_empty mset_to_IP_def multi_member_split union_single_eq_member)
+
+text\<open>Monomials are closed under multiplication:\<close>
+
+lemma monom_mult:
+"mset_to_IP R m \<Otimes>\<^sub>p mset_to_IP R n = mset_to_IP R (m + n)"
+proof-
+ have "(\<lambda>ma. \<Oplus>x\<in>mset_factors ma. (if x = m then \<one> else \<zero>) \<otimes> (if ma - x = n then \<one> else \<zero>))
+ = (\<lambda>ma. (if ma = n + m then \<one> else \<zero>))"
+ proof
+ fix ma
+ show "(\<Oplus>x\<in>mset_factors ma. (if x = m then \<one> else \<zero>) \<otimes> (if ma - x = n then \<one> else \<zero>)) = (if ma = n + m then \<one> else \<zero>)"
+
+ proof-
+ have 0: "\<And>x. x \<in> mset_factors ma \<Longrightarrow>
+ (\<lambda> x. (if x = m then \<one> else \<zero>) \<otimes> (if ma - x = n then \<one> else \<zero>)) x =
+ (if (x = m) then (if ma - x = n then \<one> else \<zero>) else \<zero>) "
+ by simp
+ then have 1: "(\<Oplus>x\<in>((mset_factors ma) - {m}). (if x = m then \<one> else \<zero>) \<otimes> (if ma - x = n then \<one> else \<zero>)) =
+ \<zero>"
+ by (metis (no_types, lifting) add.finprod_one_eqI mem_Collect_eq set_diff_eq singletonI)
+ have 2: "finite (mset_factors ma - {m}) "
+ by simp
+ have 3: "m \<notin> mset_factors ma - {m}"
+ by simp
+ have 4: "(\<lambda>x. (if x = m then \<one> else \<zero>) \<otimes> (if ma - x = n then \<one> else \<zero>)) \<in> mset_factors ma - {m} \<rightarrow> carrier R"
+ proof
+ fix x
+ assume " x \<in> mset_factors ma - {m}"
+ show "(if x = m then \<one> else \<zero>) \<otimes> (if ma - x = n then \<one> else \<zero>) \<in> carrier R "
+ by auto
+ qed
+ show ?thesis
+ proof(cases "m \<in> (mset_factors ma)")
+ case True
+ have T0: " (\<Oplus>x\<in>insert m (mset_factors ma - {m}). (if x = m then \<one> else \<zero>) \<otimes> (if ma - x = n then \<one> else \<zero>)) =
+ (if m = m then \<one> else \<zero>) \<otimes> (if ma - m = n then \<one> else \<zero>) \<oplus>
+ (\<Oplus>x\<in>mset_factors ma - {m}. (if x = m then \<one> else \<zero>) \<otimes> (if ma - x = n then \<one> else \<zero>))"
+ using True 1 2 3 4 finsum_insert[of "((mset_factors ma) - {m})" m
+ "\<lambda>x. (if x = m then \<one> else \<zero>) \<otimes> (if ma - x = n then \<one> else \<zero>)"]
+ using m_closed one_closed zero_closed by presburger
+ have T1: "(mset_factors ma) = insert m (mset_factors ma - {m})"
+ using True
+ by blast
+ then have "(\<Oplus>x\<in>(mset_factors ma). (if x = m then \<one> else \<zero>) \<otimes> (if ma - x = n then \<one> else \<zero>))
+ = (if m = m then \<one> else \<zero>) \<otimes> (if ma - m = n then \<one> else \<zero>)"
+ using T0 T1 1 add.l_cancel_one insert_Diff_single insert_absorb2 l_one mk_disjoint_insert one_closed zero_closed
+ by presburger
+ then have "(\<Oplus>x\<in>(mset_factors ma). (if x = m then \<one> else \<zero>) \<otimes> (if ma - x = n then \<one> else \<zero>))
+ = (if ma - m = n then \<one> else \<zero>)"
+ by simp
+ then show ?thesis
+ by (metis (no_types, lifting) monom_divides_factors True add.commute add_diff_cancel_right' subset_mset.add_diff_inverse)
+ next
+ case False
+ then show ?thesis
+ by (metis (no_types, lifting) "0" monom_divides_factors add.finprod_one_eqI mset_subset_eq_add_right)
+ qed
+ qed
+ qed
+ then show ?thesis
+ unfolding mset_to_IP_def P_ring_mult_def
+ by (simp add: union_commute)
+qed
+
+lemma poly_index_mult:
+ assumes "a \<in> indexed_pset I (carrier R)"
+ assumes "i \<in> I"
+ shows "a \<Otimes> i = a \<Otimes>\<^sub>p mset_to_IP R {#i#}"
+proof
+ fix m
+ show "(a \<Otimes> i) m = (a \<Otimes>\<^sub>p mset_to_IP R {#i#}) m"
+ proof(cases "i \<in># m")
+ case True
+ have T0: "(a \<Otimes> i) m = a (m - {#i#})"
+ by (simp add: True indexed_pmult_def)
+ have T1: "(a \<Otimes>\<^sub>p mset_to_IP R {#i#}) m = a (m - {#i#})"
+ proof-
+ have T10: "(a \<Otimes>\<^sub>p mset_to_IP R {#i#}) m
+ = (\<Oplus>x\<in>mset_factors m. a x \<otimes> mset_to_IP R {#i#} (m - x)) "
+ unfolding P_ring_mult_def
+ by auto
+ have T11: "\<And>x. x \<in> mset_factors m \<Longrightarrow>
+ mset_to_IP R {#i#} (m - x) = (if x = (m - {#i#}) then \<one> else \<zero>)"
+ unfolding mset_to_IP_def
+ by (metis Multiset.diff_cancel Multiset.diff_right_commute True diff_single_eq_union
+ diff_single_trivial diff_zero monom_comp' monom_divides_factors multi_drop_mem_not_eq)
+ have T12: "\<And>x. x \<in> mset_factors m \<Longrightarrow>
+ a x \<otimes> mset_to_IP R {#i#} (m - x) = (if x = (m - {#i#}) then a (m - {#i#}) else \<zero>)"
+ proof-
+ fix x
+ assume "x \<in> mset_factors m"
+ then show " a x \<otimes> mset_to_IP R {#i#} (m - x) = (if x = m - {#i#} then a (m - {#i#}) else \<zero>)"
+ apply(cases "x = m - {#i#}")
+ apply (metis T0 T11 \<open>x \<in> mset_factors m\<close> assms(1) carrier_coeffE empty_subsetI
+ ideal_is_subalgebra indexed_pset_in_carrier oneideal r_one subalgebra_in_carrier)
+ by (metis T11 \<open>x \<in> mset_factors m\<close> assms(1) carrier_coeffE carrier_is_subalgebra
+ empty_subsetI indexed_pset_in_carrier r_null subalgebra_in_carrier)
+ qed
+ have T13: "(\<Oplus>x\<in>(mset_factors m) - {m - {#i#}}. a x \<otimes> mset_to_IP R {#i#} (m - x)) = \<zero>"
+ using T12
+ by (metis (no_types, lifting) DiffE add.finprod_one_eqI singletonI)
+ have T14: "finite (mset_factors m - {m - {#i#}})"
+ using mset_factors_finite by blast
+ have T15: "m - {#i#} \<notin> mset_factors m - {m - {#i#}}"
+ by simp
+ have T16: " (\<lambda>x. a x \<otimes> mset_to_IP R {#i#} (m - x)) \<in> mset_factors m - {m - {#i#}} \<rightarrow> carrier R"
+ proof
+ fix x
+ assume "x \<in> mset_factors m - {m - {#i#}}"
+ then show " a x \<otimes> mset_to_IP R {#i#} (m - x) \<in> carrier R"
+ using assms T12 by auto
+ qed
+ have "m - (m - {#i#}) = {#i#}"
+ by (metis monom_comp' True single_subset_iff)
+ then have T17: " a (m - {#i#}) \<otimes> mset_to_IP R {#i#} (m - (m - {#i#})) \<in> carrier R"
+ unfolding mset_to_IP_def apply auto using assms
+ by (meson carrier_coeffE carrier_is_subalgebra empty_subsetI indexed_pset_in_carrier m_closed one_closed subalgebra_in_carrier)
+ have T18:"(\<Oplus>x\<in>insert (m - {#i#}) (mset_factors m - {m - {#i#}}). a x \<otimes> mset_to_IP R {#i#} (m - x)) =
+ a (m - {#i#}) \<otimes> mset_to_IP R {#i#} (m - (m - {#i#})) \<oplus> (\<Oplus>x\<in>mset_factors m - {m - {#i#}}. a x \<otimes> mset_to_IP R {#i#} (m - x))"
+ using T12 T13 T14 T15 T16 T17 unfolding P_ring_mult_def
+ using finsum_insert[of "mset_factors m - {m - {#i#}}" "m - {#i#}"
+ "\<lambda>x. a x \<otimes> mset_to_IP R {#i#} (m - x)"]
+ by blast
+ have T19: "a (m - {#i#}) \<otimes> mset_to_IP R {#i#} (m - (m - {#i#})) = a (m - {#i#}) "
+ proof-
+ have " (m - (m - {#i#})) = {#i#}"
+ using True
+ by (metis monom_comp' single_subset_iff)
+ then have "mset_to_IP R {#i#} (m - (m - {#i#})) = \<one>"
+ by (metis mset_to_IP_def)
+ have "a (m - {#i#}) \<in> carrier R"
+ using assms
+ by (meson carrier_coeffE carrier_is_subalgebra exp_base_closed
+ indexed_pset_in_carrier one_closed subalgebra_in_carrier)
+ then show ?thesis using assms
+ using \<open>mset_to_IP R {#i#} (m - (m - {#i#})) = \<one>\<close> by auto
+ qed
+ have T20: "(\<Oplus>x\<in>insert (m - {#i#}) ((mset_factors m) - {m - {#i#}}). a x \<otimes> mset_to_IP R {#i#} (m - x)) =
+ a (m - {#i#}) \<oplus> (\<Oplus>x\<in>mset_factors m - {m - {#i#}}. a x \<otimes> mset_to_IP R {#i#} (m - x))"
+ using T18 T19 by auto
+ have T21: "insert (m - {#i#}) ((mset_factors m) - {m - {#i#}}) = mset_factors m"
+ proof-
+ have "(m - {#i#}) \<in> mset_factors m"
+ by (simp add: monom_divides_factors)
+ then show ?thesis
+ by blast
+ qed
+ then show ?thesis using T13 T20 True unfolding P_ring_mult_def
+ using T17 T19 by auto
+ qed
+ then show ?thesis
+ by (simp add: T0)
+ next
+ case False
+ have F0: "(a \<Otimes> i) m = \<zero> "
+ by (simp add: False indexed_pmult_def)
+ have F1: " (a \<Otimes>\<^sub>p mset_to_IP R {#i#}) m = \<zero>"
+ unfolding P_ring_mult_def
+ proof-
+ have "\<And>x. x \<in> mset_factors m \<Longrightarrow> a x \<otimes> mset_to_IP R {#i#} (m - x) = \<zero>"
+ proof-
+ fix x
+ assume A: "x \<in> mset_factors m"
+ have B: "m - x \<noteq> {#i#}" using False A
+ by (metis diff_subset_eq_self single_subset_iff)
+ then show "a x \<otimes> mset_to_IP R {#i#} (m - x) = \<zero>"
+ using assms False unfolding mset_to_IP_def
+ using carrier_coeffE indexed_pset_in_carrier by fastforce
+ qed
+ then show "(\<Oplus>x\<in>mset_factors m. a x \<otimes> mset_to_IP R {#i#} (m - x)) = \<zero>"
+ by (simp add: add.finprod_one_eqI)
+ qed
+ then show ?thesis
+ by (simp add: F0)
+ qed
+qed
+
+lemma mset_to_IP_mult_closed:
+ assumes "a \<in> indexed_pset I (carrier R)"
+ shows "set_mset m \<subseteq> I \<Longrightarrow> a \<Otimes>\<^sub>p mset_to_IP R m \<in> indexed_pset I (carrier R)"
+proof(induction m)
+ case empty
+ then have "mset_to_IP R {#} = indexed_const \<one>"
+ unfolding mset_to_IP_def indexed_const_def by auto
+ then show ?case
+ by (simp add: \<open>mset_to_IP R {#} = indexed_const \<one>\<close> assms indexed_const_P_mult_closed)
+next
+ case (add x m)
+ fix x
+ fix m :: "'c monomial"
+ assume A: "set_mset (add_mset x m) \<subseteq> I"
+ assume B: "set_mset m \<subseteq> I \<Longrightarrow> a \<Otimes>\<^sub>p mset_to_IP R m \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ show " a \<Otimes>\<^sub>p mset_to_IP R (add_mset x m) \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ proof-
+ have 0: "x \<in> I"
+ using A by auto
+ have 1: "set_mset m \<subseteq> I"
+ using A by auto
+ have 2: " a \<Otimes>\<^sub>p mset_to_IP R m \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ using "1" B by blast
+ have 3: " a \<Otimes>\<^sub>p mset_to_IP R (add_mset x m) = (a \<Otimes>\<^sub>p mset_to_IP R m) \<Otimes> x"
+ proof-
+ have 30: " a \<Otimes>\<^sub>p mset_to_IP R (add_mset x m) = a \<Otimes>\<^sub>p (mset_to_IP R m \<Otimes> x)"
+ using monom_add_mset[of x m]
+ by auto
+ have 31: "(a \<Otimes>\<^sub>p mset_to_IP R m) \<Otimes> x = a \<Otimes>\<^sub>p (mset_to_IP R m \<Otimes> x)"
+ proof
+ fix y
+ show "(a \<Otimes>\<^sub>p mset_to_IP R m \<Otimes> x) y = (a \<Otimes>\<^sub>p (mset_to_IP R m \<Otimes> x)) y "
+ proof-
+ have 310: "(a \<Otimes>\<^sub>p mset_to_IP R m \<Otimes> x) y = (a \<Otimes>\<^sub>p mset_to_IP R m \<Otimes>\<^sub>p mset_to_IP R {#x#}) y"
+ using poly_index_mult "0" "2"
+ by fastforce
+ have 311: " (mset_to_IP R m \<Otimes> x) = mset_to_IP R m \<Otimes>\<^sub>p mset_to_IP R {#x#}"
+ using "0" "2"
+ by (metis add_mset_add_single monom_add_mset monom_mult)
+ have 312: "carrier_coeff a "
+ using assms indexed_pset_in_carrier by blast
+ have 313: "carrier_coeff (mset_to_IP R m)"
+ by (simp add: carrier_coeff_def mset_to_IP_def)
+ have 314: "carrier_coeff (mset_to_IP R {#x#})"
+ by (metis carrier_coeff_def mset_to_IP_def one_closed zero_closed)
+ show ?thesis
+ using 310 311 312 313 314
+ P_ring_mult_assoc[of a "mset_to_IP R m" "mset_to_IP R {#x#}"]
+ by simp
+ qed
+ qed
+ then show ?thesis
+ by (simp add: monom_add_mset)
+ qed
+ then show ?thesis
+ by (simp add: "0" "1" B indexed_pset.indexed_pmult)
+ qed
+qed
+
+text\<open>
+ A predicate which identifies when the variables used in a given polynomial $P$ are only
+ drawn from a fixed variable set $I$.
+\<close>
+abbreviation monoms_in where
+"monoms_in I P \<equiv> (\<forall>m \<in> monomials_of R P. set_mset m \<subseteq> I)"
+
+lemma monoms_of_const:
+"monomials_of R (indexed_const k) = (if k = \<zero> then {} else {{#}})"
+ unfolding indexed_const_def monomials_of_def
+ by auto
+
+lemma const_monoms_in:
+"monoms_in I (indexed_const k)"
+ unfolding indexed_const_def monomials_of_def
+ using count_empty count_eq_zero_iff monomials_ofE subsetI
+ by simp
+
+lemma mset_to_IP_indices:
+ shows "P \<in> indexed_pset I (carrier R) \<Longrightarrow> monoms_in I P"
+ apply(erule indexed_pset.induct[of])
+ apply (simp add: const_monoms_in; fail)
+proof-
+ show "\<And>P Q. P \<in> (carrier R [\<X>\<^bsub>I\<^esub>]) \<Longrightarrow>
+ \<forall>m\<in>monomials_of R P. set_mset m \<subseteq> I \<Longrightarrow>
+ Q \<in> (carrier R [\<X>\<^bsub>I\<^esub>]) \<Longrightarrow> \<forall>m\<in>monomials_of R Q. set_mset m \<subseteq> I \<Longrightarrow> \<forall>m\<in>monomials_of R (P \<Oplus> Q). set_mset m \<subseteq> I"
+ proof
+ fix P Q
+ fix m
+ assume A: "P \<in> (carrier R [\<X>\<^bsub>I\<^esub>])" "\<forall>m\<in>monomials_of R P. set_mset m \<subseteq> I"
+ "Q \<in> (carrier R [\<X>\<^bsub>I\<^esub>])" "\<forall>m\<in>monomials_of R Q. set_mset m \<subseteq> I"
+ " m \<in> monomials_of R (P \<Oplus> Q)"
+ show "set_mset m \<subseteq> I"
+ proof-
+ have "m \<in> monomials_of R P \<or> m \<in> monomials_of R Q"
+ using A using monomials_of_add[of P Q]
+ by blast
+ then show ?thesis using A
+ by blast
+ qed
+ qed
+ show "\<And>P i. P \<in> (carrier R [\<X>\<^bsub>I\<^esub>]) \<Longrightarrow> \<forall>m\<in>monomials_of R P. set_mset m \<subseteq> I \<Longrightarrow> i \<in> I \<Longrightarrow> \<forall>m\<in>monomials_of R (P \<Otimes> i). set_mset m \<subseteq> I"
+ proof
+ fix P
+ fix i
+ fix m
+ assume A: "P \<in> (carrier R [\<X>\<^bsub>I\<^esub>])" "\<forall>m\<in>monomials_of R P. set_mset m \<subseteq> I" "i \<in> I" "m \<in> monomials_of R (P \<Otimes> i)"
+ obtain n where "n \<in> monomials_of R P \<and> m = add_mset i n"
+ using A
+ by (metis image_iff monomials_of_p_mult')
+ then show "set_mset m \<subseteq> I"
+ using A
+ by auto
+ qed
+qed
+
+lemma mset_to_IP_indices':
+ assumes "P \<in> indexed_pset I (carrier R)"
+ assumes "m \<in> monomials_of R P"
+ shows "set_mset m \<subseteq> I"
+ using assms(1) assms(2) mset_to_IP_indices by blast
+
+lemma one_mset_to_IP:
+ "mset_to_IP R {#} = indexed_const \<one>"
+ unfolding mset_to_IP_def indexed_const_def
+ by blast
+
+lemma mset_to_IP_closed:
+ shows "set_mset m \<subseteq> I \<Longrightarrow>mset_to_IP R m \<in> indexed_pset I (carrier R) "
+ apply(induction m)
+ apply (simp add: indexed_pset.indexed_const one_mset_to_IP)
+ by (metis (no_types, lifting) add_mset_commute indexed_pset.simps
+ monom_add_mset mset_add subset_iff union_single_eq_member)
+
+lemma mset_to_IP_closed':
+ assumes "P \<in> indexed_pset I (carrier R)"
+ assumes "m \<in> monomials_of R P"
+ shows "mset_to_IP R m \<in> indexed_pset I (carrier R)"
+ by (meson assms(1) assms(2) mset_to_IP_closed mset_to_IP_indices')
+
+text\<open>This lemma expresses closure under multiplcation for indexed polynomials.\<close>
+
+lemma P_ring_mult_closed:
+ assumes "carrier_coeff P"
+ assumes "carrier_coeff Q"
+ shows "carrier_coeff (P_ring_mult R P Q)"
+ unfolding carrier_coeff_def
+proof
+ fix m
+ have "(\<lambda>x. P x \<otimes> Q (m - x)) \<in> mset_factors m \<rightarrow> carrier R"
+ proof
+ fix x
+ assume "x \<in> mset_factors m"
+ then show "P x \<otimes> Q (m - x) \<in> carrier R"
+ using assms carrier_coeffE
+ by blast
+ qed
+ then show "(P \<Otimes>\<^sub>p Q) m \<in> carrier R"
+ using assms finsum_closed[of "(\<lambda>x. (P x) \<otimes> (Q (m - x)))" "mset_factors m"]
+ unfolding carrier_coeff_def P_ring_mult_def
+ by blast
+qed
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Multivariable Polynomial Induction\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+lemma mpoly_induct:
+ assumes "\<And>Q. Q \<in> indexed_pset I (carrier R) \<and> card (monomials_of R Q) = 0 \<Longrightarrow> P Q"
+ assumes "\<And>n. (\<And>Q. Q \<in> indexed_pset I (carrier R) \<and> card (monomials_of R Q) \<le> n \<Longrightarrow> P Q)
+ \<Longrightarrow> (\<And>Q. Q \<in> indexed_pset I (carrier R) \<and> card (monomials_of R Q) \<le> (Suc n) \<Longrightarrow> P Q)"
+ assumes "Q \<in> indexed_pset I (carrier R)"
+ shows "P Q"
+proof-
+ have "\<And>m. \<And>Q. Q \<in> indexed_pset I (carrier R) \<and> card(monomials_of R Q) \<le> m \<Longrightarrow> P Q"
+ proof-
+ fix m
+ show "\<And>Q. Q \<in> indexed_pset I (carrier R) \<and> card(monomials_of R Q) \<le> m \<Longrightarrow> P Q"
+ apply(induction m)
+ using assms(1)
+ apply blast
+ using assms
+ by blast
+ qed
+ then show ?thesis
+ using assms(3) by blast
+qed
+
+lemma monomials_of_card_zero:
+ assumes "Q \<in> indexed_pset I (carrier R) \<and> card (monomials_of R Q) = 0"
+ shows "Q = indexed_const \<zero>"
+proof-
+ have 0: "carrier_coeff Q"
+ using assms indexed_pset_in_carrier
+ by blast
+ have "\<And>m. Q m = \<zero>"
+ unfolding monomials_of_def
+ using assms monomials_finite
+ by (metis card_0_eq complement_of_monomials_of empty_iff)
+ then show ?thesis
+ using 0 assms unfolding indexed_const_def
+ by auto
+qed
+
+text\<open>Polynomial induction on the number of monomials with nonzero coefficient:\<close>
+
+lemma mpoly_induct':
+ assumes "P (indexed_const \<zero>)"
+ assumes "\<And>n. (\<And>Q. Q \<in> indexed_pset I (carrier R) \<and> card (monomials_of R Q) \<le> n \<Longrightarrow> P Q)
+ \<Longrightarrow> (\<And>Q. Q \<in> indexed_pset I (carrier R) \<and> card (monomials_of R Q) = (Suc n) \<Longrightarrow> P Q)"
+ assumes "Q \<in> indexed_pset I (carrier R)"
+ shows "P Q"
+ apply(rule mpoly_induct)
+ using assms(1) monomials_of_card_zero apply blast
+proof-
+ show "\<And>n Q. (\<And>Q. Q \<in> (carrier R [\<X>\<^bsub>I\<^esub>]) \<and> card (monomials_of R Q) \<le> n \<Longrightarrow> P Q) \<Longrightarrow> Q \<in> (carrier R [\<X>\<^bsub>I\<^esub>]) \<and> card (monomials_of R Q) \<le> Suc n \<Longrightarrow> P Q"
+ proof-
+ fix n
+ fix Q
+ assume A0: "(\<And>Q. Q \<in> (carrier R [\<X>\<^bsub>I\<^esub>]) \<and> card (monomials_of R Q) \<le> n \<Longrightarrow> P Q)"
+ assume A1: "Q \<in> (carrier R [\<X>\<^bsub>I\<^esub>]) \<and> card (monomials_of R Q) \<le> Suc n"
+ show "P Q"
+ apply(cases "card (monomials_of R Q) = Suc n")
+ using assms A0 A1
+ apply blast
+ using assms A0 A1
+ using le_SucE by blast
+ qed
+ show "Q \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ using assms by auto
+qed
+
+lemma monomial_poly_split:
+ assumes "P \<in> indexed_pset I (carrier R)"
+ assumes "m \<in> monomials_of R P"
+ shows "(restrict_poly_to_monom_set R P ((monomials_of R P) - {m})) \<Oplus> ((mset_to_IP R m) \<Otimes>\<^sub>p (indexed_const (P m))) = P"
+proof fix x
+ show "(restrict_poly_to_monom_set R P (monomials_of R P - {m}) \<Oplus> (mset_to_IP R m \<Otimes>\<^sub>p indexed_const (P m))) x = P x"
+ proof(cases "x = m")
+ case True
+ have T0: "(restrict_poly_to_monom_set R P (monomials_of R P - {m})) x = \<zero>"
+ unfolding restrict_poly_to_monom_set_def
+ by (simp add: True)
+ have T1: "(mset_to_IP R m \<Otimes>\<^sub>p indexed_const (P m)) x = P x"
+ using assms True indexed_const_P_multE[of "mset_to_IP R m" I "P m" m]
+ mset_to_IP_simp
+ by (metis Idl_subset_ideal' carrier_coeffE genideal_one indexed_pset_in_carrier
+ l_one mset_to_IP_closed' one_closed)
+ then show ?thesis
+ using T0 True
+ unfolding indexed_padd_def
+ using assms(1) carrier_coeffE indexed_pset_in_carrier l_zero
+ by fastforce
+ next
+ case False
+ then have F0: "(restrict_poly_to_monom_set R P (monomials_of R P - {m})) x = P x"
+ proof(cases "x \<in> monomials_of R P")
+ case True
+ then show ?thesis
+ by (simp add: False restrict_poly_to_monom_set_def)
+ next
+ case False
+ then show ?thesis
+ by (simp add: complement_of_monomials_of restrict_poly_to_monom_set_def)
+ qed
+ have F1: "mset_to_IP R m \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ using assms(1) assms(2) mset_to_IP_closed' by blast
+ have F2: "P m \<in> carrier R"
+ using assms(1) carrier_coeffE indexed_pset_in_carrier by blast
+ have F3: "(mset_to_IP R m \<Otimes>\<^sub>p indexed_const (P m)) x = \<zero>"
+ using False F1 F2 assms indexed_const_P_multE[of "mset_to_IP R m" I "P m" x]
+ by (simp add: F1 \<open>m \<in> monomials_of R P\<close>)
+ then show ?thesis using F0 unfolding indexed_padd_def
+ using assms(1) carrier_coeffE indexed_pset_in_carrier
+ by fastforce
+ qed
+qed
+
+lemma restrict_not_in_monoms:
+ assumes "a \<notin> monomials_of R P"
+ shows "restrict_poly_to_monom_set R P A = restrict_poly_to_monom_set R P (insert a A)"
+proof
+ fix x
+ show " restrict_poly_to_monom_set R P A x = restrict_poly_to_monom_set R P (insert a A) x "
+ unfolding restrict_poly_to_monom_set_def using assms unfolding monomials_of_def
+ by simp
+qed
+
+lemma restriction_closed':
+ assumes "P \<in> indexed_pset I (carrier R)"
+ assumes "finite ms"
+ shows "(restrict_poly_to_monom_set R P ms) \<in> indexed_pset I (carrier R)"
+ apply(rule finite.induct[of ms])
+ apply (simp add: assms(2); fail)
+proof-
+ show "restrict_poly_to_monom_set R P {} \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ proof-
+ have "restrict_poly_to_monom_set R P {} = indexed_const \<zero>"
+ unfolding restrict_poly_to_monom_set_def indexed_const_def by auto
+ then show ?thesis
+ by (simp add: indexed_pset.indexed_const)
+ qed
+ show "\<And>A a. finite A \<Longrightarrow> restrict_poly_to_monom_set R P A \<in> (carrier R [\<X>\<^bsub>I\<^esub>]) \<Longrightarrow> restrict_poly_to_monom_set R P (insert a A) \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ proof-
+ fix A
+ fix a
+ assume A: "restrict_poly_to_monom_set R P A \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ show "restrict_poly_to_monom_set R P (insert a A) \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ proof(cases "a \<in> monomials_of R P")
+ case True
+ then have T0: "mset_to_IP R a \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ using assms(1) mset_to_IP_closed' by blast
+ then have T1: "(mset_to_IP R a \<Otimes>\<^sub>p indexed_const (P a)) \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ by (meson assms(1) carrier_coeffE indexed_pset_in_carrier
+ local.ring_axioms ring.indexed_const_P_mult_closed subset_refl)
+
+ show ?thesis
+ proof(cases "a \<in> A")
+ case True
+ then show ?thesis
+ by (simp add: A insert_absorb)
+ next
+ case False
+ have "restrict_poly_to_monom_set R P (insert a A) = restrict_poly_to_monom_set R P A \<Oplus> (mset_to_IP R a \<Otimes>\<^sub>p indexed_const (P a))"
+ proof
+ fix x
+ show "restrict_poly_to_monom_set R P (insert a A) x = (restrict_poly_to_monom_set R P A \<Oplus> (mset_to_IP R a \<Otimes>\<^sub>p indexed_const (P a))) x"
+ proof(cases "x = a")
+ case True
+ then have FT0: "(if x \<in> insert a A then P x else \<zero>) = P x"
+ by simp
+ have FT1: "(if x \<in> A then P x else \<zero>) = \<zero>"
+ by (simp add: False True)
+ have FT2: "P a \<in> carrier R"
+ using assms(1) carrier_coeffE indexed_pset_in_carrier by blast
+ have FT3: "(mset_to_IP R a \<Otimes>\<^sub>p indexed_const (P a)) x = P x"
+ using T0 FT2 True indexed_const_P_multE[of "mset_to_IP R a" I "P a" x] mset_to_IP_simp[of a]
+ by simp
+ then show ?thesis
+ using False
+ unfolding restrict_poly_to_monom_set_def indexed_padd_def
+ using FT0 FT1 FT3 assms
+ by (simp add: FT2 True)
+ next
+ case F: False
+ then have FT0: "(if x \<in> insert a A then P x else \<zero>) = (if x \<in> A then P x else \<zero>)"
+ by simp
+ have FT2: "P a \<in> carrier R"
+ using assms(1) carrier_coeffE indexed_pset_in_carrier by blast
+ have FT3: "(mset_to_IP R a \<Otimes>\<^sub>p indexed_const (P a)) x = \<zero>"
+ using T0 FT2 True indexed_const_P_multE[of "mset_to_IP R a" I "P a" x] mset_to_IP_simp[of a]
+ by (simp add: F mset_to_IP_def)
+ show ?thesis
+ unfolding restrict_poly_to_monom_set_def indexed_padd_def
+ proof-
+
+ show "(if x \<in> insert a A then P x else \<zero>) = (if x \<in> A then P x else \<zero>) \<oplus> (mset_to_IP R a \<Otimes>\<^sub>p indexed_const (P a)) x"
+ apply(cases "x \<in> A")
+ using FT0 FT2 FT3 F False assms carrier_coeffE indexed_pset_in_carrier local.ring_axioms
+ apply fastforce
+ using FT0 FT2 FT3 F False assms
+ by simp
+ qed
+ qed
+ qed
+ then show ?thesis
+ using A T1 indexed_pset.simps by blast
+ qed
+ next
+ case False
+ then show ?thesis
+ using A restrict_not_in_monoms by fastforce
+ qed
+ qed
+qed
+
+lemma restriction_restrict:
+"restrict_poly_to_monom_set R P ms = restrict_poly_to_monom_set R P (ms \<inter> monomials_of R P)"
+proof
+ fix x
+ show "restrict_poly_to_monom_set R P ms x = restrict_poly_to_monom_set R P (ms \<inter> monomials_of R P) x"
+ unfolding restrict_poly_to_monom_set_def monomials_of_def
+ by simp
+qed
+
+lemma restriction_closed:
+ assumes "P \<in> indexed_pset I (carrier R)"
+ assumes "Q = restrict_poly_to_monom_set R P ms"
+ shows "Q \<in> indexed_pset I (carrier R)"
+proof-
+ have "Q = restrict_poly_to_monom_set R P (ms \<inter> monomials_of R P)"
+ using assms restriction_restrict
+ by blast
+ then show ?thesis
+ using assms restriction_closed'[of P I "(ms \<inter> monomials_of R P)"]
+ using monomials_finite
+ by blast
+qed
+
+lemma monomial_split_card:
+ assumes "P \<in> indexed_pset I (carrier R)"
+ assumes "m \<in> monomials_of R P"
+ shows "card (monomials_of R (restrict_poly_to_monom_set R P ((monomials_of R P) - {m})))=
+ card (monomials_of R P) -1"
+proof-
+ have 0: "(monomials_of R (restrict_poly_to_monom_set R P ((monomials_of R P) - {m}))) =
+ (monomials_of R P) - {m}"
+ using assms(1)
+ by (meson Diff_subset restrict_poly_to_monom_set_monoms)
+ then have 1: "card (monomials_of R (restrict_poly_to_monom_set R P ((monomials_of R P) - {m}))) =
+ card ((monomials_of R P) - {m})"
+ by auto
+ have " card ((monomials_of R P) - {m}) = card (monomials_of R P) - 1"
+ using assms(2)
+ using assms(1) monomials_finite by fastforce
+ then show ?thesis
+ by (simp add: "1")
+qed
+
+lemma P_ring_mult_closed':
+ assumes "a \<in> indexed_pset I (carrier R)"
+ assumes "b \<in> indexed_pset I (carrier R)"
+ shows "a \<Otimes>\<^sub>p b \<in> indexed_pset I (carrier R)"
+ apply(rule mpoly_induct'[of "\<lambda>b. a \<Otimes>\<^sub>p b \<in> indexed_pset I (carrier R)" I b])
+ using assms(1) indexed_const_P_mult_closed apply blast
+proof-
+ show "b \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ using assms by auto
+ show "\<And>n Q. (\<And>Q. Q \<in> (carrier R [\<X>\<^bsub>I\<^esub>]) \<and> card (monomials_of R Q) \<le> n \<Longrightarrow> a \<Otimes>\<^sub>p Q \<in> (carrier R [\<X>\<^bsub>I\<^esub>])) \<Longrightarrow>
+ Q \<in> (carrier R [\<X>\<^bsub>I\<^esub>]) \<and> card (monomials_of R Q) = Suc n \<Longrightarrow> a \<Otimes>\<^sub>p Q \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ proof-
+ fix n
+ fix Q
+ assume A0: "(\<And>Q. Q \<in> (carrier R [\<X>\<^bsub>I\<^esub>]) \<and> card (monomials_of R Q) \<le> n \<Longrightarrow> a \<Otimes>\<^sub>p Q \<in> (carrier R [\<X>\<^bsub>I\<^esub>]))"
+ assume A1: "Q \<in> (carrier R [\<X>\<^bsub>I\<^esub>]) \<and> card (monomials_of R Q) = Suc n"
+ obtain m where m_def: "m \<in> monomials_of R Q"
+ using A1
+ by fastforce
+ obtain P where P_def: "P = (restrict_poly_to_monom_set R Q ((monomials_of R Q) - {m}))"
+ by simp
+ have "P \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ using P_def A1 restriction_closed
+ by blast
+ have 0: "a \<Otimes>\<^sub>p P \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ using A0 P_def
+ by (metis A1 One_nat_def \<open>P \<in> (carrier R [\<X>\<^bsub>I\<^esub>])\<close> diff_Suc_Suc m_def
+ minus_nat.diff_0 monomial_split_card nat_le_linear)
+ have 1: "a \<Otimes>\<^sub>p (mset_to_IP R m) \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ using assms mset_to_IP_mult_closed[of a I m] A1 m_def mset_to_IP_indices
+ by blast
+ have 2: "a \<Otimes>\<^sub>p (mset_to_IP R m \<Otimes>\<^sub>p indexed_const (Q m)) \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ using P_ring_mult_assoc[of a "mset_to_IP R m" " indexed_const (Q m)"]
+ 1
+ by (metis A1 assms(1) carrier_coeffE indexed_pset.indexed_const
+ indexed_pset_in_carrier local.ring_axioms m_def mset_to_IP_closed'
+ ring.indexed_const_P_mult_closed set_eq_subset)
+ have 3: "(P \<Oplus> (mset_to_IP R m \<Otimes>\<^sub>p indexed_const (Q m))) = Q"
+ using P_def monomial_poly_split[of Q I m]
+ using A1 m_def by blast
+ have 4: "(a \<Otimes>\<^sub>p P ) \<Oplus> (a \<Otimes>\<^sub>p (mset_to_IP R m \<Otimes>\<^sub>p indexed_const (Q m))) = a \<Otimes>\<^sub>p Q"
+ using assms 2 3 P_ring_rdistr[of a P "(mset_to_IP R m \<Otimes>\<^sub>p indexed_const (Q m))"]
+ by (metis A1 Idl_subset_ideal' P_ring_mult_closed \<open>P \<in> (carrier R [\<X>\<^bsub>I\<^esub>])\<close>
+ carrier_coeffE indexed_pset.indexed_const indexed_pset_in_carrier m_def
+ mset_to_IP_closed' onepideal principalideal.generate)
+ then show " a \<Otimes>\<^sub>p Q \<in> (carrier R [\<X>\<^bsub>I\<^esub>])"
+ by (metis "0" "2" indexed_pset.indexed_padd)
+ qed
+qed
+
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Subtraction of Polynomials\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+definition P_ring_uminus :: "('a,'b) ring_scheme \<Rightarrow> ('a,'c) mvar_poly \<Rightarrow> ('a,'c) mvar_poly" where
+"P_ring_uminus R P = (\<lambda>m. \<ominus>\<^bsub>R\<^esub> (P m))"
+
+context ring
+
+begin
+
+
+lemma P_ring_uminus_eq:
+ assumes "a \<in> indexed_pset I (carrier R)"
+ shows "P_ring_uminus R a = a \<Otimes>\<^sub>p (indexed_const (\<ominus> \<one>))"
+proof
+ fix x
+ have "(a \<Otimes>\<^sub>p indexed_const (\<ominus> \<one>)) x = a x \<otimes> \<ominus> \<one>"
+ using indexed_const_P_multE[of a I "\<ominus> \<one>" x] assms
+ by blast
+ then show "P_ring_uminus R a x = (a \<Otimes>\<^sub>p indexed_const (\<ominus> \<one>)) x"
+ unfolding P_ring_uminus_def
+ using assms
+ by (metis Idl_subset_ideal' carrier_coeffE indexed_pset_in_carrier
+ one_closed onepideal principalideal.generate r_minus r_one)
+qed
+
+lemma P_ring_uminus_closed:
+ assumes "a \<in> indexed_pset I (carrier R)"
+ shows "P_ring_uminus R a \<in> indexed_pset I (carrier R)"
+ using assms P_ring_uminus_eq
+ by (metis add.l_inv_ex indexed_const_P_mult_closed minus_equality one_closed)
+
+lemma P_ring_uminus_add:
+ assumes "a \<in> indexed_pset I (carrier R)"
+ shows "P_ring_uminus R a \<Oplus> a = indexed_const \<zero>"
+proof
+ fix x
+ show "(P_ring_uminus R a \<Oplus> a) x = indexed_const \<zero> x"
+ using assms
+ unfolding P_ring_uminus_def indexed_const_def indexed_padd_def
+ by (meson carrier_coeffE indexed_pset_in_carrier
+ local.ring_axioms ring.ring_simprules(9) set_eq_subset)
+qed
+
+text\<open>multiplication by 1\<close>
+
+lemma one_mult_left:
+ assumes "a \<in> indexed_pset I (carrier R)"
+ shows "(indexed_const \<one>) \<Otimes>\<^sub>p a = a"
+proof
+ fix m
+ show "(indexed_const \<one> \<Otimes>\<^sub>p a) m = a m "
+ unfolding indexed_const_def P_ring_mult_def
+ proof-
+ have 0: "(\<Oplus>x\<in>((mset_factors m) - {{#}}). (if x = {#} then \<one> else \<zero>) \<otimes> a (m - x)) = \<zero>"
+ proof-
+ have "\<And>x. x\<in>((mset_factors m) - {{#}}) \<Longrightarrow> (if x = {#} then \<one> else \<zero>) \<otimes> a (m - x) = \<zero> \<otimes> a (m - x)"
+ by simp
+ then have "\<And>x. x\<in>((mset_factors m) - {{#}}) \<Longrightarrow> (if x = {#} then \<one> else \<zero>) \<otimes> a (m - x) = \<zero>"
+ using assms
+ by (metis carrier_coeffE indexed_pset_in_carrier local.ring_axioms ring.ring_simprules(24) set_eq_subset)
+ then show ?thesis
+ by (meson add.finprod_one_eqI)
+ qed
+ have 1: "(\<lambda>x. (if x = {#} then \<one> else \<zero>) \<otimes> a (m - x)) {#} = a m"
+ by (metis (full_types) assms carrier_coeffE diff_zero
+ indexed_pset_in_carrier local.ring_axioms ring.ring_simprules(12) set_eq_subset)
+ have 2: "(\<Oplus>x\<in>insert {#} (mset_factors m - {{#}}). (if x = {#} then \<one> else \<zero>) \<otimes> a (m - x)) =
+ (\<lambda>x. (if x = {#} then \<one> else \<zero>) \<otimes> a (m - x)) {#} \<oplus>
+ (\<Oplus>x\<in>((mset_factors m) - {{#}}). (if x = {#} then \<one> else \<zero>) \<otimes> a (m - x))"
+ proof-
+ have 20:"finite (mset_factors m - {{#}})"
+ by simp
+ have 21: " {#} \<notin> mset_factors m - {{#}}"
+ by blast
+ have 22: " (\<lambda>x. (if x = {#} then \<one> else \<zero>) \<otimes> a (m - x)) \<in> mset_factors m - {{#}} \<rightarrow> carrier R"
+ proof
+ fix x
+ assume A: "x \<in> mset_factors m - {{#}}"
+ show "(if x = {#} then \<one> else \<zero>) \<otimes> a (m - x) \<in> carrier R"
+ apply(cases "x = {#}")
+ using A
+ apply blast
+ using assms carrier_coeffE indexed_pset_in_carrier local.ring_axioms
+ one_closed ring.ring_simprules(5) set_eq_subset zero_closed
+ by (metis (mono_tags, opaque_lifting))
+ qed
+ have 23: "(if {#} = {#} then \<one> else \<zero>) \<otimes> a (m - {#}) \<in> carrier R"
+ by (metis "1" assms carrier_coeffE indexed_pset_in_carrier set_eq_subset)
+ show ?thesis
+ using 20 21 22 23 finsum_insert[of "((mset_factors m) - {{#}})" "{#}"
+ " (\<lambda>x. (if x = {#} then \<one> else \<zero>) \<otimes> a (m - x))"]
+ by blast
+ qed
+ have 3: "insert {#} (mset_factors m - {{#}}) = mset_factors m"
+ proof-
+ have "{#} \<in> mset_factors m"
+ using monom_divides_factors subset_mset.zero_le
+ by blast
+ then show ?thesis
+ by blast
+ qed
+ show "(\<Oplus>x\<in>mset_factors m. (if x = {#} then \<one> else \<zero>) \<otimes> a (m - x)) = a m"
+ using 0 1 2 3 assms
+ by (metis (no_types, lifting) Idl_subset_ideal' carrier_coeffE
+ genideal_one indexed_pset_in_carrier one_closed r_zero)
+ qed
+qed
+
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+ subsection\<open>The Carrier of the Ring of Indexed Polynomials\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+abbreviation(input) Pring_set where
+"Pring_set R I \<equiv> ring.indexed_pset R I (carrier R) "
+
+context ring
+
+begin
+
+lemma Pring_set_zero:
+ assumes "f \<in> Pring_set R I"
+ assumes "\<not> set_mset m \<subseteq> I"
+ shows " f m = \<zero>\<^bsub>R\<^esub>"
+proof-
+ have "\<not> set_mset m \<subseteq> I \<Longrightarrow> f m = \<zero>\<^bsub>R\<^esub>"
+ apply(induction m)
+ apply simp
+ by (meson assms complement_of_monomials_of mset_to_IP_indices')
+ then show ?thesis
+ using assms(2) by blast
+qed
+
+lemma(in ring) Pring_cfs_closed:
+ assumes "P \<in> Pring_set R I"
+ shows "P m \<in> carrier R"
+ using assms carrier_coeffE indexed_pset_in_carrier
+ by blast
+
+lemma indexed_pset_mono_aux:
+ assumes "P \<in> indexed_pset I S"
+ shows "S \<subseteq> T \<Longrightarrow> P \<in> indexed_pset I T"
+ using assms
+ apply(induction P)
+ using indexed_pset.indexed_const apply blast
+ using indexed_pset.indexed_padd apply blast
+ by (simp add: indexed_pset.indexed_pmult)
+
+lemma indexed_pset_mono:
+ assumes "S \<subseteq> T"
+ shows "indexed_pset I S \<subseteq> indexed_pset I T"
+ using assms indexed_pset_mono_aux
+ by blast
+
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Scalar Multiplication\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+definition poly_scalar_mult :: "('a, 'b) ring_scheme \<Rightarrow> 'a \<Rightarrow> ('a,'c) mvar_poly \<Rightarrow> ('a,'c) mvar_poly" where
+"poly_scalar_mult R c P = (\<lambda> m. c \<otimes>\<^bsub>R\<^esub> P m)"
+
+lemma(in cring) poly_scalar_mult_eq:
+ assumes "c \<in> carrier R"
+ shows "P \<in> Pring_set R (I :: 'c set) \<Longrightarrow> poly_scalar_mult R c P = indexed_const c \<Otimes>\<^sub>p P"
+proof(erule indexed_pset.induct)
+ show "\<And>k. k \<in> carrier R \<Longrightarrow> poly_scalar_mult R c (indexed_const k) = indexed_const c \<Otimes>\<^sub>p indexed_const k"
+ proof-
+ fix k
+ assume A0: "k \<in> carrier R"
+ show "poly_scalar_mult R c (indexed_const k) = (indexed_const c \<Otimes>\<^sub>p indexed_const k) "
+ unfolding poly_scalar_mult_def
+ proof
+ show "\<And>m. c \<otimes> indexed_const k m = (indexed_const c \<Otimes>\<^sub>p indexed_const k) m"
+ using indexed_const_P_mult_eq
+ by (metis A0 assms indexed_const_P_mult_eq indexed_const_def local.semiring_axioms semiring.r_null)
+ qed
+ qed
+ show "\<And>P Q. P \<in> Pring_set R I \<Longrightarrow>
+ poly_scalar_mult R c P = indexed_const c \<Otimes>\<^sub>p P \<Longrightarrow>
+ Q \<in> Pring_set R I \<Longrightarrow> poly_scalar_mult R c Q = indexed_const c \<Otimes>\<^sub>p Q \<Longrightarrow> poly_scalar_mult R c (P \<Oplus> Q) = indexed_const c \<Otimes>\<^sub>p (P \<Oplus> Q)"
+ proof
+ fix P Q :: "'c monomial \<Rightarrow> 'a"
+ fix x :: "'c monomial"
+ assume A0: "P \<in> Pring_set R I"
+ assume A1: "poly_scalar_mult R c P = indexed_const c \<Otimes>\<^sub>p P"
+ assume A2: "Q \<in> Pring_set R I"
+ assume A3: "poly_scalar_mult R c Q = indexed_const c \<Otimes>\<^sub>p Q"
+ show "poly_scalar_mult R c (P \<Oplus> Q) x = (indexed_const c \<Otimes>\<^sub>p (P \<Oplus> Q)) x"
+ proof-
+ have P0: "poly_scalar_mult R c (P \<Oplus> Q) = (poly_scalar_mult R c P) \<Oplus> (poly_scalar_mult R c Q)"
+ unfolding poly_scalar_mult_def
+ proof
+ fix m
+ show "c \<otimes> (P \<Oplus> Q) m = ((\<lambda>m. c \<otimes> P m) \<Oplus> (\<lambda>m. c \<otimes> Q m)) m"
+ proof-
+ have LHS: "c \<otimes> (P \<Oplus> Q) m = c \<otimes> ( P m \<oplus> Q m) "
+ by (simp add: indexed_padd_def)
+ then have LHS1: "c \<otimes> (P \<Oplus> Q) m = (c \<otimes> P m) \<oplus> (c \<otimes>Q m) "
+ proof-
+ have 0: "carrier_coeff P"
+ using A0 indexed_pset_in_carrier
+ by blast
+ have 1: "P m \<in> carrier R"
+ using 0 carrier_coeffE by blast
+ have 2: "carrier_coeff Q"
+ using A2 indexed_pset_in_carrier
+ by blast
+ have 3: "Q m \<in> carrier R" using 2
+ using carrier_coeff_def
+ by blast
+ show ?thesis using 1 3 assms
+ by (simp add: LHS r_distr)
+ qed
+ then show ?thesis
+ by (simp add: indexed_padd_def)
+ qed
+ qed
+ have P1: "poly_scalar_mult R c (P \<Oplus> Q) = (indexed_const c \<Otimes>\<^sub>p P) \<Oplus> (indexed_const c \<Otimes>\<^sub>p Q)"
+ using P0 A1 A3
+ by simp
+ have P2: "indexed_const c \<in> Pring_set R I"
+ using assms indexed_pset.indexed_const by blast
+ show ?thesis
+ using P2 A0 A2 P1
+ by (metis P_ring_rdistr indexed_pset_in_carrier set_eq_subset)
+ qed
+ qed
+ show "\<And>P i. P \<in> Pring_set R I \<Longrightarrow>
+ poly_scalar_mult R c P = indexed_const c \<Otimes>\<^sub>p P \<Longrightarrow> i \<in> I \<Longrightarrow> poly_scalar_mult R c (P \<Otimes> i) = indexed_const c \<Otimes>\<^sub>p (P \<Otimes> i)"
+ proof-
+ fix P
+ fix i
+ assume A0: "P \<in> Pring_set R I"
+ assume A1: "poly_scalar_mult R c P = indexed_const c \<Otimes>\<^sub>p P"
+ assume A2: "i \<in> I"
+ show "poly_scalar_mult R c (P \<Otimes> i) = indexed_const c \<Otimes>\<^sub>p (P \<Otimes> i)"
+ proof
+ fix x
+ show "poly_scalar_mult R c (P \<Otimes> i) x = (indexed_const c \<Otimes>\<^sub>p (P \<Otimes> i)) x"
+ proof-
+ have RHS: "(indexed_const c \<Otimes>\<^sub>p (P \<Otimes> i)) = (indexed_const c \<Otimes>\<^sub>p P) \<Otimes> i"
+ proof-
+ have B0: "P \<Otimes> i = P \<Otimes>\<^sub>p (mset_to_IP R {#i#})"
+ by (meson A0 A2 poly_index_mult)
+ have B1: " (indexed_const c \<Otimes>\<^sub>p P) \<Otimes> i = (indexed_const c \<Otimes>\<^sub>p P) \<Otimes>\<^sub>p (mset_to_IP R {#i#})"
+ by (meson A0 A2 P_ring_mult_closed' assms indexed_pset.simps poly_index_mult)
+ have B2: "(indexed_const c \<Otimes>\<^sub>p (P \<Otimes> i)) = indexed_const c \<Otimes>\<^sub>p P \<Otimes>\<^sub>p (mset_to_IP R {#i#})"
+ by (metis A0 A2 B1 assms cring.P_ring_mult_comm indexed_const_var_mult
+ indexed_pmult_in_carrier indexed_pset.indexed_const indexed_pset_in_carrier
+ is_cring set_eq_subset)
+ show ?thesis using A0 A1 A2 B2 B1 assms
+ by (simp add: A0)
+ then have RHS': "(indexed_const c \<Otimes>\<^sub>p (P \<Otimes> i)) = (poly_scalar_mult R c P) \<Otimes> i"
+ using A0 A1 A2 assms
+ by simp
+ qed
+ show ?thesis apply(cases "i \<in># x")
+ unfolding poly_scalar_mult_def
+ apply (metis A1 RHS poly_scalar_mult_def indexed_pmult_def )
+ by (metis RHS assms indexed_pmult_def r_null)
+ qed
+ qed
+ qed
+qed
+
+lemma(in cring) poly_scalar_mult_const:
+ assumes "c \<in> carrier R"
+ assumes "k \<in> carrier R"
+ shows "poly_scalar_mult R k (indexed_const c) = indexed_const (k \<otimes> c)"
+ using assms poly_scalar_mult_eq
+ by (simp add: poly_scalar_mult_eq indexed_const_P_mult_eq indexed_pset.indexed_const)
+
+lemma(in cring) poly_scalar_mult_closed:
+ assumes "c \<in> carrier R"
+ assumes "P \<in> Pring_set R I"
+ shows "poly_scalar_mult R c P \<in> Pring_set R I"
+ using assms poly_scalar_mult_eq
+ by (metis P_ring_mult_closed' indexed_pset.indexed_const)
+
+lemma(in cring) poly_scalar_mult_zero:
+ assumes "P \<in> Pring_set R I"
+ shows "poly_scalar_mult R \<zero> P = indexed_const \<zero>"
+proof
+ fix x
+ show "poly_scalar_mult R \<zero> P x = indexed_const \<zero> x"
+ unfolding poly_scalar_mult_def
+ using assms
+ by (metis Pring_cfs_closed indexed_zero_def l_null)
+qed
+
+lemma(in cring) poly_scalar_mult_one:
+ assumes "P \<in> Pring_set R I"
+ shows "poly_scalar_mult R \<one> P = P"
+proof
+ fix x show "poly_scalar_mult R \<one> P x = P x"
+ using assms
+ by (metis one_closed one_mult_left poly_scalar_mult_eq)
+qed
+
+lemma(in cring) times_poly_scalar_mult:
+ assumes "P \<in> Pring_set R I"
+ assumes "Q \<in> Pring_set R I"
+ assumes "k \<in> carrier R"
+ shows "P \<Otimes>\<^sub>p (poly_scalar_mult R k Q) = poly_scalar_mult R k (P \<Otimes>\<^sub>p Q)"
+proof-
+ have "P \<Otimes>\<^sub>p (poly_scalar_mult R k Q) = P \<Otimes>\<^sub>p (indexed_const k) \<Otimes>\<^sub>p Q"
+ by (metis assms(1) assms(2) assms(3) indexed_pset_mono_aux
+ local.ring_axioms poly_scalar_mult_eq ring.P_ring_mult_assoc ring.indexed_pset.intros(1)
+ ring.indexed_pset_in_carrier subset_refl)
+ then have "P \<Otimes>\<^sub>p (poly_scalar_mult R k Q) = (indexed_const k) \<Otimes>\<^sub>p P \<Otimes>\<^sub>p Q"
+ by (metis P_ring_mult_comm assms(1) assms(3) local.ring_axioms ring.indexed_pset.indexed_const ring.indexed_pset_in_carrier subset_refl)
+ then show ?thesis
+ by (metis (no_types, opaque_lifting) P_ring_mult_closed' Pring_cfs_closed assms(1) assms(2) assms(3)
+ carrier_coeff_def indexed_pset.indexed_const local.ring_axioms poly_scalar_mult_eq ring.P_ring_mult_assoc)
+qed
+
+lemma(in cring) poly_scalar_mult_times:
+ assumes "P \<in> Pring_set R I"
+ assumes "Q \<in> Pring_set R I"
+ assumes "k \<in> carrier R"
+ shows " poly_scalar_mult R k (Q \<Otimes>\<^sub>p P) = (poly_scalar_mult R k Q) \<Otimes>\<^sub>p P"
+ using assms times_poly_scalar_mult
+ by (metis (no_types, opaque_lifting) P_ring_mult_comm cring.P_ring_mult_comm
+ cring.poly_scalar_mult_closed is_cring local.ring_axioms ring.indexed_pset_in_carrier subset_refl)
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Defining the Ring of Indexed Polynomials\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+definition Pring :: "('b, 'e) ring_scheme \<Rightarrow> 'a set \<Rightarrow> ('b, ('b,'a) mvar_poly) module" where
+
+"Pring R I \<equiv> \<lparr> carrier = Pring_set R I,
+ Group.monoid.mult = P_ring_mult R ,
+ one = ring.indexed_const R \<one>\<^bsub>R\<^esub>,
+ zero = ring.indexed_const R \<zero>\<^bsub>R\<^esub>,
+ add = ring.indexed_padd R,
+ smult = poly_scalar_mult R\<rparr>"
+
+context ring
+
+begin
+
+lemma Pring_car:
+"carrier (Pring R I) = Pring_set R I"
+ unfolding Pring_def
+ by auto
+
+text\<open>Definitions of the operations and constants:\<close>
+
+lemma Pring_mult:
+"a \<otimes>\<^bsub>Pring R I\<^esub> b = a \<Otimes>\<^sub>p b"
+ unfolding Pring_def
+ by simp
+
+lemma Pring_add:
+"a \<oplus>\<^bsub>Pring R I\<^esub> b = a \<Oplus> b"
+ unfolding Pring_def
+ by simp
+
+lemma Pring_zero:
+"\<zero>\<^bsub>Pring R I\<^esub> = indexed_const \<zero>"
+ unfolding Pring_def by simp
+
+lemma Pring_one:
+"\<one>\<^bsub>Pring R I\<^esub> = indexed_const \<one>"
+ unfolding Pring_def by simp
+
+lemma Pring_smult:
+"(\<odot>\<^bsub>Pring R I\<^esub>) = (poly_scalar_mult R)"
+ unfolding Pring_def by simp
+
+lemma Pring_carrier_coeff:
+ assumes "a \<in> carrier (Pring R I)"
+ shows "carrier_coeff a"
+ using assms indexed_pset_in_carrier[of "(carrier R)" a I] Pring_car
+ by blast
+
+lemma Pring_carrier_coeff'[simp]:
+ assumes "a \<in> carrier (Pring R I)"
+ shows "a m \<in> carrier R"
+ using Pring_car[of I] assms carrier_coeffE indexed_pset_in_carrier
+ by blast
+
+lemma Pring_add_closed:
+ assumes "a \<in> carrier (Pring R I)"
+ assumes "b \<in> carrier (Pring R I)"
+ shows "a \<oplus>\<^bsub>Pring R I\<^esub> b \<in> carrier (Pring R I)"
+ using assms Pring_def[of R I]
+ by (simp add: Pring_def[of R I] indexed_pset.indexed_padd)
+
+lemma Pring_mult_closed:
+ assumes "a \<in> carrier (Pring R I)"
+ assumes "b \<in> carrier (Pring R I)"
+ shows "a \<otimes>\<^bsub>Pring R I\<^esub> b \<in> carrier (Pring R I)"
+ using assms P_ring_mult_closed'[of a I b] Pring_car[of I] Pring_mult[of I a b]
+ by (simp add: \<open>a \<otimes>\<^bsub>Pring R I\<^esub> b = a \<Otimes>\<^sub>p b\<close> \<open>carrier (Pring R I) = Pring_set R I\<close>)
+
+lemma Pring_one_closed:
+"\<one>\<^bsub>Pring R I\<^esub> \<in> carrier (Pring R I)"
+proof-
+ have "indexed_const \<one> \<in> carrier (Pring R I)"
+ using Pring_car indexed_pset.simps by blast
+ then show ?thesis
+ unfolding Pring_def by auto
+qed
+
+lemma Pring_zero_closed:
+"\<zero>\<^bsub>Pring R I\<^esub> \<in> carrier (Pring R I)"
+proof-
+ have "indexed_const \<zero> \<in> carrier (Pring R I)"
+ using Pring_car indexed_pset.simps by blast
+ then show ?thesis
+ unfolding Pring_def by auto
+qed
+
+lemma Pring_var_closed:
+ assumes "i \<in> I"
+ shows "var_to_IP R i \<in> carrier (Pring R I)"
+unfolding var_to_IP_def
+ by (metis Pring_car Pring_one_closed assms indexed_pset.indexed_pmult
+ local.ring_axioms monom_add_mset one_mset_to_IP ring.Pring_one)
+
+text\<open>Properties of addition:\<close>
+
+lemma Pring_add_assoc:
+ assumes "a \<in> carrier (Pring R I)"
+ assumes "b \<in> carrier (Pring R I)"
+ assumes "c \<in> carrier (Pring R I)"
+ shows "a \<oplus>\<^bsub>Pring R I\<^esub> (b \<oplus>\<^bsub>Pring R I\<^esub> c) = (a \<oplus>\<^bsub>Pring R I\<^esub> b) \<oplus>\<^bsub>Pring R I\<^esub> c"
+proof-
+ have "a \<Oplus> (b \<Oplus> c) = (a \<Oplus> b) \<Oplus> c"
+ proof
+ fix x
+ have "carrier_coeff a" "carrier_coeff b" "carrier_coeff c"
+ using assms Pring_car[of I] Pring_carrier_coeff apply blast
+ using assms Pring_car[of I] Pring_carrier_coeff apply blast
+ using assms Pring_car[of I] Pring_carrier_coeff by blast
+ then have "a x \<in> carrier R" "b x \<in> carrier R" "c x \<in> carrier R"
+ using carrier_coeffE apply blast
+ using \<open>carrier_coeff b\<close> carrier_coeffE apply blast
+ using \<open>carrier_coeff c\<close> carrier_coeffE by blast
+ show "(a \<Oplus> (b \<Oplus> c)) x = (a \<Oplus> b \<Oplus> c) x"
+ unfolding indexed_padd_def
+ using assms
+ by (simp add: \<open>a x \<in> carrier R\<close> \<open>b x \<in> carrier R\<close> \<open>c x \<in> carrier R\<close> add.m_assoc)
+ qed
+ then show ?thesis
+ using assms
+ by (simp add: Pring_add)
+qed
+
+lemma Pring_add_comm:
+ assumes "a \<in> carrier (Pring R I)"
+ assumes "b \<in> carrier (Pring R I)"
+ shows "a \<oplus>\<^bsub>Pring R I\<^esub> b = b \<oplus>\<^bsub>Pring R I\<^esub> a"
+proof-
+ have "a \<Oplus> b = b \<Oplus> a"
+ proof fix x
+ show "(a \<Oplus> b) x = (b \<Oplus> a) x"
+ using assms
+ by (metis abelian_monoid.a_comm abelian_monoid_axioms
+ indexed_padd_def local.ring_axioms ring.Pring_carrier_coeff')
+ qed
+ then show ?thesis
+ by (simp add: Pring_add)
+qed
+
+lemma Pring_add_zero:
+ assumes "a \<in> carrier (Pring R I)"
+ shows "a \<oplus>\<^bsub>Pring R I\<^esub> \<zero>\<^bsub>Pring R I\<^esub> = a"
+ "\<zero>\<^bsub>Pring R I\<^esub> \<oplus>\<^bsub>Pring R I\<^esub> a = a"
+ using assms Pring_zero Pring_add
+ apply (metis Pring_carrier_coeff indexed_padd_zero(1))
+ using assms Pring_zero Pring_add
+ by (metis Pring_carrier_coeff indexed_padd_zero(2))
+
+text\<open>Properties of multiplication\<close>
+
+lemma Pring_mult_assoc:
+ assumes "a \<in> carrier (Pring R I)"
+ assumes "b \<in> carrier (Pring R I)"
+ assumes "c \<in> carrier (Pring R I)"
+ shows "a \<otimes>\<^bsub>Pring R I\<^esub> (b \<otimes>\<^bsub>Pring R I\<^esub> c) = (a \<otimes>\<^bsub>Pring R I\<^esub> b) \<otimes>\<^bsub>Pring R I\<^esub> c"
+ using assms P_ring_mult_assoc[of a b c]
+ by (metis Pring_carrier_coeff Pring_mult)
+
+lemma Pring_mult_comm:
+ assumes "cring R"
+ assumes "a \<in> carrier (Pring R I)"
+ assumes "b \<in> carrier (Pring R I)"
+ shows "a \<otimes>\<^bsub>Pring R I\<^esub> b = b \<otimes>\<^bsub>Pring R I\<^esub> a"
+ using assms Pring_carrier_coeff[of a I] Pring_carrier_coeff[of b I]
+ Pring_mult[of I b a] Pring_mult[of I a b] cring.P_ring_mult_comm[of R a b]
+ by metis
+
+lemma Pring_mult_one:
+ assumes "a \<in> carrier (Pring R I)"
+ shows "a \<otimes>\<^bsub>Pring R I\<^esub> \<one>\<^bsub>Pring R I\<^esub> = a"
+proof
+ fix x
+ show "(a \<otimes>\<^bsub>Pring R I\<^esub> \<one>\<^bsub>Pring R I\<^esub>) x = a x "
+ proof-
+ have 0: "(a \<otimes>\<^bsub>Pring R I\<^esub> \<one>\<^bsub>Pring R I\<^esub>) x = (a \<Otimes>\<^sub>p indexed_const \<one>) x"
+ using assms Pring_mult[of I a "\<one>\<^bsub>Pring R I\<^esub>" ] Pring_one[of I]
+ by metis
+ have 1: "\<one> \<in> carrier R"
+ by simp
+ have 2: "(a \<otimes>\<^bsub>Pring R I\<^esub> \<one>\<^bsub>Pring R I\<^esub>) x = a x \<otimes> \<one>"
+ using 0 1 indexed_const_P_multE[of a I \<one> x]
+ assms Pring_car[of I]
+ by metis
+ then show ?thesis
+ using assms by auto
+ qed
+qed
+
+lemma Pring_mult_one':
+ assumes "a \<in> carrier (Pring R I)"
+ shows "\<one>\<^bsub>Pring R I\<^esub> \<otimes>\<^bsub>Pring R I\<^esub> a = a"
+ using one_mult_left[of a I]
+ assms Pring_one Pring_mult
+ by (simp add: Pring_mult Pring_one Pring_car)
+
+text\<open>Distributive laws\<close>
+
+lemma Pring_mult_rdistr:
+ assumes "a \<in> carrier (Pring R I)"
+ assumes "b \<in> carrier (Pring R I)"
+ assumes "c \<in> carrier (Pring R I)"
+ shows "a \<otimes>\<^bsub>Pring R I\<^esub> (b \<oplus>\<^bsub>Pring R I\<^esub> c) = (a \<otimes>\<^bsub>Pring R I\<^esub> b) \<oplus>\<^bsub>Pring R I\<^esub> (a \<otimes>\<^bsub>Pring R I\<^esub> c)"
+proof-
+ have "a \<Otimes>\<^sub>p (b \<Oplus> c) = a \<Otimes>\<^sub>p b \<Oplus> (a \<Otimes>\<^sub>p c)"
+ using P_ring_rdistr[of a b c]
+ assms Pring_carrier_coeff
+ by metis
+ then have "a \<Otimes>\<^sub>p (b \<oplus>\<^bsub>Pring R I\<^esub> c) = a \<Otimes>\<^sub>p b \<oplus>\<^bsub>Pring R I\<^esub> (a \<Otimes>\<^sub>p c)"
+ using Pring_add[of I b c] Pring_add[of I "a \<Otimes>\<^sub>p b" "a \<Otimes>\<^sub>p c"]
+ by auto
+ then have "a \<otimes>\<^bsub>Pring R I\<^esub> (b \<oplus>\<^bsub>Pring R I\<^esub> c) = (a \<Otimes>\<^sub>p b) \<oplus>\<^bsub>Pring R I\<^esub> (a \<Otimes>\<^sub>p c)"
+ using Pring_mult[of I a "(b \<oplus>\<^bsub>Pring R I\<^esub> c)"]
+ by auto
+ then have "a \<otimes>\<^bsub>Pring R I\<^esub> (b \<oplus>\<^bsub>Pring R I\<^esub> c) = (a \<otimes>\<^bsub>Pring R I\<^esub> b) \<oplus>\<^bsub>Pring R I\<^esub> (a \<Otimes>\<^sub>p c)"
+ using Pring_mult[of I a b] by metis
+ then show ?thesis
+ using Pring_mult[of I a c] by metis
+qed
+
+lemma Pring_mult_ldistr:
+ assumes "a \<in> carrier (Pring R I)"
+ assumes "b \<in> carrier (Pring R I)"
+ assumes "c \<in> carrier (Pring R I)"
+ shows "(b \<oplus>\<^bsub>Pring R I\<^esub> c) \<otimes>\<^bsub>Pring R I\<^esub> a = (b \<otimes>\<^bsub>Pring R I\<^esub> a) \<oplus>\<^bsub>Pring R I\<^esub> (c \<otimes>\<^bsub>Pring R I\<^esub> a)"
+proof-
+ have "(b \<Oplus> c) \<Otimes>\<^sub>p a = b \<Otimes>\<^sub>p a \<Oplus> (c \<Otimes>\<^sub>p a)"
+ using P_ring_ldistr[of a b c]
+ assms Pring_carrier_coeff
+ by metis
+ then have " (b \<oplus>\<^bsub>Pring R I\<^esub> c) \<Otimes>\<^sub>p a = b \<Otimes>\<^sub>p a \<oplus>\<^bsub>Pring R I\<^esub> (c \<Otimes>\<^sub>p a)"
+ using Pring_add[of I b c] Pring_add[of I "b \<Otimes>\<^sub>p a" "c \<Otimes>\<^sub>p a"]
+ by auto
+ then have " (b \<oplus>\<^bsub>Pring R I\<^esub> c) \<otimes>\<^bsub>Pring R I\<^esub> a = (b \<Otimes>\<^sub>p a) \<oplus>\<^bsub>Pring R I\<^esub> (c \<Otimes>\<^sub>p a)"
+ using Pring_mult[of I "(b \<oplus>\<^bsub>Pring R I\<^esub> c)" a]
+ by auto
+ then have "(b \<oplus>\<^bsub>Pring R I\<^esub> c) \<otimes>\<^bsub>Pring R I\<^esub> a = (b \<otimes>\<^bsub>Pring R I\<^esub> a) \<oplus>\<^bsub>Pring R I\<^esub> (c \<Otimes>\<^sub>p a)"
+ using Pring_mult[of I b a] by metis
+ then show ?thesis
+ using Pring_mult[of I c a] by metis
+qed
+
+text\<open>Properties of subtraction:\<close>
+
+lemma Pring_uminus:
+ assumes "a \<in> carrier (Pring R I)"
+ shows "P_ring_uminus R a \<in> carrier (Pring R I)"
+ using P_ring_uminus_closed[of a I] Pring_car[of I] assms
+ by metis
+
+lemma Pring_subtract:
+ assumes "a \<in> carrier (Pring R I)"
+ shows "P_ring_uminus R a \<oplus>\<^bsub>Pring R I\<^esub> a = \<zero>\<^bsub>Pring R I\<^esub>"
+ "a \<oplus>\<^bsub>Pring R I\<^esub> P_ring_uminus R a = \<zero>\<^bsub>Pring R I\<^esub>"
+ using assms Pring_add[of I "P_ring_uminus R a " a] Pring_zero[of I]
+ apply (simp add: Pring_car local.ring_axioms ring.P_ring_uminus_add)
+ using assms Pring_add[of I "P_ring_uminus R a " a] Pring_zero[of I]
+ by (metis P_ring_uminus_add P_ring_uminus_closed Pring_add_comm Pring_car)
+
+text\<open>Pring R I is a ring\<close>
+
+lemma Pring_is_abelian_group:
+ shows "abelian_group (Pring R I)"
+ apply(rule abelian_groupI)
+ apply (simp add: Pring_add_closed)
+ apply (simp add: local.ring_axioms ring.Pring_zero_closed)
+ apply (simp add: Pring_add_assoc)
+ apply (simp add: Pring_add_comm)
+ apply (simp add: local.ring_axioms ring.Pring_add_zero(2))
+ using Pring_subtract(1) Pring_uminus
+ by blast
+
+lemma Pring_is_monoid:
+"Group.monoid (Pring R I)"
+ apply(rule monoidI)
+ using Pring_mult_closed apply blast
+ apply (simp add: Pring_one_closed)
+ apply (metis Pring_mult_assoc)
+ using Pring_mult_one'
+ apply blast
+ using Pring_mult_one by blast
+
+lemma Pring_is_ring:
+ shows "ring (Pring R I)"
+ apply(rule ringI)
+ apply (simp add: Pring_is_abelian_group)
+ apply (simp add: Pring_is_monoid)
+ apply (simp add: Pring_mult_ldistr)
+ by (simp add: Pring_mult_rdistr)
+
+lemma Pring_is_cring:
+ assumes "cring R"
+ shows "cring (Pring R I)"
+ apply(rule cringI)
+ apply (simp add: Pring_is_abelian_group)
+ apply (simp add: Pring_is_monoid assms local.ring_axioms
+ monoid.monoid_comm_monoidI ring.Pring_mult_comm)
+ by (simp add: Pring_mult_ldistr)
+
+lemma Pring_a_inv:
+ assumes "P \<in> carrier (Pring R I)"
+ shows "\<ominus>\<^bsub>Pring R I\<^esub> P = P_ring_uminus R P"
+proof-
+ have 0: "P_ring_uminus R P \<in> carrier (Pring R I)"
+ using Pring_uminus assms
+ by blast
+ have 1: "P_ring_uminus R P \<oplus>\<^bsub>Pring R I\<^esub> P = \<zero>\<^bsub>Pring R I\<^esub>"
+ using Pring_subtract(1) assms
+ by blast
+ show ?thesis using 0 1 assms Pring_is_ring
+ by (simp add: Pring_car Pring_is_abelian_group abelian_group.minus_equality)
+qed
+
+
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Defining the R-Algebra of Indexed Polynomials\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+context cring
+begin
+
+lemma Pring_smult_cfs:
+ assumes "a \<in> carrier R"
+ assumes "P \<in> carrier (Pring R I)"
+ shows "(a \<odot>\<^bsub>Pring R I\<^esub> P) m = a \<otimes> (P m)"
+ using assms Pring_smult
+ by (simp add: Pring_smult poly_scalar_mult_def)
+
+lemma Pring_smult_closed:
+ "\<And> a x. [| a \<in> carrier R; x \<in> carrier (Pring R I) |] ==> a \<odot>\<^bsub>(Pring R I)\<^esub> x \<in> carrier (Pring R I)"
+ by (simp add: Pring_car Pring_smult poly_scalar_mult_closed)
+
+lemma Pring_smult_l_distr:
+ "!!a b x. [| a \<in> carrier R; b \<in> carrier R; x \<in> carrier (Pring R I) |] ==>
+ (a \<oplus> b) \<odot>\<^bsub>(Pring R I)\<^esub> x = (a \<odot>\<^bsub>(Pring R I)\<^esub> x) \<oplus>\<^bsub>(Pring R I)\<^esub> (b \<odot>\<^bsub>(Pring R I)\<^esub> x)"
+proof- fix a b x assume A: "a \<in> carrier R" "b \<in> carrier R" "x \<in> carrier (Pring R I)"
+ show "(a \<oplus> b) \<odot>\<^bsub>Pring R I\<^esub> x = a \<odot>\<^bsub>Pring R I\<^esub> x \<oplus>\<^bsub>Pring R I\<^esub> b \<odot>\<^bsub>Pring R I\<^esub> x"
+ proof fix m
+ have "(a \<oplus> b) \<otimes> x m = (a \<otimes> (x m)) \<oplus> (b \<otimes> (x m))"
+ by (meson A(1) A(2) A(3) Pring_carrier_coeff' local.semiring_axioms semiring.l_distr)
+ thus "((a \<oplus> b) \<odot>\<^bsub>Pring R I\<^esub> x) m = (a \<odot>\<^bsub>Pring R I\<^esub> x \<oplus>\<^bsub>Pring R I\<^esub> b \<odot>\<^bsub>Pring R I\<^esub> x) m"
+ using Pring_smult_cfs[of "a \<oplus> b" x I m]
+ Pring_smult_cfs[of "a" x I m]
+ Pring_smult_cfs[of "b" x I m]
+ Pring_smult_closed[of a x I]
+ Pring_smult_closed[of b x I]
+ Pring_add A
+ by (simp add: \<open>(a \<oplus> b) \<otimes> x m = a \<otimes> x m \<oplus> b \<otimes> x m\<close> Pring_def indexed_padd_def poly_scalar_mult_def)
+ qed
+qed
+
+lemma Pring_smult_r_distr:
+ "!!a x y. [| a \<in> carrier R; x \<in> carrier (Pring R I); y \<in> carrier (Pring R I) |] ==>
+ a \<odot>\<^bsub>(Pring R I)\<^esub> (x \<oplus>\<^bsub>(Pring R I)\<^esub> y) = (a \<odot>\<^bsub>(Pring R I)\<^esub> x) \<oplus>\<^bsub>(Pring R I)\<^esub> (a \<odot>\<^bsub>(Pring R I)\<^esub> y)"
+proof fix a x y m assume A: "a \<in> carrier R" "x \<in> carrier (Pring R I)" "y \<in> carrier (Pring R I)"
+ show "(a \<odot>\<^bsub>Pring R I\<^esub> (x \<oplus>\<^bsub>Pring R I\<^esub> y)) m =
+ (a \<odot>\<^bsub>Pring R I\<^esub> x \<oplus>\<^bsub>Pring R I\<^esub> a \<odot>\<^bsub>Pring R I\<^esub> y) m"
+ using Pring_smult_cfs[of a "x \<oplus>\<^bsub>Pring R I\<^esub> y" I m]
+ Pring_smult_cfs[of a x I m]
+ Pring_smult_cfs[of a y I m]
+ Pring_smult_closed[of a x I]
+ Pring_smult_closed[of a y I]
+ Pring_add A
+ by (metis (no_types, lifting) Pring_add_closed Pring_carrier_coeff' indexed_padd_def l_distr m_comm)
+qed
+
+lemma Pring_smult_assoc1:
+ "!!a b x. [| a \<in> carrier R; b \<in> carrier R; x \<in> carrier (Pring R I) |] ==>
+ (a \<otimes> b) \<odot>\<^bsub>Pring R I\<^esub> x = a \<odot>\<^bsub>Pring R I\<^esub> (b \<odot>\<^bsub>Pring R I\<^esub> x)"
+proof fix a b x m assume A: "a \<in> carrier R" "b \<in> carrier R" "x \<in> carrier (Pring R I)"
+ show " (a \<otimes> b \<odot>\<^bsub>Pring R I\<^esub> x) m = (a \<odot>\<^bsub>Pring R I\<^esub> (b \<odot>\<^bsub>Pring R I\<^esub> x)) m"
+ using Pring_smult_cfs[of "a \<otimes> b" x I m]
+ Pring_smult_cfs[of a "b \<odot>\<^bsub>Pring R I\<^esub> x" I m]
+ Pring_smult_cfs[of "b" x I m]
+ Pring_smult_closed[of a "b \<odot>\<^bsub>Pring R I\<^esub> x" I]
+ Pring_smult_closed[of b x I]
+ A(1) A(2) A(3) m_assoc m_closed by auto
+qed
+
+lemma Pring_smult_one:
+ "!!x. x \<in> carrier (Pring R I) ==> (one R) \<odot>\<^bsub>Pring R I\<^esub> x = x"
+ by (simp add: Pring_car Pring_smult poly_scalar_mult_one)
+
+
+lemma Pring_smult_assoc2:
+ "!!a x y. [| a \<in> carrier R; x \<in> carrier (Pring R I); y \<in> carrier (Pring R I) |] ==>
+ (a \<odot>\<^bsub>Pring R I\<^esub> x) \<otimes>\<^bsub>Pring R I\<^esub> y = a \<odot>\<^bsub>Pring R I\<^esub> (x \<otimes>\<^bsub>Pring R I\<^esub> y)"
+ by (simp add: Pring_def poly_scalar_mult_times)
+
+lemma Pring_algebra:
+"algebra R (Pring R I)"
+ apply(rule algebraI)
+ apply (simp add: is_cring)
+ apply (simp add: Pring_is_cring is_cring)
+ apply (simp add: Pring_smult_closed)
+ apply (simp add: Pring_smult_l_distr)
+ apply (simp add: Pring_smult_r_distr)
+ apply (simp add: Pring_smult_assoc1)
+ apply (simp add: Pring_smult_one)
+ by (simp add: Pring_smult_assoc2)
+
+
+end
+
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Evaluation of Polynomials and Subring Structure\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ In this section the aim is to define the evaluation of a polynomial over its base ring. We define
+ both total evaluation of a polynomial at all variables, and partial evaluation at only a subset
+ of variables. The basic input for evaluation is a variable assignment function mapping variables
+ to ring elements. Once we can evaluate a polynomial $P$ in variables $I$ over a ring $R$ at an
+ assignment $f: I \to R$, this can be generalized to evaluation of $P$ in some other ring $S$,
+ given a variable assignment $f: I \to S$ and a ring homomorphism $\phi: R \to S$. We chose to
+ define this by simply applying $\phi$ to the coefficients of $P$, and then using the first
+ evaluation function over $S$. This could also have been done the other way around: define
+ general polynomial evaluation over any ring, given a ring hom $\phi$, and then defining
+ evaluation over the base ring $R$ as the specialization of this function to the case there
+ $\phi = \mathit{id}_R$.\<close>
+
+definition remove_monom ::
+"('a,'b) ring_scheme \<Rightarrow> 'c monomial \<Rightarrow> ('a, 'c) mvar_poly \<Rightarrow> ('a, 'c) mvar_poly" where
+"remove_monom R m P = ring.indexed_padd R P (poly_scalar_mult R (\<ominus>\<^bsub>R\<^esub> P m) (mset_to_IP R m))"
+
+context cring
+begin
+
+lemma remove_monom_alt_def:
+ assumes "P \<in> Pring_set R I"
+ shows "remove_monom R m P n = (if n = m then \<zero> else P n)"
+ unfolding remove_monom_def
+ apply(cases "n = m")
+ using assms
+ apply (metis Pring_cfs_closed cring.cring_simprules(3) poly_scalar_mult_def
+ indexed_padd_def is_cring mset_to_IP_simp r_neg r_one)
+ using assms
+ by (metis Pring_cfs_closed add.l_cancel_one cring.cring_simprules(3)
+ poly_scalar_mult_def indexed_padd_def is_cring mset_to_IP_simp' r_null zero_closed)
+
+lemma remove_monom_zero:
+ assumes "m \<notin> monomials_of R P"
+ assumes "P \<in> Pring_set R I"
+ shows "remove_monom R m P = P"
+proof
+ fix x
+ show "remove_monom R m P x = P x "
+ apply(cases "x \<in> monomials_of R P")
+ using assms unfolding monomials_of_def remove_monom_def
+ apply (metis cring.remove_monom_alt_def is_cring remove_monom_def)
+ using assms unfolding monomials_of_def remove_monom_def
+ by (metis assms(1) cring.remove_monom_alt_def is_cring local.ring_axioms
+ remove_monom_def ring.complement_of_monomials_of)
+qed
+
+lemma remove_monom_closed:
+ assumes "P \<in> Pring_set R I"
+ shows "remove_monom R m P \<in> Pring_set R I"
+
+ apply(cases "m \<in> monomials_of R P")
+ using assms poly_scalar_mult_closed[of "(\<ominus> P m)" "(mset_to_IP R m)" I] mset_to_IP_closed[of m I]
+ unfolding remove_monom_def
+ apply (meson Pring_cfs_closed add.inv_closed indexed_pset.indexed_padd mset_to_IP_closed')
+ by (metis assms remove_monom_def remove_monom_zero)
+
+lemma remove_monom_monomials:
+ assumes "P \<in> Pring_set R I"
+ shows "monomials_of R (remove_monom R m P) = monomials_of R P - {m}"
+proof
+ show "monomials_of R (remove_monom R m P) \<subseteq> monomials_of R P - {m}"
+ using assms remove_monom_alt_def[of P I m]
+ unfolding monomials_of_def
+ by auto
+ show "monomials_of R P - {m} \<subseteq> monomials_of R (remove_monom R m P)"
+ using assms remove_monom_alt_def[of P I m]
+ unfolding monomials_of_def
+ by auto
+qed
+
+text\<open>The additive decomposition of a polynomial by a monomial\<close>
+
+lemma remove_monom_eq:
+ assumes "P \<in> Pring_set R I"
+ shows "P = (remove_monom R a P) \<Oplus> poly_scalar_mult R (P a) (mset_to_IP R a)"
+ unfolding remove_monom_def poly_scalar_mult_def
+proof
+ fix x
+ show "P x = (P \<Oplus> (\<lambda>m. \<ominus> P a \<otimes> mset_to_IP R a m) \<Oplus> (\<lambda>m. P a \<otimes> mset_to_IP R a m)) x"
+ apply(cases "x = a")
+ apply (metis Pring_cfs_closed assms l_minus l_zero local.ring_axioms mset_to_IP_simp one_closed r_neg r_one ring.indexed_padd_def)
+ proof-
+ assume A: "x \<noteq> a"
+ show "P x = (P \<Oplus> (\<lambda>m. \<ominus> P a \<otimes> mset_to_IP R a m) \<Oplus> (\<lambda>m. P a \<otimes> mset_to_IP R a m)) x"
+ using assms A
+ unfolding mset_to_IP_def indexed_padd_def
+ using Pring_cfs_closed by fastforce
+ qed
+qed
+
+lemma remove_monom_restrict_poly_to_monom_set:
+ assumes "P \<in> Pring_set R I"
+ assumes "monomials_of R P = insert a M"
+ assumes "a \<notin> M"
+ shows "(remove_monom R a P) = restrict_poly_to_monom_set R P M"
+proof
+ fix m
+ show "remove_monom R a P m= restrict_poly_to_monom_set R P M m"
+ apply(cases "m = a")
+ using assms apply (metis remove_monom_alt_def restrict_poly_to_monom_set_def)
+ using assms
+ by (metis complement_of_monomials_of insert_iff remove_monom_alt_def restrict_poly_to_monom_set_def)
+qed
+
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Nesting of Polynomial Rings According to Nesting of Index Sets\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+lemma(in ring) Pring_carrier_subset:
+ assumes "J \<subseteq> I"
+ shows "(Pring_set R J) \<subseteq> (Pring_set R I)"
+proof
+ fix P
+ show "P \<in> Pring_set R J \<Longrightarrow>P \<in> Pring_set R I"
+ apply(erule indexed_pset.induct)
+ using indexed_pset.indexed_const apply blast
+ using indexed_pset.indexed_padd apply blast
+ by (meson assms indexed_pset.indexed_pmult subsetD)
+qed
+
+lemma(in cring) Pring_set_restrict_induct:
+ shows "finite S \<Longrightarrow> \<forall>P. monomials_of R P = S \<and> P \<in> Pring_set R I \<and> (\<forall> m \<in> monomials_of R P. set_mset m \<subseteq> J) \<longrightarrow> P \<in> Pring_set R J"
+proof(erule finite.induct)
+ show "\<forall>P. monomials_of R P = {} \<and> P \<in> Pring_set R I \<and> (\<forall>m\<in>monomials_of R P. set_mset m \<subseteq> J) \<longrightarrow> P \<in> Pring_set R J"
+ proof
+ fix P
+ show "monomials_of R P = {} \<and> P \<in> Pring_set R I \<and> (\<forall>m\<in>monomials_of R P. set_mset m \<subseteq> J) \<longrightarrow> P \<in> Pring_set R J"
+ proof
+ assume A0: "monomials_of R P = {} \<and> P \<in> Pring_set R I \<and> (\<forall>m\<in>monomials_of R P. set_mset m \<subseteq> J)"
+ show "P \<in> Pring_set R J "
+ by (metis A0 card_eq_0_iff indexed_pset.indexed_const monomials_of_card_zero zero_closed)
+ qed
+ qed
+ show "\<And>A a. finite A \<Longrightarrow>
+ \<forall>P. monomials_of R P = A \<and> P \<in> Pring_set R I \<and> (\<forall>m\<in>monomials_of R P. set_mset m \<subseteq> J) \<longrightarrow> P \<in> Pring_set R J \<Longrightarrow>
+ \<forall>P. monomials_of R P = insert a A \<and> P \<in> Pring_set R I \<and> (\<forall>m\<in>monomials_of R P. set_mset m \<subseteq> J) \<longrightarrow> P \<in> Pring_set R J"
+ proof
+ fix A :: "('c monomial) set" fix a fix P
+ assume A1: "finite A"
+ assume A2: "\<forall>P. monomials_of R P = A \<and> P \<in> Pring_set R I \<and> (\<forall>m\<in>monomials_of R P. set_mset m \<subseteq> J) \<longrightarrow> P \<in> Pring_set R J"
+ show "monomials_of R P = insert a A \<and> P \<in> Pring_set R I \<and> (\<forall>m\<in>monomials_of R P. set_mset m \<subseteq> J) \<longrightarrow> P \<in> Pring_set R J "
+ proof
+ assume A3: "monomials_of R P = insert a A \<and> P \<in> Pring_set R I \<and> (\<forall>m\<in>monomials_of R P. set_mset m \<subseteq> J)"
+ show "P \<in> Pring_set R J"
+ apply(cases "a \<in> A")
+ apply (metis A2 A3 insert_absorb)
+ proof-
+ assume N: "a \<notin> A"
+ obtain Q where Q_def: "Q = remove_monom R a P"
+ by simp
+ have Q0: "monomials_of R Q = A"
+ proof-
+ have 0: "monomials_of R P = insert a A"
+ by (simp add: A3)
+ have 1: "P \<in> Pring_set R I"
+ using A3 by blast
+ have 2: "monomials_of R (remove_monom R a P) = monomials_of R P - {a}"
+ using A3 remove_monom_monomials by blast
+ then show ?thesis
+ using Q_def 0
+ by (simp add: N)
+ qed
+ have Q1: "Q \<in> Pring_set R I"
+ using A3 Q_def remove_monom_closed by blast
+ have Q2: "(\<forall>m\<in>monomials_of R Q. set_mset m \<subseteq> J)"
+ using Q0 A3
+ by blast
+ have "Q \<in> Pring_set R J"
+ using A2 Q0 Q1 Q2 by blast
+ then show "P \<in> Pring_set R J"
+ proof-
+ have "P = Q \<Oplus> poly_scalar_mult R (P a) (mset_to_IP R a)"
+ using Q_def remove_monom_eq
+ using A3 by blast
+ then show ?thesis
+ by (metis A3 Pring_cfs_closed \<open>Q \<in> Pring_set R J\<close> indexed_pset.indexed_padd insertCI mset_to_IP_closed poly_scalar_mult_closed)
+ qed
+ qed
+ qed
+ qed
+qed
+
+lemma(in cring) Pring_set_restrict:
+ assumes "P \<in> Pring_set R I"
+ assumes "(\<And>m. m \<in> monomials_of R P \<Longrightarrow> set_mset m \<subseteq> J)"
+ shows " P \<in> Pring_set R J"
+ using assms Pring_set_restrict_induct[of "monomials_of R P"]
+ by (metis monomials_finite)
+
+lemma(in ring) Pring_mult_eq:
+ fixes I:: "'c set"
+ fixes J:: "'c set"
+ shows "(\<otimes>\<^bsub>Pring R I\<^esub>) = (\<otimes>\<^bsub>Pring R J\<^esub>)"
+ by (simp add: Pring_def)
+
+lemma(in ring) Pring_add_eq:
+ fixes I:: "'c set"
+ fixes J:: "'c set"
+ shows "(\<oplus>\<^bsub>Pring R I\<^esub>) = (\<oplus>\<^bsub>Pring R J\<^esub>)"
+ using Pring_def
+ by (simp add: Pring_def)
+
+lemma(in ring) Pring_one_eq:
+ fixes I:: "'c set"
+ fixes J:: "'c set"
+ shows "(\<one>\<^bsub>Pring R I\<^esub>) = (\<one>\<^bsub>Pring R J\<^esub>)"
+ using Pring_def
+ by (simp add: Pring_def)
+
+lemma(in ring) Pring_zero_eq:
+ fixes I:: "'c set"
+ fixes J:: "'c set"
+ shows "(\<zero>\<^bsub>Pring R I\<^esub>) = (\<zero>\<^bsub>Pring R J\<^esub>)"
+ using Pring_def
+ by (simp add: Pring_def)
+
+lemma(in ring) index_subset_Pring_subring:
+ assumes "J \<subseteq> I"
+ shows "subring (carrier (Pring R J)) (Pring R I)"
+ apply(rule ring.subringI)
+ apply (simp add: Pring_is_ring; fail)
+ using assms
+ apply (simp add: Pring_car Pring_carrier_subset; fail)
+ using Pring_def
+ apply (simp add: Pring_def indexed_pset.indexed_const; fail)
+ proof-
+ show "\<And>h. h \<in> carrier (Pring R J) \<Longrightarrow> \<ominus>\<^bsub>Pring R I\<^esub> h \<in> carrier (Pring R J)"
+ proof-
+ fix h
+ assume A: "h \<in> carrier (Pring R J)"
+ then have A0: "\<ominus>\<^bsub>Pring R J\<^esub> h = P_ring_uminus R h"
+ using Pring_a_inv[of h J]
+ by auto
+ have A1: "\<ominus>\<^bsub>Pring R I\<^esub> h = P_ring_uminus R h"
+ using assms A Pring_carrier_subset[of J I] Pring_a_inv[of h I] Pring_car
+ by blast
+ show "\<ominus>\<^bsub>Pring R I\<^esub> h \<in> carrier (Pring R J)"
+ using A0 A1 A
+ by (simp add: Pring_uminus)
+ qed
+ show " \<And>h1 h2. h1 \<in> carrier (Pring R J) \<Longrightarrow> h2 \<in> carrier (Pring R J) \<Longrightarrow> h1 \<otimes>\<^bsub>Pring R I\<^esub> h2 \<in> carrier (Pring R J)"
+ using assms Pring_mult_eq
+ by (metis Pring_mult_closed)
+ show " \<And>h1 h2. h1 \<in> carrier (Pring R J) \<Longrightarrow> h2 \<in> carrier (Pring R J) \<Longrightarrow> h1 \<oplus>\<^bsub>Pring R I\<^esub> h2 \<in> carrier (Pring R J)"
+ using assms Pring_add_eq
+ by (metis Pring_add_closed)
+ qed
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Inclusion Maps\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+definition Pring_inc :: "('a, 'c) mvar_poly \<Rightarrow> ('a, 'c) mvar_poly" where
+"Pring_inc \<equiv> (\<lambda>P. P)"
+
+lemma(in ring) Princ_inc_is_ring_hom:
+ assumes "J \<subseteq> I"
+ shows "ring_hom_ring (Pring R J) (Pring R I) Pring_inc"
+ unfolding Pring_inc_def
+ apply(rule ring_hom_ringI)
+ apply (simp add: Pring_is_ring)
+ using Pring_is_ring apply blast
+ using index_subset_Pring_subring[of I J] assms index_subset_Pring_subring subringE(1)
+ apply blast
+ using Pring_mult_eq[of I J]
+ apply (simp add: Pring_mult)
+ using Pring_add_eq[of I J]
+ apply (simp add: Pring_add)
+ using Pring_one_eq
+ by (simp add: Pring_one_eq)
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Restricting a Multiset to a Subset of Variables\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+definition restrict_to_indices :: "'c monomial \<Rightarrow> 'c set \<Rightarrow> 'c monomial" where
+"restrict_to_indices m S = filter_mset (\<lambda>i. i \<in> S) m"
+
+lemma restrict_to_indicesE:
+ assumes "i \<in># restrict_to_indices m S"
+ shows "i \<in> S"
+ using assms
+ unfolding restrict_to_indices_def
+ by simp
+
+lemma restrict_to_indicesI[simp]:
+ assumes "i \<in># m"
+ assumes "i \<in> S"
+ shows "i \<in># restrict_to_indices m S"
+ using assms
+ unfolding restrict_to_indices_def
+ by simp
+
+lemma restrict_to_indices_not_in[simp]:
+ assumes "i \<in># m"
+ assumes "i \<notin> S"
+ shows "i \<notin># restrict_to_indices m S"
+ using assms
+ unfolding restrict_to_indices_def
+ by (meson count_eq_zero_iff count_filter_mset)
+
+lemma restrict_to_indices_submultiset[simp]:
+"restrict_to_indices m S \<subseteq># m"
+ unfolding restrict_to_indices_def
+ using multiset_filter_subset
+ by blast
+
+lemma restrict_to_indices_add_element:
+"restrict_to_indices (add_mset x m) S = (if x \<in> S then (add_mset x (restrict_to_indices m S) )
+ else (restrict_to_indices m S) )"
+ unfolding restrict_to_indices_def
+ by (metis filter_mset_add_mset)
+
+lemma restrict_to_indices_count[simp]:
+"count (restrict_to_indices m S) i = (if (i \<in> S) then (count m i) else 0)"
+ unfolding restrict_to_indices_def
+ by (metis count_filter_mset)
+
+lemma restrict_to_indices_subset:
+"restrict_to_indices m S = restrict_to_indices m (set_mset m \<inter> S)"
+proof(induction m)
+ case empty
+ then show ?case unfolding restrict_to_indices_def
+ by (metis filter_empty_mset)
+next
+ case (add x m)
+ assume IH: "restrict_to_indices m S = restrict_to_indices m (set_mset m \<inter> S)"
+ show "restrict_to_indices (add_mset x m) S = restrict_to_indices (add_mset x m) (set_mset (add_mset x m) \<inter> S)"
+ proof-
+ have "\<And>i. count (restrict_to_indices (add_mset x m) S) i =
+ count (restrict_to_indices (add_mset x m) (set_mset (add_mset x m) \<inter> S)) i "
+ proof-
+ fix i
+ show "count (restrict_to_indices (add_mset x m) S) i = count (restrict_to_indices (add_mset x m) (set_mset (add_mset x m) \<inter> S)) i"
+ apply(cases "i \<in> S")
+ using restrict_to_indices_count
+ apply (metis IntI count_inI)
+ by (metis restrict_to_indices_count Int_iff)
+ qed
+ then show ?thesis
+ using multiset_eq_iff by blast
+ qed
+qed
+
+text\<open>\texttt{Restrict\_to\_indices} only depends on the intersection
+ of the index set with the set of indices in m:\<close>
+
+lemma restrict_to_indices_subset':
+ assumes "(set_mset m) \<inter> S = (set_mset m) \<inter> S'"
+ shows "restrict_to_indices m S = restrict_to_indices m S'"
+ by (metis restrict_to_indices_subset assms)
+
+lemma mset_add_plus:
+ assumes "m = n + k"
+ shows "add_mset x m = (add_mset x n) + k"
+ using assms
+ by simp
+
+text\<open>Restricting to \<open>S\<close> and the complement of \<open>S\<close> partitions \<open>m\<close>:\<close>
+
+lemma restrict_to_indices_decomp:
+ "m = (restrict_to_indices m S) + (restrict_to_indices m ((set_mset m) - S))"
+ apply(induction m)
+ apply (metis add.right_neutral empty_Diff restrict_to_indices_submultiset set_mset_empty subset_mset.le_zero_eq)
+proof-
+ fix x
+ fix m
+ assume A: "m = restrict_to_indices m S + restrict_to_indices m (set_mset m - S)"
+ show "add_mset x m = restrict_to_indices (add_mset x m) S + restrict_to_indices (add_mset x m) (set_mset (add_mset x m) - S)"
+ proof(cases "x \<in> S")
+ case True
+ then have T0: "restrict_to_indices (add_mset x m) S = (add_mset x (restrict_to_indices m S) ) "
+ by (simp add: True restrict_to_indices_add_element)
+ have T1: "restrict_to_indices (add_mset x m) (set_mset (add_mset x m) - S) =
+ restrict_to_indices m (set_mset (add_mset x m) - S)"
+ using True by (metis DiffD2 restrict_to_indices_add_element)
+ have T2: "restrict_to_indices (add_mset x m) S + restrict_to_indices (add_mset x m) (set_mset (add_mset x m) - S)
+ = (add_mset x (restrict_to_indices m S) ) + restrict_to_indices m (set_mset (add_mset x m) - S)"
+ using T0 T1
+ by presburger
+ have T3: " add_mset x m = add_mset x (restrict_to_indices m S) + restrict_to_indices m (set_mset m - S)"
+ using T2 A using mset_add_plus[of m "restrict_to_indices m S" " restrict_to_indices m (set_mset m - S)" x]
+ by blast
+ have T4: "set_mset m \<inter> (set_mset (add_mset x m) - S) = set_mset m \<inter> (set_mset m - S)"
+ proof
+ show "set_mset m \<inter> (set_mset (add_mset x m) - S) \<subseteq> set_mset m \<inter> (set_mset m - S)"
+ by blast
+ show "set_mset m \<inter> (set_mset m - S) \<subseteq> set_mset m \<inter> (set_mset (add_mset x m) - S)"
+ by (simp add: True)
+ qed
+ have T5: "restrict_to_indices m (set_mset (add_mset x m) - S) = restrict_to_indices m (set_mset m - S)"
+ using T4 restrict_to_indices_subset'[of m "(set_mset (add_mset x m) - S)" " (set_mset m - S)" ]
+ by blast
+ then show ?thesis using T4
+ by (metis T0 T1 T3)
+ next
+ case False
+ then have F0: "restrict_to_indices (add_mset x m) S = (restrict_to_indices m S) "
+ by (simp add: False restrict_to_indices_add_element)
+ have F1: "restrict_to_indices (add_mset x m) (set_mset (add_mset x m) - S) =
+ (add_mset x (restrict_to_indices m (set_mset (add_mset x m) - S)))"
+ using False
+ by (meson DiffI restrict_to_indices_add_element union_single_eq_member)
+
+ have F2: "restrict_to_indices (add_mset x m) S + restrict_to_indices (add_mset x m) (set_mset (add_mset x m) - S)
+ = (restrict_to_indices m S) + (add_mset x (restrict_to_indices m (set_mset (add_mset x m) - S)))"
+ using F0 F1
+ by presburger
+ have F3: " add_mset x m = (restrict_to_indices m S) + (add_mset x (restrict_to_indices m (set_mset m - S)))"
+ using F2 A mset_add_plus[of m "restrict_to_indices m (set_mset m - S)" "restrict_to_indices m S" x]
+ by (metis union_mset_add_mset_right)
+ have F4: " add_mset x m = restrict_to_indices (add_mset x m) S+ (add_mset x (restrict_to_indices m (set_mset m - S)))"
+ using F0 F3 by auto
+ have F5: "add_mset x (restrict_to_indices m (set_mset m - S)) = restrict_to_indices (add_mset x m) (set_mset (add_mset x m) - S) "
+ proof(cases "x \<in> set_mset m")
+ case True
+ then show ?thesis
+ by (metis F1 add_mset_remove_trivial more_than_one_mset_mset_diff)
+ next
+ case F: False
+ have "set_mset m \<inter> (set_mset (add_mset x m) - S) = set_mset m \<inter>(set_mset m - S)"
+ proof
+ show "set_mset m \<inter> (set_mset (add_mset x m) - S) \<subseteq> set_mset m \<inter> (set_mset m - S)"
+ using F False
+ by blast
+ show "set_mset m \<inter> (set_mset m - S) \<subseteq> set_mset m \<inter> (set_mset (add_mset x m) - S)"
+ using F False
+ by (metis Diff_mono mset_add_plus Int_mono add_cancel_right_left
+ set_eq_subset subsetI subset_iff union_commute union_iff)
+ qed
+ then show ?thesis
+ by (metis F1 restrict_to_indices_subset')
+ qed
+ then show ?thesis
+ using False F4
+ by presburger
+ qed
+qed
+
+definition remove_indices :: "'c monomial \<Rightarrow> 'c set \<Rightarrow> 'c monomial" where
+"remove_indices m S = (restrict_to_indices m (set_mset m - S))"
+
+lemma remove_indices_decomp:
+"m = (restrict_to_indices m S) + (remove_indices m S)"
+ unfolding remove_indices_def
+ using restrict_to_indices_decomp
+ by blast
+
+lemma remove_indices_indices[simp]:
+ assumes "set_mset m \<subseteq> I"
+ shows "set_mset (remove_indices m S) \<subseteq> I - S"
+ unfolding remove_indices_def using assms
+ by (meson Diff_iff restrict_to_indicesE subsetD subsetI)
+
+subsubsection\<open>Total evaluation of a monomial\<close>
+
+text\<open>
+ We define total evaluation of a monomial first, and then define the partial evaluation of a
+ monomial in terms of this.
+\<close>
+
+abbreviation(input) closed_fun where
+"closed_fun R g \<equiv> g \<in> UNIV \<rightarrow> carrier R"
+
+definition monom_eval :: "('a, 'b) ring_scheme \<Rightarrow> 'c monomial \<Rightarrow> ('c \<Rightarrow> 'a) \<Rightarrow> 'a" where
+"monom_eval R (m:: 'c monomial) g = fold_mset (\<lambda> x . \<lambda> y. if y \<in> carrier R then (g x) \<otimes>\<^bsub>R\<^esub> y else \<zero>\<^bsub>R\<^esub>) \<one>\<^bsub>R\<^esub> m"
+
+context cring
+begin
+
+lemma closed_fun_simp:
+ assumes "closed_fun R g"
+ shows "g n \<in> carrier R"
+ using assms
+ by blast
+
+lemma closed_funI:
+ assumes "\<And>x. g x \<in> carrier R"
+ shows "closed_fun R g"
+ by (meson Pi_I assms)
+
+
+text\<open>The following are necessary technical lemmas to prove properties of about folds over multisets:\<close>
+
+lemma monom_eval_comp_fun:
+ fixes g:: "'c \<Rightarrow> 'a"
+ assumes "closed_fun R g"
+ shows "comp_fun_commute (\<lambda> x . \<lambda>y. if y \<in> carrier R then (g x) \<otimes> y else \<zero>)"
+ unfolding comp_fun_commute_def
+proof-
+ have "\<And> x y. (\<lambda>ya. if ya \<in> carrier R then g y \<otimes> ya else \<zero>) \<circ> (\<lambda>y. if y \<in> carrier R then g x \<otimes> y else \<zero>) =
+ (\<lambda>y. if y \<in> carrier R then g x \<otimes> y else \<zero>) \<circ> (\<lambda>ya. if ya \<in> carrier R then g y \<otimes> ya else \<zero>)"
+ proof
+ fix x y a
+ show "((\<lambda>ya. if ya \<in> carrier R then g y \<otimes> ya else \<zero>) \<circ> (\<lambda>y. if y \<in> carrier R then g x \<otimes> y else \<zero>)) a =
+ ((\<lambda>y. if y \<in> carrier R then g x \<otimes> y else \<zero>) \<circ> (\<lambda>ya. if ya \<in> carrier R then g y \<otimes> ya else \<zero>)) a"
+ proof(cases "a \<in> carrier R")
+ case True
+ then show ?thesis
+ proof-
+ have LHS: "((\<lambda>ya. if ya \<in> carrier R then g y \<otimes> ya else \<zero>) \<circ> (\<lambda>y. if y \<in> carrier R then g x \<otimes> y else \<zero>)) a =
+ ((\<lambda>ya. if ya \<in> carrier R then g y \<otimes> ya else \<zero>) (g x \<otimes> a))"
+ using True assms(1) m_closed m_lcomm
+ unfolding o_def
+ by presburger
+
+ then have LHS': "((\<lambda>ya. if ya \<in> carrier R then g y \<otimes> ya else \<zero>) \<circ> (\<lambda>y. if y \<in> carrier R then g x \<otimes> y else \<zero>)) a = g y \<otimes> (g x \<otimes> a) "
+ using True assms m_closed
+ by (meson PiE UNIV_I)
+ then show ?thesis
+ unfolding o_def
+ using True assms m_closed m_lcomm
+ by (smt PiE UNIV_I)
+ qed
+ next
+ case False
+ then show ?thesis
+ unfolding o_def
+ using assms r_null closed_fun_simp
+ by smt
+ qed
+ qed
+ then show " \<forall>y x. (\<lambda>ya. if ya \<in> carrier R then g y \<otimes> ya else \<zero>) \<circ> (\<lambda>y. if y \<in> carrier R then g x \<otimes> y else \<zero>) =
+ (\<lambda>y. if y \<in> carrier R then g x \<otimes> y else \<zero>) \<circ> (\<lambda>ya. if ya \<in> carrier R then g y \<otimes> ya else \<zero>)"
+ by blast
+qed
+
+lemma monom_eval_car:
+ assumes "closed_fun R g"
+ shows "monom_eval R (m:: 'c monomial) g \<in> carrier R"
+proof(induction m)
+case empty
+ then show ?case
+ unfolding monom_eval_def
+ by (metis fold_mset_empty one_closed)
+next
+ case (add x m)
+ fix x m
+ assume A: "monom_eval R m g \<in> carrier R"
+ obtain f where f_def: "f = (\<lambda> x . \<lambda>y. if y \<in> carrier R then (g x) \<otimes> y else \<zero>)"
+ by blast
+ have 0: "comp_fun_commute f"
+ using assms monom_eval_comp_fun[of g] f_def
+ by blast
+ have 1: "\<And>m. monom_eval R m g = fold_mset f \<one> m"
+ using f_def monom_eval_def
+ by blast
+ have 2: "monom_eval R (add_mset x m) g = fold_mset f \<one> (add_mset x m)"
+ using 1 by blast
+ have 3: "g x \<in> carrier R"
+ using assms by blast
+ then show "monom_eval R (add_mset x m) g \<in> carrier R"
+ using assms 0 1 2 3
+ by (metis A comp_fun_commute.fold_mset_add_mset f_def m_closed)
+qed
+
+text\<open>Formula for recursive (total) evaluation of a monomial:\<close>
+lemma monom_eval_add:
+ assumes "closed_fun R g"
+ shows "monom_eval R (add_mset x M) g = (g x) \<otimes> (monom_eval R M g)"
+proof-
+ obtain f where f_def: "f = (\<lambda> x . \<lambda>y. if y \<in> carrier R then (g x) \<otimes> y else \<zero>)"
+ by blast
+ have 0: "comp_fun_commute f"
+ using assms monom_eval_comp_fun f_def
+ by blast
+ have 1: "\<And>m. monom_eval R m g = fold_mset f \<one> m"
+ using f_def monom_eval_def
+ by blast
+ have 2: "monom_eval R (add_mset x M) g = fold_mset f \<one> (add_mset x M)"
+ using 1 by blast
+ have 3: "g x \<in> carrier R"
+ using assms by blast
+ have 4: "(g x) \<otimes> (monom_eval R M g) = f x (monom_eval R M g)"
+ using f_def 3
+ by (meson assms monom_eval_car)
+ then show ?thesis
+ by (metis "0" "1" comp_fun_commute.fold_mset_add_mset)
+qed
+
+end
+
+text\<open>
+ This function maps a polynomial $P$ to the set of monomials in $P$ which, after evaluating all
+ variables in the set $S$ to values in the ring $R$, reduce to the monomial $n$.
+\<close>
+
+definition monomials_reducing_to ::
+"('a,'b) ring_scheme \<Rightarrow> 'c monomial \<Rightarrow> ('a,'c) mvar_poly \<Rightarrow> 'c set \<Rightarrow> ('c monomial) set" where
+"monomials_reducing_to R n P S = {m \<in> monomials_of R P. remove_indices m S = n}"
+
+lemma monomials_reducing_to_subset[simp]:
+ "monomials_reducing_to R n P s \<subseteq> monomials_of R P"
+ unfolding monomials_reducing_to_def
+ by blast
+
+context cring
+begin
+
+lemma monomials_reducing_to_finite:
+ assumes "P \<in> Pring_set R I"
+ shows "finite (monomials_reducing_to R n P s)"
+ by (meson assms monomials_finite monomials_reducing_to_subset rev_finite_subset)
+
+lemma monomials_reducing_to_disjoint:
+ assumes "n1 \<noteq> n2"
+ shows "monomials_reducing_to R n1 P S \<inter> monomials_reducing_to R n2 P S = {}"
+ unfolding monomials_reducing_to_def
+ using assms
+ by blast
+
+lemma monomials_reducing_to_submset:
+assumes "n \<subset># m"
+shows "n \<notin> monomials_reducing_to R m P S"
+proof(rule ccontr)
+ assume C: "\<not> n \<notin> monomials_reducing_to R m P S "
+ then have "n \<in> monomials_reducing_to R m P S "
+ by blast
+ then have "remove_indices n S = m"
+ unfolding monomials_reducing_to_def
+ by blast
+ then show False
+ by (metis (full_types) remove_indices_def restrict_to_indices_submultiset assms subset_mset.less_asym' subset_mset.less_irrefl subset_mset_def)
+qed
+
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Partial Evaluation of a Polynomial\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ This function takes as input a set $S$ of variables, an evaluation function $g$, and a polynomial
+ to evaluate $P$. The output is a polynomial which is the result of evaluating the variables from
+ the set $S$ which occur in $P$, according to the evaluation function $g$.
+\<close>
+
+definition poly_eval ::
+ "('a,'b) ring_scheme \<Rightarrow> 'c set \<Rightarrow> ('c \<Rightarrow> 'a) \<Rightarrow> ('a, 'c) mvar_poly \<Rightarrow> ('a, 'c) mvar_poly"where
+"poly_eval R S g P m = (finsum R (\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes>\<^bsub>R\<^esub> (P n)) (monomials_reducing_to R m P S))"
+
+context cring
+begin
+
+lemma finsum_singleton:
+ assumes "S = {s}"
+ assumes "f s \<in> carrier R"
+ shows "finsum R f S = f s"
+proof-
+ have "finsum R f S = finsum R f (insert s {})"
+ using assms(1)
+ by blast
+ then show ?thesis using finsum_insert[of "{}" s f] assms
+ by (metis Pi_I empty_iff finite.emptyI finsum_empty r_zero)
+qed
+
+lemma poly_eval_constant:
+ assumes "k \<in> carrier R"
+ shows "poly_eval R S g (indexed_const k) = (indexed_const k)"
+proof
+ have S: "monomials_of R (indexed_const k) \<subseteq> {{#}}"
+ unfolding indexed_const_def monomials_of_def
+ by (metis (mono_tags, lifting) mem_Collect_eq singletonI subset_iff)
+ fix x
+ show "poly_eval R S g (indexed_const k) x = indexed_const k x "
+ proof(cases "x = {#}")
+ case True
+ have "(monomials_reducing_to R x (indexed_const k) S) \<subseteq> {{#}}"
+ using S monomials_reducing_to_subset
+ by blast
+ then show ?thesis
+ proof(cases "k = \<zero>")
+ case True
+ then have "(monomials_reducing_to R x (indexed_const k) S) = {}"
+ by (metis S \<open>monomials_reducing_to R x (indexed_const k) S \<subseteq> {{#}}\<close>
+ monomials_reducing_to_subset monoms_of_const subset_antisym subset_singletonD)
+ then show ?thesis
+ unfolding poly_eval_def
+ by (metis True finsum_empty indexed_const_def)
+ next
+ case False
+ then have "monomials_of R (indexed_const k) = {{#}}"
+ by (meson monoms_of_const)
+ have "remove_indices {#} S = {#}"
+ using remove_indices_decomp by blast
+ then have "{#} \<in> monomials_reducing_to R x (indexed_const k) S"
+ using True False unfolding monomials_reducing_to_def
+ \<open>monomials_of R (indexed_const k) = {{#}}\<close>
+ by blast
+ then have 0: "monomials_reducing_to R x (indexed_const k) S = {{#}}"
+ using \<open>monomials_reducing_to R x (indexed_const k) S \<subseteq> {{#}}\<close>
+ by blast
+ have 1: "restrict_to_indices {#} S = {#}"
+ using restrict_to_indices_submultiset remove_indices_decomp by blast
+ have 2: "monom_eval R (restrict_to_indices {#} S) g = \<one>"
+ unfolding monom_eval_def
+ using 1
+ by (metis fold_mset_empty)
+ have 3: "poly_eval R S g (indexed_const k) x =
+ (\<Oplus>n\<in>{{#}}. monom_eval R (restrict_to_indices n S) g \<otimes> indexed_const k n)"
+ unfolding poly_eval_def
+ using 0
+ by presburger
+ have 4: "(\<Oplus>n\<in>{{#}}. monom_eval R (restrict_to_indices n S) g \<otimes> indexed_const k n) = monom_eval R (restrict_to_indices {#} S) g \<otimes> indexed_const k {#}"
+ using finsum_singleton[of "{{#}}" "{#}" "\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes> indexed_const k n" ]
+ by (metis "2" assms indexed_const_def l_one)
+ then show ?thesis unfolding poly_eval_def
+ using 0 1 2
+ by (metis True assms indexed_const_def l_one)
+ qed
+ next
+ case False
+ then have F0: "(indexed_const k) x = \<zero>"
+ by (meson indexed_const_def)
+ have "(monomials_reducing_to R x (indexed_const k) S) = {}"
+ unfolding monomials_reducing_to_def
+ proof(rule ccontr)
+ assume A: "{m \<in> monomials_of R (indexed_const k). remove_indices m S = x} \<noteq> {}"
+ then obtain m where m_def: "m \<in> monomials_of R (indexed_const k) \<and> remove_indices m S = x"
+ by blast
+ then show False using A F0
+ by (metis False S empty_eq_union empty_iff
+ remove_indices_decomp singletonD subset_singletonD)
+ qed
+ then show ?thesis
+ unfolding poly_eval_def
+ by (metis False finsum_empty indexed_const_def)
+ qed
+qed
+
+lemma finsum_partition:
+ assumes "finite S"
+ assumes "f \<in> S \<rightarrow> carrier R"
+ assumes "T \<subseteq> S"
+ shows "finsum R f S = finsum R f T \<oplus> finsum R f (S - T) "
+proof-
+ have "\<And>U. finite U \<Longrightarrow> U \<subseteq> S \<longrightarrow> finsum R f S = finsum R f U \<oplus> finsum R f (S - U) "
+ proof-
+ fix U
+ show "finite U \<Longrightarrow> U \<subseteq> S \<longrightarrow> finsum R f S = finsum R f U \<oplus> finsum R f (S - U) "
+ apply(erule finite.induct)
+ apply (metis Diff_empty assms(2) finsum_closed finsum_empty l_zero)
+ proof
+ fix A :: "'c set" fix a
+ assume A0: "finite A"
+ show "A \<subseteq> S \<longrightarrow> finsum R f S = finsum R f A \<oplus> finsum R f (S - A) \<Longrightarrow> insert a A \<subseteq> S \<Longrightarrow> finsum R f S = finsum R f (insert a A) \<oplus> finsum R f (S - insert a A)"
+
+ proof-
+ assume A1: "A \<subseteq> S \<longrightarrow> finsum R f S = finsum R f A \<oplus> finsum R f (S - A)"
+ assume A2: "insert a A \<subseteq> S"
+ show "finsum R f S = finsum R f (insert a A) \<oplus> finsum R f (S - insert a A)"
+ apply(cases "a \<in> A")
+ apply (metis A1 A2 insert_absorb)
+ proof-
+ assume A3: "a \<notin> A"
+ have A4: "f a \<in> carrier R"
+ by (metis A2 Pi_iff assms(2) insert_subset)
+ have A5: " finsum R f (insert a A) = f a \<oplus> finsum R f A"
+
+ using A0 A1 A2 finsum_insert[of A a f] assms A3
+ by blast
+ have A6: "a \<in> S"
+ using A2 by blast
+ have A7: "finsum R f S \<in> carrier R"
+ using assms(2) finsum_closed by blast
+ have A8: " finsum R f (S - A)\<in> carrier R"
+ using Diff_subset[of S A] Pi_iff assms(2) finsum_closed[of f] subsetD[of _ S ]
+ by (meson Pi_anti_mono in_mono)
+ have A9: "finsum R f A \<in> carrier R"
+ by (meson A2 Pi_anti_mono assms(2) finsum_closed insert_subset subsetD)
+ have A10: "finsum R f A = finsum R f S \<ominus> finsum R f (S - A)"
+ using A7 A8 A9
+ by (metis A1 A2 add.inv_solve_right' insert_subset minus_eq)
+ have A11: " finsum R f (insert a A) = f a \<oplus> (finsum R f S \<ominus> finsum R f (S - A))"
+ using A5 A6 A1 A2 assms A10
+ by presburger
+ then have A12: " finsum R f (insert a A) =finsum R f S \<oplus>( f a \<ominus> finsum R f (S - A))"
+ using A4 A7 A8 add.inv_closed add.m_lcomm minus_eq by presburger
+ have A13: "finsum R f (insert a A) \<in> carrier R"
+ using A4 A5 A9 add.m_closed
+ by presburger
+ have A14: " finsum R f (S - insert a A) \<in> carrier R"
+ by (meson Diff_subset Pi_anti_mono assms(2) finsum_closed in_mono)
+ have A15: "finsum R f S = finsum R f (insert a A) \<ominus> ( f a \<ominus> finsum R f (S - A)) "
+ by (metis A12 A13 A4 A7 A8 add.inv_solve_right' minus_closed minus_eq)
+ have A16: "finsum R f S = finsum R f (insert a A) \<oplus> finsum R f (S - A) \<ominus> f a"
+ using A1 A2 A4 A5 A8 A9 add.inv_closed add.m_assoc add.m_comm insert_subset minus_closed minus_eq r_neg1
+ unfolding a_minus_def
+ by (metis add.m_closed)
+ have A16: "finsum R f S = finsum R f (insert a A) \<oplus> (finsum R f (S - A) \<ominus> f a)"
+ unfolding a_minus_def
+ using A13 A16 A4 A8 add.inv_closed add.m_assoc minus_eq by presburger
+ have A17: "(finsum R f (S - A) \<ominus> f a) = finsum R f (S - insert a A) "
+ proof-
+ have A170: "(S - A) = insert a (S - insert a A)"
+ using A3 A6 by blast
+ have A171: "a \<notin> S - insert a A"
+ by blast
+ then have "finsum R f (S - A) =(f a) \<oplus> finsum R f (S - insert a A) "
+ using A170 finsum_insert[of "(S - insert a A)" a f]
+ by (metis A4 Diff_subset Pi_anti_mono assms(1) assms(2)
+ rev_finite_subset subsetD )
+ then show ?thesis
+ by (metis A1 A13 A14 A16 A2 A4 A5 A8 A9 add.l_cancel
+ add.m_assoc add.m_comm insert_subset minus_closed)
+ qed
+ then show "finsum R f S = finsum R f (insert a A) \<oplus> finsum R f (S - insert a A) "
+ using A16
+ by presburger
+ qed
+ qed
+ qed
+ qed
+ then show ?thesis
+ by (meson assms(1) assms(3) rev_finite_subset)
+qed
+
+lemma finsum_eq_parition:
+ assumes "finite S"
+ assumes "f \<in> S \<rightarrow> carrier R"
+ assumes "T \<subseteq> S"
+ assumes "\<And>x. x \<in> S - T \<Longrightarrow> f x = \<zero>"
+ shows "finsum R f S = finsum R f T"
+ using assms
+ by (metis add.finprod_mono_neutral_cong_right)
+
+lemma poly_eval_scalar_mult:
+ assumes "k \<in> carrier R"
+ assumes "closed_fun R g"
+ assumes "P \<in> Pring_set R I"
+ shows "poly_eval R S g (poly_scalar_mult R k P)=
+ (poly_scalar_mult R k (poly_eval R S g P))"
+proof
+ fix m
+ show "poly_eval R S g (poly_scalar_mult R k P) m = poly_scalar_mult R k (poly_eval R S g P) m"
+ unfolding poly_eval_def poly_scalar_mult_def
+ proof-
+ have 0: "(\<Oplus>n\<in>monomials_reducing_to R m P S. monom_eval R (restrict_to_indices n S) g \<otimes> (k \<otimes> P n)) =
+ (\<Oplus>n\<in>monomials_reducing_to R m (\<lambda>m. k \<otimes> P m) S. monom_eval R (restrict_to_indices n S) g \<otimes> (k \<otimes> P n)) "
+ proof-
+ have 00: "monomials_reducing_to R m (\<lambda>m. k \<otimes> P m) S \<subseteq> monomials_reducing_to R m P S"
+ proof
+ fix x show " x \<in> monomials_reducing_to R m (\<lambda>m. k \<otimes> P m) S \<Longrightarrow> x \<in> monomials_reducing_to R m P S"
+ unfolding monomials_reducing_to_def
+ using assms assms(1) monomials_ofE complement_of_monomials_of r_null[of k]
+ by (metis (no_types, lifting) mem_Collect_eq)
+ have 01: "(\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes> (k \<otimes> P n)) \<in> monomials_reducing_to R m P S \<rightarrow> carrier R"
+ by (smt Pi_I Pring_cfs_closed assms(1) assms(2) assms(3) closed_fun_simp m_closed monom_eval_car)
+ have 02: "finite (monomials_reducing_to R m P S)"
+ using assms(3) monomials_reducing_to_finite
+ by blast
+ have 03: " (\<And>x. x \<in> monomials_reducing_to R m P S - monomials_reducing_to R m (\<lambda>m. k \<otimes> P m) S \<Longrightarrow>
+ monom_eval R (restrict_to_indices x S) g \<otimes> (k \<otimes> P x) = \<zero>)"
+ proof-
+ fix x
+ assume A: "x \<in> monomials_reducing_to R m P S - monomials_reducing_to R m (\<lambda>m. k \<otimes> P m) S "
+ have "x \<notin> monomials_of R ((\<lambda>m. k \<otimes> P m))"
+ proof
+ assume "x \<in> monomials_of R (\<lambda>m. k \<otimes> P m)"
+ then have "x \<in> monomials_reducing_to R m (\<lambda>m. k \<otimes> P m) S"
+ using A
+ unfolding monomials_reducing_to_def
+ by blast
+ then show False
+ using A by blast
+ qed
+ then show "monom_eval R (restrict_to_indices x S) g \<otimes> (k \<otimes> P x) = \<zero>"
+ by (metis assms(2) complement_of_monomials_of monom_eval_car r_null)
+ qed
+ qed
+ have 01: " (\<And>x. x \<in> monomials_reducing_to R m P S - monomials_reducing_to R m (\<lambda>m. k \<otimes> P m) S \<Longrightarrow> monom_eval R (restrict_to_indices x S) g \<otimes> (k \<otimes> P x) = \<zero>)"
+ proof- fix x assume A: "x \<in> monomials_reducing_to R m P S - monomials_reducing_to R m (\<lambda>m. k \<otimes> P m) S"
+ hence "x \<notin> monomials_reducing_to R m (\<lambda>m. k \<otimes> P m) S"
+ by blast
+ hence "(k \<otimes> P x) = \<zero>" unfolding monomials_reducing_to_def
+ by (metis (no_types, lifting) A DiffD1 complement_of_monomials_of mem_Collect_eq monomials_reducing_to_def)
+ thus "monom_eval R (restrict_to_indices x S) g \<otimes> (k \<otimes> P x) = \<zero>"
+ using monom_eval_car[of g] assms(2) r_null by presburger
+ qed
+ have 02: "finite (monomials_reducing_to R m P S)"
+ using assms(3) monomials_reducing_to_finite by blast
+ have 04: "(\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes> (k \<otimes> P n)) \<in> monomials_reducing_to R m P S \<rightarrow> carrier R"
+ by (smt Pi_I assms(1) assms(2) assms(3) closed_fun_simp cring.axioms(1) is_cring m_closed monom_eval_car ring.Pring_cfs_closed)
+ show ?thesis
+ using 00 01 02 04
+ finsum_eq_parition[of "monomials_reducing_to R m P S"
+ "(\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes> (k \<otimes> P n))"
+ "monomials_reducing_to R m (\<lambda>m. k \<otimes> P m) S"]
+ by blast
+ qed
+ then have 1: " (\<Oplus>n\<in>monomials_reducing_to R m (\<lambda>m. k \<otimes> P m) S. monom_eval R (restrict_to_indices n S) g \<otimes> (k \<otimes> P n))
+ = (\<Oplus>n\<in>monomials_reducing_to R m P S. k \<otimes> (monom_eval R (restrict_to_indices n S) g \<otimes> (P n))) "
+ proof-
+ have "\<And>n. monom_eval R (restrict_to_indices n S) g \<otimes> (k \<otimes> P n) = k \<otimes> (monom_eval R (restrict_to_indices n S) g \<otimes> (P n))"
+ by (metis Pring_cfs_closed assms(1) assms(2) assms(3) m_lcomm monom_eval_car)
+ then show ?thesis
+ using 0
+ by presburger
+ qed
+ show " (\<Oplus>n\<in>monomials_reducing_to R m (\<lambda>m. k \<otimes> P m) S. monom_eval R (restrict_to_indices n S) g \<otimes> (k \<otimes> P n))
+ = k \<otimes>(\<Oplus>n\<in>monomials_reducing_to R m P S. monom_eval R (restrict_to_indices n S) g \<otimes> (P n)) "
+ proof-
+ have "(\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes> (P n)) \<in> (monomials_reducing_to R m P S) \<rightarrow> carrier R"
+ by (meson Pi_I Pring_cfs_closed assms(2) assms(3) m_closed monom_eval_car)
+ then have "k \<otimes> (\<Oplus>i\<in>monomials_reducing_to R m P S. monom_eval R (restrict_to_indices i S) g \<otimes> P i) =
+ (\<Oplus>i\<in>monomials_reducing_to R m P S. k \<otimes> (monom_eval R (restrict_to_indices i S) g \<otimes> P i))"
+ using finsum_rdistr[of "monomials_reducing_to R m P S"
+ k
+ "(\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes> (P n))"]
+ assms monomials_reducing_to_finite by blast
+ then show ?thesis
+ using 1
+ by presburger
+ qed
+ qed
+qed
+
+lemma poly_eval_monomial:
+ assumes "closed_fun R g"
+ assumes "\<one> \<noteq>\<zero>"
+ shows "poly_eval R S g (mset_to_IP R m)
+ = poly_scalar_mult R (monom_eval R (restrict_to_indices m S) g)
+ (mset_to_IP R (remove_indices m S))"
+proof
+ have 0: "monomials_of R (mset_to_IP R m) = {m}"
+ using assms monomials_of_mset_to_IP
+ by blast
+
+ fix x
+ show "poly_eval R S g (mset_to_IP R m) x =
+ poly_scalar_mult R (monom_eval R (restrict_to_indices m S) g)
+ (mset_to_IP R (remove_indices m S)) x "
+ proof(cases "x = (remove_indices m S)")
+ case True
+ have "monomials_reducing_to R x (mset_to_IP R m) S = {m}"
+ unfolding monomials_reducing_to_def
+ using True 0
+ by auto
+ then have "poly_eval R S g (mset_to_IP R m) x = monom_eval R (restrict_to_indices m S) g \<otimes> (mset_to_IP R m m)"
+ unfolding poly_eval_def
+ by (metis (mono_tags, lifting) assms(1) finsum_singleton monom_eval_car mset_to_IP_simp r_one)
+ then show ?thesis
+ by (metis True mset_to_IP_simp poly_scalar_mult_def)
+ next
+ case False
+ then have "monomials_reducing_to R x (mset_to_IP R m) S = {}"
+ unfolding monomials_reducing_to_def
+ using 0
+ by auto
+ then have "poly_eval R S g (mset_to_IP R m) x = \<zero>"
+ unfolding poly_eval_def
+ by (metis finsum_empty)
+ then show ?thesis
+ using False
+ by (metis assms(1) monom_eval_car mset_to_IP_simp' poly_scalar_mult_def r_null)
+ qed
+qed
+
+
+lemma(in cring) poly_eval_monomial_closed:
+ assumes "closed_fun R g"
+ assumes "\<one> \<noteq>\<zero>"
+ assumes "set_mset m \<subseteq> I"
+ shows "poly_eval R S g (mset_to_IP R m) \<in> Pring_set R (I - S)"
+proof-
+ have "(mset_to_IP R (remove_indices m S)) \<in> Pring_set R (I - S)"
+ using assms mset_to_IP_closed[of "(remove_indices m S)" "I - S"]
+ by (metis remove_indices_indices)
+ then show ?thesis
+ using assms poly_eval_monomial[of g S m ]
+ poly_scalar_mult_closed[of "(monom_eval R (restrict_to_indices m S) g)"
+ "(mset_to_IP R (remove_indices m S))"]
+ by (metis monom_eval_car)
+qed
+
+lemma poly_scalar_mult_iter:
+ assumes "\<one> \<noteq>\<zero>"
+ assumes "P \<in> Pring_set R I"
+ assumes "k \<in> carrier R"
+ assumes "n \<in> carrier R"
+ shows "poly_scalar_mult R k (poly_scalar_mult R n P) = poly_scalar_mult R (k \<otimes> n) P"
+ using assms
+ unfolding poly_scalar_mult_def
+ by (metis Pring_cfs_closed m_assoc)
+
+lemma poly_scalar_mult_comm:
+ assumes "\<one> \<noteq>\<zero>"
+ assumes "P \<in> Pring_set R I"
+ assumes "a \<in> carrier R"
+ assumes "b \<in> carrier R"
+ shows "poly_scalar_mult R a (poly_scalar_mult R b P) = poly_scalar_mult R b (poly_scalar_mult R a P)"
+ using assms poly_scalar_mult_iter m_comm[of a b]
+ by metis
+
+lemma poly_eval_monomial_term:
+ assumes "closed_fun R g"
+ assumes "\<one> \<noteq>\<zero>"
+ assumes "set_mset m \<subseteq> I"
+ assumes "k \<in> carrier R"
+ shows "poly_eval R S g (poly_scalar_mult R k (mset_to_IP R m)) = poly_scalar_mult R (k\<otimes>(monom_eval R (restrict_to_indices m S) g))
+ (mset_to_IP R (remove_indices m S))"
+proof-
+ have 0: "poly_eval R S g (poly_scalar_mult R k (mset_to_IP R m)) =
+ poly_scalar_mult R k (poly_eval R S g (mset_to_IP R m))"
+ using assms poly_eval_scalar_mult[of k g "mset_to_IP R m" I S] mset_to_IP_closed
+ by blast
+ have 1: "poly_eval R S g (poly_scalar_mult R k (mset_to_IP R m)) =
+ poly_scalar_mult R k (poly_scalar_mult R (monom_eval R (restrict_to_indices m S) g)
+ (mset_to_IP R (remove_indices m S))) "
+ using 0 assms
+ by (metis poly_eval_monomial)
+ have 2: "mset_to_IP R (remove_indices m S) \<in> Pring_set R I"
+ using assms mset_to_IP_closed
+ by (metis Diff_subset remove_indices_def restrict_to_indicesE subset_iff)
+ have 3: "monom_eval R (restrict_to_indices m S) g \<in> carrier R"
+ using assms monom_eval_car by blast
+ show ?thesis
+ using 1 2 3 assms poly_scalar_mult_iter[of "mset_to_IP R (remove_indices m S)" I k "(monom_eval R (restrict_to_indices m S) g)"]
+ by presburger
+qed
+
+lemma poly_eval_monomial_term_closed:
+ assumes "closed_fun R g"
+ assumes "\<one> \<noteq>\<zero>"
+ assumes "set_mset m \<subseteq> I"
+ assumes "k \<in> carrier R"
+ shows "poly_eval R S g (poly_scalar_mult R k (mset_to_IP R m)) \<in> Pring_set R (I - S)"
+proof-
+ have "(mset_to_IP R (remove_indices m S)) \<in> Pring_set R (I - S)"
+ using assms
+ by (meson remove_indices_indices mset_to_IP_closed)
+ then show ?thesis
+ using assms poly_eval_monomial_term remove_indices_indices[of m I S]
+ by (metis cring.cring_simprules(5) cring.monom_eval_car is_cring poly_scalar_mult_closed)
+qed
+
+lemma finsum_split:
+ assumes "finite S"
+ assumes "f \<in> S \<rightarrow> carrier R"
+ assumes "g \<in> S \<rightarrow> carrier R"
+ assumes "k \<in> carrier R"
+ assumes "c \<in> S"
+ assumes "\<And>s. s \<in> S \<and> s \<noteq> c \<Longrightarrow> f s = g s"
+ assumes "g c = f c \<oplus> k"
+ shows "finsum R g S = k \<oplus> finsum R f S"
+proof-
+ have 0: "finsum R f S = f c \<oplus> finsum R f (S - {c})"
+ proof-
+ have "f \<in> S - {c} \<rightarrow> carrier R"
+ by (metis Pi_split_insert_domain assms(2) assms(5) insert_Diff)
+ then show ?thesis
+ using assms finsum_insert[of "S - {c}" c f]
+ by (metis DiffD2 Pi_iff finite_Diff insert_Diff singletonI)
+ qed
+ have 1: "finsum R g S = g c \<oplus> finsum R g (S - {c})"
+ proof-
+ have "g \<in> S - {c} \<rightarrow> carrier R"
+ by (metis Pi_split_insert_domain assms(3) assms(5) insert_Diff)
+ then show ?thesis
+ using assms finsum_insert[of "S - {c}" c g]
+ by (metis DiffD2 Pi_iff finite_Diff insert_Diff singletonI)
+ qed
+ have "finsum R f (S - {c}) = finsum R g (S - {c})"
+ using assms Diff_iff Pi_split_insert_domain finsum_cong'[of "S- {c}" "S - {c}" g f]
+ insert_Diff singletonI
+ by blast
+ then have "finsum R g S = f c \<oplus> k \<oplus> finsum R g (S - {c})"
+ using assms \<open>finsum R g S = g c \<oplus> finsum R g (S - {c})\<close>
+ by presburger
+ then have 1: "finsum R g S = f c \<oplus> k \<oplus> finsum R f (S - {c})"
+ using \<open>finsum R f (S - {c}) = finsum R g (S - {c})\<close> by presburger
+ have "finsum R g S = k \<oplus> ( f c \<oplus> finsum R f (S - {c}))"
+ proof-
+ have "f c \<in> carrier R"
+ by (metis PiE assms(2) assms(5))
+ have "finsum R f (S - {c}) \<in> carrier R"
+ by (metis Pi_split_insert_domain assms(2) assms(5) finsum_closed insert_Diff)
+ then show ?thesis using assms(4) 1
+ using \<open>f c \<in> carrier R\<close> add.m_assoc add.m_lcomm
+ by presburger
+ qed
+ then show ?thesis
+ using "0"
+ by presburger
+qed
+
+lemma poly_monom_induction:
+assumes "P (indexed_const \<zero>)"
+assumes "\<And>m k. set_mset m \<subseteq> I \<and> k \<in> carrier R \<Longrightarrow> P (poly_scalar_mult R k (mset_to_IP R m))"
+assumes "\<And>Q m k. Q \<in> Pring_set R I \<and> (P Q) \<and> set_mset m \<subseteq> I \<and> k \<in> carrier R\<Longrightarrow> P (Q \<Oplus> (poly_scalar_mult R k (mset_to_IP R m)))"
+shows "\<And>Q. Q \<in> Pring_set R I \<Longrightarrow> P Q"
+proof-
+ have 0: "\<And>Ms. finite Ms \<Longrightarrow> (\<forall> Q \<in> Pring_set R I. monomials_of R Q = Ms \<longrightarrow> P Q)"
+ proof-
+ fix Ms
+ show " finite Ms \<Longrightarrow> (\<forall> Q \<in> Pring_set R I. monomials_of R Q = Ms \<longrightarrow> P Q)"
+ proof(erule finite.induct)
+ show "\<forall>Q\<in>Pring_set R I. monomials_of R Q = {} \<longrightarrow> P Q"
+ proof
+ fix Q
+ assume "Q \<in> Pring_set R I"
+ show "monomials_of R Q = {} \<longrightarrow> P Q "
+ using assms
+ by (metis \<open>Q \<in> Pring_set R I\<close> card_0_eq monomials_finite monomials_of_card_zero)
+ qed
+ show "\<And>A a. finite A \<Longrightarrow> \<forall>Q\<in>Pring_set R I. monomials_of R Q = A \<longrightarrow> P Q \<Longrightarrow>
+ \<forall>Q\<in>Pring_set R I. monomials_of R Q = insert a A \<longrightarrow> P Q"
+ proof
+ fix A :: "'c monomial set" fix a fix Q
+ assume A0: "finite A"
+ assume A1: "\<forall>Q\<in>Pring_set R I. monomials_of R Q = A \<longrightarrow> P Q"
+ assume A2: " Q \<in> Pring_set R I "
+ show "monomials_of R Q = insert a A \<longrightarrow> P Q"
+ proof
+ assume A3: "monomials_of R Q = insert a A"
+ show "P Q"
+ apply(cases "a \<in> A")
+ apply (metis A1 A2 A3 insert_absorb)
+ proof-
+ assume A4: "a \<notin> A"
+ show "P Q"
+ proof-
+ have A5: "set_mset a \<subseteq> I"
+ by (metis A2 A3 insert_iff mset_to_IP_indices)
+ have A6: "set_mset a \<subseteq> I \<and> Q a \<in> carrier R"
+ using A2 A5 Pring_cfs_closed by blast
+ obtain Q' where Q'_def: "Q' = remove_monom R a Q"
+ by simp
+ then have "Q = Q' \<Oplus> poly_scalar_mult R (Q a) (mset_to_IP R a)"
+ using A2 cring.remove_monom_eq is_cring by blast
+ then show ?thesis using A6 assms
+ by (metis A1 A2 A3 A4 Diff_empty Diff_insert0 Q'_def insert_Diff1
+ remove_monom_closed remove_monom_monomials singletonI)
+ qed
+ qed
+ qed
+ qed
+ qed
+ qed
+ show "\<And>Q. Q \<in> Pring_set R I \<Longrightarrow> P Q"
+ proof-
+ fix Q
+ assume "Q \<in> Pring_set R I"
+ show "P Q"
+ using 0[of "monomials_of R Q"] \<open>Q \<in> Pring_set R I\<close> monomials_finite
+ by blast
+ qed
+qed
+
+lemma Pring_car_induct:
+ assumes "q \<in> carrier (Pring R I)"
+ assumes "P \<zero>\<^bsub>Pring R I\<^esub>"
+ assumes "\<And>m k. set_mset m \<subseteq> I \<and> k \<in> carrier R \<Longrightarrow> P (k \<odot>\<^bsub>Pring R I\<^esub>(mset_to_IP R m))"
+ assumes "\<And>Q m k. Q \<in> carrier (Pring R I) \<and> (P Q) \<and> set_mset m \<subseteq> I \<and> k \<in> carrier R\<Longrightarrow>
+ P (Q \<Oplus> (k \<odot>\<^bsub>Pring R I\<^esub> (mset_to_IP R m)))"
+ shows "P q"
+ using poly_monom_induction[of P I q] assms Pring_smult[of I] Pring_car[of I] Pring_zero
+ by metis
+
+lemma poly_monom_induction2:
+assumes "P (indexed_const \<zero>)"
+assumes "\<And>m k. set_mset m \<subseteq> I \<and> k \<in> carrier R \<Longrightarrow> P (poly_scalar_mult R k (mset_to_IP R m))"
+assumes "\<And>Q m k. Q \<in> Pring_set R I \<and> (P Q) \<and> set_mset m \<subseteq> I \<and> k \<in> carrier R \<Longrightarrow> P (Q \<Oplus> (poly_scalar_mult R k (mset_to_IP R m)))"
+assumes "Q \<in> Pring_set R I"
+shows "P Q"
+ using assms(1) assms(2) assms(3) assms(4) poly_monom_induction by blast
+
+lemma poly_monom_induction3:
+assumes "Q \<in> Pring_set R I"
+assumes "P (indexed_const \<zero>)"
+assumes "\<And>m k. set_mset m \<subseteq> I \<and> k \<in> carrier R \<Longrightarrow> P (poly_scalar_mult R k (mset_to_IP R m))"
+assumes "\<And>p q. p \<in> Pring_set R I \<Longrightarrow> (P p) \<Longrightarrow> q \<in> Pring_set R I \<Longrightarrow> (P q) \<Longrightarrow> P (p \<Oplus> q)"
+shows "P Q"
+ apply(rule poly_monom_induction2[of _ I])
+ using assms(2) apply blast
+ using assms(3) apply blast
+ apply (meson assms(3) assms(4) mset_to_IP_closed poly_scalar_mult_closed)
+ using assms(1) by blast
+
+lemma Pring_car_induct':
+assumes "Q \<in> carrier (Pring R I)"
+assumes "P \<zero>\<^bsub>Pring R I\<^esub>"
+assumes "\<And>m k. set_mset m \<subseteq> I \<and> k \<in> carrier R \<Longrightarrow> P (k \<odot>\<^bsub>Pring R I\<^esub> mset_to_IP R m)"
+assumes "\<And>p q. p \<in> carrier (Pring R I) \<Longrightarrow> (P p) \<Longrightarrow> q \<in> carrier (Pring R I) \<Longrightarrow> (P q) \<Longrightarrow> P (p \<oplus>\<^bsub>Pring R I\<^esub> q)"
+shows "P Q"
+ using poly_monom_induction3[of Q I P] assms Pring_smult Pring_add Pring_zero Pring_car
+ by metis
+
+lemma poly_eval_mono:
+ assumes "P \<in> Pring_set R I"
+ assumes "closed_fun R g"
+ assumes "finite F"
+ assumes "monomials_reducing_to R m P S \<subseteq> F"
+ assumes "\<And>n. n \<in> F \<Longrightarrow> remove_indices n S = m"
+ shows "poly_eval R S g P m = (\<Oplus>n\<in> F. monom_eval R (restrict_to_indices n S) g \<otimes> P n)"
+proof-
+ have 0: "(\<Oplus>n\<in> F. monom_eval R (restrict_to_indices n S) g \<otimes> P n)=
+ (\<Oplus>n\<in> F - (monomials_reducing_to R m P S). monom_eval R (restrict_to_indices n S) g \<otimes> P n) \<oplus> poly_eval R S g P m"
+ proof-
+ have 00: " (\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes> P n) \<in> F \<rightarrow> carrier R"
+ by (meson Pi_I Pring_cfs_closed assms(1) assms(2) m_closed monom_eval_car)
+ have 01: "monomials_reducing_to R m P S \<subseteq> F"
+ by (simp add: assms(4))
+ have 02: "(\<Oplus>n\<in>F. monom_eval R (restrict_to_indices n S) g \<otimes> P n) =
+ (\<Oplus>n\<in>monomials_reducing_to R m P S. monom_eval R (restrict_to_indices n S) g \<otimes> P n) \<oplus>
+ (\<Oplus>n\<in>F - monomials_reducing_to R m P S. monom_eval R (restrict_to_indices n S) g \<otimes> P n)"
+ using "00" "01" assms(3) finsum_partition by blast
+ have 03: " (\<Oplus>n\<in>F - monomials_reducing_to R m P S. monom_eval R (restrict_to_indices n S) g \<otimes> P n)\<in> carrier R"
+ by (metis (mono_tags, lifting) "00" DiffD1 PiE Pi_I finsum_closed)
+ have " (\<Oplus>n\<in>monomials_reducing_to R m P S. monom_eval R (restrict_to_indices n S) g \<otimes> P n) \<in> carrier R"
+ proof -
+ have "(\<lambda>m. monom_eval R (restrict_to_indices m S) g \<otimes> P m) \<in> monomials_reducing_to R m P S \<rightarrow> carrier R"
+ using "00" "01" by blast
+ then show ?thesis
+ using finsum_closed by blast
+ qed
+ then show ?thesis
+ unfolding poly_eval_def
+ using 00 01 02 03 add.m_comm
+ by presburger
+ qed
+ have "(\<Oplus>n\<in> F - (monomials_reducing_to R m P S). monom_eval R (restrict_to_indices n S) g \<otimes> P n) = \<zero>"
+ proof-
+ have "\<And>n. n \<in> F - (monomials_reducing_to R m P S) \<Longrightarrow> monom_eval R (restrict_to_indices n S) g \<otimes> P n = \<zero>"
+ proof-
+ fix n
+ assume A: "n \<in> F - (monomials_reducing_to R m P S)"
+ have "n \<notin> monomials_of R P"
+ proof
+ assume "n \<in> monomials_of R P"
+ then have "n \<in> (monomials_reducing_to R m P S)"
+ unfolding monomials_reducing_to_def
+ using assms(5) A
+ by blast
+ then show False using A by blast
+ qed
+ then show " monom_eval R (restrict_to_indices n S) g \<otimes> P n = \<zero>"
+ by (metis assms(2) monom_eval_car complement_of_monomials_of r_null)
+ qed
+ then show ?thesis
+ by (meson add.finprod_one_eqI)
+ qed
+ then have 1: "(\<Oplus>n\<in>F. monom_eval R (restrict_to_indices n S) g \<otimes> P n) =
+ \<zero> \<oplus> poly_eval R S g P m"
+ using 0 Pi_I Pring_cfs_closed add.r_cancel_one assms(1) assms(2)
+ by presburger
+ have " (\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes> P n) \<in> monomials_reducing_to R m P S \<rightarrow> carrier R"
+ by (meson Pi_I Pring_cfs_closed assms(1) assms(2) m_closed monom_eval_car)
+ hence "poly_eval R S g P m \<in> carrier R"
+ using assms
+ unfolding poly_eval_def
+ using finsum_closed[of "\<lambda> n. monom_eval R (restrict_to_indices n S) g \<otimes> P n"
+ "monomials_reducing_to R m P S"]
+ by (meson Pi_I Pring_cfs_closed m_closed monom_eval_car)
+ then have "(\<Oplus>n\<in>F. monom_eval R (restrict_to_indices n S) g \<otimes> P n) = poly_eval R S g P m"
+ using "1" add.r_cancel_one zero_closed
+ by presburger
+ then show ?thesis
+ by presburger
+qed
+
+lemma finsum_group:
+ assumes "\<And>n. f n \<in> carrier R"
+ assumes "\<And>n. g n \<in> carrier R"
+ shows "finite S \<Longrightarrow> finsum R f S \<oplus> finsum R g S = finsum R (\<lambda>n. f n \<oplus> g n) S "
+ apply(erule finite.induct)
+ apply (metis finsum_empty r_zero zero_closed)
+proof-
+ fix A :: "'c set "
+ fix a
+ assume A0: "finite A"
+ assume A1: "finsum R f A \<oplus> finsum R g A = (\<Oplus>n\<in>A. f n \<oplus> g n)"
+ show "finsum R f (insert a A) \<oplus> finsum R g (insert a A) = (\<Oplus>n\<in>insert a A. f n \<oplus> g n)"
+ proof(cases "a \<in> A")
+ case True
+ then show ?thesis
+ by (metis A1 insert_absorb)
+ next
+ case False
+ have LHS: "finsum R f (insert a A) \<oplus> finsum R g (insert a A) =
+ (f a \<oplus> finsum R f A) \<oplus> (g a \<oplus> finsum R g A)"
+ using assms finsum_insert[of A a f] finsum_insert[of A a g]
+ by (metis A0 False Pi_I)
+ have F0: "(\<lambda>n. f n \<oplus> g n) \<in> A \<rightarrow> carrier R"
+ using assms
+ by blast
+ have F1: "(f a \<oplus> g a) \<in> carrier R"
+ using assms
+ by blast
+ have RHS: " (\<Oplus>n\<in>insert a A. f n \<oplus> g n) = (f a \<oplus> g a) \<oplus> (\<Oplus>n\<in>A. f n \<oplus> g n)"
+ using F0 F1 assms finsum_insert[of A a " (\<lambda>n. f n \<oplus> g n)"] False A0
+ by blast
+ have F2: " f a \<oplus> finsum R f A \<oplus> (g a \<oplus> finsum R g A) = (f a \<oplus> g a) \<oplus> (finsum R f A \<oplus> finsum R g A)"
+ proof-
+ have F20: "f a \<in> carrier R"
+ using assms(1) by blast
+ have F21: "g a \<in> carrier R"
+ using assms(2) by blast
+ have F22: "finsum R f A \<in> carrier R"
+ by (metis Pi_iff assms(1) finsum_closed)
+ have F23: "finsum R g A \<in> carrier R"
+ by (metis Pi_I assms(2) finsum_closed)
+ show ?thesis using F21 F20 F22 F23
+ using add.m_assoc add.m_closed add.m_lcomm
+ by presburger
+ qed
+ show ?thesis
+ using RHS LHS assms A1 F2
+ by presburger
+ qed
+qed
+
+lemma poly_eval_add:
+ assumes "P \<in> Pring_set R I"
+ assumes "Q \<in> Pring_set R I"
+ assumes "closed_fun R g"
+ shows "poly_eval R S g (P \<Oplus> Q) = poly_eval R S g P \<Oplus> poly_eval R S g Q "
+proof
+ fix m
+ show "poly_eval R S g (P \<Oplus> Q) m = (poly_eval R S g P \<Oplus> poly_eval R S g Q) m"
+ proof-
+ obtain F where F_def: "F = monomials_reducing_to R m (P \<Oplus> Q) S \<union> monomials_reducing_to R m P S \<union>
+ monomials_reducing_to R m Q S"
+ by simp
+ have 0: "finite F"
+ proof-
+ have 00: "finite (monomials_reducing_to R m (P \<Oplus> Q) S)"
+ using assms
+ by (meson finite_subset monomials_finite monomials_of_add_finite monomials_reducing_to_subset)
+ have 01: "finite (monomials_reducing_to R m P S)"
+ using assms(1) monomials_reducing_to_finite by blast
+ have 02: "finite (monomials_reducing_to R m Q S)"
+ using assms(2) monomials_reducing_to_finite by blast
+ show ?thesis
+ using F_def 00 01 02
+ by blast
+ qed
+ have 1: "\<And>n. n \<in> F \<Longrightarrow> remove_indices n S = m"
+ proof-
+ fix n
+ assume A: "n \<in> F"
+ show "remove_indices n S = m"
+ using F_def
+ unfolding monomials_reducing_to_def
+ using A
+ by blast
+ qed
+ have 2: "poly_eval R S g (P \<Oplus> Q) m = (\<Oplus>n\<in> F. monom_eval R (restrict_to_indices n S) g \<otimes> (P \<Oplus> Q) n)"
+ using assms 0 1 poly_eval_mono[of "P \<Oplus> Q" I g F m] F_def indexed_pset.indexed_padd
+ by blast
+ have 3: "poly_eval R S g P m = (\<Oplus>n\<in> F. monom_eval R (restrict_to_indices n S) g \<otimes> P n)"
+ using assms 0 1 poly_eval_mono[of "P" I g F m] F_def indexed_pset.indexed_padd
+ by blast
+ have 4: "poly_eval R S g Q m = (\<Oplus>n\<in> F. monom_eval R (restrict_to_indices n S) g \<otimes> Q n)"
+ using assms 0 1 poly_eval_mono[of "Q" I g F m] F_def indexed_pset.indexed_padd
+ by blast
+ have 5: "poly_eval R S g P m \<oplus> poly_eval R S g Q m = (\<Oplus>n\<in> F. monom_eval R (restrict_to_indices n S) g \<otimes> P n
+ \<oplus> monom_eval R (restrict_to_indices n S) g \<otimes> Q n)"
+ proof-
+ have 50: "(\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes> P n) \<in> F \<rightarrow> carrier R"
+ by (meson Pi_I Pring_cfs_closed assms(1) assms(3) m_closed monom_eval_car)
+ have 51: "(\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes> Q n) \<in> F \<rightarrow> carrier R"
+ by (meson Pi_I Pring_cfs_closed assms(2) assms(3) m_closed monom_eval_car)
+ then show ?thesis
+ using 0 2 3 50 finsum_group[of "(\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes> P n)"
+ "(\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes> Q n)" F]
+ by (metis (mono_tags, lifting) "4" Pring_cfs_closed assms(1) assms(2) assms(3) m_closed monom_eval_car)
+ qed
+ have 6: "poly_eval R S g P m \<oplus> poly_eval R S g Q m
+ = (\<Oplus>n\<in> F. monom_eval R (restrict_to_indices n S) g \<otimes>( P n \<oplus> Q n))"
+ proof-
+ have 0 : "(\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes> P n \<oplus> monom_eval R (restrict_to_indices n S) g \<otimes> Q n) \<in> F \<rightarrow> carrier R"
+ apply(rule Pi_I)
+ by (meson Pring_cfs_closed add.m_closed assms(1) assms(2) assms(3) m_closed monom_eval_car)
+ have 1: "(\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes> (P n \<oplus> Q n)) \<in> F \<rightarrow> carrier R"
+ apply(rule Pi_I)
+ by (meson Pring_cfs_closed add.m_closed assms(1) assms(2) assms(3) m_closed monom_eval_car)
+ have "\<And>n. n \<in> F \<Longrightarrow> monom_eval R (restrict_to_indices n S) g \<otimes>( P n \<oplus> Q n) = monom_eval R (restrict_to_indices n S) g \<otimes> P n
+ \<oplus> monom_eval R (restrict_to_indices n S) g \<otimes> Q n"
+ using assms Pring_cfs_closed cring.monom_eval_car is_cring r_distr
+ by metis
+ then have "(\<lambda>x\<in>F. monom_eval R (restrict_to_indices x S) g \<otimes> P x \<oplus> monom_eval R (restrict_to_indices x S) g \<otimes> Q x)
+ = (\<lambda>x\<in>F. monom_eval R (restrict_to_indices x S) g \<otimes> (P x \<oplus> Q x))"
+ by (metis (no_types, lifting) restrict_ext)
+ then show ?thesis
+ using 5 finsum_eq[of "(\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes> P n \<oplus> monom_eval R (restrict_to_indices n S) g \<otimes> Q n)"
+ F "(\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes>( P n \<oplus> Q n))" ] 0 1
+ by presburger
+ qed
+ have 7: "monomials_reducing_to R m (P \<Oplus> Q) S \<subseteq> F"
+ using F_def
+ by blast
+ have 8: "poly_eval R S g (P \<Oplus> Q) m = (\<Oplus>n\<in>F. monom_eval R (restrict_to_indices n S) g \<otimes> (P \<Oplus> Q) n)"
+ using 7 0 1 "2"
+ by blast
+ obtain f where f_def: "f = (\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes> (P \<Oplus> Q) n)"
+ by blast
+ obtain h where h_def: "h = (\<lambda>n. monom_eval R (restrict_to_indices n S) g \<otimes>( P n \<oplus> Q n))"
+ by blast
+ have 9: "f \<in> F \<rightarrow> carrier R"
+ using f_def
+ by (metis (mono_tags, lifting) Pi_I Pring_cfs_closed add.m_closed
+ assms(1) assms(2) assms(3) indexed_padd_def m_closed monom_eval_car)
+ have 10: "h \<in> F \<rightarrow> carrier R"
+ using h_def
+ by (metis (mono_tags, lifting) "9" Pi_cong f_def indexed_padd_def)
+ have 11: "restrict f F = restrict h F"
+ using f_def h_def
+ by (metis indexed_padd_def)
+ have "finsum R f F = finsum R h F"
+ using 9 10 11 finsum_eq[of f F h]
+ by blast
+ then show ?thesis
+ using f_def h_def
+ by (metis (no_types, lifting) "6" "8" indexed_padd_def)
+ qed
+qed
+
+lemma poly_eval_Pring_add:
+ assumes "P \<in> carrier (Pring R I)"
+ assumes "Q \<in> carrier (Pring R I)"
+ assumes "closed_fun R g"
+ shows "poly_eval R S g (P \<oplus>\<^bsub>Pring R I\<^esub> Q) = poly_eval R S g P \<oplus>\<^bsub>Pring R I\<^esub> poly_eval R S g Q "
+ using assms poly_eval_add[of P I Q g S]
+ by (metis Pring_add Pring_car)
+
+text\<open>Closure of partial evaluation maps:\<close>
+lemma(in cring) poly_eval_closed:
+ assumes "closed_fun R g"
+ assumes "P \<in> Pring_set R I"
+ shows "poly_eval R S g P \<in> Pring_set R (I - S)"
+proof-
+ obtain Pr where Pr_def[simp]: "Pr = (\<lambda>Q. poly_eval R S g Q \<in> Pring_set R (I - S))"
+ by blast
+ have "Pr P"
+ apply(rule poly_monom_induction2[of _ I _ ])
+ apply (metis Pr_def indexed_pset.indexed_const poly_eval_constant zero_closed)
+ apply (metis Pr_def assms(1) indexed_pset.indexed_const mset_to_IP_closed
+ poly_eval_constant poly_eval_monomial_term_closed poly_scalar_mult_zero r_null r_one)
+ proof-
+ show "P \<in> Pring_set R I" using assms by blast
+ show "\<And>Q m k. Q \<in> Pring_set R I \<and> Pr Q \<and> set_mset m \<subseteq> I \<and> k \<in> carrier R\<Longrightarrow> Pr (Q \<Oplus> poly_scalar_mult R k (mset_to_IP R m))"
+ proof-
+ fix Q
+ fix m
+ fix k
+ assume A: "Q \<in> Pring_set R I \<and> Pr Q \<and> set_mset m \<subseteq> I\<and> k \<in> carrier R"
+ then have 0: "poly_eval R S g Q \<in> Pring_set R (I - S)"
+ using Pr_def by blast
+ have 1: "poly_scalar_mult R k (mset_to_IP R m) \<in> Pring_set R I"
+ using A mset_to_IP_closed poly_scalar_mult_closed
+ by blast
+ have "poly_eval R S g (Q \<Oplus> poly_scalar_mult R k (mset_to_IP R m)) =
+ poly_eval R S g Q \<Oplus> poly_eval R S g (poly_scalar_mult R k (mset_to_IP R m)) "
+ using assms poly_eval_add[of Q I " (poly_scalar_mult R k (mset_to_IP R m))" g] "1" A
+ by blast
+ then show "Pr (Q \<Oplus> poly_scalar_mult R k (mset_to_IP R m))"
+ using Pr_def
+ by (metis "1" A assms(1) indexed_pset.indexed_padd poly_eval_monomial_term_closed poly_scalar_mult_one poly_scalar_mult_zero)
+ qed
+ qed
+ then show ?thesis
+ using Pr_def
+ by blast
+qed
+
+lemma poly_scalar_mult_indexed_pmult:
+ assumes "P \<in> Pring_set R I"
+ assumes "k \<in> carrier R"
+ shows " poly_scalar_mult R k (P \<Otimes> i) = (poly_scalar_mult R k P) \<Otimes> i"
+proof-
+ have 0: "mset_to_IP R {#i#} \<in> Pring_set R (I \<union> {i})"
+ by (metis Un_upper2 mset_to_IP_closed set_mset_add_mset_insert set_mset_empty)
+ have 1: "P \<in> Pring_set R (I \<union> {i})"
+ using Pring_carrier_subset Un_upper1 assms(1) by blast
+ show ?thesis
+ using 0 1 poly_scalar_mult_times[of "mset_to_IP R {#i#}" "I \<union> {i}" P k]
+ poly_index_mult[of P "I \<union> {i}" i] assms
+ by (metis Un_upper2 insert_subset poly_index_mult poly_scalar_mult_closed)
+qed
+
+lemma remove_indices_add_mset:
+ assumes "i \<notin> S"
+ shows "remove_indices (add_mset i m) S = add_mset i (remove_indices m S)"
+ apply(induction m)
+ apply (smt assms empty_eq_union remove_indices_decomp restrict_to_indicesE single_is_union union_single_eq_member)
+ by (metis assms multi_union_self_other_eq remove_indices_decomp restrict_to_indices_add_element union_mset_add_mset_right)
+
+lemma poly_eval_monom_insert:
+ assumes "closed_fun R g"
+ assumes "\<one> \<noteq>\<zero>"
+ assumes "i \<in> S"
+ shows "poly_eval R S g (mset_to_IP R (add_mset i m))
+ = poly_scalar_mult R (g i)
+ (poly_eval R S g (mset_to_IP R m))"
+proof-
+ have 0: "poly_eval R S g (mset_to_IP R (add_mset i m)) =
+ poly_scalar_mult R (monom_eval R (restrict_to_indices (add_mset i m) S) g)
+ (mset_to_IP R (remove_indices (add_mset i m) S))"
+ using assms(1) assms(2) poly_eval_monomial by blast
+ have 1: "(mset_to_IP R (remove_indices (add_mset i m) S)) =
+ (mset_to_IP R (remove_indices m S))"
+ using assms
+ by (metis (full_types) Diff_iff insert_Diff1 remove_indices_def restrict_to_indices_add_element set_mset_add_mset_insert)
+ have 2: "(monom_eval R (restrict_to_indices (add_mset i m) S) g) =
+ (g i) \<otimes> ((monom_eval R (restrict_to_indices m S) g))"
+ using assms
+ by (metis monom_eval_add restrict_to_indices_add_element)
+ have 3: "poly_eval R S g (mset_to_IP R (add_mset i m)) =
+ poly_scalar_mult R ((g i) \<otimes> ((monom_eval R (restrict_to_indices m S) g)))
+ (mset_to_IP R (remove_indices m S))"
+ using 0 1 2 assms
+ by presburger
+ hence "poly_eval R S g (mset_to_IP R (add_mset i m)) =
+ poly_scalar_mult R (g i)
+ (poly_scalar_mult R ((monom_eval R (restrict_to_indices m S) g))
+ (mset_to_IP R (remove_indices m S)))"
+ using assms poly_scalar_mult_iter[of "(mset_to_IP R (remove_indices m S))"
+ UNIV "g i" "monom_eval R (restrict_to_indices m S) g"]
+ mset_to_IP_closed[of "remove_indices m S" UNIV]
+ by (metis PiE UNIV_I monom_eval_car subsetI)
+ thus ?thesis using assms
+ by (metis poly_eval_monomial)
+qed
+
+lemma poly_eval_monom_insert':
+ assumes "closed_fun R g"
+ assumes "\<one> \<noteq>\<zero>"
+ assumes "i \<notin> S"
+ shows "poly_eval R S g (mset_to_IP R (add_mset i m))
+ = (poly_eval R S g (mset_to_IP R m)) \<Otimes> i"
+proof-
+ have 0: "poly_eval R S g (mset_to_IP R (add_mset i m)) =
+ poly_scalar_mult R (monom_eval R (restrict_to_indices (add_mset i m) S) g)
+ (mset_to_IP R (remove_indices (add_mset i m) S))"
+ using assms(1) assms(2) poly_eval_monomial by blast
+ hence "poly_eval R S g (mset_to_IP R (add_mset i m)) =
+ poly_scalar_mult R (monom_eval R (restrict_to_indices m S) g)
+ (mset_to_IP R (remove_indices (add_mset i m) S))"
+ by (metis assms(3) restrict_to_indices_add_element)
+ hence "poly_eval R S g (mset_to_IP R (add_mset i m)) =
+ poly_scalar_mult R (monom_eval R (restrict_to_indices m S) g)
+ (mset_to_IP R (add_mset i (remove_indices m S)))"
+ by (metis assms(3) remove_indices_add_mset)
+ hence "poly_eval R S g (mset_to_IP R (add_mset i m)) =
+ poly_scalar_mult R (monom_eval R (restrict_to_indices m S) g)
+ (mset_to_IP R (remove_indices m S) \<Otimes> i)"
+ by (metis monom_add_mset)
+ hence "poly_eval R S g (mset_to_IP R (add_mset i m)) =
+ (poly_scalar_mult R (monom_eval R (restrict_to_indices m S) g)
+ (mset_to_IP R (remove_indices m S))) \<Otimes> i"
+ by (metis assms(1) cring.monom_eval_car is_cring local.ring_axioms
+ poly_scalar_mult_indexed_pmult ring.mset_to_IP_closed set_eq_subset)
+ thus ?thesis
+ by (metis assms(1) assms(2) poly_eval_monomial)
+qed
+
+lemma poly_eval_indexed_pmult_monomial:
+ assumes "closed_fun R g"
+ assumes "k \<in> carrier R"
+ assumes "i \<in> S"
+ assumes "\<one> \<noteq> \<zero>"
+ shows "poly_eval R S g (poly_scalar_mult R k (mset_to_IP R m) \<Otimes> i) =
+ poly_scalar_mult R (g i) (poly_eval R S g (poly_scalar_mult R k (mset_to_IP R m)))"
+proof-
+ have 0: "poly_scalar_mult R k (mset_to_IP R m) \<Otimes> i =
+ poly_scalar_mult R k (mset_to_IP R (add_mset i m ))"
+ using monom_add_mset[of i m] poly_scalar_mult_indexed_pmult
+ by (metis (no_types, opaque_lifting) assms(2) local.ring_axioms ring.mset_to_IP_closed subsetD subset_refl)
+ hence 1: "poly_eval R S g (poly_scalar_mult R k (mset_to_IP R m) \<Otimes> i) =
+ poly_scalar_mult R k (poly_eval R S g (mset_to_IP R (add_mset i m )))"
+ by (metis assms(1) assms(2) cring.poly_eval_scalar_mult is_cring local.ring_axioms ring.mset_to_IP_closed subsetI)
+ have 2: "poly_scalar_mult R (g i) (poly_eval R S g (poly_scalar_mult R k (mset_to_IP R m)))
+ = poly_scalar_mult R (g i)
+ (poly_scalar_mult R k (poly_eval R S g (mset_to_IP R m))) "
+ by (smt assms(1) assms(2) local.ring_axioms poly_eval_scalar_mult ring.mset_to_IP_closed subsetD subset_refl)
+ hence 3: "poly_scalar_mult R (g i) (poly_eval R S g (poly_scalar_mult R k (mset_to_IP R m)))
+ = poly_scalar_mult R k
+ (poly_scalar_mult R (g i) (poly_eval R S g (mset_to_IP R m))) "
+ using assms poly_scalar_mult_comm[of "(poly_eval R S g (mset_to_IP R m))" UNIV]
+ poly_eval_closed[of g "(mset_to_IP R m)" UNIV]
+ by (metis UNIV_I closed_fun_simp cring.poly_scalar_mult_comm
+ is_cring local.ring_axioms ring.mset_to_IP_closed subsetI)
+ have 4: "(poly_eval R S g (mset_to_IP R (add_mset i m))) = (poly_scalar_mult R (g i) (poly_eval R S g (mset_to_IP R m)))"
+ using assms poly_eval_monom_insert[of g i S m]
+ by blast
+ thus ?thesis
+ using 1 3 poly_scalar_mult_comm assms
+ by presburger
+qed
+
+lemma poly_eval_indexed_pmult_monomial':
+ assumes "closed_fun R g"
+ assumes "k \<in> carrier R"
+ assumes "i \<notin> S"
+ assumes "\<one> \<noteq> \<zero>"
+ shows "poly_eval R S g (poly_scalar_mult R k (mset_to_IP R m) \<Otimes> i) =
+ (poly_eval R S g (poly_scalar_mult R k (mset_to_IP R m))) \<Otimes> i"
+proof-
+ have "poly_eval R S g (poly_scalar_mult R k (mset_to_IP R m) \<Otimes> i) =
+ poly_scalar_mult R k (poly_eval R S g ( (mset_to_IP R m) \<Otimes> i))"
+ using poly_eval_scalar_mult[of k g]
+ by (metis UNIV_I assms(1) assms(2) local.ring_axioms poly_scalar_mult_indexed_pmult ring.monom_add_mset ring.mset_to_IP_closed subsetI)
+ hence "poly_eval R S g (poly_scalar_mult R k (mset_to_IP R m) \<Otimes> i) =
+ poly_scalar_mult R k (poly_eval R S g (mset_to_IP R (add_mset i m)))"
+ by (simp add: monom_add_mset)
+ hence "poly_eval R S g (poly_scalar_mult R k (mset_to_IP R m) \<Otimes> i) =
+ (poly_scalar_mult R k (poly_eval R S g (mset_to_IP R m))) \<Otimes> i"
+ using poly_eval_monom_insert'[of g i S m]
+ by (smt assms(1) assms(2) assms(3) assms(4) poly_eval_monomial_closed poly_scalar_mult_indexed_pmult subsetD subset_refl)
+ thus ?thesis using assms poly_eval_scalar_mult[of k g _ UNIV S]
+ by (metis UNIV_I mset_to_IP_closed subsetI)
+qed
+
+lemma indexed_pmult_add:
+ assumes "p \<in> Pring_set R I"
+ assumes "q \<in> Pring_set R I"
+ shows "p \<Oplus> q \<Otimes> i = (p \<Otimes> i) \<Oplus> (q \<Otimes> i)"
+ using assms poly_index_mult[of _ "I \<union> {i}"]
+ by (smt Pring_carrier_subset Set.basic_monos(1) Un_upper1 Un_upper2 cring.axioms(1)
+ insert_subset is_cring mk_disjoint_insert mset_to_IP_closed ring.P_ring_ldistr
+ ring.indexed_pset.intros(2) ring.indexed_pset_in_carrier set_mset_add_mset_insert
+ set_mset_empty)
+
+lemma poly_eval_indexed_pmult:
+ assumes "P \<in> Pring_set R I"
+ assumes "closed_fun R g"
+ shows "poly_eval R S g (P \<Otimes> i) = (if i \<in> S then poly_scalar_mult R (g i) (poly_eval R S g P) else (poly_eval R S g P)\<Otimes> i )"
+proof(cases "i \<in> S")
+ case True
+ have "poly_eval R S g (P \<Otimes> i) = poly_scalar_mult R (g i) (poly_eval R S g P)"
+ apply(rule poly_monom_induction3[of P I])
+ using assms apply blast
+ apply (metis PiE UNIV_I assms(2) indexed_pmult_zero poly_eval_constant poly_scalar_mult_const r_null zero_closed)
+ apply (meson True assms(2) poly_eval_indexed_pmult_monomial)
+ apply (smt PiE True UNIV_I assms(2) genideal_one genideal_zero indexed_pmult_zero mset_to_IP_closed poly_eval_constant poly_eval_indexed_pmult_monomial poly_scalar_mult_one poly_scalar_mult_zero singletonD)
+ proof- fix p q assume A:
+ "p \<in> Pring_set R I"
+ "poly_eval R S g (p \<Otimes> i) = poly_scalar_mult R (g i) (poly_eval R S g p)"
+ "q \<in> Pring_set R I"
+ "poly_eval R S g (q \<Otimes> i) = poly_scalar_mult R (g i) (poly_eval R S g q)"
+ have "poly_eval R S g (p \<Oplus> q \<Otimes> i) = poly_eval R S g (p \<Otimes> i) \<Oplus> poly_eval R S g (q \<Otimes> i)"
+ using assms poly_eval_add[of "p \<Otimes> i" "I \<union> {i}" "q \<Otimes> i" g S]
+ indexed_pmult_add[of p I q i]
+ by (smt A(1) A(3) Pring_carrier_subset Un_insert_right Un_upper1 indexed_pset.indexed_pmult insert_iff insert_subset mk_disjoint_insert)
+ hence "poly_eval R S g (p \<Oplus> q \<Otimes> i) = poly_scalar_mult R (g i) (poly_eval R S g p) \<Oplus>
+ poly_scalar_mult R (g i) (poly_eval R S g q)"
+ using A
+ by presburger
+ hence "poly_eval R S g (p \<Oplus> q \<Otimes> i) = poly_scalar_mult R (g i)
+ ((poly_eval R S g p) \<Oplus> (poly_eval R S g q))"
+ using Pring_smult poly_eval_closed[of g] A Pring_add Pring_car \<open>poly_eval R S g (p \<Oplus> q \<Otimes> i) = poly_eval R S g (p \<Otimes> i) \<Oplus> poly_eval R S g (q \<Otimes> i)\<close> assms(1) assms(2) closed_fun_simp
+ Pring_smult_r_distr[of "g i" "poly_eval R S g p" _ "poly_eval R S g q"] Pring_add Pring_car
+ by metis
+ thus "poly_eval R S g (p \<Oplus> q \<Otimes> i) = poly_scalar_mult R (g i) (poly_eval R S g (p \<Oplus> q))"
+ by (metis A(1) A(3) assms(2) poly_eval_add)
+ qed
+ then show ?thesis
+ using True by presburger
+next
+ case False
+ have "poly_eval R S g (P \<Otimes> i) = (poly_eval R S g P) \<Otimes> i"
+ apply(rule poly_monom_induction3[of P I])
+ apply (simp add: assms(1))
+ apply (metis indexed_pmult_zero poly_eval_constant zero_closed)
+ apply (metis False assms(2) indexed_pmult_zero inv_unique l_null mset_to_IP_closed
+ one_closed one_mset_to_IP poly_eval_constant poly_eval_indexed_pmult_monomial'
+ poly_scalar_mult_zero zero_closed)
+ proof-fix p q assume A:
+ "p \<in> Pring_set R I"
+ "poly_eval R S g (p \<Otimes> i) = poly_eval R S g p \<Otimes> i"
+ "q \<in> Pring_set R I"
+ "poly_eval R S g (q \<Otimes> i) = poly_eval R S g q \<Otimes> i"
+ have "poly_eval R S g (p \<Oplus> q \<Otimes> i) = poly_eval R S g (p \<Otimes> i) \<Oplus> poly_eval R S g (q \<Otimes> i)"
+ using assms poly_eval_add[of "p \<Otimes> i" "I \<union> {i}" "q \<Otimes> i" g S]
+ indexed_pmult_add[of p I q i]
+ by (smt A(1) A(3) Pring_carrier_subset Un_insert_right Un_upper1 indexed_pset.indexed_pmult insert_iff insert_subset mk_disjoint_insert)
+ thus "poly_eval R S g (p \<Oplus> q \<Otimes> i) = poly_eval R S g (p \<Oplus> q) \<Otimes> i"
+ by (metis A(1) A(2) A(3) A(4) assms(2) indexed_pmult_add poly_eval_add poly_eval_closed)
+ qed
+ then show ?thesis
+ by (simp add: False)
+qed
+
+lemma poly_eval_index:
+ assumes "\<one> \<noteq>\<zero>"
+ assumes "closed_fun R g"
+ shows "poly_eval R S g (mset_to_IP R {#i#})= (if i \<in> S then (indexed_const (g i)) else mset_to_IP R {#i#})"
+proof-
+ have 0: "poly_eval R S g (mset_to_IP R {#i#})= poly_scalar_mult R (monom_eval R (restrict_to_indices {#i#} S) g)
+ (mset_to_IP R (remove_indices {#i#} S))"
+ using poly_eval_monomial[of g S "{#i#}" ] assms(1) assms(2) by blast
+ show ?thesis proof(cases "i \<in> S")
+ case True
+ then have T0: "(restrict_to_indices {#i#} S) = {#i#}"
+ by (metis restrict_to_indices_add_element restrict_to_indices_submultiset add_mset_subseteq_single_iff)
+ then have T1: "(monom_eval R (restrict_to_indices {#i#} S) g) = (monom_eval R {#i#} g)"
+ by presburger
+ then have "(monom_eval R (restrict_to_indices {#i#} S) g) = g i \<otimes> monom_eval R {#} g"
+ using assms monom_eval_add[of g i "{#}"]
+ by presburger
+ then have T2: "(monom_eval R (restrict_to_indices {#i#} S) g) = g i"
+ unfolding monom_eval_def
+ using T0
+ by (metis PiE UNIV_I assms(2) fold_mset_empty r_one)
+ have T3: "(remove_indices {#i#} S) = {#}"
+ by (metis Diff_iff remove_indices_indices restrict_to_indicesE
+ T0 multiset_cases subset_iff union_single_eq_member)
+ then have T4: " (mset_to_IP R (remove_indices {#i#} S)) = indexed_const \<one>"
+ by (metis one_mset_to_IP)
+ have T5: "poly_eval R S g (mset_to_IP R {#i#})= poly_scalar_mult R (g i) (indexed_const \<one>)"
+ using "0" T2 T4
+ by presburger
+ then show ?thesis using True poly_scalar_mult_const
+ by (metis T2 assms(2) monom_eval_car one_closed r_one)
+ next
+ case False
+ have F0: "(restrict_to_indices {#i#} S) = {#}"
+ using False restrict_to_indices_def
+ by (metis restrict_to_indices_add_element filter_empty_mset)
+ have F1: "(monom_eval R (restrict_to_indices {#i#} S) g) = \<one>"
+ using F0
+ unfolding monom_eval_def
+ by (metis fold_mset_empty)
+ have F2: "(remove_indices {#i#} S) = {#i#}"
+ using False
+ by (metis Diff_iff remove_indices_def restrict_to_indices_add_element
+ restrict_to_indices_def filter_empty_mset set_mset_single singletonI)
+ have F3: "(mset_to_IP R (remove_indices {#i#} S)) = mset_to_IP R {#i#}"
+ by (simp add: F2)
+ have F4: " poly_eval R S g (mset_to_IP R {#i#})= poly_scalar_mult R \<one> (mset_to_IP R {#i#})"
+ using "0" F1 F3
+ by presburger
+ show ?thesis using False
+ by (metis F4 mset_to_IP_closed poly_scalar_mult_one subset_iff)
+ qed
+qed
+
+lemma poly_eval_indexed_pmult':
+ assumes "P \<in> Pring_set R I"
+ assumes "closed_fun R g"
+ assumes "i \<in> I"
+ shows "poly_eval R S g (P \<Otimes>\<^sub>p (mset_to_IP R {#i#})) = poly_eval R S g P \<Otimes>\<^sub>p poly_eval R S g (mset_to_IP R {#i#})"
+proof(cases "i \<in> S")
+ case True
+ have "(P \<Otimes>\<^sub>p mset_to_IP R {#i#})=(P \<Otimes> i) "
+ using assms poly_index_mult
+ by metis
+ then have 0: " poly_eval R S g (P \<Otimes>\<^sub>p mset_to_IP R {#i#}) = poly_scalar_mult R (g i) (poly_eval R S g P)"
+ using True assms poly_eval_indexed_pmult[of P I g S i]
+ by presburger
+ have 1: "poly_eval R S g (mset_to_IP R {#i#}) = indexed_const (g i)"
+ using assms True
+ by (smt PiE UNIV_I genideal_one genideal_zero indexed_pmult_zero monom_add_mset one_mset_to_IP poly_eval_constant poly_eval_index singletonD)
+ then have "poly_eval R S g P \<Otimes>\<^sub>p poly_eval R S g (mset_to_IP R {#i#})= poly_eval R S g P\<Otimes>\<^sub>p indexed_const (g i) "
+ by presburger
+ then have "poly_eval R S g P \<Otimes>\<^sub>p poly_eval R S g (mset_to_IP R {#i#})= indexed_const (g i) \<Otimes>\<^sub>p poly_eval R S g P"
+ using assms P_ring_mult_comm[of "indexed_const (g i)" "poly_eval R S g P"]
+ unfolding carrier_coeff_def
+ by (metis "1" Pring_cfs_closed cring.closed_fun_simp indexed_pset.indexed_const is_cring poly_eval_closed)
+ then have "poly_eval R S g P \<Otimes>\<^sub>p poly_eval R S g (mset_to_IP R {#i#})= poly_scalar_mult R (g i) (poly_eval R S g P)"
+ using assms
+ by (metis "0" "1" \<open>P \<Otimes>\<^sub>p mset_to_IP R {#i#} = P \<Otimes> i\<close> cring.closed_fun_simp is_cring poly_eval_closed poly_scalar_mult_eq)
+ then show ?thesis using 0
+ by presburger
+next
+ case False
+ then have 0: "poly_eval R S g (P \<Otimes>\<^sub>p (mset_to_IP R {#i#})) = (poly_eval R S g P)\<Otimes> i "
+ using assms
+ by (metis poly_eval_indexed_pmult poly_index_mult)
+ have 1: "poly_eval R S g (mset_to_IP R {#i#})= mset_to_IP R {#i#}"
+ using False
+ by (metis assms(2) indexed_pmult_zero monom_add_mset one_closed one_mset_to_IP poly_eval_constant poly_eval_index)
+ then show ?thesis
+ using 0 False assms poly_eval_index[of g]
+ by (metis UNIV_I cring.Pring_set_restrict is_cring local.ring_axioms poly_eval_closed ring.poly_index_mult subsetI)
+qed
+
+lemma poly_eval_monom_mult:
+ assumes "P \<in> Pring_set R I"
+ assumes "closed_fun R g"
+ shows "poly_eval R S g (P \<Otimes>\<^sub>p (mset_to_IP R m)) = poly_eval R S g P \<Otimes>\<^sub>p poly_eval R S g (mset_to_IP R m) "
+proof(induct m)
+ case empty
+ have 0: "mset_to_IP R {#} = indexed_const \<one>"
+ using one_mset_to_IP by blast
+ then have 1: "(P \<Otimes>\<^sub>p mset_to_IP R {#}) = P"
+ using assms
+ by (metis P_ring_mult_comm Pring_cfs_closed carrier_coeff_def
+ mset_to_IP_simp mset_to_IP_simp' one_closed one_mult_left zero_closed)
+ have 2: "poly_eval R S g (mset_to_IP R {#}) = indexed_const \<one>"
+ by (metis "0" one_closed poly_eval_constant)
+ show ?case using 0 1 2
+ by (metis assms(1) assms(2) cring.P_ring_mult_comm indexed_pset.indexed_const
+ is_cring local.ring_axioms one_closed one_mult_left poly_eval_closed
+ ring.indexed_pset_in_carrier set_eq_subset)
+next
+ case (add x m)
+ fix x
+ fix m
+ assume A: "poly_eval R S g (P \<Otimes>\<^sub>p mset_to_IP R m) = poly_eval R S g P \<Otimes>\<^sub>p poly_eval R S g (mset_to_IP R m)"
+ show "poly_eval R S g (P \<Otimes>\<^sub>p mset_to_IP R (add_mset x m))= poly_eval R S g P \<Otimes>\<^sub>p poly_eval R S g (mset_to_IP R (add_mset x m))"
+ proof-
+ obtain J where J_def: "J = I \<union> set_mset m \<union>{x}"
+ by blast
+ have I0: "P \<in> Pring_set R J"
+ using J_def assms
+ by (meson Pring_carrier_subset Un_upper1 subsetD)
+ have I1: "set_mset m \<subseteq> J"
+ using J_def by blast
+ have I2: "x \<in> J"
+ using J_def by blast
+ have "mset_to_IP R (add_mset x m)= (mset_to_IP R m) \<Otimes> x"
+ by (simp add: monom_add_mset)
+ then have "(P \<Otimes>\<^sub>p mset_to_IP R (add_mset x m)) = P \<Otimes>\<^sub>p((mset_to_IP R m) \<Otimes> x)"
+ by simp
+ then have "(P \<Otimes>\<^sub>p mset_to_IP R (add_mset x m)) = P \<Otimes>\<^sub>p((mset_to_IP R m) \<Otimes>\<^sub>p (mset_to_IP R {#x#}))"
+ by (metis add_mset_add_single monom_mult)
+ then have I3: "(P \<Otimes>\<^sub>p mset_to_IP R (add_mset x m)) = (P \<Otimes>\<^sub>p(mset_to_IP R m)) \<Otimes>\<^sub>p (mset_to_IP R {#x#})"
+ by (metis I0 P_ring_mult_assoc indexed_pset_in_carrier mset_to_IP_closed set_eq_subset)
+ have "poly_eval R S g (P \<Otimes>\<^sub>p mset_to_IP R m \<Otimes>\<^sub>p mset_to_IP R {#x#}) =
+ poly_eval R S g (P \<Otimes>\<^sub>p mset_to_IP R m) \<Otimes>\<^sub>p poly_eval R S g (mset_to_IP R {#x#})"
+ using poly_eval_indexed_pmult'[of "(P \<Otimes>\<^sub>p(mset_to_IP R m))" J g x]
+ I0 I1 I2 assms(2) assms(1) mset_to_IP_mult_closed
+ by blast
+ then have "poly_eval R S g (P \<Otimes>\<^sub>p mset_to_IP R (add_mset x m)) =
+ poly_eval R S g (P \<Otimes>\<^sub>p(mset_to_IP R m)) \<Otimes>\<^sub>p poly_eval R S g (mset_to_IP R {#x#}) "
+ using I3
+ by simp
+ then have "poly_eval R S g (P \<Otimes>\<^sub>p mset_to_IP R (add_mset x m)) =
+ poly_eval R S g P \<Otimes>\<^sub>p poly_eval R S g (mset_to_IP R m) \<Otimes>\<^sub>p poly_eval R S g (mset_to_IP R {#x#}) "
+ by (simp add: A)
+ then have "poly_eval R S g (P \<Otimes>\<^sub>p mset_to_IP R (add_mset x m)) =
+ poly_eval R S g P \<Otimes>\<^sub>p (poly_eval R S g (mset_to_IP R m) \<Otimes>\<^sub>p poly_eval R S g (mset_to_IP R {#x#}))"
+ using P_ring_mult_assoc[of "poly_eval R S g P " "poly_eval R S g (mset_to_IP R m)" " poly_eval R S g (mset_to_IP R {#x#})"]
+ by (metis assms(1) assms(2) indexed_pset_in_carrier mset_to_IP_closed poly_eval_closed set_eq_subset)
+ then have "poly_eval R S g (P \<Otimes>\<^sub>p mset_to_IP R (add_mset x m)) =
+ poly_eval R S g P \<Otimes>\<^sub>p (poly_eval R S g ((mset_to_IP R m) \<Otimes>\<^sub>p (mset_to_IP R {#x#})))"
+ by (metis I1 I2 assms(2) mset_to_IP_closed poly_eval_indexed_pmult')
+ then show ?thesis
+ by (metis add_mset_add_single monom_mult)
+ qed
+qed
+
+abbreviation mon_term ("Mt") where
+"Mt k m \<equiv> poly_scalar_mult R k (mset_to_IP R m)"
+
+lemma poly_eval_monom_term_mult:
+ assumes "P \<in> Pring_set R I"
+ assumes "closed_fun R g"
+ assumes "k \<in> carrier R"
+ shows "poly_eval R S g (P \<Otimes>\<^sub>p (Mt k m)) = poly_eval R S g P \<Otimes>\<^sub>p poly_eval R S g (Mt k m) "
+proof-
+ obtain J where J_def: "J = I \<union> (set_mset m)"
+ by blast
+ have J0: "P \<in> Pring_set R J"
+ using J_def Pring_carrier_subset Un_upper1 assms(1) by blast
+ have J1: "mset_to_IP R m \<in> Pring_set R J"
+ by (metis J_def Un_upper2 mset_to_IP_closed)
+ have 0: "(P \<Otimes>\<^sub>p (Mt k m)) = poly_scalar_mult R k (P \<Otimes>\<^sub>p mset_to_IP R m)"
+ using times_poly_scalar_mult[of P J "mset_to_IP R m" k ] J0 J1 assms(3)
+ by blast
+ have 1: "poly_eval R S g (P \<Otimes>\<^sub>p (Mt k m)) = poly_scalar_mult R k (poly_eval R S g (P \<Otimes>\<^sub>p mset_to_IP R m))"
+ by (metis "0" J0 J1 P_ring_mult_closed' assms(2) assms(3) cring.poly_eval_scalar_mult is_cring)
+ have 2: "poly_eval R S g (P \<Otimes>\<^sub>p (Mt k m)) = poly_scalar_mult R k ((poly_eval R S g P) \<Otimes>\<^sub>p (poly_eval R S g (mset_to_IP R m)))"
+ by (metis "1" assms(1) assms(2) poly_eval_monom_mult)
+ have 3: "poly_eval R S g (P \<Otimes>\<^sub>p (Mt k m)) = (poly_eval R S g P) \<Otimes>\<^sub>p poly_scalar_mult R k (poly_eval R S g (mset_to_IP R m))"
+ by (metis "0" "2" J0 J1 assms(2) assms(3) poly_eval_closed times_poly_scalar_mult)
+ then show ?thesis
+ by (metis J1 assms(3) assms(2) poly_eval_scalar_mult)
+qed
+
+lemma poly_eval_mult:
+ assumes "P \<in> Pring_set R I"
+ assumes "Q \<in> Pring_set R I"
+ assumes "closed_fun R g"
+ shows "poly_eval R S g (P \<Otimes>\<^sub>p Q) = poly_eval R S g P \<Otimes>\<^sub>p poly_eval R S g Q "
+proof-
+ obtain Pr where Pr_def: "Pr = (\<lambda>Q. poly_eval R S g (P \<Otimes>\<^sub>p Q) = poly_eval R S g P \<Otimes>\<^sub>p poly_eval R S g Q )"
+ by blast
+ have "Pr Q"
+ proof(rule poly_monom_induction2[of _ I])
+ show "Q \<in> Pring_set R I"
+ by (simp add: assms(2))
+ show "Pr (indexed_const \<zero>)"
+ proof-
+ have 0: "(P \<Otimes>\<^sub>p indexed_const \<zero>) = indexed_const \<zero>"
+ by (metis assms(1) cring.P_ring_mult_comm indexed_pset.indexed_const
+ indexed_pset_in_carrier is_cring poly_scalar_mult_eq poly_scalar_mult_zero
+ set_eq_subset zero_closed)
+ have 1: "poly_eval R S g (indexed_const \<zero>) = indexed_const \<zero>"
+ using poly_eval_constant by blast
+ have 2: "poly_eval R S g P \<Otimes>\<^sub>p poly_eval R S g (indexed_const \<zero>) = indexed_const \<zero>"
+ using 1
+ by (metis "0" assms(1) assms(3) local.ring_axioms one_closed poly_eval_monom_term_mult
+ poly_scalar_mult_const r_one ring.one_mset_to_IP zero_closed)
+ have 3: "poly_eval R S g (P \<Otimes>\<^sub>p indexed_const \<zero>) = indexed_const \<zero>"
+ using "0" "1" by presburger
+ show ?thesis
+ using 2 3 Pr_def
+ by presburger
+ qed
+ show "\<And>m k. set_mset m \<subseteq> I \<and> k \<in> carrier R \<Longrightarrow> Pr (poly_scalar_mult R k (mset_to_IP R m))"
+ using Pr_def assms(1) assms(3) poly_eval_monom_term_mult by blast
+ show " \<And>Q m k. Q \<in> Pring_set R I \<and> Pr Q \<and> set_mset m \<subseteq> I \<and> k \<in> carrier R \<Longrightarrow> Pr (Q \<Oplus> Mt k m)"
+ proof-
+ fix Q
+ fix m
+ fix k
+ assume A: "Q \<in> Pring_set R I \<and> Pr Q \<and> set_mset m \<subseteq> I \<and> k \<in> carrier R"
+ show "Pr (Q \<Oplus> Mt k m)"
+ proof-
+ have 0: "poly_eval R S g (P \<Otimes>\<^sub>p Q) = poly_eval R S g P \<Otimes>\<^sub>p poly_eval R S g Q "
+ using A Pr_def by blast
+ have 1: "poly_eval R S g (P \<Otimes>\<^sub>p (Mt k m)) = poly_eval R S g P \<Otimes>\<^sub>p poly_eval R S g (Mt k m)"
+ using A assms(1) assms(3) poly_eval_monom_term_mult
+ by blast
+ have 2: "P \<Otimes>\<^sub>p (Q \<Oplus> Mt k m) =(P \<Otimes>\<^sub>p Q)\<Oplus> (P \<Otimes>\<^sub>p (Mt k m)) "
+ by (meson A assms(1) local.ring_axioms mset_to_IP_closed poly_scalar_mult_closed
+ ring.P_ring_rdistr ring.indexed_pset_in_carrier set_eq_subset)
+ have 3: "poly_eval R S g (P \<Otimes>\<^sub>p (Q \<Oplus> Mt k m))= poly_eval R S g (P \<Otimes>\<^sub>p Q) \<Oplus> poly_eval R S g (P \<Otimes>\<^sub>p (Mt k m)) "
+ by (metis "2" A P_ring_mult_closed' assms(1) assms(3)
+ mset_to_IP_closed poly_eval_add poly_scalar_mult_closed)
+ have 4: "poly_eval R S g (P \<Otimes>\<^sub>p (Q \<Oplus> Mt k m))=
+ (poly_eval R S g P \<Otimes>\<^sub>p poly_eval R S g Q) \<Oplus> ( poly_eval R S g P \<Otimes>\<^sub>p poly_eval R S g (Mt k m) )"
+ by (simp add: "0" "1" "3")
+ have 5: " poly_eval R S g P \<Otimes>\<^sub>p (poly_eval R S g Q \<Oplus> poly_eval R S g (Mt k m)) = poly_eval R S g P \<Otimes>\<^sub>p poly_eval R S g Q \<Oplus> (poly_eval R S g P \<Otimes>\<^sub>p poly_eval R S g (Mt k m))"
+ using ring.P_ring_rdistr[of R "(poly_eval R S g P)" "(poly_eval R S g Q)" "( poly_eval R S g (Mt k m) )"]
+ by (meson A assms(1) assms(3) indexed_pset_in_carrier local.ring_axioms
+ poly_eval_closed poly_scalar_mult_closed ring.mset_to_IP_closed subset_refl)
+ have 6: "poly_eval R S g (P \<Otimes>\<^sub>p (Q \<Oplus> Mt k m))=
+ (poly_eval R S g P) \<Otimes>\<^sub>p ((poly_eval R S g Q) \<Oplus> ( poly_eval R S g (Mt k m) ))"
+ using 4 5
+ by simp
+ have 7: "poly_eval R S g (P \<Otimes>\<^sub>p (Q \<Oplus> Mt k m))=
+ (poly_eval R S g P) \<Otimes>\<^sub>p (poly_eval R S g (Q\<Oplus>(Mt k m)))"
+ using 6 poly_eval_add[of "(poly_eval R S g Q)" I "(Mt k m)" g ]
+ by (metis A assms(3) mset_to_IP_closed poly_eval_add poly_scalar_mult_closed)
+ show ?thesis using 7
+ using Pr_def by blast
+ qed
+ qed
+ qed
+ then show ?thesis
+ using Pr_def by blast
+qed
+
+lemma poly_eval_Pring_mult:
+ assumes "P \<in> Pring_set R I"
+ assumes "Q \<in> Pring_set R I"
+ assumes "closed_fun R g"
+ shows "poly_eval R S g (P \<otimes>\<^bsub>Pring R I\<^esub> Q) = poly_eval R S g P \<otimes>\<^bsub>Pring R I\<^esub> poly_eval R S g Q "
+ by (metis Pring_mult assms(1) assms(2) assms(3) poly_eval_mult)
+
+lemma poly_eval_smult:
+ assumes "P \<in> Pring_set R I"
+ assumes "a \<in> carrier R"
+ assumes "closed_fun R g"
+ shows "poly_eval R S g (a \<odot>\<^bsub>Pring R I\<^esub> P) =a \<odot>\<^bsub>Pring R I\<^esub> poly_eval R S g P"
+ using poly_eval_scalar_mult assms
+ by (metis Pring_smult)
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Partial Evaluation is a Homomorphism\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+lemma poly_eval_ring_hom:
+ assumes "I \<subseteq> J"
+ assumes "closed_fun R g"
+ assumes "J - S \<subseteq> I"
+ shows "ring_hom_ring (Pring R J) (Pring R I) (poly_eval R S g)"
+ apply(rule ring_hom_ringI)
+ apply (simp add: Pring_is_ring)
+ apply (simp add: Pring_is_ring)
+ apply (metis (full_types) Pring_car Pring_carrier_subset assms(2) assms(3) poly_eval_closed subset_iff)
+ apply (metis Pring_car assms(2) local.ring_axioms poly_eval_mult ring.Pring_mult)
+ apply (metis Pring_add Pring_car assms(2) poly_eval_add)
+ by (metis Pring_one one_closed poly_eval_constant)
+
+text\<open>\texttt{poly\_eval} R at the zero function is an inverse to the inclusion of polynomial rings\<close>
+
+lemma poly_eval_zero_function:
+ assumes "g = (\<lambda>n. \<zero>)"
+ assumes "J - S = I"
+ shows "P \<in> Pring_set R I \<Longrightarrow> poly_eval R S g P = P"
+ apply(erule indexed_pset.induct)
+ using poly_eval_constant apply blast
+ using assms poly_eval_add[of _ I _ g S] zero_closed
+ apply (metis Pi_I)
+ using Diff_iff assms(1) assms(2) Pi_I[of UNIV g ]
+ poly_eval_indexed_pmult set_eq_subset subsetD zero_closed
+ by smt
+
+lemma poly_eval_eval_function_eq:
+ assumes "closed_fun R g"
+ assumes "closed_fun R g'"
+ assumes "restrict g S = restrict g' S"
+ assumes "P \<in> Pring_set R I"
+ shows "poly_eval R S g P = poly_eval R S g' P"
+ apply(rule indexed_pset.induct[of P I "carrier R"])
+ apply (simp add: assms(4))
+ apply (metis poly_eval_constant)
+ apply (metis assms(1) assms(2) poly_eval_add)
+proof- fix P i assume A: "P \<in> Pring_set R I" "poly_eval R S g P = poly_eval R S g' P" "i \<in> I "
+ show "poly_eval R S g (P \<Otimes> i) = poly_eval R S g' (P \<Otimes> i)"
+ proof(cases "i \<in> S")
+ case True
+ then have "g i = g' i"
+ using assms
+ unfolding restrict_def
+ by meson
+ then show ?thesis
+ using assms A poly_eval_indexed_pmult[of P I g S i] poly_eval_indexed_pmult[of P I g' S i]
+ by presburger
+ next
+ case False
+ then show ?thesis
+ using assms A poly_eval_indexed_pmult[of P I g S i] poly_eval_indexed_pmult[of P I g' S i]
+ by presburger
+ qed
+qed
+
+lemma poly_eval_eval_set_eq:
+ assumes "closed_fun R g"
+ assumes "S \<inter> I = S' \<inter> I"
+ assumes "P \<in> Pring_set R I"
+ assumes "\<one> \<noteq>\<zero>"
+ shows "poly_eval R S g P = poly_eval R S' g P"
+ apply(rule indexed_pset.induct[of P I "carrier R"])
+ apply (simp add: assms(3))
+ apply (metis poly_eval_constant)
+ apply (metis assms(1) poly_eval_add)
+proof- fix P i
+ assume A: " P \<in> Pring_set R I" "poly_eval R S g P = poly_eval R S' g P" "i \<in> I "
+ show "poly_eval R S g (P \<Otimes> i) = poly_eval R S' g (P \<Otimes> i)"
+ using assms poly_eval_index[of g _ i] A
+ by (metis Diff_Diff_Int Diff_iff poly_eval_indexed_pmult)
+qed
+
+lemma poly_eval_trivial:
+ assumes "closed_fun R g"
+ assumes "P \<in> Pring_set R (I - S)"
+ shows "poly_eval R S g P = P"
+ apply(rule indexed_pset.induct[of P "I - S" "carrier R"])
+ apply (simp add: assms(2))
+ using poly_eval_constant apply blast
+ apply (metis assms(1) poly_eval_add)
+ by (metis Diff_iff assms(1) poly_eval_indexed_pmult)
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Total Evaluation of a Polynomial\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+lemma zero_fun_closed:
+"closed_fun R (\<lambda>n. \<zero>)"
+ by blast
+
+lemma deg_zero_cf_eval:
+ shows "P \<in> Pring_set R I \<Longrightarrow> poly_eval R I (\<lambda>n. \<zero>) P = indexed_const (P {#})"
+ apply(erule indexed_pset.induct)
+ apply (metis indexed_const_def poly_eval_constant)
+proof-
+ show " \<And>P Q. P \<in> Pring_set R I \<Longrightarrow>
+ poly_eval R I (\<lambda>n. \<zero>) P = indexed_const (P {#}) \<Longrightarrow>
+ Q \<in> Pring_set R I \<Longrightarrow> poly_eval R I (\<lambda>n. \<zero>) Q = indexed_const (Q {#}) \<Longrightarrow> poly_eval R I (\<lambda>n. \<zero>) (P \<Oplus> Q) = indexed_const ((P \<Oplus> Q) {#})"
+ proof-
+ fix P
+ fix Q
+ assume A: "P \<in> Pring_set R I"
+ assume B: " poly_eval R I (\<lambda>n. \<zero>) P = indexed_const (P {#})"
+ assume C: "Q \<in> Pring_set R I "
+ assume D: " poly_eval R I (\<lambda>n. \<zero>) Q = indexed_const (Q {#})"
+ have "indexed_const ((P \<Oplus> Q) {#}) = indexed_const (P {#}) \<Oplus> indexed_const (Q {#})"
+ by (metis indexed_padd_const indexed_padd_def)
+ thus "poly_eval R I (\<lambda>n. \<zero>) (P \<Oplus> Q) = indexed_const ((P \<Oplus> Q) {#})"
+ using A B C D poly_eval_add[of P I Q "\<lambda>n. \<zero>" I]
+ by (smt zero_fun_closed)
+ qed
+ show "\<And>P i. P \<in> Pring_set R I \<Longrightarrow> poly_eval R I (\<lambda>n. \<zero>) P = indexed_const (P {#}) \<Longrightarrow> i \<in> I \<Longrightarrow> poly_eval R I (\<lambda>n. \<zero>) (P \<Otimes> i) = indexed_const ((P \<Otimes> i) {#})"
+ proof-
+ fix P
+ fix i
+ assume A: "P \<in> Pring_set R I" "poly_eval R I (\<lambda>n. \<zero>) P = indexed_const (P {#})" "i \<in> I"
+ show "poly_eval R I (\<lambda>n. \<zero>) (P \<Otimes> i) = indexed_const ((P \<Otimes> i) {#})"
+ proof-
+ have "poly_eval R I (\<lambda>n. \<zero>) (P \<Otimes> i) = indexed_const \<zero>"
+ using A(1) A(3) cring.poly_eval_constant is_cring poly_eval_indexed_pmult
+ poly_eval_scalar_mult poly_scalar_mult_zero zero_closed
+ by (metis Pi_I)
+ have "(P \<Otimes> i) {#} = \<zero>"
+ using indexed_pmult_def
+ by (metis empty_iff set_mset_empty)
+ then show ?thesis
+ using \<open>poly_eval R I (\<lambda>n. \<zero>) (P \<Otimes> i) = indexed_const \<zero>\<close>
+ by presburger
+ qed
+ qed
+qed
+
+lemma deg_zero_cf_mult:
+ assumes "P \<in> Pring_set R I"
+ assumes "Q \<in> Pring_set R I"
+ shows " (P \<Otimes>\<^sub>p Q) {#} = P {#} \<otimes> Q {#}"
+proof-
+ have "poly_eval R I (\<lambda>n. \<zero>) (P \<Otimes>\<^sub>p Q) = poly_eval R I (\<lambda>n. \<zero>) P \<Otimes>\<^sub>p poly_eval R I (\<lambda>n. \<zero>) Q"
+ using zero_fun_closed assms
+ by (metis poly_eval_mult)
+ then have 0: "indexed_const ((P \<Otimes>\<^sub>p Q) {#}) = (indexed_const (P {#})) \<Otimes>\<^sub>p (indexed_const (Q {#}))"
+ by (metis P_ring_mult_closed' Pring_cfs_closed assms(1) assms(2) deg_zero_cf_eval indexed_const_P_mult_eq indexed_const_def)
+ have "indexed_const ((P \<Otimes>\<^sub>p Q) {#}) = (indexed_const ((P {#}) \<otimes>(Q {#})))"
+ apply(rule ccontr)
+ using 0
+ by (metis Pring_cfs_closed assms(1) assms(2) indexed_const_P_mult_eq)
+ then show ?thesis
+ proof -
+ show ?thesis
+ by (metis (no_types) \<open>indexed_const ((P \<Otimes>\<^sub>p Q) {#}) = indexed_const (P {#} \<otimes> Q {#})\<close>
+ local.ring_axioms ring.indexed_const_def)
+ qed
+qed
+
+definition deg_zero_cf :: "('a, 'c) mvar_poly \<Rightarrow> 'a" where
+"deg_zero_cf P = P {#}"
+
+lemma deg_zero_cf_ring_hom:
+ shows "ring_hom_ring (Pring R I) R (deg_zero_cf)"
+ apply(rule ring_hom_ringI)
+ using Pring_is_ring apply blast
+ apply (simp add: local.ring_axioms)
+ apply (metis deg_zero_cf_def Pring_car Pring_cfs_closed)
+ apply (metis deg_zero_cf_def Pring_car Pring_mult deg_zero_cf_mult)
+ apply (metis deg_zero_cf_def Pring_add indexed_padd_def)
+ by (metis deg_zero_cf_def Pring_one indexed_const_def)
+
+end
+
+definition eval_in_ring ::
+ "('a,'b) ring_scheme \<Rightarrow> 'c set \<Rightarrow> ('c \<Rightarrow> 'a) \<Rightarrow> ('a, 'c) mvar_poly \<Rightarrow> 'a" where
+"eval_in_ring R S g P = (poly_eval R S g P) {#}"
+
+definition total_eval ::
+"('a,'b) ring_scheme \<Rightarrow> ('c \<Rightarrow> 'a) \<Rightarrow> ('a, 'c) mvar_poly \<Rightarrow> 'a" where
+"total_eval R g P = eval_in_ring R UNIV g P"
+
+context cring
+begin
+
+lemma eval_in_ring_ring_hom:
+ assumes "closed_fun R g"
+ shows "ring_hom_ring (Pring R I) R (eval_in_ring R S g)"
+ unfolding eval_in_ring_def
+ apply(rule ring_hom_ringI)
+ apply (simp add: Pring_is_ring)
+ apply (simp add: local.ring_axioms)
+ using Pring_car Pring_carrier_coeff' assms poly_eval_closed
+ apply (metis )
+ using Pring_mult[of I] poly_eval_mult[of _ I _ g S] poly_eval_closed[of g _ I S] deg_zero_cf_mult[of _ I] assms
+ Pring_car[of I]
+ apply (metis deg_zero_cf_mult)
+
+ using Pring_add[of I ] poly_eval_add[of _ I _ g S] Pring_car[of I] assms indexed_padd_def
+ apply metis
+ unfolding deg_zero_cf_def
+ by (metis Pring_one indexed_const_def one_closed poly_eval_constant)
+
+lemma eval_in_ring_smult:
+ assumes "P \<in> carrier (Pring R I)"
+ assumes "a \<in> carrier R"
+ assumes "closed_fun R g"
+ shows "eval_in_ring R S g (a \<odot>\<^bsub>Pring R I\<^esub> P) = a \<otimes> eval_in_ring R S g P "
+ using assms unfolding eval_in_ring_def
+ by (smt Pring_car Pring_smult poly_eval_scalar_mult poly_scalar_mult_def)
+
+
+lemma total_eval_ring_hom:
+ assumes "closed_fun R g"
+ shows "ring_hom_ring (Pring R I) R (total_eval R g)"
+ using assms unfolding total_eval_def
+ using eval_in_ring_ring_hom by blast
+
+lemma total_eval_smult:
+ assumes "P \<in> carrier (Pring R I)"
+ assumes "a \<in> carrier R"
+ assumes "closed_fun R g"
+ shows "total_eval R g (a \<odot>\<^bsub>Pring R I\<^esub> P) = a \<otimes> total_eval R g P"
+ using assms unfolding total_eval_def
+ using eval_in_ring_smult by blast
+
+lemma total_eval_const:
+ assumes "k \<in> carrier R"
+ shows "total_eval R g (indexed_const k) = k"
+ unfolding total_eval_def eval_in_ring_def
+ using assms
+ by (metis indexed_const_def poly_eval_constant)
+
+lemma total_eval_var:
+ assumes "closed_fun R g"
+ shows "(total_eval R g (mset_to_IP R {#i#})) = g i"
+ unfolding total_eval_def eval_in_ring_def
+ using UNIV_I assms indexed_const_def indexed_pmult_zero monom_add_mset one_closed
+ one_mset_to_IP one_zeroD poly_eval_constant poly_eval_index singletonD
+ by (smt PiE iso_tuple_UNIV_I monom_eval_add monom_eval_car mset_to_IP_simp poly_scalar_mult_const r_one)
+
+lemma total_eval_indexed_pmult:
+ assumes "P \<in> carrier (Pring R I)"
+ assumes "i \<in> I"
+ assumes "closed_fun R g"
+ shows "total_eval R g (P \<Otimes> i) = total_eval R g P \<otimes>\<^bsub>R\<^esub> g i"
+proof-
+ have "P \<Otimes> i = P \<Otimes>\<^sub>p mset_to_IP R ((add_mset i) {#})"
+ using assms poly_index_mult[of P I i] Pring_car
+ by blast
+ then have 0: "(P \<Otimes> i) = P \<otimes>\<^bsub>Pring R I\<^esub> (mset_to_IP R {#i#})"
+ by (simp add: Pring_mult)
+ then have "total_eval R g (P \<Otimes> i) = (total_eval R g P) \<otimes>\<^bsub>R\<^esub> (total_eval R g (mset_to_IP R {#i#}))"
+ proof-
+ have "(mset_to_IP R {#i#}) \<in> carrier (Pring R I)"
+ by (metis Pring_car assms(2) mset_to_IP_closed set_mset_single singletonD subset_iff)
+ then show ?thesis
+ using assms total_eval_ring_hom[of g I] ring_hom_mult
+ by (metis "0" ring_hom_ring.homh)
+ qed
+ then show ?thesis
+ by (metis assms(3) cring.total_eval_var is_cring)
+qed
+
+lemma total_eval_mult:
+ assumes "P \<in> carrier (Pring R I)"
+ assumes "Q \<in> carrier (Pring R I)"
+ assumes "closed_fun R g"
+ shows "total_eval R g (P \<otimes>\<^bsub>Pring R I\<^esub> Q) = (total_eval R g P) \<otimes>\<^bsub>R\<^esub>(total_eval R g Q) "
+ by (metis assms(1) assms(2) assms(3) ring_hom_mult ring_hom_ring.homh total_eval_ring_hom)
+
+lemma total_eval_add:
+ assumes "P \<in> carrier (Pring R I)"
+ assumes "Q \<in> carrier (Pring R I)"
+ assumes "closed_fun R g"
+ shows "total_eval R g (P \<oplus>\<^bsub>Pring R I\<^esub> Q) = (total_eval R g P) \<oplus>\<^bsub>R\<^esub>(total_eval R g Q) "
+ by (metis assms(1) assms(2) assms(3) ring_hom_add ring_hom_ring.homh total_eval_ring_hom)
+
+lemma total_eval_one:
+ assumes "closed_fun R g"
+ shows "total_eval R g \<one>\<^bsub>Pring R I\<^esub> = \<one>"
+ by (metis Pring_one one_closed total_eval_const)
+
+lemma total_eval_zero:
+ assumes "closed_fun R g"
+ shows "total_eval R g \<zero>\<^bsub>Pring R I\<^esub> = \<zero>"
+ by (metis Pring_zero total_eval_const zero_closed)
+
+lemma total_eval_closed:
+ assumes "P \<in> carrier (Pring R I)"
+ assumes "closed_fun R g"
+ shows "total_eval R g P \<in> carrier R"
+ using assms total_eval_ring_hom[of g]
+ by (metis ring_hom_closed ring_hom_ring.homh)
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Constructing Homomorphisms from Indexed Polynomial Rings and a Universal Property\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>The inclusion of \<open>R\<close> into its polynomial ring\<close>
+
+lemma indexed_const_ring_hom:
+"ring_hom_ring R (Pring R I) (indexed_const)"
+ apply(rule ring_hom_ringI)
+ apply (simp add: local.ring_axioms)
+ apply (simp add: Pring_is_ring)
+ using Pring_car indexed_pset.indexed_const apply blast
+ apply (metis Pring_mult indexed_const_P_mult_eq)
+ apply (metis indexed_padd_const local.ring_axioms ring.Pring_add)
+ by (metis Pring_one)
+
+lemma indexed_const_inj_on:
+"inj_on (indexed_const) (carrier R)"
+ by (metis cring.total_eval_const inj_onI is_cring)
+
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Mapping $R[x] \to S[x]$ along a homomorphism $R \to S$\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+definition ring_hom_to_IP_ring_hom ::
+"('a, 'e) ring_hom \<Rightarrow> ('a, 'c) mvar_poly \<Rightarrow> 'c monomial \<Rightarrow> 'e" where
+"ring_hom_to_IP_ring_hom \<phi> P m = \<phi> (P m)"
+
+context cring
+begin
+
+lemma ring_hom_to_IP_ring_hom_one:
+ assumes "cring S"
+ assumes "ring_hom_ring R S \<phi>"
+ shows "ring_hom_to_IP_ring_hom \<phi> \<one>\<^bsub>Pring R I\<^esub> = \<one>\<^bsub>Pring S I\<^esub>"
+ unfolding ring_hom_to_IP_ring_hom_def
+proof
+ fix m
+ show " \<phi> (\<one>\<^bsub>Pring R I\<^esub> m) = \<one>\<^bsub>Pring S I\<^esub> m"
+ proof(cases "m = {#}")
+ case True
+ then have "(\<one>\<^bsub>Pring R I\<^esub> m) = \<one>\<^bsub>R\<^esub>"
+ by (metis Pring_one indexed_const_def)
+ then have "\<phi> (\<one>\<^bsub>Pring R I\<^esub> m) = \<one>\<^bsub>S\<^esub>"
+ using assms
+ unfolding ring_hom_ring_def
+ by (metis assms(2) ring_hom_one ring_hom_ring.homh)
+ then show ?thesis using assms cring True ring.indexed_const_def ring_hom_ring_def
+ by (metis ring.Pring_one)
+ next
+ case False
+ then have "(\<one>\<^bsub>Pring R I\<^esub> m) = \<zero>\<^bsub>R\<^esub>"
+ by (metis indexed_const_def local.ring_axioms ring.Pring_one)
+
+ then have "\<phi> (\<one>\<^bsub>Pring R I\<^esub> m) = \<zero>\<^bsub>S\<^esub>"
+ using assms
+ unfolding ring_hom_ring_def cring_def
+ by (metis assms(2) ring_hom_zero ring_hom_ring.homh)
+ then show ?thesis using assms False ring.indexed_const_def ring_hom_ring_def
+ by (metis ring.Pring_one)
+ qed
+qed
+
+lemma ring_hom_to_IP_ring_hom_constant:
+ assumes "cring S"
+ assumes "ring_hom_ring R S \<phi>"
+ assumes "a \<in> carrier R"
+ shows "ring_hom_to_IP_ring_hom \<phi> ((indexed_const a):: 'c monomial \<Rightarrow> 'a) = ring.indexed_const S (\<phi> a)"
+ unfolding ring_hom_to_IP_ring_hom_def indexed_const_def
+proof
+ fix m:: "'c monomial"
+ show "\<phi> (if m = {#} then a else \<zero>) = ring.indexed_const S (\<phi> a) m"
+ apply(cases "m = {#}")
+ apply (simp add: assms(1) cring.axioms(1) ring.indexed_const_def)
+ proof-
+ assume "m \<noteq> {#} "
+ then have "\<phi> (if m = {#} then a else \<zero>) = \<zero>\<^bsub>S\<^esub>"
+ by (metis (full_types) assms(1) assms(2) cring_def local.ring_axioms
+ ring_hom_ring.homh ring_hom_zero)
+ then show " \<phi> (if m = {#} then a else \<zero>) = ring.indexed_const S (\<phi> a) m"
+ using assms
+ by (metis \<open>m \<noteq> {#}\<close> cring.axioms(1) ring.indexed_const_def)
+ qed
+qed
+
+lemma ring_hom_to_IP_ring_hom_add:
+ assumes "cring S"
+ assumes "ring_hom_ring R S \<phi>"
+ assumes "P \<in> carrier (Pring R I)"
+ assumes "Q \<in> carrier (Pring R I)"
+ shows "ring_hom_to_IP_ring_hom \<phi> (P \<oplus>\<^bsub>Pring R I\<^esub> Q) =
+ (ring_hom_to_IP_ring_hom \<phi> P) \<oplus>\<^bsub>Pring S I\<^esub> (ring_hom_to_IP_ring_hom \<phi> Q)"
+ unfolding ring_hom_to_IP_ring_hom_def
+proof
+ fix m
+ show " \<phi> ((P \<oplus>\<^bsub>Pring R I\<^esub> Q) m) = ((\<lambda>m. \<phi> (P m)) \<oplus>\<^bsub>Pring S I\<^esub> (\<lambda>m. \<phi> (Q m))) m"
+ proof-
+ have RHS: "((\<lambda>m. \<phi> (P m)) \<oplus>\<^bsub>Pring S I\<^esub> (\<lambda>m. \<phi> (Q m))) m = \<phi> (P m) \<oplus>\<^bsub>S\<^esub> \<phi> (Q m)"
+ using ring.Pring_add[of S I _ _ ] assms
+ by (metis cring.axioms(1) ring.indexed_padd_def)
+ have LHS: "\<phi> ((P \<oplus>\<^bsub>Pring R I\<^esub> Q) m) = \<phi> ((P m)\<oplus>\<^bsub>R\<^esub> (Q m))"
+ by (metis Pring_add indexed_padd_def)
+ then show ?thesis
+ using assms unfolding ring_hom_ring_def
+ using ring_hom_add[of \<phi> R S "P m" "Q m"]
+ by (metis Pring_carrier_coeff' RHS assms(2) ring_hom_ring.homh)
+ qed
+qed
+
+lemma ring_hom_to_IP_ring_hom_closed:
+ assumes "cring S"
+ assumes "ring_hom_ring R S \<phi>"
+ assumes "P \<in> carrier (Pring R I)"
+ shows "ring_hom_to_IP_ring_hom \<phi> P \<in> carrier (Pring S I)"
+ apply(rule indexed_pset.induct[of P I "carrier R"])
+ using Pring_car assms(3) apply blast
+proof-
+ show "\<And>k. k \<in> carrier R \<Longrightarrow> ring_hom_to_IP_ring_hom \<phi> (indexed_const k) \<in> carrier (Pring S I)"
+ proof-
+ fix k
+ show " k \<in> carrier R \<Longrightarrow> ring_hom_to_IP_ring_hom \<phi> (indexed_const k) \<in> carrier (Pring S I)"
+ proof-
+ assume A: "k \<in> carrier R"
+ have "(\<phi> k) \<in> carrier S"
+ by (meson A assms(2) ring_hom_closed ring_hom_ring.homh)
+ then have 0: "ring.indexed_const S (\<phi> k) \<in> carrier (Pring S I)"
+ by (metis assms(1) cring.axioms(1) ring.Pring_car ring.indexed_pset.indexed_const)
+ then show ?thesis
+ using assms(2)
+ by (simp add: "0" A ring_hom_to_IP_ring_hom_constant[of S \<phi> k] assms(1))
+ qed
+ qed
+ show "\<And>P Q. P \<in> Pring_set R I \<Longrightarrow>
+ ring_hom_to_IP_ring_hom \<phi> P \<in> carrier (Pring S I) \<Longrightarrow>
+ Q \<in> Pring_set R I \<Longrightarrow>
+ ring_hom_to_IP_ring_hom \<phi> Q \<in> carrier (Pring S I) \<Longrightarrow> ring_hom_to_IP_ring_hom \<phi> (P \<Oplus> Q) \<in> carrier (Pring S I)"
+ using ring_hom_to_IP_ring_hom_add[of S \<phi> _ I] Pring_car[of I] ring.Pring_car[of S I]
+ by (metis Pring_add assms(1) assms(2) cring.axioms(1) ring.Pring_add_closed )
+ show "\<And>P i. P \<in> Pring_set R I \<Longrightarrow>
+ ring_hom_to_IP_ring_hom \<phi> P \<in> carrier (Pring S I) \<Longrightarrow> i \<in> I \<Longrightarrow> ring_hom_to_IP_ring_hom \<phi> (P \<Otimes> i) \<in> carrier (Pring S I)"
+ proof-
+ fix P
+ fix i
+ assume A: "P \<in> Pring_set R I " "ring_hom_to_IP_ring_hom \<phi> P \<in> carrier (Pring S I) " "i \<in> I"
+ have 0: "(\<lambda>m. \<phi> ((P \<Otimes> i) m)) = ring.indexed_pmult S (ring_hom_to_IP_ring_hom \<phi> P) i"
+ proof
+ fix m
+ show "\<phi> ((P \<Otimes> i) m) = ring.indexed_pmult S (ring_hom_to_IP_ring_hom \<phi> P) i m"
+ proof(cases "i \<in># m")
+ case True
+ then have LHS: "\<phi> ((P \<Otimes> i) m) = \<phi> (P (m - {#i#}))"
+ by (metis indexed_pmult_def)
+ then show ?thesis
+ using True
+ by (metis assms(1) cring.axioms(1) ring.indexed_pmult_def ring_hom_to_IP_ring_hom_def)
+ next
+ case False
+ then have "\<phi> ((P \<Otimes> i) m) = \<phi> \<zero>\<^bsub>R\<^esub>"
+ by (metis indexed_pmult_def)
+ then have LHS: "\<phi> ((P \<Otimes> i) m) = \<zero>\<^bsub>S\<^esub>"
+ by (metis assms(1) assms(2) cring.axioms(1) local.ring_axioms
+ ring_hom_ring.homh ring_hom_zero)
+ then show ?thesis
+ using False assms ring.indexed_pmult_def
+ by (metis cring.axioms(1))
+ qed
+ qed
+ then show "ring_hom_to_IP_ring_hom \<phi> (P \<Otimes> i) \<in> carrier (Pring S I)"
+ using assms
+ unfolding ring_hom_to_IP_ring_hom_def
+ by (metis "0" A(2) A(3) cring.axioms(1) ring.Pring_car ring.indexed_pset.simps)
+ qed
+qed
+
+lemma ring_hom_to_IP_ring_hom_monom:
+ assumes "cring S"
+ assumes "ring_hom_ring R S \<phi>"
+ shows "ring_hom_to_IP_ring_hom \<phi> (mset_to_IP R m) = mset_to_IP S m"
+proof
+ fix x
+ show "ring_hom_to_IP_ring_hom \<phi> (mset_to_IP R m) x = mset_to_IP S m x"
+ unfolding ring_hom_to_IP_ring_hom_def mset_to_IP_def apply( cases "x = m" )
+ apply (metis (mono_tags, lifting) assms(2) ring_hom_one ring_hom_ring.homh)
+ by (metis (full_types) assms(1) assms(2) cring.axioms(1) local.ring_axioms
+ ring_hom_ring.homh ring_hom_zero)
+qed
+
+lemma Pring_morphism:
+ assumes "cring S"
+ assumes "\<phi> \<in> (carrier (Pring R I)) \<rightarrow> (carrier S)"
+ assumes "\<phi> \<one>\<^bsub>Pring R I\<^esub> = \<one>\<^bsub>S\<^esub>"
+ assumes "\<phi> \<zero>\<^bsub>Pring R I\<^esub> = \<zero>\<^bsub>S\<^esub>"
+ assumes "\<And>P Q. P \<in> carrier (Pring R I) \<Longrightarrow> Q \<in> carrier (Pring R I) \<Longrightarrow>
+ \<phi> (P \<oplus>\<^bsub>Pring R I\<^esub> Q) = (\<phi> P) \<oplus>\<^bsub>S\<^esub> (\<phi> Q)"
+ assumes "\<And> i . \<And> P. i \<in> I \<Longrightarrow> P \<in> carrier (Pring R I) \<Longrightarrow> \<phi> (P \<Otimes> i) = (\<phi> P) \<otimes>\<^bsub>S\<^esub> (\<phi> (mset_to_IP R {#i#}))"
+ assumes "\<And>k Q. k \<in> carrier R \<Longrightarrow> Q \<in> carrier (Pring R I) \<Longrightarrow> \<phi> (poly_scalar_mult R k Q) =
+ (\<phi> (indexed_const k)) \<otimes>\<^bsub>S\<^esub> (\<phi> Q)"
+ shows "ring_hom_ring (Pring R I) S \<phi>"
+ apply(rule ring_hom_ringI)
+ apply (simp add: Pring_is_ring; fail)
+ apply (simp add: assms(1) cring.axioms(1); fail)
+ using assms(2) apply blast
+proof-
+
+ show "\<And>x y. x \<in> carrier (Pring R I) \<Longrightarrow> y \<in> carrier (Pring R I) \<Longrightarrow> \<phi> (x \<otimes>\<^bsub>Pring R I\<^esub> y) = \<phi> x \<otimes>\<^bsub>S\<^esub> \<phi> y"
+ proof-
+ fix P Q
+ assume A0: "P \<in> carrier (Pring R I)"
+ assume A1: "Q \<in> carrier (Pring R I)"
+ show "\<phi> (P \<otimes>\<^bsub>Pring R I\<^esub> Q) = \<phi> P \<otimes>\<^bsub>S\<^esub> \<phi> Q"
+ proof(rule mpoly_induct'[of ])
+ show "\<phi> (P \<otimes>\<^bsub>Pring R I\<^esub> indexed_const \<zero>) = \<phi> P \<otimes>\<^bsub>S\<^esub> \<phi> (indexed_const \<zero>)"
+ proof-
+ have 0: "(P \<otimes>\<^bsub>Pring R I\<^esub> indexed_const \<zero>) = \<zero>\<^bsub>Pring R I\<^esub>"
+ using assms
+ by (metis A0 Pring_is_cring Pring_zero cring.cring_simprules(27) is_cring)
+ have 1: " \<phi> P \<otimes>\<^bsub>S\<^esub> \<phi> (indexed_const \<zero>) = \<zero>\<^bsub>S\<^esub>"
+ proof-
+ have "\<phi> P \<in> carrier S"
+ using assms(2) A0
+ by blast
+ then show ?thesis
+ using assms(4) Pring_zero[of I]
+ by (metis assms(1) cring.cring_simprules(27))
+ qed
+ then show ?thesis using 0 1
+ using assms(4) by presburger
+ qed
+ show "\<And>n Q. (\<And>Q. Q \<in> Pring_set R I \<and> card (monomials_of R Q) \<le> n \<Longrightarrow> \<phi> (P \<otimes>\<^bsub>Pring R I\<^esub> Q) = \<phi> P \<otimes>\<^bsub>S\<^esub> \<phi> Q) \<Longrightarrow>
+ Q \<in> Pring_set R I \<and> card (monomials_of R Q) = Suc n \<Longrightarrow> \<phi> (P \<otimes>\<^bsub>Pring R I\<^esub> Q) = \<phi> P \<otimes>\<^bsub>S\<^esub> \<phi> Q"
+ proof- fix n fix Q
+ assume IH: " (\<And>Q. Q \<in> Pring_set R I \<and> card (monomials_of R Q) \<le> n \<Longrightarrow> \<phi> (P \<otimes>\<^bsub>Pring R I\<^esub> Q) = \<phi> P \<otimes>\<^bsub>S\<^esub> \<phi> Q)"
+ assume A: "Q \<in> Pring_set R I \<and> card (monomials_of R Q) = Suc n"
+ show "\<phi> (P \<otimes>\<^bsub>Pring R I\<^esub> Q) = \<phi> P \<otimes>\<^bsub>S\<^esub> \<phi> Q"
+ proof-
+ obtain m M where m_M_def: "monomials_of R Q = insert m M \<and> m \<notin> M"
+ using A
+ by (metis card_0_eq ex_in_conv finite.emptyI mk_disjoint_insert nat.distinct(1))
+ have "Q = (restrict_poly_to_monom_set R Q M) \<oplus>\<^bsub>Pring R I\<^esub> (poly_scalar_mult R (Q m) (mset_to_IP R m))"
+ by (metis A Pring_add m_M_def remove_monom_eq remove_monom_restrict_poly_to_monom_set)
+ obtain Q' where Q'_def: "Q' = (restrict_poly_to_monom_set R Q M)"
+ by simp
+ have Q'_fact: " Q' \<in> Pring_set R I \<and> card (monomials_of R Q') \<le> n"
+ proof-
+ have 0: "Q' \<in> Pring_set R I"
+ using Q'_def A restriction_closed
+ by blast
+ have "monomials_of R Q' = M"
+ using A m_M_def Q'_def
+ by (metis restrict_poly_to_monom_set_monoms subset_insertI)
+ then have "card (monomials_of R Q') = n" using A m_M_def
+ by (metis "0" card_insert_disjoint diff_Suc_1 monomials_finite)
+ then show ?thesis
+ by (simp add: "0")
+ qed
+ have 0:"(P \<otimes>\<^bsub>Pring R I\<^esub> Q) = (P \<otimes>\<^bsub>Pring R I\<^esub> (Q' \<oplus>\<^bsub>Pring R I\<^esub> (poly_scalar_mult R (Q m) (mset_to_IP R m))))"
+ using Q'_def \<open>Q = restrict_poly_to_monom_set R Q M \<oplus>\<^bsub>Pring R I\<^esub> Mt (Q m) m\<close> by presburger
+ have 1: "(P \<otimes>\<^bsub>Pring R I\<^esub> Q) = (P \<otimes>\<^bsub>Pring R I\<^esub> Q') \<oplus>\<^bsub>Pring R I\<^esub> (P \<otimes>\<^bsub>Pring R I\<^esub> (poly_scalar_mult R (Q m) (mset_to_IP R m)))"
+ proof-
+ have 10: "P \<in> carrier (Pring R I)"
+ by (simp add: A0)
+ have 11: "Q \<in> carrier (Pring R I)"
+ by (simp add: A Pring_car)
+ have 12: "Q' \<in> carrier (Pring R I)"
+ using A Pring_car Q'_def restriction_closed by blast
+ have 13: "(poly_scalar_mult R (Q m) (mset_to_IP R m)) \<in> carrier (Pring R I)"
+ by (metis A Pring_car Pring_carrier_coeff' insert_iff m_M_def mset_to_IP_closed' poly_scalar_mult_closed)
+ then show ?thesis
+ using 0 10 11 12 13
+ by (metis Pring_mult_rdistr)
+ qed
+ then have "\<phi> (P \<otimes>\<^bsub>Pring R I\<^esub> Q) = (\<phi> (P \<otimes>\<^bsub>Pring R I\<^esub> Q')) \<oplus>\<^bsub>S\<^esub> \<phi> (P \<otimes>\<^bsub>Pring R I\<^esub> (poly_scalar_mult R (Q m) (mset_to_IP R m)))"
+ by (metis A A0 Pring_car Pring_mult_closed Pring_cfs_closed Q'_def assms(5) insert_iff
+ local.ring_axioms m_M_def poly_scalar_mult_closed ring.mset_to_IP_closed'
+ ring.restriction_closed)
+ then have "\<phi> (P \<otimes>\<^bsub>Pring R I\<^esub> Q) = (\<phi> P) \<otimes>\<^bsub>S\<^esub> (\<phi> Q') \<oplus>\<^bsub>S\<^esub> \<phi> (P \<otimes>\<^bsub>Pring R I\<^esub> (poly_scalar_mult R (Q m) (mset_to_IP R m)))"
+ using IH[of Q'] Q'_fact
+ by presburger
+ then have 2: "\<phi> (P \<otimes>\<^bsub>Pring R I\<^esub> Q) = (\<phi> P) \<otimes>\<^bsub>S\<^esub> (\<phi> Q') \<oplus>\<^bsub>S\<^esub> \<phi> (poly_scalar_mult R (Q m) (P \<otimes>\<^bsub>Pring R I\<^esub> (mset_to_IP R m)))"
+ by (metis A A0 Pring_car Pring_mult Pring_cfs_closed insert_iff m_M_def mset_to_IP_closed' times_poly_scalar_mult)
+ have 3: "\<And>k. k \<in> carrier R \<Longrightarrow> set_mset m \<subseteq> I \<Longrightarrow> \<phi> (poly_scalar_mult R k (P \<otimes>\<^bsub>Pring R I\<^esub> (mset_to_IP R m))) =
+ \<phi> (indexed_const k) \<otimes>\<^bsub>S\<^esub> (\<phi> P) \<otimes>\<^bsub>S\<^esub> \<phi> (mset_to_IP R m)"
+ proof(induction m)
+ case empty
+ assume A: "set_mset {#} \<subseteq> I"
+ then have E0: "(P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R {#}) = P"
+ by (metis A0 Pring_mult_one Pring_one one_mset_to_IP)
+ have E1: "k \<in> carrier R"
+ using A Pring_cfs_closed empty.prems(1)
+ by linarith
+ have E2: "\<phi> (mset_to_IP R {#}) = \<one>\<^bsub>S\<^esub>"
+ by (metis Pring_one assms(3) one_mset_to_IP)
+ have E3: " \<phi> (poly_scalar_mult R k (P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R {#})) =
+ \<phi> (indexed_const k) \<otimes>\<^bsub>S\<^esub> \<phi> (P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R {#})"
+ using E1 E2 E0 assms(7)[of "k" "P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R {#}"] A0
+ by (simp add: A0 E1)
+ have E4: " \<phi> (P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R {#}) = (\<phi> P) "
+ using E0
+ by auto
+ have E5: " \<phi> (poly_scalar_mult R k (P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R {#})) =
+ \<phi> (indexed_const k) \<otimes>\<^bsub>S\<^esub> \<phi> P"
+ using E0 E3 by presburger
+ have E6: " \<phi> (indexed_const k) \<otimes>\<^bsub>S\<^esub> \<phi> P = \<phi> (indexed_const k) \<otimes>\<^bsub>S\<^esub> \<phi> P \<otimes>\<^bsub>S\<^esub> \<one>\<^bsub>S\<^esub>"
+ proof-
+ have 0: "\<phi> P \<in> carrier S"
+ using assms A0
+ by blast
+ have "indexed_const k \<in> carrier (Pring R I)"
+ using assms(2) E1 Pring_car indexed_pset.indexed_const
+ by blast
+ then have 1: "\<phi> (indexed_const k) \<in> carrier S"
+ using assms(2)
+ by blast
+ show ?thesis
+ using assms(1) 0 1
+ by (metis cring.cring_simprules(12) cring.cring_simprules(14)
+ cring.cring_simprules(5) cring.cring_simprules(6))
+ qed
+ then show ?case
+ using E0 E2 E3 by presburger
+ next
+ case (add x m)
+ assume AA: "\<And>k. k \<in> carrier R \<Longrightarrow> set_mset m \<subseteq> I \<Longrightarrow> \<phi> (poly_scalar_mult R k (P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R m)) = \<phi> (indexed_const k) \<otimes>\<^bsub>S\<^esub> \<phi> P \<otimes>\<^bsub>S\<^esub> \<phi> (mset_to_IP R m)"
+ assume P0: "set_mset (add_mset x m) \<subseteq> I"
+ then have IA: "set_mset m \<subseteq>I"
+ by (metis insert_subset set_mset_add_mset_insert)
+ have IH: "\<phi> (poly_scalar_mult R k (P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R m)) =
+ \<phi> (indexed_const k) \<otimes>\<^bsub>S\<^esub> \<phi> P \<otimes>\<^bsub>S\<^esub> \<phi> (mset_to_IP R m)"
+ using AA IA add.prems(1)
+ by blast
+ then have x_mem: "x \<in> I"
+ by (meson P0 subsetD union_single_eq_member)
+ have 0: " mset_to_IP R (add_mset x m) = mset_to_IP R m \<Otimes> x"
+ by (simp add: monom_add_mset)
+ then have 1: "P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R (add_mset x m) = P \<otimes>\<^bsub>Pring R I\<^esub> (mset_to_IP R m \<Otimes> x)"
+ by simp
+ have 2: "P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R (add_mset x m) =( P \<otimes>\<^bsub>Pring R I\<^esub> (mset_to_IP R m)) \<Otimes> x"
+ proof-
+ have "mset_to_IP R (add_mset x m) = (mset_to_IP R m) \<Otimes> x"
+ using "0" by blast
+ then have "P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R (add_mset x m) = P \<otimes>\<^bsub>Pring R I\<^esub> ((mset_to_IP R m) \<Otimes> x)"
+ by simp
+ then have "P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R (add_mset x m) = P \<otimes>\<^bsub>Pring R I\<^esub> ((mset_to_IP R m) \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R {#x#})"
+ by (metis IA Pring_mult mset_to_IP_closed poly_index_mult x_mem)
+ then have "P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R (add_mset x m) = (P \<otimes>\<^bsub>Pring R I\<^esub> (mset_to_IP R m)) \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R {#x#}"
+ by (metis A0 IA Pring_car Pring_mult_assoc Pring_one Pring_one_closed
+ indexed_pset.indexed_pmult monom_add_mset mset_to_IP_closed one_mset_to_IP x_mem)
+ then show ?thesis
+ by (metis A0 IA Pring_car Pring_mult Pring_mult_closed mset_to_IP_closed poly_index_mult x_mem)
+ qed
+ have 3: "poly_scalar_mult R k (P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R (add_mset x m)) =
+ poly_scalar_mult R k ( P \<otimes>\<^bsub>Pring R I\<^esub> (mset_to_IP R m) \<Otimes> x)"
+ using "2" by presburger
+ have 4: "poly_scalar_mult R k (P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R (add_mset x m)) =
+ poly_scalar_mult R k ( P \<otimes>\<^bsub>Pring R I\<^esub> (mset_to_IP R m)) \<Otimes> x"
+ proof-
+ have "poly_scalar_mult R k (P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R (add_mset x m)) =
+ poly_scalar_mult R k ( P \<otimes>\<^bsub>Pring R I\<^esub> (mset_to_IP R m) \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R {#x#})"
+ by (metis "2" A0 IA Pring_car Pring_mult Pring_mult_closed mset_to_IP_closed poly_index_mult x_mem)
+ have "poly_scalar_mult R k (P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R (add_mset x m)) =
+ (poly_scalar_mult R k ( P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R m)) \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R {#x#}"
+ by (metis A0 IA Pring_car Pring_mult Pring_mult_closed Pring_one Pring_one_closed
+ \<open>poly_scalar_mult R k (P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R (add_mset x m)) = poly_scalar_mult R k (P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R m \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R {#x#})\<close>
+ add.prems(1) indexed_pset.indexed_pmult monom_add_mset mset_to_IP_closed
+ one_mset_to_IP poly_scalar_mult_times x_mem)
+ then show ?thesis
+ by (metis A0 IA Pring_car Pring_mult Pring_mult_closed add.prems(1)
+ cring.poly_scalar_mult_closed is_cring mset_to_IP_closed
+ poly_index_mult x_mem)
+ qed
+ have 5: "\<phi> (poly_scalar_mult R k (P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R (add_mset x m))) =
+ \<phi> (poly_scalar_mult R k ( P \<otimes>\<^bsub>Pring R I\<^esub> (mset_to_IP R m)) \<Otimes> x)"
+ using 4 by metis
+ have 6: "\<phi> (poly_scalar_mult R k (P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R (add_mset x m))) =
+ \<phi> (poly_scalar_mult R k ( P \<otimes>\<^bsub>Pring R I\<^esub> (mset_to_IP R m))) \<otimes>\<^bsub>S\<^esub> \<phi> (mset_to_IP R {#x#})"
+ using assms
+ by (metis "5" A0 IA Pring_car Pring_mult_closed add.prems(1)
+ cring.poly_scalar_mult_closed is_cring mset_to_IP_closed x_mem)
+ have 7: "\<phi> (poly_scalar_mult R k (P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R (add_mset x m))) =
+ \<phi> (indexed_const k) \<otimes>\<^bsub>S\<^esub> \<phi> P \<otimes>\<^bsub>S\<^esub> \<phi> (mset_to_IP R m) \<otimes>\<^bsub>S\<^esub> \<phi> (mset_to_IP R {#x#})"
+ using assms 6 IH
+ by presburger
+ have 8: " \<phi> (mset_to_IP R m) \<otimes>\<^bsub>S\<^esub> \<phi> (mset_to_IP R {#x#}) = \<phi> (mset_to_IP R (add_mset x m))"
+ proof-
+ have "\<phi> (mset_to_IP R m) \<otimes>\<^bsub>S\<^esub> \<phi> (mset_to_IP R {#x#}) =
+ \<phi> ((mset_to_IP R m) \<otimes>\<^bsub>Pring R I\<^esub> (mset_to_IP R {#x#}))"
+ by (metis IA Pring_car Pring_mult assms(6) mset_to_IP_closed poly_index_mult x_mem)
+ then show ?thesis
+ by (metis "0" IA Pring_car assms(6) mset_to_IP_closed x_mem)
+ qed
+ have 9: "\<phi> (poly_scalar_mult R k (P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R (add_mset x m))) =
+ \<phi> (indexed_const k) \<otimes>\<^bsub>S\<^esub> \<phi> P \<otimes>\<^bsub>S\<^esub> ( \<phi> (mset_to_IP R m) \<otimes>\<^bsub>S\<^esub> \<phi> (mset_to_IP R {#x#}))"
+ proof-
+ have 0: "\<phi> (indexed_const k) \<in> carrier S"
+ proof-
+ have "(indexed_const k) \<in> carrier (Pring R I)"
+ using A Pring_car Pring_cfs_closed indexed_pset.indexed_const add.prems(1)
+ by blast
+ then show ?thesis
+ using assms(2)
+ by blast
+ qed
+ have 1: "\<phi> P \<in> carrier S"
+ using A0 assms(2)
+ by blast
+ have 2: "\<phi> (mset_to_IP R m) \<in> carrier S"
+ proof-
+ have "(mset_to_IP R m) \<in> carrier (Pring R I)"
+ using IA Pring_car mset_to_IP_closed by blast
+ then show ?thesis using assms(2)
+ by blast
+ qed
+ have 3: " \<phi> (mset_to_IP R {#x#}) \<in> carrier S"
+ proof-
+ have "(mset_to_IP R {#x#}) \<in> carrier (Pring R I)"
+ by (metis Pring_car Pring_one Pring_one_closed indexed_pset.indexed_pmult
+ monom_add_mset one_mset_to_IP x_mem)
+ then show ?thesis
+ using assms(2)
+ by blast
+ qed
+ have "\<phi> (poly_scalar_mult R k (P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R (add_mset x m))) =
+ \<phi> (indexed_const k) \<otimes>\<^bsub>S\<^esub> (\<phi> P \<otimes>\<^bsub>S\<^esub> \<phi> (mset_to_IP R m) \<otimes>\<^bsub>S\<^esub> \<phi> (mset_to_IP R {#x#}))"
+ using 1 2 3 7
+ by (metis "0" \<open>\<phi> (mset_to_IP R m) \<in> carrier S\<close> assms(1)
+ cring.cring_simprules(11) cring.cring_simprules(5))
+ then show ?thesis
+ by (metis "0" "1" "2" "3" "8" Pring_mult assms(1) cring.cring_simprules(11)
+ cring.cring_simprules(5))
+ qed
+ have 10: "\<phi> (poly_scalar_mult R k (P \<otimes>\<^bsub>Pring R I\<^esub> mset_to_IP R (add_mset x m))) =
+ \<phi> (indexed_const k) \<otimes>\<^bsub>S\<^esub> \<phi> P \<otimes>\<^bsub>S\<^esub> \<phi> (mset_to_IP R (add_mset x m))"
+ using 8 9
+ by presburger
+ then show ?case
+ by blast
+ qed
+ have 4: "\<phi> (poly_scalar_mult R (Q m) (P \<otimes>\<^bsub>Pring R I\<^esub> (mset_to_IP R m))) =
+ \<phi> (indexed_const (Q m)) \<otimes>\<^bsub>S\<^esub> (\<phi> P) \<otimes>\<^bsub>S\<^esub> \<phi> (mset_to_IP R m)"
+ using 3
+ by (metis A Pring_mult insert_iff local.ring_axioms m_M_def mset_to_IP_indices
+ ring.Pring_cfs_closed)
+ have 5: "\<phi> (P \<otimes>\<^bsub>Pring R I\<^esub> Q) = (\<phi> P) \<otimes>\<^bsub>S\<^esub> (\<phi> Q') \<oplus>\<^bsub>S\<^esub> \<phi> (indexed_const (Q m)) \<otimes>\<^bsub>S\<^esub> (\<phi> P) \<otimes>\<^bsub>S\<^esub> \<phi> (mset_to_IP R m)"
+ using 2 4
+ by presburger
+ have " \<phi> (indexed_const (Q m)) \<otimes>\<^bsub>S\<^esub> (\<phi> P) \<otimes>\<^bsub>S\<^esub> \<phi> (mset_to_IP R m) =
+ (\<phi> P) \<otimes>\<^bsub>S\<^esub> \<phi> (indexed_const (Q m)) \<otimes>\<^bsub>S\<^esub> \<phi> (mset_to_IP R m)"
+ proof-
+ have 0: "(\<phi> P) \<in> carrier S"
+ using A0 assms(2)
+ by blast
+ have 1: "\<phi> (indexed_const (Q m)) \<in> carrier S"
+ proof-
+ have "indexed_const (Q m ) \<in> carrier (Pring R I)"
+ using A Pring_car Pring_cfs_closed indexed_pset.indexed_const by blast
+ then show ?thesis
+ using assms(2)
+ by blast
+ qed
+ have 2: "\<phi> (mset_to_IP R m) \<in> carrier S"
+ proof-
+ have "(mset_to_IP R m) \<in> carrier (Pring R I)"
+ by (metis A Pring_car insert_iff m_M_def mset_to_IP_closed')
+ then show ?thesis using assms(2)
+ by blast
+ qed
+ show ?thesis using assms(1) 0 1 2
+ by (metis cring.cring_simprules(14))
+ qed
+ then have 6: "\<phi> (P \<otimes>\<^bsub>Pring R I\<^esub> Q) = (\<phi> P) \<otimes>\<^bsub>S\<^esub> (\<phi> Q') \<oplus>\<^bsub>S\<^esub> (\<phi> P) \<otimes>\<^bsub>S\<^esub> \<phi> (indexed_const (Q m)) \<otimes>\<^bsub>S\<^esub> \<phi> (mset_to_IP R m)"
+ using 5
+ by presburger
+ then have 7: "\<phi> (P \<otimes>\<^bsub>Pring R I\<^esub> Q) = (\<phi> P) \<otimes>\<^bsub>S\<^esub> ((\<phi> Q') \<oplus>\<^bsub>S\<^esub> \<phi> (indexed_const (Q m)) \<otimes>\<^bsub>S\<^esub> \<phi> (mset_to_IP R m))"
+ proof-
+ have 0: "(\<phi> P) \<in> carrier S"
+ using A0 assms(2)
+ by blast
+ have 1: "\<phi> (indexed_const (Q m)) \<in> carrier S"
+ proof-
+ have "indexed_const (Q m ) \<in> carrier (Pring R I)"
+ using A Pring_car Pring_cfs_closed indexed_pset.indexed_const by blast
+ then show ?thesis
+ using assms(2)
+ by blast
+ qed
+ have 2: "\<phi> (mset_to_IP R m) \<in> carrier S"
+ proof-
+ have "(mset_to_IP R m) \<in> carrier (Pring R I)"
+ by (metis A Pring_car insert_iff m_M_def mset_to_IP_closed')
+ then show ?thesis using assms(2)
+ by blast
+ qed
+ have 3: "\<phi> Q' \<in> carrier S"
+ proof-
+ have "Q' \<in> carrier (Pring R I)"
+ using Q'_fact Pring_car
+ by blast
+ then show ?thesis
+ using assms(2)
+ by blast
+ qed
+ show ?thesis using 0 1 2 3 6
+ by (metis assms(1) cring.cring_simprules(11) cring.cring_simprules(25) cring.cring_simprules(5))
+ qed
+ then show ?thesis
+ by (metis A Pring_car Pring_cfs_closed Q'_def Q'_fact
+ \<open>Q = restrict_poly_to_monom_set R Q M \<oplus>\<^bsub>Pring R I\<^esub> Mt (Q m) m\<close> assms(5) assms(7)
+ cring.poly_scalar_mult_closed insert_iff is_cring m_M_def mset_to_IP_closed')
+ qed
+ qed
+ show "Q \<in> Pring_set R I "
+ using A1 Pring_car
+ by blast
+ qed
+ qed
+ show "\<And>x y. x \<in> carrier (Pring R I) \<Longrightarrow> y \<in> carrier (Pring R I) \<Longrightarrow> \<phi> (x \<oplus>\<^bsub>Pring R I\<^esub> y) = \<phi> x \<oplus>\<^bsub>S\<^esub> \<phi> y"
+ using assms(5)
+ by blast
+ show "\<phi> \<one>\<^bsub>Pring R I\<^esub> = \<one>\<^bsub>S\<^esub>"
+ by (simp add: assms(3))
+qed
+
+lemma(in cring) indexed_const_Pring_mult:
+ assumes "k \<in> carrier R"
+ assumes "P \<in> carrier (Pring R I)"
+ shows "(indexed_const k \<otimes>\<^bsub>Pring R I\<^esub> P) m = k \<otimes>\<^bsub>R\<^esub> (P m)"
+ "(P \<otimes>\<^bsub>Pring R I\<^esub> indexed_const k) m = k \<otimes>\<^bsub>R\<^esub> (P m)"
+ apply (metis Pring_car Pring_mult assms(1) assms(2) poly_scalar_mult_def poly_scalar_mult_eq)
+ by (metis Pring_car Pring_carrier_coeff' Pring_mult assms(1) assms(2) indexed_const_P_multE m_comm)
+
+lemma(in cring) ring_hom_to_IP_ring_hom_is_hom:
+ assumes "cring S"
+ assumes "ring_hom_ring R S \<phi>"
+ shows "ring_hom_ring (Pring R I) (Pring S I) (ring_hom_to_IP_ring_hom \<phi>)"
+proof(rule Pring_morphism)
+ show 0: "cring (Pring S I)"
+ by (simp add: assms(1) cring.axioms(1) ring.Pring_is_cring)
+ show 1: "ring_hom_to_IP_ring_hom \<phi> \<in> carrier (Pring R I) \<rightarrow> carrier (Pring S I)"
+ by (meson Pi_I assms(1) assms(2) ring_hom_to_IP_ring_hom_closed)
+ show 2: "ring_hom_to_IP_ring_hom \<phi> \<one>\<^bsub>Pring R I\<^esub> = \<one>\<^bsub>Pring S I\<^esub>"
+ by (simp add: assms(1) assms(2) ring_hom_to_IP_ring_hom_one)
+ show 3: "ring_hom_to_IP_ring_hom \<phi> \<zero>\<^bsub>Pring R I\<^esub> = \<zero>\<^bsub>Pring S I\<^esub>"
+ proof-
+ have "\<And>m. \<phi> (\<zero>\<^bsub>Pring R I\<^esub> m) = \<zero>\<^bsub>S\<^esub>"
+ using assms
+ by (metis Pring_carrier_coeff' Pring_zero Pring_zero_closed cring.axioms(1)
+ cring.cring_simprules(26) indexed_const_Pring_mult(2) is_cring ring.Pring_is_cring
+ ring_hom_ring.homh ring_hom_zero zero_closed)
+ then have "\<And>m. \<phi> (\<zero>\<^bsub>Pring R I\<^esub> m) = \<zero>\<^bsub>Pring S I\<^esub> m"
+ by (metis assms(1) cring.axioms(1) ring.Pring_zero ring.indexed_const_def)
+ then show ?thesis unfolding ring_hom_to_IP_ring_hom_def
+ by blast
+ qed
+ show 4: " \<And>P Q. P \<in> carrier (Pring R I) \<Longrightarrow>
+ Q \<in> carrier (Pring R I) \<Longrightarrow> ring_hom_to_IP_ring_hom \<phi> (P \<oplus>\<^bsub>Pring R I\<^esub> Q) = ring_hom_to_IP_ring_hom \<phi> P \<oplus>\<^bsub>Pring S I\<^esub> ring_hom_to_IP_ring_hom \<phi> Q"
+ using assms(1) assms(2) ring_hom_to_IP_ring_hom_add by blast
+ show 5: " \<And>i P. i \<in> I \<Longrightarrow>
+ P \<in> carrier (Pring R I) \<Longrightarrow>
+ ring_hom_to_IP_ring_hom \<phi> (P \<Otimes> i) = ring_hom_to_IP_ring_hom \<phi> P \<otimes>\<^bsub>Pring S I\<^esub> ring_hom_to_IP_ring_hom \<phi> (mset_to_IP R {#i#})"
+ proof-
+ fix i P
+ assume i0: "i \<in> I"
+ assume P0: "P \<in> carrier (Pring R I)"
+ show "ring_hom_to_IP_ring_hom \<phi> (P \<Otimes> i) = ring_hom_to_IP_ring_hom \<phi> P \<otimes>\<^bsub>Pring S I\<^esub> ring_hom_to_IP_ring_hom \<phi> (mset_to_IP R {#i#})"
+ unfolding ring_hom_to_IP_ring_hom_def
+ proof
+ fix m
+ show " \<phi> ((P \<Otimes> i) m) = ((\<lambda>m. \<phi> (P m)) \<otimes>\<^bsub>Pring S I\<^esub> (\<lambda>m. \<phi> (mset_to_IP R {#i#} m))) m"
+ proof(cases "i \<in># m")
+ case True
+ have "(\<lambda>m. \<phi> (mset_to_IP R {#i#} m)) = mset_to_IP S {#i#}"
+ proof
+ fix m
+ show "\<phi> (mset_to_IP R {#i#} m) = mset_to_IP S {#i#} m"
+ apply(cases "{#i#} = m")
+ apply (metis (mono_tags, lifting) assms(1) assms(2) cring.axioms(1) local.ring_axioms
+ mset_to_IP_def one_mset_to_IP ring.Pring_one ring.Pring_one ring.one_mset_to_IP
+ ring_hom_to_IP_ring_hom_def ring_hom_to_IP_ring_hom_one)
+ proof-
+ assume "{#i#} \<noteq> m"
+ then have LHS: "(mset_to_IP R {#i#} m) = \<zero>\<^bsub>R\<^esub>"
+ by (metis mset_to_IP_simp')
+ have RHS :"mset_to_IP S {#i#} m = \<zero>\<^bsub>S\<^esub>"
+ by (metis \<open>{#i#} \<noteq> m\<close> mset_to_IP_def)
+ have "\<phi> \<zero>\<^bsub>R\<^esub> = \<zero>\<^bsub>S\<^esub>"
+ using assms(1) assms(2) cring.axioms(1) local.ring_axioms
+ ring_hom_ring.homh ring_hom_zero by blast
+ then show ?thesis
+ using LHS RHS
+ by presburger
+ qed
+ qed
+ then have RHS: "((\<lambda>m. \<phi> (P m)) \<otimes>\<^bsub>Pring S I\<^esub> (\<lambda>m. \<phi> (mset_to_IP R {#i#} m))) m =
+ ((\<lambda>m. \<phi> (P m)) \<otimes>\<^bsub>Pring S I\<^esub> mset_to_IP S {#i#}) m"
+ by presburger
+ then have RHS': "((\<lambda>m. \<phi> (P m)) \<otimes>\<^bsub>Pring S I\<^esub> (\<lambda>m. \<phi> (mset_to_IP R {#i#} m))) m =
+ (ring.indexed_pmult S (\<lambda>m. \<phi> (P m)) i) m"
+ proof-
+ have 0: "(\<lambda>m. \<phi> (P m)) \<in> Pring_set S I"
+ using ring_hom_to_IP_ring_hom_closed[of S \<phi> P I] ring.Pring_car[of S I] assms
+ unfolding ring_hom_to_IP_ring_hom_def
+ using P0 cring.axioms(1) by blast
+ show ?thesis using ring.poly_index_mult[of S "(\<lambda>m. \<phi> (P m))" I i]
+ by (metis "0" \<open>(\<lambda>m. \<phi> (mset_to_IP R {#i#} m)) = mset_to_IP S {#i#}\<close>
+ assms(1) cring.axioms(1) i0 ring.Pring_mult)
+ qed
+ then have RHS'': "((\<lambda>m. \<phi> (P m)) \<otimes>\<^bsub>Pring S I\<^esub> (\<lambda>m. \<phi> (mset_to_IP R {#i#} m))) m =
+ (\<lambda>m. \<phi> (P m)) (m - {#i#})" using ring.indexed_pmult_def[of S "(\<lambda>m. \<phi> (P m))" i] True
+ by (metis assms(1) cring.axioms(1))
+ then show ?thesis
+ by (metis True indexed_pmult_def)
+ next
+ case False
+ have LHS: "((P \<Otimes> i) m) = \<zero>\<^bsub>R\<^esub>"
+ using False
+ by (meson indexed_pmult_def)
+ have "(\<lambda>m. \<phi> (mset_to_IP R {#i#} m)) = mset_to_IP S {#i#}"
+ proof
+ fix m
+ show "\<phi> (mset_to_IP R {#i#} m) = mset_to_IP S {#i#} m"
+ apply(cases "{#i#} = m")
+ apply (metis (mono_tags, lifting) assms(1) assms(2) cring.axioms(1) local.ring_axioms
+ mset_to_IP_def one_mset_to_IP ring.Pring_one ring.Pring_one ring.one_mset_to_IP
+ ring_hom_to_IP_ring_hom_def ring_hom_to_IP_ring_hom_one)
+ proof-
+ assume "{#i#} \<noteq> m"
+ then have LHS: "(mset_to_IP R {#i#} m) = \<zero>\<^bsub>R\<^esub>"
+ by (metis mset_to_IP_simp')
+ have RHS :"mset_to_IP S {#i#} m = \<zero>\<^bsub>S\<^esub>"
+ by (metis \<open>{#i#} \<noteq> m\<close> mset_to_IP_def)
+ have "\<phi> \<zero>\<^bsub>R\<^esub> = \<zero>\<^bsub>S\<^esub>"
+ using assms(1) assms(2) cring.axioms(1) local.ring_axioms
+ ring_hom_ring.homh ring_hom_zero by blast
+ then show ?thesis
+ using LHS RHS
+ by presburger
+ qed
+ qed
+ then have RHS: "((\<lambda>m. \<phi> (P m)) \<otimes>\<^bsub>Pring S I\<^esub> (\<lambda>m. \<phi> (mset_to_IP R {#i#} m))) m =
+ ((\<lambda>m. \<phi> (P m)) \<otimes>\<^bsub>Pring S I\<^esub> mset_to_IP S {#i#}) m"
+ by presburger
+ then have RHS': "((\<lambda>m. \<phi> (P m)) \<otimes>\<^bsub>Pring S I\<^esub> (\<lambda>m. \<phi> (mset_to_IP R {#i#} m))) m =
+ (ring.indexed_pmult S (\<lambda>m. \<phi> (P m)) i) m"
+ proof-
+ have 0: "(\<lambda>m. \<phi> (P m)) \<in> Pring_set S I"
+ using ring_hom_to_IP_ring_hom_closed[of S \<phi> P I] ring.Pring_car[of S I] assms
+ unfolding ring_hom_to_IP_ring_hom_def
+ using P0 cring.axioms(1) by blast
+ show ?thesis using ring.poly_index_mult[of S "(\<lambda>m. \<phi> (P m))" I i]
+ by (metis "0" \<open>(\<lambda>m. \<phi> (mset_to_IP R {#i#} m)) = mset_to_IP S {#i#}\<close>
+ assms(1) cring.axioms(1) i0 ring.Pring_mult)
+ qed
+ then have RHS'': "((\<lambda>m. \<phi> (P m)) \<otimes>\<^bsub>Pring S I\<^esub> (\<lambda>m. \<phi> (mset_to_IP R {#i#} m))) m =
+ \<zero>\<^bsub>S\<^esub>"
+ using False
+ by (metis assms(1) cring.axioms(1) ring.indexed_pmult_def)
+ then show ?thesis
+ using LHS False assms ring_hom_zero[of \<phi> R S]
+ by (metis cring.axioms(1) local.ring_axioms ring_hom_ring.homh)
+ qed
+ qed
+ qed
+ show "\<And>k Q. k \<in> carrier R \<Longrightarrow>
+ Q \<in> carrier (Pring R I) \<Longrightarrow>
+ ring_hom_to_IP_ring_hom \<phi> (poly_scalar_mult R k Q) = ring_hom_to_IP_ring_hom \<phi> (indexed_const k) \<otimes>\<^bsub>Pring S I\<^esub> ring_hom_to_IP_ring_hom \<phi> Q"
+ proof-
+ fix k Q
+ assume A0: "k \<in> carrier R"
+ assume A1: " Q \<in> carrier (Pring R I)"
+ show "ring_hom_to_IP_ring_hom \<phi> (poly_scalar_mult R k Q) =
+ ring_hom_to_IP_ring_hom \<phi> (indexed_const k) \<otimes>\<^bsub>Pring S I\<^esub> ring_hom_to_IP_ring_hom \<phi> Q"
+ proof
+ fix x
+ show "ring_hom_to_IP_ring_hom \<phi> (poly_scalar_mult R k Q) x = (ring_hom_to_IP_ring_hom \<phi> (indexed_const k) \<otimes>\<^bsub>Pring S I\<^esub> ring_hom_to_IP_ring_hom \<phi> Q) x"
+ proof-
+ have LHS: "ring_hom_to_IP_ring_hom \<phi> (poly_scalar_mult R k Q) x = \<phi> (k \<otimes>\<^bsub>R\<^esub> Q x)"
+ by (metis poly_scalar_mult_def ring_hom_to_IP_ring_hom_def)
+ then have LHS': "ring_hom_to_IP_ring_hom \<phi> (poly_scalar_mult R k Q) x = (\<phi> k) \<otimes>\<^bsub>S\<^esub> \<phi> (Q x)"
+ proof-
+ have "Q x \<in> carrier R"
+ using A1 Pring_car local.ring_axioms ring.Pring_cfs_closed by blast
+ then show ?thesis
+ using LHS assms ring_hom_mult[of \<phi> R S k "Q x"]
+ by (metis A0 ring_hom_ring.homh)
+ qed
+ have RHS: "(ring_hom_to_IP_ring_hom \<phi> (indexed_const k) \<otimes>\<^bsub>Pring S I\<^esub> ring_hom_to_IP_ring_hom \<phi> Q) x =
+ (\<phi> k) \<otimes>\<^bsub>S\<^esub> (\<phi> (Q x))"
+ proof-
+ have 0: "ring_hom_to_IP_ring_hom \<phi> (indexed_const k)= ring.indexed_const S (\<phi> k)"
+ by (simp add: A0 assms(1) assms(2) ring_hom_to_IP_ring_hom_constant)
+ have 1: "(\<phi> k) \<in> carrier S"
+ by (meson A0 assms(2) ring_hom_closed ring_hom_ring.homh)
+ have 2: "ring_hom_to_IP_ring_hom \<phi> Q \<in> carrier (Pring S I)"
+ using A1 assms ring_hom_to_IP_ring_hom_closed
+ by blast
+ have 3: "(ring.indexed_const S (\<phi> k) \<otimes>\<^bsub>Pring S I\<^esub> ring_hom_to_IP_ring_hom \<phi> Q) x = (\<phi> k) \<otimes>\<^bsub>S\<^esub> (\<phi> (Q x))"
+ using assms(1) 1 2
+ cring.indexed_const_Pring_mult(1)[of S "\<phi> k" "ring_hom_to_IP_ring_hom \<phi> Q" I x]
+ ring_hom_to_IP_ring_hom_def[of \<phi> Q x]
+ by presburger
+ then show ?thesis
+ by (metis "0")
+ qed
+ then show ?thesis
+ using LHS'
+ by metis
+ qed
+ qed
+ qed
+qed
+
+lemma ring_hom_to_IP_ring_hom_smult:
+ assumes "cring S"
+ assumes "ring_hom_ring R S \<phi>"
+ assumes "P \<in> carrier (Pring R I)"
+ assumes "a \<in> carrier R"
+ shows "ring_hom_to_IP_ring_hom \<phi> (a \<odot>\<^bsub>Pring R I\<^esub>P) =
+ \<phi> a \<odot>\<^bsub>Pring S I\<^esub> (ring_hom_to_IP_ring_hom \<phi> P)"
+proof fix m
+ have 0: "\<phi> ((a \<odot>\<^bsub>Pring R I\<^esub> P) m) = \<phi> (a \<otimes> (P m))"
+ using assms
+ by (metis Pring_smult_cfs)
+ hence 1: "\<phi> ((a \<odot>\<^bsub>Pring R I\<^esub> P) m) = \<phi> a \<otimes>\<^bsub>S\<^esub> \<phi> (P m)"
+ using assms ring_hom_mult[of \<phi> R S]
+ by (metis Pring_carrier_coeff' ring_hom_ring.homh)
+ have 2: "(\<phi> a \<odot>\<^bsub>Pring S I\<^esub> (\<lambda>m. \<phi> (P m))) m = \<phi> a \<otimes>\<^bsub>S\<^esub> \<phi> (P m)"
+ using assms ring.Pring_smult[of S I]
+ unfolding poly_scalar_mult_def cring_def
+ by presburger
+ show "ring_hom_to_IP_ring_hom \<phi> (a \<odot>\<^bsub>Pring R I\<^esub> P) m =
+ (\<phi> a \<odot>\<^bsub>Pring S I\<^esub> ring_hom_to_IP_ring_hom \<phi> P) m"
+ unfolding ring_hom_to_IP_ring_hom_def using assms 1 2
+ by presburger
+qed
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>A Universal Property for Indexed Polynomial Rings\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+lemma Pring_universal_prop_0:
+ assumes a_cring: "cring S"
+ assumes index_map: "closed_fun S g"
+ assumes ring_hom: "ring_hom_ring R S \<phi>"
+ assumes "\<psi> = (total_eval S g) \<circ> (ring_hom_to_IP_ring_hom \<phi>)"
+ shows "(ring_hom_ring (Pring R I) S \<psi>)"
+ "(\<forall>i \<in> I. \<psi> (mset_to_IP R {#i#}) = g i)"
+ "(\<forall>a \<in> carrier R. \<psi> (indexed_const a) = \<phi> a)"
+ "\<forall> \<rho>. (ring_hom_ring (Pring R I) S \<rho>) \<and>
+ (\<forall>i \<in> I. \<rho> (mset_to_IP R {#i#}) = g i) \<and>
+ (\<forall>a \<in> carrier R. \<rho> (indexed_const a) = \<phi> a) \<longrightarrow>
+ (\<forall>x \<in> carrier (Pring R I). \<rho> x = \<psi> x)"
+proof-
+ have 0: " (ring_hom_to_IP_ring_hom \<phi>) \<in> ring_hom (Pring R I) (Pring S I)"
+ using a_cring ring_hom ring_hom_ring.homh ring_hom_to_IP_ring_hom_is_hom
+ by blast
+ have 1: "(total_eval S g) \<in> ring_hom (Pring S I) S "
+ using a_cring cring.total_eval_ring_hom index_map ring_hom_ring.homh
+ by blast
+ show P0: "ring_hom_ring (Pring R I) S \<psi> "
+ using ring_hom_trans 0 1 Pring_is_ring a_cring assms(4) cring.axioms(1) ring_hom_ringI2
+ by blast
+ show P1: "\<forall>i\<in>I. \<psi> (mset_to_IP R {#i#}) = g i"
+ proof
+ fix i assume Pi: "i \<in> I"
+ show "\<psi> (mset_to_IP R {#i#}) = g i"
+ proof-
+ have 0: "\<psi> (mset_to_IP R {#i#}) = (total_eval S g) ( (ring_hom_to_IP_ring_hom \<phi>) (mset_to_IP R {#i#}))"
+ by (simp add: assms(4))
+ have "( (ring_hom_to_IP_ring_hom \<phi>) (mset_to_IP R {#i#})) = (mset_to_IP S {#i#})"
+ by (simp add: a_cring ring_hom ring_hom_to_IP_ring_hom_monom)
+ then have "\<psi> (mset_to_IP R {#i#}) = (total_eval S g) (mset_to_IP S {#i#})"
+ by (simp add: 0)
+ then show ?thesis
+ by (simp add: a_cring cring.total_eval_var index_map)
+ qed
+ qed
+ show P2: "\<forall>a\<in>carrier R. \<psi> (indexed_const a) = \<phi> a"
+ proof
+ fix a assume A: "a \<in> carrier R"
+ show "\<psi> (indexed_const a) = \<phi> a"
+ proof-
+ have 0: "ring_hom_to_IP_ring_hom \<phi> (indexed_const a) = ring.indexed_const S (\<phi> a)"
+ by (simp add: A a_cring ring_hom ring_hom_to_IP_ring_hom_constant)
+ have 1: "total_eval S g (ring.indexed_const S (\<phi> a)) = \<phi> a"
+ by (meson A a_cring cring.total_eval_const ring_hom ring_hom_closed ring_hom_ring.homh)
+ show ?thesis
+ using assms 0 1
+ by (simp add: "0" index_map)
+ qed
+ qed
+ show "\<forall> \<rho>. (ring_hom_ring (Pring R I) S \<rho>) \<and>
+ (\<forall>i \<in> I. \<rho> (mset_to_IP R {#i#}) = g i) \<and>
+ (\<forall>a \<in> carrier R. \<rho> (indexed_const a) = \<phi> a) \<longrightarrow>
+ (\<forall>x \<in> carrier (Pring R I). \<rho> x = \<psi> x)"
+ proof
+ fix \<rho>
+ show "ring_hom_ring (Pring R I) S \<rho> \<and> (\<forall>i\<in>I. \<rho> (mset_to_IP R {#i#}) = g i) \<and> (\<forall>a\<in>carrier R. \<rho> (indexed_const a) = \<phi> a) \<longrightarrow>
+ (\<forall>x\<in>carrier (Pring R I). \<rho> x = \<psi> x)"
+ proof
+ assume A: "(ring_hom_ring (Pring R I) S \<rho>) \<and>
+ (\<forall>i \<in> I. \<rho> (mset_to_IP R {#i#}) = g i) \<and>
+ (\<forall>a \<in> carrier R. \<rho> (indexed_const a) = \<phi> a)"
+ show "(\<forall>x \<in> carrier (Pring R I). \<rho> x = \<psi> x)"
+ proof
+ fix x assume B: "x \<in> carrier (Pring R I)"
+ show "\<rho> x = \<psi> x"
+ apply(rule indexed_pset.induct[of x I "carrier R"])
+ using B Pring_car apply blast
+ apply (metis A P2)
+ proof-
+ show "\<And>P Q. P \<in> Pring_set R I \<Longrightarrow> \<rho> P = \<psi> P \<Longrightarrow> Q \<in> Pring_set R I \<Longrightarrow> \<rho> Q = \<psi> Q \<Longrightarrow> \<rho> (P \<Oplus> Q) = \<psi> (P \<Oplus> Q)"
+ proof-
+ fix P Q
+ assume A0: "P \<in> Pring_set R I " "\<rho> P = \<psi> P" " Q \<in> Pring_set R I" " \<rho> Q = \<psi> Q "
+ show "\<rho> (P \<Oplus> Q) = \<psi> (P \<Oplus> Q)"
+ using A A0 ring_hom_add[of \<psi> "Pring R I" S P Q] ring_hom_add[of \<rho> "Pring R I" S P Q] P0
+ by (metis Pring_add Pring_car ring_hom_ring.homh)
+ qed
+ show "\<And>P i. P \<in> Pring_set R I \<Longrightarrow> \<rho> P = \<psi> P \<Longrightarrow> i \<in> I \<Longrightarrow> \<rho> (P \<Otimes> i) = \<psi> (P \<Otimes> i)"
+ proof-
+ fix P i
+ assume A0: " P \<in> Pring_set R I" " \<rho> P = \<psi> P" "i \<in> I"
+ show "\<rho> (P \<Otimes> i) = \<psi> (P \<Otimes> i)"
+ proof-
+ have "\<rho> (P \<otimes>\<^bsub>Pring R I\<^esub> (mset_to_IP R {#i#})) = \<psi> (P \<otimes>\<^bsub>Pring R I\<^esub> (mset_to_IP R {#i#}))"
+ using A A0 ring_hom_mult[of \<psi> "Pring R I" S P "(mset_to_IP R {#i#})"]
+ ring_hom_mult[of \<rho> "Pring R I" S P "(mset_to_IP R {#i#})"] P0
+ by (metis P1 Pring_car Pring_one Pring_one_closed indexed_pset.indexed_pmult
+ monom_add_mset one_mset_to_IP ring_hom_ring.homh)
+ then show ?thesis
+ by (metis A0(1) A0(3) Pring_mult poly_index_mult)
+ qed
+ qed
+ qed
+ qed
+ qed
+ qed
+qed
+
+end
+
+definition close_fun :: "'c set \<Rightarrow> ('e, 'f) ring_scheme \<Rightarrow> ('c \<Rightarrow> 'e) \<Rightarrow> ('c \<Rightarrow> 'e)" where
+"close_fun I S g = (\<lambda>i. (if i \<in> I then g i else \<zero>\<^bsub>S\<^esub>))"
+
+context cring
+begin
+
+lemma close_funE:
+ assumes "cring S"
+ assumes "g \<in> I \<rightarrow> carrier S"
+ shows "closed_fun S (close_fun I S g)"
+ apply(rule cring.closed_funI)
+ apply (simp add: assms(1))
+ by (metis close_fun_def PiE assms(1) assms(2) cring.cring_simprules(2))
+
+end
+
+definition indexed_poly_induced_morphism ::
+ "'c set \<Rightarrow> ('e, 'f) ring_scheme \<Rightarrow> ('a, 'e) ring_hom \<Rightarrow> ('c \<Rightarrow> 'e) \<Rightarrow> (('a,'c) mvar_poly, 'e) ring_hom" where
+"indexed_poly_induced_morphism I S \<phi> g = (total_eval S (close_fun I S g)) \<circ> (ring_hom_to_IP_ring_hom \<phi>)"
+
+context cring
+begin
+
+lemma Pring_universal_prop:
+ assumes a_cring: "cring S"
+ assumes index_map: "g \<in> I \<rightarrow> carrier S"
+ assumes ring_hom: "ring_hom_ring R S \<phi>"
+ assumes "\<psi> = indexed_poly_induced_morphism I S \<phi> g"
+ shows "(ring_hom_ring (Pring R I) S \<psi>)"
+ "(\<forall>i \<in> I. \<psi> (mset_to_IP R {#i#}) = g i)"
+ "(\<forall>a \<in> carrier R. \<psi> (indexed_const a) = \<phi> a)"
+ "\<forall> \<rho>. (ring_hom_ring (Pring R I) S \<rho>) \<and>
+ (\<forall>i \<in> I. \<rho> (mset_to_IP R {#i#}) = g i) \<and>
+ (\<forall>a \<in> carrier R. \<rho> (indexed_const a) = \<phi> a) \<longrightarrow>
+ (\<forall>x \<in> carrier (Pring R I). \<rho> x = \<psi> x)"
+proof-
+ obtain g' where g'_def: "g' = (close_fun I S g)"
+ by simp
+ have 0: "closed_fun S g'"
+ using close_funE a_cring g'_def index_map
+ by blast
+ show "(ring_hom_ring (Pring R I) S \<psi>)" using assms 0
+ using cring.Pring_universal_prop_0(1) indexed_poly_induced_morphism_def g'_def is_cring
+ by blast
+ show "(\<forall>i \<in> I. \<psi> (mset_to_IP R {#i#}) = g i)"
+ proof-
+ have "(\<forall>i \<in> I. \<psi> (mset_to_IP R {#i#}) = g' i)"
+ apply(intro Pring_universal_prop_0[of S _ \<phi>] assms)
+ unfolding assms indexed_poly_induced_morphism_def g'_def
+ using assms 0 g'_def apply fastforce
+ by auto
+ thus ?thesis unfolding g'_def using assms
+ by (simp add: close_fun_def)
+ qed
+ show "\<forall>a\<in>carrier R. \<psi> (indexed_const a) = \<phi> a"
+ using 0 indexed_poly_induced_morphism_def Pring_universal_prop_0(3) a_cring assms(4) g'_def ring_hom
+ by blast
+ show "\<forall>\<rho>. ring_hom_ring (Pring R I) S \<rho> \<and> (\<forall>i\<in>I. \<rho> (mset_to_IP R {#i#}) = g i) \<and> (\<forall>a\<in>carrier R. \<rho> (indexed_const a) = \<phi> a) \<longrightarrow>
+ (\<forall>x\<in>carrier (Pring R I). \<rho> x = \<psi> x)"
+ proof-
+ have "\<forall>\<rho>. ring_hom_ring (Pring R I) S \<rho> \<and> (\<forall>i\<in>I. \<rho> (mset_to_IP R {#i#}) = g' i) \<and> (\<forall>a\<in>carrier R. \<rho> (indexed_const a) = \<phi> a) \<longrightarrow>
+ (\<forall>x\<in>carrier (Pring R I). \<rho> x = \<psi> x)"
+ using assms 0 Pring_universal_prop_0(4) g'_def
+ unfolding indexed_poly_induced_morphism_def
+ by blast
+ then show ?thesis
+ using g'_def
+ unfolding close_fun_def
+ by meson
+ qed
+qed
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Mapping Mulitvariate Polynomials over a Single Variable to Univariate Polynomials\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>Constructor for multisets which have one distinct element\<close>
+
+definition nat_to_mset :: "'c \<Rightarrow> nat \<Rightarrow> 'c monomial" where
+"nat_to_mset i n = Abs_multiset (\<lambda>j. if (j = i) then n else 0)"
+
+lemma nat_to_msetE: "count (nat_to_mset i n) i = n"
+ unfolding nat_to_mset_def by simp
+
+lemma nat_to_msetE':
+ assumes "j \<noteq> i"
+ shows "count (nat_to_mset i n) j = 0"
+ unfolding nat_to_mset_def using assms by simp
+
+lemma nat_to_mset_add: "nat_to_mset i (n + m) = (nat_to_mset i n) + (nat_to_mset i m)"
+ apply(rule multiset_eqI)
+ by (metis add.right_neutral nat_to_msetE nat_to_msetE' count_union)
+
+lemma nat_to_mset_inj:
+ assumes "n \<noteq> m"
+ shows "(nat_to_mset i n) \<noteq> (nat_to_mset i m)"
+ using assms
+ by (metis nat_to_msetE)
+
+lemma nat_to_mset_zero: "nat_to_mset i 0 = {#}"
+ by (metis add.right_neutral add_cancel_right_right nat_to_mset_add)
+
+lemma nat_to_mset_Suc: "nat_to_mset i (Suc n) = add_mset i (nat_to_mset i n)"
+ using nat_to_mset_add[of i n 1]
+ by (simp add: multiset_eqI nat_to_msetE nat_to_msetE')
+
+lemma nat_to_mset_Pring_singleton:
+ assumes "cring R"
+ assumes "P \<in> carrier (Pring R {i})"
+ assumes "m \<in> monomials_of R P"
+ shows "m = nat_to_mset i (count m i)"
+proof-
+ have "\<And> j. count m j = count (nat_to_mset i (count m i)) j"
+ proof-
+ fix j
+ show "count m j = count (nat_to_mset i (count m i)) j"
+ apply(cases "j = i")
+ apply (simp add: nat_to_msetE; fail)
+ proof-
+ assume A: "j \<noteq>i"
+ have P0: "set_mset m \<subseteq> {i}"
+ using assms
+ by (metis cring.axioms(1) ring.Pring_car ring.mset_to_IP_indices)
+ then have "count m j = 0"
+ using A assms
+ by (metis count_inI empty_iff singletonD subset_singletonD)
+ then show " count m j = count (nat_to_mset i (count m i)) j"
+ by (simp add: A nat_to_msetE')
+ qed
+ qed
+ then show ?thesis
+ using multiset_eqI by blast
+qed
+
+definition IP_to_UP :: "'d \<Rightarrow> ('e, 'd) mvar_poly \<Rightarrow> 'e u_poly" where
+"IP_to_UP i P = (\<lambda> (n::nat). P (nat_to_mset i n))"
+
+lemma IP_to_UP_closed:
+ assumes "cring R"
+ assumes "P \<in> carrier (Pring R {i::'c})"
+ shows "IP_to_UP i P \<in> carrier (UP R)"
+proof-
+ have "IP_to_UP i P \<in> up R"
+ apply(rule mem_upI)
+ using assms
+ apply (metis cring_def IP_to_UP_def ring.Pring_carrier_coeff')
+ unfolding bound_def IP_to_UP_def
+ apply(rule ccontr)
+ proof-
+ assume A: "\<nexists>n. \<forall>m>n. P (nat_to_mset i m) = \<zero>\<^bsub>R\<^esub>"
+ then have 0: "\<forall>n. \<exists>m> n. (nat_to_mset i m) \<in> monomials_of R P"
+ by (meson assms(1) cring_def ring.complement_of_monomials_of)
+ have "\<not> finite {m. (nat_to_mset i m) \<in> monomials_of R P }"
+ proof
+ assume "finite {m. nat_to_mset i m \<in> monomials_of R P}"
+ then have "\<exists>n. \<forall>m>n. m \<notin> {m. nat_to_mset i m \<in> monomials_of R P}"
+ by (meson finite_nat_set_iff_bounded nat_less_le order.strict_trans)
+ then have "\<exists>n. \<forall>m>n. nat_to_mset i m \<notin> monomials_of R P"
+ by (simp add: monomials_of_def)
+ then show False using 0
+ by blast
+ qed
+ then obtain S where S_def: "infinite (S::nat set) \<and> (\<forall>m \<in> S. (nat_to_mset i m) \<in> monomials_of R P)"
+ by blast
+ have "inj_on (nat_to_mset i) S"
+ using inj_onI[of S "nat_to_mset i"]
+ by (meson nat_to_mset_inj)
+ then have 1: "infinite (nat_to_mset i ` S)"
+ using S_def finite_imageD
+ by blast
+ have 2: "(nat_to_mset i ` S) \<subseteq> (monomials_of R P)"
+ using S_def
+ by blast
+ then have "infinite (monomials_of R P)"
+ using S_def "1" finite_subset
+ by blast
+ then show False using assms
+ by (metis Pring_def cring_def partial_object.select_convs(1) ring.monomials_finite)
+ qed
+ then show ?thesis
+ by (metis (no_types, lifting) UP_def partial_object.select_convs(1))
+qed
+
+lemma IP_to_UP_var:
+ shows "IP_to_UP i (mset_to_IP R {#i#}) = X_poly R"
+proof
+ have UP: "UP_cring R"
+ by (simp add: UP_cring_def cring_axioms)
+ fix x
+ show "IP_to_UP i (mset_to_IP R {#i#}) x = X_poly R x"
+ proof(cases "x = 1")
+ case True
+ then have RHS: "X_poly R x = \<one>\<^bsub>R\<^esub>"
+ unfolding X_poly_def using UP UP_ring.cfs_monom[of R]
+ unfolding UP_ring_def
+ using local.ring_axioms one_closed by presburger
+ have LHS: "IP_to_UP i (mset_to_IP R ((add_mset i) {#})) x
+ = mset_to_IP R ((add_mset i) {#}) (nat_to_mset i x)"
+ unfolding IP_to_UP_def
+ by blast
+ have "(nat_to_mset i x) = {#i#}"
+ proof-
+ have "\<And>n. count (nat_to_mset i x) n = count {#i#} n"
+ by (simp add: True nat_to_msetE nat_to_msetE')
+ then show ?thesis
+ using multi_count_eq
+ by blast
+ qed
+ then have LHS: "IP_to_UP i (mset_to_IP R ((add_mset i) {#})) x
+ = mset_to_IP R ((add_mset i) {#}) {#i#}"
+ using LHS by presburger
+ then show ?thesis
+ unfolding deg_zero_cf_def
+ by (metis RHS mset_to_IP_simp)
+ next
+ case False
+ then have RHS: "X_poly R x = \<zero>\<^bsub>R\<^esub>"
+ unfolding X_poly_def
+ using UP UP_ring.cfs_monom[of R]
+ unfolding UP_ring_def
+ using local.ring_axioms one_closed by presburger
+ have LHS: "IP_to_UP i (mset_to_IP R ((add_mset i) {#})) x
+ = mset_to_IP R ((add_mset i) {#}) (nat_to_mset i x)"
+ unfolding IP_to_UP_def
+ by blast
+ then show ?thesis
+ unfolding deg_zero_cf_def
+ by (metis False RHS count_single mset_to_IP_def nat_to_msetE)
+ qed
+qed
+
+end
+
+context UP_cring
+begin
+
+lemma IP_to_UP_monom:
+ shows "IP_to_UP i (mset_to_IP R (nat_to_mset i n)) = ((X_poly R)[^]\<^bsub>UP R\<^esub>n) "
+proof
+ fix x
+ show "IP_to_UP i (mset_to_IP R (nat_to_mset i n)) x = (X_poly R [^]\<^bsub>UP R\<^esub> n) x"
+ proof(cases "x = n")
+ case True
+ have RHS: "(X_poly R [^]\<^bsub>UP R\<^esub> n) x = \<one>\<^bsub>R\<^esub>"
+ unfolding X_poly_def
+ by (metis P.nat_pow_closed P.nat_pow_eone P_def R.one_closed True UP_cring.X_closed
+ UP_cring.monom_coeff UP_one_closed UP_r_one deg_one is_UP_cring monom_one monom_rep_X_pow
+ to_poly_inverse to_poly_mult_simp(2))
+ have LHS: "IP_to_UP i (mset_to_IP R (nat_to_mset i n)) x = \<one>\<^bsub>R\<^esub>"
+ by (metis R.mset_to_IP_simp True IP_to_UP_def)
+ then show ?thesis
+ using RHS by presburger
+ next
+ case False
+ have 0: "\<And>x y::nat. nat_to_mset x = nat_to_mset y \<Longrightarrow> x = y"
+ proof-
+ fix a b::nat assume A: "nat_to_mset a = nat_to_mset b"
+ then show "a = b" unfolding nat_to_mset_def
+ by (metis A nat_to_msetE nat_to_msetE' zero_neq_one)
+ qed
+ have 1: "IP_to_UP i (mset_to_IP R (nat_to_mset i n)) x = (if nat_to_mset i x = nat_to_mset i n then \<one> else \<zero>) "
+ unfolding IP_to_UP_def mset_to_IP_def
+ by blast
+ hence 2: "IP_to_UP i (mset_to_IP R (nat_to_mset i n)) x = (if x = n then \<one> else \<zero>) "
+ using 0
+ by (meson False nat_to_mset_inj)
+ have 3: "(X_poly R [^]\<^bsub>UP R\<^esub> n) x = \<zero>"
+ unfolding X_poly_def using False
+ by (smt ctrm_degree P.nat_pow_closed P.nat_pow_eone P.r_null P_def R.one_closed
+ UP_cring.ltrm_of_X UP_cring.ltrm_rep_X_pow UP_cring.X_closed UP_cring.monom_coeff
+ UP_r_one UP_zero_closed X_mult_cf cfs_closed cfs_monom deg_nzero_nzero is_UP_cring
+ monom_closed monom_one to_poly_inverse to_poly_mult_simp(2))
+ thus ?thesis using 2 1
+ using False by presburger
+ qed
+qed
+
+lemma IP_to_UP_one:
+ "IP_to_UP i \<one>\<^bsub>Pring R {i}\<^esub> = \<one>\<^bsub>UP R\<^esub>"
+proof
+ fix x
+ show "IP_to_UP i \<one>\<^bsub>Pring R {i}\<^esub> x = \<one>\<^bsub>UP R\<^esub> x"
+ proof(cases "x = 0")
+ case True
+ have RHS: "\<one>\<^bsub>UP R\<^esub> x = \<one>\<^bsub>R\<^esub>"
+ using P_def True cfs_one by presburger
+ have "\<one>\<^bsub>Pring R {i}\<^esub> = (\<lambda> m. if m = {#} then \<one>\<^bsub>R\<^esub> else \<zero>\<^bsub>R\<^esub>)"
+ by (metis R.Pring_one R.indexed_const_def)
+ then have "IP_to_UP i \<one>\<^bsub>Pring R {i}\<^esub> = IP_to_UP i (\<lambda> m. if m = {#} then \<one>\<^bsub>R\<^esub> else \<zero>\<^bsub>R\<^esub>)"
+ by presburger
+ then have LHS: "IP_to_UP i \<one>\<^bsub>Pring R {i}\<^esub> x = \<one>\<^bsub>R\<^esub>"
+ by (smt True count_empty IP_to_UP_def multi_count_eq nat_to_msetE nat_to_msetE')
+ then show ?thesis
+ using RHS by presburger
+ next
+ case False
+ have RHS: "\<one>\<^bsub>UP R\<^esub> x = \<zero>\<^bsub>R\<^esub>"
+ by (smt False UP_def monoid.simps(2))
+ show ?thesis
+ using False count_empty
+ nat_to_msetE
+ ring.indexed_const_def
+ unfolding IP_to_UP_def
+ by (metis R.Pring_one R.ring_axioms RHS)
+ qed
+qed
+
+lemma IP_to_UP_zero:
+ "IP_to_UP i \<zero>\<^bsub>Pring R {i}\<^esub> = \<zero>\<^bsub>UP R\<^esub>"
+proof
+ fix x
+ show "IP_to_UP i \<zero>\<^bsub>Pring R {i}\<^esub> x = \<zero>\<^bsub>UP R\<^esub> x"
+ unfolding IP_to_UP_def using R.Pring_zero
+ by (metis P_def R.indexed_zero_def cfs_zero)
+qed
+
+lemma IP_to_UP_add:
+ assumes " x \<in> carrier (Pring R {i})"
+ assumes " y \<in> carrier (Pring R {i})"
+ shows " IP_to_UP i (x \<oplus>\<^bsub>Pring R {i}\<^esub> y) =
+ IP_to_UP i x \<oplus>\<^bsub>UP R\<^esub> IP_to_UP i y"
+proof
+ fix n
+ have LHS: "IP_to_UP i (x \<oplus>\<^bsub>Pring R {i}\<^esub> y) n = (x \<oplus>\<^bsub>Pring R {i}\<^esub> y) (nat_to_mset i n)"
+ by (meson IP_to_UP_def)
+ then have LHS: "IP_to_UP i (x \<oplus>\<^bsub>Pring R {i}\<^esub> y) n = x (nat_to_mset i n) \<oplus>\<^bsub>R\<^esub> y (nat_to_mset i n)"
+ using assms unfolding IP_to_UP_def
+ by (metis R.Pring_add R.indexed_padd_def)
+ have RHS: "(IP_to_UP i x \<oplus>\<^bsub>UP R\<^esub> IP_to_UP i y) n =
+ (IP_to_UP i x) n \<oplus>\<^bsub>R\<^esub> (IP_to_UP i y) n"
+ using assms UP_ring.cfs_add IP_to_UP_closed
+ by (simp add: UP_ring.cfs_add R_cring cring.IP_to_UP_closed is_UP_ring)
+ then show "IP_to_UP i (x \<oplus>\<^bsub>Pring R {i}\<^esub> y) n = (IP_to_UP i x \<oplus>\<^bsub>UP R\<^esub> IP_to_UP i y) n"
+ using assms
+ by (metis LHS IP_to_UP_def)
+qed
+
+lemma IP_to_UP_indexed_const:
+ assumes "k \<in> carrier R"
+ shows "IP_to_UP i (ring.indexed_const R k) = to_polynomial R k"
+proof
+ fix x
+ show "IP_to_UP i (ring.indexed_const R k) x = to_polynomial R k x"
+ proof(cases "x = 0")
+ case True
+ have LHS: "IP_to_UP i (ring.indexed_const R k) x = k"
+ using True unfolding IP_to_UP_def
+ by (metis R.indexed_const_def nat_to_mset_zero)
+ then show ?thesis
+ using assms
+ unfolding to_polynomial_def
+ using True to_polynomial_def
+ by (metis UP_ring.cfs_monom is_UP_ring)
+ next
+ case False
+ have LHS: "IP_to_UP i (ring.indexed_const R k) x = \<zero>\<^bsub>R\<^esub>"
+ using False unfolding IP_to_UP_def
+ by (metis R.indexed_const_def nat_to_mset_inj nat_to_mset_zero)
+ then show ?thesis
+ using assms
+ unfolding to_polynomial_def
+ using False UP_cring.intro UP_cring.monom_coeff UP_cring.monom_rep_X_pow
+ using P_def cfs_monom by presburger
+ qed
+qed
+
+lemma IP_to_UP_indexed_pmult:
+ assumes "p \<in> carrier (Pring R {i})"
+ shows "IP_to_UP i (ring.indexed_pmult R p i) = (IP_to_UP i p) \<otimes>\<^bsub>UP R\<^esub> (X_poly R)"
+proof
+ fix n
+ have 0: "IP_to_UP i p \<in> carrier (UP R)"
+ by (simp add: R_cring assms cring.IP_to_UP_closed)
+ show "IP_to_UP i (ring.indexed_pmult R p i) n = (IP_to_UP i p \<otimes>\<^bsub>UP R\<^esub> X_poly R) n"
+ proof(cases "n = 0")
+ case True
+ then have RHS: "(IP_to_UP i p \<otimes>\<^bsub>UP R\<^esub> X_poly R) n = \<zero>\<^bsub>R\<^esub>"
+ by (metis (no_types, lifting) "0" lcf_closed One_nat_def P.r_null P_def R.r_null
+ UP_cring.ltrm_of_X UP_cring.cfs_monom_mult UP_cring.cfs_monom_mult_l UP_zero_closed
+ X_closed cfs_times_X deg_leE deg_nzero_nzero is_UP_cring lessI neq0_conv plus_1_eq_Suc to_poly_inverse)
+ have LHS: "IP_to_UP i (ring.indexed_pmult R p i) n = ring.indexed_pmult R p i (nat_to_mset i n)"
+ unfolding IP_to_UP_def
+ by blast
+ then have LHS': "IP_to_UP i (ring.indexed_pmult R p i) n =
+ (p \<otimes>\<^bsub>Pring R {i}\<^esub> (mset_to_IP R {#i#})) (nat_to_mset i n)"
+ using assms(1) ring.Pring_car ring.Pring_mult
+ ring.poly_index_mult singletonI
+ by (metis R.ring_axioms)
+ then have LHS': "IP_to_UP i (ring.indexed_pmult R p i) n =
+ (p \<otimes>\<^bsub>Pring R {i}\<^esub> (mset_to_IP R {#i#})) {#}"
+ using True
+ by (metis nat_to_mset_zero)
+ then show ?thesis using RHS LHS True assms(1) nat_to_mset_zero ring.indexed_pmult_def
+ by (metis R.ring_axioms empty_iff set_mset_empty)
+ next
+ case False
+ then have RHS: "(IP_to_UP i p \<otimes>\<^bsub>UP R\<^esub> X_poly R) n = (IP_to_UP i p ) (n -1)"
+ using "0" Suc_diff_1 Suc_eq_plus1
+ assms(1) bot_nat_def IP_to_UP_def nat_neq_iff not_less0
+ by (metis (no_types, lifting) P_def UP_cring X_closed cfs_times_X cring.cring_simprules(14))
+ have LHS: "IP_to_UP i (ring.indexed_pmult R p i) n = ring.indexed_pmult R p i (nat_to_mset i n)"
+ unfolding IP_to_UP_def
+ by blast
+ then have LHS': "IP_to_UP i (ring.indexed_pmult R p i) n =
+ (p \<otimes>\<^bsub>Pring R {i}\<^esub> (mset_to_IP R {#i#})) (nat_to_mset i n)"
+ using assms(1) ring.Pring_car ring.Pring_mult
+ ring.poly_index_mult singletonI
+ by (metis R.ring_axioms)
+ then have LHS'': "IP_to_UP i (ring.indexed_pmult R p i) n =
+ (p \<otimes>\<^bsub>Pring R {i}\<^esub> (mset_to_IP R {#i#})) (add_mset i (nat_to_mset i (n-1))) "
+ by (metis False Suc_diff_1 nat_to_mset_Suc neq0_conv)
+ then show ?thesis using RHS unfolding IP_to_UP_def
+ by (metis (no_types, lifting) False R.indexed_pmult_def Suc_diff_1 add_mset_remove_trivial add_mset_remove_trivial_If multi_self_add_other_not_self nat_to_mset_Suc neq0_conv)
+ qed
+qed
+
+lemma IP_to_UP_ring_hom:
+ shows "ring_hom_ring (Pring R {i}) (UP R) (IP_to_UP i)"
+ apply(rule cring.Pring_morphism)
+ apply (simp add: R_cring; fail)
+ using P_def UP_cring apply blast
+ apply (simp add: R.IP_to_UP_closed R_cring; fail)
+ apply (meson IP_to_UP_one)
+ apply (meson IP_to_UP_zero)
+ apply (meson IP_to_UP_add)
+ apply (metis R.IP_to_UP_var IP_to_UP_indexed_pmult singletonD)
+proof-
+ fix k Q
+ assume A0: "k \<in> carrier R"
+ assume A1: "Q \<in> carrier (Pring R {i})"
+ show "IP_to_UP i (poly_scalar_mult R k Q) =
+ IP_to_UP i (ring.indexed_const R k) \<otimes>\<^bsub>UP R\<^esub> IP_to_UP i Q"
+ unfolding poly_scalar_mult_def
+ proof
+ fix x
+ show "IP_to_UP i (\<lambda>m. k \<otimes>\<^bsub>R\<^esub> Q m) x =
+ (IP_to_UP i (ring.indexed_const R k) \<otimes>\<^bsub>UP R\<^esub> IP_to_UP i Q) x"
+ proof-
+ have LHS: "IP_to_UP i (\<lambda>m. k \<otimes>\<^bsub>R\<^esub> Q m) x = k \<otimes>\<^bsub>R\<^esub> Q (nat_to_mset i x)"
+ unfolding IP_to_UP_def
+ by blast
+ have RHS: "(IP_to_UP i (ring.indexed_const R k) \<otimes>\<^bsub>UP R\<^esub> IP_to_UP i Q) x =
+ (to_polynomial R k \<otimes>\<^bsub>UP R\<^esub> IP_to_UP i Q) x"
+ by (metis A0 IP_to_UP_indexed_const)
+ have RHS': "(IP_to_UP i (ring.indexed_const R k) \<otimes>\<^bsub>UP R\<^esub> IP_to_UP i Q) x =
+ k \<otimes>\<^bsub>R\<^esub> ((IP_to_UP i Q) x)"
+ proof-
+ have 0: "deg R (to_polynomial R k) = 0"
+ using A0 degree_to_poly by blast
+ have 1: "(IP_to_UP i Q) \<in> carrier (UP R)"
+ using IP_to_UP_closed unfolding P_def
+ by (simp add: A1 R.IP_to_UP_closed R_cring)
+ then show ?thesis
+ proof -
+ have "UP_cring R \<and> IP_to_UP i Q \<in> carrier (UP R)"
+ using "1" is_UP_cring by blast
+ then show ?thesis
+ by (metis A0 UP_cring.to_poly_mult_simp(1) UP_ring.UP_mult_closed UP_ring.coeff_simp UP_ring.coeff_smult UP_ring.monom_closed IP_to_UP_indexed_const is_UP_ring to_polynomial_def)
+ qed
+ qed
+ then show ?thesis
+ by (metis IP_to_UP_def)
+ qed
+ qed
+qed
+
+lemma IP_to_UP_ring_hom_inj:
+ shows "inj_on (IP_to_UP i) (carrier (Pring R {i}))"
+proof
+ fix x y
+ assume A: "x \<in> carrier (Pring R {i})" "y \<in> carrier (Pring R {i}) "
+ assume B: "IP_to_UP i x = IP_to_UP i y"
+ show "x = y"
+ proof
+ fix a
+ show "x a = y a"
+ proof(cases "set_mset a \<subseteq> {i}")
+ case True
+ then obtain n where "a = (nat_to_mset i n)"
+ by (metis count_eq_zero_iff insert_subset multiset_eqI nat_to_msetE nat_to_msetE'
+ set_eq_subset singletonD singleton_insert_inj_eq' subset_insertI subset_refl)
+ then have LHS: "x a = IP_to_UP i x n"
+ by (metis IP_to_UP_def)
+ then show ?thesis
+ by (metis B \<open>a = nat_to_mset i n\<close> IP_to_UP_def)
+ next
+ case False
+ then show ?thesis
+ using ring.Pring_set_zero[of R y "{i}" a] ring.Pring_set_zero[of R x "{i}" a] A
+ by (metis R.Pring_car R.ring_axioms)
+ qed
+ qed
+qed
+
+lemma IP_to_UP_scalar_mult:
+ assumes "a \<in> carrier R"
+ assumes "p \<in> carrier (Pring R {i})"
+ shows "(IP_to_UP i (a \<odot>\<^bsub>Pring R {i}\<^esub> p)) = a\<odot>\<^bsub>UP R\<^esub> (IP_to_UP i p)"
+ apply(rule ring.indexed_pset.induct[of R p "{i}" "carrier R"])
+ apply (simp add: R.ring_axioms; fail)
+ using R.Pring_car assms(2) apply blast
+ apply (metis IP_to_UP_indexed_const P_def R.m_closed R.poly_scalar_mult_const R.ring_axioms assms(1) ring.Pring_smult to_poly_closed to_poly_mult to_poly_mult_simp(1))
+proof-
+ show "\<And>P Q. P \<in> Pring_set R {i} \<Longrightarrow>
+ IP_to_UP i (a \<odot>\<^bsub>Pring R {i}\<^esub> P) = a \<odot>\<^bsub>UP R\<^esub> IP_to_UP i P \<Longrightarrow>
+ Q \<in> Pring_set R {i} \<Longrightarrow> IP_to_UP i (a \<odot>\<^bsub>Pring R {i}\<^esub> Q) = a \<odot>\<^bsub>UP R\<^esub> IP_to_UP i Q \<Longrightarrow> IP_to_UP i (a \<odot>\<^bsub>Pring R {i}\<^esub> (P \<Oplus> Q)) = a \<odot>\<^bsub>UP R\<^esub> IP_to_UP i (P \<Oplus> Q)"
+ proof-
+ fix p Q
+ assume A0: "p \<in> Pring_set R {i}"
+ "IP_to_UP i (a \<odot>\<^bsub>Pring R {i}\<^esub> p) = a \<odot>\<^bsub>UP R\<^esub> IP_to_UP i p"
+ " Q \<in> Pring_set R {i}"
+ "IP_to_UP i (a \<odot>\<^bsub>Pring R {i}\<^esub> Q) = a \<odot>\<^bsub>UP R\<^esub> IP_to_UP i Q"
+ show "IP_to_UP i (a \<odot>\<^bsub>Pring R {i}\<^esub> (p \<Oplus> Q)) = a \<odot>\<^bsub>UP R\<^esub> IP_to_UP i (p \<Oplus> Q)"
+ proof-
+ have "(a \<odot>\<^bsub>Pring R {i}\<^esub> (p \<Oplus> Q)) = a \<odot>\<^bsub>Pring R {i}\<^esub> p \<oplus>\<^bsub>Pring R {i}\<^esub> a \<odot>\<^bsub>Pring R {i}\<^esub> Q"
+ by (metis A0(1) A0(3) R.Pring_add R.Pring_car R.Pring_smult_r_distr assms(1))
+ then show ?thesis using A0
+ by (metis IP_to_UP_add P_def R.IP_to_UP_closed R.Pring_add R.Pring_car R.Pring_smult_closed R_cring UP_smult_r_distr assms(1))
+ qed
+ qed
+ show " \<And>P ia. P \<in> Pring_set R {i} \<Longrightarrow> IP_to_UP i (a \<odot>\<^bsub>Pring R {i}\<^esub> P) = a \<odot>\<^bsub>UP R\<^esub> IP_to_UP i P \<Longrightarrow> ia \<in> {i} \<Longrightarrow> IP_to_UP i (a \<odot>\<^bsub>Pring R {i}\<^esub> (P \<Otimes> ia)) = a \<odot>\<^bsub>UP R\<^esub> IP_to_UP i (P \<Otimes> ia)"
+ proof
+ fix P j x
+ assume A0: "P \<in> Pring_set R {i}"
+ assume A1: "IP_to_UP i (a \<odot>\<^bsub>Pring R {i}\<^esub> P) = a \<odot>\<^bsub>UP R\<^esub> IP_to_UP i P"
+ assume A2: "j \<in> {i}"
+ then have A3: "j = i"
+ by blast
+ have "IP_to_UP i (ring.indexed_pmult R P j) \<in> carrier (UP R)"
+ by (simp add: A0 A3 R.Pring_car R.indexed_pset.indexed_pmult R_cring cring.IP_to_UP_closed)
+ then have "(a \<odot>\<^bsub>UP R\<^esub> (\<lambda>n. ring.indexed_pmult R P j (nat_to_mset i n))) x = a \<otimes>\<^bsub>R\<^esub>((\<lambda>n. ring.indexed_pmult R P j (nat_to_mset i n))) x"
+ using A0 A1 A3 assms unfolding IP_to_UP_def
+ using P_def cfs_smult by blast
+ then show " IP_to_UP i (a \<odot>\<^bsub>Pring R {i}\<^esub> (P \<Otimes> j)) x = (a \<odot>\<^bsub>UP R\<^esub> IP_to_UP i (P \<Otimes> j)) x"
+ by (metis A0 A2 IP_to_UP_def P_def R.Pring_car R.Pring_smult_cfs R.indexed_pset.indexed_pmult \<open>IP_to_UP i (P \<Otimes> j) \<in> carrier (UP R)\<close> assms(1) cfs_smult)
+ qed
+qed
+
+end
+
+text\<open>Evaluation of indexed polynomials commutes with evaluation of univariate polynomials:\<close>
+
+lemma pvar_closed:
+ assumes "cring R"
+ assumes "i \<in> I"
+ shows "(pvar R i) \<in> carrier (Pring R I)"
+ by (meson assms(1) assms(2) cring.axioms(1) ring.Pring_var_closed)
+
+context UP_cring
+begin
+
+lemma pvar_mult:
+ assumes "i \<in> I"
+ assumes "j \<in> I"
+ shows "(pvar R i) \<otimes>\<^bsub>Pring R I\<^esub> (pvar R j) = mset_to_IP R {#i, j#}"
+proof-
+ have "{#i#} + {#j#} = {# i, j#}"
+ by auto
+ then show ?thesis
+ unfolding var_to_IP_def
+ by (metis R.Pring_mult R.monom_mult)
+qed
+
+lemma pvar_pow:
+
+ assumes "i \<in> I"
+ shows "(pvar R i)[^]\<^bsub>Pring R I\<^esub>(n::nat) = mset_to_IP R (nat_to_mset i n)"
+ apply(induction n)
+ apply (metis Group.nat_pow_0 R.one_mset_to_IP R.ring_axioms nat_to_mset_zero ring.Pring_one)
+proof-
+ fix n
+ assume IH: "pvar R i [^]\<^bsub>Pring R I\<^esub> n = mset_to_IP R (nat_to_mset i n)"
+ show "pvar R i [^]\<^bsub>Pring R I\<^esub> Suc n = mset_to_IP R (nat_to_mset i (Suc n)) "
+ proof-
+ have "mset_to_IP R (nat_to_mset i (Suc n)) = mset_to_IP R (nat_to_mset i n) \<otimes>\<^bsub>Pring R I\<^esub> pvar R i"
+ using R.monom_mult[of "nat_to_mset i n" "nat_to_mset i 1"]
+ by (metis One_nat_def R.Pring_mult Suc_eq_plus1 nat_to_mset_Suc nat_to_mset_add nat_to_mset_zero var_to_IP_def)
+ then show ?thesis
+ using IH
+ by simp
+ qed
+qed
+
+lemma IP_to_UP_poly_eval:
+ assumes "p \<in> Pring_set R {i}"
+ assumes "closed_fun R g"
+ shows "total_eval R g p = to_function R (IP_to_UP i p) (g i)"
+ apply(rule R.indexed_pset.induct[of p "{i}" "carrier R" ])
+ apply (simp add: assms(1); fail)
+proof-
+ show "\<And>k. k \<in> carrier R \<Longrightarrow> total_eval R g (R.indexed_const k) = to_function R (IP_to_UP i (R.indexed_const k)) (g i)"
+ proof-
+ fix k
+ assume A: "k \<in> carrier R"
+ have P0: "total_eval R g (ring.indexed_const R k) = k"
+ unfolding total_eval_def eval_in_ring_def
+ using cring.poly_eval_constant[of R k UNIV g]
+ by (metis A R.indexed_const_def R_cring)
+ have P1: "(IP_to_UP i (ring.indexed_const R k)) = to_polynomial R k"
+ by (meson A IP_to_UP_indexed_const)
+ have P2: "to_function R (IP_to_UP i (ring.indexed_const R k)) (g i) =
+ to_function R (to_polynomial R k) (g i)"
+ using P1 by presburger
+ have P3: "to_function R (to_polynomial R k) (g i) = k"
+ using A assms(2) to_fun_to_poly[of k "g i"] unfolding to_fun_def by blast
+ then show "total_eval R g (R.indexed_const k) = to_function R (IP_to_UP i (R.indexed_const k)) (g i)"
+ using P0 P2 by presburger
+ qed
+ show "\<And>P Q. P \<in> Pring_set R {i} \<Longrightarrow>
+ total_eval R g P = to_function R (IP_to_UP i P) (g i) \<Longrightarrow>
+ Q \<in> Pring_set R {i} \<Longrightarrow>
+ total_eval R g Q = to_function R (IP_to_UP i Q) (g i) \<Longrightarrow> total_eval R g (P \<Oplus> Q) = to_function R (IP_to_UP i (P \<Oplus> Q)) (g i)"
+ proof-
+ fix p Q
+ assume A0: "p \<in> Pring_set R {i}"
+ assume A1: " total_eval R g p = to_function R (IP_to_UP i p) (g i)"
+ assume A2: " Q \<in> Pring_set R {i}"
+ assume A3: "total_eval R g Q = to_function R (IP_to_UP i Q) (g i)"
+ have "total_eval R g (R.indexed_padd p Q) = (total_eval R g p) \<oplus>\<^bsub>R\<^esub> (total_eval R g Q)"
+ using R.total_eval_add[of p "{i}" Q g] A0 A1
+ by (metis A2 R.Pring_add R.Pring_car assms(2))
+ then
+ have 0: "total_eval R g (p \<Oplus> Q) = total_eval R g p \<oplus> total_eval R g Q "
+ by blast
+ have 1: "IP_to_UP i (p \<Oplus> Q) = IP_to_UP i p \<oplus>\<^bsub>UP R\<^esub> IP_to_UP i Q"
+ using A0 A1 A3 assms A2 R.ring_axioms R_cring IP_to_UP_add
+ by (metis R.Pring_add R.Pring_car)
+ have "g i \<in> carrier R"
+ using assms by blast
+ hence 2: "to_function R (IP_to_UP i (p \<Oplus> Q)) (g i) = to_function R (IP_to_UP i p) (g i) \<oplus> to_function R (IP_to_UP i Q) (g i)"
+ using A0 A1 A3 assms A2 R.ring_axioms R_cring to_fun_plus[of "IP_to_UP i p" "IP_to_UP i Q" "g i"]
+ IP_to_UP_closed is_UP_cring UP_cring.to_fun_def
+ to_fun_def 0 1
+ unfolding to_fun_def P_def
+ by (smt (z3) P_def R.IP_to_UP_closed R.Pring_car to_fun_plus)
+ show "total_eval R g (R.indexed_padd p Q) = to_function R (IP_to_UP i (ring.indexed_padd R p Q)) (g i) "
+ using A0 A1 A3 assms A2 R.ring_axioms R_cring is_UP_cring to_fun_def 0 1 2
+ unfolding to_fun_def by metis
+ qed
+ show "\<And>P ia.
+ P \<in> Pring_set R {i} \<Longrightarrow>
+ total_eval R g P = to_function R (IP_to_UP i P) (g i) \<Longrightarrow> ia \<in> {i} \<Longrightarrow> total_eval R g (P \<Otimes> ia) = to_function R (IP_to_UP i (P \<Otimes> ia)) (g i)"
+ proof-
+ fix P
+ fix j
+ assume A0: "P \<in> Pring_set R {i}"
+ assume A1: "total_eval R g P = to_function R (IP_to_UP i P) (g i)"
+ assume A2: "j \<in> {i}"
+ then have A3: "j = i"
+ by blast
+ show "total_eval R g (P \<Otimes> j) = to_function R (IP_to_UP i (P \<Otimes> j)) (g i)"
+ proof-
+ have LHS: "total_eval R g (P \<Otimes> j) = (total_eval R g P) \<otimes>\<^bsub>R\<^esub> (g i)"
+ using assms A0 A3
+ by (metis R.Pring_car R_cring cring.total_eval_indexed_pmult insertI1)
+ have RHS: "IP_to_UP i (P \<Otimes> j)= IP_to_UP i P \<otimes>\<^bsub> UP R\<^esub> X_poly R"
+ by (metis A0 A3 IP_to_UP_indexed_pmult R.Pring_car)
+ have "g i \<in> carrier R"
+ using assms by blast
+ then show ?thesis
+ using A0 A1 A3 X_closed to_fun_X[of "g i"] to_fun_mult[of "IP_to_UP i P" "X_poly R" "g i"] LHS RHS
+ assms cring.axioms(1) domain.axioms(1)
+ IP_to_UP_indexed_pmult IP_to_UP_closed
+ Pring_car unfolding to_fun_def P_def
+ by (smt (z3) P.m_comm P_def R.m_comm R_cring cring.IP_to_UP_closed ring.Pring_car to_fun_closed to_fun_def)
+ qed
+ qed
+qed
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Mapping Univariate Polynomials to Multivariate Polynomials over a Singleton Variable Set\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+definition UP_to_IP :: "('a,'b) ring_scheme \<Rightarrow> 'c \<Rightarrow> 'a u_poly \<Rightarrow> ('a, 'c) mvar_poly" where
+"UP_to_IP R i P = (\<lambda> m. if (set_mset m) \<subseteq> {i} then P (count m i) else \<zero>\<^bsub>R\<^esub>)"
+
+context UP_cring
+begin
+
+lemma UP_to_IP_inv:
+ assumes "p \<in> Pring_set R {i}"
+ shows "UP_to_IP R i (IP_to_UP i p) = p"
+proof
+ fix x
+ show "UP_to_IP R i (IP_to_UP i p) x = p x"
+ proof(cases "(set_mset x) = {i}")
+ case True
+ have "{a. 0 < (\<lambda>j. if j = i then count x i else 0) a} = {i}"
+ by (smt Collect_cong True count_eq_zero_iff neq0_conv singletonI singleton_conv)
+ then have "finite {j. (if j = i then count x i else 0) \<noteq> 0}"
+ by auto
+ have "(\<lambda>j. if j = i then count x i else 0) = count x"
+ proof
+ fix j
+ show "(if j = i then count x i else 0) = count x j "
+ apply(cases "j = i")
+ using True
+ apply (simp; fail)
+ using True
+ by (metis count_inI singletonD)
+ qed
+ then have "(Abs_multiset (\<lambda>j. if j = i then count x i else 0)) = x"
+ using count_inverse
+ by simp
+ then show ?thesis
+ unfolding UP_to_IP_def IP_to_UP_def nat_to_mset_def
+ by (metis True set_eq_subset)
+ next
+ case False
+ then show ?thesis
+ apply(cases "x = {#}")
+ apply (metis count_empty empty_subsetI IP_to_UP_def nat_to_mset_zero set_mset_empty UP_to_IP_def)
+ unfolding UP_to_IP_def IP_to_UP_def nat_to_mset_def
+ using False assms
+ by (metis R.Pring_set_zero set_mset_eq_empty_iff subset_singletonD)
+ qed
+qed
+
+lemma UP_to_IP_const:
+ assumes "a \<in> carrier R"
+ shows "UP_to_IP R i (to_polynomial R a) = ring.indexed_const R a"
+proof
+ fix x
+ show "UP_to_IP R i (to_polynomial R a) x = ring.indexed_const R a x"
+ apply(cases "x = {#}")
+ unfolding UP_to_IP_def
+ apply (metis R.indexed_const_def UP_ring.cfs_monom assms count_eq_zero_iff insert_absorb insert_not_empty is_UP_ring set_mset_empty subset_insert subset_refl to_polynomial_def)
+ by (metis R.indexed_const_def UP_ring.cfs_monom assms count_eq_zero_iff is_UP_ring set_mset_eq_empty_iff subset_empty subset_insert to_polynomial_def)
+qed
+
+lemma UP_to_IP_add:
+ assumes "p \<in> carrier (UP R)"
+ assumes "Q \<in> carrier (UP R)"
+ shows "UP_to_IP R i (p \<oplus>\<^bsub>UP R\<^esub> Q) =
+ UP_to_IP R i p \<oplus>\<^bsub>Pring R {i}\<^esub> UP_to_IP R i Q"
+proof
+ fix x
+ show "UP_to_IP R i (p \<oplus>\<^bsub>UP R\<^esub> Q) x = (UP_to_IP R i p \<oplus>\<^bsub>Pring R {i}\<^esub> UP_to_IP R i Q) x"
+ proof(cases "set_mset x \<subseteq> {i}")
+ case True
+ have "(UP_to_IP R i p \<oplus>\<^bsub>Pring R {i}\<^esub> UP_to_IP R i Q) x =
+ (UP_to_IP R i p) x \<oplus>\<^bsub>R\<^esub> (UP_to_IP R i Q) x"
+ using True assms
+ by (metis R.Pring_add R.indexed_padd_def)
+ then show ?thesis using assms True
+ unfolding UP_to_IP_def UP_def
+ by (smt partial_object.select_convs(1) restrict_def ring_record_simps(12))
+ next
+ case False
+ have "(UP_to_IP R i p \<oplus>\<^bsub>Pring R {i}\<^esub> UP_to_IP R i Q) x =
+ (UP_to_IP R i p) x \<oplus>\<^bsub>R\<^esub> (UP_to_IP R i Q) x"
+ using False assms
+ by (metis R.Pring_add R.indexed_padd_def)
+ then show ?thesis using False assms
+ unfolding UP_to_IP_def UP_def
+ using R.l_zero R.zero_closed by presburger
+ qed
+qed
+
+lemma UP_to_IP_var:
+ shows "UP_to_IP R i (X_poly R) = pvar R i"
+proof
+ have 0: "(count {#i#} i) = 1"
+ by simp
+ have 1: "set_mset {#i#} \<subseteq> {i}"
+ by simp
+ have 2: "pvar R i {#i#} = \<one>"
+ by (metis R.mset_to_IP_simp var_to_IP_def)
+ fix x
+ show "UP_to_IP R i (X_poly R) x = pvar R i x"
+ apply(cases "x = {#i#}")
+ using X_poly_def[of R] cfs_monom[of \<one> 1 "count x i"] 0 1 2
+ unfolding UP_to_IP_def P_def
+ using R.one_closed apply presburger
+ proof-
+ assume A: "x \<noteq>{#i#}"
+ then show "(if set_mset x \<subseteq> {i} then X_poly R (count x i) else \<zero>\<^bsub>R\<^esub>) = pvar R i x"
+ proof(cases "set_mset x \<subseteq> {i}")
+ case True
+ have "count x i \<noteq> 1" using True A
+ by (metis One_nat_def count_empty count_inI count_single empty_iff multiset_eqI
+ set_mset_add_mset_insert set_mset_empty set_mset_eq_empty_iff singletonD singletonI subset_singletonD)
+ then have 0: "X_poly R (count x i) = \<zero>\<^bsub>R\<^esub>"
+ using A UP_cring.X_closed UP_cring.degree_X UP_cring.intro True
+ unfolding X_poly_def
+ using P_def R.one_closed \<open>\<one> \<in> carrier R \<Longrightarrow> up_ring.monom P \<one> 1 (count x i) = (if 1 = count x i then \<one> else \<zero>)\<close> by presburger
+ have "pvar R i x = \<zero>\<^bsub>R\<^esub>"
+ using A var_to_IP_def
+ by (metis R.mset_to_IP_simp')
+ then show ?thesis
+ using A "0" by presburger
+ next
+ case False
+ have "pvar R i x = \<zero>\<^bsub>R\<^esub>" using A var_to_IP_def False
+ by (metis "1" R.Pring_set_zero R.mset_to_IP_closed)
+ then show ?thesis
+ unfolding UP_to_IP_def
+ using False by presburger
+ qed
+ qed
+qed
+
+lemma UP_to_IP_var_pow:
+ shows "UP_to_IP R i ((X_poly R)[^]\<^bsub>UP R\<^esub> (n::nat)) = (pvar R i)[^]\<^bsub>Pring R {i}\<^esub>n"
+proof
+ fix x
+ show "UP_to_IP R i (X_poly R [^]\<^bsub>UP R\<^esub> n) x = (pvar R i [^]\<^bsub>Pring R {i}\<^esub> n) x "
+ proof(cases "set_mset x \<subseteq> {i}")
+ case True
+ show ?thesis
+ proof(cases "count x i = n")
+ case T: True
+ then have 0: "x = nat_to_mset i n"
+ using True
+ by (metis count_inI emptyE insert_iff multiset_eqI nat_to_msetE
+ nat_to_msetE' subsetD)
+ have 1: "x = nat_to_mset i (count x i)"
+ using "0" T by auto
+ then have LHS: "(pvar R i [^]\<^bsub>Pring R {i}\<^esub> n) x = \<one>\<^bsub>R\<^esub>"
+ using T True 0 1
+ by (metis R.mset_to_IP_simp insertI1 pvar_pow)
+ have 2: "UP_to_IP R i (X_poly R [^]\<^bsub>UP R\<^esub> n) x = (up_ring.monom (UP R) \<one> n) (count x i)"
+ unfolding UP_to_IP_def X_poly_def using True
+ by (metis ctrm_degree P.nat_pow_closed P.nat_pow_eone P_def R.one_closed UP_cring.monom_coeff
+ UP_one_closed UP_r_one X_closed is_UP_cring monom_one monom_rep_X_pow to_poly_inverse
+ to_poly_mult_simp(2))
+ then show ?thesis
+ using True T LHS P_def R.one_closed cfs_monom
+ by presburger
+ next
+ case False
+ have "(pvar R i [^]\<^bsub>Pring R {i}\<^esub> n) = mset_to_IP R (nat_to_mset i n)"
+ by (simp add: pvar_pow)
+ hence 0: "(pvar R i [^]\<^bsub>Pring R {i}\<^esub> n) x = \<zero>"
+ by (metis False R.mset_to_IP_simp' nat_to_msetE)
+ have 1: "UP_to_IP R i (X_poly R [^]\<^bsub>UP R\<^esub> n) x = (up_ring.monom (UP R) \<one> n) (count x i)"
+ unfolding UP_to_IP_def X_poly_def using False True
+ by (metis ctrm_degree P.nat_pow_closed P.nat_pow_eone P_def R.one_closed UP_one_closed
+ UP_r_one X_closed cfs_monom monom_one monom_rep_X_pow to_poly_inverse to_poly_mult_simp(2))
+ thus ?thesis using True False
+ unfolding UP_to_IP_def X_poly_def 0
+ by (metis P_def R.one_closed cfs_monom)
+ qed
+ next
+ case False
+ then have 0: "UP_to_IP R i (X_poly R [^]\<^bsub>UP R\<^esub> n) x = \<zero>"
+ unfolding UP_to_IP_def
+ by meson
+ have "(pvar R i [^]\<^bsub>Pring R {i}\<^esub> n) = mset_to_IP R (nat_to_mset i n)"
+ by (simp add: pvar_pow)
+ hence "(pvar R i [^]\<^bsub>Pring R {i}\<^esub> n) x = \<zero>"
+ by (metis False R.mset_to_IP_simp' count_eq_zero_iff nat_to_msetE' singleton_iff subsetI)
+ then show ?thesis using 0
+ by presburger
+ qed
+qed
+
+lemma one_var_indexed_poly_monom_simp:
+ assumes "a \<in> carrier R"
+ shows "(a \<odot>\<^bsub>Pring R {i}\<^esub> ((pvar R i) [^]\<^bsub>Pring R {i}\<^esub> n)) x = (if x = (nat_to_mset i n) then a else \<zero>)"
+proof-
+ have 0: "(a \<odot>\<^bsub>Pring R {i}\<^esub> ((pvar R i) [^]\<^bsub>Pring R {i}\<^esub> n)) x =
+ a \<otimes> (((pvar R i) [^]\<^bsub>Pring R {i}\<^esub> n) x)"
+ using Pring_smult_cfs Pring_var_closed assms cring_def is_cring monoid.nat_pow_closed ring.Pring_is_monoid singletonI
+ by (simp add: monoid.nat_pow_closed ring.Pring_is_monoid R.Pring_smult_cfs R.Pring_var_closed R.ring_axioms)
+ have 1: "(pvar R i) [^]\<^bsub>Pring R {i}\<^esub> n = mset_to_IP R (nat_to_mset i n)"
+ using insertI1
+ by (simp add: pvar_pow)
+ then have 1: "(a \<odot>\<^bsub>Pring R {i}\<^esub> ((pvar R i) [^]\<^bsub>Pring R {i}\<^esub> n)) x=
+ a \<otimes> (mset_to_IP R (nat_to_mset i n) x)"
+ using "0" by presburger
+ show ?thesis
+ using assms 1 unfolding mset_to_IP_def
+ using r_null r_one by simp
+qed
+
+
+lemma UP_to_IP_monom:
+ assumes "a \<in> carrier R"
+ shows "UP_to_IP R i (up_ring.monom (UP R) a n) = a \<odot>\<^bsub>Pring R {i}\<^esub> ((pvar R i)[^]\<^bsub>Pring R {i}\<^esub>n)"
+proof
+ fix x
+ show "UP_to_IP R i (up_ring.monom (UP R) a n) x = (a \<odot>\<^bsub>Pring R {i}\<^esub> ((pvar R i) [^]\<^bsub>Pring R {i}\<^esub> n)) x"
+ proof(cases "set_mset x \<subseteq> {i}")
+ case True
+ then show ?thesis
+ proof(cases "count x i = n")
+ case T: True
+ then have "x = nat_to_mset i n"
+ using True
+ by (metis count_inI emptyE insert_iff multiset_eqI nat_to_msetE
+ nat_to_msetE' subsetD)
+ then have LHS: " (a \<odot>\<^bsub>Pring R {i}\<^esub> ((pvar R i) [^]\<^bsub>Pring R {i}\<^esub> n)) x = a"
+ using assms
+ by (simp add: one_var_indexed_poly_monom_simp)
+ then show ?thesis
+ unfolding UP_to_IP_def
+ using T True assms(1)
+ by (metis UP_ring.cfs_monom is_UP_ring)
+ next
+ case False
+ then show ?thesis using True
+ unfolding UP_to_IP_def
+ by (metis INTEG.R.nat_to_msetE P_def assms cfs_monom one_var_indexed_poly_monom_simp)
+ qed
+ next
+ case False
+ then show ?thesis
+ unfolding UP_to_IP_def
+ by (metis (no_types, opaque_lifting) one_var_indexed_poly_monom_simp assms
+ count_eq_zero_iff equalityD2 insert_subset nat_to_msetE' subsetI subset_eq)
+ qed
+qed
+
+lemma UP_to_IP_monom':
+ assumes "a \<in> carrier R"
+ shows "UP_to_IP R i (up_ring.monom (UP R) a n) = a \<odot>\<^bsub>Pring R {i}\<^esub> ((pvar R i)[^]\<^bsub>Pring R {i}\<^esub>n)"
+ by (metis R.Pring_smult UP_to_IP_monom assms)
+
+lemma UP_to_IP_closed:
+ assumes "p \<in> carrier P"
+ shows "(UP_to_IP R i p) \<in> carrier (Pring R {i})"
+ apply(rule poly_induct3[of ])
+ using assms apply blast
+ apply (metis P_def R.Pring_add_closed UP_to_IP_add)
+proof-
+ fix a fix n::nat
+ assume A0: "a \<in> carrier R"
+ have "(pvar R i [^]\<^bsub>Pring R {i}\<^esub> n) \<in> carrier (Pring R {i})"
+ using pvar_closed[of R ] monoid.nat_pow_closed[of "Pring R {i}"]
+ proof -
+ show ?thesis
+ by (meson R.Pring_is_monoid R.Pring_var_closed monoid.nat_pow_closed singleton_iff)
+ qed
+ then show "a \<in> carrier R \<Longrightarrow>
+ UP_to_IP R i (up_ring.monom P a n) \<in> carrier (Pring R {i})"
+ using A0 assms(1) UP_to_IP_monom[of a i n] cring.poly_scalar_mult_closed [of R a _ "{i}"]
+ by (metis P_def R.Pring_smult_closed)
+qed
+
+lemma IP_to_UP_inv:
+ assumes "p \<in> carrier P"
+ shows "IP_to_UP i (UP_to_IP R i p) = p"
+ apply(rule poly_induct3[of ])
+ using assms apply linarith
+proof-
+ show "\<And>p q. q \<in> carrier P \<Longrightarrow>
+ p \<in> carrier P \<Longrightarrow>
+ IP_to_UP i (UP_to_IP R i p) = p \<Longrightarrow>
+ IP_to_UP i (UP_to_IP R i q) = q \<Longrightarrow>
+ IP_to_UP i (UP_to_IP R i (p \<oplus>\<^bsub>P\<^esub> q)) = p \<oplus>\<^bsub>P\<^esub> q"
+ proof-
+ fix p q assume A:
+ "q \<in> carrier P"
+ "p \<in> carrier P"
+ "IP_to_UP i (UP_to_IP R i p) = p"
+ "IP_to_UP i (UP_to_IP R i q) = q"
+ show "IP_to_UP i (UP_to_IP R i (p \<oplus>\<^bsub>P\<^esub> q)) = p \<oplus>\<^bsub>P\<^esub> q"
+ using A UP_to_IP_add[of p q i]
+ UP_to_IP_closed
+ IP_to_UP_add
+ unfolding P_def
+ by metis
+ qed
+ show "\<And>a n. a \<in> carrier R \<Longrightarrow>
+ IP_to_UP i (UP_to_IP R i (up_ring.monom P a n)) =
+ up_ring.monom P a n"
+ proof-
+ fix a fix n::nat
+ assume A0: "a \<in> carrier R"
+ have A1: "pvar R i [^]\<^bsub>Pring R {i}\<^esub> n \<in> carrier (Pring R {i})"
+ using pvar_closed monoid.nat_pow_closed
+ by (metis R.Pring_is_monoid R_cring singletonI)
+ have "UP_to_IP R i (up_ring.monom (UP R) a n) = a \<odot>\<^bsub>Pring R {i}\<^esub> (pvar R i [^]\<^bsub>Pring R {i}\<^esub> n)"
+ by (meson A0 UP_to_IP_monom')
+ then have A2: "IP_to_UP i (UP_to_IP R i (up_ring.monom (UP R) a n)) =
+ IP_to_UP i (a \<odot>\<^bsub>Pring R {i}\<^esub> (pvar R i [^]\<^bsub>Pring R {i}\<^esub> n))"
+ by presburger
+ have A3: "IP_to_UP i (pvar R i [^]\<^bsub>Pring R {i}\<^esub> n) = (up_ring.monom P \<one> n)"
+ proof(induction n)
+ case 0
+ then show ?case
+ by (metis Group.nat_pow_0 IP_to_UP_one P_def monom_one)
+ next
+ case (Suc n)
+
+ then show ?case
+ using IP_to_UP_ring_hom[of i]
+ ring_hom_mult[of "IP_to_UP i" "Pring R {i}" "UP R" "pvar R i" "pvar R i [^]\<^bsub>Pring R {i}\<^esub> n"]
+ ring_hom_ring.homh[of "Pring R {i}" "UP R" "IP_to_UP i"]
+ by (metis IP_to_UP_monom P.l_one P.nat_pow_closed P_def R.one_closed UP_cring.ctrm_degree UP_cring.monom_rep_X_pow UP_one_closed X_closed cfs_monom is_UP_cring monom_one pvar_pow singletonI to_poly_inverse to_poly_mult_simp(1))
+ qed
+ then show "IP_to_UP i (UP_to_IP R i (up_ring.monom P a n)) =
+ up_ring.monom P a n"
+ using A2 IP_to_UP_scalar_mult[of a "pvar R i [^]\<^bsub>Pring R {i}\<^esub> n" i]
+ A0 A1 P_def monic_monom_smult by presburger
+ qed
+qed
+
+lemma UP_to_IP_mult:
+ assumes "p \<in> carrier (UP R)"
+ assumes "Q \<in> carrier (UP R)"
+ shows "UP_to_IP R i (p \<otimes>\<^bsub>UP R\<^esub> Q) =
+ UP_to_IP R i p \<otimes>\<^bsub>Pring R {i}\<^esub> UP_to_IP R i Q"
+proof-
+ have 0: "IP_to_UP i (UP_to_IP R i (p \<otimes>\<^bsub>UP R\<^esub> Q)) = (p \<otimes>\<^bsub>UP R\<^esub> Q)"
+ by (meson UP_cring.IP_to_UP_inv UP_ring.UP_mult_closed assms(1) assms(2) is_UP_cring is_UP_ring)
+ have 1: "IP_to_UP i (UP_to_IP R i p \<otimes>\<^bsub>Pring R {i}\<^esub> UP_to_IP R i Q) =
+ IP_to_UP i (UP_to_IP R i p) \<otimes>\<^bsub>UP R\<^esub> IP_to_UP i ( UP_to_IP R i Q)"
+ using IP_to_UP_ring_hom[of i]
+ ring_hom_mult[of "IP_to_UP i"]
+ UP_to_IP_closed assms
+ by (smt P_def ring_hom_ring.homh)
+ have 2: "IP_to_UP i (UP_to_IP R i (p \<otimes>\<^bsub>UP R\<^esub> Q)) =
+ IP_to_UP i (UP_to_IP R i p \<otimes>\<^bsub>Pring R {i}\<^esub> UP_to_IP R i Q)"
+ using 0 1 assms
+ by (metis UP_cring.IP_to_UP_inv is_UP_cring)
+ then show ?thesis
+ by (metis "0" P_def R.Pring_mult_closed R.ring_axioms assms(1) assms(2) ring.Pring_car UP_to_IP_closed UP_to_IP_inv)
+qed
+
+lemma UP_to_IP_ring_hom:
+shows "ring_hom_ring (UP R) (Pring R {i}) (UP_to_IP R i)"
+ apply(rule ring_hom_ringI)
+ using P_def UP_ring apply force
+ apply (simp add: R.Pring_is_ring; fail)
+ apply (metis P_def UP_to_IP_closed)
+ apply (meson UP_to_IP_mult)
+ apply (meson UP_to_IP_add)
+ by (metis IP_to_UP_one R.Pring_car R.Pring_one_closed UP_to_IP_inv)
+
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>The isomorphism $R[I\cup J] \sim R[I][J]$, where $I$ and $J$ are disjoint variable sets\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ Given a ring $R$ and variable sets $I$ and $J$, we'd like to construct the canonical
+ (iso)morphism $R[I\cup J] \to R[I][J]$. This can be done with the univeral property of the
+ previous section. Let $\phi: R \to R[J]$ be the inclusion of constants, and $f: J \to R[I]$ be
+ the map which sends the variable $i$ to the polynomial variable $i$ over the ring $R[I][J]$.
+ Then these are the two basic pieces of input required to give us a canonical homomoprhism
+ $R[I \cup J] \to R[I][J]$ with the universal property. The first map $\phi$ will be
+ "\texttt{dist\_varset\_morpshim}" below, and the second map will be
+ "\texttt{dist\_varset\_var\_ass}". The desired induced isomorphism will be
+ called "\texttt{var\_factor}". \<close>
+
+definition(in ring) dist_varset_morphism
+ :: "'d set \<Rightarrow> 'd set \<Rightarrow>
+ ('a, (('a, 'd) mvar_poly, 'd) mvar_poly) ring_hom" where
+ "dist_varset_morphism (I:: 'd set) (J:: 'd set) =
+ (ring.indexed_const (Pring R J) :: ('d multiset \<Rightarrow> 'a) \<Rightarrow> 'd multiset \<Rightarrow> ('d multiset \<Rightarrow> 'a))\<circ> (ring.indexed_const R ::'a \<Rightarrow> 'd multiset \<Rightarrow> 'a)"
+
+definition(in ring) dist_varset_var_ass
+ :: "'d set \<Rightarrow> 'd set \<Rightarrow> 'd \<Rightarrow> (('a, 'd) mvar_poly, 'd) mvar_poly"
+ where
+"dist_varset_var_ass (I:: 'd set) (J:: 'd set) = (\<lambda>i. if i \<in> J then ring.indexed_const (Pring R J) (pvar R i) else
+ pvar (Pring R J) i )"
+
+context cring
+begin
+
+lemma dist_varset_morphism_is_morphism:
+ assumes "(I:: 'd set) \<subseteq> J0 \<union> J1"
+ assumes "J1 \<subseteq> I"
+ assumes "\<phi> = dist_varset_morphism I J0"
+ shows "ring_hom_ring R (Pring (Pring R J0) J1) \<phi>"
+proof-
+ have 0:"ring_hom_ring R (Pring R J0) indexed_const"
+ by (simp add: indexed_const_ring_hom)
+ have 1:"ring_hom_ring (Pring R J0) (Pring (Pring R J0) J1) (ring.indexed_const (Pring R J0))"
+ by (simp add: cring.indexed_const_ring_hom is_cring local.ring_axioms ring.Pring_is_cring)
+ show ?thesis using 0 1 assms ring_hom_trans[of "indexed_const" R "Pring R J0" "ring.indexed_const (Pring R J0)"
+ "(Pring (Pring R J0) J1) "]
+ unfolding dist_varset_morphism_def
+ by (meson ring_hom_ring.axioms(1) ring_hom_ring.axioms(2) ring_hom_ring.homh ring_hom_ringI2)
+qed
+
+definition var_factor ::
+ "'d set \<Rightarrow> 'd set \<Rightarrow> 'd set \<Rightarrow>
+ (('a, 'd) mvar_poly, (('a, 'd) mvar_poly, 'd) mvar_poly) ring_hom "where
+"var_factor (I:: 'd set) (J0:: 'd set) (J1:: 'd set) = indexed_poly_induced_morphism I (Pring (Pring R J0) J1)
+ (dist_varset_morphism I J0) (dist_varset_var_ass I J0)"
+
+lemma indexed_const_closed:
+ assumes "x \<in> carrier R"
+ shows "indexed_const x \<in> carrier (Pring R I)"
+ using Pring_car assms indexed_pset.indexed_const by blast
+
+lemma var_factor_morphism:
+ assumes "(I:: 'd set) \<subseteq> J0 \<union> J1"
+ assumes "J1 \<subseteq> I"
+ assumes "J1 \<inter> J0 = {}"
+ assumes "g = dist_varset_var_ass I J0"
+ assumes "\<phi> = dist_varset_morphism I J0"
+ assumes "\<psi> = (var_factor I J0 J1)"
+ shows "ring_hom_ring (Pring R I) (Pring (Pring R J0) J1) \<psi> "
+ "\<And>i. i \<in> J0 \<inter> I \<Longrightarrow> \<psi> (pvar R i) = ring.indexed_const (Pring R J0) (pvar R i)"
+ "\<And>i. i \<in> J1 \<Longrightarrow> \<psi> (pvar R i) = pvar (Pring R J0) i"
+ "\<And>a. a \<in> carrier (Pring R (J0 \<inter> I)) \<Longrightarrow> \<psi> a = ring.indexed_const (Pring R J0) a"
+proof-
+ have 0: "g \<in> I \<rightarrow> carrier (Pring (Pring R J0) J1)"
+ proof
+ fix x
+ assume A0: "x \<in> I"
+ then have A1: "x \<in> J0 \<or> x \<in> J1"
+ by (meson UnE assms(1) subsetD)
+ have A2: "x \<notin> J0 \<Longrightarrow> x \<in> J1"
+ using A1 by blast
+ show "g x \<in> carrier (Pring (Pring R J0) J1)"
+ apply(cases "x \<in> J0")
+ using assms A0 A1 A2 pvar_closed[of R x J0]
+ pvar_closed[of "Pring R J0" x J1]
+ cring.indexed_const_closed[of "Pring R J0" ]
+ unfolding dist_varset_var_ass_def
+ apply (smt Pring_is_cring is_cring)
+ using assms A0 A1 A2 pvar_closed[of R x J0]
+ pvar_closed[of "Pring R J0" x J1]
+ cring.indexed_const_closed[of "Pring R J0" ]
+ unfolding dist_varset_var_ass_def
+ by (smt Pring_is_cring is_cring)
+ qed
+ have 1: " cring (Pring R J0)"
+ by (simp add: Pring_is_cring is_cring)
+ have 2: " cring (Pring (Pring R J0) J1)"
+ by (simp add: "1" Pring_is_ring ring.Pring_is_cring)
+ show C0: "ring_hom_ring (Pring R I) (Pring (Pring R J0) J1) \<psi> "
+ using 0 assms Pring_universal_prop[of "Pring (Pring R J0) J1" g I \<phi> \<psi>]
+ dist_varset_morphism_is_morphism[of I J0 J1]
+ unfolding var_factor_def
+ by (meson Pring_is_cring Pring_is_ring is_cring ring.Pring_is_cring)
+ show C1: "\<And>i. i \<in> J0 \<inter> I \<Longrightarrow> \<psi> (pvar R i) = ring.indexed_const (Pring R J0) (pvar R i)"
+ using 0 1 2 assms Pring_universal_prop(2)[of "Pring (Pring R J0) J1" g I \<phi> \<psi>]
+ dist_varset_morphism_is_morphism[of I J0 J1 \<phi>] dist_varset_var_ass_def
+ dist_varset_morphism_def unfolding var_factor_def var_to_IP_def
+ by (smt IntE dist_varset_var_ass_def inf_commute inf_le2 ring.Pring_is_cring subsetD var_to_IP_def)
+ have 3: "\<And>i. i \<in> J1 \<Longrightarrow> g i = mset_to_IP (Pring R J0) {#i#} "
+ using assms unfolding dist_varset_var_ass_def var_to_IP_def
+ by (meson disjoint_iff_not_equal)
+ show C2: "\<And>i. i \<in> J1 \<Longrightarrow> \<psi> (pvar R i) = pvar (Pring R J0) i"
+ using 0 1 2 3 assms Pring_universal_prop(2)[of "Pring (Pring R J0) J1" g I \<phi> \<psi>]
+ dist_varset_morphism_is_morphism[of I J0 J1 \<phi>]
+ unfolding var_factor_def var_to_IP_def
+ by (metis subsetD)
+ have 4: "\<And>k. k \<in> carrier R \<Longrightarrow> \<psi> (indexed_const k) = ring.indexed_const (Pring R J0) (indexed_const k)"
+ using 0 1 2 3 assms Pring_universal_prop(3)[of "Pring (Pring R J0) J1" g I \<phi> \<psi>]
+ dist_varset_morphism_is_morphism[of I J0 J1 \<phi>] comp_apply
+ unfolding var_factor_def var_to_IP_def dist_varset_morphism_def
+ by metis
+ show C3: "\<And>a. a \<in> carrier (Pring R (J0 \<inter> I)) \<Longrightarrow> \<psi> a = ring.indexed_const (Pring R J0) a"
+ proof- fix a assume A: "a \<in> carrier (Pring R (J0 \<inter> I))"
+ show " \<psi> a = ring.indexed_const (Pring R J0) a"
+ apply(rule indexed_pset.induct[of a "J0 \<inter> I" "carrier R"])
+ using A Pring_car apply blast
+ using 4
+ apply blast
+ proof-
+ show "\<And>P Q. P \<in> Pring_set R (J0 \<inter> I) \<Longrightarrow>
+ \<psi> P = ring.indexed_const (Pring R J0) P \<Longrightarrow>
+ Q \<in> Pring_set R (J0 \<inter> I) \<Longrightarrow> \<psi> Q = ring.indexed_const (Pring R J0) Q \<Longrightarrow> \<psi> (P \<Oplus> Q) = ring.indexed_const (Pring R J0) (P \<Oplus> Q)"
+ proof- fix P Q
+ assume A0: "P \<in> Pring_set R (J0 \<inter> I)"
+ assume A1: "\<psi> P = ring.indexed_const (Pring R J0) P"
+ assume A2: "Q \<in> Pring_set R (J0 \<inter> I)"
+ assume A3: "\<psi> Q = ring.indexed_const (Pring R J0) Q"
+ have A0': "P \<in> Pring_set R I"
+ using A0
+ by (meson Int_lower2 Pring_carrier_subset subsetD)
+ have A1': "Q \<in> Pring_set R I"
+ by (meson A2 Int_lower2 Pring_carrier_subset subsetD)
+ have B: "\<psi> (P \<Oplus> Q) = \<psi> P \<oplus>\<^bsub>Pring (Pring R J0) J1\<^esub> \<psi> Q"
+ using A0' A1' A2 A3 C0 assms ring_hom_add
+ by (metis (no_types, lifting) Pring_add local.ring_axioms ring.Pring_car ring_hom_ring.homh)
+ have " ring.indexed_const (Pring R J0) (P \<Oplus> Q) = ring.indexed_const (Pring R J0) P
+ \<oplus>\<^bsub>Pring (Pring R J0) J1\<^esub>ring.indexed_const (Pring R J0) Q"
+ by (simp add: Pring_add Pring_is_ring ring.Pring_add ring.indexed_padd_const)
+ then show " \<psi> (P \<Oplus> Q) = ring.indexed_const (Pring R J0) (P \<Oplus> Q)"
+ using B
+ by (simp add: A1 A3)
+ qed
+ show "\<And>P i. P \<in> Pring_set R (J0 \<inter> I) \<Longrightarrow> \<psi> P = ring.indexed_const (Pring R J0) P \<Longrightarrow>
+ i \<in> J0 \<inter> I \<Longrightarrow> \<psi> (P \<Otimes> i) = ring.indexed_const (Pring R J0) (P \<Otimes> i)"
+ proof- fix P i assume A0: "P \<in> Pring_set R (J0 \<inter> I)"
+ assume A1: "\<psi> P = ring.indexed_const (Pring R J0) P"
+ assume A2: "i \<in> J0 \<inter> I"
+ have A0': "P \<in> carrier (Pring R I)"
+ using A0 Pring_carrier_subset
+ by (metis (no_types, opaque_lifting) Pring_car in_mono inf_commute le_inf_iff subset_refl)
+ have A0'': "P \<in> carrier (Pring R J0)"
+ using A0 Pring_carrier_subset
+ by (metis (no_types, opaque_lifting) Pring_car in_mono inf_commute le_inf_iff subset_refl)
+ have " \<psi> (P \<Otimes> i) = \<psi> P \<otimes>\<^bsub>Pring (Pring R J0) J1\<^esub> ring.indexed_const (Pring R J0) (pvar R i)"
+ proof-
+ have "(P \<Otimes> i) = P \<otimes>\<^bsub>Pring R I\<^esub> pvar R i"
+ using A0' A2 unfolding var_to_IP_def
+ by (metis A0 Pring_mult poly_index_mult)
+ then show ?thesis
+ using A0' C0 A2 C1[of i] ring_hom_ring.homh
+ ring_hom_mult[of \<psi> "Pring R I" "Pring (Pring R J0) J1" P "pvar R i"]
+ by (metis IntE Pring_var_closed)
+ qed
+ then have" \<psi> (P \<Otimes> i) = ring.indexed_const (Pring R J0) P \<otimes>\<^bsub>Pring (Pring R J0) J1\<^esub>
+ ring.indexed_const (Pring R J0) (pvar R i)"
+ by (simp add: A1)
+ then have " \<psi> (P \<Otimes> i) = ring.indexed_const (Pring R J0) (P \<otimes>\<^bsub>Pring R J0\<^esub> (pvar R i))"
+ using A0'' A2 cring.indexed_const_ring_hom[of "Pring R J0" J1] ring_hom_ring.homh
+ ring_hom_mult[of "ring.indexed_const (Pring R J0)" "Pring R J0" _ P "pvar R i"]
+ by (smt "1" IntE Pring_var_closed)
+ then show "\<psi> (P \<Otimes> i) = ring.indexed_const (Pring R J0) (P \<Otimes> i)"
+ using poly_index_mult[of P J0 i] unfolding var_to_IP_def
+ by (metis A0'' A2 IntE Pring_car Pring_mult)
+ qed
+ qed
+ qed
+qed
+
+lemma var_factor_morphism':
+ assumes "I = J0 \<union> J1"
+ assumes "J1 \<subseteq> I"
+ assumes "J1 \<inter> J0 = {}"
+ assumes "\<psi> = (var_factor I J0 J1)"
+ shows "ring_hom_ring (Pring R I) (Pring (Pring R J0) J1) \<psi> "
+ "\<And>i. i \<in> J1 \<Longrightarrow> \<psi> (pvar R i) = pvar (Pring R J0) i"
+ "\<And>a. a \<in> carrier (Pring R (J0 \<inter> I)) \<Longrightarrow> \<psi> a = ring.indexed_const (Pring R J0) a"
+ using assms var_factor_morphism
+ apply blast
+ using assms var_factor_morphism(3)
+ apply (metis subset_refl)
+ using assms var_factor_morphism(4)
+ by (metis Un_subset_iff Un_upper1)
+
+text\<open>Constructing the inverse morphism for \texttt{var\_factor\_morphism} \<close>
+
+
+lemma pvar_ass_closed:
+ assumes "J1 \<subseteq> I"
+ shows "pvar R \<in> J1 \<rightarrow> carrier (Pring R I)"
+ by (meson Pi_I Pring_var_closed assms subsetD)
+
+text\<open>The following function gives us the inverse morphism $R[I][J] \to R[I \cup J]$:\<close>
+definition var_factor_inv :: "'d set \<Rightarrow> 'd set \<Rightarrow> 'd set \<Rightarrow>
+ ((('a, 'd) mvar_poly, 'd) mvar_poly, ('a, 'd) mvar_poly) ring_hom" where
+"var_factor_inv (I:: 'd set) (J0:: 'd set) (J1:: 'd set) = indexed_poly_induced_morphism J1 (Pring R I)
+ (id:: ('d multiset \<Rightarrow> 'a) \<Rightarrow> 'd multiset \<Rightarrow> 'a)
+ (pvar R)"
+
+lemma var_factor_inv_morphism:
+ assumes "I = J0 \<union> J1"
+ assumes "J1 \<subseteq> I"
+ assumes "J1 \<inter> J0 = {}"
+ assumes "\<psi> = (var_factor_inv I J0 J1)"
+ shows "ring_hom_ring (Pring (Pring R J0) J1) (Pring R I) \<psi> "
+ "\<And>i. i \<in> J1 \<Longrightarrow> \<psi> (pvar (Pring R J0) i) = pvar R i"
+ "\<And>a. a \<in> carrier (Pring R J0) \<Longrightarrow> \<psi> (ring.indexed_const (Pring R J0) a) = a"
+proof-
+ have 0: "ring_hom_ring (Pring R J0) (Pring R I) id"
+ apply(rule ring_hom_ringI)
+ apply (simp add: Pring_is_ring; fail)
+ apply (simp add: Pring_is_ring;fail )
+ apply (metis Pring_car Pring_carrier_subset Un_upper1 assms(1) id_apply subsetD)
+ apply (metis Pring_mult_eq id_apply)
+ apply (metis Pring_add_eq id_apply)
+ by (simp add: Pring_one_eq)
+ then show "ring_hom_ring (Pring (Pring R J0) J1) (Pring R I) \<psi> "
+ using cring.Pring_universal_prop(1)[of "Pring R J0" "Pring R I" "pvar R" J1 id \<psi>]
+ pvar_ass_closed[of J0 I]
+ by (metis Pring_is_cring assms(2) assms(4) is_cring pvar_ass_closed var_factor_inv_def)
+ show "\<And>i. i \<in> J1 \<Longrightarrow> \<psi> (pvar (Pring R J0) i) = pvar R i"
+ using 0 assms pvar_ass_closed[of J0 I]
+ cring.Pring_universal_prop(2)[of "Pring R J0" "Pring R I" "pvar R" J1 id \<psi>]
+ by (metis Pring_is_cring is_cring pvar_ass_closed var_factor_inv_def var_to_IP_def)
+ show "\<And>a. a \<in> carrier (Pring R J0) \<Longrightarrow> \<psi> (ring.indexed_const (Pring R J0) a) = a"
+ using 0 assms pvar_ass_closed[of J0 I]
+ cring.Pring_universal_prop(3)[of "Pring R J0" "Pring R I" "pvar R" J1 id \<psi>]
+ by (smt Pi_I Pring_is_cring Pring_var_closed id_def is_cring subsetD var_factor_inv_def)
+qed
+
+lemma var_factor_inv_inverse:
+ assumes "I = J0 \<union> J1"
+ assumes "J1 \<subseteq> I"
+ assumes "J1 \<inter> J0 = {}"
+ assumes "\<psi>1 = (var_factor_inv I J0 J1)"
+ assumes "\<psi>0 = (var_factor I J0 J1)"
+ assumes "P \<in> carrier (Pring R I)"
+ shows "\<psi>1 (\<psi>0 P) = P"
+ apply(rule indexed_pset.induct[of P I "carrier R"])
+ using Pring_car assms(6) apply blast
+ using var_factor_inv_morphism(3)[of I J0 J1 "\<psi>1"] var_factor_morphism'(3)[of I J0 J1 \<psi>0] assms
+ apply (metis indexed_const_closed inf_sup_absorb)
+proof-
+ have 0: "ring_hom_ring (Pring (Pring R J0) J1) (Pring R I) \<psi>1"
+ by (simp add: assms(1) assms(3) assms(4) var_factor_inv_morphism(1))
+ have 1: "ring_hom_ring (Pring R I) (Pring (Pring R J0) J1) \<psi>0"
+ by (simp add: assms(1) assms(3) assms(5) var_factor_morphism'(1))
+ have 2: "\<psi>1 \<circ> \<psi>0 \<in> ring_hom (Pring R I) (Pring R I)"
+ using 0 1 ring_hom_trans[of \<psi>0 "Pring R I" "Pring (Pring R J0) J1" \<psi>1 "Pring R I"]
+ ring_hom_ring.homh[of "Pring R I" "Pring (Pring R J0) J1" \<psi>0]
+ ring_hom_ring.homh[of "Pring (Pring R J0) J1" "Pring R I" \<psi>1]
+ by blast
+ show "\<And>P Q. P \<in> Pring_set R I \<Longrightarrow>
+ \<psi>1 (\<psi>0 P) = P \<Longrightarrow> Q \<in> Pring_set R I \<Longrightarrow> \<psi>1 (\<psi>0 Q) = Q \<Longrightarrow> \<psi>1 (\<psi>0 (P \<Oplus> Q)) = P \<Oplus> Q"
+ proof- fix P Q assume A0: "P \<in> Pring_set R I" "\<psi>1 (\<psi>0 P) = P"
+ assume A1: "Q \<in> Pring_set R I" "\<psi>1 (\<psi>0 Q) = Q"
+ show "\<psi>1 (\<psi>0 (P \<Oplus> Q)) = P \<Oplus> Q"
+ using A0 A1 2 ring_hom_add[of "\<psi>1 \<circ> \<psi>0" "Pring R I" "Pring R I" P Q] comp_apply[of \<psi>1 \<psi>0]
+ by (simp add: "2" \<open>P \<in> Pring_set R I\<close> \<open>Q \<in> Pring_set R I\<close> Pring_add Pring_car)
+ qed
+ show "\<And>P i. P \<in> Pring_set R I \<Longrightarrow> \<psi>1 (\<psi>0 P) = P \<Longrightarrow> i \<in> I \<Longrightarrow> \<psi>1 (\<psi>0 (P \<Otimes> i)) = P \<Otimes> i"
+ proof-
+ fix P i assume A: "P \<in> Pring_set R I" "\<psi>1 (\<psi>0 P) = P" "i \<in> I"
+ show "\<psi>1 (\<psi>0 (P \<Otimes> i)) = P \<Otimes> i"
+ proof-
+ have A0: "P \<Otimes> i = P \<otimes>\<^bsub>Pring R I\<^esub> pvar R i"
+ by (metis A(1) A(3) Pring_mult local.ring_axioms ring.poly_index_mult var_to_IP_def)
+ have A1: "\<psi>1 (\<psi>0 (pvar R i)) = pvar R i"
+ by (metis A(3) Int_iff Pring_var_closed UnE Un_subset_iff Un_upper1 assms(1) assms(2)
+ assms(3) assms(4) assms(5) cring.var_factor_morphism(2) is_cring
+ var_factor_inv_morphism(2) var_factor_inv_morphism(3) var_factor_morphism'(2))
+ then show ?thesis
+ using 2 A0 A ring_hom_mult[of "\<psi>1 \<circ> \<psi>0" "Pring R I" _ P "pvar R i" ]
+ Pring_car Pring_var_closed comp_apply[of \<psi>1 \<psi>0]
+ by smt
+ qed
+ qed
+qed
+
+lemma var_factor_total_eval:
+ assumes "I = J0 \<union> J1"
+ assumes "J1 \<subseteq> I"
+ assumes "J1 \<inter> J0 = {}"
+ assumes "\<psi> = (var_factor I J0 J1)"
+ assumes "closed_fun R g"
+ assumes "P \<in> carrier (Pring R I)"
+ shows "total_eval R g P = total_eval R g (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> P))"
+ apply(rule indexed_pset.induct[of P I "carrier R"])
+ using Pring_car assms apply blast
+ apply (metis Pring_is_cring assms(1) assms(2) assms(3) assms(4) cring.total_eval_const
+ indexed_const_closed is_cring var_factor_morphism'(3))
+proof-
+ show "\<And>P Q. P \<in> Pring_set R I \<Longrightarrow>
+ total_eval R g P = total_eval R g (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> P)) \<Longrightarrow>
+ Q \<in> Pring_set R I \<Longrightarrow>
+ total_eval R g Q = total_eval R g (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> Q)) \<Longrightarrow>
+ total_eval R g (P \<Oplus> Q) = total_eval R g (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> (P \<Oplus> Q)))"
+ proof- fix P Q
+ assume A: " P \<in> Pring_set R I"
+ "total_eval R g P = total_eval R g (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> P))"
+ assume B: " Q \<in> Pring_set R I"
+ "total_eval R g Q = total_eval R g (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> Q))"
+ have 0: "\<psi> (P \<Oplus> Q) = \<psi> P \<oplus>\<^bsub>Pring (Pring R J0) J1\<^esub> \<psi> Q"
+ using A B assms var_factor_morphism'(1)[of I J0 J1 \<psi>]
+ Pring_add[of I P Q] Pring_car[of I]
+ ring_hom_ring.homh[of "Pring R I" "Pring (Pring R J0) J1" \<psi>]
+ ring_hom_add[of \<psi> "Pring R I" "Pring (Pring R J0) J1" P Q]
+ by metis
+ have 1: "closed_fun (Pring R J0) (indexed_const \<circ> g)"
+ using assms comp_apply
+ by (smt Pi_I closed_fun_simp indexed_const_closed)
+ have 2: "\<psi> P \<in> carrier (Pring (Pring R J0) J1)"
+ using assms A var_factor_morphism'(1)[of I J0 J1 \<psi>]
+ ring_hom_ring.homh ring_hom_closed Pring_car
+ by metis
+ have 3: "\<psi> Q \<in> carrier (Pring (Pring R J0) J1)"
+ using assms B var_factor_morphism'(1)[of I J0 J1 \<psi>]
+ ring_hom_ring.homh ring_hom_closed Pring_car
+ by metis
+ have 4: "(total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> (P \<Oplus> Q))) =
+ (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> P)) \<oplus>\<^bsub>Pring R J0\<^esub>
+ (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> Q))"
+ using 0 1 2 3 A B assms cring.total_eval_add[of "Pring R J0" "\<psi> P" J1 "\<psi> Q" "indexed_const \<circ> g"]
+ by (metis Pring_car Pring_is_cring is_cring)
+ have 5: "(total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> P)) \<in> carrier (Pring R J0)"
+ using 3 assms cring.total_eval_closed "1" "2" Pring_is_cring is_cring
+ by blast
+ have 6: "(total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> Q)) \<in> carrier (Pring R J0)"
+ using 4 assms "1" "3" Pring_is_cring cring.total_eval_closed is_cring
+ by blast
+ show "total_eval R g (P \<Oplus> Q) = total_eval R g (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> (P \<Oplus> Q)))"
+ using 5 6 4 assms
+ total_eval_add[of "(total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> p))" J0
+ "(total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> Q))" ]
+ by (smt A(1) A(2) B(1) B(2) Pring_add Pring_car in_mono indexed_pset_mono order_refl
+ subsetD subset_iff total_eval_add)
+ qed
+ show "\<And>P i. P \<in> Pring_set R I \<Longrightarrow>
+ total_eval R g P = total_eval R g (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> P)) \<Longrightarrow>
+ i \<in> I \<Longrightarrow> total_eval R g (P \<Otimes> i) = total_eval R g (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> (P \<Otimes> i)))"
+ proof- fix P i
+ assume A: "P \<in> Pring_set R I"
+ "total_eval R g P = total_eval R g (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> P))"
+ "i \<in> I"
+ have 0: "(P \<Otimes> i) = P \<otimes>\<^bsub>Pring R I\<^esub> (pvar R i)"
+ using A poly_index_mult
+ by (metis Pring_mult var_to_IP_def)
+ have 1: "\<psi> (P \<Otimes> i) = \<psi> P \<otimes>\<^bsub>Pring (Pring R J0) J1\<^esub> \<psi> (pvar R i)"
+ using 0 A assms var_factor_morphism'(1)[of I J0 J1 \<psi>]
+ pvar_closed[of R i] ring_hom_mult ring_hom_ring.homh
+ by (smt Pring_car Pring_var_closed)
+ have 2: "\<psi> P \<in> carrier (Pring (Pring R J0) J1)"
+ using assms A var_factor_morphism'(1)[of I J0 J1 \<psi>]
+ ring_hom_ring.homh ring_hom_closed Pring_car
+ by metis
+ have 3: "\<psi> (pvar R i) \<in> carrier (Pring (Pring R J0) J1)"
+ using assms A var_factor_morphism'(1)[of I J0 J1 \<psi>]
+ ring_hom_ring.homh ring_hom_closed Pring_car pvar_closed[of R i I]
+ by (metis is_cring)
+ have 4: "closed_fun (Pring R J0) (indexed_const \<circ> g)"
+ apply(rule cring.closed_funI)
+ using Pring_is_cring is_cring apply blast
+ using assms indexed_const_closed closed_fun_simp[of g] comp_apply[of indexed_const g]
+ proof -
+ fix x :: 'c
+ show "(indexed_const \<circ> g) x \<in> carrier (Pring R J0)"
+ by (metis (no_types) \<open>\<And>n. closed_fun R g \<Longrightarrow> g n \<in> carrier R\<close> \<open>\<And>x. (indexed_const \<circ> g) x = indexed_const (g x)\<close> \<open>closed_fun R g\<close> indexed_const_closed)
+ qed
+ have 5: "(total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> (P \<Otimes> i))) =
+ (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> P)) \<otimes>\<^bsub>Pring R J0\<^esub>
+ (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> (pvar R i)))"
+ using 2 3 4 cring.total_eval_ring_hom[of "Pring R J0" "indexed_const \<circ> g" J1]
+ by (metis "1" Pring_is_cring cring.total_eval_mult is_cring)
+ have 6: "(total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> P)) \<in> carrier (Pring R J0)"
+ using total_eval_closed "2" "4" Pring_is_cring cring.total_eval_closed is_cring
+ by blast
+ have 7: " (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> (pvar R i))) \<in> carrier (Pring R J0)"
+ using "3" "4" Pring_is_cring cring.total_eval_closed is_cring
+ by blast
+ have 8: " total_eval R g (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> (P \<Otimes> i))) =
+ total_eval R g (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> P)) \<otimes>\<^bsub>R\<^esub>
+ total_eval R g (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> (pvar R i)))"
+ using 6 7
+ by (metis "5" assms(5) cring.total_eval_mult is_cring)
+ have 9: " total_eval R g (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> (P \<Otimes> i))) =
+ total_eval R g P \<otimes>\<^bsub>R\<^esub>
+ total_eval R g (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> (pvar R i)))"
+ using "8" A(2)
+ by presburger
+ have 10: "total_eval R g (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> (pvar R i))) =
+ g i"
+ proof(cases "i \<in> J0")
+ case True
+ then have "\<psi> (pvar R i) = ring.indexed_const (Pring R J0) (pvar R i)"
+ using assms
+ by (metis Pring_var_closed inf_sup_absorb var_factor_morphism'(3))
+ then have "(total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> (pvar R i))) = (pvar R i)"
+ by (metis Pring_is_cring Pring_var_closed True cring.total_eval_const is_cring)
+ then show ?thesis
+ using total_eval_var[of g i] assms var_to_IP_def
+ by metis
+ next
+ case False
+ then have "\<psi> (pvar R i) = (pvar (Pring R J0) i)"
+ by (metis A(3) UnE assms(1) assms(2) assms(3) assms(4) cring.var_factor_morphism'(2) is_cring)
+ then have "total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> (pvar R i)) =
+ indexed_const (g i)"
+ using cring.total_eval_var[of "Pring R J0" "indexed_const \<circ> g" i] comp_apply
+ by (metis "4" Pring_is_cring is_cring var_to_IP_def)
+ then show ?thesis
+ using total_eval_const[of "g i" g] assms closed_fun_simp[of g i]
+ by metis
+ qed
+ show "total_eval R g (P \<Otimes> i) = total_eval R g (total_eval (Pring R J0) (indexed_const \<circ> g) (\<psi> (P \<Otimes> i)))"
+ using 9 10
+ by (metis A(1) A(3) Pring_car assms(5) total_eval_indexed_pmult)
+ qed
+qed
+
+lemma var_factor_closed:
+ assumes "I = J0 \<union> J1"
+ assumes "J1 \<subseteq> I"
+ assumes "J1 \<inter> J0 = {}"
+ assumes "P \<in> carrier (Pring R I)"
+ shows "var_factor I J0 J1 P \<in> carrier (Pring (Pring R J0 ) J1)"
+ using assms var_factor_morphism'[of I J0 J1] ring_hom_ring.homh
+ by (metis ring_hom_closed)
+
+lemma var_factor_add:
+ assumes "I = J0 \<union> J1"
+ assumes "J1 \<subseteq> I"
+ assumes "J1 \<inter> J0 = {}"
+ assumes "P \<in> carrier (Pring R I)"
+ assumes "Q \<in> carrier (Pring R I)"
+ shows "var_factor I J0 J1 (P \<oplus>\<^bsub>Pring R I\<^esub> Q) = var_factor I J0 J1 P \<oplus>\<^bsub>Pring (Pring R J0) J1\<^esub>
+ var_factor I J0 J1 Q"
+ using assms var_factor_morphism'[of I J0 J1] ring_hom_ring.homh
+ by (metis (no_types, lifting) ring_hom_add)
+
+lemma var_factor_mult:
+ assumes "I = J0 \<union> J1"
+ assumes "J1 \<subseteq> I"
+ assumes "J1 \<inter> J0 = {}"
+ assumes "P \<in> carrier (Pring R I)"
+ assumes "Q \<in> carrier (Pring R I)"
+ shows "var_factor I J0 J1 (P \<otimes>\<^bsub>Pring R I\<^esub> Q) = var_factor I J0 J1 P \<otimes>\<^bsub>Pring (Pring R J0) J1\<^esub>
+ var_factor I J0 J1 Q"
+ using assms var_factor_morphism'[of I J0 J1] ring_hom_ring.homh
+ by (metis (no_types, lifting) ring_hom_mult)
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Viewing a Mulitvariable Polynomial as a Univariate Polynomial over a Multivariate Polynomial Base Ring\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+definition multivar_poly_to_univ_poly ::
+ "'c set \<Rightarrow> 'c \<Rightarrow> ('a,'c) mvar_poly \<Rightarrow>
+ (('a,'c) mvar_poly) u_poly " where
+"multivar_poly_to_univ_poly I i P = ((IP_to_UP i) \<circ> (var_factor I (I - {i}) {i})) P"
+
+definition univ_poly_to_multivar_poly ::
+ "'c set \<Rightarrow> 'c \<Rightarrow> (('a,'c) mvar_poly) u_poly \<Rightarrow>
+ ('a,'c) mvar_poly" where
+"univ_poly_to_multivar_poly I i P =((var_factor_inv I (I - {i}) {i}) \<circ> (UP_to_IP (Pring R (I - {i})) i)) P"
+
+lemma multivar_poly_to_univ_poly_is_hom:
+ assumes "i \<in> I"
+ shows "multivar_poly_to_univ_poly I i \<in> ring_hom (Pring R I) (UP (Pring R (I - {i})))"
+ unfolding multivar_poly_to_univ_poly_def comp_apply
+ apply(rule ring_hom_compose[of _ "Pring (Pring R (I - {i})) {i}" _ "var_factor I (I - {i}) {i}" "IP_to_UP i"])
+ apply (simp add: Pring_is_ring; fail)
+ apply (simp add: local.ring_axioms ring.Pring_is_ring; fail)
+ apply(rule UP_ring.UP_ring) unfolding UP_ring_def
+ apply (simp add: Pring_is_ring; fail)
+ using assms var_factor_morphism'[of I "I - {i}" "{i}"] unfolding ring_hom_ring_def ring_hom_ring_axioms_def
+ apply blast
+ using UP_cring.IP_to_UP_ring_hom[of "Pring R (I - {i})" i]
+ unfolding ring_hom_ring_def ring_hom_ring_axioms_def UP_cring_def
+ using Pring_is_cring is_cring apply blast
+ by blast
+
+lemma multivar_poly_to_univ_poly_inverse:
+ assumes "i \<in> I"
+ assumes "\<psi>0 = multivar_poly_to_univ_poly I i"
+ assumes "\<psi>1 = univ_poly_to_multivar_poly I i"
+ assumes "P \<in> carrier (Pring R I)"
+ shows "\<psi>1 (\<psi>0 P) = P"
+proof-
+ have closed: "var_factor I (I - {i}) {i} P \<in> carrier (Pring (Pring R (I - {i})) {i})"
+ using assms var_factor_closed[of I "I - {i}" "{i}" P]
+ by blast
+ have cancel_1: "UP_to_IP (Pring R (I - {i})) i
+ (IP_to_UP i (var_factor I (I - {i}) {i} P)) =
+ var_factor I (I - {i}) {i} P"
+ using closed assms ring.Pring_car
+ UP_cring.UP_to_IP_inv[of "Pring R (I - {i})" "var_factor I (I - {i}) {i} P" i]
+ Pring_is_ring unfolding UP_cring_def
+ using is_cring local.ring_axioms ring.Pring_is_cring
+ by blast
+ have "univ_poly_to_multivar_poly I i (multivar_poly_to_univ_poly I i P) =
+ univ_poly_to_multivar_poly I i ((IP_to_UP i) (var_factor I (I - {i}) {i} P))"
+ by (metis comp_apply multivar_poly_to_univ_poly_def)
+ then have "univ_poly_to_multivar_poly I i (multivar_poly_to_univ_poly I i P) =
+ ((var_factor_inv I (I - {i}) {i}) ((UP_to_IP (Pring R (I - {i})) i)
+ ((IP_to_UP i) (var_factor I (I - {i}) {i} P))))"
+ using comp_apply univ_poly_to_multivar_poly_def
+ by metis
+ then have "univ_poly_to_multivar_poly I i (multivar_poly_to_univ_poly I i P) =
+ ((var_factor_inv I (I - {i}) {i}) (var_factor I (I - {i}) {i} P))"
+ using cancel_1
+ by presburger
+ then show ?thesis using assms var_factor_inv_inverse[of I "I - {i}" "{i}" _ _ P]
+ by (metis Diff_cancel Diff_disjoint Diff_eq_empty_iff Diff_partition Un_Diff_cancel
+ Un_Diff_cancel2 Un_insert_right empty_Diff empty_subsetI insert_Diff_if insert_absorb )
+qed
+
+lemma multivar_poly_to_univ_poly_total_eval:
+ assumes "i \<in> I"
+ assumes "\<psi> = multivar_poly_to_univ_poly I i"
+ assumes "P \<in> carrier (Pring R I)"
+ assumes "closed_fun R g"
+ shows "total_eval R g P = total_eval R g (to_function (Pring R (I - {i})) (\<psi> P) (indexed_const (g i)))"
+proof-
+ have 0: "var_factor I (I - {i}) {i} P \<in> Pring_set (Pring R (I - {i})) {i}"
+ proof-
+ have 00: " ring (Pring R (I - {i}))"
+ using Pring_is_ring
+ by blast
+ then show ?thesis
+ using assms(1) assms(3) var_factor_closed[of I "I - {i}" "{i}" P] ring.Pring_car[of "Pring R (I - {i})" "{i}"]
+ by blast
+ qed
+ have 1: "closed_fun (Pring R (I - {i})) (indexed_const \<circ> g)"
+ using assms comp_apply indexed_const_closed cring.closed_funI[of "Pring R (I - {i})"]
+ by (metis Pring_is_cring closed_fun_simp is_cring)
+ have 2: "cring (Pring R (I - {i}))"
+ using Pring_is_cring is_cring by blast
+ have "(to_function (Pring R (I - {i})) (\<psi> P) (indexed_const (g i)))
+ = total_eval (Pring R (I - {i})) (indexed_const \<circ> g) ((var_factor I (I - {i}) {i}) P) "
+ using assms 0 1 2 comp_apply UP_cring.IP_to_UP_poly_eval[of "Pring R (I - {i})"
+ "(var_factor I (I - {i}) {i}) P" i "indexed_const \<circ> g"]
+ unfolding UP_cring_def multivar_poly_to_univ_poly_def
+ by metis
+ then have 3: "total_eval R g ((to_function (Pring R (I - {i})) (\<psi> P) (indexed_const (g i))) )
+ = total_eval R g ( total_eval (Pring R (I - {i})) (indexed_const \<circ> g) ((var_factor I (I - {i}) {i}) P)) "
+ by presburger
+ then have "total_eval R g P = total_eval R g (total_eval (Pring R (I - {i})) (indexed_const \<circ> g) ((var_factor I (I - {i}) {i}) P)) "
+ using assms var_factor_total_eval[of I "I - {i}" "{i}" "var_factor I (I - {i}) {i}" g P]
+ by blast
+ then show ?thesis
+ using 3
+ by presburger
+qed
+
+text\<open>
+ Induction for polynomial rings. Basically just \texttt{indexed\_pset.induct} with some
+ boilerplate translations removed
+\<close>
+
+lemma(in ring) Pring_car_induct'':
+ assumes "Q \<in> carrier (Pring R I)"
+ assumes "\<And>c. c \<in> carrier R \<Longrightarrow> P (indexed_const c)"
+ assumes "\<And>p q. p \<in> carrier (Pring R I) \<Longrightarrow> q \<in> carrier (Pring R I) \<Longrightarrow> P p \<Longrightarrow> P q \<Longrightarrow> P (p \<oplus>\<^bsub>Pring R I\<^esub> q)"
+ assumes "\<And>p i. p \<in> carrier (Pring R I) \<Longrightarrow> i \<in> I \<Longrightarrow> P p \<Longrightarrow> P (p \<otimes>\<^bsub>Pring R I\<^esub> pvar R i)"
+ shows "P Q"
+ apply(rule indexed_pset.induct[of Q I "carrier R"])
+ using Pring_car assms(1) apply blast
+ using assms(2) apply blast
+ apply (metis (full_types) Pring_add Pring_car assms(3))
+proof-
+ fix Pa i assume A: "Pa \<in> Pring_set R I" "P Pa" "i \<in> I"
+ then have 0: "Pa \<in> carrier (Pring R I)"
+ using assms A Pring_car
+ by blast
+ have "Pa \<Otimes> i = Pa \<otimes>\<^bsub>Pring R I\<^esub> pvar R i"
+ using 0 poly_index_mult assms A
+ by (metis Pring_mult var_to_IP_def)
+ then show "P (Pa \<Otimes> i)"
+ by (simp add: "0" A(2) A(3) assms)
+qed
+
+subsubsection\<open>Application: A Polynomial Ring over a Domain is a Domain\<close>
+
+text \<open>
+ In this section, we use the fact the UP \<open>R\<close> is a domain when \<open>R\<close> is a domain to show the analogous
+ result for indexed polynomial rings. We first prove it inductively for rings with a finite
+ variable set, and then generalize to infinite variable sets using the fact that any two
+ multivariable polynomials over an indexed polynomial ring must also lie in a finitely indexed
+ polynomial subring.
+\<close>
+
+lemma indexed_const_mult:
+ assumes "a \<in> carrier R"
+ assumes "b \<in> carrier R"
+ shows "indexed_const a \<otimes>\<^bsub> Pring R I\<^esub> indexed_const b = indexed_const (a \<otimes> b)"
+ by (metis Pring_mult assms(1) assms(2) indexed_const_P_mult_eq)
+
+lemma(in domain) Pring_fin_vars_is_domain:
+ assumes "finite (I ::'c set)"
+ shows "domain (Pring R I)"
+proof(rule finite_induct, rule assms)
+ show "domain (Pring R ({}::'c set))"
+ proof(rule domainI)
+ show " cring (Pring R {})"
+ by (simp add: Pring_is_cring is_cring)
+ show "\<one>\<^bsub>Pring R {}\<^esub> \<noteq> \<zero>\<^bsub>Pring R {}\<^esub>"
+ proof-
+ have "\<one>\<^bsub>Pring R {}\<^esub> {#} \<noteq> \<zero>\<^bsub>Pring R {}\<^esub> {#}"
+ by (metis Pring_one Pring_zero local.ring_axioms ring.indexed_const_def zero_not_one)
+ thus ?thesis
+ by metis
+ qed
+ show "\<And>a b. a \<otimes>\<^bsub>Pring R ({}::'c set)\<^esub> b = \<zero>\<^bsub>Pring R {}\<^esub> \<Longrightarrow>
+ a \<in> carrier (Pring R {}) \<Longrightarrow> b \<in> carrier (Pring R {}) \<Longrightarrow> a = \<zero>\<^bsub>Pring R {}\<^esub> \<or> b = \<zero>\<^bsub>Pring R {}\<^esub>"
+ proof-
+ fix a b assume A: "a \<otimes>\<^bsub>Pring R ({}::'c set)\<^esub> b = \<zero>\<^bsub>Pring R {}\<^esub>"
+ "a \<in> carrier (Pring R {})" " b \<in> carrier (Pring R {})"
+ have 0: "monomials_of R a \<subseteq> {{#}}"
+ using A Pring_set_zero unfolding monomials_of_def Pring_car
+ by blast
+ have 1: "monomials_of R b \<subseteq> {{#}}"
+ using A Pring_set_zero unfolding monomials_of_def Pring_car
+ by blast
+ obtain A where A_def: "A = a {#}"
+ by blast
+ obtain B where B_def: "B = b {#}"
+ by blast
+ have 2: "a = indexed_const A"
+ unfolding A_def
+ apply(rule ext)
+ by (metis 0 complement_of_monomials_of empty_iff in_mono indexed_const_def insert_iff)
+ have 3: "b = indexed_const B"
+ unfolding B_def
+ apply(rule ext)
+ by (metis 1 complement_of_monomials_of empty_iff in_mono indexed_const_def insert_iff)
+ have 4: "a \<otimes>\<^bsub>Pring R {}\<^esub> b = indexed_const (A \<otimes> B)"
+ using A unfolding 2 3
+ by (metis "2" "3" A_def B_def Pring_carrier_coeff' indexed_const_mult)
+ have 5: "A \<otimes> B = \<zero>"
+ using A unfolding 4 by (metis Pring_zero indexed_const_def)
+ have 6: "A = \<zero> \<or> B = \<zero>"
+ using 5 A_def B_def A
+ by (simp add: domain.integral_iff domain_axioms)
+ show "a = \<zero>\<^bsub>Pring R {}\<^esub> \<or> b = \<zero>\<^bsub>Pring R {}\<^esub>"
+ unfolding 2 3 using 6
+ by (metis Pring_zero)
+ qed
+ qed
+ show "\<And>x F. finite (F:: 'c set) \<Longrightarrow> x \<notin> F \<Longrightarrow> domain (Pring R F) \<Longrightarrow> domain (Pring R (insert x F))"
+ proof- fix S:: "'c set" fix s assume A: "finite S" "s \<notin> S" "domain (Pring R S)"
+ show "domain (Pring R (insert s S))"
+ proof-
+ have ring_hom: "multivar_poly_to_univ_poly (insert s S) s \<in> ring_hom (Pring R (insert s S)) (UP (Pring R S))"
+ using multivar_poly_to_univ_poly_is_hom
+ by (metis A(2) Diff_insert_absorb insertI1)
+ have domain: "domain (UP (Pring R S))"
+ apply(rule UP_domain.UP_domain)
+ unfolding UP_domain_def by(rule A)
+ show "domain (Pring R (insert s S))"
+ apply(rule ring_hom_ring.inj_on_domain[of _ "UP (Pring R S)" "multivar_poly_to_univ_poly (insert s S) s"])
+ apply(rule ring_hom_ring.intro)
+ apply (simp add: Pring_is_ring; fail)
+ apply(rule UP_ring.UP_ring)
+ unfolding UP_ring_def
+ apply (simp add: Pring_is_ring; fail)
+ unfolding ring_hom_ring_axioms_def apply(rule ring_hom)
+ proof(rule inj_onI)
+ fix x y assume A: "x \<in> carrier (Pring R (insert s S))"
+ "y \<in> carrier (Pring R (insert s S))"
+ "multivar_poly_to_univ_poly (insert s S) s x = multivar_poly_to_univ_poly (insert s S) s y"
+ then have 0: "univ_poly_to_multivar_poly (insert s S) s (multivar_poly_to_univ_poly (insert s S) s x)
+ = univ_poly_to_multivar_poly (insert s S) s (multivar_poly_to_univ_poly (insert s S) s y)"
+ by auto
+ have 1: "univ_poly_to_multivar_poly (insert s S) s (multivar_poly_to_univ_poly (insert s S) s x) = x"
+ using A by (meson cring.multivar_poly_to_univ_poly_inverse insertI1 is_cring)
+ have 2: "univ_poly_to_multivar_poly (insert s S) s (multivar_poly_to_univ_poly (insert s S) s y) = y"
+ using A by (meson insertI1 multivar_poly_to_univ_poly_inverse)
+ show "x = y"
+ using 0 unfolding 1 2 by auto
+ next
+ show "domain (UP (Pring R S))"
+ apply(rule UP_domain.UP_domain)
+ unfolding UP_domain_def by(rule A)
+ qed
+ qed
+ qed
+qed
+
+lemma locally_finite:
+ assumes "a \<in> carrier (Pring R I)"
+ shows "\<exists>J. J \<subseteq> I \<and> finite J \<and> a \<in> carrier (Pring R J)"
+proof(rule Pring_car_induct[of _ I], rule assms)
+ have 0: "\<zero>\<^bsub>Pring R I\<^esub> = \<zero>\<^bsub>Pring R {}\<^esub>"
+ by (simp add: Pring_zero_eq)
+ show "\<exists>J\<subseteq>I. finite J \<and> \<zero>\<^bsub>Pring R I\<^esub> \<in> carrier (Pring R J)"
+ unfolding 0
+ by (meson Pring_zero_closed empty_subsetI finite.emptyI)
+next
+ fix m k assume A: "set_mset m \<subseteq> I \<and> k \<in> carrier R"
+ obtain J where J_def: "J = set_mset m"
+ by blast
+ have 0: "k \<odot>\<^bsub>Pring R I\<^esub> mset_to_IP R m = k \<odot>\<^bsub>Pring R J\<^esub> mset_to_IP R m"
+ unfolding J_def by (simp add: Pring_smult)
+ have 1: "k \<odot>\<^bsub>Pring R I\<^esub> mset_to_IP R m \<in> carrier (Pring R J)"
+ unfolding 0 J_def using A
+ by (simp add: Pring_car Pring_smult mset_to_IP_closed poly_scalar_mult_closed)
+ show "\<exists>J\<subseteq>I. finite J \<and> k \<odot>\<^bsub>Pring R I\<^esub> mset_to_IP R m \<in> carrier (Pring R J)"
+ using J_def 1 A by blast
+next
+ fix Q m k
+ assume A: "Q \<in> carrier (Pring R I)\<and>(\<exists>J\<subseteq>I. finite J \<and> Q \<in> carrier (Pring R J)) \<and> set_mset m \<subseteq> I \<and> k \<in> carrier R"
+ then obtain J where J_def: "J\<subseteq>I \<and> finite J \<and> Q \<in> carrier (Pring R J)"
+ by blast
+ obtain J' where J'_def: "J' = J \<union> set_mset m"
+ by blast
+ have 0: "finite J'"
+ unfolding J'_def using J_def by blast
+ have 1: "k \<odot>\<^bsub>Pring R I\<^esub> mset_to_IP R m = k \<odot>\<^bsub>Pring R J'\<^esub> mset_to_IP R m"
+ unfolding J'_def using A by (simp add: Pring_smult)
+ have 2: "Q \<in> carrier (Pring R J')"
+ using J_def unfolding J'_def
+ by (metis Pring_car Pring_carrier_subset Un_upper1 subsetD)
+ have 3: "Q \<Oplus> k \<odot>\<^bsub>Pring R I\<^esub> mset_to_IP R m \<in> carrier (Pring R J')"
+ using 0 1 2 J'_def A
+ by (metis Pring_car Pring_smult_closed indexed_pset.indexed_padd mset_to_IP_closed sup.cobounded2)
+ show "\<exists>J'\<subseteq>I. finite J' \<and> Q \<Oplus> k \<odot>\<^bsub>Pring R I\<^esub> mset_to_IP R m \<in> carrier (Pring R J')"
+ using 3 0
+ by (metis A J'_def J_def Un_subset_iff)
+qed
+
+lemma(in domain) Pring_is_domain:
+ "domain (Pring R I)"
+proof(rule domainI, simp add: Pring_is_cring is_cring)
+ have 0: "\<one>\<^bsub>Pring R I\<^esub> {#} = \<one>"
+ by (simp add: Pring_one indexed_const_def)
+ have 1: "\<zero>\<^bsub>Pring R I\<^esub> {#} = \<zero>"
+ by (simp add: Pring_zero indexed_const_def)
+ have 2: "\<one> \<noteq> \<zero>"
+ by simp
+ show "\<one>\<^bsub>Pring R I\<^esub> \<noteq> \<zero>\<^bsub>Pring R I\<^esub>"
+ using 0 1 2 by auto
+next
+ fix a b assume A: "a \<otimes>\<^bsub>Pring R I\<^esub> b = \<zero>\<^bsub>Pring R I\<^esub>"
+ "a \<in> carrier (Pring R I)"
+ "b \<in> carrier (Pring R I)"
+ obtain J0 where J0_def: "J0 \<subseteq> I \<and> finite J0 \<and> a \<in> carrier (Pring R J0)"
+ using A locally_finite by blast
+ obtain J1 where J1_def: "J1 \<subseteq> I \<and> finite J1 \<and> b \<in> carrier (Pring R J1)"
+ using A locally_finite by blast
+ obtain J where J_def: "J = J0 \<union> J1"
+ by blast
+ have J_finite: "finite J"
+ using J_def J0_def J1_def by blast
+ have 0: "a \<in> carrier (Pring R J)"
+ using J0_def unfolding J_def
+ by (metis (no_types, lifting) Pring_car Pring_carrier_subset Un_upper1 subset_eq)
+ have 1: "b \<in> carrier (Pring R J)"
+ using J1_def unfolding J_def
+ by (metis Pring_car Pring_carrier_subset in_mono sup.cobounded2)
+ have 2: "a \<otimes>\<^bsub>Pring R J\<^esub> b = \<zero>\<^bsub>Pring R J\<^esub>"
+ using A J_def 0 1 by (metis Pring_mult_eq Pring_zero_eq)
+ have 3: "domain (Pring R J)"
+ using J_finite Pring_fin_vars_is_domain[of J] by blast
+ have 4: "a = \<zero>\<^bsub>Pring R J\<^esub> \<or> b = \<zero>\<^bsub>Pring R J\<^esub>"
+ using 3 2 0 1 by (simp add: domain.integral)
+ thus "a = \<zero>\<^bsub>Pring R I\<^esub> \<or> b = \<zero>\<^bsub>Pring R I\<^esub>"
+ using Pring_zero_eq by blast
+qed
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Relabelling of Variables for Indexed Polynomial Rings\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+definition relabel_vars :: "'d set \<Rightarrow> 'e set \<Rightarrow> ('d \<Rightarrow> 'e) \<Rightarrow>
+ ('a, 'd) mvar_poly \<Rightarrow> ('a, 'e) mvar_poly" where
+"relabel_vars I J g = indexed_poly_induced_morphism I (Pring R J) indexed_const (\<lambda>i. pvar R (g i))"
+
+lemma relabel_vars_is_morphism:
+ assumes "g \<in> I \<rightarrow> J"
+ shows "ring_hom_ring (Pring R I) (Pring R J) (relabel_vars I J g)"
+ "\<And>i. i \<in> I \<Longrightarrow> relabel_vars I J g (pvar R i) = pvar R (g i)"
+ "\<And>c. c \<in> carrier R \<Longrightarrow> relabel_vars I J g (indexed_const c) = indexed_const c"
+ using Pring_universal_prop(1)[of "Pring R J" "\<lambda>i. pvar R (g i)" I indexed_const]
+ assms unfolding relabel_vars_def
+ apply (meson Pi_iff Pring_is_cring Pring_var_closed indexed_const_ring_hom is_cring)
+proof-
+ have 0: "cring (Pring R J)" " (\<lambda>i. mset_to_IP R {#g i#}) \<in> I \<rightarrow> carrier (Pring R J)"
+ "ring_hom_ring R (Pring R J) indexed_const"
+ using assms Pring_is_cring is_cring apply blast
+ apply (smt Pi_iff Pring_var_closed assms var_to_IP_def)
+ by (simp add: indexed_const_ring_hom)
+ show "\<And>i. i \<in> I \<Longrightarrow> indexed_poly_induced_morphism I (Pring R J)
+ indexed_const (\<lambda>i. pvar R (g i)) (pvar R i) = pvar R (g i)"
+ using 0 assms Pring_universal_prop(2)[of "Pring R J" "\<lambda>i. pvar R (g i)" I indexed_const]
+ unfolding relabel_vars_def var_to_IP_def
+ by blast
+ show "\<And>c. c \<in> carrier R \<Longrightarrow> indexed_poly_induced_morphism I (Pring R J)
+ indexed_const (\<lambda>i. pvar R (g i)) (indexed_const c) = indexed_const c"
+ using 0 assms Pring_universal_prop(3)[of "Pring R J" "\<lambda>i. pvar R (g i)" I indexed_const]
+ unfolding var_to_IP_def
+ by blast
+qed
+
+lemma relabel_vars_add:
+ assumes "g \<in> I \<rightarrow> J"
+ assumes "P \<in> carrier (Pring R I)"
+ assumes "Q \<in> carrier (Pring R I)"
+ shows "relabel_vars I J g (P \<oplus>\<^bsub>Pring R I\<^esub> Q) = relabel_vars I J g P \<oplus>\<^bsub>Pring R J\<^esub> relabel_vars I J g Q"
+ using assms relabel_vars_is_morphism(1)[of g I J] ring_hom_ring.homh ring_hom_add
+ by (metis (no_types, lifting))
+
+lemma relabel_vars_mult:
+ assumes "g \<in> I \<rightarrow> J"
+ assumes "P \<in> carrier (Pring R I)"
+ assumes "Q \<in> carrier (Pring R I)"
+ shows "relabel_vars I J g (P \<otimes>\<^bsub>Pring R I\<^esub> Q) = relabel_vars I J g P \<otimes>\<^bsub>Pring R J\<^esub> relabel_vars I J g Q"
+ using assms relabel_vars_is_morphism(1)[of g I J] ring_hom_ring.homh ring_hom_mult
+ by (metis (no_types, lifting))
+
+lemma relabel_vars_closed:
+ assumes "g \<in> I \<rightarrow> J"
+ assumes "P \<in> carrier (Pring R I)"
+ shows "relabel_vars I J g P \<in> carrier (Pring R J)"
+ using assms relabel_vars_is_morphism(1)[of g I J] ring_hom_ring.homh
+ by (metis ring_hom_closed)
+
+lemma relabel_vars_smult:
+ assumes "g \<in> I \<rightarrow> J"
+ assumes "P \<in> carrier (Pring R I)"
+ assumes "a \<in> carrier R"
+ shows "relabel_vars I J g (a \<odot>\<^bsub>Pring R I\<^esub>P) = a \<odot>\<^bsub>Pring R J\<^esub>relabel_vars I J g P"
+proof-
+ have 0: "a \<odot>\<^bsub>Pring R I\<^esub>P = indexed_const a \<otimes>\<^bsub>Pring R I\<^esub> P"
+ by (metis Pring_car Pring_mult Pring_smult assms(2) assms(3) poly_scalar_mult_eq)
+ have 1: "a \<odot>\<^bsub>Pring R J\<^esub>relabel_vars I J g P = indexed_const a \<otimes>\<^bsub>Pring R J\<^esub> relabel_vars I J g P"
+ by (metis Pring_car Pring_mult Pring_smult assms(1) assms(2) assms(3) poly_scalar_mult_eq relabel_vars_closed)
+ show ?thesis using 0 1 assms relabel_vars_mult relabel_vars_is_morphism(3)[of g I J a]
+ by (metis indexed_const_closed)
+qed
+
+lemma relabel_vars_inverse:
+ assumes "g \<in> I \<rightarrow> J"
+ assumes "h \<in> J \<rightarrow> I"
+ assumes "\<And>i. i \<in> I \<Longrightarrow> h (g i) = i"
+ assumes "P \<in> carrier (Pring R I)"
+ shows "relabel_vars J I h (relabel_vars I J g P) = P"
+ apply(rule Pring_car_induct''[of _ I])
+ using assms(4) apply blast
+ using assms
+ apply (metis relabel_vars_is_morphism(3))
+proof-
+ show "\<And>p q. p \<in> carrier (Pring R I) \<Longrightarrow>
+ q \<in> carrier (Pring R I) \<Longrightarrow>
+ relabel_vars J I h (relabel_vars I J g p) = p \<Longrightarrow>
+ relabel_vars J I h (relabel_vars I J g q) = q \<Longrightarrow>
+ relabel_vars J I h (relabel_vars I J g (p \<oplus>\<^bsub>Pring R I\<^esub> q)) = p \<oplus>\<^bsub>Pring R I\<^esub> q"
+ proof- fix p q assume A: " p \<in> carrier (Pring R I)" "q \<in> carrier (Pring R I)"
+ "relabel_vars J I h (relabel_vars I J g p) = p"
+ "relabel_vars J I h (relabel_vars I J g q) = q"
+ show "relabel_vars J I h (relabel_vars I J g (p \<oplus>\<^bsub>Pring R I\<^esub> q)) = p \<oplus>\<^bsub>Pring R I\<^esub> q"
+ proof-
+ have 0: "relabel_vars I J g (p \<oplus>\<^bsub>Pring R I\<^esub> q) = relabel_vars I J g p \<oplus>\<^bsub>Pring R J\<^esub> relabel_vars I J g q"
+ using A(1) A(2) assms(1) relabel_vars_add by blast
+ then show ?thesis
+ using assms A relabel_vars_is_morphism(3)[of g I J] relabel_vars_is_morphism(3)[of h J I]
+ relabel_vars_closed[of g I J p] relabel_vars_closed[of g I J q]
+ relabel_vars_add[of h J I "relabel_vars I J g p" "relabel_vars I J g q"]
+ by presburger
+ qed
+ qed
+ show "\<And>p i. p \<in> carrier (Pring R I) \<Longrightarrow>
+ i \<in> I \<Longrightarrow>
+ relabel_vars J I h (relabel_vars I J g p) = p \<Longrightarrow>
+ relabel_vars J I h (relabel_vars I J g (p \<otimes>\<^bsub>Pring R I\<^esub> pvar R i)) = p \<otimes>\<^bsub>Pring R I\<^esub> pvar R i"
+ proof- fix p i assume A: " p \<in> carrier (Pring R I)"
+ "relabel_vars J I h (relabel_vars I J g p) = p"
+ "i \<in> I"
+ show " relabel_vars J I h (relabel_vars I J g (p \<otimes>\<^bsub>Pring R I\<^esub> pvar R i)) = p \<otimes>\<^bsub>Pring R I\<^esub> pvar R i"
+ proof-
+ have "relabel_vars J I h (relabel_vars I J g (pvar R i)) = pvar R i"
+ using assms relabel_vars_is_morphism[of g I J] relabel_vars_is_morphism[of h J I]
+ by (metis A(3) funcset_mem )
+ then show ?thesis
+ using assms relabel_vars_is_morphism[of g I J] relabel_vars_is_morphism[of h J I]
+ relabel_vars_closed[of g I J p] relabel_vars_closed[of g I J "pvar R i"]
+ relabel_vars_mult[of g I J "p" "pvar R i"]
+ relabel_vars_mult[of h J I "relabel_vars I J g p" "relabel_vars I J g (pvar R i)"]
+ by (metis A(1) A(2) A(3) Pring_var_closed)
+ qed
+ qed
+qed
+
+lemma relabel_vars_total_eval:
+ assumes "g \<in> I \<rightarrow> J"
+ assumes "P \<in> carrier (Pring R I)"
+ assumes "closed_fun R f"
+ shows "total_eval R (f \<circ> g) P = total_eval R f (relabel_vars I J g P)"
+proof(rule Pring_car_induct''[of P I])
+ show "P \<in> carrier (Pring R I)"
+ using assms(2) by blast
+ show "\<And>c. c \<in> carrier R \<Longrightarrow> total_eval R (f \<circ> g) (indexed_const c) = total_eval R f (relabel_vars I J g (indexed_const c))"
+ by (metis assms(1) relabel_vars_is_morphism(3) total_eval_const)
+ show " \<And>p q. p \<in> carrier (Pring R I) \<Longrightarrow>
+ q \<in> carrier (Pring R I) \<Longrightarrow>
+ total_eval R (f \<circ> g) p = total_eval R f (relabel_vars I J g p) \<Longrightarrow>
+ total_eval R (f \<circ> g) q = total_eval R f (relabel_vars I J g q) \<Longrightarrow>
+ total_eval R (f \<circ> g) (p \<oplus>\<^bsub>Pring R I\<^esub> q) = total_eval R f (relabel_vars I J g (p \<oplus>\<^bsub>Pring R I\<^esub> q))"
+
+ proof- fix p q assume A: "p \<in> carrier (Pring R I)" "q \<in> carrier (Pring R I)"
+ "total_eval R (f \<circ> g) p = total_eval R f (relabel_vars I J g p)"
+ "total_eval R (f \<circ> g) q = total_eval R f (relabel_vars I J g q)"
+ have 0: "closed_fun R (f \<circ> g)"
+ apply(rule closed_funI)
+ using comp_apply[of f g] closed_fun_simp[of f] assms(3) by presburger
+ have 1: " (relabel_vars I J g (p \<oplus>\<^bsub>Pring R I\<^esub> q)) =
+ (relabel_vars I J g p) \<oplus>\<^bsub>Pring R J\<^esub> (relabel_vars I J g q)"
+ using A(1) A(2) assms(1) relabel_vars_add by blast
+ have 2: "total_eval R f (relabel_vars I J g (p \<oplus>\<^bsub>Pring R I\<^esub> q)) =
+ (total_eval R f (relabel_vars I J g p)) \<oplus>\<^bsub>R\<^esub> (total_eval R f (relabel_vars I J g q))"
+ using total_eval_add[of _ J _ f]
+ by (metis "1" A(1) A(2) A(3) A(4) assms(1) assms(3) relabel_vars_closed)
+ show "total_eval R (f \<circ> g) (p \<oplus>\<^bsub>Pring R I\<^esub> q) = total_eval R f (relabel_vars I J g (p \<oplus>\<^bsub>Pring R I\<^esub> q))"
+ using A 0 1 2
+ by (metis total_eval_add)
+ qed
+ show "\<And>p i. p \<in> carrier (Pring R I) \<Longrightarrow>
+ i \<in> I \<Longrightarrow>
+ total_eval R (f \<circ> g) p = total_eval R f (relabel_vars I J g p) \<Longrightarrow>
+ total_eval R (f \<circ> g) (p \<otimes>\<^bsub>Pring R I\<^esub> pvar R i) = total_eval R f (relabel_vars I J g (p \<otimes>\<^bsub>Pring R I\<^esub> pvar R i))"
+ proof- fix p i assume A: "p \<in> carrier (Pring R I)" " i \<in> I "
+ "total_eval R (f \<circ> g) p = total_eval R f (relabel_vars I J g p)"
+ have 0: "closed_fun R (f \<circ> g)"
+ apply(rule closed_funI)
+ using comp_apply[of f g] closed_fun_simp[of f] assms(3) by presburger
+ have 1: " (relabel_vars I J g (p \<otimes>\<^bsub>Pring R I\<^esub> (pvar R i))) =
+ (relabel_vars I J g p) \<otimes>\<^bsub>Pring R J\<^esub> (relabel_vars I J g (pvar R i))"
+ by (meson A(1) A(2) assms(1) local.ring_axioms relabel_vars_mult ring.Pring_var_closed)
+ have 2: "total_eval R f (relabel_vars I J g (p \<otimes>\<^bsub>Pring R I\<^esub> (pvar R i))) =
+ (total_eval R f (relabel_vars I J g p)) \<otimes>\<^bsub>R\<^esub> (total_eval R f (relabel_vars I J g (pvar R i)))"
+ using total_eval_mult[of "relabel_vars I J g p" J "relabel_vars I J g (pvar R i)"]
+ by (metis "1" A(1) A(2) A(3) assms(1) assms(3) is_cring pvar_closed relabel_vars_closed)
+ have 3: " total_eval R (f \<circ> g) (p \<otimes>\<^bsub>Pring R I\<^esub> pvar R i) =
+ total_eval R (f \<circ> g) p \<otimes>\<^bsub>R\<^esub> total_eval R (f \<circ> g)( pvar R i)"
+ by (meson "0" A(1) A(2) Pring_var_closed total_eval_mult)
+ have 4: "total_eval R (f \<circ> g)( pvar R i) = (total_eval R f (relabel_vars I J g (pvar R i)))"
+ proof-
+ have 40: "total_eval R (f \<circ> g)( pvar R i) = (f \<circ> g) i"
+ using total_eval_var[of "f \<circ>g" i]
+ by (metis "0" var_to_IP_def)
+ have 41: "relabel_vars I J g (pvar R i) = pvar R (g i)"
+ by (simp add: A(2) assms(1) relabel_vars_is_morphism(2))
+ have 42: "total_eval R f (relabel_vars I J g (pvar R i)) = f (g i)"
+ using total_eval_var
+ by (metis "41" assms(3) var_to_IP_def)
+ show ?thesis
+ by (metis "40" "42" comp_apply)
+ qed
+ show " total_eval R (f \<circ> g) (p \<otimes>\<^bsub>Pring R I\<^esub> pvar R i) =
+ total_eval R f (relabel_vars I J g (p \<otimes>\<^bsub>Pring R I\<^esub> pvar R i))"
+ using A 0 1 2 3 4
+ by presburger
+ qed
+qed
+
+end
+
+
+end
+
diff --git a/thys/Padic_Field/Fraction_Field.thy b/thys/Padic_Field/Fraction_Field.thy
new file mode 100755
--- /dev/null
+++ b/thys/Padic_Field/Fraction_Field.thy
@@ -0,0 +1,1175 @@
+theory Fraction_Field
+ imports "HOL-Algebra.UnivPoly"
+ Localization_Ring.Localization
+ "HOL-Algebra.Subrings"
+ Padic_Ints.Supplementary_Ring_Facts
+begin
+
+section\<open>The Field of Fractions of a Ring\<close>
+
+text\<open>
+ This theory defines the fraction field of a domain and establishes its basic properties.
+ The fraction field is defined in the standard way as the localization of a domain at its nonzero
+ elements. This is done by importing the AFP session \texttt{Localization\_Ring}. Choice functions
+ for numerator and denominators of fractions are introduced, and the inclusion of a domain into
+ its ring of fractions is defined.
+\<close>
+
+subsection\<open>The Monoid of Nonzero Elements in a Domain\<close>
+locale domain_frac = domain
+
+lemma zero_not_in_nonzero: "\<zero>\<^bsub>R\<^esub> \<notin> nonzero R"
+ unfolding nonzero_def by blast
+
+lemma(in domain) nonzero_is_submonoid: "submonoid R (nonzero R)"
+proof
+ show " nonzero R \<subseteq> carrier R"
+ using nonzero_def by fastforce
+ show "\<And>x y. x \<in> nonzero R \<Longrightarrow> y \<in> nonzero R \<Longrightarrow> x \<otimes> y \<in> nonzero R"
+ by (metis (mono_tags, lifting) local.integral m_closed mem_Collect_eq nonzero_def)
+ show "\<one> \<in> nonzero R"
+ by (simp add: nonzero_def)
+qed
+
+lemma(in domain) nonzero_closed:
+ assumes "a \<in> nonzero R"
+ shows "a \<in> carrier R"
+ using assms
+ by (simp add: nonzero_def)
+
+lemma(in domain) nonzero_mult_closed:
+ assumes "a \<in> nonzero R"
+ assumes "b \<in> nonzero R"
+ shows "a \<otimes> b \<in> carrier R"
+ using assms
+ by (simp add: nonzero_def)
+
+lemma(in domain) nonzero_one_closed:
+"\<one> \<in> nonzero R"
+ by (simp add: nonzero_def)
+
+lemma(in domain) nonzero_memI:
+ assumes "a \<in> carrier R"
+ assumes "a \<noteq> \<zero>"
+ shows "a \<in> nonzero R"
+ using assms by(simp add: nonzero_def)
+
+lemma(in domain) nonzero_memE:
+ assumes "a \<in> nonzero R"
+ shows "a \<in> carrier R" "a \<noteq>\<zero>"
+ using assms by(auto simp: nonzero_def)
+
+lemma(in domain) not_nonzero_memE:
+ assumes "a \<notin> nonzero R"
+ assumes "a \<in> carrier R"
+ shows "a = \<zero>"
+ using assms
+ by (simp add: nonzero_def)
+
+lemma(in domain) not_nonzero_memI:
+ assumes "a = \<zero>"
+ shows "a \<notin> nonzero R"
+ using assms nonzero_memE(2) by auto
+
+lemma(in domain) one_nonzero:
+"\<one> \<in> nonzero R"
+ by (simp add: nonzero_one_closed)
+
+lemma(in domain_frac) eq_obj_rng_of_frac_nonzero:
+ "eq_obj_rng_of_frac R (nonzero R)"
+ using nonzero_is_submonoid
+ by (simp add: eq_obj_rng_of_frac.intro
+ is_cring local.ring_axioms mult_submonoid_of_crng_def mult_submonoid_of_rng_def)
+
+subsection\<open>Numerator and Denominator Choice Functions\<close>
+
+definition(in eq_obj_rng_of_frac) denom where
+"denom a = (if (a = \<zero>\<^bsub>rec_rng_of_frac\<^esub>) then \<one> else ( snd (SOME x. x \<in> a)))"
+
+text\<open>The choice function for numerators must be compatible with denom:\<close>
+
+definition(in eq_obj_rng_of_frac) numer where
+"numer a = (if (a = \<zero>\<^bsub>rec_rng_of_frac\<^esub>) then \<zero> else (fst (SOME x. x \<in> a \<and> (snd x = denom a))))"
+
+text\<open>Basic properties of numer and denom:\<close>
+lemma(in eq_obj_rng_of_frac) numer_denom_facts0:
+ assumes "domain R"
+ assumes "\<zero> \<notin> S"
+ assumes "a \<in> carrier rec_rng_of_frac"
+ assumes "a \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub>"
+ shows "a = ((numer a) |\<^bsub>rel\<^esub> (denom a))"
+ "(numer a) \<in> carrier R"
+ "(denom a) \<in> S"
+ "numer a = \<zero> \<Longrightarrow> a = \<zero>\<^bsub>rec_rng_of_frac\<^esub>"
+ "a \<otimes>\<^bsub>rec_rng_of_frac\<^esub> (rng_to_rng_of_frac(denom a)) = rng_to_rng_of_frac (numer a)"
+ "(rng_to_rng_of_frac(denom a)) \<otimes>\<^bsub>rec_rng_of_frac\<^esub> a = rng_to_rng_of_frac (numer a)"
+proof-
+ have 0: "carrier rel \<noteq> {}"
+ by (metis (no_types, lifting) SigmaI empty_iff one_closed partial_object.select_convs(1) rel_def zero_closed)
+ have 1: "(numer a, denom a) \<in> a"
+ proof-
+ have "\<exists> r s. (r \<in> carrier R \<and> s \<in> S \<and> (a = (r |\<^bsub>rel\<^esub> s)))"
+ using rel_def assms(3) assms(1) set_eq_class_of_rng_of_frac_def rec_rng_of_frac_def
+ by (smt mem_Collect_eq mem_Sigma_iff partial_object.select_convs(1))
+ then obtain r s where "r \<in> carrier R \<and> s \<in> S \<and> (a = (r |\<^bsub>rel\<^esub> s))"
+ by blast
+ hence "a = class_of\<^bsub>rel\<^esub> (r, s)"
+ by (simp add: class_of_to_rel)
+ hence "(r,s) \<in> a" using eq_class_of_def rel_def
+ using \<open>r \<in> carrier R \<and> s \<in> S \<and> a = (r |\<^bsub>rel\<^esub> s)\<close> equiv_obj_rng_of_frac equivalence.refl by fastforce
+ hence "(\<exists> x. x \<in> a)"
+ by blast
+ hence "(SOME x. x \<in> a) \<in> a"
+ by (meson some_eq_ex)
+ hence "(\<exists> x. x \<in> a \<and> (snd x = denom a))"
+ using denom_def assms by metis
+ hence "\<exists>x. x \<in> a \<and> (snd x = denom a) \<and> (fst x = numer a)"
+ using numer_def assms by (metis (mono_tags, lifting) exE_some)
+ thus ?thesis
+ by simp
+ qed
+ have "a \<in> {r |\<^bsub>rel\<^esub> s |r s. (r, s) \<in> carrier rel}"
+ using assms(3) rec_rng_of_frac_def set_eq_class_of_rng_of_frac_def by auto
+ hence "\<exists> x y. a = (x |\<^bsub>rel\<^esub> y) \<and> (x,y) \<in> carrier rel"
+ using rec_rng_of_frac_def eq_class_of_rng_of_frac_def set_eq_class_of_rng_of_frac_def
+ by blast
+ then obtain x y where "a = (x |\<^bsub>rel\<^esub> y)" and P0:"(x,y) \<in> carrier rel"
+ by blast
+ hence P1: "(numer a, denom a) \<in>(x |\<^bsub>rel\<^esub> y)"
+ using "1" by blast
+ thus 2:"a = ((numer a) |\<^bsub>rel\<^esub> (denom a))"
+ proof-
+ have P2:"(numer a, denom a) \<in> carrier rel \<and> (x, y).=\<^bsub>rel\<^esub> (numer a, denom a) "
+ using eq_class_of_rng_of_frac_def P1 by fastforce
+ hence "(x, y).=\<^bsub>rel\<^esub> (numer a, denom a)"
+ by blast
+ hence "(numer a, denom a).=\<^bsub>rel\<^esub>(x, y)"
+ using equiv_obj_rng_of_frac by (simp add: equivalence.sym P0 P2)
+ thus ?thesis
+ by (metis P0 P2 \<open>a = (x |\<^bsub>rel\<^esub> y)\<close> class_of_to_rel elem_eq_class equiv_obj_rng_of_frac)
+ qed
+ have 3:"(numer a, denom a) \<in> carrier rel"
+ using P1 by (simp add: eq_class_of_rng_of_frac_def)
+ thus 4: "numer a \<in> carrier R"
+ by (simp add: rel_def)
+ show 5: "denom a \<in> S"
+ using "3" rel_def by auto
+ show "numer a = \<zero> \<Longrightarrow> a = \<zero>\<^bsub>rec_rng_of_frac\<^esub>"
+ proof-
+ assume "numer a = \<zero>"
+ hence "a = (\<zero> |\<^bsub>rel\<^esub> (denom a))"
+ using "2" by auto
+ thus ?thesis
+ using "5" class_of_zero_rng_of_frac by auto
+ qed
+ show "a \<otimes>\<^bsub>rec_rng_of_frac\<^esub> rng_to_rng_of_frac (denom a) = rng_to_rng_of_frac (numer a)"
+ proof-
+ have S: "(denom a, \<one>) \<in>carrier rel"
+ using "5" rel_def subset by auto
+ hence "a \<otimes>\<^bsub>rec_rng_of_frac\<^esub> rng_to_rng_of_frac (denom a) = (((numer a) \<otimes> (denom a)) |\<^bsub>rel\<^esub> ((denom a) \<otimes> \<one>)) "
+ using 2 3 mult_rng_of_frac_fundamental_lemma rng_to_rng_of_frac_def
+ rec_monoid_rng_of_frac_def rec_rng_of_frac_def by fastforce
+ hence "a \<otimes>\<^bsub>rec_rng_of_frac\<^esub> rng_to_rng_of_frac (denom a) = (((denom a)\<otimes> (numer a)) |\<^bsub>rel\<^esub> ((denom a) \<otimes> \<one>))"
+ using "4" "5" m_comm subset by auto
+ hence "a \<otimes>\<^bsub>rec_rng_of_frac\<^esub> rng_to_rng_of_frac (denom a) = ((denom a) |\<^bsub>rel\<^esub> (denom a)) \<otimes>\<^bsub>rec_rng_of_frac\<^esub>( (numer a) |\<^bsub>rel\<^esub> \<one>)"
+ using mult_rng_of_frac_fundamental_lemma "4" "5" S
+ rec_monoid_rng_of_frac_def rec_rng_of_frac_def rel_def by auto
+ thus ?thesis
+ using "4" "5" \<open>a \<otimes>\<^bsub>rec_rng_of_frac\<^esub> rng_to_rng_of_frac
+ (denom a) = (denom a \<otimes> numer a |\<^bsub>rel\<^esub> denom a \<otimes> \<one>)\<close> rel_def
+ rng_to_rng_of_frac_def simp_in_frac by auto
+ qed
+ thus "(rng_to_rng_of_frac(denom a)) \<otimes>\<^bsub>rec_rng_of_frac\<^esub> a = rng_to_rng_of_frac (numer a)"
+ by (smt "5" assms(3) cring.cring_simprules(14) crng_rng_of_frac ring_hom_closed rng_to_rng_of_frac_is_ring_hom subset subsetD)
+qed
+
+lemma(in eq_obj_rng_of_frac) frac_zero:
+ assumes "domain R"
+ assumes "\<zero> \<notin> S"
+ assumes "a \<in> carrier R"
+ assumes "b \<in> S"
+ assumes "(a |\<^bsub>rel\<^esub> b) = \<zero>\<^bsub>rec_rng_of_frac\<^esub>"
+ shows "a = \<zero>"
+proof-
+ have 0: "(a |\<^bsub>rel\<^esub> b) = (\<zero> |\<^bsub>rel\<^esub> \<one>)"
+ by (simp add: assms(5) class_of_zero_rng_of_frac)
+ have 1: "(a,b) \<in> carrier rel"
+ by (simp add: assms(3) assms(4) rel_def)
+ have 2: "(\<zero>, \<one>) \<in> carrier rel"
+ by (simp add: rel_def)
+ have 3: "(b, \<one>) \<in> carrier rel"
+ using assms(4) rel_def subset by auto
+ have "(a,b) .=\<^bsub>rel\<^esub> (\<zero>, \<one>)"
+ by (metis (no_types, lifting) "0" "1" "2" eq_class_to_rel partial_object.select_convs(1) rel_def)
+ have "(a |\<^bsub>rel\<^esub> b) \<otimes>\<^bsub>rec_rng_of_frac\<^esub> (b |\<^bsub>rel\<^esub>\<one>) = (\<zero> |\<^bsub>rel\<^esub> b)"
+ by (metis (no_types, opaque_lifting) assms(4) assms(5)
+ basic_trans_rules(31) class_of_zero_rng_of_frac cring.axioms(1)
+ crng_rng_of_frac ring.ring_simprules(24) ring_hom_closed
+ rng_to_rng_of_frac_def rng_to_rng_of_frac_is_ring_hom subset)
+ hence 4: "((a \<otimes> b) |\<^bsub>rel\<^esub> b) = (\<zero> |\<^bsub>rel\<^esub> b)"
+ using "1" "3" assms(4) mult_rng_of_frac_fundamental_lemma
+ rec_monoid_rng_of_frac_def rec_rng_of_frac_def subset by auto
+ have S: "((a \<otimes> b) , b) \<in> carrier rel"
+ using assms(3) assms(4) rel_def subset by auto
+ have T: "(\<zero>, b) \<in>carrier rel"
+ by (simp add: assms(4) rel_def)
+ hence " ((a \<otimes> b) , b).=\<^bsub>rel\<^esub> (\<zero> , b)"
+ using 4 S eq_class_to_rel rel_def by auto
+ hence "eq rel ((a \<otimes> b) , b) (\<zero> , b)"
+ by blast
+ hence "\<exists>t\<in>S. t \<otimes> (b \<otimes> (a \<otimes> b) \<ominus> b \<otimes> \<zero>) = \<zero>"
+ using rel_def by auto
+ then obtain t where "t \<in> S" and "t \<otimes> (b \<otimes> (a \<otimes> b) \<ominus> b \<otimes> \<zero>) = \<zero>"
+ by blast
+ have "t \<noteq>\<zero>"
+ using \<open>t \<in> S\<close> assms(2) by blast
+ hence "(b \<otimes> (a \<otimes> b) \<ominus> b \<otimes> \<zero>) = \<zero>"
+ by (meson \<open>t \<in> S\<close> \<open>t \<otimes> (b \<otimes> (a \<otimes> b) \<ominus> b \<otimes> \<zero>) = \<zero>\<close> assms(1) assms(3)
+ assms(4) domain.integral_iff minus_closed semiring_simprules(3)
+ set_mp subset zero_closed)
+ hence "b \<otimes> (a \<otimes> b) = \<zero>"
+ using "3" S rel_def abelian_group.minus_to_eq is_abelian_group by fastforce
+ thus "a = \<zero>"
+ by (metis (no_types, lifting) assms(1) assms(2)
+ assms(3) assms(4) domain.integral_iff
+ semiring_simprules(3) subset subsetCE)
+qed
+
+text\<open>When S does not contain 0, and R is a domain, the localization is a domain.\<close>
+
+lemma(in eq_obj_rng_of_frac) rec_rng_of_frac_is_domain:
+ assumes "domain R"
+ assumes "\<zero> \<notin> S"
+ shows "domain rec_rng_of_frac"
+proof(rule domainI)
+ show "cring rec_rng_of_frac"
+ by (simp add: crng_rng_of_frac)
+ show "\<one>\<^bsub>rec_rng_of_frac\<^esub> \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub>"
+ proof-
+ have " \<one>\<^bsub>R\<^esub> \<noteq> \<zero>\<^bsub>R\<^esub>"
+ by (simp add: assms domain.one_not_zero)
+ hence 0: " \<one>\<^bsub>R\<^esub> \<notin> (a_kernel R rec_rng_of_frac rng_to_rng_of_frac)"
+ using assms(1) rng_to_rng_of_frac_without_zero_div_is_inj
+ by (simp add: assms(2) domain_axioms_def domain_def)
+ hence "rng_to_rng_of_frac \<one> \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub>"
+ by (simp add: a_kernel_def')
+ thus ?thesis
+ using ring_hom_one rng_to_rng_of_frac_is_ring_hom by blast
+ qed
+ show "\<And>a b. a \<otimes>\<^bsub>rec_rng_of_frac\<^esub> b = \<zero>\<^bsub>rec_rng_of_frac\<^esub> \<Longrightarrow>
+ a \<in> carrier rec_rng_of_frac \<Longrightarrow>
+ b \<in> carrier rec_rng_of_frac \<Longrightarrow>
+ a = \<zero>\<^bsub>rec_rng_of_frac\<^esub> \<or> b = \<zero>\<^bsub>rec_rng_of_frac\<^esub>"
+ proof-
+ fix a b
+ assume A1: "a \<otimes>\<^bsub>rec_rng_of_frac\<^esub> b = \<zero>\<^bsub>rec_rng_of_frac\<^esub>"
+ assume A2: " a \<in> carrier rec_rng_of_frac"
+ assume A3: "b \<in> carrier rec_rng_of_frac"
+ show "a = \<zero>\<^bsub>rec_rng_of_frac\<^esub> \<or> b = \<zero>\<^bsub>rec_rng_of_frac\<^esub>"
+ proof(rule disjCI)
+ assume "b \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub>"
+ have "\<not> a \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub> "
+ proof
+ assume "a \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub>"
+ have B1: "numer a \<noteq> \<zero>"
+ using A2 \<open>a \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub>\<close> assms(1) assms(2) numer_denom_facts0(4) by blast
+ have B2: "numer b \<noteq> \<zero>"
+ using A3 \<open>b \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub>\<close> assms(1) assms(2) numer_denom_facts0(4) by blast
+ have B3: "denom a \<noteq>\<zero>"
+ using A2 \<open>a \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub>\<close> assms(1) assms(2)
+ eq_obj_rng_of_frac.numer_denom_facts0(1) eq_obj_rng_of_frac_axioms
+ using numer_denom_facts0(3) by force
+ have B4: "denom b \<noteq>\<zero>"
+ using A3 \<open>b \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub>\<close> assms(1) assms(2)
+ eq_obj_rng_of_frac_axioms by (metis (no_types, lifting) numer_denom_facts0(3))
+ have "a \<otimes>\<^bsub>rec_rng_of_frac\<^esub> b = (((numer a) \<otimes> (numer b)) |\<^bsub>rel\<^esub> ((denom a) \<otimes> (denom b)))"
+ proof-
+ have S0: "a = (numer a |\<^bsub>rel\<^esub> denom a)"
+ by (simp add: A2 \<open>a \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub>\<close> assms(1) assms(2) numer_denom_facts0(1))
+ have S1: "b= (numer b |\<^bsub>rel\<^esub> denom b)"
+ by (simp add: A3 \<open>b \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub>\<close> assms(1) assms(2) numer_denom_facts0(1))
+ have S2: "(numer a, denom a) \<in> carrier rel"
+ using A2 \<open>a \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub>\<close> assms(1) assms(2)
+ eq_obj_rng_of_frac.numer_denom_facts0(2) eq_obj_rng_of_frac.numer_denom_facts0(3)
+ eq_obj_rng_of_frac_axioms rel_def by fastforce
+ have S3: "(numer b, denom b) \<in> carrier rel"
+ using A3 \<open>b \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub>\<close> assms(1) assms(2)
+ eq_obj_rng_of_frac.numer_denom_facts0(2) eq_obj_rng_of_frac_axioms
+ numer_denom_facts0(3) rel_def by auto
+ show ?thesis using S0 S1 S2 S3 mult_rng_of_frac_fundamental_lemma
+ using rec_monoid_rng_of_frac_def rec_rng_of_frac_def by force
+ qed
+ hence "(((numer a) \<otimes> (numer b)) |\<^bsub>rel\<^esub> ((denom a) \<otimes> (denom b))) = \<zero>\<^bsub>rec_rng_of_frac\<^esub>"
+ using A1 by blast
+ hence "(numer a) \<otimes> (numer b) = \<zero>"
+ by (meson A2 A3 \<open>a \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub>\<close> \<open>b \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub>\<close>
+ assms(1) assms(2) eq_obj_rng_of_frac.numer_denom_facts0(2)
+ eq_obj_rng_of_frac.numer_denom_facts0(3) eq_obj_rng_of_frac_axioms
+ frac_zero m_closed semiring_simprules(3))
+ thus False
+ by (meson A2 A3 B1 B2 \<open>a \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub>\<close>
+ \<open>b \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub>\<close> assms(1) assms(2)
+ domain.integral_iff eq_obj_rng_of_frac.numer_denom_facts0(2)
+ eq_obj_rng_of_frac_axioms)
+ qed
+ thus "a = \<zero>\<^bsub>rec_rng_of_frac\<^esub>"
+ by auto
+ qed
+ qed
+qed
+
+lemma(in eq_obj_rng_of_frac) numer_denom_facts:
+ assumes "domain R"
+ assumes "\<zero> \<notin> S"
+ assumes "a \<in> carrier rec_rng_of_frac"
+ shows "a = (numer a |\<^bsub>rel\<^esub> denom a)"
+ "(numer a) \<in> carrier R"
+ "(denom a) \<in> S"
+ "a \<noteq> \<zero>\<^bsub>rec_rng_of_frac\<^esub> \<Longrightarrow> (numer a) \<noteq>\<zero>"
+ "a \<otimes>\<^bsub>rec_rng_of_frac\<^esub> (rng_to_rng_of_frac(denom a)) = rng_to_rng_of_frac (numer a)"
+ "(rng_to_rng_of_frac(denom a)) \<otimes>\<^bsub>rec_rng_of_frac\<^esub> a = rng_to_rng_of_frac (numer a)"
+ using assms(1) assms(2) assms(3) class_of_zero_rng_of_frac denom_def numer_def numer_denom_facts0(1) apply force
+ using assms(1) assms(2) assms(3) numer_def numer_denom_facts0(2) apply force
+ using assms(1) assms(2) assms(3) denom_def numer_denom_facts0(3) apply force
+ using assms(1) assms(2) assms(3) numer_denom_facts0(4) apply blast
+ apply (metis (no_types, lifting) assms(1) assms(2) assms(3) class_of_zero_rng_of_frac
+ denom_def monoid.r_one monoid.simps(2) numer_def numer_denom_facts0(5) one_closed
+ rec_rng_of_frac_def ringE(2) rng_rng_of_frac rng_to_rng_of_frac_def)
+ by (metis (no_types, lifting) assms(1) assms(2) assms(3) class_of_zero_rng_of_frac
+ cring.cring_simprules(12) crng_rng_of_frac denom_def monoid.simps(2) numer_def
+ numer_denom_facts0(6) one_closed rec_rng_of_frac_def rng_to_rng_of_frac_def)
+
+lemma(in eq_obj_rng_of_frac) numer_denom_closed:
+ assumes "domain R"
+ assumes "\<zero> \<notin> S"
+ assumes "a \<in> carrier rec_rng_of_frac"
+ shows "(numer a, denom a) \<in> carrier rel"
+ by (simp add: assms(1) assms(2) assms(3) numer_denom_facts(2) numer_denom_facts(3) rel_def)
+
+text\<open>Fraction function which suppresses the "rel" argument.\<close>
+
+definition(in eq_obj_rng_of_frac) fraction where
+"fraction x y = (x |\<^bsub>rel\<^esub> y)"
+
+lemma(in eq_obj_rng_of_frac) a_is_fraction:
+ assumes "domain R"
+ assumes "\<zero> \<notin> S"
+ assumes "a \<in> carrier rec_rng_of_frac"
+ shows "a = fraction (numer a) (denom a)"
+ by (simp add: assms(1) assms(2) assms(3) fraction_def numer_denom_facts(1))
+
+lemma(in eq_obj_rng_of_frac) add_fraction:
+ assumes "domain R"
+ assumes "\<zero> \<notin> S"
+ assumes "a \<in> carrier R"
+ assumes "b \<in> S"
+ assumes "c \<in> carrier R"
+ assumes "d \<in> S"
+ shows "(fraction a b) \<oplus>\<^bsub>rec_rng_of_frac\<^esub> (fraction c d) = (fraction ((a \<otimes> d) \<oplus> (b \<otimes> c)) (b \<otimes> d))"
+proof-
+ have 0:"(a,b) \<in> carrier rel"
+ by (simp add: assms(3) assms(4) rel_def)
+ have 1:"(c,d) \<in> carrier rel"
+ by (simp add: assms(5) assms(6) rel_def)
+ show ?thesis
+ using 0 1 add_rng_of_frac_fundamental_lemma assms numer_denom_facts fraction_def
+ domain_def m_comm subset
+ by auto
+qed
+
+lemma(in eq_obj_rng_of_frac) mult_fraction:
+ assumes "domain R"
+ assumes "\<zero> \<notin> S"
+ assumes "a \<in> carrier R"
+ assumes "b \<in> S"
+ assumes "c \<in> carrier R"
+ assumes "d \<in> S"
+ shows "(fraction a b) \<otimes>\<^bsub>rec_rng_of_frac\<^esub> (fraction c d) = (fraction (a \<otimes> c) (b \<otimes> d))"
+proof-
+ have 0:"(a,b) \<in> carrier rel"
+ by (simp add: assms(3) assms(4) rel_def)
+ have 1:"(c,d) \<in> carrier rel"
+ by (simp add: assms(5) assms(6) rel_def)
+ show ?thesis using 0 1 mult_rng_of_frac_fundamental_lemma
+ by (simp add: fraction_def rec_monoid_rng_of_frac_def rec_rng_of_frac_def)
+qed
+
+lemma(in eq_obj_rng_of_frac) fraction_zero:
+"\<zero>\<^bsub>rec_rng_of_frac\<^esub> = fraction \<zero> \<one> "
+ by (simp add: class_of_zero_rng_of_frac fraction_def)
+
+lemma(in eq_obj_rng_of_frac) fraction_zero':
+ assumes "a \<in> S"
+ assumes "\<zero> \<notin> S"
+ shows "\<zero>\<^bsub>rec_rng_of_frac\<^esub> = fraction \<zero> a"
+ by (simp add: assms(1) class_of_zero_rng_of_frac fraction_def)
+
+lemma(in eq_obj_rng_of_frac) fraction_one:
+"\<one>\<^bsub>rec_rng_of_frac\<^esub> = fraction \<one> \<one>"
+ by (simp add: fraction_def rec_rng_of_frac_def)
+
+lemma(in eq_obj_rng_of_frac) fraction_one':
+ assumes "domain R"
+ assumes "\<zero> \<notin> S"
+ assumes "a \<in> S"
+ shows "fraction a a = \<one>\<^bsub>rec_rng_of_frac\<^esub>"
+ using assms fraction_def fraction_one one_closed simp_in_frac subset
+ by (smt mem_Sigma_iff partial_object.select_convs(1) r_one rel_def subsetD)
+
+lemma(in eq_obj_rng_of_frac) fraction_closed:
+ assumes "domain R"
+ assumes "\<zero> \<notin> S"
+ assumes "a \<in> carrier R"
+ assumes "b \<in> S"
+ shows "fraction a b \<in> carrier rec_rng_of_frac"
+proof-
+ have "(a,b) \<in> carrier rel"
+ by (simp add: assms(3) assms(4) rel_def)
+ hence "(a |\<^bsub>rel\<^esub> b) \<in> set_class_of\<^bsub>rel\<^esub>"
+ using set_eq_class_of_rng_of_frac_def
+ by blast
+ thus ?thesis using fraction_def
+ by (simp add: rec_rng_of_frac_def)
+qed
+
+subsection\<open>Defining the Field of Fractions\<close>
+
+definition Frac where
+"Frac R = eq_obj_rng_of_frac.rec_rng_of_frac R (nonzero R)"
+
+lemma(in domain_frac) fraction_field_is_domain:
+"domain (Frac R)"
+ using domain_axioms eq_obj_rng_of_frac.rec_rng_of_frac_is_domain
+ eq_obj_rng_of_frac_nonzero Frac_def
+ by (metis nonzero_memE(2))
+
+subsubsection\<open>Numerator and Denominator Choice Functions for \texttt{domain\_frac}\<close>
+definition numerator where
+"numerator R = eq_obj_rng_of_frac.numer R (nonzero R)"
+
+abbreviation(in domain_frac)(input) numer where
+"numer \<equiv> numerator R"
+
+definition denominator where
+"denominator R = eq_obj_rng_of_frac.denom R (nonzero R)"
+
+abbreviation(in domain_frac)(input) denom where
+"denom \<equiv> denominator R"
+
+definition fraction where
+"fraction R = eq_obj_rng_of_frac.fraction R (nonzero R)"
+
+abbreviation(in domain_frac)(input) frac where
+"frac \<equiv> fraction R"
+
+subsubsection\<open>The inclusion of R into its fraction field\<close>
+
+definition Frac_inc where
+"Frac_inc R = eq_obj_rng_of_frac.rng_to_rng_of_frac R (nonzero R)"
+
+abbreviation(in domain_frac)(input) inc ("\<iota>") where
+"inc \<equiv> Frac_inc R"
+
+lemma(in domain_frac) inc_equation:
+ assumes "a \<in> carrier R"
+ shows "\<iota> a = frac a \<one>"
+ unfolding Frac_inc_def fraction_def
+ using assms
+ by (simp add: eq_obj_rng_of_frac.fraction_def eq_obj_rng_of_frac.rng_to_rng_of_frac_def eq_obj_rng_of_frac_nonzero)
+
+lemma(in domain_frac) inc_is_hom:
+"inc \<in> ring_hom R (Frac R)"
+ by (simp add: eq_obj_rng_of_frac.rng_to_rng_of_frac_is_ring_hom Frac_def
+ eq_obj_rng_of_frac_nonzero Frac_inc_def)
+
+lemma(in domain_frac) inc_is_hom1:
+"ring_hom_ring R (Frac R) inc"
+ apply(rule ring_hom_ringI2)
+ using cring_def domain.axioms(1) fraction_field_is_domain
+ by(auto simp:inc_is_hom local.ring_axioms)
+
+text\<open>Inclusion map is injective:\<close>
+
+lemma(in domain_frac) inc_inj0:
+"a_kernel R (Frac R) inc = {\<zero>}"
+proof-
+ have 0: "\<zero> \<notin> nonzero R"
+ by (simp add: nonzero_def)
+ have 1: "eq_obj_rng_of_frac R (nonzero R)"
+ by (simp add: eq_obj_rng_of_frac_nonzero)
+ have 2: "\<forall> a\<in> carrier R. \<forall> b\<in>carrier R. a \<otimes> b = \<zero> \<longrightarrow> a = \<zero> \<or> b = \<zero>"
+ using local.integral by blast
+ show ?thesis using 0 1 2
+ by (simp add: eq_obj_rng_of_frac.rng_to_rng_of_frac_without_zero_div_is_inj
+ Frac_def Frac_inc_def)
+qed
+
+lemma(in domain_frac) inc_inj1:
+ assumes "a \<in> carrier R"
+ assumes "inc a = \<zero>\<^bsub>Frac R\<^esub>"
+ shows "a = \<zero>"
+proof-
+ have "a \<in> a_kernel R (Frac R) inc" using a_kernel_def' assms(2)
+ by (simp add: a_kernel_def' assms(1))
+ thus ?thesis
+ using inc_inj0 by blast
+qed
+
+lemma(in domain_frac) inc_inj2:
+ assumes "a \<in> carrier R"
+ assumes "b \<in> carrier R"
+ assumes "inc a = inc b"
+ shows "a = b"
+proof-
+ have "inc (a \<ominus> b) = (inc a) \<oplus>\<^bsub>Frac R\<^esub> (inc (\<ominus> b))"
+ using inc_is_hom by (simp add: ring_hom_add assms(1) assms(2) minus_eq)
+ hence "inc (a \<ominus> b) = \<zero>\<^bsub>Frac R\<^esub>" using assms inc_is_hom
+ by (smt Frac_def add.inv_closed eq_obj_rng_of_frac.rng_rng_of_frac
+ eq_obj_rng_of_frac_nonzero local.ring_axioms r_neg ring_hom_add ring_hom_zero)
+ thus ?thesis
+ by (meson abelian_group.minus_to_eq assms(1) assms(2) domain_frac.inc_inj1 domain_frac_axioms is_abelian_group minus_closed)
+qed
+
+text\<open>Image of inclusion map is a subring:\<close>
+
+lemma(in domain_frac) inc_im_is_subring:
+"subring (\<iota> ` (carrier R)) (Frac R)"
+ using carrier_is_subring inc_is_hom1 ring_hom_ring.img_is_subring by blast
+
+subsubsection\<open>Basic Properties of numer, denom, and frac\<close>
+
+lemma(in domain_frac) numer_denom_facts:
+ assumes "a \<in> carrier (Frac R)"
+ shows "a = frac (numer a) (denom a)"
+ "(numer a) \<in> carrier R"
+ "(denom a) \<in> nonzero R"
+ "a \<noteq> \<zero>\<^bsub>Frac R\<^esub> \<Longrightarrow> numer a \<noteq> \<zero> "
+ "a \<otimes>\<^bsub>Frac R\<^esub> (inc (denom a)) = inc (numer a)"
+ unfolding fraction_def numerator_def denominator_def Frac_inc_def
+ apply (metis Frac_def assms domain_axioms eq_obj_rng_of_frac.a_is_fraction eq_obj_rng_of_frac_nonzero not_nonzero_memI)
+ apply (metis Frac_def assms domain_axioms eq_obj_rng_of_frac.numer_denom_facts(2) eq_obj_rng_of_frac_nonzero nonzero_memE(2))
+ apply (metis Frac_def assms domain_axioms eq_obj_rng_of_frac.numer_denom_facts(3) eq_obj_rng_of_frac_nonzero not_nonzero_memI)
+ apply (metis Frac_def assms domain_axioms eq_obj_rng_of_frac.numer_denom_facts0(4) eq_obj_rng_of_frac_nonzero not_nonzero_memI)
+ by (metis Frac_def assms domain_axioms eq_obj_rng_of_frac.numer_denom_facts(5) eq_obj_rng_of_frac_nonzero nonzero_memE(2))
+
+lemma(in domain_frac) frac_add:
+ assumes "a \<in> carrier R"
+ assumes "b \<in> nonzero R"
+ assumes "c \<in> carrier R"
+ assumes "d \<in> nonzero R"
+ shows "(frac a b) \<oplus>\<^bsub>Frac R\<^esub> (frac c d) = (frac ((a \<otimes> d) \<oplus> (b \<otimes> c)) (b \<otimes> d))"
+ using eq_obj_rng_of_frac.add_fraction[of R "nonzero R" a b c d]
+ eq_obj_rng_of_frac_nonzero assms zero_not_in_nonzero[of R]
+ by (simp add: Frac_def domain_axioms fraction_def)
+
+lemma(in domain_frac) frac_mult:
+ assumes "a \<in> carrier R"
+ assumes "b \<in> nonzero R"
+ assumes "c \<in> carrier R"
+ assumes "d \<in> nonzero R"
+ shows "(frac a b) \<otimes>\<^bsub>Frac R\<^esub> (frac c d) = (frac (a \<otimes> c) (b \<otimes> d))"
+ by (simp add: Frac_def assms(1) assms(2) assms(3) assms(4) domain_axioms
+ eq_obj_rng_of_frac.mult_fraction eq_obj_rng_of_frac_nonzero fraction_def not_nonzero_memI)
+
+lemma(in domain_frac) frac_one:
+ assumes "a \<in> nonzero R"
+ shows "frac a a = \<one>\<^bsub>Frac R\<^esub>"
+ by (metis Frac_def assms domain_axioms eq_obj_rng_of_frac.fraction_one' eq_obj_rng_of_frac_nonzero fraction_def nonzero_memE(2))
+
+lemma(in domain_frac) frac_closed:
+ assumes "a \<in> carrier R"
+ assumes "b \<in> nonzero R"
+ shows "frac a b \<in> carrier (Frac R)"
+ by (metis Frac_def assms(1) assms(2) domain_axioms eq_obj_rng_of_frac.fraction_closed eq_obj_rng_of_frac_nonzero fraction_def nonzero_memE(2))
+
+lemma(in domain_frac) nonzero_fraction:
+ assumes "a \<in> nonzero R"
+ assumes "b \<in> nonzero R"
+ shows "frac a b \<noteq> \<zero>\<^bsub>Frac R\<^esub>"
+proof
+ assume "frac a b = \<zero>\<^bsub>Frac R\<^esub>"
+ hence "(frac a b) \<otimes>\<^bsub>Frac R\<^esub> (frac b a) = \<zero>\<^bsub>Frac R\<^esub> \<otimes>\<^bsub>Frac R\<^esub> (frac b a)"
+ by simp
+ hence "(frac a b) \<otimes>\<^bsub>Frac R\<^esub> (frac b a) = \<zero>\<^bsub>Frac R\<^esub>"
+ by (metis Localization.submonoid.subset assms(1) assms(2) cring.cring_simprules(26)
+ domain.axioms(1) frac_closed fraction_field_is_domain nonzero_is_submonoid subsetCE)
+ hence "frac (a \<otimes>b) (b \<otimes> a) = \<zero>\<^bsub>Frac R\<^esub>"
+ by (metis (no_types, lifting) Localization.submonoid.subset
+ assms(1) assms(2) frac_mult nonzero_is_submonoid subsetCE)
+ hence "frac (a \<otimes>b) (a \<otimes> b) = \<zero>\<^bsub>Frac R\<^esub>"
+ by (metis (no_types, lifting) Localization.submonoid.subset assms(1) assms(2) m_comm nonzero_is_submonoid subsetCE)
+ hence "\<one>\<^bsub>Frac R\<^esub> = \<zero>\<^bsub>Frac R\<^esub>"
+ using Localization.submonoid.m_closed assms(1) assms(2) frac_one nonzero_is_submonoid by force
+ thus False
+ using domain.one_not_zero fraction_field_is_domain by blast
+qed
+
+lemma(in comm_monoid) UnitsI:
+ assumes "a \<in> carrier G"
+ assumes "b \<in> carrier G"
+ assumes "a \<otimes> b = \<one>"
+ shows "a \<in> Units G" "b \<in> Units G"
+ unfolding Units_def using comm_monoid_axioms_def assms m_comm[of a b]
+ by auto
+
+lemma(in comm_monoid) is_invI:
+ assumes "a \<in> carrier G"
+ assumes "b \<in> carrier G"
+ assumes "a \<otimes> b = \<one>"
+ shows "inv\<^bsub>G\<^esub> b = a" "inv\<^bsub>G\<^esub> a = b"
+ using assms inv_char m_comm
+ by auto
+
+lemma(in ring) ring_in_Units_imp_not_zero:
+ assumes "\<one> \<noteq> \<zero>"
+ assumes "a \<in> Units R"
+ shows "a \<noteq> \<zero>"
+ using assms monoid.Units_l_cancel
+ by (metis l_null monoid_axioms one_closed zero_closed)
+
+lemma(in domain_frac) in_Units_imp_not_zero:
+ assumes "a \<in> Units R"
+ shows "a \<noteq> \<zero>"
+ using assms ring_in_Units_imp_not_zero domain_axioms
+ by simp
+
+lemma(in domain_frac) units_of_fraction_field0:
+ assumes "a \<in> carrier (Frac R)"
+ assumes "a \<noteq> \<zero>\<^bsub>Frac R\<^esub>"
+ shows "inv\<^bsub>Frac R\<^esub> a = frac (denom a) (numer a)"
+ "a\<otimes>\<^bsub>Frac R\<^esub> (inv\<^bsub>Frac R\<^esub> a) = \<one>\<^bsub>Frac R\<^esub>"
+ "(inv\<^bsub>Frac R\<^esub> a)\<otimes>\<^bsub>Frac R\<^esub>a = \<one>\<^bsub>Frac R\<^esub>"
+proof-
+ have 0: "a \<otimes>\<^bsub>Frac R\<^esub> (frac (denom a) (numer a)) =
+ frac ((numer a) \<otimes> (denom a)) ((numer a) \<otimes> (denom a))"
+ proof -
+ have "denom a \<in> nonzero R"
+ by (simp add: assms(1) numer_denom_facts(3))
+ hence "frac (numer a) (denom a) \<otimes>\<^bsub>Frac R\<^esub> frac (denom a) (numer a)
+ = frac (numer a \<otimes> denom a) (denom a \<otimes> numer a)"
+ by (simp add: assms(1) assms(2) domain_frac.numer_denom_facts(2) domain_frac_axioms frac_mult nonzero_closed nonzero_memI numer_denom_facts(4))
+ thus ?thesis
+ using assms(1) numer_denom_facts(5) domain_frac.numer_denom_facts(2)
+ domain_axioms m_comm nonzero_closed numer_denom_facts(1)
+ by (simp add: domain_frac.numer_denom_facts(2) \<open>denominator R a \<in> nonzero R\<close> domain_frac_axioms)
+ qed
+ have 1:"((numer a) \<otimes> (denom a)) \<in> nonzero R"
+ by (metis assms(1) assms(2) domain_frac.numer_denom_facts(2) domain_frac_axioms
+ local.integral m_closed nonzero_closed nonzero_memI numer_denom_facts(3) numer_denom_facts(4))
+ have 2: "a \<otimes>\<^bsub>Frac R\<^esub> (frac (denom a) (numer a)) = \<one>\<^bsub>Frac R\<^esub>"
+ using 0 1 frac_one by blast
+ have 3: "(frac (denom a) (numer a)) \<in> carrier (Frac R)"
+ by (simp add: assms(1) assms(2) frac_closed nonzero_closed nonzero_memI numer_denom_facts(2) numer_denom_facts(3) numer_denom_facts(4))
+ hence 4: "(frac (denom a) (numer a)) \<in> carrier (Frac R) \<and>
+ a \<otimes>\<^bsub>Frac R\<^esub> (frac (denom a) (numer a)) = \<one>\<^bsub>Frac R\<^esub> \<and>
+ (frac (denom a) (numer a)) \<otimes>\<^bsub>Frac R\<^esub> a = \<one>\<^bsub>Frac R\<^esub>"
+ by (simp add: "2" assms(1) cring.cring_simprules(14) domain.axioms(1) fraction_field_is_domain)
+ thus 5: "inv\<^bsub>Frac R\<^esub> a = frac (denom a) (numer a)"
+ using m_inv_def 2 assms(1) comm_monoid.comm_inv_char cring_def
+ domain_def fraction_field_is_domain by fastforce
+ thus 6: "a\<otimes>\<^bsub>Frac R\<^esub> (inv\<^bsub>Frac R\<^esub> a) = \<one>\<^bsub>Frac R\<^esub>"
+ by (simp add: "2")
+ thus "(inv\<^bsub>Frac R\<^esub> a)\<otimes>\<^bsub>Frac R\<^esub>a = \<one>\<^bsub>Frac R\<^esub>"
+ using assms
+ by (simp add: "4" "5")
+qed
+
+lemma(in domain_frac) units_of_fraction_field:
+"Units (Frac R) = carrier (Frac R) - {\<zero>\<^bsub>Frac R\<^esub>}"
+proof
+ show "Units (Frac R) \<subseteq> carrier (Frac R) - {\<zero>\<^bsub>Frac R\<^esub>}"
+ proof fix x assume A: "x \<in> Units (Frac R)"
+ have "x \<in> carrier (Frac R)"
+ using Units_def \<open>x \<in> Units (Frac R)\<close> by force
+ hence "x \<noteq> \<zero>\<^bsub>Frac R\<^esub>"
+ using fraction_field_is_domain
+ by (simp add: A domain_frac.in_Units_imp_not_zero domain_frac.intro)
+ thus "x \<in> carrier (Frac R) - {\<zero>\<^bsub>Frac R\<^esub>}"
+ by (simp add: \<open>x \<in> carrier (Frac R)\<close>)
+ qed
+ show "carrier (Frac R) - {\<zero>\<^bsub>Frac R\<^esub>} \<subseteq> Units (Frac R)"
+ proof fix x assume A: "x \<in> carrier (Frac R) - {\<zero>\<^bsub>Frac R\<^esub>}"
+ show "x \<in> Units (Frac R)"
+ using comm_monoid.UnitsI(1)[of "Frac R" x "inv\<^bsub>Frac R\<^esub> x"]
+ by (metis A Diff_iff cring.axioms(2) domain.axioms(1) domain_frac.numer_denom_facts(2)
+ domain_frac.numer_denom_facts(3) domain_frac.units_of_fraction_field0(1)
+ domain_frac.units_of_fraction_field0(2) domain_frac_axioms frac_closed
+ fraction_field_is_domain insert_iff nonzero_closed nonzero_memI numer_denom_facts(4))
+ qed
+qed
+
+subsection\<open>The Fraction Field as a Field\<close>
+
+lemma(in domain_frac) fraction_field_is_field:
+"field (Frac R)"
+proof(rule Ring.field.intro)
+ show "domain (Frac R)" by(auto simp: fraction_field_is_domain)
+ show "field_axioms (Frac R)"
+ proof
+ show "Units (Frac R) = carrier (Frac R) - {\<zero>\<^bsub>Frac R\<^esub>}"
+ using units_of_fraction_field by blast
+ qed
+qed
+
+lemma(in domain_frac) frac_inv:
+ assumes "a \<in> nonzero R"
+ assumes "b \<in> nonzero R"
+ shows "inv\<^bsub>Frac R\<^esub> (frac a b) = (frac b a)"
+ using cring_def[of "Frac R"] domain_def[of "Frac R"] fraction_field_is_domain
+ frac_closed[of a b] frac_closed[of b a] nonzero_closed[of a]
+ nonzero_closed[of b] assms comm_monoid.is_invI(2)[of "Frac R" "frac a b" "frac b a"]
+ by (metis frac_mult frac_one integral_iff m_comm nonzero_memE(2) nonzero_memI nonzero_mult_closed)
+
+lemma(in domain_frac) frac_inv_id:
+ assumes "a \<in> nonzero R"
+ assumes "b \<in> nonzero R"
+ assumes "c \<in> nonzero R"
+ assumes "d \<in> nonzero R"
+ assumes "frac a b = frac c d"
+ shows "frac b a = frac d c"
+ using frac_inv assms by metis
+
+lemma(in domain_frac) frac_uminus:
+ assumes "a \<in> carrier R"
+ assumes "b \<in> nonzero R"
+ shows "\<ominus>\<^bsub>Frac R\<^esub> (frac a b) = frac (\<ominus> a) b"
+proof-
+ have "frac (\<ominus> a) b \<oplus>\<^bsub>Frac R\<^esub> (frac a b) = frac (((\<ominus> a)\<otimes>b) \<oplus> (a \<otimes>b)) (b\<otimes>b)"
+ using frac_add by (smt Localization.submonoid.subset add.inv_closed
+ assms(1) assms(2) m_comm nonzero_is_submonoid subsetCE)
+ hence "frac (\<ominus> a) b \<oplus>\<^bsub>Frac R\<^esub> (frac a b) = frac (b \<otimes>((\<ominus> a) \<oplus> a)) (b\<otimes>b)"
+ by (metis (no_types, lifting) add.inv_closed assms(1) assms(2)
+ local.ring_axioms m_comm mem_Collect_eq nonzero_def ringE(4) )
+ hence "frac (\<ominus> a) b \<oplus>\<^bsub>Frac R\<^esub> (frac a b) = (frac \<zero> (b \<otimes>b))"
+ using Localization.submonoid.subset assms(1) assms(2) l_neg nonzero_is_submonoid by fastforce
+ hence "frac (\<ominus> a) b \<oplus>\<^bsub>Frac R\<^esub> (frac a b) = (frac \<zero> \<one>) \<otimes>\<^bsub>Frac R\<^esub> (frac \<zero> (b \<otimes>b))"
+ using frac_mult by (smt Localization.submonoid.m_closed Localization.submonoid.one_closed
+ Localization.submonoid.subset assms(2) l_one nonzero_is_submonoid r_null subsetCE zero_closed)
+ hence "frac (\<ominus> a) b \<oplus>\<^bsub>Frac R\<^esub> (frac a b) = \<zero>\<^bsub>Frac R\<^esub> \<otimes>\<^bsub>Frac R\<^esub> (frac \<zero> (b \<otimes>b))"
+ using Frac_def eq_obj_rng_of_frac.fraction_zero' eq_obj_rng_of_frac_nonzero
+ by (simp add: Frac_def eq_obj_rng_of_frac.fraction_zero fraction_def)
+ hence "frac (\<ominus> a) b \<oplus>\<^bsub>Frac R\<^esub> (frac a b) = \<zero>\<^bsub>Frac R\<^esub>"
+ using fraction_field_is_field
+ by (simp add: Localization.submonoid.m_closed assms(2) cring.cring_simprules(26)
+ domain.axioms(1) frac_closed fraction_field_is_domain nonzero_is_submonoid)
+ thus 0: "\<ominus>\<^bsub>Frac R\<^esub> (frac a b) = frac (\<ominus> a) b"
+ by (metis add.inv_closed assms(1) assms(2) cring.sum_zero_eq_neg
+ domain.axioms(1) frac_closed fraction_field_is_domain)
+qed
+
+lemma(in domain_frac) frac_eqI:
+ assumes "a \<in> carrier R"
+ assumes "b \<in> nonzero R"
+ assumes "c \<in> carrier R"
+ assumes "d \<in> nonzero R"
+ assumes "a \<otimes> d \<ominus> b \<otimes> c = \<zero>"
+ shows "frac a b = frac c d"
+proof-
+ have "frac a b \<ominus>\<^bsub>Frac R\<^esub> frac c d = frac (a \<otimes> d \<ominus> b \<otimes> c) (b\<otimes>d)"
+ by (simp add: a_minus_def assms(1) assms(2) assms(3) assms(4) frac_uminus local.frac_add nonzero_closed r_minus)
+ hence "frac a b \<ominus>\<^bsub>Frac R\<^esub> frac c d = \<zero>\<^bsub>Frac R\<^esub>"
+ by (metis Frac_def assms(2) assms(4) assms(5) eq_obj_rng_of_frac.fraction_zero'
+ eq_obj_rng_of_frac_nonzero fraction_def local.integral nonzero_memE(1) nonzero_memE(2)
+ nonzero_memI nonzero_mult_closed)
+ thus ?thesis
+ by (meson assms(1) assms(2) assms(3) assms(4) field.is_ring frac_closed fraction_field_is_field ring.r_right_minus_eq)
+qed
+
+lemma(in domain_frac) frac_eqI':
+ assumes "a \<in> carrier R"
+ assumes "b \<in> nonzero R"
+ assumes "c \<in> carrier R"
+ assumes "d \<in> nonzero R"
+ assumes "a \<otimes> d = b \<otimes> c"
+ shows "frac a b = frac c d"
+ using assms frac_eqI[of a b c d]
+ by (simp add: nonzero_closed)
+
+lemma(in domain_frac) frac_cancel_l:
+ assumes "a \<in>nonzero R"
+ assumes "b \<in>nonzero R"
+ assumes "c \<in>carrier R"
+ shows "frac (a \<otimes> c) (a \<otimes> b) = frac c b"
+proof-
+ have 0: "frac (a \<otimes>c) (a \<otimes>b) =(frac b b) \<otimes>\<^bsub>Frac R\<^esub> (frac c b)"
+ by (metis (no_types, lifting) assms(1) assms(2) assms(3)
+ frac_mult frac_one mem_Collect_eq nonzero_def)
+ have 1: "frac b b = \<one>\<^bsub>Frac R\<^esub>"
+ by (simp add: assms(2) frac_one)
+ show ?thesis using 0 1
+ using Frac_def assms(2) assms(3) eq_obj_rng_of_frac.rng_rng_of_frac
+ eq_obj_rng_of_frac_nonzero frac_closed ring.ring_simprules(12)
+ by (simp add: Frac_def eq_obj_rng_of_frac.rng_rng_of_frac ring.ring_simprules(12))
+qed
+
+lemma(in domain_frac) frac_cancel_r:
+ assumes "a \<in>nonzero R"
+ assumes "b \<in>nonzero R"
+ assumes "c \<in>carrier R"
+ shows "frac (c \<otimes> a) (b \<otimes> a) = frac c b"
+ by (metis (no_types, lifting) Localization.submonoid.subset assms(1)
+ assms(2) assms(3) frac_cancel_l m_comm nonzero_is_submonoid subsetCE)
+
+lemma(in domain_frac) frac_cancel_lr:
+ assumes "a \<in>nonzero R"
+ assumes "b \<in>nonzero R"
+ assumes "c \<in>carrier R"
+ shows "frac (a \<otimes> c) (b \<otimes> a) = frac c b"
+ by (metis (no_types, lifting) Localization.submonoid.subset assms(1)
+ assms(2) assms(3) frac_cancel_l m_comm nonzero_is_submonoid subsetCE)
+
+lemma(in domain_frac) frac_cancel_rl:
+ assumes "a \<in>nonzero R"
+ assumes "b \<in>nonzero R"
+ assumes "c \<in>carrier R"
+ shows "frac (c \<otimes> a) (a \<otimes> b) = frac c b"
+ by (metis (no_types, lifting) Localization.submonoid.subset assms(1)
+ assms(2) assms(3) frac_cancel_l m_comm nonzero_is_submonoid subsetCE)
+
+lemma(in domain_frac) i_mult:
+ assumes "a \<in> carrier R"
+ assumes "c \<in> carrier R"
+ assumes "d \<in> nonzero R"
+ shows "(\<iota> a) \<otimes>\<^bsub>Frac R\<^esub> (frac c d) = frac (a \<otimes> c) d"
+proof-
+ have "(\<iota> a) \<otimes>\<^bsub>Frac R\<^esub> (frac c d) = (frac a \<one>) \<otimes>\<^bsub>Frac R\<^esub> (frac c d)"
+ by (simp add: assms(1) inc_equation)
+ thus ?thesis
+ by (metis (mono_tags, lifting) assms(1) assms(2) assms(3) cring_simprules(12)
+ cring_simprules(6) frac_mult local.one_not_zero mem_Collect_eq nonzero_def)
+qed
+
+lemma(in domain_frac) frac_eqE:
+ assumes "a \<in> carrier R"
+ assumes "b \<in> nonzero R"
+ assumes "c \<in> carrier R"
+ assumes "d \<in> nonzero R"
+ assumes "frac a b = frac c d"
+ shows "a \<otimes> d = b \<otimes> c"
+proof-
+ have "(\<iota> b) \<otimes>\<^bsub>Frac R\<^esub> (frac a b) = (\<iota> b) \<otimes>\<^bsub>Frac R\<^esub> (frac c d)"
+ by (simp add: assms(5))
+ hence "(frac (a \<otimes> b) b) = (frac (c \<otimes> b) d)"
+ using i_mult
+ by (metis (no_types, lifting) Localization.submonoid.subset assms(1)
+ assms(2) assms(3) assms(4) m_comm nonzero_is_submonoid subsetCE)
+ hence "(frac a \<one>) = (frac (c \<otimes> b) d)"
+ by (smt assms(1) assms(2) frac_cancel_r l_one mem_Collect_eq nonzero_def one_closed zero_not_one)
+ hence "(\<iota> d) \<otimes>\<^bsub>Frac R\<^esub>(frac a \<one>) =(\<iota> d) \<otimes>\<^bsub>Frac R\<^esub> (frac (c \<otimes> b) d)"
+ by auto
+ hence "(frac (a \<otimes> d) \<one>) =(frac ((c \<otimes> b)\<otimes> d) d)"
+ using i_mult
+ by (smt Localization.submonoid.m_closed Localization.submonoid.subset assms(1) assms(2) assms(3)
+ assms(4) cring_simprules(27) cring_simprules(6) local.one_not_zero m_comm
+ mem_Collect_eq nonzero_def nonzero_is_submonoid)
+ hence "(frac (a \<otimes> d) \<one>) =(frac (c \<otimes> b) \<one>)"
+ by (smt Localization.submonoid.subset assms(2) assms(3) assms(4) cring_simprules(5)
+ cring_simprules(6) frac_one i_mult inc_equation inc_is_hom nonzero_is_submonoid
+ r_one ring_hom_mult ring_hom_one subsetCE)
+ thus ?thesis using assms
+ unfolding fraction_def
+ by (simp add: fraction_def inc_equation inc_inj2 m_comm nonzero_closed)
+qed
+
+lemma(in domain_frac) frac_add_common_denom:
+ assumes "a \<in> carrier R"
+ assumes "b \<in> carrier R"
+ assumes "c \<in> nonzero R"
+ shows "(frac a c) \<oplus>\<^bsub>Frac R\<^esub> (frac b c) = frac (a \<oplus> b) c"
+proof-
+ have "(frac a c) \<oplus>\<^bsub>Frac R\<^esub> (frac b c) = frac ((a \<otimes> c) \<oplus> (b \<otimes> c)) (c \<otimes> c)"
+ using assms(1) assms(2) assms(3) domain_frac.frac_add domain_axioms frac_eqE local.frac_add
+ by auto
+ hence "(frac a c) \<oplus>\<^bsub>Frac R\<^esub> (frac b c) = frac ((a \<oplus> b) \<otimes> c) (c \<otimes> c)"
+ by (metis Localization.submonoid.subset assms(1) assms(2) assms(3) l_distr nonzero_is_submonoid subsetCE)
+ thus ?thesis
+ by (simp add: assms(1) assms(2) assms(3) frac_cancel_r)
+qed
+
+lemma(in domain_frac) common_denominator:
+ assumes "x \<in> carrier (Frac R)"
+ assumes "y \<in> carrier (Frac R)"
+ obtains a b c where
+ "a \<in> carrier R"
+ "b \<in> carrier R"
+ "c \<in> nonzero R"
+ "x = frac a c"
+ "y = frac b c"
+proof-
+ obtain x1 x2 where X1: "x1 \<in> carrier R" and X2: "x2 \<in> nonzero R" and Fx: "x = frac x1 x2"
+ by (meson assms(1) numer_denom_facts(1) numer_denom_facts(2) numer_denom_facts(3))
+ obtain y1 y2 where Y1: "y1 \<in> carrier R" and Y2: "y2 \<in> nonzero R" and Fy: "y = frac y1 y2"
+ by (meson assms(2) numer_denom_facts(1) numer_denom_facts(2) numer_denom_facts(3))
+ let ?a = "x1 \<otimes> y2"
+ let ?b = "y1 \<otimes> x2"
+ let ?c = "x2 \<otimes> y2"
+ have 0: "?a \<in> carrier R"
+ using X1 Y2 by (simp add: nonzero_def)
+ have 1: "?b \<in> carrier R" using Y1 X2
+ by (simp add: nonzero_def)
+ have 2: "?c \<in> nonzero R" using X2 Y2
+ by (simp add: Localization.submonoid.m_closed nonzero_is_submonoid)
+ have 3: "x = frac ?a ?c"
+ using Fx X1 X2 Y2 frac_cancel_r by auto
+ have 4: "y = frac ?b ?c"
+ using Fy X2 Y1 Y2 frac_cancel_rl by auto
+ thus ?thesis using 0 1 2 3 4
+ using that by blast
+qed
+
+sublocale domain_frac < F: field "Frac R"
+ by (simp add: fraction_field_is_field)
+
+text\<open>Inclusions of natural numbers into \texttt{(Frac R)}:\<close>
+
+lemma(in domain_frac) nat_0:
+"[(0::nat)]\<cdot>\<one> = \<zero>"
+ by simp
+
+lemma(in domain_frac) nat_suc:
+"[Suc n]\<cdot>\<one> = \<one> \<oplus> [n]\<cdot>\<one>"
+ using add.nat_pow_Suc2 by auto
+
+lemma(in domain_frac) nat_inc_rep:
+ fixes n::nat
+ shows "[n]\<cdot>\<^bsub>Frac R\<^esub> \<one>\<^bsub>Frac R\<^esub> = frac ([n]\<cdot>\<one>) \<one>"
+proof(induction n)
+ case 0
+ have "[(0::nat)] \<cdot>\<^bsub>Frac R\<^esub> \<one>\<^bsub>Frac R\<^esub> = \<zero>\<^bsub>Frac R\<^esub>"
+ using fraction_field_is_domain
+ by (simp add: domain_frac.intro domain_frac.nat_0)
+ thus ?case
+ by (simp add: Frac_def eq_obj_rng_of_frac.fraction_zero eq_obj_rng_of_frac_nonzero fraction_def)
+next
+ case (Suc n)
+ assume A: "[n] \<cdot>\<^bsub>Frac R\<^esub> \<one>\<^bsub>Frac R\<^esub> = frac ([n] \<cdot> \<one>) \<one>"
+ have "[Suc n] \<cdot>\<^bsub>Frac R\<^esub> \<one>\<^bsub>Frac R\<^esub> = \<one>\<^bsub>Frac R\<^esub> \<oplus>\<^bsub>Frac R\<^esub> [n] \<cdot>\<^bsub>Frac R\<^esub> \<one>\<^bsub>Frac R\<^esub>"
+ using F.add.nat_pow_Suc2 by auto
+ hence "[Suc n] \<cdot>\<^bsub>Frac R\<^esub> \<one>\<^bsub>Frac R\<^esub> = (frac \<one> \<one>) \<oplus>\<^bsub>Frac R\<^esub> (frac ([n] \<cdot> \<one>) \<one>)"
+ by (simp add: Suc.IH frac_one nonzero_def)
+ hence "[Suc n] \<cdot>\<^bsub>Frac R\<^esub> \<one>\<^bsub>Frac R\<^esub> = (frac (\<one>\<oplus>[n] \<cdot> \<one>) \<one>)"
+ by (simp add: frac_add_common_denom nonzero_def)
+ thus ?case
+ using nat_suc by auto
+qed
+
+lemma(in domain_frac) pow_0:
+ assumes "a \<in> nonzero R"
+ shows "a[^](0::nat) = \<one>"
+ by simp
+
+lemma(in domain_frac) pow_suc:
+ assumes "a \<in> carrier R"
+ shows "a[^](Suc n) = a \<otimes>(a[^]n)"
+ using assms nat_pow_Suc2 by auto
+
+lemma(in domain_frac) nat_inc_add:
+"[((n::nat) + (m::nat))]\<cdot>\<one> = [n]\<cdot>\<one> \<oplus> [m]\<cdot>\<one>"
+ using domain_def add_pow_def
+ by (simp add: add.nat_pow_mult)
+
+lemma(in domain_frac) int_inc_add:
+"[((n::int) + (m::int))]\<cdot>\<one> = [n]\<cdot>\<one> \<oplus> [m]\<cdot>\<one>"
+ using domain_def add_pow_def
+ by (simp add: add.int_pow_mult)
+
+lemma(in domain_frac) nat_inc_mult:
+"[((n::nat) * (m::nat))]\<cdot>\<one> = [n]\<cdot>\<one> \<otimes> [m]\<cdot>\<one>"
+ using domain_def add_pow_def
+ by (simp add: Groups.mult_ac(2) add.nat_pow_pow add_pow_ldistr)
+
+lemma(in domain_frac) int_inc_mult:
+"[((n::int) * (m::int))]\<cdot>\<one> = [n]\<cdot>\<one> \<otimes> [m]\<cdot>\<one>"
+ using domain_def add_pow_def
+ by (simp add: Groups.mult_ac(2) add.int_pow_pow add_pow_ldistr_int)
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Facts About Ring Units\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+lemma(in ring) Units_nonzero:
+ assumes "u \<in> Units R"
+ assumes "\<one>\<^bsub>R\<^esub> \<noteq> \<zero>\<^bsub>R\<^esub>"
+ shows "u \<in> nonzero R"
+proof-
+ have "u \<in>carrier R"
+ using Units_closed assms by auto
+ have "u \<noteq>\<zero>"
+ using Units_r_inv_ex assms(1) assms(2)
+ by force
+ thus ?thesis
+ by (simp add: \<open>u \<in> carrier R\<close> nonzero_def)
+qed
+
+lemma(in ring) Units_inverse:
+ assumes "u \<in> Units R"
+ shows "inv u \<in> Units R"
+ by (simp add: assms)
+
+lemma(in cring) invI:
+ assumes "x \<in> carrier R"
+ assumes "y \<in> carrier R"
+ assumes "x \<otimes>\<^bsub>R\<^esub> y = \<one>\<^bsub>R\<^esub>"
+ shows "y = inv \<^bsub>R\<^esub> x"
+ "x = inv \<^bsub>R\<^esub> y"
+ using assms(1) assms(2) assms(3) is_invI
+ by auto
+
+lemma(in cring) inv_cancelR:
+ assumes "x \<in> Units R"
+ assumes "y \<in> carrier R"
+ assumes "z \<in> carrier R"
+ assumes "y = x \<otimes>\<^bsub>R\<^esub> z"
+ shows "inv\<^bsub>R\<^esub> x \<otimes>\<^bsub>R\<^esub> y = z"
+ "y \<otimes>\<^bsub>R\<^esub> (inv\<^bsub>R\<^esub> x) = z"
+ apply (metis Units_closed assms(1) assms(3) assms(4) cring.cring_simprules(12)
+ is_cring m_assoc monoid.Units_inv_closed monoid.Units_l_inv monoid_axioms)
+ by (metis Units_closed assms(1) assms(3) assms(4) m_assoc m_comm monoid.Units_inv_closed
+ monoid.Units_r_inv monoid.r_one monoid_axioms)
+
+lemma(in cring) inv_cancelL:
+ assumes "x \<in> Units R"
+ assumes "y \<in> carrier R"
+ assumes "z \<in> carrier R"
+ assumes "y = z \<otimes>\<^bsub>R\<^esub> x"
+ shows "inv\<^bsub>R\<^esub> x \<otimes>\<^bsub>R\<^esub> y = z"
+ "y \<otimes>\<^bsub>R\<^esub> (inv\<^bsub>R\<^esub> x) = z"
+ apply (simp add: Units_closed assms(1) assms(3) assms(4) m_lcomm)
+ by (simp add: Units_closed assms(1) assms(3) assms(4) m_assoc)
+
+lemma(in domain_frac) nat_pow_nonzero:
+ assumes "x \<in>nonzero R"
+ shows "x[^](n::nat) \<in> nonzero R"
+ unfolding nonzero_def
+ apply(induction n)
+ using assms integral_iff nonzero_closed zero_not_in_nonzero by auto
+
+lemma(in monoid) Units_int_pow_closed:
+ assumes "x \<in> Units G"
+ shows "x[^](n::int) \<in> Units G"
+ by (metis Units_pow_closed assms int_pow_def2 monoid.Units_inv_Units monoid_axioms)
+
+subsection\<open>Facts About Fraction Field Units\<close>
+
+lemma(in domain_frac) frac_nonzero_Units:
+"nonzero (Frac R) = Units (Frac R)"
+ unfolding nonzero_def using F.field_Units
+ by blast
+
+lemma(in domain_frac) frac_nonzero_inv_Unit:
+ assumes "b \<in> nonzero (Frac R)"
+ shows "inv\<^bsub>Frac R\<^esub> b \<in> Units (Frac R)"
+ using assms frac_nonzero_Units
+ by simp
+
+lemma(in domain_frac) frac_nonzero_inv_closed:
+ assumes "b \<in> nonzero (Frac R)"
+ shows "inv\<^bsub>Frac R\<^esub> b \<in> carrier (Frac R)"
+ using frac_nonzero_inv_Unit
+ by (simp add: Units_def assms)
+
+lemma(in domain_frac) frac_nonzero_inv:
+ assumes "b \<in> nonzero (Frac R)"
+ shows "b \<otimes>\<^bsub>Frac R\<^esub> inv \<^bsub>Frac R\<^esub> b = \<one>\<^bsub>Frac R\<^esub>"
+ "inv \<^bsub>Frac R\<^esub> b \<otimes>\<^bsub>Frac R\<^esub> b = \<one>\<^bsub>Frac R\<^esub>"
+ using frac_nonzero_Units assms by auto
+
+lemma(in domain_frac) fract_cancel_right[simp]:
+ assumes "a \<in> carrier (Frac R)"
+ assumes "b \<in> nonzero (Frac R)"
+ shows "b \<otimes>\<^bsub>Frac R\<^esub> (a \<otimes>\<^bsub>Frac R\<^esub> inv\<^bsub>Frac R\<^esub> b) = a"
+ by (metis F.Units_inv_inv F.inv_cancelL(1) F.m_closed assms(1) assms(2) frac_nonzero_Units frac_nonzero_inv_Unit frac_nonzero_inv_closed)
+
+lemma(in domain_frac) fract_cancel_left[simp]:
+ assumes "a \<in> carrier (Frac R)"
+ assumes "b \<in> nonzero (Frac R)"
+ shows "(a \<otimes>\<^bsub>Frac R\<^esub> inv\<^bsub>Frac R\<^esub> b) \<otimes>\<^bsub>Frac R\<^esub> b = a"
+ by (metis Diff_iff assms(1) assms(2) cring.cring_simprules(14) cring.cring_simprules(5)
+ domain.axioms(1) frac_nonzero_Units frac_nonzero_inv_closed fract_cancel_right
+ fraction_field_is_domain units_of_fraction_field)
+
+lemma(in domain_frac) fract_mult_inv:
+ assumes "b \<in> nonzero (Frac R)"
+ assumes "d \<in> nonzero (Frac R)"
+ shows "(inv\<^bsub>Frac R\<^esub> b) \<otimes>\<^bsub>Frac R\<^esub> (inv\<^bsub>Frac R\<^esub> d) = (inv\<^bsub>Frac R\<^esub> (b \<otimes>\<^bsub>Frac R\<^esub>d))"
+ by (metis F.Units_inv_closed F.Units_m_closed F.inv_cancelR(2) F.nonzero_closed assms(1) assms(2) frac_nonzero_Units)
+
+lemma(in domain_frac) fract_mult:
+ assumes "a \<in> carrier (Frac R)"
+ assumes "b \<in> nonzero (Frac R)"
+ assumes "c \<in> carrier (Frac R)"
+ assumes "d \<in> nonzero (Frac R)"
+ shows "(a \<otimes>\<^bsub>Frac R\<^esub> inv\<^bsub>Frac R\<^esub> b) \<otimes>\<^bsub>Frac R\<^esub> (c \<otimes>\<^bsub>Frac R\<^esub> inv\<^bsub>Frac R\<^esub> d) = ((a \<otimes>\<^bsub>Frac R\<^esub> c)\<otimes>\<^bsub>Frac R\<^esub> inv\<^bsub>Frac R\<^esub> (b \<otimes>\<^bsub>Frac R\<^esub>d))"
+ using F.m_assoc F.m_lcomm assms(1) assms(2) assms(3) assms(4) frac_nonzero_Units fract_mult_inv by auto
+
+lemma(in domain_frac) Frac_nat_pow_nonzero:
+ assumes "x \<in> nonzero (Frac R)"
+ shows "x[^]\<^bsub>Frac R\<^esub>(n::nat) \<in> nonzero (Frac R)"
+ by (simp add: assms domain_frac.intro domain_frac.nat_pow_nonzero fraction_field_is_domain)
+
+lemma(in domain_frac) Frac_nonzero_nat_pow:
+ assumes "x \<in> carrier (Frac R)"
+ assumes "n > 0"
+ assumes "x[^]\<^bsub>Frac R\<^esub>(n::nat) \<in> nonzero (Frac R)"
+ shows "x \<in> nonzero (Frac R)"
+proof(rule ccontr)
+ assume "x \<notin> nonzero (Frac R)"
+ hence 0: "x = \<zero>\<^bsub>Frac R\<^esub>"
+ by (simp add: assms(1) nonzero_def)
+ have "x[^]\<^bsub>Frac R\<^esub>(n::nat) = \<zero>\<^bsub>Frac R\<^esub>"
+ proof-
+ obtain k where "n = Suc k"
+ using assms(2) lessE by blast
+ hence 00: "x[^]\<^bsub>Frac R\<^esub>(n::nat) = x[^]\<^bsub>Frac R\<^esub>k \<otimes>\<^bsub>Frac R\<^esub> x"
+ by simp
+ have "x[^]\<^bsub>Frac R\<^esub>k \<in> carrier (Frac R)"
+ using assms monoid.nat_pow_closed[of "Frac R" x k]
+ by (meson field.is_ring fraction_field_is_field ring_def)
+ thus ?thesis using 0 assms
+ using "00" cring.cring_simprules(27) domain.axioms(1) fraction_field_is_domain by fastforce
+ qed
+ thus False
+ using "0" \<open>x \<notin> nonzero (Frac R)\<close> assms(3) by auto
+qed
+
+lemma(in domain_frac) Frac_int_pow_nonzero:
+ assumes "x \<in> nonzero (Frac R)"
+ shows "x[^]\<^bsub>Frac R\<^esub>(n::int) \<in> nonzero (Frac R)"
+ using assms field.is_ring frac_nonzero_Units fraction_field_is_field monoid.Units_pow_closed[of "Frac R" x]
+ by (simp add: field.is_ring monoid.Units_int_pow_closed ring.is_monoid)
+
+lemma(in domain_frac) Frac_nonzero_int_pow:
+ assumes "x \<in> carrier (Frac R)"
+ assumes "n > 0"
+ assumes "x[^]\<^bsub>Frac R\<^esub>(n::int) \<in> nonzero (Frac R)"
+ shows "x \<in> nonzero (Frac R)"
+ by (metis (mono_tags, opaque_lifting) Frac_nonzero_nat_pow assms int_pow_int pos_int_cases)
+
+lemma(in domain_frac) numer_denom_frac[simp]:
+ assumes "a \<in> nonzero R"
+ assumes "b \<in> nonzero R"
+ shows "frac (numer (frac a b)) (denom (frac a b)) = frac a b"
+ using assms(1) assms(2) domain_frac.numer_denom_facts(1)
+domain_axioms frac_closed nonzero_closed numer_denom_facts(1) by auto
+
+lemma(in domain_frac) numer_denom_swap:
+ assumes "a \<in> nonzero R"
+ assumes "b \<in> nonzero R"
+ shows "a \<otimes> (denom (frac a b)) = b \<otimes> (numer (frac a b))"
+ using numer_denom_frac[of a b] assms
+ by (simp add: frac_closed frac_eqE nonzero_closed numer_denom_facts(2) numer_denom_facts(3))
+
+lemma(in domain_frac) numer_nonzero:
+ assumes "a \<in> nonzero (Frac R)"
+ shows "numer a \<in> nonzero R"
+ using assms numer_denom_facts(4)[of a] zero_not_in_nonzero[of R]
+ by (simp add: frac_nonzero_Units nonzero_memI numer_denom_facts(2) units_of_fraction_field)
+
+lemma(in domain_frac) fraction_zero[simp]:
+ assumes "b \<in> nonzero R"
+ shows "frac \<zero> b = \<zero>\<^bsub>Frac R\<^esub>"
+ by (metis Frac_def assms eq_obj_rng_of_frac.fraction_zero' eq_obj_rng_of_frac_nonzero fraction_def nonzero_memE(2))
+
+end
diff --git a/thys/Padic_Field/Generated_Boolean_Algebra.thy b/thys/Padic_Field/Generated_Boolean_Algebra.thy
new file mode 100755
--- /dev/null
+++ b/thys/Padic_Field/Generated_Boolean_Algebra.thy
@@ -0,0 +1,1388 @@
+theory Generated_Boolean_Algebra
+ imports Main
+begin
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+section\<open>Generated Boolean Algebras of Sets\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Definitions and Basic Lemmas\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+lemma equalityI':
+ assumes "\<And>x. x \<in> A \<Longrightarrow> x \<in> B"
+ assumes "\<And>x. x \<in> B \<Longrightarrow> x \<in> A"
+ shows "A = B"
+ using assms by blast
+
+lemma equalityI'':
+ assumes "\<And>x. A x \<Longrightarrow> B x"
+ assumes "\<And>x. B x \<Longrightarrow> A x"
+ shows "{x. A x} = {x. B x}"
+ using assms by blast
+
+lemma SomeE:
+ assumes "a = (SOME x. P x)"
+ assumes "P c"
+ shows "P a"
+ using assms by (meson verit_sko_ex)
+
+lemma SomeE':
+ assumes "a = (SOME x. P x)"
+ assumes "\<exists> x. P x"
+ shows "P a"
+ using assms by (meson verit_sko_ex)
+
+section\<open>Basic notions about boolean algebras over a set \<open>S\<close>, generated by a set of generators \<open>B\<close>\<close>
+
+text\<open>Note that the generators \<open>B\<close> need not be subsets of the set \<open>S\<close>\<close>
+
+inductive_set gen_boolean_algebra
+ for S and B where
+ universe: "S \<in> gen_boolean_algebra S B"
+ | generator: "A \<in> B \<Longrightarrow> A \<inter> S \<in> gen_boolean_algebra S B"
+ | union: "\<lbrakk> A \<in> gen_boolean_algebra S B; C \<in> gen_boolean_algebra S B\<rbrakk> \<Longrightarrow> A \<union> C \<in> gen_boolean_algebra S B"
+ | complement: "A \<in> gen_boolean_algebra S B \<Longrightarrow> S - A \<in> gen_boolean_algebra S B"
+
+lemma gen_boolean_algebra_subset:
+ shows "A \<in> gen_boolean_algebra S B \<Longrightarrow> A \<subseteq> S"
+ apply(induction A rule: gen_boolean_algebra.induct)
+ apply blast
+ apply blast
+ apply blast
+ by blast
+
+lemma gen_boolean_algebra_intersect:
+ assumes "A \<in> gen_boolean_algebra S B"
+ assumes "C \<in> gen_boolean_algebra S B"
+ shows "A \<inter> C \<in> gen_boolean_algebra S B"
+proof-
+ have 0: "S - A \<in> gen_boolean_algebra S B"
+ using assms(1) gen_boolean_algebra.complement by blast
+ have 1: "S - C \<in> gen_boolean_algebra S B"
+ using assms(2) gen_boolean_algebra.complement by blast
+ have 2: "(S - A) \<union> (S - C) \<in> gen_boolean_algebra S B"
+ using "0" "1" gen_boolean_algebra.union by blast
+ have "S - (A \<inter> C) \<in> gen_boolean_algebra S B"
+ by (simp add: 2 Diff_Int)
+ then have 3: "S - (S - (A \<inter> C)) \<in> gen_boolean_algebra S B"
+ using gen_boolean_algebra.complement
+ by blast
+ have "A \<inter> C \<subseteq> S"
+ using assms(1) gen_boolean_algebra_subset
+ by blast
+ then show ?thesis
+ using 3
+ by (metis "0" Diff_partition Un_subset_iff assms(1) double_diff gen_boolean_algebra_subset)
+qed
+
+lemma gen_boolean_algebra_diff:
+ assumes "A \<in> gen_boolean_algebra S B"
+ assumes "C \<in> gen_boolean_algebra S B"
+ shows "A - C \<in> gen_boolean_algebra S B"
+proof-
+ have "A - C = A \<inter> (S - C)"
+ by (metis Int_Diff assms(1) gen_boolean_algebra_subset inf_absorb1)
+ then show ?thesis
+ by (metis assms(1) assms(2) gen_boolean_algebra.complement gen_boolean_algebra_intersect)
+qed
+
+lemma gen_boolean_algebra_diff_eq:
+ assumes "A \<in> gen_boolean_algebra S B"
+ assumes "C \<in> gen_boolean_algebra S B"
+ shows "A - C = A \<inter> (S - C)"
+ by (metis Int_Diff assms(1) gen_boolean_algebra_subset inf_absorb1)
+
+lemma gen_boolean_algebra_finite_union:
+ assumes "\<And>a. a \<in> A \<Longrightarrow> a \<in> gen_boolean_algebra S B"
+ assumes "finite A"
+ shows "\<Union>A \<in> gen_boolean_algebra S B"
+proof-
+ have "(\<forall>a \<in> A. a \<in> gen_boolean_algebra S B) \<longrightarrow> \<Union>A \<in> gen_boolean_algebra S B"
+ apply(rule finite.induct[of A])
+ apply (simp add: assms(2); fail)
+ apply (metis DiffE Union_empty ex_in_conv gen_boolean_algebra.simps)
+ by (metis Union_insert gen_boolean_algebra.simps insert_iff)
+ then show ?thesis using assms by blast
+qed
+
+lemma gen_boolean_algebra_finite_intersection:
+ assumes "\<And>a. a \<in> A \<Longrightarrow> a \<in> gen_boolean_algebra S B"
+ assumes "finite A"
+ assumes "A \<noteq> {}"
+ shows "\<Inter>A \<in> gen_boolean_algebra S B"
+proof-
+ have "(\<forall>a \<in> A. a \<in> gen_boolean_algebra S B) \<and> A \<noteq> {} \<longrightarrow> \<Inter>A \<in> gen_boolean_algebra S B"
+ apply(rule finite.induct[of A])
+ apply (simp add: assms(2))
+ apply force
+ using gen_boolean_algebra_intersect by auto
+ then show ?thesis using assms by blast
+qed
+
+lemma gen_boolean_algebra_generators:
+ assumes "\<And>b. b \<in> B \<Longrightarrow> b \<subseteq> S"
+ assumes "b \<in> B"
+ shows "b \<in> gen_boolean_algebra S B"
+ unfolding gen_boolean_algebra.simps[of b] using assms(1)[of b] assms(2) by blast
+
+lemma gen_boolean_algebra_generator_subset:
+ assumes "A \<in> gen_boolean_algebra S As"
+ assumes "As \<subseteq> Bs"
+ shows "A \<in> gen_boolean_algebra S Bs"
+ apply(rule gen_boolean_algebra.induct[of A S As])
+ using assms(1) apply blast
+ apply (simp add: gen_boolean_algebra.intros(1); fail)
+ apply (meson Set.basic_monos(7) assms(2) gen_boolean_algebra.intros(2))
+ using gen_boolean_algebra.intros(3) apply blast
+ using gen_boolean_algebra.intros(4) by blast
+
+lemma gen_boolean_algebra_generators_union:
+ assumes "A \<in> gen_boolean_algebra S As"
+ assumes "C \<in> gen_boolean_algebra S Cs"
+ shows "A \<union> C \<in> gen_boolean_algebra S (As \<union> Cs)"
+ apply(rule gen_boolean_algebra.induct[of C S Cs])
+ using assms apply blast
+apply(rule gen_boolean_algebra.union)
+ apply(rule gen_boolean_algebra_generator_subset[of _ _ As], rule assms, blast)
+ apply(rule gen_boolean_algebra.universe)
+ apply(rule gen_boolean_algebra.union)
+ apply(rule gen_boolean_algebra_generator_subset[of _ _ As], rule assms, blast)
+ apply(rule gen_boolean_algebra.generator, blast)
+ apply(rule gen_boolean_algebra.union)
+ apply(rule gen_boolean_algebra_generator_subset[of _ _ As], rule assms, blast)
+ apply(rule gen_boolean_algebra.union)
+ apply(rule gen_boolean_algebra_generator_subset[of _ _ Cs], blast, blast)
+ apply(rule gen_boolean_algebra_generator_subset[of _ _ Cs], blast, blast)
+ apply(rule gen_boolean_algebra.union)
+ apply(rule gen_boolean_algebra_generator_subset[of _ _ As], rule assms, blast)
+ apply(rule gen_boolean_algebra_generator_subset[of _ _ Cs])
+ apply(rule gen_boolean_algebra_diff)
+ apply(rule gen_boolean_algebra.universe)
+ apply blast
+by blast
+
+lemma gen_boolean_algebra_finite_gen_wits:
+ assumes "A \<in> gen_boolean_algebra S B"
+ shows "\<exists> Bs. finite Bs \<and> Bs \<subseteq> B \<and> A \<in> gen_boolean_algebra S Bs"
+proof(rule gen_boolean_algebra.induct[of A S B])
+ show " A \<in> gen_boolean_algebra S B"
+ using assms by blast
+ show "\<exists>Bs. finite Bs \<and> Bs \<subseteq> B \<and> S \<in> gen_boolean_algebra S Bs"
+ using gen_boolean_algebra.universe[of S "{}"]
+ by blast
+ show "\<And>A. A \<in> B \<Longrightarrow> \<exists>Bs. finite Bs \<and> Bs \<subseteq> B \<and> A \<inter> S \<in> gen_boolean_algebra S Bs"
+ proof- fix A assume A: "A \<in> B"
+ have 0: "{A} \<subseteq> B"
+ using A by blast
+ show "\<exists>Bs. finite Bs \<and> Bs \<subseteq> B \<and> A \<inter> S \<in> gen_boolean_algebra S Bs"
+ using gen_boolean_algebra.generator[of A "{A}" S] 0
+ by (meson finite.emptyI finite.insertI singletonI)
+ qed
+ show "\<And>A C. A \<in> gen_boolean_algebra S B \<Longrightarrow>
+ \<exists>Bs. finite Bs \<and> Bs \<subseteq> B \<and> A \<in> gen_boolean_algebra S Bs \<Longrightarrow>
+ C \<in> gen_boolean_algebra S B \<Longrightarrow>
+ \<exists>Bs. finite Bs \<and> Bs \<subseteq> B \<and> C \<in> gen_boolean_algebra S Bs \<Longrightarrow> \<exists>Bs. finite Bs \<and> Bs \<subseteq> B \<and> A \<union> C \<in> gen_boolean_algebra S Bs"
+ proof- fix A C
+ assume A: "A \<in> gen_boolean_algebra S B"
+ "\<exists>Bs. finite Bs \<and> Bs \<subseteq> B \<and> A \<in> gen_boolean_algebra S Bs"
+ "C \<in> gen_boolean_algebra S B"
+ "\<exists>Bs. finite Bs \<and> Bs \<subseteq> B \<and> C \<in> gen_boolean_algebra S Bs"
+ obtain As where As_def: "finite As \<and> As \<subseteq> B \<and> A \<in> gen_boolean_algebra S As"
+ using A by blast
+ obtain Cs where Cs_def: "finite Cs \<and> Cs \<subseteq> B \<and> C \<in> gen_boolean_algebra S Cs"
+ using A by blast
+ obtain Bs where Bs_def: "Bs = As \<union> Cs"
+ by blast
+ have Bs_sub: "Bs \<subseteq> B"
+ unfolding Bs_def using As_def Cs_def by blast
+ have 0: " A \<union> C \<in> gen_boolean_algebra S Bs"
+ unfolding Bs_def
+ apply(rule gen_boolean_algebra_generators_union)
+ using As_def apply blast
+ using Cs_def by blast
+ have 1: "finite Bs"
+ unfolding Bs_def using As_def Cs_def by blast
+ show " \<exists>Bs. finite Bs \<and> Bs \<subseteq> B \<and> A \<union> C \<in> gen_boolean_algebra S Bs"
+ using Bs_sub 0 1 by blast
+ qed
+ show "\<And>A. A \<in> gen_boolean_algebra S B \<Longrightarrow>
+ \<exists>Bs. finite Bs \<and> Bs \<subseteq> B \<and> A \<in> gen_boolean_algebra S Bs \<Longrightarrow> \<exists>Bs. finite Bs \<and> Bs \<subseteq> B \<and> S - A \<in> gen_boolean_algebra S Bs"
+ using gen_boolean_algebra.complement by blast
+qed
+
+lemma gen_boolean_algebra_univ_mono:
+ assumes "A \<in> gen_boolean_algebra S B"
+ shows "gen_boolean_algebra A B \<subseteq> gen_boolean_algebra S B "
+proof(rule subsetI) fix x assume A: "x \<in> gen_boolean_algebra A B"
+ obtain a where a_def: "a = A"
+ by blast
+ have 0: "a \<in> gen_boolean_algebra S B"
+ unfolding a_def using assms by blast
+ have 1: "a = A \<inter> S"
+ using assms gen_boolean_algebra_subset unfolding a_def by blast
+ show "x \<in> gen_boolean_algebra S B "
+ apply(rule gen_boolean_algebra.induct[of x a B])
+ using A a_def apply blast apply(rule 0)
+ apply (metis 1 Int_left_commute assms gen_boolean_algebra.intros(2) gen_boolean_algebra_intersect)
+ apply(rule gen_boolean_algebra.union, blast, blast)
+ apply(rule gen_boolean_algebra_diff)
+ apply(rule 0)
+ by blast
+qed
+
+text\<open>
+ The boolean algebra generated by a collection of elements in another algebra is contained
+ in the original algebra:
+\<close>
+lemma gen_boolean_algebra_subalgebra:
+ assumes "Xs \<subseteq> gen_boolean_algebra S B"
+ shows "gen_boolean_algebra S Xs \<subseteq> gen_boolean_algebra S B"
+proof fix x assume A: "x \<in> gen_boolean_algebra S Xs"
+ show "x \<in> gen_boolean_algebra S B "
+ apply(rule gen_boolean_algebra.induct[of x S Xs])
+ apply (simp add: A; fail)
+ apply (simp add: gen_boolean_algebra.universe; fail)
+ using assms gen_boolean_algebra.universe gen_boolean_algebra_intersect apply blast
+ apply (simp add: gen_boolean_algebra.union; fail)
+ by (simp add: gen_boolean_algebra.complement)
+qed
+
+lemma gen_boolean_algebra_idempotent:
+ assumes "S = \<Union> Xs"
+ shows "gen_boolean_algebra S (gen_boolean_algebra S Xs) = (gen_boolean_algebra S Xs)"
+ apply(rule equalityI)
+ apply(rule subsetI)
+ apply (meson equalityD2 gen_boolean_algebra_subalgebra in_mono)
+ apply(rule subsetI)
+ by (metis gen_boolean_algebra.simps gen_boolean_algebra_subset inf.absorb1)
+
+text\<open>We can always replace the set of generators \<open>Xs\<close> with their intersections with the universe
+ set \<open>S\<close>, and obtain the same algebra.\<close>
+
+lemma gen_boolean_algebra_restrict_generators:
+"gen_boolean_algebra S Xs =gen_boolean_algebra S ((\<inter>) S ` Xs)"
+proof(rule equalityI')
+ fix x assume A: "x \<in> gen_boolean_algebra S Xs"
+ show "x \<in> gen_boolean_algebra S ((\<inter>) S ` Xs)"
+ apply(rule gen_boolean_algebra.induct[of x S Xs], rule A, rule gen_boolean_algebra.universe)
+ apply (metis gen_boolean_algebra.generator image_eqI inf.right_idem inf_commute)
+ apply(rule gen_boolean_algebra.union, blast, blast)
+ by(rule gen_boolean_algebra_diff, rule gen_boolean_algebra.universe, blast)
+next
+ fix x assume A: "x \<in> gen_boolean_algebra S ((\<inter>) S ` Xs)"
+ show "x \<in> gen_boolean_algebra S Xs"
+ apply(rule gen_boolean_algebra.induct[of x S "(\<inter>) S ` Xs"], rule A, rule gen_boolean_algebra.universe,
+ rule gen_boolean_algebra_intersect )
+ using gen_boolean_algebra.generator[of _ Xs S]
+ apply (metis (no_types, lifting) Int_commute image_iff)
+ apply(rule gen_boolean_algebra.universe)
+ apply(rule gen_boolean_algebra.union, blast, blast)
+ by(rule gen_boolean_algebra_diff, rule gen_boolean_algebra.universe, blast)
+qed
+
+text\<open>Adding a generator to a generated boolean algebra is redundant if the generator already
+ lies in the algebra.\<close>
+
+lemma add_generators:
+ assumes "A \<in> gen_boolean_algebra S Xs"
+ shows "gen_boolean_algebra S Xs = gen_boolean_algebra S (insert A Xs)"
+proof(rule equalityI')
+ fix x assume A: "x \<in> gen_boolean_algebra S Xs"
+ show "x \<in> gen_boolean_algebra S (insert A Xs)"
+ apply(rule gen_boolean_algebra.induct[of x S Xs], rule A, rule gen_boolean_algebra.universe)
+ apply(rule gen_boolean_algebra.generator, blast)
+ apply(rule gen_boolean_algebra.union, blast,blast)
+ by(rule gen_boolean_algebra_diff, rule gen_boolean_algebra.universe, blast)
+next
+ fix x assume A: "x \<in> gen_boolean_algebra S (insert A Xs)"
+ show "x \<in> gen_boolean_algebra S Xs"
+ apply(rule gen_boolean_algebra.induct[of x S "insert A Xs"], rule A, rule gen_boolean_algebra.universe)
+ using assms gen_boolean_algebra.generator[of _ Xs S]
+ using gen_boolean_algebra.universe gen_boolean_algebra_intersect apply blast
+ apply(rule gen_boolean_algebra.union, blast, blast)
+ by(rule gen_boolean_algebra_diff, rule gen_boolean_algebra.universe, blast)
+qed
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Turning a Family of Sets into a Family of Disjoint Sets\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ This section outlines the standard construction where sets $A_0, \dots, A_n$ are replaced by sets
+ $A_0, A_1 - A_0, A_2 - (A_0 \cup A_1), ..., A_n - (\bigcup \limits_{i = 0}^{n-1} A_i)$ to obtain
+ a disjoint family of the same cardinality.
+\<close>
+fun rec_disjointify where
+"rec_disjointify 0 f = {}"|
+"rec_disjointify (Suc m) f = insert (f m - \<Union> (rec_disjointify m f)) (rec_disjointify m f)"
+
+lemma card_of_rec_disjointify:
+"card (rec_disjointify m f) \<le> m"
+ apply(induction m) unfolding rec_disjointify.simps
+ apply simp
+ by (metis Suc_le_mono card.infinite card_insert_disjoint finite_insert insert_absorb le_SucI)
+
+lemma rec_disjointify_finite:
+"finite (rec_disjointify m f)"
+ apply(induction m)
+ unfolding rec_disjointify.simps by auto
+
+lemma rec_disjointify_in_gen_boolean_algebra:
+ assumes "f ` {..<m} \<subseteq> gen_boolean_algebra S B"
+ shows "rec_disjointify m f \<subseteq> gen_boolean_algebra S B"
+proof-
+ have "\<And>k. k \<le> m \<longrightarrow> rec_disjointify k f \<subseteq> gen_boolean_algebra S B"
+ proof- fix k show "k \<le> m \<longrightarrow> rec_disjointify k f \<subseteq> gen_boolean_algebra S B"
+ apply(induction k) unfolding rec_disjointify.simps(1) using assms apply blast
+ proof fix k
+ assume IH: " k \<le> m \<longrightarrow> rec_disjointify k f \<subseteq> gen_boolean_algebra S B"
+ "Suc k \<le> m"
+ then have 0: "rec_disjointify k f \<subseteq> gen_boolean_algebra S B"
+ by (simp add: IH(2))
+ have 1: "finite (rec_disjointify k f )"
+ using rec_disjointify_finite by blast
+ have 2: "f k \<in> gen_boolean_algebra S B"
+ using IH(2) assms
+ by (simp add: image_subset_iff)
+ show "rec_disjointify (Suc k) f \<subseteq> gen_boolean_algebra S B"
+ using 0 1 2 unfolding rec_disjointify.simps
+ by (simp add: gen_boolean_algebra_diff gen_boolean_algebra_finite_union subset_iff)
+ qed
+ qed
+ thus ?thesis by blast
+qed
+
+lemma rec_disjointify_union:
+"\<Union> (rec_disjointify m f) = (\<Union> i \<in> {..<m}. f i)"
+ apply(induction m)
+ apply simp unfolding rec_disjointify.simps insert_def
+ apply(rule equalityI, rule subsetI)
+ apply (simp add: lessThan_Suc; fail)
+ apply(rule subsetI)
+ by (simp add: lessThan_Suc)
+
+definition enum_rec_disjointify where
+"enum_rec_disjointify f m = f m - \<Union> (rec_disjointify m f)"
+
+lemma rec_disjointify_as_enum_rec_disjointify_image:
+"rec_disjointify m f = enum_rec_disjointify f ` {..<m}"
+ apply(induction m)
+ unfolding rec_disjointify.simps
+ apply (simp; fail)
+ unfolding enum_rec_disjointify_def
+ using lessThan_Suc by auto
+
+lemma enum_rec_disjointify_subset:
+"enum_rec_disjointify f m \<subseteq> f m"
+ unfolding enum_rec_disjointify_def
+ by auto
+
+lemma enum_rec_disjointify_disjoint:
+ assumes "k < m"
+ shows "enum_rec_disjointify f m \<inter> enum_rec_disjointify f k = {}"
+proof-
+ have "enum_rec_disjointify f k \<subseteq> \<Union> (rec_disjointify m f)"
+ unfolding rec_disjointify_union
+ using assms enum_rec_disjointify_subset by fastforce
+ thus ?thesis
+ unfolding enum_rec_disjointify_def
+ by auto
+qed
+
+lemma enum_rec_disjointify_disjoint':
+ assumes "k \<noteq> m"
+ shows "enum_rec_disjointify f m \<inter> enum_rec_disjointify f k = {}"
+ apply(cases "k < m") using enum_rec_disjointify_disjoint[of k m f]
+ apply simp
+ using assms enum_rec_disjointify_disjoint[of m k f] by auto
+
+lemma rec_disjointify_is_disjoint:
+ assumes "A \<in> rec_disjointify m f"
+ assumes "B \<in> rec_disjointify m f"
+ assumes "A \<noteq> B"
+ shows "A \<inter> B = {}"
+ using rec_disjointify_as_enum_rec_disjointify_image enum_rec_disjointify_disjoint' assms
+ by (smt image_iff)
+
+definition enumerates where
+"enumerates A f \<equiv> finite A \<and> A = f ` {..< (card A)} \<and> inj_on f {..< (card A)}"
+
+lemma finite_imp_exists_enumeration:
+ assumes "finite A"
+ shows "\<exists>f. enumerates A f"
+ unfolding enumerates_def
+ using assms finite_imp_nat_seg_image_inj_on[of A]
+ by (metis card_Collect_less_nat card_image lessThan_def)
+
+lemma enumeratesE:
+ assumes "enumerates A f"
+ shows "finite A" "A = f ` {..< card A}" "inj_on f {..< card A}"
+ using assms unfolding enumerates_def apply blast
+ using assms unfolding enumerates_def apply blast
+ using assms unfolding enumerates_def by blast
+
+lemma rec_disjointify_finite_set:
+ assumes "enumerates A f"
+ shows "\<Union> (rec_disjointify (card A) f) = \<Union> A"
+ unfolding rec_disjointify_union[of "card A" f]
+ using enumeratesE[of A f] assms by auto
+
+definition enumerate where
+"enumerate A = (SOME f. enumerates A f)"
+
+lemma enumerate_enumerates:
+ assumes "finite A"
+ shows "enumerates A (enumerate A)"
+ unfolding enumerate_def using finite_imp_exists_enumeration assms
+ by (simp add: finite_imp_exists_enumeration some_eq_ex)
+
+lemma enumerateE:
+ assumes "finite A"
+ assumes "a \<in> A"
+ shows "\<exists> i < card A. a = (enumerate A) i"
+ using enumerate_enumerates[of A] enumeratesE[of A] assms by blast
+
+definition disjointify where
+"disjointify As = rec_disjointify (card As) (enumerate As)"
+
+lemma disjointify_is_disjoint:
+ assumes "finite As"
+ assumes "A \<in> disjointify As"
+ assumes "B \<in> disjointify As"
+ assumes "A \<noteq> B"
+ shows "A \<inter> B = {}"
+ using assms rec_disjointify_is_disjoint[of A _ _ B] unfolding disjointify_def
+ by simp
+
+lemma disjointify_union:
+ assumes "finite As"
+ shows "\<Union> (disjointify As) = \<Union> As"
+ using assms
+ by (simp add: disjointify_def enumerate_enumerates rec_disjointify_finite_set)
+
+lemma disjointify_gen_boolean_algebra:
+ assumes "finite As"
+ assumes "As \<subseteq> gen_boolean_algebra S B"
+ shows " disjointify As \<subseteq> gen_boolean_algebra S B"
+ using assms unfolding disjointify_def
+ by (metis enumerate_enumerates enumeratesE(2) rec_disjointify_in_gen_boolean_algebra)
+
+lemma disjointify_finite:
+ assumes "finite As"
+ shows "finite (disjointify As)"
+ using assms unfolding disjointify_def
+ by (simp add: rec_disjointify_finite)
+
+lemma disjointify_card:
+ assumes "finite As"
+ shows"card (disjointify As) \<le> card As"
+ by (simp add: card_of_rec_disjointify disjointify_def)
+
+lemma disjointify_subset:
+ assumes "finite As"
+ assumes "A \<in> disjointify As"
+ shows "\<exists>B \<in> As. A \<subseteq> B"
+ using assms enum_rec_disjointify_subset enumerate_enumerates enumeratesE
+ unfolding disjointify_def
+ by (smt image_iff rec_disjointify_as_enum_rec_disjointify_image)
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>The Atoms Generated by Collections of Sets\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ We can also turn a family of sets into a disjoint family by taking the atoms of the boolean
+ algebra generated by these sets. This will still yield a finite family if the initial family is
+ finite, but in general will be much larger in size.
+\<close>
+
+(**********************************************************************)
+(**********************************************************************)
+subsubsection\<open>Defining the Atoms of a Family of Sets\<close>
+(**********************************************************************)
+(**********************************************************************)
+text\<open>
+ Here we intend that \<open>As\<close> is a subset of the collection of sets \<open>Xs\<close>. This function associate to each
+ subset \<open>As \<subseteq> Xs\<close> a set which is contained in each element of \<open>As\<close>, and is disjoint from
+ each element of \<open>Xs - As\<close>. Note that in general this may yield the empty set, but we will
+ ultimately be interested in the cases where the result is nonempty.\<close>
+
+definition subset_to_atom where
+"subset_to_atom Xs As = \<Inter> As - \<Union> (Xs - As)"
+
+lemma subset_to_atom_memI:
+ assumes "\<And>A. A \<in> As \<Longrightarrow> x \<in> A"
+ assumes "\<And>A. A \<in> Xs \<Longrightarrow> A \<notin> As \<Longrightarrow> x \<notin> A"
+ shows "x \<in> subset_to_atom Xs As"
+ using assms unfolding subset_to_atom_def
+ by blast
+
+lemma subset_to_atom_memE:
+ assumes "x \<in> subset_to_atom Xs As"
+ shows "\<And>A. A \<in> As \<Longrightarrow> x \<in> A"
+ "\<And>A. A \<in> Xs \<Longrightarrow> A \<notin> As \<Longrightarrow> x \<notin> A"
+ using assms unfolding subset_to_atom_def by auto
+
+lemma subset_to_atom_closed:
+ assumes "As \<noteq> {}"
+ assumes "As \<subseteq> Xs"
+ shows "subset_to_atom Xs As \<subseteq> \<Union> Xs"
+proof-
+ have 0: "\<Inter> As \<subseteq> \<Union> As "
+ apply(rule subsetI)
+ using assms(1) by blast
+ show ?thesis
+ apply(rule subsetI)
+ using assms 0 unfolding subset_to_atom_def
+ by (meson DiffD1 Union_mono subsetD)
+qed
+
+lemma subset_to_atom_as_intersection:
+ assumes "As \<noteq> {}"
+ assumes "As \<subseteq> Xs"
+ assumes "S = \<Union> Xs"
+ shows "subset_to_atom Xs As = \<Inter> As \<inter> (\<Inter> X \<in> Xs - As. S - X)"
+ unfolding assms subset_to_atom_def
+ apply(rule equalityI')
+ apply(rule IntI, blast)
+ apply(rule InterI)
+ using INT_I assms(1) assms(2) apply auto[1]
+ apply(rule DiffI, blast)
+ by blast
+
+definition atoms_of where
+"atoms_of Xs = (subset_to_atom Xs ` ((Pow Xs) - {{}})) - {{}}"
+
+lemma atoms_nonempty:
+ assumes "A \<in> atoms_of Xs"
+ shows "A \<noteq> {}"
+ using assms unfolding atoms_of_def by blast
+
+lemma atoms_of_disjoint:
+ assumes "A \<in> atoms_of Xs"
+ assumes "B \<in> atoms_of Xs"
+ assumes "A \<noteq> B"
+ shows "A \<inter> B = {}"
+proof-
+ obtain a where a_def: "a \<subseteq> Xs \<and> A = subset_to_atom Xs a"
+ using assms unfolding atoms_of_def by blast
+ obtain b where b_def: "b \<subseteq> Xs \<and> B = subset_to_atom Xs b"
+ using assms unfolding atoms_of_def by blast
+ have a_neq_b: "a \<noteq> b"
+ using assms a_def b_def by blast
+ have "A \<inter> B \<subseteq> {}"
+ proof fix x assume A: "x \<in> A \<inter> B"
+ show "x \<in> {}"
+ proof(cases "a \<subseteq> b")
+ case True
+ then obtain c where c_def: "c \<in> b - a"
+ using a_neq_b by blast
+ have c_in_Xs: "c \<in> Xs"
+ using c_def b_def by blast
+ have x_in_c: "x \<in> c"
+ using A b_def c_def subset_to_atom_memE[of x Xs b c] by blast
+ have x_notin_c: "x \<notin> c"
+ using A a_def c_in_Xs c_def subset_to_atom_memE[of x Xs a c] by blast
+ then show ?thesis using x_in_c by blast
+ next
+ case False
+ then obtain c where c_def: "c \<in> a - b"
+ using a_neq_b by blast
+ have c_in_Xs: "c \<in> Xs"
+ using c_def a_def by blast
+ have x_in_c: "x \<in> c"
+ using A a_def c_def subset_to_atom_memE[of x Xs a c] by blast
+ have x_notin_c: "x \<notin> c"
+ using A b_def c_in_Xs c_def subset_to_atom_memE[of x Xs b c] by blast
+ then show ?thesis using x_in_c by blast
+ qed
+ qed
+ thus "A \<inter> B = {}"
+ by blast
+qed
+
+text \<open>
+ The atoms of a family of sets \<open>Xs\<close> are minimal in the sense that they are either contained in or
+ disjoint from each element of \<open>Xs\<close>.
+\<close>
+lemma atoms_are_minimal:
+ assumes "A \<in> atoms_of Xs"
+ assumes "X \<in> Xs"
+ shows "X \<inter> A = {} \<or> A \<subseteq> X"
+proof(cases "X \<inter> A = {}")
+ case True
+ then show ?thesis by blast
+next
+ case False
+ obtain As where As_def: "As \<in> Pow Xs - {{}} \<and> A = subset_to_atom Xs As"
+ using assms unfolding atoms_of_def by blast
+ have A_simp: "A = subset_to_atom Xs As"
+ using As_def by blast
+ then show ?thesis using assms unfolding atoms_of_def subset_to_atom_def A_simp
+ using DiffD1 subset_eq by auto
+qed
+
+(**********************************************************************)
+(**********************************************************************)
+subsubsection\<open>Atoms Induced by Types of Points\<close>
+(**********************************************************************)
+(**********************************************************************)
+text\<open>
+ The set of sets in \<open>Xs\<close> which contain some point \<open>x\<close>. In the case where \<open>Xs\<close> is some collection of
+ first order formulas, this is just the type of \<open>x\<close> over these formulas.\<close>
+definition point_to_type where
+"point_to_type Xs x = {X \<in> Xs. x \<in> X}"
+
+text \<open>The type of a point \<open>x\<close> induces the unique atom of \<open>Xs\<close> which contains \<open>x\<close>.\<close>
+lemma point_in_atom_of_type:
+ assumes "x \<in> \<Union> Xs"
+ shows "x \<in> subset_to_atom Xs (point_to_type Xs x)"
+ using assms unfolding subset_to_atom_def point_to_type_def
+ by blast
+
+lemma point_to_type_nonempty:
+ assumes "x \<in> \<Union> Xs"
+ shows "point_to_type Xs x \<noteq>{}"
+ using assms unfolding point_to_type_def
+ by blast
+
+lemma point_to_type_closed:
+ "point_to_type Xs x \<subseteq> Pow (\<Union> Xs)"
+ unfolding point_to_type_def
+ by blast
+
+lemma atoms_of_covers:
+ assumes "X = \<Union> Xs"
+ shows "\<Union> (atoms_of Xs) = X"
+proof
+ show " \<Union> (atoms_of Xs) \<subseteq> X"
+ proof fix x assume A: "x \<in> \<Union> (atoms_of Xs)"
+ then obtain As where As_def: "As \<in> Pow Xs - {{}} \<and> x \<in> subset_to_atom Xs As"
+ unfolding atoms_of_def by blast
+ have "subset_to_atom Xs As \<subseteq> \<Union> Xs"
+ using subset_to_atom_closed[of As Xs] As_def by blast
+ then show "x \<in> X" unfolding assms
+ using As_def by blast
+ qed
+ show "X \<subseteq> \<Union> (atoms_of Xs)" apply(rule subsetI)
+ using point_to_type_nonempty point_in_atom_of_type point_to_type_closed
+ unfolding assms point_to_type_def atoms_of_def
+ by fastforce
+qed
+
+lemma atoms_of_covers':
+ shows "\<Union> (atoms_of Xs) = \<Union> Xs"
+ using atoms_of_covers[of "\<Union> Xs"] by blast
+
+text \<open>Every atom of a collection \<open>Xs\<close> of sets is realized as the atom generated by the type of
+ an element in that atom.\<close>
+lemma nonemtpy_atom_from_point_to_type:
+ assumes "A \<in> atoms_of Xs"
+ assumes "a \<in> A"
+ shows "A = subset_to_atom Xs (point_to_type Xs a)"
+proof-
+ obtain As where As_def: "As \<in> (Pow Xs) - {} \<and> A = subset_to_atom Xs As"
+ using assms unfolding atoms_of_def by blast
+ have A_simp: "A = subset_to_atom Xs As"
+ using As_def by blast
+ have 0: "As = point_to_type Xs a"
+ apply(rule equalityI)
+ apply(rule subsetI)
+ apply (smt As_def Diff_empty UnionI Union_Pow_eq assms point_in_atom_of_type subset_to_atom_memE(1) subset_to_atom_memE(2))
+ apply(rule subsetI)
+ using As_def assms subset_to_atom_memE(2)
+ by (metis (no_types, lifting) mem_Collect_eq point_to_type_def)
+ show ?thesis
+ using point_in_atom_of_type 0
+ atoms_of_covers'[of Xs] assms unfolding A_simp
+ by auto
+qed
+
+text \<open>
+ In light of the previous theorem, a point a and a collection of sets \<open>Xs\<close> is enough to recover
+ the the unique atom of \<open>Xs\<close> which contains \<open>a\<close>.
+\<close>
+definition point_to_atom where
+"point_to_atom Xs a = subset_to_atom Xs (point_to_type Xs a)"
+
+lemma point_to_atom_closed:
+ assumes "x \<in> \<Union> Xs"
+ shows "point_to_atom Xs x \<in> atoms_of Xs"
+ using assms unfolding atoms_of_def point_to_atom_def
+ by (metis (full_types) Union_iff atoms_of_covers atoms_of_def nonemtpy_atom_from_point_to_type)
+
+text \<open>All atoms of \<open>Xs\<close> are the atom induced by some point in the union of \<open>Xs\<close>.\<close>
+lemma atoms_induced_by_points:
+"atoms_of Xs = point_to_atom Xs ` (\<Union> Xs)"
+ apply(rule equalityI)
+ apply(rule subsetI)
+ using nonemtpy_atom_from_point_to_type atoms_nonempty atoms_of_covers'
+ unfolding point_to_atom_def
+ apply (smt DiffE Pow_empty Pow_iff atoms_of_def image_iff subsetD subsetI subset_to_atom_closed)
+ apply(rule subsetI)
+ by (metis (no_types, lifting) imageE point_to_atom_closed point_to_atom_def)
+
+(**********************************************************************)
+(**********************************************************************)
+subsubsection\<open>Atoms of Generated Boolean Algebras\<close>
+(**********************************************************************)
+(**********************************************************************)
+
+lemma atoms_of_gen_boolean_algebra:
+ assumes "Xs \<subseteq> gen_boolean_algebra S B"
+ assumes "finite Xs"
+ shows "atoms_of Xs \<subseteq> gen_boolean_algebra S B"
+proof
+ fix x assume A: "x \<in> atoms_of Xs"
+ then obtain As where As_def: "As \<in> ((Pow Xs) - {{}}) \<and> x = subset_to_atom Xs As"
+ unfolding atoms_of_def by blast
+ have x_simp: "x = subset_to_atom Xs As"
+ using As_def by blast
+ have 0: "finite As"
+ using As_def assms finite_subset by auto
+ have 1: "As \<subseteq> gen_boolean_algebra S B"
+ using As_def assms by blast
+ have 2: "\<Inter> As \<in> gen_boolean_algebra S B"
+ using 0 1 assms
+ by (metis As_def DiffE gen_boolean_algebra_finite_intersection singletonI subset_eq)
+ show "x \<in> gen_boolean_algebra S B"
+ using A 2 unfolding atoms_of_def subset_to_atom_def x_simp
+ by (metis (no_types, lifting) As_def DiffD1 Diff_partition Pow_iff Un_subset_iff assms(1) assms(2) finite_subset gen_boolean_algebra_diff gen_boolean_algebra_finite_union order_refl subsetD)
+qed
+
+
+text \<open>If the generators of a boolean algebra are contained in the universe, the atoms induced by
+ the generators alone are minimal elements of the entire algebra.\<close>
+lemma finite_algebra_atoms_are_minimal:
+ assumes "finite Xs"
+ assumes "\<Union> Xs \<subseteq> S"
+ assumes "A \<in> atoms_of Xs"
+ assumes "X \<in> gen_boolean_algebra S Xs"
+ shows "X \<inter> A = {} \<or> A \<subseteq> X"
+ apply(rule gen_boolean_algebra.induct[of X S Xs])
+ apply (simp add: assms(4); fail)
+ apply (metis Union_upper assms(2) assms(3) atoms_of_covers dual_order.trans)
+ using assms(2) assms(3) atoms_are_minimal apply fastforce
+ apply blast
+ using assms
+ by (metis Diff_Int_distrib2 Diff_empty Diff_eq_empty_iff Sup_upper atoms_of_covers' equalityE inf.absorb_iff2 order_trans)
+
+lemma finite_set_imp_finite_atoms:
+ assumes "finite Xs"
+ shows "finite (atoms_of Xs)"
+ using assms unfolding atoms_of_def
+ by blast
+
+text \<open>
+ Every element in the boolean algebra generated by \<open>Xs\<close> over \<open>S\<close> is a (disjoint) union
+ of atoms of generators:
+\<close>
+
+lemma gen_boolean_algebra_elem_uni_of_atoms:
+ assumes "finite Xs"
+ assumes "S = \<Union> Xs"
+ assumes "X \<in> gen_boolean_algebra S Xs"
+ shows "X = \<Union> {a \<in> atoms_of Xs. a \<subseteq> X}"
+proof
+ show "X \<subseteq> \<Union> {a \<in> atoms_of Xs. a \<subseteq> X}"
+ proof fix x assume A: "x \<in> X"
+ then have "point_to_atom Xs x \<in> atoms_of Xs"
+ using assms by (meson gen_boolean_algebra_subset point_to_atom_closed subsetD)
+ then show "x \<in> \<Union> {a \<in> atoms_of Xs. a \<subseteq> X}"
+ by (smt A IntI Union_iff assms(1) assms(2) assms(3) empty_iff finite_algebra_atoms_are_minimal gen_boolean_algebra.universe gen_boolean_algebra_subset mem_Collect_eq point_in_atom_of_type point_to_atom_def subsetD)
+ qed
+ show "\<Union> {a \<in> atoms_of Xs. a \<subseteq> X} \<subseteq> X"
+ by blast
+qed
+
+text\<open>In fact, every generated boolean algebra is the power set of the atoms of its generators:\<close>
+lemma gen_boolean_algebra_generated_by_atoms:
+ assumes "finite Xs"
+ assumes "S = \<Union> Xs"
+ shows "gen_boolean_algebra S Xs = \<Union> ` (Pow (atoms_of Xs))"
+proof
+ show "gen_boolean_algebra S Xs \<subseteq> \<Union> ` Pow (atoms_of Xs)"
+ apply(rule subsetI)
+ using gen_boolean_algebra_elem_uni_of_atoms[of Xs S] assms
+ by fastforce
+ show "\<Union> ` Pow (atoms_of Xs) \<subseteq> gen_boolean_algebra S Xs"
+ apply(rule subsetI)
+ using atoms_of_gen_boolean_algebra[of Xs S Xs]
+ finite_subset[of _ "atoms_of Xs"] assms
+ finite_set_imp_finite_atoms[of Xs]
+ gen_boolean_algebra_finite_union[of _ S Xs]
+ by (smt Pow_iff Union_upper gen_boolean_algebra.intros(2) image_iff inf.absorb1 subsetD subsetI)
+qed
+
+text\<open>Finitely generated boolean algebras are finite\<close>
+lemma fin_gens_imp_fin_algebra:
+ assumes "finite Xs"
+ assumes "S = \<Union> Xs"
+ shows "finite (gen_boolean_algebra S Xs)"
+ using finite_set_imp_finite_atoms[of Xs] assms gen_boolean_algebra_generated_by_atoms[of Xs S]
+ by simp
+
+
+lemma point_to_atom_equal:
+ assumes "finite Xs"
+ assumes "S = \<Union> Xs"
+ assumes "x \<in> S"
+ shows "point_to_atom Xs x = point_to_atom (gen_boolean_algebra S Xs) x"
+proof
+ show P0: "point_to_atom Xs x \<subseteq> point_to_atom (gen_boolean_algebra S Xs) x"
+ proof-
+ have 0: "point_to_atom Xs x \<inter> point_to_atom (gen_boolean_algebra S Xs) x \<noteq> {}"
+ using assms
+ by (metis IntI UnionI empty_iff gen_boolean_algebra.universe point_in_atom_of_type point_to_atom_def)
+ have 1: "point_to_atom (gen_boolean_algebra S Xs) x \<in> gen_boolean_algebra S Xs"
+ using assms fin_gens_imp_fin_algebra[of Xs S]
+ by (meson UnionI atoms_of_gen_boolean_algebra gen_boolean_algebra.simps point_to_atom_closed subset_eq subset_refl)
+ then show ?thesis
+ using 0 finite_algebra_atoms_are_minimal[of Xs S "point_to_atom Xs x" "point_to_atom (gen_boolean_algebra S Xs) x"]
+ assms(1) assms(2) assms(3) atoms_induced_by_points by auto
+ qed
+ show "point_to_atom (gen_boolean_algebra S Xs) x \<subseteq> point_to_atom Xs x"
+ proof-
+ have 0: "point_to_atom (gen_boolean_algebra S Xs) x \<inter> point_to_atom Xs x \<noteq>{}"
+ using assms P0 point_in_atom_of_type point_to_atom_def by fastforce
+ have 1: "point_to_atom (gen_boolean_algebra S Xs) x \<in> (gen_boolean_algebra S Xs)"
+ using assms gen_boolean_algebra_idempotent[of S Xs] atoms_of_gen_boolean_algebra
+ by (metis UnionI fin_gens_imp_fin_algebra gen_boolean_algebra.universe point_to_atom_closed subset_eq)
+ have 2: "\<Union> (gen_boolean_algebra S Xs) \<subseteq> S"
+ using assms
+ by (simp add: Sup_le_iff gen_boolean_algebra_subset)
+ hence 3: "\<Union> (gen_boolean_algebra S Xs) = S"
+ by (simp add: Union_upper gen_boolean_algebra.universe subset_antisym)
+ have 4: "gen_boolean_algebra S (gen_boolean_algebra S Xs) = gen_boolean_algebra S Xs"
+ using assms gen_boolean_algebra_idempotent[of S Xs] by blast
+ have 5: "point_to_atom Xs x \<in> gen_boolean_algebra S (gen_boolean_algebra S Xs)"
+ unfolding 4 using assms
+ by (metis (no_types, opaque_lifting) Int_absorb1 Int_commute Union_upper atoms_of_gen_boolean_algebra gen_boolean_algebra.generator point_to_atom_closed subsetD subsetI)
+ show ?thesis
+ using 2 5 finite_algebra_atoms_are_minimal[of "gen_boolean_algebra S Xs" S "point_to_atom (gen_boolean_algebra S Xs) x" "point_to_atom Xs x"] 0 1 2
+ unfolding 4
+ by (metis "3" Int_commute assms(1) assms(2) assms(3) fin_gens_imp_fin_algebra point_to_atom_closed)
+ qed
+qed
+
+text \<open>
+ When the set \<open>Xs\<close> of generators covers the universe set \<open>S\<close>, the atoms of \<open>Xs\<close> in the above
+ sense are the same as the atoms of the boolean algebra they generate over \<open>S\<close>.
+\<close>
+
+lemma atoms_of_sets_eq_atoms_of_algebra:
+ assumes "finite Xs"
+ assumes "S = \<Union> Xs"
+ shows "atoms_of Xs = atoms_of (gen_boolean_algebra S Xs)"
+proof
+ show "atoms_of Xs \<subseteq> atoms_of (gen_boolean_algebra S Xs)"
+ proof fix A assume A: "A \<in> atoms_of Xs"
+ then obtain x where x_def: "x \<in> S \<and> A = point_to_atom Xs x"
+ using assms
+ by (metis atoms_induced_by_points image_iff)
+ have 0: "A = point_to_atom (gen_boolean_algebra S Xs) x"
+ using assms point_to_atom_equal x_def by fastforce
+ show "A \<in> atoms_of (gen_boolean_algebra S Xs)"
+ unfolding 0 using assms A
+ by (metis (full_types) "0" UnionI gen_boolean_algebra.universe point_to_atom_closed x_def)
+ qed
+ show "atoms_of (gen_boolean_algebra S Xs) \<subseteq> atoms_of Xs"
+ proof fix A assume A: "A \<in> atoms_of (gen_boolean_algebra S Xs)"
+ then obtain x where x_def: "x \<in> S \<and> A = point_to_atom (gen_boolean_algebra S Xs) x"
+ by (metis atoms_induced_by_points cSup_eq_maximum gen_boolean_algebra.universe gen_boolean_algebra_subset image_iff)
+ then show "A \<in> atoms_of Xs"
+ using assms(1) assms(2) point_to_atom_closed point_to_atom_equal by fastforce
+ qed
+qed
+
+lemma atoms_closed:
+ assumes "finite Xs"
+ assumes "A \<in> atoms_of (gen_boolean_algebra S Xs)"
+ assumes "S = \<Union> Xs"
+ shows "A \<in> (gen_boolean_algebra S Xs)"
+proof-
+ have 1: "A = \<Union> {A}"
+ by blast
+ have 2: "A \<in> atoms_of Xs"
+ using assms atoms_of_sets_eq_atoms_of_algebra
+ by blast
+ show ?thesis
+ using gen_boolean_algebra_generated_by_atoms[of Xs S]
+ assms 1 2 unfolding Pow_def by blast
+qed
+
+lemma atoms_finite:
+ assumes "finite Xs"
+ shows "finite ((atoms_of (gen_boolean_algebra S Xs)))"
+proof-
+ have 0: "gen_boolean_algebra S Xs =gen_boolean_algebra S ((\<inter>) S ` Xs)"
+ using gen_boolean_algebra_restrict_generators by blast
+ have 1: "gen_boolean_algebra S Xs = gen_boolean_algebra S (insert S ((\<inter>) S ` Xs))"
+ unfolding 0 by(rule add_generators, rule gen_boolean_algebra.universe)
+ obtain Ys where Ys_def: "Ys = (insert S ((\<inter>) S ` Xs))"
+ by blast
+ have Ys_finite: "finite Ys"
+ unfolding Ys_def using assms by blast
+ have 2: "\<Union> Ys = S"
+ unfolding Ys_def
+ by blast
+ have 3: "atoms_of Ys = atoms_of (gen_boolean_algebra S Xs) "
+ unfolding Ys_def 1
+ apply(rule atoms_of_sets_eq_atoms_of_algebra)
+ using Ys_finite unfolding Ys_def apply blast
+ by blast
+ have 4: "finite (atoms_of Ys)"
+ by(rule finite_set_imp_finite_atoms, rule Ys_finite)
+ show ?thesis using 4 unfolding 3 by blast
+qed
+
+
+text \<open>
+ We can distinguish atoms of a set of generators \<open>Cs\<close> by finding some element of \<open>Cs\<close> which
+ includes one and excludes the other.
+\<close>
+
+lemma distinct_atoms:
+ assumes "Cs \<noteq> {}"
+ assumes "a \<in> atoms_of Cs"
+ assumes "b \<in> atoms_of Cs"
+ assumes "a \<noteq> b"
+ shows "(\<exists>B \<in> Cs. b \<subseteq> B \<and> a \<inter> B = {}) \<or> (\<exists>A \<in> Cs. a \<subseteq> A \<and> b \<inter> A = {})"
+proof-
+ obtain x where x_def: "x \<in> \<Union> Cs \<and> a = point_to_atom Cs x"
+ by (metis assms(2) atoms_induced_by_points imageE)
+ obtain y where y_def: "y \<in> \<Union> Cs \<and> b = point_to_atom Cs y"
+ by (metis assms(3) atoms_induced_by_points imageE)
+ have 0: "point_to_atom Cs x \<noteq> point_to_atom Cs y"
+ using x_def y_def assms by simp
+ hence 1: "point_to_type Cs x \<noteq> point_to_type Cs y"
+ unfolding point_to_atom_def subset_to_atom_def by blast
+ then obtain B where B_def: "B \<in> Cs \<and> (B \<in> point_to_type Cs x - point_to_type Cs y \<or> B \<in> point_to_type Cs y - point_to_type Cs x)"
+ unfolding point_to_type_def by blast
+ have 2: "B \<in> point_to_type Cs x - point_to_type Cs y \<Longrightarrow> a \<subseteq> B"
+ using x_def point_to_atom_def subset_to_atom_memE(1) by fastforce
+ have 3: "B \<in> point_to_type Cs y - point_to_type Cs y \<Longrightarrow> b \<subseteq> B"
+ using y_def by blast
+ show ?thesis using B_def 2 3
+ by (smt Diff_iff disjoint_iff_not_equal point_to_atom_def subset_eq subset_to_atom_memE(1) subset_to_atom_memE(2) x_def y_def)
+qed
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Partitions of a Set\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+definition disjoint :: "'a set set \<Rightarrow> bool" where
+"disjoint Ss = (\<forall> A \<in> Ss. \<forall>B \<in> Ss. A \<noteq>B \<longrightarrow> A \<inter> B = {})"
+
+lemma disjointE:
+ assumes "disjoint Ss"
+ assumes "A \<in> Ss"
+ assumes "B \<in> Ss"
+ assumes "A \<noteq>B"
+ shows "A \<inter> B = {}"
+ by (meson assms(1) assms(2) assms(3) assms(4) disjoint_def)
+
+lemma disjointI:
+ assumes "\<And>A B. A \<in> Ss \<Longrightarrow> B \<in> Ss \<Longrightarrow> A \<noteq> B \<Longrightarrow> A \<inter> B = {}"
+ shows "disjoint Ss"
+ by (meson assms disjoint_def)
+
+definition is_partition :: "'a set set \<Rightarrow> 'a set \<Rightarrow> bool" (infixl "partitions" 75) where
+"S partitions A = (disjoint S \<and> \<Union> S = A)"
+
+lemma is_partitionE:
+ assumes "S partitions A"
+ shows "disjoint S"
+ "\<Union> S = A"
+ using assms is_partition_def apply blast
+ using assms
+ by (simp add: is_partition_def)
+
+lemma is_partitionI:
+ assumes "disjoint S"
+ assumes "\<Union> S = A"
+ shows "S partitions A"
+ using assms is_partition_def by blast
+
+text \<open>
+ If we start with a finite partition of a set \<open>A\<close>, and each element in that partition has a
+ finite partition with some property \<open>P\<close>, then \<open>A\<close> itself has a finite partition where each
+ element has property \<open>P\<close>.\<close>
+
+lemma iter_partition:
+ assumes "As partitions A"
+ assumes "finite As"
+ assumes "\<And>a. a \<in> As \<Longrightarrow> \<exists>Bs. finite Bs \<and> Bs partitions a \<and> (\<forall>b \<in> Bs. P b)"
+ shows "\<exists>Bs. finite Bs \<and> Bs partitions A \<and> (\<forall>b \<in> Bs. P b)"
+proof-
+ obtain F where F_def: "F = (\<lambda>a. (SOME Bs. finite Bs \<and> Bs partitions a \<and> (\<forall>b \<in> Bs. P b)))"
+ by blast
+ have FE: "\<And>a. a \<in> As \<Longrightarrow> finite (F a) \<and> (F a) partitions a \<and> (\<forall>b \<in> (F a). P b)"
+ proof- fix a assume A: "a \<in> As"
+ show "finite (F a) \<and> (F a) partitions a \<and> (\<forall>b \<in> (F a). P b)"
+ apply(rule SomeE'[of _ "\<lambda>Bs. finite Bs \<and> Bs partitions a \<and> (\<forall>b \<in> Bs. P b)"])
+ unfolding F_def apply blast
+ using assms by (simp add: A)
+ qed
+ obtain Bs where Bs_def: "Bs = (\<Union> a \<in> As. F a)"
+ by blast
+ have 0: "finite Bs"
+ unfolding Bs_def using FE assms by blast
+ have 1: "disjoint Bs"
+ proof(rule disjointI)
+ fix a b assume A: "a \<in> Bs" "b \<in> Bs" "a \<noteq> b"
+ obtain c where c_def: "c \<in> As \<and> a \<in> F c"
+ using Bs_def A by blast
+ obtain d where d_def: "d \<in> As \<and> b \<in> F d"
+ using Bs_def A by blast
+ have 0: "a \<subseteq> c"
+ using c_def FE[of c] is_partitionE(2)[of "F c" c] by blast
+ have 1: "b \<subseteq> d"
+ using d_def FE[of d] is_partitionE(2)[of "F d" d] by blast
+ show "a \<inter> b = {}"
+ proof(cases "c = d")
+ case True
+ show ?thesis apply(rule disjointE[of "F c"])
+ unfolding True using FE is_partitionE d_def apply blast
+ using c_def unfolding True apply blast
+ using d_def apply blast
+ by(rule A)
+ next
+ case False
+ have "c \<inter> d = {}"
+ apply(rule disjointE[of As])
+ using assms is_partitionE apply blast
+ using c_def apply blast
+ using d_def apply blast
+ using False by blast
+ then show ?thesis using 0 1 by blast
+ qed
+ qed
+ have 2: "(\<forall>b \<in> Bs. P b)"
+ apply(rule )
+ unfolding Bs_def using FE
+ by blast
+ have FE': "\<And>a. a \<in> As \<Longrightarrow> (\<Union> (F a)) = a "
+ apply(rule is_partitionE)
+ using FE by blast
+ have 3: "Bs partitions A"
+ apply(rule is_partitionI, rule 1)
+apply(rule equalityI')
+ unfolding Bs_def using assms is_partitionE(2)[of As A]
+ FE' is_partitionE(2) apply blast
+ proof-
+ fix x assume A: "x \<in> A"
+ then obtain a where a_def: "a \<in> As \<and> x \<in> a"
+ using assms is_partitionE by blast
+ then have "x \<in> (\<Union> (F a))"
+ using a_def FE' by blast
+ thus " x \<in> \<Union> (\<Union> (F ` As))"
+ using a_def A by blast
+ qed
+ show "\<exists>Bs. finite Bs \<and> Bs partitions A \<and> (\<forall>b\<in>Bs. P b)"
+ using 0 2 3 by blast
+qed
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Intersections of Families of Sets\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+definition pairwise_intersect where
+"pairwise_intersect As Bs = {c. \<exists>a \<in> As. \<exists>b \<in> Bs. c = a \<inter> b}"
+
+lemma partition_intersection:
+ assumes "As partitions A"
+ assumes "Bs partitions B"
+ shows "(pairwise_intersect As Bs) partitions (A \<inter> B)"
+proof(rule is_partitionI, rule disjointI)
+ fix a b assume a0: "a \<in> pairwise_intersect As Bs" "b \<in> pairwise_intersect As Bs" "a \<noteq> b"
+ obtain a1 b1 where def1: "a1 \<in> As \<and> b1 \<in> Bs \<and> a = a1 \<inter> b1"
+ using a0 unfolding pairwise_intersect_def by blast
+ obtain a2 b2 where def2: "a2 \<in> As \<and> b2 \<in> Bs \<and> b = a2 \<inter> b2"
+ using a0 unfolding pairwise_intersect_def by blast
+ have 0: "a \<inter> b = (a1 \<inter> a2) \<inter> (b1 \<inter> b2)"
+ using def1 def2 by blast
+ show " a \<inter> b= {}"
+ proof(cases "a1 \<noteq> a2")
+ case True
+ have T0: "a1 \<inter> a2 = {}"
+ apply(rule disjointE[of As a1 a2] )
+ using def1 def2 assms(1) True is_partitionE(1)[of As A] apply blast
+ using def1 apply blast using def2 apply blast by(rule True)
+ thus ?thesis unfolding 0 by blast
+ next
+ case False
+ then have F0: "b1 \<noteq> b2"
+ using a0 def1 def2 by blast
+ have F1: "b1 \<inter> b2 = {}"
+ apply(rule disjointE[of Bs b1 b2])
+ using def1 def2 assms(2) F0 is_partitionE(1)[of Bs B] apply blast
+ using def1 apply blast using def2 apply blast by(rule F0)
+ thus ?thesis unfolding 0 by blast
+ qed
+next
+ show "\<Union> (pairwise_intersect As Bs) = A \<inter> B"
+ proof(rule equalityI')
+ fix x assume A: "x \<in> \<Union> (pairwise_intersect As Bs)"
+ then obtain a b where def1: "a \<in> As \<and> b \<in> Bs \<and> x \<in> a \<inter> b"
+ unfolding pairwise_intersect_def by blast
+ have 0: "a \<subseteq> A"
+ using def1 assms is_partitionE by blast
+ have 1: "b \<subseteq> B"
+ using def1 assms is_partitionE by blast
+ show " x \<in> A \<inter> B"
+ using 0 1 def1 by blast
+ next
+ fix x assume A: "x \<in> A \<inter> B"
+ obtain a where a_def: "a \<in> As \<and> x \<in> a"
+ using A assms is_partitionE by blast
+ obtain b where b_def: "b \<in> Bs \<and> x \<in> b"
+ using A assms is_partitionE by blast
+ have 0: "x \<in> a \<inter> b"
+ using a_def b_def by blast
+ show "x \<in> \<Union> (pairwise_intersect As Bs)"
+ using a_def b_def 0 unfolding pairwise_intersect_def
+ by blast
+ qed
+qed
+
+lemma pairwise_intersect_finite:
+ assumes "finite As"
+ assumes "finite Bs"
+ shows "finite (pairwise_intersect As Bs)"
+proof-
+ have 0: "(pairwise_intersect As Bs) = (\<Union> a \<in> As. (\<inter>) a ` Bs)"
+ unfolding pairwise_intersect_def
+ apply(rule equalityI')
+ unfolding mem_Collect_eq apply blast
+ by blast
+ have 1: "\<And>a. a \<in> As \<Longrightarrow> finite ((\<inter>) a ` Bs)"
+ using assms by blast
+ show ?thesis unfolding 0 using assms(1) 1 by blast
+qed
+
+definition family_intersect where
+"family_intersect parts = atoms_of (\<Union> parts)"
+
+lemma family_intersect_partitions:
+ assumes "\<And>Ps. Ps \<in> parts \<Longrightarrow> Ps partitions A"
+ assumes "\<And>Ps. Ps \<in> parts \<Longrightarrow> finite Ps"
+ assumes "finite parts"
+ assumes "parts \<noteq> {}"
+ shows "family_intersect parts partitions A"
+proof(rule is_partitionI)
+ show "disjoint (family_intersect parts)"
+ apply(rule disjointI)
+ unfolding family_intersect_def apply(rule atoms_of_disjoint)
+ apply blast
+ apply blast
+ by blast
+ show " \<Union> (family_intersect parts) = A"
+ proof-
+ have 0: "\<Union> (family_intersect parts) = \<Union> (\<Union> parts)"
+ unfolding family_intersect_def
+ apply(rule atoms_of_covers)
+ by blast
+ have 1: "\<And>Ps. Ps \<in> parts \<Longrightarrow> \<Union>Ps = A"
+ by(rule is_partitionE, rule assms, blast)
+ show ?thesis unfolding 0
+ using 1 assms by blast
+ qed
+qed
+
+lemma family_intersect_memE:
+ assumes "\<And>Ps. Ps \<in> parts \<Longrightarrow> Ps partitions A"
+ assumes "\<And>Ps. Ps \<in> parts \<Longrightarrow> finite Ps"
+ assumes "finite parts"
+ assumes "parts \<noteq> {}"
+ shows "\<And>Ps a. a \<in> family_intersect parts \<Longrightarrow> Ps \<in> parts \<Longrightarrow> \<exists>P \<in> Ps. a \<subseteq> P"
+proof-
+ fix Ps a assume A: "a \<in> family_intersect parts" "Ps \<in> parts"
+ have 0: "\<Union> Ps = A"
+ apply(rule is_partitionE)
+ using A assms by blast
+ have 1: "\<Union> (family_intersect parts) = A"
+ apply(rule is_partitionE)
+ using family_intersect_partitions assms by blast
+ have 2: "a \<noteq> {}"
+ using A unfolding family_intersect_def atoms_of_def by blast
+ obtain P where P_def: "P \<in> Ps \<and> a \<inter> P \<noteq> {}"
+ using 0 1 A 2 by blast
+ have P_in: "P \<in> (\<Union> parts)"
+ using P_def A by blast
+ have a_sub: "a \<subseteq> P"
+ using atoms_are_minimal P_def A P_in unfolding family_intersect_def by blast
+ show "\<exists>P \<in> Ps. a \<subseteq> P"
+ using a_sub P_def by blast
+qed
+
+lemma family_intersect_mem_inter:
+ assumes "\<And>Ps. Ps \<in> (parts:: 'a set set set) \<Longrightarrow> Ps partitions A"
+ assumes "\<And>Ps. Ps \<in> parts \<Longrightarrow> finite Ps"
+ assumes "finite parts"
+ assumes "parts \<noteq> {}"
+ assumes "a \<in> family_intersect parts"
+ shows "\<exists>f. \<forall> Ps \<in> parts. f Ps \<in> Ps \<and> a = (\<Inter> Ps \<in> parts. f Ps)"
+proof-
+ obtain f where f_def: "f = (\<lambda>Ps:: 'a set set. (SOME P. P \<in> Ps \<and> a \<subseteq> P))"
+ by blast
+ have f_eval: "\<And>Ps. Ps \<in> parts \<Longrightarrow> f Ps \<in> Ps \<and> a \<subseteq> (f Ps)"
+ proof-
+ fix Ps assume A: "Ps \<in> parts"
+ obtain P where P_def: "P \<in> Ps \<and> a \<subseteq> P"
+ using assms family_intersect_memE A by blast
+ show " f Ps \<in> Ps \<and> a \<subseteq> f Ps"
+ apply(rule SomeE[of "f Ps" _ P])
+ unfolding f_def using A apply simp
+ by(rule P_def)
+ qed
+ have 0: "a \<noteq> {}"
+ using assms unfolding family_intersect_def
+ using atoms_nonempty by blast
+ have 1: "a = (\<Inter> Ps \<in> parts. f Ps)"
+ proof(rule equalityI)
+ show 10: "a \<subseteq> \<Inter> (f ` parts)"
+ using f_eval by blast
+ show "\<Inter> (f ` parts) \<subseteq> a"
+ proof
+ fix x assume A: "x \<in> \<Inter> (f ` parts)"
+ obtain b where b_def: "b = point_to_atom (\<Union> parts) x"
+ by blast
+ have b_atom: "b \<in> atoms_of (\<Union> parts)"
+ unfolding b_def apply(rule point_to_atom_closed)
+ using A f_eval assms by blast
+ show x_in_a: "x \<in> a"
+ proof(rule ccontr)
+ assume "x \<notin> a"
+ then have "\<not> b \<subseteq> a"
+ using b_def unfolding point_to_atom_def point_to_type_def subset_to_atom_def by blast
+ hence p0: "a \<noteq> b"
+ by blast
+ have p1: "b \<inter> a = {}"
+ apply(rule atoms_of_disjoint[of _ "(\<Union> parts)"] )
+ apply(rule b_atom)
+ using assms unfolding family_intersect_def apply blast
+ using p0 by blast
+ have p2: " (\<exists>B\<in>\<Union> parts. b \<subseteq> B \<and> a \<inter> B = {}) \<or> (\<exists>A\<in>\<Union> parts. a \<subseteq> A \<and> b \<inter> A = {})"
+ using distinct_atoms[of "\<Union> parts" a b] assms
+ by (metis Sup_bot_conv(1) b_atom equalityI' f_eval family_intersect_def mem_simps(2) p0)
+ show False
+ proof(cases "(\<exists>B\<in>\<Union> parts. b \<subseteq> B \<and> a \<inter> B = {})")
+ case True
+ then obtain B where B_def: "B\<in>\<Union> parts \<and> b \<subseteq> B \<and> a \<inter> B = {}"
+ by blast
+ obtain Ps where Ps_def: "B \<in> Ps \<and> Ps \<in> parts"
+ using B_def by blast
+ have B_neq: "B \<noteq> f Ps"
+ using Ps_def B_def 10 0 by blast
+ have B_cap: "B \<inter> f Ps = {}"
+ apply(rule disjointE[of Ps])
+ apply(rule is_partitionE[of Ps A])
+ using Ps_def assms apply blast
+ using Ps_def apply blast
+ using f_eval Ps_def apply blast
+ by(rule B_neq)
+ have b_cap: "b \<inter> f Ps = {}"
+ using B_cap B_def by blast
+ have x_in_b: "x \<in> b"
+ using b_def unfolding point_to_atom_def point_to_type_def subset_to_atom_def
+ by blast
+ show False using x_in_b b_cap Ps_def A by blast
+ next
+ case False
+ then obtain B where B_def: "B\<in>\<Union> parts \<and> a \<subseteq> B \<and> b \<inter> B = {}"
+ using p2 by blast
+ obtain Ps where Ps_def: "B \<in> Ps \<and> Ps \<in> parts"
+ using B_def by blast
+ have F0: "B = f Ps"
+ proof(rule ccontr)
+ assume not: "B \<noteq> f Ps"
+ have F0: "B \<inter> f Ps = {}"
+ apply(rule disjointE[of Ps])
+ apply(rule is_partitionE[of Ps A])
+ using Ps_def assms apply blast
+ using Ps_def apply blast
+ using f_eval Ps_def apply blast
+ by(rule not)
+ have a_sub: "a \<subseteq> f Ps"
+ using 10 Ps_def by blast
+ show False using F0 B_def a_sub 0 by blast
+ qed
+ have x_in_B: "x \<in> B"
+ unfolding F0 using A Ps_def by blast
+ have x_in_b: "x \<in> b"
+ using b_def unfolding point_to_atom_def point_to_type_def subset_to_atom_def
+ by blast
+ show False using x_in_b x_in_B B_def by blast
+ qed
+ qed
+ qed
+ qed
+ show ?thesis using f_eval 1 by blast
+qed
+
+text \<open>
+ If we take a finite family of partitions in a particular generated boolean algebra, where each
+ partition itself is finite, then their induced partition is also in the algebra.\<close>
+lemma family_intersect_in_gen_boolean_algebra:
+ assumes "A \<in> gen_boolean_algebra S B"
+ assumes "\<And>Ps. Ps \<in> parts \<Longrightarrow> Ps partitions A"
+ assumes "\<And>Ps. Ps \<in> parts \<Longrightarrow> finite Ps"
+ assumes "\<And>Ps P. Ps \<in> parts \<Longrightarrow> P \<in> Ps \<Longrightarrow> P \<in> gen_boolean_algebra S B"
+ assumes "finite parts"
+ assumes "parts \<noteq> {}"
+ shows "\<And>P. P \<in> family_intersect parts \<Longrightarrow> P \<in> gen_boolean_algebra S B"
+proof-
+ fix P assume A: "P \<in> family_intersect parts"
+ have 0: "P \<in> atoms_of (\<Union> parts)"
+ using A unfolding family_intersect_def by blast
+ have 1: "finite (\<Union> parts)"
+ using assms by blast
+ have 2: "\<Union> parts \<subseteq> gen_boolean_algebra S B"
+ using assms by blast
+ obtain Ps where Ps_def: "Ps \<in> parts"
+ using assms by blast
+ have 3: "\<Union> (\<Union> parts) = A"
+ apply(rule equalityI')
+ using assms is_partitionE(2)[of _ A] apply blast
+ using assms is_partitionE(2)[of Ps A] Ps_def by blast
+ have 4: "atoms_of (\<Union> parts) = atoms_of (gen_boolean_algebra A (\<Union> parts))"
+ apply(rule atoms_of_sets_eq_atoms_of_algebra[of "\<Union> parts" A])
+ apply(rule 1)
+ unfolding 3 by blast
+ have 5: "atoms_of (\<Union> parts) \<subseteq> (gen_boolean_algebra A (\<Union> parts))"
+ apply(rule atoms_of_gen_boolean_algebra)
+ using 3 gen_boolean_algebra.generator[of _ "\<Union> parts" A]
+ apply (meson Sup_upper gen_boolean_algebra_generators subsetI)
+ by(rule 1)
+ have 6: "A \<subseteq> S"
+ using assms gen_boolean_algebra_subset by blast
+ have 7: "(gen_boolean_algebra A (\<Union> parts)) \<subseteq> gen_boolean_algebra (S) (\<Union> parts)"
+ apply(rule gen_boolean_algebra_univ_mono)
+ using 3 gen_boolean_algebra_finite_union[of "\<Union> parts" "S" "\<Union> parts"]
+ gen_boolean_algebra.generator[of _ "\<Union> parts" "S" ] 6 1
+ by (meson Sup_le_iff gen_boolean_algebra_generators)
+ have 8: "gen_boolean_algebra (S) (\<Union> parts) \<subseteq> gen_boolean_algebra S B"
+ apply(rule gen_boolean_algebra_subalgebra)
+ using 2 by blast
+ show "P \<in> gen_boolean_algebra S B"
+ using 0 5 6 7 8 by blast
+qed
+
+
+
+end
diff --git a/thys/Padic_Field/Indices.thy b/thys/Padic_Field/Indices.thy
new file mode 100755
--- /dev/null
+++ b/thys/Padic_Field/Indices.thy
@@ -0,0 +1,571 @@
+theory Indices
+imports Main
+begin
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+section\<open>Basic Lemmas for Manipulating Indices and Lists\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+fun index_list where
+"index_list 0 = []"|
+"index_list (Suc n) = index_list n @ [n]"
+
+lemma index_list_length:
+"length (index_list n) = n"
+ by(induction n, simp, auto )
+
+lemma index_list_indices:
+"k < n \<Longrightarrow> (index_list n)!k = k"
+ apply(induction n)
+ apply (simp; fail)
+ by (simp add: index_list_length nth_append)
+
+lemma index_list_set:
+"set (index_list n) = {..<n}"
+ apply(induction n)
+ apply force
+ by (metis Zero_not_Suc atLeastLessThan_empty atLeastLessThan_singleton atLeastLessThan_upt
+ diff_Suc_1 index_list.elims ivl_disj_un_singleton(2) lessI lessThan_Suc_atMost less_Suc_eq_le
+ set_append sorted_list_of_set_empty sorted_list_of_set_range upt_rec)
+
+fun flat_map :: "('a => 'b list) => 'a list => 'b list" where
+ "flat_map f [] = []"
+ |"flat_map f (h#t) = (f h)@(flat_map f t)"
+
+abbreviation(input) project_at_indices ("\<pi>\<^bsub>_\<^esub>") where
+"project_at_indices S as \<equiv> nths as S"
+
+fun insert_at_index :: " 'a list \<Rightarrow>'a \<Rightarrow> nat \<Rightarrow> 'a list" where
+"insert_at_index as a n= (take n as) @ (a#(drop n as))"
+
+lemma insert_at_index_length:
+ shows "length (insert_at_index as a n) = length as + 1"
+ by(induction n, auto)
+
+lemma insert_at_index_eq[simp]:
+ assumes "n \<le> length as"
+ shows "(insert_at_index as a n)!n = a"
+ by (metis assms insert_at_index.elims length_take min.absorb2 nth_append_length)
+
+lemma insert_at_index_eq'[simp]:
+ assumes "n \<le> length as"
+ assumes "k < n"
+ shows "(insert_at_index as a n)!k = as ! k"
+ using assms
+ by (simp add: nth_append)
+
+lemma insert_at_index_eq''[simp]:
+ assumes "n < length as"
+ assumes "k \<le> n"
+ shows "(insert_at_index as a k)!(Suc n) = as ! n"
+ using assms insert_at_index.simps[of as a k]
+ by (smt Suc_diff_Suc append_take_drop_id diff_Suc_Suc dual_order.order_iff_strict
+ le_imp_less_Suc length_take less_trans min.absorb2 not_le nth_Cons_Suc nth_append)
+
+text\<open>Correctness of project\_at\_indices\<close>
+
+definition indices_of :: "'a list \<Rightarrow> nat set" where
+"indices_of as = {..<(length as)}"
+
+lemma proj_at_index_list_length[simp]:
+ assumes "S \<subseteq> indices_of as"
+ shows "length (project_at_indices S as) = card S"
+proof-
+ have "S = {i. i < length as \<and> i \<in> S}"
+ using assms unfolding indices_of_def
+ by blast
+ thus ?thesis
+ using length_nths[of as S] by auto
+qed
+
+text\<open>A function which enumerates finite sets\<close>
+
+abbreviation(input) set_to_list :: "nat set \<Rightarrow> nat list" where
+"set_to_list S \<equiv> sorted_list_of_set S"
+
+lemma set_to_list_set:
+ assumes "finite S"
+ shows "set (set_to_list S) = S"
+ by (simp add: assms)
+
+lemma set_to_list_length:
+ assumes "finite S"
+ shows "length (set_to_list S) = card S"
+ by (metis assms length_remdups_card_conv length_sort set_sorted_list_of_set sorted_list_of_set_sort_remdups)
+
+lemma set_to_list_empty:
+ assumes "card S = 0"
+ shows "set_to_list S = []"
+ by (metis assms length_0_conv length_sorted_list_of_set)
+
+lemma set_to_list_first:
+ assumes "card S > 0"
+ shows "Min S = set_to_list S ! 0 "
+proof-
+ have 0: "set (set_to_list S) = S"
+ using assms card_ge_0_finite set_sorted_list_of_set by blast
+ have 1: "sorted (set_to_list S)"
+ by simp
+ show ?thesis apply(rule Min_eqI)
+ using assms card_ge_0_finite apply blast
+ apply (metis "0" "1" in_set_conv_nth less_Suc0 less_or_eq_imp_le not_less_eq sorted_iff_nth_mono_less)
+ by (metis "0" Max_in assms card_0_eq card_ge_0_finite gr_zeroI in_set_conv_nth not_less0)
+qed
+
+lemma set_to_list_last:
+ assumes "card S > 0"
+ shows "Max S = last (set_to_list S)"
+proof-
+ have 0: "set (set_to_list S) = S"
+ using assms card_ge_0_finite set_sorted_list_of_set by blast
+ have 1: "sorted (set_to_list S)"
+ by simp
+ show ?thesis apply(rule Max_eqI)
+ using assms card_ge_0_finite apply blast
+ apply (smt "0" "1" Suc_diff_1 in_set_conv_nth last_conv_nth le_simps(2) length_greater_0_conv
+ less_or_eq_imp_le nat_neq_iff neq0_conv not_less_eq sorted_iff_nth_mono_less)
+ by (metis "0" assms card.empty empty_set last_in_set less_numeral_extra(3))
+qed
+
+lemma set_to_list_insert_Max:
+ assumes "finite S"
+ assumes "\<And>s. s \<in> S \<Longrightarrow> a > s"
+ shows "set_to_list (insert a S) = set_to_list S @[a]"
+ by (metis assms(1) assms(2) card_0_eq card_insert_if finite.insertI infinite_growing
+ insert_not_empty less_imp_le_nat sorted_insort_is_snoc sorted_list_of_set(1) sorted_list_of_set(2)
+ sorted_list_of_set_insert)
+
+lemma set_to_list_insert_Min:
+ assumes "finite S"
+ assumes "\<And>s. s \<in> S \<Longrightarrow> a < s"
+ shows "set_to_list (insert a S) = a#set_to_list S"
+ by (metis assms(1) assms(2) insort_is_Cons nat_less_le sorted_list_of_set(1) sorted_list_of_set_insert)
+
+fun nth_elem where
+"nth_elem S n = set_to_list S ! n"
+
+lemma nth_elem_closed:
+ assumes "i < card S"
+ shows "nth_elem S i \<in> S"
+ by (metis assms card.infinite not_less0 nth_elem.elims nth_mem set_to_list_length sorted_list_of_set(1))
+
+lemma nth_elem_Min:
+ assumes "card S > 0"
+ shows "nth_elem S 0 = Min S"
+ by (simp add: assms set_to_list_first)
+
+lemma nth_elem_Max:
+ assumes "card S > 0"
+ shows "nth_elem S (card S - 1) = Max S"
+proof-
+ have "last (set_to_list S) = set_to_list S ! (card S - 1)"
+ by (metis assms card_0_eq card_ge_0_finite last_conv_nth neq0_conv set_to_list_length sorted_list_of_set_eq_Nil_iff)
+ thus ?thesis
+ using assms set_to_list_last set_to_list_length
+ by simp
+qed
+
+lemma nth_elem_Suc:
+ assumes "card S > Suc n"
+ shows "nth_elem S (Suc n) > nth_elem S n"
+ using assms sorted_sorted_list_of_set[of S] set_to_list_length[of S]
+ by (metis Suc_lessD card.infinite distinct_sorted_list_of_set lessI nat_less_le not_less0 nth_elem.elims nth_eq_iff_index_eq sorted_iff_nth_mono_less)
+
+lemma nth_elem_insert_Min:
+ assumes "card S > 0"
+ assumes "a < Min S"
+ shows "nth_elem (insert a S) (Suc i) = nth_elem S i"
+ using assms
+ by (metis Min_gr_iff card_0_eq card_ge_0_finite neq0_conv nth_Cons_Suc nth_elem.elims set_to_list_insert_Min)
+
+lemma set_to_list_Suc_map:
+ assumes "finite S"
+ shows "set_to_list (Suc ` S) = map Suc (set_to_list S)"
+proof-
+ obtain n where n_def: "n = card S"
+ by blast
+ have "\<And>S. card S = n \<Longrightarrow> set_to_list (Suc ` S) = map Suc (set_to_list S)"
+ proof(induction n)
+ case 0
+ then show ?case
+ by (metis card_eq_0_iff finite_imageD image_is_empty inj_Suc list.simps(8) set_to_list_empty)
+ next
+ case (Suc n)
+ have 0: "S = insert (Min S) (S - {Min S})"
+ by (metis Min_in Suc.prems card_gt_0_iff insert_Diff zero_less_Suc)
+ have 1: "sorted_list_of_set (Suc ` (S - {Min S})) = map Suc (sorted_list_of_set (S - {Min S}))"
+ by (metis "0" Suc.IH Suc.prems card_Diff_singleton card.infinite diff_Suc_1 insertI1 nat.simps(3))
+ have 2: "set_to_list S = (Min S)#(set_to_list (S - {Min S}))"
+ by (metis "0" DiffD1 Min_le Suc.prems card_Diff_singleton card.infinite card_insert_if
+ diff_Suc_1 finite_Diff n_not_Suc_n nat.simps(3) nat_less_le set_to_list_insert_Min)
+ have 3: "sorted_list_of_set (Suc ` S) = (Min (Suc ` S))#(set_to_list ((Suc ` S) - {Min (Suc ` S)}))"
+ by (metis DiffD1 Diff_idemp Min_in Min_le Suc.prems card_Diff1_less card_eq_0_iff finite_Diff
+ finite_imageI image_is_empty insert_Diff nat.simps(3) nat_less_le set_to_list_insert_Min)
+ have 4: "(Min (Suc ` S)) = Suc (Min S)"
+ by (metis Min.hom_commute Suc.prems Suc_le_mono card_eq_0_iff min_def nat.simps(3))
+ have 5: "sorted_list_of_set (Suc ` S) = Suc (Min S)#(set_to_list ((Suc ` S) - {Suc (Min S)}))"
+ using 3 4 by auto
+ have 6: "sorted_list_of_set (Suc ` S) = Suc (Min S)#(set_to_list (Suc ` (S - {Min S})))"
+ by (metis (no_types, lifting) "0" "5" Diff_insert_absorb image_insert inj_Suc inj_on_insert)
+ show ?case
+ using 6
+ by (simp add: "1" "2")
+ qed
+ thus ?thesis
+ using n_def by blast
+qed
+
+lemma nth_elem_Suc_im:
+ assumes "i < card S"
+ shows "nth_elem (Suc ` S) i = Suc (nth_elem S i) "
+ using set_to_list_Suc_map
+ by (metis assms card_ge_0_finite dual_order.strict_trans not_gr0 nth_elem.elims nth_map set_to_list_length)
+
+lemma set_to_list_upto:
+"set_to_list {..<n} = [0..<n]"
+ by (simp add: lessThan_atLeast0)
+
+lemma nth_elem_upto:
+ assumes "i < n"
+ shows "nth_elem {..<n} i = i"
+ using set_to_list_upto
+ by (simp add: assms)
+
+text\<open>Characterizing the entries of project\_at\_indices \<close>
+
+lemma project_at_indices_append:
+"project_at_indices S (as@bs) = project_at_indices S as @ project_at_indices {j. j + length as \<in> S} bs"
+ using nths_append[of as bs S] by auto
+
+lemma project_at_indices_nth:
+ assumes "S \<subseteq> indices_of as"
+ assumes "card S > i"
+ shows "project_at_indices S as ! i = as ! (nth_elem S i)"
+proof-
+ have "\<And> S i. S \<subseteq> indices_of as \<and> card S > i \<Longrightarrow> project_at_indices S as ! i = as ! (nth_elem S i)"
+ proof(induction as)
+ case Nil
+ then show ?case
+ by (metis list.size(3) not_less0 nths_nil proj_at_index_list_length)
+ next
+ case (Cons a as)
+ assume A: "S \<subseteq> indices_of (a # as) \<and> i < card S"
+ have 0: "nths (a # as) S = (if 0 \<in> S then [a] else []) @ nths as {j. Suc j \<in> S}"
+ using nths_Cons[of a as S] by simp
+ show "nths (a # as) S ! i = (a # as) ! nth_elem S i"
+ proof(cases "0 \<in> S")
+ case True
+ show ?thesis
+ proof(cases "S = {0}")
+ case True
+ then show ?thesis
+ using "0" Cons.prems by auto
+ next
+ case False
+ have T0: "nths (a # as) S = a#nths as {j. Suc j \<in> S}"
+ using 0
+ by (simp add: True)
+ have T1: "{j. Suc j \<in> S} \<subseteq> indices_of as"
+ proof fix x assume A: "x \<in> {j. Suc j \<in> S}"
+ then have "Suc x < length (a#as)"
+ using Cons.prems indices_of_def by blast
+ then show "x \<in> indices_of as"
+ by (simp add: indices_of_def)
+ qed
+ have T2: "\<And>i. i < card {j. Suc j \<in> S} \<Longrightarrow> nths as {j. Suc j \<in> S} ! i = as ! nth_elem {j. Suc j \<in> S} i"
+ using Cons.IH T1 by blast
+ have T3: "\<And>i. i < card {j. Suc j \<in> S} \<Longrightarrow> nth_elem {j. j > 0 \<and> j\<in> S} i = nth_elem S (Suc i)"
+ proof-
+ have 0: " 0 < card {j. Suc j \<in> S}"
+ by (smt Cons.prems Diff_iff Diff_subset False T0 T1 True add_diff_cancel_left'
+ card.insert card_0_eq card.infinite finite_subset gr_zeroI insert_Diff
+ length_Cons n_not_Suc_n plus_1_eq_Suc proj_at_index_list_length singletonI)
+ have 1: "(insert 0 {j. 0 < j \<and> j \<in> S}) = S"
+ apply(rule set_eqI) using True gr0I by blast
+ have 2: "0 < Min {j. 0 < j \<and> j \<in> S}" using False
+ by (metis (mono_tags, lifting) "1" Cons.prems Min_in finite_insert finite_lessThan
+ finite_subset indices_of_def less_Suc_eq less_Suc_eq_0_disj mem_Collect_eq singleton_conv)
+ show "\<And>i. i < card {j. Suc j \<in> S} \<Longrightarrow> nth_elem {j. 0 < j \<and> j \<in> S} i = nth_elem S (Suc i)"
+ using 0 1 2 nth_elem_insert_Min[of "{j. 0 < j \<and> j \<in> S}" 0] True False
+ by (metis (no_types, lifting) Cons.prems T0 T1 card_gt_0_iff finite_insert length_Cons less_SucI proj_at_index_list_length)
+ qed
+ show "nths (a # as) S ! i = (a # as) ! nth_elem S i"
+ apply(cases "i = 0")
+ apply (metis Cons.prems Min_le T0 True card_ge_0_finite le_zero_eq nth_Cons' nth_elem_Min)
+ proof-
+ assume "i \<noteq> 0"
+ then have "i = Suc (i - 1)"
+ using Suc_pred' by blast
+ hence "nths (a # as) S ! i = nths as {j. Suc j \<in> S} ! (i-1)"
+ using A by (simp add: T0)
+ thus "nths (a # as) S ! i = (a # as) ! nth_elem S i"
+ proof-
+ have "i - 1 < card {j. Suc j \<in> S}"
+ by (metis Cons.prems Suc_less_SucD T0 T1 \<open>i = Suc (i - 1)\<close> length_Cons proj_at_index_list_length)
+ hence 0: "nth_elem {j. 0 < j \<and> j \<in> S} (i - 1) = nth_elem S i"
+ using T3[of "i-1"] \<open>i = Suc (i - 1)\<close> by auto
+
+ have 1: "nths as {j. Suc j \<in> S} ! (i-1) = as ! nth_elem {j. Suc j \<in> S} (i-1)"
+ using T2 \<open>i - 1 < card {j. Suc j \<in> S}\<close> by blast
+ have 2: "(a # as) ! nth_elem S i = as! ((nth_elem S i) - 1)"
+ by (metis Cons.prems \<open>i = Suc (i - 1)\<close> not_less0 nth_Cons' nth_elem_Suc)
+ have 3: "(nth_elem S i) - 1 = nth_elem {j. Suc j \<in> S} (i-1)"
+ proof-
+ have "Suc ` {j. Suc j \<in> S} = {j. 0 < j \<and> j \<in> S}"
+ proof
+ show "Suc ` {j. Suc j \<in> S} \<subseteq> {j. 0 < j \<and> j \<in> S}"
+ by blast
+ show "{j. 0 < j \<and> j \<in> S} \<subseteq> Suc ` {j. Suc j \<in> S}"
+ using Suc_pred gr0_conv_Suc by auto
+ qed
+ thus ?thesis
+ using "0" \<open>i - 1 < card {j. Suc j \<in> S}\<close> nth_elem_Suc_im by fastforce
+ qed
+ show "nths (a # as) S ! i = (a # as) ! nth_elem S i"
+ using "1" "2" "3" \<open>nths (a # as) S ! i = nths as {j. Suc j \<in> S} ! (i - 1)\<close> by auto
+ qed
+ qed
+ qed
+ next
+ case False
+ have F0: "nths (a # as) S = nths as {j. Suc j \<in> S}"
+ by (simp add: "0" False)
+ have F1: "Suc `{j. Suc j \<in> S} = S"
+ proof show "Suc ` {j. Suc j \<in> S} \<subseteq> S" by auto
+ show "S \<subseteq> Suc ` {j. Suc j \<in> S}" using False Suc_pred
+ by (smt image_iff mem_Collect_eq neq0_conv subsetI)
+ qed
+ have F2: "{j. Suc j \<in> S} \<subseteq> indices_of as \<and> i < card {j. Suc j \<in> S}"
+ using F1
+ by (metis (mono_tags, lifting) A F0 Suc_less_SucD indices_of_def length_Cons lessThan_iff
+ mem_Collect_eq proj_at_index_list_length subset_iff)
+ have F3: "project_at_indices {j. Suc j \<in> S} as ! i = as ! (nth_elem {j. Suc j \<in> S} i)"
+ using F2 Cons(1)[of "{j. Suc j \<in> S}"] Cons(2)
+ by blast
+ then show ?thesis
+ using F0 F1 F2 nth_elem_Suc_im by fastforce
+ qed
+ qed
+ then show ?thesis
+ using assms(1) assms(2) by blast
+qed
+
+text\<open>An inverse for nth\_elem\<close>
+
+definition set_rank where
+"set_rank S x = (THE i. i < card S \<and> x = nth_elem S i)"
+
+lemma set_rank_exist:
+ assumes "finite S"
+ assumes "x \<in> S"
+ shows "\<exists>i. i < card S \<and> x = nth_elem S i"
+ using assms nth_elem.simps[of S]
+ by (metis in_set_conv_nth set_to_list_length sorted_list_of_set(1))
+
+lemma set_rank_unique:
+ assumes "finite S"
+ assumes "x \<in> S"
+ assumes "i < card S \<and> x = nth_elem S i"
+ assumes "j < card S \<and> x = nth_elem S j"
+ shows "i = j"
+ using assms nth_elem.simps[of S]
+ by (simp add: \<open>i < card S \<and> x = nth_elem S i\<close> \<open>j < card S \<and> x = nth_elem S j\<close>
+ nth_eq_iff_index_eq set_to_list_length)
+
+lemma nth_elem_set_rank_inv:
+ assumes "finite S"
+ assumes "x \<in> S"
+ shows "nth_elem S (set_rank S x) = x"
+ using the_equality set_rank_unique set_rank_exist assms
+ unfolding set_rank_def
+ by smt
+
+lemma set_rank_nth_elem_inv:
+ assumes "finite S"
+ assumes "i < card S"
+ shows "set_rank S (nth_elem S i) = i"
+ using the_equality set_rank_unique set_rank_exist assms
+ unfolding set_rank_def
+proof -
+ show "(THE n. n < card S \<and> nth_elem S i = nth_elem S n) = i"
+ using assms(1) assms(2) nth_elem_closed set_rank_unique by blast
+qed
+
+lemma set_rank_range:
+ assumes "finite S"
+ assumes "x \<in> S"
+ shows "set_rank S x < card S"
+ using assms(1) assms(2) set_rank_exist set_rank_nth_elem_inv by fastforce
+
+lemma project_at_indices_nth':
+ assumes "S \<subseteq> indices_of as"
+ assumes "i \<in> S"
+ shows "as ! i = project_at_indices S as ! (set_rank S i) "
+ by (metis assms(1) assms(2) finite_lessThan finite_subset indices_of_def nth_elem_set_rank_inv
+ project_at_indices_nth set_rank_range)
+
+fun proj_away_from_index :: "nat \<Rightarrow> 'a list \<Rightarrow> 'a list" ("\<pi>\<^bsub>\<noteq>_\<^esub>")where
+"proj_away_from_index n as = (take n as)@(drop (Suc n) as)"
+
+text\<open>proj\_away\_from\_index is an inverse to insert\_at\_index\<close>
+
+lemma insert_at_index_project_away[simp]:
+ assumes "k < length as"
+ assumes "bs = (insert_at_index as a k)"
+ shows "\<pi>\<^bsub>\<noteq> k\<^esub> bs = as"
+ using assms insert_at_index.simps[of as a k] proj_away_from_index.simps[of k bs]
+ by (simp add: \<open>k < length as\<close> less_imp_le_nat min.absorb2)
+
+definition fibred_cell :: "'a list set \<Rightarrow> ('a list \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> 'a list set" where
+"fibred_cell C P = {as . \<exists>x t. as = (t#x) \<and> x \<in> C \<and> (P x t)}"
+
+definition fibred_cell_at_ind :: "nat \<Rightarrow> 'a list set \<Rightarrow> ('a list \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> 'a list set" where
+"fibred_cell_at_ind n C P = {as . \<exists>x t. as = (insert_at_index x t n) \<and> x \<in> C \<and> (P x t)}"
+
+lemma fibred_cell_lengths:
+ assumes "\<And>k. k \<in> C \<Longrightarrow> length k = n"
+ shows "k \<in> (fibred_cell C P) \<Longrightarrow> length k = Suc n"
+proof-
+ assume "k \<in> (fibred_cell C P)"
+ obtain x t where "k = (t#x) \<and> x \<in> C \<and> P x t"
+ proof -
+ assume a1: "\<And>t x. k = t # x \<and> x \<in> C \<and> P x t \<Longrightarrow> thesis"
+ have "\<exists>as a. k = a # as \<and> as \<in> C \<and> P as a"
+ using \<open>k \<in> fibred_cell C P\<close> fibred_cell_def by blast
+ then show ?thesis
+ using a1 by blast
+ qed
+ then show ?thesis
+ by (simp add: assms)
+qed
+
+lemma fibred_cell_at_ind_lengths:
+ assumes "\<And>k. k \<in> C \<Longrightarrow> length k = n"
+ assumes "k \<le> n"
+ shows "c \<in> (fibred_cell_at_ind k C P) \<Longrightarrow> length c = Suc n"
+proof-
+ assume "c \<in> (fibred_cell_at_ind k C P)"
+ then obtain x t where "c = (insert_at_index x t k) \<and> x \<in> C \<and> (P x t)"
+ using assms
+ unfolding fibred_cell_at_ind_def
+ by blast
+ then show ?thesis
+ by (simp add: assms(1))
+qed
+
+lemma project_fibred_cell:
+ assumes "\<And>k. k \<in> C \<Longrightarrow> length k = n"
+ assumes "k < n"
+ assumes "\<forall>x \<in> C. \<exists>t. P x t"
+ shows "\<pi>\<^bsub>\<noteq> k\<^esub> ` (fibred_cell_at_ind k C P) = C"
+proof
+ show "\<pi>\<^bsub>\<noteq>k\<^esub> ` fibred_cell_at_ind k C P \<subseteq> C"
+ proof
+ fix x
+ assume x_def: "x \<in> \<pi>\<^bsub>\<noteq>k\<^esub> ` fibred_cell_at_ind k C P"
+ then obtain c where c_def: "x = \<pi>\<^bsub>\<noteq>k\<^esub> c \<and> c \<in> fibred_cell_at_ind k C P"
+ by blast
+ then obtain y t where yt_def: "c = (insert_at_index y t k) \<and> y \<in> C \<and> (P y t)"
+ using assms
+ unfolding fibred_cell_at_ind_def
+ by blast
+ have 0: "x =\<pi>\<^bsub>\<noteq>k\<^esub> c"
+ by (simp add: c_def)
+ have 1: "y =\<pi>\<^bsub>\<noteq>k\<^esub> c"
+ using yt_def assms(1) assms(2)
+ by (metis insert_at_index_project_away)
+ have 2: "x = y" using 0 1 by auto
+ then show "x \<in> C"
+ by (simp add: yt_def)
+ qed
+ show "C \<subseteq> \<pi>\<^bsub>\<noteq>k\<^esub> ` fibred_cell_at_ind k C P"
+ proof fix x
+ assume A: "x \<in> C"
+ obtain t where t_def: "P x t"
+ using assms A by auto
+ then show "x \<in> \<pi>\<^bsub>\<noteq>k\<^esub> ` fibred_cell_at_ind k C P"
+ proof -
+ have f1: "\<forall>a n A as. take n as @ (a::'a) # drop n as \<notin> A \<or> as \<in> \<pi>\<^bsub>\<noteq>n\<^esub> ` A \<or> \<not> n < length as"
+ by (metis insert_at_index.simps insert_at_index_project_away rev_image_eqI)
+ have "\<forall>n. \<exists>as a. take n x @ t # drop n x = insert_at_index as a n \<and> as \<in> C \<and> P as a"
+ using A t_def by auto
+ then have "\<forall>n. take n x @ t # drop n x \<in> {insert_at_index as a n |as a. as \<in> C \<and> P as a}"
+ by blast
+ then have "x \<in> \<pi>\<^bsub>\<noteq>k\<^esub> ` {insert_at_index as a k |as a. as \<in> C \<and> P as a}"
+ using f1 by (metis (lifting) A assms(1) assms(2))
+ then show ?thesis
+ by (simp add: fibred_cell_at_ind_def)
+ qed
+ qed
+qed
+
+definition list_segment where
+"list_segment i j as = map (nth as) [i..<j]"
+
+lemma list_segment_length:
+ assumes "i \<le> j"
+ assumes "j \<le> length as"
+ shows "length (list_segment i j as) = j - i"
+ using assms
+ unfolding list_segment_def
+ by (metis length_map length_upt)
+
+lemma list_segment_drop:
+ assumes "i < length as"
+ shows "(list_segment i (length as) as) = drop i as"
+ by (metis One_nat_def Suc_diff_Suc add_diff_inverse_nat drop0 drop_map drop_upt
+ less_Suc_eq list_segment_def map_nth neq0_conv not_less0 plus_1_eq_Suc)
+
+lemma list_segment_concat:
+ assumes "j \<le> k"
+ assumes "i \<le> j"
+ shows "(list_segment i j as) @ (list_segment j k as) = (list_segment i k as)"
+ using assms unfolding list_segment_def
+ using le_Suc_ex upt_add_eq_append
+ by fastforce
+
+lemma list_segment_subset:
+ assumes "j \<le> k"
+ shows "set (list_segment i j as) \<subseteq> set (list_segment i k as)"
+ apply(cases "i > j")
+ unfolding list_segment_def
+ apply (metis in_set_conv_nth length_map list.size(3) order.asym subsetI upt_rec zero_order(3))
+proof-
+ assume "\<not> j < i"
+ then have "i \<le>j"
+ using not_le
+ by blast
+ then have "list_segment i j as @ list_segment j k as = list_segment i k as"
+ using assms list_segment_concat[of j k i as] by auto
+ then show "set (map ((!) as) [i..<j]) \<subseteq> set (map ((!) as) [i..<k])"
+ using set_append unfolding list_segment_def
+ by (metis Un_upper1)
+qed
+
+lemma list_segment_subset_list_set:
+ assumes "j \<le> length as"
+ shows "set (list_segment i j as) \<subseteq> set as"
+ apply(cases "i \<ge> j")
+ apply (simp add: list_segment_def)
+proof-
+ assume A: "\<not> j \<le> i"
+ then have B: "i < j"
+ by auto
+ have 0: "list_segment i (length as) as = drop i as"
+ using B assms list_segment_drop[of i as] less_le_trans
+ by blast
+ have 1: "set (list_segment i j as) \<subseteq> set (list_segment i (length as) as)"
+ using B assms list_segment_subset[of j "length as" i as]
+ by blast
+ then show ?thesis
+ using assms 0 dual_order.trans set_drop_subset[of i as]
+ by metis
+qed
+
+definition fun_inv where
+"fun_inv = inv"
+
+
+
+end
diff --git a/thys/Padic_Field/Padic_Field_Polynomials.thy b/thys/Padic_Field/Padic_Field_Polynomials.thy
new file mode 100755
--- /dev/null
+++ b/thys/Padic_Field/Padic_Field_Polynomials.thy
@@ -0,0 +1,1811 @@
+theory Padic_Field_Polynomials
+ imports Padic_Fields
+
+begin
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+section\<open>$p$-adic Univariate Polynomials and Hensel's Lemma\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+type_synonym padic_field_poly = "nat \<Rightarrow> padic_number"
+
+type_synonym padic_field_fun = "padic_number \<Rightarrow> padic_number"
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Gauss Norms of Polynomials\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text \<open>
+ The Gauss norm of a polynomial is defined to be the minimum valuation of a coefficient of that
+ polynomial. This induces a valuation on the ring of polynomials, and in particular it satisfies
+ the ultrametric inequality. In addition, the Gauss norm of a polynomial $f(x)$ gives a lower
+ bound for the value $\text{val } (f(a))$ in terms of $\text{val }(a)$, for a point
+ $a \in \mathbb{Q}_p$. We introduce Gauss norms here as a useful tool for stating and proving
+ Hensel's Lemma for the field $\mathbb{Q}_p$. We are abusing terminology slightly in calling
+ this the Gauss norm, rather than the Gauss valuation, but this is just to conform with our
+ decision to work exclusively with the $p$-adic valuation and not discuss the equivalent
+ real-valued $p$-adic norm. For a detailed treatment of Gauss norms one can see, for example
+ \cite{engler2005valued}.
+\<close>
+context padic_fields
+begin
+
+no_notation Zp.to_fun (infixl\<open>\<bullet>\<close> 70)
+
+abbreviation(input) Q\<^sub>p_x where
+"Q\<^sub>p_x \<equiv> UP Q\<^sub>p"
+
+definition gauss_norm where
+"gauss_norm g = Min (val ` g ` {..degree g}) "
+
+lemma gauss_normE:
+ assumes "g \<in> carrier Q\<^sub>p_x"
+ shows "gauss_norm g \<le> val (g k)"
+ apply(cases "k \<le> degree g")
+ unfolding gauss_norm_def
+ using assms apply auto[1]
+proof-
+ assume "\<not> k \<le> degree g"
+ then have "g k = \<zero>\<^bsub>Q\<^sub>p\<^esub> "
+ by (simp add: UPQ.deg_leE assms)
+ then show "Min (val ` g ` {..deg Q\<^sub>p g}) \<le> val (g k)"
+ by (simp add: local.val_zero)
+qed
+
+lemma gauss_norm_geqI:
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ assumes "\<And>n. val (g n) \<ge> \<alpha>"
+ shows "gauss_norm g \<ge> \<alpha>"
+ unfolding gauss_norm_def using assms
+ by simp
+
+lemma gauss_norm_eqI:
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ assumes "\<And>n. val (g n) \<ge> \<alpha>"
+ assumes "val (g i) = \<alpha>"
+ shows "gauss_norm g = \<alpha>"
+proof-
+ have 0: "gauss_norm g \<le> \<alpha>"
+ using assms gauss_normE gauss_norm_def by fastforce
+ have 1: "gauss_norm g \<ge> \<alpha>"
+ using assms gauss_norm_geqI by auto
+ show ?thesis using 0 1 by auto
+qed
+
+lemma nonzero_poly_nonzero_coeff:
+ assumes "g \<in> carrier Q\<^sub>p_x"
+ assumes "g \<noteq> \<zero>\<^bsub>Q\<^sub>p_x\<^esub>"
+ shows "\<exists>k. k \<le>degree g \<and> g k \<noteq>\<zero>\<^bsub>Q\<^sub>p\<^esub>"
+proof(rule ccontr)
+ assume "\<not> (\<exists>k\<le>degree g. g k \<noteq> \<zero>\<^bsub>Q\<^sub>p\<^esub>)"
+ then have 0: "\<And>k. g k = \<zero>\<^bsub>Q\<^sub>p\<^esub>"
+ by (meson UPQ.deg_leE assms(1) not_le_imp_less)
+ then show False
+ using assms UPQ.cfs_zero by blast
+qed
+
+lemma gauss_norm_prop:
+ assumes "g \<in> carrier Q\<^sub>p_x"
+ assumes "g \<noteq> \<zero>\<^bsub>Q\<^sub>p_x\<^esub>"
+ shows "gauss_norm g \<noteq> \<infinity>"
+proof-
+ obtain k where k_def: "k \<le>degree g \<and> g k \<noteq>\<zero>\<^bsub>Q\<^sub>p\<^esub>"
+ using assms nonzero_poly_nonzero_coeff
+ by blast
+ then have 0: "gauss_norm g \<le> val (g k)"
+ using assms(1) gauss_normE by blast
+ have "g k \<in> carrier Q\<^sub>p"
+ using UPQ.cfs_closed assms(1) by blast
+ hence "val (g k) < \<infinity>"
+ using k_def assms
+ by (metis eint_ord_code(3) eint_ord_simps(4) val_ineq)
+ then show ?thesis
+ using 0 not_le by fastforce
+qed
+
+lemma gauss_norm_coeff_norm:
+ "\<exists>n \<le> degree g. (gauss_norm g) = val (g n)"
+proof-
+ have "finite (val ` g ` {..deg Q\<^sub>p g})"
+ by blast
+ hence "\<exists>x \<in> (val ` g ` {..deg Q\<^sub>p g}). gauss_norm g = x"
+ unfolding gauss_norm_def
+ by auto
+ thus ?thesis unfolding gauss_norm_def
+ by blast
+qed
+
+lemma gauss_norm_smult_cfs:
+ assumes "g \<in> carrier Q\<^sub>p_x"
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "gauss_norm g = val (g k)"
+ shows "gauss_norm (a \<odot>\<^bsub>Q\<^sub>p_x\<^esub> g) = val a + val (g k)"
+proof-
+ obtain l where l_def: "gauss_norm (a \<odot>\<^bsub>Q\<^sub>p_x\<^esub> g) = val ((a \<odot>\<^bsub>Q\<^sub>p_x\<^esub> g) l)"
+ using gauss_norm_coeff_norm
+ by blast
+ then have "gauss_norm (a \<odot>\<^bsub>Q\<^sub>p_x\<^esub> g) = val (a \<otimes>\<^bsub>Q\<^sub>p\<^esub> (g l))"
+ using assms
+ by simp
+ then have "gauss_norm (a \<odot>\<^bsub>Q\<^sub>p_x\<^esub> g) = val a + val (g l)"
+ by (simp add: UPQ.cfs_closed assms(1) assms(2) val_mult)
+ then have 0: "gauss_norm (a \<odot>\<^bsub>Q\<^sub>p_x\<^esub> g) \<le> val a +val (g k)"
+ using assms gauss_normE[of g l]
+ by (metis UPQ.UP_smult_closed UPQ.cfs_closed UPQ.cfs_smult gauss_normE val_mult)
+ have "val a + val (g k) = val ((a \<odot>\<^bsub>Q\<^sub>p_x\<^esub> g) k)"
+ by (simp add: UPQ.cfs_closed assms(1) assms(2) val_mult)
+ then have "gauss_norm (a \<odot>\<^bsub>Q\<^sub>p_x\<^esub> g) \<ge> val a + val (g k)"
+ by (metis \<open>gauss_norm (a \<odot>\<^bsub>UP Q\<^sub>p\<^esub> g) = val a + val (g l)\<close> add_left_mono assms(1) assms(3) gauss_normE)
+ then show ?thesis
+ using 0 by auto
+qed
+
+lemma gauss_norm_smult:
+ assumes "g \<in> carrier Q\<^sub>p_x"
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "gauss_norm (a \<odot>\<^bsub>Q\<^sub>p_x\<^esub> g) = val a + gauss_norm g"
+ using gauss_norm_smult_cfs[of g a] gauss_norm_coeff_norm[of g] assms
+ by metis
+
+lemma gauss_norm_ultrametric:
+ assumes "g \<in> carrier Q\<^sub>p_x"
+ assumes "h \<in> carrier Q\<^sub>p_x"
+ shows "gauss_norm (g \<oplus>\<^bsub>Q\<^sub>p_x\<^esub> h) \<ge> min (gauss_norm g) (gauss_norm h)"
+proof-
+ obtain k where "gauss_norm (g \<oplus>\<^bsub>Q\<^sub>p_x\<^esub> h) = val ((g \<oplus>\<^bsub>Q\<^sub>p_x\<^esub> h) k)"
+ using gauss_norm_coeff_norm
+ by blast
+ then have 0: "gauss_norm (g \<oplus>\<^bsub>Q\<^sub>p_x\<^esub> h) = val (g k \<oplus>\<^bsub>Q\<^sub>p\<^esub> h k)"
+ by (simp add: assms(1) assms(2))
+ have "min (val (g k)) (val (h k))\<ge> min (gauss_norm g) (gauss_norm h)"
+ using gauss_normE[of g k] gauss_normE[of h k] assms(1) assms(2) min.mono
+ by blast
+ then show ?thesis
+ using 0 val_ultrametric[of "g k" "h k"] assms(1) assms(2) dual_order.trans
+ by (metis (no_types, lifting) UPQ.cfs_closed)
+qed
+
+lemma gauss_norm_a_inv:
+ assumes "f \<in> carrier (UP Q\<^sub>p)"
+ shows "gauss_norm (\<ominus>\<^bsub>UP Q\<^sub>p\<^esub>f) = gauss_norm f"
+proof-
+ have 0: "\<And>n. ((\<ominus>\<^bsub>UP Q\<^sub>p\<^esub>f) n) = \<ominus> (f n)"
+ using assms by simp
+ have 1: "\<And>n. val ((\<ominus>\<^bsub>UP Q\<^sub>p\<^esub>f) n) = val (f n)"
+ using 0 assms UPQ.UP_car_memE(1) val_minus by presburger
+ obtain i where i_def: "gauss_norm f = val (f i)"
+ using assms gauss_norm_coeff_norm by blast
+ have 2: "\<And>k. val ((\<ominus>\<^bsub>UP Q\<^sub>p\<^esub>f) k) \<ge> val (f i)"
+ unfolding 1
+ using i_def assms gauss_normE by fastforce
+ show ?thesis
+ apply(rule gauss_norm_eqI[of _ _ i])
+ apply (simp add: assms; fail)
+ unfolding 1 using assms gauss_normE apply blast
+ unfolding i_def by blast
+qed
+
+lemma gauss_norm_ultrametric':
+ assumes "f \<in> carrier (UP Q\<^sub>p)"
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ shows "gauss_norm (f \<ominus>\<^bsub>UP Q\<^sub>p\<^esub> g) \<ge> min (gauss_norm f) (gauss_norm g)"
+ unfolding a_minus_def
+ using assms gauss_norm_a_inv[of g] gauss_norm_ultrametric
+ by (metis UPQ.UP_a_inv_closed)
+
+lemma gauss_norm_finsum:
+ assumes "f \<in> A \<rightarrow> carrier Q\<^sub>p_x"
+ assumes "finite A"
+ assumes "A \<noteq> {}"
+ shows " gauss_norm (\<Oplus>\<^bsub>Q\<^sub>p_x\<^esub>i\<in>A. f i) \<ge> Min (gauss_norm ` (f`A))"
+proof-
+ obtain k where k_def: "val ((\<Oplus>\<^bsub>Q\<^sub>p_x\<^esub>i\<in>A. f i) k) = gauss_norm (\<Oplus>\<^bsub>Q\<^sub>p_x\<^esub>i\<in>A. f i)"
+ by (metis gauss_norm_coeff_norm)
+ then have 0: "val (\<Oplus>\<^bsub>Q\<^sub>p\<^esub>i\<in>A. f i k) \<ge> Min (val ` (\<lambda> i. f i k) ` A)"
+ using finsum_val_ultrametric[of "\<lambda> i. f i k" A] assms
+ by (simp add: \<open>\<lbrakk>(\<lambda>i. f i k) \<in> A \<rightarrow> carrier Q\<^sub>p; finite A; A \<noteq> {}\<rbrakk> \<Longrightarrow> Min (val ` (\<lambda>i. f i k) ` A) \<le> val (\<Oplus>i\<in>A. f i k)\<close> Pi_iff UPQ.cfs_closed)
+ have "(\<And>a. a \<in> A \<Longrightarrow> (val \<circ> (\<lambda>i. f i k)) a \<ge> gauss_norm (f a))"
+ using gauss_normE assms
+ by (metis (no_types, lifting) Pi_split_insert_domain Set.set_insert comp_apply)
+ then have "Min (val ` (\<lambda> i. f i k) ` A) \<ge> Min ((\<lambda> i. gauss_norm (f i)) ` A)"
+ using Min_mono'[of A]
+ by (simp add: assms(2) image_comp)
+ then have 1: "Min (val ` (\<lambda> i. f i k) ` A) \<ge> Min (gauss_norm ` f ` A)"
+ by (metis image_image)
+ have "f \<in> A \<rightarrow> carrier (UP Q\<^sub>p) \<longrightarrow> ((\<Oplus>\<^bsub>Q\<^sub>p_x\<^esub>i\<in>A. f i) \<in> carrier Q\<^sub>p_x \<and> ((\<Oplus>\<^bsub>Q\<^sub>p_x\<^esub>i\<in>A. f i) k) = (\<Oplus>\<^bsub>Q\<^sub>p\<^esub>i\<in>A. f i k)) "
+ apply(rule finite.induct[of A])
+ apply (simp add: assms(2); fail)
+ apply (metis (no_types, lifting) Pi_I Qp.add.finprod_one_eqI UPQ.P.finsum_closed UPQ.P.finsum_empty UPQ.cfs_zero empty_iff)
+ proof-
+ fix a A assume A: "finite A" "f \<in> A \<rightarrow> carrier (UP Q\<^sub>p) \<longrightarrow> ( finsum (UP Q\<^sub>p) f A \<in> carrier (UP Q\<^sub>p) \<and> finsum (UP Q\<^sub>p) f A k = (\<Oplus>i\<in>A. f i k)) "
+ show " f \<in> insert a A \<rightarrow> carrier (UP Q\<^sub>p) \<longrightarrow> finsum (UP Q\<^sub>p) f (insert a A) \<in> carrier (UP Q\<^sub>p) \<and> finsum (UP Q\<^sub>p) f (insert a A) k = (\<Oplus>i\<in>insert a A. f i k)"
+ apply(cases "a \<in> A")
+ using A
+ apply (simp add: insert_absorb; fail)
+ proof assume B: "a \<notin> A" " f \<in> insert a A \<rightarrow> carrier (UP Q\<^sub>p)"
+ then have f_a: "f a \<in> carrier (UP Q\<^sub>p)"
+ by blast
+ have f_A: "f \<in> A \<rightarrow> carrier (UP Q\<^sub>p)"
+ using B by blast
+ have "finsum (UP Q\<^sub>p) f (insert a A) = f a \<oplus>\<^bsub>UP Q\<^sub>p\<^esub>finsum (UP Q\<^sub>p) f A"
+ using assms A B f_a f_A finsum_insert by simp
+ then have 0: "finsum (UP Q\<^sub>p) f (insert a A) k = f a k \<oplus>\<^bsub>Q\<^sub>p\<^esub> (finsum (UP Q\<^sub>p) f A) k"
+ using f_a f_A A B
+ by simp
+ have " ( \<lambda> a. f a k) \<in> A \<rightarrow> carrier Q\<^sub>p"
+ proof fix a assume "a \<in> A"
+ then have "f a \<in> carrier (UP Q\<^sub>p)"
+ using f_A by blast
+ then show "f a k \<in> carrier Q\<^sub>p"
+ using A cfs_closed by blast
+ qed
+ then have 0: "finsum (UP Q\<^sub>p) f (insert a A) k = (\<Oplus>i\<in>insert a A. f i k)"
+ using A B Qp.finsum_insert[of A a "\<lambda> a. f a k"]
+ by (simp add: UPQ.cfs_closed)
+ thus " finsum (UP Q\<^sub>p) f (insert a A) \<in> carrier (UP Q\<^sub>p) \<and> finsum (UP Q\<^sub>p) f (insert a A) k = (\<Oplus>i\<in>insert a A. f i k)"
+ using B(2) UPQ.P.finsum_closed by blast
+ qed
+ qed
+ then have "(\<Oplus>\<^bsub>Q\<^sub>p_x\<^esub>i\<in>A. f i) \<in> carrier Q\<^sub>p_x \<and> ((\<Oplus>\<^bsub>Q\<^sub>p_x\<^esub>i\<in>A. f i) k) = (\<Oplus>\<^bsub>Q\<^sub>p\<^esub>i\<in>A. f i k)"
+ using assms by blast
+ hence 3: "gauss_norm (\<Oplus>\<^bsub>Q\<^sub>p_x\<^esub>i\<in>A. f i) \<ge> Min (val ` (\<lambda> i. f i k) ` A)"
+ using 0 k_def by auto
+ thus ?thesis
+ using 1 le_trans by auto
+qed
+
+lemma gauss_norm_monom:
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "gauss_norm (monom Q\<^sub>p_x a n) = val a"
+proof-
+ have "val ((monom Q\<^sub>p_x a n) n) \<ge> gauss_norm (monom Q\<^sub>p_x a n)"
+ using assms gauss_normE[of "monom Q\<^sub>p_x a n" n] UPQ.monom_closed
+ by blast
+ then show ?thesis
+ using gauss_norm_coeff_norm[of "monom Q\<^sub>p_x a n"] assms val_ineq UPQ.cfs_monom by fastforce
+qed
+
+lemma val_val_ring_prod:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ shows "val (a \<otimes>\<^bsub>Q\<^sub>p\<^esub> b) \<ge> val b"
+proof-
+ have 0: "val (a \<otimes>\<^bsub>Q\<^sub>p\<^esub> b) = val a + val b"
+ using assms val_ring_memE[of a] val_mult
+ by blast
+ have 1: " val a \<ge> 0"
+ using assms
+ by (simp add: val_ring_memE)
+ then show ?thesis
+ using assms 0
+ by simp
+qed
+
+lemma val_val_ring_prod':
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ shows "val (b \<otimes>\<^bsub>Q\<^sub>p\<^esub> a) \<ge> val b"
+ using val_val_ring_prod[of a b]
+ by (simp add: Qp.m_comm val_ring_memE assms(1) assms(2))
+
+lemma val_ring_nat_pow_closed:
+ assumes "a \<in> \<O>\<^sub>p"
+ shows "(a[^](n::nat)) \<in> \<O>\<^sub>p"
+ apply(induction n)
+ apply auto[1]
+ using Qp.inv_one Z\<^sub>p_mem apply blast
+ by (metis Qp.nat_pow_Suc Qp.nat_pow_closed val_ring_memE assms image_eqI inc_of_prod to_Zp_closed to_Zp_inc to_Zp_mult)
+
+lemma val_ringI:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "val a \<ge>0"
+ shows " a \<in> \<O>\<^sub>p"
+ apply(rule val_ring_val_criterion)
+ using assms by auto
+
+notation UPQ.to_fun (infixl\<open>\<bullet>\<close> 70)
+
+lemma val_gauss_norm_eval:
+ assumes "g \<in> carrier Q\<^sub>p_x"
+ assumes "a \<in> \<O>\<^sub>p"
+ shows "val (g \<bullet> a) \<ge> gauss_norm g"
+proof-
+ have 0: "g\<bullet>a = (\<Oplus>\<^bsub>Q\<^sub>p\<^esub>i\<in>{..degree g}. (g i)\<otimes>\<^bsub>Q\<^sub>p\<^esub> (a[^]i))"
+ using val_ring_memE assms to_fun_formula[of g a] by auto
+
+ have 1: "(\<lambda>i. g i \<otimes>\<^bsub>Q\<^sub>p\<^esub> (a[^]i)) \<in> {..degree g} \<rightarrow> carrier Q\<^sub>p"
+ using assms
+ by (meson Pi_I val_ring_memE cfs_closed monom_term_car)
+ then have 2: "val (g\<bullet>a) \<ge> Min (val ` (\<lambda> i. ((g i)\<otimes>\<^bsub>Q\<^sub>p\<^esub> (a[^]i))) ` {..degree g})"
+ using 0 finsum_val_ultrametric[of "\<lambda> i. ((g i)\<otimes>\<^bsub>Q\<^sub>p\<^esub> (a[^]i))" "{..degree g}" ]
+ by (metis finite_atMost not_empty_eq_Iic_eq_empty)
+ have 3: "\<And> i. val ((g i)\<otimes>\<^bsub>Q\<^sub>p\<^esub> (a[^]i)) = val (g i) + val (a[^]i)"
+ using assms val_mult
+ by (simp add: val_ring_memE UPQ.cfs_closed)
+ have 4: "\<And> i. val ((g i)\<otimes>\<^bsub>Q\<^sub>p\<^esub> (a[^]i)) \<ge> val (g i)"
+ proof-
+ fix i
+ show "val ((g i)\<otimes>\<^bsub>Q\<^sub>p\<^esub> (a[^]i)) \<ge> val (g i)"
+ using val_val_ring_prod'[of "a[^]i" "g i" ]
+ assms(1) assms(2) val_ring_nat_pow_closed cfs_closed
+ by simp
+ qed
+ have "Min (val ` (\<lambda>i. g i \<otimes>\<^bsub>Q\<^sub>p\<^esub> (a[^]i)) ` {..degree g}) \<ge> Min ((\<lambda>i. val (g i)) ` {..degree g})"
+ using Min_mono'[of "{..degree g}" "\<lambda>i. val (g i)" "\<lambda>i. val (g i \<otimes>\<^bsub>Q\<^sub>p\<^esub> (a[^]i))" ] 4 2
+ by (metis finite_atMost image_image)
+ then have "Min (val ` (\<lambda>i. g i \<otimes>\<^bsub>Q\<^sub>p\<^esub> (a[^]i)) ` {..degree g}) \<ge> Min (val ` g ` {..degree g})"
+ by (metis image_image)
+ then have "val (g\<bullet>a) \<ge> Min (val ` g ` {..degree g})"
+ using 2
+ by (meson atMost_iff atMost_subset_iff in_mono)
+ then show ?thesis
+ by (simp add: \<open>val (g\<bullet>a) \<ge> Min (val ` g ` {..degree g})\<close> gauss_norm_def)
+qed
+
+lemma positive_gauss_norm_eval:
+ assumes "g \<in> carrier Q\<^sub>p_x"
+ assumes "gauss_norm g \<ge> 0"
+ assumes "a \<in> \<O>\<^sub>p"
+ shows "(g\<bullet>a) \<in> \<O>\<^sub>p"
+ apply(rule val_ring_val_criterion[of "g\<bullet>a"])
+ using assms val_ring_memE
+ using UPQ.to_fun_closed apply blast
+ using assms val_gauss_norm_eval[of g a] by auto
+
+lemma positive_gauss_norm_valuation_ring_coeffs:
+ assumes "g \<in> carrier Q\<^sub>p_x"
+ assumes "gauss_norm g \<ge> 0"
+ shows "g n \<in> \<O>\<^sub>p"
+ apply(rule val_ringI)
+ using cfs_closed assms(1) apply blast
+ using gauss_normE[of g n] assms by auto
+
+lemma val_ring_cfs_imp_nonneg_gauss_norm:
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ assumes "\<And>n. g n \<in> \<O>\<^sub>p"
+ shows "gauss_norm g \<ge> 0"
+ by(rule gauss_norm_geqI, rule assms, rule val_ring_memE, rule assms)
+
+lemma val_of_add_pow:
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "val ([(n::nat)]\<cdot>a) \<ge> val a"
+proof-
+ have 0: "[(n::nat)]\<cdot>a = ([n]\<cdot>\<one>)\<otimes>a"
+ using assms Qp.add_pow_ldistr Qp.cring_simprules(12) Qp.one_closed by presburger
+ have 1: "val ([(n::nat)]\<cdot>a) = val ([n]\<cdot>\<one>) + val a"
+ unfolding 0 by(rule val_mult, simp, rule assms)
+ show ?thesis unfolding 1 using assms
+ by (simp add: val_of_nat_inc)
+qed
+
+lemma gauss_norm_pderiv:
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ shows "gauss_norm g \<le> gauss_norm (pderiv g)"
+ apply(rule gauss_norm_geqI)
+ using UPQ.pderiv_closed assms apply blast
+ using gauss_normE pderiv_cfs val_of_add_pow
+ by (smt UPQ.cfs_closed assms dual_order.trans)
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Mapping Polynomials with Value Ring Coefficients to Polynomials over $\mathbb{Z}_p$\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+definition to_Zp_poly where
+"to_Zp_poly g = (\<lambda>n. to_Zp (g n))"
+
+lemma to_Zp_poly_closed:
+ assumes "g \<in> carrier Q\<^sub>p_x"
+ assumes "gauss_norm g \<ge> 0"
+ shows "to_Zp_poly g \<in> carrier (UP Z\<^sub>p)"
+proof-
+ have "to_Zp_poly g \<in> up Z\<^sub>p"
+ apply(rule mem_upI)
+ unfolding to_Zp_poly_def
+ using cfs_closed[of g ] assms(1) to_Zp_closed[of ] apply blast
+ proof-
+ have "\<exists>n. bound \<zero>\<^bsub>Q\<^sub>p\<^esub> n g"
+ using UPQ.deg_leE assms(1) by auto
+ then obtain n where n_def: " bound \<zero>\<^bsub>Q\<^sub>p\<^esub> n g"
+ by blast
+ then have " bound \<zero>\<^bsub>Z\<^sub>p\<^esub> n (\<lambda>n. to_Zp (g n))"
+ unfolding bound_def
+ by (simp add: to_Zp_zero)
+ then show "\<exists>n. bound \<zero>\<^bsub>Z\<^sub>p\<^esub> n (\<lambda>n. to_Zp (g n))"
+ by blast
+ qed
+ then show ?thesis using UP_def[of Z\<^sub>p]
+ by simp
+qed
+
+definition poly_inc where
+"poly_inc g = (\<lambda>n::nat. \<iota> (g n))"
+
+lemma poly_inc_closed:
+ assumes "g \<in> carrier (UP Z\<^sub>p)"
+ shows "poly_inc g \<in> carrier Q\<^sub>p_x"
+proof-
+ have "poly_inc g \<in> up Q\<^sub>p"
+ proof(rule mem_upI)
+ show "\<And>n. poly_inc g n \<in> carrier Q\<^sub>p"
+ proof- fix n
+ have "g n \<in> carrier Z\<^sub>p"
+ using assms UP_def
+ by (simp add: UP_def mem_upD)
+ then show "poly_inc g n \<in> carrier Q\<^sub>p"
+ using assms poly_inc_def[of g] inc_def[of "g n" ] inc_closed
+ by force
+ qed
+ show "\<exists>n. bound \<zero>\<^bsub>Q\<^sub>p\<^esub> n (poly_inc g)"
+ proof-
+ obtain n where n_def: " bound \<zero>\<^bsub>Z\<^sub>p\<^esub> n g"
+ using assms bound_def[of "\<zero>\<^bsub>Z\<^sub>p\<^esub>" _ g]Zp.cring_axioms UP_cring.deg_leE[of Z\<^sub>p g]
+ unfolding UP_cring_def
+ by metis
+ then have " bound \<zero>\<^bsub>Q\<^sub>p\<^esub> n (poly_inc g)"
+ unfolding poly_inc_def bound_def
+ by (metis Qp.nat_inc_zero Zp.nat_inc_zero inc_of_nat)
+ then show ?thesis by blast
+ qed
+ qed
+ then show ?thesis
+ by (simp add: \<open>poly_inc g \<in> up Q\<^sub>p\<close> UP_def)
+qed
+
+lemma poly_inc_inverse_right:
+ assumes "g \<in> carrier (UP Z\<^sub>p)"
+ shows "to_Zp_poly (poly_inc g) = g"
+proof-
+ have 0: "\<And>n. g n \<in> carrier Z\<^sub>p"
+ by (simp add: Zp.cfs_closed assms)
+ show ?thesis
+ unfolding to_Zp_poly_def poly_inc_def
+ proof
+ fix n
+ show "to_Zp (\<iota> (g n)) = g n"
+ using 0 inc_to_Zp
+ by auto
+ qed
+qed
+
+lemma poly_inc_inverse_left:
+ assumes "g \<in> carrier Q\<^sub>p_x"
+ assumes "gauss_norm g \<ge>0"
+ shows "poly_inc (to_Zp_poly g) = g"
+proof
+ fix x
+ show "poly_inc (to_Zp_poly g) x = g x"
+ using assms unfolding poly_inc_def to_Zp_poly_def
+ by (simp add: positive_gauss_norm_valuation_ring_coeffs to_Zp_inc)
+qed
+
+lemma poly_inc_plus:
+ assumes "f \<in> carrier (UP Z\<^sub>p)"
+ assumes "g \<in> carrier (UP Z\<^sub>p)"
+ shows "poly_inc (f \<oplus>\<^bsub>UP Z\<^sub>p\<^esub> g) = poly_inc f \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> poly_inc g"
+proof
+ fix n
+ have 0: "poly_inc (f \<oplus>\<^bsub>UP Z\<^sub>p\<^esub> g) n = \<iota> (f n \<oplus>\<^bsub>Z\<^sub>p\<^esub> g n)"
+ unfolding poly_inc_def using assms by auto
+ have 1: "(poly_inc f \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> poly_inc g) n = poly_inc f n \<oplus> poly_inc g n"
+ by(rule cfs_add, rule poly_inc_closed, rule assms, rule poly_inc_closed, rule assms)
+ show "poly_inc (f \<oplus>\<^bsub>UP Z\<^sub>p\<^esub> g) n = (poly_inc f \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> poly_inc g) n"
+ unfolding 0 1 unfolding poly_inc_def
+ apply(rule inc_of_sum)
+ using assms apply (simp add: Zp.cfs_closed; fail)
+ using assms by (simp add: Zp.cfs_closed)
+qed
+
+lemma poly_inc_monom:
+ assumes "a \<in> carrier Z\<^sub>p"
+ shows "poly_inc (monom (UP Z\<^sub>p) a m) = monom (UP Q\<^sub>p) (\<iota> a) m"
+proof fix n
+ show "poly_inc (monom (UP Z\<^sub>p) a m) n = monom (UP Q\<^sub>p) (\<iota> a) m n"
+ apply(cases "m = n")
+ using assms cfs_monom[of "\<iota> a"] Zp.cfs_monom[of a] unfolding poly_inc_def
+ apply (simp add: inc_closed; fail)
+ using assms cfs_monom[of "\<iota> a"] Zp.cfs_monom[of a] unfolding poly_inc_def
+ by (metis Qp.nat_mult_zero Zp_nat_inc_zero inc_closed inc_of_nat)
+qed
+
+lemma poly_inc_times:
+ assumes "f \<in> carrier (UP Z\<^sub>p)"
+ assumes "g \<in> carrier (UP Z\<^sub>p)"
+ shows "poly_inc (f \<otimes>\<^bsub>UP Z\<^sub>p\<^esub> g) = poly_inc f \<otimes>\<^bsub>UP Q\<^sub>p\<^esub> poly_inc g"
+ apply(rule UP_ring.poly_induct3[of Z\<^sub>p])
+ apply (simp add: Zp.is_UP_ring; fail)
+ using assms apply blast
+proof-
+ fix p q
+ assume A: "q \<in> carrier (UP Z\<^sub>p)" "p \<in> carrier (UP Z\<^sub>p)"
+ "poly_inc (f \<otimes>\<^bsub>UP Z\<^sub>p\<^esub> p) = poly_inc f \<otimes>\<^bsub>UP Q\<^sub>p\<^esub> poly_inc p"
+ "poly_inc (f \<otimes>\<^bsub>UP Z\<^sub>p\<^esub> q) = poly_inc f \<otimes>\<^bsub>UP Q\<^sub>p\<^esub> poly_inc q"
+ have 0: "(f \<otimes>\<^bsub>UP Z\<^sub>p\<^esub> (p \<oplus>\<^bsub>UP Z\<^sub>p\<^esub> q)) = (f \<otimes>\<^bsub>UP Z\<^sub>p\<^esub> p) \<oplus>\<^bsub>UP Z\<^sub>p\<^esub> (f \<otimes>\<^bsub>UP Z\<^sub>p\<^esub> q)"
+ using assms(1) A
+ by (simp add: Zp.P.r_distr)
+ have 1: "poly_inc (p \<oplus>\<^bsub>UP Z\<^sub>p\<^esub> q) = poly_inc p \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> poly_inc q"
+ by(rule poly_inc_plus, rule A, rule A)
+ show "poly_inc (f \<otimes>\<^bsub>UP Z\<^sub>p\<^esub> (p \<oplus>\<^bsub>UP Z\<^sub>p\<^esub> q)) = poly_inc f \<otimes>\<^bsub>UP Q\<^sub>p\<^esub> poly_inc (p \<oplus>\<^bsub>UP Z\<^sub>p\<^esub> q)"
+ unfolding 0 1 using A poly_inc_closed poly_inc_plus
+ by (simp add: UPQ.P.r_distr assms(1))
+next
+ fix a fix n::nat
+ assume A: "a \<in> carrier Z\<^sub>p"
+ show "poly_inc (f \<otimes>\<^bsub>UP Z\<^sub>p\<^esub> monom (UP Z\<^sub>p) a n) =
+ poly_inc f \<otimes>\<^bsub>UP Q\<^sub>p\<^esub> poly_inc (monom (UP Z\<^sub>p) a n)"
+ proof
+ fix m
+ show "poly_inc (f \<otimes>\<^bsub>UP Z\<^sub>p\<^esub> monom (UP Z\<^sub>p) a n) m =
+ (poly_inc f \<otimes>\<^bsub>UP Q\<^sub>p\<^esub> poly_inc (monom (UP Z\<^sub>p) a n)) m"
+ proof(cases "m < n")
+ case True
+ have T0: "(f \<otimes>\<^bsub>UP Z\<^sub>p\<^esub> monom (UP Z\<^sub>p) a n) m = \<zero>\<^bsub>Z\<^sub>p\<^esub>"
+ using True Zp.cfs_monom_mult[of f a m n] A assms
+ by blast
+ have T1: "poly_inc (monom (UP Z\<^sub>p) a n) = (monom (UP Q\<^sub>p) (\<iota> a) n)"
+ by(rule poly_inc_monom , rule A)
+ show ?thesis
+ unfolding T0 T1 using True
+ by (metis A Q\<^sub>p_def T0 UPQ.cfs_monom_mult Zp_def assms(1) inc_closed padic_fields.to_Zp_zero padic_fields_axioms poly_inc_closed poly_inc_def to_Zp_inc zero_in_val_ring)
+ next
+ case False
+ then have F0: "m \<ge> n"
+ using False by simp
+ have F1: "(f \<otimes>\<^bsub>UP Z\<^sub>p\<^esub> monom (UP Z\<^sub>p) a n) m = a \<otimes>\<^bsub>Z\<^sub>p\<^esub> f (m - n)"
+ using Zp.cfs_monom_mult_l' F0 A assms by simp
+ have F2: "poly_inc (monom (UP Z\<^sub>p) a n) = monom (UP Q\<^sub>p) (\<iota> a) n "
+ by(rule poly_inc_monom, rule A)
+ have F3: "(poly_inc f \<otimes>\<^bsub>UP Q\<^sub>p\<^esub> poly_inc (monom (UP Z\<^sub>p) a n)) m
+ = (\<iota> a) \<otimes> (poly_inc f (m -n))"
+ using UPQ.cfs_monom_mult_l' F0 A assms poly_inc_closed
+ by (simp add: F2 inc_closed)
+ show ?thesis
+ unfolding F3 unfolding poly_inc_def F1
+ apply(rule inc_of_prod, rule A)
+ using assms Zp.cfs_closed by blast
+ qed
+ qed
+qed
+
+lemma poly_inc_one:
+"poly_inc (\<one>\<^bsub>UP Z\<^sub>p\<^esub>) = \<one>\<^bsub>UP Q\<^sub>p\<^esub>"
+apply(rule ext)
+ unfolding poly_inc_def
+ using inc_of_one inc_of_zero
+ by simp
+
+lemma poly_inc_zero:
+"poly_inc (\<zero>\<^bsub>UP Z\<^sub>p\<^esub>) = \<zero>\<^bsub>UP Q\<^sub>p\<^esub>"
+apply(rule ext)
+ unfolding poly_inc_def
+ using inc_of_one inc_of_zero
+ by simp
+
+lemma poly_inc_hom:
+"poly_inc \<in> ring_hom (UP Z\<^sub>p) (UP Q\<^sub>p)"
+ apply(rule ring_hom_memI)
+ apply(rule poly_inc_closed, blast)
+ apply(rule poly_inc_times, blast, blast)
+ apply(rule poly_inc_plus, blast, blast)
+ by(rule poly_inc_one)
+
+lemma poly_inc_as_poly_lift_hom:
+ assumes "f \<in> carrier (UP Z\<^sub>p)"
+ shows "poly_inc f = poly_lift_hom Z\<^sub>p Q\<^sub>p \<iota> f"
+ apply(rule ext)
+ unfolding poly_inc_def
+ using Zp.poly_lift_hom_cf[of Q\<^sub>p \<iota> f] assms UPQ.R_cring local.inc_is_hom
+ by blast
+
+lemma poly_inc_eval:
+ assumes "g \<in> carrier (UP Z\<^sub>p)"
+ assumes "a \<in> carrier Z\<^sub>p"
+ shows "to_function Q\<^sub>p (poly_inc g) (\<iota> a) = \<iota> (to_function Z\<^sub>p g a)"
+proof-
+ have 0: "poly_inc g = poly_lift_hom Z\<^sub>p Q\<^sub>p \<iota> g"
+ using assms poly_inc_as_poly_lift_hom[of g] by blast
+ have 1: "to_function Q\<^sub>p (poly_lift_hom Z\<^sub>p Q\<^sub>p \<iota> g) (\<iota> a) = \<iota> (to_function Z\<^sub>p g a)"
+ using Zp.poly_lift_hom_eval[of Q\<^sub>p \<iota> g a] assms inc_is_hom
+ unfolding to_fun_def Zp.to_fun_def
+ using UPQ.R_cring by blast
+ show ?thesis unfolding 0 1
+ by blast
+qed
+
+lemma val_ring_poly_eval:
+ assumes "f \<in> carrier (UP Q\<^sub>p)"
+ assumes "\<And> i. f i \<in> \<O>\<^sub>p"
+ shows "\<And>x. x \<in> \<O>\<^sub>p \<Longrightarrow> f \<bullet> x \<in> \<O>\<^sub>p"
+ apply(rule positive_gauss_norm_eval, rule assms)
+ apply(rule val_ring_cfs_imp_nonneg_gauss_norm)
+ using assms by auto
+
+lemma Zp_res_of_pow:
+ assumes "a \<in> carrier Z\<^sub>p"
+ assumes "b \<in> carrier Z\<^sub>p"
+ assumes "a n = b n"
+ shows "(a[^]\<^bsub>Z\<^sub>p\<^esub>(k::nat)) n = (b[^]\<^bsub>Z\<^sub>p\<^esub>(k::nat)) n"
+ apply(induction k)
+ using assms Group.nat_pow_0 to_Zp_one apply metis
+ using Zp.geometric_series_id[of a b] Zp_residue_mult_zero(1) assms(1) assms(2) assms(3)
+ pow_closed res_diff_zero_fact'' res_diff_zero_fact(1) by metis
+
+lemma to_Zp_nat_pow:
+ assumes "a \<in> \<O>\<^sub>p"
+ shows "to_Zp (a[^](n::nat)) = (to_Zp a)[^]\<^bsub>Z\<^sub>p\<^esub>(n::nat)"
+ apply(induction n)
+ using assms Group.nat_pow_0 to_Zp_one apply metis
+ using assms to_Zp_mult[of a] Qp.m_comm Qp.nat_pow_Suc val_ring_memE pow_suc to_Zp_closed val_ring_nat_pow_closed
+ by metis
+
+lemma to_Zp_res_of_pow:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ assumes "to_Zp a n = to_Zp b n"
+ shows "to_Zp (a[^](k::nat)) n = to_Zp (b[^](k::nat)) n"
+ using assms val_ring_memE Zp_res_of_pow to_Zp_closed to_Zp_nat_pow by presburger
+
+lemma poly_eval_cong:
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ assumes "\<And>i. g i \<in> \<O>\<^sub>p"
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ assumes "to_Zp a k = to_Zp b k"
+ shows "to_Zp (g \<bullet> a) k = to_Zp (g \<bullet> b) k"
+proof-
+ have "(\<forall>i. g i \<in> \<O>\<^sub>p) \<longrightarrow> to_Zp (g \<bullet> a) k = to_Zp (g \<bullet> b) k"
+ proof(rule UPQ.poly_induct[of g])
+ show " g \<in> carrier (UP Q\<^sub>p)"
+ using assms by blast
+ show "\<And>p. p \<in> carrier (UP Q\<^sub>p) \<Longrightarrow> deg Q\<^sub>p p = 0 \<Longrightarrow> (\<forall>i. p i \<in> \<O>\<^sub>p) \<longrightarrow> to_Zp (p \<bullet> a) k = to_Zp (p \<bullet> b) k"
+ proof fix p assume A: "p \<in> carrier (UP Q\<^sub>p)" "deg Q\<^sub>p p = 0" "\<forall>i. p i \<in> \<O>\<^sub>p"
+ obtain c where c_def: "c \<in> carrier Q\<^sub>p \<and> p = up_ring.monom (UP Q\<^sub>p) c 0"
+ using A
+ by (metis UPQ.zcf_degree_zero UPQ.cfs_closed UPQ.trms_of_deg_leq_0 UPQ.trms_of_deg_leq_degree_f)
+ have p_eq: "p = up_ring.monom (UP Q\<^sub>p) c 0"
+ using c_def by blast
+ have p_cfs: "p 0 = c"
+ unfolding p_eq using c_def UP_ring.cfs_monom[of Q\<^sub>p c 0 0] UPQ.P_is_UP_ring by presburger
+ have c_closed: "c \<in> \<O>\<^sub>p"
+ using p_cfs A(3) by blast
+ have 0: "(p \<bullet> a) = c"
+ unfolding p_eq using c_def assms by (meson UPQ.to_fun_const val_ring_memE(2))
+ have 1: "(p \<bullet> b) = c"
+ unfolding p_eq using c_def assms UPQ.to_fun_const val_ring_memE(2) by presburger
+ show " to_Zp (p \<bullet> a) k = to_Zp (p \<bullet> b) k"
+ unfolding 0 1 by blast
+ qed
+ show "\<And>p. (\<And>q. q \<in> carrier (UP Q\<^sub>p) \<Longrightarrow> deg Q\<^sub>p q < deg Q\<^sub>p p \<Longrightarrow> (\<forall>i. q i \<in> \<O>\<^sub>p) \<longrightarrow> to_Zp (q \<bullet> a) k = to_Zp (q \<bullet> b) k) \<Longrightarrow>
+ p \<in> carrier (UP Q\<^sub>p) \<Longrightarrow> 0 < deg Q\<^sub>p p \<Longrightarrow> (\<forall>i. p i \<in> \<O>\<^sub>p) \<longrightarrow> to_Zp (p \<bullet> a) k = to_Zp (p \<bullet> b) k"
+ proof
+ fix p assume A: "(\<And>q. q \<in> carrier (UP Q\<^sub>p) \<Longrightarrow> deg Q\<^sub>p q < deg Q\<^sub>p p \<Longrightarrow> (\<forall>i. q i \<in> \<O>\<^sub>p) \<longrightarrow> to_Zp (q \<bullet> a) k = to_Zp (q \<bullet> b) k)"
+ "p \<in> carrier (UP Q\<^sub>p)" "0 < deg Q\<^sub>p p " " \<forall>i. p i \<in> \<O>\<^sub>p"
+ obtain q where q_def: "q \<in> carrier (UP Q\<^sub>p) \<and> deg Q\<^sub>p q < deg Q\<^sub>p p \<and> p = UPQ.ltrm p \<oplus>\<^bsub>UP Q\<^sub>p\<^esub>q"
+ by (metis A(2) A(3) UPQ.ltrm_closed UPQ.ltrm_decomp UPQ.UP_a_comm)
+ have 0: "\<And>i. p i = q i \<oplus> UPQ.ltrm p i"
+ using q_def A
+ by (metis Qp.a_ac(2) UPQ.ltrm_closed UPQ.UP_car_memE(1) UPQ.cfs_add)
+ have 1: "\<forall>i. q i \<in> \<O>\<^sub>p"
+ proof fix i
+ show "q i \<in> \<O>\<^sub>p"
+ apply(cases "i < deg Q\<^sub>p p")
+ using 0[of i] A(4) A(2) q_def
+ using UPQ.ltrm_closed UPQ.P.a_ac(2) UPQ.trunc_cfs UPQ.trunc_closed UPQ.trunc_simps(1)
+ apply (metis Qp.r_zero UPQ.ltrm_cfs UPQ.cfs_closed UPQ.deg_leE)
+ using q_def
+ by (metis (no_types, opaque_lifting) A(2) A(4) UPQ.P.add.m_closed UPQ.coeff_of_sum_diff_degree0 UPQ.deg_leE UPQ.equal_deg_sum UPQ.equal_deg_sum' \<open>\<And>thesis. (\<And>q. q \<in> carrier (UP Q\<^sub>p) \<and> deg Q\<^sub>p q < deg Q\<^sub>p p \<and> p = up_ring.monom (UP Q\<^sub>p) (p (deg Q\<^sub>p p)) (deg Q\<^sub>p p) \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> q \<Longrightarrow> thesis) \<Longrightarrow> thesis\<close> lessI linorder_neqE_nat)
+ qed
+ have 2: "UPQ.lcf p \<in> \<O>\<^sub>p"
+ using A(4) by blast
+ have 3: "UPQ.ltrm p \<bullet> a = UPQ.lcf p \<otimes> a[^] deg Q\<^sub>p p"
+ apply(rule UP_cring.to_fun_monom) unfolding UP_cring_def
+ using Qp.cring apply blast
+ using A UPQ.lcf_closed apply blast
+ using assms val_ring_memE(2) by blast
+ have 4: "UPQ.ltrm p \<bullet> b = UPQ.lcf p \<otimes> b[^] deg Q\<^sub>p p"
+ apply(rule UP_cring.to_fun_monom) unfolding UP_cring_def
+ using Qp.cring apply blast
+ using A UPQ.lcf_closed apply blast
+ using assms val_ring_memE(2) by blast
+ have p_eq: "p = q \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> UPQ.ltrm p"
+ using q_def by (metis A(2) UPQ.ltrm_closed UPQ.UP_a_comm)
+ have 5: "p \<bullet> a = q \<bullet> a \<oplus> UPQ.lcf p \<otimes> a[^] deg Q\<^sub>p p"
+ using assms val_ring_memE(2) p_eq q_def UPQ.to_fun_plus[of q "UPQ.ltrm p" a]
+ by (metis "3" A(2) UPQ.ltrm_closed UPQ.to_fun_plus)
+ have 6: "p \<bullet> b = q \<bullet> b \<oplus> UPQ.lcf p \<otimes> b[^] deg Q\<^sub>p p"
+ using assms val_ring_memE(2) p_eq q_def UPQ.to_fun_plus[of q "UPQ.ltrm p" a]
+ by (metis "4" A(2) UPQ.ltrm_closed UPQ.to_fun_plus)
+ have 7: "UPQ.lcf p \<otimes> b[^] deg Q\<^sub>p p \<in> \<O>\<^sub>p"
+ apply(rule val_ring_times_closed)
+ using "2" apply linarith
+ by(rule val_ring_nat_pow_closed, rule assms)
+ have 8: "UPQ.lcf p \<otimes> a[^] deg Q\<^sub>p p \<in> \<O>\<^sub>p"
+ apply(rule val_ring_times_closed)
+ using "2" apply linarith
+ by(rule val_ring_nat_pow_closed, rule assms)
+ have 9: "q \<bullet> a \<in> \<O>\<^sub>p"
+ using q_def 1 assms(3) val_ring_poly_eval by blast
+ have 10: "q \<bullet> b \<in> \<O>\<^sub>p"
+ using q_def 1 assms(4) val_ring_poly_eval by blast
+ have 11: "to_Zp (p \<bullet> a) = to_Zp (q \<bullet> a) \<oplus>\<^bsub>Z\<^sub>p\<^esub> to_Zp (UPQ.ltrm p \<bullet> a)"
+ using 5 8 9 to_Zp_add 3 by presburger
+ have 12: "to_Zp (p \<bullet> b) = to_Zp (q \<bullet> b) \<oplus>\<^bsub>Z\<^sub>p\<^esub> to_Zp (UPQ.ltrm p \<bullet> b)"
+ using 6 10 7 to_Zp_add 4 by presburger
+ have 13: "to_Zp (p \<bullet> a) k = to_Zp (q \<bullet> a) k \<oplus>\<^bsub>Zp_res_ring k\<^esub> to_Zp (UPQ.ltrm p \<bullet> a) k"
+ unfolding 11 using residue_of_sum by blast
+ have 14: "to_Zp (p \<bullet> b) k = to_Zp (q \<bullet> b) k \<oplus>\<^bsub>Zp_res_ring k\<^esub> to_Zp (UPQ.ltrm p \<bullet> b) k"
+ unfolding 12 using residue_of_sum by blast
+ have 15: "to_Zp (UPQ.ltrm p \<bullet> a) k = to_Zp (UPQ.ltrm p \<bullet> b) k"
+ proof(cases "k = 0")
+ case True
+ have T0: "to_Zp (UPQ.ltrm p \<bullet> a) \<in> carrier Z\<^sub>p"
+ unfolding 3 using 8 to_Zp_closed val_ring_memE(2) by blast
+ have T1: "to_Zp (UPQ.ltrm p \<bullet> b) \<in> carrier Z\<^sub>p"
+ unfolding 4 using 7 to_Zp_closed val_ring_memE(2) by blast
+ show ?thesis unfolding True using T0 T1 padic_integers.p_res_ring_0
+ by (metis p_res_ring_0' residues_closed)
+ next
+ case False
+ have k_pos: "k > 0"
+ using False by presburger
+ have 150: "to_Zp (p (deg Q\<^sub>p p) \<otimes> a [^] deg Q\<^sub>p p) = to_Zp (p (deg Q\<^sub>p p)) \<otimes>\<^bsub>Z\<^sub>p\<^esub> to_Zp( a [^] deg Q\<^sub>p p)"
+ apply(rule to_Zp_mult)
+ using "2" apply blast
+ by(rule val_ring_nat_pow_closed, rule assms)
+ have 151: "to_Zp (p (deg Q\<^sub>p p) \<otimes> b [^] deg Q\<^sub>p p) = to_Zp (p (deg Q\<^sub>p p)) \<otimes>\<^bsub>Z\<^sub>p\<^esub> to_Zp( b [^] deg Q\<^sub>p p)"
+ apply(rule to_Zp_mult)
+ using "2" apply blast
+ by(rule val_ring_nat_pow_closed, rule assms)
+ have 152: "to_Zp (p (deg Q\<^sub>p p) \<otimes> a [^] deg Q\<^sub>p p) k = to_Zp (p (deg Q\<^sub>p p)) k \<otimes>\<^bsub>Zp_res_ring k\<^esub> to_Zp( a [^] deg Q\<^sub>p p) k"
+ unfolding 150 using residue_of_prod by blast
+ have 153: "to_Zp (p (deg Q\<^sub>p p) \<otimes> b [^] deg Q\<^sub>p p) k = to_Zp (p (deg Q\<^sub>p p)) k \<otimes>\<^bsub>Zp_res_ring k\<^esub> to_Zp( b [^] deg Q\<^sub>p p) k"
+ unfolding 151 using residue_of_prod by blast
+ have 154: "to_Zp( a [^] deg Q\<^sub>p p) k = to_Zp a k [^]\<^bsub>Zp_res_ring k\<^esub> deg Q\<^sub>p p"
+ proof-
+ have 01: "\<And>m::nat. to_Zp (a[^]m) k = to_Zp a k [^]\<^bsub>Zp_res_ring k\<^esub> m"
+ proof-
+ fix m::nat show "to_Zp (a [^] m) k = to_Zp a k [^]\<^bsub>Zp_res_ring k\<^esub> m"
+ proof-
+ have 00: "to_Zp (a[^]m) = to_Zp a [^]\<^bsub>Z\<^sub>p\<^esub> m"
+ using assms to_Zp_nat_pow[of a "m"] by blast
+ have 01: "to_Zp a \<in> carrier Z\<^sub>p"
+ using assms to_Zp_closed val_ring_memE(2) by blast
+ have 02: "to_Zp a k \<in> carrier (Zp_res_ring k)"
+ using 01 residues_closed by blast
+ have 03: "cring (Zp_res_ring k)"
+ using k_pos padic_integers.R_cring padic_integers_axioms by blast
+ have 01: "(to_Zp a [^]\<^bsub>Z\<^sub>p\<^esub> m) k = (to_Zp a) k [^]\<^bsub>Zp_res_ring k\<^esub> m"
+ apply(induction m)
+ using 01 02 apply (metis Group.nat_pow_0 k_pos residue_of_one(1))
+ using residue_of_prod[of "to_Zp a [^]\<^bsub>Z\<^sub>p\<^esub> m" "to_Zp a" k] 01 02 03
+ proof -
+ fix ma :: nat
+ assume "(to_Zp a [^]\<^bsub>Z\<^sub>p\<^esub> ma) k = to_Zp a k [^]\<^bsub>Zp_res_ring k\<^esub> ma"
+ then show "(to_Zp a [^]\<^bsub>Z\<^sub>p\<^esub> Suc ma) k = to_Zp a k [^]\<^bsub>Zp_res_ring k\<^esub> Suc ma"
+ by (metis (no_types) Group.nat_pow_Suc residue_of_prod)
+ qed
+ show ?thesis unfolding 00 01 by blast
+ qed
+ qed
+ thus ?thesis by blast
+ qed
+ have 155: "to_Zp( b [^] deg Q\<^sub>p p) k = to_Zp b k [^]\<^bsub>Zp_res_ring k\<^esub> deg Q\<^sub>p p"
+ using assms by (metis "154" to_Zp_res_of_pow)
+ show ?thesis
+ unfolding 3 4 152 153 154 155 assms by blast
+ qed
+ show "to_Zp (p \<bullet> a) k = to_Zp (p \<bullet> b) k"
+ unfolding 13 14 15 using A 1 q_def by presburger
+ qed
+ qed
+ thus ?thesis using assms by blast
+qed
+
+lemma to_Zp_poly_eval:
+ assumes "g \<in> carrier Q\<^sub>p_x"
+ assumes "gauss_norm g \<ge> 0"
+ assumes "a \<in> \<O>\<^sub>p"
+ shows "to_Zp (to_function Q\<^sub>p g a) = to_function Z\<^sub>p (to_Zp_poly g) (to_Zp a)"
+proof-
+ obtain h where h_def: "h = to_Zp_poly g"
+ by blast
+ obtain b where b_def: "b = to_Zp a"
+ by blast
+ have h_poly_inc: "poly_inc h = g"
+ unfolding h_def using assms
+ by (simp add: poly_inc_inverse_left)
+ have b_inc: "\<iota> b = a"
+ unfolding b_def using assms
+ by (simp add: to_Zp_inc)
+ have h_closed: "h \<in> carrier (UP Z\<^sub>p)"
+ unfolding h_def using assms
+ by (simp add: to_Zp_poly_closed)
+ have b_closed: "b \<in> carrier Z\<^sub>p"
+ unfolding b_def using assms
+ by (simp add: to_Zp_closed val_ring_memE)
+ have 0: "to_function Q\<^sub>p (poly_inc h) (\<iota> b) = \<iota> (to_function Z\<^sub>p h b)"
+ apply(rule poly_inc_eval)
+ using h_def assms apply (simp add: to_Zp_poly_closed; fail)
+ unfolding b_def using assms
+ by (simp add: to_Zp_closed val_ring_memE)
+ have 1: "to_Zp (to_function Q\<^sub>p (poly_inc h) (\<iota> b)) = to_function Z\<^sub>p h b"
+ unfolding 0
+ using h_closed b_closed Zp.to_fun_closed Zp.to_fun_def inc_to_Zp by auto
+ show ?thesis
+ using 1 unfolding h_poly_inc b_inc
+ unfolding h_def b_def by blast
+qed
+
+lemma poly_eval_equal_val:
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ assumes "\<And>x. g x \<in> \<O>\<^sub>p"
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ assumes "val (g \<bullet> a) < eint n"
+ assumes "to_Zp a n = to_Zp b n"
+ shows "val (g \<bullet> b) = val (g \<bullet> a)"
+proof-
+ have "(\<forall>x. g x \<in> \<O>\<^sub>p) \<longrightarrow> to_Zp (g \<bullet> b) n = to_Zp (g \<bullet> a) n"
+ proof(rule poly_induct[of g])
+ show "g \<in> carrier (UP Q\<^sub>p)"
+ by (simp add: assms(1))
+ show "\<And>p. p \<in> carrier (UP Q\<^sub>p) \<Longrightarrow> deg Q\<^sub>p p = 0 \<Longrightarrow> (\<forall>x. p x \<in> \<O>\<^sub>p) \<longrightarrow> to_Zp (p \<bullet> b) n = to_Zp (p \<bullet> a) n"
+ proof fix p assume A: "p \<in> carrier (UP Q\<^sub>p)" " deg Q\<^sub>p p = 0 " "\<forall>x. p x \<in> \<O>\<^sub>p "
+ show "to_Zp (p \<bullet> b) n = to_Zp (p \<bullet> a) n"
+ using A by (metis val_ring_memE UPQ.to_fun_ctrm UPQ.trms_of_deg_leq_0 UPQ.trms_of_deg_leq_degree_f assms(3) assms(4))
+ qed
+ show "\<And>p. (\<And>q. q \<in> carrier (UP Q\<^sub>p) \<Longrightarrow> deg Q\<^sub>p q < deg Q\<^sub>p p \<Longrightarrow> (\<forall>x. q x \<in> \<O>\<^sub>p) \<longrightarrow> to_Zp (q \<bullet> b) n = to_Zp (q \<bullet> a) n) \<Longrightarrow>
+ p \<in> carrier (UP Q\<^sub>p) \<Longrightarrow> 0 < deg Q\<^sub>p p \<Longrightarrow> (\<forall>x. p x \<in> \<O>\<^sub>p) \<longrightarrow> to_Zp (p \<bullet> b) n = to_Zp (p \<bullet> a) n"
+ proof fix p assume IH: "(\<And>q. q \<in> carrier (UP Q\<^sub>p) \<Longrightarrow> deg Q\<^sub>p q < deg Q\<^sub>p p \<Longrightarrow> (\<forall>x. q x \<in> \<O>\<^sub>p) \<longrightarrow> to_Zp (q \<bullet> b) n = to_Zp (q \<bullet> a) n)"
+ assume A: "p \<in> carrier (UP Q\<^sub>p)" "0 < deg Q\<^sub>p p" "\<forall>x. p x \<in> \<O>\<^sub>p"
+ show "to_Zp (p \<bullet> b) n = to_Zp (p \<bullet> a) n"
+ proof-
+ obtain q where q_def: "q \<in> carrier (UP Q\<^sub>p) \<and> deg Q\<^sub>p q < deg Q\<^sub>p p \<and>
+ p = q \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> ltrm p"
+ using A by (meson UPQ.ltrm_decomp)
+ have p_eq: "p = q \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> ltrm p"
+ using q_def by blast
+ have "\<forall>x. q x \<in> \<O>\<^sub>p" proof fix x
+ have px: "p x = (q \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> ltrm p) x"
+ using p_eq by simp
+ show "q x \<in> \<O>\<^sub>p"
+ proof(cases "x \<le> deg Q\<^sub>p q")
+ case True
+ then have "p x = q x"
+ unfolding px using q_def A
+ by (smt UPQ.ltrm_closed UPQ.P.add.right_cancel UPQ.coeff_of_sum_diff_degree0 UPQ.deg_ltrm UPQ.trunc_cfs UPQ.trunc_closed UPQ.trunc_simps(1) less_eq_Suc_le nat_neq_iff not_less_eq_eq)
+ then show ?thesis using A
+ by blast
+ next
+ case False
+ then show ?thesis
+ using q_def UPQ.deg_eqI eq_imp_le nat_le_linear zero_in_val_ring
+ by (metis (no_types, lifting) UPQ.coeff_simp UPQ.deg_belowI)
+ qed
+ qed
+ then have 0: " to_Zp (q \<bullet> b) n = to_Zp (q \<bullet> a) n"
+ using IH q_def by blast
+ have 1: "to_Zp (ltrm p \<bullet> b) n = to_Zp (ltrm p \<bullet> a) n"
+ proof-
+ have 10: "(ltrm p \<bullet> b) = (p (deg Q\<^sub>p p)) \<otimes> b[^] (deg Q\<^sub>p p)"
+ using assms A by (meson val_ring_memE UPQ.to_fun_monom)
+ have 11: "(ltrm p \<bullet> a) = (p (deg Q\<^sub>p p)) \<otimes> a[^] (deg Q\<^sub>p p)"
+ using assms A by (meson val_ring_memE UPQ.to_fun_monom)
+ have 12: "to_Zp (b[^] (deg Q\<^sub>p p)) n = to_Zp (a[^] (deg Q\<^sub>p p)) n"
+ using to_Zp_res_of_pow assms by metis
+ have 13: "p (deg Q\<^sub>p p) \<in> \<O>\<^sub>p"
+ using A(3) by blast
+ have 14: "b[^] (deg Q\<^sub>p p) \<in> \<O>\<^sub>p"
+ using assms(4) val_ring_nat_pow_closed by blast
+ have 15: "a[^] (deg Q\<^sub>p p) \<in> \<O>\<^sub>p"
+ using assms(3) val_ring_nat_pow_closed by blast
+ have 16: "(ltrm p \<bullet> b) \<in> \<O>\<^sub>p"
+ by (simp add: "10" "13" "14" val_ring_times_closed)
+ have 17: "to_Zp (ltrm p \<bullet> b) n = to_Zp (p (deg Q\<^sub>p p)) n \<otimes>\<^bsub>Zp_res_ring n\<^esub> to_Zp (b[^] (deg Q\<^sub>p p)) n"
+ using 10 13 14 15 16 assms residue_of_prod to_Zp_mult by presburger
+ have 18: "(ltrm p \<bullet> a) \<in> \<O>\<^sub>p"
+ by (simp add: "11" "15" A(3) val_ring_times_closed)
+ have 19: "to_Zp (ltrm p \<bullet> a) n = to_Zp (p (deg Q\<^sub>p p)) n \<otimes>\<^bsub>Zp_res_ring n\<^esub> to_Zp (a[^] (deg Q\<^sub>p p)) n"
+ using 10 13 14 15 16 17 18 assms residue_of_prod to_Zp_mult 11 by presburger
+ show ?thesis using 12 17 19 by presburger
+ qed
+ have 2: "p (deg Q\<^sub>p p) \<in> \<O>\<^sub>p"
+ using A(3) by blast
+ have 3: "(ltrm p \<bullet> b) \<in> \<O>\<^sub>p"
+ using 2 assms
+ by (metis A(1) Q\<^sub>p_def val_ring_memE val_ring_memE UPQ.ltrm_closed Zp_def \<iota>_def
+ gauss_norm_monom padic_fields.positive_gauss_norm_eval padic_fields_axioms)
+ have 4: "(ltrm p \<bullet> a) \<in> \<O>\<^sub>p"
+ using 2 assms
+ by (metis A(1) Q\<^sub>p_def val_ring_memE val_ring_memE UPQ.ltrm_closed Zp_def \<iota>_def
+ gauss_norm_monom padic_fields.positive_gauss_norm_eval padic_fields_axioms)
+ have 5: "(q \<bullet> b) \<in> \<O>\<^sub>p"
+ using \<open>\<forall>x. q x \<in> \<O>\<^sub>p\<close> assms(4) q_def
+ by (metis gauss_norm_coeff_norm positive_gauss_norm_eval val_ring_memE(1))
+ have 6: "(q \<bullet> a) \<in> \<O>\<^sub>p"
+ using \<open>\<forall>x. q x \<in> \<O>\<^sub>p\<close> assms(3) q_def
+ by (metis gauss_norm_coeff_norm positive_gauss_norm_eval val_ring_memE(1))
+ have 7: "to_Zp (p \<bullet> b) = to_Zp (ltrm p \<bullet> b) \<oplus>\<^bsub>Z\<^sub>p\<^esub> to_Zp (q \<bullet> b)"
+ using 5 3 q_def by (metis (no_types, lifting) A(1) val_ring_memE UPQ.ltrm_closed UPQ.to_fun_plus add_comm assms(4) to_Zp_add)
+ have 8: "to_Zp (p \<bullet> a) = to_Zp (ltrm p \<bullet> a) \<oplus>\<^bsub>Z\<^sub>p\<^esub> to_Zp (q \<bullet> a)"
+ using 4 6 q_def by (metis (no_types, lifting) A(1) val_ring_memE UPQ.ltrm_closed UPQ.to_fun_plus add_comm assms(3) to_Zp_add)
+ have 9: "to_Zp (p \<bullet> b) \<in> carrier Z\<^sub>p"
+ using A assms by (meson val_ring_memE UPQ.to_fun_closed to_Zp_closed)
+ have 10: "to_Zp (p \<bullet> a) \<in> carrier Z\<^sub>p"
+ using A assms val_ring_memE UPQ.to_fun_closed to_Zp_closed by presburger
+ have 11: "to_Zp (p \<bullet> b) n = to_Zp (ltrm p \<bullet> b) n \<oplus>\<^bsub>Zp_res_ring n\<^esub> to_Zp (q \<bullet> b) n"
+ using 7 9 5 3 residue_of_sum by presburger
+ have 12: "to_Zp (p \<bullet> a) n = to_Zp (ltrm p \<bullet> a) n \<oplus>\<^bsub>Zp_res_ring n\<^esub> to_Zp (q \<bullet> a) n"
+ using 8 6 4 residue_of_sum by presburger
+ show ?thesis using 0 11 12 q_def assms
+ using "1" by presburger
+ qed
+ qed
+ qed
+ have "(\<forall>x. g x \<in> \<O>\<^sub>p) "
+ using assms by blast
+ hence 0: "to_Zp (g \<bullet> b) n = to_Zp (g \<bullet> a) n"
+ using \<open>(\<forall>x. g x \<in> \<O>\<^sub>p) \<longrightarrow> to_Zp (g \<bullet> b) n = to_Zp (g \<bullet> a) n\<close> by blast
+ have 1: "g \<bullet> a \<in> \<O>\<^sub>p"
+ using assms(1) assms(2) assms(3)
+ by (metis gauss_norm_coeff_norm positive_gauss_norm_eval val_ring_memE(1))
+ have 2: "g \<bullet> b \<in> \<O>\<^sub>p"
+ using assms(1) assms(2) assms(4)
+ by (metis gauss_norm_coeff_norm positive_gauss_norm_eval val_ring_memE(1))
+ have 3: "val (g \<bullet> b) < eint n"
+ proof-
+ have P0: "to_Zp (g \<bullet> a) \<in> carrier Z\<^sub>p"
+ using 1 val_ring_memE to_Zp_closed by blast
+ have P1: "to_Zp (g \<bullet> b) \<in> carrier Z\<^sub>p"
+ using 2 val_ring_memE to_Zp_closed by blast
+ have P2: "val_Zp (to_Zp (g \<bullet> a)) < n"
+ using 1 assms to_Zp_val by presburger
+ have P3: "to_Zp (g \<bullet> a) \<noteq> \<zero>\<^bsub>Z\<^sub>p\<^esub>"
+ using P2 P0 unfolding val_Zp_def by (metis P2 infinity_ilessE val_Zp_def)
+ have P4: "(to_Zp (g \<bullet> a)) n \<noteq> 0"
+ using 1 P2 P3 above_ord_nonzero[of "to_Zp (g \<bullet> a)" n]
+ by (metis P0 eint.inject less_eintE val_ord_Zp)
+ then have "to_Zp (g \<bullet> b) n \<noteq> 0"
+ using 0 by linarith
+ then have "val_Zp (to_Zp (g \<bullet> b)) < n"
+ using P1 P0
+ by (smt below_val_Zp_zero eint_ile eint_ord_simps(1) eint_ord_simps(2) nonzero_imp_ex_nonzero_res residue_of_zero(2) zero_below_val_Zp)
+ then show ?thesis using 2
+ by (metis to_Zp_val)
+ qed
+ thus ?thesis using 0 1 2 assms val_ring_equal_res_imp_equal_val[of "g \<bullet> b" "g \<bullet> a" n] by blast
+qed
+
+lemma to_Zp_poly_monom:
+ assumes "a \<in> \<O>\<^sub>p"
+ shows "to_Zp_poly (monom (UP Q\<^sub>p) a n) = monom (UP Z\<^sub>p) (to_Zp a) n"
+ unfolding to_Zp_poly_def
+ apply(rule ext)
+ using assms cfs_monom[of a n] Zp.cfs_monom[of "to_Zp a" n]
+ by (simp add: to_Zp_closed to_Zp_zero val_ring_memE(2))
+
+lemma to_Zp_poly_add:
+ assumes "f \<in> carrier (UP Q\<^sub>p)"
+ assumes "gauss_norm f \<ge> 0"
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ assumes "gauss_norm g \<ge> 0"
+ shows "to_Zp_poly (f \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> g) = to_Zp_poly f \<oplus>\<^bsub>UP Z\<^sub>p\<^esub> to_Zp_poly g"
+proof-
+ obtain F where F_def: "F = to_Zp_poly f"
+ by blast
+ obtain G where G_def: "G = to_Zp_poly g"
+ by blast
+ have F_closed: "F \<in> carrier (UP Z\<^sub>p)"
+ unfolding F_def using assms
+ by (simp add: to_Zp_poly_closed)
+ have G_closed: "G \<in> carrier (UP Z\<^sub>p)"
+ unfolding G_def using assms
+ by (simp add: to_Zp_poly_closed)
+ have F_inc: "poly_inc F = f"
+ using assms unfolding F_def
+ using poly_inc_inverse_left by blast
+ have G_inc: "poly_inc G = g"
+ using assms unfolding G_def
+ by (simp add: poly_inc_inverse_left)
+ have 0: "poly_inc (F \<oplus>\<^bsub>UP Z\<^sub>p\<^esub> G) = poly_inc F \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> poly_inc G"
+ using F_closed G_closed
+ by (simp add: poly_inc_plus)
+ have 1: "to_Zp_poly (poly_inc (F \<oplus>\<^bsub>UP Z\<^sub>p\<^esub> G)) = F \<oplus>\<^bsub>UP Z\<^sub>p\<^esub> G"
+ using G_closed F_closed
+ by (simp add: poly_inc_inverse_right)
+ show ?thesis
+ using 1 unfolding F_inc G_inc 0 unfolding F_def G_def
+ by blast
+qed
+
+lemma to_Zp_poly_zero:
+"to_Zp_poly (\<zero>\<^bsub>UP Q\<^sub>p\<^esub>) = \<zero>\<^bsub>UP Z\<^sub>p\<^esub>"
+ unfolding to_Zp_poly_def
+ apply(rule ext)
+ by (simp add: to_Zp_zero)
+
+lemma to_Zp_poly_one:
+"to_Zp_poly (\<one>\<^bsub>UP Q\<^sub>p\<^esub>) = \<one>\<^bsub>UP Z\<^sub>p\<^esub>"
+ unfolding to_Zp_poly_def
+ apply(rule ext)
+ by (metis Zp.UP_one_closed poly_inc_inverse_right poly_inc_one to_Zp_poly_def)
+
+lemma val_ring_add_pow:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "val a \<ge> 0"
+ shows "val ([(n::nat)]\<cdot>a) \<ge> 0"
+proof-
+ have 0: "[(n::nat)]\<cdot>a = ([n]\<cdot>\<one>)\<otimes>a"
+ using assms Qp.add_pow_ldistr Qp.cring_simprules(12) Qp.one_closed by presburger
+ show ?thesis unfolding 0 using assms
+ by (meson Qp.nat_inc_closed val_ring_memE val_of_nat_inc val_ringI val_ring_times_closed)
+qed
+
+lemma to_Zp_poly_pderiv:
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ assumes "gauss_norm g \<ge> 0"
+ shows "to_Zp_poly (pderiv g) = Zp.pderiv (to_Zp_poly g)"
+proof-
+ have 0: "gauss_norm g \<ge> 0 \<longrightarrow> to_Zp_poly (pderiv g) = Zp.pderiv (to_Zp_poly g)"
+ proof(rule poly_induct, rule assms, rule)
+ fix p
+ assume A: " p \<in> carrier (UP Q\<^sub>p)"
+ "deg Q\<^sub>p p = 0"
+ "0 \<le> gauss_norm p"
+ obtain a where a_def: "a \<in> \<O>\<^sub>p \<and> p = monom (UP Q\<^sub>p) a 0"
+ using A
+ by (metis UPQ.ltrm_deg_0 positive_gauss_norm_valuation_ring_coeffs)
+ have p_eq: "p = monom (UP Q\<^sub>p) a 0"
+ using a_def by blast
+ have 0: "to_Zp_poly p = monom (UP Z\<^sub>p) (to_Zp a) 0"
+ unfolding p_eq
+ apply(rule to_Zp_poly_monom)
+ using a_def by blast
+ have 1: "UPQ.pderiv (monom (UP Q\<^sub>p) a 0) = \<zero>\<^bsub>UP Q\<^sub>p\<^esub>"
+ using A(1) A(2) UPQ.pderiv_deg_0 p_eq by blast
+ have 2: "Zp.pderiv (monom (UP Z\<^sub>p) (to_Zp a) 0) = \<zero>\<^bsub>UP Z\<^sub>p\<^esub>"
+ apply(rule Zp.pderiv_deg_0)
+ apply(rule Zp.monom_closed, rule to_Zp_closed)
+ using a_def
+ apply (simp add: val_ring_memE(2); fail)
+ apply(cases "to_Zp a = \<zero>\<^bsub>Z\<^sub>p\<^esub>")
+ apply (simp; fail)
+ apply(rule Zp.deg_monom, blast)
+ using a_def
+ by (simp add: to_Zp_closed val_ring_memE(2))
+ show "to_Zp_poly (UPQ.pderiv p) = Zp.pderiv (to_Zp_poly p)"
+ unfolding 0 unfolding p_eq
+ unfolding 1 2 to_Zp_poly_zero by blast
+ next
+ fix p
+ assume A: "\<And>q. q \<in> carrier (UP Q\<^sub>p) \<Longrightarrow>
+ deg Q\<^sub>p q < deg Q\<^sub>p p \<Longrightarrow>
+ 0 \<le> gauss_norm q \<longrightarrow>
+ to_Zp_poly (UPQ.pderiv q) = Zp.pderiv (to_Zp_poly q)"
+ "p \<in> carrier (UP Q\<^sub>p)"
+ " 0 < deg Q\<^sub>p p"
+ show "0 \<le> gauss_norm p \<longrightarrow> to_Zp_poly (UPQ.pderiv p) = Zp.pderiv (to_Zp_poly p)"
+ proof
+ assume B: "0 \<le> gauss_norm p"
+ obtain q where q_def: "q = trunc p"
+ by blast
+ have p_eq: "p = q \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> ltrm p"
+ by (simp add: A(2) UPQ.trunc_simps(1) q_def)
+ have q_gauss_norm: "gauss_norm q \<ge> 0"
+ unfolding q_def
+ apply(rule gauss_norm_geqI)
+ using A apply (simp add: UPQ.trunc_closed; fail)
+ using trunc_cfs[of p] A gauss_normE
+ proof -
+ fix n :: nat
+ have f1: "\<zero> = q (deg Q\<^sub>p p)"
+ by (simp add: UPQ.deg_leE UPQ.trunc_closed UPQ.trunc_degree \<open>0 < deg Q\<^sub>p p\<close> \<open>p \<in> carrier (UP Q\<^sub>p)\<close> q_def)
+ have "\<forall>n. 0 \<le> val (p n)"
+ by (meson B \<open>p \<in> carrier (UP Q\<^sub>p)\<close> eint_ord_trans gauss_normE)
+ then show "0 \<le> val (Cring_Poly.truncate Q\<^sub>p p n)"
+ using f1 by (metis (no_types) Qp.nat_mult_zero UPQ.ltrm_closed UPQ.coeff_of_sum_diff_degree0 UPQ.deg_ltrm UPQ.trunc_closed \<open>\<And>n. \<lbrakk>p \<in> carrier (UP Q\<^sub>p); n < deg Q\<^sub>p p\<rbrakk> \<Longrightarrow> Cring_Poly.truncate Q\<^sub>p p n = p n\<close> \<open>p \<in> carrier (UP Q\<^sub>p)\<close> nat_neq_iff p_eq q_def val_of_nat_inc)
+ qed
+ have 0: "to_Zp_poly (UPQ.pderiv q) = Zp.pderiv (to_Zp_poly q)"
+ using A q_def q_gauss_norm
+ by (simp add: UPQ.trunc_closed UPQ.trunc_degree)
+ have 1: "UPQ.pderiv (monom (UP Q\<^sub>p) (p (deg Q\<^sub>p p)) (deg Q\<^sub>p p)) =
+ monom (UP Q\<^sub>p) ([deg Q\<^sub>p p] \<cdot> p (deg Q\<^sub>p p)) (deg Q\<^sub>p p - 1)"
+ apply(rule pderiv_monom)
+ using A by (simp add: UPQ.UP_car_memE(1))
+ have 2: "Zp.pderiv (monom (UP Z\<^sub>p) (to_Zp (p (deg Q\<^sub>p p))) (deg Q\<^sub>p p)) =
+ monom (UP Z\<^sub>p) ([deg Q\<^sub>p p] \<cdot>\<^bsub>Z\<^sub>p\<^esub> to_Zp ( p (deg Q\<^sub>p p))) (deg Q\<^sub>p p - 1)"
+ using A Zp.pderiv_monom[of "to_Zp ( p (deg Q\<^sub>p p))" "deg Q\<^sub>p p"]
+ by (simp add: UPQ.lcf_closed to_Zp_closed)
+ have 3: "to_Zp_poly (UPQ.pderiv (monom (UP Q\<^sub>p) (p (deg Q\<^sub>p p)) (deg Q\<^sub>p p))) = monom (UP Z\<^sub>p) (to_Zp ([deg Q\<^sub>p p] \<cdot> p (deg Q\<^sub>p p))) (deg Q\<^sub>p p - 1)"
+ unfolding 1 apply(rule to_Zp_poly_monom)
+ apply(rule val_ring_memI)
+ apply (simp add: A(2) UPQ.UP_car_memE(1); fail)
+ apply(rule val_ring_add_pow)
+ using A
+ apply (simp add: UPQ.lcf_closed; fail)
+ using B A
+ by (simp add: positive_gauss_norm_valuation_ring_coeffs val_ring_memE(1))
+ have 4: "to_Zp_poly (ltrm p) = monom (UP Z\<^sub>p) (to_Zp (p (deg Q\<^sub>p p))) (deg Q\<^sub>p p)"
+ apply(rule to_Zp_poly_monom) using A
+ by (simp add: B positive_gauss_norm_valuation_ring_coeffs)
+ have 5: "to_Zp_poly (UPQ.pderiv (ltrm p)) = Zp.pderiv (to_Zp_poly (ltrm p))"
+ unfolding 3 4 2
+ by (simp add: A(2) B positive_gauss_norm_valuation_ring_coeffs to_Zp_nat_add_pow)
+ have 6: "pderiv p = pderiv q \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> pderiv (ltrm p)"
+ using p_eq
+ by (metis A(2) UPQ.ltrm_closed UPQ.pderiv_add UPQ.trunc_closed p_eq q_def)
+ have 7: "to_Zp_poly p = to_Zp_poly q \<oplus>\<^bsub>UP Z\<^sub>p\<^esub> to_Zp_poly (ltrm p)"
+ using p_eq
+ by (metis (no_types, lifting) A(2) B UPQ.ltrm_closed UPQ.cfs_closed UPQ.trunc_closed gauss_norm_monom positive_gauss_norm_valuation_ring_coeffs q_def q_gauss_norm to_Zp_poly_add val_ring_memE(1))
+ have 8: "to_Zp_poly (pderiv p) =
+ to_Zp_poly (UPQ.pderiv q) \<oplus>\<^bsub>UP Z\<^sub>p\<^esub>
+ to_Zp_poly (UPQ.pderiv (monom (UP Q\<^sub>p) (p (deg Q\<^sub>p p)) (deg Q\<^sub>p p)))"
+ unfolding 6 apply(rule to_Zp_poly_add)
+ apply (simp add: A(2) UPQ.pderiv_closed UPQ.trunc_closed q_def; fail)
+ apply (metis A(2) UPQ.cfs_closed UPQ.pderiv_cfs UPQ.trunc_closed gauss_norm_coeff_norm positive_gauss_norm_valuation_ring_coeffs q_def q_gauss_norm val_ring_add_pow val_ring_memE(1))
+ apply (simp add: A(2) UPQ.UP_car_memE(1) UPQ.pderiv_closed; fail)
+ apply(rule eint_ord_trans[of _ "gauss_norm (monom (UP Q\<^sub>p) (p (deg Q\<^sub>p p)) (deg Q\<^sub>p p))"])
+ apply (simp add: A(2) B UPQ.cfs_closed gauss_norm_monom positive_gauss_norm_valuation_ring_coeffs val_ring_memE(1); fail)
+ apply(rule gauss_norm_pderiv)
+ using A(2) UPQ.ltrm_closed by blast
+ have 9: "Zp.pderiv (to_Zp_poly p) = Zp.pderiv (to_Zp_poly q) \<oplus>\<^bsub>UP Z\<^sub>p\<^esub>
+ Zp.pderiv (to_Zp_poly (monom (UP Q\<^sub>p) (p (deg Q\<^sub>p p)) (deg Q\<^sub>p p)))"
+ unfolding 7 apply(rule Zp.pderiv_add)
+ apply(rule to_Zp_poly_closed)
+ apply (simp add: A(2) UPQ.trunc_closed q_def; fail)
+ apply (simp add: q_gauss_norm; fail)
+ apply(rule to_Zp_poly_closed)
+ apply (simp add: A(2) UPQ.UP_car_memE(1); fail)
+ by (simp add: A(2) B UPQ.cfs_closed gauss_norm_monom positive_gauss_norm_valuation_ring_coeffs val_ring_memE(1))
+ show "to_Zp_poly (UPQ.pderiv p) = Zp.pderiv (to_Zp_poly p)"
+ unfolding 9 8 5 0 by blast
+ qed
+ qed
+ thus ?thesis using assms by blast
+qed
+
+lemma val_p_int_pow:
+"val (\<pp>[^]k) = eint (k)"
+ by (simp add: ord_p_pow_int p_intpow_closed(2))
+
+definition int_gauss_norm where
+"int_gauss_norm g = (SOME n::int. eint n = gauss_norm g)"
+
+lemma int_gauss_norm_eq:
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ assumes "g \<noteq> \<zero>\<^bsub>UP Q\<^sub>p\<^esub>"
+ shows "eint (int_gauss_norm g) = gauss_norm g"
+proof-
+ have 0: "gauss_norm g < \<infinity>"
+ using assms by (simp add: gauss_norm_prop)
+ then show ?thesis unfolding int_gauss_norm_def
+ using assms
+ by fastforce
+qed
+
+lemma int_gauss_norm_smult:
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ assumes "g \<noteq> \<zero>\<^bsub>UP Q\<^sub>p\<^esub>"
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "int_gauss_norm (a \<odot>\<^bsub>UP Q\<^sub>p\<^esub> g) = ord a + int_gauss_norm g"
+ using gauss_norm_smult[of g a] int_gauss_norm_eq val_ord assms
+ by (metis (no_types, opaque_lifting) Qp.nonzero_closed UPQ.UP_smult_closed UPQ.cfs_zero
+ eint.distinct(2) eint.inject gauss_norm_coeff_norm local.val_zero plus_eint_simps(1))
+
+definition normalize_poly where
+"normalize_poly g = (if g = \<zero>\<^bsub>UP Q\<^sub>p\<^esub> then g else (\<pp>[^](- int_gauss_norm g)) \<odot>\<^bsub>Q\<^sub>p_x\<^esub> g)"
+
+lemma normalize_poly_zero:
+"normalize_poly \<zero>\<^bsub>UP Q\<^sub>p\<^esub> = \<zero>\<^bsub>UP Q\<^sub>p\<^esub>"
+ unfolding normalize_poly_def by simp
+
+lemma normalize_poly_nonzero_eq:
+ assumes "g \<noteq> \<zero>\<^bsub>UP Q\<^sub>p\<^esub>"
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ shows "normalize_poly g = (\<pp>[^](- int_gauss_norm g)) \<odot>\<^bsub>UP Q\<^sub>p\<^esub> g"
+ using assms unfolding normalize_poly_def by simp
+
+lemma int_gauss_norm_normalize_poly:
+ assumes "g \<noteq> \<zero>\<^bsub>UP Q\<^sub>p\<^esub>"
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ shows "int_gauss_norm (normalize_poly g) = 0"
+ using normalize_poly_nonzero_eq int_gauss_norm_smult assms
+ by (simp add: ord_p_pow_int p_intpow_closed(2))
+
+lemma normalize_poly_closed:
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ shows "normalize_poly g \<in> carrier (UP Q\<^sub>p)"
+ using assms unfolding normalize_poly_def
+ by (simp add: p_intpow_closed(1))
+
+lemma normalize_poly_nonzero:
+ assumes "g \<noteq> \<zero>\<^bsub>UP Q\<^sub>p\<^esub>"
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ shows "normalize_poly g \<noteq> \<zero>\<^bsub>UP Q\<^sub>p\<^esub>"
+ using assms normalize_poly_nonzero_eq
+ by (metis (no_types, lifting) UPQ.UP_smult_one UPQ.module_axioms UPQ.smult_r_null module.smult_assoc1 p_intpow_closed(1) p_intpow_inv')
+
+lemma gauss_norm_normalize_poly:
+ assumes "g \<noteq> \<zero>\<^bsub>UP Q\<^sub>p\<^esub>"
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ shows "gauss_norm (normalize_poly g) = 0"
+proof-
+ have 0: "eint (int_gauss_norm (normalize_poly g)) = gauss_norm (normalize_poly g)"
+ by(rule int_gauss_norm_eq, rule normalize_poly_closed, rule assms,
+ rule normalize_poly_nonzero, rule assms, rule assms)
+ show ?thesis
+ using 0 int_gauss_norm_normalize_poly assms
+ by (simp add: zero_eint_def)
+qed
+
+lemma taylor_term_eval_eq:
+ assumes "f \<in> carrier (UP Q\<^sub>p)"
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "t \<in> carrier Q\<^sub>p"
+ assumes "\<And>j. i \<noteq> j \<Longrightarrow> val (UPQ.taylor_term x f i \<bullet> t) < val (UPQ.taylor_term x f j \<bullet> t) "
+ shows "val (f \<bullet> t) = val (UPQ.taylor_term x f i \<bullet> t)"
+proof-
+ have 0: "f = finsum (UP Q\<^sub>p) (UPQ.taylor_term x f) {..deg Q\<^sub>p f}"
+ by(rule UPQ.taylor_term_sum[of f "deg Q\<^sub>p f" x], rule assms, blast, rule assms)
+ show ?thesis
+ proof(cases "i \<in> {..deg Q\<^sub>p f}")
+ case True
+ have T0: "finsum (UP Q\<^sub>p) (UPQ.taylor_term x f) {..deg Q\<^sub>p f} = UPQ.taylor_term x f i \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> finsum (UP Q\<^sub>p) (UPQ.taylor_term x f) ({..deg Q\<^sub>p f} - {i})"
+ apply(rule UPQ.P.finsum_remove[of "{..deg Q\<^sub>p f}" "UPQ.taylor_term x f" i])
+ by(rule UPQ.taylor_term_closed, rule assms, rule assms, blast, rule True)
+ have T1: "f = UPQ.taylor_term x f i \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> finsum (UP Q\<^sub>p) (UPQ.taylor_term x f) ({..deg Q\<^sub>p f} - {i})"
+ using 0 T0 by metis
+ have T2: "finsum (UP Q\<^sub>p) (UPQ.taylor_term x f) ({..deg Q\<^sub>p f} - {i}) \<in> carrier (UP Q\<^sub>p)"
+ apply(rule UPQ.P.finsum_closed)
+ using UPQ.taylor_term_closed assms(1) assms(2) by blast
+ have T3: "UPQ.taylor_term x f i \<in> carrier (UP Q\<^sub>p)"
+ by(rule UPQ.taylor_term_closed, rule assms, rule assms )
+ obtain g where g_def: "g = f"
+ by blast
+ have T4: "g = UPQ.taylor_term x f i \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> finsum (UP Q\<^sub>p) (UPQ.taylor_term x f) ({..deg Q\<^sub>p f} - {i})"
+ unfolding g_def by(rule T1)
+ have g_closed: "g \<in> carrier (UP Q\<^sub>p)"
+ unfolding g_def by(rule assms)
+ have T5: "g \<bullet> t = UPQ.taylor_term x f i \<bullet> t \<oplus> ( finsum (UP Q\<^sub>p) (UPQ.taylor_term x f) ({..deg Q\<^sub>p f} - {i})) \<bullet> t"
+ unfolding T4 by(rule UPQ.to_fun_plus, rule T2, rule T3, rule assms)
+ have T6: "( finsum (UP Q\<^sub>p) (UPQ.taylor_term x f) ({..deg Q\<^sub>p f} - {i})) \<bullet> t =
+ ( finsum Q\<^sub>p (\<lambda>i. UPQ.taylor_term x f i \<bullet> t) ({..deg Q\<^sub>p f} - {i}))"
+ apply(rule UPQ.to_fun_finsum, blast)
+ using assms UPQ.taylor_term_closed apply blast
+ using assms by blast
+ have T7: "\<And>j. j \<in> {..deg Q\<^sub>p f} - {i} \<Longrightarrow> val (UPQ.taylor_term x f j \<bullet> t) > val (UPQ.taylor_term x f i \<bullet> t)"
+ using assms by (metis Diff_iff singletonI)
+ have T8: "val (( finsum (UP Q\<^sub>p) (UPQ.taylor_term x f) ({..deg Q\<^sub>p f} - {i})) \<bullet> t) > val (UPQ.taylor_term x f i \<bullet> t)"
+ unfolding T6
+ apply(rule finsum_val_ultrametric'')
+ using UPQ.taylor_term_closed assms
+ apply (metis (no_types, lifting) Pi_I UPQ.to_fun_closed)
+ apply blast
+ using assms T7 apply blast
+ using assms(4)[of "Suc i"] using eint_ord_simps(4)
+ assms(4) eint_ord_code(6) g_def gr_implies_not_zero less_one by smt
+ have T9: "val (g \<bullet> t) = val (UPQ.taylor_term x f i \<bullet> t)"
+ unfolding T5 using T8 T2 T3
+ by (metis (no_types, lifting) Qp.add.m_comm UPQ.to_fun_closed assms(3) val_ultrametric_noteq)
+ show ?thesis using T9 unfolding g_def by blast
+ next
+ case False
+ have "i > deg Q\<^sub>p f"
+ using False by simp
+ hence "i > deg Q\<^sub>p (UPQ.taylor x f)"
+ using assms UPQ.taylor_deg by presburger
+ hence F0: "UPQ.taylor x f i = \<zero>"
+ using assms UPQ.taylor_closed UPQ.deg_leE by blast
+ have F1: "(UPQ.taylor_term x f i \<bullet> t) = \<zero>"
+ using UPQ.to_fun_taylor_term[of f t x i]
+ unfolding F0
+ using assms Qp.cring_simprules(2) Qp.cring_simprules(4) Qp.integral_iff Qp.nat_pow_closed by presburger
+ show ?thesis
+ using assms(4)[of "Suc i"] unfolding F1
+ by (metis eint_ord_code(6) local.val_zero n_not_Suc_n)
+ qed
+qed
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Hensel's Lemma for \<open>p\<close>-adic fields\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+theorem hensels_lemma:
+ assumes "f \<in> carrier (UP Q\<^sub>p)"
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "gauss_norm f \<ge> 0"
+ assumes "val (f\<bullet>a) > 2*val ((pderiv f)\<bullet>a)"
+ shows "\<exists>!\<alpha> \<in> \<O>\<^sub>p. f\<bullet>\<alpha> = \<zero> \<and> val (a \<ominus> \<alpha>) > val ((pderiv f)\<bullet>a)"
+proof-
+ have a_closed: "a \<in> carrier Q\<^sub>p"
+ using assms val_ring_memE by auto
+ have f_nonzero: "f \<noteq> \<zero>\<^bsub>UP Q\<^sub>p\<^esub>"
+ proof(rule ccontr)
+ assume N: "\<not> f \<noteq> \<zero>\<^bsub>UP Q\<^sub>p\<^esub>"
+ then have 0: "pderiv f = \<zero>\<^bsub>UP Q\<^sub>p\<^esub>"
+ using UPQ.deg_zero UPQ.pderiv_deg_0 by blast
+ have 1: "f = \<zero>\<^bsub>UP Q\<^sub>p\<^esub>"
+ using N by auto
+ have 2: "eint 2 * val (UPQ.pderiv \<zero>\<^bsub>UP Q\<^sub>p\<^esub> \<bullet> a) = \<infinity>"
+ by (simp add: UPQ.to_fun_zero local.a_closed local.val_zero)
+ show False using assms a_closed
+ unfolding 2 1
+ using eint_ord_simps(6) by blast
+ qed
+ obtain h where h_def: "h = to_Zp_poly f"
+ by blast
+ have h_closed: "h \<in> carrier (UP Z\<^sub>p)"
+ unfolding h_def using assms
+ by (simp add: to_Zp_poly_closed)
+ have h_deriv: "Zp.pderiv h = to_Zp_poly (pderiv f)"
+ unfolding h_def
+ using to_Zp_poly_pderiv[of f] assms by auto
+ have 0: "to_Zp (f\<bullet>a) = to_function Z\<^sub>p h (to_Zp a)"
+ unfolding h_def
+ using assms a_closed
+ by (simp add: UPQ.to_fun_def to_Zp_poly_eval)
+ have 1: "to_Zp ((pderiv f)\<bullet>a) = to_function Z\<^sub>p (Zp.pderiv h) (to_Zp a)"
+ unfolding h_deriv
+ using assms a_closed UPQ.pderiv_closed UPQ.to_fun_def eint_ord_trans gauss_norm_pderiv to_Zp_poly_eval
+ by presburger
+ have 2: "val (f\<bullet>a) = val_Zp (to_function Z\<^sub>p h (to_Zp a))"
+ proof-
+ have 20: "f\<bullet>a \<in> \<O>\<^sub>p"
+ using assms positive_gauss_norm_eval by blast
+ have 21: "val (f\<bullet>a) = val_Zp (to_Zp (f\<bullet>a))"
+ using 20 by (simp add: to_Zp_val)
+ show ?thesis unfolding 21 0 by blast
+ qed
+ have 3: "val ((pderiv f)\<bullet>a) = val_Zp ( to_function Z\<^sub>p (Zp.pderiv h) (to_Zp a))"
+ proof-
+ have 30: "(pderiv f)\<bullet>a \<in> \<O>\<^sub>p"
+ using positive_gauss_norm_eval assms gauss_norm_pderiv
+ by (meson UPQ.pderiv_closed eint_ord_trans)
+ have 31: "val ((pderiv f)\<bullet>a) = val_Zp (to_Zp ((pderiv f)\<bullet>a))"
+ using 30 by (simp add: to_Zp_val)
+ show ?thesis unfolding 31 1 by blast
+ qed
+ have 4: "\<exists>!\<alpha>. \<alpha> \<in> carrier Z\<^sub>p \<and>
+ Zp.to_fun (to_Zp_poly f) \<alpha> = \<zero>\<^bsub>Z\<^sub>p\<^esub> \<and>
+ val_Zp (Zp.to_fun (Zp.pderiv (to_Zp_poly f)) (to_Zp a))
+ < val_Zp (to_Zp a \<ominus>\<^bsub>Z\<^sub>p\<^esub> \<alpha>)"
+ apply(rule hensels_lemma')
+ using h_closed h_def apply blast
+ using assms local.a_closed to_Zp_closed apply blast
+ using assms unfolding 2 3 h_def Zp.to_fun_def by blast
+ obtain \<alpha> where \<alpha>_def: "\<alpha> \<in> carrier Z\<^sub>p \<and>
+ Zp.to_fun (to_Zp_poly f) \<alpha> = \<zero>\<^bsub>Z\<^sub>p\<^esub> \<and>
+ val_Zp (Zp.to_fun (Zp.pderiv (to_Zp_poly f)) (to_Zp a))
+ < val_Zp (to_Zp a \<ominus>\<^bsub>Z\<^sub>p\<^esub> \<alpha>)
+ \<and> (\<forall>x. x \<in> carrier Z\<^sub>p \<and>
+ Zp.to_fun (to_Zp_poly f) x = \<zero>\<^bsub>Z\<^sub>p\<^esub> \<and>
+ val_Zp (Zp.to_fun (Zp.pderiv (to_Zp_poly f)) (to_Zp a))
+ < val_Zp (to_Zp a \<ominus>\<^bsub>Z\<^sub>p\<^esub> x) \<longrightarrow> x = \<alpha>)"
+ using 4 by blast
+ obtain \<beta> where \<beta>_def: "\<beta> = \<iota> \<alpha>"
+ by blast
+ have \<beta>_closed: "\<beta> \<in> \<O>\<^sub>p"
+ using \<alpha>_def unfolding \<beta>_def by simp
+ have 5: "(Zp.to_fun (to_Zp_poly f) \<alpha>) = to_Zp (f\<bullet>\<beta>)"
+ using \<beta>_closed to_Zp_poly_eval[of f \<beta>] assms
+ unfolding \<beta>_def UPQ.to_fun_def
+ by (simp add: Zp.to_fun_def \<alpha>_def inc_to_Zp)
+ have 6: "to_Zp (f\<bullet>\<beta>) = \<zero>\<^bsub>Z\<^sub>p\<^esub>"
+ using 5 \<alpha>_def by auto
+ have \<beta>_closed: "\<beta> \<in> \<O>\<^sub>p"
+ unfolding \<beta>_def using \<alpha>_def by simp
+ have 7: "(f\<bullet>\<beta>) = \<zero>"
+ using 6 assms unfolding \<beta>_def
+ by (metis \<beta>_closed \<beta>_def inc_of_zero positive_gauss_norm_eval to_Zp_inc)
+ have 8: "\<alpha> = to_Zp \<beta>"
+ unfolding \<beta>_def using \<alpha>_def
+ by (simp add: inc_to_Zp)
+ have 9: "to_Zp a \<ominus>\<^bsub>Z\<^sub>p\<^esub> \<alpha> = to_Zp (a \<ominus> \<beta>)"
+ unfolding 8 using assms(2) \<beta>_closed
+ by (simp add: to_Zp_minus)
+ have 10: "val (a \<ominus> \<beta>) = val_Zp (to_Zp a \<ominus>\<^bsub>Z\<^sub>p\<^esub> \<alpha>)"
+ unfolding 9 using \<beta>_closed assms(2)
+ to_Zp_val val_ring_minus_closed by presburger
+ have 11: "val (a \<ominus> \<beta>) > val ((pderiv f)\<bullet>a)"
+ using \<alpha>_def unfolding 9 10 3 h_def
+ by (simp add: Zp.to_fun_def)
+ have 12: "\<beta> \<in> \<O>\<^sub>p \<and> f \<bullet> \<beta> = \<zero> \<and> val (UPQ.pderiv f \<bullet> a) < val (a \<ominus> \<beta>)"
+ using "11" "7" \<beta>_closed by linarith
+ have 13: "\<forall>x. x\<in> \<O>\<^sub>p \<and> f \<bullet> x = \<zero> \<and> val (UPQ.pderiv f \<bullet> a) < val (a \<ominus> x)
+ \<longrightarrow> x = \<beta>"
+ proof(rule, rule)
+ fix x assume A: "x \<in> \<O>\<^sub>p \<and> f \<bullet> x = \<zero> \<and> val (UPQ.pderiv f \<bullet> a) < val (a \<ominus> x)"
+ obtain y where y_def: "y = to_Zp x"
+ by blast
+ have y_closed: "y \<in> carrier Z\<^sub>p"
+ unfolding y_def using A
+ by (simp add: to_Zp_closed val_ring_memE(2))
+ have eval: "Zp.to_fun (to_Zp_poly f) y = \<zero>\<^bsub>Z\<^sub>p\<^esub>"
+ unfolding y_def using A assms
+ by (metis UPQ.to_fun_def Zp.to_fun_def to_Zp_poly_eval to_Zp_zero)
+ have 0: "to_Zp a \<ominus>\<^bsub>Z\<^sub>p\<^esub> y = to_Zp (a \<ominus> x)"
+ unfolding y_def using A assms
+ by (simp add: to_Zp_minus)
+ have q: " val_Zp (Zp.to_fun (Zp.pderiv (to_Zp_poly f)) (to_Zp a)) = val (UPQ.pderiv f \<bullet> a)"
+ by (simp add: "3" Zp.to_fun_def h_def)
+ have 1: "y \<in> carrier Z\<^sub>p \<and>
+ Zp.to_fun (to_Zp_poly f) y = \<zero>\<^bsub>Z\<^sub>p\<^esub> \<and>
+ val_Zp (Zp.to_fun (Zp.pderiv (to_Zp_poly f)) (to_Zp a))
+ < val_Zp (to_Zp a \<ominus>\<^bsub>Z\<^sub>p\<^esub> y)"
+ unfolding 0 eval Zp.to_fun_def h_def
+ apply(intro conjI y_closed)
+ using eval Zp.to_fun_def apply (simp; fail)
+ using A unfolding 0 eval Zp.to_fun_def h_def 3
+ using assms(2) to_Zp_val val_ring_minus_closed by presburger
+ have 2: "y = \<alpha>"
+ using 1 \<alpha>_def by blast
+ show "x = \<beta>"
+ using y_def unfolding 2 8 using A \<beta>_closed
+ by (metis to_Zp_inc)
+ qed
+ show "\<exists>!\<alpha>. \<alpha> \<in> \<O>\<^sub>p \<and> f \<bullet> \<alpha> = \<zero> \<and> val (UPQ.pderiv f \<bullet> a) < val (a \<ominus> \<alpha>)"
+ using 12 13 by metis
+qed
+
+lemma nth_root_poly_root_fixed:
+ assumes "(n::nat) > 1"
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "val (\<one> \<ominus>\<^bsub>Q\<^sub>p\<^esub> a) > 2* val ([n]\<cdot>\<one>)"
+ shows "(\<exists>! b \<in> \<O>\<^sub>p. (b[^]n) = a \<and> val (b \<ominus> \<one>) > val ([n]\<cdot>\<one>))"
+proof-
+ obtain f where f_def: "f = up_ring.monom (UP Q\<^sub>p) \<one> n \<ominus>\<^bsub>UP Q\<^sub>p\<^esub> up_ring.monom (UP Q\<^sub>p) a 0"
+ by blast
+ have f_closed: "f \<in> carrier (UP Q\<^sub>p)"
+ unfolding f_def apply(rule UPQ.P.ring_simprules)
+ apply (simp; fail) using assms
+ by (simp add: val_ring_memE(2))
+ have 0: "UPQ.pderiv (up_ring.monom (UP Q\<^sub>p) a 0) = \<zero>\<^bsub>UP Q\<^sub>p\<^esub>"
+ using assms
+ by (simp add: val_ring_memE(2))
+ have 1: "UPQ.pderiv (up_ring.monom (UP Q\<^sub>p) (\<one>) n) = (up_ring.monom (UP Q\<^sub>p) ([n]\<cdot>\<one>) (n-1)) "
+ using UPQ.pderiv_monom by blast
+ have 2: "up_ring.monom (UP Q\<^sub>p) \<one> n \<in> carrier (UP Q\<^sub>p)"
+ by simp
+ have 3: "up_ring.monom (UP Q\<^sub>p) a 0 \<in> carrier (UP Q\<^sub>p)"
+ using assms val_ring_memE by simp
+ have 4: "UPQ.pderiv f = up_ring.monom (UP Q\<^sub>p) ([n] \<cdot> \<one>) (n - 1) \<ominus>\<^bsub>UP Q\<^sub>p\<^esub> \<zero>\<^bsub>UP Q\<^sub>p\<^esub>"
+ using 2 3 assms val_ring_memE UPQ.pderiv_minus[of "up_ring.monom (UP Q\<^sub>p) \<one> n" "up_ring.monom (UP Q\<^sub>p) a 0"]
+ unfolding f_def 0 1 by blast
+ have 5: "UPQ.pderiv f = (up_ring.monom (UP Q\<^sub>p) ([n]\<cdot>\<one>) (n-1))"
+ unfolding 4 a_minus_def by simp
+ have a_closed: "a \<in> carrier Q\<^sub>p"
+ using assms val_ring_memE by blast
+ have 6: "UPQ.pderiv f \<bullet> \<one> = [n]\<cdot>\<one> \<otimes> \<one>[^](n-1)"
+ unfolding 5 using a_closed
+ by (simp add: UPQ.to_fun_monom)
+ have 7: "val (\<one> \<ominus>\<^bsub>Q\<^sub>p\<^esub> a) > val \<one>"
+ proof-
+ have "eint 2 * val ([n] \<cdot> \<one>) \<ge> 0"
+ by (meson eint_ord_trans eint_pos_int_times_ge val_of_nat_inc zero_less_numeral)
+ thus ?thesis
+ using assms unfolding val_one
+ by (simp add: Q\<^sub>p_def)
+ qed
+ hence 8: "val a = val \<one>"
+ using a_closed
+ by (metis Qp.cring_simprules(6) ultrametric_equal_eq')
+ have 9:"val (a [^] (n - 1)) = 0"
+ by (simp add: "8" local.a_closed val_zero_imp_val_pow_zero)
+ have 10: "val ([n]\<cdot>\<one> \<otimes> \<one>[^](n-1)) = val ([n]\<cdot>\<one>)"
+ unfolding val_one 9 by simp
+ have 11: "0 \<le> gauss_norm f"
+ proof-
+ have p0: "gauss_norm (up_ring.monom (UP Q\<^sub>p) \<one> n) \<ge> 0"
+ using gauss_norm_monom by simp
+ have p1: "gauss_norm (up_ring.monom (UP Q\<^sub>p) a 0) \<ge> 0"
+ using gauss_norm_monom assms val_ring_memE by simp
+ have p2: "min (gauss_norm (up_ring.monom (UP Q\<^sub>p) \<one> n)) (gauss_norm (up_ring.monom (UP Q\<^sub>p) a 0)) \<ge> 0"
+ using p0 p1 by simp
+ have p3: "0 \<le> gauss_norm
+ (up_ring.monom (UP Q\<^sub>p) \<one> n \<ominus>\<^bsub>UP Q\<^sub>p\<^esub> up_ring.monom (UP Q\<^sub>p) a 0)"
+ using gauss_norm_ultrametric'[of "up_ring.monom (UP Q\<^sub>p) \<one> n" "up_ring.monom (UP Q\<^sub>p) a 0"]
+ p2 "2" "3" eint_ord_trans by blast
+ show ?thesis using p3 unfolding f_def by simp
+ qed
+ have 12: "\<And>\<alpha>. \<alpha> \<in> \<O>\<^sub>p \<Longrightarrow> f \<bullet> \<alpha> = \<alpha>[^]n \<ominus> a"
+ unfolding f_def using a_closed
+ by (simp add: UPQ.to_fun_const UPQ.to_fun_diff UPQ.to_fun_monic_monom val_ring_memE(2))
+ have 13: "\<exists>!\<alpha>. \<alpha> \<in> \<O>\<^sub>p \<and> f \<bullet> \<alpha> = \<zero> \<and> val (UPQ.pderiv f \<bullet> \<one>) < val (\<one> \<ominus> \<alpha>)"
+ apply(rule hensels_lemma, rule f_closed, rule one_in_val_ring, rule 11)
+ unfolding 6 10
+ using a_closed assms 12[of \<one>] assms(3)
+ by (simp add: one_in_val_ring)
+ have 14: "\<And>\<alpha>. \<alpha> \<in> \<O>\<^sub>p \<Longrightarrow> \<alpha>[^]n = a \<longleftrightarrow> f \<bullet> \<alpha> = \<zero>"
+ unfolding f_def using a_closed 12 f_def val_ring_memE(2) by auto
+ have 15: "val (UPQ.pderiv f \<bullet> \<one>) = val ([n]\<cdot>\<one>)"
+ unfolding 6 10 by auto
+ have 16: "\<And>\<alpha>. \<alpha> \<in> \<O>\<^sub>p \<Longrightarrow> val (\<one> \<ominus> \<alpha>) = val (\<alpha> \<ominus> \<one>)"
+ proof-
+ have 17: "\<And>\<alpha>. \<alpha> \<in> \<O>\<^sub>p \<Longrightarrow> (\<one> \<ominus> \<alpha>) = \<ominus> (\<alpha> \<ominus> \<one>)"
+ using val_ring_memE
+ by (meson Qp.minus_a_inv Qp.one_closed)
+ show "\<And>\<alpha>. \<alpha> \<in> \<O>\<^sub>p \<Longrightarrow> val (\<one> \<ominus> \<alpha>) = val (\<alpha> \<ominus> \<one>)"
+ unfolding 17
+ using Qp.minus_closed Qp.one_closed val_minus val_ring_memE(2) by presburger
+ qed
+ show ?thesis using 13 unfolding 15 using 14 16 Qp.one_closed val_ring_memE(2) by metis
+qed
+
+lemma mod_zeroE:
+ assumes "(a::int) mod k = 0"
+ shows "\<exists>l. a = l*k"
+ using assms
+ using Groups.mult_ac(2) by blast
+
+lemma to_Zp_poly_closed':
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ assumes "\<And>i. g i \<in> \<O>\<^sub>p"
+ shows "to_Zp_poly g \<in> carrier (UP Z\<^sub>p)"
+proof(rule to_Zp_poly_closed)
+ show "g \<in> carrier (UP Q\<^sub>p)"
+ using assms(1) by blast
+ show "0 \<le> gauss_norm g"
+ proof-
+ have "\<And>i. val (g i) \<ge> 0"
+ using assms val_ring_memE by blast
+ thus ?thesis unfolding gauss_norm_def
+ by (metis gauss_norm_coeff_norm gauss_norm_def)
+ qed
+qed
+
+lemma to_Zp_poly_eval_to_Zp:
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ assumes "\<And>i. g i \<in> \<O>\<^sub>p"
+ assumes "a \<in> \<O>\<^sub>p"
+ shows "to_function Z\<^sub>p (to_Zp_poly g) (to_Zp a) = to_Zp (g \<bullet> a)"
+proof-
+ have "(\<forall>i. g i \<in> \<O>\<^sub>p) \<longrightarrow> to_function Z\<^sub>p (to_Zp_poly g) (to_Zp a) = to_Zp (g \<bullet> a)"
+ apply(rule UPQ.poly_induct[of g]) using assms apply blast
+ proof
+ fix p assume A: "p \<in> carrier (UP Q\<^sub>p)" "deg Q\<^sub>p p = 0" "\<forall>i. p i \<in> \<O>\<^sub>p"
+ obtain c where c_def: "c \<in> carrier Q\<^sub>p \<and> p = up_ring.monom (UP Q\<^sub>p) c 0"
+ using A by (metis UPQ.ltrm_deg_0 val_ring_memE(2))
+ have 0: "to_Zp_poly (up_ring.monom (UP Q\<^sub>p) c 0) = up_ring.monom (UP Z\<^sub>p) (to_Zp c) 0"
+ unfolding to_Zp_poly_def proof fix n show " to_Zp (up_ring.monom (UP Q\<^sub>p) c 0 n) = up_ring.monom (UP Z\<^sub>p) (to_Zp c) 0 n"
+ using UP_ring.cfs_monom[of Z\<^sub>p "to_Zp c" 0 n] UP_ring.cfs_monom[of Q\<^sub>p c 0 n] to_Zp_closed[of c ]
+ unfolding UP_ring_def
+ apply(cases "0 = n")
+ using UPQ.cfs_monom Zp.cfs_monom c_def apply presburger
+ using UPQ.cfs_monom Zp.cfs_monom c_def
+ using to_Zp_zero by presburger
+ qed
+ have p_eq: "p = up_ring.monom (UP Q\<^sub>p) c 0"
+ using c_def by blast
+ have 1: "(up_ring.monom (UP Q\<^sub>p) c 0 \<bullet> a) = c"
+ using UPQ.to_fun_to_poly[of c a] c_def assms val_ring_memE
+ unfolding to_polynomial_def by blast
+ show "to_function Z\<^sub>p (to_Zp_poly p) (to_Zp a) = to_Zp (p \<bullet> a)"
+ using c_def assms(3) val_ring_memE(2)[of a]
+ UP_cring.to_fun_to_poly[of Z\<^sub>p "to_Zp c" "to_Zp a"]
+ unfolding p_eq 0 1 Zp.to_fun_def to_polynomial_def
+ using Zp.UP_cring_axioms to_Zp_closed by blast
+ next
+ show "\<And>p. (\<And>q. q \<in> carrier (UP Q\<^sub>p) \<Longrightarrow>
+ deg Q\<^sub>p q < deg Q\<^sub>p p \<Longrightarrow> (\<forall>i. q i \<in> \<O>\<^sub>p) \<longrightarrow> to_function Z\<^sub>p (to_Zp_poly q) (to_Zp a) = to_Zp (q \<bullet> a)) \<Longrightarrow>
+ p \<in> carrier (UP Q\<^sub>p) \<Longrightarrow> 0 < deg Q\<^sub>p p \<Longrightarrow> (\<forall>i. p i \<in> \<O>\<^sub>p) \<longrightarrow> to_function Z\<^sub>p (to_Zp_poly p) (to_Zp a) = to_Zp (p \<bullet> a)"
+ proof fix p
+ assume A: "(\<And>q. q \<in> carrier (UP Q\<^sub>p) \<Longrightarrow>
+ deg Q\<^sub>p q < deg Q\<^sub>p p \<Longrightarrow> (\<forall>i. q i \<in> \<O>\<^sub>p) \<longrightarrow> to_function Z\<^sub>p (to_Zp_poly q) (to_Zp a) = to_Zp (q \<bullet> a))"
+ "p \<in> carrier (UP Q\<^sub>p)" "0 < deg Q\<^sub>p p" "\<forall>i. p i \<in> \<O>\<^sub>p"
+ show "to_function Z\<^sub>p (to_Zp_poly p) (to_Zp a) = to_Zp (p \<bullet> a)"
+ proof-
+ obtain q where q_def: "q = truncate Q\<^sub>p p"
+ by blast
+ have q_closed: "q \<in> carrier (UP Q\<^sub>p)"
+ unfolding q_def by(rule UPQ.trunc_closed, rule A)
+ obtain c where c_def: "c = UPQ.lcf p"
+ by blast
+ obtain n where n_def: "n = deg Q\<^sub>p p"
+ by blast
+ have 0: "p = q \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> up_ring.monom (UP Q\<^sub>p) c n"
+ unfolding c_def n_def q_def
+ using A(2) UPQ.trunc_simps(1) by blast
+ have 1: "up_ring.monom (UP Q\<^sub>p) c n \<in> carrier (UP Q\<^sub>p)"
+ using A(2) UPQ.ltrm_closed c_def n_def by blast
+ have 2: "p \<bullet> a = q \<bullet> a \<oplus> (c \<otimes> a[^]n)"
+ unfolding 0 using assms val_ring_memE
+ by (metis "1" A(4) UPQ.to_fun_monom UPQ.to_fun_plus c_def q_closed)
+ have 3: "\<And>i. i < n \<Longrightarrow> q i = p i"
+ unfolding n_def q_def
+ using A(2) UPQ.trunc_cfs by blast
+ have 4: "deg Q\<^sub>p q < n"
+ unfolding n_def q_def using A
+ using UPQ.trunc_degree by presburger
+ have 5: "\<And>i. i \<ge> n \<Longrightarrow> i > deg Q\<^sub>p q"
+ using A[of ] less_le_trans[of "deg Q\<^sub>p q" "deg Q\<^sub>p p"] unfolding q_def n_def
+ using "4" n_def q_def by blast
+ have 6: "\<And>i. i \<ge> n \<Longrightarrow> q i = \<zero>"
+ using q_closed 5 UPQ.deg_leE by blast
+ have 7: "(\<forall>i. q i \<in> \<O>\<^sub>p) \<longrightarrow> to_function Z\<^sub>p (to_Zp_poly q) (to_Zp a) = to_Zp (q \<bullet> a)"
+ apply(rule A) unfolding q_def
+ using q_closed q_def apply blast
+ using "4" n_def q_def by blast
+ have 8: "(\<forall>i. q i \<in> \<O>\<^sub>p)"
+ proof fix i show "q i \<in> \<O>\<^sub>p" apply(cases "i < n")
+ using 3 A(4) apply blast using 6[of i]
+ by (metis less_or_eq_imp_le linorder_neqE_nat zero_in_val_ring)
+ qed
+ have 9: "to_function Z\<^sub>p (to_Zp_poly q) (to_Zp a) = to_Zp (q \<bullet> a)"
+ using 7 8 by blast
+ have 10: "to_Zp_poly p = to_Zp_poly q \<oplus>\<^bsub>UP Z\<^sub>p\<^esub> to_Zp_poly (up_ring.monom (UP Q\<^sub>p) c n)"
+ proof fix x
+ have 100: "to_Zp_poly (up_ring.monom (UP Q\<^sub>p) c n) = (up_ring.monom (UP Z\<^sub>p) (to_Zp c) n)"
+ using to_Zp_poly_monom[of c] A(4) c_def by blast
+ have 101: "deg Z\<^sub>p (to_Zp_poly q) \<le> n-1"
+ apply(rule UP_cring.deg_leqI)
+ unfolding UP_cring_def using Zp.R_cring apply auto[1]
+ using to_Zp_poly_closed' 8 q_closed apply blast
+ unfolding to_Zp_poly_def using 4 6
+ by (simp add: to_Zp_zero)
+ have 102: "(to_Zp_poly q) \<in> carrier (UP Z\<^sub>p)"
+ apply(rule to_Zp_poly_closed', rule q_closed) using 8 by blast
+ have 103: "deg Z\<^sub>p (to_Zp_poly q) < n"
+ using 101 4 by linarith
+ have T0: "(to_Zp_poly q \<oplus>\<^bsub>UP Z\<^sub>p\<^esub> to_Zp_poly (up_ring.monom (UP Q\<^sub>p) c n)) x =
+ (to_Zp_poly q x) \<oplus>\<^bsub>Z\<^sub>p\<^esub> (to_Zp_poly (up_ring.monom (UP Q\<^sub>p) c n) x)"
+ apply(rule UP_ring.cfs_add)
+ unfolding UP_ring_def apply (simp add: Zp.is_ring)
+ apply(rule 102) unfolding 100 apply(rule UP_ring.monom_closed)
+ unfolding UP_ring_def apply (simp add: Zp.is_ring)
+ apply(rule to_Zp_closed ) unfolding c_def
+ using A(2) UPQ.UP_car_memE(1) by blast
+ have c_closed: "c \<in> \<O>\<^sub>p"
+ unfolding c_def using A(4) by blast
+ have to_Zp_c_closed: "to_Zp c \<in> carrier Z\<^sub>p"
+ using c_closed to_Zp_closed val_ring_memE(2) by blast
+ show "to_Zp_poly p x = (to_Zp_poly q \<oplus>\<^bsub>UP Z\<^sub>p\<^esub> to_Zp_poly (up_ring.monom (UP Q\<^sub>p) c n)) x"
+ proof(cases "x < n")
+ case True
+ have T1: "(to_Zp_poly (up_ring.monom (UP Q\<^sub>p) c n) x) = \<zero>\<^bsub>Z\<^sub>p\<^esub>"
+ using True UP_ring.cfs_monom[of Z\<^sub>p] unfolding UP_ring_def
+ by (metis "100" A(2) UPQ.cfs_closed UPQ.deg_leE Zp.is_ring c_def n_def to_Zp_closed to_Zp_zero)
+ have T2: "to_Zp (p x) = to_Zp (q x)" using 3[of x] True by smt
+ have T3: "to_Zp (p x) \<in> carrier Z\<^sub>p"
+ apply(rule to_Zp_closed) using A(2) UPQ.UP_car_memE(1) by blast
+ show ?thesis using T3
+ unfolding T0 unfolding T1 unfolding to_Zp_poly_def T2
+ using Zp.cring_simprules(8) add_comm by presburger
+ next
+ case False
+ have F: "q x = \<zero> "
+ using False
+ by (metis "6" less_or_eq_imp_le linorder_neqE_nat)
+ have F': "(to_Zp_poly q) x = \<zero>\<^bsub>Z\<^sub>p\<^esub>"
+ unfolding to_Zp_poly_def F using to_Zp_zero by blast
+ show "to_Zp_poly p x = (to_Zp_poly q \<oplus>\<^bsub>UP Z\<^sub>p\<^esub> to_Zp_poly (up_ring.monom (UP Q\<^sub>p) c n)) x"
+ proof(cases "x = n")
+ case True
+ have T1: "to_Zp (p x) \<in> carrier Z\<^sub>p"
+ apply(rule to_Zp_closed)
+ using A(2) UPQ.UP_car_memE(1) by blast
+ have T2: "(to_Zp_poly (up_ring.monom (UP Q\<^sub>p) c n) x) = to_Zp c"
+ unfolding 100 using UP_ring.cfs_monom[of Z\<^sub>p "to_Zp c" n n] unfolding UP_ring_def True
+ using Zp.is_ring to_Zp_c_closed by presburger
+ show ?thesis using to_Zp_c_closed unfolding T0 F' T2 unfolding to_Zp_poly_def True c_def n_def
+ using Zp.cring_simprules(8) by presburger
+ next
+ case FF: False
+ have F0: "p x = \<zero>"
+ using FF False unfolding n_def
+ using A(2) UPQ.UP_car_memE(2) linorder_neqE_nat by blast
+ have F1: "q x = \<zero>"
+ using FF False F by linarith
+ have F2: "(up_ring.monom (UP Q\<^sub>p) c n) x = \<zero>"
+ using FF False A(2) UPQ.cfs_closed UPQ.cfs_monom c_def by presburger
+ show ?thesis unfolding T0 unfolding to_Zp_poly_def F0 F1 F2
+ using Zp.r_zero Zp.zero_closed to_Zp_zero by presburger
+ qed
+ qed
+ qed
+ have 11: "deg Z\<^sub>p (to_Zp_poly q) \<le> n-1"
+ apply(rule UP_cring.deg_leqI)
+ unfolding UP_cring_def using Zp.R_cring apply auto[1]
+ using to_Zp_poly_closed' 8 q_closed apply blast
+ unfolding to_Zp_poly_def using 4 6
+ by (smt diff_commute diff_diff_cancel less_one less_or_eq_imp_le linorder_neqE_nat to_Zp_zero zero_less_diff)
+ have 12: "(to_Zp_poly q) \<in> carrier (UP Z\<^sub>p)"
+ apply(rule to_Zp_poly_closed', rule q_closed) using 8 by blast
+ have 13: "deg Z\<^sub>p (to_Zp_poly q) < n"
+ using 11 4 by linarith
+ have 14: "to_Zp_poly (up_ring.monom (UP Q\<^sub>p) c n) = (up_ring.monom (UP Z\<^sub>p) (to_Zp c) n)"
+ using to_Zp_poly_monom[of c] A(4) c_def by blast
+ have 15: "Zp.to_fun (to_Zp_poly q \<oplus>\<^bsub>UP Z\<^sub>p\<^esub> to_Zp_poly (up_ring.monom (UP Q\<^sub>p) c n)) (to_Zp a)=
+ Zp.to_fun (to_Zp_poly q) (to_Zp a) \<oplus>\<^bsub>Z\<^sub>p\<^esub> Zp.to_fun (to_Zp_poly (up_ring.monom (UP Q\<^sub>p) c n)) (to_Zp a)"
+ apply(rule Zp.to_fun_plus)
+ unfolding 14 apply(rule UP_ring.monom_closed)
+ unfolding UP_ring_def using Zp.is_ring apply auto[1]
+ apply(rule to_Zp_closed) unfolding c_def
+ using A(2) UPQ.cfs_closed apply blast
+ using 12 apply blast
+ apply(rule to_Zp_closed) using assms val_ring_memE by blast
+ have 16: "to_Zp (q \<bullet> a \<oplus> c \<otimes> a [^] n) = to_Zp (q \<bullet> a) \<oplus>\<^bsub>Z\<^sub>p\<^esub> to_Zp (c \<otimes> a [^] n)"
+ apply(rule to_Zp_add)
+ apply(rule val_ring_poly_eval, rule q_closed)
+ using "8" apply blast
+ apply(rule assms)
+ apply(rule val_ring_times_closed)
+ unfolding c_def using A(4) apply blast
+ by(rule val_ring_nat_pow_closed, rule assms)
+ have 17: " to_function Z\<^sub>p (up_ring.monom (UP Z\<^sub>p) (to_Zp c) n) (to_Zp a) = to_Zp (c \<otimes> a [^] n)"
+ proof-
+ have 170: "to_Zp (c \<otimes> a [^] n) = to_Zp c \<otimes>\<^bsub>Z\<^sub>p\<^esub> to_Zp (a [^] n)"
+ apply(rule to_Zp_mult[of c "a[^]n"])
+ unfolding c_def using A(4) apply blast
+ by(rule val_ring_nat_pow_closed, rule assms)
+ have 171: "to_Zp (a [^] n) = (to_Zp a [^]\<^bsub>Z\<^sub>p\<^esub>n)"
+ by(rule to_Zp_nat_pow, rule assms)
+ have 172: "to_Zp c \<in> carrier Z\<^sub>p "
+ apply(rule to_Zp_closed) unfolding c_def
+ using A(2) UPQ.UP_car_memE(1) by blast
+ have 173: "to_Zp a \<in> carrier Z\<^sub>p "
+ apply(rule to_Zp_closed) using assms val_ring_memE by blast
+ show ?thesis
+ using 172 173 Zp.to_fun_monom[of "to_Zp c" "to_Zp a" n] unfolding Zp.to_fun_def 170 171
+ by blast
+ qed
+ show ?thesis
+ using 15 unfolding Zp.to_fun_def 10 2 16 9 unfolding 14 17
+ by blast
+ qed
+ qed
+ qed
+ thus ?thesis using assms by blast
+qed
+
+lemma inc_nat_pow:
+ assumes "a \<in> carrier Z\<^sub>p"
+ shows "\<iota> ([(n::nat)] \<cdot>\<^bsub>Z\<^sub>p\<^esub>a) = [n]\<cdot>(\<iota> a)"
+ apply(induction n)
+ apply (metis Q\<^sub>p_def Qp.int_inc_zero Qp.nat_mult_zero Zp.add.nat_pow_0 Zp_int_inc_zero' \<iota>_def frac_inc_of_int)
+ unfolding Qp.add.nat_pow_Suc Zp.add.nat_pow_Suc
+ using Zp_nat_mult_closed assms inc_of_sum by presburger
+
+lemma poly_inc_pderiv:
+ assumes "g \<in> carrier (UP Z\<^sub>p)"
+ shows "poly_inc (Zp.pderiv g) = UPQ.pderiv (poly_inc g)"
+proof fix x
+ have 0: "UPQ.pderiv (poly_inc g) x = [Suc x] \<cdot> poly_inc g (Suc x)"
+ apply(rule UPQ.pderiv_cfs[of "poly_inc g" x])
+ by(rule poly_inc_closed, rule assms)
+ have 1: "Zp.pderiv g x = [Suc x] \<cdot>\<^bsub>Z\<^sub>p\<^esub> g (Suc x)"
+ by(rule Zp.pderiv_cfs[of g x], rule assms)
+ show "poly_inc (Zp.pderiv g) x = UPQ.pderiv (poly_inc g) x"
+ unfolding 0 unfolding poly_inc_def 1 apply(rule inc_nat_pow)
+ using Zp.UP_car_memE(1) assms by blast
+qed
+
+lemma Zp_hensels_lemma:
+ assumes "f \<in> carrier Zp_x"
+ assumes "a \<in> carrier Z\<^sub>p"
+ assumes "Zp.to_fun (Zp.pderiv f) a \<noteq> \<zero>\<^bsub>Z\<^sub>p\<^esub>"
+ assumes "Zp.to_fun f a \<noteq> \<zero>\<^bsub>Z\<^sub>p \<^esub>"
+ assumes "val_Zp (Zp.to_fun f a) > eint 2 * val_Zp (Zp.to_fun (Zp.pderiv f) a)"
+ obtains \<alpha> where
+ "Zp.to_fun f \<alpha> = \<zero>\<^bsub>Z\<^sub>p\<^esub>" and "\<alpha> \<in> carrier Z\<^sub>p"
+ "val_Zp (a \<ominus>\<^bsub>Z\<^sub>p\<^esub> \<alpha>) > val_Zp (Zp.to_fun (Zp.pderiv f) a)"
+ "val_Zp (a \<ominus>\<^bsub>Z\<^sub>p\<^esub> \<alpha>) = val_Zp (divide (Zp.to_fun f a) (Zp.to_fun (Zp.pderiv f) a))"
+ "val_Zp (Zp.to_fun (Zp.pderiv f) \<alpha>) = val_Zp (Zp.to_fun (Zp.pderiv f) a)"
+proof-
+ have "hensel p f a"
+ using assms
+ by (simp add: Zp_def hensel.intro hensel_axioms.intro padic_integers_axioms)
+ then show ?thesis
+ using hensel.full_hensels_lemma[of p f a] that
+ unfolding Zp_def
+ by blast
+qed
+
+end
+end
diff --git a/thys/Padic_Field/Padic_Field_Powers.thy b/thys/Padic_Field/Padic_Field_Powers.thy
new file mode 100755
--- /dev/null
+++ b/thys/Padic_Field/Padic_Field_Powers.thy
@@ -0,0 +1,11440 @@
+theory Padic_Field_Powers
+ imports Ring_Powers Padic_Field_Polynomials Generated_Boolean_Algebra
+ Padic_Field_Topology
+
+
+begin
+
+text\<open>This theory is intended to develop the necessary background on subsets of powers of a $p$-adic
+field to prove Macintyre's quantifier elimination theorem. In particular, we define semi-algebraic
+subsets of $\mathbb{Q}_p^n$, semi-algebraic functions $\mathbb{Q}_p^n \to \mathbb{Q}_p$, and semi-
+algebraic mappings $\mathbb{Q}_p^n \to \mathbb{Q}_p^m$ for arbitrary $n, m \in \mathbb{N}$. In
+addition we prove that many common sets and functions are semi-algebraic. We are closely following
+the paper \cite{denef1986} by Denef, where an algebraic proof of Mactinyre's theorem is developed.\<close>
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+section\<open>Cartesian Powers of $p$-adic Fields\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+lemma list_tl:
+"tl (t#x) = x"
+ using List.list.sel(3) by auto
+
+lemma list_hd:
+"hd (t#x) = t"
+ unfolding List.list.sel(1) by auto
+
+
+sublocale padic_fields < cring_coord_rings Q\<^sub>p "UP Q\<^sub>p"
+ unfolding cring_coord_rings_axioms_def cring_coord_rings_def
+ using Qp.zero_not_one UPQ.R_cring
+ apply (simp add: UPQ.is_UP_cring)
+ by auto
+
+sublocale padic_fields < Qp: domain_coord_rings Q\<^sub>p "UP Q\<^sub>p"
+ unfolding domain_coord_rings_def cring_coord_rings_axioms_def cring_coord_rings_def
+ using Qp.domain_axioms Qp.zero_not_one UPQ.R_cring
+ apply (simp add: UPQ.UP_cring_axioms)
+ by auto
+
+context padic_fields
+begin
+no_notation Zp.to_fun (infixl\<open>\<bullet>\<close> 70)
+no_notation ideal_prod (infixl "\<cdot>\<index>" 80)
+
+notation
+evimage (infixr "\<inverse>\<index>" 90) and
+euminus_set ("_ \<^sup>c\<index>" 70)
+
+
+type_synonym padic_tuple = "padic_number list"
+type_synonym padic_function = "padic_number \<Rightarrow> padic_number"
+type_synonym padic_nary_function = "padic_tuple \<Rightarrow> padic_number"
+type_synonym padic_function_tuple = "padic_nary_function list"
+type_synonym padic_nary_function_poly = "nat \<Rightarrow> padic_nary_function"
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Polynomials over $\mathbb{Q}_p$ and Polynomial Maps\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+lemma last_closed':
+ assumes "x@[t] \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "t \<in> carrier Q\<^sub>p"
+ using assms last_closed[of n "x@[t]" Q\<^sub>p]
+ by (metis (full_types) cartesian_power_car_memE gr0I last_snoc
+ length_append_singleton less_not_refl zero_less_Suc)
+
+lemma segment_in_car':
+ assumes "x@[t] \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)"
+ shows "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+proof-
+ have 0: "length x = n"
+ by (metis Suc_inject assms cartesian_power_car_memE length_append_singleton)
+ have "set x \<subseteq> set (x@[t])"
+ by (metis rotate1.simps(2) set_rotate1 set_subset_Cons)
+ then have 1: "set x \<subseteq> carrier Q\<^sub>p"
+ using assms cartesian_power_car_memE''[of "x@[t]" Q\<^sub>p "Suc n"]
+ by blast
+ show ?thesis
+ using 0 1 assms cartesian_power_car_memI[of x n Q\<^sub>p]
+ by blast
+qed
+
+lemma Qp_zero:
+"Q\<^sub>p\<^bsup>0\<^esup> = nil_ring"
+ unfolding cartesian_power_def
+ by simp
+
+lemma Qp_zero_carrier:
+"carrier (Q\<^sub>p\<^bsup>0\<^esup>) = {[]}"
+ by (simp add: Qp_zero)
+
+text\<open>Abbreviation for constant polynomials\<close>
+
+abbreviation(input) Qp_to_IP where
+"Qp_to_IP k \<equiv> Qp.indexed_const k"
+
+lemma Qp_to_IP_car:
+ assumes "k \<in> carrier Q\<^sub>p"
+ shows "Qp_to_IP k \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ using assms
+ unfolding coord_ring_def
+ using Qp.indexed_const_closed by blast
+
+lemma(in cring_coord_rings) smult_closed:
+ assumes "a \<in> carrier R"
+ assumes "q \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "a \<odot>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> q \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using assms unfolding coord_ring_def
+ using Pring_smult_closed
+ by (simp add: R.Pring_smult_closed)
+
+
+lemma Qp_poly_smult_cfs:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "P \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "(a \<odot>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> P) m = a \<otimes> (P m)"
+ using assms unfolding coord_ring_def
+ using Qp.Pring_smult_cfs by blast
+
+lemma Qp_smult_r_distr:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "P \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "q \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "a \<odot>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> (P \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> q) = (a \<odot>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> P) \<oplus>\<^bsub> Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> (a \<odot>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> q)"
+ using assms unfolding coord_ring_def
+ using Qp.Pring_smult_r_distr by blast
+
+lemma Qp_smult_l_distr:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "P \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "(a \<oplus> b) \<odot>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> P = (a \<odot>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> P) \<oplus>\<^bsub> Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> (b \<odot>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> P)"
+ using assms unfolding coord_ring_def
+ using Qp.Pring_smult_l_distr by blast
+
+abbreviation(input) Qp_funs where
+"Qp_funs n \<equiv> Fun\<^bsub>n\<^esub> Q\<^sub>p"
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Evaluation of Polynomials in $\mathbb{Q}_p$\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+abbreviation(input) Qp_ev where
+"Qp_ev P q \<equiv> (eval_at_point Q\<^sub>p q P)"
+
+lemma Qp_ev_one:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "Qp_ev \<one>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> a = \<one>" unfolding coord_ring_def
+ by (metis Qp.Pring_one eval_at_point_const Qp.one_closed assms)
+
+lemma Qp_ev_zero:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "Qp_ev \<zero>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> a = \<zero>"unfolding coord_ring_def
+ by (metis Qp.Pring_zero eval_at_point_const Qp.zero_closed assms)
+
+lemma Qp_eval_pvar_pow:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "k < n"
+ assumes "(m::nat) \<noteq> 0"
+ shows "Qp_ev ((pvar Q\<^sub>p k)[^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> m) a = ((a!k)[^]m)"
+ by (metis eval_at_point_nat_pow eval_pvar assms(1) assms(2) pvar_closed)
+
+text\<open>composition of polynomials over $\mathbb{Q}_p$\<close>
+
+definition Qp_poly_comp where
+"Qp_poly_comp m fs = poly_compose (length fs) m fs"
+
+text\<open>lemmas about polynomial maps\<close>
+
+lemma Qp_is_poly_tupleI:
+ assumes "\<And>i. i < length fs\<Longrightarrow> fs!i \<in> carrier (Q\<^sub>p[\<X>\<^bsub>m\<^esub>])"
+ shows "is_poly_tuple m fs"
+ unfolding is_poly_tuple_def using assms
+ using cartesian_power_car_memE'' cartesian_power_car_memI' by blast
+
+lemma Qp_is_poly_tuple_append:
+ assumes "is_poly_tuple m fs"
+ assumes "is_poly_tuple m gs"
+ shows "is_poly_tuple m (fs@gs)"
+proof(rule Qp_is_poly_tupleI)
+ show "\<And>i. i < length (fs @ gs) \<Longrightarrow> (fs @ gs) ! i \<in> carrier (Q\<^sub>p[\<X>\<^bsub>m\<^esub>])"
+ proof- fix i assume A: "i < length (fs @ gs)"
+ show "(fs @ gs) ! i \<in> carrier (Q\<^sub>p[\<X>\<^bsub>m\<^esub>])"
+ apply(cases "i < length fs")
+ using assms is_poly_tupleE[of m fs i] nth_append[of fs gs i]
+ apply presburger
+ proof-
+ assume B: "\<not> i < length fs"
+ then have C: "length fs \<le> i \<and> i < length (fs @ gs)"
+ using A not_le
+ by blast
+ then have "i - length fs < length gs"
+ using length_append[of fs gs]
+ by linarith
+ then show ?thesis
+ using A assms is_poly_tupleE[of m gs "i - length fs"] nth_append[of fs gs i] B
+ by presburger
+ qed
+ qed
+qed
+
+lemma Qp_poly_mapE:
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = m"
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "j < m"
+ shows "(poly_map n fs as)!j \<in> carrier Q\<^sub>p"
+ using assms poly_map_closed cartesian_power_car_memE' by blast
+
+lemma Qp_poly_mapE':
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "length (poly_map n fs as) = length fs"
+ unfolding poly_map_def
+ using Qp.cring_axioms poly_tuple_evalE'
+ by (metis assms restrict_def)
+
+lemma Qp_poly_mapE'':
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = m"
+ assumes "n \<noteq> 0"
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "j < m"
+ shows "(poly_map n fs as)!j = (Qp_ev (fs!j) as)"
+ using assms
+ unfolding poly_map_def poly_tuple_eval_def
+ by (metis (no_types, lifting) nth_map restrict_apply')
+
+lemma poly_map_apply:
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "poly_map n fs as = poly_tuple_eval fs as"
+ unfolding poly_map_def restrict_def
+ by (simp add: assms)
+
+lemma poly_map_pullbackI:
+ assumes "is_poly_tuple n fs"
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "poly_map n fs as \<in> S"
+ shows "as \<in> poly_map n fs \<inverse>\<^bsub>n\<^esub> S"
+ using assms poly_map_apply
+ by blast
+
+lemma poly_map_pullbackI':
+ assumes "is_poly_tuple n fs"
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "poly_map n fs as \<in> S"
+ shows "as \<in> ((poly_map n fs) -` S)"
+ by (simp add: assms(3))
+
+text\<open>lemmas about polynomial composition\<close>
+lemma poly_compose_ring_hom:
+ assumes "is_poly_tuple m fs"
+ assumes "length fs = n"
+ shows "(ring_hom_ring (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) (Q\<^sub>p[\<X>\<^bsub>m\<^esub>]) (Qp_poly_comp m fs))"
+ unfolding Qp_poly_comp_def
+ by (simp add: assms(1) assms(2) poly_compose_ring_hom)
+
+lemma poly_compose_closed:
+ assumes "is_poly_tuple m fs"
+ assumes "length fs = n"
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "(Qp_poly_comp m fs f) \<in> carrier (Q\<^sub>p[\<X>\<^bsub>m\<^esub>])"
+ using Qp.cring_axioms assms
+ unfolding Qp_poly_comp_def
+ using poly_compose_closed by blast
+
+
+lemma poly_compose_add:
+ assumes "is_poly_tuple m fs"
+ assumes "length fs = n"
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "Qp_poly_comp m fs (f \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> g) = (Qp_poly_comp m fs f) \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>m\<^esub>]\<^esub> (Qp_poly_comp m fs g)"
+ using Qp.cring_axioms assms poly_compose_add
+ unfolding is_poly_tuple_def Qp_poly_comp_def
+ by blast
+
+lemma poly_compose_mult:
+ assumes "is_poly_tuple m fs"
+ assumes "length fs = n"
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "Qp_poly_comp m fs (f \<otimes>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> g) = (Qp_poly_comp m fs f) \<otimes>\<^bsub>Q\<^sub>p[\<X>\<^bsub>m\<^esub>]\<^esub> (Qp_poly_comp m fs g)"
+ using Qp.cring_axioms assms poly_compose_mult
+ unfolding is_poly_tuple_def Qp_poly_comp_def
+ by blast
+
+lemma poly_compose_const:
+ assumes "is_poly_tuple m fs"
+ assumes "length fs = n"
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "Qp_poly_comp m fs (Qp_to_IP a) = Qp_to_IP a"
+ using Qp.cring_axioms assms poly_compose_const
+ unfolding is_poly_tuple_def Qp_poly_comp_def
+ by metis
+
+lemma Qp_poly_comp_eval:
+ assumes "is_poly_tuple m fs"
+ assumes "length fs = n"
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ shows "Qp_ev (Qp_poly_comp m fs f) as = Qp_ev f (poly_map m fs as)"
+proof-
+ have "(restrict (poly_tuple_eval fs) (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) as) = poly_tuple_eval fs as"
+ unfolding restrict_def
+ by (simp add: assms)
+ thus ?thesis
+ using assms Qp.cring_axioms poly_compose_eval
+ unfolding Qp_poly_comp_def poly_map_def
+ by presburger
+qed
+
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Mapping Univariate Polynomials to Multivariable Polynomials in One Variable\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+abbreviation(input) to_Qp_x where
+"to_Qp_x \<equiv> (IP_to_UP (0::nat) :: (nat multiset \<Rightarrow> padic_number) \<Rightarrow> nat \<Rightarrow> padic_number)"
+
+abbreviation(input) from_Qp_x where
+"from_Qp_x \<equiv> UP_to_IP Q\<^sub>p (0::nat)"
+
+lemma from_Qp_x_closed:
+ assumes "q \<in> carrier Q\<^sub>p_x"
+ shows "from_Qp_x q \<in> carrier (Q\<^sub>p[\<X>\<^bsub>1\<^esub>])"
+ using assms UP_to_IP_closed unfolding coord_ring_def
+ by (metis One_nat_def lessThan_0 lessThan_Suc)
+
+lemma to_Qp_x_closed:
+ assumes "q \<in> carrier (Q\<^sub>p[\<X>\<^bsub>1\<^esub>])"
+ shows "to_Qp_x q \<in> carrier Q\<^sub>p_x"
+ using assms Qp.IP_to_UP_closed[of q "0::nat"] Qp.cring_axioms
+ unfolding coord_ring_def
+ by (metis One_nat_def lessThan_0 lessThan_Suc)
+
+lemma to_Qp_x_from_Qp_x:
+ assumes "q \<in> carrier (Q\<^sub>p[\<X>\<^bsub>1\<^esub>])"
+ shows "from_Qp_x (to_Qp_x q) = q"
+ using assms UP_to_IP_inv[of q "0::nat"] Qp.Pring_car
+ unfolding coord_ring_def
+ by (metis One_nat_def lessThan_0 lessThan_Suc)
+
+lemma from_Qp_x_to_Qp_x:
+ assumes "q \<in> carrier Q\<^sub>p_x"
+ shows "to_Qp_x (from_Qp_x q) = q"
+ by (meson UPQ.IP_to_UP_inv assms)
+
+text\<open>ring hom properties of these maps\<close>
+
+lemma to_Qp_x_ring_hom:
+"to_Qp_x \<in> ring_hom (Q\<^sub>p[\<X>\<^bsub>1\<^esub>]) Q\<^sub>p_x"
+ using IP_to_UP_ring_hom[of "0::nat"] ring_hom_ring.homh
+ unfolding coord_ring_def
+ by (metis One_nat_def lessThan_0 lessThan_Suc)
+
+lemma from_Qp_x_ring_hom:
+"from_Qp_x \<in> ring_hom Q\<^sub>p_x (Q\<^sub>p[\<X>\<^bsub>1\<^esub>])"
+ using UP_to_IP_ring_hom ring_hom_ring.homh
+ unfolding coord_ring_def
+ by (metis One_nat_def lessThan_0 lessThan_Suc)
+
+
+lemma from_Qp_x_add:
+ assumes "a \<in> carrier Q\<^sub>p_x"
+ assumes "b \<in> carrier Q\<^sub>p_x"
+ shows "from_Qp_x (a \<oplus>\<^bsub>Q\<^sub>p_x\<^esub> b) = from_Qp_x a \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>1\<^esub>]\<^esub> from_Qp_x b"
+ by (metis (mono_tags, lifting) assms(1) assms(2) from_Qp_x_ring_hom ring_hom_add)
+
+lemma from_Qp_x_mult:
+ assumes "a \<in> carrier Q\<^sub>p_x"
+ assumes "b \<in> carrier Q\<^sub>p_x"
+ shows "from_Qp_x (a \<otimes>\<^bsub>Q\<^sub>p_x\<^esub> b) = from_Qp_x a \<otimes>\<^bsub>Q\<^sub>p[\<X>\<^bsub>1\<^esub>]\<^esub> from_Qp_x b"
+ by (metis assms(1) assms(2) from_Qp_x_ring_hom ring_hom_mult)
+
+text\<open>equivalence of evaluation maps\<close>
+
+lemma Qp_poly_Qp_x_eval:
+ assumes "P \<in> carrier (Q\<^sub>p[\<X>\<^bsub>1\<^esub>])"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ shows "Qp_ev P a = (to_Qp_x P)\<bullet>(Qp.to_R a)"
+proof-
+ have 0: "(IP_to_UP 0 P) \<bullet> (a ! 0) = ((IP_to_UP 0 P) \<bullet> (if 0 < length a then a ! 0 else \<zero>))"
+ using assms
+ by (metis (mono_tags, lifting) cartesian_power_car_memE gr0I zero_neq_one)
+ have 1: "closed_fun Q\<^sub>p (\<lambda>n. if n < length a then a ! n else \<zero>)"
+ proof
+ fix n
+ show "(if n < length a then a ! n else \<zero>) \<in> carrier Q\<^sub>p"
+ apply(cases "n < length a")
+ using assms
+ apply (metis cartesian_power_car_memE cartesian_power_car_memE')
+ by (meson Qp.cring_axioms cring.cring_simprules(2))
+ qed
+ have 2: " P \<in> Pring_set Q\<^sub>p {0::nat}"
+ using assms unfolding coord_ring_def
+ by (metis Qp.Pring_car UPQ.UP_to_IP_closed assms(1) to_Qp_x_closed to_Qp_x_from_Qp_x)
+ have 3: "total_eval Q\<^sub>p (\<lambda>i. if i < length a then a ! i else \<zero>) P = IP_to_UP 0 P \<bullet> (if 0 < length a then a ! 0 else \<zero>)"
+ using 1 2 assms IP_to_UP_poly_eval[of P "0::nat" "(\<lambda>i. if i < length a then a ! i else \<zero>)" ]
+ UPQ.to_fun_def by presburger
+ then show ?thesis
+ using 0
+ unfolding eval_at_point_def
+ by blast
+qed
+
+lemma Qp_x_Qp_poly_eval:
+ assumes "P \<in> carrier Q\<^sub>p_x"
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "P \<bullet> a = Qp_ev (from_Qp_x P) (to_R1 a)"
+proof-
+ have "Qp_ev (from_Qp_x P) (to_R1 a) = (to_Qp_x (from_Qp_x P))\<bullet>(Qp.to_R (Qp.to_R1 a))"
+ using Qp_poly_Qp_x_eval assms(1) assms(2) from_Qp_x_closed Qp.to_R1_closed by blast
+ then show ?thesis using assms
+ by (metis UPQ.IP_to_UP_inv Qp.to_R_to_R1)
+qed
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>$n^{th}$-Power Sets over $\mathbb{Q}_p$\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+definition P_set where
+"P_set (n::nat) = {a \<in> nonzero Q\<^sub>p. (\<exists>y \<in> carrier Q\<^sub>p . (y[^] n) = a)}"
+
+lemma P_set_carrier:
+"P_set n \<subseteq> carrier Q\<^sub>p"
+ unfolding P_set_def nonzero_def
+ by blast
+
+lemma P_set_memI:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "a \<noteq> \<zero>"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "b[^](n::nat) = a"
+ shows "a \<in> P_set n"
+ unfolding P_set_def
+ using assms
+ by (metis (mono_tags, lifting) mem_Collect_eq not_nonzero_Qp)
+
+lemma P_set_nonzero:
+"P_set n \<subseteq> nonzero Q\<^sub>p"
+ unfolding P_set_def by blast
+
+
+lemma P_set_nonzero':
+ assumes "a \<in> P_set n"
+ shows "a \<in> nonzero Q\<^sub>p"
+ "a \<in> carrier Q\<^sub>p"
+ using assms P_set_nonzero P_set_carrier
+ apply blast using assms P_set_carrier by blast
+
+lemma P_set_one:
+ assumes "n \<noteq> 0"
+ shows "\<one> \<in> P_set (n::nat)"
+proof-
+ have 0: "\<one>[^]n = \<one>"
+ using Qp.nat_pow_one by blast
+ have 1: "\<one> \<in> carrier Q\<^sub>p"
+ by blast
+ then show ?thesis
+ using one_nonzero unfolding P_set_def
+ using 0 by blast
+qed
+
+lemma zeroth_P_set:
+"P_set 0 = {\<one>}"
+proof
+ show "P_set 0 \<subseteq> {\<one>}"
+ unfolding P_set_def
+ proof
+ fix x
+ assume "x \<in> {a \<in> nonzero Q\<^sub>p. \<exists>y\<in>carrier Q\<^sub>p. (y[^](0::nat)) = a}"
+ then have "\<exists>y\<in>carrier Q\<^sub>p. (y[^](0::nat)) = x"
+ by blast
+ then obtain a where a_def: "a \<in> carrier Q\<^sub>p \<and> (a[^](0::nat)) = x"
+ by blast
+ then show "x \<in> {\<one>}"
+ using Qp.nat_pow_0 by blast
+ qed
+ show "{\<one>} \<subseteq> P_set 0"
+ using P_set_memI[of \<one> \<one> 0] Qp.nat_pow_one Qp.one_closed local.one_neq_zero
+ by blast
+qed
+
+lemma P_set_mult_closed:
+ assumes "n \<noteq> 0"
+ assumes "a \<in> P_set n"
+ assumes "b \<in> P_set n"
+ shows "a \<otimes> b \<in> P_set n"
+proof-
+ obtain a0 where a0_def: "a0 \<in> carrier Q\<^sub>p \<and> (a0 [^] n = a)"
+ using assms(2)
+ unfolding P_set_def
+ by blast
+ obtain b0 where b0_def: "b0 \<in> carrier Q\<^sub>p \<and> (b0 [^] n = b)"
+ using assms(3)
+ unfolding P_set_def
+ by blast
+ have "(a0 \<otimes> b0) [^] n = a0 [^] n \<otimes> b0 [^] n"
+ using a0_def b0_def Qp.nat_pow_distrib by blast
+ then have 0: "a \<otimes> b = (a0 \<otimes> b0) [^] n"
+ using a0_def b0_def by blast
+ have 1: "a0 \<otimes> b0 \<in> carrier Q\<^sub>p"
+ by (meson Qp.cring_axioms a0_def b0_def cring.cring_simprules(5))
+ have 2: "a \<otimes> b \<in> nonzero Q\<^sub>p"
+ using assms nonzero_is_submonoid unfolding P_set_def
+ by (metis (no_types, lifting) "0" "1" Qp.integral Qp_nat_pow_nonzero a0_def b0_def mem_Collect_eq not_nonzero_Qp)
+ then show ?thesis
+ using 0 1 assms
+ unfolding P_set_def by blast
+qed
+
+lemma P_set_inv_closed:
+ assumes "a \<in> P_set n"
+ shows "inv a \<in> P_set n"
+proof(cases "n = 0")
+ case True
+ then show ?thesis
+ using assms zeroth_P_set
+ by (metis Qp.inv_one singletonD)
+next
+ case False
+ then show ?thesis proof-
+ obtain a0 where a0_def: "a0 \<in> carrier Q\<^sub>p \<and> a0[^]n = a"
+ using assms P_set_def[of n] by blast
+ have "a0 \<in> nonzero Q\<^sub>p"
+ apply(rule ccontr)
+ proof-
+ assume "a0 \<notin> nonzero Q\<^sub>p "
+ then have "a0 = \<zero>"
+ using a0_def
+ by (meson not_nonzero_Qp)
+ then show False using a0_def assms
+ by (metis (mono_tags, lifting) False P_set_def Qp.cring_axioms \<open>a0 \<notin> nonzero Q\<^sub>p\<close>
+ cring_def mem_Collect_eq neq0_conv ring.pow_zero)
+ qed
+ then have "(inv a0)[^]n = inv a"
+ using a0_def \<open>a0 \<in> carrier Q\<^sub>p \<and> (a0[^]n) = a\<close> \<open>a0 \<in> nonzero Q\<^sub>p\<close> Units_nonzero
+ monoid.nat_pow_of_inv[of Q\<^sub>p a n] Qp.nat_pow_of_inv Units_eq_nonzero by presburger
+ then show ?thesis
+ by (metis P_set_memI Qp.nat_pow_closed Qp.nonzero_memE(2) Qp.nonzero_pow_nonzero \<open>a0 \<in> nonzero Q\<^sub>p\<close> a0_def inv_in_frac(1) inv_in_frac(2))
+ qed
+qed
+
+lemma P_set_val:
+ assumes "a \<in> P_set (n::nat)"
+ shows "(ord a) mod n = 0"
+proof(cases "n = 0")
+ case True
+ then show ?thesis
+ using assms zeroth_P_set
+ by (metis mod_by_0 of_nat_0 ord_one singletonD)
+next
+ case False
+ then show ?thesis
+ proof-
+ obtain b where b_def: "b \<in> carrier Q\<^sub>p \<and> (b[^] n) = a"
+ using assms P_set_def by blast
+ have an: "a \<in> nonzero Q\<^sub>p"
+ using P_set_def assms by blast
+ have bn: "b \<in> nonzero Q\<^sub>p"
+ proof(rule ccontr)
+ assume "b \<notin> nonzero Q\<^sub>p"
+ then have "b = \<zero>\<^bsub> Q\<^sub>p\<^esub>"
+ using b_def not_nonzero_Qp
+ by metis
+ then have "(b[^] n) = \<zero>"
+ using False Qp.cring_axioms cring_def ring.pow_zero
+ by blast
+ then show False
+ using b_def an Qp.not_nonzero_memI by blast
+ qed
+ then have "ord a = n * (ord b)"
+ using b_def an nonzero_nat_pow_ord
+ by blast
+ then show ?thesis
+ by (metis mod_mult_self1_is_0)
+ qed
+qed
+
+
+lemma P_set_pow:
+ assumes "n > 0"
+ assumes "s \<in> P_set n"
+ shows "s[^]k \<in> P_set (n*k)"
+proof-
+ obtain y where y_def: "y \<in> carrier Q\<^sub>p \<and> y[^]n = s"
+ using assms unfolding P_set_def by blast
+ then have 0: "y \<in> nonzero Q\<^sub>p"
+ using assms P_set_nonzero'(1) Qp_nonzero_nat_pow by blast
+ have 1: "y[^](n*k) = s[^] k"
+ using 0 y_def assms Qp.nat_pow_pow by blast
+ hence 2: "s[^]k \<in> nonzero Q\<^sub>p"
+ using 0 by (metis Qp_nat_pow_nonzero)
+ thus ?thesis unfolding P_set_def using 1 y_def by blast
+qed
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Semialgebraic Sets\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ In this section we introduce the notion of a $p$-adic semialgebraic set. Intuitively, these are
+ the subsets of $\mathbb{Q}_p^n$ which are definable by first order quantifier-free formulas in
+ the standard first-order language of rings, with an additional relation symbol included for the
+ relation $\text{ val}(x) \leq \text{ val}(y)$, interpreted according to the definiton of the
+ $p$-adic valuation on $\mathbb{Q}_p$. In fact, by Macintyre's quantifier elimination theorem
+ for the first-order theory of $\mathbb{Q}_p$ in this language, one can equivalently remove the
+ ``quantifier-free" clause from the latter definition. The definition we give here is also
+ equivalent, and due to Denef in \cite{denef1986}. The given definition here is desirable mainly
+ for its utility in producing a proof of Macintyre's theorem, which is our overarching goal.
+\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>Defining Semialgebraic Sets\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+definition basic_semialg_set where
+"basic_semialg_set (m::nat) (n::nat) P = {q \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). \<exists>y \<in> carrier Q\<^sub>p. Qp_ev P q = (y[^]n)}"
+
+lemma basic_semialg_set_zero_set:
+ assumes "P \<in> carrier (Q\<^sub>p[\<X>\<^bsub>m\<^esub>])"
+ assumes "q \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ assumes "Qp_ev P q = \<zero>"
+ assumes "n \<noteq> 0"
+ shows "q \<in> basic_semialg_set (m::nat) (n::nat) P"
+proof-
+ have "\<zero> = (\<zero>[^]n)"
+ using assms(4) Qp.nat_pow_zero by blast
+ then show ?thesis
+ unfolding basic_semialg_set_def
+ using assms Qp.cring_axioms cring.cring_simprules(2)
+ by blast
+qed
+
+lemma basic_semialg_set_def':
+ assumes "n \<noteq> 0"
+ assumes "P \<in> carrier (Q\<^sub>p[\<X>\<^bsub>m\<^esub>])"
+ shows "basic_semialg_set (m::nat) (n::nat) P = {q \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). Qp_ev P q = \<zero> \<or> Qp_ev P q \<in> (P_set n)}"
+proof
+ show "basic_semialg_set m n P \<subseteq> {q \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). Qp_ev P q = \<zero> \<or> Qp_ev P q \<in> P_set n}"
+ proof
+ fix x
+ assume A: "x \<in> basic_semialg_set m n P"
+ show "x \<in> {q \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). Qp_ev P q = \<zero> \<or> Qp_ev P q \<in> P_set n}"
+ apply(cases "Qp_ev P x = \<zero>")
+ using A basic_semialg_set_def apply blast
+ unfolding basic_semialg_set_def P_set_def
+ proof
+ assume A0: "Qp_ev P x \<noteq> \<zero>"
+ have A1: " \<exists>y\<in>carrier Q\<^sub>p. Qp_ev P x = (y[^]n)"
+ using A basic_semialg_set_def
+ by blast
+ have A2: "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using A basic_semialg_set_def
+ by blast
+ show " x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<and> (Qp_ev P x = \<zero> \<or> Qp_ev P x \<in> {a \<in> nonzero Q\<^sub>p. \<exists>y\<in>carrier Q\<^sub>p. (y[^]n) = a})"
+ by (metis (mono_tags, lifting) A1 A2 Qp.nonzero_memI assms(2) eval_at_point_closed mem_Collect_eq)
+ qed
+ qed
+ show "{q \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). Qp_ev P q = \<zero> \<or> Qp_ev P q \<in> P_set n} \<subseteq> basic_semialg_set m n P"
+ proof
+ fix x
+ assume A: " x \<in> {q \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). Qp_ev P q = \<zero> \<or> Qp_ev P q \<in> P_set n}"
+ then have A':"x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ by blast
+ show "x \<in> basic_semialg_set m n P"
+ using A A'
+ apply(cases "Qp_ev P x = \<zero>")
+ using assms basic_semialg_set_zero_set[of P m x n]
+ apply blast
+ proof-
+ assume B: "x \<in> {q \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). Qp_ev P q = \<zero> \<or> Qp_ev P q \<in> P_set n} "
+ assume B': "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ assume B'': "Qp_ev P x \<noteq> \<zero> "
+ show "x \<in> basic_semialg_set m n P"
+ unfolding basic_semialg_set_def P_set_def
+ proof
+ have "\<exists>y\<in>carrier Q\<^sub>p. Qp_ev P x = (y[^]n) "
+ using A nonzero_def [of Q\<^sub>p] unfolding P_set_def
+ proof -
+ assume "x \<in> {q \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). Qp_ev P q = \<zero> \<or> Qp_ev P q \<in> {a \<in> nonzero Q\<^sub>p. \<exists>y\<in>carrier Q\<^sub>p. (y[^]n) = a}}"
+ then have "Qp_ev P x \<in> nonzero Q\<^sub>p \<and> (\<exists>r. r \<in> carrier Q\<^sub>p \<and> (r[^]n) = Qp_ev P x)"
+ using B'' by blast
+ then show ?thesis
+ by blast
+ qed
+ then show "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<and> (\<exists>y\<in>carrier Q\<^sub>p. Qp_ev P x = (y[^]n))"
+ using B'
+ by blast
+ qed
+ qed
+ qed
+qed
+
+lemma basic_semialg_set_memI:
+ assumes "q \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ assumes "y \<in> carrier Q\<^sub>p"
+ assumes "Qp_ev P q = (y[^]n)"
+ shows "q \<in> basic_semialg_set m n P"
+ using assms(1) assms(2) assms(3) basic_semialg_set_def
+ by blast
+
+lemma basic_semialg_set_memE:
+ assumes "q \<in> basic_semialg_set m n P"
+ shows "q \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ "\<exists>y \<in> carrier Q\<^sub>p. Qp_ev P q = (y[^]n)"
+ using assms basic_semialg_set_def apply blast
+ using assms basic_semialg_set_def by blast
+
+definition is_basic_semialg :: "nat \<Rightarrow> ((nat \<Rightarrow> int) \<times> (nat \<Rightarrow> int)) set list set \<Rightarrow> bool" where
+"is_basic_semialg m S \<equiv> (\<exists> (n::nat) \<noteq> 0. (\<exists> P \<in> carrier (Q\<^sub>p[\<X>\<^bsub>m\<^esub>]). S = basic_semialg_set m n P))"
+
+abbreviation(input) basic_semialgs where
+"basic_semialgs m \<equiv> {S. (is_basic_semialg m S)}"
+
+definition semialg_sets where
+"semialg_sets n = gen_boolean_algebra (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) (basic_semialgs n)"
+
+lemma carrier_is_semialg:
+"(carrier (Q\<^sub>p\<^bsup>n\<^esup>)) \<in> semialg_sets n "
+ unfolding semialg_sets_def
+ using gen_boolean_algebra.universe by blast
+
+lemma empty_set_is_semialg:
+" {} \<in> semialg_sets n"
+ using carrier_is_semialg[of n]
+ unfolding semialg_sets_def using gen_boolean_algebra.complement
+ by (metis Diff_cancel)
+
+lemma semialg_intersect:
+ assumes "A \<in> semialg_sets n"
+ assumes "B \<in> semialg_sets n"
+ shows "(A \<inter> B) \<in> semialg_sets n "
+ using assms(1) assms(2) gen_boolean_algebra_intersect semialg_sets_def
+ by blast
+
+lemma semialg_union:
+ assumes "A \<in> semialg_sets n"
+ assumes "B \<in> semialg_sets n"
+ shows "(A \<union> B) \<in> semialg_sets n "
+ using assms gen_boolean_algebra.union semialg_sets_def
+ by blast
+
+lemma semialg_complement:
+ assumes "A \<in> semialg_sets n"
+ shows "(carrier (Q\<^sub>p\<^bsup>n\<^esup>) - A) \<in> semialg_sets n "
+ using assms gen_boolean_algebra.complement semialg_sets_def
+ by blast
+
+lemma semialg_zero:
+ assumes "A \<in> semialg_sets 0"
+ shows "A = {[]} \<or> A = {}"
+ using assms
+ unfolding semialg_sets_def cartesian_power_def
+proof-
+ assume A0: " A \<in> gen_boolean_algebra (carrier (RDirProd_list (R_list 0 Q\<^sub>p))) (basic_semialgs 0)"
+ show " A = {[]} \<or> A = {}"
+ proof-
+ have "A \<noteq> {[]} \<longrightarrow> A = {}"
+ proof
+ assume A1: "A \<noteq> {[]}"
+ show "A = {}"
+ proof-
+ have "(R_list 0 Q\<^sub>p) = []"
+ by simp
+ then have "(carrier (RDirProd_list (R_list 0 Q\<^sub>p))) = {[]}"
+ using RDirProd_list_nil
+ by simp
+ then show ?thesis
+ using A0 A1
+ by (metis gen_boolean_algebra_subset subset_singletonD)
+ qed
+ qed
+ then show ?thesis
+ by linarith
+ qed
+qed
+
+lemma basic_semialg_is_semialg:
+ assumes "is_basic_semialg n A"
+ shows "A \<in> semialg_sets n"
+ by (metis (no_types, lifting) assms gen_boolean_algebra.simps inf_absorb1
+ is_basic_semialg_def mem_Collect_eq basic_semialg_set_def
+ semialg_sets_def subsetI)
+
+lemma basic_semialg_is_semialg':
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "m \<noteq>0"
+ assumes "A = basic_semialg_set n m f"
+ shows "A \<in> semialg_sets n"
+ using assms basic_semialg_is_semialg is_basic_semialg_def
+ by blast
+
+definition is_semialgebraic where
+"is_semialgebraic n S = (S \<in> semialg_sets n)"
+
+lemma is_semialgebraicE:
+ assumes "is_semialgebraic n S"
+ shows "S \<in> semialg_sets n"
+ using assms is_semialgebraic_def by blast
+
+lemma is_semialgebraic_closed:
+ assumes "is_semialgebraic n S"
+ shows "S \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using is_semialgebraicE[of n S] unfolding semialg_sets_def
+ using assms gen_boolean_algebra_subset is_semialgebraicE semialg_sets_def
+ by blast
+
+lemma is_semialgebraicI:
+ assumes "S \<in> semialg_sets n"
+ shows "is_semialgebraic n S"
+ by (simp add: assms is_semialgebraic_def)
+
+lemma basic_semialg_is_semialgebraic:
+ assumes "is_basic_semialg n A"
+ shows "is_semialgebraic n A"
+ using assms basic_semialg_is_semialg is_semialgebraicI by blast
+
+lemma basic_semialg_is_semialgebraic':
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "m \<noteq>0"
+ assumes "A = basic_semialg_set n m f"
+ shows "is_semialgebraic n A"
+ using assms(1) assms(2) assms(3) basic_semialg_is_semialg' is_semialgebraicI by blast
+
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>Algebraic Sets over $p$-adic Fields\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+lemma p_times_square_not_square:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "\<pp> \<otimes> (a [^] (2::nat)) \<notin> P_set (2::nat)"
+proof
+ assume A: "\<pp> \<otimes> (a[^](2::nat)) \<in> P_set (2::nat)"
+ then have "\<pp> \<otimes> (a[^](2::nat)) \<in> nonzero Q\<^sub>p"
+ unfolding P_set_def
+ by blast
+ then obtain b where b_def: "b \<in> carrier Q\<^sub>p \<and> b[^](2::nat) = \<pp> \<otimes> (a[^](2::nat))"
+ using A P_set_def by blast
+ have "b \<in> nonzero Q\<^sub>p"
+ apply(rule ccontr) using b_def assms
+ by (metis A P_set_nonzero'(1) Qp.nat_pow_zero not_nonzero_Qp zero_neq_numeral)
+ then have LHS: "ord (b[^](2::nat)) = 2* (ord b)"
+ using nonzero_nat_pow_ord
+ by presburger
+ have "ord( \<pp> \<otimes> (a[^](2::nat))) = 1 + 2* ord a"
+ using assms nonzero_nat_pow_ord Qp_nat_pow_nonzero ord_mult ord_p p_nonzero
+ by presburger
+ then show False
+ using b_def LHS
+ by presburger
+qed
+
+lemma p_times_square_not_square':
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "\<pp> \<otimes> (a [^] (2::nat)) = \<zero> \<Longrightarrow> a = \<zero>"
+ by (metis Qp.integral Qp.nat_pow_closed Qp.nonzero_closed Qp.nonzero_memE(2) Qp.nonzero_pow_nonzero assms p_nonzero)
+
+lemma zero_set_semialg_set:
+ assumes "q \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "Qp_ev q a = \<zero> \<longleftrightarrow>( \<exists>y \<in> carrier Q\<^sub>p. \<pp> \<otimes> ((Qp_ev q a) [^] (2::nat)) = y[^](2::nat)) "
+proof
+ show "Qp_ev q a = \<zero> \<Longrightarrow> \<exists>y\<in>carrier Q\<^sub>p. \<pp> \<otimes> (Qp_ev q a[^] (2::nat)) = (y[^] (2::nat))"
+ proof-
+ assume "Qp_ev q a = \<zero>"
+ then have "\<pp> \<otimes> (Qp_ev q a[^](2::nat)) = (\<zero>[^](2::nat))"
+ by (metis Qp.int_inc_closed Qp.nat_pow_zero Qp.r_null zero_neq_numeral)
+ then have "\<zero> \<in> carrier Q\<^sub>p \<and> \<pp> \<otimes> (Qp_ev q a[^](2::nat)) = (\<zero>[^](2::nat))"
+ using Qp.cring_axioms cring.cring_simprules(2)
+ by blast
+ then show "\<exists>y\<in>carrier Q\<^sub>p. \<pp> \<otimes> (Qp_ev q a[^] (2::nat)) = (y[^] (2::nat))"
+ by blast
+ qed
+ show " \<exists>y\<in>carrier Q\<^sub>p. \<pp> \<otimes> (Qp_ev q a[^](2::nat)) = (y[^](2::nat)) \<Longrightarrow> Qp_ev q a = \<zero>"
+ proof-
+ assume A: " \<exists>y\<in>carrier Q\<^sub>p. \<pp> \<otimes> (Qp_ev q a[^](2::nat)) = (y[^](2::nat))"
+ then obtain b where b_def: "b\<in>carrier Q\<^sub>p \<and> \<pp> \<otimes> (Qp_ev q a[^](2::nat)) = (b[^](2::nat))"
+ by blast
+ show "Qp_ev q a = \<zero>"
+ proof(rule ccontr)
+ assume " Qp_ev q a \<noteq> \<zero>"
+ then have " Qp_ev q a \<in> nonzero Q\<^sub>p" using assms eval_at_point_closed[of a n q] nonzero_def
+ proof -
+ have "Qp_ev q a \<in> carrier Q\<^sub>p"
+ using \<open>\<lbrakk>a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>); q \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])\<rbrakk> \<Longrightarrow>
+ Qp_ev q a \<in> carrier Q\<^sub>p\<close> \<open>a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)\<close> \<open>q \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])\<close>
+ by fastforce
+ then have "Qp_ev q a \<in> {r \<in> carrier Q\<^sub>p. r \<noteq> \<zero>}"
+ using \<open>Qp_ev q a \<noteq> \<zero>\<close> by force
+ then show ?thesis
+ by (metis nonzero_def )
+ qed
+ then have "\<pp> \<otimes> (Qp_ev q a[^](2::nat)) \<in> nonzero Q\<^sub>p"
+ by (metis Qp.nonzero_closed Qp.nonzero_mult_closed Qp_nat_pow_nonzero not_nonzero_Qp p_nonzero p_times_square_not_square')
+ then have "\<pp> \<otimes> (Qp_ev q a[^](2::nat)) \<in> P_set (2::nat)"
+ using b_def
+ unfolding P_set_def
+ by blast
+ then show False
+ using \<open>Qp_ev q a \<in> nonzero Q\<^sub>p\<close> p_times_square_not_square
+ by blast
+ qed
+ qed
+qed
+
+lemma alg_as_semialg:
+ assumes "P \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "q = \<pp> \<odot>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> (P[^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> (2::nat))"
+ shows "zero_set Q\<^sub>p n P = basic_semialg_set n (2::nat) q"
+proof
+ have 00: "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<Longrightarrow> Qp_ev q x = \<pp> \<otimes> (Qp_ev P x) [^] (2::nat)"
+ using assms eval_at_point_smult MP.nat_pow_closed Qp.int_inc_closed eval_at_point_nat_pow
+ by presburger
+ show "V\<^bsub>Q\<^sub>p\<^esub> n P \<subseteq> basic_semialg_set n 2 q"
+ proof
+ fix x
+ assume A: "x \<in> V\<^bsub>Q\<^sub>p\<^esub> n P "
+ show "x \<in> basic_semialg_set n (2::nat) q "
+ proof-
+ have P: "Qp_ev P x = \<zero>"
+ using A zero_setE(2)
+ by blast
+ have "Qp_ev q x = \<zero>"
+ proof-
+ have "Qp_ev q x = \<pp> \<otimes> (Qp_ev (P[^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> (2::nat)) x)"
+ using assms eval_at_point_smult[of x n "(P[^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> (2::nat))" \<pp>] basic_semialg_set_def
+ by (meson A MP.nat_pow_closed Qp.int_inc_closed zero_setE(1))
+ then show ?thesis
+ by (metis A P Qp.int_inc_closed Qp.integral_iff Qp.nat_pow_zero Qp.zero_closed assms(1)
+ eval_at_point_nat_pow neq0_conv zero_less_numeral zero_setE(1))
+ qed
+ then have 0: "Qp_ev q x = \<zero> \<or> Qp_ev q x \<in> P_set (2::nat)"
+ by blast
+ have 1: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using A zero_setE(1)
+ by blast
+ then show ?thesis using 0 basic_semialg_set_def'
+ by (metis (no_types, opaque_lifting) Qp.nat_pow_zero Qp.zero_closed
+ \<open>eval_at_point Q\<^sub>p x q = \<zero>\<close> basic_semialg_set_memI zero_neq_numeral)
+ qed
+ qed
+ show "basic_semialg_set n 2 q \<subseteq> V\<^bsub>Q\<^sub>p\<^esub> n P"
+ proof
+ fix x
+ assume A: "x \<in> basic_semialg_set n 2 q"
+ have 0: "\<not> Qp_ev q x \<in> P_set 2"
+ proof
+ assume "Qp_ev q x \<in> P_set 2"
+ then have 0: "Qp_ev q x \<in> nonzero Q\<^sub>p \<and> (\<exists>y \<in> carrier Q\<^sub>p . (y[^] (2::nat)) = Qp_ev q x)"
+ using P_set_def by blast
+ have "( \<exists>y \<in> carrier Q\<^sub>p. \<pp> \<otimes> ((Qp_ev P x) [^] (2::nat)) = y[^](2::nat))"
+ proof-
+ obtain y where y_def: "y \<in> carrier Q\<^sub>p \<and> (y[^] (2::nat)) = Qp_ev q x"
+ using 0 by blast
+ have "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using A basic_semialg_set_memE(1) by blast
+ then have "Qp_ev q x = \<pp> \<otimes> ((Qp_ev P x) [^] (2::nat))"
+ using assms eval_at_point_scalar_mult 00 by blast
+ then have "(y[^] (2::nat)) = \<pp> \<otimes> ((Qp_ev P x) [^] (2::nat))"
+ using y_def by blast
+ then show ?thesis using y_def by blast
+ qed
+ then have "Qp_ev P x = \<zero>"
+ by (metis (no_types, lifting) A assms(1) basic_semialg_set_def mem_Collect_eq zero_set_semialg_set)
+ then have "Qp_ev q x = \<zero>"
+ using assms eval_at_point_smult
+ by (metis "00" A Qp.int_inc_closed Qp.nat_pow_zero Qp.r_null basic_semialg_set_memE(1) zero_neq_numeral)
+ then show False
+ using 0 Qp.not_nonzero_memI by blast
+ qed
+ show " x \<in> V\<^bsub>Q\<^sub>p\<^esub> n P"
+ apply(rule zero_setI)
+ using A basic_semialg_set_memE(1) apply blast
+ using A 0 00[of x]
+ by (metis assms(1) basic_semialg_set_memE(1) basic_semialg_set_memE(2) zero_set_semialg_set)
+ qed
+qed
+
+lemma is_zero_set_imp_basic_semialg:
+ assumes "P \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "S = zero_set Q\<^sub>p n P"
+ shows "is_basic_semialg n S"
+ unfolding is_basic_semialg_def
+proof-
+ obtain q where q_def: "q = \<pp> \<odot>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> (P[^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> (2::nat))"
+ by blast
+ have 0: "zero_set Q\<^sub>p n P = basic_semialg_set n (2::nat) q"
+ using alg_as_semialg[of P n q] q_def assms(1) by linarith
+ have "(P [^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> (2::nat)) \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ using assms(1)
+ by blast
+ then have "\<pp> \<odot>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub>(P [^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> (2::nat)) \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ using assms q_def Qp.int_inc_closed local.smult_closed by blast
+ then have 1: "q \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ by (metis q_def )
+ then show "\<exists>m. m \<noteq> 0 \<and> (\<exists>P\<in>carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]). S = basic_semialg_set n m P)"
+ using 0 assms
+ by (metis zero_neq_numeral)
+qed
+
+lemma is_zero_set_imp_semialg:
+ assumes "P \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "S = zero_set Q\<^sub>p n P"
+ shows "is_semialgebraic n S"
+ using assms(1) assms(2) basic_semialg_is_semialg is_semialgebraicI is_zero_set_imp_basic_semialg
+ by blast
+
+text\<open>Algebraic sets are semialgebraic\<close>
+
+lemma is_algebraic_imp_is_semialg:
+ assumes "is_algebraic Q\<^sub>p n S"
+ shows "is_semialgebraic n S"
+ proof(rule is_semialgebraicI)
+ obtain ps where ps_def: "finite ps \<and> ps \<subseteq> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) \<and> S = affine_alg_set Q\<^sub>p n ps"
+ using is_algebraicE
+ by (metis assms)
+ have "ps \<subseteq> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) \<longrightarrow> affine_alg_set Q\<^sub>p n ps \<in> semialg_sets n"
+ apply(rule finite.induct[of ps])
+ apply (simp add: ps_def)
+ using affine_alg_set_empty[of n]
+ apply (simp add: carrier_is_semialg)
+ proof
+ fix A a
+ assume IH: "A \<subseteq> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) \<longrightarrow> affine_alg_set Q\<^sub>p n A \<in> semialg_sets n"
+ assume P: "insert a A \<subseteq> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ have "A \<subseteq> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ using P by blast
+ then
+ show "affine_alg_set Q\<^sub>p n (insert a A) \<in> semialg_sets n"
+ using IH P semialg_intersect[of "affine_alg_set Q\<^sub>p n A" n "affine_alg_set Q\<^sub>p n {a}" ]
+ is_zero_set_imp_semialg affine_alg_set_insert[of n a A]
+ by (metis Int_commute affine_alg_set_singleton insert_subset is_semialgebraicE)
+ qed
+ then show "S \<in> semialg_sets n"
+ using ps_def by blast
+ qed
+
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>Basic Lemmas about the Semialgebraic Predicate\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+
+text\<open>Finite and cofinite sets are semialgebraic\<close>
+
+lemma finite_is_semialg:
+ assumes "F \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "finite F"
+ shows "is_semialgebraic n F"
+ using Qp.finite_sets_are_algebraic is_algebraic_imp_is_semialg[of n F]
+ assms(1) assms(2)
+ by blast
+
+definition is_cofinite where
+"is_cofinite n F = finite (ring_pow_comp Q\<^sub>p n F)"
+
+lemma is_cofiniteE:
+ assumes "F \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "is_cofinite n F"
+ shows "finite (carrier (Q\<^sub>p\<^bsup>n\<^esup>) - F)"
+ using assms(2) is_cofinite_def
+ by (simp add: ring_pow_comp_def)
+
+lemma complement_is_semialg:
+ assumes "is_semialgebraic n F"
+ shows "is_semialgebraic n ((carrier (Q\<^sub>p\<^bsup>n\<^esup>)) - F)"
+ using assms is_semialgebraic_def semialg_complement by blast
+
+lemma cofinite_is_semialgebraic:
+ assumes "F \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "is_cofinite n F"
+ shows "is_semialgebraic n F"
+ using assms ring_pow_comp_inv[of F Q\<^sub>p n] complement_is_semialg[of n "(carrier (Q\<^sub>p\<^bsup>n\<^esup>) - F)"]
+ finite_is_semialg[of "(carrier (Q\<^sub>p\<^bsup>n\<^esup>) - F)"] is_cofiniteE[of F]
+ by (simp add: ring_pow_comp_def)
+
+lemma diff_is_semialgebraic:
+ assumes "is_semialgebraic n A"
+ assumes "is_semialgebraic n B"
+ shows "is_semialgebraic n (A - B)"
+ apply(rule is_semialgebraicI)
+ using assms unfolding semialg_sets_def
+ using gen_boolean_algebra_diff is_semialgebraicE semialg_sets_def
+ by blast
+
+lemma intersection_is_semialg:
+ assumes "is_semialgebraic n A"
+ assumes "is_semialgebraic n B"
+ shows "is_semialgebraic n (A \<inter> B)"
+ using assms(1) assms(2) is_semialgebraicE is_semialgebraicI semialg_intersect
+ by blast
+
+lemma union_is_semialgebraic:
+ assumes "is_semialgebraic n A"
+ assumes "is_semialgebraic n B"
+ shows "is_semialgebraic n (A \<union> B)"
+ using assms(1) assms(2) is_semialgebraicE is_semialgebraicI semialg_union by blast
+
+lemma carrier_is_semialgebraic:
+"is_semialgebraic n (carrier (Q\<^sub>p\<^bsup>n\<^esup>))"
+using carrier_is_semialg
+ by (simp add: carrier_is_semialg is_semialgebraic_def)
+
+lemma empty_is_semialgebraic:
+"is_semialgebraic n {}"
+ by (simp add: empty_set_is_semialg is_semialgebraic_def)
+
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>One-Dimensional Semialgebraic Sets\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+definition one_var_semialg where
+"one_var_semialg S = ((to_R1 ` S) \<in> (semialg_sets 1))"
+
+definition univ_basic_semialg_set where
+"univ_basic_semialg_set (m::nat) P = {a \<in> carrier Q\<^sub>p. (\<exists>y \<in> carrier Q\<^sub>p. (P \<bullet> a = (y[^]m)))}"
+
+text\<open>Equivalence of univ\_basic\_semialg\_sets and semialgebraic subsets of $\mathbb{Q}^1$ \<close>
+
+lemma univ_basic_semialg_set_to_semialg_set:
+ assumes "P \<in> carrier Q\<^sub>p_x"
+ assumes "m \<noteq> 0"
+ shows "to_R1 ` (univ_basic_semialg_set m P) = basic_semialg_set 1 m (from_Qp_x P)"
+proof
+ show "(\<lambda>a. [a]) ` univ_basic_semialg_set m P \<subseteq> basic_semialg_set 1 m (from_Qp_x P)"
+ proof fix x
+ assume A: "x \<in> (\<lambda>a. [a]) ` univ_basic_semialg_set m P"
+ then obtain b y where by_def:"b \<in> carrier Q\<^sub>p \<and> y \<in> carrier Q\<^sub>p \<and> (P \<bullet> b) = (y[^]m) \<and> x = [b]"
+ unfolding univ_basic_semialg_set_def
+ by blast
+ then have "x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ using A Qp.to_R1_closed[of b]
+ unfolding univ_basic_semialg_set_def
+ by blast
+ then show "x \<in> basic_semialg_set 1 m (from_Qp_x P)"
+ using by_def Qp_x_Qp_poly_eval assms
+ unfolding basic_semialg_set_def
+ by blast
+ qed
+ show "basic_semialg_set 1 m (from_Qp_x P) \<subseteq> (\<lambda>a. [a]) ` univ_basic_semialg_set m P"
+ proof
+ fix x
+ assume A: "x \<in> basic_semialg_set 1 m (from_Qp_x P)"
+ then obtain b where b_def: "b \<in> carrier Q\<^sub>p \<and> x = [b]"
+ unfolding basic_semialg_set_def
+ by (metis (mono_tags, lifting) mem_Collect_eq Qp.to_R1_to_R Qp.to_R_pow_closed)
+ obtain y where y_def: "y \<in> carrier Q\<^sub>p \<and> (Qp_ev (from_Qp_x P) [b] = (y[^]m))"
+ using A b_def
+ unfolding basic_semialg_set_def
+ by blast
+ have " P \<bullet> b = (y[^]m)"
+ using assms y_def b_def Qp_x_Qp_poly_eval by blast
+ then show " x \<in> (\<lambda>a. [a]) ` univ_basic_semialg_set m P"
+ using y_def b_def
+ unfolding basic_semialg_set_def univ_basic_semialg_set_def
+ by blast
+ qed
+qed
+
+definition is_univ_semialgebraic where
+"is_univ_semialgebraic S = (S \<subseteq> carrier Q\<^sub>p \<and> is_semialgebraic 1 (to_R1 ` S))"
+
+lemma is_univ_semialgebraicE:
+ assumes "is_univ_semialgebraic S"
+ shows "is_semialgebraic 1 (to_R1 ` S)"
+ using assms is_univ_semialgebraic_def by blast
+
+lemma is_univ_semialgebraicI:
+ assumes "is_semialgebraic 1 (to_R1 ` S)"
+ shows "is_univ_semialgebraic S"
+proof-
+ have "S \<subseteq> carrier Q\<^sub>p"
+ proof fix x assume "x \<in> S"
+ then have "(to_R1 x) \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ using assms
+ by (smt Collect_mono_iff gen_boolean_algebra_subset image_def is_semialgebraicE mem_Collect_eq semialg_sets_def Qp.to_R1_carrier)
+ then show "x \<in> carrier Q\<^sub>p"
+ using assms
+ by (metis nth_Cons_0 Qp.to_R_pow_closed)
+ qed
+ then show ?thesis
+ using assms
+ unfolding is_univ_semialgebraic_def
+ by blast
+qed
+
+lemma univ_basic_semialg_set_is_univ_semialgebraic:
+ assumes "P \<in> carrier Q\<^sub>p_x"
+ assumes "m \<noteq> 0"
+ shows "is_univ_semialgebraic (univ_basic_semialg_set m P)"
+ using assms
+ by (metis (mono_tags, lifting) basic_semialg_is_semialgebraic'
+ from_Qp_x_closed is_univ_semialgebraic_def mem_Collect_eq subsetI
+ univ_basic_semialg_set_def univ_basic_semialg_set_to_semialg_set)
+
+lemma intersection_is_univ_semialgebraic:
+ assumes "is_univ_semialgebraic A"
+ assumes "is_univ_semialgebraic B"
+ shows "is_univ_semialgebraic (A \<inter> B)"
+ using assms intersection_is_semialg[of 1 "((\<lambda>a. [a]) ` A)" "((\<lambda>a. [a]) ` B)"]
+ unfolding is_univ_semialgebraic_def
+ by (metis le_infI1 Qp.to_R1_intersection)
+
+lemma union_is_univ_semialgebraic:
+ assumes "is_univ_semialgebraic A"
+ assumes "is_univ_semialgebraic B"
+ shows "is_univ_semialgebraic (A \<union> B)"
+ using assms union_is_semialgebraic[of 1 "((\<lambda>a. [a]) ` A)" "((\<lambda>a. [a]) ` B)"]
+ unfolding is_univ_semialgebraic_def
+ by (metis Un_subset_iff image_Un)
+
+lemma diff_is_univ_semialgebraic:
+ assumes "is_univ_semialgebraic A"
+ assumes "is_univ_semialgebraic B"
+ shows "is_univ_semialgebraic (A - B)"
+ using assms diff_is_semialgebraic[of 1 "((\<lambda>a. [a]) ` A)" "((\<lambda>a. [a]) ` B)"]
+ unfolding is_univ_semialgebraic_def
+ by (smt Diff_subset subset_trans Qp.to_R1_diff)
+
+lemma finite_is_univ_semialgebraic:
+ assumes "A \<subseteq> carrier Q\<^sub>p"
+ assumes "finite A"
+ shows "is_univ_semialgebraic A"
+ using assms finite_is_semialg[of "((\<lambda>a. [a]) ` A)" ] to_R1_finite[of A]
+ unfolding is_univ_semialgebraic_def
+ by (metis Qp.to_R1_carrier Qp.to_R1_subset)
+
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>Defining the $p$-adic Valuation Semialgebraically\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+
+lemma Qp_square_root_criterion0:
+ assumes "p \<noteq> 2"
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "val a \<le> val b"
+ assumes "a \<noteq> \<zero>"
+ assumes "b \<noteq> \<zero>"
+ assumes "val a \<ge> 0"
+ shows "\<exists>y \<in> carrier Q\<^sub>p. a[^](2::nat) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<pp>\<otimes>b[^](2::nat) = (y [^] (2::nat))"
+proof-
+ have 0: "(to_Zp a) \<in> carrier Z\<^sub>p"
+ using assms(2) to_Zp_closed
+ by blast
+ have 1: "(to_Zp b) \<in> carrier Z\<^sub>p"
+ using assms(3) to_Zp_closed
+ by blast
+ have 2: "a \<in> \<O>\<^sub>p"
+ using val_ring_val_criterion assms(2) assms(5) assms(7) by blast
+ have 3: "b \<in> \<O>\<^sub>p"
+ using assms val_ring_val_criterion[of b] dual_order.trans by blast
+ have 4: "val_Zp (to_Zp b) = val b"
+ using 3 Zp_def \<iota>_def padic_fields.to_Zp_val padic_fields_axioms by blast
+ have 5: "val_Zp (to_Zp a) = val a"
+ using Q\<^sub>p_def Zp_def assms(2) assms(7) padic_fields.Qp_val_ringI padic_fields.to_Zp_val padic_fields_axioms
+ by blast
+ have "\<exists>y \<in> carrier Z\<^sub>p. (to_Zp a)[^]\<^bsub>Z\<^sub>p\<^esub>(2::nat) \<oplus>\<^bsub>Z\<^sub>p\<^esub> \<p> \<otimes>\<^bsub>Z\<^sub>p\<^esub>(to_Zp b)[^]\<^bsub>Z\<^sub>p\<^esub>(2::nat) = (y [^]\<^bsub>Z\<^sub>p\<^esub> (2::nat))"
+ using 0 1 2 4 5 assms Zp_square_root_criterion[of "(to_Zp a)" "(to_Zp b)"]
+ by (metis "3" to_Zp_inc to_Zp_zero zero_in_val_ring)
+ then obtain y where y_def: "y \<in> carrier Z\<^sub>p \<and> (to_Zp a)[^]\<^bsub>Z\<^sub>p\<^esub>(2::nat) \<oplus>\<^bsub>Z\<^sub>p\<^esub> \<p> \<otimes>\<^bsub>Z\<^sub>p\<^esub>(to_Zp b)[^]\<^bsub>Z\<^sub>p\<^esub>(2::nat) = (y [^]\<^bsub>Z\<^sub>p\<^esub> (2::nat))"
+ by blast
+ have 6: "a[^](2::nat) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<pp> \<otimes>b[^](2::nat) = ((\<iota> y) [^] (2::nat))"
+ proof-
+ have 0: "\<iota> (y [^]\<^bsub>Z\<^sub>p\<^esub> (2::nat)) = ((\<iota> y) [^] (2::nat))"
+ using Qp_nonzero_nat_pow nat_pow_closed inc_pow nat_inc_zero inc_is_hom \<iota>_def y_def ring_hom_nat_pow[of Z\<^sub>p Q\<^sub>p \<iota> y 2]
+ Q\<^sub>p_def Qp.ring_axioms Zp.ring_axioms
+ by blast
+ have 1: "\<iota> (y [^]\<^bsub>Z\<^sub>p\<^esub> (2::nat)) = \<iota> ((to_Zp a)[^]\<^bsub>Z\<^sub>p\<^esub>(2::nat) \<oplus>\<^bsub>Z\<^sub>p\<^esub> \<p> \<otimes>\<^bsub>Z\<^sub>p\<^esub>(to_Zp b)[^]\<^bsub>Z\<^sub>p\<^esub>(2::nat))"
+ using y_def by presburger
+ have 2: "\<iota> (y [^]\<^bsub>Z\<^sub>p\<^esub> (2::nat)) = \<iota> ((to_Zp a)[^]\<^bsub>Z\<^sub>p\<^esub>(2::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<iota> ( \<p> \<otimes>\<^bsub>Z\<^sub>p\<^esub>(to_Zp b)[^]\<^bsub>Z\<^sub>p\<^esub>(2::nat))"
+ using "1" Zp.m_closed Zp_int_inc_closed assms(2) assms(3) inc_of_sum pow_closed to_Zp_closed by presburger
+ hence 3: "\<iota> (y [^]\<^bsub>Z\<^sub>p\<^esub> (2::nat)) = (\<iota> (to_Zp a))[^](2::nat) \<oplus> (\<iota> \<p>) \<otimes> \<iota> ((to_Zp b)[^]\<^bsub>Z\<^sub>p\<^esub>(2::nat))"
+ using Qp_nonzero_nat_pow nat_pow_closed inc_pow nat_inc_zero inc_is_hom \<iota>_def y_def ring_hom_nat_pow[of Z\<^sub>p Q\<^sub>p \<iota> _ 2]
+ Q\<^sub>p_def Qp.ring_axioms Zp.ring_axioms Zp_int_inc_closed assms(2) assms(3) inc_of_prod pow_closed to_Zp_closed
+ by metis
+ then show ?thesis
+ using "0" "4" val_ring_ord_criterion assms(2) assms(3) assms(4) assms(5)
+ assms(6) assms(7) inc_pow not_nonzero_Zp ord_of_nonzero(1) p_inc to_Zp_closed to_Zp_inc
+ by (metis to_Zp_zero val_pos val_ringI zero_in_val_ring)
+ qed
+ have "(\<iota> y) \<in> carrier Q\<^sub>p"
+ using frac_closed local.inc_def y_def inc_closed by blast
+ then show ?thesis
+ using 6
+ by blast
+qed
+
+lemma eint_minus_ineq':
+ assumes "(a::eint) \<ge> b"
+ shows "a -b \<ge> 0"
+ by (metis assms eint_minus_ineq eint_ord_simps(3) idiff_infinity idiff_self order_trans top.extremum_unique top_eint_def)
+
+lemma Qp_square_root_criterion:
+ assumes "p \<noteq> 2"
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "ord b \<ge> ord a"
+ assumes "a \<noteq> \<zero>"
+ assumes "b \<noteq> \<zero>"
+ shows "\<exists>y \<in> carrier Q\<^sub>p. a[^](2::nat) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<pp>\<otimes>b[^](2::nat) = (y [^] (2::nat))"
+proof-
+ have "\<exists>k::int. k \<le> min (ord a) (ord b) \<and> k mod 2 = 0"
+ proof-
+ let ?k = "if (min (ord a) (ord b)) mod 2 = 0 then min (ord a) (ord b) else (min (ord a) (ord b)) - 1"
+ have "?k \<le> min (ord a) (ord b) \<and> ?k mod 2 = 0"
+ apply(cases "(min (ord a) (ord b)) mod 2 = 0 ")
+ apply presburger
+ by presburger
+ then show ?thesis
+ by meson
+ qed
+ then obtain k where k_def: "k \<le> min (ord a) (ord b) \<and> k mod 2 = 0"
+ by meson
+ obtain a0 where a0_def: "a0 = (\<pp>[^](-k)) \<otimes> a"
+ by blast
+ obtain b0 where b0_def: "b0 = (\<pp>[^](-k)) \<otimes> b"
+ by blast
+ have 0: "a0 \<in> nonzero Q\<^sub>p"
+ using Qp.cring_axioms Qp.field_axioms Ring.integral a0_def assms(2) assms(5) cring_simprules(5)
+ not_nonzero_Qp p_intpow_closed(1) p_nonzero
+ by (metis Qp_int_pow_nonzero cring.cring_simprules(5))
+ have 1: "val a0 = val a - k"
+ using a0_def assms(2) assms(5) val_mult p_nonzero p_intpow_closed(1)
+ by (metis Qp.m_comm Qp_int_pow_nonzero p_intpow_inv'' val_fract val_p_int_pow)
+ have 11: "val b0 = val b - k"
+ using assms(3) assms(6) b0_def val_mult p_nonzero p_intpow_closed(1)
+ by (metis Qp.m_lcomm Qp.one_closed Qp.r_one Qp_int_pow_nonzero p_intpow_inv'' val_fract val_p_int_pow)
+ have A: "val a \<ge> k"
+ using k_def val_ord assms by (smt eint_ord_simps(1) not_nonzero_Qp)
+ have B: "val b \<ge> k"
+ using k_def val_ord assms by (smt eint_ord_simps(1) not_nonzero_Qp)
+ then have 2: "val a0 \<ge> 0"
+ using A 1 assms k_def eint_minus_ineq eint_ord_code(5) local.eint_minus_ineq' by presburger
+ have 3: "val a0 \<le> val b0"
+ using 1 11 assms
+ by (metis eint.distinct(2) eint_minus_ineq eint_ord_simps(1) val_def)
+ have 4: "a0 \<noteq> \<zero>"
+ using a0_def "0" Qp.nonzero_memE(2) by blast
+ have 5: "b0 \<noteq> \<zero>"
+ using b0_def
+ by (metis "4" Qp.integral_iff a0_def assms(2) assms(3) assms(6) p_intpow_closed(1))
+ have "\<exists>y \<in> carrier Q\<^sub>p. a0[^](2::nat) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<pp>\<otimes>b0[^](2::nat) = (y [^] (2::nat))"
+ using Qp_square_root_criterion0[of a0 b0] assms 2 3 4 5 b0_def a0_def Qp.m_closed p_intpow_closed(1)
+ by metis
+ then obtain y where y_def: " y \<in> carrier Q\<^sub>p \<and> a0[^](2::nat) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<pp>\<otimes>b0[^](2::nat) = (y [^] (2::nat))"
+ by blast
+ then have 6: " (\<pp>[^] (2 * k)) \<otimes> (a0[^](2::nat) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<pp>\<otimes>b0[^](2::nat)) = (\<pp>[^] (2 * k)) \<otimes> (y [^] (2::nat))"
+ by presburger
+ then have 8: "((\<pp>[^] (2 * k)) \<otimes> (a0[^](2::nat))) \<oplus>\<^bsub>Q\<^sub>p\<^esub>((\<pp>[^] (2 * k)) \<otimes> (\<pp>\<otimes>b0[^](2::nat))) = (\<pp>[^] (2 * k)) \<otimes> (y [^] (2::nat))"
+ using 6 Qp.r_distr[of "(a0[^](2::nat))" " (\<pp>\<otimes>b0[^](2::nat))" "(\<pp>[^] (2 * k))"]
+ by (metis Qp.add.int_pow_closed Qp.m_closed Qp.nat_pow_closed Qp.one_closed a0_def assms(2) assms(3) b0_def p_inc p_intpow_closed(1) y_def)
+ have 9: "(\<pp>[^](int 2*k)) = (\<pp>[^]k)[^](2::nat)"
+ using Qp_int_nat_pow_pow[of \<pp> k 2]
+ by (metis mult_of_nat_commute p_nonzero)
+ then have "((\<pp>[^]k)[^](2::nat) \<otimes> (a0[^](2::nat))) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^]k)[^](2::nat) \<otimes> (\<pp>\<otimes>b0[^](2::nat)) = (\<pp>[^]k)[^](2::nat) \<otimes> (y [^] (2::nat))"
+ by (metis "8" int_eq_iff_numeral)
+ then have "((\<pp>[^]k) \<otimes> a0)[^](2::nat) \<oplus>\<^bsub>Q\<^sub>p\<^esub>((\<pp>[^]k)[^](2::nat)) \<otimes> (\<pp>\<otimes>b0[^](2::nat)) = ((\<pp>[^]k)[^](2::nat)) \<otimes> (y [^] (2::nat))"
+ by (metis Qp.cring_axioms a0_def assms(2) comm_monoid.nat_pow_distrib cring.cring_simprules(5) cring_def p_intpow_closed(1))
+ then have 10: "((\<pp>[^]k) \<otimes> a0)[^](2::nat) \<oplus>\<^bsub>Q\<^sub>p\<^esub>((\<pp>[^]k)[^](2::nat)) \<otimes> (\<pp>\<otimes>b0[^](2::nat)) = ((\<pp>[^]k) \<otimes> y) [^] (2::nat)"
+ using comm_monoid.nat_pow_distrib y_def
+ by (metis Qp.comm_monoid_axioms p_intpow_closed(1))
+ then have "((\<pp>[^]k) \<otimes> a0)[^](2::nat) \<oplus>\<^bsub>Q\<^sub>p\<^esub>((((\<pp>[^]k)[^](2::nat)) \<otimes> \<pp>)\<otimes>b0[^](2::nat)) = ((\<pp>[^]k) \<otimes> y) [^] (2::nat)"
+ using 10 monoid.m_assoc[of Q\<^sub>p "((\<pp>[^]k)[^](2::nat))" \<pp> " b0[^](2::nat)"]
+ by (metis Qp.int_inc_closed Qp.m_assoc Qp.m_closed Qp.nat_pow_closed assms(3) b0_def p_intpow_closed(1))
+ then have "((\<pp>[^]k) \<otimes> a0)[^](2::nat) \<oplus>\<^bsub>Q\<^sub>p\<^esub>((\<pp> \<otimes> ((\<pp>[^]k)[^](2::nat)) )\<otimes>b0[^](2::nat)) = ((\<pp>[^]k) \<otimes> y) [^] (2::nat)"
+ by (metis Qp.group_commutes_pow Qp.int_inc_closed Qp.m_comm p_intpow_closed(1))
+ then have "((\<pp>[^]k) \<otimes> a0)[^](2::nat) \<oplus>\<^bsub>Q\<^sub>p\<^esub>\<pp> \<otimes> (((\<pp>[^]k)[^](2::nat)) \<otimes>b0[^](2::nat)) = ((\<pp>[^]k) \<otimes> y) [^] (2::nat)"
+ by (metis "10" Qp.int_inc_closed Qp.m_closed Qp.m_lcomm Qp.nat_pow_closed assms(3) b0_def p_intpow_closed(1))
+ then have "((\<pp>[^]k) \<otimes> a0)[^](2::nat) \<oplus>\<^bsub>Q\<^sub>p\<^esub>\<pp> \<otimes> ((\<pp>[^]k) \<otimes>b0)[^](2::nat) = ((\<pp>[^]k) \<otimes> y) [^] (2::nat)"
+ by (metis Qp.m_closed Qp.nat_pow_distrib assms(3) b0_def p_intpow_closed(1))
+ then have "a[^](2::nat) \<oplus>\<^bsub>Q\<^sub>p\<^esub>\<pp> \<otimes> b[^](2::nat) = ((\<pp>[^]k) \<otimes> y) [^] (2::nat)"
+ by (metis Qp.l_one Qp.m_assoc a0_def assms(2) assms(3) b0_def p_intpow_closed(1) p_intpow_inv)
+ then show ?thesis
+ by (meson Qp.cring_axioms cring.cring_simprules(5) p_intpow_closed(1) y_def)
+qed
+
+lemma Qp_val_ring_alt_def0:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "ord a \<ge> 0"
+ shows "\<exists>y \<in> carrier Q\<^sub>p. \<one> \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (y[^](2::nat))"
+proof-
+ have "\<exists>y \<in> carrier Z\<^sub>p. \<one>\<^bsub>Z\<^sub>p\<^esub> \<oplus>\<^bsub>Z\<^sub>p\<^esub> (\<p> [^]\<^bsub>Z\<^sub>p\<^esub> (3::nat))\<otimes>\<^bsub>Z\<^sub>p\<^esub> ((to_Zp a) [^]\<^bsub>Z\<^sub>p\<^esub> (4::nat)) = (y [^]\<^bsub>Z\<^sub>p\<^esub> (2::nat))"
+ using padic_integers.Zp_semialg_eq[of p "to_Zp a"] prime assms to_Zp_def
+ by (metis (no_types, lifting) Qp.nonzero_closed Qp.not_nonzero_memI Zp_def val_ring_ord_criterion not_nonzero_Zp padic_integers_axioms to_Zp_closed to_Zp_inc to_Zp_zero zero_in_val_ring)
+ then obtain y where y_def: "y \<in> carrier Z\<^sub>p \<and> \<one>\<^bsub>Z\<^sub>p\<^esub> \<oplus>\<^bsub>Z\<^sub>p\<^esub> (\<p> [^]\<^bsub>Z\<^sub>p\<^esub> (3::nat))\<otimes>\<^bsub>Z\<^sub>p\<^esub> ((to_Zp a) [^]\<^bsub>Z\<^sub>p\<^esub> (4::nat)) = (y [^]\<^bsub>Z\<^sub>p\<^esub> (2::nat))"
+ by blast
+ then have "\<one> \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = ((\<iota> y)[^](2::nat))"
+ using Group.nat_pow_0 Group.nat_pow_Suc nonzero_def
+ val_ring_ord_criterion assms inc_of_nonzero inc_of_prod inc_of_sum inc_pow
+ m_closed nat_inc_closed nat_pow_closed not_nonzero_Zp
+ numeral_2_eq_2 p_natpow_inc to_Zp_closed to_Zp_inc
+ by (smt Qp.nonzero_closed Qp.nonzero_memE(2) Zp.monom_term_car p_pow_nonzero(1) pow_closed to_Zp_zero zero_in_val_ring)
+ then have "(\<iota> y) \<in> carrier Q\<^sub>p \<and> \<one> \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = ((\<iota> y)[^](2::nat))"
+ using y_def inc_closed by blast
+ then show ?thesis
+ by blast
+qed
+
+text\<open>Defining the valuation semialgebraically for odd primes\<close>
+
+lemma P_set_ord_semialg_odd_p:
+ assumes "p \<noteq> 2"
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ shows "val a \<le> val b \<longleftrightarrow> (\<exists>y \<in> carrier Q\<^sub>p. (a[^](2::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp> \<otimes> (b[^](2::nat))) = (y[^](2::nat)))"
+proof(cases "a = \<zero>")
+ case True
+ show "val a \<le> val b \<longleftrightarrow> (\<exists>y \<in> carrier Q\<^sub>p. (a[^](2::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp> \<otimes> (b[^](2::nat))) = (y[^](2::nat)))"
+ proof
+ show "val b \<ge> val a \<Longrightarrow> \<exists>y\<in>carrier Q\<^sub>p. (a[^](2::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<pp> \<otimes> (b[^](2::nat)) = (y[^](2::nat))"
+ proof-
+ assume A: "val b \<ge> val a"
+ then have "val b \<ge> \<infinity>"
+ by (metis True local.val_zero)
+ then have "b = \<zero>"
+ using assms(3) local.val_zero val_ineq by presburger
+ then have "(a[^](2::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<pp> \<otimes> (b[^](2::nat)) = (\<zero>[^](2::nat))"
+ using True
+ by (metis Qp.int_inc_zero Qp.int_nat_pow_rep Qp.nonzero_closed Qp.r_null Qp.r_zero assms(3) p_nonzero zero_power2)
+ then show ?thesis
+ using \<open>b = \<zero>\<close> assms(3) by blast
+ qed
+ show "\<exists>y\<in>carrier Q\<^sub>p. (a[^](2::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<pp> \<otimes> (b[^](2::nat)) = (y[^](2::nat)) \<Longrightarrow> val b \<ge> val a"
+ proof-
+ assume "\<exists>y\<in>carrier Q\<^sub>p. (a[^](2::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<pp> \<otimes> (b[^](2::nat)) = (y[^](2::nat))"
+ then obtain y where y_def: "y \<in> carrier Q\<^sub>p \<and>(a[^](2::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<pp> \<otimes> (b[^](2::nat)) = (y[^](2::nat))"
+ by blast
+ then have 0: "\<pp> \<otimes> (b[^](2::nat)) = (y[^](2::nat))"
+ by (metis (no_types, lifting) Qp.add.r_cancel_one' Qp.int_inc_closed Qp.nat_pow_closed
+ Qp.not_nonzero_memI Qp_nonzero_nat_pow True assms(2) assms(3) local.monom_term_car not_nonzero_Qp zero_less_numeral)
+ have "b = \<zero>"
+ apply(rule ccontr)
+ using 0 assms y_def p_times_square_not_square[of b]
+ unfolding P_set_def
+ by (metis (no_types, opaque_lifting) P_set_memI Qp.nat_pow_closed True
+ \<open>b \<in> nonzero Q\<^sub>p \<Longrightarrow> \<pp> \<otimes> b [^] 2 \<notin> P_set 2\<close> not_nonzero_Qp p_times_square_not_square')
+ then show ?thesis
+ using eint_ord_code(3) local.val_zero by presburger
+ qed
+ qed
+next
+ case False
+ then show ?thesis
+ proof(cases "b = \<zero>")
+ case True
+ then have "(a[^](2::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp> \<otimes> (b[^](2::nat))) = (a[^](2::nat))"
+ by (metis Qp.add.l_cancel_one' Qp.int_inc_zero Qp.int_nat_pow_rep Qp.nat_pow_closed Qp.nonzero_closed Qp.r_null assms(2) assms(3) p_nonzero zero_power2)
+ then have 0: "(\<exists>y \<in> carrier Q\<^sub>p. (a[^](2::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp> \<otimes> (b[^](2::nat))) = (y[^](2::nat)))"
+ using assms(2)
+ by blast
+ have 1: "val a \<le> val b"
+ using True assms local.val_zero eint_ord_code(3) by presburger
+ show "val a \<le> val b \<longleftrightarrow> (\<exists>y \<in> carrier Q\<^sub>p. (a[^](2::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp> \<otimes> (b[^](2::nat))) = (y[^](2::nat)))"
+ using 0 1
+ by blast
+ next
+ case F: False
+ show "val a \<le> val b \<longleftrightarrow> (\<exists>y \<in> carrier Q\<^sub>p. (a[^](2::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp> \<otimes> (b[^](2::nat))) = (y[^](2::nat)))"
+ proof
+ show "val b \<ge> val a \<Longrightarrow> \<exists>y\<in>carrier Q\<^sub>p. (a[^](2::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<pp> \<otimes> (b[^](2::nat)) = (y[^](2::nat))"
+ proof-
+ assume "val b \<ge> val a "
+ then have "ord b \<ge> ord a"
+ using F False
+ by (metis eint_ord_simps(1) val_def)
+ then show "\<exists>y\<in>carrier Q\<^sub>p. (a[^](2::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<pp> \<otimes> (b[^](2::nat)) = (y[^](2::nat))"
+ using assms Qp_square_root_criterion[of a b] False F
+ by blast
+ qed
+ show "\<exists>y\<in>carrier Q\<^sub>p.(a[^](2::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<pp> \<otimes> (b[^](2::nat)) = (y[^](2::nat)) \<Longrightarrow> val b \<ge> val a"
+ proof-
+ assume "\<exists>y\<in>carrier Q\<^sub>p. (a[^](2::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<pp> \<otimes> (b[^](2::nat)) = (y[^](2::nat))"
+ then obtain y where y_def: "y \<in> carrier Q\<^sub>p \<and>(a[^](2::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<pp> \<otimes> (b[^](2::nat)) = (y[^](2::nat))"
+ by blast
+ have 0: "ord (a[^](2::nat)) = 2* ord a"
+ by (metis (mono_tags, opaque_lifting) False Suc_1 assms(2) int_eq_iff_numeral nat_numeral
+ nonzero_nat_pow_ord not_nonzero_Qp)
+ have 1: "ord (\<pp> \<otimes> (b[^](2::nat))) = 1 + 2* ord b"
+ proof-
+ have 0: "ord (\<pp> \<otimes> (b[^](2::nat))) = ord \<pp> + ord (b[^](2::nat))"
+ using F Qp_nat_pow_nonzero assms(3) not_nonzero_Qp ord_mult p_nonzero
+ by metis
+ have 1: "ord (b[^](2::nat)) = 2* ord b"
+ using F assms
+ by (metis (mono_tags, opaque_lifting) Suc_1 int_eq_iff_numeral nat_numeral
+ nonzero_nat_pow_ord not_nonzero_Qp)
+ then show ?thesis
+ using "0" ord_p
+ by linarith
+ qed
+ show "val b \<ge> val a"
+ proof(rule ccontr)
+ assume "\<not> val b \<ge> val a"
+ then have "val b \<noteq> val a \<and> val a \<ge> val b"
+ by (metis linear)
+ then have "ord a > ord b"
+ using F False assms
+ by (metis \<open>\<not> val a \<le> val b\<close> eint_ord_simps(1) le_less not_less_iff_gr_or_eq val_def)
+ then have "ord (a[^](2::nat)) > ord (\<pp> \<otimes> (b[^](2::nat)))"
+ using 0 1
+ by linarith
+ then have "ord ((a[^](2::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<pp> \<otimes> (b[^](2::nat))) = ord (\<pp> \<otimes> (b[^](2::nat)))"
+ by (meson F False Qp.int_inc_closed Qp_nat_pow_nonzero assms(2) assms(3)
+ local.monom_term_car not_nonzero_Qp ord_ultrametric_noteq p_times_square_not_square')
+ then have A0: "ord (y[^](2::nat)) = 1 + 2* ord b"
+ by (metis "1" \<open>y \<in> carrier Q\<^sub>p \<and> (a[^]2) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<pp> \<otimes> (b[^]2) = (y[^]2)\<close>)
+ have A1: "(y[^](2::nat)) \<in> nonzero Q\<^sub>p"
+ using y_def 0 1
+ by (smt F False Qp.nonzero_closed Qp_nat_pow_nonzero assms(2) assms(3) diff_ord_nonzero
+ local.monom_term_car not_nonzero_Qp p_nonzero p_times_square_not_square')
+ have A2: "y \<in> nonzero Q\<^sub>p"
+ using A1 Qp_nonzero_nat_pow pos2 y_def by blast
+ have A3: "ord (y[^](2::nat)) = 2* ord y"
+ using A2 nonzero_nat_pow_ord
+ by presburger
+ then show False using A0
+ by presburger
+ qed
+ qed
+ qed
+ qed
+qed
+
+text\<open>Defining the valuation ring semialgebraically for all primes\<close>
+
+lemma Qp_val_ring_alt_def:
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "a \<in> \<O>\<^sub>p \<longleftrightarrow> (\<exists>y \<in> carrier Q\<^sub>p. \<one> \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (y[^](2::nat)))"
+proof(cases "a = \<zero>")
+ case True
+ then have "\<one> \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = \<one>"
+ by (metis Qp.add.l_cancel_one' Qp.integral_iff Qp.nat_pow_closed Qp.not_nonzero_memI
+ Qp.one_closed Qp_nonzero_nat_pow assms not_nonzero_Qp p_natpow_closed(1) zero_less_numeral)
+ then have "\<one> \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (\<one>[^](2::nat))"
+ using Qp.nat_pow_one by blast
+ then show ?thesis
+ using True zero_in_val_ring by blast
+next
+ case False
+ show "a \<in> \<O>\<^sub>p \<longleftrightarrow> (\<exists>y \<in> carrier Q\<^sub>p. \<one> \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (y[^](2::nat)))"
+ proof
+ show "a \<in> \<O>\<^sub>p \<Longrightarrow> (\<exists>y \<in> carrier Q\<^sub>p. \<one> \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (y[^](2::nat)))"
+ using assms Qp_val_ring_alt_def0[of a] False
+ by (meson not_nonzero_Qp ord_nonneg)
+ show "(\<exists>y \<in> carrier Q\<^sub>p. \<one> \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (y[^](2::nat))) \<Longrightarrow> a \<in> \<O>\<^sub>p"
+ proof-
+ assume "(\<exists>y \<in> carrier Q\<^sub>p. \<one> \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (y[^](2::nat)))"
+ then obtain y where y_def: "y \<in> carrier Q\<^sub>p \<and>\<one> \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (y[^](2::nat))"
+ by blast
+ then have "(\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (y[^](2::nat)) \<ominus>\<^bsub>Q\<^sub>p\<^esub> \<one>"
+ using Qp.ring_simprules
+ by (smt Qp.nat_pow_closed assms p_natpow_closed(1))
+ then have "ord ((\<pp>[^](3::nat))\<otimes> (a[^](4::nat))) = ord ((y[^](2::nat)) \<ominus>\<^bsub>Q\<^sub>p\<^esub> \<one>)"
+ by presburger
+ then have "3 + ord (a[^](4::nat)) = ord ((y[^](2::nat)) \<ominus>\<^bsub>Q\<^sub>p\<^esub> \<one>)"
+ by (metis False Qp_nat_pow_nonzero assms not_nonzero_Qp of_nat_numeral ord_mult ord_p_pow_nat p_nonzero)
+ then have 0: "3 + 4* ord a = ord ((y[^](2::nat)) \<ominus>\<^bsub>Q\<^sub>p\<^esub> \<one>)"
+ using assms False nonzero_nat_pow_ord[of a "(4::nat)"]
+ by (metis nonzero_nat_pow_ord not_nonzero_Qp of_nat_numeral)
+ have "ord a \<ge> 0"
+ proof(rule ccontr)
+ assume "\<not> 0 \<le> ord a"
+ then have 00: "ord ((y[^](2::nat)) \<ominus>\<^bsub>Q\<^sub>p\<^esub> \<one>) < 0"
+ using 0
+ by linarith
+ have yn: "y \<in> nonzero Q\<^sub>p"
+ apply(rule ccontr)
+ using y_def 0
+ by (metis "00" Qp.not_eq_diff_nonzero Qp.one_closed Qp.one_nonzero Qp.pow_zero
+ \<open>\<pp> [^] 3 \<otimes> a [^] 4 = y [^] 2 \<ominus> \<one>\<close> diff_ord_nonzero less_numeral_extra(3)
+ local.one_neq_zero not_nonzero_Qp ord_one zero_less_numeral)
+ then have "ord ((y[^](2::nat)) \<ominus>\<^bsub>Q\<^sub>p\<^esub> \<one>) = ord (y[^](2::nat))"
+ using y_def ord_ultrametric_noteq''[of "(y[^](2::nat))" "\<one>" ]
+ by (metis "00" False Qp.integral Qp.nat_pow_closed Qp.nonzero_closed Qp.nonzero_pow_nonzero
+ Qp.not_eq_diff_nonzero Qp.one_nonzero Qp.r_right_minus_eq \<open>\<pp> [^] 3 \<otimes> a [^] 4 = y [^] 2 \<ominus> \<one>\<close>
+ assms ord_one ord_ultrametric_noteq p_nonzero)
+ then have "ord ((y[^](2::nat)) \<ominus>\<^bsub>Q\<^sub>p\<^esub> \<one>) = 2* ord y"
+ using y_def Qp_nat_pow_nonzero Qp_nonzero_nat_pow nonzero_nat_pow_ord[of y "(2::nat)"] yn
+ by linarith
+ then have "3 + (4* ord a) = 2* ord y"
+ using "00" "0"
+ by linarith
+ then show False
+ by presburger
+ qed
+ then show "a \<in> \<O>\<^sub>p"
+ using False val_ring_ord_criterion assms by blast
+ qed
+ qed
+qed
+
+lemma Qp_val_alt_def:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ shows "val b \<le> val a \<longleftrightarrow> (\<exists>y \<in> carrier Q\<^sub>p. (b[^](4::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (y[^](2::nat)))"
+proof
+ show "val a \<ge> val b \<Longrightarrow> \<exists>y\<in>carrier Q\<^sub>p. (b[^](4::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (y[^](2::nat))"
+ proof-
+ assume A: "val a \<ge> val b"
+ show "\<exists>y\<in>carrier Q\<^sub>p. (b[^](4::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (y[^](2::nat))"
+ proof(cases "b = \<zero>")
+ case True
+ then have "a = \<zero>"
+ using A assms(1) val_ineq
+ by blast
+ then have "(b[^](4::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (\<zero>[^](2::nat))"
+ by (metis Qp.nat_pow_zero Qp.r_null Qp.r_zero True assms(2) p_natpow_closed(1) zero_neq_numeral)
+ then show ?thesis
+ using True A assms(2)
+ by blast
+ next
+ case False
+ assume B: "b \<noteq> \<zero>"
+ show "\<exists>y\<in>carrier Q\<^sub>p. (b[^](4::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat)) \<otimes> (a[^](4::nat)) = (y[^](2::nat))"
+ proof(cases "a = \<zero>")
+ case True
+ then have "(b[^](4::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (b[^](4::nat))"
+ using Qp.cring_axioms Qp.nat_pow_closed assms(2) cring_def p_natpow_closed(1) ring.pow_zero zero_less_numeral
+ by (metis Qp.add.l_cancel_one' Qp.integral_iff assms(1))
+ then have "(b[^](4::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = ((b[^](2::nat))[^] (2::nat))"
+ by (metis Qp_nat_pow_pow assms(2) mult_2_right numeral_Bit0)
+ then have "(b[^](2::nat)) \<in> carrier Q\<^sub>p \<and> (b[^](4::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = ((b[^](2::nat))[^] (2::nat))"
+ using Qp.nat_pow_closed assms(2)
+ by blast
+ then show ?thesis
+ by blast
+ next
+ case False
+ have F0: "b \<in> nonzero Q\<^sub>p"
+ using B assms(2) not_nonzero_Qp
+ by metis
+ have F1: "a \<in> nonzero Q\<^sub>p"
+ using False assms(1) not_nonzero_Qp
+ by metis
+ then have "(a \<div> b) \<in> nonzero Q\<^sub>p"
+ using B
+ by (meson Localization.submonoid.m_closed Qp.nonzero_is_submonoid assms(2) inv_in_frac(3))
+ then have "val a \<ge> val b"
+ using F0 F1 A by blast
+ then have "val (a \<div> b) \<ge> 0"
+ using F0 F1 val_fract assms(1) local.eint_minus_ineq' by presburger
+ obtain y where y_def: "y \<in> carrier Q\<^sub>p \<and> \<one> \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> ((a \<div> b)[^](4::nat)) = (y[^](2::nat))"
+ using Qp_val_ring_alt_def0
+ by (meson B False Qp.integral Qp.nonzero_closed \<open>(a \<div> b) \<in> nonzero Q\<^sub>p\<close> \<open>0 \<le> val (a \<div> b)\<close>
+ assms(1) assms(2) inv_in_frac(1) inv_in_frac(2) ord_nonneg val_ringI)
+ then have "(b[^](4::nat)) \<otimes> (\<one> \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> ((a \<div> b)[^](4::nat))) =
+ (b[^](4::nat)) \<otimes> (y[^](2::nat))"
+ by presburger
+ then have F2: "(b[^](4::nat)) \<otimes> (\<one> \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> ((a \<div> b)[^](4::nat))) =
+ ((b[^](2::nat)) [^] (2::nat)) \<otimes> (y[^](2::nat))"
+ by (metis Qp.nat_pow_pow assms(2) mult_2_right numeral_Bit0)
+ have F3: "((b[^](4::nat)) \<otimes> \<one>) \<oplus>\<^bsub>Q\<^sub>p\<^esub> ((b[^](4::nat)) \<otimes>((\<pp>[^](3::nat))\<otimes> ((a \<div> b)[^](4::nat)))) =
+ ((b[^](2::nat))[^] (2::nat)) \<otimes> (y[^](2::nat))"
+ proof-
+ have 0: "(\<pp>[^](3::nat)) \<otimes> (a \<div> b[^](4::nat)) \<in> carrier Q\<^sub>p "
+ proof-
+ have "(a \<div> b[^](4::nat)) \<in> carrier Q\<^sub>p"
+ using F0 Qp.nat_pow_closed assms(1) fract_closed Qp_nat_pow_nonzero by presburger
+ then show ?thesis
+ by (meson Qp.cring_axioms cring.cring_simprules(5) p_natpow_closed(1))
+ qed
+ have 1: "(b[^](4::nat)) \<in> carrier Q\<^sub>p"
+ using Qp.nat_pow_closed assms(2)
+ by blast
+ then show ?thesis
+ using 0 F2 ring.ring_simprules(23)[of Q\<^sub>p "\<one>" "(\<pp>[^](3::nat))\<otimes> ((a \<div> b)[^](4::nat))" "(b[^](4::nat))"]
+ Qp.cring_axioms Qp.nonzero_mult_closed Qp.ring_axioms Qp_nat_pow_nonzero \<open>(a \<div> b) \<in> nonzero Q\<^sub>p\<close> p_nonzero
+ by blast
+ qed
+ have F4: "(b[^](4::nat)) \<in> carrier Q\<^sub>p"
+ using Qp.nat_pow_closed assms(2)
+ by blast
+ then have "((b[^](4::nat)) \<otimes> \<one>) = (b[^](4::nat))"
+ using Qp.r_one by blast
+ then have F5: "(b[^](4::nat))\<oplus>\<^bsub>Q\<^sub>p\<^esub> ((b[^](4::nat)) \<otimes>((\<pp>[^](3::nat))\<otimes> ((a \<div> b)[^](4::nat)))) =
+ ((b[^](2::nat)) [^] (2::nat)) \<otimes> (y[^](2::nat))"
+ using F3
+ by presburger
+ have "((b[^](4::nat)) \<otimes>((\<pp>[^](3::nat))\<otimes> ((a \<div> b)[^](4::nat)))) = (\<pp>[^](3::nat))\<otimes>((b[^](4::nat)) \<otimes> ((a \<div> b)[^](4::nat)))"
+ proof-
+ have 0: "(b[^](4::nat)) \<in> carrier Q\<^sub>p"
+ using F4 by blast
+ have 1: "(\<pp>[^](3::nat)) \<in> carrier Q\<^sub>p"
+ by blast
+ have 2: "((a \<div> b)[^](4::nat)) \<in> carrier Q\<^sub>p"
+ using F0 Qp.nat_pow_closed assms(1) fract_closed
+ by blast
+ show ?thesis using 0 1 2 monoid.m_assoc[of Q\<^sub>p] comm_monoid.m_comm[of Q\<^sub>p]
+ using Qp.m_lcomm by presburger
+ qed
+ then have "(b[^](4::nat))\<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes>((b[^](4::nat)) \<otimes> ((a \<div> b)[^](4::nat))) =
+ ((b[^](2::nat)) [^] (2::nat)) \<otimes> (y[^](2::nat))"
+ using F5 by presburger
+ then have "(b[^](4::nat))\<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes>((b \<otimes>(a \<div> b))[^](4::nat)) =
+ ((b[^](2::nat)) [^] (2::nat)) \<otimes> (y[^](2::nat))"
+ using F0 Qp.nat_pow_distrib assms(1) assms(2) fract_closed by presburger
+ then have "(b[^](4::nat))\<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes>(a[^](4::nat)) =
+ ((b[^](2::nat)) [^] (2::nat)) \<otimes> (y[^](2::nat))"
+ by (metis F0 assms(1) local.fract_cancel_right)
+ then have "(b[^](4::nat))\<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes>(a[^](4::nat)) =
+ (((b[^](2::nat))\<otimes> y)[^](2::nat))"
+ using Qp.nat_pow_closed Qp.nat_pow_distrib assms(2) y_def by blast
+ then have "((b[^](2::nat))\<otimes> y) \<in> carrier Q\<^sub>p \<and> (b[^](4::nat))\<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes>(a[^](4::nat)) =
+ (((b[^](2::nat))\<otimes> y)[^](2::nat))"
+ by (meson Qp.cring_axioms Qp.nat_pow_closed assms(2) cring.cring_simprules(5) y_def)
+ then show ?thesis
+ by blast
+ qed
+ qed
+ qed
+ show "\<exists>y \<in> carrier Q\<^sub>p. (b[^](4::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (y[^](2::nat)) \<Longrightarrow> val a \<ge> val b"
+ proof-
+ assume A: "\<exists>y \<in> carrier Q\<^sub>p. (b[^](4::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (y[^](2::nat))"
+ show "val a \<ge> val b"
+ proof(cases "a = \<zero>")
+ case True
+ then show ?thesis
+ using eint_ord_code(3) local.val_zero by presburger
+ next
+ case False
+ have "b \<noteq> \<zero>"
+ proof(rule ccontr)
+ assume "\<not> b \<noteq> \<zero>"
+ then have "\<exists>y \<in> carrier Q\<^sub>p. (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (y[^](2::nat))"
+ using A
+ by (metis (no_types, lifting) Qp.add.r_cancel_one' Qp.nat_pow_closed Qp.nonzero_memE(2)
+ Qp_nonzero_nat_pow assms(1) assms(2) local.monom_term_car not_nonzero_Qp
+ p_natpow_closed(1) zero_less_numeral)
+ then obtain y where y_def: "y \<in> carrier Q\<^sub>p \<and> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (y[^](2::nat))"
+ by blast
+ have 0: "ord ((\<pp>[^](3::nat))\<otimes> (a[^](4::nat))) = 3 + 4* ord a"
+ proof-
+ have 00: "(\<pp>[^](3::nat)) \<in> nonzero Q\<^sub>p"
+ using Qp_nat_pow_nonzero p_nonzero by blast
+ have 01: "(a[^](4::nat)) \<in> nonzero Q\<^sub>p"
+ using False Qp_nat_pow_nonzero assms(1) not_nonzero_Qp Qp.nonzero_memI by presburger
+ then show ?thesis using ord_mult[of "\<pp>[^](3::nat)" "a[^](4::nat)"]
+ by (metis (no_types, lifting) "00" False assms(1) nonzero_nat_pow_ord
+ not_nonzero_Qp of_nat_numeral ord_p_pow_nat)
+ qed
+ have 1: "ord ((\<pp>[^](3::nat))\<otimes> (a[^](4::nat))) = 2* (ord y)"
+ proof-
+ have "y \<noteq> \<zero>"
+ proof(rule ccontr)
+ assume " \<not> y \<noteq> \<zero>"
+ then have "(\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = \<zero>"
+ using y_def Qp.cring_axioms cring_def pos2 ring.pow_zero by blast
+ then show False
+ by (metis False Qp.integral Qp.nat_pow_closed Qp.nonzero_pow_nonzero
+ Qp.not_nonzero_memI Qp_nat_pow_nonzero assms(1) p_natpow_closed(1) p_nonzero)
+ qed
+ then show ?thesis
+ using y_def
+ by (metis nonzero_nat_pow_ord not_nonzero_Qp of_nat_numeral)
+ qed
+ then show False
+ using 0
+ by presburger
+ qed
+ then have F0: "b \<in> nonzero Q\<^sub>p"
+ using assms(2) not_nonzero_Qp by metis
+
+ have F1: "a \<in> nonzero Q\<^sub>p"
+ using False assms(1) not_nonzero_Qp by metis
+ obtain y where y_def: "y \<in> carrier Q\<^sub>p \<and> (b[^](4::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat)) = (y[^](2::nat))"
+ using A by blast
+ show ?thesis
+ proof(rule ccontr)
+ assume " \<not> val a \<ge> val b "
+ then have F2: "ord a < ord b"
+ using F0 F1 assms
+ by (metis False \<open>b \<noteq> \<zero>\<close> eint_ord_simps(1) leI val_def)
+ have 0: "ord ((\<pp>[^](3::nat))\<otimes> (a[^](4::nat))) = 3 + 4* ord a"
+ using F0 ord_mult F1 Qp_nat_pow_nonzero nonzero_nat_pow_ord ord_p_pow_nat p_natpow_closed(2)
+ by presburger
+ have 1: " ord (b[^](4::nat)) = 4* ord b"
+ using F0 nonzero_nat_pow_ord
+ by presburger
+ have 2: "(4 * (ord b)) > 4 * (ord a)"
+ using F2 by linarith
+ have 3: "(4 * (ord b)) \<le> 3 + 4* ord a"
+ proof(rule ccontr)
+ assume "\<not> (4 * (ord b)) \<le> 3 + 4* ord a"
+ then have "(4 * (ord b)) > 3 + 4* ord a"
+ by linarith
+ then have 30: "ord ((b[^](4::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat))) = 3 + 4* ord a"
+ using "0" "1" F0 F1 Qp_nat_pow_nonzero Qp.nat_pow_closed assms(1) monom_term_car not_nonzero_Qp ord_ultrametric_noteq
+ p_natpow_closed(1) p_nonzero
+ by (metis Qp.integral)
+ have "y \<in> nonzero Q\<^sub>p"
+ proof(rule ccontr)
+ assume A: "y \<notin> nonzero Q\<^sub>p"
+ then have "y = \<zero>"
+ using y_def Qp.nonzero_memI by blast
+ then have "b [^] 4 \<oplus> \<pp> [^] 3 \<otimes> a [^] 4 = \<zero>"
+ by (smt "0" "1" A F0 False Qp.integral Qp.nat_pow_closed Qp.nonzero_closed
+ Qp.nonzero_mult_closed Qp.nonzero_pow_nonzero Qp.pow_zero assms(1) diff_ord_nonzero not_nonzero_Qp p_nonzero pos2 y_def)
+ then show False
+ by (smt "0" "1" A F0 F1 Qp.integral Qp.nat_pow_closed Qp.nonzero_mult_closed
+ Qp_nat_pow_nonzero assms(1) diff_ord_nonzero not_nonzero_Qp p_natpow_closed(1) p_nonzero y_def)
+ qed
+ then have 31: "ord ((b[^](4::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat))) = 2* ord y"
+ using nonzero_nat_pow_ord y_def
+ by presburger
+ then show False using 30 by presburger
+ qed
+ show False
+ using 2 3
+ by presburger
+ qed
+ qed
+ qed
+qed
+
+text\<open>The polynomial in two variables which semialgebraically defines the valuation relation\<close>
+
+definition Qp_val_poly where
+"Qp_val_poly = (pvar Q\<^sub>p 1)[^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub>(4::nat) \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> (\<pp>[^](3::nat) \<odot>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> ((pvar Q\<^sub>p 0)[^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub>(4::nat)))"
+
+lemma Qp_val_poly_closed:
+"Qp_val_poly \<in> carrier (Q\<^sub>p[\<X>\<^bsub>2\<^esub>])"
+proof-
+ have "(pvar Q\<^sub>p 1) \<in> carrier (Q\<^sub>p[\<X>\<^bsub>2\<^esub>])"
+ using local.pvar_closed one_less_numeral_iff semiring_norm(76) by blast
+ then have 0: "(pvar Q\<^sub>p 1)[^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub>(4::nat) \<in> carrier (Q\<^sub>p[\<X>\<^bsub>2\<^esub>])"
+
+ using ring.Pring_is_ring[of Q\<^sub>p "{0::nat..2-1}"]
+ monoid.nat_pow_closed[of "coord_ring Q\<^sub>p 2"] Qp.cring_axioms cring.axioms(1) ring.Pring_is_monoid
+ by blast
+ have 1: "(pvar Q\<^sub>p 0)[^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub>(4::nat) \<in> carrier (Q\<^sub>p[\<X>\<^bsub>2\<^esub>])"
+ using local.pvar_closed pos2 by blast
+ have 2: "\<pp>[^](3::nat) \<odot>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub>(pvar Q\<^sub>p 0)[^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub>(4::nat) \<in> carrier (Q\<^sub>p[\<X>\<^bsub>2\<^esub>])"
+ using 1 local.smult_closed p_natpow_closed(1) by blast
+ then show ?thesis
+ unfolding Qp_val_poly_def
+ using 0 by blast
+qed
+
+lemma Qp_val_poly_eval:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ shows "Qp_ev Qp_val_poly [a, b] = (b[^](4::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (a[^](4::nat))"
+proof-
+ have 0: "[a,b] \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>)"
+ proof(rule cartesian_power_car_memI)
+ show "length [a, b] = 2"
+ by simp
+ have "set [a,b] = {a,b}"
+ by auto
+ then show "set [a, b] \<subseteq> carrier Q\<^sub>p"
+ using assms
+ by (simp add: \<open>a \<in> carrier Q\<^sub>p\<close> \<open>b \<in> carrier Q\<^sub>p\<close>)
+ qed
+ obtain f where f_def: "f = ((pvar Q\<^sub>p 1)[^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub>(4::nat))"
+ by blast
+ obtain g where g_def: "g = (\<pp>[^](3::nat) \<odot>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> ((pvar Q\<^sub>p 0)[^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub>(4::nat)))"
+ by blast
+ have 1: "Qp_val_poly = f \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> g"
+ unfolding Qp_val_poly_def
+ using f_def g_def by blast
+ have 1: "Qp_ev (pvar Q\<^sub>p (0::nat)) [a,b] = a"
+ using eval_pvar
+ by (metis \<open>[a, b] \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>)\<close> nth_Cons_0 pos2)
+ have 2: "Qp_ev (pvar Q\<^sub>p (1::nat)) [a,b] = b"
+ using eval_pvar
+ by (metis (no_types, lifting) "0" One_nat_def add_diff_cancel_right' assms(2)
+ cartesian_power_car_memE gr_zeroI less_numeral_extra(1) less_numeral_extra(4)
+ list.size(4) nth_Cons_pos Qp.to_R1_closed Qp.to_R_to_R1 zero_less_diff)
+ have 3: "Qp_ev ((pvar Q\<^sub>p 1)[^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub>(4::nat)) [a,b] = (b[^](4::nat))"
+ by (metis "0" "2" eval_at_point_nat_pow local.pvar_closed one_less_numeral_iff semiring_norm(76))
+ have 4: "Qp_ev ((pvar Q\<^sub>p 0)[^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub>(4::nat)) [a,b] = (a[^](4::nat))"
+ using "0" "1" eval_at_point_nat_pow local.pvar_closed pos2 by presburger
+ then have 5: "Qp_ev (poly_scalar_mult Q\<^sub>p (\<pp>[^](3::nat)) ((pvar Q\<^sub>p 0)[^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub>(4::nat))) [a,b] = (\<pp>[^](3::nat))\<otimes> (a[^](4::nat))"
+ using eval_at_point_smult[of "[a,b]" 2 "(pvar Q\<^sub>p 0)[^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub>(4::nat)" "\<pp>[^](3::nat)" ] 2
+ by (metis "0" MP.nat_pow_closed eval_at_point_scalar_mult local.pvar_closed p_natpow_closed(1) zero_less_numeral)
+ then show ?thesis
+ proof-
+ have 00: "[a, b] \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>)"
+ by (simp add: "0")
+ have 01: " pvar Q\<^sub>p 1 [^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> (4::nat) \<in> carrier (Q\<^sub>p[\<X>\<^bsub>2\<^esub>])"
+ by (meson MP.nat_pow_closed local.pvar_closed one_less_numeral_iff semiring_norm(76))
+ have 02: "\<pp>[^](3::nat) \<odot>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> (pvar Q\<^sub>p 0 [^]\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> (4::nat)) \<in> carrier (Q\<^sub>p[\<X>\<^bsub>2\<^esub>])"
+ by (meson MP.nat_pow_closed local.pvar_closed local.smult_closed p_natpow_closed(1) zero_less_numeral)
+ then show ?thesis
+ unfolding Qp_val_poly_def
+ using 00 01 02
+ by (metis (no_types, lifting) "3" "4" MP.nat_pow_closed eval_at_point_add eval_at_point_smult
+ local.pvar_closed p_natpow_closed(1) zero_less_numeral)
+ qed
+qed
+
+lemma Qp_2I:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ shows "[a,b] \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ using assms
+ apply (simp add: assms(1) assms(2))
+ using assms
+ by (simp add: assms(1) assms(2))
+
+lemma pair_id:
+ assumes "length as = 2"
+ shows "as = [as!0, as!1]"
+ using assms
+ by (smt One_nat_def diff_Suc_1 length_Cons less_Suc0 less_SucE list.size(3)
+ nth_Cons' nth_equalityI numeral_2_eq_2)
+
+lemma Qp_val_semialg:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ shows "val b \<le> val a \<longleftrightarrow> [a,b] \<in> basic_semialg_set 2 (2::nat) Qp_val_poly"
+proof
+ show "val a \<ge> val b \<Longrightarrow> [a, b] \<in> basic_semialg_set 2 2 Qp_val_poly"
+ using Qp_val_alt_def[of a b] Qp_2I[of a b] Qp_val_poly_eval[of a b]
+ unfolding basic_semialg_set_def
+ by (metis (mono_tags, lifting) assms(1) assms(2) mem_Collect_eq)
+ show "[a, b] \<in> basic_semialg_set 2 2 Qp_val_poly \<Longrightarrow> val a \<ge> val b"
+ using Qp_val_alt_def[of a b] Qp_2I[of a b] Qp_val_poly_eval[of a b]
+ unfolding basic_semialg_set_def
+ using assms(1) assms(2)
+ by blast
+qed
+
+definition val_relation_set where
+"val_relation_set = {as \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>). val (as!1) \<le> val (as!0)}"
+
+lemma val_relation_setE:
+ assumes "as \<in> val_relation_set"
+ shows "as!0 \<in> carrier Q\<^sub>p \<and> as!1 \<in> carrier Q\<^sub>p \<and> as = [as!0,as!1] \<and> val (as!1) \<le> val (as!0)"
+ using assms unfolding val_relation_set_def
+ by (smt cartesian_power_car_memE cartesian_power_car_memE' mem_Collect_eq one_less_numeral_iff pair_id pos2 semiring_norm(76))
+
+lemma val_relation_setI:
+ assumes "as!0 \<in> carrier Q\<^sub>p"
+ assumes "as!1 \<in> carrier Q\<^sub>p"
+ assumes "length as = 2"
+ assumes "val (as!1) \<le> val(as!0)"
+ shows "as \<in> val_relation_set"
+ unfolding val_relation_set_def using assms Qp_2I[of "as!0" "as!1"]
+ by (metis (no_types, lifting) mem_Collect_eq pair_id)
+
+lemma val_relation_semialg:
+"val_relation_set = basic_semialg_set 2 (2::nat) Qp_val_poly"
+proof
+ show "val_relation_set \<subseteq> basic_semialg_set 2 (2::nat) Qp_val_poly"
+ proof fix as
+ assume A: "as \<in> val_relation_set"
+ have 0: "length as = 2"
+ unfolding val_relation_set_def
+ by (metis (no_types, lifting) A cartesian_power_car_memE mem_Collect_eq val_relation_set_def)
+ have 1: "as = [as ! 0, as ! 1]"
+ by (metis (no_types, lifting) A cartesian_power_car_memE mem_Collect_eq pair_id val_relation_set_def)
+ show "as \<in> basic_semialg_set 2 (2::nat) Qp_val_poly"
+ using A 1 val_relation_setE[of as] Qp_val_semialg[of "as!0" "as!1"]
+ by presburger
+ qed
+ show "basic_semialg_set 2 (2::nat) Qp_val_poly \<subseteq> val_relation_set"
+ proof
+ fix as
+ assume "as \<in> basic_semialg_set 2 (2::nat) Qp_val_poly"
+ then show "as \<in> val_relation_set"
+ using val_relation_setI[of as]
+ by (smt cartesian_power_car_memE cartesian_power_car_memE' mem_Collect_eq
+ one_less_numeral_iff Qp_val_semialg basic_semialg_set_def
+ val_relation_set_def padic_fields_axioms pair_id pos2 semiring_norm(76))
+ qed
+qed
+
+lemma val_relation_is_semialgebraic:
+"is_semialgebraic 2 val_relation_set"
+proof -
+have "{rs \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>). val (rs ! 0) \<ge> val (rs ! 1)} = basic_semialg_set (Suc 1) (Suc 1) Qp_val_poly"
+using Suc_1 val_relation_semialg val_relation_set_def by presburger
+ then show ?thesis
+ by (metis (no_types) Qp_val_poly_closed Suc_1 basic_semialg_is_semialgebraic' val_relation_set_def zero_neq_numeral)
+qed
+
+lemma Qp_val_ring_is_semialg:
+ obtains P where "P \<in> carrier Q\<^sub>p_x \<and> \<O>\<^sub>p = univ_basic_semialg_set 2 P"
+proof-
+ obtain P where P_def: "P = (\<pp>[^](3::nat)) \<odot>\<^bsub>Q\<^sub>p_x \<^esub>(X_poly Q\<^sub>p) [^]\<^bsub>Q\<^sub>p_x\<^esub> (4::nat) \<oplus>\<^bsub>Q\<^sub>p_x\<^esub> \<one>\<^bsub>Q\<^sub>p_x\<^esub>"
+ by blast
+ have 0: "P \<in> carrier Q\<^sub>p_x"
+ proof-
+ have 0: "(X_poly Q\<^sub>p) \<in> carrier Q\<^sub>p_x"
+ using UPQ.X_closed by blast
+ then show ?thesis
+ using P_def UPQ.P.nat_pow_closed p_natpow_closed(1) by blast
+ qed
+ have 1: "\<O>\<^sub>p = univ_basic_semialg_set 2 P"
+ proof
+ show "\<O>\<^sub>p \<subseteq> univ_basic_semialg_set 2 P"
+ proof
+ fix x
+ assume A: "x \<in> \<O>\<^sub>p"
+ show "x \<in> univ_basic_semialg_set 2 P"
+ proof-
+ have x_car: "x \<in> carrier Q\<^sub>p"
+ using A val_ring_memE by blast
+ then have "(\<exists>y \<in> carrier Q\<^sub>p. \<one> \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (x[^](4::nat)) = (y[^](2::nat)))"
+ using A Qp_val_ring_alt_def[of x]
+ by blast
+ then obtain y where y_def: "y \<in> carrier Q\<^sub>p \<and> \<one> \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (x[^](4::nat)) = (y[^](2::nat))"
+ by blast
+ have "y \<in> carrier Q\<^sub>p \<and> P \<bullet> x = (y[^](2::nat))"
+ proof-
+ have "P \<bullet> x = \<one> \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<pp>[^](3::nat))\<otimes> (x[^](4::nat))"
+ proof-
+ have "((\<pp>[^](3::nat)) \<odot>\<^bsub>Q\<^sub>p_x\<^esub> (X_poly Q\<^sub>p) [^]\<^bsub>Q\<^sub>p_x\<^esub> (4::nat)) \<in> carrier Q\<^sub>p_x"
+ using UPQ.monom_closed p_natpow_closed(1) by blast
+ then have "P \<bullet> x = (((\<pp>[^](3::nat)) \<odot>\<^bsub>Q\<^sub>p_x\<^esub> (X_poly Q\<^sub>p) [^]\<^bsub>Q\<^sub>p_x\<^esub> (4::nat))\<bullet> x) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<one>\<^bsub>Q\<^sub>p_x\<^esub> \<bullet> x)"
+ using P_def x_car UPQ.to_fun_plus by blast
+ then have 0: "P \<bullet> x = (\<pp>[^](3::nat)) \<otimes>(( (X_poly Q\<^sub>p) [^]\<^bsub>Q\<^sub>p_x\<^esub> (4::nat))\<bullet> x) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (\<one>\<^bsub>Q\<^sub>p_x\<^esub> \<bullet> x)"
+ using UPQ.P.nat_pow_closed UPQ.X_closed UPQ.to_fun_smult p_natpow_closed(1) x_car by presburger
+ have "(( (X_poly Q\<^sub>p) [^]\<^bsub>Q\<^sub>p_x\<^esub> (4::nat))\<bullet> x) = (x[^](4::nat))"
+ using UPQ.to_fun_X_pow x_car by blast
+ then have "P \<bullet> x = (\<pp>[^](3::nat)) \<otimes>(x[^](4::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<one>"
+ using "0" UPQ.to_fun_one x_car by presburger
+ then show ?thesis
+ using y_def Qp.add.m_comm Qp.one_closed local.monom_term_car p_natpow_closed(1) x_car
+ by presburger
+ qed
+ then show ?thesis
+ using y_def
+ by blast
+ qed
+ then show ?thesis
+ unfolding univ_basic_semialg_set_def
+ using x_car
+ by blast
+ qed
+ qed
+ show "univ_basic_semialg_set 2 P \<subseteq> \<O>\<^sub>p"
+ proof fix x
+ assume A: "x \<in> univ_basic_semialg_set (2::nat) P"
+ then obtain y where y_def: "y \<in> carrier Q\<^sub>p \<and> (P \<bullet> x) = (y[^](2::nat))"
+ unfolding univ_basic_semialg_set_def
+ by blast
+ have x_car: "x \<in> carrier Q\<^sub>p"
+ using A
+ by (metis (no_types, lifting) mem_Collect_eq univ_basic_semialg_set_def)
+ have 0: "(P \<bullet> x) = (\<pp>[^](3::nat)) \<otimes> (x[^](4::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<one>"
+ using P_def x_car UPQ.UP_one_closed UPQ.monom_closed UPQ.monom_rep_X_pow UPQ.to_fun_monom
+ UPQ.to_fun_one UPQ.to_fun_plus p_natpow_closed(1) by presburger
+ have 1: "y \<in> carrier Q\<^sub>p \<and> (\<pp>[^](3::nat)) \<otimes> (x[^](4::nat)) \<oplus>\<^bsub>Q\<^sub>p\<^esub> \<one> = (y[^](2::nat))"
+ using "0" y_def
+ by blast
+ then show "x \<in> \<O>\<^sub>p"
+ using x_car Qp_val_ring_alt_def[of x] y_def
+ by (metis Qp.add.m_comm Qp.one_closed local.monom_term_car p_natpow_closed(1))
+ qed
+ qed
+ show ?thesis
+ using 0 1 that
+ by blast
+qed
+
+lemma Qp_val_ring_is_univ_semialgebraic:
+"is_univ_semialgebraic \<O>\<^sub>p"
+proof-
+ obtain P where "P \<in> carrier Q\<^sub>p_x \<and> \<O>\<^sub>p = univ_basic_semialg_set 2 P"
+ using Qp_val_ring_is_semialg by blast
+ then show ?thesis
+ by (metis univ_basic_semialg_set_is_univ_semialgebraic zero_neq_numeral)
+qed
+
+lemma Qp_val_ring_is_semialgebraic:
+"is_semialgebraic 1 (to_R1` \<O>\<^sub>p)"
+ using Qp_val_ring_is_univ_semialgebraic is_univ_semialgebraic_def by blast
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>Inverse Images of Semialgebraic Sets by Polynomial Maps\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+lemma basic_semialg_pullback:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>k\<^esub>])"
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = k"
+ assumes "S = basic_semialg_set k m f"
+ assumes "m \<noteq>0"
+ shows "poly_map n fs \<inverse>\<^bsub>n\<^esub> S = basic_semialg_set n m (Qp_poly_comp n fs f)"
+proof
+ show "poly_map n fs \<inverse>\<^bsub>n\<^esub> S \<subseteq> basic_semialg_set n m (Qp_poly_comp n fs f)"
+ proof
+ fix x
+ assume A: "x \<in> poly_map n fs \<inverse>\<^bsub>n\<^esub> S"
+ then have 0: "poly_map n fs x \<in> S"
+ proof -
+ have "\<exists>n f. {rs. rs \<in> S} \<subseteq> {rs \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). \<exists>r. r \<in> carrier Q\<^sub>p \<and> Qp_ev f rs = (r[^](n::nat))}"
+ by (metis (no_types) Collect_mem_eq \<open>S = basic_semialg_set k m f\<close> basic_semialg_set_def eq_iff)
+ then show ?thesis
+ using A by blast
+ qed
+ have 1: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using A assms
+ by (meson evimage_eq)
+ have "\<exists>y \<in> (carrier Q\<^sub>p). Qp_ev f (poly_map n fs x) = (y[^]m)"
+ using A 0 assms basic_semialg_set_def
+ by blast
+ then have "\<exists>y \<in> (carrier Q\<^sub>p). Qp_ev (Qp_poly_comp n fs f) x = (y[^]m)"
+ using 1 assms Qp_poly_comp_eval
+ by blast
+ then show "x \<in> basic_semialg_set n m (Qp_poly_comp n fs f)"
+ using "1" basic_semialg_set_def
+ by blast
+ qed
+ show "basic_semialg_set n m (Qp_poly_comp n fs f) \<subseteq> poly_map n fs \<inverse>\<^bsub>n\<^esub> S"
+ proof fix x
+ assume A: "x \<in> basic_semialg_set n m (Qp_poly_comp n fs f)"
+ have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using A basic_semialg_set_def
+ by blast
+ have 1: "(poly_map n fs x) \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ using "0" poly_map_closed assms(2) assms(3) by blast
+ show "x \<in> poly_map n fs \<inverse>\<^bsub>n\<^esub> S"
+ proof-
+ have "\<exists>y \<in> carrier Q\<^sub>p. Qp_ev (Qp_poly_comp n fs f) x = (y[^]m)"
+ using A basic_semialg_set_def
+ by blast
+ then have 2: "\<exists>y \<in> carrier Q\<^sub>p. Qp_ev f (poly_map n fs x) = (y[^]m)"
+ using assms Qp_poly_comp_eval
+ by (metis (no_types, lifting) A basic_semialg_set_def mem_Collect_eq)
+ have 3: "poly_map n fs x \<in> S"
+ using assms 0 1 basic_semialg_set_def[of k m f] "2"
+ by blast
+ show ?thesis
+ using "0" "3" by blast
+ qed
+ qed
+qed
+
+lemma basic_semialg_pullback':
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = k"
+ assumes "A \<in> basic_semialgs k"
+ shows "poly_map n fs \<inverse>\<^bsub>n\<^esub> A \<in> (basic_semialgs n)"
+proof-
+ obtain f m where fm_def: "m \<noteq>0 \<and>f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>k\<^esub>]) \<and> A = basic_semialg_set k m f"
+ using assms
+ by (metis is_basic_semialg_def mem_Collect_eq)
+ then have "poly_map n fs \<inverse>\<^bsub>n\<^esub> A = basic_semialg_set n m (Qp_poly_comp n fs f)"
+ using assms basic_semialg_pullback[of f k n fs A m]
+ by linarith
+ then show ?thesis unfolding is_basic_semialg_def
+ by (metis (mono_tags, lifting) assms(1) assms(2) fm_def mem_Collect_eq poly_compose_closed)
+qed
+
+lemma semialg_pullback:
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = k"
+ assumes "S \<in> semialg_sets k"
+ shows "poly_map n fs \<inverse>\<^bsub>n\<^esub> S \<in> semialg_sets n"
+ unfolding semialg_sets_def
+ apply(rule gen_boolean_algebra.induct[of S "(carrier (Q\<^sub>p\<^bsup>k\<^esup>))" "basic_semialgs k"])
+ using assms semialg_sets_def apply blast
+ apply (metis assms(1) assms(2) carrier_is_semialgebraic evimageI2 extensional_vimage_closed is_semialgebraicE poly_map_closed semialg_sets_def subsetI subset_antisym)
+ apply (metis Int_absorb2 assms(1) assms(2) basic_semialg_is_semialg basic_semialg_is_semialgebraic basic_semialg_pullback' is_semialgebraic_closed mem_Collect_eq semialg_sets_def)
+ apply (metis evimage_Un semialg_sets_def semialg_union)
+ by (metis assms(1) assms(2) carrier_is_semialgebraic diff_is_semialgebraic evimage_Diff extensional_vimage_closed is_semialgebraicE is_semialgebraicI poly_map_closed poly_map_pullbackI semialg_sets_def subsetI subset_antisym)
+
+lemma pullback_is_semialg:
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = k"
+ assumes "S \<in> semialg_sets k"
+ shows "is_semialgebraic n (poly_map n fs \<inverse>\<^bsub>n\<^esub> S)"
+ using assms(1) assms(2) assms(3) is_semialgebraicI padic_fields_axioms semialg_pullback
+ by blast
+
+text\<open>Equality and inequality sets for a pair of polynomials\<close>
+
+definition val_ineq_set where
+"val_ineq_set n f g = {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) \<le> val (Qp_ev g x)}"
+
+lemma poly_map_length :
+ assumes "length fs = m"
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "length (poly_map n fs as) = m"
+ using assms unfolding poly_map_def poly_tuple_eval_def
+ by (metis (no_types, lifting) length_map restrict_apply')
+
+lemma val_ineq_set_pullback:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "val_ineq_set n f g = poly_map n [g,f] \<inverse>\<^bsub>n\<^esub> val_relation_set "
+proof
+ show "val_ineq_set n f g \<subseteq> poly_map n [g,f] \<inverse>\<^bsub>n\<^esub> val_relation_set"
+ proof
+ fix x
+ assume "x \<in> val_ineq_set n f g"
+ then have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<and> val (Qp_ev f x) \<le> val (Qp_ev g x)"
+ by (metis (mono_tags, lifting) mem_Collect_eq val_ineq_set_def)
+ have 1: "poly_map n [g,f] x = [Qp_ev g x, Qp_ev f x]"
+ unfolding poly_map_def poly_tuple_eval_def using 0
+ by (metis (no_types, lifting) Cons_eq_map_conv list.simps(8) restrict_apply')
+ have 2: "poly_map n [g,f] x \<in> val_relation_set"
+ apply(rule val_relation_setI)
+ using 1 0 assms apply (metis eval_at_point_closed nth_Cons_0)
+ using 1 0 assms apply (metis One_nat_def eval_at_point_closed diff_Suc_1 less_numeral_extra(1) nth_Cons_pos Qp.to_R_to_R1)
+ using poly_map_length assms 0 apply (metis "1" Qp_2I cartesian_power_car_memE eval_at_point_closed)
+ by (metis "0" "1" One_nat_def nth_Cons_0 nth_Cons_Suc)
+ have 3: "is_poly_tuple n [g, f]"
+ using assms
+ by (smt One_nat_def diff_Suc_1 Qp_is_poly_tupleI length_Suc_conv less_SucE less_one list.size(3) nth_Cons')
+ then show "x \<in> poly_map n [g,f] \<inverse>\<^bsub>n\<^esub> val_relation_set"
+ using 0 1 2
+ by blast
+ qed
+ show "poly_map n [g,f] \<inverse>\<^bsub>n\<^esub> val_relation_set \<subseteq> val_ineq_set n f g"
+ proof fix x
+ have 0: "is_poly_tuple n [g, f]"
+ using Qp_is_poly_tupleI assms
+ by (metis (no_types, lifting) diff_Suc_1 length_Cons less_Suc0 less_SucE list.size(3) nth_Cons')
+ assume A: "x \<in> poly_map n [g,f] \<inverse>\<^bsub>n\<^esub> val_relation_set"
+ then have 1: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<and> poly_map n [g,f] x \<in> val_relation_set"
+ using 0
+ by (meson evimageD extensional_vimage_closed subsetD)
+ have 2: "poly_map n [g,f] x = [Qp_ev g x, Qp_ev f x]"
+ by (metis "1" Qp_poly_mapE' length_0_conv poly_map_cons)
+ show "x \<in> val_ineq_set n f g"
+ using 0 1 2 unfolding val_ineq_set_def val_relation_set_def
+ by (metis (no_types, lifting) "1" list.inject mem_Collect_eq nth_Cons_0 poly_map_apply val_relation_setE)
+ qed
+qed
+
+lemma val_ineq_set_is_semialg:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "val_ineq_set n f g \<in> semialg_sets n"
+proof-
+ have 0: "val_relation_set \<in> semialg_sets 2"
+ using val_relation_semialg basic_semialg_is_semialg'
+ by (metis Qp_val_poly_closed zero_neq_numeral)
+ show ?thesis using val_ineq_set_pullback semialg_pullback[of n "[g,f]" 2 "val_relation_set" ]
+ by (metis (no_types, lifting) "0" assms(1) assms(2) diff_Suc_1 Qp_is_poly_tupleI
+ length_Cons less_Suc0 less_SucE list.size(3) nth_Cons_0 nth_Cons_pos numeral_2_eq_2
+ zero_neq_numeral)
+qed
+
+lemma val_ineq_set_is_semialgebraic:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "is_semialgebraic n (val_ineq_set n f g)"
+ using assms(1) assms(2) is_semialgebraicI val_ineq_set_is_semialg by blast
+
+lemma val_ineq_setI:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "x \<in> (val_ineq_set n f g)"
+ shows "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ "val (Qp_ev f x) \<le> val (Qp_ev g x)"
+ using assms unfolding val_ineq_set_def apply blast
+ using assms unfolding val_ineq_set_def by blast
+
+lemma val_ineq_setE:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "val (Qp_ev f x) \<le> val (Qp_ev g x)"
+ shows "x \<in> (val_ineq_set n f g)"
+ using assms unfolding val_ineq_set_def
+ by blast
+
+lemma val_ineq_set_is_semialgebraic':
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "is_semialgebraic n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) \<le> val (Qp_ev g x)}"
+ using assms val_ineq_set_is_semialgebraic unfolding val_ineq_set_def by blast
+
+lemma val_eq_set_is_semialgebraic:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "is_semialgebraic n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) = val (Qp_ev g x)}"
+proof-
+ have 0: "is_semialgebraic n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) \<le> val (Qp_ev g x)}"
+ using assms val_ineq_set_is_semialgebraic unfolding val_ineq_set_def
+ by blast
+ have 1: "is_semialgebraic n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev g x) \<le> val (Qp_ev f x)}"
+ using assms val_ineq_set_is_semialgebraic unfolding val_ineq_set_def
+ by blast
+ have 2: "{x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) = val (Qp_ev g x)} = {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) \<le> val (Qp_ev g x)} \<inter>
+ {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev g x) \<le> val (Qp_ev f x)}"
+ apply(rule equalityI, rule subsetI , rule IntI) unfolding mem_Collect_eq
+ using le_less apply blast apply (metis order_refl)
+ apply(rule subsetI, erule IntE) unfolding mem_Collect_eq
+ by (meson less_le_trans not_less_iff_gr_or_eq)
+ show ?thesis unfolding 2 apply(rule intersection_is_semialg)
+ using 0 apply blast using 1 by blast
+qed
+
+lemma equalityI'':
+ assumes "\<And>x. A x \<Longrightarrow> B x"
+ assumes "\<And>x. B x \<Longrightarrow> A x"
+ shows "{x. A x} = {x. B x}"
+ using assms by blast
+
+lemma val_strict_ineq_set_is_semialgebraic:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "is_semialgebraic n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) < val (Qp_ev g x)}"
+proof-
+ have 0: "{x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) < val (Qp_ev g x)} =
+ {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) \<le> val (Qp_ev g x)} - {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) = val (Qp_ev g x)}"
+ apply(rule equalityI', rule DiffI) unfolding le_less mem_Collect_eq apply blast
+ unfolding mem_Collect_eq using neq_iff apply blast
+ apply(erule DiffE) unfolding mem_Collect_eq by blast
+ show ?thesis unfolding 0
+ apply(rule diff_is_semialgebraic)
+ using assms val_ineq_set_is_semialgebraic[of f n g] unfolding val_ineq_set_def apply blast
+ using assms val_eq_set_is_semialgebraic[of f n g] unfolding val_ineq_set_def by blast
+qed
+
+lemma constant_poly_val_exists:
+ shows "\<exists>g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]). (\<forall> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev g x) = c)"
+proof-
+ obtain a where a_def: "a \<in> carrier Q\<^sub>p \<and> val a = c"
+ by (meson Qp.minus_closed Qp.nonzero_closed dist_nonempty' p_nonzero)
+ obtain g where g_def: "g = coord_const a"
+ by blast
+ show ?thesis using a_def g_def Qp_to_IP_car
+ by (metis (no_types, opaque_lifting) Qp_to_IP_car a_def eval_at_point_const g_def le_less subset_iff)
+qed
+
+lemma val_ineq_set_is_semialgebraic'':
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "is_semialgebraic n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) \<le> c}"
+proof-
+ obtain g where g_def: "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) \<and> (\<forall> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev g x) = c)"
+ using constant_poly_val_exists by blast
+ have 0: "is_semialgebraic n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) \<le> val (Qp_ev g x)}"
+ apply(rule val_ineq_set_is_semialgebraic')
+ using assms apply blast using g_def by blast
+ have 1: "{x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) \<le> val (Qp_ev g x)} = {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) \<le> c}"
+ apply(rule equalityI'') using g_def apply fastforce using g_def by fastforce
+ show ?thesis using 0 unfolding 1 by blast
+qed
+
+lemma val_ineq_set_is_semialgebraic''':
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "is_semialgebraic n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). c \<le> val (Qp_ev f x)}"
+proof-
+ obtain g where g_def: "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) \<and> (\<forall> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev g x) = c)"
+ using constant_poly_val_exists by blast
+ have 0: "is_semialgebraic n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev g x) \<le> val (Qp_ev f x)}"
+ apply(rule val_ineq_set_is_semialgebraic')
+ using g_def apply blast using assms by blast
+ have 1: "{x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev g x) \<le> val (Qp_ev f x)} = {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). c \<le> val (Qp_ev f x)}"
+ apply(rule equalityI'') using g_def apply fastforce using g_def by fastforce
+ show ?thesis using 0 unfolding 1 by blast
+qed
+
+lemma val_eq_set_is_semialgebraic':
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "is_semialgebraic n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) = c}"
+proof-
+ obtain g where g_def: "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) \<and> (\<forall> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev g x) = c)"
+ using constant_poly_val_exists by blast
+ have 0: "is_semialgebraic n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) = val (Qp_ev g x)}"
+ apply(rule val_eq_set_is_semialgebraic)
+ using assms apply blast using g_def by blast
+ have 1: "{x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) = val (Qp_ev g x)} = {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) = c}"
+ apply(rule equalityI'') using g_def apply fastforce using g_def by metis
+ show ?thesis using 0 unfolding 1 by blast
+qed
+
+lemma val_strict_ineq_set_is_semialgebraic':
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "is_semialgebraic n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) < c}"
+proof-
+ obtain g where g_def: "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) \<and> (\<forall> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev g x) = c)"
+ using constant_poly_val_exists by blast
+ have 0: "is_semialgebraic n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) < val (Qp_ev g x)}"
+ apply(rule val_strict_ineq_set_is_semialgebraic)
+ using assms apply blast using g_def by blast
+ have 1: "{x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) < val (Qp_ev g x)} = {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev f x) < c}"
+ apply(rule equalityI'') using g_def apply fastforce using g_def
+ by fastforce
+ show ?thesis using 0 g_def unfolding 1
+ by blast
+qed
+
+lemma val_strict_ineq_set_is_semialgebraic'':
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "is_semialgebraic n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). c < val (Qp_ev f x)}"
+proof-
+ obtain g where g_def: "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) \<and> (\<forall> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev g x) = c)"
+ using constant_poly_val_exists by blast
+ have 0: "is_semialgebraic n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev g x) < val (Qp_ev f x)}"
+ apply(rule val_strict_ineq_set_is_semialgebraic)
+ using g_def apply blast using assms by blast
+ have 1: "{x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). val (Qp_ev g x) < val (Qp_ev f x)} = {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). c < val (Qp_ev f x)}"
+ apply(rule equalityI'') using assms g_def apply fastforce using assms g_def by fastforce
+ show ?thesis using 0 g_def unfolding 1
+ by blast
+qed
+
+lemma(in cring) R1_memE:
+ assumes "x \<in> carrier (R\<^bsup>1\<^esup>)"
+ shows "x = [(hd x)]"
+ using assms cartesian_power_car_memE
+ by (metis diff_is_0_eq' hd_conv_nth le_eq_less_or_eq length_0_conv length_tl list.exhaust list.sel(3) normalize.cases nth_Cons_0 zero_neq_one)
+
+lemma(in cring) R1_memE':
+ assumes "x \<in> carrier (R\<^bsup>1\<^esup>)"
+ shows "hd x \<in> carrier R"
+ using R1_memE assms cartesian_power_car_memE[of x R 1] cartesian_power_car_memE'[of x R 1 0]
+ by (metis hd_conv_nth less_numeral_extra(1) list.size(3) zero_neq_one)
+
+lemma univ_val_ineq_set_is_univ_semialgebraic:
+"is_univ_semialgebraic {x \<in> carrier Q\<^sub>p. val x \<le> c}"
+proof-
+ have 0: "is_semialgebraic 1 {x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>). val (Qp_ev (pvar Q\<^sub>p 0) x) \<le> c}"
+ apply(rule val_ineq_set_is_semialgebraic'')
+ using pvar_closed by blast
+ have 1: "{x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>). val (Qp_ev (pvar Q\<^sub>p 0) x) \<le> c} = to_R1 ` {x \<in> carrier Q\<^sub>p. val x \<le> c}"
+ proof(rule equalityI')
+ show " \<And>x. x \<in> {x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>). val (eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0)) \<le> c} \<Longrightarrow> x \<in> (\<lambda>a. [a]) ` {x \<in> carrier Q\<^sub>p. val x \<le> c}"
+ proof- fix x assume A: "x \<in> {x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>). val (eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0)) \<le> c}"
+ then have 0: "x = [(hd x)] \<and> hd x \<in> carrier Q\<^sub>p"
+ using Qp.R1_memE Qp.R1_memE' by blast
+ have 1: "eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0) = hd x"
+ using A 0
+ by (metis (no_types, lifting) One_nat_def eval_pvar lessI nth_Cons_0 Qp.to_R1_closed)
+ then show "x \<in> (\<lambda>a. [a]) ` {x \<in> carrier Q\<^sub>p. val x \<le> c}"
+ using A 0 unfolding mem_Collect_eq
+ by (metis (no_types, lifting) image_iff mem_Collect_eq)
+ qed
+ show "\<And>x. x \<in> (\<lambda>a. [a]) ` {x \<in> carrier Q\<^sub>p. val x \<le> c} \<Longrightarrow> x \<in> {x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>). val (eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0)) \<le> c}"
+ proof fix x assume A: "x \<in> (\<lambda>a. [a]) ` {x \<in> carrier Q\<^sub>p. val x \<le> c} "
+ then obtain a where a_def: "x = [a] \<and> a \<in> carrier Q\<^sub>p \<and> val a \<le> c"
+ by blast
+ then have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ using cartesian_power_car_memI Qp.to_R1_closed by presburger
+ then have 1: "(eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0)) = a"
+ using a_def by (metis eval_pvar less_one Qp.to_R_to_R1)
+ show "x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>) \<and> val (eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0)) \<le> c"
+ unfolding 1 using a_def 0 by blast
+ qed
+ qed
+ show ?thesis using 0 unfolding 1
+ using is_univ_semialgebraicI by blast
+qed
+
+lemma univ_val_strict_ineq_set_is_univ_semialgebraic:
+"is_univ_semialgebraic {x \<in> carrier Q\<^sub>p. val x < c}"
+proof-
+ have 0: "is_semialgebraic 1 {x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>). val (Qp_ev (pvar Q\<^sub>p 0) x) <c}"
+ apply(rule val_strict_ineq_set_is_semialgebraic')
+ using pvar_closed by blast
+ have 1: "{x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>). val (Qp_ev (pvar Q\<^sub>p 0) x) < c} = to_R1 ` {x \<in> carrier Q\<^sub>p. val x < c}"
+ proof(rule equalityI')
+ show " \<And>x. x \<in> {x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>). val (eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0)) < c} \<Longrightarrow> x \<in> (\<lambda>a. [a]) ` {x \<in> carrier Q\<^sub>p. val x < c}"
+ proof- fix x assume A: "x \<in> {x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>). val (eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0)) < c}"
+ then have 0: "x = [(hd x)] \<and> hd x \<in> carrier Q\<^sub>p"
+ using Qp.R1_memE Qp.R1_memE' by blast
+ have 1: "eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0) = hd x"
+ using A 0
+ by (metis (no_types, lifting) One_nat_def eval_pvar lessI nth_Cons_0 Qp.to_R1_closed)
+ then show "x \<in> (\<lambda>a. [a]) ` {x \<in> carrier Q\<^sub>p. val x < c}"
+ using A 0 unfolding mem_Collect_eq
+ by (metis (no_types, lifting) image_iff mem_Collect_eq)
+ qed
+ show "\<And>x. x \<in> (\<lambda>a. [a]) ` {x \<in> carrier Q\<^sub>p. val x < c} \<Longrightarrow> x \<in> {x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>). val (eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0)) < c}"
+ proof fix x assume A: "x \<in> (\<lambda>a. [a]) ` {x \<in> carrier Q\<^sub>p. val x < c} "
+ then obtain a where a_def: "x = [a] \<and> a \<in> carrier Q\<^sub>p \<and> val a < c"
+ by blast
+ then have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ using cartesian_power_car_memI Qp.to_R1_closed by presburger
+ then have 1: "(eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0)) = a"
+ using a_def by (metis eval_pvar less_one Qp.to_R_to_R1)
+ show "x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>) \<and> val (eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0)) < c"
+ unfolding 1 using a_def 0 by blast
+ qed
+ qed
+ show ?thesis using 0 unfolding 1
+ using is_univ_semialgebraicI by blast
+qed
+
+lemma univ_val_eq_set_is_univ_semialgebraic:
+"is_univ_semialgebraic {x \<in> carrier Q\<^sub>p. val x = c}"
+proof-
+ have 0: "is_semialgebraic 1 {x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>). val (Qp_ev (pvar Q\<^sub>p 0) x) = c}"
+ apply(rule val_eq_set_is_semialgebraic')
+ using pvar_closed by blast
+ have 1: "{x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>). val (Qp_ev (pvar Q\<^sub>p 0) x) = c} = to_R1 ` {x \<in> carrier Q\<^sub>p. val x = c}"
+ proof(rule equalityI')
+ show " \<And>x. x \<in> {x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>). val (eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0)) = c} \<Longrightarrow> x \<in> (\<lambda>a. [a]) ` {x \<in> carrier Q\<^sub>p. val x = c}"
+ proof- fix x assume A: "x \<in> {x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>). val (eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0)) = c}"
+ then have 0: "x = [(hd x)] \<and> hd x \<in> carrier Q\<^sub>p"
+ using Qp.R1_memE Qp.R1_memE' by blast
+ have 1: "eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0) = hd x"
+ using A 0
+ by (metis (no_types, lifting) One_nat_def eval_pvar lessI nth_Cons_0 Qp.to_R1_closed)
+ show "x \<in> (\<lambda>a. [a]) ` {x \<in> carrier Q\<^sub>p. val x = c}"
+ using A 0 unfolding mem_Collect_eq 1 by blast
+ qed
+ show "\<And>x. x \<in> (\<lambda>a. [a]) ` {x \<in> carrier Q\<^sub>p. val x = c} \<Longrightarrow> x \<in> {x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>). val (eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0)) = c}"
+ proof fix x assume A: "x \<in> (\<lambda>a. [a]) ` {x \<in> carrier Q\<^sub>p. val x = c} "
+ then obtain a where a_def: "x = [a] \<and> a \<in> carrier Q\<^sub>p \<and> val a = c"
+ by blast
+ then have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ using cartesian_power_car_memI Qp.to_R1_closed by presburger
+ then have 1: "(eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0)) = a"
+ using a_def by (metis eval_pvar less_one Qp.to_R_to_R1)
+ show "x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>) \<and> val (eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0)) = c"
+ unfolding 1 using a_def 0 by blast
+ qed
+ qed
+ show ?thesis using 0 unfolding 1
+ using is_univ_semialgebraicI by blast
+qed
+
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>One Dimensional $p$-adic Balls are Semialgebraic\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+lemma coord_ring_one_def:
+"Pring Q\<^sub>p {(0::nat)} = (Q\<^sub>p[\<X>\<^bsub>1\<^esub>])"
+proof-
+ have "{(0::nat)} = {..<1}"
+ by auto
+ thus ?thesis
+ unfolding coord_ring_def
+ by auto
+qed
+
+lemma times_p_pow_val:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b = \<pp>[^]n \<otimes> a"
+ shows "val b = val a + n"
+ using val_mult[of "\<pp>[^]n" a] assms unfolding assms(2) val_p_int_pow
+ by (metis add.commute p_intpow_closed(1))
+
+lemma times_p_pow_neg_val:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b = \<pp>[^]-n \<otimes> a"
+ shows "val b = val a - n"
+ by (metis Qp.m_comm Qp_int_pow_nonzero assms(1) assms(2) p_intpow_closed(1) p_intpow_inv'' p_nonzero val_fract val_p_int_pow)
+
+lemma eint_minus_int_pos:
+ assumes "a - eint n \<ge> 0"
+ shows "a \<ge> n"
+ using assms apply(induction a)
+ apply (metis diff_ge_0_iff_ge eint_ord_simps(1) idiff_eint_eint zero_eint_def)
+ by simp
+
+text\<open>\<open>p\<close>-adic balls as pullbacks of polynomial maps\<close>
+
+lemma balls_as_pullbacks:
+ assumes "c \<in> carrier Q\<^sub>p"
+ shows "\<exists>P \<in> carrier (Q\<^sub>p[\<X>\<^bsub>1\<^esub>]). to_R1` B\<^bsub>n\<^esub>[c] = poly_map 1 [P] \<inverse>\<^bsub>1\<^esub> (to_R1 ` \<O>\<^sub>p)"
+proof-
+ obtain P0 where P0_def: "P0 = (to_poly (\<pp>[^](-n))) \<otimes>\<^bsub>Q\<^sub>p_x\<^esub>((X_poly Q\<^sub>p) \<ominus>\<^bsub>Q\<^sub>p_x\<^esub> to_poly c)"
+ by blast
+ have 0: "P0 \<in> carrier Q\<^sub>p_x"
+ proof-
+ have P0: "(X_poly Q\<^sub>p) \<ominus>\<^bsub>Q\<^sub>p_x\<^esub> to_poly c \<in> carrier Q\<^sub>p_x"
+ using UPQ.X_closed UPQ.to_poly_closed assms by blast
+ have P1: "(to_poly (\<pp>[^](-n))) \<in> carrier Q\<^sub>p_x"
+ using UPQ.to_poly_closed p_intpow_closed(1) by blast
+ then show ?thesis
+ using P0_def P0 P1
+ by blast
+ qed
+ have 1: "\<And>x. x \<in> carrier Q\<^sub>p \<Longrightarrow> P0 \<bullet> x = (\<pp>[^](-n)) \<otimes> (x \<ominus>\<^bsub>Q\<^sub>p\<^esub> c)"
+ proof- fix x assume A: "x \<in> carrier Q\<^sub>p"
+ have P0: "(to_poly (\<pp>[^](-n))) \<bullet> x = (\<pp>[^](-n))"
+ using A UPQ.to_fun_to_poly p_intpow_closed(1) by blast
+ have P1: "((X_poly Q\<^sub>p) \<ominus>\<^bsub>Q\<^sub>p_x\<^esub> to_poly c) \<bullet> x = (x \<ominus>\<^bsub>Q\<^sub>p\<^esub> c)"
+ by (metis A UPQ.to_fun_X_minus X_poly_minus_def assms)
+ have P2: "to_poly (\<pp>[^](-n)) \<in> carrier Q\<^sub>p_x"
+ using UPQ.to_poly_closed p_intpow_closed(1) by blast
+ have P3: "((X_poly Q\<^sub>p) \<ominus>\<^bsub>Q\<^sub>p_x\<^esub> to_poly c) \<in> carrier Q\<^sub>p_x"
+ using UPQ.X_closed UPQ.to_poly_closed assms by blast
+ have "to_poly (\<pp>[^]- n) \<otimes>\<^bsub>Q\<^sub>p_x\<^esub> ((X_poly Q\<^sub>p) \<ominus>\<^bsub>Q\<^sub>p_x\<^esub> to_poly c) \<bullet> x = to_poly (\<pp>[^]- n) \<bullet> x \<otimes> (((X_poly Q\<^sub>p) \<ominus>\<^bsub>Q\<^sub>p_x\<^esub> to_poly c) \<bullet> x)"
+ using A P0_def P0 P1 P2 P3 to_fun_mult[of "to_poly (\<pp>[^](-n))" "(X_poly Q\<^sub>p) \<ominus>\<^bsub>Q\<^sub>p_x\<^esub> to_poly c" x] UPQ.to_fun_mult
+ by blast
+ then have "to_poly (\<pp>[^]- n) \<otimes>\<^bsub>Q\<^sub>p_x\<^esub> ((X_poly Q\<^sub>p) \<ominus>\<^bsub>Q\<^sub>p_x\<^esub> to_poly c) \<bullet> x = (\<pp>[^](-n)) \<otimes> (x \<ominus>\<^bsub>Q\<^sub>p\<^esub> c) "
+ by (metis P0 P1)
+ then show "P0 \<bullet> x = (\<pp>[^](-n)) \<otimes> (x \<ominus>\<^bsub>Q\<^sub>p\<^esub> c)"
+ using P0_def by metis
+ qed
+ have 2: " (\<lambda>a. [a]) ` B\<^bsub>n\<^esub>[c] = poly_map 1 [from_Qp_x P0] \<inverse>\<^bsub>1\<^esub> ((\<lambda>a. [a]) ` \<O>\<^sub>p)"
+ proof
+ show "(\<lambda>a. [a]) ` B\<^bsub>n\<^esub>[c] \<subseteq> poly_map 1 [from_Qp_x P0] \<inverse>\<^bsub>1\<^esub> ((\<lambda>a. [a]) ` \<O>\<^sub>p)"
+ proof
+ fix x
+ assume A: "x \<in> (\<lambda>a. [a]) ` B\<^bsub>n\<^esub>[c]"
+ then obtain a where a_def: "x = [a] \<and> a \<in> B\<^bsub>n\<^esub>[c]"
+ by blast
+ have P0: "P0 \<bullet> a \<in> \<O>\<^sub>p"
+ proof-
+ have "B\<^bsub>n\<^esub>[c] \<subseteq> carrier Q\<^sub>p"
+ using c_ball_in_Qp by blast
+ hence a_closed: "a \<in> carrier Q\<^sub>p"
+ using a_def by blast
+ have P0: "P0 \<bullet> a = (\<pp>[^](-n)) \<otimes> (a \<ominus> c)"
+ using 1 a_def c_ballE(1)
+ by blast
+ then have P1: "val (P0 \<bullet> a) = val (\<pp>[^](-n)) + val (a \<ominus> c)"
+ using val_mult[of "\<pp>[^]-n" "a \<ominus> c"] a_closed assms Qp.minus_closed p_intpow_closed(1)
+ by presburger
+ then have P2: "val (P0 \<bullet> a) = val (a \<ominus>\<^bsub>Q\<^sub>p\<^esub> c) - n"
+ by (metis P0 Qp.m_comm Qp.minus_closed Qp_int_pow_nonzero assms local.a_closed
+ p_intpow_closed(1) p_intpow_inv'' p_nonzero val_fract val_p_int_pow)
+ have P3: "val (a \<ominus>\<^bsub>Q\<^sub>p\<^esub> c) \<ge> n"
+ using a_def c_ballE(2)
+ by blast
+ then have "val (P0 \<bullet> a) \<ge> -n + n"
+ using P2 by (metis add.commute diff_conv_add_uminus diff_self local.eint_minus_ineq' zero_eint_def)
+ then have P4: "val (P0 \<bullet> a) \<ge> 0"
+ by (metis add.commute add.right_inverse zero_eint_def)
+ have P5: "P0 \<bullet> a \<in> carrier Q\<^sub>p"
+ using "0" UPQ.to_fun_closed local.a_closed by blast
+ then show ?thesis using P4
+ using val_ring_val_criterion
+ by blast
+ qed
+ have "poly_map 1 [from_Qp_x P0] x = [Qp_ev (from_Qp_x P0) [a]] "
+ using a_def poly_map_def[of 1 "[from_Qp_x P0]"] poly_tuple_eval_def[of ]
+ by (metis Qp_poly_mapE' c_ballE(1) length_0_conv poly_map_cons Qp.to_R1_closed)
+ then have "poly_map 1 [from_Qp_x P0] x = [P0 \<bullet> a] "
+ using Qp_x_Qp_poly_eval[of P0 a]
+ by (metis "0" a_def c_ballE(1))
+ then have P1: "poly_map 1 [from_Qp_x P0] x \<in> ((\<lambda>a. [a]) ` \<O>\<^sub>p)"
+ using P0
+ by blast
+ have P2: "x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ using A c_ballE(1) Qp.to_R1_closed
+ by blast
+ have P3: "is_poly_tuple 1 [from_Qp_x P0]"
+ apply(rule Qp_is_poly_tupleI)
+ by (metis "0" Qp_is_poly_tupleI from_Qp_x_closed gr_implies_not0 is_poly_tupleE is_poly_tuple_Cons list.size(3) zero_neq_one)
+ show "x \<in> poly_map 1 [UP_to_IP Q\<^sub>p 0 P0] \<inverse>\<^bsub>1\<^esub> (\<lambda>a. [a]) ` \<O>\<^sub>p"
+ using P3 P2 P1 unfolding evimage_def poly_map_def
+ by blast
+ qed
+ have 20: "is_poly_tuple 1 [from_Qp_x P0]"
+ using 0 UP_to_IP_closed[of P0 "0::nat"]
+ unfolding is_poly_tuple_def
+ by (metis (no_types, lifting) empty_set from_Qp_x_closed list.simps(15) singletonD subset_code(1))
+ show "poly_map 1 [UP_to_IP Q\<^sub>p 0 P0] \<inverse>\<^bsub>1\<^esub> (\<lambda>a. [a]) ` \<O>\<^sub>p \<subseteq> (\<lambda>a. [a]) ` B\<^bsub>n\<^esub>[c]"
+ proof fix x assume A: "x \<in> poly_map 1 [UP_to_IP Q\<^sub>p 0 P0] \<inverse>\<^bsub>1\<^esub> ((\<lambda>a. [a]) ` \<O>\<^sub>p)"
+ have A0: "(\<lambda>a. [a]) ` \<O>\<^sub>p \<subseteq> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ using Qp_val_ring_is_univ_semialgebraic is_univ_semialgebraic_def Qp.to_R1_car_subset
+ Qp_val_ring_is_semialgebraic is_semialgebraic_closed by presburger
+ have "poly_map 1 [from_Qp_x P0] x \<in> ((\<lambda>a. [a]) ` \<O>\<^sub>p)"
+ using A0 A 20 by blast
+ then obtain a where a_def: "a \<in> \<O>\<^sub>p \<and> (poly_map 1 [from_Qp_x P0] x) = [a]"
+ by blast
+ have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ using A
+ by (meson evimage_eq)
+ then obtain y where y_def: "x = [y] \<and> y \<in> carrier Q\<^sub>p"
+ using A
+ by (metis Qp.to_R1_to_R Qp.to_R_pow_closed)
+ have "(poly_map 1 [from_Qp_x P0] x) = [(Qp_ev (from_Qp_x P0) [y])]"
+ unfolding poly_map_def poly_tuple_eval_def using x_closed
+ by (smt "20" One_nat_def length_Suc_conv list.size(3) nth_Cons_0 nth_map
+ poly_tuple_eval_closed poly_tuple_eval_def restrict_apply' Qp.to_R1_to_R y_def zero_less_Suc)
+ then have "(poly_map 1 [from_Qp_x P0] x) = [P0 \<bullet> y]"
+ by (metis "0" Qp_x_Qp_poly_eval y_def)
+ then have "[a] = [P0 \<bullet> y]"
+ using a_def
+ by presburger
+ then have A1: "a = (\<pp>[^](-n)) \<otimes> (y \<ominus>\<^bsub>Q\<^sub>p\<^esub> c)"
+ using 1[of y] y_def
+ by blast
+ have "y \<in> B\<^bsub>n\<^esub>[c]"
+ proof-
+ have B0: "val a = val (y \<ominus>\<^bsub>Q\<^sub>p\<^esub> c) - n"
+ using A1 y_def Qp.minus_closed assms times_p_pow_neg_val by blast
+ have B1: "val a \<ge> 0"
+ using a_def val_ring_memE by blast
+ then have "val (y \<ominus>\<^bsub>Q\<^sub>p\<^esub> c) - n \<ge> 0"
+ using B0
+ by metis
+ then have "val (y \<ominus>\<^bsub>Q\<^sub>p\<^esub> c) \<ge> n"
+ using eint_minus_int_pos by blast
+ then show "y \<in> B\<^bsub>n\<^esub>[c]"
+ using c_ballI y_def by blast
+ qed
+ then show "x \<in> (\<lambda>a. [a]) ` B\<^bsub>n\<^esub>[c]"
+ using y_def by blast
+ qed
+ qed
+ then show ?thesis
+ by (meson "0" from_Qp_x_closed)
+qed
+
+lemma ball_is_semialgebraic:
+ assumes "c \<in> carrier Q\<^sub>p"
+ shows "is_semialgebraic 1 (to_R1` B\<^bsub>n\<^esub>[c])"
+proof-
+ obtain P where P_def: "P \<in> carrier (Q\<^sub>p[\<X>\<^bsub>1\<^esub>]) \<and> to_R1` B\<^bsub>n\<^esub>[c] = poly_map 1 [P] \<inverse>\<^bsub>1\<^esub> (to_R1 ` \<O>\<^sub>p) "
+ using assms balls_as_pullbacks[of c n] by meson
+ have "is_poly_tuple 1 [P]"
+ using P_def unfolding is_poly_tuple_def
+ by (metis (no_types, opaque_lifting) list.inject list.set_cases neq_Nil_conv subset_code(1))
+ then show ?thesis
+ using assms P_def pullback_is_semialg[of 1 "[P]" 1 "((\<lambda>a. [a]) ` \<O>\<^sub>p) "]
+ by (metis (mono_tags, lifting) One_nat_def
+ Qp_val_ring_is_semialgebraic is_semialgebraic_def length_Suc_conv
+ list.distinct(1) list.size(3))
+qed
+
+lemma ball_is_univ_semialgebraic:
+ assumes "c \<in> carrier Q\<^sub>p"
+ shows "is_univ_semialgebraic (B\<^bsub>n\<^esub>[c])"
+ using assms ball_is_semialgebraic c_ball_in_Qp is_univ_semialgebraic_def
+ by presburger
+
+abbreviation Qp_to_R1_set where
+"Qp_to_R1_set S \<equiv> to_R1 ` S"
+
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>Finite Unions and Intersections of Semialgebraic Sets\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+
+definition are_semialgebraic where
+"are_semialgebraic n Xs = (\<forall> x. x \<in> Xs \<longrightarrow> is_semialgebraic n x)"
+
+lemma are_semialgebraicI:
+ assumes "\<And>x. x \<in> Xs \<Longrightarrow> is_semialgebraic n x "
+ shows "are_semialgebraic n Xs"
+ using are_semialgebraic_def assms by blast
+
+lemma are_semialgebraicE:
+ assumes "are_semialgebraic n Xs"
+ assumes "x \<in> Xs"
+ shows "is_semialgebraic n x"
+ using are_semialgebraic_def assms(1) assms(2) by blast
+
+definition are_univ_semialgebraic where
+"are_univ_semialgebraic Xs = (\<forall> x. x \<in> Xs \<longrightarrow> is_univ_semialgebraic x)"
+
+lemma are_univ_semialgebraicI:
+ assumes "\<And>x. x \<in> Xs \<Longrightarrow> is_univ_semialgebraic x "
+ shows "are_univ_semialgebraic Xs"
+ using are_univ_semialgebraic_def assms by blast
+
+lemma are_univ_semialgebraicE:
+ assumes "are_univ_semialgebraic Xs"
+ assumes "x \<in> Xs"
+ shows "is_univ_semialgebraic x"
+ using are_univ_semialgebraic_def assms(1) assms(2) by blast
+
+lemma are_univ_semialgebraic_semialgebraic:
+ assumes "are_univ_semialgebraic Xs"
+ shows "are_semialgebraic 1 (Qp_to_R1_set ` Xs)"
+ apply(rule are_semialgebraicI)
+ using are_univ_semialgebraicE assms image_iff is_univ_semialgebraicE
+ by (metis (no_types, lifting))
+
+lemma to_R1_set_union:
+"to_R1 ` (\<Union> Xs) = \<Union> (Qp_to_R1_set ` Xs)"
+ using image_iff by blast
+
+lemma to_R1_inter:
+ assumes "Xs \<noteq> {}"
+ shows "to_R1 ` (\<Inter> Xs) = \<Inter> (Qp_to_R1_set ` Xs)"
+proof
+ show "to_R1 ` (\<Inter> Xs) \<subseteq> \<Inter> (Qp_to_R1_set ` Xs)"
+ by blast
+ show "\<Inter> (Qp_to_R1_set ` Xs) \<subseteq> to_R1 ` (\<Inter> Xs)"
+ proof fix x
+ assume A: "x \<in> \<Inter> (Qp_to_R1_set ` Xs)"
+ then have 0: "\<And>S. S \<in> Xs \<Longrightarrow> x \<in> (Qp_to_R1_set S)"
+ by blast
+ obtain S where "S \<in> Xs \<and> x \<in> (Qp_to_R1_set S)"
+ using assms 0
+ by blast
+ then obtain b where b_def: "b \<in> S \<and> x = [b]"
+ by blast
+ have "b \<in> (\<Inter> Xs)"
+ using "0" b_def by blast
+ then show "x \<in> to_R1 ` (\<Inter> Xs)"
+ using b_def by blast
+ qed
+qed
+
+lemma finite_union_is_semialgebraic:
+ assumes "finite Xs"
+ shows "Xs \<subseteq> semialg_sets n \<longrightarrow> is_semialgebraic n (\<Union> Xs)"
+ apply(rule finite.induct[of Xs])
+ apply (simp add: assms)
+ apply (simp add: empty_is_semialgebraic)
+ by (metis Sup_insert insert_subset is_semialgebraicI union_is_semialgebraic)
+
+lemma finite_union_is_semialgebraic':
+ assumes "finite Xs"
+ assumes "Xs \<subseteq> semialg_sets n "
+ shows "is_semialgebraic n (\<Union> Xs)"
+ using assms(1) assms(2) finite_union_is_semialgebraic by blast
+
+lemma(in padic_fields) finite_union_is_semialgebraic'':
+ assumes "finite S"
+ assumes "\<And>x. x \<in> S \<Longrightarrow> is_semialgebraic m (F x)"
+ shows "is_semialgebraic m (\<Union> x \<in> S. F x)"
+ using assms finite_union_is_semialgebraic[of "F`S" m] unfolding is_semialgebraic_def
+ by blast
+
+lemma finite_union_is_univ_semialgebraic':
+ assumes "finite Xs"
+ assumes "are_univ_semialgebraic Xs"
+ shows "is_univ_semialgebraic (\<Union> Xs)"
+proof-
+ have "is_semialgebraic 1 (Qp_to_R1_set (\<Union> Xs))"
+ using assms finite_union_is_semialgebraic'[of "((`) (\<lambda>a. [a]) ` Xs)"] to_R1_set_union[of Xs]
+ by (metis (no_types, lifting) are_semialgebraicE are_univ_semialgebraic_semialgebraic
+ finite_imageI is_semialgebraicE subsetI)
+ then show ?thesis
+ using is_univ_semialgebraicI by blast
+qed
+
+lemma finite_intersection_is_semialgebraic:
+ assumes "finite Xs"
+ shows "Xs \<subseteq> semialg_sets n \<and> Xs \<noteq>{} \<longrightarrow> is_semialgebraic n (\<Inter> Xs)"
+ apply(rule finite.induct[of Xs])
+ apply (simp add: assms)
+ apply auto[1]
+proof fix A::"((nat \<Rightarrow> int) \<times> (nat \<Rightarrow> int)) set list set set" fix a
+ assume 0: "finite A"
+ assume 1: "A \<subseteq> semialg_sets n \<and> A \<noteq> {} \<longrightarrow> is_semialgebraic n (\<Inter> A) "
+ assume 2: "insert a A \<subseteq> semialg_sets n \<and> insert a A \<noteq> {}"
+ show "is_semialgebraic n (\<Inter> (insert a A))"
+ proof(cases "A = {}")
+ case True
+ then have "insert a A = {a}"
+ by simp
+ then show ?thesis
+ by (metis "2" cInf_singleton insert_subset is_semialgebraicI)
+ next
+ case False
+ then have "A \<subseteq> semialg_sets n \<and> A \<noteq> {}"
+ using "2" by blast
+ then have "is_semialgebraic n (\<Inter> A) "
+ using "1" by linarith
+ then show ?thesis
+ using 0 1 2 intersection_is_semialg
+ by (metis Inf_insert insert_subset is_semialgebraicI)
+ qed
+qed
+
+lemma finite_intersection_is_semialgebraic':
+ assumes "finite Xs"
+ assumes "Xs \<subseteq> semialg_sets n \<and> Xs \<noteq>{}"
+ shows " is_semialgebraic n (\<Inter> Xs)"
+ by (simp add: assms(1) assms(2) finite_intersection_is_semialgebraic)
+
+lemma finite_intersection_is_semialgebraic'':
+ assumes "finite Xs"
+ assumes "are_semialgebraic n Xs \<and> Xs \<noteq>{}"
+ shows " is_semialgebraic n (\<Inter> Xs)"
+ by (meson are_semialgebraicE assms(1) assms(2)
+ finite_intersection_is_semialgebraic' is_semialgebraicE subsetI)
+
+lemma finite_intersection_is_univ_semialgebraic:
+ assumes "finite Xs"
+ assumes "are_univ_semialgebraic Xs"
+ assumes "Xs \<noteq> {}"
+ shows "is_univ_semialgebraic (\<Inter> Xs)"
+proof-
+ have "are_semialgebraic 1 (Qp_to_R1_set ` Xs)"
+ using are_univ_semialgebraic_semialgebraic assms(2) by blast
+ then have "is_semialgebraic 1 (\<Inter> (Qp_to_R1_set ` Xs))"
+ using assms finite_intersection_is_semialgebraic''[of "Qp_to_R1_set ` Xs" 1]
+ by blast
+ then have "is_semialgebraic 1 (Qp_to_R1_set (\<Inter> Xs))"
+ using assms to_R1_inter[of Xs]
+ by presburger
+ then show ?thesis
+ using is_univ_semialgebraicI by blast
+qed
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Cartesian Products of Semialgebraic Sets\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+lemma Qp_times_basic_semialg_right:
+ assumes "a \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "cartesian_product (basic_semialg_set n k a) (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) = basic_semialg_set (n+ m) k a"
+proof
+ show "cartesian_product (basic_semialg_set n k a) (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) \<subseteq> basic_semialg_set (n + m) k a"
+ proof fix x
+ assume "x \<in> cartesian_product (basic_semialg_set n k a) (carrier (Q\<^sub>p\<^bsup>m\<^esup>))"
+ then obtain as bs where as_bs_def: "as \<in> (basic_semialg_set n k a) \<and> bs \<in> (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) \<and> x = as@bs"
+ using cartesian_product_memE[of x "basic_semialg_set n k a" "carrier (Q\<^sub>p\<^bsup>m\<^esup>)" Q\<^sub>p n]
+ basic_semialg_set_def
+ by (metis (no_types, lifting) append_take_drop_id basic_semialg_set_memE(1) subsetI)
+ have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>n+m\<^esup>)"
+ using as_bs_def basic_semialg_set_memE(1) cartesian_product_closed'
+ by blast
+ have 1: "(Qp_ev a x = Qp_ev a as)"
+ using as_bs_def poly_eval_cartesian_prod[of as n bs m a] assms basic_semialg_set_memE(1) by blast
+ obtain y where y_def: "y \<in> carrier Q\<^sub>p \<and> (Qp_ev a as = (y[^]k))"
+ using as_bs_def using basic_semialg_set_memE(2)[of as n k a] by blast
+ show "x \<in> basic_semialg_set (n + m) k a"
+ apply(rule basic_semialg_set_memI[of _ _ y])
+ apply (simp add: "0")
+ apply (simp add: y_def)
+ using "1" y_def by blast
+ qed
+ show "basic_semialg_set (n + m) k a \<subseteq> cartesian_product (basic_semialg_set n k a) (carrier (Q\<^sub>p\<^bsup>m\<^esup>))"
+ proof fix x
+ assume A: "x \<in> basic_semialg_set (n + m) k a"
+ have A0: "x \<in> carrier (Q\<^sub>p\<^bsup>n+m\<^esup>)"
+ using A basic_semialg_set_memE(1) by blast
+ have A1: "set x \<subseteq> carrier Q\<^sub>p"
+ using A0
+ by (metis (no_types, lifting) cartesian_power_car_memE cartesian_power_car_memE' in_set_conv_nth subsetI)
+ have A2: "length x = n + m"
+ using A0 cartesian_power_car_memE
+ by blast
+ obtain as where as_def: "as = take n x"
+ by blast
+ obtain bs where bs_def: "bs = drop n x"
+ by blast
+ have 0: "x = as@bs"
+ using A as_def bs_def
+ by (metis append_take_drop_id)
+ have 1: "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ using as_def A2
+ apply (simp add: A2 min.absorb2)
+ by (metis (no_types, lifting) A1 as_def dual_order.trans set_take_subset)
+ have 2: "bs \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ using bs_def A2
+ apply (simp add: A2)
+ by (metis A1 bs_def order.trans set_drop_subset)
+ obtain y where y_def: "y \<in> carrier Q\<^sub>p \<and> Qp_ev a x = (y[^]k)"
+ using basic_semialg_set_memE A by meson
+ have 3: "as \<in> basic_semialg_set n k a"
+ apply(rule basic_semialg_set_memI[of _ _ y])
+ apply (simp add: "1")
+ using \<open>y \<in> carrier Q\<^sub>p \<and> Qp_ev a x = (y[^]k)\<close> apply blast
+ using y_def A 1 0 2 assms(1) poly_eval_cartesian_prod by blast
+ show " x \<in> cartesian_product (basic_semialg_set n k a) (carrier (Q\<^sub>p\<^bsup>m\<^esup>))"
+ using 3 2 "0"
+ by (metis (mono_tags, lifting) as_def basic_semialg_set_memE(1) bs_def cartesian_product_memI subsetI)
+ qed
+qed
+
+lemma Qp_times_basic_semialg_right_is_semialgebraic:
+ assumes "k > 0"
+ assumes "a \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "is_semialgebraic (n + m) (cartesian_product (basic_semialg_set n k a) (carrier (Q\<^sub>p\<^bsup>m\<^esup>)))"
+proof-
+ have 0: "cartesian_product (basic_semialg_set n k a) (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) = basic_semialg_set (n+ m) k a"
+ using Qp_times_basic_semialg_right assms
+ by presburger
+ have 1: " a \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n+m\<^esub>])"
+ using assms poly_ring_car_mono'(2) by blast
+ have 2: "is_semialgebraic (n + m) (basic_semialg_set (n + m) k a)"
+ using assms basic_semialg_is_semialgebraic'[of a "n+m" k "basic_semialg_set (n + m) k a"]
+ "1" by blast
+ show ?thesis
+ using 0 2
+ by metis
+qed
+
+lemma Qp_times_basic_semialg_right_is_semialgebraic':
+ assumes "A \<in> basic_semialgs n"
+ shows "is_semialgebraic (n + m) (cartesian_product A (carrier (Q\<^sub>p\<^bsup>m\<^esup>)))"
+proof-
+ obtain k P where "k \<noteq> 0 \<and> P\<in>carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])\<and> A = basic_semialg_set n k P"
+ using assms is_basic_semialg_def
+ by (metis mem_Collect_eq)
+ then show ?thesis using
+ Qp_times_basic_semialg_right_is_semialgebraic[of k P]
+ using assms(1) by blast
+qed
+
+lemma cartesian_product_memE':
+ assumes "x \<in> cartesian_product A B"
+ obtains a b where "a \<in> A \<and> b \<in> B \<and> x = a@b"
+ using assms unfolding cartesian_product_def by blast
+
+lemma Qp_times_basic_semialg_left:
+ assumes "a \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "cartesian_product (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) (basic_semialg_set n k a) = basic_semialg_set (n+m) k (shift_vars n m a)"
+proof
+ show "cartesian_product (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) (basic_semialg_set n k a) \<subseteq> basic_semialg_set (n + m) k (shift_vars n m a)"
+ proof fix x
+ assume A: "x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) (basic_semialg_set n k a)"
+ then obtain as bs where as_bs_def: "as \<in> (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) \<and> bs \<in> (basic_semialg_set n k a) \<and> x = as@bs "
+ using cartesian_product_memE' by blast
+ have 0: "Qp_ev (shift_vars n m a) x = Qp_ev a bs"
+ using A as_bs_def assms shift_vars_eval[of a n as m bs ]
+ by (metis (no_types, lifting) basic_semialg_set_memE(1))
+ obtain y where y_def: "y \<in> carrier Q\<^sub>p \<and> Qp_ev a bs = (y[^]k)"
+ using as_bs_def basic_semialg_set_memE(2)
+ by blast
+ have 1: "x \<in> carrier (Q\<^sub>p\<^bsup>n+m\<^esup>)"
+ using A as_bs_def
+ by (metis (no_types, lifting) add.commute basic_semialg_set_memE(1) cartesian_product_closed')
+ show "x \<in> basic_semialg_set (n + m) k (shift_vars n m a)"
+ apply(rule basic_semialg_set_memI[of _ _ y])
+ apply (simp add: "1")
+ using y_def apply blast
+ using "0" y_def by blast
+ qed
+ show "basic_semialg_set (n + m) k (shift_vars n m a) \<subseteq> cartesian_product (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) (basic_semialg_set n k a) "
+ proof fix x
+ assume A: "x \<in> basic_semialg_set (n + m) k (shift_vars n m a)"
+ then obtain y where y_def: "y \<in> carrier Q\<^sub>p \<and> Qp_ev (shift_vars n m a) x = (y[^]k)"
+ using assms basic_semialg_set_memE[of x "n + m" k "shift_vars n m a"]
+ shift_vars_closed[of a m] Qp.cring_axioms
+ by blast
+ have "x \<in> carrier (Q\<^sub>p\<^bsup>m+n\<^esup>)"
+ using A basic_semialg_set_memE(1)
+ by (metis add.commute)
+ then have "x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) (carrier (Q\<^sub>p\<^bsup>n\<^esup>))"
+ using cartesian_product_carrier by blast
+ then obtain as bs where as_bs_def: "x = as@bs \<and> as \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<and> bs \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ by (meson cartesian_product_memE')
+ have "bs \<in> (basic_semialg_set n k a)"
+ apply(rule basic_semialg_set_memI[of _ _ y])
+ using as_bs_def apply blast
+ apply (simp add: y_def)
+ using y_def shift_vars_eval[of a n as m bs ] as_bs_def assms(1)
+ by metis
+ then show "x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) (basic_semialg_set n k a)"
+ using as_bs_def unfolding cartesian_product_def
+ by blast
+ qed
+qed
+
+lemma Qp_times_basic_semialg_left_is_semialgebraic:
+ assumes "k > 0"
+ assumes "a \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "is_semialgebraic (n + m) (cartesian_product (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) (basic_semialg_set n k a))"
+ using basic_semialg_is_semialgebraic'[of a "n+m" k] Qp_times_basic_semialg_left
+ by (metis assms(1) assms(2) basic_semialg_is_semialgebraic is_basic_semialg_def neq0_conv shift_vars_closed)
+
+lemma Qp_times_basic_semialg_left_is_semialgebraic':
+ assumes "A \<in> basic_semialgs n"
+ shows "is_semialgebraic (n + m) (cartesian_product (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) A)"
+proof-
+ obtain k P where "k \<noteq> 0 \<and> P\<in>carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])\<and> A = basic_semialg_set n k P"
+ using assms is_basic_semialg_def
+ by (metis mem_Collect_eq)
+ then show ?thesis using
+ Qp_times_basic_semialg_left_is_semialgebraic[of k P]
+ using assms(1) by blast
+qed
+
+lemma product_of_basic_semialgs_is_semialg:
+ assumes "k > 0"
+ assumes "l > 0"
+ assumes "a \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "b \<in> carrier (Q\<^sub>p[\<X>\<^bsub>m\<^esub>])"
+ shows "is_semialgebraic (n + m) (cartesian_product (basic_semialg_set n k a) (basic_semialg_set m l b))"
+proof-
+ have 0: "cartesian_product (basic_semialg_set n k a) (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) = basic_semialg_set (n+ m) k a"
+ using Qp_times_basic_semialg_right assms by presburger
+ have 1: "cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) (basic_semialg_set m l b) = basic_semialg_set (m + n) l (shift_vars m n b)"
+ using Qp_times_basic_semialg_left assms by blast
+ have 2: "(cartesian_product (basic_semialg_set n k a) (basic_semialg_set m l b)) =
+ cartesian_product (basic_semialg_set n k a) (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) \<inter>
+ cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) (basic_semialg_set m l b)"
+ proof-
+ have 0: "basic_semialg_set n k a \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using basic_semialg_set_memE(1) by blast
+ have 1: "carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ by simp
+ have 2: "carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ by simp
+ have 3: "basic_semialg_set m l b \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using basic_semialg_set_memE(1) by blast
+ show ?thesis
+ using 0 1 2 3 cartesian_product_intersection[of "(basic_semialg_set n k a)" Q\<^sub>p n
+ "(carrier (Q\<^sub>p\<^bsup>m\<^esup>))" m
+ "(carrier (Q\<^sub>p\<^bsup>n\<^esup>))" "(basic_semialg_set m l b)"]
+ by (smt Collect_cong inf.absorb_iff1 inf.absorb_iff2)
+ qed
+ then show ?thesis
+ using Qp_times_basic_semialg_left_is_semialgebraic
+ Qp_times_basic_semialg_right_is_semialgebraic assms
+ by (metis (no_types, lifting) add.commute intersection_is_semialg)
+qed
+
+lemma product_of_basic_semialgs_is_semialg':
+ assumes "A \<in> (basic_semialgs n)"
+ assumes "B \<in> (basic_semialgs m)"
+ shows "is_semialgebraic (n + m) (cartesian_product A B)"
+proof-
+ obtain k a where ka_def: "k > 0 \<and> a \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) \<and> A = (basic_semialg_set n k a)"
+ using assms
+ by (metis is_basic_semialg_def mem_Collect_eq neq0_conv)
+ obtain l b where lb_def: "l > 0 \<and> b \<in> carrier (Q\<^sub>p[\<X>\<^bsub>m\<^esub>]) \<and> B = (basic_semialg_set m l b)"
+ by (metis assms(2) gr_zeroI is_basic_semialg_def mem_Collect_eq)
+ show ?thesis using ka_def lb_def assms product_of_basic_semialgs_is_semialg
+ by blast
+qed
+
+lemma car_times_semialg_is_semialg:
+ assumes "is_semialgebraic m B"
+ shows "is_semialgebraic (n + m) (cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) B)"
+ apply(rule gen_boolean_algebra.induct[of B "carrier (Q\<^sub>p\<^bsup>m\<^esup>)""basic_semialgs m"])
+ using assms is_semialgebraic_def semialg_sets_def apply blast
+ apply (simp add: carrier_is_semialgebraic cartesian_product_carrier)
+proof-
+ show "\<And>A. A \<in> basic_semialgs m \<Longrightarrow> is_semialgebraic (n + m) (cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) (A \<inter> carrier (Q\<^sub>p\<^bsup>m\<^esup>)))"
+ proof-
+ fix A assume A: "A \<in> basic_semialgs m "
+ then have " (A \<inter> carrier (Q\<^sub>p\<^bsup>m\<^esup>)) = A"
+ by (metis basic_semialg_set_memE(1) inf_absorb1 is_basic_semialg_def mem_Collect_eq subsetI)
+ then show "is_semialgebraic (n + m) (cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) (A \<inter> carrier (Q\<^sub>p\<^bsup>m\<^esup>)))"
+ using add.commute[of n m] assms A
+ Qp_times_basic_semialg_left_is_semialgebraic'
+ by (simp add: \<open>n + m = m + n\<close>)
+ qed
+ show "\<And>A C. A \<in> gen_boolean_algebra (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) (basic_semialgs m) \<Longrightarrow>
+ is_semialgebraic (n + m) (cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) A) \<Longrightarrow>
+ C \<in> gen_boolean_algebra (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) (basic_semialgs m) \<Longrightarrow>
+ is_semialgebraic (n + m) (cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) C) \<Longrightarrow>
+ is_semialgebraic (n + m) (cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) (A \<union> C))"
+ proof- fix A C assume A: " A \<in> gen_boolean_algebra (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) (basic_semialgs m)"
+ "is_semialgebraic (n + m) (cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) A)"
+ "C \<in> gen_boolean_algebra (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) (basic_semialgs m)"
+ " is_semialgebraic (n + m) (cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) C)"
+ then have B: "is_semialgebraic (n + m) (cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) A \<union> cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) C)"
+ using union_is_semialgebraic by blast
+ show "is_semialgebraic (n + m) (cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) (A \<union> C))"
+ proof-
+ have 0: "A \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using A(1) gen_boolean_algebra_subset
+ by blast
+ have 1: " C \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using A(3) gen_boolean_algebra_subset
+ by blast
+ then show ?thesis using 0 A B
+ using cartesian_product_binary_union_right[of A Q\<^sub>p m C "(carrier (Q\<^sub>p\<^bsup>n\<^esup>))"]
+ unfolding is_semialgebraic_def semialg_sets_def
+ by presburger
+ qed
+ qed
+ show "\<And>A. A \<in> gen_boolean_algebra (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) (basic_semialgs m) \<Longrightarrow>
+ is_semialgebraic (n + m) (cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) A) \<Longrightarrow>
+ is_semialgebraic (n + m) (cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) (carrier (Q\<^sub>p\<^bsup>m\<^esup>) - A))"
+ proof- fix A assume A: "A \<in> gen_boolean_algebra (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) (basic_semialgs m)"
+ "is_semialgebraic (n + m) (cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) A)"
+ then have "A \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using gen_boolean_algebra_subset
+ by blast
+ then show "is_semialgebraic (n + m) (cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) (carrier (Q\<^sub>p\<^bsup>m\<^esup>) - A))"
+ using A cartesian_product_car_complement_right[of A Q\<^sub>p m n]
+ unfolding is_semialgebraic_def semialg_sets_def
+ by (metis (mono_tags, lifting) semialg_complement semialg_sets_def)
+ qed
+qed
+
+lemma basic_semialg_times_semialg_is_semialg:
+ assumes "A \<in> basic_semialgs n"
+ assumes "is_semialgebraic m B"
+ shows " is_semialgebraic (n + m) (cartesian_product A B)"
+ apply(rule gen_boolean_algebra.induct[of B "carrier (Q\<^sub>p\<^bsup>m\<^esup>)""basic_semialgs m"])
+ using assms(2) is_semialgebraic_def semialg_sets_def apply blast
+ using Qp_times_basic_semialg_right_is_semialgebraic' assms(1) apply blast
+ apply (metis assms(1) basic_semialg_is_semialgebraic inf.absorb1 is_semialgebraic_closed mem_Collect_eq product_of_basic_semialgs_is_semialg')
+ apply (metis (no_types, lifting) cartesian_product_binary_union_right is_semialgebraicI is_semialgebraic_closed semialg_sets_def union_is_semialgebraic)
+proof-
+ show "\<And>Aa. Aa \<in> gen_boolean_algebra (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) (basic_semialgs m) \<Longrightarrow>
+ is_semialgebraic (n + m) (cartesian_product A Aa) \<Longrightarrow> is_semialgebraic (n + m) (cartesian_product A (carrier (Q\<^sub>p\<^bsup>m\<^esup>) - Aa))"
+ proof- fix B assume A: "B \<in> gen_boolean_algebra (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) (basic_semialgs m)"
+ "is_semialgebraic (n + m) (cartesian_product A B)"
+ show "is_semialgebraic (n + m) (cartesian_product A (carrier (Q\<^sub>p\<^bsup>m\<^esup>) - B))"
+ using A assms cartesian_product_complement_right[of B Q\<^sub>p m A n] add.commute[of n m]
+ proof -
+ have f1: "\<forall>n B. \<not> is_semialgebraic n B \<or> B \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ by (meson is_semialgebraic_closed)
+ have "is_basic_semialg n A"
+ using \<open>A \<in> {S. is_basic_semialg n S}\<close> by blast
+ then have f2: "is_semialgebraic n A"
+ using padic_fields.basic_semialg_is_semialgebraic padic_fields_axioms by blast
+ have "B \<in> semialg_sets m"
+ using \<open>B \<in> gen_boolean_algebra (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) {S. is_basic_semialg m S}\<close> semialg_sets_def by blast
+ then have "is_semialgebraic m B"
+ by (meson padic_fields.is_semialgebraicI padic_fields_axioms)
+ then show ?thesis
+ using f2 f1 by (metis (no_types) Qp_times_basic_semialg_right_is_semialgebraic' \<open>A \<in> {S. is_basic_semialg n S}\<close> \<open>\<lbrakk>B \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>); A \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)\<rbrakk> \<Longrightarrow> cartesian_product A (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) - cartesian_product A B = cartesian_product A (carrier (Q\<^sub>p\<^bsup>m\<^esup>) - B)\<close> \<open>is_semialgebraic (n + m) (cartesian_product A B)\<close> diff_is_semialgebraic)
+ qed
+ qed
+qed
+
+text\<open>Semialgebraic sets are closed under cartesian products\<close>
+
+lemma cartesian_product_is_semialgebraic:
+ assumes "is_semialgebraic n A"
+ assumes "is_semialgebraic m B"
+ shows "is_semialgebraic (n + m) (cartesian_product A B)"
+ apply(rule gen_boolean_algebra.induct[of A "carrier (Q\<^sub>p\<^bsup>n\<^esup>)""basic_semialgs n"])
+ using assms is_semialgebraicE semialg_sets_def apply blast
+ using assms car_times_semialg_is_semialg apply blast
+ using assms basic_semialg_times_semialg_is_semialg
+ apply (simp add: Int_absorb2 basic_semialg_is_semialgebraic is_semialgebraic_closed)
+proof-
+ show "\<And>A C. A \<in> gen_boolean_algebra (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) (basic_semialgs n) \<Longrightarrow>
+ is_semialgebraic (n + m) (cartesian_product A B) \<Longrightarrow>
+ C \<in> gen_boolean_algebra (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) (basic_semialgs n) \<Longrightarrow>
+ is_semialgebraic (n + m) (cartesian_product C B) \<Longrightarrow> is_semialgebraic (n + m) (cartesian_product (A \<union> C) B)"
+ proof- fix A C assume A: "A \<in> gen_boolean_algebra (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) (basic_semialgs n)"
+ "is_semialgebraic (n + m) (cartesian_product A B)"
+ "C \<in> gen_boolean_algebra (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) (basic_semialgs n)"
+ "is_semialgebraic (n + m) (cartesian_product C B)"
+ show "is_semialgebraic (n + m) (cartesian_product (A \<union> C) B)"
+ using A cartesian_product_binary_union_left[of A Q\<^sub>p n C B]
+ by (metis (no_types, lifting) gen_boolean_algebra_subset union_is_semialgebraic)
+ qed
+ show "\<And>A. A \<in> gen_boolean_algebra (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) (basic_semialgs n) \<Longrightarrow>
+ is_semialgebraic (n + m) (cartesian_product A B) \<Longrightarrow> is_semialgebraic (n + m) (cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>) - A) B)"
+ proof- fix A assume A: "A \<in> gen_boolean_algebra (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) (basic_semialgs n)"
+ "is_semialgebraic (n + m) (cartesian_product A B)"
+ show "is_semialgebraic (n + m) (cartesian_product (carrier (Q\<^sub>p\<^bsup>n\<^esup>) - A) B)"
+ using assms A cartesian_product_complement_left[of A Q\<^sub>p n B m]
+ unfolding is_semialgebraic_def semialg_sets_def
+ by (metis car_times_semialg_is_semialg diff_is_semialgebraic is_semialgebraicE is_semialgebraicI
+ is_semialgebraic_closed semialg_sets_def)
+ qed
+qed
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>$N^{th}$ Power Residues\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+definition nth_root_poly where
+"nth_root_poly (n::nat) a = ((X_poly Q\<^sub>p) [^]\<^bsub>Q\<^sub>p_x\<^esub> n) \<ominus>\<^bsub>Q\<^sub>p_x\<^esub> (to_poly a)"
+
+lemma nth_root_poly_closed:
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "nth_root_poly n a \<in> carrier Q\<^sub>p_x"
+ using assms unfolding nth_root_poly_def
+ by (meson UPQ.P.minus_closed UPQ.P.nat_pow_closed UPQ.X_closed UPQ.to_poly_closed)
+
+lemma nth_root_poly_eval:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ shows "(nth_root_poly n a) \<bullet> b = (b[^]n) \<ominus>\<^bsub>Q\<^sub>p\<^esub> a"
+ using assms unfolding nth_root_poly_def
+ using UPQ.P.nat_pow_closed UPQ.X_closed UPQ.to_fun_X_pow UPQ.to_fun_diff UPQ.to_fun_to_poly UPQ.to_poly_closed by presburger
+
+text\<open>Hensel's lemma gives us this criterion for the existence of \<open>n\<close>-th roots\<close>
+
+lemma nth_root_poly_root:
+ assumes "(n::nat) > 1"
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "a \<noteq> \<one>"
+ assumes "val (\<one> \<ominus>\<^bsub>Q\<^sub>p\<^esub> a) > 2* val ([n]\<cdot>\<one>)"
+ shows "(\<exists> b \<in> \<O>\<^sub>p. ((b[^]n) = a))"
+proof-
+ obtain \<alpha> where alpha_def: "\<alpha> \<in> carrier Z\<^sub>p \<and> \<iota> \<alpha> = a"
+ using assms(2) by blast
+ have 0: "\<alpha> \<in> carrier Z\<^sub>p"
+ by (simp add: alpha_def)
+ have 1: "\<alpha> \<noteq> \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ using assms alpha_def inc_of_one
+ by blast
+ obtain N where N_def: "N = [n]\<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ by blast
+ have N_closed: "N \<in> carrier Z\<^sub>p"
+ using N_def Zp_nat_mult_closed
+ by blast
+ have 2: "\<iota> ([n]\<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>) = ([n]\<cdot> \<one>)"
+ proof(induction n)
+ case 0
+ have 00: "[(0::nat)] \<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub> = \<zero>\<^bsub>Z\<^sub>p\<^esub>"
+ using Zp_nat_inc_zero by blast
+ have 01: "[(0::nat)] \<cdot>\<^bsub>Q\<^sub>p\<^esub> \<one> = \<zero>"
+ using Qp.nat_inc_zero by blast
+ then show ?case
+ using 00 inc_of_nat by blast
+ next
+ case (Suc n)
+ then show ?case
+ using inc_of_nat by blast
+ qed
+ have 3: "val_Zp (\<one>\<^bsub>Z\<^sub>p\<^esub> \<ominus>\<^bsub>Z\<^sub>p\<^esub> \<alpha>) = val (\<one> \<ominus>\<^bsub>Q\<^sub>p\<^esub> a)"
+ using alpha_def Zp.one_closed ring_hom_one[of \<iota> Z\<^sub>p Q\<^sub>p] inc_is_hom Zp.ring_hom_minus[of Q\<^sub>p \<iota> "\<one>\<^bsub>Z\<^sub>p\<^esub>" \<alpha> ]
+ Qp.ring_axioms
+ unfolding \<iota>_def
+ by (metis Q\<^sub>p_def Zp.minus_closed Zp_def padic_fields.val_of_inc padic_fields_axioms)
+ have 4: "([n]\<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>) \<in> nonzero Z\<^sub>p"
+ proof-
+ have 40: "int n \<ge> 0"
+ using of_nat_0_le_iff by blast
+ have "nat (int n) = n"
+ using nat_int by blast
+ hence "[n]\<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub> = [int n]\<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ using 40 unfolding add_pow_def int_pow_def nat_pow_def
+ proof -
+ have "(if int n < 0 then inv\<^bsub>add_monoid Z\<^sub>p\<^esub> rec_nat \<one>\<^bsub>add_monoid Z\<^sub>p\<^esub> (\<lambda>n f. f \<otimes>\<^bsub>add_monoid Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>) 0 else rec_nat \<one>\<^bsub>add_monoid Z\<^sub>p\<^esub> (\<lambda>n f. f \<otimes>\<^bsub>add_monoid Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>) n) = rec_nat \<one>\<^bsub>add_monoid Z\<^sub>p\<^esub> (\<lambda>n f. f \<otimes>\<^bsub>add_monoid Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>) n"
+ by (meson of_nat_less_0_iff)
+ then show "rec_nat \<one>\<^bsub>add_monoid Z\<^sub>p\<^esub> (\<lambda>n f. f \<otimes>\<^bsub>add_monoid Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>) n = (let f = rec_nat \<one>\<^bsub>add_monoid Z\<^sub>p\<^esub> (\<lambda>n f. f \<otimes>\<^bsub>add_monoid Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>) in if int n < 0 then inv\<^bsub>add_monoid Z\<^sub>p\<^esub> f (nat (- int n)) else f (nat (int n)))"
+ using \<open>nat (int n) = n\<close> by presburger
+ qed
+ thus ?thesis
+ using Zp_char_0[of n] Zp.not_nonzero_memE Zp_char_0' assms(1) gr_implies_not_zero by blast
+ qed
+ then have 5: "val_Zp ([n]\<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>) = val ([n]\<cdot>\<^bsub>Q\<^sub>p\<^esub> (\<one>))"
+ using 2 ord_of_inc
+ by (metis N_closed N_def val_of_inc)
+ then have 6: "(val_Zp (\<one>\<^bsub>Z\<^sub>p\<^esub> \<ominus>\<^bsub>Z\<^sub>p\<^esub> \<alpha>)) > 2*(val_Zp ([n]\<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>))"
+ using assms 3 by presburger
+ have "\<exists> b \<in> carrier Z\<^sub>p. (b[^]\<^bsub>Z\<^sub>p\<^esub>n= \<alpha>)"
+ using Zp_nth_root_lemma[of \<alpha> n] assms "0" "1" "6" by blast
+ then obtain b where b_def: "b \<in> carrier Z\<^sub>p \<and> (b[^]\<^bsub>Z\<^sub>p\<^esub>n= \<alpha>)"
+ by blast
+ then have "\<iota> (b [^]\<^bsub>Z\<^sub>p\<^esub>n) = a"
+ using alpha_def by blast
+ then have "(\<iota> b) [^] n = a"
+ by (metis Qp.nat_inc_zero Q\<^sub>p_def Qp.nat_pow_zero Zp.nat_pow_0 Zp.nat_pow_zero
+ Zp_nat_inc_zero \<iota>_def alpha_def assms(3) b_def frac_inc_of_nat inc_of_one inc_pow not_nonzero_Qp)
+ then show ?thesis
+ using b_def by blast
+qed
+
+text\<open>All points sufficiently close to 1 have nth roots\<close>
+
+lemma eint_nat_times_2:
+"2*(n::nat) = 2*eint n"
+ using times_eint_simps(1)
+ by (metis mult.commute mult_2_right of_nat_add)
+
+lemma P_set_of_one:
+"P_set 1 = nonzero Q\<^sub>p"
+ apply(rule equalityI) apply(rule subsetI)
+ unfolding P_set_def nonzero_def mem_Collect_eq apply blast
+ apply(rule subsetI) unfolding P_set_def nonzero_def mem_Collect_eq
+ using Qp.nat_pow_eone by blast
+
+lemma nth_power_fact:
+ assumes "(n::nat) \<ge> 1"
+ shows "\<exists> (m::nat) > 0. \<forall> u \<in> carrier Q\<^sub>p. ac m u = 1 \<and> val u = 0 \<longrightarrow> u \<in> P_set n"
+proof(cases "n = 1")
+ case True
+ have "\<forall> u \<in> carrier Q\<^sub>p. ac 1 u = 1 \<and> val u = 0 \<longrightarrow> u \<in> P_set n"
+ unfolding True P_set_of_one
+ by (metis iless_Suc_eq padic_fields.val_ring_memE padic_fields.zero_in_val_ring padic_fields_axioms val_nonzero zero_eint_def)
+ then show ?thesis by blast
+next
+ case F: False
+ obtain m where m_def: "m = 1 + nat ( 2*(ord ([n]\<cdot>\<^bsub>Q\<^sub>p\<^esub> (\<one>))))"
+ by blast
+ then have m_pos: "m > 0"
+ by linarith
+ have "\<forall> u \<in> carrier Q\<^sub>p. ac m u = 1 \<and> val u = 0 \<longrightarrow> u \<in> P_set n"
+ proof
+ fix u
+ assume A: "u \<in> carrier Q\<^sub>p"
+ show " ac m u = 1 \<and> val u = 0 \<longrightarrow> u \<in> P_set n"
+ proof
+ assume B: "ac m u = 1 \<and> val u = 0"
+ then have 0: "val u = val \<one>"
+ by (smt A ac_def not_nonzero_Qp val_one val_ord zero_eint_def)
+ have 1: "ac m u = ac m \<one>"
+ by (metis B Qp.one_nonzero ac_p ac_p_int_pow_factor angular_component_factors_x angular_component_p inc_of_one m_pos p_nonzero)
+ have 2: "u \<in> nonzero Q\<^sub>p"
+ proof-
+ have "ac m \<zero> = 0"
+ by (meson ac_def)
+ then have "u \<noteq> \<zero>"
+ by (metis B zero_neq_one)
+ then show ?thesis
+ using A not_nonzero_Qp Qp.nonzero_memI by presburger
+ qed
+ then have 3: "val (\<one> \<ominus>\<^bsub>Q\<^sub>p\<^esub> u) \<ge> m" using m_pos 0 1 ac_ord_prop[of "\<one>" u "0::int" m]
+ by (metis B Qp.one_nonzero add.right_neutral eint.inject val_ord zero_eint_def)
+ show "u \<in> P_set n"
+ proof(cases "u = \<one>")
+ case True
+ then show ?thesis
+ by (metis P_set_one insert_iff zeroth_P_set)
+ next
+ case False
+ have F0: "u \<in> \<O>\<^sub>p"
+ apply(rule val_ring_memI, rule A)
+ unfolding 0 val_one by auto
+ have F1: "val (\<one> \<ominus>\<^bsub>Q\<^sub>p\<^esub> u) \<ge> m"
+ using False 3 by blast
+ have "ord (\<one> \<ominus> u) \<ge> m"
+ by (metis A F1 False Qp.not_eq_diff_nonzero Qp.one_closed eint_ord_simps(1) val_ord)
+ hence F2: "ord (\<one> \<ominus>\<^bsub>Q\<^sub>p\<^esub> u) > 2*(ord ([n]\<cdot> \<one>))"
+ using m_def F1 A False Qp.not_eq_diff_nonzero Qp.one_closed eint_ord_simps(1)
+ int_nat_eq of_nat_1 of_nat_add val_ord[of "\<one> \<ominus> u"] eint_nat_times_2
+ by linarith
+ have "val (\<one> \<ominus>\<^bsub>Q\<^sub>p\<^esub> u) > 2*(val ([n]\<cdot> \<one>))"
+ proof-
+ have 0: "val (\<one> \<ominus>\<^bsub>Q\<^sub>p\<^esub> u) > 2*(ord ([n]\<cdot> \<one>))"
+ using F2 val_ord[of "\<one> \<ominus> u"] A False Qp.not_eq_diff_nonzero Qp.one_closed eint_ord_simps(2) by presburger
+ have "n > 0"
+ using assms by linarith
+ hence "eint (ord ([n] \<cdot> \<one>)) = val ([n] \<cdot> \<one>)"
+ using val_ord_nat_inc[of n]
+ by blast
+ hence "2*ord ([n]\<cdot> \<one>) = 2*val ([n]\<cdot> \<one>)"
+ by (metis inc_of_nat times_eint_simps(1))
+ thus ?thesis
+ using 0 val_ord[of "\<one> \<ominus> u"] assms
+ by presburger
+ qed
+ then have "(\<exists> b \<in> \<O>\<^sub>p. ((b[^]n) = u))"
+ using m_def False nth_root_poly_root[of n u] F0 assms F by linarith
+ then have "(\<exists> b \<in> carrier Q\<^sub>p. ((b[^]n) = u))"
+ using val_ring_memE by blast
+ then show "u \<in> P_set n"
+ using P_set_def[of n] 2
+ by blast
+ qed
+ qed
+ qed
+ then show ?thesis using m_pos by blast
+qed
+
+definition pow_res where
+"pow_res (n::nat) x = {a. a \<in> carrier Q\<^sub>p \<and> (\<exists>y \<in> nonzero Q\<^sub>p. (a = x \<otimes> (y[^]n)))}"
+
+lemma nonzero_pow_res:
+ assumes "x \<in> nonzero Q\<^sub>p"
+ shows "pow_res (n::nat) x \<subseteq> nonzero Q\<^sub>p"
+proof
+ fix a
+ assume "a \<in> pow_res n x"
+ then obtain y where y_def: "y \<in> nonzero Q\<^sub>p \<and> (a = x \<otimes> (y[^]n))"
+ using pow_res_def by blast
+ then show "a \<in> nonzero Q\<^sub>p"
+ using assms Qp.Units_m_closed Qp_nat_pow_nonzero Units_eq_nonzero by blast
+qed
+
+lemma pow_res_of_zero:
+ shows "pow_res n \<zero> = {\<zero>}"
+ unfolding pow_res_def apply(rule equalityI)
+ apply(rule subsetI)
+ unfolding mem_Collect_eq
+ apply (metis Qp.integral_iff Qp.nat_pow_closed Qp.nonzero_closed Qp.zero_closed insertCI)
+ apply(rule subsetI) unfolding mem_Collect_eq
+ by (metis Qp.nat_pow_one Qp.one_nonzero Qp.r_one Qp.zero_closed equals0D insertE)
+
+lemma equal_pow_resI:
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "y \<in> pow_res n x"
+ shows "pow_res n x = pow_res n y"
+proof
+ have y_closed: "y \<in> carrier Q\<^sub>p"
+ using assms unfolding pow_res_def by blast
+ obtain c where c_def: "c \<in> nonzero Q\<^sub>p \<and> y = x \<otimes> (c[^]n)"
+ using assms pow_res_def by blast
+ have "((inv c)[^]n) = inv (c[^]n)"
+ using c_def Qp.field_axioms Qp.nat_pow_of_inv Units_eq_nonzero by blast
+ then have "y \<otimes> ((inv c)[^]n) = x"
+ using y_closed c_def assms Qp.inv_cancelL(2) Qp.nonzero_closed Qp_nat_pow_nonzero Units_eq_nonzero
+ by presburger
+ then have P0: "(inv c) \<in> nonzero Q\<^sub>p \<and> x =y \<otimes> ((inv c)[^]n) "
+ using c_def nonzero_inverse_Qp by blast
+ show "pow_res n x \<subseteq> pow_res n y"
+ proof
+ fix a
+ assume A: "a \<in> pow_res n x"
+ then have "a \<in> carrier Q\<^sub>p"
+ by (metis (no_types, lifting) mem_Collect_eq pow_res_def)
+ obtain b where b_def: "b \<in> nonzero Q\<^sub>p \<and> a = x \<otimes> (b[^]n)"
+ using A pow_res_def by blast
+ then have 0: "b \<in> nonzero Q\<^sub>p \<and> a = y \<otimes> ((inv c)[^]n) \<otimes> (b[^]n)"
+ using \<open>y \<otimes> inv c [^] n = x\<close> by blast
+ have "b \<in> nonzero Q\<^sub>p \<and> a = y \<otimes> (((inv c) \<otimes> b)[^]n)"
+ proof-
+ have "(inv c)[^]n \<otimes> (b[^]n) = ((inv c) \<otimes> b)[^]n"
+ using c_def b_def assms P0 Qp.nat_pow_distrib Qp.nonzero_closed by presburger
+ then have " y \<otimes> (((inv c)[^]n) \<otimes> (b[^]n)) = y \<otimes> (((inv c) \<otimes> b)[^]n)"
+ by presburger
+ then show ?thesis
+ using y_closed 0 P0 Qp.m_assoc Qp.nat_pow_closed Qp.nonzero_closed assms(1) by presburger
+ qed
+ then have "((inv c) \<otimes> b) \<in> nonzero Q\<^sub>p \<and> a = y \<otimes> (((inv c) \<otimes> b)[^]n)"
+ by (metis P0 Qp.integral_iff Qp.nonzero_closed Qp.nonzero_mult_closed not_nonzero_Qp)
+ then show "a \<in> pow_res n y" using pow_res_def \<open>a \<in> carrier Q\<^sub>p\<close> by blast
+ qed
+ show "pow_res n y \<subseteq> pow_res n x"
+ proof
+ fix a
+ assume A: "a \<in> pow_res n y"
+ then have 0: "a \<in> carrier Q\<^sub>p"
+ by (metis (no_types, lifting) mem_Collect_eq pow_res_def)
+ obtain b where b_def: "b \<in> nonzero Q\<^sub>p \<and> a = y \<otimes> (b[^]n)"
+ using A pow_res_def by blast
+ then have "a = (x \<otimes> (c[^]n)) \<otimes> (b[^]n)"
+ using c_def by blast
+ then have "a = x \<otimes> ((c[^]n) \<otimes> (b[^]n))"
+ by (meson Qp.m_assoc Qp.nat_pow_closed Qp.nonzero_closed assms(1) b_def c_def)
+ then have "a = x \<otimes> ((c \<otimes> b)[^]n)"
+ using Qp.nat_pow_distrib Qp.nonzero_closed b_def c_def by presburger
+ then have "(c \<otimes> b) \<in> nonzero Q\<^sub>p \<and> a = x \<otimes> ((c \<otimes> b)[^]n)"
+ by (metis Qp.integral_iff Qp.nonzero_closed Qp.nonzero_mult_closed b_def c_def not_nonzero_Qp)
+ then show "a \<in> pow_res n x"
+ using pow_res_def 0 by blast
+ qed
+qed
+
+lemma zeroth_pow_res:
+ assumes "x \<in> carrier Q\<^sub>p"
+ shows "pow_res 0 x = {x}"
+ apply(rule equalityI)
+ apply(rule subsetI)
+ unfolding pow_res_def mem_Collect_eq
+ using assms apply (metis Qp.nat_pow_0 Qp.r_one singletonI)
+ apply(rule subsetI)
+ unfolding pow_res_def mem_Collect_eq
+ using assms by (metis Qp.nat_pow_0 Qp.one_nonzero Qp.r_one equals0D insertE)
+
+lemma Zp_car_zero_res: assumes "x \<in> carrier Z\<^sub>p"
+ shows "x 0 = 0"
+ using assms unfolding Zp_def
+ using Zp_def Zp_defs(3) padic_set_zero_res prime by blast
+
+lemma zeroth_ac:
+ assumes "x \<in> carrier Q\<^sub>p"
+ shows "ac 0 x = 0"
+ apply(cases "x = \<zero> ")
+ unfolding ac_def apply presburger
+ using assms angular_component_closed[of x] Zp_car_zero_res unfolding nonzero_def mem_Collect_eq
+ by presburger
+
+lemma nonzero_ac_imp_nonzero:
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "ac m x \<noteq> 0"
+ shows "x \<in> nonzero Q\<^sub>p"
+ using assms unfolding ac_def nonzero_def mem_Collect_eq
+ by presburger
+
+lemma nonzero_ac_val_ord:
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "ac m x \<noteq> 0"
+ shows "val x = ord x"
+ using nonzero_ac_imp_nonzero assms val_ord by blast
+
+lemma pow_res_equal_ord:
+ assumes "n > 0"
+ shows "\<exists>m > 0. \<forall>x y. x \<in> nonzero Q\<^sub>p \<and> y \<in> nonzero Q\<^sub>p \<and> ac m x = ac m y \<and> ord x = ord y \<longrightarrow> pow_res n x = pow_res n y"
+proof-
+ obtain m where m_def_0: "m > 0 \<and> ( \<forall> u \<in> carrier Q\<^sub>p. ac m u = 1 \<and> val u = 0 \<longrightarrow> u \<in> P_set n)"
+ using assms nth_power_fact[of n]
+ by (metis less_imp_le_nat less_one linorder_neqE_nat nat_le_linear zero_less_iff_neq_zero)
+ then have m_def: "m > 0 \<and> ( \<forall> u \<in> carrier Q\<^sub>p. ac m u = 1 \<and> ord u = 0 \<longrightarrow> u \<in> P_set n)"
+ by (smt nonzero_ac_val_ord zero_eint_def)
+ have "\<forall>x y. x \<in> nonzero Q\<^sub>p \<and> y \<in> nonzero Q\<^sub>p \<and> ac m x = ac m y \<and> ord x = ord y \<longrightarrow> pow_res n x = pow_res n y"
+ proof
+ fix x
+ show "\<forall>y. x \<in> nonzero Q\<^sub>p \<and> y \<in> nonzero Q\<^sub>p \<and> ac m x = ac m y \<and> ord x = ord y \<longrightarrow> pow_res n x = pow_res n y"
+ proof fix y
+ show "x \<in> nonzero Q\<^sub>p \<and> y \<in> nonzero Q\<^sub>p \<and> ac m x = ac m y \<and> ord x = ord y \<longrightarrow> pow_res n x = pow_res n y"
+ proof
+ assume A: "x \<in> nonzero Q\<^sub>p \<and> y \<in> nonzero Q\<^sub>p \<and> ac m x = ac m y \<and> ord x = ord y "
+ then have 0: "ac m (x \<div> y) = 1"
+ using ac_inv[of y m] ac_mult
+ by (metis ac_inv'''(1) ac_mult' m_def nonzero_inverse_Qp)
+ have 1: "ord (x \<div> y) = 0"
+ using A ord_fract by presburger
+ have 2: "(x \<div> y) \<in> nonzero Q\<^sub>p"
+ using A
+ by (metis Qp.nonzero_closed Qp.nonzero_mult_closed local.fract_cancel_right nonzero_inverse_Qp not_nonzero_Qp zero_fract)
+ have 3: "(x \<div> y) \<in> P_set n"
+ using m_def 0 1 2 nonzero_def
+ by (smt Qp.nonzero_closed)
+ then obtain b where b_def: "b \<in> carrier Q\<^sub>p \<and> (b[^]n) = (x \<div> y)"
+ using P_set_def
+ by blast
+ then have "(x \<div> y) \<otimes> y = (b[^]n) \<otimes> y"
+ by presburger
+ then have "x = (b[^]n) \<otimes> y"
+ using A b_def
+ by (metis Qp.nonzero_closed local.fract_cancel_left)
+ then have "x = y \<otimes>(b[^]n)"
+ using A b_def
+ by (metis Qp.nonzero_closed local.fract_cancel_right)
+ then have "x \<in> pow_res n y"
+ unfolding pow_res_def using A b_def
+ by (metis (mono_tags, lifting) "2" Qp.nat_pow_0 Qp.nonzero_closed Qp_nonzero_nat_pow mem_Collect_eq not_gr_zero)
+ then show "pow_res n x = pow_res n y"
+ using A equal_pow_resI[of x y n] unfolding nonzero_def
+ by (metis (mono_tags, lifting) A Qp.nonzero_closed equal_pow_resI)
+ qed
+ qed
+ qed
+ then show ?thesis using m_def by blast
+qed
+
+lemma pow_res_equal:
+ assumes "n > 0"
+ shows "\<exists>m> 0. \<forall>x y. x \<in> nonzero Q\<^sub>p \<and> y \<in> nonzero Q\<^sub>p \<and> ac m x = ac m y \<and> ord x = (ord y mod n) \<longrightarrow> pow_res n x = pow_res n y"
+proof-
+ obtain m where m_def: "m > 0 \<and> (\<forall>x y. x \<in> nonzero Q\<^sub>p \<and> y \<in> nonzero Q\<^sub>p \<and> ac m x = ac m y \<and> ord x = ord y \<longrightarrow> pow_res n x = pow_res n y)"
+ using assms pow_res_equal_ord
+ by meson
+ have "\<forall>x y. x \<in> nonzero Q\<^sub>p \<and> y \<in> nonzero Q\<^sub>p \<and> ac m x = ac m y \<and> ord x = ord y mod int n \<longrightarrow> pow_res n x = pow_res n y"
+ proof fix x
+ show "\<forall>y. x \<in> nonzero Q\<^sub>p \<and> y \<in> nonzero Q\<^sub>p \<and> ac m x = ac m y \<and> ord x = ord y mod int n \<longrightarrow> pow_res n x = pow_res n y"
+ proof fix y
+ show "x \<in> nonzero Q\<^sub>p \<and> y \<in> nonzero Q\<^sub>p \<and> ac m x = ac m y \<and> ord x = ord y mod int n \<longrightarrow> pow_res n x = pow_res n y"
+ proof
+ assume A: "x \<in> nonzero Q\<^sub>p \<and> y \<in> nonzero Q\<^sub>p \<and> ac m x = ac m y \<and> ord x = ord y mod int n"
+ show "pow_res n x = pow_res n y"
+ proof-
+ have A0: "x \<in> nonzero Q\<^sub>p \<and> y \<in> nonzero Q\<^sub>p"
+ using A by blast
+ have A1: "ac m x = ac m y"
+ using A by blast
+ have A2: "ord x = ord y mod int n"
+ using A by blast
+ obtain k where k_def: "k = ord x"
+ by blast
+ obtain l where l_def: "ord y = ord x + (l:: int)*(int n)"
+ using assms A2
+ by (metis A k_def mod_eqE mod_mod_trivial mult_of_nat_commute)
+ have m_def': "\<And>x y. x \<in> nonzero Q\<^sub>p \<and> y \<in> nonzero Q\<^sub>p \<and> ac m x = ac m y \<and> ord x = ord y \<Longrightarrow> pow_res n x = pow_res n y"
+ using m_def
+ by blast
+ have 0: "ord (y \<otimes> (\<pp>[^](- l*n))) = ord x"
+ proof-
+ have 0: "ord (y \<otimes> (\<pp>[^](- l*n))) = ord y + (ord (\<pp>[^](- l*n)))"
+ using ord_mult p_nonzero A0 Qp_int_pow_nonzero
+ by blast
+ have 1: "ord (\<pp>[^](- l*n)) = - l*n"
+ using ord_p_pow_int[of "-l*n"]
+ by blast
+ then have "ord (y \<otimes> (\<pp>[^](- l*n))) = ord y - l*n"
+ using 0
+ by linarith
+ then show ?thesis
+ using k_def l_def by linarith
+ qed
+ have 1: "ac m (y \<otimes> (\<pp>[^](- l*n))) = ac m y"
+ using assms ac_p_int_pow_factor_right[of ] m_def A Qp.nonzero_closed by presburger
+ have 2: "y \<otimes> (\<pp>[^](- l*n)) \<in> nonzero Q\<^sub>p"
+ using A0 Qp_int_pow_nonzero[of \<pp> "- l*n"] Qp.cring_axioms nonzero_def cring.cring_simprules(5)
+ fract_cancel_left not_nonzero_Qp p_intpow_inv'' p_nonzero zero_fract Qp.integral_iff
+ Qp.nonzero_closed Qp.nonzero_memE(2) Qp.nonzero_memI Qp.nonzero_mult_closed
+ minus_mult_commute mult_minus_right p_intpow_closed(1) p_intpow_closed(2)
+ by presburger
+ then have 3: "pow_res n (y \<otimes> (\<pp>[^](- l*n))) = pow_res n x"
+ using 2 A0 m_def'[of "y \<otimes> (\<pp>[^](- l*n))" x] "0" "1" A1
+ by linarith
+ have 4: "(y \<otimes> (\<pp>[^](- l*n))) = (y \<otimes> ((\<pp>[^]- l)[^]n))"
+ using Qp_int_nat_pow_pow[of \<pp> "-l" n] p_nonzero
+ by presburger
+ have "y \<otimes> (\<pp>[^](- l*n))\<in> pow_res n y "
+ using "2" "4" Qp_int_pow_nonzero nonzero_def p_nonzero
+ unfolding pow_res_def nonzero_def
+ proof -
+ assume a1: "\<And>x n. x \<in> {a \<in> carrier Q\<^sub>p. a \<noteq> \<zero>} \<Longrightarrow> x [^] (n::int) \<in> {a \<in> carrier Q\<^sub>p. a \<noteq> \<zero>}"
+ assume a2: "\<pp> \<in> {a \<in> carrier Q\<^sub>p. a \<noteq> \<zero>}"
+ assume a3: "y \<otimes> \<pp> [^] (- l * int n) \<in> {a \<in> carrier Q\<^sub>p. a \<noteq> \<zero>}"
+ have f4: "\<pp> [^] (- 1 * l) \<in> {r \<in> carrier Q\<^sub>p. r \<noteq> \<zero>}"
+ using a2 a1 by presburger
+ have f5: "- l = - 1 * l"
+ by linarith
+ then have f6: "y \<otimes> \<pp> [^] (- 1 * l * int n) = y \<otimes> (\<pp> [^] (- 1 * l)) [^] n"
+ using \<open>y \<otimes> \<pp> [^] (- l * int n) = y \<otimes> (\<pp> [^] - l) [^] n\<close> by presburger
+ then have "y \<otimes> (\<pp> [^] (- 1 * l)) [^] n \<in> {r \<in> carrier Q\<^sub>p. r \<noteq> \<zero>}"
+ using f5 a3 by presburger
+ then have "y \<otimes> (\<pp> [^] (- 1 * l)) [^] n \<in> {r \<in> carrier Q\<^sub>p. \<exists>ra. ra \<in> {r \<in> carrier Q\<^sub>p. r \<noteq> \<zero>} \<and> r = y \<otimes> ra [^] n}"
+ using f4 by blast
+ then have "y \<otimes> \<pp> [^] (- l * int n) \<in> {r \<in> carrier Q\<^sub>p. \<exists>ra. ra \<in> {r \<in> carrier Q\<^sub>p. r \<noteq> \<zero>} \<and> r = y \<otimes> ra [^] n}"
+ using f6 f5 by presburger
+ then show "y \<otimes> \<pp> [^] (- l * int n) \<in> {r \<in> carrier Q\<^sub>p. \<exists>ra\<in>{r \<in> carrier Q\<^sub>p. r \<noteq> \<zero>}. r = y \<otimes> ra [^] n}"
+ by meson
+ qed
+ then have "pow_res n (y \<otimes> (\<pp>[^](- l*n))) = pow_res n y"
+ using equal_pow_resI[of "(y \<otimes> (\<pp>[^](- l*n)))" y n] "2" A0 assms
+ Qp.nonzero_mult_closed p_intpow_closed(2)
+ by (metis (mono_tags, opaque_lifting) "3" A Qp.nonzero_closed equal_pow_resI)
+ then show ?thesis using 3 by blast
+ qed
+ qed
+ qed
+ qed
+ then show ?thesis
+ using m_def
+ by blast
+qed
+
+definition pow_res_classes where
+"pow_res_classes n = {S. \<exists>x \<in> nonzero Q\<^sub>p. S = pow_res n x }"
+
+lemma pow_res_semialg_def:
+ assumes "x \<in> nonzero Q\<^sub>p"
+ assumes "n \<ge> 1"
+ shows "\<exists>P \<in> carrier Q\<^sub>p_x. pow_res n x = (univ_basic_semialg_set n P) - {\<zero>}"
+proof-
+ have 0: "pow_res n x = {a \<in> carrier Q\<^sub>p. \<exists>y\<in>nonzero Q\<^sub>p. (inv x) \<otimes> a = (y[^]n)}"
+ proof
+ show "pow_res n x \<subseteq> {a \<in> carrier Q\<^sub>p. \<exists>y\<in>nonzero Q\<^sub>p. inv x \<otimes> a = (y[^]n)}"
+ proof
+ fix a
+ assume A: "a \<in> pow_res n x"
+ then have "a \<in> carrier Q\<^sub>p \<and> (\<exists>y\<in>nonzero Q\<^sub>p. a = x \<otimes> (y[^]n))"
+ unfolding pow_res_def
+ by blast
+ then obtain y where y_def: "y \<in> nonzero Q\<^sub>p \<and>a = x \<otimes> (y[^]n)"
+ by blast
+ then have "y \<in> nonzero Q\<^sub>p \<and> inv x \<otimes> a = (y[^]n)"
+ proof -
+ show ?thesis
+ by (metis (no_types, opaque_lifting) Qp.m_assoc Qp.m_comm Qp.nat_pow_closed Qp.nonzero_closed
+ \<open>a \<in> carrier Q\<^sub>p \<and> (\<exists>y\<in>nonzero Q\<^sub>p. a = x \<otimes> y [^] n)\<close> assms(1) local.fract_cancel_right nonzero_inverse_Qp y_def)
+ qed
+ then show "a \<in> {a \<in> carrier Q\<^sub>p. \<exists>y\<in>nonzero Q\<^sub>p. inv x \<otimes> a = (y[^]n)}"
+ using assms \<open>a \<in> carrier Q\<^sub>p \<and> (\<exists>y\<in>nonzero Q\<^sub>p. a = x \<otimes> (y[^]n))\<close>
+ by blast
+ qed
+
+ show "{a \<in> carrier Q\<^sub>p. \<exists>y\<in>nonzero Q\<^sub>p. inv x \<otimes> a = (y[^]n)} \<subseteq> pow_res n x"
+ proof
+ fix a
+ assume A: "a \<in> {a \<in> carrier Q\<^sub>p. \<exists>y\<in>nonzero Q\<^sub>p. inv x \<otimes> a = (y[^]n)}"
+ show "a \<in> pow_res n x"
+ proof-
+ have "a \<in> carrier Q\<^sub>p \<and> (\<exists>y\<in>nonzero Q\<^sub>p. inv x \<otimes> a = (y[^]n))"
+ using A by blast
+ then obtain y where y_def: "y\<in>nonzero Q\<^sub>p \<and> inv x \<otimes> a = (y[^]n)"
+ by blast
+ then have "y\<in>nonzero Q\<^sub>p \<and> a = x \<otimes>(y[^]n)"
+ by (metis Qp.l_one Qp.m_assoc Qp.nonzero_closed Qp.not_nonzero_memI
+ \<open>a \<in> carrier Q\<^sub>p \<and> (\<exists>y\<in>nonzero Q\<^sub>p. inv x \<otimes> a = y [^] n)\<close> assms(1) field_inv(2) inv_in_frac(1))
+ then show ?thesis
+ by (metis (mono_tags, lifting) \<open>a \<in> carrier Q\<^sub>p \<and> (\<exists>y\<in>nonzero Q\<^sub>p. inv x \<otimes> a = (y[^]n))\<close> mem_Collect_eq pow_res_def)
+ qed
+ qed
+ qed
+ obtain P where P_def: "P = up_ring.monom Q\<^sub>p_x (inv x) 1"
+ by blast
+ have P_closed: "P \<in> carrier Q\<^sub>p_x"
+ using P_def Qp.nonzero_closed Qp.nonzero_memE(2) UPQ.is_UP_monomE(1) UPQ.is_UP_monomI assms(1) inv_in_frac(1) by presburger
+ have P_eval: "\<And>a. a \<in> carrier Q\<^sub>p \<Longrightarrow> (P \<bullet> a) = (inv x) \<otimes> a"
+ using P_def to_fun_monom[of ]
+ by (metis Qp.nat_pow_eone Qp.nonzero_closed Qp.not_nonzero_memI assms(1) inv_in_frac(1))
+ have 0: "pow_res n x = {a \<in> carrier Q\<^sub>p. \<exists>y\<in>nonzero Q\<^sub>p. (P \<bullet> a) = (y[^]n)}"
+ proof
+ show "pow_res n x \<subseteq> {a \<in> carrier Q\<^sub>p. \<exists>y\<in>nonzero Q\<^sub>p. P \<bullet> a = (y[^]n)}"
+ proof fix a
+ assume "a \<in> pow_res n x"
+ then have "a \<in> carrier Q\<^sub>p \<and> (\<exists>y\<in>nonzero Q\<^sub>p. inv x \<otimes> a = (y[^]n))"
+ using 0
+ by blast
+ then show "a \<in> {a \<in> carrier Q\<^sub>p. \<exists>y\<in>nonzero Q\<^sub>p. P \<bullet> a = (y[^]n)}"
+ using P_eval
+ by (metis (mono_tags, lifting) mem_Collect_eq)
+ qed
+ show "{a \<in> carrier Q\<^sub>p. \<exists>y\<in>nonzero Q\<^sub>p. P \<bullet> a = (y[^]n)} \<subseteq> pow_res n x"
+ proof fix a
+ assume "a \<in> {a \<in> carrier Q\<^sub>p. \<exists>y\<in>nonzero Q\<^sub>p. P \<bullet> a = (y[^]n)}"
+ then obtain y where y_def: "y\<in>nonzero Q\<^sub>p \<and> P \<bullet> a = (y[^]n)"
+ by blast
+ then have "y\<in>nonzero Q\<^sub>p \<and> inv x \<otimes> a = (y[^]n)"
+ using P_eval \<open>a \<in> {a \<in> carrier Q\<^sub>p. \<exists>y\<in>nonzero Q\<^sub>p. P \<bullet> a = (y[^]n)}\<close>
+ by blast
+ then have "a \<in> carrier Q\<^sub>p \<and> (\<exists>y\<in>nonzero Q\<^sub>p. inv x \<otimes> a = (y[^]n))"
+ using \<open>a \<in> {a \<in> carrier Q\<^sub>p. \<exists>y\<in>nonzero Q\<^sub>p. P \<bullet> a = (y[^]n)}\<close> by blast
+ then show "a \<in> pow_res n x"
+ using 0
+ by blast
+ qed
+ qed
+ have 1: "univ_basic_semialg_set n P - {\<zero>} = {a \<in> carrier Q\<^sub>p. \<exists>y\<in>nonzero Q\<^sub>p. (P \<bullet> a) = (y[^]n)}"
+ proof
+ show "univ_basic_semialg_set n P - {\<zero>} \<subseteq> {a \<in> carrier Q\<^sub>p. \<exists>y\<in>nonzero Q\<^sub>p. P \<bullet> a = (y[^]n)}"
+ proof
+ fix a
+ assume A: "a \<in> univ_basic_semialg_set n P - {\<zero>}"
+ then have A0: "a \<in> carrier Q\<^sub>p \<and> (\<exists>y\<in>carrier Q\<^sub>p. P \<bullet> a = (y[^]n))"
+ unfolding univ_basic_semialg_set_def by blast
+ then have A0': "a \<in> nonzero Q\<^sub>p \<and> (\<exists>y\<in>carrier Q\<^sub>p. P \<bullet> a = (y[^]n))"
+ using A
+ by (metis DiffD2 not_nonzero_Qp singletonI)
+ then obtain y where y_def: "y\<in>carrier Q\<^sub>p \<and> P \<bullet> a = (y[^]n)"
+ by blast
+ have A1: "(P \<bullet> a) \<noteq> \<zero>"
+ using P_eval A0' Qp.integral_iff Qp.nonzero_closed Qp.nonzero_memE(2) assms(1) inv_in_frac(1) inv_in_frac(2) by presburger
+ have A2: "y \<in> nonzero Q\<^sub>p"
+ proof-
+ have A20: "(y[^]n) \<noteq>\<zero>"
+ using A1 y_def
+ by blast
+ have "y \<noteq> \<zero>"
+ apply(rule ccontr) using A20 assms
+ by (metis Qp.nat_pow_eone Qp.semiring_axioms Qp.zero_closed le_zero_eq semiring.nat_pow_zero)
+ then show ?thesis
+ using y_def A1 not_nonzero_Qp Qp.not_nonzero_memE by blast
+ qed
+ then have "y \<in> nonzero Q\<^sub>p \<and> P \<bullet> a = (y[^]n)" using y_def
+ by blast
+ then show "a \<in> {a \<in> carrier Q\<^sub>p. \<exists>y\<in>nonzero Q\<^sub>p. P \<bullet> a = (y[^]n)}"
+ using A0 nonzero_def
+ by blast
+ qed
+ show "{a \<in> carrier Q\<^sub>p. \<exists>y\<in>nonzero Q\<^sub>p. P \<bullet> a = (y[^]n)} \<subseteq> univ_basic_semialg_set n P - {\<zero>}"
+ proof
+ fix a
+ assume A: "a \<in> {a \<in> carrier Q\<^sub>p. \<exists>y\<in>nonzero Q\<^sub>p. P \<bullet> a = (y[^]n)}"
+ then obtain y where y_def: "y\<in>nonzero Q\<^sub>p \<and> P \<bullet> a = (y[^]n)"
+ by blast
+ then have "y \<noteq>\<zero> \<and> y\<in> carrier Q\<^sub>p \<and> P \<bullet> a = (y[^]n)"
+ by (metis (mono_tags, opaque_lifting) Qp.nonzero_closed Qp.not_nonzero_memI)
+ then have "a \<noteq>\<zero>"
+ using P_eval
+ by (metis Qp.m_comm Qp.nonzero_closed Qp.nonzero_memE(2) Qp.nonzero_pow_nonzero Qp.zero_closed assms(1) inv_in_frac(1) zero_fract)
+ then show "a \<in> univ_basic_semialg_set n P - {\<zero>}"
+ unfolding univ_basic_semialg_set_def
+ using A \<open>y \<noteq> \<zero> \<and> y \<in> carrier Q\<^sub>p \<and> P \<bullet> a = (y[^]n)\<close>
+ by blast
+ qed
+ qed
+ show ?thesis using 0 1
+ by (metis (no_types, lifting) P_closed)
+qed
+
+lemma pow_res_is_univ_semialgebraic:
+ assumes "x \<in> carrier Q\<^sub>p"
+ shows "is_univ_semialgebraic (pow_res n x)"
+proof(cases "n = 0")
+ case True
+ have T0: "pow_res n x = {x}"
+ unfolding True using assms
+ by (simp add: assms zeroth_pow_res)
+ have "[x] \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ using assms Qp.to_R1_closed by blast
+ hence "is_semialgebraic 1 {[x]}"
+ using is_algebraic_imp_is_semialg singleton_is_algebraic by blast
+ thus ?thesis unfolding T0 using assms
+ by (simp add: \<open>x \<in> carrier Q\<^sub>p\<close> finite_is_univ_semialgebraic)
+next
+ case False
+ show ?thesis
+ proof(cases "x = \<zero>")
+ case True
+ then show ?thesis using finite_is_univ_semialgebraic False pow_res_of_zero
+ by (metis Qp.zero_closed empty_subsetI finite.emptyI finite.insertI insert_subset)
+ next
+ case F: False
+ then show ?thesis
+ using False pow_res_semialg_def[of x n] diff_is_univ_semialgebraic[of _ "{\<zero>}"] finite_is_univ_semialgebraic[of "{\<zero>}"]
+ by (metis Qp.zero_closed assms empty_subsetI finite.emptyI finite.insertI insert_subset less_one less_or_eq_imp_le linorder_neqE_nat not_nonzero_Qp univ_basic_semialg_set_is_univ_semialgebraic)
+ qed
+qed
+
+lemma pow_res_is_semialg:
+ assumes "x \<in> carrier Q\<^sub>p"
+ shows "is_semialgebraic 1 (to_R1 ` (pow_res n x))"
+ using assms pow_res_is_univ_semialgebraic is_univ_semialgebraicE
+ by blast
+
+lemma pow_res_refl:
+ assumes "x \<in> carrier Q\<^sub>p"
+ shows "x \<in> pow_res n x"
+proof-
+ have "x = x \<otimes> (\<one> [^]n)"
+ using assms Qp.nat_pow_one Qp.r_one by presburger
+ thus ?thesis
+ using assms unfolding pow_res_def mem_Collect_eq
+ using Qp.one_nonzero by blast
+qed
+
+lemma equal_pow_resE:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "n > 0"
+ assumes "pow_res n a = pow_res n b"
+ shows "\<exists> s \<in> P_set n. a = b \<otimes> s"
+proof-
+ have "a \<in> pow_res n b"
+ using assms pow_res_refl by blast
+ then obtain y where y_def: " y \<in> nonzero Q\<^sub>p \<and> a = b \<otimes> y[^]n"
+ unfolding pow_res_def by blast
+ thus ?thesis unfolding P_set_def
+ using Qp.nonzero_closed Qp_nat_pow_nonzero by blast
+qed
+
+lemma pow_res_one:
+ assumes "x \<in> nonzero Q\<^sub>p"
+ shows "pow_res 1 x = nonzero Q\<^sub>p"
+proof show "pow_res 1 x \<subseteq> nonzero Q\<^sub>p"
+ using assms nonzero_pow_res[of x 1] by blast
+ show "nonzero Q\<^sub>p \<subseteq> pow_res 1 x"
+ proof fix y assume A: "y \<in> nonzero Q\<^sub>p"
+ then have 0: "\<one> \<in> nonzero Q\<^sub>p \<and> y = x \<otimes> ((inv x)\<otimes> y)[^](1::nat)"
+ using assms Qp.m_comm Qp.nat_pow_eone Qp.nonzero_closed Qp.nonzero_mult_closed
+ Qp.one_nonzero local.fract_cancel_right nonzero_inverse_Qp by presburger
+ have 1: "(inv x)\<otimes> y \<in> nonzero Q\<^sub>p"
+ using A assms by (metis Qp.Units_m_closed Units_eq_nonzero nonzero_inverse_Qp)
+ then show "y \<in> pow_res 1 x"
+ unfolding pow_res_def using 0 1 A Qp.nonzero_closed by blast
+ qed
+qed
+
+
+lemma pow_res_zero:
+ assumes "n > 0"
+ shows "pow_res n \<zero> = {\<zero>}"
+proof
+ show "pow_res n \<zero> \<subseteq> {\<zero>}"
+ unfolding pow_res_def
+ using Qp.l_null Qp.nat_pow_closed Qp.nonzero_closed by blast
+ show "{\<zero>} \<subseteq> pow_res n \<zero>"
+ using assms unfolding pow_res_def
+ using Qp.l_null Qp.one_closed Qp.one_nonzero empty_subsetI insert_subset by blast
+qed
+
+
+lemma equal_pow_resI':
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "c \<in> P_set n"
+ assumes "a = b \<otimes> c"
+ assumes "n > 0"
+ shows "pow_res n a = pow_res n b"
+proof-
+ obtain y where y_def: "c = y[^]n \<and> y \<in> carrier Q\<^sub>p"
+ using assms unfolding P_set_def by blast
+ have c_nonzero: "c \<in> nonzero Q\<^sub>p"
+ using P_set_nonzero'(1) assms(3) by blast
+ have y_nonzero: "y \<in> nonzero Q\<^sub>p"
+ using y_def c_nonzero Qp_nonzero_nat_pow assms(5) by blast
+ have 0: "a \<in> pow_res n b"
+ using assms y_nonzero y_def unfolding pow_res_def
+ by blast
+ show ?thesis
+ apply(cases "b = \<zero>")
+ using pow_res_zero Qp.l_null Qp.nonzero_closed assms(4) c_nonzero apply presburger
+ by (metis "0" assms(1) assms(2) assms(5) not_nonzero_Qp equal_pow_resI)
+qed
+
+lemma equal_pow_resI'':
+ assumes "n > 0"
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> nonzero Q\<^sub>p"
+ assumes "a \<otimes> inv b \<in> P_set n"
+ shows "pow_res n a = pow_res n b"
+ using assms equal_pow_resI'[of a b "a \<otimes> inv b" n] Qp.nonzero_closed local.fract_cancel_right
+ by blast
+
+lemma equal_pow_resI''':
+ assumes "n > 0"
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> nonzero Q\<^sub>p"
+ assumes "c \<in> nonzero Q\<^sub>p"
+ assumes "pow_res n (c \<otimes> a) = pow_res n (c \<otimes> b)"
+ shows "pow_res n a = pow_res n b"
+proof-
+ have 0: "c \<otimes>a \<in> nonzero Q\<^sub>p"
+ by (meson Localization.submonoid.m_closed Qp.nonzero_is_submonoid assms(2) assms(4))
+ have 1: "c \<otimes>b \<in> nonzero Q\<^sub>p"
+ by (meson Localization.submonoid.m_closed Qp.nonzero_is_submonoid assms(3) assms(4))
+ have "c\<otimes>a \<in> pow_res n (c\<otimes>b)"
+ proof(cases "n = 1")
+ case True
+ then show ?thesis
+ using assms 0 1 pow_res_one[of "c\<otimes>b"] by blast
+ next
+ case False
+ then have "n \<ge> 2"
+ using assms(1) by linarith
+ then show ?thesis
+ using assms 0 1 pow_res_refl[of "c\<otimes>a" n] unfolding nonzero_def
+ by blast
+ qed
+ then obtain y where y_def: "y \<in> nonzero Q\<^sub>p \<and> (c \<otimes> a) = (c \<otimes> b)\<otimes>y[^]n"
+ using assms unfolding pow_res_def by blast
+ then have "a = b\<otimes>y[^]n"
+ using assms
+ by (metis Qp.m_assoc Qp.m_lcancel Qp.nonzero_closed Qp.nonzero_mult_closed Qp.not_nonzero_memI Qp_nat_pow_nonzero)
+ then show ?thesis
+ by (metis P_set_memI Qp.nonzero_closed Qp.nonzero_mult_closed Qp.not_nonzero_memI Qp_nat_pow_nonzero assms(1) assms(3) equal_pow_resI' y_def)
+qed
+
+lemma equal_pow_resI'''':
+ assumes "n > 0"
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "a = b \<otimes> u"
+ assumes "u \<in> P_set n"
+ shows "pow_res n a = pow_res n b"
+proof(cases "a = \<zero>")
+ case True
+ then have "b = \<zero>"
+ using assms unfolding P_set_def
+ by (metis (no_types, lifting) Qp.integral Qp.nonzero_closed Qp.not_nonzero_memI mem_Collect_eq)
+ then show ?thesis using pow_res_zero
+ using True by blast
+next
+ case False
+ then have 0: "a \<in> nonzero Q\<^sub>p"
+ using Qp.not_nonzero_memE assms(2) by blast
+ have 1: "b \<in> nonzero Q\<^sub>p"
+ using 0 assms unfolding P_set_def
+ by (metis (no_types, lifting) Qp.integral_iff Qp.nonzero_closed mem_Collect_eq not_nonzero_Qp)
+ have 2: "a \<otimes> (inv b)\<in> P_set n"
+ using assms 0 1
+ by (metis P_set_nonzero'(2) Qp.inv_cancelR(1) Qp.m_comm Qp.nonzero_memE(2) Units_eq_nonzero inv_in_frac(1))
+ then show ?thesis using equal_pow_resI''
+ by (meson "0" "1" assms(1) equal_pow_resI)
+qed
+
+
+lemma Zp_Units_ord_zero:
+ assumes "a \<in> Units Z\<^sub>p"
+ shows "ord_Zp a = 0"
+proof-
+ have "inv\<^bsub>Z\<^sub>p\<^esub> a \<in> nonzero Z\<^sub>p"
+ apply(rule Zp.nonzero_memI, rule Zp.Units_inv_closed, rule assms)
+ using assms Zp.Units_inverse in_Units_imp_not_zero by blast
+ then have "ord_Zp (a \<otimes>\<^bsub>Z\<^sub>p\<^esub> inv \<^bsub>Z\<^sub>p\<^esub> a) = ord_Zp a + ord_Zp (inv \<^bsub>Z\<^sub>p\<^esub> a)"
+ using assms ord_Zp_mult Zp.Units_nonzero zero_not_one
+ by (metis Zp.zero_not_one)
+ then show ?thesis
+ by (smt Zp.Units_closed Zp.Units_r_inv Zp.integral_iff Zp.nonzero_closed \<open>inv\<^bsub>Z\<^sub>p\<^esub> a \<in> nonzero Z\<^sub>p\<close> assms ord_Zp_one ord_pos)
+qed
+
+lemma pow_res_nth_pow:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "n > 0"
+ shows "pow_res n (a[^]n) = pow_res n \<one>"
+proof
+ show "pow_res n (a [^] n) \<subseteq> pow_res n \<one>"
+ proof fix x assume A: "x \<in> pow_res n (a [^] n)"
+ then show "x \<in> pow_res n \<one>"
+ by (metis P_set_memI Qp.l_one Qp.nat_pow_closed Qp.nonzero_closed Qp.nonzero_memE(2)
+ Qp.nonzero_pow_nonzero Qp.one_closed assms(1) assms(2) equal_pow_resI')
+ qed
+ show "pow_res n \<one> \<subseteq> pow_res n (a [^] n)"
+ proof fix x assume A: "x \<in> pow_res n \<one>"
+ then obtain y where y_def: "y \<in> nonzero Q\<^sub>p \<and> x = \<one>\<otimes>y[^]n"
+ unfolding pow_res_def by blast
+ then have 0: "x = y[^]n"
+ using Qp.l_one Qp.nonzero_closed by blast
+ have "y[^]n = a[^]n \<otimes> (inv a \<otimes> y)[^]n"
+ proof-
+ have "a[^]n \<otimes> (inv a \<otimes> y)[^]n = a[^]n \<otimes> (inv a)[^]n \<otimes> y[^]n"
+ using Qp.Units_inv_closed Qp.m_assoc Qp.nat_pow_closed Qp.nat_pow_distrib Qp.nonzero_closed Units_eq_nonzero assms(1) y_def by presburger
+ then show ?thesis
+ by (metis Qp.Units_inv_inv Qp.inv_cancelR(1) Qp.nat_pow_distrib Qp.nonzero_closed Qp.nonzero_mult_closed Units_eq_nonzero assms(1) nonzero_inverse_Qp y_def)
+ qed
+ then show "x \<in> pow_res n (a [^] n)"
+ using y_def A assms unfolding pow_res_def mem_Collect_eq
+ by (metis "0" Qp.integral Qp.m_closed Qp.nonzero_closed Qp.not_nonzero_memI inv_in_frac(1) inv_in_frac(2) not_nonzero_Qp)
+ qed
+qed
+
+lemma pow_res_of_p_pow:
+ assumes "n > 0"
+ shows "pow_res n (\<pp>[^]((l::int)*n)) = pow_res n \<one>"
+proof-
+ have 0: "\<pp>[^]((l::int)*n) = (\<pp>[^]l)[^]n"
+ using Qp_p_int_nat_pow_pow by blast
+ have "\<pp>[^]((l::int)*n) \<in> P_set n"
+ using P_set_memI[of _ "\<pp>[^]l"]
+ by (metis "0" Qp.not_nonzero_memI Qp_int_pow_nonzero p_intpow_closed(1) p_nonzero)
+ thus ?thesis
+ using "0" assms p_intpow_closed(2) pow_res_nth_pow by presburger
+qed
+
+lemma pow_res_nonzero:
+ assumes "n > 0"
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "pow_res n a = pow_res n b"
+ shows "b \<in> nonzero Q\<^sub>p"
+ using assms nonzero_pow_res[of a n] pow_res_zero[of n]
+ by (metis insert_subset not_nonzero_Qp)
+
+lemma pow_res_mult:
+ assumes "n > 0"
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "c \<in> carrier Q\<^sub>p"
+ assumes "d \<in> carrier Q\<^sub>p"
+ assumes "pow_res n a = pow_res n c"
+ assumes "pow_res n b = pow_res n d"
+ shows "pow_res n (a \<otimes> b) = pow_res n (c \<otimes> d)"
+proof(cases "a \<in> nonzero Q\<^sub>p")
+ case True
+ then have "c \<in> nonzero Q\<^sub>p"
+ using assms pow_res_nonzero by blast
+ then obtain \<alpha> where alpha_def: "\<alpha> \<in> nonzero Q\<^sub>p \<and> a = c \<otimes> \<alpha>[^]n"
+ using assms True pow_res_refl[of a n] unfolding assms unfolding pow_res_def
+ by blast
+ show ?thesis
+ proof(cases "b \<in> nonzero Q\<^sub>p")
+ case T: True
+ then have "d \<in> nonzero Q\<^sub>p"
+ using assms pow_res_nonzero by blast
+ then obtain \<beta> where beta_def: "\<beta> \<in> nonzero Q\<^sub>p \<and> b = d \<otimes> \<beta>[^]n"
+ using T pow_res_refl[of b n] unfolding assms unfolding pow_res_def
+ using assms by blast
+ then have "a \<otimes> b = (c \<otimes> d) \<otimes> (\<alpha>[^]n \<otimes> \<beta>[^] n)"
+ using Qp.m_assoc Qp.m_lcomm Qp.nonzero_closed Qp.nonzero_mult_closed Qp_nat_pow_nonzero alpha_def assms(3) assms(4) assms(5) by presburger
+ then have 0: "a \<otimes> b = (c \<otimes> d) \<otimes> ((\<alpha> \<otimes> \<beta>)[^] n)"
+ by (metis Qp.nat_pow_distrib Qp.nonzero_closed alpha_def beta_def)
+ show ?thesis
+ apply(intro equal_pow_resI'[of _ _ "(\<alpha> \<otimes> \<beta>)[^] n"] Qp.ring_simprules assms
+ P_set_memI[of _ "\<alpha> \<otimes> \<beta>"] Qp.nat_pow_closed nonzero_memE 0 Qp_nat_pow_nonzero
+ )
+ using alpha_def beta_def apply auto
+ apply(intro nonzero_memI Qp.nonzero_mult_closed)
+ using alpha_def beta_def nonzero_memE apply auto
+ by (meson Qp.integral_iff)
+ next
+ case False
+ then have "b = \<zero>"
+ by (meson assms not_nonzero_Qp)
+ then have "d = \<zero>"
+ using assms by (metis False not_nonzero_Qp pow_res_nonzero)
+ then show ?thesis
+ using Qp.r_null \<open>b = \<zero>\<close> assms by presburger
+ qed
+next
+ case False
+ then have "a = \<zero>"
+ by (meson assms not_nonzero_Qp)
+ then have "c = \<zero>"
+ using assms by (metis False not_nonzero_Qp pow_res_nonzero)
+ then show ?thesis
+ using Qp.r_null \<open>a = \<zero>\<close> assms Qp.l_null by presburger
+ qed
+
+lemma pow_res_p_pow_factor:
+ assumes "n > 0"
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "pow_res n a = pow_res n (\<pp>[^]((l::int)*n) \<otimes> a)"
+proof(cases "a = \<zero>")
+ case True
+ then show ?thesis
+ using Qp.r_null p_intpow_closed(1) by presburger
+next
+ case False
+ then show ?thesis using assms pow_res_of_p_pow
+ using Qp.m_comm Qp.one_closed Qp.r_one p_intpow_closed(1) pow_res_mult by presburger
+qed
+
+lemma pow_res_classes_finite:
+ assumes "n \<ge> 1"
+ shows "finite (pow_res_classes n)"
+proof(cases "n = 1")
+ case True
+ have "pow_res_classes n = {(nonzero Q\<^sub>p)}"
+ using True pow_res_one unfolding pow_res_classes_def
+ using Qp.one_nonzero by blast
+ then show ?thesis by auto
+next
+ case False
+ then have n_bound: "n \<ge> 2"
+ using assms by linarith
+ obtain m where m_def: "m > 0 \<and> (\<forall>x y. x \<in> nonzero Q\<^sub>p \<and> y \<in> nonzero Q\<^sub>p \<and> ac m x = ac m y \<and> ord x = ord y \<longrightarrow> pow_res n x = pow_res n y)"
+ using assms False pow_res_equal_ord n_bound
+ by (metis gr_zeroI le_numeral_extra(2))
+ obtain f where f_def: "f = (\<lambda> \<eta> \<nu>. (SOME y. y \<in> (pow_res_classes n) \<and> (\<exists> x \<in> y. ac m x = \<eta> \<and> ord x = \<nu>)))"
+ by blast
+ have 0: "\<And>x. x \<in> nonzero Q\<^sub>p \<Longrightarrow> pow_res n x = f (ac m x) (ord x)"
+ proof- fix x assume A: "x \<in> nonzero Q\<^sub>p"
+ obtain \<eta> where eta_def: "\<eta> = ac m x"
+ by blast
+ obtain \<nu> where nu_def: "\<nu> = ord x"
+ by blast
+ have "\<exists>y \<in>pow_res n x. ac m y = ac m x \<and> ord y = ord x"
+ using pow_res_refl A assms neq0_conv Qp.nonzero_closed by blast
+ hence "pow_res n x \<in> (pow_res_classes n) \<and> (\<exists> y \<in> (pow_res n x). ac m y = \<eta> \<and> ord y = \<nu>)"
+ unfolding nu_def eta_def using assms unfolding pow_res_classes_def
+ using A by blast
+ then have 0: "(\<exists> y. y \<in> (pow_res_classes n) \<and> (\<exists> x \<in> y. ac m x = \<eta> \<and> ord x = \<nu>))"
+ by blast
+ have "f \<eta> \<nu> = (SOME y. y \<in> (pow_res_classes n) \<and> (\<exists> x \<in> y. ac m x = \<eta> \<and> ord x = \<nu>))"
+ using f_def by blast
+ then have 1: "f \<eta> \<nu> \<in> (pow_res_classes n) \<and> ((\<exists> y \<in> (f \<eta> \<nu>). ac m y = \<eta> \<and> ord y = \<nu>))"
+ using 0 someI_ex[of "\<lambda> y. y \<in> (pow_res_classes n) \<and> (\<exists> x \<in> y. ac m x = \<eta> \<and> ord x = \<nu>)"]
+ unfolding f_def by blast
+ then obtain y where y_def: "y \<in> (f \<eta> \<nu>) \<and> ac m y = ac m x \<and> ord y = ord x"
+ unfolding nu_def eta_def by blast
+ obtain a where a_def: "a \<in> nonzero Q\<^sub>p \<and> (f \<eta> \<nu>) = pow_res n a"
+ using 1 unfolding pow_res_classes_def by blast
+ then have 2: "y \<in> pow_res n a"
+ using y_def by blast
+ have 3: "y \<in> nonzero Q\<^sub>p"
+ using y_def nonzero_pow_res[of a n] a_def by blast
+ then have 4: "pow_res n y = pow_res n a"
+ using 3 y_def a_def equal_pow_resI[of y a n] n_bound Qp.nonzero_closed
+ by (metis equal_pow_resI)
+ have 5: "pow_res n y = f \<eta> \<nu>"
+ using 4 a_def by blast
+ then show "pow_res n x = f (ac m x) (ord x)"
+ unfolding eta_def nu_def
+ using "3" A m_def y_def by blast
+ qed
+ obtain N where N_def: "N > 0 \<and> (\<forall> u \<in> carrier Q\<^sub>p. ac N u = 1 \<and> val u = 0 \<longrightarrow> u \<in> P_set n)"
+ using n_bound nth_power_fact assms by blast
+ have 1: "\<And>x. x \<in> nonzero Q\<^sub>p \<Longrightarrow> (\<exists>y \<in> nonzero Q\<^sub>p. ord y \<ge> 0 \<and> ord y < n \<and> pow_res n x = pow_res n y)"
+ proof- fix x assume x_def: "x \<in> nonzero Q\<^sub>p"
+ then obtain k where k_def: "k = ord x mod n"
+ by blast
+ then obtain l where l_def: "ord x = (int n)*l + k"
+ using cancel_div_mod_rules(2)[of n "ord x"0] unfolding k_def
+ by (metis group_add_class.add.right_cancel)
+ have "x = (\<pp>[^](ord x)) \<otimes> \<iota> (angular_component x)"
+ using x_def angular_component_factors_x by blast
+ then have "x = (\<pp>[^](n*l + k)) \<otimes> \<iota> (angular_component x)"
+ unfolding l_def by blast
+ hence "x = \<pp>[^](int n*l) \<otimes> (\<pp>[^] k) \<otimes> \<iota> (angular_component x)"
+ by (metis p_intpow_add)
+ hence 0: "x = (\<pp>[^]l)[^]n \<otimes> (\<pp>[^] k) \<otimes> \<iota> (angular_component x)"
+ using p_pow_factor[of n l k] \<open>x = \<pp> [^] (int n * l + k) \<otimes> \<iota> (angular_component x)\<close> by presburger
+ have 1: "\<iota> (angular_component x) \<in> carrier Q\<^sub>p"
+ using x_def angular_component_closed inc_closed by blast
+ hence 2: "x = (\<pp>[^]l)[^]n \<otimes> ((\<pp>[^] k) \<otimes> \<iota> (angular_component x))"
+ using 0 by (metis Qp.m_assoc Qp.nat_pow_closed p_intpow_closed(1))
+ obtain a where a_def: "a = (\<pp>[^] k) \<otimes> \<iota> (angular_component x)"
+ by blast
+ have 30: "angular_component x \<in> Units Z\<^sub>p"
+ using angular_component_unit x_def by blast
+ then have 3: "\<iota> (angular_component x) \<in> Units Q\<^sub>p"
+ by (metis Units_eq_nonzero Zp.Units_closed in_Units_imp_not_zero inc_of_nonzero not_nonzero_Qp)
+ have 4: "\<iota> (angular_component x) \<in> nonzero Q\<^sub>p"
+ using 3 Units_nonzero_Qp by blast
+ have a_nonzero: "a \<in> nonzero Q\<^sub>p"
+ unfolding a_def 4
+ by (meson "3" Qp.UnitsI(1) Qp.Units_m_closed Units_nonzero_Qp p_intpow_closed(1) p_intpow_inv)
+ have 5: "x = a \<otimes>(\<pp>[^]l)[^]n"
+ using 2 a_nonzero unfolding a_def
+ using Qp.m_comm Qp.nat_pow_closed Qp.nonzero_closed p_intpow_closed(1) by presburger
+ hence "x \<in> pow_res n a"
+ unfolding pow_res_def
+ using Qp.nonzero_closed Qp_int_pow_nonzero p_nonzero x_def by blast
+ hence 6:"pow_res n a = pow_res n x"
+ using x_def a_def equal_pow_resI[of x a n] a_nonzero n_bound Qp.nonzero_closed equal_pow_resI
+ by blast
+ have 7: "ord (\<iota> (angular_component x)) = 0"
+ proof-
+ have "ord_Zp (angular_component x) = 0" using 30 Zp_Units_ord_zero by blast
+ then have "val_Zp (angular_component x) = 0"
+ using "30" unit_imp_val_Zp0 by blast
+ then have "val (\<iota> (angular_component x)) = 0"
+ by (metis angular_component_closed val_of_inc x_def)
+ then show ?thesis using angular_component_closed x_def
+ by (metis "30" Zp.Units_closed \<open>ord_Zp (angular_component x) = 0\<close> in_Units_imp_not_zero not_nonzero_Qp ord_of_inc)
+ qed
+ have 8: "ord a = k"
+ unfolding a_def using 3 4 7 ord_mult[of "\<pp> [^] k" "\<iota> (angular_component x)"] ord_p_pow_int[of k]
+ p_pow_nonzero
+ using Qp_int_pow_nonzero p_nonzero by presburger
+ have 9: "k < n"
+ unfolding k_def
+ using assms by auto
+ show " \<exists>y\<in>nonzero Q\<^sub>p. 0 \<le> ord y \<and> ord y < int n \<and> pow_res n x = pow_res n y"
+ by (metis "6" "8" a_nonzero assms k_def less_imp_of_nat_less of_nat_eq_0_iff pos_mod_conj rel_simps(45) zero_less_iff_neq_zero)
+ qed
+ have 2: "\<And>x. x \<in> (pow_res_classes n) \<Longrightarrow> \<exists> \<eta> \<nu>. \<eta> \<in> Units (Zp_res_ring m) \<and> \<nu> \<in> {0..<int n} \<and> x = f \<eta> \<nu>"
+ proof- fix a assume A: "a \<in> (pow_res_classes n)"
+ then obtain x where x_def: "x \<in> nonzero Q\<^sub>p \<and> a = pow_res n x"
+ unfolding pow_res_classes_def by blast
+ then obtain x' where x'_def: "x' \<in> nonzero Q\<^sub>p \<and> ord x' \<ge> 0 \<and> ord x' < n \<and> pow_res n x' = a"
+ using 1[of x] unfolding x_def by blast
+ hence 20: "f (ac m x') (ord x') = a"
+ using 0 by blast
+ have 21: "ac m x' \<in> Units (Zp_res_ring m)"
+ using x'_def ac_units m_def by presburger
+ then have 22: "ac m x' \<in> Units (Zp_res_ring m) \<and> (ord x') \<in> ({0..<n}::int set ) \<and> a = f (ac m x') (ord x')"
+ using x'_def 20 atLeastLessThan_iff by blast
+ then show "\<exists> \<eta> \<nu>. \<eta> \<in> Units (Zp_res_ring m) \<and> \<nu> \<in> {0..<int n} \<and> a = f \<eta> \<nu>" by blast
+ qed
+ obtain F where F_def: "F = (\<lambda>ps. f (fst ps) (snd ps))"
+ by blast
+ have 3: "\<And>x. x \<in> (pow_res_classes n) \<Longrightarrow> \<exists> ps \<in> Units (Zp_res_ring m) \<times> {0..<int n}. x = f (fst ps) (snd ps)"
+ proof- fix x assume A: "x \<in> pow_res_classes n"
+ obtain \<eta> \<nu> where eta_nu_def: " \<eta> \<in> Units (Zp_res_ring m) \<and> \<nu> \<in> {0..<int n} \<and> x = f \<eta> \<nu>"
+ using 2 A by blast
+ then have "F (\<eta>, \<nu>) = x"
+ unfolding F_def by (metis fst_conv snd_conv)
+ then show " \<exists> ps \<in> Units (Zp_res_ring m) \<times> {0..<int n}. x = f (fst ps) (snd ps)"
+ using eta_nu_def local.F_def by blast
+ qed
+ have 4: "pow_res_classes n \<subseteq> F ` (Units (Zp_res_ring m) \<times> {0..<int n})"
+ unfolding F_def using 3
+ by blast
+ have "finite (Units (Zp_res_ring m))"
+ using m_def residues.finite_Units unfolding residues_def
+ by (metis Qp.one_nonzero ac_in_res_ring ac_one' p_res_ring_one p_residue_ring_car_memE(1))
+ hence "finite (Units (Zp_res_ring m) \<times> {0..<int n})"
+ by blast
+ then show "finite (pow_res_classes n)"
+ using 4 by (meson finite_surj)
+qed
+
+lemma pow_res_classes_univ_semialg:
+ assumes "S \<in> pow_res_classes n"
+ shows "is_univ_semialgebraic S"
+proof-
+ obtain x where x_def: "x\<in>nonzero Q\<^sub>p \<and> S = pow_res n x"
+ using assms unfolding pow_res_classes_def by blast
+ then show ?thesis using pow_res_is_univ_semialgebraic
+ using Qp.nonzero_closed by blast
+qed
+
+lemma pow_res_classes_semialg:
+ assumes "S \<in> pow_res_classes n"
+ shows "is_semialgebraic 1 (to_R1` S)"
+ using pow_res_classes_univ_semialg
+ assms(1) is_univ_semialgebraicE by blast
+
+definition nth_pow_wits where
+"nth_pow_wits n = (\<lambda> S. (SOME x. x \<in> (S \<inter> \<O>\<^sub>p)))` (pow_res_classes n)"
+
+lemma nth_pow_wits_finite:
+ assumes "n > 0"
+ shows "finite (nth_pow_wits n)"
+proof-
+ have "n \<ge> 1"
+ by (simp add: assms leI)
+ thus ?thesis
+ unfolding nth_pow_wits_def using assms pow_res_classes_finite[of n] by blast
+qed
+
+lemma nth_pow_wits_covers:
+ assumes "n > 0"
+ assumes "x \<in> nonzero Q\<^sub>p"
+ shows "\<exists>y \<in> (nth_pow_wits n). y \<in> nonzero Q\<^sub>p \<and> y \<in> \<O>\<^sub>p \<and> x \<in> pow_res n y"
+proof-
+ have PP: "(pow_res n x) \<in> pow_res_classes n"
+ unfolding pow_res_classes_def using assms by blast
+ obtain k where k_def: "val x = eint k"
+ using assms val_ord by blast
+ obtain N::int where N_def: "N = (if k < 0 then -k else k)" by blast
+ then have N_nonneg: "N \<ge> 0"
+ unfolding N_def
+ by presburger
+ have 0: "int n \<ge> 1"
+ using assms by linarith
+ have "N*(int n) + k \<ge> 0"
+ proof(cases "k<0")
+ case True then have "N = -k" unfolding N_def
+ by presburger
+ then have "N*n + k = k*(1- int n)"
+ using distrib_left[of k 1 "-int n"] mult_cancel_left2 mult_minus_left
+ by (metis add.inverse_inverse diff_minus_eq_add minus_mult_minus neg_equal_iff_equal uminus_add_conv_diff)
+ then show ?thesis using 0 True zero_less_mult_iff[of k "1 - int n"]
+ proof -
+ have "0 \<le> N * (int n - 1)"
+ by (meson "0" N_nonneg diff_ge_0_iff_ge zero_le_mult_iff)
+ then show ?thesis
+ by (metis (no_types) \<open>N = - k\<close> add.commute distrib_left minus_add_cancel mult_minus1_right uminus_add_conv_diff)
+ qed
+ next
+ case False
+ then have "N = k" unfolding N_def
+ by presburger
+ then show ?thesis using 0 False
+ by (metis N_nonneg add_increasing2 mult_nonneg_nonneg of_nat_0_le_iff)
+ qed
+ then have 1: "ord (\<pp>[^](N*n)\<otimes>x) \<ge> 0"
+ using ord_mult k_def val_ord assms
+ by (metis Qp_int_pow_nonzero eint.inject ord_p_pow_int p_nonzero)
+ have 2: "\<pp>[^](N*n)\<otimes>x \<in> pow_res n x"
+ proof-
+ have "\<pp>[^](N*n) = (\<pp>[^]N)[^]n"
+ using Qp_p_int_nat_pow_pow by blast
+ then have "\<pp>[^]N \<in> nonzero Q\<^sub>p \<and> \<pp>[^](N*n)\<otimes>x = x \<otimes> (\<pp>[^]N)[^]n"
+ by (metis Qp.m_comm Qp.nonzero_closed Qp_int_pow_nonzero assms(2) p_nonzero)
+ then show ?thesis unfolding pow_res_def
+ by (metis (mono_tags, lifting) Qp.m_closed Qp.nonzero_closed assms(2) mem_Collect_eq p_intpow_closed(1))
+ qed
+ have 3: "\<pp>[^](N*n)\<otimes>x \<in> \<O>\<^sub>p"
+ using 1 assms
+ by (metis Q\<^sub>p_def Qp.nonzero_mult_closed Qp_int_pow_nonzero Z\<^sub>p_def val_ring_ord_criterion \<iota>_def p_nonzero padic_fields.zero_in_val_ring padic_fields_axioms)
+ have 4: "x \<in> pow_res n (\<pp>[^](N*n)\<otimes>x)"
+ using 2 equal_pow_resI[of x "\<pp>[^](N*n)\<otimes>x" n] pow_res_refl[of "\<pp>[^](N*n)\<otimes>x" n] assms
+ Qp.nonzero_mult_closed p_intpow_closed(2) pow_res_refl Qp.nonzero_closed by metis
+ have 5: "\<pp>[^](N*n)\<otimes>x \<in> (pow_res n x \<inter> \<O>\<^sub>p)"
+ using 2 3 by blast
+ have 6: "(SOME z. z \<in> (pow_res n x) \<inter> \<O>\<^sub>p) \<in> pow_res n x \<inter> \<O>\<^sub>p" using 5
+ by (meson someI)
+ obtain y where y_def: "y = (SOME z. z \<in> (pow_res n x) \<inter> \<O>\<^sub>p)"
+ by blast
+ then have A: "y \<in> pow_res n x"
+ using "6" by blast
+ then have "pow_res n x = pow_res n y"
+ using equal_pow_resI[of x y n] assms y_def Qp.nonzero_closed nonzero_pow_res by blast
+ then have 7: "x \<in> pow_res n y"
+ using pow_res_refl[of x n] assms unfolding nonzero_def by blast
+ have 8: "y \<in> nonzero Q\<^sub>p "
+ using y_def PP 6 A nonzero_pow_res[of x n] assms
+ by blast
+ have 9: "y \<in> \<O>\<^sub>p"
+ using y_def "6" by blast
+ have "y\<in>(\<lambda>S. SOME x. x \<in> S \<inter> \<O>\<^sub>p) ` pow_res_classes n \<and> y \<in> nonzero Q\<^sub>p \<and> y \<in> \<O>\<^sub>p \<and> x \<in> pow_res n y"
+ using y_def PP 6 7 8 9 A nonzero_pow_res[of x n] assms
+ by blast
+ then show ?thesis unfolding nth_pow_wits_def by blast
+qed
+
+lemma nth_pow_wits_closed:
+ assumes "n > 0"
+ assumes "x \<in> nth_pow_wits n"
+ shows "x \<in> carrier Q\<^sub>p" "x \<in> \<O>\<^sub>p" "x \<in> nonzero Q\<^sub>p" "\<exists> y \<in> pow_res_classes n. y = pow_res n x"
+proof-
+ obtain c where c_def: "c \<in> pow_res_classes n \<and> x = (SOME x. x \<in> (c \<inter> \<O>\<^sub>p))"
+ by (metis (no_types, lifting) assms(2) image_iff nth_pow_wits_def)
+ then obtain y where y_def: "y \<in> nonzero Q\<^sub>p \<and> c = pow_res n y"
+ unfolding pow_res_classes_def by blast
+ then obtain a where a_def: "a \<in> (nth_pow_wits n) \<and> a \<in> nonzero Q\<^sub>p \<and> a \<in> \<O>\<^sub>p \<and> y \<in> pow_res n a"
+ using nth_pow_wits_covers[of n y] assms(1) by blast
+ have 00: "pow_res n a = c"
+ using equal_pow_resI[of a y n] y_def assms a_def unfolding nonzero_def by blast
+ then have P :"a \<in> c \<inter> \<O>\<^sub>p"
+ using pow_res_refl[of a n] assms a_def unfolding 00 nonzero_def by blast
+ then show 0: "x \<in> \<O>\<^sub>p" using c_def
+ by (metis Collect_mem_eq Int_Collect tfl_some)
+ then show "x \<in> carrier Q\<^sub>p"
+ using val_ring_memE by blast
+ have 1: "c \<subseteq> nonzero Q\<^sub>p"
+ using c_def nonzero_pow_res[of y n] unfolding pow_res_classes_def
+ using assms(1) y_def by blast
+ have "(SOME x. x \<in> (c \<inter> \<O>\<^sub>p)) \<in> (c \<inter> \<O>\<^sub>p)"
+ using P tfl_some
+ by (smt Int_def someI_ex)
+ then have 2: "x \<in> c"
+ using c_def by blast
+ thus "x \<in> nonzero Q\<^sub>p"
+ using 1 by blast
+ show "\<exists> y \<in> pow_res_classes n. y = pow_res n x"
+ using 00 2 c_def P a_def equal_pow_resI[of a x n] 0 val_ring_memE assms(1) by blast
+qed
+
+lemma finite_extensional_funcset:
+ assumes "finite A"
+ assumes "finite (B::'b set)"
+ shows "finite (A \<rightarrow>\<^sub>E B)"
+ using finite_PiE[of A "\<lambda>_. B"] assms by blast
+
+lemma nth_pow_wits_exists:
+ assumes "m > 0"
+ assumes "c \<in> pow_res_classes m"
+ shows "\<exists>x. x \<in> c \<inter> \<O>\<^sub>p"
+proof-
+ obtain x where x_def: "x \<in> nonzero Q\<^sub>p \<and> pow_res m x = c"
+ using assms unfolding pow_res_classes_def by blast
+ obtain y where y_def: "y \<in> (nth_pow_wits m) \<and> y \<in> nonzero Q\<^sub>p \<and> y \<in> \<O>\<^sub>p \<and> x \<in> pow_res m y"
+ using nth_pow_wits_covers assms x_def
+ by blast
+ have 0: "pow_res m x = pow_res m y"
+ using x_def y_def equal_pow_resI Qp.nonzero_closed assms(1) by blast
+ then have 1: "y \<in> pow_res m x"
+ using pow_res_refl[of y m ] y_def assms unfolding nonzero_def by blast
+ thus ?thesis using x_def y_def assms
+ by blast
+qed
+
+lemma pow_res_classes_mem_eq:
+ assumes "m > 0"
+ assumes "a \<in> pow_res_classes m"
+ assumes "x \<in> a"
+ shows "a = pow_res m x"
+proof-
+ obtain y where y_def: "y \<in> nonzero Q\<^sub>p \<and> a = pow_res m y"
+ using assms unfolding pow_res_classes_def by blast
+ then show ?thesis using assms equal_pow_resI[of y x m]
+ by (meson Qp.nonzero_closed nonzero_pow_res equal_pow_resI subsetD)
+qed
+
+lemma nth_pow_wits_neq_pow_res:
+ assumes "m > 0"
+ assumes "x \<in> nth_pow_wits m"
+ assumes "y \<in> nth_pow_wits m"
+ assumes "x \<noteq> y"
+ shows "pow_res m x \<noteq> pow_res m y"
+proof-
+ obtain a where a_def: "a \<in> pow_res_classes m \<and> x = (\<lambda> S. (SOME x. x \<in> (S \<inter> \<O>\<^sub>p))) a"
+ using assms unfolding nth_pow_wits_def by blast
+ obtain b where b_def: "b \<in> pow_res_classes m \<and> y = (\<lambda> S. (SOME x. x \<in> (S \<inter> \<O>\<^sub>p))) b"
+ using assms unfolding nth_pow_wits_def by blast
+ have a_neq_b: "a \<noteq> b"
+ using assms a_def b_def by blast
+ have 0: "x \<in> a \<inter> \<O>\<^sub>p"
+ using a_def nth_pow_wits_exists[of m a] assms
+ by (meson someI_ex)
+ have 1: "y \<in> b \<inter> \<O>\<^sub>p"
+ using b_def nth_pow_wits_exists[of m b] assms
+ by (meson someI_ex)
+ have 2: "pow_res m x = a"
+ using a_def pow_res_classes_mem_eq[of m a x] assms 0
+ by blast
+ have 3: "pow_res m y = b"
+ using b_def pow_res_classes_mem_eq[of m b y] assms 1
+ by blast
+ show ?thesis
+ by (simp add: "2" "3" a_neq_b)
+qed
+
+lemma nth_pow_wits_disjoint_pow_res:
+ assumes "m > 0"
+ assumes "x \<in> nth_pow_wits m"
+ assumes "y \<in> nth_pow_wits m"
+ assumes "x \<noteq> y"
+ shows "pow_res m x \<inter> pow_res m y = {}"
+ using assms nth_pow_wits_neq_pow_res disjoint_iff_not_equal
+ by (metis (no_types, opaque_lifting) nth_pow_wits_closed(4) pow_res_classes_mem_eq)
+
+lemma nth_power_fact':
+ assumes "0 < (n::nat)"
+ shows "\<exists>m>0. \<forall>u\<in>carrier Q\<^sub>p. ac m u = 1 \<and> val u = 0 \<longrightarrow> u \<in> P_set n"
+ using nth_power_fact[of n] assms
+ by (metis less_one less_or_eq_imp_le linorder_neqE_nat neq0_conv)
+
+lemma equal_pow_res_criterion:
+ assumes "N > 0"
+ assumes "n > 0"
+ assumes "\<forall> u \<in> carrier Q\<^sub>p. ac N u = 1 \<and> val u = 0 \<longrightarrow> u \<in> P_set n"
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "c \<in> carrier Q\<^sub>p"
+ assumes "a = b \<otimes> (\<one> \<oplus> c)"
+ assumes "val c \<ge> N"
+ shows "pow_res n a = pow_res n b"
+proof(cases "b = \<zero>")
+ case True
+ then have "a = \<zero>"
+ using assms Qp.add.m_closed Qp.l_null Qp.one_closed by presburger
+ then show ?thesis using True
+ by blast
+next
+ case False
+ then have F0: "a \<div> b = \<one> \<oplus> c"
+ by (metis Qp.Units_one_closed Qp.add.m_closed Qp.inv_cancelR(2) Qp.one_closed Qp.unit_factor assms(4) assms(5) assms(6) assms(7) field_inv(2) inv_in_frac(1))
+ have "0 < eint N"
+ using assms by (metis eint_ord_simps(2) of_nat_0_less_iff zero_eint_def)
+ hence F1: "val \<one> < val c"
+ using assms less_le_trans[of 0 N "val c"] unfolding val_one
+ by blast
+ hence F2: " val \<one> = val (\<one> \<oplus> c)"
+ using assms val_one one_nonzero Qp.add.m_comm Qp.one_closed val_ultrametric_noteq by metis
+ have "val \<one> + eint (int N) \<le> val (\<one> \<ominus> (\<one> \<oplus> c))"
+ proof-
+ have "val (\<one> \<ominus> (\<one> \<oplus> c)) = val c"
+ using Qp.add.inv_closed Qp.minus_eq Qp.minus_sum Qp.one_closed Qp.r_neg2 assms(6) val_minus by presburger
+ thus ?thesis
+ unfolding val_one using assms F1 by (metis add.left_neutral)
+ qed
+ hence F3: "ac N \<one> = ac N (\<one> \<oplus> c)"
+ using F2 F1 assms ac_val[of \<one> "\<one> \<oplus> c" N]
+ by (metis Qp.add.m_closed Qp.one_closed val_nonzero)
+ have F4: "\<one> \<oplus> c \<in> P_set n"
+ using assms F1 F2 F3 val_one ac_one
+ by (metis Qp.add.m_closed Qp.one_closed Qp.one_nonzero ac_inv'' ac_inv'''(1) ac_one')
+ then show ?thesis
+ using assms(2) assms(4) assms(5) assms(7) equal_pow_resI' by blast
+qed
+
+
+
+lemma pow_res_nat_pow:
+ assumes "n > 0"
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "pow_res n a = pow_res n b"
+ shows "pow_res n (a[^](k::nat)) = pow_res n (b[^]k)"
+ apply(induction k)
+ using assms apply (metis Group.nat_pow_0)
+ using assms pow_res_mult by (smt Qp.nat_pow_Suc2 Qp.nat_pow_closed)
+
+lemma pow_res_mult':
+ assumes "n > 0"
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "c \<in> carrier Q\<^sub>p"
+ assumes "d \<in> carrier Q\<^sub>p"
+ assumes "e \<in> carrier Q\<^sub>p"
+ assumes "f \<in> carrier Q\<^sub>p"
+ assumes "pow_res n a = pow_res n d"
+ assumes "pow_res n b = pow_res n e"
+ assumes "pow_res n c = pow_res n f"
+ shows "pow_res n (a \<otimes> b \<otimes> c) = pow_res n (d \<otimes> e \<otimes> f)"
+proof-
+ have "pow_res n (a \<otimes> b) = pow_res n (d \<otimes> e)"
+ using pow_res_mult assms by meson
+ then show ?thesis using pow_res_mult assms
+ by (meson Qp.m_closed)
+qed
+
+lemma pow_res_disjoint:
+ assumes "n > 0"
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "a \<notin> pow_res n \<one>"
+ shows "\<not> (\<exists>y \<in> nonzero Q\<^sub>p. a = y[^]n)"
+ using assms unfolding pow_res_def
+ using Qp.l_one Qp.nonzero_closed by blast
+
+lemma pow_res_disjoint':
+ assumes "n > 0"
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "pow_res n a \<noteq> pow_res n \<one>"
+ shows "\<not> (\<exists>y \<in> nonzero Q\<^sub>p. a = y[^]n)"
+using assms pow_res_disjoint pow_res_refl
+ by (metis pow_res_nth_pow)
+
+lemma pow_res_one_imp_nth_pow:
+ assumes "n > 0"
+ assumes "a \<in> pow_res n \<one>"
+ shows "\<exists>y \<in> nonzero Q\<^sub>p. a = y[^]n"
+ using assms unfolding pow_res_def
+ using Qp.l_one Qp.nat_pow_closed Qp.nonzero_closed by blast
+
+lemma pow_res_eq:
+ assumes "n > 0"
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> pow_res n a"
+ shows "pow_res n b = pow_res n a"
+proof(cases "a = \<zero>")
+ case True
+ then show ?thesis using assms by (metis pow_res_zero singletonD)
+next
+ case False
+ then have a_nonzero: "a \<in> nonzero Q\<^sub>p" using Qp.not_nonzero_memE assms(2) by blast
+ show ?thesis
+ proof(cases "n = 1")
+ case True
+ then show ?thesis using a_nonzero assms
+ using pow_res_one Q\<^sub>p_def Zp_def padic_fields_axioms by blast
+ next
+ case False
+ then have "n \<ge> 2"
+ using assms(1) by linarith
+ then show ?thesis using False a_nonzero assms Qp.nonzero_closed nonzero_pow_res equal_pow_resI
+ by blast
+ qed
+qed
+
+lemma pow_res_classes_n_eq_one:
+"pow_res_classes 1 = {nonzero Q\<^sub>p}"
+ unfolding pow_res_classes_def using pow_res_one Qp.one_nonzero by blast
+
+lemma nth_pow_wits_closed':
+ assumes "n > 0"
+ assumes "x \<in> nth_pow_wits n"
+ shows "x \<in> \<O>\<^sub>p \<and> x \<in> nonzero Q\<^sub>p" using nth_pow_wits_closed
+ assms by blast
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Semialgebraic Sets Defined by Congruences\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>$p$-adic ord Congruence Sets\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+lemma carrier_is_univ_semialgebraic:
+"is_univ_semialgebraic (carrier Q\<^sub>p)"
+ apply(rule is_univ_semialgebraicI)
+ using Qp.to_R1_carrier carrier_is_semialgebraic
+ by presburger
+
+lemma nonzero_is_univ_semialgebraic:
+"is_univ_semialgebraic (nonzero Q\<^sub>p)"
+proof-
+ have "nonzero Q\<^sub>p = carrier Q\<^sub>p - {\<zero>}"
+ unfolding nonzero_def by blast
+ then show ?thesis using diff_is_univ_semialgebraic[of "carrier Q\<^sub>p" "{\<zero>}"]
+ by (metis Diff_empty Diff_insert0 carrier_is_univ_semialgebraic empty_subsetI
+ finite.emptyI finite.insertI finite_is_univ_semialgebraic insert_subset)
+qed
+
+definition ord_congruence_set where
+"ord_congruence_set n a = {x \<in> nonzero Q\<^sub>p. ord x mod n = a}"
+
+lemma ord_congruence_set_nonzero:
+"ord_congruence_set n a \<subseteq> nonzero Q\<^sub>p"
+ by (metis (no_types, lifting) mem_Collect_eq ord_congruence_set_def subsetI)
+
+lemma ord_congruence_set_closed:
+"ord_congruence_set n a \<subseteq> carrier Q\<^sub>p"
+ using nonzero_def ord_congruence_set_nonzero
+ unfolding nonzero_def
+ by (meson Qp.nonzero_closed ord_congruence_set_nonzero subset_iff)
+
+lemma ord_congruence_set_memE:
+ assumes "x \<in> ord_congruence_set n a"
+ shows "x \<in> nonzero Q\<^sub>p"
+ "ord x mod n = a"
+ using assms ord_congruence_set_nonzero apply blast
+ by (metis (mono_tags, lifting) assms mem_Collect_eq ord_congruence_set_def)
+
+lemma ord_congruence_set_memI:
+ assumes "x \<in> nonzero Q\<^sub>p"
+ assumes "ord x mod n = a"
+ shows "x \<in> ord_congruence_set n a"
+ using assms
+ by (metis (mono_tags, lifting) mem_Collect_eq ord_congruence_set_def)
+
+text\<open>
+ We want to prove that ord\_congruence\_set is a finite union of semialgebraic sets,
+ hence is also semialgebraic.
+\<close>
+
+lemma pow_res_ord_cong:
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "x \<in> ord_congruence_set n a"
+ shows "pow_res n x \<subseteq> ord_congruence_set n a"
+proof fix y
+ assume A: "y \<in> pow_res n x"
+ show "y \<in> ord_congruence_set (int n) a"
+ proof-
+ obtain a where a_def: "a \<in> nonzero Q\<^sub>p \<and> y = x \<otimes> (a[^]n)"
+ using A pow_res_def[of n x] by blast
+ have 0: "x \<in> nonzero Q\<^sub>p"
+ using assms(2) ord_congruence_set_memE(1)
+ by blast
+ have 1: "y \<in> nonzero Q\<^sub>p"
+ using A
+ by (metis "0" Qp.integral Qp.nonzero_closed Qp.nonzero_mult_closed Qp_nat_pow_nonzero a_def not_nonzero_Qp)
+ have 2: "ord y = ord x + n* ord a"
+ using a_def 0 1 Qp_nat_pow_nonzero nonzero_nat_pow_ord ord_mult
+ by presburger
+ show ?thesis
+ apply(rule ord_congruence_set_memI)
+ using assms ord_congruence_set_memE 2 1
+ apply blast
+ using "2" assms(2) ord_congruence_set_memE(2)
+ by presburger
+ qed
+qed
+
+lemma pow_res_classes_are_univ_semialgebraic:
+ shows "are_univ_semialgebraic (pow_res_classes n)"
+ apply(rule are_univ_semialgebraicI)
+ using pow_res_classes_univ_semialg by blast
+
+lemma ord_congruence_set_univ_semialg:
+ assumes "n \<ge> 0"
+ shows "is_univ_semialgebraic (ord_congruence_set n a)"
+proof(cases "n = 0")
+ case True
+ have T0: "ord_congruence_set n a = {x \<in> nonzero Q\<^sub>p. ord x = a}"
+ unfolding ord_congruence_set_def True by presburger
+ have T1: "{x \<in> nonzero Q\<^sub>p. ord x = a} = {x \<in> nonzero Q\<^sub>p. val x = a}"
+ apply(rule equalityI'')
+ using val_ord apply blast
+ using val_ord
+ by (metis eint.inject)
+ have T2: "{x \<in> nonzero Q\<^sub>p. val x = a} = {x \<in> carrier Q\<^sub>p. val x = a}"
+ apply(rule equalityI'')
+ using Qp.nonzero_closed apply blast
+ by (metis iless_Suc_eq val_nonzero val_val_ring_prod zero_in_val_ring)
+ show ?thesis unfolding T0 T1 T2 using univ_val_eq_set_is_univ_semialgebraic by blast
+next
+ case False
+ obtain F where F_def: "F = {S \<in> (pow_res_classes (nat n)). S \<subseteq>(ord_congruence_set n a) }"
+ by blast
+ have 0: "F \<subseteq> pow_res_classes (nat n)"
+ using F_def by blast
+ have 1: "finite F"
+ using 0 False nat_mono[of 1 n] nat_numeral[] pow_res_classes_finite[of "nat n"] rev_finite_subset
+ by (smt assms nat_one_as_int)
+ have 2: "are_univ_semialgebraic F"
+ apply(rule are_univ_semialgebraicI) using 0 pow_res_classes_are_univ_semialgebraic
+ by (metis (mono_tags) are_univ_semialgebraicE are_univ_semialgebraic_def assms nat_mono nat_numeral subset_iff)
+ have 3: "\<Union> F = (ord_congruence_set n a)"
+ proof
+ show "\<Union> F \<subseteq> ord_congruence_set n a"
+ using F_def
+ by blast
+ show "ord_congruence_set n a \<subseteq> \<Union> F"
+ proof fix x
+ assume A: "x \<in> ord_congruence_set n a"
+ have x_nonzero: "x \<in> nonzero Q\<^sub>p"
+ using A ord_congruence_set_memE(1) by blast
+ have 0: "pow_res (nat n) x \<in> F"
+ using A pow_res_classes_def F_def
+ by (smt nonzero_def assms mem_Collect_eq nat_0_le ord_congruence_set_memE(1) pow_res_ord_cong)
+ have 1: "x \<in> pow_res (nat n) x" using False x_nonzero assms pow_res_refl[of x "nat n"]
+ using Qp.nonzero_closed by blast
+ show "x \<in> \<Union> F"
+ using 0 1
+ by blast
+ qed
+ qed
+ then show ?thesis
+ using "1" "2" finite_union_is_univ_semialgebraic'
+ by fastforce
+qed
+
+lemma ord_congruence_set_is_semialg:
+ assumes "n \<ge> 0"
+ shows "is_semialgebraic 1 (Qp_to_R1_set (ord_congruence_set n a))"
+ using assms is_univ_semialgebraicE ord_congruence_set_univ_semialg
+ by blast
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>Congruence Sets for the order of the Evaluation of a Polynomial\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+
+lemma poly_map_singleton:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "poly_map n [f] x = [(Qp_ev f x)]"
+ unfolding poly_map_def poly_tuple_eval_def
+ using assms
+ by (metis (no_types, lifting) Cons_eq_map_conv list.simps(8) restrict_apply')
+
+definition poly_cong_set where
+"poly_cong_set n f m a = {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). (Qp_ev f x) \<noteq> \<zero> \<and> (ord (Qp_ev f x) mod m = a)}"
+
+lemma poly_cong_set_as_pullback:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "poly_cong_set n f m a = poly_map n [f] \<inverse>\<^bsub>n\<^esub>(Qp_to_R1_set (ord_congruence_set m a))"
+proof
+ show "poly_cong_set n f m a \<subseteq> poly_map n [f] \<inverse>\<^bsub>n\<^esub> ((\<lambda>a. [a]) ` ord_congruence_set m a)"
+ proof fix x
+ assume A: "x \<in> poly_cong_set n f m a"
+ then have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ by (metis (no_types, lifting) mem_Collect_eq poly_cong_set_def)
+ have 1: "(Qp_ev f x) \<noteq> \<zero> "
+ by (metis (mono_tags, lifting) A mem_Collect_eq poly_cong_set_def)
+ have 2: "(ord (Qp_ev f x) mod m = a)"
+ by (metis (mono_tags, lifting) A mem_Collect_eq poly_cong_set_def)
+ have 3: "(Qp_ev f x) \<in> (ord_congruence_set m a)"
+ using "0" "1" "2" eval_at_point_closed assms not_nonzero_Qp ord_congruence_set_memI
+ by metis
+ show "x \<in> poly_map n [f] \<inverse>\<^bsub>n\<^esub> ((\<lambda>a. [a]) ` ord_congruence_set m a)"
+ proof-
+ have 00: "poly_map n [f] x = [(Qp_ev f x)]"
+ using "0" assms poly_map_singleton by blast
+ have 01: "[eval_at_point Q\<^sub>p x f] \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ using "0" assms eval_at_point_closed Qp.to_R1_closed by blast
+ hence 02: "poly_map n [f] x \<in> (\<lambda>a. [a]) ` ord_congruence_set m a"
+ using 3 "00" by blast
+ then show "x \<in> poly_map n [f] \<inverse>\<^bsub>n\<^esub> ((\<lambda>a. [a]) ` ord_congruence_set m a)"
+ using 0 unfolding evimage_def
+ by blast
+ qed
+ qed
+ show "poly_map n [f] \<inverse>\<^bsub>n\<^esub> (\<lambda>a. [a]) ` ord_congruence_set m a
+ \<subseteq> poly_cong_set n f m a"
+ proof fix x
+ assume A: "x \<in> poly_map n [f] \<inverse>\<^bsub>n\<^esub> ((\<lambda>a. [a]) ` (ord_congruence_set m a))"
+ have 0: "((\<lambda>a. [a]) ` ord_congruence_set m a) \<subseteq> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ using ord_congruence_set_closed Qp.to_R1_carrier by blast
+ have "is_poly_tuple n [f]"
+ using assms unfolding is_poly_tuple_def
+ by (simp add: assms)
+ then have 1:"poly_map n [f] \<inverse>\<^bsub>n\<^esub>((\<lambda>a. [a]) ` ord_congruence_set m a) \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using 0 A assms One_nat_def
+ by (metis extensional_vimage_closed)
+ then have 2: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using A unfolding evimage_def by blast
+ then have 3: "poly_map n [f] x \<in> ((\<lambda>a. [a]) ` ord_congruence_set m a)"
+ using A assms 0 One_nat_def
+ by blast
+ have "poly_map n [f] x = [(Qp_ev f x)]"
+ using "2" assms poly_map_singleton by blast
+ then have "Qp_ev f x \<in> ord_congruence_set m a"
+ using 3
+ by (metis (mono_tags, lifting) image_iff list.inject)
+ then show "x \<in> poly_cong_set n f m a"
+ unfolding poly_cong_set_def
+ by (metis (mono_tags, lifting) "2" Qp.nonzero_memE(2)
+ mem_Collect_eq ord_congruence_set_memE(1) ord_congruence_set_memE(2))
+ qed
+qed
+
+lemma singleton_poly_tuple:
+"is_poly_tuple n [f] \<longleftrightarrow> f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ unfolding is_poly_tuple_def
+ by (metis (no_types, lifting) list.distinct(1) list.set_cases list.set_intros(1) set_ConsD subset_code(1))
+
+lemma poly_cong_set_is_semialgebraic:
+ assumes "m \<ge> 0"
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "is_semialgebraic n (poly_cong_set n f m a)"
+proof-
+ have 0: "(\<lambda>a. [a]) ` ord_congruence_set m a \<in> semialg_sets 1"
+ using assms
+ ord_congruence_set_is_semialg[of m a]
+ unfolding is_semialgebraic_def
+ by blast
+ have 1: "length [f] = 1"
+ by simp
+ hence " poly_map n [f] \<inverse>\<^bsub>n\<^esub> (\<lambda>a. [a]) ` ord_congruence_set m a \<in> semialg_sets n"
+ using 0 singleton_poly_tuple[of n f] zero_neq_one assms
+ pullback_is_semialg[of n "[f]" 1 "(\<lambda>a. [a]) ` ord_congruence_set m a"]
+ unfolding is_semialgebraic_def
+ by blast
+ thus ?thesis using assms poly_cong_set_as_pullback[of f n m a]
+ unfolding is_semialgebraic_def
+ by presburger
+qed
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>Congruence Sets for Angular Components\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+
+text\<open>If a set is a union of \<open>n\<close>-th power residues, then it is semialgebraic.\<close>
+
+lemma pow_res_union_imp_semialg:
+ assumes "n \<ge> 1"
+ assumes "S \<subseteq> nonzero Q\<^sub>p"
+ assumes "\<And>x. x \<in> S \<Longrightarrow> pow_res n x \<subseteq> S"
+ shows "is_univ_semialgebraic S"
+proof-
+ obtain F where F_def: "F = {T. T \<in> pow_res_classes n \<and> T \<subseteq> S}"
+ by blast
+ have 0: "F \<subseteq> pow_res_classes n"
+ using F_def by blast
+ have 1: "finite F"
+ using 0 pow_res_classes_finite[of n] assms(1) finite_subset
+ by auto
+ have 2: "are_univ_semialgebraic F"
+ using 0
+ by (meson are_univ_semialgebraicE are_univ_semialgebraicI assms(1)
+ pow_res_classes_are_univ_semialgebraic padic_fields_axioms subsetD)
+ have 3: "S = \<Union> F"
+ proof
+ show "S \<subseteq> \<Union> F"
+ proof fix x
+ assume A: "x \<in> S"
+ then have "pow_res n x \<subseteq> S"
+ using assms(3) by blast
+ then have "pow_res n x \<in> F"
+ using A assms(2) F_def pow_res_classes_def
+ by (smt mem_Collect_eq subsetD)
+ then have "pow_res n x \<subseteq> \<Union> F"
+ by blast
+ then show "x \<in> \<Union> F"
+ using A assms(1) assms(2) pow_res_refl[of x n] unfolding nonzero_def by blast
+ qed
+ show "\<Union> F \<subseteq> S"
+ using F_def
+ by blast
+ qed
+ show ?thesis
+ using 1 2 3 finite_union_is_univ_semialgebraic'
+ by blast
+qed
+
+definition ac_cong_set1 where
+"ac_cong_set1 n y = {x \<in> carrier Q\<^sub>p. x \<noteq> \<zero> \<and> ac n x = ac n y}"
+
+lemma ac_cong_set1_is_univ_semialg:
+ assumes "n > 0"
+ assumes "b \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ shows "is_univ_semialgebraic (ac_cong_set1 n b)"
+proof(cases "n = 1 \<and> p = 2")
+ case True
+ have "(ac_cong_set1 n b) = nonzero Q\<^sub>p"
+ proof
+ have 0: "Units (Zp_res_ring n) = {1}"
+ proof show "Units (Zp_res_ring n) \<subseteq> {1}"
+ proof fix x assume A: "x \<in> Units (Zp_res_ring n)"
+ have 0: "carrier (Zp_res_ring n) = {0..(int 2) - 1}"
+ using True
+ by (metis assms(1) int_ops(3) p_residues power_one_right residues.res_carrier_eq)
+ have 1: "carrier (Zp_res_ring n) = {0..(1::int)}"
+ proof- have "int 2 - 1 = (1::int)"
+ by linarith
+ then show ?thesis
+ using 0
+ by presburger
+ qed
+ have 15: "{0..(1::int)} = {0, (1::int)}"
+ using atLeastAtMostPlus1_int_conv [of 0 "0::int"]
+ by (smt atLeastAtMost_singleton insert_commute)
+ have 2: "carrier (Zp_res_ring n) = {0,(1::int)}"
+ using "1" "15"
+ by blast
+ have 3: "0 \<notin> Units (Zp_res_ring n)"
+ using True zero_not_in_residue_units by blast
+ have "x \<in> carrier (Zp_res_ring n)"
+ using A unfolding Units_def by blast
+ then have "x = 1" using A 2 3
+ by (metis "1" atLeastAtMost_iff atLeastatMost_empty
+ atLeastatMost_empty_iff2 linorder_neqE_linordered_idom mod_by_1 mod_pos_pos_trivial )
+ then show "x \<in> {1}"
+ by simp
+ qed
+ show "{1} \<subseteq> Units (Zp_res_ring n)"
+ by (meson assms(1) empty_subsetI insert_subset residue_1_unit(1))
+ qed
+ show "ac_cong_set1 n b \<subseteq> nonzero Q\<^sub>p"
+ by (metis (mono_tags, lifting) ac_cong_set1_def mem_Collect_eq not_nonzero_Qp subsetI)
+ show "nonzero Q\<^sub>p \<subseteq> ac_cong_set1 n b"
+ proof fix x
+ assume A: "x \<in> nonzero Q\<^sub>p"
+ then have P0: "ac n x = 1"
+ using 0 ac_units assms(1) by blast
+ have P1: "ac n b = 1"
+ using assms 0 ac_units assms(1) by blast
+ then have "ac n x = ac n b"
+ using P0 by metis
+ then show " x \<in> ac_cong_set1 n b"
+ unfolding ac_cong_set1_def using A
+ proof -
+ have "x \<in> {r \<in> carrier Q\<^sub>p. r \<noteq> \<zero>}"
+ by (metis (no_types) \<open>x \<in> nonzero Q\<^sub>p\<close> nonzero_def )
+ then show "x \<in> {r \<in> carrier Q\<^sub>p. r \<noteq> \<zero> \<and> ac n r = ac n b}"
+ using \<open>ac n x = ac n b\<close> by force
+ qed
+ qed
+ qed
+ then show "is_univ_semialgebraic (ac_cong_set1 n b)"
+ by (simp add: nonzero_is_univ_semialgebraic)
+next
+ case F: False
+ have F0: "2 \<le> card (Units (Zp_res_ring n))"
+ proof(cases "n = 1")
+ case True
+ then have "field (Zp_res_ring n)"
+ using p_res_ring_1_field by blast
+ then have F00: "Units (Zp_res_ring n) = carrier (Zp_res_ring n) - {\<zero>\<^bsub>Zp_res_ring n\<^esub>}"
+ using field.field_Units by blast
+ have F01: "\<zero>\<^bsub>Zp_res_ring n\<^esub> \<in> carrier (Zp_res_ring n)"
+ using assms(1) cring.cring_simprules(2) padic_integers.R_cring padic_integers_axioms by blast
+ have F02: "card (carrier (Zp_res_ring n)) = p \<and> finite (carrier (Zp_res_ring n))"
+ by (smt F01 True nat_eq_iff2 p_res_ring_zero p_residue_ring_car_memE(1) power_one_right residue_ring_card)
+ have F03: "\<zero>\<^bsub>residue_ring (p ^ n)\<^esub> \<in> carrier (residue_ring (p ^ n)) "
+ using F01 by blast
+ have F04: "int (card (carrier (residue_ring (p ^ n)))) \<ge> int (card {\<zero>\<^bsub>residue_ring (p ^ n)\<^esub>}) "
+ by (smt F02 F03 nat_int of_nat_0_le_iff of_nat_1 of_nat_power p_res_ring_0 p_res_ring_zero
+ p_residue_ring_car_memE(1) power_increasing power_one_right residue_ring_card)
+ have "card (carrier (residue_ring (p ^ n))) - 1 = p - 1"
+ using F02 prime
+ by (metis Totient.of_nat_eq_1_iff True less_imp_le_nat less_one nat_int nat_less_eq_zless
+ of_nat_1 of_nat_diff of_nat_zero_less_power_iff p_residues pos_int_cases
+ power_0 power_one_right residue_ring_card residues.m_gt_one zero_le_one)
+ hence F05: "card (carrier (residue_ring (p ^ n)) - {\<zero>\<^bsub>residue_ring (p ^ n)\<^esub>}) = p - 1"
+ using F02 F03 F04 card_Diff_singleton_if[of "(carrier (Zp_res_ring n))" "\<zero>\<^bsub>residue_ring (p^n)\<^esub>"]
+ True int_ops(6)[of "card (carrier (residue_ring (p ^ n)))" "card {\<zero>\<^bsub>residue_ring (p ^ n)\<^esub>}"]
+ p_res_ring_zero p_residue_ring_car_memE(1)
+ by (metis)
+ hence F06: "card (Units (Zp_res_ring n)) = p -1"
+ using True F02 F01 F00
+ by (metis p_res_ring_zero)
+ have F04: "p - 1 \<ge>2 "
+ using F prime
+ by (meson True linorder_cases not_less prime_ge_2_int zle_diff1_eq)
+ then show ?thesis
+ using F03 F06
+ by linarith
+ next
+ case False
+ then show ?thesis
+ by (metis assms(1) less_imp_le_nat mod2_gr_0 mod_less nat_le_linear nat_neq_iff residue_units_card_geq_2)
+ qed
+ show ?thesis
+ apply(rule pow_res_union_imp_semialg[of "card (Units (Zp_res_ring n))"])
+ using F0 assms apply linarith
+ apply (metis (mono_tags, lifting) ac_cong_set1_def mem_Collect_eq not_nonzero_Qp subsetI)
+proof-
+ fix x
+ assume AA: "x \<in> ac_cong_set1 n b"
+ show "pow_res (card (Units (Zp_res_ring n))) x \<subseteq> ac_cong_set1 n b"
+ proof
+ fix y
+ assume A: "y \<in> pow_res (card (Units (Zp_res_ring n))) x"
+ show "y \<in> ac_cong_set1 n b"
+ proof-
+ obtain k where k_def: "k = card (Units (Zp_res_ring n))"
+ by blast
+ have "k \<ge>2"
+ using assms k_def F F0 by blast
+ then obtain a where a_def: "a \<in> nonzero Q\<^sub>p \<and> y = x \<otimes> (a[^]k)"
+ using k_def A pow_res_def[of k x]
+ by blast
+ have 0: "x \<in> nonzero Q\<^sub>p"
+ using AA ac_cong_set1_def
+ by (metis (mono_tags, lifting) mem_Collect_eq not_nonzero_Qp)
+ have 1: "y \<in> nonzero Q\<^sub>p"
+ by (metis "0" Qp.Units_m_closed Qp_nat_pow_nonzero Units_eq_nonzero \<open>\<And>thesis. (\<And>a. a \<in> nonzero Q\<^sub>p \<and> y = x \<otimes> a [^] k \<Longrightarrow> thesis) \<Longrightarrow> thesis\<close>)
+ have "ac n y = ac n x \<otimes>\<^bsub>Zp_res_ring n\<^esub> ac n (a[^]k)"
+ using a_def 0 1 Qp_nat_pow_nonzero ac_mult'
+ by blast
+ then have 2: "ac n y = ac n x \<otimes>\<^bsub>Zp_res_ring n\<^esub> (ac n a)[^]\<^bsub>Zp_res_ring n\<^esub> k"
+ proof-
+ have "ac n (a[^]k) = ac n a [^]\<^bsub>Zp_res_ring n\<^esub> k"
+ using a_def assms(1) ac_nat_pow'[of a n k]
+ by linarith
+ then show ?thesis
+ using \<open>ac n y = ac n x \<otimes>\<^bsub>Zp_res_ring n\<^esub> ac n (a[^]k)\<close>
+ by presburger
+ qed
+ then have "ac n y = ac n x"
+ proof-
+ have "(ac n a) \<in> Units (Zp_res_ring n)"
+ by (metis (mono_tags, opaque_lifting) a_def ac_units assms(1) )
+ then have "(ac n a)^k mod (p^n) = 1"
+ using k_def a_def ac_nat_pow ac_nat_pow' assms(1) residue_units_nilpotent
+ using neq0_conv by presburger
+ then have 00: "(ac n a)[^]\<^bsub>Zp_res_ring n\<^esub> k = 1"
+ by (metis a_def ac_nat_pow ac_nat_pow' mod_by_1 power_0
+ zero_neq_one)
+ have "ac n x \<otimes>\<^bsub>residue_ring (p ^ n)\<^esub> ac n a [^]\<^bsub>residue_ring (p ^ n)\<^esub> k = ac n x \<otimes>\<^bsub>Zp_res_ring n\<^esub> \<one>\<^bsub>Zp_res_ring n\<^esub>"
+ using 00 assms(1) p_res_ring_one by presburger
+ hence "ac n x \<otimes>\<^bsub>residue_ring (p ^ n)\<^esub> ac n a [^]\<^bsub>residue_ring (p ^ n)\<^esub> k = ac n x"
+ by (metis "0" Qp.nonzero_closed Qp.one_nonzero Qp.r_one ac_mult' ac_one' assms(1))
+ then show ?thesis
+ using 2 "0" 00
+ by linarith
+ qed
+ then show ?thesis
+ using "1" AA nonzero_def
+ ac_cong_set1_def[of n b] mem_Collect_eq
+ by smt
+ qed
+ qed
+qed
+qed
+
+definition ac_cong_set where
+"ac_cong_set n k = {x \<in> carrier Q\<^sub>p. x \<noteq> \<zero> \<and> ac n x = k}"
+
+lemma ac_cong_set_is_univ_semialg:
+ assumes "n >0 "
+ assumes "k \<in> Units (Zp_res_ring n)"
+ shows "is_univ_semialgebraic (ac_cong_set n k)"
+proof-
+ have "k \<in> carrier (Zp_res_ring n)"
+ using assms(2) Units_def[of "Zp_res_ring n"]
+ by blast
+ then have k_n: "([k]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>) n = k"
+ using assms
+ by (metis Zp_int_inc_res mod_pos_pos_trivial p_residue_ring_car_memE(1) p_residue_ring_car_memE(2))
+ obtain b where b_def: "b = \<iota> ([k]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>)"
+ by blast
+ have 0: "k mod p \<noteq> 0"
+ using assms residue_UnitsE[of n k]
+ by (metis le_eq_less_or_eq le_refl less_one nat_le_linear p_residues power_0
+ power_one_right residues.mod_in_res_units residues_def zero_less_one
+ zero_neq_one zero_not_in_residue_units zero_power)
+ then have "val_Zp ([k]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>) = 0"
+ using val_Zp_p_int_unit by blast
+ then have 1: "val b = 0"
+ by (metis Zp_int_inc_closed b_def val_of_inc)
+ have 2: "b \<in> \<O>\<^sub>p"
+ using b_def Zp_int_mult_closed
+ by blast
+ have "ord_Zp ([k] \<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>) = 0"
+ using 0 ord_Zp_p_int_unit by blast
+ have "ac_Zp ([k]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>) = ([k]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>)"
+ using "0" Zp_int_inc_closed ac_Zp_of_Unit ord_Zp_p_int_unit \<open>val_Zp ([k] \<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>) = 0\<close>
+ by blast
+ then have "(angular_component b) = ([k]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>)"
+ using b_def 1 2 angular_component_ord_zero[of b]
+ by (metis Qp.int_inc_zero Qp.one_closed val_ring_memE Zp.int_inc_zero Zp.one_closed
+ Zp.one_nonzero Zp_int_inc_closed angular_component_of_inclusion inc_closed inc_of_int
+ inc_of_one inc_to_Zp local.val_zero not_nonzero_Qp val_ineq val_one zero_in_val_ring)
+ then have "ac n b = k"
+ using ac_def[of n b] k_n
+ by (metis Qp_char_0_int Zp_defs(1) ac_def b_def inc_of_int inc_of_one)
+ then have 3: "(ac_cong_set n k) = (ac_cong_set1 n b)"
+ unfolding ac_cong_set_def ac_cong_set1_def
+ by meson
+ have 4: "b \<in> nonzero Q\<^sub>p"
+ using 1 2 val_nonzero
+ by (metis Qp.one_closed val_ring_memE Zp_def \<iota>_def local.one_neq_zero
+ not_nonzero_Qp padic_fields.val_ring_memE padic_fields_axioms val_ineq val_one)
+ then show ?thesis
+ using 1 2 3 assms ac_cong_set1_is_univ_semialg[of n b] val_nonzero[of b 1]
+ by presburger
+qed
+
+definition val_ring_constant_ac_set where
+"val_ring_constant_ac_set n k = {a \<in> \<O>\<^sub>p. val a = 0 \<and> ac n a = k}"
+
+lemma val_nonzero':
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "val a = eint k"
+ shows "a \<in> nonzero Q\<^sub>p"
+ using val_nonzero[of a "k + 1"]
+ by (metis Suc_ile_eq assms(1) assms(2) eint_ord_code(3) val_nonzero)
+
+lemma val_ord':
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "a \<noteq>\<zero>"
+ shows "val a = ord a"
+ by (meson assms(1) assms(2) not_nonzero_Qp val_ord)
+
+lemma val_ring_constant_ac_set_is_univ_semialgebraic:
+ assumes "n > 0"
+ assumes "k \<noteq> 0"
+ shows "is_univ_semialgebraic (val_ring_constant_ac_set n k)"
+proof(cases "val_ring_constant_ac_set n k = {}")
+ case True
+ then show ?thesis
+ by (metis equals0D order_refl pow_res_union_imp_semialg subsetI)
+next
+ case False
+ then obtain b where b_def: "b \<in> val_ring_constant_ac_set n k"
+ by blast
+ have 0: "val_ring_constant_ac_set n k = q_ball n k 0 \<zero>"
+ proof
+ show "val_ring_constant_ac_set n k \<subseteq> q_ball n k 0 \<zero>"
+ proof fix x assume A: "x \<in> val_ring_constant_ac_set n k" then
+ show "x \<in> q_ball n k 0 \<zero>"
+ proof-
+ have 0: "x \<in> \<O>\<^sub>p \<and> val x = 0 \<and> ac n x = k"
+ using A
+ unfolding val_ring_constant_ac_set_def
+ by blast
+ then have x_car: "x \<in> carrier Q\<^sub>p"
+ using val_ring_memE
+ by blast
+ then have 00: "x = x \<ominus> \<zero>"
+ using Qp.ring_simprules by metis
+ then have 1: "ac n (x \<ominus>\<^bsub>Q\<^sub>p\<^esub> \<zero>) = k"
+ using 0
+ by presburger
+ have 2: "val (x \<ominus>\<^bsub>Q\<^sub>p\<^esub> \<zero>) = 0"
+ using 0 00
+ by metis
+ have 3: "x \<in> nonzero Q\<^sub>p"
+ proof(rule ccontr)
+ assume " x \<notin> nonzero Q\<^sub>p "
+ then have "x = \<zero>"
+ using Qp.nonzero_memI x_car by blast
+ then show False
+ using 0 val_zero
+ by (metis ac_def assms(2))
+ qed
+ have 4: "ord (x \<ominus>\<^bsub>Q\<^sub>p\<^esub> \<zero>) = 0"
+ proof(rule ccontr)
+ assume "ord (x \<ominus> \<zero>) \<noteq> 0"
+ then have "val (x \<ominus> \<zero>) \<noteq> 0"
+ by (metis "00" "3" Qp.one_closed equal_val_imp_equal_ord(1) ord_one val_one)
+ then show False
+ using "2"
+ by blast
+ qed
+ show ?thesis
+ using 0 1 4
+ unfolding q_ball_def
+ using x_car by blast
+ qed
+ qed
+ show "q_ball n k 0 \<zero> \<subseteq> val_ring_constant_ac_set n k"
+ proof fix x
+ assume A: "x \<in> q_ball n k 0 \<zero>"
+ then have 0: "ac n (x \<ominus>\<^bsub>Q\<^sub>p\<^esub> \<zero>) = k"
+ using q_ballE'(1) by blast
+ have 1: "ord (x \<ominus>\<^bsub>Q\<^sub>p\<^esub> \<zero>) = 0"
+ using q_ball_def A
+ by blast
+ have 2: "x \<in> carrier Q\<^sub>p"
+ using A q_ball_def by blast
+ have 3: "ord x = 0"
+ using 2 1 ring.ring_simprules[of Q\<^sub>p]
+ by (metis Qp.ring_axioms)
+ have 4: "ac n x = k"
+ using 0 2 1 cring.axioms(1)[of Q\<^sub>p] ring.ring_simprules[of Q\<^sub>p]
+ by (metis Qp.ring_axioms)
+ have 5: "x \<in> \<O>\<^sub>p"
+ using Qp_val_ringI[of x] 2 3 val_ord val_nonzero'
+ by (metis Qp.integral_iff val_ring_memE Zp.nonzero_closed angular_component_closed
+ angular_component_ord_zero image_eqI local.numer_denom_facts(1) local.numer_denom_facts(2)
+ local.numer_denom_facts(4) not_nonzero_Qp)
+ have 6: "x \<noteq> \<zero>"
+ using 4 assms ac_def[of n x]
+ by meson
+ have 7: "val x = 0"
+ using 6 3 2 assms val_ord' zero_eint_def by presburger
+ show " x \<in> val_ring_constant_ac_set n k"
+ unfolding val_ring_constant_ac_set_def
+ using 7 6 5 4
+ by blast
+ qed
+ qed
+ obtain b where b_def: "b \<in> q_ball n k (0::int) \<zero>"
+ using "0" b_def by blast
+ have 1: "b \<in> carrier Q\<^sub>p \<and> ac n b = k"
+ using b_def unfolding q_ball_def
+ by (metis (mono_tags, lifting) "0" b_def mem_Collect_eq val_ring_constant_ac_set_def)
+ then have 2: "b \<in> nonzero Q\<^sub>p"
+ using 1 assms
+ by (metis ac_def not_nonzero_Qp)
+ have "q_ball n k 0 \<zero> = B\<^bsub>0 + int n\<^esub>[b]"
+ using 1 b_def nonzero_def [of Q\<^sub>p] assms 0 2 c_ball_q_ball[of b n k "\<zero>" b 0]
+ by (meson Qp.cring_axioms cring.cring_simprules(2))
+ then have "is_univ_semialgebraic (q_ball n k (0::int) \<zero>) "
+ using 1 ball_is_univ_semialgebraic[of b "0 + int n"]
+ by metis
+ then show ?thesis
+ using 0 by presburger
+qed
+
+definition val_ring_constant_ac_sets where
+"val_ring_constant_ac_sets n = val_ring_constant_ac_set n ` (Units (Zp_res_ring n))"
+
+lemma val_ring_constant_ac_sets_are_univ_semialgebraic:
+ assumes "n > 0"
+ shows "are_univ_semialgebraic (val_ring_constant_ac_sets n)"
+proof(rule are_univ_semialgebraicI)
+ have 0: "\<not> coprime 0 p"
+ using coprime_0_right_iff[of p] coprime_commute[of p 0] coprime_int_iff[of "nat p" 0]
+ nat_dvd_1_iff_1 prime_gt_1_nat zdvd1_eq
+ by (metis not_prime_unit prime)
+ have "(0::int) \<notin>(Units (Zp_res_ring n))"
+ apply(rule ccontr)
+ using 0 assms residues.cring[of "p ^ n"] unfolding residues_def
+ by (smt less_one not_gr_zero power_le_imp_le_exp power_less_imp_less_exp residue_UnitsE)
+ fix x
+ assume A: "x \<in> val_ring_constant_ac_sets n"
+ then obtain k where k_def: "x = val_ring_constant_ac_set n k \<and> k \<in> Units (Zp_res_ring n)"
+ by (metis image_iff val_ring_constant_ac_sets_def)
+ then show "is_univ_semialgebraic x"
+ using assms
+ by (metis \<open>0 \<notin> Units (Zp_res_ring n)\<close> val_ring_constant_ac_set_is_univ_semialgebraic)
+qed
+
+definition ac_cong_set3 where
+"ac_cong_set3 n = {as. \<exists> a b. a \<in> nonzero Q\<^sub>p \<and> b \<in> \<O>\<^sub>p \<and> val b = 0 \<and> (ac n a = ac n b) \<and> as = [a, b] }"
+
+definition ac_cong_set2 where
+"ac_cong_set2 n k = {as. \<exists> a b. a \<in> nonzero Q\<^sub>p \<and> b \<in> \<O>\<^sub>p \<and> val b = 0 \<and> (ac n a = k) \<and> (ac n b) = k \<and> as = [a, b] }"
+
+lemma ac_cong_set2_cartesian_product:
+ assumes "k \<in> Units (Zp_res_ring n)"
+ assumes "n > 0"
+ shows "ac_cong_set2 n k = cartesian_product (to_R1` (ac_cong_set n k)) (to_R1` (val_ring_constant_ac_set n k))"
+proof
+ show "ac_cong_set2 n k \<subseteq> cartesian_product ((\<lambda>a. [a]) ` ac_cong_set n k) ((\<lambda>a. [a]) ` val_ring_constant_ac_set n k)"
+ proof fix x
+ assume A: "x \<in> ac_cong_set2 n k"
+ show "x \<in> (cartesian_product ((\<lambda>a. [a]) ` ac_cong_set n k) ((\<lambda>a. [a]) ` val_ring_constant_ac_set n k))"
+ unfolding ac_cong_set_def val_ring_constant_ac_set_def ac_cong_set2_def
+ apply(rule cartesian_product_memI[of _ Q\<^sub>p 1 _ 1])
+ apply (metis (mono_tags, lifting) mem_Collect_eq subsetI Qp.to_R1_car_subset)
+ apply (metis (no_types, lifting) val_ring_memE mem_Collect_eq subsetI Qp.to_R1_car_subset)
+ proof-
+ obtain a b where ab_def: "x = [a,b] \<and> a \<in> nonzero Q\<^sub>p \<and> b \<in> \<O>\<^sub>p \<and> val b = 0 \<and> (ac n a = k) \<and> (ac n b) = k"
+ using A
+ unfolding ac_cong_set_def val_ring_constant_ac_set_def ac_cong_set2_def
+ by blast
+ have 0: "take 1 x = [a]"
+ by (simp add: ab_def)
+ have 1: "drop 1 x = [b]"
+ by (simp add: ab_def)
+ have 2: "a \<in> {x \<in> carrier Q\<^sub>p. x \<noteq> \<zero> \<and> ac n x = k}"
+ using ab_def nonzero_def
+ by (smt mem_Collect_eq)
+ have 3: "b \<in> {a \<in> \<O>\<^sub>p. val a = 0 \<and> ac n a = k}"
+ using ab_def
+ by blast
+ show "take 1 x \<in> (\<lambda>a. [a]) ` {x \<in> carrier Q\<^sub>p. x \<noteq> \<zero> \<and> ac n x = k}"
+ using 0 2 by blast
+ show "drop 1 x \<in> (\<lambda>a. [a]) ` {a \<in> \<O>\<^sub>p. val a = 0 \<and> ac n a = k}"
+ using 1 3 by blast
+ qed
+ qed
+ show "cartesian_product ((\<lambda>a. [a]) ` ac_cong_set n k) ((\<lambda>a. [a]) ` val_ring_constant_ac_set n k) \<subseteq> ac_cong_set2 n k"
+ proof fix x
+ have 0: "(\<lambda>a. [a]) ` ac_cong_set n k \<subseteq> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ using assms
+ by (metis (no_types, lifting) ac_cong_set_def mem_Collect_eq subsetI Qp.to_R1_car_subset)
+ have 1: "((\<lambda>a. [a]) ` val_ring_constant_ac_set n k) \<subseteq> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ by (smt val_ring_memE mem_Collect_eq subsetI Qp.to_R1_carrier Qp.to_R1_subset val_ring_constant_ac_set_def)
+ assume A: "x \<in> cartesian_product ((\<lambda>a. [a]) ` ac_cong_set n k) ((\<lambda>a. [a]) ` val_ring_constant_ac_set n k)"
+ then have "length x = 2"
+ using 0 1 A cartesian_product_closed[of "((\<lambda>a. [a]) ` ac_cong_set n k)" Q\<^sub>p 1 "((\<lambda>a. [a]) ` val_ring_constant_ac_set n k)" 1]
+ by (metis (no_types, lifting) cartesian_power_car_memE one_add_one subset_iff)
+ then obtain a b where ab_def: "take 1 x = [a] \<and> drop 1 x = [b]"
+ by (metis One_nat_def add_diff_cancel_left' drop0 drop_Cons_numeral numerals(1) pair_id plus_1_eq_Suc take0 take_Cons_numeral)
+ have 2: " a \<in> (ac_cong_set n k) \<and> b \<in> (val_ring_constant_ac_set n k)"
+ proof-
+ have P0: "take 1 x \<in> (\<lambda>a. [a]) ` ac_cong_set n k"
+ using 0 A cartesian_product_memE[of x "((\<lambda>a. [a]) ` ac_cong_set n k) " " ((\<lambda>a. [a]) ` val_ring_constant_ac_set n k)" Q\<^sub>p 1]
+ by blast
+ have P1: "drop 1 x \<in> (\<lambda>a. [a]) ` val_ring_constant_ac_set n k"
+ using 0 A cartesian_product_memE[of x "((\<lambda>a. [a]) ` ac_cong_set n k) " " ((\<lambda>a. [a]) ` val_ring_constant_ac_set n k)" Q\<^sub>p 1]
+ by blast
+ have P2: "[a] \<in> (\<lambda>a. [a]) ` ac_cong_set n k"
+ using P0 ab_def
+ by metis
+ have P3: "[b] \<in> (\<lambda>a. [a]) ` val_ring_constant_ac_set n k"
+ using P1 ab_def by metis
+ show ?thesis
+ using P2 P3
+ by blast
+ qed
+ have 3: "a \<in> nonzero Q\<^sub>p"
+ using 2 assms nonzero_def [of Q\<^sub>p] ac_cong_set_def[of n k]
+ by blast
+ have 4: "x = [a,b]"
+ by (metis (no_types, lifting) \<open>length x = 2\<close> ab_def less_numeral_extra(1) nth_Cons_0 nth_take nth_via_drop pair_id)
+ then have "\<exists>a b. a \<in> nonzero Q\<^sub>p \<and> b \<in> \<O>\<^sub>p \<and> val b = 0 \<and> ac n a = k \<and> ac n b = k \<and> x = [a, b]"
+ using 2 3 ab_def unfolding val_ring_constant_ac_set_def ac_cong_set_def
+ by blast
+ then show "x \<in> ac_cong_set2 n k"
+ unfolding ac_cong_set2_def val_ring_constant_ac_set_def ac_cong_set_def
+ by blast
+ qed
+qed
+
+lemma ac_cong_set2_is_semialg:
+ assumes "k \<in> Units (Zp_res_ring n)"
+ assumes "n > 0"
+ shows "is_semialgebraic 2 (ac_cong_set2 n k)"
+ using ac_cong_set_is_univ_semialg ac_cong_set2_cartesian_product[of k n]
+ cartesian_product_is_semialgebraic[of 1 "((\<lambda>a. [a]) ` ac_cong_set n k)" 1 " ((\<lambda>a. [a]) ` val_ring_constant_ac_set n k)"]
+ by (metis assms(1) assms(2) is_univ_semialgebraicE less_one less_or_eq_imp_le nat_neq_iff
+ one_add_one val_ring_constant_ac_set_is_univ_semialgebraic zero_not_in_residue_units)
+
+lemma ac_cong_set3_as_union:
+ assumes "n > 0"
+ shows "ac_cong_set3 n = \<Union> (ac_cong_set2 n ` (Units (Zp_res_ring n)) )"
+proof
+ show "ac_cong_set3 n \<subseteq> \<Union> (ac_cong_set2 n ` Units (Zp_res_ring n))"
+ proof fix x assume A: "x \<in> ac_cong_set3 n"
+ then have 0: "x \<in> (ac_cong_set2 n (ac n (x!0)))"
+ unfolding ac_cong_set2_def ac_cong_set3_def
+ by (smt mem_Collect_eq nth_Cons_0)
+ have 1: "(ac n (x!0)) \<in> Units (Zp_res_ring n)"
+ using A unfolding ac_cong_set3_def
+ by (smt ac_units assms mem_Collect_eq nth_Cons_0)
+ then show "x \<in> \<Union> (ac_cong_set2 n ` Units (Zp_res_ring n))"
+ using 0
+ by blast
+ qed
+ show "\<Union> (ac_cong_set2 n ` Units (Zp_res_ring n)) \<subseteq> ac_cong_set3 n"
+ proof fix x assume A: "x \<in> \<Union> (ac_cong_set2 n ` Units (Zp_res_ring n))"
+ obtain k where k_def: "x \<in> (ac_cong_set2 n k) \<and> k \<in> (Units (Zp_res_ring n))"
+ using A by blast
+ have 0: "k mod p \<noteq> 0"
+ using k_def One_nat_def Suc_le_eq assms less_numeral_extra(1)
+ power_one_right residues.m_gt_one residues.mod_in_res_units
+ by (metis p_residues residue_UnitsE zero_not_in_residue_units)
+ obtain b where b_def: "b = ([k]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>)"
+ by blast
+ have "k \<noteq>0"
+ using 0 mod_0
+ by blast
+ then have 1: "b \<in> nonzero Z\<^sub>p"
+ using 0 b_def int_unit
+ by (metis Zp.Units_nonzero Zp.zero_not_one)
+ have 10: "ord_Zp b = 0" using 0 1
+ using b_def ord_Zp_p_int_unit by blast
+ have 2: "\<iota> b \<in> nonzero Q\<^sub>p" using k_def
+ using "1" inc_of_nonzero by blast
+ have 3: "angular_component (\<iota> b) = ac_Zp b"
+ using "1" angular_component_of_inclusion
+ by blast
+ have 4: "ac_Zp b = b"
+ using 1 10
+ by (metis "3" Zp.r_one ac_Zp_factors' angular_component_closed inc_of_nonzero int_pow_0 mult_comm ord_Zp_def)
+ have 5: "ac_Zp b n = k"
+ proof-
+ have "k \<in> carrier (Zp_res_ring n)"
+ using k_def unfolding Units_def by blast
+ then show ?thesis
+ using b_def k_def 4 Zp_int_inc_res mod_pos_pos_trivial
+ by (metis p_residue_ring_car_memE(1) p_residue_ring_car_memE(2))
+ qed
+ then have "ac n (\<iota> b) = k"
+ using 10 1 2 3 4 unfolding ac_def
+ using Qp.not_nonzero_memI by metis
+ then show "x \<in> ac_cong_set3 n"
+ unfolding ac_cong_set3_def
+ using k_def unfolding ac_cong_set2_def
+ by (smt mem_Collect_eq)
+ qed
+qed
+
+lemma ac_cong_set3_is_semialgebraic:
+ assumes "n > 0"
+ shows "is_semialgebraic 2 (ac_cong_set3 n)"
+proof-
+ have 0: "finite (ac_cong_set2 n ` (Units (Zp_res_ring n)) )"
+ using assms residues.finite_Units[of "p^n"] unfolding residues_def
+ using p_residues residues.finite_Units by blast
+ have 1: "are_semialgebraic 2 (ac_cong_set2 n ` (Units (Zp_res_ring n)) )"
+ apply(rule are_semialgebraicI)
+ using ac_cong_set2_is_semialg assms by blast
+ show ?thesis
+ using 0 1 ac_cong_set3_as_union
+ by (metis (no_types, lifting) are_semialgebraicE assms finite_union_is_semialgebraic' is_semialgebraicE subsetI)
+qed
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Permutations of indices of semialgebraic sets\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+lemma fun_inv_permute:
+ assumes "\<sigma> permutes {..<n}"
+ shows "fun_inv \<sigma> permutes {..<n}"
+ "\<sigma> \<circ> (fun_inv \<sigma>) = id"
+ "(fun_inv \<sigma>) \<circ> \<sigma> = id"
+ using assms unfolding fun_inv_def
+ using permutes_inv apply blast
+ using assms permutes_inv_o(1) apply blast
+ using assms permutes_inv_o(2) by blast
+
+lemma poly_tuple_pullback_eq_poly_map_vimage:
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = m"
+ assumes "S \<subseteq> carrir (Q\<^sub>p\<^bsup>m\<^esup>)"
+ shows "poly_map n fs \<inverse>\<^bsub>n\<^esub> S = poly_tuple_pullback n S fs"
+ unfolding poly_map_def poly_tuple_pullback_def evimage_def restrict_def
+ using assms
+ by (smt vimage_inter_cong)
+
+lemma permutation_is_semialgebraic:
+ assumes "is_semialgebraic n S"
+ assumes "\<sigma> permutes {..<n}"
+ shows "is_semialgebraic n (permute_list \<sigma> ` S)"
+proof-
+ have "S \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using assms gen_boolean_algebra_subset is_semialgebraic_def semialg_sets_def
+ by blast
+ then have "(permute_list \<sigma> ` S) = poly_tuple_pullback n S (permute_list (fun_inv \<sigma>) (pvar_list Q\<^sub>p n))"
+ using Qp.cring_axioms assms pullback_by_permutation_of_poly_list'[of \<sigma> n S] unfolding poly_map_def
+ by blast
+ then have 0: "(permute_list \<sigma> ` S) = poly_tuple_pullback n S (permute_list (fun_inv \<sigma>) (pvar_list Q\<^sub>p n))"
+ using poly_tuple_pullback_def
+ by blast
+ have 1: "(fun_inv \<sigma>) permutes {..<n}"
+ using assms unfolding fun_inv_def
+ using permutes_inv by blast
+ then show ?thesis using 1 pullback_is_semialg[of n "(permute_list (fun_inv \<sigma>) (pvar_list Q\<^sub>p n))"]
+ permutation_of_poly_list_is_poly_list[of n "(pvar_list Q\<^sub>p n)" "fun_inv \<sigma>"]
+ pvar_list_is_poly_tuple[of n] assms poly_tuple_pullback_eq_poly_map_vimage
+ by (metis "0" \<open>S \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)\<close> is_semialgebraic_def length_permute_list pvar_list_length)
+qed
+
+lemma permute_list_closed:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "\<sigma> permutes {..<n}"
+ shows "permute_list \<sigma> a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ using assms cartesian_power_car_memE length_permute_list apply blast
+ using assms cartesian_power_car_memE'' permute_list_set by blast
+
+lemma permute_list_closed':
+ assumes "\<sigma> permutes {..<n}"
+ assumes "permute_list \<sigma> a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ apply (metis assms(2) cartesian_power_car_memE length_permute_list)
+ using assms cartesian_power_car_memE'[of "permute_list \<sigma> a" Q\<^sub>p n]
+ by (metis cartesian_power_car_memE in_set_conv_nth length_permute_list set_permute_list subsetI)
+
+lemma permute_list_compose_inv:
+ assumes "\<sigma> permutes {..<n}"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "permute_list \<sigma> (permute_list (fun_inv \<sigma>) a) = a"
+ "permute_list (fun_inv \<sigma>) (permute_list \<sigma> a) = a"
+ using assms apply (metis cartesian_power_car_memE fun_inv_permute(3) permute_list_compose permute_list_id)
+ using assms by (metis cartesian_power_car_memE fun_inv_permute(2) fun_inv_permute(1) permute_list_compose permute_list_id)
+
+lemma permutation_is_semialgebraic_imp_is_semialgebraic:
+ assumes "is_semialgebraic n (permute_list \<sigma> ` S)"
+ assumes "\<sigma> permutes {..<n}"
+ shows "is_semialgebraic n S"
+proof-
+ have "permute_list (fun_inv \<sigma>) ` (permute_list \<sigma> ` S) = S"
+ proof-
+ have 0: "(permute_list \<sigma> ` S) \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using assms unfolding is_semialgebraic_def semialg_sets_def
+ using gen_boolean_algebra_subset by blast
+ have 1: "S \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ proof fix x assume "x \<in> S" then show "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using 0 assms
+ by (meson image_subset_iff permute_list_closed')
+ qed
+ show ?thesis
+ proof show "permute_list (fun_inv \<sigma>) ` permute_list \<sigma> ` S \<subseteq> S"
+ using 0 assms permute_list_compose_inv[of \<sigma>] "1" image_iff image_subset_iff subsetD
+ by smt
+ show "S \<subseteq> permute_list (fun_inv \<sigma>) ` permute_list \<sigma> ` S"
+ using 0 assms permute_list_compose_inv[of \<sigma>]
+ by (smt "1" image_iff subset_eq)
+ qed
+ qed
+ then show ?thesis using permutation_is_semialgebraic
+ by (metis assms(1) assms(2) fun_inv_permute(1))
+qed
+
+lemma split_cartesian_product_is_semialgebraic:
+ assumes "i \<le> n"
+ assumes "is_semialgebraic n A"
+ assumes "is_semialgebraic m B"
+ shows "is_semialgebraic (n + m) (split_cartesian_product n m i A B)"
+ using assms cartesian_product_is_semialgebraic scp_permutes[of i n m]
+ permutation_is_semialgebraic[of "n + m" "cartesian_product A B" "(scp_permutation n m i)"]
+ unfolding split_cartesian_product_def
+ by blast
+
+definition reverse_val_relation_set where
+"reverse_val_relation_set = {as \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>). val (as ! 0) \<le> val (as ! 1)}"
+
+lemma Qp_2_car_memE:
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>)"
+ shows "x = [x!0, x!1]"
+proof-
+ have "length x = 2"
+ using assms cartesian_power_car_memE by blast
+ then show ?thesis
+ using pair_id by blast
+qed
+
+definition flip where
+"flip = (\<lambda>i::nat. (if i = 0 then 1 else (if i = 1 then 0 else i)))"
+
+lemma flip_permutes:
+"flip permutes {0,1}"
+ unfolding permutes_def flip_def
+ by (smt mem_simps(1))
+
+lemma flip_eval:
+"flip 0 = 1"
+"flip 1 = 0"
+ unfolding flip_def
+ by auto
+
+lemma flip_x:
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>)"
+ shows "permute_list flip x = [x!1, x!0]"
+proof-
+ have 0: "x = [x!0, x!1]"
+ using assms Qp_2_car_memE by blast
+ have 1: "length (permute_list flip x) = length [x!1, x!0]"
+ using 0 unfolding permute_list_def
+ by (metis length_Cons length_map map_nth)
+ have 2: "\<And>i. i < 2 \<Longrightarrow> permute_list flip x ! i = [x!1, x!0] ! i"
+ proof- fix i::nat assume A: "i < 2"
+ show "permute_list flip x ! i = [x!1, x!0] ! i"
+ using 0 unfolding permute_list_def
+ by (smt flip_eval(1) flip_eval(2) length_Cons length_greater_0_conv list.simps(8) map_upt_Suc numeral_nat(7) upt_rec)
+ qed
+ have "\<And>i. i < length x \<Longrightarrow> permute_list flip x ! i = [x!1, x!0] ! i"
+ proof-
+ have 0: "length x = 2"
+ using assms cartesian_power_car_memE by blast
+ show "\<And>i. i < length x \<Longrightarrow> permute_list flip x ! i = [x!1, x!0] ! i" using 2 unfolding 0
+ by blast
+ qed
+ thus ?thesis using 1
+ by (metis length_permute_list nth_equalityI)
+qed
+
+lemma permute_with_flip_closed:
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>2::nat\<^esup>)"
+ shows "permute_list flip x \<in> carrier (Q\<^sub>p\<^bsup>2::nat\<^esup>)"
+ apply(rule permute_list_closed)
+ using assms apply blast
+proof-
+ have "{0::nat, 1} = {..<2::nat}"
+ by auto
+ thus "flip permutes {..<2}"
+ using flip_permutes
+ by auto
+qed
+
+lemma reverse_val_relation_set_semialg:
+"is_semialgebraic 2 reverse_val_relation_set"
+proof-
+ have 1: "reverse_val_relation_set = permute_list flip ` val_relation_set"
+ apply(rule equalityI')
+ proof-
+ show " \<And>x. x \<in> reverse_val_relation_set \<Longrightarrow> x \<in> permute_list flip ` val_relation_set"
+ proof- fix x assume A: "x \<in> reverse_val_relation_set"
+ have 0: "permute_list flip x = [x ! 1, x ! 0]"
+ using flip_x[of x] A unfolding reverse_val_relation_set_def
+ by blast
+ have 1: "permute_list flip x \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>)"
+ apply(rule permute_with_flip_closed) using A unfolding reverse_val_relation_set_def by blast
+ have 2: "permute_list flip x \<in> val_relation_set"
+ using 1 A unfolding 0 reverse_val_relation_set_def val_relation_set_def mem_Collect_eq
+ by (metis Qp_2_car_memE list_hd list_tl)
+ show "x \<in> permute_list flip ` val_relation_set"
+ using flip_x[of x] A unfolding reverse_val_relation_set_def val_relation_set_def mem_Collect_eq
+ by (metis (no_types, lifting) "1" "2" Qp_2_car_memE flip_x image_eqI list_tl nth_Cons_0 val_relation_set_def)
+ qed
+ show "\<And>x. x \<in> permute_list flip ` val_relation_set \<Longrightarrow> x \<in> reverse_val_relation_set"
+ proof- fix x assume a: " x \<in> permute_list flip ` val_relation_set"
+ then obtain y where y_def: "y \<in> val_relation_set \<and>x = permute_list flip y"
+ by blast
+ have y_closed: "y \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>)"
+ using y_def basic_semialg_set_memE(1) val_relation_semialg by blast
+ have y_length: " length y = 2"
+ using y_def basic_semialg_set_memE val_relation_semialg
+ by (metis cartesian_power_car_memE)
+ obtain a b where ab_def: "y = [a,b]"
+ using y_length pair_id by blast
+ have 0: "a = y!0"
+ using ab_def
+ by (metis nth_Cons_0)
+ have 1: "b = y!1"
+ using ab_def
+ by (metis cancel_comm_monoid_add_class.diff_cancel eq_numeral_extra(2) nth_Cons')
+ have a_closed: "a \<in> carrier Q\<^sub>p"
+ using 0 y_closed unfolding 0
+ by (meson cartesian_power_car_memE' rel_simps(75) zero_order(5))
+ have b_closed: "b \<in> carrier Q\<^sub>p"
+ proof-
+ have "1 < (2::nat)" by linarith
+ thus ?thesis
+ using y_closed unfolding 1
+ by (meson cartesian_power_car_memE')
+ qed
+ have 2: "x = [b, a]" using flip_x[of y] y_def y_closed unfolding ab_def unfolding 0 1
+ using \<open>y \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>) \<Longrightarrow> permute_list flip y = [y ! 1, y ! 0]\<close> y_closed y_def by presburger
+ have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>)"
+ using y_def unfolding val_relation_set_def using permute_with_flip_closed[of y]
+ by blast
+ show " x \<in> reverse_val_relation_set"
+ using x_closed y_def
+ unfolding val_relation_set_def reverse_val_relation_set_def mem_Collect_eq 2 0 1
+ by (metis Qp_2_car_memE list_hd list_tl)
+ qed
+ qed
+ show ?thesis unfolding 1
+ apply(rule permutation_is_semialgebraic)
+ using val_relation_is_semialgebraic apply blast
+ using flip_permutes
+ by (metis Suc_1 insert_commute lessThan_0 lessThan_Suc numeral_nat(7))
+qed
+
+definition strict_val_relation_set where
+"strict_val_relation_set = {as \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>). val (as ! 0) < val (as ! 1)}"
+
+definition val_diag where
+"val_diag = {as \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>). val (as ! 0) = val (as ! 1)}"
+
+lemma val_diag_semialg:
+"is_semialgebraic 2 val_diag"
+proof-
+ have "val_diag = val_relation_set \<inter>reverse_val_relation_set"
+ apply(rule equalityI')
+ apply(rule IntI)
+ unfolding val_diag_def val_relation_set_def reverse_val_relation_set_def mem_Collect_eq
+ apply simp
+ apply simp
+ apply(erule IntE) unfolding mem_Collect_eq
+ using basic_trans_rules(24) by blast
+ then show ?thesis using intersection_is_semialg
+ by (simp add: reverse_val_relation_set_semialg val_relation_is_semialgebraic)
+qed
+
+lemma strict_val_relation_set_is_semialg:
+"is_semialgebraic 2 strict_val_relation_set"
+proof-
+ have 0: "strict_val_relation_set = reverse_val_relation_set - val_diag"
+ apply(rule equalityI')
+ apply(rule DiffI)
+ unfolding strict_val_relation_set_def val_diag_def val_relation_set_def reverse_val_relation_set_def mem_Collect_eq
+ using order_le_less apply blast
+ proof
+ show "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>) \<and> val (x ! 0) < val (x ! 1) \<Longrightarrow> x \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>) \<and> val (x ! 0) = val (x ! 1) \<Longrightarrow> False"
+ using order_less_le by blast
+ show " \<And>x. x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>). val (as ! 0) \<le> val (as ! 1)} - {as \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>). val (as ! 0) = val (as ! 1)} \<Longrightarrow>
+ x \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>) \<and> val (x ! 0) < val (x ! 1)"
+ apply(erule DiffE) unfolding mem_Collect_eq using order_le_less by blast
+ qed
+ show ?thesis unfolding 0
+ apply(rule diff_is_semialgebraic )
+ using reverse_val_relation_set_semialg apply blast
+ using val_diag_semialg by blast
+qed
+
+lemma singleton_length:
+ "length [a] = 1"
+ by auto
+
+lemma take_closed':
+ assumes "m > 0"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>m+l\<^esup>)"
+ shows "take m x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ apply(rule take_closed[of m "m+l"])
+ apply simp using assms by blast
+
+lemma triple_val_ineq_set_semialg:
+ shows "is_semialgebraic 3 {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!0) \<le> val (as!1) \<and> val (as!1) \<le> val (as!2)}"
+proof-
+ have 0: "is_semialgebraic 3 {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!0) \<le> val (as!1)}"
+ proof-
+ have 0: "{as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!0) \<le> val (as!1)} = cartesian_product (reverse_val_relation_set) (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"
+ proof(rule equalityI')
+ show " \<And>x. x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as ! 0) \<le> val (as ! 1)} \<Longrightarrow> x \<in> cartesian_product reverse_val_relation_set (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"
+ proof- fix x assume A: " x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as ! 0) \<le> val (as ! 1)}"
+ then have 0: "length x = 3" unfolding mem_Collect_eq
+ using cartesian_power_car_memE by blast
+ obtain a where a_def: "a = [x!0, x!1]"
+ by blast
+ have a_length: "length a = 2"
+ proof-
+ have "a = x!0 #[x!1]"
+ unfolding a_def
+ by blast
+ thus ?thesis using length_Cons[of "x!0" "[x!1]"] unfolding singleton_length[of "x!1"]
+ by presburger
+ qed
+ obtain b where b_def: "b = [x!2]"
+ by blast
+ have b_length: "length b = 1"
+ unfolding b_def singleton_length by auto
+ have a_closed: "a \<in> reverse_val_relation_set"
+ proof-
+ have 0: "a = take 2 x"
+ apply(rule nth_equalityI)
+ unfolding a_length 0 length_take[of 2 x]
+ apply linarith
+ proof- fix i::nat assume a: "i < 2" show "a ! i = take 2 x ! i "
+ apply(cases "i = 0")
+ apply (metis a_def nth_Cons_0 nth_take zero_less_numeral)
+ by (smt "0" \<open>length (take 2 x) = min (length x) 2\<close> a_def linorder_neqE_nat min.commute min.strict_order_iff nth_take numeral_eq_iff one_less_numeral_iff pair_id pos2 rel_simps(22) rel_simps(48) rel_simps(9) semiring_norm(81))
+ qed
+ have 1: "a \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>)"
+ apply(rule cartesian_power_car_memI')
+ apply (simp add: a_length)
+ unfolding 0 using A unfolding mem_Collect_eq
+ using cartesian_power_car_memE' by fastforce
+ show ?thesis using 1 A unfolding a_def reverse_val_relation_set_def A mem_Collect_eq
+ by (metis Qp_2_car_memE list_tl nth_Cons_0)
+ qed
+ have b_closed: "b \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ unfolding b_length apply blast
+ apply(rule subsetI)
+ unfolding b_def using A unfolding mem_Collect_eq using cartesian_power_car_memE'[of x Q\<^sub>p "3::nat" "2::nat"]
+ by (metis in_set_conv_nth le_numeral_extra(4) less_one numeral_le_iff numeral_less_iff padic_fields.singleton_length padic_fields_axioms semiring_norm(173) semiring_norm(79) Qp.to_R_to_R1)
+ have 2: "x = a@b"
+ apply(rule nth_equalityI)
+ using 0 unfolding a_length b_length length_append[of a b] apply presburger
+ proof- fix i assume A: "i < length x"
+ then have A1: "i < 3"
+ unfolding 0 by blast
+ show "x ! i = (a @ b) ! i"
+ apply(cases "i = 0")
+ apply (metis a_def append.simps(2) nth_Cons_0)
+ apply(cases "(i:: nat) = 1")
+ apply (simp add: a_def)
+
+ proof- assume a: "i \<noteq>0" "i \<noteq> 1"
+ then have "i = 2"
+ using A1 by presburger
+ thus ?thesis
+ by (metis a_length b_def nth_append_length)
+ qed
+ qed
+ have 3: "a = take 2 x"
+ apply(rule nth_equalityI)
+ unfolding a_length 0 length_take[of 2 x]
+ apply linarith
+ proof- fix i::nat assume a: "i < 2" show "a ! i = take 2 x ! i "
+ apply(cases "i = 0")
+ apply (metis a_def nth_Cons_0 nth_take zero_less_numeral)
+ by (smt "0" \<open>length (take 2 x) = min (length x) 2\<close> a_def linorder_neqE_nat min.commute min.strict_order_iff nth_take numeral_eq_iff one_less_numeral_iff pair_id pos2 rel_simps(22) rel_simps(48) rel_simps(9) semiring_norm(81))
+ qed
+ show " x \<in> cartesian_product reverse_val_relation_set (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"
+ apply(rule cartesian_product_memI[of _ Q\<^sub>p 2 _ 1])
+ apply (simp add: is_semialgebraic_closed reverse_val_relation_set_semialg)
+ apply blast
+ using 3 a_closed apply blast
+ proof-
+ have "drop 2 x = b"
+ unfolding 2 unfolding 3 using 0
+ by simp
+ then show "drop 2 x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ using b_closed by blast
+ qed
+ qed
+ show "\<And>x. x \<in> cartesian_product reverse_val_relation_set (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) \<Longrightarrow> x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as ! 0) \<le> val (as ! 1)}"
+ proof fix x assume A: "x \<in> cartesian_product reverse_val_relation_set (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"
+ then obtain a b where ab_def: "a \<in> reverse_val_relation_set" "b \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)" "x = a@b"
+ using cartesian_product_memE'[of x reverse_val_relation_set "carrier (Q\<^sub>p\<^bsup>1\<^esup>)"]
+ by metis
+ have a_length: "length a = 2"
+ using ab_def unfolding reverse_val_relation_set_def
+ using cartesian_power_car_memE by blast
+ have "(0::nat)< 2" by presburger
+ hence 0: "x!0 = a!0"
+ unfolding ab_def using a_length
+ by (metis append.simps(2) nth_Cons_0 pair_id)
+ have "(1::nat)< 2" by presburger
+ hence 1: "x!1 = a!1"
+ unfolding ab_def using a_length
+ by (metis append.simps(2) less_2_cases nth_Cons_0 nth_Cons_Suc pair_id)
+ obtain b' where b'_def: "b = [b']"
+ using ab_def cartesian_power_car_memE
+ by (metis (no_types, opaque_lifting) append_Cons append_Nil append_eq_append_conv min_list.cases singleton_length)
+ have b'_closed: "b' \<in> carrier Q\<^sub>p"
+ using b'_def ab_def cartesian_power_car_memE
+ by (metis Qp.R1_memE' list_hd)
+ have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>)"
+ using ab_def cartesian_power_append[of a Q\<^sub>p 2 b'] b'_def b'_closed
+ unfolding b'_def ab_def(3) reverse_val_relation_set_def mem_Collect_eq
+ by (metis Suc_1 eval_nat_numeral(3) plus_1_eq_Suc semiring_norm(164))
+ show "x \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>) \<and> val (x ! 0) \<le> val (x ! 1)"
+ using x_closed ab_def unfolding reverse_val_relation_set_def mem_Collect_eq 0 1 by blast
+ qed
+ qed
+ show ?thesis unfolding 0
+ using cartesian_product_is_semialgebraic[of 2 reverse_val_relation_set 1 "carrier (Q\<^sub>p\<^bsup>1\<^esup>)"]
+ by (simp add: carrier_is_semialgebraic reverse_val_relation_set_semialg)
+ qed
+ have 1: "is_semialgebraic 3 {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!1) \<le> val (as!2)}"
+ proof-
+ have 0: "{as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!1) \<le> val (as!2)} = cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) (reverse_val_relation_set)"
+ proof(rule equalityI')
+ show "\<And>x. x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as ! 1) \<le> val (as ! 2)} \<Longrightarrow> x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) reverse_val_relation_set"
+ proof-
+ fix x assume A: " x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as ! 1) \<le> val (as ! 2)}"
+ then have 0: "length x = 3" unfolding mem_Collect_eq
+ using cartesian_power_car_memE by blast
+ obtain a where a_def: "a = [x!1, x!2]"
+ by blast
+ have a_length: "length a = 2"
+ proof-
+ have "a = x!1 #[x!2]"
+ unfolding a_def
+ by blast
+ thus ?thesis using length_Cons[of "x!1" "[x!2]"] unfolding singleton_length[of "x!2"]
+ by presburger
+ qed
+ obtain b where b_def: "b = [x!0]"
+ by blast
+ have b_length: "length b = 1"
+ unfolding b_def singleton_length by auto
+ have a_closed: "a \<in> reverse_val_relation_set"
+ proof-
+ have 0: "a = drop 1 x"
+ apply(rule nth_equalityI)
+ unfolding a_length 0 length_drop[of 1 x]
+ apply linarith
+ proof- fix i::nat assume a: "i < 2" show " a ! i = drop 1 x ! i"
+ apply(cases "i = 0")
+ unfolding a_def using nth_drop[of 1 x i]
+ apply (metis (no_types, opaque_lifting) "0" a_def arith_extra_simps(6) diff_is_0_eq' eq_imp_le eq_numeral_extra(1) flip_def flip_eval(1) less_numeral_extra(1) less_one less_or_eq_imp_le nat_add_left_cancel_le nat_le_linear nat_less_le nth_Cons_0 nth_drop numeral_neq_zero trans_less_add2 zero_less_diff)
+ apply(cases "i = 1")
+ using nth_drop[of 1 x i] unfolding 0
+ apply (metis "0" a_def a_length list.simps(1) nat_1_add_1 nth_drop one_le_numeral pair_id semiring_norm(3))
+ using a by presburger
+ qed
+ have 1: "a \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>)"
+ using a_def A drop_closed[of 1 3 x Q\<^sub>p] unfolding 0 mem_Collect_eq
+ by (metis One_nat_def Suc_1 diff_Suc_1 numeral_3_eq_3 rel_simps(49) semiring_norm(77))
+ show ?thesis using 1 A unfolding a_def reverse_val_relation_set_def A mem_Collect_eq
+ by (metis Qp_2_car_memE list_tl nth_Cons_0)
+ qed
+ have b_closed: "b \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ unfolding b_length apply blast
+ apply(rule subsetI)
+ unfolding b_def using A unfolding mem_Collect_eq using cartesian_power_car_memE'[of x Q\<^sub>p "3::nat" "0::nat"]
+ by (metis b_def b_length in_set_conv_nth less_one Qp.to_R_to_R1 zero_less_numeral)
+ have 2: "x = b@a"
+ apply(rule nth_equalityI)
+ using 0 unfolding a_length b_length length_append[of b a] apply presburger
+ proof- fix i assume A: "i < length x"
+ then have A1: "i < 3"
+ unfolding 0 by blast
+ show "x ! i = (b @ a) ! i"
+ apply(cases "i = 0")
+ apply (metis append.simps(2) b_def nth_Cons_0)
+ apply(cases "(i:: nat) = (1::nat)")
+ using append.simps a_def nth_Cons
+ apply (metis b_length nth_append_length)
+ apply(cases "(i:: nat) = (2::nat)")
+ using A unfolding 0
+ apply (metis a_def a_length arith_special(3) b_length list.inject nth_append_length_plus pair_id)
+ proof- assume A0: "i \<noteq>0" "i \<noteq> 1" "i \<noteq>2"
+ then have "i \<ge> 3" by presburger
+ then show "x ! i = (b @ a) ! i"
+ using A unfolding 0 by presburger
+ qed
+ qed
+ have 3: "a = drop 1 x"
+ apply(rule nth_equalityI)
+ unfolding a_length 0 length_drop[of 1 x]
+ apply linarith
+ proof- fix i::nat assume a: "i < 2" show " a ! i = drop 1 x ! i"
+ apply(cases "i = 0")
+ unfolding a_def using nth_drop[of 1 x i]
+ apply (metis (no_types, opaque_lifting) "0" a_def arith_extra_simps(6) diff_is_0_eq' eq_imp_le eq_numeral_extra(1) flip_def flip_eval(1) less_numeral_extra(1) less_one less_or_eq_imp_le nat_add_left_cancel_le nat_le_linear nat_less_le nth_Cons_0 nth_drop numeral_neq_zero trans_less_add2 zero_less_diff)
+ apply(cases "i = 1")
+ using nth_drop[of 1 x i] unfolding 0
+ apply (metis "0" a_def a_length list.simps(1) nat_1_add_1 nth_drop one_le_numeral pair_id semiring_norm(3))
+ using a by presburger
+ qed
+ show "x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) reverse_val_relation_set"
+ apply(rule cartesian_product_memI[of _ Q\<^sub>p 1 _ 2])
+ apply (simp add: is_semialgebraic_closed reverse_val_relation_set_semialg)
+ using reverse_val_relation_set_def apply blast
+ using take_closed[of 1 3 x] A unfolding mem_Collect_eq apply auto[1]
+ using a_closed unfolding 3 by blast
+ qed
+ show "\<And>x. x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) reverse_val_relation_set \<Longrightarrow> x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as ! 1) \<le> val (as ! 2)}"
+ proof fix x assume A: "x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) reverse_val_relation_set "
+ then obtain a b where ab_def: "a \<in> reverse_val_relation_set" "b \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)" "x = b@a"
+ using cartesian_product_memE'[of x "carrier (Q\<^sub>p\<^bsup>1\<^esup>)" reverse_val_relation_set]
+ by metis
+ have a_length: "length a = 2"
+ using ab_def unfolding reverse_val_relation_set_def
+ using cartesian_power_car_memE by blast
+ obtain b' where b'_def: "b = [b']"
+ using ab_def cartesian_power_car_memE
+ by (metis (no_types, opaque_lifting) append_Cons append_Nil append_eq_append_conv min_list.cases singleton_length)
+ have b'_closed: "b' \<in> carrier Q\<^sub>p"
+ using b'_def ab_def cartesian_power_car_memE
+ by (metis Qp.R1_memE' list_hd)
+ have b_length: "length b = 1"
+ by (simp add: b'_def)
+ have x_id: "x = b'#a"
+ unfolding ab_def b'_def by auto
+ have "(1::nat)< 2" by presburger
+ hence 0: "x!1 = a!0"
+ unfolding ab_def b'_def using a_length
+ by (metis b'_def b_length nth_append_length pair_id)
+ have 00: "2 = Suc 1"
+ by auto
+ have 1: "x!2 = a!1"
+ using a_length nth_Cons[of b' a "2::nat"]
+ unfolding x_id 00
+ by (meson nth_Cons_Suc)
+ have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>)"
+ unfolding x_id b'_def using b'_closed cartesian_power_cons[of a Q\<^sub>p 2 b'] ab_def
+ unfolding reverse_val_relation_set_def mem_Collect_eq
+ using eval_nat_numeral(3) semiring_norm(175) by presburger
+
+ show "x \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>) \<and> val (x ! 1) \<le> val (x ! 2)"
+ using x_closed ab_def unfolding reverse_val_relation_set_def mem_Collect_eq 0 1 by blast
+ qed
+ qed
+ show ?thesis unfolding 0
+ using cartesian_product_is_semialgebraic[of 2 reverse_val_relation_set 1 "carrier (Q\<^sub>p\<^bsup>1\<^esup>)"]
+ by (metis add_num_simps(2) car_times_semialg_is_semialg one_plus_numeral reverse_val_relation_set_semialg)
+ qed
+ have 2: "{as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!0) \<le> val (as!1) \<and> val (as!1) \<le> val (as!2)}=
+ {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!0) \<le> val (as!1)} \<inter> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!1) \<le> val (as!2)}"
+ by blast
+ show ?thesis using intersection_is_semialg 0 1 unfolding 2 by blast
+qed
+
+lemma triple_val_ineq_set_semialg':
+ shows "is_semialgebraic 3 {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!0) \<le> val (as!1) \<and> val (as!1) < val (as!2)}"
+proof-
+ have 0: "is_semialgebraic 3 {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!0) \<le> val (as!1)}"
+ proof-
+ have 0: "{as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!0) \<le> val (as!1)} = cartesian_product (reverse_val_relation_set) (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"
+ proof(rule equalityI')
+ show " \<And>x. x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as ! 0) \<le> val (as ! 1)} \<Longrightarrow> x \<in> cartesian_product reverse_val_relation_set (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"
+ proof- fix x assume A: " x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as ! 0) \<le> val (as ! 1)}"
+ then have 0: "length x = 3" unfolding mem_Collect_eq
+ using cartesian_power_car_memE by blast
+ obtain a where a_def: "a = [x!0, x!1]"
+ by blast
+ have a_length: "length a = 2"
+ proof-
+ have "a = x!0 #[x!1]"
+ unfolding a_def
+ by blast
+ thus ?thesis using length_Cons[of "x!0" "[x!1]"] unfolding singleton_length[of "x!1"]
+ by presburger
+ qed
+ obtain b where b_def: "b = [x!2]"
+ by blast
+ have b_length: "length b = 1"
+ unfolding b_def singleton_length by auto
+ have a_closed: "a \<in> reverse_val_relation_set"
+ proof-
+ have 0: "a = take 2 x"
+ apply(rule nth_equalityI)
+ unfolding a_length 0 length_take[of 2 x]
+ apply linarith
+ proof- fix i::nat assume a: "i < 2" show "a ! i = take 2 x ! i "
+ apply(cases "i = 0")
+ apply (metis a_def nth_Cons_0 nth_take zero_less_numeral)
+ by (smt "0" \<open>length (take 2 x) = min (length x) 2\<close> a_def linorder_neqE_nat min.commute min.strict_order_iff nth_take numeral_eq_iff one_less_numeral_iff pair_id pos2 rel_simps(22) rel_simps(48) rel_simps(9) semiring_norm(81))
+ qed
+ have 1: "a \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>)"
+ using a_def 0 A unfolding mem_Collect_eq
+ by (metis le_numeral_extra(4) take_closed numeral_le_iff semiring_norm(173) semiring_norm(72))
+ show ?thesis using 1 A unfolding a_def reverse_val_relation_set_def A mem_Collect_eq
+ by (metis Qp_2_car_memE list_tl nth_Cons_0)
+ qed
+ have b_closed: "b \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ unfolding b_length apply blast
+ apply(rule subsetI)
+ unfolding b_def using A unfolding mem_Collect_eq using cartesian_power_car_memE'[of x Q\<^sub>p "3::nat" "2::nat"]
+ by (metis in_set_conv_nth le_numeral_extra(4) less_one numeral_le_iff numeral_less_iff padic_fields.singleton_length padic_fields_axioms semiring_norm(173) semiring_norm(79) Qp.to_R_to_R1)
+ have 2: "x = a@b"
+ apply(rule nth_equalityI)
+ using 0 unfolding a_length b_length length_append[of a b] apply presburger
+ proof- fix i assume A: "i < length x"
+ then have A1: "i < 3"
+ unfolding 0 by blast
+ show "x ! i = (a @ b) ! i"
+ apply(cases "i = 0")
+ apply (metis a_def append.simps(2) nth_Cons_0)
+ apply(cases "(i:: nat) = 1")
+ apply (simp add: a_def)
+ proof- assume a: "i \<noteq>0" "i \<noteq> 1"
+ then have "i = 2"
+ using A1 by presburger
+ thus ?thesis
+ by (metis a_length b_def nth_append_length)
+ qed
+ qed
+ have 3: "a = take 2 x"
+ apply(rule nth_equalityI)
+ unfolding a_length 0 length_take[of 2 x]
+ apply linarith
+ proof- fix i::nat assume a: "i < 2" show "a ! i = take 2 x ! i "
+ apply(cases "i = 0")
+ apply (metis a_def nth_Cons_0 nth_take zero_less_numeral)
+ by (smt "0" \<open>length (take 2 x) = min (length x) 2\<close> a_def linorder_neqE_nat min.commute min.strict_order_iff nth_take numeral_eq_iff one_less_numeral_iff pair_id pos2 rel_simps(22) rel_simps(48) rel_simps(9) semiring_norm(81))
+ qed
+ show " x \<in> cartesian_product reverse_val_relation_set (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"
+ apply(rule cartesian_product_memI[of _ Q\<^sub>p 2 _ 1])
+ apply (simp add: is_semialgebraic_closed reverse_val_relation_set_semialg)
+ apply blast
+ using 3 a_closed apply blast
+ proof-
+ have "drop 2 x = b"
+ unfolding 2 unfolding 3 using 0
+ by simp
+ then show "drop 2 x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ using b_closed by blast
+ qed
+ qed
+ show "\<And>x. x \<in> cartesian_product reverse_val_relation_set (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) \<Longrightarrow> x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as ! 0) \<le> val (as ! 1)}"
+ proof fix x assume A: "x \<in> cartesian_product reverse_val_relation_set (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"
+ then obtain a b where ab_def: "a \<in> reverse_val_relation_set" "b \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)" "x = a@b"
+ using cartesian_product_memE'[of x reverse_val_relation_set "carrier (Q\<^sub>p\<^bsup>1\<^esup>)"]
+ by metis
+ have a_length: "length a = 2"
+ using ab_def unfolding reverse_val_relation_set_def
+ using cartesian_power_car_memE by blast
+ have "(0::nat)< 2" by presburger
+ hence 0: "x!0 = a!0"
+ unfolding ab_def using a_length
+ by (metis append.simps(2) nth_Cons_0 pair_id)
+ have "(1::nat)< 2" by presburger
+ hence 1: "x!1 = a!1"
+ unfolding ab_def using a_length
+ by (metis append.simps(2) less_2_cases nth_Cons_0 nth_Cons_Suc pair_id)
+ obtain b' where b'_def: "b = [b']"
+ using ab_def cartesian_power_car_memE
+ by (metis (no_types, opaque_lifting) append_Cons append_Nil append_eq_append_conv min_list.cases singleton_length)
+ have b'_closed: "b' \<in> carrier Q\<^sub>p"
+ using b'_def ab_def cartesian_power_car_memE
+ by (metis Qp.R1_memE' list_hd)
+ have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>)"
+ using ab_def cartesian_power_append[of a Q\<^sub>p 2 b'] b'_def b'_closed
+ unfolding b'_def ab_def(3) reverse_val_relation_set_def mem_Collect_eq
+ by (metis Suc_1 eval_nat_numeral(3) plus_1_eq_Suc semiring_norm(164))
+ show "x \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>) \<and> val (x ! 0) \<le> val (x ! 1)"
+ using x_closed ab_def unfolding reverse_val_relation_set_def mem_Collect_eq 0 1 by blast
+ qed
+ qed
+ show ?thesis unfolding 0
+ using cartesian_product_is_semialgebraic[of 2 reverse_val_relation_set 1 "carrier (Q\<^sub>p\<^bsup>1\<^esup>)"]
+ by (simp add: carrier_is_semialgebraic reverse_val_relation_set_semialg)
+ qed
+ have 1: "is_semialgebraic 3 {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!1) < val (as!2)}"
+ proof-
+ have 0: "{as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!1) < val (as!2)} = cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) (strict_val_relation_set)"
+ proof(rule equalityI')
+ show "\<And>x. x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as ! 1) < val (as ! 2)} \<Longrightarrow> x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) strict_val_relation_set"
+ proof- fix x assume A: " x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as ! 1) < val (as ! 2)}"
+ then have 0: "length x = 3" unfolding mem_Collect_eq
+ using cartesian_power_car_memE by blast
+ obtain a where a_def: "a = [x!1, x!2]"
+ by blast
+ have a_length: "length a = 2"
+ proof-
+ have "a = x!1 #[x!2]"
+ unfolding a_def
+ by blast
+ thus ?thesis using length_Cons[of "x!1" "[x!2]"] unfolding singleton_length[of "x!2"]
+ by presburger
+ qed
+ obtain b where b_def: "b = [x!0]"
+ by blast
+ have b_length: "length b = 1"
+ unfolding b_def singleton_length by auto
+ have a_closed: "a \<in> strict_val_relation_set"
+ proof-
+ have 0: "a = drop 1 x"
+ apply(rule nth_equalityI)
+ unfolding a_length 0 length_drop[of 1 x]
+ apply linarith
+ proof- fix i::nat assume a: "i < 2" show " a ! i = drop 1 x ! i"
+ apply(cases "i = 0")
+ unfolding a_def using nth_drop[of 1 x i]
+ apply (metis (no_types, opaque_lifting) "0" a_def arith_extra_simps(6) diff_is_0_eq' eq_imp_le eq_numeral_extra(1) flip_def flip_eval(1) less_numeral_extra(1) less_one less_or_eq_imp_le nat_add_left_cancel_le nat_le_linear nat_less_le nth_Cons_0 nth_drop numeral_neq_zero trans_less_add2 zero_less_diff)
+ apply(cases "i = 1")
+ using nth_drop[of 1 x i] unfolding 0
+ apply (metis "0" a_def a_length list.simps(1) nat_1_add_1 nth_drop one_le_numeral pair_id semiring_norm(3))
+ using a by presburger
+ qed
+ have 1: "a \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>)"
+ using a_def A drop_closed[of 1 3 x Q\<^sub>p] unfolding 0 mem_Collect_eq
+ by (metis One_nat_def Suc_1 diff_Suc_1 numeral_3_eq_3 rel_simps(49) semiring_norm(77))
+ show ?thesis using 1 A unfolding a_def strict_val_relation_set_def A mem_Collect_eq
+ by (metis Qp_2_car_memE list_tl nth_Cons_0)
+ qed
+ have b_closed: "b \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ unfolding b_length apply blast
+ apply(rule subsetI)
+ unfolding b_def using A unfolding mem_Collect_eq using cartesian_power_car_memE'[of x Q\<^sub>p "3::nat" "0::nat"]
+ by (metis b_def b_length in_set_conv_nth less_one Qp.to_R_to_R1 zero_less_numeral)
+ have 2: "x = b@a"
+ apply(rule nth_equalityI)
+ using 0 unfolding a_length b_length length_append[of b a] apply presburger
+ proof- fix i assume A: "i < length x"
+ then have A1: "i < 3"
+ unfolding 0 by blast
+ show "x ! i = (b @ a) ! i"
+ apply(cases "i = 0")
+ apply (metis append.simps(2) b_def nth_Cons_0)
+ apply(cases "(i:: nat) = (1::nat)")
+ using append.simps a_def nth_Cons
+ apply (metis b_length nth_append_length)
+ apply(cases "(i:: nat) = (2::nat)")
+ using A unfolding 0
+ apply (metis a_def a_length arith_special(3) b_length list.inject nth_append_length_plus pair_id)
+ proof- assume A0: "i \<noteq>0" "i \<noteq> 1" "i \<noteq>2"
+ then have "i \<ge> 3" by presburger
+ then show "x ! i = (b @ a) ! i"
+ using A unfolding 0 by presburger
+ qed
+ qed
+ have 3: "a = drop 1 x"
+ apply(rule nth_equalityI)
+ unfolding a_length 0 length_drop[of 1 x]
+ apply linarith
+ proof- fix i::nat assume a: "i < 2" show " a ! i = drop 1 x ! i"
+ apply(cases "i = 0")
+ unfolding a_def using nth_drop[of 1 x i]
+ apply (metis (no_types, opaque_lifting) "0" a_def arith_extra_simps(6) diff_is_0_eq' eq_imp_le eq_numeral_extra(1) flip_def flip_eval(1) less_numeral_extra(1) less_one less_or_eq_imp_le nat_add_left_cancel_le nat_le_linear nat_less_le nth_Cons_0 nth_drop numeral_neq_zero trans_less_add2 zero_less_diff)
+ apply(cases "i = 1")
+ using nth_drop[of 1 x i] unfolding 0
+ apply (metis "0" a_def a_length list.simps(1) nat_1_add_1 nth_drop one_le_numeral pair_id semiring_norm(3))
+ using a by presburger
+ qed
+ show "x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) strict_val_relation_set"
+ apply(rule cartesian_product_memI[of _ Q\<^sub>p 1 _ 2])
+ apply (simp add: is_semialgebraic_closed strict_val_relation_set_is_semialg)
+ using strict_val_relation_set_def apply blast
+ using take_closed[of 1 3 x Q\<^sub>p] A unfolding mem_Collect_eq apply auto[1]
+ using a_closed unfolding 3 by blast
+ qed
+ show "\<And>x. x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) strict_val_relation_set \<Longrightarrow> x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as ! 1) < val (as ! 2)}"
+ proof fix x assume A: "x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) strict_val_relation_set "
+ then obtain a b where ab_def: "a \<in> strict_val_relation_set" "b \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)" "x = b@a"
+ using cartesian_product_memE'[of x "carrier (Q\<^sub>p\<^bsup>1\<^esup>)" strict_val_relation_set]
+ by metis
+ have a_length: "length a = 2"
+ using ab_def unfolding strict_val_relation_set_def
+ using cartesian_power_car_memE by blast
+ obtain b' where b'_def: "b = [b']"
+ using ab_def cartesian_power_car_memE
+ by (metis (no_types, opaque_lifting) append_Cons append_Nil append_eq_append_conv min_list.cases singleton_length)
+ have b'_closed: "b' \<in> carrier Q\<^sub>p"
+ using b'_def ab_def cartesian_power_car_memE
+ by (metis Qp.R1_memE' list_hd)
+ have b_length: "length b = 1"
+ by (simp add: b'_def)
+ have x_id: "x = b'#a"
+ unfolding ab_def b'_def by auto
+ have "(1::nat)< 2" by presburger
+ hence 0: "x!1 = a!0"
+ unfolding ab_def b'_def using a_length
+ by (metis b'_def b_length nth_append_length pair_id)
+ have 00: "2 = Suc 1"
+ by auto
+ have 1: "x!2 = a!1"
+ using a_length nth_Cons[of b' a "2::nat"]
+ unfolding x_id 00
+ by (meson nth_Cons_Suc)
+ have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>)"
+ unfolding x_id b'_def using b'_closed cartesian_power_cons[of a Q\<^sub>p 2 b'] ab_def
+ unfolding strict_val_relation_set_def mem_Collect_eq
+ using eval_nat_numeral(3) semiring_norm(175) by presburger
+
+ show "x \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>) \<and> val (x ! 1) < val (x ! 2)"
+ using x_closed ab_def unfolding strict_val_relation_set_def mem_Collect_eq 0 1 by blast
+ qed
+ qed
+ show ?thesis unfolding 0
+ using cartesian_product_is_semialgebraic[of 2 reverse_val_relation_set 1 "carrier (Q\<^sub>p\<^bsup>1\<^esup>)"]
+ by (metis add_num_simps(2) car_times_semialg_is_semialg one_plus_numeral strict_val_relation_set_is_semialg)
+ qed
+ have 2: "{as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!0) \<le> val (as!1) \<and> val (as!1) < val (as!2)}=
+ {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!0) \<le> val (as!1)} \<inter> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!1) < val (as!2)}"
+ by blast
+ show ?thesis using intersection_is_semialg 0 1 unfolding 2 by blast
+qed
+
+lemma triple_val_ineq_set_semialg'':
+ shows "is_semialgebraic 3 {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!1) < val (as!2)}"
+proof-
+ have 0: "{as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!1) < val (as!2)} = cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) (strict_val_relation_set)"
+ proof(rule equalityI')
+ show "\<And>x. x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as ! 1) < val (as ! 2)} \<Longrightarrow> x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) strict_val_relation_set"
+ proof- fix x assume A: " x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as ! 1) < val (as ! 2)}"
+ then have 0: "length x = 3" unfolding mem_Collect_eq
+ using cartesian_power_car_memE by blast
+ obtain a where a_def: "a = [x!1, x!2]"
+ by blast
+ have a_length: "length a = 2"
+ proof-
+ have "a = x!1 #[x!2]"
+ unfolding a_def
+ by blast
+ thus ?thesis using length_Cons[of "x!1" "[x!2]"] unfolding singleton_length[of "x!2"]
+ by presburger
+ qed
+ obtain b where b_def: "b = [x!0]"
+ by blast
+ have b_length: "length b = 1"
+ unfolding b_def singleton_length by auto
+ have a_closed: "a \<in> strict_val_relation_set"
+ proof-
+ have 0: "a = drop 1 x"
+ apply(rule nth_equalityI)
+ unfolding a_length 0 length_drop[of 1 x]
+ apply linarith
+ proof- fix i::nat assume a: "i < 2" show " a ! i = drop 1 x ! i"
+ apply(cases "i = 0")
+ unfolding a_def using nth_drop[of 1 x i]
+ apply (metis (no_types, opaque_lifting) "0" a_def arith_extra_simps(6) diff_is_0_eq' eq_imp_le eq_numeral_extra(1) flip_def flip_eval(1) less_numeral_extra(1) less_one less_or_eq_imp_le nat_add_left_cancel_le nat_le_linear nat_less_le nth_Cons_0 nth_drop numeral_neq_zero trans_less_add2 zero_less_diff)
+ apply(cases "i = 1")
+ using nth_drop[of 1 x i] unfolding 0
+ apply (metis "0" a_def a_length list.simps(1) nat_1_add_1 nth_drop one_le_numeral pair_id semiring_norm(3))
+ using a by presburger
+ qed
+ have 1: "a \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>)"
+ using a_def A drop_closed[of 1 3 x Q\<^sub>p] unfolding 0 mem_Collect_eq
+ by (metis One_nat_def Suc_1 diff_Suc_1 numeral_3_eq_3 rel_simps(49) semiring_norm(77))
+ show ?thesis using 1 A unfolding a_def strict_val_relation_set_def A mem_Collect_eq
+ by (metis Qp_2_car_memE list_tl nth_Cons_0)
+ qed
+ have b_closed: "b \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ unfolding b_length apply blast
+ apply(rule subsetI)
+ unfolding b_def using A unfolding mem_Collect_eq using cartesian_power_car_memE'[of x Q\<^sub>p "3::nat" "0::nat"]
+ by (metis b_def b_length in_set_conv_nth less_one Qp.to_R_to_R1 zero_less_numeral)
+ have 2: "x = b@a"
+ apply(rule nth_equalityI)
+ using 0 unfolding a_length b_length length_append[of b a] apply presburger
+ proof- fix i assume A: "i < length x"
+ then have A1: "i < 3"
+ unfolding 0 by blast
+ show "x ! i = (b @ a) ! i"
+ apply(cases "i = 0")
+ apply (metis append.simps(2) b_def nth_Cons_0)
+ apply(cases "(i:: nat) = (1::nat)")
+ using append.simps a_def nth_Cons
+ apply (metis b_length nth_append_length)
+ apply(cases "(i:: nat) = (2::nat)")
+ using A unfolding 0
+ apply (metis a_def a_length arith_special(3) b_length list.inject nth_append_length_plus pair_id)
+ proof- assume A0: "i \<noteq>0" "i \<noteq> 1" "i \<noteq>2"
+ then have "i \<ge> 3" by presburger
+ then show "x ! i = (b @ a) ! i"
+ using A unfolding 0 by presburger
+ qed
+ qed
+ have 3: "a = drop 1 x"
+ apply(rule nth_equalityI)
+ unfolding a_length 0 length_drop[of 1 x]
+ apply linarith
+ proof- fix i::nat assume a: "i < 2" show " a ! i = drop 1 x ! i"
+ apply(cases "i = 0")
+ unfolding a_def using nth_drop[of 1 x i]
+ apply (metis (no_types, opaque_lifting) "0" a_def arith_extra_simps(6) diff_is_0_eq' eq_imp_le eq_numeral_extra(1) flip_def flip_eval(1) less_numeral_extra(1) less_one less_or_eq_imp_le nat_add_left_cancel_le nat_le_linear nat_less_le nth_Cons_0 nth_drop numeral_neq_zero trans_less_add2 zero_less_diff)
+ apply(cases "i = 1")
+ using nth_drop[of 1 x i] unfolding 0
+ apply (metis "0" a_def a_length list.simps(1) nat_1_add_1 nth_drop one_le_numeral pair_id semiring_norm(3))
+ using a by presburger
+ qed
+ show "x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) strict_val_relation_set"
+ apply(rule cartesian_product_memI[of _ Q\<^sub>p 1 _ 2])
+ apply (simp add: is_semialgebraic_closed strict_val_relation_set_is_semialg)
+ using strict_val_relation_set_def apply blast
+ using take_closed[of 1 3 x] A unfolding mem_Collect_eq
+ using one_le_numeral apply blast
+ using a_closed unfolding 3 by blast
+ qed
+ show "\<And>x. x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) strict_val_relation_set \<Longrightarrow> x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as ! 1) < val (as ! 2)}"
+ proof fix x assume A: "x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) strict_val_relation_set "
+ then obtain a b where ab_def: "a \<in> strict_val_relation_set" "b \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)" "x = b@a"
+ using cartesian_product_memE'[of x "carrier (Q\<^sub>p\<^bsup>1\<^esup>)" strict_val_relation_set]
+ by metis
+ have a_length: "length a = 2"
+ using ab_def unfolding strict_val_relation_set_def
+ using cartesian_power_car_memE by blast
+ obtain b' where b'_def: "b = [b']"
+ using ab_def cartesian_power_car_memE
+ by (metis (no_types, opaque_lifting) append_Cons append_Nil append_eq_append_conv min_list.cases singleton_length)
+ have b'_closed: "b' \<in> carrier Q\<^sub>p"
+ using b'_def ab_def cartesian_power_car_memE
+ by (metis Qp.R1_memE' list_hd)
+ have b_length: "length b = 1"
+ by (simp add: b'_def)
+ have x_id: "x = b'#a"
+ unfolding ab_def b'_def by auto
+ have "(1::nat)< 2" by presburger
+ hence 0: "x!1 = a!0"
+ unfolding ab_def b'_def using a_length
+ by (metis b'_def b_length nth_append_length pair_id)
+ have 00: "2 = Suc 1"
+ by auto
+ have 1: "x!2 = a!1"
+ using a_length nth_Cons[of b' a "2::nat"]
+ unfolding x_id 00
+ by (meson nth_Cons_Suc)
+ have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>)"
+ unfolding x_id b'_def using b'_closed cartesian_power_cons[of a Q\<^sub>p 2 b'] ab_def
+ unfolding strict_val_relation_set_def mem_Collect_eq
+ using eval_nat_numeral(3) semiring_norm(175) by presburger
+
+ show "x \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>) \<and> val (x ! 1) < val (x ! 2)"
+ using x_closed ab_def unfolding strict_val_relation_set_def mem_Collect_eq 0 1 by blast
+ qed
+ qed
+ show ?thesis unfolding 0
+ using cartesian_product_is_semialgebraic[of 2 reverse_val_relation_set 1 "carrier (Q\<^sub>p\<^bsup>1\<^esup>)"]
+ by (metis add_num_simps(2) car_times_semialg_is_semialg one_plus_numeral strict_val_relation_set_is_semialg)
+qed
+
+lemma triple_val_ineq_set_semialg''':
+ shows "is_semialgebraic 3 {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!1) \<le> val (as!2)}"
+proof-
+ have 0: "{as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as!1) \<le> val (as!2)} = cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) (reverse_val_relation_set)"
+ proof(rule equalityI')
+ show "\<And>x. x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as ! 1) \<le> val (as ! 2)} \<Longrightarrow> x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) reverse_val_relation_set"
+ proof- fix x assume A: " x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as ! 1) \<le> val (as ! 2)}"
+ then have 0: "length x = 3" unfolding mem_Collect_eq
+ using cartesian_power_car_memE by blast
+ obtain a where a_def: "a = [x!1, x!2]"
+ by blast
+ have a_length: "length a = 2"
+ proof-
+ have "a = x!1 #[x!2]"
+ unfolding a_def
+ by blast
+ thus ?thesis using length_Cons[of "x!1" "[x!2]"] unfolding singleton_length[of "x!2"]
+ by presburger
+ qed
+ obtain b where b_def: "b = [x!0]"
+ by blast
+ have b_length: "length b = 1"
+ unfolding b_def singleton_length by auto
+ have a_closed: "a \<in> reverse_val_relation_set"
+ proof-
+ have 0: "a = drop 1 x"
+ apply(rule nth_equalityI)
+ unfolding a_length 0 length_drop[of 1 x]
+ apply linarith
+ proof- fix i::nat assume a: "i < 2" show " a ! i = drop 1 x ! i"
+ apply(cases "i = 0")
+ unfolding a_def using nth_drop[of 1 x i]
+ apply (metis (no_types, opaque_lifting) "0" a_def arith_extra_simps(6) diff_is_0_eq' eq_imp_le eq_numeral_extra(1) flip_def flip_eval(1) less_numeral_extra(1) less_one less_or_eq_imp_le nat_add_left_cancel_le nat_le_linear nat_less_le nth_Cons_0 nth_drop numeral_neq_zero trans_less_add2 zero_less_diff)
+ apply(cases "i = 1")
+ using nth_drop[of 1 x i] unfolding 0
+ apply (metis "0" a_def a_length list.simps(1) nat_1_add_1 nth_drop one_le_numeral pair_id semiring_norm(3))
+ using a by presburger
+ qed
+ have 1: "a \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>)"
+ using a_def A drop_closed[of 1 3 x Q\<^sub>p] unfolding 0 mem_Collect_eq
+ by (metis One_nat_def Suc_1 diff_Suc_1 numeral_3_eq_3 rel_simps(49) semiring_norm(77))
+ show ?thesis using 1 A unfolding a_def reverse_val_relation_set_def A mem_Collect_eq
+ by (metis Qp_2_car_memE list_tl nth_Cons_0)
+ qed
+ have b_closed: "b \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ unfolding b_length apply blast
+ apply(rule subsetI)
+ unfolding b_def using A unfolding mem_Collect_eq using cartesian_power_car_memE'[of x Q\<^sub>p "3::nat" "0::nat"]
+ by (metis b_def b_length in_set_conv_nth less_one Qp.to_R_to_R1 zero_less_numeral)
+ have 2: "x = b@a"
+ apply(rule nth_equalityI)
+ using 0 unfolding a_length b_length length_append[of b a] apply presburger
+ proof- fix i assume A: "i < length x"
+ then have A1: "i < 3"
+ unfolding 0 by blast
+ show "x ! i = (b @ a) ! i"
+ apply(cases "i = 0")
+ apply (metis append.simps(2) b_def nth_Cons_0)
+ apply(cases "(i:: nat) = (1::nat)")
+ using append.simps a_def nth_Cons
+ apply (metis b_length nth_append_length)
+ apply(cases "(i:: nat) = (2::nat)")
+ using A unfolding 0
+ apply (metis a_def a_length arith_special(3) b_length list.inject nth_append_length_plus pair_id)
+ proof- assume A0: "i \<noteq>0" "i \<noteq> 1" "i \<noteq>2"
+ then have "i \<ge> 3" by presburger
+ then show "x ! i = (b @ a) ! i"
+ using A unfolding 0 by presburger
+ qed
+ qed
+ have 3: "a = drop 1 x"
+ apply(rule nth_equalityI)
+ unfolding a_length 0 length_drop[of 1 x]
+ apply linarith
+ proof- fix i::nat assume a: "i < 2" show " a ! i = drop 1 x ! i"
+ apply(cases "i = 0")
+ unfolding a_def using nth_drop[of 1 x i]
+ apply (metis (no_types, opaque_lifting) "0" a_def arith_extra_simps(6) diff_is_0_eq' eq_imp_le eq_numeral_extra(1) flip_def flip_eval(1) less_numeral_extra(1) less_one less_or_eq_imp_le nat_add_left_cancel_le nat_le_linear nat_less_le nth_Cons_0 nth_drop numeral_neq_zero trans_less_add2 zero_less_diff)
+ apply(cases "i = 1")
+ using nth_drop[of 1 x i] unfolding 0
+ apply (metis "0" a_def a_length list.simps(1) nat_1_add_1 nth_drop one_le_numeral pair_id semiring_norm(3))
+ using a by presburger
+ qed
+ show "x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) reverse_val_relation_set"
+ apply(rule cartesian_product_memI[of _ Q\<^sub>p 1 _ 2])
+ apply (simp add: is_semialgebraic_closed reverse_val_relation_set_semialg)
+ using reverse_val_relation_set_def apply blast
+ using take_closed[of 1 3 x] A unfolding mem_Collect_eq apply auto[1]
+ using a_closed unfolding 3 by blast
+ qed
+ show "\<And>x. x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) reverse_val_relation_set \<Longrightarrow> x \<in> {as \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>). val (as ! 1) \<le> val (as ! 2)}"
+ proof fix x assume A: "x \<in> cartesian_product (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) reverse_val_relation_set "
+ then obtain a b where ab_def: "a \<in> reverse_val_relation_set" "b \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)" "x = b@a"
+ using cartesian_product_memE'[of x "carrier (Q\<^sub>p\<^bsup>1\<^esup>)" reverse_val_relation_set]
+ by metis
+ have a_length: "length a = 2"
+ using ab_def unfolding reverse_val_relation_set_def
+ using cartesian_power_car_memE by blast
+ obtain b' where b'_def: "b = [b']"
+ using ab_def cartesian_power_car_memE
+ by (metis (no_types, opaque_lifting) append_Cons append_Nil append_eq_append_conv min_list.cases singleton_length)
+ have b'_closed: "b' \<in> carrier Q\<^sub>p"
+ using b'_def ab_def cartesian_power_car_memE
+ by (metis Qp.R1_memE' list_hd)
+ have b_length: "length b = 1"
+ by (simp add: b'_def)
+ have x_id: "x = b'#a"
+ unfolding ab_def b'_def by auto
+ have "(1::nat)< 2" by presburger
+ hence 0: "x!1 = a!0"
+ unfolding ab_def b'_def using a_length
+ by (metis b'_def b_length nth_append_length pair_id)
+ have 00: "2 = Suc 1"
+ by auto
+ have 1: "x!2 = a!1"
+ using a_length nth_Cons[of b' a "2::nat"]
+ unfolding x_id 00
+ by (meson nth_Cons_Suc)
+ have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>)"
+ unfolding x_id b'_def using b'_closed cartesian_power_cons[of a Q\<^sub>p 2 b'] ab_def
+ unfolding reverse_val_relation_set_def mem_Collect_eq
+ using eval_nat_numeral(3) semiring_norm(175) by presburger
+
+ show "x \<in> carrier (Q\<^sub>p\<^bsup>3\<^esup>) \<and> val (x ! 1) \<le> val (x ! 2)"
+ using x_closed ab_def unfolding reverse_val_relation_set_def mem_Collect_eq 0 1 by blast
+ qed
+ qed
+ show ?thesis unfolding 0
+ using cartesian_product_is_semialgebraic[of 2 reverse_val_relation_set 1 "carrier (Q\<^sub>p\<^bsup>1\<^esup>)"]
+ by (metis add_num_simps(2) car_times_semialg_is_semialg one_plus_numeral reverse_val_relation_set_semialg)
+qed
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Semialgebraic Functions\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ The most natural way to define a semialgebraic function $f: \mathbb{Q}_p^n \to \mathbb{Q}_p$ is a
+ function whose graph is a semialgebraic subset of $\mathbb{Q}_p^{n+1}$. However, the definition
+ given here is slightly different, and devised by Denef in \cite{denef1986} in order to prove
+ Macintyre's theorem. As Denef notes, we can use Macintyre's theorem to deduce that the given
+ definition perfectly aligns with the intuitive one.
+\<close>
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>Defining Semialgebraic Functions\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+
+text\<open>Apply a function f to the tuple consisting of the first n indices, leaving the remaining indices
+unchanged\<close>
+
+definition partial_image where
+"partial_image m f xs = (f (take m xs))#(drop m xs)"
+
+definition partial_pullback where
+"partial_pullback m f l S = (partial_image m f) \<inverse>\<^bsub>m+l\<^esub> S "
+
+lemma partial_pullback_memE:
+ assumes "as \<in> partial_pullback m f l S"
+ shows "as \<in> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)" "partial_image m f as \<in> S"
+ using assms apply (metis evimage_eq partial_pullback_def)
+ using assms unfolding partial_pullback_def
+ by blast
+
+lemma partial_pullback_closed:
+"partial_pullback m f l S \<subseteq> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)"
+ using partial_pullback_memE(1) by blast
+
+lemma partial_pullback_memI:
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>m + k\<^esup>)"
+ assumes "(f (take m as))#(drop m as) \<in> S"
+ shows "as \<in> partial_pullback m f k S"
+ using assms unfolding partial_pullback_def partial_image_def evimage_def
+ by blast
+
+lemma partial_image_eq:
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "bs \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ assumes "x = as @ bs"
+ shows "partial_image n f x = (f as)#bs"
+proof-
+ have 0: "(take n x) = as"
+ by (metis append_eq_conv_conj assms(1) assms(3) cartesian_power_car_memE)
+ have 1: "drop n x = bs"
+ by (metis "0" append_take_drop_id assms(3) same_append_eq)
+ show ?thesis using 0 1 unfolding partial_image_def
+ by blast
+qed
+
+lemma partial_pullback_memE':
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "bs \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ assumes "x = as @ bs"
+ assumes "x \<in> partial_pullback n f k S"
+ shows "(f as)#bs \<in> S"
+ using partial_pullback_memE[of x n f k S] partial_image_def[of n f x]
+ by (metis assms(1) assms(2) assms(3) assms(4) partial_image_eq)
+
+text\<open>Partial pullbacks have the same algebraic properties as pullbacks\<close>
+
+lemma partial_pullback_intersect:
+"partial_pullback m f l (S1 \<inter> S2) = (partial_pullback m f l S1) \<inter> (partial_pullback m f l S2)"
+ unfolding partial_pullback_def
+ by simp
+
+lemma partial_pullback_union:
+"partial_pullback m f l (S1 \<union> S2) = (partial_pullback m f l S1) \<union> (partial_pullback m f l S2)"
+ unfolding partial_pullback_def
+ by simp
+
+lemma cartesian_power_drop:
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>)"
+ shows "drop n x \<in> carrier (Q\<^sub>p\<^bsup>l\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ using assms cartesian_power_car_memE
+ apply (metis add_diff_cancel_left' length_drop)
+ using assms cartesian_power_car_memE''
+ by (metis order.trans set_drop_subset)
+
+lemma partial_pullback_complement:
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ shows "partial_pullback m f l (carrier (Q\<^sub>p\<^bsup>Suc l\<^esup>) - S) = carrier (Q\<^sub>p\<^bsup>m + l\<^esup>) - (partial_pullback m f l S) "
+ apply(rule equalityI)
+ using partial_pullback_def[of m f l "(carrier (Q\<^sub>p\<^bsup>Suc l\<^esup>) - S)"]
+ partial_pullback_def[of m f l S]
+ apply (smt Diff_iff evimage_Diff partial_pullback_memE(1) subsetI)
+proof fix x assume A: " x \<in> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>) - partial_pullback m f l S"
+ show " x \<in> partial_pullback m f l (carrier (Q\<^sub>p\<^bsup>Suc l\<^esup>) - S) "
+ apply(rule partial_pullback_memI)
+ using A
+ apply blast
+ proof
+ have 00: "Suc l = l + 1"
+ by auto
+ have 0: "drop m x \<in> carrier (Q\<^sub>p\<^bsup>l\<^esup>)"
+ by (meson A DiffD1 cartesian_power_drop)
+ have 1: "take m x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using A by (meson DiffD1 le_add1 take_closed)
+ have "f (take m x) # drop m x \<in> carrier (Q\<^sub>p\<^bsup>l+1\<^esup>) "
+ using assms 0 1 00 cartesian_power_cons[of "drop m x" Q\<^sub>p l "f (take m x)"]
+ by blast
+ thus "f (take m x) # drop m x \<in> carrier (Q\<^sub>p\<^bsup>Suc l\<^esup>) "
+ using 00 by metis
+ show "f (take m x) # drop m x \<notin> S"
+ using A unfolding partial_pullback_def partial_image_def
+ by blast
+ qed
+qed
+
+lemma partial_pullback_carrier:
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ shows "partial_pullback m f l (carrier (Q\<^sub>p\<^bsup>Suc l\<^esup>)) = carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)"
+ apply(rule equalityI)
+ using partial_pullback_memE(1) apply blast
+proof fix x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)"
+ show "x \<in> partial_pullback m f l (carrier (Q\<^sub>p\<^bsup>Suc l\<^esup>))"
+ apply(rule partial_pullback_memI)
+ using A cartesian_power_drop[of x m l] assms
+ apply blast
+proof-
+ have "f (take m x) \<in> carrier Q\<^sub>p"
+ using A assms take_closed[of m "m+l" x Q\<^sub>p]
+ by (meson Pi_mem le_add1)
+ then show "f (take m x) # drop m x \<in> carrier (Q\<^sub>p\<^bsup>Suc l\<^esup>)"
+ using cartesian_power_drop[of x m l]
+ by (metis A add.commute cartesian_power_cons plus_1_eq_Suc)
+qed
+qed
+
+text\<open>Definition 1.4 from Denef\<close>
+
+definition is_semialg_function where
+"is_semialg_function m f = ((f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier Q\<^sub>p) \<and>
+ (\<forall>l \<ge> 0. \<forall>S \<in> semialg_sets (1 + l). is_semialgebraic (m + l) (partial_pullback m f l S)))"
+
+lemma is_semialg_function_closed:
+ assumes "is_semialg_function m f"
+ shows "f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ using is_semialg_function_def assms by blast
+
+lemma is_semialg_functionE:
+ assumes "is_semialg_function m f"
+ assumes "is_semialgebraic (1 + k) S"
+ shows " is_semialgebraic (m + k) (partial_pullback m f k S)"
+ using is_semialg_function_def assms
+ by (meson is_semialgebraicE le0)
+
+lemma is_semialg_functionI:
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "\<And>k S. S \<in> semialg_sets (1 + k) \<Longrightarrow> is_semialgebraic (m + k) (partial_pullback m f k S)"
+ shows "is_semialg_function m f"
+ using assms unfolding is_semialg_function_def
+ by blast
+
+text\<open>Semialgebraicity for functions can be verified on basic semialgebraic sets \<close>
+
+lemma is_semialg_functionI':
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "\<And>k S. S \<in> basic_semialgs (1 + k) \<Longrightarrow> is_semialgebraic (m + k) (partial_pullback m f k S)"
+ shows "is_semialg_function m f"
+ apply(rule is_semialg_functionI)
+ using assms(1) apply blast
+proof-
+ show "\<And>k S. S \<in> semialg_sets (1 + k) \<Longrightarrow> is_semialgebraic (m + k) (partial_pullback m f k S)"
+ proof- fix k S assume A: "S \<in> semialg_sets (1 + k)"
+ show "is_semialgebraic (m + k) (partial_pullback m f k S)"
+ apply(rule gen_boolean_algebra.induct[of S "carrier (Q\<^sub>p\<^bsup>1+k\<^esup>)" "basic_semialgs (1 + k)"])
+ using A unfolding semialg_sets_def
+ apply blast
+ using partial_pullback_carrier assms carrier_is_semialgebraic plus_1_eq_Suc apply presburger
+ apply (metis assms(1) assms(2) carrier_is_semialgebraic intersection_is_semialg partial_pullback_carrier partial_pullback_intersect plus_1_eq_Suc)
+ using partial_pullback_union union_is_semialgebraic apply presburger
+ using assms(1) complement_is_semialg partial_pullback_complement plus_1_eq_Suc by presburger
+ qed
+qed
+
+text\<open>Graphs of semialgebraic functions are semialgebraic\<close>
+abbreviation graph where
+"graph \<equiv> fun_graph Q\<^sub>p"
+
+lemma graph_memE:
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "x \<in> graph m f"
+ shows "f (take m x) = x!m"
+ "x = (take m x)@[f (take m x)]"
+ "take m x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+proof-
+ obtain a where a_def: "a\<in>carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<and> x = a @ [f a]"
+ using assms
+ unfolding fun_graph_def
+ by blast
+ then have 0: "a = take m x"
+ by (metis append_eq_conv_conj cartesian_power_car_memE)
+ then show "f (take m x) = x!m"
+ by (metis a_def cartesian_power_car_memE nth_append_length)
+ show "x = (take m x)@[f (take m x)]"
+ using "0" a_def
+ by blast
+ show "take m x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using "0" a_def by blast
+qed
+
+lemma graph_memI:
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "f (take m x) = x!m"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>m+1\<^esup>)"
+ shows "x \<in> graph m f"
+proof-
+ have 0: "take m x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ apply(rule take_closed[of _ "m + 1"])
+ apply simp
+ using assms(3) by blast
+ have "x = (take m x)@[x!m]"
+ by (metis \<open>take m x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)\<close> add.commute
+ assms(3) cartesian_power_car_memE length_append_singleton lessI
+ nth_equalityI nth_take plus_1_eq_Suc take_Suc_conv_app_nth)
+ then have "x = (take m x)@[f (take m x)]"
+ using assms(2)
+ by presburger
+ then show ?thesis
+ using assms 0
+ unfolding fun_graph_def
+ by blast
+qed
+
+lemma graph_mem_closed:
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "x \<in> graph m f"
+ shows "x \<in> carrier (Q\<^sub>p\<^bsup>m+1\<^esup>)"
+proof(rule cartesian_power_car_memI')
+ show "length x = m + 1"
+ using assms graph_memE[of f m x]
+ by (smt Groups.add_ac(2) cartesian_power_car_memE fun_graph_def length_append_singleton mem_Collect_eq plus_1_eq_Suc)
+ show "\<And>i. i < m + 1 \<Longrightarrow> x ! i \<in> carrier Q\<^sub>p"
+ proof- fix i assume A: "i < m + 1"
+ then show "x ! i \<in> carrier Q\<^sub>p"
+ proof(cases "i = m")
+ case True
+ then show ?thesis using graph_memE[of f m x]
+ by (metis PiE assms(1) assms(2))
+ next
+ case False
+ then show ?thesis using graph_memE[of f m x]
+ by (metis \<open>i < m + 1\<close> add.commute assms(1) assms(2) cartesian_power_car_memE' less_SucE nth_take plus_1_eq_Suc)
+ qed
+ qed
+qed
+
+lemma graph_closed:
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ shows "graph m f \<subseteq> carrier (Q\<^sub>p\<^bsup>m+1\<^esup>)"
+ using assms graph_mem_closed
+ by blast
+
+text\<open>The \<open>m\<close>-dimensional diagonal set is semialgebraic\<close>
+
+notation diagonal ("\<Delta> ")
+
+lemma diag_is_algebraic:
+ shows "is_algebraic Q\<^sub>p (n + n) (\<Delta> n)"
+ using Qp.cring_axioms diagonal_is_algebraic
+ by blast
+
+lemma diag_is_semialgebraic:
+ shows "is_semialgebraic (n + n) (\<Delta> n)"
+ using diag_is_algebraic is_algebraic_imp_is_semialg
+ by blast
+
+text\<open>Transposition permutations\<close>
+
+definition transpose where
+"transpose i j = (Fun.swap i j id)"
+
+lemma transpose_permutes:
+ assumes "i< n"
+ assumes "j < n"
+ shows "transpose i j permutes {..<n}"
+ unfolding permutes_def transpose_def
+proof
+ show "\<forall>x. x \<notin> {..<n} \<longrightarrow> Fun.swap i j id x = x"
+ using assms by (auto simp: Transposition.transpose_def)
+ show "\<forall>y. \<exists>!x. Fun.swap i j id x = y"
+ proof fix y show "\<exists>!x. Fun.swap i j id x = y"
+ using swap_id_eq[of i j y]
+ by (metis eq_id_iff swap_apply(1) swap_apply(2) swap_id_eq swap_self)
+qed
+qed
+
+lemma transpose_alt_def:
+"transpose a b x = (if x = a then b else if x = b then a else x)"
+ using swap_id_eq
+ by (simp add: transpose_def)
+
+definition last_to_first where
+"last_to_first n = (\<lambda>i. if i = (n-1) then 0 else if i < n-1 then i + 1 else i)"
+
+definition first_to_last where
+"first_to_last n = fun_inv (last_to_first n)"
+
+lemma last_to_first_permutes:
+ assumes "(n::nat) > 0"
+ shows "last_to_first n permutes {..<n}"
+ unfolding permutes_def
+proof
+ show "\<forall>x. x \<notin> {..<n} \<longrightarrow> last_to_first n x = x"
+ proof fix x show " x \<notin> {..<n} \<longrightarrow> last_to_first n x = x"
+ proof assume A: "x \<notin> {..<n}" then have "\<not> x < n"
+ by blast then have "x \<ge> n" by linarith
+ then show "last_to_first n x = x"
+ unfolding last_to_first_def using assms
+ by auto
+ qed
+ qed
+ show "\<forall>y. \<exists>!x. last_to_first n x = y"
+ proof fix y
+ show "\<exists>!x. last_to_first n x = y"
+ proof(cases "y = 0")
+ case True
+ then have 0: "last_to_first n (n-1) = y"
+ using last_to_first_def
+ by (simp add: last_to_first_def)
+ have 1: "\<And>x. last_to_first n x = y \<Longrightarrow> x = n-1"
+ unfolding last_to_first_def using True
+ by (metis add_gr_0 less_numeral_extra(1) not_gr_zero)
+ show ?thesis
+ using 0 1
+ by blast
+ next
+ case False
+ then show ?thesis
+ proof(cases "y < n")
+ case True
+ then have 0: "last_to_first n (y-1) = y"
+ using False True
+ unfolding last_to_first_def
+ using add.commute by auto
+ have 1: "\<And>x. last_to_first n x = y \<Longrightarrow> x =(y-1)"
+ unfolding last_to_first_def
+ using True False
+ by auto
+ show ?thesis using 0 1 by blast
+ next
+ case F: False
+ then have 0: "y \<ge> n"
+ using not_less by blast
+ then have 1: "last_to_first n y = y"
+ by (simp add: \<open>\<forall>x. x \<notin> {..<n} \<longrightarrow> last_to_first n x = x\<close>)
+ have 2: "\<And>x. last_to_first n x = y \<Longrightarrow> x =y"
+ using 0 unfolding last_to_first_def
+ using False by presburger
+ then show ?thesis using 1 2 by blast
+ qed
+ qed
+ qed
+qed
+
+definition graph_swap where
+"graph_swap n f = permute_list ((first_to_last (n+1))) ` (graph n f)"
+
+lemma last_to_first_eq:
+ assumes "length as = n"
+ shows "permute_list (last_to_first (n+1)) (a#as) = (as@[a])"
+proof-
+ have 0: "\<And>i. i < (n+1) \<Longrightarrow> permute_list (last_to_first (n + 1)) (a # as) ! i = (as@[a]) ! i"
+ proof-
+ fix i assume A: "i < n+1"
+ show "permute_list (last_to_first (n + 1)) (a # as) ! i = (as @ [a]) ! i"
+ proof(cases "i = n")
+ case True
+ have 0: "(as @ [a]) ! i = a"
+ by (metis True assms nth_append_length)
+ have 1: "length (a#as) = n + 1"
+ by (simp add: assms)
+ have 2: "i < length (a # as)"
+ using "1" A by linarith
+ have 3: "last_to_first (n + 1) permutes {..<length (a # as)}"
+ by (metis "1" add_gr_0 last_to_first_permutes less_numeral_extra(1))
+ have 4: "permute_list (last_to_first (n + 1)) (a # as) ! i = (a # as) ! last_to_first (n + 1) i"
+ using 2 3 permute_list_nth[of "last_to_first (n + 1)" "a#as" i]
+ by blast
+ have 5: "permute_list (last_to_first (n + 1)) (a # as) ! i = (a # as) ! 0"
+ using 4 unfolding last_to_first_def
+ by (simp add: True)
+ have 6: "permute_list (last_to_first (n + 1)) (a # as) ! i = a"
+ using 5
+ by simp
+ then show ?thesis using 0 by auto
+ next
+ case False
+ then show ?thesis
+ by (smt A add.commute add.right_neutral add_diff_cancel_right' add_gr_0
+ add_less_cancel_left append.simps(1) append.simps(2) assms last_to_first_def
+ last_to_first_permutes less_SucE less_numeral_extra(1) list.size(3) list.size(4)
+ nth_append permute_list_nth plus_1_eq_Suc)
+ qed
+ qed
+ have 1: "length (a#as) = n + 1"
+ by (simp add: assms)
+ have 2: "length (permute_list (last_to_first (n+1)) (a#as)) = n + 1"
+ by (metis "1" length_permute_list)
+ have 3: "length (as@[a]) = n + 1"
+ by (simp add: assms)
+ then show ?thesis using 0 2
+ by (metis nth_equalityI)
+qed
+
+lemma first_to_last_eq:
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "permute_list (first_to_last (n+1)) (as@[a]) = (a#as)"
+proof-
+ have "length as = n"
+ using assms(1) cartesian_power_car_memE by blast
+ then show ?thesis
+ using last_to_first_eq last_to_first_permutes[of n]
+ permute_list_compose_inv(2)[of "(last_to_first (n + 1))" n "a # as"]
+ unfolding first_to_last_def
+ by (metis add_gr_0 assms(1) assms(2) cartesian_power_append last_to_first_permutes
+ less_one permute_list_closed' permute_list_compose_inv(2))
+qed
+
+lemma graph_swapI:
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ shows "(f as)#as \<in> graph_swap n f"
+proof-
+ have 0: "as@[f as] \<in> graph n f"
+ using assms using graph_memI[of f n] fun_graph_def
+ by blast
+ have 1: "f as \<in> carrier Q\<^sub>p"
+ using assms
+ by blast
+ then show ?thesis
+ using assms 0 first_to_last_eq[of as "n" "f as"]
+ unfolding graph_swap_def
+ by (metis image_eqI)
+qed
+
+lemma graph_swapE:
+ assumes "x \<in> graph_swap n f"
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ shows "hd x = f (tl x)"
+proof-
+ obtain y where y_def: "y \<in> graph n f \<and> x = permute_list (first_to_last (n+1)) y"
+ using assms graph_swap_def
+ by (smt image_def mem_Collect_eq)
+ then have "take n y \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using assms(2) graph_memE(3)
+ by blast
+ then show "hd x = f (tl x)"
+ by (metis (no_types, lifting) add.commute assms(2) cartesian_power_car_memE'
+ first_to_last_eq graph_memE(1) graph_memE(2) graph_mem_closed lessI list.sel(1)
+ list.sel(3) plus_1_eq_Suc y_def)
+qed
+
+text\<open>Semialgebraic functions have semialgebraic graphs\<close>
+
+lemma graph_as_partial_pullback:
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ shows "partial_pullback n f 1 (\<Delta> 1) = graph n f"
+proof
+ show "partial_pullback n f 1 (\<Delta> 1) \<subseteq> graph n f"
+ proof fix x assume A: "x \<in> partial_pullback n f 1 (\<Delta> 1)"
+ then have 0: "f (take n x) # drop n x \<in> \<Delta> 1"
+ by (metis local.partial_image_def partial_pullback_memE(2))
+ then have 1: "length (f (take n x) # drop n x) = 2"
+ using diagonal_def
+ by (metis (no_types, lifting) cartesian_power_car_memE mem_Collect_eq one_add_one)
+ then obtain b where b_def: "[b] = drop n x"
+ by (metis list.inject pair_id)
+ then have "[f (take n x), b] \<in> \<Delta> 1"
+ using "0"
+ by presburger
+ then have "b = f (take n x)"
+ using 0
+ by (smt One_nat_def Qp.cring_axioms diagonal_def drop0 drop_Suc_Cons list.inject mem_Collect_eq take_Suc_Cons)
+ then have "x = (take n x)@[f (take n x)]"
+ by (metis append_take_drop_id b_def)
+ then show "x \<in> graph n f" using graph_memI[of f n x]
+ by (metis (no_types, lifting) A \<open>b = f (take n x)\<close>
+ assms b_def nth_via_drop partial_pullback_memE(1))
+ qed
+ show "graph n f \<subseteq> partial_pullback n f 1 (\<Delta> 1)"
+ proof fix x
+ assume A: "x \<in> graph n f "
+ then have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>n+1\<^esup>)"
+ using assms graph_mem_closed by blast
+ have "x = (take n x) @ [f (take n x)]"
+ using A graph_memE(2)[of f n x] assms
+ by blast
+ then have "partial_image n f x = [f (take n x), f (take n x)]"
+ by (metis append_take_drop_id local.partial_image_def same_append_eq)
+ then have "partial_image n f x \<in> \<Delta> 1"
+ using assms 0 diagonal_def[of 1] Qp.cring_axioms diagonalI[of "partial_image n f x"]
+ by (metis (no_types, lifting) A append_Cons append_eq_conv_conj
+ cartesian_power_car_memE cartesian_power_car_memE' graph_memE(1)
+ less_add_one self_append_conv2 Qp.to_R1_closed)
+ then show "x \<in> partial_pullback n f 1 (\<Delta> 1)"
+ unfolding partial_pullback_def using 0
+ by blast
+ qed
+qed
+
+lemma semialg_graph:
+ assumes "is_semialg_function n f"
+ shows "is_semialgebraic (n + 1) (graph n f)"
+ using assms graph_as_partial_pullback[of f n] unfolding is_semialg_function_def
+ by (metis diag_is_semialgebraic is_semialgebraicE less_imp_le_nat less_numeral_extra(1))
+
+text\<open>Functions induced by polynomials are semialgebraic\<close>
+
+definition var_list_segment where
+"var_list_segment i j = map (\<lambda>i. pvar Q\<^sub>p i) [i..< j]"
+
+lemma var_list_segment_length:
+ assumes "i \<le> j"
+ shows "length (var_list_segment i j) = j - i"
+ using assms var_list_segment_def
+ by fastforce
+
+lemma var_list_segment_entry:
+ assumes "k < j - i"
+ assumes "i \<le> j"
+ shows "var_list_segment i j ! k = pvar Q\<^sub>p (i + k)"
+ using assms var_list_segment_length
+ unfolding var_list_segment_def
+ using nth_map_upt by blast
+
+lemma var_list_segment_is_poly_tuple:
+ assumes "i \<le>j"
+ assumes "j \<le> n"
+ shows "is_poly_tuple n (var_list_segment i j)"
+ apply(rule Qp_is_poly_tupleI)
+ using assms var_list_segment_entry var_list_segment_length Qp.cring_axioms pvar_closed[of _ n]
+ by (metis (no_types, opaque_lifting) add.commute add_lessD1 diff_add_inverse le_Suc_ex
+ less_diff_conv)
+
+lemma map_by_var_list_segment:
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "j \<le> n"
+ assumes "i \<le> j"
+ shows "poly_map n (var_list_segment i j) as = list_segment i j as"
+ apply(rule nth_equalityI )
+ unfolding poly_map_def var_list_segment_def list_segment_def restrict_def poly_tuple_eval_def
+ apply (metis (full_types) assms(1) length_map)
+ using assms eval_pvar[of _ n as] Qp.cring_axioms length_map add.commute
+ length_upt less_diff_conv less_imp_add_positive nth_map nth_upt
+ trans_less_add2
+ by (smt le_add_diff_inverse2)
+
+lemma map_by_var_list_segment_to_length:
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "i \<le> n"
+ shows "poly_map n (var_list_segment i n) as = drop i as"
+ apply(rule nth_equalityI )
+ apply (metis Qp_poly_mapE' assms(1) assms(2) cartesian_power_car_memE length_drop var_list_segment_length)
+ using assms map_by_var_list_segment[of as n n i] list_segment_drop[of i as] cartesian_power_car_memE[of as Q\<^sub>p n]
+ map_nth[of ] nth_drop nth_map[of _ "[i..<n]" "(pvar Q\<^sub>p)" ] nth_map[of _ "map (pvar Q\<^sub>p) [i..<n]" "eval_at_point Q\<^sub>p as"]
+ unfolding poly_map_def poly_tuple_eval_def var_list_segment_def restrict_def list_segment_def
+ by (smt add.commute add_eq_self_zero drop_map drop_upt le_Suc_ex le_refl)
+
+lemma map_tail_by_var_list_segment:
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "i < n"
+ shows "poly_map (n+1) (var_list_segment 1 (n+1)) (a#as) = as"
+proof-
+ have 0: "(a#as) \<in> carrier (Q\<^sub>p\<^bsup>n+1\<^esup>)"
+ using assms
+ by (meson cartesian_power_cons)
+ have 1: "length as = n"
+ using assms cartesian_power_car_memE
+ by blast
+ have 2: "drop 1 (a # as) = as"
+ using 0 1 using list_segment_drop[of 1 "a#as"]
+ by (metis One_nat_def drop0 drop_Suc_Cons )
+ have "1 \<le>n + 1" by auto
+ then show ?thesis
+ using 0 2 map_by_var_list_segment_to_length[of "a#as" "n+1" 1]
+ by presburger
+qed
+
+lemma Qp_poly_tuple_Cons:
+ assumes "is_poly_tuple n fs"
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>k\<^esub>])"
+ assumes "k \<le>n"
+ shows "is_poly_tuple n (f#fs)"
+ using is_poly_tuple_Cons[of n fs f] poly_ring_car_mono[of k n] assms
+ by blast
+
+lemma poly_map_Cons:
+ assumes "is_poly_tuple n fs"
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "poly_map n (f#fs) a = (Qp_ev f a)#poly_map n fs a"
+ using assms poly_map_cons by blast
+
+lemma poly_map_append':
+ assumes "is_poly_tuple n fs"
+ assumes "is_poly_tuple n gs"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "poly_map n (fs@gs) a = poly_map n fs a @ poly_map n gs a"
+ using assms(3) poly_map_append by blast
+
+lemma partial_pullback_by_poly:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "S \<subseteq> carrier (Q\<^sub>p\<^bsup>1+k\<^esup>)"
+ shows "partial_pullback n (Qp_ev f) k S = poly_tuple_pullback (n+k) S (f# (var_list_segment n (n+k)))"
+proof
+ show "partial_pullback n (Qp_ev f) k S \<subseteq> poly_tuple_pullback (n+k) S (f # var_list_segment n (n + k))"
+ proof fix x assume A: " x \<in> partial_pullback n (Qp_ev f) k S"
+ then obtain as bs where as_bs_def: "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<and> bs \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<and> x = as @ bs"
+ using partial_pullback_memE(1)[of x n "(Qp_ev f)" k S] cartesian_power_decomp
+ by metis
+ then have 0: "(Qp_ev f as#bs) \<in> S"
+ using A partial_pullback_memE'
+ by blast
+ have 1: "Qp_ev f as = Qp_ev f (as@bs)"
+ using assms as_bs_def poly_eval_cartesian_prod[of as n bs k f]
+ Qp.cring_axioms [of ]
+ by metis
+ then have 2: "((Qp_ev f x) #bs) \<in> S"
+ using "0" as_bs_def
+ by presburger
+ have 3: "bs = list_segment n (n+k) x"
+ using as_bs_def list_segment_drop[of n x]
+ by (metis (no_types, lifting) add_cancel_right_right add_diff_cancel_left'
+ append_eq_append_conv append_take_drop_id cartesian_power_car_memE
+ length_0_conv length_append length_map length_upt linorder_neqE_nat
+ list_segment_def not_add_less1)
+ have 4: "is_poly_tuple (n+k) (f # var_list_segment n (n + k))"
+ using Qp_poly_tuple_Cons
+ var_list_segment_is_poly_tuple
+ by (metis add.commute assms(1) dual_order.refl le_add2)
+ have 5: "f \<in> carrier (Q\<^sub>p [\<X>\<^bsub>n + k\<^esub>])"
+ using poly_ring_car_mono[of n "n + k"] assms le_add1 by blast
+ have 6: "is_poly_tuple (n + k) (var_list_segment n (n + k))"
+ by (simp add: var_list_segment_is_poly_tuple)
+ have 7: "x \<in> carrier (Q\<^sub>p\<^bsup>n + k\<^esup>)"
+ using as_bs_def cartesian_power_concat(1) by blast
+ hence 8: "poly_map (n+k) (f # var_list_segment n (n + k)) x = (Qp_ev f x)#poly_map (n+k) (var_list_segment n (n + k)) x"
+ using 5 6 7 A poly_map_Cons[of "n + k" "var_list_segment n (n + k)" f x] 4
+ unfolding partial_pullback_def evimage_def
+ by blast
+ hence 6: "poly_map (n+k) (f # var_list_segment n (n + k)) x = (Qp_ev f x)#bs"
+ using 3 "7" le_add1 le_refl map_by_var_list_segment by presburger
+ show " x \<in> poly_tuple_pullback (n+k) S (f # var_list_segment n (n + k))"
+ unfolding poly_tuple_pullback_def using 6
+ by (metis "2" "7" IntI poly_map_apply vimage_eq)
+ qed
+ show "poly_tuple_pullback (n + k) S (f # var_list_segment n (n + k)) \<subseteq> partial_pullback n (Qp_ev f) k S"
+ proof fix x
+ assume A: "x \<in> poly_tuple_pullback (n + k) S (f # var_list_segment n (n + k))"
+ have 0: "is_poly_tuple (n+k) (f # var_list_segment n (n + k))"
+ using Qp_poly_tuple_Cons assms(1) le_add1 var_list_segment_is_poly_tuple
+ by blast
+ have 1: "x \<in> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ using A unfolding poly_tuple_pullback_def
+ by blast
+ have 2: "poly_map (n+k) (f # var_list_segment n (n + k)) x \<in> S"
+ using 1 assms A unfolding poly_map_def poly_tuple_pullback_def restrict_def
+ by (metis (no_types, opaque_lifting) Int_commute add.commute evimage_def evimage_eq)
+ have 3: "poly_map (n+k) (f # var_list_segment n (n + k)) x = (Qp_ev f x)#(drop n x)"
+ using poly_map_Cons[of "n + k" "var_list_segment n (n + k)" f x] 1 assms(1) map_by_var_list_segment_to_length
+ le_add1 poly_map_cons by presburger
+ have 4: "poly_map (n+k) (f # var_list_segment n (n + k)) x = (Qp_ev f (take n x))#(drop n x)"
+ using assms 1 3 eval_at_points_higher_pow[of f n "n + k" "x"] le_add1
+ by (metis nat_le_iff_add)
+ show "x \<in> partial_pullback n (Qp_ev f) k S"
+ apply(rule partial_pullback_memI)
+ using 1 apply blast
+ using 2 3 4 by metis
+ qed
+qed
+
+lemma poly_is_semialg:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "is_semialg_function n (Qp_ev f)"
+proof(rule is_semialg_functionI)
+ show "Qp_ev f \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ using assms
+ by (meson Pi_I eval_at_point_closed)
+ show "\<And>k S. S \<in> semialg_sets (1 + k) \<Longrightarrow> is_semialgebraic (n + k) (partial_pullback n (Qp_ev f) k S)"
+ proof- fix k::nat fix S
+ assume A: "S \<in> semialg_sets (1 + k)"
+ have 0: "is_poly_tuple (n + k) (f # var_list_segment n (n + k))"
+ by (metis add.commute assms le_add2 order_refl Qp_poly_tuple_Cons
+ var_list_segment_is_poly_tuple)
+ have 1: "length (f # var_list_segment n (n + k)) = k + 1"
+ by (metis add.commute add_diff_cancel_left' le_add1 length_Cons
+ plus_1_eq_Suc var_list_segment_length)
+ have 2: "partial_pullback n (Qp_ev f) k S = poly_tuple_pullback (n + k) S (f # var_list_segment n (n + k))"
+ using A assms partial_pullback_by_poly[of f n S k]
+ unfolding semialg_sets_def
+ using gen_boolean_algebra_subset
+ by blast
+ then show "is_semialgebraic (n + k) (partial_pullback n (Qp_ev f) k S)"
+ using add.commute[of 1 k] 0 1 assms(1)
+ pullback_is_semialg[of "n+k" "(f # var_list_segment n (n + k))" "k+1" S]
+ by (metis A is_semialgebraicI is_semialgebraic_closed poly_tuple_pullback_eq_poly_map_vimage)
+ qed
+qed
+
+text\<open>Families of polynomials defined by semialgebraic coefficient functions\<close>
+
+lemma semialg_function_on_carrier:
+ assumes "is_semialg_function n f"
+ assumes "restrict f (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) = restrict g (carrier (Q\<^sub>p\<^bsup>n\<^esup>))"
+ shows "is_semialg_function n g"
+proof(rule is_semialg_functionI)
+ have 0: "f \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ using assms(1) is_semialg_function_closed
+ by blast
+ show "g \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ proof fix x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)" then show " g x \<in> carrier Q\<^sub>p"
+ using assms(2) 0
+ by (metis (no_types, lifting) PiE restrict_Pi_cancel)
+ qed
+ show "\<And>k S. S \<in> semialg_sets (1 + k) \<Longrightarrow> is_semialgebraic (n + k) (partial_pullback n g k S)"
+ proof- fix k S
+ assume A: "S \<in> semialg_sets (1 + k)"
+ have 1: "is_semialgebraic (n + k) (partial_pullback n f k S)"
+ using A assms(1) is_semialg_functionE is_semialgebraicI
+ by blast
+ have 2: "(partial_pullback n f k S) = (partial_pullback n g k S)"
+ unfolding partial_pullback_def partial_image_def evimage_def
+ proof
+ show "(\<lambda>xs. f (take n xs) # drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>) \<subseteq> (\<lambda>xs. g (take n xs) # drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ proof fix x assume "x \<in> (\<lambda>xs. f (take n xs) # drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>) "
+ have "(take n x) \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using assms
+ by (meson \<open>x \<in> (\<lambda>xs. f (take n xs) # drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)\<close>
+ inf_le2 le_add1 subset_iff take_closed)
+ then have "f (take n x) = g (take n x)"
+ using assms unfolding restrict_def
+ by meson
+ then show " x \<in> (\<lambda>xs. g (take n xs) # drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ using assms \<open>x \<in> (\<lambda>xs. f (take n xs) # drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)\<close>
+ by blast
+ qed
+ show "(\<lambda>xs. g (take n xs) # drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>) \<subseteq> (\<lambda>xs. f (take n xs) # drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ proof fix x assume A: "x \<in> (\<lambda>xs. g (take n xs) # drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ have "(take n x) \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using assms
+ by (meson A inf_le2 le_add1 subset_iff take_closed)
+ then have "f (take n x) = g (take n x)"
+ using assms unfolding restrict_def
+ by meson
+ then show "x \<in> (\<lambda>xs. f (take n xs) # drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ using A by blast
+ qed
+ qed
+ then show "is_semialgebraic (n + k) (partial_pullback n g k S)"
+ using 1 by auto
+ qed
+qed
+
+lemma semialg_function_on_carrier':
+ assumes "is_semialg_function n f"
+ assumes "\<And>a. a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<Longrightarrow> f a = g a"
+ shows "is_semialg_function n g"
+ using assms semialg_function_on_carrier unfolding restrict_def
+ by (meson restrict_ext semialg_function_on_carrier)
+
+lemma constant_function_is_semialg:
+ assumes "n > 0"
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "\<And> a. a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<Longrightarrow> f a = x"
+ shows "is_semialg_function n f"
+proof(rule semialg_function_on_carrier[of _ "Qp_ev (Qp_to_IP x)"])
+ show "is_semialg_function n (Qp_ev (Qp_to_IP x))"
+ using assms poly_is_semialg[of "(Qp_to_IP x)"] Qp_to_IP_car
+ by blast
+ have 0: "\<And> a. a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<Longrightarrow> f a = Qp_ev (Qp_to_IP x) a"
+ using eval_at_point_const assms
+ by blast
+ then show "restrict (Qp_ev (Qp_to_IP x)) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) = restrict f (carrier (Q\<^sub>p\<^bsup>n\<^esup>))"
+ by (metis (no_types, lifting) restrict_ext)
+qed
+
+lemma cartesian_product_singleton_factor_projection_is_semialg:
+ assumes "A \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ assumes "b \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "is_semialgebraic (m+n) (cartesian_product A {b})"
+ shows "is_semialgebraic m A"
+proof-
+ obtain f where f_def: "f = map (pvar Q\<^sub>p) [0..<m]"
+ by blast
+ have 0: "is_poly_tuple m f"
+ using assms var_list_segment_is_poly_tuple[of 0 m m]
+ unfolding var_list_segment_def f_def by blast
+ have 4: "length f = m"
+ unfolding f_def using length_map[of "pvar Q\<^sub>p" "[0..<m]"] by auto
+ obtain g where g_def: "(g::(nat multiset \<Rightarrow> ((nat \<Rightarrow> int) \<times> (nat \<Rightarrow> int)) set) list) = map (\<lambda>i::nat. Qp.indexed_const (b ! i)) [(0::nat)..<n]"
+ by blast
+ have 1: "is_poly_tuple m g"
+ proof-
+ have 0: "set [0::nat..< n] = {..<n}"
+ using atLeast_upt by blast
+ then have "\<And>i. i \<in> set [0::nat..< n] \<Longrightarrow> b!i \<in> carrier Q\<^sub>p"
+ using assms(2) cartesian_power_car_memE'[of b Q\<^sub>p n] by blast
+ hence 1: "\<And>i. i \<in> set [0::nat..< n] \<Longrightarrow> Qp.indexed_const (b ! i) \<in> carrier (Q\<^sub>p[\<X>\<^bsub>m\<^esub>])"
+ using assms Qp_to_IP_car by blast
+ show ?thesis
+ unfolding is_poly_tuple_def g_def
+ apply(rule subsetI)
+ using set_map[of "\<lambda>i. Qp.indexed_const (b ! i)" "[0..<n]"] 1 unfolding 0
+ by (smt image_iff)
+ qed
+ have 2: "is_poly_tuple m (f@g)"
+ using 0 1 Qp_is_poly_tuple_append assms(3) by blast
+ have 3: "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> poly_tuple_eval (f@g) x = x@b"
+ proof- fix x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ have 30: "poly_tuple_eval f x = x"
+ proof-
+ have 300: "length (poly_tuple_eval f x) = length x"
+ unfolding poly_tuple_eval_def using cartesian_power_car_memE
+ by (metis "4" A length_map)
+ have "\<And>i. i < length x \<Longrightarrow> poly_tuple_eval f x ! i = x ! i"
+ unfolding f_def poly_tuple_eval_def using nth_map
+ by (metis "4" A add_cancel_right_left cartesian_power_car_memE eval_pvar f_def length_map nth_upt)
+ thus ?thesis using 300
+ by (metis nth_equalityI)
+ qed
+ have 31: "poly_tuple_eval g x = b"
+ proof-
+ have 310: "length (poly_tuple_eval g x) = length b"
+ unfolding poly_tuple_eval_def g_def using cartesian_power_car_memE
+ by (metis assms(2) length_map map_nth)
+ have 311: "length b = n" using assms cartesian_power_car_memE by blast
+ hence "\<And>i. i < n \<Longrightarrow> poly_tuple_eval g x ! i = b ! i" proof- fix i assume "i < n"
+ thus "poly_tuple_eval g x ! i = b ! i"
+ unfolding g_def poly_tuple_eval_def using eval_at_point_const[of "b!i" x m] 310 nth_map
+ by (metis "311" A assms(2) cartesian_power_car_memE' length_map map_nth)
+ qed
+ thus ?thesis using 311 310 nth_equalityI
+ by (metis list_eq_iff_nth_eq)
+ qed
+ have 32: "poly_tuple_eval (f @ g) x = poly_map m (f@g) x"
+ unfolding poly_map_def restrict_def using A
+ by (simp add: A)
+ have 33: "poly_tuple_eval f x = poly_map m f x"
+ unfolding poly_map_def restrict_def using A
+ by (simp add: A)
+ have 34: "poly_tuple_eval g x = poly_map m g x"
+ unfolding poly_map_def restrict_def using A
+ by (simp add: A)
+ show "poly_tuple_eval (f @ g) x = x @ b"
+ using assms 1 2 30 31 poly_map_append[of x m f g] A unfolding 32 33 34
+ by (simp add: A \<open>b \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)\<close>)
+ qed
+ have 4: "A = (poly_tuple_eval (f@g) \<inverse>\<^bsub>m\<^esub> (cartesian_product A {b}))"
+ proof
+ show "A \<subseteq> poly_tuple_eval (f @ g) \<inverse>\<^bsub>m\<^esub> cartesian_product A {b}"
+ proof(rule subsetI) fix x assume A: "x \<in> A"
+ then have 0: "poly_tuple_eval (f@g) x = x@b"
+ using 3 assms by blast
+ then show " x \<in> poly_tuple_eval (f @ g) \<inverse>\<^bsub>m\<^esub> cartesian_product A {b}"
+ using A cartesian_product_memE
+ by (smt Un_upper1 assms(1) assms(2) cartesian_product_memI' evimageI2 in_mono insert_is_Un mk_disjoint_insert singletonI)
+ qed
+ show "poly_tuple_eval (f @ g) \<inverse>\<^bsub>m\<^esub> cartesian_product A {b} \<subseteq> A"
+ proof(rule subsetI) fix x assume A: "x \<in> (poly_tuple_eval (f @ g) \<inverse>\<^bsub>m\<^esub> cartesian_product A {b})"
+ then have "poly_tuple_eval (f @ g) x \<in> cartesian_product A {b}"
+ by blast
+ then have "x@b \<in> cartesian_product A {b}"
+ using A 3 by (metis evimage_eq)
+ then show "x \<in> A"
+ using A
+ by (metis append_same_eq cartesian_product_memE' singletonD)
+ qed
+ qed
+ have 5: "A = poly_map m (f@g) \<inverse>\<^bsub>m\<^esub> (cartesian_product A {b})"
+ proof
+ show "A \<subseteq> poly_map m (f @ g) \<inverse>\<^bsub>m\<^esub> cartesian_product A {b}"
+ unfolding poly_map_def evimage_def restrict_def using 4
+ by (smt IntI assms(1) evimageD in_mono subsetI vimageI)
+ show "poly_map m (f @ g) \<inverse>\<^bsub>m\<^esub> cartesian_product A {b} \<subseteq> A"
+ unfolding poly_map_def evimage_def restrict_def using 4
+ by (smt Int_iff evimageI2 subsetI vimage_eq)
+ qed
+ have 6: "length (f @ g) = m + n"
+ unfolding f_def g_def by (metis index_list_length length_append length_map map_nth)
+ show ?thesis using 2 5 6 assms pullback_is_semialg[of m "f@g" "m+n" "cartesian_product A {b}"]
+ by (metis is_semialgebraicE zero_eq_add_iff_both_eq_0)
+qed
+
+lemma cartesian_product_factor_projection_is_semialg:
+ assumes "A \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ assumes "B \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "B \<noteq> {}"
+ assumes "is_semialgebraic (m+n) (cartesian_product A B)"
+ shows "is_semialgebraic m A"
+proof-
+ obtain b where b_def: "b \<in> B"
+ using assms by blast
+ have "is_semialgebraic n {b}"
+ using assms b_def is_algebraic_imp_is_semialg singleton_is_algebraic by blast
+ hence 0: "is_semialgebraic (m+n) (cartesian_product (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) {b})"
+ using car_times_semialg_is_semialg assms(4) by blast
+ have "(cartesian_product (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) {b}) \<inter> (cartesian_product A B)
+ = (cartesian_product A {b})"
+ using assms b_def cartesian_product_intersection[of "carrier (Q\<^sub>p\<^bsup>m\<^esup>)" Q\<^sub>p m "{b}" n A B]
+ by (metis (no_types, lifting) Int_absorb1 Int_empty_left Int_insert_left_if1 \<open>is_semialgebraic n {b}\<close> is_semialgebraic_closed set_eq_subset)
+ hence "is_semialgebraic (m+n) (cartesian_product A {b})"
+ using assms 0 intersection_is_semialg by metis
+ thus ?thesis using assms cartesian_product_singleton_factor_projection_is_semialg
+ by (meson \<open>is_semialgebraic n {b}\<close> insert_subset is_semialgebraic_closed)
+qed
+
+lemma partial_pullback_cartesian_product:
+ assumes "\<xi> \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "S \<subseteq> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ shows "cartesian_product (partial_pullback m \<xi> 0 S) (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) = partial_pullback m \<xi> 1 (cartesian_product S (carrier (Q\<^sub>p\<^bsup>1\<^esup>))) "
+proof
+ show "cartesian_product (partial_pullback m \<xi> 0 S) (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) \<subseteq> partial_pullback m \<xi> 1 (cartesian_product S (carrier (Q\<^sub>p\<^bsup>1\<^esup>)))"
+ proof fix x assume A: "x \<in> cartesian_product (partial_pullback m \<xi> 0 S) (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"
+ then obtain y t where yt_def: "x = y@[t] \<and> y \<in> partial_pullback m \<xi> 0 S \<and> t \<in> carrier Q\<^sub>p"
+ by (metis cartesian_product_memE' Qp.to_R1_to_R Qp.to_R_pow_closed)
+ then have "[\<xi> y] \<in> S"
+ using partial_pullback_memE unfolding partial_image_def
+ by (metis (no_types, lifting) add.right_neutral append.right_neutral cartesian_power_drop le_zero_eq take_closed partial_pullback_memE' take_eq_Nil)
+ then have 0: "[\<xi> y]@[t] \<in> cartesian_product S (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"
+ using cartesian_product_memI' yt_def
+ by (metis assms(2) carrier_is_semialgebraic is_semialgebraic_closed Qp.to_R1_closed)
+ have 1: " x \<in> carrier (Q\<^sub>p\<^bsup>m + 1\<^esup>)"
+ using A yt_def
+ by (metis add.right_neutral cartesian_power_append partial_pullback_memE(1))
+ show "x \<in> partial_pullback m \<xi> 1 (cartesian_product S (carrier (Q\<^sub>p\<^bsup>1\<^esup>)))"
+ apply(rule partial_pullback_memI)
+ using "1" apply blast
+ using yt_def 0
+ by (smt Cons_eq_appendI add.right_neutral local.partial_image_def partial_image_eq partial_pullback_memE(1) self_append_conv2 Qp.to_R1_closed)
+ qed
+ show "partial_pullback m \<xi> 1 (cartesian_product S (carrier (Q\<^sub>p\<^bsup>1\<^esup>))) \<subseteq> cartesian_product (partial_pullback m \<xi> 0 S) (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"
+ proof(rule subsetI) fix x assume A: "x \<in> partial_pullback m \<xi> 1 (cartesian_product S (carrier (Q\<^sub>p\<^bsup>1\<^esup>)))"
+ then have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>m + 1\<^esup>)"
+ using assms partial_pullback_memE[of x m \<xi> 1 "cartesian_product S (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"]
+ by blast
+ have 1: "\<xi> (take m x) # drop m x \<in> cartesian_product S (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"
+ using A assms partial_pullback_memE[of x m \<xi> 1 "cartesian_product S (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"]
+ unfolding partial_image_def
+ by blast
+ have 2: "\<xi> (take m (take m x)) # drop m (take m x) = [\<xi> (take m x)]"
+ using 0 1
+ by (metis add.commute add.right_neutral append.right_neutral append_take_drop_id take0 take_drop)
+ show "x \<in> cartesian_product (partial_pullback m \<xi> 0 S) (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"
+ apply(rule cartesian_product_memI[of _ Q\<^sub>p m _ 1])
+ apply (metis add_cancel_right_right partial_pullback_closed)
+ apply blast
+ apply(rule partial_pullback_memI[of _ m 0 \<xi> S]) using 0
+ apply (metis Nat.add_0_right le_iff_add take_closed)
+ using 2 apply (metis (no_types, lifting) "1" add.commute add.right_neutral assms(2) cartesian_product_memE(1) list.inject plus_1_eq_Suc take_Suc_Cons take_drop)
+ using 0 cartesian_power_drop by blast
+ qed
+qed
+
+lemma cartesian_product_swap:
+ assumes "A \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "B \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ assumes "is_semialgebraic (m+n) (cartesian_product A B)"
+ shows "is_semialgebraic (m+n) (cartesian_product B A)"
+proof-
+ obtain f where f_def: "f = (\<lambda>i. (if i < m then n + i else (if i < m+n then i - m else i)))"
+ by blast
+ have 0: "\<And>i. i \<in> {..<m} \<longrightarrow> f i \<in> {n..<m+n}"
+ unfolding f_def by simp
+ have 1: "\<And>i. i \<in> {m..<m+n} \<longrightarrow> f i \<in> {..<n}"
+ unfolding f_def by (simp add: less_diff_conv2)
+ have 2: "\<And>i. i \<notin> {..<m + n} \<longrightarrow> f i \<notin> {..<m + n}"
+ unfolding f_def by simp
+ have f_permutes: "f permutes {..<m+n}"
+ unfolding permutes_def
+ proof
+ show "\<forall>x. x \<notin> {..<m + n} \<longrightarrow> f x = x"
+ unfolding f_def by simp
+ show "\<forall>y. \<exists>!x. f x = y"
+ proof fix y
+ show "\<exists>!x. f x = y"
+ proof(cases "y < n")
+ case True
+ have T0: "f (y+m) = y"
+ unfolding f_def using True
+ by simp
+ have "\<And>i. f i = y \<Longrightarrow> i \<in> {m..<m+n}"
+ using 0 1 2 True f_def nat_neq_iff by fastforce
+ hence "\<And>i. f i = y \<Longrightarrow> i = y+m"
+ using T0 unfolding f_def by auto
+ thus ?thesis using T0 by blast
+ next
+ case False
+ show ?thesis
+ proof(cases "y \<in> {n..<m+n}")
+ case True
+ have T0: "f (y-n) = y"
+ using True unfolding f_def by auto
+ have "\<And>i. f i = y \<Longrightarrow> i \<in> {..<m}"
+ using 0 1 2 True f_def
+ by (metis False atLeastLessThan_iff diff_add_inverse2 diff_diff_cancel diff_le_self
+ lessThan_iff less_imp_diff_less linordered_semidom_class.add_diff_inverse nat_neq_iff not_add_less1)
+ hence "\<And>i. f i = y \<Longrightarrow> i = y- n"
+ using f_def by force
+ then show ?thesis using T0 by blast
+ next
+ case F: False
+ then show ?thesis using 0 1 2 unfolding f_def
+ using False add_diff_inverse_nat lessThan_iff by auto
+ qed
+ qed
+ qed
+ qed
+ have "permute_list f ` (cartesian_product A B) = (cartesian_product B A)"
+ proof
+ show "permute_list f ` cartesian_product A B \<subseteq> cartesian_product B A"
+ proof fix x assume A: " x \<in> permute_list f ` cartesian_product A B"
+ then obtain a b where ab_def: "a \<in> A \<and>b \<in> B \<and> x = permute_list f (a@b)"
+ by (metis (mono_tags, lifting) cartesian_product_memE' image_iff)
+ have 0: "x = permute_list f (a@b)"
+ using ab_def by blast
+ have 1: "length a = n"
+ using ab_def assms cartesian_power_car_memE[of a Q\<^sub>p n] by blast
+ have 2: "length b = m"
+ using ab_def assms cartesian_power_car_memE[of b Q\<^sub>p m] by blast
+ have 3: "length x = m + n"
+ using 1 2 0 f_permutes by simp
+ have 4: "\<And>i. i < m \<Longrightarrow> x ! i = (a@b) ! (f i)"
+ unfolding 0 using permute_list_nth
+ by (metis "0" "3" f_permutes length_permute_list trans_less_add1)
+ hence 5: "\<And>i. i < m \<Longrightarrow> x ! i = b!i"
+ unfolding f_def using 1 2
+ by (metis "4" f_def nth_append_length_plus)
+ have 6: "\<And>i. i \<in> {m..<m+n} \<Longrightarrow> x ! i = (a@b) ! (i - m)"
+ unfolding 0 using f_def permute_list_nth f_permutes
+ by (metis (no_types, lifting) "0" "3" atLeastLessThan_iff length_permute_list not_add_less2
+ ordered_cancel_comm_monoid_diff_class.diff_add)
+ have 7: "x = b@a"
+ proof(rule nth_equalityI)
+ show "length x = length (b @ a)"
+ using 1 2 3 by simp
+ show "\<And>i. i < length x \<Longrightarrow> x ! i = (b @ a) ! i"
+ unfolding 3 using 1 2 4 5
+ by (smt "0" add.commute add_diff_inverse_nat f_def f_permutes length_append nat_add_left_cancel_less nth_append permute_list_nth)
+ qed
+ show "x \<in> cartesian_product B A" unfolding 7 using ab_def unfolding cartesian_product_def by blast
+ qed
+ show "cartesian_product B A \<subseteq> permute_list f ` cartesian_product A B"
+ proof fix y assume A: "y \<in> cartesian_product B A"
+ then obtain b a where ab_def: "b \<in> B \<and> a \<in> A \<and> y = b@a"
+ using cartesian_product_memE' by blast
+ obtain x where 0: "x = permute_list f (a@b)"
+ by blast
+ have 1: "length a = n"
+ using ab_def assms cartesian_power_car_memE[of a Q\<^sub>p n] by blast
+ have 2: "length b = m"
+ using ab_def assms cartesian_power_car_memE[of b Q\<^sub>p m] by blast
+ have 3: "length x = m + n"
+ using 1 2 0 f_permutes by simp
+ have 4: "\<And>i. i < m \<Longrightarrow> x ! i = (a@b) ! (f i)"
+ unfolding 0 using permute_list_nth
+ by (metis "0" "3" f_permutes length_permute_list trans_less_add1)
+ hence 5: "\<And>i. i < m \<Longrightarrow> x ! i = b!i"
+ unfolding f_def using 1 2
+ by (metis "4" f_def nth_append_length_plus)
+ have 6: "\<And>i. i \<in> {m..<m+n} \<Longrightarrow> x ! i = (a@b) ! (i - m)"
+ unfolding 0 using f_def permute_list_nth f_permutes
+ by (metis (no_types, lifting) "0" "3" atLeastLessThan_iff length_permute_list not_add_less2
+ ordered_cancel_comm_monoid_diff_class.diff_add)
+ have 7: "x = b@a"
+ proof(rule nth_equalityI)
+ show "length x = length (b @ a)"
+ using 1 2 3 by simp
+ show "\<And>i. i < length x \<Longrightarrow> x ! i = (b @ a) ! i"
+ unfolding 3 using 1 2 4 5
+ by (smt "0" add.commute add_diff_inverse_nat f_def f_permutes length_append nat_add_left_cancel_less nth_append permute_list_nth)
+ qed
+ show "y \<in> permute_list f ` cartesian_product A B"
+ using ab_def 7 cartesian_product_memI'[of _ Q\<^sub>p] unfolding 0
+ by (metis assms(1) assms(2) image_eqI)
+ qed
+ qed
+ thus ?thesis using assms f_permutes permutation_is_semialgebraic
+ by metis
+qed
+
+lemma Qp_zero_subset_is_semialg:
+ assumes "S \<subseteq> carrier (Q\<^sub>p\<^bsup>0\<^esup>)"
+ shows "is_semialgebraic 0 S"
+proof(cases "S = {}")
+ case True
+ then show ?thesis
+ by (simp add: empty_is_semialgebraic)
+next
+ case False
+ then have "S = carrier (Q\<^sub>p\<^bsup>0\<^esup>)"
+ using assms unfolding Qp_zero_carrier by blast
+ then show ?thesis
+ by (simp add: carrier_is_semialgebraic)
+qed
+
+lemma cartesian_product_empty_list:
+"cartesian_product A {[]} = A"
+"cartesian_product {[]} A = A"
+proof
+ show "cartesian_product A {[]} \<subseteq> A"
+ apply(rule subsetI)
+ unfolding cartesian_product_def
+ by (smt append_Nil2 empty_iff insert_iff mem_Collect_eq)
+ show "A \<subseteq> cartesian_product A {[]}"
+ apply(rule subsetI)
+ unfolding cartesian_product_def
+ by (smt append_Nil2 empty_iff insert_iff mem_Collect_eq)
+ show "cartesian_product {[]} A = A"
+ proof
+ show "cartesian_product {[]} A \<subseteq> A"
+ apply(rule subsetI)
+ unfolding cartesian_product_def
+ by (smt append_self_conv2 bex_empty insert_compr mem_Collect_eq)
+ show "A \<subseteq> cartesian_product {[]} A"
+ apply(rule subsetI)
+ unfolding cartesian_product_def
+ by blast
+ qed
+qed
+
+lemma cartesian_product_singleton_factor_projection_is_semialg':
+ assumes "A \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ assumes "b \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "is_semialgebraic (m+n) (cartesian_product A {b})"
+ shows "is_semialgebraic m A"
+proof(cases "n > 0")
+ case True
+ show ?thesis
+ proof(cases "m > 0")
+ case T: True
+ then show ?thesis
+ using assms True cartesian_product_singleton_factor_projection_is_semialg by blast
+ next
+ case False
+ then show ?thesis using Qp_zero_subset_is_semialg assms by blast
+ qed
+next
+ case False
+ then have F0: "b = []"
+ using assms Qp_zero_carrier by blast
+ have "cartesian_product A {b} = A"
+ unfolding F0
+ by (simp add: cartesian_product_empty_list(1))
+ then show ?thesis using assms False
+ by (metis add.right_neutral gr0I)
+qed
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection \<open>More on graphs of functions\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+text\<open>This section lays the groundwork for showing that semialgebraic functions are closed under
+ various algebraic operations\<close>
+
+text\<open>The take and drop functions on lists are polynomial maps\<close>
+
+lemma function_restriction:
+ assumes "g \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> S"
+ assumes "n \<le> k"
+ shows "(g \<circ> (take n)) \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<rightarrow> S"
+proof fix x
+ assume "x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ then have "take n x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using assms(2) take_closed
+ by blast
+ then show "(g \<circ> take n) x \<in> S"
+ using assms comp_apply
+ by (metis Pi_iff comp_def)
+qed
+
+lemma partial_pullback_restriction:
+ assumes "g \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "n < k"
+ shows "partial_pullback k (g \<circ> take n) m S =
+ split_cartesian_product (n + m) (k - n) n (partial_pullback n g m S) (carrier (Q\<^sub>p\<^bsup>k - n\<^esup>))"
+proof(rule equalityI)
+ show "partial_pullback k (g \<circ> take n) m S \<subseteq> split_cartesian_product (n + m) (k - n) n (partial_pullback n g m S) (carrier (Q\<^sub>p\<^bsup>k - n\<^esup>))"
+ proof fix x assume A: "x \<in> partial_pullback k (g \<circ> take n) m S"
+ obtain as bs where asbs_def: "x = as@bs \<and> as \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<and> bs \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using partial_pullback_memE[of x k "g \<circ> take n" m S] A cartesian_power_decomp[of x Q\<^sub>p k m]
+ by metis
+ have 0: "((g \<circ> (take n)) as)#bs \<in> S"
+ using asbs_def partial_pullback_memE'[of as k bs m x] A
+ by blast
+ have 1: "(g (take n as))#bs \<in> S"
+ using 0
+ by (metis comp_apply)
+ have 2: "take n as @ bs \<in> carrier (Q\<^sub>p\<^bsup>n+m\<^esup>)"
+ by (meson asbs_def assms(2) cartesian_power_concat(1) less_imp_le_nat take_closed)
+ have 3: "(take n as)@bs \<in> (partial_pullback n g m S)"
+ using 1 2 partial_pullback_memI[of "(take n as)@bs" n m g S]
+ by (metis (mono_tags, opaque_lifting) asbs_def assms(2) local.partial_image_def nat_less_le
+ partial_image_eq subsetD subset_refl take_closed)
+ have 4: "drop n as \<in> (carrier (Q\<^sub>p\<^bsup>k - n\<^esup>))"
+ using asbs_def assms(2) drop_closed
+ by blast
+ show " x \<in> split_cartesian_product (n + m) (k - n) n (partial_pullback n g m S) (carrier (Q\<^sub>p\<^bsup>k - n\<^esup>))"
+ using split_cartesian_product_memI[of "take n as" bs
+ "partial_pullback n g m S" "drop n as"
+ "carrier (Q\<^sub>p\<^bsup>k - n\<^esup>)" Q\<^sub>p "n + m" "k - n" n ] 4
+ by (metis (no_types, lifting) "3" append.assoc append_take_drop_id
+ asbs_def assms(2) cartesian_power_car_memE less_imp_le_nat partial_pullback_memE(1)
+ subsetI take_closed)
+ qed
+ show "split_cartesian_product (n + m) (k - n) n (partial_pullback n g m S) (carrier (Q\<^sub>p\<^bsup>k - n\<^esup>)) \<subseteq> partial_pullback k (g \<circ> take n) m S"
+ proof fix x assume A: "x \<in> split_cartesian_product (n + m) (k - n) n (partial_pullback n g m S) (carrier (Q\<^sub>p\<^bsup>k - n\<^esup>))"
+ show "x \<in> partial_pullback k (g \<circ> take n) m S"
+ proof(rule partial_pullback_memI)
+ have 0: "(partial_pullback n g m S) \<subseteq> carrier (Q\<^sub>p\<^bsup>n+m\<^esup>)"
+ using partial_pullback_closed by blast
+ then have "split_cartesian_product (n + m) (k - n) n (partial_pullback n g m S) (carrier (Q\<^sub>p\<^bsup>k - n\<^esup>)) \<subseteq> carrier (Q\<^sub>p\<^bsup>n + m + (k - n)\<^esup>)"
+ using assms A split_cartesian_product_closed[of "partial_pullback n g m S" Q\<^sub>p "n + m"
+ "carrier (Q\<^sub>p\<^bsup>k - n\<^esup>)" "k - n" n]
+ using le_add1 by blast
+ then show P: "x \<in> carrier (Q\<^sub>p\<^bsup>k+m\<^esup>)"
+ by (smt A Nat.add_diff_assoc2 add.commute add_diff_cancel_left' assms(2) le_add1 less_imp_le_nat subsetD)
+ have "take n x @ drop (n + (k - n)) x \<in> partial_pullback n g m S"
+ using 0 A split_cartesian_product_memE[of x "n + m" "k - n" n "partial_pullback n g m S" "carrier (Q\<^sub>p\<^bsup>k - n\<^esup>)" Q\<^sub>p]
+ le_add1 by blast
+ have 1: "g (take n x) # drop k x \<in> S"
+ using partial_pullback_memE
+ by (metis (no_types, lifting) \<open>take n x @ drop (n + (k - n)) x \<in> partial_pullback n g m S\<close>
+ \<open>x \<in> carrier (Q\<^sub>p\<^bsup>k+m\<^esup>)\<close> add.assoc assms(2) cartesian_power_drop le_add1
+ le_add_diff_inverse less_imp_le_nat partial_pullback_memE' take_closed)
+ have 2: "g (take n x) = (g \<circ> take n) (take k x)"
+ using assms P comp_apply[of g "take n" "take k x"]
+ by (metis add.commute append_same_eq append_take_drop_id less_imp_add_positive take_add take_drop)
+ then show "(g \<circ> take n) (take k x) # drop k x \<in> S"
+ using "1" by presburger
+ qed
+ qed
+qed
+
+lemma comp_take_is_semialg:
+ assumes "is_semialg_function n g"
+ assumes "n < k"
+ assumes "0 < n"
+ shows "is_semialg_function k (g \<circ> (take n))"
+proof(rule is_semialg_functionI)
+ show "g \<circ> take n \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ using assms function_restriction[of g n "carrier Q\<^sub>p" k] dual_order.strict_implies_order
+ is_semialg_function_closed
+ by blast
+ show "\<And>ka S. S \<in> semialg_sets (1 + ka) \<Longrightarrow> is_semialgebraic (k + ka) (partial_pullback k (g \<circ> take n) ka S)"
+ proof- fix l S assume A: "S \<in> semialg_sets (1 + l)"
+ have 0: "is_semialgebraic (n + l) (partial_pullback n g l S) "
+ using assms A is_semialg_functionE is_semialgebraicI
+ by blast
+ have "is_semialgebraic (n + l + (k - n)) (split_cartesian_product (n + l) (k - n) n (partial_pullback n g l S) (carrier (Q\<^sub>p\<^bsup>k - n\<^esup>)))"
+ using A 0 split_cartesian_product_is_semialgebraic[of _ _
+ "partial_pullback n g l S" _ "carrier (Q\<^sub>p\<^bsup>k - n\<^esup>)"]
+ add_gr_0 assms(2) assms(3) carrier_is_semialgebraic le_add1 zero_less_diff
+ by presburger
+ then show "is_semialgebraic (k + l) (partial_pullback k (g \<circ> take n) l S)"
+ using partial_pullback_restriction[of g n k l S]
+ by (metis (no_types, lifting) add.assoc add.commute assms(1) assms(2) is_semialg_function_closed le_add_diff_inverse less_imp_le_nat)
+ qed
+qed
+
+text\<open>Restriction of a graph to a semialgebraic domain\<close>
+
+lemma graph_formula:
+ assumes "g \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ shows "graph n g = {as \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>). g (take n as) = as!n}"
+ using assms graph_memI fun_graph_def[of Q\<^sub>p n g]
+ by (smt Collect_cong Suc_eq_plus1 graph_memE(1) graph_mem_closed mem_Collect_eq)
+
+definition restricted_graph where
+"restricted_graph n g S = {as \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>). take n as \<in> S \<and> g (take n as) = as!n }"
+
+lemma restricted_graph_closed:
+ "restricted_graph n g S \<subseteq> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)"
+ by (metis (no_types, lifting) mem_Collect_eq restricted_graph_def subsetI)
+
+lemma restricted_graph_memE:
+ assumes "a \<in> restricted_graph n g S"
+ shows "a \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)" "take n a \<in> S" "g (take n a) = a!n"
+ using assms
+ using restricted_graph_closed apply blast
+ apply (metis (no_types, lifting) assms mem_Collect_eq restricted_graph_def)
+ using assms unfolding restricted_graph_def
+ by blast
+
+lemma restricted_graph_mem_formula:
+ assumes "a \<in> restricted_graph n g S"
+ shows "a = (take n a)@[g (take n a)]"
+proof-
+ have "length a = Suc n"
+ using assms
+ by (metis (no_types, lifting) cartesian_power_car_memE mem_Collect_eq restricted_graph_def)
+ then have "a = (take n a)@[a!n]"
+ by (metis append_eq_append_conv_if hd_drop_conv_nth lessI take_hd_drop)
+ then show ?thesis
+ by (metis assms restricted_graph_memE(3))
+qed
+
+lemma restricted_graph_memI:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)"
+ assumes "take n a \<in> S"
+ assumes "g (take n a) = a!n"
+ shows "a \<in> restricted_graph n g S"
+ using assms restricted_graph_def
+ by blast
+
+lemma restricted_graph_memI':
+ assumes "a \<in> S"
+ assumes "g \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "S \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "(a@[g a]) \<in> restricted_graph n g S"
+proof-
+ have "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using assms(1) assms(3) by blast
+ then have "g a \<in> carrier Q\<^sub>p"
+ using assms by blast
+ then have 0: "a @ [g a] \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)"
+ using assms
+ by (metis (no_types, lifting) add.commute cartesian_power_append plus_1_eq_Suc subsetD)
+ have 1: "take n (a @ [g a]) \<in> S"
+ using assms
+ by (metis (no_types, lifting) append_eq_conv_conj cartesian_power_car_memE subsetD)
+ show ?thesis
+ using assms restricted_graph_memI[of "a@[g a]" n S g]
+ by (metis "0" \<open>a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)\<close> append_eq_conv_conj cartesian_power_car_memE nth_append_length)
+qed
+
+lemma restricted_graph_subset:
+ assumes "g \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "S \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "restricted_graph n g S \<subseteq> graph n g"
+proof fix x assume A: "x \<in> restricted_graph n g S"
+ show "x \<in> graph n g"
+ apply(rule graph_memI)
+ using assms(1) apply blast
+ using A restricted_graph_memE(3) apply blast
+ by (metis A add.commute plus_1_eq_Suc restricted_graph_memE(1))
+qed
+
+lemma restricted_graph_subset':
+ assumes "g \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "S \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "restricted_graph n g S \<subseteq> cartesian_product S (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"
+proof fix a assume A: "a \<in> restricted_graph n g S"
+ then have "a = (take n a)@[g (take n a)]"
+ using restricted_graph_mem_formula by blast
+ then show "a \<in> cartesian_product S (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"
+ using cartesian_product_memI' A unfolding restricted_graph_def
+ by (metis (mono_tags, lifting) assms(2) last_closed' mem_Collect_eq subsetI Qp.to_R1_closed)
+qed
+
+lemma restricted_graph_intersection:
+ assumes "g \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "S \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "restricted_graph n g S = graph n g \<inter> (cartesian_product S (carrier (Q\<^sub>p\<^bsup>1\<^esup>)))"
+proof
+ show "restricted_graph n g S \<subseteq> graph n g \<inter> cartesian_product S (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"
+ using assms restricted_graph_subset restricted_graph_subset'
+ by (meson Int_subset_iff)
+ show "graph n g \<inter> cartesian_product S (carrier (Q\<^sub>p\<^bsup>1\<^esup>)) \<subseteq> restricted_graph n g S"
+ proof fix x assume A: " x \<in> graph n g \<inter> cartesian_product S (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"
+ show "x \<in> restricted_graph n g S"
+ apply(rule restricted_graph_memI)
+ using A graph_memE[of g n x]
+ apply (metis (no_types, lifting) Int_iff add.commute assms(1) graph_mem_closed plus_1_eq_Suc)
+ using A graph_memE[of g n x] cartesian_product_memE[of x S "carrier (Q\<^sub>p\<^bsup>1\<^esup>)" Q\<^sub>p n]
+ using assms(2) apply blast
+ using A graph_memE[of g n x] cartesian_product_memE[of x S "carrier (Q\<^sub>p\<^bsup>1\<^esup>)" Q\<^sub>p n]
+ using assms(1) by blast
+ qed
+ qed
+
+lemma restricted_graph_is_semialgebraic:
+ assumes "is_semialg_function n g"
+ assumes "is_semialgebraic n S"
+ shows "is_semialgebraic (n+1) (restricted_graph n g S)"
+proof-
+ have 0: "restricted_graph n g S = graph n g \<inter> (cartesian_product S (carrier (Q\<^sub>p\<^bsup>1\<^esup>)))"
+ using assms is_semialg_function_closed is_semialgebraic_closed
+ restricted_graph_intersection by presburger
+ have 1: "is_semialgebraic (n + 1) (graph n g)"
+ using assms semialg_graph
+ by blast
+ have 2: "is_semialgebraic (n + 1) (cartesian_product S (carrier (Q\<^sub>p\<^bsup>1\<^esup>)))"
+ using cartesian_product_is_semialgebraic[of n S 1 "carrier (Q\<^sub>p\<^bsup>1\<^esup>)"] assms
+ carrier_is_semialgebraic less_one
+ by presburger
+ then show ?thesis
+ using 0 1 2 intersection_is_semialg[of "n+1" "graph n g" "cartesian_product S (carrier (Q\<^sub>p\<^bsup>1\<^esup>))"]
+ by presburger
+qed
+
+lemma take_closed:
+ assumes "n \<le> k"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ shows "take n x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using assms take_closed
+ by blast
+
+lemma take_compose_closed:
+ assumes "g \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "n < k"
+ shows "g \<circ> take n \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+proof fix x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ then have "(take n x) \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using assms less_imp_le_nat take_closed
+ by blast
+ then have "g (take n x) \<in> carrier Q\<^sub>p"
+ using assms(1) by blast
+ then show "(g \<circ> take n) x \<in> carrier Q\<^sub>p"
+ using comp_apply[of g "take n" x]
+ by presburger
+qed
+
+lemma take_graph_formula:
+ assumes "g \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "n < k"
+ assumes "0 < n"
+ shows "graph k (g \<circ> (take n)) = {as \<in> carrier (Q\<^sub>p\<^bsup>k+1\<^esup>). g (take n as) = as!k}"
+proof-
+ have "\<And>as. as \<in> carrier (Q\<^sub>p\<^bsup>k+1\<^esup>) \<Longrightarrow> (g \<circ> take n) (take k as) = g (take n as) "
+ using assms comp_apply take_take[of n k]
+ proof -
+ fix as :: "((nat \<Rightarrow> int) \<times> (nat \<Rightarrow> int)) set list"
+ show "(g \<circ> take n) (take k as) = g (take n as)"
+ by (metis (no_types) \<open>n < k\<close> comp_eq_dest_lhs min.strict_order_iff take_take)
+ qed
+ then show ?thesis
+ using take_compose_closed[of g n k] assms comp_apply[of g "take n"] graph_formula[of "g \<circ> (take n)" k]
+ by (smt Collect_cong Suc_eq_plus1)
+qed
+
+lemma graph_memI':
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)"
+ assumes "take n a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "g (take n a) = a!n"
+ shows "a \<in> graph n g"
+ using assms fun_graph_def[of Q\<^sub>p n g]
+ by (smt cartesian_power_car_memE eq_imp_le lessI mem_Collect_eq take_Suc_conv_app_nth take_all)
+
+lemma graph_memI'':
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "g \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ shows "(a@[g a]) \<in> graph n g "
+ using assms fun_graph_def
+ by blast
+
+lemma graph_as_restricted_graph:
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ shows "graph n f = restricted_graph n f (carrier (Q\<^sub>p\<^bsup>n\<^esup>))"
+ apply(rule equalityI)
+ apply (metis Suc_eq_plus1 assms graph_memE(1) graph_memE(3) graph_mem_closed restricted_graph_memI subsetI)
+ by (simp add: assms restricted_graph_subset)
+
+definition double_graph where
+"double_graph n f g = {as \<in> carrier (Q\<^sub>p\<^bsup>n+2\<^esup>). f (take n as) = as!n \<and> g (take n as) = as!(n + 1)}"
+
+lemma double_graph_rep:
+ assumes "g \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ shows "double_graph n f g = restricted_graph (n + 1) (g \<circ> take n) (graph n f)"
+proof
+ show "double_graph n f g \<subseteq> restricted_graph (n + 1) (g \<circ> take n) (graph n f)"
+ proof fix x assume A: "x \<in> double_graph n f g"
+ then have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>n+2\<^esup>) \<and> f (take n x) = x!n \<and> g (take n x) = x!(n + 1)"
+ using double_graph_def by blast
+ have 1: "take (n+1) x \<in> graph n f"
+ apply(rule graph_memI)
+ using assms(2) apply blast
+ apply (metis "0" append_eq_conv_conj cartesian_power_car_memE le_add1 length_take
+ less_add_same_cancel1 less_numeral_extra(1) min.absorb2 nth_take take_add)
+ by (metis (no_types, opaque_lifting) "0" Suc_eq_plus1 Suc_n_not_le_n add_cancel_right_right
+ dual_order.antisym le_iff_add not_less_eq_eq one_add_one plus_1_eq_Suc take_closed)
+ show " x \<in> restricted_graph (n + 1) (g \<circ> take n) (graph n f)"
+ apply(rule restricted_graph_memI)
+ apply (metis "0" One_nat_def add_Suc_right numeral_2_eq_2)
+ using "1" apply blast
+ using 0 take_take[of n "n + 1" x] comp_apply
+ by (metis le_add1 min.absorb1)
+ qed
+ show "restricted_graph (n + 1) (g \<circ> take n) (graph n f) \<subseteq> double_graph n f g"
+ proof fix x
+ assume A: "x \<in> restricted_graph (n + 1) (g \<circ> take n) (graph n f)"
+ then have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>Suc (n + 1)\<^esup>) \<and> take (n + 1) x \<in> graph n f \<and> (g \<circ> take n) (take (n + 1) x) = x ! (n + 1)"
+ using restricted_graph_memE[of x "n+1" "(g \<circ> take n)" "graph n f" ]
+ by blast
+ then have 1: "x \<in> carrier (Q\<^sub>p\<^bsup>n+2\<^esup>)"
+ using 0
+ by (metis Suc_1 add_Suc_right)
+ have 2: " f (take n x) = x ! n"
+ using 0 take_take[of n "n + 1" x] graph_memE[of f n "take (n + 1) x"]
+ by (metis assms(2) le_add1 less_add_same_cancel1 less_numeral_extra(1) min.absorb1 nth_take)
+ have 3: "g (take n x) = x ! (n + 1)"
+ using 0 comp_apply take_take[of n "n + 1" x]
+ by (metis le_add1 min.absorb1)
+ then show "x \<in> double_graph n f g"
+ unfolding double_graph_def using 1 2 3
+ by blast
+ qed
+qed
+
+lemma double_graph_is_semialg:
+ assumes "n > 0"
+ assumes "is_semialg_function n f"
+ assumes "is_semialg_function n g"
+ shows "is_semialgebraic (n+2) (double_graph n f g)"
+ using double_graph_rep[of g n f] assms restricted_graph_is_semialgebraic[of n "g \<circ> take n" "graph n f"]
+ by (metis (no_types, lifting) Suc_eq_plus1 add_Suc_right is_semialg_function_closed
+ less_add_same_cancel1 less_numeral_extra(1) one_add_one restricted_graph_is_semialgebraic
+ comp_take_is_semialg semialg_graph)
+
+definition add_vars :: "nat \<Rightarrow> nat \<Rightarrow> padic_tuple \<Rightarrow> padic_number" where
+"add_vars i j as = as!i \<oplus>\<^bsub>Q\<^sub>p\<^esub> as!j"
+
+lemma add_vars_rep:
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "i < n"
+ assumes "j < n"
+ shows "add_vars i j as = Qp_ev ((pvar Q\<^sub>p i) \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> (pvar Q\<^sub>p j)) as"
+ unfolding add_vars_def
+ using assms eval_at_point_add[of as n "pvar Q\<^sub>p i" "pvar Q\<^sub>p j"]
+ eval_pvar by (metis pvar_closed)
+
+lemma add_vars_is_semialg:
+ assumes "i < n"
+ assumes "j < n"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "is_semialg_function n (add_vars i j)"
+proof-
+ have "pvar Q\<^sub>p i \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> pvar Q\<^sub>p j \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ using assms pvar_closed[of ]
+ by blast
+ then have "is_semialg_function n (Qp_ev (pvar Q\<^sub>p i \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> pvar Q\<^sub>p j))"
+ using assms poly_is_semialg[of "(pvar Q\<^sub>p i) \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> (pvar Q\<^sub>p j)"]
+ by blast
+ then show ?thesis
+ using assms add_vars_rep
+ semialg_function_on_carrier[of n "Qp_ev ((pvar Q\<^sub>p i) \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> (pvar Q\<^sub>p j))" "add_vars i j" ]
+ by (metis (no_types, lifting) restrict_ext)
+qed
+
+definition mult_vars :: "nat \<Rightarrow> nat \<Rightarrow> padic_tuple \<Rightarrow> padic_number" where
+"mult_vars i j as = as!i \<otimes> as!j"
+
+lemma mult_vars_rep:
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "i < n"
+ assumes "j < n"
+ shows "mult_vars i j as = Qp_ev ((pvar Q\<^sub>p i) \<otimes>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> (pvar Q\<^sub>p j)) as"
+ unfolding mult_vars_def
+ using assms eval_at_point_mult[of as n "pvar Q\<^sub>p i" "pvar Q\<^sub>p j"]
+ eval_pvar[of i n as] eval_pvar[of j n as ]
+ by (metis pvar_closed)
+
+lemma mult_vars_is_semialg:
+ assumes "i < n"
+ assumes "j < n"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "is_semialg_function n (mult_vars i j)"
+proof-
+ have "pvar Q\<^sub>p i \<otimes>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> pvar Q\<^sub>p j \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ using assms pvar_closed[of ]
+ by blast
+ then have "is_semialg_function n (Qp_ev (pvar Q\<^sub>p i \<otimes>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> pvar Q\<^sub>p j))"
+ using assms poly_is_semialg[of "(pvar Q\<^sub>p i) \<otimes>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> (pvar Q\<^sub>p j)"]
+ by blast
+ then show ?thesis
+ using assms mult_vars_rep
+ semialg_function_on_carrier[of n "Qp_ev ((pvar Q\<^sub>p i) \<otimes>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> (pvar Q\<^sub>p j))" "mult_vars i j" ]
+ by (metis (no_types, lifting) restrict_ext)
+qed
+
+definition minus_vars :: "nat \<Rightarrow> padic_tuple \<Rightarrow> padic_number" where
+"minus_vars i as = \<ominus>\<^bsub>Q\<^sub>p\<^esub> as!i"
+
+lemma minus_vars_rep:
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "i < n"
+ shows "minus_vars i as = Qp_ev (\<ominus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub>(pvar Q\<^sub>p i)) as"
+ unfolding minus_vars_def
+ using assms eval_pvar[of i n as] eval_at_point_a_inv[of as n "pvar Q\<^sub>p i"]
+ by (metis pvar_closed)
+
+lemma minus_vars_is_semialg:
+ assumes "i < n"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "is_semialg_function n (minus_vars i)"
+proof-
+ have 0: "pvar Q\<^sub>p i \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ using assms pvar_closed[of ] Qp.cring_axioms by presburger
+ have "is_semialg_function n (Qp_ev (\<ominus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub>(pvar Q\<^sub>p i)))"
+ apply(rule poly_is_semialg )
+ using "0" by blast
+ then show ?thesis
+ using assms minus_vars_rep[of a i n]
+ semialg_function_on_carrier[of n _ "minus_vars i" ]
+ by (metis (no_types, lifting) minus_vars_rep restrict_ext)
+qed
+
+definition extended_graph where
+"extended_graph n f g h = {as \<in> carrier (Q\<^sub>p\<^bsup>n+3\<^esup>).
+ f (take n as) = as!n \<and> g (take n as) = as! (n + 1) \<and> h [(f (take n as)),(g (take n as))] = as! (n + 2) }"
+
+lemma extended_graph_rep:
+"extended_graph n f g h = restricted_graph (n + 2) (h \<circ> (drop n)) (double_graph n f g)"
+proof
+ show "extended_graph n f g h \<subseteq> restricted_graph (n + 2) (h \<circ> drop n) (double_graph n f g)"
+ proof fix x
+ assume "x \<in> extended_graph n f g h"
+ then have A: "x \<in> carrier (Q\<^sub>p\<^bsup>n+3\<^esup>) \<and>f (take n x) = x!n \<and> g (take n x) = x! (n + 1) \<and>
+ h [(f (take n x)),(g (take n x))] = x! (n + 2)"
+ unfolding extended_graph_def by blast
+ then have 0: "take (n + 2) x \<in> carrier (Q\<^sub>p\<^bsup>n+2\<^esup>)"
+ proof -
+ have "Suc (Suc n) \<le> n + numeral (num.One + num.Bit0 num.One)"
+ by simp
+ then show ?thesis
+ by (metis (no_types) \<open>x \<in> carrier (Q\<^sub>p\<^bsup>n+3\<^esup>) \<and> f (take n x) = x ! n \<and> g (take n x) = x ! (n + 1) \<and> h [f (take n x), g (take n x)] = x ! (n + 2)\<close> add_2_eq_Suc' add_One_commute semiring_norm(5) take_closed)
+ qed
+ have 1: "f (take n (take (n + 2) x)) = (take (n + 2) x) ! n"
+ using A
+ by (metis Suc_1 add.commute append_same_eq append_take_drop_id
+ less_add_same_cancel1 nth_take take_add take_drop zero_less_Suc)
+ have 2: " g (take n (take (n + 2) x)) = (take (n + 2) x) ! (n + 1)"
+ using A
+ by (smt add.assoc add.commute append_same_eq append_take_drop_id less_add_same_cancel1
+ less_numeral_extra(1) nth_take one_add_one take_add take_drop)
+ then have 3: "take (n + 2) x \<in> double_graph n f g"
+ unfolding double_graph_def
+ using 0 1 2
+ by blast
+ have 4: "drop n (take (n + 2) x) = [(f (take n x)),(g (take n x))]"
+ proof-
+ have 40: "take (n + 2) x ! (n + 1) = x! (n + 1)"
+ by (metis add.commute add_2_eq_Suc' lessI nth_take plus_1_eq_Suc)
+ have 41: "take (n + 2) x ! n = x! n"
+ by (metis Suc_1 less_SucI less_add_same_cancel1 less_numeral_extra(1) nth_take)
+ have 42: "take (n + 2) x ! (n + 1) = g (take n x)"
+ using 40 A
+ by blast
+ have 43: "take (n + 2) x ! n = f (take n x)"
+ using 41 A
+ by blast
+ show ?thesis using A 42 43
+ by (metis "0" add_cancel_right_right cartesian_power_car_memE cartesian_power_drop
+ le_add_same_cancel1 nth_drop pair_id zero_le_numeral)
+ qed
+ then have 5: "(h \<circ> drop n) (take (n + 2) x) = x ! (n + 2)"
+ using 3 A
+ by (metis add_2_eq_Suc' comp_eq_dest_lhs)
+ show "x \<in> restricted_graph (n + 2) (h \<circ> drop n) (double_graph n f g)"
+ using restricted_graph_def A 3 5
+ by (metis (no_types, lifting) One_nat_def Suc_1
+ add_Suc_right numeral_3_eq_3 restricted_graph_memI)
+ qed
+ show "restricted_graph (n + 2) (h \<circ> drop n) (double_graph n f g) \<subseteq> extended_graph n f g h"
+ proof fix x assume A: "x \<in> restricted_graph (n + 2) (h \<circ> drop n) (double_graph n f g)"
+ then have 0: "take (n+2) x \<in> double_graph n f g"
+ using restricted_graph_memE(2) by blast
+ have 1: "(h \<circ> drop n) (take (n+2) x) = x! (n+2) "
+ by (meson A restricted_graph_memE(3) padic_fields_axioms)
+ have 2: "x \<in> carrier (Q\<^sub>p\<^bsup>n+3\<^esup>)"
+ using A
+ by (metis (no_types, opaque_lifting) Suc3_eq_add_3 add.commute add_2_eq_Suc'
+ restricted_graph_closed subsetD)
+ have 3: "length x = n + 3"
+ using "2" cartesian_power_car_memE by blast
+ have 4: "drop n (take (n+2) x) = [x!n, x!(n+1)]"
+ proof-
+ have "length (take (n+2) x) = n+2"
+ by (simp add: "3")
+ then have 40:"length (drop n (take (n+2) x)) = 2"
+ by (metis add_2_eq_Suc' add_diff_cancel_left' length_drop)
+ have 41: "(drop n (take (n+2) x))!0 = x!n"
+ using 3
+ by (metis Nat.add_0_right \<open>length (take (n + 2) x) = n + 2\<close> add_gr_0 le_add1 less_add_same_cancel1 less_numeral_extra(1) nth_drop nth_take one_add_one)
+ have 42: "(drop n (take (n+2) x))!1 = x!(n+1)"
+ using 3 nth_take nth_drop A
+ by (metis add.commute le_add1 less_add_same_cancel1 less_numeral_extra(1) one_add_one take_drop)
+ show ?thesis
+ using 40 41 42
+ by (metis pair_id)
+ qed
+ have "(take n x) = take n (take (n+2) x)"
+ using take_take 3
+ by (metis le_add1 min.absorb1)
+ then have 5: "f (take n x) = x ! n"
+ using 0 double_graph_def[of n f g] 3
+ by (smt Suc_1 less_add_same_cancel1 mem_Collect_eq nth_take zero_less_Suc)
+ have 6: "g (take n x) = x ! (n + 1) "
+ using 0 double_graph_def[of n f g] 3 take_take[of n "n+2" x]
+ by (smt Suc_1 \<open>take n x = take n (take (n + 2) x)\<close> add_Suc_right lessI mem_Collect_eq nth_take)
+ have 7: " h [f (take n x), g (take n x)] = x ! (n + 2)"
+ using 4 A comp_apply
+ by (metis "1" "5" "6")
+ show " x \<in> extended_graph n f g h"
+ unfolding extended_graph_def
+ using 2 5 6 7 A
+ by blast
+ qed
+qed
+
+lemma function_tuple_eval_closed:
+ assumes "is_function_tuple Q\<^sub>p n fs"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "function_tuple_eval Q\<^sub>p n fs x \<in> carrier (Q\<^sub>p\<^bsup>length fs\<^esup>)"
+ using function_tuple_eval_closed[of Q\<^sub>p n fs x] assms by blast
+
+definition k_graph where
+"k_graph n fs = {x \<in> carrier (Q\<^sub>p\<^bsup>n + length fs\<^esup>). x = (take n x)@ (function_tuple_eval Q\<^sub>p n fs (take n x)) }"
+
+lemma k_graph_memI:
+ assumes "is_function_tuple Q\<^sub>p n fs"
+ assumes "x = as@function_tuple_eval Q\<^sub>p n fs as"
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "x \<in> k_graph n fs"
+proof-
+ have "take n x = as"
+ using assms
+ by (metis append_eq_conv_conj cartesian_power_car_memE)
+ then show ?thesis unfolding k_graph_def using assms
+ by (smt append_eq_conv_conj cartesian_power_car_memE cartesian_power_car_memI'' length_append local.function_tuple_eval_closed mem_Collect_eq)
+qed
+
+text\<open>composing a function with a function tuple\<close>
+
+lemma Qp_function_tuple_comp_closed:
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "length fs = n"
+ assumes "is_function_tuple Q\<^sub>p m fs"
+ shows "function_tuple_comp Q\<^sub>p fs f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ using assms function_tuple_comp_closed
+ by blast
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>Tuples of Semialgebraic Functions\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+text\<open>Predicate for a tuple of semialgebraic functions\<close>
+
+definition is_semialg_function_tuple where
+"is_semialg_function_tuple n fs = (\<forall> f \<in> set fs. is_semialg_function n f)"
+
+lemma is_semialg_function_tupleI:
+ assumes "\<And> f. f \<in> set fs \<Longrightarrow> is_semialg_function n f"
+ shows "is_semialg_function_tuple n fs"
+ using assms is_semialg_function_tuple_def
+ by blast
+
+lemma is_semialg_function_tupleE:
+ assumes "is_semialg_function_tuple n fs"
+ assumes "i < length fs"
+ shows "is_semialg_function n (fs ! i)"
+ by (meson assms(1) assms(2) in_set_conv_nth is_semialg_function_tuple_def padic_fields_axioms)
+
+lemma is_semialg_function_tupleE':
+ assumes "is_semialg_function_tuple n fs"
+ assumes "f \<in> set fs"
+ shows "is_semialg_function n f"
+ using assms(1) assms(2) is_semialg_function_tuple_def
+ by blast
+
+lemma semialg_function_tuple_is_function_tuple:
+ assumes "is_semialg_function_tuple n fs"
+ shows "is_function_tuple Q\<^sub>p n fs"
+ apply(rule is_function_tupleI)
+ using assms is_semialg_function_closed is_semialg_function_tupleE' by blast
+
+lemma const_poly_function_tuple_comp_is_semialg:
+ assumes "n > 0"
+ assumes "is_semialg_function_tuple n fs"
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "is_semialg_function n (poly_function_tuple_comp Q\<^sub>p n fs (Qp_to_IP a))"
+ apply(rule semialg_function_on_carrier[of n "Qp_ev (Qp_to_IP a)"])
+ using poly_is_semialg[of "(Qp_to_IP a)"]
+ using assms(1) assms(3) Qp_to_IP_car apply blast
+ using poly_function_tuple_comp_eq[of n fs "(Qp_to_IP a)"] assms unfolding restrict_def
+ by (metis (no_types, opaque_lifting) eval_at_point_const poly_function_tuple_comp_constant semialg_function_tuple_is_function_tuple)
+
+lemma pvar_poly_function_tuple_comp_is_semialg:
+ assumes "n > 0"
+ assumes "is_semialg_function_tuple n fs"
+ assumes "i < length fs"
+ shows "is_semialg_function n (poly_function_tuple_comp Q\<^sub>p n fs (pvar Q\<^sub>p i))"
+ apply(rule semialg_function_on_carrier[of n "fs!i"])
+ using assms(2) assms(3) is_semialg_function_tupleE apply blast
+ by (metis assms(2) assms(3) poly_function_tuple_comp_pvar
+ restrict_ext semialg_function_tuple_is_function_tuple)
+
+text\<open>Polynomial functions with semialgebraic coefficients\<close>
+
+definition point_to_univ_poly :: "nat \<Rightarrow> padic_tuple \<Rightarrow> padic_univ_poly" where
+"point_to_univ_poly n a = ring_cfs_to_univ_poly n a"
+
+definition tuple_partial_image where
+"tuple_partial_image m fs x = (function_tuple_eval Q\<^sub>p m fs (take m x))@(drop m x)"
+
+lemma tuple_partial_image_closed:
+ assumes "length fs > 0"
+ assumes "is_function_tuple Q\<^sub>p n fs"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>)"
+ shows "tuple_partial_image n fs x \<in> carrier (Q\<^sub>p\<^bsup>length fs + l\<^esup>)"
+ using assms unfolding tuple_partial_image_def
+ by (meson cartesian_power_concat(1) cartesian_power_drop
+ function_tuple_eval_closed le_add1 take_closed)
+
+lemma tuple_partial_image_indices:
+ assumes "length fs > 0"
+ assumes "is_function_tuple Q\<^sub>p n fs"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>)"
+ assumes "i < length fs"
+ shows "(tuple_partial_image n fs x) ! i = (fs!i) (take n x)"
+proof-
+ have 0: "(function_tuple_eval Q\<^sub>p n fs (take n x)) ! i = (fs!i) (take n x)"
+ using assms unfolding function_tuple_eval_def
+ by (meson nth_map)
+ have 1: "length (function_tuple_eval Q\<^sub>p n fs (take n x)) > i"
+ by (metis assms(4) function_tuple_eval_def length_map)
+ show ?thesis
+ using 0 1 assms unfolding tuple_partial_image_def
+ by (metis nth_append)
+qed
+
+lemma tuple_partial_image_indices':
+ assumes "length fs > 0"
+ assumes "is_function_tuple Q\<^sub>p n fs"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>)"
+ assumes "i < l"
+ shows "(tuple_partial_image n fs x) ! (length fs + i) = x!(n + i)"
+ using assms unfolding tuple_partial_image_def
+ by (metis (no_types, lifting) cartesian_power_car_memE function_tuple_eval_closed le_add1
+ nth_append_length_plus nth_drop take_closed)
+
+definition tuple_partial_pullback where
+"tuple_partial_pullback n fs l S = ((tuple_partial_image n fs)-`S) \<inter> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>)"
+
+lemma tuple_partial_pullback_memE:
+ assumes "as \<in> tuple_partial_pullback m fs l S"
+ shows "as \<in> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)" "tuple_partial_image m fs as \<in> S"
+ using assms
+ apply (metis (no_types, opaque_lifting) Int_iff add.commute tuple_partial_pullback_def)
+ using assms unfolding tuple_partial_pullback_def
+ by blast
+
+lemma tuple_partial_pullback_closed:
+"tuple_partial_pullback m fs l S \<subseteq> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)"
+ using tuple_partial_pullback_memE by blast
+
+lemma tuple_partial_pullback_memI:
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>m + k\<^esup>)"
+ assumes "is_function_tuple Q\<^sub>p m fs"
+ assumes "((function_tuple_eval Q\<^sub>p m fs) (take m as))@(drop m as) \<in> S"
+ shows "as \<in> tuple_partial_pullback m fs k S"
+ using assms unfolding tuple_partial_pullback_def tuple_partial_image_def
+ by blast
+
+lemma tuple_partial_image_eq:
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "bs \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ assumes "x = as @ bs"
+ shows "tuple_partial_image n fs x = ((function_tuple_eval Q\<^sub>p n fs) as)@bs"
+proof-
+ have 0: "(take n x) = as"
+ by (metis append_eq_conv_conj assms(1) assms(3) cartesian_power_car_memE)
+ have 1: "drop n x = bs"
+ by (metis "0" append_take_drop_id assms(3) same_append_eq)
+ show ?thesis using assms 0 1 unfolding tuple_partial_image_def
+ by presburger
+qed
+
+lemma tuple_partial_pullback_memE':
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "bs \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ assumes "x = as @ bs"
+ assumes "x \<in> tuple_partial_pullback n fs k S"
+ shows "(function_tuple_eval Q\<^sub>p n fs as)@bs \<in> S"
+ using tuple_partial_pullback_memE[of x n fs k S] tuple_partial_image_def[of n fs x]
+ by (metis assms(1) assms(2) assms(3) assms(4) tuple_partial_image_eq)
+
+text\<open>tuple partial pullbacks have the same algebraic properties as pullbacks\<close>
+
+lemma tuple_partial_pullback_intersect:
+"tuple_partial_pullback m f l (S1 \<inter> S2) = (tuple_partial_pullback m f l S1) \<inter> (tuple_partial_pullback m f l S2)"
+ unfolding tuple_partial_pullback_def
+ by blast
+
+lemma tuple_partial_pullback_union:
+"tuple_partial_pullback m f l (S1 \<union> S2) = (tuple_partial_pullback m f l S1) \<union> (tuple_partial_pullback m f l S2)"
+ unfolding tuple_partial_pullback_def
+ by blast
+
+lemma tuple_partial_pullback_complement:
+ assumes "is_function_tuple Q\<^sub>p m fs"
+ shows "tuple_partial_pullback m fs l ((carrier (Q\<^sub>p\<^bsup>length fs + l\<^esup>)) - S) = carrier (Q\<^sub>p\<^bsup>m + l\<^esup>) - (tuple_partial_pullback m fs l S) "
+ apply(rule equalityI)
+ using tuple_partial_pullback_def[of m fs l "((carrier (Q\<^sub>p\<^bsup>length fs + l\<^esup>)) - S)"]
+ tuple_partial_pullback_def[of m fs l S]
+ apply blast
+proof fix x assume A: " x \<in> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>) - tuple_partial_pullback m fs l S"
+ show " x \<in> tuple_partial_pullback m fs l (carrier (Q\<^sub>p\<^bsup>length fs + l\<^esup>) - S) "
+ apply(rule tuple_partial_pullback_memI)
+ using A
+ apply blast
+ using assms
+ apply blast
+ proof
+ have 0: "drop m x \<in> carrier (Q\<^sub>p\<^bsup>l\<^esup>)"
+ by (meson A DiffD1 cartesian_power_drop)
+ have 1: "take m x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using A
+ by (meson DiffD1 le_add1 take_closed)
+ show "function_tuple_eval Q\<^sub>p m fs (take m x) @ drop m x
+ \<in> carrier (Q\<^sub>p\<^bsup>length fs + l\<^esup>)"
+ using 0 1 assms
+ using cartesian_power_concat(1) function_tuple_eval_closed by blast
+ show "function_tuple_eval Q\<^sub>p m fs (take m x) @ drop m x \<notin> S"
+ using A unfolding tuple_partial_pullback_def tuple_partial_image_def
+ by blast
+ qed
+qed
+
+lemma tuple_partial_pullback_carrier:
+ assumes "is_function_tuple Q\<^sub>p m fs"
+ shows "tuple_partial_pullback m fs l (carrier (Q\<^sub>p\<^bsup>length fs + l\<^esup>)) = carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)"
+ apply(rule equalityI)
+ using tuple_partial_pullback_memE(1) apply blast
+proof fix x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)"
+ show "x \<in> tuple_partial_pullback m fs l (carrier (Q\<^sub>p\<^bsup>length fs + l\<^esup>))"
+ apply(rule tuple_partial_pullback_memI)
+ using A cartesian_power_drop[of x m l] take_closed assms
+ apply blast
+ using assms apply blast
+ proof-
+ have "function_tuple_eval Q\<^sub>p m fs (take m x) \<in> carrier (Q\<^sub>p\<^bsup>length fs\<^esup>)"
+ using A take_closed assms
+ function_tuple_eval_closed le_add1
+ by blast
+ then show "function_tuple_eval Q\<^sub>p m fs (take m x) @ drop m x
+ \<in> carrier (Q\<^sub>p\<^bsup>length fs + l\<^esup>)"
+ using cartesian_power_drop[of x m l] A cartesian_power_concat(1)
+ by blast
+ qed
+qed
+
+definition is_semialg_map_tuple where
+"is_semialg_map_tuple m fs = (is_function_tuple Q\<^sub>p m fs \<and>
+ (\<forall>l \<ge> 0. \<forall>S \<in> semialg_sets ((length fs) + l). is_semialgebraic (m + l) (tuple_partial_pullback m fs l S)))"
+
+lemma is_semialg_map_tuple_closed:
+ assumes "is_semialg_map_tuple m fs"
+ shows "is_function_tuple Q\<^sub>p m fs"
+ using is_semialg_map_tuple_def assms by blast
+
+lemma is_semialg_map_tupleE:
+ assumes "is_semialg_map_tuple m fs"
+ assumes "is_semialgebraic ((length fs) + l) S"
+ shows " is_semialgebraic (m + l) (tuple_partial_pullback m fs l S)"
+ using is_semialg_map_tuple_def[of m fs] assms is_semialgebraicE[of "((length fs) + l)" S]
+ by blast
+
+lemma is_semialg_map_tupleI:
+ assumes "is_function_tuple Q\<^sub>p m fs"
+ assumes "\<And>k S. S \<in> semialg_sets ((length fs) + k) \<Longrightarrow> is_semialgebraic (m + k) (tuple_partial_pullback m fs k S)"
+ shows "is_semialg_map_tuple m fs"
+ using assms unfolding is_semialg_map_tuple_def
+ by blast
+
+text\<open>Semialgebraicity for maps can be verified on basic semialgebraic sets\<close>
+
+lemma is_semialg_map_tupleI':
+ assumes "is_function_tuple Q\<^sub>p m fs"
+ assumes "\<And>k S. S \<in> basic_semialgs ((length fs) + k) \<Longrightarrow> is_semialgebraic (m + k) (tuple_partial_pullback m fs k S)"
+ shows "is_semialg_map_tuple m fs"
+ apply(rule is_semialg_map_tupleI)
+ using assms(1) apply blast
+proof-
+ show "\<And>k S. S \<in> semialg_sets ((length fs) + k) \<Longrightarrow> is_semialgebraic (m + k) (tuple_partial_pullback m fs k S)"
+ proof- fix k S assume A: "S \<in> semialg_sets ((length fs) + k)"
+ show "is_semialgebraic (m + k) (tuple_partial_pullback m fs k S)"
+ apply(rule gen_boolean_algebra.induct[of S "carrier (Q\<^sub>p\<^bsup>length fs + k\<^esup>)" "basic_semialgs ((length fs) + k)"])
+ using A unfolding semialg_sets_def
+ apply blast
+ using tuple_partial_pullback_carrier assms carrier_is_semialgebraic plus_1_eq_Suc apply presburger
+ using assms(1) assms(2) carrier_is_semialgebraic intersection_is_semialg tuple_partial_pullback_carrier tuple_partial_pullback_intersect apply presburger
+ using tuple_partial_pullback_union union_is_semialgebraic apply presburger
+ using assms(1) complement_is_semialg tuple_partial_pullback_complement plus_1_eq_Suc by presburger
+ qed
+qed
+
+text\<open>
+ The goal of this section is to show that tuples of semialgebraic functions are semialgebraic maps.
+\<close>
+
+text\<open>The function $(x_0, x, y) \mapsto (x_0, f(x), y)$\<close>
+
+definition twisted_partial_image where
+"twisted_partial_image n m f xs = (take n xs)@ partial_image m f (drop n xs)"
+
+text\<open>The set ${(x_0, x, y) \mid (x_0, f(x), y) \in S}$\<close>
+
+text\<open>Convention: a function which produces a subset of (Qp (i + j +k)) will receive the 3 arity
+parameters in sequence, at the very beginning of the function\<close>
+
+definition twisted_partial_pullback where
+"twisted_partial_pullback n m l f S = ((twisted_partial_image n m f)-`S) \<inter> carrier (Q\<^sub>p\<^bsup>n+m+l\<^esup>)"
+
+lemma twisted_partial_pullback_memE:
+ assumes "as \<in> twisted_partial_pullback n m l f S"
+ shows "as \<in> carrier (Q\<^sub>p\<^bsup>n+m+l\<^esup>)" "twisted_partial_image n m f as \<in> S"
+ using assms
+ apply (metis (no_types, opaque_lifting) Int_iff add.commute twisted_partial_pullback_def subset_iff)
+ using assms unfolding twisted_partial_pullback_def
+ by blast
+
+lemma twisted_partial_pullback_closed:
+"twisted_partial_pullback n m l f S \<subseteq> carrier (Q\<^sub>p\<^bsup>n+m+l\<^esup>)"
+ using twisted_partial_pullback_memE(1) by blast
+
+lemma twisted_partial_pullback_memI:
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n+m+l\<^esup>)"
+ assumes "(take n as)@((f (take m (drop n as)))#(drop (n + m) as)) \<in> S"
+ shows "as \<in> twisted_partial_pullback n m l f S"
+ using assms unfolding twisted_partial_pullback_def twisted_partial_image_def
+ by (metis (no_types, lifting) IntI add.commute drop_drop local.partial_image_def vimageI)
+
+lemma twisted_partial_image_eq:
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "bs \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ assumes "cs \<in> carrier (Q\<^sub>p\<^bsup>l\<^esup>)"
+ assumes "x = as @ bs @ cs"
+ shows "twisted_partial_image n m f x = as@((f bs)#cs)"
+proof-
+ have 0: "(take n x) = as"
+ by (metis append_eq_conv_conj assms(1) assms(4)
+ cartesian_power_car_memE)
+ have 1: "twisted_partial_image n m f x = as@(partial_image m f (bs@cs))"
+ using 0 assms twisted_partial_image_def
+ by (metis append_eq_conv_conj cartesian_power_car_memE)
+ have 2: "(partial_image m f (bs@cs)) = (f bs)#cs"
+ using partial_image_eq[of bs m cs l "bs@cs" f] assms
+ by blast
+ show ?thesis using assms 0 1 2
+ by (metis )
+qed
+
+lemma twisted_partial_pullback_memE':
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "bs \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ assumes "cs \<in> carrier (Q\<^sub>p\<^bsup>l\<^esup>)"
+ assumes "x = as @ bs @ cs"
+ assumes "x \<in> twisted_partial_pullback n m l f S"
+ shows "as@((f bs)#cs) \<in> S"
+ by (metis (no_types, lifting) assms(1) assms(2) assms(3) assms(4) assms(5)
+ twisted_partial_image_eq twisted_partial_pullback_memE(2))
+
+text\<open>partial pullbacks have the same algebraic properties as pullbacks\<close>
+
+text\<open>permutation which moves the entry at index \<open>i\<close> to 0\<close>
+
+definition twisting_permutation where
+"twisting_permutation (i::nat) = (\<lambda>j. if j < i then j + 1 else
+ (if j = i then 0 else j))"
+
+lemma twisting_permutation_permutes:
+ assumes "i < n"
+ shows "twisting_permutation i permutes {..<n}"
+proof-
+ have 0: "\<And>x. x > i \<Longrightarrow> twisting_permutation i x = x"
+ unfolding twisting_permutation_def
+ by auto
+ have 1: "(\<forall>x. x \<notin> {..<n} \<longrightarrow> twisting_permutation i x = x)"
+ using 0 assms
+ by auto
+ have 2: "(\<forall>y. \<exists>!x. twisting_permutation i x = y)"
+ proof fix y
+ show " \<exists>!x. twisting_permutation i x = y"
+ proof(cases "y = 0")
+ case True
+ show "\<exists>!x. twisting_permutation i x = y"
+ by (metis Suc_eq_plus1 True add_eq_0_iff_both_eq_0 less_nat_zero_code
+ nat_neq_iff twisting_permutation_def zero_neq_one)
+ next
+ case False
+ show ?thesis
+ proof(cases "y \<le>i")
+ case True
+ show ?thesis
+ proof
+ show "twisting_permutation i (y - 1) = y"
+ using True
+ by (metis False add.commute add_diff_inverse_nat diff_less gr_zeroI le_eq_less_or_eq
+ less_imp_diff_less less_one twisting_permutation_def)
+ show "\<And>x. twisting_permutation i x = y \<Longrightarrow> x = y - 1"
+ using True False twisting_permutation_def by force
+ qed
+ next
+ case F: False
+ then show ?thesis using False
+ unfolding twisting_permutation_def
+ by (metis add_leD1 add_leD2 add_le_same_cancel2 discrete le_numeral_extra(3)
+ less_imp_not_less )
+ qed
+ qed
+ qed
+ show ?thesis
+ using 1 2
+ by (simp add: permutes_def)
+qed
+
+lemma twisting_permutation_action:
+ assumes "length as = i"
+ shows "permute_list (twisting_permutation i) (b#(as@bs)) = as@(b#bs)"
+proof-
+ have 0: "length (permute_list (twisting_permutation i) (b#(as@bs))) = length (as@(b#bs))"
+ by (metis add.assoc length_append length_permute_list list.size(4))
+ have "\<And>j. j < length (as@(b#bs))
+ \<Longrightarrow> (permute_list (twisting_permutation i) (b#(as@bs))) ! j = (as@(b#bs)) ! j"
+ proof-
+ fix j assume A: "j < length (as@(b#bs))"
+ show "(permute_list (twisting_permutation i) (b#(as@bs))) ! j = (as@(b#bs)) ! j"
+ proof(cases "j < i")
+ case True
+ then have T0: "twisting_permutation i j = j + 1"
+ using twisting_permutation_def by auto
+ then have T1: "(b # as @ bs) ! twisting_permutation i j = as!j"
+ using assms
+ by (simp add: assms True nth_append)
+ have T2: "(permute_list (twisting_permutation i) (b # as @ bs)) ! j = as!j"
+ proof-
+ have "twisting_permutation i permutes {..<length (b # as @ bs)}"
+ by (metis (full_types) assms length_Cons length_append
+ not_add_less1 not_less_eq twisting_permutation_permutes)
+ then show ?thesis
+ using True permute_list_nth[of "twisting_permutation i" "b#(as@bs)" j ]
+ twisting_permutation_permutes[of i "length (b#(as@bs))"] assms
+ by (metis T0 T1 add_cancel_right_right lessThan_iff
+ permutes_not_in zero_neq_one)
+ qed
+ have T3: "(as @ b # bs) ! j = as!j"
+ using assms True
+ by (simp add: assms nth_append)
+ show "(permute_list (twisting_permutation i) (b #( as @ bs))) ! j = (as @ b # bs) ! j"
+ using T3 T2
+ by simp
+ next
+ case False
+ show ?thesis
+ proof(cases "j = i")
+ case True
+ then have T0: "twisting_permutation i j = 0"
+ using twisting_permutation_def by auto
+ then have T1: "(b # as @ bs) ! twisting_permutation i j = b"
+ using assms
+ by (simp add: assms True nth_append)
+ have T2: "(permute_list (twisting_permutation i) (b # as @ bs)) ! j = b"
+ proof-
+ have "twisting_permutation i permutes {..<length (b # as @ bs)}"
+ by (metis (full_types) assms length_Cons length_append
+ not_add_less1 not_less_eq twisting_permutation_permutes)
+ then show ?thesis
+ using True permute_list_nth[of "twisting_permutation i" "b#(as@bs)" j ]
+ twisting_permutation_permutes[of i "length (b#(as@bs))"] assms
+ by (metis "0" A T1 length_permute_list)
+ qed
+ have T3: "(as @ b # bs) ! j = b"
+ by (metis True assms nth_append_length)
+ show ?thesis
+ by (simp add: T2 T3)
+ next
+ case F: False
+ then have F0: "twisting_permutation i j = j"
+ by (simp add: False twisting_permutation_def)
+ then have F1: "(b # as @ bs) ! twisting_permutation i j = bs! (j - i - 1)"
+ using assms
+ by (metis (mono_tags, lifting) F False Suc_diff_1
+ cancel_ab_semigroup_add_class.diff_right_commute linorder_neqE_nat not_gr_zero
+ not_less_eq nth_Cons' nth_append)
+ have F2: "(permute_list (twisting_permutation i) (b # as @ bs)) ! j = bs ! (j - i - 1)"
+ using F1 assms permute_list_nth
+ by (metis A add_cancel_right_right append.assoc last_to_first_eq le_add1
+ le_eq_less_or_eq length_0_conv length_append length_permute_list list.distinct(1)
+ twisting_permutation_permutes)
+ have F3: "(as @ b # bs) ! j = bs!(j - i - 1)"
+ by (metis F False assms linorder_neqE_nat nth_Cons_pos nth_append zero_less_diff)
+ then show ?thesis
+ using F2 F3
+ by presburger
+ qed
+ qed
+ qed
+ then show ?thesis
+ using 0
+ by (metis nth_equalityI)
+qed
+
+lemma twisting_permutation_action':
+ assumes "length as = i"
+ shows "permute_list (fun_inv (twisting_permutation i)) (as@(b#bs)) = (b#(as@bs)) "
+proof-
+ obtain TI where TI_def: "TI = twisting_permutation i"
+ by blast
+ have 0: "TI permutes {..<length (as@(b#bs))}"
+ using assms TI_def twisting_permutation_permutes[of i "length (as@(b#bs))"]
+ by (metis add_diff_cancel_left' gr0I length_0_conv length_append list.distinct(1) zero_less_diff)
+ have 1: "(fun_inv TI) permutes {..<length (as@(b#bs))}"
+ by (metis "0" Nil_is_append_conv fun_inv_permute(1) length_greater_0_conv list.distinct(1))
+ have "permute_list (fun_inv (twisting_permutation i)) (as@(b#bs)) =
+ permute_list (fun_inv (twisting_permutation i)) (permute_list (twisting_permutation i) (b#(as@bs)))"
+ using twisting_permutation_action[of as i b bs] assms
+ by (simp add: \<open>length as = i\<close>)
+ then have "permute_list (fun_inv TI) (as@(b#bs)) =
+ permute_list ((fun_inv TI) \<circ> TI) (b#(as@bs))"
+ using 0 1
+ by (metis TI_def fun_inv_permute(2) fun_inv_permute(3) length_greater_0_conv
+ length_permute_list permute_list_compose)
+ then show ?thesis
+ by (metis "0" Nil_is_append_conv TI_def fun_inv_permute(3)
+ length_greater_0_conv list.distinct(1) permute_list_id)
+qed
+
+lemma twisting_semialg:
+ assumes "is_semialgebraic n S"
+ assumes "n > i"
+ shows "is_semialgebraic n ((permute_list ((twisting_permutation i)) ` S))"
+proof-
+ obtain TI where TI_def: "TI = twisting_permutation i"
+ by blast
+ have 0: "TI permutes {..<(n::nat)}"
+ using assms TI_def twisting_permutation_permutes[of i n]
+ by blast
+ have "(TI) permutes {..<n}"
+ using TI_def "0"
+ by auto
+ then show ?thesis
+ using assms permutation_is_semialgebraic[of n S "TI"] TI_def
+ by blast
+qed
+
+lemma twisting_semialg':
+ assumes "is_semialgebraic n S"
+ assumes "n > i"
+ shows "is_semialgebraic n ((permute_list (fun_inv (twisting_permutation i)) ` S))"
+proof-
+ obtain TI where TI_def: "TI = twisting_permutation i"
+ by blast
+ have 0: "TI permutes {..<(n::nat)}"
+ using assms TI_def twisting_permutation_permutes[of i n]
+ by blast
+ have "(fun_inv TI) permutes {..<n}" using 0 permutes_inv[of TI "{..<n}"]
+ unfolding fun_inv_def
+ by blast
+ then show ?thesis
+ using assms permutation_is_semialgebraic[of n S "fun_inv TI"] TI_def
+ by blast
+qed
+
+text\<open>Defining a permutation that does: $(x0, x1, y) \mapsto (x_1, x0, y)$\<close>
+
+definition tp_1 where
+"tp_1 i j = (\<lambda> n. (if n<i then j + n else
+ (if i \<le> n \<and> n < i + j then n - i else
+ n)))"
+lemma permutes_I:
+ assumes "\<And>x. x \<notin> S \<Longrightarrow> f x = x"
+ assumes "\<And>y. y \<in> S \<Longrightarrow> \<exists>!x \<in> S. f x = y"
+ assumes "\<And>x. x \<in> S \<Longrightarrow> f x \<in> S"
+ shows "f permutes S"
+proof-
+ have 0 : "(\<forall>x. x \<notin> S \<longrightarrow> f x = x) "
+ using assms(1) by blast
+ have 1: "(\<forall>y. \<exists>!x. f x = y)"
+ proof fix y
+ show "\<exists>!x. f x = y"
+ apply(cases "y \<in> S")
+ apply (metis "0" assms(2))
+ proof-
+ assume "y \<notin> S"
+ then show "\<exists>!x. f x = y"
+ by (metis assms(1) assms(3))
+ qed
+ qed
+ show ?thesis
+ using assms 1
+ unfolding permutes_def
+ by blast
+qed
+
+lemma tp_1_permutes:
+"(tp_1 (i::nat) j) permutes {..< i + j}"
+proof(rule permutes_I)
+ show "\<And>x. x \<notin> {..<i + j} \<Longrightarrow> tp_1 i j x = x"
+ proof- fix x assume A: "x \<notin> {..<i + j}"
+ then show "tp_1 i j x = x"
+ unfolding tp_1_def
+ by auto
+ qed
+ show "\<And>y. y \<in> {..<i + j} \<Longrightarrow> \<exists>!x. x \<in> {..<i + j} \<and> tp_1 i j x = y"
+ proof- fix y assume A: "y \<in> {..<i + j}"
+ show "\<exists>!x. x \<in> {..<i + j} \<and> tp_1 i j x = y"
+ proof(cases "y < j")
+ case True
+ then have 0:"tp_1 i j (y + i) = y"
+ by (simp add: tp_1_def)
+ have 1: "\<And>x. x \<noteq> y + i \<Longrightarrow> tp_1 i j x \<noteq> y"
+ proof- fix x assume A: " x \<noteq> y + i"
+ show "tp_1 i j x \<noteq> y"
+ apply(cases "x < j")
+ apply (metis A True add.commute le_add_diff_inverse le_eq_less_or_eq nat_neq_iff not_add_less1 tp_1_def trans_less_add2)
+ by (metis A True add.commute le_add_diff_inverse less_not_refl tp_1_def trans_less_add1)
+ qed
+ show ?thesis using 0 1
+ by (metis A \<open>\<And>x. x \<notin> {..<i + j} \<Longrightarrow> tp_1 i j x = x\<close>)
+ next
+ case False
+ then have "y - j < i"
+ using A by auto
+ then have "tp_1 i j (y - j) = y"
+ using False tp_1_def
+ by (simp add: tp_1_def)
+ then show ?thesis
+ by (smt A False \<open>\<And>x. x \<notin> {..<i + j} \<Longrightarrow> tp_1 i j x = x\<close>
+ add.commute add_diff_inverse_nat add_left_imp_eq
+ less_diff_conv2 not_less tp_1_def
+ padic_fields_axioms)
+ qed
+ qed
+ show "\<And>x. x \<in> {..<i + j} \<Longrightarrow> tp_1 i j x \<in> {..<i + j}"
+ proof fix x assume A: "x \<in> {..<i + j}"
+ show "tp_1 i j x < i + j"
+ unfolding tp_1_def using A
+ by (simp add: trans_less_add2)
+ qed
+qed
+
+lemma tp_1_permutes':
+"(tp_1 (i::nat) j) permutes {..< i + j + k}"
+ using tp_1_permutes
+ by (simp add: permutes_def)
+
+lemma tp_1_permutation_action:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>i\<^esup>)"
+ assumes "b \<in> carrier (Q\<^sub>p\<^bsup>j\<^esup>)"
+ assumes "c \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "permute_list (tp_1 i j) (b@a@c)= a@b@c"
+proof-
+ have 0:"length (permute_list (tp_1 i j) (b@a@c))= length (a@b@c)"
+ by (metis add.commute append.assoc length_append length_permute_list)
+ have "\<And>x. x < length (a@b@c) \<Longrightarrow> (permute_list (tp_1 i j) (b@a@c)) ! x= (a@b@c) ! x"
+ proof- fix x assume A: "x < length (a@b@c)"
+ have B: "length (a @ b @ c) = i + j + length c"
+ using add.assoc assms(1) assms(2) cartesian_power_car_memE length_append
+ by metis
+ have C: "tp_1 i j permutes {..<length (a @ b @ c)}"
+ using B assms tp_1_permutes'[of i j "length b"] tp_1_permutes'
+ by presburger
+ have D: "length a = i"
+ using assms(1) cartesian_power_car_memE by blast
+ have E: "length b = j"
+ using assms(2) cartesian_power_car_memE by blast
+ show "(permute_list (tp_1 i j) (b@a@c)) ! x= (a@b@c) ! x"
+ proof(cases "x < i")
+ case True
+ have T0: "(tp_1 i j x) = j + x"
+ using tp_1_def[of i j ] True
+ by auto
+ then have "(b@ a @ c) ! (tp_1 i j x) = a!x"
+ using D E assms(1) assms(2) assms(3) True nth_append
+ by (metis nth_append_length_plus)
+ then show ?thesis
+ using A B C assms permute_list_nth[of "tp_1 i j" "a@b@c"]
+ by (metis D True \<open>length (permute_list (tp_1 i j) (b @ a @ c)) =
+ length (a @ b @ c)\<close> length_permute_list nth_append permute_list_nth)
+ next
+ case False
+ show ?thesis
+ proof(cases "x < i + j")
+ case True
+ then have T0: "(tp_1 i j x) = x - i"
+ by (meson False not_less tp_1_def)
+ have "x - i < length b"
+ using E False True by linarith
+ then have T1: "permute_list (tp_1 i j) (b@ a @ c) ! x = b!(x-i)"
+ using nth_append
+ by (metis A C T0 \<open>length (permute_list (tp_1 i j) (b @ a @ c)) = length (a @ b @ c)\<close>
+ length_permute_list permute_list_nth)
+ then show ?thesis
+ by (metis D False \<open>x - i < length b\<close> nth_append)
+ next
+ case False
+ then have "(tp_1 i j x) = x"
+ by (meson tp_1_def trans_less_add1)
+ then show ?thesis
+ by (smt A C D E False add.commute add_diff_inverse_nat append.assoc
+ length_append nth_append_length_plus permute_list_nth)
+ qed
+ qed
+qed
+ then show ?thesis
+ using 0
+ by (metis list_eq_iff_nth_eq)
+qed
+
+definition tw where
+"tw i j = permute_list (tp_1 j i)"
+
+lemma tw_is_semialg:
+ assumes "n > 0"
+ assumes "is_semialgebraic n S"
+ assumes "n \<ge> i + j"
+ shows "is_semialgebraic n ((tw i j)`S)"
+ unfolding tw_def
+ using assms tp_1_permutes'[of j i "n - (j + i)"]
+ permutation_is_semialgebraic[of n S]
+ by (metis add.commute le_add_diff_inverse)
+
+lemma twisted_partial_pullback_factored:
+ assumes "f \<in> (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) \<rightarrow> carrier Q\<^sub>p"
+ assumes "S \<subseteq> carrier (Q\<^sub>p\<^bsup>n+1+ l\<^esup>)"
+ assumes "Y = partial_pullback m f (n + l) (permute_list (fun_inv (twisting_permutation n)) ` S)"
+ shows "twisted_partial_pullback n m l f S = (tw m n) ` Y"
+proof
+ show "twisted_partial_pullback n m l f S \<subseteq> tw m n ` Y"
+ proof fix x
+ assume A: "x \<in> twisted_partial_pullback n m l f S"
+ then have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>n+m+l\<^esup>)"
+ using twisted_partial_pullback_memE(1) by blast
+ obtain a where a_def: "a = take n x"
+ by blast
+ obtain b where b_def: "b = take m (drop n x)"
+ by blast
+ obtain c where c_def: "c = (drop (n + m) x)"
+ by blast
+ have x_eq:"x = a@(b@c)"
+ by (metis a_def append.assoc append_take_drop_id b_def c_def take_add)
+ have a_closed: "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ by (metis (no_types, lifting) a_def dual_order.trans le_add1 take_closed x_closed)
+ have b_closed: "b \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ proof-
+ have "drop n x \<in> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)"
+ by (metis (no_types, lifting) add.assoc cartesian_power_drop x_closed)
+ then show ?thesis
+ using b_def le_add1 take_closed by blast
+ qed
+ have c_closed: "c \<in> carrier (Q\<^sub>p\<^bsup>l\<^esup>)"
+ using c_def cartesian_power_drop x_closed by blast
+ have B: "a@((f b)#c) \<in> S"
+ using A twisted_partial_pullback_memE'
+ by (smt a_closed a_def add.commute append_take_drop_id b_closed
+ b_def c_closed c_def drop_drop)
+ have "permute_list (fun_inv (twisting_permutation n)) (a@((f b)#c)) = (f b)#(a@c)"
+ using assms twisting_permutation_action'[of a n "f b" c]
+ a_closed cartesian_power_car_memE
+ by blast
+ then have C: "(f b)#(a@c) \<in> (permute_list (fun_inv (twisting_permutation n)) ` S)"
+ by (metis B image_eqI)
+ have C: "b@(a@c) \<in> partial_pullback m f (n + l) (permute_list (fun_inv (twisting_permutation n)) ` S)"
+ proof(rule partial_pullback_memI)
+ show "b @ a @ c \<in> carrier (Q\<^sub>p\<^bsup>m + (n + l)\<^esup>)"
+ using a_closed b_closed c_closed cartesian_power_concat(1)
+ by blast
+ have 0: "(take m (b @ a @ c)) = b"
+ by (metis append.right_neutral b_closed cartesian_power_car_memE
+ diff_is_0_eq diff_self_eq_0 take0 take_all take_append)
+ have 1: "drop m (b @ a @ c) = a@c"
+ by (metis "0" append_take_drop_id same_append_eq)
+ show "f (take m (b @ a @ c)) # drop m (b @ a @ c) \<in> permute_list (fun_inv (twisting_permutation n)) ` S"
+ using 0 1 C
+ by presburger
+ qed
+ have D: "tw m n (b@(a@c)) = a@(b@c)"
+ using assms tw_def a_closed b_closed c_closed
+ by (metis tp_1_permutation_action x_eq)
+ then show "x \<in> tw m n ` Y"
+ using x_eq C assms
+ by (metis image_eqI)
+ qed
+ show "tw m n ` Y \<subseteq> twisted_partial_pullback n m l f S"
+ proof fix x
+ assume A: "x \<in> tw m n ` Y"
+ then obtain y where y_def: "x = tw m n y \<and> y \<in> Y"
+ by blast
+ obtain as where as_def: "as \<in> (permute_list (fun_inv (twisting_permutation n)) ` S) \<and>
+ as = partial_image m f y"
+ using partial_pullback_memE
+ by (metis assms(3) y_def)
+ obtain s where s_def: "s \<in> S \<and> permute_list (fun_inv (twisting_permutation n)) s = as"
+ using as_def by blast
+ obtain b where b_def: "b = take m y"
+ by blast
+ obtain a where a_def: "a = take n (drop m y)"
+ by blast
+ obtain c where c_def: "c = drop (n + m) y"
+ by blast
+ have y_closed: "y \<in> carrier (Q\<^sub>p\<^bsup>m + n + l\<^esup>)"
+ by (metis add.assoc assms(3) partial_pullback_memE(1) y_def)
+ then have y_eq: "y = b@a@c"
+ using a_def b_def c_def
+ by (metis append_take_drop_id drop_drop)
+ have a_closed: "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ by (metis a_def add.commute cartesian_power_drop le_add1 take_closed take_drop y_closed)
+ have b_closed: "b \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using add_leD2 b_def le_add1 take_closed y_closed
+ by (meson trans_le_add1)
+ have c_closed: "c \<in> carrier (Q\<^sub>p\<^bsup>l\<^esup>)"
+ using c_def cartesian_power_drop y_closed
+ by (metis add.commute)
+ have ac_closed: "a@c \<in> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>)"
+ using a_closed c_closed cartesian_power_concat(1) by blast
+ then have C: " local.partial_image m f y = f b # a @ c"
+ using b_closed y_eq partial_image_eq[of b m "a@c" "n + l" y f]
+ by blast
+ then have as_eq: "as = (f b)#(a@c)"
+ using as_def
+ by force
+ have B: "(tw m n) y = a@b@c" using y_eq tw_def[of n m] tp_1_permutation_action
+ by (smt a_closed b_closed c_closed tw_def)
+ then have "x = a@(b@c)"
+ by (simp add: y_def)
+ then have "twisted_partial_image n m f x = a@((f b)# c)"
+ using a_closed b_closed c_closed twisted_partial_image_eq
+ by blast
+ then have D: "permute_list (twisting_permutation n) as = twisted_partial_image n m f x"
+ using as_eq twisting_permutation_action[of a n "f b" c ]
+ by (metis a_closed cartesian_power_car_memE)
+ have "permute_list (twisting_permutation n) as \<in> S"
+ proof-
+ have S: "length s > n"
+ using s_def assms cartesian_power_car_memE le_add1 le_neq_implies_less
+ le_trans less_add_same_cancel1 less_one not_add_less1
+ by (metis (no_types, lifting) subset_iff)
+ have "permute_list (twisting_permutation n) as = permute_list (twisting_permutation n) (permute_list (fun_inv (twisting_permutation n)) s)"
+ using fun_inv_def s_def by blast
+ then have "permute_list (twisting_permutation n) as =
+ permute_list ((twisting_permutation n) \<circ> (fun_inv (twisting_permutation n))) s"
+ using fun_inv_permute(2) fun_inv_permute(3) length_greater_0_conv
+ length_permute_list twisting_permutation_permutes[of n "length s"]
+ permute_list_compose[of "fun_inv (twisting_permutation n)" s "twisting_permutation n"]
+ by (metis S permute_list_compose)
+ then have "permute_list (twisting_permutation n) as =
+ permute_list (id) s"
+ by (metis S \<open>permute_list (twisting_permutation n) as = permute_list
+ (twisting_permutation n) (permute_list (fun_inv (twisting_permutation n)) s)\<close>
+ fun_inv_permute(3) length_greater_0_conv length_permute_list permute_list_compose
+ twisting_permutation_permutes)
+ then have "permute_list (twisting_permutation n) as = s"
+ by simp
+ then show ?thesis
+ using s_def
+ by (simp add: \<open>s \<in> S \<and> permute_list (fun_inv (twisting_permutation n)) s = as\<close>)
+ qed
+ then show "x \<in> twisted_partial_pullback n m l f S"
+ unfolding twisted_partial_pullback_def using D
+ by (smt \<open>x = a @ b @ c\<close> a_closed append.assoc append_eq_conv_conj b_closed
+ c_closed cartesian_power_car_memE cartesian_power_concat(1) length_append
+ list.inject local.partial_image_def twisted_partial_image_def
+ twisted_partial_pullback_def twisted_partial_pullback_memI)
+ qed
+qed
+
+lemma twisted_partial_pullback_is_semialgebraic:
+ assumes "is_semialg_function m f"
+ assumes "is_semialgebraic (n + 1 + l) S"
+ shows "is_semialgebraic (n + m + l)(twisted_partial_pullback n m l f S)"
+proof-
+ have "(fun_inv (twisting_permutation n)) permutes {..<n + 1 + l}"
+ by (simp add: fun_inv_permute(1) twisting_permutation_permutes)
+ then have "is_semialgebraic (1 + n + l) (permute_list (fun_inv (twisting_permutation n)) ` S)"
+ using add_gr_0 assms(2) permutation_is_semialgebraic
+ by (metis add.commute)
+ then have "is_semialgebraic (n + m + l)
+ (partial_pullback m f (n + l) (permute_list (fun_inv (twisting_permutation n)) ` S))"
+ using assms is_semialg_functionE[of m f "n + l" "(permute_list (fun_inv (twisting_permutation n)) ` S)"]
+ by (metis (no_types, lifting) add.assoc add.commute)
+ then have "is_semialgebraic (n + m + l)
+ ((tw m n) `(partial_pullback m f (n + l) (permute_list (fun_inv (twisting_permutation n)) ` S)))"
+ unfolding tw_def
+ using tp_1_permutes'[of n m l] assms permutation_is_semialgebraic[of "n + m + l"
+ "partial_pullback m f (n + l) (permute_list (fun_inv (twisting_permutation n)) ` S)"
+ "tp_1 n m" ]
+ by blast
+ then show ?thesis
+ using twisted_partial_pullback_factored assms(1) assms(2)
+ is_semialg_function_closed is_semialgebraic_closed
+ by presburger
+qed
+
+definition augment where
+"augment n x = take n x @ take n x @ drop n x"
+
+lemma augment_closed:
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>)"
+ shows "augment n x \<in> carrier (Q\<^sub>p\<^bsup>n+n+ l\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ apply (smt ab_semigroup_add_class.add_ac(1) add.commute append_take_drop_id
+ assms augment_def cartesian_power_car_memE cartesian_power_drop length_append)
+ using assms cartesian_power_car_memE'' unfolding augment_def
+ by (metis (no_types, opaque_lifting) append_take_drop_id cartesian_power_concat(2) nat_le_iff_add take_closed)
+
+lemma tuple_partial_image_factor:
+ assumes "is_function_tuple Q\<^sub>p m fs"
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "length fs = n"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)"
+ shows "tuple_partial_image m (fs@[f]) x = twisted_partial_image n m f (tuple_partial_image m fs (augment m x))"
+proof-
+ obtain a where a_def: "a = take m x"
+ by blast
+ obtain b where b_def: "b = drop m x"
+ by blast
+ have a_closed: "a \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using a_def assms(4) le_add1 take_closed
+ by (meson dual_order.trans)
+ have b_closed: "b \<in> carrier (Q\<^sub>p\<^bsup>l\<^esup>)"
+ using assms(4) b_def cartesian_power_drop
+ by (metis (no_types, lifting))
+ have A: "(augment m x) = a @ (a @ b)"
+ using a_def augment_def b_def
+ by blast
+ have 0: "tuple_partial_image m fs (augment m x) = ((function_tuple_eval Q\<^sub>p m fs) a) @ a @ b"
+ using A a_closed b_closed tuple_partial_image_eq[of a m "a@b" "m + l" "augment m x" fs]
+ cartesian_power_concat(1)
+ by blast
+ have 1: "tuple_partial_image m (fs@[f]) x = ((function_tuple_eval Q\<^sub>p m fs a) @ [f a])@b"
+ using 0 tuple_partial_image_eq[of a m b l x "fs@[f]"] unfolding function_tuple_eval_def
+ by (metis (no_types, lifting) a_closed a_def append_take_drop_id b_closed b_def
+ list.simps(8) list.simps(9) map_append)
+ have 2: "tuple_partial_image m (fs@[f]) x = (function_tuple_eval Q\<^sub>p m fs a) @ ((f a)#b)"
+ using 1
+ by (metis (no_types, lifting) append_Cons append_Nil2 append_eq_append_conv2 same_append_eq)
+ have 3: "tuple_partial_image m fs x = (function_tuple_eval Q\<^sub>p m fs a) @ b"
+ using a_def b_def 2 tuple_partial_image_eq[of a m b l x fs ] assms tuple_partial_image_def
+ by blast
+ have 4: "twisted_partial_image n m f (tuple_partial_image m fs (augment m x)) =
+ (function_tuple_eval Q\<^sub>p m fs a) @ ((f a)#b)"
+ using twisted_partial_image_eq[of _ n _ m _ l] 0 assms(1) assms(3) b_closed
+ local.a_closed local.function_tuple_eval_closed by blast
+ show ?thesis using 2 4
+ by presburger
+qed
+
+definition diagonalize where
+"diagonalize n m S = S \<inter> cartesian_product (\<Delta> n) (carrier (Q\<^sub>p\<^bsup>m\<^esup>))"
+
+lemma diagaonlize_is_semiaglebraic:
+ assumes "is_semialgebraic (n + n + m) S"
+ shows "is_semialgebraic (n + n + m) (diagonalize n m S)"
+proof(cases "m = 0")
+ case True
+ then have 0: "carrier (Q\<^sub>p\<^bsup>m\<^esup>) = {[]}"
+ unfolding cartesian_power_def
+ by simp
+ have 1: "\<Delta> n \<subseteq> carrier (Q\<^sub>p\<^bsup>n+n\<^esup>)"
+ using Qp.cring_axioms assms diagonalE(2)
+ by blast
+ then have "cartesian_product (\<Delta> n) (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) = \<Delta> n"
+ using 0 cartesian_product_empty_right[of "\<Delta> n" Q\<^sub>p "n + n" "carrier (Q\<^sub>p\<^bsup>m\<^esup>)"]
+ by linarith
+ then have "diagonalize n m S = S \<inter> (\<Delta> n)"
+ using diagonalize_def
+ by presburger
+ then show ?thesis
+ using intersection_is_semialg True assms diag_is_semialgebraic
+ by auto
+next
+ case False
+ have "is_semialgebraic (n + n + m) (cartesian_product (\<Delta> n) (carrier (Q\<^sub>p\<^bsup>m\<^esup>)))"
+ using carrier_is_semialgebraic[of m]
+ cartesian_product_is_semialgebraic[of "n + n" "\<Delta> n" m "carrier (Q\<^sub>p\<^bsup>m\<^esup>)"]
+ diag_is_semialgebraic[of n] False
+ by blast
+ then show ?thesis
+ using intersection_is_semialg assms(1) diagonalize_def
+ by presburger
+qed
+
+lemma list_segment_take:
+ assumes "length a \<ge>n"
+ shows "list_segment 0 n a = take n a"
+proof-
+ have 0: "length (list_segment 0 n a) = length (take n a)"
+ using assms unfolding list_segment_def
+ by (metis (no_types, lifting) Groups.add_ac(2) add_diff_cancel_left'
+ append_take_drop_id le_Suc_ex length_append length_drop length_map map_nth)
+ have "\<And>i. i < n \<Longrightarrow> list_segment 0 n a !i = take n a ! i"
+ unfolding list_segment_def using assms
+ by (metis add.left_neutral diff_zero nth_map_upt nth_take)
+ then show ?thesis using 0
+ by (metis assms diff_zero le0 list_segment_length nth_equalityI)
+qed
+
+lemma augment_inverse_is_semialgebraic:
+ assumes "is_semialgebraic (n+n+l) S"
+ shows "is_semialgebraic (n+l) ((augment n -` S) \<inter> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>))"
+proof-
+ obtain Ps where Ps_def: "Ps = (var_list_segment 0 n)"
+ by blast
+ obtain Qs where Qs_def: "Qs = (var_list_segment n (n+l))"
+ by blast
+ obtain Fs where Fs_def: "Fs = Ps@Ps@Qs"
+ by blast
+ have 0: "is_poly_tuple (n+l) Ps"
+ by (simp add: Ps_def var_list_segment_is_poly_tuple)
+ have 1: "is_poly_tuple (n+l) Qs"
+ by (simp add: Qs_def var_list_segment_is_poly_tuple)
+ have 2: "is_poly_tuple (n+l) (Ps@Qs)"
+ using Qp_is_poly_tuple_append[of "n+l" Ps Qs]
+ by (metis (no_types, opaque_lifting) "0" "1" add.commute)
+ have "is_poly_tuple (n+l) Fs"
+ using 0 2 Qp_is_poly_tuple_append[of "n + l" Ps "Ps@Qs"] Fs_def assms
+ by blast
+ have 3: "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>) \<Longrightarrow> augment n x = poly_map (n + l) Fs x"
+ proof- fix x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>)"
+ have 30: "poly_map (n+l) Ps x = take n x"
+ using Ps_def map_by_var_list_segment[of x "n + l" n 0]
+ list_segment_take[of n x] cartesian_power_car_memE[of x Q\<^sub>p "n+l"]
+ by (simp add: A)
+ have 31: "poly_map (n + l) Qs x = drop n x"
+ using Qs_def map_by_var_list_segment_to_length[of x "n + l" n] A le_add1
+ by blast
+ have 32: "poly_map (n + l) (Ps@Qs) x = take n x @ drop n x"
+ using poly_map_append[of x "n+l" Ps Qs ]
+ by (metis "30" "31" A append_take_drop_id)
+ show "augment n x = poly_map (n + l) Fs x"
+ using 30 32 poly_map_append
+ by (metis A Fs_def poly_map_append augment_def)
+ qed
+ have 4: "(augment n -` S) \<inter> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>) = poly_tuple_pullback (n + l) S Fs"
+ proof
+ show "augment n -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>) \<subseteq> poly_tuple_pullback (n + l) S Fs"
+ proof fix x assume A: "x \<in> augment n -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>)"
+ then have 40: "augment n x \<in> S"
+ by blast
+ have 41: "augment n x \<in> carrier (Q\<^sub>p\<^bsup>n+n+ l\<^esup>)"
+ using 40 assms unfolding augment_def
+ using is_semialgebraic_closed
+ by blast
+ have "x \<in> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>)"
+ proof-
+ have "take n x @ x \<in> carrier (Q\<^sub>p\<^bsup>n+n+ l\<^esup>)"
+ using augment_def A
+ by (metis "41" append_take_drop_id)
+ then have 0: "drop n (take n x @ x) \<in> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>)"
+ by (metis (no_types, lifting) add.assoc cartesian_power_drop)
+ have "drop n (take n x @ x) = x"
+ proof-
+ have "length x \<ge> n"
+ using A
+ by (metis IntD2 cartesian_power_car_memE le_add1)
+ then have "length (take n x) = n"
+ by (metis add_right_cancel append_take_drop_id
+ le_add_diff_inverse length_append length_drop)
+ then show ?thesis
+ by (metis append_eq_conv_conj)
+ qed
+ then show ?thesis
+ using 0
+ by presburger
+ qed
+ then show "x \<in> poly_tuple_pullback (n + l) S Fs"
+ using 41 3 unfolding poly_tuple_pullback_def
+ by (metis (no_types, opaque_lifting) "40" add.commute cartesian_power_car_memE evimageI evimage_def poly_map_apply)
+ qed
+ show "poly_tuple_pullback (n + l) S Fs \<subseteq> augment n -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>)"
+ proof fix x assume A: "x \<in> poly_tuple_pullback (n + l) S Fs"
+ have "x \<in> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>)"
+ using A unfolding poly_tuple_pullback_def by blast
+ then show "x \<in> augment n -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>)"
+ using 3
+ by (metis (no_types, lifting) A poly_map_apply poly_tuple_pullback_def vimage_inter_cong)
+ qed
+ qed
+ then show ?thesis using assms pullback_is_semialg[of "n + l" Fs]
+ using poly_tuple_pullback_eq_poly_map_vimage
+ unfolding restrict_def evimage_def Fs_def
+ by (smt "4" Ex_list_of_length Fs_def Ps_def Qs_def \<open>is_poly_tuple (n + l) Fs\<close> add.commute
+ add_diff_cancel_left' append_assoc diff_zero is_semialgebraic_closed le_add2 length_append
+ not_add_less1 not_gr_zero padic_fields.is_semialgebraicE padic_fields_axioms var_list_segment_length zero_le)
+qed
+
+lemma tuple_partial_pullback_is_semialg_map_tuple_induct:
+ assumes "is_semialg_map_tuple m fs"
+ assumes "is_semialg_function m f"
+ assumes "length fs = n"
+ shows "is_semialg_map_tuple m (fs@[f])"
+proof(rule is_semialg_map_tupleI)
+ have 0: "is_function_tuple Q\<^sub>p m fs"
+ using assms is_semialg_map_tuple_def
+ by blast
+ show "is_function_tuple Q\<^sub>p m (fs @ [f])"
+ proof(rule is_function_tupleI)
+ have A0: "set (fs @ [f]) = insert f (set fs)"
+ by simp
+ have A1: "set fs \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ using 0 is_function_tuple_def
+ by blast
+ then show "set (fs @ [f]) \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ using assms 0
+ by (metis (no_types, lifting) A0 is_semialg_function_closed list.simps(15) set_ConsD subset_code(1))
+ qed
+ show "\<And>k S. S \<in> semialg_sets (length (fs @ [f]) + k) \<Longrightarrow>
+ is_semialgebraic (m + k) (tuple_partial_pullback m (fs @ [f]) k S)"
+ proof- fix l S
+ assume A: "S \<in> semialg_sets (length (fs @ [f]) + l)"
+ then have B: "S \<in> semialg_sets (n + l + 1)"
+ using assms
+ by (metis (no_types, lifting) add.commute add_Suc_right add_diff_cancel_left'
+ append_Nil2 diff_Suc_1 length_Suc_conv length_append)
+ show "is_semialgebraic (m + l) (tuple_partial_pullback m (fs @ [f]) l S)"
+ proof-
+ obtain S0 where S0_def: "S0 = tuple_partial_pullback m fs (l+1) S"
+ by blast
+ have 0: "is_semialgebraic (m + l + 1) S0"
+ using B assms is_semialg_map_tupleE[of m fs "l + 1" S]
+ by (metis S0_def add.assoc is_semialgebraicI)
+ obtain S1 where S1_def: "S1 = twisted_partial_pullback m m l f S0"
+ by blast
+ then have "is_semialgebraic (m + m + l) S1"
+ using S1_def assms(1) 0 twisted_partial_pullback_is_semialgebraic[of m f m l S0]
+ by (simp add: assms(2))
+ then have L: "is_semialgebraic (m + m + l) (diagonalize m l S1)"
+ using assms diagaonlize_is_semiaglebraic
+ by blast
+ have 1: "(tuple_partial_pullback m (fs @ [f]) l S)
+ = (augment m -` (diagonalize m l S1)) \<inter> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)"
+ proof
+ show "tuple_partial_pullback m (fs @ [f]) l S \<subseteq>
+ augment m -` diagonalize m l S1 \<inter> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)"
+
+ proof fix x assume P0: "x \<in> tuple_partial_pullback m (fs @ [f]) l S "
+ show "x \<in> augment m -` diagonalize m l S1 \<inter> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)"
+ proof
+ show "x \<in> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)"
+ using tuple_partial_pullback_closed P0
+ by blast
+ show "x \<in> augment m -` diagonalize m l S1"
+ proof-
+ obtain a where a_def: "a = take m x"
+ by blast
+ then have a_closed: "a \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using \<open>x \<in> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)\<close> le_add1 take_closed
+ by blast
+ obtain b where b_def: "b = drop m x"
+ by blast
+ then have b_closed: "b \<in> carrier (Q\<^sub>p\<^bsup>l\<^esup>)"
+ using \<open>x \<in> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)\<close> cartesian_power_drop
+ by blast
+ have x_eq: "x = a@b"
+ using a_def b_def
+ by (metis append_take_drop_id)
+ have X0: "a @ a @ b = augment m x"
+ by (metis a_def augment_def b_def)
+ have "a @ a @ b \<in> diagonalize m l S1"
+ proof-
+ have "length (a@a) = m + m"
+ using a_closed cartesian_power_car_memE length_append
+ by blast
+ then have "take (m + m) (a @ a @ b) = a@a"
+ by (metis append.assoc append_eq_conv_conj)
+ then have X00: "take (m + m) (a @ a @ b) \<in> \<Delta> m"
+ using diagonalI[of "a@a"] a_def a_closed
+ by (metis append_eq_conv_conj cartesian_power_car_memE)
+ then have X01: "a @ a @ b \<in> cartesian_product (\<Delta> m) (carrier (Q\<^sub>p\<^bsup>l\<^esup>))"
+ using a_closed b_closed cartesian_product_memI[of "\<Delta> m" Q\<^sub>p "m+m" "carrier (Q\<^sub>p\<^bsup>l\<^esup>)" l "a @ a @ b"]
+ unfolding diagonal_def
+ by (metis (no_types, lifting) X0 \<open>x \<in> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)\<close> augment_closed cartesian_power_drop mem_Collect_eq subsetI)
+ have X02: "twisted_partial_image m m f (a @ a @ b) = a @ ((f a)# b)"
+ using twisted_partial_image_eq[of a m a m b l _ f] a_closed b_closed
+ by blast
+ have "a @ a @ b \<in> S1"
+ proof-
+ have "twisted_partial_image m m f (a @ a @ b) \<in> S0"
+ proof-
+ have X020:"tuple_partial_image m fs (a @ ((f a)# b))
+ = (function_tuple_eval Q\<^sub>p m fs a)@[f a]@b"
+ using tuple_partial_image_eq[of a m "(f a)# b" "l + 1" _ fs]
+ by (metis (no_types, lifting) a_closed append_Cons append_eq_conv_conj
+ cartesian_power_car_memE self_append_conv2 tuple_partial_image_def)
+ have X021: "(function_tuple_eval Q\<^sub>p m fs a)@[f a]@b \<in> S"
+ proof-
+ have X0210: "(function_tuple_eval Q\<^sub>p m fs a)@[f a]@b =
+ (function_tuple_eval Q\<^sub>p m (fs@[f]) a)@b"
+ unfolding function_tuple_eval_def
+ by (metis (mono_tags, lifting) append.assoc list.simps(8) list.simps(9) map_append)
+ have X0211: "(function_tuple_eval Q\<^sub>p m (fs@[f]) a)@b =
+ tuple_partial_image m (fs @ [f]) x"
+ using x_eq tuple_partial_image_eq[of a m b l x "fs@[f]"]
+ by (simp add: a_closed b_closed)
+ have "tuple_partial_image m (fs @ [f]) x \<in> S"
+ using P0 tuple_partial_pullback_memE(2)
+ by blast
+ then show ?thesis using X0211 X0210 by presburger
+ qed
+ have X022: "tuple_partial_image m fs (twisted_partial_image m m f (a @ a @ b))
+ = (function_tuple_eval Q\<^sub>p m fs a)@[f a]@b"
+ proof-
+ have X0220: "tuple_partial_image m fs (twisted_partial_image m m f (a @ a @ b)) =
+ tuple_partial_image m fs (a @ ((f a)# b))"
+ using X02 by presburger
+ have X0221: "tuple_partial_image m fs (twisted_partial_image m m f (a @ a @ b)) =
+ (function_tuple_eval Q\<^sub>p m fs a) @ ((f a)# b)"
+ using tuple_partial_image_eq
+ by (metis X02 X020 append_Cons self_append_conv2)
+ then show ?thesis
+ unfolding function_tuple_eval_def
+ by (metis X02 X020 X0221 append_same_eq)
+ qed
+ have X023: "tuple_partial_image m fs (twisted_partial_image m m f (a @ a @ b)) \<in> S"
+ using X02 X020 X021 by presburger
+ have "twisted_partial_image m m f (a @ a @ b) \<in> carrier (Q\<^sub>p\<^bsup>m + (l+1)\<^esup>)"
+ proof-
+ have "a @ ((f a)# b) \<in> carrier (Q\<^sub>p\<^bsup>m + (l+1)\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ apply (metis a_closed add.commute b_closed cartesian_power_car_memE
+ length_Cons length_append plus_1_eq_Suc)
+ proof-
+ have "f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ using assms(2) is_semialg_function_closed by blast
+ then have "f a \<in> carrier Q\<^sub>p"
+ using a_closed assms
+ by blast
+ then show "set (a @ f a # b) \<subseteq> carrier Q\<^sub>p"
+ using assms a_closed b_closed
+ by (meson cartesian_power_car_memE'' cartesian_power_concat(1) cartesian_power_cons)
+ qed
+ then show ?thesis
+ using X02
+ by presburger
+ qed
+ then show ?thesis
+ using S0_def X023 tuple_partial_pullback_def[of m fs "l+1" S ]
+ by blast
+ qed
+ then show ?thesis using X02 S1_def twisted_partial_pullback_def
+ by (metis (no_types, lifting) X0 \<open>x \<in> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)\<close> augment_closed
+ drop_drop local.partial_image_def twisted_partial_image_def
+ twisted_partial_pullback_memI)
+ qed
+ then show ?thesis using X01 diagonalize_def[of m l S1]
+ by blast
+ qed
+ then show ?thesis
+ by (metis X0 vimageI)
+ qed
+ qed
+ qed
+ show "augment m -` diagonalize m l S1 \<inter> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>) \<subseteq> tuple_partial_pullback m (fs @ [f]) l S"
+ proof
+ fix x
+ assume A: "x \<in> augment m -` diagonalize m l S1 \<inter> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)"
+ then have X0: "x \<in> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)"
+ by blast
+ obtain a where a_def: "a = take m x"
+ by blast
+ then have a_closed: "a \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using X0 le_add1 take_closed by blast
+ obtain b where b_def: "b = drop m x"
+ by blast
+ then have a_closed: "b \<in> carrier (Q\<^sub>p\<^bsup>l\<^esup>)"
+ using X0 cartesian_power_drop
+ by blast
+ have X1: "augment m x = a@a@b"
+ using a_def augment_def b_def
+ by blast
+ have X2: "a@a@b \<in> diagonalize m l S1"
+ using A X1
+ by (metis Int_iff vimage_eq)
+ have X3: "a@a@b \<in> S1"
+ using X2 diagonalize_def
+ by blast
+ have X4: "twisted_partial_image m m f (a@a@b) \<in> S0"
+ using X3 S1_def twisted_partial_pullback_memE(2)
+ by blast
+ have X5: "a@((f a)#b) \<in> S0"
+ using X4 twisted_partial_image_eq[of a m a m b l _ f]
+ by (metis X0 a_closed a_def le_add1 take_closed)
+ have X6: "tuple_partial_image m fs (a@((f a)#b)) \<in> S"
+ using S0_def X5 tuple_partial_pullback_memE(2)
+ by blast
+ have X7: "((function_tuple_eval Q\<^sub>p m fs a)@((f a)#b)) \<in> S"
+ using X6 using tuple_partial_image_eq
+ by (metis X0 a_def append_eq_conv_conj cartesian_power_car_memE
+ le_add1 take_closed tuple_partial_image_def)
+ have X8: "((function_tuple_eval Q\<^sub>p m fs a)@((f a)#b)) =
+ tuple_partial_image m (fs @ [f]) x"
+ proof-
+ have X80: "tuple_partial_image m (fs @ [f]) x = (function_tuple_eval Q\<^sub>p m (fs@[f]) a)@b"
+ using tuple_partial_image_def a_def b_def
+ by blast
+ then show ?thesis unfolding function_tuple_eval_def
+ by (metis (no_types, lifting) append_Cons append_eq_append_conv2 list.simps(9) map_append self_append_conv2)
+ qed
+ show "x \<in> tuple_partial_pullback m (fs @ [f]) l S"
+ using X8 X7 tuple_partial_pullback_def
+ by (metis X0 \<open>is_function_tuple Q\<^sub>p m (fs @ [f])\<close>
+ tuple_partial_image_def tuple_partial_pullback_memI)
+ qed
+ qed
+ then show ?thesis
+ using augment_inverse_is_semialgebraic
+ by (simp add: L)
+ qed
+ qed
+qed
+
+lemma singleton_tuple_partial_pullback_is_semialg_map_tuple:
+ assumes "is_semialg_function_tuple m fs"
+ assumes "length fs = 1"
+ shows "is_semialg_map_tuple m fs"
+proof(rule is_semialg_map_tupleI)
+ show "is_function_tuple Q\<^sub>p m fs"
+ by (simp add: assms(1) semialg_function_tuple_is_function_tuple)
+ show "\<And>k S. S \<in> semialg_sets (length fs + k) \<Longrightarrow> is_semialgebraic (m + k) (tuple_partial_pullback m fs k S)"
+ proof- fix k S assume A: "S \<in> semialg_sets (length fs + k)"
+ show "is_semialgebraic (m + k) (tuple_partial_pullback m fs k S)"
+ proof-
+ obtain f where f_def: "fs = [f]"
+ using assms
+ by (metis One_nat_def length_0_conv length_Suc_conv)
+ have 0: "is_semialg_function m f"
+ using f_def assms is_semialg_function_tupleE'[of m fs f]
+ by simp
+ have 1: "\<And>x. tuple_partial_image m fs x = partial_image m f x"
+ unfolding function_tuple_eval_def tuple_partial_image_def partial_image_def
+ by (metis (no_types, lifting) append_Cons append_Nil2 append_eq_append_conv_if
+ f_def list.simps(8) list.simps(9))
+ have 2: "tuple_partial_pullback m fs k S = partial_pullback m f k S"
+ proof
+ show "tuple_partial_pullback m fs k S \<subseteq> partial_pullback m f k S"
+ using 1 unfolding tuple_partial_pullback_def partial_pullback_def evimage_def
+ by (metis (no_types, lifting) set_eq_subset vimage_inter_cong)
+ show "partial_pullback m f k S \<subseteq> tuple_partial_pullback m fs k S"
+ using 1 unfolding tuple_partial_pullback_def partial_pullback_def evimage_def
+ by blast
+ qed
+ then show ?thesis
+ by (metis "0" A assms(2) is_semialg_functionE is_semialgebraicI)
+ qed
+ qed
+qed
+
+lemma empty_tuple_partial_pullback_is_semialg_map_tuple:
+ assumes "is_semialg_function_tuple m fs"
+ assumes "length fs = 0"
+ shows "is_semialg_map_tuple m fs"
+ apply(rule is_semialg_map_tupleI)
+ using assms(1) semialg_function_tuple_is_function_tuple apply blast
+proof-
+ fix k S assume A: "S \<in> semialg_sets (length fs + k)"
+ then have 0: "is_semialgebraic k S"
+ by (metis add.left_neutral assms(2) is_semialgebraicI)
+ have 1: "tuple_partial_pullback m fs k S = cartesian_product (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) S"
+ proof
+ have 1: "\<And>x. function_tuple_eval Q\<^sub>p m fs (take m x) = []"
+ using assms unfolding function_tuple_eval_def
+ by blast
+ show "tuple_partial_pullback m fs k S \<subseteq> cartesian_product (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) S"
+ apply(rule subsetI) apply(rule cartesian_product_memI[of "carrier (Q\<^sub>p\<^bsup>m\<^esup>)" Q\<^sub>p m S k])
+ apply blast using 0 is_semialgebraic_closed apply blast
+ using 0 assms unfolding 1 tuple_partial_pullback_def tuple_partial_image_def
+ apply (meson IntD2 le_add1 take_closed)
+ by (metis append_Nil evimageD evimage_def)
+ have 2: "cartesian_product (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) S \<subseteq> carrier (Q\<^sub>p\<^bsup>m + k\<^esup>)"
+ using is_semialgebraic_closed[of k S] 0 assms cartesian_product_closed[of "carrier (Q\<^sub>p\<^bsup>m\<^esup>)" Q\<^sub>p m S k] by blast
+ show "cartesian_product (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) S \<subseteq> tuple_partial_pullback m fs k S"
+ apply(rule subsetI) apply(rule tuple_partial_pullback_memI)
+ using 2 apply blast
+ using assms semialg_function_tuple_is_function_tuple apply blast
+ unfolding 1
+ by (metis carrier_is_semialgebraic cartesian_product_memE(2) is_semialgebraic_closed self_append_conv2)
+ qed
+ show "is_semialgebraic (m + k) (tuple_partial_pullback m fs k S)"
+ unfolding 1
+ using "0" car_times_semialg_is_semialg by blast
+qed
+
+lemma tuple_partial_pullback_is_semialg_map_tuple:
+ assumes "is_semialg_function_tuple m fs"
+ shows "is_semialg_map_tuple m fs"
+proof-
+ have "\<And>n fs. is_semialg_function_tuple m fs \<and> length fs = n \<Longrightarrow> is_semialg_map_tuple m fs"
+ proof- fix n
+ show " \<And> fs. is_semialg_function_tuple m fs \<and> length fs = n \<Longrightarrow> is_semialg_map_tuple m fs"
+ apply(induction n)
+ using singleton_tuple_partial_pullback_is_semialg_map_tuple empty_tuple_partial_pullback_is_semialg_map_tuple apply blast
+ proof-
+ fix n fs
+ assume IH: "(\<And>fs. is_semialg_function_tuple m fs \<and> length fs = n \<Longrightarrow> is_semialg_map_tuple m fs)"
+ assume A: "is_semialg_function_tuple m fs \<and> length fs = Suc n"
+ then obtain gs f where gs_f_def: "fs = gs@[f]"
+ by (metis length_Suc_conv list.discI rev_exhaust)
+ have gs_length: "length gs = n"
+ using gs_f_def
+ by (metis A length_append_singleton nat.inject)
+ have 0: "set gs \<subseteq> set fs"
+ by (simp add: gs_f_def subsetI)
+ have 1: "is_semialg_function_tuple m gs"
+ apply(rule is_semialg_function_tupleI)
+ using 0 A gs_f_def is_semialg_function_tupleE'[of m fs]
+ by blast
+ then have 2: "is_semialg_map_tuple m gs"
+ using IH gs_length
+ by blast
+ have 3: "is_semialg_function m f"
+ using gs_f_def A
+ by (metis gs_length is_semialg_function_tupleE lessI nth_append_length)
+ then show "is_semialg_map_tuple m fs"
+ using assms 2 gs_f_def tuple_partial_pullback_is_semialg_map_tuple_induct
+ by blast
+ qed
+ qed
+ then show ?thesis
+ using assms by blast
+qed
+
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>Semialgebraic Functions are Closed under Composition with Semialgebraic Tuples\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+lemma function_tuple_comp_partial_pullback:
+ assumes "is_semialg_function_tuple m fs"
+ assumes "length fs = n"
+ assumes "is_semialg_function n f"
+ assumes "S \<subseteq> carrier (Q\<^sub>p\<^bsup>1+k\<^esup>)"
+ shows "partial_pullback m (function_tuple_comp Q\<^sub>p fs f) k S =
+ tuple_partial_pullback m fs k (partial_pullback n f k S)"
+proof-
+ have 0: "\<And>x. partial_image m (function_tuple_comp Q\<^sub>p fs f) x =
+ partial_image n f (tuple_partial_image m fs x)"
+ unfolding partial_image_def function_tuple_comp_def tuple_partial_image_def
+ using comp_apply[of f "function_tuple_eval Q\<^sub>p 0 fs"]
+ unfolding function_tuple_eval_def
+ proof -
+ fix x :: "((nat \<Rightarrow> int) \<times> (nat \<Rightarrow> int)) set list"
+ assume a1: "\<And>x. (f \<circ> (\<lambda>x. map (\<lambda>f. f x) fs)) x = f (map (\<lambda>f. f x) fs)"
+ have f2: "\<forall>f rs. drop n (map f fs @ (rs::((nat \<Rightarrow> int) \<times> (nat \<Rightarrow> int)) set list)) = rs"
+ by (simp add: assms(2))
+ have "\<forall>f rs. take n (map f fs @ (rs::((nat \<Rightarrow> int) \<times> (nat \<Rightarrow> int)) set list)) = map f fs"
+ by (simp add: assms(2))
+ then show "(f \<circ> (\<lambda>rs. map (\<lambda>f. f rs) fs)) (take m x) # drop m x =
+ f (take n (map (\<lambda>f. f (take m x)) fs @ drop m x)) # drop n (map (\<lambda>f. f (take m x)) fs @ drop m x)"
+ using f2 a1 by presburger
+ qed
+ show "partial_pullback m (function_tuple_comp Q\<^sub>p fs f) k S =
+ tuple_partial_pullback m fs k (partial_pullback n f k S)"
+ proof
+ show "partial_pullback m (function_tuple_comp Q\<^sub>p fs f) k S \<subseteq> tuple_partial_pullback m fs k (partial_pullback n f k S)"
+ proof fix x assume A: "x \<in> partial_pullback m (function_tuple_comp Q\<^sub>p fs f) k S"
+ then have 1: "partial_image m (function_tuple_comp Q\<^sub>p fs f) x \<in> S"
+ using partial_pullback_memE(2) by blast
+ have 2: " partial_image n f (tuple_partial_image m fs x) \<in> S"
+ using 0 1
+ by presburger
+ have 3: "x \<in> carrier (Q\<^sub>p\<^bsup>m + k\<^esup>)"
+ using A assms
+ by (metis partial_pullback_memE(1))
+ have 4: "tuple_partial_image m fs x \<in> partial_pullback n f k S"
+ apply(rule partial_pullback_memI)
+ apply (metis "0" "3" add_cancel_left_left assms(1) assms(2) cartesian_power_drop drop0
+ list.inject local.partial_image_def not_gr_zero semialg_function_tuple_is_function_tuple
+ tuple_partial_image_closed)
+ by (metis "2" local.partial_image_def)
+ show " x \<in> tuple_partial_pullback m fs k (partial_pullback n f k S)"
+ apply(rule tuple_partial_pullback_memI)
+ apply (simp add: "3")
+ using assms(1) semialg_function_tuple_is_function_tuple apply blast
+ by (metis "4" tuple_partial_image_def)
+ qed
+ show " tuple_partial_pullback m fs k (partial_pullback n f k S) \<subseteq> partial_pullback m (function_tuple_comp Q\<^sub>p fs f) k S"
+ proof fix x assume A: "x \<in> tuple_partial_pullback m fs k (partial_pullback n f k S)"
+ show "x \<in> partial_pullback m (function_tuple_comp Q\<^sub>p fs f) k S "
+ proof-
+ have "partial_image n f (tuple_partial_image m fs x) \<in> S"
+ using A partial_pullback_memE(2) tuple_partial_pullback_memE(2)
+ by blast
+ show ?thesis
+ apply(rule partial_pullback_memI)
+ apply (meson A subset_eq tuple_partial_pullback_closed)
+ by (metis "0" \<open>local.partial_image n f (tuple_partial_image m fs x) \<in> S\<close>
+ local.partial_image_def)
+ qed
+ qed
+ qed
+qed
+
+lemma semialg_function_tuple_comp:
+ assumes "is_semialg_function_tuple m fs"
+ assumes "length fs = n"
+ assumes "is_semialg_function n f"
+ shows "is_semialg_function m (function_tuple_comp Q\<^sub>p fs f)"
+proof(rule is_semialg_functionI)
+ show "function_tuple_comp Q\<^sub>p fs f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ using function_tuple_comp_closed[of f Q\<^sub>p n fs] assms(1) assms(2)
+ assms(3) is_semialg_function_closed semialg_function_tuple_is_function_tuple
+ by blast
+ show "\<And>k S. S \<in> semialg_sets (1 + k) \<Longrightarrow> is_semialgebraic (m + k) (partial_pullback m (function_tuple_comp Q\<^sub>p fs f) k S)"
+ proof- fix k S
+ assume A0: "S \<in> semialg_sets (1 + k)"
+ show "is_semialgebraic (m + k) (partial_pullback m (function_tuple_comp Q\<^sub>p fs f) k S)"
+ proof-
+ have 0: "partial_pullback m (function_tuple_comp Q\<^sub>p fs f) k S =
+ tuple_partial_pullback m fs k (partial_pullback n f k S)"
+ using function_tuple_comp_partial_pullback[of m fs n f S k] assms
+ \<open>S \<in> semialg_sets (1 + k)\<close> is_semialgebraicI is_semialgebraic_closed
+ by blast
+ have 1: "is_semialgebraic (n + k) (partial_pullback n f k S)"
+ using assms A0 is_semialg_functionE is_semialgebraicI
+ by blast
+ have 2: "is_semialgebraic (m + k) (tuple_partial_pullback m fs k (partial_pullback n f k S))"
+ using 1 0 assms tuple_partial_pullback_is_semialg_map_tuple[of m fs]
+ is_semialg_map_tupleE[of m fs k "partial_pullback n f k S"]
+ by blast
+ then show ?thesis
+ using 0
+ by simp
+ qed
+ qed
+qed
+
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>Algebraic Operations on Semialgebraic Functions\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+
+text\<open>Defining the set of extensional semialgebraic functions\<close>
+
+definition Qp_add_fun where
+"Qp_add_fun xs = xs!0 \<oplus>\<^bsub>Q\<^sub>p\<^esub> xs!1"
+
+definition Qp_mult_fun where
+"Qp_mult_fun xs = xs!0 \<otimes> xs!1"
+
+text\<open>Inversion function on first coordinates of Qp tuples. Arbitrarily redefined at 0 to map to 0\<close>
+
+definition Qp_invert where
+"Qp_invert xs = (if ((xs!0) = \<zero>) then \<zero> else (inv (xs!0)))"
+
+text\<open>Addition is semialgebraic\<close>
+
+lemma addition_is_semialg:
+"is_semialg_function 2 Qp_add_fun"
+proof-
+ have 0: "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>) \<Longrightarrow> Qp_add_fun x = Qp_ev (pvar Q\<^sub>p 0 \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> pvar Q\<^sub>p 1) x"
+ proof- fix x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>)"
+ have "Qp_ev (pvar Q\<^sub>p 0 \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> pvar Q\<^sub>p 1) x = (Qp_ev (pvar Q\<^sub>p 0) x) \<oplus>\<^bsub>Q\<^sub>p\<^esub> (Qp_ev (pvar Q\<^sub>p 1) x)"
+ by (metis A One_nat_def eval_at_point_add pvar_closed less_Suc_eq numeral_2_eq_2)
+ then show " Qp_add_fun x = Qp_ev (pvar Q\<^sub>p 0 \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> pvar Q\<^sub>p 1) x"
+ by (metis A Qp_add_fun_def add_vars_def add_vars_rep one_less_numeral_iff
+ pos2 semiring_norm(76))
+ qed
+ then have 1: "restrict Qp_add_fun (carrier (Q\<^sub>p\<^bsup>2\<^esup>)) =
+ restrict (Qp_ev (pvar Q\<^sub>p 0 \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> pvar Q\<^sub>p 1)) (carrier (Q\<^sub>p\<^bsup>2\<^esup>))"
+ by (meson restrict_ext)
+ have "is_semialg_function 2 (Qp_ev (pvar Q\<^sub>p 0 \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> pvar Q\<^sub>p 1))"
+ using poly_is_semialg[of "pvar Q\<^sub>p 0 \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> pvar Q\<^sub>p 1"]
+ by (meson MP.add.m_closed local.pvar_closed one_less_numeral_iff pos2 semiring_norm(76))
+ then show ?thesis
+ using 1 semialg_function_on_carrier[of 2 "Qp_add_fun" "Qp_ev (pvar Q\<^sub>p 0 \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> pvar Q\<^sub>p 1)"]
+ semialg_function_on_carrier
+ by presburger
+qed
+
+text\<open>Multiplication is semialgebraic:\<close>
+
+lemma multiplication_is_semialg:
+"is_semialg_function 2 Qp_mult_fun"
+proof-
+ have 0: "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>) \<Longrightarrow> Qp_mult_fun x = Qp_ev (pvar Q\<^sub>p 0 \<otimes>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> pvar Q\<^sub>p 1) x"
+ proof- fix x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>)"
+ have "Qp_ev (pvar Q\<^sub>p 0 \<otimes>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> pvar Q\<^sub>p 1) x =
+ (Qp_ev (pvar Q\<^sub>p 0) x) \<otimes> (Qp_ev (pvar Q\<^sub>p 1) x)"
+ by (metis A One_nat_def eval_at_point_mult pvar_closed less_Suc_eq numeral_2_eq_2)
+ then show " Qp_mult_fun x = Qp_ev (pvar Q\<^sub>p 0 \<otimes>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> pvar Q\<^sub>p 1) x"
+ by (metis A Qp_mult_fun_def mult_vars_def mult_vars_rep
+ one_less_numeral_iff pos2 semiring_norm(76))
+ qed
+ then have 1: "restrict Qp_mult_fun (carrier (Q\<^sub>p\<^bsup>2\<^esup>)) =
+ restrict (Qp_ev (pvar Q\<^sub>p 0 \<otimes>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> pvar Q\<^sub>p 1)) (carrier (Q\<^sub>p\<^bsup>2\<^esup>))"
+ by (meson restrict_ext)
+ have "is_semialg_function 2 (Qp_ev (pvar Q\<^sub>p 0 \<otimes>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> pvar Q\<^sub>p 1))"
+ using poly_is_semialg[of "pvar Q\<^sub>p 0 \<otimes>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> pvar Q\<^sub>p 1"]
+ by (meson MP.m_closed local.pvar_closed one_less_numeral_iff pos2 semiring_norm(76))
+ thus ?thesis
+ using 1 semialg_function_on_carrier[of 2 "Qp_mult_fun" "Qp_ev (pvar Q\<^sub>p 0 \<otimes>\<^bsub>Q\<^sub>p[\<X>\<^bsub>2\<^esub>]\<^esub> pvar Q\<^sub>p 1)"]
+ semialg_function_on_carrier
+ by presburger
+qed
+
+text\<open>Inversion is semialgebraic:\<close>
+
+lemma(in field) field_nat_pow_inv:
+ assumes "a \<in> carrier R"
+ assumes "a \<noteq> \<zero>"
+ shows "inv (a [^] (n::nat)) = (inv a) [^] (n :: nat)"
+ apply(induction n)
+ using inv_one local.nat_pow_0 apply presburger
+ using assms nat_pow_of_inv
+ by (metis Units_one_closed field_inv(2) field_inv(3) unit_factor)
+
+lemma Qp_invert_basic_semialg:
+ assumes "is_basic_semialg (1 + k) S"
+ shows "is_semialgebraic (1 + k) (partial_pullback 1 Qp_invert k S)"
+proof-
+ obtain P n where P_n_def: "(n::nat) \<noteq> 0 \<and> P \<in> carrier (Q\<^sub>p[\<X>\<^bsub>1+k\<^esub>]) \<and> S = basic_semialg_set (1+k) n P \<and> P \<in> carrier (Q\<^sub>p[\<X>\<^bsub>1+k\<^esub>])"
+ using assms is_basic_semialg_def
+ by meson
+ obtain d::nat where d_def: "d = deg (coord_ring Q\<^sub>p k) (to_univ_poly (Suc k) 0 P)"
+ by auto
+ obtain l where l_def: "l = ((- d) mod n)"
+ by blast
+ have 1: "(l + d) mod n = 0"
+ by (metis add_eq_0_iff equation_minus_iff l_def mod_0 mod_add_cong mod_minus_eq zmod_int)
+ then obtain m::int where m_def: " (l + d) = m*n "
+ using d_def l_def
+ by (metis mult_of_nat_commute zmod_eq_0D)
+ have 2: "m \<ge>0"
+ proof-
+ have 10: "n > 0"
+ using P_n_def
+ by blast
+ have 11: "l \<ge> 0"
+ using l_def 10 Euclidean_Division.pos_mod_sign of_nat_0_less_iff
+ by blast
+ then show ?thesis
+ using m_def
+ by (metis "10" le_add_same_cancel1 minus_add_cancel negative_zle
+ neq0_conv of_nat_le_0_iff zero_le_imp_eq_int zero_le_mult_iff)
+ qed
+ obtain N where N_def: "N = m*n"
+ by blast
+ have 3: "N \<ge> d"
+ proof-
+ have "l \<ge> 0"
+ using l_def d_def m_def Euclidean_Division.pos_mod_sign[of n "-d"] P_n_def
+ by linarith
+ then show ?thesis
+ using d_def N_def m_def
+ by linarith
+ qed
+ have 4: "deg (coord_ring Q\<^sub>p k) (to_univ_poly (Suc k) 0 P) \<le> nat N"
+ using d_def N_def 3
+ by linarith
+ have 5: " P \<in> carrier (coord_ring Q\<^sub>p (Suc k))"
+ by (metis P_n_def plus_1_eq_Suc)
+ have 6: " \<exists>q\<in>carrier (coord_ring Q\<^sub>p (Suc k)).
+ \<forall>x\<in>carrier Q\<^sub>p - {\<zero>}. \<forall>a\<in>carrier (Q\<^sub>p\<^bsup>k\<^esup>). Qp_ev q (insert_at_index a x 0) = (x[^]nat N) \<otimes> Qp_ev P (insert_at_index a (inv x) 0)"
+ using 3 4 d_def to_univ_poly_one_over_poly''[of 0 k P "nat N"] "5" Qp.field_axioms
+ by blast
+ obtain q where q_def: "q \<in> carrier (coord_ring Q\<^sub>p (Suc k)) \<and> ( \<forall> x \<in> carrier Q\<^sub>p - {\<zero>}. ( \<forall> a \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>).
+ eval_at_point Q\<^sub>p (insert_at_index a x 0) q = (x[^] (nat N)) \<otimes> (eval_at_point Q\<^sub>p (insert_at_index a (inv x) 0) P)))"
+ using 6
+ by blast
+ obtain T where T_def: "T = basic_semialg_set (1+k) n q"
+ by auto
+ have "is_basic_semialg (1 + k) T"
+ proof-
+ have "q \<in> carrier ( Q\<^sub>p[\<X>\<^bsub>Suc k\<^esub>])"
+ using q_def
+ by presburger
+ then show ?thesis
+ using T_def is_basic_semialg_def
+ by (metis P_n_def plus_1_eq_Suc)
+ qed
+ then have T_semialg: "is_semialgebraic (1+k) T"
+ using T_def basic_semialg_is_semialg[of "1+k" T] is_semialgebraicI
+ by blast
+ obtain Nz where Nz_def: "Nz = {xs \<in> carrier (Q\<^sub>p\<^bsup>Suc k\<^esup>). xs!0 \<noteq> \<zero>}"
+ by blast
+ have Nz_semialg: "is_semialgebraic (1+k) Nz"
+ proof-
+ obtain Nzc where Nzc_def: "Nzc = {xs \<in> carrier (Q\<^sub>p\<^bsup>Suc k\<^esup>). xs!0 = \<zero>}"
+ by blast
+ have 0: "Nzc = zero_set Q\<^sub>p (Suc k) (pvar Q\<^sub>p 0)"
+ unfolding zero_set_def
+ using Nzc_def
+ by (metis (no_types, lifting) Collect_cong eval_pvar zero_less_Suc)
+ have 1: "is_algebraic Q\<^sub>p (1+k) Nzc"
+ using 0 pvar_closed[of ]
+ by (metis is_algebraicI' plus_1_eq_Suc zero_less_Suc)
+ then have 2: "is_semialgebraic (1+k) Nzc"
+ using is_algebraic_imp_is_semialg by blast
+ have 3: "Nz = carrier (Q\<^sub>p\<^bsup>Suc k\<^esup>) - Nzc"
+ using Nz_def Nzc_def
+ by blast
+ then show ?thesis
+ using 2
+ by (simp add: complement_is_semialg)
+ qed
+ have 7: "(partial_pullback 1 Qp_invert k S) \<inter> Nz = T \<inter> Nz"
+ proof
+ show "partial_pullback 1 Qp_invert k S \<inter> Nz \<subseteq> T \<inter> Nz"
+ proof fix c assume A: "c \<in> partial_pullback 1 Qp_invert k S \<inter> Nz"
+ show "c \<in> T \<inter> Nz"
+ proof-
+ have c_closed: "c \<in> carrier (Q\<^sub>p\<^bsup>1+k\<^esup>)"
+ using A partial_pullback_closed[of 1 Qp_invert k S]
+ by blast
+ obtain x a where xa_def: "c = (x#a)"
+ using c_closed
+ by (metis Suc_eq_plus1 add.commute cartesian_power_car_memE length_Suc_conv)
+ have x_closed: "x \<in> carrier Q\<^sub>p"
+ using xa_def c_closed
+ by (metis (no_types, lifting) append_Cons cartesian_power_decomp
+ list.inject Qp.to_R1_to_R Qp.to_R_pow_closed)
+ have a_closed: "a \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ using xa_def c_closed
+ by (metis One_nat_def cartesian_power_drop drop0 drop_Suc_Cons)
+ have 0: "c \<in> Nz"
+ using A by blast
+ then have "x \<noteq> \<zero>"
+ using Nz_def xa_def
+ by (metis (mono_tags, lifting) mem_Collect_eq nth_Cons_0)
+ have 1: "Qp_invert [x] = inv x"
+ unfolding Qp_invert_def
+ by (metis \<open>x \<noteq> \<zero>\<close> nth_Cons_0)
+ have 2: "partial_image 1 Qp_invert c \<in> S"
+ using A partial_pullback_memE[of c 1 "Qp_invert" k S]
+ by blast
+ have 3: "inv x # a \<in> S"
+ proof-
+ have 30: "[x] = take 1 c"
+ by (simp add: xa_def)
+ have 31: "a = drop 1 c"
+ by (simp add: xa_def)
+ show ?thesis
+ using 1 30 31 partial_image_def[of 1 "Qp_invert" c] xa_def "2"
+ by metis
+ qed
+ obtain y where y_def: "y \<in> carrier Q\<^sub>p \<and> eval_at_point Q\<^sub>p (inv x # a) P = y [^] n"
+ using 3 P_n_def basic_semialg_set_memE(2)
+ by blast
+ then have 4: "x [^] (nat N) \<otimes> eval_at_point Q\<^sub>p (inv x # a) P
+ = x [^] (nat N) \<otimes> y [^] n"
+ by presburger
+ have 5: "x [^] (nat N) \<otimes> y [^] n = ((x[^]m)\<otimes>y)[^]n"
+ proof-
+ have 50: "x [^] (N) \<otimes> y [^] n = x [^] (m*n) \<otimes> y [^] n"
+ using N_def by blast
+ have 51: "x [^] (m*n) = (x[^]m)[^]n"
+ using Qp_int_nat_pow_pow \<open>x \<noteq> \<zero>\<close> not_nonzero_Qp x_closed
+ by metis
+ have 52: "x [^] (m*n)\<otimes> y [^] n = ((x[^]m) \<otimes> y) [^] n"
+ proof-
+ have 0: "x [^] (m*n)\<otimes> y [^] n= (x[^]m)[^]n \<otimes> (y[^] n)"
+ using "51" by presburger
+ have 1: "(x[^]m)[^]n \<otimes> (y[^] n) = ((x[^]m) \<otimes> y) [^] n"
+ apply(induction n)
+ using Qp.nat_pow_0 Qp.one_closed Qp.r_one apply presburger
+ using x_closed y_def
+ by (metis Qp.nat_pow_distrib Qp.nonzero_closed Qp_int_pow_nonzero \<open>x \<noteq> \<zero>\<close> not_nonzero_Qp)
+ then show ?thesis
+ using "0" by blast
+ qed
+ have 53: "x [^] N = x [^] (nat N)"
+ proof-
+ have "N \<ge> 0"
+ by (metis (full_types) Euclidean_Division.pos_mod_sign N_def P_n_def
+ add_increasing2 int.lless_eq l_def m_def of_nat_0_le_iff of_nat_le_0_iff )
+ then show ?thesis
+ by (metis pow_nat)
+ qed
+ then show ?thesis
+ using 50 52
+ by presburger
+ qed
+ have 6: "x [^] (nat N) \<otimes> eval_at_point Q\<^sub>p (inv x # a) P = ((x[^]m)\<otimes>y)[^]n"
+ using "4" "5"
+ by blast
+ have 7: "eval_at_point Q\<^sub>p c q = ((x[^]m)\<otimes>y)[^]n"
+ proof-
+ have 70: "(insert_at_index a (inv x) 0) = inv x # a"
+ using insert_at_index.simps
+ by (metis (no_types, lifting) append_eq_append_conv2 append_same_eq append_take_drop_id drop0 same_append_eq)
+ have 71: "(insert_at_index a x) 0 = x # a"
+ by simp
+ then show ?thesis using 6 q_def
+ by (metis "70" DiffI \<open>x \<noteq> \<zero>\<close> a_closed empty_iff insert_iff x_closed xa_def)
+ qed
+ have 8: "(x[^]m)\<otimes>y \<in> carrier Q\<^sub>p"
+ proof-
+ have 80: "x[^]m \<in> carrier Q\<^sub>p"
+ using \<open>x \<noteq> \<zero>\<close> x_closed Qp_int_pow_nonzero[of x m] unfolding nonzero_def
+ by blast
+ then show ?thesis
+ using y_def by blast
+ qed
+ then have "c \<in> T"
+ using T_def basic_semialg_set_def "7" c_closed by blast
+ then show ?thesis
+ by (simp add: \<open>c \<in> T\<close> "0")
+ qed
+ qed
+ show "T \<inter> Nz \<subseteq> partial_pullback 1 Qp_invert k S \<inter> Nz"
+ proof fix x assume A: "x \<in> T \<inter> Nz"
+ show " x \<in> partial_pullback 1 Qp_invert k S \<inter> Nz "
+ proof-
+ have " x \<in> partial_pullback 1 Qp_invert k S"
+ proof(rule partial_pullback_memI)
+ show x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>1+k\<^esup>)"
+ using T_def A
+ by (meson IntD1 basic_semialg_set_memE(1))
+ show "Qp_invert (take 1 x) # drop 1 x \<in> S"
+ proof-
+ have 00: "x!0 \<noteq> \<zero>"
+ using A Nz_def
+ by blast
+ then have 0: "Qp_invert (take 1 x) # drop 1 x = inv (x!0) # drop 1 x"
+ unfolding Qp_invert_def
+ by (smt One_nat_def lessI nth_take)
+ have "drop 1 x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ using \<open>x \<in> carrier (Q\<^sub>p\<^bsup>1+k\<^esup>)\<close> cartesian_power_drop by blast
+ obtain a where a_def: "a = (x!0)"
+ by blast
+ have a_closed: "a \<in> carrier Q\<^sub>p"
+ using 00 a_def A Nz_def cartesian_power_car_memE'[of x Q\<^sub>p "Suc k" 0] inv_in_frac(1)
+ by blast
+ have a_nz: "a \<noteq> \<zero>"
+ using a_def Nz_def A
+ by blast
+ obtain b where b_def: "b = drop 1 x"
+ by blast
+ have b_closed: "b \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ using b_def A Nz_def \<open>drop 1 x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)\<close>
+ by blast
+ have abx: "x = a#b"
+ using a_def b_def x_closed
+ by (metis (no_types, lifting) One_nat_def append_Cons append_Nil
+ append_eq_conv_conj cartesian_power_car_memE cartesian_power_decomp
+ lessI nth_take Qp.to_R1_to_R)
+ have 1: "Qp_invert (take 1 x) # drop 1 x = (inv a)#b"
+ using "0" a_def b_def
+ by blast
+ have 22: "eval_at_point Q\<^sub>p (insert_at_index b a 0) q =
+ (a[^] (nat N)) \<otimes> (eval_at_point Q\<^sub>p (insert_at_index b (inv a) 0) P)"
+ using q_def a_closed a_nz b_closed
+ by blast
+ obtain c where c_def: "c \<in> carrier Q\<^sub>p \<and> Qp_ev q x = (c[^]n)"
+ using A T_def unfolding basic_semialg_set_def
+ by blast
+ obtain c' where c'_def: "c' = (inv a)[^]m \<otimes> c"
+ by blast
+ have c'_closed: "c' \<in> carrier Q\<^sub>p"
+ using c_def a_def a_closed a_nz Qp_int_pow_nonzero nonzero_def
+ c'_def inv_in_frac(3) Qp.m_closed Qp.nonzero_closed by presburger
+ have 3: "(eval_at_point Q\<^sub>p ((inv a) # b) P) = (c'[^]n)"
+ proof-
+ have 30: "x = insert_at_index b a 0"
+ using abx
+ by simp
+ have 31: "(c[^]n) =
+ (a[^] (nat N)) \<otimes> (eval_at_point Q\<^sub>p (insert_at_index b (inv a) 0) P)"
+ using 22 30 c_def
+ by blast
+ have 32: "insert_at_index b (inv a) 0 = (inv a) # b"
+ using insert_at_index.simps
+ by (metis drop0 self_append_conv2 take0)
+ have 33: "(c[^]n) =
+ (a[^] (nat N)) \<otimes> (eval_at_point Q\<^sub>p ((inv a) # b) P)"
+ using "31" "32" by presburger
+ have 34: "(inv a) # b \<in> carrier (Q\<^sub>p\<^bsup>1+k\<^esup>)"
+ apply(rule cartesian_power_car_memI'')
+ apply (metis b_closed cartesian_power_car_memE length_Suc_conv plus_1_eq_Suc)
+ using a_closed a_nz b_closed
+ apply (metis One_nat_def inv_in_frac(1) take0 take_Suc_Cons Qp.to_R1_closed)
+ by (metis abx b_closed b_def drop_Cons' not_Cons_self2)
+ have 35: "(eval_at_point Q\<^sub>p ((inv a) # b) P) \<in> carrier Q\<^sub>p"
+ using 34 P_n_def eval_at_point_closed
+ by blast
+ have "inv(a[^] (nat N)) \<otimes> (c[^]n) =
+ inv(a[^] (nat N)) \<otimes> ((a[^] (nat N)) \<otimes> (eval_at_point Q\<^sub>p ((inv a) # b) P))"
+ using 31 "33" by presburger
+ then have 6: "inv(a[^] (nat N)) \<otimes> (c[^]n) =
+ inv(a[^] (nat N)) \<otimes> (a[^] (nat N)) \<otimes> (eval_at_point Q\<^sub>p ((inv a) # b) P)"
+ using 35 monoid.m_assoc[of Q\<^sub>p] Qp.monoid_axioms Qp.nat_pow_closed
+ Qp.nonzero_pow_nonzero a_nz inv_in_frac(1) local.a_closed by presburger
+ have 37:"inv(a[^] (nat N)) \<otimes> (c[^]n) = (eval_at_point Q\<^sub>p ((inv a) # b) P)"
+ proof-
+ have "inv(a[^] (nat N)) \<otimes> (a[^] (nat N)) = \<one> "
+ using a_closed a_nz Qp.nat_pow_closed Qp.nonzero_pow_nonzero field_inv(1)
+ by blast
+ then have "inv(a[^] (nat N)) \<otimes> (c[^]n) =
+ \<one> \<otimes> (eval_at_point Q\<^sub>p ((inv a) # b) P)"
+ using 6 by presburger
+ then show ?thesis using 35 Qp.l_one by blast
+ qed
+ have 38:"(inv a)[^] (nat N) \<otimes> (c[^]n) = (eval_at_point Q\<^sub>p ((inv a) # b) P)"
+ using 37 group.nat_pow_inv[of Q\<^sub>p a "nat N"] a_closed Qp.field_axioms field.field_nat_pow_inv[of Q\<^sub>p]
+ by (metis a_nz)
+ have 39:"((inv a)[^]m) [^] \<^bsub>Q\<^sub>p\<^esub> n \<otimes> (c[^]n) = (eval_at_point Q\<^sub>p ((inv a) # b) P)"
+ using 2 38 monoid.nat_pow_pow[of Q\<^sub>p "inv a" ] N_def
+ by (smt "3" Qp_int_nat_pow_pow a_closed a_nz inv_in_frac(3) of_nat_0_le_iff pow_nat)
+ have 310:"((((inv a)[^]m) \<otimes> c)[^]n) = (eval_at_point Q\<^sub>p ((inv a) # b) P)"
+ proof-
+ have AA: "(inv a)[^]m \<in> carrier Q\<^sub>p"
+ using Qp_int_pow_nonzero nonzero_def a_closed a_nz inv_in_frac(3) Qp.nonzero_closed
+ by presburger
+ have "((inv a)[^]m) [^] \<^bsub>Q\<^sub>p\<^esub> n \<otimes> (c[^]n) = ((((inv a)[^]m) \<otimes> c)[^]n)"
+ using Qp.nat_pow_distrib[of "(inv a)[^]m" c n] a_closed a_def c_def AA by blast
+ then show ?thesis
+ using "39" by blast
+ qed
+ then show ?thesis using c'_def
+ by blast
+ qed
+ have 4: "inv a # b \<in> carrier (Q\<^sub>p\<^bsup>1+k\<^esup>)"
+ by (metis a_closed a_nz add.commute b_closed cartesian_power_cons inv_in_frac(1))
+ then have 5: "((inv a) # b) \<in> S"
+ using 3 P_n_def c'_closed basic_semialg_set_memI[of "(inv a) # b" "1 + k" c' P n]
+ by blast
+ have 6: "Qp_invert (take 1 x) # drop 1 x = inv a # b"
+ using a_def b_def unfolding Qp_invert_def using "1" Qp_invert_def
+ by blast
+ show ?thesis using 5 6
+ by presburger
+ qed
+ qed
+ then show ?thesis
+ using A by blast
+ qed
+ qed
+ qed
+ have 8: "is_semialgebraic (1+k) ((partial_pullback 1 Qp_invert k S) \<inter> Nz)"
+ using "7" Nz_semialg T_semialg intersection_is_semialg
+ by auto
+ have 9: "(partial_pullback 1 Qp_invert k S) - Nz = {xs \<in> carrier (Q\<^sub>p\<^bsup>Suc k\<^esup>). xs!0 = \<zero>} \<inter>S"
+ proof
+ show "partial_pullback 1 Qp_invert k S - Nz \<subseteq> {xs \<in> carrier (Q\<^sub>p\<^bsup>Suc k\<^esup>). xs ! 0 = \<zero>} \<inter> S"
+ proof fix x assume A: " x \<in> partial_pullback 1 Qp_invert k S - Nz"
+ have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>Suc k\<^esup>)"
+ using A
+ by (metis DiffD1 partial_pullback_memE(1) plus_1_eq_Suc)
+ have 1: "take 1 x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ by (metis "0" le_add1 plus_1_eq_Suc take_closed)
+ have 2: "drop 1 x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ using "0" cartesian_power_drop plus_1_eq_Suc
+ by presburger
+ have 3: " x = take 1 x @ drop 1 x "
+ using 0
+ by (metis append_take_drop_id)
+ have 4: "Qp_invert (take 1 x) # drop 1 x \<in> S"
+ using A partial_pullback_memE'[of "take 1 x" 1 "drop 1 x" k x Qp_invert S] 1 2 3
+ by blast
+ have 5: "x!0 = \<zero>"
+ using A 0 Nz_def by blast
+ have 6: "Qp_invert (take 1 x) # drop 1 x = x"
+ proof-
+ have "(take 1 x) =[x!0]"
+ using 0
+ by (metis "1" "3" append_Cons nth_Cons_0 Qp.to_R1_to_R)
+ then have "Qp_invert (take 1 x) = \<zero>"
+ unfolding Qp_invert_def using 5
+ by (metis less_one nth_take)
+ then show ?thesis using 0 5
+ by (metis "3" Cons_eq_append_conv \<open>take 1 x = [x ! 0]\<close> self_append_conv2)
+ qed
+ have "x \<in> S"
+ using 6 4
+ by presburger
+ then show "x \<in> {xs \<in> carrier (Q\<^sub>p\<^bsup>Suc k\<^esup>). xs ! 0 = \<zero>} \<inter> S"
+ using Nz_def A 0
+ by blast
+ qed
+ show "{xs \<in> carrier (Q\<^sub>p\<^bsup>Suc k\<^esup>). xs ! 0 = \<zero>} \<inter> S \<subseteq> partial_pullback 1 Qp_invert k S - Nz"
+ proof fix x assume A: "x \<in> {xs \<in> carrier (Q\<^sub>p\<^bsup>Suc k\<^esup>). xs ! 0 = \<zero>} \<inter> S"
+ have A0: "x \<in> carrier (Q\<^sub>p\<^bsup>Suc k\<^esup>)"
+ using A by blast
+ have A1: "x!0 = \<zero>"
+ using A by blast
+ have A2: "x \<in> S"
+ using A by blast
+ show " x \<in> partial_pullback 1 Qp_invert k S - Nz"
+ proof
+ show "x \<notin> Nz"
+ using Nz_def A1 by blast
+ show " x \<in> partial_pullback 1 Qp_invert k S"
+ proof(rule partial_pullback_memI)
+ show "x \<in> carrier (Q\<^sub>p\<^bsup>1+k\<^esup>)"
+ using A0
+ by (simp add: A0)
+ show "Qp_invert (take 1 x) # drop 1 x \<in> S"
+ proof-
+ have "Qp_invert (take 1 x) = \<zero>"
+ unfolding Qp_invert_def using A0 A1
+ by (metis less_numeral_extra(1) nth_take)
+ then have "Qp_invert (take 1 x) # drop 1 x = x"
+ using A0 A1 A2
+ by (metis (no_types, lifting) Cons_eq_append_conv Qp_invert_def \<open>x \<in> carrier (Q\<^sub>p\<^bsup>1+k\<^esup>)\<close>
+ append_take_drop_id inv_in_frac(2) le_add_same_cancel1 self_append_conv2
+ take_closed Qp.to_R1_to_R Qp.to_R_pow_closed zero_le)
+ then show ?thesis
+ using A2 by presburger
+ qed
+ qed
+ qed
+ qed
+ qed
+ have 10: "is_semialgebraic (1+k) {xs \<in> carrier (Q\<^sub>p\<^bsup>Suc k\<^esup>). xs!0 = \<zero>}"
+ proof-
+ have "{xs \<in> carrier (Q\<^sub>p\<^bsup>Suc k\<^esup>). xs!0 = \<zero>} = V\<^bsub>Q\<^sub>p\<^esub> (Suc k) (pvar Q\<^sub>p 0)"
+ unfolding zero_set_def using eval_pvar[of 0 "Suc k"] Qp.cring_axioms
+ by blast
+ then show ?thesis using
+ is_zero_set_imp_basic_semialg pvar_closed[of 0 "Suc k"] Qp.cring_axioms
+ is_zero_set_imp_semialg plus_1_eq_Suc zero_less_Suc
+ by presburger
+ qed
+ have 11: "is_semialgebraic (1+k) ({xs \<in> carrier (Q\<^sub>p\<^bsup>Suc k\<^esup>). xs!0 = \<zero>} \<inter>S)"
+ using 10 assms basic_semialg_is_semialgebraic intersection_is_semialg
+ by blast
+ have 12: "(partial_pullback 1 Qp_invert k S) = ((partial_pullback 1 Qp_invert k S) \<inter> Nz) \<union>
+ ((partial_pullback 1 Qp_invert k S) - Nz)"
+ by blast
+ have 13: "is_semialgebraic (1+k) ((partial_pullback 1 Qp_invert k S) - Nz)"
+ using 11 9 by metis
+ show ?thesis
+ using 8 12 13
+ by (metis "7" Int_Diff_Un Int_commute plus_1_eq_Suc union_is_semialgebraic)
+qed
+
+lemma Qp_invert_is_semialg:
+"is_semialg_function 1 Qp_invert"
+proof(rule is_semialg_functionI')
+ show 0: "Qp_invert \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ proof fix x
+ assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ then obtain a where a_def: "x = [a]"
+ by (metis Qp.to_R1_to_R)
+ have a_closed: "a \<in> carrier Q\<^sub>p"
+ using a_def A cartesian_power_concat(1) last_closed'
+ by blast
+ show " Qp_invert x \<in> carrier Q\<^sub>p"
+ apply(cases "a = \<zero>")
+ unfolding Qp_invert_def using a_def a_closed
+ apply (meson Qp.to_R_to_R1)
+ by (metis a_closed a_def inv_in_frac(1) Qp.to_R_to_R1)
+ qed
+ show "\<And>k S. S \<in> basic_semialgs (1 + k) \<Longrightarrow> is_semialgebraic (1 + k) (partial_pullback 1 Qp_invert k S)"
+ using Qp_invert_basic_semialg
+ by blast
+qed
+
+lemma Taylor_deg_1_expansion'':
+ assumes "f \<in> carrier Q\<^sub>p_x"
+ assumes "\<And>n. f n \<in> \<O>\<^sub>p"
+ assumes "a \<in> \<O>\<^sub>p "
+ assumes "b \<in> \<O>\<^sub>p"
+ shows "\<exists>c c' c''. c = to_fun f a \<and> c' = deriv f a \<and> c \<in> \<O>\<^sub>p \<and> c' \<in> \<O>\<^sub>p \<and>c'' \<in> \<O>\<^sub>p \<and>
+ to_fun f (b) = c \<oplus> c' \<otimes> (b \<ominus> a) \<oplus> (c'' \<otimes> (b \<ominus> a)[^](2::nat))"
+proof-
+ obtain S where S_def: "S = (Q\<^sub>p \<lparr> carrier := \<O>\<^sub>p \<rparr>)"
+ by blast
+ have 1: "f \<in> carrier (UP S)"
+ unfolding S_def using val_ring_subring UPQ.poly_cfs_subring[of \<O>\<^sub>p f] assms
+ by blast
+ have 2: " f \<in> carrier (UP (Q\<^sub>p\<lparr>carrier := \<O>\<^sub>p\<rparr>))"
+ using val_ring_subring 1 assms poly_cfs_subring[of \<O>\<^sub>p]
+ by blast
+ have 3: "\<exists>c\<in>\<O>\<^sub>p. f \<bullet> b = f \<bullet> a \<oplus> UPQ.deriv f a \<otimes> (b \<ominus> a) \<oplus> c \<otimes> (b \<ominus> a) [^] (2::nat)"
+ using UP_subring_taylor_appr'[of \<O>\<^sub>p f b a] UP_subring_taylor_appr[of \<O>\<^sub>p f b a] val_ring_subring 1 2 assms
+ by blast
+ then show ?thesis
+ using UP_subring_taylor_appr[of \<O>\<^sub>p f b a] assms UP_subring_deriv_closed[of \<O>\<^sub>p f a]
+ UP_subring_eval_closed[of \<O>\<^sub>p f a] 2 val_ring_subring by blast
+qed
+
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Sets Defined by Residues of Valuation Ring Elements\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+sublocale padic_fields < Res: cring "Zp_res_ring (Suc n)"
+ using p_residues residues.cring
+ by blast
+
+context padic_fields
+begin
+
+definition Qp_res where
+"Qp_res x n = to_Zp x n "
+
+lemma Qp_res_closed:
+ assumes "x \<in> \<O>\<^sub>p"
+ shows "Qp_res x n \<in> carrier (Zp_res_ring n)"
+ unfolding Qp_res_def using assms val_ring_memE residue_closed to_Zp_closed by blast
+
+lemma Qp_res_add:
+ assumes "x \<in> \<O>\<^sub>p"
+ assumes "y \<in> \<O>\<^sub>p"
+ shows "Qp_res (x \<oplus> y) n = Qp_res x n \<oplus>\<^bsub>Zp_res_ring n\<^esub> Qp_res y n"
+ unfolding Qp_res_def
+ using assms residue_of_sum to_Zp_add by presburger
+
+lemma Qp_res_mult:
+ assumes "x \<in> \<O>\<^sub>p"
+ assumes "y \<in> \<O>\<^sub>p"
+ shows "Qp_res (x \<otimes> y) n = Qp_res x n \<otimes>\<^bsub>Zp_res_ring n\<^esub> Qp_res y n"
+ unfolding Qp_res_def
+ using assms residue_of_prod to_Zp_mult by presburger
+
+lemma Qp_res_diff:
+ assumes "x \<in> \<O>\<^sub>p"
+ assumes "y \<in> \<O>\<^sub>p"
+ shows "Qp_res (x \<ominus> y) n = Qp_res x n \<ominus>\<^bsub>Zp_res_ring n\<^esub> Qp_res y n"
+ unfolding Qp_res_def
+ using assms residue_of_diff to_Zp_minus
+ by (meson val_ring_res)
+
+lemma Qp_res_zero:
+ shows "Qp_res \<zero> n = 0"
+ unfolding Qp_res_def to_Zp_zero
+ using residue_of_zero(2) by blast
+
+lemma Qp_res_one:
+ assumes "n > 0"
+ shows "Qp_res \<one> n = (1::int)"
+ using assms
+ unfolding Qp_res_def to_Zp_one
+ using residue_of_one(2) by blast
+
+lemma Qp_res_nat_inc:
+ shows "Qp_res ([(n::nat)]\<cdot>\<one>) n = n mod p^n"
+ unfolding Qp_res_def unfolding to_Zp_nat_inc
+ using Zp_nat_inc_res by blast
+
+lemma Qp_res_int_inc:
+ shows "Qp_res ([(k::int)]\<cdot>\<one>) n = k mod p^n"
+ unfolding Qp_res_def unfolding to_Zp_int_inc
+ using Zp_int_inc_res by blast
+
+lemma Qp_poly_res_monom:
+assumes "a \<in> \<O>\<^sub>p"
+assumes "x \<in> \<O>\<^sub>p"
+assumes "Qp_res a n = 0"
+assumes "k > 0"
+shows "Qp_res (up_ring.monom (UP Q\<^sub>p) a k \<bullet> x) n = 0"
+proof-
+ have 0: "up_ring.monom (UP Q\<^sub>p) a k \<bullet> x = a \<otimes> x [^] k"
+ apply(rule UPQ.to_fun_monom[of a x k])
+ using assms val_ring_memE apply blast
+ using assms val_ring_memE by blast
+ have 1: "x[^]k \<in> \<O>\<^sub>p"
+ using assms val_ring_nat_pow_closed by blast
+ show ?thesis unfolding 0
+ using Qp_res_mult[of a "x[^]k" n] assms
+ using "1" residue_times_zero_r by presburger
+qed
+
+lemma Qp_poly_res_zero:
+ assumes "q \<in> carrier (UP Q\<^sub>p)"
+ assumes "\<And>i. q i \<in> \<O>\<^sub>p"
+ assumes "\<And>i. Qp_res (q i) n = 0"
+ assumes "x \<in> \<O>\<^sub>p"
+ shows "Qp_res (q \<bullet> x) n = 0"
+proof-
+ have "(\<forall>i. q i \<in> \<O>\<^sub>p \<and> Qp_res (q i) n = 0) \<longrightarrow> Qp_res (q \<bullet> x) n = 0"
+ proof(rule UPQ.poly_induct[of q], rule assms, rule )
+ fix p assume A: "p \<in> carrier (UP Q\<^sub>p)" " deg Q\<^sub>p p = 0" " \<forall>i. p i \<in> \<O>\<^sub>p \<and> Qp_res (p i) n = 0"
+ have 0: "p \<bullet> x = p 0"
+ using assms
+ by (metis A(1) A(2) val_ring_memE UPQ.ltrm_deg_0 UPQ.to_fun_ctrm)
+ show "Qp_res (p \<bullet> x) n = 0"
+ unfolding 0 using A by blast
+ next
+ fix p
+ assume A0: "(\<And>q. q \<in> carrier (UP Q\<^sub>p) \<Longrightarrow> deg Q\<^sub>p q < deg Q\<^sub>p p \<Longrightarrow> (\<forall>i. q i \<in> \<O>\<^sub>p \<and> Qp_res (q i) n = 0) \<longrightarrow> Qp_res (q \<bullet> x) n = 0)"
+ "p \<in> carrier (UP Q\<^sub>p)" "0 < deg Q\<^sub>p p"
+ show "(\<forall>i. p i \<in> \<O>\<^sub>p \<and> Qp_res (p i) n = 0) \<longrightarrow> Qp_res (p \<bullet> x) n = 0"
+ proof assume A1: " \<forall>i. p i \<in> \<O>\<^sub>p \<and> Qp_res (p i) n = 0"
+ obtain k where k_def: "k = deg Q\<^sub>p p"
+ by blast
+ obtain q where q_def: "q = UPQ.trunc p"
+ by blast
+ have q_closed: "q \<in> carrier (UP Q\<^sub>p)"
+ unfolding q_def
+ using A0(2) UPQ.trunc_closed by blast
+ have q_deg: "deg Q\<^sub>p q < deg Q\<^sub>p p"
+ unfolding q_def
+ using A0(2) A0(3) UPQ.trunc_degree by blast
+ have 9: "\<And>i. i < deg Q\<^sub>p p \<Longrightarrow> q i = p i"
+ unfolding q_def
+ using A0(2) UPQ.trunc_cfs by blast
+ have 90: "\<And>i. \<not> i < deg Q\<^sub>p p \<Longrightarrow> q i = \<zero>"
+ unfolding q_def
+ proof -
+ fix i :: nat
+ assume "\<not> i < deg Q\<^sub>p p"
+ then have "deg Q\<^sub>p q < i"
+ using q_deg by linarith
+ then show "Cring_Poly.truncate Q\<^sub>p p i = \<zero>"
+ using UPQ.deg_gtE q_closed q_def by blast
+ qed
+ have 10: "(\<forall>i. q i \<in> \<O>\<^sub>p \<and> Qp_res (q i) n = 0)"
+ proof fix i
+ show "q i \<in> \<O>\<^sub>p \<and> Qp_res (q i) n = 0"
+ apply(cases "i < deg Q\<^sub>p p")
+ using A1 9[of i] apply presburger
+ unfolding q_def using Qp_res_zero 90
+ by (metis q_def zero_in_val_ring)
+ qed
+ have 11: "Qp_res (q \<bullet> x) n = 0"
+ using 10 A1 A0 q_closed q_deg by blast
+ have 12: "p = q \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> up_ring.monom (UP Q\<^sub>p) (p k) k"
+ unfolding k_def q_def
+ using A0(2) UPQ.trunc_simps(1) by blast
+ have 13: "p \<bullet> x = q \<bullet> x \<oplus> (up_ring.monom (UP Q\<^sub>p) (p k) k) \<bullet> x"
+ proof-
+ have 0: " (q \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> up_ring.monom (UP Q\<^sub>p) (p k) k) \<bullet> x = q \<bullet> x \<oplus> up_ring.monom (UP Q\<^sub>p) (p k) k \<bullet> x"
+ apply(rule UPQ.to_fun_plus)
+ using A0(2) UPQ.ltrm_closed k_def apply blast
+ unfolding q_def apply(rule UPQ.trunc_closed, rule A0)
+ using assms val_ring_memE by blast
+ show ?thesis
+ using 0 12 by metis
+ qed
+ have 14: "(up_ring.monom (UP Q\<^sub>p) (p k) k) \<bullet> x \<in> \<O>\<^sub>p"
+ apply(rule val_ring_poly_eval)
+ using A0(2) UPQ.ltrm_closed k_def apply blast
+ using UPQ.cfs_monom[of "p k" k ] A1 zero_in_val_ring
+ using A0(2) UPQ.ltrm_cfs k_def apply presburger
+ using assms(4) by blast
+ have 15: "Qp_res ((up_ring.monom (UP Q\<^sub>p) (p k) k) \<bullet> x) n = 0"
+ apply(rule Qp_poly_res_monom)
+ using A1 apply blast using assms apply blast
+ using A1 apply blast unfolding k_def using A0 by blast
+ have 16: "Qp_res (q \<bullet> x) n = 0"
+ using A0 10 11 by blast
+ have 17: "q \<bullet> x \<in> \<O>\<^sub>p"
+ apply(rule val_ring_poly_eval, rule q_closed)
+ using 10 apply blast by(rule assms)
+ have 18: "Qp_res (q \<bullet> x \<oplus> (up_ring.monom (UP Q\<^sub>p) (p k) k) \<bullet> x) n = 0"
+ using Qp_res_add[of "q \<bullet> x" "up_ring.monom (UP Q\<^sub>p) (p k) k \<bullet> x" n] 14 17
+ unfolding 15 16
+ by (metis "10" Qp_res_add UPQ.cfs_add UPQ.coeff_of_sum_diff_degree0 q_closed q_deg)
+ show "Qp_res (p \<bullet> x) n = 0"
+ using 13 18 by metis
+ qed
+ qed
+ thus ?thesis using assms by blast
+qed
+
+lemma Qp_poly_res_eval_0:
+ assumes "f \<in> carrier (UP Q\<^sub>p)"
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ assumes "x \<in> \<O>\<^sub>p"
+ assumes "\<And>i. f i \<in> \<O>\<^sub>p"
+ assumes "\<And>i. g i \<in> \<O>\<^sub>p"
+ assumes "\<And>i. Qp_res (f i) n = Qp_res (g i) n"
+ shows "Qp_res (f \<bullet> x) n = Qp_res (g \<bullet> x) n"
+proof-
+ obtain F where F_def: "F = f \<ominus>\<^bsub>UP Q\<^sub>p\<^esub>g"
+ by blast
+ have F_closed: "F \<in> carrier (UP Q\<^sub>p)"
+ unfolding F_def
+ using assms by blast
+ have F_cfs: "\<And>i. F i = (f i) \<ominus> (g i)"
+ unfolding F_def
+ using assms UPQ.cfs_minus by blast
+ have F_cfs_res: "\<And>i. Qp_res (F i) n = Qp_res (f i) n \<ominus>\<^bsub>Zp_res_ring n\<^esub> Qp_res (g i) n"
+ unfolding F_cfs apply(rule Qp_res_diff)
+ using assms apply blast using assms by blast
+ have 0: "\<And>i. Qp_res (f i) n = Qp_res (g i) n"
+ using assms by blast
+ have F_cfs_res': "\<And>i. Qp_res (F i) n = 0"
+ unfolding F_cfs_res 0
+ by (metis diff_self mod_0 residue_minus)
+ have 1: "\<And>i. F i \<in> \<O>\<^sub>p"
+ unfolding F_cfs using assms
+ using val_ring_minus_closed by blast
+ have 2: "Qp_res (F \<bullet> x) n = 0"
+ by(rule Qp_poly_res_zero, rule F_closed, rule 1, rule F_cfs_res', rule assms)
+ have 3: "F \<bullet> x = f \<bullet> x \<ominus> g \<bullet> x"
+ unfolding F_def using assms
+ by (meson assms UPQ.to_fun_diff val_ring_memE)
+ have 4: "Qp_res (F \<bullet> x) n = Qp_res (f \<bullet> x) n \<ominus>\<^bsub>Zp_res_ring n\<^esub> Qp_res (g \<bullet> x) n"
+ unfolding 3 apply(rule Qp_res_diff, rule val_ring_poly_eval, rule assms)
+ using assms apply blast using assms apply blast
+ apply(rule val_ring_poly_eval, rule assms)
+ using assms apply blast by(rule assms)
+ have 5: "f \<bullet> x \<in> \<O>\<^sub>p"
+ apply(rule val_ring_poly_eval, rule assms)
+ using assms apply blast using assms by blast
+ have 6: "g \<bullet> x \<in> \<O>\<^sub>p"
+ apply(rule val_ring_poly_eval, rule assms)
+ using assms apply blast by(rule assms)
+ show "Qp_res (f \<bullet> x) n = Qp_res (g \<bullet> x) n"
+ using 5 6 2 Qp_res_closed[of "f \<bullet> x" n] Qp_res_closed[of "g \<bullet> x" n]
+ unfolding 4
+ proof -
+ assume "Qp_res (f \<bullet> x) n \<ominus>\<^bsub>Zp_res_ring n\<^esub> Qp_res (g \<bullet> x) n = 0"
+ then show ?thesis
+ by (metis (no_types) Qp_res_def 5 6 res_diff_zero_fact(1) residue_of_diff to_Zp_closed val_ring_memE)
+ qed
+qed
+
+lemma Qp_poly_res_eval_1:
+ assumes "f \<in> carrier (UP Q\<^sub>p)"
+ assumes "x \<in> \<O>\<^sub>p"
+ assumes "y \<in> \<O>\<^sub>p"
+ assumes "\<And>i. f i \<in> \<O>\<^sub>p"
+ assumes "Qp_res x n = Qp_res y n"
+ shows "Qp_res (f \<bullet> x) n = Qp_res (f \<bullet> y) n"
+proof-
+ have "(\<forall>i. f i \<in> \<O>\<^sub>p) \<longrightarrow> Qp_res (f \<bullet> x) n = Qp_res (f \<bullet> y) n"
+ apply(rule UPQ.poly_induct[of f], rule assms)
+ proof fix f assume A: "f \<in> carrier (UP Q\<^sub>p)" "deg Q\<^sub>p f = 0" "\<forall>i. f i \<in> \<O>\<^sub>p"
+ show "Qp_res (f \<bullet> x) n = Qp_res (f \<bullet> y) n"
+ proof-
+ obtain a where a_def: "a \<in> carrier Q\<^sub>p \<and> f = to_polynomial Q\<^sub>p a"
+ using assms
+ by (metis A(1) A(2) UPQ.lcf_closed UPQ.to_poly_inverse)
+ have a_eq: "f = to_polynomial Q\<^sub>p a"
+ using a_def by blast
+ have 0: "f \<bullet> x = a"
+ using a_def assms unfolding a_eq
+ by (meson UPQ.to_fun_to_poly val_ring_memE)
+ have 1: "f \<bullet> y = a"
+ using a_def assms unfolding a_eq
+ by (meson UPQ.to_fun_to_poly val_ring_memE)
+ show " Qp_res (f \<bullet> x) n = Qp_res (f \<bullet> y) n"
+ unfolding 0 1 by blast
+ qed
+ next
+ fix f
+ assume A: " (\<And>q. q \<in> carrier (UP Q\<^sub>p) \<Longrightarrow> deg Q\<^sub>p q < deg Q\<^sub>p f \<Longrightarrow> (\<forall>i. q i \<in> \<O>\<^sub>p) \<longrightarrow> Qp_res (q \<bullet> x) n = Qp_res (q \<bullet> y) n)"
+ "f \<in> carrier (UP Q\<^sub>p)" " 0 < deg Q\<^sub>p f"
+ show "(\<forall>i. f i \<in> \<O>\<^sub>p) \<longrightarrow> Qp_res (f \<bullet> x) n = Qp_res (f \<bullet> y) n"
+ proof assume A1: "\<forall>i. f i \<in> \<O>\<^sub>p"
+ obtain q where q_def: "q = UPQ.trunc f"
+ by blast
+ have q_closed: "q \<in> carrier (UP Q\<^sub>p)"
+ using q_def A UPQ.trunc_closed by presburger
+ have q_deg: "deg Q\<^sub>p q < deg Q\<^sub>p f"
+ using q_def A UPQ.trunc_degree by blast
+ have q_cfs: "\<forall>i. q i \<in> \<O>\<^sub>p"
+ proof fix i show "q i \<in> \<O>\<^sub>p"
+ apply(cases "i < deg Q\<^sub>p f")
+ unfolding q_def using A A1 UPQ.trunc_cfs
+ apply presburger
+ using q_deg q_closed
+ proof -
+ assume "\<not> i < deg Q\<^sub>p f"
+ then have "deg Q\<^sub>p f \<le> i"
+ by (meson diff_is_0_eq neq0_conv zero_less_diff)
+ then show "Cring_Poly.truncate Q\<^sub>p f i \<in> \<O>\<^sub>p"
+ by (metis (no_types) UPQ.deg_eqI diff_is_0_eq' le_trans nat_le_linear neq0_conv q_closed q_def q_deg zero_in_val_ring zero_less_diff)
+ qed
+ qed
+ hence 0: "Qp_res (q \<bullet> x) n = Qp_res (q \<bullet> y) n"
+ using A q_closed q_deg by blast
+ have 1: "Qp_res (UPQ.ltrm f \<bullet> x) n = Qp_res (UPQ.ltrm f \<bullet> y) n"
+ proof-
+ have 10: "UPQ.ltrm f \<bullet> x = (f (deg Q\<^sub>p f)) \<otimes> x[^](deg Q\<^sub>p f)"
+ using A assms A1 UPQ.to_fun_monom val_ring_memE by presburger
+ have 11: "UPQ.ltrm f \<bullet> y = (f (deg Q\<^sub>p f)) \<otimes> y[^](deg Q\<^sub>p f)"
+ using A assms A1 UPQ.to_fun_monom val_ring_memE by presburger
+ obtain d where d_def: "d = deg Q\<^sub>p f"
+ by blast
+ have 12: "Qp_res (x[^]d) n = Qp_res (y[^]d) n"
+ apply(induction d)
+ using Qp.nat_pow_0 apply presburger
+ using Qp_res_mult assms Qp.nat_pow_Suc val_ring_nat_pow_closed by presburger
+ hence 13: "Qp_res (x [^] deg Q\<^sub>p f) n = Qp_res (y [^] deg Q\<^sub>p f) n"
+ unfolding d_def by blast
+ have 14: "x [^] deg Q\<^sub>p f \<in> \<O>\<^sub>p"
+ using assms val_ring_nat_pow_closed by blast
+ have 15: "y [^] deg Q\<^sub>p f \<in> \<O>\<^sub>p"
+ using assms val_ring_nat_pow_closed by blast
+ have 16: "Qp_res (f (deg Q\<^sub>p f) \<otimes> x [^] deg Q\<^sub>p f) n = Qp_res (f (deg Q\<^sub>p f)) n \<otimes>\<^bsub>residue_ring (p ^ n)\<^esub> Qp_res (x [^] deg Q\<^sub>p f) n"
+ apply(rule Qp_res_mult[of "f (deg Q\<^sub>p f)" " x[^](deg Q\<^sub>p f)" n])
+ using A1 apply blast by(rule 14)
+ have 17: "Qp_res (f (deg Q\<^sub>p f) \<otimes> y [^] deg Q\<^sub>p f) n = Qp_res (f (deg Q\<^sub>p f)) n \<otimes>\<^bsub>residue_ring (p ^ n)\<^esub> Qp_res (y [^] deg Q\<^sub>p f) n"
+ apply(rule Qp_res_mult[of "f (deg Q\<^sub>p f)" " y[^](deg Q\<^sub>p f)" n])
+ using A1 apply blast by(rule 15)
+ show ?thesis
+ unfolding 10 11 16 17 13 by blast
+ qed
+ have f_decomp: "f = q \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> UPQ.ltrm f"
+ using A unfolding q_def
+ using UPQ.trunc_simps(1) by blast
+ have 2: "f \<bullet> x = q \<bullet> x \<oplus> (UPQ.ltrm f \<bullet> x)"
+ using A f_decomp q_closed q_cfs
+ by (metis val_ring_memE UPQ.ltrm_closed UPQ.to_fun_plus assms(2))
+ have 3: "f \<bullet> y = q \<bullet> y \<oplus> (UPQ.ltrm f \<bullet> y)"
+ using A f_decomp q_closed q_cfs
+ by (metis val_ring_memE UPQ.ltrm_closed UPQ.to_fun_plus assms(3))
+ show 4: " Qp_res (f \<bullet> x) n = Qp_res (f \<bullet> y) n "
+ unfolding 2 3 using assms q_cfs Qp_res_add 0 1
+ by (metis (no_types, opaque_lifting) "2" "3" A(2) A1 Qp_res_def poly_eval_cong)
+ qed
+ qed
+ thus ?thesis using assms by blast
+qed
+
+lemma Qp_poly_res_eval_2:
+ assumes "f \<in> carrier (UP Q\<^sub>p)"
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ assumes "x \<in> \<O>\<^sub>p"
+ assumes "y \<in> \<O>\<^sub>p"
+ assumes "\<And>i. f i \<in> \<O>\<^sub>p"
+ assumes "\<And>i. g i \<in> \<O>\<^sub>p"
+ assumes "\<And>i. Qp_res (f i) n = Qp_res (g i) n"
+ assumes "Qp_res x n = Qp_res y n"
+ shows "Qp_res (f \<bullet> x) n = Qp_res (g \<bullet> y) n"
+proof-
+ have 0: "Qp_res (f \<bullet> x) n = Qp_res (g \<bullet> x) n"
+ using Qp_poly_res_eval_0 assms by blast
+ have 1: "Qp_res (g \<bullet> x) n = Qp_res (g \<bullet> y) n"
+ using Qp_poly_res_eval_1 assms by blast
+ show ?thesis unfolding 0 1 by blast
+qed
+
+definition poly_res_class where
+"poly_res_class n d f = {q \<in> carrier (UP Q\<^sub>p). deg Q\<^sub>p q \<le> d \<and> (\<forall>i. q i \<in> \<O>\<^sub>p \<and> Qp_res (f i) n = Qp_res (q i) n) }"
+
+lemma poly_res_class_closed:
+ assumes "f \<in> carrier (UP Q\<^sub>p)"
+ assumes "g \<in> carrier (UP Q\<^sub>p)"
+ assumes "deg Q\<^sub>p f \<le> d"
+ assumes "deg Q\<^sub>p g \<le> d"
+ assumes "g \<in> poly_res_class n d f"
+ shows "poly_res_class n d f = poly_res_class n d g"
+ unfolding poly_res_class_def
+ apply(rule equalityI)
+apply(rule subsetI)
+ unfolding mem_Collect_eq apply(rule conjI, blast, rule conjI, blast)
+ using assms unfolding poly_res_class_def mem_Collect_eq
+ apply presburger
+apply(rule subsetI) unfolding mem_Collect_eq
+ apply(rule conjI, blast, rule conjI, blast)
+ using assms unfolding poly_res_class_def mem_Collect_eq
+ by presburger
+
+lemma poly_res_class_memE:
+ assumes "f \<in> poly_res_class n d g"
+ shows "f \<in> carrier (UP Q\<^sub>p)"
+ "deg Q\<^sub>p f \<le> d"
+ "f i \<in> \<O>\<^sub>p"
+ "Qp_res (g i) n = Qp_res (f i) n"
+ using assms unfolding poly_res_class_def mem_Collect_eq apply blast
+ using assms unfolding poly_res_class_def mem_Collect_eq apply blast
+ using assms unfolding poly_res_class_def mem_Collect_eq apply blast
+ using assms unfolding poly_res_class_def mem_Collect_eq by blast
+
+definition val_ring_polys where
+"val_ring_polys = {f \<in> carrier (UP Q\<^sub>p). (\<forall>i. f i \<in> \<O>\<^sub>p)} "
+
+lemma val_ring_polys_closed:
+"val_ring_polys \<subseteq> carrier (UP Q\<^sub>p)"
+ unfolding val_ring_polys_def by blast
+
+lemma val_ring_polys_memI:
+ assumes "f \<in> carrier (UP Q\<^sub>p)"
+ assumes "\<And>i. f i \<in> \<O>\<^sub>p"
+ shows "f \<in> val_ring_polys"
+ using assms unfolding val_ring_polys_def by blast
+
+lemma val_ring_polys_memE:
+ assumes "f \<in> val_ring_polys"
+ shows "f \<in> carrier (UP Q\<^sub>p)"
+ "f i \<in> \<O>\<^sub>p"
+ using assms unfolding val_ring_polys_def apply blast
+ using assms unfolding val_ring_polys_def by blast
+
+definition val_ring_polys_grad where
+"val_ring_polys_grad d = {f \<in> val_ring_polys. deg Q\<^sub>p f \<le> d}"
+
+lemma val_ring_polys_grad_closed:
+"val_ring_polys_grad d \<subseteq> val_ring_polys"
+ unfolding val_ring_polys_grad_def by blast
+
+lemma val_ring_polys_grad_closed':
+"val_ring_polys_grad d \<subseteq> carrier (UP Q\<^sub>p)"
+ unfolding val_ring_polys_grad_def val_ring_polys_def by blast
+
+lemma val_ring_polys_grad_memI:
+ assumes "f \<in> carrier (UP Q\<^sub>p)"
+ assumes "\<And>i. f i \<in> \<O>\<^sub>p"
+ assumes "deg Q\<^sub>p f \<le> d"
+ shows "f \<in> val_ring_polys_grad d"
+ using assms unfolding val_ring_polys_grad_def val_ring_polys_def by blast
+
+lemma val_ring_polys_grad_memE:
+ assumes "f \<in> val_ring_polys_grad d"
+ shows "f \<in> carrier (UP Q\<^sub>p)"
+ "deg Q\<^sub>p f \<le> d"
+ "f i \<in> \<O>\<^sub>p"
+ using assms unfolding val_ring_polys_grad_def val_ring_polys_def apply blast
+ using assms unfolding val_ring_polys_grad_def val_ring_polys_def apply blast
+ using assms unfolding val_ring_polys_grad_def val_ring_polys_def by blast
+
+lemma poly_res_classes_in_val_ring_polys_grad:
+ assumes "f \<in> val_ring_polys_grad d"
+ shows "poly_res_class n d f \<subseteq> val_ring_polys_grad d"
+ apply(rule subsetI, rule val_ring_polys_grad_memI)
+ apply(rule poly_res_class_memE[of _ n d f], blast)
+ apply(rule poly_res_class_memE[of _ n d f], blast)
+ by(rule poly_res_class_memE[of _ n d f], blast)
+
+lemma poly_res_class_disjoint:
+ assumes "f \<in> val_ring_polys_grad d"
+ assumes "f \<notin> poly_res_class n d g"
+ shows "poly_res_class n d f \<inter> poly_res_class n d g = {}"
+ apply(rule equalityI)
+ apply(rule subsetI)
+ using assms
+ unfolding poly_res_class_def mem_Collect_eq Int_iff
+ apply (metis val_ring_polys_grad_memE(1) val_ring_polys_grad_memE(2) val_ring_polys_grad_memE(3))
+ by blast
+
+lemma poly_res_class_refl:
+ assumes "f \<in> val_ring_polys_grad d"
+ shows "f \<in> poly_res_class n d f"
+ unfolding poly_res_class_def mem_Collect_eq
+ using assms val_ring_polys_grad_memE(1) val_ring_polys_grad_memE(2) val_ring_polys_grad_memE(3) by blast
+
+lemma poly_res_class_memI:
+ assumes "f \<in> carrier (UP Q\<^sub>p)"
+ assumes "deg Q\<^sub>p f \<le> d"
+ assumes "\<And>i. f i \<in> \<O>\<^sub>p"
+ assumes "\<And>i. Qp_res (f i) n = Qp_res (g i) n"
+ shows "f \<in> poly_res_class n d g"
+ unfolding poly_res_class_def mem_Collect_eq using assms
+ by metis
+
+definition poly_res_classes where
+"poly_res_classes n d = poly_res_class n d ` val_ring_polys_grad d"
+
+lemma poly_res_classes_disjoint:
+ assumes "A \<in> poly_res_classes n d"
+ assumes "B \<in> poly_res_classes n d"
+ assumes "g \<in> A - B"
+ shows "A \<inter> B = {}"
+proof-
+ obtain a where a_def: "a \<in> val_ring_polys_grad d \<and> A = poly_res_class n d a"
+ using assms unfolding poly_res_classes_def by blast
+ obtain b where b_def: "b \<in> val_ring_polys_grad d \<and> B = poly_res_class n d b"
+ using assms unfolding poly_res_classes_def by blast
+ have 0: "\<And>f. f \<in> A \<inter> B \<Longrightarrow> False"
+ proof-
+ fix f assume A: "f \<in> A \<inter> B"
+ have 1: "\<exists>i. Qp_res (g i) n \<noteq> Qp_res (f i) n"
+ proof(rule ccontr)
+ assume B: "\<nexists>i. Qp_res (g i) n \<noteq> Qp_res (f i) n"
+ then have 2: "\<And>i. Qp_res (g i) n = Qp_res (f i) n"
+ by blast
+ have 3: "g \<in> poly_res_class n d a"
+ using a_def assms by blast
+ have 4: "\<And>i. Qp_res (b i) n = Qp_res (f i) n"
+ apply(rule poly_res_class_memE[of _ n d])
+ using assms A b_def by blast
+ have 5: "\<And>i. Qp_res (a i) n = Qp_res (g i) n"
+ apply(rule poly_res_class_memE[of _ n d])
+ using assms A a_def by blast
+ have 6: "g \<in> poly_res_class n d b"
+ apply(rule poly_res_class_memI, rule poly_res_class_memE[of _ n d a], rule 3,
+ rule poly_res_class_memE[of _ n d a], rule 3, rule poly_res_class_memE[of _ n d a], rule 3)
+ unfolding 2 4 by blast
+ show False using 6 b_def assms by blast
+ qed
+ then obtain i where i_def: "Qp_res (g i) n \<noteq> Qp_res (f i) n"
+ by blast
+ have 2: "\<And>i. Qp_res (a i) n = Qp_res (f i) n"
+ apply(rule poly_res_class_memE[of _ n d])
+ using A a_def by blast
+ have 3: "\<And>i. Qp_res (b i) n = Qp_res (f i) n"
+ apply(rule poly_res_class_memE[of _ n d])
+ using A b_def by blast
+ have 4: "\<And>i. Qp_res (a i) n = Qp_res (g i) n"
+ apply(rule poly_res_class_memE[of _ n d])
+ using assms a_def by blast
+ show False using i_def 2 unfolding 4 2 by blast
+ qed
+ show ?thesis using 0 by blast
+qed
+
+definition int_fun_to_poly where
+"int_fun_to_poly (f::nat \<Rightarrow> int) i = [(f i)]\<cdot>\<one>"
+
+lemma int_fun_to_poly_closed:
+ assumes "\<And>i. i > d \<Longrightarrow> f i = 0"
+ shows "int_fun_to_poly f \<in> carrier (UP Q\<^sub>p)"
+ apply(rule UPQ.UP_car_memI[of d])
+ using assms unfolding int_fun_to_poly_def
+ using Qp.int_inc_zero apply presburger
+ by(rule Qp.int_inc_closed)
+
+lemma int_fun_to_poly_deg:
+ assumes "\<And>i. i > d \<Longrightarrow> f i = 0"
+ shows "deg Q\<^sub>p (int_fun_to_poly f) \<le> d"
+ apply(rule UPQ.deg_leqI, rule int_fun_to_poly_closed, rule assms, blast)
+ unfolding int_fun_to_poly_def using assms
+ using Qp.int_inc_zero by presburger
+
+lemma Qp_res_mod_triv:
+ assumes "a \<in> \<O>\<^sub>p"
+ shows "Qp_res a n mod p ^ n = Qp_res a n"
+ using assms Qp_res_closed[of a n]
+ by (meson mod_pos_pos_trivial p_residue_ring_car_memE(1) p_residue_ring_car_memE(2))
+
+lemma int_fun_to_poly_is_class_wit:
+ assumes "f \<in> poly_res_class n d g"
+ shows "(int_fun_to_poly (\<lambda>i::nat. Qp_res (f i) n)) \<in> poly_res_class n d g"
+proof(rule poly_res_class_memI[of ], rule int_fun_to_poly_closed[of d])
+ show 0: "\<And>i. d < i \<Longrightarrow> Qp_res (f i) n = 0"
+ proof- fix i assume A: "d < i"
+ hence 0: "deg Q\<^sub>p f < i"
+ using A assms poly_res_class_memE(2)[of f n d g]
+ by linarith
+ have 1: "f i = \<zero>"
+ using 0 assms poly_res_class_memE[of f n d g]
+ using UPQ.UP_car_memE(2) by blast
+ show "Qp_res (f i) n = 0"
+ unfolding 1 Qp_res_zero by blast
+ qed
+ show "deg Q\<^sub>p (int_fun_to_poly (\<lambda>i. Qp_res (f i) n)) \<le> d"
+ by(rule int_fun_to_poly_deg, rule 0, blast)
+ show "\<And>i. int_fun_to_poly (\<lambda>i. Qp_res (f i) n) i \<in> \<O>\<^sub>p"
+ unfolding int_fun_to_poly_def
+ using Qp.int_mult_closed Qp_val_ringI val_of_int_inc by blast
+ show "\<And>i. Qp_res (int_fun_to_poly (\<lambda>i. Qp_res (f i) n) i) n = Qp_res (g i) n"
+ unfolding int_fun_to_poly_def Qp_res_int_inc
+ using Qp_res_mod_triv assms poly_res_class_memE(4) Qp_res_closed UPQ.cfs_closed
+ by (metis poly_res_class_memE(3))
+qed
+
+lemma finite_support_funs_finite:
+"finite (({..d} \<rightarrow> carrier (Zp_res_ring n)) \<inter> {(f::nat \<Rightarrow> int). \<forall>i > d. f i = 0})"
+proof-
+ have 0: "finite (\<Pi>\<^sub>E i \<in> {..d}.carrier (Zp_res_ring n))"
+ apply(rule finite_PiE, blast)
+ using residue_ring_card[of n] by blast
+ obtain g where g_def: "g = (\<lambda>f. (\<lambda>i::nat. if i \<in> {..d} then f i else (0::int)))"
+ by blast
+ have 1: "g ` (\<Pi>\<^sub>E i \<in> {..d}.carrier (Zp_res_ring n)) = (({..d} \<rightarrow> carrier (Zp_res_ring n)) \<inter> {(f::nat \<Rightarrow> int). \<forall>i > d. f i = 0})"
+ proof(rule equalityI, rule subsetI)
+ fix x assume A: "x \<in> g ` ({..d} \<rightarrow>\<^sub>E carrier (residue_ring (p ^ n)))"
+ obtain f where f_def: "f \<in> (\<Pi>\<^sub>E i \<in> {..d}.carrier (Zp_res_ring n)) \<and> x = g f"
+ using A by blast
+ have x_eq: "x = g f"
+ using f_def by blast
+ show "x \<in> ({..d} \<rightarrow> carrier (residue_ring (p ^ n))) \<inter> {f. \<forall>i>d. f i = 0}"
+ proof(rule, rule)
+ fix i assume A: "i \<in> {..d}"
+ show "x i \<in> carrier (Zp_res_ring n)"
+ proof(cases "i \<in> {..d}")
+ case True
+ then have T0: "f i \<in> carrier (Zp_res_ring n)"
+ using f_def by blast
+ have "x i = f i"
+ unfolding x_eq g_def
+ using True by metis
+ thus ?thesis using T0 by metis
+ next
+ case False
+ then have F0: "x i = 0"
+ unfolding x_eq g_def by metis
+ show ?thesis
+ unfolding F0
+ by (metis residue_mult_closed residue_times_zero_r)
+ qed
+ next
+ show "x \<in> {f. \<forall>i>d. f i = 0}"
+ proof(rule, rule, rule)
+ fix i assume A: "d < i"
+ then have 0: "i \<notin> {..d}"
+ by simp
+ thus "x i = 0"
+ unfolding x_eq g_def
+ by metis
+ qed
+ qed
+ next
+ show "({..d} \<rightarrow> carrier (residue_ring (p ^ n))) \<inter> {f. \<forall>i>d. f i = 0}
+ \<subseteq> g ` ({..d} \<rightarrow>\<^sub>E carrier (residue_ring (p ^ n)))"
+ proof(rule subsetI)
+ fix x
+ assume A: " x \<in> ({..d} \<rightarrow> carrier (residue_ring (p ^ n))) \<inter> {f. \<forall>i>d. f i = 0}"
+ show " x \<in> g ` ({..d} \<rightarrow>\<^sub>E carrier (residue_ring (p ^ n)))"
+ proof-
+ obtain h where h_def: "h = restrict x {..d}"
+ by blast
+ have 0: "\<And>i. i \<in> {..d} \<Longrightarrow> h i = x i"
+ unfolding h_def restrict_apply by metis
+ have 1: "\<And>i. i \<notin> {..d} \<Longrightarrow> h i = undefined"
+ unfolding h_def restrict_apply by metis
+ have 2: "\<And>i. i \<in> {..d} \<Longrightarrow> h i \<in> carrier (Zp_res_ring n)"
+ using A 0 unfolding 0 by blast
+ have 3: "h \<in> {..d} \<rightarrow>\<^sub>E carrier (residue_ring (p ^ n))"
+ by(rule, rule 2, blast, rule 1, blast)
+ have 4: "\<And>i. i \<notin> {..d} \<Longrightarrow> x i = 0"
+ using A unfolding Int_iff mem_Collect_eq
+ by (metis atMost_iff eq_imp_le le_simps(1) linorder_neqE_nat)
+ have 5: "x = g h"
+ proof fix i
+ show "x i = g h i"
+ unfolding g_def
+ apply(cases "i \<in> {..d}")
+ using 0 apply metis unfolding 4
+ by metis
+ qed
+ show ?thesis unfolding 5 using 3 by blast
+ qed
+ qed
+ qed
+ have 2: "finite (g ` (\<Pi>\<^sub>E i \<in> {..d}.carrier (Zp_res_ring n)))"
+ using 0 by blast
+ show ?thesis using 2 unfolding 1 by blast
+qed
+
+lemma poly_res_classes_finite:
+"finite (poly_res_classes n d)"
+proof-
+ have 0: "poly_res_class n d ` int_fun_to_poly ` (({..d} \<rightarrow> carrier (Zp_res_ring n)) \<inter> {(f::nat \<Rightarrow> int). \<forall>i > d. f i = 0}) = poly_res_classes n d"
+ proof(rule equalityI, rule subsetI)
+ fix x assume A: " x \<in> poly_res_class n d ` int_fun_to_poly ` (({..d} \<rightarrow> carrier (residue_ring (p ^ n))) \<inter> {f. \<forall>i>d. f i = 0})"
+ then obtain f where f_def: "f \<in> ({..d} \<rightarrow> carrier (residue_ring (p ^ n))) \<inter> {f. \<forall>i>d. f i = 0} \<and>
+ x = poly_res_class n d (int_fun_to_poly f)"
+ by blast
+ have x_eq: "x = poly_res_class n d (int_fun_to_poly f)"
+ using f_def by blast
+ show "x \<in> poly_res_classes n d"
+ proof-
+ have 0: "int_fun_to_poly f \<in> val_ring_polys_grad d"
+ apply(rule val_ring_polys_grad_memI, rule int_fun_to_poly_closed[of d])
+ using f_def apply blast
+ using int_fun_to_poly_def
+ apply (metis Qp.int_inc_closed padic_fields.int_fun_to_poly_def padic_fields.val_of_int_inc padic_fields_axioms val_ring_memI)
+ apply(rule int_fun_to_poly_deg)
+ using f_def by blast
+ show ?thesis unfolding poly_res_classes_def x_eq
+ using 0 by blast
+ qed
+ next
+ show "poly_res_classes n d
+ \<subseteq> poly_res_class n d `
+ int_fun_to_poly `
+ (({..d} \<rightarrow> carrier (residue_ring (p ^ n))) \<inter>
+ {f. \<forall>i>d. f i = 0})"
+ proof(rule subsetI)
+ fix x assume A: " x \<in> poly_res_classes n d"
+ show "x \<in> poly_res_class n d ` int_fun_to_poly ` (({..d} \<rightarrow> carrier (residue_ring (p ^ n))) \<inter> {f. \<forall>i>d. f i = 0})"
+ proof-
+ obtain f where f_def: "f \<in> val_ring_polys_grad d \<and> x = poly_res_class n d f"
+ using A unfolding poly_res_classes_def by blast
+ have x_eq: "x = poly_res_class n d f"
+ using f_def by blast
+ obtain h where h_def: "h = (\<lambda>i::nat. Qp_res (f i) n)"
+ by blast
+ have 0: "\<And>i. i > d \<Longrightarrow> f i = \<zero>"
+ proof- fix i assume A: "i > d"
+ have "i > deg Q\<^sub>p f"
+ apply(rule le_less_trans[of _ d])
+ using f_def unfolding val_ring_polys_grad_def val_ring_polys_def mem_Collect_eq
+ apply blast
+ by(rule A)
+ then show "f i = \<zero>"
+ using f_def unfolding val_ring_polys_grad_def val_ring_polys_def mem_Collect_eq
+ using UPQ.deg_leE by blast
+ qed
+ have 1: "\<And>i. i > d \<Longrightarrow> h i = 0"
+ unfolding h_def 0 Qp_res_zero by blast
+ have 2: "x = poly_res_class n d (int_fun_to_poly h)"
+ unfolding x_eq
+ apply(rule poly_res_class_closed)
+ using f_def unfolding val_ring_polys_grad_def val_ring_polys_def mem_Collect_eq apply blast
+ apply(rule int_fun_to_poly_closed[of d], rule 1, blast)
+ using f_def unfolding val_ring_polys_grad_def val_ring_polys_def mem_Collect_eq apply blast
+ apply(rule int_fun_to_poly_deg, rule 1, blast)
+ unfolding h_def
+ apply(rule int_fun_to_poly_is_class_wit, rule poly_res_class_refl)
+ using f_def by blast
+ have 3: "h \<in> ({..d} \<rightarrow> carrier (residue_ring (p ^ n))) \<inter> {f. \<forall>i>d. f i = 0}"
+ apply(rule , rule )
+ unfolding h_def apply(rule Qp_res_closed, rule val_ring_polys_grad_memE[of _ d])
+ using f_def apply blast
+ unfolding mem_Collect_eq apply(rule, rule)
+ unfolding 0 Qp_res_zero by blast
+ show ?thesis
+ unfolding 2 using 3 by blast
+ qed
+ qed
+ qed
+ have 1: "finite (poly_res_class n d ` int_fun_to_poly ` (({..d} \<rightarrow> carrier (Zp_res_ring n)) \<inter> {(f::nat \<Rightarrow> int). \<forall>i > d. f i = 0}))"
+ using finite_support_funs_finite by blast
+ show ?thesis using 1 unfolding 0 by blast
+qed
+
+lemma Qp_res_eq_zeroI:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "val a \<ge> n"
+ shows "Qp_res a n = 0"
+proof-
+ have 0: "val_Zp (to_Zp a) \<ge> n"
+ using assms to_Zp_val by presburger
+ have 1: "to_Zp a n = 0"
+ apply(rule zero_below_val_Zp, rule to_Zp_closed)
+ using val_ring_closed assms apply blast
+ by(rule 0)
+ thus ?thesis unfolding Qp_res_def by blast
+qed
+
+lemma Qp_res_eqI:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ assumes "Qp_res (a \<ominus> b) n = 0"
+ shows "Qp_res a n = Qp_res b n"
+ using assms by (metis Qp_res_def val_ring_memE res_diff_zero_fact(1) to_Zp_closed to_Zp_minus)
+
+lemma Qp_res_eqI':
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ assumes "val (a \<ominus> b) \<ge> n"
+ shows "Qp_res a n = Qp_res b n"
+ apply(rule Qp_res_eqI, rule assms, rule assms, rule Qp_res_eq_zeroI)
+ using assms Q\<^sub>p_def Zp_def \<iota>_def padic_fields.val_ring_minus_closed padic_fields_axioms apply blast
+ by(rule assms)
+
+lemma Qp_res_eqE:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ assumes "Qp_res a n = Qp_res b n"
+ shows "val (a \<ominus> b) \<ge> n"
+proof-
+ have 0: "val (a \<ominus> b) = val_Zp (to_Zp a \<ominus>\<^bsub>Z\<^sub>p\<^esub> to_Zp b)"
+ using assms
+ by (metis to_Zp_minus to_Zp_val val_ring_minus_closed)
+ have 1: "(to_Zp a \<ominus>\<^bsub>Z\<^sub>p\<^esub> to_Zp b) n = 0"
+ using assms unfolding Qp_res_def
+ by (meson val_ring_memE res_diff_zero_fact'' to_Zp_closed)
+ have 2: "val_Zp (to_Zp a \<ominus>\<^bsub>Z\<^sub>p\<^esub> to_Zp b) \<ge> n"
+ apply(cases "to_Zp a \<ominus>\<^bsub>Z\<^sub>p\<^esub> to_Zp b = \<zero>\<^bsub>Z\<^sub>p\<^esub>")
+ proof -
+ assume a1: "to_Zp a \<ominus>\<^bsub>Z\<^sub>p\<^esub> to_Zp b = \<zero>\<^bsub>Z\<^sub>p\<^esub>"
+ have "\<forall>n. eint (int n) \<le> val_Zp \<zero>\<^bsub>Z\<^sub>p\<^esub>"
+ by (metis (no_types) Zp.r_right_minus_eq Zp.zero_closed val_Zp_dist_def val_Zp_dist_res_eq2)
+ then show ?thesis
+ using a1 by presburger
+ next
+ assume a1: "to_Zp a \<ominus>\<^bsub>Z\<^sub>p\<^esub> to_Zp b \<noteq> \<zero>\<^bsub>Z\<^sub>p\<^esub>"
+ have 00: "to_Zp a \<ominus>\<^bsub>Z\<^sub>p\<^esub> to_Zp b \<in> carrier Z\<^sub>p"
+ using assms
+ by (meson val_ring_memE Zp.cring_simprules(4) to_Zp_closed)
+ show ?thesis
+ using 1 a1 ord_Zp_geq[of "to_Zp a \<ominus>\<^bsub>Z\<^sub>p\<^esub> to_Zp b" n] 00
+ val_ord_Zp[of "to_Zp a \<ominus>\<^bsub>Z\<^sub>p\<^esub> to_Zp b"] eint_ord_code by metis
+ qed
+ thus ?thesis unfolding 0 by blast
+qed
+
+lemma notin_closed:
+"(\<not> ((c::eint) \<le> x \<and> x \<le> d)) = (x < c \<or> d < x)"
+ by auto
+
+lemma Qp_res_neqI:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ assumes "val (a \<ominus> b) < n"
+ shows "Qp_res a n \<noteq> Qp_res b n"
+ apply(rule ccontr)
+ using Qp_res_eqE[of a b n] assms
+ using notin_closed by blast
+
+lemma Qp_res_equal:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "l = Qp_res a n"
+ shows "Qp_res a n = Qp_res ([l]\<cdot>\<one>) n "
+ unfolding Qp_res_int_inc assms using assms Qp_res_mod_triv by presburger
+
+definition Qp_res_class where
+"Qp_res_class n b = {a \<in> \<O>\<^sub>p. Qp_res a n = Qp_res b n}"
+
+definition Qp_res_classes where
+"Qp_res_classes n = Qp_res_class n ` \<O>\<^sub>p"
+
+lemma val_ring_int_inc_closed:
+"[(k::int)]\<cdot>\<one> \<in> \<O>\<^sub>p"
+proof-
+ have 0: "[(k::int)]\<cdot>\<one> = \<iota> ([(k::int)]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>)"
+ using inc_of_int by blast
+ thus ?thesis
+ by blast
+qed
+
+lemma val_ring_nat_inc_closed:
+"[(k::nat)]\<cdot>\<one> \<in> \<O>\<^sub>p"
+proof-
+ have 0: "[k]\<cdot>\<one> = \<iota> ([k]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>)"
+ using inc_of_nat by blast
+ thus ?thesis
+ by blast
+qed
+
+lemma Qp_res_classes_wits:
+"Qp_res_classes n = (\<lambda>l::int. Qp_res_class n ([l]\<cdot>\<one>)) ` (carrier (Zp_res_ring n))"
+proof-
+ obtain F where F_def: "F = (\<lambda>l::int. Qp_res_class n ([l]\<cdot>\<one>))"
+ by blast
+ have 0: "Qp_res_classes n = F ` (carrier (Zp_res_ring n))"
+ proof(rule equalityI, rule subsetI)
+ fix x assume A: "x \<in> Qp_res_classes n"
+ then obtain a where a_def: "a \<in> \<O>\<^sub>p \<and> x = Qp_res_class n a"
+ unfolding Qp_res_classes_def by blast
+ have 1: "Qp_res a n = Qp_res ([(Qp_res a n)]\<cdot>\<one>) n "
+ apply(rule Qp_res_equal)
+ using a_def apply blast by blast
+ have 2: "Qp_res_class n a = Qp_res_class n ([(Qp_res a n)]\<cdot>\<one>)"
+ unfolding Qp_res_class_def using 1 by metis
+ have 3: "x = Qp_res_class n ([(Qp_res a n)]\<cdot>\<one>)"
+ using a_def unfolding 2 by blast
+ have 4: "a \<in> \<O>\<^sub>p"
+ using a_def by blast
+ show " x \<in> F ` carrier (Zp_res_ring n)"
+ unfolding F_def 3
+ using Qp_res_closed[of a n] 4 by blast
+ next
+ show "F ` carrier (residue_ring (p ^ n)) \<subseteq> Qp_res_classes n"
+ proof(rule subsetI)
+ fix x assume A: "x \<in> F ` (carrier (Zp_res_ring n))"
+ then obtain l where l_def: "l \<in> carrier (Zp_res_ring n) \<and> x = F l"
+ using A by blast
+ have 0: "x = F l"
+ using l_def by blast
+ show "x \<in> Qp_res_classes n"
+ unfolding 0 F_def Qp_res_classes_def using val_ring_int_inc_closed by blast
+ qed
+ qed
+ then show ?thesis unfolding F_def by blast
+qed
+
+lemma Qp_res_classes_finite:
+"finite (Qp_res_classes n)"
+by (metis Qp_res_classes_wits finite_atLeastLessThan_int finite_imageI p_res_ring_car)
+
+definition Qp_cong_set where
+"Qp_cong_set \<alpha> a = {x \<in> \<O>\<^sub>p. to_Zp x \<alpha> = a \<alpha>}"
+
+lemma Qp_cong_set_as_ball:
+ assumes "a \<in> carrier Z\<^sub>p"
+ assumes "a \<alpha> = 0"
+ shows "Qp_cong_set \<alpha> a = B\<^bsub>\<alpha>\<^esub>[\<zero>]"
+proof-
+ have 0: "\<iota> a \<in> carrier Q\<^sub>p"
+ using assms inc_closed[of a] by blast
+ show ?thesis
+ proof
+ show "Qp_cong_set \<alpha> a \<subseteq> B\<^bsub>\<alpha>\<^esub>[\<zero>]"
+ proof fix x assume A: "x \<in> Qp_cong_set \<alpha> a"
+ show "x \<in> B\<^bsub>\<alpha> \<^esub>[\<zero>]"
+ proof(rule c_ballI)
+ show t0: "x \<in> carrier Q\<^sub>p"
+ using A unfolding Qp_cong_set_def
+ using val_ring_memE by blast
+ show "eint (int \<alpha>) \<le> val (x \<ominus> \<zero>)"
+ proof-
+ have t1: "to_Zp x \<alpha> = 0"
+ using A unfolding Qp_cong_set_def
+ by (metis (mono_tags, lifting) assms(2) mem_Collect_eq)
+ have t2: "val_Zp (to_Zp x) \<ge> \<alpha>"
+ apply(cases "to_Zp x = \<zero>\<^bsub>Z\<^sub>p\<^esub>")
+ apply (metis Zp.r_right_minus_eq Zp.zero_closed val_Zp_dist_def val_Zp_dist_res_eq2)
+ using ord_Zp_geq[of "to_Zp x" \<alpha>] A unfolding Qp_cong_set_def
+ by (metis (no_types, lifting) val_ring_memE eint_ord_simps(1) t1 to_Zp_closed to_Zp_def val_ord_Zp)
+ then show ?thesis using A unfolding Qp_cong_set_def mem_Collect_eq
+ using val_ring_memE
+ by (metis Qp_res_eqE Qp_res_eq_zeroI Qp_res_zero to_Zp_val zero_in_val_ring)
+ qed
+ qed
+ qed
+ show "B\<^bsub>int \<alpha>\<^esub>[\<zero>] \<subseteq> Qp_cong_set \<alpha> a"
+ proof fix x assume A: "x \<in> B\<^bsub>int \<alpha>\<^esub>[\<zero>]"
+ then have 0: "val x \<ge> \<alpha>"
+ using assms c_ballE[of x \<alpha> \<zero>]
+ by (smt Qp.minus_closed Qp.r_right_minus_eq Qp_diff_diff)
+ have 1: "to_Zp x \<in> carrier Z\<^sub>p"
+ using A 0 assms c_ballE(1) to_Zp_closed by blast
+ have 2: "x \<in> \<O>\<^sub>p"
+ using 0 A val_ringI c_ballE
+ by (smt Q\<^sub>p_def Zp_def \<iota>_def eint_ord_simps(1) of_nat_0 of_nat_le_0_iff val_ring_ord_criterion padic_fields_axioms val_ord' zero_in_val_ring)
+ then have "val_Zp (to_Zp x) \<ge> \<alpha>"
+ using 0 1 A assms c_ballE[of x \<alpha> \<zero>] to_Zp_val by presburger
+ then have "to_Zp x \<alpha> = 0"
+ using 1 zero_below_val_Zp by blast
+ then show " x \<in> Qp_cong_set \<alpha> a"
+ unfolding Qp_cong_set_def using assms(2) 2
+ by (metis (mono_tags, lifting) mem_Collect_eq)
+ qed
+ qed
+qed
+
+lemma Qp_cong_set_as_ball':
+ assumes "a \<in> carrier Z\<^sub>p"
+ assumes "val_Zp a < eint (int \<alpha>)"
+ shows "Qp_cong_set \<alpha> a = B\<^bsub>\<alpha>\<^esub>[(\<iota> a)]"
+proof
+ show "Qp_cong_set \<alpha> a \<subseteq> B\<^bsub>\<alpha>\<^esub>[\<iota> a]"
+ proof fix x
+ assume A: "x \<in> Qp_cong_set \<alpha> a"
+ then have 0: "to_Zp x \<alpha> = a \<alpha>"
+ unfolding Qp_cong_set_def by blast
+ have 1: "x \<in> \<O>\<^sub>p"
+ using A unfolding Qp_cong_set_def by blast
+ have 2: "to_Zp x \<in> carrier Z\<^sub>p"
+ using 1 val_ring_memE to_Zp_closed by blast
+ have 3: "val_Zp (to_Zp x \<ominus>\<^bsub>Z\<^sub>p\<^esub> a) \<ge> \<alpha>"
+ using 0 assms 2 val_Zp_dist_def val_Zp_dist_res_eq2 by presburger
+ have 4: "val_Zp (to_Zp x \<ominus>\<^bsub>Z\<^sub>p\<^esub> a) > val_Zp a"
+ using 3 assms(2) less_le_trans[of "val_Zp a" "eint (int \<alpha>)" "val_Zp (to_Zp x \<ominus>\<^bsub>Z\<^sub>p\<^esub> a)" ]
+ by blast
+ then have 5: "val_Zp (to_Zp x) = val_Zp a"
+ using assms 2 equal_val_Zp by blast
+ have 7: "val (x \<ominus> (\<iota> a)) \<ge> \<alpha>"
+ using 3 5 1 by (metis "2" Zp.minus_closed assms(1) inc_of_diff to_Zp_inc val_of_inc)
+ then show "x \<in> B\<^bsub>int \<alpha>\<^esub>[\<iota> a]"
+ using c_ballI[of x \<alpha> "\<iota> a"] 1 assms val_ring_memE by blast
+ qed
+ show "B\<^bsub>int \<alpha>\<^esub>[\<iota> a] \<subseteq> Qp_cong_set \<alpha> a"
+ proof fix x
+ assume A: "x \<in> B\<^bsub>int \<alpha>\<^esub>[\<iota> a]"
+ then have 0: "val (x \<ominus> \<iota> a) \<ge> \<alpha>"
+ using c_ballE by blast
+ have 1: "val (\<iota> a) = val_Zp a"
+ using assms Zp_def \<iota>_def padic_fields.val_of_inc padic_fields_axioms
+ by metis
+ then have 2: "val (x \<ominus> \<iota> a) > val (\<iota> a)"
+ using 0 assms less_le_trans[of "val (\<iota> a)" "eint (int \<alpha>)" "val (x \<ominus> \<iota> a)"]
+ by metis
+ have "\<iota> a \<in> carrier Q\<^sub>p"
+ using assms(1) inc_closed by blast
+ then have B: "val x = val (\<iota> a)"
+ using 2 A assms c_ballE(1)[of x \<alpha> "\<iota> a"]
+ by (metis ultrametric_equal_eq)
+ have 3: "val_Zp (to_Zp x) = val_Zp a"
+ by (metis "1" A \<open>val x = val (\<iota> a)\<close> assms(1) c_ballE(1) to_Zp_val val_pos val_ringI)
+ have 4: "val_Zp (to_Zp x \<ominus>\<^bsub>Z\<^sub>p\<^esub> a) \<ge> \<alpha>"
+ using 0 A 3
+ by (metis B Zp.minus_closed assms(1) c_ballE(1) inc_of_diff to_Zp_closed to_Zp_inc val_of_inc val_pos val_ring_val_criterion)
+ then have 5: "to_Zp x \<alpha> = a \<alpha>"
+ by (meson A Zp.minus_closed assms(1) c_ballE(1) res_diff_zero_fact(1) to_Zp_closed zero_below_val_Zp)
+ have 6: "x \<in> \<O>\<^sub>p"
+ proof-
+ have "val x \<ge> 0"
+ using B assms 1 val_pos by presburger
+ then show ?thesis
+ using A c_ballE(1) val_ringI by blast
+ qed
+ then show "x \<in> Qp_cong_set \<alpha> a" unfolding Qp_cong_set_def
+ using "5" by blast
+ qed
+qed
+
+lemma Qp_cong_set_is_univ_semialgebraic:
+ assumes "a \<in> carrier Z\<^sub>p"
+ shows "is_univ_semialgebraic (Qp_cong_set \<alpha> a)"
+proof(cases "a \<alpha> = 0")
+ case True
+ then show ?thesis
+ using ball_is_univ_semialgebraic[of \<zero> \<alpha>] Qp.zero_closed Qp_cong_set_as_ball assms
+ by metis
+next
+ case False
+ then have "\<alpha> \<noteq> 0"
+ using assms residues_closed[of a 0]
+ by (meson p_res_ring_0')
+ then obtain n where n_def: "Suc n = \<alpha>"
+ by (metis lessI less_Suc_eq_0_disj)
+ then have "val_Zp a < eint (int \<alpha>)"
+ using below_val_Zp_zero[of a n]
+ by (smt False assms eint_ile eint_ord_simps(1) eint_ord_simps(2) zero_below_val_Zp)
+ then show ?thesis
+ using ball_is_univ_semialgebraic[of "\<iota> a" \<alpha>] Qp.zero_closed Qp_cong_set_as_ball'[of a \<alpha>] assms
+ inc_closed by presburger
+qed
+
+lemma constant_res_set_semialg:
+ assumes "l \<in> carrier (Zp_res_ring n)"
+ shows "is_univ_semialgebraic {x \<in> \<O>\<^sub>p. Qp_res x n = l}"
+proof-
+ have 0: "{x \<in> \<O>\<^sub>p. Qp_res x n = l} = Qp_cong_set n ([l]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>)"
+ apply(rule equalityI')
+ unfolding mem_Collect_eq Qp_cong_set_def Qp_res_def
+ apply (metis val_ring_memE Zp_int_inc_rep nat_le_linear p_residue_padic_int to_Zp_closed)
+ using assms
+ by (metis Zp_int_inc_res mod_pos_pos_trivial p_residue_ring_car_memE(1) p_residue_ring_car_memE(2))
+ show ?thesis unfolding 0
+ apply(rule Qp_cong_set_is_univ_semialgebraic)
+ by(rule Zp.int_inc_closed)
+qed
+
+end
+
+end
diff --git a/thys/Padic_Field/Padic_Field_Topology.thy b/thys/Padic_Field/Padic_Field_Topology.thy
new file mode 100755
--- /dev/null
+++ b/thys/Padic_Field/Padic_Field_Topology.thy
@@ -0,0 +1,1326 @@
+theory Padic_Field_Topology
+ imports Padic_Fields
+begin
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+section\<open>Topology of $p$-adic Fields\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ In this section we develop some basic properties of the topology on the $p$-adics. Open and
+ closed sets are defined, convex subsets of the value group are characterized.
+\<close>
+type_synonym padic_univ_poly = "nat \<Rightarrow> padic_number"
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>$p$-adic Balls\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+context padic_fields
+begin
+
+definition c_ball :: "int \<Rightarrow> padic_number \<Rightarrow> padic_number set" ("B\<^bsub>_\<^esub>[_]") where
+"c_ball n c = {x \<in> carrier Q\<^sub>p. val (x \<ominus> c) \<ge> n}"
+
+lemma c_ballI:
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes " val (x \<ominus> c) \<ge> n"
+ shows "x \<in> c_ball n c"
+ using assms c_ball_def
+ by blast
+
+lemma c_ballE:
+ assumes "x \<in> c_ball n c"
+ shows "x \<in> carrier Q\<^sub>p"
+ " val (x \<ominus> c) \<ge> n"
+ using assms c_ball_def apply blast
+ using assms c_ball_def by blast
+
+lemma c_ball_in_Qp:
+ "B\<^bsub>n\<^esub>[c] \<subseteq> carrier Q\<^sub>p"
+ unfolding c_ball_def
+ by blast
+
+definition
+q_ball :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> padic_number \<Rightarrow> padic_number set" where
+"q_ball n k m c = {x \<in> carrier Q\<^sub>p. (ac n (x \<ominus> c) = k \<and> (ord (x \<ominus> c)) = m) }"
+
+lemma q_ballI:
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "ac n (x \<ominus> c) = k"
+ assumes "(ord (x \<ominus> c)) = m"
+ shows "x \<in> q_ball n k m c"
+ using assms q_ball_def
+ by blast
+
+lemma q_ballE:
+ assumes "x \<in> q_ball n k m c "
+ shows "x \<in> carrier Q\<^sub>p"
+
+ using assms q_ball_def by blast
+
+lemma q_ballE':
+ assumes "x \<in> q_ball n k m c "
+ shows "ac n (x \<ominus> c) = k"
+ "(ord (x \<ominus> c)) = m"
+ using assms q_ball_def apply blast
+ using assms q_ball_def by blast
+
+lemma q_ball_in_Qp:
+ "q_ball n k m c \<subseteq> carrier Q\<^sub>p"
+ unfolding q_ball_def by blast
+
+lemma ac_ord_prop:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> nonzero Q\<^sub>p"
+ assumes "ord a = ord b"
+ assumes "ord a = n"
+ assumes "ac m a = ac m b"
+ assumes "m > 0"
+ shows "val (a \<ominus> b) \<ge> m + n "
+proof-
+ have 0: "a = (\<pp>[^]n) \<otimes> \<iota> (angular_component a)"
+ using angular_component_factors_x assms(1) assms(4) by blast
+ have 1: "b = (\<pp>[^]n) \<otimes> \<iota> (angular_component b)"
+ using angular_component_factors_x assms(4) assms(2) assms(3)
+ by presburger
+ have 2: "a \<ominus>b = (\<pp>[^]n) \<otimes> \<iota> (angular_component a) \<ominus>
+ (\<pp>[^]n) \<otimes> \<iota> (angular_component b) "
+ using 0 1 by auto
+ have 3: "a \<ominus>b = (\<pp>[^]n) \<otimes>( \<iota> (angular_component a) \<ominus> \<iota> (angular_component b))"
+ proof-
+ have 30: "(\<pp>[^]n) \<in> carrier Q\<^sub>p"
+ by (simp add: p_intpow_closed(1))
+ have 31: " \<iota> (angular_component a) \<in> carrier Q\<^sub>p"
+ using Zp.nonzero_one_closed angular_component_closed assms(1) frac_closed local.inc_def
+ by presburger
+ have 32: " \<iota> (angular_component b) \<in> carrier Q\<^sub>p"
+ using Zp.nonzero_one_closed angular_component_closed assms(2) frac_closed local.inc_def
+ by presburger
+ show ?thesis
+ using 2 30 31 32 ring.ring_simprules(23)[of Q\<^sub>p "(\<pp>[^]n)"]
+ unfolding a_minus_def
+ by (metis Qp.domain_axioms cring.cring_simprules(25) cring.cring_simprules(29)
+ cring.cring_simprules(3) domain.axioms(1))
+ qed
+ have 4: "a \<ominus>b = (\<pp>[^]n) \<otimes>( \<iota> ((angular_component a) \<ominus>\<^bsub>Z\<^sub>p\<^esub> (angular_component b)))"
+ using 3
+ by (simp add: angular_component_closed assms(1) assms(2) inc_of_diff)
+ have 5: "val_Zp ((angular_component a) \<ominus>\<^bsub>Z\<^sub>p\<^esub> (angular_component b)) \<ge> m "
+ proof-
+ have "((angular_component a) \<ominus>\<^bsub>Z\<^sub>p\<^esub> (angular_component b)) m = 0"
+ using assms(5)
+ unfolding ac_def
+ using Q\<^sub>p_def Qp.nonzero_memE(2) angular_component_closed assms(1) assms(2) residue_of_diff'
+ by auto
+ then show ?thesis
+ using Zp.minus_closed angular_component_closed assms(1) assms(2) ord_Zp_geq val_Zp_def val_ord_Zp
+ by auto
+ qed
+ have 6: "val (a \<ominus> b) \<ge> n + val ( \<iota> (angular_component a) \<ominus> \<iota> (angular_component b))"
+ using 3 Qp.minus_closed angular_component_closed assms(1) assms(2) inc_closed
+ ord_p_pow_int p_intpow_closed(1) p_intpow_closed(2) val_mult val_ord
+ by simp
+ have 7: "n + val ( \<iota> (angular_component a) \<ominus> \<iota> (angular_component b))
+ = n + val_Zp ((angular_component a) \<ominus>\<^bsub>Z\<^sub>p\<^esub> (angular_component b))"
+ using Zp.minus_closed angular_component_closed assms(1) assms(2) inc_of_diff val_of_inc
+ by simp
+ have 8: "n + val_Zp ( (angular_component a) \<ominus>\<^bsub>Z\<^sub>p\<^esub>(angular_component b))
+ \<ge> n + m"
+ using 5
+ by (metis add_mono_thms_linordered_semiring(2) plus_eint_simps(1))
+ then have 9: "n + val ( \<iota> (angular_component a) \<ominus> \<iota> (angular_component b))
+ \<ge> n + m"
+ using "7" by presburger
+ then show ?thesis
+ by (metis (no_types, opaque_lifting) "6" add.commute order_trans plus_eint_simps(1))
+qed
+
+lemma c_ball_q_ball:
+ assumes "b \<in> nonzero Q\<^sub>p"
+ assumes "n > 0"
+ assumes "k = ac n b"
+ assumes "c \<in> carrier Q\<^sub>p"
+ assumes "d \<in> q_ball n k m c"
+ shows "q_ball n k m c = c_ball (m + n) d"
+proof
+ show "q_ball n k m c \<subseteq> B\<^bsub>m + int n\<^esub>[d]"
+ proof
+ fix x
+ assume A0: "x \<in> q_ball n k m c"
+ show "x \<in> B\<^bsub>m + int n\<^esub>[d]"
+ proof-
+ have A1: "(ac n (x \<ominus> c) = k \<and> (ord (x \<ominus> c)) = m)"
+ using A0 q_ball_def
+ by blast
+ have "val (x \<ominus> d) \<ge> m + n"
+ proof-
+ have A2: "(ac n (d \<ominus> c) = k \<and> (ord (d \<ominus> c)) = m)"
+ using assms(5) q_ball_def
+ by blast
+ have A3: "(x \<ominus> c) \<in> nonzero Q\<^sub>p"
+ proof-
+ have "k \<noteq>0"
+ using A2 assms(1) assms(3) assms(5) ac_units[of b n]
+ by (metis One_nat_def Suc_le_eq assms(2) zero_not_in_residue_units)
+ then show ?thesis
+ by (smt A0 Qp.domain_axioms ac_def assms(4) cring.cring_simprules(4) domain.axioms(1)
+ mem_Collect_eq not_nonzero_Qp q_ball_def)
+ qed
+ have A4: "(d \<ominus> c) \<in> nonzero Q\<^sub>p"
+ proof-
+ have "k \<noteq>0"
+ using A2 assms(1) assms(3) assms(5) ac_units[of b n]
+ by (metis One_nat_def Suc_le_eq assms(2) zero_not_in_residue_units)
+ then show ?thesis
+ by (metis (no_types, lifting) A2 Qp.domain_axioms ac_def assms(4) assms(5)
+ cring.cring_simprules(4) domain.axioms(1) mem_Collect_eq not_nonzero_Qp q_ball_def)
+ qed
+ then have " val ((x \<ominus> c) \<ominus>(d \<ominus> c)) \<ge> n + m"
+ using ac_ord_prop[of "(x \<ominus> c)" "(d \<ominus> c)" m n ] A1 A2 assms A3
+ by simp
+ then show ?thesis
+ by (smt A0 Qp_diff_diff assms(4) assms(5) q_ballE)
+ qed
+ then show ?thesis
+ by (metis (no_types, lifting) A0 c_ball_def mem_Collect_eq q_ball_def)
+ qed
+ qed
+ show "B\<^bsub>m + int n\<^esub>[d] \<subseteq> q_ball n k m c"
+ proof
+ fix x
+ assume A: "x \<in> B\<^bsub>m + int n\<^esub>[d]"
+ show "x \<in> q_ball n k m c"
+ proof-
+ have A0: "val (x \<ominus> d) \<ge> m + n"
+ using A c_ball_def
+ by blast
+ have A1: "ord (d \<ominus> c) = m"
+ using assms(5) q_ball_def
+ by blast
+ have A2: "ac n (d \<ominus> c) = k"
+ using assms(5) q_ball_def
+ by blast
+ have A3: "(d \<ominus> c) \<noteq> \<zero>"
+ using A2 assms
+ by (metis ac_def ac_units le_eq_less_or_eq le_neq_implies_less less_one nat_le_linear
+ padic_integers.zero_not_in_residue_units padic_integers_def prime zero_less_iff_neq_zero)
+ have A4: "val (d \<ominus> c) =m"
+ by (simp add: A1 A3 val_def)
+ have A5: "val (x \<ominus> d) > val (d \<ominus> c)"
+ by (smt A0 A4 assms(2) eint_ord_code(4) eint_ord_simps(1) eint_ord_simps(2) of_nat_0_less_iff val_def)
+ have A6: "val ((x \<ominus> d) \<oplus> (d \<ominus> c)) = m"
+ using A4 A0 A5
+ by (metis (mono_tags, opaque_lifting) A Qp.minus_closed assms(4) assms(5)
+ c_ballE(1) q_ballE val_ultrametric_noteq)
+ have A7: "val (x \<ominus> c) = m"
+ proof-
+ have "(x \<ominus> d) \<oplus> (d \<ominus> c) = ((x \<ominus> d) \<oplus> d) \<ominus> c"
+ by (metis (no_types, lifting) A Qp.domain_axioms a_minus_def assms(4) assms(5)
+ c_ball_def cring.cring_simprules(3) cring.cring_simprules(4)
+ cring.cring_simprules(7) domain.axioms(1) mem_Collect_eq q_ball_def)
+ have "(x \<ominus> d) \<oplus> (d \<ominus> c) = (x \<oplus> (\<ominus> d \<oplus> d)) \<ominus> c"
+ by (metis (no_types, opaque_lifting) A Qp.add.l_cancel_one Qp.add.m_comm Qp.l_neg
+ Qp.minus_closed Qp.plus_diff_simp Qp.zero_closed assms(4) assms(5)
+ c_ballE(1) q_ballE)
+ then show ?thesis
+ by (metis (no_types, lifting) A A6 Qp.domain_axioms assms(5) c_ball_def
+ cring.cring_simprules(16) cring.cring_simprules(9) domain.axioms(1)
+ mem_Collect_eq q_ball_def)
+ qed
+ have A8: "ac n (x \<ominus> c) = ac n (d \<ominus> c)"
+ proof-
+ have A80: "(x \<ominus> c) \<in> nonzero Q\<^sub>p"
+ by (metis (no_types, lifting) A A4 A5 A7 Qp.domain_axioms
+ assms(4) cring.cring_simprules(4) domain.axioms(1)
+ mem_Collect_eq c_ball_def val_nonzero)
+ have A81: "(d \<ominus> c) \<in> nonzero Q\<^sub>p"
+ by (metis (no_types, lifting) A3 Qp.domain_axioms assms(4) assms(5)
+ cring.cring_simprules(4) domain.axioms(1) mem_Collect_eq not_nonzero_Qp q_ball_def)
+ have A82: "n + m= val (x \<ominus> c) + n"
+ by (simp add: A7)
+ show ?thesis
+ using A0 A4 A7 ac_val[of "(x \<ominus> c)" "(d \<ominus> c)" n] A A80 A81 Qp_diff_diff assms(4) assms(5) c_ballE(1) q_ballE
+ by auto
+ qed
+ show ?thesis using A8 A3 A7 A2 q_ball_def[of n k m c] q_ballI[of x n c k m]
+ by (metis (no_types, lifting) A A4 A5 Qp.minus_closed assms(4) c_ballE(1) eint.inject val_nonzero val_ord)
+ qed
+ qed
+qed
+
+definition is_ball :: "padic_number set \<Rightarrow> bool" where
+"is_ball B = (\<exists>(m::int). \<exists> c \<in> carrier Q\<^sub>p. (B = B\<^bsub>m\<^esub>[c]))"
+
+lemma is_ball_imp_in_Qp:
+ assumes "is_ball B"
+ shows "B \<subseteq> carrier Q\<^sub>p"
+ unfolding is_ball_def
+ using assms c_ball_in_Qp is_ball_def
+ by auto
+
+lemma c_ball_centers:
+ assumes "is_ball B"
+ assumes "B = B\<^bsub>n\<^esub>[c]"
+ assumes "d \<in> B"
+ assumes "c \<in> carrier Q\<^sub>p"
+ shows "B = B\<^bsub>n\<^esub>[d]"
+proof
+ show "B \<subseteq> B\<^bsub>n\<^esub>[d]"
+ proof
+ fix x
+ assume A0: "x \<in> B"
+ have "val (x \<ominus> d) \<ge> n"
+ proof-
+ have A00: "val (x \<ominus> c) \<ge> n"
+ using A0 assms(2) c_ballE(2) by blast
+ have A01: "val (d \<ominus> c) \<ge> n"
+ using assms(2) assms(3) c_ballE(2) by blast
+ then show ?thesis
+ using Qp_isosceles[of x c d "n"] assms A0 A00 c_ballE(1)
+ by blast
+ qed
+ then show "x \<in> B\<^bsub>n\<^esub>[d]"
+ using A0 assms(1) c_ballI is_ball_imp_in_Qp
+ by blast
+ qed
+ show "B\<^bsub>n\<^esub>[d] \<subseteq> B"
+ proof
+ fix x
+ assume "x \<in> B\<^bsub>n\<^esub>[d]"
+ show "x \<in> B"
+ using Qp_isosceles[of x d c "n"]
+ assms
+ unfolding c_ball_def
+ by (metis (no_types, lifting) Qp.domain_axioms Qp_isosceles \<open>x \<in> B\<^bsub>n\<^esub>[d]\<close>
+ a_minus_def assms(2) c_ballE(2) c_ballI cring.cring_simprules(17) domain.axioms(1)
+ c_ballE(1))
+ qed
+qed
+
+lemma c_ball_center_in:
+ assumes "is_ball B"
+ assumes "B = B\<^bsub>n\<^esub>[c]"
+ assumes "c \<in> carrier Q\<^sub>p"
+ shows "c \<in> B"
+ using assms unfolding c_ball_def
+ by (metis (no_types, lifting) Qp.r_right_minus_eq assms(2) c_ballI eint_ord_code(3) local.val_zero)
+
+text \<open>Every point a has a point b of distance exactly n away from it.\<close>
+lemma dist_nonempty:
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "\<exists>b \<in> carrier Q\<^sub>p. val (b \<ominus> a) = eint n"
+proof-
+ obtain b where b_def: "b = (\<pp> [^] n) \<oplus> a"
+ by simp
+ have "val (b \<ominus>a) = n"
+ using b_def assms
+ by (metis (no_types, lifting) Qp.domain_axioms a_minus_def cring.cring_simprules(16)
+ cring.cring_simprules(17) cring.cring_simprules(3) cring.cring_simprules(7)
+ domain.axioms(1) ord_p_pow_int p_intpow_closed(1) p_intpow_closed(2) val_ord)
+ then show ?thesis
+ by (metis Qp.domain_axioms assms b_def cring.cring_simprules(1) domain.axioms(1) p_intpow_closed(1))
+qed
+
+lemma dist_nonempty':
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "\<exists>b \<in> carrier Q\<^sub>p. val (b \<ominus> a) = \<alpha>"
+proof(cases "\<alpha> = \<infinity>")
+ case True
+ then have "val (a \<ominus> a) = \<alpha>"
+ using assms
+ by (metis Qp.r_right_minus_eq local.val_zero)
+ then show ?thesis
+ using assms
+ by blast
+next
+ case False
+ then obtain n where n_def: "eint n = \<alpha>"
+ by blast
+ then show ?thesis
+ using assms dist_nonempty[of a n]
+ by blast
+qed
+
+lemma ball_rad_0:
+ assumes "is_ball B"
+ assumes "B\<^bsub>m\<^esub>[c] \<subseteq> B\<^bsub>n\<^esub>[c]"
+ assumes "c \<in> carrier Q\<^sub>p"
+ shows "n \<le> m"
+proof-
+ obtain b where b_def: "b \<in> carrier Q\<^sub>p \<and> val (b \<ominus>c) = m"
+ by (meson assms(3) dist_nonempty)
+ then have "b \<in> B\<^bsub>n\<^esub>[c]"
+ using assms c_ballI
+ by auto
+
+ then have "m \<ge> n"
+ using Q\<^sub>p_def Zp_def b_def c_ballE(2) padic_integers_axioms
+ by force
+ then show ?thesis
+ by (simp )
+qed
+
+lemma ball_rad:
+ assumes "is_ball B"
+ assumes "B = B\<^bsub>n\<^esub>[c]"
+ assumes "B = B\<^bsub>m\<^esub>[c]"
+ assumes "c \<in> carrier Q\<^sub>p"
+ shows "n = m"
+proof-
+ have 0: "n \<ge>m"
+ using assms ball_rad_0
+ by (metis order_refl)
+ have 1: "m \<ge>n"
+ using assms ball_rad_0
+ by (metis order_refl)
+ show ?thesis
+ using 0 1
+ by auto
+qed
+
+definition radius :: "padic_number set \<Rightarrow> int" ("rad") where
+"radius B = (SOME n. (\<exists>c \<in> carrier Q\<^sub>p . B = B\<^bsub>n\<^esub>[c]))"
+
+lemma radius_of_ball:
+ assumes "is_ball B"
+ assumes "c \<in> B"
+ shows "B = B\<^bsub>rad B\<^esub>[c]"
+proof-
+ obtain d m where d_m_def: "d \<in> carrier Q\<^sub>p \<and> B = B\<^bsub>m\<^esub>[d]"
+ using assms(1) is_ball_def
+ by blast
+ then have "B = B\<^bsub>m\<^esub>[c]"
+ using assms(1) assms(2) c_ball_centers by blast
+ then have "rad B = m"
+ proof-
+ have "\<exists>n. (\<exists>c \<in> carrier Q\<^sub>p . B = B\<^bsub>n\<^esub>[c])"
+ using d_m_def by blast
+ then have "(\<exists>c \<in> carrier Q\<^sub>p . B = B\<^bsub>rad B\<^esub>[c])"
+ using radius_def[of B]
+ by (smt someI_ex)
+ then show ?thesis
+ using radius_def ball_rad[of B m ]
+ by (metis (mono_tags, lifting) \<open>B = B\<^bsub>m\<^esub>[c]\<close> assms(1) assms(2) c_ballE(1) c_ball_centers)
+ qed
+ then show ?thesis
+ using \<open>B = B\<^bsub>m\<^esub>[c]\<close> by blast
+qed
+
+lemma ball_rad':
+ assumes "is_ball B"
+ assumes "B = B\<^bsub>n\<^esub>[c]"
+ assumes "B = B\<^bsub>m\<^esub>[d]"
+ assumes "c \<in> carrier Q\<^sub>p"
+ assumes "d \<in> carrier Q\<^sub>p"
+ shows "n = m"
+ by (metis assms(1) assms(2) assms(3) assms(4) assms(5) ball_rad c_ball_center_in c_ball_centers)
+
+lemma nested_balls:
+ assumes "is_ball B"
+ assumes "B = B\<^bsub>n\<^esub>[c]"
+ assumes "B' = B\<^bsub>m\<^esub>[c]"
+ assumes "c \<in> carrier Q\<^sub>p"
+ assumes "d \<in> carrier Q\<^sub>p"
+ shows "n \<ge>m \<longleftrightarrow> B \<subseteq> B'"
+proof
+ show "m \<le> n \<Longrightarrow> B \<subseteq> B'"
+ proof
+ assume A0: "m \<le>n"
+ then have A0': "m \<le> n"
+ by (simp add: )
+ fix x
+ assume A1: "x \<in> B"
+ show "x \<in> B'"
+ using assms c_ballI[of x m c] A0' A1 c_ballE(2)[of x n c] c_ball_in_Qp
+ by (meson c_ballE(1) dual_order.trans eint_ord_simps(1))
+ qed
+ show "B \<subseteq> B' \<Longrightarrow> m \<le> n"
+ using assms(1) assms(2) assms(3) assms(4) ball_rad_0
+ by blast
+qed
+
+lemma nested_balls':
+ assumes "is_ball B"
+ assumes "is_ball B'"
+ assumes "B \<inter> B' \<noteq> {}"
+ shows "B \<subseteq> B' \<or> B' \<subseteq> B"
+proof-
+ obtain b where b_def: "b \<in> B \<inter> B'"
+ using assms(3) by blast
+ show "B \<subseteq> B' \<or> B' \<subseteq> B"
+ proof-
+ have "\<not> B \<subseteq> B' \<Longrightarrow> B' \<subseteq> B"
+ proof-
+ assume A: "\<not> B \<subseteq> B' "
+ have 0: "B = B\<^bsub>rad B\<^esub>[b]"
+ using assms(1) b_def radius_of_ball by auto
+ have 1: "B' = B\<^bsub>rad B'\<^esub>[b]"
+ using assms(2) b_def radius_of_ball by auto
+ show "B' \<subseteq> B" using 0 1 A nested_balls
+ by (smt IntD2 Q\<^sub>p_def Zp_def assms(1) assms(2) b_def
+ c_ballE(1) padic_integers_axioms)
+ qed
+ then show ?thesis by blast
+ qed
+qed
+
+definition is_bounded:: "padic_number set \<Rightarrow> bool" where
+"is_bounded S = (\<exists>n. \<exists>c \<in> carrier Q\<^sub>p. S \<subseteq> B\<^bsub>n\<^esub>[c] )"
+
+lemma empty_is_bounded:
+"is_bounded {}"
+ unfolding is_bounded_def
+ by blast
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>$p$-adic Open Sets\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+definition is_open:: "padic_number set \<Rightarrow> bool" where
+"is_open U \<equiv> (U \<subseteq> carrier Q\<^sub>p) \<and> (\<forall>c \<in> U. \<exists>n. B\<^bsub>n\<^esub>[c]\<subseteq> U )"
+
+lemma is_openI:
+ assumes "U \<subseteq>carrier Q\<^sub>p"
+ assumes "\<And>c. c \<in> U \<Longrightarrow> \<exists>n. B\<^bsub>n\<^esub>[c]\<subseteq> U"
+ shows "is_open U"
+ by (simp add: assms(1) assms(2) is_open_def)
+
+lemma ball_is_open:
+ assumes "is_ball B"
+ shows "is_open B"
+ by (metis (mono_tags, lifting) assms is_ball_imp_in_Qp is_open_def radius_of_ball subset_iff)
+
+lemma is_open_imp_in_Qp:
+ assumes "is_open U"
+ shows "U \<subseteq> carrier Q\<^sub>p"
+ using assms unfolding is_open_def
+ by linarith
+
+lemma is_open_imp_in_Qp':
+ assumes "is_open U"
+ assumes " x \<in> U"
+ shows "x \<in> carrier Q\<^sub>p"
+ using assms(1) assms(2) is_open_imp_in_Qp
+ by blast
+
+text\<open>
+ Owing to the total disconnectedness of the $p$-adic field, every open set can be decomposed
+ into a disjoint union of balls which are maximal with respect to containment in that set.
+ This unique decomposition is occasionally useful.
+\<close>
+
+definition is_max_ball_of ::"padic_number set \<Rightarrow> padic_number set \<Rightarrow> bool" where
+"is_max_ball_of U B \<equiv> (is_ball B) \<and> (B \<subseteq> U) \<and> (\<forall>B'. ((is_ball B') \<and> (B' \<subseteq> U) \<and> B \<subseteq> B') \<longrightarrow> B' \<subseteq> B)"
+
+lemma is_max_ball_ofI:
+ assumes "U \<subseteq> carrier Q\<^sub>p"
+ assumes "(B\<^bsub>m\<^esub>[c]) \<subseteq> U"
+ assumes "c \<in> carrier Q\<^sub>p"
+ assumes "\<forall>m'. m' < m \<longrightarrow> \<not> B\<^bsub>m'\<^esub>[c] \<subseteq> U"
+ shows "is_max_ball_of U (B\<^bsub>m\<^esub>[c])"
+proof(rule ccontr)
+ assume " \<not> is_max_ball_of U B\<^bsub>m\<^esub>[c]"
+ then have "\<not> (\<forall>B'. is_ball B' \<and> B' \<subseteq> U \<and> B\<^bsub>m\<^esub>[c] \<subseteq> B'\<longrightarrow> B' \<subseteq> B\<^bsub>m\<^esub>[c])"
+ using assms is_max_ball_of_def[of U "B\<^bsub>m\<^esub>[c]" ]
+ unfolding is_ball_def
+ by blast
+ then obtain B' where B'_def: "is_ball B' \<and> B' \<subseteq> U \<and> B\<^bsub>m\<^esub>[c] \<subseteq> B' \<and> \<not> B' \<subseteq> B\<^bsub>m\<^esub>[c]"
+ by auto
+ obtain n where n_def: "B' = B\<^bsub>n\<^esub>[c]"
+ by (meson B'_def assms(3) c_ball_center_in is_ball_def radius_of_ball subset_iff)
+ then show False
+ using assms
+ by (smt B'_def Q\<^sub>p_def Zp_def ball_rad_0 padic_integers_axioms)
+qed
+
+lemma int_prop:
+ fixes P:: "int \<Rightarrow> bool"
+ assumes "P n"
+ assumes "\<forall>m. m \<le>N \<longrightarrow> \<not> P m"
+ shows "\<exists>n. P n \<and> (\<forall>n'. P n'\<longrightarrow> n' \<ge>n)"
+proof-
+ have "n > N"
+ by (meson assms(1) assms(2) not_less)
+ obtain k::nat where k_def: "k = nat (n - N)"
+ by blast
+ obtain l::nat where l_def: "l = (LEAST M. P (N + int M))"
+ by simp
+ have 0: " P (N + int l)"
+ by (metis (full_types) LeastI \<open>N < n\<close> assms(1) l_def zless_iff_Suc_zadd)
+ have 1: "l > 0"
+ using "0" assms(2) of_nat_0_less_iff by fastforce
+ have 2: "\<And>M. M < l \<longrightarrow> \<not> P (N + M)"
+ by (metis Least_le l_def less_le_trans nat_less_le)
+ obtain n where n_def: "n = (N + int l)"
+ by simp
+ have "P n \<and> (\<forall>n'. P n'\<longrightarrow> n' \<ge> n)"
+ proof-
+ have "P n"
+ by (simp add: "0" n_def)
+ have "(\<forall>n'. P n'\<longrightarrow> n' \<ge> n)"
+ proof
+ fix n'
+ show "P n' \<longrightarrow> n \<le> n'"
+ proof
+ assume "P n'"
+ show "n \<le>n'"
+ proof(rule ccontr)
+ assume " \<not> n \<le> n'"
+ then have C: "n' < n"
+ by auto
+ show "False"
+ proof(cases "n' \<ge> N")
+ case True
+ obtain M where M_def: "nat (n' - N) = M"
+ by simp
+ then have M0: "n' = N + int M "
+ using True by linarith
+ have M1: "M < l"
+ using n_def C M0
+ by linarith
+ then show ?thesis using 2 M_def M0 M1
+ using \<open>P n'\<close> by auto
+ next
+ case False
+ then show ?thesis using assms
+ using \<open>P n'\<close> by auto
+ qed
+ qed
+ qed
+ qed
+ then show ?thesis
+ using \<open>P n\<close> by blast
+ qed
+ then show ?thesis by blast
+qed
+
+lemma open_max_ball:
+ assumes "is_open U"
+ assumes "U \<noteq> carrier Q\<^sub>p"
+ assumes "c \<in> U"
+ shows "\<exists>B. is_max_ball_of U B \<and> c \<in> B"
+proof-
+ obtain B where B_def: "is_ball B \<and> B \<subseteq> U \<and> c \<in> B"
+ by (meson assms(1) assms(3) c_ball_center_in is_ball_def is_open_imp_in_Qp' is_open_def padic_integers_axioms)
+ show P: "\<exists>B. is_max_ball_of U B \<and> c \<in> B"
+ proof(rule ccontr)
+ assume C: "\<nexists>B. is_max_ball_of U B \<and> c \<in> B"
+ show False
+ proof-
+ have C': "\<forall>B. c \<in> B \<longrightarrow> \<not> is_max_ball_of U B "
+ using C
+ by auto
+ have C'': "\<forall>N. \<exists>m <N. B\<^bsub>m\<^esub>[c] \<subseteq> U "
+ proof
+ fix N
+ show "\<exists>m<N. B\<^bsub>m\<^esub>[c] \<subseteq> U"
+ proof(rule ccontr)
+ assume A: "\<not> (\<exists>m<N. B\<^bsub>m\<^esub>[c] \<subseteq> U)"
+ obtain P where P_def: "P = (\<lambda> n. \<exists>m<n. B\<^bsub>m\<^esub>[c] \<subseteq> U)"
+ by simp
+ have A0: "\<exists>n. P n"
+ by (metis B_def P_def gt_ex radius_of_ball)
+ have A1: "\<forall>m. m \<le>N \<longrightarrow> \<not> P m"
+ using A P_def by auto
+ have A2: "\<exists>n. P n \<and> (\<forall>n'. P n'\<longrightarrow> n' \<ge>n)"
+ using A0 A1 int_prop
+ by auto
+ obtain n where n_def: " P n \<and> (\<forall>n'. P n'\<longrightarrow> n' \<ge>n)"
+ using A2 by blast
+ have " B\<^bsub>n\<^esub>[c] \<subseteq> U"
+ by (smt B_def P_def c_ball_def is_ball_def mem_Collect_eq n_def nested_balls order_trans)
+ obtain m where m_def: "m < n \<and>B\<^bsub>m\<^esub>[c] \<subseteq> U"
+ using P_def n_def by blast
+ have "m = n-1"
+ proof-
+ have "P (m +1)"
+ using P_def m_def
+ by auto
+ then have "m + 1 \<ge> n"
+ using n_def by blast
+ then show ?thesis using m_def by auto
+ qed
+ have "\<forall>m'. m' < m \<longrightarrow> \<not> B\<^bsub>m'\<^esub>[c] \<subseteq> U"
+ proof
+ fix m'
+ show " m' < m \<longrightarrow> \<not> B\<^bsub>m'\<^esub>[c] \<subseteq> U"
+ proof
+ assume "m' < m"
+ show "\<not> B\<^bsub>m'\<^esub>[c] \<subseteq> U"
+ proof
+ assume "B\<^bsub>m'\<^esub>[c] \<subseteq> U"
+ then have "P (m' + 1)"
+ using P_def by auto
+ have "m'+ 1 < n"
+ using \<open>m = n - 1\<close> \<open>m' < m\<close> by linarith
+ then show False
+ using n_def \<open>P (m' + 1)\<close> by auto
+ qed
+ qed
+ qed
+ then have "is_max_ball_of U B\<^bsub>m\<^esub>[c]"
+ using is_max_ball_ofI assms(1) assms(3) is_open_imp_in_Qp is_open_imp_in_Qp' m_def
+ by presburger
+ then show False
+ using C assms(1) assms(3) c_ball_center_in is_open_imp_in_Qp'
+ is_max_ball_of_def padic_integers_axioms
+ by blast
+ qed
+ qed
+ have "U = carrier Q\<^sub>p"
+ proof
+ show "carrier Q\<^sub>p \<subseteq> U"
+ proof
+ fix x
+ assume "x \<in> carrier Q\<^sub>p"
+ show "x \<in> U"
+ proof(cases "x = c")
+ case True
+ then show ?thesis using assms by auto
+ next
+ case False
+ obtain m where m_def: "eint m = val(x \<ominus> c)"
+ using False
+ by (metis (no_types, opaque_lifting) Qp_diff_diff Qp.domain_axioms \<open>x \<in> carrier Q\<^sub>p\<close> a_minus_def
+ assms(1) assms(3) cring.cring_simprules(16) cring.cring_simprules(17)
+ cring.cring_simprules(4) domain.axioms(1) is_open_imp_in_Qp' val_def val_minus)
+ obtain m' where m'_def: "m' < m \<and> B\<^bsub>m'\<^esub>[c] \<subseteq> U "
+ using C''
+ by blast
+ have "val (x \<ominus> c) \<ge> m'"
+ by (metis eint_ord_simps(1) less_imp_le m'_def m_def)
+ then have "x \<in> B\<^bsub>m'\<^esub>[c]"
+ using \<open>x \<in> carrier Q\<^sub>p\<close> c_ballI by blast
+ then show "x \<in> U"
+ using m'_def by blast
+ qed
+ qed
+ show "U \<subseteq> carrier Q\<^sub>p "
+ using assms
+ by (simp add: is_open_imp_in_Qp)
+ qed
+ then show False using assms by auto
+ qed
+ qed
+qed
+
+definition interior where
+ "interior U = {a. \<exists>B. is_open B \<and> B \<subseteq> U \<and> a \<in> B}"
+
+lemma interior_subset:
+ assumes "U \<subseteq> carrier Q\<^sub>p"
+ shows "interior U \<subseteq> U"
+proof
+ fix x
+ assume "x \<in> interior U"
+ show "x \<in> U"
+ proof-
+ obtain B where B_def: "is_open B \<and> B \<subseteq> U \<and> x \<in> B"
+ using \<open>x \<in> interior U\<close> interior_def
+ by auto
+ then show "x \<in> U"
+ by blast
+ qed
+qed
+
+lemma interior_open:
+ assumes "U \<subseteq> carrier Q\<^sub>p"
+ shows "is_open (interior U)"
+proof(rule is_openI)
+ show "interior U \<subseteq> carrier Q\<^sub>p"
+ using assms interior_subset by blast
+ show "\<And>c. c \<in> interior U \<Longrightarrow> \<exists>n. B\<^bsub>n\<^esub>[c] \<subseteq> interior U"
+ proof-
+ fix c
+ assume "c \<in> interior U"
+ show "\<exists>n. B\<^bsub>n\<^esub>[c] \<subseteq> interior U"
+ proof-
+ obtain B where B_def: "is_open B \<and> B \<subseteq> U \<and> c \<in> B"
+ using \<open>c \<in> interior U\<close> interior_def padic_integers_axioms
+ by auto
+ then show ?thesis
+ proof -
+ obtain ii :: "((nat \<Rightarrow> int) \<times> (nat \<Rightarrow> int)) set \<Rightarrow> ((nat \<Rightarrow> int) \<times> (nat \<Rightarrow> int)) set set \<Rightarrow> int"
+ where
+ "B\<^bsub>ii c B\<^esub>[c] \<subseteq> B"
+ by (meson B_def is_open_def)
+ then show ?thesis
+ using B_def interior_def padic_integers_axioms by auto
+qed
+ qed
+ qed
+qed
+
+lemma interiorI:
+ assumes "W \<subseteq> U"
+ assumes "is_open W"
+ shows "W \<subseteq> interior U"
+ using assms(1) assms(2) interior_def by blast
+
+lemma max_ball_interior:
+ assumes "U \<subseteq> carrier Q\<^sub>p"
+ assumes "is_max_ball_of (interior U) B"
+ shows "is_max_ball_of U B"
+proof(rule ccontr)
+ assume C: " \<not> is_max_ball_of U B"
+ then obtain B' where B'_def: "is_ball B' \<and> B' \<subseteq> U \<and> B \<subseteq> B' \<and> B \<noteq> B'"
+ by (metis (no_types, lifting) assms(1) assms(2) dual_order.trans
+ interior_subset is_max_ball_of_def )
+ then have "B' \<subseteq> interior U"
+ using interior_def padic_integers_axioms ball_is_open
+ by auto
+ then show False using assms B'_def is_max_ball_of_def[of "interior U" "B"]
+ by blast
+qed
+
+lemma ball_in_max_ball:
+ assumes "U \<subseteq> carrier Q\<^sub>p"
+ assumes "U \<noteq> carrier Q\<^sub>p"
+ assumes "c \<in> U"
+ assumes "\<exists>B. B \<subseteq> U \<and> is_ball B \<and> c \<in> B"
+ shows "\<exists>B'. is_max_ball_of U B' \<and> c \<in> B'"
+proof-
+ obtain B where " B \<subseteq> U \<and> is_ball B \<and> c \<in> B"
+ using assms(4)
+ by blast
+ then have 0: "B \<subseteq> interior U"
+ using ball_is_open interior_def by blast
+ have 1: "c \<in> interior U"
+ using "0" \<open>B \<subseteq> U \<and> is_ball B \<and> c \<in> B\<close> by blast
+ then have "\<exists>B'. is_max_ball_of (interior U) B' \<and> c \<in> B'"
+ using open_max_ball[of "interior U" c] assms(1) assms(2) interior_open interior_subset
+ by blast
+ then show ?thesis
+ using assms(1) max_ball_interior
+ by blast
+qed
+
+lemma ball_in_max_ball':
+ assumes "U \<subseteq> carrier Q\<^sub>p"
+ assumes "U \<noteq> carrier Q\<^sub>p"
+ assumes "B \<subseteq> U \<and> is_ball B"
+ shows "\<exists>B'. is_max_ball_of U B' \<and> B \<subseteq> B'"
+proof-
+ obtain c where c_def: "c \<in> B"
+ by (metis assms(3) c_ball_center_in is_ball_def)
+ obtain B' where B'_def: " is_max_ball_of U B' \<and> c \<in> B'"
+ using assms ball_in_max_ball[of U c] c_def
+ by blast
+ then show ?thesis
+ by (meson assms(3) c_def disjoint_iff_not_equal nested_balls'
+ is_max_ball_of_def padic_integers_axioms)
+qed
+
+lemma max_balls_disjoint:
+ assumes "U \<subseteq> carrier Q\<^sub>p"
+ assumes "is_max_ball_of U B"
+ assumes "is_max_ball_of U B'"
+ assumes "B \<noteq>B'"
+ shows "B \<inter> B' = {}"
+ by (meson assms(2) assms(3) assms(4) nested_balls' is_max_ball_of_def
+ padic_integers_axioms subset_antisym)
+
+definition max_balls :: "padic_number set \<Rightarrow> padic_number set set" where
+"max_balls U = {B. is_max_ball_of U B }"
+
+lemma max_balls_interior:
+ assumes "U \<subseteq> carrier Q\<^sub>p"
+ assumes "U \<noteq> carrier Q\<^sub>p"
+ shows "interior U = {x \<in> carrier Q\<^sub>p. (\<exists>B \<in> (max_balls U). x \<in> B)}"
+proof
+ show "interior U \<subseteq> {x \<in> carrier Q\<^sub>p. \<exists>B\<in>max_balls U. x \<in> B}"
+ proof
+ fix x
+ assume A: " x \<in> interior U"
+ show "x \<in> {x \<in> carrier Q\<^sub>p. \<exists>B\<in>max_balls U. x \<in> B}"
+ by (metis (mono_tags, lifting) A assms(1) assms(2) interior_open
+ interior_subset is_open_imp_in_Qp' max_ball_interior max_balls_def
+ mem_Collect_eq open_max_ball subset_antisym)
+ qed
+ show "{x \<in> carrier Q\<^sub>p. \<exists>B\<in>max_balls U. x \<in> B} \<subseteq> interior U"
+ proof
+ fix x
+ assume A: " x \<in> {x \<in> carrier Q\<^sub>p. \<exists>B\<in>max_balls U. x \<in> B} "
+ show "x \<in> interior U"
+ proof-
+ obtain B where B_def: "B\<in>max_balls U \<and> x \<in> B"
+ using A by blast
+ then have "B \<subseteq> interior U"
+ by (metis (no_types, lifting) interior_def is_max_ball_of_def mem_Collect_eq
+ ball_is_open max_balls_def subsetI)
+ then show ?thesis
+ using B_def by blast
+ qed
+ qed
+qed
+
+lemma max_balls_interior':
+ assumes "U \<subseteq> carrier Q\<^sub>p"
+ assumes "U \<noteq> carrier Q\<^sub>p"
+ assumes "B \<in> max_balls U"
+ shows "B \<subseteq> interior U"
+ using assms(1) assms(2) assms(3) is_max_ball_of_def max_balls_interior
+ max_balls_def padic_integers_axioms
+ by auto
+
+lemma max_balls_interior'':
+ assumes "U \<subseteq> carrier Q\<^sub>p"
+ assumes "U \<noteq> carrier Q\<^sub>p"
+ assumes "a \<in> interior U"
+ shows "\<exists>B \<in> max_balls U. a \<in> B"
+ using assms(1) assms(2) assms(3) max_balls_interior
+ by blast
+
+lemma open_interior:
+ assumes "is_open U"
+ shows "interior U = U"
+ unfolding interior_def using assms
+ by blast
+
+lemma interior_idempotent:
+ assumes "U \<subseteq> carrier Q\<^sub>p"
+ shows "interior (interior U) = interior U"
+ using assms interior_open[of U] open_interior[of "interior U"]
+ by auto
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Convex Subsets of the Value Group\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ The content of this section will be useful for defining and reasoning about $p$-adic cells in the
+ proof of Macintyre's theorem. It is proved that every convex set in the extended integers is
+ either an open ray, a closed ray, a closed interval, or a left-closed interval.\<close>
+
+definition is_convex :: "eint set \<Rightarrow> bool" where
+"is_convex A = (\<forall> x \<in> A. \<forall>y \<in> A. \<forall>c. x \<le> c \<and> c \<le> y \<longrightarrow> c \<in> A)"
+
+lemma is_convexI:
+ assumes "\<And>x y c. x \<in> A \<Longrightarrow> y \<in> A \<Longrightarrow> x \<le> c \<and> c \<le>y \<Longrightarrow> c \<in> A"
+ shows "is_convex A"
+ unfolding is_convex_def
+ using assms
+ by blast
+
+lemma is_convexE:
+ assumes "is_convex A"
+ assumes "x \<in> A"
+ assumes "y \<in> A"
+ assumes "x \<le> a"
+ assumes "a \<le> y"
+ shows "a \<in> A"
+ using assms is_convex_def
+ by blast
+
+lemma empty_convex:
+"is_convex {}"
+ apply(rule is_convexI)
+ by blast
+
+lemma UNIV_convex:
+"is_convex UNIV"
+ apply(rule is_convexI)
+ by blast
+
+definition closed_interval ("I[_ _]") where
+ "closed_interval \<alpha> \<beta> = {a . \<alpha> \<le> a \<and> a \<le> \<beta>}"
+
+lemma closed_interval_is_convex:
+ assumes "A = closed_interval \<alpha> \<beta>"
+ shows "is_convex A"
+ apply(rule is_convexI)
+ using assms unfolding closed_interval_def
+ by auto
+
+lemma empty_closed_interval:
+"{} = closed_interval \<infinity> (eint 1)"
+ unfolding closed_interval_def
+ by auto
+
+definition left_closed_interval where
+"left_closed_interval \<alpha> \<beta> = {a . \<alpha> \<le> a \<and> a < \<beta>}"
+
+lemma left_closed_interval_is_convex:
+ assumes "A = left_closed_interval \<alpha> \<beta>"
+ shows "is_convex A"
+ apply(rule is_convexI)
+ using assms unfolding left_closed_interval_def
+ using leD order.trans by auto
+
+definition closed_ray where
+"closed_ray \<alpha> \<beta> = {a . a \<le> \<beta> }"
+
+lemma closed_ray_is_convex:
+ assumes "A = closed_ray \<alpha> \<beta>"
+ shows "is_convex A"
+ apply(rule is_convexI)
+ using assms unfolding closed_ray_def
+ by auto
+
+lemma UNIV_closed_ray:
+"(UNIV::eint set)= closed_ray \<alpha> \<infinity>"
+ unfolding closed_ray_def
+ by simp
+
+definition open_ray :: "eint \<Rightarrow> eint \<Rightarrow> eint set" where
+"open_ray \<alpha> \<beta> = {a . a < \<beta> }"
+
+lemma open_ray_is_convex:
+ assumes "A = open_ray \<alpha> \<beta>"
+ shows "is_convex A"
+ apply(rule is_convexI)
+ using assms unfolding open_ray_def
+ using leD by auto
+
+lemma open_rayE:
+ assumes "a < \<beta>"
+ shows "a \<in> open_ray \<alpha> \<beta>"
+ unfolding open_ray_def using assms
+ by blast
+
+lemma value_group_is_open_ray:
+"UNIV - {\<infinity>} = open_ray \<alpha> \<infinity>"
+proof
+ show "UNIV - {\<infinity>} \<subseteq> open_ray \<alpha> \<infinity>"
+ using open_rayE[of _ \<alpha> "\<infinity>"]
+ by (simp add: open_rayE subset_eq)
+ show "open_ray \<alpha> \<infinity> \<subseteq> UNIV - {\<infinity>}"
+ unfolding open_ray_def
+ by blast
+qed
+
+text\<open>
+ This is a predicate which identifies a certain kind of set-valued function on the extended
+ integers. Convex conditions will be important in the definition of $p$-adic cells later, and
+ it will be proved that every convex set is induced by a convex condition.\<close>
+definition is_convex_condition :: "(eint \<Rightarrow> eint \<Rightarrow> eint set) \<Rightarrow> bool"
+ where "is_convex_condition I \<equiv>
+ I = closed_interval \<or> I = left_closed_interval \<or> I = closed_ray \<or> I = open_ray"
+
+lemma convex_condition_imp_convex:
+ assumes "is_convex_condition I"
+ shows "is_convex (I \<alpha> \<beta>)"
+ using assms
+ unfolding is_convex_condition_def
+ by (meson closed_interval_is_convex closed_ray_is_convex left_closed_interval_is_convex open_ray_is_convex)
+
+lemma bounded_order:
+ assumes "(a::eint) < \<infinity>"
+ assumes "b \<le> a"
+ obtains k::nat where "a = b + k"
+proof-
+ obtain m::int where m_def: "a = m"
+ using assms(1) less_infinityE by blast
+ obtain n::int where n_def: "b = n"
+ using assms(2) eint_ile m_def by blast
+ have 0: "a - b = eint (m - n)"
+ by (simp add: m_def n_def)
+ then have "a = b + nat (m - n)"
+ using assms m_def n_def
+ by simp
+ thus ?thesis
+ using that by blast
+qed
+
+text\<open>Every convex set is given by a convex condition\<close>
+lemma convex_imp_convex_condition:
+ assumes "is_convex A"
+ shows "\<exists> I \<alpha> \<beta>. is_convex_condition I \<and> A = (I \<alpha> \<beta>)"
+proof(cases "\<exists> a \<in> A. \<forall> b \<in> A. a \<le> b")
+ case True
+ then obtain \<alpha> where alpha_def: "\<alpha> \<in> A \<and> (\<forall> b \<in> A. \<alpha> \<le> b)"
+ by blast
+ then show ?thesis
+ proof(cases "\<exists> a \<in> A. \<forall> b \<in> A. b \<le> a")
+ case True
+ then obtain \<beta> where beta_def: "\<beta> \<in> A \<and> (\<forall> b \<in> A. b \<le> \<beta>)"
+ by blast
+ have "A = closed_interval \<alpha> \<beta>"
+ unfolding closed_interval_def
+ using alpha_def beta_def assms is_convexE[of A \<alpha> \<beta>]
+ by blast
+ then show ?thesis
+ using is_convex_condition_def
+ by blast
+ next
+ case False
+ have F0: "\<forall>a. \<alpha> \<le> a \<and> a < \<infinity> \<longrightarrow> a \<in> A"
+ proof(rule ccontr)
+ assume A: "\<not> (\<forall>a. a \<ge> \<alpha> \<and> a < \<infinity> \<longrightarrow> a \<in> A)"
+ then obtain a where a_def: " \<alpha> \<le> a \<and> a < \<infinity> \<and> a \<notin> A"
+ by blast
+ obtain n where n_def: "\<alpha> = eint n"
+ using False alpha_def by force
+ obtain m where m_def: "a = eint m"
+ using a_def less_infinityE by blast
+ have "\<forall>k::nat. \<exists>c. (\<alpha> + eint (int k)) < c \<and> c \<in> A"
+ proof fix k
+ show "\<exists>c>\<alpha> + eint (int k). c \<in> A"
+ apply(induction k)
+ using False alpha_def le_less_linear zero_eint_def apply fastforce
+ proof- fix k
+ assume IH: "\<exists>c>\<alpha> + eint (int k). c \<in> A"
+ then obtain c where c_def: "c>\<alpha> + eint (int k) \<and> c \<in> A"
+ by blast
+ then obtain c' where c'_def: "c' \<in> A \<and> c < c'"
+ using False
+ by (meson le_less_linear)
+ then have "(\<alpha> + eint (int (Suc k))) \<le> c'"
+ proof-
+ have 0: "eint (int (Suc k)) = eint (int k) + eint 1"
+ by simp
+ have "\<alpha> + eint (int k) \<le>c'"
+ by (meson c'_def c_def le_less le_less_trans)
+ then have 1: "(\<alpha> + eint (int k)) < c'"
+ using c'_def c_def le_less_trans
+ by auto
+ have 2: "\<alpha> + eint (int k) + eint 1 = \<alpha> + eint (int (Suc k))"
+ using 0
+ by (simp add: n_def)
+ then show "(\<alpha> + eint (int (Suc k))) \<le> c'"
+ by (metis "1" ileI1 one_eint_def)
+ qed
+ then show "\<exists>c>\<alpha> + eint (int (Suc k)). c \<in> A"
+ using False c'_def not_less by fastforce
+ qed
+ qed
+ obtain k where k_def: "k = a - \<alpha>"
+ using a_def n_def
+ by blast
+ hence "k \<ge> 0"
+ using a_def n_def
+ by (metis alpha_def eint_minus_le le_less)
+ hence 0: "\<exists>n::nat. k = n"
+ using a_def n_def k_def
+ by (metis eint.distinct(2) eint_0_iff(2) eint_add_cancel_fact eint_ord_simps(1) fromeint.cases m_def nonneg_int_cases plus_eint_simps(3))
+ have 1: "a = \<alpha> + k"
+ using k_def a_def n_def
+ by simp
+ then obtain c where "c \<in> A \<and> a < c"
+ by (metis "0" \<open>\<forall>k. \<exists>c>\<alpha> + eint (int k). c \<in> A\<close> the_eint.simps)
+ then have "a \<in> A"
+ using is_convexE[of A \<alpha> a c] a_def alpha_def assms is_convexE
+ by (meson linear not_less)
+ then show False
+ using a_def by blast
+ qed
+ have "A = closed_interval \<alpha> \<infinity> \<or> A = left_closed_interval \<alpha> \<infinity>"
+ apply(cases "\<infinity> \<in> A")
+ using False eint_ord_code(3) apply blast
+ proof-
+ assume A0: "\<infinity> \<notin> A "
+ have "A = left_closed_interval \<alpha> \<infinity>"
+ proof
+ show "A \<subseteq> left_closed_interval \<alpha> \<infinity>"
+ unfolding left_closed_interval_def
+ using alpha_def A0
+ by (metis (mono_tags, lifting) False eint_ord_code(3) le_less_linear less_le_trans mem_Collect_eq subsetI)
+ show "left_closed_interval \<alpha> \<infinity> \<subseteq> A"
+ unfolding left_closed_interval_def
+ using alpha_def A0 F0
+ by blast
+ qed
+ then show ?thesis
+ by blast
+ qed
+ then show ?thesis
+ unfolding is_convex_condition_def
+ by blast
+ qed
+next
+ case False
+ show ?thesis apply(cases "A = {}")
+ using empty_closed_interval is_convex_condition_def apply blast
+ proof-
+ assume A0: "A \<noteq> {}"
+ have "A \<noteq> {\<infinity>}"
+ using False
+ by blast
+ then obtain \<alpha> where alpha_def: "\<alpha> \<in> A \<and> \<alpha> \<noteq>\<infinity>"
+ using A0
+ by fastforce
+ have A1: "\<And>k::nat. \<exists> b \<in> A. b + eint (int k) \<le> \<alpha>"
+ proof- fix k
+ show " \<exists> b \<in> A. b + eint (int k) \<le> \<alpha>"
+ proof(induction k)
+ case 0
+ then have "\<alpha> + eint (int 0) = \<alpha>"
+ by (simp add: zero_eint_def)
+ then show ?case
+ using alpha_def by auto
+ next
+ case (Suc k) fix k
+ assume IH: "\<exists>b\<in>A. \<alpha> \<ge> b + eint (int k)"
+ show "\<exists>b\<in>A. \<alpha> \<ge> b + eint (int (Suc k))"
+ proof-
+ obtain b where b_def: "b \<in> A \<and> \<alpha> \<ge> b + eint (int k)"
+ using IH by blast
+ then obtain c where c_def: "c \<in> A \<and> c < b"
+ using False le_less_linear by blast
+ have 0: "(c + eint (int (Suc k))) < (b + eint (int (Suc k)))"
+ using c_def
+ by simp
+ have 1: "b + eint (int (Suc k)) = (b + eint (int k)) + eint 1"
+ by simp
+ then show ?thesis
+ by (metis "0" b_def c_def eSuc_ile_mono ileI1 le_less one_eint_def)
+ qed
+ qed
+ qed
+ show ?thesis
+ proof(cases "\<exists> a \<in> A. \<forall> b \<in> A. b \<le> a")
+ case True
+ then obtain \<beta> where beta_def: "\<beta> \<in> A \<and> (\<forall> b \<in> A. b \<le> \<beta>)"
+ by blast
+ have "A = closed_ray \<alpha> \<beta>"
+ unfolding closed_ray_def
+ proof
+ show "A \<subseteq> {a. \<beta> \<ge> a}"
+ using assms beta_def
+ by blast
+ show "{a. \<beta> \<ge> a} \<subseteq> A"
+ proof fix x assume "x \<in> {a. \<beta> \<ge> a}"
+ then have 0: "\<beta> \<ge> x" by blast
+ show "x \<in> A"
+ proof(cases "x \<le> \<alpha>")
+ case True
+ obtain n where n_def: "\<alpha>= eint n"
+ using alpha_def
+ by blast
+ obtain m where m_def: "x = eint m"
+ using True eint_ile n_def by blast
+ have 1: "m \<le> n"
+ using True m_def n_def
+ by simp
+ have 2: "eint (int (nat (n - m))) = eint (n - m)"
+ by (simp add: "1")
+ then obtain b where b_def: "b \<in> A \<and> b + eint (n - m) \<le> \<alpha>"
+ using A1[of "nat (n - m)"]
+ by (metis)
+ then have "b + eint (n - m) \<le> x + eint (n - m)"
+ using b_def
+ by (simp add: m_def n_def)
+ then have "b \<le> x"
+ by auto
+ then show ?thesis
+ using "0" assms b_def beta_def is_convex_def
+ by blast
+ next
+ case False
+ then show ?thesis
+ using "0" alpha_def assms beta_def is_convexE
+ by (meson linear)
+ qed
+ qed
+ qed
+ then show ?thesis
+ using is_convex_condition_def
+ by blast
+ next
+ case f: False
+ have F0: "\<forall>a. \<alpha> \<le> a \<and> a < \<infinity> \<longrightarrow> a \<in> A"
+ proof(rule ccontr)
+ assume A: "\<not> (\<forall>a. a \<ge> \<alpha> \<and> a < \<infinity> \<longrightarrow> a \<in> A)"
+ then obtain a where a_def: " \<alpha> \<le> a \<and> a < \<infinity> \<and> a \<notin> A"
+ by blast
+ obtain n where n_def: "\<alpha> = eint n"
+ using alpha_def by blast
+ obtain m where m_def: "a = eint m"
+ using a_def less_infinityE by blast
+ have 0: "\<forall>k::nat. \<exists>c. (\<alpha> + eint (int k)) < c \<and> c \<in> A"
+ proof fix k
+ show "\<exists>c>\<alpha> + eint (int k). c \<in> A"
+ apply(induction k)
+ using alpha_def f le_less_linear apply fastforce
+ proof- fix k
+ assume IH: "\<exists>c>\<alpha> + eint (int k). c \<in> A"
+ then obtain c where c_def: "c>\<alpha> + eint (int k) \<and> c \<in> A"
+ by blast
+ then obtain c' where c'_def: "c' \<in> A \<and> c < c'"
+ using False f le_less_linear by blast
+ then have "(\<alpha> + eint (int (Suc k))) \<le> c'"
+ proof-
+ have 0: "eint (int (Suc k)) = eint (int k) + eint 1"
+ by simp
+ have "\<alpha> + eint (int k) \<le>c'"
+ using c_def c'_def dual_order.strict_trans le_less by blast
+ then have 1: "(\<alpha> + eint (int k)) < c'"
+ using c'_def c_def le_less_trans by auto
+ have 2: "\<alpha> + eint (int k) + eint 1 = \<alpha> + eint (int (Suc k))"
+ using 0 by (simp add: n_def)
+ then show "(\<alpha> + eint (int (Suc k))) \<le> c'"
+ by (metis "1" ileI1 one_eint_def)
+ qed
+ then show "\<exists>c>\<alpha> + eint (int (Suc k)). c \<in> A"
+ using False c'_def
+ by (smt c_def eSuc_eint iadd_Suc_right ileI1 le_less of_nat_Suc)
+ qed
+ qed
+ obtain k::nat where "a = \<alpha> + eint (int k)"
+ using bounded_order a_def
+ by blast
+ then obtain c where "c \<in> A \<and> a <c"
+ using 0 by blast
+ then have "a \<in> A"
+ using is_convexE[of A \<alpha> a c] a_def alpha_def assms is_convexE
+ by (meson linear not_less)
+ then show False
+ using a_def by blast
+ qed
+ have "A = UNIV - {\<infinity>}"
+ proof
+ show "A \<subseteq> UNIV - {\<infinity>}"
+ using f by auto
+ show "UNIV - {\<infinity>} \<subseteq> A"
+ proof fix x ::eint
+ assume A: "x \<in> UNIV - {\<infinity>}"
+ show "x \<in> A"
+ proof(cases "x \<le> \<alpha>")
+ case True
+ obtain k::nat where k_def: "x + k = \<alpha>"
+ by (metis True alpha_def bounded_order eint_ord_simps(4))
+ obtain c where c_def: "c \<in> A \<and> c + k = \<alpha>"
+ by (metis A1 True add.commute alpha_def assms eint_add_left_cancel_le is_convexE k_def not_eint_eq)
+ have "x = c"
+ using k_def c_def
+ by auto
+ thus ?thesis
+ by (simp add: c_def)
+ next
+ case False
+ thus ?thesis
+ using A F0 by auto
+ qed
+ qed
+ qed
+ then show ?thesis
+ by (meson is_convex_condition_def value_group_is_open_ray)
+ qed
+ qed
+qed
+
+lemma ex_val_less:
+ shows "\<exists> (\<alpha>::eint). \<alpha> < \<beta>"
+ apply(induction \<beta>)
+ using eint_ord_simps(2) lt_ex apply blast
+ using eint_ord_simps(4) by blast
+
+lemma ex_dist_less:
+ assumes "c \<in> carrier Q\<^sub>p"
+ shows "\<exists> a \<in> carrier Q\<^sub>p. val (a \<ominus> c) < \<beta>"
+ using ex_val_less[of \<beta>] assms
+ by (metis dist_nonempty' ex_val_less)
+end
+end
\ No newline at end of file
diff --git a/thys/Padic_Field/Padic_Fields.thy b/thys/Padic_Field/Padic_Fields.thy
new file mode 100755
--- /dev/null
+++ b/thys/Padic_Field/Padic_Fields.thy
@@ -0,0 +1,3063 @@
+theory Padic_Fields
+ imports Fraction_Field Padic_Ints.Hensels_Lemma
+
+begin
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+section\<open>Constructing the $p$-adic Valued Field\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ As a field, we can define the field $\mathbb{Q}_p$ immediately as the fraction field of
+ $\mathbb{Z}_p$. The valuation can then be extended from to $\mathbb{Z}_p$ to $\mathbb{Q}_p$ by
+ defining $\text{val}(a/b) = \text{val}\ a - \text{val}\ b$ where $a, b \in \mathbb{Z}_p$. \<close>
+
+(**********************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>A Locale for $p$-adic Fields\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ This section builds a locale for reasoning about general $p$-adic fields for a fixed $p$.
+ The locale fixes constants for the ring of $p$-adic integers ($\mathbb{Z}_p$) and the inclusion
+ map $\iota: \mathbb{Z}_p \to \mathbb{Q}_p$. \<close>
+type_synonym padic_number = "((nat \<Rightarrow> int) \<times> (nat \<Rightarrow> int)) set"
+locale padic_fields=
+fixes Q\<^sub>p:: "_ ring" (structure)
+fixes Z\<^sub>p:: "_ ring" (structure)
+fixes p
+fixes \<iota>
+defines "Z\<^sub>p \<equiv> padic_int p"
+defines "Q\<^sub>p \<equiv> Frac Z\<^sub>p"
+defines "\<iota> \<equiv> domain_frac.inc Z\<^sub>p"
+assumes prime: "prime p"
+
+sublocale padic_fields < Zp?: domain_frac Z\<^sub>p
+ by (simp add: Z\<^sub>p_def domain_frac.intro padic_int_is_domain prime)
+
+sublocale padic_fields < Qp?: ring Q\<^sub>p
+ unfolding Q\<^sub>p_def
+ by (simp add: Fraction_Field.domain_frac_def domain_axioms domain_frac.fraction_field_is_field field.is_ring)
+
+sublocale padic_fields < Qp?: cring Q\<^sub>p
+ unfolding Q\<^sub>p_def
+ by (simp add: Fraction_Field.domain_frac_def domain.axioms(1) domain_axioms domain_frac.fraction_field_is_domain)
+
+sublocale padic_fields < Qp?: field Q\<^sub>p
+ unfolding Q\<^sub>p_def
+ by (simp add: Fraction_Field.domain_frac_def domain_axioms domain_frac.fraction_field_is_field)
+
+sublocale padic_fields < Qp?: domain Q\<^sub>p
+ by (simp add: Qp.domain_axioms)
+
+sublocale padic_fields < padic_integers Z\<^sub>p
+apply (simp add: padic_integers_def prime)
+using Z\<^sub>p_def by auto
+
+sublocale padic_fields < UPQ?: UP_cring Q\<^sub>p "UP Q\<^sub>p"
+ using Qp.is_cring UP_cring_def apply blast
+ by auto
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>The Valuation Ring in $\mathbb{Q}_p$\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ The valuation ring $\mathcal{O}_p$ is the subring of elements in $\mathbb{Q}_p$ with positive
+ valuation. It is an isomorphic copy of $\mathbb{Z}_p$.\<close>
+context padic_fields
+begin
+
+abbreviation \<O>\<^sub>p where
+"\<O>\<^sub>p \<equiv> \<iota> ` carrier Z\<^sub>p"
+
+lemma inc_closed:
+ assumes "a \<in> carrier Z\<^sub>p"
+ shows "\<iota> a \<in> carrier Q\<^sub>p"
+ using Q\<^sub>p_def \<iota>_def assms Zp.inc_is_hom ring_hom_closed
+ by fastforce
+
+lemma inc_is_hom:
+"\<iota> \<in> ring_hom Z\<^sub>p Q\<^sub>p"
+ unfolding Q\<^sub>p_def \<iota>_def
+by(rule Zp.inc_is_hom)
+
+text\<open>An alternate formula of the map $\iota$\<close>
+
+lemma inc_def:
+ assumes "a \<in> carrier Z\<^sub>p"
+ shows "\<iota> a = frac a \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ using assms inc_equation[of a] \<iota>_def by auto
+
+lemma inc_of_nonzero:
+ assumes "a \<in> nonzero Z\<^sub>p"
+ shows "\<iota> a \<in> nonzero Q\<^sub>p"
+ using \<iota>_def assms Q\<^sub>p_def Qp.nonzero_memI
+ Zp.nonzero_closed Zp.nonzero_one_closed frac_closed local.inc_def nonzero_fraction
+ by (metis Zp.nonzero_memE(2) inc_closed inc_inj1)
+
+lemma inc_of_one:
+"\<iota> \<one>\<^bsub>Z\<^sub>p\<^esub> = \<one>"
+ by (simp add: inc_is_hom ring_hom_one)
+
+lemma inc_of_zero:
+"\<iota> \<zero>\<^bsub>Z\<^sub>p\<^esub> = \<zero>"
+ apply(rule ring_hom_zero[of \<iota>], rule inc_is_hom)
+ apply (simp add: Zp.ring_axioms)
+ by (simp add: Qp.ring_axioms)
+
+lemma inc_of_sum:
+ assumes "a \<in> carrier Z\<^sub>p"
+ assumes "b \<in> carrier Z\<^sub>p"
+ shows "\<iota> (a \<oplus>\<^bsub>Z\<^sub>p\<^esub> b) = (\<iota> a) \<oplus> (\<iota> b)"
+by(rule ring_hom_add[of _ Z\<^sub>p], rule inc_is_hom, rule assms, rule assms)
+
+lemma inc_of_prod:
+ assumes "a \<in> carrier Z\<^sub>p"
+ assumes "b \<in> carrier Z\<^sub>p"
+ shows "\<iota> (a \<otimes>\<^bsub>Z\<^sub>p\<^esub> b) = (\<iota> a) \<otimes> (\<iota> b)"
+ by (simp add: assms(1) assms(2) inc_is_hom ring_hom_mult)
+
+lemma inc_pow:
+ assumes "a \<in> nonzero Z\<^sub>p"
+ shows "\<iota> (a[^]\<^bsub>Z\<^sub>p\<^esub>(n::nat)) = (\<iota> a)[^] n"
+ apply(induction n)
+ apply (simp add: inc_of_one)
+ by (simp add: assms inc_of_prod Zp.nonzero_closed)
+
+lemma inc_of_diff:
+ assumes "a \<in> carrier Z\<^sub>p"
+ assumes "b \<in> carrier Z\<^sub>p"
+ shows "\<iota> (a \<ominus>\<^bsub>Z\<^sub>p\<^esub> b) = (\<iota> a) \<ominus> (\<iota> b)"
+ using assms unfolding a_minus_def
+ using inc_is_hom Qp.ring_axioms Q\<^sub>p_def Zp.ring_hom_a_inv inc_of_sum by fastforce
+
+lemma Units_nonzero_Qp:
+assumes "u \<in> Units Q\<^sub>p"
+shows "u \<in> nonzero Q\<^sub>p"
+ by (simp add: Qp.Units_nonzero assms)
+
+lemma Units_eq_nonzero:
+ "Units Q\<^sub>p = nonzero Q\<^sub>p"
+ using frac_nonzero_Units unfolding Q\<^sub>p_def Z\<^sub>p_def
+by blast
+
+lemma Units_inverse_Qp:
+ assumes "u \<in> Units Q\<^sub>p"
+ shows "inv\<^bsub>Q\<^sub>p\<^esub> u \<in> Units Q\<^sub>p"
+ using Q\<^sub>p_def Units_eq_nonzero assms frac_nonzero_inv_Unit by auto
+
+lemma nonzero_inverse_Qp:
+ assumes "u \<in> nonzero Q\<^sub>p"
+ shows "inv\<^bsub>Q\<^sub>p\<^esub> u \<in> nonzero Q\<^sub>p"
+ using Units_eq_nonzero Units_inverse_Qp assms by auto
+
+lemma frac_add:
+ assumes "a \<in> carrier Z\<^sub>p"
+ assumes "b \<in> nonzero Z\<^sub>p"
+ assumes "c \<in> carrier Z\<^sub>p"
+ assumes "d \<in> nonzero Z\<^sub>p"
+ shows "(frac a b) \<oplus> (frac c d) = (frac ((a \<otimes>\<^bsub>Z\<^sub>p\<^esub> d) \<oplus>\<^bsub>Z\<^sub>p\<^esub> (b \<otimes>\<^bsub>Z\<^sub>p\<^esub> c)) (b \<otimes>\<^bsub>Z\<^sub>p\<^esub> d))"
+ by (simp add: Q\<^sub>p_def assms(1) assms(2) assms(3) assms(4) local.frac_add)
+
+lemma frac_add_common_denom:
+ assumes "a \<in> carrier Z\<^sub>p"
+ assumes "b \<in> carrier Z\<^sub>p"
+ assumes "c \<in> nonzero Z\<^sub>p"
+ shows "(frac a c) \<oplus> (frac b c) = frac (a \<oplus>\<^bsub>Z\<^sub>p\<^esub> b) c"
+ by (simp add: Q\<^sub>p_def assms(1) assms(2) assms(3) frac_add_common_denom)
+
+lemma frac_mult:
+ assumes "a \<in> carrier Z\<^sub>p"
+ assumes "b \<in> nonzero Z\<^sub>p"
+ assumes "c \<in> carrier Z\<^sub>p"
+ assumes "d \<in> nonzero Z\<^sub>p"
+ shows "(frac a b) \<otimes> (frac c d) = (frac (a \<otimes>\<^bsub>Z\<^sub>p\<^esub> c) (b \<otimes>\<^bsub>Z\<^sub>p\<^esub> d))"
+ by (simp add: Q\<^sub>p_def assms(1) assms(2) assms(3) assms(4) frac_mult)
+
+lemma frac_one:
+ assumes "a \<in> nonzero Z\<^sub>p"
+ shows "frac a a = \<one>"
+ by (simp add: Q\<^sub>p_def assms frac_one)
+
+lemma frac_closed:
+ assumes "a \<in> carrier Z\<^sub>p"
+ assumes "b \<in> nonzero Z\<^sub>p"
+ shows "frac a b \<in> carrier Q\<^sub>p"
+ by (simp add: Q\<^sub>p_def assms(1) assms(2) frac_closed)
+
+lemma inv_in_frac:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "a \<noteq>\<zero>"
+ shows "inv\<^bsub>Q\<^sub>p\<^esub> a \<in> carrier Q\<^sub>p"
+ "inv\<^bsub>Q\<^sub>p\<^esub> a \<noteq>\<zero>"
+ "inv\<^bsub>Q\<^sub>p\<^esub> a \<in> nonzero Q\<^sub>p"
+ apply (simp add: assms(1) assms(2) field_inv(3))
+ using assms(1) assms(2) field_inv(1) apply fastforce
+ using Qp.not_nonzero_memE assms(1) assms(2) nonzero_inverse_Qp by blast
+
+lemma nonzero_numer_imp_nonzero_fraction:
+ assumes "a \<in> nonzero Z\<^sub>p"
+ assumes "b \<in> nonzero Z\<^sub>p"
+ shows "frac a b \<noteq> \<zero>"
+ by (simp add: Q\<^sub>p_def assms(1) assms(2) nonzero_fraction)
+
+lemma nonzero_fraction_imp_numer_not_zero:
+ assumes "a \<in> carrier Z\<^sub>p"
+ assumes "b \<in> nonzero Z\<^sub>p"
+ assumes "frac a b \<noteq> \<zero>"
+ shows "a \<noteq> \<zero>\<^bsub>Z\<^sub>p\<^esub>"
+ using assms fraction_zero Q\<^sub>p_def by blast
+
+lemma nonzero_fraction_imp_nonzero_numer:
+ assumes "a \<in> carrier Z\<^sub>p"
+ assumes "b \<in> nonzero Z\<^sub>p"
+ assumes "frac a b \<noteq> \<zero>"
+ shows "a \<in> nonzero Z\<^sub>p"
+ using assms(1) assms(2) assms(3) nonzero_fraction_imp_numer_not_zero not_nonzero_Zp by blast
+
+lemma(in padic_fields) frac_inv_id:
+ assumes "a \<in> nonzero Z\<^sub>p"
+ assumes "b \<in> nonzero Z\<^sub>p"
+ assumes "c \<in> nonzero Z\<^sub>p"
+ assumes "d \<in> nonzero Z\<^sub>p"
+ assumes "frac a b = frac c d"
+ shows "frac b a = frac d c"
+ using frac_inv assms
+ by metis
+
+lemma(in padic_fields) frac_uminus:
+ assumes "a \<in> carrier Z\<^sub>p"
+ assumes "b \<in> nonzero Z\<^sub>p"
+ shows "\<ominus> (frac a b) = frac (\<ominus>\<^bsub>Z\<^sub>p\<^esub> a) b"
+ by (simp add: Q\<^sub>p_def assms(1) assms(2) frac_uminus)
+
+lemma(in padic_fields) i_mult:
+ assumes "a \<in> carrier Z\<^sub>p"
+ assumes "c \<in> carrier Z\<^sub>p"
+ assumes "d \<in> nonzero Z\<^sub>p"
+ shows "(\<iota> a) \<otimes> (frac c d) = frac (a \<otimes>\<^bsub>Z\<^sub>p\<^esub> c) d"
+ by (simp add: Q\<^sub>p_def \<iota>_def assms(1) assms(2) assms(3) i_mult)
+
+lemma numer_denom_facts:
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "(numer a) \<in> carrier Z\<^sub>p"
+ "(denom a) \<in> nonzero Z\<^sub>p"
+ "a \<noteq> \<zero> \<Longrightarrow> numer a \<noteq> \<zero>\<^bsub>Z\<^sub>p\<^esub>"
+ "a \<otimes> (\<iota> (denom a)) = \<iota> (numer a)"
+ "a = frac (numer a) (denom a)"
+ unfolding Q\<^sub>p_def
+ using Q\<^sub>p_def assms numer_denom_facts(2) apply auto[1]
+ using Q\<^sub>p_def assms numer_denom_facts(3) apply blast
+ using Q\<^sub>p_def assms numer_denom_facts(4) apply blast
+ using Q\<^sub>p_def \<iota>_def assms numer_denom_facts(5) apply auto[1]
+ using Q\<^sub>p_def assms numer_denom_facts(1) by auto
+
+lemma get_common_denominator:
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "y \<in> carrier Q\<^sub>p"
+ obtains a b c where
+ "a \<in> carrier Z\<^sub>p"
+ "b \<in> carrier Z\<^sub>p"
+ "c \<in> nonzero Z\<^sub>p"
+ "x = frac a c"
+ "y = frac b c"
+ using Q\<^sub>p_def assms(1) assms(2) common_denominator[of x y]
+ by blast
+
+abbreviation fract :: "_ \<Rightarrow> _ \<Rightarrow> _" (infixl "\<div>" 50) where
+"(fract a b) \<equiv> (a \<otimes> (inv\<^bsub>Q\<^sub>p\<^esub> b))"
+
+text\<open>fract generalizes frac\<close>
+
+lemma fract_frac:
+ assumes "a \<in> carrier Z\<^sub>p"
+ assumes "b \<in> nonzero Z\<^sub>p"
+ shows "(frac a b) = (\<iota> a \<div> \<iota> b)"
+proof-
+ have B: "b \<in> carrier Z\<^sub>p"
+ using Zp.nonzero_closed assms(2) by auto
+ have P0:"(inv\<^bsub>Q\<^sub>p\<^esub> (\<iota> b)) = frac \<one>\<^bsub>Z\<^sub>p\<^esub> b"
+ by (simp add: B Q\<^sub>p_def Zp.nonzero_one_closed assms(2) frac_inv local.inc_def)
+ have P1: "(frac a b) = (\<iota> a) \<otimes> (frac \<one>\<^bsub>Z\<^sub>p\<^esub> b)"
+ by (simp add: assms(1) assms(2) i_mult)
+ show ?thesis
+ by (simp add: P0 P1)
+qed
+
+lemma frac_eq:
+ assumes "a \<in> nonzero Z\<^sub>p"
+ assumes "b \<in> nonzero Z\<^sub>p"
+ assumes "frac a b = \<one>"
+ shows "a = b"
+proof-
+ have "frac a b = frac b b"
+ by (simp add: assms(2) assms(3) frac_one)
+ then have "frac a \<one>\<^bsub>Z\<^sub>p\<^esub> = frac b \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ using assms
+ by (metis (no_types, lifting) Zp.nonzero_closed
+ Zp.nonzero_one_closed frac_eqE frac_eqI')
+ then show ?thesis
+ using \<iota>_def assms(1) assms(2) inc_inj2 local.inc_def
+ by (simp add: Zp.nonzero_closed)
+qed
+
+lemma fract_cancel_right:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> nonzero Q\<^sub>p"
+ shows "b \<otimes> (a \<div> b) = a"
+ by (simp add: Qp.Units_closed Qp.m_lcomm Units_eq_nonzero assms(1)
+ assms(2))
+
+lemma fract_cancel_left:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> nonzero Q\<^sub>p"
+ shows "(a \<div> b) \<otimes> b = a"
+ by (simp add: Qp.m_comm Qp.nonzero_closed assms(1) assms(2)
+ local.fract_cancel_right nonzero_inverse_Qp)
+
+lemma fract_mult:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> nonzero Q\<^sub>p"
+ assumes "c \<in> carrier Q\<^sub>p"
+ assumes "d \<in> nonzero Q\<^sub>p"
+ shows "(a \<div> b) \<otimes> (c \<div> d) = ((a \<otimes> c)\<div> (b \<otimes> d))"
+ using Q\<^sub>p_def assms(1) assms(2) assms(3) assms(4)
+ by (simp add: fract_mult)
+
+lemma Qp_nat_pow_nonzero:
+ assumes "x \<in> nonzero Q\<^sub>p"
+ shows "x[^](n::nat) \<in> nonzero Q\<^sub>p"
+ using Qp.Units_pow_closed Units_eq_nonzero assms by auto
+
+lemma Qp_nonzero_nat_pow:
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "n > 0"
+ assumes "x[^](n::nat) \<in> nonzero Q\<^sub>p"
+ shows "x \<in> nonzero Q\<^sub>p"
+ using Frac_nonzero_nat_pow Q\<^sub>p_def assms(1) assms(2) assms(3) by blast
+
+lemma Qp_int_pow_nonzero:
+ assumes "x \<in> nonzero Q\<^sub>p"
+ shows "x[^](n::int) \<in> nonzero Q\<^sub>p"
+ using Frac_int_pow_nonzero Q\<^sub>p_def assms by blast
+
+lemma Qp_nonzero_int_pow:
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "n > 0"
+ assumes "x[^](n::int) \<in> nonzero Q\<^sub>p"
+ shows "x \<in> nonzero Q\<^sub>p"
+ using Frac_nonzero_int_pow Q\<^sub>p_def assms
+ by auto
+
+lemma pow_p_frac_0:
+ assumes "(m::int) \<ge> n"
+ assumes "n \<ge>0"
+ shows "(frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>m) (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n)) = \<iota> (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(m-n))"
+proof-
+ have 0: "\<p>\<in>carrier Z\<^sub>p"
+ by (simp add: Zp.nat_inc_closed)
+ have 1: "m - n \<ge>0"
+ using assms(1) by auto
+ have 2: "nat (m - n) + (nat n) = nat m"
+ using "1" assms(2) by linarith
+ have 3: "m \<ge>0"
+ using assms by auto
+ then have "(\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(nat (m-n))) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(nat n)) = (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(nat m))"
+ by (simp add: "2" p_natpow_prod)
+ then have "(\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(m-n)) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n) = (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>m)"
+ using int_pow_int 1 3 assms(2) int_nat_eq by metis
+ then have P0: "(frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>m) (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n)) = frac ((\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(m-n))\<otimes>\<^bsub>Z\<^sub>p\<^esub> (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n)) (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n)"
+ by simp
+ have "\<p> \<in>carrier Z\<^sub>p"
+ by (simp add: "0")
+ have "(\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(nat n)) = [(p^(nat n))] \<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ by (simp add: p_pow_rep0)
+ then have "(\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(nat n)) \<in> carrier Z\<^sub>p"
+ by (simp add: Zp_nat_inc_closed)
+ then have "(\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n) \<in> carrier Z\<^sub>p"
+ using assms(2) by (metis int_nat_eq int_pow_int)
+ then have P1: "(frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>m) (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n)) = frac ((\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(m-n))\<otimes>\<^bsub>Z\<^sub>p\<^esub> (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n)) ((\<one>\<^bsub>Z\<^sub>p\<^esub> \<otimes>\<^bsub>Z\<^sub>p\<^esub> (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n)))"
+ by (simp add: \<open>[p] \<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub> [^]\<^bsub>Z\<^sub>p\<^esub> (m - n) \<otimes>\<^bsub>Z\<^sub>p\<^esub> [p] \<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub> [^]\<^bsub>Z\<^sub>p\<^esub> n = [p] \<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub> [^]\<^bsub>Z\<^sub>p\<^esub> m\<close>)
+ have P2: "(\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(m-n)) \<in> carrier Z\<^sub>p"
+ using "1" p_pow_car by blast
+ have P3: "(\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n) \<in> carrier Z\<^sub>p"
+ using \<open>\<p> [^]\<^bsub>Z\<^sub>p\<^esub> n \<in> carrier Z\<^sub>p\<close>
+ by blast
+ have P4: "(\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n) \<in> nonzero Z\<^sub>p"
+ using assms(2) p_int_pow_nonzero
+ by blast
+ have P5: "\<one>\<^bsub>Z\<^sub>p\<^esub> \<in> nonzero Z\<^sub>p"
+ using nonzero_def
+ by (simp add: Zp.nonzero_one_closed)
+ have "(frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(m-n)) \<one>\<^bsub>Z\<^sub>p\<^esub>) \<otimes> (frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n) (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n))
+ = frac ((\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(m-n))\<otimes>\<^bsub>Z\<^sub>p\<^esub> (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n)) ((\<one>\<^bsub>Z\<^sub>p\<^esub> \<otimes>\<^bsub>Z\<^sub>p\<^esub> (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n)))"
+ by (simp add: P2 P3 P4 Zp.nonzero_one_closed local.frac_mult)
+ then have "frac ((\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(m-n))\<otimes>\<^bsub>Z\<^sub>p\<^esub> (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n)) ((\<one>\<^bsub>Z\<^sub>p\<^esub> \<otimes>\<^bsub>Z\<^sub>p\<^esub> (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n))) = (frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(m-n)) \<one>\<^bsub>Z\<^sub>p\<^esub>) "
+ by (simp add: P2 P4 Zp.nonzero_one_closed frac_cancel_lr mult_comm)
+ then have P6: "(frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>m) (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n)) = (frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(m-n)) \<one>\<^bsub>Z\<^sub>p\<^esub>) "
+ using P1 by blast
+ have "(frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(m-n)) \<one>\<^bsub>Z\<^sub>p\<^esub>) = \<iota> (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(m-n))"
+ using inc_def by (simp add: P2)
+ then show ?thesis
+ using P6 by blast
+qed
+
+lemma pow_p_frac:
+ assumes "(m::int) \<le> n"
+ assumes "m \<ge>0"
+ shows "(frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>m) (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n)) = frac \<one>\<^bsub>Z\<^sub>p\<^esub> (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(n-m))"
+proof-
+ have "(frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n) (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>m)) = \<iota> (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(n-m))"
+ by (simp add: assms(1) assms(2) pow_p_frac_0)
+ then have P0:"(frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n) (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>m)) = frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(n-m)) \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ by (simp add: assms(1) local.inc_def p_pow_car)
+ have P1: "\<one>\<^bsub>Z\<^sub>p\<^esub> \<in>nonzero Z\<^sub>p"
+ by (simp add: Zp.nonzero_one_closed)
+ have P2: "\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n \<in> nonzero Z\<^sub>p"
+ using assms(1) assms(2) p_int_pow_nonzero by auto
+ have P3: "\<p>[^]\<^bsub>Z\<^sub>p\<^esub>m \<in> nonzero Z\<^sub>p"
+ by (simp add: assms(2) p_int_pow_nonzero)
+ have P4: "(\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(n-m)) \<in> nonzero Z\<^sub>p"
+ by (simp add: assms(1) p_int_pow_nonzero)
+ show " frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>m) (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n) = frac \<one>\<^bsub>Z\<^sub>p\<^esub> (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(n-m))"
+ using P0 P1 P2 P3 P4 p_pow_nonzero
+ by (meson local.frac_inv_id)
+qed
+
+text\<open>The copy of the prime \<open>p\<close> living in $\mathbb{Q}_p$:\<close>
+
+abbreviation \<pp> where
+"\<pp> \<equiv> [p] \<cdot>\<^bsub>Q\<^sub>p\<^esub> \<one>"
+
+lemma(in domain_frac) frac_inc_of_nat:
+"Frac_inc R ([(n::nat)]\<cdot> \<one>) = [n]\<cdot>\<^bsub>Frac R\<^esub>\<one>\<^bsub>Frac R\<^esub>"
+ by (simp add: inc_equation nat_inc_rep)
+
+lemma inc_of_nat:
+"(\<iota> ([(n::nat)]\<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>)) = [n]\<cdot>\<^bsub>Q\<^sub>p\<^esub>\<one>"
+ unfolding Q\<^sub>p_def \<iota>_def
+ using frac_inc_of_nat[of n]
+ by auto
+
+lemma(in domain_frac) frac_inc_of_int:
+"Frac_inc R ([(n::int)]\<cdot> \<one>) = [n]\<cdot>\<^bsub>Frac R\<^esub>\<one>\<^bsub>Frac R\<^esub>"
+ apply(induction n)
+ apply (simp add: add_pow_int_ge inc_equation nat_inc_rep)
+ by (simp add: add_pow_int_lt frac_uminus inc_equation nat_inc_rep nonzero_one_closed)
+
+lemma inc_of_int:
+"(\<iota> ([(n::int)]\<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>)) = [n]\<cdot>\<^bsub>Q\<^sub>p\<^esub>\<one>"
+ unfolding Q\<^sub>p_def \<iota>_def
+ using frac_inc_of_int[of n]
+ by auto
+
+lemma p_inc:
+"\<pp> = \<iota> \<p>"
+ by (simp add: inc_of_int)
+
+lemma p_nonzero:
+"\<pp> \<in> nonzero Q\<^sub>p"
+ using Z\<^sub>p_def Zp_nat_inc_closed inc_of_nonzero ord_Zp_p p_inc
+ p_nonzero by auto
+
+lemma p_natpow_inc:
+ fixes n::nat
+ shows "\<pp>[^]n = \<iota> (\<p> [^]\<^bsub>Z\<^sub>p\<^esub> n)"
+ by (simp add: Qp.int_nat_pow_rep inc_of_int p_pow_rep0)
+
+lemma p_intpow_inc:
+ fixes n::int
+ assumes "n \<ge>0"
+ shows "\<pp>[^]n = \<iota> (\<p> [^]\<^bsub>Z\<^sub>p\<^esub> n)"
+ using p_natpow_inc
+ by (metis assms int_nat_eq int_pow_int)
+
+lemma p_intpow:
+ fixes n::int
+ assumes "n < 0"
+ shows "\<pp>[^]n = (frac \<one>\<^bsub>Z\<^sub>p\<^esub> (\<p> [^]\<^bsub>Z\<^sub>p\<^esub> (-n)))"
+proof-
+ have U0: "(\<pp> [^] (nat (-n))) \<in> Units Q\<^sub>p"
+ using Qp.Units_pow_closed Units_eq_nonzero p_nonzero by blast
+ have E0: "(\<pp> [^] (nat (-n))) = (\<pp> [^] (-n))"
+ using assms by (simp add: int_pow_def nat_pow_def)
+ then have U1: "(\<pp> [^] (-n)) \<in> Units Q\<^sub>p" using U0
+ by simp
+ have "(\<pp>[^]n) = inv \<^bsub>Q\<^sub>p\<^esub> (\<pp> [^] (nat (-n)))"
+ using assms by (simp add: int_pow_def nat_pow_def)
+ then have "(\<pp>[^]n) = inv \<^bsub>Q\<^sub>p\<^esub> (\<pp> [^] (-n))"
+ using E0 by simp
+ then have "(\<pp>[^]n) = inv \<^bsub>Q\<^sub>p\<^esub> \<iota> (\<p> [^]\<^bsub>Z\<^sub>p\<^esub>(-n))"
+ using assms p_intpow_inc by auto
+ then have E1: "(\<pp>[^]n) = inv \<^bsub>Q\<^sub>p\<^esub> frac (\<p> [^]\<^bsub>Z\<^sub>p\<^esub>(-n)) \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ using assms local.inc_def p_pow_car by auto
+ have A: "(\<p> [^]\<^bsub>Z\<^sub>p\<^esub>(-n)) \<in> nonzero Z\<^sub>p"
+ using assms p_pow_nonzero p_int_pow_nonzero
+ by auto
+ then show ?thesis
+ using A frac_inv inc_def E1
+ by (simp add: Q\<^sub>p_def Zp.nonzero_one_closed)
+qed
+
+lemma p_natpow_closed[simp]:
+ fixes n::nat
+ shows "(\<pp>[^]n) \<in> (carrier Q\<^sub>p)"
+ "(\<pp>[^]n) \<in> (nonzero Q\<^sub>p)"
+ apply blast
+ using Qp_nat_pow_nonzero p_nonzero by blast
+
+lemma nonzero_int_pow_distrib:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> nonzero Q\<^sub>p"
+ shows "(a \<otimes> b) [^](k::int) = a[^]k \<otimes> b[^]k"
+proof(induction k)
+ case (nonneg n)
+ then show ?case using pow_nat[of n _ Q\<^sub>p]
+ by (smt Qp.nat_pow_distrib Qp.nonzero_closed assms(1) assms(2) int_pow_int)
+next
+ case N: (neg n)
+ have "a \<otimes> b \<in> Units Q\<^sub>p"
+ using assms Units_eq_nonzero by blast
+ hence "(a \<otimes> b) [^] - int (Suc n) = inv ((a \<otimes> b) [^] (Suc n))"
+ by (metis Qp.int_pow_inv' int_pow_int)
+ then show ?case using
+ Qp.int_pow_inv' Qp.int_pow_unit_closed Qp.inv_of_prod[of "a[^]Suc n" "b[^]Suc n"]
+ Qp.nat_pow_distrib Qp.nonzero_closed Units_eq_nonzero assms(1) assms(2) int_pow_int by metis
+qed
+
+lemma val_ring_subring:
+"subring \<O>\<^sub>p Q\<^sub>p"
+ using Q\<^sub>p_def \<iota>_def inc_im_is_subring by blast
+
+lemma val_ring_closed:
+"\<O>\<^sub>p \<subseteq> carrier Q\<^sub>p"
+ by (simp add: subringE(1) val_ring_subring)
+
+lemma p_pow_diff:
+ fixes n::int
+ fixes m::int
+ assumes "n \<ge>0"
+ assumes "m \<ge>0"
+ shows "\<pp> [^] (n - m) = frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n) (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>m)"
+proof-
+ have 0: "comm_monoid Q\<^sub>p"
+ by (simp add: Qp.comm_monoid_axioms)
+ have 1: "\<pp> \<in> Units Q\<^sub>p"
+ using Units_eq_nonzero p_nonzero
+ by blast
+ have 2: "\<pp> [^] (n - m) = (\<pp>[^]n) \<otimes> (\<pp> [^] -m)"
+ by (metis "1" Qp.int_pow_add diff_conv_add_uminus)
+ have 3: "\<pp> [^] (n - m) = (\<pp>[^]n) \<otimes> inv\<^bsub>Q\<^sub>p\<^esub>(\<pp> [^] m)"
+ by (simp add: "1" "2" Qp.int_pow_inv')
+ then show ?thesis using assms
+ using fract_frac p_int_pow_nonzero p_intpow_inc p_pow_car by presburger
+qed
+
+lemma Qp_int_pow_add:
+ fixes n::int
+ fixes m::int
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "a [^] (n + m) = (a [^] n) \<otimes> (a [^] m)"
+ using monoid.int_pow_add[of Q\<^sub>p a n m] Units_eq_nonzero assms
+ by (simp add: Qp.monoid_axioms)
+
+lemma Qp_nat_pow_pow:
+ fixes n::nat
+ fixes m::nat
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "(a[^](n*m)) = ((a[^]n)[^]m)"
+ by (simp add: Qp.nat_pow_pow assms)
+
+lemma Qp_p_nat_pow_pow:
+ fixes n::nat
+ fixes m::nat
+ shows "(\<pp> [^] (n*m)) = ((\<pp>[^]n)[^]m)"
+ using Qp_nat_pow_pow
+ by simp
+
+lemma Qp_units_int_pow:
+ fixes n::int
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "a[^]n = a[^]\<^bsub>units_of Q\<^sub>p\<^esub>n"
+ apply(cases "n \<ge> 0")
+ using monoid.units_of_pow[of Q\<^sub>p]
+ apply (metis int_pow_def2 mult_of_is_Units nat_pow_mult_of not_le)
+ by (metis Qp.Units_pow_closed Qp.units_of_inv Units_eq_nonzero assms int_pow_def2 mult_of_is_Units nat_pow_mult_of)
+
+lemma Qp_int_pow_pow:
+ fixes n::int
+ fixes m::int
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "(a[^](n*m)) = ((a[^]n)[^]m)"
+proof-
+ have 0: "a \<in> carrier (units_of Q\<^sub>p)"
+ by (simp add: Units_eq_nonzero assms units_of_carrier)
+ have "group (units_of Q\<^sub>p)"
+ using monoid.units_group Qp.units_group
+ by blast
+ then show ?thesis
+ using 0 group.int_pow_pow[of "units_of Q\<^sub>p"] Qp_int_pow_nonzero Qp_units_int_pow assms
+ by auto
+qed
+
+lemma Qp_p_int_pow_pow:
+ fixes n::int
+ fixes m::int
+ shows "(\<pp> [^] (n*m)) = ((\<pp>[^]n)[^]m)"
+ using Qp_int_pow_pow p_nonzero by blast
+
+lemma Qp_int_nat_pow_pow:
+ fixes n::int
+ fixes m::nat
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "(a[^](n*m)) = ((a[^]n)[^]m)"
+ by (simp add: Qp_int_pow_pow assms int_pow_int)
+
+lemma Qp_p_int_nat_pow_pow:
+ fixes n::int
+ fixes m::nat
+ shows "(\<pp> [^] (n*m)) = ((\<pp>[^]n)[^]m)"
+ by (simp add: Qp_int_nat_pow_pow p_nonzero)
+
+lemma Qp_nat_int_pow_pow:
+ fixes n::nat
+ fixes m::int
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "(a[^](n*m)) = ((a[^]n)[^]m)"
+ by (simp add: Qp_int_pow_pow assms int_pow_int)
+
+lemma Qp_p_nat_int_pow_pow:
+ fixes n::nat
+ fixes m::int
+ shows "(\<pp> [^] (n*m)) = ((\<pp>[^]n)[^]m)"
+ by (simp add: Qp_nat_int_pow_pow p_nonzero)
+
+lemma p_intpow_closed:
+ fixes n::int
+ shows "(\<pp>[^]n) \<in> (carrier Q\<^sub>p)"
+ "(\<pp>[^]n) \<in> (nonzero Q\<^sub>p)"
+ apply (simp add: Qp.nonzero_closed Qp_int_pow_nonzero p_nonzero)
+ by (simp add: Qp_int_pow_nonzero p_nonzero)
+
+lemma p_intpow_add:
+ fixes n::int
+ fixes m::int
+ shows "\<pp> [^] (n + m) = (\<pp> [^] n) \<otimes> (\<pp> [^] m)"
+ using Qp_int_pow_add p_nonzero by blast
+
+lemma p_intpow_inv:
+ fixes n::int
+ shows "(\<pp> [^] n) \<otimes> (\<pp> [^] -n) = \<one>"
+ using Units_eq_nonzero monoid.int_pow_inv'[of Q\<^sub>p \<pp> n]
+ by (metis add.right_inverse int_pow_0 p_intpow_add)
+
+lemma p_intpow_inv':
+ fixes n::int
+ shows "(\<pp> [^] -n) \<otimes> (\<pp> [^] n) = \<one>"
+ using p_intpow_inv
+ by (metis add.commute p_intpow_add)
+
+lemma p_intpow_inv'':
+ fixes n::int
+ shows "(\<pp> [^] -n) = inv\<^bsub>Q\<^sub>p\<^esub> (\<pp> [^] n)"
+ by (simp add: Qp.int_pow_inv' Units_eq_nonzero p_nonzero)
+
+lemma p_int_pow_factor_int_pow:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "(\<pp>[^](n::int) \<otimes> a)[^](k::int) = \<pp>[^](n*k) \<otimes> a[^]k"
+ using assms nonzero_int_pow_distrib p_intpow_closed(2) Qp_p_int_pow_pow by presburger
+
+lemma p_nat_pow_factor_int_pow:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "(\<pp>[^](n::nat) \<otimes> a)[^](k::int) = \<pp>[^](n*k) \<otimes> a[^]k"
+ using assms Qp_p_int_nat_pow_pow p_natpow_closed(1)
+ by (metis int_pow_int p_int_pow_factor_int_pow)
+
+lemma p_pow_factor:
+"\<pp>[^]((int N)*l + k) = (\<pp>[^]l)[^](N::nat) \<otimes> \<pp>[^] k"
+ by (metis Qp_p_int_nat_pow_pow mult_of_nat_commute p_intpow_add)
+
+lemma p_nat_pow_factor_nat_pow:
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "(\<pp>[^](n::nat) \<otimes> a)[^](k::nat) = \<pp>[^](n*k) \<otimes> a[^]k"
+ using Qp.nat_pow_distrib Qp_p_nat_pow_pow assms p_natpow_closed(1) by presburger
+
+lemma p_int_pow_factor_nat_pow:
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "(\<pp>[^](n::int) \<otimes> a)[^](k::nat) = \<pp>[^](n*k) \<otimes> a[^]k"
+ using assms Qp.nat_pow_distrib Qp_p_int_nat_pow_pow p_intpow_closed(1) by presburger
+
+lemma(in ring) r_minus_distr:
+ assumes "a \<in> carrier R"
+ assumes "b \<in> carrier R"
+ assumes "c \<in> carrier R"
+ shows "a \<otimes> b \<ominus> a \<otimes> c = a \<otimes> (b \<ominus> c)"
+ using assms
+ unfolding a_minus_def
+ by (simp add: r_distr r_minus)
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>The Valuation on $\mathbb{Q}_p$\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>Extending the Valuation from $\mathbb{Z}_p$ to $\mathbb{Q}_p$\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+text\<open>
+ The valuation of a $p$-adic number can be defined as the difference of the valuations of an
+ arbitrary choice of numerator and denominator.\<close>
+definition ord where
+"ord x = (ord_Zp (numer x)) - (ord_Zp (denom x))"
+
+definition val where
+"val x = (if x = \<zero> then (\<infinity>::eint) else eint (ord x))"
+
+lemma val_ord[simp]:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "val a = ord a"
+ using assms nonzero_def val_def by force
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>Properties of the Valuation\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+lemma ord_of_frac:
+ assumes "a \<in> nonzero Z\<^sub>p"
+ assumes "b \<in> nonzero Z\<^sub>p"
+ shows "ord (frac a b) = (ord_Zp a) - (ord_Zp b)"
+proof-
+ have "frac a b = frac (numer (frac a b)) (denom (frac a b))"
+ by (simp add: assms(1) assms(2))
+ then have "a \<otimes>\<^bsub>Z\<^sub>p\<^esub> (denom (frac a b)) = b \<otimes>\<^bsub>Z\<^sub>p\<^esub> (numer (frac a b))"
+ by (simp add: assms(1) assms(2) numer_denom_swap)
+ then have "(ord_Zp a) - (ord_Zp b) = (ord_Zp (numer (frac a b))) - (ord_Zp (denom (frac a b)))"
+ using ord_Zp_eq_frac Q\<^sub>p_def Z\<^sub>p_def
+ by (metis Zp.frac_closed Zp.nonzero_closed Zp.numer_denom_facts(4) assms(1) assms(2) local.numer_denom_facts(1) local.numer_denom_facts(2) nonzero_fraction ord_of_nonzero(2) ord_pos)
+ then show ?thesis
+ using ord_def
+ by presburger
+qed
+
+lemma val_zero:
+"val \<zero> = \<infinity>" by (simp add: val_def)
+
+lemma ord_one[simp]:
+"ord \<one> = 0"
+ using Zp.nonzero_one_closed local.frac_one ord_of_frac by fastforce
+
+lemma val_one[simp]:
+"val (\<one>) = 0"
+ using ord_one
+ by (simp add: Qp.one_nonzero zero_eint_def)
+
+lemma val_of_frac:
+ assumes "a \<in> carrier Z\<^sub>p"
+ assumes "b \<in> nonzero Z\<^sub>p"
+ shows "val (frac a b) = (val_Zp a) - (val_Zp b)"
+proof(cases "a = \<zero>\<^bsub>Z\<^sub>p\<^esub>")
+ case True
+ then show ?thesis
+ using assms(1) assms(2) local.val_zero
+ by (simp add: Q\<^sub>p_def val_Zp_def)
+next
+ case False
+ then have "a \<in> nonzero Z\<^sub>p"
+ by (simp add: assms(1) nonzero_def)
+ then show ?thesis
+ using ord_of_frac[of a b] assms(2) val_def val_ord_Zp
+ nonzero_numer_imp_nonzero_fraction
+ by (simp add: Zp.nonzero_memE(2))
+qed
+
+lemma Z\<^sub>p_division_Qp_0[simp]:
+ assumes "u \<in> Units Z\<^sub>p"
+ assumes "v \<in> Units Z\<^sub>p"
+ shows "frac (u \<otimes>\<^bsub>Z\<^sub>p\<^esub> (inv\<^bsub>Z\<^sub>p\<^esub> v)) \<one>\<^bsub>Z\<^sub>p\<^esub>= frac u v"
+proof-
+ have 0: "frac v v = \<one>"
+ using frac_one
+ by (simp add: Q\<^sub>p_def Zp.Units_nonzero assms(2))
+ have 1:"(inv\<^bsub>Z\<^sub>p\<^esub> v) \<in> carrier Z\<^sub>p"
+ using assms by blast
+ have 2:"frac (u \<otimes>\<^bsub>Z\<^sub>p\<^esub> (inv\<^bsub>Z\<^sub>p\<^esub> v)) \<one>\<^bsub>Z\<^sub>p\<^esub> \<in> carrier Q\<^sub>p"
+ by (simp add: "1" Zp.Units_closed Zp.nonzero_one_closed assms(1) local.frac_closed)
+ have 3: "frac (u \<otimes>\<^bsub>Z\<^sub>p\<^esub> (inv\<^bsub>Z\<^sub>p\<^esub> v)) \<one>\<^bsub>Z\<^sub>p\<^esub> = (frac (u \<otimes>\<^bsub>Z\<^sub>p\<^esub> (inv\<^bsub>Z\<^sub>p\<^esub> v)) \<one>\<^bsub>Z\<^sub>p\<^esub>) \<otimes> frac v v"
+ by (simp add: "0" "2")
+ then have 4: "frac (u \<otimes>\<^bsub>Z\<^sub>p\<^esub> (inv\<^bsub>Z\<^sub>p\<^esub> v)) \<one>\<^bsub>Z\<^sub>p\<^esub> = (frac ((u \<otimes>\<^bsub>Z\<^sub>p\<^esub> (inv\<^bsub>Z\<^sub>p\<^esub> v)) \<otimes>\<^bsub>Z\<^sub>p\<^esub> v) v)"
+ by (simp add: Zp.Units_nonzero Zp.nonzero_closed assms(1) assms(2) frac_eqI')
+ then have 4: "frac (u \<otimes>\<^bsub>Z\<^sub>p\<^esub> (inv\<^bsub>Z\<^sub>p\<^esub> v)) \<one>\<^bsub>Z\<^sub>p\<^esub> = (frac (u \<otimes>\<^bsub>Z\<^sub>p\<^esub> ((inv\<^bsub>Z\<^sub>p\<^esub> v) \<otimes>\<^bsub>Z\<^sub>p\<^esub> v)) v)"
+ by (simp add: mult_assoc)
+ have 5:"(inv\<^bsub>Z\<^sub>p\<^esub> v) \<otimes>\<^bsub>Z\<^sub>p\<^esub> v = \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ by (simp add: assms(2))
+ then show "frac (u \<otimes>\<^bsub>Z\<^sub>p\<^esub> (inv\<^bsub>Z\<^sub>p\<^esub> v)) \<one>\<^bsub>Z\<^sub>p\<^esub> = (frac u v)"
+ by (simp add: "4" Zp.Units_closed assms(1))
+qed
+
+lemma Z\<^sub>p_division_Qp_1:
+ assumes "u \<in> Units Z\<^sub>p"
+ assumes "v \<in> Units Z\<^sub>p"
+ obtains w where "w \<in> Units Z\<^sub>p"
+ "\<iota> w = frac u v"
+proof-
+ have " (inv\<^bsub>Z\<^sub>p\<^esub> v) \<in> Units Z\<^sub>p"
+ by (simp add: assms(2))
+ then have "(u \<otimes>\<^bsub>Z\<^sub>p\<^esub> (inv\<^bsub>Z\<^sub>p\<^esub> v)) \<in> Units Z\<^sub>p"
+ using assms
+ by blast
+ then show ?thesis
+ using Z\<^sub>p_division_Qp_0 Zp.Units_closed assms(1) assms(2)
+ local.inc_def that by presburger
+qed
+
+lemma val_ring_ord_criterion:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "a \<noteq> \<zero>"
+ assumes "ord a \<ge> 0"
+ shows "a \<in> \<O>\<^sub>p"
+proof-
+ obtain c d where P0: "a = frac c d" and P1: "c \<in> nonzero Z\<^sub>p" and P2: "d \<in> nonzero Z\<^sub>p"
+ by (metis assms(1) assms(2) get_common_denominator nonzero_fraction_imp_nonzero_numer)
+ obtain m n where P3: "m = ord_Zp c" and P4:"n = ord_Zp d"
+ by metis
+ obtain u where "u = ac_Zp c"
+ by simp
+ then have P5:"c = (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>m) \<otimes>\<^bsub>Z\<^sub>p\<^esub> u" and P6:"u \<in> Units Z\<^sub>p"
+ apply (simp add: P1 P3 \<open>u = ac_Zp c\<close> ac_Zp_factors')
+ using P1 Zp.nonzero_memE
+ by (simp add: \<open>u = ac_Zp c\<close> ac_Zp_is_Unit)
+ obtain v where "v = ac_Zp d" by simp
+ have P7:"d = (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n) \<otimes>\<^bsub>Z\<^sub>p\<^esub> v" and P8:"v \<in> Units Z\<^sub>p"
+ using P2 P4 \<open>v = ac_Zp d\<close> ac_Zp_factors' apply blast
+ using P2 Zp.nonzero_memE
+ by (simp add: \<open>v = ac_Zp d\<close> ac_Zp_is_Unit)
+ have P9: "a = frac ((\<p>[^]\<^bsub>Z\<^sub>p\<^esub>m) \<otimes>\<^bsub>Z\<^sub>p\<^esub> u) ((\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n) \<otimes>\<^bsub>Z\<^sub>p\<^esub> v)"
+ by (simp add: P0 P5 P7)
+ have P10: "(\<p>[^]\<^bsub>Z\<^sub>p\<^esub>m) \<in> carrier Z\<^sub>p"
+ using P1 P3 Z\<^sub>p_def ord_pos Zp.nonzero_closed Zp.nonzero_memE(2) p_pow_car
+ by auto
+ have P11: "(\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n) \<in> nonzero Z\<^sub>p"
+ by (simp add: P2 P4 Zp.nonzero_closed Zp.nonzero_memE(2) ord_pos p_int_pow_nonzero)
+ have P12: "u \<in> carrier Z\<^sub>p"
+ using P6 Units_def
+ by blast
+ have P13: "v \<in> nonzero Z\<^sub>p"
+ using P8 Units_def ord_of_nonzero(2)
+ by (simp add: Zp.Units_nonzero)
+ have P14: "a = (frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>m) (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>n)) \<otimes> (frac u v)"
+ using P12 P13 P10 P9 P11 Q\<^sub>p_def frac_mult by metis
+ have P15: "m \<ge> n"
+ proof-
+ have "ord_Zp c \<ge> ord_Zp d"
+ using P0 P1 P2 assms(3) ord_of_frac[of c d]
+ by (metis P3 P4 antisym eq_iff eq_iff_diff_eq_0 le_cases le_iff_diff_le_0 ord_Zp_def)
+ then show ?thesis
+ using P3 P4 by blast
+ qed
+ have P16: "n \<ge> 0"
+ by (simp add: P2 P4 Zp.nonzero_closed Zp.nonzero_memE(2) ord_pos)
+ have P17: "a = (frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(m-n)) \<one>\<^bsub>Z\<^sub>p\<^esub>) \<otimes> (frac u v)"
+ using P14 P15 P16 local.inc_def[of "(\<p> [^]\<^bsub>Z\<^sub>p\<^esub> (n - m))"] pow_p_frac_0[of n m]
+ by (simp add: local.inc_def p_pow_car)
+ obtain w where P18: "w \<in> Units Z\<^sub>p" and P19: "\<iota> w = frac u v "
+ using Z\<^sub>p_division_Qp_1 P6 P8 by blast
+ have P20: "w \<in> carrier Z\<^sub>p"
+ using P18 Units_def by blast
+ have P21: "a = \<iota> (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(m-n)) \<otimes> \<iota> w"
+ using P15 P17 P19 \<iota>_def inc_equation p_pow_car by auto
+ have P22: "a = (frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(m-n)) \<one>\<^bsub>Z\<^sub>p\<^esub>) \<otimes> (frac w \<one>\<^bsub>Z\<^sub>p\<^esub>)"
+ using P17 P19 P20 local.inc_def by auto
+ have P23: "\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(m-n) \<in> carrier Z\<^sub>p"
+ by (simp add: P15 p_pow_car)
+ have P24: "a = (frac ((\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(m-n)) \<otimes>\<^bsub>Z\<^sub>p\<^esub> w) \<one>\<^bsub>Z\<^sub>p\<^esub>)"
+ using P20 P22 P23 frac_mult
+ by (simp add: Zp.nonzero_one_closed)
+ have P24: "a = \<iota>((\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(m-n)) \<otimes>\<^bsub>Z\<^sub>p\<^esub> w)"
+ by (simp add: P20 P23 P24 cring.cring_simprules(5) domain.axioms(1) local.inc_def)
+ then show ?thesis
+ using P20 P23 by blast
+qed
+
+lemma val_ring_val_criterion:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "val a \<ge> 0"
+ shows "a \<in> \<O>\<^sub>p"
+ apply(cases "a = \<zero>")
+ using Qp.int_inc_zero Q\<^sub>p_def inc_of_int apply blast
+ using assms unfolding val_def
+ by (simp add: val_ring_ord_criterion zero_eint_def)
+
+lemma ord_of_inv:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "a \<noteq> \<zero>"
+ shows "ord (inv\<^bsub>Q\<^sub>p\<^esub> a) = - (ord a)"
+proof-
+ obtain b c where
+ Frac: "a = frac b c" and
+ Car: "b \<in> carrier Z\<^sub>p" and
+ Nz_c: "c \<in> nonzero Z\<^sub>p"
+ using assms(1) local.numer_denom_facts(1) local.numer_denom_facts(2)
+ local.numer_denom_facts(5) by blast
+ have Nz_b: "b \<in> nonzero Z\<^sub>p"
+ using Frac Car Nz_c assms(2) nonzero_fraction_imp_nonzero_numer by metis
+ then have "(inv\<^bsub>Q\<^sub>p\<^esub> a) = frac c b"
+ using Frac Nz_c frac_inv Q\<^sub>p_def
+ by auto
+ then show ?thesis using Frac Nz_b Nz_c ord_of_frac[of b c] ord_of_frac[of c b]
+ by (simp add: nonzero_def ord_Zp_def)
+qed
+
+lemma val_of_inv:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "a \<noteq> \<zero>"
+ shows "val (inv\<^bsub>Q\<^sub>p\<^esub> a) = - (val a)"
+ using ord_of_inv unfolding uminus_eint_def
+ by (simp add: assms(1) assms(2) inv_in_frac(2) val_def)
+
+text\<open>Zp is a valuation ring in Qp\<close>
+
+lemma Z\<^sub>p_mem:
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "a \<in> \<O>\<^sub>p \<or> (inv\<^bsub>Q\<^sub>p\<^esub> a \<in> \<O>\<^sub>p)"
+proof(cases "inv\<^bsub>Q\<^sub>p\<^esub>a \<in> \<O>\<^sub>p \<or> a = \<zero>")
+ case True
+ then show ?thesis
+ using val_ring_subring subringE(2) by auto
+next
+ case False
+ then have Nz: "a \<noteq> \<zero>" by auto
+ have "\<not> (ord a < 0)"
+ proof
+ assume "ord a < 0"
+ then have "ord (inv\<^bsub>Q\<^sub>p\<^esub> a) >0"
+ by (simp add: assms(1) Nz ord_of_inv)
+ then have 0: "ord (inv\<^bsub>Q\<^sub>p\<^esub> a) \<ge>0"
+ by auto
+ have 1: "(inv\<^bsub>Q\<^sub>p\<^esub> a) \<in> carrier Q\<^sub>p"
+ by (simp add: assms(1) Nz inv_in_frac)
+ have 2: "(inv\<^bsub>Q\<^sub>p\<^esub> a) \<noteq>\<zero>"
+ by (simp add: assms(1) Nz inv_in_frac(2))
+ then have "(inv\<^bsub>Q\<^sub>p\<^esub> a) \<in> \<O>\<^sub>p"
+ using val_ring_ord_criterion by (simp add: "0" "1")
+ then show False
+ using False by blast
+ qed
+ then show ?thesis
+ using val_ring_ord_criterion assms(1) Nz by auto
+qed
+
+lemma Qp_val_ringI:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "val a \<ge> 0"
+ shows "a \<in> \<O>\<^sub>p"
+using assms val_ring_val_criterion by blast
+
+
+text\<open>Criterion for determining when an element in Qp is zero\<close>
+lemma val_nonzero:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "s > val a"
+ shows "a \<in> nonzero Q\<^sub>p"
+proof-
+ have "val a \<noteq> \<infinity>"
+ by (metis assms(2) eint_ord_simps(6))
+ then show ?thesis
+ using assms
+ by (metis (mono_tags, opaque_lifting) local.val_zero not_nonzero_Qp)
+qed
+
+lemma val_ineq:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "val \<zero> \<le> val a"
+ shows "a = \<zero>"
+ using assms unfolding val_def
+ by (metis (mono_tags, lifting) eint_ord_code(5))
+
+lemma ord_minus:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "ord a = ord (\<ominus>a)"
+proof-
+ have "\<ominus> a = \<ominus> (frac (numer a) (denom a))"
+ using assms Qp.nonzero_closed local.numer_denom_facts(5) by auto
+ then have "\<ominus> a = (frac (\<ominus>\<^bsub>Z\<^sub>p\<^esub> (numer a)) (denom a))"
+ by (simp add: Qp.nonzero_closed assms local.frac_uminus local.numer_denom_facts(1) local.numer_denom_facts(2))
+ then show ?thesis
+ by (metis Q\<^sub>p_def Qp.add.inv_eq_1_iff Qp.nonzero_closed Zp.add.inv_closed assms
+ local.numer_denom_facts(1) local.numer_denom_facts(2) nonzero_fraction_imp_nonzero_numer
+ numer_nonzero ord_Zp_of_a_inv ord_def ord_of_frac)
+qed
+
+lemma val_minus:
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "val a = val (\<ominus>a)"
+proof(cases "a = \<zero>")
+ case True
+ then show ?thesis
+ using Qp.minus_zero by presburger
+next
+ case False
+ then show ?thesis using Qp.domain_axioms assms cring.cring_simprules(21)
+ cring.cring_simprules(22) domain.axioms(1) not_nonzero_Qp
+ ord_minus val_def
+ by metis
+qed
+
+text\<open>The valuation is multiplicative:\<close>
+
+lemma ord_mult:
+ assumes "x \<in> nonzero Q\<^sub>p"
+ assumes "y \<in> nonzero Q\<^sub>p"
+ shows "(ord (x \<otimes> y)) = (ord x) + (ord y)"
+proof-
+ have 0:"x \<in> carrier Q\<^sub>p" using assms by(simp add:nonzero_def)
+ have 1:"y \<in>carrier Q\<^sub>p" using assms by(simp add:nonzero_def)
+ obtain a b c where
+ A: "a \<in> carrier Z\<^sub>p" and
+ B: "b \<in> carrier Z\<^sub>p" and
+ C: "c \<in> nonzero Z\<^sub>p" and
+ Fx: "x = frac a c" and
+ Fy: "y = frac b c"
+ using get_common_denominator 0 1 by blast
+ have An: "a \<in> nonzero Z\<^sub>p"
+ using A C Fx assms(1) nonzero_def nonzero_fraction_imp_nonzero_numer
+ Qp.nonzero_memE(2) by auto
+ have Bn: " b \<in> nonzero Z\<^sub>p"
+ using B C Fy assms(2) nonzero_def nonzero_fraction_imp_nonzero_numer
+ Qp.nonzero_memE(2) by auto
+ have Fxy: "x \<otimes> y = frac (a \<otimes>\<^bsub>Z\<^sub>p\<^esub> b) (c \<otimes>\<^bsub>Z\<^sub>p\<^esub> c)"
+ by (simp add: A B C Fx Fy frac_mult)
+ have Cn: "c \<otimes>\<^bsub>Z\<^sub>p\<^esub> c \<in> nonzero Z\<^sub>p"
+ using C Localization.submonoid.m_closed Zp.domain_axioms domain.nonzero_is_submonoid
+ by metis
+ have Ordxy0: "ord (x \<otimes> y) = ord_Zp (a \<otimes>\<^bsub>Z\<^sub>p\<^esub> b) - ord_Zp (c \<otimes>\<^bsub>Z\<^sub>p\<^esub> c)"
+ by (metis "0" "1" An Bn C Cn Fx Fxy Fy Qp.integral
+ Zp.nonzero_mult_closed Zp.zero_closed fraction_zero
+ nonzero_fraction nonzero_fraction_imp_nonzero_numer ord_of_frac)
+ have Ordxy1: "ord (x \<otimes> y) = (ord_Zp a) + (ord_Zp b) - ((ord_Zp c) + (ord_Zp c))"
+ using An Bn C
+ by (simp add: Ordxy0 ord_Zp_mult)
+ show ?thesis
+ proof-
+ have "ord x + ord y = (ord_Zp a) - (ord_Zp c) + ((ord_Zp b) - (ord_Zp c))"
+ using An Bn C Fx Fy ord_of_frac[of a c] ord_of_frac[of b c] by presburger
+ then show ?thesis
+ using Ordxy1
+ by presburger
+ qed
+qed
+
+lemma val_mult0:
+ assumes "x \<in> nonzero Q\<^sub>p"
+ assumes "y \<in> nonzero Q\<^sub>p"
+ shows "(val (x \<otimes> y)) = (val x) + (val y)"
+proof-
+ have 0: "val x = ord x"
+ using assms(1) val_ord by metis
+ have 1: "val y = ord y"
+ using assms(2) val_ord by metis
+ have "x \<otimes> y \<noteq> \<zero>"
+ using field_axioms assms(1) assms(2) integral Qp.integral_iff
+ Qp.nonzero_closed Qp.nonzero_memE(2) by presburger
+ then have 2: "val (x \<otimes> y) = ord (x \<otimes> y)"
+ by (simp add: val_def)
+ have 3: "val x + val y = ord x + ord y "
+ by (simp add: "0" "1")
+ have 4: "val (x \<otimes> y) = ord (x \<otimes> y)"
+ using "2" by auto
+ then show ?thesis using 3 4 ord_mult assms nonzero_def
+ by (simp add: nonzero_def)
+qed
+
+text\<open>val is multiplicative everywhere\<close>
+
+lemma val_mult:
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "y \<in> carrier Q\<^sub>p"
+ shows "(val (x \<otimes> y)) = (val x) + (val y)"
+ apply(cases "x = \<zero> \<or> y = \<zero>")
+ using assms local.val_zero apply auto[1]
+ by (meson assms(1) assms(2) not_nonzero_Qp val_mult0)
+
+text\<open>val and ord are compatible with inclusion\<close>
+
+lemma ord_of_inc:
+assumes "x \<in> nonzero Z\<^sub>p"
+shows "ord_Zp x = ord(\<iota> x)"
+proof-
+ have "\<iota> x = frac x \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ using assms(1)
+ by (simp add: Zp.nonzero_closed local.inc_def)
+ then have "ord ( \<iota> x) = ord_Zp x - ord_Zp \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ using assms(1) ord_of_frac
+ by (simp add: Zp.nonzero_one_closed)
+ then show ?thesis
+ using ord_Zp_one
+ by (simp add: ord_Zp_def)
+qed
+
+lemma val_of_inc:
+assumes "x \<in> carrier Z\<^sub>p"
+shows "val_Zp x = val (\<iota> x)"
+proof(cases "x \<in> nonzero Z\<^sub>p")
+ case True
+ then show ?thesis
+ using inc_of_nonzero nonzero_def ord_Zp_def ord_of_inc val_Zp_def val_ord
+ by (simp add: nonzero_def)
+next
+ case False
+ then show ?thesis
+ by (metis Zp.nonzero_memI Zp.nonzero_one_closed assms local.inc_def nonzero_fraction_imp_numer_not_zero val_Zp_def val_def)
+qed
+
+lemma Qp_inc_id:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "ord a \<ge>0"
+ obtains b where "b \<in> nonzero Z\<^sub>p" and "a = \<iota> b"
+ using assms
+ by (metis (no_types, opaque_lifting) Qp.nonzero_closed Qp.nonzero_memE(2)
+ Zp.nonzero_one_closed Zp.zero_closed Zp_defs(2) val_ring_ord_criterion image_iff local.inc_def
+ nonzero_fraction_imp_numer_not_zero not_nonzero_Zp that)
+
+lemma val_ring_memI:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "val a \<ge> 0"
+ shows "a \<in> \<O>\<^sub>p"
+ using assms Qp_val_ringI by blast
+
+lemma val_ring_memE:
+ assumes "a \<in> \<O>\<^sub>p"
+ shows "val a \<ge> 0" "a \<in> carrier Q\<^sub>p"
+ using assms val_of_inc val_pos apply auto[1]
+ using assms inc_closed by auto
+
+lemma val_ring_add_closed:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ shows "a \<oplus> b \<in> \<O>\<^sub>p"
+ using val_ring_subring subringE(7) by (metis assms(1) assms(2))
+
+lemma val_ring_times_closed:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ shows "a \<otimes> b \<in> \<O>\<^sub>p"
+ using val_ring_subring subringE(6) by (metis assms(1) assms(2))
+
+lemma val_ring_ainv_closed:
+ assumes "a \<in> \<O>\<^sub>p"
+ shows "\<ominus> a \<in> \<O>\<^sub>p"
+ using val_ring_subring subringE(5) by (metis assms)
+
+lemma val_ring_minus_closed:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ shows "a \<ominus> b \<in> \<O>\<^sub>p"
+ using assms val_ring_subring val_ring_ainv_closed val_ring_add_closed
+ unfolding a_minus_def by blast
+
+lemma one_in_val_ring:
+"\<one> \<in> \<O>\<^sub>p"
+ apply(rule val_ring_memI)
+ apply blast
+ unfolding val_one by blast
+
+lemma zero_in_val_ring:
+"\<zero> \<in> \<O>\<^sub>p"
+ apply(rule val_ring_memI)
+ apply blast
+ unfolding val_zero
+ by simp
+
+lemma ord_p:
+"ord \<pp> = 1"
+ using p_nonzero ord_Zp_p ord_of_inc p_inc
+ by (smt Zp_int_inc_closed ord_of_nonzero(2))
+
+lemma ord_p_pow_nat:
+"ord (\<pp> [^] (n::nat)) = n"
+ using p_pow_nonzero ord_Zp_p ord_of_inc p_inc ord_Zp_p_pow p_natpow_inc p_pow_nonzero'
+ by auto
+
+lemma ord_p_pow_int:
+"ord (\<pp> [^] (n::int)) = n"
+proof(cases "n \<ge>0")
+ case True
+ then show ?thesis
+ by (metis int_nat_eq int_pow_int ord_p_pow_nat)
+next
+ case False
+ then have Neg: "n <0" by auto
+ then have 0: "\<pp>[^]n = frac \<one>\<^bsub>Z\<^sub>p\<^esub> (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(-n))"
+ using p_intpow by auto
+ have "(\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(-n)) \<in> nonzero Z\<^sub>p"
+ using False p_int_pow_nonzero
+ by (simp add: nonzero_def)
+ then have "ord (\<pp> [^] (n::int)) = ord_Zp \<one>\<^bsub>Z\<^sub>p\<^esub> - ord_Zp (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(-n))"
+ using "0" ord_of_frac
+ by (simp add: Zp.nonzero_one_closed)
+ then have "ord (\<pp> [^] (n::int)) = - ord_Zp (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(-n))"
+ using ord_Zp_one by linarith
+ then have "ord (\<pp> [^] (n::int)) = -(-n)"
+ using Neg ord_Zp_p_int_pow
+ by (metis int.lless_eq neg_0_le_iff_le)
+ then show ?thesis
+ by auto
+qed
+
+lemma ord_nonneg:
+ assumes "x \<in> \<O>\<^sub>p"
+ assumes "x \<noteq> \<zero>"
+ shows "ord x \<ge>0"
+proof-
+ obtain a where A: "x = \<iota> a \<and> a \<in> carrier Z\<^sub>p"
+ using assms(1) by blast
+ then have "a \<in> nonzero Z\<^sub>p" using assms(2)
+ local.inc_def nonzero_fraction_imp_numer_not_zero not_nonzero_Zp
+ using Zp.nonzero_one_closed by blast
+ then have "ord_Zp a \<ge>0"
+ using A
+ by (simp add: Zp.nonzero_memE(2) ord_pos)
+ then show ?thesis
+ using A \<open>a \<in> nonzero Z\<^sub>p\<close> ord_of_inc by metis
+qed
+
+lemma val_p:
+"val \<pp> = 1"
+ using p_inc val_Zp_p val_of_inc val_def ord_p p_nonzero val_ord
+ by simp
+
+lemma val_p_int_pow:
+"val (\<pp>[^](k::int)) = k"
+ using ord_p_pow_int p_intpow_closed(2) val_ord by presburger
+
+lemma val_p_int_pow_neg:
+"val (\<pp>[^](-k::int)) = - eint k"
+ by (metis eint.distinct(2) local.val_zero p_intpow_closed(1) p_intpow_inv'' val_of_inv val_p_int_pow)
+
+lemma nonzero_nat_pow_ord:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "ord (a [^] (n::nat)) = n * ord a"
+ apply(induction n)
+ apply simp
+ using Qp_nat_pow_nonzero assms semiring_normalization_rules(2)
+ by (simp add: semiring_normalization_rules(2) ord_mult)
+
+
+lemma add_cancel_eint_geq:
+ assumes "(eint a) + x \<ge> (eint a ) + y"
+ shows "x \<ge>y"
+ using assms eint_add_left_cancel_le by blast
+
+lemma(in padic_fields) prod_equal_val_imp_equal_val:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "c \<in> carrier Q\<^sub>p"
+ assumes "val (a \<otimes> b) = val (a \<otimes> c)"
+ shows "val b = val c"
+proof(cases "b = \<zero>")
+ case True
+ then have "val (a \<otimes> b) = \<infinity>"
+ using Qp.nonzero_closed Qp.r_null assms(1) local.val_zero by presburger
+ then have "c = \<zero>"
+ using assms True
+ by (metis Qp.integral Qp.nonzero_closed Qp.nonzero_mult_in_car Qp.not_nonzero_memI eint_ord_simps(3) not_nonzero_Qp val_ineq)
+ then show ?thesis
+ using True by blast
+next
+ case False
+ obtain n where n_def: "val a = eint n"
+ using assms val_ord by blast
+ then show ?thesis using val_mult[of a b] val_mult[of a c] unfolding n_def
+ by (simp add: Qp.nonzero_closed assms(1) assms(2) assms(3) assms(4))
+qed
+
+
+lemma two_times_eint:
+ shows "2*(x::eint) = x + x"
+ by (metis eint_2_minus_1_mult eint_add_cancel_fact plus_eq_infty_iff_eint times_eint_simps(4))
+
+lemma times_cfs_val_mono:
+ assumes "u \<in> Units Q\<^sub>p"
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "val (u \<otimes> a) \<le> val (u \<otimes> b)"
+ shows "val a \<le> val b"
+proof-
+ have "eint (ord u) + val a \<le> eint (ord u) + val b"
+ using assms val_ord val_mult Qp.Units_nonzero Qp.nonzero_closed Units_eq_nonzero by metis
+ thus ?thesis
+ apply(induction "val a")
+ using add_cancel_eint_geq apply blast
+ using add_cancel_eint_geq by blast
+qed
+
+lemma times_cfs_val_mono':
+ assumes "u \<in> Units Q\<^sub>p"
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "val (u \<otimes> a) \<le> val (u \<otimes> b) + \<alpha>"
+ shows "val a \<le> val b + \<alpha>"
+proof-
+ obtain c where c_def: "c \<in> carrier Q\<^sub>p \<and> val c = \<alpha>"
+ by (metis Qp.zero_closed eint.exhaust local.val_zero p_intpow_closed(1) val_p_int_pow)
+ have 0: "val (u \<otimes> a) \<le> val (u \<otimes> (b \<otimes> c))"
+ using assms val_mult[of "u \<otimes> b" c] Qp.m_assoc[of u b c] c_def Qp.Units_closed Qp.cring_simprules(5)
+ by metis
+ have 1: "val a \<le> val (b \<otimes> c)"
+ apply(rule times_cfs_val_mono[of u])
+ using assms apply blast using assms apply blast
+ apply(rule Qp.ring_simprules) using assms apply blast using c_def apply blast
+ by(rule 0)
+ show ?thesis
+ using 1 val_mult[of b c] assms c_def by smt
+qed
+
+lemma times_cfs_val_mono'':
+ assumes "u \<in> Units Q\<^sub>p"
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "val a \<le> val b + \<alpha>"
+ shows "val (u \<otimes> a) \<le> val (u \<otimes> b) + \<alpha>"
+ apply(rule times_cfs_val_mono'[of "inv u" "u \<otimes> a" "u \<otimes> b" \<alpha>])
+ using assms apply blast
+ apply(rule Qp.ring_simprules)
+ using assms apply blast using assms apply blast
+ apply(rule Qp.ring_simprules)
+ using assms apply blast using assms apply blast
+ using m_assoc assms
+ by (metis Qp.Units_closed Qp.cring_simprules(5) Qp.inv_cancelR(1))
+
+lemma val_ineq_cancel_leq:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "c \<in> carrier Q\<^sub>p"
+ assumes "val (a \<otimes> b) \<le> val (a \<otimes> c)"
+ shows "val b \<le> val c"
+ using Units_eq_nonzero assms(1) assms(2) assms(3) assms(4) times_cfs_val_mono by blast
+
+lemma val_ineq_cancel_leq':
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "c \<in> carrier Q\<^sub>p"
+ assumes "val b \<le> val c"
+ shows "val (a \<otimes> b) \<le> val (a \<otimes> c)"
+ apply(rule val_ineq_cancel_leq[of "inv a" "a \<otimes> b" "a \<otimes> c"])
+ using assms(1) nonzero_inverse_Qp apply blast
+ using Qp.nonzero_closed assms(1) assms(2) apply blast
+ using Qp.nonzero_closed assms assms(2) apply blast
+ by (metis Qp.inv_cancelR(1) Qp.m_closed Qp.nonzero_closed Units_eq_nonzero assms(1) assms(2) assms(3) assms(4))
+
+lemma val_ineq_cancel_le:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "c \<in> carrier Q\<^sub>p"
+ assumes "val (a \<otimes> b) < val (a \<otimes> c)"
+ shows "val b < val c"
+ using Qp.nonzero_closed assms(1) assms(2) assms(3) assms(4) val_mult by auto
+
+lemma val_ineq_cancel_le':
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "c \<in> carrier Q\<^sub>p"
+ assumes "val b < val c"
+ shows "val (a \<otimes> b) < val (a \<otimes> c)"
+ apply(rule val_ineq_cancel_le[of "inv a" "a \<otimes> b" "a \<otimes> c"])
+ using assms(1) nonzero_inverse_Qp apply blast
+ using Qp.nonzero_closed assms(1) assms(2) apply blast
+ using Qp.nonzero_closed assms assms(2) apply blast
+ by (metis Qp.inv_cancelR(1) Qp.m_closed Qp.nonzero_closed Units_eq_nonzero assms(1) assms(2) assms(3) assms(4))
+
+lemma finite_val_imp_nonzero:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "val a \<noteq> \<infinity>"
+ shows "a \<in> nonzero Q\<^sub>p"
+ using assms unfolding val_def nonzero_def
+ by (metis (mono_tags, lifting) mem_Collect_eq)
+
+lemma val_ineq_cancel_leq'':
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "c \<in> carrier Q\<^sub>p"
+ assumes "val b \<le> val c + eint N"
+ shows "val (a \<otimes> b) \<le> val (a \<otimes> c) + eint N"
+proof-
+ obtain d where d_def: "d = \<pp>[^]N \<otimes> c"
+ by blast
+ show ?thesis
+ proof(cases "c = \<zero>")
+ case True
+ then show ?thesis unfolding True
+ using True Units_eq_nonzero assms(1) assms(2) assms(4) times_cfs_val_mono'' by blast
+ next
+ case False
+ have F0: "c \<in> nonzero Q\<^sub>p"
+ using False assms Qp.not_nonzero_memE by blast
+ have F1: "val (a \<otimes> c) < \<infinity>"
+ using F0 assms
+ by (metis (no_types, lifting) Qp.integral Qp.nonzero_closed Qp.nonzero_memE(2) eint.distinct(1) eint_ord_simps(4) val_def)
+ have F2: "b \<in> nonzero Q\<^sub>p"
+ using F0 assms
+ by (metis False Groups.add_ac(2) add_cancel_eint_geq finite_val_imp_nonzero local.val_zero plus_eint_simps(2) val_ineq)
+ have F3: "ord b \<le> ord c + N"
+ using assms F0
+ by (metis F2 eint_ord_simps(1) plus_eint_simps(1) val_ord)
+ have F4: "ord a + ord b \<le> ord a + ord c+ N"
+ using assms F0 F1 F2 ord_mult F3 by presburger
+ have F5: "ord (a \<otimes> b) \<le> ord (a \<otimes> c) + N"
+ using F4 F2 F0 assms ord_mult by presburger
+ have F6: "a \<otimes> b \<in> nonzero Q\<^sub>p"
+ by (metis F2 Qp.integral Qp.nonzero_memE(1) Qp.nonzero_mult_closed Qp.not_nonzero_memE assms(1))
+ have F7: "a \<otimes> c \<in> nonzero Q\<^sub>p"
+ by (metis False Qp.integral Qp.nonzero_closed Qp.nonzero_memI Qp.nonzero_mult_closed assms(1) assms(3))
+ show "val (a \<otimes> b) \<le> val (a \<otimes> c) + eint N"
+ using val_ord[of "a \<otimes> b" ] val_ord[of "a \<otimes>c"] F7 F7 F4
+ Units_eq_nonzero assms(1) assms(2) assms(3) assms(4) times_cfs_val_mono'' by blast
+ qed
+qed
+
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>The Ultrametric Inequality on $\mathbb{Q}_p$\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+
+lemma ord_ultrametric:
+ assumes "x \<in> nonzero Q\<^sub>p"
+ assumes "y \<in> nonzero Q\<^sub>p"
+ assumes "x \<oplus> y \<in> nonzero Q\<^sub>p"
+ shows "ord (x \<oplus> y) \<ge> min (ord x) (ord y)"
+proof-
+ have 0:"x \<in> carrier Q\<^sub>p" using assms by(simp add:nonzero_def)
+ have 1:"y \<in>carrier Q\<^sub>p" using assms by(simp add:nonzero_def)
+ obtain a b c where
+ A: "a \<in> carrier Z\<^sub>p" and
+ B: "b \<in> carrier Z\<^sub>p" and
+ C: "c \<in> nonzero Z\<^sub>p" and
+ Fx: "x = frac a c" and
+ Fy: "y = frac b c"
+ using 0 1 get_common_denominator by blast
+ have An: "a \<in> nonzero Z\<^sub>p"
+ using A C Fx assms(1) nonzero_fraction_imp_nonzero_numer
+ Qp.nonzero_memE(2) by auto
+ have Bn: " b \<in> nonzero Z\<^sub>p"
+ using B C Fy assms(2) nonzero_fraction_imp_nonzero_numer Qp.nonzero_memE(2) by auto
+ have Fxy: "x \<oplus> y = frac (a \<oplus>\<^bsub>Z\<^sub>p\<^esub> b) c" using 0 1
+ by (simp add: A B C Fx Fy frac_add_common_denom)
+ have ABn: " a \<oplus>\<^bsub>Z\<^sub>p\<^esub> b \<in> nonzero Z\<^sub>p"
+ proof-
+ have "a \<oplus>\<^bsub>Z\<^sub>p\<^esub> b \<in> carrier Z\<^sub>p"
+ using A B Z\<^sub>p_def padic_add_closed prime by blast
+ then show ?thesis
+ using Fxy C assms(3) Qp.nonzero_memE(2)
+ nonzero_fraction_imp_nonzero_numer by blast
+ qed
+ have Ordx: "ord x = ord_Zp a - ord_Zp c"
+ using Fx An C ord_of_frac by metis
+ have Ordy: "ord y = ord_Zp b - ord_Zp c"
+ using Fy Bn C ord_of_frac by metis
+ have Ordxy: "ord (x \<oplus> y) = ord_Zp (a \<oplus>\<^bsub>Z\<^sub>p\<^esub> b) - ord_Zp c"
+ using Fxy ABn C ord_of_frac by metis
+ then show ?thesis
+ using Ordx Ordy Ordxy ord_Zp_ultrametric[of a b] ABn An Bn
+ by linarith
+qed
+
+lemma ord_ultrametric':
+ assumes "x \<in> nonzero Q\<^sub>p"
+ assumes "y \<in> nonzero Q\<^sub>p"
+ assumes "x \<ominus>\<^bsub>Q\<^sub>p\<^esub> y \<in> nonzero Q\<^sub>p"
+ shows "ord (x \<ominus>\<^bsub>Q\<^sub>p\<^esub> y) \<ge> min (ord x) (ord y)"
+proof-
+ have "ord y = ord (\<ominus>y)"
+ using assms(2) ord_minus by blast
+ then show ?thesis
+ using assms ord_ultrametric[of x "\<ominus>y"]
+ unfolding a_minus_def
+ using Qp.add.inv_closed Qp.add.inv_eq_1_iff Qp.nonzero_closed Qp.nonzero_memE(2) Qp.nonzero_memI
+ by metis
+qed
+
+lemma val_ultrametric0:
+ assumes "x \<in> nonzero Q\<^sub>p"
+ assumes "y \<in> nonzero Q\<^sub>p"
+ assumes "x \<oplus> y \<in> nonzero Q\<^sub>p"
+ shows " min (val x) (val y) \<le> val (x \<oplus> y) "
+proof-
+ have 0: "val (x \<oplus> y) = ord (x \<oplus> y)"
+ using assms(3) nonzero_def val_def[of "(x \<oplus> y)"] by fastforce
+ have 1: "val x = ord x"
+ using assms(1) nonzero_def val_def
+ by (simp add: nonzero_def)
+ have 2: "val y = ord y"
+ using assms(2) nonzero_def val_def val_ord by auto
+ have 3: "ord (x \<oplus> y) \<ge> min (ord x) (ord y)"
+ by (simp add: assms(1) assms(2) assms(3) ord_ultrametric)
+ then show ?thesis
+ by (simp add: "0" "1" "2")
+qed
+
+lemma val_ultrametric:
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "y \<in> carrier Q\<^sub>p"
+ shows " min (val x) (val y) \<le> val (x \<oplus> y)"
+ apply(cases "x = \<zero> \<or> y = \<zero>")
+ using assms(1) assms(2) apply auto[1]
+ by (metis Qp.add.m_closed assms(1) assms(2) eint_ord_code(3) local.val_zero not_nonzero_Qp val_ultrametric0)
+
+lemma val_ultrametric':
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "y \<in> carrier Q\<^sub>p"
+ shows " min (val x) (val y) \<le> val (x \<ominus> y)"
+ using val_ultrametric[of x "\<ominus>y"]
+ val_minus[of y]
+ assms
+ by (metis Qp.domain_axioms a_minus_def cring.cring_simprules(3) domain.axioms(1))
+
+lemma diff_ord_nonzero:
+ assumes "x \<in> nonzero Q\<^sub>p"
+ assumes "y \<in> nonzero Q\<^sub>p"
+ assumes "ord x \<noteq> ord y"
+ shows "x \<oplus> y \<in> nonzero Q\<^sub>p"
+proof(rule ccontr)
+ assume " x \<oplus> y \<notin> nonzero Q\<^sub>p"
+ then have "x \<oplus> y = \<zero>"
+ using Qp.add.m_closed Qp.nonzero_closed Qp.nonzero_memI assms(1) assms(2) by blast
+ then have "x = \<ominus> y"
+ using Qp.minus_equality Qp.nonzero_closed assms(1) assms(2) by blast
+ then have "ord x = ord y"
+ using assms(2) ord_minus by presburger
+ then show False
+ using assms(3) by blast
+qed
+
+lemma ord_ultrametric_noteq:
+ assumes "x \<in> nonzero Q\<^sub>p"
+ assumes "y \<in> nonzero Q\<^sub>p"
+ assumes "ord x > ord y"
+ shows "ord (x \<oplus> y) = (ord y)"
+proof(rule ccontr)
+ assume "ord (x \<oplus> y) \<noteq> ord y"
+ have 00:"x \<oplus> y \<in> nonzero Q\<^sub>p"
+ proof(rule ccontr)
+ assume "x \<oplus> y \<notin> nonzero Q\<^sub>p"
+ then have "x \<oplus> y = \<zero>"
+ using Qp.add.m_closed Qp.nonzero_closed Qp.nonzero_memI assms(1) assms(2) by blast
+ then have "x = \<ominus> y"
+ by (smt \<open>x \<oplus> y \<notin> nonzero Q\<^sub>p\<close> assms(1) assms(2) assms(3) diff_ord_nonzero)
+ then have "ord x = ord y"
+ using assms(2) ord_minus by presburger
+ then show False
+ using assms(3) by linarith
+ qed
+ then have 0: "ord (x \<oplus> y) > ord y"
+ using ord_ultrametric[of x y] \<open>ord (x \<oplus> y) \<noteq> ord y\<close> assms(1) assms(2) assms(3)
+ by linarith
+ have 1: "((y \<oplus> x) \<ominus> x) = y"
+ using "00" Qp.add.inv_solve_right' Qp.add.m_comm Qp.minus_eq Qp.nonzero_closed assms(1) assms(2) by presburger
+ have 2: "ord ((y \<oplus> x) \<ominus> x) \<ge> min (ord (y \<oplus> x)) (ord x) "
+ using 1 assms ord_ultrametric'[of "(y \<oplus> x)" x] diff_ord_nonzero by auto
+ have 3: "ord y \<ge> min (ord x) (ord (x \<oplus> y))"
+ using 2 1 Q\<^sub>p_def Qp.domain_axioms Z\<^sub>p_def assms(1) assms(2) cring.cring_simprules(10)
+ domain.axioms(1) Qp.nonzero_closed by fastforce
+ show False
+ using 3 0 assms
+ by linarith
+qed
+
+lemma ord_ultrametric_noteq':
+ assumes "x \<in> nonzero Q\<^sub>p"
+ assumes "y \<in> nonzero Q\<^sub>p"
+ assumes "ord x > ord y"
+ shows "ord (x \<ominus> y) = (ord y)"
+ using assms ord_ultrametric_noteq[of x "\<ominus>y"]
+ by (metis Qp.add.inv_closed Qp.minus_eq Qp.nonzero_closed Qp.nonzero_memI Qp.r_neg Qp.r_zero ord_minus)
+
+lemma ord_ultrametric_noteq'':
+ assumes "x \<in> nonzero Q\<^sub>p"
+ assumes "y \<in> nonzero Q\<^sub>p"
+ assumes "ord y > ord x"
+ shows "ord (x \<ominus> y) = (ord x)"
+ using assms ord_ultrametric_noteq'[of y x]
+ by (metis Qp.minus_a_inv Qp.nonzero_closed Qp.not_eq_diff_nonzero ord_minus)
+
+lemma val_ultrametric_noteq:
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "y \<in> carrier Q\<^sub>p"
+ assumes "val x > val y"
+ shows "val (x \<oplus> y) = val y"
+ apply(cases "x = \<zero>")
+ apply (simp add: assms(2))
+ using assms unfolding val_def
+ by (smt Qp.not_nonzero_memI diff_ord_nonzero eint_ord_simps(2) not_nonzero_Qp ord_ultrametric_noteq val_def val_nonzero)
+
+lemma val_ultrametric_noteq':
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "y \<in> carrier Q\<^sub>p"
+ assumes "val x > val y"
+ shows "val (x \<ominus> y) = val y"
+ using assms val_ultrametric_noteq[of x "\<ominus>y"]
+ by (metis Qp.domain_axioms a_minus_def cring.cring_simprules(3) domain.axioms(1) val_minus)
+
+lemma ultrametric_equal_eq:
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "y \<in> carrier Q\<^sub>p"
+ assumes "val (y \<ominus> x) > val x"
+ shows "val x = val y"
+ using assms
+ by (metis (no_types, lifting) Qp.add.inv_closed Qp.add.m_assoc Qp.l_neg Qp.minus_closed Qp.minus_eq Qp.r_zero val_ultrametric_noteq)
+
+lemma ultrametric_equal_eq':
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "y \<in> carrier Q\<^sub>p"
+ assumes "val (x \<ominus> y) > val x"
+ shows "val x = val y"
+ using assms ultrametric_equal_eq[of x y]
+ by (metis Qp.minus_a_inv Qp.minus_closed val_minus)
+
+lemma val_ultrametric_noteq'':
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "y \<in> carrier Q\<^sub>p"
+ assumes "val x > val y"
+ shows "val (y \<ominus> x) = val y"
+ by (metis Qp.minus_a_inv Qp.minus_closed assms(1) assms(2) assms(3) val_minus val_ultrametric_noteq')
+
+text\<open>Ultrametric over finite sums:\<close>
+
+lemma Min_mono:
+ assumes "finite A"
+ assumes "A \<noteq> {}"
+ assumes "\<And> a. a \<in> A \<Longrightarrow> f a \<le> a"
+ shows "Min (f`A) \<le> Min A"
+ by (meson Min_in Min_le_iff assms(1) assms(2) assms(3) finite_imageI image_eqI image_is_empty)
+
+lemma Min_mono':
+ assumes "finite A"
+ assumes "\<And> (a::'a). a \<in> A \<Longrightarrow> (f::'a \<Rightarrow> eint) a \<le> g a"
+ shows "Min (f`A) \<le> Min (g `A)"
+proof-
+ have "(\<forall>a \<in> A. f a \<le> g a) \<longrightarrow> Min (f`A) \<le> Min (g` A)"
+ apply(rule finite.induct[of A])
+ apply (simp add: assms(1))
+ apply simp
+ proof fix A a assume F: "finite A" "(\<forall>a\<in>A. f a \<le> g a) \<longrightarrow> Min (f ` A) \<le> Min (g ` A)"
+"\<forall>a\<in>insert a A. f a \<le> g a"
+ show "Min (f ` insert a A) \<le> Min (g ` insert a A)"
+ proof-
+ obtain k where k_def: "k \<in> insert a A \<and> g k = Min (g ` insert a A)"
+ using assms
+ by (metis (mono_tags, opaque_lifting) F(1) Min_eq_iff finite.insertI finite_imageI image_iff image_is_empty insert_not_empty)
+ then have 0: "f k \<le> g k"
+ using F(3) by blast
+ thus ?thesis using k_def
+ by (metis F(1) Min_le dual_order.trans finite.insertI finite_imageI image_eqI)
+ qed
+ qed
+ thus ?thesis using assms by blast
+qed
+
+lemma eint_ord_trans:
+ assumes "(a::eint) \<le> b"
+ assumes "b \<le> c"
+ shows "a \<le> c"
+ using assms by auto
+
+lemma eint_Min_geq:
+ assumes "finite (A::eint set)"
+ assumes "\<And>x. x \<in> A \<Longrightarrow> x \<ge> c"
+ assumes "A \<noteq> {}"
+ shows "Min A \<ge> c"
+ using Min_in[of A] assms(2)[of "Min A"] assms by blast
+
+lemma eint_Min_gr:
+ assumes "finite (A::eint set)"
+ assumes "\<And>x. x \<in> A \<Longrightarrow> x > c"
+ assumes "A \<noteq> {}"
+ shows "Min A > c"
+ using Min_in[of A] assms(2)[of "Min A"] assms by blast
+
+lemma finsum_val_ultrametric:
+ assumes "g \<in> A \<rightarrow> carrier Q\<^sub>p"
+ assumes "finite A"
+ assumes "A \<noteq> {}"
+ shows " val (finsum Q\<^sub>p g A) \<ge> Min (val ` (g`A))"
+proof-
+ have "A \<noteq> {} \<and> g \<in> A \<rightarrow> carrier Q\<^sub>p \<longrightarrow> val (finsum Q\<^sub>p g A) \<ge> Min (val ` (g`A))"
+ apply(rule finite.induct[of A])
+ apply (simp add: assms(2))
+ apply blast
+ proof fix A a assume A: "finite A" "A \<noteq> {}\<and> g \<in> A \<rightarrow> carrier Q\<^sub>p \<longrightarrow> val (finsum Q\<^sub>p g A) \<ge> Min (val ` g ` A)"
+ " insert a A \<noteq> {} \<and> g \<in> insert a A \<rightarrow> carrier Q\<^sub>p "
+ show "val (finsum Q\<^sub>p g (insert a A)) \<ge> Min (val ` g ` insert a A)"
+ apply(cases "a \<in> A")
+ apply (metis A(2) A(3) insert_absorb)
+ proof(cases "A = {}")
+ have g_closed: "g \<in> A \<rightarrow> carrier Q\<^sub>p"
+ using A(3) by blast
+ have g_closed': "g \<in> insert a A \<rightarrow> carrier Q\<^sub>p"
+ using A(3) by linarith
+ then have ga: "g a \<in> carrier Q\<^sub>p"
+ by blast
+ assume a_notin: "a \<notin> A"
+ case True
+ have "g a \<in> carrier Q\<^sub>p" using A(3)
+ by blast
+ then have 0: "(finsum Q\<^sub>p g (insert a A)) = g a"
+ using A True abelian_monoid.finsum_insert[of Q\<^sub>p A a g] abelian_monoid.finsum_empty[of Q\<^sub>p g]
+ Qp.abelian_monoid_axioms Qp.add.l_cancel_one Qp.zero_closed a_notin g_closed
+ by metis
+ have 1: "Min (val ` g ` insert a A) = val (g a)"
+ by (metis A(1) True Min_in finite.insertI finite_imageI image_empty
+ image_insert insert_not_empty singletonD)
+ show ?thesis
+ using 0 1
+ by simp
+ next
+ case False
+ assume a_notin: "a \<notin> A"
+ have g_closed: "g \<in> A \<rightarrow> carrier Q\<^sub>p"
+ using A(3) by blast
+ have g_closed': "g \<in> insert a A \<rightarrow> carrier Q\<^sub>p"
+ using A(3) by linarith
+ then have ga: "g a \<in> carrier Q\<^sub>p"
+ by blast
+ have 0: "finsum Q\<^sub>p g (insert a A) = g a \<oplus> finsum Q\<^sub>p g A"
+ by (simp add: A(1) a_notin g_closed ga)
+ have 1: "min (val (g a)) (Min (val ` g ` A)) = Min (insert (val (g a)) (val ` g ` A))"
+ proof-
+ have 10: "finite (val ` g ` A) " using A
+ by blast
+ then have 11: "val ` g ` A \<noteq> {}"
+ using False
+ by blast
+ show ?thesis
+ using 10 11 Min_insert
+ by simp
+ qed
+ have 2: " val (g a \<oplus> finsum Q\<^sub>p g A) \<ge> min (val (g a)) (val (finsum Q\<^sub>p g A))"
+ using val_ultrametric[of "g a" "finsum Q\<^sub>p g A" ] abelian_monoid.finsum_closed[of Q\<^sub>p g A]
+ g_closed ga Qp.abelian_monoid_axioms by blast
+ have 3: " val (finsum Q\<^sub>p g A) \<ge> Min (val ` g ` A)"
+ using A False
+ by blast
+ have 4: " val (finsum Q\<^sub>p g (insert a A)) \<ge> min (val (g a)) (val (finsum Q\<^sub>p g A))"
+ using 2 "0"
+ by presburger
+ have 5: " val (finsum Q\<^sub>p g A) \<ge> Min (val ` g ` A)"
+ using False "3" by blast
+ show " val (finsum Q\<^sub>p g (insert a A)) \<ge> Min (val ` g ` insert a A)"
+ using 5 4 1
+ by (smt image_insert min.cobounded1 min_def order_trans)
+ qed
+ qed
+ then show ?thesis
+ using assms
+ by blast
+qed
+
+lemma (in padic_fields) finsum_val_ultrametric':
+ assumes "g \<in> A \<rightarrow> carrier Q\<^sub>p"
+ assumes "finite A"
+ assumes "\<And>i. i \<in> A \<Longrightarrow> val (g i) \<ge> c"
+ shows " val (finsum Q\<^sub>p g A) \<ge> c"
+proof(cases "A = {}")
+ case True
+ then show ?thesis using assms
+ unfolding True Qp.finsum_empty
+ using eint_ord_code(3) local.val_zero by presburger
+next
+ case False
+ show ?thesis
+ proof(rule eint_ord_trans[of _ "Min (val ` g ` A)"])
+ have 0: "\<And>s. s \<in> val ` g ` A \<Longrightarrow> s \<ge> c"
+ proof- fix s assume A: "s \<in> val ` g ` A"
+ then obtain a where a_def: "a \<in> A \<and> s = val (g a)"
+ by blast
+ have s_eq: "s = val (g a)"
+ using a_def by blast
+ show "c \<le> s"
+ using assms(3)[of a] A a_def unfolding s_eq by blast
+ qed
+ show "c \<le> Min (val ` g ` A)"
+ apply(rule eint_Min_geq)
+ using assms apply blast using assms apply blast
+ using False by blast
+ show "Min (val ` g ` A) \<le> val (finsum Q\<^sub>p g A)"
+ by(rule finsum_val_ultrametric[of g A], rule assms, rule assms, rule False)
+ qed
+qed
+
+lemma (in padic_fields) finsum_val_ultrametric'':
+ assumes "g \<in> A \<rightarrow> carrier Q\<^sub>p"
+ assumes "finite A"
+ assumes "\<And>i. i \<in> A \<Longrightarrow> val (g i) > c"
+ assumes "c < \<infinity>"
+ shows " val (finsum Q\<^sub>p g A) > c"
+proof(cases "A = {}")
+ case True
+ then show ?thesis using assms
+ unfolding True Qp.finsum_empty val_zero
+ using eint_ord_code(3) local.val_zero by blast
+next
+ case False
+ show ?thesis
+ proof(rule less_le_trans[of _ "Min (val ` g ` A)"])
+ have 0: "\<And>s. s \<in> val ` g ` A \<Longrightarrow> s > c"
+ proof- fix s assume A: "s \<in> val ` g ` A"
+ then obtain a where a_def: "a \<in> A \<and> s = val (g a)"
+ by blast
+ have s_eq: "s = val (g a)"
+ using a_def by blast
+ show "c < s"
+ using assms(3)[of a] A a_def unfolding s_eq by blast
+ qed
+ show "c < Min (val ` g ` A)"
+ apply(rule eint_Min_gr)
+ using assms apply blast using assms
+ using "0" apply blast
+ using False by blast
+ show "Min (val ` g ` A) \<le> val (finsum Q\<^sub>p g A)"
+ by(rule finsum_val_ultrametric[of g A], rule assms, rule assms, rule False)
+ qed
+qed
+
+lemma Qp_diff_diff:
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "c \<in> carrier Q\<^sub>p"
+ assumes "d \<in> carrier Q\<^sub>p"
+ shows "(x \<ominus> c) \<ominus> (d \<ominus> c) = x \<ominus> d "
+ by (smt Qp.domain_axioms a_minus_def assms(1) assms(2) assms(3) cring.cring_simprules(10)
+ cring.cring_simprules(19) cring.cring_simprules(3) cring.cring_simprules(4)
+ cring.cring_simprules(7) domain.axioms(1))
+
+text\<open>This variant of the ultrametric identity formalizes the common saying that "all triangles in $\mathbb{Q}_p$ are isosceles":\<close>
+lemma Qp_isosceles:
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "c \<in> carrier Q\<^sub>p"
+ assumes "d \<in> carrier Q\<^sub>p"
+ assumes "val (x \<ominus> c) \<ge> v"
+ assumes "val (d \<ominus> c) \<ge> v"
+ shows "val (x \<ominus> d) \<ge> v"
+proof-
+ have "val (x \<ominus> d) \<ge> min (val (x \<ominus> c)) (val (d \<ominus> c))"
+ using assms Qp_diff_diff[of x c d]
+ by (metis Qp.domain_axioms cring.cring_simprules(4) domain.axioms(1) val_ultrametric')
+ then show ?thesis using assms
+ by (meson dual_order.trans min_le_iff_disj)
+qed
+
+text\<open>More variants on the ultrametric inequality\<close>
+
+lemma MinE:
+ assumes "finite (A::eint set)"
+ assumes "a = Min A"
+ assumes "b \<in> A"
+ shows "a \<le> b"
+ using assms by (simp add: assms(3))
+
+lemma MinE':
+ assumes "finite (A::eint set)"
+ assumes "a = Min A"
+ assumes "b \<in> A - {a}"
+ shows "a < b"
+proof-
+ have 0: "a \<le> b"
+ using assms MinE by blast
+ have 1: "a \<noteq> b" using assms by blast
+ show ?thesis using 0 1
+ by simp
+qed
+
+lemma MinE'':
+ assumes "finite A"
+ assumes "f \<in> A \<rightarrow> (UNIV :: eint set)"
+ assumes "a = Min (f ` A)"
+ assumes "b \<in> A"
+ shows "a \<le> f b"
+ apply(rule MinE[of "f` A"]) using assms apply blast using assms apply blast using assms by blast
+
+lemma finsum_val_ultrametric_diff:
+ assumes "g \<in> A \<rightarrow> carrier Q\<^sub>p"
+ assumes "finite A"
+ assumes "A \<noteq> {}"
+ assumes "\<And>a b. a \<in> A \<Longrightarrow> b \<in> A \<Longrightarrow> a \<noteq> b \<Longrightarrow> val (g a) \<noteq> val (g b)"
+ shows " val (finsum Q\<^sub>p g A) = Min (val ` g`A)"
+proof-
+ have "Min (val ` g ` A) \<in> val ` g ` A"
+ using Min_in[of "val ` g ` A"] assms by blast
+ then obtain a where a_def: "a \<in> A \<and> Min (val ` g`A) = val (g a)"
+ by blast
+ have 0: "\<And>b. b \<in> A \<Longrightarrow> b \<noteq> a \<Longrightarrow> val (g b) > val (g a)"
+ apply(rule MinE'[of "val ` g ` A"]) using assms apply blast
+ using a_def assms apply presburger
+ using assms(4)[of a] a_def
+ by (metis image_eqI insert_Diff insert_iff)
+ have 1: "g a \<oplus> finsum Q\<^sub>p g (A - {a}) = finsum Q\<^sub>p g (insert a (A - {a}))"
+ using assms Qp.finsum_insert[of "A - {a}" a g] a_def finite_subset[of "A - {a}" A] by blast
+ have 2: "finsum Q\<^sub>p g A = g a \<oplus> finsum Q\<^sub>p g (A - {a})"
+ unfolding 1 using a_def
+ by (metis insert_Diff_single insert_absorb)
+ have 3: "g a \<in> carrier Q\<^sub>p"
+ using a_def assms by blast
+ show "val (finsum Q\<^sub>p g A) = Min (val ` g`A)"
+ proof(cases "A = {a}")
+ case True
+ show ?thesis using 3 Qp.finsum_empty[of g] a_def unfolding 2 unfolding True
+ by auto
+ next
+ case False
+ then have F0: "A - {a} \<noteq> {}"
+ using assms by blast
+ have F1: "finsum Q\<^sub>p g (A - {a}) \<in> carrier Q\<^sub>p"
+ apply(rule Qp.finsum_closed)
+ using assms by blast
+ have F2: "val (finsum Q\<^sub>p g (A - {a})) \<ge> Min (val ` g` (A- {a}))"
+ apply(rule finsum_val_ultrametric)
+ using assms apply blast using assms apply blast using False a_def by blast
+ have F3: "Min (val ` g` (A- {a})) \<in> (val ` g` (A- {a}))"
+ apply(rule Min_in)
+ using assms apply blast using False a_def by blast
+ obtain b where b_def: "b \<in> A - {a} \<and> Min (val ` g` (A- {a})) = val (g b)"
+ using F3 by blast
+ have F4: "Min (val ` g` (A- {a})) > val (g a)"
+ using a_def assms b_def by (metis "0" Diff_iff singletonI)
+ have F5: "val (finsum Q\<^sub>p g (A - {a})) > val (g a)"
+ using F4 F2 less_le_trans by blast
+ then show ?thesis using 2 F1 3
+ by (metis Qp.a_ac(2) a_def val_ultrametric_noteq)
+ qed
+qed
+
+lemma finsum_val_ultrametric_diff':
+ assumes "g \<in> A \<rightarrow> carrier Q\<^sub>p"
+ assumes "finite A"
+ assumes "A \<noteq> {}"
+ assumes "\<And>a b. a \<in> A \<Longrightarrow> b \<in> A \<Longrightarrow> a \<noteq> b \<Longrightarrow> val (g a) \<noteq> val (g b)"
+ shows " val (finsum Q\<^sub>p g A) = (MIN a \<in> A. (val (g a)))"
+proof-
+ have 0: "(\<lambda> a. val (g a)) ` A = (val ` g`A)"
+ by blast
+ show ?thesis using assms finsum_val_ultrametric_diff[of g A] unfolding 0 by blast
+qed
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Constructing the Angular Component Maps on $\mathbb{Q}_p$\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>Unreduced Angular Component Map\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+text\<open>While one can compute the residue of a $p$-adic integer mod $p^n$, this operation does not generalize to the $p$-adic field unless we restrict our attention to the valuation ring. However, we can still define the angular component maps on the field $\mathbb{Q}_p$, which allows us to take a sort of residue for any element $x \in \mathbb{Q}_p$. Given a nonzero element $x \in \mathbb{Q}_p^{\times}$, we can normalize it to obtain $p^{-ord( x)}x$ which has of valuation zero, and then computes its residue (viewed as an element of $\mathbb{Z}_p$). The resulting map agrees with the standard residue map on elements of $\mathbb{Q}_p$ of valuation zero, but not on terms of positive or negative valuation. For example, the element $p^2$ has an order $1$ residue of $0$, but its order $1$ angular component is $1$. In the formalism below, we will use the term "\texttt{angular\_component}" to refer to the unreduced normalization map $x \mapsto p^{-ord( x)}x$, and use the notation "\texttt{ac n}" to refer to the angular component which has been reduced mod $p^n$. This is line with the terminology used in \cite{denef1986}. \<close>
+definition angular_component where
+"angular_component a = (ac_Zp (numer a)) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (inv\<^bsub>Z\<^sub>p\<^esub> ac_Zp (denom a))"
+
+lemma ac_fract:
+ assumes "c \<in> carrier Q\<^sub>p"
+ assumes "a \<in> nonzero Z\<^sub>p"
+ assumes "b \<in> nonzero Z\<^sub>p"
+ assumes "c = frac a b"
+ shows "angular_component c = (ac_Zp a)\<otimes>\<^bsub>Z\<^sub>p\<^esub> inv \<^bsub>Z\<^sub>p\<^esub>(ac_Zp b)"
+proof-
+ have "(numer c) \<otimes>\<^bsub>Z\<^sub>p\<^esub> b = (denom c) \<otimes>\<^bsub>Z\<^sub>p\<^esub> a"
+ by (simp add: assms(2) assms(3) assms(4) mult_comm numer_denom_swap)
+ then have "ac_Zp ((numer c) \<otimes>\<^bsub>Z\<^sub>p\<^esub> b) = ac_Zp ((denom c) \<otimes>\<^bsub>Z\<^sub>p\<^esub> a)"
+ by simp
+ then have "(ac_Zp (numer c)) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (ac_Zp b) = (ac_Zp (denom c)) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (ac_Zp a)"
+ by (metis Q\<^sub>p_def Zp.nonzero_closed Zp.numer_denom_facts(3) ac_Zp_mult assms(2) assms(3) assms(4) local.frac_closed local.numer_denom_facts(1) nonzero_fraction_imp_nonzero_numer nonzero_numer_imp_nonzero_fraction numer_denom_frac)
+ then have "(inv \<^bsub>Z\<^sub>p\<^esub> (ac_Zp (denom c))) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (ac_Zp (numer c)) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (ac_Zp b) = (ac_Zp a)"
+ using ac_Zp_is_Unit[of "ac_Zp (denom c)"] Zp.domain_axioms inv_cancelR(1)
+ Q\<^sub>p_def Zp.Units_closed Zp.inv_cancelR(1) Zp.m_closed Zp.nonzero_closed Zp.nonzero_memE(2) Z\<^sub>p_def ac_Zp_is_Unit assms(1) assms(2) mult_assoc padic_fields.numer_denom_facts(2) padic_fields_axioms by auto
+ then have "(inv \<^bsub>Z\<^sub>p\<^esub> (ac_Zp (denom c))) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (ac_Zp (numer c)) = (ac_Zp a) \<otimes>\<^bsub>Z\<^sub>p\<^esub> inv \<^bsub>Z\<^sub>p\<^esub> (ac_Zp b)"
+ using ac_Zp_is_Unit[of "ac_Zp b"] Zp.domain_axioms inv_cancelL(2)
+ by (smt Q\<^sub>p_def Zp.Units_inv_closed Zp.Units_r_inv Zp.nonzero_closed Zp.nonzero_memE(2) Zp.r_one Z\<^sub>p_def ac_Zp_is_Unit assms(1) assms(3) mult_assoc mult_comm padic_fields.numer_denom_facts(2) padic_fields_axioms)
+ then show ?thesis
+ by (simp add: angular_component_def mult_comm)
+qed
+
+lemma angular_component_closed:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "angular_component a \<in> carrier Z\<^sub>p"
+ using ac_fract assms Q\<^sub>p_def Qp.nonzero_closed Qp.nonzero_memE(2) Zp.Units_inv_closed Zp.m_closed
+ Zp.nonzero_closed Zp.nonzero_memE(2) Z\<^sub>p_def ac_Zp_is_Unit angular_component_def local.numer_denom_facts(3)
+ padic_fields.numer_denom_facts(1) padic_fields.numer_denom_facts(2) padic_fields_axioms padic_integers.ac_Zp_in_Zp padic_integers_def prime by auto
+
+lemma angular_component_unit:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "angular_component a \<in> Units Z\<^sub>p"
+ using ac_fract[of a "numer a" "denom a"] Q\<^sub>p_def Qp.nonzero_closed
+ Qp.nonzero_memE(2) Zp.Units_inv_Units Zp.Units_m_closed
+ Zp.nonzero_closed Zp.nonzero_memE(2) Z\<^sub>p_def ac_Zp_is_Unit
+ angular_component_def assms local.numer_denom_facts(1)
+ local.numer_denom_facts(2) padic_fields.numer_denom_facts(3)
+ padic_fields_axioms by auto
+
+lemma angular_component_factors_x:
+ assumes "x \<in> nonzero Q\<^sub>p"
+ shows "x = (\<pp>[^](ord x)) \<otimes> \<iota> (angular_component x)"
+proof-
+ have 0: "angular_component x = (ac_Zp (numer x)) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (inv\<^bsub>Z\<^sub>p\<^esub> ac_Zp (denom x))"
+ by (simp add: angular_component_def)
+ have 1: "(numer x) = (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(ord_Zp (numer x))) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (ac_Zp (numer x))"
+ proof-
+ have "numer x \<in> nonzero Z\<^sub>p"
+ using assms unfolding Q\<^sub>p_def
+ by (simp add: numer_nonzero)
+ then show ?thesis using ac_Zp_factors_x[of "numer x"]
+ by (simp add: ac_Zp_factors')
+ qed
+ have 2: "(denom x) = (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(ord_Zp (denom x))) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (ac_Zp (denom x))"
+ proof-
+ have "denom x \<in> nonzero Z\<^sub>p"
+ using nonzero_memE assms numer_denom_facts(2)
+ by (simp add: Qp.nonzero_closed)
+ then show ?thesis
+ using ac_Zp_factors_x[of "denom x"] Zp.nonzero_closed Zp.nonzero_memE(2) by auto
+ qed
+ have 3: "\<iota> (angular_component x) = frac (ac_Zp (numer x)) (ac_Zp (denom x))"
+ by (metis "0" Q\<^sub>p_def Qp.nonzero_closed Qp.nonzero_memE(2) Zp.nonzero_closed Zp.nonzero_memE(2) Zp.numer_denom_facts(2) Z\<^sub>p_def Z\<^sub>p_division_Qp_0 ac_Zp_is_Unit angular_component_closed assms local.inc_def padic_fields.numer_denom_facts(2) padic_fields.numer_denom_facts(3) padic_fields_axioms)
+ have 4: "(\<pp>[^]((ord x))) \<otimes> \<iota> (angular_component x) =
+ (\<pp>[^]((ord_Zp (numer x)) - (ord_Zp (denom x)))) \<otimes> frac (ac_Zp (numer x)) (ac_Zp (denom x))"
+ using "3" ord_def by presburger
+ have 5: "(\<pp>[^]((ord x))) \<otimes> \<iota> (angular_component x) =
+ frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>((ord_Zp (numer x)))) (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(ord_Zp (denom x))) \<otimes> frac (ac_Zp (numer x)) (ac_Zp (denom x))"
+ proof-
+ have "(\<pp>[^]((ord_Zp (numer x)) - (ord_Zp (denom x))))
+ = frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>((ord_Zp (numer x)))) (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(ord_Zp (denom x)))"
+ by (metis Q\<^sub>p_def Qp.nonzero_closed Z\<^sub>p_def assms domain.nonzero_memE(1) domain.nonzero_memE(2) numer_nonzero ord_pos p_pow_diff padic_fields.numer_denom_facts(2) padic_fields_axioms padic_int_is_domain prime)
+ then show ?thesis using 4 by metis
+ qed
+ have 6: "(\<pp>[^]((ord x))) \<otimes> \<iota> (angular_component x) =
+ frac (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>((ord_Zp (numer x))) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (ac_Zp (numer x))) (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(ord_Zp (denom x)) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (ac_Zp (denom x)))"
+ using 5 frac_mult[of "\<p>[^]\<^bsub>Z\<^sub>p\<^esub>((ord_Zp (numer x)))" " (\<p>[^]\<^bsub>Z\<^sub>p\<^esub>(ord_Zp (denom x)))" "(ac_Zp (numer x)) " " (ac_Zp (denom x))"] mult_comm
+ by (metis "2" Q\<^sub>p_def Qp.nonzero_closed Zp.integral_iff Zp.nonzero_closed Zp.nonzero_memE(2) ac_Zp_in_Zp assms local.numer_denom_facts(2) not_nonzero_Zp numer_nonzero ord_pos p_int_pow_nonzero)
+ then show ?thesis
+ using "1" "2" nonzero_memE assms numer_denom_facts(5) Qp.nonzero_closed by auto
+qed
+
+lemma angular_component_mult:
+ assumes "x \<in> nonzero Q\<^sub>p"
+ assumes "y \<in> nonzero Q\<^sub>p"
+ shows "angular_component (x \<otimes> y) = (angular_component x) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (angular_component y)"
+proof-
+ obtain a b where "a = numer x" and
+ "b = denom x" and
+ a_nz: "a \<in> nonzero Z\<^sub>p" and
+ b_nz: "b \<in> nonzero Z\<^sub>p" and
+ x_frac: "x = frac a b"
+ using assms Qp.nonzero_memE[of x]
+ by (meson local.numer_denom_facts(1) local.numer_denom_facts(2)
+ local.numer_denom_facts(3) local.numer_denom_facts(5) not_nonzero_Zp)
+ obtain c d where "c = numer y" and
+ "d = denom y" and
+ c_nz: "c \<in> nonzero Z\<^sub>p" and
+ d_nz: "d \<in> nonzero Z\<^sub>p" and
+ y_frac: "y = frac c d"
+ using assms Qp.nonzero_memE[of y]
+ by (meson local.numer_denom_facts(1) local.numer_denom_facts(2) local.numer_denom_facts(3) local.numer_denom_facts(5) not_nonzero_Zp)
+ have 0: "(x \<otimes> y) = frac (a \<otimes>\<^bsub>Z\<^sub>p\<^esub> c) (b \<otimes>\<^bsub>Z\<^sub>p\<^esub> d)"
+ using a_nz b_nz c_nz d_nz frac_mult x_frac y_frac
+ by (simp add: Zp.nonzero_closed)
+ have 1: "angular_component (x \<otimes> y) = (ac_Zp (a \<otimes>\<^bsub>Z\<^sub>p\<^esub> c)) \<otimes>\<^bsub>Z\<^sub>p\<^esub> inv\<^bsub>Z\<^sub>p\<^esub> (ac_Zp (b \<otimes>\<^bsub>Z\<^sub>p\<^esub> d))"
+ by (metis (mono_tags, lifting) "0" Qp.nonzero_mult_closed Zp.integral_iff Zp.nonzero_closed Zp.nonzero_mult_closed a_nz ac_fract assms(1) assms(2) b_nz c_nz d_nz not_nonzero_Zp)
+ have 2: "angular_component (x \<otimes> y) = (ac_Zp a) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (ac_Zp c) \<otimes>\<^bsub>Z\<^sub>p\<^esub> inv\<^bsub>Z\<^sub>p\<^esub> ((ac_Zp b) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (ac_Zp d))"
+ by (simp add: "1" a_nz ac_Zp_mult b_nz c_nz d_nz)
+ have 3: "angular_component (x \<otimes> y) = (ac_Zp a) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (ac_Zp c) \<otimes>\<^bsub>Z\<^sub>p\<^esub> inv\<^bsub>Z\<^sub>p\<^esub> (ac_Zp b) \<otimes>\<^bsub>Z\<^sub>p\<^esub> inv\<^bsub>Z\<^sub>p\<^esub> (ac_Zp d)"
+ using 2
+ by (simp add: Zp.inv_of_prod Zp.nonzero_closed Zp.nonzero_memE(2) ac_Zp_is_Unit b_nz d_nz mult_assoc)
+
+ have 4: "angular_component (x \<otimes> y) = (ac_Zp a) \<otimes>\<^bsub>Z\<^sub>p\<^esub> inv\<^bsub>Z\<^sub>p\<^esub> (ac_Zp b) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (ac_Zp c) \<otimes>\<^bsub>Z\<^sub>p\<^esub> inv\<^bsub>Z\<^sub>p\<^esub> (ac_Zp d)"
+ using "3" a_nz ac_Zp_in_Zp ac_Zp_is_Unit b_nz c_nz m_assoc mult_comm
+ mult_assoc by auto
+ have 5: "angular_component (x \<otimes> y) = ((ac_Zp a) \<otimes>\<^bsub>Z\<^sub>p\<^esub> inv\<^bsub>Z\<^sub>p\<^esub> (ac_Zp b)) \<otimes>\<^bsub>Z\<^sub>p\<^esub> ( (ac_Zp c) \<otimes>\<^bsub>Z\<^sub>p\<^esub> inv\<^bsub>Z\<^sub>p\<^esub> (ac_Zp d))"
+ using 4 by (simp add: mult_assoc)
+ then show ?thesis
+ by (simp add: Z\<^sub>p_def \<open>a = numer x\<close> \<open>b = denom x\<close> \<open>c = numer y\<close> \<open>d = denom y\<close>
+ padic_fields.angular_component_def padic_fields_axioms)
+qed
+
+lemma angular_component_inv:
+ assumes "x \<in> nonzero Q\<^sub>p"
+ shows "angular_component (inv\<^bsub>Q\<^sub>p\<^esub> x) = inv\<^bsub>Z\<^sub>p\<^esub> (angular_component x)"
+ by (metis Q\<^sub>p_def Qp.one_closed Zp.Units_r_inv Zp.inv_unique' Zp.nonzero_closed Zp.nonzero_one_closed Zp.zero_not_one Z\<^sub>p_def \<iota>_def ac_Zp_is_Unit angular_component_closed angular_component_mult assms frac_nonzero_inv(1) frac_nonzero_inv(2) inc_equation inc_of_one nonzero_inverse_Qp padic_fields.ac_fract padic_fields_axioms)
+
+lemma angular_component_one:
+"angular_component \<one> = \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ using \<iota>_def ac_Zp_one ac_fract inc_equation inc_of_one
+ Zp.nonzero_one_closed by fastforce
+
+lemma angular_component_ord_zero:
+ assumes "ord x = 0"
+ assumes "x \<in> nonzero Q\<^sub>p"
+ shows "\<iota> (angular_component x) = x"
+proof-
+ have 0: "ord x \<ge>0"
+ using assms by auto
+ have 1: "x \<in> nonzero Q\<^sub>p"
+ proof-
+ have "x \<noteq> \<zero>"
+ using nonzero_def assms(2) Qp.nonzero_memE(2) by auto
+ then show ?thesis
+ by (simp add: assms(2))
+ qed
+ obtain a where a_def: "a \<in> nonzero Z\<^sub>p \<and> \<iota> a = x"
+ using 0 1 assms Qp_inc_id[of x]
+ by metis
+ then have "x = frac a \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ using local.inc_def Zp.nonzero_closed by blast
+ then have "angular_component x = ac_Zp a \<otimes>\<^bsub>Z\<^sub>p\<^esub> inv\<^bsub>Z\<^sub>p\<^esub> (ac_Zp \<one>\<^bsub>Z\<^sub>p\<^esub>)"
+ using ac_fract[of x a ] "1" nonzero_memE Q\<^sub>p_def Zp.nonzero_closed Zp.nonzero_one_closed Z\<^sub>p_def a_def
+ local.frac_closed padic_fields.ac_fract padic_fields_axioms by auto
+ then have "angular_component x = ac_Zp a \<otimes>\<^bsub>Z\<^sub>p\<^esub> inv\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ by (simp add: ac_Zp_one)
+ then have 0: "angular_component x = ac_Zp a \<otimes>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ by simp
+ have "ac_Zp a \<in> nonzero Z\<^sub>p"
+ using Zp.Units_nonzero Zp.nonzero_closed Zp.not_nonzero_memI a_def ac_Zp_is_Unit by auto
+ thus ?thesis using 0
+ by (metis Zp.l_one Zp.nonzero_closed Zp_defs(1) Zp_defs(4) a_def ac_Zp_factors'
+ assms(1) int_pow_0 mult_comm ord_of_inc)
+qed
+
+lemma angular_component_of_inclusion:
+ assumes "x \<in> nonzero Z\<^sub>p"
+ assumes "y = \<iota> x"
+ shows "angular_component y = ac_Zp x"
+proof-
+ have "y = local.frac x \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ using assms
+ by (simp add: Zp.nonzero_closed local.inc_def)
+ then have 0: "angular_component y = (ac_Zp x) \<otimes>\<^bsub>Z\<^sub>p\<^esub> inv\<^bsub>Z\<^sub>p\<^esub> ac_Zp (\<one>\<^bsub>Z\<^sub>p\<^esub>)"
+ using assms ac_fract[of y x ]
+ by (simp add: \<open>y = \<iota> x\<close> Zp.nonzero_closed Zp.nonzero_one_closed local.frac_closed)
+ have 1: "ac_Zp \<one>\<^bsub>Z\<^sub>p\<^esub> = \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ using ac_Zp_one by blast
+ have 2: "(ac_Zp x) \<in> carrier Z\<^sub>p"
+ using Zp.Units_closed Zp.nonzero_closed ac_Zp_is_Unit assms(1) nonzero_fraction_imp_numer_not_zero nonzero_numer_imp_nonzero_fraction by auto
+ have 3: "inv \<^bsub>Z\<^sub>p\<^esub> (ac_Zp \<one>\<^bsub>Z\<^sub>p\<^esub>) = \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ using 1
+ by simp
+ have 4: "(ac_Zp x) \<otimes>\<^bsub>Z\<^sub>p\<^esub> inv\<^bsub>Z\<^sub>p\<^esub> ac_Zp (\<one>\<^bsub>Z\<^sub>p\<^esub>) = (ac_Zp x) \<otimes>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ using "3" by auto
+ have 5: "(ac_Zp x) \<otimes>\<^bsub>Z\<^sub>p\<^esub> inv\<^bsub>Z\<^sub>p\<^esub> ac_Zp (\<one>\<^bsub>Z\<^sub>p\<^esub>) = (ac_Zp x)"
+ using 4 2 Zp.domain_axioms by simp
+ then show ?thesis
+ by (simp add: "0")
+qed
+
+lemma res_uminus:
+ assumes "k > 0"
+ assumes "f \<in> carrier Z\<^sub>p"
+ assumes "c \<in> carrier (Zp_res_ring k)"
+ assumes "c = \<ominus>\<^bsub>Zp_res_ring k\<^esub> (f k)"
+ shows "c = ((\<ominus>\<^bsub>Z\<^sub>p\<^esub> f) k)"
+ using Z\<^sub>p_def assms(2) assms(4) prime Zp_residue_a_inv(1) by auto
+
+lemma ord_fract:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> nonzero Q\<^sub>p"
+ shows "ord (a \<div> b) = ord a - ord b"
+ using assms nonzero_memE nonzero_def nonzero_inverse_Qp ord_mult ord_of_inv
+ Qp.nonzero_closed Qp.nonzero_memE(2) by presburger
+
+lemma val_fract:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> nonzero Q\<^sub>p"
+ shows "val (a \<div> b) = val a - val b"
+ apply(cases "a = \<zero>")
+ apply (simp add: Units_eq_nonzero assms(2) val_def)
+proof-
+ assume "a \<noteq> \<zero>"
+ then have 0: "a \<in> nonzero Q\<^sub>p"
+ by (simp add: Qp.nonzero_memI assms(1))
+ have 1: "(a \<div> b) \<in> nonzero Q\<^sub>p"
+ by (simp add: "0" Localization.submonoid.m_closed Qp.nonzero_is_submonoid assms(2) nonzero_inverse_Qp)
+ show ?thesis using 0 1 assms
+ by (simp add: ord_fract)
+qed
+
+lemma zero_fract:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "\<zero> \<div> a = \<zero>"
+ by (simp add: Units_eq_nonzero assms)
+
+lemma fract_closed:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "b \<in> nonzero Q\<^sub>p"
+ shows "(a \<div> b) \<in> carrier Q\<^sub>p"
+ by (simp add: Units_eq_nonzero assms(1) assms(2))
+
+lemma val_of_power:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "val (a[^](n::nat)) = n*(val a)"
+ unfolding val_def using assms
+ by (simp add: Qp.nonzero_memE(2) Qp_nat_pow_nonzero nonzero_nat_pow_ord)
+
+lemma val_zero_imp_val_pow_zero:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "val a = 0"
+ shows "val (a[^](n::nat)) = 0"
+ apply(induction n)
+ using assms apply simp
+proof-
+ fix n ::nat
+ assume A: "val (a [^] n) = 0"
+ have 0: "a [^] Suc n = a [^] n \<otimes> a"
+ by simp
+ show "val (a [^] Suc n) = 0 "
+ unfolding 0 using A assms
+ by (simp add: val_mult)
+qed
+
+text\<open>val and ord of powers of p\<close>
+
+lemma val_p_nat_pow:
+"val (\<pp>[^](k::nat)) = eint k"
+ by (simp add: ord_p_pow_nat)
+
+lemma ord_p_int_pow:
+"ord (\<pp>[^](k::int)) = k"
+ by (simp add: ord_p_pow_int)
+
+lemma ord_p_nat_pow:
+"ord (\<pp>[^](k::nat)) = k"
+ by (simp add: ord_p_pow_nat)
+
+lemma val_nonzero_frac:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> nonzero Q\<^sub>p"
+ assumes "val (a \<div> b) = c"
+ shows "val a = val b + c"
+proof-
+ obtain n where n_def: "c = eint n"
+ using assms val_ord by (metis (no_types, lifting) Qp.integral Qp.nonzero_closed inv_in_frac(1) inv_in_frac(2) val_def)
+ have 0: "ord (a \<div> b) = n"
+ by (metis assms(3) eint.distinct(2) eint.inject n_def val_def)
+ have 1: "ord a - ord b = n"
+ using 0 assms by (metis ord_fract)
+ have 2: "ord a = ord b + n"
+ using 1 by presburger
+ show "val a = val b + c"
+ unfolding n_def using 2 assms
+ by (metis Qp.nonzero_memE(1) fract_closed local.fract_cancel_right n_def val_mult)
+qed
+
+lemma val_nonzero_frac':
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> nonzero Q\<^sub>p"
+ assumes "val (a \<div> b) = 0"
+ shows "val a = val b"
+ using val_nonzero_frac[of a b 0]
+ by (metis arith_simps(50) assms(1) assms(2) assms(3))
+
+lemma equal_val_imp_equal_ord:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "val a = val b"
+ shows "ord a = ord b" "b \<in> nonzero Q\<^sub>p"
+ using assms
+ apply (metis eint.inject eint.simps(3) eint_ord_simps(4) val_nonzero val_ord)
+ using assms unfolding nonzero_def
+ using val_def by auto
+
+lemma int_pow_ord:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "ord (a[^](i::int)) = i* (ord a)"
+proof(induction i)
+ show "\<And>n. ord (a [^] int n) = int n * ord a"
+ using assms
+ by (metis int_pow_int mult_of_nat_commute nonzero_nat_pow_ord)
+ show "\<And>n. ord (a [^] - int (Suc n)) = - int (Suc n) * ord a"
+ proof- fix n
+ have "(a [^] - int (Suc n)) \<otimes> (a [^] int (Suc n)) = a [^] (- int (Suc n) + int (Suc n))"
+ using assms Qp_int_pow_add by blast
+ hence "(a [^] - int (Suc n)) \<otimes> (a [^] int (Suc n)) = \<one>"
+ using assms
+ by (metis ab_group_add_class.ab_left_minus int_pow_0)
+ hence "ord (a [^] - int (Suc n)) + ord (a [^] int (Suc n)) = 0"
+ by (metis Qp_int_pow_nonzero assms ord_mult ord_one)
+ thus "ord (a [^] - int (Suc n)) = - int (Suc n) * ord a"
+ using nonzero_nat_pow_ord assms
+ by (metis \<open>\<And>n. ord (a [^] int n) = int n * ord a\<close> add.inverse_inverse add_left_cancel more_arith_simps(4) more_arith_simps(7))
+ qed
+qed
+
+lemma int_pow_val:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "val (a[^](i::int)) = i* (val a)"
+ using int_pow_ord Qp_int_pow_nonzero assms times_eint_simps(1) val_ord by presburger
+
+lemma neg_int_pow_val:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "val (a[^]-(i::int)) = - (val (a[^]i))"
+ using int_pow_val[of a i]
+ by (metis Qp_int_pow_nonzero assms int_pow_ord mult_minus_left val_ord val_p_int_pow val_p_int_pow_neg)
+
+lemma int_pow_sum_val:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "val (a[^]((i::int) + j)) = (val (a[^]i)) + val (a[^]j)"
+ using assms Qp.int_pow_add Qp_int_pow_nonzero Units_eq_nonzero val_mult0 by presburger
+
+lemma int_pow_diff_val:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "val (a[^]((i::int) - j)) = (val (a[^]i)) - val (a[^]j)"
+proof-
+ obtain k where k_def: "val a = eint k"
+ using assms val_ord by blast
+ have 0: "val (a[^]((i::int) - j)) = eint ((i-j)*k)"
+ using assms k_def int_pow_val times_eint_simps(1) by presburger
+ show ?thesis unfolding 0 using k_def
+ by (metis "0" Qp_int_pow_nonzero Rings.ring_distribs(3) assms eint.simps(1) idiff_eint_eint int_pow_ord val_ord)
+qed
+
+lemma nat_add_pow_mult_assoc:
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "[(n::nat)]\<cdot>a = [n]\<cdot>\<one> \<otimes> a"
+ using assms Qp.add_pow_ldistr Qp.l_one Qp.one_closed by presburger
+
+lemma(in padic_integers) equal_res_imp_equal_ord_Zp:
+ assumes "N > 0"
+ assumes "a \<in> carrier Zp"
+ assumes "b \<in> carrier Zp"
+ assumes "a N = b N"
+ assumes "a N \<noteq> 0"
+ shows "ord_Zp a = ord_Zp b"
+proof-
+ have "(a \<ominus> b) N = 0"
+ using assms(2) assms(3) assms(4) res_diff_zero_fact'' by blast
+ have "ord_Zp a < N"
+ using assms zero_below_ord by force
+ then show ?thesis
+ by (smt R.minus_closed Zp_def \<open>(a \<ominus> b) N = 0\<close> above_ord_nonzero assms(2) assms(3) assms(4) assms(5) ord_Zp_ultrametric_eq' ord_Zp_ultrametric_eq'' padic_integers.ord_Zp_not_equal_imp_notequal(2) padic_integers.ord_of_nonzero(2) padic_integers.ord_pos padic_integers_axioms residue_of_zero(2))
+qed
+
+lemma(in padic_integers) equal_res_mod:
+ assumes "N > k"
+ assumes "a \<in> carrier Zp"
+ assumes "b \<in> carrier Zp"
+ assumes "a N = b N"
+ shows "a k = b k"
+proof-
+ have 0: "a k = a N mod p^k"
+ using assms
+ by (metis Zp_int_inc_rep Zp_int_inc_res less_or_eq_imp_le p_residue_padic_int)
+ have 1: "b k = b N mod p^k"
+ using assms
+ by (metis Zp_int_inc_rep Zp_int_inc_res less_or_eq_imp_le p_residue_padic_int)
+ show ?thesis unfolding 0 1 assms using assms by blast
+qed
+
+lemma Qp_char_0:
+ assumes "(n::nat) \<noteq> 0"
+ shows "[n]\<cdot>\<one> \<noteq> \<zero>"
+proof-
+ have "[n]\<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub> \<noteq> \<zero>\<^bsub>Z\<^sub>p\<^esub>"
+ using Zp_char_0' assms by blast
+ thus ?thesis using inc_of_nat
+ by (metis Qp.nat_inc_zero Zp.nat_inc_zero Zp_nat_inc_closed \<iota>_def inc_inj2)
+qed
+
+lemma Qp_char_0_int:
+ assumes "(n::int) \<noteq> 0"
+ shows "[n]\<cdot>\<one> \<noteq> \<zero>"
+proof-
+ have "[n]\<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub> \<noteq> \<zero>\<^bsub>Z\<^sub>p\<^esub>"
+ using Zp_char_0 assms
+ by (metis int_inc_mult linorder_neqE_linordered_idom mult_zero_l zero_less_mult_iff)
+ thus ?thesis using inc_of_int
+ by (metis Q\<^sub>p_def Zp_int_inc_closed \<iota>_def inc_inj1)
+qed
+
+lemma add_int_pow_inject:
+ assumes "[(k::int)]\<cdot>\<one> = [(j::int)]\<cdot>\<one>"
+ shows "k = j"
+proof(rule ccontr)
+ assume A: "k \<noteq> j"
+ then have 0: "k - j \<noteq>0 "
+ by presburger
+ hence 1: "[(k-j)]\<cdot>\<one> \<noteq> \<zero> "
+ using Qp_char_0_int by blast
+ hence 2: "[k]\<cdot>\<one> \<oplus> [(-j)]\<cdot> \<one> \<noteq> \<zero> "
+ by (metis (no_types, opaque_lifting) Qp.add.int_pow_mult Qp.one_closed diff_minus_eq_add diff_zero minus_diff_eq)
+ hence 2: "[k]\<cdot>\<one> \<ominus> [j]\<cdot> \<one> \<noteq> \<zero> "
+ by (metis Qp.add.int_pow_mult Qp.int_inc_zero Qp.one_closed assms more_arith_simps(4))
+ thus False using assms
+ using Qp.int_inc_closed Qp.r_right_minus_eq by blast
+qed
+
+lemma val_ord_nat_inc:
+ assumes "(n::nat) > 0"
+ shows "ord ([n]\<cdot>\<one>) = val([n]\<cdot>\<one>)"
+ using val_ord assms Qp_char_0
+ by (metis less_irrefl_nat val_def)
+
+lemma val_ord_int_inc:
+ assumes "(n::int) \<noteq> 0"
+ shows "ord ([n]\<cdot>\<one>) = val([n]\<cdot>\<one>)"
+ using val_ord assms Qp_char_0_int val_def by presburger
+
+
+ (********************************************************************************************)
+ (********************************************************************************************)
+ subsubsection\<open>Reduced Angular Component Maps\<close>
+ (********************************************************************************************)
+ (********************************************************************************************)
+
+definition ac :: "nat \<Rightarrow> padic_number \<Rightarrow> int" where
+"ac n x = (if x = \<zero> then 0 else (angular_component x) n)"
+
+lemma ac_in_res_ring:
+ assumes "x \<in> nonzero Q\<^sub>p"
+ shows "ac n x \<in> carrier (Zp_res_ring n)"
+ unfolding ac_def
+ using assms angular_component_closed[of x]
+ by (simp add: Qp.nonzero_memE(2) residues_closed)
+
+lemma ac_in_res_ring'[simp]:
+ assumes "x \<in> carrier Q\<^sub>p"
+ shows "ac n x \<in> carrier (Zp_res_ring n)"
+ apply(cases "x \<in> nonzero Q\<^sub>p")
+ using ac_in_res_ring apply blast
+ by (metis Qp.nonzero_memI ac_def assms mod_0 mod_in_carrier p_res_ring_car p_residue_alt_def)
+
+lemma ac_mult':
+ assumes "x \<in> nonzero Q\<^sub>p"
+ assumes "y \<in> nonzero Q\<^sub>p"
+ shows "ac n (x \<otimes> y) = (ac n x) \<otimes>\<^bsub>Zp_res_ring n\<^esub> (ac n y)"
+ unfolding ac_def
+proof-
+ have 0: "angular_component (x \<otimes> y) = angular_component x \<otimes>\<^bsub>Z\<^sub>p\<^esub> angular_component y"
+ using assms angular_component_mult[of x y]
+ by auto
+ show "(if x \<otimes> y = \<zero> then 0 else angular_component (x \<otimes> y) n) =
+ (if x = \<zero> then 0 else angular_component x n) \<otimes>\<^bsub>Zp_res_ring n\<^esub> (if y = \<zero> then 0 else angular_component y n)"
+ using assms angular_component_closed[of x] angular_component_closed[of y]
+ by (simp add: "0" Qp.integral_iff Qp.nonzero_closed Qp.nonzero_memE(2) residue_of_prod)
+qed
+
+lemma ac_mult:
+ assumes "x \<in> carrier Q\<^sub>p"
+ assumes "y \<in> carrier Q\<^sub>p"
+ shows "ac n (x \<otimes> y) = (ac n x) \<otimes>\<^bsub>Zp_res_ring n\<^esub> (ac n y)"
+ apply(cases "x \<in> nonzero Q\<^sub>p \<and> y \<in> nonzero Q\<^sub>p")
+ apply (simp add: ac_mult')
+ using assms unfolding ac_def
+ by (smt Qp.integral_iff Qp.nonzero_memI residue_times_zero_l residue_times_zero_r)
+
+lemma ac_one[simp]:
+ assumes "n \<ge> 1"
+ shows "ac n \<one> = 1"
+proof-
+ have "ac n \<one> = \<one>\<^bsub>Z\<^sub>p\<^esub> n"
+ unfolding ac_def
+ using angular_component_one
+ by simp
+ then show ?thesis
+ using assms residue_of_one(2) by auto
+qed
+
+lemma ac_one':
+ assumes "n > 0"
+ shows "ac n \<one> = \<one>\<^bsub>Zp_res_ring n\<^esub>"
+ using assms residue_ring_def
+ by auto
+
+lemma ac_units:
+ assumes "x \<in> nonzero Q\<^sub>p"
+ assumes "n > 0"
+ shows "ac n x \<in> Units (Zp_res_ring n)"
+proof-
+ obtain y where y_def: "y = inv x"
+ by simp
+ have y_nz: "y \<in> nonzero Q\<^sub>p"
+ using assms(1) nonzero_inverse_Qp y_def
+ by blast
+ have 0: "ac n (x \<otimes> y) = (ac n x) \<otimes>\<^bsub>Zp_res_ring n\<^esub> (ac n y)"
+ using ac_mult' assms(1) y_nz by blast
+ have 1: "x \<otimes> y = \<one>"
+ by (metis Qp.field_axioms Qp.nonzero_memE Qp.nonzero_memE assms(1) field.field_inv(2) y_def)
+ have 2: "(ac n x) \<otimes>\<^bsub>Zp_res_ring n\<^esub> (ac n y) = \<one>\<^bsub>Zp_res_ring n\<^esub>"
+ using "0" "1" ac_one' assms(2)
+ by auto
+ show ?thesis
+ by (metis "2" R_comm_monoid ac_in_res_ring assms(1) assms(2) comm_monoid.UnitsI(1) nonzero_inverse_Qp y_def)
+
+qed
+
+lemma ac_inv:
+ assumes "x \<in> nonzero Q\<^sub>p"
+ assumes "n > 0"
+ shows "ac n (inv x) = inv\<^bsub>Zp_res_ring n\<^esub> (ac n x)"
+proof-
+ have "x \<otimes> inv x = \<one>"
+ by (simp add: Qp.monoid_axioms Units_eq_nonzero assms(1) monoid.Units_r_inv)
+ then have "ac n (x \<otimes> inv x) = \<one>\<^bsub>Zp_res_ring n\<^esub>"
+ by (simp add: \<open>(x \<div> x) = \<one>\<close> ac_one' assms(2))
+ then have "ac n x \<otimes>\<^bsub>Zp_res_ring n\<^esub> ac n (inv x) = \<one>\<^bsub>Zp_res_ring n\<^esub>"
+ using Units_eq_nonzero Units_inverse_Qp ac_mult' assms(1)
+ by metis
+ then show ?thesis
+ by (metis R_comm_monoid ac_in_res_ring assms(1) assms(2) comm_monoid.comm_inv_char nonzero_inverse_Qp)
+qed
+
+lemma ac_inv':
+ assumes "x \<in> nonzero Q\<^sub>p"
+ assumes "n > 0"
+ shows "ac n (inv x) \<otimes>\<^bsub>Zp_res_ring n\<^esub> (ac n x) = \<one>\<^bsub>Zp_res_ring n\<^esub>"
+ using ac_inv[of x n] ac_units[of x n] assms
+ by (metis (no_types, opaque_lifting) Qp.field_axioms Qp.nonzero_memE
+ Qp.nonzero_memE Units_eq_nonzero Units_inverse_Qp ac_mult ac_one' field.field_inv(1))
+
+lemma ac_inv'':
+ assumes "x \<in> nonzero Q\<^sub>p"
+ assumes "n > 0"
+ shows " (ac n x) \<otimes>\<^bsub>Zp_res_ring n\<^esub> ac n (inv x)= \<one>\<^bsub>Zp_res_ring n\<^esub>"
+ using ac_inv' assms(1) assms(2) residue_mult_comm by auto
+
+lemma ac_inv''':
+ assumes "x \<in> nonzero Q\<^sub>p"
+ assumes "n > 0"
+ shows "(ac n x) \<otimes>\<^bsub>Zp_res_ring n\<^esub> ac n (inv x)= 1"
+ "ac n (inv x) \<otimes>\<^bsub>Zp_res_ring n\<^esub> (ac n x) = 1"
+ by (auto simp add: ac_inv'' ac_inv' assms(1) assms(2) p_res_ring_one)
+
+lemma ac_val:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> nonzero Q\<^sub>p"
+ assumes "val a = val b"
+ assumes "val (a \<ominus> b) \<ge> val a + n"
+ shows "ac n a = ac n b"
+proof-
+ obtain m where m_def: "m = ord a"
+ by simp
+ have 0: "a = (\<pp>[^]m) \<otimes> \<iota> (angular_component a)"
+ by (simp add: angular_component_factors_x assms(1) m_def)
+ have 1: "b = (\<pp>[^]m) \<otimes> \<iota> (angular_component b)"
+ proof-
+ have "ord b = ord a"
+ using assms(1) assms(2) assms(3) by auto
+ then show ?thesis
+ by (metis angular_component_factors_x assms(2) m_def)
+ qed
+ have 2: "(a \<ominus>b) = (\<pp>[^]m) \<otimes> \<iota> (angular_component a)
+ \<ominus>(\<pp>[^]m) \<otimes> \<iota> (angular_component b)"
+ using "0" "1" by auto
+ have 3: "(a \<ominus>b) = (\<pp>[^]m) \<otimes>( \<iota> (angular_component a)
+ \<ominus> \<iota> (angular_component b))"
+ using 2 assms angular_component_closed inc_closed Qp.cring_simprules Qp.r_minus_distr
+ by (metis (no_types, lifting) p_intpow_closed(1))
+ have 4: "(a \<ominus>b) = (\<pp>[^]m) \<otimes>( \<iota> ((angular_component a)
+ \<ominus>\<^bsub>Z\<^sub>p\<^esub>(angular_component b)))"
+ by (simp add: "3" angular_component_closed assms(1) assms(2) inc_of_diff)
+ have 5: "val (a \<ominus>b) = m + val (( \<iota> ((angular_component a)
+ \<ominus>\<^bsub>Z\<^sub>p\<^esub>(angular_component b))))"
+ by (metis "4" Zp.nonzero_one_closed angular_component_closed assms(1) assms(2)
+ cring.cring_simprules(4) frac_closed local.inc_def ord_p_pow_int p_intpow_closed(1)
+ p_intpow_closed(2) Zp.domain_axioms domain_def val_mult val_ord)
+ have 6: "m = val a"
+ using Q\<^sub>p_def assms(1) m_def by auto
+ have 7: "m + val (\<iota> (angular_component a \<ominus>\<^bsub>Z\<^sub>p\<^esub> angular_component b)) \<ge> val a + n"
+ using "5" assms(4) by presburger
+ have 8: "m + val (\<iota> (angular_component a \<ominus>\<^bsub>Z\<^sub>p\<^esub> angular_component b)) \<ge> m + n"
+ using "6" "7"
+ by (metis plus_eint_simps(1))
+ have 9: "val (\<iota> (angular_component a \<ominus>\<^bsub>Z\<^sub>p\<^esub> angular_component b)) \<ge> n"
+ using 8 add_le_cancel_left eint_ile eint_ord_simps(1) linear plus_eint_simps(1)
+ by metis
+ have 10: "val_Zp (angular_component a \<ominus>\<^bsub>Z\<^sub>p\<^esub> angular_component b) \<ge> n"
+ using 9
+ by (metis angular_component_closed assms(1) assms(2) cring.cring_simprules(4)
+ Zp.domain_axioms domain_def val_of_inc)
+ have 11: "(angular_component a \<ominus>\<^bsub>Z\<^sub>p\<^esub> angular_component b) n = \<zero>\<^bsub>Zp_res_ring n\<^esub>"
+ using 9
+ by (simp add: "10" angular_component_closed assms(1) assms(2) p_res_ring_zero zero_below_val_Zp)
+ have 12: "(angular_component a n) \<ominus>\<^bsub>Zp_res_ring n\<^esub> (angular_component b n) = \<zero>\<^bsub>Zp_res_ring n\<^esub>"
+ using "11" angular_component_closed assms(2) residue_of_diff by auto
+ have 13: "(angular_component a n) = (angular_component b n)"
+ apply(cases "n = 0")
+ apply (metis angular_component_closed assms(1) assms(2) p_res_ring_0' residues_closed)
+ using 12 angular_component_closed residue_closed ring.ring_simprules[of "Zp_res_ring n"]
+ by (meson assms(1) assms(2) cring_def prime residues.cring residues_n ring.r_right_minus_eq)
+ then show ?thesis
+ by (simp add: Qp.nonzero_memE ac_def assms(1) assms(2))
+qed
+
+lemma angular_component_nat_pow:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "angular_component (a [^] (k::nat)) = (angular_component a) [^]\<^bsub>Z\<^sub>p\<^esub> k"
+ apply(induction k)
+ apply (simp add: angular_component_one)
+ by (simp add: Qp_nat_pow_nonzero angular_component_mult assms)
+
+lemma angular_component_int_pow:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "angular_component (a [^] (k::int)) = (angular_component a) [^]\<^bsub>Z\<^sub>p\<^esub> k"
+ apply(cases "k \<ge> 0")
+ using angular_component_nat_pow assms
+ apply (metis int_pow_int nonneg_int_cases)
+proof-
+ assume "\<not> 0 \<le>k"
+ show "angular_component (a [^] k) = angular_component a [^] \<^bsub>Z\<^sub>p\<^esub> k"
+ using angular_component_nat_pow[of a "nat (-k)"] assms
+ Qp_nat_pow_nonzero[of a] \<open>\<not> 0 \<le> k\<close> angular_component_inv[of "(a [^] k)"] int_pow_def2
+ by (metis angular_component_nat_pow angular_component_inv)
+qed
+
+lemma ac_nat_pow:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "ac n (a [^] (k::nat)) = (ac n a)^ k mod (p^n)"
+proof(cases "k = 0")
+ case True
+ show ?thesis apply(cases "n = 0")
+ apply (metis Group.nat_pow_0 Qp.one_closed True ac_in_res_ring' mod_self p_res_ring_0' power_0)
+ using True prime residues.one_cong residues.res_one_eq residues_n by auto
+next
+ case False
+ show ?thesis
+ apply(cases "n = 0")
+ apply (metis Qp_nat_pow_nonzero ac_in_res_ring assms mod_by_1 p_res_ring_0' power_0)
+ using assms angular_component_nat_pow
+ by (metis Qp.nonzero_closed Qp.nonzero_pow_nonzero Qp.not_nonzero_memI ac_def angular_component_closed neq0_conv power_residue)
+qed
+
+lemma ac_nat_pow':
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "n \<noteq>0"
+ shows "ac n (a [^] (k::nat)) = (ac n a)[^]\<^bsub>Zp_res_ring n\<^esub> k"
+proof-
+ have "(ac n a)^ k mod (p^n) = (ac n a)[^]\<^bsub>Zp_res_ring n\<^esub> k"
+ apply(induction k)
+ apply (metis Group.nat_pow_0 assms(2) prime residues.pow_cong residues_n)
+ by (metis Group.nat_pow_Suc Qp_nat_pow_nonzero ac_mult' ac_nat_pow assms(1))
+ then show ?thesis
+ by (simp add: ac_nat_pow assms(1))
+qed
+
+lemma ac_int_pow:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "n > 0"
+ shows "ac n (a [^] (k::int)) = (ac n a)[^]\<^bsub>Zp_res_ring n\<^esub> k"
+ apply(cases "k \<ge>0")
+ using assms ac_nat_pow'
+ apply (metis int.lless_eq int.nat_pow_0 p_residues pow_nat residues_def)
+ using assms ac_nat_pow' ac_inv[of "a [^] k"] ac_units[of "a [^] k"]
+ by (metis Qp_nat_pow_nonzero ac_inv int_pow_def2 neq0_conv)
+
+lemma angular_component_p:
+"angular_component \<pp> = \<one>\<^bsub>Z\<^sub>p\<^esub>"
+proof-
+ have "\<pp> = frac \<p> \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ by (simp add: Zp_nat_inc_closed local.inc_def p_inc)
+ then have 0: "angular_component \<pp> = (ac_Zp \<p>) \<otimes>\<^bsub>Z\<^sub>p\<^esub> inv\<^bsub>Z\<^sub>p\<^esub> (ac_Zp \<one>\<^bsub>Z\<^sub>p\<^esub>)"
+ using ac_Zp_one unfolding angular_component_def
+ by (metis Q\<^sub>p_def Qp.int_inc_closed Zp.one_nonzero Zp_int_inc_closed ac_fract
+ local.numer_denom_facts(2) local.numer_denom_facts(5) nonzero_fraction_imp_nonzero_numer
+ nonzero_numer_imp_nonzero_fraction numer_nonzero p_nonzero)
+ then have "angular_component \<pp> = (ac_Zp \<p>) \<otimes>\<^bsub>Z\<^sub>p\<^esub> inv\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ by (simp add: ac_Zp_one)
+ then have "angular_component \<pp> = (ac_Zp \<p>)"
+ by (simp add: ac_Zp_p)
+ then show ?thesis
+ using ac_Zp_p
+ by simp
+qed
+
+lemma angular_component_p_nat_pow:
+"angular_component (\<pp> [^] (n::nat)) = \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ apply(induction n)
+ apply (simp add: angular_component_one)
+ using angular_component_nat_pow angular_component_p nat_pow_one p_nonzero Zp.nat_pow_one
+ by presburger
+
+lemma angular_component_p_int_pow:
+"angular_component (\<pp> [^] (n::int)) = \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ apply(cases "n \<ge> 0")
+ apply (metis angular_component_p_nat_pow int_pow_int nonneg_int_cases)
+ using angular_component_p_nat_pow[of "nat (-n)"] angular_component_inv[of "(\<pp> [^] n)"] angular_component_inv[of "\<pp> [^] (nat (-n))"]
+ by (metis (mono_tags, opaque_lifting) Group.nat_pow_0 Zp.inv_one add.inverse_neutral angular_component_one int_nat_eq
+ int_pow_def2 nat_0_iff nat_int nat_zminus_int p_natpow_closed(2) )
+
+lemma ac_p_nat_pow:
+ assumes "k > 0"
+ shows "ac k (\<pp> [^] (n::nat)) = 1"
+proof-
+ have "\<not> (\<pp> [^] n) = \<zero>"
+ by (simp add: Qp.nonzero_memE)
+ have " angular_component (\<pp> [^] n) k = 1"
+ using assms angular_component_p_nat_pow[of n] ac_def ac_one angular_component_one
+ by auto
+ then show ?thesis
+ unfolding ac_def using angular_component_p_nat_pow[of n]
+ by (simp add: \<open>(\<pp> [^] n) \<noteq> \<zero>\<close>)
+qed
+
+lemma ac_p:
+ assumes "k > 0"
+ shows "ac k \<pp> = 1"
+ by (metis Qp.int_inc_closed Qp.nat_pow_eone ac_p_nat_pow assms)
+
+lemma ac_p_int_pow:
+ assumes "k > 0"
+ shows "ac k (\<pp> [^] (n::int)) = 1"
+ using Qp.nonzero_memE(2) ac_def ac_one' angular_component_one angular_component_p_int_pow
+ assms p_intpow_closed(2) p_res_ring_one by auto
+
+lemma angular_component_p_nat_pow_factor:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "angular_component ((\<pp> [^] (n::nat)) \<otimes> a) = angular_component a"
+proof-
+ have 0: "angular_component ((\<pp> [^] n) \<otimes> a) = angular_component (\<pp> [^] n) \<otimes>\<^bsub>Z\<^sub>p\<^esub> angular_component a"
+ using assms angular_component_mult[of "(\<pp> [^] (n::nat))" a] p_natpow_closed(2)
+ by blast
+ have 1: "angular_component (\<pp> [^] n) = \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ by (simp add: angular_component_p_nat_pow)
+ have 2: "angular_component ((\<pp> [^] n) \<otimes> a) = \<one>\<^bsub>Z\<^sub>p\<^esub> \<otimes>\<^bsub>Z\<^sub>p\<^esub> angular_component a"
+ by (simp add: "0" "1")
+ then show ?thesis using angular_component_closed[of a] assms Zp.domain_axioms
+ by (simp add: assms cring.cring_simprules(12) domain.axioms(1))
+qed
+
+lemma ac_p_nat_pow_factor:
+ assumes "m > 0"
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "ac m ((\<pp> [^] (n::nat)) \<otimes> a) = ac m a"
+ using angular_component_p_nat_pow_factor assms ac_def
+ by (metis (no_types, lifting) Qp.field_axioms Qp_nat_pow_nonzero Qp.nonzero_memE
+ Qp.nonzero_memE Ring.integral p_nonzero)
+
+lemma angular_component_p_nat_pow_factor_right:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "angular_component (a \<otimes> (\<pp> [^] (n::nat))) = angular_component a"
+proof-
+ have "((\<pp> [^] (n::nat)) \<otimes> a) = (a \<otimes> (\<pp> [^] (n::nat)))"
+ using assms Qp.domain_axioms domain_def
+ by (simp add: assms domain_def Qp.nonzero_memE cring.cring_simprules(14))
+ then show ?thesis
+ using angular_component_p_nat_pow_factor[of a n]
+ by (simp add: assms)
+qed
+
+lemma ac_p_nat_pow_factor_right:
+ assumes "m > 0"
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "ac m (a \<otimes> (\<pp> [^] (n::nat))) = ac m a"
+ using assms angular_component_p_nat_pow_factor_right[of a n]
+ unfolding ac_def
+ by (metis Qp.integral Qp.l_null Qp.not_nonzero_memE Qp.not_nonzero_memI
+ angular_component_p_nat_pow_factor_right p_natpow_closed(1) p_natpow_closed(2))
+
+lemma angular_component_p_int_pow_factor:
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "angular_component ((\<pp> [^] (n::int)) \<otimes> a) = angular_component a"
+ by (metis Qp.integral_iff Qp.l_one Qp.nonzero_memI Qp.one_nonzero angular_component_mult
+ angular_component_one angular_component_p_int_pow assms p_intpow_closed(1) p_intpow_closed(2))
+
+lemma ac_p_int_pow_factor:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ shows "ac m ((\<pp> [^] (n::int)) \<otimes> a) = ac m a"
+ apply(cases "m = 0")
+ apply (metis (no_types, lifting) Qp.integral Qp.nonzero_closed Qp.nonzero_memE(2)
+ ac_def angular_component_p_int_pow_factor assms p_intpow_closed(2))
+ using assms angular_component_p_int_pow_factor[of a n]
+ by (metis (no_types, lifting) Qp.integral Qp.nonzero_closed Qp.not_nonzero_memI ac_def
+ p_intpow_closed(2))
+
+lemma angular_component_p_int_pow_factor_right:
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "angular_component (a \<otimes> (\<pp> [^] (n::int))) = angular_component a"
+ using Qp.m_comm angular_component_p_int_pow_factor assms p_intpow_closed(1) by auto
+
+lemma ac_p_int_pow_factor_right:
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "ac m (a \<otimes> (\<pp> [^] (n::int))) = ac m a"
+ using assms angular_component_p_int_pow_factor_right unfolding ac_def
+ using Qp.integral_iff Qp.nonzero_memE(2) p_intpow_closed(1) p_intpow_closed(2) by presburger
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>An Inverse for the inclusion map $\iota$\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+definition to_Zp where
+"to_Zp a = (if (a \<in> \<O>\<^sub>p) then (SOME x. x \<in> carrier Z\<^sub>p \<and> \<iota> x = a) else \<zero>\<^bsub>Z\<^sub>p\<^esub>)"
+
+lemma to_Zp_closed:
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "to_Zp a \<in> carrier Z\<^sub>p"
+ apply(cases "a \<in> \<O>\<^sub>p")
+ using assms unfolding to_Zp_def \<iota>_def
+ apply (smt image_iff tfl_some)
+ by simp
+
+lemma to_Zp_inc:
+ assumes "a \<in> \<O>\<^sub>p"
+ shows "\<iota> (to_Zp a) = a"
+proof-
+ obtain c where c_def: "c = (SOME x. x \<in> carrier Z\<^sub>p \<and> \<iota> x = a)"
+ by simp
+ have "(\<exists> x. x \<in> carrier Z\<^sub>p \<and> \<iota> x = a)"
+ using assms(1)
+ by blast
+ then have "c \<in> carrier Z\<^sub>p \<and> \<iota> c = a"
+ using c_def
+ by (metis (mono_tags, lifting) tfl_some)
+ then show "\<iota> (to_Zp a) = a"
+ using to_Zp_def c_def assms(1)
+ by auto
+qed
+
+lemma inc_to_Zp:
+ assumes "b \<in> carrier Z\<^sub>p"
+ shows "to_Zp (\<iota> b) = b"
+proof-
+ have "\<iota> (to_Zp (\<iota> b)) = (\<iota> b)"
+ using assms to_Zp_inc[of "\<iota> b"]
+ by blast
+ then show ?thesis
+ using inc_inj2[of b "to_Zp (\<iota> b)"] assms to_Zp_closed inc_closed
+ unfolding \<iota>_def Q\<^sub>p_def
+ by auto
+qed
+
+lemma to_Zp_add:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ shows "to_Zp (a \<oplus> b) = to_Zp a \<oplus>\<^bsub>Z\<^sub>p\<^esub> (to_Zp b)"
+ by (metis (no_types, lifting) Zp.domain_axioms assms(1) assms(2)
+ cring.cring_simprules(1) domain.axioms(1) imageE inc_of_sum inc_to_Zp)
+
+lemma to_Zp_mult:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ shows "to_Zp (a \<otimes> b) = to_Zp a \<otimes>\<^bsub>Z\<^sub>p\<^esub> (to_Zp b)"
+proof-
+ have "(a \<otimes> b) \<in> \<O>\<^sub>p"
+ by (simp add: val_ring_subring assms(1) assms(2) subringE(6))
+ then have
+ "\<iota> ((to_Zp a) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (to_Zp) b) = ((\<iota> (to_Zp a)) \<otimes> (\<iota> (to_Zp b)))"
+ using assms(1) assms(2) inc_of_prod inc_to_Zp
+ by auto
+ then have "\<iota> ((to_Zp a) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (to_Zp) b) = a \<otimes>b"
+ by (simp add: assms(1) assms(2) to_Zp_inc)
+ then have "to_Zp ( \<iota> ((to_Zp a) \<otimes>\<^bsub>Z\<^sub>p\<^esub> (to_Zp) b)) = to_Zp (a \<otimes>b)"
+ by simp
+ then show ?thesis
+ by (metis (no_types, opaque_lifting) Zp.domain_axioms val_ring_subring assms(1) assms(2)
+ cring.cring_simprules(5) domain.axioms(1) inc_to_Zp subringE(1) subset_iff to_Zp_closed)
+qed
+
+lemma to_Zp_minus:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ shows "to_Zp (a \<ominus> b) = to_Zp a \<ominus>\<^bsub>Z\<^sub>p\<^esub> (to_Zp b)"
+ by (metis (no_types, lifting) Zp.domain_axioms assms(1) assms(2) cring_def domain.axioms(1)
+ image_iff inc_of_diff inc_to_Zp ring.ring_simprules(4))
+
+lemma to_Zp_one:
+ shows "to_Zp \<one> = \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ using Zp_def Zp.one_closed \<iota>_def inc_of_one inc_to_Zp padic_integers_axioms
+ by fastforce
+
+lemma to_Zp_zero:
+ shows "to_Zp \<zero> = \<zero>\<^bsub>Z\<^sub>p\<^esub>"
+ using Q\<^sub>p_def Zp_def Zp.domain_axioms \<iota>_def domain_frac.inc_inj1 inc_to_Zp
+ padic_integers_axioms to_Zp_def domain_frac_axioms by fastforce
+
+lemma to_Zp_ominus:
+ assumes "a \<in> \<O>\<^sub>p"
+ shows "to_Zp (\<ominus> a) = \<ominus>\<^bsub>Z\<^sub>p\<^esub> (to_Zp a)"
+proof-
+ have "\<ominus>a \<in> \<O>\<^sub>p"
+ by (simp add: val_ring_subring assms subringE(5))
+ then show ?thesis
+ by (metis (no_types, lifting) Zp.domain_axioms Zp.nonzero_one_closed assms
+ cring.cring_simprules(3) domain.axioms(1) frac_uminus image_iff inc_to_Zp local.inc_def)
+qed
+
+lemma to_Zp_val:
+ assumes "a \<in> \<O>\<^sub>p"
+ shows "val_Zp (to_Zp a) = val a"
+ by (metis assms imageE inc_to_Zp val_of_inc)
+
+lemma val_of_nat_inc:
+"val ([(k::nat)]\<cdot>\<one>) \<ge> 0"
+proof-
+ have "[(k::nat)]\<cdot>\<one> \<in> \<O>\<^sub>p"
+ by (metis Zp.one_closed Zp_nat_mult_closed image_eqI inc_of_nat)
+ thus ?thesis
+ using val_ring_memE(1) by blast
+qed
+
+lemma val_of_int_inc:
+"val ([(k::int)]\<cdot>\<one>) \<ge> 0"
+proof-
+ have "\<iota> ([k] \<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>) = [k]\<cdot>\<one>"
+ using inc_of_int by blast
+ hence "[k]\<cdot>\<one> \<in> \<O>\<^sub>p"
+ using Zp.one_closed Zp_nat_mult_closed image_eqI inc_of_int
+ by blast
+ thus ?thesis
+ using val_ring_memE(1) by blast
+qed
+
+lemma to_Zp_nat_inc:
+"to_Zp ([(a::nat)]\<cdot>\<one>) = [a]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one> \<^bsub>Z\<^sub>p\<^esub>"
+ apply(induction a)
+ using Qp.nat_inc_zero Zp.nat_inc_zero to_Zp_zero apply presburger
+proof-
+ fix a::nat assume A: "to_Zp ([a] \<cdot> \<one>) = [a] \<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ have 0: "[(Suc a)]\<cdot>\<one> = [a]\<cdot>\<one> \<oplus> \<one>"
+ using Qp.add.nat_pow_Suc by blast
+ have 1: "[a]\<cdot>\<one> \<in> \<O>\<^sub>p"
+ using Qp.nat_inc_closed val_of_nat_inc val_ring_memI by blast
+ have 2: "to_Zp ([Suc a] \<cdot> \<one>) = (to_Zp ([a]\<cdot>\<one>)) \<oplus>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ using A 1 unfolding 0
+ by (metis Zp.cring_simprules(6) Zp.nat_inc_closed inc_of_nat inc_of_one inc_of_sum inc_to_Zp sum_closed)
+ show "to_Zp ([Suc a] \<cdot> \<one>) = [Suc a] \<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>"
+ unfolding 2 A
+ using add_comm nat_suc by presburger
+qed
+
+lemma to_Zp_int_neg:
+"to_Zp ([(-int (a::nat))]\<cdot>\<one>) = \<ominus>\<^bsub>Z\<^sub>p\<^esub>([int a]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one> \<^bsub>Z\<^sub>p\<^esub>)"
+proof-
+ have 0: "[(-int (a::nat))]\<cdot>\<one> = \<ominus> ([int a]\<cdot>\<one>)"
+ using Qp.add.int_pow_neg by blast
+ have 1: "[int a]\<cdot>\<one> \<in> \<O>\<^sub>p"
+ using Qp.int_inc_closed val_of_int_inc val_ring_memI by blast
+ show ?thesis using 1 unfolding 0
+ by (metis Zp.int_inc_closed inc_of_int inc_to_Zp to_Zp_ominus)
+qed
+
+lemma(in ring) int_add_pow:
+"[int n] \<cdot> \<one> = [n]\<cdot>\<one>"
+ unfolding add_pow_def
+ by (simp add: int_pow_int)
+
+lemma int_add_pow:
+"[int n] \<cdot> \<one> = [n]\<cdot>\<one>"
+ unfolding add_pow_def
+ by (simp add: int_pow_int)
+
+lemma Zp_int_add_pow:
+"[int n] \<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub> = [n]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>"
+ unfolding add_pow_def
+ by (simp add: int_pow_int)
+
+lemma to_Zp_int_inc:
+"to_Zp ([(a::int)]\<cdot>\<one>) = ([a]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one> \<^bsub>Z\<^sub>p\<^esub>)"
+ apply(induction a)
+ unfolding int_add_pow Zp_int_add_pow
+ using to_Zp_nat_inc apply blast
+ unfolding to_Zp_int_neg using Zp.add.int_pow_neg Zp.one_closed
+ by presburger
+
+lemma to_Zp_nat_add_pow:
+ assumes "a \<in> \<O>\<^sub>p"
+ shows "to_Zp ([(n::nat)]\<cdot>a) = [n]\<cdot>\<^bsub>Z\<^sub>p\<^esub> to_Zp a"
+ apply( induction n)
+ using Qp.nat_mult_zero Zp_nat_inc_zero to_Zp_zero apply presburger
+proof- fix n::nat assume A: "to_Zp ([n] \<cdot> a) = [n] \<cdot>\<^bsub>Z\<^sub>p\<^esub> to_Zp a"
+ have 0: "[Suc n] \<cdot> a = [n]\<cdot>a \<oplus> a"
+ using Qp.add.nat_pow_Suc by blast
+ have 1: "to_Zp ([n] \<cdot> a \<oplus> a) = to_Zp ([n] \<cdot> a) \<oplus>\<^bsub>Z\<^sub>p\<^esub> to_Zp a"
+ apply(rule to_Zp_add[of "[n]\<cdot>a" a] )
+ apply( induction n)
+ using Qp.nat_mult_zero zero_in_val_ring apply blast
+ unfolding Qp.add.nat_pow_Suc by(rule val_ring_add_closed, blast, rule assms, rule assms)
+ show "to_Zp ([Suc n] \<cdot> a) = [Suc n] \<cdot>\<^bsub>Z\<^sub>p\<^esub> to_Zp a "
+ unfolding Qp.add.nat_pow_Suc Zp.add.nat_pow_Suc 1 A by blast
+qed
+
+lemma val_ring_res:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ shows "to_Zp (a \<ominus> b) N = to_Zp a N \<ominus>\<^bsub>Zp_res_ring N\<^esub> to_Zp b N"
+proof-
+ have "to_Zp (a \<ominus> b) N = (to_Zp a \<ominus>\<^bsub>Z\<^sub>p\<^esub> to_Zp b) N"
+ using assms to_Zp_minus by presburger
+ then show ?thesis using assms residue_of_diff to_Zp_closed val_ring_memE(2)
+ by (simp add: val_ring_memE(1))
+qed
+
+lemma res_diff_in_val_ring_imp_in_val_ring:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "a \<ominus> b \<in> \<O>\<^sub>p"
+ shows "b \<in> \<O>\<^sub>p"
+proof-
+ have "b = a \<ominus> (a \<ominus> b)"
+ unfolding a_minus_def
+ using assms val_ring_memE(2)[of a] Qp.r_neg2 Q\<^sub>p_def Qp.minus_sum by auto
+ thus ?thesis using assms val_ring_minus_closed[of a "a \<ominus> b"]
+ by presburger
+qed
+
+lemma(in padic_fields) equal_res_imp_res_diff_zero:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ assumes "to_Zp a N = to_Zp b N"
+ shows "to_Zp (a \<ominus> b) N = 0"
+ using val_ring_res[of a b] assms
+ by (metis res_diff_zero_fact' to_Zp_closed val_ring_memE(2))
+
+lemma(in padic_fields) equal_res_imp_val_diff_bound:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ assumes "to_Zp a N = to_Zp b N"
+ shows "val (a \<ominus> b) \<ge> N"
+ using assms equal_res_imp_res_diff_zero[of a b N]
+ by (metis to_Zp_closed to_Zp_minus to_Zp_val val_Zp_dist_def val_Zp_dist_res_eq2 val_ring_memE(2) val_ring_minus_closed)
+
+lemma(in padic_fields) equal_res_equal_val:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ assumes "val a < N"
+ assumes "to_Zp a N = to_Zp b N"
+ shows "val a = val b"
+proof-
+ have "val (a \<ominus> b) \<ge> N"
+ using assms equal_res_imp_val_diff_bound by blast
+ then have "val (a \<ominus> b) > val a"
+ using assms less_le_trans by blast
+ then show "val a = val b"
+ using assms by (meson ultrametric_equal_eq' val_ring_memE)
+qed
+
+lemma(in padic_fields) val_ring_equal_res_imp_equal_val:
+ assumes "a \<in> \<O>\<^sub>p"
+ assumes "b \<in> \<O>\<^sub>p"
+ assumes "val a < eint N"
+ assumes "val b < eint N"
+ assumes "to_Zp a N = to_Zp b N"
+ shows "val a = val b"
+proof-
+ have "val_Zp (to_Zp (a \<ominus> b)) \<ge> N"
+ using assms val_ring_memE to_Zp_closed to_Zp_minus val_Zp_dist_def val_Zp_dist_res_eq2 by presburger
+ thus ?thesis
+ by (meson assms(1) assms(2) assms(3) assms(5) equal_res_equal_val)
+qed
+
+end
+end
diff --git a/thys/Padic_Field/Padic_Semialgebraic_Function_Ring.thy b/thys/Padic_Field/Padic_Semialgebraic_Function_Ring.thy
new file mode 100755
--- /dev/null
+++ b/thys/Padic_Field/Padic_Semialgebraic_Function_Ring.thy
@@ -0,0 +1,6503 @@
+theory Padic_Semialgebraic_Function_Ring
+ imports Padic_Field_Powers
+begin
+
+section\<open>Rings of Semialgebraic Functions\<close>
+
+text\<open>
+ In order to efficiently formalize Denef's proof of Macintyre's theorem, it is necessary to be
+ able to reason about semialgebraic functions algebraically. For example, we need to consider
+ polynomials in one variable whose coefficients are semialgebraic functions, and take their
+ Taylor expansions centered at a semialgebraic function. To facilitate this kind of reasoning, it
+ is necessary to construct, for each arity $m$, a ring \texttt{SA(m)} of semialgebraic functions in
+ $m$ variables. These functions must be extensional functions which are undefined outside of the
+ carrier set of $\mathbb{Q}_p^m$.
+
+ The developments in this theory are mainly lemmas and defintitions which build the necessary
+ theory to prove the cell decomposition theorems of \cite{denef1986}, and finally Macintyre's
+ Theorem, which says that semi-algebraic sets are closed under projections.
+\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Some eint Arithmetic\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+context padic_fields
+begin
+
+lemma eint_minus_ineq':
+ assumes "a \<le> eint N"
+ assumes "b - a \<le> c"
+ shows "b - eint N \<le> c"
+ using assms by(induction c, induction b, induction a, auto )
+
+lemma eint_minus_plus:
+"a - (eint b + eint c) = a - eint b - eint c"
+ apply(induction a)
+ apply (metis diff_add_eq_diff_diff_swap idiff_eint_eint plus_eint_simps(1) semiring_normalization_rules(24))
+ using idiff_infinity by presburger
+
+lemma eint_minus_plus':
+"a - (eint b + eint c) = a - eint c - eint b"
+ by (metis add.commute eint_minus_plus)
+
+lemma eint_minus_plus'':
+ assumes "a - eint c - eint b = eint f"
+ shows "a - eint c - eint f = eint b"
+ using assms apply(induction a )
+ apply (metis add.commute add_diff_cancel_eint eint.distinct(2) eint_add_cancel_fact)
+ by simp
+
+lemma uminus_involutive[simp]:
+"-(-x::eint) = x"
+ apply(induction x)
+ unfolding uminus_eint_def by auto
+
+lemma eint_minus:
+"(a::eint) - (b::eint) = a + (-b)"
+ apply(induction a)
+ apply(induction b)
+proof -
+ fix int :: int and inta :: int
+ have "\<forall>e ea. (ea::eint) + (e + - ea) = ea - ea + e"
+ by (simp add: eint_uminus_eq)
+ then have "\<forall>i ia. eint (ia + i) + - eint ia = eint i"
+ by (metis ab_group_add_class.ab_diff_conv_add_uminus add.assoc add_minus_cancel idiff_eint_eint plus_eint_simps(1))
+ then show "eint inta - eint int = eint inta + - eint int"
+ by (metis ab_group_add_class.ab_diff_conv_add_uminus add.commute add_minus_cancel idiff_eint_eint)
+next
+ show "\<And>int. eint int - \<infinity> = eint int + - \<infinity>"
+ by (metis eint_uminus_eq i0_ne_infinity idiff_infinity_right idiff_self plus_eq_infty_iff_eint uminus_involutive)
+ show " \<infinity> - b = \<infinity> + - b"
+ apply(induction b)
+ apply simp
+ by auto
+qed
+
+lemma eint_mult_Suc:
+ "eint (Suc k) * a = eint k * a + a"
+ apply(induction a)
+ apply (metis add.commute eSuc_eint mult_eSuc' of_nat_Suc)
+ using plus_eint_simps(3) times_eint_simps(4)
+ by presburger
+
+lemma eint_mult_Suc_mono:
+assumes "a \<le> eint b \<longrightarrow> eint (int k) * a \<le> eint (int k) * eint b"
+shows "a \<le> eint b \<longrightarrow> eint (int (Suc k)) * a \<le> eint (int (Suc k)) * eint b"
+ using assms eint_mult_Suc
+ by (metis add_mono_thms_linordered_semiring(1))
+
+lemma eint_nat_mult_mono:
+ assumes "(a::eint) \<le> b"
+ shows "eint (k::nat)*a \<le> eint k*b"
+proof-
+ have "(a::eint) \<le> b \<longrightarrow> eint (k::nat)*a \<le> eint k*b"
+ apply(induction k) apply(induction b)
+ apply (metis eint_ile eq_iff mult_not_zero of_nat_0 times_eint_simps(1))
+ apply simp
+ apply(induction b)
+ using eint_mult_Suc_mono apply blast
+ using eint_ord_simps(3) times_eint_simps(4) by presburger
+ thus ?thesis using assms by blast
+qed
+
+lemma eint_Suc_zero:
+"eint (int (Suc 0)) * a = a"
+ apply(induction a)
+ apply simp
+ by simp
+
+lemma eint_add_mono:
+ assumes "(a::eint) \<le> b"
+ assumes "(c::eint) \<le> d"
+ shows "a + c \<le> b + d"
+ using assms
+ by (simp add: add_mono)
+
+lemma eint_nat_mult_mono_rev:
+ assumes "k > 0"
+ assumes "eint (k::nat)*a \<le> eint k*b"
+ shows "(a::eint) \<le> b"
+proof(rule ccontr)
+ assume "\<not> a \<le> b"
+ then have A: "b < a"
+ using leI by blast
+ have "b < a \<longrightarrow> eint (k::nat)*b < eint k*a"
+ apply(induction b) apply(induction a)
+ using A assms eint_ord_simps(2) times_eint_simps(1) zmult_zless_mono2_lemma apply presburger
+ using eint_ord_simps(4) nat_mult_not_infty times_eint_simps(4) apply presburger
+ using eint_ord_simps(6) by blast
+ then have "eint (k::nat)*b < eint k*a"
+ using A by blast
+ hence "\<not> eint (k::nat)*a \<le> eint k*b"
+ by (metis \<open>\<not> a \<le> b\<close> antisym eint_nat_mult_mono linear neq_iff)
+ then show False using assms by blast
+qed
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Lemmas on Function Ring Operations\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+lemma Qp_funs_is_cring:
+"cring (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ using F.cring by blast
+
+lemma Qp_funs_is_monoid:
+"monoid (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ using F.is_monoid by blast
+
+lemma Qp_funs_car_memE:
+ assumes "f \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ shows "f \<in> (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) \<rightarrow> (carrier Q\<^sub>p)"
+ by (simp add: assms ring_pow_function_ring_car_memE(2))
+
+lemma Qp_funs_car_memI:
+ assumes "g \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "\<And>x. x \<notin> (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) \<Longrightarrow> g x = undefined"
+ shows "g \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+apply(rule Qp.function_ring_car_memI)
+ using assms apply blast
+ using assms by blast
+
+lemma Qp_funs_car_memI':
+ assumes "g \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "restrict g (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) = g"
+ shows "g \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ apply(intro Qp_funs_car_memI assms)
+ using assms unfolding restrict_def
+ by (metis (mono_tags, lifting))
+
+lemma Qp_funs_car_memI'':
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "g = (\<lambda> x \<in> (carrier (Q\<^sub>p\<^bsup>n\<^esup>)). f x)"
+ shows "g \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ apply(rule Qp_funs_car_memI)
+ using assms
+ apply (meson restrict_Pi_cancel)
+ by (metis assms(2) restrict_def)
+
+lemma Qp_funs_one:
+"\<one>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> = (\<lambda> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). \<one>)"
+ unfolding function_ring_def function_one_def
+ by (meson monoid.select_convs(2))
+
+lemma Qp_funs_zero:
+"\<zero>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> = (\<lambda> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). \<zero>\<^bsub>Q\<^sub>p\<^esub>)"
+ unfolding function_ring_def function_zero_def
+ by (meson ring_record_simps(11))
+
+lemma Qp_funs_add:
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f \<in> (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) \<rightarrow> carrier Q\<^sub>p"
+ assumes "g \<in> (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) \<rightarrow> carrier Q\<^sub>p"
+ shows "(f \<oplus>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> g) x = f x \<oplus>\<^bsub>Q\<^sub>p\<^esub> g x"
+ using assms function_ring_def[of "carrier (Q\<^sub>p\<^bsup>n\<^esup>)" "Q\<^sub>p"]
+ unfolding function_add_def
+ by (metis (mono_tags, lifting) restrict_apply' ring_record_simps(12))
+
+lemma Qp_funs_add':
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f \<in> (carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ assumes "g \<in> (carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ shows "(f \<oplus>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> g) x = f x \<oplus>\<^bsub>Q\<^sub>p\<^esub> g x"
+ using assms Qp_funs_add Qp_funs_car_memE
+ by blast
+
+lemma Qp_funs_add'':
+ assumes "f \<in> (carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ assumes "g \<in> (carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ shows "(f \<oplus>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> g) = (\<lambda> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). f x \<oplus>\<^bsub>Q\<^sub>p\<^esub> g x)"
+ unfolding function_ring_def function_add_def using ring_record_simps(12)
+ by metis
+
+lemma Qp_funs_add''':
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "(f \<oplus>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> g) x = f x \<oplus>\<^bsub>Q\<^sub>p\<^esub> g x"
+ using assms function_ring_def[of "carrier (Q\<^sub>p\<^bsup>n\<^esup>)" "Q\<^sub>p"]
+ unfolding function_add_def
+ by (metis (mono_tags, lifting) restrict_apply' ring_record_simps(12))
+
+lemma Qp_funs_mult:
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f \<in> (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) \<rightarrow> carrier Q\<^sub>p"
+ assumes "g \<in> (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) \<rightarrow> carrier Q\<^sub>p"
+ shows "(f \<otimes>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> g) x = f x \<otimes> g x"
+ using assms function_ring_def[of "carrier (Q\<^sub>p\<^bsup>n\<^esup>)" "Q\<^sub>p"]
+ unfolding function_mult_def
+ by (metis (no_types, lifting) monoid.select_convs(1) restrict_apply')
+
+lemma Qp_funs_mult':
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f \<in> (carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ assumes "g \<in> (carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ shows "(f \<otimes>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> g) x = f x \<otimes> g x"
+ using assms Qp_funs_mult Qp_funs_car_memE
+ by blast
+
+lemma Qp_funs_mult'':
+ assumes "f \<in> (carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ assumes "g \<in> (carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ shows "(f \<otimes>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> g) = (\<lambda> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). f x \<otimes> g x)"
+ unfolding function_ring_def function_mult_def using ring_record_simps(5)
+ by metis
+
+lemma Qp_funs_mult''':
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "(f \<otimes>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> g) x = f x \<otimes> g x"
+ using assms function_ring_def[of "carrier (Q\<^sub>p\<^bsup>n\<^esup>)" "Q\<^sub>p"]
+ unfolding function_mult_def
+ by (metis (mono_tags, lifting) monoid.select_convs(1) restrict_apply')
+
+lemma Qp_funs_a_inv:
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f \<in> (carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ shows "(\<ominus>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f) x = \<ominus> (f x)"
+ using assms local.function_uminus_eval
+ by (simp add: local.function_uminus_eval'')
+
+lemma Qp_funs_a_inv':
+ assumes "f \<in> (carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ shows "(\<ominus>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f) = (\<lambda> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). \<ominus> (f x))"
+proof fix x
+ show "(\<ominus>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f) x = (\<lambda>x\<in>carrier (Q\<^sub>p\<^bsup>n\<^esup>). \<ominus> f x) x"
+ apply(cases "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)")
+ apply (metis (no_types, lifting) Qp_funs_a_inv assms restrict_apply')
+ by (simp add: assms local.function_ring_not_car)
+qed
+
+abbreviation(input) Qp_const ("\<cc>\<^bsub>_\<^esub>_") where
+"Qp_const n c \<equiv> constant_function (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) c"
+
+lemma Qp_constE:
+ assumes "c \<in> carrier Q\<^sub>p"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "Qp_const n c x = c"
+ using assms unfolding constant_function_def
+ by (meson restrict_apply')
+
+lemma Qp_funs_Units_memI:
+ assumes "f \<in> (carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ assumes "\<And> x. x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<Longrightarrow> f x \<noteq> \<zero>\<^bsub>Q\<^sub>p\<^esub>"
+ shows "f \<in> (Units (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ "inv\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f = (\<lambda> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). inv\<^bsub>Q\<^sub>p\<^esub> (f x))"
+proof-
+ obtain g where g_def: "g = (\<lambda> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). inv\<^bsub>Q\<^sub>p\<^esub> (f x))"
+ by blast
+ have g_closed: "g \<in> (carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ by(rule Qp_funs_car_memI, unfold g_def, auto,
+ intro field_inv(3) assms Qp.function_ring_car_memE[of _ n], auto )
+ have "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<Longrightarrow> f x \<otimes> g x = \<one>"
+ using assms g_def
+ by (metis (no_types, lifting) Qp.function_ring_car_memE field_inv(2) restrict_apply)
+ then have 0: "f \<otimes>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> g = \<one>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub>"
+ using assms g_def Qp_funs_mult''[of f n g] Qp_funs_one[of n] g_closed
+ by (metis (no_types, lifting) restrict_ext)
+ then show "f \<in> (Units (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ using comm_monoid.UnitsI[of "Fun\<^bsub>n\<^esub> Q\<^sub>p"] assms(1) g_closed local.F.comm_monoid_axioms by presburger
+ have "inv\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f = g"
+ using g_def g_closed 0 cring.invI[of "Fun\<^bsub>n\<^esub> Q\<^sub>p"] Qp_funs_is_cring assms(1)
+ by presburger
+ show "inv\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f = (\<lambda> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). inv\<^bsub>Q\<^sub>p\<^esub> (f x))"
+ using assms g_def 0 \<open>inv\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f = g\<close>
+ by blast
+qed
+
+lemma Qp_funs_Units_memE:
+ assumes "f \<in> (Units (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ shows "f \<otimes>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> inv\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f = \<one>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub>"
+ "inv\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f \<otimes>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f = \<one>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub>"
+ "\<And> x. x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<Longrightarrow> f x \<noteq> \<zero>\<^bsub>Q\<^sub>p\<^esub>"
+ using monoid.Units_r_inv[of "Fun\<^bsub>n\<^esub> Q\<^sub>p" f ] assms Qp_funs_is_monoid
+ apply blast
+ using monoid.Units_l_inv[of "Fun\<^bsub>n\<^esub> Q\<^sub>p" f ] assms Qp_funs_is_monoid
+ apply blast
+proof-
+ obtain g where g_def: "g = inv\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f"
+ by blast
+ show "\<And> x. x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<Longrightarrow> f x \<noteq> \<zero>\<^bsub>Q\<^sub>p\<^esub>"
+ proof- fix x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ have "f \<otimes>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> g = \<one>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub>"
+ using assms g_def Qp_funs_is_monoid
+ \<open>\<lbrakk>Group.monoid (Fun\<^bsub>n\<^esub> Q\<^sub>p); f \<in> Units (Fun\<^bsub>n\<^esub> Q\<^sub>p)\<rbrakk> \<Longrightarrow> f \<otimes>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> inv\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f = \<one>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub>\<close>
+ by blast
+ then have 0: "f x \<otimes> g x = \<one>"
+ using A assms g_def Qp_funs_mult'[of x n f g] Qp_funs_one[of n]
+ by (metis Qp_funs_is_monoid monoid.Units_closed monoid.Units_inv_closed restrict_apply)
+ have 1: "g x \<in> carrier Q\<^sub>p"
+ using g_def A assms local.function_ring_car_closed by auto
+ then show "f x \<noteq> \<zero>\<^bsub>Q\<^sub>p\<^esub>"
+ using 0
+ by (metis Qp.l_null local.one_neq_zero)
+ qed
+qed
+
+lemma Qp_funs_m_inv:
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f \<in> (Units (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ shows "(inv\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f) x = inv\<^bsub>Q\<^sub>p\<^esub> (f x)"
+ using Qp_funs_Units_memI(2) Qp_funs_Units_memE(3) assms
+ by (metis (no_types, lifting) Qp_funs_is_monoid monoid.Units_closed restrict_apply)
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Defining the Rings of Semialgebraic Functions\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+definition semialg_functions where
+"semialg_functions n = {f \<in> (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) \<rightarrow> carrier Q\<^sub>p. is_semialg_function n f \<and> f = restrict f (carrier (Q\<^sub>p\<^bsup>n\<^esup>))}"
+
+lemma semialg_functions_memE:
+ assumes "f \<in> semialg_functions n"
+ shows "is_semialg_function n f"
+ "f \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ "f \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ using semialg_functions_def assms apply blast
+ apply(rule Qp_funs_car_memI')
+ using assms
+ apply (metis (no_types, lifting) mem_Collect_eq semialg_functions_def)
+ using assms unfolding semialg_functions_def
+ apply (metis (mono_tags, lifting) mem_Collect_eq)
+ by (metis (no_types, lifting) assms mem_Collect_eq semialg_functions_def)
+
+lemma semialg_functions_in_Qp_funs:
+"semialg_functions n \<subseteq> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ using semialg_functions_memE
+ by blast
+
+lemma semialg_functions_memI:
+ assumes "f \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ assumes "is_semialg_function n f"
+ shows "f \<in> semialg_functions n"
+ using assms unfolding semialg_functions_def
+ by (metis (mono_tags, lifting) Qp_funs_car_memI function_ring_car_eqI
+ is_semialg_function_closed mem_Collect_eq restrict_Pi_cancel restrict_apply)
+
+lemma restrict_is_semialg:
+ assumes "is_semialg_function n f"
+ shows "is_semialg_function n (restrict f (carrier (Q\<^sub>p\<^bsup>n\<^esup>)))"
+proof(rule is_semialg_functionI)
+ show 0: "restrict f (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ using assms is_semialg_function_closed by blast
+ show "\<And>k S. S \<in> semialg_sets (1 + k) \<Longrightarrow> is_semialgebraic (n + k) (partial_pullback n (restrict f (carrier (Q\<^sub>p\<^bsup>n\<^esup>))) k S)"
+ proof- fix k S assume A: "S \<in> semialg_sets (1 + k)"
+ have "(partial_pullback n (restrict f (carrier (Q\<^sub>p\<^bsup>n\<^esup>))) k S) = partial_pullback n f k S"
+ apply(intro equalityI' partial_pullback_memI, meson partial_pullback_memE)
+ unfolding partial_pullback_def partial_image_def evimage_eq restrict_def
+ apply (metis (mono_tags, lifting) le_add1 local.take_closed)
+ apply blast
+ by (metis (mono_tags, lifting) le_add1 local.take_closed)
+ then show " is_semialgebraic (n + k) (partial_pullback n (restrict f (carrier (Q\<^sub>p\<^bsup>n\<^esup>))) k S)"
+ using assms A is_semialg_functionE is_semialgebraicI
+ by presburger
+ qed
+qed
+
+lemma restrict_in_semialg_functions:
+ assumes "is_semialg_function n f"
+ shows "(restrict f (carrier (Q\<^sub>p\<^bsup>n\<^esup>))) \<in> semialg_functions n"
+ using assms restrict_is_semialg
+ unfolding semialg_functions_def
+ by (metis (mono_tags, lifting) is_semialg_function_closed mem_Collect_eq restrict_apply' restrict_ext)
+
+lemma constant_function_is_semialg:
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "is_semialg_function n (constant_function (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) a)"
+proof-
+ have "(constant_function (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) a) = restrict (Qp_ev (Qp.indexed_const a)) (carrier (Q\<^sub>p\<^bsup>n\<^esup>))"
+ apply(rule ext)
+ unfolding constant_function_def
+ using eval_at_point_const assms by simp
+ then show ?thesis using restrict_in_semialg_functions poly_is_semialg[of "Qp.indexed_const a"]
+ using assms(1) Qp_to_IP_car restrict_is_semialg by presburger
+qed
+
+lemma constant_function_in_semialg_functions:
+ assumes "a \<in> carrier Q\<^sub>p"
+ shows "Qp_const n a \<in> semialg_functions n"
+ apply(unfold semialg_functions_def constant_function_def mem_Collect_eq, intro conjI, auto simp: assms)
+ using assms constant_function_is_semialg[of a n] unfolding constant_function_def by auto
+
+lemma function_one_as_constant:
+"\<one>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> = Qp_const n \<one>"
+ unfolding constant_function_def function_ring_def[of "carrier (Q\<^sub>p\<^bsup>n\<^esup>)" Q\<^sub>p] function_one_def
+ by simp
+
+lemma function_zero_as_constant:
+"\<zero>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> = Qp_const n \<zero>\<^bsub>Q\<^sub>p\<^esub>"
+ unfolding constant_function_def function_ring_def[of "carrier (Q\<^sub>p\<^bsup>n\<^esup>)" Q\<^sub>p] function_zero_def
+ by simp
+
+lemma sum_in_semialg_functions:
+ assumes "f \<in> semialg_functions n"
+ assumes "g \<in> semialg_functions n"
+ shows "f \<oplus>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> g \<in> semialg_functions n"
+proof-
+ have 0:"f \<oplus>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> g = restrict (function_tuple_comp Q\<^sub>p [f,g] Qp_add_fun) (carrier (Q\<^sub>p\<^bsup>n\<^esup>))"
+ proof fix x
+ show "(f \<oplus>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> g) x = restrict (function_tuple_comp Q\<^sub>p [f, g] Qp_add_fun) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) x"
+ proof(cases "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)")
+ case True
+ have " restrict (function_tuple_comp Q\<^sub>p [f, g] Qp_add_fun) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) x = Qp_add_fun [f x, g x]"
+ unfolding function_tuple_comp_def function_tuple_eval_def restrict_def
+ using comp_apply[of "Qp_add_fun" "(\<lambda>x. map (\<lambda>f. f x) [f, g])" x]
+ by (metis (no_types, lifting) True list.simps(8) list.simps(9))
+ then have "restrict (function_tuple_comp Q\<^sub>p [f, g] Qp_add_fun) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) x = f x \<oplus>\<^bsub>Q\<^sub>p\<^esub> g x"
+ unfolding Qp_add_fun_def
+ by (metis One_nat_def nth_Cons_0 nth_Cons_Suc)
+ then show ?thesis using True function_ring_def[of "carrier (Q\<^sub>p\<^bsup>n\<^esup>)" Q\<^sub>p]
+ unfolding function_add_def
+ by (metis (no_types, lifting) Qp_funs_add assms(1) assms(2) mem_Collect_eq semialg_functions_def)
+ next
+ case False
+ have "(f \<oplus>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> g) x = undefined"
+ using function_ring_def[of "carrier (Q\<^sub>p\<^bsup>n\<^esup>)" Q\<^sub>p] unfolding function_add_def
+ by (metis (mono_tags, lifting) False restrict_apply ring_record_simps(12))
+ then show ?thesis
+ by (metis False restrict_def)
+ qed
+ qed
+ have 1: "is_semialg_function_tuple n [f, g]"
+ using assms is_semialg_function_tupleI[of "[f, g]" n] semialg_functions_memE
+ by (metis list.distinct(1) list.set_cases set_ConsD)
+ have 2: "is_semialg_function n (function_tuple_comp Q\<^sub>p [f,g] Qp_add_fun)"
+ apply(rule semialg_function_tuple_comp[of _ _ 2])
+ apply (simp add: "1")
+ apply simp
+ by (simp add: addition_is_semialg)
+ show ?thesis
+ apply(rule semialg_functions_memI)
+ apply (meson Qp_funs_is_cring assms(1) assms(2) cring.cring_simprules(1) semialg_functions_memE(2))
+ using 0 2 restrict_is_semialg by presburger
+qed
+
+lemma prod_in_semialg_functions:
+ assumes "f \<in> semialg_functions n"
+ assumes "g \<in> semialg_functions n"
+ shows "f \<otimes>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> g \<in> semialg_functions n"
+proof-
+ have 0:"f \<otimes>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> g = restrict (function_tuple_comp Q\<^sub>p [f,g] Qp_mult_fun) (carrier (Q\<^sub>p\<^bsup>n\<^esup>))"
+ proof fix x
+ show "(f \<otimes>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> g) x = restrict (function_tuple_comp Q\<^sub>p [f, g] Qp_mult_fun) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) x"
+ proof(cases "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)")
+ case True
+ have " restrict (function_tuple_comp Q\<^sub>p [f, g] Qp_mult_fun) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) x = Qp_mult_fun [f x, g x]"
+ unfolding function_tuple_comp_def function_tuple_eval_def restrict_def
+ using comp_apply[of "Qp_mult_fun" "(\<lambda>x. map (\<lambda>f. f x) [f, g])" x]
+ by (metis (no_types, lifting) True list.simps(8) list.simps(9))
+ then have "restrict (function_tuple_comp Q\<^sub>p [f, g] Qp_mult_fun) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) x = f x \<otimes> g x"
+ unfolding Qp_mult_fun_def
+ by (metis One_nat_def nth_Cons_0 nth_Cons_Suc)
+ then show ?thesis using True function_ring_def[of "carrier (Q\<^sub>p\<^bsup>n\<^esup>)" Q\<^sub>p]
+ unfolding function_mult_def
+ by (metis (no_types, lifting) Qp_funs_mult assms(1) assms(2) mem_Collect_eq semialg_functions_def)
+ next
+ case False
+ have "(f \<otimes>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> g) x = undefined"
+ using function_ring_def[of "carrier (Q\<^sub>p\<^bsup>n\<^esup>)" Q\<^sub>p] unfolding function_mult_def
+ by (metis (mono_tags, lifting) False restrict_apply ring_record_simps(5))
+ then show ?thesis
+ by (metis False restrict_def)
+ qed
+ qed
+ have 1: "is_semialg_function_tuple n [f, g]"
+ using assms is_semialg_function_tupleI[of "[f, g]" n] semialg_functions_memE
+ by (metis list.distinct(1) list.set_cases set_ConsD)
+ have 2: "is_semialg_function n (function_tuple_comp Q\<^sub>p [f,g] Qp_mult_fun)"
+ apply(rule semialg_function_tuple_comp[of _ _ 2])
+ apply (simp add: "1")
+ apply simp
+ by (simp add: multiplication_is_semialg)
+ show ?thesis
+ apply(rule semialg_functions_memI)
+ apply (meson Qp_funs_is_cring assms(1) assms(2) cring.cring_simprules(5) semialg_functions_memE(2))
+ using 0 2 restrict_is_semialg by presburger
+qed
+
+lemma inv_in_semialg_functions:
+ assumes "f \<in> semialg_functions n"
+ assumes "\<And> x. x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<Longrightarrow> f x \<noteq> \<zero>\<^bsub>Q\<^sub>p\<^esub>"
+ shows "inv\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f \<in> semialg_functions n "
+proof-
+ have 0: "inv\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f = restrict (function_tuple_comp Q\<^sub>p [f] Qp_invert) (carrier (Q\<^sub>p\<^bsup>n\<^esup>))"
+ proof fix x
+ show "(inv\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f) x = restrict (function_tuple_comp Q\<^sub>p [f] Qp_invert) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) x"
+ proof(cases "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)")
+ case True
+ have "(function_tuple_comp Q\<^sub>p [f] Qp_invert) x = Qp_invert [f x]"
+ unfolding function_tuple_comp_def function_tuple_eval_def
+ using comp_apply by (metis (no_types, lifting) list.simps(8) list.simps(9))
+ then have "(function_tuple_comp Q\<^sub>p [f] Qp_invert) x = inv\<^bsub>Q\<^sub>p\<^esub> (f x)"
+ unfolding Qp_invert_def
+ using True assms(2) Qp.to_R_to_R1 by presburger
+ then show ?thesis
+ using True restrict_apply
+ by (metis (mono_tags, opaque_lifting) Qp_funs_Units_memI(1)
+ Qp_funs_m_inv assms(1) assms(2) semialg_functions_memE(2))
+ next
+ case False
+ have "inv\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ using assms
+ by (meson Qp_funs_Units_memI(1) Qp_funs_is_monoid monoid.Units_inv_closed semialg_functions_memE(2))
+ then show ?thesis using False restrict_apply function_ring_not_car
+ by auto
+ qed
+ qed
+ have "is_semialg_function n (function_tuple_comp Q\<^sub>p [f] Qp_invert)"
+ apply(rule semialg_function_tuple_comp[of _ _ 1])
+ apply (simp add: assms(1) is_semialg_function_tuple_def semialg_functions_memE(1))
+ apply simp
+ using Qp_invert_is_semialg by blast
+ then show ?thesis
+ using "0" restrict_in_semialg_functions
+ by presburger
+qed
+
+lemma a_inv_in_semialg_functions:
+ assumes "f \<in> semialg_functions n"
+ shows "\<ominus>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f \<in> semialg_functions n"
+proof-
+ have "\<ominus>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f = (Qp_const n (\<ominus> \<one>)) \<otimes>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f"
+ proof fix x
+ show "(\<ominus>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f) x = (Qp_const n (\<ominus> \<one>) \<otimes>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f) x"
+ proof(cases "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)")
+ case True
+ have 0: "(\<ominus>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f) x = \<ominus> (f x)"
+ using Qp_funs_a_inv semialg_functions_memE True assms(1) by blast
+ have 1: "(Qp_const n (\<ominus> \<one>) \<otimes>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f) x = (\<ominus> \<one>)\<otimes>(f x)"
+ using Qp_funs_mult[of x n "Qp_const n (\<ominus> \<one>)" f] assms Qp_constE[of "\<ominus> \<one>" x n]
+ Qp_funs_mult' Qp.add.inv_closed Qp.one_closed Qp_funs_mult''' True by presburger
+ have 2: "f x \<in> carrier Q\<^sub>p"
+ using True semialg_functions_memE[of f n] assms by blast
+ show ?thesis
+ using True assms 0 1 2 Qp.l_minus Qp.l_one Qp.one_closed by presburger
+ next
+ case False
+ have "(\<ominus>\<^bsub>function_ring (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) Q\<^sub>p\<^esub> f) x = undefined"
+ using Qp_funs_a_inv'[of f n] False assms semialg_functions_memE
+ by (metis (no_types, lifting) restrict_apply)
+ then show ?thesis
+ using False function_ring_defs(2)[of n] Qp_funs_a_inv'[of f n]
+ unfolding function_mult_def restrict_def
+ by presburger
+ qed
+ qed
+ then show ?thesis
+ using prod_in_semialg_functions[of "Qp_const n (\<ominus> \<one>)" n f] assms
+ constant_function_in_semialg_functions[of "\<ominus> \<one>" n] Qp.add.inv_closed Qp.one_closed
+ by presburger
+qed
+
+lemma semialg_functions_subring:
+ shows "subring (semialg_functions n) (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ apply(rule ring.subringI)
+ using Qp_funs_is_cring cring.axioms(1) apply blast
+ apply (simp add: semialg_functions_in_Qp_funs)
+ using Qp.one_closed constant_function_in_semialg_functions function_one_as_constant apply presburger
+ using a_inv_in_semialg_functions apply blast
+ using prod_in_semialg_functions apply blast
+ using sum_in_semialg_functions by blast
+
+lemma semialg_functions_subcring:
+ shows "subcring (semialg_functions n) (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ using semialg_functions_subring cring.subcringI'
+ using Qp_funs_is_cring by blast
+
+definition SA where
+"SA n = (Fun\<^bsub>n\<^esub> Q\<^sub>p)\<lparr> carrier := semialg_functions n\<rparr>"
+
+lemma SA_is_ring:
+ shows "ring (SA n)"
+proof-
+ have "ring (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ by (simp add: Qp_funs_is_cring cring.axioms(1))
+ then show ?thesis
+ unfolding SA_def
+ using ring.subring_is_ring[of "Fun\<^bsub>n\<^esub> Q\<^sub>p" "semialg_functions n"] semialg_functions_subring[of n]
+ by blast
+qed
+
+lemma SA_is_cring:
+ shows "cring (SA n)"
+ using ring.subcring_iff[of "Fun\<^bsub>n\<^esub> Q\<^sub>p" "semialg_functions n"] semialg_functions_subcring[of n]
+ Qp_funs_is_cring cring.axioms(1) semialg_functions_in_Qp_funs
+ unfolding SA_def
+ by blast
+
+lemma SA_is_monoid:
+ shows "monoid (SA n)"
+ using SA_is_ring[of n] unfolding ring_def
+ by linarith
+
+lemma SA_is_abelian_monoid:
+ shows "abelian_monoid (SA n)"
+ using SA_is_ring[of n] unfolding ring_def abelian_group_def by blast
+
+lemma SA_car:
+"carrier (SA n) = semialg_functions n"
+ unfolding SA_def
+ by simp
+
+lemma SA_car_in_Qp_funs_car:
+"carrier (SA n) \<subseteq> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ by (simp add: SA_car semialg_functions_in_Qp_funs)
+
+lemma SA_car_memI:
+ assumes "f \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ assumes "is_semialg_function n f"
+ shows "f \<in> carrier (SA n)"
+ using assms semialg_functions_memI[of f n] SA_car
+ by blast
+
+lemma SA_car_memE:
+ assumes "f \<in> carrier (SA n)"
+ shows "is_semialg_function n f"
+ "f \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ "f \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ using SA_car assms semialg_functions_memE(1) apply blast
+ using SA_car assms semialg_functions_memE(2) apply blast
+ using SA_car assms semialg_functions_memE(3) by blast
+
+lemma SA_plus:
+"(\<oplus>\<^bsub>SA n\<^esub>) = (\<oplus>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub>)"
+ unfolding SA_def
+ by simp
+
+lemma SA_times:
+"(\<otimes>\<^bsub>SA n\<^esub>) = (\<otimes>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub>)"
+ unfolding SA_def
+ by simp
+
+lemma SA_one:
+"(\<one>\<^bsub>SA n\<^esub>) = (\<one>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub>)"
+ unfolding SA_def
+ by simp
+
+lemma SA_zero:
+"(\<zero>\<^bsub>SA n\<^esub>) = (\<zero>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub>)"
+ unfolding SA_def
+ by simp
+
+lemma SA_zero_is_function_ring:
+"(Fun\<^bsub>0\<^esub> Q\<^sub>p) = SA 0"
+proof-
+ have 0: "carrier (Fun\<^bsub>0\<^esub> Q\<^sub>p) = carrier (SA 0)"
+ proof
+ show "carrier (function_ring (carrier (Q\<^sub>p\<^bsup>0\<^esup>)) Q\<^sub>p) \<subseteq> carrier (SA 0)"
+ proof fix f assume A0: "f \<in> carrier (function_ring (carrier (Q\<^sub>p\<^bsup>0\<^esup>)) Q\<^sub>p)"
+ show "f \<in> carrier (SA 0)"
+ proof(rule SA_car_memI)
+ show "f \<in> carrier (function_ring (carrier (Q\<^sub>p\<^bsup>0\<^esup>)) Q\<^sub>p)"
+ using A0 by blast
+ show "is_semialg_function 0 f"
+ proof(rule is_semialg_functionI)
+ show "f \<in> carrier (Q\<^sub>p\<^bsup>0\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ using A0 Qp.function_ring_car_memE by blast
+ show "\<And>k S. S \<in> semialg_sets (1 + k) \<Longrightarrow> is_semialgebraic (0 + k) (partial_pullback 0 f k S)"
+ proof- fix k S assume A: "S \<in> semialg_sets (1+k)"
+ obtain a where a_def: "a = f []"
+ by blast
+ have 0: "carrier (Q\<^sub>p\<^bsup>0\<^esup>) = {[]}"
+ using Qp_zero_carrier by blast
+ have 1: "(partial_pullback 0 f k S) = {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). a#x \<in> S}"
+ proof
+ show "partial_pullback 0 f k S \<subseteq> {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). a # x \<in> S}"
+ apply(rule subsetI)
+ unfolding partial_pullback_def partial_image_def using a_def
+ by (metis (no_types, lifting) add.left_neutral drop0 evimage_eq mem_Collect_eq take_eq_Nil)
+ show "{x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). a # x \<in> S} \<subseteq> partial_pullback 0 f k S"
+ apply(rule subsetI)
+ unfolding partial_pullback_def partial_image_def a_def
+ by (metis (no_types, lifting) add.left_neutral drop0 evimageI2 mem_Collect_eq take0)
+ qed
+ have 2: "cartesian_product {[a]} (partial_pullback 0 f k S) = (cartesian_product {[a]} (carrier (Q\<^sub>p\<^bsup>k\<^esup>))) \<inter> S"
+ proof
+ show "cartesian_product {[a]} (partial_pullback 0 f k S) \<subseteq> cartesian_product {[a]} (carrier (Q\<^sub>p\<^bsup>k\<^esup>)) \<inter> S"
+ proof(rule subsetI) fix x assume A: "x \<in> cartesian_product {[a]} (partial_pullback 0 f k S)"
+ then obtain y where y_def: "y \<in> (partial_pullback 0 f k S) \<and>x = a#y"
+ using cartesian_product_memE'
+ by (metis (no_types, lifting) Cons_eq_appendI self_append_conv2 singletonD)
+ hence 20: "x \<in> S"
+ unfolding 1 by blast
+ have 21: "x = [a]@y"
+ using y_def by (simp add: y_def)
+ have "x \<in> cartesian_product {[a]} (carrier (Q\<^sub>p\<^bsup>k\<^esup>))"
+ unfolding 21 apply(rule cartesian_product_memI'[of _ Q\<^sub>p 1 _ k])
+ using a_def apply (metis function_ring_car_closed Qp_zero_carrier \<open>f \<in> carrier (function_ring (carrier (Q\<^sub>p\<^bsup>0\<^esup>)) Q\<^sub>p)\<close> empty_subsetI insert_subset singletonI Qp.to_R1_closed)
+ apply blast
+ apply blast
+ using y_def unfolding partial_pullback_def evimage_def
+ by (metis IntD2 add_cancel_right_left)
+ thus "x \<in> cartesian_product {[a]} (carrier (Q\<^sub>p\<^bsup>k\<^esup>)) \<inter> S"
+ using 20 by blast
+ qed
+ show " cartesian_product {[a]} (carrier (Q\<^sub>p\<^bsup>k\<^esup>)) \<inter> S \<subseteq> cartesian_product {[a]} (partial_pullback 0 f k S)"
+ proof fix x assume A: "x \<in> cartesian_product {[a]} (carrier (Q\<^sub>p\<^bsup>k\<^esup>)) \<inter> S"
+ then obtain y where y_def: "x = a#y \<and> y \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ using cartesian_product_memE'
+ by (metis (no_types, lifting) Cons_eq_appendI IntD1 append_Nil singletonD)
+ have 00: "y \<in> partial_pullback 0 f k S"
+ using y_def unfolding 1 using A by blast
+ have 01: "x = [a]@y"
+ using y_def by (simp add: y_def)
+ have 02: "partial_pullback 0 f k S \<subseteq> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ unfolding partial_pullback_def
+ by (simp add: extensional_vimage_closed)
+ show "x \<in> cartesian_product {[a]} (partial_pullback 0 f k S)"
+ unfolding 01 apply(rule cartesian_product_memI'[of "{[a]}" Q\<^sub>p 1 "partial_pullback 0 f k S" k "[a]" y ])
+ apply (metis function_ring_car_closed Qp_zero_carrier \<open>f \<in> carrier (function_ring (carrier (Q\<^sub>p\<^bsup>0\<^esup>)) Q\<^sub>p)\<close> a_def empty_subsetI insert_subset singletonI Qp.to_R1_closed)
+ using "02" apply blast
+ apply blast
+ using 00 by blast
+ qed
+ qed
+ have 3:"is_semialgebraic 1 {[a]}"
+ proof-
+ have "a \<in> carrier Q\<^sub>p"
+ using a_def Qp.function_ring_car_memE 0 \<open>f \<in> carrier (function_ring (carrier (Q\<^sub>p\<^bsup>0\<^esup>)) Q\<^sub>p)\<close> by blast
+ hence "[a] \<in> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ using Qp.to_R1_closed by blast
+ thus ?thesis
+ using is_algebraic_imp_is_semialg singleton_is_algebraic by blast
+ qed
+ have 4: "is_semialgebraic (1+k) (cartesian_product {[a]} (carrier (Q\<^sub>p\<^bsup>k\<^esup>)))"
+ using 3 carrier_is_semialgebraic cartesian_product_is_semialgebraic less_one by blast
+ have 5: "is_semialgebraic (1+k) (cartesian_product {[a]} (partial_pullback 0 f k S))"
+ unfolding 2 using 3 4 A intersection_is_semialg padic_fields.is_semialgebraicI padic_fields_axioms by blast
+ have 6: "{[a]} \<subseteq> carrier (Q\<^sub>p\<^bsup>1\<^esup>)"
+ using a_def A0 0 by (metis Qp.function_ring_car_memE empty_subsetI insert_subset singletonI Qp.to_R1_closed)
+ have 7: "is_semialgebraic (k+1) (cartesian_product (partial_pullback 0 f k S) {[a]})"
+ apply(rule cartesian_product_swap)
+ using "6" apply blast
+ apply (metis add_cancel_right_left partial_pullback_closed)
+ using "5" by auto
+ have 8: "is_semialgebraic k (partial_pullback 0 f k S)"
+ apply(rule cartesian_product_singleton_factor_projection_is_semialg'[of _ _ "[a]" 1])
+ apply (metis add_cancel_right_left partial_pullback_closed)
+ apply (metis A0 Qp.function_ring_car_memE Qp_zero_carrier a_def singletonI Qp.to_R1_closed)
+ using "7" by blast
+ thus "is_semialgebraic (0 + k) (partial_pullback 0 f k S)"
+ by simp
+ qed
+ qed
+ qed
+ qed
+ show "carrier (SA 0) \<subseteq> carrier (function_ring (carrier (Q\<^sub>p\<^bsup>0\<^esup>)) Q\<^sub>p)"
+ using SA_car_in_Qp_funs_car by blast
+ qed
+ then have 1: "semialg_functions 0 = carrier (Fun\<^bsub>0\<^esub> Q\<^sub>p)"
+ unfolding 0 SA_def by auto
+ show ?thesis unfolding SA_def 1 by auto
+qed
+
+lemma constant_fun_closed:
+ assumes "c \<in> carrier Q\<^sub>p"
+ shows "constant_function (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) c \<in> carrier (SA m)"
+ using constant_function_in_semialg_functions SA_car assms by blast
+
+lemma SA_0_car_memI:
+ assumes "\<xi> \<in> carrier (Q\<^sub>p\<^bsup>0\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ assumes "\<And>x. x \<notin> carrier (Q\<^sub>p\<^bsup>0\<^esup>) \<Longrightarrow> \<xi> x = undefined"
+ shows "\<xi> \<in> carrier (SA 0)"
+proof-
+ have 0: "carrier (Q\<^sub>p\<^bsup>0\<^esup>) = {[]}"
+ by (simp add: Qp_zero_carrier)
+ obtain c where c_def: "\<xi> [] = c"
+ by blast
+ have 1: "\<xi> = constant_function (carrier (Q\<^sub>p\<^bsup>0\<^esup>)) c"
+ unfolding constant_function_def restrict_def
+ using assms c_def unfolding 0
+ by (metis empty_iff insert_iff)
+ have 2: "c \<in> carrier Q\<^sub>p"
+ using assms(1) c_def unfolding 0 by blast
+ show ?thesis unfolding 1
+ using 2 constant_fun_closed by blast
+qed
+
+lemma car_SA_0_mem_imp_const:
+ assumes "a \<in> carrier (SA 0)"
+ shows "\<exists> c \<in> carrier Q\<^sub>p. a = Qp_const 0 c"
+proof-
+ obtain c where c_def: "c = a []"
+ by blast
+ have car_zero: "carrier (Q\<^sub>p\<^bsup>0\<^esup>) = {[]}"
+ using Qp_zero_carrier by blast
+ have 0: "a = constant_function (carrier (Q\<^sub>p\<^bsup>0\<^esup>)) c"
+ proof fix x
+ show " a x = constant_function (carrier (Q\<^sub>p\<^bsup>0\<^esup>)) c x"
+ apply(cases "x \<in> carrier (Q\<^sub>p\<^bsup>0\<^esup>)")
+ using assms SA_car_memE[of a 0] c_def
+ unfolding constant_function_def restrict_def car_zero
+ apply (metis empty_iff insert_iff)
+ using assms SA_car_memE(2)[of a 0] c_def
+ unfolding constant_function_def restrict_def car_zero
+ by (metis car_zero function_ring_not_car)
+ qed
+ have c_closed: "c \<in> carrier Q\<^sub>p"
+ using assms SA_car_memE(3)[of a 0] unfolding c_def car_zero
+ by blast
+ thus ?thesis using 0 by blast
+qed
+
+lemma SA_zeroE:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "\<zero> \<^bsub>SA n\<^esub> a = \<zero>"
+ using function_zero_eval SA_zero assms by presburger
+
+lemma SA_oneE:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "\<one> \<^bsub>SA n\<^esub> a = \<one>"
+ using function_one_eval SA_one assms by presburger
+end
+
+sublocale padic_fields < UPSA?: UP_cring "SA m" "UP (SA m)"
+ unfolding UP_cring_def using SA_is_cring[of m] by auto
+
+context padic_fields
+begin
+
+lemma SA_add:
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "(f \<oplus>\<^bsub>SA n\<^esub> g) x = f x \<oplus>\<^bsub>Q\<^sub>p\<^esub> g x"
+ using Qp_funs_add''' SA_plus assms by presburger
+
+lemma SA_add':
+ assumes "x \<notin> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "(f \<oplus>\<^bsub>SA n\<^esub> g) x = undefined"
+proof-
+ have "(f \<oplus>\<^bsub>SA n\<^esub> g) x = function_add (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) Q\<^sub>p f g x"
+ using SA_plus[of n] unfolding function_ring_def
+ by (metis ring_record_simps(12))
+ then show ?thesis
+ unfolding function_add_def using restrict_apply assms
+ by (metis (no_types, lifting))
+qed
+
+lemma SA_mult:
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "(f \<otimes>\<^bsub>SA n\<^esub> g) x = f x \<otimes> g x"
+ using Qp_funs_mult''' SA_times assms by presburger
+
+lemma SA_mult':
+ assumes "x \<notin> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "(f \<otimes>\<^bsub>SA n\<^esub> g) x = undefined"
+proof-
+ have "(f \<otimes>\<^bsub>SA n\<^esub> g) x = function_mult (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) Q\<^sub>p f g x"
+ using SA_times[of n] unfolding function_ring_def
+ by (metis ring_record_simps(5))
+ then show ?thesis
+ unfolding function_mult_def using restrict_apply assms
+ by (metis (no_types, lifting))
+qed
+
+lemma SA_u_minus_eval:
+ assumes "f \<in> carrier (SA n)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "(\<ominus>\<^bsub>SA n\<^esub> f) x = \<ominus> (f x)"
+proof-
+ have "f \<oplus>\<^bsub>SA n\<^esub> (\<ominus>\<^bsub>SA n\<^esub> f) = \<zero> \<^bsub>SA n\<^esub>"
+ using assms SA_is_cring cring.cring_simprules(17) by metis
+ have "(f \<oplus>\<^bsub>SA n\<^esub> (\<ominus>\<^bsub>SA n\<^esub> f)) x = \<zero> \<^bsub>SA n\<^esub> x"
+ using assms \<open>f \<oplus>\<^bsub>SA n\<^esub> \<ominus>\<^bsub>SA n\<^esub> f = \<zero>\<^bsub>SA n\<^esub>\<close> by presburger
+ then have "(f x) \<oplus> (\<ominus>\<^bsub>SA n\<^esub> f) x = \<zero>"
+ using assms function_zero_eval SA_add unfolding SA_zero by blast
+ then show ?thesis
+ using assms SA_is_ring
+ by (meson Qp.add.inv_closed Qp.add.inv_comm Qp.function_ring_car_memE Qp.minus_unique Qp.r_neg SA_car_memE(2) ring.ring_simprules(3))
+qed
+
+lemma SA_a_inv_eval:
+ assumes "f \<in> carrier (SA n)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "(\<ominus>\<^bsub>SA n\<^esub> f) x = \<ominus> (f x)"
+proof-
+ have "f \<oplus>\<^bsub>SA n\<^esub> (\<ominus>\<^bsub>SA n\<^esub> f) = \<zero> \<^bsub>SA n\<^esub>"
+ using assms SA_is_cring cring.cring_simprules(17) by metis
+ have "(f \<oplus>\<^bsub>SA n\<^esub> (\<ominus>\<^bsub>SA n\<^esub> f)) x = \<zero> \<^bsub>SA n\<^esub> x"
+ using assms \<open>f \<oplus>\<^bsub>SA n\<^esub> \<ominus>\<^bsub>SA n\<^esub> f = \<zero>\<^bsub>SA n\<^esub>\<close> by presburger
+ then have "(f x) \<oplus> (\<ominus>\<^bsub>SA n\<^esub> f) x = \<zero>"
+ by (metis function_zero_eval SA_add SA_zero assms)
+ then show ?thesis
+ by (metis (no_types, lifting) PiE Q\<^sub>p_def Qp.add.m_comm Qp.minus_equality SA_is_cring Zp_def assms(1) assms(2) cring.cring_simprules(3) padic_fields.SA_car_memE(3) padic_fields_axioms)
+qed
+
+lemma SA_nat_pow:
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "(f [^]\<^bsub>SA n\<^esub> (k::nat)) x = (f x) [^]\<^bsub>Q\<^sub>p\<^esub> k"
+ apply(induction k)
+ using assms nat_pow_def
+ apply (metis function_one_eval SA_one old.nat.simps(6))
+ using assms SA_mult
+ by (metis Group.nat_pow_Suc)
+
+lemma SA_nat_pow':
+ assumes "x \<notin> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "(f [^]\<^bsub>SA n\<^esub> (k::nat)) x = undefined"
+ apply(induction k)
+ using assms nat_pow_def[of "SA n" f]
+ apply (metis (no_types, lifting) Group.nat_pow_0 Qp_funs_one SA_one restrict_apply)
+ by (metis Group.nat_pow_Suc SA_mult' assms)
+
+lemma SA_add_closed_id:
+ assumes "is_semialg_function n f"
+ assumes "is_semialg_function n g"
+ shows "restrict f (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) \<oplus>\<^bsub>SA n\<^esub> restrict g (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) = f \<oplus>\<^bsub>SA n\<^esub> g "
+proof fix x
+ show "(restrict f (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) \<oplus>\<^bsub>SA n\<^esub> restrict g (carrier (Q\<^sub>p\<^bsup>n\<^esup>))) x = (f \<oplus>\<^bsub>SA n\<^esub> g) x"
+ apply(cases "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)")
+ using assms restrict_apply
+ apply (metis SA_add)
+ using assms
+ by (metis SA_add')
+qed
+
+lemma SA_mult_closed_id:
+ assumes "is_semialg_function n f"
+ assumes "is_semialg_function n g"
+ shows "restrict f (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) \<otimes>\<^bsub>SA n\<^esub> restrict g (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) = f \<otimes>\<^bsub>SA n\<^esub> g "
+proof fix x
+ show "(restrict f (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) \<otimes>\<^bsub>SA n\<^esub> restrict g (carrier (Q\<^sub>p\<^bsup>n\<^esup>))) x = (f \<otimes>\<^bsub>SA n\<^esub> g) x"
+ apply(cases "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)")
+ using assms restrict_apply
+ apply (metis SA_mult)
+ using assms
+ by (metis SA_mult')
+qed
+
+lemma SA_add_closed:
+ assumes "is_semialg_function n f"
+ assumes "is_semialg_function n g"
+ shows "f \<oplus>\<^bsub>SA n\<^esub> g \<in> carrier (SA n)"
+ using assms SA_add_closed_id
+ by (metis SA_car SA_plus restrict_in_semialg_functions sum_in_semialg_functions)
+
+lemma SA_mult_closed:
+ assumes "is_semialg_function n f"
+ assumes "is_semialg_function n g"
+ shows "f \<otimes>\<^bsub>SA n\<^esub> g \<in> carrier (SA n)"
+ using assms SA_mult_closed_id
+ by (metis SA_car SA_is_cring cring.cring_simprules(5) restrict_in_semialg_functions)
+
+lemma SA_add_closed_right:
+ assumes "is_semialg_function n f"
+ assumes "g \<in> carrier (SA n)"
+ shows "f \<oplus>\<^bsub>SA n\<^esub> g \<in> carrier (SA n)"
+ using SA_add_closed SA_car_memE(1) assms(1) assms(2) by blast
+
+lemma SA_mult_closed_right:
+ assumes "is_semialg_function n f"
+ assumes "g \<in> carrier (SA n)"
+ shows "f \<otimes>\<^bsub>SA n\<^esub> g \<in> carrier (SA n)"
+ using SA_car_memE(1) SA_mult_closed assms(1) assms(2) by blast
+
+lemma SA_add_closed_left:
+ assumes "f \<in> carrier (SA n)"
+ assumes "is_semialg_function n g"
+ shows "f \<oplus>\<^bsub>SA n\<^esub> g \<in> carrier (SA n)"
+ using SA_add_closed SA_car_memE(1) assms(1) assms(2) by blast
+
+lemma SA_mult_closed_left:
+ assumes "f \<in> carrier (SA n)"
+ assumes "is_semialg_function n g"
+ shows "f \<otimes>\<^bsub>SA n\<^esub> g \<in> carrier (SA n)"
+ using SA_car_memE(1) SA_mult_closed assms(1) assms(2) by blast
+
+lemma SA_nat_pow_closed:
+ assumes "is_semialg_function n f"
+ shows "f [^]\<^bsub>SA n\<^esub> (k::nat) \<in> carrier (SA n)"
+ apply(induction k)
+ using nat_pow_def[of "SA n" f ]
+ apply (metis Group.nat_pow_0 monoid.one_closed SA_is_monoid)
+ by (metis Group.nat_pow_Suc SA_car assms(1) assms SA_mult_closed semialg_functions_memE(1))
+
+lemma SA_imp_semialg:
+ assumes "f \<in> carrier (SA n)"
+ shows "is_semialg_function n f"
+ using SA_car assms semialg_functions_memE(1) by blast
+
+lemma SA_minus_closed:
+ assumes "f \<in> carrier (SA n)"
+ assumes "g \<in> carrier (SA n)"
+ shows "(f \<ominus>\<^bsub>SA n\<^esub> g) \<in> carrier (SA n)"
+ using assms unfolding a_minus_def
+ by (meson SA_add_closed_left SA_imp_semialg SA_is_ring ring.ring_simprules(3))
+
+lemma(in ring) add_pow_closed :
+ assumes "b \<in> carrier R"
+ shows "([(m::nat)]\<cdot>\<^bsub>R\<^esub>b) \<in> carrier R"
+ by(rule add.nat_pow_closed, rule assms)
+
+lemma(in ring) add_pow_Suc:
+ assumes "b \<in> carrier R"
+ shows "[(Suc m)]\<cdot>b = [m]\<cdot>b \<oplus> b"
+ using assms add.nat_pow_Suc by blast
+
+lemma(in ring) add_pow_zero:
+ assumes "b \<in> carrier R"
+ shows "[(0::nat)]\<cdot>b = \<zero>"
+ using assms nat_mult_zero
+ by blast
+
+lemma Fun_add_pow_apply:
+ assumes "b \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "([(m::nat)]\<cdot>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> b) a = [m]\<cdot>( b a)"
+proof-
+ have 0: "b a \<in> carrier Q\<^sub>p"
+ using Qp.function_ring_car_mem_closed assms by fastforce
+ have 1: "ring (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ using function_ring_is_ring by blast
+ show ?thesis
+ proof(induction m)
+ case 0
+ have "([(0::nat)] \<cdot>\<^bsub>function_ring (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) Q\<^sub>p\<^esub> b) = \<zero>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub>"
+ using 1 ring.add_pow_zero[of "Fun\<^bsub>n\<^esub> Q\<^sub>p" b ] assms by blast
+ then show ?case
+ using function_zero_eval Qp.nat_mult_zero assms by presburger
+ next
+ case (Suc m)
+ then show ?case using Suc ring.add_pow_Suc[of "SA n" b m] assms
+ by (metis (no_types, lifting) "0" "1" Qp.ring_axioms SA_add SA_plus ring.add_pow_Suc)
+ qed
+qed
+
+lemma SA_add_pow_apply:
+ assumes "b \<in> carrier (SA n)"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "([(m::nat)]\<cdot>\<^bsub>SA n\<^esub> b) a = [m]\<cdot>( b a)"
+ apply(induction m)
+ using assms SA_is_ring[of n] Fun_add_pow_apply
+ apply (metis function_zero_eval Qp.nat_mult_zero SA_zero ring.add_pow_zero)
+ using assms SA_is_ring[of n] ring.add_pow_Suc[of "Fun\<^bsub>n\<^esub> Q\<^sub>p" b] ring.add_pow_Suc[of "SA n" b] SA_plus[of n]
+ using Fun_add_pow_apply
+ by (metis Qp.add.nat_pow_Suc SA_add)
+
+lemma Qp_funs_Units_SA_Units:
+ assumes "f \<in> Units (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ assumes "is_semialg_function n f"
+ shows "f \<in> Units (SA n)"
+proof-
+ have 0: "f \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ by (meson Qp_funs_is_monoid assms(1) monoid.Units_closed)
+ have 1: "inv\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f \<in> semialg_functions n"
+ using monoid.Units_closed[of "Fun\<^bsub>n\<^esub> Q\<^sub>p" f]
+ assms inv_in_semialg_functions[of f n] Qp_funs_Units_memE(3)[of f n]
+ semialg_functions_memI[of f n] Qp_funs_is_monoid by blast
+ then have 2: "f \<otimes>\<^bsub>SA n\<^esub> (inv\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f ) = \<one>\<^bsub>SA n\<^esub>"
+ using Qp_funs_Units_memE(1)[of f n] SA_one SA_times assms(1)
+ by presburger
+ then have 3: "(inv\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f ) \<otimes>\<^bsub>SA n\<^esub> f = \<one>\<^bsub>SA n\<^esub>"
+ using Qp_funs_Units_memE(2)[of f n] SA_one SA_times assms(1)
+ by presburger
+ have 4: "f \<in> carrier (SA n)"
+ using "0" SA_car assms(2) semialg_functions_memI by blast
+ have 5: "inv\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f \<in> carrier (SA n)"
+ using SA_car_memI "1" SA_car by blast
+ show ?thesis
+ using 5 4 3 2 unfolding Units_def
+ by blast
+qed
+
+lemma SA_Units_memE:
+ assumes "f \<in> (Units (SA n))"
+ shows "f \<otimes>\<^bsub>SA n\<^esub> inv\<^bsub>SA n\<^esub> f = \<one>\<^bsub>SA n\<^esub>"
+ "inv\<^bsub>SA n\<^esub> f \<otimes>\<^bsub>SA n\<^esub> f = \<one>\<^bsub>SA n\<^esub>"
+ using assms SA_is_monoid[of n] monoid.Units_r_inv[of "SA n" f]
+ apply blast
+ using assms SA_is_monoid[of n] monoid.Units_l_inv[of "SA n" f]
+ by blast
+
+lemma SA_Units_closed:
+ assumes "f \<in> (Units (SA n))"
+ shows "f \<in> carrier (SA n)"
+ using assms unfolding Units_def by blast
+
+lemma SA_Units_inv_closed:
+ assumes "f \<in> (Units (SA n))"
+ shows "inv\<^bsub>SA n\<^esub> f \<in> carrier (SA n)"
+ using assms SA_is_monoid[of n] monoid.Units_inv_closed[of "SA n" f]
+ by blast
+
+lemma SA_Units_Qp_funs_Units:
+ assumes "f \<in> (Units (SA n))"
+ shows "f \<in> (Units (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+proof-
+ have 0: "f \<otimes>\<^bsub>SA n\<^esub> inv\<^bsub>SA n\<^esub> f = \<one>\<^bsub>SA n\<^esub>"
+ "inv\<^bsub>SA n\<^esub> f \<otimes>\<^bsub>SA n\<^esub> f = \<one>\<^bsub>SA n\<^esub>"
+ using R.Units_r_inv assms apply blast
+ using R.Units_l_inv assms by blast
+ have 1: "f \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ using assms
+ by (metis SA_car SA_is_monoid monoid.Units_closed semialg_functions_memE(2))
+ have 2: "inv\<^bsub>SA n\<^esub> f \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ using SA_Units_inv_closed SA_car assms semialg_functions_memE(2) by blast
+ then show ?thesis
+ using 0 1 2 SA_one SA_times local.F.UnitsI(1) by auto
+qed
+
+lemma SA_Units_Qp_funs_inv:
+ assumes "f \<in> (Units (SA n))"
+ shows "inv\<^bsub>SA n\<^esub> f = inv\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub> f"
+ using assms SA_Units_Qp_funs_Units
+ by (metis (no_types, opaque_lifting) Qp_funs_is_cring Qp_funs_is_monoid SA_Units_memE(1)
+ SA_is_monoid SA_one SA_times cring.invI(1) monoid.Units_closed monoid.Units_inv_Units)
+
+lemma SA_Units_memI:
+ assumes "f \<in> (carrier (SA n))"
+ assumes "\<And> x. x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<Longrightarrow> f x \<noteq> \<zero>\<^bsub>Q\<^sub>p\<^esub>"
+ shows "f \<in> (Units (SA n))"
+ using assms Qp_funs_Units_memI[of f n] Qp_funs_Units_SA_Units SA_car SA_imp_semialg
+ semialg_functions_memE(2) by blast
+
+lemma SA_Units_memE':
+ assumes "f \<in> (Units (SA n))"
+ shows "\<And> x. x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<Longrightarrow> f x \<noteq> \<zero>\<^bsub>Q\<^sub>p\<^esub>"
+ using assms Qp_funs_Units_memE[of f n] SA_Units_Qp_funs_Units
+ by blast
+
+lemma Qp_n_nonempty:
+ shows "carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<noteq> {}"
+ apply(induction n)
+ apply (simp add: Qp_zero_carrier)
+ using cartesian_power_cons[of _ Q\<^sub>p _ \<one>] Qp.one_closed
+ by (metis Suc_eq_plus1 all_not_in_conv cartesian_power_cons empty_iff)
+
+lemma SA_one_not_zero:
+ shows "\<one>\<^bsub>SA n\<^esub> \<noteq> \<zero>\<^bsub> SA n\<^esub>"
+proof-
+ obtain a where a_def: "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using Qp_n_nonempty by blast
+ have "\<one>\<^bsub>SA n\<^esub> a \<noteq> \<zero>\<^bsub> SA n\<^esub> a"
+ using function_one_eval function_zero_eval SA_one SA_zero a_def local.one_neq_zero by presburger
+ then show ?thesis
+ by metis
+qed
+
+lemma SA_units_not_zero:
+ assumes "f \<in> Units (SA n)"
+ shows "f \<noteq> \<zero>\<^bsub> SA n\<^esub>"
+ using SA_one_not_zero
+ by (metis assms padic_fields.SA_is_ring padic_fields_axioms ring.ring_in_Units_imp_not_zero)
+
+lemma SA_Units_nonzero:
+ assumes "f \<in> Units (SA m)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ shows "f x \<in> nonzero Q\<^sub>p"
+ unfolding nonzero_def mem_Collect_eq
+ apply(rule conjI)
+ using assms SA_Units_closed SA_car_memE(3)[of f m] apply blast
+ using assms SA_Units_memE' by blast
+
+lemma SA_car_closed:
+ assumes "f \<in> carrier (SA m)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ shows "f x \<in> carrier Q\<^sub>p"
+ using assms SA_car_memE(3) by blast
+
+lemma SA_Units_closed_fun:
+ assumes "f \<in> Units (SA m)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ shows "f x \<in> carrier Q\<^sub>p"
+ using SA_Units_closed SA_car_closed assms by blast
+
+lemma SA_inv_eval:
+ assumes "f \<in> Units (SA n)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "(inv\<^bsub>SA n\<^esub> f) x = inv (f x)"
+proof-
+ have "f \<otimes>\<^bsub>SA n\<^esub> (inv\<^bsub>SA n\<^esub> f) = \<one> \<^bsub>SA n\<^esub>"
+ using assms SA_is_cring SA_Units_memE(1) by blast
+ hence "(f \<otimes>\<^bsub>SA n\<^esub> (inv\<^bsub>SA n\<^esub> f)) x = \<one> \<^bsub>SA n\<^esub> x"
+ using assms by presburger
+ then have "(f x) \<otimes> (inv\<^bsub>SA n\<^esub> f) x = \<one>"
+ by (metis function_one_eval SA_mult SA_one assms)
+ then show ?thesis
+ by (metis Q\<^sub>p_def Qp_funs_m_inv Zp_def assms(1) assms(2) padic_fields.SA_Units_Qp_funs_Units padic_fields.SA_Units_Qp_funs_inv padic_fields_axioms)
+qed
+
+lemma SA_div_eval:
+ assumes "f \<in> Units (SA n)"
+ assumes "h \<in> carrier (SA n)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "(h \<otimes>\<^bsub>SA n\<^esub> (inv\<^bsub>SA n\<^esub> f)) x = h x \<otimes> inv (f x)"
+ using assms SA_inv_eval SA_mult by presburger
+
+lemma SA_unit_int_pow:
+ assumes "f \<in> Units (SA m)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ shows "(f[^]\<^bsub>SA m\<^esub>(i::int)) x = (f x)[^]i"
+proof(induction i)
+ case (nonneg n)
+ have 0: "(f [^]\<^bsub>SA m\<^esub> int n) = (f [^]\<^bsub>SA m\<^esub> n)"
+ using assms by (meson int_pow_int)
+ then show ?case using SA_Units_closed[of f m] assms
+ by (metis SA_nat_pow int_pow_int)
+next
+ case (neg n)
+ have 0: "(f [^]\<^bsub>SA m\<^esub> - int (Suc n)) = inv \<^bsub>SA m\<^esub>(f [^]\<^bsub>SA m\<^esub> (Suc n))"
+ using assms by (metis R.int_pow_inv' int_pow_int)
+ then show ?case unfolding 0 using assms
+ by (metis Qp.int_pow_inv' R.Units_pow_closed SA_Units_nonzero SA_inv_eval SA_nat_pow Units_eq_nonzero int_pow_int)
+qed
+
+lemma restrict_in_SA_car:
+ assumes "is_semialg_function n f"
+ shows "restrict f (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) \<in> carrier (SA n)"
+ using assms SA_car restrict_in_semialg_functions
+ by blast
+
+lemma SA_smult:
+"(\<odot>\<^bsub>SA n\<^esub>) = (\<odot>\<^bsub>Fun\<^bsub>n\<^esub> Q\<^sub>p\<^esub>)"
+ unfolding SA_def by auto
+
+lemma SA_smult_formula:
+ assumes "h \<in> carrier (SA n)"
+ assumes "q \<in> carrier Q\<^sub>p"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "(q \<odot>\<^bsub>SA n\<^esub> h) a = q \<otimes>(h a)"
+ using SA_smult assms function_smult_eval SA_car_memE(2) by presburger
+
+lemma SA_smult_closed:
+ assumes "h \<in> carrier (SA n)"
+ assumes "q \<in> carrier Q\<^sub>p"
+ shows "q \<odot>\<^bsub>SA n\<^esub> h \<in> carrier (SA n)"
+proof-
+ obtain g where g_def: "g = \<cc>\<^bsub>n\<^esub> q"
+ by blast
+ have g_closed: "g \<in> carrier (SA n)"
+ using g_def assms constant_function_is_semialg[of q n] constant_function_closed SA_car_memI
+ by blast
+ have "q \<odot>\<^bsub>SA n\<^esub> h = g \<otimes>\<^bsub>SA n\<^esub> h"
+ apply(rule function_ring_car_eqI[of _ n])
+ using function_smult_closed SA_car_memE(2) SA_smult assms apply presburger
+ using SA_car_memE(2) assms(1) assms(2) g_closed padic_fields.SA_imp_semialg padic_fields.SA_mult_closed_right padic_fields_axioms apply blast
+ using Qp_constE SA_mult SA_smult_formula assms g_def by presburger
+ thus ?thesis
+ using SA_imp_semialg SA_mult_closed_right assms(1) assms(2) g_closed by presburger
+qed
+
+lemma p_mult_function_val:
+ assumes "f \<in> carrier (SA m)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ shows "val ((\<pp> \<odot>\<^bsub>SA m\<^esub>f) x) = val (f x) + 1"
+proof-
+ have 0: "(\<pp>\<odot>\<^bsub>SA m\<^esub>f) x = \<pp>\<otimes>(f x)"
+ using Qp.int_inc_closed SA_smult_formula assms(1) assms(2) by blast
+ show ?thesis unfolding 0 using assms
+ by (metis Qp.function_ring_car_memE Qp.int_inc_closed Qp.m_comm SA_car semialg_functions_memE(2) val_mult val_p)
+qed
+
+lemma Qp_char_0'':
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "a \<noteq> \<zero>"
+ assumes "(k::nat) > 0"
+ shows "[k]\<cdot>a \<noteq> \<zero>"
+proof-
+ have 0: "[k]\<cdot>\<one> \<noteq>\<zero>"
+ using Qp_char_0 assms(3) by blast
+ have "[k]\<cdot>a = [k]\<cdot>\<one> \<otimes> a"
+ using Qp.add_pow_ldistr Qp.l_one Qp.one_closed assms(1) by presburger
+ thus ?thesis using 0 assms
+ using Qp.integral by blast
+qed
+
+lemma SA_char_zero:
+ assumes "f \<in> carrier (SA m)"
+ assumes "f \<noteq> \<zero>\<^bsub>SA m\<^esub>"
+ assumes "n > 0"
+ shows "[(n::nat)]\<cdot>\<^bsub>SA m\<^esub>f \<noteq> \<zero>\<^bsub>SA m\<^esub>"
+proof assume A: "[n] \<cdot>\<^bsub>SA m\<^esub> f = \<zero>\<^bsub>SA m\<^esub>"
+ obtain x where x_def: "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<and> f x \<noteq> \<zero>"
+ using assms
+ by (metis function_ring_car_eqI R.cring_simprules(2) SA_car_memE(2) SA_zeroE)
+ have 0: "([(n::nat)]\<cdot>\<^bsub>SA m\<^esub>f) x = [n]\<cdot>(f x)"
+ using SA_add_pow_apply assms(1) x_def by blast
+ have 1: "[n]\<cdot>(f x) = \<zero>"
+ using 0 unfolding A using SA_zeroE x_def by blast
+ have 2: "f x \<in> nonzero Q\<^sub>p"
+ using x_def assms
+ by (metis Qp.function_ring_car_memE SA_car not_nonzero_Qp semialg_functions_memE(2))
+ then show False using x_def
+ using "1" Qp.nonzero_memE(1) Qp_char_0'' assms(3) by blast
+qed
+
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Defining Semialgebraic Maps\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ We can define a semialgebraic map in essentially the same way that Denef defines
+ semialgebraic functions. As for functions, we can define the partial pullback of a set
+ $S \subseteq \mathbb{Q}_p^{n+l}$ by a map $g: \mathbb{Q}_p^m \to \mathbb{Q}_p^n$ to be the set
+ \[
+ \{(x,y) \in \mathbb{Q}_p^m \times \mathbb{Q}_p^l \mid (f(x), y) \in S \}
+ \]
+ and say that $g$ is a semialgebraic map if for every $l$, and every semialgebraic
+ $S \subseteq \mathbb{Q}_p^{n+l}$, the partial pullback of $S$ by $g$ is also semialgebraic.
+ On this definition, it is immediate that the composition $f \circ g$ of a semialgebraic
+ function $f: \mathbb{Q}_p^n \to \mathbb{Q}$ and a semialgebraic map
+ $g: \mathbb{Q}_p^m \to \mathbb{Q}_p^n$ is semialgebraic. It is also not hard to show that a map
+ is semialgebraic if and only if all of its coordinate functions are semialgebraic functions.
+ This allows us to build new semialgebraic functions out of old ones via composition.
+\<close>
+
+
+text\<open>Generalizing the notion of partial image partial pullbacks from functions to maps:\<close>
+
+definition map_partial_image where
+"map_partial_image m f xs = (f (take m xs))@(drop m xs)"
+
+definition map_partial_pullback where
+"map_partial_pullback m f l S = (map_partial_image m f) \<inverse>\<^bsub>m+l\<^esub> S"
+
+lemma map_partial_pullback_memE:
+ assumes "as \<in> map_partial_pullback m f l S"
+ shows "as \<in> carrier (Q\<^sub>p\<^bsup>m+l\<^esup>)" "map_partial_image m f as \<in> S"
+ using assms unfolding map_partial_pullback_def evimage_def
+ apply (metis (no_types, opaque_lifting) Int_iff add.commute)
+ using assms unfolding map_partial_pullback_def
+ by blast
+
+lemma map_partial_pullback_closed:
+"map_partial_pullback m f l S \<subseteq> carrier (Q\<^sub>p\<^bsup>m+l\<^esup>)"
+ using map_partial_pullback_memE(1) by blast
+
+lemma map_partial_pullback_memI:
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>m+k\<^esup>)"
+ assumes "(f (take m as))@(drop m as) \<in> S"
+ shows "as \<in> map_partial_pullback m f k S"
+ using assms unfolding map_partial_pullback_def map_partial_image_def
+ by blast
+
+lemma map_partial_image_eq:
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "bs \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ assumes "x = as @ bs"
+ shows "map_partial_image n f x = (f as)@bs"
+proof-
+ have 0: "(take n x) = as"
+ by (metis append_eq_conv_conj assms(1) assms(3) cartesian_power_car_memE)
+ have 1: "drop n x = bs"
+ by (metis "0" append_take_drop_id assms(3) same_append_eq)
+ show ?thesis using 0 1 unfolding map_partial_image_def
+ by blast
+qed
+
+lemma map_partial_pullback_memE':
+ assumes "as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "bs \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ assumes "x = as @ bs"
+ assumes "x \<in> map_partial_pullback n f k S"
+ shows "(f as)@bs \<in> S"
+ using map_partial_pullback_memE[of x n f k S] map_partial_image_def[of n f x]
+ by (metis assms(1) assms(2) assms(3) assms(4) map_partial_image_eq)
+
+text\<open>Partial pullbacks have the same algebraic properties as pullbacks.\<close>
+
+lemma map_partial_pullback_intersect:
+"map_partial_pullback m f l (S1 \<inter> S2) = (map_partial_pullback m f l S1) \<inter> (map_partial_pullback m f l S2)"
+ unfolding map_partial_pullback_def
+ by simp
+
+lemma map_partial_pullback_union:
+"map_partial_pullback m f l (S1 \<union> S2) = (map_partial_pullback m f l S1) \<union> (map_partial_pullback m f l S2)"
+ unfolding map_partial_pullback_def
+ by simp
+
+lemma map_partial_pullback_complement:
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "map_partial_pullback m f l (carrier (Q\<^sub>p\<^bsup>n+l\<^esup>) - S) = carrier (Q\<^sub>p\<^bsup>m+l\<^esup>) - (map_partial_pullback m f l S) "
+ apply(rule equalityI)
+ using map_partial_pullback_def[of m f l "(carrier (Q\<^sub>p\<^bsup>n+l\<^esup>) - S)"]
+ map_partial_pullback_def[of m f l S]
+ apply (metis (no_types, lifting) DiffD2 DiffI evimage_Diff map_partial_pullback_memE(1) subsetI)
+proof fix x assume A: " x \<in> carrier (Q\<^sub>p\<^bsup>m+l\<^esup>) - map_partial_pullback m f l S"
+ show " x \<in> map_partial_pullback m f l (carrier (Q\<^sub>p\<^bsup>n+l\<^esup>) - S) "
+ apply(rule map_partial_pullback_memI)
+ using A
+ apply blast
+ proof
+ have 0: "drop m x \<in> carrier (Q\<^sub>p\<^bsup>l\<^esup>)"
+ by (meson A DiffD1 cartesian_power_drop)
+ have 1: "take m x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using A
+ by (meson DiffD1 take_closed le_add1)
+ show "f (take m x) @ drop m x \<in> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>) "
+ using 0 1 assms
+ by (meson Pi_iff cartesian_power_concat(1))
+ show "f (take m x) @ drop m x \<notin> S"
+ using A unfolding map_partial_pullback_def map_partial_image_def
+ by blast
+ qed
+qed
+
+lemma map_partial_pullback_carrier:
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "map_partial_pullback m f l (carrier (Q\<^sub>p\<^bsup>n+l\<^esup>)) = carrier (Q\<^sub>p\<^bsup>m+l\<^esup>)"
+ apply(rule equalityI)
+ using map_partial_pullback_memE(1) apply blast
+proof fix x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>m+l\<^esup>)"
+ show "x \<in> map_partial_pullback m f l (carrier (Q\<^sub>p\<^bsup>n+l\<^esup>))"
+ apply(rule map_partial_pullback_memI)
+ using A cartesian_power_drop[of x m l] take_closed assms
+ apply blast
+proof-
+ have "f (take m x) \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using A take_closed assms
+ by (meson Pi_mem le_add1)
+ then show "f (take m x) @ drop m x \<in> carrier (Q\<^sub>p\<^bsup>n+l\<^esup>)"
+ using cartesian_power_drop[of x m l] A cartesian_power_concat(1)[of _ Q\<^sub>p n _ l]
+ by blast
+qed
+qed
+
+definition is_semialg_map where
+"is_semialg_map m n f = (f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<and>
+ (\<forall>l \<ge> 0. \<forall>S \<in> semialg_sets (n + l). is_semialgebraic (m + l) (map_partial_pullback m f l S)))"
+
+lemma is_semialg_map_closed:
+ assumes "is_semialg_map m n f"
+ shows "f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using is_semialg_map_def assms by blast
+
+lemma is_semialg_map_closed':
+ assumes "is_semialg_map m n f" "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ shows "f x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using is_semialg_map_def assms by blast
+
+lemma is_semialg_mapE:
+ assumes "is_semialg_map m n f"
+ assumes "is_semialgebraic (n + k) S"
+ shows " is_semialgebraic (m + k) (map_partial_pullback m f k S)"
+ using is_semialg_map_def assms
+ by (meson is_semialgebraicE le0)
+
+lemma is_semialg_mapE':
+ assumes "is_semialg_map m n f"
+ assumes "is_semialgebraic (n + k) S"
+ shows " is_semialgebraic (m + k) (map_partial_image m f \<inverse>\<^bsub>m+k\<^esub> S)"
+ using assms is_semialg_mapE unfolding map_partial_pullback_def
+ by blast
+
+lemma is_semialg_mapI:
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "\<And>k S. S \<in> semialg_sets (n + k) \<Longrightarrow> is_semialgebraic (m + k) (map_partial_pullback m f k S)"
+ shows "is_semialg_map m n f"
+ using assms unfolding is_semialg_map_def
+ by blast
+
+lemma is_semialg_mapI':
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "\<And>k S. S \<in> semialg_sets (n + k) \<Longrightarrow> is_semialgebraic (m + k) (map_partial_image m f \<inverse>\<^bsub>m+k\<^esub> S)"
+ shows "is_semialg_map m n f"
+ using assms is_semialg_mapI unfolding map_partial_pullback_def
+ by blast
+
+text\<open>Semialgebraicity for functions can be verified on basic semialgebraic sets.\<close>
+
+lemma is_semialg_mapI'':
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "\<And>k S. S \<in> basic_semialgs (n + k) \<Longrightarrow> is_semialgebraic (m + k) (map_partial_pullback m f k S)"
+ shows "is_semialg_map m n f"
+ apply(rule is_semialg_mapI)
+ using assms(1) apply blast
+proof-
+ show "\<And>k S. S \<in> semialg_sets (n + k) \<Longrightarrow> is_semialgebraic (m + k) (map_partial_pullback m f k S)"
+ proof- fix k S assume A: "S \<in> semialg_sets (n + k)"
+ show "is_semialgebraic (m + k) (map_partial_pullback m f k S)"
+ apply(rule gen_boolean_algebra.induct[of S "carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)" "basic_semialgs (n + k)"])
+ using A unfolding semialg_sets_def
+ apply blast
+ using map_partial_pullback_carrier assms carrier_is_semialgebraic plus_1_eq_Suc apply presburger
+ apply (simp add: assms(1) assms(2) carrier_is_semialgebraic intersection_is_semialg map_partial_pullback_carrier map_partial_pullback_intersect)
+ using map_partial_pullback_union union_is_semialgebraic apply presburger
+ using assms(1) complement_is_semialg map_partial_pullback_complement plus_1_eq_Suc by presburger
+ qed
+qed
+
+lemma is_semialg_mapI''':
+ assumes "f \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "\<And>k S. S \<in> basic_semialgs (n + k) \<Longrightarrow> is_semialgebraic (m + k) (map_partial_image m f \<inverse>\<^bsub>m+k\<^esub> S)"
+ shows "is_semialg_map m n f"
+ using is_semialg_mapI'' assms unfolding map_partial_pullback_def
+ by blast
+
+lemma id_is_semialg_map:
+"is_semialg_map n n (\<lambda> x. x)"
+proof-
+ have 0: "\<And>k S. S \<in> semialg_sets (n + k) \<Longrightarrow> (\<lambda>xs. take n xs @ drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n + k\<^esup>) =
+ S"
+ apply(rule equalityI')
+ apply (metis (no_types, lifting) Int_iff append_take_drop_id vimage_eq)
+ by (metis (no_types, lifting) IntI append_take_drop_id in_mono is_semialgebraicI is_semialgebraic_closed vimageI)
+ show ?thesis
+ by(intro is_semialg_mapI,
+ unfold map_partial_pullback_def map_partial_image_def evimage_def is_semialgebraic_def 0,
+ auto)
+qed
+
+lemma map_partial_pullback_comp:
+ assumes "is_semialg_map m n f"
+ assumes "is_semialg_map k m g"
+ shows "(map_partial_pullback k (f \<circ> g) l S) = (map_partial_pullback k g l (map_partial_pullback m f l S))"
+proof
+ show "map_partial_pullback k (f \<circ> g) l S \<subseteq> map_partial_pullback k g l (map_partial_pullback m f l S)"
+ proof fix x assume A: " x \<in> map_partial_pullback k (f \<circ> g) l S"
+ show " x \<in> map_partial_pullback k g l (map_partial_pullback m f l S)"
+ proof(rule map_partial_pullback_memI)
+ show 0: "x \<in> carrier (Q\<^sub>p\<^bsup>k+l\<^esup>)"
+ using A map_partial_pullback_memE(1) by blast
+ show "g (take k x) @ drop k x \<in> map_partial_pullback m f l S"
+ proof(rule map_partial_pullback_memI)
+ show "g (take k x) @ drop k x \<in> carrier (Q\<^sub>p\<^bsup>m+l\<^esup>)"
+ proof-
+ have 1: "g (take k x) \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using 0 assms(2) is_semialg_map_closed[of k m g]
+ by (meson Pi_iff le_add1 take_closed)
+ then show ?thesis
+ by (metis "0" add.commute cartesian_power_concat(2) cartesian_power_drop)
+ qed
+ show "f (take m (g (take k x) @ drop k x)) @ drop m (g (take k x) @ drop k x) \<in> S"
+ using map_partial_pullback_memE[of x k "f \<circ> g" l S]
+ comp_apply[of f g] map_partial_image_eq[of "take k x" k "drop k x" l x "f \<circ> g"]
+ by (metis (no_types, lifting) A \<open>g (take k x) @ drop k x \<in> carrier (Q\<^sub>p\<^bsup>m + l\<^esup>)\<close>
+ append_eq_append_conv append_take_drop_id cartesian_power_car_memE
+ cartesian_power_drop map_partial_image_def)
+ qed
+ qed
+ qed
+ show "map_partial_pullback k g l (map_partial_pullback m f l S) \<subseteq> map_partial_pullback k (f \<circ> g) l S"
+ proof fix x assume A: "x \<in> map_partial_pullback k g l (map_partial_pullback m f l S)"
+ have 0: "(take m (map_partial_image k g x)) = g (take k x)"
+ proof-
+ have "take k x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ using map_partial_pullback_memE[of x k g l] A le_add1 take_closed
+ by blast
+ then have "length (g (take k x)) = m"
+ using assms is_semialg_map_closed[of k m g] cartesian_power_car_memE
+ by blast
+ then show ?thesis
+ using assms unfolding map_partial_image_def
+ by (metis append_eq_conv_conj)
+ qed
+ show " x \<in> map_partial_pullback k (f \<circ> g) l S"
+ apply(rule map_partial_pullback_memI)
+ using A map_partial_pullback_memE
+ apply blast
+ using 0 assms A comp_apply map_partial_pullback_memE[of x k g l "map_partial_pullback m f l S"]
+ map_partial_pullback_memE[of "map_partial_image k g x" m f l S]
+ map_partial_image_eq[of "take k x" k "drop k x" l x g]
+ map_partial_image_eq[of "take m (map_partial_image k g x)" m "drop m (map_partial_image k g x)" l "(map_partial_image k g x)" f ]
+ by (metis (no_types, lifting) cartesian_power_drop le_add1 map_partial_image_def map_partial_pullback_memE' take_closed)
+qed
+qed
+
+lemma semialg_map_comp_closed:
+ assumes "is_semialg_map m n f"
+ assumes "is_semialg_map k m g"
+ shows "is_semialg_map k n (f \<circ> g)"
+ apply(intro is_semialg_mapI , unfold Pi_iff comp_def, intro ballI,
+ intro is_semialg_map_closed'[of m n f] is_semialg_map_closed'[of k m g] assms, blast)
+proof- fix l S assume A: "S \<in> semialg_sets (n + l)"
+ have " is_semialgebraic (k + l) (map_partial_pullback k (f \<circ> g) l S)"
+ using map_partial_pullback_comp is_semialg_mapE A assms(1) assms(2) is_semialgebraicI
+ by presburger
+ thus "is_semialgebraic (k + l) (map_partial_pullback k (\<lambda>x. f (g x)) l S)"
+ unfolding comp_def by auto
+qed
+
+lemma partial_pullback_comp:
+ assumes "is_semialg_function m f"
+ assumes "is_semialg_map k m g"
+ shows "(partial_pullback k (f \<circ> g) l S) = (map_partial_pullback k g l (partial_pullback m f l S))"
+proof
+ show "partial_pullback k (f \<circ> g) l S \<subseteq> map_partial_pullback k g l (partial_pullback m f l S)"
+ proof fix x assume A: "x \<in> partial_pullback k (f \<circ> g) l S"
+ show "x \<in> map_partial_pullback k g l (partial_pullback m f l S)"
+ proof(rule map_partial_pullback_memI)
+ show 0: "x \<in> carrier (Q\<^sub>p\<^bsup>k+l\<^esup>)"
+ using A partial_pullback_memE(1) by blast
+ show "g (take k x) @ drop k x \<in> partial_pullback m f l S"
+ proof(rule partial_pullback_memI)
+ show "g (take k x) @ drop k x \<in> carrier (Q\<^sub>p\<^bsup>m+l\<^esup>)"
+ proof-
+ have 1: "g (take k x) \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using 0 assms(2) is_semialg_map_closed[of k m g]
+ by (meson Pi_iff le_add1 take_closed)
+ then show ?thesis
+ by (metis "0" add.commute cartesian_power_concat(2) cartesian_power_drop)
+ qed
+ show "f (take m (g (take k x) @ drop k x)) # drop m (g (take k x) @ drop k x) \<in> S"
+ using partial_pullback_memE[of x k "f \<circ> g" l S]
+ comp_apply[of f g] partial_image_eq[of "take k x" k "drop k x" l x "f \<circ> g"]
+ by (metis (no_types, lifting) A \<open>g (take k x) @ drop k x \<in> carrier (Q\<^sub>p\<^bsup>m+l\<^esup>)\<close>
+ add_diff_cancel_left' append_eq_append_conv append_take_drop_id
+ cartesian_power_car_memE length_drop local.partial_image_def)
+ qed
+ qed
+ qed
+ show "map_partial_pullback k g l (partial_pullback m f l S) \<subseteq> partial_pullback k (f \<circ> g) l S"
+ proof fix x assume A: "x \<in> map_partial_pullback k g l (partial_pullback m f l S)"
+ have 0: "(take m (map_partial_image k g x)) = g (take k x)"
+ proof-
+ have "take k x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ using map_partial_pullback_memE[of x k g l] A le_add1 take_closed
+ by blast
+ then have "length (g (take k x)) = m"
+ using assms is_semialg_map_closed[of k m g] cartesian_power_car_memE
+ by blast
+ then show ?thesis
+ using assms unfolding map_partial_image_def
+ by (metis append_eq_conv_conj)
+ qed
+ show "x \<in> partial_pullback k (f \<circ> g) l S"
+ apply(rule partial_pullback_memI)
+ using A map_partial_pullback_memE
+ apply blast
+ using 0 assms A comp_apply map_partial_pullback_memE[of x k g l "partial_pullback m f l S"]
+ partial_pullback_memE[of "map_partial_image k g x" m f l S]
+ map_partial_image_eq[of "take k x" k "drop k x" l x g]
+ partial_image_eq[of "take m (map_partial_image k g x)" m "drop m (map_partial_image k g x)" l "(map_partial_image k g x)" f ]
+ by (metis (no_types, lifting) cartesian_power_drop le_add1 map_partial_image_def partial_pullback_memE' take_closed)
+
+qed
+qed
+
+lemma semialg_function_comp_closed:
+ assumes "is_semialg_function m f"
+ assumes "is_semialg_map k m g"
+ shows "is_semialg_function k (f \<circ> g)"
+proof(rule is_semialg_functionI)
+ show "f \<circ> g \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ proof fix x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ show " (f \<circ> g) x \<in> carrier Q\<^sub>p"
+ using A assms is_semialg_map_closed[of k m g ] is_semialg_function_closed[of m f] comp_apply[of f g x]
+ by (metis (no_types, lifting) Pi_mem)
+ qed
+ show " \<And>ka S. S \<in> semialg_sets (1 + ka) \<Longrightarrow> is_semialgebraic (k + ka) (partial_pullback k (f \<circ> g) ka S)"
+ proof- fix n S assume A: "S \<in> semialg_sets (1 + n)"
+ show "is_semialgebraic (k + n) (partial_pullback k (f \<circ> g) n S)"
+ using A assms partial_pullback_comp is_semialg_functionE is_semialg_mapE
+ is_semialgebraicI by presburger
+ qed
+qed
+
+lemma semialg_map_evimage_is_semialg:
+ assumes "is_semialg_map k m g"
+ assumes "is_semialgebraic m S"
+ shows "is_semialgebraic k (g \<inverse>\<^bsub>k\<^esub> S)"
+proof-
+ have "g \<inverse>\<^bsub>k\<^esub> S = map_partial_pullback k g 0 S"
+ proof
+ show "g \<inverse>\<^bsub>k\<^esub> S \<subseteq> map_partial_pullback k g 0 S"
+ proof fix x assume A: "x \<in> g \<inverse>\<^bsub>k\<^esub> S"
+ then have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<and> g x \<in> S"
+ by (meson evimage_eq)
+ have "x = take k x @ drop k x"
+ using 0 by (simp add: "0")
+ then show "x \<in> map_partial_pullback k g 0 S"
+ unfolding map_partial_pullback_def map_partial_image_def
+ by (metis (no_types, lifting) "0" Nat.add_0_right add.commute append_Nil2 append_same_eq
+ append_take_drop_id evimageI2 map_partial_image_def map_partial_image_eq take0 take_drop)
+ qed
+ show "map_partial_pullback k g 0 S \<subseteq> g \<inverse>\<^bsub>k\<^esub> S"
+ proof fix x assume A: "x \<in> map_partial_pullback k g 0 S "
+ then have 0: " g (take k x) @ (drop k x) \<in> S"
+ unfolding map_partial_pullback_def map_partial_image_def
+ by blast
+ have 1: "x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ using A unfolding map_partial_pullback_def map_partial_image_def
+ by (metis (no_types, lifting) Nat.add_0_right evimage_eq)
+ hence "take k x = x"
+ by (metis cartesian_power_car_memE le_eq_less_or_eq take_all)
+ then show " x \<in> g \<inverse>\<^bsub>k\<^esub> S"
+ using 0 1 unfolding evimage_def
+ by (metis (no_types, lifting) IntI append.assoc append_same_eq append_take_drop_id same_append_eq vimageI)
+ qed
+ qed
+ then show ?thesis using assms
+ by (metis add.right_neutral is_semialg_mapE' map_partial_pullback_def)
+qed
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection \<open>Examples of Semialgebraic Maps\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+lemma semialg_map_on_carrier:
+ assumes "is_semialg_map n m f"
+ assumes "restrict f (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) = restrict g (carrier (Q\<^sub>p\<^bsup>n\<^esup>))"
+ shows "is_semialg_map n m g"
+proof(rule is_semialg_mapI)
+ have 0: "f \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using assms(1) is_semialg_map_closed
+ by blast
+ show "g \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ proof fix x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)" then show " g x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using assms(2) 0
+ by (metis (no_types, lifting) PiE restrict_Pi_cancel)
+ qed
+ show "\<And>k S. S \<in> semialg_sets (m + k) \<Longrightarrow> is_semialgebraic (n + k) (map_partial_pullback n g k S)"
+ proof- fix k S
+ assume A: "S \<in> semialg_sets (m + k)"
+ have 1: "is_semialgebraic (n + k) (map_partial_pullback n f k S)"
+ using A assms(1) is_semialg_mapE is_semialgebraicI
+ by blast
+ have 2: "(map_partial_pullback n f k S) = (map_partial_pullback n g k S)"
+ unfolding map_partial_pullback_def map_partial_image_def evimage_def
+ proof
+ show "(\<lambda>xs. f (take n xs) @ drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>) \<subseteq> (\<lambda>xs. g (take n xs) @ drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ proof fix x assume A: "x \<in> (\<lambda>xs. f (take n xs) @ drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ have "(take n x) \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using assms A
+ by (meson Int_iff le_add1 take_closed)
+ then have "f (take n x) = g (take n x)"
+ using assms unfolding restrict_def
+ by meson
+ then show "x \<in> (\<lambda>xs. g (take n xs) @ drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ using assms
+ by (metis (no_types, lifting) A Int_iff vimageE vimageI)
+ qed
+ show " (\<lambda>xs. g (take n xs) @ drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>) \<subseteq> (\<lambda>xs. f (take n xs) @ drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ proof fix x assume A: "x \<in> (\<lambda>xs. g (take n xs) @ drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ have "(take n x) \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using assms
+ by (meson A inf_le2 le_add1 subset_iff take_closed)
+ then have "f (take n x) = g (take n x)"
+ using assms unfolding restrict_def
+ by meson
+ then show " x \<in> (\<lambda>xs. f (take n xs) @ drop n xs) -` S \<inter> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ using A by blast
+ qed
+ qed
+ then show "is_semialgebraic (n + k) (map_partial_pullback n g k S)"
+ using 1 by auto
+ qed
+qed
+
+lemma semialg_function_tuple_is_semialg_map:
+ assumes "is_semialg_function_tuple m fs"
+ assumes "length fs = n"
+ shows "is_semialg_map m n (function_tuple_eval Q\<^sub>p m fs)"
+ apply(rule is_semialg_mapI)
+ using function_tuple_eval_closed[of m fs]
+ apply (metis Pi_I assms(1) assms(2) semialg_function_tuple_is_function_tuple)
+proof- fix k S assume A: "S \<in> semialg_sets (n + k)"
+ show "is_semialgebraic (m + k) (map_partial_pullback m (function_tuple_eval Q\<^sub>p m fs) k S)"
+ using is_semialg_map_tupleE[of m fs k S] assms A tuple_partial_pullback_is_semialg_map_tuple[of m fs]
+ unfolding tuple_partial_pullback_def map_partial_pullback_def
+ map_partial_image_def tuple_partial_image_def is_semialgebraic_def
+ by (metis evimage_def)
+qed
+
+lemma index_is_semialg_function:
+ assumes "n > k"
+ shows "is_semialg_function n (\<lambda>as. as!k)"
+proof-
+ have 0: "restrict (\<lambda>as. as!k) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) = restrict (Qp_ev (pvar Q\<^sub>p k)) (carrier (Q\<^sub>p\<^bsup>n\<^esup>))"
+ using assms by (metis (no_types, lifting) eval_pvar restrict_ext)
+ have 1: "is_semialg_function n (Qp_ev (pvar Q\<^sub>p k))"
+ using pvar_closed assms poly_is_semialg[of "pvar Q\<^sub>p k"] by blast
+ show ?thesis
+ using 0 1 semialg_function_on_carrier[of n "Qp_ev (pvar Q\<^sub>p k)" "(\<lambda>as. as!k)"]
+ by presburger
+qed
+
+definition Qp_ith where
+"Qp_ith m i = (\<lambda> x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). x!i)"
+
+lemma Qp_ith_closed:
+ assumes "i < m"
+ shows "Qp_ith m i \<in> carrier (SA m)"
+proof(rule SA_car_memI)
+ show "Qp_ith m i \<in> carrier (function_ring (carrier (Q\<^sub>p\<^bsup>m\<^esup>)) Q\<^sub>p)"
+ apply(rule Qp.function_ring_car_memI[of "carrier(Q\<^sub>p\<^bsup>m\<^esup>)"])
+ using assms cartesian_power_car_memE'[of _ Q\<^sub>p m i] unfolding Qp_ith_def
+ apply (metis restrict_apply)
+ unfolding restrict_def by meson
+ have 0: "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> Qp_ith m i x = eval_at_point Q\<^sub>p x (pvar Q\<^sub>p i)"
+ using assms eval_pvar[of i m] unfolding Qp_ith_def restrict_def by presburger
+ have 1: "is_semialg_function m (eval_at_poly Q\<^sub>p (pvar Q\<^sub>p i))"
+ using assms pvar_closed[of i m] poly_is_semialg by blast
+ show "is_semialg_function m (local.Qp_ith m i)"
+ apply(rule semialg_function_on_carrier'[of m "eval_at_poly Q\<^sub>p (pvar Q\<^sub>p i)"])
+ using 1 apply blast
+ using 0 by blast
+qed
+
+lemma take_is_semialg_map:
+ assumes "n \<ge> k"
+ shows "is_semialg_map n k (take k)"
+proof-
+ obtain fs where fs_def: "fs = map (\<lambda>i::nat. (\<lambda>as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). as!i)) [0::nat..< k]"
+ by blast
+ have 0: "is_semialg_function_tuple n fs"
+ proof(rule is_semialg_function_tupleI)
+ fix f assume A: "f \<in> set fs"
+ then obtain i where i_def: "i \<in> set [0::nat..< k] \<and> f = (\<lambda>as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). as!i)"
+ using A fs_def
+ by (metis (no_types, lifting) in_set_conv_nth length_map nth_map)
+ have i_less: "i < k"
+ proof-
+ have "set [0::nat..< k] = {0..<k}"
+ using atLeastLessThan_upt by blast
+ then show ?thesis using i_def
+ using atLeastLessThan_iff by blast
+ qed
+ show "is_semialg_function n f"
+ apply(rule semialg_function_on_carrier[of n "(\<lambda>as. as ! i)"],
+ rule index_is_semialg_function[of i n ] )
+ using A i_def assms by auto
+ qed
+ have 1: "restrict (function_tuple_eval Q\<^sub>p n fs) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) = restrict (take k) (carrier (Q\<^sub>p\<^bsup>n\<^esup>))"
+ unfolding function_tuple_eval_def
+ proof fix x
+ show " (\<lambda>x\<in>carrier (Q\<^sub>p\<^bsup>n\<^esup>). map (\<lambda>f. f x) fs) x = restrict (take k) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) x"
+ proof(cases "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)")
+ case True
+ have "(map (\<lambda>f. f x) fs) = take k x"
+ proof-
+ have "\<And>i. i < k \<Longrightarrow> (map (\<lambda>f. f x) fs) ! i = x ! i"
+ proof- fix i assume A: "i < k"
+ have "length [0::nat..< k] = k"
+ using assms by simp
+ then have "length fs = k"
+ using fs_def
+ by (metis length_map)
+ then have 0: "(map (\<lambda>f. f x) fs) ! i = (fs!i) x"
+ using A by (meson nth_map)
+ have 1: "(fs!i) x = x!i"
+ using A nth_map[of i "[0..<k]" "(\<lambda>i. \<lambda>as\<in>carrier (Q\<^sub>p\<^bsup>n\<^esup>). as ! i)"] True
+ unfolding fs_def restrict_def by auto
+ then show "map (\<lambda>f. f x) fs ! i = x ! i"
+ using 0 assms A True fs_def nth_map[of i fs] cartesian_power_car_memE[of x Q\<^sub>p n]
+ by blast
+ qed
+ then have 0: "\<And>i. i < k \<Longrightarrow> (map (\<lambda>f. f x) fs) ! i = (take k x) ! i"
+ using assms True nth_take by blast
+ have 1: "length (map (\<lambda>f. f x) fs) = length (take k x)"
+ using fs_def True assms
+ by (metis cartesian_power_car_memE length_map map_nth take_closed)
+ have 2: "length (take k x) = k"
+ using assms True cartesian_power_car_memE take_closed
+ by blast
+ show ?thesis using 0 1 2
+ by (metis nth_equalityI)
+ qed
+ then show ?thesis using True unfolding restrict_def
+ by presburger
+ next
+ case False
+ then show ?thesis unfolding restrict_def
+ by (simp add: False)
+ qed
+ qed
+ have 2: " is_semialg_map n k (function_tuple_eval Q\<^sub>p n fs)"
+ using 0 semialg_function_tuple_is_semialg_map[of n fs k] assms fs_def length_map
+ by (metis (no_types, lifting) diff_zero length_upt)
+ show ?thesis using 1 2
+ using semialg_map_on_carrier by blast
+qed
+
+lemma drop_is_semialg_map:
+ shows "is_semialg_map (k + n) n (drop k)"
+proof-
+ obtain fs where fs_def: "fs = map (\<lambda>i::nat. (\<lambda>as \<in> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>). as!i)) [k..<n+k]"
+ by blast
+ have 0: "is_semialg_function_tuple (k+n) fs"
+ proof(rule is_semialg_function_tupleI)
+ fix f assume A: "f \<in> set fs"
+ then obtain i where i_def: "i \<in> set [k..<n+k] \<and> f = (\<lambda>as \<in> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>). as!i)"
+ using A fs_def
+ by (metis (no_types, lifting) in_set_conv_nth length_map nth_map)
+ have i_less: "i \<ge> k \<and> i < n + k"
+ proof-
+ have "set [k..<n+k] = {k..<n+k}"
+ using atLeastLessThan_upt by blast
+ then show ?thesis using i_def
+ using atLeastLessThan_iff by blast
+ qed
+ have "is_semialg_function (n + k) f"
+ using A index_is_semialg_function[of i "n+k" ]
+ i_less semialg_function_on_carrier[of "n+k" "(\<lambda>as. as ! i)" f] i_def
+ restrict_is_semialg
+ by blast
+ then show "is_semialg_function (k + n) f"
+ by (simp add: add.commute)
+ qed
+ have 1: "restrict (function_tuple_eval Q\<^sub>p (n+k) fs) (carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)) = restrict (drop k) (carrier (Q\<^sub>p\<^bsup>n+k\<^esup>))"
+ unfolding function_tuple_eval_def
+ proof fix x
+ show " (\<lambda>x\<in>carrier (Q\<^sub>p\<^bsup>n+k\<^esup>). map (\<lambda>f. f x) fs) x = restrict (drop k) (carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)) x"
+ proof(cases "x\<in>carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)")
+ case True
+ have "(map (\<lambda>f. f x) fs) = drop k x"
+ proof-
+ have "\<And>i. i < n \<Longrightarrow> (map (\<lambda>f. f x) fs) ! i = x ! (i+k)"
+ proof- fix i assume A: "i < n"
+ have 00: "length [k..<n+k] = n"
+ by simp
+ then have "length fs = n"
+ using fs_def
+ by (metis length_map)
+ then have 0:"(map (\<lambda>f. f x) fs) ! i = (fs!i) x"
+ using A by (meson nth_map)
+ have "[k..<n+k]!i = i + k"
+ by (simp add: A)
+ have "( map (\<lambda>i. \<lambda>as\<in>carrier (Q\<^sub>p\<^bsup>n+k\<^esup>). as ! i) [k..<n + k]) ! i = ((\<lambda>i. \<lambda>as\<in>carrier (Q\<^sub>p\<^bsup>n+k\<^esup>). as ! i) ([k..<n + k] ! i))"
+ using A 00 nth_map[of i "[k..< n + k]" "(\<lambda>i. \<lambda>as\<in>carrier (Q\<^sub>p\<^bsup>n+k\<^esup>). as ! i)"]
+ by linarith
+ then have 1: "fs!i = (\<lambda>as \<in> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>). as!(i+k))"
+ using fs_def A \<open>[k..<n + k] ! i = i + k\<close> by presburger
+ then show "map (\<lambda>f. f x) fs ! i = x ! (i + k)"
+ using True 0
+ by (metis (no_types, lifting) restrict_apply)
+ qed
+ then have 0: "\<And>i. i < n \<Longrightarrow> (map (\<lambda>f. f x) fs) ! i = (drop k x) ! i"
+ using True nth_drop
+ by (metis add.commute cartesian_power_car_memE le_add2)
+ have 1: "length (map (\<lambda>f. f x) fs) = length (drop k x)"
+ using fs_def True length_drop[of k x]
+ by (metis cartesian_power_car_memE length_map length_upt)
+ have 2: "length (drop k x) = n"
+ using True cartesian_power_car_memE
+ by (metis add_diff_cancel_right' length_drop)
+ show ?thesis using 0 1 2
+ by (metis nth_equalityI)
+ qed
+ then show ?thesis using True unfolding restrict_def
+ by presburger
+ next
+ case False
+ then show ?thesis unfolding restrict_def
+ by (simp add: False)
+ qed
+ qed
+ have 00: "length [k..<n+k] = n"
+ by simp
+ then have "length fs = n"
+ using fs_def
+ by (metis length_map)
+ then have 2: " is_semialg_map (k + n) n (function_tuple_eval Q\<^sub>p (k + n) fs)"
+ using 0 semialg_function_tuple_is_semialg_map[of "k + n" fs n]
+ by blast
+ show ?thesis using 1 2
+ using semialg_map_on_carrier[of "k + n" n "function_tuple_eval Q\<^sub>p (k + n) fs" "drop k"]
+ by (metis add.commute)
+qed
+
+lemma project_at_indices_is_semialg_map:
+ assumes "S \<subseteq> {..<n}"
+ shows "is_semialg_map n (card S) \<pi>\<^bsub>S\<^esub>"
+proof-
+ obtain k where k_def: "k = card S"
+ by blast
+ have 0: "card {..<n} = n"
+ by simp
+ have 1: "finite S"
+ using assms finite_subset
+ by blast
+ have 2: "card S \<le> n"
+ using assms 0 1
+ by (metis card_mono finite_lessThan)
+ then have k_size: " k \<le> n"
+ using k_def assms 0 1 2
+ by blast
+ obtain fs where fs_def: "fs = map (\<lambda>i::nat. (\<lambda>as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). as!(nth_elem S i))) [0..<k]"
+ by blast
+ have 4: "length fs = k"
+ using fs_def assms "1" k_def
+ by (metis Ex_list_of_length length_map map_nth)
+ have 5: "is_semialg_function_tuple n fs"
+ proof(rule is_semialg_function_tupleI)
+ fix f assume A: "f \<in> set fs"
+ then obtain i where i_def: "i \<in> set [0..<k] \<and> f = (\<lambda>as \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). as!(nth_elem S i))"
+ using A fs_def atLeast_upt "4" in_set_conv_nth map_eq_conv map_nth
+ by auto
+ have i_le_k:"i < k"
+ proof-
+ have "set [0..<k] = {..<k}"
+ using atLeast_upt by blast
+ then show ?thesis
+ using i_def
+ by blast
+ qed
+ then have i_in_S: "nth_elem S i \<in> S"
+ using "1" k_def nth_elem_closed by blast
+ then have "nth_elem S i < n"
+ using assms
+ by blast
+ show "is_semialg_function n f"
+ using A index_is_semialg_function[of "nth_elem S i" n]
+ semialg_function_on_carrier[of n "(\<lambda>as. as ! nth_elem S i)"] i_def restrict_is_semialg
+ \<open>nth_elem S i < n\<close> by blast
+ qed
+ have 6: "restrict (function_tuple_eval Q\<^sub>p n fs) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) = restrict (\<pi>\<^bsub>S\<^esub>) (carrier (Q\<^sub>p\<^bsup>n\<^esup>))"
+ unfolding function_tuple_eval_def
+ proof fix x
+ show " (\<lambda>x\<in>carrier (Q\<^sub>p\<^bsup>n\<^esup>). map (\<lambda>f. f x) fs) x = restrict (\<pi>\<^bsub>S\<^esub>) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) x"
+ proof(cases "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)")
+ case True
+ have "(map (\<lambda>f. f x) fs) = \<pi>\<^bsub>S\<^esub> x"
+ proof-
+ have "\<And>i. i < k \<Longrightarrow> (map (\<lambda>f. f x) fs) ! i = (\<pi>\<^bsub>S\<^esub> x) ! i"
+ proof- fix i assume A: "i < k"
+ have T0:"(map (\<lambda>f. f x) fs) ! i = (fs!i) x"
+ using A nth_map by (metis "4")
+ have T1: "indices_of x = {..< n}"
+ using True cartesian_power_car_memE indices_of_def
+ by blast
+ have T2: "set (set_to_list S) \<subseteq> indices_of x"
+ using assms True by (simp add: True "1" T1)
+ have T3: "length x = n"
+ using True cartesian_power_car_memE by blast
+ have T4: "([0..<k] ! i) = i"
+ using A by simp
+ have T5: "nth_elem S i < n"
+ using assms 0 1 2 A k_def
+ by (meson lessThan_iff nth_elem_closed subsetD)
+ have T6: "nth_elem S ([0..<k] ! i) = nth_elem S i"
+ by (simp add: T4)
+ have T6: "(\<lambda>as\<in>carrier (Q\<^sub>p\<^bsup>n\<^esup>). as ! nth_elem S ([0..<k] ! i)) x = x! (nth_elem S i)"
+ proof-
+ have "(\<lambda>as\<in>carrier (Q\<^sub>p\<^bsup>n\<^esup>). as ! nth_elem S ([0..<k] ! i)) x = x! nth_elem S ([0..<k] ! i)"
+ using True restrict_def by metis
+ then show ?thesis
+ using A T3 T4 0 1 2 T5 T6 True
+ by metis
+ qed
+ have T7: " map (\<lambda>f. f x) fs ! i = x! (nth_elem S i)"
+ using fs_def T0 A nth_map[of i "[0..<k]" "(\<lambda>i. \<lambda>as\<in>carrier (Q\<^sub>p\<^bsup>n\<^esup>). as ! nth_elem S i)"]
+ by (metis "4" T6 length_map)
+ show "map (\<lambda>f. f x) fs ! i = \<pi>\<^bsub>S\<^esub> x ! i"
+ using True T0 T1 T2 fs_def 5 unfolding T7
+ by (metis A assms(1) k_def project_at_indices_nth)
+ qed
+ have 1: "length (map (\<lambda>f. f x) fs) = length (\<pi>\<^bsub>S\<^esub> x)"
+ using fs_def True assms proj_at_index_list_length[of S x] k_def
+ by (metis "4" cartesian_power_car_memE indices_of_def length_map)
+ have 2: "length (\<pi>\<^bsub>S\<^esub> x) = k"
+ using assms True 0 1 2
+ by (metis "4" length_map)
+ show ?thesis using 1 2
+ by (metis \<open>\<And>i. i < k \<Longrightarrow> map (\<lambda>f. f x) fs ! i = \<pi>\<^bsub>S\<^esub> x ! i\<close> nth_equalityI)
+ qed
+ then show ?thesis using True unfolding restrict_def
+ by presburger
+ next
+ case False
+ then show ?thesis unfolding restrict_def
+ by (simp add: False)
+ qed
+ qed
+ have 7: " is_semialg_map n k (function_tuple_eval Q\<^sub>p n fs)"
+ using 0 semialg_function_tuple_is_semialg_map[of n fs k] assms fs_def length_map "4" "5" k_size
+ by blast
+ show ?thesis using 6 7
+ using semialg_map_on_carrier k_def
+ by blast
+qed
+
+lemma tl_is_semialg_map:
+ shows "is_semialg_map (Suc n) n tl"
+proof-
+ have 0: "(card {1..<Suc n}) = n"
+ proof-
+ have "Suc n - 1 = n"
+ using diff_Suc_1 by blast
+ then show ?thesis
+ by simp
+ qed
+ have 3: "{1..<Suc n} \<subseteq> {..<Suc n}"
+ using atLeastLessThan_iff by blast
+ have 4: " is_semialg_map (Suc n) n (project_at_indices {1..<Suc n})"
+ using 0 project_at_indices_is_semialg_map
+ by (metis "3")
+ show ?thesis
+ using 0 3 4
+ semialg_map_on_carrier[of "Suc n" n "(project_at_indices {1..<Suc n})" tl]
+ unfolding restrict_def
+ by (metis (no_types, lifting) tl_as_projection)
+qed
+
+text\<open>Coordinate functions are semialgebraic maps.\<close>
+
+lemma coord_fun_is_SA:
+ assumes "is_semialg_map n m g"
+ assumes "i < m"
+ shows "coord_fun Q\<^sub>p n g i \<in> carrier (SA n)"
+proof(rule SA_car_memI)
+ show "coord_fun Q\<^sub>p n g i \<in> carrier (function_ring (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) Q\<^sub>p)"
+ apply(rule Qp.function_ring_car_memI)
+ unfolding coord_fun_def using assms
+ apply (metis (no_types, lifting) Pi_iff cartesian_power_car_memE' is_semialg_map_closed restrict_apply')
+ by (meson restrict_apply)
+ show "is_semialg_function n (coord_fun Q\<^sub>p n g i)"
+ proof-
+ have 0: "is_semialg_function m (\<lambda> x. x ! i)"
+ using assms gr_implies_not0 index_is_semialg_function by blast
+ have 1: "(coord_fun Q\<^sub>p n g i) = restrict ((\<lambda>x. x ! i) \<circ> g) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) "
+ unfolding coord_fun_def using comp_apply
+ by metis
+ show ?thesis
+ using semialg_function_on_carrier[of n "((\<lambda>x. x ! i) \<circ> g)" "coord_fun Q\<^sub>p n g i"]
+ assms semialg_function_comp_closed[of m "\<lambda>x. x ! i" n g] assms 0 1
+ unfolding coord_fun_def
+ using restrict_is_semialg by presburger
+ qed
+qed
+
+lemma coord_fun_map_is_semialg_tuple:
+ assumes "is_semialg_map n m g"
+ shows "is_semialg_function_tuple n (map (coord_fun Q\<^sub>p n g) [0..<m])"
+proof(rule is_semialg_function_tupleI)
+ have 0: "set [0..<m] = {..<m}"
+ using atLeast_upt by blast
+ fix f assume A: "f \<in> set (map (coord_fun Q\<^sub>p n g) [0..<m])"
+ then obtain i where i_def: "i < m \<and> f = coord_fun Q\<^sub>p n g i"
+ using set_map[of "coord_fun Q\<^sub>p n g" "[0..<m]"] 0
+ by (metis image_iff lessThan_iff)
+ show " is_semialg_function n f"
+ using i_def A assms coord_fun_is_SA[of n m g i] SA_imp_semialg by blast
+qed
+
+lemma semialg_map_cons:
+ assumes "is_semialg_map n m g"
+ assumes "f \<in> carrier (SA n)"
+ shows "is_semialg_map n (Suc m) (\<lambda> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). f x # g x)"
+proof-
+ obtain Fs where Fs_def: "Fs = f # (map (coord_fun Q\<^sub>p n g) [0..<m])"
+ by blast
+ have 0: "is_semialg_function_tuple n Fs"
+ apply(rule is_semialg_function_tupleI)
+ using is_semialg_function_tupleE'[of n "map (coord_fun Q\<^sub>p n g) [0..<m]"]
+ coord_fun_map_is_semialg_tuple[of n m g] assms SA_car_memE(1)[of f n]
+ set_ConsD[of _ f "map (coord_fun Q\<^sub>p n g) [0..<m]"] assms
+ unfolding Fs_def by blast
+ have 1: "(\<lambda> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). f x # g x) = (\<lambda> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). function_tuple_eval Q\<^sub>p n Fs x)"
+ proof(rule ext) fix x show "(\<lambda>x\<in>carrier (Q\<^sub>p\<^bsup>n\<^esup>). f x # g x) x = restrict (function_tuple_eval Q\<^sub>p n Fs) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) x"
+ proof(cases "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)")
+ case True then have T0: "(\<lambda>x\<in>carrier (Q\<^sub>p\<^bsup>n\<^esup>). f x # g x) x = f x # g x"
+ by (meson restrict_apply')
+ have T1: "restrict (function_tuple_eval Q\<^sub>p n Fs) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) x = function_tuple_eval Q\<^sub>p n Fs x"
+ using True by (meson restrict_apply')
+ hence T2: "restrict (function_tuple_eval Q\<^sub>p n Fs) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) x = f x # (function_tuple_eval Q\<^sub>p n (map (coord_fun Q\<^sub>p n g) [0..<m]) x)"
+ unfolding function_tuple_eval_def Fs_def by (metis (no_types, lifting) list.simps(9))
+ have T3: "g x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using assms True is_semialg_map_closed by blast
+ have "length [0..<m] = m"
+ by auto
+ hence T4: "length (map (coord_fun Q\<^sub>p n g) [0..<m]) = m"
+ using length_map[of "(coord_fun Q\<^sub>p n g)" "[0..<m]"] by metis
+ hence T5: "length (function_tuple_eval Q\<^sub>p n (map (coord_fun Q\<^sub>p n g) [0..<m]) x) = m"
+ unfolding function_tuple_eval_def using length_map by metis
+ have T6: "(function_tuple_eval Q\<^sub>p n (map (coord_fun Q\<^sub>p n g) [0..<m]) x) = g x"
+ apply(rule nth_equalityI) using T3 T5
+ using cartesian_power_car_memE apply blast
+ using cartesian_power_car_memE[of "g x" Q\<^sub>p m] T5 T4 T3 True
+ nth_map[of _ "(map (\<lambda>i. \<lambda>x\<in>carrier (Q\<^sub>p\<^bsup>n\<^esup>). g x ! i) [0..<m])" "(\<lambda>f. f x)"]
+ nth_map[of _ "[0..<m]" "(\<lambda>i. \<lambda>x\<in>carrier (Q\<^sub>p\<^bsup>n\<^esup>). g x ! i)"]
+ unfolding function_tuple_eval_def coord_fun_def restrict_def
+ by (metis (no_types, lifting) \<open>length [0..<m] = m\<close> map_nth nth_map)
+ hence T7: "restrict (function_tuple_eval Q\<^sub>p n Fs) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) x = f x # g x"
+ using T4 T2 by presburger
+ thus ?thesis using T0
+ by presburger
+ next
+ case False
+ then show ?thesis unfolding restrict_def
+ by metis
+ qed
+ qed
+ have 2: "length Fs = Suc m"
+ unfolding Fs_def using length_map[of "(coord_fun Q\<^sub>p n g)" "[0..<m]"] length_Cons[of f "map (coord_fun Q\<^sub>p n g) [0..<m]"]
+ using length_upt by presburger
+ have 3: "is_semialg_map n (Suc m) (\<lambda> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). function_tuple_eval Q\<^sub>p n Fs x)"
+ apply(rule semialg_map_on_carrier[of _ _ "function_tuple_eval Q\<^sub>p n Fs"],
+ intro semialg_function_tuple_is_semialg_map[of n Fs "Suc m"] 0 2)
+ by auto
+ show ?thesis using 1 3
+ by presburger
+qed
+
+text\<open>Extensional Semialgebraic Maps:\<close>
+
+definition semialg_maps where
+"semialg_maps n m \<equiv> {f. is_semialg_map n m f \<and> f \<in> struct_maps (Q\<^sub>p\<^bsup>n\<^esup>) (Q\<^sub>p\<^bsup>m\<^esup>)}"
+
+lemma semialg_mapsE:
+ assumes "f \<in> (semialg_maps n m)"
+ shows "is_semialg_map n m f"
+ "f \<in> struct_maps (Q\<^sub>p\<^bsup>n\<^esup>) (Q\<^sub>p\<^bsup>m\<^esup>)"
+ "f \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using assms unfolding semialg_maps_def apply blast
+ using assms unfolding semialg_maps_def apply blast
+ apply(rule is_semialg_map_closed)
+ using assms unfolding semialg_maps_def by blast
+
+definition to_semialg_map where
+"to_semialg_map n m f = restrict f (carrier (Q\<^sub>p\<^bsup>n\<^esup>))"
+
+lemma to_semialg_map_is_semialg_map:
+ assumes "is_semialg_map n m f"
+ shows "to_semialg_map n m f \<in> semialg_maps n m"
+ using assms unfolding to_semialg_map_def semialg_maps_def struct_maps_def mem_Collect_eq
+ using is_semialg_map_closed' semialg_map_on_carrier by force
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Application of Functions to Segments of Tuples\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+definition take_apply where
+"take_apply m n f = restrict (f \<circ> take n) (carrier (Q\<^sub>p\<^bsup>m\<^esup>))"
+
+definition drop_apply where
+"drop_apply m n f = restrict (f \<circ> drop n) (carrier (Q\<^sub>p\<^bsup>m\<^esup>))"
+
+lemma take_apply_closed:
+ assumes "f \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ assumes "k \<ge> n"
+ shows "take_apply k n f \<in> carrier (Fun\<^bsub>k\<^esub> Q\<^sub>p)"
+proof(rule Qp.function_ring_car_memI)
+ show "\<And>a. a \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<Longrightarrow> take_apply k n f a \<in> carrier Q\<^sub>p"
+ proof- fix a assume A: "a \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)" show "take_apply k n f a \<in> carrier Q\<^sub>p"
+ using A assms comp_apply[of f "take n" a] Qp.function_ring_car_memE[of f n] take_closed[of n k a]
+ unfolding take_apply_def restrict_def
+ by metis
+ qed
+ show " \<And>a. a \<notin> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<Longrightarrow> take_apply k n f a = undefined"
+ unfolding take_apply_def restrict_def
+ by meson
+qed
+
+lemma take_apply_SA_closed:
+ assumes "f \<in> carrier (SA n)"
+ assumes "k \<ge> n"
+ shows "take_apply k n f \<in> carrier (SA k)"
+ apply(rule SA_car_memI)
+ using SA_car_memE(2) assms(1) assms(2) take_apply_closed apply blast
+ using assms take_is_semialg_map[of n k] unfolding take_apply_def
+ by (metis padic_fields.SA_imp_semialg
+ padic_fields_axioms restrict_is_semialg semialg_function_comp_closed)
+
+lemma drop_apply_closed:
+ assumes "f \<in> carrier (Fun\<^bsub>k - n\<^esub> Q\<^sub>p)"
+ assumes "k \<ge> n"
+ shows "drop_apply k n f \<in> carrier (Fun\<^bsub>k\<^esub> Q\<^sub>p)"
+proof(rule Qp.function_ring_car_memI)
+ show " \<And>a. a \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<Longrightarrow> drop_apply k n f a \<in> carrier Q\<^sub>p"
+ proof- fix a assume A: "a \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)" show "drop_apply k n f a \<in> carrier Q\<^sub>p"
+ using A assms comp_apply[of f "drop n" a] Qp.function_ring_car_memE[of f ] drop_closed[of n k a Q\<^sub>p]
+ unfolding drop_apply_def restrict_def
+ by (metis (no_types, opaque_lifting) Qp.function_ring_car_memE add_diff_cancel_right'
+ cartesian_power_drop dec_induct diff_diff_cancel diff_less_Suc diff_less_mono2
+ infinite_descent le_neq_implies_less less_antisym linorder_neqE_nat not_less0 not_less_eq_eq)
+ qed
+ show " \<And>a. a \<notin> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<Longrightarrow> drop_apply k n f a = undefined"
+ unfolding drop_apply_def restrict_def
+ by meson
+qed
+
+lemma drop_apply_SA_closed:
+ assumes "f \<in> carrier (SA (k-n))"
+ assumes "k \<ge> n"
+ shows "drop_apply k n f \<in> carrier (SA k)"
+ apply(rule SA_car_memI)
+ using SA_car_memE(2) assms(1) assms(2) drop_apply_closed less_imp_le_nat apply blast
+ using assms drop_is_semialg_map[of n "k - n" ] semialg_function_comp_closed[of "k - n" f k "drop n"] unfolding drop_apply_def
+ by (metis (no_types, lifting) SA_imp_semialg le_add_diff_inverse restrict_is_semialg)
+
+lemma take_apply_apply:
+ assumes "f \<in> carrier (SA n)"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "b \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ shows "take_apply (n+k) n f (a@b) = f a"
+proof-
+ have "a@b \<in> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ using assms cartesian_power_concat(1) by blast
+ thus ?thesis
+ unfolding take_apply_def restrict_def
+ using assms cartesian_power_car_memE comp_apply[of f "take n"]
+ by (metis append_eq_conv_conj)
+qed
+
+lemma drop_apply_apply:
+ assumes "f \<in> carrier (SA k)"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "b \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ shows "drop_apply (n+k) n f (a@b) = f b"
+proof-
+ have "a@b \<in> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ using assms cartesian_power_concat(1) by blast
+ thus ?thesis
+ unfolding drop_apply_def restrict_def
+ using assms cartesian_power_car_memE comp_apply[of f "drop n"]
+ by (metis append_eq_conv_conj)
+qed
+
+lemma drop_apply_add:
+ assumes "f \<in> carrier (SA n)"
+ assumes "g \<in> carrier (SA n)"
+ shows "drop_apply (n+k) k (f \<oplus>\<^bsub>SA n\<^esub> g) = drop_apply (n+k) k f \<oplus>\<^bsub>SA (n + k)\<^esub> drop_apply (n+k) k g"
+ apply(rule function_ring_car_eqI[of _ "n + k"])
+ using drop_apply_SA_closed assms fun_add_closed SA_car_memE(2) SA_plus diff_add_inverse2 drop_apply_closed le_add2 apply presburger
+ using drop_apply_SA_closed assms fun_add_closed SA_car_memE(2) SA_plus diff_add_inverse2 drop_apply_closed le_add2 apply presburger
+proof-
+ fix a assume A: "a \<in> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ then obtain b c where bc_def: "b \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<and> c \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<and> a = b@c"
+ by (metis (no_types, lifting) add.commute cartesian_power_decomp)
+ have 0: "drop_apply (n + k) k (f \<oplus>\<^bsub>SA n\<^esub> g) a = f c \<oplus> g c"
+ using assms bc_def drop_apply_apply[of "f \<oplus>\<^bsub>SA n\<^esub> g" n b k c ]
+ by (metis SA_add SA_imp_semialg add.commute padic_fields.SA_add_closed_left padic_fields_axioms)
+ then show " drop_apply (n + k) k (f \<oplus>\<^bsub>SA n\<^esub> g) a = (drop_apply (n + k) k f \<oplus>\<^bsub>SA (n + k)\<^esub> drop_apply (n + k) k g) a"
+ using bc_def drop_apply_apply assms
+ by (metis A SA_add add.commute)
+qed
+
+lemma drop_apply_mult:
+ assumes "f \<in> carrier (SA n)"
+ assumes "g \<in> carrier (SA n)"
+ shows "drop_apply (n+k) k (f \<otimes> \<^bsub>SA n\<^esub> g) = drop_apply (n+k) k f \<otimes>\<^bsub>SA (n + k)\<^esub> drop_apply (n+k) k g"
+ apply(rule function_ring_car_eqI[of _ "n + k"])
+ using drop_apply_SA_closed assms fun_mult_closed SA_car_memE(2) SA_times diff_add_inverse2 drop_apply_closed le_add2 apply presburger
+ using drop_apply_SA_closed assms fun_mult_closed SA_car_memE(2) SA_times diff_add_inverse2 drop_apply_closed le_add2 apply presburger
+proof-
+ fix a assume A: "a \<in> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ then obtain b c where bc_def: "b \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<and> c \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<and> a = b@c"
+ by (metis (no_types, lifting) add.commute cartesian_power_decomp)
+ have 0: "drop_apply (n + k) k (f \<otimes>\<^bsub>SA n\<^esub> g) a = f c \<otimes> g c"
+ using assms bc_def drop_apply_apply[of "f \<otimes>\<^bsub>SA n\<^esub> g" n b k c ]
+ by (metis SA_imp_semialg SA_mult SA_mult_closed_right add.commute)
+ then show " drop_apply (n + k) k (f \<otimes>\<^bsub>SA n\<^esub> g) a = (drop_apply (n + k) k f \<otimes>\<^bsub>SA (n + k)\<^esub> drop_apply (n + k) k g) a"
+ using bc_def drop_apply_apply assms by (metis A SA_mult add.commute)
+qed
+
+lemma drop_apply_one:
+ shows "drop_apply (n+k) k \<one>\<^bsub>SA n\<^esub> = \<one>\<^bsub>SA (n+k)\<^esub>"
+ apply(rule function_ring_car_eqI[of _ "n + k"])
+ apply (metis function_one_closed SA_one add_diff_cancel_right' drop_apply_closed le_add2)
+ using function_one_closed SA_one apply presburger
+proof-
+ fix a assume A: "a \<in> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ show "drop_apply (n + k) k \<one>\<^bsub>SA n\<^esub> a = \<one>\<^bsub>SA (n + k)\<^esub> a"
+ unfolding drop_apply_def restrict_def
+ using SA_one[of "n+k"] SA_one[of n] comp_apply[of "\<one>\<^bsub>SA n\<^esub>" "drop k" a] drop_closed[of k "n+k" a Q\<^sub>p]
+ function_ring_defs(4)
+ unfolding function_one_def
+ by (metis A function_one_eval add.commute cartesian_power_drop)
+qed
+
+lemma drop_apply_is_hom:
+ shows "drop_apply (n + k) k \<in> ring_hom (SA n) (SA (n + k))"
+ apply(rule ring_hom_memI)
+ using drop_apply_SA_closed[of _ "k+n" k]
+ apply (metis add.commute add_diff_cancel_left' le_add1)
+ using drop_apply_mult apply blast
+ using drop_apply_add apply blast
+ using drop_apply_one by blast
+
+lemma take_apply_add:
+ assumes "f \<in> carrier (SA k)"
+ assumes "g \<in> carrier (SA k)"
+ shows "take_apply (n+k) k (f \<oplus>\<^bsub>SA k\<^esub> g) = take_apply (n+k) k f \<oplus>\<^bsub>SA (n + k)\<^esub> take_apply (n+k) k g"
+ apply(rule function_ring_car_eqI[of _ "n + k"])
+ using take_apply_SA_closed assms fun_add_closed SA_car_memE(2) SA_plus diff_add_inverse2 take_apply_closed le_add2 apply presburger
+ using take_apply_SA_closed assms fun_add_closed SA_car_memE(2) SA_plus diff_add_inverse2 take_apply_closed le_add2 apply presburger
+proof-
+ fix a assume A: "a \<in> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ then obtain b c where bc_def: "b \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<and> c \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<and> a = b@c"
+ by (metis (no_types, lifting) add.commute cartesian_power_decomp)
+ hence 0: "take_apply (n + k) k (f \<oplus>\<^bsub>SA k\<^esub> g) a = f b \<oplus> g b"
+ using assms bc_def take_apply_apply[of "f \<oplus>\<^bsub>SA k\<^esub> g" k b c ]
+ by (metis SA_add SA_imp_semialg add.commute padic_fields.SA_add_closed_left padic_fields_axioms)
+ then show "take_apply (n + k) k (f \<oplus>\<^bsub>SA k\<^esub> g) a = (take_apply (n + k) k f \<oplus>\<^bsub>SA (n + k)\<^esub> take_apply (n + k) k g) a"
+ using bc_def take_apply_apply assms
+ by (metis A SA_add add.commute)
+qed
+
+lemma take_apply_mult:
+ assumes "f \<in> carrier (SA k)"
+ assumes "g \<in> carrier (SA k)"
+ shows "take_apply (n+k) k (f \<otimes>\<^bsub>SA k\<^esub> g) = take_apply (n+k) k f \<otimes>\<^bsub>SA (n + k)\<^esub> take_apply (n+k) k g"
+ apply(rule function_ring_car_eqI[of _ "n + k"])
+ using take_apply_SA_closed assms fun_mult_closed SA_car_memE(2) SA_times diff_add_inverse2 take_apply_closed le_add2 apply presburger
+ using take_apply_SA_closed assms fun_mult_closed SA_car_memE(2) SA_times diff_add_inverse2 take_apply_closed le_add2 apply presburger
+proof-
+ fix a assume A: "a \<in> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ then obtain b c where bc_def: "b \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<and> c \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<and> a = b@c"
+ by (metis (no_types, lifting) add.commute cartesian_power_decomp)
+ hence 0: "take_apply (n + k) k (f \<otimes>\<^bsub>SA k\<^esub> g) a = f b \<otimes> g b"
+ using assms bc_def take_apply_apply[of "f \<otimes>\<^bsub>SA k\<^esub> g" k b c ]
+ by (metis SA_mult SA_imp_semialg add.commute padic_fields.SA_mult_closed_left padic_fields_axioms)
+ then show "take_apply (n + k) k (f \<otimes>\<^bsub>SA k\<^esub> g) a = (take_apply (n + k) k f \<otimes>\<^bsub>SA (n + k)\<^esub> take_apply (n + k) k g) a"
+ using bc_def take_apply_apply assms
+ by (metis A SA_mult add.commute)
+qed
+
+lemma take_apply_one:
+ shows "take_apply (n+k) k \<one>\<^bsub>SA k\<^esub> = \<one>\<^bsub>SA (n+k)\<^esub>"
+ apply(rule function_ring_car_eqI[of _ "n + k"])
+ using function_one_closed SA_one le_add2 take_apply_closed apply presburger
+ using function_one_closed SA_one apply presburger
+proof-
+ fix a assume A: "a \<in> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ show "take_apply (n + k) k \<one>\<^bsub>SA k\<^esub> a = \<one>\<^bsub>SA (n + k)\<^esub> a"
+ unfolding take_apply_def restrict_def
+ using SA_one[of "n+k"] SA_one[of k] comp_apply[of "\<one>\<^bsub>SA k\<^esub>" "take k" a] take_closed[of k "n + k" a]
+ function_ring_defs(4)
+ unfolding function_one_def
+ using A function_one_eval le_add2 by metis
+qed
+
+lemma take_apply_is_hom:
+ shows "take_apply (n + k) k \<in> ring_hom (SA k) (SA (n + k))"
+ apply(rule ring_hom_memI)
+ using take_apply_SA_closed[of _ k "n+k"] le_add2 apply blast
+ using take_apply_mult apply blast
+ using take_apply_add apply blast
+ using take_apply_one by blast
+
+lemma drop_apply_units:
+ assumes "f \<in> Units (SA n)"
+ shows "drop_apply (n+k) k f \<in> Units (SA (n+k))"
+ apply(rule SA_Units_memI)
+ using drop_apply_SA_closed[of f "n+k" k ] assms SA_Units_closed
+ apply (metis add_diff_cancel_right' le_add2)
+proof-
+ show "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>n + k\<^esup>) \<Longrightarrow> drop_apply (n + k) k f x \<noteq> \<zero>"
+ proof- fix x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ then have "drop_apply (n + k) k f x = f (drop k x)"
+ unfolding drop_apply_def restrict_def by (meson comp_def)
+ then show "drop_apply (n + k) k f x \<noteq> \<zero>"
+ using SA_Units_memE'[of f n "drop k x"]
+ by (metis A add.commute assms cartesian_power_drop)
+ qed
+qed
+
+lemma take_apply_units:
+ assumes "f \<in> Units (SA k)"
+ shows "take_apply (n+k) k f \<in> Units (SA (n+k))"
+ apply(rule SA_Units_memI)
+ using take_apply_SA_closed[of f k "n+k" ] assms SA_Units_closed le_add2 apply blast
+proof-
+ show "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>n + k\<^esup>) \<Longrightarrow> take_apply (n + k) k f x \<noteq> \<zero>"
+ proof- fix x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ then have "take_apply (n + k) k f x = f (take k x)"
+ unfolding take_apply_def restrict_def by (meson comp_def)
+ then show "take_apply (n + k) k f x \<noteq> \<zero>"
+ using SA_Units_memE'[of f k "take k x"] A assms le_add2 local.take_closed by blast
+ qed
+qed
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Level Sets of Semialgebraic Functions\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+lemma evimage_is_semialg:
+ assumes "h \<in> carrier (SA n)"
+ assumes "is_univ_semialgebraic S"
+ shows "is_semialgebraic n (h \<inverse>\<^bsub>n\<^esub> S)"
+proof-
+ have 0: "is_semialgebraic 1 (to_R1 ` S)"
+ using assms is_univ_semialgebraicE by blast
+ have 1: "h \<inverse>\<^bsub>n\<^esub> S = partial_pullback n h (0::nat) (to_R1 ` S)"
+ proof show "h \<inverse>\<^bsub>n\<^esub> S \<subseteq> partial_pullback n h 0 ((\<lambda>a. [a]) ` S)"
+ proof fix x assume A: "x \<in> h \<inverse>\<^bsub>n\<^esub> S"
+ then have 0: "h x \<in> S" by blast
+ have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ by (meson A evimage_eq)
+ have 1: "drop n x = []"
+ using cartesian_power_car_memE[of x Q\<^sub>p n] drop_all x_closed
+ by blast
+ have 2: "take n x = x"
+ using cartesian_power_car_memE[of x Q\<^sub>p n] x_closed take_all
+ by blast
+ then show "x \<in> partial_pullback n h 0 ((\<lambda>a. [a]) ` S)"
+ unfolding partial_pullback_def partial_image_def evimage_def
+ using 0 1 2 x_closed
+ by (metis (no_types, lifting) IntI Nat.add_0_right image_iff vimageI)
+ qed
+ show "partial_pullback n h 0 ((\<lambda>a. [a]) ` S) \<subseteq> h \<inverse>\<^bsub>n\<^esub> S"
+ proof fix x assume A: "x \<in> partial_pullback n h 0 ((\<lambda>a. [a]) ` S)"
+ have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using A unfolding partial_pullback_def evimage_def
+ by (metis A Nat.add_0_right partial_pullback_memE(1))
+ then have "(partial_image n h) x = [h x]"
+ unfolding partial_image_def
+ by (metis (no_types, opaque_lifting) One_nat_def Qp.zero_closed append.right_neutral append_Nil
+ local.partial_image_def partial_image_eq segment_in_car' Qp.to_R1_closed)
+ then have "h x \<in> S"
+ using A unfolding partial_pullback_def
+ by (metis (no_types, lifting) A image_iff partial_pullback_memE(2) Qp.to_R_to_R1)
+ thus "x \<in> h \<inverse>\<^bsub>n\<^esub> S"
+ using x_closed by blast
+ qed
+ qed
+ then show ?thesis
+ using 0 is_semialg_functionE[of n h 0 "((\<lambda>a. [a]) ` S)"] assms SA_car_memE(1)[of h n]
+ by (metis Nat.add_0_right SA_car)
+qed
+
+lemma semialg_val_ineq_set_is_semialg:
+ assumes "g \<in> carrier (SA k)"
+ assumes "f \<in> carrier (SA k)"
+ shows "is_semialgebraic k {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (g x) \<le> val (f x)}"
+proof-
+ obtain F where F_def: "F = function_tuple_eval Q\<^sub>p k [f, g]"
+ by blast
+ have P0: "is_semialg_function_tuple k [f, g] "
+ using is_semialg_function_tupleI[of "[f, g]" k]
+ by (metis assms list.distinct(1) list.set_cases padic_fields.SA_imp_semialg padic_fields_axioms set_ConsD)
+ hence P1: "is_semialg_map k 2 F"
+ using assms semialg_function_tuple_is_semialg_map[of k "[f, g]" 2]
+ unfolding F_def by (simp add: \<open>f \<in> carrier (SA k)\<close> \<open>g \<in> carrier (SA k)\<close>)
+ have "{x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (g x) \<le> val (f x)} = F \<inverse>\<^bsub>k\<^esub> val_relation_set"
+ proof
+ show "{x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (g x) \<le> val (f x)} \<subseteq> F \<inverse>\<^bsub>k\<^esub> val_relation_set"
+ proof fix x assume A: "x \<in> {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (g x) \<le> val (f x)}"
+ then have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<and> val (g x) \<le> val (f x)" by blast
+ have 1: "F x = [f x, g x]"
+ unfolding F_def using A unfolding function_tuple_eval_def
+ by (metis (no_types, lifting) list.simps(8) map_eq_Cons_conv)
+ have 2: "val (g x) \<le> val (f x)"
+ using A
+ by blast
+ have 3: "F x \<in> carrier (Q\<^sub>p\<^bsup>2\<^esup>)"
+ using assms A 1
+ by (metis (no_types, lifting) "0" Qp.function_ring_car_mem_closed Qp_2I SA_car_memE(2))
+ then have 4: "x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<and> F x \<in> val_relation_set"
+ unfolding val_relation_set_def F_def using 0 1 2 3
+ by (metis (no_types, lifting) cartesian_power_car_memE cartesian_power_car_memE'
+ list.inject local.F_def one_less_numeral_iff pair_id semiring_norm(76) val_relation_setI
+ val_relation_set_def zero_less_numeral)
+ then show "x \<in> F \<inverse>\<^bsub>k\<^esub> val_relation_set"
+ by blast
+ qed
+ show "F \<inverse>\<^bsub>k\<^esub> val_relation_set \<subseteq> {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (g x) \<le> val (f x)}"
+ proof fix x assume A: "x \<in> F \<inverse>\<^bsub>k\<^esub> val_relation_set"
+ then have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<and> F x \<in> val_relation_set"
+ by (meson evimage_eq)
+ then have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<and> [f x, g x] \<in> val_relation_set"
+ unfolding F_def function_tuple_eval_def
+ by (metis (no_types, lifting) list.simps(8) list.simps(9))
+ then have "x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<and> val (g x) \<le> val (f x)"
+ unfolding F_def val_relation_set_def
+ by (metis (no_types, lifting) "0" list.inject val_relation_setE)
+ then show "x \<in> {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (g x) \<le> val (f x)}"
+ by blast
+ qed
+ qed
+ then show ?thesis
+ using assms P0 P1 val_relation_is_semialgebraic semialg_map_evimage_is_semialg[of k 2 F val_relation_set] pos2
+ by presburger
+qed
+
+lemma semialg_val_ineq_set_is_semialg':
+ assumes "f \<in> carrier (SA k)"
+ shows "is_semialgebraic k {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<le> C}"
+proof-
+ obtain a where a_def: "a \<in> carrier Q\<^sub>p \<and> val a = C"
+ by (meson Qp.carrier_not_empty Qp.minus_closed dist_nonempty' equals0I)
+ then obtain g where g_def: "g = constant_function (carrier (Q\<^sub>p\<^bsup>k\<^esup>)) a"
+ by blast
+ have 0: "g \<in> carrier (SA k)"
+ using g_def a_def SA_car assms(1) constant_function_in_semialg_functions by blast
+ have 1: "{x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<le> C} = {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<le> val (g x)}"
+ using g_def by (metis (no_types, lifting) Qp_constE a_def)
+ then show ?thesis using assms 0 semialg_val_ineq_set_is_semialg[of f k g]
+ by presburger
+qed
+
+lemma semialg_val_ineq_set_is_semialg'':
+ assumes "f \<in> carrier (SA k)"
+ shows "is_semialgebraic k {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<ge> C}"
+proof-
+ obtain a where a_def: "a \<in> carrier Q\<^sub>p \<and> val a = C"
+ by (meson Qp.carrier_not_empty Qp.minus_closed dist_nonempty' equals0I)
+ then obtain g where g_def: "g = constant_function (carrier (Q\<^sub>p\<^bsup>k\<^esup>)) a"
+ by blast
+ have 0: "g \<in> carrier (SA k)"
+ using g_def a_def SA_car assms(1) constant_function_in_semialg_functions by blast
+ have 1: "{x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<ge> C} = {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<ge> val (g x)}"
+ using g_def by (metis (no_types, lifting) Qp_constE a_def)
+ then show ?thesis using assms 0 semialg_val_ineq_set_is_semialg[of g k f]
+ by presburger
+qed
+
+lemma semialg_level_set_is_semialg:
+ assumes "f \<in> carrier (SA k)"
+ assumes "c \<in> carrier Q\<^sub>p"
+ shows "is_semialgebraic k {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). f x = c}"
+proof-
+ have 0: "is_univ_semialgebraic {c}"
+ apply(rule finite_is_univ_semialgebraic) using assms apply blast by auto
+ have 1: "{x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). f x = c} = f \<inverse>\<^bsub>k\<^esub> {c}"
+ unfolding evimage_def by auto
+ then show ?thesis using 0 assms evimage_is_semialg by presburger
+qed
+
+lemma semialg_val_eq_set_is_semialg':
+ assumes "f \<in> carrier (SA k)"
+ shows "is_semialgebraic k {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) = C}"
+proof(cases "C = \<infinity>")
+ case True
+ then have "{x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) = C} = {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). f x = \<zero>}"
+ using assms unfolding val_def by (meson eint.distinct(1))
+ then have "{x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) = C} = f \<inverse>\<^bsub>k\<^esub> {\<zero>}"
+ unfolding evimage_def by blast
+ then show ?thesis
+ using assms semialg_level_set_is_semialg[of f k \<zero>] Qp.zero_closed \<open>{x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) = C} = {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). f x = \<zero>}\<close> by presburger
+next
+ case False
+ then obtain N::int where N_def: "C = eint N"
+ by blast
+ have 0: "{x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) = C} = {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<le> N} - {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<le> (eint (N-1))}"
+ proof
+ show "{x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) = C} \<subseteq> {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<le> N} - {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<le> (eint (N-1))}"
+ proof
+ fix x assume A: "x \<in> {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) = C}"
+ then have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<and> val (f x) = C"
+ by blast
+ have 1: "\<not> val (f x) \<le> (eint (N-1))"
+ using A N_def assms 0 eint_ord_simps(1) by presburger
+ have 2: "val (f x) \<le> (eint N)"
+ using 0 N_def eint_ord_simps(1) by presburger
+ show "x \<in> {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<le> N} - {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<le> (eint (N-1))}"
+ using 0 1 2
+ by blast
+ qed
+ show "{x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<le> N} - {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<le> (eint (N-1))} \<subseteq> {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) = C}"
+ proof fix x assume A: "x \<in> {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<le> N} - {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<le> (eint (N-1))}"
+ have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<and> val (f x) \<le> C"
+ using A N_def by blast
+ have 1: "\<not> val (f x) \<le> (eint (N-1))"
+ using A 0 by blast
+ have 2: "val (f x) = C"
+ proof(rule ccontr)
+ assume "val (f x) \<noteq> C"
+ then have "val (f x) < C"
+ using 0 by auto
+ then obtain M where M_def: "val (f x) = eint M"
+ using N_def eint_iless by blast
+ then have "M < N"
+ by (metis N_def \<open>val (f x) < C\<close> eint_ord_simps(2))
+ then have "val (f x) \<le> eint (N - 1)"
+ using M_def eint_ord_simps(1) by presburger
+ then show False using 1 by blast
+ qed
+ show "x \<in> {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) = C} "
+ using 0 2 by blast
+ qed
+ qed
+ have 1: "is_semialgebraic k {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<le> N}"
+ using assms semialg_val_ineq_set_is_semialg'[of f k N] by blast
+ have 2: "is_semialgebraic k {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<le> (eint (N-1))}"
+ using assms semialg_val_ineq_set_is_semialg' by blast
+ show ?thesis using 0 1 2
+ using diff_is_semialgebraic by presburger
+qed
+
+lemma semialg_val_eq_set_is_semialg:
+ assumes "g \<in> carrier (SA k)"
+ assumes "f \<in> carrier (SA k)"
+ shows "is_semialgebraic k {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (g x) = val (f x)}"
+proof-
+ have 0: "is_semialgebraic k {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (g x) \<le> val (f x)}"
+ using assms semialg_val_ineq_set_is_semialg[of g k f] by blast
+ have 1: "is_semialgebraic k {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (g x) \<ge> val (f x)}"
+ using assms semialg_val_ineq_set_is_semialg[of f k g] by blast
+ have 2: " {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (g x) = val (f x)} = {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (g x) \<le> val (f x)} \<inter> {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (g x) \<ge> val (f x)}"
+ using eq_iff by blast
+ show ?thesis using 0 1 2 intersection_is_semialg by presburger
+qed
+
+lemma semialg_val_strict_ineq_set_formula:
+"{x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (g x) < val (f x)} = {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (g x) \<le> val (f x)} - {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (g x) = val (f x)}"
+ using neq_iff le_less by blast
+
+lemma semialg_val_ineq_set_complement:
+"carrier (Q\<^sub>p\<^bsup>k\<^esup>) - {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (g x) \<le> val (f x)} = {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) < val (g x)}"
+ using not_le by blast
+
+lemma semialg_val_strict_ineq_set_complement:
+"carrier (Q\<^sub>p\<^bsup>k\<^esup>) - {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (g x) < val (f x)} = {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) \<le> val (g x)}"
+ using not_le by blast
+
+lemma semialg_val_strict_ineq_set_is_semialg:
+ assumes "g \<in> carrier (SA k)"
+ assumes "f \<in> carrier (SA k)"
+ shows "is_semialgebraic k {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (g x) < val (f x)}"
+ using semialg_val_ineq_set_complement[of k f g] assms diff_is_semialgebraic
+ semialg_val_ineq_set_is_semialg[of f ]
+ by (metis (no_types, lifting) complement_is_semialg)
+
+lemma semialg_val_strict_ineq_set_is_semialg':
+ assumes "f \<in> carrier (SA k)"
+ shows "is_semialgebraic k {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) < C}"
+proof-
+ obtain a where a_def: "a \<in> carrier Q\<^sub>p \<and> val a = C"
+ by (meson Qp.carrier_not_empty Qp.minus_closed dist_nonempty' equals0I)
+ then obtain g where g_def: "g = constant_function (carrier (Q\<^sub>p\<^bsup>k\<^esup>)) a"
+ by blast
+ have 0: "g \<in> carrier (SA k)"
+ using g_def a_def SA_car assms(1) constant_function_in_semialg_functions by blast
+ have 1: "{x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) < C} = {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) < val (g x)}"
+ using g_def by (metis (no_types, lifting) Qp_constE a_def)
+ then show ?thesis using assms 0 semialg_val_strict_ineq_set_is_semialg[of f k g]
+ by presburger
+qed
+
+lemma semialg_val_strict_ineq_set_is_semialg'':
+ assumes "f \<in> carrier (SA k)"
+ shows "is_semialgebraic k {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) > C}"
+proof-
+ obtain a where a_def: "a \<in> carrier Q\<^sub>p \<and> val a = C"
+ by (meson Qp.carrier_not_empty Qp.minus_closed dist_nonempty' equals0I)
+ then obtain g where g_def: "g = constant_function (carrier (Q\<^sub>p\<^bsup>k\<^esup>)) a"
+ by blast
+ have 0: "g \<in> carrier (SA k)"
+ using g_def a_def SA_car assms(1) constant_function_in_semialg_functions by blast
+ have 1: "{x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) > C} = {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). val (f x) > val (g x)}"
+ using g_def by (metis (no_types, lifting) Qp_constE a_def)
+ then show ?thesis using assms 0 semialg_val_strict_ineq_set_is_semialg[of g k f]
+ by presburger
+qed
+
+lemma semialg_val_ineq_set_plus:
+ assumes "N > 0"
+ assumes "c \<in> carrier (SA N)"
+ assumes "a \<in> carrier (SA N)"
+ shows "is_semialgebraic N {x \<in> carrier (Q\<^sub>p\<^bsup>N\<^esup>). val (c x) \<le> val (a x) + eint n}"
+proof-
+ obtain b where b_def: "b = \<pp>[^]n \<odot>\<^bsub>SA N\<^esub> a"
+ by blast
+ have b_closed: "b \<in> carrier (SA N)"
+ unfolding b_def using assms SA_smult_closed p_intpow_closed(1) by blast
+ have "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>N\<^esup>) \<Longrightarrow> val (b x) = val (a x) + eint n"
+ unfolding b_def by (metis Qp.function_ring_car_memE SA_car_memE(2) SA_smult_formula assms(3) p_intpow_closed(1) times_p_pow_val)
+ hence 0: "{x \<in> carrier (Q\<^sub>p\<^bsup>N\<^esup>). val (c x) \<le> val (a x) + eint n} = {x \<in> carrier (Q\<^sub>p\<^bsup>N\<^esup>). val (c x) \<le> val (b x)}"
+ by (metis (no_types, opaque_lifting) add.commute)
+ show ?thesis unfolding 0 using assms b_def b_closed semialg_val_ineq_set_is_semialg[of c N b] by blast
+qed
+
+lemma semialg_val_eq_set_plus:
+ assumes "N > 0"
+ assumes "c \<in> carrier (SA N)"
+ assumes "a \<in> carrier (SA N)"
+ shows "is_semialgebraic N {x \<in> carrier (Q\<^sub>p\<^bsup>N\<^esup>). val (c x) = val (a x) + eint n}"
+proof-
+ obtain b where b_def: "b = \<pp>[^]n \<odot>\<^bsub>SA N\<^esub> a"
+ by blast
+ have b_closed: "b \<in> carrier (SA N)"
+ unfolding b_def using assms SA_smult_closed p_intpow_closed(1) by blast
+ have "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>N\<^esup>) \<Longrightarrow> val (b x) = val (a x) + eint n"
+ unfolding b_def by (metis Qp.function_ring_car_memE SA_car_memE(2) SA_smult_formula assms(3) p_intpow_closed(1) times_p_pow_val)
+ hence 0: "{x \<in> carrier (Q\<^sub>p\<^bsup>N\<^esup>). val (c x) = val (a x) + eint n} = {x \<in> carrier (Q\<^sub>p\<^bsup>N\<^esup>). val (c x) = val (b x)}"
+ by (metis (no_types, opaque_lifting) add.commute)
+ show ?thesis unfolding 0 using assms b_def b_closed semialg_val_eq_set_is_semialg[of c N b] by blast
+qed
+
+definition SA_zero_set where
+"SA_zero_set n f = {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). f x = \<zero>}"
+
+lemma SA_zero_set_is_semialgebraic:
+ assumes "f \<in> carrier (SA n)"
+ shows "is_semialgebraic n (SA_zero_set n f)"
+ using assms semialg_level_set_is_semialg[of f n \<zero>] unfolding SA_zero_set_def
+ by blast
+
+lemma SA_zero_set_memE:
+ assumes "f \<in> carrier (SA n)"
+ assumes "x \<in> SA_zero_set n f"
+ shows "f x = \<zero>"
+ using assms unfolding SA_zero_set_def by blast
+
+lemma SA_zero_set_memI:
+ assumes "f \<in> carrier (SA n)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f x = \<zero>"
+ shows "x \<in> SA_zero_set n f"
+ using assms unfolding SA_zero_set_def by blast
+
+lemma SA_zero_set_of_zero:
+"SA_zero_set m (\<zero>\<^bsub>SA m\<^esub>) = carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ apply(rule equalityI')
+ unfolding SA_zero_set_def mem_Collect_eq
+ apply blast
+ using SA_zeroE by blast
+
+definition SA_nonzero_set where
+"SA_nonzero_set n f = {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). f x \<noteq> \<zero>}"
+
+lemma nonzero_evimage_closed:
+ assumes "f \<in> carrier (SA n)"
+ shows "is_semialgebraic n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). f x \<noteq> \<zero>}"
+proof-
+ have "{x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). f x \<noteq> \<zero>} = f \<inverse>\<^bsub>n\<^esub> nonzero Q\<^sub>p"
+ unfolding nonzero_def evimage_def using SA_car_memE[of f n] assms by blast
+ thus ?thesis using assms evimage_is_semialg[of f n "nonzero Q\<^sub>p"] nonzero_is_univ_semialgebraic
+ by presburger
+qed
+
+lemma SA_nonzero_set_is_semialgebraic:
+ assumes "f \<in> carrier (SA n)"
+ shows "is_semialgebraic n (SA_nonzero_set n f)"
+ using assms semialg_level_set_is_semialg[of f n \<zero>] unfolding SA_nonzero_set_def
+ using nonzero_evimage_closed by blast
+
+lemma SA_nonzero_set_memE:
+ assumes "f \<in> carrier (SA n)"
+ assumes "x \<in> SA_nonzero_set n f"
+ shows "f x \<noteq> \<zero>"
+ using assms unfolding SA_nonzero_set_def by blast
+
+lemma SA_nonzero_set_memI:
+ assumes "f \<in> carrier (SA n)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f x \<noteq> \<zero>"
+ shows "x \<in> SA_nonzero_set n f"
+ using assms unfolding SA_nonzero_set_def
+ by blast
+
+lemma SA_nonzero_set_of_zero:
+"SA_nonzero_set m (\<zero>\<^bsub>SA m\<^esub>) = {}"
+ apply(rule equalityI')
+ unfolding SA_nonzero_set_def mem_Collect_eq
+ using SA_zeroE apply blast
+ by blast
+
+lemma SA_car_memI':
+ assumes "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> f x \<in> carrier Q\<^sub>p"
+ assumes "\<And>x. x \<notin> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> f x = undefined"
+ assumes "\<And>k n P. n > 0 \<Longrightarrow> P \<in> carrier (Q\<^sub>p [\<X>\<^bsub>1 + k\<^esub>]) \<Longrightarrow> is_semialgebraic (m + k) (partial_pullback m f k (basic_semialg_set (1 + k) n P))"
+ shows "f \<in> carrier (SA m)"
+ apply(rule SA_car_memI)
+ apply(rule Qp.function_ring_car_memI)
+ using assms(1) apply blast using assms(2) apply blast
+ apply(rule is_semialg_functionI')
+ using assms(1) apply blast
+ using assms(3) unfolding is_basic_semialg_def
+ by blast
+
+lemma(in padic_fields) SA_zero_set_is_semialg:
+ assumes "a \<in> carrier (SA m)"
+ shows "is_semialgebraic m {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). a x = \<zero>}"
+ using assms semialg_level_set_is_semialg[of a m \<zero>] Qp.zero_closed by blast
+
+lemma(in padic_fields) SA_nonzero_set_is_semialg:
+ assumes "a \<in> carrier (SA m)"
+ shows "is_semialgebraic m {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). a x \<noteq> \<zero>}"
+proof-
+ have 0: "{x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). a x \<noteq> \<zero>} = carrier (Q\<^sub>p\<^bsup>m\<^esup>) - {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). a x = \<zero>}"
+ by blast
+ show ?thesis using assms SA_zero_set_is_semialg[of a m] complement_is_semialg[of m "{x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). a x = \<zero>}"]
+ unfolding 0 by blast
+qed
+
+lemma zero_set_nonzero_set_covers:
+"carrier (Q\<^sub>p\<^bsup>n\<^esup>) = SA_zero_set n f \<union> SA_nonzero_set n f"
+ unfolding SA_zero_set_def SA_nonzero_set_def
+ apply(rule equalityI')
+ unfolding mem_Collect_eq
+ apply blast
+ by blast
+
+lemma zero_set_nonzero_set_covers':
+ assumes "S \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "S = (S \<inter> SA_zero_set n f) \<union> (S \<inter> SA_nonzero_set n f)"
+ using assms zero_set_nonzero_set_covers by blast
+
+lemma zero_set_nonzero_set_covers_semialg_set:
+ assumes "is_semialgebraic n S"
+ shows "S = (S \<inter> SA_zero_set n f) \<union> (S \<inter> SA_nonzero_set n f)"
+ using assms is_semialgebraic_closed zero_set_nonzero_set_covers' by blast
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Partitioning Semialgebraic Sets According to Valuations of Functions\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+text\<open>
+ Given a semialgebraic set $A$ and a finite set of semialgebraic functions $Fs$, a common
+ construction is to simplify one's understanding of the behaviour of the functions $\mathit{Fs}$ on
+ $A$ by finitely paritioning $A$ into subsets where the element $f \in F$ for which $val (f x)$ is
+ minimal is constant as $x$ ranges over each piece of the parititon. The function
+ \texttt{Min\_set} helps construct this by picking out the subset of a set $A$ where the valuation
+ of a particular element of $\mathit{Fs}$ is minimal. Such a set will always be semialgebraic.
+\<close>
+
+lemma disjointify_semialg:
+ assumes "finite As"
+ assumes "As \<subseteq> semialg_sets n"
+ shows "disjointify As \<subseteq> semialg_sets n"
+ using assms unfolding semialg_sets_def
+ by (simp add: disjointify_gen_boolean_algebra)
+
+lemma semialgebraic_subalgebra:
+ assumes "finite Xs"
+ assumes "Xs \<subseteq> semialg_sets n"
+ shows "atoms_of Xs \<subseteq> semialg_sets n"
+ using assms unfolding semialg_sets_def
+ by (simp add: atoms_of_gen_boolean_algebra)
+
+lemma(in padic_fields) finite_intersection_is_semialg:
+ assumes "finite Xs"
+ assumes "Xs \<noteq> {}"
+ assumes "F ` Xs \<subseteq> semialg_sets m"
+ shows "is_semialgebraic m (\<Inter> i \<in> Xs. F i)"
+proof-
+ have 0: "F ` Xs \<subseteq> semialg_sets m \<and> F ` Xs \<noteq> {} "
+ using assms by blast
+ thus ?thesis
+ using assms finite_intersection_is_semialgebraic[of "F ` Xs" m]
+ by blast
+qed
+
+
+definition Min_set where
+"Min_set m As a = carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<inter> (\<Inter> f \<in> As. {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). val (a x) \<le> val (f x) })"
+
+lemma Min_set_memE:
+ assumes "x \<in> Min_set m As a"
+ assumes "f \<in> As"
+ shows "val (a x) \<le> val (f x)"
+ using assms unfolding Min_set_def by blast
+
+lemma Min_set_closed:
+"Min_set m As a \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ unfolding Min_set_def by blast
+
+lemma Min_set_semialg0:
+ assumes "As \<subseteq> carrier (SA m)"
+ assumes "finite As"
+ assumes "a \<in> As"
+ assumes "As \<noteq> {}"
+ shows "is_semialgebraic m (Min_set m As a)"
+ unfolding Min_set_def apply(rule intersection_is_semialg)
+ using carrier_is_semialgebraic apply blast
+ apply(rule finite_intersection_is_semialg)
+ using assms apply blast
+ using assms apply blast
+proof(rule subsetI) fix x assume A: " x \<in> (\<lambda>i. {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). val (a x) \<le> val (i x)}) ` As"
+ then obtain f where f_def: "f \<in> As \<and> x = {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). val (a x) \<le> val (f x)}"
+ by blast
+ have f_closed: "f \<in> carrier (SA m)"
+ using f_def assms by blast
+ have a_closed: "a \<in> carrier (SA m)"
+ using assms by blast
+ have "is_semialgebraic m {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). val (a x) \<le> val (f x)}"
+ using a_closed f_closed semialg_val_ineq_set_is_semialg by blast
+ thus " x \<in> semialg_sets m"
+ using f_def unfolding is_semialgebraic_def by blast
+qed
+
+lemma Min_set_semialg:
+ assumes "As \<subseteq> carrier (SA m)"
+ assumes "finite As"
+ assumes "a \<in> As"
+ shows "is_semialgebraic m (Min_set m As a)"
+ apply(cases "As = {}")
+ using Min_set_def assms(3) apply blast
+ using assms Min_set_semialg0 by blast
+
+lemma Min_sets_cover:
+ assumes "As \<noteq> {}"
+ assumes "finite As"
+ shows "carrier (Q\<^sub>p\<^bsup>m\<^esup>) = (\<Union> a \<in> As. Min_set m As a)"
+proof
+ show "carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<subseteq> \<Union> (Min_set m As ` As)"
+ proof fix x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) "
+ obtain v where v_def: "v = Min ((\<lambda>f. val (f x)) ` As)"
+ by blast
+ obtain f where f_def: "f \<in> As \<and> v = val (f x)"
+ unfolding v_def using assms Min_in[of "((\<lambda>f. val (f x)) ` As)"]
+ by blast
+ have v_def': "v = val (f x)"
+ using f_def by blast
+ have 0: "x \<in> Min_set m As f"
+ unfolding Min_set_def
+ apply(rule IntI)
+ using A apply blast
+ proof(rule InterI) fix s assume s: "s \<in> (\<lambda>fa. {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). val (f x) \<le> val (fa x)}) ` As"
+ then obtain g where g_def: "g \<in> As \<and> s= {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). val (f x) \<le> val (g x)}"
+ by blast
+ have s_def: "s= {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). val (f x) \<le> val (g x)}"
+ using g_def by blast
+ have 00: " val (g x) \<in> ((\<lambda>f. val (f x)) ` As)"
+ using g_def by blast
+ show "x \<in> s"
+ unfolding s_def mem_Collect_eq using 00 A assms MinE[of "((\<lambda>f. val (f x)) ` As)" v "val (g x)"]
+ unfolding v_def by (metis f_def finite_imageI v_def)
+ qed
+ thus "x \<in> \<Union> (Min_set m As ` As)"
+ using f_def by blast
+ qed
+ show "\<Union> (Min_set m As ` As) \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ unfolding Min_set_def by blast
+qed
+
+text\<open>
+ The sets defined by the function \texttt{Min\_set} for a fixed set of functions may not all be
+ disjoint, but we can easily refine then to obtain a finite partition via the function
+ "disjointify".
+\<close>
+
+definition Min_set_partition where
+"Min_set_partition m As B = disjointify ((\<inter>)B ` (Min_set m As ` As))"
+
+lemma Min_set_partition_finite:
+ assumes "finite As"
+ shows "finite (Min_set_partition m As B)"
+ unfolding Min_set_partition_def
+ by (meson assms disjointify_finite finite_imageI)
+
+lemma Min_set_partition_semialg0:
+ assumes "finite As"
+ assumes "As \<subseteq> carrier (SA m)"
+ assumes "is_semialgebraic m B"
+ assumes "S \<in> ((\<inter>)B ` (Min_set m As ` As))"
+ shows "is_semialgebraic m S"
+ using Min_set_semialg[of As m] assms intersection_is_semialg[of m B]
+ by blast
+
+lemma Min_set_partition_semialg:
+ assumes "finite As"
+ assumes "As \<subseteq> carrier (SA m)"
+ assumes "is_semialgebraic m B"
+ assumes "S \<in> (Min_set_partition m As B)"
+ shows "is_semialgebraic m S"
+proof-
+ have 0: "(\<inter>) B ` Min_set m As ` As \<subseteq> semialg_sets m "
+ apply(rule subsetI)
+ using Min_set_partition_semialg0[of As m B ] assms unfolding is_semialgebraic_def
+ by blast
+ thus ?thesis
+ unfolding is_semialgebraic_def
+ using assms Min_set_partition_semialg0[of As m B] disjointify_semialg[of "((\<inter>) B ` Min_set m As ` As)" m]
+ unfolding Min_set_partition_def is_semialgebraic_def by blast
+qed
+
+lemma Min_set_partition_covers0:
+ assumes "finite As"
+ assumes "As \<noteq> {}"
+ assumes "As \<subseteq> carrier (SA m)"
+ assumes "is_semialgebraic m B"
+ shows "\<Union> ((\<inter>)B ` (Min_set m As ` As)) = B"
+proof-
+ have 0: "\<Union> ((\<inter>)B ` (Min_set m As ` As)) = B \<inter> \<Union> (Min_set m As ` As)"
+ by blast
+ have 1: "B \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using assms is_semialgebraic_closed by blast
+ show ?thesis unfolding 0 using 1 assms Min_sets_cover[of As m] by blast
+qed
+
+lemma Min_set_partition_covers:
+ assumes "finite As"
+ assumes "As \<subseteq> carrier (SA m)"
+ assumes "As \<noteq> {}"
+ assumes "is_semialgebraic m B"
+ shows "\<Union> (Min_set_partition m As B) = B"
+ unfolding Min_set_partition_def
+ using Min_set_partition_covers0[of As m B] assms disjointify_union[of "((\<inter>) B ` Min_set m As ` As)"]
+ by (metis finite_imageI)
+
+lemma Min_set_partition_disjoint:
+ assumes "finite As"
+ assumes "As \<subseteq> carrier (SA m)"
+ assumes "As \<noteq> {}"
+ assumes "is_semialgebraic m B"
+ assumes "s \<in> Min_set_partition m As B"
+ assumes "s' \<in> Min_set_partition m As B"
+ assumes "s \<noteq> s'"
+ shows "s \<inter> s' = {}"
+ apply(rule disjointify_is_disjoint[of "((\<inter>) B ` Min_set m As ` As)" s s'])
+ using assms finite_imageI apply blast
+ using assms unfolding Min_set_partition_def apply blast
+ using assms unfolding Min_set_partition_def apply blast
+ using assms by blast
+
+lemma Min_set_partition_memE:
+ assumes "finite As"
+ assumes "As \<subseteq> carrier (SA m)"
+ assumes "As \<noteq> {}"
+ assumes "is_semialgebraic m B"
+ assumes "s \<in> Min_set_partition m As B"
+ shows "\<exists>f \<in> As. (\<forall>x \<in> s. (\<forall>g \<in> As. val (f x) \<le> val (g x)))"
+proof-
+ obtain s' where s'_def: "s' \<in> ((\<inter>) B ` Min_set m As ` As) \<and> s \<subseteq> s'"
+ using finite_imageI assms disjointify_subset[of "((\<inter>) B ` Min_set m As ` As)" s] unfolding Min_set_partition_def by blast
+ obtain f where f_def: "f \<in> As \<and> s' = B \<inter> Min_set m As f"
+ using s'_def by blast
+ have 0: "(\<forall>x \<in> s'. (\<forall>g \<in> As. val (f x) \<le> val (g x)))"
+ using f_def Min_set_memE[of _ m As f] by blast
+ thus ?thesis
+ using s'_def by (meson f_def subset_iff)
+qed
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Valuative Congruence Sets for Semialgebraic Functions\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ The set of points $x$ where the values $\mathit{ord}\ f(x)$ satisfy a congruence are important
+ basic examples of semialgebraic sets, and will be vital in the proof of Macintyre's Theorem. The
+ lemma below is essentially the content of Denef's Lemma 2.1.3 from his cell decomposition paper.
+\<close>
+
+lemma pre_SA_unit_cong_set_is_semialg:
+ assumes "k \<ge> 0"
+ assumes "f \<in> Units (SA n)"
+ shows "is_semialgebraic n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). ord (f x) mod k = a }"
+proof-
+ have 0: "{x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). ord (f x) mod k = a } = f \<inverse>\<^bsub>n\<^esub> ord_congruence_set k a"
+ unfolding ord_congruence_set_def
+ apply(rule equalityI')
+ using assms unfolding evimage_def vimage_def mem_Collect_eq
+ apply (metis (mono_tags, lifting) IntI Qp.function_ring_car_memE SA_Units_closed SA_Units_memE' SA_car_memE(2) mem_Collect_eq not_nonzero_Qp)
+ using assms by blast
+ show ?thesis unfolding 0
+ apply(rule evimage_is_semialg)
+ using assms apply blast
+ using assms ord_congruence_set_univ_semialg[of k a]
+ by blast
+qed
+
+lemma SA_unit_cong_set_is_semialg:
+ assumes "f \<in> Units (SA n)"
+ shows "is_semialgebraic n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). ord (f x) mod k = a}"
+proof(cases "k \<ge> 0")
+ case True
+ then show ?thesis
+ using assms pre_SA_unit_cong_set_is_semialg by presburger
+next
+ case False
+ show ?thesis
+ proof(cases "a = 0")
+ case True
+ have T0: "{x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). ord (f x) mod k = a } = {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). ord (f x) mod (-k) = a }"
+ apply(rule equalityI')
+ unfolding mem_Collect_eq using True zmod_zminus2_not_zero apply meson
+ using True zmod_zminus2_not_zero
+ by (metis equation_minus_iff)
+ show ?thesis unfolding T0 apply(rule pre_SA_unit_cong_set_is_semialg[of "-k" f n a])
+ using False apply presburger using assms by blast
+ next
+ case F: False
+ show ?thesis
+ proof(cases "a = k")
+ case True
+ have 0: "{x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). ord (f x) mod k = a} = {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). ord (f x) mod k = k}"
+ using True by blast
+ have 1: "{x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). ord (f x) mod k = a} = {} \<or> k = 0"
+ proof(cases "{x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). ord (f x) mod k = a} \<noteq> {}")
+ case T: True
+ then obtain x where "ord (f x) mod k = k"
+ unfolding True by blast
+ then have "k = 0"
+ by (metis mod_mod_trivial mod_self)
+ thus ?thesis by blast
+ next
+ case False
+ then show ?thesis by blast
+ qed
+ show ?thesis apply(cases "{x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). ord (f x) mod k = a} = {}")
+ using empty_is_semialgebraic apply presburger
+ using 1 pre_SA_unit_cong_set_is_semialg assms by blast
+ next
+ case F': False
+ have 0: "{x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). ord (f x) mod k = a} = {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). ord (f x) mod (-k) = a - k}"
+ apply(rule equalityI')
+ unfolding mem_Collect_eq using zmod_zminus2_eq_if assms apply (metis F)
+ unfolding mem_Collect_eq zmod_zminus2_eq_if using False F F' assms
+ by (metis (no_types, opaque_lifting) cancel_ab_semigroup_add_class.diff_right_commute group_add_class.right_minus_eq)
+ show ?thesis unfolding 0 apply(rule pre_SA_unit_cong_set_is_semialg)
+ using False apply presburger using assms by blast
+ qed
+ qed
+qed
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Gluing Functions Along Semialgebraic Sets\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+text\<open>
+ Semialgebraic functions have the useful property that they are closed under piecewise definitions.
+ That is, if $f, g$ are semialgebraic and $C \subseteq \mathbb{Q}_p^m$ is a semialgebraic set,
+ then the function:
+ \[
+ h(x) =
+ \begin{cases}
+ f(x) & \text{if $x \in C$} \\
+ g(x) & \text{if $x \in \mathbb{Q}_p^m - C$} \\
+ undefined & \text{otherwise}
+ \end{cases}
+ \]
+ is again semialgebraic. The function $h$ can be obtained by the definition
+ \[\texttt{h = fun\_glue m C f g}\] which is defined below. This closure property means that we
+ can avoid having to define partial semialgebraic functions which are undefined outside of some
+ proper subset of $\mathbb{Q}_p^m$, since it usually suffices to just define the function as some
+ arbitrary constant outside of the desired domain. This is useful for defining partial
+ multiplicative inverses of arbitrary functions. If $f$ is semialgebraic, then its nonzero set
+ $\{x \in \mathbb{Q}_p^m \mid f x \neq 0\}$ is semialgebraic. By gluing $f$ to the constant
+ function $1$ outside of its nonzero set, we obtain an invertible element in the ring
+ \texttt{SA(m)} which evaluates to a multiplicative inverse of $f(x)$ on the largest domain
+ possible.
+\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Defining Piecewise Semialgebraic Functions\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+text\<open>
+ An important property that will be repeatedly used is that we can define piecewise semialgebraic
+ functions, which will themselves be semialgebraic as long as the pieces are semialgebraic sets.
+ An important application of this principle will be that a function $f$ which is always nonzero
+ on some semialgebraic set $A$ can be replaced with a global unit in the ring of semialgebraic
+ functions. This global unit admits a global multiplicative inverse that inverts $f$ pointwise on
+ $A$, and allows us to avoid having to consider localizations of function rings to locally invert
+ such functions.
+\<close>
+
+definition fun_glue where
+"fun_glue n S f g = (\<lambda>x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). if x \<in> S then f x else g x)"
+
+lemma fun_glueE:
+ assumes "f \<in> carrier (SA n)"
+ assumes "g \<in> carrier (SA n)"
+ assumes "S \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "x \<in> S"
+ shows "fun_glue n S f g x = f x"
+proof-
+ have "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using assms by blast
+ thus ?thesis
+ unfolding fun_glue_def using assms
+ by (metis (mono_tags, lifting) restrict_apply')
+qed
+
+lemma fun_glueE':
+ assumes "f \<in> carrier (SA n)"
+ assumes "g \<in> carrier (SA n)"
+ assumes "S \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) - S"
+ shows "fun_glue n S f g x = g x"
+proof-
+ have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using assms by blast
+ have 1: "x \<notin> S"
+ using assms by blast
+ show ?thesis
+ unfolding fun_glue_def using assms 0 1
+ by (metis (mono_tags, lifting) restrict_apply')
+qed
+
+lemma fun_glue_evimage:
+ assumes "f \<in> carrier (SA n)"
+ assumes "g \<in> carrier (SA n)"
+ assumes "S \<subseteq> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "fun_glue n S f g \<inverse>\<^bsub>n\<^esub> T = ((f \<inverse>\<^bsub>n\<^esub> T) \<inter> S) \<union> ((g \<inverse>\<^bsub>n\<^esub> T) - S)"
+proof
+ show "fun_glue n S f g \<inverse>\<^bsub>n\<^esub> T \<subseteq> ((f \<inverse>\<^bsub>n\<^esub> T) \<inter> S) \<union> ((g \<inverse>\<^bsub>n\<^esub> T) - S)"
+ proof fix x assume A: "x \<in> fun_glue n S f g \<inverse>\<^bsub>n\<^esub> T "
+ then have 0: "fun_glue n S f g x \<in> T"
+ by blast
+ have 1: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using A by (meson evimage_eq)
+ show "x \<in> ((f \<inverse>\<^bsub>n\<^esub> T) \<inter> S) \<union> ((g \<inverse>\<^bsub>n\<^esub> T) - S)"
+ apply(cases "x \<in> S")
+ apply auto[1]
+ using "1" apply force
+ using "0" assms(1) assms(2) assms(3) fun_glueE apply force
+ apply auto[1] using 1 apply blast
+ using A 1 unfolding fun_glue_def evimage_def Int_iff by auto
+ qed
+ show " f \<inverse>\<^bsub>n\<^esub> T \<inter> S \<union> (g \<inverse>\<^bsub>n\<^esub> T - S) \<subseteq> fun_glue n S f g \<inverse>\<^bsub>n\<^esub> T"
+ proof fix x assume A: "x \<in> f \<inverse>\<^bsub>n\<^esub> T \<inter> S \<union> (g \<inverse>\<^bsub>n\<^esub> T - S)"
+ then have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ by (metis (no_types, opaque_lifting) Diff_iff Int_iff UnE extensional_vimage_closed subsetD)
+ show "x \<in> fun_glue n S f g \<inverse>\<^bsub>n\<^esub> T"
+ apply(cases "x \<in> S")
+ using x_closed fun_glueE assms
+ apply (metis A DiffD2 IntD1 UnE evimage_eq)
+ using x_closed fun_glueE' assms
+ by (metis A Diff_iff Int_iff Un_iff evimageD evimageI2)
+ qed
+qed
+
+lemma fun_glue_partial_pullback:
+ assumes "f \<in> carrier (SA k)"
+ assumes "g \<in> carrier (SA k)"
+ assumes "S \<subseteq> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ shows "partial_pullback k (fun_glue k S f g) n T =
+ ((cartesian_product S (carrier (Q\<^sub>p\<^bsup>n\<^esup>))) \<inter> partial_pullback k f n T) \<union> ((partial_pullback k g n T)- (cartesian_product S (carrier (Q\<^sub>p\<^bsup>n\<^esup>))))"
+proof
+ show "partial_pullback k (fun_glue k S f g) n T \<subseteq> (cartesian_product S (carrier (Q\<^sub>p\<^bsup>n\<^esup>))) \<inter> partial_pullback k f n T \<union> (partial_pullback k g n T - (cartesian_product S (carrier (Q\<^sub>p\<^bsup>n\<^esup>))))"
+ proof fix x assume A: "x \<in> partial_pullback k (fun_glue k S f g) n T "
+ then have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>k+n\<^esup>)" unfolding partial_pullback_def partial_image_def
+ by (meson evimage_eq)
+ show " x \<in> cartesian_product S (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) \<inter> partial_pullback k f n T \<union> (partial_pullback k g n T - (cartesian_product S (carrier (Q\<^sub>p\<^bsup>n\<^esup>))))"
+ proof(cases "x \<in> cartesian_product S (carrier (Q\<^sub>p\<^bsup>n\<^esup>))")
+ case True
+ then have T0: "take k x \<in> S"
+ using assms cartesian_product_memE(1) by blast
+ then have "(fun_glue k S f g) (take k x) = f (take k x)"
+ using assms fun_glueE[of f k g S "take k x"]
+ by blast
+ then have "partial_image k (fun_glue k S f g) x = partial_image k f x"
+ using A x_closed unfolding partial_pullback_def partial_image_def
+ by blast
+ then show ?thesis using T0 A unfolding partial_pullback_def evimage_def
+ by (metis IntI Int_iff True Un_iff vimageI vimage_eq x_closed)
+ next
+ case False
+ then have F0: "take k x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) - S"
+ using A x_closed assms cartesian_product_memI
+ by (metis (no_types, lifting) DiffI carrier_is_semialgebraic cartesian_power_drop is_semialgebraic_closed le_add1 local.take_closed)
+ then have "(fun_glue k S f g) (take k x) = g (take k x)"
+ using assms fun_glueE'[of f k g S "take k x"]
+ by blast
+ then have "partial_image k (fun_glue k S f g) x = partial_image k g x"
+ using A x_closed unfolding partial_pullback_def partial_image_def
+ by blast
+ then have "x \<in> partial_pullback k g n T "
+ using F0 x_closed A unfolding partial_pullback_def partial_image_def evimage_def
+ by (metis (no_types, lifting) A IntI local.partial_image_def partial_pullback_memE(2) vimageI)
+ then have "x \<in> (partial_pullback k g n T - cartesian_product S (carrier (Q\<^sub>p\<^bsup>n\<^esup>)))"
+ using False by blast
+ then show ?thesis by blast
+ qed
+ qed
+ show "cartesian_product S (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) \<inter> partial_pullback k f n T \<union> (partial_pullback k g n T - cartesian_product S (carrier (Q\<^sub>p\<^bsup>n\<^esup>)))
+ \<subseteq> partial_pullback k (fun_glue k S f g) n T"
+ proof fix x assume A: "x \<in> cartesian_product S (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) \<inter> partial_pullback k f n T \<union> (partial_pullback k g n T - cartesian_product S (carrier (Q\<^sub>p\<^bsup>n\<^esup>)))"
+ then have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>n+k\<^esup>)"
+ by (metis DiffD1 Int_iff Un_iff add.commute partial_pullback_memE(1))
+ show "x \<in> partial_pullback k (fun_glue k S f g) n T"
+ proof(cases "x \<in> cartesian_product S (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) \<inter> partial_pullback k f n T")
+ case True
+ show ?thesis apply(rule partial_pullback_memI)
+ using x_closed apply (metis add.commute)
+ using x_closed True assms fun_glueE[of f k g S "take k x"] partial_pullback_memE[of x k f n T]
+ unfolding partial_image_def by (metis Int_iff cartesian_product_memE(1))
+ next
+ case False
+ show ?thesis apply(rule partial_pullback_memI)
+ using x_closed apply (metis add.commute)
+ using A x_closed False assms fun_glueE'[of f k g S "take k x"] partial_pullback_memE[of x k g n T]
+ unfolding partial_image_def
+ by (metis (no_types, lifting) Diff_iff Un_iff carrier_is_semialgebraic cartesian_power_drop cartesian_product_memI is_semialgebraic_closed le_add2 local.take_closed)
+ qed
+ qed
+qed
+
+lemma fun_glue_eval_closed:
+ assumes "f \<in> carrier (SA n)"
+ assumes "g \<in> carrier (SA n)"
+ assumes "is_semialgebraic n S"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "fun_glue n S f g x \<in> carrier Q\<^sub>p"
+ apply(cases "x \<in> S")
+ using assms fun_glueE SA_car_memE
+ apply (metis Qp.function_ring_car_mem_closed is_semialgebraic_closed)
+proof- assume A: "x \<notin> S"
+ then have 0: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) - S"
+ using assms by auto
+ hence 1: "fun_glue n S f g x = g x"
+ using assms fun_glueE' is_semialgebraic_closed by auto
+ show "fun_glue n S f g x \<in> carrier Q\<^sub>p"
+ unfolding 1 using assms SA_car_memE by blast
+qed
+
+lemma fun_glue_closed:
+ assumes "f \<in> carrier (SA n)"
+ assumes "g \<in> carrier (SA n)"
+ assumes "is_semialgebraic n S"
+ shows "fun_glue n S f g \<in> carrier (SA n)"
+ apply(rule SA_car_memI)
+ apply(rule Qp.function_ring_car_memI)
+ using fun_glue_eval_closed assms apply blast
+ using fun_glue_def unfolding restrict_apply apply metis
+ apply(rule is_semialg_functionI, intro Pi_I fun_glue_eval_closed assms, blast)
+proof-
+ fix k T assume A: "T \<in> semialg_sets (1 + k)"
+ have 0: "is_semialgebraic (n+k) (partial_pullback n f k T)"
+ using assms A SA_car_memE[of f n] is_semialg_functionE[of n f k T] padic_fields.is_semialgebraicI padic_fields_axioms by blast
+ have 1: "is_semialgebraic (n+k) (partial_pullback n g k T)"
+ using assms A SA_car_memE[of g n] is_semialg_functionE[of n g k T] padic_fields.is_semialgebraicI padic_fields_axioms by blast
+ have 2: "partial_pullback n (fun_glue n S f g) k T =
+ cartesian_product S (carrier (Q\<^sub>p\<^bsup>k\<^esup>)) \<inter> partial_pullback n f k T \<union> (partial_pullback n g k T - cartesian_product S (carrier (Q\<^sub>p\<^bsup>k\<^esup>)))"
+ using assms fun_glue_partial_pullback[of f n g S k T] \<open>f \<in> carrier (SA n)\<close> \<open>g \<in> carrier (SA n)\<close> is_semialgebraic_closed
+ by blast
+ show "is_semialgebraic (n + k) (partial_pullback n (fun_glue n S f g) k T)"
+ using assms 0 1 2 cartesian_product_is_semialgebraic carrier_is_semialgebraic
+ diff_is_semialgebraic intersection_is_semialg union_is_semialgebraic by presburger
+qed
+
+lemma fun_glue_unit:
+ assumes "f \<in> carrier (SA n)"
+ assumes "is_semialgebraic n S"
+ assumes "\<And>x. x \<in> S \<Longrightarrow> f x \<noteq> \<zero>"
+ shows "fun_glue n S f \<one>\<^bsub>SA n\<^esub> \<in> Units (SA n)"
+proof(rule SA_Units_memI)
+ show "fun_glue n S f \<one>\<^bsub>SA n\<^esub> \<in> carrier (SA n)"
+ using fun_glue_closed assms SA_is_cring cring.cring_simprules(6) by blast
+ show "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<Longrightarrow> fun_glue n S f \<one>\<^bsub>SA n\<^esub> x \<noteq> \<zero>"
+ proof- fix x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ show "fun_glue n S f \<one>\<^bsub>SA n\<^esub> x \<noteq> \<zero>"
+ apply(cases "x \<in> S")
+ using assms SA_is_cring cring.cring_simprules(6) assms(3)[of x] fun_glueE[of f n "\<one>\<^bsub>SA n\<^esub>" S x]
+ apply (metis is_semialgebraic_closed)
+ using assms SA_is_cring[of n] cring.cring_simprules(6)[of "SA n"]
+ A fun_glueE'[of f n "\<one>\<^bsub>SA n\<^esub>" S x] is_semialgebraic_closed[of n S]
+ unfolding SA_one[of n] function_ring_defs(4)[of n] function_one_def
+ by (metis Diff_iff function_one_eval Qp_funs_one local.one_neq_zero)
+ qed
+qed
+
+definition parametric_fun_glue where
+"parametric_fun_glue n Xs fs = (\<lambda>x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). let S = (THE S. S \<in> Xs \<and> x \<in> S) in (fs S x))"
+
+lemma parametric_fun_glue_formula:
+ assumes "Xs partitions (carrier (Q\<^sub>p\<^bsup>n\<^esup>))"
+ assumes "x \<in> S"
+ assumes "S \<in> Xs"
+ shows "parametric_fun_glue n Xs fs x = fs S x"
+proof-
+ have 0: "(THE S. S \<in> Xs \<and> x \<in> S) = S"
+ apply(rule the_equality)
+ using assms apply blast
+ using assms unfolding is_partition_def by (metis Int_iff empty_iff disjointE)
+ have 1: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using assms unfolding is_partition_def by blast
+ then show ?thesis using 0 unfolding parametric_fun_glue_def restrict_def by metis
+qed
+
+definition char_fun where
+"char_fun n S = (\<lambda> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). if x \<in> S then \<one> else \<zero>)"
+
+lemma char_fun_is_semialg:
+ assumes "is_semialgebraic n S"
+ shows "char_fun n S \<in> carrier (SA n)"
+proof-
+ have "char_fun n S = fun_glue n S \<one>\<^bsub>SA n\<^esub> \<zero>\<^bsub>SA n\<^esub>"
+ unfolding char_fun_def fun_glue_def
+ by (metis (no_types, lifting) function_one_eval function_zero_eval SA_one SA_zero restrict_ext)
+ then show ?thesis
+ using assms fun_glue_closed
+ by (metis SA_is_cring cring.cring_simprules(2) cring.cring_simprules(6))
+qed
+
+lemma SA_finsum_apply:
+ assumes "finite S"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "F \<in> S \<rightarrow> carrier (SA n) \<longrightarrow> finsum (SA n) F S x = (\<Oplus>s\<in>S. F s x)"
+proof(rule finite.induct[of S])
+ show "finite S"
+ using assms by blast
+ show " F \<in> {} \<rightarrow> carrier (SA n) \<longrightarrow> finsum (SA n) F {} x = (\<Oplus>s\<in>{}. F s x)"
+ using assms abelian_monoid.finsum_empty[of "SA n"] Qp.abelian_monoid_axioms SA_is_abelian_monoid
+ by (simp add: SA_zeroE)
+ show "\<And>A a. finite A \<Longrightarrow>
+ F \<in> A \<rightarrow> carrier (SA n) \<longrightarrow> finsum (SA n) F A x = (\<Oplus>s\<in>A. F s x) \<Longrightarrow>
+ F \<in> insert a A \<rightarrow> carrier (SA n) \<longrightarrow> finsum (SA n) F (insert a A) x = (\<Oplus>s\<in>insert a A. F s x)"
+ proof- fix A a assume A: "finite A" "F \<in> A \<rightarrow> carrier (SA n) \<longrightarrow> finsum (SA n) F A x = (\<Oplus>s\<in>A. F s x)"
+ show " F \<in> insert a A \<rightarrow> carrier (SA n) \<longrightarrow> finsum (SA n) F (insert a A) x = (\<Oplus>s\<in>insert a A. F s x)"
+ proof assume A': "F \<in> insert a A \<rightarrow> carrier (SA n)"
+ then have 0: "F \<in> A \<rightarrow> carrier (SA n)"
+ by blast
+ hence 1: "finsum (SA n) F A x = (\<Oplus>s\<in>A. F s x)"
+ using A by blast
+ show "finsum (SA n) F (insert a A) x = (\<Oplus>s\<in>insert a A. F s x)"
+ proof(cases "a \<in> A")
+ case True
+ then show ?thesis
+ using 1 by (metis insert_absorb)
+ next
+ case False
+ have F00: "(\<lambda>s. F s x) \<in> A \<rightarrow> carrier Q\<^sub>p"
+ apply(rule Pi_I, rule SA_car_closed[of _ n] )
+ using "0" assms by auto
+ have F01: "F a x \<in> carrier Q\<^sub>p"
+ using A' assms
+ by (metis (no_types, lifting) Qp.function_ring_car_mem_closed Pi_split_insert_domain SA_car_in_Qp_funs_car subsetD)
+ have F0: "(\<Oplus>s\<in>insert a A. F s x) = F a x \<oplus> (\<Oplus>s\<in>A. F s x)"
+ using F00 F01 A' False A(1) Qp.finsum_insert[of A a "\<lambda>s. F s x"] by blast
+ have F1: "finsum (SA n) F (insert a A) = F a \<oplus>\<^bsub>SA n\<^esub> finsum (SA n) F A"
+ using abelian_monoid.finsum_insert[of "SA n" A a F]
+ by (metis (no_types, lifting) A' A(1) False Pi_split_insert_domain SA_is_abelian_monoid assms(1))
+ show ?thesis
+ using Qp.finsum_closed[of "\<lambda>s. F s x" A] abelian_monoid.finsum_closed[of "SA n" F A]
+ SA_is_abelian_monoid[of n] assms F0 F1 "0" A(2) SA_add by presburger
+ qed
+ qed
+ qed
+qed
+
+lemma SA_finsum_apply_zero:
+ assumes "finite S"
+ assumes "F \<in> S \<rightarrow> carrier (SA n)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "\<And>s. s \<in> S \<Longrightarrow> F s x = \<zero>"
+ shows "finsum (SA n) F S x = \<zero>"
+proof-
+ have "finsum (SA n) F S x = (\<Oplus>s\<in>S. F s x)"
+ using SA_finsum_apply assms by blast
+ then show ?thesis using assms
+ by (metis Qp.add.finprod_one_eqI)
+qed
+
+lemma parametric_fun_glue_is_SA:
+ assumes "finite Xs"
+ assumes "Xs partitions (carrier (Q\<^sub>p\<^bsup>n\<^esup>))"
+ assumes "fs \<in> Xs \<rightarrow> carrier (SA n)"
+ assumes "\<forall> S \<in> Xs. is_semialgebraic n S"
+ shows "parametric_fun_glue n Xs fs \<in> carrier (SA n)"
+proof-
+ obtain F where F_def: "F = (\<lambda>S. fs S \<otimes>\<^bsub>SA n\<^esub> char_fun n S)"
+ by blast
+ have 0: "F \<in> Xs \<rightarrow> carrier (SA n)" proof fix S assume "S \<in> Xs" then show "F S \<in> carrier (SA n)"
+ using SA_mult_closed[of n "fs S" "char_fun n S"] char_fun_is_semialg[of n S] assms SA_car_memE
+ unfolding F_def by blast qed
+ have 1: "\<And>S x. S \<in> Xs \<Longrightarrow> x \<in> S \<Longrightarrow> F S x = fs S x"
+ proof- fix S x assume A: "S \<in> Xs" "x \<in> S"
+ then have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using assms unfolding is_partition_def by blast
+ then have 0: "F S x = fs S x \<otimes> char_fun n S x"
+ unfolding F_def using SA_mult by blast
+ have 1: "char_fun n S x = \<one>"
+ using char_fun_def A x_closed by auto
+ have 2: "fs S x \<in> carrier Q\<^sub>p"
+ apply(intro SA_car_closed[of _ n] x_closed )
+ using assms A by auto
+ show "F S x = fs S x"
+ unfolding 0 1 using 2 Qp.cring_simprules(12) by auto
+ qed
+ have 2: "\<And>S x. S \<in> Xs \<Longrightarrow> x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<Longrightarrow> x \<notin> S \<Longrightarrow> F S x = \<zero>"
+ proof- fix S x assume A: "S \<in> Xs" "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)" "x \<notin> S"
+ then have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using assms unfolding is_partition_def by blast
+ hence 20: "F S x = fs S x \<otimes> char_fun n S x"
+ unfolding F_def using SA_mult by blast
+ have 21: "char_fun n S x = \<zero>"
+ unfolding char_fun_def using A x_closed by auto
+ have 22: "fs S x \<in> carrier Q\<^sub>p"
+ apply(intro SA_car_closed[of _ n] x_closed )
+ using assms A by auto
+ show "F S x = \<zero>"
+ using 22 unfolding 20 21 by auto
+ qed
+ obtain g where g_def: "g = finsum (SA n) F Xs"
+ by blast
+ have g_closed: "g \<in> carrier (SA n)"
+ using abelian_monoid.finsum_closed[of "SA n" F Xs] assms SA_is_ring 0
+ unfolding g_def ring_def abelian_group_def by blast
+ have "g = parametric_fun_glue n Xs fs"
+ proof fix x show "g x = parametric_fun_glue n Xs fs x"
+ proof(cases "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)")
+ case True
+ then obtain S where S_def: "S \<in> Xs \<and> x \<in> S"
+ using assms is_partitionE by blast
+ then have T0: "parametric_fun_glue n Xs fs x = F S x"
+ using 1 assms parametric_fun_glue_formula by blast
+ have T1: "g x = F S x"
+ proof-
+ have 00: " F S \<oplus>\<^bsub>SA n\<^esub> finsum (SA n) F (Xs - {S}) = finsum (SA n) F (insert S (Xs - {S}))"
+ using abelian_monoid.finsum_insert[of "SA n" "Xs - {S}" S F ]
+ by (metis (no_types, lifting) "0" Diff_iff Pi_anti_mono Pi_split_insert_domain SA_is_abelian_monoid S_def Set.basic_monos(7) assms(1) finite_Diff insert_iff subsetI)
+ have T10: "g = F S \<oplus>\<^bsub>SA n\<^esub> finsum (SA n) F (Xs - {S})"
+ using S_def unfolding 00 g_def
+ by (simp add: insert_absorb)
+ have T11: "finsum (SA n) F (Xs - {S}) \<in> carrier (SA n)"
+ using abelian_monoid.finsum_closed[of "SA n" F "Xs - {S}"] assms SA_is_ring 0
+ unfolding g_def ring_def abelian_group_def by blast
+ hence T12: "g x = F S x \<oplus> finsum (SA n) F (Xs - {S}) x"
+ using SA_add S_def T10 assms is_semialgebraic_closed by blast
+ have T13: "finsum (SA n) F (Xs - {S}) x = \<zero>"
+ apply(rule SA_finsum_apply_zero[of "Xs - {S}" F n x])
+ using assms apply blast
+ using "0" apply blast
+ using True apply blast
+ proof-
+ fix s assume AA: "s \<in> Xs - {S}"
+ then have "x \<notin> s"
+ using True assms S_def is_partitionE[of Xs "carrier (Q\<^sub>p\<^bsup>n\<^esup>)"] disjointE[of Xs S s]
+ by blast
+ then show "F s x = \<zero>"
+ using AA 2[of s x] True by blast
+ qed
+ have T14: "F S x \<in> carrier Q\<^sub>p"
+ using assms True S_def by (metis (no_types, lifting) "0" Qp.function_ring_car_mem_closed PiE SA_car_memE(2))
+ then show ?thesis using T12 T13 assms True Qp.add.l_cancel_one Qp.zero_closed by presburger
+ qed
+ show ?thesis using T0 T1 by blast
+ next
+ case False
+ then show ?thesis
+ using g_closed unfolding parametric_fun_glue_def
+ by (metis (mono_tags, lifting) function_ring_not_car SA_car_memE(2) restrict_def)
+ qed
+ qed
+ then show ?thesis using g_closed by blast
+qed
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Turning Functions into Units Via Gluing\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ By gluing a function to the multiplicative unit on its zero set, we can get a canonical choice of
+ local multiplicative inverse of a function $f$. Denef's proof frequently reasons about functions
+ of the form $\frac{f(x)}{g(x)}$ with the tacit understanding that they are meant to be defined
+ on the largest domain of definition possible. This technical tool allows us to replicate this
+ kind of reasoning in our formal proofs.
+\<close>
+
+definition to_fun_unit where
+"to_fun_unit n f = fun_glue n {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). f x \<noteq> \<zero>} f \<one>\<^bsub>SA n\<^esub>"
+
+lemma to_fun_unit_is_unit:
+ assumes "f \<in> carrier (SA n)"
+ shows "to_fun_unit n f \<in> Units (SA n)"
+ unfolding to_fun_unit_def
+ apply(rule fun_glue_unit)
+ apply (simp add: assms)
+ using assms nonzero_evimage_closed[of f] apply blast
+ by blast
+
+lemma to_fun_unit_closed:
+ assumes "f \<in> carrier (SA n)"
+ shows "to_fun_unit n f \<in> carrier (SA n)"
+ using assms to_fun_unit_is_unit SA_is_ring SA_Units_closed by blast
+
+lemma to_fun_unit_eq:
+ assumes "f \<in> carrier (SA n)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f x \<noteq> \<zero>"
+ shows "to_fun_unit n f x = f x"
+ unfolding to_fun_unit_def fun_glue_def using assms
+ by simp
+
+lemma to_fun_unit_eq':
+ assumes "f \<in> carrier (SA n)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f x = \<zero>"
+ shows "to_fun_unit n f x = \<one>"
+ unfolding to_fun_unit_def fun_glue_def using assms
+ by (simp add: SA_oneE)
+
+definition one_over_fun where
+"one_over_fun n f = inv\<^bsub>SA n\<^esub> (to_fun_unit n f)"
+
+lemma one_over_fun_closed:
+ assumes "f \<in> carrier (SA n)"
+ shows "one_over_fun n f \<in> carrier (SA n)"
+ using assms SA_is_ring[of n] to_fun_unit_is_unit[of f n]
+ by (metis SA_Units_closed one_over_fun_def ring.Units_inverse)
+
+lemma one_over_fun_eq:
+ assumes "f \<in> carrier (SA n)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f x \<noteq> \<zero>"
+ shows "one_over_fun n f x = inv (f x)"
+ using assms to_fun_unit_eq unfolding one_over_fun_def
+ using Qp_funs_m_inv SA_Units_Qp_funs_Units SA_Units_Qp_funs_inv to_fun_unit_is_unit by presburger
+
+lemma one_over_fun_smult_eval:
+ assumes "f \<in> carrier (SA n)"
+ assumes "a \<noteq> \<zero>"
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f x \<noteq> \<zero>"
+ shows "one_over_fun n (a \<odot>\<^bsub>SA n\<^esub>f) x = inv (a \<otimes> (f x))"
+ using one_over_fun_eq[of "a \<odot>\<^bsub>SA n\<^esub> f" n x] assms
+ by (metis Qp.function_ring_car_memE Qp.integral SA_car_memE(2) SA_smult_closed SA_smult_formula)
+
+lemma one_over_fun_smult_eval':
+ assumes "f \<in> carrier (SA n)"
+ assumes "a \<noteq> \<zero>"
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f x \<noteq> \<zero>"
+ shows "one_over_fun n (a \<odot>\<^bsub>SA n\<^esub>f) x = inv a \<otimes> inv (f x)"
+proof-
+ have 0: "one_over_fun n (a \<odot>\<^bsub>SA n\<^esub> f) x = inv (a \<otimes> f x)"
+ using assms one_over_fun_smult_eval[of f n a x]
+ by fastforce
+ have 1: "f x \<in> nonzero Q\<^sub>p"
+ by(intro nonzero_memI SA_car_closed[ of _ n] assms)
+ show ?thesis
+ unfolding 0 using 1 assms
+ using Qp.comm_inv_char Qp.cring_simprules(11) Qp.cring_simprules(5) SA_car_closed field_inv(2) field_inv(3) local.fract_cancel_right by presburger
+qed
+
+
+
+lemma SA_add_pow_closed:
+ assumes "f \<in> carrier (SA n)"
+ shows "([(k::nat)]\<cdot>\<^bsub>SA n\<^esub>f) \<in> carrier (SA n)"
+ using assms SA_is_ring[of n]
+ by (meson ring.nat_mult_closed)
+
+lemma one_over_fun_add_pow_eval:
+ assumes "f \<in> carrier (SA n)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f x \<noteq> \<zero>"
+ assumes "(k::nat) > 0"
+ shows "one_over_fun n ([k]\<cdot>\<^bsub>SA n\<^esub>f) x = inv ([k] \<cdot>f x)"
+proof-
+ have 0: "([k] \<cdot>\<^bsub>SA n\<^esub> f) x = [k] \<cdot> f x"
+ using assms SA_add_pow_apply[of f n x k] by linarith
+ hence 1: "([k] \<cdot>\<^bsub>SA n\<^esub> f) x \<noteq> \<zero>"
+ using assms Qp_char_0'' Qp.function_ring_car_mem_closed SA_car_memE(2)
+ by metis
+ have 2: "one_over_fun n ([k] \<cdot>\<^bsub>SA n\<^esub> f) x = inv ([k] \<cdot>\<^bsub>SA n\<^esub> f) x"
+ using assms one_over_fun_eq[of "[k]\<cdot>\<^bsub>SA n\<^esub>f" n x] 1 SA_add_pow_closed by blast
+ thus ?thesis using 1 0 by presburger
+qed
+
+lemma one_over_fun_pow_closed:
+ assumes "f \<in> carrier (SA n)"
+ shows "one_over_fun n (f[^]\<^bsub>SA n\<^esub>(k::nat)) \<in> carrier (SA n)"
+ using assms
+ by (meson SA_nat_pow_closed one_over_fun_closed padic_fields.SA_imp_semialg padic_fields_axioms)
+
+lemma one_over_fun_pow_eval:
+ assumes "f \<in> carrier (SA n)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f x \<noteq> \<zero>"
+ shows "one_over_fun n (f[^]\<^bsub>SA n\<^esub>(k::nat)) x = inv ((f x) [^] k)"
+ using one_over_fun_eq[of "f[^]\<^bsub>SA n\<^esub>k" n x] assms
+ by (metis Qp.function_ring_car_memE Qp.nonzero_pow_nonzero SA_car_memE(2) SA_nat_pow SA_nat_pow_closed padic_fields.SA_car_memE(1) padic_fields_axioms)
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Inclusions of Lower Dimensional Function Rings\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+definition fun_inc where
+"fun_inc m n f = (\<lambda> x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). f (take n x))"
+
+lemma fun_inc_closed:
+ assumes "f \<in> carrier (SA n)"
+ assumes "m \<ge> n"
+ shows "fun_inc m n f \<in> carrier (SA m)"
+proof-
+ have 0: "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> fun_inc m n f x = (f \<circ> take n) x"
+ unfolding fun_inc_def by (metis comp_apply restrict_apply')
+ have 1: "is_semialg_function m (f \<circ> take n)"
+ using assms comp_take_is_semialg
+ by (metis SA_imp_semialg le_neq_implies_less padic_fields.semialg_function_comp_closed padic_fields_axioms take_is_semialg_map)
+ have 2: "is_semialg_function m (fun_inc m n f)"
+ using 0 1 semialg_function_on_carrier' by blast
+ show ?thesis apply(rule SA_car_memI) apply(rule Qp.function_ring_car_memI)
+ using "2" is_semialg_function_closed apply blast
+ using fun_inc_def[of m n f] unfolding restrict_def apply presburger
+ using 2 by blast
+qed
+
+lemma fun_inc_eval:
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ shows "fun_inc m n f x = f (take n x)"
+ unfolding fun_inc_def using assms
+ by (meson restrict_apply')
+
+lemma ord_congruence_set_univ_semialg_fixed:
+ assumes "n \<ge> 0"
+ shows "is_univ_semialgebraic (ord_congruence_set n a)"
+ using ord_congruence_set_univ_semialg assms
+ by auto
+
+lemma ord_congruence_set_SA_function:
+ assumes "n \<ge> 0"
+ assumes "c \<in> carrier (SA (m+l))"
+ shows "is_semialgebraic (m+l) {x \<in> carrier (Q\<^sub>p\<^bsup>m+l\<^esup>). c x \<in> nonzero Q\<^sub>p \<and> ord (c x) mod n = a}"
+proof-
+ have 0: "{x \<in> carrier (Q\<^sub>p\<^bsup>m+l\<^esup>). c x \<in> nonzero Q\<^sub>p \<and> ord (c x) mod n = a} = c \<inverse>\<^bsub>m+l\<^esub> (ord_congruence_set n a)"
+ unfolding ord_congruence_set_def evimage_def using assms by blast
+ show ?thesis unfolding 0 apply(rule evimage_is_semialg)
+ using assms apply blast using assms ord_congruence_set_univ_semialg_fixed[of n a]
+ by blast
+qed
+
+lemma ac_cong_set_SA:
+ assumes "n > 0"
+ assumes "k \<in> Units (Zp_res_ring n)"
+ assumes "c \<in> carrier (SA (m+l))"
+ shows "is_semialgebraic (m+l) {x \<in> carrier (Q\<^sub>p\<^bsup>m+l\<^esup>). c x \<in> nonzero Q\<^sub>p \<and> ac n (c x) = k}"
+proof-
+ have "{x \<in> carrier (Q\<^sub>p\<^bsup>m+l\<^esup>). c x \<in> nonzero Q\<^sub>p \<and> ac n (c x) = k}= (c \<inverse>\<^bsub>m + l\<^esub> ac_cong_set n k)"
+ unfolding ac_cong_set_def evimage_def nonzero_def mem_Collect_eq using assms by blast
+ thus ?thesis
+ using assms ac_cong_set_is_univ_semialg[of n k] evimage_is_semialg[of c "m+l" "ac_cong_set n k"]
+ by presburger
+qed
+
+lemma ac_cong_set_SA':
+ assumes "n >0 "
+ assumes "k \<in> Units (Zp_res_ring n)"
+ assumes "c \<in> carrier (SA m)"
+ shows "is_semialgebraic m {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). c x \<in> nonzero Q\<^sub>p \<and> ac n (c x) = k}"
+ using assms ac_cong_set_SA[of n k c m 0] unfolding Nat.add_0_right by blast
+
+lemma ac_cong_set_SA'':
+ assumes "n >0 "
+ assumes "m > 0"
+ assumes "k \<in> Units (Zp_res_ring n)"
+ assumes "c \<in> carrier (SA m)"
+ assumes "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> c x \<noteq> \<zero>"
+ shows "is_semialgebraic m {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). ac n (c x) = k}"
+proof-
+ have "{x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). c x \<in> nonzero Q\<^sub>p \<and> ac n (c x) = k} = {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). ac n (c x) = k}"
+ apply(rule subset_antisym) apply blast
+ apply(rule subsetI) using assms unfolding nonzero_def mem_Collect_eq
+ using Qp.function_ring_car_memE SA_car_memE(2) by blast
+ thus ?thesis using assms ac_cong_set_SA'[of n k c m] by metis
+qed
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Miscellaneous\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+lemma nth_pow_wits_SA_fun_prep:
+ assumes "n > 0"
+ assumes "h \<in> carrier (SA m)"
+ assumes "\<rho> \<in> nth_pow_wits n"
+ shows "is_semialgebraic m (h \<inverse>\<^bsub>m\<^esub>pow_res n \<rho>)"
+ by(intro evimage_is_semialg assms pow_res_is_univ_semialgebraic nth_pow_wits_closed(1)[of n])
+
+definition kth_rt where
+"kth_rt m (k::nat) f x = (if x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) then (THE b. b \<in> carrier Q\<^sub>p \<and> b[^]k = (f x) \<and> ac (nat (ord ([k]\<cdot>\<one>)) + 1) b = 1)
+ else undefined )"
+
+text\<open>Normalizing a semialgebraic function to have a constant angular component\<close>
+
+lemma ac_res_Unit_inc:
+ assumes "n > 0"
+ assumes "t \<in> Units (Zp_res_ring n)"
+ shows "ac n ([t]\<cdot>\<one>) = t"
+proof-
+ have 0: "[t]\<cdot>\<one> \<noteq>\<zero>"
+ using assms by (metis Qp_char_0_int less_one less_or_eq_imp_le nat_neq_iff zero_not_in_residue_units)
+ have 1: "[t]\<cdot>\<one> \<in> \<O>\<^sub>p"
+ by (metis Zp.one_closed Zp_int_mult_closed image_eqI inc_of_int)
+ hence 2: "angular_component ([t]\<cdot>\<one>) = ac_Zp ([t]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>)"
+ using angular_component_of_inclusion[of "[t]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>"]
+ by (metis "0" Qp.int_inc_zero Zp.int_inc_zero Zp_int_inc_closed inc_of_int not_nonzero_Qp)
+ hence 3: "ac n ([t]\<cdot>\<one>) = ac_Zp ([t]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>) n"
+ unfolding ac_def using 0 by presburger
+ hence "val_Zp ([t]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>) = 0"
+ proof-
+ have "coprime p t"
+ using assms
+ by (metis coprime_commute less_one less_or_eq_imp_le nat_neq_iff padic_integers.residue_UnitsE padic_integers_axioms)
+ then show ?thesis
+ by (metis Zp_int_inc_closed Zp_int_inc_res coprime_mod_right_iff coprime_power_right_iff mod_by_0 order_refl p_residues residues.m_gt_one residues.mod_in_res_units val_Zp_0_criterion val_Zp_p val_Zp_p_int_unit zero_less_one zero_neq_one_class.one_neq_zero zero_not_in_residue_units)
+ qed
+ hence 4: "[t]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub> \<in> Units Z\<^sub>p"
+ using val_Zp_0_imp_unit by blast
+ hence 5: "ac_Zp ([t]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>) = [t]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>" using
+ ac_Zp_of_Unit \<open>val_Zp ([t] \<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>) = 0\<close> by blast
+ have 6: "ac_Zp ([t]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>) n = t"
+ proof-
+ have "t \<in> carrier (Zp_res_ring n)"
+ using assms monoid.Units_closed[of "Zp_res_ring n" t] cring_def padic_integers.R_cring padic_integers_axioms ring_def by blast
+ hence "t < p^n \<and> t \<ge> 0 "
+ using p_residue_ring_car_memE by auto
+ thus ?thesis
+ unfolding 5 unfolding Zp_int_inc_rep p_residue_def residue_def by auto
+ qed
+ show ?thesis
+ unfolding 3 using 6 by blast
+qed
+
+lemma val_of_res_Unit:
+ assumes "n > 0"
+ assumes "t \<in> Units (Zp_res_ring n)"
+ shows "val ([t]\<cdot>\<one>) = 0"
+proof-
+ have 0: "[t]\<cdot>\<one> \<noteq>\<zero>"
+ using assms by (metis Qp_char_0_int less_one less_or_eq_imp_le nat_neq_iff zero_not_in_residue_units)
+ have 1: "[t]\<cdot>\<one> \<in> \<O>\<^sub>p"
+ by (metis Zp.one_closed Zp_int_mult_closed image_eqI inc_of_int)
+ hence 2: "angular_component ([t]\<cdot>\<one>) = ac_Zp ([t]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>)"
+ using angular_component_of_inclusion[of "[t]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>"]
+ by (metis "0" Qp.int_inc_zero Zp.int_inc_zero Zp_int_inc_closed inc_of_int not_nonzero_Qp)
+ hence 3: "ac n ([t]\<cdot>\<one>) = ac_Zp ([t]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>) n"
+ unfolding ac_def using 0 by presburger
+ hence "val_Zp ([t]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>) = 0"
+ proof-
+ have "coprime p t"
+ using assms
+ by (metis coprime_commute less_one less_or_eq_imp_le nat_neq_iff padic_integers.residue_UnitsE padic_integers_axioms)
+ then show ?thesis
+ by (metis Zp_int_inc_closed Zp_int_inc_res coprime_mod_right_iff coprime_power_right_iff mod_by_0 order_refl p_residues residues.m_gt_one residues.mod_in_res_units val_Zp_0_criterion val_Zp_p val_Zp_p_int_unit zero_less_one zero_neq_one_class.one_neq_zero zero_not_in_residue_units)
+ qed
+ then show ?thesis using assms
+ by (metis Zp_int_inc_closed inc_of_int val_of_inc)
+qed
+
+
+lemma(in padic_integers) res_map_is_hom:
+ assumes "N > 0"
+ shows "ring_hom_ring Zp (Zp_res_ring N) (\<lambda> x. x N)"
+ apply(rule ring_hom_ringI)
+ apply (simp add: R.ring_axioms)
+ using assms cring.axioms(1) local.R_cring apply blast
+ using residue_closed apply blast
+ using residue_of_prod apply blast
+ using residue_of_sum apply blast
+ using assms residue_of_one(1) by blast
+
+lemma ac_of_fraction:
+ assumes "N > 0"
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> nonzero Q\<^sub>p"
+ shows "ac N (a \<div> b) = ac N a \<otimes>\<^bsub>Zp_res_ring N\<^esub> inv \<^bsub>Zp_res_ring N\<^esub> ac N b"
+ using ac_mult[of a "inv b" N] ac_inv assms Qp.nonzero_closed nonzero_inverse_Qp by presburger
+
+lemma pow_res_eq_rel:
+ assumes "n > 0"
+ assumes "b \<in> carrier Q\<^sub>p"
+ shows "{x \<in> carrier Q\<^sub>p. pow_res n x = pow_res n b} = pow_res n b"
+ apply(rule equalityI', unfold mem_Collect_eq, metis pow_res_refl,
+ intro conjI)
+ using pow_res_def apply auto[1]
+ apply(rule equal_pow_resI)
+ using pow_res_def apply auto[1]
+ using pow_res_refl assms by (metis equal_pow_resI)
+
+lemma pow_res_is_univ_semialgebraic':
+ assumes "n > 0"
+ assumes "b \<in> carrier Q\<^sub>p"
+ shows "is_univ_semialgebraic {x \<in> carrier Q\<^sub>p. pow_res n x = pow_res n b}"
+ using assms pow_res_eq_rel pow_res_is_univ_semialgebraic by presburger
+
+lemma evimage_eqI:
+ assumes "c \<in> carrier (SA n)"
+ shows "c \<inverse>\<^bsub>n\<^esub> {x \<in> carrier Q\<^sub>p. P x} = {x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). P (c x)}"
+ by(rule equalityI', unfold evimage_def mem_Collect_eq Int_iff, intro conjI, auto
+ , rule SA_car_closed[of _ n], auto simp: assms)
+
+lemma SA_pow_res_is_semialgebraic:
+ assumes "n > 0"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "c \<in> carrier (SA N)"
+ shows "is_semialgebraic N {x \<in> carrier (Q\<^sub>p\<^bsup>N\<^esup>). pow_res n (c x) = pow_res n b}"
+proof-
+ have " c \<inverse>\<^bsub>N\<^esub> {x \<in> carrier Q\<^sub>p. pow_res n x = pow_res n b} = {x \<in> carrier (Q\<^sub>p\<^bsup>N\<^esup>). pow_res n (c x) = pow_res n b}"
+ apply(rule evimage_eqI) using assms by blast
+ thus ?thesis
+ using pow_res_is_univ_semialgebraic' evimage_is_semialg assms
+ by (metis (no_types, lifting))
+qed
+
+lemma eint_diff_imp_eint:
+ assumes "a \<in> nonzero Q\<^sub>p"
+ assumes "b \<in> carrier Q\<^sub>p"
+ assumes "val a = val b + eint i"
+ shows "b \<in> nonzero Q\<^sub>p"
+ using assms val_zero
+ by (metis Qp.nonzero_closed Qp.not_nonzero_memE not_eint_eq plus_eint_simps(2) val_ord')
+
+lemma SA_minus_eval:
+ assumes "f \<in> carrier (SA n)"
+ assumes "g \<in> carrier (SA n)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "(f \<ominus>\<^bsub>SA n\<^esub> g) x = f x \<ominus> g x"
+ using assms unfolding a_minus_def
+ using SA_a_inv_eval SA_add by metis
+
+lemma Qp_cong_set_evimage:
+ assumes "f \<in> carrier (SA n)"
+ assumes "a \<in> carrier Z\<^sub>p"
+ shows "is_semialgebraic n (f \<inverse>\<^bsub>n\<^esub> (Qp_cong_set \<alpha> a))"
+ using assms Qp_cong_set_is_univ_semialgebraic evimage_is_semialg by blast
+
+lemma SA_constant_res_set_semialg:
+ assumes "l \<in> carrier (Zp_res_ring n)"
+ assumes "f \<in> carrier (SA m)"
+ shows "is_semialgebraic m {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). f x \<in> \<O>\<^sub>p \<and> Qp_res (f x) n = l}"
+proof-
+ have 0: "{x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). f x \<in> \<O>\<^sub>p \<and> Qp_res (f x) n = l} = f \<inverse>\<^bsub>m\<^esub> {x \<in> \<O>\<^sub>p. Qp_res x n = l}"
+ unfolding evimage_def by blast
+ show ?thesis unfolding 0
+ by(rule evimage_is_semialg, rule assms, rule constant_res_set_semialg, rule assms)
+qed
+
+lemma val_ring_cong_set:
+ assumes "f \<in> carrier (SA k)"
+ assumes "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>) \<Longrightarrow> f x \<in> \<O>\<^sub>p"
+ assumes "t \<in> carrier (Zp_res_ring n)"
+ shows "is_semialgebraic k {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). to_Zp (f x) n = t}"
+proof-
+ have 0: "[t] \<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub> \<in> carrier Z\<^sub>p "
+ by blast
+ have 1: "([t] \<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>) n = t"
+ using assms
+ unfolding Zp_int_inc_rep p_residue_def residue_def residue_ring_def by simp
+ have "{x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). to_Zp (f x) n = t} = f \<inverse>\<^bsub>k\<^esub> {x \<in> \<O>\<^sub>p. (to_Zp x) n = t}"
+ unfolding evimage_def using assms by auto
+ then show ?thesis using 0 1 assms Qp_cong_set_evimage[of f k "[t]\<cdot>\<^bsub>Z\<^sub>p\<^esub> \<one>\<^bsub>Z\<^sub>p\<^esub>" n] unfolding Qp_cong_set_def
+ by presburger
+qed
+
+lemma val_ring_pullback_SA:
+ assumes "N > 0"
+ assumes "c \<in> carrier (SA N)"
+ shows "is_semialgebraic N {x \<in> carrier (Q\<^sub>p\<^bsup>N\<^esup>). c x \<in> \<O>\<^sub>p}"
+proof-
+ have 0: "{x \<in> carrier (Q\<^sub>p\<^bsup>N\<^esup>). c x \<in> \<O>\<^sub>p} = c \<inverse>\<^bsub>N\<^esub> \<O>\<^sub>p"
+ unfolding evimage_def by blast
+ have 1: "is_univ_semialgebraic \<O>\<^sub>p"
+ using Qp_val_ring_is_univ_semialgebraic by blast
+ show ?thesis using assms 0 1 evimage_is_semialg by presburger
+qed
+
+lemma(in padic_fields) res_eq_set_is_semialg:
+ assumes "k > 0"
+ assumes "c \<in> carrier (SA k)"
+ assumes "s \<in> carrier (Zp_res_ring n)"
+ shows "is_semialgebraic k {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). c x \<in> \<O>\<^sub>p \<and> to_Zp (c x) n = s}"
+proof-
+ obtain a where a_def: "a = [s]\<cdot>\<one>"
+ by blast
+ have 0: "a \<in> \<O>\<^sub>p"
+ using a_def
+ by (metis Zp.one_closed Zp_int_mult_closed image_iff inc_of_int)
+ have 1: "to_Zp a = [s]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>"
+ using 0 unfolding a_def
+ by (metis Q\<^sub>p_def Zp_def Zp_int_inc_closed \<iota>_def inc_to_Zp padic_fields.inc_of_int padic_fields_axioms)
+ have 2: "([s]\<cdot>\<^bsub>Z\<^sub>p\<^esub>\<one>\<^bsub>Z\<^sub>p\<^esub>) n = s"
+ using assms
+ by (metis Zp_int_inc_res mod_pos_pos_trivial p_residue_ring_car_memE(1) p_residue_ring_car_memE(2))
+ have 3: "{x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). c x \<in> \<O>\<^sub>p \<and> to_Zp (c x) n = s} = c \<inverse>\<^bsub>k\<^esub> B\<^bsub>n\<^esub>[a]"
+ proof
+ show "{x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). c x \<in> \<O>\<^sub>p \<and> to_Zp (c x) n = s} \<subseteq> c \<inverse>\<^bsub>k\<^esub> B\<^bsub>int n\<^esub>[a]"
+ proof fix x assume A: "x \<in> {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). c x \<in> \<O>\<^sub>p \<and> to_Zp (c x) n = s}"
+ then have 30: "x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)" by blast
+ have 31: "c x \<in> \<O>\<^sub>p" using A by blast
+ have 32: "to_Zp (c x) n = s" using A by blast
+ have 33: "to_Zp (c x) \<in> carrier Z\<^sub>p"
+ using 31 val_ring_memE to_Zp_closed by blast
+ have 34: "to_Zp (c x) n = (to_Zp a) n"
+ using "1" "2" "32" by presburger
+ hence "((to_Zp (c x)) \<ominus>\<^bsub>Z\<^sub>p\<^esub> (to_Zp a)) n = 0"
+ using "1" "33" Zp_int_inc_closed res_diff_zero_fact'' by presburger
+ hence 35: "val_Zp ((to_Zp (c x)) \<ominus>\<^bsub>Z\<^sub>p\<^esub> (to_Zp a)) \<ge> n"
+ using "1" "33" "34" Zp.one_closed Zp_int_mult_closed val_Zp_dist_def val_Zp_dist_res_eq2 by presburger
+ have 36: "val (c x \<ominus> a) = val_Zp ((to_Zp (c x)) \<ominus>\<^bsub>Z\<^sub>p\<^esub> (to_Zp a))"
+ using 31 0
+ by (metis to_Zp_minus to_Zp_val val_ring_minus_closed)
+ hence "val (c x \<ominus> a) \<ge> n"
+ using 35 by presburger
+ hence "c x \<in> B\<^bsub>int n\<^esub>[a]"
+ using 31 c_ballI val_ring_memE by blast
+ thus "x \<in> c \<inverse>\<^bsub>k\<^esub> B\<^bsub>int n\<^esub>[a]"
+ using 30 by blast
+ qed
+ show "c \<inverse>\<^bsub>k\<^esub> B\<^bsub>int n\<^esub>[a] \<subseteq> {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). c x \<in> \<O>\<^sub>p \<and> to_Zp (c x) n = s}"
+ proof fix x assume A: "x \<in> c \<inverse>\<^bsub>k\<^esub> B\<^bsub>int n\<^esub>[a]"
+ have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>)"
+ using A by (meson evimage_eq)
+ have 00: "val (c x \<ominus> a) \<ge> n"
+ using A c_ballE(2) by blast
+ have cx_closed: "c x \<in> carrier Q\<^sub>p"
+ using x_closed assms function_ring_car_closed SA_car_memE(2) by blast
+ hence 11: "c x \<ominus> a \<in> \<O>\<^sub>p"
+ proof-
+ have "(0::eint) \<le> n"
+ by (metis eint_ord_simps(1) of_nat_0_le_iff zero_eint_def)
+ thus ?thesis using 00 order_trans[of "0::eint" n] Qp_val_ringI
+ by (meson "0" Qp.minus_closed val_ring_memE cx_closed)
+ qed
+ hence 22: "c x \<in> \<O>\<^sub>p"
+ proof-
+ have 00: "c x = (c x \<ominus> a) \<oplus> a"
+ using cx_closed 0
+ by (metis "11" Qp.add.inv_solve_right' Qp.minus_eq val_ring_memE(2))
+ have 01: "(c x \<ominus> a) \<oplus> a \<in> \<O>\<^sub>p"
+ by(intro val_ring_add_closed 0 11)
+ then show ?thesis
+ using 0 11 image_iff "00" by auto
+ qed
+ have 33: "val (c x \<ominus> a) = val_Zp (to_Zp (c x) \<ominus>\<^bsub>Z\<^sub>p\<^esub> to_Zp a)"
+ using 11 22 0
+ by (metis to_Zp_minus to_Zp_val)
+ have 44: "val_Zp (to_Zp (c x) \<ominus>\<^bsub>Z\<^sub>p\<^esub> to_Zp a) \<ge> n"
+ using 33 00 by presburger
+ have tzpcx: "to_Zp (c x) \<in> carrier Z\<^sub>p"
+ using 22 by (metis image_iff inc_to_Zp)
+ have tzpa: "to_Zp a \<in> carrier Z\<^sub>p"
+ using 0 val_ring_memE to_Zp_closed by blast
+ have 55: "(to_Zp (c x) \<ominus>\<^bsub>Z\<^sub>p\<^esub> to_Zp a) n = 0"
+ using 44 tzpcx tzpa Zp.minus_closed zero_below_val_Zp by blast
+ hence 66: "to_Zp (c x) n = s"
+ using 0 1 2 tzpa tzpcx
+ by (metis res_diff_zero_fact(1))
+ then show "x \<in> {x \<in> carrier (Q\<^sub>p\<^bsup>k\<^esup>). c x \<in> \<O>\<^sub>p \<and> to_Zp (c x) n = s}"
+ using "22" x_closed by blast
+ qed
+ qed
+ thus ?thesis
+ using evimage_is_semialg[of c k] 0 val_ring_memE assms(2) ball_is_univ_semialgebraic by presburger
+qed
+
+lemma SA_constant_res_set_semialg':
+ assumes "f \<in> carrier (SA m)"
+ assumes "C \<in> Qp_res_classes n"
+ shows "is_semialgebraic m (f \<inverse>\<^bsub>m\<^esub> C)"
+proof-
+ obtain l where l_def: "l \<in> carrier (Zp_res_ring n) \<and> C = Qp_res_class n ([l]\<cdot>\<one>)"
+ using Qp_res_classes_wits assms by blast
+ have C_eq: "C = Qp_res_class n ([l]\<cdot>\<one>)"
+ using l_def by blast
+ have 0: "Qp_res ([l] \<cdot> \<one>) n = l"
+ using l_def
+ by (metis Qp_res_int_inc mod_pos_pos_trivial p_residue_ring_car_memE(1) p_residue_ring_car_memE(2))
+ have 1: "f \<inverse>\<^bsub>m\<^esub> C = {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). f x \<in> \<O>\<^sub>p \<and> Qp_res (f x) n = l}"
+ apply(rule equalityI')
+ unfolding evimage_def C_eq Qp_res_class_def mem_Collect_eq unfolding 0 apply blast
+ by blast
+ show ?thesis
+ unfolding 1 apply(rule SA_constant_res_set_semialg )
+ using l_def apply blast by(rule assms)
+qed
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Semialgebraic Polynomials\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+lemma UP_SA_n_is_ring:
+ shows "ring (UP (SA n))"
+ using SA_is_ring
+ by (simp add: UP_ring.UP_ring UP_ring.intro)
+
+lemma UP_SA_n_is_cring:
+ shows "cring (UP (SA n))"
+ using SA_is_cring
+ by (simp add: UP_cring.UP_cring UP_cring.intro)
+
+text\<open>The evaluation homomorphism from \texttt{Qp\_funs} to \texttt{Qp}\<close>
+
+definition eval_hom where
+"eval_hom a = (\<lambda>f. f a)"
+
+lemma eval_hom_is_hom:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "ring_hom_ring (Fun\<^bsub>n\<^esub> Q\<^sub>p) Q\<^sub>p (eval_hom a)"
+ apply(rule ring_hom_ringI)
+ using Qp_funs_is_cring cring.axioms(1) apply blast
+ apply (simp add: Qp.ring_axioms)
+ apply (simp add: Qp.function_ring_car_mem_closed assms eval_hom_def)
+ apply (metis Qp_funs_mult' assms eval_hom_def)
+ apply (metis Qp_funs_add' assms eval_hom_def)
+ by (metis function_one_eval assms eval_hom_def)
+
+text\<open>the homomorphism from \texttt{Fun n Qp [x]} to \texttt{Qp [x]} induced by evaluation of coefficients\<close>
+
+definition Qp_fpoly_to_Qp_poly where
+"Qp_fpoly_to_Qp_poly n a = poly_lift_hom (Fun\<^bsub>n\<^esub> Q\<^sub>p) Q\<^sub>p (eval_hom a)"
+
+lemma Qp_fpoly_to_Qp_poly_is_hom:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "(Qp_fpoly_to_Qp_poly n a) \<in> ring_hom (UP (Fun\<^bsub>n\<^esub> Q\<^sub>p)) (Q\<^sub>p_x) "
+ unfolding Qp_fpoly_to_Qp_poly_def
+ apply(rule UP_cring.poly_lift_hom_is_hom)
+ unfolding UP_cring_def
+ apply (simp add: Qp_funs_is_cring)
+ apply (simp add: UPQ.R_cring)
+ using assms eval_hom_is_hom[of a] ring_hom_ring.homh by blast
+
+lemma Qp_fpoly_to_Qp_poly_extends_apply:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ shows "Qp_fpoly_to_Qp_poly n a (to_polynomial (Fun\<^bsub>n\<^esub> Q\<^sub>p) f) = to_polynomial Q\<^sub>p (f a)"
+ unfolding Qp_fpoly_to_Qp_poly_def
+ using assms eval_hom_is_hom[of a] UP_cring.poly_lift_hom_extends_hom[of "Fun\<^bsub>n\<^esub> Q\<^sub>p" Q\<^sub>p "eval_hom a" ]
+ Qp.function_ring_car_memE[of f n] ring_hom_ring.homh
+ unfolding eval_hom_def UP_cring_def
+ using Qp_funs_is_cring UPQ.R_cring by blast
+
+lemma Qp_fpoly_to_Qp_poly_X_var:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "Qp_fpoly_to_Qp_poly n a (X_poly (Fun\<^bsub>n\<^esub> Q\<^sub>p)) = X_poly Q\<^sub>p"
+ unfolding X_poly_def Qp_fpoly_to_Qp_poly_def
+ apply(rule UP_cring.poly_lift_hom_X_var) unfolding UP_cring_def
+ apply (simp add: Qp_funs_is_cring)
+ apply (simp add: UPQ.R_cring)
+ using assms(1) eval_hom_is_hom ring_hom_ring.homh
+ by blast
+
+lemma Qp_fpoly_to_Qp_poly_monom:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ shows "Qp_fpoly_to_Qp_poly n a (up_ring.monom (UP (Fun\<^bsub>n\<^esub> Q\<^sub>p)) f m) = up_ring.monom Q\<^sub>p_x (f a) m"
+ unfolding Qp_fpoly_to_Qp_poly_def
+ using UP_cring.poly_lift_hom_monom[of "Fun\<^bsub>n\<^esub> Q\<^sub>p" Q\<^sub>p "eval_hom a" f m] assms ring_hom_ring.homh
+ eval_hom_is_hom[of a] unfolding eval_hom_def UP_cring_def
+ using Qp_funs_is_cring UPQ.R_cring by blast
+
+lemma Qp_fpoly_to_Qp_poly_coeff:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f \<in> carrier (UP (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ shows "Qp_fpoly_to_Qp_poly n a f k = (f k) a"
+ using assms UP_cring.poly_lift_hom_cf[of "Fun\<^bsub>n\<^esub> Q\<^sub>p" Q\<^sub>p "eval_hom a" f k] eval_hom_is_hom[of a]
+ unfolding Qp_fpoly_to_Qp_poly_def eval_hom_def
+ using Qp_funs_is_cring ring_hom_ring.homh ring_hom_ring.homh
+ unfolding eval_hom_def UP_cring_def
+ using UPQ.R_cring by blast
+
+lemma Qp_fpoly_to_Qp_poly_eval:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "P \<in> carrier (UP (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ assumes "f \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ shows "(UP_cring.to_fun (Fun\<^bsub>n\<^esub> Q\<^sub>p) P f) a = UP_cring.to_fun Q\<^sub>p (Qp_fpoly_to_Qp_poly n a P) (f a)"
+ unfolding Qp_fpoly_to_Qp_poly_def
+ using UP_cring.poly_lift_hom_eval[of "Fun\<^bsub>n\<^esub> Q\<^sub>p" Q\<^sub>p "eval_hom a" P f]
+ eval_hom_is_hom[of a] eval_hom_def assms ring_hom_ring.homh Qp_funs_is_cring
+ unfolding eval_hom_def UP_cring_def
+ using UPQ.R_cring by blast
+
+lemma Qp_fpoly_to_Qp_poly_sub:
+ assumes "f \<in> carrier (UP (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ assumes "g \<in> carrier (UP (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "Qp_fpoly_to_Qp_poly n a (compose (Fun\<^bsub>n\<^esub> Q\<^sub>p) f g) = compose Q\<^sub>p (Qp_fpoly_to_Qp_poly n a f) (Qp_fpoly_to_Qp_poly n a g)"
+ unfolding Qp_fpoly_to_Qp_poly_def
+ using assms UP_cring.poly_lift_hom_sub[of "Fun\<^bsub>n\<^esub> Q\<^sub>p" Q\<^sub>p "eval_hom a" f g]
+ eval_hom_is_hom[of a] ring_hom_ring.homh[of "Fun\<^bsub>n\<^esub> Q\<^sub>p" Q\<^sub>p "eval_hom a"]
+ Qp_funs_is_cring
+ unfolding eval_hom_def UP_cring_def
+ using UPQ.R_cring by blast
+
+lemma Qp_fpoly_to_Qp_poly_taylor_poly:
+ assumes "F \<in> carrier (UP (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ assumes "c \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "Qp_fpoly_to_Qp_poly n a (taylor_expansion (Fun\<^bsub>n\<^esub> Q\<^sub>p) c F) =
+ taylor_expansion Q\<^sub>p (c a) (Qp_fpoly_to_Qp_poly n a F)"
+proof-
+ have 0: "X_poly (Fun\<^bsub>n\<^esub> Q\<^sub>p) \<oplus>\<^bsub>UP (Fun\<^bsub>n\<^esub> Q\<^sub>p)\<^esub> to_polynomial (Fun\<^bsub>n\<^esub> Q\<^sub>p) c \<in> carrier (UP (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ by (metis Qp_funs_is_cring UP_cring.X_plus_closed UP_cring_def X_poly_plus_def assms(2))
+ have 1: "poly_lift_hom (Fun\<^bsub>n\<^esub> Q\<^sub>p) Q\<^sub>p (eval_hom a) (X_poly (Fun\<^bsub>n\<^esub> Q\<^sub>p) \<oplus>\<^bsub>UP (Fun\<^bsub>n\<^esub> Q\<^sub>p)\<^esub> to_polynomial (Fun\<^bsub>n\<^esub> Q\<^sub>p) c) = X_poly Q\<^sub>p \<oplus>\<^bsub>Q\<^sub>p_x\<^esub> UPQ.to_poly (c a)"
+ proof-
+ have 10: "poly_lift_hom (Fun\<^bsub>n\<^esub> Q\<^sub>p) Q\<^sub>p (eval_hom a) \<in> ring_hom (UP (Fun\<^bsub>n\<^esub> Q\<^sub>p)) Q\<^sub>p_x"
+ using Qp_fpoly_to_Qp_poly_def Qp_fpoly_to_Qp_poly_is_hom assms
+ by presburger
+ have 11: " to_polynomial (Fun\<^bsub>n\<^esub> Q\<^sub>p) c \<in> carrier (UP (Fun\<^bsub>n\<^esub> Q\<^sub>p))"
+ by (meson Qp_funs_is_cring UP_cring.intro UP_cring.to_poly_closed assms)
+ have 12: "X_poly (Fun\<^bsub>n\<^esub> Q\<^sub>p) \<in> carrier (UP (Fun\<^bsub>n\<^esub> Q\<^sub>p)) "
+ using UP_cring.X_closed[of "Fun\<^bsub>n\<^esub> Q\<^sub>p"] unfolding UP_cring_def
+ using Qp_funs_is_cring
+ by blast
+ have "Qp_fpoly_to_Qp_poly n a (X_poly (Fun\<^bsub>n\<^esub> Q\<^sub>p) \<oplus>\<^bsub>UP (Fun\<^bsub>n\<^esub> Q\<^sub>p)\<^esub> to_polynomial (Fun\<^bsub>n\<^esub> Q\<^sub>p) c) =
+ Qp_fpoly_to_Qp_poly n a (X_poly (Fun\<^bsub>n\<^esub> Q\<^sub>p)) \<oplus>\<^bsub>Q\<^sub>p_x\<^esub> Qp_fpoly_to_Qp_poly n a (to_polynomial (Fun\<^bsub>n\<^esub> Q\<^sub>p) c)"
+ using assms 0 10 11 12 Qp_fpoly_to_Qp_poly_extends_apply[of a n c] Qp_fpoly_to_Qp_poly_is_hom[of a] Qp_fpoly_to_Qp_poly_X_var[of a]
+ using ring_hom_add[of "Qp_fpoly_to_Qp_poly n a" "UP (Fun\<^bsub>n\<^esub> Q\<^sub>p)" Q\<^sub>p_x "X_poly (Fun\<^bsub>n\<^esub> Q\<^sub>p)" "to_polynomial (Fun\<^bsub>n\<^esub> Q\<^sub>p) c" ]
+ unfolding Qp_fpoly_to_Qp_poly_def
+ by blast
+ then show ?thesis
+ using Qp_fpoly_to_Qp_poly_X_var Qp_fpoly_to_Qp_poly_def Qp_fpoly_to_Qp_poly_extends_apply assms
+ by metis
+ qed
+ have 2: "poly_lift_hom (Fun\<^bsub>n\<^esub> Q\<^sub>p) Q\<^sub>p (eval_hom a) (compose (Fun\<^bsub>n\<^esub> Q\<^sub>p) F (X_poly (Fun\<^bsub>n\<^esub> Q\<^sub>p) \<oplus>\<^bsub>UP (Fun\<^bsub>n\<^esub> Q\<^sub>p)\<^esub> to_polynomial (Fun\<^bsub>n\<^esub> Q\<^sub>p) c)) =
+ UPQ.sub (poly_lift_hom (Fun\<^bsub>n\<^esub> Q\<^sub>p) Q\<^sub>p (eval_hom a) F)
+ (poly_lift_hom (Fun\<^bsub>n\<^esub> Q\<^sub>p) Q\<^sub>p (eval_hom a) (X_poly (Fun\<^bsub>n\<^esub> Q\<^sub>p) \<oplus>\<^bsub>UP (Fun\<^bsub>n\<^esub> Q\<^sub>p)\<^esub> to_polynomial (Fun\<^bsub>n\<^esub> Q\<^sub>p) c))"
+ using 0 1 Qp_fpoly_to_Qp_poly_sub[of F n "X_poly_plus (Fun\<^bsub>n\<^esub> Q\<^sub>p) c" a] assms
+ unfolding Qp_fpoly_to_Qp_poly_def X_poly_plus_def
+ by blast
+ show ?thesis
+ using assms 0 1
+ unfolding Qp_fpoly_to_Qp_poly_def taylor_expansion_def X_poly_plus_def
+ using "2" by presburger
+qed
+
+lemma SA_is_UP_cring:
+ shows "UP_cring (SA n)"
+ unfolding UP_cring_def
+ by (simp add: SA_is_cring)
+
+lemma eval_hom_is_SA_hom:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "ring_hom_ring (SA n) Q\<^sub>p (eval_hom a)"
+ apply(rule ring_hom_ringI)
+ using SA_is_cring cring.axioms(1) assms(1) apply blast
+ using Qp.ring_axioms apply blast
+ apply (metis (no_types, lifting) SA_car assms eval_hom_def Qp.function_ring_car_mem_closed semialg_functions_memE(2))
+ apply (metis (mono_tags, lifting) Qp_funs_mult' SA_car SA_times assms eval_hom_def semialg_functions_memE(2))
+ apply (metis (mono_tags, lifting) Qp_funs_add' SA_car SA_plus assms eval_hom_def semialg_functions_memE(2))
+ using Qp_constE Qp.one_closed SA_one assms eval_hom_def function_one_as_constant
+ by (metis function_one_eval)
+
+text\<open>the homomorphism from \texttt{(SA n)[x]} to \texttt{Qp [x]} induced by evaluation of coefficients\<close>
+
+definition SA_poly_to_Qp_poly where
+"SA_poly_to_Qp_poly n a = poly_lift_hom (SA n) Q\<^sub>p (eval_hom a)"
+
+lemma SA_poly_to_Qp_poly_is_hom:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "(SA_poly_to_Qp_poly n a) \<in> ring_hom (UP (SA n)) (Q\<^sub>p_x) "
+ unfolding SA_poly_to_Qp_poly_def
+ apply(rule UP_cring.poly_lift_hom_is_hom)
+ using SA_is_cring assms(1) UP_cring.intro apply blast
+ apply (simp add: UPQ.R_cring)
+ using assms eval_hom_is_SA_hom ring_hom_ring.homh by blast
+
+lemma SA_poly_to_Qp_poly_closed:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "P \<in> carrier (UP (SA n))"
+ shows "SA_poly_to_Qp_poly n a P \<in> carrier Q\<^sub>p_x"
+ using assms SA_poly_to_Qp_poly_is_hom[of a] ring_hom_closed[of "SA_poly_to_Qp_poly n a" "UP (SA n)" Q\<^sub>p_x P]
+ by blast
+
+lemma SA_poly_to_Qp_poly_add:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f \<in> carrier (UP (SA n))"
+ assumes "g \<in> carrier (UP (SA n))"
+ shows "SA_poly_to_Qp_poly n a (f \<oplus>\<^bsub>UP (SA n)\<^esub> g) = SA_poly_to_Qp_poly n a f \<oplus>\<^bsub>Q\<^sub>p_x\<^esub> SA_poly_to_Qp_poly n a g"
+ using SA_poly_to_Qp_poly_is_hom ring_hom_add assms
+ by (metis (no_types, opaque_lifting))
+
+lemma SA_poly_to_Qp_poly_minus:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f \<in> carrier (UP (SA n))"
+ assumes "g \<in> carrier (UP (SA n))"
+ shows "SA_poly_to_Qp_poly n a (f \<ominus>\<^bsub>UP (SA n)\<^esub> g) = SA_poly_to_Qp_poly n a f \<ominus>\<^bsub>Q\<^sub>p_x\<^esub> SA_poly_to_Qp_poly n a g"
+ using SA_poly_to_Qp_poly_is_hom[of a] assms SA_is_ring[of n]
+ ring.ring_hom_minus[of "UP (SA n)" Q\<^sub>p_x "SA_poly_to_Qp_poly n a" f g] UP_SA_n_is_ring
+ UPQ.UP_ring
+ by blast
+
+lemma SA_poly_to_Qp_poly_mult:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f \<in> carrier (UP (SA n))"
+ assumes "g \<in> carrier (UP (SA n))"
+ shows "SA_poly_to_Qp_poly n a (f \<otimes>\<^bsub>UP (SA n)\<^esub> g) = SA_poly_to_Qp_poly n a f \<otimes>\<^bsub>Q\<^sub>p_x\<^esub> SA_poly_to_Qp_poly n a g"
+ using SA_poly_to_Qp_poly_is_hom ring_hom_mult assms
+ by (metis (no_types, opaque_lifting))
+
+lemma SA_poly_to_Qp_poly_extends_apply:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f \<in> carrier (SA n)"
+ shows "SA_poly_to_Qp_poly n a (to_polynomial (SA n) f) = to_polynomial Q\<^sub>p (f a)"
+ unfolding SA_poly_to_Qp_poly_def
+ using assms eval_hom_is_SA_hom[of a] UP_cring.poly_lift_hom_extends_hom[of "SA n" Q\<^sub>p "eval_hom a" f]
+ eval_hom_def SA_is_cring Qp.cring_axioms ring_hom_ring.homh
+ unfolding eval_hom_def UP_cring_def
+ by blast
+
+lemma SA_poly_to_Qp_poly_X_var:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "SA_poly_to_Qp_poly n a (X_poly (SA n)) = X_poly Q\<^sub>p"
+ unfolding X_poly_def SA_poly_to_Qp_poly_def
+ apply(rule UP_cring.poly_lift_hom_X_var)
+ using SA_is_cring assms(1)
+ using UP_cring.intro apply blast
+ apply (simp add: Qp.cring_axioms)
+ using assms eval_hom_is_SA_hom ring_hom_ring.homh by blast
+
+lemma SA_poly_to_Qp_poly_X_plus:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "c \<in> carrier (SA n)"
+ shows "SA_poly_to_Qp_poly n a (X_poly_plus (SA n) c) = UPQ.X_plus (c a)"
+ unfolding X_poly_plus_def
+ using assms SA_poly_to_Qp_poly_add[of a n "X_poly (SA n)" "to_polynomial (SA n) c"]
+ SA_poly_to_Qp_poly_extends_apply[of a n c] UP_cring.X_closed[of "SA n"] SA_is_cring[of n]
+ SA_poly_to_Qp_poly_X_var[of a] UP_cring.to_poly_closed[of "SA n" c]
+ unfolding UP_cring_def
+ by metis
+
+lemma SA_poly_to_Qp_poly_X_minus:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "c \<in> carrier (SA n)"
+ shows "SA_poly_to_Qp_poly n a (X_poly_minus (SA n) c) = UPQ.X_minus (c a)"
+ unfolding X_poly_minus_def
+ using assms SA_poly_to_Qp_poly_minus[of a n "X_poly (SA n)" "to_polynomial (SA n) c"]
+ SA_poly_to_Qp_poly_extends_apply[of a n c] UP_cring.X_closed[of "SA n"] SA_is_cring[of n]
+ SA_poly_to_Qp_poly_X_var[of a n] UP_cring.to_poly_closed[of "SA n" c]
+ unfolding UP_cring_def
+ by metis
+
+lemma SA_poly_to_Qp_poly_monom:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f \<in> carrier (SA n)"
+ shows "SA_poly_to_Qp_poly n a (up_ring.monom (UP (SA n)) f m) = up_ring.monom Q\<^sub>p_x (f a) m"
+ unfolding SA_poly_to_Qp_poly_def
+ using UP_cring.poly_lift_hom_monom[of "SA n" Q\<^sub>p "eval_hom a" f n] assms eval_hom_is_SA_hom eval_hom_def
+ SA_is_cring Qp.cring_axioms UP_cring.poly_lift_hom_monom ring_hom_ring.homh
+ by (metis UP_cring.intro)
+
+lemma SA_poly_to_Qp_poly_coeff:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "f \<in> carrier (UP (SA n))"
+ shows "SA_poly_to_Qp_poly n a f k = (f k) a"
+ using assms UP_cring.poly_lift_hom_cf[of "SA n" Q\<^sub>p "eval_hom a" f k] eval_hom_is_SA_hom[of a]
+ using SA_is_cring Qp.cring_axioms ring_hom_ring.homh
+ unfolding SA_poly_to_Qp_poly_def eval_hom_def UP_cring_def
+ by blast
+
+lemma SA_poly_to_Qp_poly_eval:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "P \<in> carrier (UP (SA n))"
+ assumes "f \<in> carrier (SA n)"
+ shows "(UP_cring.to_fun (SA n) P f) a = UP_cring.to_fun Q\<^sub>p (SA_poly_to_Qp_poly n a P) (f a)"
+ unfolding SA_poly_to_Qp_poly_def
+ using UP_cring.poly_lift_hom_eval[of "SA n" Q\<^sub>p "eval_hom a" P f]
+ eval_hom_is_SA_hom[of a] eval_hom_def assms SA_is_cring Qp.cring_axioms ring_hom_ring.homh
+ unfolding SA_poly_to_Qp_poly_def eval_hom_def UP_cring_def
+ by blast
+
+lemma SA_poly_to_Qp_poly_sub:
+ assumes "f \<in> carrier (UP (SA n))"
+ assumes "g \<in> carrier (UP (SA n))"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "SA_poly_to_Qp_poly n a (compose (SA n) f g) = compose Q\<^sub>p (SA_poly_to_Qp_poly n a f) (SA_poly_to_Qp_poly n a g)"
+ unfolding SA_poly_to_Qp_poly_def
+ using assms UP_cring.poly_lift_hom_sub[of "SA n" Q\<^sub>p "eval_hom a" f g]
+ eval_hom_is_SA_hom[of a] ring_hom_ring.homh[of "SA n" Q\<^sub>p "eval_hom a"]
+ SA_is_cring Qp.cring_axioms
+ unfolding SA_poly_to_Qp_poly_def eval_hom_def UP_cring_def
+ by blast
+
+lemma SA_poly_to_Qp_poly_deg_bound:
+ assumes "g \<in> carrier (UP (SA m))"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ shows "deg Q\<^sub>p (SA_poly_to_Qp_poly m x g) \<le> deg (SA m) g"
+ apply(rule UPQ.deg_leqI)
+ using assms SA_poly_to_Qp_poly_closed[of x m g] apply blast
+ proof- fix n assume A: "deg (SA m) g < n"
+ then have "g n = \<zero>\<^bsub>SA m\<^esub>"
+ using assms SA_is_UP_cring[of m] UP_cring.UP_car_memE(2) by blast
+ thus "SA_poly_to_Qp_poly m x g n = \<zero>"
+ using assms SA_poly_to_Qp_poly_coeff[of x m g n] function_zero_eval SA_zero by presburger
+ qed
+
+lemma SA_poly_to_Qp_poly_taylor_poly:
+ assumes "F \<in> carrier (UP (SA n))"
+ assumes "c \<in> carrier (SA n)"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "SA_poly_to_Qp_poly n a (taylor_expansion (SA n) c F) =
+ taylor_expansion Q\<^sub>p (c a) (SA_poly_to_Qp_poly n a F)"
+ unfolding SA_poly_to_Qp_poly_def using assms Qp.cring_axioms SA_is_cring eval_hom_def
+ eval_hom_is_SA_hom UP_cring.poly_lift_hom_comm_taylor_expansion[of "SA n" Q\<^sub>p "eval_hom a" F c] ring_hom_ring.homh
+ unfolding SA_poly_to_Qp_poly_def eval_hom_def UP_cring_def
+ by metis
+
+lemma SA_poly_to_Qp_poly_comm_taylor_term:
+ assumes "F \<in> carrier (UP (SA n))"
+ assumes "c \<in> carrier (SA n)"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "SA_poly_to_Qp_poly n a (UP_cring.taylor_term (SA n) c F i) =
+ UP_cring.taylor_term Q\<^sub>p (c a) (SA_poly_to_Qp_poly n a F) i"
+ unfolding SA_poly_to_Qp_poly_def using assms Qp.cring_axioms SA_is_cring eval_hom_def
+ eval_hom_is_SA_hom UP_cring.poly_lift_hom_comm_taylor_term[of "SA n" Q\<^sub>p "eval_hom a" F c i] ring_hom_ring.homh
+ unfolding SA_poly_to_Qp_poly_def eval_hom_def UP_cring_def
+ by metis
+
+lemma SA_poly_to_Qp_poly_comm_pderiv:
+ assumes "F \<in> carrier (UP (SA n))"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "SA_poly_to_Qp_poly n a (UP_cring.pderiv (SA n) F) =
+ UP_cring.pderiv Q\<^sub>p (SA_poly_to_Qp_poly n a F)"
+ apply(rule UP_ring.poly_induct3[of "SA n" F]) unfolding UP_ring_def
+ apply (simp add: SA_is_ring assms(1))
+ using assms apply blast
+proof-
+ show "\<And>p q. q \<in> carrier (UP (SA n)) \<Longrightarrow>
+ p \<in> carrier (UP (SA n)) \<Longrightarrow>
+ SA_poly_to_Qp_poly n a (UP_cring.pderiv (SA n) p) = UPQ.pderiv (SA_poly_to_Qp_poly n a p) \<Longrightarrow>
+ SA_poly_to_Qp_poly n a (UP_cring.pderiv (SA n) q) = UPQ.pderiv (SA_poly_to_Qp_poly n a q) \<Longrightarrow>
+ SA_poly_to_Qp_poly n a (UP_cring.pderiv (SA n) (p \<oplus>\<^bsub>UP (SA n)\<^esub> q)) = UPQ.pderiv (SA_poly_to_Qp_poly n a (p \<oplus>\<^bsub>UP (SA n)\<^esub> q))"
+ proof- fix p q assume A: "q \<in> carrier (UP (SA n))"
+ "p \<in> carrier (UP (SA n))"
+ "SA_poly_to_Qp_poly n a (UP_cring.pderiv (SA n) p) = UPQ.pderiv (SA_poly_to_Qp_poly n a p)"
+ "SA_poly_to_Qp_poly n a (UP_cring.pderiv (SA n) q) = UPQ.pderiv (SA_poly_to_Qp_poly n a q)"
+ show "SA_poly_to_Qp_poly n a (UP_cring.pderiv (SA n) (p \<oplus>\<^bsub>UP (SA n)\<^esub> q)) = UPQ.pderiv (SA_poly_to_Qp_poly n a (p \<oplus>\<^bsub>UP (SA n)\<^esub> q))"
+ proof-
+ have 0: "SA_poly_to_Qp_poly n a p \<in> carrier (UP Q\<^sub>p)"
+ using A assms SA_poly_to_Qp_poly_closed[of a n p]
+ by blast
+ have 1: "SA_poly_to_Qp_poly n a q \<in> carrier (UP Q\<^sub>p)"
+ using A SA_poly_to_Qp_poly_closed[of a n q] assms by blast
+ have 2: "UPQ.pderiv (SA_poly_to_Qp_poly n a p) \<in> carrier (UP Q\<^sub>p)"
+ using UPQ.pderiv_closed[of "SA_poly_to_Qp_poly n a p"] 0 by blast
+ have 3: "UPQ.pderiv (SA_poly_to_Qp_poly n a q) \<in> carrier (UP Q\<^sub>p)"
+ using A assms UPQ.pderiv_closed[of "SA_poly_to_Qp_poly n a q"] 1 by blast
+ have 4: "UP_cring.pderiv (SA n) p \<in> carrier (UP (SA n))"
+ using A UP_cring.pderiv_closed[of "SA n" p] unfolding UP_cring_def
+ using SA_is_cring assms(1) by blast
+ have 5: "UP_cring.pderiv (SA n) q \<in> carrier (UP (SA n))"
+ using A UP_cring.pderiv_closed[of "SA n" q] unfolding UP_cring_def
+ using SA_is_cring assms(1) by blast
+ have 6: "SA_poly_to_Qp_poly n a (UP_cring.pderiv (SA n) p \<oplus>\<^bsub>UP (SA n)\<^esub> UP_cring.pderiv (SA n) q) =
+ SA_poly_to_Qp_poly n a (UP_cring.pderiv (SA n) p) \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> SA_poly_to_Qp_poly n a (UP_cring.pderiv (SA n) q)"
+ using A 4 5 SA_poly_to_Qp_poly_add assms by blast
+ have 7: "UPQ.pderiv (SA_poly_to_Qp_poly n a p \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> SA_poly_to_Qp_poly n a q) =
+ UPQ.pderiv (SA_poly_to_Qp_poly n a p) \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> UPQ.pderiv (SA_poly_to_Qp_poly n a q)"
+ using "0" "1" UPQ.pderiv_add by blast
+ have 8: "UP_cring.pderiv (SA n) (p \<oplus>\<^bsub>UP (SA n)\<^esub> q) = UP_cring.pderiv (SA n) p \<oplus>\<^bsub>UP (SA n)\<^esub> UP_cring.pderiv (SA n) q"
+ using A assms UP_cring.pderiv_add[of "SA n" p q]
+ unfolding UP_cring_def using SA_is_cring by blast
+ have 9: "SA_poly_to_Qp_poly n a (UP_cring.pderiv (SA n) (p \<oplus>\<^bsub>UP (SA n)\<^esub> q)) =
+ UPQ.pderiv (SA_poly_to_Qp_poly n a p) \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> UPQ.pderiv (SA_poly_to_Qp_poly n a q)"
+ using A 6 8 by presburger
+ have 10: "UPQ.pderiv (SA_poly_to_Qp_poly n a (p \<oplus>\<^bsub>UP (SA n)\<^esub> q)) =
+ UPQ.pderiv (SA_poly_to_Qp_poly n a p) \<oplus> \<^bsub>UP Q\<^sub>p\<^esub> UPQ.pderiv (SA_poly_to_Qp_poly n a q)"
+ using "7" A(1) A(2) SA_poly_to_Qp_poly_add assms by presburger
+ show ?thesis using 9 10
+ by presburger
+ qed
+ qed
+ show "\<And>aa na.
+ aa \<in> carrier (SA n) \<Longrightarrow>
+ SA_poly_to_Qp_poly n a (UP_cring.pderiv (SA n) (up_ring.monom (UP (SA n)) aa na)) =
+ UPQ.pderiv (SA_poly_to_Qp_poly n a (up_ring.monom (UP (SA n)) aa na))"
+ proof- fix b m assume A: "b \<in> carrier (SA n)"
+ show "SA_poly_to_Qp_poly n a (UP_cring.pderiv (SA n) (up_ring.monom (UP (SA n)) b m)) =
+ UPQ.pderiv (SA_poly_to_Qp_poly n a (up_ring.monom (UP (SA n)) b m))"
+ proof-
+ have 0: "(UP_cring.pderiv (SA n) (up_ring.monom (UP (SA n)) b m)) =
+ (up_ring.monom (UP (SA n)) ([m]\<cdot>\<^bsub>SA n\<^esub>b) (m-1))"
+ using UP_cring.pderiv_monom[of "SA n" b m] unfolding UP_cring_def
+ using SA_is_cring \<open>b \<in> carrier (SA n)\<close> assms(1) by blast
+ have 1: "(SA_poly_to_Qp_poly n a (up_ring.monom (UP (SA n)) b m)) =up_ring.monom (UP Q\<^sub>p) (b a) m"
+ using SA_poly_to_Qp_poly_monom \<open>b \<in> carrier (SA n)\<close> assms by blast
+ have 2: "b a \<in> carrier Q\<^sub>p"
+ using A assms Qp.function_ring_car_mem_closed SA_car_memE(2) by metis
+ hence 3: "UPQ.pderiv (SA_poly_to_Qp_poly n a (up_ring.monom (UP (SA n)) b m)) = up_ring.monom (UP Q\<^sub>p) ([m]\<cdot>(b a)) (m-1)"
+ using 1 2 A UPQ.pderiv_monom[of "b a" m]
+ by presburger
+ have 4: "[m] \<cdot>\<^bsub>SA n\<^esub> b \<in> carrier (SA n)"
+ using A assms SA_is_cring[of n] ring.add_pow_closed[of "SA n" b m] SA_is_ring
+ by blast
+ have 5: "SA_poly_to_Qp_poly n a (up_ring.monom (UP (SA n)) ([m] \<cdot>\<^bsub>SA n\<^esub> b) (m-1)) = up_ring.monom (UP Q\<^sub>p) (([m] \<cdot>\<^bsub>SA n\<^esub> b) a) (m-1)"
+ using SA_poly_to_Qp_poly_monom[of a n "[m]\<cdot>\<^bsub>SA n\<^esub>b" "m-1"] assms 4 by blast
+ have 6: "SA_poly_to_Qp_poly n a (UP_cring.pderiv (SA n) (up_ring.monom (UP (SA n)) b m)) = up_ring.monom (UP Q\<^sub>p) (([m] \<cdot>\<^bsub>SA n\<^esub> b) a) (m - 1)"
+ using 5 0 by presburger
+ thus ?thesis using assms A 3 6 SA_add_pow_apply[of b n a]
+ by auto
+ qed
+ qed
+qed
+
+lemma SA_poly_to_Qp_poly_pderiv:
+ assumes "g \<in> carrier (UP (SA m))"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ shows "UPQ.pderiv (SA_poly_to_Qp_poly m x g) = (SA_poly_to_Qp_poly m x (pderiv m g))"
+proof
+ fix n
+ have 0: "UPQ.pderiv (SA_poly_to_Qp_poly m x g) n = [Suc n] \<cdot> SA_poly_to_Qp_poly m x g (Suc n)"
+ by(rule UPQ.pderiv_cfs[of "SA_poly_to_Qp_poly m x g"n], rule SA_poly_to_Qp_poly_closed, rule assms , rule assms)
+ have 1: "SA_poly_to_Qp_poly m x (UPSA.pderiv m g) n = UPSA.pderiv m g n x"
+ by(rule SA_poly_to_Qp_poly_coeff[of x m "UPSA.pderiv m g" n], rule assms, rule UPSA.pderiv_closed, rule assms)
+ have 2: "SA_poly_to_Qp_poly m x (UPSA.pderiv m g) n = ([Suc n] \<cdot>\<^bsub>SA m\<^esub> g (Suc n)) x"
+ using UPSA.pderiv_cfs[of g m n] assms unfolding 1 by auto
+ show "UPQ.pderiv (SA_poly_to_Qp_poly m x g) n = SA_poly_to_Qp_poly m x (UPSA.pderiv m g) n"
+ unfolding 0 2 using SA_poly_to_Qp_poly_coeff assms
+ by (metis "0" "2" SA_poly_to_Qp_poly_comm_pderiv)
+qed
+
+lemma(in UP_cring) pderiv_deg_lt:
+ assumes "f \<in> carrier (UP R)"
+ assumes "deg R f > 0"
+ shows "deg R (pderiv f) < deg R f"
+proof-
+ obtain n where n_def: "n = deg R f"
+ by blast
+ have 0: "\<And>k. k \<ge> n \<Longrightarrow> pderiv f k = \<zero>"
+ using pderiv_cfs assms unfolding n_def
+ by (simp add: UP_car_memE(2))
+ obtain k where k_def: "n = Suc k"
+ using n_def assms gr0_implies_Suc by presburger
+ have "deg R (pderiv f) \<le> k"
+ apply(rule deg_leqI)
+ using P_def assms(1) pderiv_closed apply presburger
+ apply(rule 0)
+ unfolding k_def by presburger
+ thus ?thesis using k_def unfolding n_def by linarith
+qed
+
+lemma deg_pderiv:
+ assumes "f \<in> carrier (UP (SA m))"
+ assumes "deg (SA m) f > 0"
+ shows "deg (SA m) (pderiv m f) = deg (SA m) f - 1"
+proof-
+ obtain n where n_def: "n = deg (SA m) f"
+ by blast
+ have 0: "f n \<noteq> \<zero>\<^bsub>SA m\<^esub>"
+ unfolding n_def using assms UPSA.deg_ltrm by fastforce
+ have 1: "(pderiv m f) (n-1) = [n]\<cdot>\<^bsub>SA m\<^esub> (f n)"
+ using assms unfolding n_def using Suc_diff_1 UPSA.pderiv_cfs by presburger
+ have 2: "deg (SA m) (pderiv m f) \<ge> (n-1)"
+ using 0 assms SA_char_zero
+ by (metis "1" UPSA.deg_eqI UPSA.lcf_closed UPSA.pderiv_closed n_def nat_le_linear)
+ have 3: "deg (SA m) (pderiv m f) < deg (SA m) f"
+ using assms pderiv_deg_lt by auto
+ thus ?thesis using 2 unfolding n_def by presburger
+qed
+
+lemma SA_poly_to_Qp_poly_smult:
+ assumes "a \<in> carrier (SA m)"
+ assumes "f \<in> carrier (UP (SA m))"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ shows "SA_poly_to_Qp_poly m x (a \<odot>\<^bsub>UP (SA m)\<^esub> f) = a x \<odot>\<^bsub>UP Q\<^sub>p\<^esub> SA_poly_to_Qp_poly m x f"
+proof-
+ have 0: "a \<odot>\<^bsub>UP (SA m)\<^esub> f = to_polynomial (SA m) a \<otimes>\<^bsub>UP (SA m)\<^esub> f"
+ using assms UPSA.to_poly_mult_simp(1) by presburger
+ have 1: "SA_poly_to_Qp_poly m x (a \<odot>\<^bsub>UP (SA m)\<^esub> f) = SA_poly_to_Qp_poly m x (to_polynomial (SA m) a) \<otimes>\<^bsub>UP Q\<^sub>p\<^esub> SA_poly_to_Qp_poly m x f"
+ unfolding 0 apply(rule SA_poly_to_Qp_poly_mult)
+ using assms apply blast
+ using assms to_poly_closed apply blast
+ using assms by blast
+ have 2: "SA_poly_to_Qp_poly m x (a \<odot>\<^bsub>UP (SA m)\<^esub> f) = (to_polynomial Q\<^sub>p (a x)) \<otimes>\<^bsub>UP Q\<^sub>p\<^esub> SA_poly_to_Qp_poly m x f"
+ unfolding 1 using assms SA_poly_to_Qp_poly_monom unfolding to_polynomial_def
+ by presburger
+ show ?thesis
+ unfolding 2 apply(rule UP_cring.to_poly_mult_simp(1)[of Q\<^sub>p "a x" "SA_poly_to_Qp_poly m x f"])
+ unfolding UP_cring_def
+ apply (simp add: Qp.cring)
+ using assms SA_car_memE apply blast
+ using assms SA_poly_to_Qp_poly_closed[of x m f] by blast
+qed
+
+lemma SA_poly_constant_res_class_semialg:
+ assumes "f \<in> carrier (UP (SA m))"
+ assumes "\<And>i x. x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> f i x \<in> \<O>\<^sub>p"
+ assumes "deg (SA m) f \<le> d"
+ assumes "C \<in> poly_res_classes n d"
+ shows "is_semialgebraic m {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). SA_poly_to_Qp_poly m x f \<in> C}"
+proof-
+ obtain Fs where Fs_def: "Fs = f ` {..d}"
+ by blast
+ obtain g where g_def: "g \<in> val_ring_polys_grad d \<and> C = poly_res_class n d g"
+ using assms unfolding poly_res_classes_def by blast
+ have C_eq: " C = poly_res_class n d g"
+ using g_def by blast
+ have 0: "{x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). SA_poly_to_Qp_poly m x f \<in> C} =
+ (\<Inter> i \<in> {..d}. {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). f i x \<in> \<O>\<^sub>p \<and> Qp_res (f i x) n = Qp_res (g i) n})"
+ apply(rule equalityI')
+ unfolding mem_Collect_eq
+ proof(rule InterI)
+ fix x S
+ assume A: " x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<and> SA_poly_to_Qp_poly m x f \<in> C"
+ "S \<in> (\<lambda>i. {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). f i x \<in> \<O>\<^sub>p \<and> Qp_res (f i x) n = Qp_res (g i) n}) ` {..d}"
+ have 0: "C = poly_res_class n d (SA_poly_to_Qp_poly m x f)"
+ unfolding C_eq
+ apply(rule equalityI', rule poly_res_class_memI, rule poly_res_class_memE[of _ n d g], blast
+ , rule poly_res_class_memE[of _ n d g], blast, rule poly_res_class_memE[of _ n d g], blast)
+ using poly_res_class_memE[of _ n d ]A
+ apply (metis (no_types, lifting) C_eq)
+ apply(rule poly_res_class_memI, rule poly_res_class_memE[of _ n d "SA_poly_to_Qp_poly m x f"], blast,
+ rule poly_res_class_memE[of _ n d "SA_poly_to_Qp_poly m x f"], blast,
+ rule poly_res_class_memE[of _ n d "SA_poly_to_Qp_poly m x f"], blast)
+ using poly_res_class_memE[of _ n d ]A
+ by (metis (no_types, lifting) C_eq)
+ obtain i where i_def: "i \<in> {..d} \<and>
+ S = {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). f i x \<in> \<O>\<^sub>p \<and> Qp_res (f i x) n = Qp_res (g i) n}"
+ using A by blast
+ have S_eq: "S = {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). f i x \<in> \<O>\<^sub>p \<and> Qp_res (f i x) n = Qp_res (g i) n}"
+ using i_def by blast
+ have 1: "\<And>i. SA_poly_to_Qp_poly m x f i = f i x"
+ apply(rule SA_poly_to_Qp_poly_coeff)
+ using A apply blast by(rule assms)
+ have 2: "deg Q\<^sub>p (SA_poly_to_Qp_poly m x f) \<le> d"
+ using assms SA_poly_to_Qp_poly_deg_bound[of f m x]
+ using A(1) by linarith
+ have 3: "Qp_res (SA_poly_to_Qp_poly m x f i) n = Qp_res (g i) n"
+ apply(rule poly_res_class_memE[of _ _ d], rule poly_res_class_memI)
+ using g_def val_ring_polys_grad_memE apply blast
+ using g_def val_ring_polys_grad_memE apply blast
+ using g_def val_ring_polys_grad_memE apply blast
+ apply(rule poly_res_class_memE[of _ _ d],rule poly_res_class_memI)
+ apply(rule SA_poly_to_Qp_poly_closed)
+ using A apply blast
+ apply(rule assms)
+ apply(rule 2)
+ unfolding 1 using assms A apply blast
+ using A unfolding C_eq
+ using poly_res_class_memE(4)[of "SA_poly_to_Qp_poly m x f" n d g]
+ unfolding 1 by metis
+ show "x \<in> S"
+ using A 3 assms
+ unfolding S_eq mem_Collect_eq unfolding 1
+ by blast
+ next
+
+ show "\<And>x. x \<in> (\<Inter>i\<le>d. {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). f i x \<in> \<O>\<^sub>p \<and> Qp_res (f i x) n = Qp_res (g i) n}) \<Longrightarrow> x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<and> SA_poly_to_Qp_poly m x f \<in> C"
+ proof-
+ fix x assume A: "x \<in> (\<Inter>i\<le>d. {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). f i x \<in> \<O>\<^sub>p \<and> Qp_res (f i x) n = Qp_res (g i) n})"
+ have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using A by blast
+ have 0: "\<And>i. SA_poly_to_Qp_poly m x f i = f i x"
+ apply(rule SA_poly_to_Qp_poly_coeff)
+ using A apply blast by(rule assms)
+ have 1: "deg Q\<^sub>p (SA_poly_to_Qp_poly m x f) \<le> d"
+ using assms SA_poly_to_Qp_poly_deg_bound[of f m x]
+ using x_closed by linarith
+ have 2: "\<And>i. Qp_res (f i x) n = Qp_res (g i) n"
+ proof- fix i
+ have 20: "i > d \<Longrightarrow> i > deg Q\<^sub>p g"
+ using g_def val_ring_polys_grad_memE(2) by fastforce
+ have 21: "i > d \<Longrightarrow> g i= \<zero>"
+ using 20 g_def val_ring_polys_grad_memE UPQ.deg_leE by blast
+ have 22: "i > d \<Longrightarrow> Qp_res (g i) n = 0"
+ unfolding 21 Qp_res_zero by blast
+ have 23: "i > d \<Longrightarrow> SA_poly_to_Qp_poly m x f i = \<zero>"
+ apply(rule UPQ.deg_leE, rule SA_poly_to_Qp_poly_closed, rule x_closed, rule assms)
+ by(rule le_less_trans[of _ d], rule 1, blast)
+ show " Qp_res (f i x) n = Qp_res (g i) n"
+ apply(cases "i \<le> d")
+ using A apply blast
+ using 22 21 1 23 unfolding 0
+ by (metis less_or_eq_imp_le linorder_neqE_nat)
+ qed
+ have 3: "SA_poly_to_Qp_poly m x f \<in> C"
+ unfolding C_eq
+ apply(rule poly_res_class_memI, rule SA_poly_to_Qp_poly_closed, rule x_closed, rule assms, rule 1)
+ unfolding 0
+ by(rule assms, rule x_closed, rule 2)
+ show " x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<and> SA_poly_to_Qp_poly m x f \<in> C"
+ using x_closed 3 by blast
+ qed
+ qed
+ have 1: "\<And>i. is_semialgebraic m {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). f i x \<in> \<O>\<^sub>p \<and> Qp_res (f i x) n = Qp_res (g i) n}"
+ apply(rule SA_constant_res_set_semialg, rule Qp_res_closed, rule val_ring_polys_grad_memE[of _ d])
+ using g_def apply blast
+ using assms UPSA.UP_car_memE(1) by blast
+ show "is_semialgebraic m {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). SA_poly_to_Qp_poly m x f \<in> C}"
+ unfolding 0
+ apply(rule finite_intersection_is_semialg, blast, blast, rule subsetI)
+ using 1 unfolding is_semialgebraic_def by blast
+qed
+
+text\<open>Maps a polynomial $F(t) \in UP (SA n)$ to a function sending $(t, a) \in (Q_p (n + 1) \mapsto F(a)(t) \in Q_p$ \<close>
+
+definition SA_poly_to_SA_fun where
+ "SA_poly_to_SA_fun n P = (\<lambda> a \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>). UP_cring.to_fun Q\<^sub>p (SA_poly_to_Qp_poly n (tl a) P) (hd a))"
+
+lemma SA_poly_to_SA_fun_is_fun:
+ assumes "P \<in> carrier (UP (SA n))"
+ shows "SA_poly_to_SA_fun n P \<in> (carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>) \<rightarrow> carrier Q\<^sub>p)"
+proof fix x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)"
+ obtain t where t_def: "t = hd x" by blast
+ obtain a where a_def: "a = tl x" by blast
+ have t_closed: "t \<in> carrier Q\<^sub>p"
+ using A t_def cartesian_power_head
+ by blast
+ have a_closed: "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using A a_def cartesian_power_tail
+ by blast
+ have 0: "SA_poly_to_SA_fun n P x = UP_cring.to_fun Q\<^sub>p (SA_poly_to_Qp_poly n a P) t"
+ unfolding SA_poly_to_SA_fun_def using t_def a_def
+ by (meson A restrict_apply')
+ show "SA_poly_to_SA_fun n P x \<in> carrier Q\<^sub>p"
+ using assms t_closed a_def 0 UP_cring.to_fun_closed[of Q\<^sub>p "SA_poly_to_Qp_poly n a P" ]
+ unfolding SA_poly_to_SA_fun_def
+ using SA_poly_to_Qp_poly_closed a_closed UPQ.to_fun_closed by presburger
+qed
+
+lemma SA_poly_to_SA_fun_formula:
+ assumes "P \<in> carrier (UP (SA n))"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "t \<in> carrier Q\<^sub>p"
+ shows "SA_poly_to_SA_fun n P (t#x) = (SA_poly_to_Qp_poly n x P)\<bullet>t"
+proof-
+ have 0: "hd (t#x) = t"
+ by simp
+ have 1: "tl (t#x) = x"
+ by auto
+ have 2: "(t#x) \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)"
+ by (metis add.commute assms cartesian_power_cons plus_1_eq_Suc)
+ show ?thesis
+ unfolding SA_poly_to_SA_fun_def
+ using 0 1 2 assms
+ by (metis (no_types, lifting) restrict_apply')
+qed
+
+lemma semialg_map_comp_in_SA:
+ assumes "f \<in> carrier (SA n)"
+ assumes "is_semialg_map m n g"
+ shows "(\<lambda> a \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). f (g a)) \<in> carrier (SA m)"
+proof(rule SA_car_memI)
+ show "(\<lambda>a\<in>carrier (Q\<^sub>p\<^bsup>m\<^esup>). f (g a)) \<in> carrier (Qp_funs m)"
+ proof(rule Qp_funs_car_memI)
+ show " (\<lambda>a\<in>carrier (Q\<^sub>p\<^bsup>m\<^esup>). f (g a)) \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ proof fix a assume A: "a \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ then have "g a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using is_semialg_map_def[of m n g] assms
+ by blast
+ then show "f (g a) \<in> carrier Q\<^sub>p"
+ using A assms SA_car_memE(3)[of f n]
+ by blast
+ qed
+ show " \<And>x. x \<notin> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> (\<lambda>a\<in>carrier (Q\<^sub>p\<^bsup>m\<^esup>). f (g a)) x = undefined"
+ unfolding restrict_def by metis
+ qed
+ have 0: "is_semialg_function m (f \<circ> g)"
+ using assms semialg_function_comp_closed[of n f m g] SA_car_memE(1)[of f n]
+ by blast
+ have 1: " (\<And>a. a \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> (f \<circ> g) a = (\<lambda>a\<in>carrier (Q\<^sub>p\<^bsup>m\<^esup>). f (g a)) a)"
+ using assms comp_apply[of f g] unfolding restrict_def
+ by metis
+ then show "is_semialg_function m (\<lambda>a\<in>carrier (Q\<^sub>p\<^bsup>m\<^esup>). f (g a))"
+ using 0 1 semialg_function_on_carrier'[of m "f \<circ> g" "\<lambda> a \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). f (g a)" ]
+ by blast
+qed
+
+lemma tl_comp_in_SA:
+ assumes "f \<in> carrier (SA n)"
+ shows "(\<lambda> a \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>). f (tl a)) \<in> carrier (SA (Suc n))"
+ using assms semialg_map_comp_in_SA[of f _ _ tl] tl_is_semialg_map[of "n"]
+ by blast
+
+lemma SA_poly_to_SA_fun_add_eval:
+ assumes "f \<in> carrier (UP (SA n))"
+ assumes "g \<in> carrier (UP (SA n))"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)"
+ shows "SA_poly_to_SA_fun n (f \<oplus>\<^bsub>UP (SA n)\<^esub> g) a = SA_poly_to_SA_fun n f a \<oplus>\<^bsub>Q\<^sub>p\<^esub> SA_poly_to_SA_fun n g a"
+ unfolding SA_poly_to_SA_fun_def
+ using assms SA_poly_to_Qp_poly_add[of "tl a" n f g]
+ by (metis (no_types, lifting) SA_poly_to_Qp_poly_closed UPQ.to_fun_plus cartesian_power_head cartesian_power_tail restrict_apply')
+
+lemma SA_poly_to_SA_fun_add:
+ assumes "f \<in> carrier (UP (SA n))"
+ assumes "g \<in> carrier (UP (SA n))"
+ shows "SA_poly_to_SA_fun n (f \<oplus>\<^bsub>UP (SA n)\<^esub> g) = SA_poly_to_SA_fun n f \<oplus>\<^bsub>SA (Suc n)\<^esub> SA_poly_to_SA_fun n g"
+proof fix x
+ show " SA_poly_to_SA_fun n (f \<oplus>\<^bsub>UP (SA n)\<^esub> g) x = (SA_poly_to_SA_fun n f \<oplus>\<^bsub>SA (Suc n)\<^esub> SA_poly_to_SA_fun n g) x"
+ proof(cases "x \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)")
+ case True
+ then show ?thesis using SA_poly_to_SA_fun_add_eval[of f n g x] SA_add[of x n]
+ using SA_mult assms(1) assms(2) SA_add
+ by blast
+ next
+ case False
+ have F0: "SA_poly_to_SA_fun n (f \<oplus>\<^bsub>UP (SA n)\<^esub> g) x = undefined"
+ unfolding SA_poly_to_SA_fun_def
+ by (meson False restrict_apply)
+ have F1: "(SA_poly_to_SA_fun n f \<oplus>\<^bsub>SA (Suc n)\<^esub> SA_poly_to_SA_fun n g) x = undefined"
+ using False SA_add' by blast
+ then show ?thesis
+ using F0 by blast
+ qed
+qed
+
+lemma SA_poly_to_SA_fun_monom:
+ assumes "f \<in> carrier (SA n)"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)"
+ shows "SA_poly_to_SA_fun n (up_ring.monom (UP (SA n)) f k) a = (f (tl a))\<otimes>(hd a)[^]\<^bsub>Q\<^sub>p\<^esub>k "
+proof-
+ have "SA_poly_to_SA_fun n (up_ring.monom (UP (SA n)) f k) a = SA_poly_to_Qp_poly n (tl a) (up_ring.monom (UP (SA n)) f k) \<bullet> lead_coeff a"
+ unfolding SA_poly_to_SA_fun_def using assms
+ by (meson restrict_apply)
+ then have "SA_poly_to_SA_fun n (up_ring.monom (UP (SA n)) f k) a = up_ring.monom Q\<^sub>p_x (f (tl a)) k\<bullet> lead_coeff a"
+ using SA_poly_to_Qp_poly_monom[of "tl a" n f k] assms
+ by (metis cartesian_power_tail)
+ then show ?thesis using assms
+ by (metis (no_types, lifting) SA_car cartesian_power_head cartesian_power_tail UPQ.to_fun_monom Qp.function_ring_car_mem_closed semialg_functions_memE(2))
+qed
+
+lemma SA_poly_to_SA_fun_monom':
+ assumes "f \<in> carrier (SA n)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "t \<in> carrier Q\<^sub>p"
+ shows "SA_poly_to_SA_fun n (up_ring.monom (UP (SA n)) f k) (t#x) = (f x)\<otimes>t[^]\<^bsub>Q\<^sub>p\<^esub>k "
+proof-
+ have 0: "hd (t#x) = t"
+ by simp
+ have 1: "tl (t#x) = x"
+ by auto
+ have 2: "(t#x) \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)"
+ by (metis add.commute assms cartesian_power_cons plus_1_eq_Suc)
+ show ?thesis
+ using 0 1 2 SA_poly_to_SA_fun_monom[of f n "t#x" k] assms SA_poly_to_SA_fun_monom
+ by presburger
+qed
+
+lemma hd_is_semialg_function:
+ assumes "n > 0"
+ shows "is_semialg_function n hd"
+proof-
+ have 0: "is_semialg_function n (\<lambda> a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). a!0)"
+ using assms index_is_semialg_function restrict_is_semialg by blast
+ have 1: "restrict (\<lambda>a\<in>carrier (Q\<^sub>p\<^bsup>n\<^esup>). a ! 0) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) = restrict lead_coeff (carrier (Q\<^sub>p\<^bsup>n\<^esup>))"
+ proof fix x
+ show "restrict (\<lambda>a\<in>carrier (Q\<^sub>p\<^bsup>n\<^esup>). a ! 0) (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) x = restrict lead_coeff (carrier (Q\<^sub>p\<^bsup>n\<^esup>)) x"
+ unfolding restrict_def
+ apply(cases "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)")
+ apply (metis assms cartesian_power_car_memE drop_0 hd_drop_conv_nth)
+ by presburger
+ qed
+ show ?thesis
+ using 0 1 assms semialg_function_on_carrier[of n "(\<lambda> a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>). a!0)" hd]
+ by blast
+qed
+
+lemma SA_poly_to_SA_fun_monom_closed:
+ assumes "f \<in> carrier (SA n)"
+ shows "SA_poly_to_SA_fun n (up_ring.monom (UP (SA n)) f k) \<in> carrier (SA (Suc n))"
+proof-
+ have 0: "is_semialg_function (Suc n) (f \<circ> tl)"
+ using SA_imp_semialg assms(1) semialg_function_comp_closed tl_is_semialg_map by blast
+ obtain h where h_def: "h = restrict hd (carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>))"
+ by blast
+ have h_closed: "h \<in> carrier (SA (Suc n))"
+ using hd_is_semialg_function SA_car h_def restrict_in_semialg_functions
+ by blast
+ have h_pow_closed: "h[^]\<^bsub>SA (Suc n)\<^esub> k \<in> carrier (SA (Suc n))"
+ using assms(1) h_closed monoid.nat_pow_closed[of "SA (Suc n)" h k] SA_is_monoid[of "Suc n"]
+ by blast
+ have monom_term_closed: "(f \<circ> tl) \<otimes>\<^bsub>SA (Suc n)\<^esub> h[^]\<^bsub>SA (Suc n)\<^esub> k \<in> carrier (SA (Suc n))"
+ apply(rule SA_mult_closed_right)
+ using "0" apply linarith
+ using h_pow_closed by blast
+
+ have 0: "\<And>a. a \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>) \<Longrightarrow> SA_poly_to_SA_fun n (up_ring.monom (UP (SA n)) f k) a = ((f \<circ> tl) \<otimes>\<^bsub>SA (Suc n)\<^esub> h[^]\<^bsub>SA (Suc n)\<^esub> k) a"
+ proof- fix a assume "a \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)"
+ then show "SA_poly_to_SA_fun n (up_ring.monom (UP (SA n)) f k) a = ((f \<circ> tl) \<otimes>\<^bsub>SA (Suc n)\<^esub> h[^]\<^bsub>SA (Suc n)\<^esub> k) a"
+ using assms SA_poly_to_SA_fun_monom[of f n a k] comp_apply[of f tl a] h_def restrict_apply
+ SA_mult[of a "Suc n" "f \<circ> tl" "h [^]\<^bsub>SA (Suc n)\<^esub> k"] SA_nat_pow[of a "Suc n" h k]
+ by metis
+ qed
+ have 1: "SA_poly_to_SA_fun n (up_ring.monom (UP (SA n)) f k) = ((f \<circ> tl) \<otimes>\<^bsub>SA (Suc n)\<^esub> h[^]\<^bsub>SA (Suc n)\<^esub> k)"
+ proof fix x
+ show "SA_poly_to_SA_fun n (up_ring.monom (UP (SA n)) f k) x = ((f \<circ> tl) \<otimes>\<^bsub>SA (Suc n)\<^esub> h [^]\<^bsub>SA (Suc n)\<^esub> k) x"
+ apply(cases "x \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)")
+ using "0" apply blast
+ using monom_term_closed unfolding SA_poly_to_SA_fun_def
+ using restrict_apply
+ by (metis (no_types, lifting) SA_mult')
+ qed
+ show ?thesis
+ using 1 monom_term_closed
+ by presburger
+qed
+
+lemma SA_poly_to_SA_fun_is_SA:
+ assumes "P \<in> carrier (UP (SA n))"
+ shows "SA_poly_to_SA_fun n P \<in> carrier (SA (Suc n))"
+ apply(rule UP_ring.poly_induct3[of "SA n" P])
+ unfolding UP_ring_def using assms SA_is_ring apply blast
+ using assms apply blast
+ using assms SA_poly_to_SA_fun_add[of ]
+ using SA_add_closed_right SA_imp_semialg zero_less_Suc apply presburger
+ using SA_poly_to_SA_fun_monom_closed assms(1)
+ by blast
+
+lemma SA_poly_to_SA_fun_mult:
+ assumes "f \<in> carrier (UP (SA n))"
+ assumes "g \<in> carrier (UP (SA n))"
+ shows "SA_poly_to_SA_fun n (f \<otimes>\<^bsub>UP (SA n)\<^esub> g) = SA_poly_to_SA_fun n f \<otimes>\<^bsub>SA (Suc n)\<^esub> SA_poly_to_SA_fun n g"
+proof(rule function_ring_car_eqI[of _ "Suc n"])
+ show "SA_poly_to_SA_fun n (f \<otimes>\<^bsub>UP (SA n)\<^esub> g) \<in> carrier (function_ring (carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)) Q\<^sub>p)"
+ proof-
+ have "f \<otimes>\<^bsub>UP (SA n)\<^esub> g \<in> carrier (UP (SA n))"
+ using assms SA_is_UP_cring
+ by (meson cring.cring_simprules(5) padic_fields.UP_SA_n_is_cring padic_fields_axioms)
+ thus ?thesis
+ using SA_is_UP_cring assms SA_poly_to_SA_fun_is_SA[of "f \<otimes>\<^bsub>UP (SA n)\<^esub> g"] SA_car_in_Qp_funs_car[of "Suc n"]
+ by blast
+ qed
+ show "SA_poly_to_SA_fun n f \<otimes>\<^bsub>SA (Suc n)\<^esub> SA_poly_to_SA_fun n g \<in> carrier (function_ring (carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)) Q\<^sub>p)"
+ using SA_is_UP_cring SA_poly_to_SA_fun_is_SA assms
+ by (meson SA_car_memE(2) SA_mult_closed_left less_Suc_eq_0_disj padic_fields.SA_car_memE(1) padic_fields_axioms)
+ show "\<And>a. a \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>) \<Longrightarrow> SA_poly_to_SA_fun n (f \<otimes>\<^bsub>UP (SA n)\<^esub> g) a = (SA_poly_to_SA_fun n f \<otimes>\<^bsub>SA (Suc n)\<^esub> SA_poly_to_SA_fun n g) a"
+ proof- fix a assume A: "a \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)"
+ then obtain t b where tb_def: "a = t#b"
+ using cartesian_power_car_memE[of a Q\<^sub>p "Suc n"] by (meson length_Suc_conv)
+ have t_closed: "t \<in> carrier Q\<^sub>p"
+ using tb_def A cartesian_power_head[of a Q\<^sub>p n] by (metis list.sel(1))
+ have b_closed: "b \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using tb_def A cartesian_power_tail[of a Q\<^sub>p n] by (metis list.sel(3))
+ have 0: "f \<otimes>\<^bsub>UP (SA n)\<^esub> g \<in> carrier (UP (SA n))"
+ using assms by (meson UP_SA_n_is_cring cring.cring_simprules(5))
+ have 1: "SA_poly_to_SA_fun n (f \<otimes>\<^bsub>UP (SA n)\<^esub> g) a = (SA_poly_to_Qp_poly n b (f \<otimes>\<^bsub>UP (SA n)\<^esub> g))\<bullet>t"
+ using SA_poly_to_SA_fun_formula[of "f \<otimes>\<^bsub>UP (SA n)\<^esub> g" n b t] t_closed b_closed tb_def 0 assms(1)
+ by blast
+ have 2: "(SA_poly_to_SA_fun n f \<otimes>\<^bsub>SA (Suc n)\<^esub> SA_poly_to_SA_fun n g) a =
+ SA_poly_to_SA_fun n f a \<otimes> SA_poly_to_SA_fun n g a"
+ using SA_poly_to_SA_fun_is_fun assms A SA_mult by blast
+ hence 3: "(SA_poly_to_SA_fun n f \<otimes>\<^bsub>SA (Suc n)\<^esub> SA_poly_to_SA_fun n g) a =
+ ((SA_poly_to_Qp_poly n b f) \<bullet> t) \<otimes> ((SA_poly_to_Qp_poly n b g) \<bullet> t)"
+ using SA_poly_to_SA_fun_formula assms
+ by (metis b_closed t_closed tb_def)
+ have 4: "SA_poly_to_SA_fun n (f \<otimes>\<^bsub>UP (SA n)\<^esub> g) a = ((SA_poly_to_Qp_poly n b f) \<bullet> t) \<otimes> ((SA_poly_to_Qp_poly n b g) \<bullet> t)"
+ using 1 assms SA_poly_to_Qp_poly_closed[of b] SA_poly_to_Qp_poly_mult UPQ.to_fun_mult b_closed t_closed
+ by presburger
+ show " SA_poly_to_SA_fun n (f \<otimes>\<^bsub>UP (SA n)\<^esub> g) a = (SA_poly_to_SA_fun n f \<otimes>\<^bsub>SA (Suc n)\<^esub> SA_poly_to_SA_fun n g) a"
+ using "3" "4" by blast
+ qed
+qed
+
+lemma SA_poly_to_SA_fun_one:
+ shows "SA_poly_to_SA_fun n (\<one>\<^bsub>UP (SA n)\<^esub>) = \<one>\<^bsub>SA (Suc n)\<^esub>"
+proof(rule function_ring_car_eqI[of _ "Suc n"])
+ have "\<one>\<^bsub>UP (SA n)\<^esub> \<in> carrier (UP (SA n))"
+ using UP_SA_n_is_cring cring.cring_simprules(6) by blast
+ thus " SA_poly_to_SA_fun n \<one>\<^bsub>UP (SA n)\<^esub> \<in> carrier (function_ring (carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)) Q\<^sub>p)"
+ using SA_poly_to_SA_fun_is_SA[of "\<one>\<^bsub>UP (SA n)\<^esub>"] SA_car_in_Qp_funs_car[of "Suc n"] SA_is_UP_cring[of n]
+ by blast
+ show "\<one>\<^bsub>SA (Suc n)\<^esub> \<in> carrier (function_ring (carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)) Q\<^sub>p)"
+ unfolding SA_one
+ using function_one_closed by blast
+ show "\<And>a. a \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>) \<Longrightarrow> SA_poly_to_SA_fun n \<one>\<^bsub>UP (SA n)\<^esub> a = \<one>\<^bsub>SA (Suc n)\<^esub> a"
+ proof- fix a assume A: " a \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)"
+ then obtain t b where tb_def: "a = t#b"
+ using cartesian_power_car_memE[of a Q\<^sub>p "Suc n"] by (meson length_Suc_conv)
+ have t_closed: "t \<in> carrier Q\<^sub>p"
+ using tb_def A cartesian_power_head[of a Q\<^sub>p n] by (metis list.sel(1))
+ have b_closed: "b \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ using tb_def A cartesian_power_tail[of a Q\<^sub>p n] by (metis list.sel(3))
+ have 0: "SA_poly_to_SA_fun n \<one>\<^bsub>UP (SA n)\<^esub> a = (SA_poly_to_Qp_poly n b \<one>\<^bsub>UP (SA n)\<^esub>)\<bullet>t"
+ using SA_poly_to_SA_fun_formula \<open>\<one>\<^bsub>UP (SA n)\<^esub> \<in> carrier (UP (SA n))\<close> b_closed t_closed tb_def
+ by blast
+ have 1: "SA_poly_to_Qp_poly n b \<one>\<^bsub>UP (SA n)\<^esub> = \<one>\<^bsub>UP Q\<^sub>p\<^esub>"
+ using SA_poly_to_Qp_poly_is_hom[of b] ring_hom_one[of _ "UP (SA n)" "UP Q\<^sub>p"] b_closed
+ by blast
+ thus "SA_poly_to_SA_fun n \<one>\<^bsub>UP (SA n)\<^esub> a = \<one>\<^bsub>SA (Suc n)\<^esub> a"
+ using "0" A function_one_eval SA_one UPQ.to_fun_one t_closed by presburger
+ qed
+qed
+
+lemma SA_poly_to_SA_fun_ring_hom:
+ shows "SA_poly_to_SA_fun n \<in> ring_hom (UP (SA n)) (SA (Suc n))"
+ apply(rule ring_hom_memI)
+ using SA_poly_to_SA_fun_is_SA apply blast
+ apply (meson SA_poly_to_SA_fun_mult)
+ apply (meson SA_poly_to_SA_fun_add)
+ by (meson SA_poly_to_SA_fun_one)
+
+lemma SA_poly_to_SA_fun_taylor_term:
+ assumes "F \<in> carrier (UP (SA n))"
+ assumes "c \<in> carrier (SA n)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "t \<in> carrier Q\<^sub>p"
+ assumes "f = SA_poly_to_Qp_poly n x F"
+ shows "SA_poly_to_SA_fun n (UP_cring.taylor_term (SA n) c F k) (t#x) = (taylor_expansion Q\<^sub>p (c x) f k) \<otimes>(t \<ominus> c x)[^]\<^bsub>Q\<^sub>p\<^esub> k"
+proof-
+ have 0: "hd (t#x) = t"
+ by simp
+ have 1: "tl (t#x) = x"
+ by auto
+ have 2: "(t#x) \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)"
+ by (metis Suc_eq_plus1 assms cartesian_power_cons)
+ show ?thesis
+ using assms 0 1 2 Pi_iff SA_car_memE(3)
+ SA_poly_to_Qp_poly_closed SA_poly_to_Qp_poly_comm_taylor_term[of F n c x k] restrict_apply'
+ unfolding SA_poly_to_SA_fun_def
+ by (metis (no_types, lifting) UPQ.taylor_def UPQ.to_fun_taylor_term)
+qed
+
+lemma SA_finsum_eval:
+ assumes "finite I"
+ assumes "F \<in> I \<rightarrow> carrier (SA m)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ shows "(\<Oplus>\<^bsub>SA m\<^esub>i\<in>I. F i) x = (\<Oplus>i\<in>I. F i x)"
+proof-
+ have "F \<in> I \<rightarrow> carrier (SA m) \<longrightarrow> (\<Oplus>\<^bsub>SA m\<^esub>i\<in>I. F i) x = (\<Oplus>i\<in>I. F i x)"
+ apply(rule finite.induct[of I])
+ apply (simp add: assms(1))
+ using abelian_monoid.finsum_empty[of "SA m" F] assms unfolding Qp.finsum_empty
+ using SA_is_abelian_monoid SA_zeroE apply presburger
+ proof fix A a assume IH: "finite A" " F \<in> A \<rightarrow> carrier (SA m) \<longrightarrow> finsum (SA m) F A x = (\<Oplus>i\<in>A. F i x)"
+ "F \<in> insert a A \<rightarrow> carrier (SA m)"
+ then have 0: "F \<in> A \<rightarrow> carrier (SA m)"
+ by blast
+ then have 1: "finsum (SA m) F A x = (\<Oplus>i\<in>A. F i x)"
+ using IH by blast
+ show "finsum (SA m) F (insert a A) x = (\<Oplus>i\<in>insert a A. F i x)"
+ proof(cases "a \<in> A")
+ case True
+ then show ?thesis using insert_absorb[of a A] IH
+ by presburger
+ next
+ case False
+ have F0: "(\<lambda>i. F i x) \<in> A \<rightarrow> carrier Q\<^sub>p" proof fix i assume "i \<in> A" thus "F i x \<in> carrier Q\<^sub>p"
+ using 0 assms(3) SA_car_memE(3)[of "F i" m] by blast qed
+ have F1: "F a x \<in> carrier Q\<^sub>p"
+ using IH assms(3) SA_car_memE(3)[of "F a" m] by blast
+ have F2: "finsum (SA m) F (insert a A) x = F a x \<oplus> finsum (SA m) F A x"
+ proof-
+ have " finsum (SA m) F (insert a A) = F a \<oplus>\<^bsub>SA m\<^esub> finsum (SA m) F A"
+ using False IH abelian_monoid.finsum_insert[of "SA m" A a F ] 0
+ by (meson Pi_split_insert_domain SA_is_abelian_monoid)
+ thus ?thesis using abelian_monoid.finsum_closed[of "SA m" F A] 1 F0 F1
+ SA_add[of x m "F a" "finsum (SA m) F A"]
+ using assms(3) by presburger
+ qed
+ show ?thesis using False 0 IH Qp.finsum_insert[of A a "\<lambda>i. F i x"] unfolding F2 1
+ using F0 F1 by blast
+ qed
+ qed
+ thus ?thesis using assms by blast
+qed
+
+lemma(in ring) finsum_ring_hom:
+ assumes "ring S"
+ assumes "h \<in> ring_hom R S"
+ assumes "F \<in> I \<rightarrow> carrier R"
+ assumes "finite I"
+ shows "h (\<Oplus>i\<in>I. F i) = (\<Oplus>\<^bsub>S\<^esub>i\<in>I. h (F i))"
+proof-
+ have "F \<in> I \<rightarrow> carrier R \<longrightarrow> h (\<Oplus>i\<in>I. F i) = (\<Oplus>\<^bsub>S\<^esub>i\<in>I. h (F i))"
+ apply(rule finite.induct[of I])
+ apply (simp add: assms(4))
+ unfolding finsum_empty using assms abelian_monoid.finsum_empty[of S]
+ unfolding ring_def abelian_group_def
+ apply (simp add: \<open>\<And>f. abelian_monoid S \<Longrightarrow> finsum S f {} = \<zero>\<^bsub>S\<^esub>\<close> assms(1) local.ring_axioms ring_hom_zero)
+ proof fix A a assume A: "finite A" " F \<in> A \<rightarrow> carrier R \<longrightarrow> h (finsum R F A) = (\<Oplus>\<^bsub>S\<^esub>i\<in>A. h (F i))"
+ " F \<in> insert a A \<rightarrow> carrier R"
+ then have 0: "F \<in> A \<rightarrow> carrier R "
+ by blast
+ have 1: "h (finsum R F A) = (\<Oplus>\<^bsub>S\<^esub>i\<in>A. h (F i))"
+ using "0" A(2) by linarith
+ have 2: "(finsum R F A) \<in> carrier R"
+ using finsum_closed[of F A] 0 by blast
+ have 3: "(\<Oplus>\<^bsub>S\<^esub>i\<in>A. h (F i)) \<in> carrier S"
+ using assms 1 2 ring_hom_closed
+ by metis
+ have 4: "F a \<in> carrier R" using A by blast
+ have 5: "h (F a) \<in> carrier S"
+ using assms 4
+ by (meson ring_hom_closed)
+ show "h (finsum R F (insert a A)) = (\<Oplus>\<^bsub>S\<^esub>i\<in>insert a A. h (F i))"
+ apply(cases "a \<in> A")
+ using insert_absorb 1
+ apply metis
+ proof- assume C: "a \<notin>A"
+ have 6: "finsum R F (insert a A) = F a \<oplus> finsum R F A"
+ using A finsum_insert[of A a F] C by blast
+ have 7: "(\<Oplus>\<^bsub>S\<^esub>i\<in>insert a A. h (F i)) = h (F a) \<oplus>\<^bsub>S\<^esub> (\<Oplus>\<^bsub>S\<^esub>i\<in>A. h (F i))"
+ apply(rule abelian_monoid.finsum_insert[of S A a "\<lambda>i. h (F i)"])
+ apply (simp add: abelian_group.axioms(1) assms(1) ring.is_abelian_group)
+ apply (simp add: A(1))
+ apply (simp add: C)
+ apply(intro Pi_I ring_hom_closed[of h R S] assms)
+ using 0 A 5 assms by auto
+ thus ?thesis
+ using 0 1 2 3 4 5 6 7 assms ring_hom_add[of h R S "F a" "finsum R F A" ]
+
+ unfolding 1 ring_def abelian_group_def
+ by presburger
+ qed
+ qed
+ thus ?thesis using assms by auto
+qed
+
+lemma SA_poly_to_SA_fun_finsum:
+ assumes "finite I"
+ assumes "F \<in> I \<rightarrow> carrier (UP (SA m))"
+ assumes "f = (\<Oplus>\<^bsub>UP (SA m)\<^esub>i\<in>I. F i)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>Suc m\<^esup>)"
+ shows "SA_poly_to_SA_fun m f x = (\<Oplus>i\<in>I. SA_poly_to_SA_fun m (F i) x)"
+proof-
+ have "SA_poly_to_SA_fun m \<in> ring_hom (UP (SA m)) (SA (Suc m))"
+ using SA_poly_to_SA_fun_ring_hom by blast
+ have f_closed: "f \<in> carrier (UP (SA m))"
+ unfolding assms apply(rule finsum_closed) using assms by blast
+ have 0: "SA_poly_to_SA_fun m f = (\<Oplus>\<^bsub>SA (Suc m)\<^esub>i\<in>I. SA_poly_to_SA_fun m (F i))"
+ unfolding assms
+ apply(rule finsum_ring_hom)
+ apply (simp add: R.is_ring)
+ using \<open>SA_poly_to_SA_fun m \<in> ring_hom (UP (SA m)) (SA (Suc m))\<close> apply blast
+ using assms(2) apply blast
+ by (simp add: assms(1))
+ show ?thesis unfolding 0 apply(rule SA_finsum_eval)
+ using assms apply blast using assms
+ apply (meson Pi_I Pi_mem padic_fields.SA_poly_to_SA_fun_is_SA padic_fields_axioms)
+ using assms by blast
+qed
+
+lemma SA_poly_to_SA_fun_taylor_expansion:
+ assumes "f \<in> carrier (UP (SA m))"
+ assumes "c \<in> carrier (SA m)"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>Suc m\<^esup>)"
+ shows "SA_poly_to_SA_fun m f x = (\<Oplus>i\<in>{..deg (SA m) f}. taylor_expansion (SA m) c f i (tl x) \<otimes> (hd x \<ominus> c (tl x)) [^] i)"
+proof-
+ have 0: "f = (\<Oplus>\<^bsub>UP (SA m)\<^esub>i\<in>{..deg (SA m) f}. UP_cring.taylor_term (SA m) c f i)"
+ using taylor_sum[of f m "deg (SA m) f" c] assms unfolding UPSA.taylor_term_def UPSA.taylor_def
+ by blast
+ have 1: "SA_poly_to_SA_fun m f x = (\<Oplus>i\<in>{..deg (SA m) f}. SA_poly_to_SA_fun m (UP_cring.taylor_term (SA m) c f i) x)"
+ apply(rule SA_poly_to_SA_fun_finsum)
+ apply simp
+ apply (meson Pi_I UPSA.taylor_term_closed assms(1) assms(2))
+ using 0 apply blast
+ using assms by blast
+ have hd_closed: "hd x \<in> carrier Q\<^sub>p"
+ using assms cartesian_power_head by blast
+ have tl_closed: "tl x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using assms cartesian_power_tail by blast
+ obtain t a where ta_def: " x = t#a"
+ using assms cartesian_power_car_memE[of x Q\<^sub>p "Suc m" ]
+ by (metis Suc_length_conv)
+ have 2: "t = hd x"
+ by (simp add: ta_def)
+ have 3: "a = tl x "
+ by (simp add: ta_def)
+ have 4: "\<And>i. SA_poly_to_SA_fun m (UPSA.taylor_term m c f i) x =
+ taylor_expansion Q\<^sub>p (c (tl x)) (SA_poly_to_Qp_poly m (tl x) f) i \<otimes> (lead_coeff x \<ominus> c (tl x)) [^] i"
+ using tl_closed hd_closed assms SA_poly_to_SA_fun_taylor_term[of f m c a t "SA_poly_to_Qp_poly m a f" ]
+ unfolding 2 3 by (metis "2" "3" ta_def)
+ have 5: "SA_poly_to_SA_fun m f x = (\<Oplus>i\<in>{..deg (SA m) f}. (taylor_expansion Q\<^sub>p (c (tl x)) (SA_poly_to_Qp_poly m (tl x) f) i) \<otimes>((hd x) \<ominus> c (tl x))[^]\<^bsub>Q\<^sub>p\<^esub> i)"
+ using 1 2 unfolding 4 by blast
+ have 6: "taylor_expansion Q\<^sub>p (c (tl x)) (SA_poly_to_Qp_poly m (tl x) f) = SA_poly_to_Qp_poly m (tl x) (taylor_expansion (SA m) c f)"
+
+ using SA_poly_to_Qp_poly_taylor_poly[of f m c "tl x"] assms(1) assms(2) tl_closed by presburger
+ have 7: "\<And>i. taylor_expansion Q\<^sub>p (c (tl x)) (SA_poly_to_Qp_poly m (tl x) f) i =
+ taylor_expansion (SA m) c f i (tl x)"
+ unfolding 6 using SA_poly_to_Qp_poly_coeff[of "tl x" m "taylor_expansion (SA m) c f"]
+ by (metis UPSA.taylor_closed UPSA.taylor_def assms(1) assms(2) tl_closed)
+ show ?thesis using 5 unfolding 7 by blast
+qed
+
+lemma SA_deg_one_eval:
+ assumes "g \<in> carrier (UP (SA m))"
+ assumes "deg (SA m) g = 1"
+ assumes "\<xi> \<in> carrier (Fun\<^bsub>m\<^esub> Q\<^sub>p)"
+ assumes "UP_ring.lcf (SA m) g \<in> Units (SA m)"
+ assumes "\<forall>x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). (SA_poly_to_SA_fun m g) (\<xi> x#x) = \<zero>"
+ shows "\<xi> = \<ominus>\<^bsub>SA m\<^esub>(g 0)\<otimes>\<^bsub>SA m\<^esub> (inv\<^bsub>SA m\<^esub> (g 1))"
+proof(rule ext)
+ fix x show " \<xi> x = (\<ominus>\<^bsub>SA m\<^esub> g 0 \<otimes>\<^bsub>SA m\<^esub> inv\<^bsub>SA m\<^esub> g 1) x"
+ proof(cases "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)")
+ case True
+ then have "(SA_poly_to_SA_fun m g) (\<xi> x#x) = \<zero>"
+ using assms by blast
+ then have T0: "SA_poly_to_Qp_poly m x g \<bullet> \<xi> x = \<zero>"
+ using SA_poly_to_SA_fun_formula[of g m x "\<xi> x"] assms
+ Qp.function_ring_car_mem_closed True by metis
+ have "deg Q\<^sub>p (SA_poly_to_Qp_poly m x g) = 1"
+ proof(rule UPQ.deg_eqI)
+ show "SA_poly_to_Qp_poly m x g \<in> carrier (UP Q\<^sub>p)"
+ using assms True SA_poly_to_Qp_poly_closed by blast
+ show "deg Q\<^sub>p (SA_poly_to_Qp_poly m x g) \<le> 1"
+ using SA_poly_to_Qp_poly_deg_bound by (metis True assms(1) assms(2) )
+ show " SA_poly_to_Qp_poly m x g 1 \<noteq> \<zero>"
+ using SA_poly_to_Qp_poly_coeff[of x m g 1] assms SA_Units_memE' True by presburger
+ qed
+ hence T1: "SA_poly_to_Qp_poly m x g \<bullet> \<xi> x = SA_poly_to_Qp_poly m x g 0 \<oplus> SA_poly_to_Qp_poly m x g 1 \<otimes> (\<xi> x)"
+ using UP_cring.deg_one_eval[of Q\<^sub>p _ "\<xi> x"]
+ by (meson Qp.function_ring_car_mem_closed SA_poly_to_Qp_poly_closed True UPQ.deg_one_eval assms)
+ hence T2: "g 0 x \<oplus> g 1 x \<otimes> (\<xi> x) = \<zero>"
+ using True T0 assms SA_poly_to_Qp_poly_coeff[of x m g]
+ by metis
+ have T3: "g 0 x \<in> carrier Q\<^sub>p"
+ using True assms UP_ring.cfs_closed
+ by (metis SA_poly_to_Qp_poly_closed SA_poly_to_Qp_poly_coeff UPQ.is_UP_ring)
+ have T4: "\<xi> x \<in> carrier Q\<^sub>p"
+ using True assms Qp.function_ring_car_memE by blast
+ have T5: "g 1 x \<in> nonzero Q\<^sub>p"
+ using True assms
+ by (metis Qp.function_ring_car_memE SA_Units_closed SA_Units_memE' SA_car_memE(2) not_nonzero_Qp)
+ have T6: "\<ominus> (g 0 x) = g 1 x \<otimes> (\<xi> x)"
+ using T2 T3 T4 T5 by (metis Qp.m_closed Qp.minus_equality Qp.minus_minus Qp.nonzero_closed)
+ hence T7: "\<ominus> (g 0 x) \<otimes> inv (g 1 x)= \<xi> x"
+ using T5 by (metis Qp.inv_cancelR(2) Qp.m_closed Qp.nonzero_closed T4 Units_eq_nonzero)
+ have T8: "(inv\<^bsub>SA m\<^esub> g 1) x = inv (g 1 x)"
+ using assms True Qp_funs_m_inv SA_Units_Qp_funs_Units SA_Units_Qp_funs_inv by presburger
+ have T9: "(\<ominus>\<^bsub>SA m\<^esub> g 0) x = \<ominus> (g 0 x)"
+ using SA_a_inv_eval[of "g 0" m x] UP_ring.cfs_closed[of "SA m" g 0] assms True SA_is_ring
+ unfolding UP_ring_def by blast
+ have T11: "((\<ominus>\<^bsub>SA m\<^esub> g 0) \<otimes>\<^bsub>SA m\<^esub> inv\<^bsub>SA m\<^esub> g 1) x = \<ominus> (g 0 x) \<otimes> inv (g 1 x)"
+ using assms UP_ring.cfs_closed T8 T9 T7 True SA_mult by presburger
+ thus "\<xi> x = (\<ominus>\<^bsub>SA m\<^esub> g 0 \<otimes>\<^bsub>SA m\<^esub> inv\<^bsub>SA m\<^esub> g 1) x"
+ using T7 by blast
+ next
+ case False
+ then show ?thesis
+ using SA_mult' SA_times assms function_ring_not_car by auto
+ qed
+qed
+
+lemma SA_deg_one_eval':
+ assumes "g \<in> carrier (UP (SA m))"
+ assumes "deg (SA m) g = 1"
+ assumes "\<xi> \<in> carrier (Fun\<^bsub>m\<^esub> Q\<^sub>p)"
+ assumes "UP_ring.lcf (SA m) g \<in> Units (SA m)"
+ assumes "\<forall>x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). (SA_poly_to_SA_fun m g) (\<xi> x#x) = \<zero>"
+ shows "\<xi> \<in> carrier (SA m)"
+proof-
+ have 0: "\<xi> = \<ominus>\<^bsub>SA m\<^esub>(g 0)\<otimes>\<^bsub>SA m\<^esub> (inv\<^bsub>SA m\<^esub> (g 1))"
+ using assms SA_deg_one_eval by blast
+ have 1: "(inv\<^bsub>SA m\<^esub> (g 1)) \<in> carrier (SA m)"
+ using assms SA_Units_inv_closed by presburger
+ have "(g 0) \<in> carrier (SA m)"
+ using assms(1) assms(2) UP_ring.cfs_closed[of "SA m" g 0] SA_is_ring[of m ] unfolding UP_ring_def
+ by blast
+ hence 2: "\<ominus>\<^bsub>SA m\<^esub>(g 0) \<in> carrier (SA m)"
+ by (meson SA_is_cring assms(1) cring.cring_simprules(3))
+ show ?thesis
+ using 0 1 2 SA_imp_semialg SA_mult_closed_left assms(1) by blast
+qed
+
+lemma Qp_pow_ConsI:
+ assumes "t \<in> carrier Q\<^sub>p"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ shows "t#x \<in> carrier (Q\<^sub>p\<^bsup>Suc m\<^esup>)"
+ using assms cartesian_power_cons[of x Q\<^sub>p m t] Suc_eq_plus1 by presburger
+
+lemma Qp_pow_ConsE:
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>Suc m\<^esup>)"
+ shows "tl x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ "hd x \<in> carrier Q\<^sub>p"
+ using assms cartesian_power_tail apply blast
+ using assms cartesian_power_head by blast
+
+lemma(in ring) add_monoid_one:
+"\<one>\<^bsub>add_monoid R\<^esub> = \<zero>"
+ by (metis add.generate_empty add.group_l_invI add.l_inv_ex empty_iff group.generate_empty insert_iff)
+
+lemma(in ring) add_monoid_carrier:
+"carrier (add_monoid R) = carrier R"
+ unfolding Congruence.partial_object.simps(1)
+ by simp
+
+lemma(in ring) finsum_mono_neutral_cong:
+ assumes "F \<in> I \<rightarrow> carrier R"
+ assumes "finite I"
+ assumes "\<And>i. i \<notin> J \<Longrightarrow> F i = \<zero>"
+ assumes "J \<subseteq> I"
+ shows "finsum R F I = finsum R F J"
+ unfolding finsum_def apply(rule comm_monoid.finprod_mono_neutral_cong)
+ using local.add.comm_monoid_axioms apply blast
+ using assms(2) assms(4) rev_finite_subset apply blast
+ apply (simp add: assms(2))
+ using assms(4) apply blast
+ unfolding add_monoid_one using assms apply blast
+ apply blast
+ using add_monoid_carrier assms(1) apply blast
+ using add_monoid_carrier assms by blast
+
+text\<open>
+ This lemma helps to formalize statements like "by passing to a partition, we can assume the
+ Taylor coefficients are either always zero or never zero"\<close>
+
+lemma SA_poly_to_SA_fun_taylor_on_refined_set:
+ assumes "f \<in> carrier (UP (SA m))"
+ assumes "c \<in> carrier (SA m)"
+ assumes "is_semialgebraic m A"
+ assumes "\<And>i. A \<subseteq> SA_zero_set m (taylor_expansion (SA m) c f i) \<or> A \<subseteq> SA_nonzero_set m (taylor_expansion (SA m) c f i)"
+ assumes "a = to_fun_unit m \<circ> taylor_expansion (SA m) c f"
+ assumes "inds = {i. i \<le> deg (SA m) f \<and> A \<subseteq> SA_nonzero_set m (taylor_expansion (SA m) c f i)}"
+ assumes "x \<in> A"
+ assumes "t \<in> carrier Q\<^sub>p"
+ shows "SA_poly_to_SA_fun m f (t#x) = (\<Oplus>i\<in>inds. (a i x)\<otimes>(t \<ominus> c x)[^]i)"
+proof-
+ have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using assms(3) assms(7)
+ by (metis (no_types, lifting) Diff_eq_empty_iff Diff_iff empty_iff is_semialgebraic_closed)
+ have tx_closed: "t#x \<in> carrier (Q\<^sub>p\<^bsup>Suc m\<^esup>)"
+ using x_closed assms(8) cartesian_power_cons[of x Q\<^sub>p m t] Qp_pow_ConsI by blast
+ have "SA_poly_to_SA_fun m f (t # x) =
+ (\<Oplus>i\<in>{..deg (SA m) f}. taylor_expansion (SA m) c f i (tl (t # x)) \<otimes> (hd (t # x) \<ominus> c (tl (t # x))) [^] i)"
+ using tx_closed assms SA_poly_to_SA_fun_taylor_expansion[of f m c "t#x"]
+ by linarith
+ then have 0: "SA_poly_to_SA_fun m f (t#x) = (\<Oplus>i\<in>{..deg (SA m) f}. taylor_expansion (SA m) c f i x \<otimes> (t \<ominus> c x) [^] i)"
+ unfolding list_tl list_hd by blast
+ have 1: "\<And>i. i \<notin> inds \<Longrightarrow> taylor_expansion (SA m) c f i x = \<zero>"
+ proof- fix i assume A: "i \<notin> inds"
+ show "taylor_expansion (SA m) c f i x = \<zero>"
+ proof(cases "i \<le> deg (SA m) f")
+ case True
+ then have "A \<subseteq> {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). taylor_expansion (SA m) c f i x = \<zero>}"
+ using A assms(8) assms(4)[of i] unfolding assms mem_Collect_eq SA_zero_set_def
+ by linarith
+ thus ?thesis using x_closed assms by blast
+ next
+ case False
+ then have "taylor_expansion (SA m) c f i = \<zero>\<^bsub>SA m\<^esub>"
+ using assms taylor_deg[of c m f] unfolding UPSA.taylor_def
+ by (metis (no_types, lifting) UPSA.taylor_closed UPSA.taylor_def UPSA.deg_eqI nat_le_linear)
+ then show ?thesis
+ using x_closed SA_car_memE SA_zeroE by presburger
+ qed
+ qed
+ hence 2: "\<And>i. i \<notin> inds \<Longrightarrow> taylor_expansion (SA m) c f i x \<otimes> (t \<ominus> c x) [^] i = \<zero>"
+ using assms x_closed SA_car_memE
+ by (metis (no_types, lifting) Qp.cring_simprules(26) Qp.function_ring_car_memE Qp.minus_closed Qp.nat_pow_closed)
+ have 3: "(\<lambda>i. taylor_expansion (SA m) c f i x \<otimes> (t \<ominus> c x) [^] i) \<in> {..deg (SA m) f} \<rightarrow> carrier Q\<^sub>p"
+ proof fix i assume A: "i \<in> {..deg (SA m) f}"
+ have 30: "taylor_expansion (SA m) c f i \<in> carrier (SA m)"
+ using assms UPSA.taylor_closed[of f m c] unfolding UPSA.taylor_def
+ using UPSA.UP_car_memE(1) by blast
+ hence 31: "taylor_expansion (SA m) c f i x \<in> carrier Q\<^sub>p"
+ using x_closed function_ring_car_closed SA_car_memE(2) by blast
+ have 32: "c x \<in> carrier Q\<^sub>p"
+ using assms x_closed SA_car_memE(3) by blast
+ hence 33: "(t \<ominus> c x)[^] i \<in> carrier Q\<^sub>p"
+ using assms by blast
+ show "taylor_expansion (SA m) c f i x \<otimes> (t \<ominus> c x) [^] i \<in> carrier Q\<^sub>p"
+ using 30 31 32 33 by blast
+ qed
+ have 4: "SA_poly_to_SA_fun m f (t#x) = (\<Oplus>i\<in>inds. taylor_expansion (SA m) c f i x \<otimes> (t \<ominus> c x) [^] i)"
+ unfolding 0 apply(rule Qp.finsum_mono_neutral_cong)
+ using assms UPSA.taylor_closed[of f m c] unfolding UPSA.taylor_def
+ using "3" apply blast
+ apply blast
+ using 2 apply blast
+ unfolding assms by blast
+ have A: "\<And>i. i \<in> inds \<Longrightarrow> a i x = taylor_expansion (SA m) c f i x"
+ unfolding assms mem_Collect_eq SA_nonzero_set_def comp_apply
+ apply(rule to_fun_unit_eq[of _ m x])
+ using UPSA.taylor_closed[of f m c] assms unfolding UPSA.taylor_def
+ using UPSA.UP_car_memE(1) apply blast
+ using x_closed apply blast
+ using assms(7) by blast
+ have a_closed: "a \<in> UNIV \<rightarrow> carrier (SA m)"
+ apply(rule Pi_I) unfolding assms comp_apply apply(rule to_fun_unit_closed[of _ m])
+ apply(rule cfs_closed) using assms UPSA.taylor_closed[of f m c] unfolding UPSA.taylor_def by blast
+ have 5: "(\<lambda>i. a i x \<otimes> (t \<ominus> c x) [^] i) \<in> inds \<rightarrow> carrier Q\<^sub>p"
+ proof fix i assume A: "i \<in> inds"
+ show "a i x \<otimes> (t \<ominus> c x) [^] i \<in> carrier Q\<^sub>p"
+ using assms(8) x_closed a_closed SA_car_memE(3)[of c m] SA_car_memE(3)[of "a i" m]
+ assms(2) by blast
+ qed
+ have 6: "\<And>i. i \<in> inds \<Longrightarrow> taylor_expansion (SA m) c f i x \<otimes> (t \<ominus> c x) [^] i = a i x \<otimes> (t \<ominus> c x) [^] i"
+ unfolding A by blast
+ show ?thesis
+ unfolding 4 apply(rule Qp.finsum_cong') apply blast
+ using 5 apply blast
+ using 6 by blast
+qed
+
+lemma SA_poly_to_Qp_poly_taylor_cfs:
+ assumes "f \<in> carrier (UP (SA m))"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ assumes "c \<in> carrier (SA m)"
+ shows "taylor_expansion (SA m) c f i x =
+ taylor_expansion Q\<^sub>p (c x) (SA_poly_to_Qp_poly m x f) i"
+proof-
+ have 0: "SA_poly_to_Qp_poly m x (taylor_expansion (SA m) c f) =
+ taylor_expansion Q\<^sub>p (c x) (SA_poly_to_Qp_poly m x f)"
+ using SA_poly_to_Qp_poly_taylor_poly[of f m c x] assms by blast
+ hence 1: "SA_poly_to_Qp_poly m x (taylor_expansion (SA m) c f) i =
+ taylor_expansion Q\<^sub>p (c x) (SA_poly_to_Qp_poly m x f) i"
+ by presburger
+ thus ?thesis
+ using assms SA_poly_to_Qp_poly_coeff[of x m "taylor_expansion (SA m) c f" i]
+ UPSA.taylor_closed[of f m c] unfolding UPSA.taylor_def assms by blast
+qed
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Common Morphisms on Polynomial Rings\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+text\<open>Evaluation homomorphism from multivariable polynomials to semialgebraic functions\<close>
+
+definition Qp_ev_hom where
+"Qp_ev_hom n P = restrict (Qp_ev P) (carrier (Q\<^sub>p\<^bsup>n\<^esup>))"
+
+lemma Qp_ev_hom_ev:
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ shows "Qp_ev_hom n P a = Qp_ev P a"
+ using assms unfolding Qp_ev_hom_def
+ by (meson restrict_apply')
+
+lemma Qp_ev_hom_closed:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "Qp_ev_hom n f \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>) \<rightarrow> carrier Q\<^sub>p"
+ using Qp_ev_hom_ev assms by (metis Pi_I eval_at_point_closed)
+
+lemma Qp_ev_hom_is_semialg_function:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "is_semialg_function n (Qp_ev_hom n f)"
+ unfolding Qp_ev_hom_def
+ using assms poly_is_semialg[of f] restrict_is_semialg by blast
+
+lemma Qp_ev_hom_closed':
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "Qp_ev_hom n f \<in> carrier (Fun\<^bsub>n\<^esub> Q\<^sub>p)"
+ apply(rule Qp.function_ring_car_memI)
+ using Qp_ev_hom_closed[of f n] assms apply blast
+ unfolding Qp_ev_hom_def using assms by (meson restrict_apply)
+
+lemma Qp_ev_hom_in_SA:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "Qp_ev_hom n f \<in> carrier (SA n)"
+ apply(rule SA_car_memI)
+ using Qp_ev_hom_closed' assms(1) apply blast
+ using Qp_ev_hom_is_semialg_function assms(1) by blast
+
+lemma Qp_ev_hom_add:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "Qp_ev_hom n (f \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> g) = (Qp_ev_hom n f) \<oplus>\<^bsub>SA n\<^esub> (Qp_ev_hom n g)"
+ apply(rule function_ring_car_eqI[of _ n])
+ using assms MP.add.m_closed Qp_ev_hom_closed' apply blast
+ using assms Qp_ev_hom_closed' fun_add_closed SA_plus apply presburger
+proof- fix a assume A: "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ have " Qp_ev_hom n (f \<oplus>\<^bsub>Q\<^sub>p [\<X>\<^bsub>n\<^esub>]\<^esub> g) a = Qp_ev_hom n f a \<oplus> Qp_ev_hom n g a"
+ using A Qp_ev_hom_ev assms eval_at_point_add by presburger
+ then show "Qp_ev_hom n (f \<oplus>\<^bsub>Q\<^sub>p [\<X>\<^bsub>n\<^esub>]\<^esub> g) a = (Qp_ev_hom n f \<oplus>\<^bsub>SA n\<^esub> Qp_ev_hom n g) a"
+ using A SA_add by blast
+qed
+
+lemma Qp_ev_hom_mult:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ assumes "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])"
+ shows "Qp_ev_hom n (f \<otimes>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> g) = (Qp_ev_hom n f) \<otimes>\<^bsub>SA n\<^esub> (Qp_ev_hom n g)"
+ apply(rule function_ring_car_eqI[of _ n])
+ using assms MP.m_closed Qp_ev_hom_closed' apply blast
+ using assms Qp_ev_hom_closed' fun_mult_closed SA_mult
+ apply (meson Qp_ev_hom_in_SA SA_car_memE(2) SA_imp_semialg SA_mult_closed)
+proof- fix a assume A: "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ have " Qp_ev_hom n (f \<otimes>\<^bsub>Q\<^sub>p [\<X>\<^bsub>n\<^esub>]\<^esub> g) a = Qp_ev_hom n f a \<otimes> Qp_ev_hom n g a"
+ using A Qp_ev_hom_ev assms eval_at_point_mult by presburger
+ then show "Qp_ev_hom n (f \<otimes>\<^bsub>Q\<^sub>p [\<X>\<^bsub>n\<^esub>]\<^esub> g) a = (Qp_ev_hom n f \<otimes>\<^bsub>SA n\<^esub> Qp_ev_hom n g) a"
+ using A SA_mult by blast
+qed
+
+lemma Qp_ev_hom_one:
+ shows "Qp_ev_hom n \<one>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> = \<one>\<^bsub>SA n\<^esub>"
+ apply(rule function_ring_car_eqI[of _ n])
+ using Qp_ev_hom_closed' apply blast
+ using function_one_closed SA_one apply presburger
+ unfolding Qp_ev_hom_def
+ using function_one_eval Qp_ev_hom_def Qp_ev_hom_ev Qp_ev_one SA_one by presburger
+
+lemma Qp_ev_hom_is_hom:
+ shows "Qp_ev_hom n \<in> ring_hom (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) (SA n)"
+ apply(rule ring_hom_memI)
+ using Qp_ev_hom_in_SA apply blast
+ using Qp_ev_hom_mult apply blast
+ using Qp_ev_hom_add apply blast
+ using Qp_ev_hom_one by blast
+
+lemma Qp_ev_hom_constant:
+ assumes "c \<in> carrier Q\<^sub>p"
+ shows "Qp_ev_hom n (Qp.indexed_const c) = \<cc>\<^bsub>n\<^esub> c"
+ apply(rule function_ring_car_eqI[of _ n])
+ using Qp_ev_hom_closed' Qp_to_IP_car assms(1) apply blast
+ using constant_function_closed assms apply blast
+ by (metis Qp_constE Qp_ev_hom_ev assms eval_at_point_const)
+
+notation Qp.variable ("\<vv>\<^bsub>_, _\<^esub>")
+
+lemma Qp_ev_hom_pvar:
+ assumes "i < n"
+ shows "Qp_ev_hom n (pvar Q\<^sub>p i) = \<vv>\<^bsub>n, i\<^esub>"
+ apply(rule function_ring_car_eqI[of _ n])
+ using assms Qp_ev_hom_closed' local.pvar_closed apply blast
+ using Qp.var_in_car assms apply blast
+ unfolding Qp_ev_hom_def var_def using assms eval_pvar
+ by (metis (no_types, lifting) restrict_apply)
+
+definition ext_hd where
+"ext_hd m = (\<lambda> x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). hd x)"
+
+lemma hd_zeroth:
+"length x > 0 \<Longrightarrow> x!0 = hd x"
+ apply(induction x)
+ apply simp
+ by simp
+
+lemma ext_hd_pvar:
+ assumes "m > 0"
+ shows "ext_hd m = (\<lambda>x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). eval_at_point Q\<^sub>p x (pvar Q\<^sub>p 0) )"
+ unfolding ext_hd_def restrict_def using assms eval_pvar[of 0 m]
+ using hd_zeroth
+ by (metis (no_types, opaque_lifting) cartesian_power_car_memE)
+
+lemma ext_hd_closed:
+ assumes "m > 0"
+ shows "ext_hd m \<in> carrier (SA m)"
+ using ext_hd_pvar[of m] assms pvar_closed[of 0 m] Qp_ev_hom_def Qp_ev_hom_in_SA by presburger
+
+lemma UP_Qp_poly_to_UP_SA_is_hom:
+ shows "poly_lift_hom (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) (SA n) (Qp_ev_hom n) \<in> ring_hom (UP (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])) (UP (SA n))"
+ using UP_cring.poly_lift_hom_is_hom[of "Q\<^sub>p[\<X>\<^bsub>n\<^esub>]" "SA n" "Qp_ev_hom n"]
+ unfolding UP_cring_def
+ using Qp_ev_hom_is_hom SA_is_cring coord_cring_cring by blast
+
+definition coord_ring_to_UP_SA where
+"coord_ring_to_UP_SA n = poly_lift_hom (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) (SA n) (Qp_ev_hom n) \<circ> to_univ_poly (Suc n) 0"
+
+lemma coord_ring_to_UP_SA_is_hom:
+ shows "coord_ring_to_UP_SA n \<in> ring_hom (Q\<^sub>p[\<X>\<^bsub>Suc n\<^esub>]) (UP (SA n))"
+ unfolding coord_ring_to_UP_SA_def
+ using UP_Qp_poly_to_UP_SA_is_hom[of n] to_univ_poly_is_hom[of 0 "n"] ring_hom_trans
+ by blast
+
+lemma coord_ring_to_UP_SA_add:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>Suc n\<^esub>])"
+ assumes "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>Suc n\<^esub>])"
+ shows "coord_ring_to_UP_SA n (f \<oplus>\<^bsub>Q\<^sub>p[\<X>\<^bsub>Suc n\<^esub>]\<^esub>g) = coord_ring_to_UP_SA n f \<oplus>\<^bsub>UP (SA n)\<^esub> coord_ring_to_UP_SA n g"
+ using assms coord_ring_to_UP_SA_is_hom ring_hom_add
+ by (metis (mono_tags, opaque_lifting))
+
+lemma coord_ring_to_UP_SA_mult:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>Suc n\<^esub>])"
+ assumes "g \<in> carrier (Q\<^sub>p[\<X>\<^bsub>Suc n\<^esub>])"
+ shows "coord_ring_to_UP_SA n (f \<otimes>\<^bsub>Q\<^sub>p[\<X>\<^bsub>Suc n\<^esub>]\<^esub>g) = coord_ring_to_UP_SA n f \<otimes>\<^bsub>UP (SA n)\<^esub> coord_ring_to_UP_SA n g"
+ using assms coord_ring_to_UP_SA_is_hom ring_hom_mult
+ by (metis (no_types, opaque_lifting))
+
+lemma coord_ring_to_UP_SA_one:
+ shows "coord_ring_to_UP_SA n \<one>\<^bsub>Q\<^sub>p[\<X>\<^bsub>Suc n\<^esub>]\<^esub> = \<one>\<^bsub>UP (SA n)\<^esub>"
+ using coord_ring_to_UP_SA_is_hom ring_hom_one
+ by blast
+
+lemma coord_ring_to_UP_SA_closed:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>Suc n\<^esub>])"
+ shows "coord_ring_to_UP_SA n f \<in> carrier (UP (SA n))"
+ using assms coord_ring_to_UP_SA_is_hom ring_hom_closed
+ by (metis (no_types, opaque_lifting))
+
+lemma coord_ring_to_UP_SA_constant:
+ assumes "c \<in> carrier Q\<^sub>p"
+ shows "coord_ring_to_UP_SA n (Qp.indexed_const c) = to_polynomial (SA n) (\<cc>\<^bsub>n\<^esub> c)"
+proof-
+ have 0: "pre_to_univ_poly (Suc n) 0 (Qp.indexed_const c) = ring.indexed_const (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) (Qp.indexed_const c)"
+ unfolding to_univ_poly_def
+ using pre_to_univ_poly_is_hom(5)[of 0 "Suc n" "pre_to_univ_poly (Suc n) 0" c] assms unfolding coord_ring_def
+ using diff_Suc_1 zero_less_Suc by presburger
+ hence 1: "to_univ_poly (Suc n) 0 (Qp.indexed_const c) = to_polynomial (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) (Qp.indexed_const c) "
+ unfolding to_univ_poly_def
+ using UP_cring.IP_to_UP_indexed_const[of "Q\<^sub>p[\<X>\<^bsub>n\<^esub>]" "Qp.indexed_const c" "0::nat"] assms
+ comp_apply[of "IP_to_UP (0::nat)" "pre_to_univ_poly (Suc n) (0::nat)" "Qp.indexed_const c"]
+ unfolding UP_cring_def using Qp_to_IP_car coord_cring_cring by presburger
+ have 2: "Qp_ev_hom n (Qp.indexed_const c) = \<cc>\<^bsub>n\<^esub> c"
+ using Qp_ev_hom_constant[of c n] assms by blast
+ have 3: "poly_lift_hom (Q\<^sub>p [\<X>\<^bsub>n\<^esub>]) (SA n) (Qp_ev_hom n) (to_polynomial (Q\<^sub>p [\<X>\<^bsub>n\<^esub>]) (Qp.indexed_const c)) = to_polynomial (SA n) (Qp_ev_hom n (Qp.indexed_const c))"
+ using UP_cring.poly_lift_hom_extends_hom[of "Q\<^sub>p[\<X>\<^bsub>n\<^esub>]" "SA n" "Qp_ev_hom n" "Qp.indexed_const c"]
+ unfolding UP_cring_def coord_ring_def coord_ring_to_UP_SA_def
+ by (metis Qp_ev_hom_is_hom Qp_to_IP_car SA_is_cring assms(1) coord_cring_cring coord_ring_def)
+ hence 4: "poly_lift_hom (Q\<^sub>p [\<X>\<^bsub>n\<^esub>]) (SA n) (Qp_ev_hom n) (to_univ_poly (Suc n) 0 (Qp.indexed_const c) ) = to_polynomial (SA n) (\<cc>\<^bsub>n\<^esub> c)"
+ using "1" "2" by presburger
+ show ?thesis
+ using assms 4 Qp.indexed_const_closed[of c "{..<n}"]
+ comp_apply[of "poly_lift_hom (Pring Q\<^sub>p {..<n}) (SA n) (Qp_ev_hom n)" "to_univ_poly (Suc n) 0" "Qp.indexed_const c"]
+ unfolding coord_ring_to_UP_SA_def
+ by (metis coord_ring_def)
+qed
+
+lemma coord_ring_to_UP_SA_pvar_0:
+ shows "coord_ring_to_UP_SA n (pvar Q\<^sub>p 0) = up_ring.monom (UP (SA n)) \<one>\<^bsub>SA n\<^esub> 1"
+proof-
+ have 0: "pre_to_univ_poly (Suc n) 0 (pvar Q\<^sub>p 0) = pvar (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) 0"
+ using pre_to_univ_poly_is_hom(3)[of 0 "Suc n" "pre_to_univ_poly (Suc n) 0"] diff_Suc_1 zero_less_Suc
+ by presburger
+ have 1: "IP_to_UP (0::nat) (pvar (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) 0) = up_ring.monom (UP (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])) \<one>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> 1"
+ using cring.IP_to_UP_var[of "Q\<^sub>p[\<X>\<^bsub>n\<^esub>]" "0::nat"] unfolding X_poly_def var_to_IP_def
+ using coord_cring_cring by blast
+ have 2: "to_univ_poly (Suc n) 0 (pvar Q\<^sub>p 0) = up_ring.monom (UP (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])) \<one>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> 1"
+ unfolding to_univ_poly_def using 0 1 comp_apply
+ by metis
+ have 3: "poly_lift_hom (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) (SA n) (Qp_ev_hom n) (up_ring.monom (UP (Q\<^sub>p[\<X>\<^bsub>n\<^esub>])) \<one>\<^bsub>Q\<^sub>p[\<X>\<^bsub>n\<^esub>]\<^esub> 1)
+ = up_ring.monom (UP (SA n)) \<one>\<^bsub>SA n\<^esub> 1"
+ using UP_cring.poly_lift_hom_monom[of "Q\<^sub>p[\<X>\<^bsub>n\<^esub>]" "SA n" "Qp_ev_hom n"]
+ unfolding UP_cring_def
+ using MP.one_closed Qp_ev_hom_is_hom Qp_ev_hom_one SA_is_cring coord_cring_cring by presburger
+ thus ?thesis unfolding coord_ring_to_UP_SA_def
+ using 2 3 comp_apply
+ by metis
+qed
+
+lemma coord_ring_to_UP_SA_pvar_Suc:
+ assumes "i > 0"
+ assumes "i < Suc n"
+ shows "coord_ring_to_UP_SA n (pvar Q\<^sub>p i) = to_polynomial (SA n) (\<vv>\<^bsub>n, i-1\<^esub>)"
+proof-
+ have 0: "pre_to_univ_poly (Suc n) 0 (pvar Q\<^sub>p i) = ring.indexed_const (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) (pvar Q\<^sub>p (i-1))"
+ using pre_to_univ_poly_is_hom(4)[of 0 "Suc n" "pre_to_univ_poly (Suc n) 0" i] diff_Suc_1 zero_less_Suc
+ assms
+ unfolding coord_ring_def by presburger
+ have 1: "IP_to_UP (0::nat) (ring.indexed_const (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) (pvar Q\<^sub>p (i-1))) = to_polynomial (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) (pvar Q\<^sub>p (i-1))"
+ using UP_cring.IP_to_UP_indexed_const[of "Q\<^sub>p[\<X>\<^bsub>n\<^esub>]" "pvar Q\<^sub>p (i-1)" "0::nat"] coord_cring_cring
+ unfolding UP_cring_def
+ by (metis assms diff_less less_Suc_eq less_imp_diff_less less_numeral_extra(1) local.pvar_closed)
+ have 2: "to_univ_poly (Suc n) 0 (pvar Q\<^sub>p i) = to_polynomial (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) (pvar Q\<^sub>p (i-1))"
+ unfolding to_univ_poly_def using 0 1 comp_apply
+ by metis
+ have 3: "poly_lift_hom (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) (SA n) (Qp_ev_hom n) (to_polynomial (Q\<^sub>p[\<X>\<^bsub>n\<^esub>]) (pvar Q\<^sub>p (i-1)))
+ = to_polynomial (SA n) (\<vv>\<^bsub>n, (i-1)\<^esub>)"
+ using UP_cring.poly_lift_hom_extends_hom[of "Q\<^sub>p[\<X>\<^bsub>n\<^esub>]" "SA n" "Qp_ev_hom n" "pvar Q\<^sub>p (i-1)"]
+ unfolding UP_cring_def
+ by (metis (no_types, lifting) Qp_ev_hom_is_hom Qp_ev_hom_pvar SA_is_cring Suc_diff_1
+ Suc_less_eq assms coord_cring_cring local.pvar_closed)
+ thus ?thesis unfolding coord_ring_to_UP_SA_def
+ using 2 3 assms comp_apply
+ by metis
+qed
+
+lemma coord_ring_to_UP_SA_eval:
+ assumes "f \<in> carrier (Q\<^sub>p[\<X>\<^bsub>Suc n\<^esub>])"
+ assumes "a \<in> carrier (Q\<^sub>p\<^bsup>n\<^esup>)"
+ assumes "t \<in> carrier Q\<^sub>p"
+ shows "Qp_ev f (t#a) = ((SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n f))) \<bullet> t"
+proof(rule coord_ring_car_induct[of f "Suc n"])
+ have ta_closed: "t # a \<in> carrier (Q\<^sub>p\<^bsup>Suc n\<^esup>)"
+ using assms cartesian_power_cons by (metis Suc_eq_plus1)
+ show "f \<in> carrier (Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>])"
+ by (simp add: assms)
+ show "\<And>c. c \<in> carrier Q\<^sub>p \<Longrightarrow> eval_at_point Q\<^sub>p (t # a) (Qp.indexed_const c) = SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n (Qp.indexed_const c)) \<bullet> t"
+ proof- fix c assume A: "c \<in> carrier Q\<^sub>p"
+ have 0: "eval_at_point Q\<^sub>p (t # a) (Qp.indexed_const c) = c"
+ using A eval_at_point_const ta_closed by blast
+ have 1: "SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n (Qp.indexed_const c)) = to_polynomial Q\<^sub>p c"
+ using coord_ring_to_UP_SA_constant[of c n] A Qp_constE SA_car
+ SA_poly_to_Qp_poly_extends_apply assms constant_function_in_semialg_functions
+ by presburger
+ show "eval_at_point Q\<^sub>p (t # a) (Qp.indexed_const c) = SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n (Qp.indexed_const c)) \<bullet> t"
+ using 0 1 A UPQ.to_fun_to_poly assms by presburger
+ qed
+ show " \<And>p q. p \<in> carrier (Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]) \<Longrightarrow>
+ q \<in> carrier (Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]) \<Longrightarrow>
+ eval_at_point Q\<^sub>p (t # a) p = SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n p) \<bullet> t \<Longrightarrow>
+ eval_at_point Q\<^sub>p (t # a) q = SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n q) \<bullet> t \<Longrightarrow>
+ eval_at_point Q\<^sub>p (t # a) (p \<oplus>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> q) = SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n (p \<oplus>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> q)) \<bullet> t"
+ proof- fix p q assume A: "p \<in> carrier (Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>])" "q \<in> carrier (Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>])"
+ "eval_at_point Q\<^sub>p (t # a) p = SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n p) \<bullet> t"
+ "eval_at_point Q\<^sub>p (t # a) q = SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n q) \<bullet> t"
+ have 0: "eval_at_point Q\<^sub>p (t # a) (p \<oplus>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> q) = eval_at_point Q\<^sub>p (t # a) p \<oplus> eval_at_point Q\<^sub>p (t # a) q"
+ using A(1) A(2) eval_at_point_add ta_closed by blast
+ have 1: "SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n (p \<oplus>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> q))=
+ SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n p) \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n q)"
+ using coord_ring_to_UP_SA_add[of ] assms coord_ring_to_UP_SA_closed A
+ SA_poly_to_Qp_poly_add[of a n "coord_ring_to_UP_SA n p" "coord_ring_to_UP_SA n q"]
+ by presburger
+ show "eval_at_point Q\<^sub>p (t # a) (p \<oplus>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> q) = SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n (p \<oplus>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> q)) \<bullet> t"
+ using 0 1 assms SA_poly_to_Qp_poly_closed[of a n] SA_poly_to_Qp_poly_closed A(1) A(2) A(3) A(4) UPQ.to_fun_plus coord_ring_to_UP_SA_closed
+ by presburger
+ qed
+ show "\<And>p i. p \<in> carrier (Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]) \<Longrightarrow>
+ i < Suc n \<Longrightarrow>
+ eval_at_point Q\<^sub>p (t # a) p = SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n p) \<bullet> t \<Longrightarrow>
+ eval_at_point Q\<^sub>p (t # a) (p \<otimes>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> pvar Q\<^sub>p i) = SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n (p \<otimes>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> pvar Q\<^sub>p i)) \<bullet> t"
+ proof- fix p i assume A: "p \<in> carrier (Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>])" "i < Suc n"
+ "eval_at_point Q\<^sub>p (t # a) p = SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n p) \<bullet> t"
+ show " eval_at_point Q\<^sub>p (t # a) (p \<otimes>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> pvar Q\<^sub>p i) = SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n (p \<otimes>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> pvar Q\<^sub>p i)) \<bullet> t"
+ proof-
+ have 0: "eval_at_point Q\<^sub>p (t # a) (p \<otimes>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> pvar Q\<^sub>p i) = eval_at_point Q\<^sub>p (t # a) p \<otimes> eval_at_point Q\<^sub>p (t # a) (pvar Q\<^sub>p i)"
+ using A(1) A(2) eval_at_point_mult local.pvar_closed ta_closed by blast
+ have 1: "coord_ring_to_UP_SA n (p \<otimes>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> pvar Q\<^sub>p i) = coord_ring_to_UP_SA n p \<otimes>\<^bsub>UP (SA n)\<^esub> coord_ring_to_UP_SA n (pvar Q\<^sub>p i)"
+ using A(1) A(2) assms(1) coord_ring_to_UP_SA_mult local.pvar_closed by blast
+ hence 2: "SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n (p \<otimes>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> pvar Q\<^sub>p i)) =
+ SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n p) \<otimes>\<^bsub>UP Q\<^sub>p\<^esub>SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n (pvar Q\<^sub>p i))"
+ using SA_poly_to_Qp_poly_mult coord_ring_to_UP_SA_closed A(1) A(2) assms local.pvar_closed
+ by presburger
+ show "eval_at_point Q\<^sub>p (t # a) (p \<otimes>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> pvar Q\<^sub>p i) = SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n (p \<otimes>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> pvar Q\<^sub>p i)) \<bullet> t"
+ proof(cases "i = 0")
+ case True
+ have T0: "SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n (p \<otimes>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> pvar Q\<^sub>p i)) =
+ SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n p) \<otimes>\<^bsub>UP Q\<^sub>p\<^esub> up_ring.monom (UP Q\<^sub>p) \<one> 1"
+ using True coord_ring_to_UP_SA_pvar_0 SA_poly_to_Qp_poly_monom
+ by (metis "2" function_one_eval Qp.one_closed SA_car SA_one assms constant_function_in_semialg_functions function_one_as_constant)
+ have T1: "eval_at_point Q\<^sub>p (t # a) (p \<otimes>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> pvar Q\<^sub>p i) = eval_at_point Q\<^sub>p (t # a) p \<otimes> t"
+ using 0 True ta_closed eval_pvar[of 0 "Suc n" "t#a"]
+ by (metis A(2) nth_Cons_0)
+ then show ?thesis
+ using T0 A SA_poly_to_Qp_poly_closed[of a n "coord_ring_to_UP_SA n p"] UPQ.to_fun_X[of t] to_fun_mult
+ coord_ring_to_UP_SA_closed[of ] UPQ.X_closed[of ] unfolding X_poly_def
+ using assms UPQ.to_fun_mult by presburger
+ next
+ case False
+ have "\<vv>\<^bsub>n, i - 1\<^esub> a = a!(i-1)"
+ by (metis A(2) False Qp.varE Suc_diff_1 Suc_less_eq assms less_Suc_eq_0_disj)
+ hence F0: "SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n (p \<otimes>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> pvar Q\<^sub>p i)) =
+ SA_poly_to_Qp_poly n a (coord_ring_to_UP_SA n p) \<otimes>\<^bsub>UP Q\<^sub>p\<^esub> to_polynomial Q\<^sub>p (a!(i-1))"
+ using False coord_ring_to_UP_SA_pvar_Suc[of i n] SA_poly_to_Qp_poly_extends_apply[of a n "\<vv>\<^bsub>n, i - 1\<^esub>"]
+ by (metis (no_types, lifting) "2" A(2) Qp_ev_hom_in_SA Qp_ev_hom_pvar Suc_diff_1 Suc_less_eq assms local.pvar_closed neq0_conv)
+ have F1: "eval_at_point Q\<^sub>p (t # a) (p \<otimes>\<^bsub>Q\<^sub>p [\<X>\<^bsub>Suc n\<^esub>]\<^esub> pvar Q\<^sub>p i) = eval_at_point Q\<^sub>p (t # a) p \<otimes> (a!(i-1))"
+ using 0 False ta_closed eval_pvar[of i "Suc n" "t#a"]
+ by (metis A(2) nth_Cons')
+ then show ?thesis
+ using F0 A SA_poly_to_Qp_poly_closed[of a n "coord_ring_to_UP_SA n p"] to_fun_mult
+ coord_ring_to_UP_SA_closed[of p n] False UPQ.to_fun_to_poly UPQ.to_poly_closed assms
+ eval_at_point_closed eval_pvar local.pvar_closed neq0_conv nth_Cons_pos ta_closed
+ by (metis (no_types, lifting) UPQ.to_fun_mult)
+ qed
+ qed
+ qed
+qed
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Gluing Semialgebraic Polynomials\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+definition SA_poly_glue where
+"SA_poly_glue m S f g = (\<lambda> n. fun_glue m S (f n) (g n))"
+
+lemma SA_poly_glue_closed:
+ assumes "f \<in> carrier (UP (SA m))"
+ assumes "g \<in> carrier (UP (SA m))"
+ assumes "is_semialgebraic m S"
+ shows "SA_poly_glue m S f g \<in> carrier (UP (SA m))"
+proof(rule UP_car_memI[of "max (deg (SA m) f) (deg (SA m) g)"])
+ fix n assume A: "max (deg (SA m) f) (deg (SA m) g) < n" show "SA_poly_glue m S f g n = \<zero>\<^bsub>SA m\<^esub>"
+ unfolding SA_poly_glue_def
+ proof-
+ have 0: "n > (deg (SA m) f)"
+ using A by simp
+ have 1: "n > (deg (SA m) g)"
+ using A by simp
+ have 2: "f n = \<zero>\<^bsub>SA m\<^esub>"
+ using 0 assms UPSA.deg_leE by blast
+ have 3: "g n = \<zero>\<^bsub>SA m\<^esub>"
+ using 1 assms UPSA.deg_leE by blast
+ show "fun_glue m S (f n) (g n) = \<zero>\<^bsub>SA m\<^esub>"
+ unfolding SA_zero function_ring_def ring_record_simps function_zero_def 2 3
+ proof fix x
+ show " fun_glue m S (\<lambda>x\<in>carrier (Q\<^sub>p\<^bsup>m\<^esup>). \<zero>) (\<lambda>x\<in>carrier (Q\<^sub>p\<^bsup>m\<^esup>). \<zero>) x = (\<lambda>x\<in>carrier (Q\<^sub>p\<^bsup>m\<^esup>). \<zero>) x"
+ apply(cases "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)")
+ unfolding fun_glue_def restrict_def apply presburger
+ by auto
+ qed
+ qed
+ next
+ show " \<And>n. SA_poly_glue m S f g n \<in> carrier (SA m)"
+ unfolding SA_poly_glue_def apply(rule fun_glue_closed)
+ by(rule cfs_closed, rule assms, rule cfs_closed, rule assms, rule assms)
+qed
+
+lemma SA_poly_glue_deg:
+ assumes "f \<in> carrier (UP (SA m))"
+ assumes "g \<in> carrier (UP (SA m))"
+ assumes "is_semialgebraic m S"
+ assumes "deg (SA m) f \<le> d"
+ assumes "deg (SA m) g \<le> d"
+ shows "deg (SA m) (SA_poly_glue m S f g) \<le> d"
+ apply(rule deg_leqI, rule SA_poly_glue_closed, rule assms, rule assms, rule assms)
+proof- fix n assume A: "d < n"
+ show "SA_poly_glue m S f g n = \<zero>\<^bsub>SA m\<^esub>"
+ unfolding SA_poly_glue_def
+ proof-
+ have 0: "n > (deg (SA m) f)"
+ using A assms by linarith
+ have 1: "n > (deg (SA m) g)"
+ using A assms by linarith
+ have 2: "f n = \<zero>\<^bsub>SA m\<^esub>"
+ using 0 assms UPSA.deg_leE by blast
+ have 3: "g n = \<zero>\<^bsub>SA m\<^esub>"
+ using 1 assms UPSA.deg_leE by blast
+ show "fun_glue m S (f n) (g n) = \<zero>\<^bsub>SA m\<^esub>"
+ unfolding SA_zero function_ring_def ring_record_simps function_zero_def 2 3
+ proof fix x
+ show " fun_glue m S (\<lambda>x\<in>carrier (Q\<^sub>p\<^bsup>m\<^esup>). \<zero>) (\<lambda>x\<in>carrier (Q\<^sub>p\<^bsup>m\<^esup>). \<zero>) x = (\<lambda>x\<in>carrier (Q\<^sub>p\<^bsup>m\<^esup>). \<zero>) x"
+ apply(cases "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)")
+ unfolding fun_glue_def restrict_def apply presburger
+ by auto
+ qed
+ qed
+qed
+
+lemma UP_SA_cfs_closed:
+ assumes "g \<in> carrier (UP (SA m))"
+ shows "g k \<in> carrier (SA m)"
+ using assms UP_ring.cfs_closed[of "SA m" g k] SA_is_ring[of m] unfolding UP_ring_def
+ by blast
+
+
+lemma SA_poly_glue_cfs1:
+ assumes "f \<in> carrier (UP (SA m))"
+ assumes "g \<in> carrier (UP (SA m))"
+ assumes "is_semialgebraic m S"
+ assumes "x \<in> S"
+ shows "(SA_poly_glue m S f g) n x = f n x"
+ unfolding SA_poly_glue_def fun_glue_def restrict_def
+ using assms
+ by (metis SA_car local.function_ring_not_car padic_fields.UP_SA_cfs_closed padic_fields_axioms semialg_functions_memE(2))
+
+lemma SA_poly_glue_cfs2:
+ assumes "f \<in> carrier (UP (SA m))"
+ assumes "g \<in> carrier (UP (SA m))"
+ assumes "is_semialgebraic m S"
+ assumes "x \<notin> S"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ shows "(SA_poly_glue m S f g) n x = g n x"
+ unfolding SA_poly_glue_def fun_glue_def restrict_def
+ using assms by meson
+
+lemma SA_poly_glue_to_Qp_poly1:
+ assumes "f \<in> carrier (UP (SA m))"
+ assumes "g \<in> carrier (UP (SA m))"
+ assumes "is_semialgebraic m S"
+ assumes "x \<in> S"
+ shows "SA_poly_to_Qp_poly m x (SA_poly_glue m S f g) = SA_poly_to_Qp_poly m x f"
+proof fix n
+ have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using assms is_semialgebraic_closed by blast
+ have 0: "SA_poly_to_Qp_poly m x (SA_poly_glue m S f g) n = (SA_poly_glue m S f g) n x"
+ by(rule SA_poly_to_Qp_poly_coeff[of x m "SA_poly_glue m S f g"], rule x_closed, rule SA_poly_glue_closed
+ , rule assms, rule assms, rule assms)
+ have 1: "(SA_poly_glue m S f g) n x = f n x"
+ by(rule SA_poly_glue_cfs1 , rule assms, rule assms, rule assms, rule assms)
+ show "SA_poly_to_Qp_poly m x (SA_poly_glue m S f g) n = SA_poly_to_Qp_poly m x f n"
+ unfolding 0 1 using SA_poly_to_Qp_poly_coeff[of x m f n] assms (1) x_closed by blast
+qed
+
+lemma SA_poly_glue_to_Qp_poly2:
+ assumes "f \<in> carrier (UP (SA m))"
+ assumes "g \<in> carrier (UP (SA m))"
+ assumes "is_semialgebraic m S"
+ assumes "x \<notin> S"
+ assumes "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ shows "SA_poly_to_Qp_poly m x (SA_poly_glue m S f g) = SA_poly_to_Qp_poly m x g"
+proof fix n
+ have x_closed: "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using assms is_semialgebraic_closed by blast
+ have 0: "SA_poly_to_Qp_poly m x (SA_poly_glue m S f g) n = (SA_poly_glue m S f g) n x"
+ by(rule SA_poly_to_Qp_poly_coeff[of x m "SA_poly_glue m S f g"], rule x_closed, rule SA_poly_glue_closed
+ , rule assms, rule assms, rule assms)
+ have 1: "(SA_poly_glue m S f g) n x = g n x"
+ by(rule SA_poly_glue_cfs2 , rule assms, rule assms, rule assms, rule assms, rule x_closed)
+ show "SA_poly_to_Qp_poly m x (SA_poly_glue m S f g) n = SA_poly_to_Qp_poly m x g n"
+ unfolding 0 1 using SA_poly_to_Qp_poly_coeff[of x m g n] assms x_closed by blast
+qed
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsubsection\<open>Polynomials over the Valuation Ring\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+definition integral_on where
+"integral_on m B = {f \<in> carrier (UP (SA m)). (\<forall>x \<in> B. \<forall>i. SA_poly_to_Qp_poly m x f i \<in> \<O>\<^sub>p)}"
+
+lemma integral_on_memI:
+ assumes "f \<in> carrier (UP (SA m))"
+ assumes "\<And>x i. x \<in> B \<Longrightarrow> SA_poly_to_Qp_poly m x f i \<in> \<O>\<^sub>p"
+ shows "f \<in> integral_on m B"
+ unfolding integral_on_def mem_Collect_eq using assms by blast
+
+lemma integral_on_memE:
+ assumes "f \<in> integral_on m B"
+ shows "f \<in> carrier (UP (SA m))"
+ "\<And>x. x \<in> B \<Longrightarrow> SA_poly_to_Qp_poly m x f i \<in> \<O>\<^sub>p"
+ using assms unfolding integral_on_def mem_Collect_eq apply blast
+ using assms unfolding integral_on_def mem_Collect_eq by blast
+
+lemma one_integral_on:
+ assumes "B \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ shows "\<one> \<^bsub>UP (SA m)\<^esub> \<in> integral_on m B"
+ apply(rule integral_on_memI)
+ apply blast
+proof- fix x i assume A: "x \<in> B"
+ have 0: "SA_poly_to_Qp_poly m x \<one>\<^bsub>UP (SA m)\<^esub> = \<one>\<^bsub>UP Q\<^sub>p\<^esub>"
+ apply(rule ring_hom_one[of _ "UP (SA m)"])
+ using SA_poly_to_Qp_poly_is_hom[of x m] A assms by blast
+ show "SA_poly_to_Qp_poly m x \<one>\<^bsub>UP (SA m)\<^esub> i \<in> \<O>\<^sub>p"
+ unfolding 0
+ apply(rule val_ring_memI)
+ apply(rule UPQ.cfs_closed)
+ apply blast
+ apply(cases "i = 0")
+ apply (metis Qp.add.nat_pow_eone Qp.one_closed UPQ.cfs_one val_of_nat_inc val_one)
+ by (metis Qp.int_inc_zero UPQ.cfs_one val_of_int_inc)
+qed
+
+lemma integral_on_plus:
+ assumes "B \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ assumes "f \<in> integral_on m B"
+ assumes "g \<in> integral_on m B"
+ shows "f \<oplus>\<^bsub>UP (SA m)\<^esub> g \<in> integral_on m B"
+proof(rule integral_on_memI)
+ show "f \<oplus>\<^bsub>UP (SA m)\<^esub> g \<in> carrier (UP (SA m))"
+ using assms integral_on_memE by blast
+ show "\<And>x i. x \<in> B \<Longrightarrow> SA_poly_to_Qp_poly m x (f \<oplus>\<^bsub>UP (SA m)\<^esub> g) i \<in> \<O>\<^sub>p"
+ proof- fix x i assume A: "x \<in> B"
+ have 0: "SA_poly_to_Qp_poly m x (f \<oplus>\<^bsub>UP (SA m)\<^esub> g) = SA_poly_to_Qp_poly m x f
+ \<oplus>\<^bsub>UP Q\<^sub>p\<^esub> SA_poly_to_Qp_poly m x g"
+ apply(rule SA_poly_to_Qp_poly_add)
+ using A assms apply blast using assms integral_on_memE apply blast
+ using assms integral_on_memE by blast
+ have 1: "SA_poly_to_Qp_poly m x (f \<oplus>\<^bsub>UP (SA m)\<^esub> g) i = SA_poly_to_Qp_poly m x f i
+ \<oplus> SA_poly_to_Qp_poly m x g i"
+ unfolding 0 apply(rule UPQ.cfs_add)
+ apply(rule SA_poly_to_Qp_poly_closed)
+ using A assms apply blast
+ using assms integral_on_memE apply blast
+ apply(rule SA_poly_to_Qp_poly_closed)
+ using A assms apply blast
+ using assms integral_on_memE by blast
+ show "SA_poly_to_Qp_poly m x (f \<oplus>\<^bsub>UP (SA m)\<^esub> g) i \<in> \<O>\<^sub>p"
+ unfolding 1 using assms integral_on_memE
+ using A val_ring_add_closed by presburger
+ qed
+qed
+
+lemma integral_on_times:
+ assumes "B \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ assumes "f \<in> integral_on m B"
+ assumes "g \<in> integral_on m B"
+ shows "f \<otimes>\<^bsub>UP (SA m)\<^esub> g \<in> integral_on m B"
+proof(rule integral_on_memI)
+ show "f \<otimes>\<^bsub>UP (SA m)\<^esub> g \<in> carrier (UP (SA m))"
+ using assms integral_on_memE by blast
+ show "\<And>x i. x \<in> B \<Longrightarrow> SA_poly_to_Qp_poly m x (f \<otimes>\<^bsub>UP (SA m)\<^esub> g) i \<in> \<O>\<^sub>p"
+ proof- fix x i assume A: "x \<in> B"
+ have 0: "SA_poly_to_Qp_poly m x (f \<otimes>\<^bsub>UP (SA m)\<^esub> g) = SA_poly_to_Qp_poly m x f
+ \<otimes>\<^bsub>UP Q\<^sub>p\<^esub> SA_poly_to_Qp_poly m x g"
+ apply(rule SA_poly_to_Qp_poly_mult)
+ using A assms apply blast using assms integral_on_memE apply blast
+ using assms integral_on_memE by blast
+ obtain S where S_def: "S = UP (Q\<^sub>p \<lparr> carrier := \<O>\<^sub>p \<rparr>)"
+ by blast
+ have 1: "cring S"
+ unfolding S_def apply(rule UPQ.UP_ring_subring_is_ring)
+ using val_ring_subring by blast
+ have 2: " carrier S = {h \<in> carrier (UP Q\<^sub>p). \<forall>n. h n \<in> \<O>\<^sub>p}"
+ unfolding S_def using UPQ.UP_ring_subring_car[of \<O>\<^sub>p] val_ring_subring by blast
+ have 3: "SA_poly_to_Qp_poly m x f \<in> carrier S"
+ unfolding 2 mem_Collect_eq using assms integral_on_memE SA_poly_to_Qp_poly_closed A
+ by blast
+ have 4: "SA_poly_to_Qp_poly m x g \<in> carrier S"
+ unfolding 2 mem_Collect_eq using assms integral_on_memE SA_poly_to_Qp_poly_closed A
+ by blast
+ have 5: "SA_poly_to_Qp_poly m x (f \<otimes>\<^bsub>UP (SA m)\<^esub> g) \<in> carrier S"
+ unfolding 0
+ using cring.cring_simprules(5)[of S]3 4 1 UPQ.UP_ring_subring_mult[of \<O>\<^sub>p "SA_poly_to_Qp_poly m x f" "SA_poly_to_Qp_poly m x g"]
+ using S_def val_ring_subring by metis
+ show "SA_poly_to_Qp_poly m x (f \<otimes>\<^bsub>UP (SA m)\<^esub> g) i \<in> \<O>\<^sub>p"
+ using 5 unfolding 2 mem_Collect_eq by blast
+ qed
+qed
+
+lemma integral_on_a_minus:
+ assumes "B \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ assumes "f \<in> integral_on m B"
+ shows "\<ominus>\<^bsub>UP (SA m)\<^esub> f \<in> integral_on m B"
+ apply(rule integral_on_memI)
+ using assms integral_on_memE(1)[of f m B]
+ apply blast
+proof- fix x i assume A: "x \<in> B"
+ have 0: "SA_poly_to_Qp_poly m x (\<ominus>\<^bsub>UP (SA m)\<^esub> f) = \<ominus>\<^bsub>UP Q\<^sub>p\<^esub> SA_poly_to_Qp_poly m x f"
+ apply(rule UP_cring.ring_hom_uminus[of "UP Q\<^sub>p" "UP (SA m)" "SA_poly_to_Qp_poly m x" f ] )
+ unfolding UP_cring_def
+ apply (simp add: UPQ.M_cring)
+ using UPSA.P.is_ring apply blast
+ apply(rule SA_poly_to_Qp_poly_is_hom)
+ using A assms apply blast
+ using assms integral_on_memE by blast
+ have 2: "\<And>f. f \<in> carrier (UP Q\<^sub>p) \<Longrightarrow> (\<ominus>\<^bsub>UP Q\<^sub>p\<^esub> f) i = \<ominus> (f i)"
+ using UPQ.cfs_a_inv by blast
+ have 1: "SA_poly_to_Qp_poly m x (\<ominus>\<^bsub>UP (SA m)\<^esub> f) i = \<ominus> (SA_poly_to_Qp_poly m x f) i "
+ unfolding 0 apply(rule 2)
+ using integral_on_memE assms A SA_poly_to_Qp_poly_closed[of x m f] by blast
+ show "SA_poly_to_Qp_poly m x (\<ominus>\<^bsub>UP (SA m)\<^esub> f) i \<in> \<O>\<^sub>p"
+ unfolding 1 using A assms integral_on_memE(2)[of f m B x i]
+ using val_ring_ainv_closed by blast
+qed
+
+lemma integral_on_subring:
+ assumes "B \<subseteq> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ shows "subring (integral_on m B) (UP (SA m))"
+proof(rule subringI)
+ show "integral_on m B \<subseteq> carrier (UP (SA m))"
+ unfolding integral_on_def by blast
+ show "\<one>\<^bsub>UP (SA m)\<^esub> \<in> integral_on m B"
+ using one_integral_on assms by blast
+ show " \<And>h. h \<in> integral_on m B \<Longrightarrow> \<ominus>\<^bsub>UP (SA m)\<^esub> h \<in> integral_on m B"
+ using integral_on_a_minus assms by blast
+ show "\<And>h1 h2. h1 \<in> integral_on m B \<Longrightarrow> h2 \<in> integral_on m B \<Longrightarrow> h1 \<otimes>\<^bsub>UP (SA m)\<^esub> h2 \<in> integral_on m B"
+ using integral_on_times assms by blast
+ show "\<And>h1 h2. h1 \<in> integral_on m B \<Longrightarrow> h2 \<in> integral_on m B \<Longrightarrow> h1 \<oplus>\<^bsub>UP (SA m)\<^esub> h2 \<in> integral_on m B"
+ using integral_on_plus assms by blast
+qed
+
+lemma val_ring_add_pow:
+ assumes "a \<in> carrier Q\<^sub>p"
+ assumes "val a \<ge> 0"
+ shows "val ([(n::nat)]\<cdot>a) \<ge> 0"
+proof-
+ have 0: "[(n::nat)]\<cdot>a = ([n]\<cdot>\<one>)\<otimes>a"
+ using assms Qp.add_pow_ldistr Qp.cring_simprules(12) Qp.one_closed by presburger
+ show ?thesis unfolding 0 using assms
+ by (meson Qp.nat_inc_closed val_ring_memE val_of_nat_inc val_ringI val_ring_times_closed)
+qed
+
+lemma val_ring_poly_eval:
+ assumes "f \<in> carrier (UP Q\<^sub>p)"
+ assumes "\<And> i. f i \<in> \<O>\<^sub>p"
+ shows "\<And>x. x \<in> \<O>\<^sub>p \<Longrightarrow> f \<bullet> x \<in> \<O>\<^sub>p"
+proof- fix x assume A: "x \<in> \<O>\<^sub>p"
+ obtain S where S_def: "S = (Q\<^sub>p \<lparr> carrier := \<O>\<^sub>p \<rparr>)"
+ by blast
+ have 0: "UP_cring S"
+ unfolding S_def apply(rule UPQ.UP_ring_subring(1))
+ using val_ring_subring by blast
+ have 1: "to_function Q\<^sub>p f x = to_function S f x"
+ unfolding S_def apply(rule UPQ.UP_subring_eval)
+ using val_ring_subring apply blast
+ apply(rule UPQ.poly_cfs_subring) using val_ring_subring apply blast
+ using assms apply blast
+ using assms apply blast using A by blast
+ have 2: "f \<in> carrier (UP S)"
+ unfolding S_def
+ using UPQ.UP_ring_subring_car[of \<O>\<^sub>p] assms val_ring_subring by blast
+ have 3: "to_function S f x \<in> \<O>\<^sub>p"
+ using UPQ.UP_subring_eval_closed[of \<O>\<^sub>p f x]
+ using 1 0 UP_cring.to_fun_closed[of S f x]
+ unfolding S_def
+ by (metis "2" A S_def UPQ.to_fun_def val_ring_subring)
+ thus "f \<bullet> x \<in> \<O>\<^sub>p"
+ using 1 UPQ.to_fun_def by presburger
+qed
+
+lemma SA_poly_constant_res_class_semialg':
+ assumes "f \<in> carrier (UP (SA m))"
+ assumes "\<And>i x. x \<in> B \<Longrightarrow> f i x \<in> \<O>\<^sub>p"
+ assumes "deg (SA m) f \<le> d"
+ assumes "C \<in> poly_res_classes n d"
+ assumes "is_semialgebraic m B"
+ shows "is_semialgebraic m {x \<in> B. SA_poly_to_Qp_poly m x f \<in> C}"
+proof-
+ obtain g where g_def: "g = SA_poly_glue m B f (\<one>\<^bsub>UP (SA m)\<^esub>)"
+ by blast
+ have g_closed: "g \<in> carrier (UP (SA m))"
+ unfolding g_def by(rule SA_poly_glue_closed, rule assms, blast, rule assms)
+ have g_deg: "deg (SA m) g \<le> d"
+ unfolding g_def apply(rule SA_poly_glue_deg, rule assms, blast, rule assms, rule assms)
+ unfolding deg_one by blast
+ have 0: "{x \<in> B. SA_poly_to_Qp_poly m x f \<in> C} = B \<inter> {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). SA_poly_to_Qp_poly m x g \<in> C}"
+ apply(rule equalityI', rule IntI, blast)
+ unfolding mem_Collect_eq apply(rule conjI)
+ using assms is_semialgebraic_closed apply blast
+ unfolding g_def using SA_poly_glue_cfs1[of f m "\<one>\<^bsub>UP (SA m)\<^esub>" B] assms
+ using SA_poly_glue_to_Qp_poly1 UPSA.P.cring_simprules(6) apply presburger
+ unfolding g_def using SA_poly_glue_cfs1[of f m "\<one>\<^bsub>UP (SA m)\<^esub>" B] assms
+ using SA_poly_glue_to_Qp_poly1 UPSA.P.cring_simprules(6)
+ by (metis (no_types, lifting) Int_iff mem_Collect_eq)
+ have 1: "\<And>i x. x \<in> B \<Longrightarrow> g i x = f i x"
+ unfolding g_def by(rule SA_poly_glue_cfs1, rule assms, blast, rule assms, blast)
+ have 2: "\<And>i x. x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> g i x \<in> \<O>\<^sub>p"
+ proof- fix i x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ show "g i x \<in> \<O>\<^sub>p"
+ unfolding g_def apply(cases "x \<in> B")
+ using SA_poly_glue_cfs1[of f m "\<one>\<^bsub>UP (SA m)\<^esub>" B x i]
+ assms(1) assms(2)[of x i] 1
+ using UPSA.P.cring_simprules(6) assms(5) apply presburger
+ using SA_poly_glue_cfs2[of g m "\<one>\<^bsub>UP (SA m)\<^esub>" B x i] g_closed assms A
+ by (metis (mono_tags, opaque_lifting) SA_poly_glue_cfs2 SA_poly_to_Qp_poly_coeff
+ UPSA.P.cring_simprules(6) carrier_is_semialgebraic g_def integral_on_memE(2) is_semialgebraic_closed one_integral_on )
+ qed
+ have 3: "\<And>i x. x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> x \<notin> B \<Longrightarrow> g i x = \<one>\<^bsub>UP (SA m)\<^esub> i x"
+ unfolding g_def apply(rule SA_poly_glue_cfs2[of f m "\<one>\<^bsub>UP (SA m)\<^esub>" B ])
+ by(rule assms, blast, rule assms, blast, blast)
+ have 4: "\<And>i x. x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> x \<notin> B \<Longrightarrow> g i x \<in> \<O>\<^sub>p "
+ using 3 cfs_one[of m] 2 by blast
+ have 5: "\<And>i x. x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> g i x \<in> \<O>\<^sub>p"
+ using 1 4 assms 2 by blast
+ have 6: "is_semialgebraic m {x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>). SA_poly_to_Qp_poly m x g \<in> C}"
+ by(rule SA_poly_constant_res_class_semialg[of _ _ d _ n], rule g_closed, rule 5, blast, rule g_deg, rule assms)
+ show ?thesis unfolding 0
+ by(rule intersection_is_semialg, rule assms, rule 6)
+qed
+
+lemma SA_poly_constant_res_class_decomp:
+ assumes "f \<in> carrier (UP (SA m))"
+ assumes "\<And>i x. x \<in> B \<Longrightarrow> f i x \<in> \<O>\<^sub>p"
+ assumes "deg (SA m) f \<le> d"
+ assumes "is_semialgebraic m B"
+ shows "B = (\<Union> C \<in> poly_res_classes n d. {x \<in> B. SA_poly_to_Qp_poly m x f \<in> C})"
+proof(rule equalityI')fix x assume A: "x \<in> B"
+ obtain g where g_def: "g = SA_poly_glue m B f (\<one>\<^bsub>UP (SA m)\<^esub>)"
+ by blast
+ have g_closed: "g \<in> carrier (UP (SA m))"
+ unfolding g_def by(rule SA_poly_glue_closed, rule assms, blast, rule assms)
+ have g_deg: "deg (SA m) g \<le> d"
+ unfolding g_def apply(rule SA_poly_glue_deg, rule assms, blast, rule assms, rule assms)
+ unfolding deg_one by blast
+ have 1: "\<And>i x. x \<in> B \<Longrightarrow> g i x = f i x"
+ unfolding g_def by(rule SA_poly_glue_cfs1, rule assms, blast, rule assms, blast)
+ have 2: "\<And>i x. x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> g i x \<in> \<O>\<^sub>p"
+ proof- fix i x assume A: "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ show "g i x \<in> \<O>\<^sub>p"
+ unfolding g_def apply(cases "x \<in> B")
+ using SA_poly_glue_cfs1[of f m "\<one>\<^bsub>UP (SA m)\<^esub>" B x i]
+ assms(1) assms(2)[of x i] 1
+ using UPSA.P.cring_simprules(6) assms(4) apply presburger
+ using SA_poly_glue_cfs2[of g m "\<one>\<^bsub>UP (SA m)\<^esub>" B x i] g_closed assms A
+ by (metis (mono_tags, opaque_lifting) SA_poly_glue_cfs2 SA_poly_to_Qp_poly_coeff
+ UPSA.P.cring_simprules(6) carrier_is_semialgebraic g_def integral_on_memE(2) is_semialgebraic_closed one_integral_on )
+ qed
+ have 3: "\<And>i x. x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> x \<notin> B \<Longrightarrow> g i x = \<one>\<^bsub>UP (SA m)\<^esub> i x"
+ unfolding g_def apply(rule SA_poly_glue_cfs2[of f m "\<one>\<^bsub>UP (SA m)\<^esub>" B ])
+ by(rule assms, blast, rule assms, blast, blast)
+ have 4: "\<And>i x. x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> x \<notin> B \<Longrightarrow> g i x \<in> \<O>\<^sub>p "
+ using 3 cfs_one[of m] 2 by blast
+ have 5: "\<And>i x. x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> g i x \<in> \<O>\<^sub>p"
+ using 1 4 assms 2 by blast
+ have 6: "\<And> i x. x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> SA_poly_to_Qp_poly m x g i = g i x"
+ by(rule SA_poly_to_Qp_poly_coeff, blast, rule g_closed)
+ have 7: "\<And> x. x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> SA_poly_to_Qp_poly m x g \<in> val_ring_polys_grad d"
+ apply(rule val_ring_polys_grad_memI, rule SA_poly_to_Qp_poly_closed, blast, rule g_closed)
+ unfolding 6 apply(rule 5, blast)
+ using g_closed SA_poly_to_Qp_poly_deg_bound[of g m] g_deg le_trans by blast
+ have 8: "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> SA_poly_to_Qp_poly m x g \<in> poly_res_class n d (SA_poly_to_Qp_poly m x g)"
+ by(rule poly_res_class_refl, rule 7)
+ have 9: "\<And>x. x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>) \<Longrightarrow> poly_res_class n d (SA_poly_to_Qp_poly m x g) \<in> poly_res_classes n d"
+ unfolding poly_res_classes_def using 7 by blast
+ have 10: "\<And>x. x \<in> B \<Longrightarrow> SA_poly_to_Qp_poly m x g = SA_poly_to_Qp_poly m x f"
+ unfolding g_def by(rule SA_poly_glue_to_Qp_poly1, rule assms, blast, rule assms, blast)
+ have 11: "x \<in> carrier (Q\<^sub>p\<^bsup>m\<^esup>)"
+ using A is_semialgebraic_closed assms by blast
+ have 12: "SA_poly_to_Qp_poly m x g = SA_poly_to_Qp_poly m x f"
+ by(rule 10, rule A)
+ have 13: "x \<in> {x \<in> B. SA_poly_to_Qp_poly m x f \<in> poly_res_class n d (SA_poly_to_Qp_poly m x g)}"
+ using 11 10[of x] A 9[of x] 8[of x] unfolding 12 mem_Collect_eq by blast
+ show "x \<in> (\<Union>C\<in>poly_res_classes n d. {x \<in> B. SA_poly_to_Qp_poly m x f \<in> C})"
+ using 13 9[of x] 11 unfolding 12 mem_simps(8) mem_Collect_eq by auto
+next
+ show "\<And>x. x \<in> (\<Union>C\<in>poly_res_classes n d. {x \<in> B. SA_poly_to_Qp_poly m x f \<in> C}) \<Longrightarrow> x \<in> B"
+ by blast
+qed
+
+end
+
+context UP_cring
+begin
+
+lemma pderiv_deg_bound:
+ assumes "p \<in> carrier P"
+ assumes "deg R p \<le> (Suc d)"
+ shows "deg R (pderiv p) \<le> d"
+proof-
+ have "deg R p \<le> (Suc d) \<longrightarrow> deg R (pderiv p) \<le> d"
+ apply(rule poly_induct[of p])
+ apply (simp add: assms(1))
+ using deg_zero pderiv_deg_0 apply presburger
+ proof fix p assume A: "(\<And>q. q \<in> carrier P \<Longrightarrow> deg R q < deg R p \<Longrightarrow> deg R q \<le> Suc d \<longrightarrow> deg R (pderiv q) \<le> d)"
+ "p \<in> carrier P" "0 < deg R p" "deg R p \<le> Suc d"
+ obtain q where q_def: "q \<in> carrier P \<and> deg R q < deg R p \<and> p = q \<oplus>\<^bsub>P\<^esub> ltrm p"
+ using A ltrm_decomp by metis
+ have 0: "deg R (pderiv (ltrm p)) \<le> d"
+ proof-
+ have 1: "pderiv (ltrm p) = up_ring.monom P ([deg R p] \<cdot> p (deg R p)) (deg R p - 1)"
+ using pderiv_monom[of "lcf p" "deg R p"] A P_def UP_car_memE(1) by auto
+ show ?thesis unfolding 1
+ by (metis (no_types, lifting) A(2) A(3) A(4) R.add_pow_closed Suc_diff_1 cfs_closed deg_monom_le le_trans not_less_eq_eq)
+ qed
+ have "deg R q \<le> Suc d" using A q_def by linarith
+ then have 1: "deg R (pderiv q) \<le> d"
+ using A q_def by blast
+ hence "max (deg R (pderiv q)) (deg R (pderiv (up_ring.monom P (p (deg R p)) (deg R p)))) \<le> d"
+ using 0 max.bounded_iff by blast
+ thus "deg R (pderiv p) \<le> d "
+ using q_def pderiv_add pderiv_monom[of "lcf p" "deg R p"] A deg_add[of "pderiv q" "pderiv (ltrm p)"]
+ by (metis "0" "1" ltrm_closed bound_deg_sum pderiv_closed)
+ qed
+ thus ?thesis
+ using assms(2) by blast
+qed
+
+lemma(in cring) minus_zero:
+"a \<in> carrier R \<Longrightarrow> a \<ominus> \<zero> = a"
+ unfolding a_minus_def
+ by (metis add.l_cancel_one' cring_simprules(2) cring_simprules(22))
+
+lemma (in UP_cring) taylor_expansion_at_zero:
+ assumes "g \<in> carrier (UP R)"
+ shows "taylor_expansion R \<zero> g = g"
+proof-
+ have 0: "X_plus \<zero> = X_poly R"
+ unfolding X_poly_plus_def
+ by (metis ctrm_degree lcf_eq P.r_zero P_def R.zero_closed UP_cring.ctrm_is_poly UP_cring.to_poly_inverse UP_zero_closed X_closed deg_nzero_nzero is_UP_cring to_fun_ctrm to_fun_zero)
+ show ?thesis
+ unfolding taylor_expansion_def 0
+ using assms UP_cring.X_sub is_UP_cring by blast
+qed
+end
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Partitioning Semialgebraic Sets By Zero Sets of Function\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+context padic_fields
+begin
+
+definition SA_funs_to_SA_decomp where
+"SA_funs_to_SA_decomp n Fs S = atoms_of ((\<inter>) S ` ((SA_zero_set n ` Fs) \<union> (SA_nonzero_set n ` Fs))) "
+
+lemma SA_funs_to_SA_decomp_closed_0:
+ assumes "Fs \<subseteq> carrier (SA n)"
+ assumes "is_semialgebraic n S"
+ shows "(\<inter>) S ` ((SA_zero_set n ` Fs) \<union> (SA_nonzero_set n ` Fs)) \<subseteq> semialg_sets n"
+proof(rule subsetI)
+ fix x assume A: "x \<in> (\<inter>) S ` (SA_zero_set n ` Fs \<union> SA_nonzero_set n ` Fs)"
+ show " x \<in> semialg_sets n"
+ proof(cases "x \<in> (\<inter>) S ` SA_zero_set n ` Fs")
+ case True
+ then obtain f where f_def: "f \<in> Fs \<and> x = S \<inter> SA_zero_set n f"
+ by blast
+ then show "x \<in> semialg_sets n" using assms SA_zero_set_is_semialgebraic
+ by (meson is_semialgebraicE semialg_intersect subset_iff)
+ next
+ case False
+ then have "x \<in> (\<inter>) S ` SA_nonzero_set n ` Fs"
+ using A by blast
+ then obtain f where f_def: "f \<in> Fs \<and> x = S \<inter> SA_nonzero_set n f"
+ using A by blast
+ then show "x \<in> semialg_sets n" using assms SA_nonzero_set_is_semialgebraic
+ by (meson padic_fields.is_semialgebraicE padic_fields.semialg_intersect padic_fields_axioms subset_iff)
+ qed
+qed
+
+lemma SA_funs_to_SA_decomp_closed:
+ assumes "finite Fs"
+ assumes "Fs \<subseteq> carrier (SA n)"
+ assumes "is_semialgebraic n S"
+ shows "SA_funs_to_SA_decomp n Fs S \<subseteq> semialg_sets n"
+ unfolding SA_funs_to_SA_decomp_def semialg_sets_def
+ apply(rule atoms_of_gen_boolean_algebra)
+ using SA_funs_to_SA_decomp_closed_0[of Fs n S] assms unfolding semialg_sets_def
+ apply blast
+ using assms
+ by blast
+
+lemma SA_funs_to_SA_decomp_finite:
+ assumes "finite Fs"
+ assumes "Fs \<subseteq> carrier (SA n)"
+ assumes "is_semialgebraic n S"
+ shows "finite (SA_funs_to_SA_decomp n Fs S)"
+ unfolding SA_funs_to_SA_decomp_def
+ apply(rule finite_set_imp_finite_atoms)
+ using assms by blast
+
+lemma SA_funs_to_SA_decomp_disjoint:
+ assumes "finite Fs"
+ assumes "Fs \<subseteq> carrier (SA n)"
+ assumes "is_semialgebraic n S"
+ shows "disjoint (SA_funs_to_SA_decomp n Fs S)"
+ apply(rule disjointI) unfolding SA_funs_to_SA_decomp_def
+ apply(rule atoms_of_disjoint[of _ " ((\<inter>) S ` (SA_zero_set n ` Fs \<union> SA_nonzero_set n ` Fs))"])
+ apply blast apply blast by blast
+
+lemma pre_SA_funs_to_SA_decomp_in_algebra:
+ shows " ((\<inter>) S ` (SA_zero_set n ` Fs \<union> SA_nonzero_set n ` Fs)) \<subseteq> gen_boolean_algebra S (SA_zero_set n ` Fs \<union> SA_nonzero_set n ` Fs)"
+proof(rule subsetI) fix x assume A: " x \<in> (\<inter>) S ` (SA_zero_set n ` Fs \<union> SA_nonzero_set n ` Fs)"
+ then obtain A where A_def: "A \<in> (SA_zero_set n ` Fs \<union> SA_nonzero_set n ` Fs) \<and> x = S \<inter> A"
+ by blast
+ then show "x \<in> gen_boolean_algebra S (SA_zero_set n ` Fs \<union> SA_nonzero_set n ` Fs)"
+ using gen_boolean_algebra.generator[of A "SA_zero_set n ` Fs \<union> SA_nonzero_set n ` Fs" S]
+ by (metis inf.commute)
+qed
+
+lemma SA_funs_to_SA_decomp_in_algebra:
+ assumes "finite Fs"
+ shows "SA_funs_to_SA_decomp n Fs S \<subseteq> gen_boolean_algebra S (SA_zero_set n ` Fs \<union> SA_nonzero_set n ` Fs)"
+ unfolding SA_funs_to_SA_decomp_def apply(rule atoms_of_gen_boolean_algebra)
+ using pre_SA_funs_to_SA_decomp_in_algebra[of S n Fs] apply blast
+ using assms by blast
+
+lemma SA_funs_to_SA_decomp_subset:
+ assumes "finite Fs"
+ assumes "Fs \<subseteq> carrier (SA n)"
+ assumes "is_semialgebraic n S"
+ assumes "A \<in> SA_funs_to_SA_decomp n Fs S"
+ shows "A \<subseteq> S"
+proof-
+ have "A \<in> gen_boolean_algebra S (SA_zero_set n ` Fs \<union> SA_nonzero_set n ` Fs)"
+ using assms SA_funs_to_SA_decomp_in_algebra[of Fs n S]
+ atoms_of_gen_boolean_algebra[of _ S "(SA_zero_set n ` Fs \<union> SA_nonzero_set n ` Fs)"]
+ unfolding SA_funs_to_SA_decomp_def by blast
+ then show ?thesis using gen_boolean_algebra_subset by blast
+qed
+
+lemma SA_funs_to_SA_decomp_memE:
+ assumes "finite Fs"
+ assumes "Fs \<subseteq> carrier (SA n)"
+ assumes "is_semialgebraic n S"
+ assumes "A \<in> (SA_funs_to_SA_decomp n Fs S)"
+ assumes "f \<in> Fs"
+ shows "A \<subseteq> SA_zero_set n f \<or> A \<subseteq> SA_nonzero_set n f"
+proof(cases "A \<subseteq> S \<inter> SA_zero_set n f")
+case True
+ then show ?thesis
+ by blast
+next
+ case False
+ have 0: "S \<inter> SA_zero_set n f \<in> (\<inter>) S ` (SA_zero_set n ` Fs \<union> SA_nonzero_set n ` Fs)"
+ using assms
+ by blast
+ then have 1: "A \<inter> (S \<inter> SA_zero_set n f) = {}"
+ using False assms atoms_are_minimal[of A "((\<inter>) S ` (SA_zero_set n ` Fs \<union> SA_nonzero_set n ` Fs))" "S \<inter> SA_zero_set n f"]
+ unfolding SA_funs_to_SA_decomp_def
+ by blast
+ have 2: "A \<subseteq> S"
+ using assms SA_funs_to_SA_decomp_subset by blast
+ then show ?thesis
+ using 0 1 False zero_set_nonzero_set_covers_semialg_set[of n S] assms(3) by auto
+qed
+
+lemma SA_funs_to_SA_decomp_covers:
+ assumes "finite Fs"
+ assumes "Fs \<noteq> {}"
+ assumes "Fs \<subseteq> carrier (SA n)"
+ assumes "is_semialgebraic n S"
+ shows "S = \<Union> (SA_funs_to_SA_decomp n Fs S)"
+proof-
+ have 0: "S = \<Union> ((\<inter>) S ` ((SA_zero_set n ` Fs) \<union> (SA_nonzero_set n ` Fs)))"
+ proof
+ obtain f where f_def: "f \<in> Fs"
+ using assms by blast
+ have 0: "S \<inter> SA_nonzero_set n f \<in> ((\<inter>) S ` ((SA_zero_set n ` Fs) \<union> (SA_nonzero_set n ` Fs)))"
+ using f_def by blast
+ have 1: "S \<inter> SA_zero_set n f \<in> ((\<inter>) S ` ((SA_zero_set n ` Fs) \<union> (SA_nonzero_set n ` Fs)))"
+ using f_def by blast
+ have 2: "S = S \<inter> SA_zero_set n f \<union> S \<inter> SA_nonzero_set n f"
+ by (simp add: assms(4) zero_set_nonzero_set_covers_semialg_set)
+ then show "S \<subseteq> \<Union> ((\<inter>) S ` (SA_zero_set n ` Fs \<union> SA_nonzero_set n ` Fs))"
+ using 0 1 Sup_upper2 Un_subset_iff subset_refl by blast
+ show "\<Union> ((\<inter>) S ` (SA_zero_set n ` Fs \<union> SA_nonzero_set n ` Fs)) \<subseteq> S"
+ by blast
+ qed
+ show ?thesis
+ unfolding SA_funs_to_SA_decomp_def atoms_of_covers' using 0 by blast
+qed
+
+end
+end
+
diff --git a/thys/Padic_Field/ROOT b/thys/Padic_Field/ROOT
new file mode 100755
--- /dev/null
+++ b/thys/Padic_Field/ROOT
@@ -0,0 +1,20 @@
+chapter AFP
+
+session Padic_Field (AFP) = "Padic_Ints" +
+ options [timeout = 3600]
+sessions
+ "Localization_Ring"
+theories
+ Fraction_Field
+ Cring_Multivariable_Poly
+ Indices
+ Ring_Powers
+ Padic_Fields
+ Padic_Field_Polynomials
+ Padic_Field_Topology
+ Generated_Boolean_Algebra
+ Padic_Field_Powers
+ Padic_Semialgebraic_Function_Ring
+ document_files
+ "root.tex"
+ "root.bib"
diff --git a/thys/Padic_Field/Ring_Powers.thy b/thys/Padic_Field/Ring_Powers.thy
new file mode 100755
--- /dev/null
+++ b/thys/Padic_Field/Ring_Powers.thy
@@ -0,0 +1,7011 @@
+theory Ring_Powers
+ imports "HOL-Algebra.Chinese_Remainder" "HOL-Combinatorics.List_Permutation"
+ Padic_Ints.Function_Ring "HOL-Algebra.Generated_Rings" Cring_Multivariable_Poly Indices
+begin
+
+type_synonym arity = nat
+type_synonym 'a tuple = "'a list"
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+section\<open>Cartesian Powers of a Ring\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+ (**********************************************************************)
+ (**********************************************************************)
+ subsection\<open>Constructing the Cartesian Power of a Ring\<close>
+ (**********************************************************************)
+ (**********************************************************************)
+text\<open>Powers of a ring\<close>
+
+text\<open>\texttt{R\_list n R} produces the list $[R, ... , R]$ of length n\<close>
+
+fun R_list :: "nat \<Rightarrow> ('a, 'b) ring_scheme \<Rightarrow> (('a, 'b) ring_scheme ) list" where
+"R_list n R = map (\<lambda>_. R) (index_list n)"
+
+text\<open>Cartesian powers of a ring\<close>
+
+definition cartesian_power :: "('a, 'b) ring_scheme \<Rightarrow> nat \<Rightarrow> ('a list) ring" ("_\<^bsup>_\<^esup>" 80) where
+"R\<^bsup>n\<^esup> \<equiv> RDirProd_list (R_list n R)"
+
+lemma R_list_length:
+"length (R_list n R) = n"
+ apply(induction n) by auto
+
+lemma R_list_nth:
+"i < n \<Longrightarrow> R_list n R ! i = R"
+ by (simp add: index_list_length)
+
+lemma cartesian_power_car_memI:
+ assumes "length as = n"
+ assumes "set as \<subseteq> carrier R"
+ shows "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ unfolding cartesian_power_def
+ apply(rule RDirProd_list_carrier_memI)
+ using R_list_length assms(1) apply auto[1]
+ by (metis R_list_length R_list_nth assms(1) assms(2) nth_mem subsetD)
+
+lemma cartesian_power_car_memI':
+ assumes "length as = n"
+ assumes "\<And>i. i < n \<Longrightarrow> as ! i \<in> carrier R"
+ shows "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ unfolding cartesian_power_def
+ apply(rule RDirProd_list_carrier_memI)
+ using R_list_length assms(1) apply auto[1]
+ by (metis R_list_length R_list_nth assms(2))
+
+lemma cartesian_power_car_memE:
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "length as = n"
+ using RDirProd_list_carrier_mem(1)
+ by (metis R_list_length assms cartesian_power_def)
+
+lemma cartesian_power_car_memE':
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "i < n"
+ shows " as ! i \<in> carrier R"
+ using assms RDirProd_list_carrier_mem(2)
+ by (metis (no_types, lifting) R_list_length R_list_nth cartesian_power_def)
+
+lemma cartesian_power_car_memE'':
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "set as \<subseteq> carrier R"
+ using cartesian_power_car_memE'
+ by (metis assms cartesian_power_car_memE in_set_conv_nth subsetI)
+
+lemma cartesian_power_car_memI'':
+ assumes "length as = n + k"
+ assumes "take n as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "drop n as \<in> carrier (R\<^bsup>k\<^esup>)"
+ shows "as \<in> carrier (R\<^bsup>n+k\<^esup>)"
+ apply(rule cartesian_power_car_memI')
+ apply (simp add: assms(1))
+proof- fix i assume A: "i < n + k"
+ show " as ! i \<in> carrier R"
+ apply(cases "i < n")
+ apply (metis assms(2) cartesian_power_car_memE' nth_take)
+ by (metis A add_diff_inverse_nat add_less_imp_less_left
+ append_take_drop_id assms(2) assms(3) cartesian_power_car_memE
+ cartesian_power_car_memE' nth_append_length_plus)
+qed
+
+lemma cartesian_power_cons:
+ assumes " as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "a \<in> carrier R"
+ shows "a#as \<in> carrier (R\<^bsup>n+1\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ apply (metis One_nat_def assms(1) cartesian_power_car_memE list.size(4))
+ by (metis assms(1) assms(2) cartesian_power_car_memE cartesian_power_car_memE' in_set_conv_nth set_ConsD subsetI)
+
+lemma cartesian_power_append:
+ assumes " as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "a \<in> carrier R"
+ shows "as@[a] \<in> carrier (R\<^bsup>n+1\<^esup>)"
+ apply(rule cartesian_power_car_memI'')
+ apply (metis add.commute assms(1) cartesian_power_car_memE length_append_singleton plus_1_eq_Suc)
+ apply (metis append_eq_append_conv_if assms(1) butlast_snoc cartesian_power_car_memE length_append_singleton lessI take_butlast)
+ by (metis add.commute add.right_neutral append_eq_conv_conj assms(1) assms(2) bot_least
+ cartesian_power_car_memE cartesian_power_car_memI cartesian_power_cons
+ list.set(1) list.size(3))
+
+lemma cartesian_power_head:
+ assumes "as \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ shows "hd as \<in> carrier R"
+ by (metis assms cartesian_power_car_memE cartesian_power_car_memE'' list.set_sel(1) list.size(3) old.nat.distinct(1) subsetD)
+
+lemma cartesian_power_tail:
+ assumes "as \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ shows "tl as \<in> carrier (R\<^bsup>n\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ apply (metis add_diff_cancel_left' assms cartesian_power_car_memE length_tl plus_1_eq_Suc)
+ by (metis assms cartesian_power_car_memE cartesian_power_car_memE'' list.set_sel(2) list.size(3) nat.simps(3) subsetD subsetI)
+
+lemma insert_at_index_closed:
+ assumes "length as = n"
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "a \<in> carrier R"
+ assumes "k \<le> n"
+ shows "(insert_at_index as a k) \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ apply(rule cartesian_power_car_memI')
+ apply (metis Groups.add_ac(2) assms(1) insert_at_index_length plus_1_eq_Suc)
+ by (smt R_list_length Suc_le_eq assms(1) assms(2) assms(3) assms(4)
+ cartesian_power_car_memE' insert_at_index_eq insert_at_index_eq'
+ insert_at_index_eq'' less_Suc_eq less_Suc_eq_0_disj not_less_eq_eq)
+
+lemma insert_at_index_pow_not_car:
+ assumes "k \<le>n"
+ assumes "length x = n"
+ assumes "(insert_at_index x a k) \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ shows "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ apply(rule cartesian_power_car_memI')
+ apply (simp add: assms(2))
+ by (metis Suc_mono assms(1) assms(2) assms(3)
+ cartesian_power_car_memE' insert_at_index_eq'
+ insert_at_index_eq'' leI less_SucI)
+
+lemma insert_at_index_pow_not_car':
+ assumes "k \<le>n"
+ assumes "length x = n"
+ assumes "x \<notin> carrier (R\<^bsup>n\<^esup>)"
+ shows "(insert_at_index x a n) \<notin> carrier (R\<^bsup>Suc n\<^esup>)"
+ by (metis assms(2) assms(3) insert_at_index_pow_not_car lessI less_Suc_eq_le)
+
+lemma take_closed:
+ assumes "k \<le>n"
+ assumes "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "take k x \<in> carrier (R\<^bsup>k\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ apply (metis assms(1) assms(2) cartesian_power_car_memE length_take min.absorb_iff2)
+ by (meson assms(2) cartesian_power_car_memE'' set_take_subset subset_trans)
+
+lemma drop_closed:
+ assumes "k < n"
+ assumes "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "drop k x \<in> carrier (R\<^bsup>n - k\<^esup>)"
+ apply(rule cartesian_power_car_memI[of "drop k x" "n - k"] )
+ using assms(2) cartesian_power_car_memE length_drop apply blast
+ by (metis add_diff_inverse_nat assms(1) assms(2) cartesian_power_car_memE
+ cartesian_power_car_memE' in_set_conv_nth length_drop less_imp_le_nat
+ nat_add_left_cancel_less nth_drop order.asym subsetI)
+
+lemma last_closed:
+ assumes "n > 0"
+ assumes "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "last x \<in> carrier R"
+ using assms
+ by (metis Suc_diff_1 cartesian_power_car_memE cartesian_power_car_memE'
+ last_conv_nth lessI list.size(3) neq0_conv)
+
+lemma cartesian_power_concat:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "b \<in> carrier (R\<^bsup>k\<^esup>)"
+ shows "a@b \<in> carrier (R\<^bsup>n+k\<^esup>)"
+ "b@a \<in> carrier (R\<^bsup>n+k\<^esup>)"
+ apply (metis (no_types, lifting) append_eq_conv_conj assms(1) assms(2)
+ cartesian_power_car_memE cartesian_power_car_memI'' length_append)
+ by (metis (no_types, lifting) add.commute append_eq_conv_conj assms(1) assms(2)
+ cartesian_power_car_memE cartesian_power_car_memI'' length_append)
+
+lemma cartesian_power_decomp:
+ assumes "a \<in> carrier (R\<^bsup>n+k\<^esup>)"
+ obtains a0 a1 where "a0 \<in> carrier (R\<^bsup>n\<^esup>) \<and> a1 \<in> carrier (R\<^bsup>k\<^esup>) \<and> a0@a1 = a"
+ using assms
+ by (metis (no_types, lifting) add_diff_cancel_left' append.assoc append_eq_append_conv
+ append_take_drop_id cartesian_power_car_memE drop_closed le_add1
+ le_neq_implies_less length_append take_closed)
+
+lemma list_segment_pow:
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "j \<le> n"
+ assumes "i \<le> j"
+ shows "list_segment i j as \<in> carrier (R\<^bsup>j - i\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ using list_segment_length assms cartesian_power_car_memE
+ apply blast
+ using assms
+ by (metis cartesian_power_car_memE cartesian_power_car_memE''
+ dual_order.trans list_segment_subset_list_set)
+
+lemma nth_list_segment:
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "j \<le>n"
+ assumes "i \<le> j"
+ assumes "k < j - i"
+ shows "(list_segment i j as) ! k = as ! (i + k)"
+ unfolding list_segment_def
+ using assms nth_map_upt[of k j i "((!) as)" ]
+ by blast
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Mapping the Carrier of a Ring to its 1-Dimensional Cartesian Power.\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+context cring
+begin
+
+lemma R1_carI:
+ assumes "length as = 1"
+ assumes "as!0 \<in> carrier R"
+ shows "as \<in> carrier (R\<^bsup>1\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ using assms
+ apply blast
+ using assms
+ by (metis in_set_conv_nth less_one subsetI)
+
+abbreviation(input) to_R1 where
+"to_R1 a \<equiv> [a]"
+
+abbreviation(input) to_R :: "'a list \<Rightarrow> 'a" where
+"to_R as \<equiv> as!0"
+
+lemma to_R1_to_R:
+ assumes "a \<in> carrier (R\<^bsup>1\<^esup>)"
+ shows "to_R1 (to_R a) = a"
+proof-
+ have "length a = 1"
+ using assms cartesian_power_car_memE by blast
+ then obtain b where "a = [b]"
+ by (metis One_nat_def length_0_conv length_Suc_conv)
+ then show ?thesis
+ using assms
+ by (metis nth_Cons_0)
+qed
+
+lemma to_R_to_R1:
+ shows "to_R (to_R1 a) = a"
+ by (meson nth_Cons_0)
+
+lemma to_R1_closed:
+ assumes "a \<in> carrier R"
+ shows "to_R1 a \<in> carrier (R\<^bsup>1\<^esup>)"
+proof(rule R1_carI)
+ show "length [a] = 1"
+ by simp
+ show "[a] ! 0 \<in> carrier R"
+ using assms to_R_to_R1 by presburger
+qed
+
+lemma to_R_pow_closed:
+ assumes "a \<in> carrier (R\<^bsup>1\<^esup>)"
+ shows "to_R a \<in> carrier R"
+ using assms cartesian_power_car_memE' by blast
+
+lemma to_R1_intersection:
+ assumes "A \<subseteq> carrier R"
+ assumes "B \<subseteq> carrier R"
+ shows "to_R1 ` (A \<inter> B) = to_R1` A \<inter> to_R1 ` B"
+proof
+ show "(\<lambda>a. [a]) ` (A \<inter> B) \<subseteq> (\<lambda>a. [a]) ` A \<inter> (\<lambda>a. [a]) ` B"
+ by blast
+ show "(\<lambda>a. [a]) ` A \<inter> (\<lambda>a. [a]) ` B \<subseteq> (\<lambda>a. [a]) ` (A \<inter> B)"
+ using assms
+ by blast
+qed
+
+lemma to_R1_finite:
+ assumes "finite A"
+ shows "finite (to_R1` A)"
+ "card A = card (to_R1` A)"
+ using assms
+ apply blast
+ apply(rule finite.induct[of A])
+ apply (simp add: assms(1))
+ apply simp
+ by (smt card_insert_if finite_imageI image_iff image_insert list.inject)
+
+lemma to_R1_carrier:
+"to_R1` (carrier R)= carrier (R\<^bsup>1\<^esup>)"
+proof
+ show "(\<lambda>a. [a]) ` carrier R \<subseteq> carrier (R\<^bsup>1\<^esup>)"
+ proof fix x
+ assume "x \<in> (\<lambda>a. [a]) ` carrier R"
+ then show "x \<in> carrier (R\<^bsup>1\<^esup>)"
+ using cartesian_power_car_memI[of x 1 R]
+ by (metis (no_types, lifting) image_iff to_R1_closed)
+ qed
+ show "carrier (R\<^bsup>1\<^esup>) \<subseteq> (\<lambda>a. [a]) ` carrier R"
+ proof fix x
+ assume "x \<in> carrier (R\<^bsup>1\<^esup>)"
+ then obtain a where a_def: "a \<in> carrier R \<and> x = [a]"
+ using cartesian_power_car_memE'[of x R 1] cartesian_power_car_memE[of x R 1]
+ by (metis less_numeral_extra(1) to_R1_to_R)
+ then show "x \<in> (\<lambda>a. [a]) ` carrier R"
+ by blast
+ qed
+qed
+
+lemma to_R1_diff:
+"to_R1` (A - B) = to_R1` A - to_R1` B"
+proof
+ show "(\<lambda>a. [a]) ` (A - B) \<subseteq> (\<lambda>a. [a]) ` A - (\<lambda>a. [a]) ` B"
+ by blast
+ show "(\<lambda>a. [a]) ` A - (\<lambda>a. [a]) ` B \<subseteq> (\<lambda>a. [a]) ` (A - B)"
+ by blast
+qed
+
+lemma to_R1_complement:
+ shows "to_R1` (carrier R - A) = carrier (R\<^bsup>1\<^esup>) - to_R1` A"
+ by (metis to_R1_carrier to_R1_diff)
+
+lemma to_R1_subset:
+ assumes "A \<subseteq> B"
+ shows "to_R1` A \<subseteq> to_R1` B"
+ using assms
+ by blast
+
+lemma to_R1_car_subset:
+ assumes "A \<subseteq> carrier R"
+ shows "to_R1` A \<subseteq> carrier (R\<^bsup>1\<^esup>)"
+ using assms to_R1_carrier
+ by blast
+end
+
+ (**********************************************************************)
+ (**********************************************************************)
+ subsection\<open>Simple Cartesian Products\<close>
+ (**********************************************************************)
+ (**********************************************************************)
+definition cartesian_product :: "('a list) set \<Rightarrow> ('a list) set \<Rightarrow> ('a list) set" where
+"cartesian_product A B \<equiv> {xs. \<exists>as \<in> A. \<exists>bs \<in> B. xs = as@bs}"
+
+lemma cartesian_product_closed:
+ assumes "A \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ assumes "B \<subseteq> carrier (R\<^bsup>m\<^esup>)"
+ shows "cartesian_product A B \<subseteq> carrier (R\<^bsup>n + m\<^esup>)"
+proof
+ fix x
+ assume A: "x \<in> cartesian_product A B "
+ then obtain as bs where as_bs_def: "x = as@bs \<and> as \<in> A \<and> bs \<in> B"
+ unfolding cartesian_product_def by blast
+ show "x \<in> carrier (R\<^bsup>n + m\<^esup>) "
+ apply(rule cartesian_power_car_memI')
+ apply (metis as_bs_def assms cartesian_power_car_memE length_append subsetD)
+ using A unfolding cartesian_product_def
+ by (metis (no_types, lifting) add_diff_inverse_nat as_bs_def assms(1)
+ assms(2) cartesian_power_car_memE cartesian_power_car_memE'
+ nat_add_left_cancel_less nth_append subsetD)
+qed
+
+lemma cartesian_product_closed':
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "b \<in> carrier (R\<^bsup>m\<^esup>)"
+ shows "(a@b) \<in> carrier (R\<^bsup>n + m\<^esup>)"
+proof-
+ have "a@b \<in> cartesian_product {a} {b}"
+ using cartesian_product_def by blast
+ then show ?thesis
+ using cartesian_product_closed[of "{a}" R n "{b}" m]
+ assms
+ by blast
+qed
+
+lemma cartesian_product_carrier:
+"cartesian_product (carrier (R\<^bsup>n\<^esup>)) (carrier (R\<^bsup>m\<^esup>)) = carrier (R\<^bsup>n + m\<^esup>)"
+proof
+ show "cartesian_product (carrier (R\<^bsup>n\<^esup>)) (carrier (R\<^bsup>m\<^esup>)) \<subseteq> carrier (R\<^bsup>n + m\<^esup>)"
+ using cartesian_product_closed[of "(carrier (R\<^bsup>n\<^esup>))" R n "(carrier (R\<^bsup>m\<^esup>)) " m]
+ by blast
+ show "carrier (R\<^bsup>n + m\<^esup>) \<subseteq> cartesian_product (carrier (R\<^bsup>n\<^esup>)) (carrier (R\<^bsup>m\<^esup>))"
+ proof
+ fix x
+ assume A: "x \<in> carrier (R\<^bsup>n + m\<^esup>)"
+ have 0: "take n x \<in> carrier (R\<^bsup>n\<^esup>)"
+ apply(rule cartesian_power_car_memI')
+ apply (metis A cartesian_power_car_memE le_add1 length_take min.absorb2)
+ by (metis A add.commute cartesian_power_car_memE'
+ nth_take trans_less_add2)
+ have 1: "drop n x \<in> carrier (R\<^bsup>m\<^esup>)"
+ apply(rule cartesian_power_car_memI')
+ apply (metis A add_diff_cancel_left' cartesian_power_car_memE length_drop)
+ by (metis A cartesian_power_car_memE cartesian_power_car_memE' le_add1 nat_add_left_cancel_less nth_drop)
+ show "x \<in> cartesian_product (carrier (R\<^bsup>n\<^esup>)) (carrier (R\<^bsup>m\<^esup>))"
+ using 0 1
+ by (smt A cartesian_power_decomp cartesian_product_def mem_Collect_eq)
+qed
+
+
+text\<open>Higher function rings\<close>
+qed
+
+lemma cartesian_product_memI:
+ assumes "A \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ assumes "B \<subseteq> carrier (R\<^bsup>m\<^esup>)"
+ assumes "take n a \<in> A"
+ assumes "drop n a \<in> B"
+ shows "a \<in> cartesian_product A B"
+proof-
+ have "a = (take n a) @ (drop n a)"
+ by (metis append_take_drop_id)
+ then show ?thesis
+ using assms(3) assms(4) cartesian_product_def by blast
+qed
+
+lemma cartesian_product_memI':
+ assumes "A \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ assumes "B \<subseteq> carrier (R\<^bsup>m\<^esup>)"
+ assumes "a \<in> A"
+ assumes "b \<in> B"
+ shows "a@b \<in> cartesian_product A B"
+ using assms unfolding cartesian_product_def
+ by blast
+
+lemma cartesian_product_memE:
+assumes "a \<in> cartesian_product A B"
+assumes "A \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+shows "take n a \<in> A"
+ "drop n a \<in> B"
+ using assms unfolding cartesian_product_def
+ apply (smt append_eq_conv_conj cartesian_power_car_memE in_mono mem_Collect_eq)
+ using assms unfolding cartesian_product_def
+ by (smt append_eq_conv_conj cartesian_power_car_memE in_mono mem_Collect_eq)
+
+lemma cartesian_product_intersection:
+ assumes "A \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ assumes "B \<subseteq> carrier (R\<^bsup>m\<^esup>)"
+ assumes "C \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ assumes "D \<subseteq> carrier (R\<^bsup>m\<^esup>)"
+ shows "cartesian_product A B \<inter> cartesian_product C D = cartesian_product (A \<inter> C) (B \<inter> D)"
+proof
+ show "cartesian_product A B \<inter> cartesian_product C D \<subseteq> cartesian_product (A \<inter> C) (B \<inter> D)"
+ proof fix x
+ assume "x \<in> cartesian_product A B \<inter> cartesian_product C D"
+ then show "x \<in> cartesian_product (A \<inter> C) (B \<inter> D)"
+ using assms cartesian_product_memE[of x C D] cartesian_product_memE[of x A B]
+ cartesian_product_memI[of "A \<inter> C" R n "B \<inter> D" m x]
+ by (smt Int_iff inf.coboundedI1)
+ qed
+ show "cartesian_product (A \<inter> C) (B \<inter> D) \<subseteq> cartesian_product A B \<inter> cartesian_product C D"
+ proof fix x
+ assume "x \<in> cartesian_product (A \<inter> C) (B \<inter> D)"
+ then show "x \<in> cartesian_product A B \<inter> cartesian_product C D"
+ using assms cartesian_product_memI[of C R n D m] cartesian_product_memI[of A R n B m]
+ cartesian_product_memE[of x "A \<inter> B" "C \<inter> D" R n ]
+ by (metis (no_types, lifting) Int_iff cartesian_product_memE(1) cartesian_product_memE(2) inf_le1 subset_trans)
+ qed
+qed
+
+lemma cartesian_product_subsetI:
+ assumes "C \<subseteq> A"
+ assumes "D \<subseteq> B"
+ shows "cartesian_product C D \<subseteq> cartesian_product A B"
+ using assms unfolding cartesian_product_def
+ by blast
+
+lemma cartesian_product_binary_union_right:
+ assumes "C \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ assumes "D \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ shows "cartesian_product A (C \<union> D) = (cartesian_product A C) \<union> (cartesian_product A D)"
+proof
+ show "cartesian_product A (C \<union> D) \<subseteq> cartesian_product A C \<union> cartesian_product A D"
+ unfolding cartesian_product_def by blast
+ show "cartesian_product A C \<union> cartesian_product A D \<subseteq> cartesian_product A (C \<union> D)"
+ unfolding cartesian_product_def by blast
+qed
+
+lemma cartesian_product_binary_union_left:
+ assumes "C \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ assumes "D \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ shows "cartesian_product (C \<union> D) A = (cartesian_product C A) \<union> (cartesian_product D A)"
+proof
+ show "cartesian_product (C \<union> D) A \<subseteq> cartesian_product C A \<union> cartesian_product D A"
+ unfolding cartesian_product_def by blast
+ show "cartesian_product C A \<union> cartesian_product D A \<subseteq> cartesian_product (C \<union> D) A"
+ unfolding cartesian_product_def by blast
+qed
+
+lemma cartesian_product_binary_intersection_right:
+ assumes "C \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ assumes "D \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ assumes "A \<subseteq> carrier (R\<^bsup>m\<^esup>)"
+ shows "cartesian_product A (C \<inter> D) = (cartesian_product A C) \<inter> (cartesian_product A D)"
+proof
+ show "cartesian_product A (C \<inter> D) \<subseteq> cartesian_product A C \<inter> cartesian_product A D"
+ unfolding cartesian_product_def by blast
+ show "cartesian_product A C \<inter> cartesian_product A D \<subseteq> cartesian_product A (C \<inter> D)"
+ proof fix x assume A: "x \<in> cartesian_product A C \<inter> cartesian_product A D"
+ show "x \<in> cartesian_product A (C \<inter> D)" apply(rule cartesian_product_memI[of A R m _ n ])
+ apply (simp add: assms(3))
+ apply (simp add: assms(1) inf.coboundedI1)
+ apply (meson A IntD1 assms(3) cartesian_product_memE(1))
+ by (meson A Int_iff assms(3) cartesian_product_memE(2))
+ qed
+qed
+
+lemma cartesian_product_binary_intersection_left:
+ assumes "C \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ assumes "D \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ assumes "A \<subseteq> carrier (R\<^bsup>m\<^esup>)"
+ shows "cartesian_product (C \<inter> D) A = (cartesian_product C A) \<inter> (cartesian_product D A)"
+proof
+ show "cartesian_product (C \<inter> D) A \<subseteq> cartesian_product C A \<inter> cartesian_product D A"
+ unfolding cartesian_product_def by blast
+ show "cartesian_product C A \<inter> cartesian_product D A \<subseteq> cartesian_product (C \<inter> D) A"
+ proof fix x assume A: "x \<in> cartesian_product C A \<inter> cartesian_product D A"
+ show "x \<in> cartesian_product (C \<inter> D) A" apply(rule cartesian_product_memI[of _ R n _ m ])
+ apply (simp add: assms(2) inf.coboundedI2)
+ apply (simp add: assms(3))
+ apply (meson A Int_iff assms(1) assms(2) cartesian_product_memE(1))
+ by (meson A IntD1 assms(1) cartesian_product_memE(2))
+ qed
+qed
+
+lemma cartesian_product_car_complement_right:
+ assumes "A \<subseteq> carrier (R\<^bsup>m\<^esup>)"
+ shows "carrier (R\<^bsup>n + m\<^esup>) - cartesian_product (carrier (R\<^bsup>n\<^esup>)) A =
+ cartesian_product (carrier (R\<^bsup>n\<^esup>)) ((carrier (R\<^bsup>m\<^esup>)) - A)"
+proof
+ show "carrier (R\<^bsup>n + m\<^esup>) - cartesian_product (carrier (R\<^bsup>n\<^esup>)) A \<subseteq> cartesian_product (carrier (R\<^bsup>n\<^esup>)) ((carrier (R\<^bsup>m\<^esup>)) - A)"
+ proof fix x assume A: "x \<in> (carrier (R\<^bsup>n + m\<^esup>) - cartesian_product (carrier (R\<^bsup>n\<^esup>)) A)"
+ show "x \<in> cartesian_product (carrier (R\<^bsup>n\<^esup>)) ((carrier (R\<^bsup>m\<^esup>)) - A)"
+ apply(rule cartesian_product_memI[of _ R n _ m])
+ apply simp
+ apply simp
+ apply (meson A DiffE le_add1 take_closed)
+ apply(rule ccontr)
+ proof-
+ assume A': "drop n x \<notin> (carrier (R\<^bsup>m\<^esup>) - A)"
+ have "drop n x \<in> A"
+ proof-
+ have "x \<in> cartesian_product (carrier (R\<^bsup>n\<^esup>)) (carrier (R\<^bsup>m\<^esup>))"
+ using A
+ by (metis (mono_tags, lifting) DiffD1 cartesian_product_carrier)
+ then show ?thesis
+ using A' cartesian_product_memE[of x "(carrier (R\<^bsup>n\<^esup>))" "(carrier (R\<^bsup>m\<^esup>))" R n]
+ by blast
+ qed
+ then show False
+ using A cartesian_product_memI[of "(carrier (R\<^bsup>n\<^esup>))" R n A m x]
+ by (meson DiffD1 DiffD2 assms le_add1 order_refl take_closed)
+ qed
+ qed
+ show "cartesian_product (carrier (R\<^bsup>n\<^esup>)) ((carrier (R\<^bsup>m\<^esup>)) - A) \<subseteq> carrier (R\<^bsup>n + m\<^esup>) - cartesian_product (carrier (R\<^bsup>n\<^esup>)) A"
+ proof fix x assume A: "x \<in> cartesian_product (carrier (R\<^bsup>n\<^esup>)) ((carrier (R\<^bsup>m\<^esup>)) - A)"
+ show "x \<in> carrier (R\<^bsup>n + m\<^esup>) - cartesian_product (carrier (R\<^bsup>n\<^esup>)) A"
+ apply(rule ccontr)
+ using A cartesian_product_memE[of x "carrier (R\<^bsup>n\<^esup>)" A R n]
+ using A cartesian_product_memE[of x "(carrier (R\<^bsup>n\<^esup>))" "(carrier (R\<^bsup>m\<^esup>)) - A" R n]
+ by (metis (no_types, lifting) DiffD1 DiffD2 DiffI
+ append_take_drop_id cartesian_product_closed' order_refl)
+ qed
+qed
+
+lemma cartesian_product_car_complement_left:
+ assumes "A \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ shows "carrier (R\<^bsup>n + m\<^esup>) - cartesian_product A (carrier (R\<^bsup>m\<^esup>)) =
+ cartesian_product ((carrier (R\<^bsup>n\<^esup>)) - A) (carrier (R\<^bsup>m\<^esup>)) "
+proof
+ show "carrier (R\<^bsup>n + m\<^esup>) - cartesian_product A (carrier (R\<^bsup>m\<^esup>)) \<subseteq>
+ cartesian_product ((carrier (R\<^bsup>n\<^esup>)) - A) (carrier (R\<^bsup>m\<^esup>)) "
+ proof fix x assume A: " x \<in> carrier (R\<^bsup>n + m\<^esup>) - cartesian_product A (carrier (R\<^bsup>m\<^esup>))"
+ show "x \<in> cartesian_product ((carrier (R\<^bsup>n\<^esup>)) - A) (carrier (R\<^bsup>m\<^esup>)) "
+ proof(rule cartesian_product_memI[of _ R n _ m])
+ show "carrier (R\<^bsup>n\<^esup>) - A \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ by simp
+ show "carrier (R\<^bsup>m\<^esup>) \<subseteq> carrier (R\<^bsup>m\<^esup>)"
+ by simp
+ show "take n x \<in> carrier (R\<^bsup>n\<^esup>) - A"
+ by (metis (no_types, lifting) A DiffD1 DiffD2 DiffI assms
+ cartesian_product_carrier cartesian_product_memE(2) cartesian_product_memI
+ le_add1 order_refl take_closed)
+ show "drop n x \<in> carrier (R\<^bsup>m\<^esup>)"
+ by (metis A DiffD1 cartesian_product_carrier cartesian_product_memE(2) order_refl)
+ qed
+ qed
+ show "cartesian_product ((carrier (R\<^bsup>n\<^esup>)) - A) (carrier (R\<^bsup>m\<^esup>)) \<subseteq>
+ carrier (R\<^bsup>n + m\<^esup>) - cartesian_product A (carrier (R\<^bsup>m\<^esup>)) "
+ proof fix x assume A: " x \<in> cartesian_product ((carrier (R\<^bsup>n\<^esup>)) - A) (carrier (R\<^bsup>m\<^esup>))"
+ show "x \<in> carrier (R\<^bsup>n + m\<^esup>) - cartesian_product A (carrier (R\<^bsup>m\<^esup>))"
+ apply(rule ccontr)
+ using A cartesian_product_memE[of x "((carrier (R\<^bsup>n\<^esup>)) - A)" "(carrier (R\<^bsup>m\<^esup>))"]
+ cartesian_product_memE[of x A "(carrier (R\<^bsup>m\<^esup>))"]
+ by (smt DiffD1 DiffD2 DiffI Diff_subset append_take_drop_id assms cartesian_product_closed')
+ qed
+qed
+
+lemma cartesian_product_complement_right:
+ assumes "B \<subseteq> carrier (R\<^bsup>m\<^esup>)"
+ assumes "A \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ shows "cartesian_product A (carrier (R\<^bsup>m\<^esup>)) - (cartesian_product A B) =
+ cartesian_product A ((carrier (R\<^bsup>m\<^esup>)) - B)"
+proof
+ show "cartesian_product A (carrier (R\<^bsup>m\<^esup>)) - cartesian_product A B \<subseteq> cartesian_product A ((carrier (R\<^bsup>m\<^esup>)) - B)"
+ unfolding cartesian_product_def by blast
+ show "cartesian_product A ((carrier (R\<^bsup>m\<^esup>)) - B) \<subseteq> cartesian_product A ((carrier (R\<^bsup>m\<^esup>))) - cartesian_product A B"
+ proof fix x assume A: "x \<in> cartesian_product A ((carrier (R\<^bsup>m\<^esup>)) - B)"
+ have 0: "x \<in> cartesian_product A (carrier (R\<^bsup>m\<^esup>))"
+ using A unfolding cartesian_product_def by blast
+ show "x \<in> cartesian_product A (carrier (R\<^bsup>m\<^esup>)) - cartesian_product A B "
+ apply(rule ccontr)
+ using assms 0 A cartesian_product_memE[of x A "((carrier (R\<^bsup>m\<^esup>)) - B)" R n]
+ cartesian_product_memE[of x A B R n]
+ by blast
+ qed
+qed
+
+lemma cartesian_product_complement_left:
+ assumes "B \<subseteq> carrier (R\<^bsup>m\<^esup>)"
+ assumes "A \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ shows "cartesian_product (carrier (R\<^bsup>m\<^esup>)) A - (cartesian_product B A) =
+ cartesian_product ((carrier (R\<^bsup>m\<^esup>)) - B) A "
+proof
+ show "cartesian_product (carrier (R\<^bsup>m\<^esup>)) A - cartesian_product B A \<subseteq> cartesian_product ((carrier (R\<^bsup>m\<^esup>)) - B) A"
+ unfolding cartesian_product_def by blast
+ show "cartesian_product ((carrier (R\<^bsup>m\<^esup>)) - B) A \<subseteq> cartesian_product (carrier (R\<^bsup>m\<^esup>)) A - cartesian_product B A"
+ proof fix x assume A: "x \<in> cartesian_product ((carrier (R\<^bsup>m\<^esup>)) - B) A"
+ have 0: "x \<in> cartesian_product (carrier (R\<^bsup>m\<^esup>)) A"
+ using A unfolding cartesian_product_def by blast
+ have 1: "take m x \<in> (carrier (R\<^bsup>m\<^esup>)) - B"
+ using A cartesian_product_memE[of x "((carrier (R\<^bsup>m\<^esup>)) - B)" A R m]
+ by blast
+ have 2: "drop m x \<in> A"
+ using cartesian_product_memE[of x "((carrier (R\<^bsup>m\<^esup>)) - B)" A R m]
+ by (metis A Diff_subset)
+ show "x \<in> cartesian_product (carrier (R\<^bsup>m\<^esup>)) A - cartesian_product B A"
+ apply(rule ccontr)
+ using A 0 1 2 cartesian_product_memE[of x B A R m] assms
+ by blast
+ qed
+qed
+
+lemma cartesian_product_empty_right:
+ assumes "A \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ assumes "B = {[]}"
+ shows "cartesian_product A B = A"
+proof
+ show "cartesian_product A B \<subseteq> A"
+ using assms unfolding cartesian_product_def
+ by (smt append_Nil2 mem_Collect_eq singletonD subsetI)
+ show "A \<subseteq> cartesian_product A B"
+ using assms unfolding cartesian_product_def
+ by blast
+qed
+
+lemma cartesian_product_empty_left:
+ assumes "B \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ assumes "A = {[]}"
+ shows "cartesian_product A B = B"
+proof
+ show "cartesian_product A B \<subseteq> B"
+ using assms unfolding cartesian_product_def
+ by (smt append.simps(1) mem_Collect_eq singletonD subsetI)
+ show "B \<subseteq> cartesian_product A B"
+ using assms unfolding cartesian_product_def
+ by blast
+qed
+
+ (**********************************************************************)
+ (**********************************************************************)
+ subsection\<open>Cartesian Products at Arbitrary Indices\<close>
+ (**********************************************************************)
+ (**********************************************************************)
+
+definition(in ring) ring_pow_proj :: "nat \<Rightarrow> (nat set) \<Rightarrow> ('a list) \<Rightarrow> ('a list) " ("\<pi>\<^bsub>_, _\<^esub>") where
+"ring_pow_proj n S \<equiv> restrict (project_at_indices S) (carrier (R\<^bsup>n\<^esup>))"
+
+text\<open>The projection at an arbitrary index set\<close>
+
+lemma project_at_indices_closed:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "S \<subseteq> indices_of a"
+ shows "\<pi>\<^bsub>S\<^esub> a \<in> carrier (R\<^bsup>card S\<^esup>)"
+ apply(rule cartesian_power_car_memI')
+ using assms proj_at_index_list_length apply blast
+ using assms project_at_indices_nth[of S]
+ by (smt cartesian_power_car_memE cartesian_power_car_memE' indices_of_def lessThan_iff nth_elem_closed subsetD)
+
+lemma(in ring) ring_pow_proj_is_map:
+ assumes "S \<subseteq> {..<n}"
+ shows "\<pi>\<^bsub>n,S\<^esub> \<in> struct_maps (R\<^bsup>n\<^esup>) (R\<^bsup>card S\<^esup>)"
+proof(rule struct_maps_memI)
+ show "\<And>x. x \<in> carrier (R\<^bsup>n\<^esup>) \<Longrightarrow> \<pi>\<^bsub>n,S\<^esub> x \<in> carrier (R\<^bsup>card S\<^esup>)"
+ using project_at_indices_closed unfolding ring_pow_proj_def
+ by (metis assms cartesian_power_car_memE indices_of_def restrict_apply')
+ show " \<And>x. x \<notin> carrier (R\<^bsup>n\<^esup>) \<Longrightarrow> \<pi>\<^bsub>n, S\<^esub> x = undefined"
+ by (metis restrict_apply ring_pow_proj_def)
+qed
+
+lemma(in ring) project_at_indices_ring_pow_proj:
+ assumes "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "\<pi>\<^bsub>S\<^esub> x = \<pi>\<^bsub>n,S\<^esub> x"
+ unfolding ring_pow_proj_def
+ by (metis assms restrict_apply')
+
+text\<open>
+ Cartesian products where the first factor \<open>A\<close> occurs at the entries of some arbitrary index set.
+ Note that this product isn't completely arbitrary because the entries of the factor of \<open>A\<close>
+ still occurs in ascending order.\<close>
+
+definition twisted_cartesian_product ("Prod\<^bsub>_, _\<^esub>") where
+"twisted_cartesian_product S S' A B = {a . length a = card S + card S' \<and> \<pi>\<^bsub>S\<^esub> a \<in> A \<and> \<pi>\<^bsub>S'\<^esub> a \<in> B}"
+
+lemma twisted_cartesian_product_mem_length:
+ assumes "card S = n"
+ assumes "card S' = m"
+ assumes "a \<in> Prod\<^bsub>S,S'\<^esub> A B"
+ shows "length a = n + m"
+ using assms unfolding twisted_cartesian_product_def
+ by blast
+
+lemma twisted_cartesian_product_closed:
+ assumes "A \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ assumes "B \<subseteq> carrier (R\<^bsup>m\<^esup>)"
+ assumes "card S = n"
+ assumes "card S' = m"
+ assumes "S \<union> S' = {..<n + m}"
+ shows "twisted_cartesian_product S S' A B \<subseteq> carrier (R\<^bsup>n + m\<^esup>)"
+proof(rule subsetI)
+ fix x assume A: "x \<in> twisted_cartesian_product S S' A B"
+ show "x \<in> carrier (R\<^bsup>n + m\<^esup>)"
+ proof(rule cartesian_power_car_memI')
+ show "length x = n + m"
+ using twisted_cartesian_product_mem_length \<open>x \<in> twisted_cartesian_product S S' A B\<close> assms(1) assms(2) assms(3) assms(4) assms(5) by blast
+ fix i assume A': "i < n + m"
+ have 0: "indices_of x = {..<n+m}"
+ by (simp add: \<open>length x = n + m\<close> indices_of_def)
+ show "x ! i \<in> carrier R"
+ proof(cases "i \<in> S")
+ case True
+ have "x!i = \<pi>\<^bsub>S\<^esub>x ! (set_rank S i)"
+ using A' 0 assms
+ by (metis True Un_upper1 project_at_indices_nth')
+ then show ?thesis
+ using project_at_indices_closed[of x R "n + m" S] A A'
+ cartesian_power_car_memE'[of "\<pi>\<^bsub>S\<^esub> x" R "card S"]
+ by (metis (no_types, lifting) True UnI2 Un_upper1 assms(1) assms(3) assms(5)
+ finite_lessThan finite_subset mem_Collect_eq set_rank_range sup.absorb_iff1
+ twisted_cartesian_product_def)
+ next
+ case False
+ have "x!i = \<pi>\<^bsub>S'\<^esub>x ! (set_rank S' i)"
+ using A' 0 assms
+ by (metis False UnE lessThan_iff project_at_indices_nth' sup.absorb_iff1 sup.right_idem)
+ then show ?thesis
+ using project_at_indices_closed[of x R "n + m" S'] A A'
+ cartesian_power_car_memE'[of "\<pi>\<^bsub>S'\<^esub> x" R "card S'"]
+ by (metis (no_types, lifting) False UnE UnI2 Un_upper2 assms(2) assms(4) assms(5)
+ finite_lessThan finite_subset lessThan_iff mem_Collect_eq set_rank_range sup.absorb_iff1
+ twisted_cartesian_product_def)
+ qed
+ qed
+qed
+
+lemma twisted_cartesian_product_memE:
+ assumes "a \<in> twisted_cartesian_product S S' A B"
+ shows "\<pi>\<^bsub>S\<^esub> a \<in> A" "\<pi>\<^bsub>S'\<^esub> a \<in> B"
+ using assms(1) unfolding twisted_cartesian_product_def apply blast
+ using assms(1) unfolding twisted_cartesian_product_def by blast
+
+lemma twisted_cartesian_product_memI:
+ assumes "\<pi>\<^bsub>S\<^esub> a \<in> A"
+ assumes "\<pi>\<^bsub>S'\<^esub> a \<in> B"
+ assumes "length a = card S + card S'"
+ shows "a \<in> twisted_cartesian_product S S' A B"
+ by (metis (mono_tags, lifting) assms(1) assms(2) assms(3) mem_Collect_eq twisted_cartesian_product_def)
+
+lemma twisted_cartesian_product_empty_left_factor:
+ assumes "A = {}"
+ shows "twisted_cartesian_product S S' A B = {}"
+ by (metis assms emptyE equals0I twisted_cartesian_product_memE(1))
+
+lemma twisted_cartesian_product_empty_right_factor:
+ assumes "B = {}"
+ shows "twisted_cartesian_product S S' A B = {}"
+ by (metis assms emptyE equals0I twisted_cartesian_product_memE(2))
+
+lemma twisted_cartesian_project_left:
+ assumes "A \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ assumes "B \<subseteq> carrier (R\<^bsup>m\<^esup>)"
+ assumes "A \<noteq> {}"
+ assumes "B \<noteq> {}"
+ assumes "card S = n"
+ assumes "card S' = m"
+ assumes "S \<union> S' = {..<n + m}"
+ shows "\<pi>\<^bsub>S\<^esub> ` (Prod\<^bsub>S,S'\<^esub> A B) = A"
+proof
+ have f0: "S \<inter> S' = {}"
+ proof-
+ have "card (S \<union> S') = card S + card S'"
+ by (simp add: assms(5) assms(6) assms(7))
+ thus ?thesis
+ by (metis Nat.add_diff_assoc2 add.right_neutral add_diff_cancel_left' assms(6)
+ assms(7) card_0_eq card_Un_Int finite_Int finite_Un finite_lessThan le_add1)
+qed
+ show "\<pi>\<^bsub>S\<^esub> ` (Prod\<^bsub>S,S'\<^esub> A B) \<subseteq> A"
+ unfolding twisted_cartesian_product_def
+ by blast
+ show "A \<subseteq> \<pi>\<^bsub>S\<^esub> ` (Prod\<^bsub>S,S'\<^esub> A B)"
+ proof fix x assume A: "x \<in> A"
+ obtain y where y_def: "y \<in> B"
+ using assms(4) by blast
+ obtain a where a_def:
+ "a = map (\<lambda>i. if i \<in> S then (x ! set_rank S i) else (y ! set_rank S' i)) [0..<n+m]"
+ by blast
+ have 0: "S \<subseteq> indices_of a"
+ by (metis (no_types, lifting) Un_upper1 a_def assms(7) diff_zero indices_of_def length_map length_upt)
+ have 1: "S' \<subseteq> indices_of a"
+ by (metis (no_types, lifting) Un_upper2 a_def assms(7) diff_zero indices_of_def length_map length_upt)
+ have 2: "\<pi>\<^bsub>S\<^esub> a = x"
+ proof-
+ have 20: "length (\<pi>\<^bsub>S\<^esub> a) = n"
+ by (metis (no_types, lifting) Un_upper1 a_def assms(5) assms(7) diff_zero indices_of_def length_map length_upt proj_at_index_list_length)
+ have "\<And>i. i < n \<Longrightarrow> \<pi>\<^bsub>S\<^esub> a ! i = x ! i"
+ proof- fix i assume A: "i < n" show "\<pi>\<^bsub>S\<^esub> a ! i = x ! i"
+ using 0 assms a_def project_at_indices_nth'[of S a "nth_elem S i"] set_rank_nth_elem_inv[of S i]
+ nth_map[of i "[0..<n+m]"]
+ by (smt (z3) A add.left_neutral card.infinite diff_zero indices_of_def length_map length_upt lessThan_iff not_less_zero nth_elem_closed nth_map nth_upt subsetD)
+ qed
+ thus ?thesis using 20
+ by (metis A assms(1) cartesian_power_car_memE nth_equalityI subsetD)
+ qed
+ have 3: "\<pi>\<^bsub>S'\<^esub> a = y"
+ proof-
+ have 20: "length (\<pi>\<^bsub>S'\<^esub> a) = m"
+ using "1" assms(6) proj_at_index_list_length by blast
+ have "\<And>i. i < m \<Longrightarrow> \<pi>\<^bsub>S'\<^esub> a ! i = y ! i"
+ proof- fix i assume A: "i < m"
+ have "nth_elem S' i \<notin> S"
+ using nth_elem_closed[of i S'] f0 A assms(6) by blast
+ thus "\<pi>\<^bsub>S'\<^esub> a ! i = y ! i"
+ using 0 assms a_def project_at_indices_nth'[of S' a "nth_elem S' i"] set_rank_nth_elem_inv[of S' i]
+ nth_map[of i "[0..<n+m]"]
+ by (smt "1" A add.left_neutral card.infinite diff_zero indices_of_def length_map length_upt lessThan_iff not_less0 nth_elem_closed nth_map nth_upt subsetD)
+ qed
+ thus ?thesis
+ by (metis "20" assms(2) cartesian_power_car_memE nth_equalityI subsetD y_def)
+ qed
+ have"a \<in> (Prod\<^bsub>S,S'\<^esub> A B)"
+ apply(rule twisted_cartesian_product_memI)
+ apply (simp add: "2" A)
+ apply (simp add: "3" y_def)
+ by (metis (no_types, lifting) a_def assms(5) assms(6) diff_zero length_map length_upt)
+ thus "x \<in> \<pi>\<^bsub>S\<^esub> ` (Prod\<^bsub>S,S'\<^esub> A B)"
+ using "2" by blast
+ qed
+qed
+
+lemma twisted_cartesian_product_swap:
+ shows "(Prod\<^bsub>S,S'\<^esub> A B) = (Prod\<^bsub>S',S\<^esub> B A)"
+ unfolding twisted_cartesian_product_def
+ by (metis add.commute)
+
+lemma twisted_cartesian_project_right:
+ assumes "A \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ assumes "B \<subseteq> carrier (R\<^bsup>m\<^esup>)"
+ assumes "A \<noteq> {}"
+ assumes "B \<noteq> {}"
+ assumes "card S = n"
+ assumes "card S' = m"
+ assumes "S \<union> S' = {..<n + m}"
+ shows "\<pi>\<^bsub>S'\<^esub> ` (Prod\<^bsub>S,S'\<^esub> A B) = B"
+ using assms twisted_cartesian_project_left[of B R m A n S' S] twisted_cartesian_product_swap
+ by (metis add.commute sup_commute)
+
+text \<open>
+ Cartesian products which send points $a = (a_1, \dots, a_{m})$ and $b = (b_1, \dots, b_{n})$ to
+ the point $(a_1, \dots, a_i, b_1, \dots, b_{n},a_{i+1}, \dots, a_m)$
+\<close>
+definition splitting_permutation :: "nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow>
+ nat \<Rightarrow> nat" where
+"splitting_permutation l1 l2 i j = (if j < i then j else
+ (if i \<le> j \<and> j < l1 then (l2 + j) else
+ (if j < l1 + l2 then j - l1 + i else j)))"
+
+lemma splitting_permutation_case_1_unique:
+ assumes "i \<le> l1"
+ assumes "y < i"
+ assumes "splitting_permutation l1 l2 i j = y"
+ shows "j = y"
+ unfolding splitting_permutation_def
+ using assms(2) assms(3) splitting_permutation_def by auto
+
+lemma splitting_permutation_case_1_exists:
+ assumes "i \<le> l1"
+ assumes "y < i"
+ shows "splitting_permutation l1 l2 i y = y"
+ unfolding splitting_permutation_def
+ by (simp add: assms(2))
+
+lemma splitting_permutation_case_2_unique:
+ assumes "i \<le> l1"
+ assumes "i \<le> y \<and> y < l2 + i"
+ assumes "splitting_permutation l1 l2 i j = y"
+ shows "j = y + l1 - i"
+ unfolding splitting_permutation_def
+ using assms(1) assms(2) assms(3) le_add_diff_inverse2 not_less_iff_gr_or_eq
+ splitting_permutation_def trans_less_add2 by auto
+
+lemma splitting_permutation_case_2_exists:
+ assumes "i \<le> l1"
+ assumes "i \<le> y \<and> y < l2 + i"
+ shows "splitting_permutation l1 l2 i (y + l1 - i) = y"
+ unfolding splitting_permutation_def
+ using assms(1) assms(2) less_diff_conv2 by auto
+
+lemma splitting_permutation_case_3_unique:
+ assumes "i \<le> l1"
+ assumes "l2 + i \<le> y \<and> y < l1 + l2"
+ assumes "splitting_permutation l1 l2 i j = y"
+ shows "j = y - l2"
+ unfolding splitting_permutation_def
+ by (smt Nat.le_diff_conv2 add_diff_cancel_left' add_diff_cancel_right' add_leD2
+ assms(2) assms(3) le_add1 le_diff_iff not_le splitting_permutation_def)
+
+lemma splitting_permutation_case_3_exists:
+ assumes "i \<le> l1"
+ assumes "l2 + i \<le> y \<and> y < l1 + l2"
+ shows "splitting_permutation l1 l2 i (y - l2) = y"
+ unfolding splitting_permutation_def
+ by (metis Nat.le_diff_conv2 add.commute add_leD1 assms(2) leD le_add_diff_inverse less_diff_conv2)
+
+lemma splitting_permutation_case_4_unique:
+ assumes "i \<le> l1"
+ assumes "l1 + l2 \<le> y"
+ assumes "splitting_permutation l1 l2 i j = y"
+ shows "j = y"
+ using assms(1) assms(2) assms(3) le_add_diff_inverse2 less_le_trans
+ splitting_permutation_def by auto
+
+lemma splitting_permutation_case_4_exists:
+ assumes "i \<le> l1"
+ assumes "l1 + l2 \<le>y"
+ shows "splitting_permutation l1 l2 i y = y"
+ unfolding splitting_permutation_def
+ using assms(2) by auto
+
+lemma splitting_permutation_permutes:
+ assumes "i \<le> l1"
+ shows "(splitting_permutation l1 l2 i) permutes {..< l1 + l2}"
+proof-
+ have 0: "(\<forall>x. x \<notin> {..<l1 + l2} \<longrightarrow> splitting_permutation l1 l2 i x = x)"
+ proof fix x show "x \<notin> {..<l1 + l2} \<longrightarrow> splitting_permutation l1 l2 i x = x"
+ proof assume A: "x \<notin> {..<l1 + l2}"
+ then show "splitting_permutation l1 l2 i x = x"
+ using assms unfolding splitting_permutation_def
+ by simp
+ qed
+ qed
+ have 1: "(\<forall>y. \<exists>!x. splitting_permutation l1 l2 i x = y)"
+ proof fix y
+ show "\<exists>!x. splitting_permutation l1 l2 i x = y"
+ proof(cases "y < i")
+ case True
+ then show ?thesis
+ using splitting_permutation_case_1_exists splitting_permutation_case_1_unique assms
+ by (metis splitting_permutation_def)
+ next
+ case F0: False
+ show ?thesis
+ proof(cases "i \<le> y \<and> y < l2 + i")
+ case True
+ then show ?thesis
+ using F0 splitting_permutation_case_2_exists splitting_permutation_case_2_unique assms
+ by metis
+ next
+ case F1: False
+ show ?thesis
+ proof(cases "l2 + i \<le> y \<and> y < l1 + l2")
+ case True
+ then show ?thesis
+ using F0 F1 splitting_permutation_case_3_exists splitting_permutation_case_3_unique assms
+ by metis
+ next
+ case F2: False
+ show ?thesis
+ using F0 F1 F2 splitting_permutation_case_4_exists splitting_permutation_case_4_unique assms
+ by (metis leI not_less)
+ qed
+ qed
+ qed
+ qed
+ show ?thesis
+ using 0 1 permutes_def
+ by blast
+qed
+
+lemma splitting_permutation_action:
+ assumes "i \<le>l1"
+ assumes "length a1 = l1"
+ assumes "length a2 = l2"
+ shows "permute_list (splitting_permutation l1 l2 i) ((take i a1) @ a2 @ (drop i a1)) =
+ a1@a2"
+proof-
+ obtain x where x_def: "x = permute_list (splitting_permutation l1 l2 i) ((take i a1) @ a2 @ (drop i a1))"
+ by blast
+ obtain y where y_def: "y = a1 @ a2"
+ by blast
+ have 0: "length x = length y"
+ using x_def y_def assms splitting_permutation_permutes[of i l1 l2]
+ by (smt add.commute add.left_commute le_add_diff_inverse length_append
+ length_drop length_permute_list length_take min.absorb2)
+ have 1: "\<And>i. i < l1 + l2 \<Longrightarrow> x ! i = y ! i"
+ proof- fix j assume A: "j < l1 + l2"
+ show "x ! j = y ! j"
+ apply(cases "j < i")
+ apply (smt "0" A append_take_drop_id assms(1) assms(2) assms(3) length_append length_permute_list length_take less_le_trans min.absorb2 nth_append permute_list_nth splitting_permutation_case_1_exists splitting_permutation_permutes x_def y_def)
+ apply(cases "i \<le> j \<and> j < l1")
+ apply (smt "0" A add.left_commute append_take_drop_id assms(1) assms(2) assms(3) le_add_diff_inverse length_append length_permute_list length_take min.absorb2 nth_append nth_append_length_plus permute_list_nth splitting_permutation_def splitting_permutation_permutes x_def y_def)
+ using x_def y_def assms
+ by (smt "0" A add.commute add_diff_cancel_left' add_diff_inverse_nat length_append length_permute_list length_take less_diff_conv min.absorb2 not_le nth_append permute_list_nth splitting_permutation_case_1_unique splitting_permutation_def splitting_permutation_permutes)
+ qed
+ have 2: "length x = l1 + l2"
+ by (simp add: x_def assms(2) assms(3))
+ have 3: "x = y"
+ using 0 1 2
+ by (metis nth_equalityI)
+ then show ?thesis
+ using x_def y_def
+ by blast
+qed
+
+definition scp_permutation where
+"scp_permutation l1 l2 i = fun_inv (splitting_permutation l1 l2 i)"
+
+lemma scp_permutation_action:
+ assumes "i \<le>l1"
+ assumes "length a1 = l1"
+ assumes "length a2 = l2"
+ shows "permute_list (scp_permutation l1 l2 i) (a1@a2) = ((take i a1) @ a2 @ (drop i a1))"
+proof-
+ have "(scp_permutation l1 l2 i) \<circ> (splitting_permutation l1 l2 i) = id"
+ by (metis assms(1) fun_inv_def permutes_inv_o(2) scp_permutation_def splitting_permutation_permutes)
+ then have "permute_list ((scp_permutation l1 l2 i) \<circ> (splitting_permutation l1 l2 i) ) ((take i a1) @ a2 @ (drop i a1)) =
+ ((take i a1) @ a2 @ (drop i a1))"
+ by (metis permute_list_id)
+ then show ?thesis using splitting_permutation_action permute_list_compose
+ by (smt \<open>scp_permutation l1 l2 i \<circ> splitting_permutation l1 l2 i = id\<close> assms(1)
+ assms(2) assms(3) fun_inv_def length_append length_permute_list permutes_inv permutes_inv_o(1) scp_permutation_def splitting_permutation_permutes)
+qed
+
+lemma scp_permutes:
+ assumes "i \<le>l1"
+ shows "(scp_permutation l1 l2 i) permutes {..<l1 + l2}"
+ by (simp add: assms(1) fun_inv_def permutes_inv scp_permutation_def splitting_permutation_permutes)
+
+definition split_cartesian_product where
+"split_cartesian_product l1 l2 i A B = permute_list (scp_permutation l1 l2 i) ` (cartesian_product A B)"
+
+lemma split_cartesian_product_memI:
+ assumes "a1@a2 \<in> A"
+ assumes "b \<in> B"
+ assumes "A \<subseteq> carrier (R\<^bsup>l1\<^esup>)"
+ assumes "B \<subseteq> carrier (R\<^bsup>l2\<^esup>)"
+ assumes "length a1 = i"
+ shows "a1@b@a2 \<in> split_cartesian_product l1 l2 i A B"
+proof-
+ have P: "a1@a2@b \<in> cartesian_product A B"
+ by (metis append.assoc assms(1) assms(2) assms(3) assms(4) cartesian_product_memI')
+ have 0: "i \<le> l1"
+ using assms
+ by (metis cartesian_power_car_memE le_add1 length_append subset_iff)
+ have 1: "length (a1@a2) = l1"
+ using assms(1) assms(3) cartesian_power_car_memE
+ by blast
+ have 2: "length b = l2"
+ using assms(2) assms(4) cartesian_power_car_memE
+ by blast
+ have 3: "take i (a1 @ a2) = a1"
+ by (simp add: assms(5))
+ have 4: "drop i (a1 @ a2) = a2"
+ by (simp add: assms(5))
+ have "permute_list (scp_permutation l1 l2 i) ((a1 @ a2) @ b) = take i (a1 @ a2) @ b @ drop i (a1 @ a2)"
+ using 0 1 2 scp_permutation_action[of i l1 "a1@a2" b l2]
+ by blast
+ then have "permute_list (scp_permutation l1 l2 i) ((a1@a2)@b) = a1@b@a2 "
+ by(simp only: 3 4)
+ then have "permute_list (scp_permutation l1 l2 i) (a1@a2@b) = a1@b@a2 "
+ by simp
+ then show ?thesis
+ using P unfolding split_cartesian_product_def
+ by (metis (mono_tags, lifting) image_eqI)
+qed
+
+lemma split_cartesian_product_memI':
+ assumes "a \<in> A"
+ assumes "b \<in> B"
+ assumes "A \<subseteq> carrier (R\<^bsup>l1\<^esup>)"
+ assumes "B \<subseteq> carrier (R\<^bsup>l2\<^esup>)"
+ assumes "i \<le> l1"
+ shows "(take i a)@b@(drop i a) \<in> split_cartesian_product l1 l2 i A B"
+ using assms split_cartesian_product_memI[of "take i a" "drop i a" A b B R l1 l2 i]
+ by (metis append_take_drop_id cartesian_power_car_memE length_take min.absorb2 subset_iff)
+
+lemma split_cartesian_product_memE:
+ assumes "a \<in> split_cartesian_product l1 l2 i A B"
+ assumes "A \<subseteq> carrier (R\<^bsup>l1\<^esup>)"
+ assumes "B \<subseteq> carrier (R\<^bsup>l2\<^esup>)"
+ assumes "i \<le> l1"
+ shows "(take i a)@(drop (i + l2) a) \<in> A"
+ "(drop i (take (i + l2) a)) \<in> B"
+proof-
+ obtain b where b_def: "b \<in> cartesian_product A B \<and> a = permute_list (scp_permutation l1 l2 i) b"
+ using assms split_cartesian_product_def
+ by (metis (mono_tags, lifting) image_iff)
+ then have 0: "(take l1 b) \<in> A \<and> (drop l1 b) \<in> B"
+ using assms(2) cartesian_product_memE(1)[of b A B R l1] cartesian_product_memE(2)[of b A B R l1]
+ by metis
+ have 1: "a = (take i (take l1 b))@(drop l1 b)@(drop i (take l1 b))"
+ using "0" append_take_drop_id assms(2) assms(3) assms(4) b_def
+ cartesian_power_car_memE scp_permutation_action subsetD
+ by smt
+ have 2: "(take i a) = (take i (take l1 b))"
+ using 0 1
+ by (metis (no_types, lifting) append_eq_append_conv append_take_drop_id
+ assms(4) b_def length_permute_list length_take min.absorb1 take_take)
+ have "drop (i + l2) a = drop i (take l1 b)"
+ proof-
+ have "drop (i + l2) ( (take i (take l1 b))@(drop l1 b)@(drop i (take l1 b))) = drop i (take l1 b)"
+ using assms
+ by (metis "0" "1" "2" add.commute append_eq_conv_conj append_take_drop_id
+ cartesian_power_car_memE drop_drop subsetD)
+ then show ?thesis
+ using 1
+ by blast
+ qed
+ then show "take i a @ drop (i + l2) a \<in> A"
+ by (metis "0" "2" append_take_drop_id)
+ have 3: "length b = l1 + l2 "
+ by (metis "0" append_take_drop_id assms(2) assms(3) cartesian_power_car_memE length_append subsetD)
+ then have "(drop i (take (i + l2) ((take i (take l1 b))@(drop l1 b)@(drop i (take l1 b))))) = (drop l1 b)"
+ proof-
+ have 0: "take (i + l2) ((take i (take l1 b))@(drop l1 b)@(drop i (take l1 b))) =
+ take (i + l2) ((take i b)@(drop l1 b)@(drop i (take l1 b)))"
+ using assms(4)
+ by (metis min.absorb1 take_take)
+ have 1: "length ((take i b)@(drop l1 b)) = i + l2"
+ using 3 assms
+ by (metis (no_types, opaque_lifting) add_diff_cancel_left' b_def length_append length_drop
+ length_permute_list length_take min.absorb2 trans_le_add1)
+ have 2: "take (i + l2) (((take i b)@(drop l1 b))@(drop i (take l1 b))) = (take i b)@(drop l1 b)"
+ using 1
+ by (metis append_eq_conv_conj)
+ have 3: "take (i + l2) ((take i b)@(drop l1 b)@(drop i (take l1 b))) = (take i b)@(drop l1 b)"
+ using 2
+ by (metis append.assoc)
+ have 4: "take (i + l2) ((take i (take l1 b))@(drop l1 b)@(drop i (take l1 b))) = (take i b)@(drop l1 b)"
+ using "0" "3"
+ by presburger
+ then have 5: "(drop i (take (i + l2) ((take i (take l1 b))@(drop l1 b)@(drop i (take l1 b))))) =
+ drop i ((take i b)@(drop l1 b))"
+ by presburger
+ have "length (take i b) = i"
+ by (metis "1" append_take_drop_id assms(4) le_add1 length_take min.absorb2 min.bounded_iff nat_le_linear take_all)
+ then show ?thesis using 5
+ by (metis append_eq_conv_conj)
+ qed
+ then have "drop i (take (i + l2) a) = drop l1 b"
+ using 1 by blast
+ then show "(drop i (take (i + l2) a)) \<in> B"
+ using 0
+ by presburger
+qed
+
+lemma split_cartesian_product_mem_length:
+ assumes "a \<in> split_cartesian_product l1 l2 i A B"
+ assumes "A \<subseteq> carrier (R\<^bsup>l1\<^esup>)"
+ assumes "B \<subseteq> carrier (R\<^bsup>l2\<^esup>)"
+ assumes "i \<le> l1"
+ shows "length a = l1 + l2"
+ using assms unfolding split_cartesian_product_def
+ using cartesian_product_closed[of A R l1 B l2] scp_permutes[of i l1 l2]
+ by (smt cartesian_power_car_memE imageE in_mono length_permute_list scp_permutation_def)
+
+lemma split_cartesian_product_memE':
+ assumes "a1@b@a2 \<in> split_cartesian_product l1 l2 i A B"
+ assumes "A \<subseteq> carrier (R\<^bsup>l1\<^esup>)"
+ assumes "B \<subseteq> carrier (R\<^bsup>l2\<^esup>)"
+ assumes "i \<le> l1"
+ assumes "length a1 = i"
+ assumes "length b = l2"
+ assumes "length as = (l1 - i)"
+ shows "a1@a2 \<in> A"
+ "b \<in> B"
+ using assms split_cartesian_product_memE(1)[of "a1@b@a2" l1 l2 i A B R]
+ apply (metis append.assoc append_eq_conv_conj length_append)
+ using assms split_cartesian_product_memE(2)[of "a1@b@a2" l1 l2 i A B R]
+ by (metis add_diff_cancel_left' append_eq_conv_conj drop_take)
+
+lemma split_cartesian_product_closed:
+ assumes "A \<subseteq> carrier (R\<^bsup>l1\<^esup>)"
+ assumes "B \<subseteq> carrier (R\<^bsup>l2\<^esup>)"
+ assumes "i \<le> l1"
+ shows "split_cartesian_product l1 l2 i A B \<subseteq> carrier (R\<^bsup>l1 + l2\<^esup>)"
+proof fix x
+ assume A: "x \<in> split_cartesian_product l1 l2 i A B"
+ show "x \<in> carrier (R\<^bsup>l1 + l2\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ apply (meson \<open>x \<in> split_cartesian_product l1 l2 i A B\<close> assms(1)
+ assms(2) assms(3) split_cartesian_product_mem_length)
+ using assms A unfolding split_cartesian_product_def
+ using cartesian_product_closed[of A R l1 B l2]
+ by (smt A cartesian_power_car_memE'' image_iff length_permute_list
+ scp_permutes set_permute_list split_cartesian_product_mem_length subsetD)
+qed
+
+text\<open>General function for permuting the elements of a simple cartesian product:\<close>
+
+definition intersperse :: "(nat \<Rightarrow> nat) \<Rightarrow> 'a tuple \<Rightarrow> 'a tuple \<Rightarrow> 'a tuple" where
+"intersperse \<sigma> as bs = permute_list \<sigma> (as@bs) "
+
+lemma intersperseE:
+ assumes "\<sigma> permutes ({..<n})"
+ assumes "length as + length bs = n"
+ shows "length (intersperse \<sigma> as bs) = n"
+ by (metis assms(2) intersperse_def length_append length_permute_list)
+
+lemma intersperseE':
+ assumes "\<sigma> permutes ({..<n})"
+ assumes "length as + length bs = n"
+ assumes "length as = k"
+ assumes "\<sigma> i < k"
+ shows "(intersperse \<sigma> as bs)! i = as ! \<sigma> i"
+proof-
+ have "permute_list \<sigma> (as @ bs) ! i = (as @ bs) ! \<sigma> i"
+ using assms permute_list_nth[of \<sigma> "(as@bs)" i]
+ unfolding intersperse_def
+ by (metis length_append lessThan_iff permutes_not_in trans_less_add1)
+ then show ?thesis using assms
+ by (metis intersperse_def nth_append)
+qed
+
+lemma intersperseE'':
+ assumes "\<sigma> permutes ({..<n})"
+ assumes "length as + length bs = n"
+ assumes "length as = k"
+ assumes "i < n"
+ assumes "\<sigma> i \<ge> k"
+ shows "(intersperse \<sigma> as bs)! i = bs ! ((\<sigma> i) - k)"
+proof-
+ have 0: "permute_list \<sigma> (as @ bs) ! i = (as @ bs) ! \<sigma> i"
+ using assms permute_list_nth[of \<sigma> "(as@bs)" i]
+ unfolding intersperse_def
+ proof -
+ have "(as @ bs) ! \<sigma> i = (as @ bs) ! \<sigma> ([0..<n] ! i)"
+ by (simp add: \<open>i < n\<close>)
+ then show ?thesis
+ by (metis (no_types) \<open>i < n\<close> \<open>length as + length bs = n\<close> diff_zero length_append
+ length_upt nth_map permute_list_def)
+ qed
+ have 1: "\<sigma> i < n"
+ using assms
+ by (meson lessThan_iff permutes_in_image)
+ have 2: "(\<sigma> i) - k < length bs"
+ using "1" assms(2) assms(3) assms(5) by linarith
+ have "(as @ bs) ! (\<sigma> i) = bs ! (\<sigma> i - length as)"
+ using assms 1 2 nth_append[of as bs "(\<sigma> i)"]
+ by (meson not_le)
+ then have 3: "(as @ bs) ! (\<sigma> i) = bs ! (\<sigma> i - k)"
+ using assms
+ by blast
+ have 4: "permute_list \<sigma> (as @ bs) ! i = (as @ bs) ! (\<sigma> i)"
+ using "0" by blast
+ show ?thesis using 4 3 unfolding intersperse_def
+ by auto
+qed
+
+text\<open>Some more lemmas about the project\_at\_indices function.\<close>
+
+lemma project_at_indices_consecutive_ind_length:
+ assumes "(i::nat) < j"
+ assumes "j \<le> n"
+ assumes "length a = n"
+ shows "length (project_at_indices {i..<j} a) = j - i"
+ using assms proj_at_index_list_length[of "{i..<j}" a]
+ unfolding indices_of_def
+ by (metis card_atLeastLessThan ivl_subset le_less_linear lessThan_atLeast0 not_less0)
+
+lemma project_at_indices_consecutive_ind_length':
+ assumes "(i::nat) < j"
+ assumes "j \<le> n"
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "length (project_at_indices {i..<j} a) = j - i"
+ using assms(1) assms(2) assms(3) cartesian_power_car_memE project_at_indices_consecutive_ind_length by blast
+
+lemma sorted_list_of_set_from_up_to:
+ assumes "(i::nat) < j"
+ assumes "k < j - i"
+ shows "sorted_list_of_set {i..<j} ! k = i + k"
+ using assms apply(induction k)
+ apply simp by simp
+
+lemma nth_elem_consecutive_indices:
+ assumes "(i::nat) < j"
+ assumes "k < j - i"
+ shows "nth_elem {i..<j} k = i + k"
+ using nth_elem.simps[of "{i..<j}" k] sorted_list_of_set_from_up_to assms(2)
+ by auto
+
+lemma project_at_indices_consecutive_indices:
+ assumes "(i::nat) < j"
+ assumes "j \<le> n"
+ assumes "length a = n"
+ assumes "k < j - i"
+ shows "(project_at_indices {i..<j} a) ! k = a! (i + k)"
+ using assms nth_elem_consecutive_indices[of i j k]
+ by (metis atLeast0LessThan card_atLeastLessThan indices_of_def ivl_subset linorder_le_less_linear not_less0 project_at_indices_nth)
+
+lemma project_at_indices_consecutive_indices':
+ assumes "(i::nat) < j"
+ assumes "j \<le> n"
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "k < j - i"
+ shows "(project_at_indices {i..<j} a) ! k = a! (i + k)"
+ using assms(1) assms(2) assms(3) assms(4) cartesian_power_car_memE project_at_indices_consecutive_indices by blast
+
+lemma tl_as_projection:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "tl a = project_at_indices {1::nat..<n} a"
+proof-
+ have 0: "indices_of a = {..<n}"
+ using assms cartesian_power_car_memE indices_of_def
+ by blast
+ have 1: "length (tl a) = n - 1"
+ using assms cartesian_power_car_memE length_tl
+ by blast
+ have 2: "length (tl a) = length (project_at_indices {1::nat..<n} a)"
+ using 0 assms cartesian_power_car_memE[of a R n] proj_at_index_list_length[of "{1::nat..<n}" a]
+ by (metis "1" atLeastLessThan_iff card_atLeastLessThan lessThan_iff subsetI)
+ have "\<And>i. i < n - 1 \<Longrightarrow> (tl a) ! i = (project_at_indices {1::nat..<n} a) ! i"
+ using project_at_indices_consecutive_indices'[of 1 n n a R] assms
+ by (metis "1" One_nat_def Suc_leI le_add_diff_inverse2 le_numeral_extra(4)
+ linorder_neqE_nat nat_add_left_cancel_le nat_diff_split_asm not_less0 nth_tl plus_1_eq_Suc)
+ then show ?thesis
+ by (metis "1" "2" nth_equalityI)
+qed
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Function Rings on Cartesian Powers\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>Complement operator\<close>
+
+definition ring_pow_comp :: "('a, 'b) ring_scheme \<Rightarrow> arity \<Rightarrow> 'a tuple set \<Rightarrow> 'a tuple set" where
+"ring_pow_comp R n S \<equiv> carrier (R\<^bsup>n\<^esup>) - S"
+
+lemma ring_pow_comp_closed:
+"ring_pow_comp R n S \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ by (simp add: ring_pow_comp_def)
+
+lemma ring_pow_comp_disjoint:
+"ring_pow_comp R n S \<inter> S = {}"
+ by (simp add: ring_pow_comp_def inf_sup_aci(1))
+
+lemma ring_pow_comp_union:
+ assumes "S \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ shows "(ring_pow_comp R n S) \<union> S = carrier (R\<^bsup>n\<^esup>)"
+ by (metis ring_pow_comp_def Un_Diff_cancel2 assms sup.absorb_iff1)
+
+lemma ring_pow_comp_carrier:
+"ring_pow_comp R n (carrier (R\<^bsup>n\<^esup>)) = {}"
+ by (simp add: ring_pow_comp_def)
+
+lemma ring_pow_comp_empty:
+"ring_pow_comp R n {} = (carrier (R\<^bsup>n\<^esup>)) "
+ by (simp add: ring_pow_comp_def)
+
+lemma ring_pow_comp_demorgans:
+ assumes "A \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ assumes "B \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ shows "ring_pow_comp R n (A \<union> B) = (ring_pow_comp R n A) \<inter> (ring_pow_comp R n B)"
+ by (simp add: ring_pow_comp_def Diff_Un )
+
+lemma ring_pow_comp_demorgans':
+ assumes "A \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ assumes "B \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ shows "ring_pow_comp R n (A \<inter> B) = (ring_pow_comp R n A) \<union> (ring_pow_comp R n B)"
+ by (simp add: ring_pow_comp_def Diff_Int)
+
+lemma ring_pow_comp_inv:
+ assumes "A \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ shows "ring_pow_comp R n (ring_pow_comp R n A) = A"
+ by (simp add: ring_pow_comp_def assms double_diff)
+
+text\<open>The function ring defined on the powers of a ring:\<close>
+abbreviation(input) ring_pow_function_ring ("Fun\<^bsub>_\<^esub> _") where
+"ring_pow_function_ring n R \<equiv> function_ring (carrier (R\<^bsup>n\<^esup>)) R"
+
+text \<open>
+ Partial function application. Given a function $f(x_1, \dots, x_{n+1})$, an index $i$ and a
+ point $a \in \text{carrier R}$ returns the function
+ $(x_1,..,x_n) \mapsto f(x_1, \dots, x_{i-1}, a, x_i, \dots, x_n)$ \<close>
+
+lemma ring_pow_function_ring_car_memE:
+ assumes "f \<in> carrier (Fun\<^bsub>n\<^esub> R)"
+ shows "f \<in> extensional (carrier (R\<^bsup>n\<^esup>))"
+ "f \<in> carrier (R\<^bsup>n\<^esup>) \<rightarrow> carrier R"
+ using ring_functions.function_ring_car_memE[of R f "carrier (R\<^bsup>n\<^esup>)"] assms
+ unfolding ring_functions_def
+ using function_ring_def partial_object.select_convs(1) apply (metis PiE_iff)
+ using Int_iff assms PiE_iff function_ring_def partial_object.select_convs(1)
+ by (simp add: PiE_iff function_ring_def)
+
+definition partial_eval :: "('a, 'b) ring_scheme \<Rightarrow> arity \<Rightarrow> nat \<Rightarrow> ('a list \<Rightarrow> 'a) \<Rightarrow> 'a \<Rightarrow> ('a list \<Rightarrow> 'a)" where
+"partial_eval R m n f c = restrict (\<lambda> as. f (insert_at_index as c n)) (carrier (R\<^bsup>m\<^esup>))"
+
+context ring
+begin
+
+lemma function_ring_car_mem_closed:
+ assumes "f \<in> carrier (function_ring S R)"
+ assumes "s \<in> S"
+ shows "f s \<in> carrier R"
+ using assms unfolding function_ring_def ring_record_simps by blast
+
+lemma function_ring_car_mem_closed':
+ assumes "f \<in> carrier (Fun\<^bsub>Suc k\<^esub> R)"
+ assumes "s \<in> carrier (R\<^bsup>Suc k\<^esup>)"
+ shows "f s \<in> carrier R"
+ using assms unfolding function_ring_def ring_record_simps by blast
+
+lemma(in ring) partial_eval_domain:
+ assumes "f \<in> carrier (Fun\<^bsub>Suc k\<^esub> R)"
+ assumes "a \<in> carrier R"
+ assumes "n \<le>k"
+ shows "(partial_eval R k n f a) \<in> carrier (Fun\<^bsub>k\<^esub> R)"
+ apply(rule ring_functions.function_ring_car_memI)
+proof-
+ show "\<And>x. x \<in> carrier (R\<^bsup>k\<^esup>) \<Longrightarrow> (partial_eval R k n f a) x \<in> (carrier R)"
+ proof-
+ fix x
+ assume A: "x \<in> carrier (R\<^bsup>k\<^esup>)"
+ show "(partial_eval R k n f a) x \<in> (carrier R)"
+ proof(cases "n = k")
+ case True
+ then have "(partial_eval R k n f a) x = f (insert_at_index x a n)"
+ by (metis (no_types, lifting) A restrict_apply' partial_eval_def)
+ then show "(partial_eval R k n f a) x \<in> carrier R"
+ using insert_at_index_closed[of x k R a n] assms ring_functions.function_ring_car_memE[of R]
+ unfolding ring_functions_def
+ by (smt A cartesian_power_car_memE funcset_carrier ring_pow_function_ring_car_memE(2))
+
+ next
+ case False
+ then have F0: "(partial_eval R k n f a) x = f (insert_at_index x a n)"
+ unfolding partial_eval_def
+ using assms
+ by (meson A restrict_apply')
+ have F1: "(insert_at_index x a n) \<in> carrier (R\<^bsup>Suc k\<^esup>)"
+ using A assms insert_at_index_closed[of x k R a n] cartesian_power_car_memE
+ by blast
+ show "(partial_eval R k n f a) x \<in> carrier R"
+ unfolding F0 apply(rule function_ring_car_mem_closed[of f "carrier (R\<^bsup>Suc k\<^esup>)"])
+ apply (simp add: assms(1))
+ by(rule F1)
+ qed
+ qed
+ show "\<And>x. x \<notin> carrier (R\<^bsup>k\<^esup>) \<Longrightarrow> (partial_eval R k n f a) x = undefined"
+ proof-
+ fix x
+ assume "x \<notin> carrier (R\<^bsup>k\<^esup>)"
+ show "(partial_eval R k n f a) x = undefined"
+ unfolding partial_eval_def
+ by (meson \<open>x \<notin> carrier (R\<^bsup>k\<^esup>)\<close> restrict_apply)
+ qed
+ show "ring_functions R"
+ unfolding ring_functions_def
+ by (simp add: ring_axioms)
+qed
+
+text\<open>Pullbacks preserve ring power functions\<close>
+
+lemma fun_struct_maps:
+"struct_maps (R\<^bsup>n\<^esup>) R = carrier (Fun\<^bsub>n\<^esub> R)"
+proof
+ show "struct_maps (R\<^bsup>n\<^esup>) R \<subseteq> carrier Fun\<^bsub>n\<^esub> R"
+ by (smt function_ring_car_memI struct_maps_memE(1) struct_maps_memE(2) subsetI)
+ show "carrier (Fun\<^bsub>n\<^esub> R) \<subseteq> struct_maps (R\<^bsup>n\<^esup>) R"
+ using struct_maps_memI ring_functions.function_ring_car_memE
+ by (smt function_ring_car_mem_closed ring_axioms ring_functions.function_ring_not_car ring_functions.intro subsetI)
+qed
+
+lemma pullback_fun_closed:
+ assumes "f \<in> struct_maps (R\<^bsup>n\<^esup>) (R\<^bsup>m\<^esup>)"
+ assumes "g \<in> carrier (Fun\<^bsub>m\<^esub> R)"
+ shows "pullback (R\<^bsup>n\<^esup>) f g \<in> carrier (Fun\<^bsub>n\<^esub> R)"
+ using assms(1) assms(2) fun_struct_maps pullback_closed by blast
+
+end
+
+
+text\<open>Includes $R^{|S|}$ into $R^n$ by pulling back along the projection $R^n \mapsto R^{|S|}$ at indices $S$ \<close>
+
+context ring
+begin
+
+definition(in ring) ring_pow_inc :: " (nat set) \<Rightarrow> arity \<Rightarrow> ('a tuple \<Rightarrow> 'a) => ('a tuple \<Rightarrow> 'a) " where
+"ring_pow_inc S n f = pullback (R\<^bsup>n\<^esup>) (\<pi>\<^bsub>n,S\<^esub>) f"
+
+lemma ring_pow_inc_is_fun:
+ assumes "S \<subseteq> {..<n}"
+ assumes "f \<in> carrier (Fun\<^bsub>card S\<^esub> R)"
+ shows "ring_pow_inc S n f \<in> carrier (Fun\<^bsub>n\<^esub> R)"
+ by (metis assms(1) assms(2) ring_pow_proj_is_map pullback_fun_closed ring_pow_inc_def)
+
+text\<open>The "standard" inclusion of powers of function rings into one another\<close>
+
+abbreviation(input) std_proj:: "nat \<Rightarrow> nat \<Rightarrow> ('a list) \<Rightarrow> ('a list)" where
+"std_proj n m \<equiv> ring_pow_proj n ({..<m}) "
+
+lemma std_proj_id:
+ assumes "m \<le> n"
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "i < m"
+ shows "std_proj n m as ! i = as ! i"
+proof-
+ have "{..<m} \<subseteq> indices_of as"
+ using assms cartesian_power_car_memE unfolding indices_of_def
+ by blast
+ thus ?thesis
+ unfolding ring_pow_proj_def
+ using assms nth_elem_upto[of i m]
+ project_at_indices_nth[of "{..<m}" as i]
+ by (metis card_lessThan restrict_apply)
+qed
+
+abbreviation(input) std_inc:: "nat \<Rightarrow> nat \<Rightarrow> ('a list \<Rightarrow> 'a) => ('a list \<Rightarrow> 'a)" where
+"std_inc n m f \<equiv> ring_pow_inc ({..<m}) n f"
+
+lemma std_proj_is_map[simp]:
+ assumes "m \<le> n"
+ shows "std_proj n m \<in> struct_maps (R\<^bsup>n\<^esup>) (R\<^bsup>m\<^esup>)"
+ by (metis assms card_lessThan lessThan_subset_iff ring_pow_proj_is_map)
+
+end
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Coordinate Functions\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+definition var :: "('a, 'b) ring_scheme \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> ('a list \<Rightarrow> 'a)" where
+"var R n i = restrict (\<lambda>x. x!i) (carrier (R\<^bsup>n\<^esup>))"
+
+context ring
+begin
+
+lemma var_in_car:
+ assumes "i < n"
+ shows "var R n i \<in> carrier (Fun\<^bsub>n\<^esub> R)"
+ apply(rule function_ring_car_memI)
+ unfolding var_def
+ apply (metis assms cartesian_power_car_memE' restrict_apply')
+ by (meson restrict_apply)
+
+
+lemma varE[simp]:
+ assumes "i < n"
+ assumes "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "var R n i x = x ! i"
+ unfolding var_def
+ using assms(2)
+ by (meson restrict_apply')
+
+lemma std_inc_of_var:
+ assumes "i < n"
+ assumes "n \<le>m"
+ shows "std_inc m n (var R n i) = (var R m i)"
+ apply(rule ext)
+proof-
+ fix x
+ show "std_inc m n (var R n i) x = var R m i x"
+ apply(cases "x \<in> carrier (R\<^bsup>m\<^esup> )")
+ proof-
+ show "x \<in> carrier (R\<^bsup>m\<^esup>) \<Longrightarrow> std_inc m n (var R n i) x = var R m i x"
+ proof-
+ assume A: "x \<in> carrier (R\<^bsup>m\<^esup>)"
+ have "(restrict (project_at_indices ({..<n})) (carrier (R\<^bsup>m\<^esup>))) x = ((project_at_indices ({..<n})) x)"
+ by (meson A restrict_apply')
+ then have B: "std_inc m n (var R n i) x = (var R n i) ((project_at_indices ({..<n})) x)"
+ unfolding ring_pow_inc_def ring_pow_proj_def pullback_def
+ by (metis A compose_eq)
+ have C: "var R m i x = x ! i"
+ by (metis A assms(1) assms(2) le_iff_add trans_less_add1 varE)
+ show "std_inc m n (var R n i) x = var R m i x"
+ by (metis A B C assms(1) assms(2) project_at_indices_ring_pow_proj std_proj_id std_proj_is_map struct_maps_memE(1) varE)
+ qed
+ show "x \<notin> carrier (R\<^bsup>m\<^esup>) \<Longrightarrow> std_inc m n (var R n i) x = var R m i x"
+ by (metis (mono_tags, lifting) assms(1) assms(2) card_lessThan lessThan_subset_iff less_SucI ring_axioms nat_induct_at_least ring.fun_struct_maps ring_pow_inc_is_fun struct_maps_memE(2) var_in_car)
+ qed
+qed
+
+abbreviation variable ("\<vv>\<^bsub>_\<^esub>") where
+"variable n i \<equiv> var R n i"
+
+end
+
+definition var_set :: "('a, 'b) ring_scheme \<Rightarrow> nat \<Rightarrow> ('a list \<Rightarrow> 'a) set" where
+"var_set R n = var R n ` {..<n}"
+
+lemma var_setE:
+ assumes "f \<in> var_set R n"
+ obtains i where "f = var R n i \<and> i \<in> {..<n}"
+ by (metis assms imageE that var_set_def)
+
+lemma var_setI:
+ assumes "i \<in> {..<n}"
+ assumes "f = var R n i"
+ shows "f \<in> var_set R n"
+ using assms(1) assms(2) var_set_def
+ by blast
+
+context ring
+begin
+
+lemma var_set_in_fun_ring_car:
+ shows "var_set R n \<subseteq> carrier Fun\<^bsub>n\<^esub> R"
+proof
+ fix x
+ assume "x \<in> var_set R n"
+ then obtain i where i_def: "i \<in> {..<n} \<and> x = var R n i"
+ unfolding var_set_def
+ by blast
+ have "i < n"using i_def
+ using atLeastLessThan_iff by blast
+ then show "x \<in> carrier Fun\<^bsub>n\<^esub> R"
+ using i_def var_in_car by blast
+qed
+
+
+
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Graphs of functions\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+definition fun_graph:: "('a, 'b) ring_scheme \<Rightarrow> nat \<Rightarrow> ('a list \<Rightarrow> 'a) \<Rightarrow> 'a list set" where
+"fun_graph R n f = {as. (\<exists>x \<in> carrier (R\<^bsup>n\<^esup>). as = x @ [f x])}"
+
+context ring
+begin
+
+lemma function_ring_car_memE:
+ assumes "f \<in> carrier (Fun\<^bsub>n\<^esub> R)"
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "f a \<in> carrier R"
+ using ring_functions.function_ring_car_memE(1)[of R f]
+ unfolding ring_functions_def
+ by (meson assms(1) assms(2) ring_axioms function_ring_car_mem_closed ring_functions_def)
+
+lemma graph_range:
+ assumes "f \<in> carrier (Fun\<^bsub>n\<^esub> R)"
+ shows "fun_graph R n f \<subseteq> carrier (R\<^bsup>Suc n\<^esup> )"
+proof
+ fix x
+ assume x_def: "x \<in> fun_graph R n f"
+ obtain a where a_def: "a \<in> carrier (R\<^bsup>n\<^esup>) \<and> x = a@[f a]"
+ using x_def fun_graph_def
+ by (smt mem_Collect_eq)
+ have f_closed: "f a \<in> carrier R"
+ using assms function_ring_car_memE a_def
+ by blast
+ show "x \<in> carrier (R\<^bsup>Suc n\<^esup> )"
+ proof(rule cartesian_power_car_memI)
+ show "length x = Suc n"
+ using x_def a_def cartesian_power_car_memE[of a R n]
+ by (metis length_append_singleton)
+ have "set x = insert (f a) (set a)"
+ using a_def
+ by (metis Un_insert_right append_Nil2 list.simps(15) set_append)
+ thus "set x \<subseteq> carrier R"
+ using a_def
+ by (metis cartesian_power_car_memE'' f_closed insert_subset)
+ qed
+qed
+
+lemma fun_graph_memE:
+ assumes "f \<in> carrier (Fun\<^bsub>n\<^esub> R)"
+ assumes "p \<in> fun_graph R n f"
+ shows "(take n p) \<in> carrier (R\<^bsup>n\<^esup>)"
+ using assms unfolding fun_graph_def
+ by (metis (no_types, lifting) assms(2) graph_range le_add2 plus_1_eq_Suc subsetD take_closed)
+
+lemma fun_graph_memE':
+ assumes "f \<in> carrier (Fun\<^bsub>n\<^esub> R)"
+ assumes "p \<in> fun_graph R n f"
+ shows "f (take n p) = p!n"
+ using assms
+ unfolding fun_graph_def
+ by (smt Cons_nth_drop_Suc append_take_drop_id assms(2) butlast_snoc cartesian_power_car_memE
+ drop_all graph_range last_snoc le_Suc_eq lessI mem_Collect_eq subsetD)
+
+text\<open>
+ apply a function f to the tuple consisting of the first n indices, leaving the remaining indices
+ unchanged
+\<close>
+
+definition partial_image :: "arity \<Rightarrow> ('c list \<Rightarrow> 'c) \<Rightarrow> 'c list \<Rightarrow> 'c list" where
+"partial_image n f as = (f (take n as)) # (drop n as) "
+
+lemma partial_image_range:
+ assumes "f \<in> carrier (Fun\<^bsub>n\<^esub> R)"
+ assumes "m \<ge> n"
+ assumes "as \<in> carrier (R\<^bsup>m\<^esup>)"
+ shows "partial_image n f as \<in> carrier (R\<^bsup>m - n + 1\<^esup>)"
+proof(cases "m = n")
+ case True
+ then have "f (take n as) = f as"
+ by (metis assms(2) assms(3) cartesian_power_car_memE take_all)
+ then have 0: "f (take n as) \<in> carrier R"
+ using True assms(1) assms(3) function_ring_car_memE by presburger
+ have 1: "(drop n as) = []"
+ using True assms(3) cartesian_power_car_memE drop_all by blast
+ then show ?thesis
+ unfolding partial_image_def
+ using 0 1
+ by (metis (no_types, lifting) One_nat_def assms(3) cartesian_power_car_memE
+ cartesian_power_car_memI empty_iff insert_iff length_drop list.set(1)
+ list.set(2) list.size(4) subsetI)
+next
+ case False
+ then have 0: "(drop n as) \<in> carrier (R\<^bsup>m - n\<^esup>)"
+ using assms drop_closed[of n m as R] le_neq_implies_less
+ by blast
+ have 1: "f (take n as) \<in> carrier R"
+ using assms(1) assms(2) assms(3) function_ring_car_memE take_closed by blast
+ show ?thesis
+ apply(rule cartesian_power_car_memI)
+ apply (metis "0" One_nat_def cartesian_power_car_memE list.size(4) partial_image_def)
+ by (smt "1" assms(3) cartesian_power_car_memE cartesian_power_car_memE' in_set_conv_nth
+ partial_image_def set_ConsD set_drop_subset subsetD subsetI)
+qed
+
+end
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+section\<open>Coordinate Rings on Cartesian Powers\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Basic Facts and Definitions\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+locale cring_coord_rings = UP_cring +
+ assumes one_neq_zero: "\<one> \<noteq> \<zero>"
+
+text\<open>coordinate polynomial ring in n variables over a commutative ring\<close>
+
+definition coord_ring :: "('a, 'b) ring_scheme \<Rightarrow> nat \<Rightarrow> ('a, ('a, nat) mvar_poly) module"
+ ("_ [\<X>\<^bsub>_\<^esub>]" 80) where "R[\<X>\<^bsub>n\<^esub>] \<equiv> Pring R {..< n::nat}"
+
+sublocale cring_coord_rings < cring_functions R "carrier (R\<^bsup>n\<^esup>)" "Fun\<^bsub>n\<^esub> R"
+ unfolding cring_functions_def ring_functions_def
+ apply (simp add: R.ring_axioms R_cring)
+ by simp
+
+sublocale cring_coord_rings < MP?: cring "R[\<X>\<^bsub>n\<^esub>]"
+ by (simp add: R.Pring_is_cring R_cring coord_ring_def)
+
+sublocale cring_coord_rings < F?: cring "Fun\<^bsub>n\<^esub> R"
+ by (simp add: function_ring_is_cring)
+
+context cring_coord_rings
+begin
+
+lemma coord_cring_cring:
+"cring (R[\<X>\<^bsub>n\<^esub>])" unfolding coord_ring_def
+ by (simp add: R.Pring_is_cring R_cring)
+
+text\<open>coordinate constant functions\<close>
+
+abbreviation(input) coord_const :: "'a \<Rightarrow> ('a, nat) mvar_poly" where
+"coord_const k \<equiv> ring.indexed_const R k"
+
+lemma coord_const_ring_hom:
+"ring_hom_ring R (R[\<X>\<^bsub>n\<^esub>]) coord_const"
+ unfolding coord_ring_def
+ apply(rule ring_hom_ringI)
+ apply (simp add: R.ring_axioms)
+ apply (simp add: R.Pring_is_ring)
+ apply (simp add: R.indexed_const_closed)
+ apply (simp add: R.indexed_const_mult)
+ apply (simp add: R.Pring_add R.indexed_padd_const)
+ by (simp add: R.Pring_one)
+
+text\<open>coordinate functions\<close>
+
+lemma pvar_closed:
+ assumes "i < n"
+ shows "pvar R i \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ unfolding var_to_IP_def
+proof-
+ have "set_mset {#i#} \<subseteq> {..<n}"
+ using assms
+ by simp
+ then show "mset_to_IP R {#i#} \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ by (simp add: R.ring_axioms coord_ring_def R.Pring_car ring.mset_to_IP_closed)
+qed
+
+text\<open>relationship between multiplciation by a variable and index multiplcation\<close>
+
+lemma pvar_indexed_pmult:
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "(p \<Otimes> i) = p \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> pvar R i"
+proof-
+ have "p \<in> Pring_set R {..<(n::nat)} "
+ using R.Pring_car assms
+ by (metis coord_ring_def)
+ then have "p \<in> Pring_set R (UNIV::nat set)"
+ using R.Pring_set_restrict
+ by blast
+ then show ?thesis
+ using assms R.poly_index_mult[of p UNIV i] unfolding var_to_IP_def
+ by (metis R.Pring_mult UNIV_I coord_ring_def)
+qed
+
+lemma coord_ring_cfs_closed:
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "p m \<in> carrier R"
+ using assms unfolding coord_ring_def
+ using R.Pring_carrier_coeff' by blast
+
+lemma coord_ring_plus:
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "Q \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "(p \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> Q) m = p m \<oplus> Q m"
+ using assms unfolding coord_ring_def
+ by (metis R.Pring_add R.indexed_padd_def)
+
+lemma coord_ring_uminus:
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "(\<ominus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> p) m = \<ominus> (p m)"
+ using assms unfolding coord_ring_def
+ using MP.add.inv_closed MP.minus_minus coord_ring_cfs_closed coord_ring_def
+ coord_ring_plus is_abelian_group R.is_cring
+ R.ring_axioms
+ by (metis P_ring_uminus_def R.Pring_a_inv assms)
+
+lemma coord_ring_minus:
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "Q \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "(p \<ominus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> Q) m = p m \<ominus> Q m"
+ using assms R.Pring_add[of _ p Q] coord_ring_cfs_closed
+ unfolding indexed_padd_def coord_ring_def a_minus_def
+ by (metis (no_types, lifting) MP.add.inv_closed coord_ring_def coord_ring_plus
+ cring_coord_rings.coord_ring_uminus cring_coord_rings_axioms)
+
+lemma coord_ring_one:
+"\<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> m = (if m = {#} then \<one> else \<zero>)"
+ by (metis R.Pring_one coord_ring_def R.indexed_const_def)
+
+lemma coord_ring_zero:
+"\<zero>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> m = \<zero>"
+ by (metis MP.minus_zero MP.r_zero MP.zero_closed R_cring coord_ring_cfs_closed coord_ring_plus coord_ring_uminus cring.cring_simprules(17))
+
+text\<open>Evaluation of a polynomial at a point\<close>
+
+end
+
+abbreviation(input) point_to_eval_map where
+"point_to_eval_map R as \<equiv> (\<lambda>i. (if i< length as then as ! i else \<zero>\<^bsub>R\<^esub>))"
+
+definition eval_at_point :: "('a, 'b) ring_scheme \<Rightarrow> 'a list \<Rightarrow> ('a, nat) mvar_poly \<Rightarrow> 'a" where
+"eval_at_point R as p \<equiv> total_eval R (\<lambda>i. (if i< length as then as ! i else \<zero>\<^bsub>R\<^esub>)) p"
+
+
+lemma(in cring_coord_rings) eval_at_point_factored:
+"eval_at_point R as p = total_eval R (point_to_eval_map R as) p"
+ using eval_at_point_def by blast
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Total Evaluation of a Polynomial\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+abbreviation(input) eval_at_poly where
+"eval_at_poly R p as \<equiv> eval_at_point R as p"
+
+
+text\<open>evaluation of coordinate polynomials\<close>
+
+context cring_coord_rings
+begin
+
+lemma eval_at_point_closed:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "eval_at_point R a p \<in> carrier R"
+proof-
+ have 0: "R.indexed_pset ({..<n}- UNIV) (carrier R) \<subseteq> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ unfolding coord_ring_def
+ by (simp add: R.Pring_car R.Pring_carrier_subset)
+ have 1 : "poly_eval R UNIV (\<lambda>i. if i < length a then a ! i else \<zero>) p \<in> R.indexed_pset ({..<n}- UNIV) (carrier R)"
+ by (smt R.Pring_car R.closed_funI R.poly_eval_closed R.zero_closed assms(1) assms(2) cartesian_power_car_memE cartesian_power_car_memE' coord_ring_def)
+ hence 2: "poly_eval R UNIV (\<lambda>i. if i < length a then a ! i else \<zero>) p \<in>carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using 0 by blast
+ show ?thesis
+ unfolding eval_at_point_def total_eval_def eval_in_ring_def
+ using 1 R.Pring_car R.Pring_cfs_closed cartesian_power_car_memE cartesian_power_car_memE' R.closed_funI coord_ring_def R.zero_closed
+ by blast
+qed
+
+lemma eval_pvar:
+ assumes "i < (n::nat)"
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "eval_at_point R a (pvar R i) = a!i"
+ unfolding eval_at_point_def
+proof-
+ have "pvar R i = \<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> \<Otimes> i"
+ unfolding var_to_IP_def
+ by (metis R.Pring_one coord_ring_def R.monom_add_mset R.one_mset_to_IP)
+ then show "total_eval R (\<lambda>i. if i < length a then a ! i else \<zero>) (pvar R i) = a ! i"
+ using assms R.total_eval_var[of "(\<lambda>i. (if i< length a then a ! i else \<zero>\<^bsub>R\<^esub>))" i ]
+ by (smt cartesian_power_car_memE cartesian_power_car_memE' R.closed_funI var_to_IP_def R.zero_closed)
+qed
+
+lemma eval_at_point_const:
+ assumes "k \<in> carrier R"
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "eval_at_point R a (R.indexed_const k) = k"
+ unfolding eval_at_point_def
+ using assms(1) R.total_eval_const by blast
+
+lemma eval_at_point_add:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "A \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "B \<in> carrier (coord_ring R n)"
+ shows "eval_at_point R a (A \<oplus>\<^bsub>coord_ring R n\<^esub> B) =
+ eval_at_point R a A \<oplus>\<^bsub>R\<^esub> eval_at_point R a B"
+ unfolding eval_at_point_def
+ using R.total_eval_add[of A "{..<n}" B]
+ by (smt assms(1) assms(2) assms(3) cartesian_power_car_memE cartesian_power_car_memE' R.closed_funI coord_ring_def R.zero_closed)
+
+lemma eval_at_point_mult:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "A \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "B \<in> carrier ((R[\<X>\<^bsub>n\<^esub>]))"
+ shows "eval_at_point R a (A \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> B) =
+ eval_at_point R a A \<otimes>\<^bsub>R\<^esub> eval_at_point R a B"
+ unfolding eval_at_point_def
+ using R.total_eval_mult[of A "{..<n}" B]
+ by (smt assms(1) assms(2) assms(3) cartesian_power_car_memE cartesian_power_car_memE' R.closed_funI coord_ring_def R.zero_closed)
+
+lemma eval_at_point_indexed_pmult:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "A \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "i < n"
+ shows "eval_at_point R a (A \<Otimes> i) =
+ eval_at_point R a A \<otimes>\<^bsub>R\<^esub> (a!i)"
+proof-
+ have "(A \<Otimes> i) = A \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> (pvar R i)"
+ using assms(2) pvar_indexed_pmult by blast
+ then show ?thesis
+ using assms eval_at_point_mult eval_pvar pvar_closed
+ by presburger
+qed
+
+lemma eval_at_point_ring_hom:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "ring_hom_ring (coord_ring R I) R (eval_at_point R a)"
+ unfolding eval_at_point_def
+ using R.total_eval_ring_hom
+ by (smt assms cartesian_power_car_memE cartesian_power_car_memE' R.closed_funI coord_ring_def R.zero_closed)
+
+lemma eval_at_point_scalar_mult:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "A \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "k \<in> carrier R"
+ shows "eval_at_point R a (poly_scalar_mult R k A) = k \<otimes>\<^bsub>R\<^esub> (eval_at_point R a A)"
+ using assms unfolding eval_at_point_def total_eval_def eval_in_ring_def
+ using R.poly_eval_scalar_mult[of k "(\<lambda>i. if i < length a then a ! i else \<zero>)" A "{..<n}" UNIV]
+ poly_scalar_mult_def
+ by (smt R.Pring_car cartesian_power_car_memE cartesian_power_car_memE' R.closed_funI coord_ring_def R.zero_closed)
+
+lemma eval_at_point_smult:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "A \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "k \<in> carrier R"
+ shows "eval_at_point R a (k \<odot>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> A) = k \<otimes>\<^bsub>R\<^esub> (eval_at_point R a A)"
+ by (metis R.Pring_smult assms(1) assms(2) assms(3) coord_ring_def eval_at_point_scalar_mult)
+
+lemma eval_at_point_subtract:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "A \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "B \<in> carrier (coord_ring R n)"
+ shows "eval_at_point R a (A \<ominus>\<^bsub>coord_ring R n\<^esub> B) =
+ eval_at_point R a A \<ominus>\<^bsub>R\<^esub> eval_at_point R a B"
+ using assms eval_at_point_add[of a n A "\<ominus>\<^bsub>coord_ring R n\<^esub> B"]
+ abelian_group.a_inv_closed[of "R[\<X>\<^bsub>n\<^esub>]" B]
+ unfolding a_minus_def
+ abelian_group.a_inv_closed abelian_group.minus_minus abelian_group.r_neg1 abelian_groupE(1) abelian_groupE(4) coord_cring_cring cring_def eval_at_point_add eval_at_point_closed is_abelian_group ring_def
+ by (smt MP.add.inv_closed MP.l_neg MP.r_zero MP.zero_closed R.add.inv_closed R.add.m_assoc R.l_neg R.r_zero R.zero_closed eval_at_point_add eval_at_point_closed)
+
+lemma eval_at_point_a_inv:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "B \<in> carrier (coord_ring R n)"
+ shows "eval_at_point R a (\<ominus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> B) = \<ominus>\<^bsub>R\<^esub> eval_at_point R a B"
+ using assms eval_at_point_subtract[of a n "\<zero>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>" B]
+ by (smt MP.add.inv_eq_1_iff MP.l_zero MP.minus_add MP.zero_closed R.is_abelian_group R.r_neg R.r_neg2 a_minus_def abelian_group.a_inv_closed abelian_groupE(4) eval_at_point_add eval_at_point_closed)
+
+lemma eval_at_point_nat_pow:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "A \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "eval_at_point R a (A[^]\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>(k::nat)) = (eval_at_point R a A)[^]k"
+ apply(induction k)
+ apply (metis Group.nat_pow_0 R.Pring_one assms(1) coord_ring_def eval_at_point_const R.one_closed)
+proof- fix k::nat assume IH: "eval_at_poly R (A [^]\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> k) a = eval_at_poly R A a [^] k"
+ have "A [^]\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> Suc k = A [^]\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> k \<otimes>\<^bsub>(R[\<X>\<^bsub>n\<^esub>])\<^esub> A"
+ using MP.nat_pow_Suc by blast
+ then have "eval_at_poly R (A [^]\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> Suc k) a =
+ eval_at_poly R (A [^]\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> k) a \<otimes> eval_at_poly R A a"
+ using monoid.nat_pow_closed[of "(R[\<X>\<^bsub>n\<^esub>])" A k] eval_at_point_mult[of a n "A [^]\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> k" A] assms
+ by (metis R.Pring_is_monoid coord_ring_def)
+ then show " eval_at_poly R (A [^]\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> Suc k) a = eval_at_poly R A a [^] Suc k"
+ using IH R.nat_pow_Suc
+ by auto
+qed
+
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Partial Evaluation of a Polynomial\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+
+definition coord_partial_eval ::
+ "('a, 'b) ring_scheme \<Rightarrow> nat set \<Rightarrow> 'a list \<Rightarrow> ('a, nat) mvar_poly \<Rightarrow> ('a, nat) mvar_poly" where
+"coord_partial_eval R S as = poly_eval R S (point_to_eval_map R as)"
+
+context cring_coord_rings
+begin
+
+lemma point_to_eval_map_closed:
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "closed_fun R (point_to_eval_map R as)"
+ using assms
+ by (smt cartesian_power_car_memE cartesian_power_car_memE' R.closed_funI R.zero_closed)
+
+lemma coord_partial_eval_hom:
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "coord_partial_eval R S as \<in> ring_hom (R[\<X>\<^bsub>n\<^esub>]) (R[\<X>\<^bsub>n\<^esub>])"
+ unfolding coord_partial_eval_def
+ using point_to_eval_map_closed[of as n] assms
+ R.poly_eval_ring_hom[of "{..<n}" "{..<n}" "point_to_eval_map R as" S]
+ by (metis (mono_tags, lifting) Diff_subset coord_ring_def order_refl ring_hom_ring.homh)
+
+lemma coord_partial_eval_hom':
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "coord_partial_eval R S as \<in> ring_hom (R[\<X>\<^bsub>n\<^esub>]) (Pring R ({..<n} - S))"
+ unfolding coord_partial_eval_def
+ using point_to_eval_map_closed[of as n] assms
+ R.poly_eval_ring_hom[of "{..<n} - S" "{..<n}" "point_to_eval_map R as" S]
+ by (metis (no_types, lifting) Diff_subset coord_ring_def order_refl ring_hom_ring.homh)
+
+lemma coord_partial_eval_closed:
+ assumes "S \<subseteq> {..<n}"
+ assumes "{..<n} - S \<subseteq> I"
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "coord_partial_eval R S as p \<in> carrier (Pring R I)"
+ unfolding coord_partial_eval_def
+ using R.poly_eval_closed[of "point_to_eval_map R as" p "{..<n}" S ] R.Pring_car[of I] R.Pring_carrier_subset
+ by (smt R.Pring_car assms(2) assms(3) assms(4) cartesian_power_car_memE cartesian_power_car_memE' R.closed_funI coord_ring_def subsetD R.zero_closed)
+
+lemma coord_partial_eval_add:
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "Q \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "coord_partial_eval R S as (p \<oplus>\<^bsub>(R[\<X>\<^bsub>n\<^esub>])\<^esub> Q) =
+ (coord_partial_eval R S as p) \<oplus>\<^bsub>(R[\<X>\<^bsub>n\<^esub>])\<^esub> (coord_partial_eval R S as Q)"
+ using assms R.poly_eval_add[of p "{..<n}" Q "(point_to_eval_map R as)" S] Pring_def[of R "{..<n}"]
+ point_to_eval_map_closed[of as n]
+ unfolding coord_partial_eval_def
+ by (metis R.Pring_add R.Pring_car coord_ring_def)
+
+lemma coord_partial_eval_mult:
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "Q \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "coord_partial_eval R S as (p \<otimes>\<^bsub>(R[\<X>\<^bsub>n\<^esub>])\<^esub> Q) =
+ (coord_partial_eval R S as p) \<otimes>\<^bsub>(R[\<X>\<^bsub>n\<^esub>])\<^esub> (coord_partial_eval R S as Q)"
+ using assms R.poly_eval_mult[of p "{..<n}" Q "(point_to_eval_map R as)" S] Pring_def[of R "{..<n}"]
+ point_to_eval_map_closed[of as n]
+ unfolding coord_partial_eval_def
+ by (metis R.Pring_car R.Pring_mult coord_ring_def)
+
+lemma coord_partial_eval_pvar:
+ assumes "\<one> \<noteq> \<zero>"
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "i \<in> S \<inter> {..<n}"
+ shows "coord_partial_eval R S as (pvar R i) = coord_const (as!i)"
+proof-
+ have 0: "i \<in> S" using assms
+ by blast
+ have "i < length as"
+ by (metis IntD2 assms(2) assms(3) cartesian_power_car_memE lessThan_iff)
+ then have "(point_to_eval_map R as i) = as!i"
+ by presburger
+ then show ?thesis
+ unfolding coord_partial_eval_def var_to_IP_def
+ using 0 assms point_to_eval_map_closed[of as n]
+ R.poly_eval_index[of "point_to_eval_map R as" S i ]
+ by presburger
+qed
+
+lemma coord_partial_eval_pvar':
+ assumes "\<one> \<noteq> \<zero>"
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "i \<notin> S"
+ shows "coord_partial_eval R S as (pvar R i) = (pvar R i)"
+ unfolding coord_partial_eval_def
+ using R.poly_eval_index[of "point_to_eval_map R as" S i ]
+ by (smt assms(1) assms(2) assms(3) cartesian_power_car_memE cartesian_power_car_memE' R.closed_funI var_to_IP_def R.zero_closed)
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>An induction rule for coordinate rings\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+lemma coord_ring_induct:
+ assumes "A \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "\<And>a. a \<in> carrier R \<Longrightarrow> p (coord_const a)"
+ assumes "\<And>i Q. Q \<in> carrier (R[\<X>\<^bsub>n\<^esub>]) \<Longrightarrow> p Q \<Longrightarrow> i < n \<Longrightarrow> p (Q \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>pvar R i)"
+ assumes "\<And>Q0 Q1. Q0 \<in> carrier (R[\<X>\<^bsub>n\<^esub>]) \<Longrightarrow> Q1 \<in> carrier (R[\<X>\<^bsub>n\<^esub>]) \<Longrightarrow> p Q0 \<Longrightarrow> p Q1 \<Longrightarrow> p (Q0 \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> Q1)"
+ shows "p A"
+ apply(rule R.indexed_pset.induct[of A "{..<n}" "carrier R"])
+ using R.Pring_car assms(1)
+ apply (metis coord_ring_def)
+ using assms(2) apply blast
+ apply (metis (full_types) R.Pring_add R.Pring_car assms(4) coord_ring_def)
+proof-
+ fix a i
+ assume "a \<in> Pring_set R {..<n}"
+ then have 0: "a \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using R.Pring_car
+ by (simp add: \<open>\<And>I. carrier (Pring R I) = Pring_set R I\<close> \<open>a \<in> Pring_set R {..<n}\<close> coord_ring_def)
+ assume 1: "p a"
+ assume "i \<in> {..< n}"
+ then have 2: "i < n"
+ using assms
+ by blast
+ have "p (a \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>pvar R i)"
+ using "0" "1" "2" assms(3) by blast
+ then show "p (a \<Otimes> i)"
+ using "0" pvar_indexed_pmult
+ by presburger
+qed
+
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Algebraic Sets in Cartesian Powers\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+ (**********************************************************************)
+ (**********************************************************************)
+ subsubsection\<open>The Zero Set of a Single Polynomial\<close>
+ (**********************************************************************)
+ (**********************************************************************)
+definition zero_set :: "('a, 'b) ring_scheme \<Rightarrow> nat \<Rightarrow> ('a, nat) mvar_poly \<Rightarrow> 'a list set"
+ ("V\<index>") where
+"zero_set R n p = {a \<in> carrier (R\<^bsup>n\<^esup>). eval_at_point R a p =\<zero>\<^bsub>R\<^esub>}"
+
+context cring_coord_rings
+begin
+
+lemma zero_setI:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "eval_at_point R a p =\<zero>\<^bsub>R\<^esub>"
+ shows "a \<in> zero_set R n p"
+ using assms
+ by (metis (mono_tags, lifting) mem_Collect_eq zero_set_def)
+
+lemma zero_setE:
+ assumes "a \<in> zero_set R n p"
+ shows "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ "eval_at_point R a p =\<zero>\<^bsub>R\<^esub>"
+ using assms zero_set_def
+ apply blast
+ by (metis (mono_tags, lifting) assms mem_Collect_eq zero_set_def)
+
+lemma zero_set_closed:
+ "zero_set R n p \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+unfolding zero_set_def
+ by blast
+
+end
+
+ (**********************************************************************)
+ (**********************************************************************)
+ subsubsection\<open>The Zero Set of a Collection of Polynomials\<close>
+ (**********************************************************************)
+ (**********************************************************************)
+definition affine_alg_set :: "('a, 'b) ring_scheme \<Rightarrow> nat \<Rightarrow> ('a, nat) mvar_poly set \<Rightarrow> 'a list set"
+ where "affine_alg_set R n as = {a \<in> carrier (R\<^bsup>n\<^esup>). \<forall> b \<in> as. a \<in> (zero_set R n b)}"
+
+context cring_coord_rings
+begin
+
+lemma affine_alg_set_empty:
+"affine_alg_set R n {} = carrier (R\<^bsup>n\<^esup>)"
+ unfolding affine_alg_set_def by blast
+
+lemma affine_alg_set_subset_zero_set:
+ assumes "b \<in> as"
+ shows " affine_alg_set R n as \<subseteq> (zero_set R n b)"
+ using assms affine_alg_set_def
+ by blast
+
+lemma(in cring_coord_rings) affine_alg_set_memE:
+ assumes "b \<in> as"
+ assumes "a \<in> affine_alg_set R n as"
+ shows "eval_at_poly R b a = \<zero>"
+ using affine_alg_set_subset_zero_set zero_set_def assms(1) assms(2)
+ by blast
+
+lemma affine_alg_set_subset:
+ assumes "as \<subseteq> bs"
+ shows " affine_alg_set R n bs \<subseteq> affine_alg_set R n as "
+ using assms affine_alg_set_def
+ by blast
+
+lemma affine_alg_set_empty_set:
+ assumes "as = {}"
+ shows " affine_alg_set R n as = carrier (R\<^bsup>n\<^esup>)"
+ unfolding affine_alg_set_def
+ using assms by blast
+
+lemma affine_alg_set_closed:
+ shows "affine_alg_set R n as \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ unfolding affine_alg_set_def
+ by blast
+
+lemma affine_alg_set_singleton:
+"affine_alg_set R n {a} = zero_set R n a"
+ unfolding affine_alg_set_def using zero_set_closed
+ by blast
+
+lemma affine_alg_set_insert:
+"affine_alg_set R n (insert a A) = zero_set R n a \<inter> (affine_alg_set R n A)"
+proof
+ show "affine_alg_set R n (insert a A) \<subseteq> V\<^bsub>R\<^esub> n a \<inter> affine_alg_set R n A"
+ using affine_alg_set_subset
+ by (metis Int_greatest affine_alg_set_subset_zero_set insertI1 subset_insertI)
+ show "V\<^bsub>R\<^esub> n a \<inter> affine_alg_set R n A \<subseteq> affine_alg_set R n (insert a A)"
+ unfolding affine_alg_set_def
+ by blast
+qed
+
+lemma affine_alg_set_intersect:
+"affine_alg_set R n (A \<union> B) = (affine_alg_set R n A) \<inter> (affine_alg_set R n B)"
+ unfolding affine_alg_set_def by blast
+
+lemma affine_alg_set_memI:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "\<And>p. p \<in> B \<Longrightarrow> eval_at_point R a p = \<zero>"
+ shows "a \<in> (affine_alg_set R n B)"
+ unfolding affine_alg_set_def zero_set_def
+ using assms
+ by blast
+
+lemma affine_alg_set_not_memE:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "a \<notin> (affine_alg_set R n B)"
+ shows "\<exists>b \<in> B. eval_at_poly R b a \<noteq> \<zero>"
+ using assms affine_alg_set_memI by blast
+
+
+ (**********************************************************************)
+ (**********************************************************************)
+ subsubsection\<open>Finite Unions and Intersections of Algebraic Sets are Algebraic\<close>
+ (**********************************************************************)
+ (**********************************************************************)
+text\<open>The product set of two sets in an arbitrary ring. That is, the set $\{ xy \mid x \in A \land y \in B \}$ for two sets $A$, $B$.\<close>
+definition(in ring) prod_set :: "'a set \<Rightarrow> 'a set \<Rightarrow> 'a set" where
+"prod_set as bs = (\<lambda>x. fst x \<otimes> snd x) ` (as \<times> bs)"
+
+lemma(in ring) prod_setI:
+ assumes "c \<in> prod_set as bs"
+ shows "\<exists>a \<in> as. \<exists>b \<in> bs. c = a \<otimes> b"
+proof-
+ obtain p where p_def: "p \<in> (as \<times> bs) \<and> c = fst p \<otimes> snd p"
+ using assms prod_set_def[of as bs]
+ by (metis (no_types, lifting) image_iff)
+ then show ?thesis
+ using mem_Times_iff by blast
+qed
+
+lemma(in ring) prod_set_closed:
+ assumes "as \<subseteq> carrier R"
+ assumes "bs \<subseteq> carrier R"
+ shows "prod_set as bs \<subseteq> carrier R"
+proof
+ fix x
+ assume " x \<in> prod_set as bs"
+ then obtain a b where "a \<in> as \<and> b \<in> bs \<and> x = a \<otimes> b"
+ by (meson ring_axioms ring.prod_setI)
+ then have "a \<in> carrier R \<and> b \<in> carrier R \<and> x = a \<otimes> b"
+ using assms
+ by blast
+ then show "x \<in> carrier R"
+ by blast
+qed
+
+text\<open>The set of products of elements from two finite sets is again finite.\<close>
+lemma(in ring) prod_set_finite:
+ assumes "finite as"
+ assumes "finite bs"
+ shows "finite (prod_set as bs)" "card (prod_set as bs) \<le> card as * card bs"
+proof-
+ have "finite (as \<times> bs)"
+ using assms
+ by blast
+ then show "finite (prod_set as bs)"
+ using prod_set_def
+ by (metis (no_types, lifting) finite_imageI)
+ have "card (prod_set as bs) \<le> card (as \<times> bs)"
+ using assms
+ unfolding prod_set_def
+ using \<open>finite (as \<times> bs)\<close> card_image_le by blast
+ then show "card (prod_set as bs) \<le> card as * card bs"
+ by (simp add: card_cartesian_product)
+qed
+
+definition poly_prod_set where
+"poly_prod_set n as bs = ring.prod_set (R[\<X>\<^bsub>n\<^esub>]) as bs"
+
+lemma poly_prod_setE:
+ assumes "c \<in> poly_prod_set n as bs"
+ shows "\<exists>a \<in> as. \<exists>b \<in> bs. c = a \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> b"
+ using ring.prod_setI[of "R[\<X>\<^bsub>n\<^esub>]"] R.Pring_is_ring assms poly_prod_set_def coord_cring_cring cring.axioms(1)
+ by blast
+
+lemma poly_prod_setI:
+ assumes "a \<in> as"
+ assumes "b \<in> bs"
+ shows "a \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> b \<in> poly_prod_set n as bs"
+proof-
+ have 0: "(a,b) \<in> (as \<times> bs)"
+ using assms by blast
+ have 1: "(\<lambda>x. fst x \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> snd x) (a, b) = a \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> b"
+ by (metis fst_conv snd_conv)
+ have 2: "(\<lambda>x. fst x \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> snd x) (a, b) \<in> ((\<lambda>x. fst x \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> snd x) ` (as \<times> bs))"
+ using 0 by blast
+ have 3: "ring (R[\<X>\<^bsub>n\<^esub>])"
+ by (simp add: R.Pring_is_ring coord_ring_def)
+ then show ?thesis
+ unfolding poly_prod_set_def using 0 1 2 3 ring.prod_set_def[of "R[\<X>\<^bsub>n\<^esub>]" as bs]
+ by presburger
+qed
+
+lemma poly_prod_set_closed:
+ assumes "as \<subseteq> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "bs \<subseteq> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "poly_prod_set n as bs \<subseteq> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using ring.prod_set_closed[of "R[\<X>\<^bsub>n\<^esub>]"] R.Pring_is_ring assms(1) assms(2) poly_prod_set_def
+ by (simp add: coord_cring_cring cring.axioms(1))
+
+lemma poly_prod_set_finite:
+ assumes "finite as"
+ assumes "finite bs"
+ shows "finite (poly_prod_set n as bs)" "card (poly_prod_set n as bs) \<le> card as * card bs"
+
+ using ring.prod_set_finite[of "R[\<X>\<^bsub>n\<^esub>]"]
+ apply (simp add: R.Pring_is_ring assms(1) assms(2) poly_prod_set_def)
+ using ring.prod_set_finite[of "R[\<X>\<^bsub>n\<^esub>]"]
+ apply (simp add: assms(1) assms(2) coord_cring_cring cring.axioms(1))
+ by (simp add: assms(1) assms(2) coord_cring_cring cring.axioms(1) poly_prod_set_def ring.prod_set_finite(2))
+
+end
+
+locale domain_coord_rings = cring_coord_rings + domain
+
+lemma(in domain_coord_rings) poly_prod_set_algebraic_set:
+ assumes "as \<subseteq> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "bs \<subseteq> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "affine_alg_set R n as \<union> affine_alg_set R n bs = affine_alg_set R n (poly_prod_set n as bs)"
+proof
+ show "affine_alg_set R n as \<union> affine_alg_set R n bs \<subseteq> affine_alg_set R n (poly_prod_set n as bs)"
+ proof fix x
+ assume A: "x \<in> affine_alg_set R n as \<union> affine_alg_set R n bs"
+ show "x \<in> affine_alg_set R n (poly_prod_set n as bs)"
+ proof(rule affine_alg_set_memI)
+ show "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ using A affine_alg_set_closed
+ by blast
+ show "\<And>p. p \<in> poly_prod_set n as bs \<Longrightarrow> eval_at_poly R p x = \<zero>"
+ proof- fix p
+ assume B: "p \<in> poly_prod_set n as bs"
+ show "eval_at_poly R p x = \<zero>"
+ proof-
+ obtain p0 p1 where C: "p0 \<in> as \<and> p1 \<in> bs \<and> p = p0 \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> p1"
+ using B poly_prod_setE by blast
+ then have D: "eval_at_poly R p x = (eval_at_poly R p0 x) \<otimes> (eval_at_poly R p1 x)"
+ using \<open>x \<in> carrier (R\<^bsup>n\<^esup>)\<close> assms(1) assms(2) eval_at_point_mult
+ by blast
+ show ?thesis proof(cases "x \<in> affine_alg_set R n as")
+ case True
+ then have "(eval_at_poly R p0 x) = \<zero>"
+ using C affine_alg_set_memE by blast
+ then show ?thesis
+ by (smt C D \<open>x \<in> carrier (R\<^bsup>n\<^esup>)\<close> assms(2) eval_at_point_closed R.semiring_axioms semiring.l_null subsetD)
+ next
+ case False
+ then have "x \<in> affine_alg_set R n bs"
+ using A
+ by blast
+ then have "(eval_at_poly R p1 x) = \<zero>"
+ using C affine_alg_set_memE by blast
+ then show ?thesis
+ using C A False
+ by (smt D \<open>x \<in> carrier (R\<^bsup>n\<^esup>)\<close> assms(1) eval_at_point_closed R.r_null subsetD)
+ qed
+ qed
+ qed
+ qed
+ qed
+ show "affine_alg_set R n (poly_prod_set n as bs) \<subseteq> affine_alg_set R n as \<union> affine_alg_set R n bs"
+ proof fix x
+ assume A: "x \<in> affine_alg_set R n (poly_prod_set n as bs)"
+ have x_car: "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ using A affine_alg_set_closed
+ by blast
+ show "x \<in> affine_alg_set R n as \<union> affine_alg_set R n bs"
+ proof(cases "x \<in> affine_alg_set R n as")
+ case True
+ then show ?thesis by blast
+ next
+ case False
+ have "x \<in> affine_alg_set R n bs"
+ proof(rule affine_alg_set_memI)
+ show "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ using A affine_alg_set_closed by blast
+ show "\<And>p. p \<in> bs \<Longrightarrow> eval_at_poly R p x = \<zero>"
+ proof-
+ fix p assume p_def: "p \<in> bs"
+ obtain a where a_def: "a \<in> as \<and> eval_at_poly R a x \<noteq> \<zero>"
+ using False affine_alg_set_not_memE \<open>x \<in> carrier (R\<^bsup>n\<^esup>)\<close>
+ by blast
+ then have "a \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> p \<in> (poly_prod_set n as bs)"
+ using poly_prod_setI[of a as p bs] p_def
+ by blast
+ then have "eval_at_poly R (a \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> p) x = \<zero>"
+ using A affine_alg_set_memE
+ by blast
+
+ then have "eval_at_poly R a x \<otimes> eval_at_poly R p x = \<zero>"
+ using eval_at_point_mult[of x n a p]
+ by (metis (no_types, lifting) \<open>x \<in> carrier (R\<^bsup>n\<^esup>)\<close> a_def assms(1) assms(2) p_def subsetD)
+ then show "eval_at_poly R p x = \<zero>"
+ using a_def p_def
+ by (meson assms(1) assms(2) eval_at_point_closed integral_iff subsetD x_car)
+ qed
+ qed
+ then show ?thesis
+ by blast
+ qed
+ qed
+qed
+
+definition is_algebraic :: "('a, 'b) ring_scheme \<Rightarrow> nat \<Rightarrow> 'a list set \<Rightarrow> bool" where
+"is_algebraic R n S = (\<exists>ps. finite ps \<and> ps \<subseteq> carrier (R[\<X>\<^bsub>n\<^esub>]) \<and> S = affine_alg_set R n ps)"
+
+context cring_coord_rings
+begin
+
+lemma is_algebraicE:
+ assumes "is_algebraic R n S"
+ obtains ps where "finite ps" "ps \<subseteq> carrier (R[\<X>\<^bsub>n\<^esub>])" "S = affine_alg_set R n ps"
+ using assms
+ by (meson is_algebraic_def)
+
+lemma is_algebraicI:
+ assumes "finite ps"
+ assumes "ps \<subseteq> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "S = affine_alg_set R n ps"
+ shows "is_algebraic R n S"
+ using is_algebraic_def assms
+ by blast
+
+lemma is_algebraicI':
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "S = zero_set R n p"
+ shows "is_algebraic R n S"
+ by (metis affine_alg_set_singleton assms(1) assms(2) empty_subsetI finite.emptyI finite.intros(2) insert_subset is_algebraic_def)
+
+end
+
+definition alg_sets :: "arity \<Rightarrow> ('a, 'b) ring_scheme \<Rightarrow> ('a list set) set" where
+"alg_sets n R = {S. is_algebraic R n S}"
+
+context cring_coord_rings
+begin
+
+lemma intersection_is_alg:
+ assumes "is_algebraic R n A"
+ assumes "is_algebraic R n B"
+ shows "is_algebraic R n (A \<inter> B)"
+proof-
+ obtain as where as_def: "finite as \<and> as \<subseteq> carrier (R[\<X>\<^bsub>n\<^esub>]) \<and> A = affine_alg_set R n as"
+ by (meson assms(1) is_algebraicE)
+ obtain bs where bs_def: "finite bs \<and> bs \<subseteq> carrier (R[\<X>\<^bsub>n\<^esub>]) \<and> B = affine_alg_set R n bs"
+ by (meson assms(2) is_algebraicE)
+ show ?thesis apply(rule is_algebraicI[of "as \<union> bs"])
+ using as_def bs_def apply blast
+ using as_def bs_def apply blast
+ by (simp add: affine_alg_set_intersect as_def bs_def)
+qed
+
+lemma(in domain_coord_rings) union_is_alg:
+ assumes "is_algebraic R n A"
+ assumes "is_algebraic R n B"
+ shows "is_algebraic R n (A \<union> B)"
+proof-
+ obtain as where as_def: "finite as \<and> as \<subseteq> carrier (R[\<X>\<^bsub>n\<^esub>]) \<and> A = affine_alg_set R n as"
+ by (meson assms(1) is_algebraicE)
+ obtain bs where bs_def: "finite bs \<and> bs \<subseteq> carrier (R[\<X>\<^bsub>n\<^esub>]) \<and> B = affine_alg_set R n bs"
+ by (meson assms(2) is_algebraicE)
+ show ?thesis apply(rule is_algebraicI[of "poly_prod_set n as bs"])
+ using as_def bs_def
+ apply (simp add: poly_prod_set_finite(1))
+ using as_def bs_def poly_prod_set_closed apply blast
+ using as_def bs_def poly_prod_set_algebraic_set
+ by simp
+qed
+
+lemma zero_set_zero:
+"zero_set R n \<zero>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> = carrier (R\<^bsup>n\<^esup>)"
+ by (metis R.add.r_cancel_one cring.cring_simprules(2) cring.cring_simprules(8)
+ coord_cring_cring cring_coord_rings.eval_at_point_add cring_coord_rings.eval_at_point_closed
+ cring_coord_rings_axioms subsetI subset_antisym zero_setI zero_set_closed)
+
+lemma affine_alg_set_set:
+"affine_alg_set R n {\<zero>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>} = carrier (R\<^bsup>n\<^esup>)"
+using affine_alg_set_singleton zero_set_zero
+by blast
+
+lemma car_is_alg:
+"is_algebraic R n (carrier (R\<^bsup>n\<^esup>))"
+ apply(rule is_algebraicI[of "{\<zero>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>}"])
+ apply blast
+ using R.Pring_zero_closed
+ apply blast
+ using affine_alg_set_set by blast
+
+lemma zero_set_nonzero_constant:
+ assumes "a \<noteq> \<zero>"
+ assumes "a \<in> carrier R"
+ shows "zero_set R n (coord_const a) = {}"
+proof(rule ccontr)
+ assume "V n (coord_const a) \<noteq> {}"
+ then obtain x where "x \<in> V n (coord_const a)"
+ by blast
+ then show False
+ by (metis assms(1) assms(2) cring_coord_rings.eval_at_point_const cring_coord_rings.zero_setE(1) cring_coord_rings.zero_setE(2) cring_coord_rings_axioms)
+qed
+
+lemma zero_set_one:
+ assumes "a \<noteq> \<zero>"
+ assumes "a \<in> carrier R"
+ shows "zero_set R n \<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> = {}"
+ using zero_set_nonzero_constant
+ by (metis R.Pring_one coord_ring_def one_neq_zero R.one_closed)
+
+lemma empty_set_as_affine_alg_set:
+"affine_alg_set R n {\<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>} = {}"
+ using affine_alg_set_singleton local.one_neq_zero zero_set_one by blast
+
+lemma empty_is_alg:
+"is_algebraic R n {}"
+ apply(rule is_algebraicI'[of "\<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>"])
+ apply blast
+ using local.one_neq_zero zero_set_one by blast
+
+
+ (**********************************************************************)
+ (**********************************************************************)
+ subsubsection\<open>Finite Sets Are Algebraic\<close>
+ (**********************************************************************)
+ (**********************************************************************)
+text\<open>the function mapping a point in $R^n$ to the unique linear polynomial vanishing exclusively at that point\<close>
+
+definition pvar_trans :: "nat \<Rightarrow> nat \<Rightarrow> 'a \<Rightarrow> ('a, nat) mvar_poly" where
+"pvar_trans n i a = (pvar R i) \<ominus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> coord_const a"
+
+lemma pvar_trans_closed:
+ assumes "a \<in> carrier R"
+ assumes "i < n"
+ shows "pvar_trans n i a \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ unfolding pvar_trans_def using assms
+ by (metis MP.minus_closed coord_ring_def R.indexed_const_closed local.pvar_closed)
+
+lemma pvar_trans_eval:
+ assumes "a \<in> carrier R"
+ assumes "b \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "i < n"
+ shows "eval_at_point R b (pvar_trans n i a) = (b!i) \<ominus> a"
+proof-
+ have "eval_at_point R b (pvar_trans n i a) =
+ (eval_at_point R b (pvar R i)) \<oplus> (eval_at_point R b (\<ominus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> (coord_const a)))"
+ unfolding pvar_trans_def a_minus_def using assms
+ by (metis MP.add.inv_closed coord_ring_def eval_at_point_add R.indexed_const_closed local.pvar_closed)
+
+ then show ?thesis
+ by (metis a_minus_def assms(1) assms(2) assms(3) coord_ring_def eval_at_point_a_inv eval_at_point_const eval_pvar R.indexed_const_closed)
+qed
+
+definition point_to_polys :: "'a list \<Rightarrow> ('a, nat) mvar_poly list" where
+"point_to_polys as = map (\<lambda> x. pvar_trans (length as) (snd x) (fst x)) (zip as (index_list (length as)))"
+
+lemma point_to_polys_length:
+"length (point_to_polys as) = length as"
+ unfolding point_to_polys_def
+ by (smt index_list_length length_map list.map_ident map_eq_imp_length_eq zip_eq_conv)
+
+lemma point_to_polysE:
+ assumes "i < length as"
+ shows "(point_to_polys as) ! i = (pvar_trans (length as) i (as ! i))"
+proof-
+ have " (zip as (index_list (length as)))!i = ((as!i), i)"
+ by (metis assms index_list_indices index_list_length nth_zip)
+ then have 0: "(point_to_polys as) ! i = (\<lambda> x. pvar_trans (length as) (snd x) (fst x)) ((as!i), i)"
+ unfolding point_to_polys_def
+ using assms nth_map[of i "(zip as (index_list (length as)))" "(\<lambda>x. pvar_trans (length as) (snd x) (fst x))" ]
+ by (metis index_list_length length_map map_fst_zip)
+ then show ?thesis
+ by (metis fst_conv snd_conv)
+qed
+
+lemma point_to_polysE':
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "i < n"
+ shows "eval_at_point R as ((point_to_polys as) ! i) = \<zero>"
+ by (metis assms(1) assms(2) cartesian_power_car_memE cartesian_power_car_memE' point_to_polysE pvar_trans_eval R.r_right_minus_eq)
+
+lemma point_to_polysE'':
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "b \<in> set (point_to_polys as)"
+ shows "eval_at_point R as b = \<zero>"
+ using point_to_polysE'
+ by (metis assms(1) assms(2) cartesian_power_car_memE in_set_conv_nth point_to_polys_length)
+
+lemma point_to_polys_zero_set:
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "b \<in> set (point_to_polys as)"
+ shows "as \<in> zero_set R n b"
+ using assms(1) assms(2) point_to_polysE'' zero_setI by blast
+
+lemma point_to_polys_closed:
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "set (point_to_polys as) \<subseteq> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using assms point_to_polysE pvar_trans_closed
+ by (smt cartesian_power_car_memE cartesian_power_car_memE' in_set_conv_nth point_to_polys_length subsetI)
+
+lemma point_to_polys_affine_alg_set:
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "affine_alg_set R n (set (point_to_polys as)) = {as}"
+proof
+ show "affine_alg_set R n (set (point_to_polys as)) \<subseteq> {as}"
+ proof
+ fix x
+ assume A0: "x \<in> affine_alg_set R n (set (point_to_polys as))"
+ then have 0: "length x = n" using affine_alg_set_closed[of n " (set (point_to_polys as))"]
+ using cartesian_power_car_memE by blast
+ have "\<And>i. i < n \<Longrightarrow> x!i = as!i"
+ proof-
+ fix i
+ assume A1: "i < n"
+ show " x!i = as!i"
+ using A0
+ by (smt A1 affine_alg_set_closed affine_alg_set_memE assms cartesian_power_car_memE
+ cartesian_power_car_memE' nth_mem point_to_polysE point_to_polys_length
+ pvar_trans_eval R.r_right_minus_eq subsetD)
+ qed
+ then have "x = as"
+ by (metis "0" assms cartesian_power_car_memE nth_equalityI)
+ then show "x \<in> {as}"
+ by blast
+ qed
+ show "{as} \<subseteq> affine_alg_set R n (set (point_to_polys as))"
+ proof-
+ have "as \<in> affine_alg_set R n (set (point_to_polys as))"
+ using affine_alg_set_not_memE assms point_to_polysE''
+ by blast
+ then show ?thesis
+ by blast
+ qed
+qed
+
+lemma singleton_is_algebraic:
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "is_algebraic R n {as}"
+ apply(rule is_algebraicI[of "(set (point_to_polys as))"])
+ apply blast
+ using point_to_polys_affine_alg_set
+ using assms point_to_polys_closed apply blast
+ by (simp add: assms point_to_polys_affine_alg_set)
+
+lemma(in domain_coord_rings) finite_sets_are_algebraic:
+ assumes "finite F"
+ shows "F \<subseteq> carrier (R\<^bsup>n\<^esup>) \<longrightarrow> is_algebraic R n F"
+ apply(rule finite.induct)
+ apply (simp add: assms)
+ using empty_is_alg apply blast
+ using singleton_is_algebraic
+ by (metis union_is_alg insert_is_Un insert_subset)
+
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Polynomial Maps\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+ (**********************************************************************)
+ (**********************************************************************)
+ subsection\<open>The Action of Index Permutations on Polynomials\<close>
+ (**********************************************************************)
+ (**********************************************************************)
+
+definition permute_poly_args ::
+ "nat \<Rightarrow> (nat \<Rightarrow> nat) \<Rightarrow> ('a, nat) mvar_poly \<Rightarrow> ('a, nat) mvar_poly" where
+"permute_poly_args (n::nat) \<sigma> p = indexed_poly_induced_morphism {..<n} (R[\<X>\<^bsub>n\<^esub>]) coord_const (\<lambda>i. pvar R (\<sigma> i)) p"
+
+lemma permute_poly_args_characterization:
+ assumes "\<sigma> permutes {..< n}"
+ shows "(ring_hom_ring (R[\<X>\<^bsub>n\<^esub>]) (R[\<X>\<^bsub>n\<^esub>]) (permute_poly_args (n::nat) \<sigma>))"
+ "(\<forall>i \<in> {..<n}. (permute_poly_args (n::nat) \<sigma>) (pvar R i) = pvar R (\<sigma> i))"
+ "(\<forall>a \<in> carrier R. permute_poly_args (n::nat) \<sigma> (coord_const a) = (coord_const a))"
+proof-
+ have 0: "cring (R[\<X>\<^bsub>n\<^esub>])"
+ by (simp add: MP.is_cring)
+ have 1: "(\<lambda>i. pvar R (\<sigma> i)) \<in> {..<n} \<rightarrow> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ proof
+ fix x
+ assume A: "x \<in> {..<n}"
+ then have 0: "\<sigma> x \<in> {..<n}"
+ using assms
+ by (meson permutes_in_image)
+ then have "\<sigma> x < n"
+ using assms
+ by auto
+ then show "pvar R (\<sigma> x) \<in> carrier (R[\<X>\<^bsub>n\<^esub>]) "
+ using pvar_closed[of "\<sigma> x" n]
+ by blast
+ qed
+ have 2: " ring_hom_ring R (R[\<X>\<^bsub>n\<^esub>]) coord_const"
+ using R.indexed_const_ring_hom unfolding coord_ring_def
+ by blast
+ have 3: " indexed_poly_induced_morphism {..<n} (R[\<X>\<^bsub>n\<^esub>]) coord_const (\<lambda>i. pvar R (\<sigma> i)) =
+ indexed_poly_induced_morphism {..<n} (R[\<X>\<^bsub>n\<^esub>]) coord_const (\<lambda>i. pvar R (\<sigma> i))"
+ by blast
+ show "ring_hom_ring (R[\<X>\<^bsub>n\<^esub>]) (R[\<X>\<^bsub>n\<^esub>]) (permute_poly_args n \<sigma>)"
+ using 0 1 2 3
+ R.Pring_universal_prop[of "(R[\<X>\<^bsub>n\<^esub>])" " (\<lambda>i. pvar R (\<sigma> i))" "{..<n}" coord_const "permute_poly_args (n::nat) \<sigma>" ]
+ unfolding permute_poly_args_def
+ by (metis coord_ring_def)
+ show "\<forall>i\<in>{..<n}. permute_poly_args n \<sigma> (pvar R i) = pvar R (\<sigma> i)"
+ using 0 1 2 3
+ R.Pring_universal_prop(2)[of "(R[\<X>\<^bsub>n\<^esub>])" " (\<lambda>i. pvar R (\<sigma> i))" "{..<n}" coord_const "permute_poly_args (n::nat) \<sigma>" ]
+ unfolding permute_poly_args_def var_to_IP_def
+ by blast
+ show "\<forall>a\<in>carrier R. permute_poly_args n \<sigma> (coord_const a) = coord_const a"
+ using 0 1 2 3
+ R.Pring_universal_prop[of "(R[\<X>\<^bsub>n\<^esub>])" " (\<lambda>i. pvar R (\<sigma> i))" "{..<n}" coord_const "permute_poly_args (n::nat) \<sigma>" ]
+ unfolding permute_poly_args_def var_to_IP_def
+ by blast
+qed
+
+lemma permute_poly_args_closed:
+ assumes "\<sigma> permutes {..<n}"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "permute_poly_args n \<sigma> p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+proof-
+ have "(ring_hom_ring (R[\<X>\<^bsub>n\<^esub>]) (R[\<X>\<^bsub>n\<^esub>]) (permute_poly_args (n::nat) \<sigma>))"
+ using assms permute_poly_args_characterization(1)
+ by blast
+ then have "(permute_poly_args (n::nat) \<sigma>) \<in> carrier (R[\<X>\<^bsub>n\<^esub>]) \<rightarrow> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ unfolding ring_hom_ring_def ring_hom_ring_axioms_def ring_hom_def
+ by blast
+ then show ?thesis
+ using assms
+ by blast
+qed
+
+
+lemma permute_poly_args_constant:
+ assumes "a \<in> carrier R"
+ assumes "\<sigma> permutes {..<n}"
+ shows "permute_poly_args n \<sigma> (coord_const a) = (coord_const a)"
+ using assms permute_poly_args_characterization(3)
+ by blast
+
+lemma permute_poly_args_add:
+ assumes "\<sigma> permutes {..<n}"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "q \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "permute_poly_args n \<sigma> (p \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> q) = (permute_poly_args n \<sigma> p) \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> (permute_poly_args n \<sigma> q)"
+ using permute_poly_args_characterization(1)[of \<sigma>] assms
+ unfolding ring_hom_ring_def ring_hom_ring_axioms_def
+ by (metis (no_types, lifting) ring_hom_add)
+
+lemma permute_poly_args_mult:
+ assumes "\<sigma> permutes {..<n}"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "q \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "permute_poly_args n \<sigma> (p \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> q) = (permute_poly_args n \<sigma> p) \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> (permute_poly_args n \<sigma> q)"
+ using permute_poly_args_characterization(1)[of \<sigma>] assms
+ unfolding ring_hom_ring_def ring_hom_ring_axioms_def
+ using ring_hom_mult
+ by (metis (mono_tags, lifting))
+
+lemma permute_poly_args_indexed_pmult:
+ assumes "\<sigma> permutes {..<n}"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "i \<in> {..<n}"
+ shows "(permute_poly_args n \<sigma> (p \<Otimes> i)) = (permute_poly_args n \<sigma> p) \<Otimes> (\<sigma> i)"
+proof
+ fix x
+ show "permute_poly_args n \<sigma> (p \<Otimes> i) x = (permute_poly_args n \<sigma> p \<Otimes> \<sigma> i) x"
+ proof-
+ have 0: "(p \<Otimes> i) = (p \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> pvar R i)"
+ using assms pvar_indexed_pmult
+ by blast
+ have 1: "(permute_poly_args n \<sigma> p) \<Otimes> (\<sigma> i) = (permute_poly_args n \<sigma> p) \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> pvar R (\<sigma> i)"
+ using assms permute_poly_args_closed pvar_indexed_pmult by blast
+ have 2: "permute_poly_args n \<sigma> (p \<Otimes> i) x = permute_poly_args n \<sigma> (p \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> pvar R i) x"
+ using \<open>p \<Otimes> i = p \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> pvar R i\<close> by presburger
+ then show ?thesis using 1 R.Pring_var_closed assms(1) assms(2) assms(3) assms
+ permute_poly_args_mult R.is_cring permute_poly_args_characterization(2) R.zero_closed
+ by (metis coord_ring_def)
+ qed
+qed
+
+lemma permute_list_closed:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "\<sigma> permutes {..<n}"
+ shows "(permute_list \<sigma> a) \<in> carrier (R\<^bsup>n\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ using assms cartesian_power_car_memE length_permute_list apply blast
+proof-
+ have 0: "set a \<subseteq> carrier R"
+ using assms(1) cartesian_power_car_memE'' by blast
+ have "\<sigma> permutes {..<length a}"
+ proof-
+ have 0: "length a = n"
+ using assms cartesian_power_car_memE by blast
+ have "{..<n} = {..<length a}"
+ using 0 by blast
+ then show ?thesis
+ using assms by presburger
+ qed
+ have 1: "set (permute_list \<sigma> a) = set a"
+ using assms set_permute_list[of \<sigma> a] \<open>\<sigma> permutes {..<length a}\<close>
+ by blast
+ then show "set (permute_list \<sigma> a) \<subseteq> carrier R"
+ by (simp add: "1" "0")
+qed
+
+lemma permute_list_set:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "\<sigma> permutes {..<n}"
+ shows "set (permute_list \<sigma> a) = set a"
+proof-
+ have "\<sigma> permutes {..<length a}"
+ proof-
+ have 0: "length a = n"
+ using assms cartesian_power_car_memE by blast
+ have "{..<n} = {..<length a}"
+ using 0 by blast
+ then show ?thesis
+ using assms by presburger
+ qed
+ then show 1: "set (permute_list \<sigma> a) = set a"
+ using assms set_permute_list[of \<sigma> a]
+ by blast
+qed
+
+end
+
+definition perm_map :: "('a, 'b) ring_scheme \<Rightarrow> nat \<Rightarrow> (nat \<Rightarrow> nat) \<Rightarrow> 'a list \<Rightarrow> 'a list" where
+"perm_map R n \<sigma> = restrict (permute_list \<sigma>) (carrier (R\<^bsup>n\<^esup>))"
+
+context cring_coord_rings
+begin
+
+lemma perm_map_is_struct_map:
+ assumes "\<sigma> permutes {..<n}"
+ shows "perm_map R n \<sigma> \<in> struct_maps (R\<^bsup>n\<^esup>) (R\<^bsup>n\<^esup>)"
+ apply(rule struct_maps_memI)
+ unfolding perm_map_def restrict_def using assms permute_list_closed[of _ n \<sigma>]
+ apply metis
+ by metis
+
+lemma permute_poly_args_eval:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "\<sigma> permutes {..<n}"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "eval_at_point R a (permute_poly_args n \<sigma> p) = eval_at_point R (permute_list \<sigma> a) p"
+ apply(rule R.indexed_pset.induct[of p "{..<n}" "carrier R"])
+ using R.Pring_car assms apply (metis coord_ring_def)
+ apply (metis assms(1) assms(2) eval_at_point_const permute_list_closed permute_poly_args_constant)
+proof-
+ show "\<And>p Q. p \<in> Pring_set R {..<n} \<Longrightarrow>
+ eval_at_point R a (permute_poly_args n \<sigma> p) = eval_at_point R (permute_list \<sigma> a) p \<Longrightarrow>
+ Q \<in> Pring_set R {..<n} \<Longrightarrow>
+ eval_at_point R a (permute_poly_args n \<sigma> Q) = eval_at_point R (permute_list \<sigma> a) Q \<Longrightarrow>
+ eval_at_point R a (permute_poly_args n \<sigma> (p \<Oplus> Q)) = eval_at_point R (permute_list \<sigma> a) (p \<Oplus> Q)"
+ proof-
+ fix p Q assume A0: "p \<in> Pring_set R {..<n} "
+ assume A1: "eval_at_point R a (permute_poly_args n \<sigma> p) = eval_at_point R (permute_list \<sigma> a) p "
+ assume A2: "Q \<in> Pring_set R {..<n}"
+ assume A3: "eval_at_point R a (permute_poly_args n \<sigma> Q) = eval_at_point R (permute_list \<sigma> a) Q"
+ have A0': "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>]) "
+ using A0 R.Pring_car unfolding coord_ring_def by blast
+ have A2': "Q \<in> carrier (R[\<X>\<^bsub>n\<^esub>]) "
+ using A2 R.Pring_car unfolding coord_ring_def by blast
+ have A4: "(permute_poly_args n \<sigma> (p \<Oplus> Q)) = (permute_poly_args n \<sigma> p) \<Oplus> (permute_poly_args n \<sigma> Q)"
+ proof-
+ have "(permute_poly_args n \<sigma> (p \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> Q)) = (permute_poly_args n \<sigma> p) \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> (permute_poly_args n \<sigma> Q)"
+ using A0' A2' assms permute_poly_args_add by blast
+ then show ?thesis
+ unfolding coord_ring_def
+ by (metis R.Pring_add)
+ qed
+ show A5: "eval_at_point R a (permute_poly_args n \<sigma> (p \<Oplus> Q)) = eval_at_point R (permute_list \<sigma> a) (p \<Oplus> Q)"
+ using eval_at_point_add[of a n "permute_poly_args n \<sigma> p" "permute_poly_args n \<sigma> Q" ]
+ permute_poly_args_add[of \<sigma> n p Q] A0' A1 A2' A3 A4 permute_poly_args_closed assms
+ by (metis R.Pring_add cartesian_power_car_memE cartesian_power_car_memE''
+ cartesian_power_car_memI coord_ring_def eval_at_point_add length_permute_list permute_list_set)
+ qed
+ show "\<And>p i. p \<in> Pring_set R {..<n} \<Longrightarrow>
+ eval_at_point R a (permute_poly_args n \<sigma> p) = eval_at_point R (permute_list \<sigma> a) p \<Longrightarrow>
+ i \<in> {..<n} \<Longrightarrow> eval_at_point R a (permute_poly_args n \<sigma> (p \<Otimes> i)) = eval_at_point R (permute_list \<sigma> a) (p \<Otimes> i)"
+ proof-
+ fix p i
+ assume A0: "p \<in> Pring_set R {..<n}"
+ assume A1: "eval_at_point R a (permute_poly_args n \<sigma> p) = eval_at_point R (permute_list \<sigma> a) p "
+ assume A2: "i \<in> {..<n}"
+ have LHS: "eval_at_point R a (permute_poly_args n \<sigma> (p \<Otimes> i)) = eval_at_point R a (permute_poly_args n \<sigma> p \<Otimes> \<sigma> i)"
+ using permute_poly_args_indexed_pmult[of \<sigma> n p i ] A0 A1 A2 assms
+ by (metis R.Pring_car coord_ring_def)
+ then have LHS' : "eval_at_point R a (permute_poly_args n \<sigma> (p \<Otimes> i)) =
+ eval_at_point R a (permute_poly_args n \<sigma> p \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> pvar R (\<sigma> i))"
+ using A0 R.Pring_car assms(1) assms permute_poly_args_closed pvar_indexed_pmult
+ by (metis coord_ring_def)
+ have "eval_at_point R a (permute_poly_args n \<sigma> p \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> pvar R (\<sigma> i)) =
+ eval_at_point R a (permute_poly_args n \<sigma> p) \<otimes> eval_at_point R a (pvar R (\<sigma> i))"
+ proof-
+ have 1: "permute_poly_args n \<sigma> p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using A0 R.Pring_car assms(1) assms permute_poly_args_closed
+ by (metis coord_ring_def)
+ have "pvar R (\<sigma> i) \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ proof-
+ have "\<sigma> i \<in> {..<n}"
+ using A2 assms
+ by (meson permutes_in_image)
+ then have "(\<sigma> i) < n"
+ by blast
+ then show ?thesis
+ using pvar_closed[of "\<sigma> i" n]
+ by blast
+ qed
+ then have LHS'' : "eval_at_point R a (permute_poly_args n \<sigma> (p \<Otimes> i)) =
+ (eval_at_point R a (permute_poly_args n \<sigma> p)) \<otimes>\<^bsub>R\<^esub> eval_at_point R a (pvar R (\<sigma> i))"
+ using LHS' "1" eval_at_point_mult assms
+ by presburger
+ then show ?thesis
+ using LHS' by presburger
+ qed
+ then have LHS'': "eval_at_point R a (permute_poly_args n \<sigma> (p \<Otimes> i)) =
+ eval_at_point R a (permute_poly_args n \<sigma> p) \<otimes> eval_at_point R a (pvar R (\<sigma> i))"
+ using LHS' by presburger
+ have 0: "eval_at_point R a (pvar R (\<sigma> i)) = a! (\<sigma> i)"
+ proof-
+ have "\<sigma> i \<in> {..<n}"
+ using A2 assms
+ by (meson permutes_in_image)
+ then have 0: "\<sigma> i < n"
+ by blast
+ have 1: "permute_list \<sigma> a \<in> carrier (R\<^bsup>n\<^esup>)"
+ using assms(1) assms(2) assms(3) permute_list_closed by blast
+ show ?thesis
+ using 0 1 eval_pvar[of "\<sigma> i" n a] assms
+ by blast
+ qed
+ have 1: "(permute_list \<sigma> a)! i = a! \<sigma> i"
+ proof-
+ have "length a = n"
+ using assms cartesian_power_car_memE
+ by blast
+ then have "{..<length a} = {..<n}"
+ by blast
+ then have 0: " \<sigma> permutes {..<length a}"
+ using assms
+ by presburger
+ have 1: "i < length a"
+ using A2 \<open>{..<length a} = {..<n}\<close>
+ by blast
+ show ?thesis using 0 1 permute_list_nth[of \<sigma> a i]
+ by blast
+ qed
+ have LHS''': "eval_at_point R a (permute_poly_args n \<sigma> (p \<Otimes> i)) =
+ eval_at_point R (permute_list \<sigma> a) p \<otimes> a! (\<sigma> i)"
+ using 0 LHS'' A1
+ by presburger
+ have RHS: "eval_at_point R (permute_list \<sigma> a) (p \<Otimes> i) =
+ (eval_at_point R (permute_list \<sigma> a) p) \<otimes>\<^bsub>R\<^esub> (eval_at_point R (permute_list \<sigma> a) (pvar R i))"
+ proof-
+ have "(p \<Otimes> i) = p \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> (pvar R i)"
+ using A0 R.Pring_car pvar_indexed_pmult unfolding coord_ring_def
+ by blast
+ then show ?thesis
+ using eval_at_point_mult[of "(permute_list \<sigma> a)" n p "(pvar R i)" ]
+ A0 A2 R.Pring_car R.Pring_var_closed assms(1) assms(2) assms(3) permute_list_closed
+ by (metis coord_ring_def)
+ qed
+ then have RHS': "eval_at_point R (permute_list \<sigma> a) (p \<Otimes> i) =
+ (eval_at_point R (permute_list \<sigma> a) p) \<otimes>\<^bsub>R\<^esub> (permute_list \<sigma> a)! i"
+ proof-
+ have 0: "i < n"
+ using A2 assms
+ by blast
+ have 1: "permute_list \<sigma> a \<in> carrier (R\<^bsup>n\<^esup>)"
+ using assms permute_list_closed
+ by blast
+ show ?thesis
+ using 0 1 eval_pvar[of i n "(permute_list \<sigma> a)" ] RHS
+ by presburger
+ qed
+ then show "eval_at_point R a (permute_poly_args n \<sigma> (p \<Otimes> i)) = eval_at_point R (permute_list \<sigma> a) (p \<Otimes> i)"
+ using LHS''' A1 1
+ by presburger
+ qed
+qed
+
+ (**********************************************************************)
+ (**********************************************************************)
+ subsection\<open>Inverse Images of Sets by Tuples of Polynomials\<close>
+ (**********************************************************************)
+ (**********************************************************************)
+
+definition is_poly_tuple :: "nat \<Rightarrow> ('a, nat) mvar_poly list \<Rightarrow> bool" where
+"is_poly_tuple (n::nat) fs = (set (fs) \<subseteq> carrier (R[\<X>\<^bsub>n\<^esub>]))"
+
+lemma is_poly_tupleE:
+ assumes "is_poly_tuple n fs"
+ assumes "j < length fs"
+ shows "fs ! j \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using assms is_poly_tuple_def nth_mem
+ by blast
+
+lemma is_poly_tuple_Cons:
+ assumes "is_poly_tuple n fs"
+ assumes "f \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "is_poly_tuple n (f#fs)"
+ using assms unfolding is_poly_tuple_def
+ by (metis (no_types, lifting) set_ConsD subset_iff)
+
+lemma is_poly_tuple_append:
+ assumes "is_poly_tuple n fs"
+ assumes "f \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "is_poly_tuple n (fs@[f])"
+ using assms set_append unfolding is_poly_tuple_def
+ by (metis (no_types, lifting) Un_subset_iff append_Nil2 set_ConsD subset_code(1))
+
+definition poly_tuple_eval :: "('a, nat) mvar_poly list \<Rightarrow> 'a list \<Rightarrow> 'a list" where
+"poly_tuple_eval fs as = map (\<lambda> f. eval_at_poly R f as) fs "
+
+lemma poly_tuple_evalE:
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = m"
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "j < m"
+ shows "(poly_tuple_eval fs as)!j \<in> carrier R"
+proof-
+ have 0: "(poly_tuple_eval fs as)!j = (eval_at_poly R (fs!j) as)"
+ using poly_tuple_eval_def
+ by (metis assms(2) assms(4) nth_map)
+ have 1: "(fs!j) \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using assms is_poly_tupleE
+ by blast
+ show ?thesis
+ using assms 0 1 eval_at_point_closed
+ by presburger
+qed
+
+lemma poly_tuple_evalE':
+ shows "length (poly_tuple_eval fs as) = length fs"
+ unfolding poly_tuple_eval_def
+ using length_map by blast
+
+lemma poly_tuple_evalE'':
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = m"
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "j < m"
+ shows "(poly_tuple_eval fs as)!j = (eval_at_poly R (fs!j) as)"
+ using assms
+ unfolding poly_tuple_eval_def
+ using nth_map
+ by blast
+
+lemma poly_tuple_eval_closed:
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = m"
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "(poly_tuple_eval fs as) \<in> carrier (R\<^bsup>m\<^esup>)"
+proof(rule cartesian_power_car_memI)
+ show "length (poly_tuple_eval fs as) = m"
+ using assms
+ by (simp add: assms poly_tuple_evalE')
+ show "set (poly_tuple_eval fs as) \<subseteq> carrier R"
+ proof fix x
+ assume "x \<in> set (poly_tuple_eval fs as)"
+ then obtain j where j_def: "j< m \<and> x = (poly_tuple_eval fs as)!j"
+ using assms
+ by (metis \<open>length (poly_tuple_eval fs as) = m\<close> in_set_conv_nth)
+ then show "x \<in> carrier R"
+ using assms(1) assms(2) assms(3) poly_tuple_evalE assms by blast
+ qed
+qed
+
+lemma poly_tuple_eval_Cons:
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = m"
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "f \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "(poly_tuple_eval (f#fs) as) = (eval_at_point R as f)#(poly_tuple_eval fs as)"
+ using assms poly_tuple_eval_def
+ by (metis list.simps(9))
+
+definition poly_tuple_pullback ::
+ "nat \<Rightarrow> 'a list set \<Rightarrow> ('a, nat) mvar_poly list \<Rightarrow> 'a list set" where
+"poly_tuple_pullback n S fs = ((poly_tuple_eval fs) -` S) \<inter> (carrier (R\<^bsup>n\<^esup>)) "
+
+lemma poly_pullbackE:
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = m"
+ assumes "S \<subseteq> carrier (R\<^bsup>m\<^esup>)"
+ shows "poly_tuple_pullback n S fs \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ using poly_tuple_pullback_def assms
+ by blast
+
+lemma poly_pullbackE':
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = m"
+ assumes "S \<subseteq> carrier (R\<^bsup>m\<^esup>)"
+ assumes "as \<in> poly_tuple_pullback n S fs"
+ shows "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ "poly_tuple_eval fs as \<in> S"
+ using assms
+ apply (meson poly_pullbackE subsetD)
+proof-
+ have "as \<in> poly_tuple_eval fs -` S"
+ using assms unfolding poly_tuple_pullback_def
+ by blast
+ then show "poly_tuple_eval fs as \<in> S"
+ by blast
+qed
+
+lemma poly_pullbackI:
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = m"
+ assumes "S \<subseteq> carrier (R\<^bsup>m\<^esup>)"
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "poly_tuple_eval fs as \<in> S"
+ shows "as \<in> poly_tuple_pullback n S fs"
+ using assms
+ unfolding poly_tuple_pullback_def
+ by blast
+
+
+
+end
+
+text\<open>coordinate permutations as pullbacks. The point here is to realize that permutations of
+indices are just pullbacks (or pushforwards) by particular polynomial maps\<close>
+
+abbreviation pvar_list where
+"pvar_list R n \<equiv> map (pvar R) (index_list n)"
+
+lemma pvar_list_elements:
+ assumes "i < n"
+ shows "pvar_list R n ! i = pvar R i"
+ by (simp add: assms index_list_indices index_list_length)
+
+lemma pvar_list_length:
+"length (pvar_list R n) = n"
+ by (simp add: index_list_length)
+
+context cring_coord_rings
+begin
+
+lemma pvar_list_is_poly_tuple:
+ shows "is_poly_tuple n (pvar_list R n)"
+ unfolding is_poly_tuple_def
+proof fix x
+ assume A: "x \<in> set (pvar_list R n)"
+ have "set (index_list n) = {..<n}"
+ by (simp add: index_list_set)
+ obtain i where "i < n \<and> x = pvar R i"
+ using A pvar_list_elements[of _ n R] pvar_list_length[of R n]
+ by (metis in_set_conv_nth)
+ then show "x \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using pvar_closed
+ by blast
+qed
+
+lemma permutation_of_poly_list_is_poly_list:
+ assumes "is_poly_tuple k fs"
+ assumes "\<sigma> permutes {..< length fs}"
+ shows "is_poly_tuple k (permute_list \<sigma> fs)"
+ unfolding is_poly_tuple_def
+proof-
+ show "set (permute_list \<sigma> fs) \<subseteq> carrier (coord_ring R k)"
+ using assms is_poly_tuple_def set_permute_list
+ by blast
+qed
+
+lemma permutation_of_poly_listE:
+ assumes "is_poly_tuple k fs"
+ assumes "\<sigma> permutes {..< length fs}"
+ assumes "i < length fs"
+ shows "(permute_list \<sigma> fs) ! i = fs ! (\<sigma> i)"
+ using assms permute_list_nth
+ by blast
+
+lemma pushforward_by_permutation_of_poly_list:
+ assumes "is_poly_tuple k fs"
+ assumes "\<sigma> permutes {..< length fs}"
+ assumes "as \<in> carrier (R\<^bsup>k\<^esup>)"
+ shows "poly_tuple_eval (permute_list \<sigma> fs) as = permute_list \<sigma> (poly_tuple_eval fs as)"
+ using assms unfolding poly_tuple_eval_def
+ by (metis permute_list_map)
+
+lemma pushforward_by_pvar_list:
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "poly_tuple_eval (pvar_list R n) as = as"
+ using assms pvar_list_elements[of _ n R] unfolding poly_tuple_eval_def using eval_pvar[of _ n as]
+ by (metis (mono_tags, lifting) cartesian_power_car_memE length_map nth_equalityI nth_map pvar_list_length)
+
+lemma pushforward_by_permuted_pvar_list:
+ assumes "\<sigma> permutes {..< n}"
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "poly_tuple_eval (permute_list \<sigma> (pvar_list R n)) as = permute_list \<sigma> as"
+ by (metis assms pushforward_by_permutation_of_poly_list
+ pushforward_by_pvar_list pvar_list_is_poly_tuple pvar_list_length)
+
+lemma pullback_by_permutation_of_poly_list:
+ assumes "\<sigma> permutes {..< n}"
+ assumes "S \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ shows "poly_tuple_pullback n S (permute_list \<sigma> (pvar_list R n)) =
+ permute_list (fun_inv \<sigma>) ` S"
+proof
+ show "poly_tuple_pullback n S (permute_list \<sigma> (pvar_list R n)) \<subseteq> permute_list (fun_inv \<sigma>) ` S"
+ proof fix x
+ assume A: " x \<in> poly_tuple_pullback n S (permute_list \<sigma> (pvar_list R n))"
+ then obtain y where y_def: "y \<in> S \<and> poly_tuple_eval (permute_list \<sigma> (pvar_list R n)) x = y"
+ by (metis assms length_permute_list
+ permutation_of_poly_list_is_poly_list poly_pullbackE'(2) pvar_list_is_poly_tuple
+ pvar_list_length)
+ then have 0: "y = permute_list \<sigma> x"
+ by (metis A assms length_permute_list
+ permutation_of_poly_list_is_poly_list poly_pullbackE'(1) pushforward_by_permuted_pvar_list pvar_list_is_poly_tuple pvar_list_length)
+ have 1: "length x = n"
+ using A
+ by (metis "0" length_permute_list poly_tuple_evalE' pvar_list_length y_def)
+ then have "{..<length x} = {..<n}"
+ by blast
+ then have "permute_list (fun_inv \<sigma>) y = x"
+ using 0 permutes_inv_o(1)[of \<sigma> "{..< n}"] permute_list_id[of x] permutes_inv[of \<sigma> "{..<n}"]
+ assms permute_list_compose[of "(fun_inv \<sigma>)" x \<sigma> ]
+ unfolding fun_inv_def
+ by metis
+ then show " x \<in> permute_list (fun_inv \<sigma>) ` S"
+ using y_def by blast
+ qed
+ show "permute_list (fun_inv \<sigma>) ` S \<subseteq> poly_tuple_pullback n S (permute_list \<sigma> (pvar_list R n))"
+ proof fix x assume A: "x \<in> permute_list (fun_inv \<sigma>) ` S"
+ then obtain y where y_def: "y \<in> S \<and> x = permute_list (fun_inv \<sigma>) y"
+ by blast
+ have 0: "(fun_inv \<sigma>) permutes {..<n}"
+ using assms unfolding fun_inv_def
+ by (simp add: permutes_inv)
+ have 1: "permute_list \<sigma> x = permute_list \<sigma> (permute_list (fun_inv \<sigma>) y)"
+ by (simp add: y_def)
+ have 2: "length y = n"
+ using y_def A assms cartesian_power_car_memE
+ by blast
+ have 3: "\<sigma> permutes {..<length y}"
+ by (simp add: "2" assms)
+ have 4: "permute_list \<sigma> x = y"
+ using assms(2) permute_list_id[of y] permute_list_compose[of \<sigma> y "(fun_inv \<sigma>)" ]
+ 3 2 1 0 permutes_inv_o(2)[of \<sigma> "{..< n}"]
+ unfolding fun_inv_def
+ by metis
+ have 5: "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ using A 0 assms
+ apply (metis "2" "4" length_permute_list)
+ using A 0 assms
+ by (smt "2" in_set_conv_nth neq0_conv poly_tuple_evalE pushforward_by_pvar_list
+ pvar_list_is_poly_tuple pvar_list_length set_permute_list subset_iff y_def)
+ then have 6: "poly_tuple_eval (permute_list \<sigma> (pvar_list R n)) x = y"
+ using 4 assms pushforward_by_permuted_pvar_list[of \<sigma> n x]
+ by blast
+ then show "x \<in> poly_tuple_pullback n S (permute_list \<sigma> (pvar_list R n))"
+ using 5 y_def unfolding poly_tuple_pullback_def
+ by blast
+ qed
+qed
+
+lemma pullback_by_permutation_of_poly_list':
+ assumes "\<sigma> permutes {..< n}"
+ assumes "S \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ shows "poly_tuple_pullback n S (permute_list (fun_inv \<sigma>) (pvar_list R n)) =
+ permute_list \<sigma> ` S"
+proof-
+ have 0: "(fun_inv (fun_inv \<sigma>)) = \<sigma>"
+ using assms unfolding fun_inv_def
+ using permutes_inv_inv
+ by blast
+ have 1: "fun_inv \<sigma> permutes {..<n}"
+ unfolding fun_inv_def
+ using assms permutes_inv by blast
+ then show ?thesis using 0 assms pullback_by_permutation_of_poly_list[of "fun_inv \<sigma>" n S]
+ by presburger
+qed
+
+
+ (**********************************************************************)
+ (**********************************************************************)
+ subsection\<open>Composing Polynomial Tuples With Polynomials\<close>
+ (**********************************************************************)
+ (**********************************************************************)
+
+text\<open>composition of a multivaribale polynomial by a list of polynomials\<close>
+
+definition poly_compose ::
+ "nat \<Rightarrow> nat \<Rightarrow> ('a, nat) mvar_poly list \<Rightarrow> ('a, nat) mvar_poly \<Rightarrow> ('a, nat) mvar_poly" where
+"poly_compose n m fs = indexed_poly_induced_morphism {..<n} (coord_ring R m) (\<lambda> s. R.indexed_const s) (\<lambda>i. fs!i) "
+
+lemma poly_compose_var:
+ assumes "is_poly_tuple m fs"
+ assumes "length fs = n"
+ assumes "j < n"
+ shows "poly_compose n m fs (pvar R j) = (fs!j)"
+proof-
+ have 0: "cring (coord_ring R m)"
+ using R.Pring_is_cring R.is_cring
+ unfolding coord_ring_def by blast
+ have 1: "(!) fs \<in> {..<n} \<rightarrow> carrier (coord_ring R m)"
+ using assms is_poly_tuple_def
+ by auto
+ have 2: "ring_hom_ring R (coord_ring R m) coord_const"
+ using indexed_const_ring_hom coord_const_ring_hom by blast
+ have "\<forall>i\<in>{..<n}. indexed_poly_induced_morphism {..<n} (coord_ring R m) coord_const ((!) fs) (mset_to_IP R {#i#}) = fs ! i"
+ using assms 0 1 2 R.Pring_universal_prop(2)[of "(coord_ring R m)" "(\<lambda>i. fs!i)" "{..<n}" "(\<lambda> s. R.indexed_const s)" "poly_compose n m fs"]
+ poly_compose_def
+ by (metis var_to_IP_def)
+ then show ?thesis
+ using assms
+ unfolding poly_compose_def var_to_IP_def
+ by blast
+qed
+
+lemma Pring_universal_prop_assms:
+ assumes "is_poly_tuple m fs"
+ assumes "length fs = n"
+ shows "(\<lambda>i. fs!i) \<in> {..<n} \<rightarrow> carrier (coord_ring R m)"
+ "ring_hom_ring R (coord_ring R m) coord_const"
+proof
+ show "\<And>x. x \<in> {..<n} \<Longrightarrow> fs ! x \<in> carrier (coord_ring R m)"
+ using assms is_poly_tupleE by blast
+ show "ring_hom_ring R (coord_ring R m) coord_const"
+ using R.indexed_const_ring_hom coord_const_ring_hom by blast
+qed
+
+lemma poly_compose_ring_hom:
+ assumes "is_poly_tuple m fs"
+ assumes "length fs = n"
+ shows "(ring_hom_ring (R[\<X>\<^bsub>n\<^esub>]) (coord_ring R m) (poly_compose n m fs))"
+ using Pring_universal_prop_assms[of n fs] assms
+ R.Pring_universal_prop(1)[of "(coord_ring R m)" "(\<lambda>i. fs!i)" "{..<n}" coord_const "(poly_compose n m fs)"]
+ unfolding poly_compose_def
+ using R.Pring_is_cring R.is_cring
+ by (metis Pi_I Pring_universal_prop_assms(2) coord_ring_def is_poly_tupleE lessThan_iff)
+
+lemma poly_compose_closed:
+ assumes "is_poly_tuple m fs"
+ assumes "length fs = n"
+ assumes "f \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "(poly_compose n m fs f) \<in> carrier (coord_ring R m)"
+proof-
+ have "poly_compose n m fs \<in> carrier (R[\<X>\<^bsub>n\<^esub>]) \<rightarrow> carrier (R [\<X>\<^bsub>m\<^esub>])"
+ using poly_compose_ring_hom[of m fs n] assms
+ unfolding ring_hom_ring_def ring_hom_ring_axioms_def ring_hom_def
+ by blast
+ then show ?thesis using assms by blast
+qed
+
+lemma poly_compose_add:
+ assumes "is_poly_tuple m fs"
+ assumes "length fs = n"
+ assumes "f \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "g \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "poly_compose n m fs (f \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> g) = (poly_compose n m fs f) \<oplus>\<^bsub>coord_ring R m\<^esub> (poly_compose n m fs g)"
+ using assms poly_compose_ring_hom ring_hom_add
+ by (metis (mono_tags, lifting) ring_hom_ring.homh)
+
+lemma poly_compose_mult:
+ assumes "is_poly_tuple m fs"
+ assumes "length fs = n"
+ assumes "f \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "g \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "poly_compose n m fs (f \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> g) = (poly_compose n m fs f) \<otimes>\<^bsub>coord_ring R m\<^esub> (poly_compose n m fs g)"
+ using assms poly_compose_ring_hom ring_hom_mult
+ by (metis (mono_tags, lifting) ring_hom_ring.homh)
+
+lemma poly_compose_indexed_pmult:
+ assumes "is_poly_tuple m fs"
+ assumes "length fs = n"
+ assumes "f \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "i < n"
+ shows "poly_compose n m fs (f \<Otimes> i) = (poly_compose n m fs f) \<otimes>\<^bsub>coord_ring R m\<^esub> (fs!i)"
+proof-
+ have "(f \<Otimes> i) = f \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> pvar R i"
+ using assms pvar_indexed_pmult
+ by blast
+ then show ?thesis using poly_compose_mult poly_compose_var assms
+ by (metis pvar_closed)
+qed
+
+lemma poly_compose_const:
+ assumes "is_poly_tuple m fs"
+ assumes "length fs = n"
+ assumes "a \<in> carrier R"
+ shows "poly_compose n m fs (coord_const a) = coord_const a"
+ using R.Pring_universal_prop(3)[of "(coord_ring R m)" "(\<lambda>i. fs!i)" "{..<n}" coord_const "(poly_compose n m fs)"]
+ Pring_universal_prop_assms assms
+ unfolding poly_compose_def
+ using R.Pring_is_cring coord_cring_cring by blast
+
+text\<open>evaluating polynomial compositions\<close>
+
+lemma poly_compose_eval:
+ assumes "is_poly_tuple m fs"
+ assumes "length fs = n"
+ assumes "f \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "as \<in> carrier (R\<^bsup>m\<^esup>)"
+ shows "eval_at_point R (poly_tuple_eval fs as) f = eval_at_point R as (poly_compose n m fs f)"
+ apply(rule R.indexed_pset.induct[of f "{..<n}" "carrier R"])
+ using R.Pring_car assms
+ apply (metis coord_ring_def)
+proof-
+ show "\<And>k. k \<in> carrier R \<Longrightarrow> eval_at_poly R (coord_const k) (poly_tuple_eval fs as) = eval_at_poly R (poly_compose n m fs (coord_const k)) as"
+ using assms
+ by (metis (no_types, lifting) eval_at_point_factored poly_compose_const R.total_eval_const)
+ show " \<And>p Q. p \<in> Pring_set R {..<n} \<Longrightarrow>
+ eval_at_poly R p (poly_tuple_eval fs as) = eval_at_poly R (poly_compose n m fs p) as \<Longrightarrow>
+ Q \<in> Pring_set R {..<n} \<Longrightarrow>
+ eval_at_poly R Q (poly_tuple_eval fs as) = eval_at_poly R (poly_compose n m fs Q) as \<Longrightarrow>
+ eval_at_poly R (p \<Oplus> Q) (poly_tuple_eval fs as) = eval_at_poly R (poly_compose n m fs (p \<Oplus> Q)) as"
+ proof-
+ fix p Q
+ assume A0: "p \<in> Pring_set R {..<n}"
+ assume A1: "eval_at_poly R p (poly_tuple_eval fs as) = eval_at_poly R (poly_compose n m fs p) as"
+ assume A2: "Q \<in> Pring_set R {..<n}"
+ assume A3: " eval_at_poly R Q (poly_tuple_eval fs as) = eval_at_poly R (poly_compose n m fs Q) as"
+ have A4: "eval_at_poly R (p \<Oplus> Q) (poly_tuple_eval fs as) = eval_at_poly R p (poly_tuple_eval fs as) \<oplus> eval_at_poly R Q (poly_tuple_eval fs as)"
+ using A0 A1 A2 A3
+ eval_at_point_add[of "(poly_tuple_eval fs as)" n p Q]
+ by (metis R.Pring_add R.Pring_car assms(2) assms(3) assms(4) assms coord_ring_def neq0_conv poly_tuple_eval_closed)
+ have A5: "poly_compose n m fs (p \<Oplus> Q) = poly_compose n m fs p \<oplus>\<^bsub>coord_ring R m\<^esub> poly_compose n m fs Q"
+ using assms poly_compose_add
+ by (metis A0 A2 R.Pring_add R.Pring_car coord_ring_def)
+ have A6: " eval_at_poly R (poly_compose n m fs (p \<Oplus> Q)) as = eval_at_poly R (poly_compose n m fs p) as \<oplus> eval_at_poly R (poly_compose n m fs Q) as"
+ proof-
+ have 0: " as \<in> carrier (R\<^bsup>m\<^esup>)"
+ by (simp add: assms)
+ have 1: "poly_compose n m fs p \<in> carrier (coord_ring R m)"
+ using A0 R.Pring_car assms(1) assms(2) assms(3) assms(4) poly_compose_closed
+ by (metis coord_ring_def)
+ have 2: "poly_compose n m fs Q \<in> carrier (coord_ring R m)"
+ using A2 R.Pring_car assms(1) assms(2) assms(3) assms(4) poly_compose_closed
+ by (metis coord_ring_def)
+ show ?thesis
+ using 0 1 2 eval_at_point_add[of as m "(poly_compose n m fs p)" "(poly_compose n m fs Q)"]
+ A5
+ by presburger
+ qed
+ show "eval_at_poly R (p \<Oplus> Q) (poly_tuple_eval fs as) = eval_at_poly R (poly_compose n m fs (p \<Oplus> Q)) as"
+ using A5 A6 A3 A1 A4
+ by presburger
+ qed
+ show "\<And>p i. p \<in> Pring_set R {..<n} \<Longrightarrow>
+ eval_at_poly R p (poly_tuple_eval fs as) = eval_at_poly R (poly_compose n m fs p) as \<Longrightarrow>
+ i \<in> {..<n} \<Longrightarrow> eval_at_poly R (p \<Otimes> i) (poly_tuple_eval fs as) = eval_at_poly R (poly_compose n m fs (p \<Otimes> i)) as"
+ using assms poly_compose_indexed_pmult eval_at_point_indexed_pmult
+ by (smt R.Pring_car coord_ring_def eval_at_point_mult is_poly_tupleE lessThan_iff neq0_conv poly_compose_closed poly_tuple_evalE'' poly_tuple_eval_closed)
+qed
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Extensional Polynomial Maps\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>Polynomial Maps between powers of a ring\<close>
+
+definition poly_map :: "nat \<Rightarrow> ('a, nat) mvar_poly list \<Rightarrow> 'a list \<Rightarrow> 'a list" where
+"poly_map n fs = (\<lambda>a \<in> carrier (R\<^bsup>n\<^esup>). poly_tuple_eval fs a)"
+
+lemma poly_map_is_struct_map:
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = m"
+ shows "poly_map n fs \<in> struct_maps (R\<^bsup>n\<^esup>) (R\<^bsup>m\<^esup>)"
+ apply(rule struct_maps_memI)
+ unfolding poly_map_def using assms
+ apply (metis poly_tuple_eval_closed restrict_apply')
+ by (meson restrict_apply)
+
+lemma poly_map_closed:
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = m"
+ assumes "as \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "poly_map n fs as \<in> carrier (R\<^bsup>m\<^esup>)"
+ using assms
+ by (meson poly_map_is_struct_map struct_maps_memE(1))
+
+definition poly_maps :: "nat \<Rightarrow> nat \<Rightarrow> ('a list \<Rightarrow> 'a list) set" where
+"poly_maps n m = {F. (\<exists> fs. length fs = m \<and> is_poly_tuple n fs \<and> F = poly_map n fs)}"
+
+lemma poly_maps_memE:
+ assumes "F \<in> poly_maps n m"
+ obtains fs where "length fs = m \<and> is_poly_tuple n fs \<and> F = poly_map n fs"
+ using assms unfolding poly_maps_def by blast
+
+lemma poly_maps_memI:
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = m"
+ assumes "F = poly_map n fs"
+ shows "F \<in> poly_maps n m"
+ using assms unfolding poly_maps_def by blast
+
+lemma poly_map_compose_closed:
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = m"
+ assumes "is_poly_tuple k gs"
+ assumes "length gs = n"
+ shows "is_poly_tuple k (map (poly_compose n k gs) fs)"
+ unfolding is_poly_tuple_def
+proof fix y assume A: "y \<in> set (map (poly_compose n k gs) fs)"
+ then obtain f where f_def: "f \<in> set fs \<and> y = poly_compose n k gs f"
+ by (smt in_set_conv_nth length_map nth_map)
+ then show "y \<in> carrier (coord_ring R k)"
+ using assms poly_compose_closed
+ by (metis in_set_conv_nth is_poly_tupleE )
+qed
+
+lemma poly_map_compose_closed':
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = m"
+ assumes "is_poly_tuple k gs"
+ assumes "length gs = n"
+ shows "poly_map k (map (poly_compose n k gs) fs) \<in> poly_maps k m"
+ apply(rule poly_maps_memI[of _ "map (poly_compose n k gs) fs"])
+ using poly_map_compose_closed[of n fs m k gs] assms apply blast
+ apply (simp add: assms)
+ by auto
+
+lemma poly_map_pullback_char:
+ assumes "is_poly_tuple n fs"
+ assumes "length fs = m"
+ assumes "is_poly_tuple k gs"
+ assumes "length gs = n"
+ shows "(pullback (R\<^bsup>k\<^esup>) (poly_map k gs) (poly_map n fs)) =
+ poly_map k (map (poly_compose n k gs) fs)"
+proof(rule ext)
+ fix x
+ show "pullback (R\<^bsup>k\<^esup>) (poly_map k gs) (poly_map n fs) x =
+ poly_map k (map (poly_compose n k gs) fs) x"
+ proof(cases "x \<in> carrier (R\<^bsup>k\<^esup>)")
+ case True
+ have 0: "length (pullback (R\<^bsup>k\<^esup>) (poly_map k gs) (poly_map n fs) x) = m"
+ using True assms poly_map_closed cartesian_power_car_memE
+ unfolding pullback_def
+ by (metis (mono_tags, lifting) compose_eq)
+ have 1: "is_poly_tuple k (map (poly_compose n k gs) fs)"
+ by (simp add: assms poly_map_compose_closed)
+ have 2: "length (map (poly_compose n k gs) fs) = m"
+ using assms length_map by auto
+ have 3: "\<And>i. i < m \<Longrightarrow>
+ (pullback (R\<^bsup>k\<^esup>) (poly_map k gs) (poly_map n fs) x)! i =
+ eval_at_point R (poly_map k gs x) (fs ! i)"
+ unfolding pullback_def poly_map_def poly_tuple_eval_def
+ using assms True
+ by (smt compose_eq nth_map poly_tuple_eval_closed poly_tuple_eval_def restrict_apply')
+ have 4: "\<And>i. i < m \<Longrightarrow>
+ poly_map k (map (poly_compose n k gs) fs) x ! i =
+ eval_at_point R (poly_map k gs x) (fs ! i)"
+ unfolding poly_map_def poly_tuple_eval_def using True assms
+ by (smt "2" cring_coord_rings.is_poly_tuple_def cring_coord_rings_axioms neq0_conv
+ nth_map nth_mem poly_compose_eval poly_tuple_eval_def restrict_apply' subset_code(1))
+ show ?thesis using 0 1 2 3 4 assms True
+ by (metis cartesian_power_car_memE nth_equalityI poly_map_closed)
+ next
+ case False
+ then show ?thesis
+ unfolding poly_map_def pullback_def
+ by (metis affine_alg_set_empty compose_extensional extensional_restrict poly_map_def restrict_def)
+ qed
+qed
+
+lemma poly_map_pullback_closed:
+ assumes "F \<in> poly_maps n m"
+ assumes "G \<in> poly_maps k n"
+ shows "(pullback (R\<^bsup>k\<^esup>) G F) \<in> poly_maps k m"
+ by (metis assms poly_map_compose_closed'
+ poly_map_pullback_char poly_maps_memE)
+
+lemma poly_map_cons:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "poly_map n (f#fs) a = (eval_at_point R a f)#poly_map n fs a"
+ unfolding poly_map_def poly_tuple_eval_def
+ by (metis (mono_tags, lifting) assms list.simps(9) restrict_apply')
+
+lemma poly_map_append:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "poly_map n (fs@gs) a = (poly_map n fs a) @ (poly_map n gs a)"
+proof(induction fs)
+ case Nil
+ then show ?case
+ using assms unfolding poly_map_def poly_tuple_eval_def
+ by (metis (no_types, lifting) map_append restrict_apply')
+next
+ case (Cons f fs)
+ have "poly_map n ((f # fs) @ gs) a = (eval_at_point R a f)#(poly_map n (fs@gs) a)"
+ using poly_map_cons
+ by (metis append_Cons assms)
+ hence "poly_map n ((f # fs) @ gs) a = (eval_at_point R a f)#(poly_map n fs a)@(poly_map n gs a)"
+ using Cons.IH by metis
+ thus ?case
+ by (metis Cons_eq_appendI assms poly_map_cons)
+qed
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+section\<open>Nesting of Polynomial Rings\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+lemma poly_ring_car_mono:
+ assumes "n \<le> m"
+ shows "carrier (R[\<X>\<^bsub>n\<^esub>]) \<subseteq> carrier (coord_ring R m)"
+ using R.Pring_carrier_subset
+ unfolding coord_ring_def
+ by (simp add: R.Pring_car R.Pring_carrier_subset assms)
+
+lemma poly_ring_car_mono'[simp]:
+ shows "carrier (R[\<X>\<^bsub>n\<^esub>]) \<subseteq> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ "carrier (R[\<X>\<^bsub>n\<^esub>]) \<subseteq> carrier (R[\<X>\<^bsub>n+m\<^esub>])"
+ using poly_ring_car_mono
+ apply simp
+ using poly_ring_car_mono
+ by simp
+
+lemma poly_ring_add_mono:
+ assumes "n \<le> m"
+ assumes "A \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "B \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "A \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> B = A \<oplus>\<^bsub>coord_ring R m\<^esub> B"
+ using assms unfolding coord_ring_def
+ by (metis R.Pring_add_eq)
+
+lemma poly_ring_add_mono':
+ assumes "A \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "B \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "A \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> B = A \<oplus>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub> B"
+ "A \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> B = A \<oplus>\<^bsub>R[\<X>\<^bsub>n+m\<^esub>]\<^esub> B"
+ using assms unfolding coord_ring_def
+ apply (metis R.Pring_add_eq)
+ by (metis R.Pring_add_eq)
+
+lemma poly_ring_times_mono:
+ assumes "n \<le> m"
+ assumes "A \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "B \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "A \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> B = A \<otimes>\<^bsub>coord_ring R m\<^esub> B"
+ using assms unfolding coord_ring_def
+ by (metis R.Pring_mult_eq)
+
+lemma poly_ring_times_mono':
+ assumes "A \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "B \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "A \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> B = A \<otimes>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub> B"
+ "A \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> B = A \<otimes>\<^bsub>R[\<X>\<^bsub>n+m\<^esub>]\<^esub> B"
+ using assms unfolding coord_ring_def
+ apply (metis R.Pring_mult_eq)
+ by (metis R.Pring_mult_eq)
+
+lemma poly_ring_one_mono:
+ assumes "n \<le> m"
+ shows "\<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> = \<one>\<^bsub>coord_ring R m\<^esub>"
+ by (metis R.Pring_one coord_ring_def)
+
+lemma poly_ring_zero_mono:
+ assumes "n \<le> m"
+ shows "\<zero>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> = \<zero>\<^bsub>coord_ring R m\<^esub>"
+ using R.Pring_zero_eq
+ by (metis coord_ring_def)
+
+text\<open>replacing the variables in a polynomial with new variables\<close>
+
+definition shift_vars :: "nat \<Rightarrow> nat \<Rightarrow> ('a, nat) mvar_poly \<Rightarrow> ('a, nat) mvar_poly" where
+"shift_vars n m p = indexed_poly_induced_morphism {..<n} (R[\<X>\<^bsub>n+m\<^esub>]) coord_const (\<lambda>i. pvar R (i + m)) p"
+
+lemma shift_vars_char:
+ shows "(ring_hom_ring (R[\<X>\<^bsub>n\<^esub>]) (R[\<X>\<^bsub>n+m\<^esub>]) (shift_vars n m))"
+ "(\<forall>i \<in> {..<n}. (shift_vars n m) (pvar R i) = pvar R (i + m))"
+ "(\<forall>a \<in> carrier R. (shift_vars n m) (R.indexed_const a) = (coord_const a))"
+proof-
+ have 1: "(\<lambda>i. pvar R (i + m)) \<in> {..<n} \<rightarrow> carrier (R[\<X>\<^bsub>n+m\<^esub>])"
+ proof fix x
+ assume "x \<in> {..<n}"
+ then have "x + m < n + m"
+ using add_less_mono1 by blast
+ then show "pvar R (x + m) \<in> carrier (R[\<X>\<^bsub>n+m\<^esub>])"
+ using pvar_closed by blast
+ qed
+ have 2: "ring_hom_ring R (R[\<X>\<^bsub>n+m\<^esub>]) coord_const"
+ using R.indexed_const_ring_hom unfolding coord_ring_def
+ by blast
+ have 3: "shift_vars n m = indexed_poly_induced_morphism {..<n} (R[\<X>\<^bsub>n+m\<^esub>]) coord_const (\<lambda>i. pvar R (i + m))"
+ unfolding shift_vars_def
+ by blast
+ show "(ring_hom_ring (R[\<X>\<^bsub>n\<^esub>]) (R[\<X>\<^bsub>n+m\<^esub>]) (shift_vars n m))"
+ using 1 2 3 R.Pring_universal_prop[of "(R[\<X>\<^bsub>n+m\<^esub>])" "(\<lambda>i. pvar R (i + m))" "{..<n}" "coord_const" "(shift_vars n m)"]
+ using MP.is_cring by (metis coord_ring_def)
+ show "(\<forall>i \<in> {..<n}. (shift_vars n m) (pvar R i) = pvar R (i + m))"
+ using 1 2 3 R.Pring_universal_prop[of "(R[\<X>\<^bsub>n+m\<^esub>])" "(\<lambda>i. pvar R (i + m))" "{..<n}" "coord_const" "(shift_vars n m)"]
+ by (metis R.Pring_is_cring MP.is_cring var_to_IP_def)
+ show "(\<forall>a \<in> carrier R. (shift_vars n m) (R.indexed_const a) = (coord_const a))"
+ using 1 2 3 R.Pring_universal_prop[of "(R[\<X>\<^bsub>n+m\<^esub>])" "(\<lambda>i. pvar R (i + m))" "{..<n}" "coord_const" "(shift_vars n m)"]
+ by (meson MP.is_cring)
+qed
+
+lemma shift_vars_constant:
+ assumes "a \<in> carrier R"
+ shows "shift_vars n m (coord_const a) = coord_const a"
+ using assms(1) shift_vars_char(3) by blast
+
+lemma shift_vars_pvar:
+ assumes "i \<in> {..<n}"
+ shows "shift_vars n m (pvar R i) = pvar R (i + m)"
+ using assms shift_vars_char(2) by blast
+
+lemma shift_vars_add:
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "Q \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "shift_vars n m (p \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> Q) = shift_vars n m p \<oplus>\<^bsub>R[\<X>\<^bsub>n+m\<^esub>]\<^esub> shift_vars n m Q"
+ using assms shift_vars_char(1)[of n m]
+ unfolding ring_hom_ring_def ring_hom_ring_axioms_def
+ using ring_hom_add
+ by (metis (no_types, lifting))
+
+lemma shift_vars_mult:
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "Q \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "shift_vars n m (p \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> Q) = shift_vars n m p \<otimes>\<^bsub>R[\<X>\<^bsub>n+m\<^esub>]\<^esub> shift_vars n m Q"
+ using assms shift_vars_char(1)[of n m]
+ unfolding ring_hom_ring_def ring_hom_ring_axioms_def unfolding coord_ring_def
+ using ring_hom_mult
+ by metis
+
+lemma shift_vars_indexed_pmult:
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "i \<in> {..<n}"
+ shows "shift_vars n m (p \<Otimes> i) = (shift_vars n m p) \<otimes>\<^bsub>R[\<X>\<^bsub>n+m\<^esub>]\<^esub> (pvar R (i + m))"
+proof-
+ have "(p \<Otimes> i) = p \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> (pvar R i)"
+ using assms pvar_indexed_pmult by blast
+ then show ?thesis
+ using shift_vars_mult shift_vars_pvar assms unfolding coord_ring_def
+ by (metis R.Pring_var_closed)
+qed
+
+lemma shift_vars_closed:
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "shift_vars n m p \<in> carrier (R[\<X>\<^bsub>n+m\<^esub>])"
+ using assms shift_vars_char(1)[of n m] ring_hom_closed[of "shift_vars n m"]
+ unfolding ring_hom_ring_def ring_hom_ring_axioms_def
+ by blast
+
+lemma shift_vars_eval:
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "a \<in> carrier (R\<^bsup>m\<^esup>)"
+ assumes "b \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "eval_at_point R (a@b) (shift_vars n m p) = eval_at_point R b p"
+ apply(rule R.indexed_pset.induct[of p "{..<n}" "carrier R"])
+ using R.Pring_car assms apply (metis coord_ring_def)
+proof-
+ show "\<And>k. k \<in> carrier R \<Longrightarrow> eval_at_poly R (shift_vars n m (coord_const k)) (a @ b) = eval_at_poly R (coord_const k) b"
+ proof-
+ fix k
+ have 0: "(a @ b) \<in> carrier (R\<^bsup>n + m\<^esup>)"
+ using assms
+ by (metis add.commute cartesian_product_closed')
+ assume A: "k \<in> carrier R"
+ then show "eval_at_poly R (shift_vars n m (coord_const k)) (a @ b) = eval_at_poly R (coord_const k) b"
+ using assms shift_vars_constant
+ eval_at_point_const[of k "(a @ b)" "m + n"]
+ eval_at_point_const[of k "b" n] 0
+ by (metis eval_at_point_const)
+ qed
+ show "\<And>p Q. p \<in> Pring_set R {..<n} \<Longrightarrow>
+ eval_at_poly R (shift_vars n m p) (a @ b) = eval_at_poly R p b \<Longrightarrow>
+ Q \<in> Pring_set R {..<n} \<Longrightarrow>
+ eval_at_poly R (shift_vars n m Q) (a @ b) = eval_at_poly R Q b \<Longrightarrow>
+ eval_at_poly R (shift_vars n m (p \<Oplus> Q)) (a @ b) = eval_at_poly R (p \<Oplus> Q) b"
+ proof- fix p Q
+ assume A0: " p \<in> Pring_set R {..<n}"
+ assume A1: "eval_at_poly R (shift_vars n m p) (a @ b) = eval_at_poly R p b"
+ assume A2: "Q \<in> Pring_set R {..<n}"
+ assume A3: "eval_at_poly R (shift_vars n m Q) (a @ b) = eval_at_poly R Q b"
+ have A4: "eval_at_poly R (p \<Oplus> Q) b = eval_at_poly R p b \<oplus> eval_at_poly R Q b"
+ using A0 A2 assms eval_at_point_add[of b n p Q]
+ by (metis R.Pring_add R.Pring_car coord_ring_def)
+ have A5: "(shift_vars n m (p \<Oplus> Q)) = (shift_vars n m p) \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> (shift_vars n m Q)"
+ using A0 A2 R.Pring_add R.Pring_car assms(1) shift_vars_add unfolding coord_ring_def
+ by metis
+ have A6: " eval_at_poly R (shift_vars n m (p \<Oplus> Q)) (a @ b) =
+ eval_at_poly R (shift_vars n m p) (a @ b) \<oplus> eval_at_poly R (shift_vars n m Q) (a @ b) "
+ using A5 eval_at_point_add shift_vars_closed A0 A2 R.Pring_car add.commute
+ assms unfolding coord_ring_def
+ by (metis R.Pring_add cartesian_power_concat(1))
+ have A7: " eval_at_poly R (shift_vars n m (p \<Oplus> Q)) (a @ b) =
+ eval_at_poly R p b \<oplus> eval_at_poly R Q b "
+ using A6 A1 A3 by presburger
+ then show " eval_at_poly R (shift_vars n m (p \<Oplus> Q)) (a @ b) = eval_at_poly R (p \<Oplus> Q) b "
+ using A4
+ by presburger
+ qed
+ show "\<And>p i. p \<in> Pring_set R {..<n} \<Longrightarrow>
+ eval_at_poly R (shift_vars n m p) (a @ b) = eval_at_poly R p b \<Longrightarrow>
+ i \<in> {..<n} \<Longrightarrow> eval_at_poly R (shift_vars n m (p \<Otimes> i)) (a @ b) = eval_at_poly R (p \<Otimes> i) b"
+ proof- fix p i
+ assume A0: "p \<in> Pring_set R {..<n}"
+ then have A0': "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using R.Pring_car unfolding coord_ring_def
+ by blast
+ assume A1: " eval_at_poly R (shift_vars n m p) (a @ b) = eval_at_poly R p b"
+ assume A2: "i \<in> {..<n}"
+ have A3: "(shift_vars n m (p \<Otimes> i)) = (shift_vars n m p) \<otimes>\<^bsub>R[\<X>\<^bsub>n+m\<^esub>]\<^esub> (pvar R (i + m))"
+ using A0' shift_vars_indexed_pmult A2 assms(1)
+ by blast
+ have A4: "eval_at_poly R (shift_vars n m (p \<Otimes> i)) (a @ b) =
+ eval_at_poly R ( (shift_vars n m p) \<otimes>\<^bsub>R[\<X>\<^bsub>n+m\<^esub>]\<^esub> (pvar R (i + m))) (a@b)"
+ using A3
+ by presburger
+ have A5: "a@b \<in> carrier (R\<^bsup>n+m\<^esup>)"
+ using assms(2) assms(3) cartesian_power_concat(2) by blast
+ have A6: "eval_at_poly R (shift_vars n m (p \<Otimes> i)) (a @ b) =
+ eval_at_poly R p b \<otimes> eval_at_poly R (pvar R (i + m)) (a @ b)"
+ using A5 A0' eval_at_point_mult[of "a@b" "n+m" "shift_vars n m p" "pvar R (i + m)"]
+ unfolding A4 by (metis A1 A2 Groups.add_ac(2) lessThan_iff local.pvar_closed nat_add_left_cancel_less shift_vars_closed)
+ have A7: " eval_at_poly R (pvar R (i + m)) (a @ b) = (a@b)!(i+m)"
+ proof-
+ have "i < n"
+ using assms A2 by blast
+ then have "i + m < n + m "
+ using add_less_cancel_right
+ by blast
+ then show ?thesis
+ using A5 eval_pvar[of "i+m" "n+m" "a@b"]
+ by blast
+ qed
+ then have A8: "eval_at_poly R (shift_vars n m (p \<Otimes> i)) (a @ b) = eval_at_poly R p b \<otimes> ((a @ b)!(i+m))"
+ using A6 by presburger
+ have A9: "eval_at_poly R (shift_vars n m (p \<Otimes> i)) (a @ b) = eval_at_poly R p b \<otimes> (b!i)"
+ proof-
+ have "length a = m"
+ using assms cartesian_power_car_memE by blast
+ then have "(a @ b)!(i+m) = b!i"
+ by (metis add.commute nth_append_length_plus)
+ then show ?thesis
+ using A8
+ by presburger
+ qed
+ show " eval_at_poly R (shift_vars n m (p \<Otimes> i)) (a @ b) = eval_at_poly R (p \<Otimes> i) b"
+ proof-
+ have "i < n"
+ using A2 assms
+ by blast
+ then have "eval_at_poly R (p \<Otimes> i) b = eval_at_poly R p b \<otimes> (b!i)"
+ using assms A0' eval_at_point_indexed_pmult
+ by blast
+ then show ?thesis using A9
+ by presburger
+ qed
+ qed
+qed
+
+
+text\<open>Evaluating a polynomial from a lower poly ring in a higher power:\<close>
+
+lemma poly_eval_cartesian_prod:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "b \<in> carrier (R\<^bsup>m\<^esup>)"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "eval_at_point R a p = eval_at_point R (a@b) p"
+ apply(rule coord_ring_induct[of p n])
+ using assms apply blast
+proof-
+ have 0: "a@b \<in> carrier (R\<^bsup>n + m\<^esup>)"
+ using assms cartesian_product_closed' by blast
+ show "\<And>aa. aa \<in> carrier R \<Longrightarrow> eval_at_poly R (coord_const aa) a = eval_at_poly R (coord_const aa) (a @ b)"
+ proof- fix c assume "c \<in> carrier R"
+ show "eval_at_poly R (coord_const c) a = eval_at_poly R (coord_const c) (a @ b)"
+ using eval_at_point_const[of c a n] eval_at_point_const[of c "a@b" "n+m"] 0
+ \<open>c \<in> carrier R\<close> assms(2) assms(1) by presburger
+ qed
+ show "\<And>i Q. Q \<in> carrier (R[\<X>\<^bsub>n\<^esub>]) \<Longrightarrow>
+ eval_at_poly R Q a = eval_at_poly R Q (a @ b) \<Longrightarrow>
+ i < n \<Longrightarrow> eval_at_poly R (Q \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> pvar R i) a = eval_at_poly R (Q \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> pvar R i) (a @ b)"
+ proof-
+ fix i Q
+ assume A0: "Q \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assume A1: "eval_at_poly R Q a = eval_at_poly R Q (a @ b)"
+ assume A2: "i < n"
+ have LHS: "eval_at_poly R (Q \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> pvar R i) a = eval_at_poly R Q a \<otimes> (a!i)"
+ by (metis A0 A2 assms eval_at_point_indexed_pmult pvar_indexed_pmult)
+ have RHS: "eval_at_poly R (Q \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> pvar R i) (a @ b) = eval_at_poly R Q (a@b) \<otimes> ((a@b)!i)"
+ by (smt "0" A0 A2 add.commute eval_at_point_indexed_pmult le_add1 poly_ring_car_mono
+ pvar_indexed_pmult subsetD trans_less_add2)
+ show "eval_at_poly R (Q \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> pvar R i) a = eval_at_poly R (Q \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> pvar R i) (a @ b)"
+ proof-
+ have "length a > i" using A2 assms
+ using cartesian_power_car_memE by blast
+ then have "a!i = (a@b)!i"
+ by (metis nth_append)
+ then show ?thesis
+ using LHS RHS A1
+ by presburger
+ qed
+ qed
+ show "\<And>Q0 Q1.
+ Q0 \<in> carrier (R[\<X>\<^bsub>n\<^esub>]) \<Longrightarrow>
+ Q1 \<in> carrier (R[\<X>\<^bsub>n\<^esub>]) \<Longrightarrow>
+ eval_at_poly R Q0 a = eval_at_poly R Q0 (a @ b) \<Longrightarrow>
+ eval_at_poly R Q1 a = eval_at_poly R Q1 (a @ b) \<Longrightarrow>
+ eval_at_poly R (Q0 \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> Q1) a = eval_at_poly R (Q0 \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> Q1) (a @ b)"
+ proof-
+ fix Q0 Q1
+ assume A0: "eval_at_poly R Q0 a = eval_at_poly R Q0 (a @ b)"
+ assume A1: "eval_at_poly R Q1 a = eval_at_poly R Q1 (a @ b)"
+ assume A2: "Q0 \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assume A3: "Q1 \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ show "eval_at_poly R (Q0 \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> Q1) a = eval_at_poly R (Q0 \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> Q1) (a @ b)"
+ using A0 A1 A2 A3 assms eval_at_point_add[of _ n Q0 Q1] 0 unfolding coord_ring_def
+ by (metis (no_types, lifting) R.Pring_add_eq basic_trans_rules(31) coord_ring_def eval_at_point_add le_add1 poly_ring_car_mono)
+ qed
+qed
+
+text\<open>Evaluating polynomials at points in higher powers:\<close>
+
+lemma eval_at_points_higher_pow:
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "k \<ge> n"
+ assumes "a \<in> carrier (R\<^bsup>k\<^esup>)"
+ shows "eval_at_point R a p = eval_at_point R (take n a) p"
+ using poly_eval_cartesian_prod[of "take n a" n "drop n a" "k - n" p] assms
+ by (metis (no_types, lifting) append_take_drop_id cartesian_power_car_memE cartesian_power_car_memE''
+ cartesian_power_car_memI length_drop set_drop_subset subset_trans take_closed)
+
+
+subsection\<open> Diagonal sets in even powers of \<open>R\<close>\<close>
+
+text\<open>
+ In this section, by a diagonal set in $R^(2m)$ we will mean the set of points $(x,x)$,
+ where $x \in R^m$. This is slightly different from the standard definition. Introducing these
+ sets will be useful for reasoning about multiplicative inverses of functions later on.
+\<close>
+
+definition diagonal :: "nat \<Rightarrow> 'a list set" where
+"diagonal m = {x \<in> carrier (R\<^bsup>m+m\<^esup>). take m x = drop m x}"
+
+lemma diagonalE:
+ assumes "x \<in> diagonal m"
+ shows "x = (take m x)@(take m x)"
+ "x \<in> carrier (R\<^bsup>m+m\<^esup>)"
+ "take m x \<in> carrier (R\<^bsup>m\<^esup>)"
+ "\<And>i. i < m \<Longrightarrow> x!i = x!(i + m)"
+ apply (metis (mono_tags, lifting) append_take_drop_id assms(1) diagonal_def mem_Collect_eq )
+ using assms diagonal_def
+ apply blast
+ apply(rule cartesian_power_car_memI)
+ using assms unfolding diagonal_def
+ apply (metis (no_types, lifting) cartesian_power_car_memE le_add2 mem_Collect_eq take_closed)
+proof-
+ show "set (take m x) \<subseteq> carrier R"
+ proof fix a
+ assume "a \<in> set (take m x)"
+ then have "a \<in> set x"
+ by (meson in_set_takeD)
+ then show "a \<in> carrier R"
+ using assms unfolding diagonal_def using cartesian_power_car_memE'[of x]
+ by (smt cartesian_power_car_memE in_set_conv_nth mem_Collect_eq)
+ qed
+ show "\<And>i. i < m \<Longrightarrow> x!i = x!(i + m)"
+ proof- fix i
+ assume A: "i < m"
+ have 0: "x = (take m x)@(take m x)"
+ using assms diagonal_def[of m]
+ by (metis (mono_tags, lifting) append_take_drop_id mem_Collect_eq)
+ then have 1: "x!i = take m x ! i"
+ by (metis A nth_take)
+ have 2: "length x = m + m"
+ using assms(1) cartesian_power_car_memE diagonal_def by blast
+ have 3: "take m x = drop m x"
+ by (metis "0" append_take_drop_id same_append_eq)
+ have 4: "drop m x ! i = x ! (i + m)"
+ by (metis "2" add.commute le_add1 nth_drop)
+ then show "x!i = x!(i + m)"
+ using "1" "3" by presburger
+ qed
+qed
+
+lemma diagonalI:
+ assumes "x = (take m x)@(take m x)"
+ assumes "take m x \<in> carrier (R\<^bsup>m\<^esup>)"
+ shows "x \<in> diagonal m"
+ unfolding diagonal_def using assms
+ by (metis (mono_tags, lifting) append_eq_conv_conj cartesian_power_car_memE
+ cartesian_power_car_memI'' length_append mem_Collect_eq)
+
+definition diag_def_poly :: "nat \<Rightarrow> nat \<Rightarrow>('a, nat) mvar_poly" where
+"diag_def_poly n i = pvar R i \<ominus>\<^bsub>coord_ring R (n + n)\<^esub> pvar R (i + n)"
+
+lemma diag_def_poly_closed:
+ assumes "i < n"
+ shows "diag_def_poly n i \<in> carrier (coord_ring R (n + n))"
+ using assms unfolding diag_def_poly_def coord_ring_def
+ by (metis (no_types, lifting) MP.minus_closed add.assoc add_leD1 coord_ring_def less_add_eq_less local.pvar_closed nat_less_le not_add_less1)
+
+lemma diag_def_poly_eval:
+ assumes "i < n"
+ assumes "x \<in> carrier (R\<^bsup>n+n\<^esup>)"
+ shows "eval_at_point R x (diag_def_poly n i) = (x!i) \<ominus> (x!(i + n))"
+
+ using assms diag_def_poly_def[of n i]
+ eval_at_point_subtract[of x "n + n" "pvar R i" "pvar R (i + n)"] eval_pvar[of i "n + n"]
+ eval_pvar[of "i+n" "n + n"] pvar_closed[of i "n + n"] pvar_closed[of "i + n" "n + n"]
+ by (metis add_less_cancel_right trans_less_add2)
+
+definition diag_def_poly_set :: "nat \<Rightarrow> ('a, nat) mvar_poly set" where
+"diag_def_poly_set n = diag_def_poly n ` {..<n}"
+
+lemma diag_def_poly_set_in_coord_ring:
+ shows "diag_def_poly_set n \<subseteq> carrier (coord_ring R (n + n))"
+proof fix x
+ assume "x \<in> diag_def_poly_set n"
+ then obtain i where i_def: "i < n \<and> x = diag_def_poly n i"
+ unfolding diag_def_poly_set_def
+ by blast
+ then show "x \<in> carrier (coord_ring R (n + n))"
+ using diag_def_poly_closed
+ by blast
+qed
+
+lemma diag_def_poly_set_finite:
+"finite (diag_def_poly_set n)"
+ unfolding diag_def_poly_set_def
+ by blast
+
+lemma diag_def_poly_eval_at_diagonal:
+ assumes "x \<in> diagonal n"
+ assumes "i < n"
+ shows "eval_at_point R x (diag_def_poly n i) = \<zero>"
+proof-
+ have "x!i = x!(i + n)"
+ using assms diagonalE(4) by blast
+ then show ?thesis
+ by (metis assms(1) assms(2) cartesian_power_car_memE cartesian_power_car_memE' cring_coord_rings.diag_def_poly_eval cring_coord_rings_axioms diagonalE(2) point_to_polysE point_to_polysE' pvar_trans_eval trans_less_add2)
+qed
+
+lemma diagonal_as_affine_alg_set:
+ shows "diagonal n = affine_alg_set R (n + n) (diag_def_poly_set n)"
+proof
+ show "diagonal n \<subseteq> affine_alg_set R (n + n) (diag_def_poly_set n)"
+ proof fix x assume A: "x \<in> diagonal n"
+ show " x \<in> affine_alg_set R (n + n) (diag_def_poly_set n)"
+ apply(rule affine_alg_set_memI)
+ using A diagonalE(2) apply blast
+ using diag_def_poly_eval_at_diagonal[of x] diag_def_poly_set_def[of n]
+ atLeastAtMost_iff[of _ 0 "n-1"]
+ by (metis (no_types, lifting) A image_iff lessThan_iff)
+ qed
+ show "affine_alg_set R (n + n) (diag_def_poly_set n) \<subseteq> diagonal n"
+ proof fix x
+ assume A: "x \<in> affine_alg_set R (n + n) (diag_def_poly_set n)"
+ show "x \<in> diagonal n"
+ proof(rule diagonalI)
+ show "x = take n x @ take n x"
+ proof-
+ have 0: "x = take n x @ drop n x"
+ by (metis append_take_drop_id)
+ have "take n x = drop n x"
+ proof-
+ have 0: "length x = n + n"
+ using A unfolding affine_alg_set_def
+ using cartesian_power_car_memE by blast
+ then have 1: "length (take n x) = length (drop n x)"
+ using A
+ by (metis (no_types, lifting) \<open>x = take n x @ drop n x\<close>
+ add.commute add_right_cancel affine_alg_set_closed cartesian_power_car_memE
+ le_add1 length_append subsetD take_closed)
+ have "\<And>i::nat. i < n \<Longrightarrow> (take n x)!i = (drop n x) ! i"
+ proof- fix i::nat assume A0: "i < n"
+ then have "i \<in> {..<n}" using atLeastAtMost_iff[of i 0 "n-1"]
+ by auto
+ then have "diag_def_poly n i \<in> (diag_def_poly_set n)"
+ using diag_def_poly_set_def by blast
+ then have "eval_at_point R x (diag_def_poly n i) = \<zero>"
+ using A affine_alg_set_memE by blast
+ then have "x!i = x!(n + i)"
+ using A0 diag_def_poly_eval[of i n x]
+ by (metis (no_types, lifting) A add.commute affine_alg_set_closed
+ cartesian_power_car_memE' nat_add_left_cancel_less R.r_right_minus_eq subsetD trans_less_add2)
+ then show "take n x ! i =drop n x ! i"
+ by (metis "0" A0 le_add1 nth_drop nth_take)
+ qed
+ then show ?thesis using 0
+ by (metis "1" \<open>x = take n x @ drop n x\<close> add_less_mono
+ length_append less_not_refl linorder_neqE_nat nth_equalityI)
+ qed
+ then show ?thesis
+ using 0 by metis
+ qed
+ show "take n x \<in> carrier (R\<^bsup>n\<^esup>)"
+ using A unfolding affine_alg_set_def
+ by (meson A affine_alg_set_closed le_add2 subset_eq take_closed)
+ qed
+ qed
+qed
+
+lemma diagonal_is_algebraic:
+ shows "is_algebraic R (n + n) (diagonal n)"
+ apply(rule is_algebraicI[of "diag_def_poly_set n"])
+ apply (simp add: diag_def_poly_set_finite)
+ using diag_def_poly_set_in_coord_ring apply blast
+ by (simp add: diagonal_as_affine_alg_set)
+
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Tuples of Functions\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+definition is_function_tuple :: "('a, 'b) ring_scheme \<Rightarrow> nat \<Rightarrow> ('a list \<Rightarrow> 'a) list \<Rightarrow> bool" where
+"is_function_tuple R n fs = (set fs \<subseteq> carrier (R\<^bsup>n\<^esup>) \<rightarrow> carrier R)"
+
+lemma is_function_tupleI:
+ assumes "(set fs \<subseteq> carrier (R\<^bsup>n\<^esup>) \<rightarrow> carrier R)"
+ shows "is_function_tuple R n fs "
+ by (simp add: assms is_function_tuple_def)
+
+lemma is_function_tuple_append:
+ assumes "is_function_tuple R n fs"
+ assumes "is_function_tuple R n gs"
+ shows "is_function_tuple R n (fs@gs)"
+ using assms is_function_tupleI set_append
+ by (simp add: is_function_tuple_def)
+
+lemma is_function_tuple_Cons:
+ assumes "is_function_tuple R n fs"
+ assumes "f \<in> carrier (R\<^bsup>n\<^esup>) \<rightarrow> carrier R"
+ shows "is_function_tuple R n (f#fs)"
+ using assms is_function_tupleI
+ by (simp add: assms(2) is_function_tuple_def)
+
+lemma is_function_tuple_snoc:
+ assumes "is_function_tuple R n fs"
+ assumes "f \<in> carrier (R\<^bsup>n\<^esup>) \<rightarrow> carrier R"
+ shows "is_function_tuple R n (fs@[f])"
+ apply(rule is_function_tupleI)
+ by (metis (no_types) Un_subset_iff append_Nil assms(1) assms(2) is_function_tuple_Cons is_function_tuple_def set_append)
+
+lemma is_function_tuple_list_update:
+ assumes "is_function_tuple R n fs"
+ assumes "f \<in> carrier (R\<^bsup>n\<^esup>) \<rightarrow> carrier R"
+ assumes "i < n"
+ shows "is_function_tuple R n (fs[i := f])"
+ apply(rule is_function_tupleI)
+ by (metis assms(1) assms(2) is_function_tuple_def set_update_subsetI)
+
+definition function_tuple_eval :: "'b \<Rightarrow> 'c \<Rightarrow> ('d \<Rightarrow> 'a) list \<Rightarrow> 'd \<Rightarrow> 'a list" where
+"function_tuple_eval R n fs x = map (\<lambda>f. f x) fs"
+
+lemma function_tuple_eval_closed:
+ assumes "is_function_tuple R n fs"
+ assumes "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "function_tuple_eval R n fs x \<in> carrier (R\<^bsup>length fs\<^esup>)"
+ apply(rule cartesian_power_car_memI')
+ apply (metis function_tuple_eval_def length_map)
+proof- fix i assume "i < length fs"
+ then show "function_tuple_eval R n fs x ! i \<in> carrier R"
+ unfolding function_tuple_eval_def using assms unfolding is_function_tuple_def
+ by (metis funcset_carrier nth_map nth_mem subsetD)
+qed
+
+definition coord_fun ::
+ "('a, 'c) ring_scheme \<Rightarrow> nat \<Rightarrow> ('a list \<Rightarrow> 'b list) \<Rightarrow> nat \<Rightarrow> 'a list \<Rightarrow> 'b" where
+"coord_fun R n g i = (\<lambda>x \<in> carrier (R\<^bsup>n\<^esup>). (g x) ! i)"
+
+lemma(in cring) map_is_coord_fun_tuple:
+ assumes "g \<in> carrier (R\<^bsup>n\<^esup>) \<rightarrow>\<^sub>E carrier (R\<^bsup>m\<^esup>)"
+ shows "g = (\<lambda> x \<in> carrier (R\<^bsup>n\<^esup>). function_tuple_eval R n (map (coord_fun R n g) [0..<m]) x)"
+proof
+ fix x
+ show "g x = restrict (function_tuple_eval R n (map (coord_fun R n g) [0..<m])) (carrier (R\<^bsup>n\<^esup>)) x"
+ proof(cases "x \<in> carrier (R\<^bsup>n\<^esup>)")
+ case True
+ then have T0: "restrict (function_tuple_eval R n (map (coord_fun R n g) [0..<m])) (carrier (R\<^bsup>n\<^esup>)) x =
+ function_tuple_eval R n (map (coord_fun R n g) [0..<m]) x"
+ by (meson restrict_apply')
+ have T1: "length (g x) = m"
+ by (metis PiE_mem True assms cartesian_power_car_memE)
+ have T2: "\<And>i. i < m \<Longrightarrow> (g x) ! i = (function_tuple_eval R n (map (coord_fun R n g) [0..<m]) x) ! i"
+ unfolding function_tuple_eval_def coord_fun_def
+ using restrict_apply True T1 length_map map_nth nth_map by smt
+ have T3: "length (function_tuple_eval R n (map (coord_fun R n g) [0..<m]) x) = m"
+ unfolding function_tuple_eval_def using length_map
+ by (metis T1 map_nth)
+ show ?thesis using T1 T2 T3
+ by (metis T0 nth_equalityI)
+ next
+ case False
+ then show ?thesis using assms unfolding restrict_def
+ by (meson PiE_E)
+ qed
+qed
+
+definition function_tuple_comp ::
+ "'c \<Rightarrow> ('a \<Rightarrow> 'd) list \<Rightarrow> ('d list \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> 'b" where
+"function_tuple_comp R fs f = f \<circ> (function_tuple_eval R (0::nat) fs)"
+
+lemma function_tuple_comp_closed:
+ assumes "f \<in> carrier (R\<^bsup>n\<^esup>) \<rightarrow> carrier R"
+ assumes "length fs = n"
+ assumes "is_function_tuple R m fs"
+ shows "function_tuple_comp R fs f \<in> carrier (R\<^bsup>m\<^esup>) \<rightarrow> carrier R"
+ unfolding function_tuple_comp_def
+ using assms
+ by (smt Pi_iff comp_apply function_tuple_eval_closed function_tuple_eval_def)
+
+fun id_function_tuple where
+"id_function_tuple (R::('a,'b) partial_object_scheme) 0 = []"|
+"id_function_tuple R (Suc n) = id_function_tuple R n @ [(\<lambda>(x::'a list). x! n)] "
+
+lemma id_function_tuple_is_function_tuple:
+"\<And>k. k \<ge> n \<Longrightarrow> is_function_tuple R k (id_function_tuple R n)"
+ apply(induction n)
+ apply (simp add: is_function_tupleI)
+proof- fix n k
+ assume IH: "(\<And>k. n \<le> k \<Longrightarrow> is_function_tuple R k (id_function_tuple R n))"
+
+ assume A: "Suc n \<le> k"
+ have 0: "(\<lambda>a. a!n) \<in> carrier (R\<^bsup>k\<^esup>) \<rightarrow> carrier R"
+ using A cartesian_power_car_memE'
+ by (metis Pi_I Suc_le_lessD)
+ have 1: " is_function_tuple R k (id_function_tuple R n)"
+ using A IH Suc_leD by blast
+ then show "is_function_tuple R k (id_function_tuple R (Suc n))"
+ using A 0 id_function_tuple.simps(2)[of R n]
+ is_function_tuple_snoc[of R k "id_function_tuple R n" "\<lambda>a. a!n" ]
+ by (simp add: "0")
+qed
+
+lemma id_function_tuple_is_function_tuple':
+"is_function_tuple R n (id_function_tuple R n)"
+by (simp add: id_function_tuple_is_function_tuple)
+
+lemma id_function_tuple_eval_is_take:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "k \<le> n \<Longrightarrow> function_tuple_eval R n (id_function_tuple R k) a = take k a"
+ apply(induction k)
+ using assms
+ apply (simp add: assms function_tuple_eval_def)
+proof- fix k
+ assume IH: "(k \<le> n \<Longrightarrow> function_tuple_eval R n (id_function_tuple R k) a = take k a) "
+ assume A: "Suc k \<le> n"
+ then have 0: "function_tuple_eval R n (id_function_tuple R k) a = take k a "
+ using IH Suc_leD
+ by blast
+ have "function_tuple_eval R n (id_function_tuple R (Suc k)) a
+ = function_tuple_eval R n (id_function_tuple R k) a @ [a!k]"
+ using id_function_tuple.simps(2)[of R k]
+ by (simp add: function_tuple_eval_def)
+ then show "function_tuple_eval R n (id_function_tuple R (Suc k)) a = take (Suc k) a"
+ by (metis "0" A Suc_le_lessD assms cartesian_power_car_memE take_Suc_conv_app_nth)
+qed
+
+lemma id_function_tuple_eval_is_id:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "function_tuple_eval R n (id_function_tuple R n) a = a"
+ using assms id_function_tuple_eval_is_take[of a R n n]
+ by (metis cartesian_power_car_memE order_refl take_all)
+
+text\<open>Composing a function tuple with a polynomial\<close>
+
+definition poly_function_tuple_comp ::
+ "('a, 'b) ring_scheme \<Rightarrow> nat \<Rightarrow> ('a list \<Rightarrow> 'a) list \<Rightarrow> ('a, nat) mvar_poly \<Rightarrow> 'a list \<Rightarrow> 'a" where
+"poly_function_tuple_comp R n fs f = eval_at_poly R f \<circ> function_tuple_eval R n fs"
+
+context cring_coord_rings
+begin
+
+lemma poly_function_tuple_comp_closed:
+ assumes "is_function_tuple R n fs"
+ assumes "f \<in> carrier (coord_ring R (length fs))"
+ shows "poly_function_tuple_comp R n fs f \<in> carrier (R\<^bsup>n\<^esup>) \<rightarrow> carrier R"
+proof fix x assume A: "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ then show "poly_function_tuple_comp R n fs f x \<in> carrier R"
+ using assms function_tuple_eval_closed eval_at_point_closed
+ unfolding poly_function_tuple_comp_def
+ by (metis comp_apply)
+qed
+
+lemma poly_function_tuple_comp_eq:
+ assumes "is_function_tuple R n fs"
+ assumes "f \<in> carrier (coord_ring R (length fs))"
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "poly_function_tuple_comp R n fs f a = eval_at_poly R f ( function_tuple_eval R n fs a)"
+ unfolding poly_function_tuple_comp_def
+ using comp_apply
+ by metis
+
+lemma poly_function_tuple_comp_constant:
+ assumes "is_function_tuple R n fs"
+ assumes "a \<in> carrier R"
+ assumes "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "poly_function_tuple_comp R n fs (coord_const a) x = a"
+ unfolding poly_function_tuple_comp_def
+ using assms comp_apply function_tuple_eval_closed
+ by (metis eval_at_point_const)
+
+lemma poly_function_tuple_comp_add:
+ assumes "is_function_tuple R n fs"
+ assumes "k \<le>length fs"
+ assumes "p \<in> carrier (coord_ring R k)"
+ assumes "Q \<in> carrier (coord_ring R k)"
+ assumes "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "poly_function_tuple_comp R n fs (p \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> Q) x =
+ (poly_function_tuple_comp R n fs p x) \<oplus> (poly_function_tuple_comp R n fs Q x)"
+proof-
+ have 0: "p \<in> carrier (coord_ring R (length fs))"
+ using assms poly_ring_car_mono[of k "length fs"]
+ by blast
+ have 1: "Q \<in> carrier (coord_ring R (length fs))"
+ using assms poly_ring_car_mono[of k "length fs"]
+ by blast
+ show ?thesis
+ using assms(1) assms(5) 0 1 R.Pring_add_eq[of ]
+ poly_function_tuple_comp_eq
+ function_tuple_eval_closed[of R n fs x]
+ eval_at_point_add[of "function_tuple_eval R n fs x" "length fs" p Q]
+ unfolding coord_ring_def by (metis R.Pring_add_closed)
+qed
+
+lemma poly_function_tuple_comp_mult:
+ assumes "is_function_tuple R n fs"
+ assumes "k \<le>length fs"
+ assumes "p \<in> carrier (coord_ring R k)"
+ assumes "Q \<in> carrier (coord_ring R k)"
+ assumes "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "poly_function_tuple_comp R n fs (p \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> Q) x =
+ (poly_function_tuple_comp R n fs p x) \<otimes> (poly_function_tuple_comp R n fs Q x)"
+proof-
+ have 0: "p \<in> carrier (coord_ring R (length fs))"
+ using assms poly_ring_car_mono[of k "length fs"]
+ by blast
+ have 1: "Q \<in> carrier (coord_ring R (length fs))"
+ using assms poly_ring_car_mono[of k "length fs"]
+ by blast
+ show ?thesis
+ using assms 0 1
+ poly_function_tuple_comp_eq
+ function_tuple_eval_closed[of R n fs x]
+ eval_at_point_mult[of "function_tuple_eval R n fs x" "length fs" p Q]
+ unfolding coord_ring_def
+ by (metis MP.m_closed R.Pring_mult_eq coord_ring_def)
+qed
+
+lemma poly_function_tuple_comp_pvar:
+ assumes "is_function_tuple R n fs"
+ assumes "k < length fs"
+ assumes "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ shows "poly_function_tuple_comp R n fs (pvar R k) x = (fs ! k) x"
+proof-
+ have "(map (\<lambda>f. f x) fs) \<in> carrier (R\<^bsup>length fs\<^esup>)"
+ using function_tuple_eval_closed[of R n fs x]
+ unfolding function_tuple_eval_def
+ using assms(1) assms(3) by blast
+ then have "eval_at_poly R (pvar R k) (map (\<lambda>f. f x) fs) = (fs! k) x"
+ using eval_pvar[of k "length fs" "(map (\<lambda>f. f x) fs)"]
+ by (metis assms(2) nth_map)
+ then show ?thesis
+ by (metis (mono_tags, lifting) assms(1) assms(2) assms(3) function_tuple_eval_def
+ nth_map poly_function_tuple_comp_eq pvar_closed)
+qed
+
+end
+text\<open>The coordinate ring of polynomials indexed by natural numbers\<close>
+
+definition Coord_ring :: "('a, 'b) ring_scheme \<Rightarrow> ('a, ('a, nat) mvar_poly) module" where
+"Coord_ring R = Pring R (UNIV :: nat set)"
+
+
+text\<open>Some general closure lemmas for coordinate rings\<close>
+context cring_coord_rings
+begin
+lemma coord_ring_monom_term_closed:
+ assumes "a \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "b \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "a \<otimes>\<^bsub>(R[\<X>\<^bsub>n\<^esub>])\<^esub> b[^]\<^bsub>(R[\<X>\<^bsub>n\<^esub>])\<^esub>(n::nat) \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using assms monoid.nat_pow_closed[of "(R[\<X>\<^bsub>n\<^esub>])"]
+ unfolding coord_ring_def
+ by (meson R.Pring_is_monoid monoid.m_closed)
+
+lemma coord_ring_monom_term_plus_closed:
+ assumes "a \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "b \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "c \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "c \<oplus>\<^bsub>(R[\<X>\<^bsub>n\<^esub>])\<^esub> a \<otimes>\<^bsub>(R[\<X>\<^bsub>n\<^esub>])\<^esub> b[^]\<^bsub>(R[\<X>\<^bsub>n\<^esub>])\<^esub>(n::nat) \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using assms coord_ring_monom_term_closed R.Pring_add_closed
+ by blast
+
+end
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Generic Univariate Polynomials\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ By a generic univariate polynomial, we mean a polynomial in one variable whose coefficients are
+ coordinate functions over a ring. That is, a polynomial of the form:
+ \[f(t) = x_0 + x_1t + \dots + x_nt^n\]
+ Such a polynomial can be construed as an element of $R[x_0,..,x_n](t)$, or as an element of
+ $R[x_0,..,x_n, x_n{n+1}]$. We will intially define the latter version, and show that it can
+ easily be cast to the former using the function ``\texttt{IP\_to\_UP"}. Such a polynomial can be
+ cast to a univariate polynomial over the ring $R$ by substituting a tuple of ring elements for
+ the coefficients.
+\<close>
+definition generic_poly_lt :: "('a, 'b) ring_scheme \<Rightarrow> nat \<Rightarrow> ('a, nat) mvar_poly" where
+"generic_poly_lt R n = (pvar R (Suc n)) \<otimes>\<^bsub>coord_ring R (Suc (Suc n))\<^esub> (pvar R 0)[^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n"
+
+fun generic_poly where
+"generic_poly R (0::nat) = pvar R 1"|
+"generic_poly R (Suc n) = (generic_poly R n) \<oplus>\<^bsub>(coord_ring R (n+3))\<^esub> generic_poly_lt R (Suc n)"
+
+
+context cring_coord_rings
+begin
+
+lemma generic_poly_lt_closed:
+"generic_poly_lt R n \<in> carrier (coord_ring R (Suc (Suc n)))"
+proof-
+ have 0: "(pvar R (Suc n)) \<in> carrier (coord_ring R (Suc (Suc n)))"
+ using pvar_closed
+ by blast
+ have 1: " (pvar R 0) \<in> carrier (coord_ring R (Suc (Suc n)))"
+ using pvar_closed
+ by blast
+ then have "(pvar R 0)[^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n \<in> carrier (coord_ring R (Suc (Suc n)))"
+ using monoid.nat_pow_closed
+ unfolding coord_ring_def by (metis R.Pring_is_monoid)
+ then show ?thesis using 0
+ unfolding coord_ring_def
+ by (metis R.Pring_mult_closed coord_ring_def generic_poly_lt_def)
+qed
+
+lemma generic_poly_lt_eval:
+ assumes "a \<in> carrier (R\<^bsup>n+2\<^esup>)"
+ shows "eval_at_point R a (generic_poly_lt R n) = a!(Suc n) \<otimes> (a!0)[^]n "
+proof-
+ have "(pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n) \<in> carrier (coord_ring R (n + 2))"
+ using monoid.nat_pow_closed pvar_closed unfolding coord_ring_def
+ by (metis R.Pring_is_monoid add_2_eq_Suc' zero_less_Suc)
+ then have "eval_at_point R a (generic_poly_lt R n) =
+ eval_at_poly R (pvar R (Suc n)) a \<otimes> eval_at_poly R (pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n) a"
+ unfolding generic_poly_lt_def
+ using assms pvar_closed[of "(Suc n)" "n + 2"] eval_at_point_mult[of a "n + 2" "pvar R (Suc n)" "(pvar R 0)[^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n"]
+ by (metis add_2_eq_Suc' lessI)
+ then show ?thesis using assms
+ by (metis add_2_eq_Suc' add_gr_0 eval_at_point_nat_pow eval_pvar lessI pvar_closed zero_less_numeral)
+qed
+
+lemma generic_poly_closed:
+"generic_poly R n \<in> carrier (coord_ring R (Suc (Suc n)))"
+ apply(induction n)
+ using pvar_closed[of 1 "Suc (Suc n)"]
+ apply (metis One_nat_def generic_poly.simps(1) lessI pvar_closed)
+proof-
+ fix n assume IH: "generic_poly R n \<in> carrier (coord_ring R (Suc (Suc n)))"
+ have "generic_poly R n \<in> carrier (coord_ring R (Suc (Suc (Suc n))))"
+ using IH poly_ring_car_mono'[of "Suc (Suc n)"]
+ by blast
+ then show " generic_poly R (Suc n) \<in> carrier (coord_ring R (Suc (Suc (Suc n))))"
+ unfolding coord_ring_def
+ using generic_poly.simps[of R] generic_poly_lt_closed[of n]
+ by (metis MP.add.m_closed R.Pring_add_eq coord_ring_def generic_poly_lt_closed)
+qed
+
+lemma generic_poly_closed':
+ assumes "k \<le>n"
+ shows "generic_poly R k \<in> carrier (coord_ring R (Suc (Suc n)))"
+by (meson Suc_le_mono assms generic_poly_closed poly_ring_car_mono subsetD)
+
+lemma generic_poly_eval_at_point:
+ assumes "a \<in> carrier (R\<^bsup>n+3\<^esup>)"
+ shows "eval_at_point R a (generic_poly R (Suc n)) = (eval_at_point R a (generic_poly R n)) \<oplus>
+ (a!(n + 2)) \<otimes> (a!0)[^](Suc n)"
+proof-
+ have 0: "(generic_poly R n) \<in> carrier (coord_ring R (n + 3))"
+ using generic_poly_closed'
+ by (metis Suc3_eq_add_3 add.commute eq_imp_le le_SucI)
+ then show ?thesis
+ using generic_poly.simps(2)
+ generic_poly_closed'[of n "n + 3"]
+ generic_poly_lt_eval eval_at_point_add[of a "(n + 3)" "generic_poly R n"]
+ by (metis (no_types, lifting) add.left_commute add_2_eq_Suc' assms
+ generic_poly_lt_closed numeral_2_eq_2 numeral_3_eq_3 plus_1_eq_Suc)
+qed
+
+end
+
+text \<open>
+ We can turn points in $R^{n+1}$ into univariate polynomials with the associated coefficients
+ via partial evaluation of the generic polynomials of degree $n$. \<close>
+
+definition ring_cfs_to_poly ::
+"('a, 'b) ring_scheme \<Rightarrow> nat \<Rightarrow> 'a list \<Rightarrow> ('a, nat) mvar_poly" where
+"ring_cfs_to_poly R n as = coord_partial_eval R {1..<n+2} (\<zero>\<^bsub>R\<^esub>#as) (generic_poly R n)"
+
+context cring_coord_rings
+begin
+
+lemma ring_cfs_to_poly_closed:
+ assumes "as \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ shows "ring_cfs_to_poly R n as \<in> carrier (coord_ring R 1)"
+proof-
+ have 0: "\<zero> # as \<in> carrier (R\<^bsup>n+2\<^esup>)"
+ apply(rule cartesian_power_car_memI)
+ using assms
+ apply (metis add_2_eq_Suc' cartesian_power_car_memE length_Cons)
+ using assms
+ by (metis cartesian_power_car_memE'' insert_subset list.simps(15) R.zero_closed)
+ then have 1: "coord_partial_eval R {1..<n + 2} (\<zero> # as) \<in> ring_hom (coord_ring R (n + 2)) (Pring R ({..<n + 2} - {1..<n + 2}))"
+ using coord_partial_eval_hom' by blast
+ have "({..<n + 2} - {1..<n + 2}) = {..<1}"
+ by auto
+ then have 2: "coord_partial_eval R {1..<n + 2} (\<zero> # as) \<in> ring_hom (coord_ring R (n + 2)) (coord_ring R 1)"
+ using 1 unfolding coord_ring_def
+ by presburger
+ then show ?thesis
+ unfolding ring_cfs_to_poly_def coord_ring_def
+ by (metis "0" Diff_subset \<open>{..<n + 2} - {1..<n + 2} = {..<1}\<close>
+ add_2_eq_Suc' coord_partial_eval_closed generic_poly_closed
+ le_numeral_extra(4) lessThan_minus_lessThan lessThan_subset_iff)
+qed
+
+text\<open>Variant which maps to the univariate polynomial ring\<close>
+
+definition ring_cfs_to_univ_poly :: "nat \<Rightarrow> 'a list \<Rightarrow> nat \<Rightarrow> 'a" where
+"ring_cfs_to_univ_poly n as = IP_to_UP (0::nat) (ring_cfs_to_poly R n as)"
+
+lemma ring_cfs_to_univ_poly_closed:
+ assumes "as \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ shows "ring_cfs_to_univ_poly n as \<in> carrier (UP R)"
+ unfolding ring_cfs_to_univ_poly_def apply(rule R.IP_to_UP_closed, rule R.is_cring)
+ using ring_cfs_to_poly_closed unfolding coord_ring_def
+ using assms by (metis One_nat_def lessThan_0 lessThan_Suc)
+
+lemma ring_cfs_to_poly_eq:
+ assumes "as \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ assumes "k \<le>n"
+ shows "ring_cfs_to_poly R k as = ring_cfs_to_poly R k (take (Suc k) as) "
+ unfolding ring_cfs_to_poly_def coord_partial_eval_def
+ apply(rule R.poly_eval_eval_function_eq[of "(point_to_eval_map R (\<zero> # as))" "(point_to_eval_map R (\<zero> # take (Suc k) as))" "{1..<k + 2}" _ "{..<k + 2}"])
+proof-
+ show "closed_fun R (point_to_eval_map R (\<zero> # as))"
+ apply(rule R.closed_funI)
+ using assms cartesian_power_car_memE[of as R "Suc n"]
+ by (metis cartesian_power_car_memE'' nth_mem set_ConsD subset_code(1) R.zero_closed)
+ show "closed_fun R (\<lambda>i. if i < length (\<zero> # take (Suc k) as) then (\<zero> # take (Suc k) as) ! i else \<zero>)"
+ apply(rule R.closed_funI)
+ using assms
+ by (metis cartesian_power_car_memE'' in_set_takeD nth_mem set_ConsD subset_code(1) R.zero_closed)
+ have 0: "length (\<zero> # as) \<ge> k + 2"
+ using assms
+ by (metis Suc_le_mono add_2_eq_Suc' cartesian_power_car_memE length_Cons)
+ have 1: "length (\<zero> # take (Suc k) as) \<ge>k + 2"
+ using 0
+ by (metis add_2_eq_Suc' assms(1) cartesian_power_car_memE
+ impossible_Cons length_Cons not_less_eq_eq take_closed)
+ show "restrict (point_to_eval_map R (\<zero> # as)) {1..<k + 2} = restrict (point_to_eval_map R (\<zero> # take (Suc k) as)) {1..<k + 2}"
+ proof fix x
+ show "restrict (point_to_eval_map R (\<zero> # as)) {1..<k + 2} x = restrict (point_to_eval_map R (\<zero> # take (Suc k) as)) {1..<k + 2} x"
+ proof(cases "x \<in> {1..<k + 2}")
+ case True
+ have 00: "restrict (point_to_eval_map R (\<zero> # as)) {1..<k + 2} x = (\<zero>#as)!x"
+ unfolding restrict_def
+ by (metis "0" True atLeastLessThan_iff le_Suc_ex trans_less_add1)
+ have 11: "restrict (point_to_eval_map R (\<zero> # take (Suc k) as)) {1..<k + 2} x = (\<zero> # take (Suc k) as)!x"
+ unfolding restrict_def
+ by (metis "1" True atLeastLessThan_iff le_Suc_ex trans_less_add1)
+ have 2: "(\<zero> # as) ! x = (\<zero> # take (Suc k) as) ! x"
+ proof-
+ obtain l where l_def: "Suc l = x"
+ using True
+ by (metis One_nat_def Suc_le_D atLeastLessThan_iff)
+ have P1: "(\<zero> # as) ! x = as ! l"
+ using 0 True l_def
+ by (meson nth_Cons_Suc)
+ have P0: "(\<zero> # take (Suc k) as) ! x = (take (Suc k) as) ! l"
+ using 1 True l_def
+ by (meson nth_Cons_Suc)
+ have "l < Suc k"
+ using True l_def
+ by (metis Suc_1 Suc_eq_plus1 Suc_less_SucD add_Suc_right atLeastLessThan_iff)
+ then have "(\<zero> # take (Suc k) as) ! x = as ! l"
+ using P0
+ by (metis nth_take)
+ then show ?thesis
+ using P1 by metis
+ qed
+ then show ?thesis using 00 11 True
+ by presburger
+ next
+ case False
+ then show ?thesis
+ unfolding restrict_def
+ by presburger
+ qed
+ qed
+ show " generic_poly R k \<in> Pring_set R {..<k + 2}"
+ by (metis R.Pring_car add_2_eq_Suc' coord_ring_def generic_poly_closed)
+qed
+
+lemma coord_partial_eval_generic_poly_lt:
+ assumes "as \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ shows "coord_partial_eval R {1..<n+2} (\<zero>\<^bsub>R\<^esub>#as) (generic_poly_lt R n) =
+ poly_scalar_mult R (as!n) ((pvar R 0)[^]\<^bsub>coord_ring R (n+2)\<^esub> n)"
+proof-
+ have 0: "\<zero> # as \<in> carrier (R\<^bsup>Suc (Suc n)\<^esup>)"
+ using assms cartesian_power_cons
+ by (metis Suc_eq_plus1 R.zero_closed)
+ have 1: "pvar R (Suc n) \<in> Pring_set R {..<n + 2}"
+ using pvar_closed
+ by (metis R.Pring_car add_2_eq_Suc' coord_ring_def lessI)
+ have 2: " pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n \<in> Pring_set R {..<n + 2}"
+ using monoid.nat_pow_closed pvar_closed unfolding coord_ring_def
+ using R.Pring_car R.Pring_is_monoid add_2_eq_Suc' zero_less_Suc
+ by (metis)
+ have 3: "poly_eval R {1..<n + 2} (point_to_eval_map R (\<zero> # as))
+ (pvar R (Suc n) \<otimes>\<^bsub>coord_ring R (Suc (Suc n))\<^esub> pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n) =
+ (poly_eval R {1..<n + 2} (point_to_eval_map R (\<zero> # as)) (pvar R (Suc n))) \<otimes>\<^bsub>coord_ring R (Suc (Suc n))\<^esub>
+ (poly_eval R {1..<n + 2} (point_to_eval_map R (\<zero> # as))
+ (pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n))"
+ using 0 1 2 R.poly_eval_mult[of "pvar R (Suc n)" "{..<n+2}" " pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n"
+ "(point_to_eval_map R (\<zero> # as))" "{1..<n + 2}"] unfolding coord_ring_def
+ by (smt R.Pring_mult cartesian_power_car_memE cartesian_power_car_memE' R.closed_funI R.zero_closed)
+ have 4: "poly_eval R {1..<n + 2} (point_to_eval_map R (\<zero> # as))
+ (pvar R (Suc n) \<otimes>\<^bsub>coord_ring R (Suc (Suc n))\<^esub> pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n) =
+ (coord_const ((\<zero> # as)! (Suc n))) \<otimes>\<^bsub>coord_ring R (Suc (Suc n))\<^esub>
+ (poly_eval R {1..<n + 2} (point_to_eval_map R (\<zero> # as))
+ (pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n))"
+ using 0 3 point_to_eval_map_closed[of "(\<zero> # as)" "Suc (Suc n)"]
+ R.poly_eval_index[of "(point_to_eval_map R (\<zero> # as))" "{1..<n + 2}" "Suc n"]
+ add_2_eq_Suc' atLeastLessThan_iff cartesian_power_car_memE le_neq_implies_less
+ less_Suc_eq not_less_eq_eq not_less_zero numeral_1_eq_Suc_0 numeral_One var_to_IP_def
+ by (smt local.one_neq_zero)
+ have 5: "pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n \<in> Pring_set R ({..<n + 2} - {1..<n + 2}) "
+ proof-
+ have "0 \<in> {..<n + 2} - {1..<n + 2}" by auto
+ then have "pvar R 0 [^]\<^bsub>Pring R ({..<n + 2} - {1..<n + 2})\<^esub> n \<in> carrier (Pring R ({..<n + 2} - {1..<n + 2}))"
+ using R.Pring_var_closed[of 0 "{..<n + 2} - {1..<n + 2}"] R.Pring_is_monoid[of "{..<n + 2} - {1..<n + 2}"]
+ monoid.nat_pow_closed[of "Pring R ({..<n + 2} - {1..<n + 2})" "pvar R 0" n ]
+ by blast
+ have "\<And>k::nat. (pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> k) = (pvar R 0 [^]\<^bsub>Pring R ({..<n + 2} - {1..<n + 2})\<^esub>k)"
+ proof- fix k::nat show "(pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> k) = (pvar R 0 [^]\<^bsub>Pring R ({..<n + 2} - {1..<n + 2})\<^esub>k)"
+ apply(induction k)
+ using R.Pring_var_closed[of 0 "{..<(Suc (Suc n))}"] R.Pring_var_closed[of 0 "{..<n + 2} - {1..<n + 2}"]
+ unfolding coord_ring_def
+ apply (metis Group.nat_pow_0 R.ring_axioms R.Pring_one)
+ using R.Pring_var_closed[of 0 "{..<(Suc (Suc n))}"] R.Pring_var_closed[of 0 "{..<n + 2} - {1..<n + 2}"]
+ nat_pow_def
+ by (metis R.Pring_mult_eq R.Pring_one_eq add_2_eq_Suc')
+ qed
+ then show ?thesis
+ by (metis R.Pring_car \<open>pvar R 0 [^]\<^bsub>Pring R ({..<n + 2} - {1..<n + 2})\<^esub> n \<in> carrier (Pring R ({..<n + 2} - {1..<n + 2}))\<close>)
+ qed
+ have 6: "(poly_eval R {1..<n + 2} (point_to_eval_map R (\<zero> # as))
+ (pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n)) = (pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n)"
+ using 5 0 point_to_eval_map_closed[of "(\<zero> # as)" "Suc (Suc n)"]
+ R.poly_eval_trivial[of "(point_to_eval_map R (\<zero> # as))" "pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n" "{..<n + 2}" "{1..<n + 2}" ]
+ by blast
+ have 7: "poly_eval R {1..<n + 2} (point_to_eval_map R (\<zero> # as))
+ (pvar R (Suc n) \<otimes>\<^bsub>coord_ring R (Suc (Suc n))\<^esub> pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n) =
+ (coord_const ((\<zero> # as)! (Suc n))) \<otimes>\<^bsub>coord_ring R (Suc (Suc n))\<^esub>
+ (pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n)"
+ using 4 6
+ by presburger
+ have 8: "(\<zero> # as) ! Suc n = as! n"
+ by (meson nth_Cons_Suc)
+ have 88: "(\<zero> # as) ! Suc n \<in> carrier R"
+ by (metis "8" assms cartesian_power_car_memE' less_Suc_eq)
+ have 9: "poly_eval R {1..<n + 2} (point_to_eval_map R (\<zero> # as))
+ (pvar R (Suc n) \<otimes>\<^bsub>coord_ring R (Suc (Suc n))\<^esub> pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n) =
+ coord_const ((\<zero> # as) ! Suc n) \<Otimes>\<^sub>p pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n "
+ using R.poly_scalar_mult_eq[of "(\<zero> # as) ! Suc n" "pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n"]
+ unfolding coord_ring_def
+ by (metis (no_types, lifting) "7" R.Pring_mult coord_ring_def)
+ have 10: "poly_scalar_mult R ((\<zero> # as) ! Suc n) (pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n) =
+ coord_const ((\<zero> # as) ! Suc n) \<Otimes>\<^sub>p pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n"
+ using 9 8 88 0 5 R.poly_scalar_mult_eq[of "(\<zero> # as) ! Suc n" "pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n" "({..<n + 2} - {1..<n + 2})"]
+ by blast
+ have 11: "poly_scalar_mult R (as! n) (pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n) =
+ coord_const ((\<zero> # as) ! Suc n) \<Otimes>\<^sub>p pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n"
+ using 10 8
+ by metis
+ have 12: "poly_eval R {1..<n + 2} (point_to_eval_map R (\<zero> # as))
+ (pvar R (Suc n) \<otimes>\<^bsub>coord_ring R (Suc (Suc n))\<^esub> pvar R 0 [^]\<^bsub>coord_ring R (Suc (Suc n))\<^esub> n) =
+ poly_scalar_mult R (as ! n) ((pvar R 0) [^]\<^bsub>coord_ring R (n + 2)\<^esub> n)"
+ using 11 9
+ by (metis add_2_eq_Suc')
+ then show ?thesis
+ unfolding coord_partial_eval_def generic_poly_lt_def
+ by blast
+qed
+
+lemma coord_partial_eval_generic_poly_lt':
+ assumes "as \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ shows "coord_partial_eval R {1..<n+2} (\<zero>\<^bsub>R\<^esub>#as) (generic_poly_lt R n) =
+ poly_scalar_mult R (as!n) ((pvar R 0)[^]\<^bsub>coord_ring R 1\<^esub> n)"
+proof-
+ have 0: "coord_partial_eval R {1..<n+2} (\<zero>\<^bsub>R\<^esub>#as) (generic_poly_lt R n) =
+ poly_scalar_mult R (as!n) ((pvar R 0)[^]\<^bsub>coord_ring R (n+2)\<^esub> n)"
+ using assms coord_partial_eval_generic_poly_lt by blast
+ have 1: "\<And>k::nat. (pvar R 0)[^]\<^bsub>coord_ring R (n+2)\<^esub> k = (pvar R 0)[^]\<^bsub>coord_ring R 1\<^esub> k"
+ proof- fix k::nat show "(pvar R 0)[^]\<^bsub>coord_ring R (n+2)\<^esub> k = (pvar R 0)[^]\<^bsub>coord_ring R 1\<^esub> k"
+ apply(induction k)
+ unfolding coord_ring_def
+ apply (metis Group.nat_pow_0 R.Pring_one_eq)
+ using nat_pow_def
+ by (metis R.Pring_mult_eq R.Pring_one add_2_eq_Suc')
+ qed
+ then show ?thesis
+ using "0" by presburger
+qed
+
+lemma ring_cfs_to_poly_decomp:
+ assumes "as \<in> carrier (R\<^bsup>Suc (Suc n)\<^esup>)"
+ shows "ring_cfs_to_poly R (Suc n) as = ring_cfs_to_poly R n as \<oplus>\<^bsub>coord_ring R 1\<^esub>
+ poly_scalar_mult R (as!(Suc n)) ((pvar R 0)[^]\<^bsub>coord_ring R 1\<^esub> (Suc n))"
+proof-
+ have LHS: "ring_cfs_to_poly R (Suc n) as =
+ coord_partial_eval R {1..<Suc n + 2} (\<zero> # as) (generic_poly R n \<oplus>\<^bsub>coord_ring R (Suc (Suc (Suc n)))\<^esub> generic_poly_lt R (Suc n))"
+ by (smt add_2_eq_Suc' add_Suc_right generic_poly.simps(2) numeral_2_eq_2 numeral_3_eq_3 ring_cfs_to_poly_def)
+ have LHS': "ring_cfs_to_poly R (Suc n) as =
+ coord_partial_eval R {1..<Suc n + 2} (\<zero> # as) (generic_poly R n) \<oplus>\<^bsub>coord_ring R (Suc (Suc (Suc n)))\<^esub>
+ coord_partial_eval R {1..<Suc n + 2} (\<zero> # as) (generic_poly_lt R (Suc n))"
+ using coord_partial_eval_add[of as "Suc n"]
+ by (metis LHS add_2_eq_Suc' add_Suc_shift assms cartesian_power_cons
+ coord_partial_eval_add generic_poly_closed' generic_poly_lt_closed le_add2 plus_1_eq_Suc R.zero_closed)
+ have LHS'': "ring_cfs_to_poly R (Suc n) as =
+ coord_partial_eval R {1..<Suc n + 2} (\<zero> # as) (generic_poly R n) \<oplus>\<^bsub>coord_ring R (Suc (Suc (Suc n)))\<^esub>
+ coord_partial_eval R {1..<Suc n + 2} (\<zero> # as) (generic_poly_lt R (Suc n))"
+ using coord_partial_eval_add[of as "Suc n"]
+ by (metis LHS add_2_eq_Suc' add_Suc_shift assms cartesian_power_cons
+ coord_partial_eval_add generic_poly_closed' generic_poly_lt_closed le_add2 plus_1_eq_Suc R.zero_closed)
+ have LHS''': "ring_cfs_to_poly R (Suc n) as =
+ coord_partial_eval R {1..<Suc n + 2} (\<zero> # as) (generic_poly R n) \<oplus>\<^bsub>coord_ring R (Suc (Suc (Suc n)))\<^esub>
+ poly_scalar_mult R (as! (Suc n)) ((pvar R 0)[^]\<^bsub>coord_ring R 1\<^esub> (Suc n))"
+ using LHS'' coord_partial_eval_generic_poly_lt'[of as "Suc n"] assms
+ by presburger
+ have 0: "coord_partial_eval R {1..<Suc n + 2} (\<zero> # as) (generic_poly R n) = ring_cfs_to_poly R n as"
+ proof-
+ have 00: "(generic_poly R n) \<in> carrier (coord_ring R (n + 2))"
+ using add_2_eq_Suc' generic_poly_closed by presburger
+ have 01: "\<one> \<noteq> \<zero>"
+ using one_neq_zero
+ by presburger
+ have 02: "(\<zero> # as) \<in> carrier (R\<^bsup>Suc (Suc n) + 1\<^esup>)"
+ using cartesian_power_cons[of as R "Suc (Suc n)" \<zero>] assms
+ by blast
+ have 03: "closed_fun R (point_to_eval_map R (\<zero> # as))"
+ using point_to_eval_map_closed[of "\<zero>#as" "Suc (Suc (Suc n))"]
+ by (metis "02" Suc_eq_plus1)
+ have 04: "{1..<Suc n + 2} \<inter> {..<n + 2} = {1..<n + 2} \<inter> {..<n + 2}"
+ by auto
+ show ?thesis
+ unfolding ring_cfs_to_poly_def coord_partial_eval_def
+ using 04 03 02 01 00 R.Pring_car[of "{..<n + 2}"] assms
+ R.poly_eval_eval_set_eq[of "point_to_eval_map R (\<zero> # as)" "{1..<Suc n + 2}"
+ "{..<n + 2}" "{1..<n + 2}" "(generic_poly R n)" ]
+ by (metis coord_ring_def)
+ qed
+ show ?thesis
+ using generic_poly.simps(2)[of R n] coord_partial_eval_add LHS''' 0
+ unfolding ring_cfs_to_poly_def
+ by (metis R.Pring_add_eq coord_ring_def)
+qed
+
+lemma ring_cfs_to_poly_decomp':
+ assumes "as \<in> carrier (R\<^bsup>Suc (Suc n)\<^esup>)"
+ shows "ring_cfs_to_poly R (Suc n) as =
+ ring_cfs_to_poly R n (take (Suc n) as) \<oplus>\<^bsub>coord_ring R 1\<^esub>
+ poly_scalar_mult R (as!(Suc n)) ((pvar R 0)[^]\<^bsub>coord_ring R 1\<^esub> (Suc n))"
+ using assms ring_cfs_to_poly_decomp[of as n]
+ ring_cfs_to_poly_eq[of as "Suc n" n] le_eq_less_or_eq less_Suc_eq
+ by presburger
+
+lemma ring_cfs_to_univ_poly_decomp':
+ assumes "as \<in> carrier (R\<^bsup>Suc (Suc n)\<^esup>)"
+ shows "ring_cfs_to_univ_poly (Suc n) as =
+ ring_cfs_to_univ_poly n (take (Suc n) as) \<oplus>\<^bsub>UP R\<^esub>
+ (as!(Suc n))\<odot>\<^bsub>UP R\<^esub> (X_poly R [^]\<^bsub>UP R\<^esub> (Suc n))"
+proof-
+ have 00: "(pvar R 0 [^]\<^bsub>coord_ring R 1\<^esub> Suc n) \<in> carrier (Pring R {0})"
+ using pvar_closed[of 0 1] monoid.nat_pow_closed[of "coord_ring R 1" _ n ]
+ unfolding coord_ring_def
+ by (metis One_nat_def R.Pring_is_monoid lessThan_0 lessThan_Suc less_one monoid.nat_pow_closed)
+ have LHS: "ring_cfs_to_univ_poly (Suc n) as =
+ IP_to_UP 0 (ring_cfs_to_poly R n (take (Suc n) as) \<oplus>\<^bsub>coord_ring R 1\<^esub>
+ poly_scalar_mult R (as!(Suc n)) ((pvar R 0)[^]\<^bsub>coord_ring R 1\<^esub> (Suc n)))"
+ using assms ring_cfs_to_poly_decomp'
+ unfolding ring_cfs_to_univ_poly_def
+ by presburger
+ have LHS': "ring_cfs_to_univ_poly (Suc n) as =
+ IP_to_UP 0 (ring_cfs_to_poly R n (take (Suc n) as)) \<oplus>\<^bsub>UP R\<^esub>
+ IP_to_UP 0 (poly_scalar_mult R (as!(Suc n)) ((pvar R 0)[^]\<^bsub>coord_ring R 1\<^esub> (Suc n)))"
+ proof-
+ have 0: " ring_cfs_to_poly R n (take (Suc n) as) \<in> carrier (Pring R {0})"
+ by (metis One_nat_def assms coord_ring_def le_add2 lessThan_0 lessThan_Suc plus_1_eq_Suc ring_cfs_to_poly_closed take_closed)
+ have 1: "as ! Suc n \<in> carrier R"
+ using assms cartesian_power_car_memE'[of as R "Suc (Suc n)"]
+ by blast
+ have 2: "poly_scalar_mult R (as ! Suc n) (pvar R 0 [^]\<^bsub>coord_ring R 1\<^esub> Suc n) \<in> carrier (Pring R {0})"
+ using 1 00 R.Pring_car R.poly_scalar_mult_closed[of "(as ! Suc n)" "(pvar R 0 [^]\<^bsub>coord_ring R 1\<^esub> Suc n)" "{0}"]
+ by blast
+ then show ?thesis
+ using 0 1 2 UP_cring.IP_to_UP_add[of R "(ring_cfs_to_poly R n (take (Suc n) as))" "0"
+ "poly_scalar_mult R (as!(Suc n)) ((pvar R 0)[^]\<^bsub>coord_ring R 1\<^esub> (Suc n))"]
+ by (metis LHS One_nat_def UP_cring_def coord_ring_def R.is_cring lessThan_0 lessThan_Suc)
+ qed
+ have 0: "IP_to_UP 0 (ring_cfs_to_poly R n (take (Suc n) as)) =
+ ring_cfs_to_univ_poly n (take (Suc n) as)"
+ using ring_cfs_to_univ_poly_def
+ by presburger
+ have 1: "(mset_to_IP R (nat_to_mset 0 (Suc n))) = (pvar R 0)[^]\<^bsub>coord_ring R 1\<^esub> (Suc n)"
+ unfolding coord_ring_def using lessThan_iff less_one
+ by (metis UP_cring.intro UP_cring.pvar_pow R.is_cring)
+ have 2: "as ! Suc n \<in> carrier R"
+ using cartesian_power_car_memE' assms
+ by blast
+ have 3: "IP_to_UP 0 (poly_scalar_mult R (as ! Suc n) (pvar R 0 [^]\<^bsub>coord_ring R 1\<^esub> Suc n)) =
+ as ! Suc n \<odot>\<^bsub>UP R\<^esub> IP_to_UP 0 (pvar R 0 [^]\<^bsub>coord_ring R 1\<^esub> Suc n)"
+ using UP_cring.IP_to_UP_scalar_mult[of R "as!(Suc n)" "((pvar R 0)[^]\<^bsub>coord_ring R 1\<^esub> (Suc n))" 0]
+ "00" "2" unfolding coord_ring_def
+ by (metis R.Pring_smult UP_cring.intro R.is_cring)
+ have 4: "IP_to_UP 0 (poly_scalar_mult R (as!(Suc n)) ((pvar R 0)[^]\<^bsub>coord_ring R 1\<^esub> (Suc n)))
+ = (as!(Suc n))\<odot>\<^bsub>UP R\<^esub> (X_poly R [^]\<^bsub>UP R\<^esub> (Suc n))"
+ proof -
+ have "as ! Suc n \<odot>\<^bsub>UP R\<^esub> X_poly R [^]\<^bsub>UP R\<^esub> Suc n = IP_to_UP (0::nat) (Mt (as ! Suc n) (nat_to_mset 0 (Suc n)))"
+ using 3 1 UP_cring.IP_to_UP_monom
+ by (metis UP_cring.intro R.is_cring)
+ then show ?thesis
+ using \<open>mset_to_IP R (nat_to_mset 0 (Suc n)) = pvar R 0 [^]\<^bsub>coord_ring R 1\<^esub> Suc n\<close>
+ by presburger
+ qed
+ then show ?thesis
+ using "0" LHS'
+ by presburger
+qed
+
+lemma ring_cfs_to_univ_poly_decomp:
+ assumes "as \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ assumes "k < n"
+ shows "ring_cfs_to_univ_poly (Suc k) (take (Suc (Suc k)) as) = ring_cfs_to_univ_poly k (take (Suc k) as)
+ \<oplus>\<^bsub>UP R\<^esub> (as!(Suc k)) \<odot>\<^bsub>UP R\<^esub> (X_poly R)[^]\<^bsub>UP R\<^esub> (Suc k)"
+proof-
+ have 0: "(take (Suc (Suc k)) as) \<in> carrier (R\<^bsup>Suc (Suc k)\<^esup>)"
+ using assms
+ by (meson Suc_leI Suc_mono take_closed)
+ then show ?thesis using ring_cfs_to_univ_poly_decomp'[of "take (Suc (Suc k)) as" k]
+ by (metis (no_types, lifting) Suc_leI assms(1) assms(2) cartesian_power_car_memE
+ lessI less_SucI nth_take nth_take_lemma)
+qed
+
+lemma ring_cfs_to_univ_poly_degree:
+ assumes "as \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ shows "deg R (ring_cfs_to_univ_poly n as) \<le> n"
+ "as!n \<noteq> \<zero> \<Longrightarrow> deg R (ring_cfs_to_univ_poly n as) = n"
+proof-
+ have 0:"\<And>as. as \<in> carrier (R\<^bsup>Suc n\<^esup>) \<Longrightarrow>
+ deg R (ring_cfs_to_univ_poly n as) \<le> n \<and> (as!n \<noteq> \<zero> \<longrightarrow> deg R (ring_cfs_to_univ_poly n as) = n)"
+ proof(induction n)
+ case 0
+ show "\<And>as. as \<in> carrier (R\<^bsup>Suc 0\<^esup>) \<Longrightarrow>
+ deg R (ring_cfs_to_univ_poly 0 as) \<le> 0 \<and>
+ (as ! 0 \<noteq> \<zero> \<longrightarrow> deg R (ring_cfs_to_univ_poly 0 as) = 0)"
+ proof-
+ fix as assume A: "as \<in> carrier (R\<^bsup>Suc 0\<^esup>)"
+ have 0:"cring R"
+ by (simp add: R.is_cring)
+ have 1:"\<zero> # as \<in> carrier (R\<^bsup>2\<^esup>)"
+ using A cartesian_power_cons[of as R "Suc 0" \<zero>]
+ by (metis numeral_1_eq_Suc_0 numeral_One one_add_one R.zero_closed)
+ have 2: "(\<zero> # as) ! 1 = as!0"
+ using A
+ by (metis One_nat_def nth_Cons_Suc)
+ have 3: "1 \<in> {(1::nat)..<0 + 2} \<inter> {..<2}"
+ by auto
+ have 4: "coord_partial_eval R {1::nat..<0 + 2} (\<zero> # as) (pvar R (1::nat)) =
+ R.indexed_const (as!0)"
+ unfolding ring_cfs_to_univ_poly_def ring_cfs_to_poly_def
+ using 0 1 2 one_neq_zero UP_cring.IP_to_UP_indexed_const[of R "as!0" 0] generic_poly.simps(1)[of R] coord_partial_eval_pvar[of "\<zero>#as" 2 "1::nat" "{1..<0+2}" ]
+ unfolding UP_cring_def
+ using "3" by presburger
+ have 5: "ring_cfs_to_univ_poly 0 as = IP_to_UP (0::nat) (R.indexed_const (as ! 0))"
+ unfolding ring_cfs_to_univ_poly_def ring_cfs_to_poly_def
+ using 4 generic_poly.simps(1)[of R]
+ by presburger
+ hence "ring_cfs_to_univ_poly 0 as = to_polynomial R (as!0)"
+ by (metis A UP_cring.IP_to_UP_indexed_const UP_cring.intro
+ cartesian_power_car_memE' R.is_cring lessI)
+ assume B: "as \<in> carrier (R\<^bsup>Suc 0\<^esup>) "
+ have 0: "(point_to_eval_map R (\<zero> # as) 1) = as!0"
+ by (metis B One_nat_def cartesian_power_car_memE impossible_Cons le_numeral_extra(4)
+ linorder_neqE_nat nat_less_le nth_Cons_Suc)
+ have 1: "closed_fun R ((point_to_eval_map R (\<zero> # as)))"
+ apply(rule R.closed_funI)
+ by (metis "0" B One_nat_def cartesian_power_car_memE cartesian_power_car_memE'
+ length_Suc_conv less_Suc0 less_SucE nth_Cons_0 R.zero_closed)
+ have 2: "(1::nat) \<in> ({1..<0 + 2}::nat set)"
+ by simp
+ have 3: "poly_eval R {1..<0 + 2} (point_to_eval_map R (\<zero> # as)) (mset_to_IP R {#1#}) =
+ coord_const (point_to_eval_map R (\<zero> # as) 1)"
+ using generic_poly.simps(1)[of R] one_neq_zero
+ unfolding ring_cfs_to_poly_def coord_partial_eval_def var_to_IP_def
+ using 0 1 2 R.poly_eval_index[of "(point_to_eval_map R (\<zero> # as))" "{1..<0 + 2}" 1]
+ by (metis (no_types, lifting))
+ have 4: "(ring_cfs_to_poly R 0 as) = coord_const (as! 0)"
+ using 3 0 generic_poly.simps(1)[of R]
+ unfolding ring_cfs_to_poly_def coord_partial_eval_def var_to_IP_def
+ by presburger
+ have 5: "as! 0 \<in> carrier R"
+ using assms B cartesian_power_car_memE' by blast
+ have 6: "(ring_cfs_to_univ_poly 0 as) = to_polynomial R (as! 0)"
+ unfolding ring_cfs_to_univ_poly_def ring_cfs_to_poly_def
+ using 3 4 5 UP_cring.IP_to_UP_indexed_const[of R "as!0" "0::nat"]
+ unfolding coord_partial_eval_def
+ by (smt "0" \<open>ring_cfs_to_univ_poly 0 as = to_polynomial R (as ! 0)\<close> generic_poly.simps(1) ring_cfs_to_univ_poly_def var_to_IP_def)
+ then show " deg R (ring_cfs_to_univ_poly 0 as) \<le> 0 \<and> (as ! 0 \<noteq> \<zero> \<longrightarrow> deg R (ring_cfs_to_univ_poly 0 as) = 0)"
+ using UP_cring.degree_to_poly[of R "as! 0"] 5 UP_cring_def[of R]
+ using R.is_cring by presburger
+ qed
+ next
+ case (Suc n)
+ have 0: "(ring_cfs_to_univ_poly (Suc n) as) = ring_cfs_to_univ_poly n (take (Suc n) as) \<oplus>\<^bsub>UP R\<^esub>
+ (as!(Suc n))\<odot>\<^bsub>UP R\<^esub> (X_poly R [^]\<^bsub>UP R\<^esub> (Suc n))"
+ using ring_cfs_to_univ_poly_decomp' Suc.prems by blast
+ have 1: "(take (Suc n) as) \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ using Suc.prems
+ by (meson le_Suc_eq take_closed)
+ have 2: "deg R (ring_cfs_to_univ_poly n (take (Suc n) as)) \<le> n"
+ using "1" Suc.IH
+ by blast
+ have 3: "deg R ((as!(Suc n))\<odot>\<^bsub>UP R\<^esub> (X_poly R [^]\<^bsub>UP R\<^esub> (Suc n))) \<le> Suc n"
+ using UP_cring.degree_monom[of R "as!(Suc n)" "Suc n"] UP_cring_def[of R]
+ Suc.prems cartesian_power_car_memE' le_Suc_eq lessI less_imp_le_nat zero_less_Suc
+ by (metis R.is_cring)
+ have 4: "(X_poly R [^]\<^bsub>UP R\<^esub> (Suc n)) \<in> carrier (UP R)"
+ proof-
+ have 40: "Group.monoid (UP R)"
+ using UP_cring_def[of R] UP_domain_def cring.axioms(1) ring.is_monoid
+ using UP_cring.UP_cring R.is_cring by blast
+ have 41: "X_poly R \<in> carrier (UP R)"
+ using UP_cring.X_closed[of R] UP_cring_def[of R] R.is_cring
+ by blast
+ show ?thesis
+ using monoid.nat_pow_closed[of "UP R" "X_poly R" "Suc n"] 40 41
+ by blast
+ qed
+ have 5: "deg R (ring_cfs_to_univ_poly (Suc n) as) \<le>Suc n"
+ proof(cases "as!(Suc n) = \<zero>")
+ case True
+ then have T0: "(as!(Suc n))\<odot>\<^bsub>UP R\<^esub> (X_poly R [^]\<^bsub>UP R\<^esub> (Suc n)) = \<zero>\<^bsub>UP R\<^esub>"
+ using 4 UP_ring.UP_smult_zero[of R "X_poly R [^]\<^bsub>UP R\<^esub> (Suc n)"] UP_ring_def[of R] R.ring_axioms
+ by presburger
+ then show ?thesis
+ using UP_ring.deg_zero[of R] UP_ring_def[of R]
+ by (metis "0" "1" "2" "3" UP_ring.UP_zero_closed UP_ring.bound_deg_sum le_SucI R.ring_axioms ring_cfs_to_univ_poly_closed)
+ next
+ case False
+ have F0 : "as!(Suc n) \<in> carrier R"
+ by (metis Suc.prems cartesian_power_car_memE le_simps(1) lessI not_less_eq_eq poly_tuple_evalE poly_tuple_evalE' pushforward_by_pvar_list pvar_list_is_poly_tuple zero_less_Suc)
+ have F1: "(as!(Suc n))\<odot>\<^bsub>UP R\<^esub> (X_poly R [^]\<^bsub>UP R\<^esub> (Suc n)) \<in> carrier (UP R)"
+ using F0 4 UP_ring.UP_smult_closed[of R "as!(Suc n)" "X_poly R [^]\<^bsub>UP R\<^esub> Suc n "]
+ UP_ring_def[of R] assms R.ring_axioms
+ by blast
+ have "deg R ((as!(Suc n))\<odot>\<^bsub>UP R\<^esub> (X_poly R [^]\<^bsub>UP R\<^esub> (Suc n))) = Suc n"
+ using False UP_cring.degree_monom[of R "as!(Suc n)" "Suc n"] UP_cring_def[of R]
+ cartesian_power_car_memE' lessI
+ using F0 R.is_cring
+ by presburger
+ then show ?thesis
+ using UP_ring.degree_of_sum_diff_degree[of R "(as!(Suc n))\<odot>\<^bsub>UP R\<^esub> (X_poly R [^]\<^bsub>UP R\<^esub> (Suc n))"
+ "ring_cfs_to_univ_poly n (take (Suc n) as)"] 1 2 4 UP_domain_def[of R] F1
+ ring_cfs_to_univ_poly_closed[of "take (Suc n) as" "Suc n"] "0" "3"
+ UP_ring_def[of R] UP_cring_def[of R]
+ UP_ring.equal_deg_sum less_Suc_eq_le ring_cfs_to_univ_poly_closed
+ by (metis R.ring_axioms)
+ qed
+ have 6: "(as ! (Suc n) \<noteq> \<zero> \<longrightarrow> deg R (ring_cfs_to_univ_poly (Suc n) as) = Suc n)"
+ proof
+ assume F: "as ! (Suc n) \<noteq> \<zero> "
+ have F0 : "as!(Suc n) \<in> carrier R"
+ by (metis Suc.prems cartesian_power_car_memE le_simps(1) lessI not_less_eq_eq poly_tuple_evalE poly_tuple_evalE' pushforward_by_pvar_list pvar_list_is_poly_tuple zero_less_Suc)
+ have F1: "(as!(Suc n))\<odot>\<^bsub>UP R\<^esub> (X_poly R [^]\<^bsub>UP R\<^esub> (Suc n)) \<in> carrier (UP R)"
+ using F0 4 UP_ring.UP_smult_closed[of R "as!(Suc n)" "X_poly R [^]\<^bsub>UP R\<^esub> Suc n "]
+ UP_ring_def[of R] assms R.ring_axioms
+ by blast
+ then have F2: "deg R ((as!(Suc n))\<odot>\<^bsub>UP R\<^esub> (X_poly R [^]\<^bsub>UP R\<^esub> (Suc n))) = Suc n"
+ using F0 F UP_cring.degree_monom[of R "as!(Suc n)" "Suc n"] UP_cring_def[of R] R.is_cring
+ by presburger
+ have F3: "ring_cfs_to_univ_poly n (take (Suc n) as) \<in> carrier (UP R)"
+ using "1" ring_cfs_to_univ_poly_closed
+ by blast
+ show "deg R (ring_cfs_to_univ_poly (Suc n) as) = Suc n"
+ using UP_domain_def[of R] 0 F1 F2 F3 1 2
+ UP_ring.degree_of_sum_diff_degree[of R "ring_cfs_to_univ_poly n (take (Suc n) as)"
+ "as ! Suc n \<odot>\<^bsub>UP R\<^esub> X_poly R [^]\<^bsub>UP R\<^esub> Suc n"]
+ UP_ring.equal_deg_sum le_imp_less_Suc UP_ring_def[of R] UP_cring_def[of R]
+ by (metis R.ring_axioms)
+ qed
+ show ?case
+ using "5" "6" by blast
+ qed
+ show "deg R (ring_cfs_to_univ_poly n as) \<le> n"
+ using 0 assms
+ by blast
+ show "as ! n \<noteq> \<zero> \<Longrightarrow> deg R (ring_cfs_to_univ_poly n as) = n"
+ using 0 assms
+ by blast
+qed
+
+lemma ring_cfs_to_univ_poly_constant:
+ assumes "as \<in> carrier (R\<^bsup>1\<^esup>)"
+ shows "ring_cfs_to_univ_poly 0 as = to_polynomial R (as!0)"
+proof-
+ have 0: "(1::nat) \<in> {1..<0 + 2}"
+ by simp
+ have 1: "closed_fun R (point_to_eval_map R (\<zero> # as))"
+ using assms
+ by (smt cartesian_power_car_memE'' R.closed_funI nth_mem set_ConsD subset_code(1) R.zero_closed)
+ have 2: "(point_to_eval_map R (\<zero> # as) (1::nat)) = as!0"
+ by (metis One_nat_def assms cartesian_power_car_memE impossible_Cons
+ le_numeral_extra(4) linorder_neqE_nat nat_less_le nth_Cons_Suc)
+ have 3: "as!0 \<in> carrier R"
+ using assms cartesian_power_car_memE'
+ by blast
+ have "(poly_eval R {1::nat..<0 + 2} (point_to_eval_map R (\<zero> # as)) (generic_poly R 0)) = coord_const (point_to_eval_map R (\<zero> # as) 1)"
+ using generic_poly.simps(1)[of R] 0 1 one_not_zero
+ cring.poly_eval_index[of R "point_to_eval_map R (\<zero> # as)" "{1..<0 + 2}" 1]
+ unfolding var_to_IP_def
+ using R.is_cring local.one_neq_zero by presburger
+ then have "(poly_eval R {1..<0 + 2} (point_to_eval_map R (\<zero> # as)) (generic_poly R 0)) = coord_const (as!0)"
+ using 2
+ by presburger
+ then show ?thesis
+ using 3
+ unfolding ring_cfs_to_univ_poly_def ring_cfs_to_poly_def coord_partial_eval_def
+ by (metis UP_cring.IP_to_UP_indexed_const UP_cring.intro R.is_cring)
+qed
+
+lemma ring_cfs_to_univ_poly_top_coeff:
+ assumes "as \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ shows "(ring_cfs_to_univ_poly n as) n = as ! n"
+ proof(cases "n = 0")
+ case True
+ have 0: "as ! 0 \<in> carrier R"
+ using assms cartesian_power_car_memE'
+ by blast
+ have 1: "to_polynomial R (as ! 0) 0 = as ! 0"
+ using assms cartesian_power_car_memE'[of as R "Suc n"] UP_ring.cfs_monom[of R]
+ unfolding to_polynomial_def UP_ring_def
+ using "0" R.ring_axioms by presburger
+ have "ring_cfs_to_univ_poly 0 as = to_polynomial R (as ! 0)"
+ using One_nat_def True assms ring_cfs_to_univ_poly_constant by presburger
+ then show ?thesis
+ using True 1
+ by presburger
+ next
+ case False
+ obtain k where k_def: "Suc k = n"
+ using False
+ by (metis lessI less_Suc_eq_0_disj)
+ have "ring_cfs_to_univ_poly (Suc k) as (Suc k) = as ! (Suc k)"
+ proof-
+ have 0: "ring_cfs_to_univ_poly (Suc k) as n = ring_cfs_to_univ_poly (Suc k) (take (Suc (Suc k))as) n"
+ by (metis assms(1) k_def le_Suc_eq ring_cfs_to_poly_eq ring_cfs_to_univ_poly_def)
+ have 1: "take (Suc (Suc k)) as \<in> carrier (R\<^bsup>Suc (Suc k)\<^esup>)"
+ using assms k_def take_closed
+ by blast
+ have 2: "ring_cfs_to_univ_poly (Suc k) (take (Suc (Suc k))as) =
+ ring_cfs_to_univ_poly k (take (Suc k) (take (Suc (Suc k)) as)) \<oplus>\<^bsub>UP R\<^esub> (as!(Suc k))\<odot>\<^bsub>UP R\<^esub> (X_poly R [^]\<^bsub>UP R\<^esub> (Suc k))"
+ using 1 ring_cfs_to_univ_poly_decomp'[of "take (Suc (Suc k))as" k] assms
+ by (metis cartesian_power_car_memE k_def nat_le_linear take_all)
+ have 3: "ring_cfs_to_univ_poly (Suc k) (take (Suc (Suc k))as) =
+ ring_cfs_to_univ_poly k (take (Suc k) as) \<oplus>\<^bsub>UP R\<^esub> (as!(Suc k))\<odot>\<^bsub>UP R\<^esub> (X_poly R [^]\<^bsub>UP R\<^esub> (Suc k))"
+ using 2
+ by (metis assms(1) k_def le_Suc_eq ring_cfs_to_poly_eq ring_cfs_to_univ_poly_decomp' ring_cfs_to_univ_poly_def)
+ have 4: "deg R (ring_cfs_to_univ_poly k (take (Suc k) as)) \<le> k"
+ by (metis assms(1) dual_order.refl k_def le_SucI ring_cfs_to_univ_poly_degree(1) take_closed)
+ have 5: "(ring_cfs_to_univ_poly k (take (Suc k) as)) \<in> carrier (UP R)"
+ by (metis assms(1) k_def le_Suc_eq le_refl ring_cfs_to_univ_poly_closed take_closed)
+ have 6: "X_poly R [^]\<^bsub>UP R\<^esub> Suc k \<in> carrier (UP R)"
+ using monoid.nat_pow_closed[of "UP R" "X_poly R" "Suc k"] domain_def ring.is_monoid[of "UP R"]
+ UP_cring.X_closed[of R] UP_domain_def[of R] UP_cring_def[of R]
+ cring.axioms(1) UP_cring.UP_cring
+ using R.is_cring by blast
+ have 7: " (as!(Suc k))\<odot>\<^bsub>UP R\<^esub> (X_poly R [^]\<^bsub>UP R\<^esub> (Suc k)) \<in> carrier (UP R)"
+ using UP_ring.UP_smult_closed[of R "as!(Suc k)" " (X_poly R [^]\<^bsub>UP R\<^esub> (Suc k))"]
+ UP_ring_def[of R] domain_def 6 cartesian_power_car_memE'[of as R _ "Suc k"]
+ assms(1) k_def R.ring_axioms by blast
+ have 8: "ring_cfs_to_univ_poly (Suc k) as (Suc k) = ( (as!(Suc k))\<odot>\<^bsub>UP R\<^esub> (X_poly R [^]\<^bsub>UP R\<^esub> (Suc k))) (Suc k)"
+ using 3 4 k_def
+ "5" 7 UP_cring_def[of R] UP_ring_def[of R] add.r_cancel_one' assms(1)
+ cartesian_power_car_memE le_eq_less_or_eq
+ le_imp_less_Suc take_all R.zero_closed UP_ring.UP_a_comm UP_ring.coeff_of_sum_diff_degree0 R.ring_axioms
+ by (metis (no_types, lifting))
+ then show ?thesis using UP_cring_def[of R] UP_cring.monom_coeff assms(1) cartesian_power_car_memE
+ k_def lessI point_to_eval_map_closed
+ by (metis (no_types, lifting) cartesian_power_car_memE' R.is_cring)
+ qed
+ then show ?thesis
+ using k_def False
+ by blast
+ qed
+
+lemma(in UP_cring) monom_plus_lower_degree_top_coeff:
+ assumes "degree p < n"
+ assumes "p \<in> carrier (UP R)"
+ assumes "a \<in> carrier R"
+ shows "(p \<oplus>\<^bsub>UP R\<^esub> (a \<odot>\<^bsub>UP R\<^esub> (X_poly R)[^]\<^bsub>UP R\<^esub> n)) n = a"
+proof-
+ have 0: "(a \<odot>\<^bsub>UP R\<^esub> (X_poly R [^]\<^bsub>UP R\<^esub> n)) \<in> carrier (UP R)"
+ using P.nat_pow_closed P_def X_closed assms(3) smult_closed
+ by blast
+ have 1: "( (a \<odot>\<^bsub>UP R\<^esub> (X_poly R)[^]\<^bsub>UP R\<^esub> n) \<oplus>\<^bsub>UP R\<^esub> p) n = (a \<odot>\<^bsub>UP R\<^esub> (X_poly R)[^]\<^bsub>UP R\<^esub> n) n"
+ using "0" UP_ring.coeff_of_sum_diff_degree0[of R] UP_cring_def[of R] assms(1) assms(2)
+ using is_UP_ring by blast
+ then show ?thesis
+ using 0 assms P_def UP_a_comm UP_cring.monom_coeff UP_cring_def[of R]
+ by (metis R_cring)
+qed
+
+lemma(in UP_cring) monom_closed:
+ assumes "a \<in> carrier R"
+ shows "a \<odot>\<^bsub>UP R\<^esub> ((X_poly R)[^]\<^bsub>UP R\<^esub> (n::nat)) \<in> carrier (UP R)"
+ using P.nat_pow_closed P_def assms X_closed carrier_is_submodule submoduleE(4)
+ by blast
+
+lemma(in UP_cring) monom_bottom_coeff:
+ assumes "a \<in> carrier R"
+ assumes "n > 0"
+ shows "(a \<odot>\<^bsub>UP R\<^esub> ((X_poly R)[^]\<^bsub>UP R\<^esub> (n::nat))) 0 = \<zero>"
+ using assms monom_coeff[of a n] P_def local.monom_coeff
+ by presburger
+
+lemma(in UP_cring) monom_plus_lower_degree_bottom_coeff:
+ assumes "0 < n"
+ assumes "p \<in> carrier (UP R)"
+ assumes "a \<in> carrier R"
+ shows "(p \<oplus>\<^bsub>UP R\<^esub> (a \<odot>\<^bsub>UP R\<^esub> (X_poly R)[^]\<^bsub>UP R\<^esub> (n::nat))) 0 = p 0"
+proof-
+ have 0: "p 0 \<in> carrier R"
+ using assms(2) UP_ring_def is_UP_ring P_def cfs_closed by blast
+ have 1: "(p \<oplus>\<^bsub>UP R\<^esub> (a \<odot>\<^bsub>UP R\<^esub> (X_poly R)[^]\<^bsub>UP R\<^esub> (n::nat))) 0 = p 0 \<oplus> (a \<odot>\<^bsub>UP R\<^esub> (X_poly R)[^]\<^bsub>UP R\<^esub> n) 0"
+ using assms monom_closed[of a n] cfs_add[of p "(a \<odot>\<^bsub>UP R\<^esub> (X_poly R)[^]\<^bsub>UP R\<^esub> (n::nat))" 0]
+ unfolding P_def
+ by blast
+ then have "(a \<odot>\<^bsub>UP R\<^esub> ((X_poly R) [^]\<^bsub>UP R\<^esub> n)) 0 = \<zero>"
+ using monom_bottom_coeff[of a n] P_def assms(1) assms(3) local.monom_coeff
+ by blast
+ then have 2: "(p \<oplus>\<^bsub>UP R\<^esub> (a \<odot>\<^bsub>UP R\<^esub> (X_poly R)[^]\<^bsub>UP R\<^esub> (n::nat))) 0 = p 0 \<oplus> \<zero>"
+ using 1 by metis
+ then show ?thesis
+ using 0 R.add.l_cancel_one[of "p 0"] R.zero_closed
+ by presburger
+qed
+
+lemma ring_cfs_to_univ_poly_bottom_coeff:
+ assumes "as \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ shows "(ring_cfs_to_univ_poly n as) 0 = as ! 0"
+proof-
+ have "\<And>as. as \<in> carrier (R\<^bsup>Suc n\<^esup>) \<Longrightarrow> (ring_cfs_to_univ_poly n as) 0 = as ! 0"
+ apply(induction n)
+ using ring_cfs_to_univ_poly_top_coeff apply blast
+ proof-
+ fix n as
+ assume IH: "\<And>as. as \<in> carrier (R\<^bsup>Suc n\<^esup>) \<Longrightarrow> (ring_cfs_to_univ_poly n as) 0 = as ! 0"
+ assume A: "as \<in> carrier (R\<^bsup>Suc (Suc n)\<^esup>)"
+ show "ring_cfs_to_univ_poly (Suc n) as 0 = as ! 0"
+ proof-
+ have 0: "ring_cfs_to_univ_poly (Suc n) as = ring_cfs_to_univ_poly n (take (Suc n) as) \<oplus>\<^bsub>UP R\<^esub> (as!(Suc n))\<odot>\<^bsub>UP R\<^esub> (X_poly R)[^]\<^bsub>UP R\<^esub> (Suc n)"
+ using A ring_cfs_to_univ_poly_decomp'[of as n]
+ by blast
+ have 1: "ring_cfs_to_univ_poly n (take (Suc n) as) \<in> carrier (UP R)"
+ by (meson A ring_cfs_to_univ_poly_closed R.is_cring le_Suc_eq take_closed)
+ have 2:"as ! Suc n \<in> carrier R"
+ using assms cartesian_power_car_memE' A
+ by blast
+ have 3: "(ring_cfs_to_univ_poly n (take (Suc n) as) \<oplus>\<^bsub>UP R\<^esub> as ! Suc n \<odot>\<^bsub>UP R\<^esub> X_poly R [^]\<^bsub>UP R\<^esub> (Suc n)) 0 =
+ ring_cfs_to_univ_poly n (take (Suc n) as) 0"
+ proof-
+ have "as ! Suc n \<odot>\<^bsub>UP R\<^esub> X_poly R [^]\<^bsub>UP R\<^esub> Suc n \<in> carrier (UP R)"
+ by (meson "2" UP_cring.monom_closed UP_cring_def R.is_cring)
+ hence 30: "(ring_cfs_to_univ_poly n (take (Suc n) as) \<oplus>\<^bsub>UP R\<^esub> as ! Suc n \<odot>\<^bsub>UP R\<^esub> X_poly R [^]\<^bsub>UP R\<^esub> (Suc n)) 0 =
+ (ring_cfs_to_univ_poly n (take (Suc n) as)) 0 \<oplus> (as ! Suc n \<odot>\<^bsub>UP R\<^esub> X_poly R [^]\<^bsub>UP R\<^esub> (Suc n)) 0"
+ using A ring_cfs_to_univ_poly_closed[of "take (Suc n) as" "n"] take_closed[of "Suc n" "Suc (Suc n)" as R]
+ UP_ring.cfs_add[of R "ring_cfs_to_univ_poly n (take (Suc n) as)" "as ! Suc n \<odot>\<^bsub>UP R\<^esub> X_poly R [^]\<^bsub>UP R\<^esub> (Suc n)" 0]
+ unfolding UP_ring_def
+ using "1" R.ring_axioms by blast
+ have 31: "(as ! Suc n \<odot>\<^bsub>UP R\<^esub> X_poly R [^]\<^bsub>UP R\<^esub> Suc n) 0 = \<zero>"
+ by (metis (no_types, lifting) "2" Suc_neq_Zero UP_cring.monom_coeff UP_cring_def R.is_cring)
+ thus ?thesis using 30 2
+ by (simp add: "1" UP_car_memE(1))
+ qed
+ have 4: "(take (Suc n) as) \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ by (meson A le_Suc_eq take_closed)
+ have 5: "ring_cfs_to_univ_poly n (take (Suc n) as) 0 = as!0"
+ using IH[of "(take (Suc n) as)"] 4 nth_take[of 0 "Suc n" as] less_Suc_eq_0_disj
+ by presburger
+ then show ?thesis
+ using 0 3
+ by presburger
+ qed
+ qed
+ then show ?thesis
+ using assms
+ by blast
+qed
+
+lemma ring_cfs_to_univ_poly_chain:
+ assumes "as \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ assumes "l \<le> n"
+ shows "l \<le> k \<and> k \<le> n \<Longrightarrow> (ring_cfs_to_univ_poly k (take (Suc k) as)) l = (ring_cfs_to_univ_poly l (take (Suc l) as)) l"
+ apply( induction k)
+ apply blast
+proof-
+ fix k
+ assume IH: "(l \<le> k \<and> k \<le> n \<Longrightarrow> ring_cfs_to_univ_poly k (take (Suc k) as) l = ring_cfs_to_univ_poly l (take (Suc l) as) l)"
+ assume A: "l \<le> Suc k \<and> Suc k \<le> n"
+ show "ring_cfs_to_univ_poly (Suc k) (take (Suc (Suc k)) as) l = ring_cfs_to_univ_poly l (take (Suc l) as) l"
+ proof(cases "l = Suc k")
+ case True
+ then show ?thesis
+ by blast
+ next
+ case False
+ then have "l \<le> k \<and> k \<le> n "
+ using A le_Suc_eq
+ by blast
+ then have 0: " ring_cfs_to_univ_poly k (take (Suc k) as) l = ring_cfs_to_univ_poly l (take (Suc l) as) l"
+ using IH
+ by blast
+ have 1: "ring_cfs_to_univ_poly (Suc k) (take (Suc (Suc k)) as) = ring_cfs_to_univ_poly k (take (Suc k) as)
+ \<oplus>\<^bsub>UP R\<^esub> (as!(Suc k)) \<odot>\<^bsub>UP R\<^esub> (X_poly R)[^]\<^bsub>UP R\<^esub> (Suc k)"
+ using assms A ring_cfs_to_univ_poly_decomp[of as n k] Suc_le_lessD
+ by blast
+ have 2: "ring_cfs_to_univ_poly (Suc k) (take (Suc (Suc k)) as) l = ring_cfs_to_univ_poly k (take (Suc k) as) l
+ \<oplus>( (as!(Suc k)) \<odot>\<^bsub>UP R\<^esub> (X_poly R)[^]\<^bsub>UP R\<^esub> (Suc k)) l"
+ proof-
+ have 21: "ring_cfs_to_univ_poly k (take (Suc k) as) \<in> carrier (UP R)"
+ by (meson A assms(1) le_SucI ring_cfs_to_univ_poly_closed take_closed)
+ have 22: "as ! Suc k \<odot>\<^bsub>UP R\<^esub> X_poly R [^]\<^bsub>UP R\<^esub> Suc k \<in> carrier (UP R)"
+ using UP_ring_def[of R] A UP_ring.monom_closed assms(1) cartesian_power_car_memE' less_Suc_eq_le
+ monoid.nat_pow_closed[of "UP R" "X_poly R" "Suc k"]
+ unfolding X_poly_def
+ by (metis UP_ring.UP_ring UP_ring.UP_smult_closed R.ring_axioms R.one_closed ring.is_monoid)
+ show ?thesis
+ using 1 21 22 UP_ring.cfs_add[of R "ring_cfs_to_univ_poly k (take (Suc k) as)" "( (as!(Suc k)) \<odot>\<^bsub>UP R\<^esub> (X_poly R)[^]\<^bsub>UP R\<^esub> (Suc k))" l]
+ UP_ring_def[of R] R.ring_axioms by presburger
+ qed
+ have 3: "( (as!(Suc k)) \<odot>\<^bsub>UP R\<^esub> (X_poly R)[^]\<^bsub>UP R\<^esub> (Suc k)) l = \<zero>"
+ using UP_cring.monom_coeff[of R "as!(Suc k)"] A False UP_cring_def assms(1) cartesian_power_car_memE'
+ by (metis R.is_cring le_imp_less_Suc)
+ then show ?thesis
+ using 2
+ by (metis "0" Suc_le_mono assms(1) assms(2) cartesian_power_car_memE' lessI R.r_zero
+ ring_cfs_to_univ_poly_top_coeff take_closed)
+ qed
+qed
+
+lemma ring_cfs_to_univ_poly_coeffs:
+ assumes "as \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ assumes "l \<le> n"
+ shows "(ring_cfs_to_univ_poly n as) l = (ring_cfs_to_univ_poly l (take (Suc l) as)) l"
+proof-
+ have "(take (Suc n) as) = as"
+ using assms
+ by (metis cartesian_power_car_memE le_refl take_all)
+ then show ?thesis
+ using ring_cfs_to_univ_poly_chain[of as n l n]
+ by (metis assms(1) assms(2) order_refl)
+qed
+
+lemma ring_cfs_to_univ_poly_coeffs':
+ assumes "as \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ assumes "l \<le> n"
+ shows "(ring_cfs_to_univ_poly n as) l = as! l"
+proof-
+ have 0: "(ring_cfs_to_univ_poly l (take (Suc l) as)) l = (take (Suc l) as) ! l"
+ by (meson Suc_le_mono assms(1) assms(2) ring_cfs_to_univ_poly_top_coeff take_closed)
+ have 1: "(take (Suc l) as) ! l = as! l"
+ using nth_take[of l "Suc l" as]
+ by blast
+ then show ?thesis
+ using 0 assms ring_cfs_to_univ_poly_coeffs[of as n l]
+ by presburger
+qed
+
+lemma ring_cfs_to_univ_poly_coeffs'':
+ assumes "as \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ shows "(ring_cfs_to_univ_poly n as) l = (if l \<le> n then as! l else \<zero>)"
+ apply(cases "l \<le>n")
+ apply (meson assms ring_cfs_to_univ_poly_coeffs')
+proof- assume "\<not> l \<le> n " then
+ have A: "n < l"
+ by auto
+ have "deg R (ring_cfs_to_univ_poly n as) \<le> n"
+ using assms ring_cfs_to_univ_poly_degree(1) by blast
+ then show ?thesis
+ using A domain_def[of R] deg_leE assms le_less_trans ring_cfs_to_univ_poly_closed UP_car_memE(2)
+ by auto
+qed
+end
+
+definition fun_tuple_to_univ_poly where
+"fun_tuple_to_univ_poly R n m fs x = cring_coord_rings.ring_cfs_to_univ_poly R m (function_tuple_eval R n fs x)"
+
+context cring_coord_rings
+begin
+
+lemma fun_tuple_to_univ_poly_closed:
+ assumes "is_function_tuple R n fs"
+ assumes "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "length fs = Suc m"
+ shows "fun_tuple_to_univ_poly R n m fs x \<in> carrier (UP R)"
+ unfolding fun_tuple_to_univ_poly_def
+ using assms
+ ring_cfs_to_univ_poly_closed[of "function_tuple_eval R n fs x" m]
+ function_tuple_eval_closed[of R n fs x]
+ by metis
+
+lemma fun_tuple_to_univ_poly_degree_bound:
+ assumes "is_function_tuple R n fs"
+ assumes "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "length fs = Suc m"
+ shows "deg R (fun_tuple_to_univ_poly R n m fs x) \<le> m"
+ unfolding fun_tuple_to_univ_poly_def
+ using ring_cfs_to_univ_poly_degree assms
+ by (metis function_tuple_eval_closed)
+
+lemma fun_tuple_to_univ_poly_degree:
+ assumes "is_function_tuple R n fs"
+ assumes "x \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "length fs = Suc m"
+ assumes "(fs!m) x \<noteq>\<zero>"
+ shows "deg R (fun_tuple_to_univ_poly R n m fs x) = m"
+ unfolding fun_tuple_to_univ_poly_def
+ using ring_cfs_to_univ_poly_degree[of "function_tuple_eval R n fs x" m]
+ assms
+ function_tuple_eval_def
+ function_tuple_eval_closed[of R n fs x]
+ by (metis lessI nth_map)
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+subsection\<open>Factoring a Polynomial as a Univariate Polynomial over a Multivariable Polynomial Ring\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+definition pre_to_univ_poly_hom :: "nat \<Rightarrow> nat \<Rightarrow> ('a, (('a, nat) mvar_poly, nat) mvar_poly) ring_hom" where
+"pre_to_univ_poly_hom n i= MP.indexed_const (n-1) \<circ>
+ R.indexed_const"
+
+lemma pre_to_univ_poly_hom_is_hom:
+ assumes "i < n"
+ shows "ring_hom_ring R (Pring (coord_ring R (n-1)) {i}) (pre_to_univ_poly_hom n i)"
+ using ring_hom_trans[of R.indexed_const R "coord_ring R (n-1)"
+ "ring.indexed_const(Pring R ({..<n-1}))"
+ "Pring (coord_ring R (n-1)) {i}"]
+ R.indexed_const_ring_hom[of "{..<n-1}"]
+ MP.indexed_const_ring_hom[of n "{..<n-1}"]
+ ring_hom_ring.homh[of R "coord_ring R (n - 1)" "coord_const"]
+ unfolding ring_hom_ring_def[of R]
+ by (smt MP.Pring_is_ring MP.indexed_const_ring_hom coord_ring_def pre_to_univ_poly_hom_def ring_hom_ring.homh ring_hom_ring_axioms_def)
+
+definition pre_to_univ_poly_var_ass ::
+ "nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> (('a, nat) mvar_poly, nat) mvar_poly" where
+"pre_to_univ_poly_var_ass n i j =(if j < i then MP.indexed_const (n-1) (pvar R j) else
+ (if j = i then pvar (coord_ring R (n-1)) i else
+ (if j < n then MP.indexed_const (n-1) (pvar R (j - 1)) else
+ \<zero>\<^bsub>Pring (coord_ring R (n-1)) {i}\<^esub>)))"
+
+lemma pre_to_univ_poly_var_ass_closed:
+ assumes "i < n"
+ shows "closed_fun (Pring (coord_ring R (n-1)) {i}) (pre_to_univ_poly_var_ass n i)"
+proof fix j
+ show "pre_to_univ_poly_var_ass n i j \<in> carrier (Pring (coord_ring R (n - 1)) {i})"
+ unfolding pre_to_univ_poly_var_ass_def
+ apply(cases "j < i")
+ using pvar_closed[of j n] assms cring.indexed_const_closed
+ apply (metis (no_types, lifting) R.Pring_is_cring Suc_diff_1 Suc_le_eq coord_ring_def diff_diff_cancel R.is_cring less_imp_diff_less local.pvar_closed not_less0 not_less_eq_eq)
+ apply(cases "j = i")
+ using assms apply (meson pvar_closed R.Pring_is_cring R.is_cring singletonI)
+ apply(cases "j < n")
+ using pvar_closed[of "j-1" n] assms MP.indexed_const_closed R.Pring_is_cring Suc_diff_1 Suc_le_eq coord_ring_def R.is_cring pvar_closed neq0_conv not_le
+ apply (metis MP.Pring_var_closed singletonI)
+ using MP.Pring_is_ring[of "n-1" "{i}"] apply blast
+ by (smt MP.Pring_zero_closed MP.indexed_const_closed Suc_diff_1 Suc_le_eq le_eq_less_or_eq less_Suc_eq local.pvar_closed nat_induct)
+qed
+
+lemma pre_to_univ_poly_var_ass_closed':
+ assumes "i < n"
+ shows "(pre_to_univ_poly_var_ass n i) \<in> {..<n} \<rightarrow> carrier (Pring (coord_ring R (n-1)) {i})"
+ by (metis (no_types, lifting) Pi_iff UNIV_I assms pre_to_univ_poly_var_ass_closed)
+
+definition pre_to_univ_poly ::
+ "nat \<Rightarrow> nat \<Rightarrow> (('a, nat) mvar_poly, (('a, nat) mvar_poly, nat) mvar_poly) ring_hom" where
+"pre_to_univ_poly (n::nat) (i::nat) = indexed_poly_induced_morphism {..<n} (Pring (coord_ring R (n-1)) {i})
+ (pre_to_univ_poly_hom n i)
+ (pre_to_univ_poly_var_ass n i)"
+
+lemma pre_to_univ_poly_is_hom:
+ assumes "i < n"
+ assumes "\<psi> = pre_to_univ_poly n i"
+ shows "ring_hom_ring (R[\<X>\<^bsub>n\<^esub>]) (Pring (coord_ring R (n-1)) {i}) \<psi> "
+ "\<And>j. j < i \<Longrightarrow> \<psi> (pvar R j) = MP.indexed_const (n-1) (pvar R j)"
+ "\<psi> (pvar R i) = pvar (coord_ring R (n-1)) i"
+ "\<And>j. i < j \<and> j < n \<Longrightarrow> \<psi> (pvar R j) = MP.indexed_const (n-1) (pvar R (j - 1))"
+ "\<And>a. a \<in> carrier R \<Longrightarrow> \<psi> (coord_const a) = MP.indexed_const (n-1) (coord_const a)"
+ "\<And>p. p \<in> carrier (R[\<X>\<^bsub>n\<^esub>]) \<Longrightarrow> pre_to_univ_poly n i p \<in> carrier (Pring (coord_ring R (n-1)) {i})"
+proof-
+ have 0: "cring (Pring (coord_ring R (n - 1)) {i})"
+ using MP.Pring_is_cring coord_cring_cring by blast
+ have 1: "pre_to_univ_poly_var_ass n i \<in> {..<n} \<rightarrow> carrier (Pring (coord_ring R (n - 1)) {i})"
+ using Pi_iff assms(1) pre_to_univ_poly_var_ass_closed[of i n]
+ by blast
+ have 2: "ring_hom_ring R (Pring (coord_ring R (n - 1)) {i}) (pre_to_univ_poly_hom n i)"
+ using assms(1) pre_to_univ_poly_hom_is_hom by auto
+
+ show 3:"ring_hom_ring (R[\<X>\<^bsub>n\<^esub>]) (Pring (coord_ring R (n-1)) {i}) \<psi> "
+ using R.Pring_universal_prop(1)[of "(Pring (coord_ring R (n-1)) {i})" "pre_to_univ_poly_var_ass n i"
+ "{..<n}" "pre_to_univ_poly_hom n i" \<psi>] assms 0 1 2
+ unfolding pre_to_univ_poly_def
+ by (metis coord_ring_def)
+
+ show " \<And>j. j < i \<Longrightarrow>
+ \<psi> (pvar R j) = MP.indexed_const (n-1) (pvar R j)"
+ proof-
+ fix j assume A: "j < i"
+ then have 00: "MP.indexed_const (n - 1) (pvar R j) = pre_to_univ_poly_var_ass n i j "
+ unfolding pre_to_univ_poly_var_ass_def by auto
+ have 01: "j \<in> {..<n}"
+ using assms A by auto
+ show "\<psi> (pvar R j) = MP.indexed_const (n-1) (pvar R j)"
+ using R.Pring_universal_prop(2)[of "(Pring (coord_ring R (n-1)) {i})" "pre_to_univ_poly_var_ass n i"
+ "{..<n}" "pre_to_univ_poly_hom n i" \<psi>] assms 0 1 2 01
+ MP.is_cring
+ unfolding pre_to_univ_poly_def 00 unfolding coord_ring_def var_to_IP_def
+ by blast
+ qed
+ show "\<psi> (pvar R i) = pvar (coord_ring R (n - 1)) i"
+ using R.Pring_universal_prop[of "(Pring (coord_ring R (n-1)) {i})" "pre_to_univ_poly_var_ass n i"
+ "{..<n}" "pre_to_univ_poly_hom n i" \<psi>] assms 0 1 2
+ unfolding pre_to_univ_poly_def coord_ring_def
+ using lessThan_iff less_not_refl pre_to_univ_poly_var_ass_def var_to_IP_def
+ by (metis coord_ring_def)
+ show "\<And>j. i < j \<and> j < n \<Longrightarrow> \<psi> (pvar R j) = MP.indexed_const (n - 1) (pvar R (j - 1))"
+ using R.Pring_universal_prop[of "(Pring (coord_ring R (n-1)) {i})" "pre_to_univ_poly_var_ass n i"
+ "{..<n}" "pre_to_univ_poly_hom n i" \<psi>] assms 0 1 2
+ unfolding pre_to_univ_poly_def
+ using add_diff_inverse_nat lessThan_iff less_diff_conv less_imp_add_positive
+ not_add_less1 pre_to_univ_poly_var_ass_def trans_less_add2 var_to_IP_def
+ by (metis (no_types, lifting) coord_ring_def)
+ show "\<And>a. a \<in> carrier R \<Longrightarrow> \<psi> (R.indexed_const a) = MP.indexed_const (n - 1) (R.indexed_const a)"
+ using R.Pring_universal_prop(3)[of "(Pring (coord_ring R (n-1)) {i})" "pre_to_univ_poly_var_ass n i"
+ "{..<n}" "pre_to_univ_poly_hom n i" \<psi>] assms 0 1 2 comp_apply
+ unfolding pre_to_univ_poly_def pre_to_univ_poly_hom_def
+ by metis
+ show "\<And>p. p \<in> carrier (R[\<X>\<^bsub>n\<^esub>]) \<Longrightarrow> pre_to_univ_poly n i p \<in> carrier (Pring (coord_ring R (n - 1)) {i})"
+ proof-
+ fix p assume A: "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ have "\<psi> \<in> carrier (R[\<X>\<^bsub>n\<^esub>]) \<rightarrow> carrier (Pring (coord_ring R (n - 1)) {i})"
+ using 3 unfolding ring_hom_ring_def ring_hom_ring_axioms_def ring_hom_def by blast
+ then show " pre_to_univ_poly n i p \<in> carrier (Pring (coord_ring R (n - 1)) {i})"
+ using A assms
+ by blast
+ qed
+qed
+
+lemma insert_at_index_closed:
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "x \<in> carrier R"
+ assumes "i \<le> n"
+ shows "insert_at_index a x i \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ apply(rule cartesian_power_car_memI')
+proof-
+ have 0: "length (take i a) = i"
+ using assms(1) assms(3) cartesian_power_car_memE take_closed by blast
+ have 1: "length (drop i a) = (n - i)"
+ using assms cartesian_power_car_memE length_drop
+ by blast
+ then have "length (x # drop i a) = Suc (n - i)"
+ by (metis length_Cons)
+ then show "length (insert_at_index a x i) = Suc n"
+ using 0 1 assms
+ by (metis Suc_eq_plus1 cartesian_power_car_memE insert_at_index_length)
+ show "\<And>ia. ia < Suc n \<Longrightarrow> insert_at_index a x i ! ia \<in> carrier R"
+ proof- fix j assume A: "j < Suc n"
+ show "insert_at_index a x i ! j \<in> carrier R"
+ apply(cases "j < i")
+ apply (metis A assms(1) assms(3) cartesian_power_car_memE cartesian_power_car_memE' insert_at_index_eq' le_imp_less_Suc less_Suc_eq not_less_eq)
+ apply(cases "j = i")
+ apply (metis assms(1) assms(2) assms(3) cartesian_power_car_memE insert_at_index_eq)
+ proof- assume A1: "\<not> j < i " "j \<noteq>i"
+ then have "i < j" by auto
+ then have "(take i a @ x # drop i a) ! j = drop i a ! (j - (Suc i))"
+ by (metis "0" A1(1) Suc_diff_Suc nth_Cons_Suc nth_append)
+ then show "insert_at_index a x i ! j \<in> carrier R"
+ by (metis A \<open>i < j\<close> assms(1) cartesian_power_car_memE cartesian_power_car_memE' insert_at_index_eq'' less_Suc_eq_0_disj less_Suc_eq_le not_less0)
+ qed
+ qed
+qed
+
+lemma pre_to_univ_poly_eval:
+ assumes "i < Suc n"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "x \<in> carrier R"
+ assumes "as = insert_at_index a x i"
+ shows "eval_at_point R as p = eval_at_point R a (total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda> i. coord_const x) (pre_to_univ_poly (Suc n) i p))"
+ apply(rule R.Pring_car_induct''[of p "{..<Suc n}"])
+ unfolding coord_ring_def
+ apply (metis assms(2) coord_ring_def)
+proof-
+ have 0: "as \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ using assms insert_at_index_closed
+ by (meson less_Suc_eq_le)
+ show " \<And>c. c \<in> carrier R \<Longrightarrow>
+ eval_at_point R as (R.indexed_const c) =
+ eval_at_point R a (total_eval (Pring R {..<n}) (\<lambda>i. R.indexed_const x) (pre_to_univ_poly (Suc n) i (R.indexed_const c)))"
+ proof- fix c assume "c \<in> carrier R"
+ have 00: "eval_at_poly R (coord_const c) as = c"
+ using assms eval_at_point_const[of c as "Suc n"] "0" \<open>c \<in> carrier R\<close>
+ by blast
+ have 01: "closed_fun (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>n. coord_const x)"
+ using assms(4) R.indexed_const_closed
+ by (metis Pi_I coord_ring_def)
+ have 02: "(pre_to_univ_poly (Suc n) i (coord_const c)) = ring.indexed_const (R[\<X>\<^bsub>n\<^esub>]) (coord_const c)"
+ using pre_to_univ_poly_is_hom(5)[of i "Suc n" _ c] \<open>c \<in> carrier R\<close> assms(1) diff_Suc_1
+ by (metis coord_ring_def)
+ have 03: "(total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda> i. coord_const x) (pre_to_univ_poly (Suc n) i (coord_const c))) =
+ coord_const c"
+ using 01 cring.total_eval_const[of "R[\<X>\<^bsub>n\<^esub>]" "coord_const c" ]
+ by (smt "02" MP.total_eval_const \<open>c \<in> carrier R\<close> coord_ring_def cring.indexed_const_closed R.is_cring)
+ show " eval_at_point R as (R.indexed_const c) =
+ eval_at_point R a (total_eval (Pring R {..<n}) (\<lambda>i. R.indexed_const x) (pre_to_univ_poly (Suc n) i (R.indexed_const c))) "
+ using assms 00 02 03
+ by (metis \<open>c \<in> carrier R\<close> coord_ring_def eval_at_point_const)
+ qed
+ have 01: "closed_fun (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>n. coord_const x)"
+ using assms(4) R.indexed_const_closed
+ by (metis Pi_I coord_ring_def)
+ have 02: "ring_hom_ring (R[\<X>\<^bsub>Suc n\<^esub>]) (Pring (R[\<X>\<^bsub>n\<^esub>]) {i}) (pre_to_univ_poly (Suc n) i)"
+ using pre_to_univ_poly_is_hom(1)[of i "Suc n" ]
+ by (simp add: assms)
+ show "\<And>p q. p \<in> carrier (Pring R {..<Suc n}) \<Longrightarrow>
+ q \<in> carrier (Pring R {..<Suc n}) \<Longrightarrow>
+ eval_at_point R as p = eval_at_point R a (total_eval (Pring R {..<n}) (\<lambda>i. R.indexed_const x) (pre_to_univ_poly (Suc n) i p)) \<Longrightarrow>
+ eval_at_point R as q = eval_at_point R a (total_eval (Pring R {..<n}) (\<lambda>i. R.indexed_const x) (pre_to_univ_poly (Suc n) i q)) \<Longrightarrow>
+ eval_at_point R as (p \<oplus>\<^bsub>Pring R {..<Suc n}\<^esub> q) =
+ eval_at_point R a (total_eval (Pring R {..<n}) (\<lambda>i. R.indexed_const x) (pre_to_univ_poly (Suc n) i (p \<oplus>\<^bsub>Pring R {..<Suc n}\<^esub> q)))"
+ proof- fix p q assume A: "p \<in> carrier (Pring R {..<Suc n})"
+ " q \<in> carrier (Pring R {..<Suc n})"
+ "eval_at_point R as p = eval_at_point R a (total_eval (Pring R {..<n}) (\<lambda>i. R.indexed_const x) (pre_to_univ_poly (Suc n) i p))"
+ " eval_at_point R as q = eval_at_point R a (total_eval (Pring R {..<n}) (\<lambda>i. R.indexed_const x) (pre_to_univ_poly (Suc n) i q))"
+ have 0: "eval_at_poly R (p \<oplus>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub> q) as =
+ eval_at_poly R p as \<oplus>\<^bsub>R\<^esub> eval_at_poly R q as"
+ using "0" A(1) A(2) eval_at_point_add unfolding coord_ring_def
+ by blast
+ have 1: "(total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i (p \<oplus>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub> q))) =
+ (total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i p)) \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>
+ (total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i q))"
+ proof-
+ have 10: "pre_to_univ_poly (Suc n) i p \<in> carrier (Pring (R[\<X>\<^bsub>n\<^esub>]) {i})"
+ using pre_to_univ_poly_is_hom(6)[of i "Suc n" _ p]
+ unfolding coord_ring_def
+ by (metis A(1) assms(1) diff_Suc_1)
+ have 11: "pre_to_univ_poly (Suc n) i q \<in> carrier (Pring (R[\<X>\<^bsub>n\<^esub>]) {i})"
+ using pre_to_univ_poly_is_hom(6)[of i "Suc n" _ q]
+ unfolding coord_ring_def
+
+ by (metis A(2) assms(1) diff_Suc_1)
+ have 12: "(pre_to_univ_poly (Suc n) i (p \<oplus>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub> q)) =
+ (pre_to_univ_poly (Suc n) i p \<oplus>\<^bsub>Pring (R[\<X>\<^bsub>n\<^esub>]) {i}\<^esub> pre_to_univ_poly (Suc n) i q)"
+ using ring_hom_ring.homh A 02 ring_hom_add[of "pre_to_univ_poly (Suc n) i" "R[\<X>\<^bsub>Suc n\<^esub>] " "Pring (R[\<X>\<^bsub>n\<^esub>]) {i}"
+ p q ]
+ unfolding coord_ring_def
+
+ by blast
+
+ show ?thesis
+
+ using 01 10 11 12 A cring.total_eval_add[of "R[\<X>\<^bsub>n\<^esub>]" "pre_to_univ_poly (Suc n) i p" "{i}"
+ "pre_to_univ_poly (Suc n) i q" "\<lambda>i. coord_const x"]
+ coord_cring_cring
+ unfolding coord_ring_def
+
+ by smt
+ qed
+ have 2: "eval_at_poly R (total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i (p \<oplus>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub> q))) a =
+ eval_at_poly R (total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i p)) a \<oplus>
+ eval_at_poly R (total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i q)) a"
+ proof-
+ have 20: "pre_to_univ_poly (Suc n) i p \<in> carrier (Pring (R[\<X>\<^bsub>n\<^esub>]) {i}) "
+ using A(1) 02 unfolding ring_hom_ring_def ring_hom_ring_axioms_def ring_hom_def unfolding coord_ring_def
+ by blast
+ have 21: "pre_to_univ_poly (Suc n) i q \<in> carrier (Pring (R[\<X>\<^bsub>n\<^esub>]) {i}) "
+ using A(2) 02 unfolding ring_hom_ring_def ring_hom_ring_axioms_def ring_hom_def unfolding coord_ring_def
+ by blast
+ have 22: "(total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i p)) \<in>
+ carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using 21 01 A cring.total_eval_closed[of "R[\<X>\<^bsub>n\<^esub>]" "pre_to_univ_poly (Suc n) i p"
+ "{i}" "\<lambda>i. coord_const x"] "20" coord_cring_cring
+ by metis
+ have 23: "(total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i q)) \<in>
+ carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using cring.total_eval_closed[of "R[\<X>\<^bsub>n\<^esub>]" "pre_to_univ_poly (Suc n) i q" "{i}"
+ "\<lambda>i. coord_const x"]
+ by (metis "01" "21" coord_cring_cring)
+
+ show ?thesis
+ using "1" "22" "23" assms(3) eval_at_point_add by presburger
+ qed
+ show "eval_at_point R as (p \<oplus>\<^bsub>Pring R {..<Suc n}\<^esub> q) =
+ eval_at_point R a (total_eval (Pring R {..<n}) (\<lambda>i. R.indexed_const x) (pre_to_univ_poly (Suc n) i (p \<oplus>\<^bsub>Pring R {..<Suc n}\<^esub> q)))"
+ using eval_at_point_add A 0 1 2
+ unfolding coord_ring_def
+
+ by presburger
+ qed
+ fix p j
+ assume A: "p \<in> carrier (Pring R {..<Suc n})" "j \<in> {..<Suc n}"
+ "eval_at_point R as p = eval_at_point R a (total_eval (Pring R {..<n}) (\<lambda>i. R.indexed_const x) (pre_to_univ_poly (Suc n) i p))"
+ show "eval_at_point R as (p \<otimes>\<^bsub>Pring R {..<Suc n}\<^esub> pvar R j) =
+ eval_at_point R a
+ (total_eval (Pring R {..<n}) (\<lambda>i. R.indexed_const x) (pre_to_univ_poly (Suc n) i (p \<otimes>\<^bsub>Pring R {..<Suc n}\<^esub> pvar R j)))"
+ proof-
+ have A0: "eval_at_poly R (p \<otimes>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub> pvar R j) as =
+ eval_at_poly R p as \<otimes> as!j"
+ proof-
+ have "eval_at_poly R (pvar R j) as = as!j"
+ using A(2) 0 eval_pvar
+ by blast
+ then show ?thesis using A eval_at_point_mult[of as "Suc n" p "pvar R j" ] 0
+ by (metis R.Pring_var_closed coord_ring_def)
+ qed
+ have A1: "(pre_to_univ_poly (Suc n) i (p \<otimes>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub> pvar R j)) =
+ (pre_to_univ_poly (Suc n) i p) \<otimes>\<^bsub>Pring (R[\<X>\<^bsub>n\<^esub>]) {i}\<^esub> pre_to_univ_poly (Suc n) i (pvar R j)"
+ using A 02 ring_hom_ring.homh ring_hom_mult[of _ "R[\<X>\<^bsub>Suc n\<^esub>]" _ p "pvar R j"] R.Pring_var_closed[of j "{..< Suc n}"]
+ unfolding coord_ring_def
+ by blast
+ have A2: "(total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i (p \<otimes>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub> pvar R j))) =
+ (total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i p ))\<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>
+ (total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) ( pre_to_univ_poly (Suc n) i (pvar R j)))"
+ proof-
+ have A20: "pre_to_univ_poly (Suc n) i p \<in> carrier (Pring (R[\<X>\<^bsub>n\<^esub>]) {i})"
+ using 02 A unfolding ring_hom_ring_def ring_hom_ring_axioms_def ring_hom_def
+ unfolding coord_ring_def
+
+ by blast
+ have A21: "pre_to_univ_poly (Suc n) i (pvar R j) \<in> carrier (Pring (R[\<X>\<^bsub>n\<^esub>]) {i})"
+ using 02 A unfolding ring_hom_ring_def ring_hom_ring_axioms_def ring_hom_def
+ using R.Pring_var_closed[of j "{..< Suc n}"]
+ unfolding coord_ring_def
+
+ by blast
+ show ?thesis using A1 cring.total_eval_mult[of _ "pre_to_univ_poly (Suc n) i p"]
+
+ by (smt A20 A21 MP.closed_funI MP.total_eval_mult assms(4) coord_ring_def cring.indexed_const_closed R.is_cring)
+ qed
+ have A3: "pre_to_univ_poly (Suc n) i p \<in> carrier (Pring (R[\<X>\<^bsub>n\<^esub>]) {i})"
+ using 02 A ring_hom_ring.homh unfolding ring_hom_def
+ unfolding coord_ring_def
+ by blast
+ have A4: "pre_to_univ_poly (Suc n) i (pvar R j) \<in> carrier (Pring (R[\<X>\<^bsub>n\<^esub>]) {i})"
+ using 02 A ring_hom_ring.homh R.Pring_var_closed[of j "{..< Suc n}"] unfolding ring_hom_def
+ unfolding coord_ring_def
+
+ by blast
+ have A5: "total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i p ) \<in>
+ carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using 01 cring.total_eval_closed[of "R[\<X>\<^bsub>n\<^esub>]" "pre_to_univ_poly (Suc n) i p " "{i}"]
+ A3 coord_cring_cring
+ unfolding coord_ring_def
+ by smt
+ have A6: "total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i (pvar R j) ) \<in>
+ carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using 01 cring.total_eval_closed[of "R[\<X>\<^bsub>n\<^esub>]" "pre_to_univ_poly (Suc n) i (pvar R j) " "{i}"]
+ A4 coord_cring_cring
+ unfolding coord_ring_def
+ by smt
+ have A7: " eval_at_poly R (total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i (p \<otimes>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub> pvar R j))) a
+ = eval_at_poly R (total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i p)) a \<otimes>
+ eval_at_poly R (total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i (pvar R j))) a"
+ using eval_at_point_mult A5 A6 A2 assms(3) by presburger
+ have A8: "eval_at_poly R (total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i (pvar R j))) a =
+ as!j"
+ proof(cases "j = i")
+ case True
+ then have "pre_to_univ_poly (Suc n) i (pvar R j) = pvar (R[\<X>\<^bsub>n\<^esub>]) i"
+ using pre_to_univ_poly_is_hom(3)[of i "Suc n"] assms(1) diff_Suc_1 by presburger
+ then have "total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i (pvar R j)) =
+ coord_const x"
+ using cring.total_eval_var[of "R[\<X>\<^bsub>n\<^esub>]" "\<lambda>i. coord_const x"]
+ unfolding coord_ring_def
+ by (smt "01" \<open>\<And>i. \<lbrakk>cring (R [\<X>\<^bsub>n\<^esub>]); (\<lambda>i. R.indexed_const x) \<in> UNIV \<rightarrow> carrier (R [\<X>\<^bsub>n\<^esub>])\<rbrakk> \<Longrightarrow> total_eval (R [\<X>\<^bsub>n\<^esub>]) (\<lambda>i. R.indexed_const x) (mset_to_IP (R [\<X>\<^bsub>n\<^esub>]) {#i#}) = R.indexed_const x\<close> coord_ring_def cring_coord_rings.coord_cring_cring cring_coord_rings_axioms var_to_IP_def)
+ then have T0: "eval_at_poly R (total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i (pvar R j))) a
+ = x"
+ using eval_at_point_const
+ by (metis assms(3) assms(4))
+ have T1: "as!j = x"
+ using assms
+ by (metis True assms(5) cartesian_power_car_memE insert_at_index_eq le_eq_less_or_eq nat_le_linear
+ not_less_eq)
+ then show ?thesis
+ using T0 by blast
+ next
+ case False
+ then show ?thesis
+ proof(cases "j < i")
+ case True
+ then have "pre_to_univ_poly (Suc n) i (pvar R j) = ring.indexed_const (R[\<X>\<^bsub>n\<^esub>]) (pvar R j)"
+ using pre_to_univ_poly_is_hom(2)[of i "Suc n"] assms(1) diff_Suc_1
+ unfolding coord_ring_def
+ by presburger
+ then have "total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i (pvar R j)) =
+ pvar R j"
+ using cring.total_eval_const[of "R[\<X>\<^bsub>n\<^esub>]"]
+ by (smt Suc_less_eq True assms(1) coord_cring_cring less_trans_Suc local.pvar_closed)
+ then have T0: "eval_at_poly R (total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i (pvar R j))) a
+ = a!j"
+ using eval_pvar
+ by (metis Suc_less_eq True assms(1) assms(3) less_trans_Suc)
+ have T1: "as!j = a!j"
+ using assms
+ by (metis True assms(5) cartesian_power_car_memE insert_at_index_eq' less_Suc_eq_le)
+ then show ?thesis
+ using T0 by presburger
+ next
+ case F: False
+ then have "pre_to_univ_poly (Suc n) i (pvar R j) = ring.indexed_const (R[\<X>\<^bsub>n\<^esub>]) (pvar R (j-1))"
+ using pre_to_univ_poly_is_hom(4)[of i "Suc n"] assms(1) diff_Suc_1
+ unfolding coord_ring_def
+ by (metis A(2) False lessThan_iff linorder_neqE_nat)
+ then have "total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i (pvar R j)) =
+ pvar R (j-1)"
+ using cring.total_eval_const[of "R[\<X>\<^bsub>n\<^esub>]"]
+ by (smt A(2) F False Suc_less_SucD add_diff_inverse_nat coord_cring_cring
+ lessThan_iff less_one linorder_neqE_nat local.pvar_closed not_less0 plus_1_eq_Suc)
+ then have T0: "eval_at_poly R (total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>i. coord_const x) (pre_to_univ_poly (Suc n) i (pvar R j))) a
+ = a!(j-1)"
+ using eval_pvar[of "j-1" n a]
+ by (metis A(2) F False One_nat_def Suc_diff_Suc Suc_less_eq assms(3)
+ lessThan_iff linorder_neqE_nat minus_nat.diff_0 not_less0)
+ have T1: "as!j = a!(j-1)"
+ proof-
+ obtain k where k_def: "j = i + 1 + k"
+ using False F
+ by (metis Nat.add_0_right less_imp_add_positive less_one
+ nat_neq_iff semiring_normalization_rules(25))
+ show "as!j = a!(j-1)"
+ proof-
+ have "length (take i a) = i"
+ using assms
+ by (meson cartesian_power_car_memE less_Suc_eq_le take_closed)
+ then have "as!j = ( x # drop i a)!(k+1)"
+ using k_def assms
+ unfolding coord_ring_def
+ by (metis Suc_eq_plus1 add.assoc insert_at_index.simps nth_append_length_plus plus_1_eq_Suc)
+ have "length (drop i a) \<ge> k"
+ proof-
+ have "length (drop i a) = n - i"
+ using assms cartesian_power_car_memE length_drop
+ by blast
+ then show ?thesis
+ using assms k_def A(2)
+ by (metis Suc_eq_plus1 add.commute diff_Suc_Suc lessThan_iff less_diff_conv less_imp_le_nat)
+ qed
+ then have "as!j = (drop i a)! k"
+ using assms k_def
+ by (metis Nat.add_0_right One_nat_def \<open>as ! j = (x # drop i a) ! (k + 1)\<close> add_Suc_right nth_Cons_Suc)
+ then show ?thesis using k_def assms
+ by (metis Nat.add_diff_assoc2 add_diff_cancel_right' cartesian_power_car_memE le_add2 less_Suc_eq_le nth_drop)
+ qed
+ qed
+ then show ?thesis
+ using T0 by presburger
+ qed
+ qed
+ then show "eval_at_point R as (p \<otimes>\<^bsub>Pring R {..<Suc n}\<^esub> pvar R j) =
+ eval_at_point R a (total_eval (Pring R {..<n}) (\<lambda>i. R.indexed_const x) (pre_to_univ_poly (Suc n) i (p \<otimes>\<^bsub>Pring R {..<Suc n}\<^esub> pvar R j)))"
+ using A(3) A0 A7
+ unfolding coord_ring_def
+ by presburger
+ qed
+qed
+
+definition pre_to_univ_poly_inv_hom ::
+ "nat \<Rightarrow> nat \<Rightarrow> (('a, nat) mvar_poly,('a, nat) mvar_poly) ring_hom" where
+"pre_to_univ_poly_inv_hom n i = R.relabel_vars {..<(n-1)} {..<n} (\<lambda>j. if j < i then j else j + 1)"
+
+lemma pre_to_univ_poly_inv_hom_is_hom:
+ assumes "i < Suc n"
+ shows "ring_hom_ring (R[\<X>\<^bsub>n\<^esub>]) (R[\<X>\<^bsub>Suc n\<^esub>]) (pre_to_univ_poly_inv_hom (Suc n) i)"
+proof-
+ have 0: "ring_hom_ring (R[\<X>\<^bsub>n\<^esub>]) (R[\<X>\<^bsub>Suc n\<^esub>]) (R.relabel_vars {..<n} {..<Suc n} (\<lambda>j. if j < i then j else j + 1))"
+ unfolding coord_ring_def
+ apply(rule R.relabel_vars_is_morphism)
+ using assms
+ by (smt Pi_I Suc_eq_plus1 add_less_cancel_right lessThan_iff less_Suc_eq)
+ then show ?thesis
+ unfolding pre_to_univ_poly_inv_hom_def
+ by simp
+qed
+
+lemma pre_to_univ_poly_inv_hom_const:
+ assumes "i < Suc n"
+ assumes "k \<in> carrier R"
+ shows "(pre_to_univ_poly_inv_hom (Suc n) i) (R.indexed_const k) = R.indexed_const k"
+proof-
+ have 0: "(R.relabel_vars {..<n} {..<Suc n} (\<lambda>j. if j < i then j else j + 1)) (R.indexed_const k) = R.indexed_const k"
+ unfolding coord_ring_def
+ apply(rule R.relabel_vars_is_morphism)
+ using assms
+ apply (smt Pi_I Suc_eq_plus1 add_less_cancel_right lessThan_iff less_Suc_eq)
+ using assms(2) by blast
+ then show ?thesis
+ unfolding pre_to_univ_poly_inv_hom_def
+ using diff_Suc_1 by presburger
+qed
+
+lemma pre_to_univ_poly_inv_hom_pvar_0:
+ assumes "i < Suc n"
+ assumes "j < i"
+ shows "pre_to_univ_poly_inv_hom (Suc n) i (pvar R j) =
+ pvar R j"
+ unfolding pre_to_univ_poly_inv_hom_def coord_ring_def
+ using R.relabel_vars_is_morphism(2)[of "\<lambda>j. if j < i then j else j + 1" "{..<n}" "{..< Suc n}" j]
+ by (smt Pi_I add.commute add_diff_cancel_left' assms(1) assms(2)
+ lessThan_iff less_Suc_eq less_trans_Suc not_less_eq plus_1_eq_Suc)
+
+lemma pre_to_univ_poly_inv_hom_pvar_1:
+ assumes "i < Suc n"
+ assumes "i \<le> j"
+ assumes "j < n"
+ shows "pre_to_univ_poly_inv_hom (Suc n) i (pvar R j) =
+ pvar R (j + 1)"
+ unfolding pre_to_univ_poly_inv_hom_def
+ using assms R.relabel_vars_is_morphism(2)[of "\<lambda>j. if j < i then j else j + 1" "{..<n}" "{..< Suc n}" j]
+ by (smt Pi_I add.commute add_less_cancel_right diff_Suc_1 lessThan_iff less_Suc_eq not_le plus_1_eq_Suc)
+
+definition pre_to_univ_poly_inv_var_ass ::
+ "nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> ('a, nat) mvar_poly" where
+"pre_to_univ_poly_inv_var_ass n i j = pvar R i"
+
+lemma pre_to_univ_poly_inv_var_ass_closed:
+ assumes "i < Suc n"
+ shows "pre_to_univ_poly_inv_var_ass (Suc n) i \<in> {i} \<rightarrow> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ by (metis Pi_I assms local.pvar_closed pre_to_univ_poly_inv_var_ass_def)
+
+definition pre_to_univ_poly_inv ::
+ "nat \<Rightarrow> nat \<Rightarrow> ((('a, nat) mvar_poly, nat) mvar_poly,('a, nat) mvar_poly) ring_hom" where
+"pre_to_univ_poly_inv n i = indexed_poly_induced_morphism {i} (R[\<X>\<^bsub>n\<^esub>])
+ (pre_to_univ_poly_inv_hom n i) (pre_to_univ_poly_inv_var_ass n i)"
+
+lemma pre_to_univ_poly_inv_is_hom:
+ assumes "i < Suc n"
+ shows "ring_hom_ring (Pring (R[\<X>\<^bsub>n\<^esub>]) {i}) (R[\<X>\<^bsub>Suc n\<^esub>]) (pre_to_univ_poly_inv (Suc n) i)"
+ apply(rule cring.Pring_universal_prop[of _ _ "pre_to_univ_poly_inv_var_ass (Suc n) i" "{i}" "pre_to_univ_poly_inv_hom (Suc n) i"])
+ unfolding coord_ring_def
+ apply (simp add: R.Pring_is_cring R.is_cring)
+ apply (simp add: R.Pring_is_cring R.is_cring)
+ apply (metis Pi_I R.Pring_var_closed assms lessThan_iff pre_to_univ_poly_inv_var_ass_def)
+ apply (metis assms coord_ring_def pre_to_univ_poly_inv_hom_is_hom)
+ by (simp add: coord_ring_def pre_to_univ_poly_inv_def)
+
+lemma pre_to_univ_poly_inv_pvar:
+ assumes "i < Suc n"
+ shows "(pre_to_univ_poly_inv (Suc n) i) (pvar (R[\<X>\<^bsub>n\<^esub>]) i) = pvar R i"
+ using assms cring.Pring_universal_prop[of "R[\<X>\<^bsub>n\<^esub>]" "R[\<X>\<^bsub>Suc n\<^esub>]"
+ "pre_to_univ_poly_inv_var_ass (Suc n) i" "{i}" "pre_to_univ_poly_inv_hom (Suc n) i"]
+ by (metis Pi_I coord_cring_cring cring_coord_rings.pre_to_univ_poly_inv_var_ass_def
+ cring_coord_rings_axioms local.pvar_closed pre_to_univ_poly_inv_def
+ pre_to_univ_poly_inv_hom_is_hom singletonI var_to_IP_def)
+
+lemma pre_to_univ_poly_inv_const:
+ assumes "i < Suc n"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "(pre_to_univ_poly_inv (Suc n) i) (ring.indexed_const (R[\<X>\<^bsub>n\<^esub>]) p) = pre_to_univ_poly_inv_hom (Suc n) i p "
+ using assms cring.Pring_universal_prop[of "R[\<X>\<^bsub>n\<^esub>]" "R[\<X>\<^bsub>Suc n\<^esub>]"
+ "pre_to_univ_poly_inv_var_ass (Suc n) i" "{i}" "pre_to_univ_poly_inv_hom (Suc n) i"]
+ by (metis Pi_I coord_cring_cring cring_coord_rings.pre_to_univ_poly_inv_var_ass_def
+ cring_coord_rings_axioms local.pvar_closed pre_to_univ_poly_inv_def pre_to_univ_poly_inv_hom_is_hom)
+
+lemma pre_to_univ_poly_inverse:
+ assumes "i < Suc n"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ shows "pre_to_univ_poly_inv (Suc n) i (pre_to_univ_poly (Suc n) i p) = p"
+ apply(rule R.Pring_car_induct''[of p "{..<Suc n}"])
+ using assms coord_ring_def apply metis
+proof-
+ show 0: " \<And>c. c \<in> carrier R \<Longrightarrow> pre_to_univ_poly_inv (Suc n) i (pre_to_univ_poly (Suc n) i (coord_const c)) = coord_const c"
+ proof-
+ fix c assume A: "c \<in> carrier R"
+ have 0: "pre_to_univ_poly (Suc n) i (coord_const c) =
+ MP.indexed_const n (coord_const c)"
+ using A assms(1) diff_Suc_1 pre_to_univ_poly_is_hom(5) by presburger
+ have 1: "(\<lambda>j. if j < i then j else j + 1) \<in> {..<n} \<rightarrow> {..<Suc n}"
+ by (smt Pi_I Suc_eq_plus1 add_less_cancel_right lessThan_iff less_Suc_eq)
+ have 2: "pre_to_univ_poly_inv_hom (Suc n) i (coord_const c) = coord_const c"
+ unfolding pre_to_univ_poly_inv_hom_def
+ using 1 R.relabel_vars_is_morphism(3)[of "(\<lambda>j. if j < i then j else j + 1)" "{..<n}" "{..<Suc n}" c]
+ unfolding coord_ring_def
+ using A diff_Suc_1 by presburger
+ show "pre_to_univ_poly_inv (Suc n) i (pre_to_univ_poly (Suc n) i (coord_const c)) = coord_const c "
+ using 0 1 2
+ by (metis (no_types, lifting) A R.indexed_const_closed assms(1) coord_ring_def pre_to_univ_poly_inv_const)
+ qed
+ show 1: "\<And>p q. p \<in> carrier (Pring R {..<Suc n}) \<Longrightarrow>
+ q \<in> carrier (Pring R {..<Suc n}) \<Longrightarrow>
+ pre_to_univ_poly_inv (Suc n) i (pre_to_univ_poly (Suc n) i p) =
+ p \<Longrightarrow>
+ pre_to_univ_poly_inv (Suc n) i (pre_to_univ_poly (Suc n) i q) =
+ q \<Longrightarrow>
+ pre_to_univ_poly_inv (Suc n) i
+ (pre_to_univ_poly (Suc n) i (p \<oplus>\<^bsub>Pring R {..<Suc n}\<^esub> q)) =
+ p \<oplus>\<^bsub>Pring R {..<Suc n}\<^esub> q"
+ proof- fix p q assume A: "p \<in> carrier (Pring R {..<Suc n})"
+ "q \<in> carrier (Pring R {..<Suc n})"
+ "pre_to_univ_poly_inv (Suc n) i (pre_to_univ_poly (Suc n) i p) = p"
+ "pre_to_univ_poly_inv (Suc n) i (pre_to_univ_poly (Suc n) i q) = q"
+ have 0: "(pre_to_univ_poly (Suc n) i (p \<oplus>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub> q)) =
+ (pre_to_univ_poly (Suc n) i p) \<oplus>\<^bsub>Pring (R[\<X>\<^bsub>n\<^esub>]) {i}\<^esub> pre_to_univ_poly (Suc n) i q"
+ using pre_to_univ_poly_is_hom(1)[of i "Suc n"] ring_hom_ring.homh ring_hom_add A
+ unfolding coord_ring_def
+ by (metis (mono_tags, lifting) assms(1) diff_Suc_1)
+ have 1: "pre_to_univ_poly (Suc n) i p \<in> carrier (Pring (R[\<X>\<^bsub>n\<^esub>]) {i})"
+ using pre_to_univ_poly_is_hom(1)[of i "Suc n"] A
+ unfolding coord_ring_def
+ by (metis assms(1) coord_ring_def diff_Suc_1 pre_to_univ_poly_is_hom(6))
+ have 2: "pre_to_univ_poly (Suc n) i q \<in> carrier (Pring (R[\<X>\<^bsub>n\<^esub>]) {i})"
+ using pre_to_univ_poly_is_hom(1)[of i "Suc n"] A
+ unfolding coord_ring_def
+ by (metis assms(1) coord_ring_def diff_Suc_1 pre_to_univ_poly_is_hom(6))
+ show "pre_to_univ_poly_inv (Suc n) i
+ (pre_to_univ_poly (Suc n) i (p \<oplus>\<^bsub>Pring R {..<Suc n}\<^esub> q)) =
+ p \<oplus>\<^bsub>Pring R {..<Suc n}\<^esub> q"
+ using 0 1 2 A pre_to_univ_poly_inv_is_hom[of i n] ring_hom_ring.homh ring_hom_add
+ unfolding coord_ring_def
+ by (smt assms(1))
+ qed
+ show "\<And>p ia.
+ p \<in> carrier (Pring R {..<Suc n}) \<Longrightarrow>
+ ia \<in> {..<Suc n} \<Longrightarrow>
+ pre_to_univ_poly_inv (Suc n) i (pre_to_univ_poly (Suc n) i p) = p \<Longrightarrow>
+ pre_to_univ_poly_inv (Suc n) i
+ (pre_to_univ_poly (Suc n) i (p \<otimes>\<^bsub>Pring R {..<Suc n}\<^esub> pvar R ia)) =
+ p \<otimes>\<^bsub>Pring R {..<Suc n}\<^esub> pvar R ia"
+ proof- fix p j
+ assume A: " p \<in> carrier (Pring R {..<Suc n})" "j \<in> {..<Suc n}"
+ "pre_to_univ_poly_inv (Suc n) i (pre_to_univ_poly (Suc n) i p) = p "
+ have 0: "(pre_to_univ_poly (Suc n) i (p \<otimes>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub> pvar R j))
+ = (pre_to_univ_poly (Suc n) i p) \<otimes>\<^bsub>Pring (R[\<X>\<^bsub>n\<^esub>]) {i}\<^esub> pre_to_univ_poly (Suc n) i (pvar R j)"
+ using pre_to_univ_poly_is_hom(1)[of i "Suc n"] ring_hom_ring.homh ring_hom_mult A
+ unfolding coord_ring_def
+ by (metis R.Pring_var_closed assms(1) diff_Suc_1)
+ have 1: "pre_to_univ_poly (Suc n) i p \<in> carrier (Pring (R[\<X>\<^bsub>n\<^esub>]) {i})"
+ using pre_to_univ_poly_is_hom(1)[of i "Suc n"] A
+ unfolding coord_ring_def
+ by (metis assms(1) coord_ring_def diff_Suc_1 pre_to_univ_poly_is_hom(6))
+ have 1: "pre_to_univ_poly (Suc n) i (pvar R j) \<in> carrier (Pring (R[\<X>\<^bsub>n\<^esub>]) {i})"
+ using pre_to_univ_poly_is_hom(1)[of i "Suc n"] A
+ unfolding coord_ring_def
+ by (metis R.Pring_var_closed assms(1) coord_ring_def diff_Suc_1 pre_to_univ_poly_is_hom(6))
+ have 2: "pre_to_univ_poly_inv (Suc n) i (pre_to_univ_poly (Suc n) i (pvar R j)) = pvar R j"
+ proof(cases "j = i")
+ case True
+ then have "(pre_to_univ_poly (Suc n) i (pvar R j)) = pvar (R[\<X>\<^bsub>n\<^esub>]) j"
+ using pre_to_univ_poly_is_hom(3)[of i "Suc n"] assms(1) diff_Suc_1 by presburger
+ then show ?thesis
+ unfolding coord_ring_def
+ using True \<open>pre_to_univ_poly (Suc n) i (pvar R j) = pvar (R[\<X>\<^bsub>n\<^esub>]) j\<close> assms(1) pre_to_univ_poly_inv_pvar by presburger
+ next
+ case False
+ show ?thesis
+ proof(cases "j < i")
+ case True
+ then have "(pre_to_univ_poly (Suc n) i (pvar R j)) = ring.indexed_const (R[\<X>\<^bsub>n\<^esub>]) (pvar R j)"
+ using pre_to_univ_poly_is_hom(2) [of i "Suc n"] assms(1) diff_Suc_1
+ unfolding coord_ring_def
+
+ by presburger
+ then show ?thesis
+ using pre_to_univ_poly_inv_const[of i n "(pvar R j)"]
+ pre_to_univ_poly_inv_hom_pvar_0[of i n j]
+ by (metis Suc_less_eq True assms(1) less_trans_Suc local.pvar_closed)
+ next
+ case F: False
+ then have "(pre_to_univ_poly (Suc n) i (pvar R j)) = ring.indexed_const (R[\<X>\<^bsub>n\<^esub>]) (pvar R (j-1))"
+ using pre_to_univ_poly_is_hom(4)[of i "Suc n"] assms(1) diff_Suc_1
+ unfolding coord_ring_def
+ by (metis A(2) False lessThan_iff linorder_neqE_nat)
+ then show ?thesis
+ using pre_to_univ_poly_inv_const[of i n "(pvar R (j-1))"]
+ pre_to_univ_poly_inv_hom_pvar_0[of i n "j-1"]
+ by (metis (no_types, lifting) A(2) F False One_nat_def Suc_eq_plus1 add_diff_inverse_nat
+ assms(1) le_neq_implies_less lessThan_iff less_one local.pvar_closed nat_le_linear
+ not_less_eq plus_1_eq_Suc pre_to_univ_poly_inv_hom_pvar_1)
+ qed
+ qed
+ show "pre_to_univ_poly_inv (Suc n) i
+ (pre_to_univ_poly (Suc n) i (p \<otimes>\<^bsub>Pring R {..<Suc n}\<^esub> pvar R j)) =
+ p \<otimes>\<^bsub>Pring R {..<Suc n}\<^esub> pvar R j"
+ using 0 1 2 A pre_to_univ_poly_inv_is_hom[of i n]
+ ring_hom_ring.homh[of _ _ "pre_to_univ_poly_inv (Suc n) i "]
+ ring_hom_mult[of "pre_to_univ_poly_inv (Suc n) i "]
+ unfolding coord_ring_def
+ by (smt assms(1) coord_ring_def diff_Suc_1 pre_to_univ_poly_is_hom(6))
+ qed
+qed
+
+lemma coord_ring_car_induct:
+ assumes "Q \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ assumes "\<And>c. c \<in> carrier R \<Longrightarrow> A (R.indexed_const c)"
+ assumes "\<And>p q. p \<in> carrier (R[\<X>\<^bsub>n\<^esub>]) \<Longrightarrow> q \<in> carrier (R[\<X>\<^bsub>n\<^esub>]) \<Longrightarrow> A p \<Longrightarrow> A q \<Longrightarrow> A (p \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> q)"
+ assumes "\<And>p i. p \<in> carrier (R[\<X>\<^bsub>n\<^esub>]) \<Longrightarrow> i < n \<Longrightarrow> A p \<Longrightarrow> A (p \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> pvar R i)"
+ shows "A Q"
+ unfolding coord_ring_def apply(rule R.Pring_car_induct''[of _ "{..<n}"])
+ apply (metis assms(1) coord_ring_def)
+ using assms(2) apply auto[1]
+ apply (metis assms(3) coord_ring_def)
+ by (metis assms(4) coord_ring_def lessThan_iff)
+
+lemma pre_to_univ_poly_inverse':
+ assumes "i < Suc n"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n p)) = MP.indexed_const n p"
+ apply(rule coord_ring_car_induct[of _ n])
+ using assms(2) apply blast
+proof-
+ show "\<And>c. c \<in> carrier R \<Longrightarrow>
+ pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (R.indexed_const c))) =
+ MP.indexed_const n (R.indexed_const c)"
+ proof- fix k assume A: "k \<in> carrier R"
+ have 0: "R.indexed_const k \<in> carrier (R [\<X>\<^bsub>n\<^esub>])"
+ using A
+ by (metis coord_ring_def R.indexed_const_closed)
+ have 1: "pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (R.indexed_const k)) = pre_to_univ_poly_inv_hom (Suc n) i (R.indexed_const k)"
+ using 0 assms pre_to_univ_poly_inv_const[of i n "R.indexed_const k"]
+ by linarith
+ have "pre_to_univ_poly_inv_hom (Suc n) i (R.indexed_const k) = R.indexed_const k"
+ using A pre_to_univ_poly_inv_hom_const[of i n k] assms
+ by blast
+ thus "pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (R.indexed_const k))) = MP.indexed_const n (R.indexed_const k) "
+ using 1
+ by (metis A assms(1) coord_ring_def diff_Suc_1 pre_to_univ_poly_is_hom(5))
+ qed
+ show "\<And>p q. p \<in> carrier (R [\<X>\<^bsub>n\<^esub>]) \<Longrightarrow>
+ q \<in> carrier (R [\<X>\<^bsub>n\<^esub>]) \<Longrightarrow>
+ pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n p)) = MP.indexed_const n p \<Longrightarrow>
+ pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n q)) = MP.indexed_const n q \<Longrightarrow>
+ pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (p \<oplus>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> q))) = MP.indexed_const n (p \<oplus>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> q)"
+ proof- fix p Q
+ assume A: "p \<in> carrier (R [\<X>\<^bsub>n\<^esub>]) "
+ "pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n p)) = MP.indexed_const n p"
+ "Q \<in> carrier (R [\<X>\<^bsub>n\<^esub>])"
+ "pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n Q)) = MP.indexed_const n Q "
+ have 0: "p \<Oplus> Q = p \<oplus>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> Q"
+ by (metis R.Pring_add coord_ring_def)
+ have 1: "MP.indexed_const n (p \<Oplus> Q) = (MP.indexed_const n p) \<oplus>\<^bsub>Pring (R[\<X>\<^bsub>n\<^esub>]) {i}\<^esub>(MP.indexed_const n Q)"
+ by (metis "0" MP.Pring_add MP.indexed_padd_const)
+ have 2: "MP.indexed_const n p \<in> carrier (Pring (R [\<X>\<^bsub>n\<^esub>]) {i})"
+ using A unfolding coord_ring_def
+ by (metis MP.indexed_const_closed R.Pring_car coord_ring_def)
+ have 3: "MP.indexed_const n Q \<in> carrier (Pring (R [\<X>\<^bsub>n\<^esub>]) {i})"
+ using A(3) MP.indexed_const_closed by blast
+ have 4: "(pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (p \<oplus>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> Q))) =
+ pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n p) \<oplus>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub> pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n Q)"
+ using pre_to_univ_poly_is_hom(1)[of i "Suc n"]
+ pre_to_univ_poly_inv_is_hom(1)[of i n]
+ ring_hom_add[of "pre_to_univ_poly_inv (Suc n) i" "(Pring (R [\<X>\<^bsub>n\<^esub>]) {i})"
+ "(R [\<X>\<^bsub>Suc n\<^esub>])" "MP.indexed_const n p" "MP.indexed_const n Q"]
+ ring_hom_ring.homh
+ MP.indexed_const_closed[of p n "{i}"]
+ MP.indexed_const_closed[of Q n "{i}"] A R.Pring_car[of "{..<n}"] unfolding coord_ring_def
+ by (metis "0" "1" assms(1) coord_ring_def)
+ have 5: "pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (p \<oplus>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> Q))) =
+ pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n p)) \<oplus>\<^bsub>Pring (R[\<X>\<^bsub>n\<^esub>]) {i}\<^esub>
+ pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n Q))"
+ proof-
+ have 50: "pre_to_univ_poly (Suc n) i \<in> ring_hom (R [\<X>\<^bsub>Suc n\<^esub>]) (Pring (R [\<X>\<^bsub>Suc n - 1\<^esub>]) {i})"
+ using pre_to_univ_poly_is_hom(1)[of i "Suc n"] ring_hom_ring.homh
+ by (metis assms(1))
+ have 51: "pre_to_univ_poly_inv (Suc n) i \<in> ring_hom (Pring (R [\<X>\<^bsub>Suc n - 1\<^esub>]) {i}) (R [\<X>\<^bsub>Suc n\<^esub>]) "
+ using pre_to_univ_poly_inv_is_hom ring_hom_ring.homh
+ by (metis assms(1) diff_Suc_1)
+ have 52: " pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n p) \<in> carrier (R [\<X>\<^bsub>Suc n\<^esub>])"
+ using 51 ring_hom_closed[of "pre_to_univ_poly_inv (Suc n) i" ]
+ by (smt "2" diff_Suc_1)
+ have 53: " pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n Q) \<in> carrier (R [\<X>\<^bsub>Suc n\<^esub>]) "
+ using 51 ring_hom_closed[of "pre_to_univ_poly_inv (Suc n) i" ]
+ by (smt 3 diff_Suc_1)
+ show ?thesis using 50 51 52 53
+ using pre_to_univ_poly_is_hom(1)[of i "Suc n"]
+ ring_hom_add[of "pre_to_univ_poly (Suc n) i" "R [\<X>\<^bsub>Suc n\<^esub>]" "Pring (R [\<X>\<^bsub>Suc n - 1\<^esub>]) {i}"
+ "pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n p)"
+ "pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n Q)"] 4
+ by (metis diff_Suc_1)
+ qed
+ show "pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (p \<oplus>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> Q))) = MP.indexed_const n (p \<oplus>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> Q)"
+ using 5 A "0" "1" by metis
+ qed
+ show "\<And>p ia.
+ p \<in> carrier (R [\<X>\<^bsub>n\<^esub>]) \<Longrightarrow>
+ ia < n \<Longrightarrow>
+ pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n p)) = MP.indexed_const n p \<Longrightarrow>
+ pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (p \<otimes>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> pvar R ia))) = MP.indexed_const n (p \<otimes>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> pvar R ia)"
+ proof- fix p j
+ assume A: "p \<in> carrier (R [\<X>\<^bsub>n\<^esub>])" "j < n"
+ "pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n p)) = MP.indexed_const n p"
+ show "pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (p \<otimes>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> pvar R j))) = MP.indexed_const n (p \<otimes>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> pvar R j)"
+ proof-
+ have 0: "pre_to_univ_poly_inv (Suc n) i \<in> ring_hom (Pring (R [\<X>\<^bsub>Suc n - 1\<^esub>]) {i}) (R [\<X>\<^bsub>Suc n\<^esub>]) "
+ using pre_to_univ_poly_inv_is_hom(1)[of i n] ring_hom_ring.homh
+ by (metis assms(1) diff_Suc_1)
+ have 1: "MP.indexed_const n (p \<otimes>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> (pvar R j)) = MP.indexed_const n p \<otimes>\<^bsub>Pring (R[\<X>\<^bsub>n\<^esub>]) {i}\<^esub> MP.indexed_const n (pvar R j)"
+ by (metis A(1) A(2) MP.indexed_const_mult local.pvar_closed)
+ have 2: "(pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (p \<otimes>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> pvar R j))) =
+ pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n p) \<otimes>\<^bsub>(R [\<X>\<^bsub>Suc n\<^esub>])\<^esub> pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (pvar R j))"
+ using 0 1 ring_hom_mult A
+ by (metis (no_types, lifting) MP.indexed_const_closed diff_Suc_1 local.pvar_closed)
+ have 3: "pre_to_univ_poly(Suc n) i \<in> ring_hom (R [\<X>\<^bsub>Suc n\<^esub>]) (Pring (R [\<X>\<^bsub>Suc n - 1\<^esub>]) {i}) "
+ using assms(1) pre_to_univ_poly_is_hom(1) ring_hom_ring.homh by blast
+ have 4: "pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (p \<otimes>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> pvar R j))) =
+ pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n p)) \<otimes>\<^bsub>Pring (R [\<X>\<^bsub>n\<^esub>]) {i}\<^esub>
+ pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (pvar R j)))"
+ using 2 3 ring_hom_mult
+ by (smt "0" A(1) A(2) MP.indexed_const_closed diff_Suc_1 local.pvar_closed ring_hom_closed)
+ have 5: "pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (p \<otimes>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> pvar R j))) =
+ MP.indexed_const n p \<otimes>\<^bsub>Pring (R [\<X>\<^bsub>n\<^esub>]) {i}\<^esub>
+ pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (pvar R j)))"
+ using A "4" by presburger
+ have 6: "pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (pvar R j))) = (MP.indexed_const n (pvar R j))"
+ proof-
+ have "(pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (pvar R j))) = pre_to_univ_poly_inv_hom (Suc n) i (pvar R j)"
+ using A(2) assms(1) local.pvar_closed pre_to_univ_poly_inv_const by blast
+ hence "pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (pvar R j))) =
+ pre_to_univ_poly (Suc n) i (pre_to_univ_poly_inv_hom (Suc n) i (pvar R j))"
+ by presburger
+ show ?thesis
+ proof(cases "j < i")
+ case True
+ then have "(pre_to_univ_poly_inv_hom (Suc n) i (pvar R j)) = (pvar R j)"
+ using pre_to_univ_poly_inv_hom_pvar_0[of i n j] assms(1) by blast
+ thus ?thesis using pre_to_univ_poly_is_hom
+ by (metis True \<open>pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (pvar R j)) = pre_to_univ_poly_inv_hom (Suc n) i (pvar R j)\<close> assms(1) coord_ring_def diff_Suc_1)
+ next
+ case False
+ have "pre_to_univ_poly_inv_hom (Suc n) i (pvar R j) = pvar R (j + 1)"
+ using pre_to_univ_poly_inv_hom_pvar_1[of i n j] A(2) False assms(1) not_le
+ by blast
+ thus ?thesis using pre_to_univ_poly_is_hom
+ by (metis A(2) False Suc_eq_plus1 \<open>pre_to_univ_poly_inv (Suc n) i (MP.indexed_const n (pvar R j)) = pre_to_univ_poly_inv_hom (Suc n) i (pvar R j)\<close>
+ assms(1) coord_ring_def diff_Suc_1 not_less_eq)
+ qed
+ qed
+ show ?thesis using 6 A
+ using "1" "5" by presburger
+ qed
+ qed
+qed
+
+definition to_univ_poly :: "nat \<Rightarrow> nat \<Rightarrow>
+ (('a, nat) mvar_poly , ('a, nat) mvar_poly u_poly) ring_hom" where
+"to_univ_poly n i = IP_to_UP i \<circ> (pre_to_univ_poly n i) "
+
+definition from_univ_poly :: "nat \<Rightarrow> nat \<Rightarrow>
+ (('a, nat) mvar_poly u_poly , ('a, nat) mvar_poly) ring_hom" where
+"from_univ_poly n i = pre_to_univ_poly_inv n i \<circ> (UP_to_IP (coord_ring R (n-1)) i)"
+
+lemma to_univ_poly_is_hom:
+ assumes "i \<le> n"
+ shows "(to_univ_poly (Suc n) i) \<in> ring_hom (R[\<X>\<^bsub>Suc n\<^esub>]) (UP (R[\<X>\<^bsub>n\<^esub>])) "
+ unfolding to_univ_poly_def
+ apply(rule ring_hom_trans[of _ _ "Pring (R[\<X>\<^bsub>n\<^esub>]) {i}"])
+ using assms pre_to_univ_poly_is_hom ring_hom_ring.homh
+ apply (metis diff_Suc_1 le_imp_less_Suc)
+ using UP_cring.IP_to_UP_ring_hom[of "(Pring R {..<n})" i] assms ring_hom_ring.homh
+ unfolding coord_ring_def UP_cring_def
+ using R.Pring_is_cring R.is_cring by blast
+
+lemma from_univ_poly_is_hom:
+ assumes "i \<le> n"
+ shows "(from_univ_poly (Suc n) i) \<in> ring_hom (UP (R[\<X>\<^bsub>n\<^esub>])) (R[\<X>\<^bsub>Suc n\<^esub>]) "
+ unfolding from_univ_poly_def
+ apply(rule ring_hom_trans[of _ _ "Pring (R[\<X>\<^bsub>n\<^esub>]) {i}"])
+ using assms UP_cring.UP_to_IP_ring_hom[of "coord_ring R (Suc n - 1)" i]
+ ring_hom_ring.homh[of "UP (coord_ring R (Suc n - 1))" "Pring (coord_ring R (Suc n - 1)) {i}" "UP_to_IP (coord_ring R (Suc n - 1)) i"]
+ unfolding coord_ring_def UP_cring_def
+ apply (metis R.Pring_is_cring diff_Suc_1 R.is_cring)
+ using assms ring_hom_ring.homh le_imp_less_Suc pre_to_univ_poly_inv_is_hom
+ unfolding coord_ring_def UP_cring_def
+ by blast
+
+lemma to_univ_poly_inverse:
+ assumes "i \<le> n"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ shows "from_univ_poly (Suc n) i (to_univ_poly (Suc n) i p) = p"
+proof-
+ have 0: "pre_to_univ_poly (Suc n) i p \<in> Pring_set (R[\<X>\<^bsub>n\<^esub>]) {i}"
+ using pre_to_univ_poly_is_hom(6)[of i "Suc n" _ p] assms ring.Pring_car
+ unfolding coord_ring_def UP_domain_def
+ by (metis R.Pring_is_ring diff_Suc_1 le_imp_less_Suc)
+ have 1: "UP_to_IP (R[\<X>\<^bsub>n\<^esub>]) i
+ (IP_to_UP i (pre_to_univ_poly (Suc n) i p)) =
+ pre_to_univ_poly (Suc n) i p"
+ using 0 UP_cring.UP_to_IP_inv[of "R[\<X>\<^bsub>n\<^esub>]" "pre_to_univ_poly (Suc n) i p" i ]
+ R.Pring_is_cring
+ unfolding coord_ring_def UP_cring_def
+ using R.is_cring by blast
+ have 2: "from_univ_poly (Suc n) i (to_univ_poly (Suc n) i p) =
+ (pre_to_univ_poly_inv (Suc n) i (
+ (UP_to_IP (coord_ring R (Suc n - 1)) i) (
+ (IP_to_UP i (
+ (pre_to_univ_poly (Suc n) i) p)))))"
+ unfolding from_univ_poly_def to_univ_poly_def
+ unfolding coord_ring_def
+ by (metis comp_eq_dest_lhs)
+ have 3: "from_univ_poly (Suc n) i (to_univ_poly (Suc n) i p) =
+ (pre_to_univ_poly_inv (Suc n) i (
+ pre_to_univ_poly (Suc n) i p))"
+ using 0 1 2
+ unfolding coord_ring_def
+ using diff_Suc_1 by presburger
+ then show ?thesis
+ using pre_to_univ_poly_inverse assms(1) assms(2) less_Suc_eq_le
+ by presburger
+qed
+
+lemma to_univ_poly_closed:
+ assumes "i \<le> n"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ shows "to_univ_poly (Suc n) i p \<in> carrier (UP (R[\<X>\<^bsub>n\<^esub>]))"
+ using to_univ_poly_is_hom[of i n] assms unfolding ring_hom_def
+ by blast
+
+lemma to_univ_poly_add:
+ assumes "i \<le> n"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ assumes "Q \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ shows "to_univ_poly (Suc n) i (p \<oplus>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub>Q) =
+ to_univ_poly (Suc n) i p \<oplus>\<^bsub>UP (R[\<X>\<^bsub>n\<^esub>])\<^esub> to_univ_poly (Suc n) i Q"
+ using to_univ_poly_is_hom ring_hom_add
+ by (metis assms(1) assms(2) assms(3))
+
+lemma to_univ_poly_mult:
+ assumes "i \<le> n"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ assumes "Q \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ shows "to_univ_poly (Suc n) i (p \<otimes>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub>Q) =
+ to_univ_poly (Suc n) i p \<otimes>\<^bsub>UP (R[\<X>\<^bsub>n\<^esub>])\<^esub> to_univ_poly (Suc n) i Q"
+ using to_univ_poly_is_hom ring_hom_mult
+ by (metis assms(1) assms(2) assms(3))
+
+lemma from_univ_poly_closed:
+ assumes "i \<le> n"
+ assumes "p \<in> carrier (UP (R[\<X>\<^bsub>n\<^esub>])) "
+ shows "from_univ_poly (Suc n) i p \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ using from_univ_poly_is_hom[of i n] assms unfolding ring_hom_def
+ by blast
+
+lemma from_univ_poly_add:
+ assumes "i \<le> n"
+ assumes "p \<in> carrier (UP (R[\<X>\<^bsub>n\<^esub>])) "
+ assumes "Q \<in> carrier (UP (R[\<X>\<^bsub>n\<^esub>])) "
+ shows "from_univ_poly (Suc n) i (p \<oplus>\<^bsub>UP (R[\<X>\<^bsub>n\<^esub>])\<^esub>Q) =
+ from_univ_poly (Suc n) i p \<oplus>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub> from_univ_poly (Suc n) i Q"
+ using from_univ_poly_is_hom ring_hom_add
+ by (metis assms(1) assms(2) assms(3))
+
+lemma from_univ_poly_mult:
+ assumes "i \<le> n"
+ assumes "p \<in> carrier (UP (R[\<X>\<^bsub>n\<^esub>])) "
+ assumes "Q \<in> carrier (UP (R[\<X>\<^bsub>n\<^esub>])) "
+ shows "from_univ_poly (Suc n) i (p \<otimes>\<^bsub>UP (R[\<X>\<^bsub>n\<^esub>])\<^esub>Q) =
+ from_univ_poly (Suc n) i p \<otimes>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub> from_univ_poly (Suc n) i Q"
+ using from_univ_poly_is_hom ring_hom_mult
+ by (metis assms(1) assms(2) assms(3))
+
+lemma(in UP_cring) monom_as_mult:
+ assumes "a \<in> carrier R"
+ shows "up_ring.monom (UP R) a n = to_poly a \<otimes>\<^bsub> UP R\<^esub> up_ring.monom (UP R) \<one> n"
+ by (metis One_nat_def P_def R.one_closed R.r_one UP_cring.poly_shift_monom add_Suc assms is_UP_cring local.monom_mult plus_1_eq_Suc to_polynomial_def)
+
+lemma cring_coord_rings_coord_ring:
+"cring_coord_rings (R[\<X>\<^bsub>n\<^esub>])"
+ unfolding cring_coord_rings_def
+ cring_coord_rings_axioms_def coord_ring_def
+ apply(rule conjI)
+ unfolding UP_cring_def
+ apply (metis coord_cring_cring coord_ring_def)
+ using cring_coord_rings_axioms
+ unfolding cring_coord_rings_def cring_coord_rings_axioms_def
+ by (metis coord_ring_def coord_ring_one coord_ring_zero)
+
+lemma from_univ_poly_monom_inverse:
+ assumes "i < Suc n"
+ assumes "a \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ shows "to_univ_poly (Suc n) i (from_univ_poly (Suc n) i (up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) a m)) = up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) a m"
+proof-
+ have 0: "up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) a m = (to_polynomial (R[\<X>\<^bsub>n\<^esub>]) a) \<otimes>\<^bsub>UP (R[\<X>\<^bsub>n\<^esub>])\<^esub> (up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) \<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> m)"
+ using UP_cring.monom_as_mult[of "R[\<X>\<^bsub>n\<^esub>]" a m] unfolding UP_ring_def
+ using UP_cring_def assms coord_cring_cring by blast
+ have 1 : "(UP_to_IP (R [\<X>\<^bsub>Suc n - 1\<^esub>]) i) (to_polynomial (R[\<X>\<^bsub>n\<^esub>]) a) = ring.indexed_const (R[\<X>\<^bsub>n\<^esub>]) a"
+ using UP_cring.UP_to_IP_const[of "R [\<X>\<^bsub>Suc n - 1\<^esub>]" a i] unfolding UP_cring_def
+ by (simp add: assms coord_cring_cring)
+ have 2: "(from_univ_poly (Suc n) i (to_polynomial (R[\<X>\<^bsub>n\<^esub>]) a))
+ = pre_to_univ_poly_inv (Suc n) i (ring.indexed_const (R[\<X>\<^bsub>n\<^esub>]) a)"
+ unfolding from_univ_poly_def using 1
+ by (metis comp_apply)
+ have 3: "from_univ_poly (Suc n) i (to_polynomial (R [\<X>\<^bsub>n\<^esub>]) a) = pre_to_univ_poly_inv_hom (Suc n) i a"
+ using pre_to_univ_poly_inv_const[of i n a] assms 2
+ by presburger
+ have 4: "to_univ_poly (Suc n) i (from_univ_poly (Suc n) i (to_polynomial (R [\<X>\<^bsub>n\<^esub>]) a)) =
+ IP_to_UP i ((pre_to_univ_poly (Suc n) i) (pre_to_univ_poly_inv_hom (Suc n) i a))"
+ using 3 unfolding to_univ_poly_def from_univ_poly_def
+ by (metis comp_apply)
+ have 5: "(pre_to_univ_poly (Suc n) i) (pre_to_univ_poly_inv (Suc n) i (ring.indexed_const (R[\<X>\<^bsub>n\<^esub>]) a)) = (ring.indexed_const (R[\<X>\<^bsub>n\<^esub>]) a)"
+ using assms(1) assms(2) pre_to_univ_poly_inverse' by blast
+ have "(to_univ_poly (Suc n) i) (from_univ_poly (Suc n) i (to_polynomial (R[\<X>\<^bsub>n\<^esub>]) a)) = IP_to_UP i (ring.indexed_const (R[\<X>\<^bsub>n\<^esub>]) a)"
+ unfolding to_univ_poly_def
+ by (metis "2" "5" comp_apply)
+ hence 6: "(to_univ_poly (Suc n) i) (from_univ_poly (Suc n) i (to_polynomial (R[\<X>\<^bsub>n\<^esub>]) a)) = to_polynomial (R[\<X>\<^bsub>n\<^esub>]) a"
+ using UP_cring.IP_to_UP_indexed_const[of "R[\<X>\<^bsub>n\<^esub>]"]
+ by (smt UP_cring_def assms(2) coord_cring_cring)
+ have 7: "(to_univ_poly (Suc n) i) (from_univ_poly (Suc n) i (up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) \<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> m)) = up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) \<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> m"
+ proof-
+ have 70: "pvar (R [\<X>\<^bsub>n\<^esub>]) i [^]\<^bsub>Pring (R [\<X>\<^bsub>n\<^esub>]) {i}\<^esub> m \<in> carrier (Pring (R [\<X>\<^bsub>n\<^esub>]) {i})"
+ using Cring_Multivariable_Poly.pvar_closed[of "R[\<X>\<^bsub>n\<^esub>]" i "{i}"] monoid.nat_pow_closed[of "R[\<X>\<^bsub>n\<^esub>]"]
+ by (meson MP.Pring_is_monoid coord_cring_cring equalityD2 insert_subset monoid.nat_pow_closed)
+ have 71: "(UP_to_IP (R [\<X>\<^bsub>Suc n - 1\<^esub>]) i) (up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) \<one>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> m) =
+ (pvar (R[\<X>\<^bsub>n\<^esub>]) i)[^]\<^bsub>Pring (R[\<X>\<^bsub>n\<^esub>]) {i}\<^esub>m"
+ using 70 UP_cring.UP_to_IP_monom[of "R[\<X>\<^bsub>n\<^esub>]" "\<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>" i m ] cring.Pring_smult_one[of "R[\<X>\<^bsub>n\<^esub>]" "pvar (R [\<X>\<^bsub>n\<^esub>]) i [^]\<^bsub>Pring (R [\<X>\<^bsub>n\<^esub>]) {i}\<^esub> m" "{i}"]
+ unfolding UP_cring_def
+ using MP.one_closed coord_cring_cring diff_Suc_1 by presburger
+ hence 72: "from_univ_poly (Suc n) i (up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) \<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> m) =
+ pre_to_univ_poly_inv (Suc n) i ((pvar (R[\<X>\<^bsub>n\<^esub>]) i)[^]\<^bsub>Pring (R[\<X>\<^bsub>n\<^esub>]) {i}\<^esub>m)"
+ unfolding from_univ_poly_def
+ using comp_apply[of "pre_to_univ_poly_inv (Suc n) i" "UP_to_IP (R [\<X>\<^bsub>Suc n - 1\<^esub>]) i" "up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) \<one>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> m"]
+ by presburger
+ have 73: " pre_to_univ_poly_inv (Suc n) i \<in> ring_hom (Pring (R [\<X>\<^bsub>n\<^esub>]) {i}) (R [\<X>\<^bsub>Suc n\<^esub>]) "
+ using pre_to_univ_poly_inv_is_hom[of i n] assms(1) ring_hom_ring.homh by blast
+ hence 74: "from_univ_poly (Suc n) i (up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) \<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> m) = (pvar R i)[^]\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub>m"
+ unfolding from_univ_poly_def
+ using 70 71 72 pre_to_univ_poly_inv_pvar[of i n]
+ ring_hom_nat_pow[of "(Pring (R [\<X>\<^bsub>n\<^esub>]) {i})" "R [\<X>\<^bsub>Suc n\<^esub>]" "pre_to_univ_poly_inv (Suc n) i" "(pvar (R[\<X>\<^bsub>n\<^esub>]) i)" m]
+ by (metis MP.Pring_is_ring MP.Pring_var_closed MP.ring_axioms assms(1) from_univ_poly_def singletonI)
+ hence 75: "(to_univ_poly (Suc n) i) (from_univ_poly (Suc n) i (up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) \<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> m))
+ = (to_univ_poly (Suc n) i) ((pvar R i)[^]\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub>m)"
+ by metis
+ have 76: "pre_to_univ_poly (Suc n) i (pvar R i) = pvar (R [\<X>\<^bsub>Suc n - 1\<^esub>]) i"
+ using pre_to_univ_poly_is_hom(3)[of i "Suc n" ] assms(1) by blast
+ have "pre_to_univ_poly (Suc n) i \<in> ring_hom (R [\<X>\<^bsub>Suc n\<^esub>]) (Pring (R [\<X>\<^bsub>Suc n - 1\<^esub>]) {i}) "
+ apply(rule ring_hom_ring.homh)
+ using pre_to_univ_poly_is_hom(1)[of i "Suc n"]
+ using assms(1) by blast
+ hence "pre_to_univ_poly (Suc n) i (pvar R i [^]\<^bsub>R [\<X>\<^bsub>Suc n\<^esub>]\<^esub> m) = pvar (R [\<X>\<^bsub>Suc n - 1\<^esub>]) i [^]\<^bsub>Pring (R [\<X>\<^bsub>Suc n - 1\<^esub>]) {i}\<^esub> m"
+ using 76 ring_hom_nat_pow[of "R[\<X>\<^bsub>Suc n\<^esub>]" "Pring (R [\<X>\<^bsub>Suc n - 1\<^esub>]) {i}" "pre_to_univ_poly (Suc n) i" "pvar R i" m]
+ by (metis MP.Pring_is_ring MP.ring_axioms assms(1) local.pvar_closed)
+ hence 77: "(to_univ_poly (Suc n) i) (from_univ_poly (Suc n) i (up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) \<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> m))
+ =IP_to_UP i (pvar (R [\<X>\<^bsub>Suc n - 1\<^esub>]) i [^]\<^bsub>Pring (R [\<X>\<^bsub>Suc n - 1\<^esub>]) {i}\<^esub> m)"
+ unfolding to_univ_poly_def using comp_apply[of "IP_to_UP i" " pre_to_univ_poly (Suc n) i"]
+ using "74" by presburger
+ have 78: "IP_to_UP i (pvar (R [\<X>\<^bsub>Suc n - 1\<^esub>]) i) = X_poly (R[\<X>\<^bsub>n\<^esub>])"
+ using cring.IP_to_UP_var[of "R[\<X>\<^bsub>n\<^esub>]"]
+ by (simp add: MP.IP_to_UP_var var_to_IP_def)
+ have 79: "IP_to_UP i \<in> ring_hom (Pring (R [\<X>\<^bsub>n\<^esub>]) {i}) (UP (R [\<X>\<^bsub>n\<^esub>]))"
+ using UP_cring.IP_to_UP_ring_hom[of "R[\<X>\<^bsub>n\<^esub>]" i] ring_hom_ring.homh[of "Pring (R [\<X>\<^bsub>n\<^esub>]) {i}"]
+ unfolding UP_cring_def
+ using coord_cring_cring by blast
+ have 80: "pvar (R [\<X>\<^bsub>Suc n - 1\<^esub>]) i \<in> carrier (Pring (R [\<X>\<^bsub>n\<^esub>]) {i})"
+ by (metis "76" assms(1) diff_Suc_1 local.pvar_closed pre_to_univ_poly_is_hom(6))
+ have 81: "ring (UP (R[\<X>\<^bsub>n\<^esub>]))"
+ using UP_ring.UP_ring[of "R[\<X>\<^bsub>n\<^esub>]"] unfolding UP_ring_def
+ using MP.ring_axioms by blast
+ hence 82: "IP_to_UP i (pvar (R [\<X>\<^bsub>Suc n - 1\<^esub>]) i [^]\<^bsub>Pring (R[\<X>\<^bsub>n\<^esub>]) {i}\<^esub> m) = X_poly (R[\<X>\<^bsub>n\<^esub>]) [^]\<^bsub>UP (R [\<X>\<^bsub>n\<^esub>])\<^esub> m"
+
+ using 78 79 80 ring_hom_nat_pow[of "Pring (R [\<X>\<^bsub>n\<^esub>]) {i}" "UP (R [\<X>\<^bsub>n\<^esub>])" "IP_to_UP i" "pvar (R [\<X>\<^bsub>Suc n - 1\<^esub>]) i" m]
+ by (metis MP.Pring_is_ring)
+ have 83: "\<one>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> \<odot>\<^bsub>UP (R [\<X>\<^bsub>n\<^esub>])\<^esub> X_poly (R [\<X>\<^bsub>n\<^esub>]) [^]\<^bsub>UP (R [\<X>\<^bsub>n\<^esub>])\<^esub> m = X_poly (R [\<X>\<^bsub>n\<^esub>]) [^]\<^bsub>UP (R [\<X>\<^bsub>n\<^esub>])\<^esub> m"
+ using UP_ring.UP_smult_one[of "R[\<X>\<^bsub>n\<^esub>]" "X_poly (R [\<X>\<^bsub>n\<^esub>]) [^]\<^bsub>UP (R [\<X>\<^bsub>n\<^esub>])\<^esub> m"]
+ UP_cring.X_closed[of "R[\<X>\<^bsub>n\<^esub>]"] monoid.nat_pow_closed[of "UP (R[\<X>\<^bsub>n\<^esub>])" "X_poly (R[\<X>\<^bsub>n\<^esub>])" m]
+ unfolding UP_ring_def UP_cring_def
+ using 81 MP.ring_axioms coord_cring_cring ring.is_monoid by blast
+ have 84: "X_poly (R[\<X>\<^bsub>n\<^esub>]) [^]\<^bsub>UP (R [\<X>\<^bsub>n\<^esub>])\<^esub> m = up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) \<one>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> m"
+ using 83 UP_cring.monom_rep_X_pow[of "R[\<X>\<^bsub>n\<^esub>]" "\<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>" m]
+ monoid.nat_pow_closed[of "UP (R[\<X>\<^bsub>n\<^esub>])" "X_poly (R[\<X>\<^bsub>n\<^esub>])" m] 81
+ unfolding UP_cring_def
+ using MP.one_closed coord_cring_cring by presburger
+ thus ?thesis using 77
+ by (metis "82" diff_Suc_1)
+ qed
+ have 8: "to_univ_poly (Suc n) i (from_univ_poly (Suc n) i (up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) a m)) =
+ to_univ_poly (Suc n) i (from_univ_poly (Suc n) i (to_polynomial (R[\<X>\<^bsub>n\<^esub>]) a)) \<otimes>\<^bsub>UP (R[\<X>\<^bsub>n\<^esub>])\<^esub>
+ to_univ_poly (Suc n) i (from_univ_poly (Suc n) i (up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) \<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> m))"
+ proof-
+ have 80: "to_polynomial (R [\<X>\<^bsub>n\<^esub>]) a \<in> carrier (UP (R [\<X>\<^bsub>n\<^esub>]))"
+ using UP_cring.to_poly_closed[of "R[\<X>\<^bsub>n\<^esub>]" a] UP_cring_def assms(2) coord_cring_cring
+ by blast
+ have 81: "up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) \<one>\<^bsub>R [\<X>\<^bsub>n\<^esub>]\<^esub> m \<in> carrier (UP (R [\<X>\<^bsub>n\<^esub>])) "
+ apply(rule UP_ring.monom_closed[of "R[\<X>\<^bsub>n\<^esub>]"]) unfolding UP_ring_def using MP.one_closed
+ apply (simp add: MP.ring_axioms)
+ using MP.one_closed by blast
+ have 82: "(from_univ_poly (Suc n) i (up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) a m)) =
+ (from_univ_poly (Suc n) i (to_polynomial (R[\<X>\<^bsub>n\<^esub>]) a)) \<otimes>\<^bsub>(R[\<X>\<^bsub>Suc n\<^esub>])\<^esub>
+ (from_univ_poly (Suc n) i (up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) \<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> m))"
+ using 80 81 from_univ_poly_mult[of i n "to_polynomial (R [\<X>\<^bsub>n\<^esub>]) a" "(up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) \<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> m)"] 0
+ by (metis assms(1) less_Suc_eq_le)
+ thus ?thesis using to_univ_poly_mult 80 81
+ by (metis assms(1) from_univ_poly_closed less_Suc_eq_le)
+ qed
+ thus ?thesis
+ using "0" "6" "7" by metis
+qed
+
+lemma from_univ_poly_inverse:
+ assumes "i \<le> n"
+ assumes "p \<in> carrier (UP (R[\<X>\<^bsub>n\<^esub>]))"
+ shows "to_univ_poly (Suc n) i (from_univ_poly (Suc n) i p) = p"
+proof(rule UP_ring.poly_induct3[of "R[\<X>\<^bsub>n\<^esub>]"])
+ show "UP_ring (R [\<X>\<^bsub>n\<^esub>])"
+ unfolding UP_ring_def
+ by (simp add: MP.ring_axioms)
+ show "p \<in> carrier (UP (R [\<X>\<^bsub>n\<^esub>]))"
+ using assms by blast
+ show "\<And>p q. q \<in> carrier (UP (R [\<X>\<^bsub>n\<^esub>])) \<Longrightarrow>
+ p \<in> carrier (UP (R [\<X>\<^bsub>n\<^esub>])) \<Longrightarrow>
+ to_univ_poly (Suc n) i (from_univ_poly (Suc n) i p) = p \<Longrightarrow>
+ to_univ_poly (Suc n) i (from_univ_poly (Suc n) i q) = q \<Longrightarrow>
+ to_univ_poly (Suc n) i (from_univ_poly (Suc n) i (p \<oplus>\<^bsub>UP (R [\<X>\<^bsub>n\<^esub>])\<^esub> q)) = p \<oplus>\<^bsub>UP (R [\<X>\<^bsub>n\<^esub>])\<^esub> q"
+ proof- fix p q
+ assume A: "q \<in> carrier (UP (R [\<X>\<^bsub>n\<^esub>]))" "p \<in> carrier (UP (R [\<X>\<^bsub>n\<^esub>]))"
+ "to_univ_poly (Suc n) i (from_univ_poly (Suc n) i p) = p"
+ "to_univ_poly (Suc n) i (from_univ_poly (Suc n) i q) = q"
+ show "to_univ_poly (Suc n) i (from_univ_poly (Suc n) i (p \<oplus>\<^bsub>UP (R [\<X>\<^bsub>n\<^esub>])\<^esub> q)) = p \<oplus>\<^bsub>UP (R [\<X>\<^bsub>n\<^esub>])\<^esub> q"
+ using A assms
+ from_univ_poly_add[of i n p q]
+ to_univ_poly_add[of i n "from_univ_poly (Suc n) i p" "from_univ_poly (Suc n) i q"]
+ from_univ_poly_closed[of i n p] from_univ_poly_closed[of i n q]
+ by presburger
+ qed
+ show "\<And>a na. a \<in> carrier (R [\<X>\<^bsub>n\<^esub>]) \<Longrightarrow>
+ to_univ_poly (Suc n) i (from_univ_poly (Suc n) i (up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) a na)) = up_ring.monom (UP (R [\<X>\<^bsub>n\<^esub>])) a na"
+ using from_univ_poly_monom_inverse[of i ] assms(1) le_imp_less_Suc by presburger
+qed
+
+lemma to_univ_poly_eval:
+ assumes "i < Suc n"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "x \<in> carrier R"
+ assumes "as = insert_at_index a x i"
+ shows "eval_at_point R as p = eval_at_point R a (to_function (R[\<X>\<^bsub>n\<^esub>]) (to_univ_poly (Suc n) i p) (coord_const x))"
+proof-
+ have 0: "pre_to_univ_poly (Suc n) i p \<in> Pring_set (R[\<X>\<^bsub>n\<^esub>]) {i}"
+ using assms pre_to_univ_poly_is_hom(1)[of i "Suc n"] unfolding ring_hom_ring_def
+ unfolding coord_ring_def UP_domain_def coord_ring_def UP_domain_def
+ by (metis MP.Pring_car coord_ring_def diff_Suc_1 pre_to_univ_poly_is_hom(6))
+ have 1: " closed_fun (R[\<X>\<^bsub>n\<^esub>]) (\<lambda>n. coord_const x)"
+ using assms(4) R.indexed_const_closed
+ unfolding coord_ring_def UP_domain_def
+ by blast
+ have "(to_function (R[\<X>\<^bsub>n\<^esub>]) (to_univ_poly (Suc n) i p) (coord_const x)) =
+ to_function (R[\<X>\<^bsub>n\<^esub>]) (IP_to_UP i ((pre_to_univ_poly (Suc n) i) p)) (coord_const x)"
+ unfolding to_univ_poly_def
+ unfolding coord_ring_def UP_domain_def
+ by (metis comp_apply)
+ then have 2: "(to_function (R[\<X>\<^bsub>n\<^esub>]) (to_univ_poly (Suc n) i p) (coord_const x)) =
+ (total_eval (R[\<X>\<^bsub>n\<^esub>]) (\<lambda> i. coord_const x) (pre_to_univ_poly (Suc n) i p))"
+ using 0 1 UP_cring.IP_to_UP_poly_eval[of "R[\<X>\<^bsub>n\<^esub>]"
+ "(pre_to_univ_poly (Suc n) i) p" i "\<lambda> i. coord_const x"]
+ unfolding coord_ring_def UP_cring_def
+ using assms(4) cring.indexed_const_closed R.Pring_is_cring R.cring_axioms
+ by smt
+ then show ?thesis using pre_to_univ_poly_eval[of i n p a x as]
+ using assms(1) assms(2) assms(3) assms(4) assms(5) by presburger
+qed
+
+text\<open>
+ The function \texttt{one\_over\_poly}, introduced in the theory \texttt{Cring\_Poly}, maps a
+ polynomial $p(x)$ to the unique polynomial $q(x)$ which satisfies the relation
+ $q(x) = x^n p(1/x)$. This will be used later to show that the function $f(x) = 1/x$ is
+ semialgebraic over the field $\mathbb{Q}_p$.\<close>
+lemma to_univ_poly_one_over_poly:
+ assumes "field R"
+ assumes "i < (Suc n)"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ assumes "Q = from_univ_poly (Suc n) i (UP_cring.one_over_poly (R[\<X>\<^bsub>n\<^esub>]) (to_univ_poly (Suc n) i p))"
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "x \<in> carrier R"
+ assumes "x \<noteq> \<zero>"
+ assumes "b = insert_at_index a x i"
+ assumes "c = insert_at_index a (inv x) i"
+ assumes "N = UP_ring.degree (R[\<X>\<^bsub>n\<^esub>]) (to_univ_poly (Suc n) i p)"
+ shows "Q \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ "eval_at_point R b Q = (x[^]N) \<otimes> (eval_at_point R c p)"
+proof-
+ have 0: "(to_univ_poly (Suc n) i p) \<in> carrier (UP (R[\<X>\<^bsub>n\<^esub>]))"
+ using assms(2) assms(3) less_Suc_eq_le to_univ_poly_closed by blast
+ have 1: "(UP_cring.one_over_poly (R[\<X>\<^bsub>n\<^esub>]) (to_univ_poly (Suc n) i p)) \<in> carrier (UP (R[\<X>\<^bsub>n\<^esub>]))"
+ using 0 assms UP_domain_def UP_cring.one_over_poly_closed UP_cring_def coord_cring_cring by blast
+ show "Q \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ using 1 assms from_univ_poly_closed[of i n] less_Suc_eq_le
+ by blast
+ have 2: "coord_const x \<in> Units (R[\<X>\<^bsub>n\<^esub>])"
+ proof-
+
+ have 20: "inv x \<in> carrier R"
+ using assms(1) assms(6) assms(7) field.field_Units by blast
+ have 21: "x \<otimes> (inv x) = \<one> "
+ using assms field.field_Units R.Units_r_inv
+ by blast
+ have 22: "coord_const x \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using assms(6) R.indexed_const_closed
+ unfolding coord_ring_def
+ by blast
+ have 23: "coord_const (inv x) \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using "20" R.indexed_const_closed
+ unfolding coord_ring_def
+by blast
+ have 24: "coord_const x \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> coord_const (inv x) = coord_const (x \<otimes> (inv x))"
+ using assms(6) 20 R.indexed_const_mult unfolding coord_ring_def
+ by blast
+ have 25: "coord_const x \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> coord_const (inv x) = \<one>\<^bsub>coord_ring R n\<^esub>"
+ unfolding coord_ring_def
+ by (metis "20" "21" R.Pring_one assms(6) R.indexed_const_mult)
+ have 26: "coord_const (inv x) \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> coord_const x = \<one>\<^bsub>coord_ring R n\<^esub>"
+ unfolding coord_ring_def
+ by (metis "21" "22" "23" "24" MP.m_comm R.Pring_one coord_ring_def)
+ then show ?thesis
+ using 23 Units_def[of "R[\<X>\<^bsub>n\<^esub>]"] "22" "25"
+ by blast
+ qed
+ have 3: "inv\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> (coord_const x) = coord_const (inv x)"
+ proof-
+ have 20: "inv x \<in> carrier R"
+ using assms(1) assms(6) assms(7) field.field_Units by blast
+ have 21: "x \<otimes> (inv x) = \<one> "
+ using assms field.field_Units R.Units_r_inv
+ by blast
+ have 22: "coord_const x \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using assms(6) R.indexed_const_closed
+ unfolding coord_ring_def
+by blast
+ have 23: "coord_const (inv x) \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using "20" R.indexed_const_closed unfolding coord_ring_def
+ by blast
+ have 24: "coord_const x \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> coord_const (inv x) = coord_const (x \<otimes> (inv x))"
+ using assms(6) 20 R.indexed_const_mult unfolding coord_ring_def
+ by blast
+ have 25: "coord_const x \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> coord_const (inv x) = \<one>\<^bsub>coord_ring R n\<^esub>"
+ unfolding coord_ring_def
+ by (metis "20" "21" R.Pring_one assms(6) R.indexed_const_mult)
+ show ?thesis
+ using 22 23 25 R.Pring_is_cring[of "{..<n}"]
+ monoid.inv_char[of "R[\<X>\<^bsub>n\<^esub>]"]
+ unfolding coord_ring_def
+
+ by (metis R.Pring_is_monoid R.Pring_mult_comm R.is_cring)
+ qed
+ have 4: "to_function (R[\<X>\<^bsub>n\<^esub>]) (UP_cring.one_over_poly (R[\<X>\<^bsub>n\<^esub>]) (to_univ_poly (Suc n) i p))
+ (coord_const x) = (coord_const x)[^]\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>N \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>
+ (to_function (R[\<X>\<^bsub>n\<^esub>]) ( (to_univ_poly (Suc n) i p)) (coord_const (inv\<^bsub>R\<^esub> x)))"
+ using 3 assms UP_cring_def UP_cring.one_over_poly_eval[of "R[\<X>\<^bsub>n\<^esub>]" " (to_univ_poly (Suc n) i p)" "coord_const x"]
+ unfolding coord_ring_def
+ by (metis "0" "2" MP.Units_closed R.Pring_is_cring UP_cring.to_fun_def coord_ring_def R.is_cring)
+ have 5: "eval_at_point R a (to_function (R[\<X>\<^bsub>n\<^esub>]) (UP_cring.one_over_poly (R[\<X>\<^bsub>n\<^esub>]) (to_univ_poly (Suc n) i p))
+ (coord_const x))
+ = eval_at_point R a ((coord_const x)[^]\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>N \<otimes>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>
+ (to_function (R[\<X>\<^bsub>n\<^esub>]) ( (to_univ_poly (Suc n) i p)) (coord_const (inv\<^bsub>R\<^esub> x))) ) "
+ using 4
+ by presburger
+ have 6: "to_univ_poly (Suc n) i Q = (UP_cring.one_over_poly (R[\<X>\<^bsub>n\<^esub>]) (to_univ_poly (Suc n) i p))"
+ using assms from_univ_poly_inverse
+ by (meson "1" less_Suc_eq_le)
+ have 7: "eval_at_point R a (to_function (R[\<X>\<^bsub>n\<^esub>]) (UP_cring.one_over_poly (R[\<X>\<^bsub>n\<^esub>]) (to_univ_poly (Suc n) i p))
+ (coord_const x)) = eval_at_point R b Q"
+ using 6 to_univ_poly_eval[of i n Q a x b] assms \<open>Q \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])\<close>
+ by smt
+ have 8: "(coord_const x)[^]\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>N \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ using monoid.nat_pow_closed[of "R[\<X>\<^bsub>n\<^esub>]"]
+ unfolding coord_ring_def
+ using R.Pring_is_monoid assms(6) R.indexed_const_closed by blast
+ have 9: "to_function (R[\<X>\<^bsub>n\<^esub>]) ( (to_univ_poly (Suc n) i p)) (coord_const (inv\<^bsub>R\<^esub> x))
+ \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ proof-
+ have 91: "to_univ_poly (Suc n) i p \<in> carrier (UP (R[\<X>\<^bsub>n\<^esub>]))"
+ by (simp add: "0")
+ have " coord_const (inv x) \<in> carrier (R[\<X>\<^bsub>n\<^esub>])"
+ proof-
+ have "inv x \<in> carrier R"
+ using assms(1) assms(6) assms(7) field.field_Units by blast
+ then show ?thesis
+ using R.indexed_const_closed[of "inv x"] assms
+ unfolding coord_ring_def
+
+ by blast
+ qed
+ then show ?thesis
+ using 91 UP_cring_def[of "R[\<X>\<^bsub>n\<^esub>]" ] UP_cring.to_fun_closed[of "R[\<X>\<^bsub>n\<^esub>]" "to_univ_poly (Suc n) i p" "coord_const (inv\<^bsub>R\<^esub> x)"]
+ to_univ_poly_closed[of i n p] UP_domain_def[of "R[\<X>\<^bsub>n\<^esub>]"]
+ unfolding coord_ring_def
+ using R.Pring_is_cring R.is_cring
+ by (metis UP_cring.to_fun_def)
+ qed
+ have 10: " eval_at_point R b Q = (eval_at_point R a ((coord_const x)[^]\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>N)) \<otimes>
+ (eval_at_point R a (to_function (R[\<X>\<^bsub>n\<^esub>]) ( (to_univ_poly (Suc n) i p)) (coord_const (inv\<^bsub>R\<^esub> x))))"
+ using 7 5 eval_at_point_mult[of a n "(coord_const x)[^]\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>N"
+ "(to_function (R[\<X>\<^bsub>n\<^esub>]) ( (to_univ_poly (Suc n) i p)) (coord_const (inv\<^bsub>R\<^esub> x)))"]
+ "8" "9" assms(5)
+ by presburger
+ have 11: "inv x \<in> carrier R"
+ using assms(1) assms(6) assms(7) field.field_Units by blast
+ have 12: " eval_at_point R b Q = (eval_at_point R a ((coord_const x)[^]\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>N)) \<otimes>
+ (eval_at_point R c p)"
+ using 10 11 to_univ_poly_eval[of i n p a "inv x" c] assms(2) assms(3) assms(5) assms(9)
+ by presburger
+ show 12: " eval_at_point R b Q = (x[^]N) \<otimes>
+ (eval_at_point R c p)"
+ proof-
+ have 0: "(coord_const x)[^]\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>N = coord_const (x[^]N)"
+ proof(induction N)
+ case 0
+ have 00: "coord_const x [^]\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> (0::nat) = \<one>\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>"
+ using nat_pow_def[of "R[\<X>\<^bsub>n\<^esub>]" _ "(0::nat)"]
+ unfolding coord_ring_def
+ by (meson Group.nat_pow_0)
+ then show ?case
+ unfolding coord_ring_def
+ by (metis Group.nat_pow_0 R.Pring_one)
+ next
+ case (Suc N) fix N::nat assume IH: "coord_const x [^]\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub> N = coord_const (x [^] N)"
+ then show ?case
+ using R.indexed_const_mult Group.nat_pow_Suc Suc.IH assms(6) R.nat_pow_closed
+ unfolding coord_ring_def
+ by (metis )
+ qed
+ have 1: "(eval_at_point R a ((coord_const x)[^]\<^bsub>R[\<X>\<^bsub>n\<^esub>]\<^esub>N)) = x[^]N"
+ using 0
+ by (metis assms(5) assms(6) eval_at_point_const R.nat_pow_closed)
+ show ?thesis using 0 1 "12"
+ by presburger
+ qed
+qed
+
+lemma to_univ_poly_one_over_poly':
+ assumes "field R"
+ assumes "i < (Suc n)"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ assumes "Q = from_univ_poly (Suc n) i (UP_cring.one_over_poly (R[\<X>\<^bsub>n\<^esub>]) (to_univ_poly (Suc n) i p))"
+ assumes "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ assumes "x \<in> carrier R"
+ assumes "x \<noteq> \<zero>"
+ assumes "b = insert_at_index a x i"
+ assumes "c = insert_at_index a (inv x) i"
+ assumes "N = UP_ring.degree (R[\<X>\<^bsub>n\<^esub>]) (to_univ_poly (Suc n) i p)"
+ assumes "q = (pvar R i)[^]\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub>(k::nat)\<otimes>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub> Q"
+ shows "q \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ "eval_at_point R b q = (x[^](N + k)) \<otimes> (eval_at_point R c p)"
+proof-
+ have 0: "(pvar R i)[^]\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub>k \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ using pvar_closed[of i "Suc n"] monoid.nat_pow_closed[]
+ unfolding coord_ring_def
+ by (metis R.Pring_is_monoid assms(2))
+ have 1: "b \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ using assms(2) assms(5) assms(6) assms(8) insert_at_index_closed less_Suc_eq_le
+ by blast
+ have 11 : "c \<in> carrier (R\<^bsup>Suc n\<^esup>)"
+ proof-
+ have "inv x \<in> carrier R"
+ using assms field.field_Units
+ by blast
+ then show ?thesis
+ using assms insert_at_index_closed less_Suc_eq_le
+ by blast
+ qed
+ have 2: "eval_at_point R b q = eval_at_point R b ((pvar R i)[^]\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub>(k::nat))
+ \<otimes> eval_at_point R b Q"
+ using assms 0 1 unfolding coord_ring_def
+ by (metis R.Pring_mult coord_ring_def eval_at_point_mult to_univ_poly_one_over_poly(1))
+ have 3: "eval_at_point R b ((pvar R i)[^]\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub>(k::nat)) =
+ x[^](k::nat)"
+ proof(induction k)
+ case 0
+ have T0: "eval_at_point R b ((pvar R i)[^]\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub>(0::nat)) =
+ eval_at_point R b (\<one>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub>)"
+ using nat_pow_def[of "R[\<X>\<^bsub>Suc n\<^esub>]" "pvar R i" "0::nat"]
+ by (metis Group.nat_pow_0)
+ then show ?case
+ by (metis "1" assms(2) eval_at_point_nat_pow R.nat_pow_0 local.pvar_closed)
+ next
+ case (Suc k) fix k::nat
+ assume IH: "eval_at_poly R (pvar R i [^]\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub> k) b = x [^] k "
+ have 0: "eval_at_poly R (pvar R i) b = b!i"
+ using eval_pvar[of i "Suc n"] assms "1"
+ by blast
+ have "length a = n"
+ using assms(5) cartesian_power_car_memE by blast
+ then have "eval_at_poly R (pvar R i) b = x"
+ using 0 assms(8) insert_at_index_eq[of i a x]
+ by (metis assms(2) less_Suc_eq_le)
+ then show ?case
+ using "1" assms(2) eval_at_point_nat_pow local.pvar_closed
+ by blast
+ qed
+ have 4: "eval_at_point R b Q = (x[^]N) \<otimes> (eval_at_point R c p)"
+ using to_univ_poly_one_over_poly(2)[of i n p Q a x b c N] assms(1) assms(10) assms(2)
+ assms(3) assms(4) assms(5) assms(6) assms(7) assms(8) assms(9)
+ by blast
+ have 5: "eval_at_point R b q = x[^](k::nat) \<otimes> ((x[^]N) \<otimes> (eval_at_point R c p))"
+ using 4 3 2
+ by presburger
+ show 6: "eval_at_point R b q = x[^](N + k) \<otimes> (eval_at_point R c p)"
+ proof-
+
+ have 60: "x[^](k::nat) \<in> carrier R"
+ using assms(6) by blast
+ have 61: "x[^]N \<in> carrier R"
+ using assms(6) by blast
+ have 62: "eval_at_point R c p \<in> carrier R"
+ using eval_at_point_closed[of c "Suc n" p] \<open>c \<in> carrier (R\<^bsup>Suc n\<^esup>)\<close> assms(3)
+ by blast
+ show ?thesis using 5 60 61 62
+ by (metis assms(6) R.m_assoc R.m_comm R.nat_pow_mult)
+ qed
+ show "q \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ using assms
+ unfolding coord_ring_def
+ using 0 R.Pring_mult_closed to_univ_poly_one_over_poly(1)
+ by (metis coord_ring_def)
+
+qed
+
+lemma to_univ_poly_one_over_poly'':
+ assumes "field R"
+ assumes "i < (Suc n)"
+ assumes "p \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ assumes "N \<ge> UP_ring.degree (R[\<X>\<^bsub>n\<^esub>]) (to_univ_poly (Suc n) i p)"
+ shows "\<exists> q \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>]). ( \<forall> x \<in> carrier R - {\<zero>}. ( \<forall> a \<in> carrier (R\<^bsup>n\<^esup>).
+ eval_at_point R (insert_at_index a x i) q = (x[^]N) \<otimes> (eval_at_point R (insert_at_index a (inv x) i) p)))"
+proof-
+ obtain Q where Q_def:
+ "Q = from_univ_poly (Suc n) i (UP_cring.one_over_poly (R[\<X>\<^bsub>n\<^esub>]) (to_univ_poly (Suc n) i p))"
+ by blast
+ obtain k where k_def: "k = (N - UP_ring.degree (R[\<X>\<^bsub>n\<^esub>]) (to_univ_poly (Suc n) i p))"
+ by blast
+ obtain q where q_def: "q = (pvar R i)[^]\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub>(k::nat)\<otimes>\<^bsub>R[\<X>\<^bsub>Suc n\<^esub>]\<^esub> Q"
+ by blast
+ have 0: " ( \<forall> x \<in> carrier R - {\<zero>}.( \<forall> a \<in> carrier (R\<^bsup>n\<^esup>).
+ eval_at_point R (insert_at_index a x i) q = (x[^]N) \<otimes> (eval_at_point R (insert_at_index a (inv x) i) p)))"
+ proof fix x
+ assume A0: " x \<in> carrier R - {\<zero>}"
+ show " \<forall>a\<in>carrier (R\<^bsup>n\<^esup>). eval_at_poly R q (insert_at_index a x i) = x [^] N \<otimes> eval_at_poly R p (insert_at_index a (inv x) i)"
+ proof fix a assume A1: "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ obtain l where l_def: "l = UP_ring.degree (R[\<X>\<^bsub>n\<^esub>]) (to_univ_poly (Suc n) i p)"
+ by blast
+ have "eval_at_poly R q (insert_at_index a x i) = x [^] (l + k) \<otimes> eval_at_poly R p (insert_at_index a (inv x) i)"
+ using assms A1 A0 to_univ_poly_one_over_poly'(2)[of i n p Q a x "insert_at_index a x i" "insert_at_index a (inv x) i" l q k]
+ Q_def l_def q_def
+ by blast
+ then show " eval_at_poly R q (insert_at_index a x i) = x [^] N \<otimes> eval_at_poly R p (insert_at_index a (inv x) i)"
+ using k_def assms l_def add_diff_inverse_nat less_Suc_eq not_less_eq
+ by (metis diff_diff_cancel diff_less_Suc)
+ qed
+ qed
+ have 1: "q \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ proof-
+ obtain a where a_def: "a = map (\<lambda>i. \<one>) [(0::nat)..<n] "
+ by blast
+ have a_car: "a \<in> carrier (R\<^bsup>n\<^esup>)"
+ apply(rule cartesian_power_car_memI')
+ using a_def
+ apply (metis Ex_list_of_length coeff_list length_map length_rev)
+ proof- fix i assume A: "i < n"
+ then have "a!i = \<one>"
+ using a_def
+ by (metis R_list_length length_map map_nth nth_map)
+ then show "a ! i \<in> carrier R"
+ using a_def R.one_closed
+ by metis
+ qed
+ then show "q \<in> carrier (R[\<X>\<^bsub>Suc n\<^esub>])"
+ using assms q_def k_def Q_def to_univ_poly_one_over_poly'(1)[of i n p Q a \<one> _ _ "deg (R[\<X>\<^bsub>n\<^esub>])
+ (to_univ_poly (Suc n) i p)" q "N -deg (R[\<X>\<^bsub>n\<^esub>]) (to_univ_poly (Suc n) i p)" ]
+ using one_closed local.one_neq_zero by blast
+ qed
+ show ?thesis
+ using 0 1 by blast
+qed
+
+(**************************************************************************************************)
+(**************************************************************************************************)
+section\<open>Restricted Inverse Images and Complements\<close>
+(**************************************************************************************************)
+(**************************************************************************************************)
+
+text\<open>
+ This section introduces some versions of basic set operations for extensional functions and sets.
+ We would like a version of the inverse image which intersects the inverse image of a function
+ with the set \texttt{carrier }$(R^n)$, and a version of the complement of a set which takes the
+ comeplement relative to \texttt{carrier }$(R^n)$. These will have to be defined in parametrized
+ families, with one such object for each natural number $n$.\<close>
+definition evimage (infixr "\<inverse>\<index>" 90) where
+"evimage n f S = ((f -` S) \<inter> carrier (R\<^bsup>n\<^esup>))"
+
+definition euminus_set :: "nat \<Rightarrow> 'a list set \<Rightarrow> 'a list set" ("_ \<^sup>c\<index>" 70) where
+"S\<^sup>c\<^bsub>n\<^esub> = carrier (R\<^bsup>n\<^esup>) - S"
+
+lemma extensional_vimage_closed:
+"f \<inverse>\<^bsub>n\<^esub> S \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ unfolding evimage_def by blast
+
+subsection \<open>Inverse image of a function\<close>
+
+lemma evimage_eq [simp]: "a \<in> f \<inverse>\<^bsub>n\<^esub> B \<longleftrightarrow> a \<in> carrier (R\<^bsup>n\<^esup>) \<and> f a \<in> B"
+ unfolding evimage_def
+ by blast
+
+lemma evimage_singleton_eq: "a \<in> f \<inverse>\<^bsub>n\<^esub> {b} \<longleftrightarrow> a \<in> carrier (R\<^bsup>n\<^esup>) \<and> f a = b"
+ unfolding evimage_def
+ by blast
+
+lemma evimageI [intro]: "a \<in> carrier (R\<^bsup>n\<^esup>) \<Longrightarrow> f a = b \<Longrightarrow> b \<in> B \<Longrightarrow> a \<in> f \<inverse>\<^bsub>n\<^esub> B"
+ unfolding vimage_def
+ using evimage_eq by blast
+
+lemma evimageI2: "a \<in> carrier (R\<^bsup>n\<^esup>) \<Longrightarrow> f a \<in> A \<Longrightarrow> a \<in> f \<inverse>\<^bsub>n\<^esub> A"
+ unfolding vimage_def by fast
+
+lemma evimageE [elim!]: "a \<in> f \<inverse>\<^bsub>n\<^esub> B \<Longrightarrow> (\<And>x. f a = x \<Longrightarrow> x \<in> B \<Longrightarrow> p) \<Longrightarrow> p"
+ unfolding evimage_def
+ by blast
+
+lemma evimageD: "a \<in> f\<inverse>\<^bsub>n\<^esub> A \<Longrightarrow> f a \<in> A"
+ unfolding vimage_def by fast
+
+lemma evimage_empty [simp]: "f \<inverse>\<^bsub>n\<^esub> {} = {}"
+ by blast
+
+lemma evimage_Compl:
+ assumes "f \<in> carrier (R\<^bsup>n\<^esup>) \<rightarrow> carrier (R\<^bsup>m\<^esup>)"
+ shows "(f \<inverse>\<^bsub>n\<^esub>(A\<^sup>c\<^bsub>m\<^esub>)) = ((f -` A)\<^sup>c\<^bsub>n\<^esub>) "
+proof-
+ have "(f \<inverse>\<^bsub>n\<^esub>(A\<^sup>c\<^bsub>m\<^esub>)) = ((f -` (carrier (R\<^bsup>m\<^esup>)) - (f -` A))) \<inter> carrier (R\<^bsup>n\<^esup>)"
+ unfolding evimage_def euminus_set_def by blast
+ hence 0: "(f \<inverse>\<^bsub>n\<^esub>(A\<^sup>c\<^bsub>m\<^esub>)) = (f -` (carrier (R\<^bsup>m\<^esup>)) \<inter> carrier (R\<^bsup>n\<^esup>)) - (f -` A)"
+ by (simp add: Int_Diff Int_commute)
+ have "(f -` (carrier (R\<^bsup>m\<^esup>)) \<inter> carrier (R\<^bsup>n\<^esup>)) = carrier (R\<^bsup>n\<^esup>)"
+ proof
+ show "f -` carrier (R\<^bsup>m\<^esup>) \<inter> carrier (R\<^bsup>n\<^esup>) \<subseteq> carrier (R\<^bsup>n\<^esup>)"
+ by auto
+ show "carrier (R\<^bsup>n\<^esup>) \<subseteq> f -` carrier (R\<^bsup>m\<^esup>) \<inter> carrier (R\<^bsup>n\<^esup>)"
+ using assms by blast
+ qed
+ thus ?thesis using 0
+ by (simp add: euminus_set_def)
+qed
+
+lemma evimage_Un [simp]: "f \<inverse>\<^bsub>n\<^esub> (A \<union> B) = (f \<inverse>\<^bsub>n\<^esub> A) \<union> (f \<inverse>\<^bsub>n\<^esub> B)"
+ unfolding evimage_def by blast
+
+lemma evimage_Int [simp]: "f \<inverse>\<^bsub>n\<^esub> (A \<inter> B) = (f \<inverse>\<^bsub>n\<^esub> A) \<inter> (f \<inverse>\<^bsub>n\<^esub> B)"
+ unfolding evimage_def by blast
+
+lemma evimage_Collect_eq [simp]: "f \<inverse>\<^bsub>n\<^esub> Collect p = {y \<in> carrier (R\<^bsup>n\<^esup>). p (f y)}"
+ unfolding evimage_def by blast
+
+lemma evimage_Collect: "(\<And>x. x \<in> carrier (R\<^bsup>n\<^esup>) \<Longrightarrow> p (f x) = Q x) \<Longrightarrow> f \<inverse>\<^bsub>n\<^esub> (Collect p) = Collect Q \<inter> carrier (R\<^bsup>n\<^esup>)"
+ unfolding evimage_def by blast
+
+lemma evimage_insert: "f \<inverse>\<^bsub>n\<^esub> (insert a B) = (f \<inverse>\<^bsub>n\<^esub> {a}) \<union> (f \<inverse>\<^bsub>n\<^esub> B)"
+ \<comment> \<open>NOT suitable for rewriting because of the recurrence of \<open>{a}\<close>.\<close>
+ unfolding evimage_def by blast
+
+lemma evimage_Diff: "f \<inverse>\<^bsub>n\<^esub> (A - B) = (f \<inverse>\<^bsub>n\<^esub> A) - (f \<inverse>\<^bsub>n\<^esub> B)"
+ unfolding evimage_def by blast
+
+lemma evimage_UNIV [simp]: "f \<inverse>\<^bsub>n\<^esub> UNIV = carrier (R\<^bsup>n\<^esup>)"
+ unfolding evimage_def by blast
+
+lemma evimage_mono: "A \<subseteq> B \<Longrightarrow> f \<inverse>\<^bsub>n\<^esub> A \<subseteq> f \<inverse>\<^bsub>n\<^esub> B"
+ \<comment> \<open>monotonicity\<close>
+ unfolding evimage_def by blast
+
+lemma evimage_image_eq: "(f \<inverse>\<^bsub>n\<^esub> (f ` A)) = {y \<in> carrier (R\<^bsup>n\<^esup>). \<exists>x\<in>A. f x = f y}"
+ unfolding evimage_def by (blast intro: sym)
+
+lemma image_evimage_subset: "f ` (f \<inverse>\<^bsub>n\<^esub> A) \<subseteq> A"
+ by blast
+
+lemma image_evimage_eq [simp]: "f ` (f \<inverse>\<^bsub>n\<^esub> A) = A \<inter> (f ` carrier (R\<^bsup>n\<^esup>))"
+ unfolding evimage_def by blast
+
+lemma image_subset_iff_subset_evimage: "A \<subseteq> carrier (R\<^bsup>n\<^esup>) \<Longrightarrow> f ` A \<subseteq> B \<longleftrightarrow> A \<subseteq> f \<inverse>\<^bsub>n\<^esub> B"
+ by blast
+
+lemma evimage_const [simp]: "((\<lambda>x. c) \<inverse>\<^bsub>n\<^esub> A) = (if c \<in> A then carrier (R\<^bsup>n\<^esup>) else {})"
+ unfolding evimage_def using vimage_const[of c A]
+ by (smt Int_commute inf_bot_right inf_top.right_neutral)
+
+lemma evimage_if [simp]: "((\<lambda>x. if x \<in> B then c else d) \<inverse>\<^bsub>n\<^esub> A) =
+ (if c \<in> A then (if d \<in> A then carrier (R\<^bsup>n\<^esup>) else B \<inter> carrier (R\<^bsup>n\<^esup>) )
+ else if d \<in> A then B\<^sup>c\<^bsub>n\<^esub> else {})"
+unfolding evimage_def euminus_set_def using vimage_if[of B c d A]
+ by (metis Diff_Compl Diff_UNIV Diff_empty Int_commute double_compl)
+
+lemma evimage_inter_cong: "(\<And> w. w \<in> S \<Longrightarrow> f w = g w) \<Longrightarrow> f \<inverse>\<^bsub>n\<^esub> y \<inter> S = g \<inverse>\<^bsub>n\<^esub> y \<inter> S"
+unfolding evimage_def
+ by (smt Int_assoc Int_commute vimage_inter_cong)
+
+lemma evimage_ident [simp]: "(\<lambda>x. x) \<inverse>\<^bsub>n\<^esub> Y = Y \<inter> carrier (R\<^bsup>n\<^esup>)"
+unfolding evimage_def
+ by blast
+
+
+end
+
+
+
+
+end
diff --git a/thys/Padic_Field/document/root.bib b/thys/Padic_Field/document/root.bib
new file mode 100644
--- /dev/null
+++ b/thys/Padic_Field/document/root.bib
@@ -0,0 +1,62 @@
+
+@Book{dummit2004abstract,
+ author = {Dummit, David},
+ title = {Abstract algebra},
+ publisher = {John Wiley \& Sons, Inc},
+ year = {2004},
+ address = {Hoboken, NJ},
+ isbn = {0471433349}
+ }
+
+@Book{engler2005valued,
+ author = {Engler, Antonio},
+ title = {Valued fields},
+ publisher = {Springer},
+ year = {2005},
+ address = {Berlin New York},
+ isbn = {354024221X}
+ }
+
+@misc{keithconrad, title={Hensel's Lemma}, url={https://kconrad.math.uconn.edu/blurbs/gradnumthy/hensel.pdf}, author={Conrad, Keith}}
+
+@inproceedings{Thi,
+author = {Lewis, Robert Y.},
+title = {A Formal Proof of Hensel's Lemma over the p-Adic Integers},
+year = {2019},
+isbn = {9781450362221},
+publisher = {Association for Computing Machinery},
+address = {New York, NY, USA},
+url = {https://doi.org/10.1145/3293880.3294089},
+doi = {10.1145/3293880.3294089},
+abstract = {The field of p-adic numbers ℚp and the ring of p-adic integers ℤp are essential constructions of modern number theory. Hensel’s lemma, described by Gouv\^{e}a as the “most important algebraic property of the p-adic numbers,” shows the existence of roots of polynomials over ℤp provided an initial seed point. The theorem can be proved for the p-adics with significantly weaker hypotheses than for general rings. We construct ℚp and ℤp in the Lean proof assistant, with various associated algebraic properties, and formally prove a strong form of Hensel’s lemma. The proof lies at the intersection of algebraic and analytic reasoning and demonstrates how the Lean mathematical library handles such a heterogeneous topic.},
+booktitle = {Proceedings of the 8th ACM SIGPLAN International Conference on Certified Programs and Proofs},
+pages = {15–26},
+numpages = {12},
+keywords = {Hensel's lemma, formal proof, Lean, p-adic},
+location = {Cascais, Portugal},
+series = {CPP 2019}
+}
+
+@article{10.2307/2274477,
+ ISSN = {00224812},
+ URL = {http://www.jstor.org/stable/2274477},
+ author = {Johan Pas},
+ journal = {The Journal of Symbolic Logic},
+ number = {3},
+ pages = {1125--1129},
+ publisher = {Association for Symbolic Logic},
+ title = {On the Angular Component Map Modulo P},
+ volume = {55},
+ year = {1990}
+}
+
+@article{denef1986,
+author = {Denef, Jan},
+journal = {Journal für die reine und angewandte Mathematik},
+keywords = {rationality of Poincaré series; Macintyre's theorem; elimination of quantifiers; p-adic fields; cell decomposition theorem},
+pages = {154-166},
+title = {p-adic Semi-Algebraic Sets and Cell Decomposition.},
+url = {http://eudml.org/doc/152854},
+volume = {369},
+year = {1986},
+}
diff --git a/thys/Padic_Field/document/root.tex b/thys/Padic_Field/document/root.tex
new file mode 100755
--- /dev/null
+++ b/thys/Padic_Field/document/root.tex
@@ -0,0 +1,64 @@
+\documentclass[11pt,a4paper]{article}
+\usepackage{isabelle,isabellesym, amsmath, amssymb, amsfonts}
+
+% further packages required for unusual symbols (see also
+% isabellesym.sty), use only when needed
+
+%\usepackage{amssymb}
+ %for \<leadsto>, \<box>, \<diamond>, \<sqsupset>, \<mho>, \<Join>,
+ %\<lhd>, \<lesssim>, \<greatersim>, \<lessapprox>, \<greaterapprox>,
+ %\<triangleq>, \<yen>, \<lozenge>
+
+%\usepackage{eurosym}
+ %for \<euro>
+
+%\usepackage[only,bigsqcap]{stmaryrd}
+ %for \<Sqinter>
+
+%\usepackage{eufrak}
+ %for \<AA> ... \<ZZ>, \<aa> ... \<zz> (also included in amssymb)
+
+%\usepackage{textcomp}
+ %for \<onequarter>, \<onehalf>, \<threequarters>, \<degree>, \<cent>,
+ %\<currency>
+
+% this should be the last package used
+\usepackage{pdfsetup}
+
+% urls in roman style, theory text in math-similar italics
+\urlstyle{rm}
+\isabellestyle{it}
+
+% for uniform font size
+%\renewcommand{\isastyle}{\isastyleminor}
+
+
+\begin{document}
+
+\title{$p$-adic Fields}
+\author{Aaron Crighton}
+\maketitle
+
+\tableofcontents
+
+% sane default for proof documents
+\parindent 0pt\parskip 0.5ex
+
+
+\begin{abstract}
+We formalize the fields $\mathbb{Q}_p$ of $p$-adic numbers within the framework of the HOL-Algebra library. The $p$-adic field is defined simply as the fraction field of the ring of $p$-adic integers. The valuation, and basic topological properties of $\mathbb{Q}_p$ are developed, including deducing Hensel's Lemma for $\mathbb{Q}_p$ from the same theorem for $\mathbb{Z}_p$. The theory of semialgebraic subsets of $\mathbb{Q}_p^n$ and semialgebraic functions is also developed, as outlined in \cite{denef1986}. In order to formulate these results, general theory about multivariable polynomial rings and cartesian powers of a ring must also be developed. This work is done with a view to formalizing the proof in \cite{denef1986} of Macintyre's quantifier elimination theorem for semialgebraic subsets of $\mathbb{Q}_p^n$.
+\end{abstract}
+% generated text of all theories
+
+\input{session}
+
+% optional bibliography
+\bibliographystyle{abbrv}
+\bibliography{root}
+
+\end{document}
+
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: t
+%%% End:
diff --git a/thys/ROOTS b/thys/ROOTS
--- a/thys/ROOTS
+++ b/thys/ROOTS
@@ -1,700 +1,705 @@
ADS_Functor
AI_Planning_Languages_Semantics
AODV
AVL-Trees
AWN
Abortable_Linearizable_Modules
Abs_Int_ITP2012
Abstract-Hoare-Logics
Abstract-Rewriting
Abstract_Completeness
Abstract_Soundness
Ackermanns_not_PR
Actuarial_Mathematics
Adaptive_State_Counting
Affine_Arithmetic
Aggregation_Algebras
Akra_Bazzi
Algebraic_Numbers
Algebraic_VCs
Allen_Calculus
Amicable_Numbers
Amortized_Complexity
AnselmGod
Applicative_Lifting
Approximation_Algorithms
Architectural_Design_Patterns
Aristotles_Assertoric_Syllogistic
Arith_Prog_Rel_Primes
ArrowImpossibilityGS
Attack_Trees
Auto2_HOL
Auto2_Imperative_HOL
AutoFocus-Stream
Automated_Stateful_Protocol_Verification
Automatic_Refinement
AxiomaticCategoryTheory
BDD
BD_Security_Compositional
BNF_CC
BNF_Operations
BTree
Banach_Steinhaus
Belief_Revision
Bell_Numbers_Spivey
BenOr_Kozen_Reif
Berlekamp_Zassenhaus
Bernoulli
Bertrands_Postulate
Bicategory
BinarySearchTree
Binding_Syntax_Theory
Binomial-Heaps
Binomial-Queues
BirdKMP
Blue_Eyes
Bondy
Boolean_Expression_Checkers
Boolos_Curious_Inference
Bounded_Deducibility_Security
Buchi_Complementation
Budan_Fourier
Buffons_Needle
Buildings
BytecodeLogicJmlTypes
C2KA_DistributedSystems
CAVA_Automata
CAVA_LTL_Modelchecker
CCS
CISC-Kernel
CRYSTALS-Kyber
CRDT
CSP_RefTK
CYK
CZH_Elementary_Categories
CZH_Foundations
CZH_Universal_Constructions
CakeML
CakeML_Codegen
Call_Arity
Card_Equiv_Relations
Card_Multisets
Card_Number_Partitions
Card_Partitions
Cartan_FP
Case_Labeling
Catalan_Numbers
Category
Category2
Category3
Cauchy
Cayley_Hamilton
Certification_Monads
Chandy_Lamport
Chord_Segments
Circus
Clean
Clique_and_Monotone_Circuits
ClockSynchInst
Closest_Pair_Points
CoCon
CoSMeDis
CoSMed
CofGroups
Coinductive
Coinductive_Languages
Collections
Combinable_Wands
Combinatorics_Words
Combinatorics_Words_Graph_Lemma
Combinatorics_Words_Lyndon
Commuting_Hermitian
Comparison_Sort_Lower_Bound
Compiling-Exceptions-Correctly
Complete_Non_Orders
Completeness
Complex_Bounded_Operators
Complex_Geometry
Complx
ComponentDependencies
ConcurrentGC
ConcurrentIMP
Concurrent_Ref_Alg
Concurrent_Revisions
Conditional_Simplification
Conditional_Transfer_Rule
Consensus_Refined
Constructive_Cryptography
Constructive_Cryptography_CM
Constructor_Funs
Containers
CoreC++
Core_DOM
Core_SC_DOM
Correctness_Algebras
Cotangent_PFD_Formula
Count_Complex_Roots
CryptHOL
CryptoBasedCompositionalProperties
Cubic_Quartic_Equations
DFS_Framework
DOM_Components
DPT-SAT-Solver
DataRefinementIBP
Datatype_Order_Generator
Decl_Sem_Fun_PL
Decreasing-Diagrams
Decreasing-Diagrams-II
Dedekind_Real
Deep_Learning
Delta_System_Lemma
Density_Compiler
Dependent_SIFUM_Refinement
Dependent_SIFUM_Type_Systems
Depth-First-Search
Derangements
Deriving
Descartes_Sign_Rule
Design_Theory
Dict_Construction
Differential_Dynamic_Logic
Differential_Game_Logic
Digit_Expansions
Dijkstra_Shortest_Path
Diophantine_Eqns_Lin_Hom
Dirichlet_L
Dirichlet_Series
DiscretePricing
Discrete_Summation
DiskPaxos
Dominance_CHK
DPRM_Theorem
DynamicArchitectures
Dynamic_Tables
E_Transcendental
Echelon_Form
EdmondsKarp_Maxflow
Efficient-Mergesort
Elliptic_Curves_Group_Law
Encodability_Process_Calculi
Epistemic_Logic
Equivalence_Relation_Enumeration
Ergodic_Theory
Error_Function
Euler_MacLaurin
Euler_Partition
Eval_FO
Example-Submission
Extended_Finite_State_Machine_Inference
Extended_Finite_State_Machines
FFT
FLP
FOL-Fitting
FOL_Axiomatic
FOL_Harrison
FOL_Seq_Calc1
FOL_Seq_Calc2
FOL_Seq_Calc3
FSM_Tests
Factor_Algebraic_Polynomial
Factored_Transition_System_Bounding
Falling_Factorial_Sum
Farkas
FeatherweightJava
Featherweight_OCL
Fermat3_4
FileRefinement
FinFun
Finger-Trees
Finite-Map-Extras
Finite_Automata_HF
Finite_Fields
Finitely_Generated_Abelian_Groups
First_Order_Terms
First_Welfare_Theorem
Fishburn_Impossibility
Fisher_Yates
Fishers_Inequality
Flow_Networks
Floyd_Warshall
Flyspeck-Tame
FocusStreamsCaseStudies
Forcing
Formal_Puiseux_Series
Formal_SSA
Formula_Derivatives
Foundation_of_geometry
Fourier
FO_Theory_Rewriting
Free-Boolean-Algebra
Free-Groups
Frequency_Moments
Fresh_Identifiers
FunWithFunctions
FunWithTilings
Functional-Automata
Functional_Ordered_Resolution_Prover
Furstenberg_Topology
GPU_Kernel_PL
Gabow_SCC
GaleStewart_Games
Gale_Shapley
Game_Based_Crypto
Gauss-Jordan-Elim-Fun
Gauss_Jordan
Gauss_Sums
Gaussian_Integers
GenClock
General-Triangle
Generalized_Counting_Sort
Generic_Deriving
Generic_Join
GewirthPGCProof
Girth_Chromatic
GoedelGod
Goedel_HFSet_Semantic
Goedel_HFSet_Semanticless
Goedel_Incompleteness
Goodstein_Lambda
GraphMarkingIBP
Graph_Saturation
Graph_Theory
Green
Groebner_Bases
Groebner_Macaulay
Gromov_Hyperbolicity
Grothendieck_Schemes
Group-Ring-Module
HOL-CSP
HOLCF-Prelude
HRB-Slicing
Hahn_Jordan_Decomposition
Hales_Jewett
Heard_Of
Hello_World
HereditarilyFinite
Hermite
Hermite_Lindemann
Hidden_Markov_Models
Higher_Order_Terms
Hoare_Time
Hood_Melville_Queue
HotelKeyCards
Huffman
Hybrid_Logic
Hybrid_Multi_Lane_Spatial_Logic
Hybrid_Systems_VCs
HyperCTL
Hyperdual
IEEE_Floating_Point
IFC_Tracking
IMAP-CRDT
IMO2019
IMP2
IMP2_Binary_Heap
IMP_Compiler
IMP_Compiler_Reuse
IP_Addresses
Imperative_Insertion_Sort
+Implicational_Logic
Impossible_Geometry
Incompleteness
Incredible_Proof_Machine
Independence_CH
Inductive_Confidentiality
Inductive_Inference
InfPathElimination
InformationFlowSlicing
InformationFlowSlicing_Inter
Integration
Interpolation_Polynomials_HOL_Algebra
Interpreter_Optimizations
Interval_Arithmetic_Word32
Intro_Dest_Elim
Involutions2Squares
Iptables_Semantics
Irrational_Series_Erdos_Straus
Irrationality_J_Hancl
Irrationals_From_THEBOOK
IsaGeoCoq
Isabelle_C
Isabelle_Marries_Dirac
Isabelle_Meta_Model
IsaNet
Jacobson_Basic_Algebra
Jinja
JinjaDCI
JinjaThreads
JiveDataStoreModel
Jordan_Hoelder
Jordan_Normal_Form
KAD
KAT_and_DRA
KBPs
KD_Tree
Key_Agreement_Strong_Adversaries
Khovanskii_Theorem
Kleene_Algebra
Knights_Tour
Knot_Theory
Knuth_Bendix_Order
Knuth_Morris_Pratt
Koenigsberg_Friendship
Kruskal
Kuratowski_Closure_Complement
LLL_Basis_Reduction
LLL_Factorization
LOFT
LTL
LTL_Master_Theorem
LTL_Normal_Form
LTL_to_DRA
LTL_to_GBA
Lam-ml-Normalization
LambdaAuth
LambdaMu
Lambda_Free_EPO
Lambda_Free_KBOs
Lambda_Free_RPOs
Lambert_W
Landau_Symbols
Laplace_Transform
Latin_Square
LatticeProperties
Launchbury
Laws_of_Large_Numbers
Lazy-Lists-II
Lazy_Case
Lehmer
Lifting_Definition_Option
Lifting_the_Exponent
LightweightJava
LinearQuantifierElim
Linear_Inequalities
Linear_Programming
Linear_Recurrences
Liouville_Numbers
List-Index
List-Infinite
List_Interleaving
List_Inversions
List_Update
LocalLexing
Localization_Ring
Locally-Nameless-Sigma
Logging_Independent_Anonymity
Lowe_Ontological_Argument
Lower_Semicontinuous
Lp
LP_Duality
Lucas_Theorem
MDP-Algorithms
MDP-Rewards
MFMC_Countable
MFODL_Monitor_Optimized
MFOTL_Monitor
MSO_Regex_Equivalence
Markov_Models
Marriage
Mason_Stothers
Matrices_for_ODEs
Matrix
Matrix_Tensor
Matroids
Max-Card-Matching
Median_Method
Median_Of_Medians_Selection
Menger
Mereology
Mersenne_Primes
Metalogic_ProofChecker
MiniML
MiniSail
Minimal_SSA
Minkowskis_Theorem
Minsky_Machines
Modal_Logics_for_NTS
Modular_Assembly_Kit_Security
Modular_arithmetic_LLL_and_HNF_algorithms
Monad_Memo_DP
Monad_Normalisation
MonoBoolTranAlgebra
MonoidalCategory
Monomorphic_Monad
MuchAdoAboutTwo
Multiset_Ordering_NPC
Multi_Party_Computation
Multirelations
Myhill-Nerode
Name_Carrying_Type_Inference
Nano_JSON
Nash_Williams
Nat-Interval-Logic
Native_Word
Nested_Multisets_Ordinals
Network_Security_Policy_Verification
Neumann_Morgenstern_Utility
No_FTL_observers
Nominal2
Noninterference_CSP
Noninterference_Concurrent_Composition
Noninterference_Generic_Unwinding
Noninterference_Inductive_Unwinding
Noninterference_Ipurge_Unwinding
Noninterference_Sequential_Composition
NormByEval
Nullstellensatz
Number_Theoretic_Transform
Octonions
OpSets
Open_Induction
Optics
Optimal_BST
Orbit_Stabiliser
Order_Lattice_Props
Ordered_Resolution_Prover
Ordinal
Ordinal_Partitions
Ordinals_and_Cardinals
Ordinary_Differential_Equations
PAC_Checker
Package_logic
PAL
PCF
PLM
POPLmark-deBruijn
PSemigroupsConvolution
Padic_Ints
+Padic_Field
Pairing_Heap
Paraconsistency
Parity_Game
Partial_Function_MR
Partial_Order_Reduction
Password_Authentication_Protocol
Pell
Perfect-Number-Thm
Perron_Frobenius
Physical_Quantities
Pi_Calculus
Pi_Transcendental
Planarity_Certificates
Pluennecke_Ruzsa_Inequality
Poincare_Bendixson
Poincare_Disc
Polynomial_Factorization
Polynomial_Interpolation
Polynomials
Pop_Refinement
Posix-Lexing
Possibilistic_Noninterference
Power_Sum_Polynomials
Pratt_Certificate
Prefix_Free_Code_Combinators
Presburger-Automata
Prim_Dijkstra_Simple
Prime_Distribution_Elementary
Prime_Harmonic_Series
Prime_Number_Theorem
Priority_Queue_Braun
Priority_Search_Trees
Probabilistic_Noninterference
Probabilistic_Prime_Tests
Probabilistic_System_Zoo
Probabilistic_Timed_Automata
Probabilistic_While
Program-Conflict-Analysis
Progress_Tracking
Projective_Geometry
Projective_Measurements
Promela
Proof_Strategy_Language
PropResPI
Propositional_Proof_Systems
Prpu_Maxflow
PseudoHoops
Psi_Calculi
Ptolemys_Theorem
Public_Announcement_Logic
QHLProver
QR_Decomposition
Quantales
Quasi_Borel_Spaces
Quaternions
Quick_Sort_Cost
RIPEMD-160-SPARK
ROBDD
RSAPSS
Ramsey-Infinite
Random_BSTs
Random_Graph_Subgraph_Threshold
Randomised_BSTs
Randomised_Social_Choice
Rank_Nullity_Theorem
Real_Impl
Real_Power
Real_Time_Deque
Recursion-Addition
Recursion-Theory-I
Refine_Imperative_HOL
Refine_Monadic
RefinementReactive
Regex_Equivalence
Registers
Regression_Test_Selection
Regular-Sets
Regular_Algebras
Regular_Tree_Relations
Relation_Algebra
Relational-Incorrectness-Logic
Relational_Disjoint_Set_Forests
Relational_Forests
Relational_Method
Relational_Minimum_Spanning_Trees
Relational_Paths
Rep_Fin_Groups
ResiduatedTransitionSystem
Residuated_Lattices
Resolution_FOL
Rewrite_Properties_Reduction
Rewriting_Z
Ribbon_Proofs
+Risk_Free_Lending
Robbins-Conjecture
Robinson_Arithmetic
Root_Balanced_Tree
Roth_Arithmetic_Progressions
Routing
Roy_Floyd_Warshall
SATSolverVerification
SC_DOM_Components
SDS_Impossibility
SIFPL
SIFUM_Type_Systems
SPARCv8
Safe_Distance
Safe_OCL
Saturation_Framework
Saturation_Framework_Extensions
+SCC_Bloemen_Sequential
Schutz_Spacetime
Secondary_Sylow
Security_Protocol_Refinement
Selection_Heap_Sort
SenSocialChoice
Separata
Separation_Algebra
Separation_Logic_Imperative_HOL
+Separation_Logic_Unbounded
SequentInvertibility
Shadow_DOM
Shadow_SC_DOM
Shivers-CFA
ShortestPath
Show
Sigma_Commit_Crypto
Signature_Groebner
Simpl
Simple_Firewall
Simplex
Simplicial_complexes_and_boolean_functions
SimplifiedOntologicalArgument
Skew_Heap
Skip_Lists
Slicing
Sliding_Window_Algorithm
Smith_Normal_Form
Smooth_Manifolds
Sophomores_Dream
Solidity
Sort_Encodings
Source_Coding_Theorem
SpecCheck
Special_Function_Bounds
Splay_Tree
Sqrt_Babylonian
Stable_Matching
Statecharts
Stateful_Protocol_Composition_and_Typing
Stellar_Quorums
Stern_Brocot
Stewart_Apollonius
Stirling_Formula
Stochastic_Matrices
Stone_Algebras
Stone_Kleene_Relation_Algebras
Stone_Relation_Algebras
Store_Buffer_Reduction
Stream-Fusion
Stream_Fusion_Code
Strong_Security
Sturm_Sequences
Sturm_Tarski
Stuttering_Equivalence
Subresultants
Subset_Boolean_Algebras
SumSquares
Sunflowers
SuperCalc
Surprise_Paradox
Symmetric_Polynomials
Syntax_Independent_Logic
Szemeredi_Regularity
Szpilrajn
TESL_Language
TLA
Tail_Recursive_Functions
Tarskis_Geometry
Taylor_Models
Three_Circles
Timed_Automata
Topological_Semantics
Topology
TortoiseHare
Transcendence_Series_Hancl_Rucki
Transformer_Semantics
Transition_Systems_and_Automata
Transitive-Closure
Transitive-Closure-II
Transitive_Models
Treaps
Tree-Automata
Tree_Decomposition
Triangle
Trie
Twelvefold_Way
Tycon
Types_Tableaus_and_Goedels_God
Types_To_Sets_Extension
UPF
UPF_Firewall
UTP
Universal_Hash_Families
Universal_Turing_Machine
UpDown_Scheme
Valuation
Van_Emde_Boas_Trees
Van_der_Waerden
VectorSpace
VeriComp
Verified-Prover
Verified_SAT_Based_AI_Planning
VerifyThis2018
VerifyThis2019
Vickrey_Clarke_Groves
Virtual_Substitution
VolpanoSmith
VYDRA_MDL
WHATandWHERE_Security
WOOT_Strong_Eventual_Consistency
WebAssembly
Weight_Balanced_Trees
Weighted_Arithmetic_Geometric_Mean
Weighted_Path_Order
Well_Quasi_Orders
Wetzels_Problem
Winding_Number_Eval
Word_Lib
WorkerWrapper
X86_Semantics
XML
Youngs_Inequality
ZFC_in_HOL
Zeta_3_Irrational
Zeta_Function
pGCL
diff --git a/thys/Risk_Free_Lending/ROOT b/thys/Risk_Free_Lending/ROOT
new file mode 100644
--- /dev/null
+++ b/thys/Risk_Free_Lending/ROOT
@@ -0,0 +1,8 @@
+chapter AFP
+
+session Risk_Free_Lending (AFP) = "HOL-Cardinals" +
+ options [timeout = 300]
+ theories
+ Risk_Free_Lending
+ document_files
+ "root.tex"
diff --git a/thys/Risk_Free_Lending/Risk_Free_Lending.thy b/thys/Risk_Free_Lending/Risk_Free_Lending.thy
new file mode 100644
--- /dev/null
+++ b/thys/Risk_Free_Lending/Risk_Free_Lending.thy
@@ -0,0 +1,2119 @@
+theory Risk_Free_Lending
+ imports
+ Complex_Main
+ "HOL-Cardinals.Cardinals"
+begin
+
+section \<open>Accounts \label{sec:accounts}\<close>
+
+text \<open>We model accounts as functions from \<^typ>\<open>nat\<close> to \<^typ>\<open>real\<close> with
+ \<^emph>\<open>finite support\<close>.\<close>
+
+text \<open>Index @{term [show_types] "0 :: nat"} corresponds to an account's
+ \<^emph>\<open>cash\<close> reserve (see \S\ref{sec:cash} for details).\<close>
+
+text \<open>An index greater than \<^term>\<open>0::nat\<close> may be regarded as corresponding to
+ a financial product. Such financial products are similar to \<^emph>\<open>notes\<close>.
+ Our notes are intended to be as easy to use for exchange as cash.
+ Positive values are debited. Negative values are credited.\<close>
+
+text \<open>We refer to our new financial products as \<^emph>\<open>risk-free loans\<close>, because
+ they may be regarded as 0\% APY loans that bear interest for the debtor.
+ They are \<^emph>\<open>risk-free\<close> because we prove a \<^emph>\<open>safety\<close> theorem for them.
+ Our safety theorem proves no account will ``be in the red'', with more
+ credited loans than debited loans, provided an invariant is maintained.
+ We call this invariant \<^emph>\<open>strictly solvent\<close>. See \S\ref{sec:bulk-update}
+ for details on our safety proof.\<close>
+
+text \<open>Each risk-free loan index corresponds to a progressively shorter
+ \<^emph>\<open>loan period\<close>. Informally, a loan period is the time it takes for 99\%
+ of a loan to be returned given a \<^emph>\<open>rate function\<close> \<^term>\<open>\<rho>\<close>. Rate
+ functions are introduced in \S\ref{sec:update}.\<close>
+
+text \<open>It is unnecessary to track counter-party obligations so we do not.
+ See \S\ref{subsec:balanced-ledgers} and \S\ref{subsec:transfers} for
+ details.\<close>
+
+typedef account = "(fin_support 0 UNIV) :: (nat \<Rightarrow> real) set"
+proof -
+ have "(\<lambda> _ . 0) \<in> fin_support 0 UNIV"
+ unfolding fin_support_def support_def
+ by simp
+ thus "\<exists>x :: nat \<Rightarrow> real. x \<in> fin_support 0 UNIV" by fastforce
+qed
+
+text \<open>The type definition for \<^typ>\<open>account\<close> automatically generates two
+ functions: @{term [show_types] "Rep_account"} and
+ @{term [show_types] "Rep_account"}. \<^term>\<open>Rep_account\<close> is a left inverse
+ of \<^term>\<open>Abs_account\<close>. For convenience we introduce the following
+ shorthand notation:\<close>
+
+notation Rep_account ("\<pi>")
+notation Abs_account ("\<iota>")
+
+text \<open>Accounts form an Abelian group. \<^emph>\<open>Summing\<close> accounts will be helpful in
+ expressing how all credited and debited loans can cancel across a
+ ledger. This is done in \S\ref{subsec:balanced-ledgers}.\<close>
+
+text \<open>It is also helpful to think of an account as a transferable quantity.
+ Transferring subtracts values under indexes from one account and adds
+ them to another. Transfers are presented in \S\ref{subsec:transfers}.\<close>
+
+instantiation account :: ab_group_add
+begin
+
+definition "0 = \<iota> (\<lambda> _ . 0)"
+definition "- \<alpha> = \<iota> (\<lambda> n . - \<pi> \<alpha> n)"
+definition "\<alpha>\<^sub>1 + \<alpha>\<^sub>2 = \<iota> (\<lambda> n. \<pi> \<alpha>\<^sub>1 n + \<pi> \<alpha>\<^sub>2 n)"
+definition "(\<alpha>\<^sub>1 :: account) - \<alpha>\<^sub>2 = \<alpha>\<^sub>1 + - \<alpha>\<^sub>2"
+
+lemma Rep_account_zero [simp]: "\<pi> 0 = (\<lambda> _ . 0)"
+proof -
+ have "(\<lambda> _ . 0) \<in> fin_support 0 UNIV"
+ unfolding fin_support_def support_def
+ by simp
+ thus ?thesis
+ unfolding zero_account_def
+ using Abs_account_inverse by blast
+qed
+
+lemma Rep_account_uminus [simp]:
+ "\<pi> (- \<alpha>) = (\<lambda> n . - \<pi> \<alpha> n)"
+proof -
+ have "\<pi> \<alpha> \<in> fin_support 0 UNIV"
+ using Rep_account by blast
+ hence "(\<lambda>x. - \<pi> \<alpha> x) \<in> fin_support 0 UNIV"
+ unfolding fin_support_def support_def
+ by force
+ thus ?thesis
+ unfolding uminus_account_def
+ using Abs_account_inverse by blast
+qed
+
+lemma fin_support_closed_under_addition:
+ fixes f g :: "'a \<Rightarrow> real"
+ assumes "f \<in> fin_support 0 A"
+ and "g \<in> fin_support 0 A"
+ shows "(\<lambda> x . f x + g x) \<in> fin_support 0 A"
+ using assms
+ unfolding fin_support_def support_def
+ by (metis (mono_tags) mem_Collect_eq sum.finite_Collect_op)
+
+lemma Rep_account_plus [simp]:
+ "\<pi> (\<alpha>\<^sub>1 + \<alpha>\<^sub>2) = (\<lambda> n. \<pi> \<alpha>\<^sub>1 n + \<pi> \<alpha>\<^sub>2 n)"
+ unfolding plus_account_def
+ by (metis (full_types)
+ Abs_account_cases
+ Abs_account_inverse
+ fin_support_closed_under_addition)
+
+instance
+proof(standard)
+ fix a b c :: account
+ have "\<forall>n. \<pi> (a + b) n + \<pi> c n = \<pi> a n + \<pi> (b + c) n"
+ using Rep_account_plus plus_account_def
+ by auto
+ thus "a + b + c = a + (b + c)"
+ unfolding plus_account_def
+ by force
+next
+ fix a b :: account
+ show "a + b = b + a"
+ unfolding plus_account_def
+ by (simp add: add.commute)
+next
+ fix a :: account
+ show "0 + a = a"
+ unfolding plus_account_def Rep_account_zero
+ by (simp add: Rep_account_inverse)
+next
+ fix a :: account
+ show "- a + a = 0"
+ unfolding plus_account_def zero_account_def Rep_account_uminus
+ by (simp add: Abs_account_inverse)
+next
+ fix a b :: account
+ show "a - b = a + - b"
+ using minus_account_def by blast
+qed
+
+end
+
+section \<open>Strictly Solvent\<close>
+
+text \<open>An account is \<^emph>\<open>strictly solvent\<close> when, for every loan period, the sum of
+ all the debited and credited loans for longer periods is positive.
+ This implies that the \<^emph>\<open>net asset value\<close> for the account is positive.
+ The net asset value is the sum of all of the credit and debit in the
+ account. We prove \<open>strictly_solvent \<alpha> \<Longrightarrow> 0 \<le> net_asset_value \<alpha>\<close> in
+ \S\ref{subsubsec:net-asset-value-properties}.\<close>
+
+definition strictly_solvent :: "account \<Rightarrow> bool" where
+ "strictly_solvent \<alpha> \<equiv> \<forall> n . 0 \<le> (\<Sum> i\<le>n . \<pi> \<alpha> i)"
+
+lemma additive_strictly_solvent:
+ assumes "strictly_solvent \<alpha>\<^sub>1" and "strictly_solvent \<alpha>\<^sub>2"
+ shows "strictly_solvent (\<alpha>\<^sub>1 + \<alpha>\<^sub>2)"
+ using assms Rep_account_plus
+ unfolding strictly_solvent_def plus_account_def
+ by (simp add: Abs_account_inverse sum.distrib)
+
+text \<open>The notion of strictly solvent generalizes to a partial order, making
+ \<^typ>\<open>account\<close> an ordered Abelian group.\<close>
+
+instantiation account :: ordered_ab_group_add
+begin
+
+definition less_eq_account :: "account \<Rightarrow> account \<Rightarrow> bool" where
+ "less_eq_account \<alpha>\<^sub>1 \<alpha>\<^sub>2 \<equiv> \<forall> n . (\<Sum> i\<le>n . \<pi> \<alpha>\<^sub>1 i) \<le> (\<Sum> i\<le>n . \<pi> \<alpha>\<^sub>2 i)"
+
+definition less_account :: "account \<Rightarrow> account \<Rightarrow> bool" where
+ "less_account \<alpha>\<^sub>1 \<alpha>\<^sub>2 \<equiv> (\<alpha>\<^sub>1 \<le> \<alpha>\<^sub>2 \<and> \<not> \<alpha>\<^sub>2 \<le> \<alpha>\<^sub>1)"
+
+instance
+proof(standard)
+ fix x y :: account
+ show "(x < y) = (x \<le> y \<and> \<not> y \<le> x)"
+ unfolding less_account_def ..
+next
+ fix x :: account
+ show "x \<le> x"
+ unfolding less_eq_account_def by auto
+next
+ fix x y z :: account
+ assume "x \<le> y" and "y \<le> z"
+ thus "x \<le> z"
+ unfolding less_eq_account_def
+ by (meson order_trans)
+next
+ fix x y :: account
+ assume "x \<le> y" and "y \<le> x"
+ hence \<star>: "\<forall> n . (\<Sum> i\<le>n . \<pi> x i) = (\<Sum> i\<le>n . \<pi> y i)"
+ unfolding less_eq_account_def
+ using dual_order.antisym by blast
+ {
+ fix n
+ have "\<pi> x n = \<pi> y n"
+ proof (cases "n = 0")
+ case True
+ then show ?thesis using \<star>
+ by (metis
+ atMost_0
+ empty_iff
+ finite.intros(1)
+ group_cancel.rule0
+ sum.empty sum.insert)
+ next
+ case False
+ from this obtain m where
+ "n = m + 1"
+ by (metis Nat.add_0_right Suc_eq_plus1 add_eq_if)
+ have "(\<Sum> i\<le>n . \<pi> x i) = (\<Sum> i\<le>n . \<pi> y i)"
+ using \<star> by auto
+ hence
+ "(\<Sum> i\<le>m . \<pi> x i) + \<pi> x n =
+ (\<Sum> i\<le>m . \<pi> y i) + \<pi> y n"
+ using \<open>n = m + 1\<close>
+ by simp
+ moreover have "(\<Sum> i\<le>m . \<pi> x i) = (\<Sum> i\<le>m . \<pi> y i)"
+ using \<star> by auto
+ ultimately show ?thesis by linarith
+ qed
+ }
+ hence "\<pi> x = \<pi> y" by auto
+ thus "x = y"
+ by (metis Rep_account_inverse)
+next
+ fix x y z :: account
+ assume "x \<le> y"
+ {
+ fix n :: nat
+ have
+ "(\<Sum> i\<le>n . \<pi> (z + x) i) =
+ (\<Sum> i\<le>n . \<pi> z i) + (\<Sum> i\<le>n . \<pi> x i)"
+ and
+ "(\<Sum> i\<le>n . \<pi> (z + y) i) =
+ (\<Sum> i\<le>n . \<pi> z i) + (\<Sum> i\<le>n . \<pi> y i)"
+ unfolding Rep_account_plus
+ by (simp add: sum.distrib)+
+ moreover have "(\<Sum> i\<le>n . \<pi> x i) \<le> (\<Sum> i\<le>n . \<pi> y i)"
+ using \<open>x \<le> y\<close>
+ unfolding less_eq_account_def by blast
+ ultimately have
+ "(\<Sum> i\<le>n . \<pi> (z + x) i) \<le> (\<Sum> i\<le>n . \<pi> (z + y) i)"
+ by linarith
+ }
+ thus "z + x \<le> z + y"
+ unfolding
+ less_eq_account_def by auto
+qed
+end
+
+text \<open>An account is strictly solvent exactly when it is
+ \<^emph>\<open>greater than or equal to\<close> @{term [show_types] "0 :: account"},
+ according to the partial order just defined.\<close>
+
+lemma strictly_solvent_alt_def: "strictly_solvent \<alpha> = (0 \<le> \<alpha>)"
+ unfolding
+ strictly_solvent_def
+ less_eq_account_def
+ using zero_account_def
+ by force
+
+section \<open>Cash \label{sec:cash}\<close>
+
+text \<open>The \<^emph>\<open>cash reserve\<close> in an account is the value under index 0.\<close>
+
+text \<open>Cash is treated with distinction. For instance it grows with interest
+ (see \S\ref{sec:interest}). When we turn to balanced ledgers in
+ \S\ref{subsec:balanced-ledgers}, we will see that cash is the only
+ quantity that does not cancel out.\<close>
+
+definition cash_reserve :: "account \<Rightarrow> real" where
+ "cash_reserve \<alpha> = \<pi> \<alpha> 0"
+
+text \<open>If \<open>\<alpha>\<close> is strictly solvent then it has non-negative cash reserves.\<close>
+
+lemma strictly_solvent_non_negative_cash:
+ assumes "strictly_solvent \<alpha>"
+ shows "0 \<le> cash_reserve \<alpha>"
+ using assms
+ unfolding strictly_solvent_def cash_reserve_def
+ by (metis
+ atMost_0
+ empty_iff
+ finite.emptyI
+ group_cancel.rule0
+ sum.empty
+ sum.insert)
+
+text \<open>An account consists of \<^emph>\<open>just cash\<close> when it has no other credit or debit
+ other than under the first index.\<close>
+
+definition just_cash :: "real \<Rightarrow> account" where
+ "just_cash c = \<iota> (\<lambda> n . if n = 0 then c else 0)"
+
+lemma Rep_account_just_cash [simp]:
+ "\<pi> (just_cash c) = (\<lambda> n . if n = 0 then c else 0)"
+proof(cases "c = 0")
+ case True
+ hence "just_cash c = 0"
+ unfolding just_cash_def zero_account_def
+ by force
+ then show ?thesis
+ using Rep_account_zero True by force
+next
+ case False
+ hence "finite (support 0 UNIV (\<lambda> n :: nat . if n = 0 then c else 0))"
+ unfolding support_def
+ by auto
+ hence "(\<lambda> n :: nat . if n = 0 then c else 0) \<in> fin_support 0 UNIV"
+ unfolding fin_support_def
+ by blast
+ then show ?thesis
+ unfolding just_cash_def
+ using Abs_account_inverse by auto
+qed
+
+section \<open>Ledgers\<close>
+
+text \<open>We model a \<^emph>\<open>ledger\<close> as a function from an index type \<^typ>\<open>'a\<close> to
+ an \<^typ>\<open>account\<close>. A ledger could be thought of as an \<^emph>\<open>indexed set\<close> of
+ accounts.\<close>
+
+type_synonym 'a ledger = "'a \<Rightarrow> account"
+
+subsection \<open>Balanced Ledgers \label{subsec:balanced-ledgers}\<close>
+
+text \<open>We say a ledger is \<^emph>\<open>balanced\<close> when all of the debited and credited
+ loans cancel, and all that is left is just cash.\<close>
+
+text \<open>Conceptually, given a balanced ledger we are justified in not tracking
+ counter-party obligations.\<close>
+
+definition (in finite) balanced :: "'a ledger \<Rightarrow> real \<Rightarrow> bool" where
+ "balanced \<L> c \<equiv> (\<Sum> a \<in> UNIV. \<L> a) = just_cash c"
+
+text \<open>Provided the total cash is non-negative, a balanced ledger is a special
+ case of a ledger which is globally strictly solvent.\<close>
+
+lemma balanced_strictly_solvent:
+ assumes "0 \<le> c" and "balanced \<L> c"
+ shows "strictly_solvent (\<Sum> a \<in> UNIV. \<L> a)"
+ using assms
+ unfolding balanced_def strictly_solvent_def
+ by simp
+
+lemma (in finite) finite_Rep_account_ledger [simp]:
+ "\<pi> (\<Sum> a \<in> (A :: 'a set). \<L> a) n = (\<Sum> a \<in> A. \<pi> (\<L> a) n)"
+ using finite
+ by (induct A rule: finite_induct, auto)
+
+text \<open>An alternate definition of balanced is that the \<^term>\<open>cash_reserve\<close>
+ for each account sums to \<open>c\<close>, and all of the other credited and debited
+ assets cancels out.\<close>
+
+lemma (in finite) balanced_alt_def:
+ "balanced \<L> c =
+ ((\<Sum> a \<in> UNIV. cash_reserve (\<L> a)) = c
+ \<and> (\<forall> n > 0. (\<Sum> a \<in> UNIV. \<pi> (\<L> a) n) = 0))"
+ (is "?lhs = ?rhs")
+proof (rule iffI)
+ assume ?lhs
+ hence "(\<Sum> a \<in> UNIV. cash_reserve (\<L> a)) = c"
+ unfolding balanced_def cash_reserve_def
+ by (metis Rep_account_just_cash finite_Rep_account_ledger)
+ moreover
+ {
+ fix n :: "nat"
+ assume "n > 0"
+ with \<open>?lhs\<close> have "(\<Sum> a \<in> UNIV. \<pi> (\<L> a) n) = 0"
+ unfolding balanced_def
+ by (metis
+ Rep_account_just_cash
+ less_nat_zero_code
+ finite_Rep_account_ledger)
+ }
+ ultimately show ?rhs by auto
+next
+ assume ?rhs
+ have "cash_reserve (just_cash c) = c"
+ unfolding cash_reserve_def
+ using Rep_account_just_cash
+ by presburger
+ also have "... = (\<Sum>a\<in>UNIV. cash_reserve (\<L> a))" using \<open>?rhs\<close> by auto
+ finally have
+ "cash_reserve (\<Sum> a \<in> UNIV. \<L> a) = cash_reserve (just_cash c)"
+ unfolding cash_reserve_def
+ by auto
+ moreover
+ {
+ fix n :: "nat"
+ assume "n > 0"
+ hence "\<pi> (\<Sum> a \<in> UNIV. \<L> a) n = 0" using \<open>?rhs\<close> by auto
+ hence "\<pi> (\<Sum> a \<in> UNIV. \<L> a) n = \<pi> (just_cash c) n"
+ unfolding Rep_account_just_cash using \<open>n > 0\<close> by auto
+ }
+ ultimately have
+ "\<forall> n . \<pi> (\<Sum> a \<in> UNIV. \<L> a) n = \<pi> (just_cash c) n"
+ unfolding cash_reserve_def
+ by (metis gr_zeroI)
+ hence "\<pi> (\<Sum> a \<in> UNIV. \<L> a) = \<pi> (just_cash c)"
+ by auto
+ thus ?lhs
+ unfolding balanced_def
+ using Rep_account_inject
+ by blast
+qed
+
+subsection \<open>Transfers \label{subsec:transfers}\<close>
+
+text \<open>A \<^emph>\<open>transfer amount\<close> is the same as an \<^typ>\<open>account\<close>. It is just a
+ function from \<^typ>\<open>nat\<close> to \<^typ>\<open>real\<close> with finite support.\<close>
+
+type_synonym transfer_amount = "account"
+
+text \<open>When transferring between accounts in a ledger we make use of the
+ Abelian group operations defined in \S\ref{sec:accounts}.\<close>
+
+definition transfer :: "'a ledger \<Rightarrow> transfer_amount \<Rightarrow> 'a \<Rightarrow> 'a \<Rightarrow> 'a ledger" where
+ "transfer \<L> \<tau> a b x = (if a = b then \<L> x
+ else if x = a then \<L> a - \<tau>
+ else if x = b then \<L> b + \<tau>
+ else \<L> x)"
+
+text \<open>Transferring from an account to itself is a no-op.\<close>
+
+lemma transfer_collapse:
+ "transfer \<L> \<tau> a a = \<L>"
+ unfolding transfer_def by auto
+
+text \<open>After a transfer, the sum totals of all credited and debited assets are
+ preserved.\<close>
+
+lemma (in finite) sum_transfer_equiv:
+ fixes x y :: "'a"
+ shows "(\<Sum> a \<in> UNIV. \<L> a) = (\<Sum> a \<in> UNIV. transfer \<L> \<tau> x y a)"
+ (is "_ = (\<Sum> a \<in> UNIV. ?\<L>' a)")
+proof (cases "x = y")
+ case True
+ show ?thesis
+ unfolding \<open>x = y\<close> transfer_collapse ..
+next
+ case False
+ let ?sum_\<L> = "(\<Sum> a \<in> UNIV - {x,y}. \<L> a)"
+ let ?sum_\<L>' = "(\<Sum> a \<in> UNIV - {x,y}. ?\<L>' a)"
+ have "\<forall> a \<in> UNIV - {x,y}. ?\<L>' a = \<L> a "
+ by (simp add: transfer_def)
+ hence "?sum_\<L>' = ?sum_\<L>"
+ by (meson sum.cong)
+ have "{x,y} \<subseteq> UNIV" by auto
+ have "(\<Sum> a \<in> UNIV. ?\<L>' a) = ?sum_\<L>' + (\<Sum> a \<in> {x,y}. ?\<L>' a)"
+ using finite_UNIV sum.subset_diff [OF \<open>{x,y} \<subseteq> UNIV\<close>]
+ by fastforce
+ also have "... = ?sum_\<L>' + ?\<L>' x + ?\<L>' y"
+ using
+ \<open>x \<noteq> y\<close>
+ finite
+ Diff_empty
+ Diff_insert_absorb
+ Diff_subset
+ group_cancel.add1
+ insert_absorb
+ sum.subset_diff
+ by (simp add: insert_Diff_if)
+ also have "... = ?sum_\<L>' + \<L> x - \<tau> + \<L> y + \<tau>"
+ unfolding transfer_def
+ using \<open>x \<noteq> y\<close>
+ by auto
+ also have "... = ?sum_\<L>' + \<L> x + \<L> y"
+ by simp
+ also have "... = ?sum_\<L> + \<L> x + \<L> y"
+ unfolding \<open>?sum_\<L>' = ?sum_\<L>\<close> ..
+ also have "... = ?sum_\<L> + (\<Sum> a \<in> {x,y}. \<L> a)"
+ using
+ \<open>x \<noteq> y\<close>
+ finite
+ Diff_empty
+ Diff_insert_absorb
+ Diff_subset
+ group_cancel.add1
+ insert_absorb
+ sum.subset_diff
+ by (simp add: insert_Diff_if)
+ ultimately show ?thesis
+ by (metis local.finite sum.subset_diff top_greatest)
+qed
+
+text \<open>Since the sum totals of all credited and debited assets are preserved
+ after transfer, a ledger is balanced if and only if it is balanced after
+ transfer.\<close>
+
+lemma (in finite) balanced_transfer:
+ "balanced \<L> c = balanced (transfer \<L> \<tau> a b) c"
+ unfolding balanced_def
+ using sum_transfer_equiv
+ by force
+
+text \<open>Similarly, the sum total of a ledger is strictly solvent if and only if
+ it is strictly solvent after transfer.\<close>
+
+lemma (in finite) strictly_solvent_transfer:
+ fixes x y :: "'a"
+ shows "strictly_solvent (\<Sum> a \<in> UNIV. \<L> a) =
+ strictly_solvent (\<Sum> a \<in> UNIV. transfer \<L> \<tau> x y a)"
+ using sum_transfer_equiv
+ by presburger
+
+subsection \<open>The Valid Transfers Protocol\<close>
+
+text \<open>In this section we give a \<^emph>\<open>protocol\<close> for safely transferring value
+ from one account to another.\<close>
+
+text \<open>We enforce that every transfer is \<^emph>\<open>valid\<close>. Valid transfers are
+ intended to be intuitive. For instance one cannot transfer negative
+ cash. Nor is it possible for an account that only has \$50 to loan out
+ \$5,000,000.\<close>
+
+text \<open>A transfer is valid just in case the \<^typ>\<open>transfer_amount\<close> is strictly
+ solvent and the account being credited the transfer will be strictly
+ solvent afterwards.\<close>
+
+definition valid_transfer :: "account \<Rightarrow> transfer_amount \<Rightarrow> bool" where
+ "valid_transfer \<alpha> \<tau> = (strictly_solvent \<tau> \<and> strictly_solvent (\<alpha> - \<tau>))"
+
+lemma valid_transfer_alt_def: "valid_transfer \<alpha> \<tau> = (0 \<le> \<tau> \<and> \<tau> \<le> \<alpha>)"
+ unfolding valid_transfer_def strictly_solvent_alt_def
+ by simp
+
+text \<open>Only strictly solvent accounts can make valid transfers to begin with.\<close>
+
+lemma only_strictly_solvent_accounts_can_transfer:
+ assumes "valid_transfer \<alpha> \<tau>"
+ shows "strictly_solvent \<alpha>"
+ using assms
+ unfolding strictly_solvent_alt_def valid_transfer_alt_def
+ by auto
+
+text \<open>We may now give a key result: accounts remain strictly solvent given a
+ valid transfer.\<close>
+
+theorem strictly_solvent_still_strictly_solvent_after_valid_transfer:
+ assumes "valid_transfer (\<L> a) \<tau>"
+ and "strictly_solvent (\<L> b)"
+ shows
+ "strictly_solvent ((transfer \<L> \<tau> a b) a)"
+ "strictly_solvent ((transfer \<L> \<tau> a b) b)"
+ using assms
+ unfolding
+ strictly_solvent_alt_def
+ valid_transfer_alt_def
+ transfer_def
+ by (cases "a = b", auto)
+
+subsection \<open>Embedding Conventional Cash-Only Ledgers\<close>
+
+text \<open>We show that in a sense the ledgers presented generalize conventional
+ ledgers which only track cash.\<close>
+
+text \<open>An account consisting of just cash is strictly solvent if and only if
+ it consists of a non-negative amount of cash.\<close>
+
+lemma strictly_solvent_just_cash_equiv:
+ "strictly_solvent (just_cash c) = (0 \<le> c)"
+ unfolding strictly_solvent_def
+ using Rep_account_just_cash just_cash_def by force
+
+text \<open>An empty account corresponds to @{term [show_types] "0 :: account"};
+ the account with no cash or debit or credit.\<close>
+
+lemma zero_account_alt_def: "just_cash 0 = 0"
+ unfolding zero_account_def just_cash_def
+ by simp
+
+text \<open>Building on @{thm zero_account_alt_def}, we have that \<^term>\<open>just_cash\<close>
+ is an embedding into an ordered subgroup. This means that \<^term>\<open>just_cash\<close>
+ is an order-preserving group homomorphism from the reals to the universe
+ of accounts.\<close>
+
+lemma just_cash_embed: "(a = b) = (just_cash a = just_cash b)"
+proof (rule iffI)
+ assume "a = b"
+ thus "just_cash a = just_cash b"
+ by force
+next
+ assume "just_cash a = just_cash b"
+ hence "cash_reserve (just_cash a) = cash_reserve (just_cash b)"
+ by presburger
+ thus "a = b"
+ unfolding Rep_account_just_cash cash_reserve_def
+ by auto
+qed
+
+lemma partial_nav_just_cash [simp]:
+ "(\<Sum> i\<le>n . \<pi> (just_cash a) i) = a"
+ unfolding Rep_account_just_cash
+ by (induct n, auto)
+
+lemma just_cash_order_embed: "(a \<le> b) = (just_cash a \<le> just_cash b)"
+ unfolding less_eq_account_def
+ by simp
+
+lemma just_cash_plus [simp]: "just_cash a + just_cash b = just_cash (a + b)"
+proof -
+ {
+ fix x
+ have "\<pi> (just_cash a + just_cash b) x = \<pi> (just_cash (a + b)) x"
+ proof (cases "x = 0")
+ case True
+ then show ?thesis
+ using Rep_account_just_cash just_cash_def by force
+ next
+ case False
+ then show ?thesis by simp
+ qed
+ }
+ hence "\<pi> (just_cash a + just_cash b) = \<pi> (just_cash (a + b))"
+ by auto
+ thus ?thesis
+ by (metis Rep_account_inverse)
+qed
+
+lemma just_cash_uminus [simp]: "- just_cash a = just_cash (- a)"
+proof -
+ {
+ fix x
+ have "\<pi> (- just_cash a) x = \<pi> (just_cash (- a)) x"
+ proof (cases "x = 0")
+ case True
+ then show ?thesis
+ using Rep_account_just_cash just_cash_def by force
+ next
+ case False
+ then show ?thesis by simp
+ qed
+ }
+ hence "\<pi> (- just_cash a) = \<pi> (just_cash (- a))"
+ by auto
+ thus ?thesis
+ by (metis Rep_account_inverse)
+qed
+
+lemma just_cash_subtract [simp]:
+ "just_cash a - just_cash b = just_cash (a - b)"
+ by (simp add: minus_account_def)
+
+text \<open>Valid transfers as per @{thm valid_transfer_alt_def} collapse into
+ inequalities over the real numbers.\<close>
+
+lemma just_cash_valid_transfer:
+ "valid_transfer (just_cash c) (just_cash t) = ((0 :: real) \<le> t \<and> t \<le> c)"
+ unfolding valid_transfer_alt_def
+ by (simp add: less_eq_account_def)
+
+text \<open>Finally a ledger consisting of accounts with only cash is trivially
+ \<^term>\<open>balanced\<close>.\<close>
+
+lemma (in finite) just_cash_summation:
+ fixes A :: "'a set"
+ assumes "\<forall> a \<in> A. \<exists> c . \<L> a = just_cash c"
+ shows "\<exists> c . (\<Sum> a \<in> A . \<L> a) = just_cash c"
+ using finite assms
+ by (induct A rule: finite_induct, auto, metis zero_account_alt_def)
+
+lemma (in finite) just_cash_UNIV_is_balanced:
+ assumes "\<forall> a . \<exists> c . \<L> a = just_cash c"
+ shows "\<exists> c . balanced \<L> c"
+ unfolding balanced_def
+ using
+ assms
+ just_cash_summation [where A=UNIV]
+ by simp
+
+section \<open>Interest \label{sec:interest}\<close>
+
+text \<open>In this section we discuss how to calculate the interest accrued by
+ an account for a period. This is done by looking at the sum of all of
+ the credit and debit in an account. This sum is called the
+ \<^emph>\<open>net asset value\<close> of an account.\<close>
+
+subsection \<open>Net Asset Value \label{subsec:net-asset-value}\<close>
+
+text \<open>The net asset value of an account is the sum of all of the non-zero
+ entries. Since accounts have finite support this sum is always well
+ defined.\<close>
+
+definition net_asset_value :: "account \<Rightarrow> real" where
+ "net_asset_value \<alpha> = (\<Sum> i | \<pi> \<alpha> i \<noteq> 0 . \<pi> \<alpha> i)"
+
+subsubsection \<open>The Shortest Period for Credited \& Debited Assets in an
+ Account\<close>
+
+text \<open>Higher indexes for an account correspond to shorter loan periods.
+ Since accounts only have a finite number of entries, it makes sense to
+ talk about the \<^emph>\<open>shortest\<close> period an account has an entry for. The net
+ asset value for an account has a simpler expression in terms of that
+ account's shortest period.\<close>
+
+definition shortest_period :: "account \<Rightarrow> nat" where
+ "shortest_period \<alpha> =
+ (if (\<forall> i. \<pi> \<alpha> i = 0)
+ then 0
+ else Max {i . \<pi> \<alpha> i \<noteq> 0})"
+
+lemma shortest_period_uminus:
+ "shortest_period (- \<alpha>) = shortest_period \<alpha>"
+ unfolding shortest_period_def
+ using Rep_account_uminus uminus_account_def
+ by force
+
+lemma finite_account_support:
+ "finite {i . \<pi> \<alpha> i \<noteq> 0}"
+proof -
+ have "\<pi> \<alpha> \<in> fin_support 0 UNIV"
+ by (simp add: Rep_account)
+ thus ?thesis
+ unfolding fin_support_def support_def
+ by fastforce
+qed
+
+lemma shortest_period_plus:
+ "shortest_period (\<alpha> + \<beta>) \<le> max (shortest_period \<alpha>) (shortest_period \<beta>)"
+ (is "_ \<le> ?MAX")
+proof (cases "\<forall> i . \<pi> (\<alpha> + \<beta>) i = 0")
+ case True
+ then show ?thesis unfolding shortest_period_def by auto
+next
+ case False
+ have "shortest_period \<alpha> \<le> ?MAX" and "shortest_period \<beta> \<le> ?MAX"
+ by auto
+ moreover
+ have "\<forall> i > shortest_period \<alpha> . \<pi> \<alpha> i = 0"
+ and "\<forall> i > shortest_period \<beta> . \<pi> \<beta> i = 0"
+ unfolding shortest_period_def
+ using finite_account_support Max.coboundedI leD Collect_cong
+ by auto
+ ultimately
+ have "\<forall> i > ?MAX . \<pi> \<alpha> i = 0"
+ and "\<forall> i > ?MAX . \<pi> \<beta> i = 0"
+ by simp+
+ hence "\<forall> i > ?MAX . \<pi> (\<alpha> + \<beta>) i = 0"
+ by simp
+ hence "\<forall> i . \<pi> (\<alpha> + \<beta>) i \<noteq> 0 \<longrightarrow> i \<le> ?MAX"
+ by (meson not_le)
+ thus ?thesis
+ unfolding shortest_period_def
+ using
+ finite_account_support [where \<alpha> = "\<alpha> + \<beta>"]
+ False
+ by simp
+qed
+
+lemma shortest_period_\<pi>:
+ assumes "\<pi> \<alpha> i \<noteq> 0"
+ shows "\<pi> \<alpha> (shortest_period \<alpha>) \<noteq> 0"
+proof -
+ let ?support = "{i . \<pi> \<alpha> i \<noteq> 0}"
+ have A: "finite ?support"
+ using finite_account_support by blast
+ have B: "?support \<noteq> {}" using assms by auto
+ have "shortest_period \<alpha> = Max ?support"
+ using assms
+ unfolding shortest_period_def
+ by auto
+ have "shortest_period \<alpha> \<in> ?support"
+ unfolding \<open>shortest_period \<alpha> = Max ?support\<close>
+ using Max_in [OF A B] by auto
+ thus ?thesis
+ by auto
+qed
+
+lemma shortest_period_bound:
+ assumes "\<pi> \<alpha> i \<noteq> 0"
+ shows "i \<le> shortest_period \<alpha>"
+proof -
+ let ?support = "{i . \<pi> \<alpha> i \<noteq> 0}"
+ have "shortest_period \<alpha> = Max ?support"
+ using assms
+ unfolding shortest_period_def
+ by auto
+ have "shortest_period \<alpha> \<in> ?support"
+ using assms shortest_period_\<pi> by force
+ thus ?thesis
+ unfolding \<open>shortest_period \<alpha> = Max ?support\<close>
+ by (simp add: assms finite_account_support)
+qed
+
+text \<open>Using \<^term>\<open>shortest_period\<close> we may give an alternate definition for
+ \<^term>\<open>net_asset_value\<close>.\<close>
+
+lemma net_asset_value_alt_def:
+ "net_asset_value \<alpha> = (\<Sum> i \<le> shortest_period \<alpha>. \<pi> \<alpha> i)"
+proof -
+ let ?support = "{i . \<pi> \<alpha> i \<noteq> 0}"
+ {
+ fix k
+ have "(\<Sum> i | i \<le> k \<and> \<pi> \<alpha> i \<noteq> 0 . \<pi> \<alpha> i) = (\<Sum> i \<le> k. \<pi> \<alpha> i)"
+ proof (induct k)
+ case 0
+ thus ?case
+ proof (cases "\<pi> \<alpha> 0 = 0")
+ case True
+ then show ?thesis
+ by fastforce
+ next
+ case False
+ {
+ fix i
+ have "(i \<le> 0 \<and> \<pi> \<alpha> i \<noteq> 0) = (i \<le> 0)"
+ using False
+ by blast
+ }
+ hence "(\<Sum> i | i \<le> 0 \<and> \<pi> \<alpha> i \<noteq> 0. \<pi> \<alpha> i) =
+ (\<Sum>i | i \<le> 0. \<pi> \<alpha> i)"
+ by presburger
+ also have "... = (\<Sum>i \<le> 0. \<pi> \<alpha> i)"
+ by simp
+ ultimately show ?thesis
+ by simp
+ qed
+ next
+ case (Suc k)
+ then show ?case
+ proof (cases "\<pi> \<alpha> (Suc k) = 0")
+ case True
+ {
+ fix i
+ have "(i \<le> Suc k \<and> \<pi> \<alpha> i \<noteq> 0) =
+ (i \<le> k \<and> \<pi> \<alpha> i \<noteq> 0)"
+ using True le_Suc_eq by blast
+ }
+ hence "(\<Sum>i | i \<le> Suc k \<and> \<pi> \<alpha> i \<noteq> 0. \<pi> \<alpha> i) =
+ (\<Sum>i | i \<le> k \<and> \<pi> \<alpha> i \<noteq> 0. \<pi> \<alpha> i)"
+ by presburger
+ also have "... = (\<Sum> i \<le> k. \<pi> \<alpha> i)"
+ using Suc by blast
+ ultimately show ?thesis using True
+ by simp
+ next
+ let ?A = "{i . i \<le> Suc k \<and> \<pi> \<alpha> i \<noteq> 0}"
+ let ?A' = "{i . i \<le> k \<and> \<pi> \<alpha> i \<noteq> 0}"
+ case False
+ hence "?A = {i . (i \<le> k \<and> \<pi> \<alpha> i \<noteq> 0) \<or> i = Suc k}"
+ by auto
+ hence "?A = ?A' \<union> {i . i = Suc k}"
+ by (simp add: Collect_disj_eq)
+ hence \<star>: "?A = ?A' \<union> {Suc k}"
+ by simp
+ hence \<heartsuit>: "finite (?A' \<union> {Suc k})"
+ using finite_nat_set_iff_bounded_le
+ by blast
+ hence
+ "(\<Sum>i | i \<le> Suc k \<and> \<pi> \<alpha> i \<noteq> 0. \<pi> \<alpha> i) =
+ (\<Sum> i \<in> ?A' \<union> {Suc k}. \<pi> \<alpha> i)"
+ unfolding \<star>
+ by auto
+ also have "... = (\<Sum> i \<in> ?A'. \<pi> \<alpha> i) + (\<Sum> i \<in> {Suc k}. \<pi> \<alpha> i)"
+ using \<heartsuit>
+ by force
+ also have "... = (\<Sum> i \<in> ?A'. \<pi> \<alpha> i) + \<pi> \<alpha> (Suc k)"
+ by simp
+ ultimately show ?thesis
+ by (simp add: Suc)
+ qed
+ qed
+ }
+ hence \<dagger>:
+ "(\<Sum>i | i \<le> shortest_period \<alpha> \<and> \<pi> \<alpha> i \<noteq> 0. \<pi> \<alpha> i) =
+ (\<Sum> i \<le> shortest_period \<alpha>. \<pi> \<alpha> i)"
+ by auto
+ {
+ fix i
+ have "(i \<le> shortest_period \<alpha> \<and> \<pi> \<alpha> i \<noteq> 0) = (\<pi> \<alpha> i \<noteq> 0)"
+ using shortest_period_bound by blast
+ }
+ note \<bullet> = this
+ show ?thesis
+ using \<dagger>
+ unfolding \<bullet> net_asset_value_def
+ by blast
+qed
+
+lemma greater_than_shortest_period_zero:
+ assumes "shortest_period \<alpha> < m"
+ shows "\<pi> \<alpha> m = 0"
+proof -
+ let ?support = "{i . \<pi> \<alpha> i \<noteq> 0}"
+ have "\<forall> i \<in> ?support . i \<le> shortest_period \<alpha>"
+ by (simp add: finite_account_support shortest_period_def)
+ then show ?thesis
+ using assms
+ by (meson CollectI leD)
+qed
+
+text \<open>An account's \<^term>\<open>net_asset_value\<close> does not change when summing beyond
+ its \<^term>\<open>shortest_period\<close>. This is helpful when computing aggregate
+ net asset values across multiple accounts.\<close>
+
+lemma net_asset_value_shortest_period_ge:
+ assumes "shortest_period \<alpha> \<le> n"
+ shows "net_asset_value \<alpha> = (\<Sum> i \<le> n. \<pi> \<alpha> i)"
+proof (cases "shortest_period \<alpha> = n")
+ case True
+ then show ?thesis
+ unfolding net_asset_value_alt_def by auto
+next
+ case False
+ hence "shortest_period \<alpha> < n" using assms by auto
+ hence "(\<Sum> i=shortest_period \<alpha> + 1.. n. \<pi> \<alpha> i) = 0"
+ (is "?\<Sigma>extra = 0")
+ using greater_than_shortest_period_zero
+ by auto
+ moreover have "(\<Sum> i \<le> n. \<pi> \<alpha> i) =
+ (\<Sum> i \<le> shortest_period \<alpha>. \<pi> \<alpha> i) + ?\<Sigma>extra"
+ (is "?lhs = ?\<Sigma>shortest_period + _")
+ by (metis
+ \<open>shortest_period \<alpha> < n\<close>
+ Suc_eq_plus1
+ less_imp_add_positive
+ sum_up_index_split)
+ ultimately have "?lhs = ?\<Sigma>shortest_period"
+ by linarith
+ then show ?thesis
+ unfolding net_asset_value_alt_def by auto
+qed
+
+subsubsection \<open>Net Asset Value Properties \label{subsubsec:net-asset-value-properties}\<close>
+
+text \<open>In this section we explore how \<^term>\<open>net_asset_value\<close> forms an
+ order-preserving group homomorphism from the universe of accounts to the
+ real numbers.\<close>
+
+text \<open>We first observe that \<^term>\<open>strictly_solvent\<close> implies the more
+ conventional notion of solvent, where an account's net asset value is
+ non-negative.\<close>
+
+lemma strictly_solvent_net_asset_value:
+ assumes "strictly_solvent \<alpha>"
+ shows "0 \<le> net_asset_value \<alpha>"
+ using assms strictly_solvent_def net_asset_value_alt_def by auto
+
+text \<open>Next we observe that \<^term>\<open>net_asset_value\<close> is a order preserving
+ group homomorphism from the universe of accounts to \<^term>\<open>real\<close>.\<close>
+
+lemma net_asset_value_zero [simp]: "net_asset_value 0 = 0"
+ unfolding net_asset_value_alt_def
+ using zero_account_def by force
+
+lemma net_asset_value_mono:
+ assumes "\<alpha> \<le> \<beta>"
+ shows "net_asset_value \<alpha> \<le> net_asset_value \<beta>"
+proof -
+ let ?r = "max (shortest_period \<alpha>) (shortest_period \<beta>)"
+ have "shortest_period \<alpha> \<le> ?r" and "shortest_period \<beta> \<le> ?r" by auto
+ hence "net_asset_value \<alpha> = (\<Sum> i \<le> ?r. \<pi> \<alpha> i)"
+ and "net_asset_value \<beta> = (\<Sum> i \<le> ?r. \<pi> \<beta> i)"
+ using net_asset_value_shortest_period_ge by presburger+
+ thus ?thesis using assms unfolding less_eq_account_def by auto
+qed
+
+lemma net_asset_value_uminus: "net_asset_value (- \<alpha>) = - net_asset_value \<alpha>"
+ unfolding
+ net_asset_value_alt_def
+ shortest_period_uminus
+ Rep_account_uminus
+ by (simp add: sum_negf)
+
+lemma net_asset_value_plus:
+ "net_asset_value (\<alpha> + \<beta>) = net_asset_value \<alpha> + net_asset_value \<beta>"
+ (is "?lhs = ?\<Sigma>\<alpha> + ?\<Sigma>\<beta>")
+proof -
+ let ?r = "max (shortest_period \<alpha>) (shortest_period \<beta>)"
+ have A: "shortest_period (\<alpha> + \<beta>) \<le> ?r"
+ and B: "shortest_period \<alpha> \<le> ?r"
+ and C: "shortest_period \<beta> \<le> ?r"
+ using shortest_period_plus by presburger+
+ have "?lhs = (\<Sum> i \<le> ?r. \<pi> (\<alpha> + \<beta>) i)"
+ using net_asset_value_shortest_period_ge [OF A] .
+ also have "\<dots> = (\<Sum> i \<le> ?r. \<pi> \<alpha> i + \<pi> \<beta> i)"
+ using Rep_account_plus by presburger
+ ultimately show ?thesis
+ using
+ net_asset_value_shortest_period_ge [OF B]
+ net_asset_value_shortest_period_ge [OF C]
+ by (simp add: sum.distrib)
+qed
+
+lemma net_asset_value_minus:
+ "net_asset_value (\<alpha> - \<beta>) = net_asset_value \<alpha> - net_asset_value \<beta>"
+ using additive.diff additive.intro net_asset_value_plus by blast
+
+text \<open>Finally we observe that \<^term>\<open>just_cash\<close> is the right inverse of
+ \<^term>\<open>net_asset_value\<close>.\<close>
+
+lemma net_asset_value_just_cash_left_inverse:
+ "net_asset_value (just_cash c) = c"
+ using net_asset_value_alt_def partial_nav_just_cash by presburger
+
+subsection \<open>Distributing Interest\<close>
+
+text \<open>We next show that the total interest accrued for a ledger at
+ distribution does not change when one account makes a transfer to
+ another.\<close>
+
+definition (in finite) total_interest :: "'a ledger \<Rightarrow> real \<Rightarrow> real"
+ where "total_interest \<L> i = (\<Sum> a \<in> UNIV. i * net_asset_value (\<L> a))"
+
+lemma (in finite) total_interest_transfer:
+ "total_interest (transfer \<L> \<tau> a b) i = total_interest \<L> i"
+ (is "total_interest ?\<L>' i = _")
+proof (cases "a = b")
+ case True
+ show ?thesis
+ unfolding \<open>a = b\<close> transfer_collapse ..
+next
+ case False
+ have "total_interest ?\<L>' i = (\<Sum> a \<in> UNIV . i * net_asset_value (?\<L>' a))"
+ unfolding total_interest_def ..
+ also have "\<dots> = (\<Sum> a \<in> UNIV - {a, b} \<union> {a,b}. i * net_asset_value (?\<L>' a))"
+ by (metis Un_Diff_cancel2 Un_UNIV_left)
+ also have "\<dots> = (\<Sum> a \<in> UNIV - {a, b}. i * net_asset_value (?\<L>' a)) +
+ i * net_asset_value (?\<L>' a) + i * net_asset_value (?\<L>' b)"
+ (is "_ = ?\<Sigma> + _ + _")
+ using \<open>a \<noteq> b\<close>
+ by simp
+ also have "\<dots> = ?\<Sigma> +
+ i * net_asset_value (\<L> a - \<tau>) +
+ i * net_asset_value (\<L> b + \<tau>)"
+ unfolding transfer_def
+ using \<open>a \<noteq> b\<close>
+ by auto
+ also have "\<dots> = ?\<Sigma> +
+ i * net_asset_value (\<L> a) +
+ i * net_asset_value (- \<tau>) +
+ i * net_asset_value (\<L> b) +
+ i * net_asset_value \<tau>"
+ unfolding minus_account_def net_asset_value_plus
+ by (simp add: distrib_left)
+ also have "\<dots> = ?\<Sigma> +
+ i * net_asset_value (\<L> a) +
+ i * net_asset_value (\<L> b)"
+ unfolding net_asset_value_uminus
+ by linarith
+ also have "\<dots> = (\<Sum> a \<in> UNIV - {a, b}. i * net_asset_value (\<L> a)) +
+ i * net_asset_value (\<L> a) +
+ i * net_asset_value (\<L> b)"
+ unfolding transfer_def
+ using \<open>a \<noteq> b\<close>
+ by force
+ also have "\<dots> = (\<Sum> a \<in> UNIV - {a, b} \<union> {a,b}. i * net_asset_value (\<L> a))"
+ using \<open>a \<noteq> b\<close> by force
+ ultimately show ?thesis
+ unfolding total_interest_def
+ by (metis Diff_partition Un_commute top_greatest)
+qed
+
+section \<open>Update \label{sec:update}\<close>
+
+text \<open>Periodically the ledger is \<^emph>\<open>updated\<close>. When this happens interest is
+ distributed and loans are returned. Each time loans are returned, a
+ fixed fraction of each loan for each period is returned.\<close>
+
+text \<open>The fixed fraction for returned loans is given by a \<^emph>\<open>rate function\<close>.
+ We denote rate functions with @{term [show_types] "\<rho> :: nat \<Rightarrow> real"}.
+ In principle this function obeys the rules:
+ \<^item> \<^term>\<open>\<rho> (0::nat) = (0 ::real)\<close> -- Cash is not returned.
+ \<^item> \<^term>\<open>\<forall>n ::nat . \<rho> n < (1 :: real)\<close> -- The fraction of a loan
+ returned never exceeds 1.
+ \<^item> \<^term>\<open>\<forall>n m :: nat. n < m \<longrightarrow> ((\<rho> n) :: real) < \<rho> m\<close> -- Higher indexes
+ correspond to shorter loan periods. This in turn corresponds to
+ a higher fraction of loans returned at update for higher indexes.
+ \<close>
+
+text \<open>In practice, rate functions determine the time it takes for 99\%
+ of the loan to be returned. However, the presentation here abstracts
+ away from time. In \S\ref{subsec:bulk-update-closed-form} we establish
+ a closed form for updating. This permits for a production implementation
+ to efficiently (albeit \<^emph>\<open>lazily\<close>) update ever \<^emph>\<open>millisecond\<close> if so
+ desired.\<close>
+
+definition return_loans :: "(nat \<Rightarrow> real) \<Rightarrow> account \<Rightarrow> account" where
+ "return_loans \<rho> \<alpha> = \<iota> (\<lambda> n . (1 - \<rho> n) * \<pi> \<alpha> n)"
+
+lemma Rep_account_return_loans [simp]:
+ "\<pi> (return_loans \<rho> \<alpha>) = (\<lambda> n . (1 - \<rho> n) * \<pi> \<alpha> n)"
+proof -
+ have "(support 0 UNIV (\<lambda> n . (1 - \<rho> n) * \<pi> \<alpha> n)) \<subseteq>
+ (support 0 UNIV (\<pi> \<alpha>))"
+ unfolding support_def
+ by (simp add: Collect_mono)
+ moreover have "finite (support 0 UNIV (\<pi> \<alpha>))"
+ using Rep_account
+ unfolding fin_support_def by auto
+ ultimately have "finite (support 0 UNIV (\<lambda> n . (1 - \<rho> n) * \<pi> \<alpha> n))"
+ using infinite_super by blast
+ hence "(\<lambda> n . (1 - \<rho> n) * \<pi> \<alpha> n) \<in> fin_support 0 UNIV"
+ unfolding fin_support_def by auto
+ thus ?thesis
+ using
+ Rep_account
+ Abs_account_inject
+ Rep_account_inverse
+ return_loans_def
+ by auto
+qed
+
+text \<open>As discussed, updating an account involves distributing interest and
+ returning its credited and debited loans.\<close>
+
+definition update_account :: "(nat \<Rightarrow> real) \<Rightarrow> real \<Rightarrow> account \<Rightarrow> account" where
+ "update_account \<rho> i \<alpha> = just_cash (i * net_asset_value \<alpha>) + return_loans \<rho> \<alpha>"
+
+definition update_ledger :: "(nat \<Rightarrow> real) \<Rightarrow> real \<Rightarrow> 'a ledger \<Rightarrow> 'a ledger"
+ where
+ "update_ledger \<rho> i \<L> a = update_account \<rho> i (\<L> a)"
+
+subsection \<open>Update Preserves Ledger Balance\<close>
+
+text \<open>A key theorem is that if all credit and debit in a ledger cancel,
+ they will continue to cancel after update. In this sense the monetary
+ supply grows with the interest rate, but is otherwise conserved.\<close>
+
+text \<open>A consequence of this theorem is that while counter-party obligations
+ are not explicitly tracked by the ledger, these obligations are fulfilled
+ as funds are returned by the protocol.\<close>
+
+definition shortest_ledger_period :: "'a ledger \<Rightarrow> nat" where
+ "shortest_ledger_period \<L> = Max (image shortest_period (range \<L>))"
+
+lemma (in finite) shortest_ledger_period_bound:
+ fixes \<L> :: "'a ledger"
+ shows "shortest_period (\<L> a) \<le> shortest_ledger_period \<L>"
+proof -
+ {
+ fix \<alpha> :: account
+ fix S :: "account set"
+ assume "finite S" and "\<alpha> \<in> S"
+ hence "shortest_period \<alpha> \<le> Max (shortest_period ` S)"
+ proof (induct S rule: finite_induct)
+ case empty
+ then show ?case by auto
+ next
+ case (insert \<beta> S)
+ then show ?case
+ proof (cases "\<alpha> = \<beta>")
+ case True
+ then show ?thesis
+ by (simp add: insert.hyps(1))
+ next
+ case False
+ hence "\<alpha> \<in> S"
+ using insert.prems by fastforce
+ then show ?thesis
+ by (meson
+ Max_ge
+ finite_imageI
+ finite_insert
+ imageI
+ insert.hyps(1)
+ insert.prems)
+ qed
+ qed
+ }
+ moreover
+ have "finite (range \<L>)"
+ by force
+ ultimately show ?thesis
+ by (simp add: shortest_ledger_period_def)
+qed
+
+theorem (in finite) update_balanced:
+ assumes "\<rho> 0 = 0" and "\<forall>n. \<rho> n < 1" and "0 \<le> i"
+ shows "balanced \<L> c = balanced (update_ledger \<rho> i \<L>) ((1 + i) * c)"
+ (is "_ = balanced ?\<L>' ((1 + i) * c)")
+proof
+ assume "balanced \<L> c"
+ have "\<forall>n>0. (\<Sum>a\<in>UNIV. \<pi> (?\<L>' a) n) = 0"
+ proof (rule allI, rule impI)
+ fix n :: nat
+ assume "n > 0"
+ {
+ fix a
+ let ?\<alpha>' = "\<lambda>n. (1 - \<rho> n) * \<pi> (\<L> a) n"
+ have "\<pi> (?\<L>' a) n = ?\<alpha>' n"
+ unfolding
+ update_ledger_def
+ update_account_def
+ Rep_account_plus
+ Rep_account_just_cash
+ Rep_account_return_loans
+ using plus_account_def \<open>n > 0\<close>
+ by simp
+ }
+ hence "(\<Sum>a\<in>UNIV. \<pi> (?\<L>' a) n) =
+ (1 - \<rho> n) * (\<Sum>a\<in>UNIV. \<pi> (\<L> a) n)"
+ using finite_UNIV
+ by (metis (mono_tags, lifting) sum.cong sum_distrib_left)
+ thus "(\<Sum>a\<in>UNIV. \<pi> (?\<L>' a) n) = 0"
+ using \<open>0 < n\<close> \<open>balanced \<L> c\<close> local.balanced_alt_def by force
+ qed
+ moreover
+ {
+ fix S :: "'a set"
+ let ?\<omega> = "shortest_ledger_period \<L>"
+ assume "(\<Sum>a\<in>S. cash_reserve (\<L> a)) = c"
+ and "\<forall>n>0. (\<Sum>a\<in>S. \<pi> (\<L> a) n) = 0"
+ have "(\<Sum>a\<in>S. cash_reserve (?\<L>' a)) =
+ (\<Sum>a\<in>S. i * (\<Sum> n \<le> ?\<omega>. \<pi> (\<L> a) n) +
+ cash_reserve (\<L> a))"
+ using finite
+ proof (induct S arbitrary: c rule: finite_induct)
+ case empty
+ then show ?case
+ by auto
+ next
+ case (insert x S)
+ have "(\<Sum>a\<in>insert x S. cash_reserve (?\<L>' a)) =
+ (\<Sum>a\<in>insert x S. i * (\<Sum> n \<le> ?\<omega>. \<pi> (\<L> a) n) +
+ cash_reserve (\<L> a))"
+ unfolding update_ledger_def update_account_def cash_reserve_def
+ by (simp add: \<open>\<rho> 0 = 0\<close>,
+ metis (no_types)
+ shortest_ledger_period_bound
+ net_asset_value_shortest_period_ge)
+ thus ?case .
+ qed
+ also have "... = (\<Sum>a\<in>S. i * (\<Sum> n = 1 .. ?\<omega>. \<pi> (\<L> a) n) +
+ i * cash_reserve (\<L> a) + cash_reserve (\<L> a))"
+ unfolding cash_reserve_def
+ by (simp add:
+ add.commute
+ distrib_left
+ sum.atMost_shift
+ sum_bounds_lt_plus1)
+ also have "... = (\<Sum>a\<in>S. i * (\<Sum> n = 1 .. ?\<omega>. \<pi> (\<L> a) n) +
+ (1 + i) * cash_reserve (\<L> a))"
+ using finite
+ by (induct S rule: finite_induct, auto, simp add: distrib_right)
+ also have "... = i * (\<Sum>a\<in>S. (\<Sum> n = 1 .. ?\<omega>. \<pi> (\<L> a) n)) +
+ (1 + i) * (\<Sum>a\<in>S. cash_reserve (\<L> a))"
+ by (simp add: sum.distrib sum_distrib_left)
+ also have "... = i * (\<Sum> n = 1 .. ?\<omega>. (\<Sum>a\<in>S. \<pi> (\<L> a) n)) +
+ (1 + i) * c"
+ using \<open>(\<Sum>a\<in>S. cash_reserve (\<L> a)) = c\<close> sum.swap by force
+ finally have "(\<Sum>a\<in>S. cash_reserve (?\<L>' a)) = c * (1 + i)"
+ using \<open>\<forall>n>0. (\<Sum>a\<in>S. \<pi> (\<L> a) n) = 0\<close>
+ by simp
+ }
+ hence "(\<Sum>a\<in>UNIV. cash_reserve (?\<L>' a)) = c * (1 + i)"
+ using \<open>balanced \<L> c\<close>
+ unfolding balanced_alt_def
+ by fastforce
+ ultimately show "balanced ?\<L>' ((1 + i) * c)"
+ unfolding balanced_alt_def
+ by auto
+next
+ assume "balanced ?\<L>' ((1 + i) * c)"
+ have \<star>: "\<forall>n>0. (\<Sum>a\<in>UNIV. \<pi> (\<L> a) n) = 0"
+ proof (rule allI, rule impI)
+ fix n :: nat
+ assume "n > 0"
+ hence "0 = (\<Sum>a\<in>UNIV. \<pi> (?\<L>' a) n)"
+ using \<open>balanced ?\<L>' ((1 + i) * c)\<close>
+ unfolding balanced_alt_def
+ by auto
+ also have "\<dots> = (\<Sum>a\<in>UNIV. (1 - \<rho> n) * \<pi> (\<L> a) n)"
+ unfolding
+ update_ledger_def
+ update_account_def
+ Rep_account_return_loans
+ Rep_account_just_cash
+ using \<open>n > 0\<close>
+ by auto
+ also have "\<dots> = (1 - \<rho> n) * (\<Sum>a\<in>UNIV. \<pi> (\<L> a) n)"
+ by (simp add: sum_distrib_left)
+ finally show "(\<Sum>a\<in>UNIV. \<pi> (\<L> a) n) = 0"
+ by (metis
+ \<open>\<forall> r . \<rho> r < 1\<close>
+ diff_gt_0_iff_gt
+ less_numeral_extra(3)
+ mult_eq_0_iff)
+ qed
+ moreover
+ {
+ fix S :: "'a set"
+ let ?\<omega> = "shortest_ledger_period \<L>"
+ assume "(\<Sum>a\<in>S. cash_reserve (?\<L>' a)) = (1 + i) * c"
+ and "\<forall>n>0. (\<Sum>a\<in>S. \<pi> (\<L> a) n) = 0"
+ hence "(1 + i) * c = (\<Sum>a\<in>S. cash_reserve (?\<L>' a))"
+ by auto
+ also have "\<dots> = (\<Sum>a\<in>S. i * (\<Sum> n \<le> ?\<omega>. \<pi> (\<L> a) n) +
+ cash_reserve (\<L> a))"
+ using finite
+ proof (induct S rule: finite_induct)
+ case empty
+ then show ?case
+ by auto
+ next
+ case (insert x S)
+ have "(\<Sum>a\<in>insert x S. cash_reserve (?\<L>' a)) =
+ (\<Sum>a\<in>insert x S.
+ i * (\<Sum> n \<le> ?\<omega>. \<pi> (\<L> a) n) + cash_reserve (\<L> a))"
+ unfolding update_ledger_def update_account_def cash_reserve_def
+ by (simp add: \<open>\<rho> 0 = 0\<close>,
+ metis (no_types)
+ shortest_ledger_period_bound
+ net_asset_value_shortest_period_ge)
+ thus ?case .
+ qed
+ also have "\<dots> = (\<Sum>a\<in>S. i * (\<Sum> n = 1 .. ?\<omega>. \<pi> (\<L> a) n) +
+ i * cash_reserve (\<L> a) + cash_reserve (\<L> a))"
+ unfolding cash_reserve_def
+ by (simp add:
+ add.commute
+ distrib_left
+ sum.atMost_shift
+ sum_bounds_lt_plus1)
+ also have "\<dots> = (\<Sum>a\<in>S. i * (\<Sum> n = 1 .. ?\<omega>. \<pi> (\<L> a) n) +
+ (1 + i) * cash_reserve (\<L> a))"
+ using finite
+ by (induct S rule: finite_induct, auto, simp add: distrib_right)
+ also have "\<dots> = i * (\<Sum>a\<in>S. (\<Sum> n = 1 .. ?\<omega>. \<pi> (\<L> a) n)) +
+ (1 + i) * (\<Sum>a\<in>S. cash_reserve (\<L> a))"
+ by (simp add: sum.distrib sum_distrib_left)
+ also have "\<dots> = i * (\<Sum> n = 1 .. ?\<omega>. (\<Sum>a\<in>S. \<pi> (\<L> a) n)) +
+ (1 + i) * (\<Sum>a\<in>S. cash_reserve (\<L> a))"
+ using sum.swap by force
+ also have "\<dots> = (1 + i) * (\<Sum>a\<in>S. cash_reserve (\<L> a))"
+ using \<open>\<forall>n>0. (\<Sum>a\<in>S. \<pi> (\<L> a) n) = 0\<close>
+ by simp
+ finally have "c = (\<Sum>a\<in>S. cash_reserve (\<L> a))"
+ using \<open>0 \<le> i\<close>
+ by force
+ }
+ hence "(\<Sum>a\<in>UNIV. cash_reserve (\<L> a)) = c"
+ unfolding cash_reserve_def
+ by (metis
+ Rep_account_just_cash
+ \<open>balanced ?\<L>' ((1 + i) * c)\<close>
+ \<star>
+ balanced_def
+ finite_Rep_account_ledger)
+ ultimately show "balanced \<L> c"
+ unfolding balanced_alt_def
+ by auto
+qed
+
+subsection \<open>Strictly Solvent is Forever Strictly Solvent\<close>
+
+text \<open>The final theorem presented in this section is that if an account is
+ strictly solvent, it will still be strictly solvent after update.\<close>
+
+text \<open>This theorem is the key to how the system avoids counter party risk.
+ Provided the system enforces that all accounts are strictly solvent and
+ transfers are \<^emph>\<open>valid\<close> (as discussed in \S\ref{subsec:transfers}),
+ all accounts will remain strictly solvent forever.\<close>
+
+text \<open>We first prove that \<^term>\<open>return_loans\<close> is a group homomorphism.\<close>
+
+text \<open>It is order preserving given certain assumptions.\<close>
+
+lemma return_loans_plus:
+ "return_loans \<rho> (\<alpha> + \<beta>) = return_loans \<rho> \<alpha> + return_loans \<rho> \<beta>"
+proof -
+ let ?\<alpha> = "\<pi> \<alpha>"
+ let ?\<beta> = "\<pi> \<beta>"
+ let ?\<rho>\<alpha>\<beta> = "\<lambda>n. (1 - \<rho> n) * (?\<alpha> n + ?\<beta> n)"
+ let ?\<rho>\<alpha> = "\<lambda>n. (1 - \<rho> n) * ?\<alpha> n"
+ let ?\<rho>\<beta> = "\<lambda>n. (1 - \<rho> n) * ?\<beta> n"
+ have "support 0 UNIV ?\<rho>\<alpha> \<subseteq> support 0 UNIV ?\<alpha>"
+ "support 0 UNIV ?\<rho>\<beta> \<subseteq> support 0 UNIV ?\<beta>"
+ "support 0 UNIV ?\<rho>\<alpha>\<beta> \<subseteq> support 0 UNIV ?\<alpha> \<union> support 0 UNIV ?\<beta>"
+ unfolding support_def
+ by auto
+ moreover have
+ "?\<alpha> \<in> fin_support 0 UNIV"
+ "?\<beta> \<in> fin_support 0 UNIV"
+ using Rep_account by force+
+ ultimately have \<star>:
+ "?\<rho>\<alpha> \<in> fin_support 0 UNIV"
+ "?\<rho>\<beta> \<in> fin_support 0 UNIV"
+ "?\<rho>\<alpha>\<beta> \<in> fin_support 0 UNIV"
+ unfolding fin_support_def
+ using finite_subset by auto+
+ {
+ fix n
+ have "\<pi> (return_loans \<rho> (\<alpha> + \<beta>)) n =
+ \<pi> (return_loans \<rho> \<alpha> + return_loans \<rho> \<beta>) n"
+ unfolding return_loans_def Rep_account_plus
+ using \<star> Abs_account_inverse distrib_left by auto
+ }
+ hence "\<pi> (return_loans \<rho> (\<alpha> + \<beta>)) =
+ \<pi> (return_loans \<rho> \<alpha> + return_loans \<rho> \<beta>)"
+ by auto
+ thus ?thesis
+ by (metis Rep_account_inverse)
+qed
+
+lemma return_loans_zero [simp]: "return_loans \<rho> 0 = 0"
+proof -
+ have "(\<lambda>n. (1 - \<rho> n) * 0) = (\<lambda>_. 0)"
+ by force
+ hence "\<iota> (\<lambda>n. (1 - \<rho> n) * 0) = 0"
+ unfolding zero_account_def
+ by presburger
+ thus ?thesis
+ unfolding return_loans_def Rep_account_zero .
+qed
+
+lemma return_loans_uminus: "return_loans \<rho> (- \<alpha>) = - return_loans \<rho> \<alpha>"
+ by (metis
+ add.left_cancel
+ diff_self
+ minus_account_def
+ return_loans_plus
+ return_loans_zero)
+
+lemma return_loans_subtract:
+ "return_loans \<rho> (\<alpha> - \<beta>) = return_loans \<rho> \<alpha> - return_loans \<rho> \<beta>"
+ by (simp add: additive.diff additive_def return_loans_plus)
+
+text \<open>As presented in \S\ref{sec:accounts}, each index corresponds to a
+ progressively shorter loan period. This is captured by a monotonicity
+ assumption on the rate function @{term [show_types] "\<rho> :: nat \<Rightarrow> real"}.
+ In particular, provided \<^term>\<open>\<forall> n . \<rho> n < (1 :: real)\<close> and
+ \<^term>\<open>\<forall> n m :: nat . n < m \<longrightarrow> \<rho> n < (\<rho> m :: real)\<close> then we know that
+ all outstanding credit is going away faster than loans debited for
+ longer periods.\<close>
+
+text \<open>Given the monotonicity assumptions for a rate function
+ @{term [show_types] "\<rho> :: nat \<Rightarrow> real"}, we may in turn prove monotonicity
+ for \<^term>\<open>return_loans\<close> over \<open>(\<le>)::account \<Rightarrow> account \<Rightarrow> bool\<close>.\<close>
+
+lemma return_loans_mono:
+ assumes "\<forall> n . \<rho> n < 1"
+ and "\<forall> n m . n \<le> m \<longrightarrow> \<rho> n \<le> \<rho> m"
+ and "\<alpha> \<le> \<beta>"
+ shows "return_loans \<rho> \<alpha> \<le> return_loans \<rho> \<beta>"
+proof -
+ {
+ fix \<alpha> :: account
+ assume "0 \<le> \<alpha>"
+ {
+ fix n :: nat
+ let ?\<alpha> = "\<pi> \<alpha>"
+ let ?\<rho>\<alpha> = "\<lambda>n. (1 - \<rho> n) * ?\<alpha> n"
+ have "\<forall> n . 0 \<le> (\<Sum> i\<le>n . ?\<alpha> i)"
+ using \<open>0 \<le> \<alpha>\<close>
+ unfolding less_eq_account_def Rep_account_zero
+ by simp
+ hence "0 \<le> (\<Sum> i\<le>n . ?\<alpha> i)" by auto
+ moreover have "(1 - \<rho> n) * (\<Sum> i\<le>n . ?\<alpha> i) \<le> (\<Sum> i\<le>n . ?\<rho>\<alpha> i)"
+ proof (induct n)
+ case 0
+ then show ?case by simp
+ next
+ case (Suc n)
+ have "0 \<le> (1 - \<rho> (Suc n))"
+ by (simp add: \<open>\<forall> n . \<rho> n < 1\<close> less_eq_real_def)
+ moreover have "(1 - \<rho> (Suc n)) \<le> (1 - \<rho> n)"
+ using \<open>\<forall> n m . n \<le> m \<longrightarrow> \<rho> n \<le> \<rho> m\<close>
+ by simp
+ ultimately have
+ "(1 - \<rho> (Suc n)) * (\<Sum> i\<le>n . ?\<alpha> i) \<le> (1 - \<rho> n) * (\<Sum> i\<le>n . ?\<alpha> i)"
+ using \<open>\<forall> n . 0 \<le> (\<Sum> i\<le>n . ?\<alpha> i)\<close>
+ by (meson le_less mult_mono')
+ hence
+ "(1 - \<rho> (Suc n)) * (\<Sum> i\<le> Suc n . ?\<alpha> i) \<le>
+ (1 - \<rho> n) * (\<Sum> i\<le>n . ?\<alpha> i) + (1 - \<rho> (Suc n)) * (?\<alpha> (Suc n))"
+ (is "_ \<le> ?X")
+ by (simp add: distrib_left)
+ moreover have
+ "?X \<le> (\<Sum> i\<le> Suc n . ?\<rho>\<alpha> i)"
+ using Suc.hyps by fastforce
+ ultimately show ?case by auto
+ qed
+ moreover have "0 < 1 - \<rho> n"
+ by (simp add: \<open>\<forall> n . \<rho> n < 1\<close>)
+ ultimately have "0 \<le> (\<Sum> i\<le>n . ?\<rho>\<alpha> i)"
+ using dual_order.trans by fastforce
+ }
+ hence "strictly_solvent (return_loans \<rho> \<alpha>)"
+ unfolding strictly_solvent_def Rep_account_return_loans
+ by auto
+ }
+ hence "0 \<le> return_loans \<rho> (\<beta> - \<alpha>)"
+ using \<open>\<alpha> \<le> \<beta>\<close>
+ by (simp add: strictly_solvent_alt_def)
+ thus ?thesis
+ by (metis
+ add_diff_cancel_left'
+ diff_ge_0_iff_ge
+ minus_account_def
+ return_loans_plus)
+qed
+
+lemma return_loans_just_cash:
+ assumes "\<rho> 0 = 0"
+ shows "return_loans \<rho> (just_cash c) = just_cash c"
+proof -
+ have "(\<lambda>n. (1 - \<rho> n) * \<pi> (\<iota> (\<lambda>n. if n = 0 then c else 0)) n)
+ = (\<lambda>n. if n = 0 then (1 - \<rho> n) * c else 0)"
+ using Rep_account_just_cash just_cash_def by force
+ also have "\<dots> = (\<lambda>n. if n = 0 then c else 0)"
+ using \<open>\<rho> 0 = 0\<close>
+ by force
+ finally show ?thesis
+ unfolding return_loans_def just_cash_def
+ by presburger
+qed
+
+lemma distribute_interest_plus:
+ "just_cash (i * net_asset_value (\<alpha> + \<beta>)) =
+ just_cash (i * net_asset_value \<alpha>) +
+ just_cash (i * net_asset_value \<beta>)"
+ unfolding just_cash_def net_asset_value_plus
+ by (metis
+ distrib_left
+ just_cash_plus
+ just_cash_def)
+
+text \<open>We now prove that \<^term>\<open>update_account\<close> is an order-preserving group
+ homomorphism just as \<^term>\<open>just_cash\<close>, \<^term>\<open>net_asset_value\<close>, and
+ \<^term>\<open>return_loans\<close> are.\<close>
+
+lemma update_account_plus:
+ "update_account \<rho> i (\<alpha> + \<beta>) =
+ update_account \<rho> i \<alpha> + update_account \<rho> i \<beta>"
+ unfolding
+ update_account_def
+ return_loans_plus
+ distribute_interest_plus
+ by simp
+
+lemma update_account_zero [simp]: "update_account \<rho> i 0 = 0"
+ by (metis add_cancel_right_left update_account_plus)
+
+lemma update_account_uminus:
+ "update_account \<rho> i (-\<alpha>) = - update_account \<rho> i \<alpha>"
+ unfolding update_account_def
+ by (simp add: net_asset_value_uminus return_loans_uminus)
+
+lemma update_account_subtract:
+ "update_account \<rho> i (\<alpha> - \<beta>) =
+ update_account \<rho> i \<alpha> - update_account \<rho> i \<beta>"
+ by (simp add: additive.diff additive.intro update_account_plus)
+
+lemma update_account_mono:
+ assumes "0 \<le> i"
+ and "\<forall> n . \<rho> n < 1"
+ and "\<forall> n m . n \<le> m \<longrightarrow> \<rho> n \<le> \<rho> m"
+ and "\<alpha> \<le> \<beta>"
+ shows "update_account \<rho> i \<alpha> \<le> update_account \<rho> i \<beta>"
+proof -
+ have "net_asset_value \<alpha> \<le> net_asset_value \<beta>"
+ using \<open>\<alpha> \<le> \<beta>\<close> net_asset_value_mono by presburger
+ hence "i * net_asset_value \<alpha> \<le> i * net_asset_value \<beta>"
+ by (simp add: \<open>0 \<le> i\<close> mult_left_mono)
+ hence "just_cash (i * net_asset_value \<alpha>) \<le>
+ just_cash (i * net_asset_value \<beta>)"
+ by (simp add: just_cash_order_embed)
+ moreover
+ have "return_loans \<rho> \<alpha> \<le> return_loans \<rho> \<beta>"
+ using assms return_loans_mono by presburger
+ ultimately show ?thesis unfolding update_account_def
+ by (simp add: add_mono)
+qed
+
+text \<open>It follows from monotonicity and @{thm update_account_zero [no_vars]} that
+ strictly solvent accounts remain strictly solvent after update.\<close>
+
+lemma update_preserves_strictly_solvent:
+ assumes "0 \<le> i"
+ and "\<forall> n . \<rho> n < 1"
+ and "\<forall> n m . n \<le> m \<longrightarrow> \<rho> n \<le> \<rho> m"
+ and "strictly_solvent \<alpha>"
+ shows "strictly_solvent (update_account \<rho> i \<alpha>)"
+ using assms
+ unfolding strictly_solvent_alt_def
+ by (metis update_account_mono update_account_zero)
+
+section \<open>Bulk Update \label{sec:bulk-update}\<close>
+
+text \<open>In this section we demonstrate there exists a closed form for
+ bulk-updating an account.\<close>
+
+primrec bulk_update_account ::
+ "nat \<Rightarrow> (nat \<Rightarrow> real) \<Rightarrow> real \<Rightarrow> account \<Rightarrow> account"
+ where
+ "bulk_update_account 0 _ _ \<alpha> = \<alpha>"
+ | "bulk_update_account (Suc n) \<rho> i \<alpha> =
+ update_account \<rho> i (bulk_update_account n \<rho> i \<alpha>)"
+
+text \<open>As with \<^term>\<open>update_account\<close>, \<^term>\<open>bulk_update_account\<close> is an
+ order-preserving group homomorphism.\<close>
+
+text \<open>We now prove that \<^term>\<open>update_account\<close> is an order-preserving group
+ homomorphism just as \<^term>\<open>just_cash\<close>, \<^term>\<open>net_asset_value\<close>, and
+ \<^term>\<open>return_loans\<close> are.\<close>
+
+lemma bulk_update_account_plus:
+ "bulk_update_account n \<rho> i (\<alpha> + \<beta>) =
+ bulk_update_account n \<rho> i \<alpha> + bulk_update_account n \<rho> i \<beta>"
+proof (induct n)
+ case 0
+ then show ?case by simp
+next
+ case (Suc n)
+ then show ?case
+ using bulk_update_account.simps(2) update_account_plus by presburger
+qed
+
+lemma bulk_update_account_zero [simp]: "bulk_update_account n \<rho> i 0 = 0"
+ by (metis add_cancel_right_left bulk_update_account_plus)
+
+lemma bulk_update_account_uminus:
+ "bulk_update_account n \<rho> i (-\<alpha>) = - bulk_update_account n \<rho> i \<alpha>"
+ by (metis add_eq_0_iff bulk_update_account_plus bulk_update_account_zero)
+
+
+lemma bulk_update_account_subtract:
+ "bulk_update_account n \<rho> i (\<alpha> - \<beta>) =
+ bulk_update_account n \<rho> i \<alpha> - bulk_update_account n \<rho> i \<beta>"
+ by (simp add: additive.diff additive_def bulk_update_account_plus)
+
+lemma bulk_update_account_mono:
+ assumes "0 \<le> i"
+ and "\<forall> n . \<rho> n < 1"
+ and "\<forall> n m . n \<le> m \<longrightarrow> \<rho> n \<le> \<rho> m"
+ and "\<alpha> \<le> \<beta>"
+ shows "bulk_update_account n \<rho> i \<alpha> \<le> bulk_update_account n \<rho> i \<beta>"
+ using assms
+proof (induct n)
+ case 0
+ then show ?case by simp
+next
+ case (Suc n)
+ then show ?case
+ using bulk_update_account.simps(2) update_account_mono by presburger
+qed
+
+text \<open>In follows from the fact that \<^term>\<open>bulk_update_account\<close> is an
+ order-preserving group homomorphism that the update protocol is \<^emph>\<open>safe\<close>.
+ Informally this means that provided we enforce every account is strictly
+ solvent then no account will ever have negative net asset value
+ (ie, be in the red).\<close>
+
+theorem bulk_update_safety:
+ assumes "0 \<le> i"
+ and "\<forall> n . \<rho> n < 1"
+ and "\<forall> n m . n \<le> m \<longrightarrow> \<rho> n \<le> \<rho> m"
+ and "strictly_solvent \<alpha>"
+ shows "0 \<le> net_asset_value (bulk_update_account n \<rho> i \<alpha>)"
+ using assms
+ by (metis
+ bulk_update_account_mono
+ bulk_update_account_zero
+ strictly_solvent_alt_def
+ strictly_solvent_net_asset_value)
+
+subsection \<open>Decomposition\<close>
+
+text \<open>In order to express \<^term>\<open>bulk_update_account\<close> using a closed
+ formulation, we first demonstrate how to \<^emph>\<open>decompose\<close> an account
+ into a summation of credited and debited loans for different periods.\<close>
+
+definition loan :: "nat \<Rightarrow> real \<Rightarrow> account" ("\<delta>")
+ where
+ "\<delta> n x = \<iota> (\<lambda> m . if n = m then x else 0)"
+
+lemma loan_just_cash: "\<delta> 0 c = just_cash c"
+ unfolding just_cash_def loan_def
+ by force
+
+lemma Rep_account_loan [simp]:
+ "\<pi> (\<delta> n x) = (\<lambda> m . if n = m then x else 0)"
+proof -
+ have "(\<lambda> m . if n = m then x else 0) \<in> fin_support 0 UNIV"
+ unfolding fin_support_def support_def
+ by force
+ thus ?thesis
+ unfolding loan_def
+ using Abs_account_inverse by blast
+qed
+
+lemma loan_zero [simp]: "\<delta> n 0 = 0"
+ unfolding loan_def
+ using zero_account_def by fastforce
+
+lemma shortest_period_loan:
+ assumes "c \<noteq> 0"
+ shows "shortest_period (\<delta> n c) = n"
+ using assms
+ unfolding shortest_period_def Rep_account_loan
+ by simp
+
+lemma net_asset_value_loan [simp]: "net_asset_value (\<delta> n c) = c"
+proof (cases "c = 0")
+ case True
+ then show ?thesis by simp
+next
+ case False
+ hence "shortest_period (\<delta> n c) = n" using shortest_period_loan by blast
+ then show ?thesis unfolding net_asset_value_alt_def by simp
+qed
+
+lemma return_loans_loan [simp]: "return_loans \<rho> (\<delta> n c) = \<delta> n ((1 - \<rho> n) * c)"
+proof -
+ have "return_loans \<rho> (\<delta> n c) =
+ \<iota> (\<lambda>na. (if n = na then (1 - \<rho> n) * c else 0))"
+ unfolding return_loans_def
+ by (metis Rep_account_loan mult.commute mult_zero_left)
+ thus ?thesis
+ by (simp add: loan_def)
+qed
+
+lemma account_decomposition:
+ "\<alpha> = (\<Sum> i \<le> shortest_period \<alpha>. \<delta> i (\<pi> \<alpha> i))"
+proof -
+ let ?p = "shortest_period \<alpha>"
+ let ?\<pi>\<alpha> = "\<pi> \<alpha>"
+ let ?\<Sigma>\<delta> = "\<Sum> i \<le> ?p. \<delta> i (?\<pi>\<alpha> i)"
+ {
+ fix n m :: nat
+ fix f :: "nat \<Rightarrow> real"
+ assume "n > m"
+ hence "\<pi> (\<Sum> i \<le> m. \<delta> i (f i)) n = 0"
+ by (induct m, simp+)
+ }
+ note \<bullet> = this
+ {
+ fix n :: nat
+ have "\<pi> ?\<Sigma>\<delta> n = ?\<pi>\<alpha> n"
+ proof (cases "n \<le> ?p")
+ case True
+ {
+ fix n m :: nat
+ fix f :: "nat \<Rightarrow> real"
+ assume "n \<le> m"
+ hence "\<pi> (\<Sum> i \<le> m. \<delta> i (f i)) n = f n"
+ proof (induct m)
+ case 0
+ then show ?case by simp
+ next
+ case (Suc m)
+ then show ?case
+ proof (cases "n = Suc m")
+ case True
+ then show ?thesis using \<bullet> by auto
+ next
+ case False
+ hence "n \<le> m"
+ using Suc.prems le_Suc_eq by blast
+ then show ?thesis
+ by (simp add: Suc.hyps)
+ qed
+ qed
+ }
+ then show ?thesis using True by auto
+ next
+ case False
+ have "?\<pi>\<alpha> n = 0"
+ unfolding shortest_period_def
+ using False shortest_period_bound by blast
+ thus ?thesis using False \<bullet> by auto
+ qed
+ }
+ thus ?thesis
+ by (metis Rep_account_inject ext)
+qed
+
+subsection \<open>Closed Forms \label{subsec:bulk-update-closed-form}\<close>
+
+text \<open>We first give closed forms for loans \<^term>\<open>\<delta> n c\<close>. The simplest closed
+ form is for \<^term>\<open>just_cash\<close>. Here the closed form is just the compound
+ interest accrued from each update.\<close>
+
+lemma bulk_update_just_cash_closed_form:
+ assumes "\<rho> 0 = 0"
+ shows "bulk_update_account n \<rho> i (just_cash c) =
+ just_cash ((1 + i) ^ n * c)"
+proof (induct n)
+ case 0
+ then show ?case by simp
+next
+ case (Suc n)
+ have "return_loans \<rho> (just_cash ((1 + i) ^ n * c)) =
+ just_cash ((1 + i) ^ n * c)"
+ using assms return_loans_just_cash by blast
+ thus ?case
+ using Suc net_asset_value_just_cash_left_inverse
+ by (simp add: update_account_def,
+ metis
+ add.commute
+ mult.commute
+ mult.left_commute
+ mult_1
+ ring_class.ring_distribs(2))
+qed
+
+lemma bulk_update_loan_closed_form:
+ assumes "\<rho> k \<noteq> 1"
+ and "\<rho> k > 0"
+ and "\<rho> 0 = 0"
+ and "i \<ge> 0"
+ shows "bulk_update_account n \<rho> i (\<delta> k c) =
+ just_cash (c * i * ((1 + i) ^ n - (1 - \<rho> k) ^ n) / (i + \<rho> k))
+ + \<delta> k ((1 - \<rho> k) ^ n * c)"
+proof (induct n)
+ case 0
+ then show ?case
+ by (simp add: zero_account_alt_def)
+next
+ case (Suc n)
+ have "i + \<rho> k > 0"
+ using assms(2) assms(4) by force
+ hence "(i + \<rho> k) / (i + \<rho> k) = 1"
+ by force
+ hence "bulk_update_account (Suc n) \<rho> i (\<delta> k c) =
+ just_cash
+ ((c * i) / (i + \<rho> k) * (1 + i) * ((1 + i) ^ n - (1 - \<rho> k) ^ n) +
+ c * i * (1 - \<rho> k) ^ n * ((i + \<rho> k) / (i + \<rho> k)))
+ + \<delta> k ((1 - \<rho> k) ^ (n + 1) * c)"
+ using Suc
+ by (simp add:
+ return_loans_plus
+ \<open>\<rho> 0 = 0\<close>
+ return_loans_just_cash
+ update_account_def
+ net_asset_value_plus
+ net_asset_value_just_cash_left_inverse
+ add.commute
+ add.left_commute
+ distrib_left
+ mult.assoc
+ add_divide_distrib
+ distrib_right
+ mult.commute
+ mult.left_commute)
+ also have
+ "\<dots> =
+ just_cash
+ ((c * i) / (i + \<rho> k) * (1 + i) * ((1 + i) ^ n - (1 - \<rho> k) ^ n) +
+ (c * i) / (i + \<rho> k) * (1 - \<rho> k) ^ n * (i + \<rho> k))
+ + \<delta> k ((1 - \<rho> k) ^ (n + 1) * c)"
+ by (metis (no_types, lifting) times_divide_eq_left times_divide_eq_right)
+ also have
+ "\<dots> =
+ just_cash
+ ((c * i) / (i + \<rho> k) * (
+ (1 + i) * ((1 + i) ^ n - (1 - \<rho> k) ^ n)
+ + (1 - \<rho> k) ^ n * (i + \<rho> k)))
+ + \<delta> k ((1 - \<rho> k) ^ (n + 1) * c)"
+ by (metis (no_types, lifting) mult.assoc ring_class.ring_distribs(1))
+ also have
+ "\<dots> =
+ just_cash
+ ((c * i) / (i + \<rho> k) * ((1 + i) ^ (n + 1) - (1 - \<rho> k) ^ (n + 1)))
+ + \<delta> k ((1 - \<rho> k) ^ (n + 1) * c)"
+ by (simp add: mult.commute mult_diff_mult)
+ ultimately show ?case by simp
+qed
+
+text \<open>We next give an \<^emph>\<open>algebraic\<close> closed form. This uses the ordered
+ abelian group that \<^typ>\<open>account\<close>s form.\<close>
+
+lemma bulk_update_algebraic_closed_form:
+ assumes "0 \<le> i"
+ and "\<forall> n . \<rho> n < 1"
+ and "\<forall> n m . n < m \<longrightarrow> \<rho> n < \<rho> m"
+ and "\<rho> 0 = 0"
+ shows "bulk_update_account n \<rho> i \<alpha>
+ = just_cash (
+ (1 + i) ^ n * (cash_reserve \<alpha>)
+ + (\<Sum> k = 1..shortest_period \<alpha>.
+ (\<pi> \<alpha> k) * i * ((1 + i) ^ n - (1 - \<rho> k) ^ n)
+ / (i + \<rho> k))
+ )
+ + (\<Sum>k = 1..shortest_period \<alpha>. \<delta> k ((1 - \<rho> k) ^ n * \<pi> \<alpha> k))"
+proof -
+ {
+ fix m
+ have "\<forall> k \<in> {1..m}. \<rho> k \<noteq> 1 \<and> \<rho> k > 0"
+ by (metis
+ assms(2)
+ assms(3)
+ assms(4)
+ atLeastAtMost_iff
+ dual_order.refl
+ less_numeral_extra(1)
+ linorder_not_less
+ not_gr_zero)
+ hence \<star>: "\<forall> k \<in> {1..m}.
+ bulk_update_account n \<rho> i (\<delta> k (\<pi> \<alpha> k))
+ = just_cash ((\<pi> \<alpha> k) * i * ((1 + i) ^ n - (1 - \<rho> k) ^ n)
+ / (i + \<rho> k))
+ + \<delta> k ((1 - \<rho> k) ^ n * (\<pi> \<alpha> k))"
+ using assms(1) assms(4) bulk_update_loan_closed_form by blast
+ have "bulk_update_account n \<rho> i (\<Sum> k \<le> m. \<delta> k (\<pi> \<alpha> k))
+ = (\<Sum> k \<le> m. bulk_update_account n \<rho> i (\<delta> k (\<pi> \<alpha> k)))"
+ by (induct m, simp, simp add: bulk_update_account_plus)
+ also have
+ "\<dots> = bulk_update_account n \<rho> i (\<delta> 0 (\<pi> \<alpha> 0))
+ + (\<Sum> k = 1..m. bulk_update_account n \<rho> i (\<delta> k (\<pi> \<alpha> k)))"
+ by (simp add: atMost_atLeast0 sum.atLeast_Suc_atMost)
+ also have
+ "\<dots> = just_cash ((1 + i) ^ n * cash_reserve \<alpha>)
+ + (\<Sum> k = 1..m. bulk_update_account n \<rho> i (\<delta> k (\<pi> \<alpha> k)))"
+ using
+ \<open>\<rho> 0 = 0\<close>
+ bulk_update_just_cash_closed_form
+ loan_just_cash
+ cash_reserve_def
+ by presburger
+ also have
+ "\<dots> = just_cash ((1 + i) ^ n * cash_reserve \<alpha>)
+ + (\<Sum> k = 1..m.
+ just_cash ((\<pi> \<alpha> k) * i * ((1 + i) ^ n - (1 - \<rho> k) ^ n)
+ / (i + \<rho> k))
+ + \<delta> k ((1 - \<rho> k) ^ n * (\<pi> \<alpha> k)))"
+ using \<star> by auto
+ also have
+ "\<dots> = just_cash ((1 + i) ^ n * cash_reserve \<alpha>)
+ + (\<Sum> k = 1..m.
+ just_cash ((\<pi> \<alpha> k) * i * ((1 + i) ^ n - (1 - \<rho> k) ^ n)
+ / (i + \<rho> k)))
+ + (\<Sum> k = 1..m. \<delta> k ((1 - \<rho> k) ^ n * (\<pi> \<alpha> k)))"
+ by (induct m, auto)
+ also have
+ "\<dots> = just_cash ((1 + i) ^ n * cash_reserve \<alpha>)
+ + just_cash
+ (\<Sum> k = 1..m.
+ (\<pi> \<alpha> k) * i * ((1 + i) ^ n - (1 - \<rho> k) ^ n) / (i + \<rho> k))
+ + (\<Sum> k = 1..m. \<delta> k ((1 - \<rho> k) ^ n * (\<pi> \<alpha> k)))"
+ by (induct m, auto, metis (no_types, lifting) add.assoc just_cash_plus)
+ ultimately have
+ "bulk_update_account n \<rho> i (\<Sum> k \<le> m. \<delta> k (\<pi> \<alpha> k)) =
+ just_cash (
+ (1 + i) ^ n * cash_reserve \<alpha>
+ + (\<Sum> k = 1..m.
+ (\<pi> \<alpha> k) * i * ((1 + i) ^ n - (1 - \<rho> k) ^ n) / (i + \<rho> k)))
+ + (\<Sum> k = 1..m. \<delta> k ((1 - \<rho> k) ^ n * (\<pi> \<alpha> k)))"
+ by simp
+ }
+ note \<bullet> = this
+ have
+ "bulk_update_account n \<rho> i \<alpha>
+ = bulk_update_account n \<rho> i (\<Sum> k \<le> shortest_period \<alpha>. \<delta> k (\<pi> \<alpha> k))"
+ using account_decomposition by presburger
+ thus ?thesis unfolding \<bullet> .
+qed
+
+text \<open>We finally give a \<^emph>\<open>functional\<close> closed form for bulk updating an
+ account. Since the form is in terms of exponentiation, we may
+ efficiently compute the bulk update output using
+ \<^emph>\<open>exponentiation-by-squaring\<close>.\<close>
+
+theorem bulk_update_closed_form:
+ assumes "0 \<le> i"
+ and "\<forall> n . \<rho> n < 1"
+ and "\<forall> n m . n < m \<longrightarrow> \<rho> n < \<rho> m"
+ and "\<rho> 0 = 0"
+ shows "bulk_update_account n \<rho> i \<alpha>
+ = \<iota> ( \<lambda> k .
+ if k = 0 then
+ (1 + i) ^ n * (cash_reserve \<alpha>)
+ + (\<Sum> j = 1..shortest_period \<alpha>.
+ (\<pi> \<alpha> j) * i * ((1 + i) ^ n - (1 - \<rho> j) ^ n)
+ / (i + \<rho> j))
+ else
+ (1 - \<rho> k) ^ n * \<pi> \<alpha> k
+ )"
+ (is "_ = \<iota> ?\<nu>")
+proof -
+ obtain \<nu> where X: "\<nu> = ?\<nu>" by blast
+ moreover obtain \<nu>' where Y:
+ "\<nu>' = \<pi> ( just_cash (
+ (1 + i) ^ n * (cash_reserve \<alpha>)
+ + (\<Sum> j = 1..shortest_period \<alpha>.
+ (\<pi> \<alpha> j) * i * ((1 + i) ^ n - (1 - \<rho> j) ^ n)
+ / (i + \<rho> j))
+ )
+ + (\<Sum>j = 1..shortest_period \<alpha>. \<delta> j ((1 - \<rho> j) ^ n * \<pi> \<alpha> j)))"
+ by blast
+ moreover
+ {
+ fix k
+ have "\<forall> k > shortest_period \<alpha> . \<nu> k = \<nu>' k"
+ proof (rule allI, rule impI)
+ fix k
+ assume "shortest_period \<alpha> < k"
+ hence "\<nu> k = 0"
+ unfolding X
+ by (simp add: greater_than_shortest_period_zero)
+ moreover have "\<nu>' k = 0"
+ proof -
+ have "\<forall> c. \<pi> (just_cash c) k = 0"
+ using
+ Rep_account_just_cash
+ \<open>shortest_period \<alpha> < k\<close>
+ just_cash_def
+ by auto
+ moreover
+ have "\<forall> m < k. \<pi> (\<Sum>j = 1..m. \<delta> j ((1 - \<rho> j) ^ n * \<pi> \<alpha> j)) k = 0"
+ proof (rule allI, rule impI)
+ fix m
+ assume "m < k"
+ let ?\<pi>\<Sigma>\<delta> = "\<pi> (\<Sum>j = 1..m. \<delta> j ((1 - \<rho> j) ^ n * \<pi> \<alpha> j))"
+ have "?\<pi>\<Sigma>\<delta> k = (\<Sum>j = 1..m. \<pi> (\<delta> j ((1 - \<rho> j) ^ n * \<pi> \<alpha> j)) k)"
+ by (induct m, auto)
+ also have "\<dots> = (\<Sum>j = 1..m. 0)"
+ using \<open>m < k\<close>
+ by (induct m, simp+)
+ finally show "?\<pi>\<Sigma>\<delta> k = 0"
+ by force
+ qed
+ ultimately show ?thesis unfolding Y
+ using \<open>shortest_period \<alpha> < k\<close> by force
+ qed
+ ultimately show "\<nu> k = \<nu>' k" by auto
+ qed
+ moreover have "\<forall> k . 0 < k \<longrightarrow> k \<le> shortest_period \<alpha> \<longrightarrow> \<nu> k = \<nu>' k"
+ proof (rule allI, (rule impI)+)
+ fix k
+ assume "0 < k"
+ and "k \<le> shortest_period \<alpha>"
+ have "\<nu> k = (1 - \<rho> k) ^ n * \<pi> \<alpha> k"
+ unfolding X
+ using \<open>0 < k\<close> by fastforce
+ moreover have "\<nu>' k = (1 - \<rho> k) ^ n * \<pi> \<alpha> k"
+ proof -
+ have "\<forall> c. \<pi> (just_cash c) k = 0"
+ using \<open>0 < k\<close> by auto
+ moreover
+ {
+ fix m
+ assume "k \<le> m"
+ have " \<pi> (\<Sum>j = 1..m. \<delta> j ((1 - \<rho> j) ^ n * \<pi> \<alpha> j)) k
+ = (\<Sum>j = 1..m. \<pi> (\<delta> j ((1 - \<rho> j) ^ n * \<pi> \<alpha> j)) k)"
+ by (induct m, auto)
+ also
+ have "\<dots> = (1 - \<rho> k) ^ n * \<pi> \<alpha> k"
+ using \<open>0 < k\<close> \<open>k \<le> m\<close>
+ proof (induct m)
+ case 0
+ then show ?case by simp
+ next
+ case (Suc m)
+ then show ?case
+ proof (cases "k = Suc m")
+ case True
+ hence "k > m" by auto
+ hence "(\<Sum>j = 1..m. \<pi> (\<delta> j ((1 - \<rho> j) ^ n * \<pi> \<alpha> j)) k) = 0"
+ by (induct m, auto)
+ then show ?thesis
+ using \<open>k > m\<close> \<open>k = Suc m\<close>
+ by simp
+ next
+ case False
+ hence "(\<Sum>j = 1..m. \<pi> (\<delta> j ((1 - \<rho> j) ^ n * \<pi> \<alpha> j)) k)
+ = (1 - \<rho> k) ^ n * \<pi> \<alpha> k"
+ using Suc.hyps Suc.prems(1) Suc.prems(2) le_Suc_eq by blast
+ moreover have "k \<le> m"
+ using False Suc.prems(2) le_Suc_eq by blast
+ ultimately show ?thesis using \<open>0 < k\<close> by simp
+ qed
+ qed
+ finally have
+ "\<pi> (\<Sum>j = 1..m. \<delta> j ((1 - \<rho> j) ^ n * \<pi> \<alpha> j)) k
+ = (1 - \<rho> k) ^ n * \<pi> \<alpha> k" .
+ }
+ hence
+ "\<forall> m \<ge> k.
+ \<pi> (\<Sum>j = 1..m. \<delta> j ((1 - \<rho> j) ^ n * \<pi> \<alpha> j)) k
+ = (1 - \<rho> k) ^ n * \<pi> \<alpha> k" by auto
+ ultimately show ?thesis
+ unfolding Y
+ using \<open>k \<le> shortest_period \<alpha>\<close>
+ by force
+ qed
+ ultimately show "\<nu> k = \<nu>' k"
+ by fastforce
+ qed
+ moreover have "\<nu> 0 = \<nu>' 0"
+ proof -
+ have "\<nu> 0 = (1 + i) ^ n * (cash_reserve \<alpha>)
+ + (\<Sum> j = 1..shortest_period \<alpha>.
+ (\<pi> \<alpha> j) * i * ((1 + i) ^ n - (1 - \<rho> j) ^ n)
+ / (i + \<rho> j))"
+ using X by presburger
+ moreover
+ have "\<nu>' 0 = (1 + i) ^ n * (cash_reserve \<alpha>)
+ + (\<Sum> j = 1..shortest_period \<alpha>.
+ (\<pi> \<alpha> j) * i * ((1 + i) ^ n - (1 - \<rho> j) ^ n)
+ / (i + \<rho> j))"
+ proof -
+ {
+ fix m
+ have "\<pi> (\<Sum>j = 1..m. \<delta> j ((1 - \<rho> j) ^ n * \<pi> \<alpha> j)) 0 = 0"
+ by (induct m, simp+)
+ }
+ thus ?thesis unfolding Y
+ by simp
+ qed
+ ultimately show ?thesis by auto
+ qed
+ ultimately have "\<nu> k = \<nu>' k"
+ by (metis linorder_not_less not_gr0)
+ }
+ hence "\<iota> \<nu> = \<iota> \<nu>'"
+ by presburger
+ ultimately show ?thesis
+ using
+ Rep_account_inverse
+ assms
+ bulk_update_algebraic_closed_form
+ by presburger
+qed
+
+end
diff --git a/thys/Risk_Free_Lending/document/root.tex b/thys/Risk_Free_Lending/document/root.tex
new file mode 100644
--- /dev/null
+++ b/thys/Risk_Free_Lending/document/root.tex
@@ -0,0 +1,80 @@
+\documentclass[11pt,a4paper]{article}
+\usepackage[T1]{fontenc}
+\usepackage{isabelle,isabellesym}
+
+% further packages required for unusual symbols (see also
+% isabellesym.sty), use only when needed
+
+%\usepackage{amssymb}
+ %for \<leadsto>, \<box>, \<diamond>, \<sqsupset>, \<mho>, \<Join>,
+ %\<lhd>, \<lesssim>, \<greatersim>, \<lessapprox>, \<greaterapprox>,
+ %\<triangleq>, \<yen>, \<lozenge>
+
+%\usepackage{eurosym}
+ %for \<euro>
+
+%\usepackage[only,bigsqcap,bigparallel,fatsemi,interleave,sslash]{stmaryrd}
+ %for \<Sqinter>, \<Parallel>, \<Zsemi>, \<Parallel>, \<sslash>
+
+%\usepackage{eufrak}
+ %for \<AA> ... \<ZZ>, \<aa> ... \<zz> (also included in amssymb)
+
+%\usepackage{textcomp}
+ %for \<onequarter>, \<onehalf>, \<threequarters>, \<degree>, \<cent>,
+ %\<currency>
+
+% this should be the last package used
+\usepackage{pdfsetup}
+
+% urls in roman style, theory text in math-similar italics
+\urlstyle{rm}
+\isabellestyle{it}
+
+% for uniform font size
+%\renewcommand{\isastyle}{\isastyleminor}
+
+
+\begin{document}
+
+\title{Risk-Free Lending}
+\author{Matthew Doty}
+\maketitle
+
+\begin{abstract}
+ We construct an abstract ledger supporting the \emph{risk-free
+ lending} protocol. The risk-free lending protocol is a system for
+ issuing and exchanging novel financial products we call
+ \emph{risk-free loans}. The system allows one party to lend money at
+ 0\% APY to another party in exchange for a good or service. On every
+ update of the ledger, accounts have interest distributed to them.
+ Holders of lent assets keep interest accrued by those assets. After
+ distributing interest, the system returns a fixed fraction of each
+ loan. These fixed fractions determine \emph{loan periods}. Loans for
+ longer periods have a smaller fixed fraction returned. Loans may be
+ re-lent or used as collateral for other loans. We give a sufficient
+ criterion to enforce all accounts will forever be solvent. We give a
+ protocol for maintaining this invariant when transferring or lending
+ funds. We also show this invariant holds after update. Even though
+ the system does not track counter-party obligations, we show that
+ all credited and debited loans cancel and the monetary supply grows
+ at a specified interest rate.
+\end{abstract}
+
+\tableofcontents
+
+% sane default for proof documents
+\parindent 0pt\parskip 0.5ex
+
+% generated text of all theories
+\input{session}
+
+% optional bibliography
+%\bibliographystyle{abbrv}
+%\bibliography{root}
+
+\end{document}
+
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: t
+%%% End:
diff --git a/thys/SCC_Bloemen_Sequential/ROOT b/thys/SCC_Bloemen_Sequential/ROOT
new file mode 100644
--- /dev/null
+++ b/thys/SCC_Bloemen_Sequential/ROOT
@@ -0,0 +1,9 @@
+chapter AFP
+
+session SCC_Bloemen_Sequential (AFP) = HOL +
+ options [timeout = 300]
+ theories
+ SCC_Bloemen_Sequential
+ document_files
+ "root.tex"
+ "root.bib"
diff --git a/thys/SCC_Bloemen_Sequential/SCC_Bloemen_Sequential.thy b/thys/SCC_Bloemen_Sequential/SCC_Bloemen_Sequential.thy
new file mode 100644
--- /dev/null
+++ b/thys/SCC_Bloemen_Sequential/SCC_Bloemen_Sequential.thy
@@ -0,0 +1,3439 @@
+section \<open>Overview\<close>
+
+text \<open>
+ Computing the maximal strongly connected components (SCCs) of a
+ finite directed graph is a celebrated problem in the
+ theory of graph algorithms. Although Tarjan's algorithm~\cite{tarjan:depth-first}
+ is perhaps the best-known solution, there are many others. In his PhD
+ thesis, Bloemen~\cite{bloemen:strong} presents an algorithm that is itself based
+ on earlier algorithms by Munro~\cite{munro:efficient} and
+ Dijkstra~\cite{dijkstra:finding}. Just like these algorithms, Bloemen's
+ solution is based on enumerating SCCs in a depth-first traversal of the graph.
+ Gabow's algorithm that has already been formalized in Isabelle~\cite{lammich:gabow}
+ also falls into this category of solutions.
+ Nevertheless, Bloemen goes on to present a parallel variant of the algorithm
+ suitable for execution on multi-core processors, based on clever data structures
+ that minimize locking.
+
+ In the following, we encode the sequential version of the algorithm in the
+ proof assistant Isabelle/HOL, and prove its correctness. Bloemen's thesis
+ briefly and informally explains why the algorithm is correct. Our proof expands
+ on these arguments, making them completely formal. The encoding is based on
+ a direct representation of the algorithm as a pair of mutually recursive
+ functions; we are not aiming at extracting executable code.
+\<close>
+
+theory SCC_Bloemen_Sequential
+imports Main
+begin
+
+text \<open>
+ The record below represents the variables of the
+ algorithm. Most variables correspond to those used in
+ Bloemen's presentation. Thus, the variable @{text \<S>}
+ associates to every node the set of nodes that have
+ already been determined to be part of the same SCC. A core
+ invariant of the algorithm will be that this mapping represents
+ equivalence classes of nodes: for all nodes @{text v} and @{text w},
+ we maintain the relationship
+
+ @{text "v \<in> \<S> w \<longleftrightarrow> \<S> v = \<S> w."}
+
+ In an actual implementation of this algorithm, this variable
+ could conveniently be represented by a union-find structure.
+ Variable @{text stack} holds the list of roots of these
+ (not yet maximal) SCCs, in depth-first order,
+ @{text visited} and @{text explored}
+ represent the nodes that have already been seen, respectively
+ that have been completely explored, by the algorithm, and
+ @{text sccs} is the set of maximal SCCs that the algorithm
+ has found so far.
+
+ Additionally, the record holds some auxiliary variables that
+ are used in the proof of correctness. In particular,
+ @{text root} denotes the node on which the algorithm was called,
+ @{text cstack} represents the call stack of the recursion of
+ function @{text dfs},
+ and @{text vsuccs} stores the successors of each node
+ that have already been visited by the function @{text dfss}
+ that loops over all successors of a given node.
+\<close>
+record 'v env =
+ root :: "'v"
+ \<S> :: "'v \<Rightarrow> 'v set"
+ explored :: "'v set"
+ visited :: "'v set"
+ vsuccs :: "'v \<Rightarrow> 'v set"
+ sccs :: "'v set set"
+ stack :: "'v list"
+ cstack :: "'v list"
+
+text \<open>
+ The algorithm is initially called with an environment that
+ initializes the root node and trivializes all other components.
+\<close>
+definition init_env where
+ "init_env v = \<lparr>
+ root = v,
+ \<S> = (\<lambda>u. {u}),
+ explored = {},
+ visited = {},
+ vsuccs = (\<lambda>u. {}),
+ sccs = {},
+ stack = [],
+ cstack = []
+ \<rparr>"
+
+\<comment> \<open>Make the simplifier expand let-constructions automatically.\<close>
+declare Let_def[simp]
+
+
+
+section \<open>Auxiliary lemmas about lists\<close>
+
+text \<open>
+ We use the precedence order on the elements that appear
+ in a list. In particular, stacks are represented as lists,
+ and a node @{text x} precedes another node @{text y} on the
+ stack if @{text x} was pushed on the stack later
+ than @{text y}.
+\<close>
+
+definition precedes ("_ \<preceq> _ in _" [100,100,100] 39) where
+ "x \<preceq> y in xs \<equiv> \<exists>l r. xs = l @ (x # r) \<and> y \<in> set (x # r)"
+
+lemma precedes_mem:
+ assumes "x \<preceq> y in xs"
+ shows "x \<in> set xs" "y \<in> set xs"
+ using assms unfolding precedes_def by auto
+
+lemma head_precedes:
+ assumes "y \<in> set (x # xs)"
+ shows "x \<preceq> y in (x # xs)"
+ using assms unfolding precedes_def by force
+
+lemma precedes_in_tail:
+ assumes "x \<noteq> z"
+ shows "x \<preceq> y in (z # zs) \<longleftrightarrow> x \<preceq> y in zs"
+ using assms unfolding precedes_def by (auto simp: Cons_eq_append_conv)
+
+lemma tail_not_precedes:
+ assumes "y \<preceq> x in (x # xs)" "x \<notin> set xs"
+ shows "x = y"
+ using assms unfolding precedes_def
+ by (metis Cons_eq_append_conv Un_iff list.inject set_append)
+
+lemma split_list_precedes:
+ assumes "y \<in> set (ys @ [x])"
+ shows "y \<preceq> x in (ys @ x # xs)"
+ using assms unfolding precedes_def
+ by (metis append_Cons append_assoc in_set_conv_decomp
+ rotate1.simps(2) set_ConsD set_rotate1)
+
+lemma precedes_refl [simp]: "(x \<preceq> x in xs) = (x \<in> set xs)"
+proof
+ assume "x \<preceq> x in xs" thus "x \<in> set xs"
+ by (simp add: precedes_mem)
+next
+ assume "x \<in> set xs"
+ from this[THEN split_list] show "x \<preceq> x in xs"
+ unfolding precedes_def by auto
+qed
+
+lemma precedes_append_left:
+ assumes "x \<preceq> y in xs"
+ shows "x \<preceq> y in (ys @ xs)"
+ using assms unfolding precedes_def by (metis append.assoc)
+
+lemma precedes_append_left_iff:
+ assumes "x \<notin> set ys"
+ shows "x \<preceq> y in (ys @ xs) \<longleftrightarrow> x \<preceq> y in xs" (is "?lhs = ?rhs")
+proof
+ assume "?lhs"
+ then obtain l r where lr: "ys @ xs = l @ (x # r)" "y \<in> set (x # r)"
+ unfolding precedes_def by blast
+ then obtain us where
+ "(ys = l @ us \<and> us @ xs = x # r) \<or> (ys @ us = l \<and> xs = us @ (x # r))"
+ by (auto simp: append_eq_append_conv2)
+ thus ?rhs
+ proof
+ assume us: "ys = l @ us \<and> us @ xs = x # r"
+ with assms have "us = []"
+ by (metis Cons_eq_append_conv in_set_conv_decomp)
+ with us lr show ?rhs
+ unfolding precedes_def by auto
+ next
+ assume us: "ys @ us = l \<and> xs = us @ (x # r)"
+ with \<open>y \<in> set (x # r)\<close> show ?rhs
+ unfolding precedes_def by blast
+ qed
+next
+ assume "?rhs" thus "?lhs" by (rule precedes_append_left)
+qed
+
+lemma precedes_append_right:
+ assumes "x \<preceq> y in xs"
+ shows "x \<preceq> y in (xs @ ys)"
+ using assms unfolding precedes_def by force
+
+lemma precedes_append_right_iff:
+ assumes "y \<notin> set ys"
+ shows "x \<preceq> y in (xs @ ys) \<longleftrightarrow> x \<preceq> y in xs" (is "?lhs = ?rhs")
+proof
+ assume ?lhs
+ then obtain l r where lr: "xs @ ys = l @ (x # r)" "y \<in> set (x # r)"
+ unfolding precedes_def by blast
+ then obtain us where
+ "(xs = l @ us \<and> us @ ys = x # r) \<or> (xs @ us = l \<and> ys = us @ (x # r))"
+ by (auto simp: append_eq_append_conv2)
+ thus ?rhs
+ proof
+ assume us: "xs = l @ us \<and> us @ ys = x # r"
+ with \<open>y \<in> set (x # r)\<close> assms show ?rhs
+ unfolding precedes_def by (metis Cons_eq_append_conv Un_iff set_append)
+ next
+ assume us: "xs @ us = l \<and> ys = us @ (x # r)"
+ with \<open>y \<in> set (x # r)\<close> assms
+ show ?rhs by auto \<comment> \<open>contradiction\<close>
+ qed
+next
+ assume ?rhs thus ?lhs by (rule precedes_append_right)
+qed
+
+text \<open>
+ Precedence determines an order on the elements of a list,
+ provided elements have unique occurrences. However, consider
+ a list such as @{text "[2,3,1,2]"}: then $1$ precedes $2$ and
+ $2$ precedes $3$, but $1$ does not precede $3$.
+\<close>
+lemma precedes_trans:
+ assumes "x \<preceq> y in xs" and "y \<preceq> z in xs" and "distinct xs"
+ shows "x \<preceq> z in xs"
+ using assms unfolding precedes_def
+ by (smt Un_iff append.assoc append_Cons_eq_iff distinct_append
+ not_distinct_conv_prefix set_append split_list_last)
+
+lemma precedes_antisym:
+ assumes "x \<preceq> y in xs" and "y \<preceq> x in xs" and "distinct xs"
+ shows "x = y"
+proof -
+ from \<open>x \<preceq> y in xs\<close> \<open>distinct xs\<close> obtain as bs where
+ 1: "xs = as @ (x # bs)" "y \<in> set (x # bs)" "y \<notin> set as"
+ unfolding precedes_def by force
+ from \<open>y \<preceq> x in xs\<close> \<open>distinct xs\<close> obtain cs ds where
+ 2: "xs = cs @ (y # ds)" "x \<in> set (y # ds)" "x \<notin> set cs"
+ unfolding precedes_def by force
+ from 1 2 have "as @ (x # bs) = cs @ (y # ds)"
+ by simp
+ then obtain zs where
+ "(as = cs @ zs \<and> zs @ (x # bs) = y # ds)
+ \<or> (as @ zs = cs \<and> x # bs = zs @ (y # ds))" (is "?P \<or> ?Q")
+ by (auto simp: append_eq_append_conv2)
+ then show ?thesis
+ proof
+ assume "?P" with \<open>y \<notin> set as\<close> show ?thesis
+ by (cases "zs") auto
+ next
+ assume "?Q" with \<open>x \<notin> set cs\<close> show ?thesis
+ by (cases "zs") auto
+ qed
+qed
+
+
+section \<open>Finite directed graphs\<close>
+
+text \<open>
+ We represent a graph as an Isabelle locale that identifies a finite
+ set of vertices (of some base type @{text "'v"}) and associates to
+ each vertex its set of successor vertices.
+\<close>
+
+locale graph =
+ fixes vertices :: "'v set"
+ and successors :: "'v \<Rightarrow> 'v set"
+ assumes vfin: "finite vertices"
+ and sclosed: "\<forall>x \<in> vertices. successors x \<subseteq> vertices"
+
+context graph
+begin
+
+abbreviation edge where
+ "edge x y \<equiv> y \<in> successors x"
+
+text \<open>
+ We inductively define reachability of nodes in the graph.
+\<close>
+inductive reachable where
+ reachable_refl[iff]: "reachable x x"
+| reachable_succ[elim]: "\<lbrakk>edge x y; reachable y z\<rbrakk> \<Longrightarrow> reachable x z"
+
+lemma reachable_edge: "edge x y \<Longrightarrow> reachable x y"
+ by auto
+
+lemma succ_reachable:
+ assumes "reachable x y" and "edge y z"
+ shows "reachable x z"
+ using assms by induct auto
+
+lemma reachable_trans:
+ assumes y: "reachable x y" and z: "reachable y z"
+ shows "reachable x z"
+ using assms by induct auto
+
+text \<open>
+ In order to derive a ``reverse'' induction rule for @{const "reachable"},
+ we define an alternative reachability predicate and prove that the two
+ coincide.
+\<close>
+inductive reachable_end where
+ re_refl[iff]: "reachable_end x x"
+| re_succ: "\<lbrakk>reachable_end x y; edge y z\<rbrakk> \<Longrightarrow> reachable_end x z"
+
+lemma succ_re:
+ assumes y: "edge x y" and z: "reachable_end y z"
+ shows "reachable_end x z"
+ using z y by (induction) (auto intro: re_succ)
+
+lemma reachable_re:
+ assumes "reachable x y"
+ shows "reachable_end x y"
+ using assms by (induction) (auto intro: succ_re)
+
+lemma re_reachable:
+ assumes "reachable_end x y"
+ shows "reachable x y"
+ using assms by (induction) (auto intro: succ_reachable)
+
+lemma reachable_end_induct:
+ assumes r: "reachable x y"
+ and base: "\<And>x. P x x"
+ and step: "\<And>x y z. \<lbrakk>P x y; edge y z\<rbrakk> \<Longrightarrow> P x z"
+ shows "P x y"
+using r[THEN reachable_re] proof (induction)
+ case (re_refl x)
+ from base show ?case .
+next
+ case (re_succ x y z)
+ with step show ?case by blast
+qed
+
+text \<open>
+ We also need the following variant of reachability avoiding
+ certain edges. More precisely, @{text y} is reachable from @{text x}
+ avoiding a set @{text E} of edges if there exists a path such that
+ no edge from @{text E} appears along the path.
+\<close>
+inductive reachable_avoiding where
+ ra_refl[iff]: "reachable_avoiding x x E"
+| ra_succ[elim]: "\<lbrakk>reachable_avoiding x y E; edge y z; (y,z) \<notin> E\<rbrakk> \<Longrightarrow> reachable_avoiding x z E"
+
+lemma edge_ra:
+ assumes "edge x y" and "(x,y) \<notin> E"
+ shows "reachable_avoiding x y E"
+ using assms by (meson reachable_avoiding.simps)
+
+lemma ra_trans:
+ assumes 1: "reachable_avoiding x y E" and 2: "reachable_avoiding y z E"
+ shows "reachable_avoiding x z E"
+ using 2 1 by induction auto
+
+lemma ra_cases:
+ assumes "reachable_avoiding x y E"
+ shows "x=y \<or> (\<exists>z. z \<in> successors x \<and> (x,z) \<notin> E \<and> reachable_avoiding z y E)"
+using assms proof (induction)
+ case (ra_refl x S)
+ then show ?case by simp
+next
+ case (ra_succ x y S z)
+ then show ?case
+ by (metis ra_refl reachable_avoiding.ra_succ)
+qed
+
+lemma ra_mono:
+ assumes "reachable_avoiding x y E" and "E' \<subseteq> E"
+ shows "reachable_avoiding x y E'"
+using assms by induction auto
+
+lemma ra_add_edge:
+ assumes "reachable_avoiding x y E"
+ shows "reachable_avoiding x y (E \<union> {(v,w)})
+ \<or> (reachable_avoiding x v (E \<union> {(v,w)}) \<and> reachable_avoiding w y (E \<union> {(v,w)}))"
+using assms proof (induction)
+ case (ra_refl x E)
+ then show ?case by simp
+next
+ case (ra_succ x y E z)
+ then show ?case
+ using reachable_avoiding.ra_succ by auto
+qed
+
+
+text \<open>
+ Reachability avoiding some edges obviously implies reachability.
+ Conversely, reachability implies reachability avoiding the empty set.
+\<close>
+lemma ra_reachable:
+ "reachable_avoiding x y E \<Longrightarrow> reachable x y"
+ by (induction rule: reachable_avoiding.induct) (auto intro: succ_reachable)
+
+lemma ra_empty:
+ "reachable_avoiding x y {} = reachable x y"
+proof
+ assume "reachable_avoiding x y {}"
+ thus "reachable x y"
+ by (rule ra_reachable)
+next
+ assume "reachable x y"
+ hence "reachable_end x y"
+ by (rule reachable_re)
+ thus "reachable_avoiding x y {}"
+ by induction auto
+qed
+
+
+section \<open>Strongly connected components\<close>
+
+text \<open>
+ A strongly connected component is a set @{text S} of nodes
+ such that any two nodes in @{text S} are reachable from each other.
+ This concept is represented by the predicate @{text "is_subscc"} below.
+ We are ultimately interested in non-empty, maximal strongly connected
+ components, represented by the predicate @{text "is_scc"}.
+\<close>
+
+definition is_subscc where
+ "is_subscc S \<equiv> \<forall>x \<in> S. \<forall>y \<in> S. reachable x y"
+
+definition is_scc where
+ "is_scc S \<equiv> S \<noteq> {} \<and> is_subscc S \<and> (\<forall>S'. S \<subseteq> S' \<and> is_subscc S' \<longrightarrow> S' = S)"
+
+lemma subscc_add:
+ assumes "is_subscc S" and "x \<in> S"
+ and "reachable x y" and "reachable y x"
+ shows "is_subscc (insert y S)"
+using assms unfolding is_subscc_def by (metis insert_iff reachable_trans)
+
+lemma sccE:
+ \<comment> \<open>Two nodes that are reachable from each other are in the same SCC.\<close>
+ assumes "is_scc S" and "x \<in> S"
+ and "reachable x y" and "reachable y x"
+ shows "y \<in> S"
+ using assms unfolding is_scc_def
+ by (metis insertI1 subscc_add subset_insertI)
+
+lemma scc_partition:
+ \<comment> \<open>Two SCCs that contain a common element are identical.\<close>
+ assumes "is_scc S" and "is_scc S'" and "x \<in> S \<inter> S'"
+ shows "S = S'"
+ using assms unfolding is_scc_def is_subscc_def
+ by (metis IntE assms(2) sccE subsetI)
+
+
+section \<open>Algorithm for computing strongly connected components\<close>
+
+text \<open>
+ We now introduce our representation of Bloemen's algorithm in Isabelle/HOL.
+ The auxiliary function @{text unite} corresponds to the inner \textsf{while}
+ loop in Bloemen's pseudo-code~\cite[p.32]{bloemen:strong}. It is applied to
+ two nodes @{text v} and @{text w} (and the environment @{text e} holding the
+ current values of the program variables) when a loop is found, i.e.\ when
+ @{text w} is a successor of @{text v} in the graph that has already been
+ visited in the depth-first search. In that case, the root of the SCC
+ of node @{text w} determined so far must appear below the root of
+ @{text v}'s SCC in the @{text stack} maintained by the algorithm.
+ The effect of the function is to merge the SCCs of all nodes on the
+ top of the stack above (and including) @{text w}. Node @{text w}'s root
+ will be the root of the merged SCC.
+\<close>
+
+definition unite :: "'v \<Rightarrow> 'v \<Rightarrow> 'v env \<Rightarrow> 'v env" where
+ "unite v w e \<equiv>
+ let pfx = takeWhile (\<lambda>x. w \<notin> \<S> e x) (stack e);
+ sfx = dropWhile (\<lambda>x. w \<notin> \<S> e x) (stack e);
+ cc = \<Union> { \<S> e x | x . x \<in> set pfx \<union> {hd sfx} }
+ in e\<lparr>\<S> := \<lambda>x. if x \<in> cc then cc else \<S> e x,
+ stack := sfx\<rparr>"
+
+text \<open>
+ We now represent the algorithm as two mutually recursive functions @{text dfs} and
+ @{text dfss} in Isabelle/HOL. The function @{text dfs} corresponds to Bloemen's
+ function \textsf{SetBased}, whereas @{text dfss} corresponds to the \textsf{forall}
+ loop over the successors of the node on which @{text dfs} was called. Instead of
+ using global program variables in imperative style, our functions explicitly pass
+ environments that hold the current values of these variables.
+
+ A technical complication in the development of the algorithm in Isabelle is the
+ fact that the functions need not terminate when their pre-conditions (introduced
+ below) are violated, for example when @{text dfs} is called for a node that was
+ already visited previously. We therefore cannot prove termination at this point,
+ but will later show that the explicitly given pre-conditions ensure termination.
+\<close>
+
+function (domintros) dfs :: "'v \<Rightarrow> 'v env \<Rightarrow> 'v env"
+and dfss :: "'v \<Rightarrow> 'v env \<Rightarrow> 'v env" where
+ "dfs v e =
+ (let e1 = e\<lparr>visited := visited e \<union> {v},
+ stack := (v # stack e),
+ cstack := (v # cstack e)\<rparr>;
+ e' = dfss v e1
+ in if v = hd(stack e')
+ then e'\<lparr>sccs := sccs e' \<union> {\<S> e' v},
+ explored := explored e' \<union> (\<S> e' v),
+ stack := tl(stack e'),
+ cstack := tl(cstack e')\<rparr>
+ else e'\<lparr>cstack := tl(cstack e')\<rparr>)"
+| "dfss v e =
+ (let vs = successors v - vsuccs e v
+ in if vs = {} then e
+ else let w = SOME x. x \<in> vs;
+ e' = (if w \<in> explored e then e
+ else if w \<notin> visited e
+ then dfs w e
+ else unite v w e);
+ e'' = (e'\<lparr>vsuccs :=
+ (\<lambda>x. if x=v then vsuccs e' v \<union> {w}
+ else vsuccs e' x)\<rparr>)
+ in dfss v e'')"
+ by pat_completeness (force+)
+
+
+section \<open>Definition of the predicates used in the correctness proof\<close>
+
+text \<open>
+ Environments are partially ordered according to the following definition.
+\<close>
+definition sub_env where
+ "sub_env e e' \<equiv>
+ root e' = root e
+ \<and> visited e \<subseteq> visited e'
+ \<and> explored e \<subseteq> explored e'
+ \<and> (\<forall>v. vsuccs e v \<subseteq> vsuccs e' v)
+ \<and> (\<forall> v. \<S> e v \<subseteq> \<S> e' v)
+ \<and> (\<Union> {\<S> e v | v . v \<in> set (stack e)})
+ \<subseteq> (\<Union> {\<S> e' v | v . v \<in> set (stack e')})
+"
+
+lemma sub_env_trans:
+ assumes "sub_env e e'" and "sub_env e' e''"
+ shows "sub_env e e''"
+ using assms unfolding sub_env_def
+ by (metis (no_types, lifting) subset_trans)
+
+text \<open>
+ The set @{text "unvisited e u"} contains all edges @{text "(a,b)"}
+ such that node @{text a} is in the same SCC as
+ node @{text u} and the edge has not yet been followed, in the
+ sense represented by variable @{text vsuccs}.
+\<close>
+definition unvisited where
+ "unvisited e u \<equiv>
+ {(a,b) | a b. a \<in> \<S> e u \<and> b \<in> successors a - vsuccs e a}"
+
+subsection \<open>Main invariant\<close>
+
+text \<open>
+ The following definition characterizes well-formed environments.
+ This predicate will be shown to hold throughout the execution
+ of the algorithm. In words, it asserts the following facts:
+ \begin{itemize}
+ \item Only nodes reachable from the root (for which the algorithm
+ was originally called) are visited.
+ \item The two stacks @{text stack} and @{text cstack} do not
+ contain duplicate nodes, and @{text stack} contains a subset
+ of the nodes on @{text cstack}, in the same order.
+ \item Any node higher on the @{text stack} (i.e., that was pushed
+ later) is reachable from nodes lower in the @{text stack}.
+ This property also holds for nodes on the call stack,
+ but this is not needed for the correctness proof.
+ \item Every explored node, and every node on the call stack,
+ has been visited.
+ \item Nodes reachable from fully explored nodes have
+ themselves been fully explored.
+ \item The set @{text "vsuccs e n"}, for any node @{text n},
+ is a subset of @{text n}'s successors, and all these nodes
+ are in @{text visited}. The set is empty if @{text "n \<notin> visited"},
+ and it contains all successors if @{text n} has been fully
+ explored or if @{text n} has been visited, but is no longer
+ on the call stack.
+ \item The sets @{text "\<S> e n"} represent an equivalence relation.
+ The equivalence classes of nodes that have not yet been visited
+ are singletons. Also, equivalence classes for two distinct nodes
+ on the @{text stack} are disjoint because the stack only stores
+ roots of SCCs, and the union of the equivalence classes for these
+ root nodes corresponds to the set of live nodes, i.e. those nodes
+ that have already been visited but not yet fully explored.
+ \item More precisely, an equivalence class is represented on the
+ stack by the oldest node in the sense of the call order: any
+ node in the class that is still on the call stack precedes the
+ representative on the call stack and was therefore pushed later.
+ \item Equivalence classes represent the maximal available
+ information about strong connectedness: nodes represented by
+ some node @{text n} on the @{text stack} can reach some node
+ @{text m} that is lower in the stack only by taking an
+ edge from some node in @{text n}'s equivalence class that
+ has not yet been followed. (Remember that @{text m} can reach
+ @{text n} by one of the previous conjuncts.)
+ \item Equivalence classes represent partial SCCs in the sense
+ of the predicate @{text is_subscc}. Variable @{text sccs}
+ holds maximal SCCs in the sense of the predicate @{text is_scc},
+ and their union corresponds to the set of explored nodes.
+ \end{itemize}
+\<close>
+definition wf_env where
+ "wf_env e \<equiv>
+ (\<forall>n \<in> visited e. reachable (root e) n)
+ \<and> distinct (stack e)
+ \<and> distinct (cstack e)
+ \<and> (\<forall>n m. n \<preceq> m in stack e \<longrightarrow> n \<preceq> m in cstack e)
+ \<and> (\<forall>n m. n \<preceq> m in stack e \<longrightarrow> reachable m n)
+ \<and> explored e \<subseteq> visited e
+ \<and> set (cstack e) \<subseteq> visited e
+ \<and> (\<forall>n \<in> explored e. \<forall>m. reachable n m \<longrightarrow> m \<in> explored e)
+ \<and> (\<forall>n. vsuccs e n \<subseteq> successors n \<inter> visited e)
+ \<and> (\<forall>n. n \<notin> visited e \<longrightarrow> vsuccs e n = {})
+ \<and> (\<forall>n \<in> explored e. vsuccs e n = successors n)
+ \<and> (\<forall>n \<in> visited e - set (cstack e). vsuccs e n = successors n)
+ \<and> (\<forall>n m. m \<in> \<S> e n \<longleftrightarrow> (\<S> e n = \<S> e m))
+ \<and> (\<forall>n. n \<notin> visited e \<longrightarrow> \<S> e n = {n})
+ \<and> (\<forall>n \<in> set (stack e). \<forall>m \<in> set (stack e). n \<noteq> m \<longrightarrow> \<S> e n \<inter> \<S> e m = {})
+ \<and> \<Union> {\<S> e n | n. n \<in> set (stack e)} = visited e - explored e
+ \<and> (\<forall>n \<in> set (stack e). \<forall>m \<in> \<S> e n. m \<in> set (cstack e) \<longrightarrow> m \<preceq> n in cstack e)
+ \<and> (\<forall>n m. n \<preceq> m in stack e \<and> n \<noteq> m \<longrightarrow>
+ (\<forall>u \<in> \<S> e n. \<not> reachable_avoiding u m (unvisited e n)))
+ \<and> (\<forall>n. is_subscc (\<S> e n))
+ \<and> (\<forall>S \<in> sccs e. is_scc S)
+ \<and> \<Union> (sccs e) = explored e"
+
+subsection \<open>Consequences of the invariant\<close>
+
+text \<open>
+ Since every node on the call stack is an element
+ of @{text visited} and every node on the @{text stack}
+ also appears on @{text cstack}, all these nodes are
+ also in @{text visited}.
+\<close>
+lemma stack_visited:
+ assumes "wf_env e" "n \<in> set (stack e)"
+ shows "n \<in> visited e"
+ using assms unfolding wf_env_def
+ by (meson precedes_refl subset_iff)
+
+text \<open>
+ Classes represented on the stack consist of visited nodes
+ that have not yet been fully explored.
+\<close>
+lemma stack_class:
+ assumes "wf_env e" "n \<in> set (stack e)" "m \<in> \<S> e n"
+ shows "m \<in> visited e - explored e"
+ using assms unfolding wf_env_def by blast
+
+text \<open>
+ Conversely, every such node belongs to some class
+ represented on the stack.
+\<close>
+lemma visited_unexplored:
+ assumes "wf_env e" "m \<in> visited e" "m \<notin> explored e"
+ obtains n where "n \<in> set (stack e)" "m \<in> \<S> e n"
+ using assms unfolding wf_env_def
+ by (smt (verit, ccfv_threshold) Diff_iff Union_iff mem_Collect_eq)
+
+text \<open>
+ Every node belongs to its own equivalence class.
+\<close>
+lemma S_reflexive:
+ assumes "wf_env e"
+ shows "n \<in> \<S> e n"
+ using assms by (auto simp: wf_env_def)
+
+text \<open>
+ No node on the stack has been fully explored.
+\<close>
+lemma stack_unexplored:
+ assumes 1: "wf_env e"
+ and 2: "n \<in> set (stack e)"
+ and 3: "n \<in> explored e"
+ shows "P"
+ using stack_class[OF 1 2] S_reflexive[OF 1] 3
+ by blast
+
+text \<open>
+ If @{text w} is reachable from visited node @{text v}, but
+ no unvisited successor of a node reachable from @{text v}
+ can reach @{text w}, then @{text w} must be visited.
+\<close>
+lemma reachable_visited:
+ assumes e: "wf_env e"
+ and v: "v \<in> visited e"
+ and w: "reachable v w"
+ and s: "\<forall>n \<in> visited e. \<forall>m \<in> successors n - vsuccs e n.
+ reachable v n \<longrightarrow> \<not> reachable m w"
+ shows "w \<in> visited e"
+using w v s proof (induction)
+ case (reachable_refl x)
+ then show ?case by simp
+next
+ case (reachable_succ x y z)
+ then have "y \<in> vsuccs e x" by blast
+ with e have "y \<in> visited e"
+ unfolding wf_env_def by (meson le_infE subset_eq)
+ with reachable_succ reachable.reachable_succ show ?case
+ by blast
+qed
+
+text \<open>
+ Edges towards explored nodes do not contribute to reachability
+ of unexplored nodes avoiding some set of edges.
+\<close>
+lemma avoiding_explored:
+ assumes e: "wf_env e"
+ and xy: "reachable_avoiding x y E"
+ and y: "y \<notin> explored e"
+ and w: "w \<in> explored e"
+ shows "reachable_avoiding x y (E \<union> {(v,w)})"
+using xy y proof (induction)
+ case (ra_refl x E)
+ then show ?case by simp
+next
+ case (ra_succ x y E z)
+ from e \<open>z \<in> successors y\<close> \<open>z \<notin> explored e\<close>
+ have "y \<notin> explored e"
+ unfolding wf_env_def by (meson reachable_edge)
+ with ra_succ.IH have "reachable_avoiding x y (E \<union> {(v,w)})" .
+ moreover
+ from w \<open>(y,z) \<notin> E\<close> \<open>z \<notin> explored e\<close> have "(y,z) \<notin> E \<union> {(v,w)}"
+ by auto
+ ultimately show ?case
+ using \<open>z \<in> successors y\<close> by auto
+qed
+
+subsection \<open>Pre- and post-conditions of function @{text dfs}\<close>
+
+text \<open>
+ Function @{text dfs} should be called for a well-formed
+ environment and a node @{text v} that has not yet been
+ visited and that is reachable from the root node,
+ as well as from all nodes in the stack. No outgoing edges
+ from node @{text v} have yet been followed.
+\<close>
+
+definition pre_dfs where
+ "pre_dfs v e \<equiv>
+ wf_env e
+ \<and> v \<notin> visited e
+ \<and> reachable (root e) v
+ \<and> vsuccs e v = {}
+ \<and> (\<forall>n \<in> set (stack e). reachable n v)"
+
+text \<open>
+ Function @{text dfs} maintains the invariant
+ @{text wf_env} and returns an environment @{text e'} that
+ extends the input environment @{text e}. Node @{text v} has been
+ visited and all its outgoing edges have been followed.
+ Because the algorithm works in depth-first fashion, no
+ new outgoing edges of nodes that had already been
+ visited in the input environment have been followed, and
+ the stack of @{text e'} is a suffix of the one of @{text e}
+ such that @{text v} is still reachable from all nodes on the
+ stack. The stack may have been shortened because SCCs
+ represented at the top of the stack may have been
+ merged. The call stack is reestablished as it was in @{text e}.
+ There are two possible outcomes of the algorithm:
+ \begin{itemize}
+ \item Either @{text v} has been fully explored, in which case
+ the stacks of @{text e} and @{text e'} are the same, and
+ the equivalence classes of all nodes represented on the
+ stack are unchanged. This corresponds to the case where
+ @{text v} is the root node of its (maximal) SCC.
+ \item Alternatively, the stack of @{text e'} must be
+ non-empty and @{text v} must be represented by the node at
+ the top of the stack. The SCCs of the nodes
+ lower on the stack are unchanged. This corresponds to the
+ case where @{text v} is not the root node of its SCC, but
+ some SCCs at the top of the stack may have been merged.
+ \end{itemize}
+\<close>
+definition post_dfs where
+ "post_dfs v e e' \<equiv>
+ wf_env e'
+ \<and> v \<in> visited e'
+ \<and> sub_env e e'
+ \<and> vsuccs e' v = successors v
+ \<and> (\<forall>w \<in> visited e. vsuccs e' w = vsuccs e w)
+ \<and> (\<forall>n \<in> set (stack e'). reachable n v)
+ \<and> (\<exists>ns. stack e = ns @ (stack e'))
+ \<and> ( (v \<in> explored e' \<and> stack e' = stack e
+ \<and> (\<forall>n \<in> set (stack e'). \<S> e' n = \<S> e n))
+ \<or> (stack e' \<noteq> [] \<and> v \<in> \<S> e' (hd (stack e'))
+ \<and> (\<forall>n \<in> set (tl (stack e')). \<S> e' n = \<S> e n)))
+ \<and> cstack e' = cstack e"
+
+text \<open>
+ The initial environment is easily seen to satisfy @{text dfs}'s
+ pre-condition.
+\<close>
+lemma init_env_pre_dfs: "pre_dfs v (init_env v)"
+ by (auto simp: pre_dfs_def wf_env_def init_env_def is_subscc_def
+ dest: precedes_mem)
+
+text \<open>
+ Any node represented by the top stack element of the
+ input environment is still represented by the top
+ element of the output stack.
+\<close>
+lemma dfs_S_hd_stack:
+ assumes wf: "wf_env e"
+ and post: "post_dfs v e e'"
+ and n: "stack e \<noteq> []" "n \<in> \<S> e (hd (stack e))"
+ shows "stack e' \<noteq> []" "n \<in> \<S> e' (hd (stack e'))"
+proof -
+ have 1: "stack e' \<noteq> [] \<and> n \<in> \<S> e' (hd (stack e'))"
+ proof (cases "stack e' = stack e \<and> (\<forall>n \<in> set (stack e'). \<S> e' n = \<S> e n)")
+ case True
+ with n show ?thesis
+ by auto
+ next
+ case 2: False
+ with post have "stack e' \<noteq> []"
+ by (simp add: post_dfs_def)
+ from n have "hd (stack e) \<in> set (stack e)"
+ by simp
+ with 2 n post obtain u where
+ u: "u \<in> set (stack e')" "n \<in> \<S> e' u"
+ unfolding post_dfs_def sub_env_def by blast
+ show ?thesis
+ proof (cases "u = hd (stack e')")
+ case True
+ with u \<open>stack e' \<noteq> []\<close> show ?thesis
+ by simp
+ next
+ case False
+ with u have "u \<in> set (tl (stack e'))"
+ by (metis empty_set equals0D list.collapse set_ConsD)
+ with u 2 post have "u \<in> set (tl (stack e)) \<and> n \<in> \<S> e u"
+ unfolding post_dfs_def
+ by (metis Un_iff append_self_conv2 set_append tl_append2)
+ with n wf \<open>hd (stack e) \<in> set (stack e)\<close> show ?thesis
+ unfolding wf_env_def
+ by (metis (no_types, opaque_lifting) disjoint_iff_not_equal distinct.simps(2) list.collapse list.set_sel(2))
+ qed
+ qed
+ from 1 show "stack e' \<noteq> []" by simp
+ from 1 show "n \<in> \<S> e' (hd (stack e'))" by simp
+qed
+
+text \<open>
+ Function @{text dfs} leaves the SCCs represented
+ by elements in the (new) tail of the @{text stack} unchanged.
+\<close>
+lemma dfs_S_tl_stack:
+ assumes post: "post_dfs v e e'"
+ and nempty: "stack e \<noteq> []"
+ shows "stack e' \<noteq> []" "\<forall>n \<in> set (tl (stack e')). \<S> e' n = \<S> e n"
+proof -
+ have 1: "stack e' \<noteq> [] \<and> (\<forall>n \<in> set (tl (stack e')). \<S> e' n = \<S> e n)"
+ proof (cases "stack e' = stack e \<and> (\<forall>n \<in> set (stack e'). \<S> e' n = \<S> e n)")
+ case True
+ with nempty show ?thesis
+ by (simp add: list.set_sel(2))
+ next
+ case False
+ with post show ?thesis
+ by (auto simp: post_dfs_def)
+ qed
+ from 1 show "stack e' \<noteq> []"
+ by simp
+ from 1 show "\<forall>n \<in> set (tl (stack e')). \<S> e' n = \<S> e n"
+ by simp
+qed
+
+subsection \<open>Pre- and post-conditions of function @{text dfss}\<close>
+
+text \<open>
+ The pre- and post-conditions of function @{text dfss}
+ correspond to the invariant of the loop over all outgoing
+ edges from node @{text v}. The environment must be
+ well-formed, node @{text v} must be visited and represented
+ by the top element of the (non-empty) stack. Node @{text v}
+ must be reachable from all nodes on the stack, and it must be
+ the top node on the call stack. All outgoing
+ edges of node @{text v} that have already been followed must
+ either lead to completely explored nodes (that are no longer
+ represented on the stack) or to nodes that are part of the
+ same SCC as @{text v}.
+\<close>
+definition pre_dfss where
+ "pre_dfss v e \<equiv>
+ wf_env e
+ \<and> v \<in> visited e
+ \<and> (stack e \<noteq> [])
+ \<and> (v \<in> \<S> e (hd (stack e)))
+ \<and> (\<forall>w \<in> vsuccs e v. w \<in> explored e \<union> \<S> e (hd (stack e)))
+ \<and> (\<forall>n \<in> set (stack e). reachable n v)
+ \<and> (\<exists>ns. cstack e = v # ns)"
+
+text \<open>
+ The post-condition establishes that all outgoing edges
+ of node @{text v} have been followed. As for function
+ @{text dfs}, no new outgoing edges of previously visited
+ nodes have been followed. Also as before, the new stack
+ is a suffix of the old one, and the call stack is restored.
+ In case node @{text v} is still on the stack (and therefore
+ is the root node of its SCC), no node that is lower on the stack
+ can be reachable from @{text v}. This condition guarantees
+ the maximality of the computed SCCs.
+\<close>
+definition post_dfss where
+ "post_dfss v e e' \<equiv>
+ wf_env e'
+ \<and> vsuccs e' v = successors v
+ \<and> (\<forall>w \<in> visited e - {v}. vsuccs e' w = vsuccs e w)
+ \<and> sub_env e e'
+ \<and> (\<forall>w \<in> successors v. w \<in> explored e' \<union> \<S> e' (hd (stack e')))
+ \<and> (\<forall>n \<in> set (stack e'). reachable n v)
+ \<and> (stack e' \<noteq> [])
+ \<and> (\<exists>ns. stack e = ns @ (stack e'))
+ \<and> v \<in> \<S> e' (hd (stack e'))
+ \<and> (\<forall>n \<in> set (tl (stack e')). \<S> e' n = \<S> e n)
+ \<and> (hd (stack e') = v \<longrightarrow> (\<forall>n \<in> set (tl (stack e')). \<not> reachable v n))
+ \<and> cstack e' = cstack e"
+
+
+section \<open>Proof of partial correctness\<close>
+
+subsection \<open>Lemmas about function @{text unite}\<close>
+
+text \<open>
+ We start by establishing a few lemmas about function @{text unite}
+ in the context where it is called.
+\<close>
+lemma unite_stack:
+ fixes e v w
+ defines "e' \<equiv> unite v w e"
+ assumes wf: "wf_env e"
+ and w: "w \<in> successors v" "w \<notin> vsuccs e v" "w \<in> visited e" "w \<notin> explored e"
+ obtains pfx where "stack e = pfx @ (stack e')"
+ "stack e' \<noteq> []"
+ "let cc = \<Union> {\<S> e n |n. n \<in> set pfx \<union> {hd (stack e')}}
+ in \<S> e' = (\<lambda>x. if x \<in> cc then cc else \<S> e x)"
+ "w \<in> \<S> e' (hd (stack e'))"
+proof -
+ define pfx where "pfx = takeWhile (\<lambda>x. w \<notin> \<S> e x) (stack e)"
+ define sfx where "sfx = dropWhile (\<lambda>x. w \<notin> \<S> e x) (stack e)"
+ define cc where "cc = \<Union> {\<S> e x |x. x \<in> set pfx \<union> {hd sfx}}"
+
+ have "stack e = pfx @ sfx"
+ by (simp add: pfx_def sfx_def)
+ moreover
+ have "stack e' = sfx"
+ by (simp add: e'_def unite_def sfx_def)
+ moreover
+ from wf w have "w \<in> \<Union> {\<S> e n | n. n \<in> set (stack e)}"
+ by (simp add: wf_env_def)
+ then obtain n where "n \<in> set (stack e)" "w \<in> \<S> e n"
+ by auto
+ hence sfx: "sfx \<noteq> [] \<and> w \<in> \<S> e (hd sfx)"
+ unfolding sfx_def
+ by (metis dropWhile_eq_Nil_conv hd_dropWhile)
+ moreover
+ have "\<S> e' = (\<lambda>x. if x \<in> cc then cc else \<S> e x)"
+ by (rule,
+ auto simp add: e'_def unite_def pfx_def sfx_def cc_def)
+ moreover
+ from sfx have "w \<in> cc"
+ by (auto simp: cc_def)
+ from S_reflexive[OF wf, of "hd sfx"]
+ have "hd sfx \<in> cc"
+ by (auto simp: cc_def)
+ with \<open>w \<in> cc\<close> \<open>\<S> e' = (\<lambda>x. if x \<in> cc then cc else \<S> e x)\<close>
+ have "w \<in> \<S> e' (hd sfx)"
+ by simp
+ ultimately show ?thesis
+ using that e'_def unite_def pfx_def sfx_def cc_def
+ by meson
+qed
+
+text \<open>
+ Function @{text unite} leaves intact the equivalence classes
+ represented by the tail of the new stack.
+\<close>
+lemma unite_S_tl:
+ fixes e v w
+ defines "e' \<equiv> unite v w e"
+ assumes wf: "wf_env e"
+ and w: "w \<in> successors v" "w \<notin> vsuccs e v" "w \<in> visited e" "w \<notin> explored e"
+ and n: "n \<in> set (tl (stack e'))"
+ shows "\<S> e' n = \<S> e n"
+proof -
+ from assms obtain pfx where
+ pfx: "stack e = pfx @ (stack e')" "stack e' \<noteq> []"
+ "let cc = \<Union> {\<S> e n |n. n \<in> set pfx \<union> {hd (stack e')}}
+ in \<S> e' = (\<lambda>x. if x \<in> cc then cc else \<S> e x)"
+ by (blast dest: unite_stack)
+ define cc where "cc \<equiv> \<Union> {\<S> e n |n. n \<in> set pfx \<union> {hd (stack e')}}"
+
+ have "n \<notin> cc"
+ proof
+ assume "n \<in> cc"
+ then obtain m where
+ "m \<in> set pfx \<union> {hd (stack e')}" "n \<in> \<S> e m"
+ by (auto simp: cc_def)
+ with S_reflexive[OF wf, of n] n wf \<open>stack e = pfx @ stack e'\<close> \<open>stack e' \<noteq> []\<close>
+ show "False"
+ unfolding wf_env_def
+ by (smt (z3) Diff_triv Un_iff Un_insert_right append.right_neutral disjoint_insert(1)
+ distinct.simps(2) distinct_append empty_set insertE insert_Diff list.exhaust_sel
+ list.simps(15) set_append)
+ qed
+ with pfx show "\<S> e' n = \<S> e n"
+ by (auto simp add: cc_def)
+qed
+
+text \<open>
+ The stack of the result of @{text unite} represents the
+ same vertices as the input stack, potentially in fewer
+ equivalence classes.
+\<close>
+lemma unite_S_equal:
+ fixes e v w
+ defines "e' \<equiv> unite v w e"
+ assumes wf: "wf_env e"
+ and w: "w \<in> successors v" "w \<notin> vsuccs e v" "w \<in> visited e" "w \<notin> explored e"
+ shows "(\<Union> {\<S> e' n | n. n \<in> set (stack e')}) = (\<Union> {\<S> e n | n. n \<in> set (stack e)})"
+proof -
+ from assms obtain pfx where
+ pfx: "stack e = pfx @ (stack e')" "stack e' \<noteq> []"
+ "let cc = \<Union> {\<S> e n |n. n \<in> set pfx \<union> {hd (stack e')}}
+ in \<S> e' = (\<lambda>x. if x \<in> cc then cc else \<S> e x)"
+ by (blast dest: unite_stack)
+ define cc where "cc \<equiv> \<Union> {\<S> e n |n. n \<in> set pfx \<union> {hd (stack e')}}"
+
+ from pfx have Se': "\<forall>x. \<S> e' x = (if x \<in> cc then cc else \<S> e x)"
+ by (auto simp: cc_def)
+ from S_reflexive[OF wf, of "hd (stack e')"]
+ have S_hd: "\<S> e' (hd (stack e')) = cc"
+ by (auto simp: Se' cc_def)
+ from \<open>stack e' \<noteq> []\<close>
+ have ste': "set (stack e') = {hd (stack e')} \<union> set (tl (stack e'))"
+ by (metis insert_is_Un list.exhaust_sel list.simps(15))
+
+ from \<open>stack e = pfx @ stack e'\<close> \<open>stack e' \<noteq> []\<close>
+ have "stack e = pfx @ (hd (stack e') # tl (stack e'))"
+ by auto
+ hence "\<Union> {\<S> e n | n. n \<in> set (stack e)}
+ = cc \<union> (\<Union> {\<S> e n | n. n \<in> set (tl (stack e'))})"
+ by (auto simp add: cc_def)
+ also from S_hd unite_S_tl[OF wf w]
+ have "\<dots> = \<S> e' (hd (stack e')) \<union> (\<Union> {\<S> e' n | n. n \<in> set (tl (stack e'))})"
+ by (auto simp: e'_def)
+ also from ste'
+ have "\<dots> = \<Union> {\<S> e' n | n. n \<in> set (stack e')}"
+ by auto
+ finally show ?thesis
+ by simp
+qed
+
+text \<open>
+ The head of the stack represents a (not necessarily maximal) SCC.
+\<close>
+lemma unite_subscc:
+ fixes e v w
+ defines "e' \<equiv> unite v w e"
+ assumes pre: "pre_dfss v e"
+ and w: "w \<in> successors v" "w \<notin> vsuccs e v" "w \<in> visited e" "w \<notin> explored e"
+ shows "is_subscc (\<S> e' (hd (stack e')))"
+proof -
+ from pre have wf: "wf_env e"
+ by (simp add: pre_dfss_def)
+ from assms obtain pfx where
+ pfx: "stack e = pfx @ (stack e')" "stack e' \<noteq> []"
+ "let cc = \<Union> {\<S> e n |n. n \<in> set pfx \<union> {hd (stack e')}}
+ in \<S> e' = (\<lambda>x. if x \<in> cc then cc else \<S> e x)"
+ by (blast dest: unite_stack[OF wf])
+
+ define cc where "cc \<equiv> \<Union> {\<S> e n |n. n \<in> set pfx \<union> {hd (stack e')}}"
+
+ from wf w have "w \<in> \<Union> {\<S> e n | n. n \<in> set (stack e)}"
+ by (simp add: wf_env_def)
+ hence "w \<in> \<S> e (hd (stack e'))"
+ apply (simp add: e'_def unite_def)
+ by (metis dropWhile_eq_Nil_conv hd_dropWhile)
+
+ have "is_subscc cc"
+ proof (clarsimp simp: is_subscc_def)
+ fix x y
+ assume "x \<in> cc" "y \<in> cc"
+ then obtain nx ny where
+ nx: "nx \<in> set pfx \<union> {hd (stack e')}" "x \<in> \<S> e nx" and
+ ny: "ny \<in> set pfx \<union> {hd (stack e')}" "y \<in> \<S> e ny"
+ by (auto simp: cc_def)
+ with wf have "reachable x nx" "reachable ny y"
+ by (auto simp: wf_env_def is_subscc_def)
+ from w pre have "reachable v w"
+ by (auto simp: pre_dfss_def)
+ from pre have "reachable (hd (stack e)) v"
+ by (auto simp: pre_dfss_def wf_env_def is_subscc_def)
+ from pre have "stack e = hd (stack e) # tl (stack e)"
+ by (auto simp: pre_dfss_def)
+ with nx \<open>stack e = pfx @ (stack e')\<close> \<open>stack e' \<noteq> []\<close>
+ have "hd (stack e) \<preceq> nx in stack e"
+ by (metis Un_iff Un_insert_right head_precedes list.exhaust_sel list.simps(15)
+ set_append sup_bot.right_neutral)
+ with wf have "reachable nx (hd (stack e))"
+ by (auto simp: wf_env_def)
+ from \<open>stack e = pfx @ (stack e')\<close> \<open>stack e' \<noteq> []\<close> ny
+ have "ny \<preceq> hd (stack e') in stack e"
+ by (metis List.set_insert empty_set insert_Nil list.exhaust_sel set_append split_list_precedes)
+ with wf have "reachable (hd (stack e')) ny"
+ by (auto simp: wf_env_def is_subscc_def)
+ from wf \<open>stack e' \<noteq> []\<close> \<open>w \<in> \<S> e (hd (stack e'))\<close>
+ have "reachable w (hd (stack e'))"
+ by (auto simp: wf_env_def is_subscc_def)
+
+ from \<open>reachable x nx\<close> \<open>reachable nx (hd (stack e))\<close>
+ \<open>reachable (hd (stack e)) v\<close> \<open>reachable v w\<close>
+ \<open>reachable w (hd (stack e'))\<close>
+ \<open>reachable (hd (stack e')) ny\<close> \<open>reachable ny y\<close>
+ show "reachable x y"
+ using reachable_trans by meson
+ qed
+ with S_reflexive[OF wf, of "hd (stack e')"] pfx
+ show ?thesis
+ by (auto simp: cc_def)
+qed
+
+text \<open>
+ The environment returned by function @{text unite} extends the input environment.
+\<close>
+
+lemma unite_sub_env:
+ fixes e v w
+ defines "e' \<equiv> unite v w e"
+ assumes pre: "pre_dfss v e"
+ and w: "w \<in> successors v" "w \<notin> vsuccs e v" "w \<in> visited e" "w \<notin> explored e"
+ shows "sub_env e e'"
+proof -
+ from pre have wf: "wf_env e"
+ by (simp add: pre_dfss_def)
+ from assms obtain pfx where
+ pfx: "stack e = pfx @ (stack e')" "stack e' \<noteq> []"
+ "let cc = \<Union> {\<S> e n |n. n \<in> set pfx \<union> {hd (stack e')}}
+ in \<S> e' = (\<lambda>x. if x \<in> cc then cc else \<S> e x)"
+ by (blast dest: unite_stack[OF wf])
+ define cc where "cc \<equiv> \<Union> {\<S> e n |n. n \<in> set pfx \<union> {hd (stack e')}}"
+ have "\<forall>n. \<S> e n \<subseteq> \<S> e' n"
+ proof (clarify)
+ fix n u
+ assume u: "u \<in> \<S> e n"
+ show "u \<in> \<S> e' n"
+ proof (cases "n \<in> cc")
+ case True
+ then obtain m where
+ m: "m \<in> set pfx \<union> {hd (stack e')}" "n \<in> \<S> e m"
+ by (auto simp: cc_def)
+ with wf S_reflexive[OF wf, of n] u have "u \<in> \<S> e m"
+ by (auto simp: wf_env_def)
+ with m pfx show ?thesis
+ by (auto simp: cc_def)
+ next
+ case False
+ with pfx u show ?thesis
+ by (auto simp: cc_def)
+ qed
+ qed
+ moreover
+ have "root e' = root e \<and> visited e' = visited e
+ \<and> explored e' = explored e \<and> vsuccs e' = vsuccs e"
+ by (simp add: e'_def unite_def)
+ ultimately show ?thesis
+ using unite_S_equal[OF wf w]
+ by (simp add: e'_def sub_env_def)
+qed
+
+text \<open>
+ The environment returned by function @{text unite} is well-formed.
+\<close>
+lemma unite_wf_env:
+ fixes e v w
+ defines "e' \<equiv> unite v w e"
+ assumes pre: "pre_dfss v e"
+ and w: "w \<in> successors v" "w \<notin> vsuccs e v" "w \<in> visited e" "w \<notin> explored e"
+ shows "wf_env e'"
+proof -
+ from pre have wf: "wf_env e"
+ by (simp add: pre_dfss_def)
+ from assms obtain pfx where
+ pfx: "stack e = pfx @ (stack e')" "stack e' \<noteq> []"
+ "let cc = \<Union> {\<S> e n |n. n \<in> set pfx \<union> {hd (stack e')}}
+ in \<S> e' = (\<lambda>x. if x \<in> cc then cc else \<S> e x)"
+ by (blast dest: unite_stack[OF wf])
+ define cc where "cc \<equiv> \<Union> {\<S> e n |n. n \<in> set pfx \<union> {hd (stack e')}}"
+
+ from pfx have Se': "\<forall>x. \<S> e' x = (if x \<in> cc then cc else \<S> e x)"
+ by (auto simp add: cc_def)
+
+ have cc_Un: "cc = \<Union> {\<S> e x | x. x \<in> cc}"
+ proof
+ from S_reflexive[OF wf]
+ show "cc \<subseteq> \<Union> {\<S> e x | x. x \<in> cc}"
+ by (auto simp: cc_def)
+ next
+ {
+ fix n x
+ assume "x \<in> cc" "n \<in> \<S> e x"
+ with wf have "n \<in> cc"
+ unfolding wf_env_def cc_def
+ by (smt (verit) Union_iff mem_Collect_eq)
+ }
+ thus "(\<Union> {\<S> e x | x. x \<in> cc}) \<subseteq> cc"
+ by blast
+ qed
+
+ from S_reflexive[OF wf, of "hd (stack e')"]
+ have hd_cc: "\<S> e' (hd (stack e')) = cc"
+ by (auto simp: cc_def Se')
+
+ {
+ fix n m
+ assume n: "n \<in> set (tl (stack e'))"
+ and m: "m \<in> \<S> e n \<inter> cc"
+ from m obtain l where
+ "l \<in> set pfx \<union> {hd (stack e')}" "m \<in> \<S> e l"
+ by (auto simp: cc_def)
+ with n m wf \<open>stack e = pfx @ stack e'\<close> \<open>stack e' \<noteq> []\<close>
+ have "False"
+ unfolding wf_env_def
+ by (metis (no_types, lifting) Int_iff UnCI UnE disjoint_insert(1) distinct.simps(2)
+ distinct_append emptyE hd_Cons_tl insert_iff list.set_sel(1) list.set_sel(2)
+ mk_disjoint_insert set_append)
+ }
+ hence tl_cc: "\<forall>n \<in> set (tl (stack e')). \<S> e n \<inter> cc = {}"
+ by blast
+
+ from wf
+ have "\<forall>n \<in> visited e'. reachable (root e') n"
+ "distinct (cstack e')"
+ "explored e' \<subseteq> visited e'"
+ "set (cstack e') \<subseteq> visited e'"
+ "\<forall>n \<in> explored e'. \<forall>m. reachable n m \<longrightarrow> m \<in> explored e'"
+ "\<forall>n. vsuccs e' n \<subseteq> successors n \<inter> visited e'"
+ "\<forall>n. n \<notin> visited e' \<longrightarrow> vsuccs e' n = {}"
+ "\<forall>n \<in> explored e'. vsuccs e' n = successors n"
+ "\<forall>n \<in> visited e' - set (cstack e'). vsuccs e' n = successors n"
+ "\<forall>S \<in> sccs e'. is_scc S"
+ "\<Union> (sccs e') = explored e'"
+ by (auto simp: wf_env_def e'_def unite_def)
+
+ moreover
+ from wf \<open>stack e = pfx @ stack e'\<close>
+ have "distinct (stack e')"
+ by (auto simp: wf_env_def)
+
+ moreover
+ have "\<forall>n m. n \<preceq> m in stack e' \<longrightarrow> n \<preceq> m in cstack e'"
+ proof (clarify)
+ fix n m
+ assume "n \<preceq> m in stack e'"
+ with \<open>stack e = pfx @ stack e'\<close> wf
+ have "n \<preceq> m in cstack e"
+ unfolding wf_env_def
+ by (metis precedes_append_left)
+ thus "n \<preceq> m in cstack e'"
+ by (simp add: e'_def unite_def)
+ qed
+
+ moreover
+ from wf \<open>stack e = pfx @ stack e'\<close>
+ have "\<forall>n m. n \<preceq> m in stack e' \<longrightarrow> reachable m n"
+ unfolding wf_env_def by (metis precedes_append_left)
+
+ moreover
+ have "\<forall>n m. m \<in> \<S> e' n \<longleftrightarrow> (\<S> e' n = \<S> e' m)"
+ proof (clarify)
+ fix n m
+ show "m \<in> \<S> e' n \<longleftrightarrow> (\<S> e' n = \<S> e' m)"
+ proof
+ assume l: "m \<in> \<S> e' n"
+ show "\<S> e' n = \<S> e' m"
+ proof (cases "n \<in> cc")
+ case True
+ with l show ?thesis
+ by (simp add: Se')
+ next
+ case False
+ with l wf have "\<S> e n = \<S> e m"
+ by (simp add: wf_env_def Se')
+ with False cc_Un wf have "m \<notin> cc"
+ unfolding wf_env_def e'_def
+ by (smt (verit, best) Union_iff mem_Collect_eq)
+ with \<open>\<S> e n = \<S> e m\<close> False show ?thesis
+ by (simp add: Se')
+ qed
+ next
+ assume r: "\<S> e' n = \<S> e' m"
+ show "m \<in> \<S> e' n"
+ proof (cases "n \<in> cc")
+ case True
+ with r pfx have "\<S> e' m = cc"
+ by (auto simp: cc_def)
+ have "m \<in> cc"
+ proof (rule ccontr)
+ assume "m \<notin> cc"
+ with pfx have "\<S> e' m = \<S> e m"
+ by (auto simp: cc_def)
+ with S_reflexive[OF wf, of m] \<open>\<S> e' m = cc\<close> \<open>m \<notin> cc\<close>
+ show "False"
+ by simp
+ qed
+ with pfx True show "m \<in> \<S> e' n"
+ by (auto simp: cc_def)
+ next
+ case False
+ hence "\<S> e' n = \<S> e n"
+ by (simp add: Se')
+ have "m \<notin> cc"
+ proof
+ assume m: "m \<in> cc"
+ with \<open>\<S> e' n = \<S> e n\<close> r have "\<S> e n = cc"
+ by (simp add: Se')
+ with S_reflexive[OF wf, of n] have "n \<in> cc"
+ by simp
+ with \<open>n \<notin> cc\<close> show "False" ..
+ qed
+ with r \<open>\<S> e' n = \<S> e n\<close> have "\<S> e m = \<S> e n"
+ by (simp add: Se')
+ with S_reflexive[OF wf, of m] have "m \<in> \<S> e n"
+ by simp
+ with \<open>\<S> e' n = \<S> e n\<close> show ?thesis
+ by simp
+ qed
+ qed
+ qed
+
+ moreover
+ have "\<forall>n. n \<notin> visited e' \<longrightarrow> \<S> e' n = {n}"
+ proof (clarify)
+ fix n
+ assume "n \<notin> visited e'"
+ hence "n \<notin> visited e"
+ by (simp add: e'_def unite_def)
+ moreover have "n \<notin> cc"
+ proof
+ assume "n \<in> cc"
+ then obtain m where "m \<in> set pfx \<union> {hd (stack e')}" "n \<in> \<S> e m"
+ by (auto simp: cc_def)
+ with \<open>stack e = pfx @ stack e'\<close> \<open>stack e' \<noteq> []\<close>
+ have "m \<in> set (stack e)"
+ by auto
+ with stack_class[OF wf this \<open>n \<in> \<S> e m\<close>] \<open>n \<notin> visited e\<close>
+ show "False"
+ by simp
+ qed
+ ultimately show "\<S> e' n = {n}"
+ using wf by (auto simp: wf_env_def Se')
+ qed
+
+ moreover
+ have "\<forall>n \<in> set (stack e'). \<forall>m \<in> set (stack e'). n \<noteq> m \<longrightarrow> \<S> e' n \<inter> \<S> e' m = {}"
+ proof (clarify)
+ fix n m
+ assume "n \<in> set (stack e')" "m \<in> set (stack e')" "n \<noteq> m"
+ show "\<S> e' n \<inter> \<S> e' m = {}"
+ proof (cases "n = hd (stack e')")
+ case True
+ with \<open>m \<in> set (stack e')\<close> \<open>n \<noteq> m\<close> \<open>stack e' \<noteq> []\<close>
+ have "m \<in> set (tl (stack e'))"
+ by (metis hd_Cons_tl set_ConsD)
+ with True hd_cc tl_cc unite_S_tl[OF wf w]
+ show ?thesis
+ by (auto simp: e'_def)
+ next
+ case False
+ with \<open>n \<in> set (stack e')\<close> \<open>stack e' \<noteq> []\<close>
+ have "n \<in> set (tl (stack e'))"
+ by (metis hd_Cons_tl set_ConsD)
+ show ?thesis
+ proof (cases "m = hd (stack e')")
+ case True
+ with \<open>n \<in> set (tl (stack e'))\<close> hd_cc tl_cc unite_S_tl[OF wf w]
+ show ?thesis
+ by (auto simp: e'_def)
+ next
+ case False
+ with \<open>m \<in> set (stack e')\<close> \<open>stack e' \<noteq> []\<close>
+ have "m \<in> set (tl (stack e'))"
+ by (metis hd_Cons_tl set_ConsD)
+ with \<open>n \<in> set (tl (stack e'))\<close>
+ have "\<S> e' m = \<S> e m \<and> \<S> e' n = \<S> e n"
+ by (auto simp: e'_def unite_S_tl[OF wf w])
+ moreover
+ from \<open>m \<in> set (stack e')\<close> \<open>n \<in> set (stack e')\<close> \<open>stack e = pfx @ stack e'\<close>
+ have "m \<in> set (stack e) \<and> n \<in> set (stack e)"
+ by auto
+ ultimately show ?thesis
+ using wf \<open>n \<noteq> m\<close> by (auto simp: wf_env_def)
+ qed
+ qed
+ qed
+
+ moreover
+ {
+ from unite_S_equal[OF wf w]
+ have "\<Union> {\<S> e' n | n. n \<in> set (stack e')} = \<Union> {\<S> e n | n. n \<in> set (stack e)}"
+ by (simp add: e'_def)
+ with wf
+ have "\<Union> {\<S> e' n | n. n \<in> set (stack e')} = visited e - explored e"
+ by (simp add: wf_env_def)
+ }
+ hence "\<Union> {\<S> e' n | n. n \<in> set (stack e')} = visited e' - explored e'"
+ by (simp add: e'_def unite_def)
+
+ moreover
+ have "\<forall>n \<in> set (stack e'). \<forall>m \<in> \<S> e' n.
+ m \<in> set (cstack e') \<longrightarrow> m \<preceq> n in cstack e'"
+ proof (clarify)
+ fix n m
+ assume "n \<in> set (stack e')" "m \<in> \<S> e' n" "m \<in> set (cstack e')"
+ from \<open>m \<in> set (cstack e')\<close> have "m \<in> set (cstack e)"
+ by (simp add: e'_def unite_def)
+ have "m \<preceq> n in cstack e"
+ proof (cases "n = hd (stack e')")
+ case True
+ with \<open>m \<in> \<S> e' n\<close> have "m \<in> cc"
+ by (simp add: hd_cc)
+ then obtain l where
+ "l \<in> set pfx \<union> {hd (stack e')}" "m \<in> \<S> e l"
+ by (auto simp: cc_def)
+ with \<open>stack e = pfx @ stack e'\<close> \<open>stack e' \<noteq> []\<close>
+ have "l \<in> set (stack e)"
+ by auto
+ with \<open>m \<in> \<S> e l\<close> \<open>m \<in> set (cstack e)\<close> wf
+ have "m \<preceq> l in cstack e"
+ by (auto simp: wf_env_def)
+ moreover
+ from \<open>l \<in> set pfx \<union> {hd (stack e')}\<close> True
+ \<open>stack e = pfx @ stack e'\<close> \<open>stack e' \<noteq> []\<close>
+ have "l \<preceq> n in stack e"
+ by (metis List.set_insert empty_set hd_Cons_tl insert_Nil set_append split_list_precedes)
+ with wf have "l \<preceq> n in cstack e"
+ by (auto simp: wf_env_def)
+ ultimately show ?thesis
+ using wf unfolding wf_env_def
+ by (meson precedes_trans)
+ next
+ case False
+ with \<open>n \<in> set (stack e')\<close> \<open>stack e' \<noteq> []\<close>
+ have "n \<in> set (tl (stack e'))"
+ by (metis list.collapse set_ConsD)
+ with unite_S_tl[OF wf w] \<open>m \<in> \<S> e' n\<close>
+ have "m \<in> \<S> e n"
+ by (simp add: e'_def)
+ with \<open>n \<in> set (stack e')\<close> \<open>stack e = pfx @ stack e'\<close>
+ \<open>m \<in> set (cstack e)\<close> wf
+ show ?thesis
+ by (auto simp: wf_env_def)
+ qed
+ thus "m \<preceq> n in cstack e'"
+ by (simp add: e'_def unite_def)
+ qed
+
+ moreover
+ have "\<forall>n m. n \<preceq> m in stack e' \<and> n \<noteq> m \<longrightarrow>
+ (\<forall>u \<in> \<S> e' n. \<not> reachable_avoiding u m (unvisited e' n))"
+ proof (clarify)
+ fix x y u
+ assume xy: "x \<preceq> y in stack e'" "x \<noteq> y"
+ and u: "u \<in> \<S> e' x" "reachable_avoiding u y (unvisited e' x)"
+ show "False"
+ proof (cases "x = hd (stack e')")
+ case True
+ hence "\<S> e' x = cc"
+ by (simp add: hd_cc)
+ with \<open>u \<in> \<S> e' x\<close> obtain x' where
+ x': "x' \<in> set pfx \<union> {hd (stack e')}" "u \<in> \<S> e x'"
+ by (auto simp: cc_def)
+ from \<open>stack e = pfx @ stack e'\<close> \<open>stack e' \<noteq> []\<close>
+ have "stack e = pfx @ (hd (stack e') # tl (stack e'))"
+ by auto
+ with x' True have "x' \<preceq> x in stack e"
+ by (simp add: split_list_precedes)
+ moreover
+ from xy \<open>stack e = pfx @ stack e'\<close> have "x \<preceq> y in stack e"
+ by (simp add: precedes_append_left)
+ ultimately have "x' \<preceq> y in stack e"
+ using wf by (auto simp: wf_env_def elim: precedes_trans)
+ from \<open>x' \<preceq> x in stack e\<close> \<open>x \<preceq> y in stack e\<close> wf \<open>x \<noteq> y\<close>
+ have "x' \<noteq> y"
+ by (auto simp: wf_env_def dest: precedes_antisym)
+ let ?unv = "\<Union> {unvisited e y | y. y \<in> set pfx \<union> {hd (stack e')}}"
+ from \<open>\<S> e' x = cc\<close> have "?unv = unvisited e' x"
+ by (auto simp: unvisited_def cc_def e'_def unite_def)
+ with \<open>reachable_avoiding u y (unvisited e' x)\<close>
+ have "reachable_avoiding u y ?unv"
+ by simp
+ with x' have "reachable_avoiding u y (unvisited e x')"
+ by (blast intro: ra_mono)
+ with \<open>x' \<preceq> y in stack e\<close> \<open>x' \<noteq> y\<close> \<open>u \<in> \<S> e x'\<close> wf
+ show ?thesis
+ by (auto simp: wf_env_def)
+ next
+ case False
+ with \<open>x \<preceq> y in stack e'\<close> \<open>stack e' \<noteq> []\<close>
+ have "x \<in> set (tl (stack e'))"
+ by (metis list.exhaust_sel precedes_mem(1) set_ConsD)
+ with \<open>u \<in> \<S> e' x\<close> have "u \<in> \<S> e x"
+ by (auto simp add: unite_S_tl[OF wf w] e'_def)
+ moreover
+ from \<open>x \<preceq> y in stack e'\<close> \<open>stack e = pfx @ stack e'\<close>
+ have "x \<preceq> y in stack e"
+ by (simp add: precedes_append_left)
+ moreover
+ from unite_S_tl[OF wf w] \<open>x \<in> set (tl (stack e'))\<close>
+ have "unvisited e' x = unvisited e x"
+ by (auto simp: unvisited_def e'_def unite_def)
+ ultimately show ?thesis
+ using \<open>x \<noteq> y\<close> \<open>reachable_avoiding u y (unvisited e' x)\<close> wf
+ by (auto simp: wf_env_def)
+ qed
+ qed
+
+
+ moreover
+ have "\<forall>n. is_subscc (\<S> e' n)"
+ proof
+ fix n
+ show "is_subscc (\<S> e' n)"
+ proof (cases "n \<in> cc")
+ case True
+ hence "\<S> e' n = cc"
+ by (simp add: Se')
+ with unite_subscc[OF pre w] hd_cc
+ show ?thesis
+ by (auto simp: e'_def)
+ next
+ case False
+ with wf show ?thesis
+ by (simp add: Se' wf_env_def)
+ qed
+ qed
+
+ ultimately show ?thesis
+ unfolding wf_env_def by blast
+qed
+
+subsection \<open>Lemmas establishing the pre-conditions\<close>
+
+text \<open>
+ The precondition of function @{text dfs} ensures the precondition
+ of @{text dfss} at the call of that function.
+\<close>
+lemma pre_dfs_pre_dfss:
+ assumes "pre_dfs v e"
+ shows "pre_dfss v (e\<lparr>visited := visited e \<union> {v},
+ stack := v # stack e,
+ cstack := v # cstack e\<rparr>)"
+ (is "pre_dfss v ?e'")
+proof -
+ from assms have wf: "wf_env e"
+ by (simp add: pre_dfs_def)
+
+ from assms have v: "v \<notin> visited e"
+ by (simp add: pre_dfs_def)
+
+ from assms stack_visited[OF wf]
+ have "\<forall>n \<in> visited ?e'. reachable (root ?e') n"
+ "distinct (stack ?e')"
+ "distinct (cstack ?e')"
+ "explored ?e' \<subseteq> visited ?e'"
+ "set (cstack ?e') \<subseteq> visited ?e'"
+ "\<forall>n \<in> explored ?e'. \<forall>m. reachable n m \<longrightarrow> m \<in> explored ?e'"
+ "\<forall>n. vsuccs ?e' n \<subseteq> successors n"
+ "\<forall>n \<in> explored ?e'. vsuccs ?e' n = successors n"
+ "\<forall>n \<in> visited ?e' - set(cstack ?e'). vsuccs ?e' n = successors n"
+ "\<forall>n. n \<notin> visited ?e' \<longrightarrow> vsuccs ?e' n = {}"
+ "(\<forall>n m. m \<in> \<S> ?e' n \<longleftrightarrow> (\<S> ?e' n = \<S> ?e' m))"
+ "(\<forall>n. n \<notin> visited ?e' \<longrightarrow> \<S> ?e' n = {n})"
+ "\<forall>n. is_subscc (\<S> ?e' n)"
+ "\<forall>S \<in> sccs ?e'. is_scc S"
+ "\<Union> (sccs ?e') = explored ?e'"
+ by (auto simp: pre_dfs_def wf_env_def)
+
+ moreover
+ have "\<forall>n m. n \<preceq> m in stack ?e' \<longrightarrow> reachable m n"
+ proof (clarify)
+ fix x y
+ assume "x \<preceq> y in stack ?e'"
+ show "reachable y x"
+ proof (cases "x=v")
+ assume "x=v"
+ with \<open>x \<preceq> y in stack ?e'\<close> assms show ?thesis
+ apply (simp add: pre_dfs_def)
+ by (metis insert_iff list.simps(15) precedes_mem(2) reachable_refl)
+ next
+ assume "x \<noteq> v"
+ with \<open>x \<preceq> y in stack ?e'\<close> wf show ?thesis
+ by (simp add: pre_dfs_def wf_env_def precedes_in_tail)
+ qed
+ qed
+
+ moreover
+ from wf v have "\<forall>n. vsuccs ?e' n \<subseteq> visited ?e'"
+ by (auto simp: wf_env_def)
+
+ moreover
+ from wf v
+ have "(\<forall>n \<in> set (stack ?e'). \<forall> m \<in> set (stack ?e'). n \<noteq> m \<longrightarrow> \<S> ?e' n \<inter> \<S> ?e' m = {})"
+ apply (simp add: wf_env_def)
+ by (metis singletonD)
+
+ moreover
+ have "\<Union> {\<S> ?e' v | v . v \<in> set (stack ?e')} = visited ?e' - explored ?e'"
+ proof -
+ have "\<Union> {\<S> ?e' v | v . v \<in> set (stack ?e')} =
+ (\<Union> {\<S> e v | v . v \<in> set (stack e)}) \<union> \<S> e v"
+ by auto
+ also from wf v have "\<dots> = visited ?e' - explored ?e'"
+ by (auto simp: wf_env_def)
+ finally show ?thesis .
+ qed
+
+ moreover
+ have "\<forall>n m. n \<preceq> m in stack ?e' \<and> n \<noteq> m \<longrightarrow>
+ (\<forall>u \<in> \<S> ?e' n. \<not> reachable_avoiding u m (unvisited ?e' n))"
+ proof (clarify)
+ fix x y u
+ assume asm: "x \<preceq> y in stack ?e'" "x \<noteq> y" "u \<in> \<S> ?e' x"
+ "reachable_avoiding u y (unvisited ?e' x)"
+ show "False"
+ proof (cases "x = v")
+ case True
+ with wf v \<open>u \<in> \<S> ?e' x\<close> have "u = v" "vsuccs ?e' v = {}"
+ by (auto simp: wf_env_def)
+ with \<open>reachable_avoiding u y (unvisited ?e' x)\<close>[THEN ra_cases]
+ True \<open>x \<noteq> y\<close> wf
+ show ?thesis
+ by (auto simp: wf_env_def unvisited_def)
+ next
+ case False
+ with asm wf show ?thesis
+ by (auto simp: precedes_in_tail wf_env_def unvisited_def)
+ qed
+ qed
+
+ moreover
+ have "\<forall>n m. n \<preceq> m in stack ?e' \<longrightarrow> n \<preceq> m in cstack ?e'"
+ proof (clarsimp)
+ fix n m
+ assume "n \<preceq> m in (v # stack e)"
+ with assms show "n \<preceq> m in (v # cstack e)"
+ unfolding pre_dfs_def wf_env_def
+ by (metis head_precedes insertI1 list.simps(15) precedes_in_tail precedes_mem(2) precedes_refl)
+ qed
+
+ moreover
+ have "\<forall>n \<in> set (stack ?e'). \<forall>m \<in> \<S> ?e' n. m \<in> set (cstack ?e') \<longrightarrow> m \<preceq> n in cstack ?e'"
+ proof (clarify)
+ fix n m
+ assume "n \<in> set (stack ?e')" "m \<in> \<S> ?e' n" "m \<in> set (cstack ?e')"
+ show "m \<preceq> n in cstack ?e'"
+ proof (cases "n = v")
+ case True
+ with wf v \<open>m \<in> \<S> ?e' n\<close> show ?thesis
+ by (auto simp: wf_env_def)
+ next
+ case False
+ with \<open>n \<in> set (stack ?e')\<close> \<open>m \<in> \<S> ?e' n\<close>
+ have "n \<in> set (stack e)" "m \<in> \<S> e n"
+ by auto
+ with wf v False \<open>m \<in> \<S> e n\<close> \<open>m \<in> set (cstack ?e')\<close>
+ show ?thesis
+ apply (simp add: wf_env_def)
+ by (metis (mono_tags, lifting) precedes_in_tail singletonD)
+ qed
+ qed
+
+ ultimately have "wf_env ?e'"
+ unfolding wf_env_def by (meson le_inf_iff)
+
+ moreover
+ from assms
+ have "\<forall>w \<in> vsuccs ?e' v. w \<in> explored ?e' \<union> \<S> ?e' (hd (stack ?e'))"
+ by (simp add: pre_dfs_def)
+
+ moreover
+ from \<open>\<forall>n m. n \<preceq> m in stack ?e' \<longrightarrow> reachable m n\<close>
+ have "\<forall>n \<in> set (stack ?e'). reachable n v"
+ by (simp add: head_precedes)
+
+ moreover
+ from wf v have "\<S> ?e' (hd (stack ?e')) = {v}"
+ by (simp add: pre_dfs_def wf_env_def)
+
+ ultimately show ?thesis
+ by (auto simp: pre_dfss_def)
+qed
+
+text \<open>
+ Similarly, we now show that the pre-conditions of the different
+ function calls in the body of function @{text dfss} are satisfied.
+ First, it is very easy to see that the pre-condition of @{text dfs}
+ holds at the call of that function.
+\<close>
+lemma pre_dfss_pre_dfs:
+ assumes "pre_dfss v e" and "w \<notin> visited e" and "w \<in> successors v"
+ shows "pre_dfs w e"
+ using assms unfolding pre_dfss_def pre_dfs_def wf_env_def
+ by (meson succ_reachable)
+
+text \<open>
+ The pre-condition of @{text dfss} holds when the successor
+ considered in the current iteration has already been explored.
+\<close>
+lemma pre_dfss_explored_pre_dfss:
+ fixes e v w
+ defines "e'' \<equiv> e\<lparr>vsuccs := (\<lambda>x. if x=v then vsuccs e v \<union> {w} else vsuccs e x)\<rparr>"
+ assumes 1: "pre_dfss v e" and 2: "w \<in> successors v" and 3: "w \<in> explored e"
+ shows "pre_dfss v e''"
+proof -
+ from 1 have v: "v \<in> visited e"
+ by (simp add: pre_dfss_def)
+ have "wf_env e''"
+ proof -
+ from 1 have wf: "wf_env e"
+ by (simp add: pre_dfss_def)
+ hence "\<forall>v \<in> visited e''. reachable (root e'') v"
+ "distinct (stack e'')"
+ "distinct (cstack e'')"
+ "\<forall>n m. n \<preceq> m in stack e'' \<longrightarrow> n \<preceq> m in cstack e''"
+ "\<forall>n m. n \<preceq> m in stack e'' \<longrightarrow> reachable m n"
+ "explored e'' \<subseteq> visited e''"
+ "set (cstack e'') \<subseteq> visited e''"
+ "\<forall>n \<in> explored e''. \<forall>m. reachable n m \<longrightarrow> m \<in> explored e''"
+ "\<forall>n m. m \<in> \<S> e'' n \<longleftrightarrow> (\<S> e'' n = \<S> e'' m)"
+ "\<forall>n. n \<notin> visited e'' \<longrightarrow> \<S> e'' n = {n}"
+ "\<forall>n \<in> set (stack e''). \<forall> m \<in> set (stack e'').
+ n \<noteq> m \<longrightarrow> \<S> e'' n \<inter> \<S> e'' m = {}"
+ "\<Union> {\<S> e'' n | n. n \<in> set (stack e'')} = visited e'' - explored e''"
+ "\<forall>n \<in> set (stack e''). \<forall>m \<in> \<S> e'' n.
+ m \<in> set (cstack e'') \<longrightarrow> m \<preceq> n in cstack e''"
+ "\<forall>n. is_subscc (\<S> e'' n)"
+ "\<forall>S \<in> sccs e''. is_scc S"
+ "\<Union> (sccs e'') = explored e''"
+ by (auto simp: wf_env_def e''_def)
+ moreover
+ from wf 2 3 have "\<forall>v. vsuccs e'' v \<subseteq> successors v \<inter> visited e''"
+ by (auto simp: wf_env_def e''_def)
+ moreover
+ from wf v have "\<forall>n. n \<notin> visited e'' \<longrightarrow> vsuccs e'' n = {}"
+ by (auto simp: wf_env_def e''_def)
+ moreover
+ from wf 2
+ have "\<forall>v. v \<in> explored e'' \<longrightarrow> vsuccs e'' v = successors v"
+ by (auto simp: wf_env_def e''_def)
+ moreover
+ have "\<forall>x y. x \<preceq> y in stack e'' \<and> x \<noteq> y \<longrightarrow>
+ (\<forall>u \<in> \<S> e'' x. \<not> reachable_avoiding u y (unvisited e'' x))"
+ proof (clarify)
+ fix x y u
+ assume "x \<preceq> y in stack e''" "x \<noteq> y"
+ "u \<in> \<S> e'' x"
+ "reachable_avoiding u y (unvisited e'' x)"
+ hence prec: "x \<preceq> y in stack e" "u \<in> \<S> e x"
+ by (auto simp: e''_def)
+ with stack_unexplored[OF wf] have "y \<notin> explored e"
+ by (blast dest: precedes_mem)
+ have "(unvisited e x = unvisited e'' x)
+ \<or> (unvisited e x = unvisited e'' x \<union> {(v,w)})"
+ by (auto simp: e''_def unvisited_def split: if_splits)
+ thus "False"
+ proof
+ assume "unvisited e x = unvisited e'' x"
+ with prec \<open>x \<noteq> y\<close> \<open>reachable_avoiding u y (unvisited e'' x)\<close> wf
+ show ?thesis
+ unfolding wf_env_def by metis
+ next
+ assume "unvisited e x = unvisited e'' x \<union> {(v,w)}"
+ with wf \<open>reachable_avoiding u y (unvisited e'' x)\<close>
+ \<open>y \<notin> explored e\<close> \<open>w \<in> explored e\<close> prec \<open>x \<noteq> y\<close>
+ show ?thesis
+ using avoiding_explored[OF wf] unfolding wf_env_def
+ by (metis (no_types, lifting))
+ qed
+ qed
+ moreover
+ from wf 2
+ have "\<forall>n \<in> visited e'' - set (cstack e''). vsuccs e'' n = successors n"
+ by (auto simp: e''_def wf_env_def)
+ ultimately show ?thesis
+ unfolding wf_env_def by meson
+ qed
+ with 1 3 show ?thesis
+ by (auto simp: pre_dfss_def e''_def)
+qed
+
+text \<open>
+ The call to @{text dfs} establishes the pre-condition for the
+ recursive call to @{text dfss} in the body of @{text dfss}.
+\<close>
+lemma pre_dfss_post_dfs_pre_dfss:
+ fixes e v w
+ defines "e' \<equiv> dfs w e"
+ defines "e'' \<equiv> e'\<lparr>vsuccs := (\<lambda>x. if x=v then vsuccs e' v \<union> {w} else vsuccs e' x)\<rparr>"
+ assumes pre: "pre_dfss v e"
+ and w: "w \<in> successors v" "w \<notin> visited e"
+ and post: "post_dfs w e e'"
+ shows "pre_dfss v e''"
+proof -
+ from pre
+ have "wf_env e" "v \<in> visited e" "stack e \<noteq> []" "v \<in> \<S> e (hd (stack e))"
+ by (auto simp: pre_dfss_def)
+ with post have "stack e' \<noteq> []" "v \<in> \<S> e' (hd (stack e'))"
+ by (auto dest: dfs_S_hd_stack)
+
+ from post have "w \<in> visited e'"
+ by (simp add: post_dfs_def)
+
+ have "wf_env e''"
+ proof -
+ from post have wf': "wf_env e'"
+ by (simp add: post_dfs_def)
+ hence "\<forall>n \<in> visited e''. reachable (root e'') n"
+ "distinct (stack e'')"
+ "distinct (cstack e'')"
+ "\<forall>n m. n \<preceq> m in stack e'' \<longrightarrow> n \<preceq> m in cstack e''"
+ "\<forall>n m. n \<preceq> m in stack e'' \<longrightarrow> reachable m n"
+ "explored e'' \<subseteq> visited e''"
+ "set (cstack e'') \<subseteq> visited e''"
+ "\<forall>n \<in> explored e''. \<forall>m. reachable n m \<longrightarrow> m \<in> explored e''"
+ "\<forall>n m. m \<in> \<S> e'' n \<longleftrightarrow> (\<S> e'' n = \<S> e'' m)"
+ "\<forall>n. n \<notin> visited e'' \<longrightarrow> \<S> e'' n = {n}"
+ "\<forall>n \<in> set (stack e''). \<forall> m \<in> set (stack e'').
+ n \<noteq> m \<longrightarrow> \<S> e'' n \<inter> \<S> e'' m = {}"
+ "\<Union> {\<S> e'' n | n. n \<in> set (stack e'')} = visited e'' - explored e''"
+ "\<forall>n \<in> set (stack e''). \<forall> m \<in> \<S> e'' n. m \<in> set (cstack e'') \<longrightarrow> m \<preceq> n in cstack e''"
+ "\<forall>n. is_subscc (\<S> e'' n)"
+ "\<forall>S \<in> sccs e''. is_scc S"
+ "\<Union> (sccs e'') = explored e''"
+ by (auto simp: wf_env_def e''_def)
+ moreover
+ from wf' w have "\<forall>n. vsuccs e'' n \<subseteq> successors n"
+ by (auto simp: wf_env_def e''_def)
+ moreover
+ from wf' \<open>w \<in> visited e'\<close> have "\<forall>n. vsuccs e'' n \<subseteq> visited e''"
+ by (auto simp: wf_env_def e''_def)
+ moreover
+ from post \<open>v \<in> visited e\<close>
+ have "\<forall>n. n \<notin> visited e'' \<longrightarrow> vsuccs e'' n = {}"
+ apply (simp add: post_dfs_def wf_env_def sub_env_def e''_def)
+ by (meson subsetD)
+ moreover
+ from wf' w
+ have "\<forall>n \<in> explored e''. vsuccs e'' n = successors n"
+ by (auto simp: wf_env_def e''_def)
+ moreover
+ have "\<forall>n m. n \<preceq> m in stack e'' \<and> n \<noteq> m \<longrightarrow>
+ (\<forall>u \<in> \<S> e'' n. \<not> reachable_avoiding u m (unvisited e'' n))"
+ proof (clarify)
+ fix x y u
+ assume "x \<preceq> y in stack e''" "x \<noteq> y"
+ "u \<in> \<S> e'' x"
+ "reachable_avoiding u y (unvisited e'' x)"
+ hence 1: "x \<preceq> y in stack e'" "u \<in> \<S> e' x"
+ by (auto simp: e''_def)
+ with stack_unexplored[OF wf'] have "y \<notin> explored e'"
+ by (auto dest: precedes_mem)
+ have "(unvisited e' x = unvisited e'' x)
+ \<or> (unvisited e' x = unvisited e'' x \<union> {(v,w)})"
+ by (auto simp: e''_def unvisited_def split: if_splits)
+ thus "False"
+ proof
+ assume "unvisited e' x = unvisited e'' x"
+ with 1 \<open>x \<noteq> y\<close> \<open>reachable_avoiding u y (unvisited e'' x)\<close> wf'
+ show ?thesis
+ unfolding wf_env_def by metis
+ next
+ assume unv: "unvisited e' x = unvisited e'' x \<union> {(v,w)}"
+ from post
+ have "w \<in> explored e'
+ \<or> (w \<in> \<S> e' (hd (stack e')) \<and> (\<forall>n \<in> set (tl (stack e')). \<S> e' n = \<S> e n))"
+ by (auto simp: post_dfs_def)
+ thus ?thesis
+ proof
+ assume "w \<in> explored e'"
+ with wf' unv \<open>reachable_avoiding u y (unvisited e'' x)\<close>
+ \<open>y \<notin> explored e'\<close> 1 \<open>x \<noteq> y\<close>
+ show ?thesis
+ using avoiding_explored[OF wf'] unfolding wf_env_def
+ by (metis (no_types, lifting))
+ next
+ assume w: "w \<in> \<S> e' (hd (stack e'))
+ \<and> (\<forall>n \<in> set (tl (stack e')). \<S> e' n = \<S> e n)"
+ from \<open>reachable_avoiding u y (unvisited e'' x)\<close>[THEN ra_add_edge]
+ unv
+ have "reachable_avoiding u y (unvisited e' x)
+ \<or> reachable_avoiding w y (unvisited e' x)"
+ by auto
+ thus ?thesis
+ proof
+ assume "reachable_avoiding u y (unvisited e' x)"
+ with \<open>x \<preceq> y in stack e''\<close> \<open>x \<noteq> y\<close> \<open>u \<in> \<S> e'' x\<close> wf'
+ show ?thesis
+ by (auto simp: e''_def wf_env_def)
+ next
+ assume "reachable_avoiding w y (unvisited e' x)"
+ from unv have "v \<in> \<S> e' x"
+ by (auto simp: unvisited_def)
+ from \<open>x \<preceq> y in stack e''\<close> have "x \<in> set (stack e')"
+ by (simp add: e''_def precedes_mem)
+ have "x = hd (stack e')"
+ proof (rule ccontr)
+ assume "x \<noteq> hd (stack e')"
+ with \<open>x \<in> set (stack e')\<close> \<open>stack e' \<noteq> []\<close>
+ have "x \<in> set (tl (stack e'))"
+ by (metis hd_Cons_tl set_ConsD)
+ with w \<open>v \<in> \<S> e' x\<close> have "v \<in> \<S> e x"
+ by auto
+ moreover
+ from post \<open>stack e' \<noteq> []\<close> \<open>x \<in> set (stack e')\<close> \<open>x \<in> set (tl (stack e'))\<close>
+ have "x \<in> set (tl (stack e))"
+ unfolding post_dfs_def
+ by (metis Un_iff self_append_conv2 set_append tl_append2)
+ moreover
+ from pre have "wf_env e" "stack e \<noteq> []" "v \<in> \<S> e (hd (stack e))"
+ by (auto simp: pre_dfss_def)
+ ultimately show "False"
+ unfolding wf_env_def
+ by (metis (no_types, lifting) distinct.simps(2) hd_Cons_tl insert_disjoint(2)
+ list.set_sel(1) list.set_sel(2) mk_disjoint_insert)
+ qed
+ with \<open>reachable_avoiding w y (unvisited e' x)\<close>
+ \<open>x \<preceq> y in stack e''\<close> \<open>x \<noteq> y\<close> w wf'
+ show ?thesis
+ by (auto simp add: e''_def wf_env_def)
+ qed
+ qed
+ qed
+ qed
+
+ moreover
+ from wf' \<open>\<forall>n. vsuccs e'' n \<subseteq> successors n\<close>
+ have "\<forall>n \<in> visited e'' - set (cstack e''). vsuccs e'' n = successors n"
+ by (auto simp: wf_env_def e''_def split: if_splits)
+ ultimately show ?thesis
+ unfolding wf_env_def by (meson le_inf_iff)
+ qed
+
+ show "pre_dfss v e''"
+ proof -
+ from pre post
+ have "v \<in> visited e''"
+ by (auto simp: pre_dfss_def post_dfs_def sub_env_def e''_def)
+ moreover
+ {
+ fix u
+ assume u: "u \<in> vsuccs e'' v"
+ have "u \<in> explored e'' \<union> \<S> e'' (hd (stack e''))"
+ proof (cases "u = w")
+ case True
+ with post show ?thesis
+ by (auto simp: post_dfs_def e''_def)
+ next
+ case False
+ with u pre post
+ have "u \<in> explored e \<union> \<S> e (hd (stack e))"
+ by (auto simp: pre_dfss_def post_dfs_def e''_def)
+ then show ?thesis
+ proof
+ assume "u \<in> explored e"
+ with post show ?thesis
+ by (auto simp: post_dfs_def sub_env_def e''_def)
+ next
+ assume "u \<in> \<S> e (hd (stack e))"
+ with \<open>wf_env e\<close> post \<open>stack e \<noteq> []\<close>
+ show ?thesis
+ by (auto simp: e''_def dest: dfs_S_hd_stack)
+ qed
+ qed
+ }
+ moreover
+ from pre post
+ have "\<forall>n \<in> set (stack e''). reachable n v"
+ unfolding pre_dfss_def post_dfs_def
+ using e''_def by force
+ moreover
+ from \<open>stack e' \<noteq> []\<close> have "stack e'' \<noteq> []"
+ by (simp add: e''_def)
+ moreover
+ from \<open>v \<in> \<S> e' (hd (stack e'))\<close> have "v \<in> \<S> e'' (hd (stack e''))"
+ by (simp add: e''_def)
+ moreover
+ from pre post have "\<exists>ns. cstack e'' = v # ns"
+ by (auto simp: pre_dfss_def post_dfs_def e''_def)
+ ultimately show ?thesis
+ using \<open>wf_env e''\<close> unfolding pre_dfss_def by blast
+ qed
+qed
+
+text \<open>
+ Finally, the pre-condition for the recursive call to @{text dfss}
+ at the end of the body of function @{text dfss} also holds if
+ @{text unite} was applied.
+\<close>
+
+lemma pre_dfss_unite_pre_dfss:
+ fixes e v w
+ defines "e' \<equiv> unite v w e"
+ defines "e'' \<equiv> e'\<lparr>vsuccs := (\<lambda>x. if x=v then vsuccs e' v \<union> {w} else vsuccs e' x)\<rparr>"
+ assumes pre: "pre_dfss v e"
+ and w: "w \<in> successors v" "w \<notin> vsuccs e v" "w \<in> visited e" "w \<notin> explored e"
+ shows "pre_dfss v e''"
+proof -
+ from pre have wf: "wf_env e"
+ by (simp add: pre_dfss_def)
+ from pre have "v \<in> visited e"
+ by (simp add: pre_dfss_def)
+ from pre w have "v \<notin> explored e"
+ unfolding pre_dfss_def wf_env_def
+ by (meson reachable_edge)
+
+ from unite_stack[OF wf w] obtain pfx where
+ pfx: "stack e = pfx @ stack e'" "stack e' \<noteq> []"
+ "let cc = \<Union> {\<S> e n |n. n \<in> set pfx \<union> {hd (stack e')}}
+ in \<S> e' = (\<lambda>x. if x \<in> cc then cc else \<S> e x)"
+ "w \<in> \<S> e' (hd (stack e'))"
+ by (auto simp: e'_def)
+ define cc where "cc \<equiv> \<Union> {\<S> e n |n. n \<in> set pfx \<union> {hd (stack e')}}"
+
+ from unite_wf_env[OF pre w] have wf': "wf_env e'"
+ by (simp add: e'_def)
+
+ from \<open>stack e = pfx @ stack e'\<close> \<open>stack e' \<noteq> []\<close>
+ have "hd (stack e) \<in> set pfx \<union> {hd (stack e')}"
+ by (simp add: hd_append)
+ with pre have "v \<in> cc"
+ by (auto simp: pre_dfss_def cc_def)
+ from S_reflexive[OF wf, of "hd (stack e')"]
+ have "hd (stack e') \<in> cc"
+ by (auto simp: cc_def)
+ with pfx \<open>v \<in> cc\<close> have "v \<in> \<S> e' (hd (stack e'))"
+ by (auto simp: cc_def)
+
+ from unite_sub_env[OF pre w] have "sub_env e e'"
+ by (simp add: e'_def)
+
+ have "wf_env e''"
+ proof -
+ from wf'
+ have "\<forall>n \<in> visited e''. reachable (root e'') n"
+ "distinct (stack e'')"
+ "distinct (cstack e'')"
+ "\<forall>n m. n \<preceq> m in stack e'' \<longrightarrow> n \<preceq> m in cstack e''"
+ "\<forall>n m. n \<preceq> m in stack e'' \<longrightarrow> reachable m n"
+ "explored e'' \<subseteq> visited e''"
+ "set (cstack e'') \<subseteq> visited e''"
+ "\<forall>n \<in> explored e''. \<forall>m. reachable n m \<longrightarrow> m \<in> explored e''"
+ "\<forall>n m. m \<in> \<S> e'' n \<longleftrightarrow> (\<S> e'' n = \<S> e'' m)"
+ "\<forall>n. n \<notin> visited e'' \<longrightarrow> \<S> e'' n = {n}"
+ "\<forall>n \<in> set (stack e''). \<forall>m \<in> set (stack e'').
+ n \<noteq> m \<longrightarrow> \<S> e'' n \<inter> \<S> e'' m = {}"
+ "\<Union> {\<S> e'' n | n. n \<in> set (stack e'')} = visited e'' - explored e''"
+ "\<forall>n \<in> set (stack e''). \<forall>m \<in> \<S> e'' n.
+ m \<in> set (cstack e'') \<longrightarrow> m \<preceq> n in cstack e''"
+ "\<forall>n. is_subscc (\<S> e'' n)"
+ "\<forall>S \<in> sccs e''. is_scc S"
+ "\<Union> (sccs e'') = explored e''"
+ by (auto simp: wf_env_def e''_def)
+
+ moreover
+ from wf' w \<open>sub_env e e'\<close>
+ have "\<forall>n. vsuccs e'' n \<subseteq> successors n \<inter> visited e''"
+ by (auto simp: wf_env_def sub_env_def e''_def)
+
+ moreover
+ from wf' \<open>v \<in> visited e\<close> \<open>sub_env e e'\<close>
+ have "\<forall>n. n \<notin> visited e'' \<longrightarrow> vsuccs e'' n = {}"
+ by (auto simp: wf_env_def sub_env_def e''_def)
+
+ moreover
+ from wf' \<open>v \<notin> explored e\<close>
+ have "\<forall>n \<in> explored e''. vsuccs e'' n = successors n"
+ by (auto simp: wf_env_def e''_def e'_def unite_def)
+
+ moreover
+ from wf' \<open>w \<in> successors v\<close>
+ have "\<forall>n \<in> visited e'' - set (cstack e''). vsuccs e'' n = successors n"
+ by (auto simp: wf_env_def e''_def e'_def unite_def)
+
+ moreover
+ have "\<forall>x y. x \<preceq> y in stack e'' \<and> x \<noteq> y \<longrightarrow>
+ (\<forall>u \<in> \<S> e'' x. \<not> reachable_avoiding u y (unvisited e'' x))"
+ proof (clarify)
+ fix x y u
+ assume xy: "x \<preceq> y in stack e''" "x \<noteq> y"
+ and u: "u \<in> \<S> e'' x" "reachable_avoiding u y (unvisited e'' x)"
+ hence prec: "x \<preceq> y in stack e'" "u \<in> \<S> e' x"
+ by (simp add: e''_def)+
+ show "False"
+ proof (cases "x = hd (stack e')")
+ case True
+ with \<open>v \<in> \<S> e' (hd (stack e'))\<close>
+ have "unvisited e' x = unvisited e'' x
+ \<or> (unvisited e' x = unvisited e'' x \<union> {(v,w)})"
+ by (auto simp: e''_def unvisited_def split: if_splits)
+ thus "False"
+ proof
+ assume "unvisited e' x = unvisited e'' x"
+ with prec \<open>x \<noteq> y\<close> \<open>reachable_avoiding u y (unvisited e'' x)\<close> wf'
+ show ?thesis
+ unfolding wf_env_def by metis
+ next
+ assume "unvisited e' x = unvisited e'' x \<union> {(v,w)}"
+ with \<open>reachable_avoiding u y (unvisited e'' x)\<close>[THEN ra_add_edge]
+ have "reachable_avoiding u y (unvisited e' x)
+ \<or> reachable_avoiding w y (unvisited e' x)"
+ by auto
+ thus ?thesis
+ proof
+ assume "reachable_avoiding u y (unvisited e' x)"
+ with prec \<open>x \<noteq> y\<close> wf' show ?thesis
+ by (auto simp: wf_env_def)
+ next
+ assume "reachable_avoiding w y (unvisited e' x)"
+ with \<open>x = hd (stack e')\<close> \<open>w \<in> \<S> e' (hd (stack e'))\<close>
+ \<open>x \<preceq> y in stack e'\<close> \<open>x \<noteq> y\<close> wf'
+ show ?thesis
+ by (auto simp: wf_env_def)
+ qed
+ qed
+ next
+ case False
+ with \<open>x \<preceq> y in stack e'\<close> \<open>stack e' \<noteq> []\<close>
+ have "x \<in> set (tl (stack e'))"
+ by (metis list.exhaust_sel precedes_mem(1) set_ConsD)
+ with unite_S_tl[OF wf w] \<open>u \<in> \<S> e' x\<close>
+ have "u \<in> \<S> e x"
+ by (simp add: e'_def)
+ moreover
+ from \<open>x \<preceq> y in stack e'\<close> \<open>stack e = pfx @ stack e'\<close>
+ have "x \<preceq> y in stack e"
+ by (simp add: precedes_append_left)
+ moreover
+ from \<open>v \<in> \<S> e' (hd (stack e'))\<close> \<open>x \<in> set (tl (stack e'))\<close>
+ \<open>stack e' \<noteq> []\<close> wf'
+ have "v \<notin> \<S> e' x"
+ unfolding wf_env_def
+ by (metis (no_types, lifting) Diff_cancel Diff_triv distinct.simps(2) insert_not_empty
+ list.exhaust_sel list.set_sel(1) list.set_sel(2) mk_disjoint_insert)
+ hence "unvisited e'' x = unvisited e' x"
+ by (auto simp: unvisited_def e''_def split: if_splits)
+ moreover
+ from \<open>x \<in> set (tl (stack e'))\<close> unite_S_tl[OF wf w]
+ have "unvisited e' x = unvisited e x"
+ by (simp add: unvisited_def e'_def unite_def)
+ ultimately show ?thesis
+ using \<open>x \<noteq> y\<close> \<open>reachable_avoiding u y (unvisited e'' x)\<close> wf
+ by (auto simp: wf_env_def)
+ qed
+ qed
+
+ ultimately show ?thesis
+ unfolding wf_env_def by meson
+ qed
+
+ show "pre_dfss v e''"
+ proof -
+ from pre have "v \<in> visited e''"
+ by (simp add: pre_dfss_def e''_def e'_def unite_def)
+
+ moreover
+ {
+ fix u
+ assume u: "u \<in> vsuccs e'' v"
+ have "u \<in> explored e'' \<union> \<S> e'' (hd (stack e''))"
+ proof (cases "u = w")
+ case True
+ with \<open>w \<in> \<S> e' (hd (stack e'))\<close> show ?thesis
+ by (simp add: e''_def)
+ next
+ case False
+ with u have "u \<in> vsuccs e v"
+ by (simp add: e''_def e'_def unite_def)
+ with pre have "u \<in> explored e \<union> \<S> e (hd (stack e))"
+ by (auto simp: pre_dfss_def)
+ then show ?thesis
+ proof
+ assume "u \<in> explored e"
+ thus ?thesis
+ by (simp add: e''_def e'_def unite_def)
+ next
+ assume "u \<in> \<S> e (hd (stack e))"
+ with \<open>hd (stack e) \<in> set pfx \<union> {hd (stack e')}\<close>
+ have "u \<in> cc"
+ by (auto simp: cc_def)
+ moreover
+ from S_reflexive[OF wf, of "hd (stack e')"] pfx
+ have "\<S> e' (hd (stack e')) = cc"
+ by (auto simp: cc_def)
+ ultimately show ?thesis
+ by (simp add: e''_def)
+ qed
+ qed
+ }
+ hence "\<forall>w \<in> vsuccs e'' v. w \<in> explored e'' \<union> \<S> e'' (hd (stack e''))"
+ by blast
+
+ moreover
+ from pre \<open>stack e = pfx @ stack e'\<close>
+ have "\<forall>n \<in> set (stack e''). reachable n v"
+ by (auto simp: pre_dfss_def e''_def)
+
+ moreover
+ from \<open>stack e' \<noteq> []\<close> have "stack e'' \<noteq> []"
+ by (simp add: e''_def)
+
+ moreover
+ from \<open>v \<in> \<S> e' (hd (stack e'))\<close> have "v \<in> \<S> e'' (hd (stack e''))"
+ by (simp add: e''_def)
+
+ moreover
+ from pre have "\<exists>ns. cstack e'' = v # ns"
+ by (auto simp: pre_dfss_def e''_def e'_def unite_def)
+
+ ultimately show ?thesis
+ using \<open>wf_env e''\<close> unfolding pre_dfss_def by blast
+ qed
+qed
+
+subsection \<open>Lemmas establishing the post-conditions\<close>
+
+text \<open>
+ Assuming the pre-condition of function @{text dfs} and the post-condition of
+ the call to @{text dfss} in the body of that function, the post-condition of
+ @{text dfs} is established.
+\<close>
+lemma pre_dfs_implies_post_dfs:
+ fixes v e
+ defines "e1 \<equiv> e\<lparr>visited := visited e \<union> {v},
+ stack := (v # stack e),
+ cstack:=(v # cstack e)\<rparr>"
+ defines "e' \<equiv> dfss v e1"
+ defines "e'' \<equiv> e'\<lparr> cstack := tl(cstack e')\<rparr>"
+ assumes 1: "pre_dfs v e"
+ and 2: "dfs_dfss_dom (Inl(v, e))"
+ and 3: "post_dfss v e1 e'"
+ shows "post_dfs v e (dfs v e)"
+proof -
+ from 1 have wf: "wf_env e"
+ by (simp add: pre_dfs_def)
+ from 1 have v: "v \<notin> visited e"
+ by (simp add: pre_dfs_def)
+ from 3 have wf': "wf_env e'"
+ by (simp add: post_dfss_def)
+ from 3 have cst': "cstack e' = v # cstack e"
+ by (simp add: post_dfss_def e1_def)
+ show ?thesis
+ proof (cases "v = hd(stack e')")
+ case True
+ have notempty: "stack e' = v # stack e"
+ proof -
+ from 3 obtain ns where
+ ns: "stack e1 = ns @ (stack e')" "stack e' \<noteq> []"
+ by (auto simp: post_dfss_def)
+ have "ns = []"
+ proof (rule ccontr)
+ assume "ns \<noteq> []"
+ with ns have "hd ns = v"
+ apply (simp add: e1_def)
+ by (metis hd_append2 list.sel(1))
+ with True ns \<open>ns \<noteq> []\<close> have "\<not> distinct (stack e1)"
+ by (metis disjoint_iff_not_equal distinct_append hd_in_set)
+ with wf v stack_visited[OF wf] show False
+ by (auto simp: wf_env_def e1_def)
+ qed
+ with ns show ?thesis
+ by (simp add: e1_def)
+ qed
+ have e2: "dfs v e = e'\<lparr>sccs := sccs e' \<union> {\<S> e' v},
+ explored := explored e' \<union> (\<S> e' v),
+ stack := tl (stack e'),
+ cstack := tl (cstack e')\<rparr>" (is "_ = ?e2")
+ using True 2 dfs.psimps[of v e] unfolding e1_def e'_def
+ by (fastforce simp: e1_def e'_def)
+
+ have sub: "sub_env e e1"
+ by (auto simp: sub_env_def e1_def)
+
+ from notempty have stack2: "stack ?e2 = stack e"
+ by (simp add: e1_def)
+
+ moreover from 3 have "v \<in> visited ?e2"
+ by (auto simp: post_dfss_def sub_env_def e1_def)
+
+ moreover
+ from sub 3 have "sub_env e e'"
+ unfolding post_dfss_def by (auto elim: sub_env_trans)
+ with stack2 have subenv: "sub_env e ?e2"
+ by (fastforce simp: sub_env_def)
+
+ moreover have "wf_env ?e2"
+ proof -
+ from wf'
+ have "\<forall>n \<in> visited ?e2. reachable (root ?e2) n"
+ "distinct (stack ?e2)"
+ "\<forall>n. vsuccs ?e2 n \<subseteq> successors n \<inter> visited ?e2"
+ "\<forall>n. n \<notin> visited ?e2 \<longrightarrow> vsuccs ?e2 n = {}"
+ "\<forall>n m. m \<in> \<S> ?e2 n \<longleftrightarrow> (\<S> ?e2 n = \<S> ?e2 m)"
+ "\<forall>n. n \<notin> visited ?e2 \<longrightarrow> \<S> ?e2 n = {n}"
+ "\<forall>n. is_subscc (\<S> ?e2 n)"
+ "\<Union> (sccs ?e2) = explored ?e2"
+ by (auto simp: wf_env_def distinct_tl)
+
+ moreover
+ from 1 cst' have "distinct (cstack ?e2)"
+ by (auto simp: pre_dfs_def wf_env_def)
+
+ moreover
+ from 1 stack2 have "\<forall>n m. n \<preceq> m in stack ?e2 \<longrightarrow> reachable m n"
+ by (auto simp: pre_dfs_def wf_env_def)
+
+ moreover
+ from 1 stack2 cst'
+ have "\<forall>n m. n \<preceq> m in stack ?e2 \<longrightarrow> n \<preceq> m in cstack ?e2"
+ by (auto simp: pre_dfs_def wf_env_def)
+
+ moreover
+ from notempty wf' have "explored ?e2 \<subseteq> visited ?e2"
+ apply (simp add: wf_env_def)
+ using stack_class[OF wf']
+ by (smt (verit, del_insts) Diff_iff insert_subset list.simps(15) subset_eq)
+
+ moreover
+ from 3 cst' have "set (cstack ?e2) \<subseteq> visited ?e2"
+ by (simp add: post_dfss_def wf_env_def e1_def)
+
+ moreover
+ {
+ fix u
+ assume "u \<in> explored ?e2"
+ have "vsuccs ?e2 u = successors u"
+ proof (cases "u \<in> explored e'")
+ case True
+ with wf' show ?thesis
+ by (auto simp: wf_env_def)
+ next
+ case False
+ with \<open>u \<in> explored ?e2\<close> have "u \<in> \<S> e' v"
+ by simp
+ show ?thesis
+ proof (cases "u = v")
+ case True
+ with 3 show ?thesis
+ by (auto simp: post_dfss_def)
+ next
+ case False
+ have "u \<in> visited e' - set (cstack e')"
+ proof
+ from notempty \<open>u \<in> \<S> e' v\<close> stack_class[OF wf'] False
+ show "u \<in> visited e'"
+ by auto
+ next
+ show "u \<notin> set (cstack e')"
+ proof
+ assume u: "u \<in> set (cstack e')"
+ with notempty \<open>u \<in> \<S> e' v\<close> \<open>wf_env e'\<close> have "u \<preceq> v in cstack e'"
+ by (auto simp: wf_env_def)
+ with cst' u False wf' show "False"
+ unfolding wf_env_def
+ by (metis head_precedes precedes_antisym)
+ qed
+ qed
+ with 3 show ?thesis
+ by (auto simp: post_dfss_def wf_env_def)
+ qed
+ qed
+ }
+ note explored_vsuccs = this
+
+ moreover have "\<forall>n \<in> explored ?e2. \<forall>m. reachable n m \<longrightarrow> m \<in> explored ?e2"
+ proof (clarify)
+ fix x y
+ assume asm: "x \<in> explored ?e2" "reachable x y"
+ show "y \<in> explored ?e2"
+ proof (cases "x \<in> explored e'")
+ case True
+ with \<open>wf_env e'\<close> \<open>reachable x y\<close> show ?thesis
+ by (simp add: wf_env_def)
+ next
+ case False
+ with asm have "x \<in> \<S> e' v"
+ by simp
+ with \<open>explored ?e2 \<subseteq> visited ?e2\<close> have "x \<in> visited e'"
+ by auto
+ from \<open>x \<in> \<S> e' v\<close> wf' have "reachable v x"
+ by (auto simp: wf_env_def is_subscc_def)
+ have "y \<in> visited e'"
+ proof (rule ccontr)
+ assume "y \<notin> visited e'"
+ with reachable_visited[OF wf' \<open>x \<in> visited e'\<close> \<open>reachable x y\<close>]
+ obtain n m where
+ "n \<in> visited e'" "m \<in> successors n - vsuccs e' n"
+ "reachable x n" "reachable m y"
+ by blast
+ from wf' \<open>m \<in> successors n - vsuccs e' n\<close>
+ have "n \<notin> explored e'"
+ by (auto simp: wf_env_def)
+ obtain n' where
+ "n' \<in> set (stack e')" "n \<in> \<S> e' n'"
+ by (rule visited_unexplored[OF wf' \<open>n \<in> visited e'\<close> \<open>n \<notin> explored e'\<close>])
+ have "n' = v"
+ proof (rule ccontr)
+ assume "n' \<noteq> v"
+ with \<open>n' \<in> set (stack e')\<close> \<open>v = hd (stack e')\<close>
+ have "n' \<in> set (tl (stack e'))"
+ by (metis emptyE hd_Cons_tl set_ConsD set_empty)
+ moreover
+ from \<open>n \<in> \<S> e' n'\<close> \<open>wf_env e'\<close> have "reachable n n'"
+ by (auto simp: wf_env_def is_subscc_def)
+ with \<open>reachable v x\<close> \<open>reachable x n\<close> reachable_trans
+ have "reachable v n'"
+ by blast
+ ultimately show "False"
+ using 3 \<open>v = hd (stack e')\<close>
+ by (auto simp: post_dfss_def)
+ qed
+ with \<open>n \<in> \<S> e' n'\<close> \<open>m \<in> successors n - vsuccs e' n\<close> explored_vsuccs
+ show "False"
+ by auto
+ qed
+ show ?thesis
+ proof (cases "y \<in> explored e'")
+ case True
+ then show ?thesis
+ by simp
+ next
+ case False
+ obtain n where ndef: "n \<in> set (stack e')" "(y \<in> \<S> e' n)"
+ by (rule visited_unexplored[OF wf' \<open>y \<in> visited e'\<close> False])
+ show ?thesis
+ proof (cases "n = v")
+ case True
+ with ndef show ?thesis by simp
+ next
+ case False
+ with ndef notempty have "n \<in> set (tl (stack e'))"
+ by simp
+ moreover
+ from wf' ndef have "reachable y n"
+ by (auto simp: wf_env_def is_subscc_def)
+ with \<open>reachable v x\<close> \<open>reachable x y\<close>
+ have "reachable v n"
+ by (meson reachable_trans)
+ ultimately show ?thesis
+ using \<open>v = hd (stack e')\<close> 3
+ by (simp add: post_dfss_def)
+ qed
+ qed
+ qed
+ qed
+
+ moreover
+ from 3 cst'
+ have "\<forall>n \<in> visited ?e2 - set (cstack ?e2). vsuccs ?e2 n = successors n"
+ apply (simp add: post_dfss_def wf_env_def)
+ by (metis (no_types, lifting) Diff_empty Diff_iff empty_set insertE
+ list.exhaust_sel list.sel(1) list.simps(15))
+
+ moreover
+ from wf' notempty
+ have "\<forall>n m. n \<in> set (stack ?e2) \<and> m \<in> set (stack ?e2) \<and> n \<noteq> m
+ \<longrightarrow> (\<S> ?e2 n \<inter> \<S> ?e2 m = {})"
+ by (simp add: wf_env_def)
+
+ moreover
+ have "\<Union> {\<S> ?e2 n | n . n \<in> set (stack ?e2)} = visited ?e2 - explored ?e2"
+ proof -
+ from wf' notempty
+ have "(\<Union> {\<S> ?e2 n | n . n \<in> set (stack ?e2)}) \<inter> \<S> e' v = {}"
+ by (auto simp: wf_env_def)
+ with notempty
+ have "\<Union> {\<S> ?e2 n | n . n \<in> set (stack ?e2)} =
+ (\<Union> {\<S> e' n | n . n \<in> set (stack e')}) - \<S> e' v"
+ by auto
+ also from wf'
+ have "\<dots> = (visited e' - explored e') - \<S> e' v"
+ by (simp add: wf_env_def)
+ finally show ?thesis
+ by auto
+ qed
+
+ moreover
+ have "\<forall>n \<in> set (stack ?e2). \<forall>m \<in> \<S> ?e2 n. m \<in> set (cstack ?e2) \<longrightarrow> m \<preceq> n in cstack ?e2"
+ proof (clarsimp simp: cst')
+ fix n m
+ assume "n \<in> set (tl (stack e'))"
+ "m \<in> \<S> e' n" "m \<in> set (cstack e)"
+ with 3 have "m \<in> \<S> e n"
+ by (auto simp: post_dfss_def e1_def)
+ with wf notempty \<open>n \<in> set (tl (stack e'))\<close> \<open>m \<in> set (cstack e)\<close>
+ show "m \<preceq> n in cstack e"
+ by (auto simp: wf_env_def)
+ qed
+
+ moreover
+ {
+ fix x y u
+ assume xy: "x \<preceq> y in stack ?e2" "x \<noteq> y"
+ and u: "u \<in> \<S> ?e2 x" "reachable_avoiding u y (unvisited ?e2 x)"
+ from xy notempty stack2
+ have "x \<preceq> y in stack e'"
+ by (metis head_precedes insert_iff list.simps(15) precedes_in_tail precedes_mem(2))
+ with wf' \<open>x \<noteq> y\<close> u have "False"
+ by (auto simp: wf_env_def unvisited_def)
+ }
+
+ moreover have "\<forall>S \<in> sccs ?e2. is_scc S"
+ proof (clarify)
+ fix S
+ assume asm: "S \<in> sccs ?e2"
+ show "is_scc S"
+ proof (cases "S = \<S> e' v")
+ case True
+ with S_reflexive[OF wf'] have "S \<noteq> {}"
+ by blast
+ from wf' True have subscc: "is_subscc S"
+ by (simp add: wf_env_def)
+ {
+ assume "\<not> is_scc S"
+ with \<open>S \<noteq> {}\<close> \<open>is_subscc S\<close> obtain S' where
+ S'_def: "S' \<noteq> S" "S \<subseteq> S'" "is_subscc S'"
+ unfolding is_scc_def by blast
+ then obtain x where "x \<in> S' \<and> x \<notin> S"
+ by blast
+ with True S'_def wf'
+ have xv: "reachable v x \<and> reachable x v"
+ unfolding wf_env_def is_subscc_def by (metis in_mono)
+ from \<open>\<forall>v w. w \<in> \<S> ?e2 v \<longleftrightarrow> (\<S> ?e2 v = \<S> ?e2 w)\<close>
+ have "v \<in> explored ?e2"
+ by auto
+ with \<open>\<forall>x \<in> explored ?e2. \<forall>y. reachable x y \<longrightarrow> y \<in> explored ?e2\<close>
+ xv \<open>S = \<S> e' v\<close> \<open>x \<in> S' \<and> x \<notin> S\<close>
+ have "x \<in> explored e'"
+ by auto
+ with wf' xv have "v \<in> explored e'"
+ by (auto simp: wf_env_def)
+ with notempty have "False"
+ by (auto intro: stack_unexplored[OF wf'])
+ }
+ then show ?thesis
+ by blast
+ next
+ case False
+ with asm wf' show ?thesis
+ by (auto simp: wf_env_def)
+ qed
+ qed
+
+ ultimately show ?thesis
+ unfolding wf_env_def by meson
+ qed
+
+ moreover
+ from \<open>wf_env ?e2\<close> have "v \<in> explored ?e2"
+ by (auto simp: wf_env_def)
+
+ moreover
+ from 3 have "vsuccs ?e2 v = successors v"
+ by (simp add: post_dfss_def)
+
+ moreover
+ from 1 3 have "\<forall>w \<in> visited e. vsuccs ?e2 w = vsuccs e w"
+ by (auto simp: pre_dfs_def post_dfss_def e1_def)
+
+ moreover
+ from stack2 1
+ have "\<forall>n \<in> set (stack ?e2). reachable n v"
+ by (simp add: pre_dfs_def)
+
+ moreover
+ from stack2 have "\<exists>ns. stack e = ns @ (stack ?e2)"
+ by auto
+
+ moreover
+ from 3 have "\<forall>n \<in> set (stack ?e2). \<S> ?e2 n = \<S> e n"
+ by (auto simp: post_dfss_def e1_def)
+
+ moreover
+ from cst' have "cstack ?e2 = cstack e"
+ by simp
+
+ ultimately show ?thesis
+ unfolding post_dfs_def using e2 by simp
+ next
+ case False
+ with 2 have e': "dfs v e = e''"
+ by (simp add: dfs.psimps e''_def e'_def e1_def)
+
+ moreover have "wf_env e''"
+ proof -
+ from wf'
+ have "\<forall>n \<in> visited e''. reachable (root e'') n"
+ "distinct (stack e'')"
+ "distinct (cstack e'')"
+ "\<forall>n m. n \<preceq> m in stack e'' \<longrightarrow> reachable m n"
+ "explored e'' \<subseteq> visited e''"
+ "\<forall>n \<in> explored e''. \<forall>m. reachable n m \<longrightarrow> m \<in> explored e''"
+ "\<forall>n. vsuccs e'' n \<subseteq> successors n \<inter> visited e''"
+ "\<forall>n. n \<notin> visited e'' \<longrightarrow> vsuccs e'' n = {}"
+ "\<forall>n \<in> explored e''. vsuccs e'' n = successors n"
+ "\<forall>n m. m \<in> \<S> e'' n \<longleftrightarrow> (\<S> e'' n = \<S> e'' m)"
+ "\<forall>n. n \<notin> visited e'' \<longrightarrow> \<S> e'' n = {n}"
+ "\<forall>n \<in> set (stack e''). \<forall>m \<in> set (stack e'').
+ n \<noteq> m \<longrightarrow> \<S> e'' n \<inter> \<S> e'' m = {}"
+ "\<Union> {\<S> e'' n | n. n \<in> set (stack e'')} = visited e'' - explored e''"
+ "\<forall>n. is_subscc (\<S> e'' n)"
+ "\<forall>S \<in> sccs e''. is_scc S"
+ "\<Union> (sccs e'') = explored e''"
+ by (auto simp: e''_def wf_env_def distinct_tl)
+
+ moreover have "\<forall>n m. n \<preceq> m in stack e'' \<longrightarrow> n \<preceq> m in cstack e''"
+ proof (clarsimp simp add: e''_def)
+ fix n m
+ assume nm: "n \<preceq> m in stack e'"
+ with 3 have "n \<preceq> m in cstack e'"
+ unfolding post_dfss_def wf_env_def
+ by meson
+ moreover
+ have "n \<noteq> v"
+ proof
+ assume "n = v"
+ with nm have "n \<in> set (stack e')"
+ by (simp add: precedes_mem)
+ with 3 \<open>n = v\<close> have "v = hd (stack e')"
+ unfolding post_dfss_def wf_env_def
+ by (metis (no_types, opaque_lifting) IntI equals0D list.set_sel(1))
+ with \<open>v \<noteq> hd (stack e')\<close> show "False"
+ by simp
+ qed
+ ultimately show "n \<preceq> m in tl (cstack e')"
+ by (simp add: cst' precedes_in_tail)
+ qed
+
+ moreover
+ from 3 have "set (cstack e'') \<subseteq> visited e''"
+ by (simp add: post_dfss_def wf_env_def e''_def e1_def subset_eq)
+
+ moreover
+ from 3
+ have "\<forall>n \<in> visited e'' - set (cstack e''). vsuccs e'' n = successors n"
+ apply (simp add: post_dfss_def wf_env_def e''_def e1_def)
+ by (metis (no_types, opaque_lifting) DiffE DiffI set_ConsD)
+
+ moreover
+ have "\<forall>n \<in> set (stack e''). \<forall>m \<in> \<S> e'' n.
+ m \<in> set (cstack e'') \<longrightarrow> m \<preceq> n in cstack e''"
+ proof (clarsimp simp: e''_def)
+ fix m n
+ assume asm: "n \<in> set (stack e')" "m \<in> \<S> e' n"
+ "m \<in> set (tl (cstack e'))"
+ with wf' cst' have "m \<noteq> v" "m \<preceq> n in cstack e'"
+ by (auto simp: wf_env_def)
+ with cst' show "m \<preceq> n in tl (cstack e')"
+ by (simp add: precedes_in_tail)
+ qed
+
+ moreover
+ from wf'
+ have "(\<forall>x y. x \<preceq> y in stack e'' \<and> x \<noteq> y \<longrightarrow>
+ (\<forall>u \<in> \<S> e'' x. \<not> reachable_avoiding u y (unvisited e'' x)))"
+ by (force simp: e''_def wf_env_def unvisited_def)
+
+ ultimately show ?thesis
+ unfolding wf_env_def by blast
+ qed
+
+ moreover
+ from 3 have "v \<in> visited e''"
+ by (auto simp: post_dfss_def sub_env_def e''_def e1_def)
+
+ moreover
+ have subenv: "sub_env e e''"
+ proof -
+ have "sub_env e e1"
+ by (auto simp: sub_env_def e1_def)
+ with 3 have "sub_env e e'"
+ by (auto simp: post_dfss_def elim: sub_env_trans)
+ thus ?thesis
+ by (auto simp add: sub_env_def e''_def)
+ qed
+
+ moreover
+ from 3 have "vsuccs e'' v = successors v"
+ by (simp add: post_dfss_def e''_def)
+
+ moreover
+ from 1 3 have "\<forall>w \<in> visited e. vsuccs e'' w = vsuccs e w"
+ by (auto simp: pre_dfs_def post_dfss_def e1_def e''_def)
+
+ moreover
+ from 3 have "\<forall>n \<in> set (stack e''). reachable n v"
+ by (auto simp: e''_def post_dfss_def)
+
+ moreover
+ from 3 \<open>v \<noteq> hd (stack e')\<close>
+ have "\<exists>ns. stack e = ns @ (stack e'')"
+ apply (simp add: post_dfss_def e''_def e1_def)
+ by (metis append_Nil list.sel(1) list.sel(3) tl_append2)
+
+ moreover
+ from 3
+ have "stack e'' \<noteq> []" "v \<in> \<S> e'' (hd (stack e''))"
+ "\<forall>n \<in> set (tl (stack e'')). \<S> e'' n = \<S> e n"
+ by (auto simp: post_dfss_def e1_def e''_def)
+
+ moreover
+ from cst' have "cstack e'' = cstack e"
+ by (simp add: e''_def)
+
+ ultimately show ?thesis unfolding post_dfs_def
+ by blast
+ qed
+qed
+
+text \<open>
+ The following lemma is central for proving
+ partial correctness: assuming termination (represented by
+ the predicate @{text dfs_dfss_dom}) and the pre-condition
+ of the functions, both @{text dfs} and @{text dfss}
+ establish their post-conditions. The first part of the
+ theorem follows directly from the preceding lemma and the
+ computational induction rule generated by Isabelle, the
+ second part is proved directly, distinguishing the different
+ cases in the definition of function @{text dfss}.
+\<close>
+lemma pre_post:
+ shows
+ "\<lbrakk>dfs_dfss_dom (Inl(v,e)); pre_dfs v e\<rbrakk> \<Longrightarrow> post_dfs v e (dfs v e)"
+ "\<lbrakk>dfs_dfss_dom (Inr(v,e)); pre_dfss v e\<rbrakk> \<Longrightarrow> post_dfss v e (dfss v e)"
+proof (induct rule: dfs_dfss.pinduct)
+ fix v e
+ assume dom: "dfs_dfss_dom (Inl(v,e))"
+ and predfs: "pre_dfs v e"
+ and prepostdfss: "\<And>e1. \<lbrakk> e1 = e \<lparr>visited := visited e \<union> {v}, stack := v # stack e,
+ cstack := v # cstack e\<rparr>; pre_dfss v e1 \<rbrakk>
+ \<Longrightarrow> post_dfss v e1 (dfss v e1)"
+ then show "post_dfs v e (dfs v e)"
+ using pre_dfs_implies_post_dfs pre_dfs_pre_dfss by auto
+next
+ fix v e
+ assume dom: "dfs_dfss_dom (Inr(v,e))"
+ and predfss: "pre_dfss v e"
+ and prepostdfs:
+ "\<And>vs w.
+ \<lbrakk> vs = successors v - vsuccs e v; vs \<noteq> {}; w = (SOME x. x \<in> vs);
+ w \<notin> explored e; w \<notin> visited e; pre_dfs w e \<rbrakk>
+ \<Longrightarrow> post_dfs w e (dfs w e)"
+ and prepostdfss:
+ "\<And>vs w e' e''.
+ \<lbrakk> vs = successors v - vsuccs e v; vs \<noteq> {}; w = (SOME x. x \<in> vs);
+ e' = (if w \<in> explored e then e
+ else if w \<notin> visited e then dfs w e
+ else unite v w e);
+ e'' = e'\<lparr>vsuccs := \<lambda>x. if x = v then vsuccs e' v \<union> {w}
+ else vsuccs e' x\<rparr> ;
+ pre_dfss v e'' \<rbrakk>
+ \<Longrightarrow> post_dfss v e'' (dfss v e'')"
+ show "post_dfss v e (dfss v e)"
+ proof -
+ let ?vs = "successors v - vsuccs e v"
+ from predfss have wf: "wf_env e"
+ by (simp add: pre_dfss_def)
+ from predfss have "v \<in> visited e"
+ by (simp add: pre_dfss_def)
+ from predfss have "v \<notin> explored e"
+ by (meson DiffD2 list.set_sel(1) pre_dfss_def stack_class)
+
+ show ?thesis
+ proof (cases "?vs = {}")
+ case True
+ with dom have "dfss v e = e"
+ by (simp add: dfss.psimps)
+ moreover
+ from True wf have "vsuccs e v = successors v"
+ unfolding wf_env_def
+ by (meson Diff_eq_empty_iff le_infE subset_antisym)
+ moreover
+ have "sub_env e e"
+ by (simp add: sub_env_def)
+ moreover
+ from predfss \<open>vsuccs e v = successors v\<close>
+ have "\<forall>w \<in> successors v. w \<in> explored e \<union> \<S> e (hd (stack e))"
+ "\<forall>n \<in> set (stack e). reachable n v"
+ "stack e \<noteq> []"
+ "v \<in> \<S> e (hd (stack e))"
+ by (auto simp: pre_dfss_def)
+ moreover have "\<exists>ns. stack e = ns @ (stack e)"
+ by simp
+ moreover
+ {
+ fix n
+ assume asm: "hd (stack e) = v"
+ "n \<in> set (tl (stack e))"
+ "reachable v n"
+ with \<open>stack e \<noteq> []\<close> have "v \<preceq> n in stack e"
+ by (metis head_precedes hd_Cons_tl list.set_sel(2))
+ moreover
+ from wf \<open>stack e \<noteq> []\<close> asm have "v \<noteq> n"
+ unfolding wf_env_def
+ by (metis distinct.simps(2) list.exhaust_sel)
+ moreover
+ from wf have "v \<in> \<S> e v"
+ by (rule S_reflexive)
+ moreover
+ {
+ fix a b
+ assume "a \<in> \<S> e v" "b \<in> successors a - vsuccs e a"
+ with \<open>vsuccs e v = successors v\<close> have "a \<noteq> v"
+ by auto
+ from \<open>stack e \<noteq> []\<close> \<open>hd (stack e) = v\<close>
+ have "v \<in> set (stack e)"
+ by auto
+ with \<open>a \<noteq> v\<close> \<open>a \<in> \<S> e v\<close> wf have "a \<in> visited e"
+ unfolding wf_env_def by (metis singletonD)
+ have "False"
+ proof (cases "a \<in> set (cstack e)")
+ case True
+ with \<open>v \<in> set (stack e)\<close> \<open>a \<in> \<S> e v\<close> \<open>wf_env e\<close>
+ have "a \<preceq> v in cstack e"
+ by (auto simp: wf_env_def)
+ moreover
+ from predfss obtain ns where "cstack e = v # ns"
+ by (auto simp: pre_dfss_def)
+ moreover
+ from wf have "distinct (cstack e)"
+ by (simp add: wf_env_def)
+ ultimately have "a = v"
+ using tail_not_precedes by force
+ with \<open>a \<noteq> v\<close> show ?thesis ..
+ next
+ case False
+ with \<open>a \<in> visited e\<close> wf have "vsuccs e a = successors a"
+ by (auto simp: wf_env_def)
+ with \<open>b \<in> successors a - vsuccs e a\<close> show ?thesis
+ by simp
+ qed
+ }
+ hence "unvisited e v = {}"
+ by (auto simp: unvisited_def)
+
+ ultimately have "\<not> reachable_avoiding v n {}"
+ using wf unfolding wf_env_def by metis
+ with \<open>reachable v n\<close> have "False"
+ by (simp add: ra_empty)
+ }
+ ultimately show ?thesis
+ using wf by (auto simp: post_dfss_def)
+ next
+ case vs_case: False
+ define w where "w = (SOME x. x \<in> ?vs)"
+ define e' where "e' = (if w \<in> explored e then e
+ else if w \<notin> visited e then dfs w e
+ else unite v w e)"
+ define e'' where "e'' = (e'\<lparr>vsuccs := \<lambda>x. if x=v then vsuccs e' v \<union> {w} else vsuccs e' x\<rparr>)"
+
+ from dom vs_case have dfss: "dfss v e = dfss v e''"
+ apply (simp add: dfss.psimps e''_def)
+ using e'_def w_def by auto
+
+ from vs_case have wvs: "w \<in> ?vs"
+ unfolding w_def by (metis some_in_eq)
+ show ?thesis
+ proof (cases "w \<in> explored e")
+ case True
+ hence e': "e' = e"
+ by (simp add: e'_def)
+ with predfss wvs True
+ have "pre_dfss v e''"
+ by (auto simp: e''_def pre_dfss_explored_pre_dfss)
+ with prepostdfss vs_case
+ have post'': "post_dfss v e'' (dfss v e'')"
+ by (auto simp: w_def e'_def e''_def)
+
+ moreover
+ from post''
+ have "\<forall>u \<in> visited e - {v}. vsuccs (dfss v e'') u = vsuccs e u"
+ by (auto simp: post_dfss_def e' e''_def)
+
+ moreover
+ have "sub_env e e''"
+ by (auto simp: sub_env_def e' e''_def)
+ with post'' have "sub_env e (dfss v e'')"
+ by (auto simp: post_dfss_def elim: sub_env_trans)
+
+ moreover
+ from e' have "stack e'' = stack e" "\<S> e'' = \<S> e"
+ by (auto simp add: e''_def)
+
+ moreover
+ have "cstack e'' = cstack e"
+ by (simp add: e''_def e')
+
+ ultimately show ?thesis
+ by (auto simp: dfss post_dfss_def)
+ next
+ case notexplored: False
+ then show ?thesis
+ proof (cases "w \<notin> visited e")
+ case True
+ with e'_def notexplored have "e' = dfs w e"
+ by auto
+ with True notexplored pre_dfss_pre_dfs predfss
+ prepostdfs vs_case w_def
+ have postdfsw: "post_dfs w e e'"
+ by (metis DiffD1 some_in_eq)
+ with predfss wvs True \<open>e' = dfs w e\<close>
+ have "pre_dfss v e''"
+ by (auto simp: e''_def pre_dfss_post_dfs_pre_dfss)
+ with prepostdfss vs_case
+ have post'': "post_dfss v e'' (dfss v e'')"
+ by (auto simp: w_def e'_def e''_def)
+
+ moreover
+ have "\<forall>u \<in> visited e - {v}. vsuccs (dfss v e'') u = vsuccs e u"
+ proof
+ fix u
+ assume "u \<in> visited e - {v}"
+ with postdfsw
+ have u: "vsuccs e' u = vsuccs e u" "u \<in> visited e'' - {v}"
+ by (auto simp: post_dfs_def sub_env_def e''_def)
+ with post'' have "vsuccs (dfss v e'') u = vsuccs e'' u"
+ by (auto simp: post_dfss_def)
+ with u show "vsuccs (dfss v e'') u = vsuccs e u"
+ by (simp add: e''_def)
+ qed
+
+ moreover
+ have "sub_env e (dfss v e'')"
+ proof -
+ from postdfsw have "sub_env e e'"
+ by (simp add: post_dfs_def)
+ moreover
+ have "sub_env e' e''"
+ by (auto simp: sub_env_def e''_def)
+ moreover
+ from post'' have "sub_env e'' (dfss v e'')"
+ by (simp add: post_dfss_def)
+ ultimately show ?thesis
+ by (metis sub_env_trans)
+ qed
+
+ moreover
+ from postdfsw post''
+ have "\<exists>ns. stack e = ns @ (stack (dfss v e''))"
+ by (auto simp: post_dfs_def post_dfss_def e''_def)
+
+ moreover
+ {
+ fix n
+ assume n: "n \<in> set (tl (stack (dfss v e'')))"
+ with post'' have "\<S> (dfss v e'') n = \<S> e' n"
+ by (simp add: post_dfss_def e''_def)
+ moreover
+ from \<open>pre_dfss v e''\<close> n post''
+ have "stack e' \<noteq> [] \<and> n \<in> set (tl (stack e''))"
+ apply (simp add: pre_dfss_def post_dfss_def e''_def)
+ by (metis (no_types, lifting) Un_iff list.set_sel(2) self_append_conv2 set_append tl_append2)
+ with postdfsw have "\<S> e' n = \<S> e n"
+ apply (simp add: post_dfs_def e''_def)
+ by (metis list.set_sel(2))
+ ultimately have "\<S> (dfss v e'') n = \<S> e n"
+ by simp
+ }
+
+ moreover
+ from postdfsw have "cstack e'' = cstack e"
+ by (auto simp: post_dfs_def e''_def)
+
+ ultimately show ?thesis
+ by (auto simp: dfss post_dfss_def)
+
+ next
+ case False
+ hence e': "e' = unite v w e" using notexplored
+ using e'_def by simp
+ from False have "w \<in> visited e"
+ by simp
+ from wf wvs notexplored False obtain pfx where
+ pfx: "stack e = pfx @ (stack e')" "stack e' \<noteq> []"
+ unfolding e' by (blast dest: unite_stack)
+
+ from predfss wvs notexplored False \<open>e' = unite v w e\<close>
+ have "pre_dfss v e''"
+ by (auto simp: e''_def pre_dfss_unite_pre_dfss)
+
+ with prepostdfss vs_case \<open>e' = unite v w e\<close> \<open>w \<notin> explored e\<close> \<open>w \<in> visited e\<close>
+ have post'': "post_dfss v e'' (dfss v e'')"
+ by (auto simp: w_def e''_def)
+
+ moreover
+ from post''
+ have "\<forall>u \<in> visited e - {v}. vsuccs (dfss v e'') u = vsuccs e u"
+ by (auto simp: post_dfss_def e''_def e' unite_def)
+
+ moreover
+ have "sub_env e (dfss v e'')"
+ proof -
+ from predfss wvs \<open>w \<in> visited e\<close> notexplored
+ have "sub_env e e'"
+ unfolding e' by (blast dest: unite_sub_env)
+ moreover
+ have "sub_env e' e''"
+ by (auto simp: sub_env_def e''_def)
+ moreover
+ from post'' have "sub_env e'' (dfss v e'')"
+ by (simp add: post_dfss_def)
+ ultimately show ?thesis
+ by (metis sub_env_trans)
+ qed
+
+ moreover
+ from post'' \<open>stack e = pfx @ stack e'\<close>
+ have "\<exists>ns. stack e = ns @ (stack (dfss v e''))"
+ by (auto simp: post_dfss_def e''_def)
+
+ moreover
+ {
+ fix n
+ assume n: "n \<in> set (tl (stack (dfss v e'')))"
+ with post'' have "\<S> (dfss v e'') n = \<S> e'' n"
+ by (simp add: post_dfss_def)
+ moreover
+ from n post'' \<open>stack e' \<noteq> []\<close>
+ have "n \<in> set (tl (stack e''))"
+ apply (simp add: post_dfss_def e''_def)
+ by (metis (no_types, lifting) Un_iff list.set_sel(2) self_append_conv2 set_append tl_append2)
+ with wf wvs \<open>w \<in> visited e\<close> notexplored
+ have "\<S> e'' n = \<S> e n"
+ by (auto simp: e''_def e' dest: unite_S_tl)
+ ultimately have "\<S> (dfss v e'') n = \<S> e n"
+ by simp
+ }
+
+ moreover
+ from post'' have "cstack (dfss v e'') = cstack e"
+ by (simp add: post_dfss_def e''_def e' unite_def)
+
+ ultimately show ?thesis
+ by (simp add: dfss post_dfss_def)
+ qed
+ qed
+ qed
+ qed
+qed
+
+text \<open>
+ We can now show partial correctness of the algorithm:
+ applied to some node @{text "v"} and the empty environment,
+ it computes the set of strongly connected components in
+ the subgraph reachable from node @{text "v"}. In particular,
+ if @{text "v"} is a root of the graph, the algorithm computes
+ the set of SCCs of the graph.
+\<close>
+
+theorem partial_correctness:
+ fixes v
+ defines "e \<equiv> dfs v (init_env v)"
+ assumes "dfs_dfss_dom (Inl (v, init_env v))"
+ shows "sccs e = {S . is_scc S \<and> (\<forall>n\<in>S. reachable v n)}"
+ (is "_ = ?rhs")
+proof -
+ from assms init_env_pre_dfs[of v]
+ have post: "post_dfs v (init_env v) e"
+ by (auto dest: pre_post)
+ hence wf: "wf_env e"
+ by (simp add: post_dfs_def)
+ from post have "cstack e = []"
+ by (auto simp: post_dfs_def init_env_def)
+ have "stack e = []"
+ proof (rule ccontr)
+ assume "stack e \<noteq> []"
+ hence "hd (stack e) \<preceq> hd (stack e) in stack e"
+ by simp
+ with wf \<open>cstack e = []\<close> show "False"
+ unfolding wf_env_def
+ by (metis empty_iff empty_set precedes_mem(2))
+ qed
+ with post have vexp: "v \<in> explored e"
+ by (simp add: post_dfs_def)
+ from wf \<open>stack e = []\<close> have "explored e = visited e"
+ by (auto simp: wf_env_def)
+ have "sccs e \<subseteq> ?rhs"
+ proof
+ fix S
+ assume S: "S \<in> sccs e"
+ with wf have "is_scc S"
+ by (simp add: wf_env_def)
+ moreover
+ from S wf have "S \<subseteq> explored e"
+ unfolding wf_env_def
+ by blast
+ with post \<open>explored e = visited e\<close> have "\<forall>n\<in>S. reachable v n"
+ by (auto simp: post_dfs_def wf_env_def sub_env_def init_env_def)
+ ultimately show "S \<in> ?rhs"
+ by auto
+ qed
+ moreover
+ {
+ fix S
+ assume "is_scc S" "\<forall>n\<in>S. reachable v n"
+ from \<open>\<forall>n\<in>S. reachable v n\<close> vexp wf
+ have "S \<subseteq> \<Union> (sccs e)"
+ unfolding wf_env_def by (metis subset_eq)
+ with \<open>is_scc S\<close> obtain S' where S': "S' \<in> sccs e \<and> S \<inter> S' \<noteq> {}"
+ unfolding is_scc_def
+ by (metis Union_disjoint inf.absorb_iff2 inf_commute)
+ with wf have "is_scc S'"
+ by (simp add: wf_env_def)
+ with S' \<open>is_scc S\<close> have "S \<in> sccs e"
+ by (auto dest: scc_partition)
+ }
+ ultimately show ?thesis by blast
+qed
+
+section \<open>Proof of termination and total correctness\<close>
+
+text \<open>
+ We define a binary relation on the arguments of functions @{text dfs} and @{text dfss},
+ and prove that this relation is well-founded and that all calls within
+ the function bodies respect the relation, assuming that the pre-conditions
+ of the initial function call are satisfied. By well-founded induction,
+ we conclude that the pre-conditions of the functions are sufficient to
+ ensure termination.
+
+ Following the internal representation of the two mutually recursive
+ functions in Isabelle as a single function on the disjoint sum of the
+ types of arguments, our relation is defined as a set of argument pairs
+ injected into the sum type. The left injection @{text Inl} takes
+ arguments of function @{text dfs}, the right injection @{text Inr}
+ takes arguments of function @{text dfss}.\footnote{Note that the
+ types of the arguments of @{text dfs} and @{text dfss} are actually
+ identical. We nevertheless use the sum type in order to remember
+ the function that was called.}
+ The conditions on the arguments in the definition of the relation
+ overapproximate the arguments in the actual calls.
+\<close>
+
+definition dfs_dfss_term::"(('v \<times> 'v env + 'v \<times> 'v env) \<times> ('v \<times> 'v env + 'v \<times> 'v env)) set" where
+ "dfs_dfss_term \<equiv>
+ { (Inr(v, e1), Inl(v, e)) | v e e1.
+ v \<in> vertices - visited e \<and> visited e1 = visited e \<union> {v} }
+ \<union> { (Inl(w, e), Inr(v, e)) | v w e. v \<in> vertices}
+ \<union> { (Inr(v, e''), Inr(v, e)) | v e e''.
+ v \<in> vertices \<and> sub_env e e''
+ \<and> (\<exists>w \<in> vertices. w \<notin> vsuccs e v \<and> w \<in> vsuccs e'' v)}"
+
+text \<open>
+ Informally, termination is ensured because at each call,
+ either a new vertex is visited (hence the complement of
+ the set of visited nodes w.r.t. the finite set of vertices
+ decreases) or a new successor is added to the set
+ @{text "vsuccs e v"} of some vertex @{text v}.
+
+ In order to make this argument formal, we inject the argument
+ tuples that appear in our relation into tuples consisting of
+ the sets mentioned in the informal argument. However, there is
+ one added complication because the call of @{text dfs} from
+ @{text dfss} does not immediately add the vertex to the set
+ of visited nodes (this happens only at the beginning of
+ function @{text dfs}). We therefore add a third component of
+ $0$ or $1$ to these tuples, reflecting the fact that there
+ can only be one call of @{text dfs} from @{text dfss} for a
+ given vertex @{text v}.
+\<close>
+
+fun dfs_dfss_to_tuple where
+ "dfs_dfss_to_tuple (Inl(v::'v, e::'v env)) =
+ (vertices - visited e, vertices \<times> vertices - {(u,u') | u u'. u' \<in> vsuccs e u}, 0)"
+| "dfs_dfss_to_tuple (Inr(v::'v, e::'v env)) =
+ (vertices - visited e, vertices \<times> vertices - {(u,u') | u u'. u' \<in> vsuccs e u}, 1::nat)"
+
+
+text \<open>
+ The triples defined in this way can be ordered lexicographically
+ (with the first two components ordered as finite subsets and the
+ third one following the predecessor relation on natural numbers).
+ We prove that the injection of the above relation into sets
+ of triples respects the lexicographic ordering and conclude that
+ our relation is well-founded.
+\<close>
+
+lemma wf_term: "wf dfs_dfss_term"
+proof -
+ let ?r = "(finite_psubset :: ('v set \<times> 'v set) set)
+ <*lex*> (finite_psubset :: ((('v \<times> 'v) set) \<times> ('v \<times> 'v) set) set)
+ <*lex*> pred_nat"
+ have "wf (finite_psubset :: ('v set \<times> 'v set) set)"
+ by (rule wf_finite_psubset)
+ moreover
+ have "wf (finite_psubset :: ((('v \<times> 'v) set) \<times> ('v \<times> 'v) set) set)"
+ by (rule wf_finite_psubset)
+ ultimately have "wf ?r"
+ using wf_pred_nat by blast
+ moreover
+ have "dfs_dfss_term \<subseteq> inv_image ?r dfs_dfss_to_tuple"
+ proof (clarify)
+ fix a b
+ assume "(a,b) \<in> dfs_dfss_term"
+ hence "(\<exists>v w e e''. a = Inr(v,e'') \<and> b = Inr(v,e) \<and> v \<in> vertices \<and> sub_env e e''
+ \<and> w \<in> vertices \<and> w \<notin> vsuccs e v \<and> w \<in> vsuccs e'' v)
+ \<or> (\<exists>v e e1. a = Inr(v,e1) \<and> b = Inl(v,e) \<and> v \<in> vertices - visited e
+ \<and> visited e1 = visited e \<union> {v})
+ \<or> (\<exists>v w e. a = Inl(w,e) \<and> b = Inr(v,e))"
+ (is "?c1 \<or> ?c2 \<or> ?c3")
+ by (auto simp: dfs_dfss_term_def)
+ then show "(a,b) \<in> inv_image ?r dfs_dfss_to_tuple"
+ proof
+ assume "?c1"
+ then obtain v w e e'' where
+ ab: "a = Inr(v, e'')" "b = Inr(v,e)" and
+ vw: "v \<in> vertices" "w \<in> vertices" "w \<in> vsuccs e'' v" "w \<notin> vsuccs e v" and
+ sub: "sub_env e e''"
+ by blast
+ from sub have "vertices - visited e'' \<subseteq> vertices - visited e"
+ by (auto simp: sub_env_def)
+ moreover
+ from sub vw
+ have "(vertices \<times> vertices - {(u,u') | u u'. u' \<in> vsuccs e'' u})
+ \<subset> (vertices \<times> vertices - {(u,u') | u u'. u' \<in> vsuccs e u})"
+ by (auto simp: sub_env_def)
+ ultimately show ?thesis
+ using vfin ab by auto
+ next
+ assume "?c2 \<or> ?c3"
+ with vfin show ?thesis
+ by (auto simp: pred_nat_def)
+ qed
+ qed
+ ultimately show ?thesis
+ using wf_inv_image wf_subset by blast
+qed
+
+text \<open>
+ The following theorem establishes sufficient conditions that ensure
+ termination of the two functions @{text dfs} and @{text dfss}.
+ The proof proceeds by well-founded induction using the relation
+ @{text dfs_dfss_term}. Isabelle represents the termination domains
+ of the functions by the predicate @{text dfs_dfss_dom} and
+ generates a theorem @{text dfs_dfss.domintros} for proving
+ membership of arguments in the termination domains. The
+ actual formulation is a litte technical because the mutual
+ induction must again be encoded in a single induction argument
+ over the sum type representing the arguments of both functions.
+\<close>
+
+theorem dfs_dfss_termination:
+ "\<lbrakk>v \<in> vertices ; pre_dfs v e\<rbrakk> \<Longrightarrow> dfs_dfss_dom(Inl(v, e))"
+ "\<lbrakk>v \<in> vertices ; pre_dfss v e\<rbrakk> \<Longrightarrow> dfs_dfss_dom(Inr(v, e))"
+proof -
+ { fix args
+ have "(case args
+ of Inl(v,e) \<Rightarrow>
+ v \<in> vertices \<and> pre_dfs v e
+ | Inr(v,e) \<Rightarrow>
+ v \<in> vertices \<and> pre_dfss v e)
+ \<longrightarrow> dfs_dfss_dom args" (is "?P args \<longrightarrow> ?Q args")
+ proof (rule wf_induct[OF wf_term])
+ fix arg :: "('v \<times> 'v env) + ('v \<times> 'v env)"
+ assume ih: "\<forall> arg'. (arg', arg) \<in> dfs_dfss_term \<longrightarrow> (?P arg' \<longrightarrow> ?Q arg')"
+ show "?P arg \<longrightarrow> ?Q arg"
+ proof
+ assume P: "?P arg"
+ show "?Q arg"
+ proof (cases arg)
+ case (Inl a)
+ then obtain v e where a: "arg = Inl(v, e)"
+ using dfs.cases by metis
+ with P have pre: "v \<in> vertices \<and> pre_dfs v e"
+ by simp
+ let ?e1 = "e\<lparr>visited := visited e \<union> {v}, stack := v # stack e, cstack := v # cstack e\<rparr>"
+ let ?recarg = "Inr(v, ?e1)"
+
+ from a pre
+ have "(?recarg, arg) \<in> dfs_dfss_term"
+ by (auto simp: pre_dfs_def dfs_dfss_term_def)
+ moreover
+ from pre have "?P ?recarg"
+ by (auto dest: pre_dfs_pre_dfss)
+ ultimately have "?Q ?recarg"
+ using ih a by auto
+ then have "?Q (Inl(v, e))"
+ by (auto intro: dfs_dfss.domintros)
+ then show ?thesis
+ by (simp add: a)
+ next
+ case (Inr b)
+ then obtain v e where b: "arg = Inr(v, e)"
+ using dfs.cases by metis
+ with P have pre: "v \<in> vertices \<and> pre_dfss v e"
+ by simp
+ let ?sw = "SOME w. w \<in> successors v \<and> w \<notin> vsuccs e v"
+ have "?Q (Inr(v, e))"
+ proof (rule dfs_dfss.domintros)
+ fix w
+ assume "w \<in> successors v"
+ "?sw \<notin> explored e"
+ "?sw \<notin> visited e"
+ "\<not> dfs_dfss_dom (Inl (?sw, e))"
+ show "w \<in> vsuccs e v"
+ proof (rule ccontr)
+ assume "w \<notin> vsuccs e v"
+ with \<open>w \<in> successors v\<close> have sw: "?sw \<in> successors v - vsuccs e v"
+ by (metis (mono_tags, lifting) Diff_iff some_eq_imp)
+ with pre \<open>?sw \<notin> visited e\<close> have "pre_dfs ?sw e"
+ by (blast intro: pre_dfss_pre_dfs)
+ moreover
+ from pre sw sclosed have "?sw \<in> vertices"
+ by blast
+ moreover
+ from pre have "(Inl(?sw,e), Inr(v,e)) \<in> dfs_dfss_term"
+ by (simp add: dfs_dfss_term_def)
+ ultimately have "dfs_dfss_dom (Inl(?sw,e))"
+ using ih b by auto
+ with \<open>\<not> dfs_dfss_dom (Inl (?sw, e))\<close>
+ show "False" ..
+ qed
+ next
+ let ?e' = "dfs ?sw e"
+ let ?e''= "?e'\<lparr>vsuccs := \<lambda>x. if x = v then vsuccs ?e' v \<union> {?sw}
+ else vsuccs ?e' x\<rparr>"
+ fix w
+ assume asm: "w \<in> successors v" "w \<notin> vsuccs e v"
+ "?sw \<notin> visited e" "?sw \<notin> explored e"
+ from \<open>w \<in> successors v\<close> \<open>w \<notin> vsuccs e v\<close>
+ have sw: "?sw \<in> successors v - vsuccs e v"
+ by (metis (no_types, lifting) Diff_iff some_eq_imp)
+ with pre \<open>?sw \<notin> visited e\<close> have "pre_dfs ?sw e"
+ by (blast intro: pre_dfss_pre_dfs)
+ moreover
+ from pre sw sclosed have "?sw \<in> vertices"
+ by blast
+ moreover
+ from pre have "(Inl(?sw, e), Inr(v,e)) \<in> dfs_dfss_term"
+ by (simp add: dfs_dfss_term_def)
+ ultimately have "dfs_dfss_dom (Inl(?sw, e))"
+ using ih b by auto
+ from this \<open>pre_dfs ?sw e\<close> have post: "post_dfs ?sw e ?e'"
+ by (rule pre_post)
+ hence "sub_env e ?e'"
+ by (simp add: post_dfs_def)
+ moreover
+ have "sub_env ?e' ?e''"
+ by (auto simp: sub_env_def)
+ ultimately have "sub_env e ?e''"
+ by (rule sub_env_trans)
+ with pre \<open>?sw \<in> vertices\<close> sw
+ have "(Inr(v, ?e''), Inr(v, e)) \<in> dfs_dfss_term"
+ by (auto simp: dfs_dfss_term_def)
+ moreover
+ from pre post sw \<open>?sw \<notin> visited e\<close> have "pre_dfss v ?e''"
+ by (blast intro: pre_dfss_post_dfs_pre_dfss)
+ ultimately show "dfs_dfss_dom(Inr(v, ?e''))"
+ using pre ih b by auto
+ next
+ let ?e'' = "e\<lparr>vsuccs := \<lambda>x. if x = v then vsuccs e v \<union> {?sw} else vsuccs e x\<rparr>"
+ fix w
+ assume "w \<in> successors v" "w \<notin> vsuccs e v"
+ "?sw \<notin> visited e" "?sw \<in> explored e"
+ with pre have "False"
+ unfolding pre_dfss_def wf_env_def
+ by (meson subsetD)
+ thus "?Q (Inr(v, ?e''))"
+ by simp
+ next
+ fix w
+ assume asm: "w \<in> successors v" "w \<notin> vsuccs e v"
+ "?sw \<in> visited e" "?sw \<in> explored e"
+ let ?e'' = "e\<lparr>vsuccs := \<lambda>x. if x = v then vsuccs e v \<union> {?sw} else vsuccs e x\<rparr>"
+ let ?recarg = "Inr(v, ?e'')"
+
+ from \<open>w \<in> successors v\<close> \<open>w \<notin> vsuccs e v\<close>
+ have sw: "?sw \<in> successors v - vsuccs e v"
+ by (metis (no_types, lifting) Diff_iff some_eq_imp)
+
+ have "(?recarg, arg) \<in> dfs_dfss_term"
+ proof -
+ have "sub_env e ?e''"
+ by (auto simp: sub_env_def)
+ moreover
+ from sw pre sclosed
+ have "\<exists>u \<in> vertices. u \<notin> vsuccs e v \<and> u \<in> vsuccs ?e'' v"
+ by auto
+ ultimately show ?thesis
+ using pre b unfolding dfs_dfss_term_def by blast
+ qed
+
+ moreover
+ from pre sw \<open>?sw \<in> explored e\<close> have "?P ?recarg"
+ by (auto dest: pre_dfss_explored_pre_dfss)
+
+ ultimately show "?Q ?recarg"
+ using ih b by blast
+ next
+ fix w
+ assume asm: "w \<in> successors v" "w \<notin> vsuccs e v"
+ "?sw \<in> visited e" "?sw \<notin> explored e"
+ let ?eu = "unite v ?sw e"
+ let ?e'' = "?eu\<lparr>vsuccs := \<lambda>x. if x = v then vsuccs ?eu v \<union> {?sw} else vsuccs ?eu x\<rparr>"
+ let ?recarg = "Inr(v, ?e'')"
+
+ from \<open>w \<in> successors v\<close> \<open>w \<notin> vsuccs e v\<close>
+ have sw: "?sw \<in> successors v - vsuccs e v"
+ by (metis (no_types, lifting) Diff_iff some_eq_imp)
+
+ have "(?recarg, arg) \<in> dfs_dfss_term"
+ proof -
+ from pre asm sw have "sub_env e ?eu"
+ by (blast dest: unite_sub_env)
+ hence "sub_env e ?e''"
+ by (auto simp: sub_env_def)
+ moreover
+ from sw pre sclosed
+ have "\<exists>u \<in> vertices. u \<notin> vsuccs e v \<and> u \<in> vsuccs ?e'' v"
+ by auto
+ ultimately show ?thesis
+ using pre b unfolding dfs_dfss_term_def by blast
+ qed
+
+ moreover
+ from pre sw \<open>?sw \<in> visited e\<close> \<open>?sw \<notin> explored e\<close> have "?P ?recarg"
+ by (auto dest: pre_dfss_unite_pre_dfss)
+
+ ultimately show "?Q ?recarg"
+ using ih b by auto
+ qed
+ then show ?thesis
+ by (simp add: b)
+ qed
+ qed
+ qed
+ }
+ note dom=this
+ from dom
+ show "\<lbrakk> v \<in> vertices ; pre_dfs v e\<rbrakk> \<Longrightarrow> dfs_dfss_dom(Inl(v, e))"
+ by auto
+ from dom
+ show "\<lbrakk> v \<in> vertices ; pre_dfss v e\<rbrakk> \<Longrightarrow> dfs_dfss_dom(Inr(v, e))"
+ by auto
+qed
+
+text \<open>
+ Putting everything together, we prove the total correctness of
+ the algorithm when applied to some (root) vertex.
+\<close>
+theorem correctness:
+ assumes "v \<in> vertices"
+ shows "sccs (dfs v (init_env v)) = {S . is_scc S \<and> (\<forall>n\<in>S. reachable v n)}"
+ using assms init_env_pre_dfs[of v]
+ by (simp add: dfs_dfss_termination partial_correctness)
+
+
+end
+end
diff --git a/thys/SCC_Bloemen_Sequential/document/root.bib b/thys/SCC_Bloemen_Sequential/document/root.bib
new file mode 100644
--- /dev/null
+++ b/thys/SCC_Bloemen_Sequential/document/root.bib
@@ -0,0 +1,46 @@
+@Phdthesis{bloemen:strong,
+ author = {Vincent Bloemen},
+ title = {Strong Connectivity and Shortest Paths for Checking Models},
+ school = {University of Twente},
+ year = {2019},
+ address = {Enschede, The Netherlands},
+ url = {https://ris.utwente.nl/ws/portalfiles/portal/122499728/thesis.pdf},
+}
+
+@Incollection{dijkstra:finding,
+ author = {Edsger W. Dijkstra},
+ title = {Finding the Maximum Strong Components in a Directed Graph},
+ booktitle = {Selected Writings in Computing: A Personal Perspective},
+ series = {Texts and Monographs in Computer Science},
+ publisher = {Springer},
+ year = {1982},
+ pages = {22-30},
+}
+
+@article{lammich:gabow,
+ author = {Peter Lammich},
+ title = {Verified Efficient Implementation of Gabow's Strongly Connected Components Algorithm},
+ journal = {Archive of Formal Proofs},
+ month = {May},
+ year = {2014},
+ note = {\url{https://isa-afp.org/entries/Gabow_SCC.html},
+ Formal proof development},
+ ISSN = {2150-914x},
+}
+
+@Article{munro:efficient,
+ author = {{J. Ian} Munro},
+ title = {Efficient Determination of the Transitive Closure of a Directed Graph},
+ journal = {Information Processing Letters},
+ volume = 1,
+ number = 2,
+ pages = {56-58},
+ year = 1971,
+}
+
+@Article{tarjan:depth-first,
+ author = {Robert Tarjan},
+ title = {Depth first search and linear graph algorithms},
+ journal = {SIAM Journal on Computing},
+ year = {1972},
+}
diff --git a/thys/SCC_Bloemen_Sequential/document/root.tex b/thys/SCC_Bloemen_Sequential/document/root.tex
new file mode 100644
--- /dev/null
+++ b/thys/SCC_Bloemen_Sequential/document/root.tex
@@ -0,0 +1,65 @@
+\documentclass[11pt,a4paper]{article}
+\usepackage[T1]{fontenc}
+\usepackage{isabelle,isabellesym}
+
+% further packages required for unusual symbols (see also
+% isabellesym.sty), use only when needed
+
+%\usepackage{amssymb}
+ %for \<leadsto>, \<box>, \<diamond>, \<sqsupset>, \<mho>, \<Join>,
+ %\<lhd>, \<lesssim>, \<greatersim>, \<lessapprox>, \<greaterapprox>,
+ %\<triangleq>, \<yen>, \<lozenge>
+
+%\usepackage{eurosym}
+ %for \<euro>
+
+%\usepackage[only,bigsqcap,bigparallel,fatsemi,interleave,sslash]{stmaryrd}
+ %for \<Sqinter>, \<Parallel>, \<Zsemi>, \<Parallel>, \<sslash>
+
+%\usepackage{eufrak}
+ %for \<AA> ... \<ZZ>, \<aa> ... \<zz> (also included in amssymb)
+
+%\usepackage{textcomp}
+ %for \<onequarter>, \<onehalf>, \<threequarters>, \<degree>, \<cent>,
+ %\<currency>
+
+% this should be the last package used
+\usepackage{pdfsetup}
+
+% urls in roman style, theory text in math-similar italics
+\urlstyle{rm}
+\isabellestyle{it}
+
+% for uniform font size
+%\renewcommand{\isastyle}{\isastyleminor}
+
+
+\begin{document}
+
+\title{Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph}
+\author{Stephan Merz and Vincent Trélat}
+\maketitle
+
+\begin{abstract}
+ We prove the correctness of a sequential algorithm for computing
+ maximal strongly connected components (SCCs) of a graph
+ due to Vincent Bloemen.
+\end{abstract}
+
+\tableofcontents
+
+% sane default for proof documents
+\parindent 0pt\parskip 0.5ex
+
+% generated text of all theories
+\input{session}
+
+\bibliographystyle{abbrv}
+\bibliography{root}
+
+\end{document}
+
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: t
+%%% End:
diff --git a/thys/Separation_Logic_Unbounded/.#ROOT b/thys/Separation_Logic_Unbounded/.#ROOT
new file mode 120000
--- /dev/null
+++ b/thys/Separation_Logic_Unbounded/.#ROOT
@@ -0,0 +1,1 @@
+nipkow@lapnipkow1.local.3458
\ No newline at end of file
diff --git a/thys/Separation_Logic_Unbounded/AutomaticVerifiers.thy b/thys/Separation_Logic_Unbounded/AutomaticVerifiers.thy
new file mode 100644
--- /dev/null
+++ b/thys/Separation_Logic_Unbounded/AutomaticVerifiers.thy
@@ -0,0 +1,427 @@
+section \<open>Fractional Predicates and Magic Wands in Automatic Separation Logic Verifiers\<close>
+
+text \<open>This section corresponds to Section 5 of the paper~\cite{UnboundedSL}.\<close>
+
+theory AutomaticVerifiers
+ imports FixedPoint WandProperties
+begin
+
+context logic
+begin
+
+subsection \<open>Syntactic multiplication\<close>
+
+text \<open>The following definition corresponds to Figure 6 of the paper~\cite{UnboundedSL}.\<close>
+
+fun syn_mult :: "'b \<Rightarrow> ('a, 'b, 'c, 'd) assertion \<Rightarrow> ('a, 'b, 'c, 'd) assertion" where
+ "syn_mult \<pi> (Star A B) = Star (syn_mult \<pi> A) (syn_mult \<pi> B)"
+| "syn_mult \<pi> (Wand A B) = Wand (syn_mult \<pi> A) (syn_mult \<pi> B)"
+| "syn_mult \<pi> (Or A B) = Or (syn_mult \<pi> A) (syn_mult \<pi> B)"
+| "syn_mult \<pi> (And A B) = And (syn_mult \<pi> A) (syn_mult \<pi> B)"
+| "syn_mult \<pi> (Imp A B) = Imp (syn_mult \<pi> A) (syn_mult \<pi> B)"
+| "syn_mult \<pi> (Mult \<alpha> A) = syn_mult (smult \<alpha> \<pi>) A"
+| "syn_mult \<pi> (Exists x A) = Exists x (syn_mult \<pi> A)"
+| "syn_mult \<pi> (Forall x A) = Forall x (syn_mult \<pi> A)"
+| "syn_mult \<pi> (Wildcard A) = Wildcard A"
+| "syn_mult \<pi> A = Mult \<pi> A"
+
+definition div_state where
+ "div_state \<pi> \<sigma> = (SOME r. \<sigma> = \<pi> \<odot> r)"
+
+lemma div_state_ok:
+ "\<sigma> = \<pi> \<odot> (div_state \<pi> \<sigma>)"
+ by (metis (mono_tags) div_state_def someI_ex unique_inv)
+
+text \<open>The following theorem corresponds to Theorem 6 of the paper~\cite{UnboundedSL}.\<close>
+
+theorem syn_sen_mult_same:
+ "\<sigma>, s, \<Delta> \<Turnstile> syn_mult \<pi> A \<longleftrightarrow> \<sigma>, s, \<Delta> \<Turnstile> Mult \<pi> A"
+proof (induct A arbitrary: \<sigma> \<pi> s)
+ case (Exists x A)
+ show ?case (is "?A \<longleftrightarrow> ?B")
+ proof
+ show "?B \<Longrightarrow> ?A"
+ using Exists.hyps by auto
+ show "?A \<Longrightarrow> ?B"
+ using Exists.hyps by fastforce
+ qed
+next
+ case (Forall x A)
+ then show ?case
+ by (metis dot_forall1 dot_forall2 entails_def sat.simps(9) syn_mult.simps(8))
+next
+ case (Star A B)
+ show ?case (is "?P \<longleftrightarrow> ?Q")
+ proof
+ show "?P \<Longrightarrow> ?Q"
+ proof -
+ assume ?P
+ then obtain a b where "a, s, \<Delta> \<Turnstile> syn_mult \<pi> A" "b, s, \<Delta> \<Turnstile> syn_mult \<pi> B"
+ "Some \<sigma> = a \<oplus> b" by auto
+ then obtain "a, s, \<Delta> \<Turnstile> Mult \<pi> A" "b, s, \<Delta> \<Turnstile> Mult \<pi> B"
+ using Star.hyps(1) Star.hyps(2) Star.prems by blast
+ then show ?Q
+ by (meson \<open>Some \<sigma> = a \<oplus> b\<close> dot_star2 entails_def sat.simps(2))
+ qed
+ assume ?Q
+ then obtain a b where "a, s, \<Delta> \<Turnstile> Mult \<pi> A" "b, s, \<Delta> \<Turnstile> Mult \<pi> B" "Some \<sigma> = a \<oplus> b"
+ by (meson dot_star1 entails_def sat.simps(2))
+ then show ?P
+ using Star.hyps(1) Star.hyps(2) Star.prems by force
+ qed
+next
+ case (Mult p A)
+ show ?case (is "?P \<longleftrightarrow> ?Q")
+ proof
+ show "?P \<Longrightarrow> ?Q"
+ proof -
+ assume ?P
+ then have "\<sigma>, s, \<Delta> \<Turnstile> syn_mult (smult p \<pi>) A" by auto
+ then have "\<sigma>, s, \<Delta> \<Turnstile> Mult (smult p \<pi>) A"
+ using Mult.hyps by blast
+ then show ?Q
+ by (metis dot_mult2 logic.entails_def logic_axioms smult_comm)
+ qed
+ assume ?Q
+ then obtain a where "a, s, \<Delta> \<Turnstile> A" "\<sigma> = \<pi> \<odot> (p \<odot> a)" by auto
+ then show ?P
+ using Mult.hyps double_mult smult_comm by auto
+ qed
+next
+ case (Wand A B)
+ show ?case (is "?P \<longleftrightarrow> ?Q")
+ proof
+ show "?P \<Longrightarrow> ?Q"
+ proof -
+ assume "\<sigma>, s, \<Delta> \<Turnstile> syn_mult \<pi> (Wand A B)"
+ then have "\<sigma>, s, \<Delta> \<Turnstile> Wand (syn_mult \<pi> A) (syn_mult \<pi> B)"
+ by auto
+ moreover have "div_state \<pi> \<sigma>, s, \<Delta> \<Turnstile> Wand A B"
+ proof (rule sat_wand)
+ fix a b
+ assume "a, s, \<Delta> \<Turnstile> A \<and> Some b = div_state \<pi> \<sigma> \<oplus> a"
+ then have "Some (\<pi> \<odot> b) = \<sigma> \<oplus> (\<pi> \<odot> a)"
+ using div_state_ok plus_mult by presburger
+ moreover have "\<pi> \<odot> a, s, \<Delta> \<Turnstile> Mult \<pi> A"
+ using \<open>a, s, \<Delta> \<Turnstile> A \<and> Some b = div_state \<pi> \<sigma> \<oplus> a\<close> by auto
+ then have "\<pi> \<odot> a, s, \<Delta> \<Turnstile> syn_mult \<pi> A"
+ using Wand.hyps(1) Wand.prems by blast
+ then have "\<pi> \<odot> b, s, \<Delta> \<Turnstile> syn_mult \<pi> B"
+ using \<open>\<sigma>, s, \<Delta> \<Turnstile> Wand (syn_mult \<pi> A) (syn_mult \<pi> B)\<close> calculation by auto
+ ultimately show "b, s, \<Delta> \<Turnstile> B"
+ by (metis Wand.hyps(2) Wand.prems can_divide sat.simps(1))
+ qed
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Mult \<pi> (Wand A B)"
+ by (metis div_state_ok sat.simps(1))
+ qed
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Mult \<pi> (Wand A B)"
+ then have "div_state \<pi> \<sigma>, s, \<Delta> \<Turnstile> Wand A B"
+ by (metis div_state_ok can_divide sat.simps(1))
+ have "\<sigma>, s, \<Delta> \<Turnstile> Wand (syn_mult \<pi> A) (syn_mult \<pi> B)"
+ proof (rule sat_wand)
+ fix a b assume "a, s, \<Delta> \<Turnstile> syn_mult \<pi> A \<and> Some b = \<sigma> \<oplus> a"
+ then have "Some (div_state \<pi> b) = div_state \<pi> \<sigma> \<oplus> div_state \<pi> a"
+ by (metis div_state_ok plus_mult unique_inv)
+ then have "div_state \<pi> b, s, \<Delta> \<Turnstile> B"
+ by (metis (no_types, lifting) Wand.hyps(1) \<open>a, s, \<Delta> \<Turnstile> syn_mult \<pi> A \<and> Some b = \<sigma> \<oplus> a\<close> \<open>div_state \<pi> \<sigma>, s, \<Delta> \<Turnstile> Wand A B\<close> div_state_ok logic.can_divide logic_axioms sat.simps(1) sat.simps(3))
+ then show "b, s, \<Delta> \<Turnstile> syn_mult \<pi> B"
+ using Wand.hyps(2) div_state_ok sat.simps(1) by blast
+ qed
+ then show "\<sigma>, s, \<Delta> \<Turnstile> syn_mult \<pi> (Wand A B)"
+ by simp
+ qed
+next
+ case (And A B)
+ show ?case (is "?P \<longleftrightarrow> ?Q")
+ proof
+ show "?P \<Longrightarrow> ?Q"
+ proof -
+ assume ?P
+ then obtain "\<sigma>, s, \<Delta> \<Turnstile> syn_mult \<pi> A" "\<sigma>, s, \<Delta> \<Turnstile> syn_mult \<pi> B"
+ by auto
+ then show ?Q
+ by (meson And.hyps(1) And.hyps(2) dot_and2 logic.entails_def logic_axioms sat.simps(7))
+ qed
+ assume ?Q then show ?P
+ using And.hyps(1) And.hyps(2) And.prems by auto
+ qed
+next
+ case (Imp A B)
+ show ?case (is "?P \<longleftrightarrow> ?Q")
+ proof
+ show "?P \<Longrightarrow> ?Q"
+ by (metis Imp.hyps(1) Imp.hyps(2) sat.simps(1) sat.simps(5) syn_mult.simps(5) unique_inv)
+ assume ?Q then show ?P
+ by (metis Imp.hyps(1) Imp.hyps(2) Imp.prems can_divide sat.simps(1) sat.simps(5) syn_mult.simps(5))
+ qed
+next
+ case (Wildcard A)
+ then show ?case
+ by (metis DotWild entails_def equivalent_def syn_mult.simps(9))
+qed (auto)
+
+
+
+subsection \<open>Monotonicity and fixed point\<close>
+
+(* Bool means positive *)
+fun pos_neg_rec_call :: "bool \<Rightarrow> ('a, 'b, 'c, 'd) assertion \<Rightarrow> bool" where
+ "pos_neg_rec_call b Pred \<longleftrightarrow> b"
+| "pos_neg_rec_call b (Mult _ A) \<longleftrightarrow> pos_neg_rec_call b A"
+| "pos_neg_rec_call b (Exists _ A) \<longleftrightarrow> pos_neg_rec_call b A"
+| "pos_neg_rec_call b (Forall _ A) \<longleftrightarrow> pos_neg_rec_call b A"
+| "pos_neg_rec_call b (Star A B) \<longleftrightarrow> pos_neg_rec_call b A \<and> pos_neg_rec_call b B"
+| "pos_neg_rec_call b (Or A B) \<longleftrightarrow> pos_neg_rec_call b A \<and> pos_neg_rec_call b B"
+| "pos_neg_rec_call b (And A B) \<longleftrightarrow> pos_neg_rec_call b A \<and> pos_neg_rec_call b B"
+| "pos_neg_rec_call b (Wand A B) \<longleftrightarrow> pos_neg_rec_call (\<not> b) A \<and> pos_neg_rec_call b B"
+| "pos_neg_rec_call b (Imp A B) \<longleftrightarrow> pos_neg_rec_call (\<not> b) A \<and> pos_neg_rec_call b B"
+| "pos_neg_rec_call _ (Sem _) \<longleftrightarrow> True"
+| "pos_neg_rec_call b (Bounded A) \<longleftrightarrow> pos_neg_rec_call b A"
+| "pos_neg_rec_call b (Wildcard A) \<longleftrightarrow> pos_neg_rec_call b A"
+
+
+lemma pos_neg_rec_call_mono:
+ assumes "pos_neg_rec_call b A"
+ shows "(b \<longrightarrow> monotonic (applies_eq A)) \<and> (\<not> b \<longrightarrow> non_increasing (applies_eq A))"
+ using assms
+proof (induct A arbitrary: b)
+ case (Exists x A)
+ then show ?case
+ by (meson mono_exists non_increasing_exists pos_neg_rec_call.simps(3))
+next
+ case (Forall x A)
+ then show ?case
+ by (meson mono_forall non_increasing_forall pos_neg_rec_call.simps(4))
+next
+ case (Sem x)
+ then show ?case
+ by (metis applies_eq.simps mem_Collect_eq mono_sem non_increasingI sat.simps(4) smaller_interp_def subsetI)
+next
+ case (Mult x1a A)
+ then show ?case
+ using mono_mult non_increasing_mult pos_neg_rec_call.simps(2) by blast
+next
+ case (Star A1 A2)
+ then show ?case
+ by (metis mono_star non_inc_star pos_neg_rec_call.simps(5))
+next
+ case (Wand A1 A2)
+ then show ?case
+ by (metis mono_wand non_increasing_wand pos_neg_rec_call.simps(8))
+next
+ case (Or A1 A2)
+ then show ?case
+ by (metis mono_or non_increasing_or pos_neg_rec_call.simps(6))
+next
+ case (And A1 A2)
+ then show ?case
+ by (metis mono_and non_increasing_and pos_neg_rec_call.simps(7))
+next
+ case (Imp A1 A2)
+ then show ?case
+ by (metis mono_imp non_increasing_imp pos_neg_rec_call.simps(9))
+next
+ case Pred
+ then show ?case
+ using mono_interp pos_neg_rec_call.simps(1) by blast
+next
+ case (Bounded A)
+ then show ?case
+ using mono_bounded non_increasing_bounded pos_neg_rec_call.simps(11) by blast
+next
+ case (Wildcard A)
+ then show ?case
+ using mono_wild non_increasing_wild pos_neg_rec_call.simps(12) by blast
+qed
+
+
+text \<open>The following theorem corresponds to Theorem 7 of the paper~\cite{UnboundedSL}.\<close>
+
+theorem exists_lfp_gfp:
+ assumes "pos_neg_rec_call True A"
+ shows "\<sigma>, s, LFP (applies_eq A) \<Turnstile> A \<longleftrightarrow> \<sigma> \<in> LFP (applies_eq A) s"
+ and "\<sigma>, s, GFP (applies_eq A) \<Turnstile> A \<longleftrightarrow> \<sigma> \<in> GFP (applies_eq A) s"
+ apply (metis LFP_is_FP applies_eq.simps assms mem_Collect_eq pos_neg_rec_call_mono)
+ by (metis GFP_is_FP applies_eq.simps assms mem_Collect_eq pos_neg_rec_call_mono)
+
+
+
+
+
+subsection \<open>Combinability\<close>
+
+definition combinable_sem :: "(('d \<Rightarrow> 'c) \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool" where
+ "combinable_sem B \<longleftrightarrow> (\<forall>a b x s \<alpha> \<beta>. B s a \<and> B s b \<and> sadd \<alpha> \<beta> = one \<and> Some x = \<alpha> \<odot> a \<oplus> \<beta> \<odot> b \<longrightarrow> B s x)"
+
+fun wf_assertion :: "('a, 'b, 'c, 'd) assertion \<Rightarrow> bool" where
+ "wf_assertion Pred \<longleftrightarrow> True"
+| "wf_assertion (Sem B) \<longleftrightarrow> combinable_sem B"
+| "wf_assertion (Mult _ A) \<longleftrightarrow> wf_assertion A"
+| "wf_assertion (Forall _ A) \<longleftrightarrow> wf_assertion A"
+| "wf_assertion (Exists x A) \<longleftrightarrow> wf_assertion A \<and> (\<forall>\<Delta>. unambiguous \<Delta> A x)"
+| "wf_assertion (Star A B) \<longleftrightarrow> wf_assertion A \<and> wf_assertion B"
+| "wf_assertion (And A B) \<longleftrightarrow> wf_assertion A \<and> wf_assertion B"
+| "wf_assertion (Wand A B) \<longleftrightarrow> wf_assertion B"
+| "wf_assertion (Imp A B) \<longleftrightarrow> pure A \<and> wf_assertion B"
+| "wf_assertion (Wildcard A) \<longleftrightarrow> wf_assertion A"
+| "wf_assertion _ \<longleftrightarrow> False"
+
+
+
+lemma wf_implies_combinable:
+ assumes "wf_assertion A"
+ and "sem_combinable \<Delta>"
+ shows "combinable \<Delta> A"
+ using assms
+proof (induct A)
+ case (Exists x A)
+ then show ?case
+ by (meson combinable_exists wf_assertion.simps(5))
+next
+ case (Forall x A)
+ then show ?case
+ by (meson combinable_forall wf_assertion.simps(4))
+next
+ case (Sem B)
+ show ?case
+ proof (rule combinableI)
+ fix a b p q x \<sigma> s
+ assume "a, s, \<Delta> \<Turnstile> Sem B \<and> b, s, \<Delta> \<Turnstile> Sem B \<and> Some x = p \<odot> a \<oplus> q \<odot> b \<and> sadd p q = one"
+ then show "x, s, \<Delta> \<Turnstile> Sem B"
+ by (metis Sem.prems(1) combinable_sem_def sat.simps(4) wf_assertion.simps(2))
+ qed
+next
+ case (Mult x1a A)
+ then show ?case
+ using combinable_mult wf_assertion.simps(3) by blast
+next
+ case (Star A1 A2)
+ then show ?case
+ using combinable_star wf_assertion.simps(6) by blast
+next
+ case (Wand A1 A2)
+ then show ?case
+ using combinable_wand wf_assertion.simps(8) by blast
+next
+ case (And A1 A2)
+ then show ?case
+ using combinable_and by auto
+next
+ case (Imp A1 A2)
+ then show ?case
+ using combinable_imp by auto
+next
+ case Pred
+ show ?case
+ proof (rule combinableI)
+ fix a b p q x \<sigma> s
+ assume "a, s, \<Delta> \<Turnstile> Pred \<and> b, s, \<Delta> \<Turnstile> Pred \<and> Some x = p \<odot> a \<oplus> q \<odot> b \<and> sadd p q = one"
+ then show "x, s, \<Delta> \<Turnstile> Pred"
+ using assms(2) sat.simps(10) sem_combinableE by metis
+ qed
+next
+ case (Wildcard A)
+ then show ?case
+ using combinable_wildcard wf_assertion.simps(10) by blast
+qed (auto)
+
+
+
+
+
+subsection \<open>Theorems\<close>
+
+text \<open>The following two theorems correspond to the rules shown in Section 5.1 of the paper~\cite{UnboundedSL}.\<close>
+
+theorem apply_wand:
+ "Star (syn_mult \<pi> A) (Mult \<pi> (Wand A B)), \<Delta> \<turnstile> syn_mult \<pi> B"
+proof (rule entailsI)
+ fix \<sigma> s
+ assume asm: "\<sigma>, s, \<Delta> \<Turnstile> Star (syn_mult \<pi> A) (Mult \<pi> (Wand A B))"
+ then obtain x y where "Some \<sigma> = x \<oplus> y" "x, s, \<Delta> \<Turnstile> syn_mult \<pi> A" "y, s, \<Delta> \<Turnstile> Mult \<pi> (Wand A B)"
+ by auto
+ then have "y, s, \<Delta> \<Turnstile> Wand (syn_mult \<pi> A) (syn_mult \<pi> B)"
+ by (metis syn_mult.simps(2) syn_sen_mult_same)
+ then show "\<sigma>, s, \<Delta> \<Turnstile> syn_mult \<pi> B"
+ using \<open>Some \<sigma> = x \<oplus> y\<close> \<open>x, s, \<Delta> \<Turnstile> syn_mult \<pi> A\<close> \<open>y, s, \<Delta> \<Turnstile> Wand (syn_mult \<pi> A) (syn_mult \<pi> B)\<close> commutative by auto
+qed
+
+theorem package_wand:
+ assumes "Star F (syn_mult \<pi> A), \<Delta> \<turnstile> syn_mult \<pi> B"
+ shows "F, \<Delta> \<turnstile> Mult \<pi> (Wand A B)"
+ by (metis adjunct2 assms entails_def syn_mult.simps(2) syn_sen_mult_same)
+
+text \<open>The following four theorems correspond to the rules shown in Section 5.2 of the paper~\cite{UnboundedSL}.\<close>
+
+theorem fold_lfp:
+ assumes "pos_neg_rec_call True A"
+ shows "syn_mult \<pi> A, LFP (applies_eq A) \<turnstile> Mult \<pi> Pred"
+ by (simp add: assms entails_def exists_lfp_gfp(1) syn_sen_mult_same)
+
+theorem unfold_lfp:
+ assumes "pos_neg_rec_call True A"
+ shows "Mult \<pi> Pred, LFP (applies_eq A) \<turnstile> syn_mult \<pi> A"
+ by (simp add: assms entails_def exists_lfp_gfp(1) syn_sen_mult_same)
+
+theorem fold_gfp:
+ assumes "pos_neg_rec_call True A"
+ shows "syn_mult \<pi> A, GFP (applies_eq A) \<turnstile> Mult \<pi> Pred"
+ by (simp add: assms entails_def exists_lfp_gfp(2) syn_sen_mult_same)
+
+theorem unfold_gfp:
+ assumes "pos_neg_rec_call True A"
+ shows "Mult \<pi> Pred, GFP (applies_eq A) \<turnstile> syn_mult \<pi> A"
+ by (simp add: assms entails_def exists_lfp_gfp(2) syn_sen_mult_same)
+
+text \<open>The following theorems correspond to the rule shown in Section 5.3 of the paper~\cite{UnboundedSL}.\<close>
+
+theorem wf_assertion_combinable_lfp:
+ assumes "wf_assertion A"
+ and "pos_neg_rec_call True A"
+ shows "sem_combinable (LFP (applies_eq A))"
+proof -
+ let ?f = "\<lambda>a b. { \<sigma> |\<sigma> p q. sadd p q = one \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b}"
+ have "set_closure_property ?f (LFP (applies_eq A))"
+ proof (rule FP_preserves_set_closure_property(2))
+ show "monotonic (applies_eq A)"
+ using assms(2) pos_neg_rec_call_mono by blast
+ fix \<Delta> :: "('d, 'c, 'a) interp" assume asm0: "set_closure_property ?f \<Delta>"
+ then have "sem_combinable \<Delta>"
+ by (metis combinable_set_closure)
+ then show "set_closure_property ?f (applies_eq A \<Delta>)"
+ by (metis assms(1) combinable_set_closure sem_combinable_equiv wf_implies_combinable)
+ qed
+ then show ?thesis using combinable_set_closure by metis
+qed
+
+
+theorem wf_assertion_combinable_gfp:
+ assumes "wf_assertion A"
+ and "pos_neg_rec_call True A"
+ shows "sem_combinable (GFP (applies_eq A))"
+proof -
+ let ?f = "\<lambda>a b. { \<sigma> |\<sigma> p q. sadd p q = one \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b}"
+ have "set_closure_property ?f (GFP (applies_eq A))"
+ proof (rule FP_preserves_set_closure_property(1))
+ show "monotonic (applies_eq A)"
+ using assms(2) pos_neg_rec_call_mono by blast
+ fix \<Delta> :: "('d, 'c, 'a) interp" assume asm0: "set_closure_property ?f \<Delta>"
+ then have "sem_combinable \<Delta>"
+ by (metis combinable_set_closure)
+ then show "set_closure_property ?f (applies_eq A \<Delta>)"
+ by (metis assms(1) combinable_set_closure sem_combinable_equiv wf_implies_combinable)
+ qed
+ then show ?thesis using combinable_set_closure by metis
+qed
+
+theorem wf_combine:
+ assumes "wf_assertion A"
+ and "pos_neg_rec_call True A"
+ shows "Star (Mult \<alpha> Pred) (Mult \<beta> Pred), LFP (applies_eq A) \<turnstile> Mult (sadd \<alpha> \<beta>) Pred"
+ and "Star (Mult \<alpha> Pred) (Mult \<beta> Pred), GFP (applies_eq A) \<turnstile> Mult (sadd \<alpha> \<beta>) Pred"
+ apply (metis assms(1) assms(2) logic.combinable_def logic.wf_implies_combinable logic_axioms wf_assertion.simps(1) wf_assertion_combinable_lfp)
+ by (metis assms(1) assms(2) logic.combinable_def logic.wf_implies_combinable logic_axioms wf_assertion.simps(1) wf_assertion_combinable_gfp)
+
+end
+
+end
\ No newline at end of file
diff --git a/thys/Separation_Logic_Unbounded/Combinability.thy b/thys/Separation_Logic_Unbounded/Combinability.thy
new file mode 100644
--- /dev/null
+++ b/thys/Separation_Logic_Unbounded/Combinability.thy
@@ -0,0 +1,292 @@
+section \<open>Combinability\<close>
+
+text \<open>This section corresponds to Section 3 of the paper~\cite{UnboundedSL}.\<close>
+
+theory Combinability
+ imports UnboundedLogic
+begin
+
+context logic
+begin
+
+text \<open>The definition of combinable assertions corresponds to Definition 4 of the paper~\cite{UnboundedSL}.\<close>
+
+definition combinable :: "('d, 'c, 'a) interp \<Rightarrow> ('a, 'b, 'c, 'd) assertion \<Rightarrow> bool" where
+ "combinable \<Delta> A \<longleftrightarrow> (\<forall>p q. Star (Mult p A) (Mult q A), \<Delta> \<turnstile> Mult (sadd p q) A)"
+
+lemma combinable_instantiate:
+ assumes "combinable \<Delta> A"
+ and "a, s, \<Delta> \<Turnstile> A"
+ and "b, s, \<Delta> \<Turnstile> A"
+ and "Some x = p \<odot> a \<oplus> q \<odot> b"
+ shows "x, s, \<Delta> \<Turnstile> Mult (sadd p q) A"
+ by (meson assms(1) assms(2) assms(3) assms(4) combinable_def entails_def logic.sat.simps(2) logic_axioms sat.simps(1))
+
+lemma combinable_instantiate_one:
+ assumes "combinable \<Delta> A"
+ and "a, s, \<Delta> \<Turnstile> A"
+ and "b, s, \<Delta> \<Turnstile> A"
+ and "Some x = p \<odot> a \<oplus> q \<odot> b"
+ and "sadd p q = one"
+ shows "x, s, \<Delta> \<Turnstile> A"
+ using assms(1) assms(2) assms(3) assms(4) assms(5) combinable_instantiate one_neutral by fastforce
+
+lemma combinableI_old:
+ assumes "\<And>a b p q x \<sigma> s. a, s, \<Delta> \<Turnstile> A \<and> b, s, \<Delta> \<Turnstile> A \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b \<and> \<sigma> = (sadd p q) \<odot> x \<Longrightarrow> x, s, \<Delta> \<Turnstile> A"
+ shows "combinable \<Delta> A"
+proof -
+ have "\<And>p q. Star (Mult p A) (Mult q A), \<Delta> \<turnstile> Mult (sadd p q) A"
+ proof (rule entailsI)
+ fix p q \<sigma> s
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Star (Mult p A) (Mult q A)"
+ then obtain a b where "a, s, \<Delta> \<Turnstile> A \<and> b, s, \<Delta> \<Turnstile> A \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b"
+ by auto
+ moreover obtain x where "\<sigma> = (sadd p q) \<odot> x"
+ using unique_inv by auto
+ ultimately have "x, s, \<Delta> \<Turnstile> A" using assms
+ by blast
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Mult (sadd p q) A"
+ using \<open>\<sigma> = sadd p q \<odot> x\<close> by fastforce
+ qed
+ then show ?thesis
+ by (simp add: combinable_def)
+qed
+
+
+lemma combinableI:
+ assumes "\<And>a b p q x \<sigma> s. a, s, \<Delta> \<Turnstile> A \<and> b, s, \<Delta> \<Turnstile> A \<and> Some x = p \<odot> a \<oplus> q \<odot> b \<and> sadd p q = one \<Longrightarrow> x, s, \<Delta> \<Turnstile> A"
+ shows "combinable \<Delta> A"
+proof (rule combinableI_old)
+ fix a b p q x \<sigma> s
+ assume "a, s, \<Delta> \<Turnstile> A \<and> b, s, \<Delta> \<Turnstile> A \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b \<and> \<sigma> = sadd p q \<odot> x"
+ let ?p = "smult (sinv (sadd p q)) p"
+ let ?q = "smult (sinv (sadd p q)) q"
+ have "Some x = ?p \<odot> a \<oplus> ?q \<odot> b"
+ proof -
+ have "Some ((smult (sinv (sadd p q)) (sadd p q)) \<odot> x) = ?p \<odot> a \<oplus> ?q \<odot> b"
+ by (metis \<open>a, s, \<Delta> \<Turnstile> A \<and> b, s, \<Delta> \<Turnstile> A \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b \<and> \<sigma> = sadd p q \<odot> x\<close> double_mult logic.plus_mult logic_axioms)
+ then show ?thesis
+ by (simp add: one_neutral sinv_inverse smult_comm)
+ qed
+ moreover have "sadd ?p ?q = one"
+ by (metis logic.smult_comm logic_axioms sinv_inverse smult_distrib)
+ ultimately show "x, s, \<Delta> \<Turnstile> A"
+ using \<open>a, s, \<Delta> \<Turnstile> A \<and> b, s, \<Delta> \<Turnstile> A \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b \<and> \<sigma> = sadd p q \<odot> x\<close> assms by blast
+qed
+
+
+lemma combinable_wand:
+ assumes "combinable \<Delta> B"
+ shows "combinable \<Delta> (Wand A B)"
+proof (rule combinableI_old)
+ fix a b p q x \<sigma> s
+ assume "a, s, \<Delta> \<Turnstile> Wand A B \<and> b, s, \<Delta> \<Turnstile> Wand A B \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b \<and> \<sigma> = sadd p q \<odot> x"
+ show "x, s, \<Delta> \<Turnstile> Wand A B"
+ proof (rule sat_wand)
+ fix aa \<sigma>'
+ assume "aa, s, \<Delta> \<Turnstile> A \<and> Some \<sigma>' = x \<oplus> aa"
+ then have "Some ((sadd p q) \<odot> \<sigma>') = \<sigma> \<oplus> ((sadd p q) \<odot> aa)"
+ by (simp add: \<open>a, s, \<Delta> \<Turnstile> Wand A B \<and> b, s, \<Delta> \<Turnstile> Wand A B \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b \<and> \<sigma> = sadd p q \<odot> x\<close> plus_mult)
+ moreover have "Some ((sadd p q) \<odot> aa) = p \<odot> aa \<oplus> q \<odot> aa"
+ by (simp add: distrib_mult)
+ moreover have "a ## aa"
+ proof -
+ have "p \<odot> a ## (sadd p q) \<odot> aa"
+ by (metis \<open>a, s, \<Delta> \<Turnstile> Wand A B \<and> b, s, \<Delta> \<Turnstile> Wand A B \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b \<and> \<sigma> = sadd p q \<odot> x\<close> asso2 calculation(1) commutative compatible_def option.discI)
+ then show ?thesis
+ using compatible_multiples by blast
+ qed
+ then obtain aaa where "Some aaa = a \<oplus> aa"
+ using compatible_def by auto
+ moreover have "b ## aa"
+ proof -
+ have "q \<odot> b ## (sadd p q) \<odot> aa"
+ by (metis \<open>a, s, \<Delta> \<Turnstile> Wand A B \<and> b, s, \<Delta> \<Turnstile> Wand A B \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b \<and> \<sigma> = sadd p q \<odot> x\<close> asso2 calculation(1) compatible_def option.discI)
+ then show ?thesis
+ using compatible_multiples by blast
+ qed
+ then obtain baa where "Some baa = b \<oplus> aa"
+ using compatible_def by auto
+ ultimately have "Some (mult (sadd p q) \<sigma>') = p \<odot> aaa \<oplus> q \<odot> baa"
+ proof -
+ obtain a1 where "Some a1 = \<sigma> \<oplus> (p \<odot> aa)"
+ by (metis \<open>Some (sadd p q \<odot> \<sigma>') = \<sigma> \<oplus> sadd p q \<odot> aa\<close> compatible_multiples option.exhaust_sel pre_logic.compatible_def unique_inv)
+ then obtain a2 where "Some a2 = p \<odot> a \<oplus> (p \<odot> aa)"
+ by (meson \<open>\<And>thesis. (\<And>aaa. Some aaa = a \<oplus> aa \<Longrightarrow> thesis) \<Longrightarrow> thesis\<close> plus_mult)
+ then have "Some a1 = a2 \<oplus> q \<odot> b"
+ proof -
+ obtain bc where "q \<odot> b \<oplus> p \<odot> aa = Some bc"
+ by (metis \<open>b ## aa\<close> compatible_iff compatible_multiples one_neutral option.exhaust_sel pre_logic.compatible_def)
+ then have "\<sigma> \<oplus> p \<odot> aa = p \<odot> a \<oplus> bc"
+ using asso1[of "p \<odot> a" "q \<odot> b" \<sigma> "p \<odot> aa" bc]
+ by (metis \<open>a, s, \<Delta> \<Turnstile> Wand A B \<and> b, s, \<Delta> \<Turnstile> Wand A B \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b \<and> \<sigma> = sadd p q \<odot> x\<close>)
+ then show ?thesis
+ by (metis \<open>Some a1 = \<sigma> \<oplus> p \<odot> aa\<close> \<open>Some a2 = p \<odot> a \<oplus> p \<odot> aa\<close> \<open>q \<odot> b \<oplus> p \<odot> aa = Some bc\<close> asso1 commutative)
+ qed
+ moreover have "a2 = p \<odot> aaa"
+ by (metis \<open>Some a2 = p \<odot> a \<oplus> p \<odot> aa\<close> \<open>Some aaa = a \<oplus> aa\<close> option.inject plus_mult)
+ moreover have "Some (q \<odot> baa) = q \<odot> b \<oplus> q \<odot> aa"
+ by (simp add: \<open>Some baa = b \<oplus> aa\<close> plus_mult)
+ ultimately show ?thesis
+ by (metis \<open>Some (sadd p q \<odot> \<sigma>') = \<sigma> \<oplus> sadd p q \<odot> aa\<close> \<open>Some (sadd p q \<odot> aa) = p \<odot> aa \<oplus> q \<odot> aa\<close> \<open>Some a1 = \<sigma> \<oplus> p \<odot> aa\<close> asso1)
+ qed
+ moreover have "aaa, s, \<Delta> \<Turnstile> B \<and> baa, s, \<Delta> \<Turnstile> B"
+ using \<open>Some aaa = a \<oplus> aa\<close> \<open>Some baa = b \<oplus> aa\<close> \<open>a, s, \<Delta> \<Turnstile> Wand A B \<and> b, s, \<Delta> \<Turnstile> Wand A B \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b \<and> \<sigma> = sadd p q \<odot> x\<close> \<open>aa, s, \<Delta> \<Turnstile> A \<and> Some \<sigma>' = x \<oplus> aa\<close> by auto
+ ultimately have "mult (sadd p q) \<sigma>', s, \<Delta> \<Turnstile> Mult (sadd p q) B"
+ by (meson assms logic.combinable_def logic.entails_def logic_axioms sat.simps(1) sat.simps(2))
+ then show "\<sigma>', s, \<Delta> \<Turnstile> B"
+ using can_divide sat.simps(1) by metis
+ qed
+qed
+
+lemma combinable_star:
+ assumes "combinable \<Delta> A"
+ and "combinable \<Delta> B"
+ shows "combinable \<Delta> (Star A B)"
+proof (rule combinableI_old)
+ fix a b p q x \<sigma> s
+ assume "a, s, \<Delta> \<Turnstile> Star A B \<and> b, s, \<Delta> \<Turnstile> Star A B \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b \<and> \<sigma> = sadd p q \<odot> x"
+ then obtain aa ab ba bb where "Some a = aa \<oplus> ab" "Some b = ba \<oplus> bb" "aa, s, \<Delta> \<Turnstile> A"
+ "ab, s, \<Delta> \<Turnstile> B" "ba, s, \<Delta> \<Turnstile> A" "bb, s, \<Delta> \<Turnstile> B"
+ by auto
+ then obtain xa xb where "Some xa = p \<odot> aa \<oplus> q \<odot> ba" "Some xb = p \<odot> ab \<oplus> q \<odot> bb"
+ by (metis \<open>a, s, \<Delta> \<Turnstile> Star A B \<and> b, s, \<Delta> \<Turnstile> Star A B \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b \<and> \<sigma> = sadd p q \<odot> x\<close> asso2 commutative compatible_iff compatible_multiples one_neutral option.discI option.exhaust_sel pre_logic.compatible_def)
+ then have "xa, s, \<Delta> \<Turnstile> Mult (sadd p q) A"
+ by (meson \<open>aa, s, \<Delta> \<Turnstile> A\<close> \<open>ba, s, \<Delta> \<Turnstile> A\<close> assms(1) entails_def logic.combinable_def logic.sat.simps(1) logic.sat.simps(2) logic_axioms)
+ moreover have "xb, s, \<Delta> \<Turnstile> Mult (sadd p q) B"
+ by (meson \<open>Some xb = p \<odot> ab \<oplus> q \<odot> bb\<close> \<open>ab, s, \<Delta> \<Turnstile> B\<close> \<open>bb, s, \<Delta> \<Turnstile> B\<close> assms(2) combinable_def entails_def sat.simps(1) sat.simps(2))
+ moreover have "Some \<sigma> = xa \<oplus> xb"
+ using \<open>Some a = aa \<oplus> ab\<close> \<open>Some b = ba \<oplus> bb\<close> \<open>Some xa = p \<odot> aa \<oplus> q \<odot> ba\<close> \<open>Some xb = p \<odot> ab \<oplus> q \<odot> bb\<close> \<open>a, s, \<Delta> \<Turnstile> Star A B \<and> b, s, \<Delta> \<Turnstile> Star A B \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b \<and> \<sigma> = sadd p q \<odot> x\<close> move_sum plus_mult by blast
+ then obtain xa' xb' where "Some x = xa' \<oplus> xb'" "xa = sadd p q \<odot> xa'" "xb = sadd p q \<odot> xb'"
+ by (metis \<open>a, s, \<Delta> \<Turnstile> Star A B \<and> b, s, \<Delta> \<Turnstile> Star A B \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b \<and> \<sigma> = sadd p q \<odot> x\<close> plus_mult unique_inv)
+ ultimately show "x, s, \<Delta> \<Turnstile> Star A B"
+ by (metis logic.can_divide logic_axioms sat.simps(1) sat.simps(2))
+qed
+
+lemma combinable_mult:
+ assumes "combinable \<Delta> A"
+ shows "combinable \<Delta> (Mult \<pi> A)"
+proof (rule combinableI)
+ fix a b p q x \<sigma> s
+ assume asm: "a, s, \<Delta> \<Turnstile> Mult \<pi> A \<and> b, s, \<Delta> \<Turnstile> Mult \<pi> A \<and> Some x = p \<odot> a \<oplus> q \<odot> b \<and> sadd p q = one"
+ then obtain a' b' where "a', s, \<Delta> \<Turnstile> A" "b', s, \<Delta> \<Turnstile> A" "a = \<pi> \<odot> a'" "b = \<pi> \<odot> b'" by auto
+
+ let ?p = "smult p \<pi>"
+ let ?q = "smult q \<pi>"
+
+ have "Some x = ?p \<odot> a' \<oplus> ?q \<odot> b'"
+ by (simp add: \<open>a = \<pi> \<odot> a'\<close> \<open>b = \<pi> \<odot> b'\<close> asm double_mult)
+ moreover have "sadd ?p ?q = \<pi>"
+ using asm smult_comm smult_distrib sone_neutral by force
+ ultimately show "x, s, \<Delta> \<Turnstile> Mult \<pi> A"
+ by (metis \<open>a', s, \<Delta> \<Turnstile> A\<close> \<open>b', s, \<Delta> \<Turnstile> A\<close> assms combinable_instantiate)
+qed
+
+lemma combinable_and:
+ assumes "combinable \<Delta> A"
+ and "combinable \<Delta> B"
+ shows "combinable \<Delta> (And A B)"
+proof (rule combinableI)
+ fix a b p q x \<sigma> s
+ assume "a, s, \<Delta> \<Turnstile> And A B \<and> b, s, \<Delta> \<Turnstile> And A B \<and> Some x = p \<odot> a \<oplus> q \<odot> b \<and> sadd p q = one"
+ then obtain "a, s, \<Delta> \<Turnstile> A" "b, s, \<Delta> \<Turnstile> A" "a, s, \<Delta> \<Turnstile> B" "b, s, \<Delta> \<Turnstile> B" by auto
+ then show "x, s, \<Delta> \<Turnstile> And A B"
+ by (meson \<open>a, s, \<Delta> \<Turnstile> And A B \<and> b, s, \<Delta> \<Turnstile> And A B \<and> Some x = p \<odot> a \<oplus> q \<odot> b \<and> sadd p q = one\<close> assms(1) assms(2) combinable_instantiate_one sat.simps(7))
+qed
+
+
+lemma combinable_forall:
+ assumes "combinable \<Delta> A"
+ shows "combinable \<Delta> (Forall x A)"
+proof (rule combinableI)
+ fix a b p q y \<sigma> s
+ assume "a, s, \<Delta> \<Turnstile> Forall x A \<and> b, s, \<Delta> \<Turnstile> Forall x A \<and> Some y = p \<odot> a \<oplus> q \<odot> b \<and> sadd p q = one"
+ show "y, s, \<Delta> \<Turnstile> Forall x A"
+ proof (rule sat_forall)
+ fix v show "y, s(x := v), \<Delta> \<Turnstile> A"
+ by (meson \<open>a, s, \<Delta> \<Turnstile> Forall x A \<and> b, s, \<Delta> \<Turnstile> Forall x A \<and> Some y = p \<odot> a \<oplus> q \<odot> b \<and> sadd p q = one\<close> assms combinable_instantiate_one sat.simps(9))
+ qed
+qed
+
+
+
+
+definition unambiguous where
+ "unambiguous \<Delta> A x \<longleftrightarrow> (\<forall>\<sigma>1 \<sigma>2 v1 v2 s. \<sigma>1 ## \<sigma>2 \<and> \<sigma>1, s(x := v1), \<Delta> \<Turnstile> A \<and> \<sigma>2, s(x := v2), \<Delta> \<Turnstile> A \<longrightarrow> v1 = v2)"
+
+lemma unambiguousI:
+ assumes "\<And>\<sigma>1 \<sigma>2 v1 v2 s. \<sigma>1 ## \<sigma>2 \<and> \<sigma>1, s(x := v1), \<Delta> \<Turnstile> A \<and> \<sigma>2, s(x := v2), \<Delta> \<Turnstile> A \<Longrightarrow> v1 = v2"
+ shows "unambiguous \<Delta> A x"
+ by (simp add: assms unambiguous_def)
+
+lemma unambiguous_star:
+ assumes "unambiguous \<Delta> A x"
+ shows "unambiguous \<Delta> (Star A B) x"
+proof (rule unambiguousI)
+ fix \<sigma>1 \<sigma>2 v1 v2 s
+ assume "\<sigma>1 ## \<sigma>2 \<and> \<sigma>1, s(x := v1), \<Delta> \<Turnstile> Star A B \<and> \<sigma>2, s(x := v2), \<Delta> \<Turnstile> Star A B"
+ then obtain a1 b1 a2 b2 where "Some \<sigma>1 = a1 \<oplus> b1" "Some \<sigma>2 = a2 \<oplus> b2" "a1, s(x := v1), \<Delta> \<Turnstile> A"
+ "a2, s(x := v2), \<Delta> \<Turnstile> A" "b1, s(x := v1), \<Delta> \<Turnstile> B" "b2, s(x := v2), \<Delta> \<Turnstile> B" by auto
+ then have "a1 ## a2"
+ by (metis \<open>\<sigma>1 ## \<sigma>2 \<and> \<sigma>1, s(x := v1), \<Delta> \<Turnstile> Star A B \<and> \<sigma>2, s (x := v2), \<Delta> \<Turnstile> Star A B\<close> asso2 asso3 commutative)
+ then show "v1 = v2"
+ using \<open>a1, s(x := v1), \<Delta> \<Turnstile> A\<close> \<open>a2, s(x := v2), \<Delta> \<Turnstile> A\<close> assms unambiguous_def by fastforce
+qed
+
+
+lemma combinable_exists:
+ assumes "combinable \<Delta> A"
+ and "unambiguous \<Delta> A x"
+ shows "combinable \<Delta> (Exists x A)"
+proof (rule combinableI)
+ fix a b p q y \<sigma> s
+ assume "a, s, \<Delta> \<Turnstile> Exists x A \<and> b, s, \<Delta> \<Turnstile> Exists x A \<and> Some y = p \<odot> a \<oplus> q \<odot> b \<and> sadd p q = one"
+ then have "a ## b"
+ by (metis logic.compatible_multiples logic_axioms option.discI pre_logic.compatible_def)
+ moreover obtain v1 v2 where "a, s(x := v1), \<Delta> \<Turnstile> A" "b, s(x := v2), \<Delta> \<Turnstile> A"
+ using \<open>a, s, \<Delta> \<Turnstile> Exists x A \<and> b, s, \<Delta> \<Turnstile> Exists x A \<and> Some y = p \<odot> a \<oplus> q \<odot> b \<and> sadd p q = one\<close> by auto
+ ultimately have "v1 = v2"
+ using assms(2) unambiguous_def by force
+ then show "y, s, \<Delta> \<Turnstile> Exists x A"
+ by (metis (mono_tags, opaque_lifting) \<open>a, s(x := v1), \<Delta> \<Turnstile> A\<close> \<open>a, s, \<Delta> \<Turnstile> Exists x A \<and> b, s, \<Delta> \<Turnstile> Exists x A \<and> Some y = p \<odot> a \<oplus> q \<odot> b \<and> sadd p q = one\<close> \<open>b, s(x := v2), \<Delta> \<Turnstile> A\<close> assms(1) combinable_instantiate_one logic.sat.simps(8) logic_axioms)
+qed
+
+lemma combinable_pure:
+ assumes "pure A"
+ shows "combinable \<Delta> A"
+ using assms combinableI_old pure_def by blast
+
+
+lemma combinable_imp:
+ assumes "pure A"
+ and "combinable \<Delta> B"
+ shows "combinable \<Delta> (Imp A B)"
+proof (rule combinableI)
+ fix a b p q x \<sigma> s
+ assume "a, s, \<Delta> \<Turnstile> Imp A B \<and> b, s, \<Delta> \<Turnstile> Imp A B \<and> Some x = p \<odot> a \<oplus> q \<odot> b \<and> sadd p q = one"
+ then show "x, s, \<Delta> \<Turnstile> Imp A B"
+ using assms(1) assms(2) combinable_instantiate_one pure_def sat.simps(5)
+ by metis
+qed
+
+
+lemma combinable_wildcard:
+ assumes "combinable \<Delta> A"
+ shows "combinable \<Delta> (Wildcard A)"
+proof (rule combinableI)
+ fix a b p q x \<sigma> s
+ assume asm: "a, s, \<Delta> \<Turnstile> Wildcard A \<and> b, s, \<Delta> \<Turnstile> Wildcard A \<and> Some x = p \<odot> a \<oplus> q \<odot> b \<and> sadd p q = one"
+ then obtain a' b' pa pb where "a', s, \<Delta> \<Turnstile> A" "b', s, \<Delta> \<Turnstile> A" "a = pa \<odot> a'" "b = pb \<odot> b'" by auto
+ then have "Some x = (smult p pa) \<odot> a' \<oplus> (smult q pb) \<odot> b'"
+ by (simp add: asm double_mult)
+ then have "x, s, \<Delta> \<Turnstile> Mult (sadd (smult p pa) (smult q pb)) A"
+ using \<open>a', s, \<Delta> \<Turnstile> A\<close> \<open>b', s, \<Delta> \<Turnstile> A\<close> assms combinable_instantiate by blast
+ then show "x, s, \<Delta> \<Turnstile> Wildcard A"
+ by fastforce
+qed
+
+
+end
+
+
+end
\ No newline at end of file
diff --git a/thys/Separation_Logic_Unbounded/Distributivity.thy b/thys/Separation_Logic_Unbounded/Distributivity.thy
new file mode 100644
--- /dev/null
+++ b/thys/Separation_Logic_Unbounded/Distributivity.thy
@@ -0,0 +1,477 @@
+section \<open>Distributivity and Factorisability\<close>
+
+text \<open>This section corresponds to Section 2.4 and Figure 4 of the paper~\cite{UnboundedSL}.\<close>
+
+theory Distributivity
+ imports UnboundedLogic
+begin
+
+context logic
+begin
+
+subsection DotPos
+
+lemma DotPos:
+ "A, \<Delta> \<turnstile> B \<longleftrightarrow> (Mult \<pi> A, \<Delta> \<turnstile> Mult \<pi> B)" (is "?A \<longleftrightarrow> ?B")
+proof
+ show "?A \<Longrightarrow> ?B"
+ by (metis (no_types, lifting) entails_def sat.simps(1))
+ show "?B \<Longrightarrow> ?A"
+ using can_divide entails_def sat.simps(1)
+ by metis
+qed
+
+text \<open>Only one direction holds with a wildcard\<close>
+
+lemma WildPos:
+ "A, \<Delta> \<turnstile> B \<Longrightarrow> (Wildcard A, \<Delta> \<turnstile> Wildcard B)"
+ by (metis (no_types, lifting) entails_def sat.simps(12))
+
+subsection DotDot
+
+lemma dot_mult1:
+ "Mult p (Mult q A), \<Delta> \<turnstile> Mult (smult p q) A"
+proof (rule entailsI)
+ fix \<sigma> s
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Mult p (Mult q A)"
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Mult (smult p q) A"
+ using double_mult by auto
+qed
+
+lemma dot_mult2:
+ "Mult (smult p q) A, \<Delta> \<turnstile> Mult p (Mult q A)"
+proof (rule entailsI)
+ fix \<sigma> s \<Delta>
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Mult (smult p q) A"
+ then obtain a where "a, s, \<Delta> \<Turnstile> A" "\<sigma> = (smult p q) \<odot> a"
+ by auto
+ then have "q \<odot> a, s, \<Delta> \<Turnstile> Mult q A" by auto
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Mult p (Mult q A)"
+ by (metis \<open>\<sigma> = smult p q \<odot> a\<close> double_mult sat.simps(1))
+qed
+
+lemma DotDot:
+ "Mult p (Mult q A), \<Delta> \<equiv> Mult (smult p q) A"
+ by (simp add: dot_mult1 dot_mult2 equivalent_def)
+
+lemma can_factorize:
+ "\<exists>r. q = smult r p"
+ by (metis sinv_inverse smult_asso smult_comm sone_neutral)
+
+lemma WildDot:
+ "Wildcard (Mult p A), \<Delta> \<equiv> Wildcard A"
+proof (rule equivalentI)
+ show "\<And>\<sigma> s. \<sigma>, s, \<Delta> \<Turnstile> Wildcard (Mult p A) \<Longrightarrow> \<sigma>, s, \<Delta> \<Turnstile> Wildcard A"
+ using double_mult by fastforce
+ fix \<sigma> s
+ assume asm0: "\<sigma>, s, \<Delta> \<Turnstile> Wildcard A"
+ then obtain q a where "\<sigma> = q \<odot> a" "a, s, \<Delta> \<Turnstile> A"
+ using sat.simps(12) by blast
+ then obtain r where "q = smult r p"
+ using can_factorize by blast
+ then have "\<sigma> = r \<odot> (p \<odot> a)"
+ by (simp add: \<open>\<sigma> = q \<odot> a\<close> double_mult)
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Wildcard (Mult p A)"
+ using \<open>a, s, \<Delta> \<Turnstile> A\<close> sat.simps(1) sat.simps(12) by blast
+qed
+
+lemma DotWild:
+ "Mult p (Wildcard A), \<Delta> \<equiv> Wildcard A"
+proof (rule equivalentI)
+ show "\<And>\<sigma> s. \<sigma>, s, \<Delta> \<Turnstile> Mult p (Wildcard A) \<Longrightarrow> \<sigma>, s, \<Delta> \<Turnstile> Wildcard A"
+ using double_mult by fastforce
+ fix \<sigma> s
+ assume asm0: "\<sigma>, s, \<Delta> \<Turnstile> Wildcard A"
+ then obtain q a where "\<sigma> = q \<odot> a" "a, s, \<Delta> \<Turnstile> A"
+ by force
+ then obtain r where "q = smult p r"
+ using can_factorize smult_comm by presburger
+ then have "\<sigma> = p \<odot> (r \<odot> a)"
+ by (simp add: \<open>\<sigma> = q \<odot> a\<close> double_mult)
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Mult p (Wildcard A)"
+ using \<open>a, s, \<Delta> \<Turnstile> A\<close> by auto
+qed
+
+lemma WildWild:
+ "Wildcard (Wildcard A), \<Delta> \<equiv> Wildcard A"
+proof (rule equivalentI)
+ show "\<And>\<sigma> s. \<sigma>, s, \<Delta> \<Turnstile> Wildcard (Wildcard A) \<Longrightarrow> \<sigma>, s, \<Delta> \<Turnstile> Wildcard A"
+ using double_mult by fastforce
+ show "\<And>\<sigma> s. \<sigma>, s, \<Delta> \<Turnstile> Wildcard A \<Longrightarrow> \<sigma>, s, \<Delta> \<Turnstile> Wildcard (Wildcard A)"
+ by (metis one_neutral sat.simps(12))
+qed
+
+
+
+
+subsection DotStar
+
+lemma dot_star1:
+ "Mult p (Star A B), \<Delta> \<turnstile> Star (Mult p A) (Mult p B)"
+proof (rule entailsI)
+ fix \<sigma> s \<Delta>
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Mult p (Star A B)"
+ then obtain a b x where "\<sigma> = p \<odot> x" "Some x = a \<oplus> b" "a, s, \<Delta> \<Turnstile> A" "b, s, \<Delta> \<Turnstile> B"
+ by auto
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Star (Mult p A) (Mult p B)"
+ using plus_mult by auto
+qed
+
+
+lemma dot_star2:
+ "Star (Mult p A) (Mult p B), \<Delta> \<turnstile> Mult p (Star A B)"
+proof (rule entailsI)
+ fix \<sigma> s \<Delta>
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Star (Mult p A) (Mult p B)"
+ then obtain a b where "Some \<sigma> = (p \<odot> a) \<oplus> (p \<odot> b)" "a, s, \<Delta> \<Turnstile> A" "b, s, \<Delta> \<Turnstile> B"
+ by auto
+ then obtain x where "Some x = a \<oplus> b"
+ by (metis plus_mult unique_inv)
+ then have "\<sigma> = p \<odot> x"
+ by (metis \<open>Some \<sigma> = p \<odot> a \<oplus> p \<odot> b\<close> option.sel plus_mult)
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Mult p (Star A B)"
+ using \<open>Some x = a \<oplus> b\<close> \<open>a, s, \<Delta> \<Turnstile> A\<close> \<open>b, s, \<Delta> \<Turnstile> B\<close> by auto
+qed
+
+lemma DotStar:
+ "Mult p (Star A B), \<Delta> \<equiv> Star (Mult p A) (Mult p B)"
+ by (simp add: dot_star1 dot_star2 equivalent_def)
+
+lemma WildStar1:
+ "Wildcard (Star A B), \<Delta> \<turnstile> Star (Wildcard A) (Wildcard B)"
+proof (rule entailsI)
+ fix \<sigma> s assume asm0: "\<sigma>, s, \<Delta> \<Turnstile> Wildcard (Star A B)"
+ then obtain p ab a b where "\<sigma> = p \<odot> ab" "Some ab = a \<oplus> b" "a, s, \<Delta> \<Turnstile> A" "b, s, \<Delta> \<Turnstile> B"
+ by auto
+ then have "Some \<sigma> = (p \<odot> a) \<oplus> (p \<odot> b)"
+ using plus_mult by blast
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Star (Wildcard A) (Wildcard B)"
+ using \<open>a, s, \<Delta> \<Turnstile> A\<close> \<open>b, s, \<Delta> \<Turnstile> B\<close> by auto
+qed
+
+
+subsection DotWand
+
+
+lemma dot_wand1:
+ "Mult p (Wand A B), \<Delta> \<turnstile> Wand (Mult p A) (Mult p B)"
+proof (rule entailsI)
+ fix \<sigma> s \<Delta>
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Mult p (Wand A B)"
+ then obtain x where "\<sigma> = p \<odot> x" "x, s, \<Delta> \<Turnstile> Wand A B"
+ by auto
+ show "\<sigma>, s, \<Delta> \<Turnstile> Wand (Mult p A) (Mult p B)"
+ proof (rule sat_wand)
+ fix a \<sigma>'
+ assume "a, s, \<Delta> \<Turnstile> Mult p A \<and> Some \<sigma>' = \<sigma> \<oplus> a"
+ then obtain aa where "aa, s, \<Delta> \<Turnstile> A" "a = p \<odot> aa"
+ by auto
+ then obtain b where "Some b = x \<oplus> aa"
+ by (metis \<open>\<sigma> = p \<odot> x\<close> \<open>a, s, \<Delta> \<Turnstile> Mult p A \<and> Some \<sigma>' = \<sigma> \<oplus> a\<close> compatible_def compatible_iff option.exhaust_sel)
+ then have "b, s, \<Delta> \<Turnstile> B"
+ using \<open>aa, s, \<Delta> \<Turnstile> A\<close> \<open>x, s, \<Delta> \<Turnstile> Wand A B\<close> by auto
+ then show "\<sigma>', s, \<Delta> \<Turnstile> Mult p B"
+ by (metis \<open>Some b = x \<oplus> aa\<close> \<open>\<sigma> = p \<odot> x\<close> \<open>a = p \<odot> aa\<close> \<open>a, s, \<Delta> \<Turnstile> Mult p A \<and> Some \<sigma>' = \<sigma> \<oplus> a\<close> can_divide option.inject plus_mult sat_mult)
+ qed
+qed
+
+lemma dot_wand2:
+ "Wand (Mult p A) (Mult p B), \<Delta> \<turnstile> Mult p (Wand A B)"
+proof (rule entailsI)
+ fix \<sigma> s \<Delta>
+ assume asm: "\<sigma>, s, \<Delta> \<Turnstile> Wand (Mult p A) (Mult p B)"
+ show "\<sigma>, s, \<Delta> \<Turnstile> Mult p (Wand A B)"
+ proof (rule sat_mult)
+ fix a assume "\<sigma> = p \<odot> a"
+ show "a, s, \<Delta> \<Turnstile> Wand A B"
+ proof (rule sat_wand)
+ fix aa \<sigma>'
+ assume "aa, s, \<Delta> \<Turnstile> A \<and> Some \<sigma>' = a \<oplus> aa"
+ then have "p \<odot> aa, s, \<Delta> \<Turnstile> Mult p A" by auto
+ then have "Some (p \<odot> \<sigma>') = \<sigma> \<oplus> p \<odot> aa"
+ by (simp add: \<open>\<sigma> = p \<odot> a\<close> \<open>aa, s, \<Delta> \<Turnstile> A \<and> Some \<sigma>' = a \<oplus> aa\<close> plus_mult)
+ then have "p \<odot> \<sigma>', s, \<Delta> \<Turnstile> Mult p B"
+ using \<open>p \<odot> aa, s, \<Delta> \<Turnstile> Mult p A\<close> asm by force
+ then show "\<sigma>', s, \<Delta> \<Turnstile> B"
+ by (metis can_divide sat.simps(1))
+ qed
+ qed
+qed
+
+lemma DotWand:
+ "Mult p (Wand A B), \<Delta> \<equiv> Wand (Mult p A) (Mult p B)"
+ by (simp add: dot_wand1 dot_wand2 equivalent_def)
+
+
+(* Again: Need intuitionism
+lemma WildWand:
+ "Wildcard (Wand A B), \<Delta> \<turnstile> Wand (Wildcard A) (Wildcard B)"
+proof (rule entailsI)
+ fix \<sigma> s \<Delta>
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Wildcard (Wand A B)"
+ then obtain x p where "\<sigma> = p \<odot> x" "x, s, \<Delta> \<Turnstile> Wand A B"
+ by auto
+ show "\<sigma>, s, \<Delta> \<Turnstile> Wand (Wildcard A) (Wildcard B)"
+ proof (rule sat_wand)
+ fix a \<sigma>'
+ assume "a, s, \<Delta> \<Turnstile> Wildcard A \<and> Some \<sigma>' = \<sigma> \<oplus> a"
+ then obtain aa q where "aa, s, \<Delta> \<Turnstile> A" "a = q \<odot> aa"
+ by auto
+ then obtain b where "Some b = x \<oplus> aa"
+ by (metis \<open>\<sigma> = p \<odot> x\<close> \<open>a, s, \<Delta> \<Turnstile> Wildcard A \<and> Some \<sigma>' = \<sigma> \<oplus> a\<close> compatible_def compatible_multiples not_None_eq)
+
+
+
+ then have "b, s, \<Delta> \<Turnstile> B"
+ using \<open>aa, s, \<Delta> \<Turnstile> A\<close> \<open>x, s, \<Delta> \<Turnstile> Wand A B\<close> by auto
+
+
+ then show "\<sigma>', s, \<Delta> \<Turnstile> Wildcard B"
+
+ by (metis \<open>Some b = x \<oplus> aa\<close> \<open>\<sigma> = p \<odot> x\<close> \<open>a = p \<odot> aa\<close> \<open>a, s, \<Delta> \<Turnstile> Mult p A \<and> Some \<sigma>' = \<sigma> \<oplus> a\<close> can_divide option.inject plus_mult sat_mult)
+ qed
+qed
+
+*)
+
+
+
+subsection DotOr
+
+lemma dot_or1:
+ "Mult p (Or A B), \<Delta> \<turnstile> Or (Mult p A) (Mult p B)"
+proof (rule entailsI)
+ fix \<sigma> s \<Delta>
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Mult p (Or A B)"
+ then obtain x where "\<sigma> = p \<odot> x" "x, s, \<Delta> \<Turnstile> A \<or> x, s, \<Delta> \<Turnstile> B"
+ by auto
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Or (Mult p A) (Mult p B)"
+ proof (cases "x, s, \<Delta> \<Turnstile> A")
+ case True
+ then show ?thesis
+ using \<open>\<sigma> = p \<odot> x\<close> by auto
+ next
+ case False
+ then show ?thesis
+ using \<open>\<sigma> = p \<odot> x\<close> \<open>x, s, \<Delta> \<Turnstile> A \<or> x, s, \<Delta> \<Turnstile> B\<close> by auto
+ qed
+qed
+
+lemma dot_or2:
+ "Or (Mult p A) (Mult p B), \<Delta> \<turnstile> Mult p (Or A B)"
+proof (rule entailsI)
+ fix \<sigma> s \<Delta>
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Or (Mult p A) (Mult p B)"
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Mult p (Or A B)"
+ proof (cases "\<sigma>, s, \<Delta> \<Turnstile> Mult p A")
+ case True
+ then show ?thesis by auto
+ next
+ case False
+ then show ?thesis
+ using \<open>\<sigma>, s, \<Delta> \<Turnstile> Or (Mult p A) (Mult p B)\<close> by auto
+ qed
+qed
+
+lemma DotOr:
+ "Mult p (Or A B), \<Delta> \<equiv> Or (Mult p A) (Mult p B)"
+ by (simp add: dot_or1 dot_or2 equivalent_def)
+
+lemma WildOr:
+ "Wildcard (Or A B), \<Delta> \<equiv> Or (Wildcard A) (Wildcard B)"
+proof (rule equivalentI)
+ show "\<And>\<sigma> s. \<sigma>, s, \<Delta> \<Turnstile> Wildcard (Or A B) \<Longrightarrow> \<sigma>, s, \<Delta> \<Turnstile> Or (Wildcard A) (Wildcard B)"
+ by auto
+ show "\<And>\<sigma> s. \<sigma>, s, \<Delta> \<Turnstile> Or (Wildcard A) (Wildcard B) \<Longrightarrow> \<sigma>, s, \<Delta> \<Turnstile> Wildcard (Or A B)"
+ by auto
+qed
+
+
+subsection DotAnd
+
+lemma dot_and1:
+ "Mult p (And A B), \<Delta> \<turnstile> And (Mult p A) (Mult p B)"
+proof (rule entailsI)
+ fix \<sigma> s \<Delta>
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Mult p (And A B)"
+ then obtain x where "\<sigma> = p \<odot> x" "x, s, \<Delta> \<Turnstile> A" "x, s, \<Delta> \<Turnstile> B"
+ by auto
+ then show "\<sigma>, s, \<Delta> \<Turnstile> And (Mult p A) (Mult p B)"
+ by auto
+qed
+
+lemma dot_and2:
+ "And (Mult p A) (Mult p B), \<Delta> \<turnstile> Mult p (And A B)"
+proof (rule entailsI)
+ fix \<sigma> s \<Delta>
+ assume "\<sigma>, s, \<Delta> \<Turnstile> And (Mult p A) (Mult p B)"
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Mult p (And A B)"
+ using logic.can_divide logic_axioms by fastforce
+qed
+
+lemma DotAnd:
+ "And (Mult p A) (Mult p B), \<Delta> \<equiv> Mult p (And A B)"
+ by (simp add: dot_and1 dot_and2 equivalent_def)
+
+lemma WildAnd:
+ "Wildcard (And A B), \<Delta> \<turnstile> And (Wildcard A) (Wildcard B)"
+ using entails_def by fastforce
+
+
+
+subsection DotImp
+
+
+lemma dot_imp1:
+ "Imp (Mult p A) (Mult p B), \<Delta> \<turnstile> Mult p (Imp A B)"
+proof (rule entailsI)
+ fix \<sigma> s \<Delta>
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Imp (Mult p A) (Mult p B)"
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Mult p (Imp A B)"
+ using sat_mult by force
+qed
+
+lemma dot_imp2:
+ "Mult p (Imp A B), \<Delta> \<turnstile> Imp (Mult p A) (Mult p B)"
+proof (rule entailsI)
+ fix \<sigma> s \<Delta>
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Mult p (Imp A B)"
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Imp (Mult p A) (Mult p B)"
+ using can_divide by auto
+qed
+
+lemma DotImp:
+ "Mult p (Imp A B), \<Delta> \<equiv> Imp (Mult p A) (Mult p B)"
+ by (simp add: dot_imp1 dot_imp2 equivalent_def)
+
+subsection DotPure
+
+
+lemma pure_mult1:
+ assumes "pure A"
+ shows "Mult p A, \<Delta> \<turnstile> A"
+ using assms entails_def logic.pure_def logic_axioms by fastforce
+
+lemma pure_mult2:
+ assumes "pure A"
+ shows "A, \<Delta> \<turnstile> Mult p A"
+ using assms entailsI pure_def sat_mult
+ by metis
+
+lemma DotPure:
+ assumes "pure A"
+ shows "Mult p A, \<Delta> \<equiv> A"
+ by (simp add: assms equivalent_def pure_mult1 pure_mult2)
+
+lemma WildPure:
+ assumes "pure A"
+ shows "Wildcard A, \<Delta> \<equiv> A"
+proof (rule equivalentI)
+ show "\<And>\<sigma> s. \<sigma>, s, \<Delta> \<Turnstile> Wildcard A \<Longrightarrow> \<sigma>, s, \<Delta> \<Turnstile> A"
+ using assms pure_def sat.simps(12) by blast
+ show "\<And>\<sigma> s. \<sigma>, s, \<Delta> \<Turnstile> A \<Longrightarrow> \<sigma>, s, \<Delta> \<Turnstile> Wildcard A"
+ by (metis one_neutral sat.simps(12))
+qed
+
+
+subsection DotFull
+
+lemma mult_one_same1:
+ "Mult one A, \<Delta> \<turnstile> A"
+ by (simp add: entails_def one_neutral)
+
+
+lemma mult_one_same2:
+ "A, \<Delta> \<turnstile> Mult one A"
+ by (simp add: entailsI one_neutral)
+
+lemma DotFull:
+ "Mult one A, \<Delta> \<equiv> A"
+ using equivalent_def mult_one_same1 mult_one_same2 by blast
+
+
+
+
+subsection DotExists
+
+
+lemma dot_exists1:
+ "Mult p (Exists x A), \<Delta> \<turnstile> Exists x (Mult p A)"
+proof (rule entailsI)
+ fix \<sigma> s \<Delta>
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Mult p (Exists x A)"
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Exists x (Mult p A)"
+ by auto
+qed
+
+lemma dot_exists2:
+ "Exists x (Mult p A), \<Delta> \<turnstile> Mult p (Exists x A)"
+proof (rule entailsI)
+ fix \<sigma> s \<Delta>
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Exists x (Mult p A)"
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Mult p (Exists x A)" by auto
+qed
+
+lemma DotExists:
+ "Mult p (Exists x A), \<Delta> \<equiv> Exists x (Mult p A)"
+ by (simp add: dot_exists1 dot_exists2 equivalent_def)
+
+
+lemma WildExists:
+ "Wildcard (Exists x A), \<Delta> \<equiv> Exists x (Wildcard A)"
+proof (rule equivalentI)
+ show "\<And>\<sigma> s. \<sigma>, s, \<Delta> \<Turnstile> Wildcard (Exists x A) \<Longrightarrow> \<sigma>, s, \<Delta> \<Turnstile> Exists x (Wildcard A)"
+ by auto
+ show "\<And>\<sigma> s. \<sigma>, s, \<Delta> \<Turnstile> Exists x (Wildcard A) \<Longrightarrow> \<sigma>, s, \<Delta> \<Turnstile> Wildcard (Exists x A)"
+ by auto
+qed
+
+subsection DotForall
+
+lemma dot_forall1:
+ "Mult p (Forall x A), \<Delta> \<turnstile> Forall x (Mult p A)"
+proof (rule entailsI)
+ fix \<sigma> s \<Delta>
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Mult p (Forall x A)"
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Forall x (Mult p A)"
+ by auto
+qed
+
+lemma dot_forall2:
+ "Forall x (Mult p A), \<Delta> \<turnstile> Mult p (Forall x A)"
+proof (rule entailsI)
+ fix \<sigma> s \<Delta>
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Forall x (Mult p A)"
+ obtain a where "\<sigma> = p \<odot> a"
+ using sat.simps(1) sat_mult by blast
+ have "a, s, \<Delta> \<Turnstile> Forall x A"
+ proof (rule sat_forall)
+ fix v show "a, s(x := v), \<Delta> \<Turnstile> A"
+ using \<open>\<sigma> = p \<odot> a\<close> \<open>\<sigma>, s, \<Delta> \<Turnstile> Forall x (Mult p A)\<close> can_divide by auto
+ qed
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Mult p (Forall x A)"
+ using \<open>\<sigma> = p \<odot> a\<close> by auto
+qed
+
+lemma DotForall:
+ "Mult p (Forall x A), \<Delta> \<equiv> Forall x (Mult p A)"
+ by (simp add: dot_forall1 dot_forall2 equivalent_def)
+
+lemma WildForall:
+ "Wildcard (Forall x A), \<Delta> \<turnstile> Forall x (Wildcard A)"
+ by (metis (no_types, lifting) entailsI sat.simps(12) sat.simps(9))
+
+subsection Split
+
+lemma split:
+ "Mult (sadd a b) A, \<Delta> \<turnstile> Star (Mult a A) (Mult b A)"
+proof (rule entailsI)
+ fix \<sigma> s
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Mult (sadd a b) A"
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Star (Mult a A) (Mult b A)"
+ using distrib_mult by fastforce
+qed
+
+end
+
+end
diff --git a/thys/Separation_Logic_Unbounded/FixedPoint.thy b/thys/Separation_Logic_Unbounded/FixedPoint.thy
new file mode 100644
--- /dev/null
+++ b/thys/Separation_Logic_Unbounded/FixedPoint.thy
@@ -0,0 +1,1161 @@
+section \<open>(Co)Inductive Predicates\<close>
+
+text \<open>This subsection corresponds to Section 4 of the paper~\cite{UnboundedSL}.\<close>
+
+theory FixedPoint
+ imports Distributivity Combinability
+begin
+
+type_synonym ('d, 'c, 'a) chain = "nat \<Rightarrow> ('d, 'c, 'a) interp"
+
+context logic
+begin
+
+subsection Definitions
+
+definition smaller_interp :: "('d, 'c, 'a) interp \<Rightarrow> ('d, 'c, 'a) interp \<Rightarrow> bool" where
+ "smaller_interp \<Delta> \<Delta>' \<longleftrightarrow> (\<forall>s. \<Delta> s \<subseteq> \<Delta>' s)"
+
+lemma smaller_interpI:
+ assumes "\<And>s x. x \<in> \<Delta> s \<Longrightarrow> x \<in> \<Delta>' s"
+ shows "smaller_interp \<Delta> \<Delta>'"
+ by (simp add: assms smaller_interp_def subsetI)
+
+definition indep_interp where
+ "indep_interp A \<longleftrightarrow> (\<forall>x s \<Delta> \<Delta>'. x, s, \<Delta> \<Turnstile> A \<longleftrightarrow> x, s, \<Delta>' \<Turnstile> A)"
+
+fun applies_eq :: "('a, 'b, 'c, 'd) assertion \<Rightarrow> ('d, 'c, 'a) interp \<Rightarrow> ('d, 'c, 'a) interp" where
+ "applies_eq A \<Delta> s = { a |a. a, s, \<Delta> \<Turnstile> A }"
+
+definition monotonic :: "(('d, 'c, 'a) interp \<Rightarrow> ('d, 'c, 'a) interp) \<Rightarrow> bool" where
+ "monotonic f \<longleftrightarrow> (\<forall>\<Delta> \<Delta>'. smaller_interp \<Delta> \<Delta>' \<longrightarrow> smaller_interp (f \<Delta>) (f \<Delta>'))"
+
+lemma monotonicI:
+ assumes "\<And>\<Delta> \<Delta>'. smaller_interp \<Delta> \<Delta>' \<Longrightarrow> smaller_interp (f \<Delta>) (f \<Delta>')"
+ shows "monotonic f"
+ by (simp add: assms monotonic_def)
+
+definition non_increasing :: "(('d, 'c, 'a) interp \<Rightarrow> ('d, 'c, 'a) interp) \<Rightarrow> bool" where
+ "non_increasing f \<longleftrightarrow> (\<forall>\<Delta> \<Delta>'. smaller_interp \<Delta> \<Delta>' \<longrightarrow> smaller_interp (f \<Delta>') (f \<Delta>))"
+
+lemma non_increasingI:
+ assumes "\<And>\<Delta> \<Delta>'. smaller_interp \<Delta> \<Delta>' \<Longrightarrow> smaller_interp (f \<Delta>') (f \<Delta>)"
+ shows "non_increasing f"
+ by (simp add: assms non_increasing_def)
+
+
+lemma smaller_interp_refl:
+ "smaller_interp \<Delta> \<Delta>"
+ by (simp add: smaller_interp_def)
+
+
+lemma smaller_interp_applies_cons:
+ assumes "smaller_interp (applies_eq A \<Delta>) (applies_eq A \<Delta>')"
+ and "a, s, \<Delta> \<Turnstile> A"
+ shows "a, s, \<Delta>' \<Turnstile> A"
+proof -
+ have "a \<in> applies_eq A \<Delta> s"
+ using assms(2) by force
+ then have "a \<in> applies_eq A \<Delta>' s"
+ by (metis assms(1) in_mono smaller_interp_def)
+ then show ?thesis by auto
+qed
+
+definition empty_interp where
+ "empty_interp s = {}"
+
+definition full_interp :: "('d, 'c, 'a) interp" where
+ "full_interp s = UNIV"
+
+lemma smaller_interp_trans:
+ assumes "smaller_interp a b"
+ and "smaller_interp b c"
+ shows "smaller_interp a c"
+ by (metis assms(1) assms(2) dual_order.trans smaller_interp_def)
+
+lemma smaller_empty:
+ "smaller_interp empty_interp x"
+ by (simp add: empty_interp_def smaller_interp_def)
+
+text \<open>The definition of set-closure properties corresponds to Definition 8 of the paper~\cite{UnboundedSL}.\<close>
+
+definition set_closure_property :: "('a \<Rightarrow> 'a \<Rightarrow> 'a set) \<Rightarrow> ('d, 'c, 'a) interp \<Rightarrow> bool" where
+ "set_closure_property S \<Delta> \<longleftrightarrow> (\<forall>a b s. a \<in> \<Delta> s \<and> b \<in> \<Delta> s \<longrightarrow> S a b \<subseteq> \<Delta> s)"
+
+lemma set_closure_propertyI:
+ assumes "\<And>a b s. a \<in> \<Delta> s \<and> b \<in> \<Delta> s \<Longrightarrow> S a b \<subseteq> \<Delta> s"
+ shows "set_closure_property S \<Delta>"
+ by (simp add: assms set_closure_property_def)
+
+lemma set_closure_property_instantiate:
+ assumes "set_closure_property S \<Delta>"
+ and "a \<in> \<Delta> s"
+ and "b \<in> \<Delta> s"
+ and "x \<in> S a b"
+ shows "x \<in> \<Delta> s"
+ using assms subsetD set_closure_property_def by metis
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+subsection \<open>Everything preserves monotonicity\<close>
+
+
+lemma indep_implies_non_increasing:
+ assumes "indep_interp A"
+ shows "non_increasing (applies_eq A)"
+ by (metis (no_types, lifting) applies_eq.simps assms indep_interp_def smaller_interp_def mem_Collect_eq non_increasingI subsetI)
+
+subsubsection Monotonicity
+
+lemma mono_instantiate:
+ assumes "monotonic (applies_eq A)"
+ and "x \<in> applies_eq A \<Delta> s"
+ and "smaller_interp \<Delta> \<Delta>'"
+ shows "x \<in> applies_eq A \<Delta>' s"
+ using assms(1) assms(2) assms(3) monotonic_def smaller_interp_applies_cons by fastforce
+
+lemma mono_star:
+ assumes "monotonic (applies_eq A)"
+ and "monotonic (applies_eq B)"
+ shows "monotonic (applies_eq (Star A B))"
+proof (rule monotonicI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm0: "smaller_interp \<Delta> \<Delta>'"
+ show "smaller_interp (applies_eq (Star A B) \<Delta>) (applies_eq (Star A B) \<Delta>')"
+ proof (rule smaller_interpI)
+ fix s x assume asm1: "x \<in> applies_eq (Star A B) \<Delta> s"
+ then obtain a b where "Some x = a \<oplus> b" "a \<in> applies_eq A \<Delta> s" "b \<in> applies_eq B \<Delta> s"
+ by auto
+ then have "a \<in> applies_eq A \<Delta>' s \<and> b \<in> applies_eq B \<Delta>' s"
+ by (meson asm0 assms(1) assms(2) mono_instantiate)
+ then show "x \<in> applies_eq (Star A B) \<Delta>' s"
+ using \<open>Some x = a \<oplus> b\<close> by force
+ qed
+qed
+
+
+lemma mono_wand:
+ assumes "non_increasing (applies_eq A)"
+ and "monotonic (applies_eq B)"
+ shows "monotonic (applies_eq (Wand A B))"
+proof (rule monotonicI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm0: "smaller_interp \<Delta> \<Delta>'"
+ show "smaller_interp (applies_eq (Wand A B) \<Delta>) (applies_eq (Wand A B) \<Delta>')"
+ proof (rule smaller_interpI)
+ fix s x assume asm1: "x \<in> applies_eq (Wand A B) \<Delta> s"
+ have "x, s, \<Delta>' \<Turnstile> Wand A B"
+ proof (rule sat_wand)
+ fix a b
+ assume asm2: "a, s, \<Delta>' \<Turnstile> A \<and> Some b = x \<oplus> a"
+ then have "a, s, \<Delta> \<Turnstile> A"
+ by (meson asm0 assms(1) non_increasing_def smaller_interp_applies_cons)
+ then have "b, s, \<Delta> \<Turnstile> B"
+ using asm1 asm2 by auto
+ then show "b, s, \<Delta>' \<Turnstile> B"
+ by (meson asm0 assms(2) monotonic_def smaller_interp_applies_cons)
+ qed
+ then show "x \<in> applies_eq (Wand A B) \<Delta>' s"
+ by simp
+ qed
+qed
+
+
+
+lemma mono_and:
+ assumes "monotonic (applies_eq A)"
+ and "monotonic (applies_eq B)"
+ shows "monotonic (applies_eq (And A B))"
+proof (rule monotonicI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm0: "smaller_interp \<Delta> \<Delta>'"
+ show "smaller_interp (applies_eq (And A B) \<Delta>) (applies_eq (And A B) \<Delta>')"
+ proof (rule smaller_interpI)
+ fix s x assume asm1: "x \<in> applies_eq (And A B) \<Delta> s"
+ then show "x \<in> applies_eq (And A B) \<Delta>' s"
+ using asm0 assms(1) assms(2) monotonic_def logic_axioms mem_Collect_eq sat.simps(8) smaller_interp_applies_cons by fastforce
+ qed
+qed
+
+lemma mono_or:
+ assumes "monotonic (applies_eq A)"
+ and "monotonic (applies_eq B)"
+ shows "monotonic (applies_eq (Or A B))"
+proof (rule monotonicI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm0: "smaller_interp \<Delta> \<Delta>'"
+ show "smaller_interp (applies_eq (Or A B) \<Delta>) (applies_eq (Or A B) \<Delta>')"
+ proof (rule smaller_interpI)
+ fix s x assume asm1: "x \<in> applies_eq (Or A B) \<Delta> s"
+ then show "x \<in> applies_eq (Or A B) \<Delta>' s"
+ using asm0 assms(1) assms(2) monotonic_def logic_axioms mem_Collect_eq sat.simps(8) smaller_interp_applies_cons by fastforce
+ qed
+qed
+
+lemma mono_sem:
+ "monotonic (applies_eq (Sem B))"
+ using monotonic_def smaller_interp_def by fastforce
+
+lemma mono_interp:
+ "monotonic (applies_eq Pred)"
+proof (rule monotonicI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume "smaller_interp \<Delta> \<Delta>'"
+ show "smaller_interp (applies_eq Pred \<Delta>) (applies_eq Pred \<Delta>')"
+ proof (rule smaller_interpI)
+ fix s x assume "x \<in> applies_eq Pred \<Delta> s"
+ then show "x \<in> applies_eq Pred \<Delta>' s"
+ by (metis (mono_tags, lifting) \<open>smaller_interp \<Delta> \<Delta>'\<close> applies_eq.simps in_mono mem_Collect_eq sat.simps(10) smaller_interp_def)
+ qed
+qed
+
+
+lemma mono_mult:
+ assumes "monotonic (applies_eq A)"
+ shows "monotonic (applies_eq (Mult \<pi> A))"
+proof (rule monotonicI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm0: "smaller_interp \<Delta> \<Delta>'"
+ show "smaller_interp (applies_eq (Mult \<pi> A) \<Delta>) (applies_eq (Mult \<pi> A) \<Delta>')"
+ proof (rule smaller_interpI)
+ fix s x assume asm1: "x \<in> applies_eq (Mult \<pi> A) \<Delta> s"
+ then show "x \<in> applies_eq (Mult \<pi> A) \<Delta>' s"
+ using asm0 assms monotonic_def smaller_interp_applies_cons by fastforce
+ qed
+qed
+
+lemma mono_wild:
+ assumes "monotonic (applies_eq A)"
+ shows "monotonic (applies_eq (Wildcard A))"
+proof (rule monotonicI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm0: "smaller_interp \<Delta> \<Delta>'"
+ show "smaller_interp (applies_eq (Wildcard A) \<Delta>) (applies_eq (Wildcard A) \<Delta>')"
+ proof (rule smaller_interpI)
+ fix s x assume asm1: "x \<in> applies_eq (Wildcard A) \<Delta> s"
+ then show "x \<in> applies_eq (Wildcard A) \<Delta>' s"
+ using asm0 assms monotonic_def smaller_interp_applies_cons by fastforce
+ qed
+qed
+
+
+lemma mono_imp:
+ assumes "non_increasing (applies_eq A)"
+ and "monotonic (applies_eq B)"
+ shows "monotonic (applies_eq (Imp A B))"
+proof (rule monotonicI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm0: "smaller_interp \<Delta> \<Delta>'"
+ show "smaller_interp (applies_eq (Imp A B) \<Delta>) (applies_eq (Imp A B) \<Delta>')"
+ proof (rule smaller_interpI)
+ fix s x assume asm1: "x \<in> applies_eq (Imp A B) \<Delta> s"
+ have "x, s, \<Delta>' \<Turnstile> Imp A B"
+ proof (cases "x, s, \<Delta>' \<Turnstile> A")
+ case True
+ then have "x, s, \<Delta> \<Turnstile> A"
+ by (meson asm0 assms(1) non_increasing_def smaller_interp_applies_cons)
+ then have "x, s, \<Delta> \<Turnstile> B"
+ using asm1 by auto
+ then show ?thesis
+ by (metis asm0 assms(2) monotonic_def sat.simps(5) smaller_interp_applies_cons)
+ next
+ case False
+ then show ?thesis by simp
+ qed
+ then show "x \<in> applies_eq (Imp A B) \<Delta>' s"
+ by simp
+ qed
+qed
+
+lemma mono_bounded:
+ assumes "monotonic (applies_eq A)"
+ shows "monotonic (applies_eq (Bounded A))"
+proof (rule monotonicI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm: "smaller_interp \<Delta> \<Delta>'"
+ show "smaller_interp (applies_eq (Bounded A) \<Delta>) (applies_eq (Bounded A) \<Delta>')"
+ proof (rule smaller_interpI)
+ fix s x assume "x \<in> applies_eq (Bounded A) \<Delta> s"
+ then show "x \<in> applies_eq (Bounded A) \<Delta>' s"
+ using asm assms monotonic_def smaller_interp_applies_cons by fastforce
+ qed
+qed
+
+lemma mono_exists:
+ assumes "monotonic (applies_eq A)"
+ shows "monotonic (applies_eq (Exists v A))"
+proof (rule monotonicI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm0: "smaller_interp \<Delta> \<Delta>'"
+ show "smaller_interp (applies_eq (Exists v A) \<Delta>) (applies_eq (Exists v A) \<Delta>')"
+ proof (rule smaller_interpI)
+ fix s x assume asm1: "x \<in> applies_eq (Exists v A) \<Delta> s"
+ then show "x \<in> applies_eq (Exists v A) \<Delta>' s"
+ using asm0 assms monotonic_def smaller_interp_applies_cons by fastforce
+ qed
+qed
+
+
+lemma mono_forall:
+ assumes "monotonic (applies_eq A)"
+ shows "monotonic (applies_eq (Forall v A))"
+proof (rule monotonicI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm0: "smaller_interp \<Delta> \<Delta>'"
+ show "smaller_interp (applies_eq (Forall v A) \<Delta>) (applies_eq (Forall v A) \<Delta>')"
+ proof (rule smaller_interpI)
+ fix s x assume asm1: "x \<in> applies_eq (Forall v A) \<Delta> s"
+ then show "x \<in> applies_eq (Forall v A) \<Delta>' s"
+ using asm0 assms monotonic_def smaller_interp_applies_cons by fastforce
+ qed
+qed
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+subsubsection \<open>Non-increasing\<close>
+
+lemma non_increasing_instantiate:
+ assumes "non_increasing (applies_eq A)"
+ and "x \<in> applies_eq A \<Delta>' s"
+ and "smaller_interp \<Delta> \<Delta>'"
+ shows "x \<in> applies_eq A \<Delta> s"
+ using assms(1) assms(2) assms(3) non_increasing_def smaller_interp_applies_cons by fastforce
+
+lemma non_inc_star:
+ assumes "non_increasing (applies_eq A)"
+ and "non_increasing (applies_eq B)"
+ shows "non_increasing (applies_eq (Star A B))"
+proof (rule non_increasingI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm0: "smaller_interp \<Delta> \<Delta>'"
+ show "smaller_interp (applies_eq (Star A B) \<Delta>') (applies_eq (Star A B) \<Delta>)"
+ proof (rule smaller_interpI)
+ fix s x assume asm1: "x \<in> applies_eq (Star A B) \<Delta>' s"
+ then obtain a b where "Some x = a \<oplus> b" "a \<in> applies_eq A \<Delta>' s" "b \<in> applies_eq B \<Delta>' s"
+ by auto
+ then have "a \<in> applies_eq A \<Delta> s \<and> b \<in> applies_eq B \<Delta> s"
+ by (meson asm0 assms(1) assms(2) non_increasing_instantiate)
+ then show "x \<in> applies_eq (Star A B) \<Delta> s"
+ using \<open>Some x = a \<oplus> b\<close> by force
+ qed
+qed
+
+
+lemma non_increasing_wand:
+ assumes "monotonic (applies_eq A)"
+ and "non_increasing (applies_eq B)"
+ shows "non_increasing (applies_eq (Wand A B))"
+proof (rule non_increasingI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm0: "smaller_interp \<Delta> \<Delta>'"
+ show "smaller_interp (applies_eq (Wand A B) \<Delta>') (applies_eq (Wand A B) \<Delta>)"
+ proof (rule smaller_interpI)
+ fix s x assume asm1: "x \<in> applies_eq (Wand A B) \<Delta>' s"
+ have "x, s, \<Delta> \<Turnstile> Wand A B"
+ proof (rule sat_wand)
+ fix a b
+ assume asm2: "a, s, \<Delta> \<Turnstile> A \<and> Some b = x \<oplus> a"
+ then have "a, s, \<Delta>' \<Turnstile> A"
+ by (meson asm0 assms(1) monotonic_def smaller_interp_applies_cons)
+ then have "b, s, \<Delta>' \<Turnstile> B"
+ using asm1 asm2 by auto
+ then show "b, s, \<Delta> \<Turnstile> B"
+ by (meson asm0 assms(2) non_increasing_def smaller_interp_applies_cons)
+ qed
+ then show "x \<in> applies_eq (Wand A B) \<Delta> s"
+ by simp
+ qed
+qed
+
+
+
+lemma non_increasing_and:
+ assumes "non_increasing (applies_eq A)"
+ and "non_increasing (applies_eq B)"
+ shows "non_increasing (applies_eq (And A B))"
+proof (rule non_increasingI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm0: "smaller_interp \<Delta>' \<Delta>"
+ show "smaller_interp (applies_eq (And A B) \<Delta>) (applies_eq (And A B) \<Delta>')"
+ proof (rule smaller_interpI)
+ fix s x assume asm1: "x \<in> applies_eq (And A B) \<Delta> s"
+ then show "x \<in> applies_eq (And A B) \<Delta>' s"
+ using asm0 assms(1) assms(2) non_increasing_def logic_axioms mem_Collect_eq sat.simps(8) smaller_interp_applies_cons by fastforce
+ qed
+qed
+
+lemma non_increasing_or:
+ assumes "non_increasing (applies_eq A)"
+ and "non_increasing (applies_eq B)"
+ shows "non_increasing (applies_eq (Or A B))"
+proof (rule non_increasingI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm0: "smaller_interp \<Delta> \<Delta>'"
+ show "smaller_interp (applies_eq (Or A B) \<Delta>') (applies_eq (Or A B) \<Delta>)"
+ proof (rule smaller_interpI)
+ fix s x assume asm1: "x \<in> applies_eq (Or A B) \<Delta>' s"
+ then show "x \<in> applies_eq (Or A B) \<Delta> s"
+ using asm0 assms(1) assms(2) non_increasing_def logic_axioms mem_Collect_eq sat.simps(8) smaller_interp_applies_cons by fastforce
+ qed
+qed
+
+lemma non_increasing_sem:
+ "non_increasing (applies_eq (Sem B))"
+ using non_increasing_def smaller_interp_def by fastforce
+
+
+lemma non_increasing_mult:
+ assumes "non_increasing (applies_eq A)"
+ shows "non_increasing (applies_eq (Mult \<pi> A))"
+proof (rule non_increasingI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm0: "smaller_interp \<Delta> \<Delta>'"
+ show "smaller_interp (applies_eq (Mult \<pi> A) \<Delta>') (applies_eq (Mult \<pi> A) \<Delta>)"
+ proof (rule smaller_interpI)
+ fix s x assume asm1: "x \<in> applies_eq (Mult \<pi> A) \<Delta>' s"
+ then show "x \<in> applies_eq (Mult \<pi> A) \<Delta> s"
+ using asm0 assms non_increasing_def smaller_interp_applies_cons by fastforce
+ qed
+qed
+
+lemma non_increasing_wild:
+ assumes "non_increasing (applies_eq A)"
+ shows "non_increasing (applies_eq (Wildcard A))"
+proof (rule non_increasingI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm0: "smaller_interp \<Delta> \<Delta>'"
+ show "smaller_interp (applies_eq (Wildcard A) \<Delta>') (applies_eq (Wildcard A) \<Delta>)"
+ proof (rule smaller_interpI)
+ fix s x assume asm1: "x \<in> applies_eq (Wildcard A) \<Delta>' s"
+ then show "x \<in> applies_eq (Wildcard A) \<Delta> s"
+ using asm0 assms non_increasing_def smaller_interp_applies_cons by fastforce
+ qed
+qed
+
+
+lemma non_increasing_imp:
+ assumes "monotonic (applies_eq A)"
+ and "non_increasing (applies_eq B)"
+ shows "non_increasing (applies_eq (Imp A B))"
+proof (rule non_increasingI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm0: "smaller_interp \<Delta> \<Delta>'"
+ show "smaller_interp (applies_eq (Imp A B) \<Delta>') (applies_eq (Imp A B) \<Delta>)"
+ proof (rule smaller_interpI)
+ fix s x assume asm1: "x \<in> applies_eq (Imp A B) \<Delta>' s"
+ have "x, s, \<Delta> \<Turnstile> Imp A B"
+ proof (cases "x, s, \<Delta> \<Turnstile> A")
+ case True
+ then have "x, s, \<Delta>' \<Turnstile> A"
+ by (meson asm0 assms(1) monotonic_def smaller_interp_applies_cons)
+ then have "x, s, \<Delta>' \<Turnstile> B"
+ using asm1 by auto
+ then show ?thesis
+ by (metis asm0 assms(2) non_increasing_def sat.simps(5) smaller_interp_applies_cons)
+ next
+ case False
+ then show ?thesis by simp
+ qed
+ then show "x \<in> applies_eq (Imp A B) \<Delta> s"
+ by simp
+ qed
+qed
+
+
+lemma non_increasing_bounded:
+ assumes "non_increasing (applies_eq A)"
+ shows "non_increasing (applies_eq (Bounded A))"
+proof (rule non_increasingI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm: "smaller_interp \<Delta>' \<Delta>"
+ show "smaller_interp (applies_eq (Bounded A) \<Delta>) (applies_eq (Bounded A) \<Delta>')"
+ proof (rule smaller_interpI)
+ fix s x assume "x \<in> applies_eq (Bounded A) \<Delta> s"
+ then show "x \<in> applies_eq (Bounded A) \<Delta>' s"
+ using asm assms non_increasing_def smaller_interp_applies_cons by fastforce
+ qed
+qed
+
+
+lemma non_increasing_exists:
+ assumes "non_increasing (applies_eq A)"
+ shows "non_increasing (applies_eq (Exists v A))"
+proof (rule non_increasingI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm0: "smaller_interp \<Delta>' \<Delta>"
+ show "smaller_interp (applies_eq (Exists v A) \<Delta>) (applies_eq (Exists v A) \<Delta>')"
+ proof (rule smaller_interpI)
+ fix s x assume asm1: "x \<in> applies_eq (Exists v A) \<Delta> s"
+ then show "x \<in> applies_eq (Exists v A) \<Delta>' s"
+ using asm0 assms non_increasing_def smaller_interp_applies_cons by fastforce
+ qed
+qed
+
+
+lemma non_increasing_forall:
+ assumes "non_increasing (applies_eq A)"
+ shows "non_increasing (applies_eq (Forall v A))"
+proof (rule non_increasingI)
+ fix \<Delta> \<Delta>' :: "('c, 'd, 'a) interp"
+ assume asm0: "smaller_interp \<Delta>' \<Delta>"
+ show "smaller_interp (applies_eq (Forall v A) \<Delta>) (applies_eq (Forall v A) \<Delta>')"
+ proof (rule smaller_interpI)
+ fix s x assume asm1: "x \<in> applies_eq (Forall v A) \<Delta> s"
+ then show "x \<in> applies_eq (Forall v A) \<Delta>' s"
+ using asm0 assms non_increasing_def smaller_interp_applies_cons by fastforce
+ qed
+qed
+
+
+
+
+
+
+
+
+
+
+
+
+
+subsection \<open>Tarski's fixed points\<close>
+
+subsubsection \<open>Greatest Fixed Point\<close>
+
+definition D :: "(('d, 'c, 'a) interp \<Rightarrow> ('d, 'c, 'a) interp) \<Rightarrow> ('d, 'c, 'a) interp set" where
+ "D f = { \<Delta> |\<Delta>. smaller_interp \<Delta> (f \<Delta>) }"
+
+fun GFP :: "(('d, 'c, 'a) interp \<Rightarrow> ('d, 'c, 'a) interp) \<Rightarrow> ('d, 'c, 'a) interp" where
+ "GFP f s = { \<sigma> |\<sigma>. \<exists>\<Delta> \<in> D f. \<sigma> \<in> \<Delta> s }"
+
+lemma smaller_interp_D:
+ assumes "x \<in> D f"
+ shows "smaller_interp x (GFP f)"
+ by (metis (mono_tags, lifting) CollectI GFP.elims assms smaller_interpI)
+
+lemma GFP_lub:
+ assumes "\<And>x. x \<in> D f \<Longrightarrow> smaller_interp x y"
+ shows "smaller_interp (GFP f) y"
+proof (rule smaller_interpI)
+ fix s x
+ assume "x \<in> GFP f s"
+ then obtain \<Delta> where "\<Delta> \<in> D f" "x \<in> \<Delta> s"
+ by auto
+ then show "x \<in> y s"
+ by (metis assms in_mono smaller_interp_def)
+qed
+
+lemma smaller_interp_antisym:
+ assumes "smaller_interp a b"
+ and "smaller_interp b a"
+ shows "a = b"
+proof (rule ext)
+ fix x show "a x = b x"
+ by (metis assms(1) assms(2) set_eq_subset smaller_interp_def)
+qed
+
+
+
+
+
+
+
+
+
+
+
+
+subsubsection \<open>Least Fixed Point\<close>
+
+definition DD :: "(('d, 'c, 'a) interp \<Rightarrow> ('d, 'c, 'a) interp) \<Rightarrow> ('d, 'c, 'a) interp set" where
+ "DD f = { \<Delta> |\<Delta>. smaller_interp (f \<Delta>) \<Delta> }"
+
+fun LFP :: "(('d, 'c, 'a) interp \<Rightarrow> ('d, 'c, 'a) interp) \<Rightarrow> ('d, 'c, 'a) interp" where
+ "LFP f s = { \<sigma> |\<sigma>. \<forall>\<Delta> \<in> DD f. \<sigma> \<in> \<Delta> s }"
+
+lemma smaller_interp_DD:
+ assumes "x \<in> DD f"
+ shows "smaller_interp (LFP f) x"
+ using assms smaller_interp_def by fastforce
+
+
+lemma LFP_glb:
+ assumes "\<And>x. x \<in> DD f \<Longrightarrow> smaller_interp y x"
+ shows "smaller_interp y (LFP f)"
+proof (rule smaller_interpI)
+ fix s x
+ assume "x \<in> y s"
+ then have "\<And>\<Delta>. \<Delta> \<in> DD f \<Longrightarrow> x \<in> \<Delta> s"
+ by (metis assms smaller_interp_def subsetD)
+ then show "x \<in> LFP f s"
+ by simp
+qed
+
+
+
+
+
+
+
+subsection \<open>Combinability and (an assertion being) intuitionistic are set-closure properties\<close>
+
+
+subsubsection \<open>Intuitionistic assertions\<close>
+
+definition sem_intui :: "('d, 'c, 'a) interp \<Rightarrow> bool" where
+ "sem_intui \<Delta> \<longleftrightarrow> (\<forall>s \<sigma> \<sigma>'. \<sigma>' \<succeq> \<sigma> \<and> \<sigma> \<in> \<Delta> s \<longrightarrow> \<sigma>' \<in> \<Delta> s)"
+
+lemma sem_intuiI:
+ assumes "\<And>s \<sigma> \<sigma>'. \<sigma>' \<succeq> \<sigma> \<and> \<sigma> \<in> \<Delta> s \<Longrightarrow> \<sigma>' \<in> \<Delta> s"
+ shows "sem_intui \<Delta>"
+ using assms sem_intui_def by blast
+
+lemma instantiate_intui_applies:
+ assumes "intuitionistic s \<Delta> A"
+ and "\<sigma>' \<succeq> \<sigma>"
+ and "\<sigma> \<in> applies_eq A \<Delta> s"
+ shows "\<sigma>' \<in> applies_eq A \<Delta> s"
+ using assms(1) assms(2) assms(3) intuitionistic_def by fastforce
+
+lemma sem_intui_intuitionistic:
+ "sem_intui (applies_eq A \<Delta>) \<longleftrightarrow> (\<forall>s. intuitionistic s \<Delta> A)" (is "?A \<longleftrightarrow> ?B")
+proof
+ show "?B \<Longrightarrow> ?A"
+ proof -
+ assume ?B
+ show ?A
+ proof (rule sem_intuiI)
+ fix s \<sigma> \<sigma>'
+ assume "\<sigma>' \<succeq> \<sigma> \<and> \<sigma> \<in> applies_eq A \<Delta> s"
+ then show "\<sigma>' \<in> applies_eq A \<Delta> s"
+ using \<open>\<forall>s. intuitionistic s \<Delta> A\<close> instantiate_intui_applies by blast
+ qed
+ qed
+ assume ?A
+ show ?B
+ proof
+ fix s show "intuitionistic s \<Delta> A"
+ proof (rule intuitionisticI)
+ fix a b
+ assume "a \<succeq> b \<and> b, s, \<Delta> \<Turnstile> A"
+ then have "b \<in> applies_eq A \<Delta> s" by simp
+ then show "a, s, \<Delta> \<Turnstile> A"
+ by (metis CollectD \<open>a \<succeq> b \<and> b, s, \<Delta> \<Turnstile> A\<close> \<open>sem_intui (applies_eq A \<Delta>)\<close> applies_eq.simps sem_intui_def)
+ qed
+ qed
+qed
+
+
+
+lemma intuitionistic_set_closure:
+ "sem_intui = set_closure_property (\<lambda>a b. { \<sigma> |\<sigma>. \<sigma> \<succeq> a})"
+proof (rule ext)
+ fix \<Delta> :: "('c, 'd, 'a) interp"
+ show "sem_intui \<Delta> = set_closure_property (\<lambda>a b. {\<sigma> |\<sigma>. \<sigma> \<succeq> a}) \<Delta>" (is "?A \<longleftrightarrow> ?B")
+ proof
+ show "?A \<Longrightarrow> ?B"
+ by (metis (no_types, lifting) CollectD set_closure_propertyI sem_intui_def subsetI)
+ assume ?B
+ show ?A
+ proof (rule sem_intuiI)
+ fix s \<sigma> \<sigma>'
+ assume "\<sigma>' \<succeq> \<sigma> \<and> \<sigma> \<in> \<Delta> s"
+ moreover have "(\<lambda>a b. {\<sigma> |\<sigma>. \<sigma> \<succeq> a}) \<sigma> \<sigma> = {\<sigma>' |\<sigma>'. \<sigma>' \<succeq> \<sigma>}" by simp
+ ultimately have "{\<sigma>' |\<sigma>'. \<sigma>' \<succeq> \<sigma>} \<subseteq> \<Delta> s"
+ by (metis \<open>set_closure_property (\<lambda>a b. {\<sigma> |\<sigma>. \<sigma> \<succeq> a}) \<Delta>\<close> set_closure_property_def)
+ show "\<sigma>' \<in> \<Delta> s"
+ using \<open>\<sigma>' \<succeq> \<sigma> \<and> \<sigma> \<in> \<Delta> s\<close> \<open>{\<sigma>' |\<sigma>'. \<sigma>' \<succeq> \<sigma>} \<subseteq> \<Delta> s\<close> by fastforce
+ qed
+ qed
+qed
+
+
+
+subsubsection \<open>Combinable assertions\<close>
+
+definition sem_combinable :: "('d, 'c, 'a) interp \<Rightarrow> bool" where
+ "sem_combinable \<Delta> \<longleftrightarrow> (\<forall>s p q a b x. sadd p q = one \<and> a \<in> \<Delta> s \<and> b \<in> \<Delta> s \<and> Some x = p \<odot> a \<oplus> q \<odot> b \<longrightarrow> x \<in> \<Delta> s)"
+
+lemma sem_combinableI:
+ assumes "\<And>s p q a b x. sadd p q = one \<and> a \<in> \<Delta> s \<and> b \<in> \<Delta> s \<and> Some x = p \<odot> a \<oplus> q \<odot> b \<Longrightarrow> x \<in> \<Delta> s"
+ shows "sem_combinable \<Delta>"
+ using assms sem_combinable_def by blast
+
+lemma sem_combinableE:
+ assumes "sem_combinable \<Delta>"
+ and "a \<in> \<Delta> s"
+ and "b \<in> \<Delta> s"
+ and "Some x = p \<odot> a \<oplus> q \<odot> b"
+ and "sadd p q = one"
+ shows "x \<in> \<Delta> s"
+ using assms(1) assms(2) assms(3) assms(4) assms(5) sem_combinable_def[of \<Delta>]
+ by blast
+
+lemma applies_eq_equiv:
+ "x \<in> applies_eq A \<Delta> s \<longleftrightarrow> x, s, \<Delta> \<Turnstile> A"
+ by simp
+
+lemma sem_combinable_appliesE:
+ assumes "sem_combinable (applies_eq A \<Delta>)"
+ and "a, s, \<Delta> \<Turnstile> A"
+ and "b, s, \<Delta> \<Turnstile> A"
+ and "Some x = p \<odot> a \<oplus> q \<odot> b"
+ and "sadd p q = one"
+ shows "x, s, \<Delta> \<Turnstile> A"
+ using sem_combinableE[of "applies_eq A \<Delta>" a s b x p q] assms by simp
+
+lemma sem_combinable_equiv:
+ "sem_combinable (applies_eq A \<Delta>) \<longleftrightarrow> (combinable \<Delta> A)" (is "?A \<longleftrightarrow> ?B")
+proof
+ show "?B \<Longrightarrow> ?A"
+ proof -
+ assume ?B
+ show ?A
+ proof (rule sem_combinableI)
+ fix s p q a b x
+ assume asm: "sadd p q = one \<and> a \<in> applies_eq A \<Delta> s \<and> b \<in> applies_eq A \<Delta> s \<and> Some x = p \<odot> a \<oplus> q \<odot> b"
+ then show "x \<in> applies_eq A \<Delta> s"
+ using \<open>combinable \<Delta> A\<close> applies_eq_equiv combinable_instantiate_one by blast
+ qed
+ qed
+ assume ?A
+ show ?B
+ proof -
+ fix s show "combinable \<Delta> A"
+ proof (rule combinableI)
+ fix a b p q x \<sigma> s
+ assume "a, s, \<Delta> \<Turnstile> A \<and> b, s, \<Delta> \<Turnstile> A \<and> Some x = p \<odot> a \<oplus> q \<odot> b \<and> sadd p q = one"
+ then show "x, s, \<Delta> \<Turnstile> A"
+ using \<open>sem_combinable (applies_eq A \<Delta>)\<close> sem_combinable_appliesE by blast
+ qed
+ qed
+qed
+
+
+lemma combinable_set_closure:
+ "sem_combinable = set_closure_property (\<lambda>a b. { \<sigma> |\<sigma> p q. sadd p q = one \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b})"
+proof (rule ext)
+ fix \<Delta> :: "('c, 'd, 'a) interp"
+ show "sem_combinable \<Delta> = set_closure_property (\<lambda>a b. { \<sigma> |\<sigma> p q. sadd p q = one \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b}) \<Delta>" (is "?A \<longleftrightarrow> ?B")
+ proof
+ show "?A \<Longrightarrow> ?B"
+ proof -
+ assume ?A
+ show ?B
+ proof (rule set_closure_propertyI)
+ fix a b s
+ assume "a \<in> \<Delta> s \<and> b \<in> \<Delta> s"
+ then show "{x. \<exists>\<sigma> p q. x = \<sigma> \<and> sadd p q = one \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b} \<subseteq> \<Delta> s"
+ using \<open>sem_combinable \<Delta>\<close> sem_combinableE by blast
+ qed
+ qed
+ assume ?B
+ show ?A
+ proof (rule sem_combinableI)
+ fix s p q a b x
+ assume asm: "sadd p q = one \<and> a \<in> \<Delta> s \<and> b \<in> \<Delta> s \<and> Some x = p \<odot> a \<oplus> q \<odot> b"
+
+ then have "x \<in> (\<lambda>a b. { \<sigma> |\<sigma> p q. sadd p q = one \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b}) a b"
+ by blast
+ moreover have "(\<lambda>a b. { \<sigma> |\<sigma> p q. sadd p q = one \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b}) a b \<subseteq> \<Delta> s"
+ using \<open>?B\<close> set_closure_property_def[of "(\<lambda>a b. { \<sigma> |\<sigma> p q. sadd p q = one \<and> Some \<sigma> = p \<odot> a \<oplus> q \<odot> b})" \<Delta>]
+ asm by meson
+ ultimately show "x \<in> \<Delta> s" by blast
+ qed
+ qed
+qed
+
+
+
+
+
+
+
+subsection \<open>Transfinite induction\<close>
+
+
+definition Inf :: "('d, 'c, 'a) interp set \<Rightarrow> ('d, 'c, 'a) interp" where
+ "Inf S s = { \<sigma> |\<sigma>. \<forall>\<Delta> \<in> S. \<sigma> \<in> \<Delta> s}"
+
+
+definition Sup :: "('d, 'c, 'a) interp set \<Rightarrow> ('d, 'c, 'a) interp" where
+ "Sup S s = { \<sigma> |\<sigma>. \<exists>\<Delta> \<in> S. \<sigma> \<in> \<Delta> s}"
+
+definition inf :: "('d, 'c, 'a) interp \<Rightarrow> ('d, 'c, 'a) interp \<Rightarrow> ('d, 'c, 'a) interp" where
+ "inf \<Delta> \<Delta>' s = \<Delta> s \<inter> \<Delta>' s"
+
+definition less where
+ "less a b \<longleftrightarrow> smaller_interp a b \<and> a \<noteq> b"
+
+definition sup :: "('d, 'c, 'a) interp \<Rightarrow> ('d, 'c, 'a) interp \<Rightarrow> ('d, 'c, 'a) interp" where
+ "sup \<Delta> \<Delta>' s = \<Delta> s \<union> \<Delta>' s"
+
+lemma smaller_full:
+ "smaller_interp x full_interp"
+ by (simp add: full_interp_def smaller_interpI)
+
+
+lemma inf_empty:
+ "local.Inf {} = full_interp"
+proof (rule ext)
+ fix s :: "'c \<Rightarrow> 'd" show "local.Inf {} s = full_interp s"
+ by (simp add: Inf_def full_interp_def)
+qed
+
+lemma sup_empty:
+ "local.Sup {} = empty_interp"
+proof (rule ext)
+ fix s :: "'c \<Rightarrow> 'd" show "local.Sup {} s = empty_interp s"
+ by (simp add: Sup_def empty_interp_def)
+qed
+
+lemma test_axiom_inf:
+ assumes "\<And>x. x \<in> A \<Longrightarrow> smaller_interp z x"
+ shows "smaller_interp z (local.Inf A)"
+proof (rule smaller_interpI)
+ fix s x
+ assume "x \<in> z s"
+ then have "\<And>y. y \<in> A \<Longrightarrow> x \<in> y s"
+ by (metis assms in_mono smaller_interp_def)
+ then show "x \<in> local.Inf A s"
+ by (simp add: Inf_def)
+qed
+
+
+lemma test_axiom_sup:
+ assumes "\<And>x. x \<in> A \<Longrightarrow> smaller_interp x z"
+ shows "smaller_interp (local.Sup A) z"
+proof (rule smaller_interpI)
+ fix s x
+ assume "x \<in> local.Sup A s"
+ then obtain y where "y \<in> A" "x \<in> y s"
+ using Sup_def[of A s] mem_Collect_eq[of x]
+ by auto
+ then show "x \<in> z s"
+ by (metis assms smaller_interp_def subsetD)
+qed
+
+interpretation complete_lattice Inf Sup inf smaller_interp less sup empty_interp full_interp
+ apply standard
+ apply (metis less_def smaller_interp_antisym)
+ apply (simp add: smaller_interp_refl)
+ using smaller_interp_trans apply blast
+ using smaller_interp_antisym apply blast
+ apply (simp add: inf_def smaller_interp_def)
+ apply (simp add: inf_def smaller_interp_def)
+ apply (simp add: inf_def smaller_interp_def)
+ apply (simp add: smaller_interpI sup_def)
+ apply (simp add: smaller_interpI sup_def)
+ apply (simp add: smaller_interp_def sup_def)
+ apply (metis (mono_tags, lifting) CollectD Inf_def smaller_interpI)
+ using test_axiom_inf apply blast
+ apply (metis (mono_tags, lifting) CollectI Sup_def smaller_interpI)
+ using test_axiom_sup apply auto[1]
+ apply (simp add: inf_empty)
+ by (simp add: sup_empty)
+
+lemma mono_same:
+ "monotonic f \<longleftrightarrow> order_class.mono f"
+ by (metis (no_types, opaque_lifting) le_funE le_funI monotonic_def order_class.mono_def smaller_interp_def)
+
+lemma "smaller_interp a b \<longleftrightarrow> a \<le> b"
+ by (simp add: le_fun_def smaller_interp_def)
+
+
+
+lemma set_closure_property_admissible:
+ "ccpo.admissible Sup_class.Sup (\<le>) (set_closure_property S)"
+proof (rule ccpo.admissibleI)
+ fix A :: "('c, 'd, 'a) interp set"
+ assume asm0: "Complete_Partial_Order.chain (\<le>) A"
+ "A \<noteq> {}" "\<forall>x\<in>A. set_closure_property S x"
+
+ show "set_closure_property S (Sup_class.Sup A)"
+ proof (rule set_closure_propertyI)
+ fix a b s
+ assume asm: "a \<in> Sup_class.Sup A s \<and> b \<in> Sup_class.Sup A s"
+ then obtain \<Delta>a \<Delta>b where "\<Delta>a \<in> A" "\<Delta>b \<in> A" "a \<in> \<Delta>a s" "b \<in> \<Delta>b s"
+ by auto
+ then show "S a b \<subseteq> Sup_class.Sup A s"
+ proof (cases "\<Delta>a s \<subseteq> \<Delta>b s")
+ case True
+ then have "S a b \<subseteq> \<Delta>b s"
+ by (metis \<open>\<Delta>b \<in> A\<close> \<open>a \<in> \<Delta>a s\<close> \<open>b \<in> \<Delta>b s\<close> asm0(3) set_closure_property_def subsetD)
+ then show ?thesis
+ using \<open>\<Delta>b \<in> A\<close> by auto
+ next
+ case False
+ then have "\<Delta>b s \<subseteq> \<Delta>a s"
+ by (metis \<open>\<Delta>a \<in> A\<close> \<open>\<Delta>b \<in> A\<close> asm0(1) chainD le_funD)
+ then have "S a b \<subseteq> \<Delta>a s"
+ by (metis \<open>\<Delta>a \<in> A\<close> \<open>a \<in> \<Delta>a s\<close> \<open>b \<in> \<Delta>b s\<close> asm0(3) subsetD set_closure_property_def)
+ then show ?thesis using \<open>\<Delta>a \<in> A\<close> by auto
+ qed
+ qed
+qed
+
+
+definition supp :: "('d, 'c, 'a) interp \<Rightarrow> bool" where
+ "supp \<Delta> \<longleftrightarrow> (\<forall>a b s. a \<in> \<Delta> s \<and> b \<in> \<Delta> s \<longrightarrow> (\<exists>x. a \<succeq> x \<and> b \<succeq> x \<and> x \<in> \<Delta> s))"
+
+lemma suppI:
+ assumes "\<And>a b s. a \<in> \<Delta> s \<and> b \<in> \<Delta> s \<Longrightarrow> (\<exists>x. a \<succeq> x \<and> b \<succeq> x \<and> x \<in> \<Delta> s)"
+ shows "supp \<Delta>"
+ by (simp add: assms supp_def)
+
+lemma supp_admissible:
+ "ccpo.admissible Sup_class.Sup (\<le>) supp"
+proof (rule ccpo.admissibleI)
+ fix A :: "('c, 'd, 'a) interp set"
+ assume asm0: "Complete_Partial_Order.chain (\<le>) A"
+ "A \<noteq> {}" "\<forall>x\<in>A. supp x"
+ show "supp (Sup_class.Sup A)"
+ proof (rule suppI)
+ fix a b s
+ assume asm: "a \<in> Sup_class.Sup A s \<and> b \<in> Sup_class.Sup A s"
+ then obtain \<Delta>a \<Delta>b where "\<Delta>a \<in> A" "\<Delta>b \<in> A" "a \<in> \<Delta>a s" "b \<in> \<Delta>b s"
+ by auto
+ then show "\<exists>x. a \<succeq> x \<and> b \<succeq> x \<and> x \<in> Sup_class.Sup A s"
+ proof (cases "\<Delta>a s \<subseteq> \<Delta>b s")
+ case True
+ then have "a \<in> \<Delta>b s"
+ using \<open>a \<in> \<Delta>a s\<close> by blast
+ then obtain x where "a \<succeq> x" "b \<succeq> x" "x \<in> \<Delta>b s"
+ by (metis \<open>\<Delta>b \<in> A\<close> \<open>b \<in> \<Delta>b s\<close> asm0(3) supp_def)
+ then show ?thesis
+ using \<open>\<Delta>b \<in> A\<close> by auto
+ next
+ case False
+ then have "b \<in> \<Delta>a s"
+ by (metis \<open>\<Delta>a \<in> A\<close> \<open>\<Delta>b \<in> A\<close> \<open>b \<in> \<Delta>b s\<close> asm0(1) chainD le_funD subsetD)
+ then obtain x where "a \<succeq> x" "b \<succeq> x" "x \<in> \<Delta>a s"
+ using \<open>\<Delta>a \<in> A\<close> \<open>a \<in> \<Delta>a s\<close> asm0(3) supp_def by metis
+ then show ?thesis using \<open>\<Delta>a \<in> A\<close> by auto
+ qed
+ qed
+qed
+
+lemma "Sup_class.Sup {} = empty_interp" using empty_interp_def
+ by fastforce
+
+lemma set_closure_prop_empty_all:
+ shows "set_closure_property S empty_interp"
+ and "set_closure_property S full_interp"
+ apply (metis empty_interp_def equals0D set_closure_propertyI)
+ by (simp add: full_interp_def set_closure_propertyI)
+
+lemma LFP_preserves_set_closure_property_aux:
+ assumes "monotonic f"
+ and "set_closure_property S empty_interp"
+ and "\<And>\<Delta>. set_closure_property S \<Delta> \<Longrightarrow> set_closure_property S (f \<Delta>)"
+ shows "set_closure_property S (ccpo_class.fixp f)"
+ using set_closure_property_admissible
+proof (rule fixp_induct[of "set_closure_property S"])
+ show "set_closure_property S (Sup_class.Sup {})"
+ by (simp add: set_closure_property_def)
+ show "monotone (\<le>) (\<le>) f"
+ by (metis (full_types) assms(1) le_fun_def monotoneI monotonic_def smaller_interp_def)
+ show "\<And>x. set_closure_property S x \<Longrightarrow> set_closure_property S (f x)"
+ by (simp add: assms(3))
+qed
+
+lemma GFP_preserves_set_closure_property_aux:
+ assumes "order_class.mono f"
+ and "set_closure_property S full_interp"
+ and "\<And>\<Delta>. set_closure_property S \<Delta> \<Longrightarrow> set_closure_property S (f \<Delta>)"
+ shows "set_closure_property S (complete_lattice_class.gfp f)"
+ using assms(1)
+proof (rule gfp_ordinal_induct[of f "set_closure_property S"])
+ show "\<And>Sa. set_closure_property S Sa \<Longrightarrow> complete_lattice_class.gfp f \<le> Sa \<Longrightarrow> set_closure_property S (f Sa)"
+ using assms(3) by blast
+ fix M :: "('c, 'd, 'a) interp set"
+ assume "\<forall>Sa\<in>M. set_closure_property S Sa"
+ show "set_closure_property S (Inf_class.Inf M)"
+ proof (rule set_closure_propertyI)
+ fix a b s
+ assume "a \<in> Inf_class.Inf M s \<and> b \<in> Inf_class.Inf M s"
+ then have "\<And>\<Delta>. \<Delta> \<in> M \<Longrightarrow> a \<in> \<Delta> s \<and> b \<in> \<Delta> s"
+ by simp
+ then have "\<And>\<Delta>. \<Delta> \<in> M \<Longrightarrow> S a b \<subseteq> \<Delta> s"
+ by (metis \<open>\<forall>Sa\<in>M. set_closure_property S Sa\<close> set_closure_property_def)
+ show "S a b \<subseteq> Inf_class.Inf M s"
+ by (simp add: \<open>\<And>\<Delta>. \<Delta> \<in> M \<Longrightarrow> S a b \<subseteq> \<Delta> s\<close> complete_lattice_class.INF_greatest)
+ qed
+qed
+
+
+
+
+
+
+
+
+subsection Theorems
+
+subsubsection \<open>Greatest Fixed Point\<close>
+
+theorem GFP_is_FP:
+ assumes "monotonic f"
+ shows "f (GFP f) = GFP f"
+proof -
+ let ?u = "GFP f"
+ have "\<And>x. x \<in> D f \<Longrightarrow> smaller_interp x (f ?u)"
+ proof -
+ fix x
+ assume "x \<in> D f"
+ then have "smaller_interp (f x) (f ?u)"
+ using assms monotonic_def smaller_interp_D by blast
+ moreover have "smaller_interp x (f x)"
+ using D_def \<open>x \<in> D f\<close> by fastforce
+ ultimately show "smaller_interp x (f ?u)"
+ using smaller_interp_trans by blast
+ qed
+ then have "?u \<in> D f"
+ using D_def GFP_lub by blast
+ then have "f ?u \<in> D f"
+ by (metis CollectI D_def \<open>\<And>x. x \<in> D f \<Longrightarrow> smaller_interp x (f (GFP f))\<close> assms monotonic_def)
+ then show ?thesis
+ by (simp add: \<open>GFP f \<in> D f\<close> \<open>\<And>x. x \<in> D f \<Longrightarrow> smaller_interp x (f (GFP f))\<close> smaller_interp_D smaller_interp_antisym)
+qed
+
+
+theorem GFP_greatest:
+ assumes "f u = u"
+ shows "smaller_interp u (GFP f)"
+ by (simp add: D_def assms smaller_interp_D smaller_interp_refl)
+
+
+lemma same_GFP:
+ assumes "monotonic f"
+ shows "complete_lattice_class.gfp f = GFP f"
+proof -
+ have "f (GFP f) = GFP f"
+ using GFP_is_FP assms by blast
+ then have "smaller_interp (GFP f) (complete_lattice_class.gfp f)"
+ by (metis complete_lattice_class.gfp_upperbound le_funD order_class.order.eq_iff smaller_interp_def)
+ moreover have "f (complete_lattice_class.gfp f) = complete_lattice_class.gfp f"
+ using assms gfp_fixpoint mono_same by blast
+ then have "smaller_interp (complete_lattice_class.gfp f) (GFP f)"
+ by (simp add: GFP_greatest)
+ ultimately show ?thesis
+ by simp
+qed
+
+subsubsection \<open>Least Fixed Point\<close>
+
+theorem LFP_is_FP:
+ assumes "monotonic f"
+ shows "f (LFP f) = LFP f"
+proof -
+ let ?u = "LFP f"
+ have "\<And>x. x \<in> DD f \<Longrightarrow> smaller_interp (f ?u) x"
+ proof -
+ fix x
+ assume "x \<in> DD f"
+ then have "smaller_interp (f ?u) (f x)"
+ using assms monotonic_def smaller_interp_DD by blast
+ moreover have "smaller_interp (f x) x"
+ using DD_def \<open>x \<in> DD f\<close> by fastforce
+ ultimately show "smaller_interp (f ?u) x"
+ using smaller_interp_trans by blast
+ qed
+ then have "?u \<in> DD f"
+ using DD_def LFP_glb by blast
+ then have "f ?u \<in> DD f"
+ by (metis (mono_tags, lifting) CollectI DD_def \<open>\<And>x. x \<in> DD f \<Longrightarrow> smaller_interp (f (LFP f)) x\<close> assms monotonic_def)
+ then show ?thesis
+ by (simp add: \<open>LFP f \<in> DD f\<close> \<open>\<And>x. x \<in> DD f \<Longrightarrow> smaller_interp (f (LFP f)) x\<close> smaller_interp_DD smaller_interp_antisym)
+qed
+
+theorem LFP_least:
+ assumes "f u = u"
+ shows "smaller_interp (LFP f) u"
+ by (simp add: DD_def assms smaller_interp_DD smaller_interp_refl)
+
+
+
+lemma same_LFP:
+ assumes "monotonic f"
+ shows "complete_lattice_class.lfp f = LFP f"
+proof -
+ have "f (LFP f) = LFP f"
+ using LFP_is_FP assms by blast
+ then have "smaller_interp (complete_lattice_class.lfp f) (LFP f)"
+ by (metis complete_lattice_class.lfp_lowerbound le_funE preorder_class.order_refl smaller_interp_def)
+ moreover have "f (complete_lattice_class.gfp f) = complete_lattice_class.gfp f"
+ using assms gfp_fixpoint mono_same by blast
+ then have "smaller_interp (LFP f) (complete_lattice_class.lfp f)"
+ by (meson LFP_least assms lfp_fixpoint mono_same)
+ ultimately show ?thesis
+ by simp
+qed
+
+
+lemma LFP_same:
+ assumes "monotonic f"
+ shows "ccpo_class.fixp f = LFP f"
+proof -
+ have "f (ccpo_class.fixp f) = ccpo_class.fixp f"
+ by (metis (mono_tags, lifting) assms fixp_unfold mono_same monotoneI order_class.mono_def)
+ then have "smaller_interp (LFP f) (ccpo_class.fixp f)"
+ by (simp add: LFP_least)
+ moreover have "f (LFP f) = LFP f"
+ using LFP_is_FP assms by blast
+ then have "ccpo_class.fixp f \<le> LFP f"
+ by (metis assms fixp_lowerbound mono_same monotoneI order_class.mono_def preorder_class.order_refl)
+ ultimately show ?thesis
+ by (metis assms lfp_eq_fixp mono_same same_LFP)
+qed
+
+
+
+text \<open>The following theorem corresponds to Theorem 5 of the paper~\cite{UnboundedSL}.\<close>
+
+theorem FP_preserves_set_closure_property:
+ assumes "monotonic f"
+ and "\<And>\<Delta>. set_closure_property S \<Delta> \<Longrightarrow> set_closure_property S (f \<Delta>)"
+ shows "set_closure_property S (GFP f)"
+ and "set_closure_property S (LFP f)"
+ apply (metis GFP_preserves_set_closure_property_aux assms(1) assms(2) mono_same same_GFP set_closure_prop_empty_all(2))
+ by (metis LFP_preserves_set_closure_property_aux LFP_same assms(1) assms(2) set_closure_prop_empty_all(1))
+
+end
+
+end
\ No newline at end of file
diff --git a/thys/Separation_Logic_Unbounded/ROOT b/thys/Separation_Logic_Unbounded/ROOT
new file mode 100644
--- /dev/null
+++ b/thys/Separation_Logic_Unbounded/ROOT
@@ -0,0 +1,14 @@
+chapter AFP
+
+session Separation_Logic_Unbounded (AFP) = HOL +
+ options [timeout=300]
+ theories
+ AutomaticVerifiers
+ Combinability
+ FixedPoint
+ Distributivity
+ UnboundedLogic
+ WandProperties
+ document_files
+ "root.bib"
+ "root.tex"
diff --git a/thys/Separation_Logic_Unbounded/UnboundedLogic.thy b/thys/Separation_Logic_Unbounded/UnboundedLogic.thy
new file mode 100644
--- /dev/null
+++ b/thys/Separation_Logic_Unbounded/UnboundedLogic.thy
@@ -0,0 +1,346 @@
+section \<open>Unbounded Separation Logic\<close>
+
+theory UnboundedLogic
+ imports Main
+begin
+
+subsection \<open>Assertions and state model\<close>
+
+text \<open>We define our assertion language as described in Section 2.3 of the paper~\cite{UnboundedSL}.\<close>
+
+datatype ('a, 'b, 'c, 'd) assertion =
+ Sem "('d \<Rightarrow> 'c) \<Rightarrow> 'a \<Rightarrow> bool"
+ | Mult 'b "('a, 'b, 'c, 'd) assertion"
+ | Star "('a, 'b, 'c, 'd) assertion" "('a, 'b, 'c, 'd) assertion"
+ | Wand "('a, 'b, 'c, 'd) assertion" "('a, 'b, 'c, 'd) assertion"
+ | Or "('a, 'b, 'c, 'd) assertion" "('a, 'b, 'c, 'd) assertion"
+ | And "('a, 'b, 'c, 'd) assertion" "('a, 'b, 'c, 'd) assertion"
+ | Imp "('a, 'b, 'c, 'd) assertion" "('a, 'b, 'c, 'd) assertion"
+ | Exists 'd "('a, 'b, 'c, 'd) assertion"
+ | Forall 'd "('a, 'b, 'c, 'd) assertion"
+ | Pred
+ | Bounded "('a, 'b, 'c, 'd) assertion"
+ | Wildcard "('a, 'b, 'c, 'd) assertion"
+
+type_synonym 'a command = "('a \<times> 'a option) set"
+
+locale pre_logic =
+ fixes plus :: "'a \<Rightarrow> 'a \<Rightarrow> 'a option" (infixl "\<oplus>" 63)
+
+begin
+
+definition compatible :: "'a \<Rightarrow> 'a \<Rightarrow> bool" (infixl "##" 60) where
+ "a ## b \<longleftrightarrow> a \<oplus> b \<noteq> None"
+
+definition larger :: "'a \<Rightarrow> 'a \<Rightarrow> bool" (infixl "\<succeq>" 55) where
+ "a \<succeq> b \<longleftrightarrow> (\<exists>c. Some a = b \<oplus> c)"
+
+end
+
+type_synonym ('a, 'b, 'c) interp = "('a \<Rightarrow> 'b) \<Rightarrow> 'c set"
+
+text \<open>The following locale captures the state model described in Section 2.2 of the paper~\cite{UnboundedSL}.\<close>
+
+locale logic = pre_logic +
+
+ fixes mult :: "'b \<Rightarrow> 'a \<Rightarrow> 'a" (infixl "\<odot>" 64)
+
+ fixes smult :: "'b \<Rightarrow> 'b \<Rightarrow> 'b"
+ fixes sadd :: "'b \<Rightarrow> 'b \<Rightarrow> 'b"
+ fixes sinv :: "'b \<Rightarrow> 'b"
+
+ fixes one :: 'b
+
+ fixes valid :: "'a \<Rightarrow> bool"
+
+
+ assumes commutative: "a \<oplus> b = b \<oplus> a"
+ and asso1: "a \<oplus> b = Some ab \<and> b \<oplus> c = Some bc \<Longrightarrow> ab \<oplus> c = a \<oplus> bc"
+ and asso2: "a \<oplus> b = Some ab \<and> \<not> b ## c \<Longrightarrow> \<not> ab ## c"
+
+ and sinv_inverse: "smult p (sinv p) = one"
+ and sone_neutral: "smult one p = p"
+ and sadd_comm: "sadd p q = sadd q p"
+ and smult_comm: "smult p q = smult q p"
+ and smult_distrib: "smult p (sadd q r) = sadd (smult p q) (smult p r)"
+ and smult_asso: "smult (smult p q) r = smult p (smult q r)"
+
+ and double_mult: "p \<odot> (q \<odot> a) = (smult p q) \<odot> a"
+ and plus_mult: "Some a = b \<oplus> c \<Longrightarrow> Some (p \<odot> a) = (p \<odot> b) \<oplus> (p \<odot> c)"
+ and distrib_mult: "Some ((sadd p q) \<odot> x) = p \<odot> x \<oplus> q \<odot> x"
+ and one_neutral: "one \<odot> a = a"
+
+ and valid_mono: "valid a \<and> a \<succeq> b \<Longrightarrow> valid b"
+
+begin
+
+text \<open>The validity of assertions corresponds to Figure 3 of the paper~\cite{UnboundedSL}.\<close>
+
+fun sat :: "'a \<Rightarrow> ('d \<Rightarrow> 'c) \<Rightarrow> ('d, 'c, 'a) interp \<Rightarrow> ('a, 'b, 'c, 'd) assertion \<Rightarrow> bool" ("_, _, _ \<Turnstile> _" [51, 65, 68, 66] 50) where
+ "\<sigma>, s, \<Delta> \<Turnstile> Mult p A \<longleftrightarrow> (\<exists>a. \<sigma> = p \<odot> a \<and> a, s, \<Delta> \<Turnstile> A)"
+| "\<sigma>, s, \<Delta> \<Turnstile> Star A B \<longleftrightarrow> (\<exists>a b. Some \<sigma> = a \<oplus> b \<and> a, s, \<Delta> \<Turnstile> A \<and> b, s, \<Delta> \<Turnstile> B)"
+| "\<sigma>, s, \<Delta> \<Turnstile> Wand A B \<longleftrightarrow> (\<forall>a \<sigma>'. a, s, \<Delta> \<Turnstile> A \<and> Some \<sigma>' = \<sigma> \<oplus> a \<longrightarrow> \<sigma>', s, \<Delta> \<Turnstile> B)"
+
+| "\<sigma>, s, \<Delta> \<Turnstile> Sem b \<longleftrightarrow> b s \<sigma>"
+| "\<sigma>, s, \<Delta> \<Turnstile> Imp A B \<longleftrightarrow> (\<sigma>, s, \<Delta> \<Turnstile> A \<longrightarrow> \<sigma>, s, \<Delta> \<Turnstile> B)"
+| "\<sigma>, s, \<Delta> \<Turnstile> Or A B \<longleftrightarrow> (\<sigma>, s, \<Delta> \<Turnstile> A \<or> \<sigma>, s, \<Delta> \<Turnstile> B)"
+| "\<sigma>, s, \<Delta> \<Turnstile> And A B \<longleftrightarrow> (\<sigma>, s, \<Delta> \<Turnstile> A \<and> \<sigma>, s, \<Delta> \<Turnstile> B)"
+
+| "\<sigma>, s, \<Delta> \<Turnstile> Exists x A \<longleftrightarrow> (\<exists>v. \<sigma>, s(x := v), \<Delta> \<Turnstile> A)"
+| "\<sigma>, s, \<Delta> \<Turnstile> Forall x A \<longleftrightarrow> (\<forall>v. \<sigma>, s(x := v), \<Delta> \<Turnstile> A)"
+
+| "\<sigma>, s, \<Delta> \<Turnstile> Pred \<longleftrightarrow> (\<sigma> \<in> \<Delta> s)"
+| "\<sigma>, s, \<Delta> \<Turnstile> Bounded A \<longleftrightarrow> (valid \<sigma> \<longrightarrow> \<sigma>, s, \<Delta> \<Turnstile> A)"
+| "\<sigma>, s, \<Delta> \<Turnstile> Wildcard A \<longleftrightarrow> (\<exists>a p. \<sigma> = p \<odot> a \<and> a, s, \<Delta> \<Turnstile> A)"
+
+definition intuitionistic :: "('d \<Rightarrow> 'c) \<Rightarrow> ('d, 'c, 'a) interp \<Rightarrow> ('a, 'b, 'c, 'd) assertion \<Rightarrow> bool" where
+ "intuitionistic s \<Delta> A \<longleftrightarrow> (\<forall>a b. a \<succeq> b \<and> b, s, \<Delta> \<Turnstile> A \<longrightarrow> a, s, \<Delta> \<Turnstile> A)"
+
+definition entails :: "('a, 'b, 'c, 'd) assertion \<Rightarrow> ('d, 'c, 'a) interp \<Rightarrow> ('a, 'b, 'c, 'd) assertion \<Rightarrow> bool" ("_, _ \<turnstile> _" [63, 66, 68] 52) where
+ "A, \<Delta> \<turnstile> B \<longleftrightarrow> (\<forall>\<sigma> s. \<sigma>, s, \<Delta> \<Turnstile> A \<longrightarrow> \<sigma>, s, \<Delta> \<Turnstile> B)"
+
+definition equivalent :: "('a, 'b, 'c, 'd) assertion \<Rightarrow> ('d, 'c, 'a) interp \<Rightarrow> ('a, 'b, 'c, 'd) assertion \<Rightarrow> bool" ("_, _ \<equiv> _" [63, 66, 68] 52) where
+ "A, \<Delta> \<equiv> B \<longleftrightarrow> (A, \<Delta> \<turnstile> B \<and> B, \<Delta> \<turnstile> A)"
+
+definition pure :: "('a, 'b, 'c, 'd) assertion \<Rightarrow> bool" where
+ "pure A \<longleftrightarrow> (\<forall>\<sigma> \<sigma>' s \<Delta> \<Delta>'. \<sigma>, s, \<Delta> \<Turnstile> A \<longleftrightarrow> \<sigma>', s, \<Delta>' \<Turnstile> A)"
+
+
+subsection \<open>Useful lemmas\<close>
+
+lemma sat_forall:
+ assumes "\<And>v. \<sigma>, s(x := v), \<Delta> \<Turnstile> A"
+ shows "\<sigma>, s, \<Delta> \<Turnstile> Forall x A"
+ by (simp add: assms)
+
+lemma intuitionisticI:
+ assumes "\<And>a b. a \<succeq> b \<and> b, s, \<Delta> \<Turnstile> A \<Longrightarrow> a, s, \<Delta> \<Turnstile> A"
+ shows "intuitionistic s \<Delta> A"
+ by (meson assms intuitionistic_def)
+
+lemma can_divide:
+ assumes "p \<odot> a = p \<odot> b"
+ shows "a = b"
+ by (metis assms double_mult logic.one_neutral logic_axioms sinv_inverse smult_comm)
+
+lemma unique_inv:
+ "a = p \<odot> b \<longleftrightarrow> b = (sinv p) \<odot> a"
+ by (metis double_mult logic.can_divide logic_axioms sinv_inverse sone_neutral)
+
+lemma entailsI:
+ assumes "\<And>\<sigma> s. \<sigma>, s, \<Delta> \<Turnstile> A \<Longrightarrow> \<sigma>, s, \<Delta> \<Turnstile> B"
+ shows "A, \<Delta> \<turnstile> B"
+ by (simp add: assms entails_def)
+
+lemma equivalentI:
+ assumes "\<And>\<sigma> s. \<sigma>, s, \<Delta> \<Turnstile> A \<Longrightarrow> \<sigma>, s, \<Delta> \<Turnstile> B"
+ and "\<And>\<sigma> s. \<sigma>, s, \<Delta> \<Turnstile> B \<Longrightarrow> \<sigma>, s, \<Delta> \<Turnstile> A"
+ shows "A, \<Delta> \<equiv> B"
+ by (simp add: assms(1) assms(2) entailsI equivalent_def)
+
+lemma compatible_imp:
+ assumes "a ## b"
+ shows "(p \<odot> a) ## (p \<odot> b)"
+ by (metis assms compatible_def option.distinct(1) option.exhaust plus_mult)
+
+lemma compatible_iff:
+ "a ## b \<longleftrightarrow> (p \<odot> a) ## (p \<odot> b)"
+ by (metis compatible_imp unique_inv)
+
+lemma sat_wand:
+ assumes "\<And>a \<sigma>'. a, s, \<Delta> \<Turnstile> A \<and> Some \<sigma>' = \<sigma> \<oplus> a \<Longrightarrow> \<sigma>', s, \<Delta> \<Turnstile> B"
+ shows "\<sigma>, s, \<Delta> \<Turnstile> Wand A B"
+ using assms by auto
+
+lemma sat_imp:
+ assumes "\<sigma>, s, \<Delta> \<Turnstile> A \<Longrightarrow> \<sigma>, s, \<Delta> \<Turnstile> B"
+ shows "\<sigma>, s, \<Delta> \<Turnstile> Imp A B"
+ using assms by auto
+
+lemma sat_mult:
+ assumes "\<And>a. \<sigma> = p \<odot> a \<Longrightarrow> a, s, \<Delta> \<Turnstile> A"
+ shows "\<sigma>, s, \<Delta> \<Turnstile> Mult p A"
+ by (metis assms logic.sat.simps(1) logic_axioms unique_inv)
+
+lemma larger_same:
+ "a \<succeq> b \<longleftrightarrow> p \<odot> a \<succeq> p \<odot> b"
+proof -
+ have "\<And>a b p. a \<succeq> b \<Longrightarrow> p \<odot> a \<succeq> p \<odot> b"
+ by (meson larger_def plus_mult)
+ then show ?thesis
+ by (metis unique_inv)
+qed
+
+lemma asso3:
+ assumes "\<not> a ## b"
+ and "b \<oplus> c = Some bc"
+ shows "\<not> a ## bc"
+ by (metis (full_types) assms(1) assms(2) asso2 commutative compatible_def)
+
+lemma compatible_smaller:
+ assumes "a \<succeq> b"
+ and "x ## a"
+ shows "x ## b"
+ by (metis assms(1) assms(2) asso3 larger_def)
+
+lemma compatible_multiples:
+ assumes "p \<odot> a ## q \<odot> b"
+ shows "a ## b"
+ by (metis (no_types, opaque_lifting) assms commutative compatible_def compatible_iff compatible_smaller distrib_mult larger_def one_neutral)
+
+lemma move_sum:
+ assumes "Some a = a1 \<oplus> a2"
+ and "Some b = b1 \<oplus> b2"
+ and "Some x = a \<oplus> b"
+ and "Some x1 = a1 \<oplus> b1"
+ and "Some x2 = a2 \<oplus> b2"
+ shows "Some x = x1 \<oplus> x2"
+proof -
+ obtain ab1 where "Some ab1 = a \<oplus> b1"
+ by (metis assms(2) assms(3) asso3 compatible_def not_Some_eq)
+ then have "Some ab1 = x1 \<oplus> a2"
+ by (metis assms(1) assms(4) asso1 commutative)
+ then show ?thesis
+ by (metis \<open>Some ab1 = a \<oplus> b1\<close> assms(2) assms(3) assms(5) asso1)
+qed
+
+lemma sum_both_larger:
+ assumes "Some x' = a' \<oplus> b'"
+ and "Some x = a \<oplus> b"
+ and "a' \<succeq> a"
+ and "b' \<succeq> b"
+ shows "x' \<succeq> x"
+proof -
+ obtain ra rb where "Some a' = a \<oplus> ra" "Some b' = b \<oplus> rb"
+ using assms(3) assms(4) larger_def by auto
+ then obtain r where "Some r = ra \<oplus> rb"
+ by (metis assms(1) asso3 commutative compatible_def option.collapse)
+ then have "Some x' = x \<oplus> r"
+ by (meson \<open>Some a' = a \<oplus> ra\<close> \<open>Some b' = b \<oplus> rb\<close> assms(1) assms(2) move_sum)
+ then show ?thesis
+ using larger_def by blast
+qed
+
+lemma larger_first_sum:
+ assumes "Some y = a \<oplus> b"
+ and "x \<succeq> y"
+ shows "\<exists>a'. Some x = a' \<oplus> b \<and> a' \<succeq> a"
+proof -
+ obtain r where "Some x = y \<oplus> r"
+ using assms(2) larger_def by auto
+ then obtain a' where "Some a' = a \<oplus> r"
+ by (metis assms(1) asso2 commutative compatible_def option.collapse)
+ then show ?thesis
+ by (metis \<open>Some x = y \<oplus> r\<close> assms(1) asso1 commutative larger_def)
+qed
+
+lemma larger_implies_compatible:
+ assumes "x \<succeq> y"
+ shows "x ## y"
+ by (metis assms compatible_def compatible_smaller distrib_mult one_neutral option.distinct(1))
+
+
+
+
+
+
+
+section \<open>Frame rule\<close>
+
+text \<open>This section corresponds to Section 2.5 of the paper~\cite{UnboundedSL}.\<close>
+
+definition safe :: "('a \<times> ('d \<Rightarrow> 'c)) command \<Rightarrow> ('a \<times> ('d \<Rightarrow> 'c)) \<Rightarrow> bool" where
+ "safe c \<sigma> \<longleftrightarrow> (\<sigma>, None) \<notin> c"
+
+definition safety_monotonicity :: "('a \<times> ('d \<Rightarrow> 'c)) command \<Rightarrow> bool" where
+ "safety_monotonicity c \<longleftrightarrow> (\<forall>\<sigma> \<sigma>' s. valid \<sigma>' \<and> \<sigma>' \<succeq> \<sigma> \<and> safe c (\<sigma>, s) \<longrightarrow> safe c (\<sigma>', s))"
+
+definition frame_property :: "('a \<times> ('d \<Rightarrow> 'c)) command \<Rightarrow> bool" where
+ "frame_property c \<longleftrightarrow> (\<forall>\<sigma> \<sigma>0 r \<sigma>' s s'. valid \<sigma> \<and> valid \<sigma>' \<and> safe c (\<sigma>0, s) \<and> Some \<sigma> = \<sigma>0 \<oplus> r \<and> ((\<sigma>, s), Some (\<sigma>', s')) \<in> c
+ \<longrightarrow> (\<exists>\<sigma>0'. Some \<sigma>' = \<sigma>0' \<oplus> r \<and> ((\<sigma>0, s), Some (\<sigma>0', s')) \<in> c))"
+
+definition valid_hoare_triple :: "('a, 'b, 'c, 'd) assertion \<Rightarrow> ('a \<times> ('d \<Rightarrow> 'c)) command \<Rightarrow> ('a, 'b, 'c, 'd) assertion \<Rightarrow> ('d, 'c, 'a) interp \<Rightarrow> bool" where
+ "valid_hoare_triple P c Q \<Delta> \<longleftrightarrow> (\<forall>\<sigma> s. valid \<sigma> \<and> \<sigma>, s, \<Delta> \<Turnstile> P \<longrightarrow> safe c (\<sigma>, s) \<and> (\<forall>\<sigma>' s'. ((\<sigma>, s), Some (\<sigma>', s')) \<in> c \<longrightarrow> \<sigma>', s', \<Delta> \<Turnstile> Q))"
+
+lemma valid_hoare_tripleI:
+ assumes "\<And>\<sigma> s. valid \<sigma> \<and> \<sigma>, s, \<Delta> \<Turnstile> P \<Longrightarrow> safe c (\<sigma>, s)"
+ and "\<And>\<sigma> s \<sigma>' s'. valid \<sigma> \<and> \<sigma>, s, \<Delta> \<Turnstile> P \<Longrightarrow> ((\<sigma>, s), Some (\<sigma>', s')) \<in> c \<Longrightarrow> \<sigma>', s', \<Delta> \<Turnstile> Q"
+ shows "valid_hoare_triple P c Q \<Delta>"
+ using assms(1) assms(2) valid_hoare_triple_def by blast
+
+definition valid_command :: "('a \<times> ('d \<Rightarrow> 'c)) command \<Rightarrow> bool" where
+ "valid_command c \<longleftrightarrow> (\<forall>a b sa sb. ((a, sa), Some (b, sb)) \<in> c \<and> valid a \<longrightarrow> valid b)"
+
+definition modified :: "('a \<times> ('d \<Rightarrow> 'c)) command \<Rightarrow> 'd set" where
+ "modified c = { x |x. \<exists>\<sigma> s \<sigma>' s'. ((\<sigma>, s), Some (\<sigma>', s')) \<in> c \<and> s x \<noteq> s' x }"
+
+definition equal_outside :: "('d \<Rightarrow> 'c) \<Rightarrow> ('d \<Rightarrow> 'c) \<Rightarrow> 'd set \<Rightarrow> bool" where
+ "equal_outside s s' S \<longleftrightarrow> (\<forall>x. x \<notin> S \<longrightarrow> s x = s' x)"
+
+
+
+definition not_in_fv :: "('a, 'b, 'c, 'd) assertion \<Rightarrow> 'd set \<Rightarrow> bool" where
+ "not_in_fv A S \<longleftrightarrow> (\<forall>\<sigma> s \<Delta> s'. equal_outside s s' S \<longrightarrow> (\<sigma>, s, \<Delta> \<Turnstile> A \<longleftrightarrow> \<sigma>, s', \<Delta> \<Turnstile> A))"
+
+
+
+lemma not_in_fv_mod:
+ assumes "not_in_fv A (modified c)"
+ and "((\<sigma>, s), Some (\<sigma>', s')) \<in> c"
+ shows "x, s, \<Delta> \<Turnstile> A \<longleftrightarrow> x, s', \<Delta> \<Turnstile> A"
+proof -
+ have "\<And>x. x \<notin> (modified c) \<Longrightarrow> s x = s' x"
+ proof -
+ fix x assume "x \<notin> (modified c)"
+ then show "s x = s' x"
+ by (metis (mono_tags, lifting) CollectI assms(2) modified_def)
+ qed
+ then have "equal_outside s s' (modified c)"
+ by (simp add: equal_outside_def)
+ then show ?thesis
+ using assms(1) not_in_fv_def by blast
+qed
+
+
+text \<open>This theorem corresponds to Theorem 2 of the paper~\cite{UnboundedSL}.\<close>
+
+theorem frame_rule:
+ assumes "valid_command c"
+ and "safety_monotonicity c"
+ and "frame_property c"
+ and "valid_hoare_triple P c Q \<Delta>"
+ and "not_in_fv R (modified c)"
+ shows "valid_hoare_triple (Star P R) c (Star Q R) \<Delta>"
+proof (rule valid_hoare_tripleI)
+ fix \<sigma> s assume asm0: "valid \<sigma> \<and> \<sigma>, s, \<Delta> \<Turnstile> Star P R"
+ then obtain p r where "Some \<sigma> = p \<oplus> r" "p, s, \<Delta> \<Turnstile> P" "r, s, \<Delta> \<Turnstile> R"
+ by auto
+ then have "safe c (p, s)"
+ by (metis asm0 assms(4) larger_def logic.valid_mono logic_axioms valid_hoare_triple_def)
+ then show "safe c (\<sigma>, s)"
+ using \<open>Some \<sigma> = p \<oplus> r\<close> assms(2) larger_def safety_monotonicity_def asm0 by blast
+ fix \<sigma>' s' assume asm1: "((\<sigma>, s), Some (\<sigma>', s')) \<in> c"
+ then obtain q where "Some \<sigma>' = q \<oplus> r" "((p, s), Some (q, s')) \<in> c"
+ using \<open>Some \<sigma> = p \<oplus> r\<close> \<open>safe c (p, s)\<close> asm0 assms(1) assms(3) frame_property_def valid_command_def by blast
+ moreover have "r, s', \<Delta> \<Turnstile> R"
+ by (meson \<open>r, s, \<Delta> \<Turnstile> R\<close> assms(5) calculation(2) logic.not_in_fv_mod logic_axioms)
+ ultimately show "\<sigma>', s', \<Delta> \<Turnstile> Star Q R"
+ by (meson \<open>Some \<sigma> = p \<oplus> r\<close> \<open>p, s, \<Delta> \<Turnstile> P\<close> \<open>r, s, \<Delta> \<Turnstile> R\<close> asm0 assms(4) larger_def sat.simps(2) valid_hoare_triple_def valid_mono)
+qed
+
+
+lemma hoare_triple_input:
+ "valid_hoare_triple P c Q \<Delta> \<longleftrightarrow> valid_hoare_triple (Bounded P) c Q \<Delta>"
+ using sat.simps(11) valid_hoare_triple_def by blast
+
+
+lemma hoare_triple_output:
+ assumes "valid_command c"
+ shows "valid_hoare_triple P c Q \<Delta> \<longleftrightarrow> valid_hoare_triple P c (Bounded Q) \<Delta>"
+ using assms valid_command_def valid_hoare_triple_def by fastforce
+
+
+
+end
+
+end
\ No newline at end of file
diff --git a/thys/Separation_Logic_Unbounded/WandProperties.thy b/thys/Separation_Logic_Unbounded/WandProperties.thy
new file mode 100644
--- /dev/null
+++ b/thys/Separation_Logic_Unbounded/WandProperties.thy
@@ -0,0 +1,133 @@
+section \<open>Properties of Magic Wands\<close>
+
+theory WandProperties
+ imports Distributivity
+begin
+
+context logic
+begin
+
+lemma modus_ponens:
+ "Star P (Wand P Q), \<Delta> \<turnstile> Q"
+proof (rule entailsI)
+ fix \<sigma> s
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Star P (Wand P Q)"
+ show "\<sigma>, s, \<Delta> \<Turnstile> Q"
+ using \<open>\<sigma>, s, \<Delta> \<Turnstile> Star P (Wand P Q)\<close> commutative by force
+qed
+
+lemma transitivity:
+ "Star (Wand A B) (Wand B C), \<Delta> \<turnstile> Wand A C"
+proof (rule entailsI)
+ fix \<sigma> s
+ assume asm0: "\<sigma>, s, \<Delta> \<Turnstile> Star (Wand A B) (Wand B C)"
+ then obtain ab bc where "Some \<sigma> = ab \<oplus> bc" "ab, s, \<Delta> \<Turnstile> Wand A B" "bc, s, \<Delta> \<Turnstile> Wand B C"
+ by auto
+ show "\<sigma>, s, \<Delta> \<Turnstile> Wand A C"
+ proof (rule sat_wand)
+ fix a \<sigma>'
+ assume asm1: "a, s, \<Delta> \<Turnstile> A \<and> Some \<sigma>' = \<sigma> \<oplus> a"
+ then obtain aab where "Some aab = ab \<oplus> a"
+ by (metis \<open>Some \<sigma> = ab \<oplus> bc\<close> asso3 commutative compatible_def option.exhaust_sel)
+ then have "Some \<sigma>' = aab \<oplus> bc"
+ by (metis \<open>Some \<sigma> = ab \<oplus> bc\<close> asm1 asso1 commutative)
+ moreover have "aab, s, \<Delta> \<Turnstile> B"
+ using \<open>Some aab = ab \<oplus> a\<close> \<open>ab, s, \<Delta> \<Turnstile> Wand A B\<close> asm1 by auto
+ ultimately show "\<sigma>', s, \<Delta> \<Turnstile> C"
+ using \<open>bc, s, \<Delta> \<Turnstile> Wand B C\<close> commutative by auto
+ qed
+qed
+
+lemma currying1:
+ "Wand (Star A B) C, \<Delta> \<turnstile> Wand A (Wand B C)"
+proof (rule entailsI)
+ fix \<sigma> s
+ assume asm0: "\<sigma>, s, \<Delta> \<Turnstile> Wand (Star A B) C"
+ show "\<sigma>, s, \<Delta> \<Turnstile> Wand A (Wand B C)"
+ proof (rule sat_wand)
+ fix a \<sigma>'
+ assume asm1: "a, s, \<Delta> \<Turnstile> A \<and> Some \<sigma>' = \<sigma> \<oplus> a"
+ show "\<sigma>', s, \<Delta> \<Turnstile> Wand B C"
+ proof (rule sat_wand)
+ fix b \<sigma>''
+ assume asm2: "b, s, \<Delta> \<Turnstile> B \<and> Some \<sigma>'' = \<sigma>' \<oplus> b"
+ then obtain ab where "Some ab = a \<oplus> b"
+ by (metis asm1 asso2 compatible_def option.collapse)
+ then have "ab, s, \<Delta> \<Turnstile> Star A B"
+ using asm1 asm2 by auto
+ moreover have "Some \<sigma>'' = \<sigma> \<oplus> ab"
+ by (metis \<open>Some ab = a \<oplus> b\<close> asm1 asm2 asso1)
+ ultimately show "\<sigma>'', s, \<Delta> \<Turnstile> C"
+ using asm0 sat.simps(3) by blast
+ qed
+ qed
+qed
+
+lemma currying2:
+ "Wand A (Wand B C), \<Delta> \<turnstile> Wand (Star A B) C"
+proof (rule entailsI)
+ fix \<sigma> s
+ assume asm0: "\<sigma>, s, \<Delta> \<Turnstile> Wand A (Wand B C)"
+ show "\<sigma>, s, \<Delta> \<Turnstile> Wand (Star A B) C"
+ proof (rule sat_wand)
+ fix ab \<sigma>'
+ assume asm1: "ab, s, \<Delta> \<Turnstile> Star A B \<and> Some \<sigma>' = \<sigma> \<oplus> ab"
+ then obtain a b where "Some ab = a \<oplus> b" "a, s, \<Delta> \<Turnstile> A" "b, s, \<Delta> \<Turnstile> B"
+ by auto
+ then obtain bc where "Some bc = \<sigma> \<oplus> a"
+ by (metis asm1 asso3 compatible_def option.exhaust_sel)
+ then have "bc, s, \<Delta> \<Turnstile> Wand B C"
+ using \<open>a, s, \<Delta> \<Turnstile> A\<close> asm0 by auto
+ moreover have "Some \<sigma>' = bc \<oplus> b"
+ by (metis \<open>Some ab = a \<oplus> b\<close> \<open>Some bc = \<sigma> \<oplus> a\<close> asm1 asso1)
+ ultimately show "\<sigma>', s, \<Delta> \<Turnstile> C"
+ using \<open>b, s, \<Delta> \<Turnstile> B\<close> sat.simps(3) by blast
+ qed
+qed
+
+lemma distribution:
+ "Star (Wand A B) C, \<Delta> \<turnstile> Wand A (Star B C)"
+proof (rule entailsI)
+ fix \<sigma> s
+ assume asm0: "\<sigma>, s, \<Delta> \<Turnstile> Star (Wand A B) C"
+ then obtain ab c where "Some \<sigma> = ab \<oplus> c" "ab, s, \<Delta> \<Turnstile> Wand A B" "c, s, \<Delta> \<Turnstile> C"
+ by auto
+ show "\<sigma>, s, \<Delta> \<Turnstile> Wand A (Star B C)"
+ proof (rule sat_wand)
+ fix a \<sigma>'
+ assume asm1: "a, s, \<Delta> \<Turnstile> A \<and> Some \<sigma>' = \<sigma> \<oplus> a"
+ then obtain b where "Some b = ab \<oplus> a"
+ by (metis \<open>Some \<sigma> = ab \<oplus> c\<close> asso3 commutative compatible_def option.exhaust_sel)
+ then have "b, s, \<Delta> \<Turnstile> B"
+ using \<open>ab, s, \<Delta> \<Turnstile> Wand A B\<close> asm1 by force
+ moreover have "Some \<sigma>' = b \<oplus> c"
+ by (metis \<open>Some \<sigma> = ab \<oplus> c\<close> \<open>Some b = ab \<oplus> a\<close> asm1 asso1 commutative)
+ ultimately show "\<sigma>', s, \<Delta> \<Turnstile> Star B C"
+ using \<open>c, s, \<Delta> \<Turnstile> C\<close> sat.simps(2) by blast
+ qed
+qed
+
+lemma adjunct1:
+ assumes "A, \<Delta> \<turnstile> Wand B C"
+ shows "Star A B, \<Delta> \<turnstile> C"
+proof (rule entailsI)
+ fix \<sigma> s
+ assume "\<sigma>, s, \<Delta> \<Turnstile> Star A B"
+ then show "\<sigma>, s, \<Delta> \<Turnstile> C"
+ using assms entails_def by force
+qed
+
+lemma adjunct2:
+ assumes "Star A B, \<Delta> \<turnstile> C"
+ shows "A, \<Delta> \<turnstile> Wand B C"
+proof (rule entailsI)
+ fix \<sigma> s
+ assume "\<sigma>, s, \<Delta> \<Turnstile> A"
+ then show "\<sigma>, s, \<Delta> \<Turnstile> Wand B C"
+ by (meson assms entails_def sat.simps(2) sat_wand)
+qed
+
+
+end
+
+end
diff --git a/thys/Separation_Logic_Unbounded/document/root.bib b/thys/Separation_Logic_Unbounded/document/root.bib
new file mode 100644
--- /dev/null
+++ b/thys/Separation_Logic_Unbounded/document/root.bib
@@ -0,0 +1,167 @@
+@inproceedings{Dockins2009,
+author = {Dockins, Robert and Hobor, Aquinas and Appel, Andrew W.},
+pages = {161--177},
+title = {{A Fresh Look at Separation Algebras and Share Accounting}},
+booktitle = {Asian Symposium on Programming Languages and Systems (APLAS)},
+editor = {Zhenjiang Hu},
+year = {2009}
+}
+
+@inproceedings{Calcagno2007,
+author = {Calcagno, Cristiano and O'Hearn, Peter W. and Yang, Hongseok},
+pages = {366--375},
+title = {{Local Action and Abstract Separation Logic}},
+booktitle = {Logic in Computer Science (LICS)},
+year = {2007}
+}
+
+@inproceedings{Reynolds02a,
+ author = {J. C. Reynolds},
+ title = {{Separation Logic: A Logic for Shared Mutable Data Structures}},
+ booktitle = {Logic in Computer Science (LICS)},
+ Publisher = {IEEE},
+ pages = {55--74},
+ year = {2002}
+}
+
+
+@article{UnboundedSL,
+author = {Dardinier, Thibault and M\"uller, Peter and Summers, Alexander J.},
+title = {Fractional Resources in Unbounded Separation Logic},
+year = {2022},
+issue_date = {October 2022},
+publisher = {Association for Computing Machinery},
+address = {New York, NY, USA},
+number = {OOPSLA2},
+journal = {Proc. ACM Program. Lang.},
+note = {To appear}
+}
+
+
+@InProceedings{Wands22,
+author="Dardinier, Thibault
+and Parthasarathy, Gaurav
+and Weeks, No{\'e}
+and M{\"u}ller, Peter
+and Summers, Alexander J.",
+editor="Shoham, Sharon
+and Vizel, Yakir",
+title="Sound Automation of Magic Wands",
+booktitle="Computer Aided Verification",
+year="2022",
+publisher="Springer International Publishing",
+address="Cham",
+pages="130--151",
+isbn="978-3-031-13188-2"
+}
+
+
+@inproceedings{Boyland03,
+author="Boyland, John",
+editor="Cousot, Radhia",
+title="Checking Interference with Fractional Permissions",
+booktitle="Static Analysis (SAS)",
+year="2003",
+pages="55--72",
+}
+
+@inproceedings{BornatCOP05,
+ author = {Richard Bornat and
+ Cristiano Calcagno and
+ Peter W. O'Hearn and
+ Matthew J. Parkinson},
+ title = {Permission accounting in separation logic},
+ booktitle = {Principle of Programming Languages (POPL)},
+ year = {2005},
+ pages = {259-270},
+ editor = {Jens Palsberg and
+ Mart\'{\i}n Abadi},
+ publisher = {ACM}
+}
+
+@inproceedings{Brotherston20,
+author="Brotherston, James
+and Costa, Diana
+and Hobor, Aquinas
+and Wickerson, John",
+editor="Lahiri, Shuvendu K.
+and Wang, Chao",
+title="Reasoning over Permissions Regions in Concurrent Separation Logic",
+booktitle="Computer Aided Verification (CAV)",
+year="2020"
+}
+
+@inproceedings{LeHobor18,
+author="Le, Xuan-Bach
+and Hobor, Aquinas",
+editor="Ahmed, Amal",
+title="Logical Reasoning for Disjoint Permissions",
+booktitle="European Symposium on Programming (ESOP)",
+year="2018"
+}
+
+@InProceedings{LeinoMuellerSmans09,
+ author = {K. Rustan M. Leino and Peter M\"uller and Jan Smans},
+ title = {Verification of Concurrent Programs with {Chalice}},
+ booktitle = {Foundations of Security Analysis and Design~{V}},
+ year = {2009},
+ series = {Lecture Notes in Computer Science},
+ publisher = {Springer},
+ url = {http://www.springerlink.com},
+ urltext = {Springer-Online},
+ volume = {5705},
+ pages = {195-222}
+}
+
+@InProceedings{vercors2017,
+author="Blom, Stefan
+and Darabi, Saeed
+and Huisman, Marieke
+and Oortwijn, Wytse",
+editor="Polikarpova, Nadia
+and Schneider, Steve",
+title="The {VerCors} Tool Set: Verification of Parallel and Concurrent Software",
+booktitle="Integrated Formal Methods",
+year="2017",
+publisher="Springer International Publishing",
+address="Cham",
+pages="102--110",
+isbn="978-3-319-66845-1"
+}
+
+
+
+
+@inproceedings{MuellerSchwerhoffSummers16,
+ author = {Peter M{\"u}ller and Malte Schwerhoff and Alexander J. Summers},
+ title = {Viper: A Verification Infrastructure for Permission-Based Reasoning},
+ booktitle = {Verification, Model Checking, and Abstract Interpretation (VMCAI)},
+ editor = {B. Jobstmann and K. R. M. Leino},
+ year = {2016},
+ publisher = {Springer},
+ series = LNCS,
+ pages = {41-62},
+ volume = {9583}
+}
+
+@inproceedings{JacobsSPVPP11,
+ author = {Bart Jacobs and
+ Jan Smans and
+ Pieter Philippaerts and
+ Fr{\'e}d{\'e}ric Vogels and
+ Willem Penninckx and
+ Frank Piessens},
+ title = {{VeriFast}: A Powerful, Sound, Predictable, Fast Verifier
+ for {C} and {J}ava},
+ booktitle = {NASA Formal Methods (NFM)},
+ year = {2011},
+ pages = {41-55},
+ editor = {Mihaela Gheorghiu Bobaru and
+ Klaus Havelund and
+ Gerard J. Holzmann and
+ Rajeev Joshi},
+ publisher = {Springer},
+ series = {Lecture Notes in Computer Science},
+ volume = {6617}
+}
+
diff --git a/thys/Separation_Logic_Unbounded/document/root.tex b/thys/Separation_Logic_Unbounded/document/root.tex
new file mode 100644
--- /dev/null
+++ b/thys/Separation_Logic_Unbounded/document/root.tex
@@ -0,0 +1,72 @@
+\documentclass[11pt,a4paper]{article}
+\usepackage[T1]{fontenc}
+\usepackage{isabelle,isabellesym}
+
+% further packages required for unusual symbols (see also
+% isabellesym.sty), use only when needed
+
+%\usepackage{amssymb}
+ %for \<leadsto>, \<box>, \<diamond>, \<sqsupset>, \<mho>, \<Join>,
+ %\<lhd>, \<lesssim>, \<greatersim>, \<lessapprox>, \<greaterapprox>,
+ %\<triangleq>, \<yen>, \<lozenge>
+
+%\usepackage{eurosym}
+ %for \<euro>
+
+%\usepackage[only,bigsqcap,bigparallel,fatsemi,interleave,sslash]{stmaryrd}
+ %for \<Sqinter>, \<Parallel>, \<Zsemi>, \<Parallel>, \<sslash>
+
+%\usepackage{eufrak}
+ %for \<AA> ... \<ZZ>, \<aa> ... \<zz> (also included in amssymb)
+
+%\usepackage{textcomp}
+ %for \<onequarter>, \<onehalf>, \<threequarters>, \<degree>, \<cent>,
+ %\<currency>
+
+% this should be the last package used
+\usepackage{pdfsetup}
+
+% urls in roman style, theory text in math-similar italics
+\urlstyle{rm}
+\isabellestyle{it}
+
+% for uniform font size
+%\renewcommand{\isastyle}{\isastyleminor}
+
+\begin{document}
+
+\title{Unbounded Separation Logic}
+\author{Thibault Dardinier\\
+Department of Computer Science, ETH Zurich, Switzerland}
+
+\maketitle
+
+\begin{abstract}
+ Many separation logics~\cite{Reynolds02a} support fractional permissions~\cite{Boyland03,BornatCOP05} to distinguish between read and write access to a heap location, for instance, to allow concurrent reads while enforcing exclusive writes. Fractional permissions extend to composite assertions such as (co)inductive predicates and magic wands by allowing those to be multiplied~\cite{LeHobor18,Brotherston20,Wands22} by a fraction. Typical separation logic proofs require that this multiplication has three key properties: it needs to distribute over assertions, it should permit fractions to be factored out from assertions, and two fractions of the same assertion should be combinable into one larger fraction.
+
+ Existing formal semantics incorporating fractional assertions into a separation logic define multiplication semantically (via models), resulting in a semantics in which distributivity and combinability do not hold for key resource assertions such as magic wands, and fractions cannot be factored out from a separating conjunction. By contrast, existing automatic separation logic verifiers~\cite{LeinoMuellerSmans09,JacobsSPVPP11,MuellerSchwerhoffSummers16,vercors2017} define multiplication syntactically, resulting in a different semantics for which it is unknown whether distributivity and combinability hold for all assertions.
+
+In this entry, we present and formalize an \emph{unbounded} version of separation logic~\cite{UnboundedSL},
+a novel semantics for separation logic assertions that allows states to hold more than a full permission to a heap location during the evaluation of an assertion.
+By reimposing upper bounds on the permissions held per location at statement boundaries, we retain key properties of separation logic, in particular, we prove that the frame rule still holds.
+We also prove that our assertion semantics unifies semantic and syntactic multiplication and thereby reconciles the discrepancy between separation logic theory and tools and enjoys distributivity, factorisability, and combinability.
+\end{abstract}
+
+\tableofcontents
+
+% sane default for proof documents
+\parindent 0pt\parskip 0.5ex
+
+% generated text of all theories
+\input{session}
+
+% optional bibliography
+\bibliographystyle{abbrv}
+\bibliography{root}
+
+\end{document}
+
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: t
+%%% End:
diff --git a/web/authors/crighton/index.html b/web/authors/crighton/index.html
--- a/web/authors/crighton/index.html
+++ b/web/authors/crighton/index.html
@@ -1,99 +1,108 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Aaron Crighton- Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../authors/crighton/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="crighton" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/crighton/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="crighton"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../"><li >Home</li></a>
<a href="../../topics/"><li >Topics</li></a>
<a href="../../download/"><li >Download</li></a>
<a href="../../help/"><li >Help</li></a>
<a href="../../submission/"><li >Submission</li></a>
<a href="../../statistics/"><li >Statistics</li></a>
<a href="../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>A</span>aron <span class='first'>C</span>righton</h1>
<div>
</div>
</header><div>
<h2>E-Mails 📧</h2>
<ul><li><a class="obfuscated" data="eyJob3N0IjpbIm1jbWFzdGVyIiwiY2EiXSwidXNlciI6WyJjcmlnaHRvYSJdfQ=="><span class="rev">ac</span>.<span class="rev">retsamcm</span>@<span class="rev">aothgirc</span></a></li></ul>
-<h2>Entries</h2><h3 class="head">2021</h3><article class="entry">
+<h2>Entries</h2><h3 class="head">2022</h3><article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../entries/Padic_Field.html">p-adic Fields and p-adic Semialgebraic Sets</a></h5> <br>by <a href="../../authors/crighton">Aaron Crighton</a></div>
+ <span class="date">
+ Sep 22
+ </span>
+</article>
+
+
+<h3 class="head">2021</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Padic_Ints.html">Hensel&#39;s Lemma for the p-adic Integers</a></h5> <br>by <a href="../../authors/crighton">Aaron Crighton</a> <a class="obfuscated" data="eyJob3N0IjpbIm1jbWFzdGVyIiwiY2EiXSwidXNlciI6WyJjcmlnaHRvYSJdfQ==">📧</a></div>
<span class="date">
Mar 23
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/crighton/index.xml b/web/authors/crighton/index.xml
--- a/web/authors/crighton/index.xml
+++ b/web/authors/crighton/index.xml
@@ -1,20 +1,29 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>crighton on Archive of Formal Proofs</title>
<link>/authors/crighton/</link>
<description>Recent content in crighton on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Tue, 23 Mar 2021 00:00:00 +0000</lastBuildDate><atom:link href="/authors/crighton/index.xml" rel="self" type="application/rss+xml" />
+ <lastBuildDate>Thu, 22 Sep 2022 00:00:00 +0000</lastBuildDate><atom:link href="/authors/crighton/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>p-adic Fields and p-adic Semialgebraic Sets</title>
+ <link>/entries/Padic_Field.html</link>
+ <pubDate>Thu, 22 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Padic_Field.html</guid>
+ <description></description>
+ </item>
+
<item>
<title>Hensel&#39;s Lemma for the p-adic Integers</title>
<link>/entries/Padic_Ints.html</link>
<pubDate>Tue, 23 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Padic_Ints.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/authors/dardinier/index.html b/web/authors/dardinier/index.html
--- a/web/authors/dardinier/index.html
+++ b/web/authors/dardinier/index.html
@@ -1,124 +1,131 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Thibault Dardinier- Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../authors/dardinier/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="dardinier" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/dardinier/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="dardinier"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../"><li >Home</li></a>
<a href="../../topics/"><li >Topics</li></a>
<a href="../../download/"><li >Download</li></a>
<a href="../../help/"><li >Help</li></a>
<a href="../../submission/"><li >Submission</li></a>
<a href="../../statistics/"><li >Statistics</li></a>
<a href="../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>T</span>hibault <span class='first'>D</span>ardinier</h1>
<div>
</div>
</header><div>
<h2>Homepages 🌐</h2>
<ul><li><a href="https://dardinier.me/">https://dardinier.me/</a></li></ul>
<h2>Entries</h2><h3 class="head">2022</h3><article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../../entries/Separation_Logic_Unbounded.html">Unbounded Separation Logic</a></h5> <br>by <a href="../../authors/dardinier">Thibault Dardinier</a> <a href="https://dardinier.me/">🌐</a></div>
+ <span class="date">
+ Sep 05
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../../entries/Combinable_Wands.html">A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</a></h5> <br>by <a href="../../authors/dardinier">Thibault Dardinier</a> <a href="https://dardinier.me/">🌐</a></div>
<span class="date">
May 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Package_logic.html">Formalization of a Framework for the Sound Automation of Magic Wands</a></h5> <br>by <a href="../../authors/dardinier">Thibault Dardinier</a> <a href="https://dardinier.me/">🌐</a></div>
<span class="date">
May 18
</span>
</article>
<h3 class="head">2020</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/MFODL_Monitor_Optimized.html">Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</a></h5> <br>by <a href="../../authors/dardinier">Thibault Dardinier</a>, <a href="../../authors/heimes">Lukas Heimes</a>, <a href="../../authors/raszyk">Martin Raszyk</a> <a class="obfuscated" data="eyJob3N0IjpbImluZiIsImV0aHoiLCJjaCJdLCJ1c2VyIjpbIm1hcnRpbiIsInJhc3p5ayJdfQ==">📧</a>, <a href="../../authors/schneider">Joshua Schneider</a> <a class="obfuscated" data="eyJob3N0IjpbImluZiIsImV0aHoiLCJjaCJdLCJ1c2VyIjpbImpvc2h1YSIsInNjaG5laWRlciJdfQ==">📧</a> and <a href="../../authors/traytel">Dmitriy Traytel</a> <a href="https://traytel.bitbucket.io/">🌐</a></div>
<span class="date">
Apr 09
</span>
</article>
<h3 class="head">2019</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Generic_Join.html">Formalization of Multiway-Join Algorithms</a></h5> <br>by <a href="../../authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
Sep 16
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/dardinier/index.xml b/web/authors/dardinier/index.xml
--- a/web/authors/dardinier/index.xml
+++ b/web/authors/dardinier/index.xml
@@ -1,47 +1,56 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>dardinier on Archive of Formal Proofs</title>
<link>/authors/dardinier/</link>
<description>Recent content in dardinier on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Mon, 30 May 2022 00:00:00 +0000</lastBuildDate><atom:link href="/authors/dardinier/index.xml" rel="self" type="application/rss+xml" />
+ <lastBuildDate>Mon, 05 Sep 2022 00:00:00 +0000</lastBuildDate><atom:link href="/authors/dardinier/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Unbounded Separation Logic</title>
+ <link>/entries/Separation_Logic_Unbounded.html</link>
+ <pubDate>Mon, 05 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Separation_Logic_Unbounded.html</guid>
+ <description></description>
+ </item>
+
<item>
<title>A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</title>
<link>/entries/Combinable_Wands.html</link>
<pubDate>Mon, 30 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Combinable_Wands.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Framework for the Sound Automation of Magic Wands</title>
<link>/entries/Package_logic.html</link>
<pubDate>Wed, 18 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Package_logic.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</title>
<link>/entries/MFODL_Monitor_Optimized.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/MFODL_Monitor_Optimized.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Multiway-Join Algorithms</title>
<link>/entries/Generic_Join.html</link>
<pubDate>Mon, 16 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generic_Join.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/authors/diekmann/index.html b/web/authors/diekmann/index.html
--- a/web/authors/diekmann/index.html
+++ b/web/authors/diekmann/index.html
@@ -1,145 +1,145 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Cornelius Diekmann- Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../authors/diekmann/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="diekmann" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/diekmann/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="diekmann"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../"><li >Home</li></a>
<a href="../../topics/"><li >Topics</li></a>
<a href="../../download/"><li >Download</li></a>
<a href="../../help/"><li >Help</li></a>
<a href="../../submission/"><li >Submission</li></a>
<a href="../../statistics/"><li >Statistics</li></a>
<a href="../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>C</span>ornelius <span class='first'>D</span>iekmann</h1>
<div>
</div>
</header><div>
<h2>Homepages 🌐</h2>
<ul><li><a href="http://net.in.tum.de/~diekmann">http://net.in.tum.de/~diekmann</a></li></ul>
<h2>Entries</h2><h3 class="head">2020</h3><article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/Hello_World.html">Hello World</a></h5> <br>by <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a></div>
+ <h5><a class="title" href="../../entries/Hello_World.html">Hello World</a></h5> <br>by <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
Mar 07
</span>
</article>
<h3 class="head">2016</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/LOFT.html">LOFT — Verified Migration of Linux Firewalls to SDN</a></h5> <br>by <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a> and <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a></div>
<span class="date">
Oct 21
</span>
</article>
<article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/Iptables_Semantics.html">Iptables Semantics</a></h5> <br>by <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a></div>
+ <h5><a class="title" href="../../entries/Iptables_Semantics.html">Iptables Semantics</a></h5> <br>by <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Routing.html">Routing</a></h5> <br>by <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a> and <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Simple_Firewall.html">Simple Firewall</a></h5> <br>by <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a>, <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a> and <a href="../../authors/haslbeck">Max W. Haslbeck</a> <a href="http://cl-informatik.uibk.ac.at/users/mhaslbeck/">🌐</a></div>
<span class="date">
Aug 24
</span>
</article>
<article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/IP_Addresses.html">IP Addresses</a></h5> <br>by <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a>, <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a></div>
+ <h5><a class="title" href="../../entries/IP_Addresses.html">IP Addresses</a></h5> <br>by <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a>, <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
Jun 28
</span>
</article>
<h3 class="head">2014</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Network_Security_Policy_Verification.html">Network Security Policy Verification</a></h5> <br>by <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a></div>
<span class="date">
Jul 04
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/doty/index.html b/web/authors/doty/index.html
--- a/web/authors/doty/index.html
+++ b/web/authors/doty/index.html
@@ -1,96 +1,108 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
- <meta name="viewport" content="width=device-width, initial-scale=1"><title>Matthew Wampler-Doty- Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../authors/doty/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="doty" />
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>Matthew Doty- Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../authors/doty/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="doty" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/doty/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="doty"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../"><li >Home</li></a>
<a href="../../topics/"><li >Topics</li></a>
<a href="../../download/"><li >Download</li></a>
<a href="../../help/"><li >Help</li></a>
<a href="../../submission/"><li >Submission</li></a>
<a href="../../statistics/"><li >Statistics</li></a>
<a href="../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
- <span class='first'>M</span>atthew <span class='first'>W</span>ampler-<span class='first'>D</span>oty</h1>
+ <span class='first'>M</span>atthew <span class='first'>D</span>oty</h1>
<div>
</div>
</header><div>
+<h2>E-Mails 📧</h2>
+<ul><li><a class="obfuscated" data="eyJob3N0IjpbInctZCIsIm9yZyJdLCJ1c2VyIjpbIm1hdHQiXX0="><span class="rev">gro</span>.<span class="rev">d-w</span>@<span class="rev">ttam</span></a></li></ul>
-<h2>Entries</h2><h3 class="head">2010</h3><article class="entry">
+
+<h2>Entries</h2><h3 class="head">2022</h3><article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/Robbins-Conjecture.html">A Complete Proof of the Robbins Conjecture</a></h5> <br>by <a href="../../authors/doty">Matthew Wampler-Doty</a></div>
+ <h5><a class="title" href="../../entries/Risk_Free_Lending.html">Risk-Free Lending</a></h5> <br>by <a href="../../authors/doty">Matthew Doty</a> <a class="obfuscated" data="eyJob3N0IjpbInctZCIsIm9yZyJdLCJ1c2VyIjpbIm1hdHQiXX0=">📧</a></div>
+ <span class="date">
+ Sep 18
+ </span>
+</article>
+
+
+<h3 class="head">2010</h3><article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../entries/Robbins-Conjecture.html">A Complete Proof of the Robbins Conjecture</a></h5> <br>by <a href="../../authors/doty">Matthew Doty</a></div>
<span class="date">
May 22
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/doty/index.xml b/web/authors/doty/index.xml
--- a/web/authors/doty/index.xml
+++ b/web/authors/doty/index.xml
@@ -1,20 +1,29 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>doty on Archive of Formal Proofs</title>
<link>/authors/doty/</link>
<description>Recent content in doty on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Sat, 22 May 2010 00:00:00 +0000</lastBuildDate><atom:link href="/authors/doty/index.xml" rel="self" type="application/rss+xml" />
+ <lastBuildDate>Sun, 18 Sep 2022 00:00:00 +0000</lastBuildDate><atom:link href="/authors/doty/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Risk-Free Lending</title>
+ <link>/entries/Risk_Free_Lending.html</link>
+ <pubDate>Sun, 18 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Risk_Free_Lending.html</guid>
+ <description></description>
+ </item>
+
<item>
<title>A Complete Proof of the Robbins Conjecture</title>
<link>/entries/Robbins-Conjecture.html</link>
<pubDate>Sat, 22 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/Robbins-Conjecture.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/authors/from/index.html b/web/authors/from/index.html
--- a/web/authors/from/index.html
+++ b/web/authors/from/index.html
@@ -1,147 +1,154 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Asta Halkjær From- Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../authors/from/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="from" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/from/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="from"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../"><li >Home</li></a>
<a href="../../topics/"><li >Topics</li></a>
<a href="../../download/"><li >Download</li></a>
<a href="../../help/"><li >Help</li></a>
<a href="../../submission/"><li >Submission</li></a>
<a href="../../statistics/"><li >Statistics</li></a>
<a href="../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>A</span>sta <span class='first'>H</span>alkjær <span class='first'>F</span>rom</h1>
<div>
</div>
</header><div>
<h2>Homepages 🌐</h2>
<ul><li><a href="https://people.compute.dtu.dk/ahfrom/">https://people.compute.dtu.dk/ahfrom/</a></li></ul>
<h2>Entries</h2><h3 class="head">2022</h3><article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../../entries/Implicational_Logic.html">Soundness and Completeness of Implicational Logic</a></h5> <br>by <a href="../../authors/from">Asta Halkjær From</a> <a href="https://people.compute.dtu.dk/ahfrom/">🌐</a> and <a href="../../authors/villadsen">Jørgen Villadsen</a> <a href="https://people.compute.dtu.dk/jovi/">🌐</a></div>
+ <span class="date">
+ Sep 13
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../../entries/FOL_Seq_Calc3.html">A Naive Prover for First-Order Logic</a></h5> <br>by <a href="../../authors/from">Asta Halkjær From</a> <a href="https://people.compute.dtu.dk/ahfrom/">🌐</a></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/FOL_Seq_Calc2.html">A Sequent Calculus Prover for First-Order Logic with Functions</a></h5> <br>by <a href="../../authors/from">Asta Halkjær From</a> <a href="https://people.compute.dtu.dk/ahfrom/">🌐</a> and <a href="../../authors/jacobsen">Frederik Krogsdal Jacobsen</a> <a href="http://people.compute.dtu.dk/fkjac/">🌐</a></div>
<span class="date">
Jan 31
</span>
</article>
<h3 class="head">2021</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/FOL_Axiomatic.html">Soundness and Completeness of an Axiomatic System for First-Order Logic</a></h5> <br>by <a href="../../authors/from">Asta Halkjær From</a> <a href="https://people.compute.dtu.dk/ahfrom/">🌐</a></div>
<span class="date">
Sep 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Public_Announcement_Logic.html">Public Announcement Logic</a></h5> <br>by <a href="../../authors/from">Asta Halkjær From</a> <a href="https://people.compute.dtu.dk/ahfrom/">🌐</a></div>
<span class="date">
Jun 17
</span>
</article>
<h3 class="head">2019</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Hybrid_Logic.html">Formalizing a Seligman-Style Tableau System for Hybrid Logic</a></h5> <br>by <a href="../../authors/from">Asta Halkjær From</a> <a href="https://people.compute.dtu.dk/ahfrom/">🌐</a></div>
<span class="date">
Dec 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/FOL_Seq_Calc1.html">A Sequent Calculus for First-Order Logic</a></h5> <br>by <a href="../../authors/from">Asta Halkjær From</a> <a href="https://people.compute.dtu.dk/ahfrom/">🌐</a></div>
<span class="date">
Jul 18
</span>
</article>
<h3 class="head">2018</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Epistemic_Logic.html">Epistemic Logic: Completeness of Modal Logics</a></h5> <br>by <a href="../../authors/from">Asta Halkjær From</a> <a href="https://people.compute.dtu.dk/ahfrom/">🌐</a></div>
<span class="date">
Oct 29
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/from/index.xml b/web/authors/from/index.xml
--- a/web/authors/from/index.xml
+++ b/web/authors/from/index.xml
@@ -1,74 +1,83 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>from on Archive of Formal Proofs</title>
<link>/authors/from/</link>
<description>Recent content in from on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Tue, 22 Mar 2022 00:00:00 +0000</lastBuildDate><atom:link href="/authors/from/index.xml" rel="self" type="application/rss+xml" />
+ <lastBuildDate>Tue, 13 Sep 2022 00:00:00 +0000</lastBuildDate><atom:link href="/authors/from/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Soundness and Completeness of Implicational Logic</title>
+ <link>/entries/Implicational_Logic.html</link>
+ <pubDate>Tue, 13 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Implicational_Logic.html</guid>
+ <description></description>
+ </item>
+
<item>
<title>A Naive Prover for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc3.html</link>
<pubDate>Tue, 22 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc3.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus Prover for First-Order Logic with Functions</title>
<link>/entries/FOL_Seq_Calc2.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc2.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of an Axiomatic System for First-Order Logic</title>
<link>/entries/FOL_Axiomatic.html</link>
<pubDate>Fri, 24 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Axiomatic.html</guid>
<description></description>
</item>
<item>
<title>Public Announcement Logic</title>
<link>/entries/Public_Announcement_Logic.html</link>
<pubDate>Thu, 17 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/Public_Announcement_Logic.html</guid>
<description></description>
</item>
<item>
<title>Formalizing a Seligman-Style Tableau System for Hybrid Logic</title>
<link>/entries/Hybrid_Logic.html</link>
<pubDate>Fri, 20 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Logic.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc1.html</link>
<pubDate>Thu, 18 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc1.html</guid>
<description></description>
</item>
<item>
<title>Epistemic Logic: Completeness of Modal Logics</title>
<link>/entries/Epistemic_Logic.html</link>
<pubDate>Mon, 29 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Epistemic_Logic.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/authors/haslbeck/index.html b/web/authors/haslbeck/index.html
--- a/web/authors/haslbeck/index.html
+++ b/web/authors/haslbeck/index.html
@@ -1,140 +1,140 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Max W. Haslbeck- Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../authors/haslbeck/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="haslbeck" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/haslbeck/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="haslbeck"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../"><li >Home</li></a>
<a href="../../topics/"><li >Topics</li></a>
<a href="../../download/"><li >Download</li></a>
<a href="../../help/"><li >Help</li></a>
<a href="../../submission/"><li >Submission</li></a>
<a href="../../statistics/"><li >Statistics</li></a>
<a href="../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>M</span>ax <span class='first'>W</span>. <span class='first'>H</span>aslbeck</h1>
<div>
</div>
</header><div>
<h2>Homepages 🌐</h2>
<ul><li><a href="http://cl-informatik.uibk.ac.at/users/mhaslbeck/">http://cl-informatik.uibk.ac.at/users/mhaslbeck/</a></li></ul>
<h2>Entries</h2><h3 class="head">2020</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Skip_Lists.html">Skip Lists</a></h5> <br>by <a href="../../authors/haslbeck">Max W. Haslbeck</a> <a href="http://cl-informatik.uibk.ac.at/users/mhaslbeck/">🌐</a> and <a href="../../authors/eberl">Manuel Eberl</a> <a href="https://pruvisto.org/">🌐</a></div>
<span class="date">
Jan 09
</span>
</article>
<h3 class="head">2019</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Farkas.html">Farkas&#39; Lemma and Motzkin&#39;s Transposition Theorem</a></h5> <br>by <a href="../../authors/bottesch">Ralph Bottesch</a> <a href="http://cl-informatik.uibk.ac.at/users/bottesch/">🌐</a>, <a href="../../authors/haslbeck">Max W. Haslbeck</a> <a href="http://cl-informatik.uibk.ac.at/users/mhaslbeck/">🌐</a> and <a href="../../authors/thiemann">René Thiemann</a> <a href="http://cl-informatik.uibk.ac.at/users/thiemann/">🌐</a></div>
<span class="date">
Jan 17
</span>
</article>
<h3 class="head">2018</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Treaps.html">Treaps</a></h5> <br>by <a href="../../authors/haslbeck">Max W. Haslbeck</a> <a href="http://cl-informatik.uibk.ac.at/users/mhaslbeck/">🌐</a>, <a href="../../authors/eberl">Manuel Eberl</a> <a href="https://www.in.tum.de/~eberlm">🌐</a> and <a href="../../authors/nipkow">Tobias Nipkow</a> <a href="https://www.in.tum.de/~nipkow/">🌐</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/LLL_Basis_Reduction.html">A verified LLL algorithm</a></h5> <br>by <a href="../../authors/bottesch">Ralph Bottesch</a>, <a href="../../authors/divason">Jose Divasón</a> <a href="https://www.unirioja.es/cu/jodivaso/">🌐</a>, <a href="../../authors/haslbeck">Max W. Haslbeck</a> <a href="http://cl-informatik.uibk.ac.at/users/mhaslbeck/">🌐</a>, <a href="../../authors/joosten">Sebastiaan J. C. Joosten</a> <a href="https://sjcjoosten.nl/">🌐</a>, <a href="../../authors/thiemann">René Thiemann</a> <a href="http://cl-informatik.uibk.ac.at/users/thiemann/">🌐</a> and <a href="../../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Feb 02
</span>
</article>
<h3 class="head">2016</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Simple_Firewall.html">Simple Firewall</a></h5> <br>by <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a>, <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a> and <a href="../../authors/haslbeck">Max W. Haslbeck</a> <a href="http://cl-informatik.uibk.ac.at/users/mhaslbeck/">🌐</a></div>
<span class="date">
Aug 24
</span>
</article>
<article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/ROBDD.html">Algorithms for Reduced Ordered Binary Decision Diagrams</a></h5> <br>by <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a>, <a href="../../authors/haslbeck">Max W. Haslbeck</a> <a href="http://cl-informatik.uibk.ac.at/users/mhaslbeck/">🌐</a>, <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a></div>
+ <h5><a class="title" href="../../entries/ROBDD.html">Algorithms for Reduced Ordered Binary Decision Diagrams</a></h5> <br>by <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a>, <a href="../../authors/haslbeck">Max W. Haslbeck</a> <a href="http://cl-informatik.uibk.ac.at/users/mhaslbeck/">🌐</a>, <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
Apr 27
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/hupel/index.html b/web/authors/hupel/index.html
--- a/web/authors/hupel/index.html
+++ b/web/authors/hupel/index.html
@@ -1,189 +1,186 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Lars Hupel- Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../authors/hupel/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="hupel" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/hupel/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="hupel"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../"><li >Home</li></a>
<a href="../../topics/"><li >Topics</li></a>
<a href="../../download/"><li >Download</li></a>
<a href="../../help/"><li >Help</li></a>
<a href="../../submission/"><li >Submission</li></a>
<a href="../../statistics/"><li >Statistics</li></a>
<a href="../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>L</span>ars <span class='first'>H</span>upel</h1>
<div>
</div>
</header><div>
<h2>Homepages 🌐</h2>
-<ul><li><a href="https://www21.in.tum.de/~hupel/">https://www21.in.tum.de/~hupel/</a></li><li><a href="https://lars.hupel.info/">https://lars.hupel.info/</a></li></ul>
+<ul><li><a href="https://lars.hupel.info/">https://lars.hupel.info/</a></li></ul>
-<h2>E-Mails 📧</h2>
-<ul><li><a class="obfuscated" data="eyJob3N0IjpbImluIiwidHVtIiwiZGUiXSwidXNlciI6WyJodXBlbCJdfQ=="><span class="rev">ed</span>.<span class="rev">mut</span>.<span class="rev">ni</span>@<span class="rev">lepuh</span></a></li></ul>
-
<h2>Entries</h2><h3 class="head">2020</h3><article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/Hello_World.html">Hello World</a></h5> <br>by <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a></div>
+ <h5><a class="title" href="../../entries/Hello_World.html">Hello World</a></h5> <br>by <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
Mar 07
</span>
</article>
<h3 class="head">2019</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/CakeML_Codegen.html">A Verified Code Generator from Isabelle/HOL to CakeML</a></h5> <br>by <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Higher_Order_Terms.html">An Algebra for Higher-Order Terms</a></h5> <br>by <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
Jan 15
</span>
</article>
<h3 class="head">2018</h3><article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/Generic_Deriving.html">Deriving generic class instances for datatypes</a></h5> <br>by <a href="../../authors/raedle">Jonas Rädle</a> <a class="obfuscated" data="eyJob3N0IjpbImdtYWlsIiwiY29tIl0sInVzZXIiOlsiam9uYXMiLCJyYWVkbGUiXX0=">📧</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a></div>
+ <h5><a class="title" href="../../entries/Generic_Deriving.html">Deriving generic class instances for datatypes</a></h5> <br>by <a href="../../authors/raedle">Jonas Rädle</a> <a class="obfuscated" data="eyJob3N0IjpbImdtYWlsIiwiY29tIl0sInVzZXIiOlsiam9uYXMiLCJyYWVkbGUiXX0=">📧</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
Nov 06
</span>
</article>
<article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/CakeML.html">CakeML</a></h5> <br>by <a href="../../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a> and <a href="../../authors/zhang">Yu Zhang</a></div>
+ <h5><a class="title" href="../../entries/CakeML.html">CakeML</a></h5> <br>by <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a> and <a href="../../authors/zhang">Yu Zhang</a></div>
<span class="date">
Mar 12
</span>
</article>
<h3 class="head">2017</h3><article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/Dict_Construction.html">Dictionary Construction</a></h5> <br>by <a href="../../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a></div>
+ <h5><a class="title" href="../../entries/Dict_Construction.html">Dictionary Construction</a></h5> <br>by <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/Constructor_Funs.html">Constructor Functions</a></h5> <br>by <a href="../../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a></div>
+ <h5><a class="title" href="../../entries/Constructor_Funs.html">Constructor Functions</a></h5> <br>by <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
Apr 19
</span>
</article>
<article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/Lazy_Case.html">Lazifying case constants</a></h5> <br>by <a href="../../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a></div>
+ <h5><a class="title" href="../../entries/Lazy_Case.html">Lazifying case constants</a></h5> <br>by <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
Apr 18
</span>
</article>
<h3 class="head">2016</h3><article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/Iptables_Semantics.html">Iptables Semantics</a></h5> <br>by <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a></div>
+ <h5><a class="title" href="../../entries/Iptables_Semantics.html">Iptables Semantics</a></h5> <br>by <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/IP_Addresses.html">IP Addresses</a></h5> <br>by <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a>, <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a></div>
+ <h5><a class="title" href="../../entries/IP_Addresses.html">IP Addresses</a></h5> <br>by <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a>, <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
Jun 28
</span>
</article>
<article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/ROBDD.html">Algorithms for Reduced Ordered Binary Decision Diagrams</a></h5> <br>by <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a>, <a href="../../authors/haslbeck">Max W. Haslbeck</a> <a href="http://cl-informatik.uibk.ac.at/users/mhaslbeck/">🌐</a>, <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a></div>
+ <h5><a class="title" href="../../entries/ROBDD.html">Algorithms for Reduced Ordered Binary Decision Diagrams</a></h5> <br>by <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a>, <a href="../../authors/haslbeck">Max W. Haslbeck</a> <a href="http://cl-informatik.uibk.ac.at/users/mhaslbeck/">🌐</a>, <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
Apr 27
</span>
</article>
<h3 class="head">2014</h3><article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/Random_Graph_Subgraph_Threshold.html">Properties of Random Graphs -- Subgraph Containment</a></h5> <br>by <a href="../../authors/hupel">Lars Hupel</a> <a class="obfuscated" data="eyJob3N0IjpbImluIiwidHVtIiwiZGUiXSwidXNlciI6WyJodXBlbCJdfQ==">📧</a></div>
+ <h5><a class="title" href="../../entries/Random_Graph_Subgraph_Threshold.html">Properties of Random Graphs -- Subgraph Containment</a></h5> <br>by <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
Feb 13
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/index.html b/web/authors/index.html
--- a/web/authors/index.html
+++ b/web/authors/index.html
@@ -1,948 +1,950 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><meta property="og:title" content="Authors" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Authors"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon"><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>A</span>uthors</h1>
<div>
</div>
</header><div>
<table class="entries">
<tbody>
<tr>
<td>
<ul>
<li><a href="../authors/abdulaziz/">Mohammad Abdulaziz</a></li>
<li><a href="../authors/adelsberger/">Stephan Adelsberger</a></li>
<li><a href="../authors/aehlig/">Klaus Aehlig</a></li>
<li><a href="../authors/aissat/">Romain Aissat</a></li>
<li><a href="../authors/amani/">Sidney Amani</a></li>
<li><a href="../authors/ammer/">Thomas Ammer</a></li>
<li><a href="../authors/andronick/">June Andronick</a></li>
<li><a href="../authors/aransay/">Jesús Aransay</a></li>
<li><a href="../authors/argyraki/">Angeliki Koutsoukou-Argyraki</a></li>
<li><a href="../authors/armstrong/">Alasdair Armstrong</a></li>
<li><a href="../authors/aspinall/">David Aspinall</a></li>
<li><a href="../authors/ausaf/">Fahad Ausaf</a></li>
<li><a href="../authors/avigad/">Jeremy Avigad</a></li>
<li><a href="../authors/back/">Ralph-Johan Back</a></li>
<li><a href="../authors/balbach/">Frank J. Balbach</a></li>
<li><a href="../authors/ballarin/">Clemens Ballarin</a></li>
<li><a href="../authors/barsotti/">Damián Barsotti</a></li>
<li><a href="../authors/bauer/">Gertrud Bauer</a></li>
<li><a href="../authors/bauereiss/">Thomas Bauereiss</a></li>
<li><a href="../authors/bayer/">Jonas Bayer</a></li>
<li><a href="../authors/becker/">Heiko Becker</a></li>
<li><a href="../authors/beeren/">Joel Beeren</a></li>
<li><a href="../authors/bella/">Giampaolo Bella</a></li>
<li><a href="../authors/bengtson/">Jesper Bengtson</a></li>
<li><a href="../authors/bentkamp/">Alexander Bentkamp</a></li>
<li><a href="../authors/benzmueller/">Christoph Benzmüller</a></li>
<li><a href="../authors/beresford/">Alastair R. Beresford</a></li>
<li><a href="../authors/berghofer/">Stefan Berghofer</a></li>
<li><a href="../authors/beringer/">Lennart Beringer</a></li>
<li><a href="../authors/bharadwaj/">Abhijith Bharadwaj</a></li>
<li><a href="../authors/bhatt/">Bhargav Bhatt</a></li>
<li><a href="../authors/biendarra/">Julian Biendarra</a></li>
<li><a href="../authors/bisping/">Benjamin Bisping</a></li>
<li><a href="../authors/blanchette/">Jasmin Christian Blanchette</a></li>
<li><a href="../authors/blasum/">Holger Blasum</a></li>
<li><a href="../authors/blumson/">Ben Blumson</a></li>
<li><a href="../authors/bockenek/">Joshua Bockenek</a></li>
<li><a href="../authors/boehme/">Sascha Böhme</a></li>
<li><a href="../authors/bohrer/">Rose Bohrer</a></li>
<li><a href="../authors/bordg/">Anthony Bordg</a></li>
<li><a href="../authors/borgstroem/">Johannes Borgström</a></li>
<li><a href="../authors/bortin/">Maksym Bortin</a></li>
<li><a href="../authors/bottesch/">Ralph Bottesch</a></li>
<li><a href="../authors/boulanger/">Frédéric Boulanger</a></li>
<li><a href="../authors/bourke/">Timothy Bourke</a></li>
<li><a href="../authors/boutry/">Pierre Boutry</a></li>
<li><a href="../authors/boyton/">Andrew Boyton</a></li>
<li><a href="../authors/bracevac/">Oliver Bračevac</a></li>
<li><a href="../authors/brandt/">Felix Brandt</a></li>
<li><a href="../authors/breitner/">Joachim Breitner</a></li>
<li><a href="../authors/brien/">Nicolas Robinson-O&#39;Brien</a></li>
<li><a href="../authors/brinkop/">Hauke Brinkop</a></li>
<li><a href="../authors/brodmann/">Paul-David Brodmann</a></li>
<li><a href="../authors/brucker/">Achim D. Brucker</a></li>
<li><a href="../authors/bruegger/">Lukas Brügger</a></li>
<li><a href="../authors/brun/">Matthias Brun</a></li>
<li><a href="../authors/brunner/">Julian Brunner</a></li>
<li><a href="../authors/bulwahn/">Lukas Bulwahn</a></li>
<li><a href="../authors/butler/">David Butler</a></li>
<li><a href="../authors/buyse/">Maxime Buyse</a></li>
<li><a href="../authors/caballero/">José Manuel Rodríguez Caballero</a></li>
<li><a href="../authors/caminati/">Marco B. Caminati</a></li>
<li><a href="../authors/campo/">Alejandro del Campo</a></li>
<li><a href="../authors/chapman/">Peter Chapman</a></li>
<li><a href="../authors/chen/">L. Chen</a></li>
<li><a href="../authors/clouston/">Ranald Clouston</a></li>
<li><a href="../authors/cock/">David Cock</a></li>
<li><a href="../authors/coghetto/">Roland Coghetto</a></li>
<li><a href="../authors/coglio/">Alessandro Coglio</a></li>
<li><a href="../authors/cohen/">Ernie Cohen</a></li>
<li><a href="../authors/cordwell/">Katherine Cordwell</a></li>
<li><a href="../authors/cousin/">Marie Cousin</a></li>
<li><a href="../authors/crighton/">Aaron Crighton</a></li>
<li><a href="../authors/dardinier/">Thibault Dardinier</a></li>
<li><a href="../authors/david/">Marco David</a></li>
<li><a href="../authors/debrat/">Henri Debrat</a></li>
<li><a href="../authors/decova/">Sára Decova</a></li>
<li><a href="../authors/derrick/">John Derrick</a></li>
<li><a href="../authors/desharnais/">Martin Desharnais</a></li>
<li><a href="../authors/diaz/">Javier Díaz</a></li>
<li><a href="../authors/diekmann/">Cornelius Diekmann</a></li>
<li><a href="../authors/dirix/">Stefan Dirix</a></li>
<li><a href="../authors/dittmann/">Christoph Dittmann</a></li>
<li><a href="../authors/divason/">Jose Divasón</a></li>
<li><a href="../authors/doczkal/">Christian Doczkal</a></li>
<li><a href="../authors/dongol/">Brijesh Dongol</a></li>
- <li><a href="../authors/doty/">Matthew Wampler-Doty</a></li>
+ <li><a href="../authors/doty/">Matthew Doty</a></li>
<li><a href="../authors/dubut/">Jérémy Dubut</a></li>
<li><a href="../authors/dunaev/">Georgy Dunaev</a></li>
<li><a href="../authors/dyckhoff/">Roy Dyckhoff</a></li>
<li><a href="../authors/eberl/">Manuel Eberl</a></li>
<li><a href="../authors/echenim/">Mnacho Echenim</a></li>
<li><a href="../authors/edmonds/">Chelsea Edmonds</a></li>
<li><a href="../authors/engelhardt/">Kai Engelhardt</a></li>
<li><a href="../authors/eriksson/">Lars-Henrik Eriksson</a></li>
<li><a href="../authors/esparza/">Javier Esparza</a></li>
<li><a href="../authors/essmann/">Robin Eßmann</a></li>
<li><a href="../authors/felgenhauer/">Bertram Felgenhauer</a></li>
<li><a href="../authors/feliachi/">Abderrahmane Feliachi</a></li>
<li><a href="../authors/fell/">Julian Fell</a></li>
<li><a href="../authors/fernandez/">Matthew Fernandez</a></li>
<li><a href="../authors/fiedler/">Ben Fiedler</a></li>
<li><a href="../authors/fleuriot/">Jacques D. Fleuriot</a></li>
<li><a href="../authors/fleury/">Mathias Fleury</a></li>
<li><a href="../authors/foster/">Michael Foster</a></li>
<li><a href="../authors/fosterj/">J. Nathan Foster</a></li>
<li><a href="../authors/fosters/">Simon Foster</a></li>
<li><a href="../authors/fouillard/">Valentin Fouillard</a></li>
<li><a href="../authors/friedrich/">Stefan Friedrich</a></li>
<li><a href="../authors/from/">Asta Halkjær From</a></li>
<li><a href="../authors/fuenmayor/">David Fuenmayor</a></li>
<li><a href="../authors/furusawa/">Hitoshi Furusawa</a></li>
<li><a href="../authors/gammie/">Peter Gammie</a></li>
<li><a href="../authors/gao/">Xin Gao</a></li>
<li><a href="../authors/gaudel/">Marie-Claude Gaudel</a></li>
<li><a href="../authors/gay/">Richard Gay</a></li>
<li><a href="../authors/georgescu/">George Georgescu</a></li>
<li><a href="../authors/gheri/">Lorenzo Gheri</a></li>
<li><a href="../authors/ghourabi/">Fadoua Ghourabi</a></li>
<li><a href="../authors/gioiosa/">Gianpaolo Gioiosa</a></li>
<li><a href="../authors/glabbeek/">Rob van Glabbeek</a></li>
<li><a href="../authors/gomes/">Victor B. F. Gomes</a></li>
<li><a href="../authors/gonzalez/">Edgar Gonzàlez</a></li>
<li><a href="../authors/gore/">Rajeev Gore</a></li>
<li><a href="../authors/gouezel/">Sebastien Gouezel</a></li>
<li><a href="../authors/grechuk/">Bogdan Grechuk</a></li>
<li><a href="../authors/grewe/">Sylvia Grewe</a></li>
<li><a href="../authors/griebel/">Simon Griebel</a></li>
<li><a href="../authors/grov/">Gudmund Grov</a></li>
<li><a href="../authors/guerraoui/">Rachid Guerraoui</a></li>
<li><a href="../authors/guiol/">Hervé Guiol</a></li>
<li><a href="../authors/gunther/">Emmanuel Gunther</a></li>
<li><a href="../authors/gutkovas/">Ramunas Gutkovas</a></li>
<li><a href="../authors/guttmann/">Walter Guttmann</a></li>
<li><a href="../authors/haftmann/">Florian Haftmann</a></li>
<li><a href="../authors/haslbeck/">Max W. Haslbeck</a></li>
<li><a href="../authors/haslbeckm/">Maximilian P. L. Haslbeck</a></li>
<li><a href="../authors/havle/">Oto Havle</a></li>
<li><a href="../authors/hayes/">Ian J. Hayes</a></li>
<li><a href="../authors/he/">Yijun He</a></li>
<li><a href="../authors/heimes/">Lukas Heimes</a></li>
<li><a href="../authors/helke/">Steffen Helke</a></li>
<li><a href="../authors/hellauer/">Fabian Hellauer</a></li>
<li><a href="../authors/heller/">Armin Heller</a></li>
<li><a href="../authors/henrio/">Ludovic Henrio</a></li>
<li><a href="../authors/herzberg/">Michael Herzberg</a></li>
<li><a href="../authors/hess/">Andreas V. Hess</a></li>
<li><a href="../authors/hetzl/">Stefan Hetzl</a></li>
<li><a href="../authors/hibon/">Quentin Hibon</a></li>
<li><a href="../authors/hirata/">Michikazu Hirata</a></li>
<li><a href="../authors/hoefner/">Peter Höfner</a></li>
<li><a href="../authors/hoelzl/">Johannes Hölzl</a></li>
<li><a href="../authors/hofmann/">Martin Hofmann</a></li>
<li><a href="../authors/holub/">Štěpán Holub</a></li>
<li><a href="../authors/hosking/">Tony Hosking</a></li>
<li><a href="../authors/hou/">Zhe Hou</a></li>
<li><a href="../authors/hu/">Shuwei Hu</a></li>
<li><a href="../authors/huffman/">Brian Huffman</a></li>
<li><a href="../authors/hupel/">Lars Hupel</a></li>
<li><a href="../authors/ijbema/">Mark Ijbema</a></li>
<li><a href="../authors/immler/">Fabian Immler</a></li>
<li><a href="../authors/ito/">Yosuke Ito</a></li>
<li><a href="../authors/iwama/">Fumiya Iwama</a></li>
<li><a href="../authors/jacobsen/">Frederik Krogsdal Jacobsen</a></li>
<li><a href="../authors/jaskelioff/">Mauro Jaskelioff</a></li>
<li><a href="../authors/jaskolka/">Jason Jaskolka</a></li>
<li><a href="../authors/jensen/">Alexander Birch Jensen</a></li>
<li><a href="../authors/jiang/">Nan Jiang</a></li>
<li><a href="../authors/jiangd/">Dongchen Jiang</a></li>
<li><a href="../authors/joosten/">Sebastiaan J. C. Joosten</a></li>
<li><a href="../authors/jungnickel/">Tim Jungnickel</a></li>
<li><a href="../authors/kadzioka/">Maya Kądziołka</a></li>
<li><a href="../authors/kaliszyk/">Cezary Kaliszyk</a></li>
<li><a href="../authors/kammueller/">Florian Kammüller</a></li>
<li><a href="../authors/kappelmann/">Kevin Kappelmann</a></li>
<li><a href="../authors/karayel/">Emin Karayel</a></li>
<li><a href="../authors/kastermans/">Bart Kastermans</a></li>
<li><a href="../authors/katovsky/">Alexander Katovsky</a></li>
<li><a href="../authors/kaufmann/">Daniela Kaufmann</a></li>
<li><a href="../authors/keefe/">Greg O&#39;Keefe</a></li>
<li><a href="../authors/keinholz/">Jonas Keinholz</a></li>
<li><a href="../authors/kerber/">Manfred Kerber</a></li>
<li><a href="../authors/ketland/">Jeffrey Ketland</a></li>
<li><a href="../authors/kirchner/">Daniel Kirchner</a></li>
<li><a href="../authors/klein/">Gerwin Klein</a></li>
<li><a href="../authors/klenze/">Tobias Klenze</a></li>
<li><a href="../authors/kleppmann/">Martin Kleppmann</a></li>
<li><a href="../authors/kobayashi/">Hidetsune Kobayashi</a></li>
<li><a href="../authors/koerner/">Stefan Körner</a></li>
<li><a href="../authors/kolanski/">Rafal Kolanski</a></li>
<li><a href="../authors/koller/">Lukas Koller</a></li>
<li><a href="../authors/krauss/">Alexander Krauss</a></li>
<li><a href="../authors/kreuzer/">Katharina Kreuzer</a></li>
<li><a href="../authors/kuncak/">Viktor Kuncak</a></li>
<li><a href="../authors/kuncar/">Ondřej Kunčar</a></li>
<li><a href="../authors/kurz/">Friedrich Kurz</a></li>
<li><a href="../authors/lachnitt/">Hanna Lachnitt</a></li>
<li><a href="../authors/lallemand/">Joseph Lallemand</a></li>
<li><a href="../authors/lammich/">Peter Lammich</a></li>
<li><a href="../authors/lange/">Christoph Lange</a></li>
<li><a href="../authors/langenstein/">Bruno Langenstein</a></li>
<li><a href="../authors/lattuada/">Andrea Lattuada</a></li>
<li><a href="../authors/lee/">Holden Lee</a></li>
<li><a href="../authors/leustean/">Laurentiu Leustean</a></li>
<li><a href="../authors/lewis/">Corey Lewis</a></li>
<li><a href="../authors/li/">Wenda Li</a></li>
<li><a href="../authors/lim/">Japheth Lim</a></li>
<li><a href="../authors/lindenberg/">Christina Lindenberg</a></li>
<li><a href="../authors/linker/">Sven Linker</a></li>
<li><a href="../authors/liu/">Junyi Liu</a></li>
<li><a href="../authors/liut/">Tao Liu</a></li>
<li><a href="../authors/liuy/">Yang Liu</a></li>
<li><a href="../authors/liy/">Yangjia Li</a></li>
<li><a href="../authors/lochbihler/">Andreas Lochbihler</a></li>
<li><a href="../authors/lochmann/">Alexander Lochmann</a></li>
<li><a href="../authors/lohner/">Denis Lohner</a></li>
<li><a href="../authors/loibl/">Matthias Loibl</a></li>
<li><a href="../authors/londono/">Alejandro Gómez-Londoño</a></li>
<li><a href="../authors/losa/">Giuliano Losa</a></li>
<li><a href="../authors/lutz/">Bianca Lutz</a></li>
<li><a href="../authors/lux/">Alexander Lux</a></li>
<li><a href="../authors/makarios/">T. J. M. Makarios</a></li>
<li><a href="../authors/maletzky/">Alexander Maletzky</a></li>
<li><a href="../authors/mansky/">Susannah Mansky</a></li>
<li><a href="../authors/mantel/">Heiko Mantel</a></li>
<li><a href="../authors/margetson/">James Margetson</a></li>
<li><a href="../authors/maric/">Ognjen Marić</a></li>
<li><a href="../authors/maricf/">Filip Marić</a></li>
<li><a href="../authors/marmsoler/">Diego Marmsoler</a></li>
<li><a href="../authors/matache/">Cristina Matache</a></li>
<li><a href="../authors/matichuk/">Daniel Matichuk</a></li>
<li><a href="../authors/matiyasevich/">Yuri Matiyasevich</a></li>
<li><a href="../authors/maximova/">Alexandra Maximova</a></li>
<li><a href="../authors/meis/">Rene Meis</a></li>
<li><a href="../authors/merz/">Stephan Merz</a></li>
<li><a href="../authors/messner/">Florian Messner</a></li>
<li><a href="../authors/michaelis/">Julius Michaelis</a></li>
<li><a href="../authors/milehins/">Mihails Milehins</a></li>
<li><a href="../authors/minamide/">Yasuhiko Minamide</a></li>
<li><a href="../authors/mitchell/">Neil Mitchell</a></li>
<li><a href="../authors/mitsch/">Stefan Mitsch</a></li>
<li><a href="../authors/moedersheim/">Sebastian Mödersheim</a></li>
<li><a href="../authors/moeller/">Bernhard Möller</a></li>
<li><a href="../authors/muendler/">Niels Mündler</a></li>
<li><a href="../authors/mulligan/">Dominic P. Mulligan</a></li>
<li><a href="../authors/munive/">Jonathan Julian Huerta y Munive</a></li>
<li><a href="../authors/murao/">H. Murao</a></li>
<li><a href="../authors/murray/">Toby Murray</a></li>
<li><a href="../authors/nagashima/">Yutaka Nagashima</a></li>
<li><a href="../authors/nagele/">Julian Nagele</a></li>
<li><a href="../authors/naraschewski/">Wolfgang Naraschewski</a></li>
<li><a href="../authors/nedzelsky/">Michael Nedzelsky</a></li>
<li><a href="../authors/nemeti/">István Németi</a></li>
<li><a href="../authors/nemouchi/">Yakoub Nemouchi</a></li>
<li><a href="../authors/nestmann/">Uwe Nestmann</a></li>
<li><a href="../authors/neumann/">René Neumann</a></li>
<li><a href="../authors/nielsen/">Finn Nielsen</a></li>
<li><a href="../authors/nikiforov/">Denis Nikiforov</a></li>
<li><a href="../authors/nipkow/">Tobias Nipkow</a></li>
<li><a href="../authors/nishihara/">Toshiaki Nishihara</a></li>
<li><a href="../authors/noce/">Pasquale Noce</a></li>
<li><a href="../authors/nordhoff/">Benedikt Nordhoff</a></li>
<li><a href="../authors/noschinski/">Lars Noschinski</a></li>
<li><a href="../authors/obua/">Steven Obua</a></li>
<li><a href="../authors/ogawa/">Mizuhito Ogawa</a></li>
<li><a href="../authors/oldenburg/">Lennart Oldenburg</a></li>
<li><a href="../authors/olm/">Markus Müller-Olm</a></li>
<li><a href="../authors/oosterhuis/">Roelof Oosterhuis</a></li>
<li><a href="../authors/oostrom/">Vincent van Oostrom</a></li>
<li><a href="../authors/ortner/">Veronika Ortner</a></li>
<li><a href="../authors/overbeek/">Roy Overbeek</a></li>
<li><a href="../authors/pagano/">Miguel Pagano</a></li>
<li><a href="../authors/pal/">Abhik Pal</a></li>
<li><a href="../authors/paleo/">Bruno Woltzenlogel Paleo</a></li>
<li><a href="../authors/palmer/">Jake Palmer</a></li>
<li><a href="../authors/parkinson/">Matthew Parkinson</a></li>
<li><a href="../authors/parrow/">Joachim Parrow</a></li>
<li><a href="../authors/parsert/">Julian Parsert</a></li>
<li><a href="../authors/paulson/">Lawrence C. Paulson</a></li>
<li><a href="../authors/peltier/">Nicolas Peltier</a></li>
<li><a href="../authors/peters/">Kirstin Peters</a></li>
<li><a href="../authors/petrovic/">Danijela Petrovic</a></li>
<li><a href="../authors/pierzchalski/">Edward Pierzchalski</a></li>
<li><a href="../authors/platzer/">André Platzer</a></li>
<li><a href="../authors/pollak/">Florian Pollak</a></li>
<li><a href="../authors/popescu/">Andrei Popescu</a></li>
<li><a href="../authors/porter/">Benjamin Porter</a></li>
<li><a href="../authors/prathamesh/">T.V.H. Prathamesh</a></li>
<li><a href="../authors/preoteasa/">Viorel Preoteasa</a></li>
<li><a href="../authors/pusch/">Cornelia Pusch</a></li>
<li><a href="../authors/rabe/">Markus N. Rabe</a></li>
<li><a href="../authors/raedle/">Jonas Rädle</a></li>
<li><a href="../authors/raska/">Martin Raška</a></li>
<li><a href="../authors/raszyk/">Martin Raszyk</a></li>
<li><a href="../authors/rau/">Martin Rau</a></li>
<li><a href="../authors/rauch/">Nicole Rauch</a></li>
<li><a href="../authors/raumer/">Jakob von Raumer</a></li>
<li><a href="../authors/ravindran/">Binoy Ravindran</a></li>
<li><a href="../authors/rawson/">Michael Rawson</a></li>
<li><a href="../authors/raya/">Rodrigo Raya</a></li>
<li><a href="../authors/regensburger/">Franz Regensburger</a></li>
<li><a href="../authors/reiche/">Sebastian Reiche</a></li>
<li><a href="../authors/reiter/">Markus Reiter</a></li>
<li><a href="../authors/reynaud/">Alban Reynaud</a></li>
<li><a href="../authors/ribeiro/">Pedro Ribeiro</a></li>
<li><a href="../authors/richter/">Stefan Richter</a></li>
<li><a href="../authors/rickmann/">Christina Rickmann</a></li>
<li><a href="../authors/ridge/">Tom Ridge</a></li>
<li><a href="../authors/rizaldi/">Albert Rizaldi</a></li>
<li><a href="../authors/rizkallah/">Christine Rizkallah</a></li>
<li><a href="../authors/robillard/">Simon Robillard</a></li>
<li><a href="../authors/roessle/">Ian Roessle</a></li>
<li><a href="../authors/romanos/">Ralph Romanos</a></li>
<li><a href="../authors/rosskopf/">Simon Roßkopf</a></li>
<li><a href="../authors/rowat/">Colin Rowat</a></li>
<li><a href="../authors/sabouret/">Nicolas Sabouret</a></li>
<li><a href="../authors/sachtleben/">Robert Sachtleben</a></li>
<li><a href="../authors/saile/">Christian Saile</a></li>
<li><a href="../authors/sanan/">David Sanan</a></li>
<li><a href="../authors/sato/">Tetsuya Sato</a></li>
<li><a href="../authors/sauer/">Jens Sauer</a></li>
<li><a href="../authors/schaeffeler/">Maximilian Schäffeler</a></li>
<li><a href="../authors/scharager/">Matias Scharager</a></li>
<li><a href="../authors/schimpf/">Alexander Schimpf</a></li>
<li><a href="../authors/schirmer/">Norbert Schirmer</a></li>
<li><a href="../authors/schleicher/">Dierk Schleicher</a></li>
<li><a href="../authors/schlichtkrull/">Anders Schlichtkrull</a></li>
<li><a href="../authors/schmaltz/">Julien Schmaltz</a></li>
<li><a href="../authors/schmidinger/">Lukas Schmidinger</a></li>
<li><a href="../authors/schmoetten/">Richard Schmoetten</a></li>
<li><a href="../authors/schneider/">Joshua Schneider</a></li>
<li><a href="../authors/schoepe/">Daniel Schoepe</a></li>
<li><a href="../authors/schoepf/">Jonas Schöpf</a></li>
<li><a href="../authors/scott/">Dana Scott</a></li>
<li><a href="../authors/sefidgar/">S. Reza Sefidgar</a></li>
<li><a href="../authors/seidl/">Benedikt Seidl</a></li>
<li><a href="../authors/seidler/">Henning Seidler</a></li>
<li><a href="../authors/sewell/">Thomas Sewell</a></li>
<li><a href="../authors/sickert/">Salomon Sickert</a></li>
<li><a href="../authors/siek/">Jeremy Siek</a></li>
<li><a href="../authors/simic/">Danijela Simić</a></li>
<li><a href="../authors/sison/">Robert Sison</a></li>
<li><a href="../authors/smaus/">Jan-Georg Smaus</a></li>
<li><a href="../authors/smola/">Filip Smola</a></li>
<li><a href="../authors/snelting/">Gregor Snelting</a></li>
<li><a href="../authors/somaini/">Ivano Somaini</a></li>
<li><a href="../authors/somogyi/">Dániel Somogyi</a></li>
<li><a href="../authors/spasic/">Mirko Spasić</a></li>
<li><a href="../authors/spichkova/">Maria Spichkova</a></li>
<li><a href="../authors/sprenger/">Christoph Sprenger</a></li>
<li><a href="../authors/stannett/">Mike Stannett</a></li>
<li><a href="../authors/stark/">Eugene W. Stark</a></li>
<li><a href="../authors/starosta/">Štěpán Starosta</a></li>
<li><a href="../authors/steinberg/">Matías Steinberg</a></li>
<li><a href="../authors/stephan/">Werner Stephan</a></li>
<li><a href="../authors/sternagel/">Christian Sternagel</a></li>
<li><a href="../authors/sternagelt/">Thomas Sternagel</a></li>
<li><a href="../authors/stevens/">Lukas Stevens</a></li>
<li><a href="../authors/stock/">Benedikt Stock</a></li>
<li><a href="../authors/stricker/">Christian Stricker</a></li>
<li><a href="../authors/strnisa/">Rok Strniša</a></li>
<li><a href="../authors/struth/">Georg Struth</a></li>
<li><a href="../authors/stueber/">Anke Stüber</a></li>
<li><a href="../authors/stuewe/">Daniel Stüwe</a></li>
<li><a href="../authors/sudbrock/">Henning Sudbrock</a></li>
<li><a href="../authors/sudhof/">Henry Sudhof</a></li>
<li><a href="../authors/sulejmani/">Ujkan Sulejmani</a></li>
<li><a href="../authors/sylvestre/">Jeremy Sylvestre</a></li>
<li><a href="../authors/taha/">Safouan Taha</a></li>
<li><a href="../authors/tan/">Yong Kiam Tan</a></li>
<li><a href="../authors/tasch/">Markus Tasch</a></li>
<li><a href="../authors/taylor/">Ramsay G. Taylor</a></li>
<li><a href="../authors/terraf/">Pedro Sánchez Terraf</a></li>
<li><a href="../authors/thiemann/">René Thiemann</a></li>
<li><a href="../authors/thommes/">Joseph Thommes</a></li>
<li><a href="../authors/thomson/">Fox Thomson</a></li>
<li><a href="../authors/tiu/">Alwen Tiu</a></li>
<li><a href="../authors/toth/">Balazs Toth</a></li>
<li><a href="../authors/tourret/">Sophie Tourret</a></li>
<li><a href="../authors/trachtenherz/">David Trachtenherz</a></li>
<li><a href="../authors/traut/">Christoph Traut</a></li>
<li><a href="../authors/traytel/">Dmitriy Traytel</a></li>
+ <li><a href="../authors/trelat/">Vincent Trélat</a></li>
+
<li><a href="../authors/tuong/">Frédéric Tuong</a></li>
<li><a href="../authors/tuongj/">Joseph Tuong</a></li>
<li><a href="../authors/tverdyshev/">Sergey Tverdyshev</a></li>
<li><a href="../authors/ullrich/">Sebastian Ullrich</a></li>
<li><a href="../authors/unruh/">Dominique Unruh</a></li>
<li><a href="../authors/urban/">Christian Urban</a></li>
<li><a href="../authors/van/">Hai Nguyen Van</a></li>
<li><a href="../authors/velykis/">Andrius Velykis</a></li>
<li><a href="../authors/verbeek/">Freek Verbeek</a></li>
<li><a href="../authors/villadsen/">Jørgen Villadsen</a></li>
<li><a href="../authors/voisin/">Frederic Voisin</a></li>
<li><a href="../authors/vytiniotis/">Dimitrios Vytiniotis</a></li>
<li><a href="../authors/wagner/">Max Wagner</a></li>
<li><a href="../authors/waldmann/">Uwe Waldmann</a></li>
<li><a href="../authors/wand/">Daniel Wand</a></li>
<li><a href="../authors/wang/">Shuling Wang</a></li>
<li><a href="../authors/wassell/">Mark Wassell</a></li>
<li><a href="../authors/wasserrab/">Daniel Wasserrab</a></li>
<li><a href="../authors/watt/">Conrad Watt</a></li>
<li><a href="../authors/weber/">Tjark Weber</a></li>
<li><a href="../authors/weerwag/">Timmy Weerwag</a></li>
<li><a href="../authors/weidner/">Arno Wilhelm-Weidner</a></li>
<li><a href="../authors/wenzel/">Makarius Wenzel</a></li>
<li><a href="../authors/wickerson/">John Wickerson</a></li>
<li><a href="../authors/willenbrink/">Sebastian Willenbrink</a></li>
<li><a href="../authors/wimmer/">Simon Wimmer</a></li>
<li><a href="../authors/wirt/">Kai Wirt</a></li>
<li><a href="../authors/wolff/">Burkhart Wolff</a></li>
<li><a href="../authors/wu/">Chunhan Wu</a></li>
<li><a href="../authors/xu/">Jian Xu</a></li>
<li><a href="../authors/yamada/">Akihisa Yamada</a></li>
<li><a href="../authors/ye/">Lina Ye</a></li>
<li><a href="../authors/ying/">Shenggang Ying</a></li>
<li><a href="../authors/yingm/">Mingsheng Ying</a></li>
<li><a href="../authors/yu/">Lei Yu</a></li>
<li><a href="../authors/zankl/">Harald Zankl</a></li>
<li><a href="../authors/zee/">Karen Zee</a></li>
<li><a href="../authors/zeller/">Peter Zeller</a></li>
<li><a href="../authors/zeyda/">Frank Zeyda</a></li>
<li><a href="../authors/zhan/">Bohua Zhan</a></li>
<li><a href="../authors/zhang/">Yu Zhang</a></li>
<li><a href="../authors/zhangx/">Xingyuan Zhang</a></li>
<li><a href="../authors/zhann/">Naijun Zhan</a></li>
</ul>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/index.json b/web/authors/index.json
--- a/web/authors/index.json
+++ b/web/authors/index.json
@@ -1,1 +1,1 @@
-[{"id":0,"link":"/authors/abdulaziz/","name":"Mohammad Abdulaziz"},{"id":1,"link":"/authors/adelsberger/","name":"Stephan Adelsberger"},{"id":2,"link":"/authors/aehlig/","name":"Klaus Aehlig"},{"id":3,"link":"/authors/aissat/","name":"Romain Aissat"},{"id":4,"link":"/authors/amani/","name":"Sidney Amani"},{"id":5,"link":"/authors/ammer/","name":"Thomas Ammer"},{"id":6,"link":"/authors/andronick/","name":"June Andronick"},{"id":7,"link":"/authors/aransay/","name":"Jesús Aransay"},{"id":8,"link":"/authors/argyraki/","name":"Angeliki Koutsoukou-Argyraki"},{"id":9,"link":"/authors/armstrong/","name":"Alasdair Armstrong"},{"id":10,"link":"/authors/aspinall/","name":"David Aspinall"},{"id":11,"link":"/authors/ausaf/","name":"Fahad Ausaf"},{"id":12,"link":"/authors/avigad/","name":"Jeremy Avigad"},{"id":13,"link":"/authors/back/","name":"Ralph-Johan Back"},{"id":14,"link":"/authors/balbach/","name":"Frank J. Balbach"},{"id":15,"link":"/authors/ballarin/","name":"Clemens Ballarin"},{"id":16,"link":"/authors/barsotti/","name":"Damián Barsotti"},{"id":17,"link":"/authors/bauer/","name":"Gertrud Bauer"},{"id":18,"link":"/authors/bauereiss/","name":"Thomas Bauereiss"},{"id":19,"link":"/authors/bayer/","name":"Jonas Bayer"},{"id":20,"link":"/authors/becker/","name":"Heiko Becker"},{"id":21,"link":"/authors/beeren/","name":"Joel Beeren"},{"id":22,"link":"/authors/bella/","name":"Giampaolo Bella"},{"id":23,"link":"/authors/bengtson/","name":"Jesper Bengtson"},{"id":24,"link":"/authors/bentkamp/","name":"Alexander Bentkamp"},{"id":25,"link":"/authors/benzmueller/","name":"Christoph Benzmüller"},{"id":26,"link":"/authors/beresford/","name":"Alastair R. Beresford"},{"id":27,"link":"/authors/berghofer/","name":"Stefan Berghofer"},{"id":28,"link":"/authors/beringer/","name":"Lennart Beringer"},{"id":29,"link":"/authors/bharadwaj/","name":"Abhijith Bharadwaj"},{"id":30,"link":"/authors/bhatt/","name":"Bhargav Bhatt"},{"id":31,"link":"/authors/biendarra/","name":"Julian Biendarra"},{"id":32,"link":"/authors/bisping/","name":"Benjamin Bisping"},{"id":33,"link":"/authors/blanchette/","name":"Jasmin Christian Blanchette"},{"id":34,"link":"/authors/blasum/","name":"Holger Blasum"},{"id":35,"link":"/authors/blumson/","name":"Ben Blumson"},{"id":36,"link":"/authors/bockenek/","name":"Joshua Bockenek"},{"id":37,"link":"/authors/boehme/","name":"Sascha Böhme"},{"id":38,"link":"/authors/bohrer/","name":"Rose Bohrer"},{"id":39,"link":"/authors/bordg/","name":"Anthony Bordg"},{"id":40,"link":"/authors/borgstroem/","name":"Johannes Borgström"},{"id":41,"link":"/authors/bortin/","name":"Maksym Bortin"},{"id":42,"link":"/authors/bottesch/","name":"Ralph Bottesch"},{"id":43,"link":"/authors/boulanger/","name":"Frédéric Boulanger"},{"id":44,"link":"/authors/bourke/","name":"Timothy Bourke"},{"id":45,"link":"/authors/boutry/","name":"Pierre Boutry"},{"id":46,"link":"/authors/boyton/","name":"Andrew Boyton"},{"id":47,"link":"/authors/bracevac/","name":"Oliver Bračevac"},{"id":48,"link":"/authors/brandt/","name":"Felix Brandt"},{"id":49,"link":"/authors/breitner/","name":"Joachim Breitner"},{"id":50,"link":"/authors/brien/","name":"Nicolas Robinson-O'Brien"},{"id":51,"link":"/authors/brinkop/","name":"Hauke Brinkop"},{"id":52,"link":"/authors/brodmann/","name":"Paul-David Brodmann"},{"id":53,"link":"/authors/brucker/","name":"Achim D. Brucker"},{"id":54,"link":"/authors/bruegger/","name":"Lukas Brügger"},{"id":55,"link":"/authors/brun/","name":"Matthias Brun"},{"id":56,"link":"/authors/brunner/","name":"Julian Brunner"},{"id":57,"link":"/authors/bulwahn/","name":"Lukas Bulwahn"},{"id":58,"link":"/authors/butler/","name":"David Butler"},{"id":59,"link":"/authors/buyse/","name":"Maxime Buyse"},{"id":60,"link":"/authors/caballero/","name":"José Manuel Rodríguez Caballero"},{"id":61,"link":"/authors/caminati/","name":"Marco B. Caminati"},{"id":62,"link":"/authors/campo/","name":"Alejandro del Campo"},{"id":63,"link":"/authors/chapman/","name":"Peter Chapman"},{"id":64,"link":"/authors/chen/","name":"L. Chen"},{"id":65,"link":"/authors/clouston/","name":"Ranald Clouston"},{"id":66,"link":"/authors/cock/","name":"David Cock"},{"id":67,"link":"/authors/coghetto/","name":"Roland Coghetto"},{"id":68,"link":"/authors/coglio/","name":"Alessandro Coglio"},{"id":69,"link":"/authors/cohen/","name":"Ernie Cohen"},{"id":70,"link":"/authors/cordwell/","name":"Katherine Cordwell"},{"id":71,"link":"/authors/cousin/","name":"Marie Cousin"},{"id":72,"link":"/authors/crighton/","name":"Aaron Crighton"},{"id":73,"link":"/authors/dardinier/","name":"Thibault Dardinier"},{"id":74,"link":"/authors/david/","name":"Marco David"},{"id":75,"link":"/authors/debrat/","name":"Henri Debrat"},{"id":76,"link":"/authors/decova/","name":"Sára Decova"},{"id":77,"link":"/authors/derrick/","name":"John Derrick"},{"id":78,"link":"/authors/desharnais/","name":"Martin Desharnais"},{"id":79,"link":"/authors/diaz/","name":"Javier Díaz"},{"id":80,"link":"/authors/diekmann/","name":"Cornelius Diekmann"},{"id":81,"link":"/authors/dirix/","name":"Stefan Dirix"},{"id":82,"link":"/authors/dittmann/","name":"Christoph Dittmann"},{"id":83,"link":"/authors/divason/","name":"Jose Divasón"},{"id":84,"link":"/authors/doczkal/","name":"Christian Doczkal"},{"id":85,"link":"/authors/dongol/","name":"Brijesh Dongol"},{"id":86,"link":"/authors/doty/","name":"Matthew Wampler-Doty"},{"id":87,"link":"/authors/dubut/","name":"Jérémy Dubut"},{"id":88,"link":"/authors/dunaev/","name":"Georgy Dunaev"},{"id":89,"link":"/authors/dyckhoff/","name":"Roy Dyckhoff"},{"id":90,"link":"/authors/eberl/","name":"Manuel Eberl"},{"id":91,"link":"/authors/echenim/","name":"Mnacho Echenim"},{"id":92,"link":"/authors/edmonds/","name":"Chelsea Edmonds"},{"id":93,"link":"/authors/engelhardt/","name":"Kai Engelhardt"},{"id":94,"link":"/authors/eriksson/","name":"Lars-Henrik Eriksson"},{"id":95,"link":"/authors/esparza/","name":"Javier Esparza"},{"id":96,"link":"/authors/essmann/","name":"Robin Eßmann"},{"id":97,"link":"/authors/felgenhauer/","name":"Bertram Felgenhauer"},{"id":98,"link":"/authors/feliachi/","name":"Abderrahmane Feliachi"},{"id":99,"link":"/authors/fell/","name":"Julian Fell"},{"id":100,"link":"/authors/fernandez/","name":"Matthew Fernandez"},{"id":101,"link":"/authors/fiedler/","name":"Ben Fiedler"},{"id":102,"link":"/authors/fleuriot/","name":"Jacques D. Fleuriot"},{"id":103,"link":"/authors/fleury/","name":"Mathias Fleury"},{"id":104,"link":"/authors/foster/","name":"Michael Foster"},{"id":105,"link":"/authors/fosterj/","name":"J. Nathan Foster"},{"id":106,"link":"/authors/fosters/","name":"Simon Foster"},{"id":107,"link":"/authors/fouillard/","name":"Valentin Fouillard"},{"id":108,"link":"/authors/friedrich/","name":"Stefan Friedrich"},{"id":109,"link":"/authors/from/","name":"Asta Halkjær From"},{"id":110,"link":"/authors/fuenmayor/","name":"David Fuenmayor"},{"id":111,"link":"/authors/furusawa/","name":"Hitoshi Furusawa"},{"id":112,"link":"/authors/gammie/","name":"Peter Gammie"},{"id":113,"link":"/authors/gao/","name":"Xin Gao"},{"id":114,"link":"/authors/gaudel/","name":"Marie-Claude Gaudel"},{"id":115,"link":"/authors/gay/","name":"Richard Gay"},{"id":116,"link":"/authors/georgescu/","name":"George Georgescu"},{"id":117,"link":"/authors/gheri/","name":"Lorenzo Gheri"},{"id":118,"link":"/authors/ghourabi/","name":"Fadoua Ghourabi"},{"id":119,"link":"/authors/gioiosa/","name":"Gianpaolo Gioiosa"},{"id":120,"link":"/authors/glabbeek/","name":"Rob van Glabbeek"},{"id":121,"link":"/authors/gomes/","name":"Victor B. F. Gomes"},{"id":122,"link":"/authors/gonzalez/","name":"Edgar Gonzàlez"},{"id":123,"link":"/authors/gore/","name":"Rajeev Gore"},{"id":124,"link":"/authors/gouezel/","name":"Sebastien Gouezel"},{"id":125,"link":"/authors/grechuk/","name":"Bogdan Grechuk"},{"id":126,"link":"/authors/grewe/","name":"Sylvia Grewe"},{"id":127,"link":"/authors/griebel/","name":"Simon Griebel"},{"id":128,"link":"/authors/grov/","name":"Gudmund Grov"},{"id":129,"link":"/authors/guerraoui/","name":"Rachid Guerraoui"},{"id":130,"link":"/authors/guiol/","name":"Hervé Guiol"},{"id":131,"link":"/authors/gunther/","name":"Emmanuel Gunther"},{"id":132,"link":"/authors/gutkovas/","name":"Ramunas Gutkovas"},{"id":133,"link":"/authors/guttmann/","name":"Walter Guttmann"},{"id":134,"link":"/authors/haftmann/","name":"Florian Haftmann"},{"id":135,"link":"/authors/haslbeck/","name":"Max W. Haslbeck"},{"id":136,"link":"/authors/haslbeckm/","name":"Maximilian P. L. Haslbeck"},{"id":137,"link":"/authors/havle/","name":"Oto Havle"},{"id":138,"link":"/authors/hayes/","name":"Ian J. Hayes"},{"id":139,"link":"/authors/he/","name":"Yijun He"},{"id":140,"link":"/authors/heimes/","name":"Lukas Heimes"},{"id":141,"link":"/authors/helke/","name":"Steffen Helke"},{"id":142,"link":"/authors/hellauer/","name":"Fabian Hellauer"},{"id":143,"link":"/authors/heller/","name":"Armin Heller"},{"id":144,"link":"/authors/henrio/","name":"Ludovic Henrio"},{"id":145,"link":"/authors/herzberg/","name":"Michael Herzberg"},{"id":146,"link":"/authors/hess/","name":"Andreas V. Hess"},{"id":147,"link":"/authors/hetzl/","name":"Stefan Hetzl"},{"id":148,"link":"/authors/hibon/","name":"Quentin Hibon"},{"id":149,"link":"/authors/hirata/","name":"Michikazu Hirata"},{"id":150,"link":"/authors/hoefner/","name":"Peter Höfner"},{"id":151,"link":"/authors/hoelzl/","name":"Johannes Hölzl"},{"id":152,"link":"/authors/hofmann/","name":"Martin Hofmann"},{"id":153,"link":"/authors/holub/","name":"Štěpán Holub"},{"id":154,"link":"/authors/hosking/","name":"Tony Hosking"},{"id":155,"link":"/authors/hou/","name":"Zhe Hou"},{"id":156,"link":"/authors/hu/","name":"Shuwei Hu"},{"id":157,"link":"/authors/huffman/","name":"Brian Huffman"},{"id":158,"link":"/authors/hupel/","name":"Lars Hupel"},{"id":159,"link":"/authors/ijbema/","name":"Mark Ijbema"},{"id":160,"link":"/authors/immler/","name":"Fabian Immler"},{"id":161,"link":"/authors/ito/","name":"Yosuke Ito"},{"id":162,"link":"/authors/iwama/","name":"Fumiya Iwama"},{"id":163,"link":"/authors/jacobsen/","name":"Frederik Krogsdal Jacobsen"},{"id":164,"link":"/authors/jaskelioff/","name":"Mauro Jaskelioff"},{"id":165,"link":"/authors/jaskolka/","name":"Jason Jaskolka"},{"id":166,"link":"/authors/jensen/","name":"Alexander Birch Jensen"},{"id":167,"link":"/authors/jiang/","name":"Nan Jiang"},{"id":168,"link":"/authors/jiangd/","name":"Dongchen Jiang"},{"id":169,"link":"/authors/joosten/","name":"Sebastiaan J. C. Joosten"},{"id":170,"link":"/authors/jungnickel/","name":"Tim Jungnickel"},{"id":171,"link":"/authors/kadzioka/","name":"Maya Kądziołka"},{"id":172,"link":"/authors/kaliszyk/","name":"Cezary Kaliszyk"},{"id":173,"link":"/authors/kammueller/","name":"Florian Kammüller"},{"id":174,"link":"/authors/kappelmann/","name":"Kevin Kappelmann"},{"id":175,"link":"/authors/karayel/","name":"Emin Karayel"},{"id":176,"link":"/authors/kastermans/","name":"Bart Kastermans"},{"id":177,"link":"/authors/katovsky/","name":"Alexander Katovsky"},{"id":178,"link":"/authors/kaufmann/","name":"Daniela Kaufmann"},{"id":179,"link":"/authors/keefe/","name":"Greg O'Keefe"},{"id":180,"link":"/authors/keinholz/","name":"Jonas Keinholz"},{"id":181,"link":"/authors/kerber/","name":"Manfred Kerber"},{"id":182,"link":"/authors/ketland/","name":"Jeffrey Ketland"},{"id":183,"link":"/authors/kirchner/","name":"Daniel Kirchner"},{"id":184,"link":"/authors/klein/","name":"Gerwin Klein"},{"id":185,"link":"/authors/klenze/","name":"Tobias Klenze"},{"id":186,"link":"/authors/kleppmann/","name":"Martin Kleppmann"},{"id":187,"link":"/authors/kobayashi/","name":"Hidetsune Kobayashi"},{"id":188,"link":"/authors/koerner/","name":"Stefan Körner"},{"id":189,"link":"/authors/kolanski/","name":"Rafal Kolanski"},{"id":190,"link":"/authors/koller/","name":"Lukas Koller"},{"id":191,"link":"/authors/krauss/","name":"Alexander Krauss"},{"id":192,"link":"/authors/kreuzer/","name":"Katharina Kreuzer"},{"id":193,"link":"/authors/kuncak/","name":"Viktor Kuncak"},{"id":194,"link":"/authors/kuncar/","name":"Ondřej Kunčar"},{"id":195,"link":"/authors/kurz/","name":"Friedrich Kurz"},{"id":196,"link":"/authors/lachnitt/","name":"Hanna Lachnitt"},{"id":197,"link":"/authors/lallemand/","name":"Joseph Lallemand"},{"id":198,"link":"/authors/lammich/","name":"Peter Lammich"},{"id":199,"link":"/authors/lange/","name":"Christoph Lange"},{"id":200,"link":"/authors/langenstein/","name":"Bruno Langenstein"},{"id":201,"link":"/authors/lattuada/","name":"Andrea Lattuada"},{"id":202,"link":"/authors/lee/","name":"Holden Lee"},{"id":203,"link":"/authors/leustean/","name":"Laurentiu Leustean"},{"id":204,"link":"/authors/lewis/","name":"Corey Lewis"},{"id":205,"link":"/authors/li/","name":"Wenda Li"},{"id":206,"link":"/authors/lim/","name":"Japheth Lim"},{"id":207,"link":"/authors/lindenberg/","name":"Christina Lindenberg"},{"id":208,"link":"/authors/linker/","name":"Sven Linker"},{"id":209,"link":"/authors/liu/","name":"Junyi Liu"},{"id":210,"link":"/authors/liut/","name":"Tao Liu"},{"id":211,"link":"/authors/liuy/","name":"Yang Liu"},{"id":212,"link":"/authors/liy/","name":"Yangjia Li"},{"id":213,"link":"/authors/lochbihler/","name":"Andreas Lochbihler"},{"id":214,"link":"/authors/lochmann/","name":"Alexander Lochmann"},{"id":215,"link":"/authors/lohner/","name":"Denis Lohner"},{"id":216,"link":"/authors/loibl/","name":"Matthias Loibl"},{"id":217,"link":"/authors/londono/","name":"Alejandro Gómez-Londoño"},{"id":218,"link":"/authors/losa/","name":"Giuliano Losa"},{"id":219,"link":"/authors/lutz/","name":"Bianca Lutz"},{"id":220,"link":"/authors/lux/","name":"Alexander Lux"},{"id":221,"link":"/authors/makarios/","name":"T. J. M. Makarios"},{"id":222,"link":"/authors/maletzky/","name":"Alexander Maletzky"},{"id":223,"link":"/authors/mansky/","name":"Susannah Mansky"},{"id":224,"link":"/authors/mantel/","name":"Heiko Mantel"},{"id":225,"link":"/authors/margetson/","name":"James Margetson"},{"id":226,"link":"/authors/maric/","name":"Ognjen Marić"},{"id":227,"link":"/authors/maricf/","name":"Filip Marić"},{"id":228,"link":"/authors/marmsoler/","name":"Diego Marmsoler"},{"id":229,"link":"/authors/matache/","name":"Cristina Matache"},{"id":230,"link":"/authors/matichuk/","name":"Daniel Matichuk"},{"id":231,"link":"/authors/matiyasevich/","name":"Yuri Matiyasevich"},{"id":232,"link":"/authors/maximova/","name":"Alexandra Maximova"},{"id":233,"link":"/authors/meis/","name":"Rene Meis"},{"id":234,"link":"/authors/merz/","name":"Stephan Merz"},{"id":235,"link":"/authors/messner/","name":"Florian Messner"},{"id":236,"link":"/authors/michaelis/","name":"Julius Michaelis"},{"id":237,"link":"/authors/milehins/","name":"Mihails Milehins"},{"id":238,"link":"/authors/minamide/","name":"Yasuhiko Minamide"},{"id":239,"link":"/authors/mitchell/","name":"Neil Mitchell"},{"id":240,"link":"/authors/mitsch/","name":"Stefan Mitsch"},{"id":241,"link":"/authors/moedersheim/","name":"Sebastian Mödersheim"},{"id":242,"link":"/authors/moeller/","name":"Bernhard Möller"},{"id":243,"link":"/authors/muendler/","name":"Niels Mündler"},{"id":244,"link":"/authors/mulligan/","name":"Dominic P. Mulligan"},{"id":245,"link":"/authors/munive/","name":"Jonathan Julian Huerta y Munive"},{"id":246,"link":"/authors/murao/","name":"H. Murao"},{"id":247,"link":"/authors/murray/","name":"Toby Murray"},{"id":248,"link":"/authors/nagashima/","name":"Yutaka Nagashima"},{"id":249,"link":"/authors/nagele/","name":"Julian Nagele"},{"id":250,"link":"/authors/naraschewski/","name":"Wolfgang Naraschewski"},{"id":251,"link":"/authors/nedzelsky/","name":"Michael Nedzelsky"},{"id":252,"link":"/authors/nemeti/","name":"István Németi"},{"id":253,"link":"/authors/nemouchi/","name":"Yakoub Nemouchi"},{"id":254,"link":"/authors/nestmann/","name":"Uwe Nestmann"},{"id":255,"link":"/authors/neumann/","name":"René Neumann"},{"id":256,"link":"/authors/nielsen/","name":"Finn Nielsen"},{"id":257,"link":"/authors/nikiforov/","name":"Denis Nikiforov"},{"id":258,"link":"/authors/nipkow/","name":"Tobias Nipkow"},{"id":259,"link":"/authors/nishihara/","name":"Toshiaki Nishihara"},{"id":260,"link":"/authors/noce/","name":"Pasquale Noce"},{"id":261,"link":"/authors/nordhoff/","name":"Benedikt Nordhoff"},{"id":262,"link":"/authors/noschinski/","name":"Lars Noschinski"},{"id":263,"link":"/authors/obua/","name":"Steven Obua"},{"id":264,"link":"/authors/ogawa/","name":"Mizuhito Ogawa"},{"id":265,"link":"/authors/oldenburg/","name":"Lennart Oldenburg"},{"id":266,"link":"/authors/olm/","name":"Markus Müller-Olm"},{"id":267,"link":"/authors/oosterhuis/","name":"Roelof Oosterhuis"},{"id":268,"link":"/authors/oostrom/","name":"Vincent van Oostrom"},{"id":269,"link":"/authors/ortner/","name":"Veronika Ortner"},{"id":270,"link":"/authors/overbeek/","name":"Roy Overbeek"},{"id":271,"link":"/authors/pagano/","name":"Miguel Pagano"},{"id":272,"link":"/authors/pal/","name":"Abhik Pal"},{"id":273,"link":"/authors/paleo/","name":"Bruno Woltzenlogel Paleo"},{"id":274,"link":"/authors/palmer/","name":"Jake Palmer"},{"id":275,"link":"/authors/parkinson/","name":"Matthew Parkinson"},{"id":276,"link":"/authors/parrow/","name":"Joachim Parrow"},{"id":277,"link":"/authors/parsert/","name":"Julian Parsert"},{"id":278,"link":"/authors/paulson/","name":"Lawrence C. Paulson"},{"id":279,"link":"/authors/peltier/","name":"Nicolas Peltier"},{"id":280,"link":"/authors/peters/","name":"Kirstin Peters"},{"id":281,"link":"/authors/petrovic/","name":"Danijela Petrovic"},{"id":282,"link":"/authors/pierzchalski/","name":"Edward Pierzchalski"},{"id":283,"link":"/authors/platzer/","name":"André Platzer"},{"id":284,"link":"/authors/pollak/","name":"Florian Pollak"},{"id":285,"link":"/authors/popescu/","name":"Andrei Popescu"},{"id":286,"link":"/authors/porter/","name":"Benjamin Porter"},{"id":287,"link":"/authors/prathamesh/","name":"T.V.H. Prathamesh"},{"id":288,"link":"/authors/preoteasa/","name":"Viorel Preoteasa"},{"id":289,"link":"/authors/pusch/","name":"Cornelia Pusch"},{"id":290,"link":"/authors/rabe/","name":"Markus N. Rabe"},{"id":291,"link":"/authors/raedle/","name":"Jonas Rädle"},{"id":292,"link":"/authors/raska/","name":"Martin Raška"},{"id":293,"link":"/authors/raszyk/","name":"Martin Raszyk"},{"id":294,"link":"/authors/rau/","name":"Martin Rau"},{"id":295,"link":"/authors/rauch/","name":"Nicole Rauch"},{"id":296,"link":"/authors/raumer/","name":"Jakob von Raumer"},{"id":297,"link":"/authors/ravindran/","name":"Binoy Ravindran"},{"id":298,"link":"/authors/rawson/","name":"Michael Rawson"},{"id":299,"link":"/authors/raya/","name":"Rodrigo Raya"},{"id":300,"link":"/authors/regensburger/","name":"Franz Regensburger"},{"id":301,"link":"/authors/reiche/","name":"Sebastian Reiche"},{"id":302,"link":"/authors/reiter/","name":"Markus Reiter"},{"id":303,"link":"/authors/reynaud/","name":"Alban Reynaud"},{"id":304,"link":"/authors/ribeiro/","name":"Pedro Ribeiro"},{"id":305,"link":"/authors/richter/","name":"Stefan Richter"},{"id":306,"link":"/authors/rickmann/","name":"Christina Rickmann"},{"id":307,"link":"/authors/ridge/","name":"Tom Ridge"},{"id":308,"link":"/authors/rizaldi/","name":"Albert Rizaldi"},{"id":309,"link":"/authors/rizkallah/","name":"Christine Rizkallah"},{"id":310,"link":"/authors/robillard/","name":"Simon Robillard"},{"id":311,"link":"/authors/roessle/","name":"Ian Roessle"},{"id":312,"link":"/authors/romanos/","name":"Ralph Romanos"},{"id":313,"link":"/authors/rosskopf/","name":"Simon Roßkopf"},{"id":314,"link":"/authors/rowat/","name":"Colin Rowat"},{"id":315,"link":"/authors/sabouret/","name":"Nicolas Sabouret"},{"id":316,"link":"/authors/sachtleben/","name":"Robert Sachtleben"},{"id":317,"link":"/authors/saile/","name":"Christian Saile"},{"id":318,"link":"/authors/sanan/","name":"David Sanan"},{"id":319,"link":"/authors/sato/","name":"Tetsuya Sato"},{"id":320,"link":"/authors/sauer/","name":"Jens Sauer"},{"id":321,"link":"/authors/schaeffeler/","name":"Maximilian Schäffeler"},{"id":322,"link":"/authors/scharager/","name":"Matias Scharager"},{"id":323,"link":"/authors/schimpf/","name":"Alexander Schimpf"},{"id":324,"link":"/authors/schirmer/","name":"Norbert Schirmer"},{"id":325,"link":"/authors/schleicher/","name":"Dierk Schleicher"},{"id":326,"link":"/authors/schlichtkrull/","name":"Anders Schlichtkrull"},{"id":327,"link":"/authors/schmaltz/","name":"Julien Schmaltz"},{"id":328,"link":"/authors/schmidinger/","name":"Lukas Schmidinger"},{"id":329,"link":"/authors/schmoetten/","name":"Richard Schmoetten"},{"id":330,"link":"/authors/schneider/","name":"Joshua Schneider"},{"id":331,"link":"/authors/schoepe/","name":"Daniel Schoepe"},{"id":332,"link":"/authors/schoepf/","name":"Jonas Schöpf"},{"id":333,"link":"/authors/scott/","name":"Dana Scott"},{"id":334,"link":"/authors/sefidgar/","name":"S. Reza Sefidgar"},{"id":335,"link":"/authors/seidl/","name":"Benedikt Seidl"},{"id":336,"link":"/authors/seidler/","name":"Henning Seidler"},{"id":337,"link":"/authors/sewell/","name":"Thomas Sewell"},{"id":338,"link":"/authors/sickert/","name":"Salomon Sickert"},{"id":339,"link":"/authors/siek/","name":"Jeremy Siek"},{"id":340,"link":"/authors/simic/","name":"Danijela Simić"},{"id":341,"link":"/authors/sison/","name":"Robert Sison"},{"id":342,"link":"/authors/smaus/","name":"Jan-Georg Smaus"},{"id":343,"link":"/authors/smola/","name":"Filip Smola"},{"id":344,"link":"/authors/snelting/","name":"Gregor Snelting"},{"id":345,"link":"/authors/somaini/","name":"Ivano Somaini"},{"id":346,"link":"/authors/somogyi/","name":"Dániel Somogyi"},{"id":347,"link":"/authors/spasic/","name":"Mirko Spasić"},{"id":348,"link":"/authors/spichkova/","name":"Maria Spichkova"},{"id":349,"link":"/authors/sprenger/","name":"Christoph Sprenger"},{"id":350,"link":"/authors/stannett/","name":"Mike Stannett"},{"id":351,"link":"/authors/stark/","name":"Eugene W. Stark"},{"id":352,"link":"/authors/starosta/","name":"Štěpán Starosta"},{"id":353,"link":"/authors/steinberg/","name":"Matías Steinberg"},{"id":354,"link":"/authors/stephan/","name":"Werner Stephan"},{"id":355,"link":"/authors/sternagel/","name":"Christian Sternagel"},{"id":356,"link":"/authors/sternagelt/","name":"Thomas Sternagel"},{"id":357,"link":"/authors/stevens/","name":"Lukas Stevens"},{"id":358,"link":"/authors/stock/","name":"Benedikt Stock"},{"id":359,"link":"/authors/stricker/","name":"Christian Stricker"},{"id":360,"link":"/authors/strnisa/","name":"Rok Strniša"},{"id":361,"link":"/authors/struth/","name":"Georg Struth"},{"id":362,"link":"/authors/stueber/","name":"Anke Stüber"},{"id":363,"link":"/authors/stuewe/","name":"Daniel Stüwe"},{"id":364,"link":"/authors/sudbrock/","name":"Henning Sudbrock"},{"id":365,"link":"/authors/sudhof/","name":"Henry Sudhof"},{"id":366,"link":"/authors/sulejmani/","name":"Ujkan Sulejmani"},{"id":367,"link":"/authors/sylvestre/","name":"Jeremy Sylvestre"},{"id":368,"link":"/authors/taha/","name":"Safouan Taha"},{"id":369,"link":"/authors/tan/","name":"Yong Kiam Tan"},{"id":370,"link":"/authors/tasch/","name":"Markus Tasch"},{"id":371,"link":"/authors/taylor/","name":"Ramsay G. Taylor"},{"id":372,"link":"/authors/terraf/","name":"Pedro Sánchez Terraf"},{"id":373,"link":"/authors/thiemann/","name":"René Thiemann"},{"id":374,"link":"/authors/thommes/","name":"Joseph Thommes"},{"id":375,"link":"/authors/thomson/","name":"Fox Thomson"},{"id":376,"link":"/authors/tiu/","name":"Alwen Tiu"},{"id":377,"link":"/authors/toth/","name":"Balazs Toth"},{"id":378,"link":"/authors/tourret/","name":"Sophie Tourret"},{"id":379,"link":"/authors/trachtenherz/","name":"David Trachtenherz"},{"id":380,"link":"/authors/traut/","name":"Christoph Traut"},{"id":381,"link":"/authors/traytel/","name":"Dmitriy Traytel"},{"id":382,"link":"/authors/tuong/","name":"Frédéric Tuong"},{"id":383,"link":"/authors/tuongj/","name":"Joseph Tuong"},{"id":384,"link":"/authors/tverdyshev/","name":"Sergey Tverdyshev"},{"id":385,"link":"/authors/ullrich/","name":"Sebastian Ullrich"},{"id":386,"link":"/authors/unruh/","name":"Dominique Unruh"},{"id":387,"link":"/authors/urban/","name":"Christian Urban"},{"id":388,"link":"/authors/van/","name":"Hai Nguyen Van"},{"id":389,"link":"/authors/velykis/","name":"Andrius Velykis"},{"id":390,"link":"/authors/verbeek/","name":"Freek Verbeek"},{"id":391,"link":"/authors/villadsen/","name":"Jørgen Villadsen"},{"id":392,"link":"/authors/voisin/","name":"Frederic Voisin"},{"id":393,"link":"/authors/vytiniotis/","name":"Dimitrios Vytiniotis"},{"id":394,"link":"/authors/wagner/","name":"Max Wagner"},{"id":395,"link":"/authors/waldmann/","name":"Uwe Waldmann"},{"id":396,"link":"/authors/wand/","name":"Daniel Wand"},{"id":397,"link":"/authors/wang/","name":"Shuling Wang"},{"id":398,"link":"/authors/wassell/","name":"Mark Wassell"},{"id":399,"link":"/authors/wasserrab/","name":"Daniel Wasserrab"},{"id":400,"link":"/authors/watt/","name":"Conrad Watt"},{"id":401,"link":"/authors/weber/","name":"Tjark Weber"},{"id":402,"link":"/authors/weerwag/","name":"Timmy Weerwag"},{"id":403,"link":"/authors/weidner/","name":"Arno Wilhelm-Weidner"},{"id":404,"link":"/authors/wenzel/","name":"Makarius Wenzel"},{"id":405,"link":"/authors/wickerson/","name":"John Wickerson"},{"id":406,"link":"/authors/willenbrink/","name":"Sebastian Willenbrink"},{"id":407,"link":"/authors/wimmer/","name":"Simon Wimmer"},{"id":408,"link":"/authors/wirt/","name":"Kai Wirt"},{"id":409,"link":"/authors/wolff/","name":"Burkhart Wolff"},{"id":410,"link":"/authors/wu/","name":"Chunhan Wu"},{"id":411,"link":"/authors/xu/","name":"Jian Xu"},{"id":412,"link":"/authors/yamada/","name":"Akihisa Yamada"},{"id":413,"link":"/authors/ye/","name":"Lina Ye"},{"id":414,"link":"/authors/ying/","name":"Shenggang Ying"},{"id":415,"link":"/authors/yingm/","name":"Mingsheng Ying"},{"id":416,"link":"/authors/yu/","name":"Lei Yu"},{"id":417,"link":"/authors/zankl/","name":"Harald Zankl"},{"id":418,"link":"/authors/zee/","name":"Karen Zee"},{"id":419,"link":"/authors/zeller/","name":"Peter Zeller"},{"id":420,"link":"/authors/zeyda/","name":"Frank Zeyda"},{"id":421,"link":"/authors/zhan/","name":"Bohua Zhan"},{"id":422,"link":"/authors/zhang/","name":"Yu Zhang"},{"id":423,"link":"/authors/zhangx/","name":"Xingyuan Zhang"},{"id":424,"link":"/authors/zhann/","name":"Naijun Zhan"}]
\ No newline at end of file
+[{"id":0,"link":"/authors/abdulaziz/","name":"Mohammad Abdulaziz"},{"id":1,"link":"/authors/adelsberger/","name":"Stephan Adelsberger"},{"id":2,"link":"/authors/aehlig/","name":"Klaus Aehlig"},{"id":3,"link":"/authors/aissat/","name":"Romain Aissat"},{"id":4,"link":"/authors/amani/","name":"Sidney Amani"},{"id":5,"link":"/authors/ammer/","name":"Thomas Ammer"},{"id":6,"link":"/authors/andronick/","name":"June Andronick"},{"id":7,"link":"/authors/aransay/","name":"Jesús Aransay"},{"id":8,"link":"/authors/argyraki/","name":"Angeliki Koutsoukou-Argyraki"},{"id":9,"link":"/authors/armstrong/","name":"Alasdair Armstrong"},{"id":10,"link":"/authors/aspinall/","name":"David Aspinall"},{"id":11,"link":"/authors/ausaf/","name":"Fahad Ausaf"},{"id":12,"link":"/authors/avigad/","name":"Jeremy Avigad"},{"id":13,"link":"/authors/back/","name":"Ralph-Johan Back"},{"id":14,"link":"/authors/balbach/","name":"Frank J. Balbach"},{"id":15,"link":"/authors/ballarin/","name":"Clemens Ballarin"},{"id":16,"link":"/authors/barsotti/","name":"Damián Barsotti"},{"id":17,"link":"/authors/bauer/","name":"Gertrud Bauer"},{"id":18,"link":"/authors/bauereiss/","name":"Thomas Bauereiss"},{"id":19,"link":"/authors/bayer/","name":"Jonas Bayer"},{"id":20,"link":"/authors/becker/","name":"Heiko Becker"},{"id":21,"link":"/authors/beeren/","name":"Joel Beeren"},{"id":22,"link":"/authors/bella/","name":"Giampaolo Bella"},{"id":23,"link":"/authors/bengtson/","name":"Jesper Bengtson"},{"id":24,"link":"/authors/bentkamp/","name":"Alexander Bentkamp"},{"id":25,"link":"/authors/benzmueller/","name":"Christoph Benzmüller"},{"id":26,"link":"/authors/beresford/","name":"Alastair R. Beresford"},{"id":27,"link":"/authors/berghofer/","name":"Stefan Berghofer"},{"id":28,"link":"/authors/beringer/","name":"Lennart Beringer"},{"id":29,"link":"/authors/bharadwaj/","name":"Abhijith Bharadwaj"},{"id":30,"link":"/authors/bhatt/","name":"Bhargav Bhatt"},{"id":31,"link":"/authors/biendarra/","name":"Julian Biendarra"},{"id":32,"link":"/authors/bisping/","name":"Benjamin Bisping"},{"id":33,"link":"/authors/blanchette/","name":"Jasmin Christian Blanchette"},{"id":34,"link":"/authors/blasum/","name":"Holger Blasum"},{"id":35,"link":"/authors/blumson/","name":"Ben Blumson"},{"id":36,"link":"/authors/bockenek/","name":"Joshua Bockenek"},{"id":37,"link":"/authors/boehme/","name":"Sascha Böhme"},{"id":38,"link":"/authors/bohrer/","name":"Rose Bohrer"},{"id":39,"link":"/authors/bordg/","name":"Anthony Bordg"},{"id":40,"link":"/authors/borgstroem/","name":"Johannes Borgström"},{"id":41,"link":"/authors/bortin/","name":"Maksym Bortin"},{"id":42,"link":"/authors/bottesch/","name":"Ralph Bottesch"},{"id":43,"link":"/authors/boulanger/","name":"Frédéric Boulanger"},{"id":44,"link":"/authors/bourke/","name":"Timothy Bourke"},{"id":45,"link":"/authors/boutry/","name":"Pierre Boutry"},{"id":46,"link":"/authors/boyton/","name":"Andrew Boyton"},{"id":47,"link":"/authors/bracevac/","name":"Oliver Bračevac"},{"id":48,"link":"/authors/brandt/","name":"Felix Brandt"},{"id":49,"link":"/authors/breitner/","name":"Joachim Breitner"},{"id":50,"link":"/authors/brien/","name":"Nicolas Robinson-O'Brien"},{"id":51,"link":"/authors/brinkop/","name":"Hauke Brinkop"},{"id":52,"link":"/authors/brodmann/","name":"Paul-David Brodmann"},{"id":53,"link":"/authors/brucker/","name":"Achim D. Brucker"},{"id":54,"link":"/authors/bruegger/","name":"Lukas Brügger"},{"id":55,"link":"/authors/brun/","name":"Matthias Brun"},{"id":56,"link":"/authors/brunner/","name":"Julian Brunner"},{"id":57,"link":"/authors/bulwahn/","name":"Lukas Bulwahn"},{"id":58,"link":"/authors/butler/","name":"David Butler"},{"id":59,"link":"/authors/buyse/","name":"Maxime Buyse"},{"id":60,"link":"/authors/caballero/","name":"José Manuel Rodríguez Caballero"},{"id":61,"link":"/authors/caminati/","name":"Marco B. Caminati"},{"id":62,"link":"/authors/campo/","name":"Alejandro del Campo"},{"id":63,"link":"/authors/chapman/","name":"Peter Chapman"},{"id":64,"link":"/authors/chen/","name":"L. Chen"},{"id":65,"link":"/authors/clouston/","name":"Ranald Clouston"},{"id":66,"link":"/authors/cock/","name":"David Cock"},{"id":67,"link":"/authors/coghetto/","name":"Roland Coghetto"},{"id":68,"link":"/authors/coglio/","name":"Alessandro Coglio"},{"id":69,"link":"/authors/cohen/","name":"Ernie Cohen"},{"id":70,"link":"/authors/cordwell/","name":"Katherine Cordwell"},{"id":71,"link":"/authors/cousin/","name":"Marie Cousin"},{"id":72,"link":"/authors/crighton/","name":"Aaron Crighton"},{"id":73,"link":"/authors/dardinier/","name":"Thibault Dardinier"},{"id":74,"link":"/authors/david/","name":"Marco David"},{"id":75,"link":"/authors/debrat/","name":"Henri Debrat"},{"id":76,"link":"/authors/decova/","name":"Sára Decova"},{"id":77,"link":"/authors/derrick/","name":"John Derrick"},{"id":78,"link":"/authors/desharnais/","name":"Martin Desharnais"},{"id":79,"link":"/authors/diaz/","name":"Javier Díaz"},{"id":80,"link":"/authors/diekmann/","name":"Cornelius Diekmann"},{"id":81,"link":"/authors/dirix/","name":"Stefan Dirix"},{"id":82,"link":"/authors/dittmann/","name":"Christoph Dittmann"},{"id":83,"link":"/authors/divason/","name":"Jose Divasón"},{"id":84,"link":"/authors/doczkal/","name":"Christian Doczkal"},{"id":85,"link":"/authors/dongol/","name":"Brijesh Dongol"},{"id":86,"link":"/authors/doty/","name":"Matthew Doty"},{"id":87,"link":"/authors/dubut/","name":"Jérémy Dubut"},{"id":88,"link":"/authors/dunaev/","name":"Georgy Dunaev"},{"id":89,"link":"/authors/dyckhoff/","name":"Roy Dyckhoff"},{"id":90,"link":"/authors/eberl/","name":"Manuel Eberl"},{"id":91,"link":"/authors/echenim/","name":"Mnacho Echenim"},{"id":92,"link":"/authors/edmonds/","name":"Chelsea Edmonds"},{"id":93,"link":"/authors/engelhardt/","name":"Kai Engelhardt"},{"id":94,"link":"/authors/eriksson/","name":"Lars-Henrik Eriksson"},{"id":95,"link":"/authors/esparza/","name":"Javier Esparza"},{"id":96,"link":"/authors/essmann/","name":"Robin Eßmann"},{"id":97,"link":"/authors/felgenhauer/","name":"Bertram Felgenhauer"},{"id":98,"link":"/authors/feliachi/","name":"Abderrahmane Feliachi"},{"id":99,"link":"/authors/fell/","name":"Julian Fell"},{"id":100,"link":"/authors/fernandez/","name":"Matthew Fernandez"},{"id":101,"link":"/authors/fiedler/","name":"Ben Fiedler"},{"id":102,"link":"/authors/fleuriot/","name":"Jacques D. Fleuriot"},{"id":103,"link":"/authors/fleury/","name":"Mathias Fleury"},{"id":104,"link":"/authors/foster/","name":"Michael Foster"},{"id":105,"link":"/authors/fosterj/","name":"J. Nathan Foster"},{"id":106,"link":"/authors/fosters/","name":"Simon Foster"},{"id":107,"link":"/authors/fouillard/","name":"Valentin Fouillard"},{"id":108,"link":"/authors/friedrich/","name":"Stefan Friedrich"},{"id":109,"link":"/authors/from/","name":"Asta Halkjær From"},{"id":110,"link":"/authors/fuenmayor/","name":"David Fuenmayor"},{"id":111,"link":"/authors/furusawa/","name":"Hitoshi Furusawa"},{"id":112,"link":"/authors/gammie/","name":"Peter Gammie"},{"id":113,"link":"/authors/gao/","name":"Xin Gao"},{"id":114,"link":"/authors/gaudel/","name":"Marie-Claude Gaudel"},{"id":115,"link":"/authors/gay/","name":"Richard Gay"},{"id":116,"link":"/authors/georgescu/","name":"George Georgescu"},{"id":117,"link":"/authors/gheri/","name":"Lorenzo Gheri"},{"id":118,"link":"/authors/ghourabi/","name":"Fadoua Ghourabi"},{"id":119,"link":"/authors/gioiosa/","name":"Gianpaolo Gioiosa"},{"id":120,"link":"/authors/glabbeek/","name":"Rob van Glabbeek"},{"id":121,"link":"/authors/gomes/","name":"Victor B. F. Gomes"},{"id":122,"link":"/authors/gonzalez/","name":"Edgar Gonzàlez"},{"id":123,"link":"/authors/gore/","name":"Rajeev Gore"},{"id":124,"link":"/authors/gouezel/","name":"Sebastien Gouezel"},{"id":125,"link":"/authors/grechuk/","name":"Bogdan Grechuk"},{"id":126,"link":"/authors/grewe/","name":"Sylvia Grewe"},{"id":127,"link":"/authors/griebel/","name":"Simon Griebel"},{"id":128,"link":"/authors/grov/","name":"Gudmund Grov"},{"id":129,"link":"/authors/guerraoui/","name":"Rachid Guerraoui"},{"id":130,"link":"/authors/guiol/","name":"Hervé Guiol"},{"id":131,"link":"/authors/gunther/","name":"Emmanuel Gunther"},{"id":132,"link":"/authors/gutkovas/","name":"Ramunas Gutkovas"},{"id":133,"link":"/authors/guttmann/","name":"Walter Guttmann"},{"id":134,"link":"/authors/haftmann/","name":"Florian Haftmann"},{"id":135,"link":"/authors/haslbeck/","name":"Max W. Haslbeck"},{"id":136,"link":"/authors/haslbeckm/","name":"Maximilian P. L. Haslbeck"},{"id":137,"link":"/authors/havle/","name":"Oto Havle"},{"id":138,"link":"/authors/hayes/","name":"Ian J. Hayes"},{"id":139,"link":"/authors/he/","name":"Yijun He"},{"id":140,"link":"/authors/heimes/","name":"Lukas Heimes"},{"id":141,"link":"/authors/helke/","name":"Steffen Helke"},{"id":142,"link":"/authors/hellauer/","name":"Fabian Hellauer"},{"id":143,"link":"/authors/heller/","name":"Armin Heller"},{"id":144,"link":"/authors/henrio/","name":"Ludovic Henrio"},{"id":145,"link":"/authors/herzberg/","name":"Michael Herzberg"},{"id":146,"link":"/authors/hess/","name":"Andreas V. Hess"},{"id":147,"link":"/authors/hetzl/","name":"Stefan Hetzl"},{"id":148,"link":"/authors/hibon/","name":"Quentin Hibon"},{"id":149,"link":"/authors/hirata/","name":"Michikazu Hirata"},{"id":150,"link":"/authors/hoefner/","name":"Peter Höfner"},{"id":151,"link":"/authors/hoelzl/","name":"Johannes Hölzl"},{"id":152,"link":"/authors/hofmann/","name":"Martin Hofmann"},{"id":153,"link":"/authors/holub/","name":"Štěpán Holub"},{"id":154,"link":"/authors/hosking/","name":"Tony Hosking"},{"id":155,"link":"/authors/hou/","name":"Zhe Hou"},{"id":156,"link":"/authors/hu/","name":"Shuwei Hu"},{"id":157,"link":"/authors/huffman/","name":"Brian Huffman"},{"id":158,"link":"/authors/hupel/","name":"Lars Hupel"},{"id":159,"link":"/authors/ijbema/","name":"Mark Ijbema"},{"id":160,"link":"/authors/immler/","name":"Fabian Immler"},{"id":161,"link":"/authors/ito/","name":"Yosuke Ito"},{"id":162,"link":"/authors/iwama/","name":"Fumiya Iwama"},{"id":163,"link":"/authors/jacobsen/","name":"Frederik Krogsdal Jacobsen"},{"id":164,"link":"/authors/jaskelioff/","name":"Mauro Jaskelioff"},{"id":165,"link":"/authors/jaskolka/","name":"Jason Jaskolka"},{"id":166,"link":"/authors/jensen/","name":"Alexander Birch Jensen"},{"id":167,"link":"/authors/jiang/","name":"Nan Jiang"},{"id":168,"link":"/authors/jiangd/","name":"Dongchen Jiang"},{"id":169,"link":"/authors/joosten/","name":"Sebastiaan J. C. Joosten"},{"id":170,"link":"/authors/jungnickel/","name":"Tim Jungnickel"},{"id":171,"link":"/authors/kadzioka/","name":"Maya Kądziołka"},{"id":172,"link":"/authors/kaliszyk/","name":"Cezary Kaliszyk"},{"id":173,"link":"/authors/kammueller/","name":"Florian Kammüller"},{"id":174,"link":"/authors/kappelmann/","name":"Kevin Kappelmann"},{"id":175,"link":"/authors/karayel/","name":"Emin Karayel"},{"id":176,"link":"/authors/kastermans/","name":"Bart Kastermans"},{"id":177,"link":"/authors/katovsky/","name":"Alexander Katovsky"},{"id":178,"link":"/authors/kaufmann/","name":"Daniela Kaufmann"},{"id":179,"link":"/authors/keefe/","name":"Greg O'Keefe"},{"id":180,"link":"/authors/keinholz/","name":"Jonas Keinholz"},{"id":181,"link":"/authors/kerber/","name":"Manfred Kerber"},{"id":182,"link":"/authors/ketland/","name":"Jeffrey Ketland"},{"id":183,"link":"/authors/kirchner/","name":"Daniel Kirchner"},{"id":184,"link":"/authors/klein/","name":"Gerwin Klein"},{"id":185,"link":"/authors/klenze/","name":"Tobias Klenze"},{"id":186,"link":"/authors/kleppmann/","name":"Martin Kleppmann"},{"id":187,"link":"/authors/kobayashi/","name":"Hidetsune Kobayashi"},{"id":188,"link":"/authors/koerner/","name":"Stefan Körner"},{"id":189,"link":"/authors/kolanski/","name":"Rafal Kolanski"},{"id":190,"link":"/authors/koller/","name":"Lukas Koller"},{"id":191,"link":"/authors/krauss/","name":"Alexander Krauss"},{"id":192,"link":"/authors/kreuzer/","name":"Katharina Kreuzer"},{"id":193,"link":"/authors/kuncak/","name":"Viktor Kuncak"},{"id":194,"link":"/authors/kuncar/","name":"Ondřej Kunčar"},{"id":195,"link":"/authors/kurz/","name":"Friedrich Kurz"},{"id":196,"link":"/authors/lachnitt/","name":"Hanna Lachnitt"},{"id":197,"link":"/authors/lallemand/","name":"Joseph Lallemand"},{"id":198,"link":"/authors/lammich/","name":"Peter Lammich"},{"id":199,"link":"/authors/lange/","name":"Christoph Lange"},{"id":200,"link":"/authors/langenstein/","name":"Bruno Langenstein"},{"id":201,"link":"/authors/lattuada/","name":"Andrea Lattuada"},{"id":202,"link":"/authors/lee/","name":"Holden Lee"},{"id":203,"link":"/authors/leustean/","name":"Laurentiu Leustean"},{"id":204,"link":"/authors/lewis/","name":"Corey Lewis"},{"id":205,"link":"/authors/li/","name":"Wenda Li"},{"id":206,"link":"/authors/lim/","name":"Japheth Lim"},{"id":207,"link":"/authors/lindenberg/","name":"Christina Lindenberg"},{"id":208,"link":"/authors/linker/","name":"Sven Linker"},{"id":209,"link":"/authors/liu/","name":"Junyi Liu"},{"id":210,"link":"/authors/liut/","name":"Tao Liu"},{"id":211,"link":"/authors/liuy/","name":"Yang Liu"},{"id":212,"link":"/authors/liy/","name":"Yangjia Li"},{"id":213,"link":"/authors/lochbihler/","name":"Andreas Lochbihler"},{"id":214,"link":"/authors/lochmann/","name":"Alexander Lochmann"},{"id":215,"link":"/authors/lohner/","name":"Denis Lohner"},{"id":216,"link":"/authors/loibl/","name":"Matthias Loibl"},{"id":217,"link":"/authors/londono/","name":"Alejandro Gómez-Londoño"},{"id":218,"link":"/authors/losa/","name":"Giuliano Losa"},{"id":219,"link":"/authors/lutz/","name":"Bianca Lutz"},{"id":220,"link":"/authors/lux/","name":"Alexander Lux"},{"id":221,"link":"/authors/makarios/","name":"T. J. M. Makarios"},{"id":222,"link":"/authors/maletzky/","name":"Alexander Maletzky"},{"id":223,"link":"/authors/mansky/","name":"Susannah Mansky"},{"id":224,"link":"/authors/mantel/","name":"Heiko Mantel"},{"id":225,"link":"/authors/margetson/","name":"James Margetson"},{"id":226,"link":"/authors/maric/","name":"Ognjen Marić"},{"id":227,"link":"/authors/maricf/","name":"Filip Marić"},{"id":228,"link":"/authors/marmsoler/","name":"Diego Marmsoler"},{"id":229,"link":"/authors/matache/","name":"Cristina Matache"},{"id":230,"link":"/authors/matichuk/","name":"Daniel Matichuk"},{"id":231,"link":"/authors/matiyasevich/","name":"Yuri Matiyasevich"},{"id":232,"link":"/authors/maximova/","name":"Alexandra Maximova"},{"id":233,"link":"/authors/meis/","name":"Rene Meis"},{"id":234,"link":"/authors/merz/","name":"Stephan Merz"},{"id":235,"link":"/authors/messner/","name":"Florian Messner"},{"id":236,"link":"/authors/michaelis/","name":"Julius Michaelis"},{"id":237,"link":"/authors/milehins/","name":"Mihails Milehins"},{"id":238,"link":"/authors/minamide/","name":"Yasuhiko Minamide"},{"id":239,"link":"/authors/mitchell/","name":"Neil Mitchell"},{"id":240,"link":"/authors/mitsch/","name":"Stefan Mitsch"},{"id":241,"link":"/authors/moedersheim/","name":"Sebastian Mödersheim"},{"id":242,"link":"/authors/moeller/","name":"Bernhard Möller"},{"id":243,"link":"/authors/muendler/","name":"Niels Mündler"},{"id":244,"link":"/authors/mulligan/","name":"Dominic P. Mulligan"},{"id":245,"link":"/authors/munive/","name":"Jonathan Julian Huerta y Munive"},{"id":246,"link":"/authors/murao/","name":"H. Murao"},{"id":247,"link":"/authors/murray/","name":"Toby Murray"},{"id":248,"link":"/authors/nagashima/","name":"Yutaka Nagashima"},{"id":249,"link":"/authors/nagele/","name":"Julian Nagele"},{"id":250,"link":"/authors/naraschewski/","name":"Wolfgang Naraschewski"},{"id":251,"link":"/authors/nedzelsky/","name":"Michael Nedzelsky"},{"id":252,"link":"/authors/nemeti/","name":"István Németi"},{"id":253,"link":"/authors/nemouchi/","name":"Yakoub Nemouchi"},{"id":254,"link":"/authors/nestmann/","name":"Uwe Nestmann"},{"id":255,"link":"/authors/neumann/","name":"René Neumann"},{"id":256,"link":"/authors/nielsen/","name":"Finn Nielsen"},{"id":257,"link":"/authors/nikiforov/","name":"Denis Nikiforov"},{"id":258,"link":"/authors/nipkow/","name":"Tobias Nipkow"},{"id":259,"link":"/authors/nishihara/","name":"Toshiaki Nishihara"},{"id":260,"link":"/authors/noce/","name":"Pasquale Noce"},{"id":261,"link":"/authors/nordhoff/","name":"Benedikt Nordhoff"},{"id":262,"link":"/authors/noschinski/","name":"Lars Noschinski"},{"id":263,"link":"/authors/obua/","name":"Steven Obua"},{"id":264,"link":"/authors/ogawa/","name":"Mizuhito Ogawa"},{"id":265,"link":"/authors/oldenburg/","name":"Lennart Oldenburg"},{"id":266,"link":"/authors/olm/","name":"Markus Müller-Olm"},{"id":267,"link":"/authors/oosterhuis/","name":"Roelof Oosterhuis"},{"id":268,"link":"/authors/oostrom/","name":"Vincent van Oostrom"},{"id":269,"link":"/authors/ortner/","name":"Veronika Ortner"},{"id":270,"link":"/authors/overbeek/","name":"Roy Overbeek"},{"id":271,"link":"/authors/pagano/","name":"Miguel Pagano"},{"id":272,"link":"/authors/pal/","name":"Abhik Pal"},{"id":273,"link":"/authors/paleo/","name":"Bruno Woltzenlogel Paleo"},{"id":274,"link":"/authors/palmer/","name":"Jake Palmer"},{"id":275,"link":"/authors/parkinson/","name":"Matthew Parkinson"},{"id":276,"link":"/authors/parrow/","name":"Joachim Parrow"},{"id":277,"link":"/authors/parsert/","name":"Julian Parsert"},{"id":278,"link":"/authors/paulson/","name":"Lawrence C. Paulson"},{"id":279,"link":"/authors/peltier/","name":"Nicolas Peltier"},{"id":280,"link":"/authors/peters/","name":"Kirstin Peters"},{"id":281,"link":"/authors/petrovic/","name":"Danijela Petrovic"},{"id":282,"link":"/authors/pierzchalski/","name":"Edward Pierzchalski"},{"id":283,"link":"/authors/platzer/","name":"André Platzer"},{"id":284,"link":"/authors/pollak/","name":"Florian Pollak"},{"id":285,"link":"/authors/popescu/","name":"Andrei Popescu"},{"id":286,"link":"/authors/porter/","name":"Benjamin Porter"},{"id":287,"link":"/authors/prathamesh/","name":"T.V.H. Prathamesh"},{"id":288,"link":"/authors/preoteasa/","name":"Viorel Preoteasa"},{"id":289,"link":"/authors/pusch/","name":"Cornelia Pusch"},{"id":290,"link":"/authors/rabe/","name":"Markus N. Rabe"},{"id":291,"link":"/authors/raedle/","name":"Jonas Rädle"},{"id":292,"link":"/authors/raska/","name":"Martin Raška"},{"id":293,"link":"/authors/raszyk/","name":"Martin Raszyk"},{"id":294,"link":"/authors/rau/","name":"Martin Rau"},{"id":295,"link":"/authors/rauch/","name":"Nicole Rauch"},{"id":296,"link":"/authors/raumer/","name":"Jakob von Raumer"},{"id":297,"link":"/authors/ravindran/","name":"Binoy Ravindran"},{"id":298,"link":"/authors/rawson/","name":"Michael Rawson"},{"id":299,"link":"/authors/raya/","name":"Rodrigo Raya"},{"id":300,"link":"/authors/regensburger/","name":"Franz Regensburger"},{"id":301,"link":"/authors/reiche/","name":"Sebastian Reiche"},{"id":302,"link":"/authors/reiter/","name":"Markus Reiter"},{"id":303,"link":"/authors/reynaud/","name":"Alban Reynaud"},{"id":304,"link":"/authors/ribeiro/","name":"Pedro Ribeiro"},{"id":305,"link":"/authors/richter/","name":"Stefan Richter"},{"id":306,"link":"/authors/rickmann/","name":"Christina Rickmann"},{"id":307,"link":"/authors/ridge/","name":"Tom Ridge"},{"id":308,"link":"/authors/rizaldi/","name":"Albert Rizaldi"},{"id":309,"link":"/authors/rizkallah/","name":"Christine Rizkallah"},{"id":310,"link":"/authors/robillard/","name":"Simon Robillard"},{"id":311,"link":"/authors/roessle/","name":"Ian Roessle"},{"id":312,"link":"/authors/romanos/","name":"Ralph Romanos"},{"id":313,"link":"/authors/rosskopf/","name":"Simon Roßkopf"},{"id":314,"link":"/authors/rowat/","name":"Colin Rowat"},{"id":315,"link":"/authors/sabouret/","name":"Nicolas Sabouret"},{"id":316,"link":"/authors/sachtleben/","name":"Robert Sachtleben"},{"id":317,"link":"/authors/saile/","name":"Christian Saile"},{"id":318,"link":"/authors/sanan/","name":"David Sanan"},{"id":319,"link":"/authors/sato/","name":"Tetsuya Sato"},{"id":320,"link":"/authors/sauer/","name":"Jens Sauer"},{"id":321,"link":"/authors/schaeffeler/","name":"Maximilian Schäffeler"},{"id":322,"link":"/authors/scharager/","name":"Matias Scharager"},{"id":323,"link":"/authors/schimpf/","name":"Alexander Schimpf"},{"id":324,"link":"/authors/schirmer/","name":"Norbert Schirmer"},{"id":325,"link":"/authors/schleicher/","name":"Dierk Schleicher"},{"id":326,"link":"/authors/schlichtkrull/","name":"Anders Schlichtkrull"},{"id":327,"link":"/authors/schmaltz/","name":"Julien Schmaltz"},{"id":328,"link":"/authors/schmidinger/","name":"Lukas Schmidinger"},{"id":329,"link":"/authors/schmoetten/","name":"Richard Schmoetten"},{"id":330,"link":"/authors/schneider/","name":"Joshua Schneider"},{"id":331,"link":"/authors/schoepe/","name":"Daniel Schoepe"},{"id":332,"link":"/authors/schoepf/","name":"Jonas Schöpf"},{"id":333,"link":"/authors/scott/","name":"Dana Scott"},{"id":334,"link":"/authors/sefidgar/","name":"S. Reza Sefidgar"},{"id":335,"link":"/authors/seidl/","name":"Benedikt Seidl"},{"id":336,"link":"/authors/seidler/","name":"Henning Seidler"},{"id":337,"link":"/authors/sewell/","name":"Thomas Sewell"},{"id":338,"link":"/authors/sickert/","name":"Salomon Sickert"},{"id":339,"link":"/authors/siek/","name":"Jeremy Siek"},{"id":340,"link":"/authors/simic/","name":"Danijela Simić"},{"id":341,"link":"/authors/sison/","name":"Robert Sison"},{"id":342,"link":"/authors/smaus/","name":"Jan-Georg Smaus"},{"id":343,"link":"/authors/smola/","name":"Filip Smola"},{"id":344,"link":"/authors/snelting/","name":"Gregor Snelting"},{"id":345,"link":"/authors/somaini/","name":"Ivano Somaini"},{"id":346,"link":"/authors/somogyi/","name":"Dániel Somogyi"},{"id":347,"link":"/authors/spasic/","name":"Mirko Spasić"},{"id":348,"link":"/authors/spichkova/","name":"Maria Spichkova"},{"id":349,"link":"/authors/sprenger/","name":"Christoph Sprenger"},{"id":350,"link":"/authors/stannett/","name":"Mike Stannett"},{"id":351,"link":"/authors/stark/","name":"Eugene W. Stark"},{"id":352,"link":"/authors/starosta/","name":"Štěpán Starosta"},{"id":353,"link":"/authors/steinberg/","name":"Matías Steinberg"},{"id":354,"link":"/authors/stephan/","name":"Werner Stephan"},{"id":355,"link":"/authors/sternagel/","name":"Christian Sternagel"},{"id":356,"link":"/authors/sternagelt/","name":"Thomas Sternagel"},{"id":357,"link":"/authors/stevens/","name":"Lukas Stevens"},{"id":358,"link":"/authors/stock/","name":"Benedikt Stock"},{"id":359,"link":"/authors/stricker/","name":"Christian Stricker"},{"id":360,"link":"/authors/strnisa/","name":"Rok Strniša"},{"id":361,"link":"/authors/struth/","name":"Georg Struth"},{"id":362,"link":"/authors/stueber/","name":"Anke Stüber"},{"id":363,"link":"/authors/stuewe/","name":"Daniel Stüwe"},{"id":364,"link":"/authors/sudbrock/","name":"Henning Sudbrock"},{"id":365,"link":"/authors/sudhof/","name":"Henry Sudhof"},{"id":366,"link":"/authors/sulejmani/","name":"Ujkan Sulejmani"},{"id":367,"link":"/authors/sylvestre/","name":"Jeremy Sylvestre"},{"id":368,"link":"/authors/taha/","name":"Safouan Taha"},{"id":369,"link":"/authors/tan/","name":"Yong Kiam Tan"},{"id":370,"link":"/authors/tasch/","name":"Markus Tasch"},{"id":371,"link":"/authors/taylor/","name":"Ramsay G. Taylor"},{"id":372,"link":"/authors/terraf/","name":"Pedro Sánchez Terraf"},{"id":373,"link":"/authors/thiemann/","name":"René Thiemann"},{"id":374,"link":"/authors/thommes/","name":"Joseph Thommes"},{"id":375,"link":"/authors/thomson/","name":"Fox Thomson"},{"id":376,"link":"/authors/tiu/","name":"Alwen Tiu"},{"id":377,"link":"/authors/toth/","name":"Balazs Toth"},{"id":378,"link":"/authors/tourret/","name":"Sophie Tourret"},{"id":379,"link":"/authors/trachtenherz/","name":"David Trachtenherz"},{"id":380,"link":"/authors/traut/","name":"Christoph Traut"},{"id":381,"link":"/authors/traytel/","name":"Dmitriy Traytel"},{"id":382,"link":"/authors/trelat/","name":"Vincent Trélat"},{"id":383,"link":"/authors/tuong/","name":"Frédéric Tuong"},{"id":384,"link":"/authors/tuongj/","name":"Joseph Tuong"},{"id":385,"link":"/authors/tverdyshev/","name":"Sergey Tverdyshev"},{"id":386,"link":"/authors/ullrich/","name":"Sebastian Ullrich"},{"id":387,"link":"/authors/unruh/","name":"Dominique Unruh"},{"id":388,"link":"/authors/urban/","name":"Christian Urban"},{"id":389,"link":"/authors/van/","name":"Hai Nguyen Van"},{"id":390,"link":"/authors/velykis/","name":"Andrius Velykis"},{"id":391,"link":"/authors/verbeek/","name":"Freek Verbeek"},{"id":392,"link":"/authors/villadsen/","name":"Jørgen Villadsen"},{"id":393,"link":"/authors/voisin/","name":"Frederic Voisin"},{"id":394,"link":"/authors/vytiniotis/","name":"Dimitrios Vytiniotis"},{"id":395,"link":"/authors/wagner/","name":"Max Wagner"},{"id":396,"link":"/authors/waldmann/","name":"Uwe Waldmann"},{"id":397,"link":"/authors/wand/","name":"Daniel Wand"},{"id":398,"link":"/authors/wang/","name":"Shuling Wang"},{"id":399,"link":"/authors/wassell/","name":"Mark Wassell"},{"id":400,"link":"/authors/wasserrab/","name":"Daniel Wasserrab"},{"id":401,"link":"/authors/watt/","name":"Conrad Watt"},{"id":402,"link":"/authors/weber/","name":"Tjark Weber"},{"id":403,"link":"/authors/weerwag/","name":"Timmy Weerwag"},{"id":404,"link":"/authors/weidner/","name":"Arno Wilhelm-Weidner"},{"id":405,"link":"/authors/wenzel/","name":"Makarius Wenzel"},{"id":406,"link":"/authors/wickerson/","name":"John Wickerson"},{"id":407,"link":"/authors/willenbrink/","name":"Sebastian Willenbrink"},{"id":408,"link":"/authors/wimmer/","name":"Simon Wimmer"},{"id":409,"link":"/authors/wirt/","name":"Kai Wirt"},{"id":410,"link":"/authors/wolff/","name":"Burkhart Wolff"},{"id":411,"link":"/authors/wu/","name":"Chunhan Wu"},{"id":412,"link":"/authors/xu/","name":"Jian Xu"},{"id":413,"link":"/authors/yamada/","name":"Akihisa Yamada"},{"id":414,"link":"/authors/ye/","name":"Lina Ye"},{"id":415,"link":"/authors/ying/","name":"Shenggang Ying"},{"id":416,"link":"/authors/yingm/","name":"Mingsheng Ying"},{"id":417,"link":"/authors/yu/","name":"Lei Yu"},{"id":418,"link":"/authors/zankl/","name":"Harald Zankl"},{"id":419,"link":"/authors/zee/","name":"Karen Zee"},{"id":420,"link":"/authors/zeller/","name":"Peter Zeller"},{"id":421,"link":"/authors/zeyda/","name":"Frank Zeyda"},{"id":422,"link":"/authors/zhan/","name":"Bohua Zhan"},{"id":423,"link":"/authors/zhang/","name":"Yu Zhang"},{"id":424,"link":"/authors/zhangx/","name":"Xingyuan Zhang"},{"id":425,"link":"/authors/zhann/","name":"Naijun Zhan"}]
\ No newline at end of file
diff --git a/web/authors/lammich/index.html b/web/authors/lammich/index.html
--- a/web/authors/lammich/index.html
+++ b/web/authors/lammich/index.html
@@ -1,341 +1,341 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Peter Lammich- Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../authors/lammich/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="lammich" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/lammich/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="lammich"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../"><li >Home</li></a>
<a href="../../topics/"><li >Topics</li></a>
<a href="../../download/"><li >Download</li></a>
<a href="../../help/"><li >Help</li></a>
<a href="../../submission/"><li >Submission</li></a>
<a href="../../statistics/"><li >Statistics</li></a>
<a href="../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>P</span>eter <span class='first'>L</span>ammich</h1>
<div>
</div>
</header><div>
<h2>Homepages 🌐</h2>
<ul><li><a href="http://www21.in.tum.de/~lammich">http://www21.in.tum.de/~lammich</a></li></ul>
<h2>E-Mails 📧</h2>
<ul><li><a class="obfuscated" data="eyJob3N0IjpbImluIiwidHVtIiwiZGUiXSwidXNlciI6WyJsYW1taWNoIl19"><span class="rev">ed</span>.<span class="rev">mut</span>.<span class="rev">ni</span>@<span class="rev">hcimmal</span></a></li></ul>
<h2>Entries</h2><h3 class="head">2021</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Van_Emde_Boas_Trees.html">van Emde Boas Trees</a></h5> <br>by <a href="../../authors/ammer">Thomas Ammer</a> and <a href="../../authors/lammich">Peter Lammich</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/CoCon.html">CoCon: A Confidentiality-Verified Conference Management System</a></h5> <br>by <a href="../../authors/popescu">Andrei Popescu</a> <a href="https://www.andreipopescu.uk">🌐</a>, <a href="../../authors/lammich">Peter Lammich</a> <a class="obfuscated" data="eyJob3N0IjpbImluIiwidHVtIiwiZGUiXSwidXNlciI6WyJsYW1taWNoIl19">📧</a> and <a href="../../authors/bauereiss">Thomas Bauereiss</a> <a class="obfuscated" data="eyJob3N0IjpbImJhdWVyZWlzcyIsIm5hbWUiXSwidXNlciI6WyJ0aG9tYXMiXX0=">📧</a></div>
<span class="date">
Aug 16
</span>
</article>
<h3 class="head">2020</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/AI_Planning_Languages_Semantics.html">AI Planning Languages Semantics</a></h5> <br>by <a href="../../authors/abdulaziz">Mohammad Abdulaziz</a> <a href="http://home.in.tum.de/~mansour/">🌐</a> and <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a></div>
<span class="date">
Oct 29
</span>
</article>
<h3 class="head">2019</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/VerifyThis2019.html">VerifyThis 2019 -- Polished Isabelle Solutions</a></h5> <br>by <a href="../../authors/lammich">Peter Lammich</a> and <a href="../../authors/wimmer">Simon Wimmer</a> <a href="http://home.in.tum.de/~wimmers/">🌐</a></div>
<span class="date">
Oct 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Prim_Dijkstra_Simple.html">Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra</a></h5> <br>by <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/nipkow">Tobias Nipkow</a> <a href="https://www.in.tum.de/~nipkow/">🌐</a></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Priority_Search_Trees.html">Priority Search Trees</a></h5> <br>by <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/nipkow">Tobias Nipkow</a> <a href="https://www.in.tum.de/~nipkow/">🌐</a></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Kruskal.html">Kruskal&#39;s Algorithm for Minimum Spanning Forest</a></h5> <br>by <a href="../../authors/haslbeckm">Maximilian P. L. Haslbeck</a> <a href="http://in.tum.de/~haslbema/">🌐</a>, <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/biendarra">Julian Biendarra</a></div>
<span class="date">
Feb 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/IMP2.html">IMP2 – Simple Program Verification in Isabelle/HOL</a></h5> <br>by <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/wimmer">Simon Wimmer</a> <a href="http://home.in.tum.de/~wimmers/">🌐</a></div>
<span class="date">
Jan 15
</span>
</article>
<h3 class="head">2018</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/VerifyThis2018.html">VerifyThis 2018 - Polished Isabelle Solutions</a></h5> <br>by <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/wimmer">Simon Wimmer</a> <a href="http://home.in.tum.de/~wimmers/">🌐</a></div>
<span class="date">
Apr 27
</span>
</article>
<h3 class="head">2017</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Knuth_Morris_Pratt.html">The string search algorithm by Knuth, Morris and Pratt</a></h5> <br>by <a href="../../authors/hellauer">Fabian Hellauer</a> <a class="obfuscated" data="eyJob3N0IjpbImluIiwidHVtIiwiZGUiXSwidXNlciI6WyJoZWxsYXVlciJdfQ==">📧</a> and <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a></div>
<span class="date">
Dec 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Prpu_Maxflow.html">Formalizing Push-Relabel Algorithms</a></h5> <br>by <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Flow_Networks.html">Flow Networks and the Min-Cut-Max-Flow Theorem</a></h5> <br>by <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Floyd_Warshall.html">The Floyd-Warshall Algorithm for Shortest Paths</a></h5> <br>by <a href="../../authors/wimmer">Simon Wimmer</a> <a href="http://home.in.tum.de/~wimmers/">🌐</a> and <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a></div>
<span class="date">
May 08
</span>
</article>
<h3 class="head">2016</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/EdmondsKarp_Maxflow.html">Formalizing the Edmonds-Karp Algorithm</a></h5> <br>by <a href="../../authors/lammich">Peter Lammich</a> <a class="obfuscated" data="eyJob3N0IjpbImluIiwidHVtIiwiZGUiXSwidXNlciI6WyJsYW1taWNoIl19">📧</a> and <a href="../../authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Refine_Imperative_HOL.html">The Imperative Refinement Framework</a></h5> <br>by <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/DFS_Framework.html">A Framework for Verifying Depth-First Search Algorithms</a></h5> <br>by <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/neumann">René Neumann</a> <a class="obfuscated" data="eyJob3N0IjpbImluIiwidHVtIiwiZGUiXSwidXNlciI6WyJyZW5lIiwibmV1bWFubiJdfQ==">📧</a></div>
<span class="date">
Jul 05
</span>
</article>
<article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/ROBDD.html">Algorithms for Reduced Ordered Binary Decision Diagrams</a></h5> <br>by <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a>, <a href="../../authors/haslbeck">Max W. Haslbeck</a> <a href="http://cl-informatik.uibk.ac.at/users/mhaslbeck/">🌐</a>, <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a></div>
+ <h5><a class="title" href="../../entries/ROBDD.html">Algorithms for Reduced Ordered Binary Decision Diagrams</a></h5> <br>by <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a>, <a href="../../authors/haslbeck">Max W. Haslbeck</a> <a href="http://cl-informatik.uibk.ac.at/users/mhaslbeck/">🌐</a>, <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
Apr 27
</span>
</article>
<h3 class="head">2014</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Gabow_SCC.html">Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</a></h5> <br>by <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/CAVA_Automata.html">The CAVA Automata Library</a></h5> <br>by <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/LTL_to_GBA.html">Converting Linear-Time Temporal Logic to Generalized Büchi Automata</a></h5> <br>by <a href="../../authors/schimpf">Alexander Schimpf</a> <a class="obfuscated" data="eyJob3N0IjpbImluZm9ybWF0aWsiLCJ1bmktZnJlaWJ1cmciLCJkZSJdLCJ1c2VyIjpbInNjaGltcGZhIl19">📧</a> and <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/CAVA_LTL_Modelchecker.html">A Fully Verified Executable LTL Model Checker</a></h5> <br>by <a href="../../authors/esparza">Javier Esparza</a> <a href="https://www7.in.tum.de/~esparza/">🌐</a>, <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a>, <a href="../../authors/neumann">René Neumann</a> <a class="obfuscated" data="eyJob3N0IjpbImluIiwidHVtIiwiZGUiXSwidXNlciI6WyJyZW5lIiwibmV1bWFubiJdfQ==">📧</a>, <a href="../../authors/nipkow">Tobias Nipkow</a> <a href="https://www.in.tum.de/~nipkow/">🌐</a>, <a href="../../authors/schimpf">Alexander Schimpf</a> <a class="obfuscated" data="eyJob3N0IjpbImluZm9ybWF0aWsiLCJ1bmktZnJlaWJ1cmciLCJkZSJdLCJ1c2VyIjpbInNjaGltcGZhIl19">📧</a> and <a href="../../authors/smaus">Jan-Georg Smaus</a> <a href="http://www.irit.fr/~Jan-Georg.Smaus">🌐</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Bounded_Deducibility_Security.html">Bounded-Deducibility Security</a></h5> <br>by <a href="../../authors/popescu">Andrei Popescu</a> <a href="https://www.andreipopescu.uk">🌐</a>, <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/bauereiss">Thomas Bauereiss</a> <a class="obfuscated" data="eyJob3N0IjpbImJhdWVyZWlzcyIsIm5hbWUiXSwidXNlciI6WyJ0aG9tYXMiXX0=">📧</a></div>
<span class="date">
Apr 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/HyperCTL.html">A shallow embedding of HyperCTL*</a></h5> <br>by <a href="../../authors/rabe">Markus N. Rabe</a> <a href="http://www.react.uni-saarland.de/people/rabe.html">🌐</a>, <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/popescu">Andrei Popescu</a> <a href="https://www.andreipopescu.uk">🌐</a></div>
<span class="date">
Apr 16
</span>
</article>
<h3 class="head">2013</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Automatic_Refinement.html">Automatic Data Refinement</a></h5> <br>by <a href="../../authors/lammich">Peter Lammich</a> <a class="obfuscated" data="eyJob3N0IjpbImluIiwidHVtIiwiZGUiXSwidXNlciI6WyJsYW1taWNoIl19">📧</a></div>
<span class="date">
Oct 02
</span>
</article>
<h3 class="head">2012</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Separation_Logic_Imperative_HOL.html">A Separation Logic Framework for Imperative HOL</a></h5> <br>by <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/meis">Rene Meis</a> <a class="obfuscated" data="eyJob3N0IjpbInVuaS1kdWUiLCJkZSJdLCJ1c2VyIjpbInJlbmUiLCJtZWlzIl19">📧</a></div>
<span class="date">
Nov 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Refine_Monadic.html">Refinement for Monadic Programs</a></h5> <br>by <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a></div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Dijkstra_Shortest_Path.html">Dijkstra&#39;s Shortest Path Algorithm</a></h5> <br>by <a href="../../authors/nordhoff">Benedikt Nordhoff</a> <a class="obfuscated" data="eyJob3N0IjpbInd3dSIsImRlIl0sInVzZXIiOlsiYiIsIm4iXX0=">📧</a> and <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a></div>
<span class="date">
Jan 30
</span>
</article>
<h3 class="head">2010</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Finger-Trees.html">Finger Trees</a></h5> <br>by <a href="../../authors/nordhoff">Benedikt Nordhoff</a> <a class="obfuscated" data="eyJob3N0IjpbInVuaS1tdWVuc3RlciIsImRlIl0sInVzZXIiOlsiYl9ub3JkMDEiXX0=">📧</a>, <a href="../../authors/koerner">Stefan Körner</a> <a class="obfuscated" data="eyJob3N0IjpbInVuaS1tdWVuc3RlciIsImRlIl0sInVzZXIiOlsic19rb2VyMDMiXX0=">📧</a> and <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Binomial-Heaps.html">Binomial Heaps and Skew Binomial Heaps</a></h5> <br>by <a href="../../authors/meis">Rene Meis</a> <a class="obfuscated" data="eyJob3N0IjpbInVuaS1tdWVuc3RlciIsImRlIl0sInVzZXIiOlsicmVuZSIsIm1laXMiXX0=">📧</a>, <a href="../../authors/nielsen">Finn Nielsen</a> <a class="obfuscated" data="eyJob3N0IjpbInVuaS1tdWVuc3RlciIsImRlIl0sInVzZXIiOlsiZmlubiIsIm5pZWxzZW4iXX0=">📧</a> and <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a></div>
<span class="date">
Oct 28
</span>
</article>
<h3 class="head">2009</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Tree-Automata.html">Tree Automata</a></h5> <br>by <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a></div>
<span class="date">
Nov 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Collections.html">Collections Framework</a></h5> <br>by <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a></div>
<span class="date">
Nov 25
</span>
</article>
<h3 class="head">2007</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Program-Conflict-Analysis.html">Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors</a></h5> <br>by <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/olm">Markus Müller-Olm</a> <a href="http://cs.uni-muenster.de/u/mmo/">🌐</a></div>
<span class="date">
Dec 14
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/merz/index.html b/web/authors/merz/index.html
--- a/web/authors/merz/index.html
+++ b/web/authors/merz/index.html
@@ -1,124 +1,136 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Stephan Merz- Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../authors/merz/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="merz" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/merz/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="merz"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../"><li >Home</li></a>
<a href="../../topics/"><li >Topics</li></a>
<a href="../../download/"><li >Download</li></a>
<a href="../../help/"><li >Help</li></a>
<a href="../../submission/"><li >Submission</li></a>
<a href="../../statistics/"><li >Statistics</li></a>
<a href="../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>S</span>tephan <span class='first'>M</span>erz</h1>
<div>
</div>
</header><div>
<h2>Homepages 🌐</h2>
<ul><li><a href="http://www.loria.fr/~merz">http://www.loria.fr/~merz</a></li></ul>
+<h2>E-Mails 📧</h2>
+<ul><li><a class="obfuscated" data="eyJob3N0IjpbImxvcmlhIiwiZnIiXSwidXNlciI6WyJTdGVwaGFuIiwiTWVyeiJdfQ=="><span class="rev">rf</span>.<span class="rev">airol</span>@<span class="rev">zreM</span>.<span class="rev">nahpetS</span></a></li></ul>
-<h2>Entries</h2><h3 class="head">2012</h3><article class="entry">
+
+<h2>Entries</h2><h3 class="head">2022</h3><article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../entries/SCC_Bloemen_Sequential.html">Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</a></h5> <br>by <a href="../../authors/merz">Stephan Merz</a> <a class="obfuscated" data="eyJob3N0IjpbImxvcmlhIiwiZnIiXSwidXNlciI6WyJTdGVwaGFuIiwiTWVyeiJdfQ==">📧</a> and <a href="../../authors/trelat">Vincent Trélat</a> <a class="obfuscated" data="eyJob3N0IjpbImRlcGluZm9uYW5jeSIsIm5ldCJdLCJ1c2VyIjpbInZpbmNlbnQiLCJ0cmVsYXQiXX0=">📧</a></div>
+ <span class="date">
+ Aug 17
+ </span>
+</article>
+
+
+<h3 class="head">2012</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Heard_Of.html">Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model</a></h5> <br>by <a href="../../authors/debrat">Henri Debrat</a> <a class="obfuscated" data="eyJob3N0IjpbImxvcmlhIiwiZnIiXSwidXNlciI6WyJoZW5yaSIsImRlYnJhdCJdfQ==">📧</a> and <a href="../../authors/merz">Stephan Merz</a> <a href="http://www.loria.fr/~merz">🌐</a></div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Stuttering_Equivalence.html">Stuttering Equivalence</a></h5> <br>by <a href="../../authors/merz">Stephan Merz</a> <a href="http://www.loria.fr/~merz">🌐</a></div>
<span class="date">
May 07
</span>
</article>
<h3 class="head">2011</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/TLA.html">A Definitional Encoding of TLA* in Isabelle/HOL</a></h5> <br>by <a href="../../authors/grov">Gudmund Grov</a> <a href="http://homepages.inf.ed.ac.uk/ggrov">🌐</a> and <a href="../../authors/merz">Stephan Merz</a> <a href="http://www.loria.fr/~merz">🌐</a></div>
<span class="date">
Nov 19
</span>
</article>
<h3 class="head">2005</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/DiskPaxos.html">Proving the Correctness of Disk Paxos</a></h5> <br>by <a href="../../authors/jaskelioff">Mauro Jaskelioff</a> <a href="http://www.fceia.unr.edu.ar/~mauro/">🌐</a> and <a href="../../authors/merz">Stephan Merz</a> <a href="http://www.loria.fr/~merz">🌐</a></div>
<span class="date">
Jun 22
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/merz/index.xml b/web/authors/merz/index.xml
--- a/web/authors/merz/index.xml
+++ b/web/authors/merz/index.xml
@@ -1,47 +1,56 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>merz on Archive of Formal Proofs</title>
<link>/authors/merz/</link>
<description>Recent content in merz on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Fri, 27 Jul 2012 00:00:00 +0000</lastBuildDate><atom:link href="/authors/merz/index.xml" rel="self" type="application/rss+xml" />
+ <lastBuildDate>Wed, 17 Aug 2022 00:00:00 +0000</lastBuildDate><atom:link href="/authors/merz/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</title>
+ <link>/entries/SCC_Bloemen_Sequential.html</link>
+ <pubDate>Wed, 17 Aug 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/SCC_Bloemen_Sequential.html</guid>
+ <description></description>
+ </item>
+
<item>
<title>Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model</title>
<link>/entries/Heard_Of.html</link>
<pubDate>Fri, 27 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/Heard_Of.html</guid>
<description></description>
</item>
<item>
<title>Stuttering Equivalence</title>
<link>/entries/Stuttering_Equivalence.html</link>
<pubDate>Mon, 07 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Stuttering_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>A Definitional Encoding of TLA* in Isabelle/HOL</title>
<link>/entries/TLA.html</link>
<pubDate>Sat, 19 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/TLA.html</guid>
<description></description>
</item>
<item>
<title>Proving the Correctness of Disk Paxos</title>
<link>/entries/DiskPaxos.html</link>
<pubDate>Wed, 22 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/DiskPaxos.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/authors/michaelis/index.html b/web/authors/michaelis/index.html
--- a/web/authors/michaelis/index.html
+++ b/web/authors/michaelis/index.html
@@ -1,145 +1,145 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Julius Michaelis- Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../authors/michaelis/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="michaelis" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/michaelis/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="michaelis"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../"><li >Home</li></a>
<a href="../../topics/"><li >Topics</li></a>
<a href="../../download/"><li >Download</li></a>
<a href="../../help/"><li >Help</li></a>
<a href="../../submission/"><li >Submission</li></a>
<a href="../../statistics/"><li >Statistics</li></a>
<a href="../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>J</span>ulius <span class='first'>M</span>ichaelis</h1>
<div>
</div>
</header><div>
<h2>Homepages 🌐</h2>
<ul><li><a href="http://liftm.de/">http://liftm.de/</a></li></ul>
<h2>Entries</h2><h3 class="head">2021</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Simplicial_complexes_and_boolean_functions.html">Simplicial Complexes and Boolean functions</a></h5> <br>by <a href="../../authors/aransay">Jesús Aransay</a> <a href="https://www.unirioja.es/cu/jearansa">🌐</a>, <a href="../../authors/campo">Alejandro del Campo</a> <a class="obfuscated" data="eyJob3N0IjpbImFsdW0iLCJ1bmlyaW9qYSIsImVzIl0sInVzZXIiOlsiYWxlamFuZHJvIiwiZGVsLWNhbXBvIl19">📧</a> and <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a></div>
<span class="date">
Nov 29
</span>
</article>
<h3 class="head">2017</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Propositional_Proof_Systems.html">Propositional Proof Systems</a></h5> <br>by <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a> and <a href="../../authors/nipkow">Tobias Nipkow</a> <a href="https://www.in.tum.de/~nipkow/">🌐</a></div>
<span class="date">
Jun 21
</span>
</article>
<h3 class="head">2016</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/LOFT.html">LOFT — Verified Migration of Linux Firewalls to SDN</a></h5> <br>by <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a> and <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a></div>
<span class="date">
Oct 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Routing.html">Routing</a></h5> <br>by <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a> and <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Simple_Firewall.html">Simple Firewall</a></h5> <br>by <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a>, <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a> and <a href="../../authors/haslbeck">Max W. Haslbeck</a> <a href="http://cl-informatik.uibk.ac.at/users/mhaslbeck/">🌐</a></div>
<span class="date">
Aug 24
</span>
</article>
<article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/IP_Addresses.html">IP Addresses</a></h5> <br>by <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a>, <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a></div>
+ <h5><a class="title" href="../../entries/IP_Addresses.html">IP Addresses</a></h5> <br>by <a href="../../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a>, <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
Jun 28
</span>
</article>
<article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/ROBDD.html">Algorithms for Reduced Ordered Binary Decision Diagrams</a></h5> <br>by <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a>, <a href="../../authors/haslbeck">Max W. Haslbeck</a> <a href="http://cl-informatik.uibk.ac.at/users/mhaslbeck/">🌐</a>, <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a></div>
+ <h5><a class="title" href="../../entries/ROBDD.html">Algorithms for Reduced Ordered Binary Decision Diagrams</a></h5> <br>by <a href="../../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a>, <a href="../../authors/haslbeck">Max W. Haslbeck</a> <a href="http://cl-informatik.uibk.ac.at/users/mhaslbeck/">🌐</a>, <a href="../../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
Apr 27
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/raedle/index.html b/web/authors/raedle/index.html
--- a/web/authors/raedle/index.html
+++ b/web/authors/raedle/index.html
@@ -1,108 +1,108 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Jonas Rädle- Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../authors/raedle/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="raedle" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/raedle/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="raedle"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../"><li >Home</li></a>
<a href="../../topics/"><li >Topics</li></a>
<a href="../../download/"><li >Download</li></a>
<a href="../../help/"><li >Help</li></a>
<a href="../../submission/"><li >Submission</li></a>
<a href="../../statistics/"><li >Statistics</li></a>
<a href="../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>J</span>onas <span class='first'>R</span>ädle</h1>
<div>
</div>
</header><div>
<h2>E-Mails 📧</h2>
<ul><li><a class="obfuscated" data="eyJob3N0IjpbImdtYWlsIiwiY29tIl0sInVzZXIiOlsiam9uYXMiLCJyYWVkbGUiXX0="><span class="rev">moc</span>.<span class="rev">liamg</span>@<span class="rev">eldear</span>.<span class="rev">sanoj</span></a></li><li><a class="obfuscated" data="eyJob3N0IjpbInR1bSIsImRlIl0sInVzZXIiOlsiam9uYXMiLCJyYWVkbGUiXX0="><span class="rev">ed</span>.<span class="rev">mut</span>@<span class="rev">eldear</span>.<span class="rev">sanoj</span></a></li></ul>
<h2>Entries</h2><h3 class="head">2018</h3><article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/Generic_Deriving.html">Deriving generic class instances for datatypes</a></h5> <br>by <a href="../../authors/raedle">Jonas Rädle</a> <a class="obfuscated" data="eyJob3N0IjpbImdtYWlsIiwiY29tIl0sInVzZXIiOlsiam9uYXMiLCJyYWVkbGUiXX0=">📧</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a></div>
+ <h5><a class="title" href="../../entries/Generic_Deriving.html">Deriving generic class instances for datatypes</a></h5> <br>by <a href="../../authors/raedle">Jonas Rädle</a> <a class="obfuscated" data="eyJob3N0IjpbImdtYWlsIiwiY29tIl0sInVzZXIiOlsiam9uYXMiLCJyYWVkbGUiXX0=">📧</a> and <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a></div>
<span class="date">
Nov 06
</span>
</article>
<h3 class="head">2017</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Orbit_Stabiliser.html">Orbit-Stabiliser Theorem with Application to Rotational Symmetries</a></h5> <br>by <a href="../../authors/raedle">Jonas Rädle</a> <a class="obfuscated" data="eyJob3N0IjpbInR1bSIsImRlIl0sInVzZXIiOlsiam9uYXMiLCJyYWVkbGUiXX0=">📧</a></div>
<span class="date">
Aug 20
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/trelat/index.html b/web/authors/trelat/index.html
new file mode 100644
--- /dev/null
+++ b/web/authors/trelat/index.html
@@ -0,0 +1,99 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>Vincent Trélat- Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../authors/trelat/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="trelat" />
+<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
+<meta property="og:type" content="website" />
+<meta property="og:url" content="/authors/trelat/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
+
+<meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="trelat"/>
+<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
+
+
+ <link rel="stylesheet" type="text/css" href="../../css/front.min.css">
+
+ <link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
+ <script src="../../js/flexsearch.bundle.js"></script>
+ <script src="../../js/scroll-spy.js"></script>
+ <script src="../../js/theory.js"></script>
+ <script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
+</head>
+
+
+<body class='mathjax_ignore '>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+
+ <a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
+ <nav id="menu">
+ <div>
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+ <ul>
+ <a href="../../"><li >Home</li></a>
+ <a href="../../topics/"><li >Topics</li></a>
+ <a href="../../download/"><li >Download</li></a>
+ <a href="../../help/"><li >Help</li></a>
+ <a href="../../submission/"><li >Submission</li></a>
+ <a href="../../statistics/"><li >Statistics</li></a>
+ <a href="../../about/"><li >About</li></a>
+ </ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+
+ <div
+ class='content '><header>
+ <form autocomplete="off" action="../../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1 >
+ <span class='first'>V</span>incent <span class='first'>T</span>rélat</h1>
+ <div>
+
+
+
+ </div>
+</header><div>
+
+<h2>E-Mails 📧</h2>
+<ul><li><a class="obfuscated" data="eyJob3N0IjpbImRlcGluZm9uYW5jeSIsIm5ldCJdLCJ1c2VyIjpbInZpbmNlbnQiLCJ0cmVsYXQiXX0="><span class="rev">ten</span>.<span class="rev">ycnanofniped</span>@<span class="rev">talert</span>.<span class="rev">tnecniv</span></a></li></ul>
+
+
+<h2>Entries</h2><h3 class="head">2022</h3><article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../entries/SCC_Bloemen_Sequential.html">Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</a></h5> <br>by <a href="../../authors/merz">Stephan Merz</a> <a class="obfuscated" data="eyJob3N0IjpbImxvcmlhIiwiZnIiXSwidXNlciI6WyJTdGVwaGFuIiwiTWVyeiJdfQ==">📧</a> and <a href="../../authors/trelat">Vincent Trélat</a> <a class="obfuscated" data="eyJob3N0IjpbImRlcGluZm9uYW5jeSIsIm5ldCJdLCJ1c2VyIjpbInZpbmNlbnQiLCJ0cmVsYXQiXX0=">📧</a></div>
+ <span class="date">
+ Aug 17
+ </span>
+</article>
+
+
+
+
+ </div>
+ </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/web/authors/trelat/index.xml b/web/authors/trelat/index.xml
new file mode 100644
--- /dev/null
+++ b/web/authors/trelat/index.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?>
+<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
+ <channel>
+ <title>trelat on Archive of Formal Proofs</title>
+ <link>/authors/trelat/</link>
+ <description>Recent content in trelat on Archive of Formal Proofs</description>
+ <generator>Hugo -- gohugo.io</generator>
+ <language>en-gb</language>
+ <lastBuildDate>Wed, 17 Aug 2022 00:00:00 +0000</lastBuildDate><atom:link href="/authors/trelat/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</title>
+ <link>/entries/SCC_Bloemen_Sequential.html</link>
+ <pubDate>Wed, 17 Aug 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/SCC_Bloemen_Sequential.html</guid>
+ <description></description>
+ </item>
+
+ </channel>
+</rss>
diff --git a/web/authors/villadsen/index.html b/web/authors/villadsen/index.html
--- a/web/authors/villadsen/index.html
+++ b/web/authors/villadsen/index.html
@@ -1,108 +1,117 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Jørgen Villadsen- Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../authors/villadsen/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="villadsen" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/villadsen/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="villadsen"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../"><li >Home</li></a>
<a href="../../topics/"><li >Topics</li></a>
<a href="../../download/"><li >Download</li></a>
<a href="../../help/"><li >Help</li></a>
<a href="../../submission/"><li >Submission</li></a>
<a href="../../statistics/"><li >Statistics</li></a>
<a href="../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>J</span>ørgen <span class='first'>V</span>illadsen</h1>
<div>
</div>
</header><div>
<h2>Homepages 🌐</h2>
<ul><li><a href="https://people.compute.dtu.dk/jovi/">https://people.compute.dtu.dk/jovi/</a></li></ul>
-<h2>Entries</h2><h3 class="head">2017</h3><article class="entry">
+<h2>Entries</h2><h3 class="head">2022</h3><article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../entries/Implicational_Logic.html">Soundness and Completeness of Implicational Logic</a></h5> <br>by <a href="../../authors/from">Asta Halkjær From</a> <a href="https://people.compute.dtu.dk/ahfrom/">🌐</a> and <a href="../../authors/villadsen">Jørgen Villadsen</a> <a href="https://people.compute.dtu.dk/jovi/">🌐</a></div>
+ <span class="date">
+ Sep 13
+ </span>
+</article>
+
+
+<h3 class="head">2017</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/FOL_Harrison.html">First-Order Logic According to Harrison</a></h5> <br>by <a href="../../authors/jensen">Alexander Birch Jensen</a> <a href="https://people.compute.dtu.dk/aleje/">🌐</a>, <a href="../../authors/schlichtkrull">Anders Schlichtkrull</a> <a href="https://people.compute.dtu.dk/andschl/">🌐</a> and <a href="../../authors/villadsen">Jørgen Villadsen</a> <a href="https://people.compute.dtu.dk/jovi/">🌐</a></div>
<span class="date">
Jan 01
</span>
</article>
<h3 class="head">2016</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Paraconsistency.html">Paraconsistency</a></h5> <br>by <a href="../../authors/schlichtkrull">Anders Schlichtkrull</a> <a href="https://people.compute.dtu.dk/andschl/">🌐</a> and <a href="../../authors/villadsen">Jørgen Villadsen</a> <a href="https://people.compute.dtu.dk/jovi/">🌐</a></div>
<span class="date">
Dec 07
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/villadsen/index.xml b/web/authors/villadsen/index.xml
--- a/web/authors/villadsen/index.xml
+++ b/web/authors/villadsen/index.xml
@@ -1,29 +1,38 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>villadsen on Archive of Formal Proofs</title>
<link>/authors/villadsen/</link>
<description>Recent content in villadsen on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Sun, 01 Jan 2017 00:00:00 +0000</lastBuildDate><atom:link href="/authors/villadsen/index.xml" rel="self" type="application/rss+xml" />
+ <lastBuildDate>Tue, 13 Sep 2022 00:00:00 +0000</lastBuildDate><atom:link href="/authors/villadsen/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Soundness and Completeness of Implicational Logic</title>
+ <link>/entries/Implicational_Logic.html</link>
+ <pubDate>Tue, 13 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Implicational_Logic.html</guid>
+ <description></description>
+ </item>
+
<item>
<title>First-Order Logic According to Harrison</title>
<link>/entries/FOL_Harrison.html</link>
<pubDate>Sun, 01 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Harrison.html</guid>
<description></description>
</item>
<item>
<title>Paraconsistency</title>
<link>/entries/Paraconsistency.html</link>
<pubDate>Wed, 07 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Paraconsistency.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/authors/zhang/index.html b/web/authors/zhang/index.html
--- a/web/authors/zhang/index.html
+++ b/web/authors/zhang/index.html
@@ -1,96 +1,96 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Yu Zhang- Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../authors/zhang/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="zhang" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/zhang/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="zhang"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../"><li >Home</li></a>
<a href="../../topics/"><li >Topics</li></a>
<a href="../../download/"><li >Download</li></a>
<a href="../../help/"><li >Help</li></a>
<a href="../../submission/"><li >Submission</li></a>
<a href="../../statistics/"><li >Statistics</li></a>
<a href="../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>Y</span>u <span class='first'>Z</span>hang</h1>
<div>
</div>
</header><div>
<h2>Entries</h2><h3 class="head">2018</h3><article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../entries/CakeML.html">CakeML</a></h5> <br>by <a href="../../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a> and <a href="../../authors/zhang">Yu Zhang</a></div>
+ <h5><a class="title" href="../../entries/CakeML.html">CakeML</a></h5> <br>by <a href="../../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a> and <a href="../../authors/zhang">Yu Zhang</a></div>
<span class="date">
Mar 12
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/data/keywords.json b/web/data/keywords.json
--- a/web/data/keywords.json
+++ b/web/data/keywords.json
@@ -1,11142 +1,11234 @@
[{"id": 0,
"keyword": "declarative first-order prover"},
{"id": 1,
"keyword": "fusc function"},
{"id": 2,
"keyword": "enabled transitions"},
{"id": 3,
"keyword": "node labeled 1"},
{"id": 4,
"keyword": "arbitrary user"},
{"id": 5,
"keyword": "abstract automata types"},
{"id": 6,
"keyword": "ground tree transducers"},
{"id": 7,
"keyword": "homogeneous linear diophantine equations"},
{"id": 8,
"keyword": "canonical matrix form"},
{"id": 9,
"keyword": "computation models"},
{"id": 10,
"keyword": "primes"},
{"id": 11,
"keyword": "underlying decision procedure"},
{"id": 12,
"keyword": "alpha"},
{"id": 13,
"keyword": "stanford encyclopedia"},
{"id": 14,
"keyword": "macaulay matrices"},
{"id": 15,
"keyword": "excluding point sequences"},
{"id": 16,
"keyword": "combinatorial argument"},
{"id": 17,
"keyword": "basic geometric properties"},
{"id": 18,
"keyword": "hash functions"},
{"id": 19,
"keyword": "randomised binary search trees"},
{"id": 20,
"keyword": "markov decision processes"},
{"id": 21,
"keyword": "itp-2015 peter lammich"},
{"id": 22,
"keyword": "word equations"},
{"id": 23,
"keyword": "special combination"},
{"id": 24,
"keyword": "qualitative applications"},
{"id": 25,
"keyword": "signed words"},
{"id": 26,
"keyword": "invariant generation"},
{"id": 27,
"keyword": "fast iterative algorithm"},
{"id": 28,
"keyword": "lens laws"},
{"id": 29,
"keyword": "nodes labeled"},
{"id": 30,
"keyword": "protocol transcript"},
{"id": 31,
"keyword": "formalizing compiler transformations"},
{"id": 32,
"keyword": "common set"},
{"id": 33,
"keyword": "deterministic state machine"},
{"id": 34,
"keyword": "generate executable code"},
{"id": 35,
"keyword": "application programming interface"},
{"id": 36,
"keyword": "superposition rules"},
{"id": 37,
"keyword": "context-free languages"},
{"id": 38,
"keyword": "model satisfies"},
{"id": 39,
"keyword": "achieve consensus"},
{"id": 40,
"keyword": "exception compilation scheme"},
{"id": 41,
"keyword": "fixed arbitrary length"},
{"id": 42,
"keyword": "security property"},
{"id": 43,
"keyword": "totient function phi"},
{"id": 44,
"keyword": "verify theorems"},
{"id": 45,
"keyword": "poplmark challenge designed"},
{"id": 46,
"keyword": "finite closed semantic tree"},
{"id": 47,
"keyword": "saturation theorem proving"},
{"id": 48,
"keyword": "unification algorithm"},
{"id": 49,
"keyword": "complicated translation layer"},
{"id": 50,
"keyword": "chords intersect"},
{"id": 51,
"keyword": "deliverable d31"},
{"id": 52,
"keyword": "generate human-readable secav proofs"},
{"id": 53,
"keyword": "constructor calls occuring"},
{"id": 54,
"keyword": "ciphertext attacks"},
{"id": 55,
"keyword": "del"},
{"id": 56,
"keyword": "model total correctness"},
{"id": 57,
"keyword": "ramsey theory"},
{"id": 58,
"keyword": "effectful computations"},
{"id": 59,
"keyword": "lazy sequences"},
{"id": 60,
"keyword": "underlying graph"},
{"id": 61,
"keyword": "algebraic setting"},
{"id": 62,
"keyword": "resulting code"},
{"id": 63,
"keyword": "method called separata"},
{"id": 64,
"keyword": "technische universit"},
{"id": 65,
"keyword": "publisher subscriber pattern"},
{"id": 66,
"keyword": "completeness proof"},
{"id": 67,
"keyword": "function spaces"},
{"id": 68,
"keyword": "inference step"},
{"id": 69,
"keyword": "package logic"},
{"id": 70,
"keyword": "minimal unsatisfiable cores"},
{"id": 71,
"keyword": "compositional theory"},
{"id": 72,
"keyword": "programming languages sml"},
{"id": 73,
"keyword": "residuated transition system"},
{"id": 74,
"keyword": "quotient construction"},
{"id": 75,
"keyword": "monadic language"},
{"id": 76,
"keyword": "discrete"},
{"id": 77,
"keyword": "deductive system"},
{"id": 78,
"keyword": "store buffer"},
{"id": 79,
"keyword": "optimized variant"},
{"id": 80,
"keyword": "target-language expression"},
{"id": 81,
"keyword": "refinement-based theorem proving approach"},
{"id": 82,
"keyword": "cyclic groups"},
{"id": 83,
"keyword": "formal puiseux series"},
{"id": 84,
"keyword": "replicated growable array"},
{"id": 85,
"keyword": "axiomatic network model"},
{"id": 86,
"keyword": "lifting invariants"},
{"id": 87,
"keyword": "finite games"},
{"id": 88,
"keyword": "work focuses"},
{"id": 89,
"keyword": "detects unsatisfiability"},
{"id": 90,
"keyword": "unifies previous formalisations"},
{"id": 91,
"keyword": "semantic model"},
{"id": 92,
"keyword": "important classes"},
{"id": 93,
"keyword": "ground resolution"},
{"id": 94,
"keyword": "accesses memory locations"},
{"id": 95,
"keyword": "alternatives"},
{"id": 96,
"keyword": "linux-based router"},
{"id": 97,
"keyword": "counit natural transformations"},
{"id": 98,
"keyword": "simple compilation function"},
{"id": 99,
"keyword": "check high-level security goals"},
{"id": 100,
"keyword": "specific isomorphism expressing"},
{"id": 101,
"keyword": "computation traces"},
{"id": 102,
"keyword": "floating-point arithmetic"},
{"id": 103,
"keyword": "power sum polynomials"},
{"id": 104,
"keyword": "efficient binary search"},
{"id": 105,
"keyword": "application"},
{"id": 106,
"keyword": "dependent security type system"},
{"id": 107,
"keyword": "regular algebra hierarchy"},
{"id": 108,
"keyword": "recursive fashion"},
{"id": 109,
"keyword": "traditional query plan optimizations"},
{"id": 110,
"keyword": "employs reasoning"},
{"id": 111,
"keyword": "universal tool"},
{"id": 112,
"keyword": "detailed description"},
{"id": 113,
"keyword": "hol function"},
{"id": 114,
"keyword": "real roots"},
{"id": 115,
"keyword": "abrupt termination"},
{"id": 116,
"keyword": "theology"},
{"id": 117,
"keyword": "coinductive natural numbers"},
{"id": 118,
"keyword": "mutually-recursive definition"},
{"id": 119,
"keyword": "exotic terms"},
{"id": 120,
"keyword": "conference certified programs"},
{"id": 121,
"keyword": "graph lemma quantifies"},
{"id": 122,
"keyword": "complementary semigroups"},
{"id": 123,
"keyword": "encoding function"},
{"id": 124,
"keyword": "division algorithms"},
{"id": 125,
"keyword": "fixed prime"},
{"id": 126,
"keyword": "separate afp entry"},
{"id": 127,
"keyword": "integrated memory models"},
{"id": 128,
"keyword": "avl trees"},
{"id": 129,
"keyword": "theorem relates"},
{"id": 130,
"keyword": "custom induction rules"},
{"id": 131,
"keyword": "interdisciplinary project"},
{"id": 132,
"keyword": "effective procedure"},
{"id": 133,
"keyword": "uniform semantic substrate"},
{"id": 134,
"keyword": "simulation-based proofs"},
{"id": 135,
"keyword": "number"},
{"id": 136,
"keyword": "basic definitions"},
{"id": 137,
"keyword": "stepwise refinement"},
{"id": 138,
"keyword": "kleene relation algebras"},
{"id": 139,
"keyword": "implemented tail recursively"},
{"id": 140,
"keyword": "high efficiency"},
{"id": 141,
"keyword": "implement translation functions"},
{"id": 142,
"keyword": "secure messaging channel established"},
{"id": 143,
"keyword": "executable code"},
{"id": 144,
"keyword": "church-style simply-typed"},
{"id": 145,
"keyword": "uniquely determined polynomial combination"},
{"id": 146,
"keyword": "efficient variable-length codes"},
{"id": 147,
"keyword": "proof reuses"},
{"id": 148,
"keyword": "assertoric syllogistic"},
{"id": 149,
"keyword": "simple graphs"},
{"id": 150,
"keyword": "careful presentation"},
{"id": 151,
"keyword": "inductive unwinding theorem"},
{"id": 152,
"keyword": "completely subsumes"},
{"id": 153,
"keyword": "klein-beltrami model"},
{"id": 154,
"keyword": "timed coordination"},
{"id": 155,
"keyword": "factoring algorithm"},
{"id": 156,
"keyword": "software tool"},
{"id": 157,
"keyword": "fully corrupted"},
{"id": 158,
"keyword": "reverse post order number"},
{"id": 159,
"keyword": "-dimensional cube"},
{"id": 160,
"keyword": "recursive procedures"},
{"id": 161,
"keyword": "easily generate elements"},
{"id": 162,
"keyword": "data types"},
{"id": 163,
"keyword": "sat solver written"},
{"id": 164,
"keyword": "orthogonal transformations"},
{"id": 165,
"keyword": "input lists"},
{"id": 166,
"keyword": "algebras based"},
{"id": 167,
"keyword": "higher-order functions"},
{"id": 168,
"keyword": "memory resolve"},
{"id": 169,
"keyword": "bound depends"},
{"id": 170,
"keyword": "authorized path"},
{"id": 171,
"keyword": "niederreiter"},
{"id": 172,
"keyword": "guard protocols"},
{"id": 173,
"keyword": "derangements formula describes"},
{"id": 174,
"keyword": "general properties"},
{"id": 175,
"keyword": "partially filled"},
{"id": 176,
"keyword": "solve clique"},
{"id": 177,
"keyword": "kleene normal form"},
{"id": 178,
"keyword": "processing components"},
{"id": 179,
"keyword": "neutral absolute space"},
{"id": 180,
"keyword": "left part"},
{"id": 181,
"keyword": "component behavior"},
{"id": 182,
+"keyword": "distributing interest"},
+{"id": 183,
"keyword": "bisimilarity coincides"},
-{"id": 183,
-"keyword": "abstract hilbert-style"},
{"id": 184,
-"keyword": "finite types"},
+"keyword": "abstract hilbert-style"},
{"id": 185,
+"keyword": "finite types"},
+{"id": 186,
"keyword": "decides language emptiness"},
-{"id": 186,
+{"id": 187,
"keyword": "semantic annotations"},
-{"id": 187,
+{"id": 188,
"keyword": "lift universally quantified equations"},
-{"id": 188,
-"keyword": "synchronous step semantics"},
{"id": 189,
-"keyword": "afp entry accessible"},
+"keyword": "synchronous step semantics"},
{"id": 190,
+"keyword": "afp entry accessible"},
+{"id": 191,
"keyword": "compositional analysis"},
-{"id": 191,
-"keyword": "handle binding"},
{"id": 192,
+"keyword": "handle binding"},
+{"id": 193,
"keyword": "quantifier elimination procedures"},
-{"id": 193,
-"keyword": "fairly extensive set"},
{"id": 194,
-"keyword": "network"},
+"keyword": "fairly extensive set"},
{"id": 195,
+"keyword": "network"},
+{"id": 196,
"keyword": "strong law"},
-{"id": 196,
-"keyword": "separation logic"},
{"id": 197,
-"keyword": "confidentiality verification"},
+"keyword": "separation logic"},
{"id": 198,
+"keyword": "confidentiality verification"},
+{"id": 199,
"keyword": "automatic search"},
-{"id": 199,
+{"id": 200,
"keyword": "important meta-theoretic results"},
-{"id": 200,
+{"id": 201,
"keyword": "cartesian category"},
-{"id": 201,
+{"id": 202,
"keyword": "dedicated encoding"},
-{"id": 202,
+{"id": 203,
"keyword": "beth hintikka style"},
-{"id": 203,
+{"id": 204,
"keyword": "university-level computer science curriculum"},
-{"id": 204,
+{"id": 205,
"keyword": "transitive class"},
-{"id": 205,
+{"id": 206,
"keyword": "quantum measurements"},
-{"id": 206,
-"keyword": "enable easy integration"},
{"id": 207,
-"keyword": "free variables"},
+"keyword": "enable easy integration"},
{"id": 208,
+"keyword": "free variables"},
+{"id": 209,
"keyword": "checking c1-information"},
-{"id": 209,
+{"id": 210,
"keyword": "binding sequences"},
-{"id": 210,
+{"id": 211,
"keyword": "full automation"},
-{"id": 211,
+{"id": 212,
"keyword": "fixed bound"},
-{"id": 212,
+{"id": 213,
"keyword": "basis reduction algorithm"},
-{"id": 213,
+{"id": 214,
"keyword": "unsorted list deterministically"},
-{"id": 214,
+{"id": 215,
"keyword": "boolean functions"},
-{"id": 215,
+{"id": 216,
"keyword": "support"},
-{"id": 216,
+{"id": 217,
"keyword": "mathcal"},
-{"id": 217,
+{"id": 218,
"keyword": "main goal"},
-{"id": 218,
+{"id": 219,
"keyword": "gale stewart theorem"},
-{"id": 219,
-"keyword": "combinatorial proof"},
{"id": 220,
+"keyword": "combinatorial proof"},
+{"id": 221,
"keyword": "monadic second-order logic"},
-{"id": 221,
+{"id": 222,
"keyword": "preservation lemmas"},
-{"id": 222,
+{"id": 223,
"keyword": "finite symbolic execution graph"},
-{"id": 223,
+{"id": 224,
"keyword": "compiler rewrite rules"},
-{"id": 224,
+{"id": 225,
"keyword": "conditions"},
-{"id": 225,
+{"id": 226,
"keyword": "conditional equality operators"},
-{"id": 226,
+{"id": 227,
"keyword": "binary tree"},
-{"id": 227,
-"keyword": "executable framework"},
{"id": 228,
-"keyword": "final states"},
+"keyword": "executable framework"},
{"id": 229,
+"keyword": "final states"},
+{"id": 230,
"keyword": "simple firewall model"},
-{"id": 230,
+{"id": 231,
"keyword": "simply transforms"},
-{"id": 231,
+{"id": 232,
"keyword": "conclude wrong results"},
-{"id": 232,
+{"id": 233,
"keyword": "embedded logic"},
-{"id": 233,
+{"id": 234,
"keyword": "o-automata framework"},
-{"id": 234,
+{"id": 235,
"keyword": "semantical representation"},
-{"id": 235,
+{"id": 236,
"keyword": "basic file operations"},
-{"id": 236,
+{"id": 237,
"keyword": "point-wise reasoning"},
-{"id": 237,
+{"id": 238,
"keyword": "generalized multiset ordering"},
-{"id": 238,
+{"id": 239,
"keyword": "numerous instances"},
-{"id": 239,
+{"id": 240,
"keyword": "run construction rules"},
-{"id": 240,
-"keyword": "semantic engine"},
{"id": 241,
-"keyword": "global context transformations"},
+"keyword": "semantic engine"},
{"id": 242,
+"keyword": "global context transformations"},
+{"id": 243,
"keyword": "cutting truncating sets"},
-{"id": 243,
-"keyword": "industrial separation kernel"},
{"id": 244,
+"keyword": "industrial separation kernel"},
+{"id": 245,
"keyword": "existing afp-entry"},
-{"id": 245,
-"keyword": "sufficiently efficient"},
{"id": 246,
-"keyword": "holcf package"},
+"keyword": "sufficiently efficient"},
{"id": 247,
+"keyword": "holcf package"},
+{"id": 248,
"keyword": "linear ordered fields"},
-{"id": 248,
-"keyword": "hancl asserting"},
{"id": 249,
-"keyword": "concurrent choice"},
+"keyword": "hancl asserting"},
{"id": 250,
+"keyword": "concurrent choice"},
+{"id": 251,
"keyword": "normalisation procedures"},
-{"id": 251,
+{"id": 252,
"keyword": "abstract algorithms closely"},
-{"id": 252,
+{"id": 253,
"keyword": "algebraic closure"},
-{"id": 253,
+{"id": 254,
"keyword": "cycle matroid"},
-{"id": 254,
+{"id": 255,
"keyword": "term occurring"},
-{"id": 255,
+{"id": 256,
+"keyword": "arbitrary ring"},
+{"id": 257,
"keyword": "concrete protocols variants"},
-{"id": 256,
+{"id": 258,
"keyword": "carrier set"},
-{"id": 257,
+{"id": 259,
"keyword": "compositional algorithm exploits acyclicity"},
-{"id": 258,
+{"id": 260,
"keyword": "refinement techniques"},
-{"id": 259,
+{"id": 261,
"keyword": "bayesian regression presented"},
-{"id": 260,
-"keyword": "natural transformations simply"},
-{"id": 261,
-"keyword": "continuous functions"},
{"id": 262,
+"keyword": "natural transformations simply"},
+{"id": 263,
+"keyword": "continuous functions"},
+{"id": 264,
"keyword": "possibilistic noninterference afp entry"},
-{"id": 263,
+{"id": 265,
"keyword": "target language"},
-{"id": 264,
+{"id": 266,
"keyword": "require guardedness up-"},
-{"id": 265,
+{"id": 267,
"keyword": "elementary proof exist"},
-{"id": 266,
+{"id": 268,
"keyword": "linear algebra libraries"},
-{"id": 267,
+{"id": 269,
"keyword": "profound formalism"},
-{"id": 268,
-"keyword": "exchanging data"},
-{"id": 269,
-"keyword": "braun trees"},
{"id": 270,
-"keyword": "fully connected subgraph"},
+"keyword": "exchanging data"},
{"id": 271,
+"keyword": "braun trees"},
+{"id": 272,
+"keyword": "fully connected subgraph"},
+{"id": 273,
"keyword": "existing secav system"},
-{"id": 272,
+{"id": 274,
"keyword": "non-negative real matrix"},
-{"id": 273,
+{"id": 275,
"keyword": "proof assistant coq"},
-{"id": 274,
+{"id": 276,
"keyword": "static program analysis"},
-{"id": 275,
+{"id": 277,
"keyword": "standard superposition calculus corresponds"},
-{"id": 276,
+{"id": 278,
"keyword": "contact gerwin"},
-{"id": 277,
+{"id": 279,
"keyword": "algorithm factors polynomials"},
-{"id": 278,
+{"id": 280,
"keyword": "subresultant polynomial remainder sequence"},
-{"id": 279,
+{"id": 281,
"keyword": "ipurge unwinding theorem"},
-{"id": 280,
+{"id": 282,
"keyword": "rabin automata"},
-{"id": 281,
-"keyword": "time domain"},
-{"id": 282,
-"keyword": "code rate"},
{"id": 283,
-"keyword": "stochastic matrix"},
+"keyword": "time domain"},
{"id": 284,
-"keyword": "analyze similar algorithms"},
+"keyword": "code rate"},
{"id": 285,
-"keyword": "short explanation"},
+"keyword": "stochastic matrix"},
{"id": 286,
-"keyword": "negative integers"},
+"keyword": "analyze similar algorithms"},
{"id": 287,
-"keyword": "prime number theorem builds"},
+"keyword": "short explanation"},
{"id": 288,
-"keyword": "routing policies"},
+"keyword": "negative integers"},
{"id": 289,
+"keyword": "prime number theorem builds"},
+{"id": 290,
+"keyword": "routing policies"},
+{"id": 291,
"keyword": "research project"},
-{"id": 290,
+{"id": 292,
"keyword": "field extensions"},
-{"id": 291,
-"keyword": "invariant based programming"},
-{"id": 292,
-"keyword": "development longer"},
{"id": 293,
-"keyword": "polynomial sequences"},
+"keyword": "invariant based programming"},
{"id": 294,
-"keyword": "automatically calculated"},
+"keyword": "development longer"},
{"id": 295,
-"keyword": "practical algebraic calculus"},
+"keyword": "polynomial sequences"},
{"id": 296,
-"keyword": "kind mapped"},
+"keyword": "automatically calculated"},
{"id": 297,
-"keyword": "cambridge lecture notes topics"},
+"keyword": "practical algebraic calculus"},
{"id": 298,
-"keyword": "maximum element"},
+"keyword": "kind mapped"},
{"id": 299,
-"keyword": "solved deterministically"},
+"keyword": "cambridge lecture notes topics"},
{"id": 300,
-"keyword": "under-approximate relational logic"},
+"keyword": "maximum element"},
{"id": 301,
-"keyword": "fixed points"},
+"keyword": "solved deterministically"},
{"id": 302,
+"keyword": "under-approximate relational logic"},
+{"id": 303,
+"keyword": "fixed points"},
+{"id": 304,
"keyword": "ring theory development"},
-{"id": 303,
+{"id": 305,
"keyword": "direct formalisation"},
-{"id": 304,
+{"id": 306,
"keyword": "suitably extending paulson"},
-{"id": 305,
-"keyword": "theorems hold"},
-{"id": 306,
-"keyword": "small step operational semantics"},
{"id": 307,
-"keyword": "constant upper bound"},
+"keyword": "theorems hold"},
{"id": 308,
-"keyword": "verifying network security policies"},
+"keyword": "separation logic theory"},
{"id": 309,
-"keyword": "key contribution"},
+"keyword": "small step operational semantics"},
{"id": 310,
+"keyword": "constant upper bound"},
+{"id": 311,
+"keyword": "verifying network security policies"},
+{"id": 312,
+"keyword": "key contribution"},
+{"id": 313,
"keyword": "herbrand universe"},
-{"id": 311,
+{"id": 314,
"keyword": "class-free constants"},
-{"id": 312,
+{"id": 315,
"keyword": "slightly extended"},
-{"id": 313,
+{"id": 316,
"keyword": "separation logic framework"},
-{"id": 314,
-"keyword": "component-based development approach"},
-{"id": 315,
-"keyword": "previously unknown paradox"},
-{"id": 316,
-"keyword": "homomorphic functions"},
{"id": 317,
-"keyword": "type class system"},
+"keyword": "component-based development approach"},
{"id": 318,
-"keyword": "radical expressions"},
+"keyword": "previously unknown paradox"},
{"id": 319,
-"keyword": "client-side javascript programs"},
+"keyword": "homomorphic functions"},
{"id": 320,
-"keyword": "excluding cubic axioms"},
+"keyword": "type class system"},
{"id": 321,
-"keyword": "concrete reachable states"},
+"keyword": "radical expressions"},
{"id": 322,
-"keyword": "euclidean domains"},
+"keyword": "client-side javascript programs"},
{"id": 323,
+"keyword": "excluding cubic axioms"},
+{"id": 324,
+"keyword": "concrete reachable states"},
+{"id": 325,
+"keyword": "euclidean domains"},
+{"id": 326,
"keyword": "conversion functions"},
-{"id": 324,
+{"id": 327,
"keyword": "diophantine sets"},
-{"id": 325,
-"keyword": "important concepts"},
-{"id": 326,
-"keyword": "finite state machines"},
-{"id": 327,
-"keyword": "factorization algorithms"},
{"id": 328,
-"keyword": "abstract reference specification"},
+"keyword": "important concepts"},
{"id": 329,
-"keyword": "mark 1 machine"},
+"keyword": "finite state machines"},
{"id": 330,
-"keyword": "applies induction"},
+"keyword": "factorization algorithms"},
{"id": 331,
-"keyword": "itp 2017 paper"},
+"keyword": "abstract reference specification"},
{"id": 332,
-"keyword": "article titled"},
+"keyword": "mark 1 machine"},
{"id": 333,
-"keyword": "replacement rule"},
+"keyword": "applies induction"},
{"id": 334,
+"keyword": "itp 2017 paper"},
+{"id": 335,
+"keyword": "article titled"},
+{"id": 336,
+"keyword": "replacement rule"},
+{"id": 337,
"keyword": "respect stream equivalence"},
-{"id": 335,
+{"id": 338,
"keyword": "purely functional implementation based"},
-{"id": 336,
+{"id": 339,
"keyword": "affine scheme"},
-{"id": 337,
+{"id": 340,
"keyword": "native sequential consistency"},
-{"id": 338,
+{"id": 341,
"keyword": "non-deterministic languages"},
-{"id": 339,
+{"id": 342,
"keyword": "dom revealed numerous invariants"},
-{"id": 340,
+{"id": 343,
"keyword": "falsely claims"},
-{"id": 341,
+{"id": 344,
"keyword": "future articles"},
-{"id": 342,
+{"id": 345,
"keyword": "non-elementary worst-case blow-"},
-{"id": 343,
+{"id": 346,
"keyword": "ascending priority"},
-{"id": 344,
+{"id": 347,
"keyword": "abstract syntax"},
-{"id": 345,
+{"id": 348,
"keyword": "logics"},
-{"id": 346,
+{"id": 349,
"keyword": "random"},
-{"id": 347,
+{"id": 350,
"keyword": "verified code"},
-{"id": 348,
+{"id": 351,
"keyword": "extension theorem employing terminology"},
-{"id": 349,
+{"id": 352,
"keyword": "features monadic types"},
-{"id": 350,
+{"id": 353,
"keyword": "goto rule"},
-{"id": 351,
-"keyword": "ruzsa triangle inequality"},
-{"id": 352,
-"keyword": "high-level specification language jml"},
-{"id": 353,
-"keyword": "routh-hurwitz stability criterion"},
{"id": 354,
-"keyword": "single-source shortest path problem"},
+"keyword": "ruzsa triangle inequality"},
{"id": 355,
+"keyword": "high-level specification language jml"},
+{"id": 356,
+"keyword": "routh-hurwitz stability criterion"},
+{"id": 357,
+"keyword": "single-source shortest path problem"},
+{"id": 358,
"keyword": "monadic refinement framework"},
-{"id": 356,
+{"id": 359,
"keyword": "datatypes generated"},
-{"id": 357,
+{"id": 360,
"keyword": "significant confidentiality theorems"},
-{"id": 358,
+{"id": 361,
"keyword": "identified inconsistencies"},
-{"id": 359,
+{"id": 362,
"keyword": "extremal graph theory"},
-{"id": 360,
+{"id": 363,
"keyword": "bnfcc structure"},
-{"id": 361,
+{"id": 364,
"keyword": "flow saturates"},
-{"id": 362,
+{"id": 365,
"keyword": "acceptance rejection decisions"},
-{"id": 363,
+{"id": 366,
"keyword": "main motivation"},
-{"id": 364,
+{"id": 367,
"keyword": "van oostrom"},
-{"id": 365,
+{"id": 368,
"keyword": "probability larger"},
-{"id": 366,
+{"id": 369,
"keyword": "approximation polynomial based"},
-{"id": 367,
-"keyword": "compositionality results"},
-{"id": 368,
-"keyword": "implemented tactics"},
-{"id": 369,
-"keyword": "strictly increasing"},
{"id": 370,
-"keyword": "formally connect"},
+"keyword": "compositionality results"},
{"id": 371,
-"keyword": "clean development"},
+"keyword": "implemented tactics"},
{"id": 372,
-"keyword": "vincent rahli"},
+"keyword": "strictly increasing"},
{"id": 373,
+"keyword": "formally connect"},
+{"id": 374,
+"keyword": "clean development"},
+{"id": 375,
+"keyword": "vincent rahli"},
+{"id": 376,
"keyword": "inherently based"},
-{"id": 374,
+{"id": 377,
"keyword": "probabilistic model checking"},
-{"id": 375,
+{"id": 378,
+"keyword": "abstract ledger supporting"},
+{"id": 379,
"keyword": "common criteria full abstraction"},
-{"id": 376,
-"keyword": "client-side web applications"},
-{"id": 377,
-"keyword": "standard types"},
-{"id": 378,
-"keyword": "represents dominators"},
-{"id": 379,
-"keyword": "graph node"},
{"id": 380,
-"keyword": "sequentially consistent"},
+"keyword": "client-side web applications"},
{"id": 381,
-"keyword": "rely quotient"},
+"keyword": "standard types"},
{"id": 382,
-"keyword": "rose bohrer"},
+"keyword": "represents dominators"},
{"id": 383,
-"keyword": "model refinement"},
+"keyword": "graph node"},
{"id": 384,
-"keyword": "probabilistic behaviour"},
+"keyword": "sequentially consistent"},
{"id": 385,
-"keyword": "function satisfies"},
+"keyword": "rely quotient"},
{"id": 386,
-"keyword": "spectral theorem states"},
+"keyword": "rose bohrer"},
{"id": 387,
-"keyword": "symmetry property"},
+"keyword": "model refinement"},
{"id": 388,
-"keyword": "amortized logarithmic complexity"},
+"keyword": "probabilistic behaviour"},
{"id": 389,
-"keyword": "detailed proof steps"},
+"keyword": "function satisfies"},
{"id": 390,
-"keyword": "book markov decision processes"},
+"keyword": "spectral theorem states"},
{"id": 391,
-"keyword": "equivalent forms"},
+"keyword": "symmetry property"},
{"id": 392,
-"keyword": "tree automata technique"},
+"keyword": "amortized logarithmic complexity"},
{"id": 393,
-"keyword": "verification tools"},
+"keyword": "detailed proof steps"},
{"id": 394,
+"keyword": "book markov decision processes"},
+{"id": 395,
+"keyword": "equivalent forms"},
+{"id": 396,
+"keyword": "tree automata technique"},
+{"id": 397,
+"keyword": "verification tools"},
+{"id": 398,
"keyword": "applicative expressions"},
-{"id": 395,
+{"id": 399,
"keyword": "sdss random dictatorship"},
-{"id": 396,
+{"id": 400,
"keyword": "forward packets"},
-{"id": 397,
-"keyword": "sturm proof method"},
-{"id": 398,
-"keyword": "formulas obtained"},
-{"id": 399,
-"keyword": "incredible proof machine"},
-{"id": 400,
-"keyword": "multiplication"},
{"id": 401,
-"keyword": "real-world protocol"},
+"keyword": "sturm proof method"},
{"id": 402,
-"keyword": "ba12 mordechai ben-ari"},
+"keyword": "formulas obtained"},
{"id": 403,
-"keyword": "paper verified construction"},
+"keyword": "incredible proof machine"},
{"id": 404,
-"keyword": "weighted graphs"},
+"keyword": "multiplication"},
{"id": 405,
-"keyword": "jinja source code semantics"},
+"keyword": "real-world protocol"},
{"id": 406,
-"keyword": "important consequences"},
+"keyword": "ba12 mordechai ben-ari"},
{"id": 407,
-"keyword": "hol"},
+"keyword": "paper verified construction"},
{"id": 408,
-"keyword": "avoid circular reasoning"},
+"keyword": "weighted graphs"},
{"id": 409,
-"keyword": "multiple oblivious transfer"},
+"keyword": "jinja source code semantics"},
{"id": 410,
-"keyword": "consideration admits"},
+"keyword": "important consequences"},
{"id": 411,
-"keyword": "abductive reasoning"},
+"keyword": "hol"},
{"id": 412,
-"keyword": "facilitating developments"},
+"keyword": "avoid circular reasoning"},
{"id": 413,
-"keyword": "base set"},
+"keyword": "multiple oblivious transfer"},
{"id": 414,
-"keyword": "coinductive terminated lists"},
+"keyword": "consideration admits"},
{"id": 415,
-"keyword": "bor vka"},
+"keyword": "abductive reasoning"},
{"id": 416,
-"keyword": "functor composition"},
+"keyword": "facilitating developments"},
{"id": 417,
-"keyword": "dedekind cuts"},
+"keyword": "base set"},
{"id": 418,
+"keyword": "coinductive terminated lists"},
+{"id": 419,
+"keyword": "bor vka"},
+{"id": 420,
+"keyword": "functor composition"},
+{"id": 421,
+"keyword": "dedekind cuts"},
+{"id": 422,
"keyword": "mathematical structures"},
-{"id": 419,
+{"id": 423,
"keyword": "253--269 cpp-2016 peter lammich"},
-{"id": 420,
+{"id": 424,
"keyword": "previous work"},
-{"id": 421,
+{"id": 425,
"keyword": "temporal specification technique"},
-{"id": 422,
+{"id": 426,
+"keyword": "closed formulas"},
+{"id": 427,
"keyword": "fol theories extending"},
-{"id": 423,
+{"id": 428,
"keyword": "control flow graph"},
-{"id": 424,
+{"id": 429,
"keyword": "allowing formal reasoning"},
-{"id": 425,
+{"id": 430,
"keyword": "collection semantics"},
-{"id": 426,
+{"id": 431,
"keyword": "non-deterministic monad"},
-{"id": 427,
+{"id": 432,
"keyword": "predicate"},
-{"id": 428,
+{"id": 433,
"keyword": "partly commented"},
-{"id": 429,
+{"id": 434,
"keyword": "related theorem"},
-{"id": 430,
+{"id": 435,
"keyword": "john wickerson"},
-{"id": 431,
+{"id": 436,
"keyword": "formally verified solver"},
-{"id": 432,
+{"id": 437,
"keyword": "subsumption order"},
-{"id": 433,
+{"id": 438,
"keyword": "write alpha"},
-{"id": 434,
+{"id": 439,
"keyword": "afp article amortized complexity"},
-{"id": 435,
+{"id": 440,
"keyword": "recursive fast fourier transform"},
-{"id": 436,
+{"id": 441,
"keyword": "automata classes"},
-{"id": 437,
+{"id": 442,
"keyword": "current compression formats"},
-{"id": 438,
+{"id": 443,
"keyword": "minimum weight basis"},
-{"id": 439,
+{"id": 444,
"keyword": "real numbers"},
-{"id": 440,
+{"id": 445,
"keyword": "larry paulson"},
-{"id": 441,
+{"id": 446,
"keyword": "completely factorize real"},
-{"id": 442,
+{"id": 447,
"keyword": "networking protocols"},
-{"id": 443,
+{"id": 448,
"keyword": "filtered sets"},
-{"id": 444,
+{"id": 449,
"keyword": "communicating sequential processes"},
-{"id": 445,
+{"id": 450,
"keyword": "fisher yates algorithm"},
-{"id": 446,
+{"id": 451,
"keyword": "basic elements"},
-{"id": 447,
+{"id": 452,
"keyword": "uniquely distinguish quantum states"},
-{"id": 448,
+{"id": 453,
"keyword": "alternate binomial theorem statement"},
-{"id": 449,
-"keyword": "perfect logicians forbidden"},
-{"id": 450,
-"keyword": "complete test generation algorithms"},
-{"id": 451,
-"keyword": "verified heap functions"},
-{"id": 452,
-"keyword": "pace secure channel"},
-{"id": 453,
-"keyword": "coefficient functions"},
{"id": 454,
-"keyword": "rule induction"},
+"keyword": "perfect logicians forbidden"},
{"id": 455,
-"keyword": "evaluating cauchy indices"},
+"keyword": "complete test generation algorithms"},
{"id": 456,
-"keyword": "ground totality"},
+"keyword": "verified heap functions"},
{"id": 457,
-"keyword": "generalizes sutherland"},
+"keyword": "pace secure channel"},
{"id": 458,
-"keyword": "advanced algorithms"},
+"keyword": "coefficient functions"},
{"id": 459,
-"keyword": "word power"},
+"keyword": "rule induction"},
{"id": 460,
+"keyword": "evaluating cauchy indices"},
+{"id": 461,
+"keyword": "ground totality"},
+{"id": 462,
+"keyword": "generalizes sutherland"},
+{"id": 463,
+"keyword": "advanced algorithms"},
+{"id": 464,
+"keyword": "word power"},
+{"id": 465,
"keyword": "information processing letters 29"},
-{"id": 461,
+{"id": 466,
"keyword": "possibilistic information-flow security properties"},
-{"id": 462,
+{"id": 467,
"keyword": "stream fusion"},
-{"id": 463,
+{"id": 468,
"keyword": "general geometric facts"},
-{"id": 464,
+{"id": 469,
"keyword": "efficient structures"},
-{"id": 465,
+{"id": 470,
"keyword": "concrete functors"},
-{"id": 466,
+{"id": 471,
"keyword": "algebraic formalization end"},
-{"id": 467,
+{"id": 472,
+"keyword": "lending funds"},
+{"id": 473,
"keyword": "sketches found"},
-{"id": 468,
+{"id": 474,
"keyword": "benchmark problems"},
-{"id": 469,
+{"id": 475,
"keyword": "variable assignment"},
-{"id": 470,
+{"id": 476,
"keyword": "algorithm enumerating"},
-{"id": 471,
+{"id": 477,
"keyword": "previous afp article"},
-{"id": 472,
+{"id": 478,
"keyword": "representative dynamic programming problems"},
-{"id": 473,
+{"id": 479,
"keyword": "priority"},
-{"id": 474,
+{"id": 480,
"keyword": "andr platzer"},
-{"id": 475,
+{"id": 481,
"keyword": "adding observation instants"},
-{"id": 476,
+{"id": 482,
"keyword": "compiler optimization"},
-{"id": 477,
+{"id": 483,
"keyword": "nominal2 library"},
-{"id": 478,
+{"id": 484,
"keyword": "finite automata"},
-{"id": 479,
+{"id": 485,
"keyword": "abstract version"},
-{"id": 480,
+{"id": 486,
"keyword": "proof details"},
-{"id": 481,
+{"id": 487,
"keyword": "programming languages"},
-{"id": 482,
+{"id": 488,
"keyword": "basic properties ndash"},
-{"id": 483,
+{"id": 489,
"keyword": "taylor models"},
-{"id": 484,
+{"id": 490,
"keyword": "starting point"},
-{"id": 485,
+{"id": 491,
"keyword": "static single assignment form"},
-{"id": 486,
+{"id": 492,
"keyword": "randomized comb algorithm"},
-{"id": 487,
+{"id": 493,
"keyword": "collectively referred"},
-{"id": 488,
+{"id": 494,
"keyword": "computes density functions"},
-{"id": 489,
+{"id": 495,
"keyword": "standard dolev-yao"},
-{"id": 490,
+{"id": 496,
"keyword": "isafor ceta project"},
-{"id": 491,
+{"id": 497,
"keyword": "relational model"},
-{"id": 492,
+{"id": 498,
"keyword": "deriving asymptotic estimates"},
-{"id": 493,
+{"id": 499,
"keyword": "clean offers conditionals"},
-{"id": 494,
+{"id": 500,
"keyword": "no-frills state-exception monad"},
-{"id": 495,
+{"id": 501,
"keyword": "search-time information"},
-{"id": 496,
+{"id": 502,
"keyword": "regular expressions extended"},
-{"id": 497,
+{"id": 503,
"keyword": "specific part"},
-{"id": 498,
+{"id": 504,
"keyword": "breeders"},
-{"id": 499,
+{"id": 505,
"keyword": "classical geometric definitions"},
-{"id": 500,
+{"id": 506,
"keyword": "integration technique employs lex"},
-{"id": 501,
-"keyword": "bell numbers"},
-{"id": 502,
-"keyword": "pattern specifications"},
-{"id": 503,
-"keyword": "primitively corecursive-"},
-{"id": 504,
-"keyword": "tree automata apf-entry"},
-{"id": 505,
-"keyword": "detailed systematic study"},
-{"id": 506,
-"keyword": "compute roots"},
{"id": 507,
-"keyword": "rational number"},
+"keyword": "bell numbers"},
{"id": 508,
-"keyword": "properties related"},
+"keyword": "pattern specifications"},
{"id": 509,
-"keyword": "model compatibility"},
+"keyword": "primitively corecursive-"},
{"id": 510,
-"keyword": "interactively find"},
+"keyword": "tree automata apf-entry"},
{"id": 511,
-"keyword": "ben-ari ba12"},
+"keyword": "detailed systematic study"},
{"id": 512,
-"keyword": "difference bound matrices"},
+"keyword": "compute roots"},
{"id": 513,
-"keyword": "object-oriented data-type theories generated"},
+"keyword": "rational number"},
{"id": 514,
-"keyword": "benchmark scripts"},
+"keyword": "properties related"},
{"id": 515,
-"keyword": "field accesses"},
+"keyword": "model compatibility"},
{"id": 516,
-"keyword": "enables users"},
+"keyword": "interactively find"},
{"id": 517,
-"keyword": "semantic definitions"},
+"keyword": "ben-ari ba12"},
{"id": 518,
-"keyword": "employs formal models"},
+"keyword": "difference bound matrices"},
{"id": 519,
-"keyword": "max-flow min-cut theorem"},
+"keyword": "object-oriented data-type theories generated"},
{"id": 520,
-"keyword": "proof language"},
+"keyword": "benchmark scripts"},
{"id": 521,
-"keyword": "class hierarchies"},
+"keyword": "field accesses"},
{"id": 522,
-"keyword": "determinization procedure"},
+"keyword": "enables users"},
{"id": 523,
-"keyword": "concurrent dynamic logics"},
+"keyword": "semantic definitions"},
{"id": 524,
-"keyword": "pierre boutry"},
+"keyword": "employs formal models"},
{"id": 525,
-"keyword": "push-relabel algorithms"},
+"keyword": "max-flow min-cut theorem"},
{"id": 526,
-"keyword": "discrete probability distributions"},
+"keyword": "proof language"},
{"id": 527,
-"keyword": "afp entry"},
+"keyword": "class hierarchies"},
{"id": 528,
-"keyword": "multiple algebraic structures"},
+"keyword": "determinization procedure"},
{"id": 529,
-"keyword": "cone text arg"},
+"keyword": "concurrent dynamic logics"},
{"id": 530,
-"keyword": "vector cross product"},
+"keyword": "pierre boutry"},
{"id": 531,
-"keyword": "bounded-deducibility security"},
+"keyword": "push-relabel algorithms"},
{"id": 532,
-"keyword": "machine-checked text annex"},
+"keyword": "discrete probability distributions"},
{"id": 533,
-"keyword": "executable density compiler"},
+"keyword": "afp entry"},
{"id": 534,
+"keyword": "multiple algebraic structures"},
+{"id": 535,
+"keyword": "cone text arg"},
+{"id": 536,
+"keyword": "vector cross product"},
+{"id": 537,
+"keyword": "bounded-deducibility security"},
+{"id": 538,
+"keyword": "machine-checked text annex"},
+{"id": 539,
+"keyword": "executable density compiler"},
+{"id": 540,
"keyword": "difference sets"},
-{"id": 535,
+{"id": 541,
"keyword": "counter-free automata"},
-{"id": 536,
+{"id": 542,
"keyword": "number theoretic transform"},
-{"id": 537,
+{"id": 543,
"keyword": "paper mechanising turing machines"},
-{"id": 538,
+{"id": 544,
"keyword": "formalization reveals"},
-{"id": 539,
+{"id": 545,
"keyword": "involve regular expressions"},
-{"id": 540,
+{"id": 546,
"keyword": "chosen memory model"},
-{"id": 541,
+{"id": 547,
"keyword": "automated circuit verification"},
-{"id": 542,
+{"id": 548,
"keyword": "taylor expansions"},
-{"id": 543,
+{"id": 549,
"keyword": "infinite derivation trees"},
-{"id": 544,
+{"id": 550,
"keyword": "instance---many-sorted fol"},
-{"id": 545,
+{"id": 551,
"keyword": "entailment- minimal"},
-{"id": 546,
+{"id": 552,
"keyword": "theories reasoning"},
-{"id": 547,
+{"id": 553,
"keyword": "proof method casify"},
-{"id": 548,
+{"id": 554,
"keyword": "stationary distributions"},
-{"id": 549,
+{"id": 555,
"keyword": "severe limitation"},
-{"id": 550,
+{"id": 556,
"keyword": "lies strictly"},
-{"id": 551,
+{"id": 557,
"keyword": "application areas"},
-{"id": 552,
+{"id": 558,
"keyword": "strongly connected components"},
-{"id": 553,
+{"id": 559,
"keyword": "initial segment condition"},
-{"id": 554,
+{"id": 560,
"keyword": "locally ringed space"},
-{"id": 555,
+{"id": 561,
"keyword": "maclaurin summation formula"},
-{"id": 556,
+{"id": 562,
"keyword": "karel hrbacek"},
-{"id": 557,
+{"id": 563,
"keyword": "underlying ideas"},
-{"id": 558,
+{"id": 564,
"keyword": "fundamental subspaces"},
-{"id": 559,
+{"id": 565,
"keyword": "notable result"},
-{"id": 560,
+{"id": 566,
"keyword": "1 infty left"},
-{"id": 561,
+{"id": 567,
"keyword": "multiple goods"},
-{"id": 562,
+{"id": 568,
"keyword": "lehmer test"},
-{"id": 563,
+{"id": 569,
"keyword": "kepler conjecture"},
-{"id": 564,
+{"id": 570,
"keyword": "rely-guarantee-style reasoning"},
-{"id": 565,
+{"id": 571,
"keyword": "elegant encoding"},
-{"id": 566,
+{"id": 572,
"keyword": "require"},
-{"id": 567,
+{"id": 573,
"keyword": "proof assistant"},
-{"id": 568,
+{"id": 574,
"keyword": "transfer package"},
-{"id": 569,
+{"id": 575,
"keyword": "higher-order logic"},
-{"id": 570,
+{"id": 576,
"keyword": "case studies"},
-{"id": 571,
+{"id": 577,
"keyword": "lp spaces"},
-{"id": 572,
+{"id": 578,
"keyword": "pctl formulas"},
-{"id": 573,
+{"id": 579,
"keyword": "program traces"},
-{"id": 574,
-"keyword": "resolution calculus"},
-{"id": 575,
-"keyword": "standard construction"},
-{"id": 576,
-"keyword": "first-order terms"},
-{"id": 577,
-"keyword": "generate code"},
-{"id": 578,
-"keyword": "implementation relates pointer-based computation"},
-{"id": 579,
-"keyword": "public output ports"},
{"id": 580,
-"keyword": "flow-sensitive type system"},
+"keyword": "resolution calculus"},
{"id": 581,
-"keyword": "fitting theory"},
+"keyword": "standard construction"},
{"id": 582,
-"keyword": "basic algebraic properties"},
+"keyword": "first-order terms"},
{"id": 583,
-"keyword": "predicate taking"},
+"keyword": "generate code"},
{"id": 584,
-"keyword": "dataflow paradigm"},
+"keyword": "implementation relates pointer-based computation"},
{"id": 585,
-"keyword": "arbitrary nominal sets"},
+"keyword": "public output ports"},
{"id": 586,
+"keyword": "flow-sensitive type system"},
+{"id": 587,
+"keyword": "fitting theory"},
+{"id": 588,
+"keyword": "basic algebraic properties"},
+{"id": 589,
+"keyword": "predicate taking"},
+{"id": 590,
+"keyword": "dataflow paradigm"},
+{"id": 591,
+"keyword": "permissions held"},
+{"id": 592,
+"keyword": "arbitrary nominal sets"},
+{"id": 593,
"keyword": "correctness theorems"},
-{"id": 587,
+{"id": 594,
"keyword": "incoming edges"},
-{"id": 588,
+{"id": 595,
"keyword": "input infinite sequences"},
-{"id": 589,
+{"id": 596,
"keyword": "klein nicta"},
-{"id": 590,
+{"id": 597,
"keyword": "manual approach"},
-{"id": 591,
+{"id": 598,
"keyword": "originally obtained"},
-{"id": 592,
+{"id": 599,
"keyword": "familiar first-order logic"},
-{"id": 593,
+{"id": 600,
"keyword": "game-hopping style advocated"},
-{"id": 594,
+{"id": 601,
"keyword": "reusable building blocks"},
-{"id": 595,
+{"id": 602,
"keyword": "common factors"},
-{"id": 596,
+{"id": 603,
"keyword": "reduction step"},
-{"id": 597,
+{"id": 604,
"keyword": "perfect forward secrecy"},
-{"id": 598,
+{"id": 605,
"keyword": "full sequential fragment"},
-{"id": 599,
+{"id": 606,
"keyword": "adapting larry paulson"},
-{"id": 600,
+{"id": 607,
"keyword": "termination techniques"},
-{"id": 601,
+{"id": 608,
"keyword": "large part"},
-{"id": 602,
+{"id": 609,
"keyword": "generic diamond lemma reduction"},
-{"id": 603,
+{"id": 610,
"keyword": "produce uniformly smaller automata"},
-{"id": 604,
+{"id": 611,
"keyword": "regular expression"},
-{"id": 605,
+{"id": 612,
"keyword": "afp entry focusstreamscasestudies-afp"},
-{"id": 606,
+{"id": 613,
"keyword": "runtime monitoring"},
-{"id": 607,
+{"id": 614,
"keyword": "quantum projective measurements"},
-{"id": 608,
+{"id": 615,
"keyword": "existing theories"},
-{"id": 609,
+{"id": 616,
"keyword": "relational parametricity due"},
-{"id": 610,
+{"id": 617,
"keyword": "superposition calculus"},
-{"id": 611,
+{"id": 618,
"keyword": "version states"},
-{"id": 612,
+{"id": 619,
"keyword": "calculate sign variations"},
-{"id": 613,
+{"id": 620,
"keyword": "extended real numbers form"},
-{"id": 614,
+{"id": 621,
"keyword": "standard reduction path"},
-{"id": 615,
-"keyword": "meld operations"},
-{"id": 616,
-"keyword": "json objects"},
-{"id": 617,
-"keyword": "rgen villadsen"},
-{"id": 618,
-"keyword": "partial binary operation"},
-{"id": 619,
-"keyword": "tuples satisfying"},
-{"id": 620,
-"keyword": "remaining computation"},
-{"id": 621,
-"keyword": "andrei popescu propose"},
{"id": 622,
-"keyword": "standard definitions"},
+"keyword": "meld operations"},
{"id": 623,
-"keyword": "call return"},
+"keyword": "json objects"},
{"id": 624,
-"keyword": "substantial background"},
+"keyword": "rgen villadsen"},
{"id": 625,
-"keyword": "girard-tait style logical relation"},
+"keyword": "partial binary operation"},
{"id": 626,
-"keyword": "expressive logic"},
+"keyword": "tuples satisfying"},
{"id": 627,
-"keyword": "informal description"},
+"keyword": "remaining computation"},
{"id": 628,
+"keyword": "andrei popescu propose"},
+{"id": 629,
+"keyword": "standard definitions"},
+{"id": 630,
+"keyword": "call return"},
+{"id": 631,
+"keyword": "substantial background"},
+{"id": 632,
+"keyword": "girard-tait style logical relation"},
+{"id": 633,
+"keyword": "expressive logic"},
+{"id": 634,
+"keyword": "informal description"},
+{"id": 635,
"keyword": "infinite trees branching"},
-{"id": 629,
+{"id": 636,
"keyword": "regular languages"},
-{"id": 630,
+{"id": 637,
"keyword": "carmichael numbers"},
-{"id": 631,
+{"id": 638,
"keyword": "digit expansions"},
-{"id": 632,
+{"id": 639,
"keyword": "famous invisible hand"},
-{"id": 633,
+{"id": 640,
"keyword": "javascript object notation"},
-{"id": 634,
+{"id": 641,
"keyword": "public announcement logic"},
-{"id": 635,
+{"id": 642,
"keyword": "compute arbitrary primitive recursive"},
-{"id": 636,
+{"id": 643,
"keyword": "respective fundamental homomorphism theorems"},
-{"id": 637,
+{"id": 644,
"keyword": "practically successful method"},
-{"id": 638,
+{"id": 645,
"keyword": "up-closed sets"},
-{"id": 639,
+{"id": 646,
"keyword": "edward zalta"},
-{"id": 640,
+{"id": 647,
"keyword": "generalized recurrence"},
-{"id": 641,
+{"id": 648,
"keyword": "equivalence kernels"},
-{"id": 642,
+{"id": 649,
"keyword": "real gamma function gamma"},
-{"id": 643,
+{"id": 650,
"keyword": "british imperial system"},
-{"id": 644,
+{"id": 651,
"keyword": "comparing encodability criteria"},
-{"id": 645,
-"keyword": "symmetric directed graphs"},
-{"id": 646,
+{"id": 652,
"keyword": "arbitrary user-"},
-{"id": 647,
+{"id": 653,
"keyword": "constructor applications"},
-{"id": 648,
+{"id": 654,
"keyword": "analogous problem arises"},
-{"id": 649,
+{"id": 655,
"keyword": "expanding contracting intervals"},
-{"id": 650,
+{"id": 656,
"keyword": "first-order parameters"},
-{"id": 651,
+{"id": 657,
"keyword": "abortable linearizable module automaton"},
-{"id": 652,
+{"id": 658,
+"keyword": "syntactic multiplication"},
+{"id": 659,
+"keyword": "symmetric directed graphs"},
+{"id": 660,
"keyword": "cava automata library"},
-{"id": 653,
+{"id": 661,
"keyword": "higher-order frequency moments"},
-{"id": 654,
+{"id": 662,
"keyword": "fusible list functions"},
-{"id": 655,
+{"id": 663,
"keyword": "nash-williams discovered"},
-{"id": 656,
+{"id": 664,
"keyword": "equivalence proofs"},
-{"id": 657,
+{"id": 665,
"keyword": "regular algebras axiomatise"},
-{"id": 658,
+{"id": 666,
"keyword": "efficient data structure combining"},
-{"id": 659,
+{"id": 667,
"keyword": "distributed systems specification"},
-{"id": 660,
+{"id": 668,
"keyword": "total recursive functions"},
-{"id": 661,
+{"id": 669,
"keyword": "complete formalisation"},
-{"id": 662,
+{"id": 670,
"keyword": "inductive definition"},
-{"id": 663,
+{"id": 671,
"keyword": "cohen posets"},
-{"id": 664,
+{"id": 672,
"keyword": "standard system"},
-{"id": 665,
+{"id": 673,
"keyword": "wide range"},
-{"id": 666,
+{"id": 674,
"keyword": "nominal"},
-{"id": 667,
-"keyword": "ongoing development"},
-{"id": 668,
-"keyword": "concrete logics satisfying"},
-{"id": 669,
-"keyword": "efficient implementation"},
-{"id": 670,
-"keyword": "ribbon proofs"},
-{"id": 671,
-"keyword": "mechanised proofs"},
-{"id": 672,
-"keyword": "test check"},
-{"id": 673,
-"keyword": "inverse limit"},
-{"id": 674,
-"keyword": "original quantifier elimination algorithm"},
{"id": 675,
-"keyword": "abc"},
+"keyword": "ongoing development"},
{"id": 676,
-"keyword": "symmetric cases"},
+"keyword": "concrete logics satisfying"},
{"id": 677,
-"keyword": "verify purely functional"},
+"keyword": "efficient implementation"},
{"id": 678,
-"keyword": "hyperdual numbers"},
+"keyword": "ribbon proofs"},
{"id": 679,
-"keyword": "discrete fourier transform"},
+"keyword": "mechanised proofs"},
{"id": 680,
-"keyword": "forward data packets"},
+"keyword": "test check"},
{"id": 681,
-"keyword": "application consumes potential"},
+"keyword": "inverse limit"},
{"id": 682,
-"keyword": "second-order derivation"},
+"keyword": "original quantifier elimination algorithm"},
{"id": 683,
-"keyword": "special functions"},
+"keyword": "abc"},
{"id": 684,
-"keyword": "initial conversion"},
+"keyword": "lend money"},
{"id": 685,
-"keyword": "hol formalization refines"},
+"keyword": "symmetric cases"},
{"id": 686,
-"keyword": "eliminates duplicate prime factors"},
+"keyword": "verify purely functional"},
{"id": 687,
-"keyword": "explicit formula"},
+"keyword": "hyperdual numbers"},
{"id": 688,
-"keyword": "eventually achieve"},
+"keyword": "discrete fourier transform"},
{"id": 689,
-"keyword": "non-negative real"},
+"keyword": "forward data packets"},
{"id": 690,
-"keyword": "deterministic minsky machine"},
+"keyword": "application consumes potential"},
{"id": 691,
-"keyword": "graph properties expressed"},
+"keyword": "second-order derivation"},
{"id": 692,
-"keyword": "dom standard"},
+"keyword": "special functions"},
{"id": 693,
-"keyword": "high school"},
+"keyword": "initial conversion"},
{"id": 694,
-"keyword": "dnf-based non-elementary algorithm"},
+"keyword": "hol formalization refines"},
{"id": 695,
-"keyword": "fast sat solver"},
+"keyword": "eliminates duplicate prime factors"},
{"id": 696,
-"keyword": "coalgebraic literature"},
+"keyword": "explicit formula"},
{"id": 697,
-"keyword": "generalisation bnfcc"},
+"keyword": "eventually achieve"},
{"id": 698,
-"keyword": "vector space"},
+"keyword": "non-negative real"},
{"id": 699,
-"keyword": "lll basis reduction algorithm"},
+"keyword": "deterministic minsky machine"},
{"id": 700,
-"keyword": "comte de buffon posed"},
+"keyword": "graph properties expressed"},
{"id": 701,
-"keyword": "confidentiality properties"},
+"keyword": "dom standard"},
{"id": 702,
+"keyword": "high school"},
+{"id": 703,
+"keyword": "dnf-based non-elementary algorithm"},
+{"id": 704,
+"keyword": "fast sat solver"},
+{"id": 705,
+"keyword": "coalgebraic literature"},
+{"id": 706,
+"keyword": "generalisation bnfcc"},
+{"id": 707,
+"keyword": "vector space"},
+{"id": 708,
+"keyword": "lll basis reduction algorithm"},
+{"id": 709,
+"keyword": "comte de buffon posed"},
+{"id": 710,
+"keyword": "confidentiality properties"},
+{"id": 711,
"keyword": "defining functors"},
-{"id": 703,
+{"id": 712,
"keyword": "prod limits_"},
-{"id": 704,
+{"id": 713,
"keyword": "range queries"},
-{"id": 705,
+{"id": 714,
"keyword": "binary orthogonality"},
-{"id": 706,
+{"id": 715,
"keyword": "union concatenation"},
-{"id": 707,
+{"id": 716,
"keyword": "substantial set"},
-{"id": 708,
+{"id": 717,
"keyword": "von lindemann"},
-{"id": 709,
+{"id": 718,
"keyword": "proof tool"},
-{"id": 710,
+{"id": 719,
"keyword": "modulo operation"},
-{"id": 711,
+{"id": 720,
"keyword": "path"},
-{"id": 712,
+{"id": 721,
"keyword": "document corresponds"},
-{"id": 713,
+{"id": 722,
"keyword": "gps satellite"},
-{"id": 714,
+{"id": 723,
"keyword": "publication forthcoming"},
-{"id": 715,
+{"id": 724,
"keyword": "behavioral aspects"},
-{"id": 716,
+{"id": 725,
"keyword": "graph- transformation based method"},
-{"id": 717,
+{"id": 726,
"keyword": "odd-set cover"},
-{"id": 718,
+{"id": 727,
"keyword": "classical algorithms"},
-{"id": 719,
+{"id": 728,
"keyword": "proofs involving linear algebra"},
-{"id": 720,
+{"id": 729,
"keyword": "years formal verification"},
-{"id": 721,
+{"id": 730,
"keyword": "simulation code generation"},
-{"id": 722,
+{"id": 731,
"keyword": "geodesic triangles"},
-{"id": 723,
+{"id": 732,
"keyword": "present interpretations"},
-{"id": 724,
+{"id": 733,
"keyword": "extending previous results applying"},
-{"id": 725,
+{"id": 734,
"keyword": "k-universal hash family"},
-{"id": 726,
+{"id": 735,
"keyword": "revision 6081d5be8d08"},
-{"id": 727,
+{"id": 736,
"keyword": "boolean connectives"},
-{"id": 728,
+{"id": 737,
"keyword": "verification condition generators producing"},
-{"id": 729,
+{"id": 738,
"keyword": "lattice-theoretic concepts"},
-{"id": 730,
+{"id": 739,
"keyword": "generic instantiation based"},
-{"id": 731,
+{"id": 740,
"keyword": "communication channels"},
-{"id": 732,
+{"id": 741,
"keyword": "sufficiently nice sdss"},
-{"id": 733,
+{"id": 742,
"keyword": "proof applies"},
-{"id": 734,
+{"id": 743,
"keyword": "couple small"},
-{"id": 735,
+{"id": 744,
"keyword": "additive combinatorics due"},
-{"id": 736,
+{"id": 745,
"keyword": "representable bounds"},
-{"id": 737,
+{"id": 746,
"keyword": "textbook modal logic"},
-{"id": 738,
+{"id": 747,
"keyword": "relational program logics"},
-{"id": 739,
+{"id": 748,
"keyword": "formal words"},
-{"id": 740,
+{"id": 749,
"keyword": "command mk_ide enables"},
-{"id": 741,
+{"id": 750,
"keyword": "inventory management"},
-{"id": 742,
+{"id": 751,
"keyword": "generalised rewriting"},
-{"id": 743,
+{"id": 752,
"keyword": "enhanced interleaves predicate turns"},
-{"id": 744,
+{"id": 753,
+"keyword": "call risk-free loan"},
+{"id": 754,
"keyword": "cotangent spaces"},
-{"id": 745,
+{"id": 755,
"keyword": "simple exercises"},
-{"id": 746,
+{"id": 756,
"keyword": "induction hypothesis"},
-{"id": 747,
+{"id": 757,
"keyword": "real-world computer networks"},
-{"id": 748,
+{"id": 758,
"keyword": "additional relations"},
-{"id": 749,
-"keyword": "combine stepwise refinement"},
-{"id": 750,
-"keyword": "logical foundation"},
-{"id": 751,
-"keyword": "nearest shadow root"},
-{"id": 752,
-"keyword": "asynchronously communicating nodes"},
-{"id": 753,
-"keyword": "introducing constructor functions"},
-{"id": 754,
-"keyword": "newly detected states"},
-{"id": 755,
-"keyword": "presented variants increase"},
-{"id": 756,
-"keyword": "divide conquer algorithms"},
-{"id": 757,
-"keyword": "classical extensional mereology"},
-{"id": 758,
-"keyword": "quantified non-classical logics"},
{"id": 759,
-"keyword": "usual definitions"},
+"keyword": "combine stepwise refinement"},
{"id": 760,
-"keyword": "foundation presented"},
+"keyword": "logical foundation"},
{"id": 761,
-"keyword": "incidence set systems"},
+"keyword": "nearest shadow root"},
{"id": 762,
-"keyword": "jacobi symbol"},
+"keyword": "asynchronously communicating nodes"},
{"id": 763,
-"keyword": "verification components"},
+"keyword": "introducing constructor functions"},
{"id": 764,
-"keyword": "system"},
+"keyword": "newly detected states"},
{"id": 765,
-"keyword": "counts distinct real roots"},
+"keyword": "presented variants increase"},
{"id": 766,
-"keyword": "language primitives"},
+"keyword": "divide conquer algorithms"},
{"id": 767,
-"keyword": "positive llists"},
+"keyword": "classical extensional mereology"},
{"id": 768,
-"keyword": "classical logic"},
+"keyword": "quantified non-classical logics"},
{"id": 769,
-"keyword": "formal protocol verification"},
+"keyword": "usual definitions"},
{"id": 770,
-"keyword": "entry genclock"},
+"keyword": "foundation presented"},
{"id": 771,
-"keyword": "inlines function application"},
+"keyword": "incidence set systems"},
{"id": 772,
-"keyword": "imperative programming languages"},
+"keyword": "jacobi symbol"},
{"id": 773,
-"keyword": "dynamical systems"},
+"keyword": "verification components"},
{"id": 774,
-"keyword": "arbitrary transition systems"},
+"keyword": "system"},
{"id": 775,
-"keyword": "induced maps"},
+"keyword": "counts distinct real roots"},
{"id": 776,
-"keyword": "info research codegen"},
+"keyword": "language primitives"},
{"id": 777,
-"keyword": "monitoring tools"},
+"keyword": "classical logic"},
{"id": 778,
-"keyword": "functional languages"},
+"keyword": "formal protocol verification"},
{"id": 779,
-"keyword": "strong nullstellensatz"},
+"keyword": "entry genclock"},
{"id": 780,
-"keyword": "stateful network implementation"},
+"keyword": "inlines function application"},
{"id": 781,
-"keyword": "development concludes"},
+"keyword": "positive llists"},
{"id": 782,
-"keyword": "hyperbolic geometry"},
+"keyword": "full classical propositional logic"},
{"id": 783,
-"keyword": "strongest postconditions based"},
+"keyword": "imperative programming languages"},
{"id": 784,
-"keyword": "cade 28 paper"},
+"keyword": "dynamical systems"},
{"id": 785,
-"keyword": "called complete sets"},
+"keyword": "arbitrary transition systems"},
{"id": 786,
+"keyword": "induced maps"},
+{"id": 787,
+"keyword": "info research codegen"},
+{"id": 788,
+"keyword": "monitoring tools"},
+{"id": 789,
+"keyword": "functional languages"},
+{"id": 790,
+"keyword": "strong nullstellensatz"},
+{"id": 791,
+"keyword": "stateful network implementation"},
+{"id": 792,
+"keyword": "development concludes"},
+{"id": 793,
+"keyword": "hyperbolic geometry"},
+{"id": 794,
+"keyword": "strongest postconditions based"},
+{"id": 795,
+"keyword": "cade 28 paper"},
+{"id": 796,
+"keyword": "called complete sets"},
+{"id": 797,
"keyword": "jordan curve theorem"},
-{"id": 787,
+{"id": 798,
"keyword": "core operations"},
-{"id": 788,
+{"id": 799,
"keyword": "fixed arguments"},
-{"id": 789,
+{"id": 800,
"keyword": "satisfying assignment"},
-{"id": 790,
+{"id": 801,
"keyword": "b_n"},
-{"id": 791,
+{"id": 802,
"keyword": "bilinear dominance"},
-{"id": 792,
+{"id": 803,
"keyword": "model reactive systems"},
-{"id": 793,
+{"id": 804,
"keyword": "target language features"},
-{"id": 794,
+{"id": 805,
"keyword": "social decision schemes"},
-{"id": 795,
+{"id": 806,
"keyword": "okamoto sigma-protocols"},
-{"id": 796,
+{"id": 807,
"keyword": "squares euclid"},
-{"id": 797,
+{"id": 808,
"keyword": "celebrated theorem"},
-{"id": 798,
+{"id": 809,
"keyword": "girard newton theorem"},
-{"id": 799,
+{"id": 810,
"keyword": "yoneda embedding preserves limits"},
-{"id": 800,
+{"id": 811,
"keyword": "behavior traces"},
-{"id": 801,
-"keyword": "avoid correctness issues"},
-{"id": 802,
-"keyword": "magic wand mathbin"},
-{"id": 803,
-"keyword": "argument functions"},
-{"id": 804,
-"keyword": "stream types"},
-{"id": 805,
-"keyword": "original operational semantics"},
-{"id": 806,
-"keyword": "reduction conformance relations"},
-{"id": 807,
-"keyword": "heap operations"},
-{"id": 808,
-"keyword": "64-bit bases"},
-{"id": 809,
-"keyword": "coupled simulation versus bisimulation"},
-{"id": 810,
-"keyword": "unified policy framework"},
-{"id": 811,
-"keyword": "configuration trace"},
{"id": 812,
-"keyword": "pen-and-paper analysis"},
+"keyword": "avoid correctness issues"},
{"id": 813,
-"keyword": "definite initialisation analysis"},
+"keyword": "magic wand mathbin"},
{"id": 814,
-"keyword": "complex plane"},
+"keyword": "argument functions"},
{"id": 815,
-"keyword": "galois theory"},
+"keyword": "stream types"},
{"id": 816,
-"keyword": "weak nullstellensatz"},
+"keyword": "original operational semantics"},
{"id": 817,
-"keyword": "standard logistic function"},
+"keyword": "reduction conformance relations"},
{"id": 818,
-"keyword": "state-of-the-art automated protocol verifiers"},
+"keyword": "heap operations"},
{"id": 819,
-"keyword": "generate efficient code"},
+"keyword": "64-bit bases"},
{"id": 820,
-"keyword": "modal logics"},
+"keyword": "coupled simulation versus bisimulation"},
{"id": 821,
-"keyword": "syntactic context"},
+"keyword": "unified policy framework"},
{"id": 822,
-"keyword": "resulting generalized counting sort"},
+"keyword": "configuration trace"},
{"id": 823,
-"keyword": "special care"},
+"keyword": "pen-and-paper analysis"},
{"id": 824,
-"keyword": "volume proofs"},
+"keyword": "definite initialisation analysis"},
{"id": 825,
-"keyword": "failed proof"},
+"keyword": "complex plane"},
{"id": 826,
-"keyword": "individual computing nodes"},
+"keyword": "galois theory"},
{"id": 827,
-"keyword": "recursive path order"},
+"keyword": "weak nullstellensatz"},
{"id": 828,
-"keyword": "reachable states"},
+"keyword": "standard logistic function"},
{"id": 829,
-"keyword": "equivalent versions"},
+"keyword": "state-of-the-art automated protocol verifiers"},
{"id": 830,
-"keyword": "closed finite games"},
+"keyword": "generate efficient code"},
{"id": 831,
-"keyword": "generalised form"},
+"keyword": "modal logics"},
{"id": 832,
-"keyword": "proposed under-approximate logics"},
+"keyword": "syntactic context"},
{"id": 833,
-"keyword": "handle incidence relations"},
+"keyword": "resulting generalized counting sort"},
{"id": 834,
-"keyword": "machine-assisted proof"},
+"keyword": "special care"},
{"id": 835,
-"keyword": "group representation"},
+"keyword": "volume proofs"},
{"id": 836,
-"keyword": "proof document supports"},
+"keyword": "failed proof"},
{"id": 837,
-"keyword": "amortized complexity"},
+"keyword": "individual computing nodes"},
{"id": 838,
-"keyword": "assertion failure"},
+"keyword": "recursive path order"},
{"id": 839,
-"keyword": "regular expressions needed"},
+"keyword": "reachable states"},
{"id": 840,
-"keyword": "n2m operation"},
+"keyword": "equivalent versions"},
{"id": 841,
-"keyword": "abstract compiler working"},
+"keyword": "closed finite games"},
{"id": 842,
-"keyword": "dra targets similar applications"},
+"keyword": "generalised form"},
{"id": 843,
-"keyword": "certify termination proofs"},
+"keyword": "proposed under-approximate logics"},
{"id": 844,
-"keyword": "failures model"},
+"keyword": "handle incidence relations"},
{"id": 845,
-"keyword": "resource bound"},
+"keyword": "machine-assisted proof"},
{"id": 846,
-"keyword": "probabilistic systems"},
+"keyword": "group representation"},
{"id": 847,
-"keyword": "infinite behavior traces"},
+"keyword": "frame rule"},
{"id": 848,
-"keyword": "finiteness assumptions"},
+"keyword": "proof document supports"},
{"id": 849,
-"keyword": "gps receiver"},
+"keyword": "amortized complexity"},
{"id": 850,
-"keyword": "proof theory enables application"},
+"keyword": "assertion failure"},
{"id": 851,
-"keyword": "longer valid"},
+"keyword": "regular expressions needed"},
{"id": 852,
-"keyword": "separation kernels"},
+"keyword": "n2m operation"},
{"id": 853,
-"keyword": "in-place heapsort"},
+"keyword": "abstract compiler working"},
{"id": 854,
-"keyword": "result due"},
+"keyword": "dra targets similar applications"},
{"id": 855,
-"keyword": "clause loop"},
+"keyword": "certify termination proofs"},
{"id": 856,
-"keyword": "register aliasing"},
+"keyword": "failures model"},
{"id": 857,
-"keyword": "recursive formalization"},
+"keyword": "resource bound"},
{"id": 858,
-"keyword": "revision functions launches"},
+"keyword": "probabilistic systems"},
{"id": 859,
-"keyword": "extensible library"},
+"keyword": "infinite behavior traces"},
{"id": 860,
-"keyword": "master theorem based"},
+"keyword": "finiteness assumptions"},
{"id": 861,
-"keyword": "refinement type systems"},
+"keyword": "gps receiver"},
{"id": 862,
-"keyword": "generic abstract interpreter"},
+"keyword": "proof theory enables application"},
{"id": 863,
-"keyword": "proof relies"},
+"keyword": "longer valid"},
{"id": 864,
-"keyword": "quantum hoare logic"},
+"keyword": "separation kernels"},
{"id": 865,
-"keyword": "haskell tool called fffuu"},
+"keyword": "in-place heapsort"},
{"id": 866,
-"keyword": "recursion theorems"},
+"keyword": "result due"},
{"id": 867,
-"keyword": "relation algebras equipped"},
+"keyword": "clause loop"},
{"id": 868,
-"keyword": "prefix length"},
+"keyword": "register aliasing"},
{"id": 869,
-"keyword": "balanced nature"},
+"keyword": "recursive formalization"},
{"id": 870,
-"keyword": "key component"},
+"keyword": "revision functions launches"},
{"id": 871,
+"keyword": "extensible library"},
+{"id": 872,
+"keyword": "master theorem based"},
+{"id": 873,
+"keyword": "refinement type systems"},
+{"id": 874,
+"keyword": "generic abstract interpreter"},
+{"id": 875,
+"keyword": "proof relies"},
+{"id": 876,
+"keyword": "quantum hoare logic"},
+{"id": 877,
+"keyword": "haskell tool called fffuu"},
+{"id": 878,
+"keyword": "recursion theorems"},
+{"id": 879,
+"keyword": "relation algebras equipped"},
+{"id": 880,
+"keyword": "prefix length"},
+{"id": 881,
+"keyword": "balanced nature"},
+{"id": 882,
+"keyword": "key component"},
+{"id": 883,
"keyword": "article attempts"},
-{"id": 872,
+{"id": 884,
"keyword": "heuristics automatically pick"},
-{"id": 873,
+{"id": 885,
"keyword": "instruction set architecture"},
-{"id": 874,
+{"id": 886,
"keyword": "hol light formalization"},
-{"id": 875,
+{"id": 887,
"keyword": "tauberian theorem"},
-{"id": 876,
+{"id": 888,
"keyword": "domain-specific languages"},
-{"id": 877,
+{"id": 889,
"keyword": "code generation"},
-{"id": 878,
+{"id": 890,
"keyword": "combinatorial optimisation"},
-{"id": 879,
+{"id": 891,
"keyword": "isafol isafol authors"},
-{"id": 880,
+{"id": 892,
"keyword": "providing sequential composition"},
-{"id": 881,
+{"id": 893,
"keyword": "complex numbers"},
-{"id": 882,
+{"id": 894,
"keyword": "afp"},
-{"id": 883,
+{"id": 895,
"keyword": "dominated terms"},
-{"id": 884,
+{"id": 896,
"keyword": "maximal normal subgroups"},
-{"id": 885,
+{"id": 897,
"keyword": "pseudonatural transformations"},
-{"id": 886,
+{"id": 898,
"keyword": "short outline"},
-{"id": 887,
+{"id": 899,
"keyword": "fixed lexicographical order"},
-{"id": 888,
+{"id": 900,
"keyword": "coq proof assistant"},
-{"id": 889,
+{"id": 901,
"keyword": "echelon form afp entry"},
-{"id": 890,
+{"id": 902,
"keyword": "implicit flows"},
-{"id": 891,
+{"id": 903,
"keyword": "time complexity"},
-{"id": 892,
+{"id": 904,
"keyword": "integer keys"},
-{"id": 893,
+{"id": 905,
"keyword": "personal byzantine quorum systems"},
-{"id": 894,
+{"id": 906,
"keyword": "highly non-elementary mathematical tools"},
-{"id": 895,
+{"id": 907,
"keyword": "rivest commitment schemes"},
-{"id": 896,
+{"id": 908,
"keyword": "pairs consisting"},
-{"id": 897,
+{"id": 909,
"keyword": "potential breaks"},
-{"id": 898,
+{"id": 910,
"keyword": "json encoded data"},
-{"id": 899,
+{"id": 911,
"keyword": "partial derivatives"},
-{"id": 900,
+{"id": 912,
"keyword": "approach preservers"},
-{"id": 901,
+{"id": 913,
"keyword": "glibc strlen function"},
-{"id": 902,
+{"id": 914,
"keyword": "discrete-time markov chains"},
-{"id": 903,
+{"id": 915,
"keyword": "categorical predicate transformers implement"},
-{"id": 904,
+{"id": 916,
"keyword": "esop 2016 paper"},
-{"id": 905,
-"keyword": "org jasmin_blanchette isafol"},
-{"id": 906,
-"keyword": "pseudo-random functions"},
-{"id": 907,
-"keyword": "ivana vukotic"},
-{"id": 908,
-"keyword": "academic press"},
-{"id": 909,
-"keyword": "unverified ssa construction algorithm"},
-{"id": 910,
-"keyword": "complex plane extended"},
-{"id": 911,
-"keyword": "dynamic method invocation"},
-{"id": 912,
-"keyword": "stable property detection"},
-{"id": 913,
-"keyword": "simpler problem"},
-{"id": 914,
-"keyword": "cnf formulae"},
-{"id": 915,
-"keyword": "certified dictionary translation"},
-{"id": 916,
-"keyword": "combinatorics"},
{"id": 917,
-"keyword": "occurrence counts"},
+"keyword": "org jasmin_blanchette isafol"},
{"id": 918,
-"keyword": "cava model checker"},
+"keyword": "pseudo-random functions"},
{"id": 919,
-"keyword": "formalization"},
+"keyword": "ivana vukotic"},
{"id": 920,
-"keyword": "popular notion"},
+"keyword": "academic press"},
{"id": 921,
-"keyword": "original afp entry"},
+"keyword": "unverified ssa construction algorithm"},
{"id": 922,
-"keyword": "splay trees"},
+"keyword": "complex plane extended"},
{"id": 923,
+"keyword": "dynamic method invocation"},
+{"id": 924,
+"keyword": "stable property detection"},
+{"id": 925,
+"keyword": "simpler problem"},
+{"id": 926,
+"keyword": "cnf formulae"},
+{"id": 927,
+"keyword": "certified dictionary translation"},
+{"id": 928,
+"keyword": "combinatorics"},
+{"id": 929,
+"keyword": "occurrence counts"},
+{"id": 930,
+"keyword": "cava model checker"},
+{"id": 931,
+"keyword": "formalization"},
+{"id": 932,
+"keyword": "popular notion"},
+{"id": 933,
+"keyword": "original afp entry"},
+{"id": 934,
+"keyword": "splay trees"},
+{"id": 935,
"keyword": "stepwise refinement techniques"},
-{"id": 924,
+{"id": 936,
"keyword": "additional operations"},
-{"id": 925,
+{"id": 937,
"keyword": "euclidean axiom"},
-{"id": 926,
+{"id": 938,
"keyword": "program representation"},
-{"id": 927,
+{"id": 939,
"keyword": "simultaneously empowering end hosts"},
-{"id": 928,
+{"id": 940,
"keyword": "space complexity guarantees"},
-{"id": 929,
+{"id": 941,
"keyword": "noninterference theorem"},
-{"id": 930,
+{"id": 942,
"keyword": "data flow analyser"},
-{"id": 931,
+{"id": 943,
"keyword": "extent differs"},
-{"id": 932,
+{"id": 944,
"keyword": "upper triangular"},
-{"id": 933,
+{"id": 945,
"keyword": "lifting function application"},
-{"id": 934,
+{"id": 946,
"keyword": "mapping regular expressions"},
-{"id": 935,
+{"id": 947,
"keyword": "complicated solution"},
-{"id": 936,
+{"id": 948,
"keyword": "pen-and-paper counterpart"},
-{"id": 937,
+{"id": 949,
"keyword": "uiuc"},
-{"id": 938,
+{"id": 950,
"keyword": "additional extensions"},
-{"id": 939,
+{"id": 951,
"keyword": "explicit expression"},
-{"id": 940,
+{"id": 952,
"keyword": "bounds due"},
-{"id": 941,
+{"id": 953,
"keyword": "divisor function"},
-{"id": 942,
+{"id": 954,
"keyword": "important role"},
-{"id": 943,
+{"id": 955,
"keyword": "sequential java bytecode"},
-{"id": 944,
+{"id": 956,
"keyword": "executable functional implementation"},
-{"id": 945,
+{"id": 957,
"keyword": "dense linear orders"},
-{"id": 946,
+{"id": 958,
"keyword": "basic forward analysis operations"},
-{"id": 947,
-"keyword": "detecting rectangle intersection"},
-{"id": 948,
-"keyword": "direct subsumption"},
-{"id": 949,
-"keyword": "semantic interpretation"},
-{"id": 950,
-"keyword": "words lexicographically minimal"},
-{"id": 951,
-"keyword": "standard laws"},
-{"id": 952,
-"keyword": "analytic number theory"},
-{"id": 953,
-"keyword": "symbolic computations"},
-{"id": 954,
-"keyword": "decision type"},
-{"id": 955,
-"keyword": "proving correctness"},
-{"id": 956,
-"keyword": "compute fair prices"},
-{"id": 957,
-"keyword": "presented work"},
-{"id": 958,
-"keyword": "fully executable solver"},
{"id": 959,
-"keyword": "easily adapted"},
+"keyword": "detecting rectangle intersection"},
{"id": 960,
-"keyword": "process control"},
+"keyword": "direct subsumption"},
{"id": 961,
-"keyword": "executable sequent calculus prover"},
+"keyword": "semantic interpretation"},
{"id": 962,
-"keyword": "quantum information theory"},
+"keyword": "words lexicographically minimal"},
{"id": 963,
-"keyword": "formally verified abstract account"},
+"keyword": "standard laws"},
{"id": 964,
-"keyword": "successfully analyzed threads satisfies"},
+"keyword": "analytic number theory"},
{"id": 965,
+"keyword": "symbolic computations"},
+{"id": 966,
+"keyword": "decision type"},
+{"id": 967,
+"keyword": "proving correctness"},
+{"id": 968,
+"keyword": "compute fair prices"},
+{"id": 969,
+"keyword": "presented work"},
+{"id": 970,
+"keyword": "fully executable solver"},
+{"id": 971,
+"keyword": "easily adapted"},
+{"id": 972,
+"keyword": "process control"},
+{"id": 973,
+"keyword": "executable sequent calculus prover"},
+{"id": 974,
+"keyword": "quantum information theory"},
+{"id": 975,
+"keyword": "formally verified abstract account"},
+{"id": 976,
+"keyword": "successfully analyzed threads satisfies"},
+{"id": 977,
"keyword": "initial segment"},
-{"id": 966,
+{"id": 978,
"keyword": "alwen tiu"},
-{"id": 967,
+{"id": 979,
"keyword": "public ports"},
-{"id": 968,
+{"id": 980,
"keyword": "welfare economics holds"},
-{"id": 969,
+{"id": 981,
"keyword": "hol type system"},
-{"id": 970,
+{"id": 982,
"keyword": "non-negative solutions"},
-{"id": 971,
+{"id": 983,
"keyword": "abstract rewriting"},
-{"id": 972,
+{"id": 984,
"keyword": "distributed consensus"},
-{"id": 973,
+{"id": 985,
"keyword": "code equation"},
-{"id": 974,
+{"id": 986,
"keyword": "generic push-relabel algorithm"},
-{"id": 975,
+{"id": 987,
"keyword": "induction rule"},
-{"id": 976,
+{"id": 988,
"keyword": "dijkstra"},
-{"id": 977,
+{"id": 989,
"keyword": "afp article monadification"},
-{"id": 978,
+{"id": 990,
"keyword": "linear order"},
-{"id": 979,
+{"id": 991,
"keyword": "fixed time-unit"},
-{"id": 980,
+{"id": 992,
"keyword": "real case"},
-{"id": 981,
+{"id": 993,
"keyword": "paper local lexing"},
-{"id": 982,
+{"id": 994,
"keyword": "5th postulate"},
-{"id": 983,
+{"id": 995,
"keyword": "key confirmation"},
-{"id": 984,
+{"id": 996,
"keyword": "well-understood low-level behavior"},
-{"id": 985,
+{"id": 997,
"keyword": "proof easily"},
-{"id": 986,
+{"id": 998,
"keyword": "theorem prover ehdm"},
-{"id": 987,
+{"id": 999,
"keyword": "terms relevant"},
-{"id": 988,
+{"id": 1000,
"keyword": "json-encoded data"},
-{"id": 989,
+{"id": 1001,
"keyword": "generic-deriving package"},
-{"id": 990,
+{"id": 1002,
"keyword": "deep embedding approach"},
-{"id": 991,
+{"id": 1003,
"keyword": "syntactic approximations imply"},
-{"id": 992,
+{"id": 1004,
"keyword": "executable algorithms"},
-{"id": 993,
+{"id": 1005,
"keyword": "classical higher-order logic"},
-{"id": 994,
+{"id": 1006,
"keyword": "non-negative cost function"},
-{"id": 995,
+{"id": 1007,
"keyword": "correctness claims"},
-{"id": 996,
+{"id": 1008,
"keyword": "flexible set-based theorems"},
-{"id": 997,
+{"id": 1009,
"keyword": "geocoq library"},
-{"id": 998,
+{"id": 1010,
"keyword": "methodology chosen"},
-{"id": 999,
+{"id": 1011,
"keyword": "previously break"},
-{"id": 1000,
+{"id": 1012,
"keyword": "identical sequence elements"},
-{"id": 1001,
+{"id": 1013,
"keyword": "structured isar proofs"},
-{"id": 1002,
+{"id": 1014,
"keyword": "countably infinite number"},
-{"id": 1003,
+{"id": 1015,
"keyword": "lebesgue-style integration plays"},
-{"id": 1004,
+{"id": 1016,
"keyword": "effect specifications"},
-{"id": 1005,
+{"id": 1017,
"keyword": "atomic formulas"},
-{"id": 1006,
+{"id": 1018,
"keyword": "folder listinf"},
-{"id": 1007,
+{"id": 1019,
"keyword": "continuum hypothesis"},
-{"id": 1008,
+{"id": 1020,
"keyword": "execute programs"},
-{"id": 1009,
+{"id": 1021,
"keyword": "old_datatype command"},
-{"id": 1010,
+{"id": 1022,
"keyword": "formal laurent series"},
-{"id": 1011,
-"keyword": "conditional expectation"},
-{"id": 1012,
-"keyword": "latin rectangle"},
-{"id": 1013,
-"keyword": "composite objects"},
-{"id": 1014,
-"keyword": "application scenarios"},
-{"id": 1015,
-"keyword": "isar proof"},
-{"id": 1016,
-"keyword": "stuttering equivalent"},
-{"id": 1017,
-"keyword": "qualitative temporal representation"},
-{"id": 1018,
-"keyword": "concrete program satisfies"},
-{"id": 1019,
-"keyword": "vstte paper"},
-{"id": 1020,
-"keyword": "regular identities"},
-{"id": 1021,
-"keyword": "original linear program"},
-{"id": 1022,
-"keyword": "natural deduction"},
{"id": 1023,
-"keyword": "designated root vertex"},
+"keyword": "conditional expectation"},
{"id": 1024,
-"keyword": "van emde boas tree"},
+"keyword": "latin rectangle"},
{"id": 1025,
-"keyword": "sylow p-subgroups"},
+"keyword": "composite objects"},
{"id": 1026,
-"keyword": "small classes"},
+"keyword": "application scenarios"},
{"id": 1027,
-"keyword": "hermite normal form"},
+"keyword": "isar proof"},
{"id": 1028,
-"keyword": "switching conveniently"},
+"keyword": "stuttering equivalent"},
{"id": 1029,
-"keyword": "vdm-reminiscent partial-correctness specifications"},
+"keyword": "qualitative temporal representation"},
{"id": 1030,
-"keyword": "bounded basic pseudo-hoops"},
+"keyword": "concrete program satisfies"},
{"id": 1031,
-"keyword": "region boundaries explicitly"},
+"keyword": "vstte paper"},
{"id": 1032,
-"keyword": "georges-louis leclerc"},
+"keyword": "regular identities"},
{"id": 1033,
-"keyword": "maximize reuse"},
+"keyword": "original linear program"},
{"id": 1034,
-"keyword": "mac lane"},
+"keyword": "natural deduction"},
{"id": 1035,
-"keyword": "divergence kleene algebras"},
+"keyword": "designated root vertex"},
{"id": 1036,
-"keyword": "nominal style"},
+"keyword": "van emde boas tree"},
{"id": 1037,
-"keyword": "lattice ordered groups"},
+"keyword": "sylow p-subgroups"},
{"id": 1038,
-"keyword": "expected number"},
+"keyword": "small classes"},
{"id": 1039,
+"keyword": "hermite normal form"},
+{"id": 1040,
+"keyword": "switching conveniently"},
+{"id": 1041,
+"keyword": "vdm-reminiscent partial-correctness specifications"},
+{"id": 1042,
+"keyword": "bounded basic pseudo-hoops"},
+{"id": 1043,
+"keyword": "region boundaries explicitly"},
+{"id": 1044,
+"keyword": "georges-louis leclerc"},
+{"id": 1045,
+"keyword": "maximize reuse"},
+{"id": 1046,
+"keyword": "mac lane"},
+{"id": 1047,
+"keyword": "divergence kleene algebras"},
+{"id": 1048,
+"keyword": "nominal style"},
+{"id": 1049,
+"keyword": "lattice ordered groups"},
+{"id": 1050,
+"keyword": "expected number"},
+{"id": 1051,
"keyword": "remainder terms"},
-{"id": 1040,
+{"id": 1052,
"keyword": "preliminaries chapter"},
-{"id": 1041,
+{"id": 1053,
"keyword": "confidentiality properties refer"},
-{"id": 1042,
+{"id": 1054,
"keyword": "executable type inference algorithm"},
-{"id": 1043,
+{"id": 1055,
"keyword": "infinitary version"},
-{"id": 1044,
+{"id": 1056,
"keyword": "state-space construction"},
-{"id": 1045,
+{"id": 1057,
"keyword": "maximal consistent set"},
-{"id": 1046,
+{"id": 1058,
"keyword": "software framework"},
-{"id": 1047,
+{"id": 1059,
"keyword": "filled rows"},
-{"id": 1048,
+{"id": 1060,
"keyword": "magic wand"},
-{"id": 1049,
+{"id": 1061,
"keyword": "choices"},
-{"id": 1050,
+{"id": 1062,
"keyword": "bernoulli numbers"},
-{"id": 1051,
+{"id": 1063,
"keyword": "weak conjunction operator"},
-{"id": 1052,
+{"id": 1064,
"keyword": "called llist_topology"},
-{"id": 1053,
+{"id": 1065,
"keyword": "lockstep models"},
-{"id": 1054,
+{"id": 1066,
"keyword": "type system restrictions"},
-{"id": 1055,
+{"id": 1067,
"keyword": "indistinguishable security"},
-{"id": 1056,
+{"id": 1068,
"keyword": "artificial intelligence"},
-{"id": 1057,
+{"id": 1069,
"keyword": "standard approach"},
-{"id": 1058,
+{"id": 1070,
"keyword": "derived proof rules"},
-{"id": 1059,
+{"id": 1071,
"keyword": "mathematical components"},
-{"id": 1060,
+{"id": 1072,
"keyword": "multiset-comparison problems"},
-{"id": 1061,
+{"id": 1073,
"keyword": "linear pass homomorphic application"},
-{"id": 1062,
+{"id": 1074,
"keyword": "planning tasks language"},
-{"id": 1063,
+{"id": 1075,
"keyword": "dfs algorithm"},
-{"id": 1064,
+{"id": 1076,
"keyword": "arbitrary linearly-ordered integrity domains"},
-{"id": 1065,
+{"id": 1077,
"keyword": "smith normal form"},
-{"id": 1066,
+{"id": 1078,
"keyword": "predicate identifies"},
-{"id": 1067,
+{"id": 1079,
"keyword": "reasoning stays"},
-{"id": 1068,
+{"id": 1080,
"keyword": "reducible control flow graph"},
-{"id": 1069,
+{"id": 1081,
"keyword": "discrete category"},
-{"id": 1070,
+{"id": 1082,
"keyword": "present work"},
-{"id": 1071,
+{"id": 1083,
"keyword": "omnipresent foundational errors"},
-{"id": 1072,
+{"id": 1084,
"keyword": "functional correctness"},
-{"id": 1073,
+{"id": 1085,
"keyword": "individual program behaviours"},
-{"id": 1074,
+{"id": 1086,
"keyword": "common special case"},
-{"id": 1075,
+{"id": 1087,
"keyword": "afp entry dom_components"},
-{"id": 1076,
+{"id": 1088,
"keyword": "matryoshka website"},
-{"id": 1077,
+{"id": 1089,
"keyword": "mansky"},
-{"id": 1078,
+{"id": 1090,
"keyword": "seminal paper natural semantics"},
-{"id": 1079,
+{"id": 1091,
"keyword": "bytecode logic"},
-{"id": 1080,
+{"id": 1092,
"keyword": "accommodates partial functions"},
-{"id": 1081,
+{"id": 1093,
"keyword": "recursive datatype"},
-{"id": 1082,
+{"id": 1094,
"keyword": "channel protocols"},
-{"id": 1083,
+{"id": 1095,
"keyword": "locale eval lowbar"},
-{"id": 1084,
+{"id": 1096,
"keyword": "hand-written theory files"},
-{"id": 1085,
+{"id": 1097,
"keyword": "partial herbrand interpretations"},
-{"id": 1086,
+{"id": 1098,
"keyword": "formally verified model"},
-{"id": 1087,
+{"id": 1099,
"keyword": "deletion condition"},
-{"id": 1088,
+{"id": 1100,
"keyword": "weak bisimilarity"},
-{"id": 1089,
+{"id": 1101,
"keyword": "security unwinding technique"},
-{"id": 1090,
+{"id": 1102,
"keyword": "negative real parts"},
-{"id": 1091,
+{"id": 1103,
"keyword": "linear real arithmetic"},
-{"id": 1092,
+{"id": 1104,
"keyword": "implicit reasoning steps"},
-{"id": 1093,
+{"id": 1105,
"keyword": "iterative versions"},
-{"id": 1094,
+{"id": 1106,
"keyword": "ab leq int_0"},
-{"id": 1095,
-"keyword": "isoscele triangles"},
-{"id": 1096,
-"keyword": "euler ndash"},
-{"id": 1097,
-"keyword": "afp entry bnf operations"},
-{"id": 1098,
-"keyword": "verified virtual machines"},
-{"id": 1099,
-"keyword": "general infinite processes"},
-{"id": 1100,
-"keyword": "internal representation"},
-{"id": 1101,
-"keyword": "concurrent programs"},
-{"id": 1102,
-"keyword": "generalized noninterference security"},
-{"id": 1103,
-"keyword": "varphi_i vee mathbf"},
-{"id": 1104,
-"keyword": "purely logical result yielding"},
-{"id": 1105,
-"keyword": "shallow semantical embeddings"},
-{"id": 1106,
-"keyword": "security statements"},
{"id": 1107,
-"keyword": "euler-maclaurin formula relates"},
+"keyword": "bernays-tarski axiom system"},
{"id": 1108,
-"keyword": "hol library"},
+"keyword": "isoscele triangles"},
{"id": 1109,
-"keyword": "recursive enumerability"},
+"keyword": "euler ndash"},
{"id": 1110,
-"keyword": "quantum programs"},
+"keyword": "afp entry bnf operations"},
{"id": 1111,
-"keyword": "shallow embedding"},
+"keyword": "verified virtual machines"},
{"id": 1112,
-"keyword": "safety policy"},
+"keyword": "general infinite processes"},
{"id": 1113,
-"keyword": "wider scope"},
+"keyword": "internal representation"},
{"id": 1114,
-"keyword": "basic classical properties"},
+"keyword": "concurrent programs"},
{"id": 1115,
-"keyword": "concurrent reads"},
+"keyword": "generalized noninterference security"},
{"id": 1116,
-"keyword": "symbolic execution"},
+"keyword": "varphi_i vee mathbf"},
{"id": 1117,
-"keyword": "message anonymity"},
+"keyword": "purely logical result yielding"},
{"id": 1118,
-"keyword": "epistemic logic theory"},
+"keyword": "shallow semantical embeddings"},
{"id": 1119,
-"keyword": "detailed apply scripts"},
+"keyword": "security statements"},
{"id": 1120,
-"keyword": "preliminary evaluations"},
+"keyword": "euler-maclaurin formula relates"},
{"id": 1121,
-"keyword": "algebraic number executable"},
+"keyword": "hol library"},
{"id": 1122,
-"keyword": "correspondence theorem"},
+"keyword": "recursive enumerability"},
{"id": 1123,
+"keyword": "quantum programs"},
+{"id": 1124,
+"keyword": "shallow embedding"},
+{"id": 1125,
+"keyword": "safety policy"},
+{"id": 1126,
+"keyword": "wider scope"},
+{"id": 1127,
+"keyword": "basic classical properties"},
+{"id": 1128,
+"keyword": "sufficient criterion"},
+{"id": 1129,
+"keyword": "concurrent reads"},
+{"id": 1130,
+"keyword": "symbolic execution"},
+{"id": 1131,
+"keyword": "message anonymity"},
+{"id": 1132,
+"keyword": "epistemic logic theory"},
+{"id": 1133,
+"keyword": "detailed apply scripts"},
+{"id": 1134,
+"keyword": "preliminary evaluations"},
+{"id": 1135,
+"keyword": "algebraic number executable"},
+{"id": 1136,
+"keyword": "correspondence theorem"},
+{"id": 1137,
"keyword": "von neumann measurements"},
-{"id": 1124,
+{"id": 1138,
"keyword": "interesting case study"},
-{"id": 1125,
+{"id": 1139,
"keyword": "compiler correctness proof shorter"},
-{"id": 1126,
+{"id": 1140,
"keyword": "tolerate faults"},
-{"id": 1127,
+{"id": 1141,
"keyword": "morally questionable"},
-{"id": 1128,
+{"id": 1142,
"keyword": "gromov boundary"},
-{"id": 1129,
+{"id": 1143,
"keyword": "slicing based"},
-{"id": 1130,
+{"id": 1144,
"keyword": "interactive visual theorem prover"},
-{"id": 1131,
+{"id": 1145,
"keyword": "hol-algebra library"},
-{"id": 1132,
+{"id": 1146,
"keyword": "functional program"},
-{"id": 1133,
+{"id": 1147,
"keyword": "decision procedure toolkit"},
-{"id": 1134,
+{"id": 1148,
"keyword": "coordination"},
-{"id": 1135,
-"keyword": "trace set process"},
-{"id": 1136,
-"keyword": "standard textbook version"},
-{"id": 1137,
-"keyword": "timed automata"},
-{"id": 1138,
-"keyword": "lsfa 2020 paper"},
-{"id": 1139,
-"keyword": "data refinement framework"},
-{"id": 1140,
-"keyword": "non-terminating executions"},
-{"id": 1141,
-"keyword": "bius transformations"},
-{"id": 1142,
-"keyword": "register refers"},
-{"id": 1143,
-"keyword": "reactive systems"},
-{"id": 1144,
-"keyword": "connecting algebraic varieties"},
-{"id": 1145,
-"keyword": "algorithm meets schneider"},
-{"id": 1146,
-"keyword": "successfully formalising"},
-{"id": 1147,
-"keyword": "specialized sliding window algorithm"},
-{"id": 1148,
-"keyword": "stuttering invariance central"},
{"id": 1149,
-"keyword": "arbitrary data"},
+"keyword": "trace set process"},
{"id": 1150,
-"keyword": "obtain liouville numbers"},
+"keyword": "standard textbook version"},
{"id": 1151,
-"keyword": "tree boundaries set"},
+"keyword": "timed automata"},
{"id": 1152,
-"keyword": "key agreement protocols"},
+"keyword": "lsfa 2020 paper"},
{"id": 1153,
-"keyword": "recovering structure"},
+"keyword": "data refinement framework"},
{"id": 1154,
-"keyword": "active research topic"},
+"keyword": "non-terminating executions"},
{"id": 1155,
-"keyword": "proof rules indexed"},
+"keyword": "bius transformations"},
{"id": 1156,
-"keyword": "algorithm tolerates"},
+"keyword": "register refers"},
{"id": 1157,
-"keyword": "measuring angles"},
+"keyword": "reactive systems"},
{"id": 1158,
-"keyword": "empty bst"},
+"keyword": "connecting algebraic varieties"},
{"id": 1159,
-"keyword": "reusing facts"},
+"keyword": "algorithm meets schneider"},
{"id": 1160,
-"keyword": "remainder sequences"},
+"keyword": "successfully formalising"},
{"id": 1161,
-"keyword": "fully-featured compositional framework"},
+"keyword": "specialized sliding window algorithm"},
{"id": 1162,
-"keyword": "order extension"},
+"keyword": "stuttering invariance central"},
{"id": 1163,
-"keyword": "practical purposes"},
+"keyword": "arbitrary data"},
{"id": 1164,
-"keyword": "dynamically typed programming languages"},
+"keyword": "obtain liouville numbers"},
{"id": 1165,
-"keyword": "matrix equation"},
+"keyword": "tree boundaries set"},
{"id": 1166,
-"keyword": "substitute hybrid games"},
+"keyword": "key agreement protocols"},
{"id": 1167,
-"keyword": "transition system"},
+"keyword": "recovering structure"},
{"id": 1168,
-"keyword": "quantified modal logic kb"},
+"keyword": "active research topic"},
{"id": 1169,
-"keyword": "sorts objects"},
+"keyword": "proof rules indexed"},
{"id": 1170,
-"keyword": "certified factorization algorithm"},
+"keyword": "algorithm tolerates"},
{"id": 1171,
-"keyword": "systems communication"},
+"keyword": "measuring angles"},
{"id": 1172,
-"keyword": "framing conditions"},
+"keyword": "empty bst"},
{"id": 1173,
-"keyword": "completeness"},
+"keyword": "reusing facts"},
{"id": 1174,
-"keyword": "astronomically huge"},
+"keyword": "remainder sequences"},
{"id": 1175,
-"keyword": "finitely generated polynomial ideals"},
+"keyword": "fully-featured compositional framework"},
{"id": 1176,
+"keyword": "order extension"},
+{"id": 1177,
+"keyword": "practical purposes"},
+{"id": 1178,
+"keyword": "dynamically typed programming languages"},
+{"id": 1179,
+"keyword": "matrix equation"},
+{"id": 1180,
+"keyword": "substitute hybrid games"},
+{"id": 1181,
+"keyword": "transition system"},
+{"id": 1182,
+"keyword": "quantified modal logic kb"},
+{"id": 1183,
+"keyword": "sorts objects"},
+{"id": 1184,
+"keyword": "certified factorization algorithm"},
+{"id": 1185,
+"keyword": "systems communication"},
+{"id": 1186,
+"keyword": "framing conditions"},
+{"id": 1187,
+"keyword": "completeness"},
+{"id": 1188,
+"keyword": "astronomically huge"},
+{"id": 1189,
+"keyword": "finitely generated polynomial ideals"},
+{"id": 1190,
"keyword": "transitive closure bypasses matrices"},
-{"id": 1177,
+{"id": 1191,
"keyword": "expected accuracy"},
-{"id": 1178,
+{"id": 1192,
"keyword": "rado"},
-{"id": 1179,
+{"id": 1193,
"keyword": "strong local confluence"},
-{"id": 1180,
+{"id": 1194,
"keyword": "3rd edition"},
-{"id": 1181,
+{"id": 1195,
"keyword": "sch15 anders schlichtkrull"},
-{"id": 1182,
+{"id": 1196,
"keyword": "hoc on-demand distance vector"},
-{"id": 1183,
+{"id": 1197,
"keyword": "expected properties"},
-{"id": 1184,
+{"id": 1198,
"keyword": "longer guaranteed"},
-{"id": 1185,
+{"id": 1199,
"keyword": "realistic virtual machine"},
-{"id": 1186,
+{"id": 1200,
"keyword": "developing security protocols"},
-{"id": 1187,
+{"id": 1201,
"keyword": "call root-balanced trees"},
-{"id": 1188,
+{"id": 1202,
"keyword": "algebraic numbers beta_1"},
-{"id": 1189,
+{"id": 1203,
"keyword": "function eval"},
-{"id": 1190,
+{"id": 1204,
"keyword": "floating-point numbers"},
-{"id": 1191,
+{"id": 1205,
"keyword": "price vickrey auction"},
-{"id": 1192,
+{"id": 1206,
"keyword": "classical hoare"},
-{"id": 1193,
+{"id": 1207,
"keyword": "running average"},
-{"id": 1194,
+{"id": 1208,
"keyword": "james margetson"},
-{"id": 1195,
+{"id": 1209,
"keyword": "dedicated vertices"},
-{"id": 1196,
+{"id": 1210,
"keyword": "hereditarily finite"},
-{"id": 1197,
+{"id": 1211,
"keyword": "lemma"},
-{"id": 1198,
-"keyword": "verify axioms"},
-{"id": 1199,
-"keyword": "time events"},
-{"id": 1200,
-"keyword": "piecewise continuous functions"},
-{"id": 1201,
-"keyword": "feature dependent types"},
-{"id": 1202,
-"keyword": "worst-case optimal multiway-join algorithms"},
-{"id": 1203,
-"keyword": "treated abstractly"},
-{"id": 1204,
-"keyword": "omega operation"},
-{"id": 1205,
-"keyword": "theory fair-stream"},
-{"id": 1206,
-"keyword": "independent random variables"},
-{"id": 1207,
-"keyword": "terms algebraically"},
-{"id": 1208,
-"keyword": "nested binary joins"},
-{"id": 1209,
-"keyword": "fin"},
-{"id": 1210,
-"keyword": "yosuke-ito-345 actuary"},
-{"id": 1211,
-"keyword": "directly executable program"},
{"id": 1212,
-"keyword": "algebraic hierarchy"},
+"keyword": "verify axioms"},
{"id": 1213,
-"keyword": "sufficiently large"},
+"keyword": "time events"},
{"id": 1214,
-"keyword": "enhanced confidence"},
+"keyword": "piecewise continuous functions"},
{"id": 1215,
-"keyword": "resulting automaton"},
+"keyword": "feature dependent types"},
{"id": 1216,
-"keyword": "kleene algebra hierarchy"},
+"keyword": "worst-case optimal multiway-join algorithms"},
{"id": 1217,
-"keyword": "periodicity lemma"},
+"keyword": "treated abstractly"},
{"id": 1218,
-"keyword": "article added material"},
+"keyword": "omega operation"},
{"id": 1219,
-"keyword": "infinite polynomial"},
+"keyword": "theory fair-stream"},
{"id": 1220,
-"keyword": "runtime faults"},
+"keyword": "independent random variables"},
{"id": 1221,
-"keyword": "abstract property"},
+"keyword": "terms algebraically"},
{"id": 1222,
-"keyword": "function definitions"},
+"keyword": "nested binary joins"},
{"id": 1223,
-"keyword": "standard transfinite kbo"},
+"keyword": "fin"},
{"id": 1224,
-"keyword": "secure stateful implementation"},
+"keyword": "yosuke-ito-345 actuary"},
{"id": 1225,
-"keyword": "adjoint functors preserve limits"},
+"keyword": "directly executable program"},
{"id": 1226,
-"keyword": "sub-probability mass functions"},
+"keyword": "algebraic hierarchy"},
{"id": 1227,
-"keyword": "linear time"},
+"keyword": "sufficiently large"},
{"id": 1228,
-"keyword": "purely syntactic criteria"},
+"keyword": "enhanced confidence"},
{"id": 1229,
-"keyword": "mechanically verifying algorithms"},
+"keyword": "resulting automaton"},
{"id": 1230,
-"keyword": "non-strict computations"},
+"keyword": "kleene algebra hierarchy"},
{"id": 1231,
-"keyword": "derive proofs"},
+"keyword": "periodicity lemma"},
{"id": 1232,
-"keyword": "expressive power"},
+"keyword": "article added material"},
{"id": 1233,
-"keyword": "textbook presentation"},
+"keyword": "infinite polynomial"},
{"id": 1234,
-"keyword": "io monad"},
+"keyword": "runtime faults"},
{"id": 1235,
-"keyword": "common language features"},
+"keyword": "abstract property"},
{"id": 1236,
-"keyword": "mutually recursive procedures"},
+"keyword": "function definitions"},
{"id": 1237,
-"keyword": "intervals"},
+"keyword": "standard transfinite kbo"},
{"id": 1238,
-"keyword": "defensive strategies exist"},
+"keyword": "secure stateful implementation"},
{"id": 1239,
-"keyword": "ordinal arithmetic"},
+"keyword": "adjoint functors preserve limits"},
{"id": 1240,
-"keyword": "security protocols based"},
+"keyword": "sub-probability mass functions"},
{"id": 1241,
-"keyword": "cryptographically secure proof"},
+"keyword": "linear time"},
{"id": 1242,
-"keyword": "domain theory"},
+"keyword": "purely syntactic criteria"},
{"id": 1243,
-"keyword": "class models"},
+"keyword": "mechanically verifying algorithms"},
{"id": 1244,
-"keyword": "fully automated methods"},
+"keyword": "non-strict computations"},
{"id": 1245,
-"keyword": "current formalization"},
+"keyword": "derive proofs"},
{"id": 1246,
-"keyword": "formalisation presents"},
+"keyword": "expressive power"},
{"id": 1247,
-"keyword": "contradicts consensus"},
+"keyword": "textbook presentation"},
{"id": 1248,
-"keyword": "group divisible designs"},
+"keyword": "io monad"},
{"id": 1249,
+"keyword": "common language features"},
+{"id": 1250,
+"keyword": "mutually recursive procedures"},
+{"id": 1251,
+"keyword": "intervals"},
+{"id": 1252,
+"keyword": "defensive strategies exist"},
+{"id": 1253,
+"keyword": "ordinal arithmetic"},
+{"id": 1254,
+"keyword": "security protocols based"},
+{"id": 1255,
+"keyword": "cryptographically secure proof"},
+{"id": 1256,
+"keyword": "domain theory"},
+{"id": 1257,
+"keyword": "class models"},
+{"id": 1258,
+"keyword": "fully automated methods"},
+{"id": 1259,
+"keyword": "current formalization"},
+{"id": 1260,
+"keyword": "formalisation presents"},
+{"id": 1261,
+"keyword": "contradicts consensus"},
+{"id": 1262,
+"keyword": "classical implicational logic"},
+{"id": 1263,
+"keyword": "group divisible designs"},
+{"id": 1264,
"keyword": "self-contained specification"},
-{"id": 1250,
+{"id": 1265,
"keyword": "successor search"},
-{"id": 1251,
+{"id": 1266,
"keyword": "full details"},
-{"id": 1252,
+{"id": 1267,
"keyword": "standard redundancy criterion"},
-{"id": 1253,
+{"id": 1268,
"keyword": "algebraic geometry"},
-{"id": 1254,
+{"id": 1269,
"keyword": "material decribed"},
-{"id": 1255,
+{"id": 1270,
"keyword": "abstract rewrite system"},
-{"id": 1256,
+{"id": 1271,
"keyword": "recursive function operates"},
-{"id": 1257,
+{"id": 1272,
"keyword": "sequential compactness"},
-{"id": 1258,
+{"id": 1273,
"keyword": "core part"},
-{"id": 1259,
+{"id": 1274,
"keyword": "w_i a_i"},
-{"id": 1260,
-"keyword": "operations run"},
-{"id": 1261,
-"keyword": "interpreting intensional type systems"},
-{"id": 1262,
-"keyword": "lexicographic algorithm incorporating"},
-{"id": 1263,
-"keyword": "llists"},
-{"id": 1264,
-"keyword": "success probability grows exponentially"},
-{"id": 1265,
-"keyword": "generate"},
-{"id": 1266,
-"keyword": "34th ifip international conference"},
-{"id": 1267,
-"keyword": "abstract academic models"},
-{"id": 1268,
-"keyword": "notably poicar recurrence theorem"},
-{"id": 1269,
-"keyword": "relevant definitions"},
-{"id": 1270,
-"keyword": "refinement steps"},
-{"id": 1271,
-"keyword": "time polynomial"},
-{"id": 1272,
-"keyword": "skip lists consists"},
-{"id": 1273,
-"keyword": "stream versions"},
-{"id": 1274,
-"keyword": "update constant pattern"},
{"id": 1275,
-"keyword": "small-step operational semantics"},
+"keyword": "operations run"},
{"id": 1276,
-"keyword": "set partitions"},
+"keyword": "interpreting intensional type systems"},
{"id": 1277,
-"keyword": "explicit construction"},
+"keyword": "retain key properties"},
{"id": 1278,
-"keyword": "mechanised proofs offermat"},
+"keyword": "lexicographic algorithm incorporating"},
{"id": 1279,
-"keyword": "concurrent sub-models"},
+"keyword": "llists"},
{"id": 1280,
-"keyword": "parallel branches"},
+"keyword": "success probability grows exponentially"},
{"id": 1281,
-"keyword": "cubic equations"},
+"keyword": "generate"},
{"id": 1282,
-"keyword": "computably enumerable sets"},
+"keyword": "34th ifip international conference"},
{"id": 1283,
-"keyword": "machine-verifiable proof certificates"},
+"keyword": "abstract academic models"},
{"id": 1284,
-"keyword": "simple language"},
+"keyword": "notably poicar recurrence theorem"},
{"id": 1285,
-"keyword": "poincar -bendixson theorem"},
+"keyword": "relevant definitions"},
{"id": 1286,
-"keyword": "relevant material"},
+"keyword": "refinement steps"},
{"id": 1287,
-"keyword": "efficient data structures"},
+"keyword": "time polynomial"},
{"id": 1288,
-"keyword": "extended real line"},
+"keyword": "skip lists consists"},
{"id": 1289,
-"keyword": "sunflower lemma"},
+"keyword": "stream versions"},
{"id": 1290,
-"keyword": "intransitive policy"},
+"keyword": "update constant pattern"},
{"id": 1291,
+"keyword": "small-step operational semantics"},
+{"id": 1292,
+"keyword": "set partitions"},
+{"id": 1293,
+"keyword": "explicit construction"},
+{"id": 1294,
+"keyword": "mechanised proofs offermat"},
+{"id": 1295,
+"keyword": "concurrent sub-models"},
+{"id": 1296,
+"keyword": "parallel branches"},
+{"id": 1297,
+"keyword": "cubic equations"},
+{"id": 1298,
+"keyword": "computably enumerable sets"},
+{"id": 1299,
+"keyword": "machine-verifiable proof certificates"},
+{"id": 1300,
+"keyword": "simple language"},
+{"id": 1301,
+"keyword": "poincar -bendixson theorem"},
+{"id": 1302,
+"keyword": "relevant material"},
+{"id": 1303,
+"keyword": "efficient data structures"},
+{"id": 1304,
+"keyword": "extended real line"},
+{"id": 1305,
+"keyword": "sunflower lemma"},
+{"id": 1306,
+"keyword": "intransitive policy"},
+{"id": 1307,
"keyword": "universal property"},
-{"id": 1292,
+{"id": 1308,
"keyword": "algebraically closed field"},
-{"id": 1293,
+{"id": 1309,
"keyword": "larger memory"},
-{"id": 1294,
+{"id": 1310,
"keyword": "program verification environment"},
-{"id": 1295,
+{"id": 1311,
"keyword": "basic modal logics"},
-{"id": 1296,
+{"id": 1312,
"keyword": "nested multisets"},
-{"id": 1297,
+{"id": 1313,
"keyword": "concrete mathematics"},
-{"id": 1298,
+{"id": 1314,
"keyword": "safe ocl distincts nullable"},
-{"id": 1299,
+{"id": 1315,
"keyword": "ramsey"},
-{"id": 1300,
+{"id": 1316,
"keyword": "thy -files"},
-{"id": 1301,
-"keyword": "deterministic processes"},
-{"id": 1302,
-"keyword": "logarithmic expected time"},
-{"id": 1303,
-"keyword": "generic work-list algorithm"},
-{"id": 1304,
-"keyword": "theorems related"},
-{"id": 1305,
-"keyword": "generic type class implementation"},
-{"id": 1306,
-"keyword": "subtle behaviors"},
-{"id": 1307,
-"keyword": "set construction"},
-{"id": 1308,
-"keyword": "asymptotic growth approximation"},
-{"id": 1309,
-"keyword": "well-order relation"},
-{"id": 1310,
-"keyword": "encryption schemes"},
-{"id": 1311,
-"keyword": "ipv6 addresses"},
-{"id": 1312,
-"keyword": "trusted base"},
-{"id": 1313,
-"keyword": "identifying finite-dimensional operators"},
-{"id": 1314,
-"keyword": "restricted schedules"},
-{"id": 1315,
-"keyword": "fabian immler"},
-{"id": 1316,
-"keyword": "count real roots"},
{"id": 1317,
-"keyword": "abstract data structures"},
+"keyword": "deterministic processes"},
{"id": 1318,
-"keyword": "policy decision function"},
+"keyword": "logarithmic expected time"},
{"id": 1319,
-"keyword": "solutions based"},
+"keyword": "generic work-list algorithm"},
{"id": 1320,
-"keyword": "produce labeled subgoals"},
+"keyword": "theorems related"},
{"id": 1321,
-"keyword": "quadratic virtual substitution"},
+"keyword": "generic type class implementation"},
{"id": 1322,
-"keyword": "partial translation"},
+"keyword": "subtle behaviors"},
{"id": 1323,
-"keyword": "tedious proofs"},
+"keyword": "set construction"},
{"id": 1324,
-"keyword": "jordan decomposition theorem"},
+"keyword": "asymptotic growth approximation"},
{"id": 1325,
-"keyword": "algorithm decodes correctly"},
+"keyword": "well-order relation"},
{"id": 1326,
-"keyword": "support tostring functions"},
+"keyword": "encryption schemes"},
{"id": 1327,
-"keyword": "underlying concepts"},
+"keyword": "ipv6 addresses"},
{"id": 1328,
-"keyword": "defining web components"},
+"keyword": "trusted base"},
{"id": 1329,
-"keyword": "financial theory"},
+"keyword": "identifying finite-dimensional operators"},
{"id": 1330,
-"keyword": "self-adjusting binary search trees"},
+"keyword": "restricted schedules"},
{"id": 1331,
-"keyword": "code generation facility"},
+"keyword": "fabian immler"},
{"id": 1332,
-"keyword": "carefully crafted"},
+"keyword": "count real roots"},
{"id": 1333,
-"keyword": "topological space generated"},
+"keyword": "abstract data structures"},
{"id": 1334,
-"keyword": "proving functional correctness"},
+"keyword": "policy decision function"},
{"id": 1335,
-"keyword": "original design"},
+"keyword": "solutions based"},
{"id": 1336,
-"keyword": "squares problem"},
+"keyword": "produce labeled subgoals"},
{"id": 1337,
-"keyword": "formal reasoning"},
+"keyword": "quadratic virtual substitution"},
{"id": 1338,
-"keyword": "temporal logic operators"},
+"keyword": "partial translation"},
{"id": 1339,
-"keyword": "quadratic real arithmetic"},
+"keyword": "tedious proofs"},
{"id": 1340,
-"keyword": "rank nullity theorem entry"},
+"keyword": "jordan decomposition theorem"},
{"id": 1341,
-"keyword": "pairwise commuting matrices"},
+"keyword": "algorithm decodes correctly"},
{"id": 1342,
-"keyword": "requires precise statements"},
+"keyword": "support tostring functions"},
{"id": 1343,
-"keyword": "linear size"},
+"keyword": "underlying concepts"},
{"id": 1344,
+"keyword": "defining web components"},
+{"id": 1345,
+"keyword": "financial theory"},
+{"id": 1346,
+"keyword": "self-adjusting binary search trees"},
+{"id": 1347,
+"keyword": "code generation facility"},
+{"id": 1348,
+"keyword": "carefully crafted"},
+{"id": 1349,
+"keyword": "topological space generated"},
+{"id": 1350,
+"keyword": "proving functional correctness"},
+{"id": 1351,
+"keyword": "original design"},
+{"id": 1352,
+"keyword": "squares problem"},
+{"id": 1353,
+"keyword": "formal reasoning"},
+{"id": 1354,
+"keyword": "temporal logic operators"},
+{"id": 1355,
+"keyword": "quadratic real arithmetic"},
+{"id": 1356,
+"keyword": "rank nullity theorem entry"},
+{"id": 1357,
+"keyword": "pairwise commuting matrices"},
+{"id": 1358,
+"keyword": "requires precise statements"},
+{"id": 1359,
+"keyword": "linear size"},
+{"id": 1360,
"keyword": "bird tree"},
-{"id": 1345,
+{"id": 1361,
"keyword": "series consisting"},
-{"id": 1346,
+{"id": 1362,
"keyword": "pdf"},
-{"id": 1347,
+{"id": 1363,
"keyword": "standard arithmetic"},
-{"id": 1348,
+{"id": 1364,
"keyword": "executable function eval"},
-{"id": 1349,
+{"id": 1365,
"keyword": "extensible record package"},
-{"id": 1350,
+{"id": 1366,
"keyword": "data secrecy"},
-{"id": 1351,
+{"id": 1367,
"keyword": "model checking"},
-{"id": 1352,
+{"id": 1368,
"keyword": "publication tphols 2009"},
-{"id": 1353,
+{"id": 1369,
"keyword": "additional control flow analysis"},
-{"id": 1354,
+{"id": 1370,
"keyword": "hermite-lindemann-weierstra theorem"},
-{"id": 1355,
+{"id": 1371,
"keyword": "ocl type system"},
-{"id": 1356,
+{"id": 1372,
"keyword": "x_1 exists"},
-{"id": 1357,
+{"id": 1373,
"keyword": "formalization consists"},
-{"id": 1358,
+{"id": 1374,
"keyword": "modal relational type theory"},
-{"id": 1359,
+{"id": 1375,
+"keyword": "szl kalm"},
+{"id": 1376,
"keyword": "significant gain"},
-{"id": 1360,
+{"id": 1377,
"keyword": "separation logic assertion"},
-{"id": 1361,
+{"id": 1378,
"keyword": "shallowly embed"},
-{"id": 1362,
+{"id": 1379,
"keyword": "specially well-"},
-{"id": 1363,
-"keyword": "random systems"},
-{"id": 1364,
-"keyword": "perron ndash"},
-{"id": 1365,
-"keyword": "unified approximation order"},
-{"id": 1366,
-"keyword": "structures"},
-{"id": 1367,
-"keyword": "building high-performance multiprocessor software"},
-{"id": 1368,
-"keyword": "foundational assumptions"},
-{"id": 1369,
-"keyword": "cute puzzles"},
-{"id": 1370,
-"keyword": "relation algebras extended"},
-{"id": 1371,
-"keyword": "originally expressed"},
-{"id": 1372,
-"keyword": "frobenius theorem"},
-{"id": 1373,
-"keyword": "space complexity"},
-{"id": 1374,
-"keyword": "infinite series built"},
-{"id": 1375,
-"keyword": "previous algorithms"},
-{"id": 1376,
-"keyword": "abstract algorithm working"},
-{"id": 1377,
-"keyword": "main premise"},
-{"id": 1378,
-"keyword": "deciding relative safety"},
-{"id": 1379,
-"keyword": "spatially-separated views"},
{"id": 1380,
-"keyword": "list update algorithms"},
+"keyword": "random systems"},
{"id": 1381,
-"keyword": "single nodes"},
+"keyword": "perron ndash"},
{"id": 1382,
-"keyword": "fourier series"},
+"keyword": "unified approximation order"},
{"id": 1383,
-"keyword": "file write"},
+"keyword": "structures"},
{"id": 1384,
-"keyword": "adapted versions"},
+"keyword": "building high-performance multiprocessor software"},
{"id": 1385,
-"keyword": "magic wand assertion"},
+"keyword": "foundational assumptions"},
{"id": 1386,
-"keyword": "adequacy proof"},
+"keyword": "cute puzzles"},
{"id": 1387,
-"keyword": "sd-strategy- proofness"},
+"keyword": "relation algebras extended"},
{"id": 1388,
-"keyword": "dual incidence systems"},
+"keyword": "originally expressed"},
{"id": 1389,
-"keyword": "primitive pythagorean triples"},
+"keyword": "frobenius theorem"},
{"id": 1390,
-"keyword": "akra-bazzi method based"},
+"keyword": "space complexity"},
{"id": 1391,
-"keyword": "important properties"},
+"keyword": "infinite series built"},
{"id": 1392,
-"keyword": "unique irreducible factors"},
+"keyword": "previous algorithms"},
{"id": 1393,
-"keyword": "outgoing edges"},
+"keyword": "abstract algorithm working"},
{"id": 1394,
-"keyword": "target imperative hol"},
+"keyword": "main premise"},
{"id": 1395,
-"keyword": "efficiently executable"},
+"keyword": "deciding relative safety"},
{"id": 1396,
-"keyword": "lifting operation"},
+"keyword": "spatially-separated views"},
{"id": 1397,
-"keyword": "lens algebra"},
+"keyword": "list update algorithms"},
{"id": 1398,
-"keyword": "agm operators"},
+"keyword": "single nodes"},
{"id": 1399,
-"keyword": "book"},
+"keyword": "fourier series"},
{"id": 1400,
-"keyword": "behaviour structure"},
+"keyword": "file write"},
{"id": 1401,
-"keyword": "complete semantics"},
+"keyword": "adapted versions"},
{"id": 1402,
-"keyword": "simple solution"},
+"keyword": "magic wand assertion"},
{"id": 1403,
-"keyword": "fixed-width machine words"},
+"keyword": "adequacy proof"},
{"id": 1404,
-"keyword": "thread creation"},
+"keyword": "sd-strategy- proofness"},
{"id": 1405,
-"keyword": "ip-route command"},
+"keyword": "dual incidence systems"},
{"id": 1406,
-"keyword": "underlying libraries"},
+"keyword": "primitive pythagorean triples"},
{"id": 1407,
-"keyword": "formally verified checkers"},
+"keyword": "akra-bazzi method based"},
{"id": 1408,
-"keyword": "direct corollaries"},
+"keyword": "important properties"},
{"id": 1409,
-"keyword": "authors upcoming dissertation"},
+"keyword": "unique irreducible factors"},
{"id": 1410,
-"keyword": "restrictive definition"},
+"keyword": "outgoing edges"},
{"id": 1411,
-"keyword": "interactive program verification environment"},
+"keyword": "target imperative hol"},
{"id": 1412,
-"keyword": "extensible design permits"},
+"keyword": "efficiently executable"},
{"id": 1413,
-"keyword": "earlier afp entry"},
+"keyword": "lifting operation"},
{"id": 1414,
-"keyword": "automated proof tactics"},
+"keyword": "lens algebra"},
{"id": 1415,
-"keyword": "metatheoretical observation"},
+"keyword": "agm operators"},
{"id": 1416,
-"keyword": "plane geometry"},
+"keyword": "book"},
{"id": 1417,
-"keyword": "finite trees"},
+"keyword": "behaviour structure"},
{"id": 1418,
-"keyword": "wide design space"},
+"keyword": "complete semantics"},
{"id": 1419,
-"keyword": "hellip"},
+"keyword": "simple solution"},
{"id": 1420,
-"keyword": "trace set inclusion"},
+"keyword": "fixed-width machine words"},
{"id": 1421,
-"keyword": "alpern"},
+"keyword": "thread creation"},
{"id": 1422,
-"keyword": "mathematical development presented"},
+"keyword": "ip-route command"},
{"id": 1423,
-"keyword": "formal version"},
+"keyword": "underlying libraries"},
{"id": 1424,
-"keyword": "lambda-free recursive path orders"},
+"keyword": "formally verified checkers"},
{"id": 1425,
-"keyword": "concrete result"},
+"keyword": "direct corollaries"},
{"id": 1426,
-"keyword": "square complex matrix"},
+"keyword": "authors upcoming dissertation"},
{"id": 1427,
-"keyword": "quantitative temporal constraints"},
+"keyword": "restrictive definition"},
{"id": 1428,
+"keyword": "interactive program verification environment"},
+{"id": 1429,
+"keyword": "extensible design permits"},
+{"id": 1430,
+"keyword": "earlier afp entry"},
+{"id": 1431,
+"keyword": "automated proof tactics"},
+{"id": 1432,
+"keyword": "metatheoretical observation"},
+{"id": 1433,
+"keyword": "plane geometry"},
+{"id": 1434,
+"keyword": "finite trees"},
+{"id": 1435,
+"keyword": "wide design space"},
+{"id": 1436,
+"keyword": "hellip"},
+{"id": 1437,
+"keyword": "trace set inclusion"},
+{"id": 1438,
+"keyword": "alpern"},
+{"id": 1439,
+"keyword": "mathematical development presented"},
+{"id": 1440,
+"keyword": "formal version"},
+{"id": 1441,
+"keyword": "lambda-free recursive path orders"},
+{"id": 1442,
+"keyword": "concrete result"},
+{"id": 1443,
+"keyword": "square complex matrix"},
+{"id": 1444,
+"keyword": "quantitative temporal constraints"},
+{"id": 1445,
"keyword": "formalization effort necessitated"},
-{"id": 1429,
+{"id": 1446,
"keyword": "stepwise program refinement"},
-{"id": 1430,
+{"id": 1447,
"keyword": "theoretical computer science"},
-{"id": 1431,
+{"id": 1448,
"keyword": "sequential composition"},
-{"id": 1432,
+{"id": 1449,
"keyword": "combinatorial auction"},
-{"id": 1433,
+{"id": 1450,
"keyword": "1007 978-3-030-90138-7_2"},
-{"id": 1434,
+{"id": 1451,
"keyword": "article builds"},
-{"id": 1435,
+{"id": 1452,
"keyword": "paraconsistent logic avoids"},
-{"id": 1436,
+{"id": 1453,
"keyword": "mixed-product property"},
-{"id": 1437,
+{"id": 1454,
"keyword": "operator applications"},
-{"id": 1438,
+{"id": 1455,
"keyword": "information whatsoever flows"},
-{"id": 1439,
+{"id": 1456,
"keyword": "tla specifications"},
-{"id": 1440,
+{"id": 1457,
"keyword": "security type system"},
-{"id": 1441,
+{"id": 1458,
"keyword": "pide development environment"},
-{"id": 1442,
+{"id": 1459,
"keyword": "entry vcg auctions"},
-{"id": 1443,
+{"id": 1460,
"keyword": "locally control back-end settings"},
-{"id": 1444,
+{"id": 1461,
"keyword": "bounded linear functions"},
-{"id": 1445,
+{"id": 1462,
"keyword": "deliberately restrict"},
-{"id": 1446,
+{"id": 1463,
"keyword": "sample main"},
-{"id": 1447,
-"keyword": "construct proper generic extensions"},
-{"id": 1448,
-"keyword": "reusable proof components"},
-{"id": 1449,
-"keyword": "deductive tools"},
-{"id": 1450,
-"keyword": "linearly ordered sets"},
-{"id": 1451,
-"keyword": "primal problem"},
-{"id": 1452,
-"keyword": "combine multiple methods"},
-{"id": 1453,
-"keyword": "model checkers"},
-{"id": 1454,
-"keyword": "extract efficient code"},
-{"id": 1455,
-"keyword": "strips fragment"},
-{"id": 1456,
-"keyword": "surely produce"},
-{"id": 1457,
-"keyword": "presents interesting results"},
-{"id": 1458,
-"keyword": "intersecting chords theorem"},
-{"id": 1459,
-"keyword": "lift larger classes"},
-{"id": 1460,
-"keyword": "entry"},
-{"id": 1461,
-"keyword": "related rewrite rules"},
-{"id": 1462,
-"keyword": "weaker statement contained"},
-{"id": 1463,
-"keyword": "automate canonical tasks"},
{"id": 1464,
-"keyword": "perform update operations naively"},
+"keyword": "construct proper generic extensions"},
{"id": 1465,
-"keyword": "usual redundancy elimination rules"},
+"keyword": "reusable proof components"},
{"id": 1466,
-"keyword": "present"},
+"keyword": "deductive tools"},
{"id": 1467,
-"keyword": "pairwise comparison"},
+"keyword": "linearly ordered sets"},
{"id": 1468,
-"keyword": "compositional algorithm"},
+"keyword": "primal problem"},
{"id": 1469,
-"keyword": "inconsistent bounds"},
+"keyword": "combine multiple methods"},
{"id": 1470,
+"keyword": "model checkers"},
+{"id": 1471,
+"keyword": "extract efficient code"},
+{"id": 1472,
+"keyword": "strips fragment"},
+{"id": 1473,
+"keyword": "surely produce"},
+{"id": 1474,
+"keyword": "presents interesting results"},
+{"id": 1475,
+"keyword": "intersecting chords theorem"},
+{"id": 1476,
+"keyword": "lift larger classes"},
+{"id": 1477,
+"keyword": "entry"},
+{"id": 1478,
+"keyword": "related rewrite rules"},
+{"id": 1479,
+"keyword": "weaker statement contained"},
+{"id": 1480,
+"keyword": "automate canonical tasks"},
+{"id": 1481,
+"keyword": "perform update operations naively"},
+{"id": 1482,
+"keyword": "usual redundancy elimination rules"},
+{"id": 1483,
+"keyword": "present"},
+{"id": 1484,
+"keyword": "pairwise comparison"},
+{"id": 1485,
+"keyword": "compositional algorithm"},
+{"id": 1486,
+"keyword": "inconsistent bounds"},
+{"id": 1487,
"keyword": "symmetric polynomial combination"},
-{"id": 1471,
+{"id": 1488,
"keyword": "conjectured relation"},
-{"id": 1472,
+{"id": 1489,
"keyword": "expression typing rules"},
-{"id": 1473,
+{"id": 1490,
"keyword": "csp noninterference security stated"},
-{"id": 1474,
+{"id": 1491,
"keyword": "avoiding quantification"},
-{"id": 1475,
+{"id": 1492,
"keyword": "varepsilon 0"},
-{"id": 1476,
+{"id": 1493,
"keyword": "purposefully incomplete"},
-{"id": 1477,
+{"id": 1494,
"keyword": "combinatorial proof requires construction"},
-{"id": 1478,
+{"id": 1495,
"keyword": "adam betts"},
-{"id": 1479,
+{"id": 1496,
"keyword": "real-normed fields"},
-{"id": 1480,
+{"id": 1497,
"keyword": "algebraic structure"},
-{"id": 1481,
+{"id": 1498,
"keyword": "unlike treaps"},
-{"id": 1482,
+{"id": 1499,
"keyword": "lemma statements"},
-{"id": 1483,
+{"id": 1500,
"keyword": "sorted linked lists enhanced"},
-{"id": 1484,
+{"id": 1501,
"keyword": "uniformly bounded"},
-{"id": 1485,
+{"id": 1502,
"keyword": "compiler correctness"},
-{"id": 1486,
+{"id": 1503,
"keyword": "small step semantics"},
-{"id": 1487,
+{"id": 1504,
"keyword": "alexander birch jensen"},
-{"id": 1488,
+{"id": 1505,
"keyword": "mathematical theories"},
-{"id": 1489,
+{"id": 1506,
"keyword": "failure divergence model"},
-{"id": 1490,
+{"id": 1507,
"keyword": "bnfcc theory"},
-{"id": 1491,
+{"id": 1508,
"keyword": "diagonal functors"},
-{"id": 1492,
+{"id": 1509,
"keyword": "partial synchrony"},
-{"id": 1493,
+{"id": 1510,
"keyword": "preserves semantics"},
-{"id": 1494,
+{"id": 1511,
"keyword": "obtain dynamic programming algorithms"},
-{"id": 1495,
+{"id": 1512,
"keyword": "refine system specifications"},
-{"id": 1496,
+{"id": 1513,
"keyword": "process crashes"},
-{"id": 1497,
+{"id": 1514,
"keyword": "algorithm multiple times independently"},
-{"id": 1498,
+{"id": 1515,
"keyword": "diagonal-free timed automata"},
-{"id": 1499,
+{"id": 1516,
"keyword": "-free higher-order terms"},
-{"id": 1500,
+{"id": 1517,
"keyword": "generic imperative algorithms"},
-{"id": 1501,
+{"id": 1518,
"keyword": "gromov hyperbolic"},
-{"id": 1502,
+{"id": 1519,
"keyword": "imaginary part"},
-{"id": 1503,
+{"id": 1520,
"keyword": "artificial general intelligence"},
-{"id": 1504,
+{"id": 1521,
"keyword": "coreutils sha256 implementation"},
-{"id": 1505,
+{"id": 1522,
"keyword": "traditional formalisations"},
-{"id": 1506,
+{"id": 1523,
"keyword": "floating-point operations"},
-{"id": 1507,
+{"id": 1524,
"keyword": "landau expressions"},
-{"id": 1508,
+{"id": 1525,
"keyword": "asymptotic relation"},
-{"id": 1509,
+{"id": 1526,
"keyword": "lebesgue measure"},
-{"id": 1510,
+{"id": 1527,
"keyword": "original design based"},
-{"id": 1511,
+{"id": 1528,
"keyword": "document root"},
-{"id": 1512,
+{"id": 1529,
"keyword": "solve automatically"},
-{"id": 1513,
+{"id": 1530,
"keyword": "trick"},
-{"id": 1514,
+{"id": 1531,
"keyword": "weight-balanced trees"},
-{"id": 1515,
+{"id": 1532,
"keyword": "development forms"},
-{"id": 1516,
+{"id": 1533,
"keyword": "earlier version"},
-{"id": 1517,
+{"id": 1534,
"keyword": "afp entries goedel_hfset_semantic"},
-{"id": 1518,
+{"id": 1535,
"keyword": "fairly obvious properties"},
-{"id": 1519,
+{"id": 1536,
"keyword": "parigots -calculus"},
-{"id": 1520,
+{"id": 1537,
"keyword": "construct real exponents"},
-{"id": 1521,
+{"id": 1538,
"keyword": "nicta l4v"},
-{"id": 1522,
+{"id": 1539,
"keyword": "fully canceled words"},
-{"id": 1523,
+{"id": 1540,
"keyword": "concrete syntax"},
-{"id": 1524,
+{"id": 1541,
"keyword": "standard two-phase slicer"},
-{"id": 1525,
+{"id": 1542,
"keyword": "simple executable algorithms"},
-{"id": 1526,
+{"id": 1543,
"keyword": "unbounded nondeterminism"},
-{"id": 1527,
+{"id": 1544,
"keyword": "a-priori bound"},
-{"id": 1528,
+{"id": 1545,
"keyword": "single partial binary operation"},
-{"id": 1529,
+{"id": 1546,
"keyword": "hol definitions"},
-{"id": 1530,
+{"id": 1547,
+"keyword": "longer periods"},
+{"id": 1548,
"keyword": "atomic elements"},
-{"id": 1531,
-"keyword": "linear equations"},
-{"id": 1532,
-"keyword": "group_add class"},
-{"id": 1533,
-"keyword": "formalizing game-based proofs"},
-{"id": 1534,
-"keyword": "analytic function"},
-{"id": 1535,
-"keyword": "previous afp entry"},
-{"id": 1536,
-"keyword": "solving equations"},
-{"id": 1537,
-"keyword": "random binary search trees"},
-{"id": 1538,
-"keyword": "presents experimental results"},
-{"id": 1539,
-"keyword": "invariance"},
-{"id": 1540,
-"keyword": "abstract data type"},
-{"id": 1541,
-"keyword": "replicated data"},
-{"id": 1542,
-"keyword": "square roots"},
-{"id": 1543,
-"keyword": "stuttering sampling functions"},
-{"id": 1544,
-"keyword": "poincar disc model development"},
-{"id": 1545,
-"keyword": "concurrent operations"},
-{"id": 1546,
-"keyword": "immensely helpful"},
-{"id": 1547,
-"keyword": "intrinsic properties"},
-{"id": 1548,
-"keyword": "category theory written"},
{"id": 1549,
-"keyword": "high-level type systems"},
+"keyword": "linear equations"},
{"id": 1550,
-"keyword": "schur decomposition"},
+"keyword": "group_add class"},
{"id": 1551,
-"keyword": "stuttering"},
+"keyword": "formalizing game-based proofs"},
{"id": 1552,
-"keyword": "language theory"},
+"keyword": "analytic function"},
{"id": 1553,
-"keyword": "smt proof"},
+"keyword": "previous afp entry"},
{"id": 1554,
-"keyword": "permission amounts held"},
+"keyword": "solving equations"},
{"id": 1555,
-"keyword": "fourth sylow theorems"},
+"keyword": "random binary search trees"},
{"id": 1556,
-"keyword": "single infinite point"},
+"keyword": "presents experimental results"},
{"id": 1557,
-"keyword": "intuitive arguments found"},
+"keyword": "invariance"},
{"id": 1558,
-"keyword": "defensive jinja virtual machine"},
+"keyword": "abstract data type"},
{"id": 1559,
-"keyword": "type class"},
+"keyword": "replicated data"},
{"id": 1560,
-"keyword": "twelve bijections"},
+"keyword": "square roots"},
{"id": 1561,
-"keyword": "torino group"},
+"keyword": "stuttering sampling functions"},
{"id": 1562,
-"keyword": "semantic embedding"},
+"keyword": "poincar disc model development"},
{"id": 1563,
-"keyword": "previous theorem"},
+"keyword": "concurrent operations"},
{"id": 1564,
-"keyword": "digit shifts"},
+"keyword": "immensely helpful"},
{"id": 1565,
-"keyword": "cardinality"},
+"keyword": "intrinsic properties"},
{"id": 1566,
-"keyword": "polynomial factorisation algorithms ndash"},
+"keyword": "category theory written"},
{"id": 1567,
-"keyword": "protocol analysis"},
+"keyword": "high-level type systems"},
{"id": 1568,
-"keyword": "earlier joint work"},
+"keyword": "schur decomposition"},
{"id": 1569,
-"keyword": "polynomial rings"},
+"keyword": "stuttering"},
{"id": 1570,
-"keyword": "operational rules"},
+"keyword": "language theory"},
{"id": 1571,
-"keyword": "original compilation process"},
+"keyword": "smt proof"},
{"id": 1572,
-"keyword": "specification language"},
+"keyword": "permission amounts held"},
{"id": 1573,
-"keyword": "maximally consistent sets"},
+"keyword": "fourth sylow theorems"},
{"id": 1574,
-"keyword": "von-neumann-morgenstern utility theorem"},
+"keyword": "single infinite point"},
{"id": 1575,
-"keyword": "tarski-seidenberg theorem established"},
+"keyword": "intuitive arguments found"},
{"id": 1576,
-"keyword": "streamlining formal definitions"},
+"keyword": "defensive jinja virtual machine"},
{"id": 1577,
-"keyword": "interest rates"},
+"keyword": "type class"},
{"id": 1578,
-"keyword": "exhibit core features"},
+"keyword": "twelve bijections"},
{"id": 1579,
-"keyword": "right-hand side"},
+"keyword": "torino group"},
{"id": 1580,
-"keyword": "calculating operators"},
+"keyword": "semantic embedding"},
{"id": 1581,
-"keyword": "generated code implements"},
+"keyword": "previous theorem"},
{"id": 1582,
-"keyword": "automatic instantiation"},
+"keyword": "digit shifts"},
{"id": 1583,
-"keyword": "skew heaps"},
+"keyword": "cardinality"},
{"id": 1584,
-"keyword": "completely remove tedious proofs"},
+"keyword": "polynomial factorisation algorithms ndash"},
{"id": 1585,
-"keyword": "session keys"},
+"keyword": "protocol analysis"},
{"id": 1586,
+"keyword": "earlier joint work"},
+{"id": 1587,
+"keyword": "statement boundaries"},
+{"id": 1588,
+"keyword": "polynomial rings"},
+{"id": 1589,
+"keyword": "operational rules"},
+{"id": 1590,
+"keyword": "original compilation process"},
+{"id": 1591,
+"keyword": "specification language"},
+{"id": 1592,
+"keyword": "maximally consistent sets"},
+{"id": 1593,
+"keyword": "von-neumann-morgenstern utility theorem"},
+{"id": 1594,
+"keyword": "tarski-seidenberg theorem established"},
+{"id": 1595,
+"keyword": "streamlining formal definitions"},
+{"id": 1596,
+"keyword": "exhibit core features"},
+{"id": 1597,
+"keyword": "right-hand side"},
+{"id": 1598,
+"keyword": "calculating operators"},
+{"id": 1599,
+"keyword": "generated code implements"},
+{"id": 1600,
+"keyword": "automatic instantiation"},
+{"id": 1601,
+"keyword": "skew heaps"},
+{"id": 1602,
+"keyword": "completely remove tedious proofs"},
+{"id": 1603,
+"keyword": "session keys"},
+{"id": 1604,
"keyword": "halting problem"},
-{"id": 1587,
+{"id": 1605,
"keyword": "atkinson lemma"},
-{"id": 1588,
+{"id": 1606,
"keyword": "additional theory"},
-{"id": 1589,
+{"id": 1607,
"keyword": "boolos gave"},
-{"id": 1590,
+{"id": 1608,
"keyword": "lemma based"},
-{"id": 1591,
+{"id": 1609,
"keyword": "hales jewett theorem"},
-{"id": 1592,
+{"id": 1610,
"keyword": "regular sets"},
-{"id": 1593,
+{"id": 1611,
"keyword": "web components"},
-{"id": 1594,
-"keyword": "stuart rankin"},
-{"id": 1595,
-"keyword": "18th century"},
-{"id": 1596,
-"keyword": "roots"},
-{"id": 1597,
-"keyword": "style presented"},
-{"id": 1598,
-"keyword": "complementing previous encodings"},
-{"id": 1599,
-"keyword": "hoc fashion"},
-{"id": 1600,
-"keyword": "algebraic number implementation"},
-{"id": 1601,
-"keyword": "transcendence criteria"},
-{"id": 1602,
-"keyword": "exponential series"},
-{"id": 1603,
-"keyword": "finite dimensional vector space"},
-{"id": 1604,
-"keyword": "synthetic approach"},
-{"id": 1605,
-"keyword": "function calls"},
-{"id": 1606,
-"keyword": "hereditarily finite sets"},
-{"id": 1607,
-"keyword": "free theorems"},
-{"id": 1608,
-"keyword": "stuttering equivalence"},
-{"id": 1609,
-"keyword": "predicate abstraction"},
-{"id": 1610,
-"keyword": "formula represent propositional formulas"},
-{"id": 1611,
-"keyword": "preorder relations"},
{"id": 1612,
-"keyword": "bound variables"},
+"keyword": "stuart rankin"},
{"id": 1613,
-"keyword": "first-order quantification"},
+"keyword": "18th century"},
{"id": 1614,
-"keyword": "skew binomial heaps"},
+"keyword": "roots"},
{"id": 1615,
-"keyword": "control operators"},
+"keyword": "style presented"},
{"id": 1616,
-"keyword": "form construction algorithm"},
+"keyword": "complementing previous encodings"},
{"id": 1617,
-"keyword": "central meta theorem"},
+"keyword": "hoc fashion"},
{"id": 1618,
-"keyword": "matrix representation"},
+"keyword": "algebraic number implementation"},
{"id": 1619,
-"keyword": "data complexity"},
+"keyword": "transcendence criteria"},
{"id": 1620,
-"keyword": "modular arithmetic plays"},
+"keyword": "exponential series"},
{"id": 1621,
-"keyword": "fairly nice"},
+"keyword": "finite dimensional vector space"},
{"id": 1622,
-"keyword": "foundational structures"},
+"keyword": "synthetic approach"},
{"id": 1623,
-"keyword": "direct recursion"},
+"keyword": "function calls"},
{"id": 1624,
-"keyword": "mathematical logic"},
+"keyword": "hereditarily finite sets"},
{"id": 1625,
-"keyword": "higher-order superposition calculus"},
+"keyword": "free theorems"},
{"id": 1626,
-"keyword": "purely algebraic"},
+"keyword": "stuttering equivalence"},
{"id": 1627,
-"keyword": "differentiability"},
+"keyword": "predicate abstraction"},
{"id": 1628,
+"keyword": "formula represent propositional formulas"},
+{"id": 1629,
+"keyword": "preorder relations"},
+{"id": 1630,
+"keyword": "bound variables"},
+{"id": 1631,
+"keyword": "first-order quantification"},
+{"id": 1632,
+"keyword": "skew binomial heaps"},
+{"id": 1633,
+"keyword": "control operators"},
+{"id": 1634,
+"keyword": "form construction algorithm"},
+{"id": 1635,
+"keyword": "central meta theorem"},
+{"id": 1636,
+"keyword": "matrix representation"},
+{"id": 1637,
+"keyword": "data complexity"},
+{"id": 1638,
+"keyword": "modular arithmetic plays"},
+{"id": 1639,
+"keyword": "fairly nice"},
+{"id": 1640,
+"keyword": "foundational structures"},
+{"id": 1641,
+"keyword": "direct recursion"},
+{"id": 1642,
+"keyword": "mathematical logic"},
+{"id": 1643,
+"keyword": "higher-order superposition calculus"},
+{"id": 1644,
+"keyword": "purely algebraic"},
+{"id": 1645,
+"keyword": "differentiability"},
+{"id": 1646,
"keyword": "logging-independent message anonymity"},
-{"id": 1629,
+{"id": 1647,
"keyword": "functional implementation"},
-{"id": 1630,
+{"id": 1648,
"keyword": "composition series"},
-{"id": 1631,
+{"id": 1649,
"keyword": "ordered resolution"},
-{"id": 1632,
+{"id": 1650,
"keyword": "chinese remainder theorem"},
-{"id": 1633,
+{"id": 1651,
"keyword": "clausal consequences"},
-{"id": 1634,
+{"id": 1652,
"keyword": "consistent fol theories extending"},
-{"id": 1635,
+{"id": 1653,
"keyword": "real coefficients"},
-{"id": 1636,
-"keyword": "turing machines arose"},
-{"id": 1637,
-"keyword": "sparcv8 architecture"},
-{"id": 1638,
-"keyword": "compositional noninterference"},
-{"id": 1639,
-"keyword": "simd extensions"},
-{"id": 1640,
-"keyword": "imperative hol heap monad"},
-{"id": 1641,
-"keyword": "error message"},
-{"id": 1642,
-"keyword": "generic results"},
-{"id": 1643,
-"keyword": "basic randomised social choice"},
-{"id": 1644,
-"keyword": "generate reverse-symmetric claims"},
-{"id": 1645,
-"keyword": "dynamic tables parameterized"},
-{"id": 1646,
-"keyword": "proper grounding"},
-{"id": 1647,
-"keyword": "quasi-borel spaces"},
-{"id": 1648,
-"keyword": "sat solver correctness proofs"},
-{"id": 1649,
-"keyword": "charly gries"},
-{"id": 1650,
-"keyword": "valid completeness threshold"},
-{"id": 1651,
-"keyword": "reduces proof obligations"},
-{"id": 1652,
-"keyword": "concrete representation"},
-{"id": 1653,
-"keyword": "restricted growth functions"},
{"id": 1654,
-"keyword": "irrationality criteria"},
+"keyword": "turing machines arose"},
{"id": 1655,
-"keyword": "language features"},
+"keyword": "sparcv8 architecture"},
{"id": 1656,
-"keyword": "compilation function"},
+"keyword": "compositional noninterference"},
{"id": 1657,
-"keyword": "formally reason"},
+"keyword": "simd extensions"},
{"id": 1658,
-"keyword": "development employs"},
+"keyword": "imperative hol heap monad"},
{"id": 1659,
-"keyword": "policy decision point"},
+"keyword": "error message"},
{"id": 1660,
-"keyword": "comparison oracle"},
+"keyword": "generic results"},
{"id": 1661,
-"keyword": "suitable distributed system model"},
+"keyword": "basic randomised social choice"},
{"id": 1662,
-"keyword": "tautology elimination"},
+"keyword": "generate reverse-symmetric claims"},
{"id": 1663,
-"keyword": "parallel prefix computations"},
+"keyword": "dynamic tables parameterized"},
{"id": 1664,
-"keyword": "andrei popescu"},
+"keyword": "proper grounding"},
{"id": 1665,
-"keyword": "proofs necessitate"},
+"keyword": "quasi-borel spaces"},
{"id": 1666,
-"keyword": "verified implementation"},
+"keyword": "sat solver correctness proofs"},
{"id": 1667,
-"keyword": "geometric sketches"},
+"keyword": "charly gries"},
{"id": 1668,
-"keyword": "small-step semantics akin"},
+"keyword": "valid completeness threshold"},
{"id": 1669,
-"keyword": "finite developments theorem"},
+"keyword": "reduces proof obligations"},
{"id": 1670,
-"keyword": "search-tree property"},
+"keyword": "concrete representation"},
{"id": 1671,
-"keyword": "unverified reference implementation"},
+"keyword": "restricted growth functions"},
{"id": 1672,
-"keyword": "abstract separation logic"},
+"keyword": "irrationality criteria"},
{"id": 1673,
-"keyword": "abstract algebraic structure satisfying"},
+"keyword": "language features"},
{"id": 1674,
-"keyword": "types-to-sets mechanism"},
+"keyword": "compilation function"},
{"id": 1675,
-"keyword": "stiffness matrix represents"},
+"keyword": "formally reason"},
{"id": 1676,
-"keyword": "time real exponents"},
+"keyword": "development employs"},
{"id": 1677,
-"keyword": "vcg auction"},
+"keyword": "policy decision point"},
{"id": 1678,
-"keyword": "secure network configurations"},
+"keyword": "comparison oracle"},
{"id": 1679,
-"keyword": "infinite conjunctions"},
+"keyword": "suitable distributed system model"},
{"id": 1680,
-"keyword": "respective frameworks"},
+"keyword": "tautology elimination"},
{"id": 1681,
+"keyword": "parallel prefix computations"},
+{"id": 1682,
+"keyword": "andrei popescu"},
+{"id": 1683,
+"keyword": "proofs necessitate"},
+{"id": 1684,
+"keyword": "verified implementation"},
+{"id": 1685,
+"keyword": "geometric sketches"},
+{"id": 1686,
+"keyword": "small-step semantics akin"},
+{"id": 1687,
+"keyword": "finite developments theorem"},
+{"id": 1688,
+"keyword": "search-tree property"},
+{"id": 1689,
+"keyword": "unverified reference implementation"},
+{"id": 1690,
+"keyword": "abstract separation logic"},
+{"id": 1691,
+"keyword": "abstract algebraic structure satisfying"},
+{"id": 1692,
+"keyword": "types-to-sets mechanism"},
+{"id": 1693,
+"keyword": "stiffness matrix represents"},
+{"id": 1694,
+"keyword": "time real exponents"},
+{"id": 1695,
+"keyword": "vcg auction"},
+{"id": 1696,
+"keyword": "secure network configurations"},
+{"id": 1697,
+"keyword": "infinite conjunctions"},
+{"id": 1698,
+"keyword": "respective frameworks"},
+{"id": 1699,
"keyword": "strongly normalizing"},
-{"id": 1682,
+{"id": 1700,
"keyword": "distinct operators"},
-{"id": 1683,
+{"id": 1701,
"keyword": "efficient computation"},
-{"id": 1684,
+{"id": 1702,
"keyword": "author merz 1998"},
-{"id": 1685,
+{"id": 1703,
"keyword": "concurrent revisions model"},
-{"id": 1686,
+{"id": 1704,
"keyword": "regain sequential consistency"},
-{"id": 1687,
+{"id": 1705,
"keyword": "updated version"},
-{"id": 1688,
+{"id": 1706,
"keyword": "tlc model checker"},
-{"id": 1689,
+{"id": 1707,
"keyword": "fully abstract"},
-{"id": 1690,
+{"id": 1708,
"keyword": "framework supports semantic annotations"},
-{"id": 1691,
+{"id": 1709,
"keyword": "theory file"},
-{"id": 1692,
+{"id": 1710,
"keyword": "earlier paper"},
-{"id": 1693,
+{"id": 1711,
"keyword": "executable functions"},
-{"id": 1694,
+{"id": 1712,
"keyword": "general result"},
-{"id": 1695,
+{"id": 1713,
"keyword": "runtime verification tool"},
-{"id": 1696,
+{"id": 1714,
"keyword": "automated proof techniques"},
-{"id": 1697,
+{"id": 1715,
"keyword": "simple verification conditions"},
-{"id": 1698,
+{"id": 1716,
"keyword": "orthogonal vectors"},
-{"id": 1699,
-"keyword": "machine checked collections framework"},
-{"id": 1700,
-"keyword": "command mk_ide"},
-{"id": 1701,
-"keyword": "polynomial growth"},
-{"id": 1702,
-"keyword": "local clock"},
-{"id": 1703,
-"keyword": "abstract first-order prover"},
-{"id": 1704,
-"keyword": "kuratowski subgraphs"},
-{"id": 1705,
-"keyword": "mathematical text"},
-{"id": 1706,
-"keyword": "absolute positiveness"},
-{"id": 1707,
-"keyword": "cryptographic scheme crystals-kyber"},
-{"id": 1708,
-"keyword": "number-theoretic foundations"},
-{"id": 1709,
-"keyword": "negative resolution"},
-{"id": 1710,
-"keyword": "differential game logic"},
-{"id": 1711,
-"keyword": "reusable libraries"},
-{"id": 1712,
-"keyword": "minimum weighted path length"},
-{"id": 1713,
-"keyword": "analytic dirichlet series"},
-{"id": 1714,
-"keyword": "completeness threshold"},
-{"id": 1715,
-"keyword": "impact"},
-{"id": 1716,
-"keyword": "gained experience"},
{"id": 1717,
-"keyword": "automated reasoning"},
+"keyword": "machine checked collections framework"},
{"id": 1718,
-"keyword": "positive real roots"},
+"keyword": "command mk_ide"},
{"id": 1719,
-"keyword": "update functions"},
+"keyword": "polynomial growth"},
{"id": 1720,
-"keyword": "ipv4 address allocation"},
+"keyword": "local clock"},
{"id": 1721,
-"keyword": "reusable reasoning infrastructure"},
+"keyword": "abstract first-order prover"},
{"id": 1722,
-"keyword": "original motivation"},
+"keyword": "kuratowski subgraphs"},
{"id": 1723,
-"keyword": "underlying theorem"},
+"keyword": "mathematical text"},
{"id": 1724,
-"keyword": "tableau blocks"},
+"keyword": "absolute positiveness"},
{"id": 1725,
-"keyword": "suffix"},
+"keyword": "cryptographic scheme crystals-kyber"},
{"id": 1726,
-"keyword": "strong duality theorem"},
+"keyword": "number-theoretic foundations"},
{"id": 1727,
-"keyword": "subsequent formalisation"},
+"keyword": "negative resolution"},
{"id": 1728,
-"keyword": "enumerative combinatorics"},
+"keyword": "differential game logic"},
{"id": 1729,
-"keyword": "monad carries"},
+"keyword": "reusable libraries"},
{"id": 1730,
-"keyword": "concurrent programming"},
+"keyword": "minimum weighted path length"},
{"id": 1731,
-"keyword": "logic tla merz 1999"},
+"keyword": "analytic dirichlet series"},
{"id": 1732,
-"keyword": "bisimulation variants"},
+"keyword": "completeness threshold"},
{"id": 1733,
-"keyword": "osc"},
+"keyword": "impact"},
{"id": 1734,
-"keyword": "executable decision procedure"},
+"keyword": "gained experience"},
{"id": 1735,
-"keyword": "parsing concept"},
+"keyword": "automated reasoning"},
{"id": 1736,
-"keyword": "documents managed"},
+"keyword": "positive real roots"},
{"id": 1737,
-"keyword": "complex predicates"},
+"keyword": "update functions"},
{"id": 1738,
-"keyword": "dual system relationships"},
+"keyword": "ipv4 address allocation"},
{"id": 1739,
-"keyword": "study second-order formalisations"},
+"keyword": "reusable reasoning infrastructure"},
{"id": 1740,
-"keyword": "extended finite state machines"},
+"keyword": "original motivation"},
{"id": 1741,
-"keyword": "grammar based fuzzing"},
+"keyword": "underlying theorem"},
{"id": 1742,
-"keyword": "seligman-style tableau system"},
+"keyword": "tableau blocks"},
{"id": 1743,
-"keyword": "complete ipv4"},
+"keyword": "suffix"},
{"id": 1744,
-"keyword": "first-order query evaluation"},
+"keyword": "strong duality theorem"},
{"id": 1745,
-"keyword": "simple model"},
+"keyword": "subsequent formalisation"},
{"id": 1746,
-"keyword": "chandy--lamport algorithm"},
+"keyword": "enumerative combinatorics"},
{"id": 1747,
-"keyword": "proof technology"},
+"keyword": "monad carries"},
{"id": 1748,
-"keyword": "turing machines"},
+"keyword": "concurrent programming"},
{"id": 1749,
-"keyword": "required induction rule"},
+"keyword": "logic tla merz 1999"},
{"id": 1750,
-"keyword": "multivariate polynomials"},
+"keyword": "bisimulation variants"},
{"id": 1751,
-"keyword": "main routing table"},
+"keyword": "osc"},
{"id": 1752,
-"keyword": "normalise monadic hol terms"},
+"keyword": "executable decision procedure"},
{"id": 1753,
-"keyword": "executable instantiations"},
+"keyword": "parsing concept"},
{"id": 1754,
-"keyword": "design existence"},
+"keyword": "documents managed"},
{"id": 1755,
-"keyword": "32bit machine words"},
+"keyword": "complex predicates"},
{"id": 1756,
-"keyword": "lock synchronisation"},
+"keyword": "dual system relationships"},
{"id": 1757,
-"keyword": "case distinction"},
+"keyword": "study second-order formalisations"},
{"id": 1758,
-"keyword": "advanced binding constructs"},
+"keyword": "extended finite state machines"},
{"id": 1759,
-"keyword": "dynamic slicing"},
+"keyword": "grammar based fuzzing"},
{"id": 1760,
-"keyword": "technical problems"},
+"keyword": "seligman-style tableau system"},
{"id": 1761,
-"keyword": "additional properties related"},
+"keyword": "complete ipv4"},
{"id": 1762,
-"keyword": "technical university"},
+"keyword": "first-order query evaluation"},
{"id": 1763,
-"keyword": "security invariants"},
+"keyword": "simple model"},
{"id": 1764,
-"keyword": "demonstrator semantic backend"},
+"keyword": "chandy--lamport algorithm"},
{"id": 1765,
+"keyword": "proof technology"},
+{"id": 1766,
+"keyword": "turing machines"},
+{"id": 1767,
+"keyword": "required induction rule"},
+{"id": 1768,
+"keyword": "multivariate polynomials"},
+{"id": 1769,
+"keyword": "main routing table"},
+{"id": 1770,
+"keyword": "normalise monadic hol terms"},
+{"id": 1771,
+"keyword": "executable instantiations"},
+{"id": 1772,
+"keyword": "design existence"},
+{"id": 1773,
+"keyword": "32bit machine words"},
+{"id": 1774,
+"keyword": "lock synchronisation"},
+{"id": 1775,
+"keyword": "case distinction"},
+{"id": 1776,
+"keyword": "advanced binding constructs"},
+{"id": 1777,
+"keyword": "dynamic slicing"},
+{"id": 1778,
+"keyword": "technical problems"},
+{"id": 1779,
+"keyword": "additional properties related"},
+{"id": 1780,
+"keyword": "technical university"},
+{"id": 1781,
+"keyword": "security invariants"},
+{"id": 1782,
+"keyword": "demonstrator semantic backend"},
+{"id": 1783,
"keyword": "tom ridge"},
-{"id": 1766,
+{"id": 1784,
"keyword": "real arithmetic"},
-{"id": 1767,
+{"id": 1785,
"keyword": "two-argument partition function"},
-{"id": 1768,
+{"id": 1786,
"keyword": "cade-27 paper"},
-{"id": 1769,
+{"id": 1787,
"keyword": "existing integration theory"},
-{"id": 1770,
+{"id": 1788,
"keyword": "defining variants"},
-{"id": 1771,
+{"id": 1789,
"keyword": "represent recursively enumerable sets"},
-{"id": 1772,
+{"id": 1790,
"keyword": "normalization equivalence"},
-{"id": 1773,
+{"id": 1791,
"keyword": "modified policy iteration"},
-{"id": 1774,
+{"id": 1792,
"keyword": "set operations"},
-{"id": 1775,
+{"id": 1793,
"keyword": "zf set theory"},
-{"id": 1776,
+{"id": 1794,
"keyword": "robbins conjecture"},
-{"id": 1777,
+{"id": 1795,
"keyword": "coalgebraic decision procedure"},
-{"id": 1778,
+{"id": 1796,
"keyword": "bit simpler"},
-{"id": 1779,
+{"id": 1797,
"keyword": "heterogeneous subsystems"},
-{"id": 1780,
+{"id": 1798,
"keyword": "semantic information directly embedded"},
-{"id": 1781,
-"keyword": "topological curiosity discovered"},
-{"id": 1782,
+{"id": 1799,
"keyword": "guarantee safety"},
-{"id": 1783,
-"keyword": "central result"},
-{"id": 1784,
-"keyword": "numeric constants occurring"},
-{"id": 1785,
-"keyword": "points constructible"},
-{"id": 1786,
-"keyword": "word numerals"},
-{"id": 1787,
-"keyword": "verified approach"},
-{"id": 1788,
-"keyword": "replacement theorem"},
-{"id": 1789,
-"keyword": "close connection"},
-{"id": 1790,
-"keyword": "executable version"},
-{"id": 1791,
-"keyword": "finitely supported"},
-{"id": 1792,
-"keyword": "strong normalization"},
-{"id": 1793,
-"keyword": "specific integer polynomial"},
-{"id": 1794,
-"keyword": "metric space"},
-{"id": 1795,
-"keyword": "von zur gathen"},
-{"id": 1796,
-"keyword": "similar level"},
-{"id": 1797,
-"keyword": "refinement approach scales"},
-{"id": 1798,
-"keyword": "explicitly represented"},
-{"id": 1799,
-"keyword": "optimal stationary deterministic solution"},
{"id": 1800,
-"keyword": "semantic domain"},
+"keyword": "reimposing upper bounds"},
{"id": 1801,
-"keyword": "computer algebra system maple"},
+"keyword": "topological curiosity discovered"},
{"id": 1802,
-"keyword": "sublists alternately extracted"},
+"keyword": "central result"},
{"id": 1803,
-"keyword": "cons"},
+"keyword": "numeric constants occurring"},
{"id": 1804,
-"keyword": "congruence theorems"},
+"keyword": "points constructible"},
{"id": 1805,
-"keyword": "wide variety"},
+"keyword": "word numerals"},
{"id": 1806,
-"keyword": "expected height"},
+"keyword": "verified approach"},
{"id": 1807,
+"keyword": "replacement theorem"},
+{"id": 1808,
+"keyword": "close connection"},
+{"id": 1809,
+"keyword": "executable version"},
+{"id": 1810,
+"keyword": "finitely supported"},
+{"id": 1811,
+"keyword": "strong normalization"},
+{"id": 1812,
+"keyword": "specific integer polynomial"},
+{"id": 1813,
+"keyword": "metric space"},
+{"id": 1814,
+"keyword": "henkin style"},
+{"id": 1815,
+"keyword": "von zur gathen"},
+{"id": 1816,
+"keyword": "similar level"},
+{"id": 1817,
+"keyword": "refinement approach scales"},
+{"id": 1818,
+"keyword": "explicitly represented"},
+{"id": 1819,
+"keyword": "optimal stationary deterministic solution"},
+{"id": 1820,
+"keyword": "semantic domain"},
+{"id": 1821,
+"keyword": "computer algebra system maple"},
+{"id": 1822,
+"keyword": "sublists alternately extracted"},
+{"id": 1823,
+"keyword": "cons"},
+{"id": 1824,
+"keyword": "congruence theorems"},
+{"id": 1825,
+"keyword": "wide variety"},
+{"id": 1826,
+"keyword": "expected height"},
+{"id": 1827,
"keyword": "produce observable outputs"},
-{"id": 1808,
+{"id": 1828,
"keyword": "reduction theorem"},
-{"id": 1809,
+{"id": 1829,
"keyword": "self-contained certifier"},
-{"id": 1810,
+{"id": 1830,
"keyword": "book first-order logic"},
-{"id": 1811,
+{"id": 1831,
"keyword": "list update problem"},
-{"id": 1812,
+{"id": 1832,
"keyword": "forthcoming paper"},
-{"id": 1813,
+{"id": 1833,
"keyword": "winding number measures"},
-{"id": 1814,
+{"id": 1834,
"keyword": "important theorem"},
-{"id": 1815,
+{"id": 1835,
"keyword": "cartesian product"},
-{"id": 1816,
+{"id": 1836,
"keyword": "taylor series expansions"},
-{"id": 1817,
+{"id": 1837,
"keyword": "design choices underlying"},
-{"id": 1818,
+{"id": 1838,
"keyword": "constructive points"},
-{"id": 1819,
+{"id": 1839,
"keyword": "functional data structures"},
-{"id": 1820,
+{"id": 1840,
"keyword": "2nd international workshop"},
-{"id": 1821,
+{"id": 1841,
"keyword": "pages 20-34"},
-{"id": 1822,
+{"id": 1842,
+"keyword": "restricted type"},
+{"id": 1843,
"keyword": "afp entry simple_firewall"},
-{"id": 1823,
+{"id": 1844,
"keyword": "shadow root"},
-{"id": 1824,
+{"id": 1845,
"keyword": "invariant factor decomposition"},
-{"id": 1825,
+{"id": 1846,
"keyword": "operational"},
-{"id": 1826,
-"keyword": "restricted type"},
-{"id": 1827,
-"keyword": "org 10"},
-{"id": 1828,
+{"id": 1847,
"keyword": "fully-automated approach"},
-{"id": 1829,
+{"id": 1848,
"keyword": "auxiliary labels"},
-{"id": 1830,
+{"id": 1849,
"keyword": "widely applicable"},
-{"id": 1831,
+{"id": 1850,
"keyword": "rich expression typing rules"},
-{"id": 1832,
+{"id": 1851,
"keyword": "metric first-order dynamic logic"},
-{"id": 1833,
+{"id": 1852,
"keyword": "specific conflict analysis algorithm"},
-{"id": 1834,
+{"id": 1853,
"keyword": "linear algebra"},
-{"id": 1835,
+{"id": 1854,
"keyword": "arbitrary uniform distributions"},
-{"id": 1836,
+{"id": 1855,
"keyword": "security violations"},
-{"id": 1837,
+{"id": 1856,
"keyword": "intersection type systems"},
-{"id": 1838,
+{"id": 1857,
"keyword": "state-of-the-art smt solvers"},
-{"id": 1839,
+{"id": 1858,
"keyword": "class-collection-based rts algorithms run"},
-{"id": 1840,
+{"id": 1859,
"keyword": "control flow"},
-{"id": 1841,
+{"id": 1860,
"keyword": "nominal2 package"},
-{"id": 1842,
+{"id": 1861,
"keyword": "1 involving"},
-{"id": 1843,
+{"id": 1862,
"keyword": "free groups"},
-{"id": 1844,
+{"id": 1863,
"keyword": "actuarial mathematics"},
-{"id": 1845,
+{"id": 1864,
"keyword": "famous abc conjecture"},
-{"id": 1846,
-"keyword": "myhill nerode theorem"},
-{"id": 1847,
-"keyword": "key result"},
-{"id": 1848,
-"keyword": "uniform substitution calculus"},
-{"id": 1849,
-"keyword": "slightly modified"},
-{"id": 1850,
-"keyword": "tetrahedral group"},
-{"id": 1851,
-"keyword": "type class laws"},
-{"id": 1852,
-"keyword": "greatest common divisor"},
-{"id": 1853,
-"keyword": "automated reasoning framework"},
-{"id": 1854,
-"keyword": "compiled tactic code"},
-{"id": 1855,
-"keyword": "merkle functors"},
-{"id": 1856,
-"keyword": "dirichlet products"},
-{"id": 1857,
-"keyword": "import-expert format"},
-{"id": 1858,
-"keyword": "group ring"},
-{"id": 1859,
-"keyword": "efficient allocation"},
-{"id": 1860,
-"keyword": "miller ndash"},
-{"id": 1861,
-"keyword": "direct execution"},
-{"id": 1862,
-"keyword": "important data structure"},
-{"id": 1863,
-"keyword": "projective coordinates"},
-{"id": 1864,
-"keyword": "hypergraph theory"},
{"id": 1865,
-"keyword": "perfect number theorem"},
+"keyword": "myhill nerode theorem"},
{"id": 1866,
-"keyword": "semantic arguments"},
+"keyword": "key result"},
{"id": 1867,
-"keyword": "linear variable-separated rewrite systems"},
+"keyword": "uniform substitution calculus"},
{"id": 1868,
-"keyword": "local lexing semantics"},
+"keyword": "slightly modified"},
{"id": 1869,
-"keyword": "suffix comparability"},
+"keyword": "tetrahedral group"},
{"id": 1870,
-"keyword": "shallow learning"},
+"keyword": "type class laws"},
{"id": 1871,
-"keyword": "normal form"},
+"keyword": "greatest common divisor"},
{"id": 1872,
-"keyword": "stone relation algebras"},
+"keyword": "automated reasoning framework"},
{"id": 1873,
-"keyword": "simulation relation"},
+"keyword": "compiled tactic code"},
{"id": 1874,
-"keyword": "constant functions"},
+"keyword": "merkle functors"},
{"id": 1875,
-"keyword": "small predicate"},
+"keyword": "dirichlet products"},
{"id": 1876,
-"keyword": "riemann zeta function"},
+"keyword": "import-expert format"},
{"id": 1877,
-"keyword": "jan kret nsk"},
+"keyword": "group ring"},
{"id": 1878,
-"keyword": "complex vector spaces"},
+"keyword": "efficient allocation"},
{"id": 1879,
-"keyword": "ordinary generating function"},
+"keyword": "miller ndash"},
{"id": 1880,
-"keyword": "incidence system isomorphisms"},
+"keyword": "direct execution"},
{"id": 1881,
+"keyword": "important data structure"},
+{"id": 1882,
+"keyword": "projective coordinates"},
+{"id": 1883,
+"keyword": "hypergraph theory"},
+{"id": 1884,
+"keyword": "perfect number theorem"},
+{"id": 1885,
+"keyword": "semantic arguments"},
+{"id": 1886,
+"keyword": "linear variable-separated rewrite systems"},
+{"id": 1887,
+"keyword": "local lexing semantics"},
+{"id": 1888,
+"keyword": "suffix comparability"},
+{"id": 1889,
+"keyword": "shallow learning"},
+{"id": 1890,
+"keyword": "normal form"},
+{"id": 1891,
+"keyword": "stone relation algebras"},
+{"id": 1892,
+"keyword": "simulation relation"},
+{"id": 1893,
+"keyword": "constant functions"},
+{"id": 1894,
+"keyword": "small predicate"},
+{"id": 1895,
+"keyword": "riemann zeta function"},
+{"id": 1896,
+"keyword": "jan kret nsk"},
+{"id": 1897,
+"keyword": "complex vector spaces"},
+{"id": 1898,
+"keyword": "ordinary generating function"},
+{"id": 1899,
+"keyword": "incidence system isomorphisms"},
+{"id": 1900,
"keyword": "coefficients modulo"},
-{"id": 1882,
+{"id": 1901,
"keyword": "cardinality formulae"},
-{"id": 1883,
+{"id": 1902,
"keyword": "minor corrections"},
-{"id": 1884,
+{"id": 1903,
"keyword": "exceeds aleph_1"},
-{"id": 1885,
+{"id": 1904,
"keyword": "basic superposition calculus"},
-{"id": 1886,
+{"id": 1905,
"keyword": "projective geometry"},
-{"id": 1887,
+{"id": 1906,
"keyword": "imperative target language"},
-{"id": 1888,
+{"id": 1907,
"keyword": "automatically derive"},
-{"id": 1889,
+{"id": 1908,
"keyword": "afp entry implements"},
-{"id": 1890,
+{"id": 1909,
"keyword": "geometric folklore proof rigorous"},
-{"id": 1891,
+{"id": 1910,
"keyword": "transitive noninterference policies"},
-{"id": 1892,
+{"id": 1911,
"keyword": "structure proofs"},
-{"id": 1893,
+{"id": 1912,
"keyword": "arbitrary number"},
-{"id": 1894,
+{"id": 1913,
"keyword": "control-flow operators"},
-{"id": 1895,
+{"id": 1914,
"keyword": "powerset monad"},
-{"id": 1896,
+{"id": 1915,
"keyword": "distribute sequential composition"},
-{"id": 1897,
+{"id": 1916,
"keyword": "algebraic point"},
-{"id": 1898,
+{"id": 1917,
"keyword": "common base clock"},
-{"id": 1899,
+{"id": 1918,
"keyword": "lawrence paulson"},
-{"id": 1900,
+{"id": 1919,
"keyword": "dk andschl thesis"},
-{"id": 1901,
+{"id": 1920,
"keyword": "confidentiality guarantees"},
-{"id": 1902,
+{"id": 1921,
"keyword": "intensional higher-order modal logic"},
-{"id": 1903,
+{"id": 1922,
"keyword": "gromov hyperbolic spaces"},
-{"id": 1904,
+{"id": 1923,
"keyword": "experimental data suggests"},
-{"id": 1905,
+{"id": 1924,
"keyword": "control dependencies"},
-{"id": 1906,
+{"id": 1925,
"keyword": "multi-head paradigm"},
-{"id": 1907,
+{"id": 1926,
"keyword": "average-case cost"},
-{"id": 1908,
-"keyword": "article collects formalisations"},
-{"id": 1909,
-"keyword": "monitoring algorithm"},
-{"id": 1910,
-"keyword": "logical approaches"},
-{"id": 1911,
-"keyword": "strong ties"},
-{"id": 1912,
-"keyword": "binary search tree operations"},
-{"id": 1913,
-"keyword": "private information"},
-{"id": 1914,
-"keyword": "transition execution function"},
-{"id": 1915,
-"keyword": "analyzed firewall mdash"},
-{"id": 1916,
-"keyword": "residue classes"},
-{"id": 1917,
-"keyword": "final implementation"},
-{"id": 1918,
-"keyword": "theory builds"},
-{"id": 1919,
-"keyword": "pldi 2015 paper"},
-{"id": 1920,
-"keyword": "carath odory"},
-{"id": 1921,
-"keyword": "transitive closure"},
-{"id": 1922,
-"keyword": "book dense sphere packings"},
-{"id": 1923,
-"keyword": "planar systems"},
-{"id": 1924,
-"keyword": "results hold"},
-{"id": 1925,
-"keyword": "parser written"},
-{"id": 1926,
-"keyword": "nature allowing"},
{"id": 1927,
-"keyword": "educational setting due"},
+"keyword": "article collects formalisations"},
{"id": 1928,
-"keyword": "resolution rule"},
+"keyword": "monitoring algorithm"},
{"id": 1929,
-"keyword": "verification conditions generated"},
+"keyword": "logical approaches"},
{"id": 1930,
-"keyword": "full extent"},
+"keyword": "strong ties"},
{"id": 1931,
-"keyword": "binary trees fredman"},
+"keyword": "binary search tree operations"},
{"id": 1932,
-"keyword": "systems communication patterns"},
+"keyword": "private information"},
{"id": 1933,
+"keyword": "transition execution function"},
+{"id": 1934,
+"keyword": "analyzed firewall mdash"},
+{"id": 1935,
+"keyword": "residue classes"},
+{"id": 1936,
+"keyword": "final implementation"},
+{"id": 1937,
+"keyword": "theory builds"},
+{"id": 1938,
+"keyword": "pldi 2015 paper"},
+{"id": 1939,
+"keyword": "carath odory"},
+{"id": 1940,
+"keyword": "transitive closure"},
+{"id": 1941,
+"keyword": "book dense sphere packings"},
+{"id": 1942,
+"keyword": "planar systems"},
+{"id": 1943,
+"keyword": "results hold"},
+{"id": 1944,
+"keyword": "parser written"},
+{"id": 1945,
+"keyword": "nature allowing"},
+{"id": 1946,
+"keyword": "educational setting due"},
+{"id": 1947,
+"keyword": "resolution rule"},
+{"id": 1948,
+"keyword": "verification conditions generated"},
+{"id": 1949,
+"keyword": "full extent"},
+{"id": 1950,
+"keyword": "binary trees fredman"},
+{"id": 1951,
+"keyword": "systems communication patterns"},
+{"id": 1952,
"keyword": "handwritten reference implementations"},
-{"id": 1934,
+{"id": 1953,
+"keyword": "interest distributed"},
+{"id": 1954,
"keyword": "metric first-order temporal logic"},
-{"id": 1935,
+{"id": 1955,
"keyword": "paraconsistent engineering"},
-{"id": 1936,
+{"id": 1956,
"keyword": "stone algebra"},
-{"id": 1937,
+{"id": 1957,
"keyword": "verify basic algorithms"},
-{"id": 1938,
+{"id": 1958,
"keyword": "dirichlet series"},
-{"id": 1939,
+{"id": 1959,
"keyword": "weak conjunction"},
-{"id": 1940,
+{"id": 1960,
"keyword": "desired subgraph"},
-{"id": 1941,
+{"id": 1961,
"keyword": "hermitian matrix"},
-{"id": 1942,
+{"id": 1962,
"keyword": "hol nominal"},
-{"id": 1943,
+{"id": 1963,
"keyword": "set theory framework"},
-{"id": 1944,
+{"id": 1964,
"keyword": "modeling application level protocols"},
-{"id": 1945,
+{"id": 1965,
"keyword": "functions approximating"},
-{"id": 1946,
+{"id": 1966,
"keyword": "domain-theoretic fixpoint operator"},
-{"id": 1947,
+{"id": 1967,
"keyword": "amir hossein parvardi"},
-{"id": 1948,
+{"id": 1968,
"keyword": "np-hard problem"},
-{"id": 1949,
-"keyword": "trace based"},
-{"id": 1950,
-"keyword": "digit expansions builds"},
-{"id": 1951,
-"keyword": "correct 2-3 finger trees"},
-{"id": 1952,
-"keyword": "sizeable family"},
-{"id": 1953,
-"keyword": "optimal running time"},
-{"id": 1954,
-"keyword": "emptiness check"},
-{"id": 1955,
-"keyword": "ordinal exponentiation"},
-{"id": 1956,
-"keyword": "first-order clauses"},
-{"id": 1957,
-"keyword": "stiffness matrix"},
-{"id": 1958,
-"keyword": "clause sets"},
-{"id": 1959,
-"keyword": "georg kreisel"},
-{"id": 1960,
-"keyword": "cartesian closed categories"},
-{"id": 1961,
-"keyword": "executions produce sequences"},
-{"id": 1962,
-"keyword": "shifting intervals"},
-{"id": 1963,
-"keyword": "write poof strategies"},
-{"id": 1964,
-"keyword": "approximating real roots"},
-{"id": 1965,
-"keyword": "sequential imperative programming language"},
-{"id": 1966,
-"keyword": "models partial functions"},
-{"id": 1967,
-"keyword": "data dependencies"},
-{"id": 1968,
-"keyword": "distinctive feature"},
{"id": 1969,
-"keyword": "underlying transition system"},
+"keyword": "trace based"},
{"id": 1970,
-"keyword": "derive powerful induction rules"},
+"keyword": "digit expansions builds"},
{"id": 1971,
-"keyword": "fair prices"},
+"keyword": "correct 2-3 finger trees"},
{"id": 1972,
-"keyword": "eye color"},
+"keyword": "sizeable family"},
{"id": 1973,
-"keyword": "polynomially bounded"},
+"keyword": "optimal running time"},
{"id": 1974,
-"keyword": "contribution presents"},
+"keyword": "emptiness check"},
{"id": 1975,
+"keyword": "ordinal exponentiation"},
+{"id": 1976,
+"keyword": "first-order clauses"},
+{"id": 1977,
+"keyword": "stiffness matrix"},
+{"id": 1978,
+"keyword": "clause sets"},
+{"id": 1979,
+"keyword": "georg kreisel"},
+{"id": 1980,
+"keyword": "cartesian closed categories"},
+{"id": 1981,
+"keyword": "executions produce sequences"},
+{"id": 1982,
+"keyword": "shifting intervals"},
+{"id": 1983,
+"keyword": "write poof strategies"},
+{"id": 1984,
+"keyword": "approximating real roots"},
+{"id": 1985,
+"keyword": "sequential imperative programming language"},
+{"id": 1986,
+"keyword": "models partial functions"},
+{"id": 1987,
+"keyword": "data dependencies"},
+{"id": 1988,
+"keyword": "distinctive feature"},
+{"id": 1989,
+"keyword": "underlying transition system"},
+{"id": 1990,
+"keyword": "derive powerful induction rules"},
+{"id": 1991,
+"keyword": "fair prices"},
+{"id": 1992,
+"keyword": "eye color"},
+{"id": 1993,
+"keyword": "polynomially bounded"},
+{"id": 1994,
+"keyword": "contribution presents"},
+{"id": 1995,
"keyword": "computer-assisted interpretive method"},
-{"id": 1976,
+{"id": 1996,
"keyword": "weak conjunction operator coincides"},
-{"id": 1977,
+{"id": 1997,
"keyword": "maximum-flow minimal-cut theorem"},
-{"id": 1978,
+{"id": 1998,
"keyword": "negative diagonal entry"},
-{"id": 1979,
+{"id": 1999,
"keyword": "relation composition"},
-{"id": 1980,
+{"id": 2000,
"keyword": "notions probabilistic noninterference"},
-{"id": 1981,
+{"id": 2001,
"keyword": "language processing"},
-{"id": 1982,
+{"id": 2002,
"keyword": "crypthol library crypthol"},
-{"id": 1983,
+{"id": 2003,
"keyword": "multiplicative subset"},
-{"id": 1984,
+{"id": 2004,
"keyword": "proof outlines"},
-{"id": 1985,
+{"id": 2005,
"keyword": "top 100 theorems list"},
-{"id": 1986,
+{"id": 2006,
"keyword": "banach space"},
-{"id": 1987,
+{"id": 2007,
"keyword": "so-called desargues"},
-{"id": 1988,
+{"id": 2008,
"keyword": "current version"},
-{"id": 1989,
+{"id": 2009,
"keyword": "added formalisations"},
-{"id": 1990,
+{"id": 2010,
"keyword": "a-priori detect"},
-{"id": 1991,
+{"id": 2011,
"keyword": "periodic arithmetic functions"},
-{"id": 1992,
+{"id": 2012,
"keyword": "infinite ramsey theorem"},
-{"id": 1993,
+{"id": 2013,
"keyword": "registering applicative functors"},
-{"id": 1994,
+{"id": 2014,
"keyword": "future combinations"},
-{"id": 1995,
+{"id": 2015,
"keyword": "mutable references"},
-{"id": 1996,
+{"id": 2016,
"keyword": "isosceles triangle theorem"},
-{"id": 1997,
+{"id": 2017,
"keyword": "big step semantics"},
-{"id": 1998,
+{"id": 2018,
"keyword": "sequential consistency"},
-{"id": 1999,
+{"id": 2019,
"keyword": "strict partial orders"},
-{"id": 2000,
+{"id": 2020,
"keyword": "45th theorem"},
-{"id": 2001,
+{"id": 2021,
"keyword": "html documents"},
-{"id": 2002,
+{"id": 2022,
"keyword": "abelian group"},
-{"id": 2003,
+{"id": 2023,
"keyword": "volpano smith system"},
-{"id": 2004,
+{"id": 2024,
"keyword": "faug egrave"},
-{"id": 2005,
+{"id": 2025,
"keyword": "formalisation accompanies"},
-{"id": 2006,
+{"id": 2026,
"keyword": "asymptotic approximation"},
-{"id": 2007,
+{"id": 2027,
"keyword": "offers low-latency data-"},
-{"id": 2008,
+{"id": 2028,
"keyword": "specific parameterization"},
-{"id": 2009,
+{"id": 2029,
"keyword": "kleene algebra"},
-{"id": 2010,
+{"id": 2030,
"keyword": "time frames"},
-{"id": 2011,
+{"id": 2031,
"keyword": "bnfccs preserve quotients"},
-{"id": 2012,
+{"id": 2032,
"keyword": "prover implementing"},
-{"id": 2013,
-"keyword": "partial networks"},
-{"id": 2014,
-"keyword": "functor category"},
-{"id": 2015,
-"keyword": "nora szasz"},
-{"id": 2016,
-"keyword": "stephanie bell"},
-{"id": 2017,
-"keyword": "austrian science fund"},
-{"id": 2018,
-"keyword": "denies access"},
-{"id": 2019,
-"keyword": "effective mutual authentication service"},
-{"id": 2020,
-"keyword": "finite length"},
-{"id": 2021,
-"keyword": "monic irreducible polynomials"},
-{"id": 2022,
-"keyword": "boolean matrices"},
-{"id": 2023,
-"keyword": "normalises monadic expressions"},
-{"id": 2024,
-"keyword": "verification conditions"},
-{"id": 2025,
-"keyword": "allowed accesses"},
-{"id": 2026,
-"keyword": "large class"},
-{"id": 2027,
-"keyword": "concerns infinite sets"},
-{"id": 2028,
-"keyword": "simple formalization covering"},
-{"id": 2029,
-"keyword": "precise effect"},
-{"id": 2030,
-"keyword": "semantic resolution"},
-{"id": 2031,
-"keyword": "publisher component"},
-{"id": 2032,
-"keyword": "verified checker past"},
{"id": 2033,
-"keyword": "checks strong security"},
+"keyword": "partial networks"},
{"id": 2034,
-"keyword": "real polynomial"},
+"keyword": "functor category"},
{"id": 2035,
-"keyword": "real normed division algebras"},
+"keyword": "nora szasz"},
{"id": 2036,
-"keyword": "derives equality theorems"},
+"keyword": "stephanie bell"},
{"id": 2037,
-"keyword": "book linear algebra"},
+"keyword": "austrian science fund"},
{"id": 2038,
-"keyword": "exponential generating function"},
+"keyword": "denies access"},
{"id": 2039,
-"keyword": "function checking"},
+"keyword": "effective mutual authentication service"},
{"id": 2040,
-"keyword": "refinement framework"},
+"keyword": "finite length"},
{"id": 2041,
-"keyword": "slide operation"},
+"keyword": "monic irreducible polynomials"},
{"id": 2042,
-"keyword": "morris-pratt string matching algorithm"},
+"keyword": "boolean matrices"},
{"id": 2043,
-"keyword": "infinite execution"},
+"keyword": "normalises monadic expressions"},
{"id": 2044,
-"keyword": "independent interest"},
+"keyword": "verification conditions"},
{"id": 2045,
-"keyword": "simple interactive proof assistant"},
+"keyword": "allowed accesses"},
{"id": 2046,
-"keyword": "construction theorem"},
+"keyword": "large class"},
{"id": 2047,
-"keyword": "object logic chaudhuri"},
+"keyword": "concerns infinite sets"},
{"id": 2048,
-"keyword": "formulas assuming"},
+"keyword": "simple formalization covering"},
{"id": 2049,
+"keyword": "precise effect"},
+{"id": 2050,
+"keyword": "semantic resolution"},
+{"id": 2051,
+"keyword": "multiplication syntactically"},
+{"id": 2052,
+"keyword": "publisher component"},
+{"id": 2053,
+"keyword": "verified checker past"},
+{"id": 2054,
+"keyword": "checks strong security"},
+{"id": 2055,
+"keyword": "real polynomial"},
+{"id": 2056,
+"keyword": "real normed division algebras"},
+{"id": 2057,
+"keyword": "derives equality theorems"},
+{"id": 2058,
+"keyword": "interest rate"},
+{"id": 2059,
+"keyword": "book linear algebra"},
+{"id": 2060,
+"keyword": "exponential generating function"},
+{"id": 2061,
+"keyword": "function checking"},
+{"id": 2062,
+"keyword": "refinement framework"},
+{"id": 2063,
+"keyword": "slide operation"},
+{"id": 2064,
+"keyword": "morris-pratt string matching algorithm"},
+{"id": 2065,
+"keyword": "infinite execution"},
+{"id": 2066,
+"keyword": "independent interest"},
+{"id": 2067,
+"keyword": "simple interactive proof assistant"},
+{"id": 2068,
+"keyword": "construction theorem"},
+{"id": 2069,
+"keyword": "object logic chaudhuri"},
+{"id": 2070,
+"keyword": "formulas assuming"},
+{"id": 2071,
"keyword": "unrestricted resolution rule"},
-{"id": 2050,
+{"id": 2072,
"keyword": "easy reuse"},
-{"id": 2051,
+{"id": 2073,
"keyword": "lift_definition command"},
-{"id": 2052,
+{"id": 2074,
"keyword": "paul erd"},
-{"id": 2053,
+{"id": 2075,
"keyword": "separation logic utilities"},
-{"id": 2054,
+{"id": 2076,
"keyword": "formal semantics builds"},
-{"id": 2055,
+{"id": 2077,
"keyword": "inference rules"},
-{"id": 2056,
+{"id": 2078,
"keyword": "complex arguments"},
-{"id": 2057,
+{"id": 2079,
"keyword": "runge-kutta methods"},
-{"id": 2058,
+{"id": 2080,
"keyword": "satisfying tuples"},
-{"id": 2059,
+{"id": 2081,
"keyword": "hahn decomposition theorem"},
-{"id": 2060,
+{"id": 2082,
"keyword": "compute asymptotic expansions"},
-{"id": 2061,
+{"id": 2083,
"keyword": "snyder found"},
-{"id": 2062,
+{"id": 2084,
"keyword": "so-called hessenberg"},
-{"id": 2063,
+{"id": 2085,
"keyword": "refutational theorem proving"},
-{"id": 2064,
+{"id": 2086,
"keyword": "additional assumptions needed"},
-{"id": 2065,
+{"id": 2087,
+"keyword": "separating conjunction"},
+{"id": 2088,
"keyword": "domain-theoretic semantics"},
-{"id": 2066,
+{"id": 2089,
"keyword": "weak law"},
-{"id": 2067,
+{"id": 2090,
"keyword": "monadified version"},
-{"id": 2068,
+{"id": 2091,
"keyword": "state-of-the-art sat-based planner"},
-{"id": 2069,
+{"id": 2092,
"keyword": "approach supports reachability goals"},
-{"id": 2070,
+{"id": 2093,
"keyword": "residuation operation"},
-{"id": 2071,
+{"id": 2094,
"keyword": "formal proof technology"},
-{"id": 2072,
+{"id": 2095,
"keyword": "missing gaps"},
-{"id": 2073,
+{"id": 2096,
"keyword": "prime number rdquo"},
-{"id": 2074,
+{"id": 2097,
"keyword": "simpler sigma-calculus based"},
-{"id": 2075,
+{"id": 2098,
"keyword": "maintain hidden state"},
-{"id": 2076,
+{"id": 2099,
"keyword": "statement applies"},
-{"id": 2077,
+{"id": 2100,
"keyword": "intraprocedural proof"},
-{"id": 2078,
+{"id": 2101,
"keyword": "interesting property"},
-{"id": 2079,
+{"id": 2102,
"keyword": "formal semantics complies"},
-{"id": 2080,
+{"id": 2103,
"keyword": "independent families"},
-{"id": 2081,
+{"id": 2104,
"keyword": "greatest fixed points"},
-{"id": 2082,
+{"id": 2105,
"keyword": "debugging purposes"},
-{"id": 2083,
+{"id": 2106,
"keyword": "exact nature"},
-{"id": 2084,
+{"id": 2107,
"keyword": "separator smaller"},
-{"id": 2085,
+{"id": 2108,
"keyword": "linear inequalities"},
-{"id": 2086,
+{"id": 2109,
"keyword": "difference vector"},
-{"id": 2087,
+{"id": 2110,
"keyword": "compositional approach"},
-{"id": 2088,
+{"id": 2111,
"keyword": "safely composable dom"},
-{"id": 2089,
+{"id": 2112,
"keyword": "sml parser"},
-{"id": 2090,
+{"id": 2113,
"keyword": "treated implicitly"},
-{"id": 2091,
+{"id": 2114,
"keyword": "full bridge rule"},
-{"id": 2092,
+{"id": 2115,
"keyword": "asymptotic bounds"},
-{"id": 2093,
+{"id": 2116,
"keyword": "compiler correctness proof"},
-{"id": 2094,
-"keyword": "growth rates"},
-{"id": 2095,
-"keyword": "second-order logic"},
-{"id": 2096,
-"keyword": "imperative programs"},
-{"id": 2097,
-"keyword": "call merkle functors"},
-{"id": 2098,
-"keyword": "printing case expressions"},
-{"id": 2099,
-"keyword": "homological argument"},
-{"id": 2100,
-"keyword": "partial correctness setting"},
-{"id": 2101,
-"keyword": "fundamental binary operations allowing"},
-{"id": 2102,
-"keyword": "mid 80s"},
-{"id": 2103,
-"keyword": "main theorem relates"},
-{"id": 2104,
-"keyword": "arctic semirings satisfy"},
-{"id": 2105,
-"keyword": "covering directed"},
-{"id": 2106,
-"keyword": "abstract interface"},
-{"id": 2107,
-"keyword": "existing solutions"},
-{"id": 2108,
-"keyword": "group theory results"},
-{"id": 2109,
-"keyword": "network security mechanisms"},
-{"id": 2110,
-"keyword": "text"},
-{"id": 2111,
-"keyword": "ordinary assertional reasoning"},
-{"id": 2112,
-"keyword": "operational correspondence"},
-{"id": 2113,
-"keyword": "standard boolean algebra operations"},
-{"id": 2114,
-"keyword": "haskell"},
-{"id": 2115,
-"keyword": "precisely compute roots"},
-{"id": 2116,
-"keyword": "nondeterministic programs"},
{"id": 2117,
-"keyword": "verified monitor"},
+"keyword": "growth rates"},
{"id": 2118,
-"keyword": "data-type declarations"},
+"keyword": "second-order logic"},
{"id": 2119,
-"keyword": "function elts"},
+"keyword": "imperative programs"},
{"id": 2120,
-"keyword": "flyspeck project"},
+"keyword": "call merkle functors"},
{"id": 2121,
-"keyword": "classic unsolved problems"},
+"keyword": "printing case expressions"},
{"id": 2122,
-"keyword": "amicable numbers"},
+"keyword": "homological argument"},
{"id": 2123,
-"keyword": "order-theoretic concepts"},
+"keyword": "partial correctness setting"},
{"id": 2124,
-"keyword": "set theory"},
+"keyword": "fundamental binary operations allowing"},
{"id": 2125,
-"keyword": "total correctness"},
+"keyword": "mid 80s"},
{"id": 2126,
-"keyword": "basic properties"},
+"keyword": "main theorem relates"},
{"id": 2127,
-"keyword": "special issue"},
+"keyword": "arctic semirings satisfy"},
{"id": 2128,
-"keyword": "list type"},
+"keyword": "covering directed"},
{"id": 2129,
-"keyword": "efficient proof checking"},
+"keyword": "abstract interface"},
{"id": 2130,
-"keyword": "peter lammich"},
+"keyword": "existing solutions"},
{"id": 2131,
-"keyword": "black-box traces"},
+"keyword": "group theory results"},
{"id": 2132,
-"keyword": "code generation feature"},
+"keyword": "network security mechanisms"},
{"id": 2133,
-"keyword": "randall munroe"},
+"keyword": "text"},
{"id": 2134,
-"keyword": "meeting point"},
+"keyword": "ordinary assertional reasoning"},
{"id": 2135,
-"keyword": "rational root test"},
+"keyword": "operational correspondence"},
{"id": 2136,
-"keyword": "cyk decides"},
+"keyword": "standard boolean algebra operations"},
{"id": 2137,
-"keyword": "algebraic manipulations"},
+"keyword": "haskell"},
{"id": 2138,
-"keyword": "generic types"},
+"keyword": "precisely compute roots"},
{"id": 2139,
-"keyword": "tour revisited"},
+"keyword": "nondeterministic programs"},
{"id": 2140,
-"keyword": "formally verify gauss-seidel"},
+"keyword": "verified monitor"},
{"id": 2141,
-"keyword": "simple verified token"},
+"keyword": "data-type declarations"},
{"id": 2142,
-"keyword": "insertion sort"},
+"keyword": "function elts"},
{"id": 2143,
-"keyword": "transfinite cardinalities"},
+"keyword": "flyspeck project"},
{"id": 2144,
-"keyword": "travel faster"},
+"keyword": "classic unsolved problems"},
{"id": 2145,
-"keyword": "greater detail"},
+"keyword": "amicable numbers"},
{"id": 2146,
-"keyword": "partial data structures"},
+"keyword": "order-theoretic concepts"},
{"id": 2147,
-"keyword": "formalising t-designs"},
+"keyword": "set theory"},
{"id": 2148,
-"keyword": "strictness theorem"},
+"keyword": "total correctness"},
{"id": 2149,
-"keyword": "alternative interface"},
+"keyword": "basic properties"},
{"id": 2150,
-"keyword": "maximum flow"},
+"keyword": "special issue"},
{"id": 2151,
-"keyword": "hamiltonian path problem"},
+"keyword": "list type"},
{"id": 2152,
-"keyword": "ltl yielding"},
+"keyword": "efficient proof checking"},
{"id": 2153,
-"keyword": "recurrence equations"},
+"keyword": "peter lammich"},
{"id": 2154,
-"keyword": "additional effort"},
+"keyword": "black-box traces"},
{"id": 2155,
-"keyword": "formally verified quantifier elimination"},
+"keyword": "code generation feature"},
{"id": 2156,
-"keyword": "weak simulation"},
+"keyword": "randall munroe"},
{"id": 2157,
-"keyword": "maximum reachability probabilities"},
+"keyword": "meeting point"},
{"id": 2158,
-"keyword": "complex polynomials"},
+"keyword": "rational root test"},
{"id": 2159,
-"keyword": "discrete instants"},
+"keyword": "cyk decides"},
{"id": 2160,
-"keyword": "higher edge probability"},
+"keyword": "algebraic manipulations"},
{"id": 2161,
-"keyword": "key cards"},
+"keyword": "generic types"},
{"id": 2162,
-"keyword": "representation function"},
+"keyword": "tour revisited"},
{"id": 2163,
-"keyword": "inequality involving expectations"},
+"keyword": "formally verify gauss-seidel"},
{"id": 2164,
-"keyword": "theorem statement"},
+"keyword": "simple verified token"},
{"id": 2165,
-"keyword": "simpler operations"},
+"keyword": "insertion sort"},
{"id": 2166,
-"keyword": "summation bounds grow"},
+"keyword": "transfinite cardinalities"},
{"id": 2167,
-"keyword": "framed links"},
+"keyword": "travel faster"},
{"id": 2168,
-"keyword": "ample set condition"},
+"keyword": "greater detail"},
{"id": 2169,
-"keyword": "violate sortedness"},
+"keyword": "partial data structures"},
{"id": 2170,
-"keyword": "directly implies"},
+"keyword": "formalising t-designs"},
{"id": 2171,
-"keyword": "accommodating arbitrary nominal datatypes"},
+"keyword": "strictness theorem"},
{"id": 2172,
-"keyword": "number-theoretic functions"},
+"keyword": "alternative interface"},
{"id": 2173,
-"keyword": "to-string functions"},
+"keyword": "maximum flow"},
{"id": 2174,
-"keyword": "states common definitions"},
+"keyword": "hamiltonian path problem"},
{"id": 2175,
-"keyword": "constructive cryptography proofs"},
+"keyword": "ltl yielding"},
{"id": 2176,
-"keyword": "abstract perspective enables"},
+"keyword": "recurrence equations"},
{"id": 2177,
-"keyword": "cosmed social media platform"},
+"keyword": "additional effort"},
{"id": 2178,
-"keyword": "splitting compilation"},
+"keyword": "formally verified quantifier elimination"},
{"id": 2179,
-"keyword": "well-ordered type"},
+"keyword": "weak simulation"},
{"id": 2180,
-"keyword": "language features monadic sequencing"},
+"keyword": "maximum reachability probabilities"},
{"id": 2181,
-"keyword": "conflict-free replicated datatype"},
+"keyword": "complex polynomials"},
{"id": 2182,
-"keyword": "verified compiler"},
+"keyword": "discrete instants"},
{"id": 2183,
-"keyword": "rts definition mandates safety"},
+"keyword": "higher edge probability"},
{"id": 2184,
-"keyword": "abstract formalization"},
+"keyword": "key cards"},
{"id": 2185,
-"keyword": "works based"},
+"keyword": "representation function"},
{"id": 2186,
-"keyword": "uniform substitution principle"},
+"keyword": "inequality involving expectations"},
{"id": 2187,
-"keyword": "infinite domain"},
+"keyword": "theorem statement"},
{"id": 2188,
-"keyword": "full classification"},
+"keyword": "simpler operations"},
{"id": 2189,
-"keyword": "identify undesired information leaks"},
+"keyword": "summation bounds grow"},
{"id": 2190,
-"keyword": "building correct programs working"},
+"keyword": "framed links"},
{"id": 2191,
-"keyword": "working backwards"},
+"keyword": "ample set condition"},
{"id": 2192,
-"keyword": "functorial operations"},
+"keyword": "violate sortedness"},
{"id": 2193,
-"keyword": "intuitive desired security policy"},
+"keyword": "directly implies"},
{"id": 2194,
-"keyword": "org abs 1609"},
+"keyword": "accommodating arbitrary nominal datatypes"},
{"id": 2195,
-"keyword": "sum type"},
+"keyword": "number-theoretic functions"},
{"id": 2196,
-"keyword": "epistemic logic"},
+"keyword": "to-string functions"},
{"id": 2197,
-"keyword": "sending end host selects"},
+"keyword": "states common definitions"},
{"id": 2198,
-"keyword": "hybrid programs"},
+"keyword": "constructive cryptography proofs"},
{"id": 2199,
-"keyword": "statement"},
+"keyword": "abstract perspective enables"},
{"id": 2200,
-"keyword": "academic partners"},
+"keyword": "cosmed social media platform"},
{"id": 2201,
-"keyword": "similar systems"},
+"keyword": "splitting compilation"},
{"id": 2202,
-"keyword": "efficient priority search trees"},
+"keyword": "well-ordered type"},
{"id": 2203,
-"keyword": "small sets"},
+"keyword": "language features monadic sequencing"},
{"id": 2204,
-"keyword": "pattern matching"},
+"keyword": "conflict-free replicated datatype"},
{"id": 2205,
-"keyword": "author x27"},
+"keyword": "verified compiler"},
{"id": 2206,
-"keyword": "direct adequacy proof"},
+"keyword": "rts definition mandates safety"},
{"id": 2207,
-"keyword": "lucas ndash"},
+"keyword": "abstract formalization"},
{"id": 2208,
-"keyword": "original parallel postulate"},
+"keyword": "works based"},
{"id": 2209,
-"keyword": "polynomial"},
+"keyword": "uniform substitution principle"},
{"id": 2210,
-"keyword": "article"},
+"keyword": "infinite domain"},
{"id": 2211,
-"keyword": "outstanding work"},
+"keyword": "full classification"},
{"id": 2212,
-"keyword": "transfinite recursion"},
+"keyword": "identify undesired information leaks"},
{"id": 2213,
-"keyword": "previously replaced term"},
+"keyword": "building correct programs working"},
{"id": 2214,
-"keyword": "fully verified"},
+"keyword": "working backwards"},
{"id": 2215,
-"keyword": "running time"},
+"keyword": "functorial operations"},
{"id": 2216,
-"keyword": "gou zel"},
+"keyword": "intuitive desired security policy"},
{"id": 2217,
-"keyword": "program execution"},
+"keyword": "org abs 1609"},
{"id": 2218,
+"keyword": "sum type"},
+{"id": 2219,
+"keyword": "epistemic logic"},
+{"id": 2220,
+"keyword": "sending end host selects"},
+{"id": 2221,
+"keyword": "hybrid programs"},
+{"id": 2222,
+"keyword": "statement"},
+{"id": 2223,
+"keyword": "academic partners"},
+{"id": 2224,
+"keyword": "similar systems"},
+{"id": 2225,
+"keyword": "efficient priority search trees"},
+{"id": 2226,
+"keyword": "small sets"},
+{"id": 2227,
+"keyword": "pattern matching"},
+{"id": 2228,
+"keyword": "author x27"},
+{"id": 2229,
+"keyword": "direct adequacy proof"},
+{"id": 2230,
+"keyword": "lucas ndash"},
+{"id": 2231,
+"keyword": "original parallel postulate"},
+{"id": 2232,
+"keyword": "polynomial"},
+{"id": 2233,
+"keyword": "article"},
+{"id": 2234,
+"keyword": "outstanding work"},
+{"id": 2235,
+"keyword": "transfinite recursion"},
+{"id": 2236,
+"keyword": "previously replaced term"},
+{"id": 2237,
+"keyword": "fully verified"},
+{"id": 2238,
+"keyword": "running time"},
+{"id": 2239,
+"keyword": "gou zel"},
+{"id": 2240,
+"keyword": "program execution"},
+{"id": 2241,
"keyword": "entire input sequence"},
-{"id": 2219,
+{"id": 2242,
"keyword": "standard textbook proof"},
-{"id": 2220,
+{"id": 2243,
"keyword": "computation based"},
-{"id": 2221,
+{"id": 2244,
"keyword": "hol set"},
-{"id": 2222,
+{"id": 2245,
"keyword": "surprise hanging"},
-{"id": 2223,
+{"id": 2246,
"keyword": "efsms execute traces"},
-{"id": 2224,
+{"id": 2247,
"keyword": "display algebraic numbers"},
-{"id": 2225,
+{"id": 2248,
"keyword": "constant predicates stated"},
-{"id": 2226,
+{"id": 2249,
"keyword": "mutually inverse"},
-{"id": 2227,
+{"id": 2250,
"keyword": "automotive-gateway system"},
-{"id": 2228,
+{"id": 2251,
"keyword": "type constructor representing"},
-{"id": 2229,
+{"id": 2252,
"keyword": "afp entry complex geometry"},
-{"id": 2230,
+{"id": 2253,
"keyword": "lists representation"},
-{"id": 2231,
+{"id": 2254,
"keyword": "state-based non-deterministic sequential computations"},
-{"id": 2232,
+{"id": 2255,
"keyword": "complete basis"},
-{"id": 2233,
+{"id": 2256,
"keyword": "existing package algorithms"},
-{"id": 2234,
+{"id": 2257,
"keyword": "target concurrent operating systems"},
-{"id": 2235,
+{"id": 2258,
"keyword": "butterfly scheme"},
-{"id": 2236,
+{"id": 2259,
"keyword": "classical church-rosser theorem"},
-{"id": 2237,
+{"id": 2260,
"keyword": "polychronous systems"},
-{"id": 2238,
+{"id": 2261,
"keyword": "certified declarative first-order prover"},
-{"id": 2239,
+{"id": 2262,
"keyword": "commuting conversion rule"},
-{"id": 2240,
+{"id": 2263,
"keyword": "parity wallet bug"},
-{"id": 2241,
+{"id": 2264,
"keyword": "tame plane graphs"},
-{"id": 2242,
+{"id": 2265,
"keyword": "stream processing functions"},
-{"id": 2243,
+{"id": 2266,
"keyword": "rely guarantee reasoning"},
-{"id": 2244,
+{"id": 2267,
"keyword": "haskell library"},
-{"id": 2245,
+{"id": 2268,
"keyword": "13 binary relations"},
-{"id": 2246,
+{"id": 2269,
"keyword": "expressing security properties"},
-{"id": 2247,
+{"id": 2270,
"keyword": "turing computability"},
-{"id": 2248,
+{"id": 2271,
"keyword": "encoding"},
-{"id": 2249,
+{"id": 2272,
"keyword": "side product"},
-{"id": 2250,
+{"id": 2273,
"keyword": "restricted identification"},
-{"id": 2251,
+{"id": 2274,
"keyword": "order logic"},
-{"id": 2252,
+{"id": 2275,
"keyword": "type checking phase"},
-{"id": 2253,
+{"id": 2276,
"keyword": "natural transformations"},
-{"id": 2254,
+{"id": 2277,
"keyword": "related concepts"},
-{"id": 2255,
+{"id": 2278,
"keyword": "labelled directed graphs"},
-{"id": 2256,
+{"id": 2279,
"keyword": "implementation runs"},
-{"id": 2257,
+{"id": 2280,
"keyword": "proofs correct incompletenesses"},
-{"id": 2258,
+{"id": 2281,
"keyword": "existing replication algorithm satisfies"},
-{"id": 2259,
+{"id": 2282,
"keyword": "algorithm top-"},
-{"id": 2260,
+{"id": 2283,
"keyword": "x_1"},
-{"id": 2261,
+{"id": 2284,
"keyword": "complete networks"},
-{"id": 2262,
+{"id": 2285,
"keyword": "multiplicative constants"},
-{"id": 2263,
+{"id": 2286,
"keyword": "sifum_type_systems afp entry"},
-{"id": 2264,
+{"id": 2287,
"keyword": "tail-recursive implementation"},
-{"id": 2265,
+{"id": 2288,
"keyword": "usable framework"},
-{"id": 2266,
+{"id": 2289,
"keyword": "source coding theorem"},
-{"id": 2267,
+{"id": 2290,
"keyword": "von wright"},
-{"id": 2268,
+{"id": 2291,
"keyword": "paper formalising fisher"},
-{"id": 2269,
+{"id": 2292,
"keyword": "modular assembly kit"},
-{"id": 2270,
+{"id": 2293,
"keyword": "web community"},
-{"id": 2271,
+{"id": 2294,
"keyword": "unrelated times"},
-{"id": 2272,
+{"id": 2295,
"keyword": "stepwise manner"},
-{"id": 2273,
+{"id": 2296,
"keyword": "semantic type soundness"},
-{"id": 2274,
+{"id": 2297,
"keyword": "linear algebraic techniques"},
-{"id": 2275,
+{"id": 2298,
"keyword": "hoare logic"},
-{"id": 2276,
+{"id": 2299,
"keyword": "multithreaded case"},
-{"id": 2277,
+{"id": 2300,
"keyword": "hintikka set"},
-{"id": 2278,
+{"id": 2301,
"keyword": "derive class instances"},
-{"id": 2279,
+{"id": 2302,
"keyword": "efficiently computed"},
-{"id": 2280,
+{"id": 2303,
"keyword": "a_n leq tfrac 1"},
-{"id": 2281,
+{"id": 2304,
"keyword": "polynomial interpolation"},
-{"id": 2282,
+{"id": 2305,
"keyword": "fully automated"},
-{"id": 2283,
+{"id": 2306,
"keyword": "concrete function"},
-{"id": 2284,
+{"id": 2307,
"keyword": "pragmatic reasons"},
-{"id": 2285,
+{"id": 2308,
"keyword": "polytimed systems"},
-{"id": 2286,
+{"id": 2309,
"keyword": "executable program"},
-{"id": 2287,
+{"id": 2310,
"keyword": "pythagoras law"},
-{"id": 2288,
+{"id": 2311,
"keyword": "type safety proof"},
-{"id": 2289,
+{"id": 2312,
"keyword": "verifying security policies"},
-{"id": 2290,
+{"id": 2313,
"keyword": "floating-point modulo function"},
-{"id": 2291,
+{"id": 2314,
"keyword": "chomsky normal form"},
-{"id": 2292,
+{"id": 2315,
"keyword": "effectively harness theorem provers"},
-{"id": 2293,
+{"id": 2316,
"keyword": "data structure"},
-{"id": 2294,
+{"id": 2317,
"keyword": "command"},
-{"id": 2295,
+{"id": 2318,
"keyword": "total"},
-{"id": 2296,
+{"id": 2319,
"keyword": "positional determinacy"},
-{"id": 2297,
+{"id": 2320,
"keyword": "separable characters induced moduli"},
-{"id": 2298,
+{"id": 2321,
"keyword": "inductive predicates"},
-{"id": 2299,
+{"id": 2322,
"keyword": "verification back-ends"},
-{"id": 2300,
+{"id": 2323,
"keyword": "jordan_normal_form afp entry"},
-{"id": 2301,
+{"id": 2324,
"keyword": "all-pairs shortest path problem"},
-{"id": 2302,
+{"id": 2325,
"keyword": "full asymptotic expansion"},
-{"id": 2303,
+{"id": 2326,
"keyword": "lens class"},
-{"id": 2304,
+{"id": 2327,
"keyword": "parameterised process architectures"},
-{"id": 2305,
+{"id": 2328,
"keyword": "shallow embedding manner"},
-{"id": 2306,
+{"id": 2329,
"keyword": "rapidly growing literature"},
-{"id": 2307,
+{"id": 2330,
"keyword": "input processes"},
-{"id": 2308,
+{"id": 2331,
"keyword": "recurrence relation"},
-{"id": 2309,
+{"id": 2332,
"keyword": "modern multiprocessors depend"},
-{"id": 2310,
+{"id": 2333,
"keyword": "input simultaneously"},
-{"id": 2311,
+{"id": 2334,
"keyword": "propositional fragment"},
-{"id": 2312,
+{"id": 2335,
"keyword": "coinductive lists"},
-{"id": 2313,
+{"id": 2336,
"keyword": "number theoretic result"},
-{"id": 2314,
+{"id": 2337,
"keyword": "turing decidability"},
-{"id": 2315,
+{"id": 2338,
"keyword": "refutational completeness"},
-{"id": 2316,
+{"id": 2339,
"keyword": "secure process"},
-{"id": 2317,
+{"id": 2340,
"keyword": "measure preserving transformations"},
-{"id": 2318,
+{"id": 2341,
"keyword": "efficient executable code"},
-{"id": 2319,
+{"id": 2342,
"keyword": "java language architecture"},
-{"id": 2320,
+{"id": 2343,
"keyword": "normal subgroups"},
-{"id": 2321,
+{"id": 2344,
"keyword": "internal equivalences"},
-{"id": 2322,
+{"id": 2345,
"keyword": "extensible minimal imperative fragment"},
-{"id": 2323,
+{"id": 2346,
"keyword": "leitsch lei97"},
-{"id": 2324,
+{"id": 2347,
"keyword": "conditional expressions"},
-{"id": 2325,
+{"id": 2348,
"keyword": "definitional embedding"},
-{"id": 2326,
+{"id": 2349,
"keyword": "constructing sturm sequences efficiently"},
-{"id": 2327,
+{"id": 2350,
"keyword": "finite fourier series"},
-{"id": 2328,
+{"id": 2351,
"keyword": "fixed access frequencies"},
-{"id": 2329,
+{"id": 2352,
"keyword": "hol-multivariate-analysis session"},
-{"id": 2330,
+{"id": 2353,
"keyword": "locale assumptions"},
-{"id": 2331,
+{"id": 2354,
"keyword": "concrete file represented"},
-{"id": 2332,
+{"id": 2355,
"keyword": "polynomial time"},
-{"id": 2333,
+{"id": 2356,
"keyword": "beta_n"},
-{"id": 2334,
+{"id": 2357,
"keyword": "communicating concurrent kleene algebra"},
-{"id": 2335,
+{"id": 2358,
"keyword": "re-usable dfs-based algorithms"},
-{"id": 2336,
+{"id": 2359,
"keyword": "development accompanies"},
-{"id": 2337,
+{"id": 2360,
"keyword": "guarded recursive equations"},
-{"id": 2338,
+{"id": 2361,
"keyword": "general recursion"},
-{"id": 2339,
+{"id": 2362,
"keyword": "easily adapt existing proofs"},
-{"id": 2340,
+{"id": 2363,
"keyword": "world code"},
-{"id": 2341,
+{"id": 2364,
"keyword": "problems"},
-{"id": 2342,
+{"id": 2365,
"keyword": "mapping method"},
-{"id": 2343,
+{"id": 2366,
"keyword": "emphasising local spatial properties"},
-{"id": 2344,
+{"id": 2367,
"keyword": "stronger notion"},
-{"id": 2345,
+{"id": 2368,
"keyword": "tree automata"},
-{"id": 2346,
+{"id": 2369,
"keyword": "automatic theorem prover"},
-{"id": 2347,
-"keyword": "typing rules"},
-{"id": 2348,
-"keyword": "augustin louis cauchy"},
-{"id": 2349,
-"keyword": "traditional proof outlines"},
-{"id": 2350,
-"keyword": "proof terms"},
-{"id": 2351,
-"keyword": "geodesic gromov-hyperbolic space"},
-{"id": 2352,
-"keyword": "order types"},
-{"id": 2353,
-"keyword": "suitable inductive predicate"},
-{"id": 2354,
-"keyword": "developing aspects"},
-{"id": 2355,
-"keyword": "linux netfilter iptables firewall"},
-{"id": 2356,
-"keyword": "ordering properties"},
-{"id": 2357,
-"keyword": "hereditary base 2"},
-{"id": 2358,
-"keyword": "insurance products"},
-{"id": 2359,
-"keyword": "timing functions"},
-{"id": 2360,
-"keyword": "list module"},
-{"id": 2361,
-"keyword": "128bit words"},
-{"id": 2362,
-"keyword": "core theorems"},
-{"id": 2363,
-"keyword": "worker wrapper transformation"},
-{"id": 2364,
-"keyword": "implementation supports set membership"},
-{"id": 2365,
-"keyword": "longest recognized substrings"},
-{"id": 2366,
-"keyword": "initial nonterminal"},
-{"id": 2367,
-"keyword": "insecure channel controlled"},
-{"id": 2368,
-"keyword": "utility functions"},
-{"id": 2369,
-"keyword": "unified view"},
{"id": 2370,
-"keyword": "underlying commented theories"},
+"keyword": "typing rules"},
{"id": 2371,
-"keyword": "software security"},
+"keyword": "augustin louis cauchy"},
{"id": 2372,
-"keyword": "deeply embedded target programs"},
+"keyword": "traditional proof outlines"},
{"id": 2373,
-"keyword": "achieve compositionality"},
+"keyword": "proof terms"},
{"id": 2374,
-"keyword": "type definitions"},
+"keyword": "geodesic gromov-hyperbolic space"},
{"id": 2375,
-"keyword": "priority search tree"},
+"keyword": "order types"},
{"id": 2376,
-"keyword": "complicated derivatives"},
+"keyword": "suitable inductive predicate"},
{"id": 2377,
-"keyword": "resulting bst"},
+"keyword": "developing aspects"},
{"id": 2378,
-"keyword": "decision"},
+"keyword": "linux netfilter iptables firewall"},
{"id": 2379,
-"keyword": "incomparable results"},
+"keyword": "ordering properties"},
{"id": 2380,
-"keyword": "clear formalisation"},
+"keyword": "hereditary base 2"},
{"id": 2381,
-"keyword": "total supremum function"},
+"keyword": "insurance products"},
{"id": 2382,
-"keyword": "extension formally represents"},
+"keyword": "timing functions"},
{"id": 2383,
-"keyword": "normal filters"},
+"keyword": "list module"},
{"id": 2384,
-"keyword": "rob arthan"},
+"keyword": "128bit words"},
{"id": 2385,
-"keyword": "pseudo-bl algebras"},
+"keyword": "core theorems"},
{"id": 2386,
+"keyword": "worker wrapper transformation"},
+{"id": 2387,
+"keyword": "implementation supports set membership"},
+{"id": 2388,
+"keyword": "longest recognized substrings"},
+{"id": 2389,
+"keyword": "initial nonterminal"},
+{"id": 2390,
+"keyword": "insecure channel controlled"},
+{"id": 2391,
+"keyword": "utility functions"},
+{"id": 2392,
+"keyword": "unified view"},
+{"id": 2393,
+"keyword": "underlying commented theories"},
+{"id": 2394,
+"keyword": "software security"},
+{"id": 2395,
+"keyword": "deeply embedded target programs"},
+{"id": 2396,
+"keyword": "achieve compositionality"},
+{"id": 2397,
+"keyword": "type definitions"},
+{"id": 2398,
+"keyword": "priority search tree"},
+{"id": 2399,
+"keyword": "complicated derivatives"},
+{"id": 2400,
+"keyword": "resulting bst"},
+{"id": 2401,
+"keyword": "decision"},
+{"id": 2402,
+"keyword": "incomparable results"},
+{"id": 2403,
+"keyword": "clear formalisation"},
+{"id": 2404,
+"keyword": "total supremum function"},
+{"id": 2405,
+"keyword": "extension formally represents"},
+{"id": 2406,
+"keyword": "normal filters"},
+{"id": 2407,
+"keyword": "rob arthan"},
+{"id": 2408,
+"keyword": "pseudo-bl algebras"},
+{"id": 2409,
"keyword": "purely functional algorithms"},
-{"id": 2387,
+{"id": 2410,
"keyword": "mathematical development"},
-{"id": 2388,
+{"id": 2411,
"keyword": "optimizations heuristics"},
-{"id": 2389,
+{"id": 2412,
"keyword": "borel-measurable random variables"},
-{"id": 2390,
+{"id": 2413,
"keyword": "checkers operate"},
-{"id": 2391,
+{"id": 2414,
"keyword": "short proof"},
-{"id": 2392,
+{"id": 2415,
"keyword": "total correctness based"},
-{"id": 2393,
+{"id": 2416,
"keyword": "real ideal world paradigm"},
-{"id": 2394,
+{"id": 2417,
"keyword": "arbitrary univariate polynomials"},
-{"id": 2395,
+{"id": 2418,
"keyword": "basic framework"},
-{"id": 2396,
+{"id": 2419,
"keyword": "game-based cryptographic security notions"},
-{"id": 2397,
+{"id": 2420,
"keyword": "test strategies"},
-{"id": 2398,
+{"id": 2421,
"keyword": "general solver"},
-{"id": 2399,
+{"id": 2422,
"keyword": "threat models"},
-{"id": 2400,
+{"id": 2423,
"keyword": "fredkin cacm 1960"},
-{"id": 2401,
+{"id": 2424,
"keyword": "induction"},
-{"id": 2402,
+{"id": 2425,
"keyword": "uniform global clock"},
-{"id": 2403,
+{"id": 2426,
"keyword": "mechanical derivation"},
-{"id": 2404,
+{"id": 2427,
"keyword": "proof sketch"},
-{"id": 2405,
+{"id": 2428,
"keyword": "55th theorem"},
-{"id": 2406,
+{"id": 2429,
"keyword": "specific instantiations"},
-{"id": 2407,
+{"id": 2430,
"keyword": "infinite iteration"},
-{"id": 2408,
+{"id": 2431,
"keyword": "parameterized verification framework"},
-{"id": 2409,
+{"id": 2432,
"keyword": "probabilistic noninterference"},
-{"id": 2410,
+{"id": 2433,
"keyword": "prior non-mechanized soundness proofs"},
-{"id": 2411,
+{"id": 2434,
"keyword": "planning system fast-downward"},
-{"id": 2412,
+{"id": 2435,
"keyword": "total store order"},
-{"id": 2413,
+{"id": 2436,
"keyword": "type system"},
-{"id": 2414,
+{"id": 2437,
"keyword": "verifythis competition series"},
-{"id": 2415,
+{"id": 2438,
"keyword": "cartesian categories"},
-{"id": 2416,
+{"id": 2439,
"keyword": "direct product"},
-{"id": 2417,
+{"id": 2440,
"keyword": "special case"},
-{"id": 2418,
+{"id": 2441,
"keyword": "free boolean algebra"},
-{"id": 2419,
+{"id": 2442,
"keyword": "static interprocedural slicing"},
-{"id": 2420,
+{"id": 2443,
"keyword": "connected open set"},
-{"id": 2421,
+{"id": 2444,
"keyword": "building"},
-{"id": 2422,
+{"id": 2445,
"keyword": "meet schneider"},
-{"id": 2423,
+{"id": 2446,
"keyword": "dynamic context"},
-{"id": 2424,
+{"id": 2447,
"keyword": "coherence theorem"},
-{"id": 2425,
+{"id": 2448,
"keyword": "set categories"},
-{"id": 2426,
+{"id": 2449,
"keyword": "step functions"},
-{"id": 2427,
+{"id": 2450,
"keyword": "practical interoperability protocol"},
-{"id": 2428,
+{"id": 2451,
"keyword": "general purpose data structure"},
-{"id": 2429,
+{"id": 2452,
"keyword": "proof method"},
-{"id": 2430,
+{"id": 2453,
"keyword": "diophantine approximations"},
-{"id": 2431,
-"keyword": "identifies posix"},
-{"id": 2432,
-"keyword": "factor polynomials"},
-{"id": 2433,
-"keyword": "success probability"},
-{"id": 2434,
-"keyword": "concrete sigma-protocols"},
-{"id": 2435,
-"keyword": "expand stone relation algebras"},
-{"id": 2436,
-"keyword": "effectively executable"},
-{"id": 2437,
-"keyword": "mechanising proofs"},
-{"id": 2438,
-"keyword": "partial orders"},
-{"id": 2439,
-"keyword": "mdp model checking"},
-{"id": 2440,
-"keyword": "providing stronger guarantees"},
-{"id": 2441,
-"keyword": "lambda calculus"},
-{"id": 2442,
-"keyword": "element set"},
-{"id": 2443,
-"keyword": "landmark theorem due"},
-{"id": 2444,
-"keyword": "classic quantifier elimination"},
-{"id": 2445,
-"keyword": "game-based definitions"},
-{"id": 2446,
-"keyword": "natural-language explanations"},
-{"id": 2447,
-"keyword": "large transitive closures"},
-{"id": 2448,
-"keyword": "static openflow rules"},
-{"id": 2449,
-"keyword": "default instantiation"},
-{"id": 2450,
-"keyword": "mentioned properties"},
-{"id": 2451,
-"keyword": "verify truth tables"},
-{"id": 2452,
-"keyword": "substructural logics"},
-{"id": 2453,
-"keyword": "standard algorithms textbooks"},
{"id": 2454,
-"keyword": "key value-pairs"},
+"keyword": "identifies posix"},
{"id": 2455,
-"keyword": "machine checked proofs"},
+"keyword": "factor polynomials"},
{"id": 2456,
-"keyword": "kleene star arise"},
+"keyword": "success probability"},
{"id": 2457,
-"keyword": "formally verified implementation"},
+"keyword": "concrete sigma-protocols"},
{"id": 2458,
-"keyword": "autonomous systems"},
+"keyword": "expand stone relation algebras"},
{"id": 2459,
-"keyword": "implementation mixes"},
+"keyword": "effectively executable"},
{"id": 2460,
-"keyword": "slightly advanced properties"},
+"keyword": "mechanising proofs"},
{"id": 2461,
-"keyword": "discussion logs"},
+"keyword": "partial orders"},
{"id": 2462,
-"keyword": "generic imperative language embedded"},
+"keyword": "mdp model checking"},
{"id": 2463,
-"keyword": "basic path manipulation rules"},
+"keyword": "providing stronger guarantees"},
{"id": 2464,
-"keyword": "fully automatic tools"},
+"keyword": "lambda calculus"},
{"id": 2465,
-"keyword": "distinct network nodes"},
+"keyword": "element set"},
{"id": 2466,
-"keyword": "triangle"},
+"keyword": "landmark theorem due"},
{"id": 2467,
-"keyword": "plotkin existential"},
+"keyword": "classic quantifier elimination"},
{"id": 2468,
-"keyword": "feature nice mathematical properties"},
+"keyword": "game-based definitions"},
{"id": 2469,
-"keyword": "macaulay matrix"},
+"keyword": "natural-language explanations"},
{"id": 2470,
-"keyword": "boolean algebras generalise"},
+"keyword": "large transitive closures"},
{"id": 2471,
-"keyword": "upf emphasizes"},
+"keyword": "static openflow rules"},
{"id": 2472,
-"keyword": "reasonable efficiency"},
+"keyword": "default instantiation"},
{"id": 2473,
-"keyword": "explicit syntactic form"},
+"keyword": "mentioned properties"},
{"id": 2474,
-"keyword": "type inference rules"},
+"keyword": "verify truth tables"},
{"id": 2475,
-"keyword": "calculus immediately implies"},
+"keyword": "substructural logics"},
{"id": 2476,
-"keyword": "underlying theory"},
+"keyword": "standard algorithms textbooks"},
{"id": 2477,
-"keyword": "individual components"},
+"keyword": "key value-pairs"},
{"id": 2478,
-"keyword": "descartes test returns 0"},
+"keyword": "machine checked proofs"},
{"id": 2479,
-"keyword": "divided differences"},
+"keyword": "kleene star arise"},
{"id": 2480,
-"keyword": "model existence theorem"},
+"keyword": "formally verified implementation"},
{"id": 2481,
-"keyword": "executable denotational semantics"},
+"keyword": "autonomous systems"},
{"id": 2482,
-"keyword": "wireless mesh network"},
+"keyword": "implementation mixes"},
{"id": 2483,
-"keyword": "monotonic property transformers"},
+"keyword": "slightly advanced properties"},
{"id": 2484,
-"keyword": "prefix match"},
+"keyword": "discussion logs"},
{"id": 2485,
-"keyword": "analytic proof"},
+"keyword": "generic imperative language embedded"},
{"id": 2486,
-"keyword": "safe distance"},
+"keyword": "basic path manipulation rules"},
{"id": 2487,
-"keyword": "existing implementation"},
+"keyword": "fully automatic tools"},
{"id": 2488,
-"keyword": "natural logarithm"},
+"keyword": "distinct network nodes"},
{"id": 2489,
-"keyword": "automatically transferable"},
+"keyword": "triangle"},
{"id": 2490,
-"keyword": "oopsla 2006 paper"},
+"keyword": "plotkin existential"},
{"id": 2491,
-"keyword": "modern environment"},
+"keyword": "feature nice mathematical properties"},
{"id": 2492,
-"keyword": "dynamic architectures"},
+"keyword": "macaulay matrix"},
{"id": 2493,
-"keyword": "simulate minsky machines"},
+"keyword": "boolean algebras generalise"},
{"id": 2494,
-"keyword": "binomial heaps"},
+"keyword": "upf emphasizes"},
{"id": 2495,
-"keyword": "classifies topological spaces"},
+"keyword": "reasonable efficiency"},
{"id": 2496,
-"keyword": "partial meet contraction"},
+"keyword": "explicit syntactic form"},
{"id": 2497,
-"keyword": "standard signature algorithm"},
+"keyword": "type inference rules"},
{"id": 2498,
-"keyword": "selection functions"},
+"keyword": "calculus immediately implies"},
{"id": 2499,
-"keyword": "peano arithmetic"},
+"keyword": "underlying theory"},
{"id": 2500,
-"keyword": "fully formally verified"},
+"keyword": "individual components"},
{"id": 2501,
-"keyword": "files"},
+"keyword": "descartes test returns 0"},
{"id": 2502,
-"keyword": "automated reasoning 52"},
+"keyword": "divided differences"},
{"id": 2503,
-"keyword": "involves extensive reasoning"},
+"keyword": "model existence theorem"},
{"id": 2504,
-"keyword": "pointwise updates"},
+"keyword": "executable denotational semantics"},
{"id": 2505,
-"keyword": "category theory"},
+"keyword": "wireless mesh network"},
{"id": 2506,
-"keyword": "vector fields"},
+"keyword": "monotonic property transformers"},
{"id": 2507,
-"keyword": "direct mathematical model"},
+"keyword": "prefix match"},
{"id": 2508,
-"keyword": "group generated"},
+"keyword": "analytic proof"},
{"id": 2509,
-"keyword": "interesting format"},
+"keyword": "safe distance"},
{"id": 2510,
-"keyword": "random element"},
+"keyword": "existing implementation"},
{"id": 2511,
-"keyword": "simple imperative language"},
+"keyword": "natural logarithm"},
{"id": 2512,
-"keyword": "modal kleene algebra"},
+"keyword": "automatically transferable"},
{"id": 2513,
-"keyword": "arbitrary fields"},
+"keyword": "oopsla 2006 paper"},
{"id": 2514,
-"keyword": "roger lipsett"},
+"keyword": "modern environment"},
{"id": 2515,
-"keyword": "probabilistic system types"},
+"keyword": "dynamic architectures"},
{"id": 2516,
-"keyword": "existing pen-and-paper proof"},
+"keyword": "simulate minsky machines"},
{"id": 2517,
-"keyword": "working mathematician"},
+"keyword": "binomial heaps"},
{"id": 2518,
-"keyword": "squarefree integers"},
+"keyword": "classifies topological spaces"},
{"id": 2519,
-"keyword": "heap property"},
+"keyword": "partial meet contraction"},
{"id": 2520,
-"keyword": "beautiful result"},
+"keyword": "standard signature algorithm"},
{"id": 2521,
-"keyword": "factorisation algorithm"},
+"keyword": "selection functions"},
{"id": 2522,
-"keyword": "simple techniques"},
+"keyword": "peano arithmetic"},
{"id": 2523,
+"keyword": "fully formally verified"},
+{"id": 2524,
+"keyword": "files"},
+{"id": 2525,
+"keyword": "automated reasoning 52"},
+{"id": 2526,
+"keyword": "involves extensive reasoning"},
+{"id": 2527,
+"keyword": "pointwise updates"},
+{"id": 2528,
+"keyword": "category theory"},
+{"id": 2529,
+"keyword": "vector fields"},
+{"id": 2530,
+"keyword": "direct mathematical model"},
+{"id": 2531,
+"keyword": "group generated"},
+{"id": 2532,
+"keyword": "interesting format"},
+{"id": 2533,
+"keyword": "random element"},
+{"id": 2534,
+"keyword": "simple imperative language"},
+{"id": 2535,
+"keyword": "modal kleene algebra"},
+{"id": 2536,
+"keyword": "arbitrary fields"},
+{"id": 2537,
+"keyword": "roger lipsett"},
+{"id": 2538,
+"keyword": "probabilistic system types"},
+{"id": 2539,
+"keyword": "existing pen-and-paper proof"},
+{"id": 2540,
+"keyword": "working mathematician"},
+{"id": 2541,
+"keyword": "squarefree integers"},
+{"id": 2542,
+"keyword": "heap property"},
+{"id": 2543,
+"keyword": "beautiful result"},
+{"id": 2544,
+"keyword": "factorisation algorithm"},
+{"id": 2545,
+"keyword": "simple techniques"},
+{"id": 2546,
"keyword": "arbitrary natural sets"},
-{"id": 2524,
+{"id": 2547,
"keyword": "christoph benzm uuml"},
-{"id": 2525,
+{"id": 2548,
"keyword": "combinable wand"},
-{"id": 2526,
+{"id": 2549,
"keyword": "failure-prone environments"},
-{"id": 2527,
+{"id": 2550,
"keyword": "abstract cryptography"},
-{"id": 2528,
+{"id": 2551,
"keyword": "simpler secure processes"},
-{"id": 2529,
+{"id": 2552,
"keyword": "sim sqrt 2 pi"},
-{"id": 2530,
+{"id": 2553,
"keyword": "rigorous polynomial approximation"},
-{"id": 2531,
+{"id": 2554,
"keyword": "cardinality facts relevant"},
-{"id": 2532,
+{"id": 2555,
"keyword": "source-to-assembly step matching"},
-{"id": 2533,
+{"id": 2556,
"keyword": "lambda-calculus"},
-{"id": 2534,
+{"id": 2557,
"keyword": "fundamental theorem"},
-{"id": 2535,
+{"id": 2558,
"keyword": "routing table entry"},
-{"id": 2536,
+{"id": 2559,
"keyword": "called object constraint language"},
-{"id": 2537,
+{"id": 2560,
"keyword": "logically safe"},
-{"id": 2538,
+{"id": 2561,
"keyword": "non-relational reasoning"},
-{"id": 2539,
+{"id": 2562,
"keyword": "intuitive combinatorial proof"},
-{"id": 2540,
+{"id": 2563,
"keyword": "tphols 2008 paper"},
-{"id": 2541,
+{"id": 2564,
"keyword": "floyd-warshall algorithm"},
-{"id": 2542,
+{"id": 2565,
"keyword": "single event list varying"},
-{"id": 2543,
+{"id": 2566,
"keyword": "church-encoded representation"},
-{"id": 2544,
+{"id": 2567,
"keyword": "recursive inseparability"},
-{"id": 2545,
+{"id": 2568,
"keyword": "hierarchical transactions"},
-{"id": 2546,
+{"id": 2569,
"keyword": "low-degree polynomials"},
-{"id": 2547,
+{"id": 2570,
"keyword": "declaring nominal datatypes"},
-{"id": 2548,
+{"id": 2571,
"keyword": "widening operation"},
-{"id": 2549,
+{"id": 2572,
+"keyword": "full permission"},
+{"id": 2573,
"keyword": "weak preferences"},
-{"id": 2550,
+{"id": 2574,
"keyword": "generic theory"},
-{"id": 2551,
+{"id": 2575,
"keyword": "ocl specification"},
-{"id": 2552,
+{"id": 2576,
"keyword": "original expression"},
-{"id": 2553,
+{"id": 2577,
"keyword": "euler trails"},
-{"id": 2554,
+{"id": 2578,
"keyword": "mutually recursive functions"},
-{"id": 2555,
+{"id": 2579,
"keyword": "isomorphisms results"},
-{"id": 2556,
-"keyword": "hol light development"},
-{"id": 2557,
-"keyword": "numerical algorithms"},
-{"id": 2558,
-"keyword": "special form"},
-{"id": 2559,
-"keyword": "upcoming entry iptables semantics"},
-{"id": 2560,
-"keyword": "x86-64 assembly instructions"},
-{"id": 2561,
-"keyword": "great body"},
-{"id": 2562,
-"keyword": "sliced graph"},
-{"id": 2563,
-"keyword": "function zeta"},
-{"id": 2564,
-"keyword": "van der waerden"},
-{"id": 2565,
-"keyword": "pretty printing"},
-{"id": 2566,
-"keyword": "memory model"},
-{"id": 2567,
-"keyword": "directly inspired"},
-{"id": 2568,
-"keyword": "phi functions"},
-{"id": 2569,
-"keyword": "security configuration actual firewall"},
-{"id": 2570,
-"keyword": "knuth bendix orders"},
-{"id": 2571,
-"keyword": "belief change"},
-{"id": 2572,
-"keyword": "arctic interpretations"},
-{"id": 2573,
-"keyword": "bounded operators"},
-{"id": 2574,
-"keyword": "harm security"},
-{"id": 2575,
-"keyword": "separate afp entries goedel_hfset_semantic"},
-{"id": 2576,
-"keyword": "frequency moment"},
-{"id": 2577,
-"keyword": "arbitrary network topologies"},
-{"id": 2578,
-"keyword": "theorem implies combinatorial planarity"},
-{"id": 2579,
-"keyword": "expected internal path length"},
{"id": 2580,
-"keyword": "stronger version"},
+"keyword": "hol light development"},
{"id": 2581,
-"keyword": "solving linear programs"},
+"keyword": "numerical algorithms"},
{"id": 2582,
-"keyword": "entry formally"},
+"keyword": "special form"},
{"id": 2583,
-"keyword": "discrete summation"},
+"keyword": "upcoming entry iptables semantics"},
{"id": 2584,
-"keyword": "compact intervals"},
+"keyword": "x86-64 assembly instructions"},
{"id": 2585,
-"keyword": "complexity low"},
+"keyword": "great body"},
{"id": 2586,
-"keyword": "source type"},
+"keyword": "sliced graph"},
{"id": 2587,
-"keyword": "meaningless encodings"},
+"keyword": "function zeta"},
{"id": 2588,
-"keyword": "yielding dynamic programming algorithms"},
+"keyword": "van der waerden"},
{"id": 2589,
-"keyword": "hol formalization builds"},
+"keyword": "pretty printing"},
{"id": 2590,
-"keyword": "abstract separation algebra"},
+"keyword": "memory model"},
{"id": 2591,
-"keyword": "handle changing beliefs"},
+"keyword": "directly inspired"},
{"id": 2592,
-"keyword": "exploiting type classes"},
+"keyword": "phi functions"},
{"id": 2593,
-"keyword": "linear programs"},
+"keyword": "security configuration actual firewall"},
{"id": 2594,
-"keyword": "hol proof assistant"},
+"keyword": "knuth bendix orders"},
{"id": 2595,
-"keyword": "current monolithic protocols"},
+"keyword": "belief change"},
{"id": 2596,
-"keyword": "partial correctness"},
+"keyword": "arctic interpretations"},
{"id": 2597,
-"keyword": "finite collection"},
+"keyword": "bounded operators"},
{"id": 2598,
-"keyword": "manipulating data types"},
+"keyword": "harm security"},
{"id": 2599,
-"keyword": "library base"},
+"keyword": "separate afp entries goedel_hfset_semantic"},
{"id": 2600,
-"keyword": "sophisticated object-oriented bytecode language"},
+"keyword": "frequency moment"},
{"id": 2601,
-"keyword": "probable hidden state sequence"},
+"keyword": "arbitrary network topologies"},
{"id": 2602,
-"keyword": "finger tree"},
+"keyword": "theorem implies combinatorial planarity"},
{"id": 2603,
-"keyword": "optimality equations"},
+"keyword": "expected internal path length"},
{"id": 2604,
-"keyword": "latin square"},
+"keyword": "stronger version"},
{"id": 2605,
-"keyword": "combine classical reasoning"},
+"keyword": "solving linear programs"},
{"id": 2606,
-"keyword": "relevant proof methods"},
+"keyword": "entry formally"},
{"id": 2607,
+"keyword": "discrete summation"},
+{"id": 2608,
+"keyword": "compact intervals"},
+{"id": 2609,
+"keyword": "complexity low"},
+{"id": 2610,
+"keyword": "source type"},
+{"id": 2611,
+"keyword": "meaningless encodings"},
+{"id": 2612,
+"keyword": "yielding dynamic programming algorithms"},
+{"id": 2613,
+"keyword": "hol formalization builds"},
+{"id": 2614,
+"keyword": "abstract separation algebra"},
+{"id": 2615,
+"keyword": "handle changing beliefs"},
+{"id": 2616,
+"keyword": "exploiting type classes"},
+{"id": 2617,
+"keyword": "linear programs"},
+{"id": 2618,
+"keyword": "hol proof assistant"},
+{"id": 2619,
+"keyword": "current monolithic protocols"},
+{"id": 2620,
+"keyword": "partial correctness"},
+{"id": 2621,
+"keyword": "finite collection"},
+{"id": 2622,
+"keyword": "manipulating data types"},
+{"id": 2623,
+"keyword": "library base"},
+{"id": 2624,
+"keyword": "sophisticated object-oriented bytecode language"},
+{"id": 2625,
+"keyword": "probable hidden state sequence"},
+{"id": 2626,
+"keyword": "finger tree"},
+{"id": 2627,
+"keyword": "optimality equations"},
+{"id": 2628,
+"keyword": "latin square"},
+{"id": 2629,
+"keyword": "combine classical reasoning"},
+{"id": 2630,
+"keyword": "relevant proof methods"},
+{"id": 2631,
"keyword": "magic wand formula"},
-{"id": 2608,
+{"id": 2632,
"keyword": "complete formalization"},
-{"id": 2609,
+{"id": 2633,
"keyword": "purely syntactic normalisation procedure"},
-{"id": 2610,
+{"id": 2634,
"keyword": "generic algorithm"},
-{"id": 2611,
+{"id": 2635,
"keyword": "formalizations differ mathematically"},
-{"id": 2612,
+{"id": 2636,
"keyword": "computing dominators"},
-{"id": 2613,
+{"id": 2637,
"keyword": "relational constructors"},
-{"id": 2614,
+{"id": 2638,
"keyword": "simplicial complexes"},
-{"id": 2615,
+{"id": 2639,
"keyword": "induction principle"},
-{"id": 2616,
+{"id": 2640,
"keyword": "correct binomial heaps"},
-{"id": 2617,
+{"id": 2641,
"keyword": "information flow security"},
-{"id": 2618,
+{"id": 2642,
"keyword": "basic concepts"},
-{"id": 2619,
+{"id": 2643,
"keyword": "present formalisation formed"},
-{"id": 2620,
+{"id": 2644,
"keyword": "significant piece"},
-{"id": 2621,
+{"id": 2645,
"keyword": "safe regression test selection"},
-{"id": 2622,
+{"id": 2646,
"keyword": "internal path length"},
-{"id": 2623,
+{"id": 2647,
"keyword": "avoid cascading linking"},
-{"id": 2624,
+{"id": 2648,
"keyword": "dirichlet l-functions"},
-{"id": 2625,
+{"id": 2649,
"keyword": "interactive proof assistant"},
-{"id": 2626,
+{"id": 2650,
"keyword": "article added additional material"},
-{"id": 2627,
+{"id": 2651,
"keyword": "shadow tree"},
-{"id": 2628,
+{"id": 2652,
"keyword": "prime number"},
-{"id": 2629,
+{"id": 2653,
"keyword": "representation independence"},
-{"id": 2630,
+{"id": 2654,
"keyword": "landau symbol"},
-{"id": 2631,
+{"id": 2655,
"keyword": "essentially follow"},
-{"id": 2632,
+{"id": 2656,
"keyword": "additively idempotent semirings"},
-{"id": 2633,
+{"id": 2657,
"keyword": "complex unknowns x1"},
-{"id": 2634,
+{"id": 2658,
"keyword": "byzantine fault-tolerant clock synchronization"},
-{"id": 2635,
+{"id": 2659,
"keyword": "closely follow"},
-{"id": 2636,
+{"id": 2660,
"keyword": "shaz qadeer"},
-{"id": 2637,
+{"id": 2661,
"keyword": "complex systems involves"},
-{"id": 2638,
+{"id": 2662,
"keyword": "solving equational systems"},
-{"id": 2639,
+{"id": 2663,
"keyword": "safe ocl typing rules"},
-{"id": 2640,
+{"id": 2664,
"keyword": "delta system lemma sessions"},
-{"id": 2641,
+{"id": 2665,
"keyword": "theorem due"},
-{"id": 2642,
+{"id": 2666,
"keyword": "temporal order"},
-{"id": 2643,
+{"id": 2667,
"keyword": "infrastructure previously"},
-{"id": 2644,
+{"id": 2668,
"keyword": "specification holds"},
-{"id": 2645,
+{"id": 2669,
"keyword": "skew links"},
-{"id": 2646,
+{"id": 2670,
"keyword": "transactional memory"},
-{"id": 2647,
+{"id": 2671,
"keyword": "unique squarefree decomposition"},
-{"id": 2648,
+{"id": 2672,
+"keyword": "abstract soundness"},
+{"id": 2673,
"keyword": "beta_1"},
-{"id": 2649,
+{"id": 2674,
"keyword": "discrete stochastic dynamic programming"},
-{"id": 2650,
+{"id": 2675,
"keyword": "highly modular"},
-{"id": 2651,
+{"id": 2676,
"keyword": "transcendental numbers"},
-{"id": 2652,
+{"id": 2677,
"keyword": "extra assumptions"},
-{"id": 2653,
+{"id": 2678,
"keyword": "fully json compliant"},
-{"id": 2654,
+{"id": 2679,
"keyword": "instantiation draws heavily"},
-{"id": 2655,
+{"id": 2680,
"keyword": "stuttering equivalence afp-entry"},
-{"id": 2656,
+{"id": 2681,
"keyword": "incompleteness theorem"},
-{"id": 2657,
+{"id": 2682,
"keyword": "general form"},
-{"id": 2658,
+{"id": 2683,
"keyword": "coarse-grained semantics"},
-{"id": 2659,
+{"id": 2684,
"keyword": "early result"},
-{"id": 2660,
+{"id": 2685,
"keyword": "core dom"},
-{"id": 2661,
+{"id": 2686,
"keyword": "trace set processes"},
-{"id": 2662,
+{"id": 2687,
"keyword": "theorem applying"},
-{"id": 2663,
+{"id": 2688,
"keyword": "present polished"},
-{"id": 2664,
+{"id": 2689,
"keyword": "graph representation"},
-{"id": 2665,
+{"id": 2690,
"keyword": "large number"},
-{"id": 2666,
+{"id": 2691,
"keyword": "classical propositional logic"},
-{"id": 2667,
+{"id": 2692,
"keyword": "context-free grammar"},
-{"id": 2668,
+{"id": 2693,
"keyword": "lee cl73"},
-{"id": 2669,
+{"id": 2694,
"keyword": "security invariants hold"},
-{"id": 2670,
+{"id": 2695,
"keyword": "simple programming language"},
-{"id": 2671,
+{"id": 2696,
"keyword": "gibbard-satterthwaite theorem"},
-{"id": 2672,
+{"id": 2697,
"keyword": "compcertssa project"},
-{"id": 2673,
+{"id": 2698,
"keyword": "linear upper bound"},
-{"id": 2674,
+{"id": 2699,
"keyword": "formula mdp ta pta"},
-{"id": 2675,
+{"id": 2700,
"keyword": "quantic nuclei"},
-{"id": 2676,
+{"id": 2701,
"keyword": "non-deterministic interpreter"},
-{"id": 2677,
+{"id": 2702,
"keyword": "embedding path order"},
-{"id": 2678,
+{"id": 2703,
"keyword": "convergence rate"},
-{"id": 2679,
+{"id": 2704,
"keyword": "textbook types"},
-{"id": 2680,
+{"id": 2705,
"keyword": "discrete financial models"},
-{"id": 2681,
+{"id": 2706,
"keyword": "wireless networks"},
-{"id": 2682,
-"keyword": "mechanical theorem proving"},
-{"id": 2683,
-"keyword": "jan kretinsky proposed"},
-{"id": 2684,
-"keyword": "infinite subset"},
-{"id": 2685,
-"keyword": "reflection-based decision procedure"},
-{"id": 2686,
-"keyword": "int_0 infty b_n"},
-{"id": 2687,
-"keyword": "general cost functions"},
-{"id": 2688,
-"keyword": "ch research verifythis"},
-{"id": 2689,
-"keyword": "prim"},
-{"id": 2690,
-"keyword": "sparcv8 instruction set architecture"},
-{"id": 2691,
-"keyword": "ordered bdd"},
-{"id": 2692,
-"keyword": "incorporate smoothly"},
-{"id": 2693,
-"keyword": "java interactive verification environment"},
-{"id": 2694,
-"keyword": "time complexity bound"},
-{"id": 2695,
-"keyword": "rules controls"},
-{"id": 2696,
-"keyword": "theorem prover"},
-{"id": 2697,
-"keyword": "decrease efficiency"},
-{"id": 2698,
-"keyword": "separation algebra"},
-{"id": 2699,
-"keyword": "refined version"},
-{"id": 2700,
-"keyword": "facts involving algebraic laws"},
-{"id": 2701,
-"keyword": "indefinitely long sequence"},
-{"id": 2702,
-"keyword": "fundamental objects"},
-{"id": 2703,
-"keyword": "open induction schema based"},
-{"id": 2704,
-"keyword": "dependent choices"},
-{"id": 2705,
-"keyword": "temporal operators"},
-{"id": 2706,
-"keyword": "obtain concrete upper bounds"},
{"id": 2707,
-"keyword": "verify spoofing protection"},
+"keyword": "mechanical theorem proving"},
{"id": 2708,
-"keyword": "significantly worse"},
+"keyword": "jan kretinsky proposed"},
{"id": 2709,
-"keyword": "type class functions"},
+"keyword": "infinite subset"},
{"id": 2710,
-"keyword": "common format"},
+"keyword": "reflection-based decision procedure"},
{"id": 2711,
-"keyword": "guarantee condition"},
+"keyword": "int_0 infty b_n"},
{"id": 2712,
-"keyword": "fairly rudimentary"},
+"keyword": "general cost functions"},
{"id": 2713,
-"keyword": "relation reduces"},
+"keyword": "ch research verifythis"},
{"id": 2714,
-"keyword": "petersen aplas 2012"},
+"keyword": "prim"},
{"id": 2715,
-"keyword": "strips soundness meta-theory"},
+"keyword": "sparcv8 instruction set architecture"},
{"id": 2716,
-"keyword": "code"},
+"keyword": "ordered bdd"},
{"id": 2717,
-"keyword": "popular theorems attributed"},
+"keyword": "incorporate smoothly"},
{"id": 2718,
-"keyword": "puzzle"},
+"keyword": "java interactive verification environment"},
{"id": 2719,
-"keyword": "registering automatic methods"},
+"keyword": "time complexity bound"},
{"id": 2720,
-"keyword": "executable monitor"},
+"keyword": "rules controls"},
{"id": 2721,
-"keyword": "cryptographic operators"},
+"keyword": "theorem prover"},
{"id": 2722,
-"keyword": "previous berlekamp zassenhaus development"},
+"keyword": "decrease efficiency"},
{"id": 2723,
+"keyword": "separation algebra"},
+{"id": 2724,
+"keyword": "refined version"},
+{"id": 2725,
+"keyword": "facts involving algebraic laws"},
+{"id": 2726,
+"keyword": "indefinitely long sequence"},
+{"id": 2727,
+"keyword": "fundamental objects"},
+{"id": 2728,
+"keyword": "open induction schema based"},
+{"id": 2729,
+"keyword": "dependent choices"},
+{"id": 2730,
+"keyword": "temporal operators"},
+{"id": 2731,
+"keyword": "obtain concrete upper bounds"},
+{"id": 2732,
+"keyword": "verify spoofing protection"},
+{"id": 2733,
+"keyword": "significantly worse"},
+{"id": 2734,
+"keyword": "type class functions"},
+{"id": 2735,
+"keyword": "common format"},
+{"id": 2736,
+"keyword": "guarantee condition"},
+{"id": 2737,
+"keyword": "fairly rudimentary"},
+{"id": 2738,
+"keyword": "relation reduces"},
+{"id": 2739,
+"keyword": "petersen aplas 2012"},
+{"id": 2740,
+"keyword": "strips soundness meta-theory"},
+{"id": 2741,
+"keyword": "code"},
+{"id": 2742,
+"keyword": "popular theorems attributed"},
+{"id": 2743,
+"keyword": "puzzle"},
+{"id": 2744,
+"keyword": "registering automatic methods"},
+{"id": 2745,
+"keyword": "executable monitor"},
+{"id": 2746,
+"keyword": "cryptographic operators"},
+{"id": 2747,
+"keyword": "previous berlekamp zassenhaus development"},
+{"id": 2748,
"keyword": "paraconsistent many-"},
-{"id": 2724,
+{"id": 2749,
"keyword": "extended complex plane"},
-{"id": 2725,
+{"id": 2750,
"keyword": "non-deterministic buechi-automaton"},
-{"id": 2726,
+{"id": 2751,
"keyword": "x1j hellip"},
-{"id": 2727,
+{"id": 2752,
"keyword": "simplex algorithm"},
-{"id": 2728,
+{"id": 2753,
"keyword": "higher order logic"},
-{"id": 2729,
+{"id": 2754,
"keyword": "reachable nodes"},
-{"id": 2730,
+{"id": 2755,
"keyword": "classical theorem stating"},
-{"id": 2731,
+{"id": 2756,
"keyword": "basic part"},
-{"id": 2732,
+{"id": 2757,
"keyword": "book concrete semantics"},
-{"id": 2733,
+{"id": 2758,
"keyword": "concern geometry"},
-{"id": 2734,
+{"id": 2759,
"keyword": "nnf-based algorithms"},
-{"id": 2735,
+{"id": 2760,
"keyword": "de bruijn index-based syntax"},
-{"id": 2736,
+{"id": 2761,
"keyword": "destination ip space"},
-{"id": 2737,
+{"id": 2762,
"keyword": "floating-point computation"},
-{"id": 2738,
+{"id": 2763,
"keyword": "secure auto-completion"},
-{"id": 2739,
+{"id": 2764,
"keyword": "generating function equivalence proof"},
-{"id": 2740,
+{"id": 2765,
"keyword": "random serial dictatorship"},
-{"id": 2741,
+{"id": 2766,
"keyword": "metaphysical theory"},
-{"id": 2742,
+{"id": 2767,
"keyword": "theorems stated"},
-{"id": 2743,
+{"id": 2768,
"keyword": "32-bit signed word"},
-{"id": 2744,
+{"id": 2769,
"keyword": "flowgraph-based program model"},
-{"id": 2745,
+{"id": 2770,
"keyword": "multiple positions"},
-{"id": 2746,
+{"id": 2771,
"keyword": "non-strict function abstractions"},
-{"id": 2747,
+{"id": 2772,
"keyword": "information-flow security applicable"},
-{"id": 2748,
+{"id": 2773,
"keyword": "party cryptographic primitives"},
-{"id": 2749,
+{"id": 2774,
"keyword": "lattice supremum providing"},
-{"id": 2750,
+{"id": 2775,
"keyword": "additional theorems"},
-{"id": 2751,
+{"id": 2776,
"keyword": "output port"},
-{"id": 2752,
+{"id": 2777,
"keyword": "verify algorithms"},
-{"id": 2753,
+{"id": 2778,
"keyword": "covers algebraic reasoning"},
-{"id": 2754,
+{"id": 2779,
"keyword": "interleaves"},
-{"id": 2755,
+{"id": 2780,
"keyword": "tree decomposition"},
-{"id": 2756,
+{"id": 2781,
"keyword": "framework features"},
-{"id": 2757,
+{"id": 2782,
"keyword": "quantities induces congruences"},
-{"id": 2758,
+{"id": 2783,
"keyword": "type constructors"},
-{"id": 2759,
+{"id": 2784,
"keyword": "outsourcing data storage"},
-{"id": 2760,
+{"id": 2785,
"keyword": "theoretical evidence"},
-{"id": 2761,
+{"id": 2786,
"keyword": "finite infinite lists"},
-{"id": 2762,
+{"id": 2787,
"keyword": "finite state markov chains"},
-{"id": 2763,
+{"id": 2788,
"keyword": "thematic section"},
-{"id": 2764,
+{"id": 2789,
"keyword": "definite descriptions"},
-{"id": 2765,
+{"id": 2790,
"keyword": "natural question"},
-{"id": 2766,
-"keyword": "term shallow-style embedding"},
-{"id": 2767,
-"keyword": "co-closure operators"},
-{"id": 2768,
-"keyword": "uninterpreted functions"},
-{"id": 2769,
-"keyword": "formal development"},
-{"id": 2770,
-"keyword": "fft algorithm"},
-{"id": 2771,
-"keyword": "rank-nullity theorem roughly follow"},
-{"id": 2772,
-"keyword": "lens classes"},
-{"id": 2773,
-"keyword": "state sigma iff"},
-{"id": 2774,
-"keyword": "invariant based programs"},
-{"id": 2775,
-"keyword": "types int"},
-{"id": 2776,
-"keyword": "crucial ingredient"},
-{"id": 2777,
-"keyword": "program executions based"},
-{"id": 2778,
-"keyword": "single permanent failure"},
-{"id": 2779,
-"keyword": "lyndon words"},
-{"id": 2780,
-"keyword": "equational reasoning"},
-{"id": 2781,
-"keyword": "operation results"},
-{"id": 2782,
-"keyword": "ontological argument"},
-{"id": 2783,
-"keyword": "decision procedure"},
-{"id": 2784,
-"keyword": "enforcing exclusive writes"},
-{"id": 2785,
-"keyword": "main entry point"},
-{"id": 2786,
-"keyword": "showcase haskell"},
-{"id": 2787,
-"keyword": "domain operation"},
-{"id": 2788,
-"keyword": "fixed service"},
-{"id": 2789,
-"keyword": "case study"},
-{"id": 2790,
-"keyword": "basic concepts cartesian products"},
{"id": 2791,
-"keyword": "refinement theorem"},
+"keyword": "term shallow-style embedding"},
{"id": 2792,
-"keyword": "consistent sign assignments"},
+"keyword": "co-closure operators"},
{"id": 2793,
-"keyword": "object logic"},
+"keyword": "uninterpreted functions"},
{"id": 2794,
-"keyword": "verified iptables firewall analysis"},
+"keyword": "formal development"},
{"id": 2795,
-"keyword": "recursion principles"},
+"keyword": "fft algorithm"},
{"id": 2796,
-"keyword": "cayley-hamilton theorem based"},
+"keyword": "rank-nullity theorem roughly follow"},
{"id": 2797,
-"keyword": "general library"},
+"keyword": "lens classes"},
{"id": 2798,
-"keyword": "hoare triples"},
+"keyword": "state sigma iff"},
{"id": 2799,
-"keyword": "dictionary translation"},
+"keyword": "invariant based programs"},
{"id": 2800,
-"keyword": "prime-factorization algorithms"},
+"keyword": "types int"},
{"id": 2801,
-"keyword": "proving safety"},
+"keyword": "crucial ingredient"},
{"id": 2802,
-"keyword": "monotonically decreasing sequence"},
+"keyword": "program executions based"},
{"id": 2803,
-"keyword": "probability theory"},
+"keyword": "single permanent failure"},
{"id": 2804,
-"keyword": "pipeline-parallel stream processing"},
+"keyword": "lyndon words"},
{"id": 2805,
-"keyword": "extended sturm"},
+"keyword": "equational reasoning"},
{"id": 2806,
-"keyword": "rigorous numerical algorithms"},
+"keyword": "operation results"},
{"id": 2807,
-"keyword": "combined factorization algorithm"},
+"keyword": "ontological argument"},
{"id": 2808,
-"keyword": "lifting step"},
+"keyword": "decision procedure"},
{"id": 2809,
-"keyword": "satisfaction relation"},
+"keyword": "enforcing exclusive writes"},
{"id": 2810,
-"keyword": "automatic refinement framework"},
+"keyword": "main entry point"},
{"id": 2811,
-"keyword": "real eigenvalue"},
+"keyword": "showcase haskell"},
{"id": 2812,
-"keyword": "proposed approach"},
+"keyword": "domain operation"},
{"id": 2813,
-"keyword": "algorithm proceeds"},
+"keyword": "fixed service"},
{"id": 2814,
-"keyword": "so-called key equalities"},
+"keyword": "case study"},
{"id": 2815,
-"keyword": "transferring lifted properties back"},
+"keyword": "basic concepts cartesian products"},
{"id": 2816,
-"keyword": "concise proof"},
+"keyword": "refinement theorem"},
{"id": 2817,
-"keyword": "adjoint functors"},
+"keyword": "consistent sign assignments"},
{"id": 2818,
-"keyword": "cryptography proof formalizations"},
+"keyword": "object logic"},
{"id": 2819,
-"keyword": "blockchain pattern"},
+"keyword": "verified iptables firewall analysis"},
{"id": 2820,
-"keyword": "game-based proofs"},
+"keyword": "recursion principles"},
{"id": 2821,
-"keyword": "descartes test based"},
+"keyword": "cayley-hamilton theorem based"},
{"id": 2822,
-"keyword": "trace set"},
+"keyword": "general library"},
{"id": 2823,
-"keyword": "type-safe conversions"},
+"keyword": "hoare triples"},
{"id": 2824,
-"keyword": "computing bernoulli numbers"},
+"keyword": "dictionary translation"},
{"id": 2825,
-"keyword": "collection offer functionality"},
+"keyword": "prime-factorization algorithms"},
{"id": 2826,
-"keyword": "mason ndash"},
+"keyword": "proving safety"},
{"id": 2827,
-"keyword": "summary edges"},
+"keyword": "monotonically decreasing sequence"},
{"id": 2828,
-"keyword": "litte theorem"},
+"keyword": "probability theory"},
{"id": 2829,
-"keyword": "inconsistent theory"},
+"keyword": "pipeline-parallel stream processing"},
{"id": 2830,
-"keyword": "proof closely"},
+"keyword": "extended sturm"},
{"id": 2831,
-"keyword": "access windows"},
+"keyword": "rigorous numerical algorithms"},
{"id": 2832,
-"keyword": "fully automated translation"},
+"keyword": "combined factorization algorithm"},
{"id": 2833,
-"keyword": "global variables"},
+"keyword": "lifting step"},
{"id": 2834,
-"keyword": "existing multivariate polynomial libraries"},
+"keyword": "satisfaction relation"},
{"id": 2835,
-"keyword": "no-cloning theorem"},
+"keyword": "automatic refinement framework"},
{"id": 2836,
-"keyword": "large financial losses"},
+"keyword": "real eigenvalue"},
{"id": 2837,
-"keyword": "apply andy pitts"},
+"keyword": "proposed approach"},
{"id": 2838,
-"keyword": "omega omega"},
+"keyword": "algorithm proceeds"},
{"id": 2839,
-"keyword": "package algorithms applicable"},
+"keyword": "so-called key equalities"},
{"id": 2840,
-"keyword": "fulfilling van der waerden"},
+"keyword": "transferring lifted properties back"},
{"id": 2841,
-"keyword": "interval logics"},
+"keyword": "fixed fraction"},
{"id": 2842,
-"keyword": "higher-order terms"},
+"keyword": "concise proof"},
{"id": 2843,
-"keyword": "measurable spaces"},
+"keyword": "adjoint functors"},
{"id": 2844,
-"keyword": "coarse-grained concurrency"},
+"keyword": "cryptography proof formalizations"},
{"id": 2845,
-"keyword": "study models"},
+"keyword": "blockchain pattern"},
{"id": 2846,
-"keyword": "omega 1 alpha cdot"},
+"keyword": "game-based proofs"},
{"id": 2847,
-"keyword": "facilitate integrating future optimizations"},
+"keyword": "descartes test based"},
{"id": 2848,
-"keyword": "eulerian trails"},
+"keyword": "trace set"},
{"id": 2849,
-"keyword": "algebraically closed"},
+"keyword": "type-safe conversions"},
{"id": 2850,
-"keyword": "numerous models"},
+"keyword": "computing bernoulli numbers"},
{"id": 2851,
-"keyword": "general simplex algorithm"},
+"keyword": "collection offer functionality"},
{"id": 2852,
-"keyword": "relabelling function"},
+"keyword": "mason ndash"},
{"id": 2853,
-"keyword": "algebraic geometry culminating"},
+"keyword": "summary edges"},
{"id": 2854,
-"keyword": "standard security protocols"},
+"keyword": "litte theorem"},
{"id": 2855,
-"keyword": "automatically generate proofs"},
+"keyword": "inconsistent theory"},
{"id": 2856,
-"keyword": "current symbolic state"},
+"keyword": "proof closely"},
{"id": 2857,
-"keyword": "state transformers"},
+"keyword": "access windows"},
{"id": 2858,
-"keyword": "orbit-stabiliser theorem"},
+"keyword": "fully automated translation"},
{"id": 2859,
-"keyword": "sufficiently rich"},
+"keyword": "global variables"},
{"id": 2860,
-"keyword": "commutative ring"},
+"keyword": "existing multivariate polynomial libraries"},
{"id": 2861,
-"keyword": "regular structures"},
+"keyword": "no-cloning theorem"},
{"id": 2862,
-"keyword": "measure theory"},
+"keyword": "large financial losses"},
{"id": 2863,
-"keyword": "consistent learning"},
+"keyword": "apply andy pitts"},
{"id": 2864,
-"keyword": "called check monad"},
+"keyword": "omega omega"},
{"id": 2865,
-"keyword": "interval temporal logics"},
+"keyword": "package algorithms applicable"},
{"id": 2866,
-"keyword": "original functional sigma-calculus"},
+"keyword": "fulfilling van der waerden"},
{"id": 2867,
-"keyword": "precise algorithms"},
+"keyword": "interval logics"},
{"id": 2868,
-"keyword": "rational roots"},
+"keyword": "higher-order terms"},
{"id": 2869,
-"keyword": "dynamic negation"},
+"keyword": "measurable spaces"},
{"id": 2870,
-"keyword": "solution"},
+"keyword": "coarse-grained concurrency"},
{"id": 2871,
-"keyword": "afp entry core dom"},
+"keyword": "study models"},
{"id": 2872,
-"keyword": "cakeml abstract syntax trees"},
+"keyword": "omega 1 alpha cdot"},
{"id": 2873,
-"keyword": "key undecidability result present"},
+"keyword": "facilitate integrating future optimizations"},
{"id": 2874,
-"keyword": "keith conrad"},
+"keyword": "eulerian trails"},
{"id": 2875,
-"keyword": "generating test cases"},
+"keyword": "algebraically closed"},
{"id": 2876,
-"keyword": "sorting algorithm"},
+"keyword": "numerous models"},
{"id": 2877,
-"keyword": "teaching purposes"},
+"keyword": "general simplex algorithm"},
{"id": 2878,
-"keyword": "path authorization mechanism"},
+"keyword": "relabelling function"},
{"id": 2879,
-"keyword": "model finders"},
+"keyword": "algebraic geometry culminating"},
{"id": 2880,
-"keyword": "subsequent article smooth manifolds"},
+"keyword": "standard security protocols"},
{"id": 2881,
-"keyword": "bounded wajsberg pseudo-hoops"},
+"keyword": "automatically generate proofs"},
{"id": 2882,
-"keyword": "expressions involving"},
+"keyword": "current symbolic state"},
{"id": 2883,
-"keyword": "basic formal framework"},
+"keyword": "state transformers"},
{"id": 2884,
-"keyword": "fixed natural number"},
+"keyword": "orbit-stabiliser theorem"},
{"id": 2885,
-"keyword": "descartes rule"},
+"keyword": "sufficiently rich"},
{"id": 2886,
-"keyword": "total order relation"},
+"keyword": "commutative ring"},
{"id": 2887,
-"keyword": "linux firewall iptables"},
+"keyword": "regular structures"},
{"id": 2888,
-"keyword": "hol sources underlying"},
+"keyword": "measure theory"},
{"id": 2889,
-"keyword": "gr bner bases"},
+"keyword": "consistent learning"},
{"id": 2890,
-"keyword": "strict preferences"},
+"keyword": "called check monad"},
{"id": 2891,
-"keyword": "similar normal form"},
+"keyword": "interval temporal logics"},
{"id": 2892,
+"keyword": "original functional sigma-calculus"},
+{"id": 2893,
+"keyword": "precise algorithms"},
+{"id": 2894,
+"keyword": "rational roots"},
+{"id": 2895,
+"keyword": "dynamic negation"},
+{"id": 2896,
+"keyword": "solution"},
+{"id": 2897,
+"keyword": "afp entry core dom"},
+{"id": 2898,
+"keyword": "cakeml abstract syntax trees"},
+{"id": 2899,
+"keyword": "key undecidability result present"},
+{"id": 2900,
+"keyword": "keith conrad"},
+{"id": 2901,
+"keyword": "generating test cases"},
+{"id": 2902,
+"keyword": "sorting algorithm"},
+{"id": 2903,
+"keyword": "teaching purposes"},
+{"id": 2904,
+"keyword": "path authorization mechanism"},
+{"id": 2905,
+"keyword": "model finders"},
+{"id": 2906,
+"keyword": "subsequent article smooth manifolds"},
+{"id": 2907,
+"keyword": "bounded wajsberg pseudo-hoops"},
+{"id": 2908,
+"keyword": "expressions involving"},
+{"id": 2909,
+"keyword": "basic formal framework"},
+{"id": 2910,
+"keyword": "fixed natural number"},
+{"id": 2911,
+"keyword": "descartes rule"},
+{"id": 2912,
+"keyword": "total order relation"},
+{"id": 2913,
+"keyword": "linux firewall iptables"},
+{"id": 2914,
+"keyword": "resulting system"},
+{"id": 2915,
+"keyword": "hol sources underlying"},
+{"id": 2916,
+"keyword": "gr bner bases"},
+{"id": 2917,
+"keyword": "strict preferences"},
+{"id": 2918,
+"keyword": "similar normal form"},
+{"id": 2919,
"keyword": "heap location"},
-{"id": 2893,
+{"id": 2920,
"keyword": "extended language"},
-{"id": 2894,
+{"id": 2921,
"keyword": "backward compatible"},
-{"id": 2895,
+{"id": 2922,
"keyword": "safely composable"},
-{"id": 2896,
+{"id": 2923,
"keyword": "minsky machines"},
-{"id": 2897,
+{"id": 2924,
"keyword": "null space"},
-{"id": 2898,
+{"id": 2925,
"keyword": "higher-order term algebra"},
-{"id": 2899,
+{"id": 2926,
"keyword": "code accessing"},
-{"id": 2900,
+{"id": 2927,
"keyword": "semantic trees"},
-{"id": 2901,
+{"id": 2928,
"keyword": "featherweight ocl project"},
-{"id": 2902,
+{"id": 2929,
"keyword": "well-formedness properties"},
-{"id": 2903,
+{"id": 2930,
"keyword": "solovay ndash"},
-{"id": 2904,
+{"id": 2931,
"keyword": "iteration operators"},
-{"id": 2905,
+{"id": 2932,
"keyword": "fold build rule"},
-{"id": 2906,
+{"id": 2933,
"keyword": "category equipped"},
-{"id": 2907,
+{"id": 2934,
"keyword": "universal composability framework"},
-{"id": 2908,
+{"id": 2935,
"keyword": "decidability result"},
-{"id": 2909,
+{"id": 2936,
"keyword": "closely related"},
-{"id": 2910,
+{"id": 2937,
"keyword": "optimisations suggested"},
-{"id": 2911,
+{"id": 2938,
"keyword": "completely verified model checker"},
-{"id": 2912,
+{"id": 2939,
"keyword": "subsystems"},
-{"id": 2913,
+{"id": 2940,
"keyword": "international system"},
-{"id": 2914,
+{"id": 2941,
"keyword": "stuttering equivalent runs"},
-{"id": 2915,
+{"id": 2942,
"keyword": "edge weights"},
-{"id": 2916,
+{"id": 2943,
"keyword": "widely studied topic"},
-{"id": 2917,
+{"id": 2944,
"keyword": "machine-checked version"},
-{"id": 2918,
+{"id": 2945,
"keyword": "planning domain definition language"},
-{"id": 2919,
+{"id": 2946,
"keyword": "high edge probability"},
-{"id": 2920,
+{"id": 2947,
"keyword": "refinement based verification"},
-{"id": 2921,
+{"id": 2948,
"keyword": "recursive functions heavily inspired"},
-{"id": 2922,
+{"id": 2949,
"keyword": "pide sub-system"},
-{"id": 2923,
+{"id": 2950,
"keyword": "lagrange interpolation"},
-{"id": 2924,
+{"id": 2951,
"keyword": "integrated pide document model"},
-{"id": 2925,
+{"id": 2952,
"keyword": "finite learning"},
-{"id": 2926,
+{"id": 2953,
"keyword": "applied relativization"},
-{"id": 2927,
+{"id": 2954,
"keyword": "imperative loop constructs"},
-{"id": 2928,
+{"id": 2955,
"keyword": "book consistency"},
-{"id": 2929,
+{"id": 2956,
"keyword": "cpp-2015 paper"},
-{"id": 2930,
+{"id": 2957,
"keyword": "obtain executable code"},
-{"id": 2931,
+{"id": 2958,
"keyword": "basic theory"},
-{"id": 2932,
+{"id": 2959,
"keyword": "formalisation hold"},
-{"id": 2933,
+{"id": 2960,
"keyword": "probabilistic functional language"},
-{"id": 2934,
+{"id": 2961,
"keyword": "elements belong"},
-{"id": 2935,
+{"id": 2962,
"keyword": "system describes"},
-{"id": 2936,
+{"id": 2963,
"keyword": "static fields"},
-{"id": 2937,
+{"id": 2964,
"keyword": "approximation ratio"},
-{"id": 2938,
+{"id": 2965,
"keyword": "general formal proof techniques"},
-{"id": 2939,
+{"id": 2966,
"keyword": "np-complete optimization problems"},
-{"id": 2940,
+{"id": 2967,
"keyword": "probabilistic arguments"},
-{"id": 2941,
+{"id": 2968,
"keyword": "byzantine clock synchronization"},
-{"id": 2942,
+{"id": 2969,
"keyword": "original proof"},
-{"id": 2943,
+{"id": 2970,
"keyword": "cauchy completion"},
-{"id": 2944,
+{"id": 2971,
"keyword": "abstract bnfccs similar"},
-{"id": 2945,
+{"id": 2972,
"keyword": "abstract completeness theories"},
-{"id": 2946,
+{"id": 2973,
"keyword": "brian huffman"},
-{"id": 2947,
+{"id": 2974,
"keyword": "eponymous itp 2012 paper"},
-{"id": 2948,
+{"id": 2975,
"keyword": "prime number theorem"},
-{"id": 2949,
+{"id": 2976,
"keyword": "efficient deterministic parsing"},
-{"id": 2950,
+{"id": 2977,
"keyword": "data structure invented"},
-{"id": 2951,
+{"id": 2978,
"keyword": "refinement proof"},
-{"id": 2952,
+{"id": 2979,
"keyword": "general definition"},
-{"id": 2953,
+{"id": 2980,
"keyword": "theorem prover based"},
-{"id": 2954,
+{"id": 2981,
"keyword": "angles requires solving"},
-{"id": 2955,
+{"id": 2982,
"keyword": "inductive method"},
-{"id": 2956,
+{"id": 2983,
"keyword": "approximation algorithm"},
-{"id": 2957,
+{"id": 2984,
"keyword": "possibilistic information-flow properties"},
-{"id": 2958,
+{"id": 2985,
"keyword": "larger arrangements due"},
-{"id": 2959,
+{"id": 2986,
"keyword": "axioms systems"},
-{"id": 2960,
+{"id": 2987,
"keyword": "visualizing class models"},
-{"id": 2961,
+{"id": 2988,
"keyword": "linear integer polynomial"},
-{"id": 2962,
+{"id": 2989,
"keyword": "set mapping"},
-{"id": 2963,
+{"id": 2990,
"keyword": "formal semantics"},
-{"id": 2964,
+{"id": 2991,
"keyword": "partly recursive functions found"},
-{"id": 2965,
+{"id": 2992,
+"keyword": "csp noninterference security"},
+{"id": 2993,
+"keyword": "generate executable imperative programs"},
+{"id": 2994,
+"keyword": "language-based non-interference property"},
+{"id": 2995,
+"keyword": "formalisation underlying"},
+{"id": 2996,
+"keyword": "jeroen ketema"},
+{"id": 2997,
"keyword": "execution involving integer matrices"},
-{"id": 2966,
-"keyword": "csp noninterference security"},
-{"id": 2967,
-"keyword": "generate executable imperative programs"},
-{"id": 2968,
-"keyword": "language-based non-interference property"},
-{"id": 2969,
-"keyword": "formalisation underlying"},
-{"id": 2970,
-"keyword": "jeroen ketema"},
-{"id": 2971,
+{"id": 2998,
+"keyword": "assertion semantics unifies semantic"},
+{"id": 2999,
"keyword": "free category"},
-{"id": 2972,
+{"id": 3000,
"keyword": "type theory presented"},
-{"id": 2973,
-"keyword": "deterministic monad"},
-{"id": 2974,
-"keyword": "explicit metric"},
-{"id": 2975,
-"keyword": "first-order real arithmetic"},
-{"id": 2976,
-"keyword": "main order fully coincides"},
-{"id": 2977,
-"keyword": "safe approximation"},
-{"id": 2978,
-"keyword": "general case"},
-{"id": 2979,
-"keyword": "propositional clauses"},
-{"id": 2980,
-"keyword": "subtypes inherit"},
-{"id": 2981,
-"keyword": "jordan normal form"},
-{"id": 2982,
-"keyword": "refinement theory"},
-{"id": 2983,
-"keyword": "generate theorem prover code"},
-{"id": 2984,
-"keyword": "resuting proofs"},
-{"id": 2985,
-"keyword": "matrix rank"},
-{"id": 2986,
-"keyword": "integer polynomial belongs"},
-{"id": 2987,
-"keyword": "well-typed programs"},
-{"id": 2988,
-"keyword": "binary decision trees"},
-{"id": 2989,
-"keyword": "decreasing diagrams showing"},
-{"id": 2990,
-"keyword": "data spaces"},
-{"id": 2991,
-"keyword": "chapman formula"},
-{"id": 2992,
-"keyword": "sufficient condition"},
-{"id": 2993,
-"keyword": "intricate cyclic program"},
-{"id": 2994,
-"keyword": "recursively expressed"},
-{"id": 2995,
-"keyword": "robin smith"},
-{"id": 2996,
-"keyword": "talking explicitly"},
-{"id": 2997,
-"keyword": "model partial correctness"},
-{"id": 2998,
-"keyword": "general-purpose coinductive data types"},
-{"id": 2999,
-"keyword": "directly follow"},
-{"id": 3000,
-"keyword": "indefinitely large set"},
{"id": 3001,
-"keyword": "computing enclosures"},
+"keyword": "deterministic monad"},
{"id": 3002,
-"keyword": "quantum teleportation"},
+"keyword": "explicit metric"},
{"id": 3003,
-"keyword": "intricate part"},
+"keyword": "first-order real arithmetic"},
{"id": 3004,
-"keyword": "external functions"},
+"keyword": "main order fully coincides"},
{"id": 3005,
-"keyword": "resulting recursion induction rules"},
+"keyword": "safe approximation"},
{"id": 3006,
-"keyword": "specific tactic support"},
+"keyword": "general case"},
{"id": 3007,
-"keyword": "promotes proof reuse"},
+"keyword": "propositional clauses"},
{"id": 3008,
-"keyword": "infinite graphs"},
+"keyword": "subtypes inherit"},
{"id": 3009,
-"keyword": "planar dynamical systems"},
+"keyword": "jordan normal form"},
{"id": 3010,
-"keyword": "non-obvious closed form"},
+"keyword": "refinement theory"},
{"id": 3011,
-"keyword": "verified programs"},
+"keyword": "generate theorem prover code"},
{"id": 3012,
-"keyword": "purely functional"},
+"keyword": "resuting proofs"},
{"id": 3013,
-"keyword": "conducting completely formal proofs"},
+"keyword": "matrix rank"},
{"id": 3014,
-"keyword": "product spaces"},
+"keyword": "integer polynomial belongs"},
{"id": 3015,
-"keyword": "cauchy sequence"},
+"keyword": "well-typed programs"},
{"id": 3016,
-"keyword": "entry adapts stream fusion"},
+"keyword": "binary decision trees"},
{"id": 3017,
-"keyword": "parallel composition"},
+"keyword": "decreasing diagrams showing"},
{"id": 3018,
-"keyword": "verified construction"},
+"keyword": "data spaces"},
{"id": 3019,
-"keyword": "relational parametricity"},
+"keyword": "chapman formula"},
{"id": 3020,
-"keyword": "called residuation"},
+"keyword": "sufficient condition"},
{"id": 3021,
-"keyword": "export code"},
+"keyword": "intricate cyclic program"},
{"id": 3022,
-"keyword": "propositional abstract separation logic"},
+"keyword": "recursively expressed"},
{"id": 3023,
-"keyword": "knowledge compilation"},
+"keyword": "robin smith"},
{"id": 3024,
-"keyword": "heap sort"},
+"keyword": "talking explicitly"},
{"id": 3025,
-"keyword": "hol types"},
+"keyword": "model partial correctness"},
{"id": 3026,
-"keyword": "slightly stronger hypothesis"},
+"keyword": "general-purpose coinductive data types"},
{"id": 3027,
-"keyword": "encoding based"},
+"keyword": "directly follow"},
{"id": 3028,
+"keyword": "indefinitely large set"},
+{"id": 3029,
+"keyword": "computing enclosures"},
+{"id": 3030,
+"keyword": "quantum teleportation"},
+{"id": 3031,
+"keyword": "intricate part"},
+{"id": 3032,
+"keyword": "external functions"},
+{"id": 3033,
+"keyword": "resulting recursion induction rules"},
+{"id": 3034,
+"keyword": "specific tactic support"},
+{"id": 3035,
+"keyword": "promotes proof reuse"},
+{"id": 3036,
+"keyword": "infinite graphs"},
+{"id": 3037,
+"keyword": "planar dynamical systems"},
+{"id": 3038,
+"keyword": "non-obvious closed form"},
+{"id": 3039,
+"keyword": "verified programs"},
+{"id": 3040,
+"keyword": "purely functional"},
+{"id": 3041,
+"keyword": "conducting completely formal proofs"},
+{"id": 3042,
+"keyword": "product spaces"},
+{"id": 3043,
+"keyword": "cauchy sequence"},
+{"id": 3044,
+"keyword": "entry adapts stream fusion"},
+{"id": 3045,
+"keyword": "parallel composition"},
+{"id": 3046,
+"keyword": "verified construction"},
+{"id": 3047,
+"keyword": "relational parametricity"},
+{"id": 3048,
+"keyword": "called residuation"},
+{"id": 3049,
+"keyword": "export code"},
+{"id": 3050,
+"keyword": "propositional abstract separation logic"},
+{"id": 3051,
+"keyword": "knowledge compilation"},
+{"id": 3052,
+"keyword": "heap sort"},
+{"id": 3053,
+"keyword": "hol types"},
+{"id": 3054,
+"keyword": "concepts due"},
+{"id": 3055,
+"keyword": "cartesian powers"},
+{"id": 3056,
+"keyword": "slightly stronger hypothesis"},
+{"id": 3057,
+"keyword": "encoding based"},
+{"id": 3058,
"keyword": "lexicographic extensions"},
-{"id": 3029,
+{"id": 3059,
"keyword": "security proof"},
-{"id": 3030,
+{"id": 3060,
"keyword": "uniquely determined product"},
-{"id": 3031,
+{"id": 3061,
"keyword": "input parameter"},
-{"id": 3032,
+{"id": 3062,
"keyword": "model checker spin"},
-{"id": 3033,
+{"id": 3063,
"keyword": "stochastic matrices"},
-{"id": 3034,
+{"id": 3064,
"keyword": "original paper"},
-{"id": 3035,
+{"id": 3065,
"keyword": "formalization techniques presented"},
-{"id": 3036,
+{"id": 3066,
"keyword": "forward algorithm"},
-{"id": 3037,
+{"id": 3067,
"keyword": "dynamic thread creation"},
-{"id": 3038,
+{"id": 3068,
"keyword": "sequent calculus"},
-{"id": 3039,
+{"id": 3069,
"keyword": "machine-checked tree automata library"},
-{"id": 3040,
+{"id": 3070,
"keyword": "shared environments"},
-{"id": 3041,
+{"id": 3071,
"keyword": "composed protocol"},
-{"id": 3042,
+{"id": 3072,
"keyword": "experimental utilities"},
-{"id": 3043,
+{"id": 3073,
"keyword": "open publishing association"},
-{"id": 3044,
+{"id": 3074,
"keyword": "mit press 1995"},
-{"id": 3045,
+{"id": 3075,
"keyword": "design isomorphisms"},
-{"id": 3046,
+{"id": 3076,
"keyword": "existing approaches"},
-{"id": 3047,
+{"id": 3077,
"keyword": "trustworthy procedure"},
-{"id": 3048,
+{"id": 3078,
"keyword": "varying numbers"},
-{"id": 3049,
+{"id": 3079,
"keyword": "reduced echelon form"},
-{"id": 3050,
+{"id": 3080,
"keyword": "elementary symmetric polynomials sk"},
-{"id": 3051,
+{"id": 3081,
"keyword": "related recurrence relations"},
-{"id": 3052,
+{"id": 3082,
"keyword": "del numbers"},
-{"id": 3053,
+{"id": 3083,
"keyword": "prime iff"},
-{"id": 3054,
+{"id": 3084,
"keyword": "compositional statement"},
-{"id": 3055,
-"keyword": "complete proof method"},
-{"id": 3056,
-"keyword": "conversion version"},
-{"id": 3057,
-"keyword": "supporting automatic refinement"},
-{"id": 3058,
-"keyword": "datatype package"},
-{"id": 3059,
-"keyword": "transition function relation"},
-{"id": 3060,
-"keyword": "general version"},
-{"id": 3061,
-"keyword": "prime ndash"},
-{"id": 3062,
-"keyword": "horn- renamable"},
-{"id": 3063,
-"keyword": "shadow dom"},
-{"id": 3064,
-"keyword": "labour intensive"},
-{"id": 3065,
-"keyword": "fully structured"},
-{"id": 3066,
-"keyword": "numerous misunderstandings"},
-{"id": 3067,
-"keyword": "basic linear algebra"},
-{"id": 3068,
-"keyword": "tree theorem"},
-{"id": 3069,
-"keyword": "undergraduate dissertation"},
-{"id": 3070,
-"keyword": "inversions"},
-{"id": 3071,
-"keyword": "nathan chong"},
-{"id": 3072,
-"keyword": "greibach normal form"},
-{"id": 3073,
-"keyword": "subseteq alpha order-isomorphic"},
-{"id": 3074,
-"keyword": "cnf based sat algorithms"},
-{"id": 3075,
-"keyword": "interactive automated relativization"},
-{"id": 3076,
-"keyword": "significantly reduce"},
-{"id": 3077,
-"keyword": "practically usable verification environment"},
-{"id": 3078,
-"keyword": "test decides primality"},
-{"id": 3079,
-"keyword": "high annotation overhead"},
-{"id": 3080,
-"keyword": "law"},
-{"id": 3081,
-"keyword": "itp 2011 paper"},
-{"id": 3082,
-"keyword": "write operations"},
-{"id": 3083,
-"keyword": "upper semicontinuous"},
-{"id": 3084,
-"keyword": "labour cost"},
{"id": 3085,
-"keyword": "context relation"},
+"keyword": "complete proof method"},
{"id": 3086,
-"keyword": "bounded-length strings"},
+"keyword": "unbounded version"},
{"id": 3087,
-"keyword": "verification techniques"},
+"keyword": "conversion version"},
{"id": 3088,
-"keyword": "constant-time findmin"},
+"keyword": "composite assertions"},
{"id": 3089,
-"keyword": "thick chamber complexes endowed"},
+"keyword": "supporting automatic refinement"},
{"id": 3090,
-"keyword": "lifts resolution derivation steps"},
+"keyword": "datatype package"},
{"id": 3091,
-"keyword": "problem reduction"},
+"keyword": "transition function relation"},
{"id": 3092,
-"keyword": "data structures depending"},
+"keyword": "general version"},
{"id": 3093,
-"keyword": "richard char-tung lee"},
+"keyword": "prime ndash"},
{"id": 3094,
-"keyword": "supports mutual recursion"},
+"keyword": "horn- renamable"},
{"id": 3095,
-"keyword": "evaluation homomorphisms"},
+"keyword": "shadow dom"},
{"id": 3096,
-"keyword": "surjective function"},
+"keyword": "labour intensive"},
{"id": 3097,
-"keyword": "code generator"},
+"keyword": "fully structured"},
{"id": 3098,
-"keyword": "ten lemmas"},
+"keyword": "numerous misunderstandings"},
{"id": 3099,
-"keyword": "degree bounds"},
+"keyword": "basic linear algebra"},
{"id": 3100,
-"keyword": "countable ordinals"},
+"keyword": "tree theorem"},
{"id": 3101,
-"keyword": "hybrid game"},
+"keyword": "undergraduate dissertation"},
{"id": 3102,
-"keyword": "propositional linear-time temporal logic"},
+"keyword": "inversions"},
{"id": 3103,
-"keyword": "code compilation"},
+"keyword": "nathan chong"},
{"id": 3104,
-"keyword": "security concepts"},
+"keyword": "greibach normal form"},
{"id": 3105,
-"keyword": "negated subquery"},
+"keyword": "subseteq alpha order-isomorphic"},
{"id": 3106,
-"keyword": "partial equivalence relations"},
+"keyword": "cnf based sat algorithms"},
{"id": 3107,
-"keyword": "type class real_algebra_1"},
+"keyword": "interactive automated relativization"},
{"id": 3108,
-"keyword": "gauss-jordan algorithm states"},
+"keyword": "significantly reduce"},
{"id": 3109,
-"keyword": "hol4 formalization"},
+"keyword": "practically usable verification environment"},
{"id": 3110,
-"keyword": "stein"},
+"keyword": "test decides primality"},
{"id": 3111,
-"keyword": "password authenticated connection establishment"},
+"keyword": "high annotation overhead"},
{"id": 3112,
+"keyword": "law"},
+{"id": 3113,
+"keyword": "itp 2011 paper"},
+{"id": 3114,
+"keyword": "write operations"},
+{"id": 3115,
+"keyword": "upper semicontinuous"},
+{"id": 3116,
+"keyword": "labour cost"},
+{"id": 3117,
+"keyword": "context relation"},
+{"id": 3118,
+"keyword": "bounded-length strings"},
+{"id": 3119,
+"keyword": "verification techniques"},
+{"id": 3120,
+"keyword": "constant-time findmin"},
+{"id": 3121,
+"keyword": "thick chamber complexes endowed"},
+{"id": 3122,
+"keyword": "lifts resolution derivation steps"},
+{"id": 3123,
+"keyword": "problem reduction"},
+{"id": 3124,
+"keyword": "data structures depending"},
+{"id": 3125,
+"keyword": "richard char-tung lee"},
+{"id": 3126,
+"keyword": "supports mutual recursion"},
+{"id": 3127,
+"keyword": "evaluation homomorphisms"},
+{"id": 3128,
+"keyword": "surjective function"},
+{"id": 3129,
+"keyword": "code generator"},
+{"id": 3130,
+"keyword": "ten lemmas"},
+{"id": 3131,
+"keyword": "degree bounds"},
+{"id": 3132,
+"keyword": "countable ordinals"},
+{"id": 3133,
+"keyword": "hybrid game"},
+{"id": 3134,
+"keyword": "propositional linear-time temporal logic"},
+{"id": 3135,
+"keyword": "code compilation"},
+{"id": 3136,
+"keyword": "security concepts"},
+{"id": 3137,
+"keyword": "negated subquery"},
+{"id": 3138,
+"keyword": "partial equivalence relations"},
+{"id": 3139,
+"keyword": "type class real_algebra_1"},
+{"id": 3140,
+"keyword": "gauss-jordan algorithm states"},
+{"id": 3141,
+"keyword": "hol4 formalization"},
+{"id": 3142,
+"keyword": "stein"},
+{"id": 3143,
+"keyword": "password authenticated connection establishment"},
+{"id": 3144,
"keyword": "over-approximate relational logics"},
-{"id": 3113,
+{"id": 3145,
"keyword": "difficulty arises"},
-{"id": 3114,
+{"id": 3146,
"keyword": "paulson"},
-{"id": 3115,
+{"id": 3147,
"keyword": "difficult"},
-{"id": 3116,
+{"id": 3148,
"keyword": "ip address ranges"},
-{"id": 3117,
+{"id": 3149,
"keyword": "basic toolbox"},
-{"id": 3118,
+{"id": 3150,
"keyword": "pseudo-wajsberg algebras"},
-{"id": 3119,
+{"id": 3151,
"keyword": "suitable invariants"},
-{"id": 3120,
+{"id": 3152,
"keyword": "basic topological facts"},
-{"id": 3121,
+{"id": 3153,
"keyword": "integer components"},
-{"id": 3122,
+{"id": 3154,
+"keyword": "track counter-party obligations"},
+{"id": 3155,
"keyword": "sigma function"},
-{"id": 3123,
+{"id": 3156,
"keyword": "global security guarantee"},
-{"id": 3124,
+{"id": 3157,
"keyword": "symmetric polynomial"},
-{"id": 3125,
+{"id": 3158,
"keyword": "interactive theorem proving sch16"},
-{"id": 3126,
+{"id": 3159,
"keyword": "dirk pfl ger"},
-{"id": 3127,
+{"id": 3160,
"keyword": "local lexing"},
-{"id": 3128,
+{"id": 3161,
"keyword": "lower semicontinuous"},
-{"id": 3129,
+{"id": 3162,
"keyword": "single unit"},
-{"id": 3130,
+{"id": 3163,
"keyword": "mechanizing gauss"},
-{"id": 3131,
+{"id": 3164,
"keyword": "multi-stage compiler verifications"},
-{"id": 3132,
+{"id": 3165,
"keyword": "theorem"},
-{"id": 3133,
+{"id": 3166,
"keyword": "formalising baker"},
-{"id": 3134,
+{"id": 3167,
"keyword": "formal guarantees"},
-{"id": 3135,
+{"id": 3168,
"keyword": "classical registers"},
-{"id": 3136,
+{"id": 3169,
"keyword": "results"},
-{"id": 3137,
+{"id": 3170,
"keyword": "usual monad laws"},
-{"id": 3138,
+{"id": 3171,
"keyword": "implement probabilistic algorithms"},
-{"id": 3139,
+{"id": 3172,
"keyword": "daniel schoepe"},
-{"id": 3140,
+{"id": 3173,
"keyword": "isar conversion"},
-{"id": 3141,
+{"id": 3174,
"keyword": "standard compliant formalization"},
-{"id": 3142,
+{"id": 3175,
"keyword": "finite group"},
-{"id": 3143,
+{"id": 3176,
"keyword": "frobenius endomorphism"},
-{"id": 3144,
+{"id": 3177,
+"keyword": "elliott mendelson"},
+{"id": 3178,
"keyword": "nominal logic"},
-{"id": 3145,
+{"id": 3179,
"keyword": "separation-logic based correctness proofs"},
-{"id": 3146,
+{"id": 3180,
"keyword": "distinct algebraic numbers alpha_i"},
-{"id": 3147,
+{"id": 3181,
"keyword": "macaulay matrix constructed"},
-{"id": 3148,
+{"id": 3182,
"keyword": "refinement orders"},
-{"id": 3149,
+{"id": 3183,
"keyword": "biggest part"},
-{"id": 3150,
+{"id": 3184,
"keyword": "continuation semantics"},
-{"id": 3151,
+{"id": 3185,
"keyword": "riemann integral"},
-{"id": 3152,
+{"id": 3186,
"keyword": "automated theorem proving"},
-{"id": 3153,
+{"id": 3187,
"keyword": "functional arrays"},
-{"id": 3154,
+{"id": 3188,
"keyword": "previous unifiers"},
-{"id": 3155,
+{"id": 3189,
"keyword": "crowds protocol"},
-{"id": 3156,
+{"id": 3190,
"keyword": "spark certify"},
-{"id": 3157,
+{"id": 3191,
"keyword": "classic non-randomised quicksort"},
-{"id": 3158,
+{"id": 3192,
"keyword": "verifying techniques"},
-{"id": 3159,
+{"id": 3193,
"keyword": "automated reasoning tools"},
-{"id": 3160,
+{"id": 3194,
"keyword": "official standard"},
-{"id": 3161,
+{"id": 3195,
"keyword": "vital part"},
-{"id": 3162,
+{"id": 3196,
"keyword": "integer polynomials"},
-{"id": 3163,
+{"id": 3197,
"keyword": "borrow terminology"},
-{"id": 3164,
+{"id": 3198,
"keyword": "supported unicode characters"},
-{"id": 3165,
+{"id": 3199,
"keyword": "projective plane geometry"},
-{"id": 3166,
+{"id": 3200,
"keyword": "programs checking certificates"},
-{"id": 3167,
+{"id": 3201,
"keyword": "conjunctive normal forms"},
-{"id": 3168,
+{"id": 3202,
"keyword": "chapters 7-9"},
-{"id": 3169,
+{"id": 3203,
"keyword": "floor divided"},
-{"id": 3170,
+{"id": 3204,
"keyword": "ringed spaces"},
-{"id": 3171,
+{"id": 3205,
"keyword": "draft paper"},
-{"id": 3172,
+{"id": 3206,
"keyword": "employ code equations"},
-{"id": 3173,
+{"id": 3207,
"keyword": "transformations"},
-{"id": 3174,
+{"id": 3208,
"keyword": "negative solution"},
-{"id": 3175,
+{"id": 3209,
"keyword": "lifting algebraic laws point-wise"},
-{"id": 3176,
+{"id": 3210,
"keyword": "observed sequence"},
-{"id": 3177,
+{"id": 3211,
"keyword": "dogged previous mechanised proofs"},
-{"id": 3178,
-"keyword": "hol overhead"},
-{"id": 3179,
-"keyword": "open problem"},
-{"id": 3180,
-"keyword": "girth-chromatic number theorem"},
-{"id": 3181,
-"keyword": "scheduling activity"},
-{"id": 3182,
-"keyword": "simplicial complex"},
-{"id": 3183,
-"keyword": "formalisation continues"},
-{"id": 3184,
-"keyword": "monotonic functions"},
-{"id": 3185,
-"keyword": "alphabet letters"},
-{"id": 3186,
-"keyword": "executable proof checker"},
-{"id": 3187,
-"keyword": "failures-divergences pair"},
-{"id": 3188,
-"keyword": "synthesize imperative programs"},
-{"id": 3189,
-"keyword": "communicating products"},
-{"id": 3190,
-"keyword": "geodesic spaces"},
-{"id": 3191,
-"keyword": "branches guarded"},
-{"id": 3192,
-"keyword": "deg"},
-{"id": 3193,
-"keyword": "restricted definition"},
-{"id": 3194,
-"keyword": "first-order functional language"},
-{"id": 3195,
-"keyword": "diagrammatic modeling language"},
-{"id": 3196,
-"keyword": "system types"},
-{"id": 3197,
-"keyword": "formalization builds"},
-{"id": 3198,
-"keyword": "analyze sufficient conditions"},
-{"id": 3199,
-"keyword": "implementation"},
-{"id": 3200,
-"keyword": "reading heads asynchronously"},
-{"id": 3201,
-"keyword": "experimental general-purpose proof methods"},
-{"id": 3202,
-"keyword": "game theory"},
-{"id": 3203,
-"keyword": "verifying dynamic"},
-{"id": 3204,
-"keyword": "hol code generator"},
-{"id": 3205,
-"keyword": "additional iteration laws"},
-{"id": 3206,
-"keyword": "steam boiler system"},
-{"id": 3207,
-"keyword": "reflection formula"},
-{"id": 3208,
-"keyword": "nested multiset order"},
-{"id": 3209,
-"keyword": "algebraic semantics"},
-{"id": 3210,
-"keyword": "underlying algorithmic mechanisms"},
-{"id": 3211,
-"keyword": "concurrent composition"},
{"id": 3212,
-"keyword": "elementary theory"},
+"keyword": "hol overhead"},
{"id": 3213,
-"keyword": "outwards-pointing normal vector"},
+"keyword": "open problem"},
{"id": 3214,
-"keyword": "matrices represented"},
+"keyword": "girth-chromatic number theorem"},
{"id": 3215,
-"keyword": "factored representation"},
+"keyword": "scheduling activity"},
{"id": 3216,
-"keyword": "leftmost reduction"},
+"keyword": "simplicial complex"},
{"id": 3217,
-"keyword": "specification language statecharts"},
+"keyword": "formalisation continues"},
{"id": 3218,
-"keyword": "larger cardinality"},
+"keyword": "monotonic functions"},
{"id": 3219,
-"keyword": "side conditions"},
+"keyword": "alphabet letters"},
{"id": 3220,
-"keyword": "imperative language constructs"},
+"keyword": "executable proof checker"},
{"id": 3221,
-"keyword": "automatic data refinement"},
+"keyword": "failures-divergences pair"},
{"id": 3222,
-"keyword": "theory listinf list2"},
+"keyword": "synthesize imperative programs"},
{"id": 3223,
-"keyword": "formal implementation"},
+"keyword": "communicating products"},
{"id": 3224,
-"keyword": "presented theory"},
+"keyword": "geodesic spaces"},
{"id": 3225,
-"keyword": "stronger safety guarantees"},
+"keyword": "branches guarded"},
{"id": 3226,
-"keyword": "network protocols"},
+"keyword": "deg"},
{"id": 3227,
-"keyword": "separation logic connective"},
+"keyword": "restricted definition"},
{"id": 3228,
+"keyword": "first-order functional language"},
+{"id": 3229,
+"keyword": "diagrammatic modeling language"},
+{"id": 3230,
+"keyword": "system types"},
+{"id": 3231,
+"keyword": "formalization builds"},
+{"id": 3232,
+"keyword": "analyze sufficient conditions"},
+{"id": 3233,
+"keyword": "implementation"},
+{"id": 3234,
+"keyword": "reading heads asynchronously"},
+{"id": 3235,
+"keyword": "experimental general-purpose proof methods"},
+{"id": 3236,
+"keyword": "game theory"},
+{"id": 3237,
+"keyword": "verifying dynamic"},
+{"id": 3238,
+"keyword": "hol code generator"},
+{"id": 3239,
+"keyword": "additional iteration laws"},
+{"id": 3240,
+"keyword": "steam boiler system"},
+{"id": 3241,
+"keyword": "reflection formula"},
+{"id": 3242,
+"keyword": "nested multiset order"},
+{"id": 3243,
+"keyword": "algebraic semantics"},
+{"id": 3244,
+"keyword": "underlying algorithmic mechanisms"},
+{"id": 3245,
+"keyword": "concurrent composition"},
+{"id": 3246,
+"keyword": "elementary theory"},
+{"id": 3247,
+"keyword": "outwards-pointing normal vector"},
+{"id": 3248,
+"keyword": "matrices represented"},
+{"id": 3249,
+"keyword": "factored representation"},
+{"id": 3250,
+"keyword": "leftmost reduction"},
+{"id": 3251,
+"keyword": "specification language statecharts"},
+{"id": 3252,
+"keyword": "larger cardinality"},
+{"id": 3253,
+"keyword": "side conditions"},
+{"id": 3254,
+"keyword": "imperative language constructs"},
+{"id": 3255,
+"keyword": "automatic data refinement"},
+{"id": 3256,
+"keyword": "theory listinf list2"},
+{"id": 3257,
+"keyword": "formal implementation"},
+{"id": 3258,
+"keyword": "presented theory"},
+{"id": 3259,
+"keyword": "stronger safety guarantees"},
+{"id": 3260,
+"keyword": "network protocols"},
+{"id": 3261,
+"keyword": "separation logic connective"},
+{"id": 3262,
"keyword": "playfair axiom"},
-{"id": 3229,
+{"id": 3263,
"keyword": "local parallel compositions"},
-{"id": 3230,
+{"id": 3264,
"keyword": "cartesian closed"},
-{"id": 3231,
+{"id": 3265,
"keyword": "xml trees"},
-{"id": 3232,
+{"id": 3266,
"keyword": "resulting tree"},
-{"id": 3233,
+{"id": 3267,
"keyword": "natural number"},
-{"id": 3234,
+{"id": 3268,
"keyword": "regular algebras"},
-{"id": 3235,
+{"id": 3269,
"keyword": "type preservation"},
-{"id": 3236,
+{"id": 3270,
"keyword": "field-theoretic nullstellensatz"},
-{"id": 3237,
+{"id": 3271,
"keyword": "document object model"},
-{"id": 3238,
+{"id": 3272,
"keyword": "shortest path"},
-{"id": 3239,
+{"id": 3273,
"keyword": "finite sound extensions"},
-{"id": 3240,
+{"id": 3274,
"keyword": "parametricity infrastructure"},
-{"id": 3241,
+{"id": 3275,
"keyword": "entry builds"},
-{"id": 3242,
+{"id": 3276,
"keyword": "finding proofs"},
-{"id": 3243,
+{"id": 3277,
"keyword": "eventual consistency property"},
-{"id": 3244,
+{"id": 3278,
"keyword": "step-wise refinement based"},
-{"id": 3245,
+{"id": 3279,
"keyword": "average number"},
-{"id": 3246,
+{"id": 3280,
"keyword": "subject reduction property"},
-{"id": 3247,
+{"id": 3281,
"keyword": "exchanging data sets"},
-{"id": 3248,
+{"id": 3282,
"keyword": "refinement kleene algebra"},
-{"id": 3249,
+{"id": 3283,
"keyword": "coinductive formalisations"},
-{"id": 3250,
+{"id": 3284,
"keyword": "exponential functions"},
-{"id": 3251,
+{"id": 3285,
"keyword": "constructions based"},
-{"id": 3252,
+{"id": 3286,
"keyword": "simple procedure call mechanism"},
-{"id": 3253,
+{"id": 3287,
"keyword": "find operation"},
-{"id": 3254,
+{"id": 3288,
"keyword": "entry strong security"},
-{"id": 3255,
+{"id": 3289,
"keyword": "0-1-2-principle"},
-{"id": 3256,
+{"id": 3290,
"keyword": "associative lists"},
-{"id": 3257,
+{"id": 3291,
"keyword": "state-based semantics based"},
-{"id": 3258,
+{"id": 3292,
"keyword": "hol theory listextras"},
-{"id": 3259,
+{"id": 3293,
"keyword": "code generator setup"},
-{"id": 3260,
+{"id": 3294,
"keyword": "algorithm"},
-{"id": 3261,
+{"id": 3295,
"keyword": "static analysis"},
-{"id": 3262,
+{"id": 3296,
"keyword": "symmetry arguments"},
-{"id": 3263,
+{"id": 3297,
"keyword": "sepref tool"},
-{"id": 3264,
+{"id": 3298,
"keyword": "collection datastructures"},
-{"id": 3265,
+{"id": 3299,
"keyword": "verifying program correctness"},
-{"id": 3266,
+{"id": 3300,
"keyword": "unit propagation"},
-{"id": 3267,
+{"id": 3301,
"keyword": "highly informal"},
-{"id": 3268,
+{"id": 3302,
"keyword": "industrial systems"},
-{"id": 3269,
+{"id": 3303,
"keyword": "work revealed minor"},
-{"id": 3270,
+{"id": 3304,
+"keyword": "smaller fixed fraction returned"},
+{"id": 3305,
"keyword": "inverse transform intt"},
-{"id": 3271,
+{"id": 3306,
"keyword": "annotated commands"},
-{"id": 3272,
+{"id": 3307,
"keyword": "randomized approximation algorithms"},
-{"id": 3273,
+{"id": 3308,
"keyword": "check"},
-{"id": 3274,
+{"id": 3309,
"keyword": "extended version"},
-{"id": 3275,
+{"id": 3310,
"keyword": "monotone predicate"},
-{"id": 3276,
+{"id": 3311,
"keyword": "dom respect component boundaries"},
-{"id": 3277,
+{"id": 3312,
"keyword": "eventual consistency"},
-{"id": 3278,
+{"id": 3313,
"keyword": "hyperdual extensions"},
-{"id": 3279,
+{"id": 3314,
"keyword": "adding definitions"},
-{"id": 3280,
+{"id": 3315,
"keyword": "static single assignment"},
-{"id": 3281,
+{"id": 3316,
"keyword": "security guarantees"},
-{"id": 3282,
+{"id": 3317,
"keyword": "underlying algebra"},
-{"id": 3283,
+{"id": 3318,
"keyword": "unit resolution"},
-{"id": 3284,
+{"id": 3319,
"keyword": "non-adjacent distinct vertices"},
-{"id": 3285,
+{"id": 3320,
"keyword": "large computations"},
-{"id": 3286,
+{"id": 3321,
"keyword": "detailed calculations"},
-{"id": 3287,
+{"id": 3322,
"keyword": "parametrizable equality functions"},
-{"id": 3288,
+{"id": 3323,
"keyword": "formal proof assistant"},
-{"id": 3289,
+{"id": 3324,
"keyword": "sat solver installs"},
-{"id": 3290,
+{"id": 3325,
"keyword": "hf set theory"},
-{"id": 3291,
+{"id": 3326,
"keyword": "counting sort"},
-{"id": 3292,
+{"id": 3327,
"keyword": "mathematical tools"},
-{"id": 3293,
+{"id": 3328,
"keyword": "inversion rules"},
-{"id": 3294,
+{"id": 3329,
"keyword": "calculating cauchy indices"},
-{"id": 3295,
+{"id": 3330,
"keyword": "price determination"},
-{"id": 3296,
+{"id": 3331,
"keyword": "x_1 varepsilon"},
-{"id": 3297,
+{"id": 3332,
"keyword": "univariate polynomial"},
-{"id": 3298,
+{"id": 3333,
"keyword": "executable tool translating ltl"},
-{"id": 3299,
+{"id": 3334,
"keyword": "previous cc formalization constructive_cryptography"},
-{"id": 3300,
+{"id": 3335,
"keyword": "container framework"},
-{"id": 3301,
+{"id": 3336,
"keyword": "order relation"},
-{"id": 3302,
+{"id": 3337,
"keyword": "reflective quantifier elimination procedures"},
-{"id": 3303,
+{"id": 3338,
"keyword": "concrete version"},
-{"id": 3304,
+{"id": 3339,
"keyword": "drinks machine"},
-{"id": 3305,
+{"id": 3340,
"keyword": "security properties"},
-{"id": 3306,
+{"id": 3341,
"keyword": "analytical arguments"},
-{"id": 3307,
+{"id": 3342,
"keyword": "anonymous social choice function"},
-{"id": 3308,
+{"id": 3343,
"keyword": "crowning achievements"},
-{"id": 3309,
+{"id": 3344,
"keyword": "concurrency primitives"},
-{"id": 3310,
+{"id": 3345,
"keyword": "quantum computing"},
-{"id": 3311,
+{"id": 3346,
"keyword": "fixed choice"},
-{"id": 3312,
+{"id": 3347,
"keyword": "graph saturation"},
-{"id": 3313,
+{"id": 3348,
"keyword": "signed diffie-hellman"},
-{"id": 3314,
+{"id": 3349,
"keyword": "characterization theorem"},
-{"id": 3315,
+{"id": 3350,
"keyword": "ground terms induced"},
-{"id": 3316,
+{"id": 3351,
"keyword": "universal properties"},
-{"id": 3317,
+{"id": 3352,
"keyword": "weakest precondition component"},
-{"id": 3318,
+{"id": 3353,
"keyword": "proof theory"},
-{"id": 3319,
+{"id": 3354,
"keyword": "hol code generation facilities"},
-{"id": 3320,
+{"id": 3355,
"keyword": "logarithmic time"},
-{"id": 3321,
+{"id": 3356,
"keyword": "unsolvable system"},
-{"id": 3322,
+{"id": 3357,
"keyword": "handle equality tests"},
-{"id": 3323,
+{"id": 3358,
"keyword": "bad sequences"},
-{"id": 3324,
+{"id": 3359,
"keyword": "bounded number"},
-{"id": 3325,
+{"id": 3360,
"keyword": "model formulas"},
-{"id": 3326,
+{"id": 3361,
"keyword": "minor technical issue"},
-{"id": 3327,
+{"id": 3362,
"keyword": "thomas jech"},
-{"id": 3328,
+{"id": 3363,
"keyword": "expected utility function"},
-{"id": 3329,
+{"id": 3364,
"keyword": "gram-schmidt process"},
-{"id": 3330,
+{"id": 3365,
"keyword": "logically equivalent"},
-{"id": 3331,
+{"id": 3366,
"keyword": "decision problem"},
-{"id": 3332,
+{"id": 3367,
"keyword": "create executable scala code"},
-{"id": 3333,
+{"id": 3368,
"keyword": "specifies compilation"},
-{"id": 3334,
+{"id": 3369,
"keyword": "unbounded sequences"},
-{"id": 3335,
+{"id": 3370,
"keyword": "implies confluence"},
-{"id": 3336,
+{"id": 3371,
"keyword": "unifying theories"},
-{"id": 3337,
+{"id": 3372,
"keyword": "linearly ordered commutative semigroups"},
-{"id": 3338,
+{"id": 3373,
"keyword": "assembly-to-machine step"},
-{"id": 3339,
+{"id": 3374,
"keyword": "called galois fields"},
-{"id": 3340,
+{"id": 3375,
"keyword": "module development"},
-{"id": 3341,
+{"id": 3376,
"keyword": "geometric proof"},
-{"id": 3342,
+{"id": 3377,
"keyword": "mirroring beringer"},
-{"id": 3343,
+{"id": 3378,
"keyword": "autonomous vehicle"},
-{"id": 3344,
+{"id": 3379,
"keyword": "routing table"},
-{"id": 3345,
-"keyword": "standard prelude"},
-{"id": 3346,
-"keyword": "formal correctness proofs"},
-{"id": 3347,
-"keyword": "schneider"},
-{"id": 3348,
-"keyword": "probabilistic timed automata"},
-{"id": 3349,
-"keyword": "finite functions"},
-{"id": 3350,
-"keyword": "reflexive transitive closure operation"},
-{"id": 3351,
-"keyword": "sequential semantics"},
-{"id": 3352,
-"keyword": "countable transitive model"},
-{"id": 3353,
-"keyword": "allowed nominals"},
-{"id": 3354,
-"keyword": "1 javier esparza"},
-{"id": 3355,
-"keyword": "afp entry abstract completeness"},
-{"id": 3356,
-"keyword": "lll algorithm"},
-{"id": 3357,
-"keyword": "proof search procedure"},
-{"id": 3358,
-"keyword": "dynamic class initialization"},
-{"id": 3359,
-"keyword": "colon-separated notation"},
-{"id": 3360,
-"keyword": "factoring polynomials"},
-{"id": 3361,
-"keyword": "machine-checked proofs"},
-{"id": 3362,
-"keyword": "strong eventual consistency"},
-{"id": 3363,
-"keyword": "wilf theorem"},
-{"id": 3364,
-"keyword": "information managed"},
-{"id": 3365,
-"keyword": "skew product"},
-{"id": 3366,
-"keyword": "modern sat solvers"},
-{"id": 3367,
-"keyword": "sqrt sin"},
-{"id": 3368,
-"keyword": "protocol abstracts"},
-{"id": 3369,
-"keyword": "inefficient variant"},
-{"id": 3370,
-"keyword": "ordinary functions"},
-{"id": 3371,
-"keyword": "accompanying algebraic laws"},
-{"id": 3372,
-"keyword": "equivalent characterisations"},
-{"id": 3373,
-"keyword": "algebraic structures based"},
-{"id": 3374,
-"keyword": "pairing heaps"},
-{"id": 3375,
-"keyword": "elementary symmetric polynomials e1"},
-{"id": 3376,
-"keyword": "called separating implication"},
-{"id": 3377,
-"keyword": "removes exception handler entries"},
-{"id": 3378,
-"keyword": "column space"},
-{"id": 3379,
-"keyword": "semantic back-ends"},
{"id": 3380,
-"keyword": "full parametric solution"},
+"keyword": "standard prelude"},
{"id": 3381,
-"keyword": "applied call-by-"},
+"keyword": "formal correctness proofs"},
{"id": 3382,
-"keyword": "free logic"},
+"keyword": "schneider"},
{"id": 3383,
-"keyword": "hadjicostas ndash"},
+"keyword": "probabilistic timed automata"},
{"id": 3384,
-"keyword": "formal text lines"},
+"keyword": "finite functions"},
{"id": 3385,
-"keyword": "predicate transformers"},
+"keyword": "reflexive transitive closure operation"},
{"id": 3386,
-"keyword": "perfect logicians"},
+"keyword": "sequential semantics"},
{"id": 3387,
-"keyword": "removes syntactic sugar"},
+"keyword": "countable transitive model"},
{"id": 3388,
-"keyword": "salomon sickert"},
+"keyword": "allowed nominals"},
{"id": 3389,
-"keyword": "axioms constructed"},
+"keyword": "1 javier esparza"},
{"id": 3390,
-"keyword": "state space"},
+"keyword": "afp entry abstract completeness"},
{"id": 3391,
-"keyword": "akra-bazzi theorem"},
+"keyword": "lll algorithm"},
{"id": 3392,
-"keyword": "fall back"},
+"keyword": "proof search procedure"},
{"id": 3393,
-"keyword": "lyndon-sch tzenberger theorem"},
+"keyword": "dynamic class initialization"},
{"id": 3394,
-"keyword": "binary decision diagram"},
+"keyword": "colon-separated notation"},
{"id": 3395,
-"keyword": "extended real numbers"},
+"keyword": "factoring polynomials"},
{"id": 3396,
+"keyword": "machine-checked proofs"},
+{"id": 3397,
+"keyword": "strong eventual consistency"},
+{"id": 3398,
+"keyword": "wilf theorem"},
+{"id": 3399,
+"keyword": "information managed"},
+{"id": 3400,
+"keyword": "skew product"},
+{"id": 3401,
+"keyword": "modern sat solvers"},
+{"id": 3402,
+"keyword": "sqrt sin"},
+{"id": 3403,
+"keyword": "protocol abstracts"},
+{"id": 3404,
+"keyword": "inefficient variant"},
+{"id": 3405,
+"keyword": "ordinary functions"},
+{"id": 3406,
+"keyword": "accompanying algebraic laws"},
+{"id": 3407,
+"keyword": "equivalent characterisations"},
+{"id": 3408,
+"keyword": "algebraic structures based"},
+{"id": 3409,
+"keyword": "pairing heaps"},
+{"id": 3410,
+"keyword": "elementary symmetric polynomials e1"},
+{"id": 3411,
+"keyword": "called separating implication"},
+{"id": 3412,
+"keyword": "removes exception handler entries"},
+{"id": 3413,
+"keyword": "column space"},
+{"id": 3414,
+"keyword": "semantic back-ends"},
+{"id": 3415,
+"keyword": "full parametric solution"},
+{"id": 3416,
+"keyword": "applied call-by-"},
+{"id": 3417,
+"keyword": "free logic"},
+{"id": 3418,
+"keyword": "hadjicostas ndash"},
+{"id": 3419,
+"keyword": "formal text lines"},
+{"id": 3420,
+"keyword": "predicate transformers"},
+{"id": 3421,
+"keyword": "perfect logicians"},
+{"id": 3422,
+"keyword": "removes syntactic sugar"},
+{"id": 3423,
+"keyword": "salomon sickert"},
+{"id": 3424,
+"keyword": "axioms constructed"},
+{"id": 3425,
+"keyword": "state space"},
+{"id": 3426,
+"keyword": "akra-bazzi theorem"},
+{"id": 3427,
+"keyword": "fall back"},
+{"id": 3428,
+"keyword": "lyndon-sch tzenberger theorem"},
+{"id": 3429,
+"keyword": "binary decision diagram"},
+{"id": 3430,
+"keyword": "extended real numbers"},
+{"id": 3431,
"keyword": "programming applications"},
-{"id": 3397,
+{"id": 3432,
"keyword": "harmonic numbers"},
-{"id": 3398,
+{"id": 3433,
"keyword": "independent publication"},
-{"id": 3399,
+{"id": 3434,
"keyword": "deep learning"},
-{"id": 3400,
+{"id": 3435,
"keyword": "arbitrary infinite proofs"},
-{"id": 3401,
+{"id": 3436,
"keyword": "objects based"},
-{"id": 3402,
+{"id": 3437,
"keyword": "syntactic rewrite rules"},
-{"id": 3403,
+{"id": 3438,
"keyword": "shortest vector problem"},
-{"id": 3404,
+{"id": 3439,
"keyword": "pen-and-paper proof"},
-{"id": 3405,
+{"id": 3440,
"keyword": "controller constraints"},
-{"id": 3406,
+{"id": 3441,
"keyword": "verified compilation toolchain"},
-{"id": 3407,
+{"id": 3442,
"keyword": "search algorithms"},
-{"id": 3408,
+{"id": 3443,
"keyword": "tableau systems"},
-{"id": 3409,
+{"id": 3444,
"keyword": "constant time queue"},
-{"id": 3410,
+{"id": 3445,
"keyword": "performs comparable"},
-{"id": 3411,
+{"id": 3446,
"keyword": "arbitrary length"},
-{"id": 3412,
+{"id": 3447,
"keyword": "lim"},
-{"id": 3413,
+{"id": 3448,
"keyword": "unique factorization domain"},
-{"id": 3414,
+{"id": 3449,
"keyword": "divisor function sigma"},
-{"id": 3415,
+{"id": 3450,
"keyword": "resolvable designs"},
-{"id": 3416,
+{"id": 3451,
"keyword": "verified refinement step"},
-{"id": 3417,
+{"id": 3452,
"keyword": "duggan-schwartz theorems"},
-{"id": 3418,
+{"id": 3453,
"keyword": "greedy algorithms"},
-{"id": 3419,
+{"id": 3454,
"keyword": "irreducible cfgs"},
-{"id": 3420,
+{"id": 3455,
"keyword": "computational models complicates comparisons"},
-{"id": 3421,
+{"id": 3456,
"keyword": "linear"},
-{"id": 3422,
+{"id": 3457,
"keyword": "interval traversing results"},
-{"id": 3423,
+{"id": 3458,
"keyword": "key composition property"},
-{"id": 3424,
+{"id": 3459,
"keyword": "human readable style"},
-{"id": 3425,
+{"id": 3460,
"keyword": "small step program refinement"},
-{"id": 3426,
+{"id": 3461,
"keyword": "foundations established"},
-{"id": 3427,
+{"id": 3462,
"keyword": "pythagorean triples"},
-{"id": 3428,
+{"id": 3463,
"keyword": "linear map"},
-{"id": 3429,
-"keyword": "mathematical book written"},
-{"id": 3430,
-"keyword": "javascript world"},
-{"id": 3431,
-"keyword": "binary multirelations associate elements"},
-{"id": 3432,
-"keyword": "large-scale shared mutable content"},
-{"id": 3433,
-"keyword": "infinite games"},
-{"id": 3434,
-"keyword": "lower-level language based"},
-{"id": 3435,
-"keyword": "appearing numbers"},
-{"id": 3436,
-"keyword": "real matrix"},
-{"id": 3437,
-"keyword": "non-deterministic finite state machine"},
-{"id": 3438,
-"keyword": "infinitary nominal data type"},
-{"id": 3439,
-"keyword": "main result"},
-{"id": 3440,
-"keyword": "positive rationals"},
-{"id": 3441,
-"keyword": "state sigma_a"},
-{"id": 3442,
-"keyword": "security policy"},
-{"id": 3443,
-"keyword": "secure multiple case studies"},
-{"id": 3444,
-"keyword": "cayley-hamilton afp entries"},
-{"id": 3445,
-"keyword": "hoc network"},
-{"id": 3446,
-"keyword": "type classes"},
-{"id": 3447,
-"keyword": "afp entry amortized complexity"},
-{"id": 3448,
-"keyword": "star-free regular expressions"},
-{"id": 3449,
-"keyword": "regular language identity"},
-{"id": 3450,
-"keyword": "cardinality formula assuming"},
-{"id": 3451,
-"keyword": "nodes"},
-{"id": 3452,
-"keyword": "standard semirings"},
-{"id": 3453,
-"keyword": "data state manipulations"},
-{"id": 3454,
-"keyword": "single exponential blow-"},
-{"id": 3455,
-"keyword": "involved path"},
-{"id": 3456,
-"keyword": "executable data structures"},
-{"id": 3457,
-"keyword": "partition theorem states"},
-{"id": 3458,
-"keyword": "riemann zeta"},
-{"id": 3459,
-"keyword": "doctoral thesis"},
-{"id": 3460,
-"keyword": "driving application"},
-{"id": 3461,
-"keyword": "largest power"},
-{"id": 3462,
-"keyword": "verified algorithms"},
-{"id": 3463,
-"keyword": "infer interleaves statements"},
{"id": 3464,
-"keyword": "reversed morphisms"},
+"keyword": "mathematical book written"},
{"id": 3465,
-"keyword": "algebraic framework"},
+"keyword": "javascript world"},
{"id": 3466,
-"keyword": "model systems"},
+"keyword": "binary multirelations associate elements"},
{"id": 3467,
-"keyword": "submission"},
+"keyword": "large-scale shared mutable content"},
{"id": 3468,
-"keyword": "structured proof techniques"},
+"keyword": "infinite games"},
{"id": 3469,
-"keyword": "exponential golomb codes"},
+"keyword": "lower-level language based"},
{"id": 3470,
-"keyword": "document class"},
+"keyword": "appearing numbers"},
{"id": 3471,
-"keyword": "infinite sequence"},
+"keyword": "real matrix"},
{"id": 3472,
-"keyword": "multivariate taylor models"},
+"keyword": "non-deterministic finite state machine"},
{"id": 3473,
-"keyword": "conference interactive theorem proving"},
+"keyword": "infinitary nominal data type"},
{"id": 3474,
-"keyword": "approach produced"},
+"keyword": "main result"},
{"id": 3475,
-"keyword": "financial market"},
+"keyword": "positive rationals"},
{"id": 3476,
-"keyword": "infinite horizon mdps"},
+"keyword": "state sigma_a"},
{"id": 3477,
-"keyword": "system verification"},
+"keyword": "security policy"},
{"id": 3478,
-"keyword": "arithmetic progression"},
+"keyword": "secure multiple case studies"},
{"id": 3479,
-"keyword": "external communication clocking"},
+"keyword": "cayley-hamilton afp entries"},
{"id": 3480,
-"keyword": "transport theorems"},
+"keyword": "hoc network"},
{"id": 3481,
-"keyword": "simply-typed lambda terms"},
+"keyword": "type classes"},
{"id": 3482,
-"keyword": "slightly mars"},
+"keyword": "afp entry amortized complexity"},
{"id": 3483,
-"keyword": "bisimulation equivalence"},
+"keyword": "star-free regular expressions"},
{"id": 3484,
-"keyword": "simplify protocol verification"},
+"keyword": "regular language identity"},
{"id": 3485,
-"keyword": "unverified checkers"},
+"keyword": "cardinality formula assuming"},
{"id": 3486,
-"keyword": "ijcar 2014 publication"},
+"keyword": "nodes"},
{"id": 3487,
-"keyword": "dining philosopher problem"},
+"keyword": "standard semirings"},
{"id": 3488,
-"keyword": "linearly independent"},
+"keyword": "data state manipulations"},
{"id": 3489,
-"keyword": "removing intermediate list structures"},
+"keyword": "single exponential blow-"},
{"id": 3490,
-"keyword": "hand canonical notions"},
+"keyword": "involved path"},
{"id": 3491,
-"keyword": "general sets"},
+"keyword": "executable data structures"},
{"id": 3492,
-"keyword": "afp representation"},
+"keyword": "partition theorem states"},
{"id": 3493,
-"keyword": "symmetric multivariate polynomials"},
+"keyword": "riemann zeta"},
{"id": 3494,
-"keyword": "store buffer forwarding"},
+"keyword": "doctoral thesis"},
{"id": 3495,
-"keyword": "key concepts"},
+"keyword": "driving application"},
{"id": 3496,
-"keyword": "one-time efforts benefit"},
+"keyword": "largest power"},
{"id": 3497,
-"keyword": "polynomial interpretations"},
+"keyword": "verified algorithms"},
{"id": 3498,
-"keyword": "leq alpha"},
+"keyword": "infer interleaves statements"},
{"id": 3499,
-"keyword": "constructing correct programs"},
+"keyword": "reversed morphisms"},
{"id": 3500,
-"keyword": "blackboard pattern"},
+"keyword": "algebraic framework"},
{"id": 3501,
-"keyword": "chagu rand"},
+"keyword": "model systems"},
{"id": 3502,
-"keyword": "version due"},
+"keyword": "submission"},
{"id": 3503,
-"keyword": "symbolic transitions systems"},
+"keyword": "structured proof techniques"},
{"id": 3504,
-"keyword": "differs slightly"},
+"keyword": "exponential golomb codes"},
{"id": 3505,
-"keyword": "fundamental properties"},
+"keyword": "document class"},
{"id": 3506,
-"keyword": "powerful mathematical tools"},
+"keyword": "infinite sequence"},
{"id": 3507,
-"keyword": "proof system"},
+"keyword": "multivariate taylor models"},
{"id": 3508,
-"keyword": "equivalence checker"},
+"keyword": "conference interactive theorem proving"},
{"id": 3509,
-"keyword": "deletion preserve weight-balance"},
+"keyword": "approach produced"},
{"id": 3510,
-"keyword": "sparse relations"},
+"keyword": "financial market"},
{"id": 3511,
-"keyword": "under-approximate hoare logic"},
+"keyword": "infinite horizon mdps"},
{"id": 3512,
-"keyword": "code generation setup"},
+"keyword": "system verification"},
{"id": 3513,
-"keyword": "underlying disambiguation strategy"},
+"keyword": "arithmetic progression"},
{"id": 3514,
-"keyword": "non-negative real-"},
+"keyword": "external communication clocking"},
{"id": 3515,
-"keyword": "opinion"},
+"keyword": "transport theorems"},
{"id": 3516,
-"keyword": "efficient root isolation"},
+"keyword": "simply-typed lambda terms"},
{"id": 3517,
-"keyword": "machine words"},
+"keyword": "slightly mars"},
{"id": 3518,
-"keyword": "class type constructors"},
+"keyword": "bisimulation equivalence"},
{"id": 3519,
-"keyword": "large real-world firewall"},
+"keyword": "simplify protocol verification"},
{"id": 3520,
-"keyword": "equational axiomatisation"},
+"keyword": "unverified checkers"},
{"id": 3521,
-"keyword": "solution obtained"},
+"keyword": "ijcar 2014 publication"},
{"id": 3522,
-"keyword": "document presents"},
+"keyword": "dining philosopher problem"},
{"id": 3523,
-"keyword": "convert ltl formulas"},
+"keyword": "linearly independent"},
{"id": 3524,
-"keyword": "naive union operation"},
+"keyword": "removing intermediate list structures"},
{"id": 3525,
-"keyword": "saturation-based heuristic prover"},
+"keyword": "hand canonical notions"},
{"id": 3526,
-"keyword": "multiple relational databases"},
+"keyword": "general sets"},
{"id": 3527,
-"keyword": "distinct prime factors"},
+"keyword": "afp representation"},
{"id": 3528,
-"keyword": "first-order logic completeness theorem"},
+"keyword": "symmetric multivariate polynomials"},
{"id": 3529,
-"keyword": "imp commands"},
+"keyword": "store buffer forwarding"},
{"id": 3530,
-"keyword": "periodic function"},
+"keyword": "key concepts"},
{"id": 3531,
-"keyword": "design pattern"},
+"keyword": "one-time efforts benefit"},
{"id": 3532,
-"keyword": "obtain efficient code"},
+"keyword": "polynomial interpretations"},
{"id": 3533,
-"keyword": "chi automata"},
+"keyword": "leq alpha"},
{"id": 3534,
-"keyword": "featuring program-level requirements"},
+"keyword": "constructing correct programs"},
{"id": 3535,
-"keyword": "requested computation"},
+"keyword": "blackboard pattern"},
{"id": 3536,
-"keyword": "finite maps"},
+"keyword": "chagu rand"},
{"id": 3537,
-"keyword": "symmetric range"},
+"keyword": "version due"},
{"id": 3538,
-"keyword": "work implements"},
+"keyword": "symbolic transitions systems"},
{"id": 3539,
-"keyword": "analytic continuation"},
+"keyword": "differs slightly"},
{"id": 3540,
-"keyword": "demonic refinement algebra"},
+"keyword": "fundamental properties"},
{"id": 3541,
-"keyword": "list lookup operation"},
+"keyword": "powerful mathematical tools"},
{"id": 3542,
-"keyword": "recursively inseparable"},
+"keyword": "proof system"},
{"id": 3543,
-"keyword": "efficient factorization algorithm"},
+"keyword": "equivalence checker"},
{"id": 3544,
-"keyword": "port proofs"},
+"keyword": "deletion preserve weight-balance"},
{"id": 3545,
-"keyword": "present article"},
+"keyword": "sparse relations"},
{"id": 3546,
-"keyword": "axiom system"},
+"keyword": "under-approximate hoare logic"},
{"id": 3547,
-"keyword": "partial procedure"},
+"keyword": "code generation setup"},
{"id": 3548,
-"keyword": "van der waerden number"},
+"keyword": "underlying disambiguation strategy"},
{"id": 3549,
-"keyword": "abstract file represented"},
+"keyword": "non-negative real-"},
{"id": 3550,
-"keyword": "paper multi-head monitoring"},
+"keyword": "opinion"},
{"id": 3551,
-"keyword": "extract ocaml code"},
+"keyword": "efficient root isolation"},
{"id": 3552,
-"keyword": "linear inqualities"},
+"keyword": "machine words"},
{"id": 3553,
-"keyword": "real-time constraints"},
+"keyword": "class type constructors"},
{"id": 3554,
-"keyword": "equivalence classes"},
+"keyword": "large real-world firewall"},
{"id": 3555,
-"keyword": "probabilistic loop termination"},
+"keyword": "equational axiomatisation"},
{"id": 3556,
-"keyword": "validate termination"},
+"keyword": "solution obtained"},
{"id": 3557,
-"keyword": "large-scale stream processing systems"},
+"keyword": "document presents"},
{"id": 3558,
-"keyword": "functional implementation based"},
+"keyword": "convert ltl formulas"},
{"id": 3559,
-"keyword": "abstract cfg"},
+"keyword": "naive union operation"},
{"id": 3560,
-"keyword": "polymorphic edge type"},
+"keyword": "saturation-based heuristic prover"},
{"id": 3561,
-"keyword": "theories presents"},
+"keyword": "multiple relational databases"},
{"id": 3562,
-"keyword": "rank-nullity theorem generalises"},
+"keyword": "distinct prime factors"},
{"id": 3563,
-"keyword": "major case study"},
+"keyword": "first-order logic completeness theorem"},
{"id": 3564,
-"keyword": "obtain efficient certified algorithms"},
+"keyword": "imp commands"},
{"id": 3565,
+"keyword": "periodic function"},
+{"id": 3566,
+"keyword": "design pattern"},
+{"id": 3567,
+"keyword": "obtain efficient code"},
+{"id": 3568,
+"keyword": "chi automata"},
+{"id": 3569,
+"keyword": "featuring program-level requirements"},
+{"id": 3570,
+"keyword": "requested computation"},
+{"id": 3571,
+"keyword": "finite maps"},
+{"id": 3572,
+"keyword": "symmetric range"},
+{"id": 3573,
+"keyword": "work implements"},
+{"id": 3574,
+"keyword": "analytic continuation"},
+{"id": 3575,
+"keyword": "demonic refinement algebra"},
+{"id": 3576,
+"keyword": "list lookup operation"},
+{"id": 3577,
+"keyword": "recursively inseparable"},
+{"id": 3578,
+"keyword": "efficient factorization algorithm"},
+{"id": 3579,
+"keyword": "port proofs"},
+{"id": 3580,
+"keyword": "present article"},
+{"id": 3581,
+"keyword": "axiom system"},
+{"id": 3582,
+"keyword": "partial procedure"},
+{"id": 3583,
+"keyword": "van der waerden number"},
+{"id": 3584,
+"keyword": "abstract file represented"},
+{"id": 3585,
+"keyword": "paper multi-head monitoring"},
+{"id": 3586,
+"keyword": "extract ocaml code"},
+{"id": 3587,
+"keyword": "linear inqualities"},
+{"id": 3588,
+"keyword": "real-time constraints"},
+{"id": 3589,
+"keyword": "equivalence classes"},
+{"id": 3590,
+"keyword": "probabilistic loop termination"},
+{"id": 3591,
+"keyword": "validate termination"},
+{"id": 3592,
+"keyword": "large-scale stream processing systems"},
+{"id": 3593,
+"keyword": "functional implementation based"},
+{"id": 3594,
+"keyword": "abstract cfg"},
+{"id": 3595,
+"keyword": "polymorphic edge type"},
+{"id": 3596,
+"keyword": "theories presents"},
+{"id": 3597,
+"keyword": "rank-nullity theorem generalises"},
+{"id": 3598,
+"keyword": "major case study"},
+{"id": 3599,
+"keyword": "obtain efficient certified algorithms"},
+{"id": 3600,
"keyword": "complex case"},
-{"id": 3566,
+{"id": 3601,
"keyword": "lei97 alexander leitsch"},
-{"id": 3567,
+{"id": 3602,
"keyword": "existing libraries"},
-{"id": 3568,
+{"id": 3603,
"keyword": "type information"},
-{"id": 3569,
+{"id": 3604,
"keyword": "dprm theorem"},
-{"id": 3570,
+{"id": 3605,
"keyword": "quickstart guide"},
-{"id": 3571,
+{"id": 3606,
"keyword": "simple"},
-{"id": 3572,
+{"id": 3607,
"keyword": "gaussian integer formalisation"},
-{"id": 3573,
+{"id": 3608,
"keyword": "shannon decomposition"},
-{"id": 3574,
+{"id": 3609,
"keyword": "axiom"},
-{"id": 3575,
+{"id": 3610,
"keyword": "abstract specification"},
-{"id": 3576,
+{"id": 3611,
"keyword": "cidr notation"},
-{"id": 3577,
+{"id": 3612,
"keyword": "path lengths"},
-{"id": 3578,
+{"id": 3613,
"keyword": "discounted infinite horizon mdps"},
-{"id": 3579,
+{"id": 3614,
"keyword": "stricter safety guarantess"},
-{"id": 3580,
+{"id": 3615,
"keyword": "similar cegar-"},
-{"id": 3581,
+{"id": 3616,
"keyword": "floyd-warshall algorithm flo62"},
-{"id": 3582,
+{"id": 3617,
"keyword": "infinite form"},
-{"id": 3583,
+{"id": 3618,
"keyword": "inverse transform ifntt"},
-{"id": 3584,
+{"id": 3619,
"keyword": "underlying category"},
-{"id": 3585,
+{"id": 3620,
"keyword": "integers modulo"},
-{"id": 3586,
+{"id": 3621,
"keyword": "isomorphism classes"},
-{"id": 3587,
+{"id": 3622,
"keyword": "laplace transform"},
-{"id": 3588,
+{"id": 3623,
"keyword": "stepwise inductive definition"},
-{"id": 3589,
+{"id": 3624,
"keyword": "hol multivariate analysis"},
-{"id": 3590,
+{"id": 3625,
"keyword": "spectral radius theory"},
-{"id": 3591,
+{"id": 3626,
"keyword": "viterbi algorithm"},
-{"id": 3592,
+{"id": 3627,
"keyword": "directed graph"},
-{"id": 3593,
+{"id": 3628,
"keyword": "correct construction"},
-{"id": 3594,
+{"id": 3629,
"keyword": "yoneda lemma"},
-{"id": 3595,
+{"id": 3630,
"keyword": "kleene algebras endowed"},
-{"id": 3596,
+{"id": 3631,
"keyword": "autoref tool"},
-{"id": 3597,
+{"id": 3632,
"keyword": "simple while-language"},
-{"id": 3598,
+{"id": 3633,
"keyword": "pace authentication key"},
-{"id": 3599,
+{"id": 3634,
"keyword": "herglotz"},
-{"id": 3600,
+{"id": 3635,
"keyword": "relation-algebraic concepts"},
-{"id": 3601,
+{"id": 3636,
"keyword": "periodically adjusting"},
-{"id": 3602,
+{"id": 3637,
"keyword": "hol-multivariate analysis library"},
-{"id": 3603,
+{"id": 3638,
"keyword": "reproduce faithfully"},
-{"id": 3604,
+{"id": 3639,
"keyword": "generic fixed-width words"},
-{"id": 3605,
+{"id": 3640,
"keyword": "counting partial equivalence relations"},
-{"id": 3606,
+{"id": 3641,
"keyword": "additional indeterminate"},
-{"id": 3607,
+{"id": 3642,
"keyword": "message confidentiality"},
-{"id": 3608,
+{"id": 3643,
"keyword": "work comprises proofs"},
-{"id": 3609,
+{"id": 3644,
"keyword": "vandermonde matrices"},
-{"id": 3610,
+{"id": 3645,
"keyword": "original language"},
-{"id": 3611,
+{"id": 3646,
"keyword": "verifies infinite families"},
-{"id": 3612,
+{"id": 3647,
"keyword": "afp entry saturation_framework"},
-{"id": 3613,
+{"id": 3648,
"keyword": "detailed presentation"},
-{"id": 3614,
+{"id": 3649,
"keyword": "executable algorithms based"},
-{"id": 3615,
+{"id": 3650,
"keyword": "art formal verification methods"},
-{"id": 3616,
+{"id": 3651,
"keyword": "automatically executed programs"},
-{"id": 3617,
+{"id": 3652,
"keyword": "verified monitor implements"},
-{"id": 3618,
+{"id": 3653,
"keyword": "security expressed"},
-{"id": 3619,
+{"id": 3654,
"keyword": "subsystems involves causality"},
-{"id": 3620,
+{"id": 3655,
"keyword": "byte-level little-endian memory model"},
-{"id": 3621,
+{"id": 3656,
"keyword": "tail-recursive generalization"},
-{"id": 3622,
+{"id": 3657,
"keyword": "automatic differentiation"},
-{"id": 3623,
+{"id": 3658,
"keyword": "paper compositional verification"},
-{"id": 3624,
+{"id": 3659,
"keyword": "set monad notation"},
-{"id": 3625,
+{"id": 3660,
"keyword": "georgia notes"},
-{"id": 3626,
+{"id": 3661,
"keyword": "plas 2009 paper"},
-{"id": 3627,
+{"id": 3662,
"keyword": "intransitive noninterference policy"},
-{"id": 3628,
+{"id": 3663,
"keyword": "interactive convergence algorithm"},
-{"id": 3629,
+{"id": 3664,
"keyword": "provably demonstrate"},
-{"id": 3630,
+{"id": 3665,
"keyword": "forward differentiation"},
-{"id": 3631,
+{"id": 3666,
"keyword": "automatic methods"},
-{"id": 3632,
+{"id": 3667,
"keyword": "classical dpll procedure"},
-{"id": 3633,
+{"id": 3668,
"keyword": "lifting"},
-{"id": 3634,
+{"id": 3669,
"keyword": "lehmer"},
-{"id": 3635,
+{"id": 3670,
"keyword": "electronic proceedings"},
-{"id": 3636,
+{"id": 3671,
"keyword": "inventors vickrey"},
-{"id": 3637,
+{"id": 3672,
"keyword": "one-complete computably enumerable set"},
-{"id": 3638,
+{"id": 3673,
"keyword": "conway semirings extended"},
-{"id": 3639,
+{"id": 3674,
"keyword": "pseudonymous identifiers output"},
-{"id": 3640,
+{"id": 3675,
"keyword": "unverified translation"},
-{"id": 3641,
+{"id": 3676,
"keyword": "recently proposed framework"},
-{"id": 3642,
+{"id": 3677,
"keyword": "marriage theorem"},
-{"id": 3643,
+{"id": 3678,
"keyword": "modern day politics"},
-{"id": 3644,
+{"id": 3679,
"keyword": "abstract reasoning"},
-{"id": 3645,
+{"id": 3680,
"keyword": "adjunctions"},
-{"id": 3646,
+{"id": 3681,
"keyword": "solomon feferman"},
-{"id": 3647,
+{"id": 3682,
"keyword": "babylonian method"},
-{"id": 3648,
+{"id": 3683,
"keyword": "phd thesis"},
-{"id": 3649,
+{"id": 3684,
"keyword": "formal analysis"},
-{"id": 3650,
+{"id": 3685,
"keyword": "implemented multi-"},
-{"id": 3651,
+{"id": 3686,
"keyword": "proposes axiom systems"},
-{"id": 3652,
+{"id": 3687,
"keyword": "called hol-csp 1"},
-{"id": 3653,
+{"id": 3688,
"keyword": "explicit bottom element"},
-{"id": 3654,
+{"id": 3689,
"keyword": "vandermonde identity"},
-{"id": 3655,
+{"id": 3690,
"keyword": "infinite type"},
-{"id": 3656,
+{"id": 3691,
"keyword": "ergodic theory"},
-{"id": 3657,
+{"id": 3692,
"keyword": "change history"},
-{"id": 3658,
+{"id": 3693,
"keyword": "establishing strong eventual consistency"},
-{"id": 3659,
+{"id": 3694,
"keyword": "two-element security lattice"},
-{"id": 3660,
+{"id": 3695,
"keyword": "abstract proof"},
-{"id": 3661,
+{"id": 3696,
"keyword": "standard real cartesian model"},
-{"id": 3662,
+{"id": 3697,
"keyword": "holcf extension"},
-{"id": 3663,
+{"id": 3698,
"keyword": "development relies"},
-{"id": 3664,
+{"id": 3699,
"keyword": "basic identities"},
-{"id": 3665,
+{"id": 3700,
"keyword": "periodic bernoulli polynomials"},
-{"id": 3666,
+{"id": 3701,
"keyword": "protocols sharing common structure"},
-{"id": 3667,
+{"id": 3702,
"keyword": "attack tree validity"},
-{"id": 3668,
+{"id": 3703,
"keyword": "generic dfs algorithm framework"},
-{"id": 3669,
+{"id": 3704,
"keyword": "many-sorted problem"},
-{"id": 3670,
+{"id": 3705,
"keyword": "smallest number n_"},
-{"id": 3671,
+{"id": 3706,
"keyword": "laurent expansion"},
-{"id": 3672,
+{"id": 3707,
"keyword": "supports low-effort security proofs"},
-{"id": 3673,
+{"id": 3708,
"keyword": "natural homomorphism"},
-{"id": 3674,
+{"id": 3709,
"keyword": "potential applications"},
-{"id": 3675,
+{"id": 3710,
"keyword": "entire polynomial ring"},
-{"id": 3676,
+{"id": 3711,
"keyword": "differential dynamic logic"},
-{"id": 3677,
+{"id": 3712,
"keyword": "wpo subsumes kbo"},
-{"id": 3678,
+{"id": 3713,
"keyword": "top 100 mathematical theorems"},
-{"id": 3679,
+{"id": 3714,
"keyword": "beukers"},
-{"id": 3680,
+{"id": 3715,
"keyword": "first-order logic"},
-{"id": 3681,
+{"id": 3716,
"keyword": "canton protocol"},
-{"id": 3682,
-"keyword": "linear temporal logic"},
-{"id": 3683,
-"keyword": "newton puiseux theorem"},
-{"id": 3684,
-"keyword": "safely composable web components"},
-{"id": 3685,
-"keyword": "function"},
-{"id": 3686,
-"keyword": "canonical isomorphism"},
-{"id": 3687,
-"keyword": "grounding sets"},
-{"id": 3688,
-"keyword": "characteristic polynomials"},
-{"id": 3689,
-"keyword": "fibonacci numbers"},
-{"id": 3690,
-"keyword": "control-flow graphs"},
-{"id": 3691,
-"keyword": "public key cryptography"},
-{"id": 3692,
-"keyword": "leading coefficient"},
-{"id": 3693,
-"keyword": "denotational semantics"},
-{"id": 3694,
-"keyword": "utilizing modern proof assistants"},
-{"id": 3695,
-"keyword": "integral domains"},
-{"id": 3696,
-"keyword": "generalized sylvester matrices"},
-{"id": 3697,
-"keyword": "case statements"},
-{"id": 3698,
-"keyword": "arbitrary size"},
-{"id": 3699,
-"keyword": "concurrent systems"},
-{"id": 3700,
-"keyword": "greatly reducing"},
-{"id": 3701,
-"keyword": "matching"},
-{"id": 3702,
-"keyword": "event shared"},
-{"id": 3703,
-"keyword": "distributed ledgers"},
-{"id": 3704,
-"keyword": "john bruntse larsen"},
-{"id": 3705,
-"keyword": "gauss-jordan algorithm"},
-{"id": 3706,
-"keyword": "existing tools"},
-{"id": 3707,
-"keyword": "accompanying paper"},
-{"id": 3708,
-"keyword": "developing methods"},
-{"id": 3709,
-"keyword": "edmonds theorem"},
-{"id": 3710,
-"keyword": "basic result"},
-{"id": 3711,
-"keyword": "program dependence graphs"},
-{"id": 3712,
-"keyword": "reference point"},
-{"id": 3713,
-"keyword": "unwinding theorem"},
-{"id": 3714,
-"keyword": "class-preserving learning"},
-{"id": 3715,
-"keyword": "natural deduction proof calculus"},
-{"id": 3716,
-"keyword": "latest version"},
{"id": 3717,
-"keyword": "compiler technology"},
+"keyword": "linear temporal logic"},
{"id": 3718,
-"keyword": "monoidal functor"},
+"keyword": "newton puiseux theorem"},
{"id": 3719,
-"keyword": "bst"},
+"keyword": "safely composable web components"},
{"id": 3720,
-"keyword": "greatest fixpoints"},
+"keyword": "function"},
{"id": 3721,
-"keyword": "cover records"},
+"keyword": "canonical isomorphism"},
{"id": 3722,
-"keyword": "entire prover"},
+"keyword": "grounding sets"},
{"id": 3723,
-"keyword": "quantum registers"},
+"keyword": "characteristic polynomials"},
{"id": 3724,
-"keyword": "security properties turn"},
+"keyword": "fibonacci numbers"},
{"id": 3725,
-"keyword": "locale assumptions correspond"},
+"keyword": "control-flow graphs"},
{"id": 3726,
-"keyword": "monotonic predicate transformers"},
+"keyword": "closed starting"},
{"id": 3727,
-"keyword": "exponential reconstruction phase"},
+"keyword": "public key cryptography"},
{"id": 3728,
-"keyword": "monad transformers"},
+"keyword": "leading coefficient"},
{"id": 3729,
-"keyword": "process invariant"},
+"keyword": "denotational semantics"},
{"id": 3730,
-"keyword": "original algorithm presented"},
+"keyword": "utilizing modern proof assistants"},
{"id": 3731,
-"keyword": "count distinct real roots"},
+"keyword": "integral domains"},
{"id": 3732,
-"keyword": "standard verification technology"},
+"keyword": "generalized sylvester matrices"},
{"id": 3733,
+"keyword": "case statements"},
+{"id": 3734,
+"keyword": "arbitrary size"},
+{"id": 3735,
+"keyword": "concurrent systems"},
+{"id": 3736,
+"keyword": "greatly reducing"},
+{"id": 3737,
+"keyword": "matching"},
+{"id": 3738,
+"keyword": "event shared"},
+{"id": 3739,
+"keyword": "distributed ledgers"},
+{"id": 3740,
+"keyword": "john bruntse larsen"},
+{"id": 3741,
+"keyword": "gauss-jordan algorithm"},
+{"id": 3742,
+"keyword": "existing tools"},
+{"id": 3743,
+"keyword": "accompanying paper"},
+{"id": 3744,
+"keyword": "developing methods"},
+{"id": 3745,
+"keyword": "edmonds theorem"},
+{"id": 3746,
+"keyword": "basic result"},
+{"id": 3747,
+"keyword": "program dependence graphs"},
+{"id": 3748,
+"keyword": "reference point"},
+{"id": 3749,
+"keyword": "unwinding theorem"},
+{"id": 3750,
+"keyword": "class-preserving learning"},
+{"id": 3751,
+"keyword": "natural deduction proof calculus"},
+{"id": 3752,
+"keyword": "latest version"},
+{"id": 3753,
+"keyword": "compiler technology"},
+{"id": 3754,
+"keyword": "monoidal functor"},
+{"id": 3755,
+"keyword": "bst"},
+{"id": 3756,
+"keyword": "greatest fixpoints"},
+{"id": 3757,
+"keyword": "cover records"},
+{"id": 3758,
+"keyword": "entire prover"},
+{"id": 3759,
+"keyword": "quantum registers"},
+{"id": 3760,
+"keyword": "security properties turn"},
+{"id": 3761,
+"keyword": "locale assumptions correspond"},
+{"id": 3762,
+"keyword": "monotonic predicate transformers"},
+{"id": 3763,
+"keyword": "exponential reconstruction phase"},
+{"id": 3764,
+"keyword": "monad transformers"},
+{"id": 3765,
+"keyword": "process invariant"},
+{"id": 3766,
+"keyword": "original algorithm presented"},
+{"id": 3767,
+"keyword": "count distinct real roots"},
+{"id": 3768,
+"keyword": "standard verification technology"},
+{"id": 3769,
"keyword": "frobenius reciprocity"},
-{"id": 3734,
+{"id": 3770,
"keyword": "static intraprocedural slicing"},
-{"id": 3735,
+{"id": 3771,
"keyword": "de bruijn indices"},
-{"id": 3736,
+{"id": 3772,
"keyword": "real closed field"},
-{"id": 3737,
+{"id": 3773,
"keyword": "compare encodability criteria"},
-{"id": 3738,
+{"id": 3774,
"keyword": "final theorem statement"},
-{"id": 3739,
+{"id": 3775,
"keyword": "timing information"},
-{"id": 3740,
+{"id": 3776,
"keyword": "high-level security goals"},
-{"id": 3741,
+{"id": 3777,
"keyword": "pop-refinement enables"},
-{"id": 3742,
+{"id": 3778,
"keyword": "sylow theorem"},
-{"id": 3743,
+{"id": 3779,
"keyword": "abstract type"},
-{"id": 3744,
+{"id": 3780,
"keyword": "ipv6 address space"},
-{"id": 3745,
+{"id": 3781,
"keyword": "solver based"},
-{"id": 3746,
+{"id": 3782,
"keyword": "resulting set"},
-{"id": 3747,
+{"id": 3783,
"keyword": "sheldon axler"},
-{"id": 3748,
+{"id": 3784,
"keyword": "nominal datatype package"},
-{"id": 3749,
+{"id": 3785,
"keyword": "gaussian integers"},
-{"id": 3750,
+{"id": 3786,
"keyword": "paper"},
-{"id": 3751,
+{"id": 3787,
"keyword": "information observed"},
-{"id": 3752,
+{"id": 3788,
"keyword": "tim gowers"},
-{"id": 3753,
+{"id": 3789,
"keyword": "radical coordinates"},
-{"id": 3754,
+{"id": 3790,
"keyword": "existing proof"},
-{"id": 3755,
+{"id": 3791,
"keyword": "landmark information flow property"},
-{"id": 3756,
+{"id": 3792,
"keyword": "afp entry category theory"},
-{"id": 3757,
+{"id": 3793,
"keyword": "cambridge university press"},
-{"id": 3758,
+{"id": 3794,
"keyword": "classical noninterference security"},
-{"id": 3759,
+{"id": 3795,
"keyword": "advanced set-theoretic concepts"},
-{"id": 3760,
+{"id": 3796,
"keyword": "concurrent kleene algebra"},
-{"id": 3761,
+{"id": 3797,
"keyword": "nigsberg bridge problem"},
-{"id": 3762,
+{"id": 3798,
"keyword": "algebraic numbers"},
-{"id": 3763,
+{"id": 3799,
"keyword": "formal semantics designed"},
-{"id": 3764,
+{"id": 3800,
"keyword": "planetmath article"},
-{"id": 3765,
-"keyword": "call-by-"},
-{"id": 3766,
-"keyword": "linearised looplessly"},
-{"id": 3767,
-"keyword": "dependency graph approximations"},
-{"id": 3768,
-"keyword": "adam smith"},
-{"id": 3769,
-"keyword": "basic geometric facts"},
-{"id": 3770,
-"keyword": "processor maintains"},
-{"id": 3771,
-"keyword": "yufei zhao"},
-{"id": 3772,
-"keyword": "abstract functions modelled directly"},
-{"id": 3773,
-"keyword": "compiled code execution"},
-{"id": 3774,
-"keyword": "derive proof rules"},
-{"id": 3775,
-"keyword": "ordinary transition systems"},
-{"id": 3776,
-"keyword": "generating function proof"},
-{"id": 3777,
-"keyword": "equational axioms"},
-{"id": 3778,
-"keyword": "entry lies"},
-{"id": 3779,
-"keyword": "basic setting"},
-{"id": 3780,
-"keyword": "systematic development"},
-{"id": 3781,
-"keyword": "primitive recursive function"},
-{"id": 3782,
-"keyword": "continuous linear operators"},
-{"id": 3783,
-"keyword": "linux-based firewall"},
-{"id": 3784,
-"keyword": "clock synchronization"},
-{"id": 3785,
-"keyword": "ocl standard targeting"},
-{"id": 3786,
-"keyword": "coprime polynomials"},
-{"id": 3787,
-"keyword": "high-level view"},
-{"id": 3788,
-"keyword": "architectural design patterns"},
-{"id": 3789,
-"keyword": "computing dominators due"},
-{"id": 3790,
-"keyword": "generalised binomial coefficients"},
-{"id": 3791,
-"keyword": "beth hintikka-style completeness proofs"},
-{"id": 3792,
-"keyword": "transfinite induction"},
-{"id": 3793,
-"keyword": "linear independence"},
-{"id": 3794,
-"keyword": "work presents"},
-{"id": 3795,
-"keyword": "simple relation-algebraic semantics"},
-{"id": 3796,
-"keyword": "real-word firewall errors"},
-{"id": 3797,
-"keyword": "static intraprocedural slicing based"},
-{"id": 3798,
-"keyword": "circus language"},
-{"id": 3799,
-"keyword": "book proof theory"},
-{"id": 3800,
-"keyword": "main results verified"},
{"id": 3801,
-"keyword": "volume greater"},
+"keyword": "call-by-"},
{"id": 3802,
-"keyword": "finite limits"},
+"keyword": "linearised looplessly"},
{"id": 3803,
-"keyword": "axiomatic definition"},
+"keyword": "dependency graph approximations"},
{"id": 3804,
-"keyword": "comparison-based sorting algorithm"},
+"keyword": "adam smith"},
{"id": 3805,
-"keyword": "extensions written"},
+"keyword": "basic geometric facts"},
{"id": 3806,
-"keyword": "arbitrary linear order"},
+"keyword": "processor maintains"},
{"id": 3807,
-"keyword": "axiomatic framework"},
+"keyword": "yufei zhao"},
{"id": 3808,
-"keyword": "minimal complete sets"},
+"keyword": "abstract functions modelled directly"},
{"id": 3809,
-"keyword": "abstract syntax tree generated"},
+"keyword": "compiled code execution"},
{"id": 3810,
-"keyword": "formulas"},
+"keyword": "derive proof rules"},
{"id": 3811,
-"keyword": "classes simply"},
+"keyword": "ordinary transition systems"},
{"id": 3812,
-"keyword": "introductory sections"},
+"keyword": "generating function proof"},
{"id": 3813,
-"keyword": "logging-dependent message anonymity"},
+"keyword": "equational axioms"},
{"id": 3814,
-"keyword": "traversing sets"},
+"keyword": "entry lies"},
{"id": 3815,
-"keyword": "high-school student"},
+"keyword": "basic setting"},
{"id": 3816,
-"keyword": "factoring square-free integer polynomials"},
+"keyword": "systematic development"},
{"id": 3817,
-"keyword": "linear bound argument"},
+"keyword": "primitive recursive function"},
{"id": 3818,
-"keyword": "extreme simplicity"},
+"keyword": "continuous linear operators"},
{"id": 3819,
-"keyword": "frobenius theorem based"},
+"keyword": "linux-based firewall"},
{"id": 3820,
-"keyword": "mentioned logics"},
+"keyword": "clock synchronization"},
{"id": 3821,
-"keyword": "single variable ranging"},
+"keyword": "ocl standard targeting"},
{"id": 3822,
-"keyword": "optimal binary search trees"},
+"keyword": "coprime polynomials"},
{"id": 3823,
-"keyword": "incremental verification"},
+"keyword": "high-level view"},
{"id": 3824,
-"keyword": "articles ai-communications aic764"},
+"keyword": "architectural design patterns"},
{"id": 3825,
-"keyword": "1 infty"},
+"keyword": "computing dominators due"},
{"id": 3826,
-"keyword": "infinite key range"},
+"keyword": "generalised binomial coefficients"},
{"id": 3827,
-"keyword": "elementary methods"},
+"keyword": "beth hintikka-style completeness proofs"},
{"id": 3828,
-"keyword": "larger rings"},
+"keyword": "transfinite induction"},
{"id": 3829,
-"keyword": "infinite paths"},
+"keyword": "linear independence"},
{"id": 3830,
-"keyword": "virtual methods"},
+"keyword": "work presents"},
{"id": 3831,
-"keyword": "tail-recursive function definitions"},
+"keyword": "simple relation-algebraic semantics"},
{"id": 3832,
-"keyword": "hierarchical automaton"},
+"keyword": "real-word firewall errors"},
{"id": 3833,
-"keyword": "cantor normal form"},
+"keyword": "static intraprocedural slicing based"},
{"id": 3834,
-"keyword": "modeling real-time systems"},
+"keyword": "circus language"},
{"id": 3835,
-"keyword": "hol users"},
+"keyword": "book proof theory"},
{"id": 3836,
-"keyword": "distinct layers"},
+"keyword": "main results verified"},
{"id": 3837,
-"keyword": "knuth ndash"},
+"keyword": "volume greater"},
{"id": 3838,
-"keyword": "recursion theory --- definitions"},
+"keyword": "finite limits"},
{"id": 3839,
-"keyword": "general framework"},
+"keyword": "axiomatic definition"},
{"id": 3840,
-"keyword": "modern web browser"},
+"keyword": "comparison-based sorting algorithm"},
{"id": 3841,
-"keyword": "hol light formalisation"},
+"keyword": "extensions written"},
{"id": 3842,
-"keyword": "complete lattices"},
+"keyword": "arbitrary linear order"},
{"id": 3843,
-"keyword": "original theorem statement"},
+"keyword": "axiomatic framework"},
{"id": 3844,
-"keyword": "requirements"},
+"keyword": "minimal complete sets"},
{"id": 3845,
-"keyword": "turing reducibility"},
+"keyword": "abstract syntax tree generated"},
{"id": 3846,
-"keyword": "randomly generated inputs"},
+"keyword": "formulas"},
{"id": 3847,
-"keyword": "convolution theorem thereon"},
+"keyword": "classes simply"},
{"id": 3848,
-"keyword": "topological boolean algebras"},
+"keyword": "introductory sections"},
{"id": 3849,
-"keyword": "coinductive entry"},
+"keyword": "logging-dependent message anonymity"},
{"id": 3850,
-"keyword": "range search algorithm"},
+"keyword": "traversing sets"},
{"id": 3851,
-"keyword": "code generator maps"},
+"keyword": "high-school student"},
{"id": 3852,
-"keyword": "circus environment supports"},
+"keyword": "factoring square-free integer polynomials"},
{"id": 3853,
-"keyword": "additional notions"},
+"keyword": "linear bound argument"},
{"id": 3854,
-"keyword": "graph regularity"},
+"keyword": "extreme simplicity"},
{"id": 3855,
-"keyword": "problem arithmetic progressions"},
+"keyword": "frobenius theorem based"},
{"id": 3856,
-"keyword": "security requirements expressed"},
+"keyword": "mentioned logics"},
{"id": 3857,
-"keyword": "many-sorted first-order logic"},
+"keyword": "single variable ranging"},
{"id": 3858,
-"keyword": "formal cryptographic protocol verification"},
+"keyword": "optimal binary search trees"},
{"id": 3859,
-"keyword": "easily justified"},
+"keyword": "incremental verification"},
{"id": 3860,
-"keyword": "parallel postulates"},
+"keyword": "articles ai-communications aic764"},
{"id": 3861,
-"keyword": "spanning basic algorithms"},
+"keyword": "1 infty"},
{"id": 3862,
-"keyword": "compilation target"},
+"keyword": "infinite key range"},
{"id": 3863,
-"keyword": "authenticated data structures"},
+"keyword": "elementary methods"},
{"id": 3864,
-"keyword": "features exceptions"},
+"keyword": "larger rings"},
{"id": 3865,
-"keyword": "ordinal alpha"},
+"keyword": "infinite paths"},
{"id": 3866,
-"keyword": "ltl properties"},
+"keyword": "virtual methods"},
{"id": 3867,
-"keyword": "theory change"},
+"keyword": "tail-recursive function definitions"},
{"id": 3868,
-"keyword": "exhibit awkward interleaving"},
+"keyword": "hierarchical automaton"},
{"id": 3869,
-"keyword": "mentioned algorithms"},
+"keyword": "cantor normal form"},
{"id": 3870,
+"keyword": "modeling real-time systems"},
+{"id": 3871,
+"keyword": "hol users"},
+{"id": 3872,
+"keyword": "distinct layers"},
+{"id": 3873,
+"keyword": "knuth ndash"},
+{"id": 3874,
+"keyword": "recursion theory --- definitions"},
+{"id": 3875,
+"keyword": "general framework"},
+{"id": 3876,
+"keyword": "modern web browser"},
+{"id": 3877,
+"keyword": "hol light formalisation"},
+{"id": 3878,
+"keyword": "complete lattices"},
+{"id": 3879,
+"keyword": "original theorem statement"},
+{"id": 3880,
+"keyword": "requirements"},
+{"id": 3881,
+"keyword": "turing reducibility"},
+{"id": 3882,
+"keyword": "randomly generated inputs"},
+{"id": 3883,
+"keyword": "convolution theorem thereon"},
+{"id": 3884,
+"keyword": "topological boolean algebras"},
+{"id": 3885,
+"keyword": "coinductive entry"},
+{"id": 3886,
+"keyword": "range search algorithm"},
+{"id": 3887,
+"keyword": "code generator maps"},
+{"id": 3888,
+"keyword": "circus environment supports"},
+{"id": 3889,
+"keyword": "additional notions"},
+{"id": 3890,
+"keyword": "graph regularity"},
+{"id": 3891,
+"keyword": "problem arithmetic progressions"},
+{"id": 3892,
+"keyword": "security requirements expressed"},
+{"id": 3893,
+"keyword": "many-sorted first-order logic"},
+{"id": 3894,
+"keyword": "formal cryptographic protocol verification"},
+{"id": 3895,
+"keyword": "easily justified"},
+{"id": 3896,
+"keyword": "parallel postulates"},
+{"id": 3897,
+"keyword": "spanning basic algorithms"},
+{"id": 3898,
+"keyword": "compilation target"},
+{"id": 3899,
+"keyword": "authenticated data structures"},
+{"id": 3900,
+"keyword": "features exceptions"},
+{"id": 3901,
+"keyword": "ordinal alpha"},
+{"id": 3902,
+"keyword": "ltl properties"},
+{"id": 3903,
+"keyword": "theory change"},
+{"id": 3904,
+"keyword": "exhibit awkward interleaving"},
+{"id": 3905,
+"keyword": "mentioned algorithms"},
+{"id": 3906,
"keyword": "knight visits"},
-{"id": 3871,
+{"id": 3907,
"keyword": "splay heaps"},
-{"id": 3872,
+{"id": 3908,
"keyword": "disconnected graph"},
-{"id": 3873,
+{"id": 3909,
"keyword": "important models"},
-{"id": 3874,
+{"id": 3910,
"keyword": "proving progress"},
-{"id": 3875,
+{"id": 3911,
"keyword": "elementary divisor rings"},
-{"id": 3876,
+{"id": 3912,
"keyword": "unchanged results"},
-{"id": 3877,
+{"id": 3913,
"keyword": "non-negative reals a_1"},
-{"id": 3878,
+{"id": 3914,
"keyword": "weighted arithmetic geometric"},
-{"id": 3879,
+{"id": 3915,
"keyword": "languages generated"},
-{"id": 3880,
+{"id": 3916,
"keyword": "perfect square"},
-{"id": 3881,
+{"id": 3917,
"keyword": "random experiment"},
-{"id": 3882,
+{"id": 3918,
"keyword": "hol logic system"},
-{"id": 3883,
+{"id": 3919,
"keyword": "default setup"},
-{"id": 3884,
+{"id": 3920,
"keyword": "complex random system"},
-{"id": 3885,
+{"id": 3921,
"keyword": "imperative hol"},
-{"id": 3886,
+{"id": 3922,
"keyword": "nearest neighbor algorithm"},
-{"id": 3887,
+{"id": 3923,
"keyword": "edge labels"},
-{"id": 3888,
+{"id": 3924,
"keyword": "verification condition generator"},
-{"id": 3889,
+{"id": 3925,
"keyword": "joachim breitner"},
-{"id": 3890,
+{"id": 3926,
"keyword": "inline caching optimization"},
-{"id": 3891,
-"keyword": "algebraic"},
-{"id": 3892,
-"keyword": "unique factorization domain form"},
-{"id": 3893,
-"keyword": "bracket polynomial"},
-{"id": 3894,
-"keyword": "constructive proof"},
-{"id": 3895,
-"keyword": "object-oriented programming"},
-{"id": 3896,
-"keyword": "conditional transfer rules"},
-{"id": 3897,
-"keyword": "functional type theory"},
-{"id": 3898,
-"keyword": "interesting data structure"},
-{"id": 3899,
-"keyword": "arbitrary banach space"},
-{"id": 3900,
-"keyword": "zfc set theory"},
-{"id": 3901,
-"keyword": "quality criteria"},
-{"id": 3902,
-"keyword": "deeply integrated"},
-{"id": 3903,
-"keyword": "stream processing components"},
-{"id": 3904,
-"keyword": "strong security"},
-{"id": 3905,
-"keyword": "competitive analysis"},
-{"id": 3906,
-"keyword": "correct verification tools"},
-{"id": 3907,
-"keyword": "sample authentication protocol"},
-{"id": 3908,
-"keyword": "finite lists"},
-{"id": 3909,
-"keyword": "axioms proposed"},
-{"id": 3910,
-"keyword": "ltl model checker"},
-{"id": 3911,
-"keyword": "shared resources"},
-{"id": 3912,
-"keyword": "accompanying induction invariant rules"},
-{"id": 3913,
-"keyword": "program logic"},
-{"id": 3914,
-"keyword": "certified programs"},
-{"id": 3915,
-"keyword": "itp 2015 publication"},
-{"id": 3916,
-"keyword": "set category locale"},
-{"id": 3917,
-"keyword": "code generation support"},
-{"id": 3918,
-"keyword": "subset relation"},
-{"id": 3919,
-"keyword": "quantalic structure"},
-{"id": 3920,
-"keyword": "completeness conditions"},
-{"id": 3921,
-"keyword": "security invariant theory"},
-{"id": 3922,
-"keyword": "polynomial-time basis reduction algorithm"},
-{"id": 3923,
-"keyword": "search path"},
-{"id": 3924,
-"keyword": "main topics"},
-{"id": 3925,
-"keyword": "direct subsumption relation"},
-{"id": 3926,
-"keyword": "minkowski inequalities"},
{"id": 3927,
-"keyword": "generic join algorithm"},
+"keyword": "algebraic"},
{"id": 3928,
-"keyword": "generalised binary modalities"},
+"keyword": "unique factorization domain form"},
{"id": 3929,
-"keyword": "efficient imperative implementations"},
+"keyword": "bracket polynomial"},
{"id": 3930,
-"keyword": "sequent calculus prover"},
+"keyword": "constructive proof"},
{"id": 3931,
-"keyword": "relativized general knowledge"},
+"keyword": "object-oriented programming"},
{"id": 3932,
-"keyword": "framed links closely linked"},
+"keyword": "conditional transfer rules"},
{"id": 3933,
-"keyword": "high-level proofs"},
+"keyword": "functional type theory"},
{"id": 3934,
-"keyword": "universally quantified uninterpreted terms"},
+"keyword": "interesting data structure"},
{"id": 3935,
-"keyword": "morse lemma asserting"},
+"keyword": "arbitrary banach space"},
{"id": 3936,
-"keyword": "test-generation techniques"},
+"keyword": "zfc set theory"},
{"id": 3937,
-"keyword": "approach decomposes ltl formulas"},
+"keyword": "quality criteria"},
{"id": 3938,
-"keyword": "data refinement"},
+"keyword": "deeply integrated"},
{"id": 3939,
-"keyword": "data plane"},
+"keyword": "stream processing components"},
{"id": 3940,
-"keyword": "collaborative text editing"},
+"keyword": "strong security"},
{"id": 3941,
-"keyword": "main advantage"},
+"keyword": "competitive analysis"},
{"id": 3942,
-"keyword": "proof"},
+"keyword": "correct verification tools"},
{"id": 3943,
-"keyword": "functions thetasym"},
+"keyword": "sample authentication protocol"},
{"id": 3944,
-"keyword": "equivalence relation"},
+"keyword": "finite lists"},
{"id": 3945,
-"keyword": "flexray communication protocol"},
+"keyword": "axioms proposed"},
{"id": 3946,
-"keyword": "algebraic proof"},
+"keyword": "ltl model checker"},
{"id": 3947,
-"keyword": "alternative definition"},
+"keyword": "shared resources"},
{"id": 3948,
-"keyword": "similar proof"},
+"keyword": "accompanying induction invariant rules"},
{"id": 3949,
-"keyword": "protocols supported"},
+"keyword": "program logic"},
{"id": 3950,
-"keyword": "efficient union-find data structure"},
+"keyword": "certified programs"},
{"id": 3951,
-"keyword": "pairwise commuting hermitian matrices"},
+"keyword": "itp 2015 publication"},
{"id": 3952,
-"keyword": "dom api"},
+"keyword": "set category locale"},
{"id": 3953,
-"keyword": "adding knuth"},
+"keyword": "code generation support"},
{"id": 3954,
+"keyword": "subset relation"},
+{"id": 3955,
+"keyword": "quantalic structure"},
+{"id": 3956,
+"keyword": "completeness conditions"},
+{"id": 3957,
+"keyword": "security invariant theory"},
+{"id": 3958,
+"keyword": "polynomial-time basis reduction algorithm"},
+{"id": 3959,
+"keyword": "search path"},
+{"id": 3960,
+"keyword": "main topics"},
+{"id": 3961,
+"keyword": "direct subsumption relation"},
+{"id": 3962,
+"keyword": "minkowski inequalities"},
+{"id": 3963,
+"keyword": "generic join algorithm"},
+{"id": 3964,
+"keyword": "generalised binary modalities"},
+{"id": 3965,
+"keyword": "efficient imperative implementations"},
+{"id": 3966,
+"keyword": "sequent calculus prover"},
+{"id": 3967,
+"keyword": "relativized general knowledge"},
+{"id": 3968,
+"keyword": "framed links closely linked"},
+{"id": 3969,
+"keyword": "high-level proofs"},
+{"id": 3970,
+"keyword": "universally quantified uninterpreted terms"},
+{"id": 3971,
+"keyword": "morse lemma asserting"},
+{"id": 3972,
+"keyword": "test-generation techniques"},
+{"id": 3973,
+"keyword": "approach decomposes ltl formulas"},
+{"id": 3974,
+"keyword": "data refinement"},
+{"id": 3975,
+"keyword": "data plane"},
+{"id": 3976,
+"keyword": "collaborative text editing"},
+{"id": 3977,
+"keyword": "main advantage"},
+{"id": 3978,
+"keyword": "proof"},
+{"id": 3979,
+"keyword": "functions thetasym"},
+{"id": 3980,
+"keyword": "equivalence relation"},
+{"id": 3981,
+"keyword": "flexray communication protocol"},
+{"id": 3982,
+"keyword": "algebraic proof"},
+{"id": 3983,
+"keyword": "alternative definition"},
+{"id": 3984,
+"keyword": "similar proof"},
+{"id": 3985,
+"keyword": "protocols supported"},
+{"id": 3986,
+"keyword": "efficient union-find data structure"},
+{"id": 3987,
+"keyword": "pairwise commuting hermitian matrices"},
+{"id": 3988,
+"keyword": "dom api"},
+{"id": 3989,
+"keyword": "adding knuth"},
+{"id": 3990,
"keyword": "concrete monad"},
-{"id": 3955,
+{"id": 3991,
"keyword": "identify bugs"},
-{"id": 3956,
+{"id": 3992,
"keyword": "user command"},
-{"id": 3957,
+{"id": 3993,
"keyword": "program analysis"},
-{"id": 3958,
+{"id": 3994,
"keyword": "logic due"},
-{"id": 3959,
+{"id": 3995,
"keyword": "comparisons performed"},
-{"id": 3960,
+{"id": 3996,
"keyword": "inverse squares"},
-{"id": 3961,
+{"id": 3997,
"keyword": "correct optimized versions"},
-{"id": 3962,
+{"id": 3998,
"keyword": "popular introduction"},
-{"id": 3963,
+{"id": 3999,
"keyword": "general theory"},
-{"id": 3964,
+{"id": 4000,
"keyword": "large library"},
-{"id": 3965,
+{"id": 4001,
"keyword": "finite iteration"},
-{"id": 3966,
+{"id": 4002,
"keyword": "monitor supports aggregation operations"},
-{"id": 3967,
+{"id": 4003,
"keyword": "key range"},
-{"id": 3968,
+{"id": 4004,
"keyword": "social welfare"},
-{"id": 3969,
+{"id": 4005,
"keyword": "proof obligations automatically"},
-{"id": 3970,
+{"id": 4006,
"keyword": "require intermediate operational semantics"},
-{"id": 3971,
+{"id": 4007,
"keyword": "shallow semantical embeddings approach"},
-{"id": 3972,
+{"id": 4008,
"keyword": "collect information"},
-{"id": 3973,
+{"id": 4009,
"keyword": "backward simulations"},
-{"id": 3974,
+{"id": 4010,
"keyword": "protocols secure"},
-{"id": 3975,
+{"id": 4011,
"keyword": "formal power series"},
-{"id": 3976,
+{"id": 4012,
"keyword": "increasingly important"},
-{"id": 3977,
+{"id": 4013,
"keyword": "type inference algorithm"},
-{"id": 3978,
+{"id": 4014,
"keyword": "engineering safety"},
-{"id": 3979,
+{"id": 4015,
"keyword": "fixed finite instance"},
-{"id": 3980,
+{"id": 4016,
"keyword": "closed set"},
-{"id": 3981,
+{"id": 4017,
"keyword": "query evaluation"},
-{"id": 3982,
+{"id": 4018,
"keyword": "generalized recurrence relation"},
-{"id": 3983,
+{"id": 4019,
"keyword": "information-flow security aims"},
-{"id": 3984,
+{"id": 4020,
"keyword": "infinite length"},
-{"id": 3985,
+{"id": 4021,
"keyword": "geometric probability"},
-{"id": 3986,
+{"id": 4022,
"keyword": "term focus"},
-{"id": 3987,
+{"id": 4023,
"keyword": "alternative proof"},
-{"id": 3988,
+{"id": 4024,
"keyword": "commitment schemes"},
-{"id": 3989,
+{"id": 4025,
"keyword": "multiplicative group"},
-{"id": 3990,
+{"id": 4026,
"keyword": "classical definition"},
-{"id": 3991,
+{"id": 4027,
"keyword": "compositionally reasoning"},
-{"id": 3992,
+{"id": 4028,
"keyword": "mathematical formulation"},
-{"id": 3993,
+{"id": 4029,
"keyword": "arbitrary higher-order contexts"},
-{"id": 3994,
+{"id": 4030,
"keyword": "constant time"},
-{"id": 3995,
+{"id": 4031,
"keyword": "dirichlet characters"},
-{"id": 3996,
+{"id": 4032,
"keyword": "fully formal"},
-{"id": 3997,
+{"id": 4033,
"keyword": "assorted fixed-point theorems"},
-{"id": 3998,
+{"id": 4034,
"keyword": "finite relations"},
-{"id": 3999,
+{"id": 4035,
"keyword": "selection sort"},
-{"id": 4000,
+{"id": 4036,
"keyword": "semantic side conditions"},
-{"id": 4001,
+{"id": 4037,
"keyword": "formal programming language semantics"},
-{"id": 4002,
+{"id": 4038,
"keyword": "unified modeling language"},
-{"id": 4003,
+{"id": 4039,
"keyword": "complx language"},
-{"id": 4004,
+{"id": 4040,
"keyword": "simpler versions"},
-{"id": 4005,
+{"id": 4041,
"keyword": "experimentally tested"},
-{"id": 4006,
+{"id": 4042,
"keyword": "algebraic laws"},
-{"id": 4007,
+{"id": 4043,
"keyword": "abstract simplicial complexes"},
-{"id": 4008,
+{"id": 4044,
"keyword": "nullable types"},
-{"id": 4009,
+{"id": 4045,
"keyword": "1 n-1 frac b_"},
-{"id": 4010,
+{"id": 4046,
"keyword": "general problem"},
-{"id": 4011,
+{"id": 4047,
"keyword": "fixed-point theorem"},
-{"id": 4012,
+{"id": 4048,
"keyword": "file read"},
-{"id": 4013,
+{"id": 4049,
"keyword": "found cryptic"},
-{"id": 4014,
+{"id": 4050,
"keyword": "partial recursive function"},
-{"id": 4015,
+{"id": 4051,
"keyword": "cl73 chin-liang chang"},
-{"id": 4016,
+{"id": 4052,
"keyword": "call- return behavior"},
-{"id": 4017,
+{"id": 4053,
"keyword": "inductive invariant proofs"},
-{"id": 4018,
-"keyword": "omega 1 alpha"},
-{"id": 4019,
-"keyword": "human-readable fast-to-replay proof scripts"},
-{"id": 4020,
-"keyword": "monadic functions"},
-{"id": 4021,
-"keyword": "nested multiset datatype"},
-{"id": 4022,
-"keyword": "successor function"},
-{"id": 4023,
-"keyword": "16th international symposium"},
-{"id": 4024,
-"keyword": "behaviorally correct learning"},
-{"id": 4025,
-"keyword": "cpp-2015 peter lammich"},
-{"id": 4026,
-"keyword": "nieto verification"},
-{"id": 4027,
-"keyword": "hare cycle-finding algorithm ascribed"},
-{"id": 4028,
-"keyword": "safe distance rule"},
-{"id": 4029,
-"keyword": "original problem"},
-{"id": 4030,
-"keyword": "analytic combinatorics"},
-{"id": 4031,
-"keyword": "normal strategy"},
-{"id": 4032,
-"keyword": "single component"},
-{"id": 4033,
-"keyword": "order relativity theory"},
-{"id": 4034,
-"keyword": "sturm-tarksi theorem forms"},
-{"id": 4035,
-"keyword": "signed measure"},
-{"id": 4036,
-"keyword": "good lower bound"},
-{"id": 4037,
-"keyword": "type classes connected"},
-{"id": 4038,
-"keyword": "modeling languages"},
-{"id": 4039,
-"keyword": "relative soundness results"},
-{"id": 4040,
-"keyword": "arbitrary security lattices"},
-{"id": 4041,
-"keyword": "construct complicated trees"},
-{"id": 4042,
-"keyword": "large graphs"},
-{"id": 4043,
-"keyword": "partition function"},
-{"id": 4044,
-"keyword": "bounded natural functors"},
-{"id": 4045,
-"keyword": "afp entry ordered_resultion_prover"},
-{"id": 4046,
-"keyword": "automated tactic support"},
-{"id": 4047,
-"keyword": "infinite message streams represented"},
-{"id": 4048,
-"keyword": "polynomial-time algorithm"},
-{"id": 4049,
-"keyword": "complexity proof certificates"},
-{"id": 4050,
-"keyword": "standard operators"},
-{"id": 4051,
-"keyword": "int_0 1"},
-{"id": 4052,
-"keyword": "present development"},
-{"id": 4053,
-"keyword": "directly relating agents"},
{"id": 4054,
-"keyword": "path authorization"},
+"keyword": "omega 1 alpha"},
{"id": 4055,
-"keyword": "simply hermite-lindemann"},
+"keyword": "human-readable fast-to-replay proof scripts"},
{"id": 4056,
-"keyword": "generic framework semantics"},
+"keyword": "monadic functions"},
{"id": 4057,
-"keyword": "counts roots"},
+"keyword": "nested multiset datatype"},
{"id": 4058,
-"keyword": "generic properties"},
+"keyword": "successor function"},
{"id": 4059,
-"keyword": "integer ring modulo"},
+"keyword": "16th international symposium"},
{"id": 4060,
-"keyword": "domain elements"},
+"keyword": "behaviorally correct learning"},
{"id": 4061,
-"keyword": "codomain nat option"},
+"keyword": "cpp-2015 peter lammich"},
{"id": 4062,
-"keyword": "exponential nnf-based algorithms"},
+"keyword": "nieto verification"},
{"id": 4063,
-"keyword": "basis executable code"},
+"keyword": "hare cycle-finding algorithm ascribed"},
{"id": 4064,
-"keyword": "orders"},
+"keyword": "safe distance rule"},
{"id": 4065,
-"keyword": "functional programming language"},
+"keyword": "original problem"},
{"id": 4066,
-"keyword": "extended regular expressions"},
+"keyword": "analytic combinatorics"},
{"id": 4067,
-"keyword": "longest lyndon suffix"},
+"keyword": "normal strategy"},
{"id": 4068,
-"keyword": "main concern"},
+"keyword": "single component"},
{"id": 4069,
-"keyword": "squares theorem"},
+"keyword": "order relativity theory"},
{"id": 4070,
+"keyword": "sturm-tarksi theorem forms"},
+{"id": 4071,
+"keyword": "signed measure"},
+{"id": 4072,
+"keyword": "good lower bound"},
+{"id": 4073,
+"keyword": "type classes connected"},
+{"id": 4074,
+"keyword": "modeling languages"},
+{"id": 4075,
+"keyword": "relative soundness results"},
+{"id": 4076,
+"keyword": "arbitrary security lattices"},
+{"id": 4077,
+"keyword": "construct complicated trees"},
+{"id": 4078,
+"keyword": "large graphs"},
+{"id": 4079,
+"keyword": "partition function"},
+{"id": 4080,
+"keyword": "bounded natural functors"},
+{"id": 4081,
+"keyword": "afp entry ordered_resultion_prover"},
+{"id": 4082,
+"keyword": "automated tactic support"},
+{"id": 4083,
+"keyword": "infinite message streams represented"},
+{"id": 4084,
+"keyword": "polynomial-time algorithm"},
+{"id": 4085,
+"keyword": "complexity proof certificates"},
+{"id": 4086,
+"keyword": "standard operators"},
+{"id": 4087,
+"keyword": "int_0 1"},
+{"id": 4088,
+"keyword": "present development"},
+{"id": 4089,
+"keyword": "directly relating agents"},
+{"id": 4090,
+"keyword": "path authorization"},
+{"id": 4091,
+"keyword": "simply hermite-lindemann"},
+{"id": 4092,
+"keyword": "generic framework semantics"},
+{"id": 4093,
+"keyword": "p-adic fields"},
+{"id": 4094,
+"keyword": "counts roots"},
+{"id": 4095,
+"keyword": "generic properties"},
+{"id": 4096,
+"keyword": "integer ring modulo"},
+{"id": 4097,
+"keyword": "domain elements"},
+{"id": 4098,
+"keyword": "codomain nat option"},
+{"id": 4099,
+"keyword": "exponential nnf-based algorithms"},
+{"id": 4100,
+"keyword": "basis executable code"},
+{"id": 4101,
+"keyword": "orders"},
+{"id": 4102,
+"keyword": "functional programming language"},
+{"id": 4103,
+"keyword": "extended regular expressions"},
+{"id": 4104,
+"keyword": "longest lyndon suffix"},
+{"id": 4105,
+"keyword": "main concern"},
+{"id": 4106,
+"keyword": "squares theorem"},
+{"id": 4107,
"keyword": "generic object model independent"},
-{"id": 4071,
+{"id": 4108,
"keyword": "uniform substitutions substitute"},
-{"id": 4072,
+{"id": 4109,
"keyword": "release ownership"},
-{"id": 4073,
+{"id": 4110,
"keyword": "key construction"},
-{"id": 4074,
+{"id": 4111,
"keyword": "aforesaid task"},
-{"id": 4075,
+{"id": 4112,
"keyword": "complex data structure"},
-{"id": 4076,
+{"id": 4113,
"keyword": "paul thomson"},
-{"id": 4077,
+{"id": 4114,
"keyword": "trivially unsatisfiable inequality"},
-{"id": 4078,
+{"id": 4115,
"keyword": "probabilistic variant"},
-{"id": 4079,
+{"id": 4116,
"keyword": "unique normal forms"},
-{"id": 4080,
+{"id": 4117,
"keyword": "supports range queries"},
-{"id": 4081,
+{"id": 4118,
"keyword": "permitting multiset comparisons"},
-{"id": 4082,
+{"id": 4119,
"keyword": "lipschitz maps"},
-{"id": 4083,
+{"id": 4120,
"keyword": "formal language"},
-{"id": 4084,
+{"id": 4121,
"keyword": "small abstract subsystems"},
-{"id": 4085,
+{"id": 4122,
"keyword": "asymptotically matches"},
-{"id": 4086,
+{"id": 4123,
+"keyword": "vincent bloemen"},
+{"id": 4124,
"keyword": "infinite measure"},
-{"id": 4087,
+{"id": 4125,
"keyword": "proof calculus"},
-{"id": 4088,
+{"id": 4126,
"keyword": "temporal logic"},
-{"id": 4089,
+{"id": 4127,
"keyword": "link tangle equivalence"},
-{"id": 4090,
+{"id": 4128,
"keyword": "instantiation reuses"},
-{"id": 4091,
+{"id": 4129,
"keyword": "representation executable"},
-{"id": 4092,
+{"id": 4130,
"keyword": "hol standard library"},
-{"id": 4093,
+{"id": 4131,
"keyword": "article set-theoretical foundations"},
-{"id": 4094,
+{"id": 4132,
"keyword": "underlying boolean algebra structure"},
-{"id": 4095,
+{"id": 4133,
"keyword": "aircraft cabin data network"},
-{"id": 4096,
+{"id": 4134,
"keyword": "liouville numbers"},
-{"id": 4097,
+{"id": 4135,
"keyword": "basic model"},
-{"id": 4098,
+{"id": 4136,
"keyword": "verified translation"},
-{"id": 4099,
+{"id": 4137,
"keyword": "devise notions"},
-{"id": 4100,
-"keyword": "platonic forms"},
-{"id": 4101,
-"keyword": "np-complete problem"},
-{"id": 4102,
-"keyword": "updown scheme"},
-{"id": 4103,
-"keyword": "yacc style grammars"},
-{"id": 4104,
-"keyword": "rapid prototyping"},
-{"id": 4105,
-"keyword": "combinatorial design theory"},
-{"id": 4106,
-"keyword": "fourteen lemmas"},
-{"id": 4107,
-"keyword": "utility functions form"},
-{"id": 4108,
-"keyword": "theories presented"},
-{"id": 4109,
-"keyword": "quantitative analysis"},
-{"id": 4110,
-"keyword": "atomic operations race"},
-{"id": 4111,
-"keyword": "word iff"},
-{"id": 4112,
-"keyword": "knowledge"},
-{"id": 4113,
-"keyword": "msc thesis"},
-{"id": 4114,
-"keyword": "nondeterministic branching"},
-{"id": 4115,
-"keyword": "randomized list update algorithm"},
-{"id": 4116,
-"keyword": "document describes"},
-{"id": 4117,
-"keyword": "significant generalization"},
-{"id": 4118,
-"keyword": "short sketch"},
-{"id": 4119,
-"keyword": "state-normalisation allowing"},
-{"id": 4120,
-"keyword": "next-free ltl formula"},
-{"id": 4121,
-"keyword": "devising correct speculative algorithms"},
-{"id": 4122,
-"keyword": "process trace"},
-{"id": 4123,
-"keyword": "interactive theorem proving"},
-{"id": 4124,
-"keyword": "individual accepted"},
-{"id": 4125,
-"keyword": "target terms"},
-{"id": 4126,
-"keyword": "quickly verified"},
-{"id": 4127,
-"keyword": "completeness result"},
-{"id": 4128,
-"keyword": "implement saturation calculi"},
-{"id": 4129,
-"keyword": "general predication"},
-{"id": 4130,
-"keyword": "formal definitions"},
-{"id": 4131,
-"keyword": "theory"},
-{"id": 4132,
-"keyword": "ternary relation"},
-{"id": 4133,
-"keyword": "posix matching"},
-{"id": 4134,
-"keyword": "normalisation algorithm"},
-{"id": 4135,
-"keyword": "full proof"},
-{"id": 4136,
-"keyword": "short applications"},
-{"id": 4137,
-"keyword": "dependent types"},
{"id": 4138,
-"keyword": "division modulo"},
+"keyword": "platonic forms"},
{"id": 4139,
-"keyword": "sample computations"},
+"keyword": "np-complete problem"},
{"id": 4140,
-"keyword": "output type"},
+"keyword": "updown scheme"},
{"id": 4141,
-"keyword": "sorted monadic equational logic"},
+"keyword": "yacc style grammars"},
{"id": 4142,
-"keyword": "refinement calculus literature"},
+"keyword": "rapid prototyping"},
{"id": 4143,
-"keyword": "early failure detection"},
+"keyword": "combinatorial design theory"},
{"id": 4144,
-"keyword": "hereditarily finite set theory"},
+"keyword": "fourteen lemmas"},
{"id": 4145,
-"keyword": "main operation"},
+"keyword": "utility functions form"},
{"id": 4146,
-"keyword": "constructive cryptography"},
+"keyword": "theories presented"},
{"id": 4147,
-"keyword": "data structures required"},
+"keyword": "quantitative analysis"},
{"id": 4148,
-"keyword": "probability monad"},
+"keyword": "atomic operations race"},
{"id": 4149,
-"keyword": "key proofs"},
+"keyword": "word iff"},
{"id": 4150,
-"keyword": "clock synchronization algorithm"},
+"keyword": "knowledge"},
{"id": 4151,
-"keyword": "julien narboux"},
+"keyword": "msc thesis"},
{"id": 4152,
-"keyword": "sliding window algorithm"},
+"keyword": "nondeterministic branching"},
{"id": 4153,
-"keyword": "predicate transformer semantics"},
+"keyword": "randomized list update algorithm"},
{"id": 4154,
-"keyword": "data plane protocols"},
+"keyword": "document describes"},
{"id": 4155,
-"keyword": "bner bases"},
+"keyword": "significant generalization"},
{"id": 4156,
-"keyword": "existing formalization"},
+"keyword": "short sketch"},
{"id": 4157,
-"keyword": "divide-and-conquer algorithm"},
+"keyword": "state-normalisation allowing"},
{"id": 4158,
-"keyword": "prime harmonic series"},
+"keyword": "next-free ltl formula"},
{"id": 4159,
-"keyword": "classical theorem"},
+"keyword": "devising correct speculative algorithms"},
{"id": 4160,
-"keyword": "complement automaton"},
+"keyword": "process trace"},
{"id": 4161,
-"keyword": "actual sets"},
+"keyword": "interactive theorem proving"},
{"id": 4162,
-"keyword": "arbitrary intervals"},
+"keyword": "individual accepted"},
{"id": 4163,
-"keyword": "immediately offer"},
+"keyword": "target terms"},
{"id": 4164,
-"keyword": "locale-centric approach"},
+"keyword": "quickly verified"},
{"id": 4165,
-"keyword": "partial semigroups"},
+"keyword": "completeness result"},
{"id": 4166,
-"keyword": "specification decomposition principles"},
+"keyword": "implement saturation calculi"},
{"id": 4167,
-"keyword": "classic proof"},
+"keyword": "general predication"},
{"id": 4168,
-"keyword": "underlying routing protocol"},
+"keyword": "formal definitions"},
{"id": 4169,
-"keyword": "irreducible representation"},
+"keyword": "theory"},
{"id": 4170,
-"keyword": "completeness proof builds"},
+"keyword": "ternary relation"},
{"id": 4171,
-"keyword": "imperative executable code"},
+"keyword": "posix matching"},
{"id": 4172,
-"keyword": "executable implementation"},
+"keyword": "normalisation algorithm"},
{"id": 4173,
-"keyword": "uml class diagrams"},
+"keyword": "full proof"},
{"id": 4174,
-"keyword": "simple summation conversion"},
+"keyword": "short applications"},
{"id": 4175,
-"keyword": "single setting"},
+"keyword": "dependent types"},
{"id": 4176,
-"keyword": "closed-form formulae"},
+"keyword": "division modulo"},
{"id": 4177,
-"keyword": "sat solver descriptions"},
+"keyword": "sample computations"},
{"id": 4178,
-"keyword": "correctness properties"},
+"keyword": "output type"},
{"id": 4179,
-"keyword": "efficient verified implementation"},
+"keyword": "sorted monadic equational logic"},
{"id": 4180,
-"keyword": "category"},
+"keyword": "refinement calculus literature"},
{"id": 4181,
-"keyword": "generic rules resulting"},
+"keyword": "early failure detection"},
{"id": 4182,
-"keyword": "approach"},
+"keyword": "hereditarily finite set theory"},
{"id": 4183,
-"keyword": "independent axioms"},
+"keyword": "quantifier elimination theorem"},
{"id": 4184,
-"keyword": "veblen hierarchies"},
+"keyword": "main operation"},
{"id": 4185,
-"keyword": "semi-honest security setting"},
+"keyword": "constructive cryptography"},
{"id": 4186,
-"keyword": "triangle counting lemma"},
+"keyword": "data structures required"},
{"id": 4187,
-"keyword": "existing proof format"},
+"keyword": "probability monad"},
{"id": 4188,
-"keyword": "aforementioned mathematical structures"},
+"keyword": "key proofs"},
{"id": 4189,
-"keyword": "executable formalisation"},
+"keyword": "clock synchronization algorithm"},
{"id": 4190,
-"keyword": "executable variant"},
+"keyword": "julien narboux"},
{"id": 4191,
-"keyword": "impossibility theorem due"},
+"keyword": "sliding window algorithm"},
{"id": 4192,
-"keyword": "finite consistent extensions"},
+"keyword": "predicate transformer semantics"},
{"id": 4193,
-"keyword": "x1n hellip"},
+"keyword": "data plane protocols"},
{"id": 4194,
-"keyword": "calculus ls_ pasl"},
+"keyword": "bner bases"},
{"id": 4195,
-"keyword": "diffie-hellman password-based authentication protocol"},
+"keyword": "existing formalization"},
{"id": 4196,
-"keyword": "average case"},
+"keyword": "divide-and-conquer algorithm"},
{"id": 4197,
-"keyword": "study filters based"},
+"keyword": "prime harmonic series"},
{"id": 4198,
-"keyword": "sorted linked lists"},
+"keyword": "classical theorem"},
{"id": 4199,
-"keyword": "integer hull"},
+"keyword": "complement automaton"},
{"id": 4200,
-"keyword": "binary masking"},
+"keyword": "actual sets"},
{"id": 4201,
-"keyword": "output consistency"},
+"keyword": "arbitrary intervals"},
{"id": 4202,
-"keyword": "important problem"},
+"keyword": "immediately offer"},
{"id": 4203,
-"keyword": "strictly dominated"},
+"keyword": "locale-centric approach"},
{"id": 4204,
-"keyword": "text introduction"},
+"keyword": "partial semigroups"},
{"id": 4205,
-"keyword": "distributed computing"},
+"keyword": "specification decomposition principles"},
{"id": 4206,
-"keyword": "combinatory logic"},
+"keyword": "classic proof"},
{"id": 4207,
-"keyword": "input generators"},
+"keyword": "underlying routing protocol"},
{"id": 4208,
-"keyword": "related splay heaps"},
+"keyword": "irreducible representation"},
{"id": 4209,
-"keyword": "treat binding sequences"},
+"keyword": "completeness proof builds"},
{"id": 4210,
-"keyword": "bnf case"},
+"keyword": "imperative executable code"},
{"id": 4211,
-"keyword": "path-aware internet architectures"},
+"keyword": "executable implementation"},
{"id": 4212,
-"keyword": "von neumann hierarchy"},
+"keyword": "uml class diagrams"},
{"id": 4213,
-"keyword": "multi-head monitoring algorithm"},
+"keyword": "simple summation conversion"},
{"id": 4214,
-"keyword": "object oriented design"},
+"keyword": "single setting"},
{"id": 4215,
-"keyword": "significant contribution"},
+"keyword": "closed-form formulae"},
{"id": 4216,
-"keyword": "total learning"},
+"keyword": "sat solver descriptions"},
{"id": 4217,
-"keyword": "compositional analysis methods"},
+"keyword": "correctness properties"},
{"id": 4218,
-"keyword": "communicating sequential processes requires"},
+"keyword": "efficient verified implementation"},
{"id": 4219,
-"keyword": "abstract transition system context"},
+"keyword": "category"},
{"id": 4220,
-"keyword": "consensus algorithms"},
+"keyword": "generic rules resulting"},
{"id": 4221,
-"keyword": "weighted path order"},
+"keyword": "approach"},
{"id": 4222,
-"keyword": "birkhoff theorem"},
+"keyword": "independent axioms"},
{"id": 4223,
-"keyword": "strong versions"},
+"keyword": "veblen hierarchies"},
{"id": 4224,
-"keyword": "theories listinf"},
+"keyword": "semi-honest security setting"},
{"id": 4225,
-"keyword": "higher-order probabilistic programs"},
+"keyword": "triangle counting lemma"},
{"id": 4226,
-"keyword": "share common algorithmic ideas"},
+"keyword": "existing proof format"},
{"id": 4227,
-"keyword": "protecting authorized paths"},
+"keyword": "aforementioned mathematical structures"},
{"id": 4228,
-"keyword": "chip authentication mapping"},
+"keyword": "executable formalisation"},
{"id": 4229,
-"keyword": "support arbitrary nesting"},
+"keyword": "executable variant"},
{"id": 4230,
-"keyword": "elementary row operations"},
+"keyword": "impossibility theorem due"},
{"id": 4231,
-"keyword": "normal form --"},
+"keyword": "finite consistent extensions"},
{"id": 4232,
-"keyword": "minimization algorithm"},
+"keyword": "x1n hellip"},
{"id": 4233,
-"keyword": "upper bound"},
+"keyword": "calculus ls_ pasl"},
{"id": 4234,
-"keyword": "10th problem"},
+"keyword": "diffie-hellman password-based authentication protocol"},
{"id": 4235,
-"keyword": "dual problem"},
+"keyword": "average case"},
{"id": 4236,
-"keyword": "arbitrary sets"},
+"keyword": "study filters based"},
{"id": 4237,
-"keyword": "log-gamma function"},
+"keyword": "sorted linked lists"},
{"id": 4238,
-"keyword": "random order"},
+"keyword": "integer hull"},
{"id": 4239,
+"keyword": "binary masking"},
+{"id": 4240,
+"keyword": "output consistency"},
+{"id": 4241,
+"keyword": "important problem"},
+{"id": 4242,
+"keyword": "strictly dominated"},
+{"id": 4243,
+"keyword": "text introduction"},
+{"id": 4244,
+"keyword": "distributed computing"},
+{"id": 4245,
+"keyword": "combinatory logic"},
+{"id": 4246,
+"keyword": "input generators"},
+{"id": 4247,
+"keyword": "related splay heaps"},
+{"id": 4248,
+"keyword": "treat binding sequences"},
+{"id": 4249,
+"keyword": "bnf case"},
+{"id": 4250,
+"keyword": "path-aware internet architectures"},
+{"id": 4251,
+"keyword": "von neumann hierarchy"},
+{"id": 4252,
+"keyword": "multi-head monitoring algorithm"},
+{"id": 4253,
+"keyword": "object oriented design"},
+{"id": 4254,
+"keyword": "significant contribution"},
+{"id": 4255,
+"keyword": "total learning"},
+{"id": 4256,
+"keyword": "compositional analysis methods"},
+{"id": 4257,
+"keyword": "communicating sequential processes requires"},
+{"id": 4258,
+"keyword": "abstract transition system context"},
+{"id": 4259,
+"keyword": "consensus algorithms"},
+{"id": 4260,
+"keyword": "weighted path order"},
+{"id": 4261,
+"keyword": "birkhoff theorem"},
+{"id": 4262,
+"keyword": "strong versions"},
+{"id": 4263,
+"keyword": "theories listinf"},
+{"id": 4264,
+"keyword": "higher-order probabilistic programs"},
+{"id": 4265,
+"keyword": "share common algorithmic ideas"},
+{"id": 4266,
+"keyword": "protecting authorized paths"},
+{"id": 4267,
+"keyword": "chip authentication mapping"},
+{"id": 4268,
+"keyword": "support arbitrary nesting"},
+{"id": 4269,
+"keyword": "elementary row operations"},
+{"id": 4270,
+"keyword": "normal form --"},
+{"id": 4271,
+"keyword": "minimization algorithm"},
+{"id": 4272,
+"keyword": "upper bound"},
+{"id": 4273,
+"keyword": "10th problem"},
+{"id": 4274,
+"keyword": "dual problem"},
+{"id": 4275,
+"keyword": "arbitrary sets"},
+{"id": 4276,
+"keyword": "log-gamma function"},
+{"id": 4277,
+"keyword": "random order"},
+{"id": 4278,
"keyword": "unique solutions"},
-{"id": 4240,
+{"id": 4279,
"keyword": "reifies property patterns"},
-{"id": 4241,
+{"id": 4280,
"keyword": "directly derive executable"},
-{"id": 4242,
+{"id": 4281,
"keyword": "ultimately culminating"},
-{"id": 4243,
+{"id": 4282,
"keyword": "direct arguments"},
-{"id": 4244,
+{"id": 4283,
"keyword": "external tools"},
-{"id": 4245,
+{"id": 4284,
"keyword": "object-free style"},
-{"id": 4246,
+{"id": 4285,
"keyword": "finite set"},
-{"id": 4247,
+{"id": 4286,
"keyword": "studying system-level properties"},
-{"id": 4248,
+{"id": 4287,
"keyword": "insurance contracts"},
-{"id": 4249,
+{"id": 4288,
"keyword": "abstract datatypes"},
-{"id": 4250,
+{"id": 4289,
"keyword": "hales jewett theorem presented"},
-{"id": 4251,
+{"id": 4290,
"keyword": "disregard unrealizable behavior"},
-{"id": 4252,
+{"id": 4291,
"keyword": "bounded model checking"},
-{"id": 4253,
+{"id": 4292,
"keyword": "floor randomly"},
-{"id": 4254,
+{"id": 4293,
"keyword": "maximum cardinality matching"},
-{"id": 4255,
+{"id": 4294,
"keyword": "expressive extension"},
-{"id": 4256,
+{"id": 4295,
"keyword": "stream fusion transformation"},
-{"id": 4257,
+{"id": 4296,
"keyword": "univariate monic polynomial"},
-{"id": 4258,
+{"id": 4297,
"keyword": "concrete manifolds"},
-{"id": 4259,
+{"id": 4298,
"keyword": "consistency problem"},
-{"id": 4260,
+{"id": 4299,
"keyword": "executable simplifier"},
-{"id": 4261,
+{"id": 4300,
+"keyword": "fractional permissions"},
+{"id": 4301,
"keyword": "folklore results related"},
-{"id": 4262,
+{"id": 4302,
"keyword": "basic category theory set"},
-{"id": 4263,
+{"id": 4303,
"keyword": "mathematically precise theory"},
-{"id": 4264,
+{"id": 4304,
"keyword": "finite field"},
-{"id": 4265,
+{"id": 4305,
"keyword": "additive combinatorics"},
-{"id": 4266,
+{"id": 4306,
"keyword": "type-class based structures"},
-{"id": 4267,
+{"id": 4307,
"keyword": "unify computation models"},
-{"id": 4268,
+{"id": 4308,
"keyword": "distinguishing feature"},
-{"id": 4269,
+{"id": 4309,
"keyword": "potentials due"},
-{"id": 4270,
+{"id": 4310,
"keyword": "randomized algorithms"},
-{"id": 4271,
+{"id": 4311,
"keyword": "strict standard compliance formalization"},
-{"id": 4272,
+{"id": 4312,
"keyword": "formal methods"},
-{"id": 4273,
+{"id": 4313,
"keyword": "syntactic bisimulation"},
-{"id": 4274,
+{"id": 4314,
"keyword": "extended previous"},
-{"id": 4275,
+{"id": 4315,
"keyword": "self-referential implementation"},
-{"id": 4276,
+{"id": 4316,
"keyword": "afp entry discrete summation"},
-{"id": 4277,
+{"id": 4317,
"keyword": "channel protocols communicating"},
-{"id": 4278,
+{"id": 4318,
"keyword": "griffin observed"},
-{"id": 4279,
+{"id": 4319,
"keyword": "afp entries"},
-{"id": 4280,
+{"id": 4320,
"keyword": "typed model"},
-{"id": 4281,
+{"id": 4321,
"keyword": "elementary properties"},
-{"id": 4282,
+{"id": 4322,
"keyword": "simple hybrid programs"},
-{"id": 4283,
+{"id": 4323,
"keyword": "foundational shared-variable concurrency method"},
-{"id": 4284,
+{"id": 4324,
"keyword": "safety properties"},
-{"id": 4285,
+{"id": 4325,
"keyword": "uniform substitutions"},
-{"id": 4286,
+{"id": 4326,
"keyword": "finite carrier set"},
-{"id": 4287,
+{"id": 4327,
"keyword": "guided tour"},
-{"id": 4288,
+{"id": 4328,
"keyword": "axiomatic system"},
-{"id": 4289,
+{"id": 4329,
"keyword": "real exponents"},
-{"id": 4290,
+{"id": 4330,
"keyword": "3-term arithmetic progressions"},
-{"id": 4291,
+{"id": 4331,
"keyword": "hermite--lindemann--weierstra transcendence theorem"},
-{"id": 4292,
+{"id": 4332,
"keyword": "liberal paradox"},
-{"id": 4293,
+{"id": 4333,
"keyword": "word inside"},
-{"id": 4294,
+{"id": 4334,
"keyword": "price function"},
-{"id": 4295,
+{"id": 4335,
"keyword": "linear combination"},
-{"id": 4296,
+{"id": 4336,
"keyword": "fair coin flips"},
-{"id": 4297,
+{"id": 4337,
"keyword": "correctness property"},
-{"id": 4298,
+{"id": 4338,
"keyword": "stochastic dominance"},
-{"id": 4299,
+{"id": 4339,
"keyword": "easily transfer theorems"},
-{"id": 4300,
+{"id": 4340,
"keyword": "expected length"},
-{"id": 4301,
+{"id": 4341,
"keyword": "actual executions"},
-{"id": 4302,
+{"id": 4342,
"keyword": "berlekamp-zassenhaus algorithm"},
-{"id": 4303,
+{"id": 4343,
"keyword": "set theoretic formulation"},
-{"id": 4304,
+{"id": 4344,
"keyword": "mixed-integer solutions"},
-{"id": 4305,
+{"id": 4345,
"keyword": "high-level style"},
-{"id": 4306,
+{"id": 4346,
"keyword": "proof principles"},
-{"id": 4307,
+{"id": 4347,
"keyword": "quantum mechanics"},
-{"id": 4308,
+{"id": 4348,
"keyword": "increasing rational sequence r_n"},
-{"id": 4309,
+{"id": 4349,
"keyword": "elimination contexts"},
-{"id": 4310,
+{"id": 4350,
"keyword": "dynamic languages"},
-{"id": 4311,
+{"id": 4351,
"keyword": "logics denote regular languages"},
-{"id": 4312,
+{"id": 4352,
"keyword": "verify first-order relativity theory"},
-{"id": 4313,
+{"id": 4353,
"keyword": "automatically deriving instances"},
-{"id": 4314,
+{"id": 4354,
"keyword": "golden ratio"},
-{"id": 4315,
+{"id": 4355,
"keyword": "knuth-morris-pratt algorithm"},
-{"id": 4316,
+{"id": 4356,
"keyword": "ideas borrowed"},
-{"id": 4317,
-"keyword": "higher-order permutative rewrite rule"},
-{"id": 4318,
+{"id": 4357,
"keyword": "variable convention"},
-{"id": 4319,
+{"id": 4358,
"keyword": "loop freedom"},
-{"id": 4320,
+{"id": 4359,
"keyword": "behaviours"},
-{"id": 4321,
+{"id": 4360,
"keyword": "square-free factorization algorithm"},
-{"id": 4322,
+{"id": 4361,
"keyword": "verified functional splay trees"},
-{"id": 4323,
+{"id": 4362,
+"keyword": "key resource assertions"},
+{"id": 4363,
+"keyword": "higher-order permutative rewrite rule"},
+{"id": 4364,
"keyword": "fwf"},
-{"id": 4324,
+{"id": 4365,
"keyword": "cartesian monoidal category"},
-{"id": 4325,
+{"id": 4366,
"keyword": "property"},
-{"id": 4326,
+{"id": 4367,
"keyword": "generic kind"},
-{"id": 4327,
+{"id": 4368,
"keyword": "influential works"},
-{"id": 4328,
+{"id": 4369,
"keyword": "foreach combinators"},
-{"id": 4329,
+{"id": 4370,
"keyword": "product type"},
-{"id": 4330,
+{"id": 4371,
"keyword": "polynomial analogue"},
-{"id": 4331,
+{"id": 4372,
"keyword": "helper lemmas"},
-{"id": 4332,
+{"id": 4373,
"keyword": "rewriting tactics"},
-{"id": 4333,
+{"id": 4374,
"keyword": "proving open properties"},
-{"id": 4334,
+{"id": 4375,
"keyword": "interval trees"},
-{"id": 4335,
+{"id": 4376,
"keyword": "chosen plaintext"},
-{"id": 4336,
+{"id": 4377,
"keyword": "prohibited requests directly"},
-{"id": 4337,
+{"id": 4378,
"keyword": "analysing replication algorithms"},
-{"id": 4338,
+{"id": 4379,
"keyword": "so-called sturm sequences"},
-{"id": 4339,
+{"id": 4380,
"keyword": "metric dynamic logic"},
-{"id": 4340,
+{"id": 4381,
"keyword": "factor square-free integer polynomials"},
-{"id": 4341,
+{"id": 4382,
"keyword": "quasi-fixed point"},
-{"id": 4342,
+{"id": 4383,
"keyword": "incidence matrix representation"},
-{"id": 4343,
+{"id": 4384,
"keyword": "fundamental solution"},
-{"id": 4344,
+{"id": 4385,
"keyword": "symbolic execution step"},
-{"id": 4345,
+{"id": 4386,
"keyword": "formal linear algebraic techniques"},
-{"id": 4346,
+{"id": 4387,
"keyword": "edmonds-karp algorithm"},
-{"id": 4347,
+{"id": 4388,
"keyword": "imp language"},
-{"id": 4348,
+{"id": 4389,
"keyword": "code output level"},
-{"id": 4349,
+{"id": 4390,
"keyword": "call arity analysis"},
-{"id": 4350,
-"keyword": "axiomatic constructor classes"},
-{"id": 4351,
-"keyword": "fully"},
-{"id": 4352,
-"keyword": "sch16 anders schlichtkrull"},
-{"id": 4353,
-"keyword": "main theorem"},
-{"id": 4354,
-"keyword": "weak bi-quantales"},
-{"id": 4355,
-"keyword": "hand waving"},
-{"id": 4356,
-"keyword": "basic features"},
-{"id": 4357,
-"keyword": "method exploits"},
-{"id": 4358,
-"keyword": "henkin witnesses"},
-{"id": 4359,
-"keyword": "arithmetic type class hierarchy"},
-{"id": 4360,
-"keyword": "analytic number theory rdquo"},
-{"id": 4361,
-"keyword": "fntt running time"},
-{"id": 4362,
-"keyword": "formal refutational completeness proofs"},
-{"id": 4363,
-"keyword": "graph theory"},
-{"id": 4364,
-"keyword": "tight upper bound"},
-{"id": 4365,
-"keyword": "geodesic metric space"},
-{"id": 4366,
-"keyword": "proper generic extension"},
-{"id": 4367,
-"keyword": "general balanced trees"},
-{"id": 4368,
-"keyword": "a_1 ldots a_n"},
-{"id": 4369,
-"keyword": "notes"},
-{"id": 4370,
-"keyword": "kleisli category"},
-{"id": 4371,
-"keyword": "compare process calculi"},
-{"id": 4372,
-"keyword": "high level attacks"},
-{"id": 4373,
-"keyword": "type safety"},
-{"id": 4374,
-"keyword": "proof structure"},
-{"id": 4375,
-"keyword": "infinite element"},
-{"id": 4376,
-"keyword": "second-order properties"},
-{"id": 4377,
-"keyword": "increased demand"},
-{"id": 4378,
-"keyword": "representing algorithms"},
-{"id": 4379,
-"keyword": "unboxing optimization"},
-{"id": 4380,
-"keyword": "list operations"},
-{"id": 4381,
-"keyword": "boolean expressions"},
-{"id": 4382,
-"keyword": "program refinement techniques"},
-{"id": 4383,
-"keyword": "computer science"},
-{"id": 4384,
-"keyword": "finite domain consisting"},
-{"id": 4385,
-"keyword": "minkowski spacetime"},
-{"id": 4386,
-"keyword": "combinatorial map"},
-{"id": 4387,
-"keyword": "concurrency reasoning framework"},
-{"id": 4388,
-"keyword": "transposition theorem"},
-{"id": 4389,
-"keyword": "solved explicitly"},
-{"id": 4390,
-"keyword": "large numbers states"},
{"id": 4391,
-"keyword": "balanced incomplete block designs"},
+"keyword": "axiomatic constructor classes"},
{"id": 4392,
-"keyword": "structures play"},
+"keyword": "fully"},
{"id": 4393,
-"keyword": "iteratively solve finite mdps"},
+"keyword": "sch16 anders schlichtkrull"},
{"id": 4394,
-"keyword": "commutative replicated data types"},
+"keyword": "main theorem"},
{"id": 4395,
-"keyword": "master theorem"},
+"keyword": "weak bi-quantales"},
{"id": 4396,
-"keyword": "multiplicative monoid"},
+"keyword": "hand waving"},
{"id": 4397,
-"keyword": "bit ibn qurra"},
+"keyword": "basic features"},
{"id": 4398,
-"keyword": "maximum cardinality"},
+"keyword": "method exploits"},
{"id": 4399,
-"keyword": "syntax-independent logic infrastructure"},
+"keyword": "henkin witnesses"},
{"id": 4400,
-"keyword": "success sensitiveness"},
+"keyword": "arithmetic type class hierarchy"},
{"id": 4401,
-"keyword": "functional modeling language hol"},
+"keyword": "analytic number theory rdquo"},
{"id": 4402,
-"keyword": "group action"},
+"keyword": "fntt running time"},
{"id": 4403,
-"keyword": "international mathematical olympiad 2019"},
+"keyword": "formal refutational completeness proofs"},
{"id": 4404,
-"keyword": "undesired information leak"},
+"keyword": "graph theory"},
{"id": 4405,
-"keyword": "temporal intervals"},
+"keyword": "tight upper bound"},
{"id": 4406,
-"keyword": "universal partial recursive function"},
+"keyword": "geodesic metric space"},
{"id": 4407,
+"keyword": "proper generic extension"},
+{"id": 4408,
+"keyword": "general balanced trees"},
+{"id": 4409,
+"keyword": "a_1 ldots a_n"},
+{"id": 4410,
+"keyword": "notes"},
+{"id": 4411,
+"keyword": "kleisli category"},
+{"id": 4412,
+"keyword": "compare process calculi"},
+{"id": 4413,
+"keyword": "high level attacks"},
+{"id": 4414,
+"keyword": "type safety"},
+{"id": 4415,
+"keyword": "proof structure"},
+{"id": 4416,
+"keyword": "infinite element"},
+{"id": 4417,
+"keyword": "second-order properties"},
+{"id": 4418,
+"keyword": "increased demand"},
+{"id": 4419,
+"keyword": "representing algorithms"},
+{"id": 4420,
+"keyword": "unboxing optimization"},
+{"id": 4421,
+"keyword": "list operations"},
+{"id": 4422,
+"keyword": "boolean expressions"},
+{"id": 4423,
+"keyword": "program refinement techniques"},
+{"id": 4424,
+"keyword": "computer science"},
+{"id": 4425,
+"keyword": "finite domain consisting"},
+{"id": 4426,
+"keyword": "minkowski spacetime"},
+{"id": 4427,
+"keyword": "combinatorial map"},
+{"id": 4428,
+"keyword": "concurrency reasoning framework"},
+{"id": 4429,
+"keyword": "transposition theorem"},
+{"id": 4430,
+"keyword": "solved explicitly"},
+{"id": 4431,
+"keyword": "large numbers states"},
+{"id": 4432,
+"keyword": "balanced incomplete block designs"},
+{"id": 4433,
+"keyword": "structures play"},
+{"id": 4434,
+"keyword": "iteratively solve finite mdps"},
+{"id": 4435,
+"keyword": "commutative replicated data types"},
+{"id": 4436,
+"keyword": "master theorem"},
+{"id": 4437,
+"keyword": "multiplicative monoid"},
+{"id": 4438,
+"keyword": "bit ibn qurra"},
+{"id": 4439,
+"keyword": "maximum cardinality"},
+{"id": 4440,
+"keyword": "syntax-independent logic infrastructure"},
+{"id": 4441,
+"keyword": "success sensitiveness"},
+{"id": 4442,
+"keyword": "functional modeling language hol"},
+{"id": 4443,
+"keyword": "group action"},
+{"id": 4444,
+"keyword": "international mathematical olympiad 2019"},
+{"id": 4445,
+"keyword": "undesired information leak"},
+{"id": 4446,
+"keyword": "temporal intervals"},
+{"id": 4447,
+"keyword": "universal partial recursive function"},
+{"id": 4448,
"keyword": "hol function definition"},
-{"id": 4408,
+{"id": 4449,
"keyword": "proofs remain manageable"},
-{"id": 4409,
+{"id": 4450,
"keyword": "software framework incorporates"},
-{"id": 4410,
+{"id": 4451,
"keyword": "hol-based afp entry"},
-{"id": 4411,
+{"id": 4452,
"keyword": "technique"},
-{"id": 4412,
+{"id": 4453,
"keyword": "ideal showcase"},
-{"id": 4413,
+{"id": 4454,
"keyword": "automatically derive restrictions"},
-{"id": 4414,
+{"id": 4455,
"keyword": "functional logic"},
-{"id": 4415,
+{"id": 4456,
"keyword": "verifying functional"},
-{"id": 4416,
+{"id": 4457,
"keyword": "insertion sort algorithm"},
-{"id": 4417,
+{"id": 4458,
"keyword": "solve mdps"},
-{"id": 4418,
+{"id": 4459,
"keyword": "partition relations concerns generalisations"},
-{"id": 4419,
+{"id": 4460,
"keyword": "fixpoint operations lfp"},
-{"id": 4420,
+{"id": 4461,
"keyword": "approach demonstrates"},
-{"id": 4421,
+{"id": 4462,
"keyword": "internally vertex-disjoint paths"},
-{"id": 4422,
+{"id": 4463,
"keyword": "parameterized proofs"},
-{"id": 4423,
+{"id": 4464,
"keyword": "software tool authors"},
-{"id": 4424,
+{"id": 4465,
"keyword": "verification condition generation"},
-{"id": 4425,
+{"id": 4466,
"keyword": "generic type classes"},
-{"id": 4426,
+{"id": 4467,
"keyword": "programs written"},
-{"id": 4427,
+{"id": 4468,
"keyword": "abstract characterization"},
-{"id": 4428,
+{"id": 4469,
"keyword": "shapeless library"},
-{"id": 4429,
+{"id": 4470,
"keyword": "recursive programs based"},
-{"id": 4430,
+{"id": 4471,
"keyword": "ltl formula"},
-{"id": 4431,
+{"id": 4472,
"keyword": "geometric theorems"},
-{"id": 4432,
+{"id": 4473,
"keyword": "mathematics stack exchange page"},
-{"id": 4433,
+{"id": 4474,
"keyword": "manual proofs"},
-{"id": 4434,
-"keyword": "automated reasoning sch18"},
-{"id": 4435,
-"keyword": "theories list"},
-{"id": 4436,
-"keyword": "theory dpt_sat_solver"},
-{"id": 4437,
-"keyword": "chromatic number exist"},
-{"id": 4438,
-"keyword": "interesting proofs"},
-{"id": 4439,
-"keyword": "abstract level"},
-{"id": 4440,
-"keyword": "accessibility decisions affecting"},
-{"id": 4441,
-"keyword": "model entire prover architectures"},
-{"id": 4442,
-"keyword": "structure abstractly"},
-{"id": 4443,
-"keyword": "ordinary differential equations"},
-{"id": 4444,
-"keyword": "basic facts"},
-{"id": 4445,
-"keyword": "traceback properties"},
-{"id": 4446,
-"keyword": "bohua zhan"},
-{"id": 4447,
-"keyword": "path integrals"},
-{"id": 4448,
-"keyword": "arbitrarily large girth"},
-{"id": 4449,
-"keyword": "main thrust"},
-{"id": 4450,
-"keyword": "arithmetize register machines"},
-{"id": 4451,
-"keyword": "data refinement relations"},
-{"id": 4452,
-"keyword": "map lists"},
-{"id": 4453,
-"keyword": "extent required"},
-{"id": 4454,
-"keyword": "logical systems"},
-{"id": 4455,
-"keyword": "common automata library"},
-{"id": 4456,
-"keyword": "road traffic"},
-{"id": 4457,
-"keyword": "awn models comprise"},
-{"id": 4458,
-"keyword": "instantiation boils"},
-{"id": 4459,
-"keyword": "interesting formalization exercise"},
-{"id": 4460,
-"keyword": "central security property"},
-{"id": 4461,
-"keyword": "natural language processing"},
-{"id": 4462,
-"keyword": "automatically refines algorithms"},
-{"id": 4463,
-"keyword": "multivariate polynomial rings"},
-{"id": 4464,
-"keyword": "specific series fulfilling"},
-{"id": 4465,
-"keyword": "consistent set"},
-{"id": 4466,
-"keyword": "ad-hoc approaches"},
-{"id": 4467,
-"keyword": "residuated lattices"},
-{"id": 4468,
-"keyword": "additional non-deterministic choice command"},
-{"id": 4469,
-"keyword": "structurally recursive approach"},
-{"id": 4470,
-"keyword": "constant time findmin"},
-{"id": 4471,
-"keyword": "generic operations"},
-{"id": 4472,
-"keyword": "security definition"},
-{"id": 4473,
-"keyword": "adapt ctl"},
-{"id": 4474,
-"keyword": "de-bruijn terms"},
{"id": 4475,
-"keyword": "main contribution"},
+"keyword": "automated reasoning sch18"},
{"id": 4476,
-"keyword": "convenient commands"},
+"keyword": "theories list"},
{"id": 4477,
-"keyword": "landmark work collective choice"},
+"keyword": "theory dpt_sat_solver"},
{"id": 4478,
-"keyword": "combinable iff"},
+"keyword": "chromatic number exist"},
{"id": 4479,
-"keyword": "minimal polynomial"},
+"keyword": "interesting proofs"},
{"id": 4480,
-"keyword": "side effects"},
+"keyword": "abstract level"},
{"id": 4481,
-"keyword": "intricate distributed protocol"},
+"keyword": "accessibility decisions affecting"},
{"id": 4482,
-"keyword": "domain-theoretical aspects"},
+"keyword": "model entire prover architectures"},
{"id": 4483,
-"keyword": "express nuances"},
+"keyword": "structure abstractly"},
{"id": 4484,
-"keyword": "natural bijections"},
+"keyword": "ordinary differential equations"},
{"id": 4485,
-"keyword": "elementary symmetric polynomials"},
+"keyword": "basic facts"},
{"id": 4486,
-"keyword": "applications refer"},
+"keyword": "traceback properties"},
{"id": 4487,
-"keyword": "practical application"},
+"keyword": "bohua zhan"},
{"id": 4488,
-"keyword": "unwanted subtleties"},
+"keyword": "path integrals"},
{"id": 4489,
-"keyword": "cryptographic validation fields"},
+"keyword": "arbitrarily large girth"},
{"id": 4490,
-"keyword": "galois connections"},
+"keyword": "main thrust"},
{"id": 4491,
-"keyword": "targeted security property"},
+"keyword": "arithmetize register machines"},
{"id": 4492,
-"keyword": "perform stream fusion"},
+"keyword": "data refinement relations"},
{"id": 4493,
-"keyword": "lower bound"},
+"keyword": "map lists"},
{"id": 4494,
-"keyword": "vertical composite"},
+"keyword": "extent required"},
{"id": 4495,
-"keyword": "gale-shapley stable matching"},
+"keyword": "logical systems"},
{"id": 4496,
-"keyword": "inductive sets"},
+"keyword": "common automata library"},
{"id": 4497,
-"keyword": "ghost operations"},
+"keyword": "road traffic"},
{"id": 4498,
-"keyword": "quantum circuits"},
+"keyword": "awn models comprise"},
{"id": 4499,
-"keyword": "regular expression matches"},
+"keyword": "instantiation boils"},
{"id": 4500,
-"keyword": "direct consequence"},
+"keyword": "interesting formalization exercise"},
{"id": 4501,
-"keyword": "conventional single-clocking semantics"},
+"keyword": "central security property"},
{"id": 4502,
-"keyword": "successful model checkers"},
+"keyword": "natural language processing"},
{"id": 4503,
-"keyword": "intuitionistic logic"},
+"keyword": "automatically refines algorithms"},
{"id": 4504,
-"keyword": "multidimensional binary trees"},
+"keyword": "multivariate polynomial rings"},
{"id": 4505,
-"keyword": "computing saturated sets"},
+"keyword": "specific series fulfilling"},
{"id": 4506,
-"keyword": "commuting observables"},
+"keyword": "consistent set"},
{"id": 4507,
-"keyword": "cover quantitative"},
+"keyword": "ad-hoc approaches"},
{"id": 4508,
-"keyword": "relational tt-lifting"},
+"keyword": "residuated lattices"},
{"id": 4509,
-"keyword": "protect paths"},
+"keyword": "additional non-deterministic choice command"},
{"id": 4510,
-"keyword": "uniform framework"},
+"keyword": "structurally recursive approach"},
{"id": 4511,
-"keyword": "kleene star operation"},
+"keyword": "constant time findmin"},
{"id": 4512,
-"keyword": "simple hops"},
+"keyword": "generic operations"},
{"id": 4513,
-"keyword": "randomised treaps"},
+"keyword": "security definition"},
{"id": 4514,
-"keyword": "verifying stateful security protocols"},
+"keyword": "adapt ctl"},
{"id": 4515,
-"keyword": "monoidal category"},
+"keyword": "de-bruijn terms"},
{"id": 4516,
-"keyword": "accompanying paper 2"},
+"keyword": "main contribution"},
{"id": 4517,
-"keyword": "proof approach"},
+"keyword": "convenient commands"},
{"id": 4518,
-"keyword": "bisection square root"},
+"keyword": "landmark work collective choice"},
{"id": 4519,
-"keyword": "code generator performs"},
+"keyword": "combinable iff"},
{"id": 4520,
-"keyword": "concrete prototypes"},
+"keyword": "minimal polynomial"},
{"id": 4521,
-"keyword": "mild condition attractivity"},
+"keyword": "side effects"},
{"id": 4522,
-"keyword": "persisted size"},
+"keyword": "intricate distributed protocol"},
{"id": 4523,
-"keyword": "rational exponents"},
+"keyword": "domain-theoretical aspects"},
{"id": 4524,
-"keyword": "definition remarkably simple"},
+"keyword": "express nuances"},
{"id": 4525,
-"keyword": "executable characterisation"},
+"keyword": "natural bijections"},
{"id": 4526,
-"keyword": "clausal form"},
+"keyword": "elementary symmetric polynomials"},
{"id": 4527,
-"keyword": "order embedding"},
+"keyword": "applications refer"},
{"id": 4528,
-"keyword": "diatonic sequence"},
+"keyword": "practical application"},
{"id": 4529,
-"keyword": "contraction factors"},
+"keyword": "unwanted subtleties"},
{"id": 4530,
-"keyword": "well-typed attacks"},
+"keyword": "cryptographic validation fields"},
{"id": 4531,
-"keyword": "jones polynomial"},
+"keyword": "galois connections"},
{"id": 4532,
-"keyword": "proof techniques"},
+"keyword": "targeted security property"},
{"id": 4533,
-"keyword": "number theory"},
+"keyword": "perform stream fusion"},
{"id": 4534,
-"keyword": "noninterference security applying"},
+"keyword": "lower bound"},
{"id": 4535,
-"keyword": "unordered pairs"},
+"keyword": "vertical composite"},
{"id": 4536,
-"keyword": "simple type system"},
+"keyword": "gale-shapley stable matching"},
{"id": 4537,
-"keyword": "inf-preserving transformers"},
+"keyword": "inductive sets"},
{"id": 4538,
-"keyword": "projection functions"},
+"keyword": "ghost operations"},
{"id": 4539,
-"keyword": "free monoid"},
+"keyword": "debited loans cancel"},
{"id": 4540,
-"keyword": "certify size-change termination proofs"},
+"keyword": "quantum circuits"},
{"id": 4541,
-"keyword": "amortized time complexity"},
+"keyword": "regular expression matches"},
{"id": 4542,
-"keyword": "fundamental closest pair"},
+"keyword": "direct consequence"},
{"id": 4543,
-"keyword": "computing gr bner bases"},
+"keyword": "conventional single-clocking semantics"},
{"id": 4544,
+"keyword": "successful model checkers"},
+{"id": 4545,
+"keyword": "intuitionistic logic"},
+{"id": 4546,
+"keyword": "multidimensional binary trees"},
+{"id": 4547,
+"keyword": "computing saturated sets"},
+{"id": 4548,
+"keyword": "commuting observables"},
+{"id": 4549,
+"keyword": "cover quantitative"},
+{"id": 4550,
+"keyword": "relational tt-lifting"},
+{"id": 4551,
+"keyword": "protect paths"},
+{"id": 4552,
+"keyword": "uniform framework"},
+{"id": 4553,
+"keyword": "kleene star operation"},
+{"id": 4554,
+"keyword": "simple hops"},
+{"id": 4555,
+"keyword": "randomised treaps"},
+{"id": 4556,
+"keyword": "verifying stateful security protocols"},
+{"id": 4557,
+"keyword": "monoidal category"},
+{"id": 4558,
+"keyword": "accompanying paper 2"},
+{"id": 4559,
+"keyword": "proof approach"},
+{"id": 4560,
+"keyword": "bisection square root"},
+{"id": 4561,
+"keyword": "code generator performs"},
+{"id": 4562,
+"keyword": "concrete prototypes"},
+{"id": 4563,
+"keyword": "mild condition attractivity"},
+{"id": 4564,
+"keyword": "persisted size"},
+{"id": 4565,
+"keyword": "rational exponents"},
+{"id": 4566,
+"keyword": "definition remarkably simple"},
+{"id": 4567,
+"keyword": "executable characterisation"},
+{"id": 4568,
+"keyword": "clausal form"},
+{"id": 4569,
+"keyword": "order embedding"},
+{"id": 4570,
+"keyword": "diatonic sequence"},
+{"id": 4571,
+"keyword": "contraction factors"},
+{"id": 4572,
+"keyword": "well-typed attacks"},
+{"id": 4573,
+"keyword": "jones polynomial"},
+{"id": 4574,
+"keyword": "proof techniques"},
+{"id": 4575,
+"keyword": "number theory"},
+{"id": 4576,
+"keyword": "noninterference security applying"},
+{"id": 4577,
+"keyword": "unordered pairs"},
+{"id": 4578,
+"keyword": "simple type system"},
+{"id": 4579,
+"keyword": "inf-preserving transformers"},
+{"id": 4580,
+"keyword": "projection functions"},
+{"id": 4581,
+"keyword": "free monoid"},
+{"id": 4582,
+"keyword": "certify size-change termination proofs"},
+{"id": 4583,
+"keyword": "amortized time complexity"},
+{"id": 4584,
+"keyword": "fundamental closest pair"},
+{"id": 4585,
+"keyword": "computing gr bner bases"},
+{"id": 4586,
"keyword": "finality predicate"},
-{"id": 4545,
+{"id": 4587,
"keyword": "intuitively secure programs"},
-{"id": 4546,
+{"id": 4588,
"keyword": "continued fraction expansions"},
-{"id": 4547,
+{"id": 4589,
"keyword": "suitable denotational model"},
-{"id": 4548,
+{"id": 4590,
"keyword": "entire development"},
-{"id": 4549,
+{"id": 4591,
"keyword": "complicated proofs"},
-{"id": 4550,
+{"id": 4592,
"keyword": "integer-indexed maps"},
-{"id": 4551,
+{"id": 4593,
"keyword": "large collection"},
-{"id": 4552,
+{"id": 4594,
"keyword": "unique program"},
-{"id": 4553,
+{"id": 4595,
"keyword": "time"},
-{"id": 4554,
+{"id": 4596,
"keyword": "certificate language"},
-{"id": 4555,
+{"id": 4597,
"keyword": "fixed probability"},
-{"id": 4556,
+{"id": 4598,
"keyword": "lattice-based post-quantum cryptography"},
-{"id": 4557,
+{"id": 4599,
"keyword": "array operations seamlessly integrate"},
-{"id": 4558,
+{"id": 4600,
"keyword": "angelic nondeterministic choices"},
-{"id": 4559,
+{"id": 4601,
"keyword": "specification language tla"},
-{"id": 4560,
+{"id": 4602,
"keyword": "undesirable side-effect"},
-{"id": 4561,
+{"id": 4603,
"keyword": "integers hurwitz"},
-{"id": 4562,
+{"id": 4604,
"keyword": "unprecedented time"},
-{"id": 4563,
+{"id": 4605,
"keyword": "ribbon proofs emphasise"},
-{"id": 4564,
+{"id": 4606,
"keyword": "clause procedures gc"},
-{"id": 4565,
+{"id": 4607,
"keyword": "parser monad built"},
-{"id": 4566,
+{"id": 4608,
"keyword": "entry establishes syntax"},
-{"id": 4567,
+{"id": 4609,
"keyword": "decreasing diagrams"},
-{"id": 4568,
+{"id": 4610,
"keyword": "linearly ordered borel-spaces"},
-{"id": 4569,
+{"id": 4611,
"keyword": "imperative data structures"},
-{"id": 4570,
+{"id": 4612,
"keyword": "apply data refinement"},
-{"id": 4571,
+{"id": 4613,
"keyword": "limits exist"},
-{"id": 4572,
+{"id": 4614,
"keyword": "graham jameson"},
-{"id": 4573,
+{"id": 4615,
"keyword": "uniformly coxeter"},
-{"id": 4574,
+{"id": 4616,
"keyword": "simple object calculus"},
-{"id": 4575,
+{"id": 4617,
"keyword": "represent physical quantities"},
-{"id": 4576,
+{"id": 4618,
"keyword": "constraint-system-based program analysis"},
-{"id": 4577,
+{"id": 4619,
"keyword": "economic behavior"},
-{"id": 4578,
+{"id": 4620,
"keyword": "locally finite"},
-{"id": 4579,
+{"id": 4621,
"keyword": "handling variable binding"},
-{"id": 4580,
+{"id": 4622,
"keyword": "general possibility theorem"},
-{"id": 4581,
+{"id": 4623,
"keyword": "collection framework"},
-{"id": 4582,
+{"id": 4624,
"keyword": "feasible paths"},
-{"id": 4583,
+{"id": 4625,
"keyword": "store buffering"},
-{"id": 4584,
+{"id": 4626,
"keyword": "gamma"},
-{"id": 4585,
+{"id": 4627,
"keyword": "understood problem"},
-{"id": 4586,
+{"id": 4628,
"keyword": "dynamic refutational completeness"},
-{"id": 4587,
+{"id": 4629,
"keyword": "pascal schreck"},
-{"id": 4588,
+{"id": 4630,
"keyword": "efficient checking"},
-{"id": 4589,
+{"id": 4631,
"keyword": "program fulfilling"},
-{"id": 4590,
+{"id": 4632,
"keyword": "unified manner"},
-{"id": 4591,
+{"id": 4633,
"keyword": "assuming soundness"},
-{"id": 4592,
+{"id": 4634,
"keyword": "uniform boundedness principle"},
-{"id": 4593,
+{"id": 4635,
"keyword": "residuated functions"},
-{"id": 4594,
+{"id": 4636,
"keyword": "linux-style router"},
-{"id": 4595,
+{"id": 4637,
"keyword": "euro-mils project http"},
-{"id": 4596,
+{"id": 4638,
"keyword": "deque implementation"},
-{"id": 4597,
+{"id": 4639,
"keyword": "paper enriches hoare"},
-{"id": 4598,
+{"id": 4640,
"keyword": "general halting problem"},
-{"id": 4599,
+{"id": 4641,
"keyword": "international conference"},
-{"id": 4600,
+{"id": 4642,
"keyword": "greater computational cost"},
-{"id": 4601,
-"keyword": "minimal dfas"},
-{"id": 4602,
-"keyword": "noninterference security"},
-{"id": 4603,
-"keyword": "19th century number theory"},
-{"id": 4604,
-"keyword": "strong properties"},
-{"id": 4605,
-"keyword": "one-dimensional case"},
-{"id": 4606,
-"keyword": "generated document"},
-{"id": 4607,
-"keyword": "measurable subset"},
-{"id": 4608,
-"keyword": "behavior trace assertions"},
-{"id": 4609,
-"keyword": "odd ranking"},
-{"id": 4610,
-"keyword": "quartic equation"},
-{"id": 4611,
-"keyword": "kind"},
-{"id": 4612,
-"keyword": "sch18 anders schlichtkrull"},
-{"id": 4613,
-"keyword": "classical statements"},
-{"id": 4614,
-"keyword": "filtering behavior"},
-{"id": 4615,
-"keyword": "general triangle"},
-{"id": 4616,
-"keyword": "postponing soundness-critical admissibility checks"},
-{"id": 4617,
-"keyword": "dynamic programming"},
-{"id": 4618,
-"keyword": "modelling security"},
-{"id": 4619,
-"keyword": "presburger arithmetic"},
-{"id": 4620,
-"keyword": "erd odblac"},
-{"id": 4621,
-"keyword": "fast number theoretic transform"},
-{"id": 4622,
-"keyword": "positive integer"},
-{"id": 4623,
-"keyword": "promising increased tolerance"},
-{"id": 4624,
-"keyword": "probabilistic functions"},
-{"id": 4625,
-"keyword": "featherweight ocl"},
-{"id": 4626,
-"keyword": "concrete input"},
-{"id": 4627,
-"keyword": "general setting"},
-{"id": 4628,
-"keyword": "putnam exam problems"},
-{"id": 4629,
-"keyword": "mechanized soundness proof"},
-{"id": 4630,
-"keyword": "advanced replacement"},
-{"id": 4631,
-"keyword": "syntax tree"},
-{"id": 4632,
-"keyword": "rts algorithms select"},
-{"id": 4633,
-"keyword": "efsm level"},
-{"id": 4634,
-"keyword": "relation constraints"},
-{"id": 4635,
-"keyword": "integers"},
-{"id": 4636,
-"keyword": "presented formalization"},
-{"id": 4637,
-"keyword": "topological proof"},
-{"id": 4638,
-"keyword": "value-dependent noninterference property"},
-{"id": 4639,
-"keyword": "consensus problem"},
-{"id": 4640,
-"keyword": "drf guarantee"},
-{"id": 4641,
-"keyword": "threshold probability"},
-{"id": 4642,
-"keyword": "standard finite_map theory"},
{"id": 4643,
-"keyword": "logic programming"},
+"keyword": "minimal dfas"},
{"id": 4644,
-"keyword": "large tree automata"},
+"keyword": "noninterference security"},
{"id": 4645,
-"keyword": "program construction"},
+"keyword": "19th century number theory"},
{"id": 4646,
-"keyword": "unlike traditional decision procedures"},
+"keyword": "strong properties"},
{"id": 4647,
-"keyword": "case"},
+"keyword": "one-dimensional case"},
{"id": 4648,
-"keyword": "linear logics"},
+"keyword": "generated document"},
{"id": 4649,
-"keyword": "free monoidal category"},
+"keyword": "measurable subset"},
{"id": 4650,
-"keyword": "contribution reuses"},
+"keyword": "behavior trace assertions"},
{"id": 4651,
-"keyword": "smaller set"},
+"keyword": "odd ranking"},
{"id": 4652,
-"keyword": "odd bernoulli numbers"},
+"keyword": "quartic equation"},
{"id": 4653,
-"keyword": "axiomatic characterization"},
+"keyword": "kind"},
{"id": 4654,
-"keyword": "original article"},
+"keyword": "sch18 anders schlichtkrull"},
{"id": 4655,
-"keyword": "useless zero-reductions"},
+"keyword": "classical statements"},
{"id": 4656,
-"keyword": "integer variables"},
+"keyword": "filtering behavior"},
{"id": 4657,
-"keyword": "important introductory theorems"},
+"keyword": "general triangle"},
{"id": 4658,
-"keyword": "proof due"},
+"keyword": "postponing soundness-critical admissibility checks"},
{"id": 4659,
-"keyword": "common ground"},
+"keyword": "dynamic programming"},
{"id": 4660,
-"keyword": "terminated successfully"},
+"keyword": "modelling security"},
{"id": 4661,
-"keyword": "monadic interpreter"},
+"keyword": "presburger arithmetic"},
{"id": 4662,
-"keyword": "support negative joins"},
+"keyword": "erd odblac"},
{"id": 4663,
-"keyword": "nontrivial size"},
+"keyword": "fast number theoretic transform"},
{"id": 4664,
-"keyword": "ternary kripke frames"},
+"keyword": "positive integer"},
{"id": 4665,
-"keyword": "monolithic structure"},
+"keyword": "promising increased tolerance"},
{"id": 4666,
-"keyword": "immutable arrays"},
+"keyword": "probabilistic functions"},
{"id": 4667,
-"keyword": "epsilon free top-"},
+"keyword": "featherweight ocl"},
{"id": 4668,
-"keyword": "algebraic approach"},
+"keyword": "concrete input"},
{"id": 4669,
-"keyword": "completeness proofs naturally suggest"},
+"keyword": "general setting"},
{"id": 4670,
-"keyword": "ifip networking 2016"},
+"keyword": "putnam exam problems"},
{"id": 4671,
-"keyword": "integer lattice 8484"},
+"keyword": "mechanized soundness proof"},
{"id": 4672,
-"keyword": "weak duality theorem"},
+"keyword": "advanced replacement"},
{"id": 4673,
-"keyword": "jinja source"},
+"keyword": "syntax tree"},
{"id": 4674,
-"keyword": "finite stuttering"},
+"keyword": "rts algorithms select"},
{"id": 4675,
-"keyword": "standard proof methods"},
+"keyword": "efsm level"},
{"id": 4676,
-"keyword": "executable emulator"},
+"keyword": "relation constraints"},
{"id": 4677,
-"keyword": "leading power-product"},
+"keyword": "integers"},
{"id": 4678,
-"keyword": "global context"},
+"keyword": "presented formalization"},
{"id": 4679,
-"keyword": "data transmission"},
+"keyword": "topological proof"},
{"id": 4680,
-"keyword": "coercion ord_of_nat"},
+"keyword": "value-dependent noninterference property"},
{"id": 4681,
-"keyword": "present proof development represents"},
+"keyword": "consensus problem"},
{"id": 4682,
-"keyword": "important specializations"},
+"keyword": "drf guarantee"},
{"id": 4683,
-"keyword": "comprehension principle"},
+"keyword": "threshold probability"},
{"id": 4684,
-"keyword": "log log"},
+"keyword": "standard finite_map theory"},
{"id": 4685,
-"keyword": "machine language"},
+"keyword": "logic programming"},
{"id": 4686,
-"keyword": "tensor product"},
+"keyword": "large tree automata"},
{"id": 4687,
-"keyword": "minkowski space-time"},
+"keyword": "program construction"},
{"id": 4688,
-"keyword": "ordered semirings"},
+"keyword": "unlike traditional decision procedures"},
{"id": 4689,
-"keyword": "finite support"},
+"keyword": "case"},
{"id": 4690,
-"keyword": "certifying primes"},
+"keyword": "linear logics"},
{"id": 4691,
-"keyword": "computational modeling"},
+"keyword": "free monoidal category"},
{"id": 4692,
-"keyword": "regular arithmetic geometric"},
+"keyword": "contribution reuses"},
{"id": 4693,
-"keyword": "marked regular expressions"},
+"keyword": "smaller set"},
{"id": 4694,
-"keyword": "9th international joint conference"},
+"keyword": "odd bernoulli numbers"},
{"id": 4695,
-"keyword": "term rewriting"},
+"keyword": "axiomatic characterization"},
{"id": 4696,
-"keyword": "maximum norm"},
+"keyword": "original article"},
{"id": 4697,
-"keyword": "combined result"},
+"keyword": "useless zero-reductions"},
{"id": 4698,
-"keyword": "unnamed initial segment"},
+"keyword": "integer variables"},
{"id": 4699,
-"keyword": "simulation-based security paradigms"},
+"keyword": "important introductory theorems"},
{"id": 4700,
-"keyword": "fixpoint theorem"},
+"keyword": "proof due"},
{"id": 4701,
-"keyword": "modified version"},
+"keyword": "common ground"},
{"id": 4702,
-"keyword": "object-oriented data"},
+"keyword": "terminated successfully"},
{"id": 4703,
-"keyword": "modular hierarchy"},
+"keyword": "monadic interpreter"},
{"id": 4704,
-"keyword": "finite-dimensional vector spaces"},
+"keyword": "support negative joins"},
{"id": 4705,
-"keyword": "type"},
+"keyword": "nontrivial size"},
{"id": 4706,
-"keyword": "source code"},
+"keyword": "ternary kripke frames"},
{"id": 4707,
-"keyword": "trusted reference implementation"},
+"keyword": "monolithic structure"},
{"id": 4708,
-"keyword": "establish existence"},
+"keyword": "immutable arrays"},
{"id": 4709,
-"keyword": "compute short vectors"},
+"keyword": "epsilon free top-"},
{"id": 4710,
-"keyword": "recursive functions"},
+"keyword": "algebraic approach"},
{"id": 4711,
-"keyword": "write access"},
+"keyword": "completeness proofs naturally suggest"},
{"id": 4712,
+"keyword": "ifip networking 2016"},
+{"id": 4713,
+"keyword": "integer lattice 8484"},
+{"id": 4714,
+"keyword": "weak duality theorem"},
+{"id": 4715,
+"keyword": "jinja source"},
+{"id": 4716,
+"keyword": "finite stuttering"},
+{"id": 4717,
+"keyword": "standard proof methods"},
+{"id": 4718,
+"keyword": "executable emulator"},
+{"id": 4719,
+"keyword": "leading power-product"},
+{"id": 4720,
+"keyword": "global context"},
+{"id": 4721,
+"keyword": "data transmission"},
+{"id": 4722,
+"keyword": "coercion ord_of_nat"},
+{"id": 4723,
+"keyword": "present proof development represents"},
+{"id": 4724,
+"keyword": "important specializations"},
+{"id": 4725,
+"keyword": "comprehension principle"},
+{"id": 4726,
+"keyword": "log log"},
+{"id": 4727,
+"keyword": "machine language"},
+{"id": 4728,
+"keyword": "tensor product"},
+{"id": 4729,
+"keyword": "minkowski space-time"},
+{"id": 4730,
+"keyword": "ordered semirings"},
+{"id": 4731,
+"keyword": "finite support"},
+{"id": 4732,
+"keyword": "certifying primes"},
+{"id": 4733,
+"keyword": "computational modeling"},
+{"id": 4734,
+"keyword": "regular arithmetic geometric"},
+{"id": 4735,
+"keyword": "marked regular expressions"},
+{"id": 4736,
+"keyword": "9th international joint conference"},
+{"id": 4737,
+"keyword": "term rewriting"},
+{"id": 4738,
+"keyword": "maximum norm"},
+{"id": 4739,
+"keyword": "combined result"},
+{"id": 4740,
+"keyword": "unnamed initial segment"},
+{"id": 4741,
+"keyword": "simulation-based security paradigms"},
+{"id": 4742,
+"keyword": "fixpoint theorem"},
+{"id": 4743,
+"keyword": "modified version"},
+{"id": 4744,
+"keyword": "object-oriented data"},
+{"id": 4745,
+"keyword": "modular hierarchy"},
+{"id": 4746,
+"keyword": "finite-dimensional vector spaces"},
+{"id": 4747,
+"keyword": "type"},
+{"id": 4748,
+"keyword": "source code"},
+{"id": 4749,
+"keyword": "trusted reference implementation"},
+{"id": 4750,
+"keyword": "establish existence"},
+{"id": 4751,
+"keyword": "compute short vectors"},
+{"id": 4752,
+"keyword": "recursive functions"},
+{"id": 4753,
+"keyword": "write access"},
+{"id": 4754,
"keyword": "applying sturm"},
-{"id": 4713,
+{"id": 4755,
"keyword": "regularity lemma"},
-{"id": 4714,
+{"id": 4756,
"keyword": "worst case"},
-{"id": 4715,
+{"id": 4757,
"keyword": "random bst"},
-{"id": 4716,
+{"id": 4758,
"keyword": "general attacker"},
-{"id": 4717,
+{"id": 4759,
"keyword": "base vectors"},
-{"id": 4718,
+{"id": 4760,
"keyword": "cofinitary group"},
-{"id": 4719,
+{"id": 4761,
"keyword": "system implies"},
-{"id": 4720,
+{"id": 4762,
"keyword": "johann bernoulli"},
-{"id": 4721,
+{"id": 4763,
"keyword": "ramanujan sums gauss sums"},
-{"id": 4722,
+{"id": 4764,
"keyword": "axiomatic type classes"},
-{"id": 4723,
+{"id": 4765,
"keyword": "stability"},
-{"id": 4724,
+{"id": 4766,
"keyword": "word problem"},
-{"id": 4725,
+{"id": 4767,
"keyword": "notes introduction"},
-{"id": 4726,
+{"id": 4768,
"keyword": "numerous applications"},
-{"id": 4727,
+{"id": 4769,
"keyword": "stothers theorem"},
-{"id": 4728,
+{"id": 4770,
"keyword": "probabilistic data structure"},
-{"id": 4729,
+{"id": 4771,
"keyword": "kan extensions"},
-{"id": 4730,
+{"id": 4772,
"keyword": "cut admissibility"},
-{"id": 4731,
+{"id": 4773,
"keyword": "additional password"},
-{"id": 4732,
+{"id": 4774,
"keyword": "nat-bijection theory"},
-{"id": 4733,
+{"id": 4775,
"keyword": "expected utility theory"},
-{"id": 4734,
+{"id": 4776,
"keyword": "language emptiness problem"},
-{"id": 4735,
+{"id": 4777,
"keyword": "generic worklist algorithm"},
-{"id": 4736,
+{"id": 4778,
"keyword": "timed automata carries"},
-{"id": 4737,
+{"id": 4779,
"keyword": "linear-time temporal logic"},
-{"id": 4738,
+{"id": 4780,
"keyword": "safe navigation operations"},
-{"id": 4739,
+{"id": 4781,
"keyword": "generative probabilistic"},
-{"id": 4740,
+{"id": 4782,
"keyword": "derive notions"},
-{"id": 4741,
+{"id": 4783,
"keyword": "formalising single binder calculi"},
-{"id": 4742,
+{"id": 4784,
"keyword": "high-level algorithm"},
-{"id": 4743,
+{"id": 4785,
"keyword": "one-pass uniform substitutions"},
-{"id": 4744,
+{"id": 4786,
"keyword": "hidden markov models"},
-{"id": 4745,
+{"id": 4787,
"keyword": "main theorem states"},
-{"id": 4746,
+{"id": 4788,
"keyword": "adaptive state counting"},
-{"id": 4747,
+{"id": 4789,
"keyword": "kronecker tensor product"},
-{"id": 4748,
+{"id": 4790,
"keyword": "current element"},
-{"id": 4749,
+{"id": 4791,
"keyword": "relation algebra"},
-{"id": 4750,
+{"id": 4792,
"keyword": "observation set"},
-{"id": 4751,
+{"id": 4793,
"keyword": "minimisation"},
-{"id": 4752,
+{"id": 4794,
"keyword": "direct semantics"},
-{"id": 4753,
+{"id": 4795,
"keyword": "dynamic logics"},
-{"id": 4754,
+{"id": 4796,
"keyword": "remain anonymous"},
-{"id": 4755,
+{"id": 4797,
"keyword": "generalized topological semantics"},
-{"id": 4756,
+{"id": 4798,
"keyword": "compiler composition"},
-{"id": 4757,
+{"id": 4799,
"keyword": "called concurrent transition systems"},
-{"id": 4758,
+{"id": 4800,
"keyword": "tensor analysis"},
-{"id": 4759,
+{"id": 4801,
"keyword": "concrete laplace transforms"},
-{"id": 4760,
+{"id": 4802,
"keyword": "complex construction"},
-{"id": 4761,
+{"id": 4803,
"keyword": "publisher subscriber"},
-{"id": 4762,
+{"id": 4804,
"keyword": "list interleavings"},
-{"id": 4763,
+{"id": 4805,
"keyword": "flows model"},
-{"id": 4764,
+{"id": 4806,
"keyword": "axioms set proposed"},
-{"id": 4765,
+{"id": 4807,
"keyword": "similar construction"},
-{"id": 4766,
+{"id": 4808,
"keyword": "features dynamic thread creation"},
-{"id": 4767,
+{"id": 4809,
"keyword": "random-permutation random-function switching lemma"},
-{"id": 4768,
+{"id": 4810,
"keyword": "defensive strategies"},
-{"id": 4769,
+{"id": 4811,
"keyword": "real world"},
-{"id": 4770,
+{"id": 4812,
"keyword": "function eval checking"},
-{"id": 4771,
+{"id": 4813,
"keyword": "disjoint sums"},
-{"id": 4772,
+{"id": 4814,
"keyword": "imperative implementation"},
-{"id": 4773,
+{"id": 4815,
"keyword": "large formalization efforts"},
-{"id": 4774,
+{"id": 4816,
"keyword": "term rewrite systems"},
-{"id": 4775,
+{"id": 4817,
"keyword": "programming languages support working"},
-{"id": 4776,
+{"id": 4818,
"keyword": "executable ml code"},
-{"id": 4777,
+{"id": 4819,
"keyword": "locally nameless representation"},
-{"id": 4778,
+{"id": 4820,
"keyword": "fault-tolerant midpoint algorithm"},
-{"id": 4779,
+{"id": 4821,
"keyword": "metatheoretical properties"},
-{"id": 4780,
+{"id": 4822,
"keyword": "strictly larger"},
-{"id": 4781,
+{"id": 4823,
"keyword": "direct application"},
-{"id": 4782,
+{"id": 4824,
"keyword": "runtime bounds"},
-{"id": 4783,
+{"id": 4825,
"keyword": "physical clocks"},
-{"id": 4784,
+{"id": 4826,
"keyword": "schultz refers"},
-{"id": 4785,
+{"id": 4827,
"keyword": "first-order logic metatheory"},
-{"id": 4786,
+{"id": 4828,
"keyword": "executable equivalence checker"},
-{"id": 4787,
+{"id": 4829,
"keyword": "stellar quorum systems"},
-{"id": 4788,
+{"id": 4830,
"keyword": "sequence preserves fairness"},
-{"id": 4789,
+{"id": 4831,
"keyword": "single binders"},
-{"id": 4790,
+{"id": 4832,
"keyword": "microsoft research"},
-{"id": 4791,
+{"id": 4833,
"keyword": "square integrable functions"},
-{"id": 4792,
+{"id": 4834,
"keyword": "formal differentiation"},
-{"id": 4793,
+{"id": 4835,
"keyword": "logarithmic amortized complexity"},
-{"id": 4794,
+{"id": 4836,
"keyword": "tfrac 1 2 log"},
-{"id": 4795,
+{"id": 4837,
"keyword": "shared bdd"},
-{"id": 4796,
+{"id": 4838,
"keyword": "euclidean space indexed"},
-{"id": 4797,
+{"id": 4839,
"keyword": "multi-node extension"},
-{"id": 4798,
+{"id": 4840,
"keyword": "existing formal developments"},
-{"id": 4799,
+{"id": 4841,
"keyword": "stores key information"},
-{"id": 4800,
+{"id": 4842,
"keyword": "generic tactics"},
-{"id": 4801,
+{"id": 4843,
"keyword": "taking advantage"},
-{"id": 4802,
+{"id": 4844,
"keyword": "article knight"},
-{"id": 4803,
+{"id": 4845,
"keyword": "output infinite sequences"},
-{"id": 4804,
+{"id": 4846,
"keyword": "universal turing machine entry"},
-{"id": 4805,
+{"id": 4847,
"keyword": "traditional approach"},
-{"id": 4806,
+{"id": 4848,
"keyword": "monoidal categories"},
-{"id": 4807,
+{"id": 4849,
"keyword": "knaster tarski theorem"},
-{"id": 4808,
+{"id": 4850,
"keyword": "tool implementors"},
-{"id": 4809,
+{"id": 4851,
"keyword": "hol formalization"},
-{"id": 4810,
+{"id": 4852,
"keyword": "achieve high expressiveness"},
-{"id": 4811,
+{"id": 4853,
"keyword": "generic consistency ---"},
-{"id": 4812,
+{"id": 4854,
"keyword": "ipv4 addresses"},
-{"id": 4813,
+{"id": 4855,
"keyword": "operators combine"},
-{"id": 4814,
+{"id": 4856,
"keyword": "refinement relations"},
-{"id": 4815,
+{"id": 4857,
"keyword": "isafor ceta-system"},
-{"id": 4816,
+{"id": 4858,
"keyword": "dot-decimal notation"},
-{"id": 4817,
+{"id": 4859,
"keyword": "allocation function allocates goods"},
-{"id": 4818,
+{"id": 4860,
"keyword": "failure assumptions"},
-{"id": 4819,
+{"id": 4861,
"keyword": "reduction path"},
-{"id": 4820,
+{"id": 4862,
"keyword": "spectral radius"},
-{"id": 4821,
+{"id": 4863,
"keyword": "imperative refinement framework"},
-{"id": 4822,
+{"id": 4864,
"keyword": "sparse grid"},
-{"id": 4823,
+{"id": 4865,
"keyword": "generic construction"},
-{"id": 4824,
+{"id": 4866,
"keyword": "opposite case"},
-{"id": 4825,
+{"id": 4867,
"keyword": "sound syntactic criteria"},
-{"id": 4826,
+{"id": 4868,
"keyword": "noninterference proofs"},
-{"id": 4827,
+{"id": 4869,
"keyword": "easily obtained"},
-{"id": 4828,
+{"id": 4870,
"keyword": "efficient imperative version"},
-{"id": 4829,
+{"id": 4871,
"keyword": "mechanically supported logic analysis"},
-{"id": 4830,
+{"id": 4872,
"keyword": "time bounds"},
-{"id": 4831,
+{"id": 4873,
"keyword": "terms"},
-{"id": 4832,
+{"id": 4874,
"keyword": "proof rules"},
-{"id": 4833,
+{"id": 4875,
"keyword": "successively extending"},
-{"id": 4834,
+{"id": 4876,
"keyword": "concrete algorithms implementations"},
-{"id": 4835,
+{"id": 4877,
"keyword": "closure property"},
-{"id": 4836,
+{"id": 4878,
"keyword": "pattern poses"},
-{"id": 4837,
+{"id": 4879,
"keyword": "sufficiently large inputs"},
-{"id": 4838,
+{"id": 4880,
"keyword": "reflexive transitive closure"},
-{"id": 4839,
+{"id": 4881,
"keyword": "mathematical sets"},
-{"id": 4840,
+{"id": 4882,
"keyword": "real world distributed systems"},
-{"id": 4841,
+{"id": 4883,
"keyword": "wolfram engine"},
-{"id": 4842,
+{"id": 4884,
"keyword": "compositionality proofs"},
-{"id": 4843,
+{"id": 4885,
"keyword": "employs herbrand"},
-{"id": 4844,
+{"id": 4886,
"keyword": "extra-history change history"},
-{"id": 4845,
+{"id": 4887,
"keyword": "real component"},
-{"id": 4846,
+{"id": 4888,
"keyword": "replicated datatypes"},
-{"id": 4847,
+{"id": 4889,
"keyword": "solving markov decision processes"},
-{"id": 4848,
+{"id": 4890,
"keyword": "pure exchange economy"},
-{"id": 4849,
+{"id": 4891,
"keyword": "integer coefficients"},
-{"id": 4850,
+{"id": 4892,
"keyword": "initial states"},
-{"id": 4851,
+{"id": 4893,
"keyword": "good closure properties"},
-{"id": 4852,
+{"id": 4894,
"keyword": "faithful formalization"},
-{"id": 4853,
+{"id": 4895,
"keyword": "free basis"},
-{"id": 4854,
+{"id": 4896,
"keyword": "rational actors"},
-{"id": 4855,
+{"id": 4897,
"keyword": "functional automata"},
-{"id": 4856,
+{"id": 4898,
"keyword": "kleene star"},
-{"id": 4857,
+{"id": 4899,
"keyword": "effect polymorphism"},
-{"id": 4858,
+{"id": 4900,
"keyword": "kleene algebras remain"},
-{"id": 4859,
+{"id": 4901,
"keyword": "cancellative separation algebra"},
-{"id": 4860,
+{"id": 4902,
"keyword": "running time bounds"},
-{"id": 4861,
+{"id": 4903,
"keyword": "resulting hierarchy"},
-{"id": 4862,
+{"id": 4904,
"keyword": "word count program"},
-{"id": 4863,
+{"id": 4905,
"keyword": "memory implementations"},
-{"id": 4864,
+{"id": 4906,
"keyword": "binding signature"},
-{"id": 4865,
+{"id": 4907,
"keyword": "rational polynomials"},
-{"id": 4866,
+{"id": 4908,
"keyword": "polymorphic lambda-calculus extended"},
-{"id": 4867,
+{"id": 4909,
"keyword": "recursion combinator"},
-{"id": 4868,
+{"id": 4910,
"keyword": "partial commutativity relationships"},
-{"id": 4869,
+{"id": 4911,
"keyword": "iptables match condition"},
-{"id": 4870,
+{"id": 4912,
"keyword": "l-shaped tiles"},
-{"id": 4871,
+{"id": 4913,
"keyword": "metric temporal logic"},
-{"id": 4872,
+{"id": 4914,
"keyword": "verifying depth-"},
-{"id": 4873,
+{"id": 4915,
"keyword": "alpha_1 ldots beta_n"},
-{"id": 4874,
+{"id": 4916,
"keyword": "basic notions"},
-{"id": 4875,
+{"id": 4917,
"keyword": "intransitive purge function"},
-{"id": 4876,
+{"id": 4918,
"keyword": "concurrent constraint pi-calculus"},
-{"id": 4877,
+{"id": 4919,
"keyword": "automatize canonical tasks"},
-{"id": 4878,
+{"id": 4920,
"keyword": "unified translation approach"},
-{"id": 4879,
+{"id": 4921,
"keyword": "present sufficient conditions"},
-{"id": 4880,
+{"id": 4922,
"keyword": "inequality states"},
-{"id": 4881,
+{"id": 4923,
"keyword": "existing formal power series"},
-{"id": 4882,
+{"id": 4924,
"keyword": "transcendence"},
-{"id": 4883,
+{"id": 4925,
"keyword": "integers based"},
-{"id": 4884,
+{"id": 4926,
"keyword": "completely verified"},
-{"id": 4885,
+{"id": 4927,
"keyword": "worth noting"},
-{"id": 4886,
+{"id": 4928,
"keyword": "square matrices form"},
-{"id": 4887,
+{"id": 4929,
"keyword": "number-theoretic lemmas"},
-{"id": 4888,
+{"id": 4930,
"keyword": "analytic completeness proof covers"},
-{"id": 4889,
+{"id": 4931,
"keyword": "common theme"},
-{"id": 4890,
+{"id": 4932,
"keyword": "usual redundancy criteria based"},
-{"id": 4891,
+{"id": 4933,
"keyword": "fundamental building block"},
-{"id": 4892,
+{"id": 4934,
"keyword": "convergence function applied"},
-{"id": 4893,
+{"id": 4935,
"keyword": "transforming xml trees"},
-{"id": 4894,
+{"id": 4936,
"keyword": "speculative linearizability framework"},
-{"id": 4895,
+{"id": 4937,
"keyword": "holomorphic automorphisms"},
-{"id": 4896,
+{"id": 4938,
"keyword": "interactive theorem prover"},
-{"id": 4897,
+{"id": 4939,
"keyword": "applied mathematics"},
-{"id": 4898,
+{"id": 4940,
"keyword": "policy iteration algorithms"},
-{"id": 4899,
+{"id": 4941,
"keyword": "ijcar 2006 paper"},
-{"id": 4900,
+{"id": 4942,
"keyword": "search tree"},
-{"id": 4901,
+{"id": 4943,
"keyword": "spatio-temporal multi-modal logic"},
-{"id": 4902,
+{"id": 4944,
"keyword": "imperative language imp"},
-{"id": 4903,
+{"id": 4945,
"keyword": "degenerate deterministic case"},
-{"id": 4904,
+{"id": 4946,
"keyword": "imperative hol programs"},
-{"id": 4905,
+{"id": 4947,
"keyword": "web standards"},
-{"id": 4906,
+{"id": 4948,
"keyword": "higher-order probabilistic programming languages"},
-{"id": 4907,
+{"id": 4949,
"keyword": "syntactic approximations"},
-{"id": 4908,
+{"id": 4950,
"keyword": "standard restrictions"},
-{"id": 4909,
+{"id": 4951,
"keyword": "executable automata"},
-{"id": 4910,
+{"id": 4952,
"keyword": "existing cc results"},
-{"id": 4911,
+{"id": 4953,
"keyword": "original functionality"},
-{"id": 4912,
+{"id": 4954,
"keyword": "non-atomic keys"},
-{"id": 4913,
+{"id": 4955,
"keyword": "asymptotically equivalent"},
-{"id": 4914,
+{"id": 4956,
"keyword": "describe formalization"},
-{"id": 4915,
+{"id": 4957,
"keyword": "intermediate relations"},
-{"id": 4916,
+{"id": 4958,
"keyword": "symbolic states"},
-{"id": 4917,
+{"id": 4959,
+"keyword": "monetary supply grows"},
+{"id": 4960,
"keyword": "lazy list"},
-{"id": 4918,
+{"id": 4961,
"keyword": "healthcare iot system"},
-{"id": 4919,
+{"id": 4962,
"keyword": "standardization theorem"},
-{"id": 4920,
+{"id": 4963,
"keyword": "j3202"},
-{"id": 4921,
+{"id": 4964,
"keyword": "john harrison"},
-{"id": 4922,
+{"id": 4965,
"keyword": "complex roots"},
-{"id": 4923,
+{"id": 4966,
"keyword": "george boolos gave"},
-{"id": 4924,
+{"id": 4967,
"keyword": "adaptive test cases"},
-{"id": 4925,
+{"id": 4968,
"keyword": "markov chains"},
-{"id": 4926,
+{"id": 4969,
"keyword": "efficient executable algorithm"},
-{"id": 4927,
+{"id": 4970,
"keyword": "myhill-nerode theorem"},
-{"id": 4928,
+{"id": 4971,
"keyword": "single strip"},
-{"id": 4929,
+{"id": 4972,
+"keyword": "risk-free lending protocol"},
+{"id": 4973,
"keyword": "simple specification"},
-{"id": 4930,
+{"id": 4974,
"keyword": "approximation error"},
-{"id": 4931,
+{"id": 4975,
"keyword": "isomorphism theorem"},
-{"id": 4932,
+{"id": 4976,
"keyword": "pretty printers"},
-{"id": 4933,
+{"id": 4977,
"keyword": "repeated opening"},
-{"id": 4934,
+{"id": 4978,
"keyword": "normal form property"},
-{"id": 4935,
+{"id": 4979,
"keyword": "program verification"},
-{"id": 4936,
-"keyword": "classic dynamic programming algorithm"},
-{"id": 4937,
-"keyword": "considerably shorter"},
-{"id": 4938,
-"keyword": "familiar real-"},
-{"id": 4939,
-"keyword": "computing optimal stable matches"},
-{"id": 4940,
-"keyword": "original sturm"},
-{"id": 4941,
-"keyword": "single-source shortest path function"},
-{"id": 4942,
-"keyword": "convergence function"},
-{"id": 4943,
-"keyword": "canonical set-theoretic constructions internalized"},
-{"id": 4944,
-"keyword": "secure information flow"},
-{"id": 4945,
-"keyword": "ocl standard"},
-{"id": 4946,
-"keyword": "soundness proof"},
-{"id": 4947,
-"keyword": "real analysis"},
-{"id": 4948,
-"keyword": "automata library"},
-{"id": 4949,
-"keyword": "datatypes similar"},
-{"id": 4950,
-"keyword": "formally verified clrs algorithms"},
-{"id": 4951,
-"keyword": "automated-theorem-proving assistant"},
-{"id": 4952,
-"keyword": "paulson semantics-based approach"},
-{"id": 4953,
-"keyword": "turn outputs descriptions"},
-{"id": 4954,
-"keyword": "stone-kleene relation algebras"},
-{"id": 4955,
-"keyword": "java se 8 specification"},
-{"id": 4956,
-"keyword": "past operators"},
-{"id": 4957,
-"keyword": "primitive authentication construct"},
-{"id": 4958,
-"keyword": "matrix theory"},
-{"id": 4959,
-"keyword": "additional domain elements"},
-{"id": 4960,
-"keyword": "informal presentation"},
-{"id": 4961,
-"keyword": "simple inductive proof"},
-{"id": 4962,
-"keyword": "company associating"},
-{"id": 4963,
-"keyword": "c11 syntax deeply integrated"},
-{"id": 4964,
-"keyword": "anders schlichtkrull"},
-{"id": 4965,
-"keyword": "generated test suite"},
-{"id": 4966,
-"keyword": "hol light"},
-{"id": 4967,
-"keyword": "straightforward analytic proof"},
-{"id": 4968,
-"keyword": "comparing relations"},
-{"id": 4969,
-"keyword": "weak form"},
-{"id": 4970,
-"keyword": "asymptotic expansions"},
-{"id": 4971,
-"keyword": "abstract program"},
-{"id": 4972,
-"keyword": "successful termination"},
-{"id": 4973,
-"keyword": "future separation logic developments"},
-{"id": 4974,
-"keyword": "guiding proof search"},
-{"id": 4975,
-"keyword": "undirected graphs"},
-{"id": 4976,
-"keyword": "previous formalisation"},
-{"id": 4977,
-"keyword": "association lists"},
-{"id": 4978,
-"keyword": "textbook first-order logic"},
-{"id": 4979,
-"keyword": "concurrent value-dependent noninterference"},
{"id": 4980,
-"keyword": "textbook reasoning"},
+"keyword": "classic dynamic programming algorithm"},
{"id": 4981,
-"keyword": "logical reasoning"},
+"keyword": "considerably shorter"},
{"id": 4982,
-"keyword": "program trace semantics"},
+"keyword": "familiar real-"},
{"id": 4983,
-"keyword": "method calls"},
+"keyword": "computing optimal stable matches"},
{"id": 4984,
-"keyword": "game theoretic issues"},
+"keyword": "original sturm"},
{"id": 4985,
-"keyword": "byte code"},
+"keyword": "single-source shortest path function"},
{"id": 4986,
-"keyword": "cantor pairing function"},
+"keyword": "convergence function"},
{"id": 4987,
-"keyword": "potential negative cycles"},
+"keyword": "canonical set-theoretic constructions internalized"},
{"id": 4988,
-"keyword": "randomised skip list"},
+"keyword": "secure information flow"},
{"id": 4989,
-"keyword": "strengthen mertens"},
+"keyword": "ocl standard"},
{"id": 4990,
-"keyword": "manual alpha-conversions"},
+"keyword": "soundness proof"},
{"id": 4991,
-"keyword": "mobile computing"},
+"keyword": "real analysis"},
{"id": 4992,
-"keyword": "formalising cryptographic arguments"},
+"keyword": "automata library"},
{"id": 4993,
-"keyword": "reference implementation"},
+"keyword": "datatypes similar"},
{"id": 4994,
-"keyword": "simplify complex iptables rulests"},
+"keyword": "formally verified clrs algorithms"},
{"id": 4995,
-"keyword": "stieltjes constants"},
+"keyword": "automated-theorem-proving assistant"},
{"id": 4996,
-"keyword": "specific variants"},
+"keyword": "paulson semantics-based approach"},
{"id": 4997,
-"keyword": "faithful embedding"},
+"keyword": "turn outputs descriptions"},
{"id": 4998,
-"keyword": "continuous lattices"},
+"keyword": "stone-kleene relation algebras"},
{"id": 4999,
-"keyword": "intermediate results"},
+"keyword": "java se 8 specification"},
{"id": 5000,
-"keyword": "unified translation"},
+"keyword": "past operators"},
{"id": 5001,
-"keyword": "autocorres tool"},
+"keyword": "primitive authentication construct"},
{"id": 5002,
-"keyword": "set category"},
+"keyword": "matrix theory"},
{"id": 5003,
-"keyword": "model existence"},
+"keyword": "additional domain elements"},
{"id": 5004,
-"keyword": "factor ring"},
+"keyword": "informal presentation"},
{"id": 5005,
-"keyword": "data-refinement techniques"},
+"keyword": "simple inductive proof"},
{"id": 5006,
-"keyword": "nondeterminism monad"},
+"keyword": "company associating"},
{"id": 5007,
-"keyword": "capture laws"},
+"keyword": "c11 syntax deeply integrated"},
{"id": 5008,
-"keyword": "resulting automata"},
+"keyword": "anders schlichtkrull"},
{"id": 5009,
-"keyword": "normalizing strategy"},
+"keyword": "generated test suite"},
{"id": 5010,
-"keyword": "non-negative weights w_1"},
+"keyword": "hol light"},
{"id": 5011,
-"keyword": "red-black trees"},
+"keyword": "straightforward analytic proof"},
{"id": 5012,
-"keyword": "key encapsulation mechanism"},
+"keyword": "comparing relations"},
{"id": 5013,
-"keyword": "finite search space"},
+"keyword": "weak form"},
{"id": 5014,
-"keyword": "replicated databases"},
+"keyword": "asymptotic expansions"},
{"id": 5015,
-"keyword": "concurrency control model"},
+"keyword": "abstract program"},
{"id": 5016,
-"keyword": "additional convenience"},
+"keyword": "successful termination"},
{"id": 5017,
-"keyword": "affine systems"},
+"keyword": "future separation logic developments"},
{"id": 5018,
-"keyword": "parent clauses"},
+"keyword": "guiding proof search"},
{"id": 5019,
-"keyword": "elementary number theory"},
+"keyword": "undirected graphs"},
{"id": 5020,
-"keyword": "proof term checker embedded"},
+"keyword": "previous formalisation"},
{"id": 5021,
-"keyword": "distributed system"},
+"keyword": "association lists"},
{"id": 5022,
-"keyword": "knight"},
+"keyword": "textbook first-order logic"},
{"id": 5023,
-"keyword": "decision problem clique"},
+"keyword": "concurrent value-dependent noninterference"},
{"id": 5024,
-"keyword": "upcoming work principia logico-metaphysica"},
+"keyword": "textbook reasoning"},
{"id": 5025,
-"keyword": "guarantee information flow noninterference"},
+"keyword": "logical reasoning"},
{"id": 5026,
-"keyword": "classical two-sided matching scenarios"},
+"keyword": "program trace semantics"},
{"id": 5027,
-"keyword": "large fragment"},
+"keyword": "method calls"},
{"id": 5028,
-"keyword": "aforementioned consensus problem"},
+"keyword": "game theoretic issues"},
{"id": 5029,
-"keyword": "afp entry robinson_arithmetic"},
+"keyword": "byte code"},
{"id": 5030,
-"keyword": "divergence reflection"},
+"keyword": "cantor pairing function"},
{"id": 5031,
-"keyword": "elegant proof"},
+"keyword": "potential negative cycles"},
{"id": 5032,
-"keyword": "alpha-equivalence classes"},
+"keyword": "randomised skip list"},
{"id": 5033,
-"keyword": "previous analogous"},
+"keyword": "strengthen mertens"},
{"id": 5034,
-"keyword": "operators"},
+"keyword": "manual alpha-conversions"},
{"id": 5035,
-"keyword": "cc studies system classes"},
+"keyword": "mobile computing"},
{"id": 5036,
-"keyword": "automatically extracted scala code"},
+"keyword": "formalising cryptographic arguments"},
{"id": 5037,
-"keyword": "binding structure"},
+"keyword": "reference implementation"},
{"id": 5038,
-"keyword": "essential parts"},
+"keyword": "simplify complex iptables rulests"},
{"id": 5039,
-"keyword": "chamber complexes"},
+"keyword": "stieltjes constants"},
{"id": 5040,
-"keyword": "quantum prisoner"},
+"keyword": "specific variants"},
{"id": 5041,
-"keyword": "generic algebraic middle-layer"},
+"keyword": "faithful embedding"},
{"id": 5042,
-"keyword": "cite swan"},
+"keyword": "continuous lattices"},
{"id": 5043,
-"keyword": "lower semicontinuous hull"},
+"keyword": "intermediate results"},
{"id": 5044,
-"keyword": "maclaurin series"},
+"keyword": "unified translation"},
{"id": 5045,
-"keyword": "functional representation"},
+"keyword": "autocorres tool"},
{"id": 5046,
-"keyword": "state-merging technique"},
+"keyword": "set category"},
{"id": 5047,
-"keyword": "natural numbers 0"},
+"keyword": "model existence"},
{"id": 5048,
-"keyword": "canonical matrix analogue"},
+"keyword": "factor ring"},
{"id": 5049,
+"keyword": "data-refinement techniques"},
+{"id": 5050,
+"keyword": "nondeterminism monad"},
+{"id": 5051,
+"keyword": "capture laws"},
+{"id": 5052,
+"keyword": "resulting automata"},
+{"id": 5053,
+"keyword": "normalizing strategy"},
+{"id": 5054,
+"keyword": "non-negative weights w_1"},
+{"id": 5055,
+"keyword": "red-black trees"},
+{"id": 5056,
+"keyword": "key encapsulation mechanism"},
+{"id": 5057,
+"keyword": "finite search space"},
+{"id": 5058,
+"keyword": "replicated databases"},
+{"id": 5059,
+"keyword": "concurrency control model"},
+{"id": 5060,
+"keyword": "additional convenience"},
+{"id": 5061,
+"keyword": "affine systems"},
+{"id": 5062,
+"keyword": "parent clauses"},
+{"id": 5063,
+"keyword": "elementary number theory"},
+{"id": 5064,
+"keyword": "proof term checker embedded"},
+{"id": 5065,
+"keyword": "distributed system"},
+{"id": 5066,
+"keyword": "knight"},
+{"id": 5067,
+"keyword": "decision problem clique"},
+{"id": 5068,
+"keyword": "upcoming work principia logico-metaphysica"},
+{"id": 5069,
+"keyword": "guarantee information flow noninterference"},
+{"id": 5070,
+"keyword": "classical two-sided matching scenarios"},
+{"id": 5071,
+"keyword": "large fragment"},
+{"id": 5072,
+"keyword": "aforementioned consensus problem"},
+{"id": 5073,
+"keyword": "afp entry robinson_arithmetic"},
+{"id": 5074,
+"keyword": "divergence reflection"},
+{"id": 5075,
+"keyword": "elegant proof"},
+{"id": 5076,
+"keyword": "alpha-equivalence classes"},
+{"id": 5077,
+"keyword": "previous analogous"},
+{"id": 5078,
+"keyword": "operators"},
+{"id": 5079,
+"keyword": "cc studies system classes"},
+{"id": 5080,
+"keyword": "automatically extracted scala code"},
+{"id": 5081,
+"keyword": "binding structure"},
+{"id": 5082,
+"keyword": "essential parts"},
+{"id": 5083,
+"keyword": "chamber complexes"},
+{"id": 5084,
+"keyword": "quantum prisoner"},
+{"id": 5085,
+"keyword": "generic algebraic middle-layer"},
+{"id": 5086,
+"keyword": "cite swan"},
+{"id": 5087,
+"keyword": "lower semicontinuous hull"},
+{"id": 5088,
+"keyword": "maclaurin series"},
+{"id": 5089,
+"keyword": "functional representation"},
+{"id": 5090,
+"keyword": "state-merging technique"},
+{"id": 5091,
+"keyword": "natural numbers 0"},
+{"id": 5092,
+"keyword": "canonical matrix analogue"},
+{"id": 5093,
"keyword": "incorrectly initialized contract"},
-{"id": 5050,
+{"id": 5094,
"keyword": "generic framework"},
-{"id": 5051,
+{"id": 5095,
"keyword": "locale mechanism"},
-{"id": 5052,
+{"id": 5096,
"keyword": "test output formats"},
-{"id": 5053,
+{"id": 5097,
"keyword": "confidential events"},
-{"id": 5054,
+{"id": 5098,
"keyword": "ultimately refutational completeness"},
-{"id": 5055,
+{"id": 5099,
"keyword": "proofs require"},
-{"id": 5056,
+{"id": 5100,
"keyword": "boolean algebra"},
-{"id": 5057,
+{"id": 5101,
"keyword": "remaining rules"},
-{"id": 5058,
+{"id": 5102,
"keyword": "fractional assertions"},
-{"id": 5059,
+{"id": 5103,
"keyword": "zout domains"},
-{"id": 5060,
+{"id": 5104,
"keyword": "abstract structures"},
-{"id": 5061,
+{"id": 5105,
"keyword": "deliberately formulated"},
-{"id": 5062,
+{"id": 5106,
"keyword": "boolean algebra type"},
-{"id": 5063,
+{"id": 5107,
"keyword": "mobius base logic"},
-{"id": 5064,
+{"id": 5108,
"keyword": "suitable setup"},
-{"id": 5065,
+{"id": 5109,
"keyword": "type class hierarchy"},
-{"id": 5066,
+{"id": 5110,
"keyword": "predicate satisfied"},
-{"id": 5067,
+{"id": 5111,
"keyword": "itp-2016 paper"},
-{"id": 5068,
+{"id": 5112,
"keyword": "axioms set suggested"},
-{"id": 5069,
+{"id": 5113,
"keyword": "finite partitioning"},
-{"id": 5070,
+{"id": 5114,
"keyword": "internal direct product"},
-{"id": 5071,
+{"id": 5115,
"keyword": "derive comparators"},
-{"id": 5072,
+{"id": 5116,
"keyword": "basic graph algorithms"},
-{"id": 5073,
+{"id": 5117,
"keyword": "mso formulas correspond"},
-{"id": 5074,
+{"id": 5118,
"keyword": "stateful connection semantics"},
-{"id": 5075,
+{"id": 5119,
"keyword": "correctness"},
-{"id": 5076,
+{"id": 5120,
"keyword": "major goal"},
-{"id": 5077,
+{"id": 5121,
"keyword": "fine-grained concurrency"},
-{"id": 5078,
+{"id": 5122,
"keyword": "handling inconsistency"},
-{"id": 5079,
+{"id": 5123,
"keyword": "employ messageless guard protocols"},
-{"id": 5080,
+{"id": 5124,
"keyword": "fundamental metaphysical theory"},
-{"id": 5081,
+{"id": 5125,
"keyword": "network model"},
-{"id": 5082,
+{"id": 5126,
"keyword": "co-inductive lists"},
-{"id": 5083,
+{"id": 5127,
"keyword": "hol experts"},
-{"id": 5084,
+{"id": 5128,
"keyword": "files chap02"},
-{"id": 5085,
+{"id": 5129,
"keyword": "sk sum"},
-{"id": 5086,
+{"id": 5130,
"keyword": "text book level"},
-{"id": 5087,
+{"id": 5131,
"keyword": "paper describing"},
-{"id": 5088,
+{"id": 5132,
"keyword": "normal series"},
-{"id": 5089,
+{"id": 5133,
"keyword": "msc thesis sch15"},
-{"id": 5090,
+{"id": 5134,
"keyword": "argument"},
-{"id": 5091,
+{"id": 5135,
"keyword": "minimal space usage"},
-{"id": 5092,
+{"id": 5136,
"keyword": "ieee-754 floating-point arithmetic"},
-{"id": 5093,
+{"id": 5137,
"keyword": "verifying functional programs"},
-{"id": 5094,
+{"id": 5138,
"keyword": "subtle algorithmic mechanisms"},
-{"id": 5095,
+{"id": 5139,
"keyword": "approximative version"},
-{"id": 5096,
+{"id": 5140,
"keyword": "triangle removal lemma"},
-{"id": 5097,
+{"id": 5141,
"keyword": "abstract execution model"},
-{"id": 5098,
+{"id": 5142,
"keyword": "gr bner basis"},
-{"id": 5099,
+{"id": 5143,
"keyword": "main novelty"},
-{"id": 5100,
+{"id": 5144,
"keyword": "internal path length relates"},
-{"id": 5101,
+{"id": 5145,
"keyword": "incrementally check"},
-{"id": 5102,
+{"id": 5146,
"keyword": "random graph"},
-{"id": 5103,
+{"id": 5147,
"keyword": "lattice point"},
-{"id": 5104,
+{"id": 5148,
"keyword": "concurrent refinement algebra"},
-{"id": 5105,
+{"id": 5149,
"keyword": "cryptographic hash-function ripemd-160"},
-{"id": 5106,
+{"id": 5150,
"keyword": "peculiar mapping argument"},
-{"id": 5107,
+{"id": 5151,
"keyword": "countable chain condition"},
-{"id": 5108,
+{"id": 5152,
"keyword": "gdpr compliance verification"},
-{"id": 5109,
+{"id": 5153,
"keyword": "elementary facts"},
-{"id": 5110,
+{"id": 5154,
"keyword": "formalisation"},
-{"id": 5111,
+{"id": 5155,
"keyword": "automated theorem prover"},
-{"id": 5112,
+{"id": 5156,
"keyword": "entry adds quickcheck setup"},
-{"id": 5113,
+{"id": 5157,
"keyword": "regular expression equivalence"},
-{"id": 5114,
+{"id": 5158,
"keyword": "complex analysis"},
-{"id": 5115,
+{"id": 5159,
"keyword": "complete formal development"},
-{"id": 5116,
+{"id": 5160,
"keyword": "real-world programming languages"},
-{"id": 5117,
+{"id": 5161,
"keyword": "call arity"},
-{"id": 5118,
+{"id": 5162,
"keyword": "refused events"},
-{"id": 5119,
+{"id": 5163,
"keyword": "formal proof"},
-{"id": 5120,
+{"id": 5164,
"keyword": "method normalises applicative expressions"},
-{"id": 5121,
+{"id": 5165,
"keyword": "winding number"},
-{"id": 5122,
+{"id": 5166,
"keyword": "unpublished specialized algorithms"},
-{"id": 5123,
+{"id": 5167,
"keyword": "hoare logic based"},
-{"id": 5124,
+{"id": 5168,
"keyword": "desired interval"},
-{"id": 5125,
+{"id": 5169,
"keyword": "mainstream structures"},
-{"id": 5126,
+{"id": 5170,
"keyword": "object logic zfc"},
-{"id": 5127,
+{"id": 5171,
"keyword": "state proofs"},
-{"id": 5128,
+{"id": 5172,
"keyword": "representing legal agreements"},
-{"id": 5129,
+{"id": 5173,
"keyword": "basic material"},
-{"id": 5130,
+{"id": 5174,
+"keyword": "interest accrued"},
+{"id": 5175,
"keyword": "classical ai planning"},
-{"id": 5131,
+{"id": 5176,
"keyword": "chosen uniformly"},
-{"id": 5132,
+{"id": 5177,
"keyword": "rank-nullity theorem"},
-{"id": 5133,
+{"id": 5178,
"keyword": "tactic code"},
-{"id": 5134,
+{"id": 5179,
"keyword": "fully executable functional implementation"},
-{"id": 5135,
+{"id": 5180,
"keyword": "yoneda functor"},
-{"id": 5136,
+{"id": 5181,
"keyword": "limits"},
-{"id": 5137,
+{"id": 5182,
"keyword": "arbitrary classes"},
-{"id": 5138,
+{"id": 5183,
"keyword": "creating custom induction"},
-{"id": 5139,
+{"id": 5184,
"keyword": "interval arithmetic"},
-{"id": 5140,
+{"id": 5185,
"keyword": "full range"},
-{"id": 5141,
+{"id": 5186,
"keyword": "ssa"},
-{"id": 5142,
+{"id": 5187,
"keyword": "verified"},
-{"id": 5143,
+{"id": 5188,
"keyword": "inference system presented"},
-{"id": 5144,
+{"id": 5189,
"keyword": "bindings-aware induction"},
-{"id": 5145,
+{"id": 5190,
"keyword": "infinitesimal components"},
-{"id": 5146,
+{"id": 5191,
"keyword": "contextual equivalence"},
-{"id": 5147,
+{"id": 5192,
"keyword": "applied non-classical logics 2005"},
-{"id": 5148,
+{"id": 5193,
"keyword": "noncommuting words form"},
-{"id": 5149,
+{"id": 5194,
"keyword": "providing formalizations"},
-{"id": 5150,
+{"id": 5195,
"keyword": "autonomous vehicle manufacturers"},
-{"id": 5151,
+{"id": 5196,
"keyword": "algorithm aims"},
-{"id": 5152,
+{"id": 5197,
"keyword": "paper describes"},
-{"id": 5153,
+{"id": 5198,
"keyword": "cambridge university press 2001"},
-{"id": 5154,
+{"id": 5199,
"keyword": "priority queue"},
-{"id": 5155,
+{"id": 5200,
"keyword": "applicative functor"},
-{"id": 5156,
+{"id": 5201,
"keyword": "space usage"},
-{"id": 5157,
+{"id": 5202,
"keyword": "analyse system structure oriented"},
-{"id": 5158,
+{"id": 5203,
"keyword": "unverified tools"},
-{"id": 5159,
+{"id": 5204,
"keyword": "complete graphs"},
-{"id": 5160,
+{"id": 5205,
"keyword": "standard theorems"},
-{"id": 5161,
+{"id": 5206,
"keyword": "valid parameters"},
-{"id": 5162,
+{"id": 5207,
"keyword": "conduct machine checkable proofs"},
-{"id": 5163,
+{"id": 5208,
"keyword": "proof-carrying-code style encoding"},
-{"id": 5164,
+{"id": 5209,
"keyword": "analogous languages"},
-{"id": 5165,
+{"id": 5210,
"keyword": "friendship theorem"},
-{"id": 5166,
+{"id": 5211,
"keyword": "mathematical machinery"},
-{"id": 5167,
+{"id": 5212,
"keyword": "non-deterministic automata"},
-{"id": 5168,
+{"id": 5213,
"keyword": "formal proof closely"},
-{"id": 5169,
+{"id": 5214,
"keyword": "shorter refinement proofs"},
-{"id": 5170,
+{"id": 5215,
"keyword": "modeling firewall policies"},
-{"id": 5171,
+{"id": 5216,
"keyword": "standard estimations"},
-{"id": 5172,
+{"id": 5217,
"keyword": "group"},
-{"id": 5173,
+{"id": 5218,
"keyword": "axiomatic theory"},
-{"id": 5174,
+{"id": 5219,
"keyword": "syntactic formula"},
-{"id": 5175,
+{"id": 5220,
"keyword": "faulty process"},
-{"id": 5176,
+{"id": 5221,
"keyword": "verified decision procedures"},
-{"id": 5177,
+{"id": 5222,
"keyword": "resp"},
-{"id": 5178,
+{"id": 5223,
"keyword": "projective spaces"},
-{"id": 5179,
+{"id": 5224,
"keyword": "uniform proof"},
-{"id": 5180,
+{"id": 5225,
"keyword": "resolution theorem proving chapter"},
-{"id": 5181,
+{"id": 5226,
"keyword": "deductive program verification"},
-{"id": 5182,
+{"id": 5227,
"keyword": "entire cosmedis network"},
-{"id": 5183,
+{"id": 5228,
"keyword": "adaptive state counting algorithm"},
-{"id": 5184,
+{"id": 5229,
"keyword": "policy"},
-{"id": 5185,
+{"id": 5230,
"keyword": "autonomous vehicle liable"},
-{"id": 5186,
+{"id": 5231,
"keyword": "minimal ssa form"},
-{"id": 5187,
+{"id": 5232,
"keyword": "powerset construction mapping nfas"},
-{"id": 5188,
+{"id": 5233,
"keyword": "transition paths"},
-{"id": 5189,
+{"id": 5234,
"keyword": "execution time compares"},
-{"id": 5190,
+{"id": 5235,
"keyword": "complexity analysis"},
-{"id": 5191,
+{"id": 5236,
"keyword": "achieve bottom-"},
-{"id": 5192,
+{"id": 5237,
"keyword": "protocol analysis tools"},
-{"id": 5193,
+{"id": 5238,
"keyword": "progress tracking protocol"},
-{"id": 5194,
+{"id": 5239,
"keyword": "cryptographic constructions"},
-{"id": 5195,
+{"id": 5240,
"keyword": "gamma function"},
-{"id": 5196,
+{"id": 5241,
"keyword": "theorem 2"},
-{"id": 5197,
+{"id": 5242,
"keyword": "wikipedia articles"},
-{"id": 5198,
+{"id": 5243,
"keyword": "textbook ramsey theory"},
-{"id": 5199,
+{"id": 5244,
"keyword": "weakest-precondition entailment"},
-{"id": 5200,
+{"id": 5245,
"keyword": "subsumes lexicographic path orders"},
-{"id": 5201,
+{"id": 5246,
"keyword": "accessed independently"},
-{"id": 5202,
+{"id": 5247,
"keyword": "sparcv8 cpu simulator"},
-{"id": 5203,
+{"id": 5248,
"keyword": "maximal load factors"},
-{"id": 5204,
+{"id": 5249,
"keyword": "mergesort algorithm"},
-{"id": 5205,
+{"id": 5250,
"keyword": "bendix orders"},
-{"id": 5206,
+{"id": 5251,
"keyword": "general theorem"},
-{"id": 5207,
+{"id": 5252,
"keyword": "residuated boolean algebra"},
-{"id": 5208,
+{"id": 5253,
"keyword": "maclaurin formula"},
-{"id": 5209,
+{"id": 5254,
"keyword": "partial sums"},
-{"id": 5210,
+{"id": 5255,
"keyword": "recursively enumerable set"},
-{"id": 5211,
+{"id": 5256,
"keyword": "mathematical framework"},
-{"id": 5212,
+{"id": 5257,
"keyword": "inf-preserving predicate transformers"},
-{"id": 5213,
+{"id": 5258,
"keyword": "timely dataflow"},
-{"id": 5214,
+{"id": 5259,
"keyword": "paracomplete logics"},
-{"id": 5215,
+{"id": 5260,
"keyword": "binary search trees"},
-{"id": 5216,
+{"id": 5261,
"keyword": "pronounced lambda auth"},
-{"id": 5217,
+{"id": 5262,
"keyword": "simple imperative language imp"},
-{"id": 5218,
+{"id": 5263,
"keyword": "subseteq alpha"},
-{"id": 5219,
+{"id": 5264,
"keyword": "skip lists"},
-{"id": 5220,
+{"id": 5265,
"keyword": "empty rows"},
-{"id": 5221,
+{"id": 5266,
"keyword": "present version hol-csp profits"},
-{"id": 5222,
+{"id": 5267,
"keyword": "formal framework"},
-{"id": 5223,
+{"id": 5268,
"keyword": "first-order unification algorithm"},
-{"id": 5224,
+{"id": 5269,
"keyword": "tree-regular languages"},
-{"id": 5225,
+{"id": 5270,
"keyword": "first-order prover"},
-{"id": 5226,
+{"id": 5271,
"keyword": "highly probable assumption"},
-{"id": 5227,
+{"id": 5272,
"keyword": "differential_dynamic_logic article"},
-{"id": 5228,
+{"id": 5273,
"keyword": "form bigwedge_"},
-{"id": 5229,
+{"id": 5274,
"keyword": "important correctness property"},
-{"id": 5230,
+{"id": 5275,
"keyword": "key aspect"},
-{"id": 5231,
+{"id": 5276,
"keyword": "positive fractions"},
-{"id": 5232,
+{"id": 5277,
"keyword": "mechanized proof"},
-{"id": 5233,
+{"id": 5278,
"keyword": "equality holds"},
-{"id": 5234,
+{"id": 5279,
"keyword": "theorems state propositions"},
-{"id": 5235,
+{"id": 5280,
"keyword": "generated inputs"},
-{"id": 5236,
+{"id": 5281,
"keyword": "diagrammatic proof system"},
-{"id": 5237,
+{"id": 5282,
"keyword": "deutsch-schorr-waite graph marking algorithm"},
-{"id": 5238,
+{"id": 5283,
"keyword": "convert regular expressions"},
-{"id": 5239,
+{"id": 5284,
"keyword": "monotone boolean functions"},
-{"id": 5240,
+{"id": 5285,
"keyword": "prior formalization attempt"},
-{"id": 5241,
+{"id": 5286,
"keyword": "circus processes"},
-{"id": 5242,
+{"id": 5287,
"keyword": "verify properties"},
-{"id": 5243,
+{"id": 5288,
"keyword": "concrete programming language"},
-{"id": 5244,
+{"id": 5289,
"keyword": "non-functional requirements"},
-{"id": 5245,
+{"id": 5290,
"keyword": "limiting parallels axiom"},
-{"id": 5246,
+{"id": 5291,
"keyword": "webassembly language"},
-{"id": 5247,
+{"id": 5292,
"keyword": "8th event"},
-{"id": 5248,
+{"id": 5293,
"keyword": "local type definitions"},
-{"id": 5249,
+{"id": 5294,
"keyword": "approximation quality solely depends"},
-{"id": 5250,
+{"id": 5295,
"keyword": "protocol"},
-{"id": 5251,
+{"id": 5296,
"keyword": "2 scalar product"},
-{"id": 5252,
+{"id": 5297,
"keyword": "unique decomposition"},
-{"id": 5253,
+{"id": 5298,
"keyword": "florian kammueller"},
-{"id": 5254,
+{"id": 5299,
"keyword": "stepwise program refinement techniques"},
-{"id": 5255,
+{"id": 5300,
"keyword": "ungeneralised counterparts"},
-{"id": 5256,
+{"id": 5301,
"keyword": "auxiliary type"},
-{"id": 5257,
+{"id": 5302,
"keyword": "internal execution clocking"},
-{"id": 5258,
+{"id": 5303,
"keyword": "concurrent behaviour"},
-{"id": 5259,
+{"id": 5304,
"keyword": "primitive data types"},
-{"id": 5260,
+{"id": 5305,
"keyword": "systems communication plays"},
-{"id": 5261,
+{"id": 5306,
"keyword": "complementary error function erfc"},
-{"id": 5262,
+{"id": 5307,
"keyword": "functions learnable"},
-{"id": 5263,
+{"id": 5308,
"keyword": "concrete applicative functor"},
-{"id": 5264,
+{"id": 5309,
"keyword": "case combinators"},
-{"id": 5265,
+{"id": 5310,
"keyword": "infinite series"},
-{"id": 5266,
+{"id": 5311,
"keyword": "woots strong eventual consistency"},
-{"id": 5267,
+{"id": 5312,
"keyword": "yamada 2"},
-{"id": 5268,
+{"id": 5313,
"keyword": "isafol project isafol"},
-{"id": 5269,
+{"id": 5314,
"keyword": "events"},
-{"id": 5270,
+{"id": 5315,
"keyword": "derive mertens"},
-{"id": 5271,
+{"id": 5316,
"keyword": "operational semantics"},
-{"id": 5272,
+{"id": 5317,
"keyword": "match expression"},
-{"id": 5273,
+{"id": 5318,
"keyword": "paper assumptions"},
-{"id": 5274,
+{"id": 5319,
"keyword": "affine arithmetic"},
-{"id": 5275,
+{"id": 5320,
"keyword": "standard protocol descriptions based"},
-{"id": 5276,
+{"id": 5321,
"keyword": "easily expandable"},
-{"id": 5277,
+{"id": 5322,
"keyword": "tsinakis conditions"},
-{"id": 5278,
+{"id": 5323,
"keyword": "binary temporal operators"},
-{"id": 5279,
+{"id": 5324,
"keyword": "javier esparza"},
-{"id": 5280,
+{"id": 5325,
"keyword": "afp entry dynamic architectures"},
-{"id": 5281,
+{"id": 5326,
"keyword": "total correctness proof"},
-{"id": 5282,
+{"id": 5327,
"keyword": "timothy gowers"},
-{"id": 5283,
+{"id": 5328,
"keyword": "directed security policies"},
-{"id": 5284,
+{"id": 5329,
"keyword": "one-sided sequent calculus"},
-{"id": 5285,
+{"id": 5330,
"keyword": "hybrid logic"},
-{"id": 5286,
+{"id": 5331,
"keyword": "authentication mechanisms employed call"},
-{"id": 5287,
+{"id": 5332,
"keyword": "maximum determination"},
-{"id": 5288,
+{"id": 5333,
"keyword": "unwinding results"},
-{"id": 5289,
+{"id": 5334,
"keyword": "general scheme"},
-{"id": 5290,
+{"id": 5335,
"keyword": "substantial performance penalty"},
-{"id": 5291,
+{"id": 5336,
"keyword": "propositional logic"},
-{"id": 5292,
+{"id": 5337,
"keyword": "lehmer presented criterions"},
-{"id": 5293,
+{"id": 5338,
"keyword": "witnessing diamonds"},
-{"id": 5294,
+{"id": 5339,
"keyword": "mutilated chess board"},
-{"id": 5295,
+{"id": 5340,
"keyword": "formally verified"},
-{"id": 5296,
+{"id": 5341,
"keyword": "w_1 ldots w_n 1"},
-{"id": 5297,
+{"id": 5342,
"keyword": "real vectors spaces"},
-{"id": 5298,
+{"id": 5343,
"keyword": "establish sound type-system-"},
-{"id": 5299,
+{"id": 5344,
"keyword": "future related mechanisation efforts"},
-{"id": 5300,
+{"id": 5345,
"keyword": "compare complements"},
-{"id": 5301,
+{"id": 5346,
"keyword": "concrete system"},
-{"id": 5302,
+{"id": 5347,
"keyword": "compatible formalization"},
-{"id": 5303,
+{"id": 5348,
"keyword": "active domain"},
-{"id": 5304,
+{"id": 5349,
"keyword": "informal proof"},
-{"id": 5305,
+{"id": 5350,
"keyword": "leftmost reduction theorem"},
-{"id": 5306,
+{"id": 5351,
"keyword": "verify-- philosophical arguments"},
-{"id": 5307,
+{"id": 5352,
"keyword": "number partitions"},
-{"id": 5308,
+{"id": 5353,
"keyword": "rewrite rules"},
-{"id": 5309,
+{"id": 5354,
"keyword": "monochromatic line"},
-{"id": 5310,
+{"id": 5355,
"keyword": "monotonic boolean transformers"},
-{"id": 5311,
+{"id": 5356,
"keyword": "designs"},
-{"id": 5312,
+{"id": 5357,
"keyword": "fundamental banach spaces"},
-{"id": 5313,
+{"id": 5358,
"keyword": "swierczkowski ndash"},
-{"id": 5314,
+{"id": 5359,
"keyword": "eponym ijcar 2020 paper"},
-{"id": 5315,
+{"id": 5360,
"keyword": "expressing smart contracts"},
-{"id": 5316,
+{"id": 5361,
"keyword": "key properties"},
-{"id": 5317,
+{"id": 5362,
"keyword": "special halting problem"},
-{"id": 5318,
+{"id": 5363,
"keyword": "effectively executable algorithm"},
-{"id": 5319,
+{"id": 5364,
"keyword": "generalise relation algebras"},
-{"id": 5320,
+{"id": 5365,
"keyword": "abstract representation"},
-{"id": 5321,
+{"id": 5366,
"keyword": "abstract theory"},
-{"id": 5322,
+{"id": 5367,
"keyword": "desired precision"},
-{"id": 5323,
+{"id": 5368,
"keyword": "compiled code"},
-{"id": 5324,
+{"id": 5369,
"keyword": "odd-set cover osc"},
-{"id": 5325,
+{"id": 5370,
"keyword": "maintaining knowledge"},
-{"id": 5326,
+{"id": 5371,
"keyword": "sophisticated languages"},
-{"id": 5327,
+{"id": 5372,
"keyword": "function eval solves capturability"},
-{"id": 5328,
+{"id": 5373,
"keyword": "operational properties"},
-{"id": 5329,
+{"id": 5374,
"keyword": "curve operations"},
-{"id": 5330,
+{"id": 5375,
"keyword": "alternative interpretation"},
-{"id": 5331,
+{"id": 5376,
"keyword": "significantly larger"},
-{"id": 5332,
+{"id": 5377,
"keyword": "automatic tactics"},
-{"id": 5333,
+{"id": 5378,
"keyword": "gewirth"},
-{"id": 5334,
+{"id": 5379,
"keyword": "theorem states"},
-{"id": 5335,
+{"id": 5380,
"keyword": "previous axiomatic encoding"},
-{"id": 5336,
+{"id": 5381,
"keyword": "cauchy index"},
-{"id": 5337,
+{"id": 5382,
"keyword": "tree width"},
-{"id": 5338,
+{"id": 5383,
"keyword": "effectively decide ideal membership"},
-{"id": 5339,
+{"id": 5384,
"keyword": "gmw protocol"},
-{"id": 5340,
+{"id": 5385,
"keyword": "multi-party computation"},
-{"id": 5341,
+{"id": 5386,
"keyword": "master students"},
-{"id": 5342,
+{"id": 5387,
"keyword": "low edge probability"},
-{"id": 5343,
+{"id": 5388,
"keyword": "static refutational completeness"},
-{"id": 5344,
+{"id": 5389,
"keyword": "incoming edges equals"},
-{"id": 5345,
+{"id": 5390,
"keyword": "tail-recursive function"},
-{"id": 5346,
+{"id": 5391,
"keyword": "all-pairs shortest paths problem"},
-{"id": 5347,
+{"id": 5392,
"keyword": "initial specification"},
-{"id": 5348,
+{"id": 5393,
"keyword": "time sufficient properties"},
-{"id": 5349,
+{"id": 5394,
"keyword": "symmetry properties"},
-{"id": 5350,
+{"id": 5395,
"keyword": "probabilistic functional programming language"},
-{"id": 5351,
+{"id": 5396,
"keyword": "fixed set"},
-{"id": 5352,
+{"id": 5397,
"keyword": "reflexive-transitive closures"},
-{"id": 5353,
+{"id": 5398,
"keyword": "racing effects"},
-{"id": 5354,
+{"id": 5399,
"keyword": "dbm-based forward analysis"},
-{"id": 5355,
+{"id": 5400,
"keyword": "formal verification"},
-{"id": 5356,
+{"id": 5401,
"keyword": "compositional invariant proofs"},
-{"id": 5357,
-"keyword": "abstract time domain"},
-{"id": 5358,
-"keyword": "defining functions"},
-{"id": 5359,
-"keyword": "correctness proof"},
-{"id": 5360,
-"keyword": "smt"},
-{"id": 5361,
-"keyword": "separation logic formulae"},
-{"id": 5362,
-"keyword": "catalan numbers"},
-{"id": 5363,
-"keyword": "deriving approximative safety properties"},
-{"id": 5364,
-"keyword": "keeping track"},
-{"id": 5365,
-"keyword": "polar form transformation"},
-{"id": 5366,
-"keyword": "counting sort making"},
-{"id": 5367,
-"keyword": "interval calculus"},
-{"id": 5368,
-"keyword": "countable networks"},
-{"id": 5369,
-"keyword": "generated code"},
-{"id": 5370,
-"keyword": "christian urban"},
-{"id": 5371,
-"keyword": "modify nodes"},
-{"id": 5372,
-"keyword": "security systems"},
-{"id": 5373,
-"keyword": "unsorted first-order logic"},
-{"id": 5374,
-"keyword": "generalising tla action formulas"},
-{"id": 5375,
-"keyword": "collecting semantics"},
-{"id": 5376,
-"keyword": "single partial composition operation"},
-{"id": 5377,
-"keyword": "guarantee minimality"},
-{"id": 5378,
-"keyword": "data stream"},
-{"id": 5379,
-"keyword": "search trees based"},
-{"id": 5380,
-"keyword": "universal turing machine"},
-{"id": 5381,
-"keyword": "nonzero rational number"},
-{"id": 5382,
-"keyword": "unrestricted rules"},
-{"id": 5383,
-"keyword": "efficient version"},
-{"id": 5384,
-"keyword": "specification mechanism"},
-{"id": 5385,
-"keyword": "rts algorithm"},
-{"id": 5386,
-"keyword": "dirichlet"},
-{"id": 5387,
-"keyword": "involve polynomial interpretations"},
-{"id": 5388,
-"keyword": "resulting proof system"},
-{"id": 5389,
-"keyword": "newton interpolation"},
-{"id": 5390,
-"keyword": "arrow-debreu model"},
-{"id": 5391,
-"keyword": "complex algebraic numbers"},
-{"id": 5392,
-"keyword": "regular operations"},
-{"id": 5393,
-"keyword": "infinite-dimensional vector spaces"},
-{"id": 5394,
-"keyword": "tool box allowing"},
-{"id": 5395,
-"keyword": "elementary measure theory"},
-{"id": 5396,
-"keyword": "false alarms"},
-{"id": 5397,
-"keyword": "generic unwinding theorem"},
-{"id": 5398,
-"keyword": "program compositions"},
-{"id": 5399,
-"keyword": "org vol-3002 paper7"},
-{"id": 5400,
-"keyword": "knot theory"},
-{"id": 5401,
-"keyword": "formal model"},
{"id": 5402,
-"keyword": "abstract interpreter operate"},
+"keyword": "abstract time domain"},
{"id": 5403,
-"keyword": "hom embedding"},
+"keyword": "defining functions"},
{"id": 5404,
-"keyword": "zeroth frequency moment"},
+"keyword": "correctness proof"},
{"id": 5405,
-"keyword": "bnf-based datatype package"},
+"keyword": "smt"},
{"id": 5406,
-"keyword": "classic notion"},
+"keyword": "separation logic formulae"},
{"id": 5407,
-"keyword": "projective space geometry"},
+"keyword": "catalan numbers"},
{"id": 5408,
-"keyword": "free"},
+"keyword": "deriving approximative safety properties"},
{"id": 5409,
-"keyword": "small-step semantics instrumented"},
+"keyword": "keeping track"},
{"id": 5410,
-"keyword": "reproduced faithfully"},
+"keyword": "polar form transformation"},
{"id": 5411,
-"keyword": "strong eventual consistency guarantees"},
+"keyword": "counting sort making"},
{"id": 5412,
-"keyword": "sparcv8 cpu"},
+"keyword": "interval calculus"},
{"id": 5413,
-"keyword": "poincar disc model"},
+"keyword": "countable networks"},
{"id": 5414,
-"keyword": "called learnable"},
+"keyword": "generated code"},
{"id": 5415,
-"keyword": "variants"},
+"keyword": "christian urban"},
{"id": 5416,
-"keyword": "cartesian monoidal categories"},
+"keyword": "modify nodes"},
{"id": 5417,
-"keyword": "deterministic list update algorithms"},
+"keyword": "security systems"},
{"id": 5418,
-"keyword": "quad int_0 1"},
+"keyword": "unsorted first-order logic"},
{"id": 5419,
-"keyword": "levi identities"},
+"keyword": "generalising tla action formulas"},
{"id": 5420,
-"keyword": "applicative functors augment computations"},
+"keyword": "collecting semantics"},
{"id": 5421,
-"keyword": "therories describe hoare logics"},
+"keyword": "single partial composition operation"},
{"id": 5422,
-"keyword": "list"},
+"keyword": "guarantee minimality"},
{"id": 5423,
-"keyword": "abstract algebra"},
+"keyword": "data stream"},
{"id": 5424,
-"keyword": "verifying practical algorithms"},
+"keyword": "search trees based"},
{"id": 5425,
-"keyword": "neutral social decision scheme"},
+"keyword": "financial products"},
{"id": 5426,
-"keyword": "data refinement techniques"},
+"keyword": "universal turing machine"},
{"id": 5427,
-"keyword": "concrete data structures"},
+"keyword": "nonzero rational number"},
{"id": 5428,
-"keyword": "basic number-theoretic functions related"},
+"keyword": "unrestricted rules"},
{"id": 5429,
-"keyword": "mfodl supports real-time constraints"},
+"keyword": "efficient version"},
{"id": 5430,
-"keyword": "geometric interpretation"},
+"keyword": "specification mechanism"},
{"id": 5431,
-"keyword": "minsky configurations"},
+"keyword": "rts algorithm"},
{"id": 5432,
-"keyword": "stepwise refinement based approach"},
+"keyword": "dirichlet"},
{"id": 5433,
-"keyword": "concrete lower bound"},
+"keyword": "involve polynomial interpretations"},
{"id": 5434,
-"keyword": "textual language"},
+"keyword": "resulting proof system"},
{"id": 5435,
-"keyword": "elementary proof"},
+"keyword": "newton interpolation"},
{"id": 5436,
-"keyword": "originally reported"},
+"keyword": "arrow-debreu model"},
{"id": 5437,
-"keyword": "lu cleverly extended"},
+"keyword": "complex algebraic numbers"},
{"id": 5438,
-"keyword": "efficient arrays"},
+"keyword": "regular operations"},
{"id": 5439,
-"keyword": "basic blocks"},
+"keyword": "infinite-dimensional vector spaces"},
{"id": 5440,
-"keyword": "represent objects"},
+"keyword": "tool box allowing"},
{"id": 5441,
-"keyword": "iterative interpretive process"},
+"keyword": "elementary measure theory"},
{"id": 5442,
-"keyword": "simple algebraic basis"},
+"keyword": "false alarms"},
{"id": 5443,
-"keyword": "basic algebra leading"},
+"keyword": "generic unwinding theorem"},
{"id": 5444,
-"keyword": "volpano smith-style noninterference notions"},
+"keyword": "program compositions"},
{"id": 5445,
-"keyword": "composable security statements"},
+"keyword": "org vol-3002 paper7"},
{"id": 5446,
-"keyword": "important functions"},
+"keyword": "knot theory"},
{"id": 5447,
-"keyword": "core notion"},
+"keyword": "formal model"},
{"id": 5448,
-"keyword": "complex"},
+"keyword": "abstract interpreter operate"},
{"id": 5449,
-"keyword": "model-level og proof"},
+"keyword": "hom embedding"},
{"id": 5450,
-"keyword": "simplify program verification"},
+"keyword": "zeroth frequency moment"},
{"id": 5451,
-"keyword": "constant intersect designs"},
+"keyword": "bnf-based datatype package"},
{"id": 5452,
-"keyword": "folder commonset"},
+"keyword": "classic notion"},
{"id": 5453,
-"keyword": "type checker"},
+"keyword": "projective space geometry"},
{"id": 5454,
-"keyword": "hol light version"},
+"keyword": "free"},
{"id": 5455,
-"keyword": "formal summation"},
+"keyword": "small-step semantics instrumented"},
{"id": 5456,
-"keyword": "key establishment protocols"},
+"keyword": "reproduced faithfully"},
{"id": 5457,
-"keyword": "linear transformations"},
+"keyword": "strong eventual consistency guarantees"},
{"id": 5458,
-"keyword": "bicolano operational semantics"},
+"keyword": "sparcv8 cpu"},
{"id": 5459,
-"keyword": "elementary infrastructure"},
+"keyword": "poincar disc model"},
{"id": 5460,
-"keyword": "nominal logic formalism"},
+"keyword": "called learnable"},
{"id": 5461,
-"keyword": "efficient monpoly monitoring tool"},
+"keyword": "variants"},
{"id": 5462,
-"keyword": "complex library"},
+"keyword": "cartesian monoidal categories"},
{"id": 5463,
-"keyword": "ceta system"},
+"keyword": "deterministic list update algorithms"},
{"id": 5464,
-"keyword": "standard disassembly tool objdump"},
+"keyword": "quad int_0 1"},
{"id": 5465,
-"keyword": "binary relations"},
+"keyword": "levi identities"},
{"id": 5466,
-"keyword": "cover monotonic security invariants"},
+"keyword": "applicative functors augment computations"},
{"id": 5467,
-"keyword": "simple paper proof"},
+"keyword": "therories describe hoare logics"},
{"id": 5468,
-"keyword": "global model"},
+"keyword": "list"},
{"id": 5469,
-"keyword": "derive"},
+"keyword": "abstract algebra"},
{"id": 5470,
-"keyword": "relativize paulson"},
+"keyword": "verifying practical algorithms"},
{"id": 5471,
-"keyword": "normed space"},
+"keyword": "neutral social decision scheme"},
{"id": 5472,
-"keyword": "radix sort"},
+"keyword": "data refinement techniques"},
{"id": 5473,
-"keyword": "proof step"},
+"keyword": "concrete data structures"},
{"id": 5474,
-"keyword": "declassification bounds"},
+"keyword": "basic number-theoretic functions related"},
{"id": 5475,
-"keyword": "original version"},
+"keyword": "mfodl supports real-time constraints"},
{"id": 5476,
-"keyword": "stimulus structure"},
+"keyword": "geometric interpretation"},
{"id": 5477,
-"keyword": "protocol verification"},
+"keyword": "minsky configurations"},
{"id": 5478,
-"keyword": "higher entity"},
+"keyword": "stepwise refinement based approach"},
{"id": 5479,
-"keyword": "arithmetic logical operations"},
+"keyword": "concrete lower bound"},
{"id": 5480,
-"keyword": "require eventual consistency"},
+"keyword": "textual language"},
{"id": 5481,
-"keyword": "skip blocks"},
+"keyword": "elementary proof"},
{"id": 5482,
-"keyword": "subterm coefficient functions"},
+"keyword": "originally reported"},
{"id": 5483,
-"keyword": "tla axioms"},
+"keyword": "lu cleverly extended"},
{"id": 5484,
-"keyword": "afp package"},
+"keyword": "efficient arrays"},
{"id": 5485,
-"keyword": "alphabetised relational calculus"},
+"keyword": "basic blocks"},
{"id": 5486,
-"keyword": "infinite"},
+"keyword": "represent objects"},
{"id": 5487,
-"keyword": "unify correctness statements"},
+"keyword": "iterative interpretive process"},
{"id": 5488,
-"keyword": "representing documents"},
+"keyword": "simple algebraic basis"},
{"id": 5489,
-"keyword": "complete semantic tableau calculus"},
+"keyword": "basic algebra leading"},
{"id": 5490,
-"keyword": "domain-relation map satisfying"},
+"keyword": "volpano smith-style noninterference notions"},
{"id": 5491,
-"keyword": "abstract convergence theorem"},
+"keyword": "composable security statements"},
{"id": 5492,
-"keyword": "normal functions"},
+"keyword": "important functions"},
{"id": 5493,
-"keyword": "language determinism"},
+"keyword": "core notion"},
{"id": 5494,
-"keyword": "comparatively small subset"},
+"keyword": "complex"},
{"id": 5495,
-"keyword": "independent runs"},
+"keyword": "model-level og proof"},
{"id": 5496,
-"keyword": "principal ideal domains"},
+"keyword": "simplify program verification"},
{"id": 5497,
-"keyword": "write specifications"},
+"keyword": "constant intersect designs"},
{"id": 5498,
-"keyword": "algorithm generates posix"},
+"keyword": "folder commonset"},
{"id": 5499,
-"keyword": "pairwise balanced designs"},
+"keyword": "type checker"},
{"id": 5500,
-"keyword": "original presentation"},
+"keyword": "hol light version"},
{"id": 5501,
-"keyword": "verified type checker"},
+"keyword": "formal summation"},
{"id": 5502,
-"keyword": "conflict-free replicated data types"},
+"keyword": "key establishment protocols"},
{"id": 5503,
-"keyword": "inverse function"},
+"keyword": "linear transformations"},
{"id": 5504,
-"keyword": "underlying local hidden-variable theory"},
+"keyword": "bicolano operational semantics"},
{"id": 5505,
-"keyword": "stream fusion library"},
+"keyword": "elementary infrastructure"},
{"id": 5506,
-"keyword": "program verification competition"},
+"keyword": "nominal logic formalism"},
{"id": 5507,
-"keyword": "primitives"},
+"keyword": "efficient monpoly monitoring tool"},
{"id": 5508,
-"keyword": "finite measure preserving systems"},
+"keyword": "complex library"},
{"id": 5509,
-"keyword": "verified functional skew heaps"},
+"keyword": "ceta system"},
{"id": 5510,
-"keyword": "completed versions"},
+"keyword": "standard disassembly tool objdump"},
{"id": 5511,
-"keyword": "fixed upper bound"},
+"keyword": "binary relations"},
{"id": 5512,
-"keyword": "chosen abstractions"},
+"keyword": "cover monotonic security invariants"},
{"id": 5513,
-"keyword": "composition properties wrt"},
+"keyword": "simple paper proof"},
{"id": 5514,
-"keyword": "dfs-based algorithms"},
+"keyword": "global model"},
{"id": 5515,
-"keyword": "rules applying"},
+"keyword": "derive"},
{"id": 5516,
-"keyword": "logarithmic upper bound"},
+"keyword": "relativize paulson"},
{"id": 5517,
-"keyword": "incidence system properties"},
+"keyword": "normed space"},
{"id": 5518,
-"keyword": "small imperative language imp"},
+"keyword": "radix sort"},
{"id": 5519,
-"keyword": "certified complex root isolation"},
+"keyword": "proof step"},
{"id": 5520,
-"keyword": "linear constraints"},
+"keyword": "declassification bounds"},
{"id": 5521,
-"keyword": "algebraically independent"},
+"keyword": "original version"},
{"id": 5522,
-"keyword": "double exponential"},
+"keyword": "stimulus structure"},
{"id": 5523,
-"keyword": "monotone maps"},
+"keyword": "protocol verification"},
{"id": 5524,
-"keyword": "verified ssa construction"},
+"keyword": "higher entity"},
{"id": 5525,
-"keyword": "reachability analysis"},
+"keyword": "arithmetic logical operations"},
{"id": 5526,
-"keyword": "prime power"},
+"keyword": "require eventual consistency"},
{"id": 5527,
-"keyword": "applications ranging"},
+"keyword": "skip blocks"},
{"id": 5528,
-"keyword": "distributed environment"},
+"keyword": "subterm coefficient functions"},
{"id": 5529,
-"keyword": "octonionic product"},
+"keyword": "tla axioms"},
{"id": 5530,
-"keyword": "event lists varying"},
+"keyword": "afp package"},
{"id": 5531,
-"keyword": "notably holcf"},
+"keyword": "alphabetised relational calculus"},
{"id": 5532,
-"keyword": "call path authorization"},
+"keyword": "infinite"},
{"id": 5533,
-"keyword": "presentation"},
+"keyword": "unify correctness statements"},
{"id": 5534,
-"keyword": "efficiently executable code"},
+"keyword": "representing documents"},
{"id": 5535,
-"keyword": "simple proofs"},
+"keyword": "complete semantic tableau calculus"},
{"id": 5536,
-"keyword": "independent modules"},
+"keyword": "domain-relation map satisfying"},
{"id": 5537,
-"keyword": "holzf theory"},
+"keyword": "abstract convergence theorem"},
{"id": 5538,
-"keyword": "state monad"},
+"keyword": "normal functions"},
{"id": 5539,
-"keyword": "random pivot choice"},
+"keyword": "language determinism"},
{"id": 5540,
-"keyword": "concurrent revisions"},
+"keyword": "comparatively small subset"},
{"id": 5541,
-"keyword": "reduced row echelon form"},
+"keyword": "independent runs"},
{"id": 5542,
-"keyword": "number-theoretic results"},
+"keyword": "principal ideal domains"},
{"id": 5543,
-"keyword": "subterm property"},
+"keyword": "write specifications"},
{"id": 5544,
-"keyword": "basis reduction"},
+"keyword": "algorithm generates posix"},
{"id": 5545,
-"keyword": "bkr algorithm"},
+"keyword": "pairwise balanced designs"},
{"id": 5546,
-"keyword": "case study revealed"},
+"keyword": "original presentation"},
{"id": 5547,
-"keyword": "dynamic declassification triggers"},
+"keyword": "verified type checker"},
{"id": 5548,
-"keyword": "machine-checked correctness theorems"},
+"keyword": "conflict-free replicated data types"},
{"id": 5549,
-"keyword": "hereditary multisets"},
+"keyword": "inverse function"},
{"id": 5550,
-"keyword": "dana scott"},
+"keyword": "underlying local hidden-variable theory"},
{"id": 5551,
-"keyword": "fourier sequences"},
+"keyword": "stream fusion library"},
{"id": 5552,
-"keyword": "collections framework"},
+"keyword": "program verification competition"},
{"id": 5553,
-"keyword": "relational core"},
+"keyword": "primitives"},
{"id": 5554,
-"keyword": "infinite set"},
+"keyword": "finite measure preserving systems"},
{"id": 5555,
+"keyword": "verified functional skew heaps"},
+{"id": 5556,
+"keyword": "completed versions"},
+{"id": 5557,
+"keyword": "fixed upper bound"},
+{"id": 5558,
+"keyword": "chosen abstractions"},
+{"id": 5559,
+"keyword": "composition properties wrt"},
+{"id": 5560,
+"keyword": "dfs-based algorithms"},
+{"id": 5561,
+"keyword": "rules applying"},
+{"id": 5562,
+"keyword": "logarithmic upper bound"},
+{"id": 5563,
+"keyword": "incidence system properties"},
+{"id": 5564,
+"keyword": "small imperative language imp"},
+{"id": 5565,
+"keyword": "certified complex root isolation"},
+{"id": 5566,
+"keyword": "linear constraints"},
+{"id": 5567,
+"keyword": "algebraically independent"},
+{"id": 5568,
+"keyword": "double exponential"},
+{"id": 5569,
+"keyword": "monotone maps"},
+{"id": 5570,
+"keyword": "verified ssa construction"},
+{"id": 5571,
+"keyword": "reachability analysis"},
+{"id": 5572,
+"keyword": "prime power"},
+{"id": 5573,
+"keyword": "applications ranging"},
+{"id": 5574,
+"keyword": "distributed environment"},
+{"id": 5575,
+"keyword": "octonionic product"},
+{"id": 5576,
+"keyword": "event lists varying"},
+{"id": 5577,
+"keyword": "notably holcf"},
+{"id": 5578,
+"keyword": "call path authorization"},
+{"id": 5579,
+"keyword": "presentation"},
+{"id": 5580,
+"keyword": "efficiently executable code"},
+{"id": 5581,
+"keyword": "simple proofs"},
+{"id": 5582,
+"keyword": "independent modules"},
+{"id": 5583,
+"keyword": "holzf theory"},
+{"id": 5584,
+"keyword": "state monad"},
+{"id": 5585,
+"keyword": "random pivot choice"},
+{"id": 5586,
+"keyword": "concurrent revisions"},
+{"id": 5587,
+"keyword": "reduced row echelon form"},
+{"id": 5588,
+"keyword": "number-theoretic results"},
+{"id": 5589,
+"keyword": "subterm property"},
+{"id": 5590,
+"keyword": "basis reduction"},
+{"id": 5591,
+"keyword": "bkr algorithm"},
+{"id": 5592,
+"keyword": "case study revealed"},
+{"id": 5593,
+"keyword": "dynamic declassification triggers"},
+{"id": 5594,
+"keyword": "machine-checked correctness theorems"},
+{"id": 5595,
+"keyword": "hereditary multisets"},
+{"id": 5596,
+"keyword": "dana scott"},
+{"id": 5597,
+"keyword": "fourier sequences"},
+{"id": 5598,
+"keyword": "collections framework"},
+{"id": 5599,
+"keyword": "relational core"},
+{"id": 5600,
+"keyword": "infinite set"},
+{"id": 5601,
"keyword": "real error function erf"},
-{"id": 5556,
+{"id": 5602,
"keyword": "verifying safety properties"},
-{"id": 5557,
+{"id": 5603,
"keyword": "modal collapse"},
-{"id": 5558,
+{"id": 5604,
"keyword": "differential dynamics logic"},
-{"id": 5559,
+{"id": 5605,
"keyword": "hilbert systems"},
-{"id": 5560,
+{"id": 5606,
"keyword": "development establishes"},
-{"id": 5561,
+{"id": 5607,
"keyword": "quad text"},
-{"id": 5562,
+{"id": 5608,
"keyword": "rely condition generalised"},
-{"id": 5563,
+{"id": 5609,
"keyword": "prefix order"},
-{"id": 5564,
+{"id": 5610,
"keyword": "closure properties"},
-{"id": 5565,
+{"id": 5611,
"keyword": "negative cycles"},
-{"id": 5566,
+{"id": 5612,
"keyword": "generalized intervals"},
-{"id": 5567,
+{"id": 5613,
"keyword": "input programs"},
-{"id": 5568,
+{"id": 5614,
"keyword": "common-sense theory"},
-{"id": 5569,
+{"id": 5615,
"keyword": "standard semantics"},
-{"id": 5570,
+{"id": 5616,
"keyword": "omega-complete non-orders"}]
\ No newline at end of file
diff --git a/web/dependencies/index.html b/web/dependencies/index.html
--- a/web/dependencies/index.html
+++ b/web/dependencies/index.html
@@ -1,2105 +1,2119 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><meta property="og:title" content="Dependencies" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/dependencies/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Dependencies"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon"><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>D</span>ependencies Dependents</h1>
<div>
</div>
</header><div><h2 class="head">2022</h2><article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../dependencies/padic_ints/">Padic_Ints</a></h5> <br></div>
+ <span class="date">
+ Sep 22
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../dependencies/localization_ring/">Localization_Ring</a></h5> <br></div>
+ <span class="date">
+ Sep 22
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../dependencies/number_theoretic_transform/">Number_Theoretic_Transform</a></h5> <br></div>
<span class="date">
Sep 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/berlekamp_zassenhaus/">Berlekamp_Zassenhaus</a></h5> <br></div>
<span class="date">
Sep 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/pluennecke_ruzsa_inequality/">Pluennecke_Ruzsa_Inequality</a></h5> <br></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/jacobson_basic_algebra/">Jacobson_Basic_Algebra</a></h5> <br></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/bernoulli/">Bernoulli</a></h5> <br></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/native_word/">Native_Word</a></h5> <br></div>
<span class="date">
Aug 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/datatype_order_generator/">Datatype_Order_Generator</a></h5> <br></div>
<span class="date">
Aug 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/containers/">Containers</a></h5> <br></div>
<span class="date">
Aug 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/projective_measurements/">Projective_Measurements</a></h5> <br></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dirichlet_series/">Dirichlet_Series</a></h5> <br></div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lucas_theorem/">Lucas_Theorem</a></h5> <br></div>
<span class="date">
Jun 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/digit_expansions/">Digit_Expansions</a></h5> <br></div>
<span class="date">
Jun 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/regular_tree_relations/">Regular_Tree_Relations</a></h5> <br></div>
<span class="date">
Jun 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/package_logic/">Package_logic</a></h5> <br></div>
<span class="date">
May 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sunflowers/">Sunflowers</a></h5> <br></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/stirling_formula/">Stirling_Formula</a></h5> <br></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/polynomial_factorization/">Polynomial_Factorization</a></h5> <br></div>
<span class="date">
Apr 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/list-index/">List-Index</a></h5> <br></div>
<span class="date">
Apr 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/groebner_bases/">Groebner_Bases</a></h5> <br></div>
<span class="date">
Apr 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/design_theory/">Design_Theory</a></h5> <br></div>
<span class="date">
Apr 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/benor_kozen_reif/">BenOr_Kozen_Reif</a></h5> <br></div>
<span class="date">
Apr 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/weighted_path_order/">Weighted_Path_Order</a></h5> <br></div>
<span class="date">
Apr 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/universal_hash_families/">Universal_Hash_Families</a></h5> <br></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/prefix_free_code_combinators/">Prefix_Free_Code_Combinators</a></h5> <br></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/median_method/">Median_Method</a></h5> <br></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lp/">Lp</a></h5> <br></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/interpolation_polynomials_hol_algebra/">Interpolation_Polynomials_HOL_Algebra</a></h5> <br></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/equivalence_relation_enumeration/">Equivalence_Relation_Enumeration</a></h5> <br></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/bertrands_postulate/">Bertrands_Postulate</a></h5> <br></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/abstract_soundness/">Abstract_Soundness</a></h5> <br></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/abstract_completeness/">Abstract_Completeness</a></h5> <br></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/transitive_models/">Transitive_Models</a></h5> <br></div>
<span class="date">
Mar 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/delta_system_lemma/">Delta_System_Lemma</a></h5> <br></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/finite_fields/">Finite_Fields</a></h5> <br></div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/zfc_in_hol/">ZFC_in_HOL</a></h5> <br></div>
<span class="date">
Feb 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/card_equiv_relations/">Card_Equiv_Relations</a></h5> <br></div>
<span class="date">
Feb 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/linear_inequalities/">Linear_Inequalities</a></h5> <br></div>
<span class="date">
Feb 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/fol-fitting/">FOL-Fitting</a></h5> <br></div>
<span class="date">
Feb 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/fol_seq_calc1/">FOL_Seq_Calc1</a></h5> <br></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/collections/">Collections</a></h5> <br></div>
<span class="date">
Jan 31
</span>
</article>
<h2 class="head">2021</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/szemeredi_regularity/">Szemeredi_Regularity</a></h5> <br></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/random_graph_subgraph_threshold/">Random_Graph_Subgraph_Threshold</a></h5> <br></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/girth_chromatic/">Girth_Chromatic</a></h5> <br></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ergodic_theory/">Ergodic_Theory</a></h5> <br></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/mdp-rewards/">MDP-Rewards</a></h5> <br></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/gauss_jordan/">Gauss_Jordan</a></h5> <br></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/knuth_bendix_order/">Knuth_Bendix_Order</a></h5> <br></div>
<span class="date">
Dec 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sepref_prereq/">Sepref_Prereq</a></h5> <br></div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/robdd/">ROBDD</a></h5> <br></div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/jordan_normal_form/">Jordan_Normal_Form</a></h5> <br></div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/deriving/">Deriving</a></h5> <br></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/automatic_refinement/">Automatic_Refinement</a></h5> <br></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/polynomials/">Polynomials</a></h5> <br></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hermite_lindemann/">Hermite_Lindemann</a></h5> <br></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/algebraic_numbers/">Algebraic_Numbers</a></h5> <br></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/complex_bounded_operators/">Complex_Bounded_Operators</a></h5> <br></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/word_lib/">Word_Lib</a></h5> <br></div>
<span class="date">
Oct 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/subset_boolean_algebras/">Subset_Boolean_Algebras</a></h5> <br></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/stone_kleene_relation_algebras/">Stone_Kleene_Relation_Algebras</a></h5> <br></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/monobooltranalgebra/">MonoBoolTranAlgebra</a></h5> <br></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/real_impl/">Real_Impl</a></h5> <br></div>
<span class="date">
Sep 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/banach_steinhaus/">Banach_Steinhaus</a></h5> <br></div>
<span class="date">
Sep 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/speccheck/">SpecCheck</a></h5> <br></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/intro_dest_elim/">Intro_Dest_Elim</a></h5> <br></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/czh_foundations/">CZH_Foundations</a></h5> <br></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/czh_elementary_categories/">CZH_Elementary_Categories</a></h5> <br></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/conditional_transfer_rule/">Conditional_Transfer_Rule</a></h5> <br></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/conditional_simplification/">Conditional_Simplification</a></h5> <br></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/jinja/">Jinja</a></h5> <br></div>
<span class="date">
Sep 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/factor_algebraic_polynomial/">Factor_Algebraic_Polynomial</a></h5> <br></div>
<span class="date">
Sep 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/complex_geometry/">Complex_Geometry</a></h5> <br></div>
<span class="date">
Sep 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/polynomial_interpolation/">Polynomial_Interpolation</a></h5> <br></div>
<span class="date">
Aug 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/budan_fourier/">Budan_Fourier</a></h5> <br></div>
<span class="date">
Aug 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/fresh_identifiers/">Fresh_Identifiers</a></h5> <br></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/bounded_deducibility_security/">Bounded_Deducibility_Security</a></h5> <br></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/bd_security_compositional/">BD_Security_Compositional</a></h5> <br></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/nested_multisets_ordinals/">Nested_Multisets_Ordinals</a></h5> <br></div>
<span class="date">
Aug 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/graph_theory/">Graph_Theory</a></h5> <br></div>
<span class="date">
Aug 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/card_partitions/">Card_Partitions</a></h5> <br></div>
<span class="date">
Aug 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/show/">Show</a></h5> <br></div>
<span class="date">
Jun 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/nominal2/">Nominal2</a></h5> <br></div>
<span class="date">
Jun 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/epistemic_logic/">Epistemic_Logic</a></h5> <br></div>
<span class="date">
Jun 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/szpilrajn/">Szpilrajn</a></h5> <br></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/combinatorics_words/">Combinatorics_Words</a></h5> <br></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/jinjadci/">JinjaDCI</a></h5> <br></div>
<span class="date">
Apr 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sturm_tarski/">Sturm_Tarski</a></h5> <br></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/parity_game/">Parity_Game</a></h5> <br></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sigma_commit_crypto/">Sigma_Commit_Crypto</a></h5> <br></div>
<span class="date">
Mar 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/game_based_crypto/">Game_Based_Crypto</a></h5> <br></div>
<span class="date">
Mar 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/constructive_cryptography/">Constructive_Cryptography</a></h5> <br></div>
<span class="date">
Mar 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/smith_normal_form/">Smith_Normal_Form</a></h5> <br></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lll_basis_reduction/">LLL_Basis_Reduction</a></h5> <br></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hermite/">Hermite</a></h5> <br></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/qhlprover/">QHLProver</a></h5> <br></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/power_sum_polynomials/">Power_Sum_Polynomials</a></h5> <br></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/pi_transcendental/">Pi_Transcendental</a></h5> <br></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/isabelle_marries_dirac/">Isabelle_Marries_Dirac</a></h5> <br></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/refine_imperative_hol/">Refine_Imperative_HOL</a></h5> <br></div>
<span class="date">
Feb 24
</span>
</article>
<h2 class="head">2020</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/relational_disjoint_set_forests/">Relational_Disjoint_Set_Forests</a></h5> <br></div>
<span class="date">
Dec 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/aggregation_algebras/">Aggregation_Algebras</a></h5> <br></div>
<span class="date">
Dec 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/vericomp/">VeriComp</a></h5> <br></div>
<span class="date">
Dec 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/vectorspace/">VectorSpace</a></h5> <br></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/matrix_tensor/">Matrix_Tensor</a></h5> <br></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hol-csp/">HOL-CSP</a></h5> <br></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/propositional_proof_systems/">Propositional_Proof_Systems</a></h5> <br></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/certification_monads/">Certification_Monads</a></h5> <br></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ai_planning_languages_semantics/">AI_Planning_Languages_Semantics</a></h5> <br></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/shadow_sc_dom/">Shadow_SC_DOM</a></h5> <br></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/shadow_dom/">Shadow_DOM</a></h5> <br></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/core_sc_dom/">Core_SC_DOM</a></h5> <br></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/core_dom/">Core_DOM</a></h5> <br></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/syntax_independent_logic/">Syntax_Independent_Logic</a></h5> <br></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/incompleteness/">Incompleteness</a></h5> <br></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hereditarilyfinite/">HereditarilyFinite</a></h5> <br></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/goedel_incompleteness/">Goedel_Incompleteness</a></h5> <br></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/finfun/">FinFun</a></h5> <br></div>
<span class="date">
Sep 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/extended_finite_state_machines/">Extended_Finite_State_Machines</a></h5> <br></div>
<span class="date">
Sep 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sepref_iicf/">Sepref_IICF</a></h5> <br></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/well_quasi_orders/">Well_Quasi_Orders</a></h5> <br></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/saturation_framework/">Saturation_Framework</a></h5> <br></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ordered_resolution_prover/">Ordered_Resolution_Prover</a></h5> <br></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/holcf-prelude/">HOLCF-Prelude</a></h5> <br></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/first_order_terms/">First_Order_Terms</a></h5> <br></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/pratt_certificate/">Pratt_Certificate</a></h5> <br></div>
<span class="date">
Aug 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/nash_williams/">Nash_Williams</a></h5> <br></div>
<span class="date">
Aug 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/relation_algebra/">Relation_Algebra</a></h5> <br></div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sturm_sequences/">Sturm_Sequences</a></h5> <br></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/perron_frobenius/">Perron_Frobenius</a></h5> <br></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/matrix/">Matrix</a></h5> <br></div>
<span class="date">
May 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/prime_number_theorem/">Prime_Number_Theorem</a></h5> <br></div>
<span class="date">
May 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/prime_distribution_elementary/">Prime_Distribution_Elementary</a></h5> <br></div>
<span class="date">
May 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ltl_master_theorem/">LTL_Master_Theorem</a></h5> <br></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ltl/">LTL</a></h5> <br></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/symmetric_polynomials/">Symmetric_Polynomials</a></h5> <br></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hybrid_systems_vcs/">Hybrid_Systems_VCs</a></h5> <br></div>
<span class="date">
Apr 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/mfotl_monitor/">MFOTL_Monitor</a></h5> <br></div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lambda_free_rpos/">Lambda_Free_RPOs</a></h5> <br></div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ieee_floating_point/">IEEE_Floating_Point</a></h5> <br></div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/generic_join/">Generic_Join</a></h5> <br></div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/stateful_protocol_composition_and_typing/">Stateful_Protocol_Composition_and_Typing</a></h5> <br></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/stone_algebras/">Stone_Algebras</a></h5> <br></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/probabilistic_prime_tests/">Probabilistic_Prime_Tests</a></h5> <br></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/pell/">Pell</a></h5> <br></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/root_balanced_tree/">Root_Balanced_Tree</a></h5> <br></div>
<span class="date">
Jan 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/akra_bazzi/">Akra_Bazzi</a></h5> <br></div>
<span class="date">
Jan 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/monad_normalisation/">Monad_Normalisation</a></h5> <br></div>
<span class="date">
Jan 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/monoidalcategory/">MonoidalCategory</a></h5> <br></div>
<span class="date">
Jan 06
</span>
</article>
<h2 class="head">2019</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/e_transcendental/">E_Transcendental</a></h5> <br></div>
<span class="date">
Dec 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hol-ode-numerics/">HOL-ODE-Numerics</a></h5> <br></div>
<span class="date">
Dec 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dirichlet_l/">Dirichlet_L</a></h5> <br></div>
<span class="date">
Dec 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/crypthol/">CryptHOL</a></h5> <br></div>
<span class="date">
Oct 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/transformer_semantics/">Transformer_Semantics</a></h5> <br></div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ordinary_differential_equations/">Ordinary_Differential_Equations</a></h5> <br></div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/kat_and_dra/">KAT_and_DRA</a></h5> <br></div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/kad/">KAD</a></h5> <br></div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/transition_systems_and_automata/">Transition_Systems_and_Automata</a></h5> <br></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/farkas/">Farkas</a></h5> <br></div>
<span class="date">
Aug 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/pairing_heap/">Pairing_Heap</a></h5> <br></div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/huffman/">Huffman</a></h5> <br></div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/higher_order_terms/">Higher_Order_Terms</a></h5> <br></div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dict_construction/">Dict_Construction</a></h5> <br></div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/constructor_funs/">Constructor_Funs</a></h5> <br></div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/cakeml/">CakeML</a></h5> <br></div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/priority_search_trees/">Priority_Search_Trees</a></h5> <br></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/imp2/">IMP2</a></h5> <br></div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/median_of_medians_selection/">Median_Of_Medians_Selection</a></h5> <br></div>
<span class="date">
May 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/deep_learning/">Deep_Learning</a></h5> <br></div>
<span class="date">
Mar 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/zeta_function/">Zeta_Function</a></h5> <br></div>
<span class="date">
Feb 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/refine_monadic/">Refine_Monadic</a></h5> <br></div>
<span class="date">
Feb 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/matroids/">Matroids</a></h5> <br></div>
<span class="date">
Feb 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/utp-toolkit/">UTP-Toolkit</a></h5> <br></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/optics/">Optics</a></h5> <br></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/simplex/">Simplex</a></h5> <br></div>
<span class="date">
Jan 17
</span>
</article>
<h2 class="head">2018</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/auto2_hol/">Auto2_HOL</a></h5> <br></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/quantales/">Quantales</a></h5> <br></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/order_lattice_props/">Order_Lattice_Props</a></h5> <br></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/kleene_algebra/">Kleene_Algebra</a></h5> <br></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/open_induction/">Open_Induction</a></h5> <br></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/random_bsts/">Random_BSTs</a></h5> <br></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/recursion-theory-i/">Recursion-Theory-I</a></h5> <br></div>
<span class="date">
Aug 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/abstract-rewriting/">Abstract-Rewriting</a></h5> <br></div>
<span class="date">
Aug 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/first_welfare_theorem/">First_Welfare_Theorem</a></h5> <br></div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/stuttering_equivalence/">Stuttering_Equivalence</a></h5> <br></div>
<span class="date">
Jun 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/coinductive/">Coinductive</a></h5> <br></div>
<span class="date">
Jun 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/monad_memo_dp/">Monad_Memo_DP</a></h5> <br></div>
<span class="date">
May 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/markov_models/">Markov_Models</a></h5> <br></div>
<span class="date">
May 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/timed_automata/">Timed_Automata</a></h5> <br></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/randomised_social_choice/">Randomised_Social_Choice</a></h5> <br></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lem/">LEM</a></h5> <br></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dynamicarchitectures/">DynamicArchitectures</a></h5> <br></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/separation_algebra/">Separation_Algebra</a></h5> <br></div>
<span class="date">
Feb 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/landau_symbols/">Landau_Symbols</a></h5> <br></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/comparison_sort_lower_bound/">Comparison_Sort_Lower_Bound</a></h5> <br></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/affine_arithmetic/">Affine_Arithmetic</a></h5> <br></div>
<span class="date">
Jan 08
</span>
</article>
<h2 class="head">2017</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/discrete_summation/">Discrete_Summation</a></h5> <br></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/finitely_generated_abelian_groups/">Finitely_Generated_Abelian_Groups</a></h5> <br></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/crdt/">CRDT</a></h5> <br></div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/gabow_scc/">Gabow_SCC</a></h5> <br></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dfs_framework/">DFS_Framework</a></h5> <br></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/winding_number_eval/">Winding_Number_Eval</a></h5> <br></div>
<span class="date">
Oct 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/linear_recurrences/">Linear_Recurrences</a></h5> <br></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/euler_maclaurin/">Euler_MacLaurin</a></h5> <br></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/count_complex_roots/">Count_Complex_Roots</a></h5> <br></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/amortized_complexity/">Amortized_Complexity</a></h5> <br></div>
<span class="date">
Aug 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/triangle/">Triangle</a></h5> <br></div>
<span class="date">
Jul 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/stone_relation_algebras/">Stone_Relation_Algebras</a></h5> <br></div>
<span class="date">
Jul 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/program-conflict-analysis/">Program-Conflict-Analysis</a></h5> <br></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/flow_networks/">Flow_Networks</a></h5> <br></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/cava_automata/">CAVA_Automata</a></h5> <br></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lazy_case/">Lazy_Case</a></h5> <br></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/probabilistic_while/">Probabilistic_While</a></h5> <br></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/monomorphic_monad/">Monomorphic_Monad</a></h5> <br></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/mfmc_countable/">MFMC_Countable</a></h5> <br></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/applicative_lifting/">Applicative_Lifting</a></h5> <br></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/category3/">Category3</a></h5> <br></div>
<span class="date">
May 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/quick_sort_cost/">Quick_Sort_Cost</a></h5> <br></div>
<span class="date">
Apr 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/regular-sets/">Regular-Sets</a></h5> <br></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/formal_ssa/">Formal_SSA</a></h5> <br></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/upf/">UPF</a></h5> <br></div>
<span class="date">
Jan 08
</span>
</article>
<h2 class="head">2016</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/card_number_partitions/">Card_Number_Partitions</a></h5> <br></div>
<span class="date">
Dec 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/card_multisets/">Card_Multisets</a></h5> <br></div>
<span class="date">
Dec 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/bell_numbers_spivey/">Bell_Numbers_Spivey</a></h5> <br></div>
<span class="date">
Dec 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ordinal/">Ordinal</a></h5> <br></div>
<span class="date">
Nov 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/iptables_semantics/">Iptables_Semantics</a></h5> <br></div>
<span class="date">
Oct 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/subresultants/">Subresultants</a></h5> <br></div>
<span class="date">
Oct 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/efficient-mergesort/">Efficient-Mergesort</a></h5> <br></div>
<span class="date">
Oct 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/routing/">Routing</a></h5> <br></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/iptables_semantics_examples/">Iptables_Semantics_Examples</a></h5> <br></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/simple_firewall/">Simple_Firewall</a></h5> <br></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ip_addresses/">IP_Addresses</a></h5> <br></div>
<span class="date">
Aug 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sepref_basic/">Sepref_Basic</a></h5> <br></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/separation_logic_imperative_hol/">Separation_Logic_Imperative_HOL</a></h5> <br></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dijkstra_shortest_path/">Dijkstra_Shortest_Path</a></h5> <br></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/collections_examples/">Collections_Examples</a></h5> <br></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dependent_sifum_type_systems/">Dependent_SIFUM_Type_Systems</a></h5> <br></div>
<span class="date">
Jun 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/noninterference_sequential_composition/">Noninterference_Sequential_Composition</a></h5> <br></div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/rank_nullity_theorem/">Rank_Nullity_Theorem</a></h5> <br></div>
<span class="date">
May 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/edmondskarp_maxflow/">EdmondsKarp_Maxflow</a></h5> <br></div>
<span class="date">
May 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/noninterference_ipurge_unwinding/">Noninterference_Ipurge_Unwinding</a></h5> <br></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/boolean_expression_checkers/">Boolean_Expression_Checkers</a></h5> <br></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/slicing/">Slicing</a></h5> <br></div>
<span class="date">
Feb 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sqrt_babylonian/">Sqrt_Babylonian</a></h5> <br></div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/partial_function_mr/">Partial_Function_MR</a></h5> <br></div>
<span class="date">
Jan 29
</span>
</article>
<h2 class="head">2015</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/marriage/">Marriage</a></h5> <br></div>
<span class="date">
Dec 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/transitive-closure/">Transitive-Closure</a></h5> <br></div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/simpl/">Simpl</a></h5> <br></div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/case_labeling/">Case_Labeling</a></h5> <br></div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/kbps/">KBPs</a></h5> <br></div>
<span class="date">
Sep 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/echelon_form/">Echelon_Form</a></h5> <br></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/noninterference_csp/">Noninterference_CSP</a></h5> <br></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/list_interleaving/">List_Interleaving</a></h5> <br></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/formula_derivatives/">Formula_Derivatives</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/coinductive_languages/">Coinductive_Languages</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/concurrentimp/">ConcurrentIMP</a></h5> <br></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/heard_of/">Heard_Of</a></h5> <br></div>
<span class="date">
Mar 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/launchbury/">Launchbury</a></h5> <br></div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/cayley_hamilton/">Cayley_Hamilton</a></h5> <br></div>
<span class="date">
Feb 12
</span>
</article>
<h2 class="head">2014</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/awn/">AWN</a></h5> <br></div>
<span class="date">
Oct 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/secondary_sylow/">Secondary_Sylow</a></h5> <br></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/splay_tree/">Splay_Tree</a></h5> <br></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/skew_heap/">Skew_Heap</a></h5> <br></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sm_base/">SM_Base</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sm/">SM</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/promela/">Promela</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/partial_order_reduction/">Partial_Order_Reduction</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ltl_to_gba/">LTL_to_GBA</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/cava_setup/">CAVA_Setup</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/cava_base/">CAVA_Base</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/strong_security/">Strong_Security</a></h5> <br></div>
<span class="date">
Apr 23
</span>
</article>
<h2 class="head">2013</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lehmer/">Lehmer</a></h5> <br></div>
<span class="date">
Jul 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/trie/">Trie</a></h5> <br></div>
<span class="date">
Apr 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/finger-trees/">Finger-Trees</a></h5> <br></div>
<span class="date">
Apr 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/cauchy/">Cauchy</a></h5> <br></div>
<span class="date">
Jan 03
</span>
</article>
<h2 class="head">2012</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lorenz_approximation/">Lorenz_Approximation</a></h5> <br></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/gauss-jordan-elim-fun/">Gauss-Jordan-Elim-Fun</a></h5> <br></div>
<span class="date">
Jan 03
</span>
</article>
<h2 class="head">2011</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/latticeproperties/">LatticeProperties</a></h5> <br></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/nat-interval-logic/">Nat-Interval-Logic</a></h5> <br></div>
<span class="date">
Feb 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/list-infinite/">List-Infinite</a></h5> <br></div>
<span class="date">
Feb 23
</span>
</article>
<h2 class="head">2010</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/datarefinementibp/">DataRefinementIBP</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hrb-slicing/">HRB-Slicing</a></h5> <br></div>
<span class="date">
Mar 23
</span>
</article>
<h2 class="head">2009</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/binomial-heaps/">Binomial-Heaps</a></h5> <br></div>
<span class="date">
Nov 25
</span>
</article>
<h2 class="head">2007</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/group-ring-module/">Group-Ring-Module</a></h5> <br></div>
<span class="date">
Aug 08
</span>
</article>
<h2 class="head">2006</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/flyspeck-tame/">Flyspeck-Tame</a></h5> <br></div>
<span class="date">
May 22
</span>
</article>
<h2 class="head">2004</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lazy-lists-ii/">Lazy-Lists-II</a></h5> <br></div>
<span class="date">
Apr 26
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/dependencies/index.json b/web/dependencies/index.json
--- a/web/dependencies/index.json
+++ b/web/dependencies/index.json
@@ -1,1 +1,1 @@
-[{"id":0,"link":"/dependencies/abstract-rewriting/","name":"Abstract-Rewriting"},{"id":1,"link":"/dependencies/abstract_completeness/","name":"Abstract_Completeness"},{"id":2,"link":"/dependencies/abstract_soundness/","name":"Abstract_Soundness"},{"id":3,"link":"/dependencies/affine_arithmetic/","name":"Affine_Arithmetic"},{"id":4,"link":"/dependencies/aggregation_algebras/","name":"Aggregation_Algebras"},{"id":5,"link":"/dependencies/ai_planning_languages_semantics/","name":"AI_Planning_Languages_Semantics"},{"id":6,"link":"/dependencies/akra_bazzi/","name":"Akra_Bazzi"},{"id":7,"link":"/dependencies/algebraic_numbers/","name":"Algebraic_Numbers"},{"id":8,"link":"/dependencies/amortized_complexity/","name":"Amortized_Complexity"},{"id":9,"link":"/dependencies/applicative_lifting/","name":"Applicative_Lifting"},{"id":10,"link":"/dependencies/auto2_hol/","name":"Auto2_HOL"},{"id":11,"link":"/dependencies/automatic_refinement/","name":"Automatic_Refinement"},{"id":12,"link":"/dependencies/awn/","name":"AWN"},{"id":13,"link":"/dependencies/banach_steinhaus/","name":"Banach_Steinhaus"},{"id":14,"link":"/dependencies/bd_security_compositional/","name":"BD_Security_Compositional"},{"id":15,"link":"/dependencies/bell_numbers_spivey/","name":"Bell_Numbers_Spivey"},{"id":16,"link":"/dependencies/benor_kozen_reif/","name":"BenOr_Kozen_Reif"},{"id":17,"link":"/dependencies/berlekamp_zassenhaus/","name":"Berlekamp_Zassenhaus"},{"id":18,"link":"/dependencies/bernoulli/","name":"Bernoulli"},{"id":19,"link":"/dependencies/bertrands_postulate/","name":"Bertrands_Postulate"},{"id":20,"link":"/dependencies/binomial-heaps/","name":"Binomial-Heaps"},{"id":21,"link":"/dependencies/boolean_expression_checkers/","name":"Boolean_Expression_Checkers"},{"id":22,"link":"/dependencies/bounded_deducibility_security/","name":"Bounded_Deducibility_Security"},{"id":23,"link":"/dependencies/budan_fourier/","name":"Budan_Fourier"},{"id":24,"link":"/dependencies/cakeml/","name":"CakeML"},{"id":25,"link":"/dependencies/card_equiv_relations/","name":"Card_Equiv_Relations"},{"id":26,"link":"/dependencies/card_multisets/","name":"Card_Multisets"},{"id":27,"link":"/dependencies/card_number_partitions/","name":"Card_Number_Partitions"},{"id":28,"link":"/dependencies/card_partitions/","name":"Card_Partitions"},{"id":29,"link":"/dependencies/case_labeling/","name":"Case_Labeling"},{"id":30,"link":"/dependencies/category3/","name":"Category3"},{"id":31,"link":"/dependencies/cauchy/","name":"Cauchy"},{"id":32,"link":"/dependencies/cava_automata/","name":"CAVA_Automata"},{"id":33,"link":"/dependencies/cava_base/","name":"CAVA_Base"},{"id":34,"link":"/dependencies/cava_setup/","name":"CAVA_Setup"},{"id":35,"link":"/dependencies/cayley_hamilton/","name":"Cayley_Hamilton"},{"id":36,"link":"/dependencies/certification_monads/","name":"Certification_Monads"},{"id":37,"link":"/dependencies/coinductive/","name":"Coinductive"},{"id":38,"link":"/dependencies/coinductive_languages/","name":"Coinductive_Languages"},{"id":39,"link":"/dependencies/collections/","name":"Collections"},{"id":40,"link":"/dependencies/collections_examples/","name":"Collections_Examples"},{"id":41,"link":"/dependencies/combinatorics_words/","name":"Combinatorics_Words"},{"id":42,"link":"/dependencies/comparison_sort_lower_bound/","name":"Comparison_Sort_Lower_Bound"},{"id":43,"link":"/dependencies/complex_bounded_operators/","name":"Complex_Bounded_Operators"},{"id":44,"link":"/dependencies/complex_geometry/","name":"Complex_Geometry"},{"id":45,"link":"/dependencies/concurrentimp/","name":"ConcurrentIMP"},{"id":46,"link":"/dependencies/conditional_simplification/","name":"Conditional_Simplification"},{"id":47,"link":"/dependencies/conditional_transfer_rule/","name":"Conditional_Transfer_Rule"},{"id":48,"link":"/dependencies/constructive_cryptography/","name":"Constructive_Cryptography"},{"id":49,"link":"/dependencies/constructor_funs/","name":"Constructor_Funs"},{"id":50,"link":"/dependencies/containers/","name":"Containers"},{"id":51,"link":"/dependencies/core_dom/","name":"Core_DOM"},{"id":52,"link":"/dependencies/core_sc_dom/","name":"Core_SC_DOM"},{"id":53,"link":"/dependencies/count_complex_roots/","name":"Count_Complex_Roots"},{"id":54,"link":"/dependencies/crdt/","name":"CRDT"},{"id":55,"link":"/dependencies/crypthol/","name":"CryptHOL"},{"id":56,"link":"/dependencies/czh_elementary_categories/","name":"CZH_Elementary_Categories"},{"id":57,"link":"/dependencies/czh_foundations/","name":"CZH_Foundations"},{"id":58,"link":"/dependencies/datarefinementibp/","name":"DataRefinementIBP"},{"id":59,"link":"/dependencies/datatype_order_generator/","name":"Datatype_Order_Generator"},{"id":60,"link":"/dependencies/deep_learning/","name":"Deep_Learning"},{"id":61,"link":"/dependencies/delta_system_lemma/","name":"Delta_System_Lemma"},{"id":62,"link":"/dependencies/dependent_sifum_type_systems/","name":"Dependent_SIFUM_Type_Systems"},{"id":63,"link":"/dependencies/deriving/","name":"Deriving"},{"id":64,"link":"/dependencies/design_theory/","name":"Design_Theory"},{"id":65,"link":"/dependencies/dfs_framework/","name":"DFS_Framework"},{"id":66,"link":"/dependencies/dict_construction/","name":"Dict_Construction"},{"id":67,"link":"/dependencies/digit_expansions/","name":"Digit_Expansions"},{"id":68,"link":"/dependencies/dijkstra_shortest_path/","name":"Dijkstra_Shortest_Path"},{"id":69,"link":"/dependencies/dirichlet_l/","name":"Dirichlet_L"},{"id":70,"link":"/dependencies/dirichlet_series/","name":"Dirichlet_Series"},{"id":71,"link":"/dependencies/discrete_summation/","name":"Discrete_Summation"},{"id":72,"link":"/dependencies/dynamicarchitectures/","name":"DynamicArchitectures"},{"id":73,"link":"/dependencies/e_transcendental/","name":"E_Transcendental"},{"id":74,"link":"/dependencies/echelon_form/","name":"Echelon_Form"},{"id":75,"link":"/dependencies/edmondskarp_maxflow/","name":"EdmondsKarp_Maxflow"},{"id":76,"link":"/dependencies/efficient-mergesort/","name":"Efficient-Mergesort"},{"id":77,"link":"/dependencies/epistemic_logic/","name":"Epistemic_Logic"},{"id":78,"link":"/dependencies/equivalence_relation_enumeration/","name":"Equivalence_Relation_Enumeration"},{"id":79,"link":"/dependencies/ergodic_theory/","name":"Ergodic_Theory"},{"id":80,"link":"/dependencies/euler_maclaurin/","name":"Euler_MacLaurin"},{"id":81,"link":"/dependencies/extended_finite_state_machines/","name":"Extended_Finite_State_Machines"},{"id":82,"link":"/dependencies/factor_algebraic_polynomial/","name":"Factor_Algebraic_Polynomial"},{"id":83,"link":"/dependencies/farkas/","name":"Farkas"},{"id":84,"link":"/dependencies/finfun/","name":"FinFun"},{"id":85,"link":"/dependencies/finger-trees/","name":"Finger-Trees"},{"id":86,"link":"/dependencies/finite_fields/","name":"Finite_Fields"},{"id":87,"link":"/dependencies/finitely_generated_abelian_groups/","name":"Finitely_Generated_Abelian_Groups"},{"id":88,"link":"/dependencies/first_order_terms/","name":"First_Order_Terms"},{"id":89,"link":"/dependencies/first_welfare_theorem/","name":"First_Welfare_Theorem"},{"id":90,"link":"/dependencies/flow_networks/","name":"Flow_Networks"},{"id":91,"link":"/dependencies/flyspeck-tame/","name":"Flyspeck-Tame"},{"id":92,"link":"/dependencies/fol-fitting/","name":"FOL-Fitting"},{"id":93,"link":"/dependencies/fol_seq_calc1/","name":"FOL_Seq_Calc1"},{"id":94,"link":"/dependencies/formal_ssa/","name":"Formal_SSA"},{"id":95,"link":"/dependencies/formula_derivatives/","name":"Formula_Derivatives"},{"id":96,"link":"/dependencies/fresh_identifiers/","name":"Fresh_Identifiers"},{"id":97,"link":"/dependencies/gabow_scc/","name":"Gabow_SCC"},{"id":98,"link":"/dependencies/game_based_crypto/","name":"Game_Based_Crypto"},{"id":99,"link":"/dependencies/gauss-jordan-elim-fun/","name":"Gauss-Jordan-Elim-Fun"},{"id":100,"link":"/dependencies/gauss_jordan/","name":"Gauss_Jordan"},{"id":101,"link":"/dependencies/generic_join/","name":"Generic_Join"},{"id":102,"link":"/dependencies/girth_chromatic/","name":"Girth_Chromatic"},{"id":103,"link":"/dependencies/goedel_incompleteness/","name":"Goedel_Incompleteness"},{"id":104,"link":"/dependencies/graph_theory/","name":"Graph_Theory"},{"id":105,"link":"/dependencies/groebner_bases/","name":"Groebner_Bases"},{"id":106,"link":"/dependencies/group-ring-module/","name":"Group-Ring-Module"},{"id":107,"link":"/dependencies/heard_of/","name":"Heard_Of"},{"id":108,"link":"/dependencies/hereditarilyfinite/","name":"HereditarilyFinite"},{"id":109,"link":"/dependencies/hermite/","name":"Hermite"},{"id":110,"link":"/dependencies/hermite_lindemann/","name":"Hermite_Lindemann"},{"id":111,"link":"/dependencies/higher_order_terms/","name":"Higher_Order_Terms"},{"id":112,"link":"/dependencies/hol-csp/","name":"HOL-CSP"},{"id":113,"link":"/dependencies/hol-ode-numerics/","name":"HOL-ODE-Numerics"},{"id":114,"link":"/dependencies/holcf-prelude/","name":"HOLCF-Prelude"},{"id":115,"link":"/dependencies/hrb-slicing/","name":"HRB-Slicing"},{"id":116,"link":"/dependencies/huffman/","name":"Huffman"},{"id":117,"link":"/dependencies/hybrid_systems_vcs/","name":"Hybrid_Systems_VCs"},{"id":118,"link":"/dependencies/ieee_floating_point/","name":"IEEE_Floating_Point"},{"id":119,"link":"/dependencies/imp2/","name":"IMP2"},{"id":120,"link":"/dependencies/incompleteness/","name":"Incompleteness"},{"id":121,"link":"/dependencies/interpolation_polynomials_hol_algebra/","name":"Interpolation_Polynomials_HOL_Algebra"},{"id":122,"link":"/dependencies/intro_dest_elim/","name":"Intro_Dest_Elim"},{"id":123,"link":"/dependencies/ip_addresses/","name":"IP_Addresses"},{"id":124,"link":"/dependencies/iptables_semantics/","name":"Iptables_Semantics"},{"id":125,"link":"/dependencies/iptables_semantics_examples/","name":"Iptables_Semantics_Examples"},{"id":126,"link":"/dependencies/isabelle_marries_dirac/","name":"Isabelle_Marries_Dirac"},{"id":127,"link":"/dependencies/jacobson_basic_algebra/","name":"Jacobson_Basic_Algebra"},{"id":128,"link":"/dependencies/jinja/","name":"Jinja"},{"id":129,"link":"/dependencies/jinjadci/","name":"JinjaDCI"},{"id":130,"link":"/dependencies/jordan_normal_form/","name":"Jordan_Normal_Form"},{"id":131,"link":"/dependencies/kad/","name":"KAD"},{"id":132,"link":"/dependencies/kat_and_dra/","name":"KAT_and_DRA"},{"id":133,"link":"/dependencies/kbps/","name":"KBPs"},{"id":134,"link":"/dependencies/kleene_algebra/","name":"Kleene_Algebra"},{"id":135,"link":"/dependencies/knuth_bendix_order/","name":"Knuth_Bendix_Order"},{"id":136,"link":"/dependencies/lambda_free_rpos/","name":"Lambda_Free_RPOs"},{"id":137,"link":"/dependencies/landau_symbols/","name":"Landau_Symbols"},{"id":138,"link":"/dependencies/latticeproperties/","name":"LatticeProperties"},{"id":139,"link":"/dependencies/launchbury/","name":"Launchbury"},{"id":140,"link":"/dependencies/lazy-lists-ii/","name":"Lazy-Lists-II"},{"id":141,"link":"/dependencies/lazy_case/","name":"Lazy_Case"},{"id":142,"link":"/dependencies/lehmer/","name":"Lehmer"},{"id":143,"link":"/dependencies/lem/","name":"LEM"},{"id":144,"link":"/dependencies/linear_inequalities/","name":"Linear_Inequalities"},{"id":145,"link":"/dependencies/linear_recurrences/","name":"Linear_Recurrences"},{"id":146,"link":"/dependencies/list-index/","name":"List-Index"},{"id":147,"link":"/dependencies/list-infinite/","name":"List-Infinite"},{"id":148,"link":"/dependencies/list_interleaving/","name":"List_Interleaving"},{"id":149,"link":"/dependencies/lll_basis_reduction/","name":"LLL_Basis_Reduction"},{"id":150,"link":"/dependencies/lorenz_approximation/","name":"Lorenz_Approximation"},{"id":151,"link":"/dependencies/lp/","name":"Lp"},{"id":152,"link":"/dependencies/ltl/","name":"LTL"},{"id":153,"link":"/dependencies/ltl_master_theorem/","name":"LTL_Master_Theorem"},{"id":154,"link":"/dependencies/ltl_to_gba/","name":"LTL_to_GBA"},{"id":155,"link":"/dependencies/lucas_theorem/","name":"Lucas_Theorem"},{"id":156,"link":"/dependencies/markov_models/","name":"Markov_Models"},{"id":157,"link":"/dependencies/marriage/","name":"Marriage"},{"id":158,"link":"/dependencies/matrix/","name":"Matrix"},{"id":159,"link":"/dependencies/matrix_tensor/","name":"Matrix_Tensor"},{"id":160,"link":"/dependencies/matroids/","name":"Matroids"},{"id":161,"link":"/dependencies/mdp-rewards/","name":"MDP-Rewards"},{"id":162,"link":"/dependencies/median_method/","name":"Median_Method"},{"id":163,"link":"/dependencies/median_of_medians_selection/","name":"Median_Of_Medians_Selection"},{"id":164,"link":"/dependencies/mfmc_countable/","name":"MFMC_Countable"},{"id":165,"link":"/dependencies/mfotl_monitor/","name":"MFOTL_Monitor"},{"id":166,"link":"/dependencies/monad_memo_dp/","name":"Monad_Memo_DP"},{"id":167,"link":"/dependencies/monad_normalisation/","name":"Monad_Normalisation"},{"id":168,"link":"/dependencies/monobooltranalgebra/","name":"MonoBoolTranAlgebra"},{"id":169,"link":"/dependencies/monoidalcategory/","name":"MonoidalCategory"},{"id":170,"link":"/dependencies/monomorphic_monad/","name":"Monomorphic_Monad"},{"id":171,"link":"/dependencies/nash_williams/","name":"Nash_Williams"},{"id":172,"link":"/dependencies/nat-interval-logic/","name":"Nat-Interval-Logic"},{"id":173,"link":"/dependencies/native_word/","name":"Native_Word"},{"id":174,"link":"/dependencies/nested_multisets_ordinals/","name":"Nested_Multisets_Ordinals"},{"id":175,"link":"/dependencies/nominal2/","name":"Nominal2"},{"id":176,"link":"/dependencies/noninterference_csp/","name":"Noninterference_CSP"},{"id":177,"link":"/dependencies/noninterference_ipurge_unwinding/","name":"Noninterference_Ipurge_Unwinding"},{"id":178,"link":"/dependencies/noninterference_sequential_composition/","name":"Noninterference_Sequential_Composition"},{"id":179,"link":"/dependencies/number_theoretic_transform/","name":"Number_Theoretic_Transform"},{"id":180,"link":"/dependencies/open_induction/","name":"Open_Induction"},{"id":181,"link":"/dependencies/optics/","name":"Optics"},{"id":182,"link":"/dependencies/order_lattice_props/","name":"Order_Lattice_Props"},{"id":183,"link":"/dependencies/ordered_resolution_prover/","name":"Ordered_Resolution_Prover"},{"id":184,"link":"/dependencies/ordinal/","name":"Ordinal"},{"id":185,"link":"/dependencies/ordinary_differential_equations/","name":"Ordinary_Differential_Equations"},{"id":186,"link":"/dependencies/package_logic/","name":"Package_logic"},{"id":187,"link":"/dependencies/pairing_heap/","name":"Pairing_Heap"},{"id":188,"link":"/dependencies/parity_game/","name":"Parity_Game"},{"id":189,"link":"/dependencies/partial_function_mr/","name":"Partial_Function_MR"},{"id":190,"link":"/dependencies/partial_order_reduction/","name":"Partial_Order_Reduction"},{"id":191,"link":"/dependencies/pell/","name":"Pell"},{"id":192,"link":"/dependencies/perron_frobenius/","name":"Perron_Frobenius"},{"id":193,"link":"/dependencies/pi_transcendental/","name":"Pi_Transcendental"},{"id":194,"link":"/dependencies/pluennecke_ruzsa_inequality/","name":"Pluennecke_Ruzsa_Inequality"},{"id":195,"link":"/dependencies/polynomial_factorization/","name":"Polynomial_Factorization"},{"id":196,"link":"/dependencies/polynomial_interpolation/","name":"Polynomial_Interpolation"},{"id":197,"link":"/dependencies/polynomials/","name":"Polynomials"},{"id":198,"link":"/dependencies/power_sum_polynomials/","name":"Power_Sum_Polynomials"},{"id":199,"link":"/dependencies/pratt_certificate/","name":"Pratt_Certificate"},{"id":200,"link":"/dependencies/prefix_free_code_combinators/","name":"Prefix_Free_Code_Combinators"},{"id":201,"link":"/dependencies/prime_distribution_elementary/","name":"Prime_Distribution_Elementary"},{"id":202,"link":"/dependencies/prime_number_theorem/","name":"Prime_Number_Theorem"},{"id":203,"link":"/dependencies/priority_search_trees/","name":"Priority_Search_Trees"},{"id":204,"link":"/dependencies/probabilistic_prime_tests/","name":"Probabilistic_Prime_Tests"},{"id":205,"link":"/dependencies/probabilistic_while/","name":"Probabilistic_While"},{"id":206,"link":"/dependencies/program-conflict-analysis/","name":"Program-Conflict-Analysis"},{"id":207,"link":"/dependencies/projective_measurements/","name":"Projective_Measurements"},{"id":208,"link":"/dependencies/promela/","name":"Promela"},{"id":209,"link":"/dependencies/propositional_proof_systems/","name":"Propositional_Proof_Systems"},{"id":210,"link":"/dependencies/qhlprover/","name":"QHLProver"},{"id":211,"link":"/dependencies/quantales/","name":"Quantales"},{"id":212,"link":"/dependencies/quick_sort_cost/","name":"Quick_Sort_Cost"},{"id":213,"link":"/dependencies/random_bsts/","name":"Random_BSTs"},{"id":214,"link":"/dependencies/random_graph_subgraph_threshold/","name":"Random_Graph_Subgraph_Threshold"},{"id":215,"link":"/dependencies/randomised_social_choice/","name":"Randomised_Social_Choice"},{"id":216,"link":"/dependencies/rank_nullity_theorem/","name":"Rank_Nullity_Theorem"},{"id":217,"link":"/dependencies/real_impl/","name":"Real_Impl"},{"id":218,"link":"/dependencies/recursion-theory-i/","name":"Recursion-Theory-I"},{"id":219,"link":"/dependencies/refine_imperative_hol/","name":"Refine_Imperative_HOL"},{"id":220,"link":"/dependencies/refine_monadic/","name":"Refine_Monadic"},{"id":221,"link":"/dependencies/regular-sets/","name":"Regular-Sets"},{"id":222,"link":"/dependencies/regular_tree_relations/","name":"Regular_Tree_Relations"},{"id":223,"link":"/dependencies/relation_algebra/","name":"Relation_Algebra"},{"id":224,"link":"/dependencies/relational_disjoint_set_forests/","name":"Relational_Disjoint_Set_Forests"},{"id":225,"link":"/dependencies/robdd/","name":"ROBDD"},{"id":226,"link":"/dependencies/root_balanced_tree/","name":"Root_Balanced_Tree"},{"id":227,"link":"/dependencies/routing/","name":"Routing"},{"id":228,"link":"/dependencies/saturation_framework/","name":"Saturation_Framework"},{"id":229,"link":"/dependencies/secondary_sylow/","name":"Secondary_Sylow"},{"id":230,"link":"/dependencies/separation_algebra/","name":"Separation_Algebra"},{"id":231,"link":"/dependencies/separation_logic_imperative_hol/","name":"Separation_Logic_Imperative_HOL"},{"id":232,"link":"/dependencies/sepref_basic/","name":"Sepref_Basic"},{"id":233,"link":"/dependencies/sepref_iicf/","name":"Sepref_IICF"},{"id":234,"link":"/dependencies/sepref_prereq/","name":"Sepref_Prereq"},{"id":235,"link":"/dependencies/shadow_dom/","name":"Shadow_DOM"},{"id":236,"link":"/dependencies/shadow_sc_dom/","name":"Shadow_SC_DOM"},{"id":237,"link":"/dependencies/show/","name":"Show"},{"id":238,"link":"/dependencies/sigma_commit_crypto/","name":"Sigma_Commit_Crypto"},{"id":239,"link":"/dependencies/simpl/","name":"Simpl"},{"id":240,"link":"/dependencies/simple_firewall/","name":"Simple_Firewall"},{"id":241,"link":"/dependencies/simplex/","name":"Simplex"},{"id":242,"link":"/dependencies/skew_heap/","name":"Skew_Heap"},{"id":243,"link":"/dependencies/slicing/","name":"Slicing"},{"id":244,"link":"/dependencies/sm/","name":"SM"},{"id":245,"link":"/dependencies/sm_base/","name":"SM_Base"},{"id":246,"link":"/dependencies/smith_normal_form/","name":"Smith_Normal_Form"},{"id":247,"link":"/dependencies/speccheck/","name":"SpecCheck"},{"id":248,"link":"/dependencies/splay_tree/","name":"Splay_Tree"},{"id":249,"link":"/dependencies/sqrt_babylonian/","name":"Sqrt_Babylonian"},{"id":250,"link":"/dependencies/stateful_protocol_composition_and_typing/","name":"Stateful_Protocol_Composition_and_Typing"},{"id":251,"link":"/dependencies/stirling_formula/","name":"Stirling_Formula"},{"id":252,"link":"/dependencies/stone_algebras/","name":"Stone_Algebras"},{"id":253,"link":"/dependencies/stone_kleene_relation_algebras/","name":"Stone_Kleene_Relation_Algebras"},{"id":254,"link":"/dependencies/stone_relation_algebras/","name":"Stone_Relation_Algebras"},{"id":255,"link":"/dependencies/strong_security/","name":"Strong_Security"},{"id":256,"link":"/dependencies/sturm_sequences/","name":"Sturm_Sequences"},{"id":257,"link":"/dependencies/sturm_tarski/","name":"Sturm_Tarski"},{"id":258,"link":"/dependencies/stuttering_equivalence/","name":"Stuttering_Equivalence"},{"id":259,"link":"/dependencies/subresultants/","name":"Subresultants"},{"id":260,"link":"/dependencies/subset_boolean_algebras/","name":"Subset_Boolean_Algebras"},{"id":261,"link":"/dependencies/sunflowers/","name":"Sunflowers"},{"id":262,"link":"/dependencies/symmetric_polynomials/","name":"Symmetric_Polynomials"},{"id":263,"link":"/dependencies/syntax_independent_logic/","name":"Syntax_Independent_Logic"},{"id":264,"link":"/dependencies/szemeredi_regularity/","name":"Szemeredi_Regularity"},{"id":265,"link":"/dependencies/szpilrajn/","name":"Szpilrajn"},{"id":266,"link":"/dependencies/timed_automata/","name":"Timed_Automata"},{"id":267,"link":"/dependencies/transformer_semantics/","name":"Transformer_Semantics"},{"id":268,"link":"/dependencies/transition_systems_and_automata/","name":"Transition_Systems_and_Automata"},{"id":269,"link":"/dependencies/transitive-closure/","name":"Transitive-Closure"},{"id":270,"link":"/dependencies/transitive_models/","name":"Transitive_Models"},{"id":271,"link":"/dependencies/triangle/","name":"Triangle"},{"id":272,"link":"/dependencies/trie/","name":"Trie"},{"id":273,"link":"/dependencies/universal_hash_families/","name":"Universal_Hash_Families"},{"id":274,"link":"/dependencies/upf/","name":"UPF"},{"id":275,"link":"/dependencies/utp-toolkit/","name":"UTP-Toolkit"},{"id":276,"link":"/dependencies/vectorspace/","name":"VectorSpace"},{"id":277,"link":"/dependencies/vericomp/","name":"VeriComp"},{"id":278,"link":"/dependencies/weighted_path_order/","name":"Weighted_Path_Order"},{"id":279,"link":"/dependencies/well_quasi_orders/","name":"Well_Quasi_Orders"},{"id":280,"link":"/dependencies/winding_number_eval/","name":"Winding_Number_Eval"},{"id":281,"link":"/dependencies/word_lib/","name":"Word_Lib"},{"id":282,"link":"/dependencies/zeta_function/","name":"Zeta_Function"},{"id":283,"link":"/dependencies/zfc_in_hol/","name":"ZFC_in_HOL"}]
\ No newline at end of file
+[{"id":0,"link":"/dependencies/abstract-rewriting/","name":"Abstract-Rewriting"},{"id":1,"link":"/dependencies/abstract_completeness/","name":"Abstract_Completeness"},{"id":2,"link":"/dependencies/abstract_soundness/","name":"Abstract_Soundness"},{"id":3,"link":"/dependencies/affine_arithmetic/","name":"Affine_Arithmetic"},{"id":4,"link":"/dependencies/aggregation_algebras/","name":"Aggregation_Algebras"},{"id":5,"link":"/dependencies/ai_planning_languages_semantics/","name":"AI_Planning_Languages_Semantics"},{"id":6,"link":"/dependencies/akra_bazzi/","name":"Akra_Bazzi"},{"id":7,"link":"/dependencies/algebraic_numbers/","name":"Algebraic_Numbers"},{"id":8,"link":"/dependencies/amortized_complexity/","name":"Amortized_Complexity"},{"id":9,"link":"/dependencies/applicative_lifting/","name":"Applicative_Lifting"},{"id":10,"link":"/dependencies/auto2_hol/","name":"Auto2_HOL"},{"id":11,"link":"/dependencies/automatic_refinement/","name":"Automatic_Refinement"},{"id":12,"link":"/dependencies/awn/","name":"AWN"},{"id":13,"link":"/dependencies/banach_steinhaus/","name":"Banach_Steinhaus"},{"id":14,"link":"/dependencies/bd_security_compositional/","name":"BD_Security_Compositional"},{"id":15,"link":"/dependencies/bell_numbers_spivey/","name":"Bell_Numbers_Spivey"},{"id":16,"link":"/dependencies/benor_kozen_reif/","name":"BenOr_Kozen_Reif"},{"id":17,"link":"/dependencies/berlekamp_zassenhaus/","name":"Berlekamp_Zassenhaus"},{"id":18,"link":"/dependencies/bernoulli/","name":"Bernoulli"},{"id":19,"link":"/dependencies/bertrands_postulate/","name":"Bertrands_Postulate"},{"id":20,"link":"/dependencies/binomial-heaps/","name":"Binomial-Heaps"},{"id":21,"link":"/dependencies/boolean_expression_checkers/","name":"Boolean_Expression_Checkers"},{"id":22,"link":"/dependencies/bounded_deducibility_security/","name":"Bounded_Deducibility_Security"},{"id":23,"link":"/dependencies/budan_fourier/","name":"Budan_Fourier"},{"id":24,"link":"/dependencies/cakeml/","name":"CakeML"},{"id":25,"link":"/dependencies/card_equiv_relations/","name":"Card_Equiv_Relations"},{"id":26,"link":"/dependencies/card_multisets/","name":"Card_Multisets"},{"id":27,"link":"/dependencies/card_number_partitions/","name":"Card_Number_Partitions"},{"id":28,"link":"/dependencies/card_partitions/","name":"Card_Partitions"},{"id":29,"link":"/dependencies/case_labeling/","name":"Case_Labeling"},{"id":30,"link":"/dependencies/category3/","name":"Category3"},{"id":31,"link":"/dependencies/cauchy/","name":"Cauchy"},{"id":32,"link":"/dependencies/cava_automata/","name":"CAVA_Automata"},{"id":33,"link":"/dependencies/cava_base/","name":"CAVA_Base"},{"id":34,"link":"/dependencies/cava_setup/","name":"CAVA_Setup"},{"id":35,"link":"/dependencies/cayley_hamilton/","name":"Cayley_Hamilton"},{"id":36,"link":"/dependencies/certification_monads/","name":"Certification_Monads"},{"id":37,"link":"/dependencies/coinductive/","name":"Coinductive"},{"id":38,"link":"/dependencies/coinductive_languages/","name":"Coinductive_Languages"},{"id":39,"link":"/dependencies/collections/","name":"Collections"},{"id":40,"link":"/dependencies/collections_examples/","name":"Collections_Examples"},{"id":41,"link":"/dependencies/combinatorics_words/","name":"Combinatorics_Words"},{"id":42,"link":"/dependencies/comparison_sort_lower_bound/","name":"Comparison_Sort_Lower_Bound"},{"id":43,"link":"/dependencies/complex_bounded_operators/","name":"Complex_Bounded_Operators"},{"id":44,"link":"/dependencies/complex_geometry/","name":"Complex_Geometry"},{"id":45,"link":"/dependencies/concurrentimp/","name":"ConcurrentIMP"},{"id":46,"link":"/dependencies/conditional_simplification/","name":"Conditional_Simplification"},{"id":47,"link":"/dependencies/conditional_transfer_rule/","name":"Conditional_Transfer_Rule"},{"id":48,"link":"/dependencies/constructive_cryptography/","name":"Constructive_Cryptography"},{"id":49,"link":"/dependencies/constructor_funs/","name":"Constructor_Funs"},{"id":50,"link":"/dependencies/containers/","name":"Containers"},{"id":51,"link":"/dependencies/core_dom/","name":"Core_DOM"},{"id":52,"link":"/dependencies/core_sc_dom/","name":"Core_SC_DOM"},{"id":53,"link":"/dependencies/count_complex_roots/","name":"Count_Complex_Roots"},{"id":54,"link":"/dependencies/crdt/","name":"CRDT"},{"id":55,"link":"/dependencies/crypthol/","name":"CryptHOL"},{"id":56,"link":"/dependencies/czh_elementary_categories/","name":"CZH_Elementary_Categories"},{"id":57,"link":"/dependencies/czh_foundations/","name":"CZH_Foundations"},{"id":58,"link":"/dependencies/datarefinementibp/","name":"DataRefinementIBP"},{"id":59,"link":"/dependencies/datatype_order_generator/","name":"Datatype_Order_Generator"},{"id":60,"link":"/dependencies/deep_learning/","name":"Deep_Learning"},{"id":61,"link":"/dependencies/delta_system_lemma/","name":"Delta_System_Lemma"},{"id":62,"link":"/dependencies/dependent_sifum_type_systems/","name":"Dependent_SIFUM_Type_Systems"},{"id":63,"link":"/dependencies/deriving/","name":"Deriving"},{"id":64,"link":"/dependencies/design_theory/","name":"Design_Theory"},{"id":65,"link":"/dependencies/dfs_framework/","name":"DFS_Framework"},{"id":66,"link":"/dependencies/dict_construction/","name":"Dict_Construction"},{"id":67,"link":"/dependencies/digit_expansions/","name":"Digit_Expansions"},{"id":68,"link":"/dependencies/dijkstra_shortest_path/","name":"Dijkstra_Shortest_Path"},{"id":69,"link":"/dependencies/dirichlet_l/","name":"Dirichlet_L"},{"id":70,"link":"/dependencies/dirichlet_series/","name":"Dirichlet_Series"},{"id":71,"link":"/dependencies/discrete_summation/","name":"Discrete_Summation"},{"id":72,"link":"/dependencies/dynamicarchitectures/","name":"DynamicArchitectures"},{"id":73,"link":"/dependencies/e_transcendental/","name":"E_Transcendental"},{"id":74,"link":"/dependencies/echelon_form/","name":"Echelon_Form"},{"id":75,"link":"/dependencies/edmondskarp_maxflow/","name":"EdmondsKarp_Maxflow"},{"id":76,"link":"/dependencies/efficient-mergesort/","name":"Efficient-Mergesort"},{"id":77,"link":"/dependencies/epistemic_logic/","name":"Epistemic_Logic"},{"id":78,"link":"/dependencies/equivalence_relation_enumeration/","name":"Equivalence_Relation_Enumeration"},{"id":79,"link":"/dependencies/ergodic_theory/","name":"Ergodic_Theory"},{"id":80,"link":"/dependencies/euler_maclaurin/","name":"Euler_MacLaurin"},{"id":81,"link":"/dependencies/extended_finite_state_machines/","name":"Extended_Finite_State_Machines"},{"id":82,"link":"/dependencies/factor_algebraic_polynomial/","name":"Factor_Algebraic_Polynomial"},{"id":83,"link":"/dependencies/farkas/","name":"Farkas"},{"id":84,"link":"/dependencies/finfun/","name":"FinFun"},{"id":85,"link":"/dependencies/finger-trees/","name":"Finger-Trees"},{"id":86,"link":"/dependencies/finite_fields/","name":"Finite_Fields"},{"id":87,"link":"/dependencies/finitely_generated_abelian_groups/","name":"Finitely_Generated_Abelian_Groups"},{"id":88,"link":"/dependencies/first_order_terms/","name":"First_Order_Terms"},{"id":89,"link":"/dependencies/first_welfare_theorem/","name":"First_Welfare_Theorem"},{"id":90,"link":"/dependencies/flow_networks/","name":"Flow_Networks"},{"id":91,"link":"/dependencies/flyspeck-tame/","name":"Flyspeck-Tame"},{"id":92,"link":"/dependencies/fol-fitting/","name":"FOL-Fitting"},{"id":93,"link":"/dependencies/fol_seq_calc1/","name":"FOL_Seq_Calc1"},{"id":94,"link":"/dependencies/formal_ssa/","name":"Formal_SSA"},{"id":95,"link":"/dependencies/formula_derivatives/","name":"Formula_Derivatives"},{"id":96,"link":"/dependencies/fresh_identifiers/","name":"Fresh_Identifiers"},{"id":97,"link":"/dependencies/gabow_scc/","name":"Gabow_SCC"},{"id":98,"link":"/dependencies/game_based_crypto/","name":"Game_Based_Crypto"},{"id":99,"link":"/dependencies/gauss-jordan-elim-fun/","name":"Gauss-Jordan-Elim-Fun"},{"id":100,"link":"/dependencies/gauss_jordan/","name":"Gauss_Jordan"},{"id":101,"link":"/dependencies/generic_join/","name":"Generic_Join"},{"id":102,"link":"/dependencies/girth_chromatic/","name":"Girth_Chromatic"},{"id":103,"link":"/dependencies/goedel_incompleteness/","name":"Goedel_Incompleteness"},{"id":104,"link":"/dependencies/graph_theory/","name":"Graph_Theory"},{"id":105,"link":"/dependencies/groebner_bases/","name":"Groebner_Bases"},{"id":106,"link":"/dependencies/group-ring-module/","name":"Group-Ring-Module"},{"id":107,"link":"/dependencies/heard_of/","name":"Heard_Of"},{"id":108,"link":"/dependencies/hereditarilyfinite/","name":"HereditarilyFinite"},{"id":109,"link":"/dependencies/hermite/","name":"Hermite"},{"id":110,"link":"/dependencies/hermite_lindemann/","name":"Hermite_Lindemann"},{"id":111,"link":"/dependencies/higher_order_terms/","name":"Higher_Order_Terms"},{"id":112,"link":"/dependencies/hol-csp/","name":"HOL-CSP"},{"id":113,"link":"/dependencies/hol-ode-numerics/","name":"HOL-ODE-Numerics"},{"id":114,"link":"/dependencies/holcf-prelude/","name":"HOLCF-Prelude"},{"id":115,"link":"/dependencies/hrb-slicing/","name":"HRB-Slicing"},{"id":116,"link":"/dependencies/huffman/","name":"Huffman"},{"id":117,"link":"/dependencies/hybrid_systems_vcs/","name":"Hybrid_Systems_VCs"},{"id":118,"link":"/dependencies/ieee_floating_point/","name":"IEEE_Floating_Point"},{"id":119,"link":"/dependencies/imp2/","name":"IMP2"},{"id":120,"link":"/dependencies/incompleteness/","name":"Incompleteness"},{"id":121,"link":"/dependencies/interpolation_polynomials_hol_algebra/","name":"Interpolation_Polynomials_HOL_Algebra"},{"id":122,"link":"/dependencies/intro_dest_elim/","name":"Intro_Dest_Elim"},{"id":123,"link":"/dependencies/ip_addresses/","name":"IP_Addresses"},{"id":124,"link":"/dependencies/iptables_semantics/","name":"Iptables_Semantics"},{"id":125,"link":"/dependencies/iptables_semantics_examples/","name":"Iptables_Semantics_Examples"},{"id":126,"link":"/dependencies/isabelle_marries_dirac/","name":"Isabelle_Marries_Dirac"},{"id":127,"link":"/dependencies/jacobson_basic_algebra/","name":"Jacobson_Basic_Algebra"},{"id":128,"link":"/dependencies/jinja/","name":"Jinja"},{"id":129,"link":"/dependencies/jinjadci/","name":"JinjaDCI"},{"id":130,"link":"/dependencies/jordan_normal_form/","name":"Jordan_Normal_Form"},{"id":131,"link":"/dependencies/kad/","name":"KAD"},{"id":132,"link":"/dependencies/kat_and_dra/","name":"KAT_and_DRA"},{"id":133,"link":"/dependencies/kbps/","name":"KBPs"},{"id":134,"link":"/dependencies/kleene_algebra/","name":"Kleene_Algebra"},{"id":135,"link":"/dependencies/knuth_bendix_order/","name":"Knuth_Bendix_Order"},{"id":136,"link":"/dependencies/lambda_free_rpos/","name":"Lambda_Free_RPOs"},{"id":137,"link":"/dependencies/landau_symbols/","name":"Landau_Symbols"},{"id":138,"link":"/dependencies/latticeproperties/","name":"LatticeProperties"},{"id":139,"link":"/dependencies/launchbury/","name":"Launchbury"},{"id":140,"link":"/dependencies/lazy-lists-ii/","name":"Lazy-Lists-II"},{"id":141,"link":"/dependencies/lazy_case/","name":"Lazy_Case"},{"id":142,"link":"/dependencies/lehmer/","name":"Lehmer"},{"id":143,"link":"/dependencies/lem/","name":"LEM"},{"id":144,"link":"/dependencies/linear_inequalities/","name":"Linear_Inequalities"},{"id":145,"link":"/dependencies/linear_recurrences/","name":"Linear_Recurrences"},{"id":146,"link":"/dependencies/list-index/","name":"List-Index"},{"id":147,"link":"/dependencies/list-infinite/","name":"List-Infinite"},{"id":148,"link":"/dependencies/list_interleaving/","name":"List_Interleaving"},{"id":149,"link":"/dependencies/lll_basis_reduction/","name":"LLL_Basis_Reduction"},{"id":150,"link":"/dependencies/localization_ring/","name":"Localization_Ring"},{"id":151,"link":"/dependencies/lorenz_approximation/","name":"Lorenz_Approximation"},{"id":152,"link":"/dependencies/lp/","name":"Lp"},{"id":153,"link":"/dependencies/ltl/","name":"LTL"},{"id":154,"link":"/dependencies/ltl_master_theorem/","name":"LTL_Master_Theorem"},{"id":155,"link":"/dependencies/ltl_to_gba/","name":"LTL_to_GBA"},{"id":156,"link":"/dependencies/lucas_theorem/","name":"Lucas_Theorem"},{"id":157,"link":"/dependencies/markov_models/","name":"Markov_Models"},{"id":158,"link":"/dependencies/marriage/","name":"Marriage"},{"id":159,"link":"/dependencies/matrix/","name":"Matrix"},{"id":160,"link":"/dependencies/matrix_tensor/","name":"Matrix_Tensor"},{"id":161,"link":"/dependencies/matroids/","name":"Matroids"},{"id":162,"link":"/dependencies/mdp-rewards/","name":"MDP-Rewards"},{"id":163,"link":"/dependencies/median_method/","name":"Median_Method"},{"id":164,"link":"/dependencies/median_of_medians_selection/","name":"Median_Of_Medians_Selection"},{"id":165,"link":"/dependencies/mfmc_countable/","name":"MFMC_Countable"},{"id":166,"link":"/dependencies/mfotl_monitor/","name":"MFOTL_Monitor"},{"id":167,"link":"/dependencies/monad_memo_dp/","name":"Monad_Memo_DP"},{"id":168,"link":"/dependencies/monad_normalisation/","name":"Monad_Normalisation"},{"id":169,"link":"/dependencies/monobooltranalgebra/","name":"MonoBoolTranAlgebra"},{"id":170,"link":"/dependencies/monoidalcategory/","name":"MonoidalCategory"},{"id":171,"link":"/dependencies/monomorphic_monad/","name":"Monomorphic_Monad"},{"id":172,"link":"/dependencies/nash_williams/","name":"Nash_Williams"},{"id":173,"link":"/dependencies/nat-interval-logic/","name":"Nat-Interval-Logic"},{"id":174,"link":"/dependencies/native_word/","name":"Native_Word"},{"id":175,"link":"/dependencies/nested_multisets_ordinals/","name":"Nested_Multisets_Ordinals"},{"id":176,"link":"/dependencies/nominal2/","name":"Nominal2"},{"id":177,"link":"/dependencies/noninterference_csp/","name":"Noninterference_CSP"},{"id":178,"link":"/dependencies/noninterference_ipurge_unwinding/","name":"Noninterference_Ipurge_Unwinding"},{"id":179,"link":"/dependencies/noninterference_sequential_composition/","name":"Noninterference_Sequential_Composition"},{"id":180,"link":"/dependencies/number_theoretic_transform/","name":"Number_Theoretic_Transform"},{"id":181,"link":"/dependencies/open_induction/","name":"Open_Induction"},{"id":182,"link":"/dependencies/optics/","name":"Optics"},{"id":183,"link":"/dependencies/order_lattice_props/","name":"Order_Lattice_Props"},{"id":184,"link":"/dependencies/ordered_resolution_prover/","name":"Ordered_Resolution_Prover"},{"id":185,"link":"/dependencies/ordinal/","name":"Ordinal"},{"id":186,"link":"/dependencies/ordinary_differential_equations/","name":"Ordinary_Differential_Equations"},{"id":187,"link":"/dependencies/package_logic/","name":"Package_logic"},{"id":188,"link":"/dependencies/padic_ints/","name":"Padic_Ints"},{"id":189,"link":"/dependencies/pairing_heap/","name":"Pairing_Heap"},{"id":190,"link":"/dependencies/parity_game/","name":"Parity_Game"},{"id":191,"link":"/dependencies/partial_function_mr/","name":"Partial_Function_MR"},{"id":192,"link":"/dependencies/partial_order_reduction/","name":"Partial_Order_Reduction"},{"id":193,"link":"/dependencies/pell/","name":"Pell"},{"id":194,"link":"/dependencies/perron_frobenius/","name":"Perron_Frobenius"},{"id":195,"link":"/dependencies/pi_transcendental/","name":"Pi_Transcendental"},{"id":196,"link":"/dependencies/pluennecke_ruzsa_inequality/","name":"Pluennecke_Ruzsa_Inequality"},{"id":197,"link":"/dependencies/polynomial_factorization/","name":"Polynomial_Factorization"},{"id":198,"link":"/dependencies/polynomial_interpolation/","name":"Polynomial_Interpolation"},{"id":199,"link":"/dependencies/polynomials/","name":"Polynomials"},{"id":200,"link":"/dependencies/power_sum_polynomials/","name":"Power_Sum_Polynomials"},{"id":201,"link":"/dependencies/pratt_certificate/","name":"Pratt_Certificate"},{"id":202,"link":"/dependencies/prefix_free_code_combinators/","name":"Prefix_Free_Code_Combinators"},{"id":203,"link":"/dependencies/prime_distribution_elementary/","name":"Prime_Distribution_Elementary"},{"id":204,"link":"/dependencies/prime_number_theorem/","name":"Prime_Number_Theorem"},{"id":205,"link":"/dependencies/priority_search_trees/","name":"Priority_Search_Trees"},{"id":206,"link":"/dependencies/probabilistic_prime_tests/","name":"Probabilistic_Prime_Tests"},{"id":207,"link":"/dependencies/probabilistic_while/","name":"Probabilistic_While"},{"id":208,"link":"/dependencies/program-conflict-analysis/","name":"Program-Conflict-Analysis"},{"id":209,"link":"/dependencies/projective_measurements/","name":"Projective_Measurements"},{"id":210,"link":"/dependencies/promela/","name":"Promela"},{"id":211,"link":"/dependencies/propositional_proof_systems/","name":"Propositional_Proof_Systems"},{"id":212,"link":"/dependencies/qhlprover/","name":"QHLProver"},{"id":213,"link":"/dependencies/quantales/","name":"Quantales"},{"id":214,"link":"/dependencies/quick_sort_cost/","name":"Quick_Sort_Cost"},{"id":215,"link":"/dependencies/random_bsts/","name":"Random_BSTs"},{"id":216,"link":"/dependencies/random_graph_subgraph_threshold/","name":"Random_Graph_Subgraph_Threshold"},{"id":217,"link":"/dependencies/randomised_social_choice/","name":"Randomised_Social_Choice"},{"id":218,"link":"/dependencies/rank_nullity_theorem/","name":"Rank_Nullity_Theorem"},{"id":219,"link":"/dependencies/real_impl/","name":"Real_Impl"},{"id":220,"link":"/dependencies/recursion-theory-i/","name":"Recursion-Theory-I"},{"id":221,"link":"/dependencies/refine_imperative_hol/","name":"Refine_Imperative_HOL"},{"id":222,"link":"/dependencies/refine_monadic/","name":"Refine_Monadic"},{"id":223,"link":"/dependencies/regular-sets/","name":"Regular-Sets"},{"id":224,"link":"/dependencies/regular_tree_relations/","name":"Regular_Tree_Relations"},{"id":225,"link":"/dependencies/relation_algebra/","name":"Relation_Algebra"},{"id":226,"link":"/dependencies/relational_disjoint_set_forests/","name":"Relational_Disjoint_Set_Forests"},{"id":227,"link":"/dependencies/robdd/","name":"ROBDD"},{"id":228,"link":"/dependencies/root_balanced_tree/","name":"Root_Balanced_Tree"},{"id":229,"link":"/dependencies/routing/","name":"Routing"},{"id":230,"link":"/dependencies/saturation_framework/","name":"Saturation_Framework"},{"id":231,"link":"/dependencies/secondary_sylow/","name":"Secondary_Sylow"},{"id":232,"link":"/dependencies/separation_algebra/","name":"Separation_Algebra"},{"id":233,"link":"/dependencies/separation_logic_imperative_hol/","name":"Separation_Logic_Imperative_HOL"},{"id":234,"link":"/dependencies/sepref_basic/","name":"Sepref_Basic"},{"id":235,"link":"/dependencies/sepref_iicf/","name":"Sepref_IICF"},{"id":236,"link":"/dependencies/sepref_prereq/","name":"Sepref_Prereq"},{"id":237,"link":"/dependencies/shadow_dom/","name":"Shadow_DOM"},{"id":238,"link":"/dependencies/shadow_sc_dom/","name":"Shadow_SC_DOM"},{"id":239,"link":"/dependencies/show/","name":"Show"},{"id":240,"link":"/dependencies/sigma_commit_crypto/","name":"Sigma_Commit_Crypto"},{"id":241,"link":"/dependencies/simpl/","name":"Simpl"},{"id":242,"link":"/dependencies/simple_firewall/","name":"Simple_Firewall"},{"id":243,"link":"/dependencies/simplex/","name":"Simplex"},{"id":244,"link":"/dependencies/skew_heap/","name":"Skew_Heap"},{"id":245,"link":"/dependencies/slicing/","name":"Slicing"},{"id":246,"link":"/dependencies/sm/","name":"SM"},{"id":247,"link":"/dependencies/sm_base/","name":"SM_Base"},{"id":248,"link":"/dependencies/smith_normal_form/","name":"Smith_Normal_Form"},{"id":249,"link":"/dependencies/speccheck/","name":"SpecCheck"},{"id":250,"link":"/dependencies/splay_tree/","name":"Splay_Tree"},{"id":251,"link":"/dependencies/sqrt_babylonian/","name":"Sqrt_Babylonian"},{"id":252,"link":"/dependencies/stateful_protocol_composition_and_typing/","name":"Stateful_Protocol_Composition_and_Typing"},{"id":253,"link":"/dependencies/stirling_formula/","name":"Stirling_Formula"},{"id":254,"link":"/dependencies/stone_algebras/","name":"Stone_Algebras"},{"id":255,"link":"/dependencies/stone_kleene_relation_algebras/","name":"Stone_Kleene_Relation_Algebras"},{"id":256,"link":"/dependencies/stone_relation_algebras/","name":"Stone_Relation_Algebras"},{"id":257,"link":"/dependencies/strong_security/","name":"Strong_Security"},{"id":258,"link":"/dependencies/sturm_sequences/","name":"Sturm_Sequences"},{"id":259,"link":"/dependencies/sturm_tarski/","name":"Sturm_Tarski"},{"id":260,"link":"/dependencies/stuttering_equivalence/","name":"Stuttering_Equivalence"},{"id":261,"link":"/dependencies/subresultants/","name":"Subresultants"},{"id":262,"link":"/dependencies/subset_boolean_algebras/","name":"Subset_Boolean_Algebras"},{"id":263,"link":"/dependencies/sunflowers/","name":"Sunflowers"},{"id":264,"link":"/dependencies/symmetric_polynomials/","name":"Symmetric_Polynomials"},{"id":265,"link":"/dependencies/syntax_independent_logic/","name":"Syntax_Independent_Logic"},{"id":266,"link":"/dependencies/szemeredi_regularity/","name":"Szemeredi_Regularity"},{"id":267,"link":"/dependencies/szpilrajn/","name":"Szpilrajn"},{"id":268,"link":"/dependencies/timed_automata/","name":"Timed_Automata"},{"id":269,"link":"/dependencies/transformer_semantics/","name":"Transformer_Semantics"},{"id":270,"link":"/dependencies/transition_systems_and_automata/","name":"Transition_Systems_and_Automata"},{"id":271,"link":"/dependencies/transitive-closure/","name":"Transitive-Closure"},{"id":272,"link":"/dependencies/transitive_models/","name":"Transitive_Models"},{"id":273,"link":"/dependencies/triangle/","name":"Triangle"},{"id":274,"link":"/dependencies/trie/","name":"Trie"},{"id":275,"link":"/dependencies/universal_hash_families/","name":"Universal_Hash_Families"},{"id":276,"link":"/dependencies/upf/","name":"UPF"},{"id":277,"link":"/dependencies/utp-toolkit/","name":"UTP-Toolkit"},{"id":278,"link":"/dependencies/vectorspace/","name":"VectorSpace"},{"id":279,"link":"/dependencies/vericomp/","name":"VeriComp"},{"id":280,"link":"/dependencies/weighted_path_order/","name":"Weighted_Path_Order"},{"id":281,"link":"/dependencies/well_quasi_orders/","name":"Well_Quasi_Orders"},{"id":282,"link":"/dependencies/winding_number_eval/","name":"Winding_Number_Eval"},{"id":283,"link":"/dependencies/word_lib/","name":"Word_Lib"},{"id":284,"link":"/dependencies/zeta_function/","name":"Zeta_Function"},{"id":285,"link":"/dependencies/zfc_in_hol/","name":"ZFC_in_HOL"}]
\ No newline at end of file
diff --git a/web/dependencies/localization_ring/index.html b/web/dependencies/localization_ring/index.html
new file mode 100644
--- /dev/null
+++ b/web/dependencies/localization_ring/index.html
@@ -0,0 +1,92 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>Localization_Ring - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../dependencies/localization_ring/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="Localization_Ring" />
+<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
+<meta property="og:type" content="website" />
+<meta property="og:url" content="/dependencies/localization_ring/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
+
+<meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Localization_Ring"/>
+<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
+
+
+ <link rel="stylesheet" type="text/css" href="../../css/front.min.css">
+
+ <link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
+ <script src="../../js/flexsearch.bundle.js"></script>
+ <script src="../../js/scroll-spy.js"></script>
+ <script src="../../js/theory.js"></script>
+ <script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
+</head>
+
+
+<body class='mathjax_ignore '>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+
+ <a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
+ <nav id="menu">
+ <div>
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+ <ul>
+ <a href="../../"><li >Home</li></a>
+ <a href="../../topics/"><li >Topics</li></a>
+ <a href="../../download/"><li >Download</li></a>
+ <a href="../../help/"><li >Help</li></a>
+ <a href="../../submission/"><li >Submission</li></a>
+ <a href="../../statistics/"><li >Statistics</li></a>
+ <a href="../../about/"><li >About</li></a>
+ </ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+
+ <div
+ class='content '><header>
+ <form autocomplete="off" action="../../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1 >
+ <span class='first'>L</span>ocalization_<span class='first'>R</span>ing Dependents</h1>
+ <div>
+
+
+ </div>
+</header><div><h2 class="head">2022</h2><article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../entries/Padic_Field.html">p-adic Fields and p-adic Semialgebraic Sets</a></h5> <br>by <a href="../../authors/crighton">Aaron Crighton</a></div>
+ <span class="date">
+ Sep 22
+ </span>
+</article>
+
+
+
+
+ </div>
+ </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/web/dependencies/localization_ring/index.xml b/web/dependencies/localization_ring/index.xml
new file mode 100644
--- /dev/null
+++ b/web/dependencies/localization_ring/index.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?>
+<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
+ <channel>
+ <title>Localization_Ring on Archive of Formal Proofs</title>
+ <link>/dependencies/localization_ring/</link>
+ <description>Recent content in Localization_Ring on Archive of Formal Proofs</description>
+ <generator>Hugo -- gohugo.io</generator>
+ <language>en-gb</language>
+ <lastBuildDate>Thu, 22 Sep 2022 00:00:00 +0000</lastBuildDate><atom:link href="/dependencies/localization_ring/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>p-adic Fields and p-adic Semialgebraic Sets</title>
+ <link>/entries/Padic_Field.html</link>
+ <pubDate>Thu, 22 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Padic_Field.html</guid>
+ <description></description>
+ </item>
+
+ </channel>
+</rss>
diff --git a/web/dependencies/padic_ints/index.html b/web/dependencies/padic_ints/index.html
new file mode 100644
--- /dev/null
+++ b/web/dependencies/padic_ints/index.html
@@ -0,0 +1,92 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>Padic_Ints - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../dependencies/padic_ints/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="Padic_Ints" />
+<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
+<meta property="og:type" content="website" />
+<meta property="og:url" content="/dependencies/padic_ints/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
+
+<meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Padic_Ints"/>
+<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
+
+
+ <link rel="stylesheet" type="text/css" href="../../css/front.min.css">
+
+ <link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
+ <script src="../../js/flexsearch.bundle.js"></script>
+ <script src="../../js/scroll-spy.js"></script>
+ <script src="../../js/theory.js"></script>
+ <script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
+</head>
+
+
+<body class='mathjax_ignore '>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+
+ <a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
+ <nav id="menu">
+ <div>
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+ <ul>
+ <a href="../../"><li >Home</li></a>
+ <a href="../../topics/"><li >Topics</li></a>
+ <a href="../../download/"><li >Download</li></a>
+ <a href="../../help/"><li >Help</li></a>
+ <a href="../../submission/"><li >Submission</li></a>
+ <a href="../../statistics/"><li >Statistics</li></a>
+ <a href="../../about/"><li >About</li></a>
+ </ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+
+ <div
+ class='content '><header>
+ <form autocomplete="off" action="../../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1 >
+ <span class='first'>P</span>adic_<span class='first'>I</span>nts Dependents</h1>
+ <div>
+
+
+ </div>
+</header><div><h2 class="head">2022</h2><article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../entries/Padic_Field.html">p-adic Fields and p-adic Semialgebraic Sets</a></h5> <br>by <a href="../../authors/crighton">Aaron Crighton</a></div>
+ <span class="date">
+ Sep 22
+ </span>
+</article>
+
+
+
+
+ </div>
+ </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/web/dependencies/padic_ints/index.xml b/web/dependencies/padic_ints/index.xml
new file mode 100644
--- /dev/null
+++ b/web/dependencies/padic_ints/index.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?>
+<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
+ <channel>
+ <title>Padic_Ints on Archive of Formal Proofs</title>
+ <link>/dependencies/padic_ints/</link>
+ <description>Recent content in Padic_Ints on Archive of Formal Proofs</description>
+ <generator>Hugo -- gohugo.io</generator>
+ <language>en-gb</language>
+ <lastBuildDate>Thu, 22 Sep 2022 00:00:00 +0000</lastBuildDate><atom:link href="/dependencies/padic_ints/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>p-adic Fields and p-adic Semialgebraic Sets</title>
+ <link>/entries/Padic_Field.html</link>
+ <pubDate>Thu, 22 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Padic_Field.html</guid>
+ <description></description>
+ </item>
+
+ </channel>
+</rss>
diff --git a/web/entries/Abstract-Hoare-Logics.html b/web/entries/Abstract-Hoare-Logics.html
--- a/web/entries/Abstract-Hoare-Logics.html
+++ b/web/entries/Abstract-Hoare-Logics.html
@@ -1,218 +1,218 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Abstract Hoare Logics - Archive of Formal Proofs</title><meta name="description" content="These therories describe Hoare logics for a number of imperative language constructs, from while-loops to mutually recursive procedures. Both partial and..."><meta property="og:title" content="Abstract Hoare Logics" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Abstract-Hoare-Logics.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2006-08-08T00:00:00+00:00" />
<meta property="article:modified_time" content="2006-08-08T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Abstract Hoare Logics"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>A</span>bstract <span class='first'>H</span>oare <span class='first'>L</span>ogics</h1>
<div>
<p><a href="../authors/nipkow">Tobias Nipkow</a> <a href="https://www.in.tum.de/~nipkow/">🌐</a>
</p>
<p class="date">August 8, 2006</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">These therories describe Hoare logics for a number of imperative language constructs, from while-loops to mutually recursive procedures. Both partial and total correctness are treated. In particular a proof system for total correctness of recursive procedures in the presence of unbounded nondeterminism is presented.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/computer-science/programming-languages/logics">Computer science/Programming languages/Logics</a></li></ul><h3>Related Publications</h3>
<ul><li>
- Nipkow, T. (2002). Hoare Logics in Isabelle/HOL. In: Schwichtenberg, H., Steinbrüggen, R. (eds) Proof and System-Reliability. NATO Science Series, vol 62. Springer, Dordrecht. <a href="https://doi.org/10.1007/978-94-010-0413-8_11">https://doi.org/10.1007/978-94-010-0413-8_11</a>
+ Nipkow, T. (2002). Hoare Logics in Isabelle/HOL. Proof and System-Reliability, 341–367. <a href="https://doi.org/10.1007/978-94-010-0413-8_11">https://doi.org/10.1007/978-94-010-0413-8_11</a>
</li><li>
- Nipkow, T. (2002). Hoare Logics for Recursive Procedures and Unbounded Nondeterminism. In: Bradfield, J. (eds) Computer Science Logic. CSL 2002. Lecture Notes in Computer Science, vol 2471. Springer, Berlin, Heidelberg. <a href="https://doi.org/10.1007/3-540-45793-3_8">https://doi.org/10.1007/3-540-45793-3_8</a>
+ Nipkow, T. (2002). Hoare Logics for Recursive Procedures and Unbounded Nondeterminism. Lecture Notes in Computer Science, 103–119. <a href="https://doi.org/10.1007/3-540-45793-3_8">https://doi.org/10.1007/3-540-45793-3_8</a>
</li><li>
<a href="https://www.in.tum.de/~nipkow/pubs/MOD2001.html">Open access</a>
</li><li>
<a href="https://www.in.tum.de/~nipkow/pubs/csl02.html">Open access</a>
</li></ul>
<h3>Theories of Abstract-Hoare-Logics</h3>
<ul>
<li><a href="../theories/abstract-hoare-logics/#Lang">Lang</a></li>
<li><a href="../theories/abstract-hoare-logics/#Hoare">Hoare</a></li>
<li><a href="../theories/abstract-hoare-logics/#Termi">Termi</a></li>
<li><a href="../theories/abstract-hoare-logics/#HoareTotal">HoareTotal</a></li>
<li><a href="../theories/abstract-hoare-logics/#PLang">PLang</a></li>
<li><a href="../theories/abstract-hoare-logics/#PHoare">PHoare</a></li>
<li><a href="../theories/abstract-hoare-logics/#PTermi">PTermi</a></li>
<li><a href="../theories/abstract-hoare-logics/#PHoareTotal">PHoareTotal</a></li>
<li><a href="../theories/abstract-hoare-logics/#PsLang">PsLang</a></li>
<li><a href="../theories/abstract-hoare-logics/#PsHoare">PsHoare</a></li>
<li><a href="../theories/abstract-hoare-logics/#PsTermi">PsTermi</a></li>
<li><a href="../theories/abstract-hoare-logics/#PsHoareTotal">PsHoareTotal</a></li></ul><div class="flex-wrap">
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Abstract-Hoare-Logics/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Abstract-Hoare-Logics/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Abstract-Hoare-Logics/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Abstract-Hoare-Logics-AFP</p><pre id="copy-text">@article{Abstract-Hoare-Logics-AFP,
author = {Tobias Nipkow},
title = {Abstract Hoare Logics},
journal = {Archive of Formal Proofs},
month = {August},
year = {2006},
note = {\url{https://isa-afp.org/entries/Abstract-Hoare-Logics.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Abstract-Hoare-Logics-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2020-04-18.tar.gz">Apr 18, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2019-06-11.tar.gz">Jun 11, 2019</a>: Isabelle2019
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2018-08-16.tar.gz">Aug 16, 2018</a>: Isabelle2018
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2017-10-10.tar.gz">Oct 10, 2017</a>: Isabelle2017
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2016-12-17.tar.gz">Dec 17, 2016</a>: Isabelle2016-1
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2016-02-22.tar.gz">Feb 22, 2016</a>: Isabelle2016
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2015-05-27.tar.gz">May 27, 2015</a>: Isabelle2015
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2014-08-28.tar.gz">Aug 28, 2014</a>: Isabelle2014
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2013-12-11.tar.gz">Dec 11, 2013</a>: Isabelle2013-2
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2013-11-17.tar.gz">Nov 17, 2013</a>: Isabelle2013-1
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2013-02-16.tar.gz">Feb 16, 2013</a>: Isabelle2013
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2012-05-24.tar.gz">May 24, 2012</a>: Isabelle2012
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2011-10-11.tar.gz">Oct 11, 2011</a>: Isabelle2011-1
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2011-02-11.tar.gz">Feb 11, 2011</a>: Isabelle2011
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2010-06-30.tar.gz">Jun 30, 2010</a>: Isabelle2009-2
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2009-12-12.tar.gz">Dec 12, 2009</a>: Isabelle2009-1
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2009-04-29.tar.gz">Apr 29, 2009</a>: Isabelle2009
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2008-06-10.tar.gz">Jun 10, 2008</a>: Isabelle2008
</li><li>
<a href="https://www.isa-afp.org/release/afp-Abstract-Hoare-Logics-2007-11-27.tar.gz">Nov 27, 2007</a>: Isabelle2007
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Auto2_Imperative_HOL.html b/web/entries/Auto2_Imperative_HOL.html
--- a/web/entries/Auto2_Imperative_HOL.html
+++ b/web/entries/Auto2_Imperative_HOL.html
@@ -1,224 +1,224 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Verifying Imperative Programs using Auto2 - Archive of Formal Proofs</title><meta name="description" content="This entry contains the application of auto2 to verifying functional
and imperative programs. Algorithms and data structures that are
verified include..."><meta property="og:title" content="Verifying Imperative Programs using Auto2" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Auto2_Imperative_HOL.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2018-12-21T00:00:00+00:00" />
<meta property="article:modified_time" content="2018-12-21T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Verifying Imperative Programs using Auto2"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>V</span>erifying <span class='first'>I</span>mperative <span class='first'>P</span>rograms <span class='first'>U</span>sing <span class='first'>A</span>uto2</h1>
<div>
<p><a href="../authors/zhan">Bohua Zhan</a> <a href="http://lcs.ios.ac.cn/~bzhan/">🌐</a>
</p>
<p class="date">December 21, 2018</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">This entry contains the application of auto2 to verifying functional
and imperative programs. Algorithms and data structures that are
verified include linked lists, binary search trees, red-black trees,
interval trees, priority queue, quicksort, union-find, Dijkstra's
algorithm, and a sweep-line algorithm for detecting rectangle
intersection. The imperative verification is based on Imperative HOL
and its separation logic framework. A major goal of this work is to
set up automation in order to reduce the length of proof that the user
needs to provide, both for verifying functional programs and for
working with separation logic.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/computer-science/algorithms">Computer science/Algorithms</a></li><li><a href="../topics/computer-science/data-structures">Computer science/Data structures</a></li></ul>
<h3>Theories of Auto2_Imperative_HOL</h3>
<ul>
<li><a href="../theories/auto2_imperative_hol/#Mapping_Str">Mapping_Str</a></li>
<li><a href="../theories/auto2_imperative_hol/#Lists_Ex">Lists_Ex</a></li>
<li><a href="../theories/auto2_imperative_hol/#BST">BST</a></li>
<li><a href="../theories/auto2_imperative_hol/#Partial_Equiv_Rel">Partial_Equiv_Rel</a></li>
<li><a href="../theories/auto2_imperative_hol/#Union_Find">Union_Find</a></li>
<li><a href="../theories/auto2_imperative_hol/#Connectivity">Connectivity</a></li>
<li><a href="../theories/auto2_imperative_hol/#Arrays_Ex">Arrays_Ex</a></li>
<li><a href="../theories/auto2_imperative_hol/#Dijkstra">Dijkstra</a></li>
<li><a href="../theories/auto2_imperative_hol/#Interval">Interval</a></li>
<li><a href="../theories/auto2_imperative_hol/#Interval_Tree">Interval_Tree</a></li>
<li><a href="../theories/auto2_imperative_hol/#Quicksort">Quicksort</a></li>
<li><a href="../theories/auto2_imperative_hol/#Indexed_PQueue">Indexed_PQueue</a></li>
<li><a href="../theories/auto2_imperative_hol/#RBTree">RBTree</a></li>
<li><a href="../theories/auto2_imperative_hol/#Rect_Intersect">Rect_Intersect</a></li>
<li><a href="../theories/auto2_imperative_hol/#SepLogic_Base">SepLogic_Base</a></li>
<li><a href="../theories/auto2_imperative_hol/#SepAuto">SepAuto</a></li>
<li><a href="../theories/auto2_imperative_hol/#GCD_Impl">GCD_Impl</a></li>
<li><a href="../theories/auto2_imperative_hol/#LinkedList">LinkedList</a></li>
<li><a href="../theories/auto2_imperative_hol/#BST_Impl">BST_Impl</a></li>
<li><a href="../theories/auto2_imperative_hol/#RBTree_Impl">RBTree_Impl</a></li>
<li><a href="../theories/auto2_imperative_hol/#Arrays_Impl">Arrays_Impl</a></li>
<li><a href="../theories/auto2_imperative_hol/#Quicksort_Impl">Quicksort_Impl</a></li>
<li><a href="../theories/auto2_imperative_hol/#Union_Find_Impl">Union_Find_Impl</a></li>
<li><a href="../theories/auto2_imperative_hol/#Connectivity_Impl">Connectivity_Impl</a></li>
<li><a href="../theories/auto2_imperative_hol/#DynamicArray">DynamicArray</a></li>
<li><a href="../theories/auto2_imperative_hol/#Indexed_PQueue_Impl">Indexed_PQueue_Impl</a></li>
<li><a href="../theories/auto2_imperative_hol/#Dijkstra_Impl">Dijkstra_Impl</a></li>
<li><a href="../theories/auto2_imperative_hol/#IntervalTree_Impl">IntervalTree_Impl</a></li>
<li><a href="../theories/auto2_imperative_hol/#Rect_Intersect_Impl">Rect_Intersect_Impl</a></li>
<li><a href="../theories/auto2_imperative_hol/#Sep_Examples">Sep_Examples</a></li></ul><div class="flex-wrap">
<div>
<h3>Depends On</h3>
<ul class="horizontal-list"><li><a href="../entries/Auto2_HOL.html">Auto2 Prover</a></li></ul>
</div>
<div>
<h3>Related Entries</h3>
<ul class="horizontal-list">
+ <li><a href="../entries/Separation_Logic_Unbounded.html">Unbounded Separation Logic</a></li>
+
<li><a href="../entries/Skip_Lists.html">Skip Lists</a></li>
<li><a href="../entries/Hoare_Time.html">Hoare Logics for Time Bounds</a></li>
<li><a href="../entries/Treaps.html">Treaps</a></li>
<li><a href="../entries/Complx.html">COMPLX: A Verification Framework for Concurrent Imperative Programs</a></li>
- <li><a href="../entries/Separata.html">Separata: Isabelle tactics for Separation Algebra</a></li>
-
</ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Auto2_Imperative_HOL/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Auto2_Imperative_HOL/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Auto2_Imperative_HOL/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Auto2_Imperative_HOL-AFP</p><pre id="copy-text">@article{Auto2_Imperative_HOL-AFP,
author = {Bohua Zhan},
title = {Verifying Imperative Programs using Auto2},
journal = {Archive of Formal Proofs},
month = {December},
year = {2018},
note = {\url{https://isa-afp.org/entries/Auto2_Imperative_HOL.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Auto2_Imperative_HOL-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-Auto2_Imperative_HOL-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Auto2_Imperative_HOL-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Auto2_Imperative_HOL-2020-04-18.tar.gz">Apr 18, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-Auto2_Imperative_HOL-2019-06-11.tar.gz">Jun 11, 2019</a>: Isabelle2019
</li><li>
<a href="https://www.isa-afp.org/release/afp-Auto2_Imperative_HOL-2019-01-22.tar.gz">Jan 22, 2019</a>: Isabelle2018
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/CakeML.html b/web/entries/CakeML.html
--- a/web/entries/CakeML.html
+++ b/web/entries/CakeML.html
@@ -1,255 +1,255 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>CakeML - Archive of Formal Proofs</title><meta name="description" content="CakeML is a functional programming language with a proven-correct
compiler and runtime system. This entry contains an unofficial version
of the CakeML..."><meta property="og:title" content="CakeML" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/CakeML.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2018-03-12T00:00:00+00:00" />
<meta property="article:modified_time" content="2018-03-12T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="CakeML"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>C</span>ake<span class='first'>M</span><span class='first'>L</span></h1>
<div>
- <p><a href="../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a> and <a href="../authors/zhang">Yu Zhang</a>
+ <p><a href="../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a> and <a href="../authors/zhang">Yu Zhang</a>
with contributions from <a href="../authors/pohjola">Johannes Åman Pohjola</a>
</p>
<p class="date">March 12, 2018</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">CakeML is a functional programming language with a proven-correct
compiler and runtime system. This entry contains an unofficial version
of the CakeML semantics that has been exported from the Lem
specifications to Isabelle. Additionally, there are some hand-written
theory files that adapt the exported code to Isabelle and port proofs
from the HOL4 formalization, e.g. termination and equivalence proofs.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/computer-science/programming-languages/language-definitions">Computer science/Programming languages/Language definitions</a></li></ul>
<h3>Theories of LEM</h3>
<ul>
<li><a href="../theories/lem/#Lem_bool">Lem_bool</a></li>
<li><a href="../theories/lem/#Lem_basic_classes">Lem_basic_classes</a></li>
<li><a href="../theories/lem/#Lem_tuple">Lem_tuple</a></li>
<li><a href="../theories/lem/#Lem_function">Lem_function</a></li>
<li><a href="../theories/lem/#Lem_maybe">Lem_maybe</a></li>
<li><a href="../theories/lem/#Lem_num">Lem_num</a></li>
<li><a href="../theories/lem/#LemExtraDefs">LemExtraDefs</a></li>
<li><a href="../theories/lem/#Lem">Lem</a></li>
<li><a href="../theories/lem/#Lem_list">Lem_list</a></li>
<li><a href="../theories/lem/#Lem_either">Lem_either</a></li>
<li><a href="../theories/lem/#Lem_set_helpers">Lem_set_helpers</a></li>
<li><a href="../theories/lem/#Lem_set">Lem_set</a></li>
<li><a href="../theories/lem/#Lem_map">Lem_map</a></li>
<li><a href="../theories/lem/#Lem_string">Lem_string</a></li>
<li><a href="../theories/lem/#Lem_word">Lem_word</a></li>
<li><a href="../theories/lem/#Lem_show">Lem_show</a></li>
<li><a href="../theories/lem/#Lem_sorting">Lem_sorting</a></li>
<li><a href="../theories/lem/#Lem_relation">Lem_relation</a></li>
<li><a href="../theories/lem/#Lem_pervasives">Lem_pervasives</a></li>
<li><a href="../theories/lem/#Lem_function_extra">Lem_function_extra</a></li>
<li><a href="../theories/lem/#Lem_assert_extra">Lem_assert_extra</a></li>
<li><a href="../theories/lem/#Lem_maybe_extra">Lem_maybe_extra</a></li>
<li><a href="../theories/lem/#Lem_map_extra">Lem_map_extra</a></li>
<li><a href="../theories/lem/#Lem_num_extra">Lem_num_extra</a></li>
<li><a href="../theories/lem/#Lem_set_extra">Lem_set_extra</a></li>
<li><a href="../theories/lem/#Lem_list_extra">Lem_list_extra</a></li>
<li><a href="../theories/lem/#Lem_string_extra">Lem_string_extra</a></li>
<li><a href="../theories/lem/#Lem_show_extra">Lem_show_extra</a></li>
<li><a href="../theories/lem/#Lem_machine_word">Lem_machine_word</a></li>
<li><a href="../theories/lem/#Lem_pervasives_extra">Lem_pervasives_extra</a></li></ul>
<h3>Theories of CakeML</h3>
<ul>
<li><a href="../theories/cakeml/#Doc_Generated">Doc_Generated</a></li>
<li><a href="../theories/cakeml/#Lib">Lib</a></li>
<li><a href="../theories/cakeml/#Namespace">Namespace</a></li>
<li><a href="../theories/cakeml/#FpSem">FpSem</a></li>
<li><a href="../theories/cakeml/#Ast">Ast</a></li>
<li><a href="../theories/cakeml/#AstAuxiliary">AstAuxiliary</a></li>
<li><a href="../theories/cakeml/#Ffi">Ffi</a></li>
<li><a href="../theories/cakeml/#SemanticPrimitives">SemanticPrimitives</a></li>
<li><a href="../theories/cakeml/#SmallStep">SmallStep</a></li>
<li><a href="../theories/cakeml/#BigStep">BigStep</a></li>
<li><a href="../theories/cakeml/#BigSmallInvariants">BigSmallInvariants</a></li>
<li><a href="../theories/cakeml/#Evaluate">Evaluate</a></li>
<li><a href="../theories/cakeml/#LibAuxiliary">LibAuxiliary</a></li>
<li><a href="../theories/cakeml/#NamespaceAuxiliary">NamespaceAuxiliary</a></li>
<li><a href="../theories/cakeml/#PrimTypes">PrimTypes</a></li>
<li><a href="../theories/cakeml/#SemanticPrimitivesAuxiliary">SemanticPrimitivesAuxiliary</a></li>
<li><a href="../theories/cakeml/#SimpleIO">SimpleIO</a></li>
<li><a href="../theories/cakeml/#Tokens">Tokens</a></li>
<li><a href="../theories/cakeml/#TypeSystem">TypeSystem</a></li>
<li><a href="../theories/cakeml/#TypeSystemAuxiliary">TypeSystemAuxiliary</a></li>
<li><a href="../theories/cakeml/#Doc_Proofs">Doc_Proofs</a></li>
<li><a href="../theories/cakeml/#Semantic_Extras">Semantic_Extras</a></li>
<li><a href="../theories/cakeml/#Evaluate_Termination">Evaluate_Termination</a></li>
<li><a href="../theories/cakeml/#Evaluate_Clock">Evaluate_Clock</a></li>
<li><a href="../theories/cakeml/#Evaluate_Single">Evaluate_Single</a></li>
<li><a href="../theories/cakeml/#Big_Step_Determ">Big_Step_Determ</a></li>
<li><a href="../theories/cakeml/#Big_Step_Total">Big_Step_Total</a></li>
<li><a href="../theories/cakeml/#Big_Step_Fun_Equiv">Big_Step_Fun_Equiv</a></li>
<li><a href="../theories/cakeml/#Big_Step_Unclocked">Big_Step_Unclocked</a></li>
<li><a href="../theories/cakeml/#Big_Step_Clocked">Big_Step_Clocked</a></li>
<li><a href="../theories/cakeml/#Big_Step_Unclocked_Single">Big_Step_Unclocked_Single</a></li>
<li><a href="../theories/cakeml/#Matching">Matching</a></li>
<li><a href="../theories/cakeml/#CakeML_Code">CakeML_Code</a></li>
<li><a href="../theories/cakeml/#CakeML_Quickcheck">CakeML_Quickcheck</a></li>
<li><a href="../theories/cakeml/#CakeML_Compiler">CakeML_Compiler</a></li>
<li><a href="../theories/cakeml/#Compiler_Test">Compiler_Test</a></li>
<li><a href="../theories/cakeml/#Code_Test_Haskell">Code_Test_Haskell</a></li></ul><div class="flex-wrap">
<div>
<h3>Depends On</h3>
<ul class="horizontal-list"><li><a href="../entries/Word_Lib.html">Finite Machine Word Library</a></li><li><a href="../entries/Coinductive.html">Coinductive</a></li><li><a href="../entries/IEEE_Floating_Point.html">A Formal Model of IEEE Floating Point Arithmetic</a></li><li><a href="../entries/Show.html">Haskell&rsquo;s Show Class in Isabelle/HOL</a></li></ul>
</div><div>
<h3>Used by</h3>
<ul class="horizontal-list"><li><a href="../entries/CakeML_Codegen.html">A Verified Code Generator from Isabelle/HOL to CakeML</a></li></ul>
</div>
<div>
<h3>Related Entries</h3>
<ul class="horizontal-list">
<li><a href="../entries/LambdaAuth.html">Formalization of Generic Authenticated Data Structures</a></li>
</ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/CakeML/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/CakeML/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/CakeML/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">CakeML-AFP</p><pre id="copy-text">@article{CakeML-AFP,
author = {Lars Hupel and Yu Zhang},
title = {CakeML},
journal = {Archive of Formal Proofs},
month = {March},
year = {2018},
note = {\url{https://isa-afp.org/entries/CakeML.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-CakeML-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-CakeML-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-CakeML-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-CakeML-2020-04-18.tar.gz">Apr 18, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-CakeML-2019-06-11.tar.gz">Jun 11, 2019</a>: Isabelle2019
</li><li>
<a href="https://www.isa-afp.org/release/afp-CakeML-2018-08-16.tar.gz">Aug 16, 2018</a>: Isabelle2018
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Combinable_Wands.html b/web/entries/Combinable_Wands.html
--- a/web/entries/Combinable_Wands.html
+++ b/web/entries/Combinable_Wands.html
@@ -1,182 +1,191 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand - Archive of Formal Proofs</title><meta name="description" content="Many separation logics support fractional permissions to distinguish between read and write access to a heap location, for instance, to allow concurrent..."><meta property="og:title" content="A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Combinable_Wands.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2022-05-30T00:00:00+00:00" />
<meta property="article:modified_time" content="2022-05-30T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>A</span> <span class='first'>R</span>estricted <span class='first'>D</span>efinition of the <span class='first'>M</span>agic <span class='first'>W</span>and to <span class='first'>S</span>oundly <span class='first'>C</span>ombine <span class='first'>F</span>ractions of a <span class='first'>W</span>and</h1>
<div>
<p><a href="../authors/dardinier">Thibault Dardinier</a> <a href="https://dardinier.me/">🌐</a>
</p>
<p class="date">May 30, 2022</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">Many separation logics support <em>fractional
permissions</em> to distinguish between read and write access to
a heap location, for instance, to allow concurrent reads while
enforcing exclusive writes. The concept has been generalized to
fractional assertions. $A^p$ (where $A$ is a separation logic
assertion and $p$ a fraction between $0$ and $1$) represents a
fraction $p$ of $A$. $A^p$ holds in a state $\sigma$ iff there exists
a state $\sigma_A$ in which $A$ holds and $\sigma$ is obtained from
$\sigma_A$ by multiplying all permission amounts held by $p$. While
$A^{p + q}$ can always be split into $A^p * A^q$, recombining $A^p *
A^q$ into $A^{p+q}$ is not always sound. We say that $A$ is
<em>combinable</em> iff the entailment $A^p * A^q \models
A^{p+q}$ holds for any two positive fractions $p$ and $q$ such that $p
+ q \le 1$. Combinable assertions are particularly useful to reason
about concurrent programs, for instance, to combine the postconditions
of parallel branches when they terminate. Unfortunately, the magic
wand assertion $A \mathbin{-\!\!*} B$, commonly used to specify properties of
partial data structures, is typically <em>not</em>
combinable. In this entry, we formalize a novel, restricted
definition of the magic wand, described in <a
href="https://arxiv.org/abs/2205.11325">a paper at CAV
22</a>, which we call the <em>combinable wand</em>.
We prove some key properties of the combinable wand; in particular, a
combinable wand is combinable if its right-hand side is combinable.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/computer-science/programming-languages/logics">Computer science/Programming languages/Logics</a></li></ul>
<h3>Theories of Combinable_Wands</h3>
<ul>
<li><a href="../theories/combinable_wands/#PosRat">PosRat</a></li>
<li><a href="../theories/combinable_wands/#Mask">Mask</a></li>
<li><a href="../theories/combinable_wands/#PartialHeapSA">PartialHeapSA</a></li>
<li><a href="../theories/combinable_wands/#CombinableWands">CombinableWands</a></li></ul><div class="flex-wrap">
<div>
<h3>Depends On</h3>
<ul class="horizontal-list"><li><a href="../entries/Package_logic.html">Formalization of a Framework for the Sound Automation of Magic Wands</a></li></ul>
</div>
+ <div>
+ <h3>Related Entries</h3>
+ <ul class="horizontal-list">
+
+ <li><a href="../entries/Separation_Logic_Unbounded.html">Unbounded Separation Logic</a></li>
+
+ </ul>
+ </div>
+
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Combinable_Wands/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Combinable_Wands/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Combinable_Wands/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Combinable_Wands-AFP</p><pre id="copy-text">@article{Combinable_Wands-AFP,
author = {Thibault Dardinier},
title = {A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand},
journal = {Archive of Formal Proofs},
month = {May},
year = {2022},
note = {\url{https://isa-afp.org/entries/Combinable_Wands.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Combinable_Wands-current.tar.gz" download>Download latest</a>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Constructor_Funs.html b/web/entries/Constructor_Funs.html
--- a/web/entries/Constructor_Funs.html
+++ b/web/entries/Constructor_Funs.html
@@ -1,179 +1,179 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Constructor Functions - Archive of Formal Proofs</title><meta name="description" content="Isabelle&#39;s code generator performs various adaptations for target
languages. Among others, constructor applications have to be fully
saturated. That means..."><meta property="og:title" content="Constructor Functions" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Constructor_Funs.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2017-04-19T00:00:00+00:00" />
<meta property="article:modified_time" content="2017-04-19T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Constructor Functions"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>C</span>onstructor <span class='first'>F</span>unctions</h1>
<div>
- <p><a href="../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a>
+ <p><a href="../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a>
</p>
<p class="date">April 19, 2017</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">Isabelle's code generator performs various adaptations for target
languages. Among others, constructor applications have to be fully
saturated. That means that for constructor calls occuring as arguments
to higher-order functions, synthetic lambdas have to be inserted. This
entry provides tooling to avoid this construction altogether by
introducing constructor functions.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/tools">Tools</a></li></ul>
<h3>Theories of Constructor_Funs</h3>
<ul>
<li><a href="../theories/constructor_funs/#Constructor_Funs">Constructor_Funs</a></li>
<li><a href="../theories/constructor_funs/#Test_Constructor_Funs">Test_Constructor_Funs</a></li></ul><div class="flex-wrap">
<div>
<h3>Used by</h3>
<ul class="horizontal-list"><li><a href="../entries/CakeML_Codegen.html">A Verified Code Generator from Isabelle/HOL to CakeML</a></li></ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Constructor_Funs/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Constructor_Funs/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Constructor_Funs/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Constructor_Funs-AFP</p><pre id="copy-text">@article{Constructor_Funs-AFP,
author = {Lars Hupel},
title = {Constructor Functions},
journal = {Archive of Formal Proofs},
month = {April},
year = {2017},
note = {\url{https://isa-afp.org/entries/Constructor_Funs.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Constructor_Funs-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-Constructor_Funs-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Constructor_Funs-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Constructor_Funs-2020-04-18.tar.gz">Apr 18, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-Constructor_Funs-2019-06-11.tar.gz">Jun 11, 2019</a>: Isabelle2019
</li><li>
<a href="https://www.isa-afp.org/release/afp-Constructor_Funs-2018-08-16.tar.gz">Aug 16, 2018</a>: Isabelle2018
</li><li>
<a href="https://www.isa-afp.org/release/afp-Constructor_Funs-2017-10-10.tar.gz">Oct 10, 2017</a>: Isabelle2017
</li><li>
<a href="https://www.isa-afp.org/release/afp-Constructor_Funs-2017-04-20.tar.gz">Apr 20, 2017</a>: Isabelle2016-1
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/DPRM_Theorem.html b/web/entries/DPRM_Theorem.html
--- a/web/entries/DPRM_Theorem.html
+++ b/web/entries/DPRM_Theorem.html
@@ -1,203 +1,212 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Diophantine Equations and the DPRM Theorem - Archive of Formal Proofs</title><meta name="description" content="We present a formalization of Matiyasevich&#39;s proof of the DPRM
theorem, which states that every recursively enumerable set of natural
numbers is..."><meta property="og:title" content="Diophantine Equations and the DPRM Theorem" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/DPRM_Theorem.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2022-06-06T00:00:00+00:00" />
<meta property="article:modified_time" content="2022-06-06T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Diophantine Equations and the DPRM Theorem"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>D</span>iophantine <span class='first'>E</span>quations and the <span class='first'>D</span><span class='first'>P</span><span class='first'>R</span><span class='first'>M</span> <span class='first'>T</span>heorem</h1>
<div>
<p><a href="../authors/bayer">Jonas Bayer</a>, <a href="../authors/david">Marco David</a>, <a href="../authors/stock">Benedikt Stock</a>, <a href="../authors/pal">Abhik Pal</a>, <a href="../authors/matiyasevich">Yuri Matiyasevich</a> and <a href="../authors/schleicher">Dierk Schleicher</a>
</p>
<p class="date">June 6, 2022</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">We present a formalization of Matiyasevich's proof of the DPRM
theorem, which states that every recursively enumerable set of natural
numbers is Diophantine. This result from 1970 yields a negative
solution to Hilbert's 10th problem over the integers. To
represent recursively enumerable sets in equations, we implement and
arithmetize register machines. We formalize a general theory of
Diophantine sets and relations to reason about them abstractly. Using
several number-theoretic lemmas, we prove that exponentiation has a
Diophantine representation.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/logic/computability">Logic/Computability</a></li><li><a href="../topics/mathematics/number-theory">Mathematics/Number theory</a></li></ul>
<h3>Theories of DPRM_Theorem</h3>
<ul>
<li><a href="../theories/dprm_theorem/#Parametric_Polynomials">Parametric_Polynomials</a></li>
<li><a href="../theories/dprm_theorem/#Assignments">Assignments</a></li>
<li><a href="../theories/dprm_theorem/#Diophantine_Relations">Diophantine_Relations</a></li>
<li><a href="../theories/dprm_theorem/#Existential_Quantifier">Existential_Quantifier</a></li>
<li><a href="../theories/dprm_theorem/#Modulo_Divisibility">Modulo_Divisibility</a></li>
<li><a href="../theories/dprm_theorem/#Exponentiation">Exponentiation</a></li>
<li><a href="../theories/dprm_theorem/#Alpha_Sequence">Alpha_Sequence</a></li>
<li><a href="../theories/dprm_theorem/#Exponential_Relation">Exponential_Relation</a></li>
<li><a href="../theories/dprm_theorem/#Digit_Function">Digit_Function</a></li>
<li><a href="../theories/dprm_theorem/#Binomial_Coefficient">Binomial_Coefficient</a></li>
<li><a href="../theories/dprm_theorem/#Binary_Orthogonal">Binary_Orthogonal</a></li>
<li><a href="../theories/dprm_theorem/#Binary_Masking">Binary_Masking</a></li>
<li><a href="../theories/dprm_theorem/#Binary_And">Binary_And</a></li>
<li><a href="../theories/dprm_theorem/#RegisterMachineSpecification">RegisterMachineSpecification</a></li>
<li><a href="../theories/dprm_theorem/#RegisterMachineProperties">RegisterMachineProperties</a></li>
<li><a href="../theories/dprm_theorem/#RegisterMachineSimulation">RegisterMachineSimulation</a></li>
<li><a href="../theories/dprm_theorem/#SingleStepRegister">SingleStepRegister</a></li>
<li><a href="../theories/dprm_theorem/#SingleStepState">SingleStepState</a></li>
<li><a href="../theories/dprm_theorem/#MultipleStepRegister">MultipleStepRegister</a></li>
<li><a href="../theories/dprm_theorem/#MultipleStepState">MultipleStepState</a></li>
<li><a href="../theories/dprm_theorem/#MachineMasking">MachineMasking</a></li>
<li><a href="../theories/dprm_theorem/#MachineEquations">MachineEquations</a></li>
<li><a href="../theories/dprm_theorem/#CommutationRelations">CommutationRelations</a></li>
<li><a href="../theories/dprm_theorem/#MultipleToSingleSteps">MultipleToSingleSteps</a></li>
<li><a href="../theories/dprm_theorem/#Equation_Setup">Equation_Setup</a></li>
<li><a href="../theories/dprm_theorem/#Register_Machine_Sums">Register_Machine_Sums</a></li>
<li><a href="../theories/dprm_theorem/#RM_Sums_Diophantine">RM_Sums_Diophantine</a></li>
<li><a href="../theories/dprm_theorem/#Register_Equations">Register_Equations</a></li>
<li><a href="../theories/dprm_theorem/#State_0_Equation">State_0_Equation</a></li>
<li><a href="../theories/dprm_theorem/#State_d_Equation">State_d_Equation</a></li>
<li><a href="../theories/dprm_theorem/#State_Unique_Equations">State_Unique_Equations</a></li>
<li><a href="../theories/dprm_theorem/#All_State_Equations">All_State_Equations</a></li>
<li><a href="../theories/dprm_theorem/#Mask_Equations">Mask_Equations</a></li>
<li><a href="../theories/dprm_theorem/#Constants_Equations">Constants_Equations</a></li>
<li><a href="../theories/dprm_theorem/#All_Equations_Invariance">All_Equations_Invariance</a></li>
<li><a href="../theories/dprm_theorem/#All_Equations">All_Equations</a></li>
<li><a href="../theories/dprm_theorem/#Machine_Equation_Equivalence">Machine_Equation_Equivalence</a></li>
<li><a href="../theories/dprm_theorem/#DPRM">DPRM</a></li></ul><div class="flex-wrap">
<div>
<h3>Depends On</h3>
<ul class="horizontal-list"><li><a href="../entries/Digit_Expansions.html">Digit Expansions</a></li><li><a href="../entries/Lucas_Theorem.html">Lucas&rsquo;s Theorem</a></li></ul>
</div>
+ <div>
+ <h3>Related Entries</h3>
+ <ul class="horizontal-list">
+
+ <li><a href="../entries/Padic_Field.html">p-adic Fields and p-adic Semialgebraic Sets</a></li>
+
+ </ul>
+ </div>
+
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/DPRM_Theorem/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/DPRM_Theorem/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/DPRM_Theorem/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">DPRM_Theorem-AFP</p><pre id="copy-text">@article{DPRM_Theorem-AFP,
author = {Jonas Bayer and Marco David and Benedikt Stock and Abhik Pal and Yuri Matiyasevich and Dierk Schleicher},
title = {Diophantine Equations and the DPRM Theorem},
journal = {Archive of Formal Proofs},
month = {June},
year = {2022},
note = {\url{https://isa-afp.org/entries/DPRM_Theorem.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-DPRM_Theorem-current.tar.gz" download>Download latest</a>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Dict_Construction.html b/web/entries/Dict_Construction.html
--- a/web/entries/Dict_Construction.html
+++ b/web/entries/Dict_Construction.html
@@ -1,186 +1,186 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Dictionary Construction - Archive of Formal Proofs</title><meta name="description" content="Isabelle&#39;s code generator natively supports type classes. For
targets that do not have language support for classes and instances,
it performs the..."><meta property="og:title" content="Dictionary Construction" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Dict_Construction.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2017-05-24T00:00:00+00:00" />
<meta property="article:modified_time" content="2017-05-24T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Dictionary Construction"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>D</span>ictionary <span class='first'>C</span>onstruction</h1>
<div>
- <p><a href="../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a>
+ <p><a href="../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a>
</p>
<p class="date">May 24, 2017</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">Isabelle's code generator natively supports type classes. For
targets that do not have language support for classes and instances,
it performs the well-known dictionary translation, as described by
Haftmann and Nipkow. This translation happens outside the logic, i.e.,
there is no guarantee that it is correct, besides the pen-and-paper
proof. This work implements a certified dictionary translation that
produces new class-free constants and derives equality theorems.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/tools">Tools</a></li></ul>
<h3>Theories of Dict_Construction</h3>
<ul>
<li><a href="../theories/dict_construction/#Introduction">Introduction</a></li>
<li><a href="../theories/dict_construction/#Impossibility">Impossibility</a></li>
<li><a href="../theories/dict_construction/#Dict_Construction">Dict_Construction</a></li>
<li><a href="../theories/dict_construction/#Termination">Termination</a></li>
<li><a href="../theories/dict_construction/#Test_Dict_Construction">Test_Dict_Construction</a></li>
<li><a href="../theories/dict_construction/#Test_Side_Conditions">Test_Side_Conditions</a></li>
<li><a href="../theories/dict_construction/#Test_Lazy_Case">Test_Lazy_Case</a></li></ul><div class="flex-wrap">
<div>
<h3>Depends On</h3>
<ul class="horizontal-list"><li><a href="../entries/Automatic_Refinement.html">Automatic Data Refinement</a></li><li><a href="../entries/Lazy_Case.html">Lazifying case constants</a></li><li><a href="../entries/Show.html">Haskell&rsquo;s Show Class in Isabelle/HOL</a></li></ul>
</div><div>
<h3>Used by</h3>
<ul class="horizontal-list"><li><a href="../entries/CakeML_Codegen.html">A Verified Code Generator from Isabelle/HOL to CakeML</a></li></ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Dict_Construction/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Dict_Construction/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Dict_Construction/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Dict_Construction-AFP</p><pre id="copy-text">@article{Dict_Construction-AFP,
author = {Lars Hupel},
title = {Dictionary Construction},
journal = {Archive of Formal Proofs},
month = {May},
year = {2017},
note = {\url{https://isa-afp.org/entries/Dict_Construction.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Dict_Construction-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-Dict_Construction-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Dict_Construction-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Dict_Construction-2020-04-18.tar.gz">Apr 18, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-Dict_Construction-2019-06-11.tar.gz">Jun 11, 2019</a>: Isabelle2019
</li><li>
<a href="https://www.isa-afp.org/release/afp-Dict_Construction-2018-08-16.tar.gz">Aug 16, 2018</a>: Isabelle2018
</li><li>
<a href="https://www.isa-afp.org/release/afp-Dict_Construction-2017-10-10.tar.gz">Oct 10, 2017</a>: Isabelle2017
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Epistemic_Logic.html b/web/entries/Epistemic_Logic.html
--- a/web/entries/Epistemic_Logic.html
+++ b/web/entries/Epistemic_Logic.html
@@ -1,178 +1,178 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Epistemic Logic: Completeness of Modal Logics - Archive of Formal Proofs</title><meta name="description" content="This work is a formalization of epistemic logic with countably many agents. It includes proofs of soundness and completeness for the axiom system K. The..."><meta property="og:title" content="Epistemic Logic: Completeness of Modal Logics" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Epistemic_Logic.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2018-10-29T00:00:00+00:00" />
<meta property="article:modified_time" content="2018-10-29T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Epistemic Logic: Completeness of Modal Logics"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>E</span>pistemic <span class='first'>L</span>ogic: <span class='first'>C</span>ompleteness of <span class='first'>M</span>odal <span class='first'>L</span>ogics</h1>
<div>
<p><a href="../authors/from">Asta Halkjær From</a> <a href="https://people.compute.dtu.dk/ahfrom/">🌐</a>
</p>
<p class="date">October 29, 2018</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">This work is a formalization of epistemic logic with countably many
agents. It includes proofs of soundness and completeness for the axiom
system K. The completeness proof is based on the textbook
"Reasoning About Knowledge" by Fagin, Halpern, Moses and
Vardi (MIT Press 1995).
The extensions of system K (T, KB, K4, S4, S5) and their completeness proofs
are based on the textbook "Modal Logic" by Blackburn, de Rijke and Venema
(Cambridge University Press 2001).
-Papers: <a href="https://doi.org/10.1007/978-3-030-88853-4_1">https://doi.org/10.1007/978-3-030-88853-4_1</a>, <a href="https://doi.org/10.1007/978-3-030-90138-7_2">https://doi.org/10.1007/978-3-030-90138-7_2</a>.</div>BSD License<h3>Change history</h3><p>
+Papers: <a href="https://doi.org/10.1007/978-3-030-88853-4_1">doi.org/10.1007/978-3-030-88853-4_1</a>, <a href="https://doi.org/10.1007/978-3-030-90138-7_2">doi.org/10.1007/978-3-030-90138-7_2</a>.</div>BSD License<h3>Change history</h3><p>
<h4>April 15, 2021</h4>
Added completeness of modal logics T, KB, K4, S4 and S5.
</p><h3>Topics</h3>
<ul><li><a href="../topics/logic/general-logic/logics-of-knowledge-and-belief">Logic/General logic/Logics of knowledge and belief</a></li></ul>
<h3>Theories of Epistemic_Logic</h3>
<ul>
<li><a href="../theories/epistemic_logic/#Epistemic_Logic">Epistemic_Logic</a></li></ul><div class="flex-wrap">
<div>
<h3>Used by</h3>
<ul class="horizontal-list"><li><a href="../entries/Public_Announcement_Logic.html">Public Announcement Logic</a></li></ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Epistemic_Logic/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Epistemic_Logic/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Epistemic_Logic/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Epistemic_Logic-AFP</p><pre id="copy-text">@article{Epistemic_Logic-AFP,
author = {Asta Halkjær From},
title = {Epistemic Logic: Completeness of Modal Logics},
journal = {Archive of Formal Proofs},
month = {October},
year = {2018},
note = {\url{https://isa-afp.org/entries/Epistemic_Logic.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Epistemic_Logic-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-Epistemic_Logic-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Epistemic_Logic-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Epistemic_Logic-2020-04-18.tar.gz">Apr 18, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-Epistemic_Logic-2019-06-11.tar.gz">Jun 11, 2019</a>: Isabelle2019
</li><li>
<a href="https://www.isa-afp.org/release/afp-Epistemic_Logic-2018-10-29.tar.gz">Oct 29, 2018</a>: Isabelle2018
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/FOL_Axiomatic.html b/web/entries/FOL_Axiomatic.html
--- a/web/entries/FOL_Axiomatic.html
+++ b/web/entries/FOL_Axiomatic.html
@@ -1,169 +1,168 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
- <meta name="viewport" content="width=device-width, initial-scale=1"><title>Soundness and Completeness of an Axiomatic System for First-Order Logic - Archive of Formal Proofs</title><meta name="description" content="This work is a formalization of the soundness and completeness of an
-axiomatic system for first-order logic. The proof system is based on
-System Q1 by..."><meta property="og:title" content="Soundness and Completeness of an Axiomatic System for First-Order Logic" />
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>Soundness and Completeness of an Axiomatic System for First-Order Logic - Archive of Formal Proofs</title><meta name="description" content="This work is a formalization of the soundness and completeness of an axiomatic system for first-order logic. The proof system is based on System Q1 by..."><meta property="og:title" content="Soundness and Completeness of an Axiomatic System for First-Order Logic" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/FOL_Axiomatic.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2021-09-24T00:00:00+00:00" />
<meta property="article:modified_time" content="2021-09-24T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Soundness and Completeness of an Axiomatic System for First-Order Logic"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>S</span>oundness and <span class='first'>C</span>ompleteness of an <span class='first'>A</span>xiomatic <span class='first'>S</span>ystem for <span class='first'>F</span>irst-<span class='first'>O</span>rder <span class='first'>L</span>ogic</h1>
<div>
<p><a href="../authors/from">Asta Halkjær From</a> <a href="https://people.compute.dtu.dk/ahfrom/">🌐</a>
</p>
<p class="date">September 24, 2021</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">This work is a formalization of the soundness and completeness of an
axiomatic system for first-order logic. The proof system is based on
System Q1 by Smullyan and the completeness proof follows his textbook
"First-Order Logic" (Springer-Verlag 1968). The completeness
proof is in the Henkin style where a consistent set is extended to a
maximal consistent set using Lindenbaum's construction and Henkin
witnesses are added during the construction to ensure saturation as
well. The resulting set is a Hintikka set which, by the model
-existence theorem, is satisfiable in the Herbrand universe.</div>BSD License<h3>Topics</h3>
+existence theorem, is satisfiable in the Herbrand universe.
+Paper: <a href="https://doi.org/10.4230/LIPIcs.TYPES.2021.8">doi.org/10.4230/LIPIcs.TYPES.2021.8</a>.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/logic/general-logic/classical-first-order-logic">Logic/General logic/Classical first-order logic</a></li><li><a href="../topics/logic/proof-theory">Logic/Proof theory</a></li></ul>
<h3>Theories of FOL_Axiomatic</h3>
<ul>
<li><a href="../theories/fol_axiomatic/#FOL_Axiomatic">FOL_Axiomatic</a></li>
<li><a href="../theories/fol_axiomatic/#FOL_Axiomatic_Variant">FOL_Axiomatic_Variant</a></li></ul><div class="flex-wrap">
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/FOL_Axiomatic/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/FOL_Axiomatic/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/FOL_Axiomatic/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">FOL_Axiomatic-AFP</p><pre id="copy-text">@article{FOL_Axiomatic-AFP,
author = {Asta Halkjær From},
title = {Soundness and Completeness of an Axiomatic System for First-Order Logic},
journal = {Archive of Formal Proofs},
month = {September},
year = {2021},
note = {\url{https://isa-afp.org/entries/FOL_Axiomatic.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-FOL_Axiomatic-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-FOL_Axiomatic-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-FOL_Axiomatic-2021-10-05.tar.gz">Oct 5, 2021</a>: Isabelle2021
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/FOL_Seq_Calc1.html b/web/entries/FOL_Seq_Calc1.html
--- a/web/entries/FOL_Seq_Calc1.html
+++ b/web/entries/FOL_Seq_Calc1.html
@@ -1,192 +1,193 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>A Sequent Calculus for First-Order Logic - Archive of Formal Proofs</title><meta name="description" content="This work formalizes soundness and completeness of a one-sided sequent calculus for first-order logic. The completeness is shown via a translation from a..."><meta property="og:title" content="A Sequent Calculus for First-Order Logic" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/FOL_Seq_Calc1.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2019-07-18T00:00:00+00:00" />
<meta property="article:modified_time" content="2019-07-18T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="A Sequent Calculus for First-Order Logic"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>A</span> <span class='first'>S</span>equent <span class='first'>C</span>alculus for <span class='first'>F</span>irst-<span class='first'>O</span>rder <span class='first'>L</span>ogic</h1>
<div>
<p><a href="../authors/from">Asta Halkjær From</a> <a href="https://people.compute.dtu.dk/ahfrom/">🌐</a>
with contributions from <a href="../authors/jensen">Alexander Birch Jensen</a> <a href="https://people.compute.dtu.dk/aleje/">🌐</a>, <a href="../authors/schlichtkrull">Anders Schlichtkrull</a> <a href="https://people.compute.dtu.dk/andschl/">🌐</a> and <a href="../authors/villadsen">Jørgen Villadsen</a> <a href="https://people.compute.dtu.dk/jovi/">🌐</a>
</p>
<p class="date">July 18, 2019</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">This work formalizes soundness and completeness of a one-sided sequent
calculus for first-order logic. The completeness is shown via a
translation from a complete semantic tableau calculus, the proof of
which is based on the First-Order Logic According to Fitting theory.
The calculi and proof techniques are taken from Ben-Ari's
Mathematical Logic for Computer Science.
-Paper: <a href="http://ceur-ws.org/Vol-3002/paper7.pdf">http://ceur-ws.org/Vol-3002/paper7.pdf</a>.</div>BSD License<h3>Topics</h3>
+Paper: <a href="http://ceur-ws.org/Vol-3002/paper7.pdf">ceur-ws.org/Vol-3002/paper7.pdf</a>.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/logic/proof-theory">Logic/Proof theory</a></li></ul>
<h3>Theories of FOL_Seq_Calc1</h3>
<ul>
<li><a href="../theories/fol_seq_calc1/#Common">Common</a></li>
<li><a href="../theories/fol_seq_calc1/#Tableau">Tableau</a></li>
- <li><a href="../theories/fol_seq_calc1/#Sequent">Sequent</a></li></ul><div class="flex-wrap">
+ <li><a href="../theories/fol_seq_calc1/#Sequent">Sequent</a></li>
+ <li><a href="../theories/fol_seq_calc1/#Sequent2">Sequent2</a></li></ul><div class="flex-wrap">
<div>
<h3>Depends On</h3>
<ul class="horizontal-list"><li><a href="../entries/FOL-Fitting.html">First-Order Logic According to Fitting</a></li></ul>
</div><div>
<h3>Used by</h3>
<ul class="horizontal-list"><li><a href="../entries/FOL_Seq_Calc2.html">A Sequent Calculus Prover for First-Order Logic with Functions</a></li></ul>
</div>
<div>
<h3>Related Entries</h3>
<ul class="horizontal-list">
<li><a href="../entries/FOL_Axiomatic.html">Soundness and Completeness of an Axiomatic System for First-Order Logic</a></li>
<li><a href="../entries/Relational_Paths.html">Relational Characterisations of Paths</a></li>
<li><a href="../entries/Abstract_Soundness.html">Abstract Soundness</a></li>
<li><a href="../entries/Completeness.html">Completeness theorem</a></li>
</ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/FOL_Seq_Calc1/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/FOL_Seq_Calc1/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/FOL_Seq_Calc1/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">FOL_Seq_Calc1-AFP</p><pre id="copy-text">@article{FOL_Seq_Calc1-AFP,
author = {Asta Halkjær From},
title = {A Sequent Calculus for First-Order Logic},
journal = {Archive of Formal Proofs},
month = {July},
year = {2019},
note = {\url{https://isa-afp.org/entries/FOL_Seq_Calc1.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-FOL_Seq_Calc1-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-FOL_Seq_Calc1-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-FOL_Seq_Calc1-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-FOL_Seq_Calc1-2020-04-18.tar.gz">Apr 18, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-FOL_Seq_Calc1-2019-07-18.tar.gz">Jul 18, 2019</a>: Isabelle2019
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/FOL_Seq_Calc2.html b/web/entries/FOL_Seq_Calc2.html
--- a/web/entries/FOL_Seq_Calc2.html
+++ b/web/entries/FOL_Seq_Calc2.html
@@ -1,192 +1,191 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
- <meta name="viewport" content="width=device-width, initial-scale=1"><title>A Sequent Calculus Prover for First-Order Logic with Functions - Archive of Formal Proofs</title><meta name="description" content="We formalize an automated theorem prover for first-order logic with
-functions. The proof search procedure is based on sequent calculus and
-we verify its..."><meta property="og:title" content="A Sequent Calculus Prover for First-Order Logic with Functions" />
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>A Sequent Calculus Prover for First-Order Logic with Functions - Archive of Formal Proofs</title><meta name="description" content="We formalize an automated theorem prover for first-order logic with functions. The proof search procedure is based on sequent calculus and we verify its..."><meta property="og:title" content="A Sequent Calculus Prover for First-Order Logic with Functions" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/FOL_Seq_Calc2.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2022-01-31T00:00:00+00:00" />
<meta property="article:modified_time" content="2022-01-31T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="A Sequent Calculus Prover for First-Order Logic with Functions"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>A</span> <span class='first'>S</span>equent <span class='first'>C</span>alculus <span class='first'>P</span>rover for <span class='first'>F</span>irst-<span class='first'>O</span>rder <span class='first'>L</span>ogic <span class='first'>W</span>ith <span class='first'>F</span>unctions</h1>
<div>
<p><a href="../authors/from">Asta Halkjær From</a> <a href="https://people.compute.dtu.dk/ahfrom/">🌐</a> and <a href="../authors/jacobsen">Frederik Krogsdal Jacobsen</a> <a href="http://people.compute.dtu.dk/fkjac/">🌐</a>
</p>
<p class="date">January 31, 2022</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">We formalize an automated theorem prover for first-order logic with
functions. The proof search procedure is based on sequent calculus and
we verify its soundness and completeness using the Abstract Soundness
and Abstract Completeness theories. Our analytic completeness proof
covers both open and closed formulas. Since our deterministic prover
considers only the subset of terms relevant to proving a given
sequent, we do so as well when building a countermodel from a failed
proof. We formally connect our prover with the proof system and
semantics of the existing SeCaV system. In particular, the
prover's output can be post-processed in Haskell to generate
human-readable SeCaV proofs which are also machine-verifiable proof
-certificates.</div>BSD License<h3>Topics</h3>
+certificates.
+Paper: <a href="https://doi.org/10.4230/LIPIcs.ITP.2022.13">doi.org/10.4230/LIPIcs.ITP.2022.13</a>.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/logic/general-logic/classical-first-order-logic">Logic/General logic/Classical first-order logic</a></li><li><a href="../topics/logic/proof-theory">Logic/Proof theory</a></li><li><a href="../topics/logic/general-logic/mechanization-of-proofs">Logic/General logic/Mechanization of proofs</a></li></ul>
<h3>Theories of FOL_Seq_Calc2</h3>
<ul>
<li><a href="../theories/fol_seq_calc2/#SeCaV">SeCaV</a></li>
<li><a href="../theories/fol_seq_calc2/#Sequent1">Sequent1</a></li>
<li><a href="../theories/fol_seq_calc2/#Sequent_Calculus_Verifier">Sequent_Calculus_Verifier</a></li>
<li><a href="../theories/fol_seq_calc2/#Prover">Prover</a></li>
<li><a href="../theories/fol_seq_calc2/#Export">Export</a></li>
<li><a href="../theories/fol_seq_calc2/#ProverLemmas">ProverLemmas</a></li>
<li><a href="../theories/fol_seq_calc2/#Hintikka">Hintikka</a></li>
<li><a href="../theories/fol_seq_calc2/#EPathHintikka">EPathHintikka</a></li>
<li><a href="../theories/fol_seq_calc2/#Usemantics">Usemantics</a></li>
<li><a href="../theories/fol_seq_calc2/#Countermodel">Countermodel</a></li>
<li><a href="../theories/fol_seq_calc2/#Soundness">Soundness</a></li>
<li><a href="../theories/fol_seq_calc2/#Completeness">Completeness</a></li>
<li><a href="../theories/fol_seq_calc2/#Results">Results</a></li></ul><div class="flex-wrap">
<div>
<h3>Depends On</h3>
<ul class="horizontal-list"><li><a href="../entries/Abstract_Completeness.html">Abstract Completeness</a></li><li><a href="../entries/Abstract_Soundness.html">Abstract Soundness</a></li><li><a href="../entries/Collections.html">Collections Framework</a></li><li><a href="../entries/FOL_Seq_Calc1.html">A Sequent Calculus for First-Order Logic</a></li></ul>
</div>
<div>
<h3>Related Entries</h3>
<ul class="horizontal-list">
<li><a href="../entries/Pratt_Certificate.html">Pratt&rsquo;s Primality Certificates</a></li>
<li><a href="../entries/Separata.html">Separata: Isabelle tactics for Separation Algebra</a></li>
</ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/FOL_Seq_Calc2/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/FOL_Seq_Calc2/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/FOL_Seq_Calc2/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">FOL_Seq_Calc2-AFP</p><pre id="copy-text">@article{FOL_Seq_Calc2-AFP,
author = {Asta Halkjær From and Frederik Krogsdal Jacobsen},
title = {A Sequent Calculus Prover for First-Order Logic with Functions},
journal = {Archive of Formal Proofs},
month = {January},
year = {2022},
note = {\url{https://isa-afp.org/entries/FOL_Seq_Calc2.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-FOL_Seq_Calc2-current.tar.gz" download>Download latest</a>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Generic_Deriving.html b/web/entries/Generic_Deriving.html
--- a/web/entries/Generic_Deriving.html
+++ b/web/entries/Generic_Deriving.html
@@ -1,180 +1,180 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Deriving generic class instances for datatypes - Archive of Formal Proofs</title><meta name="description" content="We provide a framework for automatically deriving instances for generic type classes. Our approach is inspired by Haskell&#39;s generic-deriving package and..."><meta property="og:title" content="Deriving generic class instances for datatypes" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Generic_Deriving.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2018-11-06T00:00:00+00:00" />
<meta property="article:modified_time" content="2018-11-06T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Deriving generic class instances for datatypes"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>D</span>eriving <span class='first'>G</span>eneric <span class='first'>C</span>lass <span class='first'>I</span>nstances for <span class='first'>D</span>atatypes</h1>
<div>
- <p><a href="../authors/raedle">Jonas Rädle</a> <a class="obfuscated" data="eyJob3N0IjpbImdtYWlsIiwiY29tIl0sInVzZXIiOlsiam9uYXMiLCJyYWVkbGUiXX0=">📧</a> and <a href="../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a>
+ <p><a href="../authors/raedle">Jonas Rädle</a> <a class="obfuscated" data="eyJob3N0IjpbImdtYWlsIiwiY29tIl0sInVzZXIiOlsiam9uYXMiLCJyYWVkbGUiXX0=">📧</a> and <a href="../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a>
</p>
<p class="date">November 6, 2018</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process"><p>We provide a framework for automatically deriving instances for
generic type classes. Our approach is inspired by Haskell's
<i>generic-deriving</i> package and Scala's
<i>shapeless</i> library. In addition to generating the
code for type class functions, we also attempt to automatically prove
type class laws for these instances. As of now, however, some manual
proofs are still required for recursive datatypes.</p>
<p>Note: There are already articles in the AFP that provide
automatic instantiation for a number of classes. Concretely, <a href="https://www.isa-afp.org/entries/Deriving.html">Deriving</a> allows the automatic instantiation of comparators, linear orders, equality, and hashing. <a href="https://www.isa-afp.org/entries/Show.html">Show</a> instantiates a Haskell-style <i>show</i> class.</p><p>Our approach works for arbitrary classes (with some Isabelle/HOL overhead for each class), but a smaller set of datatypes.</p></div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/computer-science/data-structures">Computer science/Data structures</a></li></ul>
<h3>Theories of Generic_Deriving</h3>
<ul>
<li><a href="../theories/generic_deriving/#Tagged_Prod_Sum">Tagged_Prod_Sum</a></li>
<li><a href="../theories/generic_deriving/#Derive">Derive</a></li>
<li><a href="../theories/generic_deriving/#Derive_Datatypes">Derive_Datatypes</a></li>
<li><a href="../theories/generic_deriving/#Derive_Eq">Derive_Eq</a></li>
<li><a href="../theories/generic_deriving/#Derive_Encode">Derive_Encode</a></li>
<li><a href="../theories/generic_deriving/#Derive_Algebra">Derive_Algebra</a></li>
<li><a href="../theories/generic_deriving/#Derive_Show">Derive_Show</a></li>
<li><a href="../theories/generic_deriving/#Derive_Eq_Laws">Derive_Eq_Laws</a></li>
<li><a href="../theories/generic_deriving/#Derive_Algebra_Laws">Derive_Algebra_Laws</a></li></ul><div class="flex-wrap">
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Generic_Deriving/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Generic_Deriving/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Generic_Deriving/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Generic_Deriving-AFP</p><pre id="copy-text">@article{Generic_Deriving-AFP,
author = {Jonas Rädle and Lars Hupel},
title = {Deriving generic class instances for datatypes},
journal = {Archive of Formal Proofs},
month = {November},
year = {2018},
note = {\url{https://isa-afp.org/entries/Generic_Deriving.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Generic_Deriving-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-Generic_Deriving-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Generic_Deriving-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Generic_Deriving-2020-04-18.tar.gz">Apr 18, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-Generic_Deriving-2019-06-11.tar.gz">Jun 11, 2019</a>: Isabelle2019
</li><li>
<a href="https://www.isa-afp.org/release/afp-Generic_Deriving-2018-11-21.tar.gz">Nov 21, 2018</a>: Isabelle2018
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Hello_World.html b/web/entries/Hello_World.html
--- a/web/entries/Hello_World.html
+++ b/web/entries/Hello_World.html
@@ -1,172 +1,172 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Hello World - Archive of Formal Proofs</title><meta name="description" content="In this article, we present a formalization of the well-known
&#34;Hello, World!&#34; code, including a formal framework for
reasoning about IO. Our model is..."><meta property="og:title" content="Hello World" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Hello_World.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2020-03-07T00:00:00+00:00" />
<meta property="article:modified_time" content="2020-03-07T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Hello World"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>H</span>ello <span class='first'>W</span>orld</h1>
<div>
- <p><a href="../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a> and <a href="../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a>
+ <p><a href="../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a> and <a href="../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a>
</p>
<p class="date">March 7, 2020</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">In this article, we present a formalization of the well-known
"Hello, World!" code, including a formal framework for
reasoning about IO. Our model is inspired by the handling of IO in
Haskell. We start by formalizing the 🌍 and embrace the IO monad
afterwards. Then we present a sample main :: IO (), followed by its
proof of correctness.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/computer-science/functional-programming">Computer science/Functional programming</a></li></ul>
<h3>Theories of Hello_World</h3>
<ul>
<li><a href="../theories/hello_world/#IO">IO</a></li>
<li><a href="../theories/hello_world/#HelloWorld">HelloWorld</a></li>
<li><a href="../theories/hello_world/#HelloWorld_Proof">HelloWorld_Proof</a></li>
<li><a href="../theories/hello_world/#RunningCodeFromIsabelle">RunningCodeFromIsabelle</a></li></ul><div class="flex-wrap">
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Hello_World/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Hello_World/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Hello_World/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Hello_World-AFP</p><pre id="copy-text">@article{Hello_World-AFP,
author = {Cornelius Diekmann and Lars Hupel},
title = {Hello World},
journal = {Archive of Formal Proofs},
month = {March},
year = {2020},
note = {\url{https://isa-afp.org/entries/Hello_World.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Hello_World-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-Hello_World-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Hello_World-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Hello_World-2020-04-18.tar.gz">Apr 18, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-Hello_World-2020-03-23.tar.gz">Mar 23, 2020</a>: Isabelle2019
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Hybrid_Logic.html b/web/entries/Hybrid_Logic.html
--- a/web/entries/Hybrid_Logic.html
+++ b/web/entries/Hybrid_Logic.html
@@ -1,183 +1,182 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
- <meta name="viewport" content="width=device-width, initial-scale=1"><title>Formalizing a Seligman-Style Tableau System for Hybrid Logic - Archive of Formal Proofs</title><meta name="description" content="This work is a formalization of soundness and completeness proofs
-for a Seligman-style tableau system for hybrid logic. The completeness
-result is obtained..."><meta property="og:title" content="Formalizing a Seligman-Style Tableau System for Hybrid Logic" />
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>Formalizing a Seligman-Style Tableau System for Hybrid Logic - Archive of Formal Proofs</title><meta name="description" content="This work is a formalization of soundness and completeness proofs for a Seligman-style tableau system for hybrid logic. The completeness result is obtained..."><meta property="og:title" content="Formalizing a Seligman-Style Tableau System for Hybrid Logic" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Hybrid_Logic.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2019-12-20T00:00:00+00:00" />
<meta property="article:modified_time" content="2019-12-20T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Formalizing a Seligman-Style Tableau System for Hybrid Logic"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>F</span>ormalizing a <span class='first'>S</span>eligman-<span class='first'>S</span>tyle <span class='first'>T</span>ableau <span class='first'>S</span>ystem for <span class='first'>H</span>ybrid <span class='first'>L</span>ogic</h1>
<div>
<p><a href="../authors/from">Asta Halkjær From</a> <a href="https://people.compute.dtu.dk/ahfrom/">🌐</a>
</p>
<p class="date">December 20, 2019</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">This work is a formalization of soundness and completeness proofs
for a Seligman-style tableau system for hybrid logic. The completeness
result is obtained via a synthetic approach using maximally
consistent sets of tableau blocks. The formalization differs from
previous work in a few ways. First, to avoid the need to backtrack in
the construction of a tableau, the formalized system has no unnamed
initial segment, and therefore no Name rule. Second, I show that the
full Bridge rule is admissible in the system. Third, I start from rules
restricted to only extend the branch with new formulas, including only
witnessing diamonds that are not already witnessed, and show that
the unrestricted rules are admissible. Similarly, I start from simpler
versions of the @-rules and show that these are sufficient.
The GoTo rule is restricted using a notion of potential such that each
application consumes potential and potential is earned through applications of
the remaining rules. I show that if a branch can be closed then it can
be closed starting from a single unit. Finally, Nom is restricted by
-a fixed set of allowed nominals. The resulting system should be terminating.</div>BSD License<h3>Change history</h3><p>
+a fixed set of allowed nominals. The resulting system should be terminating.
+Paper: <a href="https://doi.org/10.4230/LIPIcs.TYPES.2020.5">doi.org/10.4230/LIPIcs.TYPES.2020.5</a>.</div>BSD License<h3>Change history</h3><p>
<h4>June 3, 2020</h4>
The fully restricted system has been shown complete by updating the synthetic completeness proof.
</p><h3>Topics</h3>
<ul><li><a href="../topics/logic/general-logic/modal-logic">Logic/General logic/Modal logic</a></li></ul>
<h3>Theories of Hybrid_Logic</h3>
<ul>
<li><a href="../theories/hybrid_logic/#Hybrid_Logic">Hybrid_Logic</a></li></ul><div class="flex-wrap">
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Hybrid_Logic/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Hybrid_Logic/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Hybrid_Logic/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Hybrid_Logic-AFP</p><pre id="copy-text">@article{Hybrid_Logic-AFP,
author = {Asta Halkjær From},
title = {Formalizing a Seligman-Style Tableau System for Hybrid Logic},
journal = {Archive of Formal Proofs},
month = {December},
year = {2019},
note = {\url{https://isa-afp.org/entries/Hybrid_Logic.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Hybrid_Logic-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-Hybrid_Logic-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Hybrid_Logic-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Hybrid_Logic-2020-04-18.tar.gz">Apr 18, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-Hybrid_Logic-2020-01-07.tar.gz">Jan 7, 2020</a>: Isabelle2019
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/IP_Addresses.html b/web/entries/IP_Addresses.html
--- a/web/entries/IP_Addresses.html
+++ b/web/entries/IP_Addresses.html
@@ -1,213 +1,213 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>IP Addresses - Archive of Formal Proofs</title><meta name="description" content="This entry contains a definition of IP addresses and a library to work
with them. Generic IP addresses are modeled as machine words of
arbitrary length...."><meta property="og:title" content="IP Addresses" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/IP_Addresses.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2016-06-28T00:00:00+00:00" />
<meta property="article:modified_time" content="2016-06-28T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="IP Addresses"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>I</span><span class='first'>P</span> <span class='first'>A</span>ddresses</h1>
<div>
- <p><a href="../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a>, <a href="../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a> and <a href="../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a>
+ <p><a href="../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a>, <a href="../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a> and <a href="../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a>
</p>
<p class="date">June 28, 2016</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">This entry contains a definition of IP addresses and a library to work
with them. Generic IP addresses are modeled as machine words of
arbitrary length. Derived from this generic definition, IPv4 addresses
are 32bit machine words, IPv6 addresses are 128bit words.
Additionally, IPv4 addresses can be represented in dot-decimal
notation and IPv6 addresses in (compressed) colon-separated notation.
We support toString functions and parsers for both notations. Sets of
IP addresses can be represented with a netmask (e.g.
192.168.0.0/255.255.0.0) or in CIDR notation (e.g. 192.168.0.0/16). To
provide executable code for set operations on IP address ranges, the
library includes a datatype to work on arbitrary intervals of machine
words.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/computer-science/networks">Computer science/Networks</a></li></ul>
<h3>Theories of IP_Addresses</h3>
<ul>
<li><a href="../theories/ip_addresses/#NumberWang_IPv4">NumberWang_IPv4</a></li>
<li><a href="../theories/ip_addresses/#NumberWang_IPv6">NumberWang_IPv6</a></li>
<li><a href="../theories/ip_addresses/#WordInterval">WordInterval</a></li>
<li><a href="../theories/ip_addresses/#Hs_Compat">Hs_Compat</a></li>
<li><a href="../theories/ip_addresses/#IP_Address">IP_Address</a></li>
<li><a href="../theories/ip_addresses/#IPv4">IPv4</a></li>
<li><a href="../theories/ip_addresses/#IPv6">IPv6</a></li>
<li><a href="../theories/ip_addresses/#Prefix_Match">Prefix_Match</a></li>
<li><a href="../theories/ip_addresses/#CIDR_Split">CIDR_Split</a></li>
<li><a href="../theories/ip_addresses/#WordInterval_Sorted">WordInterval_Sorted</a></li>
<li><a href="../theories/ip_addresses/#IP_Address_Parser">IP_Address_Parser</a></li>
<li><a href="../theories/ip_addresses/#Lib_Numbers_toString">Lib_Numbers_toString</a></li>
<li><a href="../theories/ip_addresses/#Lib_Word_toString">Lib_Word_toString</a></li>
<li><a href="../theories/ip_addresses/#Lib_List_toString">Lib_List_toString</a></li>
<li><a href="../theories/ip_addresses/#IP_Address_toString">IP_Address_toString</a></li>
<li><a href="../theories/ip_addresses/#Prefix_Match_toString">Prefix_Match_toString</a></li></ul><div class="flex-wrap">
<div>
<h3>Depends On</h3>
<ul class="horizontal-list"><li><a href="../entries/Automatic_Refinement.html">Automatic Data Refinement</a></li><li><a href="../entries/Word_Lib.html">Finite Machine Word Library</a></li></ul>
</div><div>
<h3>Used by</h3>
<ul class="horizontal-list"><li><a href="../entries/Simple_Firewall.html">Simple Firewall</a></li></ul>
</div>
<div>
<h3>Related Entries</h3>
<ul class="horizontal-list">
<li><a href="../entries/Tree-Automata.html">Tree Automata</a></li>
</ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/IP_Addresses/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/IP_Addresses/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/IP_Addresses/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">IP_Addresses-AFP</p><pre id="copy-text">@article{IP_Addresses-AFP,
author = {Cornelius Diekmann and Julius Michaelis and Lars Hupel},
title = {IP Addresses},
journal = {Archive of Formal Proofs},
month = {June},
year = {2016},
note = {\url{https://isa-afp.org/entries/IP_Addresses.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-IP_Addresses-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-IP_Addresses-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-IP_Addresses-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-IP_Addresses-2020-04-18.tar.gz">Apr 18, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-IP_Addresses-2019-06-11.tar.gz">Jun 11, 2019</a>: Isabelle2019
</li><li>
<a href="https://www.isa-afp.org/release/afp-IP_Addresses-2018-08-16.tar.gz">Aug 16, 2018</a>: Isabelle2018
</li><li>
<a href="https://www.isa-afp.org/release/afp-IP_Addresses-2017-10-10.tar.gz">Oct 10, 2017</a>: Isabelle2017
</li><li>
<a href="https://www.isa-afp.org/release/afp-IP_Addresses-2016-12-17.tar.gz">Dec 17, 2016</a>: Isabelle2016-1
</li><li>
<a href="https://www.isa-afp.org/release/afp-IP_Addresses-2016-06-28.tar.gz">Jun 28, 2016</a>: Isabelle2016
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Implicational_Logic.html b/web/entries/Implicational_Logic.html
new file mode 100644
--- /dev/null
+++ b/web/entries/Implicational_Logic.html
@@ -0,0 +1,158 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>Soundness and Completeness of Implicational Logic - Archive of Formal Proofs</title><meta name="description" content="This work is a formalization of soundness and completeness of the Bernays-Tarski
+axiom system for classical implicational logic. The completeness proof is..."><meta property="og:title" content="Soundness and Completeness of Implicational Logic" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/entries/Implicational_Logic.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
+<meta property="article:published_time" content="2022-09-13T00:00:00+00:00" />
+<meta property="article:modified_time" content="2022-09-13T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
+
+<meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Soundness and Completeness of Implicational Logic"/>
+<meta name="twitter:description" content=""/>
+
+
+ <link rel="stylesheet" type="text/css" href="../css/front.min.css">
+
+ <link rel="icon" href="../images/favicon.ico" type="image/icon">
+ <script>
+ MathJax = {
+ tex: {
+ inlineMath: [['$', '$'], ['\\(', '\\)']]
+ },
+ processEscapes: true,
+ svg: {
+ fontCache: 'global'
+ }
+ };
+ </script>
+ <script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
+ <script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
+ <script src="../js/flexsearch.bundle.js"></script>
+ <script src="../js/scroll-spy.js"></script>
+ <script src="../js/theory.js"></script>
+ <script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
+</head>
+
+
+<body class='mathjax_ignore '>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../" class='logo-link'>
+ <img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+
+ <a href="../search"><img src="../images/search.svg" alt="Search" /></a>
+ <nav id="menu">
+ <div>
+ <a href="../" class='logo-link'>
+ <img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+ <ul>
+ <a href="../"><li >Home</li></a>
+ <a href="../topics/"><li >Topics</li></a>
+ <a href="../download/"><li >Download</li></a>
+ <a href="../help/"><li >Help</li></a>
+ <a href="../submission/"><li >Submission</li></a>
+ <a href="../statistics/"><li >Statistics</li></a>
+ <a href="../about/"><li >About</li></a>
+ </ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+
+ <div
+ class='content entries'><header>
+ <form autocomplete="off" action="../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1 >
+ <span class='first'>S</span>oundness and <span class='first'>C</span>ompleteness of <span class='first'>I</span>mplicational <span class='first'>L</span>ogic</h1>
+ <div>
+
+ <p><a href="../authors/from">Asta Halkjær From</a> <a href="https://people.compute.dtu.dk/ahfrom/">🌐</a> and <a href="../authors/villadsen">Jørgen Villadsen</a> <a href="https://people.compute.dtu.dk/jovi/">🌐</a>
+ </p>
+
+
+ <p class="date">September 13, 2022</p>
+
+ </div>
+</header><div><main><h3>Abstract</h3>
+
+ <div class="abstract mathjax_process">This work is a formalization of soundness and completeness of the Bernays-Tarski
+axiom system for classical implicational logic. The completeness proof is
+constructive following the approach by László Kalmár, Elliott Mendelson and
+others. The result can be extended to full classical propositional logic by
+uncommenting a few lines for falsehood.</div>BSD License<h3>Topics</h3>
+ <ul><li><a href="../topics/logic/general-logic/classical-propositional-logic">Logic/General logic/Classical propositional logic</a></li><li><a href="../topics/logic/proof-theory">Logic/Proof theory</a></li></ul>
+ <h3>Theories of Implicational_Logic</h3>
+ <ul>
+ <li><a href="../theories/implicational_logic/#Implicational_Logic">Implicational_Logic</a></li></ul><div class="flex-wrap">
+
+
+ </div>
+</main>
+
+<nav class='links'>
+ <a class='popup-button' href="#cite-popup">Cite</a>
+ <a class='popup-button' href="#download-popup">Download</a>
+ <h4>PDFs</h4>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Implicational_Logic/outline.pdf">Proof
+ outline</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Implicational_Logic/document.pdf">Proof
+ document</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Implicational_Logic/session_graph.pdf">Dependencies</a></nav>
+
+<div id="cite-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Cite</h2>
+ <a class="close" href="#">&times;</a>
+ <div>
+ <p style="display:none;" id="bibtex-filename">Implicational_Logic-AFP</p><pre id="copy-text">@article{Implicational_Logic-AFP,
+ author = {Asta Halkjær From and Jørgen Villadsen},
+ title = {Soundness and Completeness of Implicational Logic},
+ journal = {Archive of Formal Proofs},
+ month = {September},
+ year = {2022},
+ note = {\url{https://isa-afp.org/entries/Implicational_Logic.html},
+ Formal proof development},
+ ISSN = {2150-914x},
+}</pre>
+ <button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
+ </div>
+ </div>
+</div>
+
+<div id="download-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Download</h2>
+ <a class="close" href="#">&times;</a>
+ <a href="https://www.isa-afp.org/release//afp-Implicational_Logic-current.tar.gz" download>Download latest</a>
+
+ </div>
+</div>
+ </div>
+ </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/web/entries/Iptables_Semantics.html b/web/entries/Iptables_Semantics.html
--- a/web/entries/Iptables_Semantics.html
+++ b/web/entries/Iptables_Semantics.html
@@ -1,272 +1,272 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Iptables Semantics - Archive of Formal Proofs</title><meta name="description" content="We present a big step semantics of the filtering behavior of the Linux/netfilter iptables firewall. We provide algorithms to simplify complex iptables..."><meta property="og:title" content="Iptables Semantics" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Iptables_Semantics.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2016-09-09T00:00:00+00:00" />
<meta property="article:modified_time" content="2016-09-09T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Iptables Semantics"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>I</span>ptables <span class='first'>S</span>emantics</h1>
<div>
- <p><a href="../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a> and <a href="../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a>
+ <p><a href="../authors/diekmann">Cornelius Diekmann</a> <a href="http://net.in.tum.de/~diekmann">🌐</a> and <a href="../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a>
</p>
<p class="date">September 9, 2016</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">We present a big step semantics of the filtering behavior of the
Linux/netfilter iptables firewall. We provide algorithms to simplify
complex iptables rulests to a simple firewall model (c.f. AFP entry <a
href="https://www.isa-afp.org/entries/Simple_Firewall.html">Simple_Firewall</a>)
and to verify spoofing protection of a ruleset.
Internally, we embed our semantics into ternary logic, ultimately
supporting every iptables match condition by abstracting over
unknowns. Using this AFP entry and all entries it depends on, we
created an easy-to-use, stand-alone haskell tool called <a
href="http://iptables.isabelle.systems">fffuu</a>. The tool does not
require any input &mdash;except for the <tt>iptables-save</tt> dump of
the analyzed firewall&mdash; and presents interesting results about
the user's ruleset. Real-Word firewall errors have been uncovered, and
the correctness of rulesets has been proved, with the help of
our tool.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/computer-science/networks">Computer science/Networks</a></li></ul>
<h3>Theories of Iptables_Semantics</h3>
<ul>
<li><a href="../theories/iptables_semantics/#List_Misc">List_Misc</a></li>
<li><a href="../theories/iptables_semantics/#Negation_Type">Negation_Type</a></li>
<li><a href="../theories/iptables_semantics/#WordInterval_Lists">WordInterval_Lists</a></li>
<li><a href="../theories/iptables_semantics/#Repeat_Stabilize">Repeat_Stabilize</a></li>
<li><a href="../theories/iptables_semantics/#Firewall_Common">Firewall_Common</a></li>
<li><a href="../theories/iptables_semantics/#Semantics">Semantics</a></li>
<li><a href="../theories/iptables_semantics/#Matching">Matching</a></li>
<li><a href="../theories/iptables_semantics/#Ruleset_Update">Ruleset_Update</a></li>
<li><a href="../theories/iptables_semantics/#Call_Return_Unfolding">Call_Return_Unfolding</a></li>
<li><a href="../theories/iptables_semantics/#Ternary">Ternary</a></li>
<li><a href="../theories/iptables_semantics/#Matching_Ternary">Matching_Ternary</a></li>
<li><a href="../theories/iptables_semantics/#Semantics_Ternary">Semantics_Ternary</a></li>
<li><a href="../theories/iptables_semantics/#Datatype_Selectors">Datatype_Selectors</a></li>
<li><a href="../theories/iptables_semantics/#IpAddresses">IpAddresses</a></li>
<li><a href="../theories/iptables_semantics/#L4_Protocol_Flags">L4_Protocol_Flags</a></li>
<li><a href="../theories/iptables_semantics/#Ports">Ports</a></li>
<li><a href="../theories/iptables_semantics/#Conntrack_State">Conntrack_State</a></li>
<li><a href="../theories/iptables_semantics/#Tagged_Packet">Tagged_Packet</a></li>
<li><a href="../theories/iptables_semantics/#Common_Primitive_Syntax">Common_Primitive_Syntax</a></li>
<li><a href="../theories/iptables_semantics/#Unknown_Match_Tacs">Unknown_Match_Tacs</a></li>
<li><a href="../theories/iptables_semantics/#Common_Primitive_Matcher_Generic">Common_Primitive_Matcher_Generic</a></li>
<li><a href="../theories/iptables_semantics/#Common_Primitive_Matcher">Common_Primitive_Matcher</a></li>
<li><a href="../theories/iptables_semantics/#Example_Semantics">Example_Semantics</a></li>
<li><a href="../theories/iptables_semantics/#Alternative_Semantics">Alternative_Semantics</a></li>
<li><a href="../theories/iptables_semantics/#Semantics_Stateful">Semantics_Stateful</a></li>
<li><a href="../theories/iptables_semantics/#Semantics_Goto">Semantics_Goto</a></li>
<li><a href="../theories/iptables_semantics/#Negation_Type_DNF">Negation_Type_DNF</a></li>
<li><a href="../theories/iptables_semantics/#Matching_Embeddings">Matching_Embeddings</a></li>
<li><a href="../theories/iptables_semantics/#Fixed_Action">Fixed_Action</a></li>
<li><a href="../theories/iptables_semantics/#Normalized_Matches">Normalized_Matches</a></li>
<li><a href="../theories/iptables_semantics/#Negation_Type_Matching">Negation_Type_Matching</a></li>
<li><a href="../theories/iptables_semantics/#Primitive_Normalization">Primitive_Normalization</a></li>
<li><a href="../theories/iptables_semantics/#MatchExpr_Fold">MatchExpr_Fold</a></li>
<li><a href="../theories/iptables_semantics/#Common_Primitive_Lemmas">Common_Primitive_Lemmas</a></li>
<li><a href="../theories/iptables_semantics/#Ports_Normalize">Ports_Normalize</a></li>
<li><a href="../theories/iptables_semantics/#IpAddresses_Normalize">IpAddresses_Normalize</a></li>
<li><a href="../theories/iptables_semantics/#Interfaces_Normalize">Interfaces_Normalize</a></li>
<li><a href="../theories/iptables_semantics/#Word_Upto">Word_Upto</a></li>
<li><a href="../theories/iptables_semantics/#Protocols_Normalize">Protocols_Normalize</a></li>
<li><a href="../theories/iptables_semantics/#Remdups_Rev">Remdups_Rev</a></li>
<li><a href="../theories/iptables_semantics/#Ipassmt">Ipassmt</a></li>
<li><a href="../theories/iptables_semantics/#No_Spoof">No_Spoof</a></li>
<li><a href="../theories/iptables_semantics/#Common_Primitive_toString">Common_Primitive_toString</a></li>
<li><a href="../theories/iptables_semantics/#Routing_IpAssmt">Routing_IpAssmt</a></li>
<li><a href="../theories/iptables_semantics/#Output_Interface_Replace">Output_Interface_Replace</a></li>
<li><a href="../theories/iptables_semantics/#Interface_Replace">Interface_Replace</a></li>
<li><a href="../theories/iptables_semantics/#Optimizing">Optimizing</a></li>
<li><a href="../theories/iptables_semantics/#Transform">Transform</a></li>
<li><a href="../theories/iptables_semantics/#Conntrack_State_Transform">Conntrack_State_Transform</a></li>
<li><a href="../theories/iptables_semantics/#Primitive_Abstract">Primitive_Abstract</a></li>
<li><a href="../theories/iptables_semantics/#SimpleFw_Compliance">SimpleFw_Compliance</a></li>
<li><a href="../theories/iptables_semantics/#Semantics_Embeddings">Semantics_Embeddings</a></li>
<li><a href="../theories/iptables_semantics/#Iptables_Semantics">Iptables_Semantics</a></li>
<li><a href="../theories/iptables_semantics/#Code_Interface">Code_Interface</a></li>
<li><a href="../theories/iptables_semantics/#Parser6">Parser6</a></li>
<li><a href="../theories/iptables_semantics/#No_Spoof_Embeddings">No_Spoof_Embeddings</a></li>
<li><a href="../theories/iptables_semantics/#Parser">Parser</a></li>
<li><a href="../theories/iptables_semantics/#Code_haskell">Code_haskell</a></li>
<li><a href="../theories/iptables_semantics/#Access_Matrix_Embeddings">Access_Matrix_Embeddings</a></li>
<li><a href="../theories/iptables_semantics/#Documentation">Documentation</a></li></ul>
<h3>Theories of Iptables_Semantics_Examples</h3>
<ul>
<li><a href="../theories/iptables_semantics_examples/#Parser_Test">Parser_Test</a></li>
<li><a href="../theories/iptables_semantics_examples/#Parser6_Test">Parser6_Test</a></li>
<li><a href="../theories/iptables_semantics_examples/#Small_Examples">Small_Examples</a></li>
<li><a href="../theories/iptables_semantics_examples/#Ports_Fail">Ports_Fail</a></li>
<li><a href="../theories/iptables_semantics_examples/#Contrived_Example">Contrived_Example</a></li>
<li><a href="../theories/iptables_semantics_examples/#iptables_Ln_tuned_parsed">iptables_Ln_tuned_parsed</a></li>
<li><a href="../theories/iptables_semantics_examples/#Analyze_Synology_Diskstation">Analyze_Synology_Diskstation</a></li>
<li><a href="../theories/iptables_semantics_examples/#Analyze_Ringofsaturn_com">Analyze_Ringofsaturn_com</a></li>
<li><a href="../theories/iptables_semantics_examples/#Analyze_SQRL_Shorewall">Analyze_SQRL_Shorewall</a></li>
<li><a href="../theories/iptables_semantics_examples/#SQRL_2015_nospoof">SQRL_2015_nospoof</a></li>
<li><a href="../theories/iptables_semantics_examples/#SNS_IAS_Eduroam_Spoofing">SNS_IAS_Eduroam_Spoofing</a></li>
<li><a href="../theories/iptables_semantics_examples/#Analyze_medium_sized_company">Analyze_medium_sized_company</a></li></ul>
<h3>Theories of Iptables_Semantics_Examples_Big</h3>
<ul>
<li><a href="../theories/iptables_semantics_examples_big/#Analyze_topos_generated">Analyze_topos_generated</a></li>
<li><a href="../theories/iptables_semantics_examples_big/#IP_Address_Space_Examples_All_Small">IP_Address_Space_Examples_All_Small</a></li>
<li><a href="../theories/iptables_semantics_examples_big/#Analyze_TUM_Net_Firewall">Analyze_TUM_Net_Firewall</a></li>
<li><a href="../theories/iptables_semantics_examples_big/#Analyze_Containern">Analyze_Containern</a></li>
<li><a href="../theories/iptables_semantics_examples_big/#TUM_Spoofing_new3">TUM_Spoofing_new3</a></li>
<li><a href="../theories/iptables_semantics_examples_big/#TUM_Simple_FW">TUM_Simple_FW</a></li>
<li><a href="../theories/iptables_semantics_examples_big/#IP_Address_Space_Examples_All_Large">IP_Address_Space_Examples_All_Large</a></li></ul><div class="flex-wrap">
<div>
<h3>Depends On</h3>
<ul class="horizontal-list"><li><a href="../entries/Native_Word.html">Native Word</a></li><li><a href="../entries/Routing.html">Routing</a></li><li><a href="../entries/Iptables_Semantics.html">Iptables Semantics</a></li></ul>
</div><div>
<h3>Used by</h3>
<ul class="horizontal-list"><li><a href="../entries/LOFT.html">LOFT — Verified Migration of Linux Firewalls to SDN</a></li><li><a href="../entries/Iptables_Semantics.html">Iptables Semantics</a></li></ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Iptables_Semantics/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Iptables_Semantics/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Iptables_Semantics/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Iptables_Semantics-AFP</p><pre id="copy-text">@article{Iptables_Semantics-AFP,
author = {Cornelius Diekmann and Lars Hupel},
title = {Iptables Semantics},
journal = {Archive of Formal Proofs},
month = {September},
year = {2016},
note = {\url{https://isa-afp.org/entries/Iptables_Semantics.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Iptables_Semantics-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-Iptables_Semantics-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Iptables_Semantics-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Iptables_Semantics-2020-04-18.tar.gz">Apr 18, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-Iptables_Semantics-2019-06-11.tar.gz">Jun 11, 2019</a>: Isabelle2019
</li><li>
<a href="https://www.isa-afp.org/release/afp-Iptables_Semantics-2018-08-16.tar.gz">Aug 16, 2018</a>: Isabelle2018
</li><li>
<a href="https://www.isa-afp.org/release/afp-Iptables_Semantics-2017-10-10.tar.gz">Oct 10, 2017</a>: Isabelle2017
</li><li>
<a href="https://www.isa-afp.org/release/afp-Iptables_Semantics-2016-12-17.tar.gz">Dec 17, 2016</a>: Isabelle2016-1
</li><li>
<a href="https://www.isa-afp.org/release/afp-Iptables_Semantics-2016-09-09.tar.gz">Sep 9, 2016</a>: Isabelle2016
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Khovanskii_Theorem.html b/web/entries/Khovanskii_Theorem.html
--- a/web/entries/Khovanskii_Theorem.html
+++ b/web/entries/Khovanskii_Theorem.html
@@ -1,177 +1,176 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Khovanskii&#x27;s Theorem - Archive of Formal Proofs</title><meta name="description" content="We formalise the proof of an important theorem in additive
combinatorics due to Khovanskii, attesting that the cardinality of the
set of all sums of $n$..."><meta property="og:title" content="Khovanskii&amp;#x27;s Theorem" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Khovanskii_Theorem.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2022-09-02T00:00:00+00:00" />
<meta property="article:modified_time" content="2022-09-02T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Khovanskii&amp;#x27;s Theorem"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>K</span>hovanskii&#x27;s <span class='first'>T</span>heorem</h1>
<div>
<p><a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> <a href="https://www.cl.cam.ac.uk/~ak2110/">🌐</a> and <a href="../authors/paulson">Lawrence C. Paulson</a>
</p>
<p class="date">September 2, 2022</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">We formalise the proof of an important theorem in additive
combinatorics due to Khovanskii, attesting that the cardinality of the
set of all sums of $n$ many elements of $A$, where $A$ is a finite
subset of an abelian group, is a polynomial in $n$ for all
sufficiently large $n$. We follow a proof due to Nathanson and Ruzsa
as presented in the notes “Introduction to Additive Combinatorics” by
Timothy Gowers for the University of Cambridge.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/mathematics/combinatorics">Mathematics/Combinatorics</a></li></ul>
<h3>Theories of Khovanskii_Theorem</h3>
<ul>
<li><a href="../theories/khovanskii_theorem/#FiniteProduct">FiniteProduct</a></li>
- <li><a href="../theories/khovanskii_theorem/#For_2022">For_2022</a></li>
<li><a href="../theories/khovanskii_theorem/#Khovanskii">Khovanskii</a></li></ul><div class="flex-wrap">
<div>
<h3>Depends On</h3>
<ul class="horizontal-list"><li><a href="../entries/Bernoulli.html">Bernoulli Numbers</a></li><li><a href="../entries/Jacobson_Basic_Algebra.html">A Case Study in Basic Algebra</a></li><li><a href="../entries/Pluennecke_Ruzsa_Inequality.html">The Plünnecke-Ruzsa Inequality</a></li></ul>
</div>
<div>
<h3>Related Entries</h3>
<ul class="horizontal-list">
<li><a href="../entries/Padic_Ints.html">Hensel&rsquo;s Lemma for the p-adic Integers</a></li>
<li><a href="../entries/Banach_Steinhaus.html">Banach-Steinhaus Theorem</a></li>
</ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Khovanskii_Theorem/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Khovanskii_Theorem/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Khovanskii_Theorem/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Khovanskii_Theorem-AFP</p><pre id="copy-text">@article{Khovanskii_Theorem-AFP,
author = {Angeliki Koutsoukou-Argyraki and Lawrence C. Paulson},
title = {Khovanskii&#39;s Theorem},
journal = {Archive of Formal Proofs},
month = {September},
year = {2022},
note = {\url{https://isa-afp.org/entries/Khovanskii_Theorem.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Khovanskii_Theorem-current.tar.gz" download>Download latest</a>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Lazy_Case.html b/web/entries/Lazy_Case.html
--- a/web/entries/Lazy_Case.html
+++ b/web/entries/Lazy_Case.html
@@ -1,183 +1,183 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Lazifying case constants - Archive of Formal Proofs</title><meta name="description" content="Isabelle&#39;s code generator performs various adaptations for target languages. Among others, case statements are printed as match expressions. Internally,..."><meta property="og:title" content="Lazifying case constants" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Lazy_Case.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2017-04-18T00:00:00+00:00" />
<meta property="article:modified_time" content="2017-04-18T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Lazifying case constants"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>L</span>azifying <span class='first'>C</span>ase <span class='first'>C</span>onstants</h1>
<div>
- <p><a href="../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a>
+ <p><a href="../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a>
</p>
<p class="date">April 18, 2017</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">Isabelle's code generator performs various adaptations for target
languages. Among others, case statements are printed as match
expressions. Internally, this is a sophisticated procedure, because in
HOL, case statements are represented as nested calls to the case
combinators as generated by the datatype package. Furthermore, the
procedure relies on laziness of match expressions in the target
language, i.e., that branches guarded by patterns that fail to match
are not evaluated. Similarly, <tt>if-then-else</tt> is
printed to the corresponding construct in the target language. This
entry provides tooling to replace these special cases in the code
generator by ignoring these target language features, instead printing
case expressions and <tt>if-then-else</tt> as functions.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/tools">Tools</a></li></ul>
<h3>Theories of Lazy_Case</h3>
<ul>
<li><a href="../theories/lazy_case/#Lazy_Case">Lazy_Case</a></li>
<li><a href="../theories/lazy_case/#Test_Lazy_Case">Test_Lazy_Case</a></li></ul><div class="flex-wrap">
<div>
<h3>Used by</h3>
<ul class="horizontal-list"><li><a href="../entries/Dict_Construction.html">Dictionary Construction</a></li></ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Lazy_Case/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Lazy_Case/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Lazy_Case/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Lazy_Case-AFP</p><pre id="copy-text">@article{Lazy_Case-AFP,
author = {Lars Hupel},
title = {Lazifying case constants},
journal = {Archive of Formal Proofs},
month = {April},
year = {2017},
note = {\url{https://isa-afp.org/entries/Lazy_Case.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Lazy_Case-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-Lazy_Case-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Lazy_Case-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Lazy_Case-2020-04-18.tar.gz">Apr 18, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-Lazy_Case-2019-06-11.tar.gz">Jun 11, 2019</a>: Isabelle2019
</li><li>
<a href="https://www.isa-afp.org/release/afp-Lazy_Case-2018-08-16.tar.gz">Aug 16, 2018</a>: Isabelle2018
</li><li>
<a href="https://www.isa-afp.org/release/afp-Lazy_Case-2017-10-10.tar.gz">Oct 10, 2017</a>: Isabelle2017
</li><li>
<a href="https://www.isa-afp.org/release/afp-Lazy_Case-2017-04-20.tar.gz">Apr 20, 2017</a>: Isabelle2016-1
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Localization_Ring.html b/web/entries/Localization_Ring.html
--- a/web/entries/Localization_Ring.html
+++ b/web/entries/Localization_Ring.html
@@ -1,172 +1,175 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>The Localization of a Commutative Ring - Archive of Formal Proofs</title><meta name="description" content="We formalize the localization of a commutative ring R with respect to
a multiplicative subset (i.e. a submonoid of R seen as a
multiplicative monoid). This..."><meta property="og:title" content="The Localization of a Commutative Ring" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Localization_Ring.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2018-06-14T00:00:00+00:00" />
<meta property="article:modified_time" content="2018-06-14T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="The Localization of a Commutative Ring"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>T</span>he <span class='first'>L</span>ocalization of a <span class='first'>C</span>ommutative <span class='first'>R</span>ing</h1>
<div>
<p><a href="../authors/bordg">Anthony Bordg</a> <a href="https://sites.google.com/site/anthonybordg/">🌐</a>
</p>
<p class="date">June 14, 2018</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">We formalize the localization of a commutative ring R with respect to
a multiplicative subset (i.e. a submonoid of R seen as a
multiplicative monoid). This localization is itself a commutative ring
and we build the natural homomorphism of rings from R to its
localization.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/mathematics/algebra">Mathematics/Algebra</a></li></ul>
<h3>Theories of Localization_Ring</h3>
<ul>
<li><a href="../theories/localization_ring/#Localization">Localization</a></li></ul><div class="flex-wrap">
-
+ <div>
+ <h3>Used by</h3>
+ <ul class="horizontal-list"><li><a href="../entries/Padic_Field.html">p-adic Fields and p-adic Semialgebraic Sets</a></li></ul>
+ </div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Localization_Ring/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Localization_Ring/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Localization_Ring/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Localization_Ring-AFP</p><pre id="copy-text">@article{Localization_Ring-AFP,
author = {Anthony Bordg},
title = {The Localization of a Commutative Ring},
journal = {Archive of Formal Proofs},
month = {June},
year = {2018},
note = {\url{https://isa-afp.org/entries/Localization_Ring.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Localization_Ring-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-Localization_Ring-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Localization_Ring-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Localization_Ring-2020-04-20.tar.gz">Apr 20, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-Localization_Ring-2019-06-11.tar.gz">Jun 11, 2019</a>: Isabelle2019
</li><li>
<a href="https://www.isa-afp.org/release/afp-Localization_Ring-2018-08-16.tar.gz">Aug 16, 2018</a>: Isabelle2018
</li><li>
<a href="https://www.isa-afp.org/release/afp-Localization_Ring-2018-06-17.tar.gz">Jun 17, 2018</a>: Isabelle2017
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Padic_Field.html b/web/entries/Padic_Field.html
new file mode 100644
--- /dev/null
+++ b/web/entries/Padic_Field.html
@@ -0,0 +1,185 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>p-adic Fields and p-adic Semialgebraic Sets - Archive of Formal Proofs</title><meta name="description" content="The field of p-adic numbers for a prime integer p is constructed.
+Basic facts about p-adic topology including Hensel&#39;s Lemma are
+proved, building on a..."><meta property="og:title" content="p-adic Fields and p-adic Semialgebraic Sets" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/entries/Padic_Field.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
+<meta property="article:published_time" content="2022-09-22T00:00:00+00:00" />
+<meta property="article:modified_time" content="2022-09-22T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
+
+<meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="p-adic Fields and p-adic Semialgebraic Sets"/>
+<meta name="twitter:description" content=""/>
+
+
+ <link rel="stylesheet" type="text/css" href="../css/front.min.css">
+
+ <link rel="icon" href="../images/favicon.ico" type="image/icon">
+ <script>
+ MathJax = {
+ tex: {
+ inlineMath: [['$', '$'], ['\\(', '\\)']]
+ },
+ processEscapes: true,
+ svg: {
+ fontCache: 'global'
+ }
+ };
+ </script>
+ <script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
+ <script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
+ <script src="../js/flexsearch.bundle.js"></script>
+ <script src="../js/scroll-spy.js"></script>
+ <script src="../js/theory.js"></script>
+ <script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
+</head>
+
+
+<body class='mathjax_ignore '>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../" class='logo-link'>
+ <img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+
+ <a href="../search"><img src="../images/search.svg" alt="Search" /></a>
+ <nav id="menu">
+ <div>
+ <a href="../" class='logo-link'>
+ <img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+ <ul>
+ <a href="../"><li >Home</li></a>
+ <a href="../topics/"><li >Topics</li></a>
+ <a href="../download/"><li >Download</li></a>
+ <a href="../help/"><li >Help</li></a>
+ <a href="../submission/"><li >Submission</li></a>
+ <a href="../statistics/"><li >Statistics</li></a>
+ <a href="../about/"><li >About</li></a>
+ </ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+
+ <div
+ class='content entries'><header>
+ <form autocomplete="off" action="../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1 >
+ <span class='first'>P</span>-<span class='first'>A</span>dic <span class='first'>F</span>ields and <span class='first'>P</span>-<span class='first'>A</span>dic <span class='first'>S</span>emialgebraic <span class='first'>S</span>ets</h1>
+ <div>
+
+ <p><a href="../authors/crighton">Aaron Crighton</a>
+ </p>
+
+
+ <p class="date">September 22, 2022</p>
+
+ </div>
+</header><div><main><h3>Abstract</h3>
+
+ <div class="abstract mathjax_process">The field of p-adic numbers for a prime integer p is constructed.
+Basic facts about p-adic topology including Hensel's Lemma are
+proved, building on a prior submission by the author. The theory of
+semialgebraic sets and semialgebraic functions on cartesian powers of
+p-adic fields is also developed, following a formalization of these
+concepts due to Denef. This is done towards a formalization of
+Denef's proof of Macintyre's quantifier elimination theorem
+for p-adic fields. Theories developing general multivariable
+polynomial rings over a commutative ring are developed, as well as
+some general theory of cartesian powers of an arbitrary ring.</div>BSD License<h3>Topics</h3>
+ <ul><li><a href="../topics/mathematics/number-theory">Mathematics/Number theory</a></li><li><a href="../topics/mathematics/algebra">Mathematics/Algebra</a></li></ul>
+ <h3>Theories of Padic_Field</h3>
+ <ul>
+ <li><a href="../theories/padic_field/#Fraction_Field">Fraction_Field</a></li>
+ <li><a href="../theories/padic_field/#Cring_Multivariable_Poly">Cring_Multivariable_Poly</a></li>
+ <li><a href="../theories/padic_field/#Indices">Indices</a></li>
+ <li><a href="../theories/padic_field/#Ring_Powers">Ring_Powers</a></li>
+ <li><a href="../theories/padic_field/#Padic_Fields">Padic_Fields</a></li>
+ <li><a href="../theories/padic_field/#Padic_Field_Polynomials">Padic_Field_Polynomials</a></li>
+ <li><a href="../theories/padic_field/#Padic_Field_Topology">Padic_Field_Topology</a></li>
+ <li><a href="../theories/padic_field/#Generated_Boolean_Algebra">Generated_Boolean_Algebra</a></li>
+ <li><a href="../theories/padic_field/#Padic_Field_Powers">Padic_Field_Powers</a></li>
+ <li><a href="../theories/padic_field/#Padic_Semialgebraic_Function_Ring">Padic_Semialgebraic_Function_Ring</a></li></ul><div class="flex-wrap">
+ <div>
+ <h3>Depends On</h3>
+ <ul class="horizontal-list"><li><a href="../entries/Localization_Ring.html">The Localization of a Commutative Ring</a></li><li><a href="../entries/Padic_Ints.html">Hensel&rsquo;s Lemma for the p-adic Integers</a></li></ul>
+ </div>
+
+ <div>
+ <h3>Related Entries</h3>
+ <ul class="horizontal-list">
+
+ <li><a href="../entries/DPRM_Theorem.html">Diophantine Equations and the DPRM Theorem</a></li>
+
+ </ul>
+ </div>
+
+ </div>
+</main>
+
+<nav class='links'>
+ <a class='popup-button' href="#cite-popup">Cite</a>
+ <a class='popup-button' href="#download-popup">Download</a>
+ <h4>PDFs</h4>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Padic_Field/outline.pdf">Proof
+ outline</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Padic_Field/document.pdf">Proof
+ document</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Padic_Field/session_graph.pdf">Dependencies</a></nav>
+
+<div id="cite-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Cite</h2>
+ <a class="close" href="#">&times;</a>
+ <div>
+ <p style="display:none;" id="bibtex-filename">Padic_Field-AFP</p><pre id="copy-text">@article{Padic_Field-AFP,
+ author = {Aaron Crighton},
+ title = {p-adic Fields and p-adic Semialgebraic Sets},
+ journal = {Archive of Formal Proofs},
+ month = {September},
+ year = {2022},
+ note = {\url{https://isa-afp.org/entries/Padic_Field.html},
+ Formal proof development},
+ ISSN = {2150-914x},
+}</pre>
+ <button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
+ </div>
+ </div>
+</div>
+
+<div id="download-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Download</h2>
+ <a class="close" href="#">&times;</a>
+ <a href="https://www.isa-afp.org/release//afp-Padic_Field-current.tar.gz" download>Download latest</a>
+
+ </div>
+</div>
+ </div>
+ </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/web/entries/Padic_Ints.html b/web/entries/Padic_Ints.html
--- a/web/entries/Padic_Ints.html
+++ b/web/entries/Padic_Ints.html
@@ -1,176 +1,179 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Hensel&#39;s Lemma for the p-adic Integers - Archive of Formal Proofs</title><meta name="description" content="We formalize the ring of p-adic integers within the framework of the HOL-Algebra library. The carrier of the ring is formalized as the inverse limit of..."><meta property="og:title" content="Hensel&#39;s Lemma for the p-adic Integers" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Padic_Ints.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2021-03-23T00:00:00+00:00" />
<meta property="article:modified_time" content="2021-03-23T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Hensel&#39;s Lemma for the p-adic Integers"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>H</span>ensel's <span class='first'>L</span>emma for the <span class='first'>P</span>-<span class='first'>A</span>dic <span class='first'>I</span>ntegers</h1>
<div>
<p><a href="../authors/crighton">Aaron Crighton</a> <a class="obfuscated" data="eyJob3N0IjpbIm1jbWFzdGVyIiwiY2EiXSwidXNlciI6WyJjcmlnaHRvYSJdfQ==">📧</a>
</p>
<p class="date">March 23, 2021</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">We formalize the ring of <em>p</em>-adic integers within the framework of the
HOL-Algebra library. The carrier of the ring is formalized as the
inverse limit of quotients of the integers by powers of a fixed prime
<em>p</em>. We define an integer-valued valuation, as well as an
extended-integer valued valuation which sends 0 to the infinite
element. Basic topological facts about the <em>p</em>-adic integers are
formalized, including completeness and sequential compactness. Taylor
expansions of polynomials over a commutative ring are defined,
culminating in the formalization of Hensel's Lemma based on a
proof due to Keith Conrad.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/mathematics/number-theory">Mathematics/Number theory</a></li></ul>
<h3>Theories of Padic_Ints</h3>
<ul>
<li><a href="../theories/padic_ints/#Function_Ring">Function_Ring</a></li>
<li><a href="../theories/padic_ints/#Cring_Poly">Cring_Poly</a></li>
<li><a href="../theories/padic_ints/#Supplementary_Ring_Facts">Supplementary_Ring_Facts</a></li>
<li><a href="../theories/padic_ints/#Extended_Int">Extended_Int</a></li>
<li><a href="../theories/padic_ints/#Padic_Construction">Padic_Construction</a></li>
<li><a href="../theories/padic_ints/#Padic_Integers">Padic_Integers</a></li>
<li><a href="../theories/padic_ints/#Padic_Int_Topology">Padic_Int_Topology</a></li>
<li><a href="../theories/padic_ints/#Padic_Int_Polynomials">Padic_Int_Polynomials</a></li>
<li><a href="../theories/padic_ints/#Hensels_Lemma">Hensels_Lemma</a></li>
<li><a href="../theories/padic_ints/#Zp_Compact">Zp_Compact</a></li></ul><div class="flex-wrap">
-
+ <div>
+ <h3>Used by</h3>
+ <ul class="horizontal-list"><li><a href="../entries/Padic_Field.html">p-adic Fields and p-adic Semialgebraic Sets</a></li></ul>
+ </div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Padic_Ints/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Padic_Ints/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Padic_Ints/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Padic_Ints-AFP</p><pre id="copy-text">@article{Padic_Ints-AFP,
author = {Aaron Crighton},
title = {Hensel&#39;s Lemma for the p-adic Integers},
journal = {Archive of Formal Proofs},
month = {March},
year = {2021},
note = {\url{https://isa-afp.org/entries/Padic_Ints.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Padic_Ints-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-Padic_Ints-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Padic_Ints-2021-05-14.tar.gz">May 14, 2021</a>: Isabelle2021
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Public_Announcement_Logic.html b/web/entries/Public_Announcement_Logic.html
--- a/web/entries/Public_Announcement_Logic.html
+++ b/web/entries/Public_Announcement_Logic.html
@@ -1,176 +1,176 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Public Announcement Logic - Archive of Formal Proofs</title><meta name="description" content="This work is a formalization of public announcement logic with countably many agents. It includes proofs of soundness and completeness for a variant of the..."><meta property="og:title" content="Public Announcement Logic" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Public_Announcement_Logic.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2021-06-17T00:00:00+00:00" />
<meta property="article:modified_time" content="2021-06-17T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Public Announcement Logic"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>P</span>ublic <span class='first'>A</span>nnouncement <span class='first'>L</span>ogic</h1>
<div>
<p><a href="../authors/from">Asta Halkjær From</a> <a href="https://people.compute.dtu.dk/ahfrom/">🌐</a>
</p>
<p class="date">June 17, 2021</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">This work is a formalization of public announcement logic with
countably many agents. It includes proofs of soundness and
completeness for a variant of the axiom system PA + DIST! + NEC!. The
completeness proof builds on the Epistemic Logic theory.
-Paper: <a href="https://doi.org/10.1007/978-3-030-90138-7_2">https://doi.org/10.1007/978-3-030-90138-7_2</a>.</div>BSD License<h3>Topics</h3>
+Paper: <a href="https://doi.org/10.1007/978-3-030-90138-7_2">doi.org/10.1007/978-3-030-90138-7_2</a>.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/logic/general-logic/logics-of-knowledge-and-belief">Logic/General logic/Logics of knowledge and belief</a></li></ul>
<h3>Theories of Public_Announcement_Logic</h3>
<ul>
<li><a href="../theories/public_announcement_logic/#PAL">PAL</a></li></ul><div class="flex-wrap">
<div>
<h3>Depends On</h3>
<ul class="horizontal-list"><li><a href="../entries/Epistemic_Logic.html">Epistemic Logic: Completeness of Modal Logics</a></li></ul>
</div>
<div>
<h3>Related Entries</h3>
<ul class="horizontal-list">
<li><a href="../entries/PAL.html">Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL</a></li>
<li><a href="../entries/Verified-Prover.html">A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic</a></li>
</ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Public_Announcement_Logic/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Public_Announcement_Logic/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Public_Announcement_Logic/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Public_Announcement_Logic-AFP</p><pre id="copy-text">@article{Public_Announcement_Logic-AFP,
author = {Asta Halkjær From},
title = {Public Announcement Logic},
journal = {Archive of Formal Proofs},
month = {June},
year = {2021},
note = {\url{https://isa-afp.org/entries/Public_Announcement_Logic.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Public_Announcement_Logic-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-Public_Announcement_Logic-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Public_Announcement_Logic-2021-06-25.tar.gz">Jun 25, 2021</a>: Isabelle2021
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/ROBDD.html b/web/entries/ROBDD.html
--- a/web/entries/ROBDD.html
+++ b/web/entries/ROBDD.html
@@ -1,204 +1,204 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Algorithms for Reduced Ordered Binary Decision Diagrams - Archive of Formal Proofs</title><meta name="description" content="We present a verified and executable implementation of ROBDDs in
Isabelle/HOL. Our implementation relates pointer-based computation in
the Heap monad to..."><meta property="og:title" content="Algorithms for Reduced Ordered Binary Decision Diagrams" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/ROBDD.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2016-04-27T00:00:00+00:00" />
<meta property="article:modified_time" content="2016-04-27T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Algorithms for Reduced Ordered Binary Decision Diagrams"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>A</span>lgorithms for <span class='first'>R</span>educed <span class='first'>O</span>rdered <span class='first'>B</span>inary <span class='first'>D</span>ecision <span class='first'>D</span>iagrams</h1>
<div>
- <p><a href="../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a>, <a href="../authors/haslbeck">Max W. Haslbeck</a> <a href="http://cl-informatik.uibk.ac.at/users/mhaslbeck/">🌐</a>, <a href="../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../authors/hupel">Lars Hupel</a> <a href="https://www21.in.tum.de/~hupel/">🌐</a>
+ <p><a href="../authors/michaelis">Julius Michaelis</a> <a href="http://liftm.de/">🌐</a>, <a href="../authors/haslbeck">Max W. Haslbeck</a> <a href="http://cl-informatik.uibk.ac.at/users/mhaslbeck/">🌐</a>, <a href="../authors/lammich">Peter Lammich</a> <a href="http://www21.in.tum.de/~lammich">🌐</a> and <a href="../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a>
</p>
<p class="date">April 27, 2016</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">We present a verified and executable implementation of ROBDDs in
Isabelle/HOL. Our implementation relates pointer-based computation in
the Heap monad to operations on an abstract definition of boolean
functions. Internally, we implemented the if-then-else combinator in a
recursive fashion, following the Shannon decomposition of the argument
functions. The implementation mixes and adapts known techniques and is
built with efficiency in mind.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/computer-science/algorithms">Computer science/Algorithms</a></li><li><a href="../topics/computer-science/data-structures">Computer science/Data structures</a></li></ul>
<h3>Theories of ROBDD</h3>
<ul>
<li><a href="../theories/robdd/#Bool_Func">Bool_Func</a></li>
<li><a href="../theories/robdd/#BDT">BDT</a></li>
<li><a href="../theories/robdd/#Option_Helpers">Option_Helpers</a></li>
<li><a href="../theories/robdd/#Abstract_Impl">Abstract_Impl</a></li>
<li><a href="../theories/robdd/#Pointer_Map">Pointer_Map</a></li>
<li><a href="../theories/robdd/#Middle_Impl">Middle_Impl</a></li>
<li><a href="../theories/robdd/#Array_List">Array_List</a></li>
<li><a href="../theories/robdd/#Pointer_Map_Impl">Pointer_Map_Impl</a></li>
<li><a href="../theories/robdd/#Conc_Impl">Conc_Impl</a></li>
<li><a href="../theories/robdd/#Level_Collapse">Level_Collapse</a></li>
<li><a href="../theories/robdd/#BDD_Examples">BDD_Examples</a></li>
<li><a href="../theories/robdd/#BDD_Code">BDD_Code</a></li></ul><div class="flex-wrap">
<div>
<h3>Depends On</h3>
<ul class="horizontal-list"><li><a href="../entries/Automatic_Refinement.html">Automatic Data Refinement</a></li><li><a href="../entries/Collections.html">Collections Framework</a></li><li><a href="../entries/Native_Word.html">Native Word</a></li></ul>
</div><div>
<h3>Used by</h3>
<ul class="horizontal-list"><li><a href="../entries/Simplicial_complexes_and_boolean_functions.html">Simplicial Complexes and Boolean functions</a></li></ul>
</div>
<div>
<h3>Related Entries</h3>
<ul class="horizontal-list">
<li><a href="../entries/Simplicial_complexes_and_boolean_functions.html">Simplicial Complexes and Boolean functions</a></li>
</ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/ROBDD/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/ROBDD/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/ROBDD/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">ROBDD-AFP</p><pre id="copy-text">@article{ROBDD-AFP,
author = {Julius Michaelis and Max W. Haslbeck and Peter Lammich and Lars Hupel},
title = {Algorithms for Reduced Ordered Binary Decision Diagrams},
journal = {Archive of Formal Proofs},
month = {April},
year = {2016},
note = {\url{https://isa-afp.org/entries/ROBDD.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-ROBDD-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-ROBDD-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-ROBDD-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-ROBDD-2020-04-20.tar.gz">Apr 20, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-ROBDD-2019-06-11.tar.gz">Jun 11, 2019</a>: Isabelle2019
</li><li>
<a href="https://www.isa-afp.org/release/afp-ROBDD-2018-08-16.tar.gz">Aug 16, 2018</a>: Isabelle2018
</li><li>
<a href="https://www.isa-afp.org/release/afp-ROBDD-2017-10-10.tar.gz">Oct 10, 2017</a>: Isabelle2017
</li><li>
<a href="https://www.isa-afp.org/release/afp-ROBDD-2016-12-17.tar.gz">Dec 17, 2016</a>: Isabelle2016-1
</li><li>
<a href="https://www.isa-afp.org/release/afp-ROBDD-2016-04-27.tar.gz">Apr 27, 2016</a>: Isabelle2016
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Random_Graph_Subgraph_Threshold.html b/web/entries/Random_Graph_Subgraph_Threshold.html
--- a/web/entries/Random_Graph_Subgraph_Threshold.html
+++ b/web/entries/Random_Graph_Subgraph_Threshold.html
@@ -1,186 +1,186 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Properties of Random Graphs -- Subgraph Containment - Archive of Formal Proofs</title><meta name="description" content="Random graphs are graphs with a fixed number of vertices, where each edge is present with a fixed probability. We are interested in the probability that a..."><meta property="og:title" content="Properties of Random Graphs -- Subgraph Containment" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Random_Graph_Subgraph_Threshold.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2014-02-13T00:00:00+00:00" />
<meta property="article:modified_time" content="2014-02-13T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Properties of Random Graphs -- Subgraph Containment"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>P</span>roperties of <span class='first'>R</span>andom <span class='first'>G</span>raphs -- <span class='first'>S</span>ubgraph <span class='first'>C</span>ontainment</h1>
<div>
- <p><a href="../authors/hupel">Lars Hupel</a> <a class="obfuscated" data="eyJob3N0IjpbImluIiwidHVtIiwiZGUiXSwidXNlciI6WyJodXBlbCJdfQ==">📧</a>
+ <p><a href="../authors/hupel">Lars Hupel</a> <a href="https://lars.hupel.info/">🌐</a>
</p>
<p class="date">February 13, 2014</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">Random graphs are graphs with a fixed number of vertices, where each edge is present with a fixed probability. We are interested in the probability that a random graph contains a certain pattern, for example a cycle or a clique. A very high edge probability gives rise to perhaps too many edges (which degrades performance for many algorithms), whereas a low edge probability might result in a disconnected graph. We prove a theorem about a threshold probability such that a higher edge probability will asymptotically almost surely produce a random graph with the desired subgraph.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/mathematics/graph-theory">Mathematics/Graph theory</a></li><li><a href="../topics/mathematics/probability-theory">Mathematics/Probability theory</a></li></ul>
<h3>Theories of Random_Graph_Subgraph_Threshold</h3>
<ul>
<li><a href="../theories/random_graph_subgraph_threshold/#Ugraph_Misc">Ugraph_Misc</a></li>
<li><a href="../theories/random_graph_subgraph_threshold/#Prob_Lemmas">Prob_Lemmas</a></li>
<li><a href="../theories/random_graph_subgraph_threshold/#Ugraph_Lemmas">Ugraph_Lemmas</a></li>
<li><a href="../theories/random_graph_subgraph_threshold/#Ugraph_Properties">Ugraph_Properties</a></li>
<li><a href="../theories/random_graph_subgraph_threshold/#Subgraph_Threshold">Subgraph_Threshold</a></li></ul><div class="flex-wrap">
<div>
<h3>Depends On</h3>
<ul class="horizontal-list"><li><a href="../entries/Girth_Chromatic.html">A Probabilistic Proof of the Girth-Chromatic Number Theorem</a></li></ul>
</div><div>
<h3>Used by</h3>
<ul class="horizontal-list"><li><a href="../entries/Roth_Arithmetic_Progressions.html">Roth&rsquo;s Theorem on Arithmetic Progressions</a></li></ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Random_Graph_Subgraph_Threshold/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Random_Graph_Subgraph_Threshold/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Random_Graph_Subgraph_Threshold/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Random_Graph_Subgraph_Threshold-AFP</p><pre id="copy-text">@article{Random_Graph_Subgraph_Threshold-AFP,
author = {Lars Hupel},
title = {Properties of Random Graphs -- Subgraph Containment},
journal = {Archive of Formal Proofs},
month = {February},
year = {2014},
note = {\url{https://isa-afp.org/entries/Random_Graph_Subgraph_Threshold.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Random_Graph_Subgraph_Threshold-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-Random_Graph_Subgraph_Threshold-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Random_Graph_Subgraph_Threshold-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Random_Graph_Subgraph_Threshold-2020-04-20.tar.gz">Apr 20, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-Random_Graph_Subgraph_Threshold-2019-06-11.tar.gz">Jun 11, 2019</a>: Isabelle2019
</li><li>
<a href="https://www.isa-afp.org/release/afp-Random_Graph_Subgraph_Threshold-2018-08-16.tar.gz">Aug 16, 2018</a>: Isabelle2018
</li><li>
<a href="https://www.isa-afp.org/release/afp-Random_Graph_Subgraph_Threshold-2017-10-10.tar.gz">Oct 10, 2017</a>: Isabelle2017
</li><li>
<a href="https://www.isa-afp.org/release/afp-Random_Graph_Subgraph_Threshold-2016-12-17.tar.gz">Dec 17, 2016</a>: Isabelle2016-1
</li><li>
<a href="https://www.isa-afp.org/release/afp-Random_Graph_Subgraph_Threshold-2016-02-22.tar.gz">Feb 22, 2016</a>: Isabelle2016
</li><li>
<a href="https://www.isa-afp.org/release/afp-Random_Graph_Subgraph_Threshold-2015-05-27.tar.gz">May 27, 2015</a>: Isabelle2015
</li><li>
<a href="https://www.isa-afp.org/release/afp-Random_Graph_Subgraph_Threshold-2014-08-28.tar.gz">Aug 28, 2014</a>: Isabelle2014
</li><li>
<a href="https://www.isa-afp.org/release/afp-Random_Graph_Subgraph_Threshold-2014-02-14.tar.gz">Feb 14, 2014</a>: Isabelle2013-2
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Risk_Free_Lending.html b/web/entries/Risk_Free_Lending.html
new file mode 100644
--- /dev/null
+++ b/web/entries/Risk_Free_Lending.html
@@ -0,0 +1,169 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>Risk-Free Lending - Archive of Formal Proofs</title><meta name="description" content="We construct an abstract ledger supporting the risk-free lending protocol. The risk-free lending protocol is a system for issuing and exchanging novel..."><meta property="og:title" content="Risk-Free Lending" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/entries/Risk_Free_Lending.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
+<meta property="article:published_time" content="2022-09-18T00:00:00+00:00" />
+<meta property="article:modified_time" content="2022-09-18T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
+
+<meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Risk-Free Lending"/>
+<meta name="twitter:description" content=""/>
+
+
+ <link rel="stylesheet" type="text/css" href="../css/front.min.css">
+
+ <link rel="icon" href="../images/favicon.ico" type="image/icon">
+ <script>
+ MathJax = {
+ tex: {
+ inlineMath: [['$', '$'], ['\\(', '\\)']]
+ },
+ processEscapes: true,
+ svg: {
+ fontCache: 'global'
+ }
+ };
+ </script>
+ <script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
+ <script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
+ <script src="../js/flexsearch.bundle.js"></script>
+ <script src="../js/scroll-spy.js"></script>
+ <script src="../js/theory.js"></script>
+ <script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
+</head>
+
+
+<body class='mathjax_ignore '>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../" class='logo-link'>
+ <img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+
+ <a href="../search"><img src="../images/search.svg" alt="Search" /></a>
+ <nav id="menu">
+ <div>
+ <a href="../" class='logo-link'>
+ <img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+ <ul>
+ <a href="../"><li >Home</li></a>
+ <a href="../topics/"><li >Topics</li></a>
+ <a href="../download/"><li >Download</li></a>
+ <a href="../help/"><li >Help</li></a>
+ <a href="../submission/"><li >Submission</li></a>
+ <a href="../statistics/"><li >Statistics</li></a>
+ <a href="../about/"><li >About</li></a>
+ </ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+
+ <div
+ class='content entries'><header>
+ <form autocomplete="off" action="../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1 >
+ <span class='first'>R</span>isk-<span class='first'>F</span>ree <span class='first'>L</span>ending</h1>
+ <div>
+
+ <p><a href="../authors/doty">Matthew Doty</a> <a class="obfuscated" data="eyJob3N0IjpbInctZCIsIm9yZyJdLCJ1c2VyIjpbIm1hdHQiXX0=">📧</a>
+ </p>
+
+
+ <p class="date">September 18, 2022</p>
+
+ </div>
+</header><div><main><h3>Abstract</h3>
+
+ <div class="abstract mathjax_process">We construct an abstract ledger supporting the <em>risk-free
+lending</em> protocol. The risk-free lending protocol is a
+system for issuing and exchanging novel financial products we call
+<em>risk-free loan</em>. The system allows one party to
+lend money at 0&#37; APY to another party in exchange for a good
+or service. On every update of the ledger, accounts have interest
+distributed to them. Holders of lent assets keep interest accrued by
+those assets. After distributing interest, the system returns a fixed
+fraction of each loan. These fixed fractions determine <em>loan
+periods</em>. Loans for longer periods have a smaller fixed
+fraction returned. Loans may be re-lent or used as collateral for
+other loans. We give a sufficient criterion to enforce all accounts
+will forever be solvent. We give a protocol for maintaining this
+invariant when transferring or lending funds. We also show this
+invariant holds after update. Even though the system does not track
+counter-party obligations, we show that all credited and debited loans
+cancel and the monetary supply grows at a specified interest rate.</div>BSD License<h3>Topics</h3>
+ <ul><li><a href="../topics/mathematics/games-and-economics">Mathematics/Games and economics</a></li></ul>
+ <h3>Theories of Risk_Free_Lending</h3>
+ <ul>
+ <li><a href="../theories/risk_free_lending/#Risk_Free_Lending">Risk_Free_Lending</a></li></ul><div class="flex-wrap">
+
+
+ </div>
+</main>
+
+<nav class='links'>
+ <a class='popup-button' href="#cite-popup">Cite</a>
+ <a class='popup-button' href="#download-popup">Download</a>
+ <h4>PDFs</h4>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Risk_Free_Lending/outline.pdf">Proof
+ outline</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Risk_Free_Lending/document.pdf">Proof
+ document</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Risk_Free_Lending/session_graph.pdf">Dependencies</a></nav>
+
+<div id="cite-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Cite</h2>
+ <a class="close" href="#">&times;</a>
+ <div>
+ <p style="display:none;" id="bibtex-filename">Risk_Free_Lending-AFP</p><pre id="copy-text">@article{Risk_Free_Lending-AFP,
+ author = {Matthew Doty},
+ title = {Risk-Free Lending},
+ journal = {Archive of Formal Proofs},
+ month = {September},
+ year = {2022},
+ note = {\url{https://isa-afp.org/entries/Risk_Free_Lending.html},
+ Formal proof development},
+ ISSN = {2150-914x},
+}</pre>
+ <button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
+ </div>
+ </div>
+</div>
+
+<div id="download-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Download</h2>
+ <a class="close" href="#">&times;</a>
+ <a href="https://www.isa-afp.org/release//afp-Risk_Free_Lending-current.tar.gz" download>Download latest</a>
+
+ </div>
+</div>
+ </div>
+ </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/web/entries/Robbins-Conjecture.html b/web/entries/Robbins-Conjecture.html
--- a/web/entries/Robbins-Conjecture.html
+++ b/web/entries/Robbins-Conjecture.html
@@ -1,190 +1,190 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>A Complete Proof of the Robbins Conjecture - Archive of Formal Proofs</title><meta name="description" content="This document gives a formalization of the proof of the Robbins conjecture, following A. Mann, A Complete Proof of the Robbins Conjecture, 2003."><meta property="og:title" content="A Complete Proof of the Robbins Conjecture" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Robbins-Conjecture.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2010-05-22T00:00:00+00:00" />
<meta property="article:modified_time" content="2010-05-22T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="A Complete Proof of the Robbins Conjecture"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>A</span> <span class='first'>C</span>omplete <span class='first'>P</span>roof of the <span class='first'>R</span>obbins <span class='first'>C</span>onjecture</h1>
<div>
- <p><a href="../authors/doty">Matthew Wampler-Doty</a>
+ <p><a href="../authors/doty">Matthew Doty</a>
</p>
<p class="date">May 22, 2010</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">This document gives a formalization of the proof of the Robbins conjecture, following A. Mann, <i>A Complete Proof of the Robbins Conjecture</i>, 2003.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/mathematics/algebra">Mathematics/Algebra</a></li></ul>
<h3>Theories of Robbins-Conjecture</h3>
<ul>
<li><a href="../theories/robbins-conjecture/#Robbins_Conjecture">Robbins_Conjecture</a></li></ul><div class="flex-wrap">
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Robbins-Conjecture/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Robbins-Conjecture/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Robbins-Conjecture/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Robbins-Conjecture-AFP</p><pre id="copy-text">@article{Robbins-Conjecture-AFP,
- author = {Matthew Wampler-Doty},
+ author = {Matthew Doty},
title = {A Complete Proof of the Robbins Conjecture},
journal = {Archive of Formal Proofs},
month = {May},
year = {2010},
note = {\url{https://isa-afp.org/entries/Robbins-Conjecture.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Robbins-Conjecture-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-Robbins-Conjecture-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Robbins-Conjecture-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Robbins-Conjecture-2020-04-20.tar.gz">Apr 20, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-Robbins-Conjecture-2019-06-11.tar.gz">Jun 11, 2019</a>: Isabelle2019
</li><li>
<a href="https://www.isa-afp.org/release/afp-Robbins-Conjecture-2018-08-16.tar.gz">Aug 16, 2018</a>: Isabelle2018
</li><li>
<a href="https://www.isa-afp.org/release/afp-Robbins-Conjecture-2017-10-10.tar.gz">Oct 10, 2017</a>: Isabelle2017
</li><li>
<a href="https://www.isa-afp.org/release/afp-Robbins-Conjecture-2016-12-17.tar.gz">Dec 17, 2016</a>: Isabelle2016-1
</li><li>
<a href="https://www.isa-afp.org/release/afp-Robbins-Conjecture-2016-02-22.tar.gz">Feb 22, 2016</a>: Isabelle2016
</li><li>
<a href="https://www.isa-afp.org/release/afp-Robbins-Conjecture-2015-05-27.tar.gz">May 27, 2015</a>: Isabelle2015
</li><li>
<a href="https://www.isa-afp.org/release/afp-Robbins-Conjecture-2014-08-28.tar.gz">Aug 28, 2014</a>: Isabelle2014
</li><li>
<a href="https://www.isa-afp.org/release/afp-Robbins-Conjecture-2013-12-11.tar.gz">Dec 11, 2013</a>: Isabelle2013-2
</li><li>
<a href="https://www.isa-afp.org/release/afp-Robbins-Conjecture-2013-11-17.tar.gz">Nov 17, 2013</a>: Isabelle2013-1
</li><li>
<a href="https://www.isa-afp.org/release/afp-Robbins-Conjecture-2013-02-16.tar.gz">Feb 16, 2013</a>: Isabelle2013
</li><li>
<a href="https://www.isa-afp.org/release/afp-Robbins-Conjecture-2012-05-24.tar.gz">May 24, 2012</a>: Isabelle2012
</li><li>
<a href="https://www.isa-afp.org/release/afp-Robbins-Conjecture-2011-10-11.tar.gz">Oct 11, 2011</a>: Isabelle2011-1
</li><li>
<a href="https://www.isa-afp.org/release/afp-Robbins-Conjecture-2011-02-11.tar.gz">Feb 11, 2011</a>: Isabelle2011
</li><li>
<a href="https://www.isa-afp.org/release/afp-Robbins-Conjecture-2010-07-01.tar.gz">Jul 1, 2010</a>: Isabelle2009-2
</li><li>
<a href="https://www.isa-afp.org/release/afp-Robbins-Conjecture-2010-05-27.tar.gz">May 27, 2010</a>: Isabelle2009-1
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/SCC_Bloemen_Sequential.html b/web/entries/SCC_Bloemen_Sequential.html
new file mode 100644
--- /dev/null
+++ b/web/entries/SCC_Bloemen_Sequential.html
@@ -0,0 +1,157 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph - Archive of Formal Proofs</title><meta name="description" content="We prove the correctness of a sequential algorithm for computing
+maximal strongly connected components (SCCs) of a graph due to Vincent
+Bloemen."><meta property="og:title" content="Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/entries/SCC_Bloemen_Sequential.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
+<meta property="article:published_time" content="2022-08-17T00:00:00+00:00" />
+<meta property="article:modified_time" content="2022-08-17T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
+
+<meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph"/>
+<meta name="twitter:description" content=""/>
+
+
+ <link rel="stylesheet" type="text/css" href="../css/front.min.css">
+
+ <link rel="icon" href="../images/favicon.ico" type="image/icon">
+ <script>
+ MathJax = {
+ tex: {
+ inlineMath: [['$', '$'], ['\\(', '\\)']]
+ },
+ processEscapes: true,
+ svg: {
+ fontCache: 'global'
+ }
+ };
+ </script>
+ <script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
+ <script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
+ <script src="../js/flexsearch.bundle.js"></script>
+ <script src="../js/scroll-spy.js"></script>
+ <script src="../js/theory.js"></script>
+ <script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
+</head>
+
+
+<body class='mathjax_ignore '>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../" class='logo-link'>
+ <img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+
+ <a href="../search"><img src="../images/search.svg" alt="Search" /></a>
+ <nav id="menu">
+ <div>
+ <a href="../" class='logo-link'>
+ <img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+ <ul>
+ <a href="../"><li >Home</li></a>
+ <a href="../topics/"><li >Topics</li></a>
+ <a href="../download/"><li >Download</li></a>
+ <a href="../help/"><li >Help</li></a>
+ <a href="../submission/"><li >Submission</li></a>
+ <a href="../statistics/"><li >Statistics</li></a>
+ <a href="../about/"><li >About</li></a>
+ </ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+
+ <div
+ class='content entries'><header>
+ <form autocomplete="off" action="../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1 >
+ <span class='first'>C</span>orrectness of a <span class='first'>S</span>et-<span class='first'>B</span>ased <span class='first'>A</span>lgorithm for <span class='first'>C</span>omputing <span class='first'>S</span>trongly <span class='first'>C</span>onnected <span class='first'>C</span>omponents of a <span class='first'>G</span>raph</h1>
+ <div>
+
+ <p><a href="../authors/merz">Stephan Merz</a> <a class="obfuscated" data="eyJob3N0IjpbImxvcmlhIiwiZnIiXSwidXNlciI6WyJTdGVwaGFuIiwiTWVyeiJdfQ==">📧</a> and <a href="../authors/trelat">Vincent Trélat</a> <a class="obfuscated" data="eyJob3N0IjpbImRlcGluZm9uYW5jeSIsIm5ldCJdLCJ1c2VyIjpbInZpbmNlbnQiLCJ0cmVsYXQiXX0=">📧</a>
+ </p>
+
+
+ <p class="date">August 17, 2022</p>
+
+ </div>
+</header><div><main><h3>Abstract</h3>
+
+ <div class="abstract mathjax_process">We prove the correctness of a sequential algorithm for computing
+maximal strongly connected components (SCCs) of a graph due to Vincent
+Bloemen.</div>BSD License<h3>Topics</h3>
+ <ul><li><a href="../topics/computer-science/algorithms/graph">Computer science/Algorithms/Graph</a></li></ul>
+ <h3>Theories of SCC_Bloemen_Sequential</h3>
+ <ul>
+ <li><a href="../theories/scc_bloemen_sequential/#SCC_Bloemen_Sequential">SCC_Bloemen_Sequential</a></li></ul><div class="flex-wrap">
+
+
+ </div>
+</main>
+
+<nav class='links'>
+ <a class='popup-button' href="#cite-popup">Cite</a>
+ <a class='popup-button' href="#download-popup">Download</a>
+ <h4>PDFs</h4>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/SCC_Bloemen_Sequential/outline.pdf">Proof
+ outline</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/SCC_Bloemen_Sequential/document.pdf">Proof
+ document</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/SCC_Bloemen_Sequential/session_graph.pdf">Dependencies</a></nav>
+
+<div id="cite-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Cite</h2>
+ <a class="close" href="#">&times;</a>
+ <div>
+ <p style="display:none;" id="bibtex-filename">SCC_Bloemen_Sequential-AFP</p><pre id="copy-text">@article{SCC_Bloemen_Sequential-AFP,
+ author = {Stephan Merz and Vincent Trélat},
+ title = {Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph},
+ journal = {Archive of Formal Proofs},
+ month = {August},
+ year = {2022},
+ note = {\url{https://isa-afp.org/entries/SCC_Bloemen_Sequential.html},
+ Formal proof development},
+ ISSN = {2150-914x},
+}</pre>
+ <button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
+ </div>
+ </div>
+</div>
+
+<div id="download-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Download</h2>
+ <a class="close" href="#">&times;</a>
+ <a href="https://www.isa-afp.org/release//afp-SCC_Bloemen_Sequential-current.tar.gz" download>Download latest</a>
+
+ </div>
+</div>
+ </div>
+ </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/web/entries/Separata.html b/web/entries/Separata.html
--- a/web/entries/Separata.html
+++ b/web/entries/Separata.html
@@ -1,195 +1,197 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Separata: Isabelle tactics for Separation Algebra - Archive of Formal Proofs</title><meta name="description" content="We bring the labelled sequent calculus $LS_{PASL}$ for propositional
abstract separation logic to Isabelle. The tactics given here are
directly applied on..."><meta property="og:title" content="Separata: Isabelle tactics for Separation Algebra" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Separata.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2016-11-16T00:00:00+00:00" />
<meta property="article:modified_time" content="2016-11-16T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Separata: Isabelle tactics for Separation Algebra"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>S</span>eparata: <span class='first'>I</span>sabelle <span class='first'>T</span>actics for <span class='first'>S</span>eparation <span class='first'>A</span>lgebra</h1>
<div>
<p><a href="../authors/hou">Zhe Hou</a> <a class="obfuscated" data="eyJob3N0IjpbIm50dSIsImVkdSIsInNnIl0sInVzZXIiOlsiemhlIiwiaG91Il19">📧</a>, <a href="../authors/sanan">David Sanan</a> <a class="obfuscated" data="eyJob3N0IjpbIm50dSIsImVkdSIsInNnIl0sInVzZXIiOlsic2FuYW4iXX0=">📧</a>, <a href="../authors/tiu">Alwen Tiu</a> <a class="obfuscated" data="eyJob3N0IjpbIm50dSIsImVkdSIsInNnIl0sInVzZXIiOlsiQVRpdSJdfQ==">📧</a>, <a href="../authors/gore">Rajeev Gore</a> <a class="obfuscated" data="eyJob3N0IjpbImFudSIsImVkdSIsImF1Il0sInVzZXIiOlsicmFqZWV2IiwiZ29yZSJdfQ==">📧</a> and <a href="../authors/clouston">Ranald Clouston</a> <a class="obfuscated" data="eyJob3N0IjpbImNzIiwiYXUiLCJkayJdLCJ1c2VyIjpbInJhbmFsZCIsImNsb3VzdG9uIl19">📧</a>
</p>
<p class="date">November 16, 2016</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">We bring the labelled sequent calculus $LS_{PASL}$ for propositional
abstract separation logic to Isabelle. The tactics given here are
directly applied on an extension of the Separation Algebra in the AFP.
In addition to the cancellative separation algebra, we further
consider some useful properties in the heap model of separation logic,
such as indivisible unit, disjointness, and cross-split. The tactics
are essentially a proof search procedure for the calculus $LS_{PASL}$.
We wrap the tactics in an Isabelle method called separata, and give a
few examples of separation logic formulae which are provable by
separata.</div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/computer-science/programming-languages/logics">Computer science/Programming languages/Logics</a></li><li><a href="../topics/tools">Tools</a></li></ul>
<h3>Theories of Separata</h3>
<ul>
<li><a href="../theories/separata/#Separata">Separata</a></li></ul><div class="flex-wrap">
<div>
<h3>Depends On</h3>
<ul class="horizontal-list"><li><a href="../entries/Separation_Algebra.html">Separation Algebra</a></li></ul>
</div>
<div>
<h3>Related Entries</h3>
<ul class="horizontal-list">
+ <li><a href="../entries/Separation_Logic_Unbounded.html">Unbounded Separation Logic</a></li>
+
<li><a href="../entries/FOL_Seq_Calc2.html">A Sequent Calculus Prover for First-Order Logic with Functions</a></li>
<li><a href="../entries/Auto2_Imperative_HOL.html">Verifying Imperative Programs using Auto2</a></li>
</ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Separata/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Separata/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Separata/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Separata-AFP</p><pre id="copy-text">@article{Separata-AFP,
author = {Zhe Hou and David Sanan and Alwen Tiu and Rajeev Gore and Ranald Clouston},
title = {Separata: Isabelle tactics for Separation Algebra},
journal = {Archive of Formal Proofs},
month = {November},
year = {2016},
note = {\url{https://isa-afp.org/entries/Separata.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Separata-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-Separata-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Separata-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Separata-2020-04-20.tar.gz">Apr 20, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-Separata-2019-06-11.tar.gz">Jun 11, 2019</a>: Isabelle2019
</li><li>
<a href="https://www.isa-afp.org/release/afp-Separata-2018-08-16.tar.gz">Aug 16, 2018</a>: Isabelle2018
</li><li>
<a href="https://www.isa-afp.org/release/afp-Separata-2017-10-10.tar.gz">Oct 10, 2017</a>: Isabelle2017
</li><li>
<a href="https://www.isa-afp.org/release/afp-Separata-2016-12-17.tar.gz">Dec 17, 2016</a>: Isabelle2016-1
</li><li>
<a href="https://www.isa-afp.org/release/afp-Separata-2016-11-17.tar.gz">Nov 17, 2016</a>: Isabelle2016
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Separation_Logic_Unbounded.html b/web/entries/Separation_Logic_Unbounded.html
new file mode 100644
--- /dev/null
+++ b/web/entries/Separation_Logic_Unbounded.html
@@ -0,0 +1,187 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>Unbounded Separation Logic - Archive of Formal Proofs</title><meta name="description" content="Many separation logics support fractional permissions to distinguish between read and write access to a heap location, for instance, to allow concurrent..."><meta property="og:title" content="Unbounded Separation Logic" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/entries/Separation_Logic_Unbounded.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
+<meta property="article:published_time" content="2022-09-05T00:00:00+00:00" />
+<meta property="article:modified_time" content="2022-09-05T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
+
+<meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Unbounded Separation Logic"/>
+<meta name="twitter:description" content=""/>
+
+
+ <link rel="stylesheet" type="text/css" href="../css/front.min.css">
+
+ <link rel="icon" href="../images/favicon.ico" type="image/icon">
+ <script>
+ MathJax = {
+ tex: {
+ inlineMath: [['$', '$'], ['\\(', '\\)']]
+ },
+ processEscapes: true,
+ svg: {
+ fontCache: 'global'
+ }
+ };
+ </script>
+ <script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
+ <script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
+ <script src="../js/flexsearch.bundle.js"></script>
+ <script src="../js/scroll-spy.js"></script>
+ <script src="../js/theory.js"></script>
+ <script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
+</head>
+
+
+<body class='mathjax_ignore '>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../" class='logo-link'>
+ <img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+
+ <a href="../search"><img src="../images/search.svg" alt="Search" /></a>
+ <nav id="menu">
+ <div>
+ <a href="../" class='logo-link'>
+ <img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+ <ul>
+ <a href="../"><li >Home</li></a>
+ <a href="../topics/"><li >Topics</li></a>
+ <a href="../download/"><li >Download</li></a>
+ <a href="../help/"><li >Help</li></a>
+ <a href="../submission/"><li >Submission</li></a>
+ <a href="../statistics/"><li >Statistics</li></a>
+ <a href="../about/"><li >About</li></a>
+ </ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+
+ <div
+ class='content entries'><header>
+ <form autocomplete="off" action="../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1 >
+ <span class='first'>U</span>nbounded <span class='first'>S</span>eparation <span class='first'>L</span>ogic</h1>
+ <div>
+
+ <p><a href="../authors/dardinier">Thibault Dardinier</a> <a href="https://dardinier.me/">🌐</a>
+ </p>
+
+
+ <p class="date">September 5, 2022</p>
+
+ </div>
+</header><div><main><h3>Abstract</h3>
+
+ <div class="abstract mathjax_process">Many separation logics support fractional permissions to distinguish
+between read and write access to a heap location, for instance, to
+allow concurrent reads while enforcing exclusive writes. Fractional
+permissions extend to composite assertions such as (co)inductive
+predicates and magic wands by allowing those to be multiplied by a
+fraction. Typical separation logic proofs require that this
+multiplication has three key properties: it needs to distribute over
+assertions, it should permit fractions to be factored out from
+assertions, and two fractions of the same assertion should be
+combinable into one larger fraction. Existing formal semantics
+incorporating fractional assertions into a separation logic define
+multiplication semantically (via models), resulting in a semantics in
+which distributivity and combinability do not hold for key resource
+assertions such as magic wands, and fractions cannot be factored out
+from a separating conjunction. By contrast, existing automatic
+separation logic verifiers define multiplication syntactically,
+resulting in a different semantics for which it is unknown whether
+distributivity and combinability hold for all assertions. In this
+entry (which accompanies an <a
+href="https://dardinier.me/papers/multiplication.pdf">OOPSLA'22
+paper</a>), we present and formalize an unbounded version of
+separation logic, a novel semantics for separation logic assertions
+that allows states to hold more than a full permission to a heap
+location during the evaluation of an assertion. By reimposing upper
+bounds on the permissions held per location at statement boundaries,
+we retain key properties of separation logic, in particular, we prove
+that the frame rule still holds. We also prove that our assertion
+semantics unifies semantic and syntactic multiplication and thereby
+reconciles the discrepancy between separation logic theory and tools
+and enjoys distributivity, factorisability, and combinability.</div>BSD License<h3>Topics</h3>
+ <ul><li><a href="../topics/computer-science/programming-languages/logics">Computer science/Programming languages/Logics</a></li></ul>
+ <h3>Theories of Separation_Logic_Unbounded</h3>
+ <ul>
+ <li><a href="../theories/separation_logic_unbounded/#UnboundedLogic">UnboundedLogic</a></li>
+ <li><a href="../theories/separation_logic_unbounded/#Distributivity">Distributivity</a></li>
+ <li><a href="../theories/separation_logic_unbounded/#Combinability">Combinability</a></li>
+ <li><a href="../theories/separation_logic_unbounded/#FixedPoint">FixedPoint</a></li>
+ <li><a href="../theories/separation_logic_unbounded/#WandProperties">WandProperties</a></li>
+ <li><a href="../theories/separation_logic_unbounded/#AutomaticVerifiers">AutomaticVerifiers</a></li></ul><div class="flex-wrap">
+
+
+ </div>
+</main>
+
+<nav class='links'>
+ <a class='popup-button' href="#cite-popup">Cite</a>
+ <a class='popup-button' href="#download-popup">Download</a>
+ <h4>PDFs</h4>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Separation_Logic_Unbounded/outline.pdf">Proof
+ outline</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Separation_Logic_Unbounded/document.pdf">Proof
+ document</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Separation_Logic_Unbounded/session_graph.pdf">Dependencies</a></nav>
+
+<div id="cite-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Cite</h2>
+ <a class="close" href="#">&times;</a>
+ <div>
+ <p style="display:none;" id="bibtex-filename">Separation_Logic_Unbounded-AFP</p><pre id="copy-text">@article{Separation_Logic_Unbounded-AFP,
+ author = {Thibault Dardinier},
+ title = {Unbounded Separation Logic},
+ journal = {Archive of Formal Proofs},
+ month = {September},
+ year = {2022},
+ note = {\url{https://isa-afp.org/entries/Separation_Logic_Unbounded.html},
+ Formal proof development},
+ ISSN = {2150-914x},
+}</pre>
+ <button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
+ </div>
+ </div>
+</div>
+
+<div id="download-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Download</h2>
+ <a class="close" href="#">&times;</a>
+ <a href="https://www.isa-afp.org/release//afp-Separation_Logic_Unbounded-current.tar.gz" download>Download latest</a>
+
+ </div>
+</div>
+ </div>
+ </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/web/entries/SimplifiedOntologicalArgument.html b/web/entries/SimplifiedOntologicalArgument.html
--- a/web/entries/SimplifiedOntologicalArgument.html
+++ b/web/entries/SimplifiedOntologicalArgument.html
@@ -1,180 +1,179 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL - Archive of Formal Proofs</title><meta name="description" content="Simplified variants of Gödel&#39;s ontological argument are explored. Among those is a particularly interesting simplified argument which is (i) valid already..."><meta property="og:title" content="Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/SimplifiedOntologicalArgument.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2021-11-08T00:00:00+00:00" />
<meta property="article:modified_time" content="2021-11-08T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>E</span>xploring <span class='first'>S</span>implified <span class='first'>V</span>ariants of <span class='first'>G</span>ödel’s <span class='first'>O</span>ntological <span class='first'>A</span>rgument in <span class='first'>I</span>sabelle/<span class='first'>H</span><span class='first'>O</span><span class='first'>L</span></h1>
<div>
<p><a href="../authors/benzmueller">Christoph Benzmüller</a> <a href="http://christoph-benzmueller.de">🌐</a>
</p>
<p class="date">November 8, 2021</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process"><p>Simplified variants of Gödel's ontological argument are
explored. Among those is a particularly interesting simplified
argument which is (i) valid already in basic
modal logics K or KT, (ii) which does not suffer from modal collapse,
and (iii) which avoids the rather complex predicates of essence (Ess.)
and necessary existence (NE) as used by Gödel.
</p><p>
Whether the presented variants increase or decrease the
attractiveness and persuasiveness of the ontological argument is a
question I would like to pass on to philosophy and theology.
</p></div>BSD License<h3>Topics</h3>
<ul><li><a href="../topics/logic/philosophical-aspects">Logic/Philosophical aspects</a></li><li><a href="../topics/logic/general-logic/modal-logic">Logic/General logic/Modal logic</a></li></ul>
<h3>Theories of SimplifiedOntologicalArgument</h3>
<ul>
<li><a href="../theories/simplifiedontologicalargument/#HOML">HOML</a></li>
- <li><a href="../theories/simplifiedontologicalargument/#DisableKodkodScala">DisableKodkodScala</a></li>
<li><a href="../theories/simplifiedontologicalargument/#SimplifiedOntologicalArgument">SimplifiedOntologicalArgument</a></li>
<li><a href="../theories/simplifiedontologicalargument/#MFilter">MFilter</a></li>
<li><a href="../theories/simplifiedontologicalargument/#BaseDefs">BaseDefs</a></li>
<li><a href="../theories/simplifiedontologicalargument/#ScottVariant">ScottVariant</a></li>
<li><a href="../theories/simplifiedontologicalargument/#UFilterVariant">UFilterVariant</a></li>
<li><a href="../theories/simplifiedontologicalargument/#SimpleVariant">SimpleVariant</a></li>
<li><a href="../theories/simplifiedontologicalargument/#SimpleVariantPG">SimpleVariantPG</a></li>
<li><a href="../theories/simplifiedontologicalargument/#SimpleVariantSE">SimpleVariantSE</a></li>
<li><a href="../theories/simplifiedontologicalargument/#SimpleVariantSEinT">SimpleVariantSEinT</a></li>
<li><a href="../theories/simplifiedontologicalargument/#SimpleVariantHF">SimpleVariantHF</a></li>
<li><a href="../theories/simplifiedontologicalargument/#KanckosLethenNo2Possibilist">KanckosLethenNo2Possibilist</a></li></ul><div class="flex-wrap">
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/SimplifiedOntologicalArgument/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/SimplifiedOntologicalArgument/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/SimplifiedOntologicalArgument/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">SimplifiedOntologicalArgument-AFP</p><pre id="copy-text">@article{SimplifiedOntologicalArgument-AFP,
author = {Christoph Benzmüller},
title = {Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL},
journal = {Archive of Formal Proofs},
month = {November},
year = {2021},
note = {\url{https://isa-afp.org/entries/SimplifiedOntologicalArgument.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-SimplifiedOntologicalArgument-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-SimplifiedOntologicalArgument-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-SimplifiedOntologicalArgument-2021-11-26.tar.gz">Nov 26, 2021</a>: Isabelle2021
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Universal_Turing_Machine.html b/web/entries/Universal_Turing_Machine.html
--- a/web/entries/Universal_Turing_Machine.html
+++ b/web/entries/Universal_Turing_Machine.html
@@ -1,227 +1,228 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
- <meta name="viewport" content="width=device-width, initial-scale=1"><title>Universal Turing Machine - Archive of Formal Proofs</title><meta name="description" content="This entry formalises results from computability theory: recursive functions, undecidability of the halting problem, and the existence of a universal..."><meta property="og:title" content="Universal Turing Machine" />
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>Universal Turing Machine - Archive of Formal Proofs</title><meta name="description" content="This entry formalises results from computability theory, for example recursive functions, undecidability of the halting problem, the existence of a..."><meta property="og:title" content="Universal Turing Machine" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Universal_Turing_Machine.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2019-02-08T00:00:00+00:00" />
<meta property="article:modified_time" content="2019-02-08T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Universal Turing Machine"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>U</span>niversal <span class='first'>T</span>uring <span class='first'>M</span>achine</h1>
<div>
<p><a href="../authors/xu">Jian Xu</a>, <a href="../authors/zhangx">Xingyuan Zhang</a>, <a href="../authors/urban">Christian Urban</a> <a href="https://nms.kcl.ac.uk/christian.urban/">🌐</a>, <a href="../authors/joosten">Sebastiaan J. C. Joosten</a> <a href="https://sjcjoosten.nl/">🌐</a> and <a href="../authors/regensburger">Franz Regensburger</a> <a href="https://www.thi.de/suche/mitarbeiter/prof-dr-rer-nat-franz-regensburger">🌐</a>
</p>
<p class="date">February 8, 2019</p>
</div>
</header><div><main><h3>Abstract</h3>
- <div class="abstract mathjax_process">This entry formalises results from computability theory: recursive functions,
-undecidability of the halting problem, and the existence of a
-universal Turing machine. This formalisation is the AFP entry
+ <div class="abstract mathjax_process"><p>This entry formalises results from computability theory,
+for example recursive functions,
+undecidability of the halting problem, the existence of a
+universal Turing machine and so on. This formalisation is the AFP entry
corresponding to the paper Mechanising Turing Machines and Computability Theory
-in Isabelle/HOL, ITP 2013. The main book used for this formalisation is
-by Boolos, Burgess, and Jeffrey on <i>Computability and Logic</i>.
+in Isabelle/HOL from ITP 2013. The main book used for this formalisation is
+by Boolos, Burgess, and Jeffrey on <i>Computability and Logic</i>.</p>
-Joosten contributed mainly by making the files ready for the
-AFP. His need for a formalisation of Turing Machines arose from
+<p>Joosten contributed by making the files ready for the
+AFP in 2019. His need for a formalisation of Turing Machines arose from
realising that the current formalisation of saturation graphs
(also in the AFP) was missing a key undecidability result
-present in his paper on <i>Finding models through graph saturation</i>.
+present in his paper on <i>Finding models through graph saturation</i>.</p>
-Regensburger contributed by adding definitions for
+<p>Regensburger contributed in 2022 by adding definitions for
concepts like Turing Decidability, Turing Computability and Turing Reducibility
for problem reduction. He also enhanced the result about the
undecidability of the General Halting Problem given in the original AFP entry
by first proving the undecidability of the Special Halting Problem and then
proving its reducibility to the general problem. The original version of this
AFP entry did only prove a weak form of the undecidability theorem.
The main motivation behind this contribution is to make the AFP entry
-accessible for bachelor and master students.</div>BSD License<h3>Change history</h3><p>
+accessible for bachelor and master students.</p></div>BSD License<h3>Change history</h3><p>
<h4>September 7, 2022</h4>
Franz Regensburger added substantial material and made some modifications.<br>
</p><p>
<h4>January 16, 2019</h4>
Sebastiaan Joosten made the code ready for the AFP.<br>
</p><h3>Topics</h3>
<ul><li><a href="../topics/logic/computability">Logic/Computability</a></li><li><a href="../topics/computer-science/automata-and-formal-languages">Computer science/Automata and formal languages</a></li></ul>
<h3>Theories of Universal_Turing_Machine</h3>
<ul>
<li><a href="../theories/universal_turing_machine/#Turing">Turing</a></li>
<li><a href="../theories/universal_turing_machine/#Turing_aux">Turing_aux</a></li>
<li><a href="../theories/universal_turing_machine/#BlanksDoNotMatter">BlanksDoNotMatter</a></li>
<li><a href="../theories/universal_turing_machine/#ComposableTMs">ComposableTMs</a></li>
<li><a href="../theories/universal_turing_machine/#ComposedTMs">ComposedTMs</a></li>
<li><a href="../theories/universal_turing_machine/#Numerals">Numerals</a></li>
<li><a href="../theories/universal_turing_machine/#Numerals_Ex">Numerals_Ex</a></li>
<li><a href="../theories/universal_turing_machine/#Turing_Hoare">Turing_Hoare</a></li>
<li><a href="../theories/universal_turing_machine/#SemiIdTM">SemiIdTM</a></li>
<li><a href="../theories/universal_turing_machine/#Turing_HaltingConditions">Turing_HaltingConditions</a></li>
<li><a href="../theories/universal_turing_machine/#OneStrokeTM">OneStrokeTM</a></li>
<li><a href="../theories/universal_turing_machine/#WeakCopyTM">WeakCopyTM</a></li>
<li><a href="../theories/universal_turing_machine/#StrongCopyTM">StrongCopyTM</a></li>
<li><a href="../theories/universal_turing_machine/#TuringDecidable">TuringDecidable</a></li>
<li><a href="../theories/universal_turing_machine/#TuringReducible">TuringReducible</a></li>
<li><a href="../theories/universal_turing_machine/#SimpleGoedelEncoding">SimpleGoedelEncoding</a></li>
<li><a href="../theories/universal_turing_machine/#HaltingProblems_K_H">HaltingProblems_K_H</a></li>
<li><a href="../theories/universal_turing_machine/#HaltingProblems_K_aux">HaltingProblems_K_aux</a></li>
<li><a href="../theories/universal_turing_machine/#TuringComputable">TuringComputable</a></li>
<li><a href="../theories/universal_turing_machine/#DitherTM">DitherTM</a></li>
<li><a href="../theories/universal_turing_machine/#CopyTM">CopyTM</a></li>
<li><a href="../theories/universal_turing_machine/#TuringUnComputable_H2">TuringUnComputable_H2</a></li>
<li><a href="../theories/universal_turing_machine/#TuringUnComputable_H2_original">TuringUnComputable_H2_original</a></li>
<li><a href="../theories/universal_turing_machine/#Abacus_Mopup">Abacus_Mopup</a></li>
<li><a href="../theories/universal_turing_machine/#Abacus">Abacus</a></li>
<li><a href="../theories/universal_turing_machine/#Abacus_alt_Compile">Abacus_alt_Compile</a></li>
<li><a href="../theories/universal_turing_machine/#Abacus_Hoare">Abacus_Hoare</a></li>
<li><a href="../theories/universal_turing_machine/#Rec_Def">Rec_Def</a></li>
<li><a href="../theories/universal_turing_machine/#Rec_Ex">Rec_Ex</a></li>
<li><a href="../theories/universal_turing_machine/#Recursive">Recursive</a></li>
<li><a href="../theories/universal_turing_machine/#Recs_alt_Def">Recs_alt_Def</a></li>
<li><a href="../theories/universal_turing_machine/#Recs_alt_Ex">Recs_alt_Ex</a></li>
<li><a href="../theories/universal_turing_machine/#UF">UF</a></li>
<li><a href="../theories/universal_turing_machine/#UTM">UTM</a></li>
<li><a href="../theories/universal_turing_machine/#GeneratedCode">GeneratedCode</a></li></ul><div class="flex-wrap">
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Universal_Turing_Machine/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Universal_Turing_Machine/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Universal_Turing_Machine/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Universal_Turing_Machine-AFP</p><pre id="copy-text">@article{Universal_Turing_Machine-AFP,
author = {Jian Xu and Xingyuan Zhang and Christian Urban and Sebastiaan J. C. Joosten and Franz Regensburger},
title = {Universal Turing Machine},
journal = {Archive of Formal Proofs},
month = {February},
year = {2019},
note = {\url{https://isa-afp.org/entries/Universal_Turing_Machine.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Universal_Turing_Machine-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-Universal_Turing_Machine-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Universal_Turing_Machine-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Universal_Turing_Machine-2020-04-20.tar.gz">Apr 20, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-Universal_Turing_Machine-2019-06-11.tar.gz">Jun 11, 2019</a>: Isabelle2019
</li><li>
<a href="https://www.isa-afp.org/release/afp-Universal_Turing_Machine-2019-02-12.tar.gz">Feb 12, 2019</a>: Isabelle2018
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/index.html b/web/entries/index.html
--- a/web/entries/index.html
+++ b/web/entries/index.html
@@ -1,5027 +1,5062 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Archive of Formal Proofs</title><meta name="description" content=""><link rel="alternate" type="application/rss+xml" href="../entries/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="Entries" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/entries/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Entries"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>E</span>ntries</h1>
<div>
</div>
</header><div><h2 class="head">2022</h2><article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../entries/Padic_Field.html">p-adic Fields and p-adic Semialgebraic Sets</a></h5> <br>by <a href="../authors/crighton">Aaron Crighton</a></div>
+ <span class="date">
+ Sep 22
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../entries/Risk_Free_Lending.html">Risk-Free Lending</a></h5> <br>by <a href="../authors/doty">Matthew Doty</a></div>
+ <span class="date">
+ Sep 18
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../entries/Implicational_Logic.html">Soundness and Completeness of Implicational Logic</a></h5> <br>by <a href="../authors/from">Asta Halkjær From</a> and <a href="../authors/villadsen">Jørgen Villadsen</a></div>
+ <span class="date">
+ Sep 13
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../entries/CRYSTALS-Kyber.html">CRYSTALS-Kyber</a></h5> <br>by <a href="../authors/kreuzer">Katharina Kreuzer</a></div>
<span class="date">
Sep 08
</span>
</article>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../entries/Separation_Logic_Unbounded.html">Unbounded Separation Logic</a></h5> <br>by <a href="../authors/dardinier">Thibault Dardinier</a></div>
+ <span class="date">
+ Sep 05
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../entries/Hales_Jewett.html">The Hales–Jewett Theorem</a></h5> <br>by <a href="../authors/sulejmani">Ujkan Sulejmani</a>, <a href="../authors/eberl">Manuel Eberl</a> and <a href="../authors/kreuzer">Katharina Kreuzer</a></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Khovanskii_Theorem.html">Khovanskii&#39;s Theorem</a></h5> <br>by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Number_Theoretic_Transform.html">Number Theoretic Transform</a></h5> <br>by <a href="../authors/ammer">Thomas Ammer</a> and <a href="../authors/kreuzer">Katharina Kreuzer</a></div>
<span class="date">
Aug 18
</span>
</article>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../entries/SCC_Bloemen_Sequential.html">Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</a></h5> <br>by <a href="../authors/merz">Stephan Merz</a> and <a href="../authors/trelat">Vincent Trélat</a></div>
+ <span class="date">
+ Aug 17
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../entries/Involutions2Squares.html">From THE BOOK: Two Squares via Involutions</a></h5> <br>by <a href="../authors/bortin">Maksym Bortin</a></div>
<span class="date">
Aug 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FSM_Tests.html">Verified Complete Test Strategies for Finite State Machines</a></h5> <br>by <a href="../authors/sachtleben">Robert Sachtleben</a></div>
<span class="date">
Aug 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Nano_JSON.html">Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a></div>
<span class="date">
Jul 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Commuting_Hermitian.html">Simultaneous diagonalization of pairwise commuting Hermitian matrices</a></h5> <br>by <a href="../authors/echenim">Mnacho Echenim</a></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Solidity.html">Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</a></h5> <br>by <a href="../authors/marmsoler">Diego Marmsoler</a> and <a href="../authors/brucker">Achim D. Brucker</a></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Weighted_Arithmetic_Geometric_Mean.html">Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IMP_Compiler_Reuse.html">A Reuse-Based Multi-Stage Compiler Verification for Language IMP</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Jul 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Real_Time_Deque.html">Real-Time Double-Ended Queue</a></h5> <br>by <a href="../authors/toth">Balazs Toth</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Boolos_Curious_Inference.html">Boolos&#39;s Curious Inference in Isabelle/HOL</a></h5> <br>by <a href="../authors/ketland">Jeffrey Ketland</a></div>
<span class="date">
Jun 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IsaNet.html">IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols</a></h5> <br>by <a href="../authors/klenze">Tobias Klenze</a> and <a href="../authors/sprenger">Christoph Sprenger</a></div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Finite_Fields.html">Finite Fields</a></h5> <br>by <a href="../authors/karayel">Emin Karayel</a></div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DPRM_Theorem.html">Diophantine Equations and the DPRM Theorem</a></h5> <br>by <a href="../authors/bayer">Jonas Bayer</a>, <a href="../authors/david">Marco David</a>, <a href="../authors/stock">Benedikt Stock</a>, <a href="../authors/pal">Abhik Pal</a>, <a href="../authors/matiyasevich">Yuri Matiyasevich</a> and <a href="../authors/schleicher">Dierk Schleicher</a></div>
<span class="date">
Jun 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Rewrite_Properties_Reduction.html">Reducing Rewrite Properties to Properties on Ground Terms</a></h5> <br>by <a href="../authors/lochmann">Alexander Lochmann</a></div>
<span class="date">
Jun 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Combinable_Wands.html">A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</a></h5> <br>by <a href="../authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
May 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pluennecke_Ruzsa_Inequality.html">The Plünnecke-Ruzsa Inequality</a></h5> <br>by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
May 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Package_logic.html">Formalization of a Framework for the Sound Automation of Magic Wands</a></h5> <br>by <a href="../authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
May 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Clique_and_Monotone_Circuits.html">Clique is not solvable by monotone circuits of polynomial size</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fishers_Inequality.html">Fisher&#39;s Inequality: Linear Algebraic Proof Techniques for Combinatorics</a></h5> <br>by <a href="../authors/edmonds">Chelsea Edmonds</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Apr 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Multiset_Ordering_NPC.html">The Generalized Multiset Ordering is NP-Complete</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/schmidinger">Lukas Schmidinger</a></div>
<span class="date">
Apr 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Digit_Expansions.html">Digit Expansions</a></h5> <br>by <a href="../authors/bayer">Jonas Bayer</a>, <a href="../authors/david">Marco David</a>, <a href="../authors/pal">Abhik Pal</a> and <a href="../authors/stock">Benedikt Stock</a></div>
<span class="date">
Apr 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sophomores_Dream.html">The Sophomore&#39;s Dream</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Frequency_Moments.html">Formalization of Randomized Approximation Algorithms for Frequency Moments</a></h5> <br>by <a href="../authors/karayel">Emin Karayel</a></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Prefix_Free_Code_Combinators.html">A Combinator Library for Prefix-Free Codes</a></h5> <br>by <a href="../authors/karayel">Emin Karayel</a></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dedekind_Real.html">Constructing the Reals as Dedekind Cuts of Rationals</a></h5> <br>by <a href="../authors/fleuriot">Jacques D. Fleuriot</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Mar 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ackermanns_not_PR.html">Ackermann&#39;s Function Is Not Primitive Recursive</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FOL_Seq_Calc3.html">A Naive Prover for First-Order Logic</a></h5> <br>by <a href="../authors/from">Asta Halkjær From</a></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Cotangent_PFD_Formula.html">A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Independence_CH.html">The Independence of the Continuum Hypothesis in Isabelle/ZF</a></h5> <br>by <a href="../authors/gunther">Emmanuel Gunther</a>, <a href="../authors/pagano">Miguel Pagano</a>, <a href="../authors/terraf">Pedro Sánchez Terraf</a> and <a href="../authors/steinberg">Matías Steinberg</a></div>
<span class="date">
Mar 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Transitive_Models.html">Transitive Models of Fragments of ZFC</a></h5> <br>by <a href="../authors/gunther">Emmanuel Gunther</a>, <a href="../authors/pagano">Miguel Pagano</a>, <a href="../authors/terraf">Pedro Sánchez Terraf</a> and <a href="../authors/steinberg">Matías Steinberg</a></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ResiduatedTransitionSystem.html">Residuated Transition Systems</a></h5> <br>by <a href="../authors/stark">Eugene W. Stark</a></div>
<span class="date">
Feb 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Universal_Hash_Families.html">Universal Hash Families</a></h5> <br>by <a href="../authors/karayel">Emin Karayel</a></div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Wetzels_Problem.html">Wetzel&#39;s Problem and the Continuum Hypothesis</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Feb 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Eval_FO.html">First-Order Query Evaluation</a></h5> <br>by <a href="../authors/raszyk">Martin Raszyk</a></div>
<span class="date">
Feb 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/VYDRA_MDL.html">Multi-Head Monitoring of Metric Dynamic Logic</a></h5> <br>by <a href="../authors/raszyk">Martin Raszyk</a></div>
<span class="date">
Feb 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Equivalence_Relation_Enumeration.html">Enumeration of Equivalence Relations</a></h5> <br>by <a href="../authors/karayel">Emin Karayel</a></div>
<span class="date">
Feb 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Quasi_Borel_Spaces.html">Quasi-Borel Spaces</a></h5> <br>by <a href="../authors/hirata">Michikazu Hirata</a>, <a href="../authors/minamide">Yasuhiko Minamide</a> and <a href="../authors/sato">Tetsuya Sato</a></div>
<span class="date">
Feb 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LP_Duality.html">Duality of Linear Programming</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FO_Theory_Rewriting.html">First-Order Theory of Rewriting</a></h5> <br>by <a href="../authors/lochmann">Alexander Lochmann</a> and <a href="../authors/felgenhauer">Bertram Felgenhauer</a></div>
<span class="date">
Feb 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Youngs_Inequality.html">Young&#39;s Inequality for Increasing Functions</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FOL_Seq_Calc2.html">A Sequent Calculus Prover for First-Order Logic with Functions</a></h5> <br>by <a href="../authors/from">Asta Halkjær From</a> and <a href="../authors/jacobsen">Frederik Krogsdal Jacobsen</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Interpolation_Polynomials_HOL_Algebra.html">Interpolation Polynomials (in HOL-Algebra)</a></h5> <br>by <a href="../authors/karayel">Emin Karayel</a></div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Median_Method.html">Median Method</a></h5> <br>by <a href="../authors/karayel">Emin Karayel</a></div>
<span class="date">
Jan 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Actuarial_Mathematics.html">Actuarial Mathematics</a></h5> <br>by <a href="../authors/ito">Yosuke Ito</a></div>
<span class="date">
Jan 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Irrationals_From_THEBOOK.html">Irrational numbers from THE BOOK</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Jan 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Knights_Tour.html">Knight&#39;s Tour Revisited Revisited</a></h5> <br>by <a href="../authors/koller">Lukas Koller</a></div>
<span class="date">
Jan 04
</span>
</article>
<h2 class="head">2021</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hyperdual.html">Hyperdual Numbers and Forward Differentiation</a></h5> <br>by <a href="../authors/smola">Filip Smola</a> and <a href="../authors/fleuriot">Jacques D. Fleuriot</a></div>
<span class="date">
Dec 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gale_Shapley.html">Gale-Shapley Algorithm</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Dec 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Roth_Arithmetic_Progressions.html">Roth&#39;s Theorem on Arithmetic Progressions</a></h5> <br>by <a href="../authors/edmonds">Chelsea Edmonds</a>, <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MDP-Algorithms.html">Verified Algorithms for Solving Markov Decision Processes</a></h5> <br>by <a href="../authors/schaeffeler">Maximilian Schäffeler</a> and <a href="../authors/abdulaziz">Mohammad Abdulaziz</a></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MDP-Rewards.html">Markov Decision Processes with Rewards</a></h5> <br>by <a href="../authors/schaeffeler">Maximilian Schäffeler</a> and <a href="../authors/abdulaziz">Mohammad Abdulaziz</a></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Regular_Tree_Relations.html">Regular Tree Relations</a></h5> <br>by <a href="../authors/lochmann">Alexander Lochmann</a>, <a href="../authors/felgenhauer">Bertram Felgenhauer</a>, <a href="../authors/sternagel">Christian Sternagel</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/sternagelt">Thomas Sternagel</a></div>
<span class="date">
Dec 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Simplicial_complexes_and_boolean_functions.html">Simplicial Complexes and Boolean functions</a></h5> <br>by <a href="../authors/aransay">Jesús Aransay</a>, <a href="../authors/campo">Alejandro del Campo</a> and <a href="../authors/michaelis">Julius Michaelis</a></div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Van_Emde_Boas_Trees.html">van Emde Boas Trees</a></h5> <br>by <a href="../authors/ammer">Thomas Ammer</a> and <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Foundation_of_geometry.html">Foundation of geometry in planes, and some complements: Excluding the parallel axioms</a></h5> <br>by <a href="../authors/iwama">Fumiya Iwama</a></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hahn_Jordan_Decomposition.html">The Hahn and Jordan Decomposition Theorems</a></h5> <br>by <a href="../authors/cousin">Marie Cousin</a>, <a href="../authors/echenim">Mnacho Echenim</a> and <a href="../authors/guiol">Hervé Guiol</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Real_Power.html">Real Exponents as the Limits of Sequences of Rational Exponents</a></h5> <br>by <a href="../authors/fleuriot">Jacques D. Fleuriot</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Factor_Algebraic_Polynomial.html">Factorization of Polynomials with Algebraic Coefficients</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SimplifiedOntologicalArgument.html">Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</a></h5> <br>by <a href="../authors/benzmueller">Christoph Benzmüller</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PAL.html">Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL</a></h5> <br>by <a href="../authors/benzmueller">Christoph Benzmüller</a> and <a href="../authors/reiche">Sebastian Reiche</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Szemeredi_Regularity.html">Szemerédi&#39;s Regularity Lemma</a></h5> <br>by <a href="../authors/edmonds">Chelsea Edmonds</a>, <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Nov 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Registers.html">Quantum and Classical Registers</a></h5> <br>by <a href="../authors/unruh">Dominique Unruh</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Belief_Revision.html">Belief Revision Theory</a></h5> <br>by <a href="../authors/fouillard">Valentin Fouillard</a>, <a href="../authors/taha">Safouan Taha</a>, <a href="../authors/boulanger">Frédéric Boulanger</a> and <a href="../authors/sabouret">Nicolas Sabouret</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/X86_Semantics.html">X86 instruction semantics and basic block symbolic execution</a></h5> <br>by <a href="../authors/verbeek">Freek Verbeek</a>, <a href="../authors/bharadwaj">Abhijith Bharadwaj</a>, <a href="../authors/bockenek">Joshua Bockenek</a>, <a href="../authors/roessle">Ian Roessle</a>, <a href="../authors/weerwag">Timmy Weerwag</a> and <a href="../authors/ravindran">Binoy Ravindran</a></div>
<span class="date">
Oct 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Correctness_Algebras.html">Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Virtual_Substitution.html">Verified Quadratic Virtual Substitution for Real Arithmetic</a></h5> <br>by <a href="../authors/scharager">Matias Scharager</a>, <a href="../authors/cordwell">Katherine Cordwell</a>, <a href="../authors/mitsch">Stefan Mitsch</a> and <a href="../authors/platzer">André Platzer</a></div>
<span class="date">
Oct 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FOL_Axiomatic.html">Soundness and Completeness of an Axiomatic System for First-Order Logic</a></h5> <br>by <a href="../authors/from">Asta Halkjær From</a></div>
<span class="date">
Sep 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Complex_Bounded_Operators.html">Complex Bounded Operators</a></h5> <br>by <a href="../authors/caballero">José Manuel Rodríguez Caballero</a> and <a href="../authors/unruh">Dominique Unruh</a></div>
<span class="date">
Sep 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Weighted_Path_Order.html">A Formalization of Weighted Path Orders and Recursive Path Orders</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Intro_Dest_Elim.html">IDE: Introduction, Destruction, Elimination</a></h5> <br>by <a href="../authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Types_To_Sets_Extension.html">Extension of Types-To-Sets</a></h5> <br>by <a href="../authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Conditional_Transfer_Rule.html">Conditional Transfer Rule</a></h5> <br>by <a href="../authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Conditional_Simplification.html">Conditional Simplification</a></h5> <br>by <a href="../authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CZH_Universal_Constructions.html">Category Theory for ZFC in HOL III: Universal Constructions</a></h5> <br>by <a href="../authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CZH_Elementary_Categories.html">Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories</a></h5> <br>by <a href="../authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CZH_Foundations.html">Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories</a></h5> <br>by <a href="../authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dominance_CHK.html">A data flow analysis algorithm for computing dominators</a></h5> <br>by <a href="../authors/jiang">Nan Jiang</a></div>
<span class="date">
Sep 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Cubic_Quartic_Equations.html">Solving Cubic and Quartic Equations</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Sep 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Logging_Independent_Anonymity.html">Logging-independent Message Anonymity in the Relational Method</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Three_Circles.html">The Theorem of Three Circles</a></h5> <br>by <a href="../authors/thomson">Fox Thomson</a> and <a href="../authors/li">Wenda Li</a></div>
<span class="date">
Aug 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fresh_Identifiers.html">Fresh identifiers</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/bauereiss">Thomas Bauereiss</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CoSMeDis.html">CoSMeDis: A confidentiality-verified distributed social media platform</a></h5> <br>by <a href="../authors/bauereiss">Thomas Bauereiss</a> and <a href="../authors/popescu">Andrei Popescu</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CoSMed.html">CoSMed: A confidentiality-verified social media platform</a></h5> <br>by <a href="../authors/bauereiss">Thomas Bauereiss</a> and <a href="../authors/popescu">Andrei Popescu</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BD_Security_Compositional.html">Compositional BD Security</a></h5> <br>by <a href="../authors/bauereiss">Thomas Bauereiss</a> and <a href="../authors/popescu">Andrei Popescu</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CoCon.html">CoCon: A Confidentiality-Verified Conference Management System</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a>, <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/bauereiss">Thomas Bauereiss</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Design_Theory.html">Combinatorial Design Theory</a></h5> <br>by <a href="../authors/edmonds">Chelsea Edmonds</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Aug 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relational_Forests.html">Relational Forests</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Aug 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Schutz_Spacetime.html">Schutz&#39; Independent Axioms for Minkowski Spacetime</a></h5> <br>by <a href="../authors/schmoetten">Richard Schmoetten</a>, <a href="../authors/palmer">Jake Palmer</a> and <a href="../authors/fleuriot">Jacques D. Fleuriot</a></div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Finitely_Generated_Abelian_Groups.html">Finitely Generated Abelian Groups</a></h5> <br>by <a href="../authors/thommes">Joseph Thommes</a> and <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SpecCheck.html">SpecCheck - Specification-Based Testing for Isabelle/ML</a></h5> <br>by <a href="../authors/kappelmann">Kevin Kappelmann</a>, <a href="../authors/bulwahn">Lukas Bulwahn</a> and <a href="../authors/willenbrink">Sebastian Willenbrink</a></div>
<span class="date">
Jul 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Van_der_Waerden.html">Van der Waerden&#39;s Theorem</a></h5> <br>by <a href="../authors/kreuzer">Katharina Kreuzer</a> and <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jun 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MiniSail.html">MiniSail - A kernel language for the ISA specification language SAIL</a></h5> <br>by <a href="../authors/wassell">Mark Wassell</a></div>
<span class="date">
Jun 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Public_Announcement_Logic.html">Public Announcement Logic</a></h5> <br>by <a href="../authors/from">Asta Halkjær From</a></div>
<span class="date">
Jun 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IMP_Compiler.html">A Shorter Compiler Correctness Proof for Language IMP</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Combinatorics_Words_Lyndon.html">Lyndon words</a></h5> <br>by <a href="../authors/holub">Štěpán Holub</a> and <a href="../authors/starosta">Štěpán Starosta</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Combinatorics_Words_Graph_Lemma.html">Graph Lemma</a></h5> <br>by <a href="../authors/holub">Štěpán Holub</a> and <a href="../authors/starosta">Štěpán Starosta</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Combinatorics_Words.html">Combinatorics on Words Basics</a></h5> <br>by <a href="../authors/holub">Štěpán Holub</a>, <a href="../authors/raska">Martin Raška</a> and <a href="../authors/starosta">Štěpán Starosta</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Regression_Test_Selection.html">Regression Test Selection</a></h5> <br>by <a href="../authors/mansky">Susannah Mansky</a></div>
<span class="date">
Apr 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lifting_the_Exponent.html">Lifting the Exponent</a></h5> <br>by <a href="../authors/kadzioka">Maya Kądziołka</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Metalogic_ProofChecker.html">Isabelle&#39;s Metalogic: Formalization and Proof Checker</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a> and <a href="../authors/rosskopf">Simon Roßkopf</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BenOr_Kozen_Reif.html">The BKR Decision Procedure for Univariate Real Arithmetic</a></h5> <br>by <a href="../authors/cordwell">Katherine Cordwell</a>, <a href="../authors/tan">Yong Kiam Tan</a> and <a href="../authors/platzer">André Platzer</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/GaleStewart_Games.html">Gale-Stewart Games</a></h5> <br>by <a href="../authors/joosten">Sebastiaan J. C. Joosten</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Progress_Tracking.html">Formalization of Timely Dataflow&#39;s Progress Tracking Protocol</a></h5> <br>by <a href="../authors/brun">Matthias Brun</a>, <a href="../authors/decova">Sára Decova</a>, <a href="../authors/lattuada">Andrea Lattuada</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IFC_Tracking.html">Information Flow Control via Dependency Tracking</a></h5> <br>by <a href="../authors/nordhoff">Benedikt Nordhoff</a></div>
<span class="date">
Apr 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Grothendieck_Schemes.html">Grothendieck&#39;s Schemes in Algebraic Geometry</a></h5> <br>by <a href="../authors/bordg">Anthony Bordg</a>, <a href="../authors/paulson">Lawrence C. Paulson</a> and <a href="../authors/li">Wenda Li</a></div>
<span class="date">
Mar 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Padic_Ints.html">Hensel&#39;s Lemma for the p-adic Integers</a></h5> <br>by <a href="../authors/crighton">Aaron Crighton</a></div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Constructive_Cryptography_CM.html">Constructive Cryptography in HOL: the Communication Modeling Aspect</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Mar 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Modular_arithmetic_LLL_and_HNF_algorithms.html">Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation</a></h5> <br>by <a href="../authors/bottesch">Ralph Bottesch</a>, <a href="../authors/divason">Jose Divasón</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hermite_Lindemann.html">The Hermite–Lindemann–Weierstraß Transcendence Theorem</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Projective_Measurements.html">Quantum projective measurements and the CHSH inequality</a></h5> <br>by <a href="../authors/echenim">Mnacho Echenim</a></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Mereology.html">Mereology</a></h5> <br>by <a href="../authors/blumson">Ben Blumson</a></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sunflowers.html">The Sunflower Lemma of Erdős and Rado</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BTree.html">A Verified Imperative Implementation of B-Trees</a></h5> <br>by <a href="../authors/muendler">Niels Mündler</a></div>
<span class="date">
Feb 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Formal_Puiseux_Series.html">Formal Puiseux Series</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Laws_of_Large_Numbers.html">The Laws of Large Numbers</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IsaGeoCoq.html">Tarski&#39;s Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid</a></h5> <br>by <a href="../authors/coghetto">Roland Coghetto</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Blue_Eyes.html">Solution to the xkcd Blue Eyes puzzle</a></h5> <br>by <a href="../authors/kadzioka">Maya Kądziołka</a></div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hood_Melville_Queue.html">Hood-Melville Queue</a></h5> <br>by <a href="../authors/londono">Alejandro Gómez-Londoño</a></div>
<span class="date">
Jan 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/JinjaDCI.html">JinjaDCI: a Java semantics with dynamic class initialization</a></h5> <br>by <a href="../authors/mansky">Susannah Mansky</a></div>
<span class="date">
Jan 11
</span>
</article>
<h2 class="head">2020</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Delta_System_Lemma.html">Cofinality and the Delta System Lemma</a></h5> <br>by <a href="../authors/terraf">Pedro Sánchez Terraf</a></div>
<span class="date">
Dec 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Topological_Semantics.html">Topological semantics for paraconsistent and paracomplete logics</a></h5> <br>by <a href="../authors/fuenmayor">David Fuenmayor</a></div>
<span class="date">
Dec 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relational_Minimum_Spanning_Trees.html">Relational Minimum Spanning Tree Algorithms</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a> and <a href="../authors/brien">Nicolas Robinson-O&rsquo;Brien</a></div>
<span class="date">
Dec 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Interpreter_Optimizations.html">Inline Caching and Unboxing Optimization for Interpreters</a></h5> <br>by <a href="../authors/desharnais">Martin Desharnais</a></div>
<span class="date">
Dec 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relational_Method.html">The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Dec 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Isabelle_Marries_Dirac.html">Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information</a></h5> <br>by <a href="../authors/bordg">Anthony Bordg</a>, <a href="../authors/lachnitt">Hanna Lachnitt</a> and <a href="../authors/he">Yijun He</a></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CSP_RefTK.html">The HOL-CSP Refinement Toolkit</a></h5> <br>by <a href="../authors/taha">Safouan Taha</a>, <a href="../authors/wolff">Burkhart Wolff</a> and <a href="../authors/ye">Lina Ye</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Verified_SAT_Based_AI_Planning.html">Verified SAT-Based AI Planning</a></h5> <br>by <a href="../authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="../authors/kurz">Friedrich Kurz</a></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AI_Planning_Languages_Semantics.html">AI Planning Languages Semantics</a></h5> <br>by <a href="../authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Physical_Quantities.html">A Sound Type System for Physical Quantities, Units, and Measurements</a></h5> <br>by <a href="../authors/fosters">Simon Foster</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Oct 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Finite-Map-Extras.html">Finite Map Extras</a></h5> <br>by <a href="../authors/diaz">Javier Díaz</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Core_SC_DOM.html">The Safely Composable DOM</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DOM_Components.html">A Formalization of Web Components</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SC_DOM_Components.html">A Formalization of Safely Composable Web Components</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Shadow_SC_DOM.html">A Formal Model of the Safely Composable Document Object Model with Shadow Roots</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Shadow_DOM.html">A Formal Model of the Document Object Model with Shadow Roots</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Syntax_Independent_Logic.html">Syntax-Independent Logic Infrastructure</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Robinson_Arithmetic.html">Robinson Arithmetic</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Goedel_HFSet_Semanticless.html">From Abstract to Concrete Gödel&#39;s Incompleteness Theorems—Part II</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Goedel_HFSet_Semantic.html">From Abstract to Concrete Gödel&#39;s Incompleteness Theorems—Part I</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Goedel_Incompleteness.html">An Abstract Formalization of Gödel&#39;s Incompleteness Theorems</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Extended_Finite_State_Machine_Inference.html">Inference of Extended Finite State Machines</a></h5> <br>by <a href="../authors/foster">Michael Foster</a>, <a href="../authors/brucker">Achim D. Brucker</a>, <a href="../authors/taylor">Ramsay G. Taylor</a> and <a href="../authors/derrick">John Derrick</a></div>
<span class="date">
Sep 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Extended_Finite_State_Machines.html">A Formal Model of Extended Finite State Machines</a></h5> <br>by <a href="../authors/foster">Michael Foster</a>, <a href="../authors/brucker">Achim D. Brucker</a>, <a href="../authors/taylor">Ramsay G. Taylor</a> and <a href="../authors/derrick">John Derrick</a></div>
<span class="date">
Sep 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Inductive_Inference.html">Some classical results in inductive inference of recursive functions</a></h5> <br>by <a href="../authors/balbach">Frank J. Balbach</a></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PAC_Checker.html">Practical Algebraic Calculus Checker</a></h5> <br>by <a href="../authors/fleury">Mathias Fleury</a> and <a href="../authors/kaufmann">Daniela Kaufmann</a></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relational_Disjoint_Set_Forests.html">Relational Disjoint-Set Forests</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BirdKMP.html">Putting the `K&#39; into Bird&#39;s derivation of Knuth-Morris-Pratt string matching</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Saturation_Framework_Extensions.html">Extensions to the Comprehensive Framework for Saturation Theorem Proving</a></h5> <br>by <a href="../authors/blanchette">Jasmin Christian Blanchette</a> and <a href="../authors/tourret">Sophie Tourret</a></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Amicable_Numbers.html">Amicable Numbers</a></h5> <br>by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a></div>
<span class="date">
Aug 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ordinal_Partitions.html">Ordinal Partitions</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Aug 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Chandy_Lamport.html">A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm</a></h5> <br>by <a href="../authors/fiedler">Ben Fiedler</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relational_Paths.html">Relational Characterisations of Paths</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a> and <a href="../authors/hoefner">Peter Höfner</a></div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Safe_Distance.html">A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles</a></h5> <br>by <a href="../authors/rizaldi">Albert Rizaldi</a> and <a href="../authors/immler">Fabian Immler</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Smith_Normal_Form.html">A verified algorithm for computing the Smith normal form of a matrix</a></h5> <br>by <a href="../authors/divason">Jose Divasón</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Nash_Williams.html">The Nash-Williams Partition Theorem</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
May 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Knuth_Bendix_Order.html">A Formalization of Knuth–Bendix Orders</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
May 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Irrational_Series_Erdos_Straus.html">Irrationality Criteria for Series by Erdős and Straus</a></h5> <br>by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/li">Wenda Li</a></div>
<span class="date">
May 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Recursion-Addition.html">Recursion Theorem in ZF</a></h5> <br>by <a href="../authors/dunaev">Georgy Dunaev</a></div>
<span class="date">
May 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LTL_Normal_Form.html">An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</a></h5> <br>by <a href="../authors/sickert">Salomon Sickert</a></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Forcing.html">Formalization of Forcing in Isabelle/ZF</a></h5> <br>by <a href="../authors/gunther">Emmanuel Gunther</a>, <a href="../authors/pagano">Miguel Pagano</a> and <a href="../authors/terraf">Pedro Sánchez Terraf</a></div>
<span class="date">
May 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Banach_Steinhaus.html">Banach-Steinhaus Theorem</a></h5> <br>by <a href="../authors/unruh">Dominique Unruh</a> and <a href="../authors/caballero">José Manuel Rodríguez Caballero</a></div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Attack_Trees.html">Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems</a></h5> <br>by <a href="../authors/kammueller">Florian Kammüller</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lambert_W.html">The Lambert W Function on the Reals</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Power_Sum_Polynomials.html">Power Sum Polynomials</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gaussian_Integers.html">Gaussian Integers</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Matrices_for_ODEs.html">Matrices for ODEs</a></h5> <br>by <a href="../authors/munive">Jonathan Julian Huerta y Munive</a></div>
<span class="date">
Apr 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ADS_Functor.html">Authenticated Data Structures As Functors</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/maric">Ognjen Marić</a></div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sliding_Window_Algorithm.html">Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows</a></h5> <br>by <a href="../authors/heimes">Lukas Heimes</a>, <a href="../authors/traytel">Dmitriy Traytel</a> and <a href="../authors/schneider">Joshua Schneider</a></div>
<span class="date">
Apr 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MFODL_Monitor_Optimized.html">Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</a></h5> <br>by <a href="../authors/dardinier">Thibault Dardinier</a>, <a href="../authors/heimes">Lukas Heimes</a>, <a href="../authors/raszyk">Martin Raszyk</a>, <a href="../authors/schneider">Joshua Schneider</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Saturation_Framework.html">A Comprehensive Framework for Saturation Theorem Proving</a></h5> <br>by <a href="../authors/tourret">Sophie Tourret</a></div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stateful_Protocol_Composition_and_Typing.html">Stateful Protocol Composition and Typing</a></h5> <br>by <a href="../authors/hess">Andreas V. Hess</a>, <a href="../authors/moedersheim">Sebastian Mödersheim</a> and <a href="../authors/brucker">Achim D. Brucker</a></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Automated_Stateful_Protocol_Verification.html">Automated Stateful Protocol Verification</a></h5> <br>by <a href="../authors/hess">Andreas V. Hess</a>, <a href="../authors/moedersheim">Sebastian Mödersheim</a>, <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/schlichtkrull">Anders Schlichtkrull</a></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lucas_Theorem.html">Lucas&#39;s Theorem</a></h5> <br>by <a href="../authors/edmonds">Chelsea Edmonds</a></div>
<span class="date">
Apr 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/WOOT_Strong_Eventual_Consistency.html">Strong Eventual Consistency of the Collaborative Editing Framework WOOT</a></h5> <br>by <a href="../authors/karayel">Emin Karayel</a> and <a href="../authors/gonzalez">Edgar Gonzàlez</a></div>
<span class="date">
Mar 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Furstenberg_Topology.html">Furstenberg&#39;s topology and his proof of the infinitude of primes</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relational-Incorrectness-Logic.html">An Under-Approximate Relational Logic</a></h5> <br>by <a href="../authors/murray">Toby Murray</a></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hello_World.html">Hello World</a></h5> <br>by <a href="../authors/diekmann">Cornelius Diekmann</a> and <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Mar 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Goodstein_Lambda.html">Implementing the Goodstein Function in λ-Calculus</a></h5> <br>by <a href="../authors/felgenhauer">Bertram Felgenhauer</a></div>
<span class="date">
Feb 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/VeriComp.html">A Generic Framework for Verified Compilers</a></h5> <br>by <a href="../authors/desharnais">Martin Desharnais</a></div>
<span class="date">
Feb 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Arith_Prog_Rel_Primes.html">Arithmetic progressions and relative primes</a></h5> <br>by <a href="../authors/caballero">José Manuel Rodríguez Caballero</a></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Subset_Boolean_Algebras.html">A Hierarchy of Algebras for Boolean Subsets</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a> and <a href="../authors/moeller">Bernhard Möller</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Mersenne_Primes.html">Mersenne primes and the Lucas–Lehmer test</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Approximation_Algorithms.html">Verified Approximation Algorithms</a></h5> <br>by <a href="../authors/essmann">Robin Eßmann</a>, <a href="../authors/nipkow">Tobias Nipkow</a>, <a href="../authors/robillard">Simon Robillard</a> and <a href="../authors/sulejmani">Ujkan Sulejmani</a></div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Closest_Pair_Points.html">Closest Pair of Points Algorithms</a></h5> <br>by <a href="../authors/rau">Martin Rau</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jan 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Skip_Lists.html">Skip Lists</a></h5> <br>by <a href="../authors/haslbeck">Max W. Haslbeck</a> and <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Bicategory.html">Bicategories</a></h5> <br>by <a href="../authors/stark">Eugene W. Stark</a></div>
<span class="date">
Jan 06
</span>
</article>
<h2 class="head">2019</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Zeta_3_Irrational.html">The Irrationality of ζ(3)</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hybrid_Logic.html">Formalizing a Seligman-Style Tableau System for Hybrid Logic</a></h5> <br>by <a href="../authors/from">Asta Halkjær From</a></div>
<span class="date">
Dec 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Poincare_Bendixson.html">The Poincaré-Bendixson Theorem</a></h5> <br>by <a href="../authors/immler">Fabian Immler</a> and <a href="../authors/tan">Yong Kiam Tan</a></div>
<span class="date">
Dec 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Poincare_Disc.html">Poincaré Disc Model</a></h5> <br>by <a href="../authors/simic">Danijela Simić</a>, <a href="../authors/maricf">Filip Marić</a> and <a href="../authors/boutry">Pierre Boutry</a></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Complex_Geometry.html">Complex Geometry</a></h5> <br>by <a href="../authors/maricf">Filip Marić</a> and <a href="../authors/simic">Danijela Simić</a></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gauss_Sums.html">Gauss Sums and the Pólya–Vinogradov Inequality</a></h5> <br>by <a href="../authors/raya">Rodrigo Raya</a> and <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Generalized_Counting_Sort.html">An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Dec 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Interval_Arithmetic_Word32.html">Interval Arithmetic on 32-bit Words</a></h5> <br>by <a href="../authors/bohrer">Rose Bohrer</a></div>
<span class="date">
Nov 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ZFC_in_HOL.html">Zermelo Fraenkel Set Theory in Higher-Order Logic</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Oct 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Isabelle_C.html">Isabelle/C</a></h5> <br>by <a href="../authors/tuong">Frédéric Tuong</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Oct 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/VerifyThis2019.html">VerifyThis 2019 -- Polished Isabelle Solutions</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Oct 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Aristotles_Assertoric_Syllogistic.html">Aristotle&#39;s Assertoric Syllogistic</a></h5> <br>by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a></div>
<span class="date">
Oct 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sigma_Commit_Crypto.html">Sigma Protocols and Commitment Schemes</a></h5> <br>by <a href="../authors/butler">David Butler</a> and <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Oct 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Clean.html">Clean - An Abstract Imperative Programming Language and its Theory</a></h5> <br>by <a href="../authors/tuong">Frédéric Tuong</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Oct 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Generic_Join.html">Formalization of Multiway-Join Algorithms</a></h5> <br>by <a href="../authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hybrid_Systems_VCs.html">Verification Components for Hybrid Systems</a></h5> <br>by <a href="../authors/munive">Jonathan Julian Huerta y Munive</a></div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fourier.html">Fourier Series</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Jacobson_Basic_Algebra.html">A Case Study in Basic Algebra</a></h5> <br>by <a href="../authors/ballarin">Clemens Ballarin</a></div>
<span class="date">
Aug 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Adaptive_State_Counting.html">Formalisation of an Adaptive State Counting Algorithm</a></h5> <br>by <a href="../authors/sachtleben">Robert Sachtleben</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Laplace_Transform.html">Laplace Transform</a></h5> <br>by <a href="../authors/immler">Fabian Immler</a></div>
<span class="date">
Aug 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Linear_Programming.html">Linear Programming</a></h5> <br>by <a href="../authors/parsert">Julian Parsert</a> and <a href="../authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Aug 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/C2KA_DistributedSystems.html">Communicating Concurrent Kleene Algebra for Distributed Systems Specification</a></h5> <br>by <a href="../authors/buyse">Maxime Buyse</a> and <a href="../authors/jaskolka">Jason Jaskolka</a></div>
<span class="date">
Aug 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IMO2019.html">Selected Problems from the International Mathematical Olympiad 2019</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Aug 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stellar_Quorums.html">Stellar Quorum Systems</a></h5> <br>by <a href="../authors/losa">Giuliano Losa</a></div>
<span class="date">
Aug 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/TESL_Language.html">A Formal Development of a Polychronous Polytimed Coordination Language</a></h5> <br>by <a href="../authors/van">Hai Nguyen Van</a>, <a href="../authors/boulanger">Frédéric Boulanger</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Jul 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Szpilrajn.html">Order Extension and Szpilrajn&#39;s Extension Theorem</a></h5> <br>by <a href="../authors/zeller">Peter Zeller</a> and <a href="../authors/stevens">Lukas Stevens</a></div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FOL_Seq_Calc1.html">A Sequent Calculus for First-Order Logic</a></h5> <br>by <a href="../authors/from">Asta Halkjær From</a></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CakeML_Codegen.html">A Verified Code Generator from Isabelle/HOL to CakeML</a></h5> <br>by <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MFOTL_Monitor.html">Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</a></h5> <br>by <a href="../authors/schneider">Joshua Schneider</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Complete_Non_Orders.html">Complete Non-Orders and Fixed Points</a></h5> <br>by <a href="../authors/yamada">Akihisa Yamada</a> and <a href="../authors/dubut">Jérémy Dubut</a></div>
<span class="date">
Jun 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Prim_Dijkstra_Simple.html">Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Priority_Search_Trees.html">Priority Search Trees</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Linear_Inequalities.html">Linear Inequalities</a></h5> <br>by <a href="../authors/bottesch">Ralph Bottesch</a>, <a href="../authors/reynaud">Alban Reynaud</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Jun 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Nullstellensatz.html">Hilbert&#39;s Nullstellensatz</a></h5> <br>by <a href="../authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
Jun 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Groebner_Macaulay.html">Gröbner Bases, Macaulay Matrices and Dubé&#39;s Degree Bounds</a></h5> <br>by <a href="../authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
Jun 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IMP2_Binary_Heap.html">Binary Heaps for IMP2</a></h5> <br>by <a href="../authors/griebel">Simon Griebel</a></div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Differential_Game_Logic.html">Differential Game Logic</a></h5> <br>by <a href="../authors/platzer">André Platzer</a></div>
<span class="date">
Jun 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/KD_Tree.html">Multidimensional Binary Search Trees</a></h5> <br>by <a href="../authors/rau">Martin Rau</a></div>
<span class="date">
May 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LambdaAuth.html">Formalization of Generic Authenticated Data Structures</a></h5> <br>by <a href="../authors/brun">Matthias Brun</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
May 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Multi_Party_Computation.html">Multi-Party Computation</a></h5> <br>by <a href="../authors/aspinall">David Aspinall</a> and <a href="../authors/butler">David Butler</a></div>
<span class="date">
May 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HOL-CSP.html">HOL-CSP Version 2.0</a></h5> <br>by <a href="../authors/taha">Safouan Taha</a>, <a href="../authors/ye">Lina Ye</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LTL_Master_Theorem.html">A Compositional and Unified Translation of LTL into ω-Automata</a></h5> <br>by <a href="../authors/seidl">Benedikt Seidl</a> and <a href="../authors/sickert">Salomon Sickert</a></div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Binding_Syntax_Theory.html">A General Theory of Syntax with Bindings</a></h5> <br>by <a href="../authors/gheri">Lorenzo Gheri</a> and <a href="../authors/popescu">Andrei Popescu</a></div>
<span class="date">
Apr 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Transcendence_Series_Hancl_Rucki.html">The Transcendence of Certain Infinite Series</a></h5> <br>by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/li">Wenda Li</a></div>
<span class="date">
Mar 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/QHLProver.html">Quantum Hoare Logic</a></h5> <br>by <a href="../authors/liu">Junyi Liu</a>, <a href="../authors/zhan">Bohua Zhan</a>, <a href="../authors/wang">Shuling Wang</a>, <a href="../authors/ying">Shenggang Ying</a>, <a href="../authors/liut">Tao Liu</a>, <a href="../authors/liy">Yangjia Li</a>, <a href="../authors/yingm">Mingsheng Ying</a> and <a href="../authors/zhann">Naijun Zhan</a></div>
<span class="date">
Mar 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Safe_OCL.html">Safe OCL</a></h5> <br>by <a href="../authors/nikiforov">Denis Nikiforov</a></div>
<span class="date">
Mar 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Prime_Distribution_Elementary.html">Elementary Facts About the Distribution of Primes</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Kruskal.html">Kruskal&#39;s Algorithm for Minimum Spanning Forest</a></h5> <br>by <a href="../authors/haslbeckm">Maximilian P. L. Haslbeck</a>, <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/biendarra">Julian Biendarra</a></div>
<span class="date">
Feb 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Probabilistic_Prime_Tests.html">Probabilistic Primality Testing</a></h5> <br>by <a href="../authors/stuewe">Daniel Stüwe</a> and <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Universal_Turing_Machine.html">Universal Turing Machine</a></h5> <br>by <a href="../authors/xu">Jian Xu</a>, <a href="../authors/zhangx">Xingyuan Zhang</a>, <a href="../authors/urban">Christian Urban</a>, <a href="../authors/joosten">Sebastiaan J. C. Joosten</a> and <a href="../authors/regensburger">Franz Regensburger</a></div>
<span class="date">
Feb 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/List_Inversions.html">The Inversions of a List</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/UTP.html">Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming</a></h5> <br>by <a href="../authors/fosters">Simon Foster</a>, <a href="../authors/zeyda">Frank Zeyda</a>, <a href="../authors/nemouchi">Yakoub Nemouchi</a>, <a href="../authors/ribeiro">Pedro Ribeiro</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Farkas.html">Farkas&#39; Lemma and Motzkin&#39;s Transposition Theorem</a></h5> <br>by <a href="../authors/bottesch">Ralph Bottesch</a>, <a href="../authors/haslbeck">Max W. Haslbeck</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IMP2.html">IMP2 – Simple Program Verification in Isabelle/HOL</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Jan 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Higher_Order_Terms.html">An Algebra for Higher-Order Terms</a></h5> <br>by <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Jan 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Store_Buffer_Reduction.html">A Reduction Theorem for Store Buffers</a></h5> <br>by <a href="../authors/cohen">Ernie Cohen</a> and <a href="../authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Jan 07
</span>
</article>
<h2 class="head">2018</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Core_DOM.html">A Formal Model of the Document Object Model</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Dec 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Concurrent_Revisions.html">Formalization of Concurrent Revisions</a></h5> <br>by <a href="../authors/overbeek">Roy Overbeek</a></div>
<span class="date">
Dec 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Auto2_Imperative_HOL.html">Verifying Imperative Programs using Auto2</a></h5> <br>by <a href="../authors/zhan">Bohua Zhan</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Constructive_Cryptography.html">Constructive Cryptography in HOL</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Dec 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Transformer_Semantics.html">Transformer Semantics</a></h5> <br>by <a href="../authors/struth">Georg Struth</a></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Quantales.html">Quantales</a></h5> <br>by <a href="../authors/struth">Georg Struth</a></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Order_Lattice_Props.html">Properties of Orderings and Lattices</a></h5> <br>by <a href="../authors/struth">Georg Struth</a></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Graph_Saturation.html">Graph Saturation</a></h5> <br>by <a href="../authors/joosten">Sebastiaan J. C. Joosten</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Functional_Ordered_Resolution_Prover.html">A Verified Functional Implementation of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</a></h5> <br>by <a href="../authors/schlichtkrull">Anders Schlichtkrull</a>, <a href="../authors/blanchette">Jasmin Christian Blanchette</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Auto2_HOL.html">Auto2 Prover</a></h5> <br>by <a href="../authors/zhan">Bohua Zhan</a></div>
<span class="date">
Nov 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Matroids.html">Matroids</a></h5> <br>by <a href="../authors/keinholz">Jonas Keinholz</a></div>
<span class="date">
Nov 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Generic_Deriving.html">Deriving generic class instances for datatypes</a></h5> <br>by <a href="../authors/raedle">Jonas Rädle</a> and <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Nov 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/GewirthPGCProof.html">Formalisation and Evaluation of Alan Gewirth&#39;s Proof for the Principle of Generic Consistency in Isabelle/HOL</a></h5> <br>by <a href="../authors/fuenmayor">David Fuenmayor</a> and <a href="../authors/benzmueller">Christoph Benzmüller</a></div>
<span class="date">
Oct 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Epistemic_Logic.html">Epistemic Logic: Completeness of Modal Logics</a></h5> <br>by <a href="../authors/from">Asta Halkjær From</a></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Smooth_Manifolds.html">Smooth Manifolds</a></h5> <br>by <a href="../authors/immler">Fabian Immler</a> and <a href="../authors/zhan">Bohua Zhan</a></div>
<span class="date">
Oct 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Randomised_BSTs.html">Randomised Binary Search Trees</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lambda_Free_EPO.html">Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms</a></h5> <br>by <a href="../authors/bentkamp">Alexander Bentkamp</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Factored_Transition_System_Bounding.html">Upper Bounding Diameters of State Spaces of Factored Transition Systems</a></h5> <br>by <a href="../authors/kurz">Friedrich Kurz</a> and <a href="../authors/abdulaziz">Mohammad Abdulaziz</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pi_Transcendental.html">The Transcendence of π</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Symmetric_Polynomials.html">Symmetric Polynomials</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Signature_Groebner.html">Signature-Based Gröbner Basis Algorithms</a></h5> <br>by <a href="../authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Prime_Number_Theorem.html">The Prime Number Theorem</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Sep 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Aggregation_Algebras.html">Aggregation Algebras</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Sep 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Octonions.html">Octonions</a></h5> <br>by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a></div>
<span class="date">
Sep 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Quaternions.html">Quaternions</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Sep 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Budan_Fourier.html">The Budan-Fourier Theorem and Counting Real Roots with Multiplicity</a></h5> <br>by <a href="../authors/li">Wenda Li</a></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Simplex.html">An Incremental Simplex Algorithm with Unsatisfiable Core Generation</a></h5> <br>by <a href="../authors/maricf">Filip Marić</a>, <a href="../authors/spasic">Mirko Spasić</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Aug 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Minsky_Machines.html">Minsky Machines</a></h5> <br>by <a href="../authors/felgenhauer">Bertram Felgenhauer</a></div>
<span class="date">
Aug 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DiscretePricing.html">Pricing in discrete financial models</a></h5> <br>by <a href="../authors/echenim">Mnacho Echenim</a></div>
<span class="date">
Jul 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Neumann_Morgenstern_Utility.html">Von-Neumann-Morgenstern Utility Theorem</a></h5> <br>by <a href="../authors/parsert">Julian Parsert</a> and <a href="../authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pell.html">Pell&#39;s Equation</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jun 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Localization_Ring.html">The Localization of a Commutative Ring</a></h5> <br>by <a href="../authors/bordg">Anthony Bordg</a></div>
<span class="date">
Jun 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Projective_Geometry.html">Projective Geometry</a></h5> <br>by <a href="../authors/bordg">Anthony Bordg</a></div>
<span class="date">
Jun 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Partial_Order_Reduction.html">Partial Order Reduction</a></h5> <br>by <a href="../authors/brunner">Julian Brunner</a></div>
<span class="date">
Jun 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Optimal_BST.html">Optimal Binary Search Trees</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a> and <a href="../authors/somogyi">Dániel Somogyi</a></div>
<span class="date">
May 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hidden_Markov_Models.html">Hidden Markov Models</a></h5> <br>by <a href="../authors/wimmer">Simon Wimmer</a></div>
<span class="date">
May 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Probabilistic_Timed_Automata.html">Probabilistic Timed Automata</a></h5> <br>by <a href="../authors/wimmer">Simon Wimmer</a> and <a href="../authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Irrationality_J_Hancl.html">Irrational Rapidly Convergent Series</a></h5> <br>by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/li">Wenda Li</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AxiomaticCategoryTheory.html">Axiom Systems for Category Theory in Free Logic</a></h5> <br>by <a href="../authors/benzmueller">Christoph Benzmüller</a> and <a href="../authors/scott">Dana Scott</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Monad_Memo_DP.html">Monadification, Memoization and Dynamic Programming</a></h5> <br>by <a href="../authors/wimmer">Simon Wimmer</a>, <a href="../authors/hu">Shuwei Hu</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/OpSets.html">OpSets: Sequential Specifications for Replicated Datatypes</a></h5> <br>by <a href="../authors/kleppmann">Martin Kleppmann</a>, <a href="../authors/gomes">Victor B. F. Gomes</a>, <a href="../authors/mulligan">Dominic P. Mulligan</a> and <a href="../authors/beresford">Alastair R. Beresford</a></div>
<span class="date">
May 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Modular_Assembly_Kit_Security.html">An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties</a></h5> <br>by <a href="../authors/bracevac">Oliver Bračevac</a>, <a href="../authors/gay">Richard Gay</a>, <a href="../authors/grewe">Sylvia Grewe</a>, <a href="../authors/mantel">Heiko Mantel</a>, <a href="../authors/sudbrock">Henning Sudbrock</a> and <a href="../authors/tasch">Markus Tasch</a></div>
<span class="date">
May 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/WebAssembly.html">WebAssembly</a></h5> <br>by <a href="../authors/watt">Conrad Watt</a></div>
<span class="date">
Apr 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/VerifyThis2018.html">VerifyThis 2018 - Polished Isabelle Solutions</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BNF_CC.html">Bounded Natural Functors with Covariance and Contravariance</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/schneider">Joshua Schneider</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fishburn_Impossibility.html">The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency</a></h5> <br>by <a href="../authors/brandt">Felix Brandt</a>, <a href="../authors/eberl">Manuel Eberl</a>, <a href="../authors/saile">Christian Saile</a> and <a href="../authors/stricker">Christian Stricker</a></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Weight_Balanced_Trees.html">Weight-Balanced Trees</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a> and <a href="../authors/dirix">Stefan Dirix</a></div>
<span class="date">
Mar 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CakeML.html">CakeML</a></h5> <br>by <a href="../authors/hupel">Lars Hupel</a> and <a href="../authors/zhang">Yu Zhang</a></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Architectural_Design_Patterns.html">A Theory of Architectural Design Patterns</a></h5> <br>by <a href="../authors/marmsoler">Diego Marmsoler</a></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hoare_Time.html">Hoare Logics for Time Bounds</a></h5> <br>by <a href="../authors/haslbeckm">Maximilian P. L. Haslbeck</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Treaps.html">Treaps</a></h5> <br>by <a href="../authors/haslbeck">Max W. Haslbeck</a>, <a href="../authors/eberl">Manuel Eberl</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Error_Function.html">The Error Function</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/First_Order_Terms.html">First-Order Terms</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LLL_Factorization.html">A verified factorization algorithm for integer polynomials with polynomial complexity</a></h5> <br>by <a href="../authors/divason">Jose Divasón</a>, <a href="../authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LLL_Basis_Reduction.html">A verified LLL algorithm</a></h5> <br>by <a href="../authors/bottesch">Ralph Bottesch</a>, <a href="../authors/divason">Jose Divasón</a>, <a href="../authors/haslbeck">Max W. Haslbeck</a>, <a href="../authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Feb 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ordered_Resolution_Prover.html">Formalization of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</a></h5> <br>by <a href="../authors/schlichtkrull">Anders Schlichtkrull</a>, <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/traytel">Dmitriy Traytel</a> and <a href="../authors/waldmann">Uwe Waldmann</a></div>
<span class="date">
Jan 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gromov_Hyperbolicity.html">Gromov Hyperbolicity</a></h5> <br>by <a href="../authors/gouezel">Sebastien Gouezel</a></div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Green.html">An Isabelle/HOL formalisation of Green&#39;s Theorem</a></h5> <br>by <a href="../authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Jan 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Taylor_Models.html">Taylor Models</a></h5> <br>by <a href="../authors/traut">Christoph Traut</a> and <a href="../authors/immler">Fabian Immler</a></div>
<span class="date">
Jan 08
</span>
</article>
<h2 class="head">2017</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Falling_Factorial_Sum.html">The Falling Factorial of a Sum</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Median_Of_Medians_Selection.html">The Median-of-Medians Selection Algorithm</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Mason_Stothers.html">The Mason–Stothers Theorem</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dirichlet_L.html">Dirichlet L-Functions and Dirichlet&#39;s Theorem</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BNF_Operations.html">Operations on Bounded Natural Functors</a></h5> <br>by <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Dec 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Knuth_Morris_Pratt.html">The string search algorithm by Knuth, Morris and Pratt</a></h5> <br>by <a href="../authors/hellauer">Fabian Hellauer</a> and <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Dec 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stochastic_Matrices.html">Stochastic Matrices and the Perron-Frobenius Theorem</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IMAP-CRDT.html">The IMAP CmRDT</a></h5> <br>by <a href="../authors/jungnickel">Tim Jungnickel</a>, <a href="../authors/oldenburg">Lennart Oldenburg</a> and <a href="../authors/loibl">Matthias Loibl</a></div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hybrid_Multi_Lane_Spatial_Logic.html">Hybrid Multi-Lane Spatial Logic</a></h5> <br>by <a href="../authors/linker">Sven Linker</a></div>
<span class="date">
Nov 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Kuratowski_Closure_Complement.html">The Kuratowski Closure-Complement Theorem</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a> and <a href="../authors/gioiosa">Gianpaolo Gioiosa</a></div>
<span class="date">
Oct 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Transition_Systems_and_Automata.html">Transition Systems and Automata</a></h5> <br>by <a href="../authors/brunner">Julian Brunner</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Buchi_Complementation.html">Büchi Complementation</a></h5> <br>by <a href="../authors/brunner">Julian Brunner</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Winding_Number_Eval.html">Evaluate Winding Numbers through Cauchy Indices</a></h5> <br>by <a href="../authors/li">Wenda Li</a></div>
<span class="date">
Oct 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Count_Complex_Roots.html">Count the Number of Complex Roots</a></h5> <br>by <a href="../authors/li">Wenda Li</a></div>
<span class="date">
Oct 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Diophantine_Eqns_Lin_Hom.html">Homogeneous Linear Diophantine Equations</a></h5> <br>by <a href="../authors/messner">Florian Messner</a>, <a href="../authors/parsert">Julian Parsert</a>, <a href="../authors/schoepf">Jonas Schöpf</a> and <a href="../authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Oct 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Zeta_Function.html">The Hurwitz and Riemann ζ Functions</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Linear_Recurrences.html">Linear Recurrences</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dirichlet_Series.html">Dirichlet Series</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lowe_Ontological_Argument.html">Computer-assisted Reconstruction and Assessment of E. J. Lowe&#39;s Modal Ontological Argument</a></h5> <br>by <a href="../authors/fuenmayor">David Fuenmayor</a> and <a href="../authors/benzmueller">Christoph Benzmüller</a></div>
<span class="date">
Sep 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PLM.html">Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL</a></h5> <br>by <a href="../authors/kirchner">Daniel Kirchner</a></div>
<span class="date">
Sep 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AnselmGod.html">Anselm&#39;s God in Isabelle/HOL</a></h5> <br>by <a href="../authors/blumson">Ben Blumson</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/First_Welfare_Theorem.html">Microeconomics and the First Welfare Theorem</a></h5> <br>by <a href="../authors/parsert">Julian Parsert</a> and <a href="../authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Root_Balanced_Tree.html">Root-Balanced Tree</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Orbit_Stabiliser.html">Orbit-Stabiliser Theorem with Application to Rotational Symmetries</a></h5> <br>by <a href="../authors/raedle">Jonas Rädle</a></div>
<span class="date">
Aug 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LambdaMu.html">The LambdaMu-calculus</a></h5> <br>by <a href="../authors/matache">Cristina Matache</a>, <a href="../authors/gomes">Victor B. F. Gomes</a> and <a href="../authors/mulligan">Dominic P. Mulligan</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stewart_Apollonius.html">Stewart&#39;s Theorem and Apollonius&#39; Theorem</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Jul 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DynamicArchitectures.html">Dynamic Architectures</a></h5> <br>by <a href="../authors/marmsoler">Diego Marmsoler</a></div>
<span class="date">
Jul 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Decl_Sem_Fun_PL.html">Declarative Semantics for Functional Languages</a></h5> <br>by <a href="../authors/siek">Jeremy Siek</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HOLCF-Prelude.html">HOLCF-Prelude</a></h5> <br>by <a href="../authors/breitner">Joachim Breitner</a>, <a href="../authors/huffman">Brian Huffman</a>, <a href="../authors/mitchell">Neil Mitchell</a> and <a href="../authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Jul 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Minkowskis_Theorem.html">Minkowski&#39;s Theorem</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Name_Carrying_Type_Inference.html">Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus</a></h5> <br>by <a href="../authors/rawson">Michael Rawson</a></div>
<span class="date">
Jul 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CRDT.html">A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes</a></h5> <br>by <a href="../authors/gomes">Victor B. F. Gomes</a>, <a href="../authors/kleppmann">Martin Kleppmann</a>, <a href="../authors/mulligan">Dominic P. Mulligan</a> and <a href="../authors/beresford">Alastair R. Beresford</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stone_Kleene_Relation_Algebras.html">Stone-Kleene Relation Algebras</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Jul 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Propositional_Proof_Systems.html">Propositional Proof Systems</a></h5> <br>by <a href="../authors/michaelis">Julius Michaelis</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PSemigroupsConvolution.html">Partial Semigroups and Convolution Algebras</a></h5> <br>by <a href="../authors/dongol">Brijesh Dongol</a>, <a href="../authors/gomes">Victor B. F. Gomes</a>, <a href="../authors/hayes">Ian J. Hayes</a> and <a href="../authors/struth">Georg Struth</a></div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Buffons_Needle.html">Buffon&#39;s Needle Problem</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jun 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Prpu_Maxflow.html">Formalizing Push-Relabel Algorithms</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Flow_Networks.html">Flow Networks and the Min-Cut-Max-Flow Theorem</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Optics.html">Optics</a></h5> <br>by <a href="../authors/fosters">Simon Foster</a> and <a href="../authors/zeyda">Frank Zeyda</a></div>
<span class="date">
May 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dict_Construction.html">Dictionary Construction</a></h5> <br>by <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Security_Protocol_Refinement.html">Developing Security Protocols by Refinement</a></h5> <br>by <a href="../authors/sprenger">Christoph Sprenger</a> and <a href="../authors/somaini">Ivano Somaini</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Floyd_Warshall.html">The Floyd-Warshall Algorithm for Shortest Paths</a></h5> <br>by <a href="../authors/wimmer">Simon Wimmer</a> and <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Probabilistic_While.html">Probabilistic while loop</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Monad_Normalisation.html">Monad normalisation</a></h5> <br>by <a href="../authors/schneider">Joshua Schneider</a>, <a href="../authors/eberl">Manuel Eberl</a> and <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Game_Based_Crypto.html">Game-based cryptography in HOL</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a>, <a href="../authors/sefidgar">S. Reza Sefidgar</a> and <a href="../authors/bhatt">Bhargav Bhatt</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Monomorphic_Monad.html">Effect polymorphism in higher-order logic</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CryptHOL.html">CryptHOL</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MonoidalCategory.html">Monoidal Categories</a></h5> <br>by <a href="../authors/stark">Eugene W. Stark</a></div>
<span class="date">
May 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Types_Tableaus_and_Goedels_God.html">Types, Tableaus and Gödel’s God in Isabelle/HOL</a></h5> <br>by <a href="../authors/fuenmayor">David Fuenmayor</a> and <a href="../authors/benzmueller">Christoph Benzmüller</a></div>
<span class="date">
May 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LocalLexing.html">Local Lexing</a></h5> <br>by <a href="../authors/obua">Steven Obua</a></div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Constructor_Funs.html">Constructor Functions</a></h5> <br>by <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Apr 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lazy_Case.html">Lazifying case constants</a></h5> <br>by <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Apr 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Subresultants.html">Subresultants</a></h5> <br>by <a href="../authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Apr 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Random_BSTs.html">Expected Shape of Random Binary Search Trees</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Quick_Sort_Cost.html">The number of comparisons in QuickSort</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Comparison_Sort_Lower_Bound.html">Lower bound on comparison-based sorting algorithms</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Euler_MacLaurin.html">The Euler–MacLaurin Formula</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Elliptic_Curves_Group_Law.html">The Group Law for Elliptic Curves</a></h5> <br>by <a href="../authors/berghofer">Stefan Berghofer</a></div>
<span class="date">
Feb 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Menger.html">Menger&#39;s Theorem</a></h5> <br>by <a href="../authors/dittmann">Christoph Dittmann</a></div>
<span class="date">
Feb 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Differential_Dynamic_Logic.html">Differential Dynamic Logic</a></h5> <br>by <a href="../authors/bohrer">Rose Bohrer</a></div>
<span class="date">
Feb 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Abstract_Soundness.html">Abstract Soundness</a></h5> <br>by <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Feb 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stone_Relation_Algebras.html">Stone Relation Algebras</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Feb 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Key_Agreement_Strong_Adversaries.html">Refining Authenticated Key Agreement with Strong Adversaries</a></h5> <br>by <a href="../authors/lallemand">Joseph Lallemand</a> and <a href="../authors/sprenger">Christoph Sprenger</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Bernoulli.html">Bernoulli Numbers</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a> and <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Minimal_SSA.html">Minimal Static Single Assignment Form</a></h5> <br>by <a href="../authors/wagner">Max Wagner</a> and <a href="../authors/lohner">Denis Lohner</a></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Bertrands_Postulate.html">Bertrand&#39;s postulate</a></h5> <br>by <a href="../authors/biendarra">Julian Biendarra</a> and <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/E_Transcendental.html">The Transcendence of e</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/UPF_Firewall.html">Formal Network Models and Their Application to Firewall Policies</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a>, <a href="../authors/bruegger">Lukas Brügger</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Jan 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Password_Authentication_Protocol.html">Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Jan 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FOL_Harrison.html">First-Order Logic According to Harrison</a></h5> <br>by <a href="../authors/jensen">Alexander Birch Jensen</a>, <a href="../authors/schlichtkrull">Anders Schlichtkrull</a> and <a href="../authors/villadsen">Jørgen Villadsen</a></div>
<span class="date">
Jan 01
</span>
</article>
<h2 class="head">2016</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Concurrent_Ref_Alg.html">Concurrent Refinement Algebra and Rely Quotients</a></h5> <br>by <a href="../authors/fell">Julian Fell</a>, <a href="../authors/hayes">Ian J. Hayes</a> and <a href="../authors/velykis">Andrius Velykis</a></div>
<span class="date">
Dec 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Twelvefold_Way.html">The Twelvefold Way</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Dec 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Proof_Strategy_Language.html">Proof Strategy Language</a></h5> <br>by <a href="../authors/nagashima">Yutaka Nagashima</a></div>
<span class="date">
Dec 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Paraconsistency.html">Paraconsistency</a></h5> <br>by <a href="../authors/schlichtkrull">Anders Schlichtkrull</a> and <a href="../authors/villadsen">Jørgen Villadsen</a></div>
<span class="date">
Dec 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Complx.html">COMPLX: A Verification Framework for Concurrent Imperative Programs</a></h5> <br>by <a href="../authors/amani">Sidney Amani</a>, <a href="../authors/andronick">June Andronick</a>, <a href="../authors/bortin">Maksym Bortin</a>, <a href="../authors/lewis">Corey Lewis</a>, <a href="../authors/rizkallah">Christine Rizkallah</a> and <a href="../authors/tuongj">Joseph Tuong</a></div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Abs_Int_ITP2012.html">Abstract Interpretation of Annotated Commands</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Separata.html">Separata: Isabelle tactics for Separation Algebra</a></h5> <br>by <a href="../authors/hou">Zhe Hou</a>, <a href="../authors/sanan">David Sanan</a>, <a href="../authors/tiu">Alwen Tiu</a>, <a href="../authors/gore">Rajeev Gore</a> and <a href="../authors/clouston">Ranald Clouston</a></div>
<span class="date">
Nov 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Nested_Multisets_Ordinals.html">Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals</a></h5> <br>by <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/fleury">Mathias Fleury</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Nov 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lambda_Free_KBOs.html">Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms</a></h5> <br>by <a href="../authors/becker">Heiko Becker</a>, <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/waldmann">Uwe Waldmann</a> and <a href="../authors/wand">Daniel Wand</a></div>
<span class="date">
Nov 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Deep_Learning.html">Expressiveness of Deep Learning</a></h5> <br>by <a href="../authors/bentkamp">Alexander Bentkamp</a></div>
<span class="date">
Nov 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Modal_Logics_for_NTS.html">Modal Logics for Nominal Transition Systems</a></h5> <br>by <a href="../authors/weber">Tjark Weber</a>, <a href="../authors/eriksson">Lars-Henrik Eriksson</a>, <a href="../authors/parrow">Joachim Parrow</a>, <a href="../authors/borgstroem">Johannes Borgström</a> and <a href="../authors/gutkovas">Ramunas Gutkovas</a></div>
<span class="date">
Oct 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stable_Matching.html">Stable Matching</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a></div>
<span class="date">
Oct 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LOFT.html">LOFT — Verified Migration of Linux Firewalls to SDN</a></h5> <br>by <a href="../authors/michaelis">Julius Michaelis</a> and <a href="../authors/diekmann">Cornelius Diekmann</a></div>
<span class="date">
Oct 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Source_Coding_Theorem.html">Source Coding Theorem</a></h5> <br>by <a href="../authors/hibon">Quentin Hibon</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SPARCv8.html">A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor</a></h5> <br>by <a href="../authors/hou">Zhe Hou</a>, <a href="../authors/sanan">David Sanan</a>, <a href="../authors/tiu">Alwen Tiu</a> and <a href="../authors/liuy">Yang Liu</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Berlekamp_Zassenhaus.html">The Factorization Algorithm of Berlekamp and Zassenhaus</a></h5> <br>by <a href="../authors/divason">Jose Divasón</a>, <a href="../authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Oct 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Chord_Segments.html">Intersecting Chords Theorem</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Oct 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lp.html">Lp spaces</a></h5> <br>by <a href="../authors/gouezel">Sebastien Gouezel</a></div>
<span class="date">
Oct 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fisher_Yates.html">Fisher–Yates shuffle</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Allen_Calculus.html">Allen&#39;s Interval Calculus</a></h5> <br>by <a href="../authors/ghourabi">Fadoua Ghourabi</a></div>
<span class="date">
Sep 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lambda_Free_RPOs.html">Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms</a></h5> <br>by <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/waldmann">Uwe Waldmann</a> and <a href="../authors/wand">Daniel Wand</a></div>
<span class="date">
Sep 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Iptables_Semantics.html">Iptables Semantics</a></h5> <br>by <a href="../authors/diekmann">Cornelius Diekmann</a> and <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stone_Algebras.html">Stone Algebras</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SuperCalc.html">A Variant of the Superposition Calculus</a></h5> <br>by <a href="../authors/peltier">Nicolas Peltier</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stirling_Formula.html">Stirling&#39;s formula</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Routing.html">Routing</a></h5> <br>by <a href="../authors/michaelis">Julius Michaelis</a> and <a href="../authors/diekmann">Cornelius Diekmann</a></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Simple_Firewall.html">Simple Firewall</a></h5> <br>by <a href="../authors/diekmann">Cornelius Diekmann</a>, <a href="../authors/michaelis">Julius Michaelis</a> and <a href="../authors/haslbeck">Max W. Haslbeck</a></div>
<span class="date">
Aug 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/InfPathElimination.html">Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths</a></h5> <br>by <a href="../authors/aissat">Romain Aissat</a>, <a href="../authors/voisin">Frederic Voisin</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Aug 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/EdmondsKarp_Maxflow.html">Formalizing the Edmonds-Karp Algorithm</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Refine_Imperative_HOL.html">The Imperative Refinement Framework</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ptolemys_Theorem.html">Ptolemy&#39;s Theorem</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Aug 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Surprise_Paradox.html">Surprise Paradox</a></h5> <br>by <a href="../authors/breitner">Joachim Breitner</a></div>
<span class="date">
Jul 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pairing_Heap.html">Pairing Heap</a></h5> <br>by <a href="../authors/brinkop">Hauke Brinkop</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jul 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DFS_Framework.html">A Framework for Verifying Depth-First Search Algorithms</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/neumann">René Neumann</a></div>
<span class="date">
Jul 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Buildings.html">Chamber Complexes, Coxeter Systems, and Buildings</a></h5> <br>by <a href="../authors/sylvestre">Jeremy Sylvestre</a></div>
<span class="date">
Jul 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Rewriting_Z.html">The Z Property</a></h5> <br>by <a href="../authors/felgenhauer">Bertram Felgenhauer</a>, <a href="../authors/nagele">Julian Nagele</a>, <a href="../authors/oostrom">Vincent van Oostrom</a> and <a href="../authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Jun 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Resolution_FOL.html">The Resolution Calculus for First-Order Logic</a></h5> <br>by <a href="../authors/schlichtkrull">Anders Schlichtkrull</a></div>
<span class="date">
Jun 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IP_Addresses.html">IP Addresses</a></h5> <br>by <a href="../authors/diekmann">Cornelius Diekmann</a>, <a href="../authors/michaelis">Julius Michaelis</a> and <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Jun 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dependent_SIFUM_Refinement.html">Compositional Security-Preserving Refinement for Concurrent Imperative Programs</a></h5> <br>by <a href="../authors/murray">Toby Murray</a>, <a href="../authors/sison">Robert Sison</a>, <a href="../authors/pierzchalski">Edward Pierzchalski</a> and <a href="../authors/rizkallah">Christine Rizkallah</a></div>
<span class="date">
Jun 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Category3.html">Category Theory with Adjunctions and Limits</a></h5> <br>by <a href="../authors/stark">Eugene W. Stark</a></div>
<span class="date">
Jun 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Card_Multisets.html">Cardinality of Multisets</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Jun 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dependent_SIFUM_Type_Systems.html">A Dependent Security Type System for Concurrent Imperative Programs</a></h5> <br>by <a href="../authors/murray">Toby Murray</a>, <a href="../authors/sison">Robert Sison</a>, <a href="../authors/pierzchalski">Edward Pierzchalski</a> and <a href="../authors/rizkallah">Christine Rizkallah</a></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Catalan_Numbers.html">Catalan Numbers</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jun 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Algebraic_VCs.html">Program Construction and Verification Components Based on Kleene Algebra</a></h5> <br>by <a href="../authors/gomes">Victor B. F. Gomes</a> and <a href="../authors/struth">Georg Struth</a></div>
<span class="date">
Jun 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Noninterference_Concurrent_Composition.html">Conservation of CSP Noninterference Security under Concurrent Composition</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Word_Lib.html">Finite Machine Word Library</a></h5> <br>by <a href="../authors/beeren">Joel Beeren</a>, <a href="../authors/fernandez">Matthew Fernandez</a>, <a href="../authors/gao">Xin Gao</a>, <a href="../authors/klein">Gerwin Klein</a>, <a href="../authors/kolanski">Rafal Kolanski</a>, <a href="../authors/lim">Japheth Lim</a>, <a href="../authors/lewis">Corey Lewis</a>, <a href="../authors/matichuk">Daniel Matichuk</a> and <a href="../authors/sewell">Thomas Sewell</a></div>
<span class="date">
Jun 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Tree_Decomposition.html">Tree Decomposition</a></h5> <br>by <a href="../authors/dittmann">Christoph Dittmann</a></div>
<span class="date">
May 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Posix-Lexing.html">POSIX Lexing with Derivatives of Regular Expressions</a></h5> <br>by <a href="../authors/ausaf">Fahad Ausaf</a>, <a href="../authors/dyckhoff">Roy Dyckhoff</a> and <a href="../authors/urban">Christian Urban</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Card_Equiv_Relations.html">Cardinality of Equivalence Relations</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Incredible_Proof_Machine.html">The meta theory of the Incredible Proof Machine</a></h5> <br>by <a href="../authors/breitner">Joachim Breitner</a> and <a href="../authors/lohner">Denis Lohner</a></div>
<span class="date">
May 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Perron_Frobenius.html">Perron-Frobenius Theorem for Spectral Radius Analysis</a></h5> <br>by <a href="../authors/divason">Jose Divasón</a>, <a href="../authors/kuncar">Ondřej Kunčar</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
May 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FLP.html">A Constructive Proof for FLP</a></h5> <br>by <a href="../authors/bisping">Benjamin Bisping</a>, <a href="../authors/brodmann">Paul-David Brodmann</a>, <a href="../authors/jungnickel">Tim Jungnickel</a>, <a href="../authors/rickmann">Christina Rickmann</a>, <a href="../authors/seidler">Henning Seidler</a>, <a href="../authors/stueber">Anke Stüber</a>, <a href="../authors/weidner">Arno Wilhelm-Weidner</a>, <a href="../authors/peters">Kirstin Peters</a> and <a href="../authors/nestmann">Uwe Nestmann</a></div>
<span class="date">
May 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MFMC_Countable.html">A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Randomised_Social_Choice.html">Randomised Social Choice Theory</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SDS_Impossibility.html">The Incompatibility of SD-Efficiency and SD-Strategy-Proofness</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
May 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Bell_Numbers_Spivey.html">Spivey&#39;s Generalized Recurrence for Bell Numbers</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
May 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Groebner_Bases.html">Gröbner Bases Theory</a></h5> <br>by <a href="../authors/immler">Fabian Immler</a> and <a href="../authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/No_FTL_observers.html">No Faster-Than-Light Observers</a></h5> <br>by <a href="../authors/stannett">Mike Stannett</a> and <a href="../authors/nemeti">István Németi</a></div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ROBDD.html">Algorithms for Reduced Ordered Binary Decision Diagrams</a></h5> <br>by <a href="../authors/michaelis">Julius Michaelis</a>, <a href="../authors/haslbeck">Max W. Haslbeck</a>, <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CYK.html">A formalisation of the Cocke-Younger-Kasami algorithm</a></h5> <br>by <a href="../authors/bortin">Maksym Bortin</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Noninterference_Sequential_Composition.html">Conservation of CSP Noninterference Security under Sequential Composition</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/KAD.html">Kleene Algebras with Domain</a></h5> <br>by <a href="../authors/gomes">Victor B. F. Gomes</a>, <a href="../authors/guttmann">Walter Guttmann</a>, <a href="../authors/hoefner">Peter Höfner</a>, <a href="../authors/struth">Georg Struth</a> and <a href="../authors/weber">Tjark Weber</a></div>
<span class="date">
Apr 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PropResPI.html">Propositional Resolution and Prime Implicates Generation</a></h5> <br>by <a href="../authors/peltier">Nicolas Peltier</a></div>
<span class="date">
Mar 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Timed_Automata.html">Timed Automata</a></h5> <br>by <a href="../authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Mar 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Cartan_FP.html">The Cartan Fixed Point Theorems</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Mar 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LTL.html">Linear Temporal Logic</a></h5> <br>by <a href="../authors/sickert">Salomon Sickert</a></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/List_Update.html">Analysis of List Update Algorithms</a></h5> <br>by <a href="../authors/haslbeckm">Maximilian P. L. Haslbeck</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Formal_SSA.html">Verified Construction of Static Single Assignment Form</a></h5> <br>by <a href="../authors/ullrich">Sebastian Ullrich</a> and <a href="../authors/lohner">Denis Lohner</a></div>
<span class="date">
Feb 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Polynomial_Interpolation.html">Polynomial Interpolation</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Polynomial_Factorization.html">Polynomial Factorization</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Knot_Theory.html">Knot Theory</a></h5> <br>by <a href="../authors/prathamesh">T.V.H. Prathamesh</a></div>
<span class="date">
Jan 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Matrix_Tensor.html">Tensor Product of Matrices</a></h5> <br>by <a href="../authors/prathamesh">T.V.H. Prathamesh</a></div>
<span class="date">
Jan 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Card_Number_Partitions.html">Cardinality of Number Partitions</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Jan 14
</span>
</article>
<h2 class="head">2015</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Prime_Harmonic_Series.html">The Divergence of the Prime Harmonic Series</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Liouville_Numbers.html">Liouville numbers</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Descartes_Sign_Rule.html">Descartes&#39; Rule of Signs</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Triangle.html">Basic Geometric Properties of Triangles</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stern_Brocot.html">The Stern-Brocot Tree</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a> and <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Applicative_Lifting.html">Applicative Lifting</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/schneider">Joshua Schneider</a></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Algebraic_Numbers.html">Algebraic Numbers in Isabelle/HOL</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a>, <a href="../authors/yamada">Akihisa Yamada</a> and <a href="../authors/joosten">Sebastiaan J. C. Joosten</a></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Card_Partitions.html">Cardinality of Set Partitions</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Dec 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Latin_Square.html">Latin Square</a></h5> <br>by <a href="../authors/bentkamp">Alexander Bentkamp</a></div>
<span class="date">
Dec 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ergodic_Theory.html">Ergodic Theory</a></h5> <br>by <a href="../authors/gouezel">Sebastien Gouezel</a></div>
<span class="date">
Dec 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Euler_Partition.html">Euler&#39;s Partition Theorem</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/TortoiseHare.html">The Tortoise and Hare Algorithm</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a></div>
<span class="date">
Nov 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Planarity_Certificates.html">Planarity Certificates</a></h5> <br>by <a href="../authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Parity_Game.html">Positional Determinacy of Parity Games</a></h5> <br>by <a href="../authors/dittmann">Christoph Dittmann</a></div>
<span class="date">
Nov 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Isabelle_Meta_Model.html">A Meta-Model for the Isabelle API</a></h5> <br>by <a href="../authors/tuong">Frédéric Tuong</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LTL_to_DRA.html">Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata</a></h5> <br>by <a href="../authors/sickert">Salomon Sickert</a></div>
<span class="date">
Sep 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Jordan_Normal_Form.html">Matrices, Jordan Normal Forms, and Spectral Radius Theory</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Aug 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Decreasing-Diagrams-II.html">Decreasing Diagrams II</a></h5> <br>by <a href="../authors/felgenhauer">Bertram Felgenhauer</a></div>
<span class="date">
Aug 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Noninterference_Inductive_Unwinding.html">The Inductive Unwinding Theorem for CSP Noninterference Security</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Aug 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Rep_Fin_Groups.html">Representations of Finite Groups</a></h5> <br>by <a href="../authors/sylvestre">Jeremy Sylvestre</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Encodability_Process_Calculi.html">Analysing and Comparing Encodability Criteria for Process Calculi</a></h5> <br>by <a href="../authors/peters">Kirstin Peters</a> and <a href="../authors/glabbeek">Rob van Glabbeek</a></div>
<span class="date">
Aug 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Case_Labeling.html">Generating Cases from Labeled Subgoals</a></h5> <br>by <a href="../authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Akra_Bazzi.html">The Akra-Bazzi theorem and the Master theorem</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Landau_Symbols.html">Landau Symbols</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hermite.html">Hermite Normal Form</a></h5> <br>by <a href="../authors/divason">Jose Divasón</a> and <a href="../authors/aransay">Jesús Aransay</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Derangements.html">Derangements Formula</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Jun 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Noninterference_Ipurge_Unwinding.html">The Ipurge Unwinding Theorem for CSP Noninterference Security</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Noninterference_Generic_Unwinding.html">The Generic Unwinding Theorem for CSP Noninterference Security</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/List_Interleaving.html">Reasoning about Lists via List Interleaving</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Multirelations.html">Binary Multirelations</a></h5> <br>by <a href="../authors/furusawa">Hitoshi Furusawa</a> and <a href="../authors/struth">Georg Struth</a></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dynamic_Tables.html">Parameterized Dynamic Tables</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Formula_Derivatives.html">Derivatives of Logical Formulas</a></h5> <br>by <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Probabilistic_System_Zoo.html">A Zoo of Probabilistic Systems</a></h5> <br>by <a href="../authors/hoelzl">Johannes Hölzl</a>, <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
May 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Vickrey_Clarke_Groves.html">VCG - Combinatorial Vickrey-Clarke-Groves Auctions</a></h5> <br>by <a href="../authors/caminati">Marco B. Caminati</a>, <a href="../authors/kerber">Manfred Kerber</a>, <a href="../authors/lange">Christoph Lange</a> and <a href="../authors/rowat">Colin Rowat</a></div>
<span class="date">
Apr 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Residuated_Lattices.html">Residuated Lattices</a></h5> <br>by <a href="../authors/gomes">Victor B. F. Gomes</a> and <a href="../authors/struth">Georg Struth</a></div>
<span class="date">
Apr 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ConcurrentGC.html">Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a>, <a href="../authors/hosking">Tony Hosking</a> and <a href="../authors/engelhardt">Kai Engelhardt</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ConcurrentIMP.html">Concurrent IMP</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Trie.html">Trie</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Mar 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Consensus_Refined.html">Consensus Refined</a></h5> <br>by <a href="../authors/maric">Ognjen Marić</a> and <a href="../authors/sprenger">Christoph Sprenger</a></div>
<span class="date">
Mar 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Deriving.html">Deriving class instances for datatypes</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Mar 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Call_Arity.html">The Safety of Call Arity</a></h5> <br>by <a href="../authors/breitner">Joachim Breitner</a></div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/QR_Decomposition.html">QR Decomposition</a></h5> <br>by <a href="../authors/divason">Jose Divasón</a> and <a href="../authors/aransay">Jesús Aransay</a></div>
<span class="date">
Feb 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Echelon_Form.html">Echelon Form</a></h5> <br>by <a href="../authors/divason">Jose Divasón</a> and <a href="../authors/aransay">Jesús Aransay</a></div>
<span class="date">
Feb 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Finite_Automata_HF.html">Finite Automata in Hereditarily Finite Set Theory</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Feb 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/UpDown_Scheme.html">Verification of the UpDown Scheme</a></h5> <br>by <a href="../authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
Jan 28
</span>
</article>
<h2 class="head">2014</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/UPF.html">The Unified Policy Framework (UPF)</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a>, <a href="../authors/bruegger">Lukas Brügger</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Nov 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AODV.html">Loop freedom of the (untimed) AODV routing protocol</a></h5> <br>by <a href="../authors/bourke">Timothy Bourke</a> and <a href="../authors/hoefner">Peter Höfner</a></div>
<span class="date">
Oct 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lifting_Definition_Option.html">Lifting Definition Option</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Oct 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stream_Fusion_Code.html">Stream Fusion in HOL with Code Generation</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/maximova">Alexandra Maximova</a></div>
<span class="date">
Oct 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Density_Compiler.html">A Verified Compiler for Probability Density Functions</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a>, <a href="../authors/hoelzl">Johannes Hölzl</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Oct 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/RefinementReactive.html">Formalization of Refinement Calculus for Reactive Systems</a></h5> <br>by <a href="../authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Oct 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/XML.html">XML</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Oct 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Certification_Monads.html">Certification Monads</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Oct 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Imperative_Insertion_Sort.html">Imperative Insertion Sort</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Sep 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sturm_Tarski.html">The Sturm-Tarski Theorem</a></h5> <br>by <a href="../authors/li">Wenda Li</a></div>
<span class="date">
Sep 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Cayley_Hamilton.html">The Cayley-Hamilton Theorem</a></h5> <br>by <a href="../authors/adelsberger">Stephan Adelsberger</a>, <a href="../authors/hetzl">Stefan Hetzl</a> and <a href="../authors/pollak">Florian Pollak</a></div>
<span class="date">
Sep 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Jordan_Hoelder.html">The Jordan-Hölder Theorem</a></h5> <br>by <a href="../authors/raumer">Jakob von Raumer</a></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Priority_Queue_Braun.html">Priority Queues Based on Braun Trees</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Sep 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gauss_Jordan.html">Gauss-Jordan Algorithm and Its Applications</a></h5> <br>by <a href="../authors/divason">Jose Divasón</a> and <a href="../authors/aransay">Jesús Aransay</a></div>
<span class="date">
Sep 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/VectorSpace.html">Vector Spaces</a></h5> <br>by <a href="../authors/lee">Holden Lee</a></div>
<span class="date">
Aug 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Special_Function_Bounds.html">Real-Valued Special Functions: Upper and Lower Bounds</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Aug 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Skew_Heap.html">Skew Heap</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Splay_Tree.html">Splay Tree</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Show.html">Haskell&#39;s Show Class in Isabelle/HOL</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Jul 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CISC-Kernel.html">Formal Specification of a Generic Separation Kernel</a></h5> <br>by <a href="../authors/verbeek">Freek Verbeek</a>, <a href="../authors/tverdyshev">Sergey Tverdyshev</a>, <a href="../authors/havle">Oto Havle</a>, <a href="../authors/blasum">Holger Blasum</a>, <a href="../authors/langenstein">Bruno Langenstein</a>, <a href="../authors/stephan">Werner Stephan</a>, <a href="../authors/nemouchi">Yakoub Nemouchi</a>, <a href="../authors/feliachi">Abderrahmane Feliachi</a>, <a href="../authors/wolff">Burkhart Wolff</a> and <a href="../authors/schmaltz">Julien Schmaltz</a></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/pGCL.html">pGCL for Isabelle</a></h5> <br>by <a href="../authors/cock">David Cock</a></div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Amortized_Complexity.html">Amortized Complexity Verified</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Network_Security_Policy_Verification.html">Network Security Policy Verification</a></h5> <br>by <a href="../authors/diekmann">Cornelius Diekmann</a></div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pop_Refinement.html">Pop-Refinement</a></h5> <br>by <a href="../authors/coglio">Alessandro Coglio</a></div>
<span class="date">
Jul 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MSO_Regex_Equivalence.html">Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</a></h5> <br>by <a href="../authors/traytel">Dmitriy Traytel</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Boolean_Expression_Checkers.html">Boolean Expression Checkers</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gabow_SCC.html">Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CAVA_Automata.html">The CAVA Automata Library</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Promela.html">Promela Formalization</a></h5> <br>by <a href="../authors/neumann">René Neumann</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LTL_to_GBA.html">Converting Linear-Time Temporal Logic to Generalized Büchi Automata</a></h5> <br>by <a href="../authors/schimpf">Alexander Schimpf</a> and <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CAVA_LTL_Modelchecker.html">A Fully Verified Executable LTL Model Checker</a></h5> <br>by <a href="../authors/esparza">Javier Esparza</a>, <a href="../authors/lammich">Peter Lammich</a>, <a href="../authors/neumann">René Neumann</a>, <a href="../authors/nipkow">Tobias Nipkow</a>, <a href="../authors/schimpf">Alexander Schimpf</a> and <a href="../authors/smaus">Jan-Georg Smaus</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Roy_Floyd_Warshall.html">Transitive closure according to Roy-Floyd-Warshall</a></h5> <br>by <a href="../authors/wenzel">Makarius Wenzel</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Noninterference_CSP.html">Noninterference Security in Communicating Sequential Processes</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Regular_Algebras.html">Regular Algebras</a></h5> <br>by <a href="../authors/fosters">Simon Foster</a> and <a href="../authors/struth">Georg Struth</a></div>
<span class="date">
May 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ComponentDependencies.html">Formalisation and Analysis of Component Dependencies</a></h5> <br>by <a href="../authors/spichkova">Maria Spichkova</a></div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Strong_Security.html">A Formalization of Strong Security</a></h5> <br>by <a href="../authors/grewe">Sylvia Grewe</a>, <a href="../authors/lux">Alexander Lux</a>, <a href="../authors/mantel">Heiko Mantel</a> and <a href="../authors/sauer">Jens Sauer</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/WHATandWHERE_Security.html">A Formalization of Declassification with WHAT-and-WHERE-Security</a></h5> <br>by <a href="../authors/grewe">Sylvia Grewe</a>, <a href="../authors/lux">Alexander Lux</a>, <a href="../authors/mantel">Heiko Mantel</a> and <a href="../authors/sauer">Jens Sauer</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SIFUM_Type_Systems.html">A Formalization of Assumptions and Guarantees for Compositional Noninterference</a></h5> <br>by <a href="../authors/grewe">Sylvia Grewe</a>, <a href="../authors/mantel">Heiko Mantel</a> and <a href="../authors/schoepe">Daniel Schoepe</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Bounded_Deducibility_Security.html">Bounded-Deducibility Security</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a>, <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/bauereiss">Thomas Bauereiss</a></div>
<span class="date">
Apr 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Abstract_Completeness.html">Abstract Completeness</a></h5> <br>by <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HyperCTL.html">A shallow embedding of HyperCTL*</a></h5> <br>by <a href="../authors/rabe">Markus N. Rabe</a>, <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/popescu">Andrei Popescu</a></div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Discrete_Summation.html">Discrete Summation</a></h5> <br>by <a href="../authors/haftmann">Florian Haftmann</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/GPU_Kernel_PL.html">Syntax and semantics of a GPU kernel programming language</a></h5> <br>by <a href="../authors/wickerson">John Wickerson</a></div>
<span class="date">
Apr 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Probabilistic_Noninterference.html">Probabilistic Noninterference</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
Mar 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AWN.html">Mechanization of the Algebra for Wireless Networks (AWN)</a></h5> <br>by <a href="../authors/bourke">Timothy Bourke</a></div>
<span class="date">
Mar 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Partial_Function_MR.html">Mutually Recursive Partial Functions</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Random_Graph_Subgraph_Threshold.html">Properties of Random Graphs -- Subgraph Containment</a></h5> <br>by <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Feb 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Selection_Heap_Sort.html">Verification of Selection and Heap Sort Using Locales</a></h5> <br>by <a href="../authors/petrovic">Danijela Petrovic</a></div>
<span class="date">
Feb 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Affine_Arithmetic.html">Affine Arithmetic</a></h5> <br>by <a href="../authors/immler">Fabian Immler</a></div>
<span class="date">
Feb 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Real_Impl.html">Implementing field extensions of the form Q[sqrt(b)]</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Regex_Equivalence.html">Unified Decision Procedures for Regular Expression Equivalence</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Secondary_Sylow.html">Secondary Sylow Theorems</a></h5> <br>by <a href="../authors/raumer">Jakob von Raumer</a></div>
<span class="date">
Jan 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relation_Algebra.html">Relation Algebra</a></h5> <br>by <a href="../authors/armstrong">Alasdair Armstrong</a>, <a href="../authors/fosters">Simon Foster</a>, <a href="../authors/struth">Georg Struth</a> and <a href="../authors/weber">Tjark Weber</a></div>
<span class="date">
Jan 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/KAT_and_DRA.html">Kleene Algebra with Tests and Demonic Refinement Algebras</a></h5> <br>by <a href="../authors/armstrong">Alasdair Armstrong</a>, <a href="../authors/gomes">Victor B. F. Gomes</a> and <a href="../authors/struth">Georg Struth</a></div>
<span class="date">
Jan 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Featherweight_OCL.html">Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a>, <a href="../authors/tuong">Frédéric Tuong</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sturm_Sequences.html">Sturm&#39;s Theorem</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CryptoBasedCompositionalProperties.html">Compositional Properties of Crypto-Based Components</a></h5> <br>by <a href="../authors/spichkova">Maria Spichkova</a></div>
<span class="date">
Jan 11
</span>
</article>
<h2 class="head">2013</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Tail_Recursive_Functions.html">A General Method for the Proof of Theorems on Tail-recursive Functions</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Dec 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HereditarilyFinite.html">The Hereditarily Finite Sets</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Nov 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Incompleteness.html">Gödel&#39;s Incompleteness Theorems</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Nov 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Coinductive_Languages.html">A Codatatype of Formal Languages</a></h5> <br>by <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Nov 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FocusStreamsCaseStudies.html">Stream Processing Components: Isabelle/HOL Formalisation and Case Studies</a></h5> <br>by <a href="../authors/spichkova">Maria Spichkova</a></div>
<span class="date">
Nov 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/GoedelGod.html">Gödel&#39;s God in Isabelle/HOL</a></h5> <br>by <a href="../authors/benzmueller">Christoph Benzmüller</a> and <a href="../authors/paleo">Bruno Woltzenlogel Paleo</a></div>
<span class="date">
Nov 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Decreasing-Diagrams.html">Decreasing Diagrams</a></h5> <br>by <a href="../authors/zankl">Harald Zankl</a></div>
<span class="date">
Nov 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Automatic_Refinement.html">Automatic Data Refinement</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Oct 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Native_Word.html">Native Word</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Sep 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IEEE_Floating_Point.html">A Formal Model of IEEE Floating Point Arithmetic</a></h5> <br>by <a href="../authors/yu">Lei Yu</a></div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pratt_Certificate.html">Pratt&#39;s Primality Certificates</a></h5> <br>by <a href="../authors/wimmer">Simon Wimmer</a> and <a href="../authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Jul 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lehmer.html">Lehmer&#39;s Theorem</a></h5> <br>by <a href="../authors/wimmer">Simon Wimmer</a> and <a href="../authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Jul 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Koenigsberg_Friendship.html">The Königsberg Bridge Problem and the Friendship Theorem</a></h5> <br>by <a href="../authors/li">Wenda Li</a></div>
<span class="date">
Jul 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sort_Encodings.html">Sound and Complete Sort Encodings for First-Order Logic</a></h5> <br>by <a href="../authors/blanchette">Jasmin Christian Blanchette</a> and <a href="../authors/popescu">Andrei Popescu</a></div>
<span class="date">
Jun 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ShortestPath.html">An Axiomatic Characterization of the Single-Source Shortest Path Problem</a></h5> <br>by <a href="../authors/rizkallah">Christine Rizkallah</a></div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Graph_Theory.html">Graph Theory</a></h5> <br>by <a href="../authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Containers.html">Light-weight Containers</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Apr 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Nominal2.html">Nominal 2</a></h5> <br>by <a href="../authors/urban">Christian Urban</a>, <a href="../authors/berghofer">Stefan Berghofer</a> and <a href="../authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Feb 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Launchbury.html">The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</a></h5> <br>by <a href="../authors/breitner">Joachim Breitner</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ribbon_Proofs.html">Ribbon Proofs</a></h5> <br>by <a href="../authors/wickerson">John Wickerson</a></div>
<span class="date">
Jan 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Rank_Nullity_Theorem.html">Rank-Nullity Theorem in Linear Algebra</a></h5> <br>by <a href="../authors/divason">Jose Divasón</a> and <a href="../authors/aransay">Jesús Aransay</a></div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Kleene_Algebra.html">Kleene Algebra</a></h5> <br>by <a href="../authors/armstrong">Alasdair Armstrong</a>, <a href="../authors/struth">Georg Struth</a> and <a href="../authors/weber">Tjark Weber</a></div>
<span class="date">
Jan 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sqrt_Babylonian.html">Computing N-th Roots using the Babylonian Method</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Jan 03
</span>
</article>
<h2 class="head">2012</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Separation_Logic_Imperative_HOL.html">A Separation Logic Framework for Imperative HOL</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/meis">Rene Meis</a></div>
<span class="date">
Nov 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Open_Induction.html">Open Induction</a></h5> <br>by <a href="../authors/ogawa">Mizuhito Ogawa</a> and <a href="../authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Nov 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Tarskis_Geometry.html">The independence of Tarski&#39;s Euclidean axiom</a></h5> <br>by <a href="../authors/makarios">T. J. M. Makarios</a></div>
<span class="date">
Oct 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Bondy.html">Bondy&#39;s Theorem</a></h5> <br>by <a href="../authors/avigad">Jeremy Avigad</a> and <a href="../authors/hetzl">Stefan Hetzl</a></div>
<span class="date">
Oct 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Possibilistic_Noninterference.html">Possibilistic Noninterference</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Datatype_Order_Generator.html">Generating linear orders for datatypes</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Aug 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Impossible_Geometry.html">Proving the Impossibility of Trisecting an Angle and Doubling the Cube</a></h5> <br>by <a href="../authors/romanos">Ralph Romanos</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Aug 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Heard_Of.html">Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model</a></h5> <br>by <a href="../authors/debrat">Henri Debrat</a> and <a href="../authors/merz">Stephan Merz</a></div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PCF.html">Logical Relations for PCF</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a></div>
<span class="date">
Jul 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Tycon.html">Type Constructor Classes and Monad Transformers</a></h5> <br>by <a href="../authors/huffman">Brian Huffman</a></div>
<span class="date">
Jun 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pi_Calculus.html">The pi-calculus in nominal logic</a></h5> <br>by <a href="../authors/bengtson">Jesper Bengtson</a></div>
<span class="date">
May 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Psi_Calculi.html">Psi-calculi in Isabelle</a></h5> <br>by <a href="../authors/bengtson">Jesper Bengtson</a></div>
<span class="date">
May 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CCS.html">CCS in nominal logic</a></h5> <br>by <a href="../authors/bengtson">Jesper Bengtson</a></div>
<span class="date">
May 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Circus.html">Isabelle/Circus</a></h5> <br>by <a href="../authors/feliachi">Abderrahmane Feliachi</a>, <a href="../authors/wolff">Burkhart Wolff</a> and <a href="../authors/gaudel">Marie-Claude Gaudel</a></div>
<span class="date">
May 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Separation_Algebra.html">Separation Algebra</a></h5> <br>by <a href="../authors/klein">Gerwin Klein</a>, <a href="../authors/kolanski">Rafal Kolanski</a> and <a href="../authors/boyton">Andrew Boyton</a></div>
<span class="date">
May 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stuttering_Equivalence.html">Stuttering Equivalence</a></h5> <br>by <a href="../authors/merz">Stephan Merz</a></div>
<span class="date">
May 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Inductive_Confidentiality.html">Inductive Study of Confidentiality</a></h5> <br>by <a href="../authors/bella">Giampaolo Bella</a></div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ordinary_Differential_Equations.html">Ordinary Differential Equations</a></h5> <br>by <a href="../authors/immler">Fabian Immler</a> and <a href="../authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Well_Quasi_Orders.html">Well-Quasi-Orders</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Abortable_Linearizable_Modules.html">Abortable Linearizable Modules</a></h5> <br>by <a href="../authors/guerraoui">Rachid Guerraoui</a>, <a href="../authors/kuncak">Viktor Kuncak</a> and <a href="../authors/losa">Giuliano Losa</a></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Transitive-Closure-II.html">Executable Transitive Closures</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Girth_Chromatic.html">A Probabilistic Proof of the Girth-Chromatic Number Theorem</a></h5> <br>by <a href="../authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Refine_Monadic.html">Refinement for Monadic Programs</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dijkstra_Shortest_Path.html">Dijkstra&#39;s Shortest Path Algorithm</a></h5> <br>by <a href="../authors/nordhoff">Benedikt Nordhoff</a> and <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Markov_Models.html">Markov Models</a></h5> <br>by <a href="../authors/hoelzl">Johannes Hölzl</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jan 03
</span>
</article>
<h2 class="head">2011</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/TLA.html">A Definitional Encoding of TLA* in Isabelle/HOL</a></h5> <br>by <a href="../authors/grov">Gudmund Grov</a> and <a href="../authors/merz">Stephan Merz</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Efficient-Mergesort.html">Efficient Mergesort</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PseudoHoops.html">Pseudo Hoops</a></h5> <br>by <a href="../authors/georgescu">George Georgescu</a>, <a href="../authors/leustean">Laurentiu Leustean</a> and <a href="../authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LatticeProperties.html">Lattice Properties</a></h5> <br>by <a href="../authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MonoBoolTranAlgebra.html">Algebra of Monotonic Boolean Transformers</a></h5> <br>by <a href="../authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Myhill-Nerode.html">The Myhill-Nerode Theorem Based on Regular Expressions</a></h5> <br>by <a href="../authors/wu">Chunhan Wu</a>, <a href="../authors/zhangx">Xingyuan Zhang</a> and <a href="../authors/urban">Christian Urban</a></div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gauss-Jordan-Elim-Fun.html">Gauss-Jordan Elimination for Matrices Represented as Functions</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Max-Card-Matching.html">Maximum Cardinality Matching</a></h5> <br>by <a href="../authors/rizkallah">Christine Rizkallah</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/KBPs.html">Knowledge-based programs</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a></div>
<span class="date">
May 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/General-Triangle.html">The General Triangle Is Unique</a></h5> <br>by <a href="../authors/breitner">Joachim Breitner</a></div>
<span class="date">
Apr 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Transitive-Closure.html">Executable Transitive Closures of Finite Relations</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Mar 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Nat-Interval-Logic.html">Interval Temporal Logic on Natural Numbers</a></h5> <br>by <a href="../authors/trachtenherz">David Trachtenherz</a></div>
<span class="date">
Feb 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/List-Infinite.html">Infinite Lists</a></h5> <br>by <a href="../authors/trachtenherz">David Trachtenherz</a></div>
<span class="date">
Feb 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AutoFocus-Stream.html">AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics</a></h5> <br>by <a href="../authors/trachtenherz">David Trachtenherz</a></div>
<span class="date">
Feb 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LightweightJava.html">Lightweight Java</a></h5> <br>by <a href="../authors/strnisa">Rok Strniša</a> and <a href="../authors/parkinson">Matthew Parkinson</a></div>
<span class="date">
Feb 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/RIPEMD-160-SPARK.html">RIPEMD-160</a></h5> <br>by <a href="../authors/immler">Fabian Immler</a></div>
<span class="date">
Jan 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lower_Semicontinuous.html">Lower Semicontinuous Functions</a></h5> <br>by <a href="../authors/grechuk">Bogdan Grechuk</a></div>
<span class="date">
Jan 08
</span>
</article>
<h2 class="head">2010</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Marriage.html">Hall&#39;s Marriage Theorem</a></h5> <br>by <a href="../authors/jiangd">Dongchen Jiang</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Dec 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Shivers-CFA.html">Shivers&#39; Control Flow Analysis</a></h5> <br>by <a href="../authors/breitner">Joachim Breitner</a></div>
<span class="date">
Nov 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Binomial-Queues.html">Functional Binomial Queues</a></h5> <br>by <a href="../authors/neumann">René Neumann</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Finger-Trees.html">Finger Trees</a></h5> <br>by <a href="../authors/nordhoff">Benedikt Nordhoff</a>, <a href="../authors/koerner">Stefan Körner</a> and <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Binomial-Heaps.html">Binomial Heaps and Skew Binomial Heaps</a></h5> <br>by <a href="../authors/meis">Rene Meis</a>, <a href="../authors/nielsen">Finn Nielsen</a> and <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lam-ml-Normalization.html">Strong Normalization of Moggis&#39;s Computational Metalanguage</a></h5> <br>by <a href="../authors/doczkal">Christian Doczkal</a></div>
<span class="date">
Aug 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Polynomials.html">Executable Multivariate Polynomials</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a>, <a href="../authors/thiemann">René Thiemann</a>, <a href="../authors/maletzky">Alexander Maletzky</a>, <a href="../authors/immler">Fabian Immler</a>, <a href="../authors/haftmann">Florian Haftmann</a>, <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/bentkamp">Alexander Bentkamp</a></div>
<span class="date">
Aug 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Statecharts.html">Formalizing Statecharts using Hierarchical Automata</a></h5> <br>by <a href="../authors/helke">Steffen Helke</a> and <a href="../authors/kammueller">Florian Kammüller</a></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Free-Groups.html">Free Groups</a></h5> <br>by <a href="../authors/breitner">Joachim Breitner</a></div>
<span class="date">
Jun 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Category2.html">Category Theory</a></h5> <br>by <a href="../authors/katovsky">Alexander Katovsky</a></div>
<span class="date">
Jun 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Matrix.html">Executable Matrix Operations on Matrices of Arbitrary Dimensions</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Jun 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Abstract-Rewriting.html">Abstract Rewriting</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Jun 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/GraphMarkingIBP.html">Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement</a></h5> <br>by <a href="../authors/preoteasa">Viorel Preoteasa</a> and <a href="../authors/back">Ralph-Johan Back</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DataRefinementIBP.html">Semantics and Data Refinement of Invariant Based Programs</a></h5> <br>by <a href="../authors/preoteasa">Viorel Preoteasa</a> and <a href="../authors/back">Ralph-Johan Back</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
- <h5><a class="title" href="../entries/Robbins-Conjecture.html">A Complete Proof of the Robbins Conjecture</a></h5> <br>by <a href="../authors/doty">Matthew Wampler-Doty</a></div>
+ <h5><a class="title" href="../entries/Robbins-Conjecture.html">A Complete Proof of the Robbins Conjecture</a></h5> <br>by <a href="../authors/doty">Matthew Doty</a></div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Regular-Sets.html">Regular Sets and Expressions</a></h5> <br>by <a href="../authors/krauss">Alexander Krauss</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
May 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Locally-Nameless-Sigma.html">Locally Nameless Sigma Calculus</a></h5> <br>by <a href="../authors/henrio">Ludovic Henrio</a>, <a href="../authors/kammueller">Florian Kammüller</a>, <a href="../authors/lutz">Bianca Lutz</a> and <a href="../authors/sudhof">Henry Sudhof</a></div>
<span class="date">
Apr 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Free-Boolean-Algebra.html">Free Boolean Algebra</a></h5> <br>by <a href="../authors/huffman">Brian Huffman</a></div>
<span class="date">
Mar 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/InformationFlowSlicing_Inter.html">Inter-Procedural Information Flow Noninterference via Slicing</a></h5> <br>by <a href="../authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/InformationFlowSlicing.html">Information Flow Noninterference via Slicing</a></h5> <br>by <a href="../authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/List-Index.html">List Index</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Coinductive.html">Coinductive</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Feb 12
</span>
</article>
<h2 class="head">2009</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DPT-SAT-Solver.html">A Fast SAT Solver for Isabelle in Standard ML</a></h5> <br>by <a href="../authors/heller">Armin Heller</a></div>
<span class="date">
Dec 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Presburger-Automata.html">Formalizing the Logic-Automaton Connection</a></h5> <br>by <a href="../authors/berghofer">Stefan Berghofer</a> and <a href="../authors/reiter">Markus Reiter</a></div>
<span class="date">
Dec 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Tree-Automata.html">Tree Automata</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Nov 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Collections.html">Collections Framework</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Nov 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Perfect-Number-Thm.html">Perfect Number Theorem</a></h5> <br>by <a href="../authors/ijbema">Mark Ijbema</a></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HRB-Slicing.html">Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer</a></h5> <br>by <a href="../authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Nov 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/WorkerWrapper.html">The Worker/Wrapper Transformation</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a></div>
<span class="date">
Oct 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ordinals_and_Cardinals.html">Ordinals and Cardinals</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a></div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SequentInvertibility.html">Invertibility in Sequent Calculi</a></h5> <br>by <a href="../authors/chapman">Peter Chapman</a></div>
<span class="date">
Aug 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CofGroups.html">An Example of a Cofinitary Group in Isabelle/HOL</a></h5> <br>by <a href="../authors/kastermans">Bart Kastermans</a></div>
<span class="date">
Aug 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FinFun.html">Code Generation for Functions as Data</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stream-Fusion.html">Stream Fusion</a></h5> <br>by <a href="../authors/huffman">Brian Huffman</a></div>
<span class="date">
Apr 29
</span>
</article>
<h2 class="head">2008</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BytecodeLogicJmlTypes.html">A Bytecode Logic for JML and Types</a></h5> <br>by <a href="../authors/beringer">Lennart Beringer</a> and <a href="../authors/hofmann">Martin Hofmann</a></div>
<span class="date">
Dec 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SIFPL.html">Secure information flow and program logics</a></h5> <br>by <a href="../authors/beringer">Lennart Beringer</a> and <a href="../authors/hofmann">Martin Hofmann</a></div>
<span class="date">
Nov 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SenSocialChoice.html">Some classical results in Social Choice Theory</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a></div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FunWithTilings.html">Fun With Tilings</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Nov 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Huffman.html">The Textbook Proof of Huffman&#39;s Algorithm</a></h5> <br>by <a href="../authors/blanchette">Jasmin Christian Blanchette</a></div>
<span class="date">
Oct 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Slicing.html">Towards Certified Slicing</a></h5> <br>by <a href="../authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/VolpanoSmith.html">A Correctness Proof for the Volpano/Smith Security Typing System</a></h5> <br>by <a href="../authors/snelting">Gregor Snelting</a> and <a href="../authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ArrowImpossibilityGS.html">Arrow and Gibbard-Satterthwaite</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FunWithFunctions.html">Fun With Functions</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SATSolverVerification.html">Formal Verification of Modern SAT Solvers</a></h5> <br>by <a href="../authors/maricf">Filip Marić</a></div>
<span class="date">
Jul 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Recursion-Theory-I.html">Recursion Theory I</a></h5> <br>by <a href="../authors/nedzelsky">Michael Nedzelsky</a></div>
<span class="date">
Apr 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BDD.html">BDD Normalisation</a></h5> <br>by <a href="../authors/ortner">Veronika Ortner</a> and <a href="../authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Simpl.html">A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</a></h5> <br>by <a href="../authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/NormByEval.html">Normalization by Evaluation</a></h5> <br>by <a href="../authors/aehlig">Klaus Aehlig</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LinearQuantifierElim.html">Quantifier Elimination for Linear Arithmetic</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jan 11
</span>
</article>
<h2 class="head">2007</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Program-Conflict-Analysis.html">Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/olm">Markus Müller-Olm</a></div>
<span class="date">
Dec 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/JinjaThreads.html">Jinja with Threads</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Dec 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MuchAdoAboutTwo.html">Much Ado About Two</a></h5> <br>by <a href="../authors/boehme">Sascha Böhme</a></div>
<span class="date">
Nov 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SumSquares.html">Sums of Two and Four Squares</a></h5> <br>by <a href="../authors/oosterhuis">Roelof Oosterhuis</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fermat3_4.html">Fermat&#39;s Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples</a></h5> <br>by <a href="../authors/oosterhuis">Roelof Oosterhuis</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Valuation.html">Fundamental Properties of Valuation Theory and Hensel&#39;s Lemma</a></h5> <br>by <a href="../authors/kobayashi">Hidetsune Kobayashi</a></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/POPLmark-deBruijn.html">POPLmark Challenge Via de Bruijn Indices</a></h5> <br>by <a href="../authors/berghofer">Stefan Berghofer</a></div>
<span class="date">
Aug 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FOL-Fitting.html">First-Order Logic According to Fitting</a></h5> <br>by <a href="../authors/berghofer">Stefan Berghofer</a></div>
<span class="date">
Aug 02
</span>
</article>
<h2 class="head">2006</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HotelKeyCards.html">Hotel Key Card System</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Abstract-Hoare-Logics.html">Abstract Hoare Logics</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Flyspeck-Tame.html">Flyspeck I: Tame Graphs</a></h5> <br>by <a href="../authors/bauer">Gertrud Bauer</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CoreC&#43;&#43;.html">CoreC&#43;&#43;</a></h5> <br>by <a href="../authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
May 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FeatherweightJava.html">A Theory of Featherweight Java in Isabelle/HOL</a></h5> <br>by <a href="../authors/fosterj">J. Nathan Foster</a> and <a href="../authors/vytiniotis">Dimitrios Vytiniotis</a></div>
<span class="date">
Mar 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ClockSynchInst.html">Instances of Schneider&#39;s generalized protocol of clock synchronization</a></h5> <br>by <a href="../authors/barsotti">Damián Barsotti</a></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Cauchy.html">Cauchy&#39;s Mean Theorem and the Cauchy-Schwarz Inequality</a></h5> <br>by <a href="../authors/porter">Benjamin Porter</a></div>
<span class="date">
Mar 14
</span>
</article>
<h2 class="head">2005</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ordinal.html">Countable Ordinals</a></h5> <br>by <a href="../authors/huffman">Brian Huffman</a></div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FFT.html">Fast Fourier Transform</a></h5> <br>by <a href="../authors/ballarin">Clemens Ballarin</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/GenClock.html">Formalization of a Generalized Protocol for Clock Synchronization</a></h5> <br>by <a href="../authors/tiu">Alwen Tiu</a></div>
<span class="date">
Jun 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DiskPaxos.html">Proving the Correctness of Disk Paxos</a></h5> <br>by <a href="../authors/jaskelioff">Mauro Jaskelioff</a> and <a href="../authors/merz">Stephan Merz</a></div>
<span class="date">
Jun 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/JiveDataStoreModel.html">Jive Data and Store Model</a></h5> <br>by <a href="../authors/rauch">Nicole Rauch</a> and <a href="../authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Jun 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Jinja.html">Jinja is not Java</a></h5> <br>by <a href="../authors/klein">Gerwin Klein</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/RSAPSS.html">SHA1, RSA, PSS and more</a></h5> <br>by <a href="../authors/lindenberg">Christina Lindenberg</a> and <a href="../authors/wirt">Kai Wirt</a></div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Category.html">Category Theory to Yoneda&#39;s Lemma</a></h5> <br>by <a href="../authors/keefe">Greg O&rsquo;Keefe</a></div>
<span class="date">
Apr 21
</span>
</article>
<h2 class="head">2004</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FileRefinement.html">File Refinement</a></h5> <br>by <a href="../authors/zee">Karen Zee</a> and <a href="../authors/kuncak">Viktor Kuncak</a></div>
<span class="date">
Dec 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Integration.html">Integration theory and random variables</a></h5> <br>by <a href="../authors/richter">Stefan Richter</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Verified-Prover.html">A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic</a></h5> <br>by <a href="../authors/ridge">Tom Ridge</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ramsey-Infinite.html">Ramsey&#39;s theorem, infinitary version</a></h5> <br>by <a href="../authors/ridge">Tom Ridge</a></div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Completeness.html">Completeness theorem</a></h5> <br>by <a href="../authors/margetson">James Margetson</a> and <a href="../authors/ridge">Tom Ridge</a></div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Compiling-Exceptions-Correctly.html">Compiling Exceptions Correctly</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jul 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Depth-First-Search.html">Depth First Search</a></h5> <br>by <a href="../authors/nishihara">Toshiaki Nishihara</a> and <a href="../authors/minamide">Yasuhiko Minamide</a></div>
<span class="date">
Jun 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Group-Ring-Module.html">Groups, Rings and Modules</a></h5> <br>by <a href="../authors/kobayashi">Hidetsune Kobayashi</a>, <a href="../authors/chen">L. Chen</a> and <a href="../authors/murao">H. Murao</a></div>
<span class="date">
May 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Topology.html">Topology</a></h5> <br>by <a href="../authors/friedrich">Stefan Friedrich</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lazy-Lists-II.html">Lazy Lists II</a></h5> <br>by <a href="../authors/friedrich">Stefan Friedrich</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BinarySearchTree.html">Binary Search Trees</a></h5> <br>by <a href="../authors/kuncak">Viktor Kuncak</a></div>
<span class="date">
Apr 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Functional-Automata.html">Functional Automata</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Mar 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MiniML.html">Mini ML</a></h5> <br>by <a href="../authors/naraschewski">Wolfgang Naraschewski</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Mar 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AVL-Trees.html">AVL Trees</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a> and <a href="../authors/pusch">Cornelia Pusch</a></div>
<span class="date">
Mar 19
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/index.xml b/web/entries/index.xml
--- a/web/entries/index.xml
+++ b/web/entries/index.xml
@@ -1,6302 +1,6347 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Entries on Archive of Formal Proofs</title>
<link>/entries/</link>
<description>Recent content in Entries on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Thu, 08 Sep 2022 00:00:00 +0000</lastBuildDate><atom:link href="/entries/index.xml" rel="self" type="application/rss+xml" />
+ <lastBuildDate>Thu, 22 Sep 2022 00:00:00 +0000</lastBuildDate><atom:link href="/entries/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>p-adic Fields and p-adic Semialgebraic Sets</title>
+ <link>/entries/Padic_Field.html</link>
+ <pubDate>Thu, 22 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Padic_Field.html</guid>
+ <description></description>
+ </item>
+
+ <item>
+ <title>Risk-Free Lending</title>
+ <link>/entries/Risk_Free_Lending.html</link>
+ <pubDate>Sun, 18 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Risk_Free_Lending.html</guid>
+ <description></description>
+ </item>
+
+ <item>
+ <title>Soundness and Completeness of Implicational Logic</title>
+ <link>/entries/Implicational_Logic.html</link>
+ <pubDate>Tue, 13 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Implicational_Logic.html</guid>
+ <description></description>
+ </item>
+
<item>
<title>CRYSTALS-Kyber</title>
<link>/entries/CRYSTALS-Kyber.html</link>
<pubDate>Thu, 08 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/CRYSTALS-Kyber.html</guid>
<description></description>
</item>
<item>
+ <title>Unbounded Separation Logic</title>
+ <link>/entries/Separation_Logic_Unbounded.html</link>
+ <pubDate>Mon, 05 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Separation_Logic_Unbounded.html</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Khovanskii&amp;#x27;s Theorem</title>
<link>/entries/Khovanskii_Theorem.html</link>
<pubDate>Fri, 02 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Khovanskii_Theorem.html</guid>
<description></description>
</item>
<item>
<title>The Hales–Jewett Theorem</title>
<link>/entries/Hales_Jewett.html</link>
<pubDate>Fri, 02 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Hales_Jewett.html</guid>
<description></description>
</item>
<item>
<title>Number Theoretic Transform</title>
<link>/entries/Number_Theoretic_Transform.html</link>
<pubDate>Thu, 18 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/Number_Theoretic_Transform.html</guid>
<description></description>
</item>
<item>
+ <title>Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</title>
+ <link>/entries/SCC_Bloemen_Sequential.html</link>
+ <pubDate>Wed, 17 Aug 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/SCC_Bloemen_Sequential.html</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>From THE BOOK: Two Squares via Involutions</title>
<link>/entries/Involutions2Squares.html</link>
<pubDate>Mon, 15 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/Involutions2Squares.html</guid>
<description></description>
</item>
<item>
<title>Verified Complete Test Strategies for Finite State Machines</title>
<link>/entries/FSM_Tests.html</link>
<pubDate>Tue, 09 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/FSM_Tests.html</guid>
<description></description>
</item>
<item>
<title>Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML</title>
<link>/entries/Nano_JSON.html</link>
<pubDate>Fri, 29 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Nano_JSON.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</title>
<link>/entries/Solidity.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Solidity.html</guid>
<description></description>
</item>
<item>
<title>Simultaneous diagonalization of pairwise commuting Hermitian matrices</title>
<link>/entries/Commuting_Hermitian.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Commuting_Hermitian.html</guid>
<description></description>
</item>
<item>
<title>Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality</title>
<link>/entries/Weighted_Arithmetic_Geometric_Mean.html</link>
<pubDate>Mon, 11 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Weighted_Arithmetic_Geometric_Mean.html</guid>
<description></description>
</item>
<item>
<title>A Reuse-Based Multi-Stage Compiler Verification for Language IMP</title>
<link>/entries/IMP_Compiler_Reuse.html</link>
<pubDate>Sun, 10 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/IMP_Compiler_Reuse.html</guid>
<description></description>
</item>
<item>
<title>Real-Time Double-Ended Queue</title>
<link>/entries/Real_Time_Deque.html</link>
<pubDate>Thu, 23 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Real_Time_Deque.html</guid>
<description></description>
</item>
<item>
<title>Boolos&#39;s Curious Inference in Isabelle/HOL</title>
<link>/entries/Boolos_Curious_Inference.html</link>
<pubDate>Mon, 20 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Boolos_Curious_Inference.html</guid>
<description></description>
</item>
<item>
<title>Finite Fields</title>
<link>/entries/Finite_Fields.html</link>
<pubDate>Wed, 08 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Finite_Fields.html</guid>
<description></description>
</item>
<item>
<title>IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols</title>
<link>/entries/IsaNet.html</link>
<pubDate>Wed, 08 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/IsaNet.html</guid>
<description></description>
</item>
<item>
<title>Diophantine Equations and the DPRM Theorem</title>
<link>/entries/DPRM_Theorem.html</link>
<pubDate>Mon, 06 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/DPRM_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Reducing Rewrite Properties to Properties on Ground Terms</title>
<link>/entries/Rewrite_Properties_Reduction.html</link>
<pubDate>Thu, 02 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Rewrite_Properties_Reduction.html</guid>
<description></description>
</item>
<item>
<title>A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</title>
<link>/entries/Combinable_Wands.html</link>
<pubDate>Mon, 30 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Combinable_Wands.html</guid>
<description></description>
</item>
<item>
<title>The Plünnecke-Ruzsa Inequality</title>
<link>/entries/Pluennecke_Ruzsa_Inequality.html</link>
<pubDate>Thu, 26 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Pluennecke_Ruzsa_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Framework for the Sound Automation of Magic Wands</title>
<link>/entries/Package_logic.html</link>
<pubDate>Wed, 18 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Package_logic.html</guid>
<description></description>
</item>
<item>
<title>Clique is not solvable by monotone circuits of polynomial size</title>
<link>/entries/Clique_and_Monotone_Circuits.html</link>
<pubDate>Sun, 08 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Clique_and_Monotone_Circuits.html</guid>
<description></description>
</item>
<item>
<title>Fisher&#39;s Inequality: Linear Algebraic Proof Techniques for Combinatorics</title>
<link>/entries/Fishers_Inequality.html</link>
<pubDate>Thu, 21 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Fishers_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Digit Expansions</title>
<link>/entries/Digit_Expansions.html</link>
<pubDate>Wed, 20 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Digit_Expansions.html</guid>
<description></description>
</item>
<item>
<title>The Generalized Multiset Ordering is NP-Complete</title>
<link>/entries/Multiset_Ordering_NPC.html</link>
<pubDate>Wed, 20 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Multiset_Ordering_NPC.html</guid>
<description></description>
</item>
<item>
<title>The Sophomore&#39;s Dream</title>
<link>/entries/Sophomores_Dream.html</link>
<pubDate>Sun, 10 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Sophomores_Dream.html</guid>
<description></description>
</item>
<item>
<title>A Combinator Library for Prefix-Free Codes</title>
<link>/entries/Prefix_Free_Code_Combinators.html</link>
<pubDate>Fri, 08 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Prefix_Free_Code_Combinators.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Randomized Approximation Algorithms for Frequency Moments</title>
<link>/entries/Frequency_Moments.html</link>
<pubDate>Fri, 08 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Frequency_Moments.html</guid>
<description></description>
</item>
<item>
<title>Constructing the Reals as Dedekind Cuts of Rationals</title>
<link>/entries/Dedekind_Real.html</link>
<pubDate>Thu, 24 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Dedekind_Real.html</guid>
<description></description>
</item>
<item>
<title>Ackermann&#39;s Function Is Not Primitive Recursive</title>
<link>/entries/Ackermanns_not_PR.html</link>
<pubDate>Wed, 23 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Ackermanns_not_PR.html</guid>
<description></description>
</item>
<item>
<title>A Naive Prover for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc3.html</link>
<pubDate>Tue, 22 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc3.html</guid>
<description></description>
</item>
<item>
<title>A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent</title>
<link>/entries/Cotangent_PFD_Formula.html</link>
<pubDate>Tue, 15 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Cotangent_PFD_Formula.html</guid>
<description></description>
</item>
<item>
<title>The Independence of the Continuum Hypothesis in Isabelle/ZF</title>
<link>/entries/Independence_CH.html</link>
<pubDate>Sun, 06 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Independence_CH.html</guid>
<description></description>
</item>
<item>
<title>Transitive Models of Fragments of ZFC</title>
<link>/entries/Transitive_Models.html</link>
<pubDate>Thu, 03 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Transitive_Models.html</guid>
<description></description>
</item>
<item>
<title>Residuated Transition Systems</title>
<link>/entries/ResiduatedTransitionSystem.html</link>
<pubDate>Mon, 28 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/ResiduatedTransitionSystem.html</guid>
<description></description>
</item>
<item>
<title>Universal Hash Families</title>
<link>/entries/Universal_Hash_Families.html</link>
<pubDate>Sun, 20 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Universal_Hash_Families.html</guid>
<description></description>
</item>
<item>
<title>Wetzel&#39;s Problem and the Continuum Hypothesis</title>
<link>/entries/Wetzels_Problem.html</link>
<pubDate>Fri, 18 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Wetzels_Problem.html</guid>
<description></description>
</item>
<item>
<title>First-Order Query Evaluation</title>
<link>/entries/Eval_FO.html</link>
<pubDate>Tue, 15 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Eval_FO.html</guid>
<description></description>
</item>
<item>
<title>Multi-Head Monitoring of Metric Dynamic Logic</title>
<link>/entries/VYDRA_MDL.html</link>
<pubDate>Sun, 13 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/VYDRA_MDL.html</guid>
<description></description>
</item>
<item>
<title>Enumeration of Equivalence Relations</title>
<link>/entries/Equivalence_Relation_Enumeration.html</link>
<pubDate>Fri, 04 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Equivalence_Relation_Enumeration.html</guid>
<description></description>
</item>
<item>
<title>Duality of Linear Programming</title>
<link>/entries/LP_Duality.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/LP_Duality.html</guid>
<description></description>
</item>
<item>
<title>Quasi-Borel Spaces</title>
<link>/entries/Quasi_Borel_Spaces.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Quasi_Borel_Spaces.html</guid>
<description></description>
</item>
<item>
<title>First-Order Theory of Rewriting</title>
<link>/entries/FO_Theory_Rewriting.html</link>
<pubDate>Wed, 02 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/FO_Theory_Rewriting.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus Prover for First-Order Logic with Functions</title>
<link>/entries/FOL_Seq_Calc2.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc2.html</guid>
<description></description>
</item>
<item>
<title>Young&#39;s Inequality for Increasing Functions</title>
<link>/entries/Youngs_Inequality.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Youngs_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Interpolation Polynomials (in HOL-Algebra)</title>
<link>/entries/Interpolation_Polynomials_HOL_Algebra.html</link>
<pubDate>Sat, 29 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Interpolation_Polynomials_HOL_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Median Method</title>
<link>/entries/Median_Method.html</link>
<pubDate>Tue, 25 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Median_Method.html</guid>
<description></description>
</item>
<item>
<title>Actuarial Mathematics</title>
<link>/entries/Actuarial_Mathematics.html</link>
<pubDate>Sun, 23 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Actuarial_Mathematics.html</guid>
<description></description>
</item>
<item>
<title>Irrational numbers from THE BOOK</title>
<link>/entries/Irrationals_From_THEBOOK.html</link>
<pubDate>Sat, 08 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Irrationals_From_THEBOOK.html</guid>
<description></description>
</item>
<item>
<title>Knight&#39;s Tour Revisited Revisited</title>
<link>/entries/Knights_Tour.html</link>
<pubDate>Tue, 04 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Knights_Tour.html</guid>
<description></description>
</item>
<item>
<title>Hyperdual Numbers and Forward Differentiation</title>
<link>/entries/Hyperdual.html</link>
<pubDate>Fri, 31 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hyperdual.html</guid>
<description></description>
</item>
<item>
<title>Gale-Shapley Algorithm</title>
<link>/entries/Gale_Shapley.html</link>
<pubDate>Wed, 29 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Gale_Shapley.html</guid>
<description></description>
</item>
<item>
<title>Roth&#39;s Theorem on Arithmetic Progressions</title>
<link>/entries/Roth_Arithmetic_Progressions.html</link>
<pubDate>Tue, 28 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Roth_Arithmetic_Progressions.html</guid>
<description></description>
</item>
<item>
<title>Markov Decision Processes with Rewards</title>
<link>/entries/MDP-Rewards.html</link>
<pubDate>Thu, 16 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/MDP-Rewards.html</guid>
<description></description>
</item>
<item>
<title>Verified Algorithms for Solving Markov Decision Processes</title>
<link>/entries/MDP-Algorithms.html</link>
<pubDate>Thu, 16 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/MDP-Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Regular Tree Relations</title>
<link>/entries/Regular_Tree_Relations.html</link>
<pubDate>Wed, 15 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Regular_Tree_Relations.html</guid>
<description></description>
</item>
<item>
<title>Simplicial Complexes and Boolean functions</title>
<link>/entries/Simplicial_complexes_and_boolean_functions.html</link>
<pubDate>Mon, 29 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Simplicial_complexes_and_boolean_functions.html</guid>
<description></description>
</item>
<item>
<title>van Emde Boas Trees</title>
<link>/entries/Van_Emde_Boas_Trees.html</link>
<pubDate>Tue, 23 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Van_Emde_Boas_Trees.html</guid>
<description></description>
</item>
<item>
<title>Foundation of geometry in planes, and some complements: Excluding the parallel axioms</title>
<link>/entries/Foundation_of_geometry.html</link>
<pubDate>Mon, 22 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Foundation_of_geometry.html</guid>
<description></description>
</item>
<item>
<title>The Hahn and Jordan Decomposition Theorems</title>
<link>/entries/Hahn_Jordan_Decomposition.html</link>
<pubDate>Fri, 19 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hahn_Jordan_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL</title>
<link>/entries/PAL.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/PAL.html</guid>
<description></description>
</item>
<item>
<title>Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</title>
<link>/entries/SimplifiedOntologicalArgument.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/SimplifiedOntologicalArgument.html</guid>
<description></description>
</item>
<item>
<title>Factorization of Polynomials with Algebraic Coefficients</title>
<link>/entries/Factor_Algebraic_Polynomial.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Factor_Algebraic_Polynomial.html</guid>
<description></description>
</item>
<item>
<title>Real Exponents as the Limits of Sequences of Rational Exponents</title>
<link>/entries/Real_Power.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Real_Power.html</guid>
<description></description>
</item>
<item>
<title>Szemerédi&#39;s Regularity Lemma</title>
<link>/entries/Szemeredi_Regularity.html</link>
<pubDate>Fri, 05 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Szemeredi_Regularity.html</guid>
<description></description>
</item>
<item>
<title>Quantum and Classical Registers</title>
<link>/entries/Registers.html</link>
<pubDate>Thu, 28 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Registers.html</guid>
<description></description>
</item>
<item>
<title>Belief Revision Theory</title>
<link>/entries/Belief_Revision.html</link>
<pubDate>Tue, 19 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Belief_Revision.html</guid>
<description></description>
</item>
<item>
<title>X86 instruction semantics and basic block symbolic execution</title>
<link>/entries/X86_Semantics.html</link>
<pubDate>Wed, 13 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/X86_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations</title>
<link>/entries/Correctness_Algebras.html</link>
<pubDate>Tue, 12 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Correctness_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Verified Quadratic Virtual Substitution for Real Arithmetic</title>
<link>/entries/Virtual_Substitution.html</link>
<pubDate>Sat, 02 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Virtual_Substitution.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of an Axiomatic System for First-Order Logic</title>
<link>/entries/FOL_Axiomatic.html</link>
<pubDate>Fri, 24 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Axiomatic.html</guid>
<description></description>
</item>
<item>
<title>Complex Bounded Operators</title>
<link>/entries/Complex_Bounded_Operators.html</link>
<pubDate>Sat, 18 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Complex_Bounded_Operators.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Weighted Path Orders and Recursive Path Orders</title>
<link>/entries/Weighted_Path_Order.html</link>
<pubDate>Thu, 16 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Weighted_Path_Order.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories</title>
<link>/entries/CZH_Foundations.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Foundations.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories</title>
<link>/entries/CZH_Elementary_Categories.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Elementary_Categories.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL III: Universal Constructions</title>
<link>/entries/CZH_Universal_Constructions.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Universal_Constructions.html</guid>
<description></description>
</item>
<item>
<title>Conditional Simplification</title>
<link>/entries/Conditional_Simplification.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Conditional_Simplification.html</guid>
<description></description>
</item>
<item>
<title>Conditional Transfer Rule</title>
<link>/entries/Conditional_Transfer_Rule.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Conditional_Transfer_Rule.html</guid>
<description></description>
</item>
<item>
<title>Extension of Types-To-Sets</title>
<link>/entries/Types_To_Sets_Extension.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Types_To_Sets_Extension.html</guid>
<description></description>
</item>
<item>
<title>IDE: Introduction, Destruction, Elimination</title>
<link>/entries/Intro_Dest_Elim.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Intro_Dest_Elim.html</guid>
<description></description>
</item>
<item>
<title>A data flow analysis algorithm for computing dominators</title>
<link>/entries/Dominance_CHK.html</link>
<pubDate>Sun, 05 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Dominance_CHK.html</guid>
<description></description>
</item>
<item>
<title>Solving Cubic and Quartic Equations</title>
<link>/entries/Cubic_Quartic_Equations.html</link>
<pubDate>Fri, 03 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Cubic_Quartic_Equations.html</guid>
<description></description>
</item>
<item>
<title>Logging-independent Message Anonymity in the Relational Method</title>
<link>/entries/Logging_Independent_Anonymity.html</link>
<pubDate>Thu, 26 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Logging_Independent_Anonymity.html</guid>
<description></description>
</item>
<item>
<title>The Theorem of Three Circles</title>
<link>/entries/Three_Circles.html</link>
<pubDate>Sat, 21 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Three_Circles.html</guid>
<description></description>
</item>
<item>
<title>CoCon: A Confidentiality-Verified Conference Management System</title>
<link>/entries/CoCon.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoCon.html</guid>
<description></description>
</item>
<item>
<title>Compositional BD Security</title>
<link>/entries/BD_Security_Compositional.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/BD_Security_Compositional.html</guid>
<description></description>
</item>
<item>
<title>CoSMed: A confidentiality-verified social media platform</title>
<link>/entries/CoSMed.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoSMed.html</guid>
<description></description>
</item>
<item>
<title>CoSMeDis: A confidentiality-verified distributed social media platform</title>
<link>/entries/CoSMeDis.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoSMeDis.html</guid>
<description></description>
</item>
<item>
<title>Fresh identifiers</title>
<link>/entries/Fresh_Identifiers.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Fresh_Identifiers.html</guid>
<description></description>
</item>
<item>
<title>Combinatorial Design Theory</title>
<link>/entries/Design_Theory.html</link>
<pubDate>Fri, 13 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Design_Theory.html</guid>
<description></description>
</item>
<item>
<title>Relational Forests</title>
<link>/entries/Relational_Forests.html</link>
<pubDate>Tue, 03 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Forests.html</guid>
<description></description>
</item>
<item>
<title>Schutz&#39; Independent Axioms for Minkowski Spacetime</title>
<link>/entries/Schutz_Spacetime.html</link>
<pubDate>Tue, 27 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/Schutz_Spacetime.html</guid>
<description></description>
</item>
<item>
<title>Finitely Generated Abelian Groups</title>
<link>/entries/Finitely_Generated_Abelian_Groups.html</link>
<pubDate>Wed, 07 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/Finitely_Generated_Abelian_Groups.html</guid>
<description></description>
</item>
<item>
<title>SpecCheck - Specification-Based Testing for Isabelle/ML</title>
<link>/entries/SpecCheck.html</link>
<pubDate>Thu, 01 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/SpecCheck.html</guid>
<description></description>
</item>
<item>
<title>Van der Waerden&#39;s Theorem</title>
<link>/entries/Van_der_Waerden.html</link>
<pubDate>Tue, 22 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/Van_der_Waerden.html</guid>
<description></description>
</item>
<item>
<title>MiniSail - A kernel language for the ISA specification language SAIL</title>
<link>/entries/MiniSail.html</link>
<pubDate>Fri, 18 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/MiniSail.html</guid>
<description></description>
</item>
<item>
<title>Public Announcement Logic</title>
<link>/entries/Public_Announcement_Logic.html</link>
<pubDate>Thu, 17 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/Public_Announcement_Logic.html</guid>
<description></description>
</item>
<item>
<title>A Shorter Compiler Correctness Proof for Language IMP</title>
<link>/entries/IMP_Compiler.html</link>
<pubDate>Fri, 04 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/IMP_Compiler.html</guid>
<description></description>
</item>
<item>
<title>Combinatorics on Words Basics</title>
<link>/entries/Combinatorics_Words.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words.html</guid>
<description></description>
</item>
<item>
<title>Graph Lemma</title>
<link>/entries/Combinatorics_Words_Graph_Lemma.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words_Graph_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Lyndon words</title>
<link>/entries/Combinatorics_Words_Lyndon.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words_Lyndon.html</guid>
<description></description>
</item>
<item>
<title>Regression Test Selection</title>
<link>/entries/Regression_Test_Selection.html</link>
<pubDate>Fri, 30 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Regression_Test_Selection.html</guid>
<description></description>
</item>
<item>
<title>Isabelle&#39;s Metalogic: Formalization and Proof Checker</title>
<link>/entries/Metalogic_ProofChecker.html</link>
<pubDate>Tue, 27 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Metalogic_ProofChecker.html</guid>
<description></description>
</item>
<item>
<title>Lifting the Exponent</title>
<link>/entries/Lifting_the_Exponent.html</link>
<pubDate>Tue, 27 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Lifting_the_Exponent.html</guid>
<description></description>
</item>
<item>
<title>The BKR Decision Procedure for Univariate Real Arithmetic</title>
<link>/entries/BenOr_Kozen_Reif.html</link>
<pubDate>Sat, 24 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/BenOr_Kozen_Reif.html</guid>
<description></description>
</item>
<item>
<title>Gale-Stewart Games</title>
<link>/entries/GaleStewart_Games.html</link>
<pubDate>Fri, 23 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/GaleStewart_Games.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Timely Dataflow&#39;s Progress Tracking Protocol</title>
<link>/entries/Progress_Tracking.html</link>
<pubDate>Tue, 13 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Progress_Tracking.html</guid>
<description></description>
</item>
<item>
<title>Information Flow Control via Dependency Tracking</title>
<link>/entries/IFC_Tracking.html</link>
<pubDate>Thu, 01 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/IFC_Tracking.html</guid>
<description></description>
</item>
<item>
<title>Grothendieck&#39;s Schemes in Algebraic Geometry</title>
<link>/entries/Grothendieck_Schemes.html</link>
<pubDate>Mon, 29 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Grothendieck_Schemes.html</guid>
<description></description>
</item>
<item>
<title>Hensel&#39;s Lemma for the p-adic Integers</title>
<link>/entries/Padic_Ints.html</link>
<pubDate>Tue, 23 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Padic_Ints.html</guid>
<description></description>
</item>
<item>
<title>Constructive Cryptography in HOL: the Communication Modeling Aspect</title>
<link>/entries/Constructive_Cryptography_CM.html</link>
<pubDate>Wed, 17 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Constructive_Cryptography_CM.html</guid>
<description></description>
</item>
<item>
<title>Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation</title>
<link>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</link>
<pubDate>Fri, 12 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</guid>
<description></description>
</item>
<item>
<title>Quantum projective measurements and the CHSH inequality</title>
<link>/entries/Projective_Measurements.html</link>
<pubDate>Wed, 03 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Projective_Measurements.html</guid>
<description></description>
</item>
<item>
<title>The Hermite–Lindemann–Weierstraß Transcendence Theorem</title>
<link>/entries/Hermite_Lindemann.html</link>
<pubDate>Wed, 03 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hermite_Lindemann.html</guid>
<description></description>
</item>
<item>
<title>Mereology</title>
<link>/entries/Mereology.html</link>
<pubDate>Mon, 01 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Mereology.html</guid>
<description></description>
</item>
<item>
<title>The Sunflower Lemma of Erdős and Rado</title>
<link>/entries/Sunflowers.html</link>
<pubDate>Thu, 25 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Sunflowers.html</guid>
<description></description>
</item>
<item>
<title>A Verified Imperative Implementation of B-Trees</title>
<link>/entries/BTree.html</link>
<pubDate>Wed, 24 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/BTree.html</guid>
<description></description>
</item>
<item>
<title>Formal Puiseux Series</title>
<link>/entries/Formal_Puiseux_Series.html</link>
<pubDate>Wed, 17 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Formal_Puiseux_Series.html</guid>
<description></description>
</item>
<item>
<title>The Laws of Large Numbers</title>
<link>/entries/Laws_of_Large_Numbers.html</link>
<pubDate>Wed, 10 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Laws_of_Large_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Tarski&#39;s Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid</title>
<link>/entries/IsaGeoCoq.html</link>
<pubDate>Sun, 31 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/IsaGeoCoq.html</guid>
<description></description>
</item>
<item>
<title>Solution to the xkcd Blue Eyes puzzle</title>
<link>/entries/Blue_Eyes.html</link>
<pubDate>Sat, 30 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/Blue_Eyes.html</guid>
<description></description>
</item>
<item>
<title>Hood-Melville Queue</title>
<link>/entries/Hood_Melville_Queue.html</link>
<pubDate>Mon, 18 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hood_Melville_Queue.html</guid>
<description></description>
</item>
<item>
<title>JinjaDCI: a Java semantics with dynamic class initialization</title>
<link>/entries/JinjaDCI.html</link>
<pubDate>Mon, 11 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/JinjaDCI.html</guid>
<description></description>
</item>
<item>
<title>Cofinality and the Delta System Lemma</title>
<link>/entries/Delta_System_Lemma.html</link>
<pubDate>Sun, 27 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Delta_System_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Topological semantics for paraconsistent and paracomplete logics</title>
<link>/entries/Topological_Semantics.html</link>
<pubDate>Thu, 17 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Topological_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Relational Minimum Spanning Tree Algorithms</title>
<link>/entries/Relational_Minimum_Spanning_Trees.html</link>
<pubDate>Tue, 08 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Minimum_Spanning_Trees.html</guid>
<description></description>
</item>
<item>
<title>Inline Caching and Unboxing Optimization for Interpreters</title>
<link>/entries/Interpreter_Optimizations.html</link>
<pubDate>Mon, 07 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Interpreter_Optimizations.html</guid>
<description></description>
</item>
<item>
<title>The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols</title>
<link>/entries/Relational_Method.html</link>
<pubDate>Sat, 05 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Method.html</guid>
<description></description>
</item>
<item>
<title>Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information</title>
<link>/entries/Isabelle_Marries_Dirac.html</link>
<pubDate>Sun, 22 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_Marries_Dirac.html</guid>
<description></description>
</item>
<item>
<title>The HOL-CSP Refinement Toolkit</title>
<link>/entries/CSP_RefTK.html</link>
<pubDate>Thu, 19 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/CSP_RefTK.html</guid>
<description></description>
</item>
<item>
<title>AI Planning Languages Semantics</title>
<link>/entries/AI_Planning_Languages_Semantics.html</link>
<pubDate>Thu, 29 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/AI_Planning_Languages_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Verified SAT-Based AI Planning</title>
<link>/entries/Verified_SAT_Based_AI_Planning.html</link>
<pubDate>Thu, 29 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Verified_SAT_Based_AI_Planning.html</guid>
<description></description>
</item>
<item>
<title>A Sound Type System for Physical Quantities, Units, and Measurements</title>
<link>/entries/Physical_Quantities.html</link>
<pubDate>Tue, 20 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Physical_Quantities.html</guid>
<description></description>
</item>
<item>
<title>Finite Map Extras</title>
<link>/entries/Finite-Map-Extras.html</link>
<pubDate>Mon, 12 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Finite-Map-Extras.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Document Object Model with Shadow Roots</title>
<link>/entries/Shadow_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Shadow_DOM.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Safely Composable Document Object Model with Shadow Roots</title>
<link>/entries/Shadow_SC_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Shadow_SC_DOM.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Safely Composable Web Components</title>
<link>/entries/SC_DOM_Components.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/SC_DOM_Components.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Web Components</title>
<link>/entries/DOM_Components.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/DOM_Components.html</guid>
<description></description>
</item>
<item>
<title>The Safely Composable DOM</title>
<link>/entries/Core_SC_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Core_SC_DOM.html</guid>
<description></description>
</item>
<item>
<title>An Abstract Formalization of G&amp;ouml;del&#39;s Incompleteness Theorems</title>
<link>/entries/Goedel_Incompleteness.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_Incompleteness.html</guid>
<description></description>
</item>
<item>
<title>From Abstract to Concrete G&amp;ouml;del&#39;s Incompleteness Theorems&amp;mdash;Part I</title>
<link>/entries/Goedel_HFSet_Semantic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_HFSet_Semantic.html</guid>
<description></description>
</item>
<item>
<title>From Abstract to Concrete G&amp;ouml;del&#39;s Incompleteness Theorems&amp;mdash;Part II</title>
<link>/entries/Goedel_HFSet_Semanticless.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_HFSet_Semanticless.html</guid>
<description></description>
</item>
<item>
<title>Robinson Arithmetic</title>
<link>/entries/Robinson_Arithmetic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Robinson_Arithmetic.html</guid>
<description></description>
</item>
<item>
<title>Syntax-Independent Logic Infrastructure</title>
<link>/entries/Syntax_Independent_Logic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Syntax_Independent_Logic.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of Extended Finite State Machines</title>
<link>/entries/Extended_Finite_State_Machines.html</link>
<pubDate>Mon, 07 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Extended_Finite_State_Machines.html</guid>
<description></description>
</item>
<item>
<title>Inference of Extended Finite State Machines</title>
<link>/entries/Extended_Finite_State_Machine_Inference.html</link>
<pubDate>Mon, 07 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Extended_Finite_State_Machine_Inference.html</guid>
<description></description>
</item>
<item>
<title>Practical Algebraic Calculus Checker</title>
<link>/entries/PAC_Checker.html</link>
<pubDate>Mon, 31 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/PAC_Checker.html</guid>
<description></description>
</item>
<item>
<title>Some classical results in inductive inference of recursive functions</title>
<link>/entries/Inductive_Inference.html</link>
<pubDate>Mon, 31 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Inductive_Inference.html</guid>
<description></description>
</item>
<item>
<title>Relational Disjoint-Set Forests</title>
<link>/entries/Relational_Disjoint_Set_Forests.html</link>
<pubDate>Wed, 26 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Disjoint_Set_Forests.html</guid>
<description></description>
</item>
<item>
<title>Extensions to the Comprehensive Framework for Saturation Theorem Proving</title>
<link>/entries/Saturation_Framework_Extensions.html</link>
<pubDate>Tue, 25 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Saturation_Framework_Extensions.html</guid>
<description></description>
</item>
<item>
<title>Putting the `K&#39; into Bird&#39;s derivation of Knuth-Morris-Pratt string matching</title>
<link>/entries/BirdKMP.html</link>
<pubDate>Tue, 25 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/BirdKMP.html</guid>
<description></description>
</item>
<item>
<title>Amicable Numbers</title>
<link>/entries/Amicable_Numbers.html</link>
<pubDate>Tue, 04 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Amicable_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Ordinal Partitions</title>
<link>/entries/Ordinal_Partitions.html</link>
<pubDate>Mon, 03 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Ordinal_Partitions.html</guid>
<description></description>
</item>
<item>
<title>A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm</title>
<link>/entries/Chandy_Lamport.html</link>
<pubDate>Tue, 21 Jul 2020 00:00:00 +0000</pubDate>
<guid>/entries/Chandy_Lamport.html</guid>
<description></description>
</item>
<item>
<title>Relational Characterisations of Paths</title>
<link>/entries/Relational_Paths.html</link>
<pubDate>Mon, 13 Jul 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Paths.html</guid>
<description></description>
</item>
<item>
<title>A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles</title>
<link>/entries/Safe_Distance.html</link>
<pubDate>Mon, 01 Jun 2020 00:00:00 +0000</pubDate>
<guid>/entries/Safe_Distance.html</guid>
<description></description>
</item>
<item>
<title>A verified algorithm for computing the Smith normal form of a matrix</title>
<link>/entries/Smith_Normal_Form.html</link>
<pubDate>Sat, 23 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Smith_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>The Nash-Williams Partition Theorem</title>
<link>/entries/Nash_Williams.html</link>
<pubDate>Sat, 16 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Nash_Williams.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Knuth–Bendix Orders</title>
<link>/entries/Knuth_Bendix_Order.html</link>
<pubDate>Wed, 13 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Knuth_Bendix_Order.html</guid>
<description></description>
</item>
<item>
<title>Irrationality Criteria for Series by Erdős and Straus</title>
<link>/entries/Irrational_Series_Erdos_Straus.html</link>
<pubDate>Tue, 12 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Irrational_Series_Erdos_Straus.html</guid>
<description></description>
</item>
<item>
<title>Recursion Theorem in ZF</title>
<link>/entries/Recursion-Addition.html</link>
<pubDate>Mon, 11 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Recursion-Addition.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</title>
<link>/entries/LTL_Normal_Form.html</link>
<pubDate>Fri, 08 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Forcing in Isabelle/ZF</title>
<link>/entries/Forcing.html</link>
<pubDate>Wed, 06 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Forcing.html</guid>
<description></description>
</item>
<item>
<title>Banach-Steinhaus Theorem</title>
<link>/entries/Banach_Steinhaus.html</link>
<pubDate>Sat, 02 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Banach_Steinhaus.html</guid>
<description></description>
</item>
<item>
<title>Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems</title>
<link>/entries/Attack_Trees.html</link>
<pubDate>Mon, 27 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Attack_Trees.html</guid>
<description></description>
</item>
<item>
<title>Gaussian Integers</title>
<link>/entries/Gaussian_Integers.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Gaussian_Integers.html</guid>
<description></description>
</item>
<item>
<title>Power Sum Polynomials</title>
<link>/entries/Power_Sum_Polynomials.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Power_Sum_Polynomials.html</guid>
<description></description>
</item>
<item>
<title>The Lambert W Function on the Reals</title>
<link>/entries/Lambert_W.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Lambert_W.html</guid>
<description></description>
</item>
<item>
<title>Matrices for ODEs</title>
<link>/entries/Matrices_for_ODEs.html</link>
<pubDate>Sun, 19 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Matrices_for_ODEs.html</guid>
<description></description>
</item>
<item>
<title>Authenticated Data Structures As Functors</title>
<link>/entries/ADS_Functor.html</link>
<pubDate>Thu, 16 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/ADS_Functor.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows</title>
<link>/entries/Sliding_Window_Algorithm.html</link>
<pubDate>Fri, 10 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Sliding_Window_Algorithm.html</guid>
<description></description>
</item>
<item>
<title>A Comprehensive Framework for Saturation Theorem Proving</title>
<link>/entries/Saturation_Framework.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Saturation_Framework.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</title>
<link>/entries/MFODL_Monitor_Optimized.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/MFODL_Monitor_Optimized.html</guid>
<description></description>
</item>
<item>
<title>Automated Stateful Protocol Verification</title>
<link>/entries/Automated_Stateful_Protocol_Verification.html</link>
<pubDate>Wed, 08 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Automated_Stateful_Protocol_Verification.html</guid>
<description></description>
</item>
<item>
<title>Stateful Protocol Composition and Typing</title>
<link>/entries/Stateful_Protocol_Composition_and_Typing.html</link>
<pubDate>Wed, 08 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Stateful_Protocol_Composition_and_Typing.html</guid>
<description></description>
</item>
<item>
<title>Lucas&#39;s Theorem</title>
<link>/entries/Lucas_Theorem.html</link>
<pubDate>Tue, 07 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Lucas_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Strong Eventual Consistency of the Collaborative Editing Framework WOOT</title>
<link>/entries/WOOT_Strong_Eventual_Consistency.html</link>
<pubDate>Wed, 25 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/WOOT_Strong_Eventual_Consistency.html</guid>
<description></description>
</item>
<item>
<title>Furstenberg&#39;s topology and his proof of the infinitude of primes</title>
<link>/entries/Furstenberg_Topology.html</link>
<pubDate>Sun, 22 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Furstenberg_Topology.html</guid>
<description></description>
</item>
<item>
<title>An Under-Approximate Relational Logic</title>
<link>/entries/Relational-Incorrectness-Logic.html</link>
<pubDate>Thu, 12 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational-Incorrectness-Logic.html</guid>
<description></description>
</item>
<item>
<title>Hello World</title>
<link>/entries/Hello_World.html</link>
<pubDate>Sat, 07 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Hello_World.html</guid>
<description></description>
</item>
<item>
<title>Implementing the Goodstein Function in &amp;lambda;-Calculus</title>
<link>/entries/Goodstein_Lambda.html</link>
<pubDate>Fri, 21 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goodstein_Lambda.html</guid>
<description></description>
</item>
<item>
<title>A Generic Framework for Verified Compilers</title>
<link>/entries/VeriComp.html</link>
<pubDate>Mon, 10 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/VeriComp.html</guid>
<description></description>
</item>
<item>
<title>Arithmetic progressions and relative primes</title>
<link>/entries/Arith_Prog_Rel_Primes.html</link>
<pubDate>Sat, 01 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/Arith_Prog_Rel_Primes.html</guid>
<description></description>
</item>
<item>
<title>A Hierarchy of Algebras for Boolean Subsets</title>
<link>/entries/Subset_Boolean_Algebras.html</link>
<pubDate>Fri, 31 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Subset_Boolean_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Mersenne primes and the Lucas–Lehmer test</title>
<link>/entries/Mersenne_Primes.html</link>
<pubDate>Fri, 17 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Mersenne_Primes.html</guid>
<description></description>
</item>
<item>
<title>Verified Approximation Algorithms</title>
<link>/entries/Approximation_Algorithms.html</link>
<pubDate>Thu, 16 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Approximation_Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Closest Pair of Points Algorithms</title>
<link>/entries/Closest_Pair_Points.html</link>
<pubDate>Mon, 13 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Closest_Pair_Points.html</guid>
<description></description>
</item>
<item>
<title>Skip Lists</title>
<link>/entries/Skip_Lists.html</link>
<pubDate>Thu, 09 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Skip_Lists.html</guid>
<description></description>
</item>
<item>
<title>Bicategories</title>
<link>/entries/Bicategory.html</link>
<pubDate>Mon, 06 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Bicategory.html</guid>
<description></description>
</item>
<item>
<title>The Irrationality of ζ(3)</title>
<link>/entries/Zeta_3_Irrational.html</link>
<pubDate>Fri, 27 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Zeta_3_Irrational.html</guid>
<description></description>
</item>
<item>
<title>Formalizing a Seligman-Style Tableau System for Hybrid Logic</title>
<link>/entries/Hybrid_Logic.html</link>
<pubDate>Fri, 20 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Logic.html</guid>
<description></description>
</item>
<item>
<title>The Poincaré-Bendixson Theorem</title>
<link>/entries/Poincare_Bendixson.html</link>
<pubDate>Wed, 18 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Poincare_Bendixson.html</guid>
<description></description>
</item>
<item>
<title>Complex Geometry</title>
<link>/entries/Complex_Geometry.html</link>
<pubDate>Mon, 16 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Complex_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Poincaré Disc Model</title>
<link>/entries/Poincare_Disc.html</link>
<pubDate>Mon, 16 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Poincare_Disc.html</guid>
<description></description>
</item>
<item>
<title>Gauss Sums and the Pólya–Vinogradov Inequality</title>
<link>/entries/Gauss_Sums.html</link>
<pubDate>Tue, 10 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Gauss_Sums.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges</title>
<link>/entries/Generalized_Counting_Sort.html</link>
<pubDate>Wed, 04 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generalized_Counting_Sort.html</guid>
<description></description>
</item>
<item>
<title>Interval Arithmetic on 32-bit Words</title>
<link>/entries/Interval_Arithmetic_Word32.html</link>
<pubDate>Wed, 27 Nov 2019 00:00:00 +0000</pubDate>
<guid>/entries/Interval_Arithmetic_Word32.html</guid>
<description></description>
</item>
<item>
<title>Zermelo Fraenkel Set Theory in Higher-Order Logic</title>
<link>/entries/ZFC_in_HOL.html</link>
<pubDate>Thu, 24 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/ZFC_in_HOL.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/C</title>
<link>/entries/Isabelle_C.html</link>
<pubDate>Tue, 22 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_C.html</guid>
<description></description>
</item>
<item>
<title>VerifyThis 2019 -- Polished Isabelle Solutions</title>
<link>/entries/VerifyThis2019.html</link>
<pubDate>Wed, 16 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/VerifyThis2019.html</guid>
<description></description>
</item>
<item>
<title>Aristotle&#39;s Assertoric Syllogistic</title>
<link>/entries/Aristotles_Assertoric_Syllogistic.html</link>
<pubDate>Tue, 08 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Aristotles_Assertoric_Syllogistic.html</guid>
<description></description>
</item>
<item>
<title>Sigma Protocols and Commitment Schemes</title>
<link>/entries/Sigma_Commit_Crypto.html</link>
<pubDate>Mon, 07 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Sigma_Commit_Crypto.html</guid>
<description></description>
</item>
<item>
<title>Clean - An Abstract Imperative Programming Language and its Theory</title>
<link>/entries/Clean.html</link>
<pubDate>Fri, 04 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Clean.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Multiway-Join Algorithms</title>
<link>/entries/Generic_Join.html</link>
<pubDate>Mon, 16 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generic_Join.html</guid>
<description></description>
</item>
<item>
<title>Verification Components for Hybrid Systems</title>
<link>/entries/Hybrid_Systems_VCs.html</link>
<pubDate>Tue, 10 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Systems_VCs.html</guid>
<description></description>
</item>
<item>
<title>Fourier Series</title>
<link>/entries/Fourier.html</link>
<pubDate>Fri, 06 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Fourier.html</guid>
<description></description>
</item>
<item>
<title>A Case Study in Basic Algebra</title>
<link>/entries/Jacobson_Basic_Algebra.html</link>
<pubDate>Fri, 30 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Jacobson_Basic_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Formalisation of an Adaptive State Counting Algorithm</title>
<link>/entries/Adaptive_State_Counting.html</link>
<pubDate>Fri, 16 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Adaptive_State_Counting.html</guid>
<description></description>
</item>
<item>
<title>Laplace Transform</title>
<link>/entries/Laplace_Transform.html</link>
<pubDate>Wed, 14 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Laplace_Transform.html</guid>
<description></description>
</item>
<item>
<title>Communicating Concurrent Kleene Algebra for Distributed Systems Specification</title>
<link>/entries/C2KA_DistributedSystems.html</link>
<pubDate>Tue, 06 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/C2KA_DistributedSystems.html</guid>
<description></description>
</item>
<item>
<title>Linear Programming</title>
<link>/entries/Linear_Programming.html</link>
<pubDate>Tue, 06 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Programming.html</guid>
<description></description>
</item>
<item>
<title>Selected Problems from the International Mathematical Olympiad 2019</title>
<link>/entries/IMO2019.html</link>
<pubDate>Mon, 05 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMO2019.html</guid>
<description></description>
</item>
<item>
<title>Stellar Quorum Systems</title>
<link>/entries/Stellar_Quorums.html</link>
<pubDate>Thu, 01 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Stellar_Quorums.html</guid>
<description></description>
</item>
<item>
<title>A Formal Development of a Polychronous Polytimed Coordination Language</title>
<link>/entries/TESL_Language.html</link>
<pubDate>Tue, 30 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/TESL_Language.html</guid>
<description></description>
</item>
<item>
<title>Order Extension and Szpilrajn&#39;s Extension Theorem</title>
<link>/entries/Szpilrajn.html</link>
<pubDate>Sat, 27 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/Szpilrajn.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc1.html</link>
<pubDate>Thu, 18 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc1.html</guid>
<description></description>
</item>
<item>
<title>A Verified Code Generator from Isabelle/HOL to CakeML</title>
<link>/entries/CakeML_Codegen.html</link>
<pubDate>Mon, 08 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/CakeML_Codegen.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</title>
<link>/entries/MFOTL_Monitor.html</link>
<pubDate>Thu, 04 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/MFOTL_Monitor.html</guid>
<description></description>
</item>
<item>
<title>Complete Non-Orders and Fixed Points</title>
<link>/entries/Complete_Non_Orders.html</link>
<pubDate>Thu, 27 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Complete_Non_Orders.html</guid>
<description></description>
</item>
<item>
<title>Priority Search Trees</title>
<link>/entries/Priority_Search_Trees.html</link>
<pubDate>Tue, 25 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Priority_Search_Trees.html</guid>
<description></description>
</item>
<item>
<title>Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra</title>
<link>/entries/Prim_Dijkstra_Simple.html</link>
<pubDate>Tue, 25 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Prim_Dijkstra_Simple.html</guid>
<description></description>
</item>
<item>
<title>Linear Inequalities</title>
<link>/entries/Linear_Inequalities.html</link>
<pubDate>Fri, 21 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Inequalities.html</guid>
<description></description>
</item>
<item>
<title>Hilbert&#39;s Nullstellensatz</title>
<link>/entries/Nullstellensatz.html</link>
<pubDate>Sun, 16 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Nullstellensatz.html</guid>
<description></description>
</item>
<item>
<title>Gröbner Bases, Macaulay Matrices and Dubé&#39;s Degree Bounds</title>
<link>/entries/Groebner_Macaulay.html</link>
<pubDate>Sat, 15 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Groebner_Macaulay.html</guid>
<description></description>
</item>
<item>
<title>Binary Heaps for IMP2</title>
<link>/entries/IMP2_Binary_Heap.html</link>
<pubDate>Thu, 13 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2_Binary_Heap.html</guid>
<description></description>
</item>
<item>
<title>Differential Game Logic</title>
<link>/entries/Differential_Game_Logic.html</link>
<pubDate>Mon, 03 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Game_Logic.html</guid>
<description></description>
</item>
<item>
<title>Multidimensional Binary Search Trees</title>
<link>/entries/KD_Tree.html</link>
<pubDate>Thu, 30 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/KD_Tree.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Generic Authenticated Data Structures</title>
<link>/entries/LambdaAuth.html</link>
<pubDate>Tue, 14 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/LambdaAuth.html</guid>
<description></description>
</item>
<item>
<title>Multi-Party Computation</title>
<link>/entries/Multi_Party_Computation.html</link>
<pubDate>Thu, 09 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/Multi_Party_Computation.html</guid>
<description></description>
</item>
<item>
<title>HOL-CSP Version 2.0</title>
<link>/entries/HOL-CSP.html</link>
<pubDate>Fri, 26 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/HOL-CSP.html</guid>
<description></description>
</item>
<item>
<title>A Compositional and Unified Translation of LTL into ω-Automata</title>
<link>/entries/LTL_Master_Theorem.html</link>
<pubDate>Tue, 16 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Master_Theorem.html</guid>
<description></description>
</item>
<item>
<title>A General Theory of Syntax with Bindings</title>
<link>/entries/Binding_Syntax_Theory.html</link>
<pubDate>Sat, 06 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/Binding_Syntax_Theory.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of Certain Infinite Series</title>
<link>/entries/Transcendence_Series_Hancl_Rucki.html</link>
<pubDate>Wed, 27 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Transcendence_Series_Hancl_Rucki.html</guid>
<description></description>
</item>
<item>
<title>Quantum Hoare Logic</title>
<link>/entries/QHLProver.html</link>
<pubDate>Sun, 24 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/QHLProver.html</guid>
<description></description>
</item>
<item>
<title>Safe OCL</title>
<link>/entries/Safe_OCL.html</link>
<pubDate>Sat, 09 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Safe_OCL.html</guid>
<description></description>
</item>
<item>
<title>Elementary Facts About the Distribution of Primes</title>
<link>/entries/Prime_Distribution_Elementary.html</link>
<pubDate>Thu, 21 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Distribution_Elementary.html</guid>
<description></description>
</item>
<item>
<title>Kruskal&#39;s Algorithm for Minimum Spanning Forest</title>
<link>/entries/Kruskal.html</link>
<pubDate>Thu, 14 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Kruskal.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Primality Testing</title>
<link>/entries/Probabilistic_Prime_Tests.html</link>
<pubDate>Mon, 11 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Prime_Tests.html</guid>
<description></description>
</item>
<item>
<title>Universal Turing Machine</title>
<link>/entries/Universal_Turing_Machine.html</link>
<pubDate>Fri, 08 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Universal_Turing_Machine.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming</title>
<link>/entries/UTP.html</link>
<pubDate>Fri, 01 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/UTP.html</guid>
<description></description>
</item>
<item>
<title>The Inversions of a List</title>
<link>/entries/List_Inversions.html</link>
<pubDate>Fri, 01 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/List_Inversions.html</guid>
<description></description>
</item>
<item>
<title>Farkas&#39; Lemma and Motzkin&#39;s Transposition Theorem</title>
<link>/entries/Farkas.html</link>
<pubDate>Thu, 17 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Farkas.html</guid>
<description></description>
</item>
<item>
<title>An Algebra for Higher-Order Terms</title>
<link>/entries/Higher_Order_Terms.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Higher_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>IMP2 – Simple Program Verification in Isabelle/HOL</title>
<link>/entries/IMP2.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2.html</guid>
<description></description>
</item>
<item>
<title>A Reduction Theorem for Store Buffers</title>
<link>/entries/Store_Buffer_Reduction.html</link>
<pubDate>Mon, 07 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Store_Buffer_Reduction.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Document Object Model</title>
<link>/entries/Core_DOM.html</link>
<pubDate>Wed, 26 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Core_DOM.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Concurrent Revisions</title>
<link>/entries/Concurrent_Revisions.html</link>
<pubDate>Tue, 25 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Concurrent_Revisions.html</guid>
<description></description>
</item>
<item>
<title>Verifying Imperative Programs using Auto2</title>
<link>/entries/Auto2_Imperative_HOL.html</link>
<pubDate>Fri, 21 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Auto2_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Constructive Cryptography in HOL</title>
<link>/entries/Constructive_Cryptography.html</link>
<pubDate>Mon, 17 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Constructive_Cryptography.html</guid>
<description></description>
</item>
<item>
<title>Properties of Orderings and Lattices</title>
<link>/entries/Order_Lattice_Props.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Order_Lattice_Props.html</guid>
<description></description>
</item>
<item>
<title>Quantales</title>
<link>/entries/Quantales.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Quantales.html</guid>
<description></description>
</item>
<item>
<title>Transformer Semantics</title>
<link>/entries/Transformer_Semantics.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Transformer_Semantics.html</guid>
<description></description>
</item>
<item>
<title>A Verified Functional Implementation of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</title>
<link>/entries/Functional_Ordered_Resolution_Prover.html</link>
<pubDate>Fri, 23 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Functional_Ordered_Resolution_Prover.html</guid>
<description></description>
</item>
<item>
<title>Graph Saturation</title>
<link>/entries/Graph_Saturation.html</link>
<pubDate>Fri, 23 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Graph_Saturation.html</guid>
<description></description>
</item>
<item>
<title>Auto2 Prover</title>
<link>/entries/Auto2_HOL.html</link>
<pubDate>Tue, 20 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Auto2_HOL.html</guid>
<description></description>
</item>
<item>
<title>Matroids</title>
<link>/entries/Matroids.html</link>
<pubDate>Fri, 16 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Matroids.html</guid>
<description></description>
</item>
<item>
<title>Deriving generic class instances for datatypes</title>
<link>/entries/Generic_Deriving.html</link>
<pubDate>Tue, 06 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Generic_Deriving.html</guid>
<description></description>
</item>
<item>
<title>Formalisation and Evaluation of Alan Gewirth&#39;s Proof for the Principle of Generic Consistency in Isabelle/HOL</title>
<link>/entries/GewirthPGCProof.html</link>
<pubDate>Tue, 30 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/GewirthPGCProof.html</guid>
<description></description>
</item>
<item>
<title>Epistemic Logic: Completeness of Modal Logics</title>
<link>/entries/Epistemic_Logic.html</link>
<pubDate>Mon, 29 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Epistemic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Smooth Manifolds</title>
<link>/entries/Smooth_Manifolds.html</link>
<pubDate>Mon, 22 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Smooth_Manifolds.html</guid>
<description></description>
</item>
<item>
<title>Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_EPO.html</link>
<pubDate>Fri, 19 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_EPO.html</guid>
<description></description>
</item>
<item>
<title>Randomised Binary Search Trees</title>
<link>/entries/Randomised_BSTs.html</link>
<pubDate>Fri, 19 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Randomised_BSTs.html</guid>
<description></description>
</item>
<item>
<title>Upper Bounding Diameters of State Spaces of Factored Transition Systems</title>
<link>/entries/Factored_Transition_System_Bounding.html</link>
<pubDate>Fri, 12 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Factored_Transition_System_Bounding.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of π</title>
<link>/entries/Pi_Transcendental.html</link>
<pubDate>Fri, 28 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Pi_Transcendental.html</guid>
<description></description>
</item>
<item>
<title>Symmetric Polynomials</title>
<link>/entries/Symmetric_Polynomials.html</link>
<pubDate>Tue, 25 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Symmetric_Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Signature-Based Gröbner Basis Algorithms</title>
<link>/entries/Signature_Groebner.html</link>
<pubDate>Thu, 20 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Signature_Groebner.html</guid>
<description></description>
</item>
<item>
<title>The Prime Number Theorem</title>
<link>/entries/Prime_Number_Theorem.html</link>
<pubDate>Wed, 19 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Number_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Aggregation Algebras</title>
<link>/entries/Aggregation_Algebras.html</link>
<pubDate>Sat, 15 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Aggregation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Octonions</title>
<link>/entries/Octonions.html</link>
<pubDate>Fri, 14 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Octonions.html</guid>
<description></description>
</item>
<item>
<title>Quaternions</title>
<link>/entries/Quaternions.html</link>
<pubDate>Wed, 05 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Quaternions.html</guid>
<description></description>
</item>
<item>
<title>The Budan-Fourier Theorem and Counting Real Roots with Multiplicity</title>
<link>/entries/Budan_Fourier.html</link>
<pubDate>Sun, 02 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Budan_Fourier.html</guid>
<description></description>
</item>
<item>
<title>An Incremental Simplex Algorithm with Unsatisfiable Core Generation</title>
<link>/entries/Simplex.html</link>
<pubDate>Fri, 24 Aug 2018 00:00:00 +0000</pubDate>
<guid>/entries/Simplex.html</guid>
<description></description>
</item>
<item>
<title>Minsky Machines</title>
<link>/entries/Minsky_Machines.html</link>
<pubDate>Tue, 14 Aug 2018 00:00:00 +0000</pubDate>
<guid>/entries/Minsky_Machines.html</guid>
<description></description>
</item>
<item>
<title>Pricing in discrete financial models</title>
<link>/entries/DiscretePricing.html</link>
<pubDate>Mon, 16 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/DiscretePricing.html</guid>
<description></description>
</item>
<item>
<title>Von-Neumann-Morgenstern Utility Theorem</title>
<link>/entries/Neumann_Morgenstern_Utility.html</link>
<pubDate>Wed, 04 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/Neumann_Morgenstern_Utility.html</guid>
<description></description>
</item>
<item>
<title>Pell&#39;s Equation</title>
<link>/entries/Pell.html</link>
<pubDate>Sat, 23 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Pell.html</guid>
<description></description>
</item>
<item>
<title>Projective Geometry</title>
<link>/entries/Projective_Geometry.html</link>
<pubDate>Thu, 14 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Projective_Geometry.html</guid>
<description></description>
</item>
<item>
<title>The Localization of a Commutative Ring</title>
<link>/entries/Localization_Ring.html</link>
<pubDate>Thu, 14 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Localization_Ring.html</guid>
<description></description>
</item>
<item>
<title>Partial Order Reduction</title>
<link>/entries/Partial_Order_Reduction.html</link>
<pubDate>Tue, 05 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Partial_Order_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Optimal Binary Search Trees</title>
<link>/entries/Optimal_BST.html</link>
<pubDate>Sun, 27 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Optimal_BST.html</guid>
<description></description>
</item>
<item>
<title>Hidden Markov Models</title>
<link>/entries/Hidden_Markov_Models.html</link>
<pubDate>Fri, 25 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hidden_Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Timed Automata</title>
<link>/entries/Probabilistic_Timed_Automata.html</link>
<pubDate>Thu, 24 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Timed_Automata.html</guid>
<description></description>
</item>
<item>
<title>Axiom Systems for Category Theory in Free Logic</title>
<link>/entries/AxiomaticCategoryTheory.html</link>
<pubDate>Wed, 23 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/AxiomaticCategoryTheory.html</guid>
<description></description>
</item>
<item>
<title>Irrational Rapidly Convergent Series</title>
<link>/entries/Irrationality_J_Hancl.html</link>
<pubDate>Wed, 23 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Irrationality_J_Hancl.html</guid>
<description></description>
</item>
<item>
<title>Monadification, Memoization and Dynamic Programming</title>
<link>/entries/Monad_Memo_DP.html</link>
<pubDate>Tue, 22 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Monad_Memo_DP.html</guid>
<description></description>
</item>
<item>
<title>OpSets: Sequential Specifications for Replicated Datatypes</title>
<link>/entries/OpSets.html</link>
<pubDate>Thu, 10 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/OpSets.html</guid>
<description></description>
</item>
<item>
<title>An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties</title>
<link>/entries/Modular_Assembly_Kit_Security.html</link>
<pubDate>Mon, 07 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Modular_Assembly_Kit_Security.html</guid>
<description></description>
</item>
<item>
<title>WebAssembly</title>
<link>/entries/WebAssembly.html</link>
<pubDate>Sun, 29 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/WebAssembly.html</guid>
<description></description>
</item>
<item>
<title>VerifyThis 2018 - Polished Isabelle Solutions</title>
<link>/entries/VerifyThis2018.html</link>
<pubDate>Fri, 27 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/VerifyThis2018.html</guid>
<description></description>
</item>
<item>
<title>Bounded Natural Functors with Covariance and Contravariance</title>
<link>/entries/BNF_CC.html</link>
<pubDate>Tue, 24 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/BNF_CC.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency</title>
<link>/entries/Fishburn_Impossibility.html</link>
<pubDate>Thu, 22 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Fishburn_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Weight-Balanced Trees</title>
<link>/entries/Weight_Balanced_Trees.html</link>
<pubDate>Tue, 13 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Weight_Balanced_Trees.html</guid>
<description></description>
</item>
<item>
<title>CakeML</title>
<link>/entries/CakeML.html</link>
<pubDate>Mon, 12 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/CakeML.html</guid>
<description></description>
</item>
<item>
<title>A Theory of Architectural Design Patterns</title>
<link>/entries/Architectural_Design_Patterns.html</link>
<pubDate>Thu, 01 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Architectural_Design_Patterns.html</guid>
<description></description>
</item>
<item>
<title>Hoare Logics for Time Bounds</title>
<link>/entries/Hoare_Time.html</link>
<pubDate>Mon, 26 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hoare_Time.html</guid>
<description></description>
</item>
<item>
<title>A verified factorization algorithm for integer polynomials with polynomial complexity</title>
<link>/entries/LLL_Factorization.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/LLL_Factorization.html</guid>
<description></description>
</item>
<item>
<title>First-Order Terms</title>
<link>/entries/First_Order_Terms.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/First_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>The Error Function</title>
<link>/entries/Error_Function.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Error_Function.html</guid>
<description></description>
</item>
<item>
<title>Treaps</title>
<link>/entries/Treaps.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Treaps.html</guid>
<description></description>
</item>
<item>
<title>A verified LLL algorithm</title>
<link>/entries/LLL_Basis_Reduction.html</link>
<pubDate>Fri, 02 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/LLL_Basis_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</title>
<link>/entries/Ordered_Resolution_Prover.html</link>
<pubDate>Thu, 18 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Ordered_Resolution_Prover.html</guid>
<description></description>
</item>
<item>
<title>Gromov Hyperbolicity</title>
<link>/entries/Gromov_Hyperbolicity.html</link>
<pubDate>Tue, 16 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Gromov_Hyperbolicity.html</guid>
<description></description>
</item>
<item>
<title>An Isabelle/HOL formalisation of Green&#39;s Theorem</title>
<link>/entries/Green.html</link>
<pubDate>Thu, 11 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Green.html</guid>
<description></description>
</item>
<item>
<title>Taylor Models</title>
<link>/entries/Taylor_Models.html</link>
<pubDate>Mon, 08 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Taylor_Models.html</guid>
<description></description>
</item>
<item>
<title>The Falling Factorial of a Sum</title>
<link>/entries/Falling_Factorial_Sum.html</link>
<pubDate>Fri, 22 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Falling_Factorial_Sum.html</guid>
<description></description>
</item>
<item>
<title>Dirichlet L-Functions and Dirichlet&#39;s Theorem</title>
<link>/entries/Dirichlet_L.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dirichlet_L.html</guid>
<description></description>
</item>
<item>
<title>The Mason–Stothers Theorem</title>
<link>/entries/Mason_Stothers.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Mason_Stothers.html</guid>
<description></description>
</item>
<item>
<title>The Median-of-Medians Selection Algorithm</title>
<link>/entries/Median_Of_Medians_Selection.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Median_Of_Medians_Selection.html</guid>
<description></description>
</item>
<item>
<title>Operations on Bounded Natural Functors</title>
<link>/entries/BNF_Operations.html</link>
<pubDate>Tue, 19 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/BNF_Operations.html</guid>
<description></description>
</item>
<item>
<title>The string search algorithm by Knuth, Morris and Pratt</title>
<link>/entries/Knuth_Morris_Pratt.html</link>
<pubDate>Mon, 18 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Knuth_Morris_Pratt.html</guid>
<description></description>
</item>
<item>
<title>Stochastic Matrices and the Perron-Frobenius Theorem</title>
<link>/entries/Stochastic_Matrices.html</link>
<pubDate>Wed, 22 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stochastic_Matrices.html</guid>
<description></description>
</item>
<item>
<title>The IMAP CmRDT</title>
<link>/entries/IMAP-CRDT.html</link>
<pubDate>Thu, 09 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/IMAP-CRDT.html</guid>
<description></description>
</item>
<item>
<title>Hybrid Multi-Lane Spatial Logic</title>
<link>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</link>
<pubDate>Mon, 06 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</guid>
<description></description>
</item>
<item>
<title>The Kuratowski Closure-Complement Theorem</title>
<link>/entries/Kuratowski_Closure_Complement.html</link>
<pubDate>Thu, 26 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Kuratowski_Closure_Complement.html</guid>
<description></description>
</item>
<item>
<title>Büchi Complementation</title>
<link>/entries/Buchi_Complementation.html</link>
<pubDate>Thu, 19 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Buchi_Complementation.html</guid>
<description></description>
</item>
<item>
<title>Transition Systems and Automata</title>
<link>/entries/Transition_Systems_and_Automata.html</link>
<pubDate>Thu, 19 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Transition_Systems_and_Automata.html</guid>
<description></description>
</item>
<item>
<title>Count the Number of Complex Roots</title>
<link>/entries/Count_Complex_Roots.html</link>
<pubDate>Tue, 17 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Count_Complex_Roots.html</guid>
<description></description>
</item>
<item>
<title>Evaluate Winding Numbers through Cauchy Indices</title>
<link>/entries/Winding_Number_Eval.html</link>
<pubDate>Tue, 17 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Winding_Number_Eval.html</guid>
<description></description>
</item>
<item>
<title>Homogeneous Linear Diophantine Equations</title>
<link>/entries/Diophantine_Eqns_Lin_Hom.html</link>
<pubDate>Sat, 14 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Diophantine_Eqns_Lin_Hom.html</guid>
<description></description>
</item>
<item>
<title>Dirichlet Series</title>
<link>/entries/Dirichlet_Series.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dirichlet_Series.html</guid>
<description></description>
</item>
<item>
<title>Linear Recurrences</title>
<link>/entries/Linear_Recurrences.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Recurrences.html</guid>
<description></description>
</item>
<item>
<title>The Hurwitz and Riemann ζ Functions</title>
<link>/entries/Zeta_Function.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Zeta_Function.html</guid>
<description></description>
</item>
<item>
<title>Computer-assisted Reconstruction and Assessment of E. J. Lowe&#39;s Modal Ontological Argument</title>
<link>/entries/Lowe_Ontological_Argument.html</link>
<pubDate>Thu, 21 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/Lowe_Ontological_Argument.html</guid>
<description></description>
</item>
<item>
<title>Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL</title>
<link>/entries/PLM.html</link>
<pubDate>Sun, 17 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/PLM.html</guid>
<description></description>
</item>
<item>
<title>Anselm&#39;s God in Isabelle/HOL</title>
<link>/entries/AnselmGod.html</link>
<pubDate>Wed, 06 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/AnselmGod.html</guid>
<description></description>
</item>
<item>
<title>Microeconomics and the First Welfare Theorem</title>
<link>/entries/First_Welfare_Theorem.html</link>
<pubDate>Fri, 01 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/First_Welfare_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Orbit-Stabiliser Theorem with Application to Rotational Symmetries</title>
<link>/entries/Orbit_Stabiliser.html</link>
<pubDate>Sun, 20 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/Orbit_Stabiliser.html</guid>
<description></description>
</item>
<item>
<title>Root-Balanced Tree</title>
<link>/entries/Root_Balanced_Tree.html</link>
<pubDate>Sun, 20 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/Root_Balanced_Tree.html</guid>
<description></description>
</item>
<item>
<title>The LambdaMu-calculus</title>
<link>/entries/LambdaMu.html</link>
<pubDate>Wed, 16 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/LambdaMu.html</guid>
<description></description>
</item>
<item>
<title>Stewart&#39;s Theorem and Apollonius&#39; Theorem</title>
<link>/entries/Stewart_Apollonius.html</link>
<pubDate>Mon, 31 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stewart_Apollonius.html</guid>
<description></description>
</item>
<item>
<title>Dynamic Architectures</title>
<link>/entries/DynamicArchitectures.html</link>
<pubDate>Fri, 28 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/DynamicArchitectures.html</guid>
<description></description>
</item>
<item>
<title>Declarative Semantics for Functional Languages</title>
<link>/entries/Decl_Sem_Fun_PL.html</link>
<pubDate>Fri, 21 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Decl_Sem_Fun_PL.html</guid>
<description></description>
</item>
<item>
<title>HOLCF-Prelude</title>
<link>/entries/HOLCF-Prelude.html</link>
<pubDate>Sat, 15 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/HOLCF-Prelude.html</guid>
<description></description>
</item>
<item>
<title>Minkowski&#39;s Theorem</title>
<link>/entries/Minkowskis_Theorem.html</link>
<pubDate>Thu, 13 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Minkowskis_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus</title>
<link>/entries/Name_Carrying_Type_Inference.html</link>
<pubDate>Sun, 09 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Name_Carrying_Type_Inference.html</guid>
<description></description>
</item>
<item>
<title>A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes</title>
<link>/entries/CRDT.html</link>
<pubDate>Fri, 07 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/CRDT.html</guid>
<description></description>
</item>
<item>
<title>Stone-Kleene Relation Algebras</title>
<link>/entries/Stone_Kleene_Relation_Algebras.html</link>
<pubDate>Thu, 06 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Kleene_Relation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Propositional Proof Systems</title>
<link>/entries/Propositional_Proof_Systems.html</link>
<pubDate>Wed, 21 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Propositional_Proof_Systems.html</guid>
<description></description>
</item>
<item>
<title>Partial Semigroups and Convolution Algebras</title>
<link>/entries/PSemigroupsConvolution.html</link>
<pubDate>Tue, 13 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/PSemigroupsConvolution.html</guid>
<description></description>
</item>
<item>
<title>Buffon&#39;s Needle Problem</title>
<link>/entries/Buffons_Needle.html</link>
<pubDate>Tue, 06 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Buffons_Needle.html</guid>
<description></description>
</item>
<item>
<title>Flow Networks and the Min-Cut-Max-Flow Theorem</title>
<link>/entries/Flow_Networks.html</link>
<pubDate>Thu, 01 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Flow_Networks.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Push-Relabel Algorithms</title>
<link>/entries/Prpu_Maxflow.html</link>
<pubDate>Thu, 01 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Prpu_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>Optics</title>
<link>/entries/Optics.html</link>
<pubDate>Thu, 25 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Optics.html</guid>
<description></description>
</item>
<item>
<title>Developing Security Protocols by Refinement</title>
<link>/entries/Security_Protocol_Refinement.html</link>
<pubDate>Wed, 24 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Security_Protocol_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Dictionary Construction</title>
<link>/entries/Dict_Construction.html</link>
<pubDate>Wed, 24 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dict_Construction.html</guid>
<description></description>
</item>
<item>
<title>The Floyd-Warshall Algorithm for Shortest Paths</title>
<link>/entries/Floyd_Warshall.html</link>
<pubDate>Mon, 08 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Floyd_Warshall.html</guid>
<description></description>
</item>
<item>
<title>CryptHOL</title>
<link>/entries/CryptHOL.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/CryptHOL.html</guid>
<description></description>
</item>
<item>
<title>Effect polymorphism in higher-order logic</title>
<link>/entries/Monomorphic_Monad.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Monomorphic_Monad.html</guid>
<description></description>
</item>
<item>
<title>Game-based cryptography in HOL</title>
<link>/entries/Game_Based_Crypto.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Game_Based_Crypto.html</guid>
<description></description>
</item>
<item>
<title>Monad normalisation</title>
<link>/entries/Monad_Normalisation.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Monad_Normalisation.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic while loop</title>
<link>/entries/Probabilistic_While.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_While.html</guid>
<description></description>
</item>
<item>
<title>Monoidal Categories</title>
<link>/entries/MonoidalCategory.html</link>
<pubDate>Thu, 04 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/MonoidalCategory.html</guid>
<description></description>
</item>
<item>
<title>Types, Tableaus and Gödel’s God in Isabelle/HOL</title>
<link>/entries/Types_Tableaus_and_Goedels_God.html</link>
<pubDate>Mon, 01 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Types_Tableaus_and_Goedels_God.html</guid>
<description></description>
</item>
<item>
<title>Local Lexing</title>
<link>/entries/LocalLexing.html</link>
<pubDate>Fri, 28 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/LocalLexing.html</guid>
<description></description>
</item>
<item>
<title>Constructor Functions</title>
<link>/entries/Constructor_Funs.html</link>
<pubDate>Wed, 19 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Constructor_Funs.html</guid>
<description></description>
</item>
<item>
<title>Lazifying case constants</title>
<link>/entries/Lazy_Case.html</link>
<pubDate>Tue, 18 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Lazy_Case.html</guid>
<description></description>
</item>
<item>
<title>Subresultants</title>
<link>/entries/Subresultants.html</link>
<pubDate>Thu, 06 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Subresultants.html</guid>
<description></description>
</item>
<item>
<title>Expected Shape of Random Binary Search Trees</title>
<link>/entries/Random_BSTs.html</link>
<pubDate>Tue, 04 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Random_BSTs.html</guid>
<description></description>
</item>
<item>
<title>Lower bound on comparison-based sorting algorithms</title>
<link>/entries/Comparison_Sort_Lower_Bound.html</link>
<pubDate>Wed, 15 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Comparison_Sort_Lower_Bound.html</guid>
<description></description>
</item>
<item>
<title>The number of comparisons in QuickSort</title>
<link>/entries/Quick_Sort_Cost.html</link>
<pubDate>Wed, 15 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Quick_Sort_Cost.html</guid>
<description></description>
</item>
<item>
<title>The Euler–MacLaurin Formula</title>
<link>/entries/Euler_MacLaurin.html</link>
<pubDate>Fri, 10 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Euler_MacLaurin.html</guid>
<description></description>
</item>
<item>
<title>The Group Law for Elliptic Curves</title>
<link>/entries/Elliptic_Curves_Group_Law.html</link>
<pubDate>Tue, 28 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Elliptic_Curves_Group_Law.html</guid>
<description></description>
</item>
<item>
<title>Menger&#39;s Theorem</title>
<link>/entries/Menger.html</link>
<pubDate>Sun, 26 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Menger.html</guid>
<description></description>
</item>
<item>
<title>Differential Dynamic Logic</title>
<link>/entries/Differential_Dynamic_Logic.html</link>
<pubDate>Mon, 13 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Dynamic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Abstract Soundness</title>
<link>/entries/Abstract_Soundness.html</link>
<pubDate>Fri, 10 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Abstract_Soundness.html</guid>
<description></description>
</item>
<item>
<title>Stone Relation Algebras</title>
<link>/entries/Stone_Relation_Algebras.html</link>
<pubDate>Tue, 07 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Relation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Refining Authenticated Key Agreement with Strong Adversaries</title>
<link>/entries/Key_Agreement_Strong_Adversaries.html</link>
<pubDate>Tue, 31 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Key_Agreement_Strong_Adversaries.html</guid>
<description></description>
</item>
<item>
<title>Bernoulli Numbers</title>
<link>/entries/Bernoulli.html</link>
<pubDate>Tue, 24 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Bernoulli.html</guid>
<description></description>
</item>
<item>
<title>Bertrand&#39;s postulate</title>
<link>/entries/Bertrands_Postulate.html</link>
<pubDate>Tue, 17 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Bertrands_Postulate.html</guid>
<description></description>
</item>
<item>
<title>Minimal Static Single Assignment Form</title>
<link>/entries/Minimal_SSA.html</link>
<pubDate>Tue, 17 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Minimal_SSA.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of e</title>
<link>/entries/E_Transcendental.html</link>
<pubDate>Thu, 12 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/E_Transcendental.html</guid>
<description></description>
</item>
<item>
<title>Formal Network Models and Their Application to Firewall Policies</title>
<link>/entries/UPF_Firewall.html</link>
<pubDate>Sun, 08 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/UPF_Firewall.html</guid>
<description></description>
</item>
<item>
<title>Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method</title>
<link>/entries/Password_Authentication_Protocol.html</link>
<pubDate>Tue, 03 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Password_Authentication_Protocol.html</guid>
<description></description>
</item>
<item>
<title>First-Order Logic According to Harrison</title>
<link>/entries/FOL_Harrison.html</link>
<pubDate>Sun, 01 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Harrison.html</guid>
<description></description>
</item>
<item>
<title>Concurrent Refinement Algebra and Rely Quotients</title>
<link>/entries/Concurrent_Ref_Alg.html</link>
<pubDate>Fri, 30 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Concurrent_Ref_Alg.html</guid>
<description></description>
</item>
<item>
<title>The Twelvefold Way</title>
<link>/entries/Twelvefold_Way.html</link>
<pubDate>Thu, 29 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Twelvefold_Way.html</guid>
<description></description>
</item>
<item>
<title>Proof Strategy Language</title>
<link>/entries/Proof_Strategy_Language.html</link>
<pubDate>Tue, 20 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Proof_Strategy_Language.html</guid>
<description></description>
</item>
<item>
<title>Paraconsistency</title>
<link>/entries/Paraconsistency.html</link>
<pubDate>Wed, 07 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Paraconsistency.html</guid>
<description></description>
</item>
<item>
<title>COMPLX: A Verification Framework for Concurrent Imperative Programs</title>
<link>/entries/Complx.html</link>
<pubDate>Tue, 29 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Complx.html</guid>
<description></description>
</item>
<item>
<title>Abstract Interpretation of Annotated Commands</title>
<link>/entries/Abs_Int_ITP2012.html</link>
<pubDate>Wed, 23 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Abs_Int_ITP2012.html</guid>
<description></description>
</item>
<item>
<title>Separata: Isabelle tactics for Separation Algebra</title>
<link>/entries/Separata.html</link>
<pubDate>Wed, 16 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Separata.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_KBOs.html</link>
<pubDate>Sat, 12 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_KBOs.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals</title>
<link>/entries/Nested_Multisets_Ordinals.html</link>
<pubDate>Sat, 12 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Nested_Multisets_Ordinals.html</guid>
<description></description>
</item>
<item>
<title>Expressiveness of Deep Learning</title>
<link>/entries/Deep_Learning.html</link>
<pubDate>Thu, 10 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Deep_Learning.html</guid>
<description></description>
</item>
<item>
<title>Modal Logics for Nominal Transition Systems</title>
<link>/entries/Modal_Logics_for_NTS.html</link>
<pubDate>Tue, 25 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Modal_Logics_for_NTS.html</guid>
<description></description>
</item>
<item>
<title>Stable Matching</title>
<link>/entries/Stable_Matching.html</link>
<pubDate>Mon, 24 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stable_Matching.html</guid>
<description></description>
</item>
<item>
<title>LOFT — Verified Migration of Linux Firewalls to SDN</title>
<link>/entries/LOFT.html</link>
<pubDate>Fri, 21 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/LOFT.html</guid>
<description></description>
</item>
<item>
<title>A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor</title>
<link>/entries/SPARCv8.html</link>
<pubDate>Wed, 19 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/SPARCv8.html</guid>
<description></description>
</item>
<item>
<title>Source Coding Theorem</title>
<link>/entries/Source_Coding_Theorem.html</link>
<pubDate>Wed, 19 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Source_Coding_Theorem.html</guid>
<description></description>
</item>
<item>
<title>The Factorization Algorithm of Berlekamp and Zassenhaus</title>
<link>/entries/Berlekamp_Zassenhaus.html</link>
<pubDate>Fri, 14 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Berlekamp_Zassenhaus.html</guid>
<description></description>
</item>
<item>
<title>Intersecting Chords Theorem</title>
<link>/entries/Chord_Segments.html</link>
<pubDate>Tue, 11 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Chord_Segments.html</guid>
<description></description>
</item>
<item>
<title>Lp spaces</title>
<link>/entries/Lp.html</link>
<pubDate>Wed, 05 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lp.html</guid>
<description></description>
</item>
<item>
<title>Fisher–Yates shuffle</title>
<link>/entries/Fisher_Yates.html</link>
<pubDate>Fri, 30 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Fisher_Yates.html</guid>
<description></description>
</item>
<item>
<title>Allen&#39;s Interval Calculus</title>
<link>/entries/Allen_Calculus.html</link>
<pubDate>Thu, 29 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Allen_Calculus.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_RPOs.html</link>
<pubDate>Fri, 23 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_RPOs.html</guid>
<description></description>
</item>
<item>
<title>Iptables Semantics</title>
<link>/entries/Iptables_Semantics.html</link>
<pubDate>Fri, 09 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Iptables_Semantics.html</guid>
<description></description>
</item>
<item>
<title>A Variant of the Superposition Calculus</title>
<link>/entries/SuperCalc.html</link>
<pubDate>Tue, 06 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/SuperCalc.html</guid>
<description></description>
</item>
<item>
<title>Stone Algebras</title>
<link>/entries/Stone_Algebras.html</link>
<pubDate>Tue, 06 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Stirling&#39;s formula</title>
<link>/entries/Stirling_Formula.html</link>
<pubDate>Thu, 01 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stirling_Formula.html</guid>
<description></description>
</item>
<item>
<title>Routing</title>
<link>/entries/Routing.html</link>
<pubDate>Wed, 31 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Routing.html</guid>
<description></description>
</item>
<item>
<title>Simple Firewall</title>
<link>/entries/Simple_Firewall.html</link>
<pubDate>Wed, 24 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Simple_Firewall.html</guid>
<description></description>
</item>
<item>
<title>Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths</title>
<link>/entries/InfPathElimination.html</link>
<pubDate>Thu, 18 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/InfPathElimination.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Edmonds-Karp Algorithm</title>
<link>/entries/EdmondsKarp_Maxflow.html</link>
<pubDate>Fri, 12 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/EdmondsKarp_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>The Imperative Refinement Framework</title>
<link>/entries/Refine_Imperative_HOL.html</link>
<pubDate>Mon, 08 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Refine_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Ptolemy&#39;s Theorem</title>
<link>/entries/Ptolemys_Theorem.html</link>
<pubDate>Sun, 07 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Ptolemys_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Surprise Paradox</title>
<link>/entries/Surprise_Paradox.html</link>
<pubDate>Sun, 17 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Surprise_Paradox.html</guid>
<description></description>
</item>
<item>
<title>Pairing Heap</title>
<link>/entries/Pairing_Heap.html</link>
<pubDate>Thu, 14 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Pairing_Heap.html</guid>
<description></description>
</item>
<item>
<title>A Framework for Verifying Depth-First Search Algorithms</title>
<link>/entries/DFS_Framework.html</link>
<pubDate>Tue, 05 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/DFS_Framework.html</guid>
<description></description>
</item>
<item>
<title>Chamber Complexes, Coxeter Systems, and Buildings</title>
<link>/entries/Buildings.html</link>
<pubDate>Fri, 01 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Buildings.html</guid>
<description></description>
</item>
<item>
<title>The Resolution Calculus for First-Order Logic</title>
<link>/entries/Resolution_FOL.html</link>
<pubDate>Thu, 30 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Resolution_FOL.html</guid>
<description></description>
</item>
<item>
<title>The Z Property</title>
<link>/entries/Rewriting_Z.html</link>
<pubDate>Thu, 30 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Rewriting_Z.html</guid>
<description></description>
</item>
<item>
<title>Compositional Security-Preserving Refinement for Concurrent Imperative Programs</title>
<link>/entries/Dependent_SIFUM_Refinement.html</link>
<pubDate>Tue, 28 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Dependent_SIFUM_Refinement.html</guid>
<description></description>
</item>
<item>
<title>IP Addresses</title>
<link>/entries/IP_Addresses.html</link>
<pubDate>Tue, 28 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/IP_Addresses.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Multisets</title>
<link>/entries/Card_Multisets.html</link>
<pubDate>Sun, 26 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Multisets.html</guid>
<description></description>
</item>
<item>
<title>Category Theory with Adjunctions and Limits</title>
<link>/entries/Category3.html</link>
<pubDate>Sun, 26 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Category3.html</guid>
<description></description>
</item>
<item>
<title>A Dependent Security Type System for Concurrent Imperative Programs</title>
<link>/entries/Dependent_SIFUM_Type_Systems.html</link>
<pubDate>Sat, 25 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Dependent_SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>Catalan Numbers</title>
<link>/entries/Catalan_Numbers.html</link>
<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Catalan_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Program Construction and Verification Components Based on Kleene Algebra</title>
<link>/entries/Algebraic_VCs.html</link>
<pubDate>Sat, 18 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Algebraic_VCs.html</guid>
<description></description>
</item>
<item>
<title>Conservation of CSP Noninterference Security under Concurrent Composition</title>
<link>/entries/Noninterference_Concurrent_Composition.html</link>
<pubDate>Mon, 13 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Concurrent_Composition.html</guid>
<description></description>
</item>
<item>
<title>Finite Machine Word Library</title>
<link>/entries/Word_Lib.html</link>
<pubDate>Thu, 09 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Word_Lib.html</guid>
<description></description>
</item>
<item>
<title>Tree Decomposition</title>
<link>/entries/Tree_Decomposition.html</link>
<pubDate>Tue, 31 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Tree_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Equivalence Relations</title>
<link>/entries/Card_Equiv_Relations.html</link>
<pubDate>Tue, 24 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Equiv_Relations.html</guid>
<description></description>
</item>
<item>
<title>POSIX Lexing with Derivatives of Regular Expressions</title>
<link>/entries/Posix-Lexing.html</link>
<pubDate>Tue, 24 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Posix-Lexing.html</guid>
<description></description>
</item>
<item>
<title>Perron-Frobenius Theorem for Spectral Radius Analysis</title>
<link>/entries/Perron_Frobenius.html</link>
<pubDate>Fri, 20 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Perron_Frobenius.html</guid>
<description></description>
</item>
<item>
<title>The meta theory of the Incredible Proof Machine</title>
<link>/entries/Incredible_Proof_Machine.html</link>
<pubDate>Fri, 20 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Incredible_Proof_Machine.html</guid>
<description></description>
</item>
<item>
<title>A Constructive Proof for FLP</title>
<link>/entries/FLP.html</link>
<pubDate>Wed, 18 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/FLP.html</guid>
<description></description>
</item>
<item>
<title>A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks</title>
<link>/entries/MFMC_Countable.html</link>
<pubDate>Mon, 09 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/MFMC_Countable.html</guid>
<description></description>
</item>
<item>
<title>Randomised Social Choice Theory</title>
<link>/entries/Randomised_Social_Choice.html</link>
<pubDate>Thu, 05 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Randomised_Social_Choice.html</guid>
<description></description>
</item>
<item>
<title>Spivey&#39;s Generalized Recurrence for Bell Numbers</title>
<link>/entries/Bell_Numbers_Spivey.html</link>
<pubDate>Wed, 04 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Bell_Numbers_Spivey.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of SD-Efficiency and SD-Strategy-Proofness</title>
<link>/entries/SDS_Impossibility.html</link>
<pubDate>Wed, 04 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/SDS_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Gröbner Bases Theory</title>
<link>/entries/Groebner_Bases.html</link>
<pubDate>Mon, 02 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Groebner_Bases.html</guid>
<description></description>
</item>
<item>
<title>No Faster-Than-Light Observers</title>
<link>/entries/No_FTL_observers.html</link>
<pubDate>Thu, 28 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/No_FTL_observers.html</guid>
<description></description>
</item>
<item>
<title>A formalisation of the Cocke-Younger-Kasami algorithm</title>
<link>/entries/CYK.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/CYK.html</guid>
<description></description>
</item>
<item>
<title>Algorithms for Reduced Ordered Binary Decision Diagrams</title>
<link>/entries/ROBDD.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/ROBDD.html</guid>
<description></description>
</item>
<item>
<title>Conservation of CSP Noninterference Security under Sequential Composition</title>
<link>/entries/Noninterference_Sequential_Composition.html</link>
<pubDate>Tue, 26 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Sequential_Composition.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebras with Domain</title>
<link>/entries/KAD.html</link>
<pubDate>Tue, 12 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/KAD.html</guid>
<description></description>
</item>
<item>
<title>Propositional Resolution and Prime Implicates Generation</title>
<link>/entries/PropResPI.html</link>
<pubDate>Fri, 11 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/PropResPI.html</guid>
<description></description>
</item>
<item>
<title>The Cartan Fixed Point Theorems</title>
<link>/entries/Cartan_FP.html</link>
<pubDate>Tue, 08 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/Cartan_FP.html</guid>
<description></description>
</item>
<item>
<title>Timed Automata</title>
<link>/entries/Timed_Automata.html</link>
<pubDate>Tue, 08 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/Timed_Automata.html</guid>
<description></description>
</item>
<item>
<title>Linear Temporal Logic</title>
<link>/entries/LTL.html</link>
<pubDate>Tue, 01 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/LTL.html</guid>
<description></description>
</item>
<item>
<title>Analysis of List Update Algorithms</title>
<link>/entries/List_Update.html</link>
<pubDate>Wed, 17 Feb 2016 00:00:00 +0000</pubDate>
<guid>/entries/List_Update.html</guid>
<description></description>
</item>
<item>
<title>Verified Construction of Static Single Assignment Form</title>
<link>/entries/Formal_SSA.html</link>
<pubDate>Fri, 05 Feb 2016 00:00:00 +0000</pubDate>
<guid>/entries/Formal_SSA.html</guid>
<description></description>
</item>
<item>
<title>Polynomial Factorization</title>
<link>/entries/Polynomial_Factorization.html</link>
<pubDate>Fri, 29 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Polynomial_Factorization.html</guid>
<description></description>
</item>
<item>
<title>Polynomial Interpolation</title>
<link>/entries/Polynomial_Interpolation.html</link>
<pubDate>Fri, 29 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Polynomial_Interpolation.html</guid>
<description></description>
</item>
<item>
<title>Knot Theory</title>
<link>/entries/Knot_Theory.html</link>
<pubDate>Wed, 20 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Knot_Theory.html</guid>
<description></description>
</item>
<item>
<title>Tensor Product of Matrices</title>
<link>/entries/Matrix_Tensor.html</link>
<pubDate>Mon, 18 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Matrix_Tensor.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Number Partitions</title>
<link>/entries/Card_Number_Partitions.html</link>
<pubDate>Thu, 14 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Number_Partitions.html</guid>
<description></description>
</item>
<item>
<title>Basic Geometric Properties of Triangles</title>
<link>/entries/Triangle.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Triangle.html</guid>
<description></description>
</item>
<item>
<title>Descartes&#39; Rule of Signs</title>
<link>/entries/Descartes_Sign_Rule.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Descartes_Sign_Rule.html</guid>
<description></description>
</item>
<item>
<title>Liouville numbers</title>
<link>/entries/Liouville_Numbers.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Liouville_Numbers.html</guid>
<description></description>
</item>
<item>
<title>The Divergence of the Prime Harmonic Series</title>
<link>/entries/Prime_Harmonic_Series.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Harmonic_Series.html</guid>
<description></description>
</item>
<item>
<title>Algebraic Numbers in Isabelle/HOL</title>
<link>/entries/Algebraic_Numbers.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Algebraic_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Applicative Lifting</title>
<link>/entries/Applicative_Lifting.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Applicative_Lifting.html</guid>
<description></description>
</item>
<item>
<title>The Stern-Brocot Tree</title>
<link>/entries/Stern_Brocot.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Stern_Brocot.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Set Partitions</title>
<link>/entries/Card_Partitions.html</link>
<pubDate>Sat, 12 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Card_Partitions.html</guid>
<description></description>
</item>
<item>
<title>Latin Square</title>
<link>/entries/Latin_Square.html</link>
<pubDate>Wed, 02 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Latin_Square.html</guid>
<description></description>
</item>
<item>
<title>Ergodic Theory</title>
<link>/entries/Ergodic_Theory.html</link>
<pubDate>Tue, 01 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Ergodic_Theory.html</guid>
<description></description>
</item>
<item>
<title>Euler&#39;s Partition Theorem</title>
<link>/entries/Euler_Partition.html</link>
<pubDate>Thu, 19 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Euler_Partition.html</guid>
<description></description>
</item>
<item>
<title>The Tortoise and Hare Algorithm</title>
<link>/entries/TortoiseHare.html</link>
<pubDate>Wed, 18 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/TortoiseHare.html</guid>
<description></description>
</item>
<item>
<title>Planarity Certificates</title>
<link>/entries/Planarity_Certificates.html</link>
<pubDate>Wed, 11 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Planarity_Certificates.html</guid>
<description></description>
</item>
<item>
<title>Positional Determinacy of Parity Games</title>
<link>/entries/Parity_Game.html</link>
<pubDate>Mon, 02 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Parity_Game.html</guid>
<description></description>
</item>
<item>
<title>A Meta-Model for the Isabelle API</title>
<link>/entries/Isabelle_Meta_Model.html</link>
<pubDate>Wed, 16 Sep 2015 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_Meta_Model.html</guid>
<description></description>
</item>
<item>
<title>Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata</title>
<link>/entries/LTL_to_DRA.html</link>
<pubDate>Fri, 04 Sep 2015 00:00:00 +0000</pubDate>
<guid>/entries/LTL_to_DRA.html</guid>
<description></description>
</item>
<item>
<title>Matrices, Jordan Normal Forms, and Spectral Radius Theory</title>
<link>/entries/Jordan_Normal_Form.html</link>
<pubDate>Fri, 21 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Jordan_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Decreasing Diagrams II</title>
<link>/entries/Decreasing-Diagrams-II.html</link>
<pubDate>Thu, 20 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Decreasing-Diagrams-II.html</guid>
<description></description>
</item>
<item>
<title>The Inductive Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Inductive_Unwinding.html</link>
<pubDate>Tue, 18 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Inductive_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>Representations of Finite Groups</title>
<link>/entries/Rep_Fin_Groups.html</link>
<pubDate>Wed, 12 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Rep_Fin_Groups.html</guid>
<description></description>
</item>
<item>
<title>Analysing and Comparing Encodability Criteria for Process Calculi</title>
<link>/entries/Encodability_Process_Calculi.html</link>
<pubDate>Mon, 10 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Encodability_Process_Calculi.html</guid>
<description></description>
</item>
<item>
<title>Generating Cases from Labeled Subgoals</title>
<link>/entries/Case_Labeling.html</link>
<pubDate>Tue, 21 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Case_Labeling.html</guid>
<description></description>
</item>
<item>
<title>Landau Symbols</title>
<link>/entries/Landau_Symbols.html</link>
<pubDate>Tue, 14 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Landau_Symbols.html</guid>
<description></description>
</item>
<item>
<title>The Akra-Bazzi theorem and the Master theorem</title>
<link>/entries/Akra_Bazzi.html</link>
<pubDate>Tue, 14 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Akra_Bazzi.html</guid>
<description></description>
</item>
<item>
<title>Hermite Normal Form</title>
<link>/entries/Hermite.html</link>
<pubDate>Tue, 07 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Hermite.html</guid>
<description></description>
</item>
<item>
<title>Derangements Formula</title>
<link>/entries/Derangements.html</link>
<pubDate>Sat, 27 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Derangements.html</guid>
<description></description>
</item>
<item>
<title>Binary Multirelations</title>
<link>/entries/Multirelations.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Multirelations.html</guid>
<description></description>
</item>
<item>
<title>Reasoning about Lists via List Interleaving</title>
<link>/entries/List_Interleaving.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/List_Interleaving.html</guid>
<description></description>
</item>
<item>
<title>The Generic Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Generic_Unwinding.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Generic_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>The Ipurge Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Ipurge_Unwinding.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Ipurge_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>Parameterized Dynamic Tables</title>
<link>/entries/Dynamic_Tables.html</link>
<pubDate>Sun, 07 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Dynamic_Tables.html</guid>
<description></description>
</item>
<item>
<title>Derivatives of Logical Formulas</title>
<link>/entries/Formula_Derivatives.html</link>
<pubDate>Thu, 28 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Formula_Derivatives.html</guid>
<description></description>
</item>
<item>
<title>A Zoo of Probabilistic Systems</title>
<link>/entries/Probabilistic_System_Zoo.html</link>
<pubDate>Wed, 27 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_System_Zoo.html</guid>
<description></description>
</item>
<item>
<title>VCG - Combinatorial Vickrey-Clarke-Groves Auctions</title>
<link>/entries/Vickrey_Clarke_Groves.html</link>
<pubDate>Thu, 30 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/Vickrey_Clarke_Groves.html</guid>
<description></description>
</item>
<item>
<title>Residuated Lattices</title>
<link>/entries/Residuated_Lattices.html</link>
<pubDate>Wed, 15 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/Residuated_Lattices.html</guid>
<description></description>
</item>
<item>
<title>Concurrent IMP</title>
<link>/entries/ConcurrentIMP.html</link>
<pubDate>Mon, 13 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/ConcurrentIMP.html</guid>
<description></description>
</item>
<item>
<title>Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO</title>
<link>/entries/ConcurrentGC.html</link>
<pubDate>Mon, 13 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/ConcurrentGC.html</guid>
<description></description>
</item>
<item>
<title>Trie</title>
<link>/entries/Trie.html</link>
<pubDate>Mon, 30 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Trie.html</guid>
<description></description>
</item>
<item>
<title>Consensus Refined</title>
<link>/entries/Consensus_Refined.html</link>
<pubDate>Wed, 18 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Consensus_Refined.html</guid>
<description></description>
</item>
<item>
<title>Deriving class instances for datatypes</title>
<link>/entries/Deriving.html</link>
<pubDate>Wed, 11 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Deriving.html</guid>
<description></description>
</item>
<item>
<title>The Safety of Call Arity</title>
<link>/entries/Call_Arity.html</link>
<pubDate>Fri, 20 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Call_Arity.html</guid>
<description></description>
</item>
<item>
<title>Echelon Form</title>
<link>/entries/Echelon_Form.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Echelon_Form.html</guid>
<description></description>
</item>
<item>
<title>QR Decomposition</title>
<link>/entries/QR_Decomposition.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/QR_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Finite Automata in Hereditarily Finite Set Theory</title>
<link>/entries/Finite_Automata_HF.html</link>
<pubDate>Thu, 05 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Finite_Automata_HF.html</guid>
<description></description>
</item>
<item>
<title>Verification of the UpDown Scheme</title>
<link>/entries/UpDown_Scheme.html</link>
<pubDate>Wed, 28 Jan 2015 00:00:00 +0000</pubDate>
<guid>/entries/UpDown_Scheme.html</guid>
<description></description>
</item>
<item>
<title>The Unified Policy Framework (UPF)</title>
<link>/entries/UPF.html</link>
<pubDate>Fri, 28 Nov 2014 00:00:00 +0000</pubDate>
<guid>/entries/UPF.html</guid>
<description></description>
</item>
<item>
<title>Loop freedom of the (untimed) AODV routing protocol</title>
<link>/entries/AODV.html</link>
<pubDate>Thu, 23 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/AODV.html</guid>
<description></description>
</item>
<item>
<title>Lifting Definition Option</title>
<link>/entries/Lifting_Definition_Option.html</link>
<pubDate>Mon, 13 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Lifting_Definition_Option.html</guid>
<description></description>
</item>
<item>
<title>Stream Fusion in HOL with Code Generation</title>
<link>/entries/Stream_Fusion_Code.html</link>
<pubDate>Fri, 10 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Stream_Fusion_Code.html</guid>
<description></description>
</item>
<item>
<title>A Verified Compiler for Probability Density Functions</title>
<link>/entries/Density_Compiler.html</link>
<pubDate>Thu, 09 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Density_Compiler.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Refinement Calculus for Reactive Systems</title>
<link>/entries/RefinementReactive.html</link>
<pubDate>Wed, 08 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/RefinementReactive.html</guid>
<description></description>
</item>
<item>
<title>Certification Monads</title>
<link>/entries/Certification_Monads.html</link>
<pubDate>Fri, 03 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Certification_Monads.html</guid>
<description></description>
</item>
<item>
<title>XML</title>
<link>/entries/XML.html</link>
<pubDate>Fri, 03 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/XML.html</guid>
<description></description>
</item>
<item>
<title>Imperative Insertion Sort</title>
<link>/entries/Imperative_Insertion_Sort.html</link>
<pubDate>Thu, 25 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Imperative_Insertion_Sort.html</guid>
<description></description>
</item>
<item>
<title>The Sturm-Tarski Theorem</title>
<link>/entries/Sturm_Tarski.html</link>
<pubDate>Fri, 19 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Sturm_Tarski.html</guid>
<description></description>
</item>
<item>
<title>The Cayley-Hamilton Theorem</title>
<link>/entries/Cayley_Hamilton.html</link>
<pubDate>Mon, 15 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Cayley_Hamilton.html</guid>
<description></description>
</item>
<item>
<title>The Jordan-Hölder Theorem</title>
<link>/entries/Jordan_Hoelder.html</link>
<pubDate>Tue, 09 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Jordan_Hoelder.html</guid>
<description></description>
</item>
<item>
<title>Priority Queues Based on Braun Trees</title>
<link>/entries/Priority_Queue_Braun.html</link>
<pubDate>Thu, 04 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Priority_Queue_Braun.html</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan Algorithm and Its Applications</title>
<link>/entries/Gauss_Jordan.html</link>
<pubDate>Wed, 03 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Gauss_Jordan.html</guid>
<description></description>
</item>
<item>
<title>Real-Valued Special Functions: Upper and Lower Bounds</title>
<link>/entries/Special_Function_Bounds.html</link>
<pubDate>Fri, 29 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Special_Function_Bounds.html</guid>
<description></description>
</item>
<item>
<title>Vector Spaces</title>
<link>/entries/VectorSpace.html</link>
<pubDate>Fri, 29 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/VectorSpace.html</guid>
<description></description>
</item>
<item>
<title>Skew Heap</title>
<link>/entries/Skew_Heap.html</link>
<pubDate>Wed, 13 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Skew_Heap.html</guid>
<description></description>
</item>
<item>
<title>Splay Tree</title>
<link>/entries/Splay_Tree.html</link>
<pubDate>Tue, 12 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Splay_Tree.html</guid>
<description></description>
</item>
<item>
<title>Haskell&#39;s Show Class in Isabelle/HOL</title>
<link>/entries/Show.html</link>
<pubDate>Tue, 29 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Show.html</guid>
<description></description>
</item>
<item>
<title>Formal Specification of a Generic Separation Kernel</title>
<link>/entries/CISC-Kernel.html</link>
<pubDate>Fri, 18 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/CISC-Kernel.html</guid>
<description></description>
</item>
<item>
<title>pGCL for Isabelle</title>
<link>/entries/pGCL.html</link>
<pubDate>Sun, 13 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/pGCL.html</guid>
<description></description>
</item>
<item>
<title>Amortized Complexity Verified</title>
<link>/entries/Amortized_Complexity.html</link>
<pubDate>Mon, 07 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Amortized_Complexity.html</guid>
<description></description>
</item>
<item>
<title>Network Security Policy Verification</title>
<link>/entries/Network_Security_Policy_Verification.html</link>
<pubDate>Fri, 04 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Network_Security_Policy_Verification.html</guid>
<description></description>
</item>
<item>
<title>Pop-Refinement</title>
<link>/entries/Pop_Refinement.html</link>
<pubDate>Thu, 03 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Pop_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</title>
<link>/entries/MSO_Regex_Equivalence.html</link>
<pubDate>Thu, 12 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/MSO_Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Boolean Expression Checkers</title>
<link>/entries/Boolean_Expression_Checkers.html</link>
<pubDate>Sun, 08 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/Boolean_Expression_Checkers.html</guid>
<description></description>
</item>
<item>
<title>A Fully Verified Executable LTL Model Checker</title>
<link>/entries/CAVA_LTL_Modelchecker.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/CAVA_LTL_Modelchecker.html</guid>
<description></description>
</item>
<item>
<title>Converting Linear-Time Temporal Logic to Generalized Büchi Automata</title>
<link>/entries/LTL_to_GBA.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/LTL_to_GBA.html</guid>
<description></description>
</item>
<item>
<title>Promela Formalization</title>
<link>/entries/Promela.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Promela.html</guid>
<description></description>
</item>
<item>
<title>The CAVA Automata Library</title>
<link>/entries/CAVA_Automata.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/CAVA_Automata.html</guid>
<description></description>
</item>
<item>
<title>Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</title>
<link>/entries/Gabow_SCC.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Gabow_SCC.html</guid>
<description></description>
</item>
<item>
<title>Noninterference Security in Communicating Sequential Processes</title>
<link>/entries/Noninterference_CSP.html</link>
<pubDate>Fri, 23 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_CSP.html</guid>
<description></description>
</item>
<item>
<title>Transitive closure according to Roy-Floyd-Warshall</title>
<link>/entries/Roy_Floyd_Warshall.html</link>
<pubDate>Fri, 23 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Roy_Floyd_Warshall.html</guid>
<description></description>
</item>
<item>
<title>Regular Algebras</title>
<link>/entries/Regular_Algebras.html</link>
<pubDate>Wed, 21 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Regular_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Formalisation and Analysis of Component Dependencies</title>
<link>/entries/ComponentDependencies.html</link>
<pubDate>Mon, 28 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/ComponentDependencies.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Assumptions and Guarantees for Compositional Noninterference</title>
<link>/entries/SIFUM_Type_Systems.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Declassification with WHAT-and-WHERE-Security</title>
<link>/entries/WHATandWHERE_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/WHATandWHERE_Security.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Strong Security</title>
<link>/entries/Strong_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Strong_Security.html</guid>
<description></description>
</item>
<item>
<title>Bounded-Deducibility Security</title>
<link>/entries/Bounded_Deducibility_Security.html</link>
<pubDate>Tue, 22 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Bounded_Deducibility_Security.html</guid>
<description></description>
</item>
<item>
<title>A shallow embedding of HyperCTL*</title>
<link>/entries/HyperCTL.html</link>
<pubDate>Wed, 16 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/HyperCTL.html</guid>
<description></description>
</item>
<item>
<title>Abstract Completeness</title>
<link>/entries/Abstract_Completeness.html</link>
<pubDate>Wed, 16 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Abstract_Completeness.html</guid>
<description></description>
</item>
<item>
<title>Discrete Summation</title>
<link>/entries/Discrete_Summation.html</link>
<pubDate>Sun, 13 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Discrete_Summation.html</guid>
<description></description>
</item>
<item>
<title>Syntax and semantics of a GPU kernel programming language</title>
<link>/entries/GPU_Kernel_PL.html</link>
<pubDate>Thu, 03 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/GPU_Kernel_PL.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Noninterference</title>
<link>/entries/Probabilistic_Noninterference.html</link>
<pubDate>Tue, 11 Mar 2014 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Noninterference.html</guid>
<description></description>
</item>
<item>
<title>Mechanization of the Algebra for Wireless Networks (AWN)</title>
<link>/entries/AWN.html</link>
<pubDate>Sat, 08 Mar 2014 00:00:00 +0000</pubDate>
<guid>/entries/AWN.html</guid>
<description></description>
</item>
<item>
<title>Mutually Recursive Partial Functions</title>
<link>/entries/Partial_Function_MR.html</link>
<pubDate>Tue, 18 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Partial_Function_MR.html</guid>
<description></description>
</item>
<item>
<title>Properties of Random Graphs -- Subgraph Containment</title>
<link>/entries/Random_Graph_Subgraph_Threshold.html</link>
<pubDate>Thu, 13 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Random_Graph_Subgraph_Threshold.html</guid>
<description></description>
</item>
<item>
<title>Verification of Selection and Heap Sort Using Locales</title>
<link>/entries/Selection_Heap_Sort.html</link>
<pubDate>Tue, 11 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Selection_Heap_Sort.html</guid>
<description></description>
</item>
<item>
<title>Affine Arithmetic</title>
<link>/entries/Affine_Arithmetic.html</link>
<pubDate>Fri, 07 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Affine_Arithmetic.html</guid>
<description></description>
</item>
<item>
<title>Implementing field extensions of the form Q[sqrt(b)]</title>
<link>/entries/Real_Impl.html</link>
<pubDate>Thu, 06 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Real_Impl.html</guid>
<description></description>
</item>
<item>
<title>Unified Decision Procedures for Regular Expression Equivalence</title>
<link>/entries/Regex_Equivalence.html</link>
<pubDate>Thu, 30 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Secondary Sylow Theorems</title>
<link>/entries/Secondary_Sylow.html</link>
<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Secondary_Sylow.html</guid>
<description></description>
</item>
<item>
<title>Relation Algebra</title>
<link>/entries/Relation_Algebra.html</link>
<pubDate>Sat, 25 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Relation_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra with Tests and Demonic Refinement Algebras</title>
<link>/entries/KAT_and_DRA.html</link>
<pubDate>Thu, 23 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/KAT_and_DRA.html</guid>
<description></description>
</item>
<item>
<title>Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5</title>
<link>/entries/Featherweight_OCL.html</link>
<pubDate>Thu, 16 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Featherweight_OCL.html</guid>
<description></description>
</item>
<item>
<title>Compositional Properties of Crypto-Based Components</title>
<link>/entries/CryptoBasedCompositionalProperties.html</link>
<pubDate>Sat, 11 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/CryptoBasedCompositionalProperties.html</guid>
<description></description>
</item>
<item>
<title>Sturm&#39;s Theorem</title>
<link>/entries/Sturm_Sequences.html</link>
<pubDate>Sat, 11 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Sturm_Sequences.html</guid>
<description></description>
</item>
<item>
<title>A General Method for the Proof of Theorems on Tail-recursive Functions</title>
<link>/entries/Tail_Recursive_Functions.html</link>
<pubDate>Sun, 01 Dec 2013 00:00:00 +0000</pubDate>
<guid>/entries/Tail_Recursive_Functions.html</guid>
<description></description>
</item>
<item>
<title>Gödel&#39;s Incompleteness Theorems</title>
<link>/entries/Incompleteness.html</link>
<pubDate>Sun, 17 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Incompleteness.html</guid>
<description></description>
</item>
<item>
<title>The Hereditarily Finite Sets</title>
<link>/entries/HereditarilyFinite.html</link>
<pubDate>Sun, 17 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/HereditarilyFinite.html</guid>
<description></description>
</item>
<item>
<title>A Codatatype of Formal Languages</title>
<link>/entries/Coinductive_Languages.html</link>
<pubDate>Fri, 15 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Coinductive_Languages.html</guid>
<description></description>
</item>
<item>
<title>Stream Processing Components: Isabelle/HOL Formalisation and Case Studies</title>
<link>/entries/FocusStreamsCaseStudies.html</link>
<pubDate>Thu, 14 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/FocusStreamsCaseStudies.html</guid>
<description></description>
</item>
<item>
<title>Gödel&#39;s God in Isabelle/HOL</title>
<link>/entries/GoedelGod.html</link>
<pubDate>Tue, 12 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/GoedelGod.html</guid>
<description></description>
</item>
<item>
<title>Decreasing Diagrams</title>
<link>/entries/Decreasing-Diagrams.html</link>
<pubDate>Fri, 01 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Decreasing-Diagrams.html</guid>
<description></description>
</item>
<item>
<title>Automatic Data Refinement</title>
<link>/entries/Automatic_Refinement.html</link>
<pubDate>Wed, 02 Oct 2013 00:00:00 +0000</pubDate>
<guid>/entries/Automatic_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Native Word</title>
<link>/entries/Native_Word.html</link>
<pubDate>Tue, 17 Sep 2013 00:00:00 +0000</pubDate>
<guid>/entries/Native_Word.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of IEEE Floating Point Arithmetic</title>
<link>/entries/IEEE_Floating_Point.html</link>
<pubDate>Sat, 27 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/IEEE_Floating_Point.html</guid>
<description></description>
</item>
<item>
<title>Lehmer&#39;s Theorem</title>
<link>/entries/Lehmer.html</link>
<pubDate>Mon, 22 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Lehmer.html</guid>
<description></description>
</item>
<item>
<title>Pratt&#39;s Primality Certificates</title>
<link>/entries/Pratt_Certificate.html</link>
<pubDate>Mon, 22 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Pratt_Certificate.html</guid>
<description></description>
</item>
<item>
<title>The Königsberg Bridge Problem and the Friendship Theorem</title>
<link>/entries/Koenigsberg_Friendship.html</link>
<pubDate>Fri, 19 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Koenigsberg_Friendship.html</guid>
<description></description>
</item>
<item>
<title>Sound and Complete Sort Encodings for First-Order Logic</title>
<link>/entries/Sort_Encodings.html</link>
<pubDate>Thu, 27 Jun 2013 00:00:00 +0000</pubDate>
<guid>/entries/Sort_Encodings.html</guid>
<description></description>
</item>
<item>
<title>An Axiomatic Characterization of the Single-Source Shortest Path Problem</title>
<link>/entries/ShortestPath.html</link>
<pubDate>Wed, 22 May 2013 00:00:00 +0000</pubDate>
<guid>/entries/ShortestPath.html</guid>
<description></description>
</item>
<item>
<title>Graph Theory</title>
<link>/entries/Graph_Theory.html</link>
<pubDate>Sun, 28 Apr 2013 00:00:00 +0000</pubDate>
<guid>/entries/Graph_Theory.html</guid>
<description></description>
</item>
<item>
<title>Light-weight Containers</title>
<link>/entries/Containers.html</link>
<pubDate>Mon, 15 Apr 2013 00:00:00 +0000</pubDate>
<guid>/entries/Containers.html</guid>
<description></description>
</item>
<item>
<title>Nominal 2</title>
<link>/entries/Nominal2.html</link>
<pubDate>Thu, 21 Feb 2013 00:00:00 +0000</pubDate>
<guid>/entries/Nominal2.html</guid>
<description></description>
</item>
<item>
<title>The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</title>
<link>/entries/Launchbury.html</link>
<pubDate>Thu, 31 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Launchbury.html</guid>
<description></description>
</item>
<item>
<title>Ribbon Proofs</title>
<link>/entries/Ribbon_Proofs.html</link>
<pubDate>Sat, 19 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Ribbon_Proofs.html</guid>
<description></description>
</item>
<item>
<title>Rank-Nullity Theorem in Linear Algebra</title>
<link>/entries/Rank_Nullity_Theorem.html</link>
<pubDate>Wed, 16 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Rank_Nullity_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra</title>
<link>/entries/Kleene_Algebra.html</link>
<pubDate>Tue, 15 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Kleene_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Computing N-th Roots using the Babylonian Method</title>
<link>/entries/Sqrt_Babylonian.html</link>
<pubDate>Thu, 03 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Sqrt_Babylonian.html</guid>
<description></description>
</item>
<item>
<title>A Separation Logic Framework for Imperative HOL</title>
<link>/entries/Separation_Logic_Imperative_HOL.html</link>
<pubDate>Wed, 14 Nov 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Logic_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Open Induction</title>
<link>/entries/Open_Induction.html</link>
<pubDate>Fri, 02 Nov 2012 00:00:00 +0000</pubDate>
<guid>/entries/Open_Induction.html</guid>
<description></description>
</item>
<item>
<title>The independence of Tarski&#39;s Euclidean axiom</title>
<link>/entries/Tarskis_Geometry.html</link>
<pubDate>Tue, 30 Oct 2012 00:00:00 +0000</pubDate>
<guid>/entries/Tarskis_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Bondy&#39;s Theorem</title>
<link>/entries/Bondy.html</link>
<pubDate>Sat, 27 Oct 2012 00:00:00 +0000</pubDate>
<guid>/entries/Bondy.html</guid>
<description></description>
</item>
<item>
<title>Possibilistic Noninterference</title>
<link>/entries/Possibilistic_Noninterference.html</link>
<pubDate>Mon, 10 Sep 2012 00:00:00 +0000</pubDate>
<guid>/entries/Possibilistic_Noninterference.html</guid>
<description></description>
</item>
<item>
<title>Generating linear orders for datatypes</title>
<link>/entries/Datatype_Order_Generator.html</link>
<pubDate>Tue, 07 Aug 2012 00:00:00 +0000</pubDate>
<guid>/entries/Datatype_Order_Generator.html</guid>
<description></description>
</item>
<item>
<title>Proving the Impossibility of Trisecting an Angle and Doubling the Cube</title>
<link>/entries/Impossible_Geometry.html</link>
<pubDate>Sun, 05 Aug 2012 00:00:00 +0000</pubDate>
<guid>/entries/Impossible_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model</title>
<link>/entries/Heard_Of.html</link>
<pubDate>Fri, 27 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/Heard_Of.html</guid>
<description></description>
</item>
<item>
<title>Logical Relations for PCF</title>
<link>/entries/PCF.html</link>
<pubDate>Sun, 01 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/PCF.html</guid>
<description></description>
</item>
<item>
<title>Type Constructor Classes and Monad Transformers</title>
<link>/entries/Tycon.html</link>
<pubDate>Tue, 26 Jun 2012 00:00:00 +0000</pubDate>
<guid>/entries/Tycon.html</guid>
<description></description>
</item>
<item>
<title>CCS in nominal logic</title>
<link>/entries/CCS.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/CCS.html</guid>
<description></description>
</item>
<item>
<title>Psi-calculi in Isabelle</title>
<link>/entries/Psi_Calculi.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Psi_Calculi.html</guid>
<description></description>
</item>
<item>
<title>The pi-calculus in nominal logic</title>
<link>/entries/Pi_Calculus.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Pi_Calculus.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Circus</title>
<link>/entries/Circus.html</link>
<pubDate>Sun, 27 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Circus.html</guid>
<description></description>
</item>
<item>
<title>Separation Algebra</title>
<link>/entries/Separation_Algebra.html</link>
<pubDate>Fri, 11 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Stuttering Equivalence</title>
<link>/entries/Stuttering_Equivalence.html</link>
<pubDate>Mon, 07 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Stuttering_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Inductive Study of Confidentiality</title>
<link>/entries/Inductive_Confidentiality.html</link>
<pubDate>Wed, 02 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Inductive_Confidentiality.html</guid>
<description></description>
</item>
<item>
<title>Ordinary Differential Equations</title>
<link>/entries/Ordinary_Differential_Equations.html</link>
<pubDate>Thu, 26 Apr 2012 00:00:00 +0000</pubDate>
<guid>/entries/Ordinary_Differential_Equations.html</guid>
<description></description>
</item>
<item>
<title>Well-Quasi-Orders</title>
<link>/entries/Well_Quasi_Orders.html</link>
<pubDate>Fri, 13 Apr 2012 00:00:00 +0000</pubDate>
<guid>/entries/Well_Quasi_Orders.html</guid>
<description></description>
</item>
<item>
<title>Abortable Linearizable Modules</title>
<link>/entries/Abortable_Linearizable_Modules.html</link>
<pubDate>Thu, 01 Mar 2012 00:00:00 +0000</pubDate>
<guid>/entries/Abortable_Linearizable_Modules.html</guid>
<description></description>
</item>
<item>
<title>Executable Transitive Closures</title>
<link>/entries/Transitive-Closure-II.html</link>
<pubDate>Wed, 29 Feb 2012 00:00:00 +0000</pubDate>
<guid>/entries/Transitive-Closure-II.html</guid>
<description></description>
</item>
<item>
<title>A Probabilistic Proof of the Girth-Chromatic Number Theorem</title>
<link>/entries/Girth_Chromatic.html</link>
<pubDate>Mon, 06 Feb 2012 00:00:00 +0000</pubDate>
<guid>/entries/Girth_Chromatic.html</guid>
<description></description>
</item>
<item>
<title>Dijkstra&#39;s Shortest Path Algorithm</title>
<link>/entries/Dijkstra_Shortest_Path.html</link>
<pubDate>Mon, 30 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Dijkstra_Shortest_Path.html</guid>
<description></description>
</item>
<item>
<title>Refinement for Monadic Programs</title>
<link>/entries/Refine_Monadic.html</link>
<pubDate>Mon, 30 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Refine_Monadic.html</guid>
<description></description>
</item>
<item>
<title>Markov Models</title>
<link>/entries/Markov_Models.html</link>
<pubDate>Tue, 03 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>A Definitional Encoding of TLA* in Isabelle/HOL</title>
<link>/entries/TLA.html</link>
<pubDate>Sat, 19 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/TLA.html</guid>
<description></description>
</item>
<item>
<title>Efficient Mergesort</title>
<link>/entries/Efficient-Mergesort.html</link>
<pubDate>Wed, 09 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/Efficient-Mergesort.html</guid>
<description></description>
</item>
<item>
<title>Algebra of Monotonic Boolean Transformers</title>
<link>/entries/MonoBoolTranAlgebra.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/MonoBoolTranAlgebra.html</guid>
<description></description>
</item>
<item>
<title>Lattice Properties</title>
<link>/entries/LatticeProperties.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/LatticeProperties.html</guid>
<description></description>
</item>
<item>
<title>Pseudo Hoops</title>
<link>/entries/PseudoHoops.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/PseudoHoops.html</guid>
<description></description>
</item>
<item>
<title>The Myhill-Nerode Theorem Based on Regular Expressions</title>
<link>/entries/Myhill-Nerode.html</link>
<pubDate>Fri, 26 Aug 2011 00:00:00 +0000</pubDate>
<guid>/entries/Myhill-Nerode.html</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan Elimination for Matrices Represented as Functions</title>
<link>/entries/Gauss-Jordan-Elim-Fun.html</link>
<pubDate>Fri, 19 Aug 2011 00:00:00 +0000</pubDate>
<guid>/entries/Gauss-Jordan-Elim-Fun.html</guid>
<description></description>
</item>
<item>
<title>Maximum Cardinality Matching</title>
<link>/entries/Max-Card-Matching.html</link>
<pubDate>Thu, 21 Jul 2011 00:00:00 +0000</pubDate>
<guid>/entries/Max-Card-Matching.html</guid>
<description></description>
</item>
<item>
<title>Knowledge-based programs</title>
<link>/entries/KBPs.html</link>
<pubDate>Tue, 17 May 2011 00:00:00 +0000</pubDate>
<guid>/entries/KBPs.html</guid>
<description></description>
</item>
<item>
<title>The General Triangle Is Unique</title>
<link>/entries/General-Triangle.html</link>
<pubDate>Fri, 01 Apr 2011 00:00:00 +0000</pubDate>
<guid>/entries/General-Triangle.html</guid>
<description></description>
</item>
<item>
<title>Executable Transitive Closures of Finite Relations</title>
<link>/entries/Transitive-Closure.html</link>
<pubDate>Mon, 14 Mar 2011 00:00:00 +0000</pubDate>
<guid>/entries/Transitive-Closure.html</guid>
<description></description>
</item>
<item>
<title>AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics</title>
<link>/entries/AutoFocus-Stream.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/AutoFocus-Stream.html</guid>
<description></description>
</item>
<item>
<title>Infinite Lists</title>
<link>/entries/List-Infinite.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/List-Infinite.html</guid>
<description></description>
</item>
<item>
<title>Interval Temporal Logic on Natural Numbers</title>
<link>/entries/Nat-Interval-Logic.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/Nat-Interval-Logic.html</guid>
<description></description>
</item>
<item>
<title>Lightweight Java</title>
<link>/entries/LightweightJava.html</link>
<pubDate>Mon, 07 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/LightweightJava.html</guid>
<description></description>
</item>
<item>
<title>RIPEMD-160</title>
<link>/entries/RIPEMD-160-SPARK.html</link>
<pubDate>Mon, 10 Jan 2011 00:00:00 +0000</pubDate>
<guid>/entries/RIPEMD-160-SPARK.html</guid>
<description></description>
</item>
<item>
<title>Lower Semicontinuous Functions</title>
<link>/entries/Lower_Semicontinuous.html</link>
<pubDate>Sat, 08 Jan 2011 00:00:00 +0000</pubDate>
<guid>/entries/Lower_Semicontinuous.html</guid>
<description></description>
</item>
<item>
<title>Hall&#39;s Marriage Theorem</title>
<link>/entries/Marriage.html</link>
<pubDate>Fri, 17 Dec 2010 00:00:00 +0000</pubDate>
<guid>/entries/Marriage.html</guid>
<description></description>
</item>
<item>
<title>Shivers&#39; Control Flow Analysis</title>
<link>/entries/Shivers-CFA.html</link>
<pubDate>Tue, 16 Nov 2010 00:00:00 +0000</pubDate>
<guid>/entries/Shivers-CFA.html</guid>
<description></description>
</item>
<item>
<title>Binomial Heaps and Skew Binomial Heaps</title>
<link>/entries/Binomial-Heaps.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Binomial-Heaps.html</guid>
<description></description>
</item>
<item>
<title>Finger Trees</title>
<link>/entries/Finger-Trees.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Finger-Trees.html</guid>
<description></description>
</item>
<item>
<title>Functional Binomial Queues</title>
<link>/entries/Binomial-Queues.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Binomial-Queues.html</guid>
<description></description>
</item>
<item>
<title>Strong Normalization of Moggis&#39;s Computational Metalanguage</title>
<link>/entries/Lam-ml-Normalization.html</link>
<pubDate>Sun, 29 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Lam-ml-Normalization.html</guid>
<description></description>
</item>
<item>
<title>Executable Multivariate Polynomials</title>
<link>/entries/Polynomials.html</link>
<pubDate>Tue, 10 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Statecharts using Hierarchical Automata</title>
<link>/entries/Statecharts.html</link>
<pubDate>Sun, 08 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Statecharts.html</guid>
<description></description>
</item>
<item>
<title>Free Groups</title>
<link>/entries/Free-Groups.html</link>
<pubDate>Thu, 24 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Free-Groups.html</guid>
<description></description>
</item>
<item>
<title>Category Theory</title>
<link>/entries/Category2.html</link>
<pubDate>Sun, 20 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Category2.html</guid>
<description></description>
</item>
<item>
<title>Executable Matrix Operations on Matrices of Arbitrary Dimensions</title>
<link>/entries/Matrix.html</link>
<pubDate>Thu, 17 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Matrix.html</guid>
<description></description>
</item>
<item>
<title>Abstract Rewriting</title>
<link>/entries/Abstract-Rewriting.html</link>
<pubDate>Mon, 14 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Abstract-Rewriting.html</guid>
<description></description>
</item>
<item>
<title>Semantics and Data Refinement of Invariant Based Programs</title>
<link>/entries/DataRefinementIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/DataRefinementIBP.html</guid>
<description></description>
</item>
<item>
<title>Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement</title>
<link>/entries/GraphMarkingIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/GraphMarkingIBP.html</guid>
<description></description>
</item>
<item>
<title>A Complete Proof of the Robbins Conjecture</title>
<link>/entries/Robbins-Conjecture.html</link>
<pubDate>Sat, 22 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/Robbins-Conjecture.html</guid>
<description></description>
</item>
<item>
<title>Regular Sets and Expressions</title>
<link>/entries/Regular-Sets.html</link>
<pubDate>Wed, 12 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/Regular-Sets.html</guid>
<description></description>
</item>
<item>
<title>Locally Nameless Sigma Calculus</title>
<link>/entries/Locally-Nameless-Sigma.html</link>
<pubDate>Fri, 30 Apr 2010 00:00:00 +0000</pubDate>
<guid>/entries/Locally-Nameless-Sigma.html</guid>
<description></description>
</item>
<item>
<title>Free Boolean Algebra</title>
<link>/entries/Free-Boolean-Algebra.html</link>
<pubDate>Mon, 29 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/Free-Boolean-Algebra.html</guid>
<description></description>
</item>
<item>
<title>Information Flow Noninterference via Slicing</title>
<link>/entries/InformationFlowSlicing.html</link>
<pubDate>Tue, 23 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/InformationFlowSlicing.html</guid>
<description></description>
</item>
<item>
<title>Inter-Procedural Information Flow Noninterference via Slicing</title>
<link>/entries/InformationFlowSlicing_Inter.html</link>
<pubDate>Tue, 23 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/InformationFlowSlicing_Inter.html</guid>
<description></description>
</item>
<item>
<title>List Index</title>
<link>/entries/List-Index.html</link>
<pubDate>Sat, 20 Feb 2010 00:00:00 +0000</pubDate>
<guid>/entries/List-Index.html</guid>
<description></description>
</item>
<item>
<title>Coinductive</title>
<link>/entries/Coinductive.html</link>
<pubDate>Fri, 12 Feb 2010 00:00:00 +0000</pubDate>
<guid>/entries/Coinductive.html</guid>
<description></description>
</item>
<item>
<title>A Fast SAT Solver for Isabelle in Standard ML</title>
<link>/entries/DPT-SAT-Solver.html</link>
<pubDate>Wed, 09 Dec 2009 00:00:00 +0000</pubDate>
<guid>/entries/DPT-SAT-Solver.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Logic-Automaton Connection</title>
<link>/entries/Presburger-Automata.html</link>
<pubDate>Thu, 03 Dec 2009 00:00:00 +0000</pubDate>
<guid>/entries/Presburger-Automata.html</guid>
<description></description>
</item>
<item>
<title>Collections Framework</title>
<link>/entries/Collections.html</link>
<pubDate>Wed, 25 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Collections.html</guid>
<description></description>
</item>
<item>
<title>Tree Automata</title>
<link>/entries/Tree-Automata.html</link>
<pubDate>Wed, 25 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Tree-Automata.html</guid>
<description></description>
</item>
<item>
<title>Perfect Number Theorem</title>
<link>/entries/Perfect-Number-Thm.html</link>
<pubDate>Sun, 22 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Perfect-Number-Thm.html</guid>
<description></description>
</item>
<item>
<title>Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer</title>
<link>/entries/HRB-Slicing.html</link>
<pubDate>Fri, 13 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/HRB-Slicing.html</guid>
<description></description>
</item>
<item>
<title>The Worker/Wrapper Transformation</title>
<link>/entries/WorkerWrapper.html</link>
<pubDate>Fri, 30 Oct 2009 00:00:00 +0000</pubDate>
<guid>/entries/WorkerWrapper.html</guid>
<description></description>
</item>
<item>
<title>Ordinals and Cardinals</title>
<link>/entries/Ordinals_and_Cardinals.html</link>
<pubDate>Tue, 01 Sep 2009 00:00:00 +0000</pubDate>
<guid>/entries/Ordinals_and_Cardinals.html</guid>
<description></description>
</item>
<item>
<title>Invertibility in Sequent Calculi</title>
<link>/entries/SequentInvertibility.html</link>
<pubDate>Fri, 28 Aug 2009 00:00:00 +0000</pubDate>
<guid>/entries/SequentInvertibility.html</guid>
<description></description>
</item>
<item>
<title>An Example of a Cofinitary Group in Isabelle/HOL</title>
<link>/entries/CofGroups.html</link>
<pubDate>Tue, 04 Aug 2009 00:00:00 +0000</pubDate>
<guid>/entries/CofGroups.html</guid>
<description></description>
</item>
<item>
<title>Code Generation for Functions as Data</title>
<link>/entries/FinFun.html</link>
<pubDate>Wed, 06 May 2009 00:00:00 +0000</pubDate>
<guid>/entries/FinFun.html</guid>
<description></description>
</item>
<item>
<title>Stream Fusion</title>
<link>/entries/Stream-Fusion.html</link>
<pubDate>Wed, 29 Apr 2009 00:00:00 +0000</pubDate>
<guid>/entries/Stream-Fusion.html</guid>
<description></description>
</item>
<item>
<title>A Bytecode Logic for JML and Types</title>
<link>/entries/BytecodeLogicJmlTypes.html</link>
<pubDate>Fri, 12 Dec 2008 00:00:00 +0000</pubDate>
<guid>/entries/BytecodeLogicJmlTypes.html</guid>
<description></description>
</item>
<item>
<title>Secure information flow and program logics</title>
<link>/entries/SIFPL.html</link>
<pubDate>Mon, 10 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SIFPL.html</guid>
<description></description>
</item>
<item>
<title>Some classical results in Social Choice Theory</title>
<link>/entries/SenSocialChoice.html</link>
<pubDate>Sun, 09 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SenSocialChoice.html</guid>
<description></description>
</item>
<item>
<title>Fun With Tilings</title>
<link>/entries/FunWithTilings.html</link>
<pubDate>Fri, 07 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/FunWithTilings.html</guid>
<description></description>
</item>
<item>
<title>The Textbook Proof of Huffman&#39;s Algorithm</title>
<link>/entries/Huffman.html</link>
<pubDate>Wed, 15 Oct 2008 00:00:00 +0000</pubDate>
<guid>/entries/Huffman.html</guid>
<description></description>
</item>
<item>
<title>Towards Certified Slicing</title>
<link>/entries/Slicing.html</link>
<pubDate>Tue, 16 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/Slicing.html</guid>
<description></description>
</item>
<item>
<title>A Correctness Proof for the Volpano/Smith Security Typing System</title>
<link>/entries/VolpanoSmith.html</link>
<pubDate>Tue, 02 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/VolpanoSmith.html</guid>
<description></description>
</item>
<item>
<title>Arrow and Gibbard-Satterthwaite</title>
<link>/entries/ArrowImpossibilityGS.html</link>
<pubDate>Mon, 01 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/ArrowImpossibilityGS.html</guid>
<description></description>
</item>
<item>
<title>Fun With Functions</title>
<link>/entries/FunWithFunctions.html</link>
<pubDate>Tue, 26 Aug 2008 00:00:00 +0000</pubDate>
<guid>/entries/FunWithFunctions.html</guid>
<description></description>
</item>
<item>
<title>Formal Verification of Modern SAT Solvers</title>
<link>/entries/SATSolverVerification.html</link>
<pubDate>Wed, 23 Jul 2008 00:00:00 +0000</pubDate>
<guid>/entries/SATSolverVerification.html</guid>
<description></description>
</item>
<item>
<title>Recursion Theory I</title>
<link>/entries/Recursion-Theory-I.html</link>
<pubDate>Sat, 05 Apr 2008 00:00:00 +0000</pubDate>
<guid>/entries/Recursion-Theory-I.html</guid>
<description></description>
</item>
<item>
<title>A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</title>
<link>/entries/Simpl.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/Simpl.html</guid>
<description></description>
</item>
<item>
<title>BDD Normalisation</title>
<link>/entries/BDD.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/BDD.html</guid>
<description></description>
</item>
<item>
<title>Normalization by Evaluation</title>
<link>/entries/NormByEval.html</link>
<pubDate>Mon, 18 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/NormByEval.html</guid>
<description></description>
</item>
<item>
<title>Quantifier Elimination for Linear Arithmetic</title>
<link>/entries/LinearQuantifierElim.html</link>
<pubDate>Fri, 11 Jan 2008 00:00:00 +0000</pubDate>
<guid>/entries/LinearQuantifierElim.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors</title>
<link>/entries/Program-Conflict-Analysis.html</link>
<pubDate>Fri, 14 Dec 2007 00:00:00 +0000</pubDate>
<guid>/entries/Program-Conflict-Analysis.html</guid>
<description></description>
</item>
<item>
<title>Jinja with Threads</title>
<link>/entries/JinjaThreads.html</link>
<pubDate>Mon, 03 Dec 2007 00:00:00 +0000</pubDate>
<guid>/entries/JinjaThreads.html</guid>
<description></description>
</item>
<item>
<title>Much Ado About Two</title>
<link>/entries/MuchAdoAboutTwo.html</link>
<pubDate>Tue, 06 Nov 2007 00:00:00 +0000</pubDate>
<guid>/entries/MuchAdoAboutTwo.html</guid>
<description></description>
</item>
<item>
<title>Fermat&#39;s Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples</title>
<link>/entries/Fermat3_4.html</link>
<pubDate>Sun, 12 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/Fermat3_4.html</guid>
<description></description>
</item>
<item>
<title>Sums of Two and Four Squares</title>
<link>/entries/SumSquares.html</link>
<pubDate>Sun, 12 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/SumSquares.html</guid>
<description></description>
</item>
<item>
<title>Fundamental Properties of Valuation Theory and Hensel&#39;s Lemma</title>
<link>/entries/Valuation.html</link>
<pubDate>Wed, 08 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/Valuation.html</guid>
<description></description>
</item>
<item>
<title>First-Order Logic According to Fitting</title>
<link>/entries/FOL-Fitting.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/FOL-Fitting.html</guid>
<description></description>
</item>
<item>
<title>POPLmark Challenge Via de Bruijn Indices</title>
<link>/entries/POPLmark-deBruijn.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/POPLmark-deBruijn.html</guid>
<description></description>
</item>
<item>
<title>Hotel Key Card System</title>
<link>/entries/HotelKeyCards.html</link>
<pubDate>Sat, 09 Sep 2006 00:00:00 +0000</pubDate>
<guid>/entries/HotelKeyCards.html</guid>
<description></description>
</item>
<item>
<title>Abstract Hoare Logics</title>
<link>/entries/Abstract-Hoare-Logics.html</link>
<pubDate>Tue, 08 Aug 2006 00:00:00 +0000</pubDate>
<guid>/entries/Abstract-Hoare-Logics.html</guid>
<description></description>
</item>
<item>
<title>Flyspeck I: Tame Graphs</title>
<link>/entries/Flyspeck-Tame.html</link>
<pubDate>Mon, 22 May 2006 00:00:00 +0000</pubDate>
<guid>/entries/Flyspeck-Tame.html</guid>
<description></description>
</item>
<item>
<title>CoreC&#43;&#43;</title>
<link>/entries/CoreC&#43;&#43;.html</link>
<pubDate>Mon, 15 May 2006 00:00:00 +0000</pubDate>
<guid>/entries/CoreC&#43;&#43;.html</guid>
<description></description>
</item>
<item>
<title>A Theory of Featherweight Java in Isabelle/HOL</title>
<link>/entries/FeatherweightJava.html</link>
<pubDate>Fri, 31 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/FeatherweightJava.html</guid>
<description></description>
</item>
<item>
<title>Instances of Schneider&#39;s generalized protocol of clock synchronization</title>
<link>/entries/ClockSynchInst.html</link>
<pubDate>Wed, 15 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/ClockSynchInst.html</guid>
<description></description>
</item>
<item>
<title>Cauchy&#39;s Mean Theorem and the Cauchy-Schwarz Inequality</title>
<link>/entries/Cauchy.html</link>
<pubDate>Tue, 14 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/Cauchy.html</guid>
<description></description>
</item>
<item>
<title>Countable Ordinals</title>
<link>/entries/Ordinal.html</link>
<pubDate>Fri, 11 Nov 2005 00:00:00 +0000</pubDate>
<guid>/entries/Ordinal.html</guid>
<description></description>
</item>
<item>
<title>Fast Fourier Transform</title>
<link>/entries/FFT.html</link>
<pubDate>Wed, 12 Oct 2005 00:00:00 +0000</pubDate>
<guid>/entries/FFT.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Generalized Protocol for Clock Synchronization</title>
<link>/entries/GenClock.html</link>
<pubDate>Fri, 24 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/GenClock.html</guid>
<description></description>
</item>
<item>
<title>Proving the Correctness of Disk Paxos</title>
<link>/entries/DiskPaxos.html</link>
<pubDate>Wed, 22 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/DiskPaxos.html</guid>
<description></description>
</item>
<item>
<title>Jive Data and Store Model</title>
<link>/entries/JiveDataStoreModel.html</link>
<pubDate>Mon, 20 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/JiveDataStoreModel.html</guid>
<description></description>
</item>
<item>
<title>Jinja is not Java</title>
<link>/entries/Jinja.html</link>
<pubDate>Wed, 01 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/Jinja.html</guid>
<description></description>
</item>
<item>
<title>SHA1, RSA, PSS and more</title>
<link>/entries/RSAPSS.html</link>
<pubDate>Mon, 02 May 2005 00:00:00 +0000</pubDate>
<guid>/entries/RSAPSS.html</guid>
<description></description>
</item>
<item>
<title>Category Theory to Yoneda&#39;s Lemma</title>
<link>/entries/Category.html</link>
<pubDate>Thu, 21 Apr 2005 00:00:00 +0000</pubDate>
<guid>/entries/Category.html</guid>
<description></description>
</item>
<item>
<title>File Refinement</title>
<link>/entries/FileRefinement.html</link>
<pubDate>Thu, 09 Dec 2004 00:00:00 +0000</pubDate>
<guid>/entries/FileRefinement.html</guid>
<description></description>
</item>
<item>
<title>Integration theory and random variables</title>
<link>/entries/Integration.html</link>
<pubDate>Fri, 19 Nov 2004 00:00:00 +0000</pubDate>
<guid>/entries/Integration.html</guid>
<description></description>
</item>
<item>
<title>A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic</title>
<link>/entries/Verified-Prover.html</link>
<pubDate>Tue, 28 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Verified-Prover.html</guid>
<description></description>
</item>
<item>
<title>Completeness theorem</title>
<link>/entries/Completeness.html</link>
<pubDate>Mon, 20 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Completeness.html</guid>
<description></description>
</item>
<item>
<title>Ramsey&#39;s theorem, infinitary version</title>
<link>/entries/Ramsey-Infinite.html</link>
<pubDate>Mon, 20 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Ramsey-Infinite.html</guid>
<description></description>
</item>
<item>
<title>Compiling Exceptions Correctly</title>
<link>/entries/Compiling-Exceptions-Correctly.html</link>
<pubDate>Fri, 09 Jul 2004 00:00:00 +0000</pubDate>
<guid>/entries/Compiling-Exceptions-Correctly.html</guid>
<description></description>
</item>
<item>
<title>Depth First Search</title>
<link>/entries/Depth-First-Search.html</link>
<pubDate>Thu, 24 Jun 2004 00:00:00 +0000</pubDate>
<guid>/entries/Depth-First-Search.html</guid>
<description></description>
</item>
<item>
<title>Groups, Rings and Modules</title>
<link>/entries/Group-Ring-Module.html</link>
<pubDate>Tue, 18 May 2004 00:00:00 +0000</pubDate>
<guid>/entries/Group-Ring-Module.html</guid>
<description></description>
</item>
<item>
<title>Lazy Lists II</title>
<link>/entries/Lazy-Lists-II.html</link>
<pubDate>Mon, 26 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/Lazy-Lists-II.html</guid>
<description></description>
</item>
<item>
<title>Topology</title>
<link>/entries/Topology.html</link>
<pubDate>Mon, 26 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/Topology.html</guid>
<description></description>
</item>
<item>
<title>Binary Search Trees</title>
<link>/entries/BinarySearchTree.html</link>
<pubDate>Mon, 05 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/BinarySearchTree.html</guid>
<description></description>
</item>
<item>
<title>Functional Automata</title>
<link>/entries/Functional-Automata.html</link>
<pubDate>Tue, 30 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/Functional-Automata.html</guid>
<description></description>
</item>
<item>
<title>AVL Trees</title>
<link>/entries/AVL-Trees.html</link>
<pubDate>Fri, 19 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/AVL-Trees.html</guid>
<description></description>
</item>
<item>
<title>Mini ML</title>
<link>/entries/MiniML.html</link>
<pubDate>Fri, 19 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/MiniML.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/index.html b/web/index.html
--- a/web/index.html
+++ b/web/index.html
@@ -1,5702 +1,5742 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="generator" content="Hugo 0.88.1" />
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="./index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content=""/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="./css/front.min.css">
<link rel="icon" href="./images/favicon.ico" type="image/icon"><script src="./js/obfuscate.js"></script>
<script src="./js/flexsearch.bundle.js"></script>
<script src="./js/scroll-spy.js"></script>
<script src="./js/theory.js"></script>
<script src="./js/util.js"></script><script src="./js/header-search.js"></script><script src="./js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="./images/menu.svg" alt="Menu" />
</label>
<a href="./" class='logo-link'>
<img src="./images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<nav id="menu">
<div>
<a href="./" class='logo-link'>
<img src="./images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="./"><li class="active" >Home</li></a>
<a href="./topics/"><li >Topics</li></a>
<a href="./download/"><li >Download</li></a>
<a href="./help/"><li >Help</li></a>
<a href="./submission/"><li >Submission</li></a>
<a href="./statistics/"><li >Statistics</li></a>
<a href="./about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<h1 class="large-top-margin" >
<span class='first'>A</span>rchive of <span class='first'>F</span>ormal <span class='first'>P</span>roofs</h1>
<div>
</div>
</header><div><p>
The Archive of Formal Proofs is a collection of proof libraries, examples, and larger scientific developments,
mechanically checked in the theorem prover <a href="https://isabelle.in.tum.de/">Isabelle</a>.
It is organized in the way of a scientific journal,
is indexed by <a href="https://dblp.uni-trier.de/db/journals/afp/">dblp</a>
and has an ISSN: 2150-914x.
Submissions are refereed and we encourage companion AFP submissions to conference and journal publications.
To cite an entry, please use the <a href="./help/#citing-entries">preferred citation style</a>.
</p><p>
A <a href="https://devel.isa-afp.org/">development version</a> of the archive is available as well.
</p><form autocomplete="off" action="./search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">Search</button>
<datalist id="autocomplete">
</datalist>
</div>
</form><div>
<h2 class="year">2022</h2>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="./entries/Padic_Field.html">p-adic Fields and p-adic Semialgebraic Sets</a></h5> <br>
+ by <a href="./authors/crighton">Aaron Crighton</a></div>
+ <span class="date">
+ Sep 22
+ </span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="./entries/Risk_Free_Lending.html">Risk-Free Lending</a></h5> <br>
+ by <a href="./authors/doty">Matthew Doty</a></div>
+ <span class="date">
+ Sep 18
+ </span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="./entries/Implicational_Logic.html">Soundness and Completeness of Implicational Logic</a></h5> <br>
+ by <a href="./authors/from">Asta Halkjær From</a> and <a href="./authors/villadsen">Jørgen Villadsen</a></div>
+ <span class="date">
+ Sep 13
+ </span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
<h5><a class="title" href="./entries/CRYSTALS-Kyber.html">CRYSTALS-Kyber</a></h5> <br>
by <a href="./authors/kreuzer">Katharina Kreuzer</a></div>
<span class="date">
Sep 08
</span>
</article>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="./entries/Separation_Logic_Unbounded.html">Unbounded Separation Logic</a></h5> <br>
+ by <a href="./authors/dardinier">Thibault Dardinier</a></div>
+ <span class="date">
+ Sep 05
+ </span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
<h5><a class="title" href="./entries/Hales_Jewett.html">The Hales–Jewett Theorem</a></h5> <br>
by <a href="./authors/sulejmani">Ujkan Sulejmani</a>, <a href="./authors/eberl">Manuel Eberl</a> and <a href="./authors/kreuzer">Katharina Kreuzer</a></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Khovanskii_Theorem.html">Khovanskii&#39;s Theorem</a></h5> <br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Number_Theoretic_Transform.html">Number Theoretic Transform</a></h5> <br>
by <a href="./authors/ammer">Thomas Ammer</a> and <a href="./authors/kreuzer">Katharina Kreuzer</a></div>
<span class="date">
Aug 18
</span>
</article>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="./entries/SCC_Bloemen_Sequential.html">Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</a></h5> <br>
+ by <a href="./authors/merz">Stephan Merz</a> and <a href="./authors/trelat">Vincent Trélat</a></div>
+ <span class="date">
+ Aug 17
+ </span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
<h5><a class="title" href="./entries/Involutions2Squares.html">From THE BOOK: Two Squares via Involutions</a></h5> <br>
by <a href="./authors/bortin">Maksym Bortin</a></div>
<span class="date">
Aug 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FSM_Tests.html">Verified Complete Test Strategies for Finite State Machines</a></h5> <br>
by <a href="./authors/sachtleben">Robert Sachtleben</a></div>
<span class="date">
Aug 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Nano_JSON.html">Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a></div>
<span class="date">
Jul 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Commuting_Hermitian.html">Simultaneous diagonalization of pairwise commuting Hermitian matrices</a></h5> <br>
by <a href="./authors/echenim">Mnacho Echenim</a></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Solidity.html">Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</a></h5> <br>
by <a href="./authors/marmsoler">Diego Marmsoler</a> and <a href="./authors/brucker">Achim D. Brucker</a></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Weighted_Arithmetic_Geometric_Mean.html">Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IMP_Compiler_Reuse.html">A Reuse-Based Multi-Stage Compiler Verification for Language IMP</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Jul 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Real_Time_Deque.html">Real-Time Double-Ended Queue</a></h5> <br>
by <a href="./authors/toth">Balazs Toth</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Boolos_Curious_Inference.html">Boolos&#39;s Curious Inference in Isabelle/HOL</a></h5> <br>
by <a href="./authors/ketland">Jeffrey Ketland</a></div>
<span class="date">
Jun 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IsaNet.html">IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols</a></h5> <br>
by <a href="./authors/klenze">Tobias Klenze</a> and <a href="./authors/sprenger">Christoph Sprenger</a></div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Finite_Fields.html">Finite Fields</a></h5> <br>
by <a href="./authors/karayel">Emin Karayel</a></div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DPRM_Theorem.html">Diophantine Equations and the DPRM Theorem</a></h5> <br>
by <a href="./authors/bayer">Jonas Bayer</a>, <a href="./authors/david">Marco David</a>, <a href="./authors/stock">Benedikt Stock</a>, <a href="./authors/pal">Abhik Pal</a>, <a href="./authors/matiyasevich">Yuri Matiyasevich</a> and <a href="./authors/schleicher">Dierk Schleicher</a></div>
<span class="date">
Jun 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Rewrite_Properties_Reduction.html">Reducing Rewrite Properties to Properties on Ground Terms</a></h5> <br>
by <a href="./authors/lochmann">Alexander Lochmann</a></div>
<span class="date">
Jun 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Combinable_Wands.html">A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</a></h5> <br>
by <a href="./authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
May 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pluennecke_Ruzsa_Inequality.html">The Plünnecke-Ruzsa Inequality</a></h5> <br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
May 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Package_logic.html">Formalization of a Framework for the Sound Automation of Magic Wands</a></h5> <br>
by <a href="./authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
May 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Clique_and_Monotone_Circuits.html">Clique is not solvable by monotone circuits of polynomial size</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fishers_Inequality.html">Fisher&#39;s Inequality: Linear Algebraic Proof Techniques for Combinatorics</a></h5> <br>
by <a href="./authors/edmonds">Chelsea Edmonds</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Apr 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Multiset_Ordering_NPC.html">The Generalized Multiset Ordering is NP-Complete</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/schmidinger">Lukas Schmidinger</a></div>
<span class="date">
Apr 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Digit_Expansions.html">Digit Expansions</a></h5> <br>
by <a href="./authors/bayer">Jonas Bayer</a>, <a href="./authors/david">Marco David</a>, <a href="./authors/pal">Abhik Pal</a> and <a href="./authors/stock">Benedikt Stock</a></div>
<span class="date">
Apr 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sophomores_Dream.html">The Sophomore&#39;s Dream</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Frequency_Moments.html">Formalization of Randomized Approximation Algorithms for Frequency Moments</a></h5> <br>
by <a href="./authors/karayel">Emin Karayel</a></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Prefix_Free_Code_Combinators.html">A Combinator Library for Prefix-Free Codes</a></h5> <br>
by <a href="./authors/karayel">Emin Karayel</a></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dedekind_Real.html">Constructing the Reals as Dedekind Cuts of Rationals</a></h5> <br>
by <a href="./authors/fleuriot">Jacques D. Fleuriot</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Mar 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ackermanns_not_PR.html">Ackermann&#39;s Function Is Not Primitive Recursive</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FOL_Seq_Calc3.html">A Naive Prover for First-Order Logic</a></h5> <br>
by <a href="./authors/from">Asta Halkjær From</a></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Cotangent_PFD_Formula.html">A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Independence_CH.html">The Independence of the Continuum Hypothesis in Isabelle/ZF</a></h5> <br>
by <a href="./authors/gunther">Emmanuel Gunther</a>, <a href="./authors/pagano">Miguel Pagano</a>, <a href="./authors/terraf">Pedro Sánchez Terraf</a> and <a href="./authors/steinberg">Matías Steinberg</a></div>
<span class="date">
Mar 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Transitive_Models.html">Transitive Models of Fragments of ZFC</a></h5> <br>
by <a href="./authors/gunther">Emmanuel Gunther</a>, <a href="./authors/pagano">Miguel Pagano</a>, <a href="./authors/terraf">Pedro Sánchez Terraf</a> and <a href="./authors/steinberg">Matías Steinberg</a></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ResiduatedTransitionSystem.html">Residuated Transition Systems</a></h5> <br>
by <a href="./authors/stark">Eugene W. Stark</a></div>
<span class="date">
Feb 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Universal_Hash_Families.html">Universal Hash Families</a></h5> <br>
by <a href="./authors/karayel">Emin Karayel</a></div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Wetzels_Problem.html">Wetzel&#39;s Problem and the Continuum Hypothesis</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Feb 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Eval_FO.html">First-Order Query Evaluation</a></h5> <br>
by <a href="./authors/raszyk">Martin Raszyk</a></div>
<span class="date">
Feb 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/VYDRA_MDL.html">Multi-Head Monitoring of Metric Dynamic Logic</a></h5> <br>
by <a href="./authors/raszyk">Martin Raszyk</a></div>
<span class="date">
Feb 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Equivalence_Relation_Enumeration.html">Enumeration of Equivalence Relations</a></h5> <br>
by <a href="./authors/karayel">Emin Karayel</a></div>
<span class="date">
Feb 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Quasi_Borel_Spaces.html">Quasi-Borel Spaces</a></h5> <br>
by <a href="./authors/hirata">Michikazu Hirata</a>, <a href="./authors/minamide">Yasuhiko Minamide</a> and <a href="./authors/sato">Tetsuya Sato</a></div>
<span class="date">
Feb 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LP_Duality.html">Duality of Linear Programming</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FO_Theory_Rewriting.html">First-Order Theory of Rewriting</a></h5> <br>
by <a href="./authors/lochmann">Alexander Lochmann</a> and <a href="./authors/felgenhauer">Bertram Felgenhauer</a></div>
<span class="date">
Feb 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Youngs_Inequality.html">Young&#39;s Inequality for Increasing Functions</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FOL_Seq_Calc2.html">A Sequent Calculus Prover for First-Order Logic with Functions</a></h5> <br>
by <a href="./authors/from">Asta Halkjær From</a> and <a href="./authors/jacobsen">Frederik Krogsdal Jacobsen</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Interpolation_Polynomials_HOL_Algebra.html">Interpolation Polynomials (in HOL-Algebra)</a></h5> <br>
by <a href="./authors/karayel">Emin Karayel</a></div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Median_Method.html">Median Method</a></h5> <br>
by <a href="./authors/karayel">Emin Karayel</a></div>
<span class="date">
Jan 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Actuarial_Mathematics.html">Actuarial Mathematics</a></h5> <br>
by <a href="./authors/ito">Yosuke Ito</a></div>
<span class="date">
Jan 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Irrationals_From_THEBOOK.html">Irrational numbers from THE BOOK</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Jan 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Knights_Tour.html">Knight&#39;s Tour Revisited Revisited</a></h5> <br>
by <a href="./authors/koller">Lukas Koller</a></div>
<span class="date">
Jan 04
</span>
</article></div><div>
<h2 class="year">2021</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hyperdual.html">Hyperdual Numbers and Forward Differentiation</a></h5> <br>
by <a href="./authors/smola">Filip Smola</a> and <a href="./authors/fleuriot">Jacques D. Fleuriot</a></div>
<span class="date">
Dec 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gale_Shapley.html">Gale-Shapley Algorithm</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Dec 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Roth_Arithmetic_Progressions.html">Roth&#39;s Theorem on Arithmetic Progressions</a></h5> <br>
by <a href="./authors/edmonds">Chelsea Edmonds</a>, <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MDP-Algorithms.html">Verified Algorithms for Solving Markov Decision Processes</a></h5> <br>
by <a href="./authors/schaeffeler">Maximilian Schäffeler</a> and <a href="./authors/abdulaziz">Mohammad Abdulaziz</a></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MDP-Rewards.html">Markov Decision Processes with Rewards</a></h5> <br>
by <a href="./authors/schaeffeler">Maximilian Schäffeler</a> and <a href="./authors/abdulaziz">Mohammad Abdulaziz</a></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Regular_Tree_Relations.html">Regular Tree Relations</a></h5> <br>
by <a href="./authors/lochmann">Alexander Lochmann</a>, <a href="./authors/felgenhauer">Bertram Felgenhauer</a>, <a href="./authors/sternagel">Christian Sternagel</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/sternagelt">Thomas Sternagel</a></div>
<span class="date">
Dec 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Simplicial_complexes_and_boolean_functions.html">Simplicial Complexes and Boolean functions</a></h5> <br>
by <a href="./authors/aransay">Jesús Aransay</a>, <a href="./authors/campo">Alejandro del Campo</a> and <a href="./authors/michaelis">Julius Michaelis</a></div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Van_Emde_Boas_Trees.html">van Emde Boas Trees</a></h5> <br>
by <a href="./authors/ammer">Thomas Ammer</a> and <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Foundation_of_geometry.html">Foundation of geometry in planes, and some complements: Excluding the parallel axioms</a></h5> <br>
by <a href="./authors/iwama">Fumiya Iwama</a></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hahn_Jordan_Decomposition.html">The Hahn and Jordan Decomposition Theorems</a></h5> <br>
by <a href="./authors/cousin">Marie Cousin</a>, <a href="./authors/echenim">Mnacho Echenim</a> and <a href="./authors/guiol">Hervé Guiol</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Real_Power.html">Real Exponents as the Limits of Sequences of Rational Exponents</a></h5> <br>
by <a href="./authors/fleuriot">Jacques D. Fleuriot</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Factor_Algebraic_Polynomial.html">Factorization of Polynomials with Algebraic Coefficients</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SimplifiedOntologicalArgument.html">Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</a></h5> <br>
by <a href="./authors/benzmueller">Christoph Benzmüller</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PAL.html">Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL</a></h5> <br>
by <a href="./authors/benzmueller">Christoph Benzmüller</a> and <a href="./authors/reiche">Sebastian Reiche</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Szemeredi_Regularity.html">Szemerédi&#39;s Regularity Lemma</a></h5> <br>
by <a href="./authors/edmonds">Chelsea Edmonds</a>, <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Nov 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Registers.html">Quantum and Classical Registers</a></h5> <br>
by <a href="./authors/unruh">Dominique Unruh</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Belief_Revision.html">Belief Revision Theory</a></h5> <br>
by <a href="./authors/fouillard">Valentin Fouillard</a>, <a href="./authors/taha">Safouan Taha</a>, <a href="./authors/boulanger">Frédéric Boulanger</a> and <a href="./authors/sabouret">Nicolas Sabouret</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/X86_Semantics.html">X86 instruction semantics and basic block symbolic execution</a></h5> <br>
by <a href="./authors/verbeek">Freek Verbeek</a>, <a href="./authors/bharadwaj">Abhijith Bharadwaj</a>, <a href="./authors/bockenek">Joshua Bockenek</a>, <a href="./authors/roessle">Ian Roessle</a>, <a href="./authors/weerwag">Timmy Weerwag</a> and <a href="./authors/ravindran">Binoy Ravindran</a></div>
<span class="date">
Oct 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Correctness_Algebras.html">Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Virtual_Substitution.html">Verified Quadratic Virtual Substitution for Real Arithmetic</a></h5> <br>
by <a href="./authors/scharager">Matias Scharager</a>, <a href="./authors/cordwell">Katherine Cordwell</a>, <a href="./authors/mitsch">Stefan Mitsch</a> and <a href="./authors/platzer">André Platzer</a></div>
<span class="date">
Oct 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FOL_Axiomatic.html">Soundness and Completeness of an Axiomatic System for First-Order Logic</a></h5> <br>
by <a href="./authors/from">Asta Halkjær From</a></div>
<span class="date">
Sep 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Complex_Bounded_Operators.html">Complex Bounded Operators</a></h5> <br>
by <a href="./authors/caballero">José Manuel Rodríguez Caballero</a> and <a href="./authors/unruh">Dominique Unruh</a></div>
<span class="date">
Sep 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Weighted_Path_Order.html">A Formalization of Weighted Path Orders and Recursive Path Orders</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Intro_Dest_Elim.html">IDE: Introduction, Destruction, Elimination</a></h5> <br>
by <a href="./authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Types_To_Sets_Extension.html">Extension of Types-To-Sets</a></h5> <br>
by <a href="./authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Conditional_Transfer_Rule.html">Conditional Transfer Rule</a></h5> <br>
by <a href="./authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Conditional_Simplification.html">Conditional Simplification</a></h5> <br>
by <a href="./authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CZH_Universal_Constructions.html">Category Theory for ZFC in HOL III: Universal Constructions</a></h5> <br>
by <a href="./authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CZH_Elementary_Categories.html">Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories</a></h5> <br>
by <a href="./authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CZH_Foundations.html">Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories</a></h5> <br>
by <a href="./authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dominance_CHK.html">A data flow analysis algorithm for computing dominators</a></h5> <br>
by <a href="./authors/jiang">Nan Jiang</a></div>
<span class="date">
Sep 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Cubic_Quartic_Equations.html">Solving Cubic and Quartic Equations</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Sep 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Logging_Independent_Anonymity.html">Logging-independent Message Anonymity in the Relational Method</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Three_Circles.html">The Theorem of Three Circles</a></h5> <br>
by <a href="./authors/thomson">Fox Thomson</a> and <a href="./authors/li">Wenda Li</a></div>
<span class="date">
Aug 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fresh_Identifiers.html">Fresh identifiers</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/bauereiss">Thomas Bauereiss</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CoSMeDis.html">CoSMeDis: A confidentiality-verified distributed social media platform</a></h5> <br>
by <a href="./authors/bauereiss">Thomas Bauereiss</a> and <a href="./authors/popescu">Andrei Popescu</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CoSMed.html">CoSMed: A confidentiality-verified social media platform</a></h5> <br>
by <a href="./authors/bauereiss">Thomas Bauereiss</a> and <a href="./authors/popescu">Andrei Popescu</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BD_Security_Compositional.html">Compositional BD Security</a></h5> <br>
by <a href="./authors/bauereiss">Thomas Bauereiss</a> and <a href="./authors/popescu">Andrei Popescu</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CoCon.html">CoCon: A Confidentiality-Verified Conference Management System</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a>, <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/bauereiss">Thomas Bauereiss</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Design_Theory.html">Combinatorial Design Theory</a></h5> <br>
by <a href="./authors/edmonds">Chelsea Edmonds</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Aug 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relational_Forests.html">Relational Forests</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Aug 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Schutz_Spacetime.html">Schutz&#39; Independent Axioms for Minkowski Spacetime</a></h5> <br>
by <a href="./authors/schmoetten">Richard Schmoetten</a>, <a href="./authors/palmer">Jake Palmer</a> and <a href="./authors/fleuriot">Jacques D. Fleuriot</a></div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Finitely_Generated_Abelian_Groups.html">Finitely Generated Abelian Groups</a></h5> <br>
by <a href="./authors/thommes">Joseph Thommes</a> and <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SpecCheck.html">SpecCheck - Specification-Based Testing for Isabelle/ML</a></h5> <br>
by <a href="./authors/kappelmann">Kevin Kappelmann</a>, <a href="./authors/bulwahn">Lukas Bulwahn</a> and <a href="./authors/willenbrink">Sebastian Willenbrink</a></div>
<span class="date">
Jul 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Van_der_Waerden.html">Van der Waerden&#39;s Theorem</a></h5> <br>
by <a href="./authors/kreuzer">Katharina Kreuzer</a> and <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jun 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MiniSail.html">MiniSail - A kernel language for the ISA specification language SAIL</a></h5> <br>
by <a href="./authors/wassell">Mark Wassell</a></div>
<span class="date">
Jun 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Public_Announcement_Logic.html">Public Announcement Logic</a></h5> <br>
by <a href="./authors/from">Asta Halkjær From</a></div>
<span class="date">
Jun 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IMP_Compiler.html">A Shorter Compiler Correctness Proof for Language IMP</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Combinatorics_Words_Lyndon.html">Lyndon words</a></h5> <br>
by <a href="./authors/holub">Štěpán Holub</a> and <a href="./authors/starosta">Štěpán Starosta</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Combinatorics_Words_Graph_Lemma.html">Graph Lemma</a></h5> <br>
by <a href="./authors/holub">Štěpán Holub</a> and <a href="./authors/starosta">Štěpán Starosta</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Combinatorics_Words.html">Combinatorics on Words Basics</a></h5> <br>
by <a href="./authors/holub">Štěpán Holub</a>, <a href="./authors/raska">Martin Raška</a> and <a href="./authors/starosta">Štěpán Starosta</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Regression_Test_Selection.html">Regression Test Selection</a></h5> <br>
by <a href="./authors/mansky">Susannah Mansky</a></div>
<span class="date">
Apr 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lifting_the_Exponent.html">Lifting the Exponent</a></h5> <br>
by <a href="./authors/kadzioka">Maya Kądziołka</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Metalogic_ProofChecker.html">Isabelle&#39;s Metalogic: Formalization and Proof Checker</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a> and <a href="./authors/rosskopf">Simon Roßkopf</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BenOr_Kozen_Reif.html">The BKR Decision Procedure for Univariate Real Arithmetic</a></h5> <br>
by <a href="./authors/cordwell">Katherine Cordwell</a>, <a href="./authors/tan">Yong Kiam Tan</a> and <a href="./authors/platzer">André Platzer</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/GaleStewart_Games.html">Gale-Stewart Games</a></h5> <br>
by <a href="./authors/joosten">Sebastiaan J. C. Joosten</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Progress_Tracking.html">Formalization of Timely Dataflow&#39;s Progress Tracking Protocol</a></h5> <br>
by <a href="./authors/brun">Matthias Brun</a>, <a href="./authors/decova">Sára Decova</a>, <a href="./authors/lattuada">Andrea Lattuada</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IFC_Tracking.html">Information Flow Control via Dependency Tracking</a></h5> <br>
by <a href="./authors/nordhoff">Benedikt Nordhoff</a></div>
<span class="date">
Apr 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Grothendieck_Schemes.html">Grothendieck&#39;s Schemes in Algebraic Geometry</a></h5> <br>
by <a href="./authors/bordg">Anthony Bordg</a>, <a href="./authors/paulson">Lawrence C. Paulson</a> and <a href="./authors/li">Wenda Li</a></div>
<span class="date">
Mar 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Padic_Ints.html">Hensel&#39;s Lemma for the p-adic Integers</a></h5> <br>
by <a href="./authors/crighton">Aaron Crighton</a></div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Constructive_Cryptography_CM.html">Constructive Cryptography in HOL: the Communication Modeling Aspect</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Mar 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Modular_arithmetic_LLL_and_HNF_algorithms.html">Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation</a></h5> <br>
by <a href="./authors/bottesch">Ralph Bottesch</a>, <a href="./authors/divason">Jose Divasón</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hermite_Lindemann.html">The Hermite–Lindemann–Weierstraß Transcendence Theorem</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Projective_Measurements.html">Quantum projective measurements and the CHSH inequality</a></h5> <br>
by <a href="./authors/echenim">Mnacho Echenim</a></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Mereology.html">Mereology</a></h5> <br>
by <a href="./authors/blumson">Ben Blumson</a></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sunflowers.html">The Sunflower Lemma of Erdős and Rado</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BTree.html">A Verified Imperative Implementation of B-Trees</a></h5> <br>
by <a href="./authors/muendler">Niels Mündler</a></div>
<span class="date">
Feb 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Formal_Puiseux_Series.html">Formal Puiseux Series</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Laws_of_Large_Numbers.html">The Laws of Large Numbers</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IsaGeoCoq.html">Tarski&#39;s Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid</a></h5> <br>
by <a href="./authors/coghetto">Roland Coghetto</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Blue_Eyes.html">Solution to the xkcd Blue Eyes puzzle</a></h5> <br>
by <a href="./authors/kadzioka">Maya Kądziołka</a></div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hood_Melville_Queue.html">Hood-Melville Queue</a></h5> <br>
by <a href="./authors/londono">Alejandro Gómez-Londoño</a></div>
<span class="date">
Jan 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/JinjaDCI.html">JinjaDCI: a Java semantics with dynamic class initialization</a></h5> <br>
by <a href="./authors/mansky">Susannah Mansky</a></div>
<span class="date">
Jan 11
</span>
</article></div><div>
<h2 class="year">2020</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Delta_System_Lemma.html">Cofinality and the Delta System Lemma</a></h5> <br>
by <a href="./authors/terraf">Pedro Sánchez Terraf</a></div>
<span class="date">
Dec 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Topological_Semantics.html">Topological semantics for paraconsistent and paracomplete logics</a></h5> <br>
by <a href="./authors/fuenmayor">David Fuenmayor</a></div>
<span class="date">
Dec 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relational_Minimum_Spanning_Trees.html">Relational Minimum Spanning Tree Algorithms</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a> and <a href="./authors/brien">Nicolas Robinson-O&rsquo;Brien</a></div>
<span class="date">
Dec 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Interpreter_Optimizations.html">Inline Caching and Unboxing Optimization for Interpreters</a></h5> <br>
by <a href="./authors/desharnais">Martin Desharnais</a></div>
<span class="date">
Dec 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relational_Method.html">The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Dec 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Isabelle_Marries_Dirac.html">Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information</a></h5> <br>
by <a href="./authors/bordg">Anthony Bordg</a>, <a href="./authors/lachnitt">Hanna Lachnitt</a> and <a href="./authors/he">Yijun He</a></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CSP_RefTK.html">The HOL-CSP Refinement Toolkit</a></h5> <br>
by <a href="./authors/taha">Safouan Taha</a>, <a href="./authors/wolff">Burkhart Wolff</a> and <a href="./authors/ye">Lina Ye</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Verified_SAT_Based_AI_Planning.html">Verified SAT-Based AI Planning</a></h5> <br>
by <a href="./authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="./authors/kurz">Friedrich Kurz</a></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AI_Planning_Languages_Semantics.html">AI Planning Languages Semantics</a></h5> <br>
by <a href="./authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Physical_Quantities.html">A Sound Type System for Physical Quantities, Units, and Measurements</a></h5> <br>
by <a href="./authors/fosters">Simon Foster</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Oct 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Finite-Map-Extras.html">Finite Map Extras</a></h5> <br>
by <a href="./authors/diaz">Javier Díaz</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Core_SC_DOM.html">The Safely Composable DOM</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DOM_Components.html">A Formalization of Web Components</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SC_DOM_Components.html">A Formalization of Safely Composable Web Components</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Shadow_SC_DOM.html">A Formal Model of the Safely Composable Document Object Model with Shadow Roots</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Shadow_DOM.html">A Formal Model of the Document Object Model with Shadow Roots</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Syntax_Independent_Logic.html">Syntax-Independent Logic Infrastructure</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Robinson_Arithmetic.html">Robinson Arithmetic</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Goedel_HFSet_Semanticless.html">From Abstract to Concrete Gödel&#39;s Incompleteness Theorems—Part II</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Goedel_HFSet_Semantic.html">From Abstract to Concrete Gödel&#39;s Incompleteness Theorems—Part I</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Goedel_Incompleteness.html">An Abstract Formalization of Gödel&#39;s Incompleteness Theorems</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Extended_Finite_State_Machine_Inference.html">Inference of Extended Finite State Machines</a></h5> <br>
by <a href="./authors/foster">Michael Foster</a>, <a href="./authors/brucker">Achim D. Brucker</a>, <a href="./authors/taylor">Ramsay G. Taylor</a> and <a href="./authors/derrick">John Derrick</a></div>
<span class="date">
Sep 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Extended_Finite_State_Machines.html">A Formal Model of Extended Finite State Machines</a></h5> <br>
by <a href="./authors/foster">Michael Foster</a>, <a href="./authors/brucker">Achim D. Brucker</a>, <a href="./authors/taylor">Ramsay G. Taylor</a> and <a href="./authors/derrick">John Derrick</a></div>
<span class="date">
Sep 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Inductive_Inference.html">Some classical results in inductive inference of recursive functions</a></h5> <br>
by <a href="./authors/balbach">Frank J. Balbach</a></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PAC_Checker.html">Practical Algebraic Calculus Checker</a></h5> <br>
by <a href="./authors/fleury">Mathias Fleury</a> and <a href="./authors/kaufmann">Daniela Kaufmann</a></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relational_Disjoint_Set_Forests.html">Relational Disjoint-Set Forests</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BirdKMP.html">Putting the `K&#39; into Bird&#39;s derivation of Knuth-Morris-Pratt string matching</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Saturation_Framework_Extensions.html">Extensions to the Comprehensive Framework for Saturation Theorem Proving</a></h5> <br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a> and <a href="./authors/tourret">Sophie Tourret</a></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Amicable_Numbers.html">Amicable Numbers</a></h5> <br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a></div>
<span class="date">
Aug 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ordinal_Partitions.html">Ordinal Partitions</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Aug 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Chandy_Lamport.html">A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm</a></h5> <br>
by <a href="./authors/fiedler">Ben Fiedler</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relational_Paths.html">Relational Characterisations of Paths</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a> and <a href="./authors/hoefner">Peter Höfner</a></div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Safe_Distance.html">A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles</a></h5> <br>
by <a href="./authors/rizaldi">Albert Rizaldi</a> and <a href="./authors/immler">Fabian Immler</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Smith_Normal_Form.html">A verified algorithm for computing the Smith normal form of a matrix</a></h5> <br>
by <a href="./authors/divason">Jose Divasón</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Nash_Williams.html">The Nash-Williams Partition Theorem</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
May 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Knuth_Bendix_Order.html">A Formalization of Knuth–Bendix Orders</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
May 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Irrational_Series_Erdos_Straus.html">Irrationality Criteria for Series by Erdős and Straus</a></h5> <br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/li">Wenda Li</a></div>
<span class="date">
May 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Recursion-Addition.html">Recursion Theorem in ZF</a></h5> <br>
by <a href="./authors/dunaev">Georgy Dunaev</a></div>
<span class="date">
May 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LTL_Normal_Form.html">An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</a></h5> <br>
by <a href="./authors/sickert">Salomon Sickert</a></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Forcing.html">Formalization of Forcing in Isabelle/ZF</a></h5> <br>
by <a href="./authors/gunther">Emmanuel Gunther</a>, <a href="./authors/pagano">Miguel Pagano</a> and <a href="./authors/terraf">Pedro Sánchez Terraf</a></div>
<span class="date">
May 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Banach_Steinhaus.html">Banach-Steinhaus Theorem</a></h5> <br>
by <a href="./authors/unruh">Dominique Unruh</a> and <a href="./authors/caballero">José Manuel Rodríguez Caballero</a></div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Attack_Trees.html">Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems</a></h5> <br>
by <a href="./authors/kammueller">Florian Kammüller</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lambert_W.html">The Lambert W Function on the Reals</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Power_Sum_Polynomials.html">Power Sum Polynomials</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gaussian_Integers.html">Gaussian Integers</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Matrices_for_ODEs.html">Matrices for ODEs</a></h5> <br>
by <a href="./authors/munive">Jonathan Julian Huerta y Munive</a></div>
<span class="date">
Apr 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ADS_Functor.html">Authenticated Data Structures As Functors</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/maric">Ognjen Marić</a></div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sliding_Window_Algorithm.html">Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows</a></h5> <br>
by <a href="./authors/heimes">Lukas Heimes</a>, <a href="./authors/traytel">Dmitriy Traytel</a> and <a href="./authors/schneider">Joshua Schneider</a></div>
<span class="date">
Apr 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MFODL_Monitor_Optimized.html">Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</a></h5> <br>
by <a href="./authors/dardinier">Thibault Dardinier</a>, <a href="./authors/heimes">Lukas Heimes</a>, <a href="./authors/raszyk">Martin Raszyk</a>, <a href="./authors/schneider">Joshua Schneider</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Saturation_Framework.html">A Comprehensive Framework for Saturation Theorem Proving</a></h5> <br>
by <a href="./authors/tourret">Sophie Tourret</a></div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stateful_Protocol_Composition_and_Typing.html">Stateful Protocol Composition and Typing</a></h5> <br>
by <a href="./authors/hess">Andreas V. Hess</a>, <a href="./authors/moedersheim">Sebastian Mödersheim</a> and <a href="./authors/brucker">Achim D. Brucker</a></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Automated_Stateful_Protocol_Verification.html">Automated Stateful Protocol Verification</a></h5> <br>
by <a href="./authors/hess">Andreas V. Hess</a>, <a href="./authors/moedersheim">Sebastian Mödersheim</a>, <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/schlichtkrull">Anders Schlichtkrull</a></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lucas_Theorem.html">Lucas&#39;s Theorem</a></h5> <br>
by <a href="./authors/edmonds">Chelsea Edmonds</a></div>
<span class="date">
Apr 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/WOOT_Strong_Eventual_Consistency.html">Strong Eventual Consistency of the Collaborative Editing Framework WOOT</a></h5> <br>
by <a href="./authors/karayel">Emin Karayel</a> and <a href="./authors/gonzalez">Edgar Gonzàlez</a></div>
<span class="date">
Mar 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Furstenberg_Topology.html">Furstenberg&#39;s topology and his proof of the infinitude of primes</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relational-Incorrectness-Logic.html">An Under-Approximate Relational Logic</a></h5> <br>
by <a href="./authors/murray">Toby Murray</a></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hello_World.html">Hello World</a></h5> <br>
by <a href="./authors/diekmann">Cornelius Diekmann</a> and <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Mar 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Goodstein_Lambda.html">Implementing the Goodstein Function in λ-Calculus</a></h5> <br>
by <a href="./authors/felgenhauer">Bertram Felgenhauer</a></div>
<span class="date">
Feb 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/VeriComp.html">A Generic Framework for Verified Compilers</a></h5> <br>
by <a href="./authors/desharnais">Martin Desharnais</a></div>
<span class="date">
Feb 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Arith_Prog_Rel_Primes.html">Arithmetic progressions and relative primes</a></h5> <br>
by <a href="./authors/caballero">José Manuel Rodríguez Caballero</a></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Subset_Boolean_Algebras.html">A Hierarchy of Algebras for Boolean Subsets</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a> and <a href="./authors/moeller">Bernhard Möller</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Mersenne_Primes.html">Mersenne primes and the Lucas–Lehmer test</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Approximation_Algorithms.html">Verified Approximation Algorithms</a></h5> <br>
by <a href="./authors/essmann">Robin Eßmann</a>, <a href="./authors/nipkow">Tobias Nipkow</a>, <a href="./authors/robillard">Simon Robillard</a> and <a href="./authors/sulejmani">Ujkan Sulejmani</a></div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Closest_Pair_Points.html">Closest Pair of Points Algorithms</a></h5> <br>
by <a href="./authors/rau">Martin Rau</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jan 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Skip_Lists.html">Skip Lists</a></h5> <br>
by <a href="./authors/haslbeck">Max W. Haslbeck</a> and <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Bicategory.html">Bicategories</a></h5> <br>
by <a href="./authors/stark">Eugene W. Stark</a></div>
<span class="date">
Jan 06
</span>
</article></div><div>
<h2 class="year">2019</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Zeta_3_Irrational.html">The Irrationality of ζ(3)</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hybrid_Logic.html">Formalizing a Seligman-Style Tableau System for Hybrid Logic</a></h5> <br>
by <a href="./authors/from">Asta Halkjær From</a></div>
<span class="date">
Dec 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Poincare_Bendixson.html">The Poincaré-Bendixson Theorem</a></h5> <br>
by <a href="./authors/immler">Fabian Immler</a> and <a href="./authors/tan">Yong Kiam Tan</a></div>
<span class="date">
Dec 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Poincare_Disc.html">Poincaré Disc Model</a></h5> <br>
by <a href="./authors/simic">Danijela Simić</a>, <a href="./authors/maricf">Filip Marić</a> and <a href="./authors/boutry">Pierre Boutry</a></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Complex_Geometry.html">Complex Geometry</a></h5> <br>
by <a href="./authors/maricf">Filip Marić</a> and <a href="./authors/simic">Danijela Simić</a></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gauss_Sums.html">Gauss Sums and the Pólya–Vinogradov Inequality</a></h5> <br>
by <a href="./authors/raya">Rodrigo Raya</a> and <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Generalized_Counting_Sort.html">An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Dec 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Interval_Arithmetic_Word32.html">Interval Arithmetic on 32-bit Words</a></h5> <br>
by <a href="./authors/bohrer">Rose Bohrer</a></div>
<span class="date">
Nov 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ZFC_in_HOL.html">Zermelo Fraenkel Set Theory in Higher-Order Logic</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Oct 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Isabelle_C.html">Isabelle/C</a></h5> <br>
by <a href="./authors/tuong">Frédéric Tuong</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Oct 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/VerifyThis2019.html">VerifyThis 2019 -- Polished Isabelle Solutions</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Oct 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Aristotles_Assertoric_Syllogistic.html">Aristotle&#39;s Assertoric Syllogistic</a></h5> <br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a></div>
<span class="date">
Oct 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sigma_Commit_Crypto.html">Sigma Protocols and Commitment Schemes</a></h5> <br>
by <a href="./authors/butler">David Butler</a> and <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Oct 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Clean.html">Clean - An Abstract Imperative Programming Language and its Theory</a></h5> <br>
by <a href="./authors/tuong">Frédéric Tuong</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Oct 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Generic_Join.html">Formalization of Multiway-Join Algorithms</a></h5> <br>
by <a href="./authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hybrid_Systems_VCs.html">Verification Components for Hybrid Systems</a></h5> <br>
by <a href="./authors/munive">Jonathan Julian Huerta y Munive</a></div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fourier.html">Fourier Series</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Jacobson_Basic_Algebra.html">A Case Study in Basic Algebra</a></h5> <br>
by <a href="./authors/ballarin">Clemens Ballarin</a></div>
<span class="date">
Aug 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Adaptive_State_Counting.html">Formalisation of an Adaptive State Counting Algorithm</a></h5> <br>
by <a href="./authors/sachtleben">Robert Sachtleben</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Laplace_Transform.html">Laplace Transform</a></h5> <br>
by <a href="./authors/immler">Fabian Immler</a></div>
<span class="date">
Aug 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Linear_Programming.html">Linear Programming</a></h5> <br>
by <a href="./authors/parsert">Julian Parsert</a> and <a href="./authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Aug 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/C2KA_DistributedSystems.html">Communicating Concurrent Kleene Algebra for Distributed Systems Specification</a></h5> <br>
by <a href="./authors/buyse">Maxime Buyse</a> and <a href="./authors/jaskolka">Jason Jaskolka</a></div>
<span class="date">
Aug 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IMO2019.html">Selected Problems from the International Mathematical Olympiad 2019</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Aug 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stellar_Quorums.html">Stellar Quorum Systems</a></h5> <br>
by <a href="./authors/losa">Giuliano Losa</a></div>
<span class="date">
Aug 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/TESL_Language.html">A Formal Development of a Polychronous Polytimed Coordination Language</a></h5> <br>
by <a href="./authors/van">Hai Nguyen Van</a>, <a href="./authors/boulanger">Frédéric Boulanger</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Jul 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Szpilrajn.html">Order Extension and Szpilrajn&#39;s Extension Theorem</a></h5> <br>
by <a href="./authors/zeller">Peter Zeller</a> and <a href="./authors/stevens">Lukas Stevens</a></div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FOL_Seq_Calc1.html">A Sequent Calculus for First-Order Logic</a></h5> <br>
by <a href="./authors/from">Asta Halkjær From</a></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CakeML_Codegen.html">A Verified Code Generator from Isabelle/HOL to CakeML</a></h5> <br>
by <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MFOTL_Monitor.html">Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</a></h5> <br>
by <a href="./authors/schneider">Joshua Schneider</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Complete_Non_Orders.html">Complete Non-Orders and Fixed Points</a></h5> <br>
by <a href="./authors/yamada">Akihisa Yamada</a> and <a href="./authors/dubut">Jérémy Dubut</a></div>
<span class="date">
Jun 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Prim_Dijkstra_Simple.html">Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Priority_Search_Trees.html">Priority Search Trees</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Linear_Inequalities.html">Linear Inequalities</a></h5> <br>
by <a href="./authors/bottesch">Ralph Bottesch</a>, <a href="./authors/reynaud">Alban Reynaud</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Jun 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Nullstellensatz.html">Hilbert&#39;s Nullstellensatz</a></h5> <br>
by <a href="./authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
Jun 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Groebner_Macaulay.html">Gröbner Bases, Macaulay Matrices and Dubé&#39;s Degree Bounds</a></h5> <br>
by <a href="./authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
Jun 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IMP2_Binary_Heap.html">Binary Heaps for IMP2</a></h5> <br>
by <a href="./authors/griebel">Simon Griebel</a></div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Differential_Game_Logic.html">Differential Game Logic</a></h5> <br>
by <a href="./authors/platzer">André Platzer</a></div>
<span class="date">
Jun 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/KD_Tree.html">Multidimensional Binary Search Trees</a></h5> <br>
by <a href="./authors/rau">Martin Rau</a></div>
<span class="date">
May 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LambdaAuth.html">Formalization of Generic Authenticated Data Structures</a></h5> <br>
by <a href="./authors/brun">Matthias Brun</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
May 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Multi_Party_Computation.html">Multi-Party Computation</a></h5> <br>
by <a href="./authors/aspinall">David Aspinall</a> and <a href="./authors/butler">David Butler</a></div>
<span class="date">
May 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HOL-CSP.html">HOL-CSP Version 2.0</a></h5> <br>
by <a href="./authors/taha">Safouan Taha</a>, <a href="./authors/ye">Lina Ye</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LTL_Master_Theorem.html">A Compositional and Unified Translation of LTL into ω-Automata</a></h5> <br>
by <a href="./authors/seidl">Benedikt Seidl</a> and <a href="./authors/sickert">Salomon Sickert</a></div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Binding_Syntax_Theory.html">A General Theory of Syntax with Bindings</a></h5> <br>
by <a href="./authors/gheri">Lorenzo Gheri</a> and <a href="./authors/popescu">Andrei Popescu</a></div>
<span class="date">
Apr 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Transcendence_Series_Hancl_Rucki.html">The Transcendence of Certain Infinite Series</a></h5> <br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/li">Wenda Li</a></div>
<span class="date">
Mar 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/QHLProver.html">Quantum Hoare Logic</a></h5> <br>
by <a href="./authors/liu">Junyi Liu</a>, <a href="./authors/zhan">Bohua Zhan</a>, <a href="./authors/wang">Shuling Wang</a>, <a href="./authors/ying">Shenggang Ying</a>, <a href="./authors/liut">Tao Liu</a>, <a href="./authors/liy">Yangjia Li</a>, <a href="./authors/yingm">Mingsheng Ying</a> and <a href="./authors/zhann">Naijun Zhan</a></div>
<span class="date">
Mar 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Safe_OCL.html">Safe OCL</a></h5> <br>
by <a href="./authors/nikiforov">Denis Nikiforov</a></div>
<span class="date">
Mar 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Prime_Distribution_Elementary.html">Elementary Facts About the Distribution of Primes</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Kruskal.html">Kruskal&#39;s Algorithm for Minimum Spanning Forest</a></h5> <br>
by <a href="./authors/haslbeckm">Maximilian P. L. Haslbeck</a>, <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/biendarra">Julian Biendarra</a></div>
<span class="date">
Feb 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Probabilistic_Prime_Tests.html">Probabilistic Primality Testing</a></h5> <br>
by <a href="./authors/stuewe">Daniel Stüwe</a> and <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Universal_Turing_Machine.html">Universal Turing Machine</a></h5> <br>
by <a href="./authors/xu">Jian Xu</a>, <a href="./authors/zhangx">Xingyuan Zhang</a>, <a href="./authors/urban">Christian Urban</a>, <a href="./authors/joosten">Sebastiaan J. C. Joosten</a> and <a href="./authors/regensburger">Franz Regensburger</a></div>
<span class="date">
Feb 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/List_Inversions.html">The Inversions of a List</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/UTP.html">Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming</a></h5> <br>
by <a href="./authors/fosters">Simon Foster</a>, <a href="./authors/zeyda">Frank Zeyda</a>, <a href="./authors/nemouchi">Yakoub Nemouchi</a>, <a href="./authors/ribeiro">Pedro Ribeiro</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Farkas.html">Farkas&#39; Lemma and Motzkin&#39;s Transposition Theorem</a></h5> <br>
by <a href="./authors/bottesch">Ralph Bottesch</a>, <a href="./authors/haslbeck">Max W. Haslbeck</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IMP2.html">IMP2 – Simple Program Verification in Isabelle/HOL</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Jan 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Higher_Order_Terms.html">An Algebra for Higher-Order Terms</a></h5> <br>
by <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Jan 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Store_Buffer_Reduction.html">A Reduction Theorem for Store Buffers</a></h5> <br>
by <a href="./authors/cohen">Ernie Cohen</a> and <a href="./authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Jan 07
</span>
</article></div><div>
<h2 class="year">2018</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Core_DOM.html">A Formal Model of the Document Object Model</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Dec 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Concurrent_Revisions.html">Formalization of Concurrent Revisions</a></h5> <br>
by <a href="./authors/overbeek">Roy Overbeek</a></div>
<span class="date">
Dec 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Auto2_Imperative_HOL.html">Verifying Imperative Programs using Auto2</a></h5> <br>
by <a href="./authors/zhan">Bohua Zhan</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Constructive_Cryptography.html">Constructive Cryptography in HOL</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Dec 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Transformer_Semantics.html">Transformer Semantics</a></h5> <br>
by <a href="./authors/struth">Georg Struth</a></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Quantales.html">Quantales</a></h5> <br>
by <a href="./authors/struth">Georg Struth</a></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Order_Lattice_Props.html">Properties of Orderings and Lattices</a></h5> <br>
by <a href="./authors/struth">Georg Struth</a></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Graph_Saturation.html">Graph Saturation</a></h5> <br>
by <a href="./authors/joosten">Sebastiaan J. C. Joosten</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Functional_Ordered_Resolution_Prover.html">A Verified Functional Implementation of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</a></h5> <br>
by <a href="./authors/schlichtkrull">Anders Schlichtkrull</a>, <a href="./authors/blanchette">Jasmin Christian Blanchette</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Auto2_HOL.html">Auto2 Prover</a></h5> <br>
by <a href="./authors/zhan">Bohua Zhan</a></div>
<span class="date">
Nov 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Matroids.html">Matroids</a></h5> <br>
by <a href="./authors/keinholz">Jonas Keinholz</a></div>
<span class="date">
Nov 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Generic_Deriving.html">Deriving generic class instances for datatypes</a></h5> <br>
by <a href="./authors/raedle">Jonas Rädle</a> and <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Nov 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/GewirthPGCProof.html">Formalisation and Evaluation of Alan Gewirth&#39;s Proof for the Principle of Generic Consistency in Isabelle/HOL</a></h5> <br>
by <a href="./authors/fuenmayor">David Fuenmayor</a> and <a href="./authors/benzmueller">Christoph Benzmüller</a></div>
<span class="date">
Oct 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Epistemic_Logic.html">Epistemic Logic: Completeness of Modal Logics</a></h5> <br>
by <a href="./authors/from">Asta Halkjær From</a></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Smooth_Manifolds.html">Smooth Manifolds</a></h5> <br>
by <a href="./authors/immler">Fabian Immler</a> and <a href="./authors/zhan">Bohua Zhan</a></div>
<span class="date">
Oct 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Randomised_BSTs.html">Randomised Binary Search Trees</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lambda_Free_EPO.html">Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms</a></h5> <br>
by <a href="./authors/bentkamp">Alexander Bentkamp</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Factored_Transition_System_Bounding.html">Upper Bounding Diameters of State Spaces of Factored Transition Systems</a></h5> <br>
by <a href="./authors/kurz">Friedrich Kurz</a> and <a href="./authors/abdulaziz">Mohammad Abdulaziz</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pi_Transcendental.html">The Transcendence of π</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Symmetric_Polynomials.html">Symmetric Polynomials</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Signature_Groebner.html">Signature-Based Gröbner Basis Algorithms</a></h5> <br>
by <a href="./authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Prime_Number_Theorem.html">The Prime Number Theorem</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Sep 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Aggregation_Algebras.html">Aggregation Algebras</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Sep 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Octonions.html">Octonions</a></h5> <br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a></div>
<span class="date">
Sep 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Quaternions.html">Quaternions</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Sep 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Budan_Fourier.html">The Budan-Fourier Theorem and Counting Real Roots with Multiplicity</a></h5> <br>
by <a href="./authors/li">Wenda Li</a></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Simplex.html">An Incremental Simplex Algorithm with Unsatisfiable Core Generation</a></h5> <br>
by <a href="./authors/maricf">Filip Marić</a>, <a href="./authors/spasic">Mirko Spasić</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Aug 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Minsky_Machines.html">Minsky Machines</a></h5> <br>
by <a href="./authors/felgenhauer">Bertram Felgenhauer</a></div>
<span class="date">
Aug 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DiscretePricing.html">Pricing in discrete financial models</a></h5> <br>
by <a href="./authors/echenim">Mnacho Echenim</a></div>
<span class="date">
Jul 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Neumann_Morgenstern_Utility.html">Von-Neumann-Morgenstern Utility Theorem</a></h5> <br>
by <a href="./authors/parsert">Julian Parsert</a> and <a href="./authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pell.html">Pell&#39;s Equation</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jun 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Localization_Ring.html">The Localization of a Commutative Ring</a></h5> <br>
by <a href="./authors/bordg">Anthony Bordg</a></div>
<span class="date">
Jun 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Projective_Geometry.html">Projective Geometry</a></h5> <br>
by <a href="./authors/bordg">Anthony Bordg</a></div>
<span class="date">
Jun 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Partial_Order_Reduction.html">Partial Order Reduction</a></h5> <br>
by <a href="./authors/brunner">Julian Brunner</a></div>
<span class="date">
Jun 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Optimal_BST.html">Optimal Binary Search Trees</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a> and <a href="./authors/somogyi">Dániel Somogyi</a></div>
<span class="date">
May 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hidden_Markov_Models.html">Hidden Markov Models</a></h5> <br>
by <a href="./authors/wimmer">Simon Wimmer</a></div>
<span class="date">
May 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Probabilistic_Timed_Automata.html">Probabilistic Timed Automata</a></h5> <br>
by <a href="./authors/wimmer">Simon Wimmer</a> and <a href="./authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Irrationality_J_Hancl.html">Irrational Rapidly Convergent Series</a></h5> <br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/li">Wenda Li</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AxiomaticCategoryTheory.html">Axiom Systems for Category Theory in Free Logic</a></h5> <br>
by <a href="./authors/benzmueller">Christoph Benzmüller</a> and <a href="./authors/scott">Dana Scott</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Monad_Memo_DP.html">Monadification, Memoization and Dynamic Programming</a></h5> <br>
by <a href="./authors/wimmer">Simon Wimmer</a>, <a href="./authors/hu">Shuwei Hu</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/OpSets.html">OpSets: Sequential Specifications for Replicated Datatypes</a></h5> <br>
by <a href="./authors/kleppmann">Martin Kleppmann</a>, <a href="./authors/gomes">Victor B. F. Gomes</a>, <a href="./authors/mulligan">Dominic P. Mulligan</a> and <a href="./authors/beresford">Alastair R. Beresford</a></div>
<span class="date">
May 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Modular_Assembly_Kit_Security.html">An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties</a></h5> <br>
by <a href="./authors/bracevac">Oliver Bračevac</a>, <a href="./authors/gay">Richard Gay</a>, <a href="./authors/grewe">Sylvia Grewe</a>, <a href="./authors/mantel">Heiko Mantel</a>, <a href="./authors/sudbrock">Henning Sudbrock</a> and <a href="./authors/tasch">Markus Tasch</a></div>
<span class="date">
May 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/WebAssembly.html">WebAssembly</a></h5> <br>
by <a href="./authors/watt">Conrad Watt</a></div>
<span class="date">
Apr 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/VerifyThis2018.html">VerifyThis 2018 - Polished Isabelle Solutions</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BNF_CC.html">Bounded Natural Functors with Covariance and Contravariance</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/schneider">Joshua Schneider</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fishburn_Impossibility.html">The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency</a></h5> <br>
by <a href="./authors/brandt">Felix Brandt</a>, <a href="./authors/eberl">Manuel Eberl</a>, <a href="./authors/saile">Christian Saile</a> and <a href="./authors/stricker">Christian Stricker</a></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Weight_Balanced_Trees.html">Weight-Balanced Trees</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a> and <a href="./authors/dirix">Stefan Dirix</a></div>
<span class="date">
Mar 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CakeML.html">CakeML</a></h5> <br>
by <a href="./authors/hupel">Lars Hupel</a> and <a href="./authors/zhang">Yu Zhang</a></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Architectural_Design_Patterns.html">A Theory of Architectural Design Patterns</a></h5> <br>
by <a href="./authors/marmsoler">Diego Marmsoler</a></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hoare_Time.html">Hoare Logics for Time Bounds</a></h5> <br>
by <a href="./authors/haslbeckm">Maximilian P. L. Haslbeck</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Treaps.html">Treaps</a></h5> <br>
by <a href="./authors/haslbeck">Max W. Haslbeck</a>, <a href="./authors/eberl">Manuel Eberl</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Error_Function.html">The Error Function</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/First_Order_Terms.html">First-Order Terms</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LLL_Factorization.html">A verified factorization algorithm for integer polynomials with polynomial complexity</a></h5> <br>
by <a href="./authors/divason">Jose Divasón</a>, <a href="./authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LLL_Basis_Reduction.html">A verified LLL algorithm</a></h5> <br>
by <a href="./authors/bottesch">Ralph Bottesch</a>, <a href="./authors/divason">Jose Divasón</a>, <a href="./authors/haslbeck">Max W. Haslbeck</a>, <a href="./authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Feb 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ordered_Resolution_Prover.html">Formalization of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</a></h5> <br>
by <a href="./authors/schlichtkrull">Anders Schlichtkrull</a>, <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/traytel">Dmitriy Traytel</a> and <a href="./authors/waldmann">Uwe Waldmann</a></div>
<span class="date">
Jan 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gromov_Hyperbolicity.html">Gromov Hyperbolicity</a></h5> <br>
by <a href="./authors/gouezel">Sebastien Gouezel</a></div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Green.html">An Isabelle/HOL formalisation of Green&#39;s Theorem</a></h5> <br>
by <a href="./authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Jan 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Taylor_Models.html">Taylor Models</a></h5> <br>
by <a href="./authors/traut">Christoph Traut</a> and <a href="./authors/immler">Fabian Immler</a></div>
<span class="date">
Jan 08
</span>
</article></div><div>
<h2 class="year">2017</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Falling_Factorial_Sum.html">The Falling Factorial of a Sum</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Median_Of_Medians_Selection.html">The Median-of-Medians Selection Algorithm</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Mason_Stothers.html">The Mason–Stothers Theorem</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dirichlet_L.html">Dirichlet L-Functions and Dirichlet&#39;s Theorem</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BNF_Operations.html">Operations on Bounded Natural Functors</a></h5> <br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Dec 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Knuth_Morris_Pratt.html">The string search algorithm by Knuth, Morris and Pratt</a></h5> <br>
by <a href="./authors/hellauer">Fabian Hellauer</a> and <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Dec 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stochastic_Matrices.html">Stochastic Matrices and the Perron-Frobenius Theorem</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IMAP-CRDT.html">The IMAP CmRDT</a></h5> <br>
by <a href="./authors/jungnickel">Tim Jungnickel</a>, <a href="./authors/oldenburg">Lennart Oldenburg</a> and <a href="./authors/loibl">Matthias Loibl</a></div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hybrid_Multi_Lane_Spatial_Logic.html">Hybrid Multi-Lane Spatial Logic</a></h5> <br>
by <a href="./authors/linker">Sven Linker</a></div>
<span class="date">
Nov 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Kuratowski_Closure_Complement.html">The Kuratowski Closure-Complement Theorem</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a> and <a href="./authors/gioiosa">Gianpaolo Gioiosa</a></div>
<span class="date">
Oct 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Transition_Systems_and_Automata.html">Transition Systems and Automata</a></h5> <br>
by <a href="./authors/brunner">Julian Brunner</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Buchi_Complementation.html">Büchi Complementation</a></h5> <br>
by <a href="./authors/brunner">Julian Brunner</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Winding_Number_Eval.html">Evaluate Winding Numbers through Cauchy Indices</a></h5> <br>
by <a href="./authors/li">Wenda Li</a></div>
<span class="date">
Oct 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Count_Complex_Roots.html">Count the Number of Complex Roots</a></h5> <br>
by <a href="./authors/li">Wenda Li</a></div>
<span class="date">
Oct 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Diophantine_Eqns_Lin_Hom.html">Homogeneous Linear Diophantine Equations</a></h5> <br>
by <a href="./authors/messner">Florian Messner</a>, <a href="./authors/parsert">Julian Parsert</a>, <a href="./authors/schoepf">Jonas Schöpf</a> and <a href="./authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Oct 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Zeta_Function.html">The Hurwitz and Riemann ζ Functions</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Linear_Recurrences.html">Linear Recurrences</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dirichlet_Series.html">Dirichlet Series</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lowe_Ontological_Argument.html">Computer-assisted Reconstruction and Assessment of E. J. Lowe&#39;s Modal Ontological Argument</a></h5> <br>
by <a href="./authors/fuenmayor">David Fuenmayor</a> and <a href="./authors/benzmueller">Christoph Benzmüller</a></div>
<span class="date">
Sep 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PLM.html">Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL</a></h5> <br>
by <a href="./authors/kirchner">Daniel Kirchner</a></div>
<span class="date">
Sep 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AnselmGod.html">Anselm&#39;s God in Isabelle/HOL</a></h5> <br>
by <a href="./authors/blumson">Ben Blumson</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/First_Welfare_Theorem.html">Microeconomics and the First Welfare Theorem</a></h5> <br>
by <a href="./authors/parsert">Julian Parsert</a> and <a href="./authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Root_Balanced_Tree.html">Root-Balanced Tree</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Orbit_Stabiliser.html">Orbit-Stabiliser Theorem with Application to Rotational Symmetries</a></h5> <br>
by <a href="./authors/raedle">Jonas Rädle</a></div>
<span class="date">
Aug 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LambdaMu.html">The LambdaMu-calculus</a></h5> <br>
by <a href="./authors/matache">Cristina Matache</a>, <a href="./authors/gomes">Victor B. F. Gomes</a> and <a href="./authors/mulligan">Dominic P. Mulligan</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stewart_Apollonius.html">Stewart&#39;s Theorem and Apollonius&#39; Theorem</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Jul 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DynamicArchitectures.html">Dynamic Architectures</a></h5> <br>
by <a href="./authors/marmsoler">Diego Marmsoler</a></div>
<span class="date">
Jul 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Decl_Sem_Fun_PL.html">Declarative Semantics for Functional Languages</a></h5> <br>
by <a href="./authors/siek">Jeremy Siek</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HOLCF-Prelude.html">HOLCF-Prelude</a></h5> <br>
by <a href="./authors/breitner">Joachim Breitner</a>, <a href="./authors/huffman">Brian Huffman</a>, <a href="./authors/mitchell">Neil Mitchell</a> and <a href="./authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Jul 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Minkowskis_Theorem.html">Minkowski&#39;s Theorem</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Name_Carrying_Type_Inference.html">Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus</a></h5> <br>
by <a href="./authors/rawson">Michael Rawson</a></div>
<span class="date">
Jul 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CRDT.html">A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes</a></h5> <br>
by <a href="./authors/gomes">Victor B. F. Gomes</a>, <a href="./authors/kleppmann">Martin Kleppmann</a>, <a href="./authors/mulligan">Dominic P. Mulligan</a> and <a href="./authors/beresford">Alastair R. Beresford</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stone_Kleene_Relation_Algebras.html">Stone-Kleene Relation Algebras</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Jul 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Propositional_Proof_Systems.html">Propositional Proof Systems</a></h5> <br>
by <a href="./authors/michaelis">Julius Michaelis</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PSemigroupsConvolution.html">Partial Semigroups and Convolution Algebras</a></h5> <br>
by <a href="./authors/dongol">Brijesh Dongol</a>, <a href="./authors/gomes">Victor B. F. Gomes</a>, <a href="./authors/hayes">Ian J. Hayes</a> and <a href="./authors/struth">Georg Struth</a></div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Buffons_Needle.html">Buffon&#39;s Needle Problem</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jun 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Prpu_Maxflow.html">Formalizing Push-Relabel Algorithms</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Flow_Networks.html">Flow Networks and the Min-Cut-Max-Flow Theorem</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Optics.html">Optics</a></h5> <br>
by <a href="./authors/fosters">Simon Foster</a> and <a href="./authors/zeyda">Frank Zeyda</a></div>
<span class="date">
May 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dict_Construction.html">Dictionary Construction</a></h5> <br>
by <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Security_Protocol_Refinement.html">Developing Security Protocols by Refinement</a></h5> <br>
by <a href="./authors/sprenger">Christoph Sprenger</a> and <a href="./authors/somaini">Ivano Somaini</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Floyd_Warshall.html">The Floyd-Warshall Algorithm for Shortest Paths</a></h5> <br>
by <a href="./authors/wimmer">Simon Wimmer</a> and <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Probabilistic_While.html">Probabilistic while loop</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Monad_Normalisation.html">Monad normalisation</a></h5> <br>
by <a href="./authors/schneider">Joshua Schneider</a>, <a href="./authors/eberl">Manuel Eberl</a> and <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Game_Based_Crypto.html">Game-based cryptography in HOL</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a>, <a href="./authors/sefidgar">S. Reza Sefidgar</a> and <a href="./authors/bhatt">Bhargav Bhatt</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Monomorphic_Monad.html">Effect polymorphism in higher-order logic</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CryptHOL.html">CryptHOL</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MonoidalCategory.html">Monoidal Categories</a></h5> <br>
by <a href="./authors/stark">Eugene W. Stark</a></div>
<span class="date">
May 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Types_Tableaus_and_Goedels_God.html">Types, Tableaus and Gödel’s God in Isabelle/HOL</a></h5> <br>
by <a href="./authors/fuenmayor">David Fuenmayor</a> and <a href="./authors/benzmueller">Christoph Benzmüller</a></div>
<span class="date">
May 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LocalLexing.html">Local Lexing</a></h5> <br>
by <a href="./authors/obua">Steven Obua</a></div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Constructor_Funs.html">Constructor Functions</a></h5> <br>
by <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Apr 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lazy_Case.html">Lazifying case constants</a></h5> <br>
by <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Apr 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Subresultants.html">Subresultants</a></h5> <br>
by <a href="./authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Apr 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Random_BSTs.html">Expected Shape of Random Binary Search Trees</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Quick_Sort_Cost.html">The number of comparisons in QuickSort</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Comparison_Sort_Lower_Bound.html">Lower bound on comparison-based sorting algorithms</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Euler_MacLaurin.html">The Euler–MacLaurin Formula</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Elliptic_Curves_Group_Law.html">The Group Law for Elliptic Curves</a></h5> <br>
by <a href="./authors/berghofer">Stefan Berghofer</a></div>
<span class="date">
Feb 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Menger.html">Menger&#39;s Theorem</a></h5> <br>
by <a href="./authors/dittmann">Christoph Dittmann</a></div>
<span class="date">
Feb 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Differential_Dynamic_Logic.html">Differential Dynamic Logic</a></h5> <br>
by <a href="./authors/bohrer">Rose Bohrer</a></div>
<span class="date">
Feb 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Abstract_Soundness.html">Abstract Soundness</a></h5> <br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Feb 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stone_Relation_Algebras.html">Stone Relation Algebras</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Feb 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Key_Agreement_Strong_Adversaries.html">Refining Authenticated Key Agreement with Strong Adversaries</a></h5> <br>
by <a href="./authors/lallemand">Joseph Lallemand</a> and <a href="./authors/sprenger">Christoph Sprenger</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Bernoulli.html">Bernoulli Numbers</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a> and <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Minimal_SSA.html">Minimal Static Single Assignment Form</a></h5> <br>
by <a href="./authors/wagner">Max Wagner</a> and <a href="./authors/lohner">Denis Lohner</a></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Bertrands_Postulate.html">Bertrand&#39;s postulate</a></h5> <br>
by <a href="./authors/biendarra">Julian Biendarra</a> and <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/E_Transcendental.html">The Transcendence of e</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/UPF_Firewall.html">Formal Network Models and Their Application to Firewall Policies</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a>, <a href="./authors/bruegger">Lukas Brügger</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Jan 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Password_Authentication_Protocol.html">Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Jan 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FOL_Harrison.html">First-Order Logic According to Harrison</a></h5> <br>
by <a href="./authors/jensen">Alexander Birch Jensen</a>, <a href="./authors/schlichtkrull">Anders Schlichtkrull</a> and <a href="./authors/villadsen">Jørgen Villadsen</a></div>
<span class="date">
Jan 01
</span>
</article></div><div>
<h2 class="year">2016</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Concurrent_Ref_Alg.html">Concurrent Refinement Algebra and Rely Quotients</a></h5> <br>
by <a href="./authors/fell">Julian Fell</a>, <a href="./authors/hayes">Ian J. Hayes</a> and <a href="./authors/velykis">Andrius Velykis</a></div>
<span class="date">
Dec 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Twelvefold_Way.html">The Twelvefold Way</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Dec 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Proof_Strategy_Language.html">Proof Strategy Language</a></h5> <br>
by <a href="./authors/nagashima">Yutaka Nagashima</a></div>
<span class="date">
Dec 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Paraconsistency.html">Paraconsistency</a></h5> <br>
by <a href="./authors/schlichtkrull">Anders Schlichtkrull</a> and <a href="./authors/villadsen">Jørgen Villadsen</a></div>
<span class="date">
Dec 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Complx.html">COMPLX: A Verification Framework for Concurrent Imperative Programs</a></h5> <br>
by <a href="./authors/amani">Sidney Amani</a>, <a href="./authors/andronick">June Andronick</a>, <a href="./authors/bortin">Maksym Bortin</a>, <a href="./authors/lewis">Corey Lewis</a>, <a href="./authors/rizkallah">Christine Rizkallah</a> and <a href="./authors/tuongj">Joseph Tuong</a></div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Abs_Int_ITP2012.html">Abstract Interpretation of Annotated Commands</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Separata.html">Separata: Isabelle tactics for Separation Algebra</a></h5> <br>
by <a href="./authors/hou">Zhe Hou</a>, <a href="./authors/sanan">David Sanan</a>, <a href="./authors/tiu">Alwen Tiu</a>, <a href="./authors/gore">Rajeev Gore</a> and <a href="./authors/clouston">Ranald Clouston</a></div>
<span class="date">
Nov 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Nested_Multisets_Ordinals.html">Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals</a></h5> <br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/fleury">Mathias Fleury</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Nov 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lambda_Free_KBOs.html">Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms</a></h5> <br>
by <a href="./authors/becker">Heiko Becker</a>, <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/waldmann">Uwe Waldmann</a> and <a href="./authors/wand">Daniel Wand</a></div>
<span class="date">
Nov 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Deep_Learning.html">Expressiveness of Deep Learning</a></h5> <br>
by <a href="./authors/bentkamp">Alexander Bentkamp</a></div>
<span class="date">
Nov 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Modal_Logics_for_NTS.html">Modal Logics for Nominal Transition Systems</a></h5> <br>
by <a href="./authors/weber">Tjark Weber</a>, <a href="./authors/eriksson">Lars-Henrik Eriksson</a>, <a href="./authors/parrow">Joachim Parrow</a>, <a href="./authors/borgstroem">Johannes Borgström</a> and <a href="./authors/gutkovas">Ramunas Gutkovas</a></div>
<span class="date">
Oct 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stable_Matching.html">Stable Matching</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a></div>
<span class="date">
Oct 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LOFT.html">LOFT — Verified Migration of Linux Firewalls to SDN</a></h5> <br>
by <a href="./authors/michaelis">Julius Michaelis</a> and <a href="./authors/diekmann">Cornelius Diekmann</a></div>
<span class="date">
Oct 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Source_Coding_Theorem.html">Source Coding Theorem</a></h5> <br>
by <a href="./authors/hibon">Quentin Hibon</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SPARCv8.html">A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor</a></h5> <br>
by <a href="./authors/hou">Zhe Hou</a>, <a href="./authors/sanan">David Sanan</a>, <a href="./authors/tiu">Alwen Tiu</a> and <a href="./authors/liuy">Yang Liu</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Berlekamp_Zassenhaus.html">The Factorization Algorithm of Berlekamp and Zassenhaus</a></h5> <br>
by <a href="./authors/divason">Jose Divasón</a>, <a href="./authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Oct 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Chord_Segments.html">Intersecting Chords Theorem</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Oct 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lp.html">Lp spaces</a></h5> <br>
by <a href="./authors/gouezel">Sebastien Gouezel</a></div>
<span class="date">
Oct 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fisher_Yates.html">Fisher–Yates shuffle</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Allen_Calculus.html">Allen&#39;s Interval Calculus</a></h5> <br>
by <a href="./authors/ghourabi">Fadoua Ghourabi</a></div>
<span class="date">
Sep 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lambda_Free_RPOs.html">Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms</a></h5> <br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/waldmann">Uwe Waldmann</a> and <a href="./authors/wand">Daniel Wand</a></div>
<span class="date">
Sep 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Iptables_Semantics.html">Iptables Semantics</a></h5> <br>
by <a href="./authors/diekmann">Cornelius Diekmann</a> and <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stone_Algebras.html">Stone Algebras</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SuperCalc.html">A Variant of the Superposition Calculus</a></h5> <br>
by <a href="./authors/peltier">Nicolas Peltier</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stirling_Formula.html">Stirling&#39;s formula</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Routing.html">Routing</a></h5> <br>
by <a href="./authors/michaelis">Julius Michaelis</a> and <a href="./authors/diekmann">Cornelius Diekmann</a></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Simple_Firewall.html">Simple Firewall</a></h5> <br>
by <a href="./authors/diekmann">Cornelius Diekmann</a>, <a href="./authors/michaelis">Julius Michaelis</a> and <a href="./authors/haslbeck">Max W. Haslbeck</a></div>
<span class="date">
Aug 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/InfPathElimination.html">Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths</a></h5> <br>
by <a href="./authors/aissat">Romain Aissat</a>, <a href="./authors/voisin">Frederic Voisin</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Aug 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/EdmondsKarp_Maxflow.html">Formalizing the Edmonds-Karp Algorithm</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Refine_Imperative_HOL.html">The Imperative Refinement Framework</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ptolemys_Theorem.html">Ptolemy&#39;s Theorem</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Aug 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Surprise_Paradox.html">Surprise Paradox</a></h5> <br>
by <a href="./authors/breitner">Joachim Breitner</a></div>
<span class="date">
Jul 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pairing_Heap.html">Pairing Heap</a></h5> <br>
by <a href="./authors/brinkop">Hauke Brinkop</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jul 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DFS_Framework.html">A Framework for Verifying Depth-First Search Algorithms</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/neumann">René Neumann</a></div>
<span class="date">
Jul 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Buildings.html">Chamber Complexes, Coxeter Systems, and Buildings</a></h5> <br>
by <a href="./authors/sylvestre">Jeremy Sylvestre</a></div>
<span class="date">
Jul 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Rewriting_Z.html">The Z Property</a></h5> <br>
by <a href="./authors/felgenhauer">Bertram Felgenhauer</a>, <a href="./authors/nagele">Julian Nagele</a>, <a href="./authors/oostrom">Vincent van Oostrom</a> and <a href="./authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Jun 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Resolution_FOL.html">The Resolution Calculus for First-Order Logic</a></h5> <br>
by <a href="./authors/schlichtkrull">Anders Schlichtkrull</a></div>
<span class="date">
Jun 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IP_Addresses.html">IP Addresses</a></h5> <br>
by <a href="./authors/diekmann">Cornelius Diekmann</a>, <a href="./authors/michaelis">Julius Michaelis</a> and <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Jun 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dependent_SIFUM_Refinement.html">Compositional Security-Preserving Refinement for Concurrent Imperative Programs</a></h5> <br>
by <a href="./authors/murray">Toby Murray</a>, <a href="./authors/sison">Robert Sison</a>, <a href="./authors/pierzchalski">Edward Pierzchalski</a> and <a href="./authors/rizkallah">Christine Rizkallah</a></div>
<span class="date">
Jun 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Category3.html">Category Theory with Adjunctions and Limits</a></h5> <br>
by <a href="./authors/stark">Eugene W. Stark</a></div>
<span class="date">
Jun 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Card_Multisets.html">Cardinality of Multisets</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Jun 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dependent_SIFUM_Type_Systems.html">A Dependent Security Type System for Concurrent Imperative Programs</a></h5> <br>
by <a href="./authors/murray">Toby Murray</a>, <a href="./authors/sison">Robert Sison</a>, <a href="./authors/pierzchalski">Edward Pierzchalski</a> and <a href="./authors/rizkallah">Christine Rizkallah</a></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Catalan_Numbers.html">Catalan Numbers</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jun 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Algebraic_VCs.html">Program Construction and Verification Components Based on Kleene Algebra</a></h5> <br>
by <a href="./authors/gomes">Victor B. F. Gomes</a> and <a href="./authors/struth">Georg Struth</a></div>
<span class="date">
Jun 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Noninterference_Concurrent_Composition.html">Conservation of CSP Noninterference Security under Concurrent Composition</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Word_Lib.html">Finite Machine Word Library</a></h5> <br>
by <a href="./authors/beeren">Joel Beeren</a>, <a href="./authors/fernandez">Matthew Fernandez</a>, <a href="./authors/gao">Xin Gao</a>, <a href="./authors/klein">Gerwin Klein</a>, <a href="./authors/kolanski">Rafal Kolanski</a>, <a href="./authors/lim">Japheth Lim</a>, <a href="./authors/lewis">Corey Lewis</a>, <a href="./authors/matichuk">Daniel Matichuk</a> and <a href="./authors/sewell">Thomas Sewell</a></div>
<span class="date">
Jun 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Tree_Decomposition.html">Tree Decomposition</a></h5> <br>
by <a href="./authors/dittmann">Christoph Dittmann</a></div>
<span class="date">
May 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Posix-Lexing.html">POSIX Lexing with Derivatives of Regular Expressions</a></h5> <br>
by <a href="./authors/ausaf">Fahad Ausaf</a>, <a href="./authors/dyckhoff">Roy Dyckhoff</a> and <a href="./authors/urban">Christian Urban</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Card_Equiv_Relations.html">Cardinality of Equivalence Relations</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Incredible_Proof_Machine.html">The meta theory of the Incredible Proof Machine</a></h5> <br>
by <a href="./authors/breitner">Joachim Breitner</a> and <a href="./authors/lohner">Denis Lohner</a></div>
<span class="date">
May 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Perron_Frobenius.html">Perron-Frobenius Theorem for Spectral Radius Analysis</a></h5> <br>
by <a href="./authors/divason">Jose Divasón</a>, <a href="./authors/kuncar">Ondřej Kunčar</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a></div>
<span class="date">
May 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FLP.html">A Constructive Proof for FLP</a></h5> <br>
by <a href="./authors/bisping">Benjamin Bisping</a>, <a href="./authors/brodmann">Paul-David Brodmann</a>, <a href="./authors/jungnickel">Tim Jungnickel</a>, <a href="./authors/rickmann">Christina Rickmann</a>, <a href="./authors/seidler">Henning Seidler</a>, <a href="./authors/stueber">Anke Stüber</a>, <a href="./authors/weidner">Arno Wilhelm-Weidner</a>, <a href="./authors/peters">Kirstin Peters</a> and <a href="./authors/nestmann">Uwe Nestmann</a></div>
<span class="date">
May 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MFMC_Countable.html">A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Randomised_Social_Choice.html">Randomised Social Choice Theory</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SDS_Impossibility.html">The Incompatibility of SD-Efficiency and SD-Strategy-Proofness</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
May 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Bell_Numbers_Spivey.html">Spivey&#39;s Generalized Recurrence for Bell Numbers</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
May 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Groebner_Bases.html">Gröbner Bases Theory</a></h5> <br>
by <a href="./authors/immler">Fabian Immler</a> and <a href="./authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/No_FTL_observers.html">No Faster-Than-Light Observers</a></h5> <br>
by <a href="./authors/stannett">Mike Stannett</a> and <a href="./authors/nemeti">István Németi</a></div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ROBDD.html">Algorithms for Reduced Ordered Binary Decision Diagrams</a></h5> <br>
by <a href="./authors/michaelis">Julius Michaelis</a>, <a href="./authors/haslbeck">Max W. Haslbeck</a>, <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CYK.html">A formalisation of the Cocke-Younger-Kasami algorithm</a></h5> <br>
by <a href="./authors/bortin">Maksym Bortin</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Noninterference_Sequential_Composition.html">Conservation of CSP Noninterference Security under Sequential Composition</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/KAD.html">Kleene Algebras with Domain</a></h5> <br>
by <a href="./authors/gomes">Victor B. F. Gomes</a>, <a href="./authors/guttmann">Walter Guttmann</a>, <a href="./authors/hoefner">Peter Höfner</a>, <a href="./authors/struth">Georg Struth</a> and <a href="./authors/weber">Tjark Weber</a></div>
<span class="date">
Apr 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PropResPI.html">Propositional Resolution and Prime Implicates Generation</a></h5> <br>
by <a href="./authors/peltier">Nicolas Peltier</a></div>
<span class="date">
Mar 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Timed_Automata.html">Timed Automata</a></h5> <br>
by <a href="./authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Mar 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Cartan_FP.html">The Cartan Fixed Point Theorems</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Mar 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LTL.html">Linear Temporal Logic</a></h5> <br>
by <a href="./authors/sickert">Salomon Sickert</a></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/List_Update.html">Analysis of List Update Algorithms</a></h5> <br>
by <a href="./authors/haslbeckm">Maximilian P. L. Haslbeck</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Formal_SSA.html">Verified Construction of Static Single Assignment Form</a></h5> <br>
by <a href="./authors/ullrich">Sebastian Ullrich</a> and <a href="./authors/lohner">Denis Lohner</a></div>
<span class="date">
Feb 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Polynomial_Interpolation.html">Polynomial Interpolation</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Polynomial_Factorization.html">Polynomial Factorization</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Knot_Theory.html">Knot Theory</a></h5> <br>
by <a href="./authors/prathamesh">T.V.H. Prathamesh</a></div>
<span class="date">
Jan 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Matrix_Tensor.html">Tensor Product of Matrices</a></h5> <br>
by <a href="./authors/prathamesh">T.V.H. Prathamesh</a></div>
<span class="date">
Jan 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Card_Number_Partitions.html">Cardinality of Number Partitions</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Jan 14
</span>
</article></div><div>
<h2 class="year">2015</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Prime_Harmonic_Series.html">The Divergence of the Prime Harmonic Series</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Liouville_Numbers.html">Liouville numbers</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Descartes_Sign_Rule.html">Descartes&#39; Rule of Signs</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Triangle.html">Basic Geometric Properties of Triangles</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stern_Brocot.html">The Stern-Brocot Tree</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a> and <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Applicative_Lifting.html">Applicative Lifting</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/schneider">Joshua Schneider</a></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Algebraic_Numbers.html">Algebraic Numbers in Isabelle/HOL</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a>, <a href="./authors/yamada">Akihisa Yamada</a> and <a href="./authors/joosten">Sebastiaan J. C. Joosten</a></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Card_Partitions.html">Cardinality of Set Partitions</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Dec 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Latin_Square.html">Latin Square</a></h5> <br>
by <a href="./authors/bentkamp">Alexander Bentkamp</a></div>
<span class="date">
Dec 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ergodic_Theory.html">Ergodic Theory</a></h5> <br>
by <a href="./authors/gouezel">Sebastien Gouezel</a></div>
<span class="date">
Dec 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Euler_Partition.html">Euler&#39;s Partition Theorem</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/TortoiseHare.html">The Tortoise and Hare Algorithm</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a></div>
<span class="date">
Nov 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Planarity_Certificates.html">Planarity Certificates</a></h5> <br>
by <a href="./authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Parity_Game.html">Positional Determinacy of Parity Games</a></h5> <br>
by <a href="./authors/dittmann">Christoph Dittmann</a></div>
<span class="date">
Nov 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Isabelle_Meta_Model.html">A Meta-Model for the Isabelle API</a></h5> <br>
by <a href="./authors/tuong">Frédéric Tuong</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LTL_to_DRA.html">Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata</a></h5> <br>
by <a href="./authors/sickert">Salomon Sickert</a></div>
<span class="date">
Sep 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Jordan_Normal_Form.html">Matrices, Jordan Normal Forms, and Spectral Radius Theory</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Aug 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Decreasing-Diagrams-II.html">Decreasing Diagrams II</a></h5> <br>
by <a href="./authors/felgenhauer">Bertram Felgenhauer</a></div>
<span class="date">
Aug 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Noninterference_Inductive_Unwinding.html">The Inductive Unwinding Theorem for CSP Noninterference Security</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Aug 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Rep_Fin_Groups.html">Representations of Finite Groups</a></h5> <br>
by <a href="./authors/sylvestre">Jeremy Sylvestre</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Encodability_Process_Calculi.html">Analysing and Comparing Encodability Criteria for Process Calculi</a></h5> <br>
by <a href="./authors/peters">Kirstin Peters</a> and <a href="./authors/glabbeek">Rob van Glabbeek</a></div>
<span class="date">
Aug 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Case_Labeling.html">Generating Cases from Labeled Subgoals</a></h5> <br>
by <a href="./authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Akra_Bazzi.html">The Akra-Bazzi theorem and the Master theorem</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Landau_Symbols.html">Landau Symbols</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hermite.html">Hermite Normal Form</a></h5> <br>
by <a href="./authors/divason">Jose Divasón</a> and <a href="./authors/aransay">Jesús Aransay</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Derangements.html">Derangements Formula</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Jun 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Noninterference_Ipurge_Unwinding.html">The Ipurge Unwinding Theorem for CSP Noninterference Security</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Noninterference_Generic_Unwinding.html">The Generic Unwinding Theorem for CSP Noninterference Security</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/List_Interleaving.html">Reasoning about Lists via List Interleaving</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Multirelations.html">Binary Multirelations</a></h5> <br>
by <a href="./authors/furusawa">Hitoshi Furusawa</a> and <a href="./authors/struth">Georg Struth</a></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dynamic_Tables.html">Parameterized Dynamic Tables</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Formula_Derivatives.html">Derivatives of Logical Formulas</a></h5> <br>
by <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Probabilistic_System_Zoo.html">A Zoo of Probabilistic Systems</a></h5> <br>
by <a href="./authors/hoelzl">Johannes Hölzl</a>, <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
May 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Vickrey_Clarke_Groves.html">VCG - Combinatorial Vickrey-Clarke-Groves Auctions</a></h5> <br>
by <a href="./authors/caminati">Marco B. Caminati</a>, <a href="./authors/kerber">Manfred Kerber</a>, <a href="./authors/lange">Christoph Lange</a> and <a href="./authors/rowat">Colin Rowat</a></div>
<span class="date">
Apr 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Residuated_Lattices.html">Residuated Lattices</a></h5> <br>
by <a href="./authors/gomes">Victor B. F. Gomes</a> and <a href="./authors/struth">Georg Struth</a></div>
<span class="date">
Apr 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ConcurrentGC.html">Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a>, <a href="./authors/hosking">Tony Hosking</a> and <a href="./authors/engelhardt">Kai Engelhardt</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ConcurrentIMP.html">Concurrent IMP</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Trie.html">Trie</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Mar 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Consensus_Refined.html">Consensus Refined</a></h5> <br>
by <a href="./authors/maric">Ognjen Marić</a> and <a href="./authors/sprenger">Christoph Sprenger</a></div>
<span class="date">
Mar 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Deriving.html">Deriving class instances for datatypes</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Mar 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Call_Arity.html">The Safety of Call Arity</a></h5> <br>
by <a href="./authors/breitner">Joachim Breitner</a></div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/QR_Decomposition.html">QR Decomposition</a></h5> <br>
by <a href="./authors/divason">Jose Divasón</a> and <a href="./authors/aransay">Jesús Aransay</a></div>
<span class="date">
Feb 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Echelon_Form.html">Echelon Form</a></h5> <br>
by <a href="./authors/divason">Jose Divasón</a> and <a href="./authors/aransay">Jesús Aransay</a></div>
<span class="date">
Feb 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Finite_Automata_HF.html">Finite Automata in Hereditarily Finite Set Theory</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Feb 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/UpDown_Scheme.html">Verification of the UpDown Scheme</a></h5> <br>
by <a href="./authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
Jan 28
</span>
</article></div><div>
<h2 class="year">2014</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/UPF.html">The Unified Policy Framework (UPF)</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a>, <a href="./authors/bruegger">Lukas Brügger</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Nov 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AODV.html">Loop freedom of the (untimed) AODV routing protocol</a></h5> <br>
by <a href="./authors/bourke">Timothy Bourke</a> and <a href="./authors/hoefner">Peter Höfner</a></div>
<span class="date">
Oct 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lifting_Definition_Option.html">Lifting Definition Option</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Oct 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stream_Fusion_Code.html">Stream Fusion in HOL with Code Generation</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/maximova">Alexandra Maximova</a></div>
<span class="date">
Oct 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Density_Compiler.html">A Verified Compiler for Probability Density Functions</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a>, <a href="./authors/hoelzl">Johannes Hölzl</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Oct 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/RefinementReactive.html">Formalization of Refinement Calculus for Reactive Systems</a></h5> <br>
by <a href="./authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Oct 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/XML.html">XML</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Oct 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Certification_Monads.html">Certification Monads</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Oct 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Imperative_Insertion_Sort.html">Imperative Insertion Sort</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Sep 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sturm_Tarski.html">The Sturm-Tarski Theorem</a></h5> <br>
by <a href="./authors/li">Wenda Li</a></div>
<span class="date">
Sep 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Cayley_Hamilton.html">The Cayley-Hamilton Theorem</a></h5> <br>
by <a href="./authors/adelsberger">Stephan Adelsberger</a>, <a href="./authors/hetzl">Stefan Hetzl</a> and <a href="./authors/pollak">Florian Pollak</a></div>
<span class="date">
Sep 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Jordan_Hoelder.html">The Jordan-Hölder Theorem</a></h5> <br>
by <a href="./authors/raumer">Jakob von Raumer</a></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Priority_Queue_Braun.html">Priority Queues Based on Braun Trees</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Sep 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gauss_Jordan.html">Gauss-Jordan Algorithm and Its Applications</a></h5> <br>
by <a href="./authors/divason">Jose Divasón</a> and <a href="./authors/aransay">Jesús Aransay</a></div>
<span class="date">
Sep 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/VectorSpace.html">Vector Spaces</a></h5> <br>
by <a href="./authors/lee">Holden Lee</a></div>
<span class="date">
Aug 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Special_Function_Bounds.html">Real-Valued Special Functions: Upper and Lower Bounds</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Aug 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Skew_Heap.html">Skew Heap</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Splay_Tree.html">Splay Tree</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Show.html">Haskell&#39;s Show Class in Isabelle/HOL</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Jul 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CISC-Kernel.html">Formal Specification of a Generic Separation Kernel</a></h5> <br>
by <a href="./authors/verbeek">Freek Verbeek</a>, <a href="./authors/tverdyshev">Sergey Tverdyshev</a>, <a href="./authors/havle">Oto Havle</a>, <a href="./authors/blasum">Holger Blasum</a>, <a href="./authors/langenstein">Bruno Langenstein</a>, <a href="./authors/stephan">Werner Stephan</a>, <a href="./authors/nemouchi">Yakoub Nemouchi</a>, <a href="./authors/feliachi">Abderrahmane Feliachi</a>, <a href="./authors/wolff">Burkhart Wolff</a> and <a href="./authors/schmaltz">Julien Schmaltz</a></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/pGCL.html">pGCL for Isabelle</a></h5> <br>
by <a href="./authors/cock">David Cock</a></div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Amortized_Complexity.html">Amortized Complexity Verified</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Network_Security_Policy_Verification.html">Network Security Policy Verification</a></h5> <br>
by <a href="./authors/diekmann">Cornelius Diekmann</a></div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pop_Refinement.html">Pop-Refinement</a></h5> <br>
by <a href="./authors/coglio">Alessandro Coglio</a></div>
<span class="date">
Jul 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MSO_Regex_Equivalence.html">Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</a></h5> <br>
by <a href="./authors/traytel">Dmitriy Traytel</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Boolean_Expression_Checkers.html">Boolean Expression Checkers</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gabow_SCC.html">Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CAVA_Automata.html">The CAVA Automata Library</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Promela.html">Promela Formalization</a></h5> <br>
by <a href="./authors/neumann">René Neumann</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LTL_to_GBA.html">Converting Linear-Time Temporal Logic to Generalized Büchi Automata</a></h5> <br>
by <a href="./authors/schimpf">Alexander Schimpf</a> and <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CAVA_LTL_Modelchecker.html">A Fully Verified Executable LTL Model Checker</a></h5> <br>
by <a href="./authors/esparza">Javier Esparza</a>, <a href="./authors/lammich">Peter Lammich</a>, <a href="./authors/neumann">René Neumann</a>, <a href="./authors/nipkow">Tobias Nipkow</a>, <a href="./authors/schimpf">Alexander Schimpf</a> and <a href="./authors/smaus">Jan-Georg Smaus</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Roy_Floyd_Warshall.html">Transitive closure according to Roy-Floyd-Warshall</a></h5> <br>
by <a href="./authors/wenzel">Makarius Wenzel</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Noninterference_CSP.html">Noninterference Security in Communicating Sequential Processes</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Regular_Algebras.html">Regular Algebras</a></h5> <br>
by <a href="./authors/fosters">Simon Foster</a> and <a href="./authors/struth">Georg Struth</a></div>
<span class="date">
May 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ComponentDependencies.html">Formalisation and Analysis of Component Dependencies</a></h5> <br>
by <a href="./authors/spichkova">Maria Spichkova</a></div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Strong_Security.html">A Formalization of Strong Security</a></h5> <br>
by <a href="./authors/grewe">Sylvia Grewe</a>, <a href="./authors/lux">Alexander Lux</a>, <a href="./authors/mantel">Heiko Mantel</a> and <a href="./authors/sauer">Jens Sauer</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/WHATandWHERE_Security.html">A Formalization of Declassification with WHAT-and-WHERE-Security</a></h5> <br>
by <a href="./authors/grewe">Sylvia Grewe</a>, <a href="./authors/lux">Alexander Lux</a>, <a href="./authors/mantel">Heiko Mantel</a> and <a href="./authors/sauer">Jens Sauer</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SIFUM_Type_Systems.html">A Formalization of Assumptions and Guarantees for Compositional Noninterference</a></h5> <br>
by <a href="./authors/grewe">Sylvia Grewe</a>, <a href="./authors/mantel">Heiko Mantel</a> and <a href="./authors/schoepe">Daniel Schoepe</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Bounded_Deducibility_Security.html">Bounded-Deducibility Security</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a>, <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/bauereiss">Thomas Bauereiss</a></div>
<span class="date">
Apr 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Abstract_Completeness.html">Abstract Completeness</a></h5> <br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HyperCTL.html">A shallow embedding of HyperCTL*</a></h5> <br>
by <a href="./authors/rabe">Markus N. Rabe</a>, <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/popescu">Andrei Popescu</a></div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Discrete_Summation.html">Discrete Summation</a></h5> <br>
by <a href="./authors/haftmann">Florian Haftmann</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/GPU_Kernel_PL.html">Syntax and semantics of a GPU kernel programming language</a></h5> <br>
by <a href="./authors/wickerson">John Wickerson</a></div>
<span class="date">
Apr 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Probabilistic_Noninterference.html">Probabilistic Noninterference</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
Mar 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AWN.html">Mechanization of the Algebra for Wireless Networks (AWN)</a></h5> <br>
by <a href="./authors/bourke">Timothy Bourke</a></div>
<span class="date">
Mar 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Partial_Function_MR.html">Mutually Recursive Partial Functions</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Random_Graph_Subgraph_Threshold.html">Properties of Random Graphs -- Subgraph Containment</a></h5> <br>
by <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Feb 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Selection_Heap_Sort.html">Verification of Selection and Heap Sort Using Locales</a></h5> <br>
by <a href="./authors/petrovic">Danijela Petrovic</a></div>
<span class="date">
Feb 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Affine_Arithmetic.html">Affine Arithmetic</a></h5> <br>
by <a href="./authors/immler">Fabian Immler</a></div>
<span class="date">
Feb 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Real_Impl.html">Implementing field extensions of the form Q[sqrt(b)]</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Regex_Equivalence.html">Unified Decision Procedures for Regular Expression Equivalence</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Secondary_Sylow.html">Secondary Sylow Theorems</a></h5> <br>
by <a href="./authors/raumer">Jakob von Raumer</a></div>
<span class="date">
Jan 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relation_Algebra.html">Relation Algebra</a></h5> <br>
by <a href="./authors/armstrong">Alasdair Armstrong</a>, <a href="./authors/fosters">Simon Foster</a>, <a href="./authors/struth">Georg Struth</a> and <a href="./authors/weber">Tjark Weber</a></div>
<span class="date">
Jan 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/KAT_and_DRA.html">Kleene Algebra with Tests and Demonic Refinement Algebras</a></h5> <br>
by <a href="./authors/armstrong">Alasdair Armstrong</a>, <a href="./authors/gomes">Victor B. F. Gomes</a> and <a href="./authors/struth">Georg Struth</a></div>
<span class="date">
Jan 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Featherweight_OCL.html">Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a>, <a href="./authors/tuong">Frédéric Tuong</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sturm_Sequences.html">Sturm&#39;s Theorem</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CryptoBasedCompositionalProperties.html">Compositional Properties of Crypto-Based Components</a></h5> <br>
by <a href="./authors/spichkova">Maria Spichkova</a></div>
<span class="date">
Jan 11
</span>
</article></div><div>
<h2 class="year">2013</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Tail_Recursive_Functions.html">A General Method for the Proof of Theorems on Tail-recursive Functions</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Dec 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HereditarilyFinite.html">The Hereditarily Finite Sets</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Nov 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Incompleteness.html">Gödel&#39;s Incompleteness Theorems</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Nov 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Coinductive_Languages.html">A Codatatype of Formal Languages</a></h5> <br>
by <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Nov 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FocusStreamsCaseStudies.html">Stream Processing Components: Isabelle/HOL Formalisation and Case Studies</a></h5> <br>
by <a href="./authors/spichkova">Maria Spichkova</a></div>
<span class="date">
Nov 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/GoedelGod.html">Gödel&#39;s God in Isabelle/HOL</a></h5> <br>
by <a href="./authors/benzmueller">Christoph Benzmüller</a> and <a href="./authors/paleo">Bruno Woltzenlogel Paleo</a></div>
<span class="date">
Nov 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Decreasing-Diagrams.html">Decreasing Diagrams</a></h5> <br>
by <a href="./authors/zankl">Harald Zankl</a></div>
<span class="date">
Nov 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Automatic_Refinement.html">Automatic Data Refinement</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Oct 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Native_Word.html">Native Word</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Sep 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IEEE_Floating_Point.html">A Formal Model of IEEE Floating Point Arithmetic</a></h5> <br>
by <a href="./authors/yu">Lei Yu</a></div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pratt_Certificate.html">Pratt&#39;s Primality Certificates</a></h5> <br>
by <a href="./authors/wimmer">Simon Wimmer</a> and <a href="./authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Jul 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lehmer.html">Lehmer&#39;s Theorem</a></h5> <br>
by <a href="./authors/wimmer">Simon Wimmer</a> and <a href="./authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Jul 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Koenigsberg_Friendship.html">The Königsberg Bridge Problem and the Friendship Theorem</a></h5> <br>
by <a href="./authors/li">Wenda Li</a></div>
<span class="date">
Jul 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sort_Encodings.html">Sound and Complete Sort Encodings for First-Order Logic</a></h5> <br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a> and <a href="./authors/popescu">Andrei Popescu</a></div>
<span class="date">
Jun 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ShortestPath.html">An Axiomatic Characterization of the Single-Source Shortest Path Problem</a></h5> <br>
by <a href="./authors/rizkallah">Christine Rizkallah</a></div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Graph_Theory.html">Graph Theory</a></h5> <br>
by <a href="./authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Containers.html">Light-weight Containers</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Apr 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Nominal2.html">Nominal 2</a></h5> <br>
by <a href="./authors/urban">Christian Urban</a>, <a href="./authors/berghofer">Stefan Berghofer</a> and <a href="./authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Feb 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Launchbury.html">The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</a></h5> <br>
by <a href="./authors/breitner">Joachim Breitner</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ribbon_Proofs.html">Ribbon Proofs</a></h5> <br>
by <a href="./authors/wickerson">John Wickerson</a></div>
<span class="date">
Jan 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Rank_Nullity_Theorem.html">Rank-Nullity Theorem in Linear Algebra</a></h5> <br>
by <a href="./authors/divason">Jose Divasón</a> and <a href="./authors/aransay">Jesús Aransay</a></div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Kleene_Algebra.html">Kleene Algebra</a></h5> <br>
by <a href="./authors/armstrong">Alasdair Armstrong</a>, <a href="./authors/struth">Georg Struth</a> and <a href="./authors/weber">Tjark Weber</a></div>
<span class="date">
Jan 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sqrt_Babylonian.html">Computing N-th Roots using the Babylonian Method</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Jan 03
</span>
</article></div><div>
<h2 class="year">2012</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Separation_Logic_Imperative_HOL.html">A Separation Logic Framework for Imperative HOL</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/meis">Rene Meis</a></div>
<span class="date">
Nov 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Open_Induction.html">Open Induction</a></h5> <br>
by <a href="./authors/ogawa">Mizuhito Ogawa</a> and <a href="./authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Nov 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Tarskis_Geometry.html">The independence of Tarski&#39;s Euclidean axiom</a></h5> <br>
by <a href="./authors/makarios">T. J. M. Makarios</a></div>
<span class="date">
Oct 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Bondy.html">Bondy&#39;s Theorem</a></h5> <br>
by <a href="./authors/avigad">Jeremy Avigad</a> and <a href="./authors/hetzl">Stefan Hetzl</a></div>
<span class="date">
Oct 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Possibilistic_Noninterference.html">Possibilistic Noninterference</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Datatype_Order_Generator.html">Generating linear orders for datatypes</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Aug 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Impossible_Geometry.html">Proving the Impossibility of Trisecting an Angle and Doubling the Cube</a></h5> <br>
by <a href="./authors/romanos">Ralph Romanos</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Aug 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Heard_Of.html">Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model</a></h5> <br>
by <a href="./authors/debrat">Henri Debrat</a> and <a href="./authors/merz">Stephan Merz</a></div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PCF.html">Logical Relations for PCF</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a></div>
<span class="date">
Jul 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Tycon.html">Type Constructor Classes and Monad Transformers</a></h5> <br>
by <a href="./authors/huffman">Brian Huffman</a></div>
<span class="date">
Jun 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pi_Calculus.html">The pi-calculus in nominal logic</a></h5> <br>
by <a href="./authors/bengtson">Jesper Bengtson</a></div>
<span class="date">
May 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Psi_Calculi.html">Psi-calculi in Isabelle</a></h5> <br>
by <a href="./authors/bengtson">Jesper Bengtson</a></div>
<span class="date">
May 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CCS.html">CCS in nominal logic</a></h5> <br>
by <a href="./authors/bengtson">Jesper Bengtson</a></div>
<span class="date">
May 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Circus.html">Isabelle/Circus</a></h5> <br>
by <a href="./authors/feliachi">Abderrahmane Feliachi</a>, <a href="./authors/wolff">Burkhart Wolff</a> and <a href="./authors/gaudel">Marie-Claude Gaudel</a></div>
<span class="date">
May 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Separation_Algebra.html">Separation Algebra</a></h5> <br>
by <a href="./authors/klein">Gerwin Klein</a>, <a href="./authors/kolanski">Rafal Kolanski</a> and <a href="./authors/boyton">Andrew Boyton</a></div>
<span class="date">
May 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stuttering_Equivalence.html">Stuttering Equivalence</a></h5> <br>
by <a href="./authors/merz">Stephan Merz</a></div>
<span class="date">
May 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Inductive_Confidentiality.html">Inductive Study of Confidentiality</a></h5> <br>
by <a href="./authors/bella">Giampaolo Bella</a></div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ordinary_Differential_Equations.html">Ordinary Differential Equations</a></h5> <br>
by <a href="./authors/immler">Fabian Immler</a> and <a href="./authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Well_Quasi_Orders.html">Well-Quasi-Orders</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Abortable_Linearizable_Modules.html">Abortable Linearizable Modules</a></h5> <br>
by <a href="./authors/guerraoui">Rachid Guerraoui</a>, <a href="./authors/kuncak">Viktor Kuncak</a> and <a href="./authors/losa">Giuliano Losa</a></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Transitive-Closure-II.html">Executable Transitive Closures</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Girth_Chromatic.html">A Probabilistic Proof of the Girth-Chromatic Number Theorem</a></h5> <br>
by <a href="./authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Refine_Monadic.html">Refinement for Monadic Programs</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dijkstra_Shortest_Path.html">Dijkstra&#39;s Shortest Path Algorithm</a></h5> <br>
by <a href="./authors/nordhoff">Benedikt Nordhoff</a> and <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Markov_Models.html">Markov Models</a></h5> <br>
by <a href="./authors/hoelzl">Johannes Hölzl</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jan 03
</span>
</article></div><div>
<h2 class="year">2011</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/TLA.html">A Definitional Encoding of TLA* in Isabelle/HOL</a></h5> <br>
by <a href="./authors/grov">Gudmund Grov</a> and <a href="./authors/merz">Stephan Merz</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Efficient-Mergesort.html">Efficient Mergesort</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PseudoHoops.html">Pseudo Hoops</a></h5> <br>
by <a href="./authors/georgescu">George Georgescu</a>, <a href="./authors/leustean">Laurentiu Leustean</a> and <a href="./authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LatticeProperties.html">Lattice Properties</a></h5> <br>
by <a href="./authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MonoBoolTranAlgebra.html">Algebra of Monotonic Boolean Transformers</a></h5> <br>
by <a href="./authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Myhill-Nerode.html">The Myhill-Nerode Theorem Based on Regular Expressions</a></h5> <br>
by <a href="./authors/wu">Chunhan Wu</a>, <a href="./authors/zhangx">Xingyuan Zhang</a> and <a href="./authors/urban">Christian Urban</a></div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gauss-Jordan-Elim-Fun.html">Gauss-Jordan Elimination for Matrices Represented as Functions</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Max-Card-Matching.html">Maximum Cardinality Matching</a></h5> <br>
by <a href="./authors/rizkallah">Christine Rizkallah</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/KBPs.html">Knowledge-based programs</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a></div>
<span class="date">
May 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/General-Triangle.html">The General Triangle Is Unique</a></h5> <br>
by <a href="./authors/breitner">Joachim Breitner</a></div>
<span class="date">
Apr 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Transitive-Closure.html">Executable Transitive Closures of Finite Relations</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Mar 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Nat-Interval-Logic.html">Interval Temporal Logic on Natural Numbers</a></h5> <br>
by <a href="./authors/trachtenherz">David Trachtenherz</a></div>
<span class="date">
Feb 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/List-Infinite.html">Infinite Lists</a></h5> <br>
by <a href="./authors/trachtenherz">David Trachtenherz</a></div>
<span class="date">
Feb 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AutoFocus-Stream.html">AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics</a></h5> <br>
by <a href="./authors/trachtenherz">David Trachtenherz</a></div>
<span class="date">
Feb 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LightweightJava.html">Lightweight Java</a></h5> <br>
by <a href="./authors/strnisa">Rok Strniša</a> and <a href="./authors/parkinson">Matthew Parkinson</a></div>
<span class="date">
Feb 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/RIPEMD-160-SPARK.html">RIPEMD-160</a></h5> <br>
by <a href="./authors/immler">Fabian Immler</a></div>
<span class="date">
Jan 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lower_Semicontinuous.html">Lower Semicontinuous Functions</a></h5> <br>
by <a href="./authors/grechuk">Bogdan Grechuk</a></div>
<span class="date">
Jan 08
</span>
</article></div><div>
<h2 class="year">2010</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Marriage.html">Hall&#39;s Marriage Theorem</a></h5> <br>
by <a href="./authors/jiangd">Dongchen Jiang</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Dec 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Shivers-CFA.html">Shivers&#39; Control Flow Analysis</a></h5> <br>
by <a href="./authors/breitner">Joachim Breitner</a></div>
<span class="date">
Nov 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Binomial-Queues.html">Functional Binomial Queues</a></h5> <br>
by <a href="./authors/neumann">René Neumann</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Finger-Trees.html">Finger Trees</a></h5> <br>
by <a href="./authors/nordhoff">Benedikt Nordhoff</a>, <a href="./authors/koerner">Stefan Körner</a> and <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Binomial-Heaps.html">Binomial Heaps and Skew Binomial Heaps</a></h5> <br>
by <a href="./authors/meis">Rene Meis</a>, <a href="./authors/nielsen">Finn Nielsen</a> and <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lam-ml-Normalization.html">Strong Normalization of Moggis&#39;s Computational Metalanguage</a></h5> <br>
by <a href="./authors/doczkal">Christian Doczkal</a></div>
<span class="date">
Aug 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Polynomials.html">Executable Multivariate Polynomials</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a>, <a href="./authors/thiemann">René Thiemann</a>, <a href="./authors/maletzky">Alexander Maletzky</a>, <a href="./authors/immler">Fabian Immler</a>, <a href="./authors/haftmann">Florian Haftmann</a>, <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/bentkamp">Alexander Bentkamp</a></div>
<span class="date">
Aug 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Statecharts.html">Formalizing Statecharts using Hierarchical Automata</a></h5> <br>
by <a href="./authors/helke">Steffen Helke</a> and <a href="./authors/kammueller">Florian Kammüller</a></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Free-Groups.html">Free Groups</a></h5> <br>
by <a href="./authors/breitner">Joachim Breitner</a></div>
<span class="date">
Jun 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Category2.html">Category Theory</a></h5> <br>
by <a href="./authors/katovsky">Alexander Katovsky</a></div>
<span class="date">
Jun 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Matrix.html">Executable Matrix Operations on Matrices of Arbitrary Dimensions</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Jun 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Abstract-Rewriting.html">Abstract Rewriting</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Jun 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/GraphMarkingIBP.html">Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement</a></h5> <br>
by <a href="./authors/preoteasa">Viorel Preoteasa</a> and <a href="./authors/back">Ralph-Johan Back</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DataRefinementIBP.html">Semantics and Data Refinement of Invariant Based Programs</a></h5> <br>
by <a href="./authors/preoteasa">Viorel Preoteasa</a> and <a href="./authors/back">Ralph-Johan Back</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Robbins-Conjecture.html">A Complete Proof of the Robbins Conjecture</a></h5> <br>
- by <a href="./authors/doty">Matthew Wampler-Doty</a></div>
+ by <a href="./authors/doty">Matthew Doty</a></div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Regular-Sets.html">Regular Sets and Expressions</a></h5> <br>
by <a href="./authors/krauss">Alexander Krauss</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
May 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Locally-Nameless-Sigma.html">Locally Nameless Sigma Calculus</a></h5> <br>
by <a href="./authors/henrio">Ludovic Henrio</a>, <a href="./authors/kammueller">Florian Kammüller</a>, <a href="./authors/lutz">Bianca Lutz</a> and <a href="./authors/sudhof">Henry Sudhof</a></div>
<span class="date">
Apr 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Free-Boolean-Algebra.html">Free Boolean Algebra</a></h5> <br>
by <a href="./authors/huffman">Brian Huffman</a></div>
<span class="date">
Mar 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/InformationFlowSlicing_Inter.html">Inter-Procedural Information Flow Noninterference via Slicing</a></h5> <br>
by <a href="./authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/InformationFlowSlicing.html">Information Flow Noninterference via Slicing</a></h5> <br>
by <a href="./authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/List-Index.html">List Index</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Coinductive.html">Coinductive</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Feb 12
</span>
</article></div><div>
<h2 class="year">2009</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DPT-SAT-Solver.html">A Fast SAT Solver for Isabelle in Standard ML</a></h5> <br>
by <a href="./authors/heller">Armin Heller</a></div>
<span class="date">
Dec 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Presburger-Automata.html">Formalizing the Logic-Automaton Connection</a></h5> <br>
by <a href="./authors/berghofer">Stefan Berghofer</a> and <a href="./authors/reiter">Markus Reiter</a></div>
<span class="date">
Dec 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Tree-Automata.html">Tree Automata</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Nov 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Collections.html">Collections Framework</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Nov 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Perfect-Number-Thm.html">Perfect Number Theorem</a></h5> <br>
by <a href="./authors/ijbema">Mark Ijbema</a></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HRB-Slicing.html">Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer</a></h5> <br>
by <a href="./authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Nov 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/WorkerWrapper.html">The Worker/Wrapper Transformation</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a></div>
<span class="date">
Oct 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ordinals_and_Cardinals.html">Ordinals and Cardinals</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a></div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SequentInvertibility.html">Invertibility in Sequent Calculi</a></h5> <br>
by <a href="./authors/chapman">Peter Chapman</a></div>
<span class="date">
Aug 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CofGroups.html">An Example of a Cofinitary Group in Isabelle/HOL</a></h5> <br>
by <a href="./authors/kastermans">Bart Kastermans</a></div>
<span class="date">
Aug 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FinFun.html">Code Generation for Functions as Data</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stream-Fusion.html">Stream Fusion</a></h5> <br>
by <a href="./authors/huffman">Brian Huffman</a></div>
<span class="date">
Apr 29
</span>
</article></div><div>
<h2 class="year">2008</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BytecodeLogicJmlTypes.html">A Bytecode Logic for JML and Types</a></h5> <br>
by <a href="./authors/beringer">Lennart Beringer</a> and <a href="./authors/hofmann">Martin Hofmann</a></div>
<span class="date">
Dec 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SIFPL.html">Secure information flow and program logics</a></h5> <br>
by <a href="./authors/beringer">Lennart Beringer</a> and <a href="./authors/hofmann">Martin Hofmann</a></div>
<span class="date">
Nov 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SenSocialChoice.html">Some classical results in Social Choice Theory</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a></div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FunWithTilings.html">Fun With Tilings</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Nov 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Huffman.html">The Textbook Proof of Huffman&#39;s Algorithm</a></h5> <br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a></div>
<span class="date">
Oct 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Slicing.html">Towards Certified Slicing</a></h5> <br>
by <a href="./authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/VolpanoSmith.html">A Correctness Proof for the Volpano/Smith Security Typing System</a></h5> <br>
by <a href="./authors/snelting">Gregor Snelting</a> and <a href="./authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ArrowImpossibilityGS.html">Arrow and Gibbard-Satterthwaite</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FunWithFunctions.html">Fun With Functions</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SATSolverVerification.html">Formal Verification of Modern SAT Solvers</a></h5> <br>
by <a href="./authors/maricf">Filip Marić</a></div>
<span class="date">
Jul 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Recursion-Theory-I.html">Recursion Theory I</a></h5> <br>
by <a href="./authors/nedzelsky">Michael Nedzelsky</a></div>
<span class="date">
Apr 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BDD.html">BDD Normalisation</a></h5> <br>
by <a href="./authors/ortner">Veronika Ortner</a> and <a href="./authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Simpl.html">A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</a></h5> <br>
by <a href="./authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/NormByEval.html">Normalization by Evaluation</a></h5> <br>
by <a href="./authors/aehlig">Klaus Aehlig</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LinearQuantifierElim.html">Quantifier Elimination for Linear Arithmetic</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jan 11
</span>
</article></div><div>
<h2 class="year">2007</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Program-Conflict-Analysis.html">Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/olm">Markus Müller-Olm</a></div>
<span class="date">
Dec 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/JinjaThreads.html">Jinja with Threads</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Dec 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MuchAdoAboutTwo.html">Much Ado About Two</a></h5> <br>
by <a href="./authors/boehme">Sascha Böhme</a></div>
<span class="date">
Nov 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SumSquares.html">Sums of Two and Four Squares</a></h5> <br>
by <a href="./authors/oosterhuis">Roelof Oosterhuis</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fermat3_4.html">Fermat&#39;s Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples</a></h5> <br>
by <a href="./authors/oosterhuis">Roelof Oosterhuis</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Valuation.html">Fundamental Properties of Valuation Theory and Hensel&#39;s Lemma</a></h5> <br>
by <a href="./authors/kobayashi">Hidetsune Kobayashi</a></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/POPLmark-deBruijn.html">POPLmark Challenge Via de Bruijn Indices</a></h5> <br>
by <a href="./authors/berghofer">Stefan Berghofer</a></div>
<span class="date">
Aug 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FOL-Fitting.html">First-Order Logic According to Fitting</a></h5> <br>
by <a href="./authors/berghofer">Stefan Berghofer</a></div>
<span class="date">
Aug 02
</span>
</article></div><div>
<h2 class="year">2006</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HotelKeyCards.html">Hotel Key Card System</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Abstract-Hoare-Logics.html">Abstract Hoare Logics</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Flyspeck-Tame.html">Flyspeck I: Tame Graphs</a></h5> <br>
by <a href="./authors/bauer">Gertrud Bauer</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CoreC&#43;&#43;.html">CoreC&#43;&#43;</a></h5> <br>
by <a href="./authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
May 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FeatherweightJava.html">A Theory of Featherweight Java in Isabelle/HOL</a></h5> <br>
by <a href="./authors/fosterj">J. Nathan Foster</a> and <a href="./authors/vytiniotis">Dimitrios Vytiniotis</a></div>
<span class="date">
Mar 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ClockSynchInst.html">Instances of Schneider&#39;s generalized protocol of clock synchronization</a></h5> <br>
by <a href="./authors/barsotti">Damián Barsotti</a></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Cauchy.html">Cauchy&#39;s Mean Theorem and the Cauchy-Schwarz Inequality</a></h5> <br>
by <a href="./authors/porter">Benjamin Porter</a></div>
<span class="date">
Mar 14
</span>
</article></div><div>
<h2 class="year">2005</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ordinal.html">Countable Ordinals</a></h5> <br>
by <a href="./authors/huffman">Brian Huffman</a></div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FFT.html">Fast Fourier Transform</a></h5> <br>
by <a href="./authors/ballarin">Clemens Ballarin</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/GenClock.html">Formalization of a Generalized Protocol for Clock Synchronization</a></h5> <br>
by <a href="./authors/tiu">Alwen Tiu</a></div>
<span class="date">
Jun 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DiskPaxos.html">Proving the Correctness of Disk Paxos</a></h5> <br>
by <a href="./authors/jaskelioff">Mauro Jaskelioff</a> and <a href="./authors/merz">Stephan Merz</a></div>
<span class="date">
Jun 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/JiveDataStoreModel.html">Jive Data and Store Model</a></h5> <br>
by <a href="./authors/rauch">Nicole Rauch</a> and <a href="./authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Jun 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Jinja.html">Jinja is not Java</a></h5> <br>
by <a href="./authors/klein">Gerwin Klein</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/RSAPSS.html">SHA1, RSA, PSS and more</a></h5> <br>
by <a href="./authors/lindenberg">Christina Lindenberg</a> and <a href="./authors/wirt">Kai Wirt</a></div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Category.html">Category Theory to Yoneda&#39;s Lemma</a></h5> <br>
by <a href="./authors/keefe">Greg O&rsquo;Keefe</a></div>
<span class="date">
Apr 21
</span>
</article></div><div>
<h2 class="year">2004</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FileRefinement.html">File Refinement</a></h5> <br>
by <a href="./authors/zee">Karen Zee</a> and <a href="./authors/kuncak">Viktor Kuncak</a></div>
<span class="date">
Dec 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Integration.html">Integration theory and random variables</a></h5> <br>
by <a href="./authors/richter">Stefan Richter</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Verified-Prover.html">A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic</a></h5> <br>
by <a href="./authors/ridge">Tom Ridge</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ramsey-Infinite.html">Ramsey&#39;s theorem, infinitary version</a></h5> <br>
by <a href="./authors/ridge">Tom Ridge</a></div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Completeness.html">Completeness theorem</a></h5> <br>
by <a href="./authors/margetson">James Margetson</a> and <a href="./authors/ridge">Tom Ridge</a></div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Compiling-Exceptions-Correctly.html">Compiling Exceptions Correctly</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jul 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Depth-First-Search.html">Depth First Search</a></h5> <br>
by <a href="./authors/nishihara">Toshiaki Nishihara</a> and <a href="./authors/minamide">Yasuhiko Minamide</a></div>
<span class="date">
Jun 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Group-Ring-Module.html">Groups, Rings and Modules</a></h5> <br>
by <a href="./authors/kobayashi">Hidetsune Kobayashi</a>, <a href="./authors/chen">L. Chen</a> and <a href="./authors/murao">H. Murao</a></div>
<span class="date">
May 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Topology.html">Topology</a></h5> <br>
by <a href="./authors/friedrich">Stefan Friedrich</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lazy-Lists-II.html">Lazy Lists II</a></h5> <br>
by <a href="./authors/friedrich">Stefan Friedrich</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BinarySearchTree.html">Binary Search Trees</a></h5> <br>
by <a href="./authors/kuncak">Viktor Kuncak</a></div>
<span class="date">
Apr 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Functional-Automata.html">Functional Automata</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Mar 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MiniML.html">Mini ML</a></h5> <br>
by <a href="./authors/naraschewski">Wolfgang Naraschewski</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Mar 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AVL-Trees.html">AVL Trees</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a> and <a href="./authors/pusch">Cornelia Pusch</a></div>
<span class="date">
Mar 19
</span>
</article></div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/index.json b/web/index.json
--- a/web/index.json
+++ b/web/index.json
@@ -1,14138 +1,14239 @@
[
{
+ "abstract": "The field of p-adic numbers for a prime integer p is constructed. Basic facts about p-adic topology including Hensel's Lemma are proved, building on a prior submission by the author. The theory of semialgebraic sets and semialgebraic functions on cartesian powers of p-adic fields is also developed, following a formalization of these concepts due to Denef. This is done towards a formalization of Denef's proof of Macintyre's quantifier elimination theorem for p-adic fields. Theories developing general multivariable polynomial rings over a commutative ring are developed, as well as some general theory of cartesian powers of an arbitrary ring.",
+ "authors": [
+ "Aaron Crighton"
+ ],
+ "date": "2022-09-22",
+ "id": 0,
+ "link": "/entries/Padic_Field.html",
+ "permalink": "/entries/Padic_Field.html",
+ "shortname": "Padic_Field",
+ "title": "p-adic Fields and p-adic Semialgebraic Sets",
+ "topic_links": [
+ "mathematics/number-theory",
+ "mathematics/algebra"
+ ],
+ "topics": [
+ "Mathematics/Number theory",
+ "Mathematics/Algebra"
+ ],
+ "used_by": 0
+ },
+ {
+ "abstract": "We construct an abstract ledger supporting the \u003cem\u003erisk-free lending\u003c/em\u003e protocol. The risk-free lending protocol is a system for issuing and exchanging novel financial products we call \u003cem\u003erisk-free loan\u003c/em\u003e. The system allows one party to lend money at 0\u0026#37; APY to another party in exchange for a good or service. On every update of the ledger, accounts have interest distributed to them. Holders of lent assets keep interest accrued by those assets. After distributing interest, the system returns a fixed fraction of each loan. These fixed fractions determine \u003cem\u003eloan periods\u003c/em\u003e. Loans for longer periods have a smaller fixed fraction returned. Loans may be re-lent or used as collateral for other loans. We give a sufficient criterion to enforce all accounts will forever be solvent. We give a protocol for maintaining this invariant when transferring or lending funds. We also show this invariant holds after update. Even though the system does not track counter-party obligations, we show that all credited and debited loans cancel and the monetary supply grows at a specified interest rate.",
+ "authors": [
+ "Matthew Doty"
+ ],
+ "date": "2022-09-18",
+ "id": 1,
+ "link": "/entries/Risk_Free_Lending.html",
+ "permalink": "/entries/Risk_Free_Lending.html",
+ "shortname": "Risk_Free_Lending",
+ "title": "Risk-Free Lending",
+ "topic_links": [
+ "mathematics/games-and-economics"
+ ],
+ "topics": [
+ "Mathematics/Games and economics"
+ ],
+ "used_by": 0
+ },
+ {
+ "abstract": "This work is a formalization of soundness and completeness of the Bernays-Tarski axiom system for classical implicational logic. The completeness proof is constructive following the approach by László Kalmár, Elliott Mendelson and others. The result can be extended to full classical propositional logic by uncommenting a few lines for falsehood. ",
+ "authors": [
+ "Asta Halkjær From",
+ "Jørgen Villadsen"
+ ],
+ "date": "2022-09-13",
+ "id": 2,
+ "link": "/entries/Implicational_Logic.html",
+ "permalink": "/entries/Implicational_Logic.html",
+ "shortname": "Implicational_Logic",
+ "title": "Soundness and Completeness of Implicational Logic",
+ "topic_links": [
+ "logic/general-logic/classical-propositional-logic",
+ "logic/proof-theory"
+ ],
+ "topics": [
+ "Logic/General logic/Classical propositional logic",
+ "Logic/Proof theory"
+ ],
+ "used_by": 0
+ },
+ {
"abstract": "This article formalizes the specification and the algorithm of the cryptographic scheme CRYSTALS-KYBER with multiplication using the Number Theoretic Transform and verifies its (1-δ)-correctness proof. CRYSTALS-KYBER is a key encapsulation mechanism in lattice-based post-quantum cryptography. This entry formalizes the key generation, encryption and decryption algorithms and shows that the algorithm decodes correctly under a highly probable assumption ((1-δ)-correctness). Moreover, the Number Theoretic Transform (NTT) in the case of Kyber and the convolution theorem thereon is formalized.",
"authors": [
"Katharina Kreuzer"
],
"date": "2022-09-08",
- "id": 0,
+ "id": 3,
"link": "/entries/CRYSTALS-Kyber.html",
"permalink": "/entries/CRYSTALS-Kyber.html",
"shortname": "CRYSTALS-Kyber",
"title": "CRYSTALS-Kyber",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
+ "abstract": "Many separation logics support fractional permissions to distinguish between read and write access to a heap location, for instance, to allow concurrent reads while enforcing exclusive writes. Fractional permissions extend to composite assertions such as (co)inductive predicates and magic wands by allowing those to be multiplied by a fraction. Typical separation logic proofs require that this multiplication has three key properties: it needs to distribute over assertions, it should permit fractions to be factored out from assertions, and two fractions of the same assertion should be combinable into one larger fraction. Existing formal semantics incorporating fractional assertions into a separation logic define multiplication semantically (via models), resulting in a semantics in which distributivity and combinability do not hold for key resource assertions such as magic wands, and fractions cannot be factored out from a separating conjunction. By contrast, existing automatic separation logic verifiers define multiplication syntactically, resulting in a different semantics for which it is unknown whether distributivity and combinability hold for all assertions. In this entry (which accompanies an \u003ca href=\"https://dardinier.me/papers/multiplication.pdf\"\u003eOOPSLA'22 paper\u003c/a\u003e), we present and formalize an unbounded version of separation logic, a novel semantics for separation logic assertions that allows states to hold more than a full permission to a heap location during the evaluation of an assertion. By reimposing upper bounds on the permissions held per location at statement boundaries, we retain key properties of separation logic, in particular, we prove that the frame rule still holds. We also prove that our assertion semantics unifies semantic and syntactic multiplication and thereby reconciles the discrepancy between separation logic theory and tools and enjoys distributivity, factorisability, and combinability.",
+ "authors": [
+ "Thibault Dardinier"
+ ],
+ "date": "2022-09-05",
+ "id": 4,
+ "link": "/entries/Separation_Logic_Unbounded.html",
+ "permalink": "/entries/Separation_Logic_Unbounded.html",
+ "shortname": "Separation_Logic_Unbounded",
+ "title": "Unbounded Separation Logic",
+ "topic_links": [
+ "computer-science/programming-languages/logics"
+ ],
+ "topics": [
+ "Computer science/Programming languages/Logics"
+ ],
+ "used_by": 0
+ },
+ {
"abstract": "We formalise the proof of an important theorem in additive combinatorics due to Khovanskii, attesting that the cardinality of the set of all sums of $n$ many elements of $A$, where $A$ is a finite subset of an abelian group, is a polynomial in $n$ for all sufficiently large $n$. We follow a proof due to Nathanson and Ruzsa as presented in the notes “Introduction to Additive Combinatorics” by Timothy Gowers for the University of Cambridge.",
"authors": [
"Angeliki Koutsoukou-Argyraki",
"Lawrence C. Paulson"
],
"date": "2022-09-02",
- "id": 1,
+ "id": 5,
"link": "/entries/Khovanskii_Theorem.html",
"permalink": "/entries/Khovanskii_Theorem.html",
"shortname": "Khovanskii_Theorem",
"title": "Khovanskii\u0026#x27;s Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article is a formalisation of a proof of the Hales–Jewett theorem presented in the textbook \u003cem\u003eRamsey Theory\u003c/em\u003e by Graham et al.\u003c/p\u003e \u003cp\u003eThe Hales–Jewett theorem is a result in Ramsey Theory which states that, for any non-negative integers $r$ and $t$, there exists a minimal dimension $N$, such that any $r$-coloured $N'$-dimensional cube over $t$ elements (with $N' \\geq N$) contains a monochromatic line. This theorem generalises Van der Waerden's Theorem, which has already been formalised in another \u003ca href=\"https://www.isa-afp.org/entries/Van_der_Waerden.html\"\u003eAFP entry\u003c/a\u003e.\u003c/p\u003e",
"authors": [
"Ujkan Sulejmani",
"Manuel Eberl",
"Katharina Kreuzer"
],
"date": "2022-09-02",
- "id": 2,
+ "id": 6,
"link": "/entries/Hales_Jewett.html",
"permalink": "/entries/Hales_Jewett.html",
"shortname": "Hales_Jewett",
"title": "The Hales–Jewett Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry contains an Isabelle formalization of the \u003cem\u003eNumber Theoretic Transform (NTT)\u003c/em\u003e which is the analogue to a \u003cem\u003eDiscrete Fourier Transform (DFT)\u003c/em\u003e over a finite field. Roots of unity in the complex numbers are replaced by those in a finite field. \u003c/p\u003e\u003cp\u003eFirst, we define both \u003cem\u003eNTT\u003c/em\u003e and the inverse transform \u003cem\u003eINTT\u003c/em\u003e in Isabelle and prove them to be mutually inverse. \u003c/p\u003e\u003cp\u003e\u003cem\u003eDFT\u003c/em\u003e can be efficiently computed by the recursive \u003cem\u003eFast Fourier Transform (FFT)\u003c/em\u003e. In our formalization, this algorithm is adapted to the setting of the \u003cem\u003eNTT\u003c/em\u003e: We implement a \u003cem\u003eFast Number Theoretic Transform (FNTT)\u003c/em\u003e based on the Butterfly scheme by Cooley and Tukey. Additionally, we provide an inverse transform \u003cem\u003eIFNTT\u003c/em\u003e and prove it mutually inverse to \u003cem\u003eFNTT\u003c/em\u003e. \u003c/p\u003e\u003cp\u003e Afterwards, a recursive formalization of the \u003cem\u003eFNTT\u003c/em\u003e running time is examined and the famous $O(n \\log n)$ bounds are proven.\u003c/p\u003e",
"authors": [
"Thomas Ammer",
"Katharina Kreuzer"
],
"date": "2022-08-18",
- "id": 3,
+ "id": 7,
"link": "/entries/Number_Theoretic_Transform.html",
"permalink": "/entries/Number_Theoretic_Transform.html",
"shortname": "Number_Theoretic_Transform",
"title": "Number Theoretic Transform",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 1
},
{
+ "abstract": "We prove the correctness of a sequential algorithm for computing maximal strongly connected components (SCCs) of a graph due to Vincent Bloemen.",
+ "authors": [
+ "Stephan Merz",
+ "Vincent Trélat"
+ ],
+ "date": "2022-08-17",
+ "id": 8,
+ "link": "/entries/SCC_Bloemen_Sequential.html",
+ "permalink": "/entries/SCC_Bloemen_Sequential.html",
+ "shortname": "SCC_Bloemen_Sequential",
+ "title": "Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph",
+ "topic_links": [
+ "computer-science/algorithms/graph"
+ ],
+ "topics": [
+ "Computer science/Algorithms/Graph"
+ ],
+ "used_by": 0
+ },
+ {
"abstract": "This theory contains the involution-based proof of the two squares theorem from \u003ca href=\"https://dx.doi.org/10.1007/978-3-662-57265-8\"\u003eTHE BOOK\u003c/a\u003e.",
"authors": [
"Maksym Bortin"
],
"date": "2022-08-15",
- "id": 4,
+ "id": 9,
"link": "/entries/Involutions2Squares.html",
"permalink": "/entries/Involutions2Squares.html",
"shortname": "Involutions2Squares",
"title": "From THE BOOK: Two Squares via Involutions",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "This entry provides executable formalisations of complete test generation algorithms for finite state machines. It covers testing for the language-equivalence and reduction conformance relations, supporting the former via the W, Wp, HSI, H, SPY and SPYH-methods, and the latter via adaptive state counting. The test strategies are implemented using generic frameworks, allowing for reuse of shared components between related strategies. This work is described in the author\u0026#x27;s \u003ca href=\"https://doi.org/10.26092/elib/1665\"\u003edoctoral thesis\u003c/a\u003e.",
"authors": [
"Robert Sachtleben"
],
"date": "2022-08-09",
- "id": 5,
+ "id": 10,
"link": "/entries/FSM_Tests.html",
"permalink": "/entries/FSM_Tests.html",
"shortname": "FSM_Tests",
"title": "Verified Complete Test Strategies for Finite State Machines",
"topic_links": [
"computer-science/automata-and-formal-languages",
"computer-science/algorithms"
],
"topics": [
"Computer science/Automata and formal languages",
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "JSON (JavaScript Object Notation) is a common format for exchanging data, based on a collection of key/value-pairs (the JSON objects) and lists. Its syntax is inspired by JavaScript with the aim of being easy to read and write for humans and easy to parse and generate for machines. Despite its origin in the JavaScript world, JSON is language-independent and many programming languages support working with JSON-encoded data. This makes JSON an interesting format for exchanging data with Isabelle/HOL. This AFP entry provides a JSON-like import-expert format for both Isabelle/ML and Isabelle/HOL. On the one hand, this AFP entry provides means for Isabelle/HOL users to work with JSON encoded data without the need using Isabelle/ML. On the other and, the provided Isabelle/ML interfaces allow additional extensions or integration into Isabelle extensions written in Isabelle/ML. While format is not fully JSON compliant (e.g., due to limitations in the range of supported Unicode characters), it works in most situations: the provided implementation in Isabelle/ML and its representation in Isabelle/HOL have been used successfully in several projects for exchanging data sets of several hundredths of megabyte between Isabelle and external tools.",
"authors": [
"Achim D. Brucker"
],
"date": "2022-07-29",
- "id": 6,
+ "id": 11,
"link": "/entries/Nano_JSON.html",
"permalink": "/entries/Nano_JSON.html",
"shortname": "Nano_JSON",
"title": "Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML",
"topic_links": [
"tools",
"computer-science/data-structures"
],
"topics": [
"Tools",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "Smart contracts are automatically executed programs, usually representing legal agreements such as financial transactions. Thus, bugs in smart contracts can lead to large financial losses. For example, an incorrectly initialized contract was the root cause of the Parity Wallet bug that saw $280M worth of Ether destroyed. Ether is the cryptocurrency of the Ethereum blockchain that uses Solidity for expressing smart contracts. We address this problem by formalizing an executable denotational semantics for Solidity in the interactive theorem prover Isabelle/HOL. This formal semantics builds the foundation of an interactive program verification environment for Solidity programs and allows for inspecting them by (symbolic) execution. We combine the latter with grammar based fuzzing to ensure that our formal semantics complies to the Solidity implementation on the Ethereum Blockchain. Finally, we demonstrate the formal verification of Solidity programs by two examples: constant folding and a simple verified token.",
"authors": [
"Diego Marmsoler",
"Achim D. Brucker"
],
"date": "2022-07-18",
- "id": 7,
+ "id": 12,
"link": "/entries/Solidity.html",
"permalink": "/entries/Solidity.html",
"shortname": "Solidity",
"title": "Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL",
"topic_links": [
"computer-science/programming-languages",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Programming languages",
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "A Hermitian matrix is a square complex matrix that is equal to its conjugate transpose. The (finite-dimensional) spectral theorem states that any such matrix can be decomposed into a product of a unitary matrix and a diagonal matrix containing only real elements. We formalize the generalization of this result, which states that any finite set of Hermitian and pairwise commuting matrices can be decomposed as previously, using the same unitary matrix; in other words, they are simultaneously diagonalizable. Sets of pairwise commuting Hermitian matrices are called \u003cem\u003eComplete Sets of Commuting Observables\u003c/em\u003e in Quantum Mechanics, where they represent physical quantities that can be simultaneously measured to uniquely distinguish quantum states.",
"authors": [
"Mnacho Echenim"
],
"date": "2022-07-18",
- "id": 8,
+ "id": 13,
"link": "/entries/Commuting_Hermitian.html",
"permalink": "/entries/Commuting_Hermitian.html",
"shortname": "Commuting_Hermitian",
"title": "Simultaneous diagonalization of pairwise commuting Hermitian matrices",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a formalisation of the Weighted Arithmetic–Geometric Mean Inequality: given non-negative reals $a_1, \\ldots, a_n$ and non-negative weights $w_1, \\ldots, w_n$ such that $w_1 + \\ldots + w_n = 1$, we have \\[\\prod\\limits_{i=1}^n a_i^{w_i} \\leq \\sum\\limits_{i=1}^n w_i a_i\\ .\\] If the weights are additionally all non-zero, equality holds if and only if $a_1 = \\ldots = a_n$.\u003c/p\u003e \u003cp\u003eAs a corollary with $w_1 = \\ldots = w_n = 1/n$, the regular arithmetic–geometric mean inequality follows, namely that \\[\\sqrt[n]{a_1\\,\\cdots\\, a_n} \\leq \\tfrac{1}{n}(a_1 + \\ldots + a_n)\\ .\\]\u003c/p\u003e \u003cp\u003eI follow Pólya's elegant proof, which uses the inequality $1 + x \\leq e^x$ as a starting point. Pólya claims that this proof came to him in a dream, and that it was “the best mathematics he had ever dreamt.”\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2022-07-11",
- "id": 9,
+ "id": 14,
"link": "/entries/Weighted_Arithmetic_Geometric_Mean.html",
"permalink": "/entries/Weighted_Arithmetic_Geometric_Mean.html",
"shortname": "Weighted_Arithmetic_Geometric_Mean",
"title": "Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "After introducing the didactic imperative programming language IMP, Nipkow and Klein's book on formal programming language semantics (version of March 2021) specifies compilation of IMP commands into a lower-level language based on a stack machine, and expounds a formal verification of that compiler. Exercise 8.4 asks the reader to adjust such proof for a new compilation target, consisting of a machine language that (i) accesses memory locations through their addresses instead of variable names, and (ii) maintains a stack in memory via a stack pointer rather than relying upon a built-in stack. A natural strategy to maximize reuse of the original proof is keeping the original language as an assembly one and splitting compilation into multiple steps, namely a source-to-assembly step matching the original compilation process followed by an assembly-to-machine step. In this way, proving assembly code-machine code equivalence is the only extant task. A previous paper by the present author introduces a reasoning toolbox that allows for a compiler correctness proof shorter than the book's one, as such promising to constitute a further enhanced reference for the formal verification of real-world compilers. This paper in turn shows that such toolbox can be reused to accomplish the aforesaid task as well, which demonstrates that the proposed approach also promotes proof reuse in multi-stage compiler verifications.",
"authors": [
"Pasquale Noce"
],
"date": "2022-07-10",
- "id": 10,
+ "id": 15,
"link": "/entries/IMP_Compiler_Reuse.html",
"permalink": "/entries/IMP_Compiler_Reuse.html",
"shortname": "IMP_Compiler_Reuse",
"title": "A Reuse-Based Multi-Stage Compiler Verification for Language IMP",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 0
},
{
"abstract": "A double-ended queue (\u003cem\u003edeque\u003c/em\u003e) is a queue where one can enqueue and dequeue at both ends. We define and verify the \u003ca href=\"https://doi.org/10.1145/165180.165225\"\u003edeque implementation by Chuang and Goldberg\u003c/a\u003e. It is purely functional and all operations run in constant time.",
"authors": [
"Balazs Toth",
"Tobias Nipkow"
],
"date": "2022-06-23",
- "id": 11,
+ "id": 16,
"link": "/entries/Real_Time_Deque.html",
"permalink": "/entries/Real_Time_Deque.html",
"shortname": "Real_Time_Deque",
"title": "Real-Time Double-Ended Queue",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "In 1987, George Boolos gave an interesting and vivid concrete example of the considerable speed-up afforded by higher-order logic over first-order logic. (A phenomenon first noted by Kurt Gödel in 1936.) Boolos's example concerned an inference $I$ with five premises, and a conclusion, such that the shortest derivation of the conclusion from the premises in a standard system for first-order logic is astronomically huge; while there exists a second-order derivation whose length is of the order of a page or two. Boolos gave a short sketch of that second-order derivation, which relies on the comprehension principle of second-order logic. Here, Boolos's inference is formalized into fourteen lemmas, each quickly verified by the automated-theorem-proving assistant Isabelle/HOL.",
"authors": [
"Jeffrey Ketland"
],
"date": "2022-06-20",
- "id": 12,
+ "id": 17,
"link": "/entries/Boolos_Curious_Inference.html",
"permalink": "/entries/Boolos_Curious_Inference.html",
"shortname": "Boolos_Curious_Inference",
"title": "Boolos's Curious Inference in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "This entry formalizes the classification of the finite fields (also called Galois fields): For each prime power $p^n$ there exists exactly one (up to isomorphisms) finite field of that size and there are no other finite fields. The derivation includes a formalization of the characteristic of rings, the Frobenius endomorphism, formal differentiation for polynomials in HOL-Algebra and Gauss' formula for the number of monic irreducible polynomials over finite fields: \\[ \\frac{1}{n} \\sum_{d | n} \\mu(d) p^{n/d} \\textrm{.} \\] The proofs are based on the books from \u003ca href=\"https://doi.org/10.1007/978-1-4757-2103-4\"\u003eIreland and Rosen\u003c/a\u003e, as well as, \u003ca href=\"https://doi.org/10.1017/CBO9781139172769\"\u003eLidl and Niederreiter\u003c/a\u003e.",
"authors": [
"Emin Karayel"
],
"date": "2022-06-08",
- "id": 13,
+ "id": 18,
"link": "/entries/Finite_Fields.html",
"permalink": "/entries/Finite_Fields.html",
"shortname": "Finite_Fields",
"title": "Finite Fields",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "Today's Internet is built on decades-old networking protocols that lack scalability, reliability and security. In response, the networking community has developed \u003cem\u003epath-aware\u003c/em\u003e Internet architectures that solve these issues while simultaneously empowering end hosts. In these architectures, autonomous systems authorize forwarding paths in accordance with their routing policies, and protect paths using cryptographic authenticators. For each packet, the sending end host selects an authorized path and embeds it and its authenticators in the packet header. This allows routers to efficiently determine how to forward the packet. The central security property of the data plane, i.e., of forwarding, is that packets can only travel along authorized paths. This property, which we call \u003cem\u003epath authorization\u003c/em\u003e, protects the routing policies of autonomous systems from malicious senders. The fundamental role of packet forwarding in the Internet's ecosystem and the complexity of the authentication mechanisms employed call for a formal analysis. We develop IsaNet, a parameterized verification framework for data plane protocols in Isabelle/HOL. We first formulate an abstract model without an attacker for which we prove path authorization. We then refine this model by introducing a Dolev--Yao attacker and by protecting authorized paths using (generic) cryptographic validation fields. This model is parametrized by the path authorization mechanism and assumes five simple verification conditions. We propose novel attacker models and different sets of assumptions on the underlying routing protocol. We validate our framework by instantiating it with nine concrete protocols variants and prove that they each satisfy the verification conditions (and hence path authorization). The invariants needed for the security proof are proven in the parametrized model instead of the instance models. Our framework thus supports low-effort security proofs for data plane protocols. In contrast to what could be achieved with state-of-the-art automated protocol verifiers, our results hold for arbitrary network topologies and sets of authorized paths.",
"authors": [
"Tobias Klenze",
"Christoph Sprenger"
],
"date": "2022-06-08",
- "id": 14,
+ "id": 19,
"link": "/entries/IsaNet.html",
"permalink": "/entries/IsaNet.html",
"shortname": "IsaNet",
"title": "IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols",
"topic_links": [
"computer-science/security",
"computer-science/networks"
],
"topics": [
"Computer science/Security",
"Computer science/Networks"
],
"used_by": 0
},
{
"abstract": "We present a formalization of Matiyasevich's proof of the DPRM theorem, which states that every recursively enumerable set of natural numbers is Diophantine. This result from 1970 yields a negative solution to Hilbert's 10th problem over the integers. To represent recursively enumerable sets in equations, we implement and arithmetize register machines. We formalize a general theory of Diophantine sets and relations to reason about them abstractly. Using several number-theoretic lemmas, we prove that exponentiation has a Diophantine representation.",
"authors": [
"Jonas Bayer",
"Marco David",
"Benedikt Stock",
"Abhik Pal",
"Yuri Matiyasevich",
"Dierk Schleicher"
],
"date": "2022-06-06",
- "id": 15,
+ "id": 20,
"link": "/entries/DPRM_Theorem.html",
"permalink": "/entries/DPRM_Theorem.html",
"shortname": "DPRM_Theorem",
"title": "Diophantine Equations and the DPRM Theorem",
"topic_links": [
"logic/computability",
"mathematics/number-theory"
],
"topics": [
"Logic/Computability",
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "This AFP entry relates important rewriting properties between the set of terms and the set of ground terms induced by a given signature. The properties considered are confluence, strong/local confluence, the normal form property, unique normal forms with respect to reduction and conversion, commutation, conversion equivalence, and normalization equivalence.",
"authors": [
"Alexander Lochmann"
],
"date": "2022-06-02",
- "id": 16,
+ "id": 21,
"link": "/entries/Rewrite_Properties_Reduction.html",
"permalink": "/entries/Rewrite_Properties_Reduction.html",
"shortname": "Rewrite_Properties_Reduction",
"title": "Reducing Rewrite Properties to Properties on Ground Terms",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "Many separation logics support \u003cem\u003efractional permissions\u003c/em\u003e to distinguish between read and write access to a heap location, for instance, to allow concurrent reads while enforcing exclusive writes. The concept has been generalized to fractional assertions. $A^p$ (where $A$ is a separation logic assertion and $p$ a fraction between $0$ and $1$) represents a fraction $p$ of $A$. $A^p$ holds in a state $\\sigma$ iff there exists a state $\\sigma_A$ in which $A$ holds and $\\sigma$ is obtained from $\\sigma_A$ by multiplying all permission amounts held by $p$. While $A^{p + q}$ can always be split into $A^p * A^q$, recombining $A^p * A^q$ into $A^{p+q}$ is not always sound. We say that $A$ is \u003cem\u003ecombinable\u003c/em\u003e iff the entailment $A^p * A^q \\models A^{p+q}$ holds for any two positive fractions $p$ and $q$ such that $p + q \\le 1$. Combinable assertions are particularly useful to reason about concurrent programs, for instance, to combine the postconditions of parallel branches when they terminate. Unfortunately, the magic wand assertion $A \\mathbin{-\\!\\!*} B$, commonly used to specify properties of partial data structures, is typically \u003cem\u003enot\u003c/em\u003e combinable. In this entry, we formalize a novel, restricted definition of the magic wand, described in \u003ca href=\"https://arxiv.org/abs/2205.11325\"\u003ea paper at CAV 22\u003c/a\u003e, which we call the \u003cem\u003ecombinable wand\u003c/em\u003e. We prove some key properties of the combinable wand; in particular, a combinable wand is combinable if its right-hand side is combinable.",
"authors": [
"Thibault Dardinier"
],
"date": "2022-05-30",
- "id": 17,
+ "id": 22,
"link": "/entries/Combinable_Wands.html",
"permalink": "/entries/Combinable_Wands.html",
"shortname": "Combinable_Wands",
"title": "A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "We formalise Plünnecke's inequality and the Plünnecke-Ruzsa inequality, following the notes by Timothy Gowers: \"Introduction to Additive Combinatorics\" (2022) for the University of Cambridge. To this end, we first introduce basic definitions and prove elementary facts on sumsets and difference sets. Then, we show two versions of the Ruzsa triangle inequality. We follow with a proof due to Petridis.",
"authors": [
"Angeliki Koutsoukou-Argyraki",
"Lawrence C. Paulson"
],
"date": "2022-05-26",
- "id": 18,
+ "id": 23,
"link": "/entries/Pluennecke_Ruzsa_Inequality.html",
"permalink": "/entries/Pluennecke_Ruzsa_Inequality.html",
"shortname": "Pluennecke_Ruzsa_Inequality",
"title": "The Plünnecke-Ruzsa Inequality",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "The magic wand $\\mathbin{-\\!\\!*}$ (also called separating implication) is a separation logic connective commonly used to specify properties of partial data structures, for instance during iterative traversals. A \u003cem\u003efootprint\u003c/em\u003e of a magic wand formula $$A \\mathbin{-\\!\\!*} B$$ is a state that, combined with any state in which $A$ holds, yields a state in which $B$ holds. The key challenge of proving a magic wand (also called \u003cem\u003epackaging\u003c/em\u003e a wand) is to find such a footprint. Existing package algorithms either have a high annotation overhead or are unsound. In this entry, we formally define a framework for the sound automation of magic wands, described in an \u003ca href=\"https://www.cs.ubc.ca/~alexsumm/papers/DardinierParthasarathyWeeksMuellerSummers22.pdf\"\u003eupcoming paper at CAV 2022\u003c/a\u003e, and prove that it is sound and complete. This framework, called the \u003cem\u003epackage logic\u003c/em\u003e, precisely characterises a wide design space of possible package algorithms applicable to a large class of separation logics.",
"authors": [
"Thibault Dardinier"
],
"date": "2022-05-18",
- "id": 19,
+ "id": 24,
"link": "/entries/Package_logic.html",
"permalink": "/entries/Package_logic.html",
"shortname": "Package_logic",
"title": "Formalization of a Framework for the Sound Automation of Magic Wands",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e Given a graph $G$ with $n$ vertices and a number $s$, the decision problem Clique asks whether $G$ contains a fully connected subgraph with $s$ vertices. For this NP-complete problem there exists a non-trivial lower bound: no monotone circuit of a size that is polynomial in $n$ can solve Clique. \u003c/p\u003e\u003cp\u003e This entry provides an Isabelle/HOL formalization of a concrete lower bound (the bound is $\\sqrt[7]{n}^{\\sqrt[8]{n}}$ for the fixed choice of $s = \\sqrt[4]{n}$), following a proof by Gordeev. \u003c/p\u003e",
"authors": [
"René Thiemann"
],
"date": "2022-05-08",
- "id": 20,
+ "id": 25,
"link": "/entries/Clique_and_Monotone_Circuits.html",
"permalink": "/entries/Clique_and_Monotone_Circuits.html",
"shortname": "Clique_and_Monotone_Circuits",
"title": "Clique is not solvable by monotone circuits of polynomial size",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "Linear algebraic techniques are powerful, yet often underrated tools in combinatorial proofs. This formalisation provides a library including matrix representations of incidence set systems, general formal proof techniques for the rank argument and linear bound argument, and finally a formalisation of a number of variations of the well-known Fisher's inequality. We build on our prior work formalising combinatorial design theory using a locale-centric approach, including extensions such as constant intersect designs and dual incidence systems. In addition to Fisher's inequality, we also formalise proofs on other incidence system properties using the incidence matrix representation, such as design existence, dual system relationships and incidence system isomorphisms. This formalisation is presented in the paper \"Formalising Fisher's Inequality: Formal Linear Algebraic Techniques in Combinatorics\", accepted to ITP 2022.",
"authors": [
"Chelsea Edmonds",
"Lawrence C. Paulson"
],
"date": "2022-04-21",
- "id": 21,
+ "id": 26,
"link": "/entries/Fishers_Inequality.html",
"permalink": "/entries/Fishers_Inequality.html",
"shortname": "Fishers_Inequality",
"title": "Fisher's Inequality: Linear Algebraic Proof Techniques for Combinatorics",
"topic_links": [
"mathematics/combinatorics",
"mathematics/algebra"
],
"topics": [
"Mathematics/Combinatorics",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "We formalize how a natural number can be expanded into its digits in some base and prove properties about functions that operate on digit expansions. This includes the formalization of concepts such as digit shifts and carries. For a base that is a power of 2 we formalize the binary AND, binary orthogonality and binary masking of two natural numbers. This library on digit expansions builds the basis for the formalization of the DPRM theorem.",
"authors": [
"Jonas Bayer",
"Marco David",
"Abhik Pal",
"Benedikt Stock"
],
"date": "2022-04-20",
- "id": 22,
+ "id": 27,
"link": "/entries/Digit_Expansions.html",
"permalink": "/entries/Digit_Expansions.html",
"shortname": "Digit_Expansions",
"title": "Digit Expansions",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "We consider the problem of comparing two multisets via the generalized multiset ordering. We show that the corresponding decision problem is NP-complete. To be more precise, we encode multiset-comparisons into propositional formulas or into conjunctive normal forms of quadratic size; we further prove that satisfiability of conjunctive normal forms can be encoded as multiset-comparison problems of linear size. As a corollary, we also show that the problem of deciding whether two terms are related by a recursive path order is NP-hard, provided the recursive path order is based on the generalized multiset ordering.",
"authors": [
"René Thiemann",
"Lukas Schmidinger"
],
"date": "2022-04-20",
- "id": 23,
+ "id": 28,
"link": "/entries/Multiset_Ordering_NPC.html",
"permalink": "/entries/Multiset_Ordering_NPC.html",
"shortname": "Multiset_Ordering_NPC",
"title": "The Generalized Multiset Ordering is NP-Complete",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a brief formalisation of the two equations known as the \u003cem\u003eSophomore's Dream\u003c/em\u003e, first discovered by Johann Bernoulli in 1697:\u003c/p\u003e \\[\\int_0^1 x^{-x}\\,\\text{d}x = \\sum_{n=1}^\\infty n^{-n} \\quad\\text{and}\\quad \\int_0^1 x^x\\,\\text{d}x = -\\sum_{n=1}^\\infty (-n)^{-n}\\]",
"authors": [
"Manuel Eberl"
],
"date": "2022-04-10",
- "id": 24,
+ "id": 29,
"link": "/entries/Sophomores_Dream.html",
"permalink": "/entries/Sophomores_Dream.html",
"shortname": "Sophomores_Dream",
"title": "The Sophomore's Dream",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "This entry contains a set of binary encodings for primitive data types, such as natural numbers, integers, floating-point numbers as well as combinators to construct encodings for products, lists, sets or functions of/between such types. For natural numbers and integers, the entry contains various encodings, such as Elias-Gamma-Codes and exponential Golomb Codes, which are efficient variable-length codes in use by current compression formats. A use-case for this library is measuring the persisted size of a complex data structure without having to hand-craft a dedicated encoding for it, independent of Isabelle's internal representation.",
"authors": [
"Emin Karayel"
],
"date": "2022-04-08",
- "id": 25,
+ "id": 30,
"link": "/entries/Prefix_Free_Code_Combinators.html",
"permalink": "/entries/Prefix_Free_Code_Combinators.html",
"shortname": "Prefix_Free_Code_Combinators",
"title": "A Combinator Library for Prefix-Free Codes",
"topic_links": [
"computer-science/algorithms",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "In 1999 Alon et. al. introduced the still active research topic of approximating the frequency moments of a data stream using randomized algorithms with minimal space usage. This includes the problem of estimating the cardinality of the stream elements - the zeroth frequency moment. But, also higher-order frequency moments that provide information about the skew of the data stream. (The \u003ci\u003ek\u003c/i\u003e-th frequency moment of a data stream is the sum of the \u003ci\u003ek\u003c/i\u003e-th powers of the occurrence counts of each element in the stream.) This entry formalizes three randomized algorithms for the approximation of \u003ci\u003eF\u003csub\u003e0\u003c/sub\u003e\u003c/i\u003e, \u003ci\u003eF\u003csub\u003e2\u003c/sub\u003e\u003c/i\u003e and \u003ci\u003eF\u003csub\u003ek\u003c/sub\u003e\u003c/i\u003e for \u003ci\u003ek ≥ 3\u003c/i\u003e based on [\u003ca href=\"https://doi.org/10.1006/jcss.1997.1545\"\u003e1\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/3-540-45726-7_1\"\u003e2\u003c/a\u003e] and verifies their expected accuracy, success probability and space usage.",
"authors": [
"Emin Karayel"
],
"date": "2022-04-08",
- "id": 26,
+ "id": 31,
"link": "/entries/Frequency_Moments.html",
"permalink": "/entries/Frequency_Moments.html",
"shortname": "Frequency_Moments",
"title": "Formalization of Randomized Approximation Algorithms for Frequency Moments",
"topic_links": [
"computer-science/algorithms/approximation",
"mathematics/probability-theory"
],
"topics": [
"Computer science/Algorithms/Approximation",
"Mathematics/Probability theory"
],
"used_by": 0
},
{
"abstract": "The type of real numbers is constructed from the positive rationals using the method of Dedekind cuts. This development, briefly described in papers by the authors, follows the textbook presentation by Gleason. It's notable that the first formalisation of a significant piece of mathematics, by Jutting in 1977, involved a similar construction.",
"authors": [
"Jacques D. Fleuriot",
"Lawrence C. Paulson"
],
"date": "2022-03-24",
- "id": 27,
+ "id": 32,
"link": "/entries/Dedekind_Real.html",
"permalink": "/entries/Dedekind_Real.html",
"shortname": "Dedekind_Real",
"title": "Constructing the Reals as Dedekind Cuts of Rationals",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "Ackermann's function is defined in the usual way and a number of its elementary properties are proved. Then, the primitive recursive functions are defined inductively: as a predicate on the functions that map lists of numbers to numbers. It is shown that every primitive recursive function is strictly dominated by Ackermann's function. The formalisation follows an earlier one by Nora Szasz.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2022-03-23",
- "id": 28,
+ "id": 33,
"link": "/entries/Ackermanns_not_PR.html",
"permalink": "/entries/Ackermanns_not_PR.html",
"shortname": "Ackermanns_not_PR",
"title": "Ackermann's Function Is Not Primitive Recursive",
"topic_links": [
"logic/computability"
],
"topics": [
"Logic/Computability"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e The AFP entry \u003ca href=\"https://www.isa-afp.org/entries/Abstract_Completeness.html\"\u003eAbstract Completeness\u003c/a\u003e by Blanchette, Popescu and Traytel formalizes the core of Beth/Hintikka-style completeness proofs for first-order logic and can be used to formalize executable sequent calculus provers. In the Journal of Automated Reasoning, the authors instantiate the framework with a sequent calculus for first-order logic and prove its completeness. Their use of an infinite set of proof rules indexed by formulas yields very direct arguments. A fair stream of these rules controls the prover, making its definition remarkably simple. The AFP entry, however, only contains a toy example for propositional logic. The AFP entry \u003ca href=\"https://www.isa-afp.org/entries/FOL_Seq_Calc2.html\"\u003eA Sequent Calculus Prover for First-Order Logic with Functions\u003c/a\u003e by From and Jacobsen also uses the framework, but uses a finite set of generic rules resulting in a more sophisticated prover with more complicated proofs. \u003c/p\u003e \u003cp\u003e This entry contains an executable sequent calculus prover for first-order logic with functions in the style presented by Blanchette et al. The prover can be exported to Haskell and this entry includes formalized proofs of its soundness and completeness. The proofs are simpler than those for the prover by From and Jacobsen but the performance of the prover is significantly worse. \u003c/p\u003e \u003cp\u003e The included theory \u003cem\u003eFair-Stream\u003c/em\u003e first proves that the sequence of natural numbers 0, 0, 1, 0, 1, 2, etc. is fair. It then proves that mapping any surjective function across the sequence preserves fairness. This method of obtaining a fair stream of rules is similar to the one given by Blanchette et al. The concrete functions from natural numbers to terms, formulas and rules are defined using the \u003cem\u003eNat-Bijection\u003c/em\u003e theory in the HOL-Library. \u003c/p\u003e",
"authors": [
"Asta Halkjær From"
],
"date": "2022-03-22",
- "id": 29,
+ "id": 34,
"link": "/entries/FOL_Seq_Calc3.html",
"permalink": "/entries/FOL_Seq_Calc3.html",
"shortname": "FOL_Seq_Calc3",
"title": "A Naive Prover for First-Order Logic",
"topic_links": [
"logic/general-logic/classical-first-order-logic",
"logic/proof-theory",
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Classical first-order logic",
"Logic/Proof theory",
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eIn this article, I formalise a proof from \u003ca href=\"https://dx.doi.org/10.1007/978-3-662-57265-8\"\u003eTHE BOOK\u003c/a\u003e; namely a formula that was called ‘one of the most beautiful formulas involving elementary functions’:\u003c/p\u003e \\[\\pi \\cot(\\pi z) = \\frac{1}{z} + \\sum_{n=1}^\\infty\\left(\\frac{1}{z+n} + \\frac{1}{z-n}\\right)\\] \u003cp\u003eThe proof uses Herglotz's trick to show the real case and analytic continuation for the complex case.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2022-03-15",
- "id": 30,
+ "id": 35,
"link": "/entries/Cotangent_PFD_Formula.html",
"permalink": "/entries/Cotangent_PFD_Formula.html",
"shortname": "Cotangent_PFD_Formula",
"title": "A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "We redeveloped our formalization of forcing in the set theory framework of Isabelle/ZF. Under the assumption of the existence of a countable transitive model of ZFC, we construct proper generic extensions that satisfy the Continuum Hypothesis and its negation.",
"authors": [
"Emmanuel Gunther",
"Miguel Pagano",
"Pedro Sánchez Terraf",
"Matías Steinberg"
],
"date": "2022-03-06",
- "id": 31,
+ "id": 36,
"link": "/entries/Independence_CH.html",
"permalink": "/entries/Independence_CH.html",
"shortname": "Independence_CH",
"title": "The Independence of the Continuum Hypothesis in Isabelle/ZF",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 0
},
{
"abstract": "We extend the ZF-Constructibility library by relativizing theories of the Isabelle/ZF and Delta System Lemma sessions to a transitive class. We also relativize Paulson's work on Aleph and our former treatment of the Axiom of Dependent Choices. This work is a prerrequisite to our formalization of the independence of the Continuum Hypothesis.",
"authors": [
"Emmanuel Gunther",
"Miguel Pagano",
"Pedro Sánchez Terraf",
"Matías Steinberg"
],
"date": "2022-03-03",
- "id": 32,
+ "id": 37,
"link": "/entries/Transitive_Models.html",
"permalink": "/entries/Transitive_Models.html",
"shortname": "Transitive_Models",
"title": "Transitive Models of Fragments of ZFC",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e A \u003cem\u003eresiduated transition system\u003c/em\u003e (RTS) is a transition system that is equipped with a certain partial binary operation, called \u003cem\u003eresiduation\u003c/em\u003e, on transitions. Using the residuation operation, one can express nuances, such as a distinction between nondeterministic and concurrent choice, as well as partial commutativity relationships between transitions, which are not captured by ordinary transition systems. A version of residuated transition systems was introduced in previous work by the author, in which they were called “concurrent transition systems” in view of the original motivation for their definition from the study of concurrency. In the first part of the present article, we give a formal development that generalizes and subsumes the original presentation. We give an axiomatic definition of residuated transition systems that assumes only a single partial binary operation as given structure. From the axioms, we derive notions of “arrow“ (transition), “source”, “target”, “identity”, as well as “composition” and “join” of transitions; thereby recovering structure that in the previous work was assumed as given. We formalize and generalize the result, that residuation extends from transitions to transition paths, and we systematically develop the properties of this extension. A significant generalization made in the present work is the identification of a general notion of congruence on RTS’s, along with an associated quotient construction. \u003c/p\u003e \u003cp\u003e In the second part of this article, we use the RTS framework to formalize several results in the theory of reduction in Church’s λ-calculus. Using a de Bruijn index-based syntax in which terms represent parallel reduction steps, we define residuation on terms and show that it satisfies the axioms for an RTS. An application of the results on paths from the first part of the article allows us to prove the classical Church-Rosser Theorem with little additional effort. We then use residuation to define the notion of “development” and we prove the Finite Developments Theorem, that every development is finite, formalizing and adapting to de Bruijn indices a proof by de Vrijer. We also use residuation to define the notion of a “standard reduction path”, and we prove the Standardization Theorem: that every reduction path is congruent to a standard one. As a corollary of the Standardization Theorem, we obtain the Leftmost Reduction Theorem: that leftmost reduction is a normalizing strategy. \u003c/p\u003e",
"authors": [
"Eugene W. Stark"
],
"date": "2022-02-28",
- "id": 33,
+ "id": 38,
"link": "/entries/ResiduatedTransitionSystem.html",
"permalink": "/entries/ResiduatedTransitionSystem.html",
"shortname": "ResiduatedTransitionSystem",
"title": "Residuated Transition Systems",
"topic_links": [
"computer-science/automata-and-formal-languages",
"computer-science/concurrency",
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Automata and formal languages",
"Computer science/Concurrency",
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 0
},
{
"abstract": "A \u003ci\u003ek\u003c/i\u003e-universal hash family is a probability space of functions, which have uniform distribution and form \u003ci\u003ek\u003c/i\u003e-wise independent random variables. They can often be used in place of classic (or cryptographic) hash functions and allow the rigorous analysis of the performance of randomized algorithms and data structures that rely on hash functions. In 1981 \u003ca href=\"https://doi.org/10.1016/0022-0000(81)90033-7\"\u003eWegman and Carter\u003c/a\u003e introduced a generic construction for such families with arbitrary \u003ci\u003ek\u003c/i\u003e using polynomials over a finite field. This entry contains a formalization of them and establishes the property of \u003ci\u003ek\u003c/i\u003e-universality. To be useful the formalization also provides an explicit construction of finite fields using the factor ring of integers modulo a prime. Additionally, some generic results about independent families are shown that might be of independent interest.",
"authors": [
"Emin Karayel"
],
"date": "2022-02-20",
- "id": 34,
+ "id": 39,
"link": "/entries/Universal_Hash_Families.html",
"permalink": "/entries/Universal_Hash_Families.html",
"shortname": "Universal_Hash_Families",
"title": "Universal Hash Families",
"topic_links": [
"mathematics/probability-theory",
"computer-science/algorithms"
],
"topics": [
"Mathematics/Probability theory",
"Computer science/Algorithms"
],
"used_by": 1
},
{
"abstract": "Let $F$ be a set of analytic functions on the complex plane such that, for each $z\\in\\mathbb{C}$, the set $\\{f(z) \\mid f\\in F\\}$ is countable; must then $F$ itself be countable? The answer is yes if the Continuum Hypothesis is false, i.e., if the cardinality of $\\mathbb{R}$ exceeds $\\aleph_1$. But if CH is true then such an $F$, of cardinality $\\aleph_1$, can be constructed by transfinite recursion. The formal proof illustrates reasoning about complex analysis (analytic and homomorphic functions) and set theory (transfinite cardinalities) in a single setting. The mathematical text comes from \u003cem\u003eProofs from THE BOOK\u003c/em\u003e by Aigner and Ziegler.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2022-02-18",
- "id": 35,
+ "id": 40,
"link": "/entries/Wetzels_Problem.html",
"permalink": "/entries/Wetzels_Problem.html",
"shortname": "Wetzels_Problem",
"title": "Wetzel's Problem and the Continuum Hypothesis",
"topic_links": [
"mathematics/analysis",
"logic/set-theory"
],
"topics": [
"Mathematics/Analysis",
"Logic/Set theory"
],
"used_by": 0
},
{
"abstract": "We formalize first-order query evaluation over an infinite domain with equality. We first define the syntax and semantics of first-order logic with equality. Next we define a locale \u003ci\u003eeval\u0026lowbar;fo\u003c/i\u003e abstracting a representation of a potentially infinite set of tuples satisfying a first-order query over finite relations. Inside the locale, we define a function \u003ci\u003eeval\u003c/i\u003e checking if the set of tuples satisfying a first-order query over a database (an interpretation of the query's predicates) is finite (i.e., deciding \u003ci\u003erelative safety\u003c/i\u003e) and computing the set of satisfying tuples if it is finite. Altogether the function \u003ci\u003eeval\u003c/i\u003e solves \u003ci\u003ecapturability\u003c/i\u003e (Avron and Hirshfeld, 1991) of first-order logic with equality. We also use the function \u003ci\u003eeval\u003c/i\u003e to prove a code equation for the semantics of first-order logic, i.e., the function checking if a first-order query over a database is satisfied by a variable assignment.\u003cbr/\u003e We provide an interpretation of the locale \u003ci\u003eeval\u0026lowbar;fo\u003c/i\u003e based on the approach by Ailamazyan et al. A core notion in the interpretation is the active domain of a query and a database that contains all domain elements that occur in the database or interpret the query's constants. We prove the main theorem of Ailamazyan et al. relating the satisfaction of a first-order query over an infinite domain to the satisfaction of this query over a finite domain consisting of the active domain and a few additional domain elements (outside the active domain) whose number only depends on the query. In our interpretation of the locale \u003ci\u003eeval\u0026lowbar;fo\u003c/i\u003e, we use a potentially higher number of the additional domain elements, but their number still only depends on the query and thus has no effect on the data complexity (Vardi, 1982) of query evaluation. Our interpretation yields an \u003ci\u003eexecutable\u003c/i\u003e function \u003ci\u003eeval\u003c/i\u003e. The time complexity of \u003ci\u003eeval\u003c/i\u003e on a query is linear in the total number of tuples in the intermediate relations for the subqueries. Specifically, we build a database index to evaluate a conjunction. We also optimize the case of a negated subquery in a conjunction. Finally, we export code for the infinite domain of natural numbers.",
"authors": [
"Martin Raszyk"
],
"date": "2022-02-15",
- "id": 36,
+ "id": 41,
"link": "/entries/Eval_FO.html",
"permalink": "/entries/Eval_FO.html",
"shortname": "Eval_FO",
"title": "First-Order Query Evaluation",
"topic_links": [
"logic/general-logic/classical-first-order-logic"
],
"topics": [
"Logic/General logic/Classical first-order logic"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eRuntime monitoring (or runtime verification) is an approach to checking compliance of a system's execution with a specification (e.g., a temporal formula). The system's execution is logged into a \u003ci\u003etrace\u003c/i\u003e\u0026mdash;a sequence of time-points, each consisting of a time-stamp and observed events. A \u003ci\u003emonitor\u003c/i\u003e is an algorithm that produces \u003ci\u003everdicts\u003c/i\u003e on the satisfaction of a temporal formula on a trace.\u003c/p\u003e \u003cp\u003eWe formalize the time-stamps as an abstract algebraic structure satisfying certain assumptions. Instances of this structure include natural numbers, real numbers, and lexicographic combinations of them. We also include the formalization of a conversion from the abstract time domain introduced by Koymans (1990) to our time-stamps.\u003c/p\u003e \u003cp\u003eWe formalize a monitoring algorithm for metric dynamic logic, an extension of metric temporal logic with regular expressions. The monitor computes whether a given formula is satisfied at every position in an input trace of time-stamped events. Our monitor follows the multi-head paradigm: it reads the input simultaneously at multiple positions and moves its reading heads asynchronously. This mode of operation results in unprecedented time and space complexity guarantees for metric dynamic logic: The monitor's amortized time complexity to process a time-point and the monitor's space complexity neither depends on the event-rate, i.e., the number of events within a fixed time-unit, nor on the numeric constants occurring in the quantitative temporal constraints in the given formula.\u003c/p\u003e \u003cp\u003eThe multi-head monitoring algorithm for metric dynamic logic is reported in our paper ``Multi-Head Monitoring of Metric Dynamic Logic'' published at ATVA 2020. We have also formalized unpublished specialized algorithms for the temporal operators of metric temporal logic.\u003c/p\u003e",
"authors": [
"Martin Raszyk"
],
"date": "2022-02-13",
- "id": 37,
+ "id": 42,
"link": "/entries/VYDRA_MDL.html",
"permalink": "/entries/VYDRA_MDL.html",
"shortname": "VYDRA_MDL",
"title": "Multi-Head Monitoring of Metric Dynamic Logic",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry contains a formalization of an algorithm enumerating all equivalence relations on an initial segment of the natural numbers. The approach follows the method described by Stanton and White \u003ca href=\"https://doi.org/10.1007/978-1-4612-4968-9\"\u003e[5,§ 1.5]\u003c/a\u003e using restricted growth functions.\u003c/p\u003e \u003cp\u003eThe algorithm internally enumerates restricted growth functions (as lists), whose equivalence kernels then form the equivalence relations. This has the advantage that the representation is compact and lookup of the relation reduces to a list lookup operation.\u003c/p\u003e \u003cp\u003eThe algorithm can also be used within a proof and an example application is included, where a sequence of variables is split by the possible partitions they can form.\u003c/p\u003e",
"authors": [
"Emin Karayel"
],
"date": "2022-02-04",
- "id": 38,
+ "id": 43,
"link": "/entries/Equivalence_Relation_Enumeration.html",
"permalink": "/entries/Equivalence_Relation_Enumeration.html",
"shortname": "Equivalence_Relation_Enumeration",
"title": "Enumeration of Equivalence Relations",
"topic_links": [
"mathematics/combinatorics",
"computer-science/algorithms/mathematical"
],
"topics": [
"Mathematics/Combinatorics",
"Computer science/Algorithms/Mathematical"
],
"used_by": 1
},
{
"abstract": "We formalize the weak and strong duality theorems of linear programming. For the strong duality theorem we provide three sufficient preconditions: both the primal problem and the dual problem are satisfiable, the primal problem is satisfiable and bounded, or the dual problem is satisfiable and bounded. The proofs are based on an existing formalization of Farkas' Lemma.",
"authors": [
"René Thiemann"
],
"date": "2022-02-03",
- "id": 39,
+ "id": 44,
"link": "/entries/LP_Duality.html",
"permalink": "/entries/LP_Duality.html",
"shortname": "LP_Duality",
"title": "Duality of Linear Programming",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "The notion of quasi-Borel spaces was introduced by \u003ca href=\"https://dl.acm.org/doi/10.5555/3329995.3330072\"\u003e Heunen et al\u003c/a\u003e. The theory provides a suitable denotational model for higher-order probabilistic programming languages with continuous distributions. This entry is a formalization of the theory of quasi-Borel spaces, including construction of quasi-Borel spaces (product, coproduct, function spaces), the adjunction between the category of measurable spaces and the category of quasi-Borel spaces, and the probability monad on quasi-Borel spaces. This entry also contains the formalization of the Bayesian regression presented in the work of Heunen et al. This work is a part of the work by same authors, \u003ci\u003eProgram Logic for Higher-Order Probabilistic Programs in Isabelle/HOL\u003c/i\u003e, which will be published in the proceedings of the 16th International Symposium on Functional and Logic Programming (FLOPS 2022).",
"authors": [
"Michikazu Hirata",
"Yasuhiko Minamide",
"Tetsuya Sato"
],
"date": "2022-02-03",
- "id": 40,
+ "id": 45,
"link": "/entries/Quasi_Borel_Spaces.html",
"permalink": "/entries/Quasi_Borel_Spaces.html",
"shortname": "Quasi_Borel_Spaces",
"title": "Quasi-Borel Spaces",
"topic_links": [
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "The first-order theory of rewriting (FORT) is a decidable theory for linear variable-separated rewrite systems. The decision procedure is based on tree automata technique and an inference system presented in \"Certifying Proofs in the First-Order Theory of Rewriting\". This AFP entry provides a formalization of the underlying decision procedure. Moreover it allows to generate a function that can verify each inference step via the code generation facility of Isabelle/HOL. Additionally it contains the specification of a certificate language (that allows to state proofs in FORT) and a formalized function that allows to verify the validity of the proof. This gives software tool authors, that implement the decision procedure, the possibility to verify their output.",
"authors": [
"Alexander Lochmann",
"Bertram Felgenhauer"
],
"date": "2022-02-02",
- "id": 41,
+ "id": 46,
"link": "/entries/FO_Theory_Rewriting.html",
"permalink": "/entries/FO_Theory_Rewriting.html",
"shortname": "FO_Theory_Rewriting",
"title": "First-Order Theory of Rewriting",
"topic_links": [
"computer-science/automata-and-formal-languages",
"logic/rewriting",
"logic/proof-theory"
],
"topics": [
"Computer science/Automata and formal languages",
"Logic/Rewriting",
"Logic/Proof theory"
],
"used_by": 0
},
{
- "abstract": "We formalize an automated theorem prover for first-order logic with functions. The proof search procedure is based on sequent calculus and we verify its soundness and completeness using the Abstract Soundness and Abstract Completeness theories. Our analytic completeness proof covers both open and closed formulas. Since our deterministic prover considers only the subset of terms relevant to proving a given sequent, we do so as well when building a countermodel from a failed proof. We formally connect our prover with the proof system and semantics of the existing SeCaV system. In particular, the prover's output can be post-processed in Haskell to generate human-readable SeCaV proofs which are also machine-verifiable proof certificates.",
+ "abstract": "We formalize an automated theorem prover for first-order logic with functions. The proof search procedure is based on sequent calculus and we verify its soundness and completeness using the Abstract Soundness and Abstract Completeness theories. Our analytic completeness proof covers both open and closed formulas. Since our deterministic prover considers only the subset of terms relevant to proving a given sequent, we do so as well when building a countermodel from a failed proof. We formally connect our prover with the proof system and semantics of the existing SeCaV system. In particular, the prover's output can be post-processed in Haskell to generate human-readable SeCaV proofs which are also machine-verifiable proof certificates. Paper: \u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2022.13\"\u003edoi.org/10.4230/LIPIcs.ITP.2022.13\u003c/a\u003e.",
"authors": [
"Asta Halkjær From",
"Frederik Krogsdal Jacobsen"
],
"date": "2022-01-31",
- "id": 42,
+ "id": 47,
"link": "/entries/FOL_Seq_Calc2.html",
"permalink": "/entries/FOL_Seq_Calc2.html",
"shortname": "FOL_Seq_Calc2",
"title": "A Sequent Calculus Prover for First-Order Logic with Functions",
"topic_links": [
"logic/general-logic/classical-first-order-logic",
"logic/proof-theory",
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Classical first-order logic",
"Logic/Proof theory",
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "Young's inequality states that $$ ab \\leq \\int_0^a f(x)dx + \\int_0^b f^{-1}(y) dy $$ where $a\\geq 0$, $b\\geq 0$ and $f$ is strictly increasing and continuous. Its proof is formalised following \u003ca href=\"https://www.jstor.org/stable/2318018\"\u003ethe development\u003c/a\u003e by Cunningham and Grossman. Their idea is to make the intuitive, geometric folklore proof rigorous by reasoning about step functions. The lack of the Riemann integral makes the development longer than one would like, but their argument is reproduced faithfully.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2022-01-31",
- "id": 43,
+ "id": 48,
"link": "/entries/Youngs_Inequality.html",
"permalink": "/entries/Youngs_Inequality.html",
"shortname": "Youngs_Inequality",
"title": "Young's Inequality for Increasing Functions",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eA well known result from algebra is that, on any field, there is exactly one polynomial of degree less than n interpolating n points [\u003ca href=\"https://doi.org/10.1017/CBO9780511814549\"\u003e1\u003c/a\u003e, §7].\u003c/p\u003e \u003cp\u003eThis entry contains a formalization of the above result, as well as the following generalization in the case of finite fields \u003ci\u003eF\u003c/i\u003e: There are \u003ci\u003e|F|\u003csup\u003em-n\u003c/sup\u003e\u003c/i\u003e polynomials of degree less than \u003ci\u003em ≥ n\u003c/i\u003e interpolating the same n points, where \u003ci\u003e|F|\u003c/i\u003e denotes the size of the domain of the field. To establish the result the entry also includes a formalization of Lagrange interpolation, which might be of independent interest.\u003c/p\u003e \u003cp\u003eThe formalized results are defined on the algebraic structures from HOL-Algebra, which are distinct from the type-class based structures defined in HOL. Note that there is an existing formalization for polynomial interpolation and, in particular, Lagrange interpolation by Thiemann and Yamada [\u003ca href=\"https://www.isa-afp.org/entries/Polynomial_Interpolation.html\"\u003e2\u003c/a\u003e] on the type-class based structures in HOL.\u003c/p\u003e",
"authors": [
"Emin Karayel"
],
"date": "2022-01-29",
- "id": 44,
+ "id": 49,
"link": "/entries/Interpolation_Polynomials_HOL_Algebra.html",
"permalink": "/entries/Interpolation_Polynomials_HOL_Algebra.html",
"shortname": "Interpolation_Polynomials_HOL_Algebra",
"title": "Interpolation Polynomials (in HOL-Algebra)",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThe median method is an amplification result for randomized approximation algorithms described in [\u003ca href=\"https://doi.org/10.1006/jcss.1997.1545\"\u003e1\u003c/a\u003e]. Given an algorithm whose result is in a desired interval with a probability larger than \u003ci\u003e1/2\u003c/i\u003e, it is possible to improve the success probability, by running the algorithm multiple times independently and using the median. In contrast to using the mean, the amplification of the success probability grows exponentially with the number of independent runs.\u003c/p\u003e \u003cp\u003eThis entry contains a formalization of the underlying theorem: Given a sequence of n independent random variables, which are in a desired interval with a probability \u003ci\u003e1/2 + a\u003c/i\u003e. Then their median will be in the desired interval with a probability of \u003ci\u003e1 − exp(−2a\u003csup\u003e2\u003c/sup\u003e n)\u003c/i\u003e. In particular, the success probability approaches \u003ci\u003e1\u003c/i\u003e exponentially with the number of variables.\u003c/p\u003e \u003cp\u003eIn addition to that, this entry also contains a proof that order-statistics of Borel-measurable random variables are themselves measurable and that generalized intervals in linearly ordered Borel-spaces are measurable.\u003c/p\u003e",
"authors": [
"Emin Karayel"
],
"date": "2022-01-25",
- "id": 45,
+ "id": 50,
"link": "/entries/Median_Method.html",
"permalink": "/entries/Median_Method.html",
"shortname": "Median_Method",
"title": "Median Method",
"topic_links": [
"mathematics/probability-theory"
],
"topics": [
"Mathematics/Probability theory"
],
"used_by": 1
},
{
"abstract": "Actuarial Mathematics is a theory in applied mathematics, which is mainly used for determining the prices of insurance products and evaluating the liability of a company associating with insurance contracts. It is related to calculus, probability theory and financial theory, etc. In this entry, I formalize the very basic part of Actuarial Mathematics in Isabelle/HOL. The first formalization is about the theory of interest which deals with interest rates, present value factors, an annuity certain, etc. I have already formalized the basic part of Actuarial Mathematics in Coq (https://github.com/Yosuke-Ito-345/Actuary). This entry is currently the partial translation and a little generalization of the Coq formalization. The further translation in Isabelle/HOL is now proceeding.",
"authors": [
"Yosuke Ito"
],
"date": "2022-01-23",
- "id": 46,
+ "id": 51,
"link": "/entries/Actuarial_Mathematics.html",
"permalink": "/entries/Actuarial_Mathematics.html",
"shortname": "Actuarial_Mathematics",
"title": "Actuarial Mathematics",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "An elementary proof is formalised: that \u003cem\u003eexp r\u003c/em\u003e is irrational for every nonzero rational number \u003cem\u003er\u003c/em\u003e. The mathematical development comes from the well-known volume \u003cem\u003eProofs from THE BOOK\u003c/em\u003e, by Aigner and Ziegler, who credit the idea to Hermite. The development illustrates a number of basic Isabelle techniques: the manipulation of summations, the calculation of quite complicated derivatives and the estimation of integrals. We also see how to import another AFP entry (Stirling's formula). As for the theorem itself, note that a much stronger and more general result (the Hermite--Lindemann--Weierstraß transcendence theorem) is already available in the AFP.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2022-01-08",
- "id": 47,
+ "id": 52,
"link": "/entries/Irrationals_From_THEBOOK.html",
"permalink": "/entries/Irrationals_From_THEBOOK.html",
"shortname": "Irrationals_From_THEBOOK",
"title": "Irrational numbers from THE BOOK",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "This is a formalization of the article \u003ci\u003eKnight's Tour Revisited\u003c/i\u003e by Cull and De Curtins where they prove the existence of a Knight's path for arbitrary \u003ci\u003en \u0026times; m\u003c/i\u003e-boards with \u003ci\u003emin(n,m) \u0026ge; 5\u003c/i\u003e. If \u003ci\u003en \u0026middot; m\u003c/i\u003e is even, then there exists a Knight's circuit. A Knight's Path is a sequence of moves of a Knight on a chessboard s.t. the Knight visits every square of a chessboard exactly once. Finding a Knight's path is a an instance of the Hamiltonian path problem. A Knight's circuit is a Knight's path, where additionally the Knight can move from the last square to the first square of the path, forming a loop. During the formalization two mistakes in the original proof were discovered. These mistakes are corrected in this formalization.",
"authors": [
"Lukas Koller"
],
"date": "2022-01-04",
- "id": 48,
+ "id": 53,
"link": "/entries/Knights_Tour.html",
"permalink": "/entries/Knights_Tour.html",
"shortname": "Knights_Tour",
"title": "Knight's Tour Revisited Revisited",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eHyperdual numbers are ones with a real component and a number of infinitesimal components, usually written as $a_0 + a_1 \\cdot \\epsilon_1 + a_2 \\cdot \\epsilon_2 + a_3 \\cdot \\epsilon_1\\epsilon_2$. They have been proposed by \u003ca href=\"https://doi.org/10.2514/6.2011-886\"\u003eFike and Alonso\u003c/a\u003e in an approach to automatic differentiation.\u003c/p\u003e \u003cp\u003eIn this entry we formalise hyperdual numbers and their application to forward differentiation. We show them to be an instance of multiple algebraic structures and then, along with facts about twice-differentiability, we define what we call the hyperdual extensions of functions on real-normed fields. This extension formally represents the proposed way that the first and second derivatives of a function can be automatically calculated. We demonstrate it on the standard logistic function $f(x) = \\frac{1}{1 + e^{-x}}$ and also reproduce the example analytic function $f(x) = \\frac{e^x}{\\sqrt{sin(x)^3 + cos(x)^3}}$ used for demonstration by Fike and Alonso.\u003c/p\u003e",
"authors": [
"Filip Smola",
"Jacques D. Fleuriot"
],
"date": "2021-12-31",
- "id": 49,
+ "id": 54,
"link": "/entries/Hyperdual.html",
"permalink": "/entries/Hyperdual.html",
"shortname": "Hyperdual",
"title": "Hyperdual Numbers and Forward Differentiation",
"topic_links": [
"mathematics/algebra",
"mathematics/analysis"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "This is a stepwise refinement and proof of the Gale-Shapley stable matching (or marriage) algorithm down to executable code. Both a purely functional implementation based on lists and a functional implementation based on efficient arrays (provided by the Collections Framework in the AFP) are developed. The latter implementation runs in time \u003ci\u003eO(n\u003csup\u003e2\u003c/sup\u003e)\u003c/i\u003e where \u003ci\u003en\u003c/i\u003e is the cardinality of the two sets to be matched.",
"authors": [
"Tobias Nipkow"
],
"date": "2021-12-29",
- "id": 50,
+ "id": 55,
"link": "/entries/Gale_Shapley.html",
"permalink": "/entries/Gale_Shapley.html",
"shortname": "Gale_Shapley",
"title": "Gale-Shapley Algorithm",
"topic_links": [
"computer-science/algorithms",
"mathematics/games-and-economics"
],
"topics": [
"Computer science/Algorithms",
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "We formalise a proof of Roth's Theorem on Arithmetic Progressions, a major result in additive combinatorics on the existence of 3-term arithmetic progressions in subsets of natural numbers. To this end, we follow a proof using graph regularity. We employ our recent formalisation of Szemerédi's Regularity Lemma, a major result in extremal graph theory, which we use here to prove the Triangle Counting Lemma and the Triangle Removal Lemma. Our sources are Yufei Zhao's MIT lecture notes \"\u003ca href=\"https://yufeizhao.com/gtac/gtac.pdf\"\u003eGraph Theory and Additive Combinatorics\u003c/a\u003e\" (latest version \u003ca href=\"https://yufeizhao.com/gtacbook/\"\u003ehere\u003c/a\u003e) and W.T. Gowers's Cambridge lecture notes \"\u003ca href=\"https://www.dpmms.cam.ac.uk/~par31/notes/tic.pdf\"\u003eTopics in Combinatorics\u003c/a\u003e\". We also refer to the University of Georgia notes by Stephanie Bell and Will Grodzicki, \"\u003ca href=\"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.432.327\"\u003eUsing Szemerédi's Regularity Lemma to Prove Roth's Theorem\u003c/a\u003e\".",
"authors": [
"Chelsea Edmonds",
"Angeliki Koutsoukou-Argyraki",
"Lawrence C. Paulson"
],
"date": "2021-12-28",
- "id": 51,
+ "id": 56,
"link": "/entries/Roth_Arithmetic_Progressions.html",
"permalink": "/entries/Roth_Arithmetic_Progressions.html",
"shortname": "Roth_Arithmetic_Progressions",
"title": "Roth's Theorem on Arithmetic Progressions",
"topic_links": [
"mathematics/graph-theory",
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Graph theory",
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "We present a formalization of Markov Decision Processes with rewards. In particular we first build on Hölzl's formalization of MDPs (AFP entry: Markov_Models) and extend them with rewards. We proceed with an analysis of the expected total discounted reward criterion for infinite horizon MDPs. The central result is the construction of the iteration rule for the Bellman operator. We prove the optimality equations for this operator and show the existence of an optimal stationary deterministic solution. The analysis can be used to obtain dynamic programming algorithms such as value iteration and policy iteration to solve MDPs with formal guarantees. Our formalization is based on chapters 5 and 6 in Puterman's book \"Markov Decision Processes: Discrete Stochastic Dynamic Programming\".",
"authors": [
"Maximilian Schäffeler",
"Mohammad Abdulaziz"
],
"date": "2021-12-16",
- "id": 52,
+ "id": 57,
"link": "/entries/MDP-Rewards.html",
"permalink": "/entries/MDP-Rewards.html",
"shortname": "MDP-Rewards",
"title": "Markov Decision Processes with Rewards",
"topic_links": [
"mathematics/probability-theory"
],
"topics": [
"Mathematics/Probability theory"
],
"used_by": 1
},
{
"abstract": "We present a formalization of algorithms for solving Markov Decision Processes (MDPs) with formal guarantees on the optimality of their solutions. In particular we build on our analysis of the Bellman operator for discounted infinite horizon MDPs. From the iterator rule on the Bellman operator we directly derive executable value iteration and policy iteration algorithms to iteratively solve finite MDPs. We also prove correct optimized versions of value iteration that use matrix splittings to improve the convergence rate. In particular, we formally verify Gauss-Seidel value iteration and modified policy iteration. The algorithms are evaluated on two standard examples from the literature, namely, inventory management and gridworld. Our formalization covers most of chapter 6 in Puterman's book \"Markov Decision Processes: Discrete Stochastic Dynamic Programming\".",
"authors": [
"Maximilian Schäffeler",
"Mohammad Abdulaziz"
],
"date": "2021-12-16",
- "id": 53,
+ "id": 58,
"link": "/entries/MDP-Algorithms.html",
"permalink": "/entries/MDP-Algorithms.html",
"shortname": "MDP-Algorithms",
"title": "Verified Algorithms for Solving Markov Decision Processes",
"topic_links": [
"mathematics/probability-theory",
"computer-science/algorithms"
],
"topics": [
"Mathematics/Probability theory",
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "Tree automata have good closure properties and therefore a commonly used to prove/disprove properties. This formalization contains among other things the proofs of many closure properties of tree automata (anchored) ground tree transducers and regular relations. Additionally it includes the well known pumping lemma and a lifting of the Myhill Nerode theorem for regular languages to tree languages. We want to mention the existence of a \u003ca href=\"https://www.isa-afp.org/entries/Tree-Automata.html\"\u003etree automata APF-entry\u003c/a\u003e developed by Peter Lammich. His work is based on epsilon free top-down tree automata, while this entry builds on bottom-up tree auotamta with epsilon transitions. Moreover our formalization relies on the \u003ca href=\"https://www.isa-afp.org/entries/Collections.html\"\u003eCollections Framework\u003c/a\u003e, also by Peter Lammich, to obtain efficient code. All proven constructions of the closure properties are exportable using the Isabelle/HOL code generation facilities.",
"authors": [
"Alexander Lochmann",
"Bertram Felgenhauer",
"Christian Sternagel",
"René Thiemann",
"Thomas Sternagel"
],
"date": "2021-12-15",
- "id": 54,
+ "id": 59,
"link": "/entries/Regular_Tree_Relations.html",
"permalink": "/entries/Regular_Tree_Relations.html",
"shortname": "Regular_Tree_Relations",
"title": "Regular Tree Relations",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 2
},
{
"abstract": "In this work we formalise the isomorphism between simplicial complexes of dimension $n$ and monotone Boolean functions in $n$ variables, mainly following the definitions and results as introduced by N. A. Scoville. We also take advantage of the AFP representation of \u003ca href=\"https://www.isa-afp.org/entries/ROBDD.html\"\u003eROBDD\u003c/a\u003e (Reduced Ordered Binary Decision Diagrams) to compute the ROBDD representation of a given simplicial complex (by means of the isomorphism to Boolean functions). Some examples of simplicial complexes and associated Boolean functions are also presented.",
"authors": [
"Jesús Aransay",
"Alejandro del Campo",
"Julius Michaelis"
],
"date": "2021-11-29",
- "id": 55,
+ "id": 60,
"link": "/entries/Simplicial_complexes_and_boolean_functions.html",
"permalink": "/entries/Simplicial_complexes_and_boolean_functions.html",
"shortname": "Simplicial_complexes_and_boolean_functions",
"title": "Simplicial Complexes and Boolean functions",
"topic_links": [
"mathematics/topology"
],
"topics": [
"Mathematics/Topology"
],
"used_by": 0
},
{
"abstract": "The \u003cem\u003evan Emde Boas tree\u003c/em\u003e or \u003cem\u003evan Emde Boas priority queue\u003c/em\u003e is a data structure supporting membership test, insertion, predecessor and successor search, minimum and maximum determination and deletion in \u003cem\u003eO(log log U)\u003c/em\u003e time, where \u003cem\u003eU = 0,...,2\u003csup\u003en-1\u003c/sup\u003e\u003c/em\u003e is the overall range to be considered. \u003cp/\u003e The presented formalization follows Chapter 20 of the popular \u003cem\u003eIntroduction to Algorithms (3rd ed.)\u003c/em\u003e by Cormen, Leiserson, Rivest and Stein (CLRS), extending the list of formally verified CLRS algorithms. Our current formalization is based on the first author's bachelor's thesis. \u003cp/\u003e First, we prove correct a \u003cem\u003efunctional\u003c/em\u003e implementation, w.r.t. an abstract data type for sets. Apart from functional correctness, we show a resource bound, and runtime bounds w.r.t. manually defined timing functions for the operations. \u003cp/\u003e Next, we refine the operations to Imperative HOL with time, and show correctness and complexity. This yields a practically more efficient implementation, and eliminates the manually defined timing functions from the trusted base of the proof.",
"authors": [
"Thomas Ammer",
"Peter Lammich"
],
"date": "2021-11-23",
- "id": 56,
+ "id": 61,
"link": "/entries/Van_Emde_Boas_Trees.html",
"permalink": "/entries/Van_Emde_Boas_Trees.html",
"shortname": "Van_Emde_Boas_Trees",
"title": "van Emde Boas Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "\"Foundations of Geometry\" is a mathematical book written by Hilbert in 1899. This entry is a complete formalization of \"Incidence\" (excluding cubic axioms), \"Order\" and \"Congruence\" (excluding point sequences) of the axioms constructed in this book. In addition, the theorem of the problem about the part that is treated implicitly and is not clearly stated in it is being carried out in parallel.",
"authors": [
"Fumiya Iwama"
],
"date": "2021-11-22",
- "id": 57,
+ "id": 62,
"link": "/entries/Foundation_of_geometry.html",
"permalink": "/entries/Foundation_of_geometry.html",
"shortname": "Foundation_of_geometry",
"title": "Foundation of geometry in planes, and some complements: Excluding the parallel axioms",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "In this work we formalize the Hahn decomposition theorem for signed measures, namely that any measure space for a signed measure can be decomposed into a positive and a negative set, where every measurable subset of the positive one has a positive measure, and every measurable subset of the negative one has a negative measure. We also formalize the Jordan decomposition theorem as a corollary, which states that the signed measure under consideration admits a unique decomposition into a difference of two positive measures, at least one of which is finite.",
"authors": [
"Marie Cousin",
"Mnacho Echenim",
"Hervé Guiol"
],
"date": "2021-11-19",
- "id": 58,
+ "id": 63,
"link": "/entries/Hahn_Jordan_Decomposition.html",
"permalink": "/entries/Hahn_Jordan_Decomposition.html",
"shortname": "Hahn_Jordan_Decomposition",
"title": "The Hahn and Jordan Decomposition Theorems",
"topic_links": [
"mathematics/measure-and-integration"
],
"topics": [
"Mathematics/Measure and integration"
],
"used_by": 0
},
{
"abstract": "We present a shallow embedding of public announcement logic (PAL) with relativized general knowledge in HOL. We then use PAL to obtain an elegant encoding of the wise men puzzle, which we solve automatically using sledgehammer.",
"authors": [
"Christoph Benzmüller",
"Sebastian Reiche"
],
"date": "2021-11-08",
- "id": 59,
+ "id": 64,
"link": "/entries/PAL.html",
"permalink": "/entries/PAL.html",
"shortname": "PAL",
"title": "Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL",
"topic_links": [
"logic/general-logic/logics-of-knowledge-and-belief"
],
"topics": [
"Logic/General logic/Logics of knowledge and belief"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eSimplified variants of Gödel's ontological argument are explored. Among those is a particularly interesting simplified argument which is (i) valid already in basic modal logics K or KT, (ii) which does not suffer from modal collapse, and (iii) which avoids the rather complex predicates of essence (Ess.) and necessary existence (NE) as used by Gödel. \u003c/p\u003e\u003cp\u003e Whether the presented variants increase or decrease the attractiveness and persuasiveness of the ontological argument is a question I would like to pass on to philosophy and theology. \u003c/p\u003e",
"authors": [
"Christoph Benzmüller"
],
"date": "2021-11-08",
- "id": 60,
+ "id": 65,
"link": "/entries/SimplifiedOntologicalArgument.html",
"permalink": "/entries/SimplifiedOntologicalArgument.html",
"shortname": "SimplifiedOntologicalArgument",
"title": "Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects",
"logic/general-logic/modal-logic"
],
"topics": [
"Logic/Philosophical aspects",
"Logic/General logic/Modal logic"
],
"used_by": 0
},
{
"abstract": "The AFP already contains a verified implementation of algebraic numbers. However, it is has a severe limitation in its factorization algorithm of real and complex polynomials: the factorization is only guaranteed to succeed if the coefficients of the polynomial are rational numbers. In this work, we verify an algorithm to factor all real and complex polynomials whose coefficients are algebraic. The existence of such an algorithm proves in a constructive way that the set of complex algebraic numbers is algebraically closed. Internally, the algorithm is based on resultants of multivariate polynomials and an approximation algorithm using interval arithmetic.",
"authors": [
"Manuel Eberl",
"René Thiemann"
],
"date": "2021-11-08",
- "id": 61,
+ "id": 66,
"link": "/entries/Factor_Algebraic_Polynomial.html",
"permalink": "/entries/Factor_Algebraic_Polynomial.html",
"shortname": "Factor_Algebraic_Polynomial",
"title": "Factorization of Polynomials with Algebraic Coefficients",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "In this formalisation, we construct real exponents as the limits of sequences of rational exponents. In particular, if $a \\ge 1$ and $x \\in \\mathbb{R}$, we choose an increasing rational sequence $r_n$ such that $\\lim_{n\\to\\infty} {r_n} = x$. Then the sequence $a^{r_n}$ is increasing and if $r$ is any rational number such that $r \u003e x$, $a^{r_n}$ is bounded above by $a^r$. By the convergence criterion for monotone sequences, $a^{r_n}$ converges. We define $a^ x = \\lim_{n\\to\\infty} a^{r_n}$ and show that it has the expected properties (for $a \\ge 0$). This particular construction of real exponents is needed instead of the usual one using the natural logarithm and exponential functions (which already exists in Isabelle) to support our mechanical derivation of Euler's exponential series as an ``infinite polynomial\". Aside from helping us avoid circular reasoning, this is, as far as we are aware, the first time real exponents are mechanised in this way within a proof assistant.",
"authors": [
"Jacques D. Fleuriot"
],
"date": "2021-11-08",
- "id": 62,
+ "id": 67,
"link": "/entries/Real_Power.html",
"permalink": "/entries/Real_Power.html",
"shortname": "Real_Power",
"title": "Real Exponents as the Limits of Sequences of Rational Exponents",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "\u003ca href=\"https://en.wikipedia.org/wiki/Szemerédi_regularity_lemma\"\u003eSzemerédi's regularity lemma\u003c/a\u003e is a key result in the study of large graphs. It asserts the existence of an upper bound on the number of parts the vertices of a graph need to be partitioned into such that the edges between the parts are random in a certain sense. This bound depends only on the desired precision and not on the graph itself, in the spirit of Ramsey's theorem. The formalisation follows online course notes by \u003ca href=\"https://www.dpmms.cam.ac.uk/~par31/notes/tic.pdf\"\u003eTim Gowers\u003c/a\u003e and \u003ca href=\"https://yufeizhao.com/gtacbook/\"\u003eYufei Zhao\u003c/a\u003e.",
"authors": [
"Chelsea Edmonds",
"Angeliki Koutsoukou-Argyraki",
"Lawrence C. Paulson"
],
"date": "2021-11-05",
- "id": 63,
+ "id": 68,
"link": "/entries/Szemeredi_Regularity.html",
"permalink": "/entries/Szemeredi_Regularity.html",
"shortname": "Szemeredi_Regularity",
"title": "Szemerédi's Regularity Lemma",
"topic_links": [
"mathematics/graph-theory",
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Graph theory",
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "A formalization of the theory of quantum and classical registers as developed by (Unruh, Quantum and Classical Registers). In a nutshell, a register refers to a part of a larger memory or system that can be accessed independently. Registers can be constructed from other registers and several (compatible) registers can be composed. This formalization develops both the generic theory of registers as well as specific instantiations for classical and quantum registers.",
"authors": [
"Dominique Unruh"
],
"date": "2021-10-28",
- "id": 64,
+ "id": 69,
"link": "/entries/Registers.html",
"permalink": "/entries/Registers.html",
"shortname": "Registers",
"title": "Quantum and Classical Registers",
"topic_links": [
"computer-science/algorithms/quantum-computing",
"computer-science/programming-languages/logics",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Algorithms/Quantum computing",
"Computer science/Programming languages/Logics",
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "The 1985 paper by Carlos Alchourrón, Peter Gärdenfors, and David Makinson (AGM), “On the Logic of Theory Change: Partial Meet Contraction and Revision Functions” launches a large and rapidly growing literature that employs formal models and logics to handle changing beliefs of a rational agent and to take into account new piece of information observed by this agent. In 2011, a review book titled \"AGM 25 Years: Twenty-Five Years of Research in Belief Change\" was edited to summarize the first twenty five years of works based on AGM. This HOL-based AFP entry is a faithful formalization of the AGM operators (e.g. contraction, revision, remainder ...) axiomatized in the original paper. It also contains the proofs of all the theorems stated in the paper that show how these operators combine. Both proofs of Harper and Levi identities are established.",
"authors": [
"Valentin Fouillard",
"Safouan Taha",
"Frédéric Boulanger",
"Nicolas Sabouret"
],
"date": "2021-10-19",
- "id": 65,
+ "id": 70,
"link": "/entries/Belief_Revision.html",
"permalink": "/entries/Belief_Revision.html",
"shortname": "Belief_Revision",
"title": "Belief Revision Theory",
"topic_links": [
"logic/general-logic/logics-of-knowledge-and-belief"
],
"topics": [
"Logic/General logic/Logics of knowledge and belief"
],
"used_by": 0
},
{
"abstract": "This AFP entry provides semantics for roughly 120 different X86-64 assembly instructions. These instructions include various moves, arithmetic/logical operations, jumps, call/return, SIMD extensions and others. External functions are supported by allowing a user to provide custom semantics for these calls. Floating-point operations are mapped to uninterpreted functions. The model provides semantics for register aliasing and a byte-level little-endian memory model. The semantics are purposefully incomplete, but overapproximative. For example, the precise effect of flags may be undefined for certain instructions, or instructions may simply have no semantics at all. In those cases, the semantics are mapped to universally quantified uninterpreted terms from a locale. Second, this entry provides a method to symbolic execution of basic blocks. The method, called ''se_step'' (for: symbolic execution step) fetches an instruction and updates the current symbolic state while keeping track of assumptions made over the memory model. A key component is a set of theorems that prove how reads from memory resolve after writes have occurred. Thirdly, this entry provides a parser that allows the user to copy-paste the output of the standard disassembly tool objdump into Isabelle/HOL. A couple small and explanatory examples are included, including functions from the word count program. Several examples can be supplied upon request (they are not included due to the running time of verification): functions from the floating-point modulo function from FDLIBM, the GLIBC strlen function and the CoreUtils SHA256 implementation.",
"authors": [
"Freek Verbeek",
"Abhijith Bharadwaj",
"Joshua Bockenek",
"Ian Roessle",
"Timmy Weerwag",
"Binoy Ravindran"
],
"date": "2021-10-13",
- "id": 66,
+ "id": 71,
"link": "/entries/X86_Semantics.html",
"permalink": "/entries/X86_Semantics.html",
"shortname": "X86_Semantics",
"title": "X86 instruction semantics and basic block symbolic execution",
"topic_links": [
"computer-science/hardware",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Hardware",
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "We study models of state-based non-deterministic sequential computations and describe them using algebras. We propose algebras that describe iteration for strict and non-strict computations. They unify computation models which differ in the fixpoints used to represent iteration. We propose algebras that describe the infinite executions of a computation. They lead to a unified approximation order and results that connect fixpoints in the approximation and refinement orders. This unifies the semantics of recursion for a range of computation models. We propose algebras that describe preconditions and the effect of while-programs under postconditions. They unify correctness statements in two dimensions: one statement applies in various computation models to various correctness claims.",
"authors": [
"Walter Guttmann"
],
"date": "2021-10-12",
- "id": 67,
+ "id": 72,
"link": "/entries/Correctness_Algebras.html",
"permalink": "/entries/Correctness_Algebras.html",
"shortname": "Correctness_Algebras",
"title": "Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "This paper presents a formally verified quantifier elimination (QE) algorithm for first-order real arithmetic by linear and quadratic virtual substitution (VS) in Isabelle/HOL. The Tarski-Seidenberg theorem established that the first-order logic of real arithmetic is decidable by QE. However, in practice, QE algorithms are highly complicated and often combine multiple methods for performance. VS is a practically successful method for QE that targets formulas with low-degree polynomials. To our knowledge, this is the first work to formalize VS for quadratic real arithmetic including inequalities. The proofs necessitate various contributions to the existing multivariate polynomial libraries in Isabelle/HOL. Our framework is modularized and easily expandable (to facilitate integrating future optimizations), and could serve as a basis for developing practical general-purpose QE algorithms. Further, as our formalization is designed with practicality in mind, we export our development to SML and test the resulting code on 378 benchmarks from the literature, comparing to Redlog, Z3, Wolfram Engine, and SMT-RAT. This identified inconsistencies in some tools, underscoring the significance of a verified approach for the intricacies of real arithmetic.",
"authors": [
"Matias Scharager",
"Katherine Cordwell",
"Stefan Mitsch",
"André Platzer"
],
"date": "2021-10-02",
- "id": 68,
+ "id": 73,
"link": "/entries/Virtual_Substitution.html",
"permalink": "/entries/Virtual_Substitution.html",
"shortname": "Virtual_Substitution",
"title": "Verified Quadratic Virtual Substitution for Real Arithmetic",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 0
},
{
- "abstract": "This work is a formalization of the soundness and completeness of an axiomatic system for first-order logic. The proof system is based on System Q1 by Smullyan and the completeness proof follows his textbook \"First-Order Logic\" (Springer-Verlag 1968). The completeness proof is in the Henkin style where a consistent set is extended to a maximal consistent set using Lindenbaum's construction and Henkin witnesses are added during the construction to ensure saturation as well. The resulting set is a Hintikka set which, by the model existence theorem, is satisfiable in the Herbrand universe.",
+ "abstract": "This work is a formalization of the soundness and completeness of an axiomatic system for first-order logic. The proof system is based on System Q1 by Smullyan and the completeness proof follows his textbook \"First-Order Logic\" (Springer-Verlag 1968). The completeness proof is in the Henkin style where a consistent set is extended to a maximal consistent set using Lindenbaum's construction and Henkin witnesses are added during the construction to ensure saturation as well. The resulting set is a Hintikka set which, by the model existence theorem, is satisfiable in the Herbrand universe. Paper: \u003ca href=\"https://doi.org/10.4230/LIPIcs.TYPES.2021.8\"\u003edoi.org/10.4230/LIPIcs.TYPES.2021.8\u003c/a\u003e.",
"authors": [
"Asta Halkjær From"
],
"date": "2021-09-24",
- "id": 69,
+ "id": 74,
"link": "/entries/FOL_Axiomatic.html",
"permalink": "/entries/FOL_Axiomatic.html",
"shortname": "FOL_Axiomatic",
"title": "Soundness and Completeness of an Axiomatic System for First-Order Logic",
"topic_links": [
"logic/general-logic/classical-first-order-logic",
"logic/proof-theory"
],
"topics": [
"Logic/General logic/Classical first-order logic",
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "We present a formalization of bounded operators on complex vector spaces. Our formalization contains material on complex vector spaces (normed spaces, Banach spaces, Hilbert spaces) that complements and goes beyond the developments of real vectors spaces in the Isabelle/HOL standard library. We define the type of bounded operators between complex vector spaces (\u003cem\u003ecblinfun\u003c/em\u003e) and develop the theory of unitaries, projectors, extension of bounded linear functions (BLT theorem), adjoints, Loewner order, closed subspaces and more. For the finite-dimensional case, we provide code generation support by identifying finite-dimensional operators with matrices as formalized in the \u003ca href=\"Jordan_Normal_Form.html\"\u003eJordan_Normal_Form\u003c/a\u003e AFP entry.",
"authors": [
"José Manuel Rodríguez Caballero",
"Dominique Unruh"
],
"date": "2021-09-18",
- "id": 70,
+ "id": 75,
"link": "/entries/Complex_Bounded_Operators.html",
"permalink": "/entries/Complex_Bounded_Operators.html",
"shortname": "Complex_Bounded_Operators",
"title": "Complex Bounded Operators",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "We define the weighted path order (WPO) and formalize several properties such as strong normalization, the subterm property, and closure properties under substitutions and contexts. Our definition of WPO extends the original definition by also permitting multiset comparisons of arguments instead of just lexicographic extensions. Therefore, our WPO not only subsumes lexicographic path orders (LPO), but also recursive path orders (RPO). We formally prove these subsumptions and therefore all of the mentioned properties of WPO are automatically transferable to LPO and RPO as well. Such a transformation is not required for Knuth\u0026ndash;Bendix orders (KBO), since they have already been formalized. Nevertheless, we still provide a proof that WPO subsumes KBO and thereby underline the generality of WPO.",
"authors": [
"Christian Sternagel",
"René Thiemann",
"Akihisa Yamada"
],
"date": "2021-09-16",
- "id": 71,
+ "id": 76,
"link": "/entries/Weighted_Path_Order.html",
"permalink": "/entries/Weighted_Path_Order.html",
"shortname": "Weighted_Path_Order",
"title": "A Formalization of Weighted Path Orders and Recursive Path Orders",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 1
},
{
"abstract": "This article provides a foundational framework for the formalization of category theory in the object logic ZFC in HOL of the formal proof assistant Isabelle. More specifically, this article provides a formalization of canonical set-theoretic constructions internalized in the type \u003ci\u003eV\u003c/i\u003e associated with the ZFC in HOL, establishes a design pattern for the formalization of mathematical structures using sequences and locales, and showcases the developed infrastructure by providing formalizations of the elementary theories of digraphs and semicategories. The methodology chosen for the formalization of the theories of digraphs and semicategories (and categories in future articles) rests on the ideas that were originally expressed in the article \u003ci\u003eSet-Theoretical Foundations of Category Theory\u003c/i\u003e written by Solomon Feferman and Georg Kreisel. Thus, in the context of this work, each of the aforementioned mathematical structures is represented as a term of the type \u003ci\u003eV\u003c/i\u003e embedded into a stage of the von Neumann hierarchy.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 72,
+ "id": 77,
"link": "/entries/CZH_Foundations.html",
"permalink": "/entries/CZH_Foundations.html",
"shortname": "CZH_Foundations",
"title": "Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories",
"topic_links": [
"mathematics/category-theory",
"logic/set-theory"
],
"topics": [
"Mathematics/Category theory",
"Logic/Set theory"
],
"used_by": 1
},
{
"abstract": "This article provides a formalization of the foundations of the theory of 1-categories in the object logic ZFC in HOL of the formal proof assistant Isabelle. The article builds upon the foundations that were established in the AFP entry \u003ci\u003eCategory Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories\u003c/i\u003e.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 73,
+ "id": 78,
"link": "/entries/CZH_Elementary_Categories.html",
"permalink": "/entries/CZH_Elementary_Categories.html",
"shortname": "CZH_Elementary_Categories",
"title": "Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 1
},
{
"abstract": "The article provides a formalization of elements of the theory of universal constructions for 1-categories (such as limits, adjoints and Kan extensions) in the object logic ZFC in HOL of the formal proof assistant Isabelle. The article builds upon the foundations established in the AFP entry \u003ci\u003eCategory Theory for ZFC in HOL II: Elementary Theory of 1-Categories\u003c/i\u003e.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 74,
+ "id": 79,
"link": "/entries/CZH_Universal_Constructions.html",
"permalink": "/entries/CZH_Universal_Constructions.html",
"shortname": "CZH_Universal_Constructions",
"title": "Category Theory for ZFC in HOL III: Universal Constructions",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 0
},
{
"abstract": "The article provides a collection of experimental general-purpose proof methods for the object logic Isabelle/HOL of the formal proof assistant Isabelle. The methods in the collection offer functionality that is similar to certain aspects of the functionality provided by the standard proof methods of Isabelle that combine classical reasoning and rewriting, such as the method \u003ci\u003eauto\u003c/i\u003e, but use a different approach for rewriting. More specifically, these methods allow for the side conditions of the rewrite rules to be solved via intro-resolution.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 75,
+ "id": 80,
"link": "/entries/Conditional_Simplification.html",
"permalink": "/entries/Conditional_Simplification.html",
"shortname": "Conditional_Simplification",
"title": "Conditional Simplification",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "This article provides a collection of experimental utilities for unoverloading of definitions and synthesis of conditional transfer rules for the object logic Isabelle/HOL of the formal proof assistant Isabelle written in Isabelle/ML.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 76,
+ "id": 81,
"link": "/entries/Conditional_Transfer_Rule.html",
"permalink": "/entries/Conditional_Transfer_Rule.html",
"shortname": "Conditional_Transfer_Rule",
"title": "Conditional Transfer Rule",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "In their article titled \u003ci\u003eFrom Types to Sets by Local Type Definitions in Higher-Order Logic\u003c/i\u003e and published in the proceedings of the conference \u003ci\u003eInteractive Theorem Proving\u003c/i\u003e in 2016, Ondřej Kunčar and Andrei Popescu propose an extension of the logic Isabelle/HOL and an associated algorithm for the relativization of the \u003ci\u003etype-based theorems\u003c/i\u003e to more flexible \u003ci\u003eset-based theorems\u003c/i\u003e, collectively referred to as \u003ci\u003eTypes-To-Sets\u003c/i\u003e. One of the aims of their work was to open an opportunity for the development of a software tool for applied relativization in the implementation of the logic Isabelle/HOL of the proof assistant Isabelle. In this article, we provide a prototype of a software framework for the interactive automated relativization of theorems in Isabelle/HOL, developed as an extension of the proof language Isabelle/Isar. The software framework incorporates the implementation of the proposed extension of the logic, and builds upon some of the ideas for further work expressed in the original article on Types-To-Sets by Ondřej Kunčar and Andrei Popescu and the subsequent article \u003ci\u003eSmooth Manifolds and Types to Sets for Linear Algebra in Isabelle/HOL\u003c/i\u003e that was written by Fabian Immler and Bohua Zhan and published in the proceedings of the \u003ci\u003eInternational Conference on Certified Programs and Proofs\u003c/i\u003e in 2019.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 77,
+ "id": 82,
"link": "/entries/Types_To_Sets_Extension.html",
"permalink": "/entries/Types_To_Sets_Extension.html",
"shortname": "Types_To_Sets_Extension",
"title": "Extension of Types-To-Sets",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 0
},
{
"abstract": "The article provides the command \u003cb\u003emk_ide\u003c/b\u003e for the object logic Isabelle/HOL of the formal proof assistant Isabelle. The command \u003cb\u003emk_ide\u003c/b\u003e enables the automated synthesis of the introduction, destruction and elimination rules from arbitrary definitions of constant predicates stated in Isabelle/HOL.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 78,
+ "id": 83,
"link": "/entries/Intro_Dest_Elim.html",
"permalink": "/entries/Intro_Dest_Elim.html",
"shortname": "Intro_Dest_Elim",
"title": "IDE: Introduction, Destruction, Elimination",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "This entry formalises the fast iterative algorithm for computing dominators due to Cooper, Harvey and Kennedy. It gives a specification of computing dominators on a control flow graph where each node refers to its reverse post order number. A semilattice of reversed-ordered list which represents dominators is built and a Kildall-style algorithm on the semilattice is defined for computing dominators. Finally the soundness and completeness of the algorithm are proved w.r.t. the specification.",
"authors": [
"Nan Jiang"
],
"date": "2021-09-05",
- "id": 79,
+ "id": 84,
"link": "/entries/Dominance_CHK.html",
"permalink": "/entries/Dominance_CHK.html",
"shortname": "Dominance_CHK",
"title": "A data flow analysis algorithm for computing dominators",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eWe formalize Cardano's formula to solve a cubic equation $$ax^3 + bx^2 + cx + d = 0,$$ as well as Ferrari's formula to solve a quartic equation. We further turn both formulas into executable algorithms based on the algebraic number implementation in the AFP. To this end we also slightly extended this library, namely by making the minimal polynomial of an algebraic number executable, and by defining and implementing $n$-th roots of complex numbers.\u003c/p\u003e",
"authors": [
"René Thiemann"
],
"date": "2021-09-03",
- "id": 80,
+ "id": 85,
"link": "/entries/Cubic_Quartic_Equations.html",
"permalink": "/entries/Cubic_Quartic_Equations.html",
"shortname": "Cubic_Quartic_Equations",
"title": "Solving Cubic and Quartic Equations",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "In the context of formal cryptographic protocol verification, logging-independent message anonymity is the property for a given message to remain anonymous despite the attacker's capability of mapping messages of that sort to agents based on some intrinsic feature of such messages, rather than by logging the messages exchanged by legitimate agents as with logging-dependent message anonymity. This paper illustrates how logging-independent message anonymity can be formalized according to the relational method for formal protocol verification by considering a real-world protocol, namely the Restricted Identification one by the BSI. This sample model is used to verify that the pseudonymous identifiers output by user identification tokens remain anonymous under the expected conditions.",
"authors": [
"Pasquale Noce"
],
"date": "2021-08-26",
- "id": 81,
+ "id": 86,
"link": "/entries/Logging_Independent_Anonymity.html",
"permalink": "/entries/Logging_Independent_Anonymity.html",
"shortname": "Logging_Independent_Anonymity",
"title": "Logging-independent Message Anonymity in the Relational Method",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "The Descartes test based on Bernstein coefficients and Descartes’ rule of signs effectively (over-)approximates the number of real roots of a univariate polynomial over an interval. In this entry we formalise the theorem of three circles, which gives sufficient conditions for when the Descartes test returns 0 or 1. This is the first step for efficient root isolation.",
"authors": [
"Fox Thomson",
"Wenda Li"
],
"date": "2021-08-21",
- "id": 82,
+ "id": 87,
"link": "/entries/Three_Circles.html",
"permalink": "/entries/Three_Circles.html",
"shortname": "Three_Circles",
"title": "The Theorem of Three Circles",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "This entry contains the confidentiality verification of the (functional kernel of) the CoCon conference management system [\u003ca href=\"https://doi.org/10.1007/978-3-319-08867-9_11\"\u003e1\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/s10817-020-09566-9\"\u003e2\u003c/a\u003e]. The confidentiality properties refer to the documents managed by the system, namely papers, reviews, discussion logs and acceptance/rejection decisions, and also to the assignment of reviewers to papers. They have all been formulated as instances of BD Security [\u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e3\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003e4\u003c/a\u003e] and verified using the BD Security unwinding technique.",
"authors": [
"Andrei Popescu",
"Peter Lammich",
"Thomas Bauereiss"
],
"date": "2021-08-16",
- "id": 83,
+ "id": 88,
"link": "/entries/CoCon.html",
"permalink": "/entries/CoCon.html",
"shortname": "CoCon",
"title": "CoCon: A Confidentiality-Verified Conference Management System",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "Building on a previous \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003eAFP entry\u003c/a\u003e that formalizes the Bounded-Deducibility Security (BD Security) framework \u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e[1]\u003c/a\u003e, we formalize compositionality and transport theorems for information flow security. These results allow lifting BD Security properties from individual components specified as transition systems, to a composition of systems specified as communicating products of transition systems. The underlying ideas of these results are presented in the papers \u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e[1]\u003c/a\u003e and \u003ca href=\"https://doi.org/10.1109/SP.2017.24\"\u003e[2]\u003c/a\u003e. The latter paper also describes a major case study where these results have been used: on verifying the CoSMeDis distributed social media platform (itself formalized as an \u003ca href=\"https://www.isa-afp.org/entries/CoSMeDis.html\"\u003eAFP entry\u003c/a\u003e that builds on this entry).",
"authors": [
"Thomas Bauereiss",
"Andrei Popescu"
],
"date": "2021-08-16",
- "id": 84,
+ "id": 89,
"link": "/entries/BD_Security_Compositional.html",
"permalink": "/entries/BD_Security_Compositional.html",
"shortname": "BD_Security_Compositional",
"title": "Compositional BD Security",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 1
},
{
"abstract": "This entry contains the confidentiality verification of the (functional kernel of) the CoSMed social media platform. The confidentiality properties are formalized as instances of BD Security [\u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e1\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003e2\u003c/a\u003e]. An innovation in the deployment of BD Security compared to previous work is the use of dynamic declassification triggers, incorporated as part of inductive bounds, for providing stronger guarantees that account for the repeated opening and closing of access windows. To further strengthen the confidentiality guarantees, we also prove \"traceback\" properties about the accessibility decisions affecting the information managed by the system.",
"authors": [
"Thomas Bauereiss",
"Andrei Popescu"
],
"date": "2021-08-16",
- "id": 85,
+ "id": 90,
"link": "/entries/CoSMed.html",
"permalink": "/entries/CoSMed.html",
"shortname": "CoSMed",
"title": "CoSMed: A confidentiality-verified social media platform",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This entry contains the confidentiality verification of the (functional kernel of) the CoSMeDis distributed social media platform presented in [\u003ca href=\"https://doi.org/10.1109/SP.2017.24\"\u003e1\u003c/a\u003e]. CoSMeDis is a multi-node extension the CoSMed prototype social media platform [\u003ca href=\"https://doi.org/10.1007/978-3-319-43144-4_6\"\u003e2\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/s10817-017-9443-3\"\u003e3\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/CoSMed.html\"\u003e4\u003c/a\u003e]. The confidentiality properties are formalized as instances of BD Security [\u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e5\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003e6\u003c/a\u003e]. The lifting of confidentiality properties from single nodes to the entire CoSMeDis network is performed using compositionality and transport theorems for BD Security, which are described in [\u003ca href=\"https://doi.org/10.1109/SP.2017.24\"\u003e1\u003c/a\u003e] and formalized in a separate \u003ca href=\"https://www.isa-afp.org/entries/BD_Security_Compositional.html\"\u003eAFP entry\u003c/a\u003e.",
"authors": [
"Thomas Bauereiss",
"Andrei Popescu"
],
"date": "2021-08-16",
- "id": 86,
+ "id": 91,
"link": "/entries/CoSMeDis.html",
"permalink": "/entries/CoSMeDis.html",
"shortname": "CoSMeDis",
"title": "CoSMeDis: A confidentiality-verified distributed social media platform",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This entry defines a type class with an operator returning a fresh identifier, given a set of already used identifiers and a preferred identifier. The entry provides a default instantiation for any infinite type, as well as executable instantiations for natural numbers and strings.",
"authors": [
"Andrei Popescu",
"Thomas Bauereiss"
],
"date": "2021-08-16",
- "id": 87,
+ "id": 92,
"link": "/entries/Fresh_Identifiers.html",
"permalink": "/entries/Fresh_Identifiers.html",
"shortname": "Fresh_Identifiers",
"title": "Fresh identifiers",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 3
},
{
"abstract": "Combinatorial design theory studies incidence set systems with certain balance and symmetry properties. It is closely related to hypergraph theory. This formalisation presents a general library for formal reasoning on incidence set systems, designs and their applications, including formal definitions and proofs for many key properties, operations, and theorems on the construction and existence of designs. Notably, this includes formalising t-designs, balanced incomplete block designs (BIBD), group divisible designs (GDD), pairwise balanced designs (PBD), design isomorphisms, and the relationship between graphs and designs. A locale-centric approach has been used to manage the relationships between the many different types of designs. Theorems of particular interest include the necessary conditions for existence of a BIBD, Wilson's construction on GDDs, and Bose's inequality on resolvable designs. Parts of this formalisation are explored in the paper \"A Modular First Formalisation of Combinatorial Design Theory\", presented at CICM 2021.",
"authors": [
"Chelsea Edmonds",
"Lawrence C. Paulson"
],
"date": "2021-08-13",
- "id": 88,
+ "id": 93,
"link": "/entries/Design_Theory.html",
"permalink": "/entries/Design_Theory.html",
"shortname": "Design_Theory",
"title": "Combinatorial Design Theory",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "We study second-order formalisations of graph properties expressed as first-order formulas in relation algebras extended with a Kleene star. The formulas quantify over relations while still avoiding quantification over elements of the base set. We formalise the property of undirected graphs being acyclic this way. This involves a study of various kinds of orientation of graphs. We also verify basic algorithms to constructively prove several second-order properties.",
"authors": [
"Walter Guttmann"
],
"date": "2021-08-03",
- "id": 89,
+ "id": 94,
"link": "/entries/Relational_Forests.html",
"permalink": "/entries/Relational_Forests.html",
"shortname": "Relational_Forests",
"title": "Relational Forests",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "This is a formalisation of Schutz' system of axioms for Minkowski spacetime published under the name \"Independent axioms for Minkowski space-time\" in 1997, as well as most of the results in the third chapter (\"Temporal Order on a Path\") of the above monograph. Many results are proven here that cannot be found in Schutz, either preceding the theorem they are needed for, or within their own thematic section.",
"authors": [
"Richard Schmoetten",
"Jake Palmer",
"Jacques D. Fleuriot"
],
"date": "2021-07-27",
- "id": 90,
+ "id": 95,
"link": "/entries/Schutz_Spacetime.html",
"permalink": "/entries/Schutz_Spacetime.html",
"shortname": "Schutz_Spacetime",
"title": "Schutz' Independent Axioms for Minkowski Spacetime",
"topic_links": [
"mathematics/physics",
"mathematics/geometry"
],
"topics": [
"Mathematics/Physics",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "This article deals with the formalisation of some group-theoretic results including the fundamental theorem of finitely generated abelian groups characterising the structure of these groups as a uniquely determined product of cyclic groups. Both the invariant factor decomposition and the primary decomposition are covered. Additional work includes results about the direct product, the internal direct product and more group-theoretic lemmas.",
"authors": [
"Joseph Thommes",
"Manuel Eberl"
],
"date": "2021-07-07",
- "id": 91,
+ "id": 96,
"link": "/entries/Finitely_Generated_Abelian_Groups.html",
"permalink": "/entries/Finitely_Generated_Abelian_Groups.html",
"shortname": "Finitely_Generated_Abelian_Groups",
"title": "Finitely Generated Abelian Groups",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "SpecCheck is a \u003ca href=\"https://en.wikipedia.org/wiki/QuickCheck\"\u003eQuickCheck\u003c/a\u003e-like testing framework for Isabelle/ML. You can use it to write specifications for ML functions. SpecCheck then checks whether your specification holds by testing your function against a given number of generated inputs. It helps you to identify bugs by printing counterexamples on failure and provides you timing information. SpecCheck is customisable and allows you to specify your own input generators, test output formats, as well as pretty printers and shrinking functions for counterexamples among other things.",
"authors": [
"Kevin Kappelmann",
"Lukas Bulwahn",
"Sebastian Willenbrink"
],
"date": "2021-07-01",
- "id": 92,
+ "id": 97,
"link": "/entries/SpecCheck.html",
"permalink": "/entries/SpecCheck.html",
"shortname": "SpecCheck",
"title": "SpecCheck - Specification-Based Testing for Isabelle/ML",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 3
},
{
"abstract": "This article formalises the proof of Van der Waerden's Theorem from Ramsey theory. Van der Waerden's Theorem states that for integers $k$ and $l$ there exists a number $N$ which guarantees that if an integer interval of length at least $N$ is coloured with $k$ colours, there will always be an arithmetic progression of length $l$ of the same colour in said interval. The proof goes along the lines of \\cite{Swan}. The smallest number $N_{k,l}$ fulfilling Van der Waerden's Theorem is then called the Van der Waerden Number. Finding the Van der Waerden Number is still an open problem for most values of $k$ and $l$.",
"authors": [
"Katharina Kreuzer",
"Manuel Eberl"
],
"date": "2021-06-22",
- "id": 93,
+ "id": 98,
"link": "/entries/Van_der_Waerden.html",
"permalink": "/entries/Van_der_Waerden.html",
"shortname": "Van_der_Waerden",
"title": "Van der Waerden's Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "MiniSail is a kernel language for Sail, an instruction set architecture (ISA) specification language. Sail is an imperative language with a light-weight dependent type system similar to refinement type systems. From an ISA specification, the Sail compiler can generate theorem prover code and C (or OCaml) to give an executable emulator for an architecture. The idea behind MiniSail is to capture the key and novel features of Sail in terms of their syntax, typing rules and operational semantics, and to confirm that they work together by proving progress and preservation lemmas. We use the Nominal2 library to handle binding.",
"authors": [
"Mark Wassell"
],
"date": "2021-06-18",
- "id": 94,
+ "id": 99,
"link": "/entries/MiniSail.html",
"permalink": "/entries/MiniSail.html",
"shortname": "MiniSail",
"title": "MiniSail - A kernel language for the ISA specification language SAIL",
"topic_links": [
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Programming languages/Type systems"
],
"used_by": 0
},
{
- "abstract": "This work is a formalization of public announcement logic with countably many agents. It includes proofs of soundness and completeness for a variant of the axiom system PA + DIST! + NEC!. The completeness proof builds on the Epistemic Logic theory. Paper: \u003ca href=\"https://doi.org/10.1007/978-3-030-90138-7_2\"\u003ehttps://doi.org/10.1007/978-3-030-90138-7_2\u003c/a\u003e.",
+ "abstract": "This work is a formalization of public announcement logic with countably many agents. It includes proofs of soundness and completeness for a variant of the axiom system PA + DIST! + NEC!. The completeness proof builds on the Epistemic Logic theory. Paper: \u003ca href=\"https://doi.org/10.1007/978-3-030-90138-7_2\"\u003edoi.org/10.1007/978-3-030-90138-7_2\u003c/a\u003e.",
"authors": [
"Asta Halkjær From"
],
"date": "2021-06-17",
- "id": 95,
+ "id": 100,
"link": "/entries/Public_Announcement_Logic.html",
"permalink": "/entries/Public_Announcement_Logic.html",
"shortname": "Public_Announcement_Logic",
"title": "Public Announcement Logic",
"topic_links": [
"logic/general-logic/logics-of-knowledge-and-belief"
],
"topics": [
"Logic/General logic/Logics of knowledge and belief"
],
"used_by": 0
},
{
"abstract": "This paper presents a compiler correctness proof for the didactic imperative programming language IMP, introduced in Nipkow and Klein's book on formal programming language semantics (version of March 2021), whose size is just two thirds of the book's proof in the number of formal text lines. As such, it promises to constitute a further enhanced reference for the formal verification of compilers meant for larger, real-world programming languages. The presented proof does not depend on language determinism, so that the proposed approach can be applied to non-deterministic languages as well. As a confirmation, this paper extends IMP with an additional non-deterministic choice command, and proves compiler correctness, viz. the simulation of compiled code execution by source code, for such extended language.",
"authors": [
"Pasquale Noce"
],
"date": "2021-06-04",
- "id": 96,
+ "id": 101,
"link": "/entries/IMP_Compiler.html",
"permalink": "/entries/IMP_Compiler.html",
"shortname": "IMP_Compiler",
"title": "A Shorter Compiler Correctness Proof for Language IMP",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 0
},
{
"abstract": "We formalize basics of Combinatorics on Words. This is an extension of existing theories on lists. We provide additional properties related to prefix, suffix, factor, length and rotation. The topics include prefix and suffix comparability, mismatch, word power, total and reversed morphisms, border, periods, primitivity and roots. We also formalize basic, mostly folklore results related to word equations: equidivisibility, commutation and conjugation. Slightly advanced properties include the Periodicity lemma (often cited as the Fine and Wilf theorem) and the variant of the Lyndon-Schützenberger theorem for words, including its full parametric solution. We support the algebraic point of view which sees words as generators of submonoids of a free monoid. This leads to the concepts of the (free) hull, the (free) basis (or code). We also provide relevant proof methods and a tool to generate reverse-symmetric claims.",
"authors": [
"Štěpán Holub",
"Martin Raška",
"Štěpán Starosta"
],
"date": "2021-05-24",
- "id": 97,
+ "id": 102,
"link": "/entries/Combinatorics_Words.html",
"permalink": "/entries/Combinatorics_Words.html",
"shortname": "Combinatorics_Words",
"title": "Combinatorics on Words Basics",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 2
},
{
"abstract": "Graph lemma quantifies the defect effect of a system of word equations. That is, it provides an upper bound on the rank of the system. We formalize the proof based on the decomposition of a solution into its free basis. A direct application is an alternative proof of the fact that two noncommuting words form a code.",
"authors": [
"Štěpán Holub",
"Štěpán Starosta"
],
"date": "2021-05-24",
- "id": 98,
+ "id": 103,
"link": "/entries/Combinatorics_Words_Graph_Lemma.html",
"permalink": "/entries/Combinatorics_Words_Graph_Lemma.html",
"shortname": "Combinatorics_Words_Graph_Lemma",
"title": "Graph Lemma",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "Lyndon words are words lexicographically minimal in their conjugacy class. We formalize their basic properties and characterizations, in particular the concepts of the longest Lyndon suffix and the Lyndon factorization. Most of the work assumes a fixed lexicographical order. Nevertheless we also define the smallest relation guaranteeing lexicographical minimality of a given word (in its conjugacy class).",
"authors": [
"Štěpán Holub",
"Štěpán Starosta"
],
"date": "2021-05-24",
- "id": 99,
+ "id": 104,
"link": "/entries/Combinatorics_Words_Lyndon.html",
"permalink": "/entries/Combinatorics_Words_Lyndon.html",
"shortname": "Combinatorics_Words_Lyndon",
"title": "Lyndon words",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "This development provides a general definition for safe Regression Test Selection (RTS) algorithms. RTS algorithms select which tests to rerun on revised code, reducing the time required to check for newly introduced errors. An RTS algorithm is considered safe if and only if all deselected tests would have unchanged results. This definition is instantiated with two class-collection-based RTS algorithms run over the JVM as modeled by JinjaDCI. This is achieved with a general definition for Collection Semantics, small-step semantics instrumented to collect information during execution. As the RTS definition mandates safety, these instantiations include proofs of safety. This work is described in Mansky and Gunter's LSFA 2020 paper and Mansky's doctoral thesis (UIUC, 2020).",
"authors": [
"Susannah Mansky"
],
"date": "2021-04-30",
- "id": 100,
+ "id": 105,
"link": "/entries/Regression_Test_Selection.html",
"permalink": "/entries/Regression_Test_Selection.html",
"shortname": "Regression_Test_Selection",
"title": "Regression Test Selection",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "In this entry we formalize Isabelle's metalogic in Isabelle/HOL. Furthermore, we define a language of proof terms and an executable proof checker and prove its soundness wrt. the metalogic. The formalization is intentionally kept close to the Isabelle implementation(for example using de Brujin indices) to enable easy integration of generated code with the Isabelle system without a complicated translation layer. The formalization is described in our \u003ca href=\"https://arxiv.org/pdf/2104.12224.pdf\"\u003eCADE 28 paper\u003c/a\u003e.",
"authors": [
"Tobias Nipkow",
"Simon Roßkopf"
],
"date": "2021-04-27",
- "id": 101,
+ "id": 106,
"link": "/entries/Metalogic_ProofChecker.html",
"permalink": "/entries/Metalogic_ProofChecker.html",
"shortname": "Metalogic_ProofChecker",
"title": "Isabelle's Metalogic: Formalization and Proof Checker",
"topic_links": [
"logic/general-logic"
],
"topics": [
"Logic/General logic"
],
"used_by": 0
},
{
"abstract": "We formalize the \u003ci\u003eLifting the Exponent Lemma\u003c/i\u003e, which shows how to find the largest power of $p$ dividing $a^n \\pm b^n$, for a prime $p$ and positive integers $a$ and $b$. The proof follows \u003ca href=\"https://s3.amazonaws.com/aops-cdn.artofproblemsolving.com/resources/articles/lifting-the-exponent.pdf\"\u003eAmir Hossein Parvardi's\u003c/a\u003e.",
"authors": [
"Maya Kądziołka"
],
"date": "2021-04-27",
- "id": 102,
+ "id": 107,
"link": "/entries/Lifting_the_Exponent.html",
"permalink": "/entries/Lifting_the_Exponent.html",
"shortname": "Lifting_the_Exponent",
"title": "Lifting the Exponent",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "We formalize the univariate case of Ben-Or, Kozen, and Reif's decision procedure for first-order real arithmetic (the BKR algorithm). We also formalize the univariate case of Renegar's variation of the BKR algorithm. The two formalizations differ mathematically in minor ways (that have significant impact on the multivariate case), but are quite similar in proof structure. Both rely on sign-determination (finding the set of consistent sign assignments for a set of polynomials). The method used for sign-determination is similar to Tarski's original quantifier elimination algorithm (it stores key information in a matrix equation), but with a reduction step to keep complexity low.",
"authors": [
"Katherine Cordwell",
"Yong Kiam Tan",
"André Platzer"
],
"date": "2021-04-24",
- "id": 103,
+ "id": 108,
"link": "/entries/BenOr_Kozen_Reif.html",
"permalink": "/entries/BenOr_Kozen_Reif.html",
"shortname": "BenOr_Kozen_Reif",
"title": "The BKR Decision Procedure for Univariate Real Arithmetic",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 1
},
{
"abstract": "This is a formalisation of the main result of Gale and Stewart from 1953, showing that closed finite games are determined. This property is now known as the Gale Stewart Theorem. While the original paper shows some additional theorems as well, we only formalize this main result, but do so in a somewhat general way. We formalize games of a fixed arbitrary length, including infinite length, using co-inductive lists, and show that defensive strategies exist unless the other player is winning. For closed games, defensive strategies are winning for the closed player, proving that such games are determined. For finite games, which are a special case in our formalisation, all games are closed.",
"authors": [
"Sebastiaan J. C. Joosten"
],
"date": "2021-04-23",
- "id": 104,
+ "id": 109,
"link": "/entries/GaleStewart_Games.html",
"permalink": "/entries/GaleStewart_Games.html",
"shortname": "GaleStewart_Games",
"title": "Gale-Stewart Games",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "Large-scale stream processing systems often follow the dataflow paradigm, which enforces a program structure that exposes a high degree of parallelism. The Timely Dataflow distributed system supports expressive cyclic dataflows for which it offers low-latency data- and pipeline-parallel stream processing. To achieve high expressiveness and performance, Timely Dataflow uses an intricate distributed protocol for tracking the computation’s progress. We formalize this progress tracking protocol and verify its safety. Our formalization is described in detail in our forthcoming \u003ca href=\"https://traytel.bitbucket.io/papers/itp21-progress_tracking/safe.pdf\"\u003eITP'21 paper\u003c/a\u003e.",
"authors": [
"Matthias Brun",
"Sára Decova",
"Andrea Lattuada",
"Dmitriy Traytel"
],
"date": "2021-04-13",
- "id": 105,
+ "id": 110,
"link": "/entries/Progress_Tracking.html",
"permalink": "/entries/Progress_Tracking.html",
"shortname": "Progress_Tracking",
"title": "Formalization of Timely Dataflow's Progress Tracking Protocol",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "We provide a characterisation of how information is propagated by program executions based on the tracking data and control dependencies within executions themselves. The characterisation might be used for deriving approximative safety properties to be targeted by static analyses or checked at runtime. We utilise a simple yet versatile control flow graph model as a program representation. As our model is not assumed to be finite it can be instantiated for a broad class of programs. The targeted security property is indistinguishable security where executions produce sequences of observations and only non-terminating executions are allowed to drop a tail of those. A very crude approximation of our characterisation is slicing based on program dependence graphs, which we use as a minimal example and derive a corresponding soundness result. For further details and applications refer to the authors upcoming dissertation.",
"authors": [
"Benedikt Nordhoff"
],
"date": "2021-04-01",
- "id": 106,
+ "id": 111,
"link": "/entries/IFC_Tracking.html",
"permalink": "/entries/IFC_Tracking.html",
"shortname": "IFC_Tracking",
"title": "Information Flow Control via Dependency Tracking",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "We formalize mainstream structures in algebraic geometry culminating in Grothendieck's schemes: presheaves of rings, sheaves of rings, ringed spaces, locally ringed spaces, affine schemes and schemes. We prove that the spectrum of a ring is a locally ringed space, hence an affine scheme. Finally, we prove that any affine scheme is a scheme.",
"authors": [
"Anthony Bordg",
"Lawrence C. Paulson",
"Wenda Li"
],
"date": "2021-03-29",
- "id": 107,
+ "id": 112,
"link": "/entries/Grothendieck_Schemes.html",
"permalink": "/entries/Grothendieck_Schemes.html",
"shortname": "Grothendieck_Schemes",
"title": "Grothendieck's Schemes in Algebraic Geometry",
"topic_links": [
"mathematics/algebra",
"mathematics/geometry"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "We formalize the ring of \u003cem\u003ep\u003c/em\u003e-adic integers within the framework of the HOL-Algebra library. The carrier of the ring is formalized as the inverse limit of quotients of the integers by powers of a fixed prime \u003cem\u003ep\u003c/em\u003e. We define an integer-valued valuation, as well as an extended-integer valued valuation which sends 0 to the infinite element. Basic topological facts about the \u003cem\u003ep\u003c/em\u003e-adic integers are formalized, including completeness and sequential compactness. Taylor expansions of polynomials over a commutative ring are defined, culminating in the formalization of Hensel's Lemma based on a proof due to Keith Conrad.",
"authors": [
"Aaron Crighton"
],
"date": "2021-03-23",
- "id": 108,
+ "id": 113,
"link": "/entries/Padic_Ints.html",
"permalink": "/entries/Padic_Ints.html",
"shortname": "Padic_Ints",
"title": "Hensel's Lemma for the p-adic Integers",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
- "used_by": 0
+ "used_by": 1
},
{
"abstract": "Constructive Cryptography (CC) [\u003ca href=\"https://conference.iiis.tsinghua.edu.cn/ICS2011/content/papers/14.html\"\u003eICS 2011\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-642-27375-9_3\"\u003eTOSCA 2011\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-662-53641-4_1\"\u003eTCC 2016\u003c/a\u003e] introduces an abstract approach to composable security statements that allows one to focus on a particular aspect of security proofs at a time. Instead of proving the properties of concrete systems, CC studies system classes, i.e., the shared behavior of similar systems, and their transformations. Modeling of systems communication plays a crucial role in composability and reusability of security statements; yet, this aspect has not been studied in any of the existing CC results. We extend our previous CC formalization [\u003ca href=\"https://isa-afp.org/entries/Constructive_Cryptography.html\"\u003eConstructive_Cryptography\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1109/CSF.2019.00018\"\u003eCSF 2019\u003c/a\u003e] with a new semantic domain called Fused Resource Templates (FRT) that abstracts over the systems communication patterns in CC proofs. This widens the scope of cryptography proof formalizations in the CryptHOL library [\u003ca href=\"https://isa-afp.org/entries/CryptHOL.html\"\u003eCryptHOL\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-662-49498-1_20\"\u003eESOP 2016\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/s00145-019-09341-z\"\u003eJ Cryptol 2020\u003c/a\u003e]. This formalization is described in \u003ca href=\"http://www.andreas-lochbihler.de/pub/basin2021.pdf\"\u003eAbstract Modeling of Systems Communication in Constructive Cryptography using CryptHOL\u003c/a\u003e.",
"authors": [
"Andreas Lochbihler",
"S. Reza Sefidgar"
],
"date": "2021-03-17",
- "id": 109,
+ "id": 114,
"link": "/entries/Constructive_Cryptography_CM.html",
"permalink": "/entries/Constructive_Cryptography_CM.html",
"shortname": "Constructive_Cryptography_CM",
"title": "Constructive Cryptography in HOL: the Communication Modeling Aspect",
"topic_links": [
"computer-science/security/cryptography",
"mathematics/probability-theory"
],
"topics": [
"Computer science/Security/Cryptography",
"Mathematics/Probability theory"
],
"used_by": 0
},
{
"abstract": "We verify two algorithms for which modular arithmetic plays an essential role: Storjohann's variant of the LLL lattice basis reduction algorithm and Kopparty's algorithm for computing the Hermite normal form of a matrix. To do this, we also formalize some facts about the modulo operation with symmetric range. Our implementations are based on the original papers, but are otherwise efficient. For basis reduction we formalize two versions: one that includes all of the optimizations/heuristics from Storjohann's paper, and one excluding a heuristic that we observed to often decrease efficiency. We also provide a fast, self-contained certifier for basis reduction, based on the efficient Hermite normal form algorithm.",
"authors": [
"Ralph Bottesch",
"Jose Divasón",
"René Thiemann"
],
"date": "2021-03-12",
- "id": 110,
+ "id": 115,
"link": "/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html",
"permalink": "/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html",
"shortname": "Modular_arithmetic_LLL_and_HNF_algorithms",
"title": "Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 0
},
{
"abstract": "This work contains a formalization of quantum projective measurements, also known as von Neumann measurements, which are based on elements of spectral theory. We also formalized the CHSH inequality, an inequality involving expectations in a probability space that is violated by quantum measurements, thus proving that quantum mechanics cannot be modeled with an underlying local hidden-variable theory.",
"authors": [
"Mnacho Echenim"
],
"date": "2021-03-03",
- "id": 111,
+ "id": 116,
"link": "/entries/Projective_Measurements.html",
"permalink": "/entries/Projective_Measurements.html",
"shortname": "Projective_Measurements",
"title": "Quantum projective measurements and the CHSH inequality",
"topic_links": [
"computer-science/algorithms/quantum-computing",
"mathematics/physics/quantum-information"
],
"topics": [
"Computer science/Algorithms/Quantum computing",
"Mathematics/Physics/Quantum information"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis article provides a formalisation of the Hermite-Lindemann-Weierstraß Theorem (also known as simply Hermite-Lindemann or Lindemann-Weierstraß). This theorem is one of the crowning achievements of 19th century number theory.\u003c/p\u003e \u003cp\u003eThe theorem states that if $\\alpha_1, \\ldots, \\alpha_n\\in\\mathbb{C}$ are algebraic numbers that are linearly independent over $\\mathbb{Z}$, then $e^{\\alpha_1},\\ldots,e^{\\alpha_n}$ are algebraically independent over $\\mathbb{Q}$.\u003c/p\u003e \u003cp\u003eLike the \u003ca href=\"https://doi.org/10.1007/978-3-319-66107-0_5\"\u003eprevious formalisation in Coq by Bernard\u003c/a\u003e, I proceeded by formalising \u003ca href=\"https://doi.org/10.1017/CBO9780511565977\"\u003eBaker's version of the theorem and proof\u003c/a\u003e and then deriving the original one from that. Baker's version states that for any algebraic numbers $\\beta_1, \\ldots, \\beta_n\\in\\mathbb{C}$ and distinct algebraic numbers $\\alpha_i, \\ldots, \\alpha_n\\in\\mathbb{C}$, we have $\\beta_1 e^{\\alpha_1} + \\ldots + \\beta_n e^{\\alpha_n} = 0$ if and only if all the $\\beta_i$ are zero.\u003c/p\u003e \u003cp\u003eThis has a number of direct corollaries, e.g.:\u003c/p\u003e \u003cul\u003e \u003cli\u003e$e$ and $\\pi$ are transcendental\u003c/li\u003e \u003cli\u003e$e^z$, $\\sin z$, $\\tan z$, etc. are transcendental for algebraic $z\\in\\mathbb{C}\\setminus\\{0\\}$\u003c/li\u003e \u003cli\u003e$\\ln z$ is transcendental for algebraic $z\\in\\mathbb{C}\\setminus\\{0, 1\\}$\u003c/li\u003e \u003c/ul\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2021-03-03",
- "id": 112,
+ "id": 117,
"link": "/entries/Hermite_Lindemann.html",
"permalink": "/entries/Hermite_Lindemann.html",
"shortname": "Hermite_Lindemann",
"title": "The Hermite–Lindemann–Weierstraß Transcendence Theorem",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "We use Isabelle/HOL to verify elementary theorems and alternative axiomatizations of classical extensional mereology.",
"authors": [
"Ben Blumson"
],
"date": "2021-03-01",
- "id": 113,
+ "id": 118,
"link": "/entries/Mereology.html",
"permalink": "/entries/Mereology.html",
"shortname": "Mereology",
"title": "Mereology",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "We formally define sunflowers and provide a formalization of the sunflower lemma of Erd\u0026odblac;s and Rado: whenever a set of size-\u003ci\u003ek\u003c/i\u003e-sets has a larger cardinality than \u003ci\u003e(r - 1)\u003csup\u003ek\u003c/sup\u003e \u0026middot; k!\u003c/i\u003e, then it contains a sunflower of cardinality \u003ci\u003er\u003c/i\u003e.",
"authors": [
"René Thiemann"
],
"date": "2021-02-25",
- "id": 114,
+ "id": 119,
"link": "/entries/Sunflowers.html",
"permalink": "/entries/Sunflowers.html",
"shortname": "Sunflowers",
"title": "The Sunflower Lemma of Erdős and Rado",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "In this work, we use the interactive theorem prover Isabelle/HOL to verify an imperative implementation of the classical B-tree data structure invented by Bayer and McCreight [ACM 1970]. The implementation supports set membership, insertion, deletion, iteration and range queries with efficient binary search for intra-node navigation. This is accomplished by first specifying the structure abstractly in the functional modeling language HOL and proving functional correctness. Using manual refinement, we derive an imperative implementation in Imperative/HOL. We show the validity of this refinement using the separation logic utilities from the \u003ca href=\"https://www.isa-afp.org/entries/Refine_Imperative_HOL.html\"\u003e Isabelle Refinement Framework \u003c/a\u003e . The code can be exported to the programming languages SML, OCaml and Scala. This entry contains two developments: \u003cdl\u003e \u003cdt\u003eB-Trees\u003c/dt\u003e \u003cdd\u003eThis formalisation is discussed in greater detail in the corresponding \u003ca href=\"https://mediatum.ub.tum.de/1596550\"\u003eBachelor's Thesis\u003c/a\u003e.\u003c/dd\u003e \u003cdt\u003eB+-Trees:\u003c/dt\u003e \u003cdd\u003eThis formalisation also supports range queries and is discussed in a paper published at ICTAC 2022.\u003c/dd\u003e \u003c/dl\u003e Change history: [2022-08-16]: Added formalisations of B+-Trees ",
"authors": [
"Niels Mündler"
],
"date": "2021-02-24",
- "id": 115,
+ "id": 120,
"link": "/entries/BTree.html",
"permalink": "/entries/BTree.html",
"shortname": "BTree",
"title": "A Verified Imperative Implementation of B-Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eFormal Puiseux series are generalisations of formal power series and formal Laurent series that also allow for fractional exponents. They have the following general form: \\[\\sum_{i=N}^\\infty a_{i/d} X^{i/d}\\] where \u003cem\u003eN\u003c/em\u003e is an integer and \u003cem\u003ed\u003c/em\u003e is a positive integer.\u003c/p\u003e \u003cp\u003eThis entry defines these series including their basic algebraic properties. Furthermore, it proves the Newton–Puiseux Theorem, namely that the Puiseux series over an algebraically closed field of characteristic 0 are also algebraically closed.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2021-02-17",
- "id": 116,
+ "id": 121,
"link": "/entries/Formal_Puiseux_Series.html",
"permalink": "/entries/Formal_Puiseux_Series.html",
"shortname": "Formal_Puiseux_Series",
"title": "Formal Puiseux Series",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThe Law of Large Numbers states that, informally, if one performs a random experiment $X$ many times and takes the average of the results, that average will be very close to the expected value $E[X]$.\u003c/p\u003e \u003cp\u003e More formally, let $(X_i)_{i\\in\\mathbb{N}}$ be a sequence of independently identically distributed random variables whose expected value $E[X_1]$ exists. Denote the running average of $X_1, \\ldots, X_n$ as $\\overline{X}_n$. Then:\u003c/p\u003e \u003cul\u003e \u003cli\u003eThe Weak Law of Large Numbers states that $\\overline{X}_{n} \\longrightarrow E[X_1]$ in probability for $n\\to\\infty$, i.e. $\\mathcal{P}(|\\overline{X}_{n} - E[X_1]| \u003e \\varepsilon) \\longrightarrow 0$ as $n\\to\\infty$ for any $\\varepsilon \u003e 0$.\u003c/li\u003e \u003cli\u003eThe Strong Law of Large Numbers states that $\\overline{X}_{n} \\longrightarrow E[X_1]$ almost surely for $n\\to\\infty$, i.e. $\\mathcal{P}(\\overline{X}_{n} \\longrightarrow E[X_1]) = 1$.\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eIn this entry, I formally prove the strong law and from it the weak law. The approach used for the proof of the strong law is a particularly quick and slick one based on ergodic theory, which was formalised by Gouëzel in another AFP entry.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2021-02-10",
- "id": 117,
+ "id": 122,
"link": "/entries/Laws_of_Large_Numbers.html",
"permalink": "/entries/Laws_of_Large_Numbers.html",
"shortname": "Laws_of_Large_Numbers",
"title": "The Laws of Large Numbers",
"topic_links": [
"mathematics/probability-theory"
],
"topics": [
"Mathematics/Probability theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThe \u003ca href=\"https://geocoq.github.io/GeoCoq/\"\u003eGeoCoq library\u003c/a\u003e contains a formalization of geometry using the Coq proof assistant. It contains both proofs about the foundations of geometry and high-level proofs in the same style as in high school. We port a part of the GeoCoq 2.4.0 library to Isabelle/HOL: more precisely, the files Chap02.v to Chap13_3.v, suma.v as well as the associated definitions and some useful files for the demonstration of certain parallel postulates. The synthetic approach of the demonstrations is directly inspired by those contained in GeoCoq. The names of the lemmas and theorems used are kept as far as possible as well as the definitions. \u003c/p\u003e \u003cp\u003eIt should be noted that T.J.M. Makarios has done \u003ca href=\"https://www.isa-afp.org/entries/Tarskis_Geometry.html\"\u003esome proofs in Tarski's Geometry\u003c/a\u003e. It uses a definition that does not quite coincide with the definition used in Geocoq and here. Furthermore, corresponding definitions in the \u003ca href=\"https://www.isa-afp.org/entries/Poincare_Disc.html\"\u003ePoincaré Disc Model development\u003c/a\u003e are not identical to those defined in GeoCoq. \u003c/p\u003e \u003cp\u003eIn the last part, it is formalized that, in the neutral/absolute space, the axiom of the parallels of Tarski's system implies the Playfair axiom, the 5th postulate of Euclid and Euclid's original parallel postulate. These proofs, which are not constructive, are directly inspired by Pierre Boutry, Charly Gries, Julien Narboux and Pascal Schreck. \u003c/p\u003e",
"authors": [
"Roland Coghetto"
],
"date": "2021-01-31",
- "id": 118,
+ "id": 123,
"link": "/entries/IsaGeoCoq.html",
"permalink": "/entries/IsaGeoCoq.html",
"shortname": "IsaGeoCoq",
"title": "Tarski's Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "In a \u003ca href=\"https://xkcd.com/blue_eyes.html\"\u003epuzzle published by Randall Munroe\u003c/a\u003e, perfect logicians forbidden from communicating are stranded on an island, and may only leave once they have figured out their own eye color. We present a method of modeling the behavior of perfect logicians and formalize a solution of the puzzle.",
"authors": [
"Maya Kądziołka"
],
"date": "2021-01-30",
- "id": 119,
+ "id": 124,
"link": "/entries/Blue_Eyes.html",
"permalink": "/entries/Blue_Eyes.html",
"shortname": "Blue_Eyes",
"title": "Solution to the xkcd Blue Eyes puzzle",
"topic_links": [
"logic/general-logic/logics-of-knowledge-and-belief"
],
"topics": [
"Logic/General logic/Logics of knowledge and belief"
],
"used_by": 0
},
{
"abstract": "This is a verified implementation of a constant time queue. The original design is due to \u003ca href=\"https://doi.org/10.1016/0020-0190(81)90030-2\"\u003eHood and Melville\u003c/a\u003e. This formalization follows the presentation in \u003cem\u003ePurely Functional Data Structures\u003c/em\u003eby Okasaki.",
"authors": [
"Alejandro Gómez-Londoño"
],
"date": "2021-01-18",
- "id": 120,
+ "id": 125,
"link": "/entries/Hood_Melville_Queue.html",
"permalink": "/entries/Hood_Melville_Queue.html",
"shortname": "Hood_Melville_Queue",
"title": "Hood-Melville Queue",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "We extend Jinja to include static fields, methods, and instructions, and dynamic class initialization, based on the Java SE 8 specification. This includes extension of definitions and proofs. This work is partially described in Mansky and Gunter's paper at CPP 2019 and Mansky's doctoral thesis (UIUC, 2020).",
"authors": [
"Susannah Mansky"
],
"date": "2021-01-11",
- "id": 121,
+ "id": 126,
"link": "/entries/JinjaDCI.html",
"permalink": "/entries/JinjaDCI.html",
"shortname": "JinjaDCI",
"title": "JinjaDCI: a Java semantics with dynamic class initialization",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 1
},
{
"abstract": "We formalize the basic results on cofinality of linearly ordered sets and ordinals and Šanin’s Lemma for uncountable families of finite sets. This last result is used to prove the countable chain condition for Cohen posets. We work in the set theory framework of Isabelle/ZF, using the Axiom of Choice as needed.",
"authors": [
"Pedro Sánchez Terraf"
],
"date": "2020-12-27",
- "id": 122,
+ "id": 127,
"link": "/entries/Delta_System_Lemma.html",
"permalink": "/entries/Delta_System_Lemma.html",
"shortname": "Delta_System_Lemma",
"title": "Cofinality and the Delta System Lemma",
"topic_links": [
"mathematics/combinatorics",
"logic/set-theory"
],
"topics": [
"Mathematics/Combinatorics",
"Logic/Set theory"
],
"used_by": 1
},
{
"abstract": "We introduce a generalized topological semantics for paraconsistent and paracomplete logics by drawing upon early works on topological Boolean algebras (cf. works by Kuratowski, Zarycki, McKinsey \u0026 Tarski, etc.). In particular, this work exemplarily illustrates the shallow semantical embeddings approach (\u003ca href=\"http://dx.doi.org/10.1007/s11787-012-0052-y\"\u003eSSE\u003c/a\u003e) employing the proof assistant Isabelle/HOL. By means of the SSE technique we can effectively harness theorem provers, model finders and 'hammers' for reasoning with quantified non-classical logics.",
"authors": [
"David Fuenmayor"
],
"date": "2020-12-17",
- "id": 123,
+ "id": 128,
"link": "/entries/Topological_Semantics.html",
"permalink": "/entries/Topological_Semantics.html",
"shortname": "Topological_Semantics",
"title": "Topological semantics for paraconsistent and paracomplete logics",
"topic_links": [
"logic/general-logic"
],
"topics": [
"Logic/General logic"
],
"used_by": 0
},
{
"abstract": "We verify the correctness of Prim's, Kruskal's and Borůvka's minimum spanning tree algorithms based on algebras for aggregation and minimisation.",
"authors": [
"Walter Guttmann",
"Nicolas Robinson-O'Brien"
],
"date": "2020-12-08",
- "id": 124,
+ "id": 129,
"link": "/entries/Relational_Minimum_Spanning_Trees.html",
"permalink": "/entries/Relational_Minimum_Spanning_Trees.html",
"shortname": "Relational_Minimum_Spanning_Trees",
"title": "Relational Minimum Spanning Tree Algorithms",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization builds on the \u003cem\u003eVeriComp\u003c/em\u003e entry of the \u003cem\u003eArchive of Formal Proofs\u003c/em\u003e to provide the following contributions: \u003cul\u003e \u003cli\u003ean operational semantics for a realistic virtual machine (Std) for dynamically typed programming languages;\u003c/li\u003e \u003cli\u003ethe formalization of an inline caching optimization (Inca), a proof of bisimulation with (Std), and a compilation function;\u003c/li\u003e \u003cli\u003ethe formalization of an unboxing optimization (Ubx), a proof of bisimulation with (Inca), and a simple compilation function.\u003c/li\u003e \u003c/ul\u003e This formalization was described in the CPP 2021 paper \u003cem\u003eTowards Efficient and Verified Virtual Machines for Dynamic Languages\u003c/em\u003e",
"authors": [
"Martin Desharnais"
],
"date": "2020-12-07",
- "id": 125,
+ "id": 130,
"link": "/entries/Interpreter_Optimizations.html",
"permalink": "/entries/Interpreter_Optimizations.html",
"shortname": "Interpreter_Optimizations",
"title": "Inline Caching and Unboxing Optimization for Interpreters",
"topic_links": [
"computer-science/programming-languages/misc"
],
"topics": [
"Computer science/Programming languages/Misc"
],
"used_by": 0
},
{
"abstract": "This paper introduces a new method for the formal verification of cryptographic protocols, the relational method, derived from Paulson's inductive method by means of some enhancements aimed at streamlining formal definitions and proofs, specially for protocols using public key cryptography. Moreover, this paper proposes a method to formalize a further security property, message anonymity, in addition to message confidentiality and authenticity. The relational method, including message anonymity, is then applied to the verification of a sample authentication protocol, comprising Password Authenticated Connection Establishment (PACE) with Chip Authentication Mapping followed by the explicit verification of an additional password over the PACE secure channel.",
"authors": [
"Pasquale Noce"
],
"date": "2020-12-05",
- "id": 126,
+ "id": 131,
"link": "/entries/Relational_Method.html",
"permalink": "/entries/Relational_Method.html",
"shortname": "Relational_Method",
"title": "The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This work is an effort to formalise some quantum algorithms and results in quantum information theory. Formal methods being critical for the safety and security of algorithms and protocols, we foresee their widespread use for quantum computing in the future. We have developed a large library for quantum computing in Isabelle based on a matrix representation for quantum circuits, successfully formalising the no-cloning theorem, quantum teleportation, Deutsch's algorithm, the Deutsch-Jozsa algorithm and the quantum Prisoner's Dilemma.",
"authors": [
"Anthony Bordg",
"Hanna Lachnitt",
"Yijun He"
],
"date": "2020-11-22",
- "id": 127,
+ "id": 132,
"link": "/entries/Isabelle_Marries_Dirac.html",
"permalink": "/entries/Isabelle_Marries_Dirac.html",
"shortname": "Isabelle_Marries_Dirac",
"title": "Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information",
"topic_links": [
"computer-science/algorithms/quantum-computing",
"mathematics/physics/quantum-information"
],
"topics": [
"Computer science/Algorithms/Quantum computing",
"Mathematics/Physics/Quantum information"
],
"used_by": 1
},
{
"abstract": "We use a formal development for CSP, called HOL-CSP2.0, to analyse a family of refinement notions, comprising classic and new ones. This analysis enables to derive a number of properties that allow to deepen the understanding of these notions, in particular with respect to specification decomposition principles for the case of infinite sets of events. The established relations between the refinement relations help to clarify some obscure points in the CSP literature, but also provide a weapon for shorter refinement proofs. Furthermore, we provide a framework for state-normalisation allowing to formally reason on parameterised process architectures. As a result, we have a modern environment for formal proofs of concurrent systems that allow for the combination of general infinite processes with locally finite ones in a logically safe way. We demonstrate these verification-techniques for classical, generalised examples: The CopyBuffer for arbitrary data and the Dijkstra's Dining Philosopher Problem of arbitrary size.",
"authors": [
"Safouan Taha",
"Burkhart Wolff",
"Lina Ye"
],
"date": "2020-11-19",
- "id": 128,
+ "id": 133,
"link": "/entries/CSP_RefTK.html",
"permalink": "/entries/CSP_RefTK.html",
"shortname": "CSP_RefTK",
"title": "The HOL-CSP Refinement Toolkit",
"topic_links": [
"computer-science/concurrency/process-calculi",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Concurrency/Process calculi",
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "This is an Isabelle/HOL formalisation of the semantics of the multi-valued planning tasks language that is used by the planning system Fast-Downward, the STRIPS fragment of the Planning Domain Definition Language (PDDL), and the STRIPS soundness meta-theory developed by Vladimir Lifschitz. It also contains formally verified checkers for checking the well-formedness of problems specified in either language as well the correctness of potential solutions. The formalisation in this entry was described in an earlier publication.",
"authors": [
"Mohammad Abdulaziz",
"Peter Lammich"
],
"date": "2020-10-29",
- "id": 129,
+ "id": 134,
"link": "/entries/AI_Planning_Languages_Semantics.html",
"permalink": "/entries/AI_Planning_Languages_Semantics.html",
"shortname": "AI_Planning_Languages_Semantics",
"title": "AI Planning Languages Semantics",
"topic_links": [
"computer-science/artificial-intelligence"
],
"topics": [
"Computer science/Artificial intelligence"
],
"used_by": 1
},
{
"abstract": "We present an executable formally verified SAT encoding of classical AI planning that is based on the encodings by Kautz and Selman and the one by Rintanen et al. The encoding was experimentally tested and shown to be usable for reasonably sized standard AI planning benchmarks. We also use it as a reference to test a state-of-the-art SAT-based planner, showing that it sometimes falsely claims that problems have no solutions of certain lengths. The formalisation in this submission was described in an independent publication.",
"authors": [
"Mohammad Abdulaziz",
"Friedrich Kurz"
],
"date": "2020-10-29",
- "id": 130,
+ "id": 135,
"link": "/entries/Verified_SAT_Based_AI_Planning.html",
"permalink": "/entries/Verified_SAT_Based_AI_Planning.html",
"shortname": "Verified_SAT_Based_AI_Planning",
"title": "Verified SAT-Based AI Planning",
"topic_links": [
"computer-science/artificial-intelligence"
],
"topics": [
"Computer science/Artificial intelligence"
],
"used_by": 0
},
{
"abstract": "The present Isabelle theory builds a formal model for both the International System of Quantities (ISQ) and the International System of Units (SI), which are both fundamental for physics and engineering. Both the ISQ and the SI are deeply integrated into Isabelle's type system. Quantities are parameterised by dimension types, which correspond to base vectors, and thus only quantities of the same dimension can be equated. Since the underlying \"algebra of quantities\" induces congruences on quantity and SI types, specific tactic support is developed to capture these. Our construction is validated by a test-set of known equivalences between both quantities and SI units. Moreover, the presented theory can be used for type-safe conversions between the SI system and others, like the British Imperial System (BIS).",
"authors": [
"Simon Foster",
"Burkhart Wolff"
],
"date": "2020-10-20",
- "id": 131,
+ "id": 136,
"link": "/entries/Physical_Quantities.html",
"permalink": "/entries/Physical_Quantities.html",
"shortname": "Physical_Quantities",
"title": "A Sound Type System for Physical Quantities, Units, and Measurements",
"topic_links": [
"mathematics/physics",
"computer-science/programming-languages/type-systems"
],
"topics": [
"Mathematics/Physics",
"Computer science/Programming languages/Type systems"
],
"used_by": 0
},
{
"abstract": "This entry includes useful syntactic sugar, new operators and functions, and their associated lemmas for finite maps which currently are not present in the standard Finite_Map theory.",
"authors": [
"Javier Díaz"
],
"date": "2020-10-12",
- "id": 132,
+ "id": 137,
"link": "/entries/Finite-Map-Extras.html",
"permalink": "/entries/Finite-Map-Extras.html",
"shortname": "Finite-Map-Extras",
"title": "Finite Map Extras",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "In this AFP entry, we extend our formalization of the core DOM with Shadow Roots. Shadow roots are a recent proposal of the web community to support a component-based development approach for client-side web applications. Shadow roots are a significant extension to the DOM standard and, as web standards are condemned to be backward compatible, such extensions often result in complex specification that may contain unwanted subtleties that can be detected by a formalization. Our Isabelle/HOL formalization is, in the sense of object-orientation, an extension of our formalization of the core DOM and enjoys the same basic properties, i.e., it is extensible, i.e., can be extended without the need of re-proving already proven properties and executable, i.e., we can generate executable code from our specification. We exploit the executability to show that our formalization complies to the official standard of the W3C, respectively, the WHATWG.",
"authors": [
"Achim D. Brucker",
"Michael Herzberg"
],
"date": "2020-09-28",
- "id": 133,
+ "id": 138,
"link": "/entries/Shadow_DOM.html",
"permalink": "/entries/Shadow_DOM.html",
"shortname": "Shadow_DOM",
"title": "A Formal Model of the Document Object Model with Shadow Roots",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "In this AFP entry, we extend our formalization of the safely composable DOM with Shadow Roots. This is a proposal for Shadow Roots with stricter safety guarantess than the standard compliant formalization (see \"Shadow DOM\"). Shadow Roots are a recent proposal of the web community to support a component-based development approach for client-side web applications. Shadow roots are a significant extension to the DOM standard and, as web standards are condemned to be backward compatible, such extensions often result in complex specification that may contain unwanted subtleties that can be detected by a formalization. Our Isabelle/HOL formalization is, in the sense of object-orientation, an extension of our formalization of the core DOM and enjoys the same basic properties, i.e., it is extensible, i.e., can be extended without the need of re-proving already proven properties and executable, i.e., we can generate executable code from our specification. We exploit the executability to show that our formalization complies to the official standard of the W3C, respectively, the WHATWG.",
"authors": [
"Achim D. Brucker",
"Michael Herzberg"
],
"date": "2020-09-28",
- "id": 134,
+ "id": 139,
"link": "/entries/Shadow_SC_DOM.html",
"permalink": "/entries/Shadow_SC_DOM.html",
"shortname": "Shadow_SC_DOM",
"title": "A Formal Model of the Safely Composable Document Object Model with Shadow Roots",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "While the (safely composable) DOM with shadow trees provide the technical basis for defining web components, it does neither defines the concept of web components nor specifies the safety properties that web components should guarantee. Consequently, the standard also does not discuss how or even if the methods for modifying the DOM respect component boundaries. In AFP entry, we present a formally verified model of safely composable web components and define safety properties which ensure that different web components can only interact with each other using well-defined interfaces. Moreover, our verification of the application programming interface (API) of the DOM revealed numerous invariants that implementations of the DOM API need to preserve to ensure the integrity of components. In comparison to the strict standard compliance formalization of Web Components in the AFP entry \"DOM_Components\", the notion of components in this entry (based on \"SC_DOM\" and \"Shadow_SC_DOM\") provides much stronger safety guarantees.",
"authors": [
"Achim D. Brucker",
"Michael Herzberg"
],
"date": "2020-09-28",
- "id": 135,
+ "id": 140,
"link": "/entries/SC_DOM_Components.html",
"permalink": "/entries/SC_DOM_Components.html",
"shortname": "SC_DOM_Components",
"title": "A Formalization of Safely Composable Web Components",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "While the DOM with shadow trees provide the technical basis for defining web components, the DOM standard neither defines the concept of web components nor specifies the safety properties that web components should guarantee. Consequently, the standard also does not discuss how or even if the methods for modifying the DOM respect component boundaries. In AFP entry, we present a formally verified model of web components and define safety properties which ensure that different web components can only interact with each other using well-defined interfaces. Moreover, our verification of the application programming interface (API) of the DOM revealed numerous invariants that implementations of the DOM API need to preserve to ensure the integrity of components.",
"authors": [
"Achim D. Brucker",
"Michael Herzberg"
],
"date": "2020-09-28",
- "id": 136,
+ "id": 141,
"link": "/entries/DOM_Components.html",
"permalink": "/entries/DOM_Components.html",
"shortname": "DOM_Components",
"title": "A Formalization of Web Components",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "In this AFP entry, we formalize the core of the Safely Composable Document Object Model (SC DOM). The SC DOM improve the standard DOM (as formalized in the AFP entry \"Core DOM\") by strengthening the tree boundaries set by shadow roots: in the SC DOM, the shadow root is a sub-class of the document class (instead of a base class). This modifications also results in changes to some API methods (e.g., getOwnerDocument) to return the nearest shadow root rather than the document root. As a result, many API methods that, when called on a node inside a shadow tree, would previously ``break out'' and return or modify nodes that are possibly outside the shadow tree, now stay within its boundaries. This change in behavior makes programs that operate on shadow trees more predictable for the developer and allows them to make more assumptions about other code accessing the DOM.",
"authors": [
"Achim D. Brucker",
"Michael Herzberg"
],
"date": "2020-09-28",
- "id": 137,
+ "id": 142,
"link": "/entries/Core_SC_DOM.html",
"permalink": "/entries/Core_SC_DOM.html",
"shortname": "Core_SC_DOM",
"title": "The Safely Composable DOM",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "We present an abstract formalization of G\u0026ouml;del's incompleteness theorems. We analyze sufficient conditions for the theorems' applicability to a partially specified logic. Our abstract perspective enables a comparison between alternative approaches from the literature. These include Rosser's variation of the first theorem, Jeroslow's variation of the second theorem, and the Swierczkowski\u0026ndash;Paulson semantics-based approach. This AFP entry is the main entry point to the results described in our CADE-27 paper \u003ca href=\"https://dx.doi.org/10.1007/978-3-030-29436-6_26\"\u003eA Formally Verified Abstract Account of Gödel's Incompleteness Theorems\u003c/a\u003e. As part of our abstract formalization's validation, we instantiate our locales twice in the separate AFP entries \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semantic.html\"\u003eGoedel_HFSet_Semantic\u003c/a\u003e and \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semanticless.html\"\u003eGoedel_HFSet_Semanticless\u003c/a\u003e.",
"authors": [
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2020-09-16",
- "id": 138,
+ "id": 143,
"link": "/entries/Goedel_Incompleteness.html",
"permalink": "/entries/Goedel_Incompleteness.html",
"shortname": "Goedel_Incompleteness",
"title": "An Abstract Formalization of G\u0026ouml;del's Incompleteness Theorems",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 2
},
{
"abstract": "We validate an abstract formulation of G\u0026ouml;del's First and Second Incompleteness Theorems from a \u003ca href=\"https://www.isa-afp.org/entries/Goedel_Incompleteness.html\"\u003eseparate AFP entry\u003c/a\u003e by instantiating them to the case of \u003ci\u003efinite sound extensions of the Hereditarily Finite (HF) Set theory\u003c/i\u003e, i.e., FOL theories extending the HF Set theory with a finite set of axioms that are sound in the standard model. The concrete results had been previously formalised in an \u003ca href=\"https://www.isa-afp.org/entries/Incompleteness.html\"\u003eAFP entry by Larry Paulson\u003c/a\u003e; our instantiation reuses the infrastructure developed in that entry.",
"authors": [
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2020-09-16",
- "id": 139,
+ "id": 144,
"link": "/entries/Goedel_HFSet_Semantic.html",
"permalink": "/entries/Goedel_HFSet_Semantic.html",
"shortname": "Goedel_HFSet_Semantic",
"title": "From Abstract to Concrete G\u0026ouml;del's Incompleteness Theorems\u0026mdash;Part I",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "We validate an abstract formulation of G\u0026ouml;del's Second Incompleteness Theorem from a \u003ca href=\"https://www.isa-afp.org/entries/Goedel_Incompleteness.html\"\u003eseparate AFP entry\u003c/a\u003e by instantiating it to the case of \u003ci\u003efinite consistent extensions of the Hereditarily Finite (HF) Set theory\u003c/i\u003e, i.e., consistent FOL theories extending the HF Set theory with a finite set of axioms. The instantiation draws heavily on infrastructure previously developed by Larry Paulson in his \u003ca href=\"https://www.isa-afp.org/entries/Incompleteness.html\"\u003edirect formalisation of the concrete result\u003c/a\u003e. It strengthens Paulson's formalization of G\u0026ouml;del's Second from that entry by \u003ci\u003enot\u003c/i\u003e assuming soundness, and in fact not relying on any notion of model or semantic interpretation. The strengthening was obtained by first replacing some of Paulson’s semantic arguments with proofs within his HF calculus, and then plugging in some of Paulson's (modified) lemmas to instantiate our soundness-free G\u0026ouml;del's Second locale.",
"authors": [
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2020-09-16",
- "id": 140,
+ "id": 145,
"link": "/entries/Goedel_HFSet_Semanticless.html",
"permalink": "/entries/Goedel_HFSet_Semanticless.html",
"shortname": "Goedel_HFSet_Semanticless",
"title": "From Abstract to Concrete G\u0026ouml;del's Incompleteness Theorems\u0026mdash;Part II",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "We instantiate our syntax-independent logic infrastructure developed in \u003ca href=\"https://www.isa-afp.org/entries/Syntax_Independent_Logic.html\"\u003ea separate AFP entry\u003c/a\u003e to the FOL theory of Robinson arithmetic (also known as Q). The latter was formalised using Nominal Isabelle by adapting \u003ca href=\"https://www.isa-afp.org/entries/Incompleteness.html\"\u003eLarry Paulson’s formalization of the Hereditarily Finite Set theory\u003c/a\u003e.",
"authors": [
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2020-09-16",
- "id": 141,
+ "id": 146,
"link": "/entries/Robinson_Arithmetic.html",
"permalink": "/entries/Robinson_Arithmetic.html",
"shortname": "Robinson_Arithmetic",
"title": "Robinson Arithmetic",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "We formalize a notion of logic whose terms and formulas are kept abstract. In particular, logical connectives, substitution, free variables, and provability are not defined, but characterized by their general properties as locale assumptions. Based on this abstract characterization, we develop further reusable reasoning infrastructure. For example, we define parallel substitution (along with proving its characterizing theorems) from single-point substitution. Similarly, we develop a natural deduction style proof system starting from the abstract Hilbert-style one. These one-time efforts benefit different concrete logics satisfying our locales' assumptions. We instantiate the syntax-independent logic infrastructure to Robinson arithmetic (also known as Q) in the AFP entry \u003ca href=\"https://www.isa-afp.org/entries/Robinson_Arithmetic.html\"\u003eRobinson_Arithmetic\u003c/a\u003e and to hereditarily finite set theory in the AFP entries \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semantic.html\"\u003eGoedel_HFSet_Semantic\u003c/a\u003e and \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semanticless.html\"\u003eGoedel_HFSet_Semanticless\u003c/a\u003e, which are part of our formalization of G\u0026ouml;del's Incompleteness Theorems described in our CADE-27 paper \u003ca href=\"https://dx.doi.org/10.1007/978-3-030-29436-6_26\"\u003eA Formally Verified Abstract Account of Gödel's Incompleteness Theorems\u003c/a\u003e.",
"authors": [
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2020-09-16",
- "id": 142,
+ "id": 147,
"link": "/entries/Syntax_Independent_Logic.html",
"permalink": "/entries/Syntax_Independent_Logic.html",
"shortname": "Syntax_Independent_Logic",
"title": "Syntax-Independent Logic Infrastructure",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 2
},
{
"abstract": "In this AFP entry, we provide a formalisation of extended finite state machines (EFSMs) where models are represented as finite sets of transitions between states. EFSMs execute traces to produce observable outputs. We also define various simulation and equality metrics for EFSMs in terms of traces and prove their strengths in relation to each other. Another key contribution is a framework of function definitions such that LTL properties can be phrased over EFSMs. Finally, we provide a simple example case study in the form of a drinks machine.",
"authors": [
"Michael Foster",
"Achim D. Brucker",
"Ramsay G. Taylor",
"John Derrick"
],
"date": "2020-09-07",
- "id": 143,
+ "id": 148,
"link": "/entries/Extended_Finite_State_Machines.html",
"permalink": "/entries/Extended_Finite_State_Machines.html",
"shortname": "Extended_Finite_State_Machines",
"title": "A Formal Model of Extended Finite State Machines",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "In this AFP entry, we provide a formal implementation of a state-merging technique to infer extended finite state machines (EFSMs), complete with output and update functions, from black-box traces. In particular, we define the subsumption in context relation as a means of determining whether one transition is able to account for the behaviour of another. Building on this, we define the direct subsumption relation, which lifts the subsumption in context relation to EFSM level such that we can use it to determine whether it is safe to merge a given pair of transitions. Key proofs include the conditions necessary for subsumption to occur and that subsumption and direct subsumption are preorder relations. We also provide a number of different heuristics which can be used to abstract away concrete values into registers so that more states and transitions can be merged and provide proofs of the various conditions which must hold for these abstractions to subsume their ungeneralised counterparts. A Code Generator setup to create executable Scala code is also defined.",
"authors": [
"Michael Foster",
"Achim D. Brucker",
"Ramsay G. Taylor",
"John Derrick"
],
"date": "2020-09-07",
- "id": 144,
+ "id": 149,
"link": "/entries/Extended_Finite_State_Machine_Inference.html",
"permalink": "/entries/Extended_Finite_State_Machine_Inference.html",
"shortname": "Extended_Finite_State_Machine_Inference",
"title": "Inference of Extended Finite State Machines",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "Generating and checking proof certificates is important to increase the trust in automated reasoning tools. In recent years formal verification using computer algebra became more important and is heavily used in automated circuit verification. An existing proof format which covers algebraic reasoning and allows efficient proof checking is the practical algebraic calculus (PAC). In this development, we present the verified checker Pastèque that is obtained by synthesis via the Refinement Framework. This is the formalization going with our FMCAD'20 tool presentation.",
"authors": [
"Mathias Fleury",
"Daniela Kaufmann"
],
"date": "2020-08-31",
- "id": 145,
+ "id": 150,
"link": "/entries/PAC_Checker.html",
"permalink": "/entries/PAC_Checker.html",
"shortname": "PAC_Checker",
"title": "Practical Algebraic Calculus Checker",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e This entry formalizes some classical concepts and results from inductive inference of recursive functions. In the basic setting a partial recursive function (\"strategy\") must identify (\"learn\") all functions from a set (\"class\") of recursive functions. To that end the strategy receives more and more values $f(0), f(1), f(2), \\ldots$ of some function $f$ from the given class and in turn outputs descriptions of partial recursive functions, for example, Gödel numbers. The strategy is considered successful if the sequence of outputs (\"hypotheses\") converges to a description of $f$. A class of functions learnable in this sense is called \"learnable in the limit\". The set of all these classes is denoted by LIM. \u003c/p\u003e \u003cp\u003e Other types of inference considered are finite learning (FIN), behaviorally correct learning in the limit (BC), and some variants of LIM with restrictions on the hypotheses: total learning (TOTAL), consistent learning (CONS), and class-preserving learning (CP). The main results formalized are the proper inclusions $\\mathrm{FIN} \\subset \\mathrm{CP} \\subset \\mathrm{TOTAL} \\subset \\mathrm{CONS} \\subset \\mathrm{LIM} \\subset \\mathrm{BC} \\subset 2^{\\mathcal{R}}$, where $\\mathcal{R}$ is the set of all total recursive functions. Further results show that for all these inference types except CONS, strategies can be assumed to be total recursive functions; that all inference types but CP are closed under the subset relation between classes; and that no inference type is closed under the union of classes. \u003c/p\u003e \u003cp\u003e The above is based on a formalization of recursive functions heavily inspired by the \u003ca href=\"https://www.isa-afp.org/entries/Universal_Turing_Machine.html\"\u003eUniversal Turing Machine\u003c/a\u003e entry by Xu et al., but different in that it models partial functions with codomain \u003cem\u003enat option\u003c/em\u003e. The formalization contains a construction of a universal partial recursive function, without resorting to Turing machines, introduces decidability and recursive enumerability, and proves some standard results: existence of a Kleene normal form, the \u003cem\u003es-m-n\u003c/em\u003e theorem, Rice's theorem, and assorted fixed-point theorems (recursion theorems) by Kleene, Rogers, and Smullyan. \u003c/p\u003e",
"authors": [
"Frank J. Balbach"
],
"date": "2020-08-31",
- "id": 146,
+ "id": 151,
"link": "/entries/Inductive_Inference.html",
"permalink": "/entries/Inductive_Inference.html",
"shortname": "Inductive_Inference",
"title": "Some classical results in inductive inference of recursive functions",
"topic_links": [
"logic/computability",
"computer-science/machine-learning"
],
"topics": [
"Logic/Computability",
"Computer science/Machine learning"
],
"used_by": 0
},
{
"abstract": "We give a simple relation-algebraic semantics of read and write operations on associative arrays. The array operations seamlessly integrate with assignments in the Hoare-logic library. Using relation algebras and Kleene algebras we verify the correctness of an array-based implementation of disjoint-set forests with a naive union operation and a find operation with path compression.",
"authors": [
"Walter Guttmann"
],
"date": "2020-08-26",
- "id": 147,
+ "id": 152,
"link": "/entries/Relational_Disjoint_Set_Forests.html",
"permalink": "/entries/Relational_Disjoint_Set_Forests.html",
"shortname": "Relational_Disjoint_Set_Forests",
"title": "Relational Disjoint-Set Forests",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "This Isabelle/HOL formalization extends the AFP entry \u003cem\u003eSaturation_Framework\u003c/em\u003e with the following contributions: \u003cul\u003e \u003cli\u003ean application of the framework to prove Bachmair and Ganzinger's resolution prover RP refutationally complete, which was formalized in a more ad hoc fashion by Schlichtkrull et al. in the AFP entry \u003cem\u003eOrdered_Resultion_Prover\u003c/em\u003e;\u003c/li\u003e \u003cli\u003egeneralizations of various basic concepts formalized by Schlichtkrull et al., which were needed to verify RP and could be useful to formalize other calculi, such as superposition;\u003c/li\u003e \u003cli\u003ealternative proofs of fairness (and hence saturation and ultimately refutational completeness) for the given clause procedures GC and LGC, based on invariance.\u003c/li\u003e \u003c/ul\u003e",
"authors": [
"Jasmin Christian Blanchette",
"Sophie Tourret"
],
"date": "2020-08-25",
- "id": 148,
+ "id": 153,
"link": "/entries/Saturation_Framework_Extensions.html",
"permalink": "/entries/Saturation_Framework_Extensions.html",
"shortname": "Saturation_Framework_Extensions",
"title": "Extensions to the Comprehensive Framework for Saturation Theorem Proving",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "Richard Bird and collaborators have proposed a derivation of an intricate cyclic program that implements the Morris-Pratt string matching algorithm. Here we provide a proof of total correctness for Bird's derivation and complete it by adding Knuth's optimisation.",
"authors": [
"Peter Gammie"
],
"date": "2020-08-25",
- "id": 149,
+ "id": 154,
"link": "/entries/BirdKMP.html",
"permalink": "/entries/BirdKMP.html",
"shortname": "BirdKMP",
"title": "Putting the `K' into Bird's derivation of Knuth-Morris-Pratt string matching",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "This is a formalisation of Amicable Numbers, involving some relevant material including Euler's sigma function, some relevant definitions, results and examples as well as rules such as Th\u0026#257;bit ibn Qurra's Rule, Euler's Rule, te Riele's Rule and Borho's Rule with breeders.",
"authors": [
"Angeliki Koutsoukou-Argyraki"
],
"date": "2020-08-04",
- "id": 150,
+ "id": 155,
"link": "/entries/Amicable_Numbers.html",
"permalink": "/entries/Amicable_Numbers.html",
"shortname": "Amicable_Numbers",
"title": "Amicable Numbers",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "The theory of partition relations concerns generalisations of Ramsey's theorem. For any ordinal $\\alpha$, write $\\alpha \\to (\\alpha, m)^2$ if for each function $f$ from unordered pairs of elements of $\\alpha$ into $\\{0,1\\}$, either there is a subset $X\\subseteq \\alpha$ order-isomorphic to $\\alpha$ such that $f\\{x,y\\}=0$ for all $\\{x,y\\}\\subseteq X$, or there is an $m$ element set $Y\\subseteq \\alpha$ such that $f\\{x,y\\}=1$ for all $\\{x,y\\}\\subseteq Y$. (In both cases, with $\\{x,y\\}$ we require $x\\not=y$.) In particular, the infinite Ramsey theorem can be written in this notation as $\\omega \\to (\\omega, \\omega)^2$, or if we restrict $m$ to the positive integers as above, then $\\omega \\to (\\omega, m)^2$ for all $m$. This entry formalises Larson's proof of $\\omega^\\omega \\to (\\omega^\\omega, m)^2$ along with a similar proof of a result due to Specker: $\\omega^2 \\to (\\omega^2, m)^2$. Also proved is a necessary result by Erdős and Milner: $\\omega^{1+\\alpha\\cdot n} \\to (\\omega^{1+\\alpha}, 2^n)^2$.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2020-08-03",
- "id": 151,
+ "id": 156,
"link": "/entries/Ordinal_Partitions.html",
"permalink": "/entries/Ordinal_Partitions.html",
"shortname": "Ordinal_Partitions",
"title": "Ordinal Partitions",
"topic_links": [
"mathematics/combinatorics",
"logic/set-theory"
],
"topics": [
"Mathematics/Combinatorics",
"Logic/Set theory"
],
"used_by": 0
},
{
"abstract": "We provide a suitable distributed system model and implementation of the Chandy--Lamport distributed snapshot algorithm [ACM Transactions on Computer Systems, 3, 63-75, 1985]. Our main result is a formal termination and correctness proof of the Chandy--Lamport algorithm and its use in stable property detection.",
"authors": [
"Ben Fiedler",
"Dmitriy Traytel"
],
"date": "2020-07-21",
- "id": 152,
+ "id": 157,
"link": "/entries/Chandy_Lamport.html",
"permalink": "/entries/Chandy_Lamport.html",
"shortname": "Chandy_Lamport",
"title": "A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "Binary relations are one of the standard ways to encode, characterise and reason about graphs. Relation algebras provide equational axioms for a large fragment of the calculus of binary relations. Although relations are standard tools in many areas of mathematics and computing, researchers usually fall back to point-wise reasoning when it comes to arguments about paths in a graph. We present a purely algebraic way to specify different kinds of paths in Kleene relation algebras, which are relation algebras equipped with an operation for reflexive transitive closure. We study the relationship between paths with a designated root vertex and paths without such a vertex. Since we stay in first-order logic this development helps with mechanising proofs. To demonstrate the applicability of the algebraic framework we verify the correctness of three basic graph algorithms.",
"authors": [
"Walter Guttmann",
"Peter Höfner"
],
"date": "2020-07-13",
- "id": 153,
+ "id": 158,
"link": "/entries/Relational_Paths.html",
"permalink": "/entries/Relational_Paths.html",
"shortname": "Relational_Paths",
"title": "Relational Characterisations of Paths",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "The Vienna Convention on Road Traffic defines the safe distance traffic rules informally. This could make autonomous vehicle liable for safe-distance-related accidents because there is no clear definition of how large a safe distance is. We provide a formally proven prescriptive definition of a safe distance, and checkers which can decide whether an autonomous vehicle is obeying the safe distance rule. Not only does our work apply to the domain of law, but it also serves as a specification for autonomous vehicle manufacturers and for online verification of path planners.",
"authors": [
"Albert Rizaldi",
"Fabian Immler"
],
"date": "2020-06-01",
- "id": 154,
+ "id": 159,
"link": "/entries/Safe_Distance.html",
"permalink": "/entries/Safe_Distance.html",
"shortname": "Safe_Distance",
"title": "A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/physics"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Physics"
],
"used_by": 0
},
{
"abstract": "This work presents a formal proof in Isabelle/HOL of an algorithm to transform a matrix into its Smith normal form, a canonical matrix form, in a general setting: the algorithm is parameterized by operations to prove its existence over elementary divisor rings, while execution is guaranteed over Euclidean domains. We also provide a formal proof on some results about the generality of this algorithm as well as the uniqueness of the Smith normal form. Since Isabelle/HOL does not feature dependent types, the development is carried out switching conveniently between two different existing libraries: the Hermite normal form (based on HOL Analysis) and the Jordan normal form AFP entries. This permits to reuse results from both developments and it is done by means of the lifting and transfer package together with the use of local type definitions.",
"authors": [
"Jose Divasón"
],
"date": "2020-05-23",
- "id": 155,
+ "id": 160,
"link": "/entries/Smith_Normal_Form.html",
"permalink": "/entries/Smith_Normal_Form.html",
"shortname": "Smith_Normal_Form",
"title": "A verified algorithm for computing the Smith normal form of a matrix",
"topic_links": [
"mathematics/algebra",
"computer-science/algorithms/mathematical"
],
"topics": [
"Mathematics/Algebra",
"Computer science/Algorithms/Mathematical"
],
"used_by": 1
},
{
"abstract": "In 1965, Nash-Williams discovered a generalisation of the infinite form of Ramsey's theorem. Where the latter concerns infinite sets of n-element sets for some fixed n, the Nash-Williams theorem concerns infinite sets of finite sets (or lists) subject to a “no initial segment” condition. The present formalisation follows a monograph on Ramsey Spaces by Todorčević.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2020-05-16",
- "id": 156,
+ "id": 161,
"link": "/entries/Nash_Williams.html",
"permalink": "/entries/Nash_Williams.html",
"shortname": "Nash_Williams",
"title": "The Nash-Williams Partition Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "We define a generalized version of Knuth\u0026ndash;Bendix orders, including subterm coefficient functions. For these orders we formalize several properties such as strong normalization, the subterm property, closure properties under substitutions and contexts, as well as ground totality.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2020-05-13",
- "id": 157,
+ "id": 162,
"link": "/entries/Knuth_Bendix_Order.html",
"permalink": "/entries/Knuth_Bendix_Order.html",
"shortname": "Knuth_Bendix_Order",
"title": "A Formalization of Knuth–Bendix Orders",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 3
},
{
"abstract": "We formalise certain irrationality criteria for infinite series of the form: \\[\\sum_{n=1}^\\infty \\frac{b_n}{\\prod_{i=1}^n a_i} \\] where $\\{b_n\\}$ is a sequence of integers and $\\{a_n\\}$ a sequence of positive integers with $a_n \u003e1$ for all large n. The results are due to P. Erdős and E. G. Straus \u003ca href=\"https://projecteuclid.org/euclid.pjm/1102911140\"\u003e[1]\u003c/a\u003e. In particular, we formalise Theorem 2.1, Corollary 2.10 and Theorem 3.1. The latter is an application of Theorem 2.1 involving the prime numbers.",
"authors": [
"Angeliki Koutsoukou-Argyraki",
"Wenda Li"
],
"date": "2020-05-12",
- "id": 158,
+ "id": 163,
"link": "/entries/Irrational_Series_Erdos_Straus.html",
"permalink": "/entries/Irrational_Series_Erdos_Straus.html",
"shortname": "Irrational_Series_Erdos_Straus",
"title": "Irrationality Criteria for Series by Erdős and Straus",
"topic_links": [
"mathematics/number-theory",
"mathematics/analysis"
],
"topics": [
"Mathematics/Number theory",
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "This document contains a proof of the recursion theorem. This is a mechanization of the proof of the recursion theorem from the text \u003ci\u003eIntroduction to Set Theory\u003c/i\u003e, by Karel Hrbacek and Thomas Jech. This implementation may be used as the basis for a model of Peano arithmetic in ZF. While recursion and the natural numbers are already available in Isabelle/ZF, this clean development is much easier to follow.",
"authors": [
"Georgy Dunaev"
],
"date": "2020-05-11",
- "id": 159,
+ "id": 164,
"link": "/entries/Recursion-Addition.html",
"permalink": "/entries/Recursion-Addition.html",
"shortname": "Recursion-Addition",
"title": "Recursion Theorem in ZF",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 0
},
{
"abstract": "In the mid 80s, Lichtenstein, Pnueli, and Zuck proved a classical theorem stating that every formula of Past LTL (the extension of LTL with past operators) is equivalent to a formula of the form $\\bigwedge_{i=1}^n \\mathbf{G}\\mathbf{F} \\varphi_i \\vee \\mathbf{F}\\mathbf{G} \\psi_i$, where $\\varphi_i$ and $\\psi_i$ contain only past operators. Some years later, Chang, Manna, and Pnueli built on this result to derive a similar normal form for LTL. Both normalisation procedures have a non-elementary worst-case blow-up, and follow an involved path from formulas to counter-free automata to star-free regular expressions and back to formulas. We improve on both points. We present an executable formalisation of a direct and purely syntactic normalisation procedure for LTL yielding a normal form, comparable to the one by Chang, Manna, and Pnueli, that has only a single exponential blow-up.",
"authors": [
"Salomon Sickert"
],
"date": "2020-05-08",
- "id": 160,
+ "id": 165,
"link": "/entries/LTL_Normal_Form.html",
"permalink": "/entries/LTL_Normal_Form.html",
"shortname": "LTL_Normal_Form",
"title": "An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation",
"topic_links": [
"computer-science/automata-and-formal-languages",
"logic/general-logic/temporal-logic"
],
"topics": [
"Computer science/Automata and formal languages",
"Logic/General logic/Temporal logic"
],
"used_by": 0
},
{
"abstract": "We formalize the theory of forcing in the set theory framework of Isabelle/ZF. Under the assumption of the existence of a countable transitive model of ZFC, we construct a proper generic extension and show that the latter also satisfies ZFC.",
"authors": [
"Emmanuel Gunther",
"Miguel Pagano",
"Pedro Sánchez Terraf"
],
"date": "2020-05-06",
- "id": 161,
+ "id": 166,
"link": "/entries/Forcing.html",
"permalink": "/entries/Forcing.html",
"shortname": "Forcing",
"title": "Formalization of Forcing in Isabelle/ZF",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 0
},
{
"abstract": "We formalize in Isabelle/HOL a result due to S. Banach and H. Steinhaus known as the Banach-Steinhaus theorem or Uniform boundedness principle: a pointwise-bounded family of continuous linear operators from a Banach space to a normed space is uniformly bounded. Our approach is an adaptation to Isabelle/HOL of a proof due to A. Sokal.",
"authors": [
"Dominique Unruh",
"José Manuel Rodríguez Caballero"
],
"date": "2020-05-02",
- "id": 162,
+ "id": 167,
"link": "/entries/Banach_Steinhaus.html",
"permalink": "/entries/Banach_Steinhaus.html",
"shortname": "Banach_Steinhaus",
"title": "Banach-Steinhaus Theorem",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "In this article, we present a proof theory for Attack Trees. Attack Trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we develop a generic theory of Attack Trees with a state-based semantics based on Kripke structures and CTL. The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of Attack Trees and at the same time the developed proof theory enables application to case studies. A central correctness and completeness result proved in Isabelle establishes a connection between the notion of Attack Tree validity and CTL. The application is illustrated on the example of a healthcare IoT system and GDPR compliance verification.",
"authors": [
"Florian Kammüller"
],
"date": "2020-04-27",
- "id": 163,
+ "id": 168,
"link": "/entries/Attack_Trees.html",
"permalink": "/entries/Attack_Trees.html",
"shortname": "Attack_Trees",
"title": "Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThe Gaussian integers are the subring \u0026#8484;[i] of the complex numbers, i. e. the ring of all complex numbers with integral real and imaginary part. This article provides a definition of this ring as well as proofs of various basic properties, such as that they form a Euclidean ring and a full classification of their primes. An executable (albeit not very efficient) factorisation algorithm is also provided.\u003c/p\u003e \u003cp\u003eLastly, this Gaussian integer formalisation is used in two short applications:\u003c/p\u003e \u003col\u003e \u003cli\u003e The characterisation of all positive integers that can be written as sums of two squares\u003c/li\u003e \u003cli\u003e Euclid's formula for primitive Pythagorean triples\u003c/li\u003e \u003c/ol\u003e \u003cp\u003eWhile elementary proofs for both of these are already available in the AFP, the theory of Gaussian integers provides more concise proofs and a more high-level view.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2020-04-24",
- "id": 164,
+ "id": 169,
"link": "/entries/Gaussian_Integers.html",
"permalink": "/entries/Gaussian_Integers.html",
"shortname": "Gaussian_Integers",
"title": "Gaussian Integers",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a formalisation of the symmetric multivariate polynomials known as \u003cem\u003epower sum polynomials\u003c/em\u003e. These are of the form p\u003csub\u003en\u003c/sub\u003e(\u003cem\u003eX\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;, \u003cem\u003eX\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e) = \u003cem\u003eX\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e\u003csup\u003en\u003c/sup\u003e + \u0026hellip; + X\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e\u003csup\u003en\u003c/sup\u003e. A formal proof of the Girard–Newton Theorem is also given. This theorem relates the power sum polynomials to the elementary symmetric polynomials s\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e in the form of a recurrence relation (-1)\u003csup\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sup\u003e \u003cem\u003ek\u003c/em\u003e s\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e = \u0026sum;\u003csub\u003ei\u0026isinv;[0,\u003cem\u003ek\u003c/em\u003e)\u003c/sub\u003e (-1)\u003csup\u003ei\u003c/sup\u003e s\u003csub\u003ei\u003c/sub\u003e p\u003csub\u003e\u003cem\u003ek\u003c/em\u003e-\u003cem\u003ei\u003c/em\u003e\u003c/sub\u003e\u0026thinsp;.\u003c/p\u003e \u003cp\u003eAs an application, this is then used to solve a generalised form of a puzzle given as an exercise in Dummit and Foote's \u003cem\u003eAbstract Algebra\u003c/em\u003e: For \u003cem\u003ek\u003c/em\u003e complex unknowns \u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e, \u0026hellip;, \u003cem\u003ex\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e, define p\u003csub\u003e\u003cem\u003ej\u003c/em\u003e\u003c/sub\u003e := \u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e\u003csup\u003e\u003cem\u003ej\u003c/em\u003e\u003c/sup\u003e + \u0026hellip; + \u003cem\u003ex\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e\u003csup\u003e\u003cem\u003ej\u003c/em\u003e\u003c/sup\u003e. Then for each vector \u003cem\u003ea\u003c/em\u003e \u0026isinv; \u0026#x2102;\u003csup\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sup\u003e, show that there is exactly one solution to the system p\u003csub\u003e1\u003c/sub\u003e = a\u003csub\u003e1\u003c/sub\u003e, \u0026hellip;, p\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e = a\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e up to permutation of the \u003cem\u003ex\u003c/em\u003e\u003csub\u003e\u003cem\u003ei\u003c/em\u003e\u003c/sub\u003e and determine the value of p\u003csub\u003e\u003cem\u003ei\u003c/em\u003e\u003c/sub\u003e for i\u0026gt;k.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2020-04-24",
- "id": 165,
+ "id": 170,
"link": "/entries/Power_Sum_Polynomials.html",
"permalink": "/entries/Power_Sum_Polynomials.html",
"shortname": "Power_Sum_Polynomials",
"title": "Power Sum Polynomials",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThe Lambert \u003cem\u003eW\u003c/em\u003e function is a multi-valued function defined as the inverse function of \u003cem\u003ex\u003c/em\u003e \u0026#x21A6; \u003cem\u003ex\u003c/em\u003e e\u003csup\u003e\u003cem\u003ex\u003c/em\u003e\u003c/sup\u003e. Besides numerous applications in combinatorics, physics, and engineering, it also frequently occurs when solving equations containing both e\u003csup\u003e\u003cem\u003ex\u003c/em\u003e\u003c/sup\u003e and \u003cem\u003ex\u003c/em\u003e, or both \u003cem\u003ex\u003c/em\u003e and log \u003cem\u003ex\u003c/em\u003e.\u003c/p\u003e \u003cp\u003eThis article provides a definition of the two real-valued branches \u003cem\u003eW\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e) and \u003cem\u003eW\u003c/em\u003e\u003csub\u003e-1\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e) and proves various properties such as basic identities and inequalities, monotonicity, differentiability, asymptotic expansions, and the MacLaurin series of \u003cem\u003eW\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e) at \u003cem\u003ex\u003c/em\u003e = 0.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2020-04-24",
- "id": 166,
+ "id": 171,
"link": "/entries/Lambert_W.html",
"permalink": "/entries/Lambert_W.html",
"shortname": "Lambert_W",
"title": "The Lambert W Function on the Reals",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "Our theories formalise various matrix properties that serve to establish existence, uniqueness and characterisation of the solution to affine systems of ordinary differential equations (ODEs). In particular, we formalise the operator and maximum norm of matrices. Then we use them to prove that square matrices form a Banach space, and in this setting, we show an instance of Picard-Lindelöf’s theorem for affine systems of ODEs. Finally, we use this formalisation to verify three simple hybrid programs.",
"authors": [
"Jonathan Julian Huerta y Munive"
],
"date": "2020-04-19",
- "id": 167,
+ "id": 172,
"link": "/entries/Matrices_for_ODEs.html",
"permalink": "/entries/Matrices_for_ODEs.html",
"shortname": "Matrices_for_ODEs",
"title": "Matrices for ODEs",
"topic_links": [
"mathematics/analysis",
"mathematics/algebra"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "Authenticated data structures allow several systems to convince each other that they are referring to the same data structure, even if each of them knows only a part of the data structure. Using inclusion proofs, knowledgeable systems can selectively share their knowledge with other systems and the latter can verify the authenticity of what is being shared. In this article, we show how to modularly define authenticated data structures, their inclusion proofs, and operations thereon as datatypes in Isabelle/HOL, using a shallow embedding. Modularity allows us to construct complicated trees from reusable building blocks, which we call Merkle functors. Merkle functors include sums, products, and function spaces and are closed under composition and least fixpoints. As a practical application, we model the hierarchical transactions of \u003ca href=\"https://www.canton.io\"\u003eCanton\u003c/a\u003e, a practical interoperability protocol for distributed ledgers, as authenticated data structures. This is a first step towards formalizing the Canton protocol and verifying its integrity and security guarantees.",
"authors": [
"Andreas Lochbihler",
"Ognjen Marić"
],
"date": "2020-04-16",
- "id": 168,
+ "id": 173,
"link": "/entries/ADS_Functor.html",
"permalink": "/entries/ADS_Functor.html",
"shortname": "ADS_Functor",
"title": "Authenticated Data Structures As Functors",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "Basin et al.'s \u003ca href=\"https://doi.org/10.1016/j.ipl.2014.09.009\"\u003esliding window algorithm (SWA)\u003c/a\u003e is an algorithm for combining the elements of subsequences of a sequence with an associative operator. It is greedy and minimizes the number of operator applications. We formalize the algorithm and verify its functional correctness. We extend the algorithm with additional operations and provide an alternative interface to the slide operation that does not require the entire input sequence.",
"authors": [
"Lukas Heimes",
"Dmitriy Traytel",
"Joshua Schneider"
],
"date": "2020-04-10",
- "id": 169,
+ "id": 174,
"link": "/entries/Sliding_Window_Algorithm.html",
"permalink": "/entries/Sliding_Window_Algorithm.html",
"shortname": "Sliding_Window_Algorithm",
"title": "Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization is the companion of the technical report “A comprehensive framework for saturation theorem proving”, itself companion of the eponym IJCAR 2020 paper, written by Uwe Waldmann, Sophie Tourret, Simon Robillard and Jasmin Blanchette. It verifies a framework for formal refutational completeness proofs of abstract provers that implement saturation calculi, such as ordered resolution or superposition, and allows to model entire prover architectures in such a way that the static refutational completeness of a calculus immediately implies the dynamic refutational completeness of a prover implementing the calculus using a variant of the given clause loop. The technical report “A comprehensive framework for saturation theorem proving” is available \u003ca href=\"http://matryoshka.gforge.inria.fr/pubs/satur_report.pdf\"\u003eon the Matryoshka website\u003c/a\u003e. The names of the Isabelle lemmas and theorems corresponding to the results in the report are indicated in the margin of the report.",
"authors": [
"Sophie Tourret"
],
"date": "2020-04-09",
- "id": 170,
+ "id": 175,
"link": "/entries/Saturation_Framework.html",
"permalink": "/entries/Saturation_Framework.html",
"shortname": "Saturation_Framework",
"title": "A Comprehensive Framework for Saturation Theorem Proving",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 1
},
{
"abstract": "A monitor is a runtime verification tool that solves the following problem: Given a stream of time-stamped events and a policy formulated in a specification language, decide whether the policy is satisfied at every point in the stream. We verify the correctness of an executable monitor for specifications given as formulas in metric first-order dynamic logic (MFODL), which combines the features of metric first-order temporal logic (MFOTL) and metric dynamic logic. Thus, MFODL supports real-time constraints, first-order parameters, and regular expressions. Additionally, the monitor supports aggregation operations such as count and sum. This formalization, which is described in a \u003ca href=\"http://people.inf.ethz.ch/trayteld/papers/ijcar20-verimonplus/verimonplus.pdf\"\u003e forthcoming paper at IJCAR 2020\u003c/a\u003e, significantly extends \u003ca href=\"https://www.isa-afp.org/entries/MFOTL_Monitor.html\"\u003eprevious work on a verified monitor\u003c/a\u003e for MFOTL. Apart from the addition of regular expressions and aggregations, we implemented \u003ca href=\"https://www.isa-afp.org/entries/Generic_Join.html\"\u003emulti-way joins\u003c/a\u003e and a specialized sliding window algorithm to further optimize the monitor.",
"authors": [
"Thibault Dardinier",
"Lukas Heimes",
"Martin Raszyk",
"Joshua Schneider",
"Dmitriy Traytel"
],
"date": "2020-04-09",
- "id": 171,
+ "id": 176,
"link": "/entries/MFODL_Monitor_Optimized.html",
"permalink": "/entries/MFODL_Monitor_Optimized.html",
"shortname": "MFODL_Monitor_Optimized",
"title": "Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations",
"topic_links": [
"computer-science/algorithms",
"logic/general-logic/modal-logic",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Algorithms",
"Logic/General logic/Modal logic",
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "In protocol verification we observe a wide spectrum from fully automated methods to interactive theorem proving with proof assistants like Isabelle/HOL. In this AFP entry, we present a fully-automated approach for verifying stateful security protocols, i.e., protocols with mutable state that may span several sessions. The approach supports reachability goals like secrecy and authentication. We also include a simple user-friendly transaction-based protocol specification language that is embedded into Isabelle.",
"authors": [
"Andreas V. Hess",
"Sebastian Mödersheim",
"Achim D. Brucker",
"Anders Schlichtkrull"
],
"date": "2020-04-08",
- "id": 172,
+ "id": 177,
"link": "/entries/Automated_Stateful_Protocol_Verification.html",
"permalink": "/entries/Automated_Stateful_Protocol_Verification.html",
"shortname": "Automated_Stateful_Protocol_Verification",
"title": "Automated Stateful Protocol Verification",
"topic_links": [
"computer-science/security",
"tools"
],
"topics": [
"Computer science/Security",
"Tools"
],
"used_by": 0
},
{
"abstract": "We provide in this AFP entry several relative soundness results for security protocols. In particular, we prove typing and compositionality results for stateful protocols (i.e., protocols with mutable state that may span several sessions), and that focuses on reachability properties. Such results are useful to simplify protocol verification by reducing it to a simpler problem: Typing results give conditions under which it is safe to verify a protocol in a typed model where only \"well-typed\" attacks can occur whereas compositionality results allow us to verify a composed protocol by only verifying the component protocols in isolation. The conditions on the protocols under which the results hold are furthermore syntactic in nature allowing for full automation. The foundation presented here is used in another entry to provide fully automated and formalized security proofs of stateful protocols.",
"authors": [
"Andreas V. Hess",
"Sebastian Mödersheim",
"Achim D. Brucker"
],
"date": "2020-04-08",
- "id": 173,
+ "id": 178,
"link": "/entries/Stateful_Protocol_Composition_and_Typing.html",
"permalink": "/entries/Stateful_Protocol_Composition_and_Typing.html",
"shortname": "Stateful_Protocol_Composition_and_Typing",
"title": "Stateful Protocol Composition and Typing",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 1
},
{
"abstract": "This work presents a formalisation of a generating function proof for Lucas's theorem. We first outline extensions to the existing Formal Power Series (FPS) library, including an equivalence relation for coefficients modulo \u003cem\u003en\u003c/em\u003e, an alternate binomial theorem statement, and a formalised proof of the Freshman's dream (mod \u003cem\u003ep\u003c/em\u003e) lemma. The second part of the work presents the formal proof of Lucas's Theorem. Working backwards, the formalisation first proves a well known corollary of the theorem which is easier to formalise, and then applies induction to prove the original theorem statement. The proof of the corollary aims to provide a good example of a formalised generating function equivalence proof using the FPS library. The final theorem statement is intended to be integrated into the formalised proof of Hilbert's 10th Problem.",
"authors": [
"Chelsea Edmonds"
],
"date": "2020-04-07",
- "id": 174,
+ "id": 179,
"link": "/entries/Lucas_Theorem.html",
"permalink": "/entries/Lucas_Theorem.html",
"shortname": "Lucas_Theorem",
"title": "Lucas's Theorem",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "Commutative Replicated Data Types (CRDTs) are a promising new class of data structures for large-scale shared mutable content in applications that only require eventual consistency. The WithOut Operational Transforms (WOOT) framework is a CRDT for collaborative text editing introduced by Oster et al. (CSCW 2006) for which the eventual consistency property was verified only for a bounded model to date. We contribute a formal proof for WOOTs strong eventual consistency.",
"authors": [
"Emin Karayel",
"Edgar Gonzàlez"
],
"date": "2020-03-25",
- "id": 175,
+ "id": 180,
"link": "/entries/WOOT_Strong_Eventual_Consistency.html",
"permalink": "/entries/WOOT_Strong_Eventual_Consistency.html",
"shortname": "WOOT_Strong_Eventual_Consistency",
"title": "Strong Eventual Consistency of the Collaborative Editing Framework WOOT",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article gives a formal version of Furstenberg's topological proof of the infinitude of primes. He defines a topology on the integers based on arithmetic progressions (or, equivalently, residue classes). Using some fairly obvious properties of this topology, the infinitude of primes is then easily obtained.\u003c/p\u003e \u003cp\u003eApart from this, this topology is also fairly ‘nice’ in general: it is second countable, metrizable, and perfect. All of these (well-known) facts are formally proven, including an explicit metric for the topology given by Zulfeqarr.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2020-03-22",
- "id": 176,
+ "id": 181,
"link": "/entries/Furstenberg_Topology.html",
"permalink": "/entries/Furstenberg_Topology.html",
"shortname": "Furstenberg_Topology",
"title": "Furstenberg's topology and his proof of the infinitude of primes",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "Recently, authors have proposed under-approximate logics for reasoning about programs. So far, all such logics have been confined to reasoning about individual program behaviours. Yet there exist many over-approximate relational logics for reasoning about pairs of programs and relating their behaviours. We present the first under-approximate relational logic, for the simple imperative language IMP. We prove our logic is both sound and complete. Additionally, we show how reasoning in this logic can be decomposed into non-relational reasoning in an under-approximate Hoare logic, mirroring Beringer’s result for over-approximate relational logics. We illustrate the application of our logic on some small examples in which we provably demonstrate the presence of insecurity.",
"authors": [
"Toby Murray"
],
"date": "2020-03-12",
- "id": 177,
+ "id": 182,
"link": "/entries/Relational-Incorrectness-Logic.html",
"permalink": "/entries/Relational-Incorrectness-Logic.html",
"shortname": "Relational-Incorrectness-Logic",
"title": "An Under-Approximate Relational Logic",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/security"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "In this article, we present a formalization of the well-known \"Hello, World!\" code, including a formal framework for reasoning about IO. Our model is inspired by the handling of IO in Haskell. We start by formalizing the 🌍 and embrace the IO monad afterwards. Then we present a sample main :: IO (), followed by its proof of correctness.",
"authors": [
"Cornelius Diekmann",
"Lars Hupel"
],
"date": "2020-03-07",
- "id": 178,
+ "id": 183,
"link": "/entries/Hello_World.html",
"permalink": "/entries/Hello_World.html",
"shortname": "Hello_World",
"title": "Hello World",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "In this formalization, we develop an implementation of the Goodstein function G in plain \u0026lambda;-calculus, linked to a concise, self-contained specification. The implementation works on a Church-encoded representation of countable ordinals. The initial conversion to hereditary base 2 is not covered, but the material is sufficient to compute the particular value G(16), and easily extends to other fixed arguments.",
"authors": [
"Bertram Felgenhauer"
],
"date": "2020-02-21",
- "id": 179,
+ "id": 184,
"link": "/entries/Goodstein_Lambda.html",
"permalink": "/entries/Goodstein_Lambda.html",
"shortname": "Goodstein_Lambda",
"title": "Implementing the Goodstein Function in \u0026lambda;-Calculus",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "This is a generic framework for formalizing compiler transformations. It leverages Isabelle/HOL’s locales to abstract over concrete languages and transformations. It states common definitions for language semantics, program behaviours, forward and backward simulations, and compilers. We provide generic operations, such as simulation and compiler composition, and prove general (partial) correctness theorems, resulting in reusable proof components.",
"authors": [
"Martin Desharnais"
],
"date": "2020-02-10",
- "id": 180,
+ "id": 185,
"link": "/entries/VeriComp.html",
"permalink": "/entries/VeriComp.html",
"shortname": "VeriComp",
"title": "A Generic Framework for Verified Compilers",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 1
},
{
"abstract": "This article provides a formalization of the solution obtained by the author of the Problem “ARITHMETIC PROGRESSIONS” from the \u003ca href=\"https://www.ocf.berkeley.edu/~wwu/riddles/putnam.shtml\"\u003e Putnam exam problems of 2002\u003c/a\u003e. The statement of the problem is as follows: For which integers \u003cem\u003en\u003c/em\u003e \u003e 1 does the set of positive integers less than and relatively prime to \u003cem\u003en\u003c/em\u003e constitute an arithmetic progression?",
"authors": [
"José Manuel Rodríguez Caballero"
],
"date": "2020-02-01",
- "id": 181,
+ "id": 186,
"link": "/entries/Arith_Prog_Rel_Primes.html",
"permalink": "/entries/Arith_Prog_Rel_Primes.html",
"shortname": "Arith_Prog_Rel_Primes",
"title": "Arithmetic progressions and relative primes",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "We present a collection of axiom systems for the construction of Boolean subalgebras of larger overall algebras. The subalgebras are defined as the range of a complement-like operation on a semilattice. This technique has been used, for example, with the antidomain operation, dynamic negation and Stone algebras. We present a common ground for these constructions based on a new equational axiomatisation of Boolean algebras.",
"authors": [
"Walter Guttmann",
"Bernhard Möller"
],
"date": "2020-01-31",
- "id": 182,
+ "id": 187,
"link": "/entries/Subset_Boolean_Algebras.html",
"permalink": "/entries/Subset_Boolean_Algebras.html",
"shortname": "Subset_Boolean_Algebras",
"title": "A Hierarchy of Algebras for Boolean Subsets",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis article provides formal proofs of basic properties of Mersenne numbers, i. e. numbers of the form 2\u003csup\u003e\u003cem\u003en\u003c/em\u003e\u003c/sup\u003e - 1, and especially of Mersenne primes.\u003c/p\u003e \u003cp\u003eIn particular, an efficient, verified, and executable version of the Lucas\u0026ndash;Lehmer test is developed. This test decides primality for Mersenne numbers in time polynomial in \u003cem\u003en\u003c/em\u003e.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2020-01-17",
- "id": 183,
+ "id": 188,
"link": "/entries/Mersenne_Primes.html",
"permalink": "/entries/Mersenne_Primes.html",
"shortname": "Mersenne_Primes",
"title": "Mersenne primes and the Lucas–Lehmer test",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "We present the first formal verification of approximation algorithms for NP-complete optimization problems: vertex cover, set cover, independent set, center selection, load balancing, and bin packing. The proofs correct incompletenesses in existing proofs and improve the approximation ratio in one case.",
"authors": [
"Robin Eßmann",
"Tobias Nipkow",
"Simon Robillard",
"Ujkan Sulejmani"
],
"date": "2020-01-16",
- "id": 184,
+ "id": 189,
"link": "/entries/Approximation_Algorithms.html",
"permalink": "/entries/Approximation_Algorithms.html",
"shortname": "Approximation_Algorithms",
"title": "Verified Approximation Algorithms",
"topic_links": [
"computer-science/algorithms/approximation"
],
"topics": [
"Computer science/Algorithms/Approximation"
],
"used_by": 0
},
{
"abstract": "This entry provides two related verified divide-and-conquer algorithms solving the fundamental \u003cem\u003eClosest Pair of Points\u003c/em\u003e problem in Computational Geometry. Functional correctness and the optimal running time of \u003cem\u003eO\u003c/em\u003e(\u003cem\u003en\u003c/em\u003e log \u003cem\u003en\u003c/em\u003e) are proved. Executable code is generated which is empirically competitive with handwritten reference implementations.",
"authors": [
"Martin Rau",
"Tobias Nipkow"
],
"date": "2020-01-13",
- "id": 185,
+ "id": 190,
"link": "/entries/Closest_Pair_Points.html",
"permalink": "/entries/Closest_Pair_Points.html",
"shortname": "Closest_Pair_Points",
"title": "Closest Pair of Points Algorithms",
"topic_links": [
"computer-science/algorithms/geometry"
],
"topics": [
"Computer science/Algorithms/Geometry"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e Skip lists are sorted linked lists enhanced with shortcuts and are an alternative to binary search trees. A skip lists consists of multiple levels of sorted linked lists where a list on level n is a subsequence of the list on level n − 1. In the ideal case, elements are skipped in such a way that a lookup in a skip lists takes O(log n) time. In a randomised skip list the skipped elements are choosen randomly. \u003c/p\u003e \u003cp\u003e This entry contains formalized proofs of the textbook results about the expected height and the expected length of a search path in a randomised skip list. \u003c/p\u003e",
"authors": [
"Max W. Haslbeck",
"Manuel Eberl"
],
"date": "2020-01-09",
- "id": 186,
+ "id": 191,
"link": "/entries/Skip_Lists.html",
"permalink": "/entries/Skip_Lists.html",
"shortname": "Skip_Lists",
"title": "Skip Lists",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e Taking as a starting point the author's previous work on developing aspects of category theory in Isabelle/HOL, this article gives a compatible formalization of the notion of \"bicategory\" and develops a framework within which formal proofs of facts about bicategories can be given. The framework includes a number of basic results, including the Coherence Theorem, the Strictness Theorem, pseudofunctors and biequivalence, and facts about internal equivalences and adjunctions in a bicategory. As a driving application and demonstration of the utility of the framework, it is used to give a formal proof of a theorem, due to Carboni, Kasangian, and Street, that characterizes up to biequivalence the bicategories of spans in a category with pullbacks. The formalization effort necessitated the filling-in of many details that were not evident from the brief presentation in the original paper, as well as identifying a few minor corrections along the way. \u003c/p\u003e\u003cp\u003e Revisions made subsequent to the first version of this article added additional material on pseudofunctors, pseudonatural transformations, modifications, and equivalence of bicategories; the main thrust being to give a proof that a pseudofunctor is a biequivalence if and only if it can be extended to an equivalence of bicategories. \u003c/p\u003e",
"authors": [
"Eugene W. Stark"
],
"date": "2020-01-06",
- "id": 187,
+ "id": 192,
"link": "/entries/Bicategory.html",
"permalink": "/entries/Bicategory.html",
"shortname": "Bicategory",
"title": "Bicategories",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a formalisation of Beukers's straightforward analytic proof that ζ(3) is irrational. This was first proven by Apéry (which is why this result is also often called ‘Apéry's Theorem’) using a more algebraic approach. This formalisation follows \u003ca href=\"http://people.math.sc.edu/filaseta/gradcourses/Math785/Math785Notes4.pdf\"\u003eFilaseta's presentation\u003c/a\u003e of Beukers's proof.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2019-12-27",
- "id": 188,
+ "id": 193,
"link": "/entries/Zeta_3_Irrational.html",
"permalink": "/entries/Zeta_3_Irrational.html",
"shortname": "Zeta_3_Irrational",
"title": "The Irrationality of ζ(3)",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
- "abstract": "This work is a formalization of soundness and completeness proofs for a Seligman-style tableau system for hybrid logic. The completeness result is obtained via a synthetic approach using maximally consistent sets of tableau blocks. The formalization differs from previous work in a few ways. First, to avoid the need to backtrack in the construction of a tableau, the formalized system has no unnamed initial segment, and therefore no Name rule. Second, I show that the full Bridge rule is admissible in the system. Third, I start from rules restricted to only extend the branch with new formulas, including only witnessing diamonds that are not already witnessed, and show that the unrestricted rules are admissible. Similarly, I start from simpler versions of the @-rules and show that these are sufficient. The GoTo rule is restricted using a notion of potential such that each application consumes potential and potential is earned through applications of the remaining rules. I show that if a branch can be closed then it can be closed starting from a single unit. Finally, Nom is restricted by a fixed set of allowed nominals. The resulting system should be terminating.",
+ "abstract": "This work is a formalization of soundness and completeness proofs for a Seligman-style tableau system for hybrid logic. The completeness result is obtained via a synthetic approach using maximally consistent sets of tableau blocks. The formalization differs from previous work in a few ways. First, to avoid the need to backtrack in the construction of a tableau, the formalized system has no unnamed initial segment, and therefore no Name rule. Second, I show that the full Bridge rule is admissible in the system. Third, I start from rules restricted to only extend the branch with new formulas, including only witnessing diamonds that are not already witnessed, and show that the unrestricted rules are admissible. Similarly, I start from simpler versions of the @-rules and show that these are sufficient. The GoTo rule is restricted using a notion of potential such that each application consumes potential and potential is earned through applications of the remaining rules. I show that if a branch can be closed then it can be closed starting from a single unit. Finally, Nom is restricted by a fixed set of allowed nominals. The resulting system should be terminating. Paper: \u003ca href=\"https://doi.org/10.4230/LIPIcs.TYPES.2020.5\"\u003edoi.org/10.4230/LIPIcs.TYPES.2020.5\u003c/a\u003e.",
"authors": [
"Asta Halkjær From"
],
"date": "2019-12-20",
- "id": 189,
+ "id": 194,
"link": "/entries/Hybrid_Logic.html",
"permalink": "/entries/Hybrid_Logic.html",
"shortname": "Hybrid_Logic",
"title": "Formalizing a Seligman-Style Tableau System for Hybrid Logic",
"topic_links": [
"logic/general-logic/modal-logic"
],
"topics": [
"Logic/General logic/Modal logic"
],
"used_by": 0
},
{
"abstract": "The Poincaré-Bendixson theorem is a classical result in the study of (continuous) dynamical systems. Colloquially, it restricts the possible behaviors of planar dynamical systems: such systems cannot be chaotic. In practice, it is a useful tool for proving the existence of (limiting) periodic behavior in planar systems. The theorem is an interesting and challenging benchmark for formalized mathematics because proofs in the literature rely on geometric sketches and only hint at symmetric cases. It also requires a substantial background of mathematical theories, e.g., the Jordan curve theorem, real analysis, ordinary differential equations, and limiting (long-term) behavior of dynamical systems.",
"authors": [
"Fabian Immler",
"Yong Kiam Tan"
],
"date": "2019-12-18",
- "id": 190,
+ "id": 195,
"link": "/entries/Poincare_Bendixson.html",
"permalink": "/entries/Poincare_Bendixson.html",
"shortname": "Poincare_Bendixson",
"title": "The Poincaré-Bendixson Theorem",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "A formalization of geometry of complex numbers is presented. Fundamental objects that are investigated are the complex plane extended by a single infinite point, its objects (points, lines and circles), and groups of transformations that act on them (e.g., inversions and Möbius transformations). Most objects are defined algebraically, but correspondence with classical geometric definitions is shown.",
"authors": [
"Filip Marić",
"Danijela Simić"
],
"date": "2019-12-16",
- "id": 191,
+ "id": 196,
"link": "/entries/Complex_Geometry.html",
"permalink": "/entries/Complex_Geometry.html",
"shortname": "Complex_Geometry",
"title": "Complex Geometry",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 2
},
{
"abstract": "We describe formalization of the Poincaré disc model of hyperbolic geometry within the Isabelle/HOL proof assistant. The model is defined within the extended complex plane (one dimensional complex projectives space \u0026#8450;P1), formalized in the AFP entry “Complex Geometry”. Points, lines, congruence of pairs of points, betweenness of triples of points, circles, and isometries are defined within the model. It is shown that the model satisfies all Tarski's axioms except the Euclid's axiom. It is shown that it satisfies its negation and the limiting parallels axiom (which proves it to be a model of hyperbolic geometry).",
"authors": [
"Danijela Simić",
"Filip Marić",
"Pierre Boutry"
],
"date": "2019-12-16",
- "id": 192,
+ "id": 197,
"link": "/entries/Poincare_Disc.html",
"permalink": "/entries/Poincare_Disc.html",
"shortname": "Poincare_Disc",
"title": "Poincaré Disc Model",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a full formalisation of Chapter 8 of Apostol's \u003cem\u003e\u003ca href=\"https://www.springer.com/de/book/9780387901633\"\u003eIntroduction to Analytic Number Theory\u003c/a\u003e\u003c/em\u003e. Subjects that are covered are:\u003c/p\u003e \u003cul\u003e \u003cli\u003eperiodic arithmetic functions and their finite Fourier series\u003c/li\u003e \u003cli\u003e(generalised) Ramanujan sums\u003c/li\u003e \u003cli\u003eGauss sums and separable characters\u003c/li\u003e \u003cli\u003einduced moduli and primitive characters\u003c/li\u003e \u003cli\u003ethe Pólya\u0026mdash;Vinogradov inequality\u003c/li\u003e \u003c/ul\u003e",
"authors": [
"Rodrigo Raya",
"Manuel Eberl"
],
"date": "2019-12-10",
- "id": 193,
+ "id": 198,
"link": "/entries/Gauss_Sums.html",
"permalink": "/entries/Gauss_Sums.html",
"shortname": "Gauss_Sums",
"title": "Gauss Sums and the Pólya–Vinogradov Inequality",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "Counting sort is a well-known algorithm that sorts objects of any kind mapped to integer keys, or else to keys in one-to-one correspondence with some subset of the integers (e.g. alphabet letters). However, it is suitable for direct use, viz. not just as a subroutine of another sorting algorithm (e.g. radix sort), only if the key range is not significantly larger than the number of the objects to be sorted. This paper describes a tail-recursive generalization of counting sort making use of a bounded number of counters, suitable for direct use in case of a large, or even infinite key range of any kind, subject to the only constraint of being a subset of an arbitrary linear order. After performing a pen-and-paper analysis of how such algorithm has to be designed to maximize its efficiency, this paper formalizes the resulting generalized counting sort (GCsort) algorithm and then formally proves its correctness properties, namely that (a) the counters' number is maximized never exceeding the fixed upper bound, (b) objects are conserved, (c) objects get sorted, and (d) the algorithm is stable.",
"authors": [
"Pasquale Noce"
],
"date": "2019-12-04",
- "id": 194,
+ "id": 199,
"link": "/entries/Generalized_Counting_Sort.html",
"permalink": "/entries/Generalized_Counting_Sort.html",
"shortname": "Generalized_Counting_Sort",
"title": "An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges",
"topic_links": [
"computer-science/algorithms",
"computer-science/functional-programming"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "Interval_Arithmetic implements conservative interval arithmetic computations, then uses this interval arithmetic to implement a simple programming language where all terms have 32-bit signed word values, with explicit infinities for terms outside the representable bounds. Our target use case is interpreters for languages that must have a well-understood low-level behavior. We include a formalization of bounded-length strings which are used for the identifiers of our language. Bounded-length identifiers are useful in some applications, for example the \u003ca href=\"https://www.isa-afp.org/entries/Differential_Dynamic_Logic.html\"\u003eDifferential_Dynamic_Logic\u003c/a\u003e article, where a Euclidean space indexed by identifiers demands that identifiers are finitely many.",
"authors": [
"Rose Bohrer"
],
"date": "2019-11-27",
- "id": 195,
+ "id": 200,
"link": "/entries/Interval_Arithmetic_Word32.html",
"permalink": "/entries/Interval_Arithmetic_Word32.html",
"shortname": "Interval_Arithmetic_Word32",
"title": "Interval Arithmetic on 32-bit Words",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry is a new formalisation of ZFC set theory in Isabelle/HOL. It is logically equivalent to Obua's HOLZF; the point is to have the closest possible integration with the rest of Isabelle/HOL, minimising the amount of new notations and exploiting type classes.\u003c/p\u003e \u003cp\u003eThere is a type \u003cem\u003eV\u003c/em\u003e of sets and a function \u003cem\u003eelts :: V =\u0026gt; V set\u003c/em\u003e mapping a set to its elements. Classes simply have type \u003cem\u003eV set\u003c/em\u003e, and a predicate identifies the small classes: those that correspond to actual sets. Type classes connected with orders and lattices are used to minimise the amount of new notation for concepts such as the subset relation, union and intersection. Basic concepts — Cartesian products, disjoint sums, natural numbers, functions, etc. — are formalised.\u003c/p\u003e \u003cp\u003eMore advanced set-theoretic concepts, such as transfinite induction, ordinals, cardinals and the transitive closure of a set, are also provided. The definition of addition and multiplication for general sets (not just ordinals) follows Kirby.\u003c/p\u003e \u003cp\u003eThe theory provides two type classes with the aim of facilitating developments that combine \u003cem\u003eV\u003c/em\u003e with other Isabelle/HOL types: \u003cem\u003eembeddable\u003c/em\u003e, the class of types that can be injected into \u003cem\u003eV\u003c/em\u003e (including \u003cem\u003eV\u003c/em\u003e itself as well as \u003cem\u003eV*V\u003c/em\u003e, etc.), and \u003cem\u003esmall\u003c/em\u003e, the class of types that correspond to some ZF set.\u003c/p\u003e extra-history = Change history: [2020-01-28]: Generalisation of the \"small\" predicate and order types to arbitrary sets; ordinal exponentiation; introduction of the coercion ord_of_nat :: \"nat =\u003e V\"; numerous new lemmas. (revision 6081d5be8d08)",
"authors": [
"Lawrence C. Paulson"
],
"date": "2019-10-24",
- "id": 196,
+ "id": 201,
"link": "/entries/ZFC_in_HOL.html",
"permalink": "/entries/ZFC_in_HOL.html",
"shortname": "ZFC_in_HOL",
"title": "Zermelo Fraenkel Set Theory in Higher-Order Logic",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 4
},
{
"abstract": "We present a framework for C code in C11 syntax deeply integrated into the Isabelle/PIDE development environment. Our framework provides an abstract interface for verification back-ends to be plugged-in independently. Thus, various techniques such as deductive program verification or white-box testing can be applied to the same source, which is part of an integrated PIDE document model. Semantic back-ends are free to choose the supported C fragment and its semantics. In particular, they can differ on the chosen memory model or the specification mechanism for framing conditions. Our framework supports semantic annotations of C sources in the form of comments. Annotations serve to locally control back-end settings, and can express the term focus to which an annotation refers. Both the logical and the syntactic context are available when semantic annotations are evaluated. As a consequence, a formula in an annotation can refer both to HOL or C variables. Our approach demonstrates the degree of maturity and expressive power the Isabelle/PIDE sub-system has achieved in recent years. Our integration technique employs Lex and Yacc style grammars to ensure efficient deterministic parsing. This is the core-module of Isabelle/C; the AFP package for Clean and Clean_wrapper as well as AutoCorres and AutoCorres_wrapper (available via git) are applications of this front-end.",
"authors": [
"Frédéric Tuong",
"Burkhart Wolff"
],
"date": "2019-10-22",
- "id": 197,
+ "id": 202,
"link": "/entries/Isabelle_C.html",
"permalink": "/entries/Isabelle_C.html",
"shortname": "Isabelle_C",
"title": "Isabelle/C",
"topic_links": [
"computer-science/programming-languages/language-definitions",
"computer-science/semantics-and-reasoning",
"tools"
],
"topics": [
"Computer science/Programming languages/Language definitions",
"Computer science/Semantics and reasoning",
"Tools"
],
"used_by": 0
},
{
"abstract": "VerifyThis 2019 (http://www.pm.inf.ethz.ch/research/verifythis.html) was a program verification competition associated with ETAPS 2019. It was the 8th event in the VerifyThis competition series. In this entry, we present polished and completed versions of our solutions that we created during the competition.",
"authors": [
"Peter Lammich",
"Simon Wimmer"
],
"date": "2019-10-16",
- "id": 198,
+ "id": 203,
"link": "/entries/VerifyThis2019.html",
"permalink": "/entries/VerifyThis2019.html",
"shortname": "VerifyThis2019",
"title": "VerifyThis 2019 -- Polished Isabelle Solutions",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "We formalise with Isabelle/HOL some basic elements of Aristotle's assertoric syllogistic following the \u003ca href=\"https://plato.stanford.edu/entries/aristotle-logic/\"\u003earticle from the Stanford Encyclopedia of Philosophy by Robin Smith.\u003c/a\u003e To this end, we use a set theoretic formulation (covering both individual and general predication). In particular, we formalise the deductions in the Figures and after that we present Aristotle's metatheoretical observation that all deductions in the Figures can in fact be reduced to either Barbara or Celarent. As the formal proofs prove to be straightforward, the interest of this entry lies in illustrating the functionality of Isabelle and high efficiency of Sledgehammer for simple exercises in philosophy.",
"authors": [
"Angeliki Koutsoukou-Argyraki"
],
"date": "2019-10-08",
- "id": 199,
+ "id": 204,
"link": "/entries/Aristotles_Assertoric_Syllogistic.html",
"permalink": "/entries/Aristotles_Assertoric_Syllogistic.html",
"shortname": "Aristotles_Assertoric_Syllogistic",
"title": "Aristotle's Assertoric Syllogistic",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "We use CryptHOL to formalise commitment schemes and Sigma-protocols. Both are widely used fundamental two party cryptographic primitives. Security for commitment schemes is considered using game-based definitions whereas the security of Sigma-protocols is considered using both the game-based and simulation-based security paradigms. In this work, we first define security for both primitives and then prove secure multiple case studies: the Schnorr, Chaum-Pedersen and Okamoto Sigma-protocols as well as a construction that allows for compound (AND and OR statements) Sigma-protocols and the Pedersen and Rivest commitment schemes. We also prove that commitment schemes can be constructed from Sigma-protocols. We formalise this proof at an abstract level, only assuming the existence of a Sigma-protocol; consequently, the instantiations of this result for the concrete Sigma-protocols we consider come for free.",
"authors": [
"David Butler",
"Andreas Lochbihler"
],
"date": "2019-10-07",
- "id": 200,
+ "id": 205,
"link": "/entries/Sigma_Commit_Crypto.html",
"permalink": "/entries/Sigma_Commit_Crypto.html",
"shortname": "Sigma_Commit_Crypto",
"title": "Sigma Protocols and Commitment Schemes",
"topic_links": [
"computer-science/security/cryptography"
],
"topics": [
"Computer science/Security/Cryptography"
],
"used_by": 1
},
{
"abstract": "Clean is based on a simple, abstract execution model for an imperative target language. “Abstract” is understood in contrast to “Concrete Semantics”; alternatively, the term “shallow-style embedding” could be used. It strives for a type-safe notion of program-variables, an incremental construction of the typed state-space, support of incremental verification, and open-world extensibility of new type definitions being intertwined with the program definitions. Clean is based on a “no-frills” state-exception monad with the usual definitions of bind and unit for the compositional glue of state-based computations. Clean offers conditionals and loops supporting C-like control-flow operators such as break and return. The state-space construction is based on the extensible record package. Direct recursion of procedures is supported. Clean’s design strives for extreme simplicity. It is geared towards symbolic execution and proven correct verification tools. The underlying libraries of this package, however, deliberately restrict themselves to the most elementary infrastructure for these tasks. The package is intended to serve as demonstrator semantic backend for Isabelle/C, or for the test-generation techniques.",
"authors": [
"Frédéric Tuong",
"Burkhart Wolff"
],
"date": "2019-10-04",
- "id": 201,
+ "id": 206,
"link": "/entries/Clean.html",
"permalink": "/entries/Clean.html",
"shortname": "Clean",
"title": "Clean - An Abstract Imperative Programming Language and its Theory",
"topic_links": [
"computer-science/programming-languages",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Programming languages",
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "Worst-case optimal multiway-join algorithms are recent seminal achievement of the database community. These algorithms compute the natural join of multiple relational databases and improve in the worst case over traditional query plan optimizations of nested binary joins. In 2014, \u003ca href=\"https://doi.org/10.1145/2590989.2590991\"\u003eNgo, Ré, and Rudra\u003c/a\u003e gave a unified presentation of different multi-way join algorithms. We formalized and proved correct their \"Generic Join\" algorithm and extended it to support negative joins.",
"authors": [
"Thibault Dardinier"
],
"date": "2019-09-16",
- "id": 202,
+ "id": 207,
"link": "/entries/Generic_Join.html",
"permalink": "/entries/Generic_Join.html",
"shortname": "Generic_Join",
"title": "Formalization of Multiway-Join Algorithms",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 1
},
{
"abstract": "These components formalise a semantic framework for the deductive verification of hybrid systems. They support reasoning about continuous evolutions of hybrid programs in the style of differential dynamics logic. Vector fields or flows model these evolutions, and their verification is done with invariants for the former or orbits for the latter. Laws of modal Kleene algebra or categorical predicate transformers implement the verification condition generation. Examples show the approach at work.",
"authors": [
"Jonathan Julian Huerta y Munive"
],
"date": "2019-09-10",
- "id": 203,
+ "id": 208,
"link": "/entries/Hybrid_Systems_VCs.html",
"permalink": "/entries/Hybrid_Systems_VCs.html",
"shortname": "Hybrid_Systems_VCs",
"title": "Verification Components for Hybrid Systems",
"topic_links": [
"mathematics/algebra",
"mathematics/analysis"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "This development formalises the square integrable functions over the reals and the basics of Fourier series. It culminates with a proof that every well-behaved periodic function can be approximated by a Fourier series. The material is ported from HOL Light: https://github.com/jrh13/hol-light/blob/master/100/fourier.ml",
"authors": [
"Lawrence C. Paulson"
],
"date": "2019-09-06",
- "id": 204,
+ "id": 209,
"link": "/entries/Fourier.html",
"permalink": "/entries/Fourier.html",
"shortname": "Fourier",
"title": "Fourier Series",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "The focus of this case study is re-use in abstract algebra. It contains locale-based formalisations of selected parts of set, group and ring theory from Jacobson's \u003ci\u003eBasic Algebra\u003c/i\u003e leading to the respective fundamental homomorphism theorems. The study is not intended as a library base for abstract algebra. It rather explores an approach towards abstract algebra in Isabelle.",
"authors": [
"Clemens Ballarin"
],
"date": "2019-08-30",
- "id": 205,
+ "id": 210,
"link": "/entries/Jacobson_Basic_Algebra.html",
"permalink": "/entries/Jacobson_Basic_Algebra.html",
"shortname": "Jacobson_Basic_Algebra",
"title": "A Case Study in Basic Algebra",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 3
},
{
"abstract": "This entry provides a formalisation of a refinement of an adaptive state counting algorithm, used to test for reduction between finite state machines. The algorithm has been originally presented by Hierons in the paper \u003ca href=\"https://doi.org/10.1109/TC.2004.85\"\u003eTesting from a Non-Deterministic Finite State Machine Using Adaptive State Counting\u003c/a\u003e. Definitions for finite state machines and adaptive test cases are given and many useful theorems are derived from these. The algorithm is formalised using mutually recursive functions, for which it is proven that the generated test suite is sufficient to test for reduction against finite state machines of a certain fault domain. Additionally, the algorithm is specified in a simple WHILE-language and its correctness is shown using Hoare-logic.",
"authors": [
"Robert Sachtleben"
],
"date": "2019-08-16",
- "id": 206,
+ "id": 211,
"link": "/entries/Adaptive_State_Counting.html",
"permalink": "/entries/Adaptive_State_Counting.html",
"shortname": "Adaptive_State_Counting",
"title": "Formalisation of an Adaptive State Counting Algorithm",
"topic_links": [
"computer-science/automata-and-formal-languages",
"computer-science/algorithms"
],
"topics": [
"Computer science/Automata and formal languages",
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This entry formalizes the Laplace transform and concrete Laplace transforms for arithmetic functions, frequency shift, integration and (higher) differentiation in the time domain. It proves Lerch's lemma and uniqueness of the Laplace transform for continuous functions. In order to formalize the foundational assumptions, this entry contains a formalization of piecewise continuous functions and functions of exponential order.",
"authors": [
"Fabian Immler"
],
"date": "2019-08-14",
- "id": 207,
+ "id": 212,
"link": "/entries/Laplace_Transform.html",
"permalink": "/entries/Laplace_Transform.html",
"shortname": "Laplace_Transform",
"title": "Laplace Transform",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "Communicating Concurrent Kleene Algebra (C²KA) is a mathematical framework for capturing the communicating and concurrent behaviour of agents in distributed systems. It extends Hoare et al.'s Concurrent Kleene Algebra (CKA) with communication actions through the notions of stimuli and shared environments. C²KA has applications in studying system-level properties of distributed systems such as safety, security, and reliability. In this work, we formalize results about C²KA and its application for distributed systems specification. We first formalize the stimulus structure and behaviour structure (CKA). Next, we combine them to formalize C²KA and its properties. Then, we formalize notions and properties related to the topology of distributed systems and the potential for communication via stimuli and via shared environments of agents, all within the algebraic setting of C²KA.",
"authors": [
"Maxime Buyse",
"Jason Jaskolka"
],
"date": "2019-08-06",
- "id": 208,
+ "id": 213,
"link": "/entries/C2KA_DistributedSystems.html",
"permalink": "/entries/C2KA_DistributedSystems.html",
"shortname": "C2KA_DistributedSystems",
"title": "Communicating Concurrent Kleene Algebra for Distributed Systems Specification",
"topic_links": [
"computer-science/automata-and-formal-languages",
"mathematics/algebra"
],
"topics": [
"Computer science/Automata and formal languages",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "We use the previous formalization of the general simplex algorithm to formulate an algorithm for solving linear programs. We encode the linear programs using only linear constraints. Solving these constraints also solves the original linear program. This algorithm is proven to be sound by applying the weak duality theorem which is also part of this formalization.",
"authors": [
"Julian Parsert",
"Cezary Kaliszyk"
],
"date": "2019-08-06",
- "id": 209,
+ "id": 214,
"link": "/entries/Linear_Programming.html",
"permalink": "/entries/Linear_Programming.html",
"shortname": "Linear_Programming",
"title": "Linear Programming",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry contains formalisations of the answers to three of the six problem of the International Mathematical Olympiad 2019, namely Q1, Q4, and Q5.\u003c/p\u003e \u003cp\u003eThe reason why these problems were chosen is that they are particularly amenable to formalisation: they can be solved with minimal use of libraries. The remaining three concern geometry and graph theory, which, in the author's opinion, are more difficult to formalise resp. require a more complex library.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2019-08-05",
- "id": 210,
+ "id": 215,
"link": "/entries/IMO2019.html",
"permalink": "/entries/IMO2019.html",
"shortname": "IMO2019",
"title": "Selected Problems from the International Mathematical Olympiad 2019",
"topic_links": [
"mathematics/misc"
],
"topics": [
"Mathematics/Misc"
],
"used_by": 0
},
{
"abstract": "We formalize the static properties of personal Byzantine quorum systems (PBQSs) and Stellar quorum systems, as described in the paper ``Stellar Consensus by Reduction'' (to appear at DISC 2019).",
"authors": [
"Giuliano Losa"
],
"date": "2019-08-01",
- "id": 211,
+ "id": 216,
"link": "/entries/Stellar_Quorums.html",
"permalink": "/entries/Stellar_Quorums.html",
"shortname": "Stellar_Quorums",
"title": "Stellar Quorum Systems",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "The design of complex systems involves different formalisms for modeling their different parts or aspects. The global model of a system may therefore consist of a coordination of concurrent sub-models that use different paradigms. We develop here a theory for a language used to specify the timed coordination of such heterogeneous subsystems by addressing the following issues: \u003cul\u003e\u003cli\u003ethe behavior of the sub-systems is observed only at a series of discrete instants,\u003c/li\u003e\u003cli\u003eevents may occur in different sub-systems at unrelated times, leading to polychronous systems, which do not necessarily have a common base clock,\u003c/li\u003e\u003cli\u003ecoordination between subsystems involves causality, so the occurrence of an event may enforce the occurrence of other events, possibly after a certain duration has elapsed or an event has occurred a given number of times,\u003c/li\u003e\u003cli\u003ethe domain of time (discrete, rational, continuous...) may be different in the subsystems, leading to polytimed systems,\u003c/li\u003e\u003cli\u003ethe time frames of different sub-systems may be related (for instance, time in a GPS satellite and in a GPS receiver on Earth are related although they are not the same).\u003c/li\u003e\u003c/ul\u003e Firstly, a denotational semantics of the language is defined. Then, in order to be able to incrementally check the behavior of systems, an operational semantics is given, with proofs of progress, soundness and completeness with regard to the denotational semantics. These proofs are made according to a setup that can scale up when new operators are added to the language. In order for specifications to be composed in a clean way, the language should be invariant by stuttering (i.e., adding observation instants at which nothing happens). The proof of this invariance is also given.",
"authors": [
"Hai Nguyen Van",
"Frédéric Boulanger",
"Burkhart Wolff"
],
"date": "2019-07-30",
- "id": 212,
+ "id": 217,
"link": "/entries/TESL_Language.html",
"permalink": "/entries/TESL_Language.html",
"shortname": "TESL_Language",
"title": "A Formal Development of a Polychronous Polytimed Coordination Language",
"topic_links": [
"computer-science/system-description-languages",
"computer-science/semantics-and-reasoning",
"computer-science/concurrency"
],
"topics": [
"Computer science/System description languages",
"Computer science/Semantics and reasoning",
"Computer science/Concurrency"
],
"used_by": 0
},
{
"abstract": "This entry is concerned with the principle of order extension, i.e. the extension of an order relation to a total order relation. To this end, we prove a more general version of Szpilrajn's extension theorem employing terminology from the book \"Consistency, Choice, and Rationality\" by Bossert and Suzumura. We also formalize theorem 2.7 of their book.",
"authors": [
"Peter Zeller",
"Lukas Stevens"
],
"date": "2019-07-27",
- "id": 213,
+ "id": 218,
"link": "/entries/Szpilrajn.html",
"permalink": "/entries/Szpilrajn.html",
"shortname": "Szpilrajn",
"title": "Order Extension and Szpilrajn's Extension Theorem",
"topic_links": [
"mathematics/order"
],
"topics": [
"Mathematics/Order"
],
"used_by": 1
},
{
- "abstract": "This work formalizes soundness and completeness of a one-sided sequent calculus for first-order logic. The completeness is shown via a translation from a complete semantic tableau calculus, the proof of which is based on the First-Order Logic According to Fitting theory. The calculi and proof techniques are taken from Ben-Ari's Mathematical Logic for Computer Science. Paper: \u003ca href=\"http://ceur-ws.org/Vol-3002/paper7.pdf\"\u003ehttp://ceur-ws.org/Vol-3002/paper7.pdf\u003c/a\u003e.",
+ "abstract": "This work formalizes soundness and completeness of a one-sided sequent calculus for first-order logic. The completeness is shown via a translation from a complete semantic tableau calculus, the proof of which is based on the First-Order Logic According to Fitting theory. The calculi and proof techniques are taken from Ben-Ari's Mathematical Logic for Computer Science. Paper: \u003ca href=\"http://ceur-ws.org/Vol-3002/paper7.pdf\"\u003eceur-ws.org/Vol-3002/paper7.pdf\u003c/a\u003e.",
"authors": [
"Asta Halkjær From"
],
"date": "2019-07-18",
- "id": 214,
+ "id": 219,
"link": "/entries/FOL_Seq_Calc1.html",
"permalink": "/entries/FOL_Seq_Calc1.html",
"shortname": "FOL_Seq_Calc1",
"title": "A Sequent Calculus for First-Order Logic",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 1
},
{
"abstract": "This entry contains the formalization that accompanies my PhD thesis (see https://lars.hupel.info/research/codegen/). I develop a verified compilation toolchain from executable specifications in Isabelle/HOL to CakeML abstract syntax trees. This improves over the state-of-the-art in Isabelle by providing a trustworthy procedure for code generation.",
"authors": [
"Lars Hupel"
],
"date": "2019-07-08",
- "id": 215,
+ "id": 220,
"link": "/entries/CakeML_Codegen.html",
"permalink": "/entries/CakeML_Codegen.html",
"shortname": "CakeML_Codegen",
"title": "A Verified Code Generator from Isabelle/HOL to CakeML",
"topic_links": [
"computer-science/programming-languages/compiling",
"logic/rewriting"
],
"topics": [
"Computer science/Programming languages/Compiling",
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "A monitor is a runtime verification tool that solves the following problem: Given a stream of time-stamped events and a policy formulated in a specification language, decide whether the policy is satisfied at every point in the stream. We verify the correctness of an executable monitor for specifications given as formulas in metric first-order temporal logic (MFOTL), an expressive extension of linear temporal logic with real-time constraints and first-order quantification. The verified monitor implements a simplified variant of the algorithm used in the efficient MonPoly monitoring tool. The formalization is presented in a \u003ca href=\"https://doi.org/10.1007/978-3-030-32079-9_18\"\u003eRV 2019 paper\u003c/a\u003e, which also compares the output of the verified monitor to that of other monitoring tools on randomly generated inputs. This case study revealed several errors in the optimized but unverified tools.",
"authors": [
"Joshua Schneider",
"Dmitriy Traytel"
],
"date": "2019-07-04",
- "id": 216,
+ "id": 221,
"link": "/entries/MFOTL_Monitor.html",
"permalink": "/entries/MFOTL_Monitor.html",
"shortname": "MFOTL_Monitor",
"title": "Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic",
"topic_links": [
"computer-science/algorithms",
"logic/general-logic/temporal-logic",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Algorithms",
"Logic/General logic/Temporal logic",
"Computer science/Automata and formal languages"
],
"used_by": 2
},
{
"abstract": "We develop an Isabelle/HOL library of order-theoretic concepts, such as various completeness conditions and fixed-point theorems. We keep our formalization as general as possible: we reprove several well-known results about complete orders, often without any properties of ordering, thus complete non-orders. In particular, we generalize the Knaster–Tarski theorem so that we ensure the existence of a quasi-fixed point of monotone maps over complete non-orders, and show that the set of quasi-fixed points is complete under a mild condition—attractivity—which is implied by either antisymmetry or transitivity. This result generalizes and strengthens a result by Stauti and Maaden. Finally, we recover Kleene’s fixed-point theorem for omega-complete non-orders, again using attractivity to prove that Kleene’s fixed points are least quasi-fixed points.",
"authors": [
"Akihisa Yamada",
"Jérémy Dubut"
],
"date": "2019-06-27",
- "id": 217,
+ "id": 222,
"link": "/entries/Complete_Non_Orders.html",
"permalink": "/entries/Complete_Non_Orders.html",
"shortname": "Complete_Non_Orders",
"title": "Complete Non-Orders and Fixed Points",
"topic_links": [
"mathematics/order"
],
"topics": [
"Mathematics/Order"
],
"used_by": 0
},
{
"abstract": "We present a new, purely functional, simple and efficient data structure combining a search tree and a priority queue, which we call a \u003cem\u003epriority search tree\u003c/em\u003e. The salient feature of priority search trees is that they offer a decrease-key operation, something that is missing from other simple, purely functional priority queue implementations. Priority search trees can be implemented on top of any search tree. This entry does the implementation for red-black trees. This entry formalizes the first part of our ITP-2019 proof pearl \u003cem\u003ePurely Functional, Simple and Efficient Priority Search Trees and Applications to Prim and Dijkstra\u003c/em\u003e.",
"authors": [
"Peter Lammich",
"Tobias Nipkow"
],
"date": "2019-06-25",
- "id": 218,
+ "id": 223,
"link": "/entries/Priority_Search_Trees.html",
"permalink": "/entries/Priority_Search_Trees.html",
"shortname": "Priority_Search_Trees",
"title": "Priority Search Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "We verify purely functional, simple and efficient implementations of Prim's and Dijkstra's algorithms. This constitutes the first verification of an executable and even efficient version of Prim's algorithm. This entry formalizes the second part of our ITP-2019 proof pearl \u003cem\u003ePurely Functional, Simple and Efficient Priority Search Trees and Applications to Prim and Dijkstra\u003c/em\u003e.",
"authors": [
"Peter Lammich",
"Tobias Nipkow"
],
"date": "2019-06-25",
- "id": 219,
+ "id": 224,
"link": "/entries/Prim_Dijkstra_Simple.html",
"permalink": "/entries/Prim_Dijkstra_Simple.html",
"shortname": "Prim_Dijkstra_Simple",
"title": "Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "We formalize results about linear inqualities, mainly from Schrijver's book. The main results are the proof of the fundamental theorem on linear inequalities, Farkas' lemma, Carathéodory's theorem, the Farkas-Minkowsky-Weyl theorem, the decomposition theorem of polyhedra, and Meyer's result that the integer hull of a polyhedron is a polyhedron itself. Several theorems include bounds on the appearing numbers, and in particular we provide an a-priori bound on mixed-integer solutions of linear inequalities.",
"authors": [
"Ralph Bottesch",
"Alban Reynaud",
"René Thiemann"
],
"date": "2019-06-21",
- "id": 220,
+ "id": 225,
"link": "/entries/Linear_Inequalities.html",
"permalink": "/entries/Linear_Inequalities.html",
"shortname": "Linear_Inequalities",
"title": "Linear Inequalities",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "This entry formalizes Hilbert's Nullstellensatz, an important theorem in algebraic geometry that can be viewed as the generalization of the Fundamental Theorem of Algebra to multivariate polynomials: If a set of (multivariate) polynomials over an algebraically closed field has no common zero, then the ideal it generates is the entire polynomial ring. The formalization proves several equivalent versions of this celebrated theorem: the weak Nullstellensatz, the strong Nullstellensatz (connecting algebraic varieties and radical ideals), and the field-theoretic Nullstellensatz. The formalization follows Chapter 4.1. of \u003ca href=\"https://link.springer.com/book/10.1007/978-0-387-35651-8\"\u003eIdeals, Varieties, and Algorithms\u003c/a\u003e by Cox, Little and O'Shea.",
"authors": [
"Alexander Maletzky"
],
"date": "2019-06-16",
- "id": 221,
+ "id": 226,
"link": "/entries/Nullstellensatz.html",
"permalink": "/entries/Nullstellensatz.html",
"shortname": "Nullstellensatz",
"title": "Hilbert's Nullstellensatz",
"topic_links": [
"mathematics/algebra",
"mathematics/geometry"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "This entry formalizes the connection between Gröbner bases and Macaulay matrices (sometimes also referred to as `generalized Sylvester matrices'). In particular, it contains a method for computing Gröbner bases, which proceeds by first constructing some Macaulay matrix of the initial set of polynomials, then row-reducing this matrix, and finally converting the result back into a set of polynomials. The output is shown to be a Gröbner basis if the Macaulay matrix constructed in the first step is sufficiently large. In order to obtain concrete upper bounds on the size of the matrix (and hence turn the method into an effectively executable algorithm), Dubé's degree bounds on Gröbner bases are utilized; consequently, they are also part of the formalization.",
"authors": [
"Alexander Maletzky"
],
"date": "2019-06-15",
- "id": 222,
+ "id": 227,
"link": "/entries/Groebner_Macaulay.html",
"permalink": "/entries/Groebner_Macaulay.html",
"shortname": "Groebner_Macaulay",
"title": "Gröbner Bases, Macaulay Matrices and Dubé's Degree Bounds",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "In this submission array-based binary minimum heaps are formalized. The correctness of the following heap operations is proved: insert, get-min, delete-min and make-heap. These are then used to verify an in-place heapsort. The formalization is based on IMP2, an imperative program verification framework implemented in Isabelle/HOL. The verified heap functions are iterative versions of the partly recursive functions found in \"Algorithms and Data Structures – The Basic Toolbox\" by K. Mehlhorn and P. Sanders and \"Introduction to Algorithms\" by T. H. Cormen, C. E. Leiserson, R. L. Rivest and C. Stein.",
"authors": [
"Simon Griebel"
],
"date": "2019-06-13",
- "id": 223,
+ "id": 228,
"link": "/entries/IMP2_Binary_Heap.html",
"permalink": "/entries/IMP2_Binary_Heap.html",
"shortname": "IMP2_Binary_Heap",
"title": "Binary Heaps for IMP2",
"topic_links": [
"computer-science/data-structures",
"computer-science/algorithms"
],
"topics": [
"Computer science/Data structures",
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This formalization provides differential game logic (dGL), a logic for proving properties of hybrid game. In addition to the syntax and semantics, it formalizes a uniform substitution calculus for dGL. Church's uniform substitutions substitute a term or formula for a function or predicate symbol everywhere. The uniform substitutions for dGL also substitute hybrid games for a game symbol everywhere. We prove soundness of one-pass uniform substitutions and the axioms of differential game logic with respect to their denotational semantics. One-pass uniform substitutions are faster by postponing soundness-critical admissibility checks with a linear pass homomorphic application and regain soundness by a variable condition at the replacements. The formalization is based on prior non-mechanized soundness proofs for dGL.",
"authors": [
"André Platzer"
],
"date": "2019-06-03",
- "id": 224,
+ "id": 229,
"link": "/entries/Differential_Game_Logic.html",
"permalink": "/entries/Differential_Game_Logic.html",
"shortname": "Differential_Game_Logic",
"title": "Differential Game Logic",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "This entry provides a formalization of multidimensional binary trees, also known as k-d trees. It includes a balanced build algorithm as well as the nearest neighbor algorithm and the range search algorithm. It is based on the papers \u003ca href=\"https://dl.acm.org/citation.cfm?doid=361002.361007\"\u003eMultidimensional binary search trees used for associative searching\u003c/a\u003e and \u003ca href=\"https://dl.acm.org/citation.cfm?doid=355744.355745\"\u003e An Algorithm for Finding Best Matches in Logarithmic Expected Time\u003c/a\u003e.",
"authors": [
"Martin Rau"
],
"date": "2019-05-30",
- "id": 225,
+ "id": 230,
"link": "/entries/KD_Tree.html",
"permalink": "/entries/KD_Tree.html",
"shortname": "KD_Tree",
"title": "Multidimensional Binary Search Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "Authenticated data structures are a technique for outsourcing data storage and maintenance to an untrusted server. The server is required to produce an efficiently checkable and cryptographically secure proof that it carried out precisely the requested computation. \u003ca href=\"https://doi.org/10.1145/2535838.2535851\"\u003eMiller et al.\u003c/a\u003e introduced \u0026lambda;\u0026bull; (pronounced \u003ci\u003elambda auth\u003c/i\u003e)\u0026mdash;a functional programming language with a built-in primitive authentication construct, which supports a wide range of user-specified authenticated data structures while guaranteeing certain correctness and security properties for all well-typed programs. We formalize \u0026lambda;\u0026bull; and prove its correctness and security properties. With Isabelle's help, we uncover and repair several mistakes in the informal proofs and lemma statements. Our findings are summarized in an \u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2019.10\"\u003eITP'19 paper\u003c/a\u003e.",
"authors": [
"Matthias Brun",
"Dmitriy Traytel"
],
"date": "2019-05-14",
- "id": 226,
+ "id": 231,
"link": "/entries/LambdaAuth.html",
"permalink": "/entries/LambdaAuth.html",
"shortname": "LambdaAuth",
"title": "Formalization of Generic Authenticated Data Structures",
"topic_links": [
"computer-science/security",
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Security",
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 0
},
{
"abstract": "We use CryptHOL to consider Multi-Party Computation (MPC) protocols. MPC was first considered by Yao in 1983 and recent advances in efficiency and an increased demand mean it is now deployed in the real world. Security is considered using the real/ideal world paradigm. We first define security in the semi-honest security setting where parties are assumed not to deviate from the protocol transcript. In this setting we prove multiple Oblivious Transfer (OT) protocols secure and then show security for the gates of the GMW protocol. We then define malicious security, this is a stronger notion of security where parties are assumed to be fully corrupted by an adversary. In this setting we again consider OT, as it is a fundamental building block of almost all MPC protocols.",
"authors": [
"David Aspinall",
"David Butler"
],
"date": "2019-05-09",
- "id": 227,
+ "id": 232,
"link": "/entries/Multi_Party_Computation.html",
"permalink": "/entries/Multi_Party_Computation.html",
"shortname": "Multi_Party_Computation",
"title": "Multi-Party Computation",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This is a complete formalization of the work of Hoare and Roscoe on the denotational semantics of the Failure/Divergence Model of CSP. It follows essentially the presentation of CSP in Roscoe’s Book ”Theory and Practice of Concurrency” [8] and the semantic details in a joint Paper of Roscoe and Brooks ”An improved failures model for communicating processes\". The present work is based on a prior formalization attempt, called HOL-CSP 1.0, done in 1997 by H. Tej and B. Wolff with the Isabelle proof technology available at that time. This work revealed minor, but omnipresent foundational errors in key concepts like the process invariant. The present version HOL-CSP profits from substantially improved libraries (notably HOLCF), improved automated proof techniques, and structured proof techniques in Isar and is substantially shorter but more complete.",
"authors": [
"Safouan Taha",
"Lina Ye",
"Burkhart Wolff"
],
"date": "2019-04-26",
- "id": 228,
+ "id": 233,
"link": "/entries/HOL-CSP.html",
"permalink": "/entries/HOL-CSP.html",
"shortname": "HOL-CSP",
"title": "HOL-CSP Version 2.0",
"topic_links": [
"computer-science/concurrency/process-calculi",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Concurrency/Process calculi",
"Computer science/Semantics and reasoning"
],
"used_by": 1
},
{
"abstract": "We present a formalisation of the unified translation approach of linear temporal logic (LTL) into ω-automata from [1]. This approach decomposes LTL formulas into ``simple'' languages and allows a clear separation of concerns: first, we formalise the purely logical result yielding this decomposition; second, we instantiate this generic theory to obtain a construction for deterministic (state-based) Rabin automata (DRA). We extract from this particular instantiation an executable tool translating LTL to DRAs. To the best of our knowledge this is the first verified translation from LTL to DRAs that is proven to be double exponential in the worst case which asymptotically matches the known lower bound. \u003cp\u003e [1] Javier Esparza, Jan Kretínský, Salomon Sickert. One Theorem to Rule Them All: A Unified Translation of LTL into ω-Automata. LICS 2018",
"authors": [
"Benedikt Seidl",
"Salomon Sickert"
],
"date": "2019-04-16",
- "id": 229,
+ "id": 234,
"link": "/entries/LTL_Master_Theorem.html",
"permalink": "/entries/LTL_Master_Theorem.html",
"shortname": "LTL_Master_Theorem",
"title": "A Compositional and Unified Translation of LTL into ω-Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "We formalize a theory of syntax with bindings that has been developed and refined over the last decade to support several large formalization efforts. Terms are defined for an arbitrary number of constructors of varying numbers of inputs, quotiented to alpha-equivalence and sorted according to a binding signature. The theory includes many properties of the standard operators on terms: substitution, swapping and freshness. It also includes bindings-aware induction and recursion principles and support for semantic interpretation. This work has been presented in the ITP 2017 paper “A Formalized General Theory of Syntax with Bindings”.",
"authors": [
"Lorenzo Gheri",
"Andrei Popescu"
],
"date": "2019-04-06",
- "id": 230,
+ "id": 235,
"link": "/entries/Binding_Syntax_Theory.html",
"permalink": "/entries/Binding_Syntax_Theory.html",
"shortname": "Binding_Syntax_Theory",
"title": "A General Theory of Syntax with Bindings",
"topic_links": [
"computer-science/programming-languages/lambda-calculi",
"computer-science/functional-programming",
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Computer science/Programming languages/Lambda calculi",
"Computer science/Functional programming",
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "We formalize the proofs of two transcendence criteria by J. Hančl and P. Rucki that assert the transcendence of the sums of certain infinite series built up by sequences that fulfil certain properties. Both proofs make use of Roth's celebrated theorem on diophantine approximations to algebraic numbers from 1955 which we implement as an assumption without having formalised its proof.",
"authors": [
"Angeliki Koutsoukou-Argyraki",
"Wenda Li"
],
"date": "2019-03-27",
- "id": 231,
+ "id": 236,
"link": "/entries/Transcendence_Series_Hancl_Rucki.html",
"permalink": "/entries/Transcendence_Series_Hancl_Rucki.html",
"shortname": "Transcendence_Series_Hancl_Rucki",
"title": "The Transcendence of Certain Infinite Series",
"topic_links": [
"mathematics/analysis",
"mathematics/number-theory"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "We formalize quantum Hoare logic as given in [1]. In particular, we specify the syntax and denotational semantics of a simple model of quantum programs. Then, we write down the rules of quantum Hoare logic for partial correctness, and show the soundness and completeness of the resulting proof system. As an application, we verify the correctness of Grover’s algorithm.",
"authors": [
"Junyi Liu",
"Bohua Zhan",
"Shuling Wang",
"Shenggang Ying",
"Tao Liu",
"Yangjia Li",
"Mingsheng Ying",
"Naijun Zhan"
],
"date": "2019-03-24",
- "id": 232,
+ "id": 237,
"link": "/entries/QHLProver.html",
"permalink": "/entries/QHLProver.html",
"shortname": "QHLProver",
"title": "Quantum Hoare Logic",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Semantics and reasoning"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThe theory is a formalization of the \u003ca href=\"https://www.omg.org/spec/OCL/\"\u003eOCL\u003c/a\u003e type system, its abstract syntax and expression typing rules. The theory does not define a concrete syntax and a semantics. In contrast to \u003ca href=\"https://www.isa-afp.org/entries/Featherweight_OCL.html\"\u003eFeatherweight OCL\u003c/a\u003e, it is based on a deep embedding approach. The type system is defined from scratch, it is not based on the Isabelle HOL type system.\u003c/p\u003e \u003cp\u003eThe Safe OCL distincts nullable and non-nullable types. Also the theory gives a formal definition of \u003ca href=\"http://ceur-ws.org/Vol-1512/paper07.pdf\"\u003esafe navigation operations\u003c/a\u003e. The Safe OCL typing rules are much stricter than rules given in the OCL specification. It allows one to catch more errors on a type checking phase.\u003c/p\u003e \u003cp\u003eThe type theory presented is four-layered: classes, basic types, generic types, errorable types. We introduce the following new types: non-nullable types (T[1]), nullable types (T[?]), OclSuper. OclSuper is a supertype of all other types (basic types, collections, tuples). This type allows us to define a total supremum function, so types form an upper semilattice. It allows us to define rich expression typing rules in an elegant manner.\u003c/p\u003e \u003cp\u003eThe Preliminaries Chapter of the theory defines a number of helper lemmas for transitive closures and tuples. It defines also a generic object model independent from OCL. It allows one to use the theory as a reference for formalization of analogous languages.\u003c/p\u003e",
"authors": [
"Denis Nikiforov"
],
"date": "2019-03-09",
- "id": 233,
+ "id": 238,
"link": "/entries/Safe_OCL.html",
"permalink": "/entries/Safe_OCL.html",
"shortname": "Safe_OCL",
"title": "Safe OCL",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry is a formalisation of Chapter 4 (and parts of Chapter 3) of Apostol's \u003ca href=\"https://www.springer.com/de/book/9780387901633\"\u003e\u003cem\u003eIntroduction to Analytic Number Theory\u003c/em\u003e\u003c/a\u003e. The main topics that are addressed are properties of the distribution of prime numbers that can be shown in an elementary way (i.\u0026thinsp;e. without the Prime Number Theorem), the various equivalent forms of the PNT (which imply each other in elementary ways), and consequences that follow from the PNT in elementary ways. The latter include, most notably, asymptotic bounds for the number of distinct prime factors of \u003cem\u003en\u003c/em\u003e, the divisor function \u003cem\u003ed(n)\u003c/em\u003e, Euler's totient function \u003cem\u003e\u0026phi;(n)\u003c/em\u003e, and lcm(1,\u0026hellip;,\u003cem\u003en\u003c/em\u003e).\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2019-02-21",
- "id": 234,
+ "id": 239,
"link": "/entries/Prime_Distribution_Elementary.html",
"permalink": "/entries/Prime_Distribution_Elementary.html",
"shortname": "Prime_Distribution_Elementary",
"title": "Elementary Facts About the Distribution of Primes",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 3
},
{
"abstract": "This Isabelle/HOL formalization defines a greedy algorithm for finding a minimum weight basis on a weighted matroid and proves its correctness. This algorithm is an abstract version of Kruskal's algorithm. We interpret the abstract algorithm for the cycle matroid (i.e. forests in a graph) and refine it to imperative executable code using an efficient union-find data structure. Our formalization can be instantiated for different graph representations. We provide instantiations for undirected graphs and symmetric directed graphs.",
"authors": [
"Maximilian P. L. Haslbeck",
"Peter Lammich",
"Julian Biendarra"
],
"date": "2019-02-14",
- "id": 235,
+ "id": 240,
"link": "/entries/Kruskal.html",
"permalink": "/entries/Kruskal.html",
"shortname": "Kruskal",
"title": "Kruskal's Algorithm for Minimum Spanning Forest",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThe most efficient known primality tests are \u003cem\u003eprobabilistic\u003c/em\u003e in the sense that they use randomness and may, with some probability, mistakenly classify a composite number as prime \u0026ndash; but never a prime number as composite. Examples of this are the Miller\u0026ndash;Rabin test, the Solovay\u0026ndash;Strassen test, and (in most cases) Fermat's test.\u003c/p\u003e \u003cp\u003eThis entry defines these three tests and proves their correctness. It also develops some of the number-theoretic foundations, such as Carmichael numbers and the Jacobi symbol with an efficient executable algorithm to compute it.\u003c/p\u003e",
"authors": [
"Daniel Stüwe",
"Manuel Eberl"
],
"date": "2019-02-11",
- "id": 236,
+ "id": 241,
"link": "/entries/Probabilistic_Prime_Tests.html",
"permalink": "/entries/Probabilistic_Prime_Tests.html",
"shortname": "Probabilistic_Prime_Tests",
"title": "Probabilistic Primality Testing",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
- "abstract": "This entry formalises results from computability theory: recursive functions, undecidability of the halting problem, and the existence of a universal Turing machine. This formalisation is the AFP entry corresponding to the paper Mechanising Turing Machines and Computability Theory in Isabelle/HOL, ITP 2013. The main book used for this formalisation is by Boolos, Burgess, and Jeffrey on \u003ci\u003eComputability and Logic\u003c/i\u003e. Joosten contributed mainly by making the files ready for the AFP. His need for a formalisation of Turing Machines arose from realising that the current formalisation of saturation graphs (also in the AFP) was missing a key undecidability result present in his paper on \u003ci\u003eFinding models through graph saturation\u003c/i\u003e. Regensburger contributed by adding definitions for concepts like Turing Decidability, Turing Computability and Turing Reducibility for problem reduction. He also enhanced the result about the undecidability of the General Halting Problem given in the original AFP entry by first proving the undecidability of the Special Halting Problem and then proving its reducibility to the general problem. The original version of this AFP entry did only prove a weak form of the undecidability theorem. The main motivation behind this contribution is to make the AFP entry accessible for bachelor and master students. ",
+ "abstract": "\u003cp\u003eThis entry formalises results from computability theory, for example recursive functions, undecidability of the halting problem, the existence of a universal Turing machine and so on. This formalisation is the AFP entry corresponding to the paper Mechanising Turing Machines and Computability Theory in Isabelle/HOL from ITP 2013. The main book used for this formalisation is by Boolos, Burgess, and Jeffrey on \u003ci\u003eComputability and Logic\u003c/i\u003e.\u003c/p\u003e \u003cp\u003eJoosten contributed by making the files ready for the AFP in 2019. His need for a formalisation of Turing Machines arose from realising that the current formalisation of saturation graphs (also in the AFP) was missing a key undecidability result present in his paper on \u003ci\u003eFinding models through graph saturation\u003c/i\u003e.\u003c/p\u003e \u003cp\u003eRegensburger contributed in 2022 by adding definitions for concepts like Turing Decidability, Turing Computability and Turing Reducibility for problem reduction. He also enhanced the result about the undecidability of the General Halting Problem given in the original AFP entry by first proving the undecidability of the Special Halting Problem and then proving its reducibility to the general problem. The original version of this AFP entry did only prove a weak form of the undecidability theorem. The main motivation behind this contribution is to make the AFP entry accessible for bachelor and master students.\u003c/p\u003e ",
"authors": [
"Jian Xu",
"Xingyuan Zhang",
"Christian Urban",
"Sebastiaan J. C. Joosten",
"Franz Regensburger"
],
"date": "2019-02-08",
- "id": 237,
+ "id": 242,
"link": "/entries/Universal_Turing_Machine.html",
"permalink": "/entries/Universal_Turing_Machine.html",
"shortname": "Universal_Turing_Machine",
"title": "Universal Turing Machine",
"topic_links": [
"logic/computability",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Logic/Computability",
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "Isabelle/UTP is a mechanised theory engineering toolkit based on Hoare and He’s Unifying Theories of Programming (UTP). UTP enables the creation of denotational, algebraic, and operational semantics for different programming languages using an alphabetised relational calculus. We provide a semantic embedding of the alphabetised relational calculus in Isabelle/HOL, including new type definitions, relational constructors, automated proof tactics, and accompanying algebraic laws. Isabelle/UTP can be used to both capture laws of programming for different languages, and put these fundamental theorems to work in the creation of associated verification tools, using calculi like Hoare logics. This document describes the relational core of the UTP in Isabelle/HOL.",
"authors": [
"Simon Foster",
"Frank Zeyda",
"Yakoub Nemouchi",
"Pedro Ribeiro",
"Burkhart Wolff"
],
"date": "2019-02-01",
- "id": 238,
+ "id": 243,
"link": "/entries/UTP.html",
"permalink": "/entries/UTP.html",
"shortname": "UTP",
"title": "Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry defines the set of \u003cem\u003einversions\u003c/em\u003e of a list, i.e. the pairs of indices that violate sortedness. It also proves the correctness of the well-known \u003cem\u003eO\u003c/em\u003e(\u003cem\u003en log n\u003c/em\u003e) divide-and-conquer algorithm to compute the number of inversions.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2019-02-01",
- "id": 239,
+ "id": 244,
"link": "/entries/List_Inversions.html",
"permalink": "/entries/List_Inversions.html",
"shortname": "List_Inversions",
"title": "The Inversions of a List",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "We formalize a proof of Motzkin's transposition theorem and Farkas' lemma in Isabelle/HOL. Our proof is based on the formalization of the simplex algorithm which, given a set of linear constraints, either returns a satisfying assignment to the problem or detects unsatisfiability. By reusing facts about the simplex algorithm we show that a set of linear constraints is unsatisfiable if and only if there is a linear combination of the constraints which evaluates to a trivially unsatisfiable inequality.",
"authors": [
"Ralph Bottesch",
"Max W. Haslbeck",
"René Thiemann"
],
"date": "2019-01-17",
- "id": 240,
+ "id": 245,
"link": "/entries/Farkas.html",
"permalink": "/entries/Farkas.html",
"shortname": "Farkas",
"title": "Farkas' Lemma and Motzkin's Transposition Theorem",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "In this formalization, I introduce a higher-order term algebra, generalizing the notions of free variables, matching, and substitution. The need arose from the work on a \u003ca href=\"http://dx.doi.org/10.1007/978-3-319-89884-1_35\"\u003everified compiler from Isabelle to CakeML\u003c/a\u003e. Terms can be thought of as consisting of a generic (free variables, constants, application) and a specific part. As example applications, this entry provides instantiations for de-Bruijn terms, terms with named variables, and \u003ca href=\"https://www.isa-afp.org/entries/Lambda_Free_RPOs.html\"\u003eBlanchette’s \u0026lambda;-free higher-order terms\u003c/a\u003e. Furthermore, I implement translation functions between de-Bruijn terms and named terms and prove their correctness.",
"authors": [
"Lars Hupel"
],
"date": "2019-01-15",
- "id": 241,
+ "id": 246,
"link": "/entries/Higher_Order_Terms.html",
"permalink": "/entries/Higher_Order_Terms.html",
"shortname": "Higher_Order_Terms",
"title": "An Algebra for Higher-Order Terms",
"topic_links": [
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 1
},
{
"abstract": "IMP2 is a simple imperative language together with Isabelle tooling to create a program verification environment in Isabelle/HOL. The tools include a C-like syntax, a verification condition generator, and Isabelle commands for the specification of programs. The framework is modular, i.e., it allows easy reuse of already proved programs within larger programs. This entry comes with a quickstart guide and a large collection of examples, spanning basic algorithms with simple proofs to more advanced algorithms and proof techniques like data refinement. Some highlights from the examples are: \u003cul\u003e \u003cli\u003eBisection Square Root, \u003c/li\u003e \u003cli\u003eExtended Euclid, \u003c/li\u003e \u003cli\u003eExponentiation by Squaring, \u003c/li\u003e \u003cli\u003eBinary Search, \u003c/li\u003e \u003cli\u003eInsertion Sort, \u003c/li\u003e \u003cli\u003eQuicksort, \u003c/li\u003e \u003cli\u003eDepth First Search. \u003c/li\u003e \u003c/ul\u003e The abstract syntax and semantics are very simple and well-documented. They are suitable to be used in a course, as extension to the IMP language which comes with the Isabelle distribution. While this entry is limited to a simple imperative language, the ideas could be extended to more sophisticated languages.",
"authors": [
"Peter Lammich",
"Simon Wimmer"
],
"date": "2019-01-15",
- "id": 242,
+ "id": 247,
"link": "/entries/IMP2.html",
"permalink": "/entries/IMP2.html",
"shortname": "IMP2",
"title": "IMP2 – Simple Program Verification in Isabelle/HOL",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/algorithms"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Algorithms"
],
"used_by": 1
},
{
"abstract": "When verifying a concurrent program, it is usual to assume that memory is sequentially consistent. However, most modern multiprocessors depend on store buffering for efficiency, and provide native sequential consistency only at a substantial performance penalty. To regain sequential consistency, a programmer has to follow an appropriate programming discipline. However, na\u0026iuml;ve disciplines, such as protecting all shared accesses with locks, are not flexible enough for building high-performance multiprocessor software. We present a new discipline for concurrent programming under TSO (total store order, with store buffer forwarding). It does not depend on concurrency primitives, such as locks. Instead, threads use ghost operations to acquire and release ownership of memory addresses. A thread can write to an address only if no other thread owns it, and can read from an address only if it owns it or it is shared and the thread has flushed its store buffer since it last wrote to an address it did not own. This discipline covers both coarse-grained concurrency (where data is protected by locks) as well as fine-grained concurrency (where atomic operations race to memory). We formalize this discipline in Isabelle/HOL, and prove that if every execution of a program in a system without store buffers follows the discipline, then every execution of the program with store buffers is sequentially consistent. Thus, we can show sequential consistency under TSO by ordinary assertional reasoning about the program, without having to consider store buffers at all.",
"authors": [
"Ernie Cohen",
"Norbert Schirmer"
],
"date": "2019-01-07",
- "id": 243,
+ "id": 248,
"link": "/entries/Store_Buffer_Reduction.html",
"permalink": "/entries/Store_Buffer_Reduction.html",
"shortname": "Store_Buffer_Reduction",
"title": "A Reduction Theorem for Store Buffers",
"topic_links": [
"computer-science/concurrency"
],
"topics": [
"Computer science/Concurrency"
],
"used_by": 0
},
{
"abstract": "In this AFP entry, we formalize the core of the Document Object Model (DOM). At its core, the DOM defines a tree-like data structure for representing documents in general and HTML documents in particular. It is the heart of any modern web browser. Formalizing the key concepts of the DOM is a prerequisite for the formal reasoning over client-side JavaScript programs and for the analysis of security concepts in modern web browsers. We present a formalization of the core DOM, with focus on the node-tree and the operations defined on node-trees, in Isabelle/HOL. We use the formalization to verify the functional correctness of the most important functions defined in the DOM standard. Moreover, our formalization is 1) extensible, i.e., can be extended without the need of re-proving already proven properties and 2) executable, i.e., we can generate executable code from our specification.",
"authors": [
"Achim D. Brucker",
"Michael Herzberg"
],
"date": "2018-12-26",
- "id": 244,
+ "id": 249,
"link": "/entries/Core_DOM.html",
"permalink": "/entries/Core_DOM.html",
"shortname": "Core_DOM",
"title": "A Formal Model of the Document Object Model",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "Concurrent revisions is a concurrency control model developed by Microsoft Research. It has many interesting properties that distinguish it from other well-known models such as transactional memory. One of these properties is \u003cem\u003edeterminacy\u003c/em\u003e: programs written within the model always produce the same outcome, independent of scheduling activity. The concurrent revisions model has an operational semantics, with an informal proof of determinacy. This document contains an Isabelle/HOL formalization of this semantics and the proof of determinacy.",
"authors": [
"Roy Overbeek"
],
"date": "2018-12-25",
- "id": 245,
+ "id": 250,
"link": "/entries/Concurrent_Revisions.html",
"permalink": "/entries/Concurrent_Revisions.html",
"shortname": "Concurrent_Revisions",
"title": "Formalization of Concurrent Revisions",
"topic_links": [
"computer-science/concurrency"
],
"topics": [
"Computer science/Concurrency"
],
"used_by": 0
},
{
"abstract": "This entry contains the application of auto2 to verifying functional and imperative programs. Algorithms and data structures that are verified include linked lists, binary search trees, red-black trees, interval trees, priority queue, quicksort, union-find, Dijkstra's algorithm, and a sweep-line algorithm for detecting rectangle intersection. The imperative verification is based on Imperative HOL and its separation logic framework. A major goal of this work is to set up automation in order to reduce the length of proof that the user needs to provide, both for verifying functional programs and for working with separation logic.",
"authors": [
"Bohua Zhan"
],
"date": "2018-12-21",
- "id": 246,
+ "id": 251,
"link": "/entries/Auto2_Imperative_HOL.html",
"permalink": "/entries/Auto2_Imperative_HOL.html",
"shortname": "Auto2_Imperative_HOL",
"title": "Verifying Imperative Programs using Auto2",
"topic_links": [
"computer-science/algorithms",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "Inspired by Abstract Cryptography, we extend CryptHOL, a framework for formalizing game-based proofs, with an abstract model of Random Systems and provide proof rules about their composition and equality. This foundation facilitates the formalization of Constructive Cryptography proofs, where the security of a cryptographic scheme is realized as a special form of construction in which a complex random system is built from simpler ones. This is a first step towards a fully-featured compositional framework, similar to Universal Composability framework, that supports formalization of simulation-based proofs.",
"authors": [
"Andreas Lochbihler",
"S. Reza Sefidgar"
],
"date": "2018-12-17",
- "id": 247,
+ "id": 252,
"link": "/entries/Constructive_Cryptography.html",
"permalink": "/entries/Constructive_Cryptography.html",
"shortname": "Constructive_Cryptography",
"title": "Constructive Cryptography in HOL",
"topic_links": [
"computer-science/security/cryptography",
"mathematics/probability-theory"
],
"topics": [
"Computer science/Security/Cryptography",
"Mathematics/Probability theory"
],
"used_by": 1
},
{
"abstract": "These components add further fundamental order and lattice-theoretic concepts and properties to Isabelle's libraries. They follow by and large the introductory sections of the Compendium of Continuous Lattices, covering directed and filtered sets, down-closed and up-closed sets, ideals and filters, Galois connections, closure and co-closure operators. Some emphasis is on duality and morphisms between structures, as in the Compendium. To this end, three ad-hoc approaches to duality are compared.",
"authors": [
"Georg Struth"
],
"date": "2018-12-11",
- "id": 248,
+ "id": 253,
"link": "/entries/Order_Lattice_Props.html",
"permalink": "/entries/Order_Lattice_Props.html",
"shortname": "Order_Lattice_Props",
"title": "Properties of Orderings and Lattices",
"topic_links": [
"mathematics/order"
],
"topics": [
"Mathematics/Order"
],
"used_by": 2
},
{
"abstract": "These mathematical components formalise basic properties of quantales, together with some important models, constructions, and concepts, including quantic nuclei and conuclei.",
"authors": [
"Georg Struth"
],
"date": "2018-12-11",
- "id": 249,
+ "id": 254,
"link": "/entries/Quantales.html",
"permalink": "/entries/Quantales.html",
"shortname": "Quantales",
"title": "Quantales",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "These mathematical components formalise predicate transformer semantics for programs, yet currently only for partial correctness and in the absence of faults. A first part for isotone (or monotone), Sup-preserving and Inf-preserving transformers follows Back and von Wright's approach, with additional emphasis on the quantalic structure of algebras of transformers. The second part develops Sup-preserving and Inf-preserving predicate transformers from the powerset monad, via its Kleisli category and Eilenberg-Moore algebras, with emphasis on adjunctions and dualities, as well as isomorphisms between relations, state transformers and predicate transformers.",
"authors": [
"Georg Struth"
],
"date": "2018-12-11",
- "id": 250,
+ "id": 255,
"link": "/entries/Transformer_Semantics.html",
"permalink": "/entries/Transformer_Semantics.html",
"shortname": "Transformer_Semantics",
"title": "Transformer Semantics",
"topic_links": [
"mathematics/algebra",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Mathematics/Algebra",
"Computer science/Semantics and reasoning"
],
"used_by": 1
},
{
"abstract": "This Isabelle/HOL formalization refines the abstract ordered resolution prover presented in Section 4.3 of Bachmair and Ganzinger's \"Resolution Theorem Proving\" chapter in the \u003ci\u003eHandbook of Automated Reasoning\u003c/i\u003e. The result is a functional implementation of a first-order prover.",
"authors": [
"Anders Schlichtkrull",
"Jasmin Christian Blanchette",
"Dmitriy Traytel"
],
"date": "2018-11-23",
- "id": 251,
+ "id": 256,
"link": "/entries/Functional_Ordered_Resolution_Prover.html",
"permalink": "/entries/Functional_Ordered_Resolution_Prover.html",
"shortname": "Functional_Ordered_Resolution_Prover",
"title": "A Verified Functional Implementation of Bachmair and Ganzinger's Ordered Resolution Prover",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "This is an Isabelle/HOL formalisation of graph saturation, closely following a \u003ca href=\"https://doi.org/10.1016/j.jlamp.2018.06.005\"\u003epaper by the author\u003c/a\u003e on graph saturation. Nine out of ten lemmas of the original paper are proven in this formalisation. The formalisation additionally includes two theorems that show the main premise of the paper: that consistency and entailment are decided through graph saturation. This formalisation does not give executable code, and it did not implement any of the optimisations suggested in the paper.",
"authors": [
"Sebastiaan J. C. Joosten"
],
"date": "2018-11-23",
- "id": 252,
+ "id": 257,
"link": "/entries/Graph_Saturation.html",
"permalink": "/entries/Graph_Saturation.html",
"shortname": "Graph_Saturation",
"title": "Graph Saturation",
"topic_links": [
"logic/rewriting",
"mathematics/graph-theory"
],
"topics": [
"Logic/Rewriting",
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "Auto2 is a saturation-based heuristic prover for higher-order logic, implemented as a tactic in Isabelle. This entry contains the instantiation of auto2 for Isabelle/HOL, along with two basic examples: solutions to some of the Pelletier’s problems, and elementary number theory of primes.",
"authors": [
"Bohua Zhan"
],
"date": "2018-11-20",
- "id": 253,
+ "id": 258,
"link": "/entries/Auto2_HOL.html",
"permalink": "/entries/Auto2_HOL.html",
"shortname": "Auto2_HOL",
"title": "Auto2 Prover",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis article defines the combinatorial structures known as \u003cem\u003eIndependence Systems\u003c/em\u003e and \u003cem\u003eMatroids\u003c/em\u003e and provides basic concepts and theorems related to them. These structures play an important role in combinatorial optimisation, e. g. greedy algorithms such as Kruskal's algorithm. The development is based on Oxley's \u003ca href=\"http://www.math.lsu.edu/~oxley/survey4.pdf\"\u003e`What is a Matroid?'\u003c/a\u003e.\u003c/p\u003e",
"authors": [
"Jonas Keinholz"
],
"date": "2018-11-16",
- "id": 254,
+ "id": 259,
"link": "/entries/Matroids.html",
"permalink": "/entries/Matroids.html",
"shortname": "Matroids",
"title": "Matroids",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eWe provide a framework for automatically deriving instances for generic type classes. Our approach is inspired by Haskell's \u003ci\u003egeneric-deriving\u003c/i\u003e package and Scala's \u003ci\u003eshapeless\u003c/i\u003e library. In addition to generating the code for type class functions, we also attempt to automatically prove type class laws for these instances. As of now, however, some manual proofs are still required for recursive datatypes.\u003c/p\u003e \u003cp\u003eNote: There are already articles in the AFP that provide automatic instantiation for a number of classes. Concretely, \u003ca href=\"https://www.isa-afp.org/entries/Deriving.html\"\u003eDeriving\u003c/a\u003e allows the automatic instantiation of comparators, linear orders, equality, and hashing. \u003ca href=\"https://www.isa-afp.org/entries/Show.html\"\u003eShow\u003c/a\u003e instantiates a Haskell-style \u003ci\u003eshow\u003c/i\u003e class.\u003c/p\u003e\u003cp\u003eOur approach works for arbitrary classes (with some Isabelle/HOL overhead for each class), but a smaller set of datatypes.\u003c/p\u003e",
"authors": [
"Jonas Rädle",
"Lars Hupel"
],
"date": "2018-11-06",
- "id": 255,
+ "id": 260,
"link": "/entries/Generic_Deriving.html",
"permalink": "/entries/Generic_Deriving.html",
"shortname": "Generic_Deriving",
"title": "Deriving generic class instances for datatypes",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "An ambitious ethical theory ---Alan Gewirth's \"Principle of Generic Consistency\"--- is encoded and analysed in Isabelle/HOL. Gewirth's theory has stirred much attention in philosophy and ethics and has been proposed as a potential means to bound the impact of artificial general intelligence.",
"authors": [
"David Fuenmayor",
"Christoph Benzmüller"
],
"date": "2018-10-30",
- "id": 256,
+ "id": 261,
"link": "/entries/GewirthPGCProof.html",
"permalink": "/entries/GewirthPGCProof.html",
"shortname": "GewirthPGCProof",
"title": "Formalisation and Evaluation of Alan Gewirth's Proof for the Principle of Generic Consistency in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
- "abstract": "This work is a formalization of epistemic logic with countably many agents. It includes proofs of soundness and completeness for the axiom system K. The completeness proof is based on the textbook \"Reasoning About Knowledge\" by Fagin, Halpern, Moses and Vardi (MIT Press 1995). The extensions of system K (T, KB, K4, S4, S5) and their completeness proofs are based on the textbook \"Modal Logic\" by Blackburn, de Rijke and Venema (Cambridge University Press 2001). Papers: \u003ca href=\"https://doi.org/10.1007/978-3-030-88853-4_1\"\u003ehttps://doi.org/10.1007/978-3-030-88853-4_1\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-030-90138-7_2\"\u003ehttps://doi.org/10.1007/978-3-030-90138-7_2\u003c/a\u003e.",
+ "abstract": "This work is a formalization of epistemic logic with countably many agents. It includes proofs of soundness and completeness for the axiom system K. The completeness proof is based on the textbook \"Reasoning About Knowledge\" by Fagin, Halpern, Moses and Vardi (MIT Press 1995). The extensions of system K (T, KB, K4, S4, S5) and their completeness proofs are based on the textbook \"Modal Logic\" by Blackburn, de Rijke and Venema (Cambridge University Press 2001). Papers: \u003ca href=\"https://doi.org/10.1007/978-3-030-88853-4_1\"\u003edoi.org/10.1007/978-3-030-88853-4_1\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-030-90138-7_2\"\u003edoi.org/10.1007/978-3-030-90138-7_2\u003c/a\u003e.",
"authors": [
"Asta Halkjær From"
],
"date": "2018-10-29",
- "id": 257,
+ "id": 262,
"link": "/entries/Epistemic_Logic.html",
"permalink": "/entries/Epistemic_Logic.html",
"shortname": "Epistemic_Logic",
"title": "Epistemic Logic: Completeness of Modal Logics",
"topic_links": [
"logic/general-logic/logics-of-knowledge-and-belief"
],
"topics": [
"Logic/General logic/Logics of knowledge and belief"
],
"used_by": 1
},
{
"abstract": "We formalize the definition and basic properties of smooth manifolds in Isabelle/HOL. Concepts covered include partition of unity, tangent and cotangent spaces, and the fundamental theorem of path integrals. We also examine some concrete manifolds such as spheres and projective spaces. The formalization makes extensive use of the analysis and linear algebra libraries in Isabelle/HOL, in particular its “types-to-sets” mechanism.",
"authors": [
"Fabian Immler",
"Bohua Zhan"
],
"date": "2018-10-22",
- "id": 258,
+ "id": 263,
"link": "/entries/Smooth_Manifolds.html",
"permalink": "/entries/Smooth_Manifolds.html",
"shortname": "Smooth_Manifolds",
"title": "Smooth Manifolds",
"topic_links": [
"mathematics/analysis",
"mathematics/topology"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Topology"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization defines the Embedding Path Order (EPO) for higher-order terms without lambda-abstraction and proves many useful properties about it. In contrast to the lambda-free recursive path orders, it does not fully coincide with RPO on first-order terms, but it is compatible with arbitrary higher-order contexts.",
"authors": [
"Alexander Bentkamp"
],
"date": "2018-10-19",
- "id": 259,
+ "id": 264,
"link": "/entries/Lambda_Free_EPO.html",
"permalink": "/entries/Lambda_Free_EPO.html",
"shortname": "Lambda_Free_EPO",
"title": "Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis work is a formalisation of the Randomised Binary Search Trees introduced by Martínez and Roura, including definitions and correctness proofs.\u003c/p\u003e \u003cp\u003eLike randomised treaps, they are a probabilistic data structure that behaves exactly as if elements were inserted into a non-balancing BST in random order. However, unlike treaps, they only use discrete probability distributions, but their use of randomness is more complicated.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2018-10-19",
- "id": 260,
+ "id": 265,
"link": "/entries/Randomised_BSTs.html",
"permalink": "/entries/Randomised_BSTs.html",
"shortname": "Randomised_BSTs",
"title": "Randomised Binary Search Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "A completeness threshold is required to guarantee the completeness of planning as satisfiability, and bounded model checking of safety properties. One valid completeness threshold is the diameter of the underlying transition system. The diameter is the maximum element in the set of lengths of all shortest paths between pairs of states. The diameter is not calculated exactly in our setting, where the transition system is succinctly described using a (propositionally) factored representation. Rather, an upper bound on the diameter is calculated compositionally, by bounding the diameters of small abstract subsystems, and then composing those. We port a HOL4 formalisation of a compositional algorithm for computing a relatively tight upper bound on the system diameter. This compositional algorithm exploits acyclicity in the state space to achieve compositionality, and it was introduced by Abdulaziz et. al. The formalisation that we port is described as a part of another paper by Abdulaziz et. al. As a part of this porting we developed a libray about transition systems, which shall be of use in future related mechanisation efforts.",
"authors": [
"Friedrich Kurz",
"Mohammad Abdulaziz"
],
"date": "2018-10-12",
- "id": 261,
+ "id": 266,
"link": "/entries/Factored_Transition_System_Bounding.html",
"permalink": "/entries/Factored_Transition_System_Bounding.html",
"shortname": "Factored_Transition_System_Bounding",
"title": "Upper Bounding Diameters of State Spaces of Factored Transition Systems",
"topic_links": [
"computer-science/automata-and-formal-languages",
"mathematics/graph-theory"
],
"topics": [
"Computer science/Automata and formal languages",
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry shows the transcendence of \u0026pi; based on the classic proof using the fundamental theorem of symmetric polynomials first given by von Lindemann in 1882, but the formalisation mostly follows the version by Niven. The proof reuses much of the machinery developed in the AFP entry on the transcendence of \u003cem\u003ee\u003c/em\u003e.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2018-09-28",
- "id": 262,
+ "id": 267,
"link": "/entries/Pi_Transcendental.html",
"permalink": "/entries/Pi_Transcendental.html",
"shortname": "Pi_Transcendental",
"title": "The Transcendence of π",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eA symmetric polynomial is a polynomial in variables \u003cem\u003eX\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,\u003cem\u003eX\u003c/em\u003e\u003csub\u003en\u003c/sub\u003e that does not discriminate between its variables, i.\u0026thinsp;e. it is invariant under any permutation of them. These polynomials are important in the study of the relationship between the coefficients of a univariate polynomial and its roots in its algebraic closure.\u003c/p\u003e \u003cp\u003eThis article provides a definition of symmetric polynomials and the elementary symmetric polynomials e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,e\u003csub\u003en\u003c/sub\u003e and proofs of their basic properties, including three notable ones:\u003c/p\u003e \u003cul\u003e \u003cli\u003e Vieta's formula, which gives an explicit expression for the \u003cem\u003ek\u003c/em\u003e-th coefficient of a univariate monic polynomial in terms of its roots \u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,\u003cem\u003ex\u003c/em\u003e\u003csub\u003en\u003c/sub\u003e, namely \u003cem\u003ec\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e = (-1)\u003csup\u003e\u003cem\u003en\u003c/em\u003e-\u003cem\u003ek\u003c/em\u003e\u003c/sup\u003e\u0026thinsp;e\u003csub\u003e\u003cem\u003en\u003c/em\u003e-\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,\u003cem\u003ex\u003c/em\u003e\u003csub\u003en\u003c/sub\u003e).\u003c/li\u003e \u003cli\u003eSecond, the Fundamental Theorem of Symmetric Polynomials, which states that any symmetric polynomial is itself a uniquely determined polynomial combination of the elementary symmetric polynomials.\u003c/li\u003e \u003cli\u003eThird, as a corollary of the previous two, that given a polynomial over some ring \u003cem\u003eR\u003c/em\u003e, any symmetric polynomial combination of its roots is also in \u003cem\u003eR\u003c/em\u003e even when the roots are not. \u003c/ul\u003e \u003cp\u003e Both the symmetry property itself and the witness for the Fundamental Theorem are executable. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2018-09-25",
- "id": 263,
+ "id": 268,
"link": "/entries/Symmetric_Polynomials.html",
"permalink": "/entries/Symmetric_Polynomials.html",
"shortname": "Symmetric_Polynomials",
"title": "Symmetric Polynomials",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThis article formalizes signature-based algorithms for computing Gr\u0026ouml;bner bases. Such algorithms are, in general, superior to other algorithms in terms of efficiency, and have not been formalized in any proof assistant so far. The present development is both generic, in the sense that most known variants of signature-based algorithms are covered by it, and effectively executable on concrete input thanks to Isabelle's code generator. Sample computations of benchmark problems show that the verified implementation of signature-based algorithms indeed outperforms the existing implementation of Buchberger's algorithm in Isabelle/HOL.\u003c/p\u003e \u003cp\u003eBesides total correctness of the algorithms, the article also proves that under certain conditions they a-priori detect and avoid all useless zero-reductions, and always return 'minimal' (in some sense) Gr\u0026ouml;bner bases if an input parameter is chosen in the right way.\u003c/p\u003e\u003cp\u003eThe formalization follows the recent survey article by Eder and Faug\u0026egrave;re.\u003c/p\u003e",
"authors": [
"Alexander Maletzky"
],
"date": "2018-09-20",
- "id": 264,
+ "id": 269,
"link": "/entries/Signature_Groebner.html",
"permalink": "/entries/Signature_Groebner.html",
"shortname": "Signature_Groebner",
"title": "Signature-Based Gröbner Basis Algorithms",
"topic_links": [
"mathematics/algebra",
"computer-science/algorithms/mathematical"
],
"topics": [
"Mathematics/Algebra",
"Computer science/Algorithms/Mathematical"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a short proof of the Prime Number Theorem in several equivalent forms, most notably \u0026pi;(\u003cem\u003ex\u003c/em\u003e) ~ \u003cem\u003ex\u003c/em\u003e/ln \u003cem\u003ex\u003c/em\u003e where \u0026pi;(\u003cem\u003ex\u003c/em\u003e) is the number of primes no larger than \u003cem\u003ex\u003c/em\u003e. It also defines other basic number-theoretic functions related to primes like Chebyshev's functions \u0026thetasym; and \u0026psi; and the \u0026ldquo;\u003cem\u003en\u003c/em\u003e-th prime number\u0026rdquo; function p\u003csub\u003e\u003cem\u003en\u003c/em\u003e\u003c/sub\u003e. We also show various bounds and relationship between these functions are shown. Lastly, we derive Mertens' First and Second Theorem, i.\u0026thinsp;e. \u0026sum;\u003csub\u003e\u003cem\u003ep\u003c/em\u003e\u0026le;\u003cem\u003ex\u003c/em\u003e\u003c/sub\u003e ln \u003cem\u003ep\u003c/em\u003e/\u003cem\u003ep\u003c/em\u003e = ln \u003cem\u003ex\u003c/em\u003e + \u003cem\u003eO\u003c/em\u003e(1) and \u0026sum;\u003csub\u003e\u003cem\u003ep\u003c/em\u003e\u0026le;\u003cem\u003ex\u003c/em\u003e\u003c/sub\u003e 1/\u003cem\u003ep\u003c/em\u003e = ln ln \u003cem\u003ex\u003c/em\u003e + M + \u003cem\u003eO\u003c/em\u003e(1/ln \u003cem\u003ex\u003c/em\u003e). We also give explicit bounds for the remainder terms.\u003c/p\u003e \u003cp\u003eThe proof of the Prime Number Theorem builds on a library of Dirichlet series and analytic combinatorics. We essentially follow the presentation by Newman. The core part of the proof is a Tauberian theorem for Dirichlet series, which is proven using complex analysis and then used to strengthen Mertens' First Theorem to \u0026sum;\u003csub\u003e\u003cem\u003ep\u003c/em\u003e\u0026le;\u003cem\u003ex\u003c/em\u003e\u003c/sub\u003e ln \u003cem\u003ep\u003c/em\u003e/\u003cem\u003ep\u003c/em\u003e = ln \u003cem\u003ex\u003c/em\u003e + c + \u003cem\u003eo\u003c/em\u003e(1).\u003c/p\u003e \u003cp\u003eA variant of this proof has been formalised before by Harrison in HOL Light, and formalisations of Selberg's elementary proof exist both by Avigad \u003cem\u003eet al.\u003c/em\u003e in Isabelle and by Carneiro in Metamath. The advantage of the analytic proof is that, while it requires more powerful mathematical tools, it is considerably shorter and clearer. This article attempts to provide a short and clear formalisation of all components of that proof using the full range of mathematical machinery available in Isabelle, staying as close as possible to Newman's simple paper proof.\u003c/p\u003e",
"authors": [
"Manuel Eberl",
"Lawrence C. Paulson"
],
"date": "2018-09-19",
- "id": 265,
+ "id": 270,
"link": "/entries/Prime_Number_Theorem.html",
"permalink": "/entries/Prime_Number_Theorem.html",
"shortname": "Prime_Number_Theorem",
"title": "The Prime Number Theorem",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 4
},
{
"abstract": "We develop algebras for aggregation and minimisation for weight matrices and for edge weights in graphs. We verify the correctness of Prim's and Kruskal's minimum spanning tree algorithms based on these algebras. We also show numerous instances of these algebras based on linearly ordered commutative semigroups.",
"authors": [
"Walter Guttmann"
],
"date": "2018-09-15",
- "id": 266,
+ "id": 271,
"link": "/entries/Aggregation_Algebras.html",
"permalink": "/entries/Aggregation_Algebras.html",
"shortname": "Aggregation_Algebras",
"title": "Aggregation Algebras",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "We develop the basic theory of Octonions, including various identities and properties of the octonions and of the octonionic product, a description of 7D isometries and representations of orthogonal transformations. To this end we first develop the theory of the vector cross product in 7 dimensions. The development of the theory of Octonions is inspired by that of the theory of Quaternions by Lawrence Paulson. However, we do not work within the type class real_algebra_1 because the octonionic product is not associative.",
"authors": [
"Angeliki Koutsoukou-Argyraki"
],
"date": "2018-09-14",
- "id": 267,
+ "id": 272,
"link": "/entries/Octonions.html",
"permalink": "/entries/Octonions.html",
"shortname": "Octonions",
"title": "Octonions",
"topic_links": [
"mathematics/algebra",
"mathematics/geometry"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "This theory is inspired by the HOL Light development of quaternions, but follows its own route. Quaternions are developed coinductively, as in the existing formalisation of the complex numbers. Quaternions are quickly shown to belong to the type classes of real normed division algebras and real inner product spaces. And therefore they inherit a great body of facts involving algebraic laws, limits, continuity, etc., which must be proved explicitly in the HOL Light version. The development concludes with the geometric interpretation of the product of imaginary quaternions.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2018-09-05",
- "id": 268,
+ "id": 273,
"link": "/entries/Quaternions.html",
"permalink": "/entries/Quaternions.html",
"shortname": "Quaternions",
"title": "Quaternions",
"topic_links": [
"mathematics/algebra",
"mathematics/geometry"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "This entry is mainly about counting and approximating real roots (of a polynomial) with multiplicity. We have first formalised the Budan-Fourier theorem: given a polynomial with real coefficients, we can calculate sign variations on Fourier sequences to over-approximate the number of real roots (counting multiplicity) within an interval. When all roots are known to be real, the over-approximation becomes tight: we can utilise this theorem to count real roots exactly. It is also worth noting that Descartes' rule of sign is a direct consequence of the Budan-Fourier theorem, and has been included in this entry. In addition, we have extended previous formalised Sturm's theorem to count real roots with multiplicity, while the original Sturm's theorem only counts distinct real roots. Compared to the Budan-Fourier theorem, our extended Sturm's theorem always counts roots exactly but may suffer from greater computational cost.",
"authors": [
"Wenda Li"
],
"date": "2018-09-02",
- "id": 269,
+ "id": 274,
"link": "/entries/Budan_Fourier.html",
"permalink": "/entries/Budan_Fourier.html",
"shortname": "Budan_Fourier",
"title": "The Budan-Fourier Theorem and Counting Real Roots with Multiplicity",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 2
},
{
"abstract": "We present an Isabelle/HOL formalization and total correctness proof for the incremental version of the Simplex algorithm which is used in most state-of-the-art SMT solvers. It supports extraction of satisfying assignments, extraction of minimal unsatisfiable cores, incremental assertion of constraints and backtracking. The formalization relies on stepwise program refinement, starting from a simple specification, going through a number of refinement steps, and ending up in a fully executable functional implementation. Symmetries present in the algorithm are handled with special care.",
"authors": [
"Filip Marić",
"Mirko Spasić",
"René Thiemann"
],
"date": "2018-08-24",
- "id": 270,
+ "id": 275,
"link": "/entries/Simplex.html",
"permalink": "/entries/Simplex.html",
"shortname": "Simplex",
"title": "An Incremental Simplex Algorithm with Unsatisfiable Core Generation",
"topic_links": [
"computer-science/algorithms/optimization"
],
"topics": [
"Computer science/Algorithms/Optimization"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e We formalize undecidablity results for Minsky machines. To this end, we also formalize recursive inseparability. \u003c/p\u003e\u003cp\u003e We start by proving that Minsky machines can compute arbitrary primitive recursive and recursive functions. We then show that there is a deterministic Minsky machine with one argument and two final states such that the set of inputs that are accepted in one state is recursively inseparable from the set of inputs that are accepted in the other state. \u003c/p\u003e\u003cp\u003e As a corollary, the set of Minsky configurations that reach the first state but not the second recursively inseparable from the set of Minsky configurations that reach the second state but not the first. In particular both these sets are undecidable. \u003c/p\u003e\u003cp\u003e We do \u003cem\u003enot\u003c/em\u003e prove that recursive functions can simulate Minsky machines. \u003c/p\u003e",
"authors": [
"Bertram Felgenhauer"
],
"date": "2018-08-14",
- "id": 271,
+ "id": 276,
"link": "/entries/Minsky_Machines.html",
"permalink": "/entries/Minsky_Machines.html",
"shortname": "Minsky_Machines",
"title": "Minsky Machines",
"topic_links": [
"logic/computability"
],
"topics": [
"Logic/Computability"
],
"used_by": 0
},
{
"abstract": "We have formalized the computation of fair prices for derivative products in discrete financial models. As an application, we derive a way to compute fair prices of derivative products in the Cox-Ross-Rubinstein model of a financial market, thus completing the work that was presented in this \u003ca href=\"https://hal.archives-ouvertes.fr/hal-01562944\"\u003epaper\u003c/a\u003e.",
"authors": [
"Mnacho Echenim"
],
"date": "2018-07-16",
- "id": 272,
+ "id": 277,
"link": "/entries/DiscretePricing.html",
"permalink": "/entries/DiscretePricing.html",
"shortname": "DiscretePricing",
"title": "Pricing in discrete financial models",
"topic_links": [
"mathematics/probability-theory",
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Probability theory",
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "Utility functions form an essential part of game theory and economics. In order to guarantee the existence of utility functions most of the time sufficient properties are assumed in an axiomatic manner. One famous and very common set of such assumptions is that of expected utility theory. Here, the rationality, continuity, and independence of preferences is assumed. The von-Neumann-Morgenstern Utility theorem shows that these assumptions are necessary and sufficient for an expected utility function to exists. This theorem was proven by Neumann and Morgenstern in ``Theory of Games and Economic Behavior'' which is regarded as one of the most influential works in game theory. The formalization includes formal definitions of the underlying concepts including continuity and independence of preferences.",
"authors": [
"Julian Parsert",
"Cezary Kaliszyk"
],
"date": "2018-07-04",
- "id": 273,
+ "id": 278,
"link": "/entries/Neumann_Morgenstern_Utility.html",
"permalink": "/entries/Neumann_Morgenstern_Utility.html",
"shortname": "Neumann_Morgenstern_Utility",
"title": "Von-Neumann-Morgenstern Utility Theorem",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e This article gives the basic theory of Pell's equation \u003cem\u003ex\u003c/em\u003e\u003csup\u003e2\u003c/sup\u003e = 1 + \u003cem\u003eD\u003c/em\u003e\u0026thinsp;\u003cem\u003ey\u003c/em\u003e\u003csup\u003e2\u003c/sup\u003e, where \u003cem\u003eD\u003c/em\u003e\u0026thinsp;\u0026isin;\u0026thinsp;\u0026#8469; is a parameter and \u003cem\u003ex\u003c/em\u003e, \u003cem\u003ey\u003c/em\u003e are integer variables. \u003c/p\u003e \u003cp\u003e The main result that is proven is the following: If \u003cem\u003eD\u003c/em\u003e is not a perfect square, then there exists a \u003cem\u003efundamental solution\u003c/em\u003e (\u003cem\u003ex\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e, \u003cem\u003ey\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e) that is not the trivial solution (1, 0) and which generates all other solutions (\u003cem\u003ex\u003c/em\u003e, \u003cem\u003ey\u003c/em\u003e) in the sense that there exists some \u003cem\u003en\u003c/em\u003e\u0026thinsp;\u0026isin;\u0026thinsp;\u0026#8469; such that |\u003cem\u003ex\u003c/em\u003e| + |\u003cem\u003ey\u003c/em\u003e|\u0026thinsp;\u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e\u003cem\u003eD\u003c/em\u003e\u003c/span\u003e = (\u003cem\u003ex\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e + \u003cem\u003ey\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e\u0026thinsp;\u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e\u003cem\u003eD\u003c/em\u003e\u003c/span\u003e)\u003csup\u003e\u003cem\u003en\u003c/em\u003e\u003c/sup\u003e. This also implies that the set of solutions is infinite, and it gives us an explicit and executable characterisation of all the solutions. \u003c/p\u003e \u003cp\u003e Based on this, simple executable algorithms for computing the fundamental solution and the infinite sequence of all non-negative solutions are also provided. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2018-06-23",
- "id": 274,
+ "id": 279,
"link": "/entries/Pell.html",
"permalink": "/entries/Pell.html",
"shortname": "Pell",
"title": "Pell's Equation",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "We formalize the basics of projective geometry. In particular, we give a proof of the so-called Hessenberg's theorem in projective plane geometry. We also provide a proof of the so-called Desargues's theorem based on an axiomatization of (higher) projective space geometry using the notion of rank of a matroid. This last approach allows to handle incidence relations in an homogeneous way dealing only with points and without the need of talking explicitly about lines, planes or any higher entity.",
"authors": [
"Anthony Bordg"
],
"date": "2018-06-14",
- "id": 275,
+ "id": 280,
"link": "/entries/Projective_Geometry.html",
"permalink": "/entries/Projective_Geometry.html",
"shortname": "Projective_Geometry",
"title": "Projective Geometry",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "We formalize the localization of a commutative ring R with respect to a multiplicative subset (i.e. a submonoid of R seen as a multiplicative monoid). This localization is itself a commutative ring and we build the natural homomorphism of rings from R to its localization.",
"authors": [
"Anthony Bordg"
],
"date": "2018-06-14",
- "id": 276,
+ "id": 281,
"link": "/entries/Localization_Ring.html",
"permalink": "/entries/Localization_Ring.html",
"shortname": "Localization_Ring",
"title": "The Localization of a Commutative Ring",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
- "used_by": 0
+ "used_by": 1
},
{
"abstract": "This entry provides a formalization of the abstract theory of ample set partial order reduction. The formalization includes transition systems with actions, trace theory, as well as basics on finite, infinite, and lazy sequences. We also provide a basic framework for static analysis on concurrent systems with respect to the ample set condition.",
"authors": [
"Julian Brunner"
],
"date": "2018-06-05",
- "id": 277,
+ "id": 282,
"link": "/entries/Partial_Order_Reduction.html",
"permalink": "/entries/Partial_Order_Reduction.html",
"shortname": "Partial_Order_Reduction",
"title": "Partial Order Reduction",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "This article formalizes recursive algorithms for the construction of optimal binary search trees given fixed access frequencies. We follow Knuth (1971), Yao (1980) and Mehlhorn (1984). The algorithms are memoized with the help of the AFP article \u003ca href=\"Monad_Memo_DP.html\"\u003eMonadification, Memoization and Dynamic Programming\u003c/a\u003e, thus yielding dynamic programming algorithms.",
"authors": [
"Tobias Nipkow",
"Dániel Somogyi"
],
"date": "2018-05-27",
- "id": 278,
+ "id": 283,
"link": "/entries/Optimal_BST.html",
"permalink": "/entries/Optimal_BST.html",
"shortname": "Optimal_BST",
"title": "Optimal Binary Search Trees",
"topic_links": [
"computer-science/algorithms",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "This entry contains a formalization of hidden Markov models [3] based on Johannes Hölzl's formalization of discrete time Markov chains [1]. The basic definitions are provided and the correctness of two main (dynamic programming) algorithms for hidden Markov models is proved: the forward algorithm for computing the likelihood of an observed sequence, and the Viterbi algorithm for decoding the most probable hidden state sequence. The Viterbi algorithm is made executable including memoization. Hidden markov models have various applications in natural language processing. For an introduction see Jurafsky and Martin [2].",
"authors": [
"Simon Wimmer"
],
"date": "2018-05-25",
- "id": 279,
+ "id": 284,
"link": "/entries/Hidden_Markov_Models.html",
"permalink": "/entries/Hidden_Markov_Models.html",
"shortname": "Hidden_Markov_Models",
"title": "Hidden Markov Models",
"topic_links": [
"mathematics/probability-theory",
"computer-science/algorithms"
],
"topics": [
"Mathematics/Probability theory",
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "We present a formalization of probabilistic timed automata (PTA) for which we try to follow the formula MDP + TA = PTA as far as possible: our work starts from our existing formalizations of Markov decision processes (MDP) and timed automata (TA) and combines them modularly. We prove the fundamental result for probabilistic timed automata: the region construction that is known from timed automata carries over to the probabilistic setting. In particular, this allows us to prove that minimum and maximum reachability probabilities can be computed via a reduction to MDP model checking, including the case where one wants to disregard unrealizable behavior. Further information can be found in our ITP paper [2].",
"authors": [
"Simon Wimmer",
"Johannes Hölzl"
],
"date": "2018-05-24",
- "id": 280,
+ "id": 285,
"link": "/entries/Probabilistic_Timed_Automata.html",
"permalink": "/entries/Probabilistic_Timed_Automata.html",
"shortname": "Probabilistic_Timed_Automata",
"title": "Probabilistic Timed Automata",
"topic_links": [
"mathematics/probability-theory",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Mathematics/Probability theory",
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "This document provides a concise overview on the core results of our previous work on the exploration of axioms systems for category theory. Extending the previous studies (http://arxiv.org/abs/1609.01493) we include one further axiomatic theory in our experiments. This additional theory has been suggested by Mac Lane in 1948. We show that the axioms proposed by Mac Lane are equivalent to the ones we studied before, which includes an axioms set suggested by Scott in the 1970s and another axioms set proposed by Freyd and Scedrov in 1990, which we slightly modified to remedy a minor technical issue.",
"authors": [
"Christoph Benzmüller",
"Dana Scott"
],
"date": "2018-05-23",
- "id": 281,
+ "id": 286,
"link": "/entries/AxiomaticCategoryTheory.html",
"permalink": "/entries/AxiomaticCategoryTheory.html",
"shortname": "AxiomaticCategoryTheory",
"title": "Axiom Systems for Category Theory in Free Logic",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 0
},
{
"abstract": "We formalize with Isabelle/HOL a proof of a theorem by J. Hancl asserting the irrationality of the sum of a series consisting of rational numbers, built up by sequences that fulfill certain properties. Even though the criterion is a number theoretic result, the proof makes use only of analytical arguments. We also formalize a corollary of the theorem for a specific series fulfilling the assumptions of the theorem.",
"authors": [
"Angeliki Koutsoukou-Argyraki",
"Wenda Li"
],
"date": "2018-05-23",
- "id": 282,
+ "id": 287,
"link": "/entries/Irrationality_J_Hancl.html",
"permalink": "/entries/Irrationality_J_Hancl.html",
"shortname": "Irrationality_J_Hancl",
"title": "Irrational Rapidly Convergent Series",
"topic_links": [
"mathematics/number-theory",
"mathematics/analysis"
],
"topics": [
"Mathematics/Number theory",
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "We present a lightweight framework for the automatic verified (functional or imperative) memoization of recursive functions. Our tool can turn a pure Isabelle/HOL function definition into a monadified version in a state monad or the Imperative HOL heap monad, and prove a correspondence theorem. We provide a variety of memory implementations for the two types of monads. A number of simple techniques allow us to achieve bottom-up computation and space-efficient memoization. The framework’s utility is demonstrated on a number of representative dynamic programming problems. A detailed description of our work can be found in the accompanying paper [2].",
"authors": [
"Simon Wimmer",
"Shuwei Hu",
"Tobias Nipkow"
],
"date": "2018-05-22",
- "id": 283,
+ "id": 288,
"link": "/entries/Monad_Memo_DP.html",
"permalink": "/entries/Monad_Memo_DP.html",
"shortname": "Monad_Memo_DP",
"title": "Monadification, Memoization and Dynamic Programming",
"topic_links": [
"computer-science/algorithms",
"computer-science/functional-programming"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Functional programming"
],
"used_by": 2
},
{
"abstract": "We introduce OpSets, an executable framework for specifying and reasoning about the semantics of replicated datatypes that provide eventual consistency in a distributed system, and for mechanically verifying algorithms that implement these datatypes. Our approach is simple but expressive, allowing us to succinctly specify a variety of abstract datatypes, including maps, sets, lists, text, graphs, trees, and registers. Our datatypes are also composable, enabling the construction of complex data structures. To demonstrate the utility of OpSets for analysing replication algorithms, we highlight an important correctness property for collaborative text editing that has traditionally been overlooked; algorithms that do not satisfy this property can exhibit awkward interleaving of text. We use OpSets to specify this correctness property and prove that although one existing replication algorithm satisfies this property, several other published algorithms do not.",
"authors": [
"Martin Kleppmann",
"Victor B. F. Gomes",
"Dominic P. Mulligan",
"Alastair R. Beresford"
],
"date": "2018-05-10",
- "id": 284,
+ "id": 289,
"link": "/entries/OpSets.html",
"permalink": "/entries/OpSets.html",
"shortname": "OpSets",
"title": "OpSets: Sequential Specifications for Replicated Datatypes",
"topic_links": [
"computer-science/algorithms/distributed",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms/Distributed",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "The \"Modular Assembly Kit for Security Properties\" (MAKS) is a framework for both the definition and verification of possibilistic information-flow security properties at the specification-level. MAKS supports the uniform representation of a wide range of possibilistic information-flow properties and provides support for the verification of such properties via unwinding results and compositionality results. We provide a formalization of this framework in Isabelle/HOL.",
"authors": [
"Oliver Bračevac",
"Richard Gay",
"Sylvia Grewe",
"Heiko Mantel",
"Henning Sudbrock",
"Markus Tasch"
],
"date": "2018-05-07",
- "id": 285,
+ "id": 290,
"link": "/entries/Modular_Assembly_Kit_Security.html",
"permalink": "/entries/Modular_Assembly_Kit_Security.html",
"shortname": "Modular_Assembly_Kit_Security",
"title": "An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This is a mechanised specification of the WebAssembly language, drawn mainly from the previously published paper formalisation of Haas et al. Also included is a full proof of soundness of the type system, together with a verified type checker and interpreter. We include only a partial procedure for the extraction of the type checker and interpreter here. For more details, please see our paper in CPP 2018.",
"authors": [
"Conrad Watt"
],
"date": "2018-04-29",
- "id": 286,
+ "id": 291,
"link": "/entries/WebAssembly.html",
"permalink": "/entries/WebAssembly.html",
"shortname": "WebAssembly",
"title": "WebAssembly",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "\u003ca href=\"http://www.pm.inf.ethz.ch/research/verifythis.html\"\u003eVerifyThis 2018\u003c/a\u003e was a program verification competition associated with ETAPS 2018. It was the 7th event in the VerifyThis competition series. In this entry, we present polished and completed versions of our solutions that we created during the competition.",
"authors": [
"Peter Lammich",
"Simon Wimmer"
],
"date": "2018-04-27",
- "id": 287,
+ "id": 292,
"link": "/entries/VerifyThis2018.html",
"permalink": "/entries/VerifyThis2018.html",
"shortname": "VerifyThis2018",
"title": "VerifyThis 2018 - Polished Isabelle Solutions",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "Bounded natural functors (BNFs) provide a modular framework for the construction of (co)datatypes in higher-order logic. Their functorial operations, the mapper and relator, are restricted to a subset of the parameters, namely those where recursion can take place. For certain applications, such as free theorems, data refinement, quotients, and generalised rewriting, it is desirable that these operations do not ignore the other parameters. In this article, we formalise the generalisation BNF\u003csub\u003eCC\u003c/sub\u003e that extends the mapper and relator to covariant and contravariant parameters. We show that \u003col\u003e \u003cli\u003e BNF\u003csub\u003eCC\u003c/sub\u003es are closed under functor composition and least and greatest fixpoints,\u003c/li\u003e \u003cli\u003e subtypes inherit the BNF\u003csub\u003eCC\u003c/sub\u003e structure under conditions that generalise those for the BNF case, and\u003c/li\u003e \u003cli\u003e BNF\u003csub\u003eCC\u003c/sub\u003es preserve quotients under mild conditions.\u003c/li\u003e \u003c/ol\u003e These proofs are carried out for abstract BNF\u003csub\u003eCC\u003c/sub\u003es similar to the AFP entry BNF Operations. In addition, we apply the BNF\u003csub\u003eCC\u003c/sub\u003e theory to several concrete functors.",
"authors": [
"Andreas Lochbihler",
"Joshua Schneider"
],
"date": "2018-04-24",
- "id": 288,
+ "id": 293,
"link": "/entries/BNF_CC.html",
"permalink": "/entries/BNF_CC.html",
"shortname": "BNF_CC",
"title": "Bounded Natural Functors with Covariance and Contravariance",
"topic_links": [
"computer-science/functional-programming",
"tools"
],
"topics": [
"Computer science/Functional programming",
"Tools"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis formalisation contains the proof that there is no anonymous Social Choice Function for at least three agents and alternatives that fulfils both Pareto-Efficiency and Fishburn-Strategyproofness. It was derived from a proof of \u003ca href=\"http://dss.in.tum.de/files/brandt-research/stratset.pdf\"\u003eBrandt \u003cem\u003eet al.\u003c/em\u003e\u003c/a\u003e, which relies on an unverified translation of a fixed finite instance of the original problem to SAT. This Isabelle proof contains a machine-checked version of both the statement for exactly three agents and alternatives and the lifting to the general case.\u003c/p\u003e",
"authors": [
"Felix Brandt",
"Manuel Eberl",
"Christian Saile",
"Christian Stricker"
],
"date": "2018-03-22",
- "id": 289,
+ "id": 294,
"link": "/entries/Fishburn_Impossibility.html",
"permalink": "/entries/Fishburn_Impossibility.html",
"shortname": "Fishburn_Impossibility",
"title": "The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "This theory provides a verified implementation of weight-balanced trees following the work of \u003ca href=\"https://doi.org/10.1017/S0956796811000104\"\u003eHirai and Yamamoto\u003c/a\u003e who proved that all parameters in a certain range are valid, i.e. guarantee that insertion and deletion preserve weight-balance. Instead of a general theorem we provide parameterized proofs of preservation of the invariant that work for many (all?) valid parameters.",
"authors": [
"Tobias Nipkow",
"Stefan Dirix"
],
"date": "2018-03-13",
- "id": 290,
+ "id": 295,
"link": "/entries/Weight_Balanced_Trees.html",
"permalink": "/entries/Weight_Balanced_Trees.html",
"shortname": "Weight_Balanced_Trees",
"title": "Weight-Balanced Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "CakeML is a functional programming language with a proven-correct compiler and runtime system. This entry contains an unofficial version of the CakeML semantics that has been exported from the Lem specifications to Isabelle. Additionally, there are some hand-written theory files that adapt the exported code to Isabelle and port proofs from the HOL4 formalization, e.g. termination and equivalence proofs.",
"authors": [
"Lars Hupel",
"Yu Zhang"
],
"date": "2018-03-12",
- "id": 291,
+ "id": 296,
"link": "/entries/CakeML.html",
"permalink": "/entries/CakeML.html",
"shortname": "CakeML",
"title": "CakeML",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 1
},
{
"abstract": "The following document formalizes and verifies several architectural design patterns. Each pattern specification is formalized in terms of a locale where the locale assumptions correspond to the assumptions which a pattern poses on an architecture. Thus, pattern specifications may build on top of each other by interpreting the corresponding locale. A pattern is verified using the framework provided by the AFP entry Dynamic Architectures. Currently, the document consists of formalizations of 4 different patterns: the singleton, the publisher subscriber, the blackboard pattern, and the blockchain pattern. Thereby, the publisher component of the publisher subscriber pattern is modeled as an instance of the singleton pattern and the blackboard pattern is modeled as an instance of the publisher subscriber pattern. In general, this entry provides the first steps towards an overall theory of architectural design patterns.",
"authors": [
"Diego Marmsoler"
],
"date": "2018-03-01",
- "id": 292,
+ "id": 297,
"link": "/entries/Architectural_Design_Patterns.html",
"permalink": "/entries/Architectural_Design_Patterns.html",
"shortname": "Architectural_Design_Patterns",
"title": "A Theory of Architectural Design Patterns",
"topic_links": [
"computer-science/system-description-languages"
],
"topics": [
"Computer science/System description languages"
],
"used_by": 0
},
{
"abstract": "We study three different Hoare logics for reasoning about time bounds of imperative programs and formalize them in Isabelle/HOL: a classical Hoare like logic due to Nielson, a logic with potentials due to Carbonneaux \u003ci\u003eet al.\u003c/i\u003e and a \u003ci\u003eseparation logic\u003c/i\u003e following work by Atkey, Chaguérand and Pottier. These logics are formally shown to be sound and complete. Verification condition generators are developed and are shown sound and complete too. We also consider variants of the systems where we abstract from multiplicative constants in the running time bounds, thus supporting a big-O style of reasoning. Finally we compare the expressive power of the three systems.",
"authors": [
"Maximilian P. L. Haslbeck",
"Tobias Nipkow"
],
"date": "2018-02-26",
- "id": 293,
+ "id": 298,
"link": "/entries/Hoare_Time.html",
"permalink": "/entries/Hoare_Time.html",
"shortname": "Hoare_Time",
"title": "Hoare Logics for Time Bounds",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "Short vectors in lattices and factors of integer polynomials are related. Each factor of an integer polynomial belongs to a certain lattice. When factoring polynomials, the condition that we are looking for an irreducible polynomial means that we must look for a small element in a lattice, which can be done by a basis reduction algorithm. In this development we formalize this connection and thereby one main application of the LLL basis reduction algorithm: an algorithm to factor square-free integer polynomials which runs in polynomial time. The work is based on our previous Berlekamp–Zassenhaus development, where the exponential reconstruction phase has been replaced by the polynomial-time basis reduction algorithm. Thanks to this formalization we found a serious flaw in a textbook.",
"authors": [
"Jose Divasón",
"Sebastiaan J. C. Joosten",
"René Thiemann",
"Akihisa Yamada"
],
"date": "2018-02-06",
- "id": 294,
+ "id": 299,
"link": "/entries/LLL_Factorization.html",
"permalink": "/entries/LLL_Factorization.html",
"shortname": "LLL_Factorization",
"title": "A verified factorization algorithm for integer polynomials with polynomial complexity",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "We formalize basic results on first-order terms, including matching and a first-order unification algorithm, as well as well-foundedness of the subsumption order. This entry is part of the \u003ci\u003eIsabelle Formalization of Rewriting\u003c/i\u003e \u003ca href=\"http://cl-informatik.uibk.ac.at/isafor\"\u003eIsaFoR\u003c/a\u003e, where first-order terms are omni-present: the unification algorithm is used to certify several confluence and termination techniques, like critical-pair computation and dependency graph approximations; and the subsumption order is a crucial ingredient for completion.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2018-02-06",
- "id": 295,
+ "id": 300,
"link": "/entries/First_Order_Terms.html",
"permalink": "/entries/First_Order_Terms.html",
"shortname": "First_Order_Terms",
"title": "First-Order Terms",
"topic_links": [
"logic/rewriting",
"computer-science/algorithms"
],
"topics": [
"Logic/Rewriting",
"Computer science/Algorithms"
],
"used_by": 5
},
{
"abstract": "\u003cp\u003e This entry provides the definitions and basic properties of the complex and real error function erf and the complementary error function erfc. Additionally, it gives their full asymptotic expansions. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2018-02-06",
- "id": 296,
+ "id": 301,
"link": "/entries/Error_Function.html",
"permalink": "/entries/Error_Function.html",
"shortname": "Error_Function",
"title": "The Error Function",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e A Treap is a binary tree whose nodes contain pairs consisting of some payload and an associated priority. It must have the search-tree property w.r.t. the payloads and the heap property w.r.t. the priorities. Treaps are an interesting data structure that is related to binary search trees (BSTs) in the following way: if one forgets all the priorities of a treap, the resulting BST is exactly the same as if one had inserted the elements into an empty BST in order of ascending priority. This means that a treap behaves like a BST where we can pretend the elements were inserted in a different order from the one in which they were actually inserted. \u003c/p\u003e \u003cp\u003e In particular, by choosing these priorities at random upon insertion of an element, we can pretend that we inserted the elements in \u003cem\u003erandom order\u003c/em\u003e, so that the shape of the resulting tree is that of a random BST no matter in what order we insert the elements. This is the main result of this formalisation.\u003c/p\u003e",
"authors": [
"Max W. Haslbeck",
"Manuel Eberl",
"Tobias Nipkow"
],
"date": "2018-02-06",
- "id": 297,
+ "id": 302,
"link": "/entries/Treaps.html",
"permalink": "/entries/Treaps.html",
"shortname": "Treaps",
"title": "Treaps",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "The Lenstra-Lenstra-Lovász basis reduction algorithm, also known as LLL algorithm, is an algorithm to find a basis with short, nearly orthogonal vectors of an integer lattice. Thereby, it can also be seen as an approximation to solve the shortest vector problem (SVP), which is an NP-hard problem, where the approximation quality solely depends on the dimension of the lattice, but not the lattice itself. The algorithm also possesses many applications in diverse fields of computer science, from cryptanalysis to number theory, but it is specially well-known since it was used to implement the first polynomial-time algorithm to factor polynomials. In this work we present the first mechanized soundness proof of the LLL algorithm to compute short vectors in lattices. The formalization follows a textbook by von zur Gathen and Gerhard.",
"authors": [
"Ralph Bottesch",
"Jose Divasón",
"Max W. Haslbeck",
"Sebastiaan J. C. Joosten",
"René Thiemann",
"Akihisa Yamada"
],
"date": "2018-02-02",
- "id": 298,
+ "id": 303,
"link": "/entries/LLL_Basis_Reduction.html",
"permalink": "/entries/LLL_Basis_Reduction.html",
"shortname": "LLL_Basis_Reduction",
"title": "A verified LLL algorithm",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Algebra"
],
"used_by": 3
},
{
"abstract": "This Isabelle/HOL formalization covers Sections 2 to 4 of Bachmair and Ganzinger's \"Resolution Theorem Proving\" chapter in the \u003cem\u003eHandbook of Automated Reasoning\u003c/em\u003e. This includes soundness and completeness of unordered and ordered variants of ground resolution with and without literal selection, the standard redundancy criterion, a general framework for refutational theorem proving, and soundness and completeness of an abstract first-order prover.",
"authors": [
"Anders Schlichtkrull",
"Jasmin Christian Blanchette",
"Dmitriy Traytel",
"Uwe Waldmann"
],
"date": "2018-01-18",
- "id": 299,
+ "id": 304,
"link": "/entries/Ordered_Resolution_Prover.html",
"permalink": "/entries/Ordered_Resolution_Prover.html",
"shortname": "Ordered_Resolution_Prover",
"title": "Formalization of Bachmair and Ganzinger's Ordered Resolution Prover",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 4
},
{
"abstract": "A geodesic metric space is Gromov hyperbolic if all its geodesic triangles are thin, i.e., every side is contained in a fixed thickening of the two other sides. While this definition looks innocuous, it has proved extremely important and versatile in modern geometry since its introduction by Gromov. We formalize the basic classical properties of Gromov hyperbolic spaces, notably the Morse lemma asserting that quasigeodesics are close to geodesics, the invariance of hyperbolicity under quasi-isometries, we define and study the Gromov boundary and its associated distance, and prove that a quasi-isometry between Gromov hyperbolic spaces extends to a homeomorphism of the boundaries. We also prove a less classical theorem, by Bonk and Schramm, asserting that a Gromov hyperbolic space embeds isometrically in a geodesic Gromov-hyperbolic space. As the original proof uses a transfinite sequence of Cauchy completions, this is an interesting formalization exercise. Along the way, we introduce basic material on isometries, quasi-isometries, Lipschitz maps, geodesic spaces, the Hausdorff distance, the Cauchy completion of a metric space, and the exponential on extended real numbers.",
"authors": [
"Sebastien Gouezel"
],
"date": "2018-01-16",
- "id": 300,
+ "id": 305,
"link": "/entries/Gromov_Hyperbolicity.html",
"permalink": "/entries/Gromov_Hyperbolicity.html",
"shortname": "Gromov_Hyperbolicity",
"title": "Gromov Hyperbolicity",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "We formalise a statement of Green’s theorem—the first formalisation to our knowledge—in Isabelle/HOL. The theorem statement that we formalise is enough for most applications, especially in physics and engineering. Our formalisation is made possible by a novel proof that avoids the ubiquitous line integral cancellation argument. This eliminates the need to formalise orientations and region boundaries explicitly with respect to the outwards-pointing normal vector. Instead we appeal to a homological argument about equivalences between paths.",
"authors": [
"Mohammad Abdulaziz",
"Lawrence C. Paulson"
],
"date": "2018-01-11",
- "id": 301,
+ "id": 306,
"link": "/entries/Green.html",
"permalink": "/entries/Green.html",
"shortname": "Green",
"title": "An Isabelle/HOL formalisation of Green's Theorem",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "We present a formally verified implementation of multivariate Taylor models. Taylor models are a form of rigorous polynomial approximation, consisting of an approximation polynomial based on Taylor expansions, combined with a rigorous bound on the approximation error. Taylor models were introduced as a tool to mitigate the dependency problem of interval arithmetic. Our implementation automatically computes Taylor models for the class of elementary functions, expressed by composition of arithmetic operations and basic functions like exp, sin, or square root.",
"authors": [
"Christoph Traut",
"Fabian Immler"
],
"date": "2018-01-08",
- "id": 302,
+ "id": 307,
"link": "/entries/Taylor_Models.html",
"permalink": "/entries/Taylor_Models.html",
"shortname": "Taylor_Models",
"title": "Taylor Models",
"topic_links": [
"computer-science/algorithms/mathematical",
"computer-science/data-structures",
"mathematics/analysis",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Computer science/Data structures",
"Mathematics/Analysis",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This entry shows that the falling factorial of a sum can be computed with an expression using binomial coefficients and the falling factorial of its summands. The entry provides three different proofs: a combinatorial proof, an induction proof and an algebraic proof using the Vandermonde identity. The three formalizations try to follow their informal presentations from a Mathematics Stack Exchange page as close as possible. The induction and algebraic formalization end up to be very close to their informal presentation, whereas the combinatorial proof first requires the introduction of list interleavings, and significant more detail than its informal presentation.",
"authors": [
"Lukas Bulwahn"
],
"date": "2017-12-22",
- "id": 303,
+ "id": 308,
"link": "/entries/Falling_Factorial_Sum.html",
"permalink": "/entries/Falling_Factorial_Sum.html",
"shortname": "Falling_Factorial_Sum",
"title": "The Falling Factorial of a Sum",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a formalisation of Dirichlet characters and Dirichlet \u003cem\u003eL\u003c/em\u003e-functions including proofs of their basic properties \u0026ndash; most notably their analyticity, their areas of convergence, and their non-vanishing for \u0026Re;(s) \u0026ge; 1. All of this is built in a very high-level style using Dirichlet series. The proof of the non-vanishing follows a very short and elegant proof by Newman, which we attempt to reproduce faithfully in a similar level of abstraction in Isabelle.\u003c/p\u003e \u003cp\u003eThis also leads to a relatively short proof of Dirichlet’s Theorem, which states that, if \u003cem\u003eh\u003c/em\u003e and \u003cem\u003en\u003c/em\u003e are coprime, there are infinitely many primes \u003cem\u003ep\u003c/em\u003e with \u003cem\u003ep\u003c/em\u003e \u0026equiv; \u003cem\u003eh\u003c/em\u003e (mod \u003cem\u003en\u003c/em\u003e).\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-12-21",
- "id": 304,
+ "id": 309,
"link": "/entries/Dirichlet_L.html",
"permalink": "/entries/Dirichlet_L.html",
"shortname": "Dirichlet_L",
"title": "Dirichlet L-Functions and Dirichlet's Theorem",
"topic_links": [
"mathematics/number-theory",
"mathematics/algebra"
],
"topics": [
"Mathematics/Number theory",
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis article provides a formalisation of Snyder’s simple and elegant proof of the Mason\u0026ndash;Stothers theorem, which is the polynomial analogue of the famous abc Conjecture for integers. Remarkably, Snyder found this very elegant proof when he was still a high-school student.\u003c/p\u003e \u003cp\u003eIn short, the statement of the theorem is that three non-zero coprime polynomials \u003cem\u003eA\u003c/em\u003e, \u003cem\u003eB\u003c/em\u003e, \u003cem\u003eC\u003c/em\u003e over a field which sum to 0 and do not all have vanishing derivatives fulfil max{deg(\u003cem\u003eA\u003c/em\u003e), deg(\u003cem\u003eB\u003c/em\u003e), deg(\u003cem\u003eC\u003c/em\u003e)} \u003c deg(rad(\u003cem\u003eABC\u003c/em\u003e)) where the rad(\u003cem\u003eP\u003c/em\u003e) denotes the \u003cem\u003eradical\u003c/em\u003e of \u003cem\u003eP\u003c/em\u003e, i.\u0026thinsp;e. the product of all unique irreducible factors of \u003cem\u003eP\u003c/em\u003e.\u003c/p\u003e \u003cp\u003eThis theorem also implies a kind of polynomial analogue of Fermat’s Last Theorem for polynomials: except for trivial cases, \u003cem\u003eA\u003csup\u003en\u003c/sup\u003e\u003c/em\u003e + \u003cem\u003eB\u003csup\u003en\u003c/sup\u003e\u003c/em\u003e + \u003cem\u003eC\u003csup\u003en\u003c/sup\u003e\u003c/em\u003e = 0 implies n\u0026nbsp;\u0026le;\u0026nbsp;2 for coprime polynomials \u003cem\u003eA\u003c/em\u003e, \u003cem\u003eB\u003c/em\u003e, \u003cem\u003eC\u003c/em\u003e over a field.\u003c/em\u003e\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-12-21",
- "id": 305,
+ "id": 310,
"link": "/entries/Mason_Stothers.html",
"permalink": "/entries/Mason_Stothers.html",
"shortname": "Mason_Stothers",
"title": "The Mason–Stothers Theorem",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry provides an executable functional implementation of the Median-of-Medians algorithm for selecting the \u003cem\u003ek\u003c/em\u003e-th smallest element of an unsorted list deterministically in linear time. The size bounds for the recursive call that lead to the linear upper bound on the run-time of the algorithm are also proven. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-12-21",
- "id": 306,
+ "id": 311,
"link": "/entries/Median_Of_Medians_Selection.html",
"permalink": "/entries/Median_Of_Medians_Selection.html",
"shortname": "Median_Of_Medians_Selection",
"title": "The Median-of-Medians Selection Algorithm",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 1
},
{
"abstract": "This entry formalizes the closure property of bounded natural functors (BNFs) under seven operations. These operations and the corresponding proofs constitute the core of Isabelle's (co)datatype package. To be close to the implemented tactics, the proofs are deliberately formulated as detailed apply scripts. The (co)datatypes together with (co)induction principles and (co)recursors are byproducts of the fixpoint operations LFP and GFP. Composition of BNFs is subdivided into four simpler operations: Compose, Kill, Lift, and Permute. The N2M operation provides mutual (co)induction principles and (co)recursors for nested (co)datatypes.",
"authors": [
"Jasmin Christian Blanchette",
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2017-12-19",
- "id": 307,
+ "id": 312,
"link": "/entries/BNF_Operations.html",
"permalink": "/entries/BNF_Operations.html",
"shortname": "BNF_Operations",
"title": "Operations on Bounded Natural Functors",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 0
},
{
"abstract": "The Knuth-Morris-Pratt algorithm is often used to show that the problem of finding a string \u003ci\u003es\u003c/i\u003e in a text \u003ci\u003et\u003c/i\u003e can be solved deterministically in \u003ci\u003eO(|s| + |t|)\u003c/i\u003e time. We use the Isabelle Refinement Framework to formulate and verify the algorithm. Via refinement, we apply some optimisations and finally use the \u003cem\u003eSepref\u003c/em\u003e tool to obtain executable code in \u003cem\u003eImperative/HOL\u003c/em\u003e.",
"authors": [
"Fabian Hellauer",
"Peter Lammich"
],
"date": "2017-12-18",
- "id": 308,
+ "id": 313,
"link": "/entries/Knuth_Morris_Pratt.html",
"permalink": "/entries/Knuth_Morris_Pratt.html",
"shortname": "Knuth_Morris_Pratt",
"title": "The string search algorithm by Knuth, Morris and Pratt",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "Stochastic matrices are a convenient way to model discrete-time and finite state Markov chains. The Perron\u0026ndash;Frobenius theorem tells us something about the existence and uniqueness of non-negative eigenvectors of a stochastic matrix. In this entry, we formalize stochastic matrices, link the formalization to the existing AFP-entry on Markov chains, and apply the Perron\u0026ndash;Frobenius theorem to prove that stationary distributions always exist, and they are unique if the stochastic matrix is irreducible.",
"authors": [
"René Thiemann"
],
"date": "2017-11-22",
- "id": 309,
+ "id": 314,
"link": "/entries/Stochastic_Matrices.html",
"permalink": "/entries/Stochastic_Matrices.html",
"shortname": "Stochastic_Matrices",
"title": "Stochastic Matrices and the Perron-Frobenius Theorem",
"topic_links": [
"mathematics/algebra",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Mathematics/Algebra",
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "We provide our Isabelle/HOL formalization of a Conflict-free Replicated Datatype for Internet Message Access Protocol commands. We show that Strong Eventual Consistency (SEC) is guaranteed by proving the commutativity of concurrent operations. We base our formalization on the recently proposed \"framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes\" (AFP.CRDT) from Gomes et al. Hence, we provide an additional example of how the recently proposed framework can be used to design and prove CRDTs.",
"authors": [
"Tim Jungnickel",
"Lennart Oldenburg",
"Matthias Loibl"
],
"date": "2017-11-09",
- "id": 310,
+ "id": 315,
"link": "/entries/IMAP-CRDT.html",
"permalink": "/entries/IMAP-CRDT.html",
"shortname": "IMAP-CRDT",
"title": "The IMAP CmRDT",
"topic_links": [
"computer-science/algorithms/distributed",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms/Distributed",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "We present a semantic embedding of a spatio-temporal multi-modal logic, specifically defined to reason about motorway traffic, into Isabelle/HOL. The semantic model is an abstraction of a motorway, emphasising local spatial properties, and parameterised by the types of sensors deployed in the vehicles. We use the logic to define controller constraints to ensure safety, i.e., the absence of collisions on the motorway. After proving safety with a restrictive definition of sensors, we relax these assumptions and show how to amend the controller constraints to still guarantee safety.",
"authors": [
"Sven Linker"
],
"date": "2017-11-06",
- "id": 311,
+ "id": 316,
"link": "/entries/Hybrid_Multi_Lane_Spatial_Logic.html",
"permalink": "/entries/Hybrid_Multi_Lane_Spatial_Logic.html",
"shortname": "Hybrid_Multi_Lane_Spatial_Logic",
"title": "Hybrid Multi-Lane Spatial Logic",
"topic_links": [
"logic/general-logic/modal-logic"
],
"topics": [
"Logic/General logic/Modal logic"
],
"used_by": 0
},
{
"abstract": "We discuss a topological curiosity discovered by Kuratowski (1922): the fact that the number of distinct operators on a topological space generated by compositions of closure and complement never exceeds 14, and is exactly 14 in the case of R. In addition, we prove a theorem due to Chagrov (1982) that classifies topological spaces according to the number of such operators they support.",
"authors": [
"Peter Gammie",
"Gianpaolo Gioiosa"
],
"date": "2017-10-26",
- "id": 312,
+ "id": 317,
"link": "/entries/Kuratowski_Closure_Complement.html",
"permalink": "/entries/Kuratowski_Closure_Complement.html",
"shortname": "Kuratowski_Closure_Complement",
"title": "The Kuratowski Closure-Complement Theorem",
"topic_links": [
"mathematics/topology"
],
"topics": [
"Mathematics/Topology"
],
"used_by": 0
},
{
"abstract": "This entry provides a verified implementation of rank-based Büchi Complementation. The verification is done in three steps: \u003col\u003e \u003cli\u003eDefinition of odd rankings and proof that an automaton rejects a word iff there exists an odd ranking for it.\u003c/li\u003e \u003cli\u003eDefinition of the complement automaton and proof that it accepts exactly those words for which there is an odd ranking.\u003c/li\u003e \u003cli\u003eVerified implementation of the complement automaton using the Isabelle Collections Framework.\u003c/li\u003e \u003c/ol\u003e",
"authors": [
"Julian Brunner"
],
"date": "2017-10-19",
- "id": 313,
+ "id": 318,
"link": "/entries/Buchi_Complementation.html",
"permalink": "/entries/Buchi_Complementation.html",
"shortname": "Buchi_Complementation",
"title": "Büchi Complementation",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "This entry provides a very abstract theory of transition systems that can be instantiated to express various types of automata. A transition system is typically instantiated by providing a set of initial states, a predicate for enabled transitions, and a transition execution function. From this, it defines the concepts of finite and infinite paths as well as the set of reachable states, among other things. Many useful theorems, from basic path manipulation rules to coinduction and run construction rules, are proven in this abstract transition system context. The library comes with instantiations for DFAs, NFAs, and Büchi automata.",
"authors": [
"Julian Brunner"
],
"date": "2017-10-19",
- "id": 314,
+ "id": 319,
"link": "/entries/Transition_Systems_and_Automata.html",
"permalink": "/entries/Transition_Systems_and_Automata.html",
"shortname": "Transition_Systems_and_Automata",
"title": "Transition Systems and Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 4
},
{
"abstract": "Based on evaluating Cauchy indices through remainder sequences, this entry provides an effective procedure to count the number of complex roots (with multiplicity) of a polynomial within various shapes (e.g., rectangle, circle and half-plane). Potential applications of this entry include certified complex root isolation (of a polynomial) and testing the Routh-Hurwitz stability criterion (i.e., to check whether all the roots of some characteristic polynomial have negative real parts).",
"authors": [
"Wenda Li"
],
"date": "2017-10-17",
- "id": 315,
+ "id": 320,
"link": "/entries/Count_Complex_Roots.html",
"permalink": "/entries/Count_Complex_Roots.html",
"shortname": "Count_Complex_Roots",
"title": "Count the Number of Complex Roots",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "In complex analysis, the winding number measures the number of times a path (counterclockwise) winds around a point, while the Cauchy index can approximate how the path winds. This entry provides a formalisation of the Cauchy index, which is then shown to be related to the winding number. In addition, this entry also offers a tactic that enables users to evaluate the winding number by calculating Cauchy indices.",
"authors": [
"Wenda Li"
],
"date": "2017-10-17",
- "id": 316,
+ "id": 321,
"link": "/entries/Winding_Number_Eval.html",
"permalink": "/entries/Winding_Number_Eval.html",
"shortname": "Winding_Number_Eval",
"title": "Evaluate Winding Numbers through Cauchy Indices",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 2
},
{
"abstract": "We formalize the theory of homogeneous linear diophantine equations, focusing on two main results: (1) an abstract characterization of minimal complete sets of solutions, and (2) an algorithm computing them. Both, the characterization and the algorithm are based on previous work by Huet. Our starting point is a simple but inefficient variant of Huet's lexicographic algorithm incorporating improved bounds due to Clausen and Fortenbacher. We proceed by proving its soundness and completeness. Finally, we employ code equations to obtain a reasonably efficient implementation. Thus, we provide a formally verified solver for homogeneous linear diophantine equations.",
"authors": [
"Florian Messner",
"Julian Parsert",
"Jonas Schöpf",
"Christian Sternagel"
],
"date": "2017-10-14",
- "id": 317,
+ "id": 322,
"link": "/entries/Diophantine_Eqns_Lin_Hom.html",
"permalink": "/entries/Diophantine_Eqns_Lin_Hom.html",
"shortname": "Diophantine_Eqns_Lin_Hom",
"title": "Homogeneous Linear Diophantine Equations",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/number-theory",
"tools"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Number theory",
"Tools"
],
"used_by": 0
},
{
"abstract": "This entry is a formalisation of much of Chapters 2, 3, and 11 of Apostol's \u0026ldquo;Introduction to Analytic Number Theory\u0026rdquo;. This includes: \u003cul\u003e \u003cli\u003eDefinitions and basic properties for several number-theoretic functions (Euler's \u0026phi;, M\u0026ouml;bius \u0026mu;, Liouville's \u0026lambda;, the divisor function \u0026sigma;, von Mangoldt's \u0026Lambda;)\u003c/li\u003e \u003cli\u003eExecutable code for most of these functions, the most efficient implementations using the factoring algorithm by Thiemann \u003ci\u003eet al.\u003c/i\u003e\u003c/li\u003e \u003cli\u003eDirichlet products and formal Dirichlet series\u003c/li\u003e \u003cli\u003eAnalytic results connecting convergent formal Dirichlet series to complex functions\u003c/li\u003e \u003cli\u003eEuler product expansions\u003c/li\u003e \u003cli\u003eAsymptotic estimates of number-theoretic functions including the density of squarefree integers and the average number of divisors of a natural number\u003c/li\u003e \u003c/ul\u003e These results are useful as a basis for developing more number-theoretic results, such as the Prime Number Theorem.",
"authors": [
"Manuel Eberl"
],
"date": "2017-10-12",
- "id": 318,
+ "id": 323,
"link": "/entries/Dirichlet_Series.html",
"permalink": "/entries/Dirichlet_Series.html",
"shortname": "Dirichlet_Series",
"title": "Dirichlet Series",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 4
},
{
"abstract": "\u003cp\u003e Linear recurrences with constant coefficients are an interesting class of recurrence equations that can be solved explicitly. The most famous example are certainly the Fibonacci numbers with the equation \u003ci\u003ef\u003c/i\u003e(\u003ci\u003en\u003c/i\u003e) = \u003ci\u003ef\u003c/i\u003e(\u003ci\u003en\u003c/i\u003e-1) + \u003ci\u003ef\u003c/i\u003e(\u003ci\u003en\u003c/i\u003e - 2) and the quite non-obvious closed form (\u003ci\u003e\u0026phi;\u003c/i\u003e\u003csup\u003e\u003ci\u003en\u003c/i\u003e\u003c/sup\u003e - (-\u003ci\u003e\u0026phi;\u003c/i\u003e)\u003csup\u003e-\u003ci\u003en\u003c/i\u003e\u003c/sup\u003e) / \u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e5\u003c/span\u003e where \u0026phi; is the golden ratio. \u003c/p\u003e \u003cp\u003e In this work, I build on existing tools in Isabelle \u0026ndash; such as formal power series and polynomial factorisation algorithms \u0026ndash; to develop a theory of these recurrences and derive a fully executable solver for them that can be exported to programming languages like Haskell. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-10-12",
- "id": 319,
+ "id": 324,
"link": "/entries/Linear_Recurrences.html",
"permalink": "/entries/Linear_Recurrences.html",
"shortname": "Linear_Recurrences",
"title": "Linear Recurrences",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis entry builds upon the results about formal and analytic Dirichlet series to define the Hurwitz \u0026zeta; function \u0026zeta;(\u003cem\u003ea\u003c/em\u003e,\u003cem\u003es\u003c/em\u003e) and, based on that, the Riemann \u0026zeta; function \u0026zeta;(\u003cem\u003es\u003c/em\u003e). This is done by first defining them for \u0026real;(\u003cem\u003ez\u003c/em\u003e) \u003e 1 and then successively extending the domain to the left using the Euler\u0026ndash;MacLaurin formula.\u003c/p\u003e \u003cp\u003eApart from the most basic facts such as analyticity, the following results are provided:\u003c/p\u003e \u003cul\u003e \u003cli\u003ethe Stieltjes constants and the Laurent expansion of \u0026zeta;(\u003cem\u003es\u003c/em\u003e) at \u003cem\u003es\u003c/em\u003e = 1\u003c/li\u003e \u003cli\u003ethe non-vanishing of \u0026zeta;(\u003cem\u003es\u003c/em\u003e) for \u0026real;(\u003cem\u003ez\u003c/em\u003e) \u0026ge; 1\u003c/li\u003e \u003cli\u003ethe relationship between \u0026zeta;(\u003cem\u003ea\u003c/em\u003e,\u003cem\u003es\u003c/em\u003e) and \u0026Gamma;\u003c/li\u003e \u003cli\u003ethe special values at negative integers and positive even integers\u003c/li\u003e \u003cli\u003eHurwitz's formula and the reflection formula for \u0026zeta;(\u003cem\u003es\u003c/em\u003e)\u003c/li\u003e \u003cli\u003ethe \u003ca href=\"https://arxiv.org/abs/math/0405478\"\u003e Hadjicostas\u0026ndash;Chapman formula\u003c/a\u003e\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eThe entry also contains Euler's analytic proof of the infinitude of primes, based on the fact that \u0026zeta;(\u003ci\u003es\u003c/i\u003e) has a pole at \u003ci\u003es\u003c/i\u003e = 1.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-10-12",
- "id": 320,
+ "id": 325,
"link": "/entries/Zeta_Function.html",
"permalink": "/entries/Zeta_Function.html",
"shortname": "Zeta_Function",
"title": "The Hurwitz and Riemann ζ Functions",
"topic_links": [
"mathematics/number-theory",
"mathematics/analysis"
],
"topics": [
"Mathematics/Number theory",
"Mathematics/Analysis"
],
"used_by": 3
},
{
"abstract": "Computers may help us to understand --not just verify-- philosophical arguments. By utilizing modern proof assistants in an iterative interpretive process, we can reconstruct and assess an argument by fully formal means. Through the mechanization of a variant of St. Anselm's ontological argument by E. J. Lowe, which is a paradigmatic example of a natural-language argument with strong ties to metaphysics and religion, we offer an ideal showcase for our computer-assisted interpretive method.",
"authors": [
"David Fuenmayor",
"Christoph Benzmüller"
],
"date": "2017-09-21",
- "id": 321,
+ "id": 326,
"link": "/entries/Lowe_Ontological_Argument.html",
"permalink": "/entries/Lowe_Ontological_Argument.html",
"shortname": "Lowe_Ontological_Argument",
"title": "Computer-assisted Reconstruction and Assessment of E. J. Lowe's Modal Ontological Argument",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e We present an embedding of the second-order fragment of the Theory of Abstract Objects as described in Edward Zalta's upcoming work \u003ca href=\"https://mally.stanford.edu/principia.pdf\"\u003ePrincipia Logico-Metaphysica (PLM)\u003c/a\u003e in the automated reasoning framework Isabelle/HOL. The Theory of Abstract Objects is a metaphysical theory that reifies property patterns, as they for example occur in the abstract reasoning of mathematics, as \u003cb\u003eabstract objects\u003c/b\u003e and provides an axiomatic framework that allows to reason about these objects. It thereby serves as a fundamental metaphysical theory that can be used to axiomatize and describe a wide range of philosophical objects, such as Platonic forms or Leibniz' concepts, and has the ambition to function as a foundational theory of mathematics. The target theory of our embedding as described in chapters 7-9 of PLM employs a modal relational type theory as logical foundation for which a representation in functional type theory is \u003ca href=\"https://mally.stanford.edu/Papers/rtt.pdf\"\u003eknown to be challenging\u003c/a\u003e. \u003c/p\u003e \u003cp\u003e Nevertheless we arrive at a functioning representation of the theory in the functional logic of Isabelle/HOL based on a semantical representation of an Aczel-model of the theory. Based on this representation we construct an implementation of the deductive system of PLM which allows to automatically and interactively find and verify theorems of PLM. \u003c/p\u003e \u003cp\u003e Our work thereby supports the concept of shallow semantical embeddings of logical systems in HOL as a universal tool for logical reasoning \u003ca href=\"http://www.mi.fu-berlin.de/inf/groups/ag-ki/publications/Universal-Reasoning/1703_09620_pd.pdf\"\u003eas promoted by Christoph Benzm\u0026uuml;ller\u003c/a\u003e. \u003c/p\u003e \u003cp\u003e The most notable result of the presented work is the discovery of a previously unknown paradox in the formulation of the Theory of Abstract Objects. The embedding of the theory in Isabelle/HOL played a vital part in this discovery. Furthermore it was possible to immediately offer several options to modify the theory to guarantee its consistency. Thereby our work could provide a significant contribution to the development of a proper grounding for object theory. \u003c/p\u003e",
"authors": [
"Daniel Kirchner"
],
"date": "2017-09-17",
- "id": 322,
+ "id": 327,
"link": "/entries/PLM.html",
"permalink": "/entries/PLM.html",
"shortname": "PLM",
"title": "Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "Paul Oppenheimer and Edward Zalta's formalisation of Anselm's ontological argument for the existence of God is automated by embedding a free logic for definite descriptions within Isabelle/HOL.",
"authors": [
"Ben Blumson"
],
"date": "2017-09-06",
- "id": 323,
+ "id": 328,
"link": "/entries/AnselmGod.html",
"permalink": "/entries/AnselmGod.html",
"shortname": "AnselmGod",
"title": "Anselm's God in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "Economic activity has always been a fundamental part of society. Due to modern day politics, economic theory has gained even more influence on our lives. Thus we want models and theories to be as precise as possible. This can be achieved using certification with the help of formal proof technology. Hence we will use Isabelle/HOL to construct two economic models, that of the the pure exchange economy and a version of the Arrow-Debreu Model. We will prove that the \u003ci\u003eFirst Theorem of Welfare Economics\u003c/i\u003e holds within both. The theorem is the mathematical formulation of Adam Smith's famous \u003ci\u003einvisible hand\u003c/i\u003e and states that a group of self-interested and rational actors will eventually achieve an efficient allocation of goods and services.",
"authors": [
"Julian Parsert",
"Cezary Kaliszyk"
],
"date": "2017-09-01",
- "id": 324,
+ "id": 329,
"link": "/entries/First_Welfare_Theorem.html",
"permalink": "/entries/First_Welfare_Theorem.html",
"shortname": "First_Welfare_Theorem",
"title": "Microeconomics and the First Welfare Theorem",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 1
},
{
"abstract": "The Orbit-Stabiliser theorem is a basic result in the algebra of groups that factors the order of a group into the sizes of its orbits and stabilisers. We formalize the notion of a group action and the related concepts of orbits and stabilisers. This allows us to prove the orbit-stabiliser theorem. In the second part of this work, we formalize the tetrahedral group and use the orbit-stabiliser theorem to prove that there are twelve (orientation-preserving) rotations of the tetrahedron.",
"authors": [
"Jonas Rädle"
],
"date": "2017-08-20",
- "id": 325,
+ "id": 330,
"link": "/entries/Orbit_Stabiliser.html",
"permalink": "/entries/Orbit_Stabiliser.html",
"shortname": "Orbit_Stabiliser",
"title": "Orbit-Stabiliser Theorem with Application to Rotational Symmetries",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e Andersson introduced \u003cem\u003egeneral balanced trees\u003c/em\u003e, search trees based on the design principle of partial rebuilding: perform update operations naively until the tree becomes too unbalanced, at which point a whole subtree is rebalanced. This article defines and analyzes a functional version of general balanced trees, which we call \u003cem\u003eroot-balanced trees\u003c/em\u003e. Using a lightweight model of execution time, amortized logarithmic complexity is verified in the theorem prover Isabelle. \u003c/p\u003e \u003cp\u003e This is the Isabelle formalization of the material decribed in the APLAS 2017 article \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/aplas17.html\"\u003eVerified Root-Balanced Trees\u003c/a\u003e by the same author, which also presents experimental results that show competitiveness of root-balanced with AVL and red-black trees. \u003c/p\u003e",
"authors": [
"Tobias Nipkow"
],
"date": "2017-08-20",
- "id": 326,
+ "id": 331,
"link": "/entries/Root_Balanced_Tree.html",
"permalink": "/entries/Root_Balanced_Tree.html",
"shortname": "Root_Balanced_Tree",
"title": "Root-Balanced Tree",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 2
},
{
"abstract": "The propositions-as-types correspondence is ordinarily presented as linking the metatheory of typed λ-calculi and the proof theory of intuitionistic logic. Griffin observed that this correspondence could be extended to classical logic through the use of control operators. This observation set off a flurry of further research, leading to the development of Parigots λμ-calculus. In this work, we formalise λμ- calculus in Isabelle/HOL and prove several metatheoretical properties such as type preservation and progress.",
"authors": [
"Cristina Matache",
"Victor B. F. Gomes",
"Dominic P. Mulligan"
],
"date": "2017-08-16",
- "id": 327,
+ "id": 332,
"link": "/entries/LambdaMu.html",
"permalink": "/entries/LambdaMu.html",
"shortname": "LambdaMu",
"title": "The LambdaMu-calculus",
"topic_links": [
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 0
},
{
"abstract": "This entry formalizes the two geometric theorems, Stewart's and Apollonius' theorem. Stewart's Theorem relates the length of a triangle's cevian to the lengths of the triangle's two sides. Apollonius' Theorem is a specialisation of Stewart's theorem, restricting the cevian to be the median. The proof applies the law of cosines, some basic geometric facts about triangles and then simply transforms the terms algebraically to yield the conjectured relation. The formalization in Isabelle can closely follow the informal proofs described in the Wikipedia articles of those two theorems.",
"authors": [
"Lukas Bulwahn"
],
"date": "2017-07-31",
- "id": 328,
+ "id": 333,
"link": "/entries/Stewart_Apollonius.html",
"permalink": "/entries/Stewart_Apollonius.html",
"shortname": "Stewart_Apollonius",
"title": "Stewart's Theorem and Apollonius' Theorem",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "The architecture of a system describes the system's overall organization into components and connections between those components. With the emergence of mobile computing, dynamic architectures have become increasingly important. In such architectures, components may appear or disappear, and connections may change over time. In the following we mechanize a theory of dynamic architectures and verify the soundness of a corresponding calculus. Therefore, we first formalize the notion of configuration traces as a model for dynamic architectures. Then, the behavior of single components is formalized in terms of behavior traces and an operator is introduced and studied to extract the behavior of a single component out of a given configuration trace. Then, behavior trace assertions are introduced as a temporal specification technique to specify behavior of components. Reasoning about component behavior in a dynamic context is formalized in terms of a calculus for dynamic architectures. Finally, the soundness of the calculus is verified by introducing an alternative interpretation for behavior trace assertions over configuration traces and proving the rules of the calculus. Since projection may lead to finite as well as infinite behavior traces, they are formalized in terms of coinductive lists. Thus, our theory is based on Lochbihler's formalization of coinductive lists. The theory may be applied to verify properties for dynamic architectures.",
"authors": [
"Diego Marmsoler"
],
"date": "2017-07-28",
- "id": 329,
+ "id": 334,
"link": "/entries/DynamicArchitectures.html",
"permalink": "/entries/DynamicArchitectures.html",
"shortname": "DynamicArchitectures",
"title": "Dynamic Architectures",
"topic_links": [
"computer-science/system-description-languages"
],
"topics": [
"Computer science/System description languages"
],
"used_by": 1
},
{
"abstract": "We present a semantics for an applied call-by-value lambda-calculus that is compositional, extensional, and elementary. We present four different views of the semantics: 1) as a relational (big-step) semantics that is not operational but instead declarative, 2) as a denotational semantics that does not use domain theory, 3) as a non-deterministic interpreter, and 4) as a variant of the intersection type systems of the Torino group. We prove that the semantics is correct by showing that it is sound and complete with respect to operational semantics on programs and that is sound with respect to contextual equivalence. We have not yet investigated whether it is fully abstract. We demonstrate that this approach to semantics is useful with three case studies. First, we use the semantics to prove correctness of a compiler optimization that inlines function application. Second, we adapt the semantics to the polymorphic lambda-calculus extended with general recursion and prove semantic type soundness. Third, we adapt the semantics to the call-by-value lambda-calculus with mutable references. \u003cbr\u003e The paper that accompanies these Isabelle theories is \u003ca href=\"https://arxiv.org/abs/1707.03762\"\u003eavailable on arXiv\u003c/a\u003e.",
"authors": [
"Jeremy Siek"
],
"date": "2017-07-21",
- "id": 330,
+ "id": 335,
"link": "/entries/Decl_Sem_Fun_PL.html",
"permalink": "/entries/Decl_Sem_Fun_PL.html",
"shortname": "Decl_Sem_Fun_PL",
"title": "Declarative Semantics for Functional Languages",
"topic_links": [
"computer-science/programming-languages"
],
"topics": [
"Computer science/Programming languages"
],
"used_by": 0
},
{
"abstract": "The Isabelle/HOLCF-Prelude is a formalization of a large part of Haskell's standard prelude in Isabelle/HOLCF. We use it to prove the correctness of the Eratosthenes' Sieve, in its self-referential implementation commonly used to showcase Haskell's laziness; prove correctness of GHC's \"fold/build\" rule and related rewrite rules; and certify a number of hints suggested by HLint.",
"authors": [
"Joachim Breitner",
"Brian Huffman",
"Neil Mitchell",
"Christian Sternagel"
],
"date": "2017-07-15",
- "id": 331,
+ "id": 336,
"link": "/entries/HOLCF-Prelude.html",
"permalink": "/entries/HOLCF-Prelude.html",
"shortname": "HOLCF-Prelude",
"title": "HOLCF-Prelude",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eMinkowski's theorem relates a subset of \u0026#8477;\u003csup\u003en\u003c/sup\u003e, the Lebesgue measure, and the integer lattice \u0026#8484;\u003csup\u003en\u003c/sup\u003e: It states that any convex subset of \u0026#8477;\u003csup\u003en\u003c/sup\u003e with volume greater than 2\u003csup\u003en\u003c/sup\u003e contains at least one lattice point from \u0026#8484;\u003csup\u003en\u003c/sup\u003e\\{0}, i.\u0026thinsp;e. a non-zero point with integer coefficients.\u003c/p\u003e \u003cp\u003eA related theorem which directly implies this is Blichfeldt's theorem, which states that any subset of \u0026#8477;\u003csup\u003en\u003c/sup\u003e with a volume greater than 1 contains two different points whose difference vector has integer components.\u003c/p\u003e \u003cp\u003eThe entry contains a proof of both theorems.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-07-13",
- "id": 332,
+ "id": 337,
"link": "/entries/Minkowskis_Theorem.html",
"permalink": "/entries/Minkowskis_Theorem.html",
"shortname": "Minkowskis_Theorem",
"title": "Minkowski's Theorem",
"topic_links": [
"mathematics/geometry",
"mathematics/number-theory"
],
"topics": [
"Mathematics/Geometry",
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "I formalise a Church-style simply-typed \\(\\lambda\\)-calculus, extended with pairs, a unit value, and projection functions, and show some metatheory of the calculus, such as the subject reduction property. Particular attention is paid to the treatment of names in the calculus. A nominal style of binding is used, but I use a manual approach over Nominal Isabelle in order to extract an executable type inference algorithm. More information can be found in my \u003ca href=\"http://www.openthesis.org/documents/Verified-Metatheory-Type-Inference-Simply-603182.html\"\u003eundergraduate dissertation\u003c/a\u003e.",
"authors": [
"Michael Rawson"
],
"date": "2017-07-09",
- "id": 333,
+ "id": 338,
"link": "/entries/Name_Carrying_Type_Inference.html",
"permalink": "/entries/Name_Carrying_Type_Inference.html",
"shortname": "Name_Carrying_Type_Inference",
"title": "Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus",
"topic_links": [
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Programming languages/Type systems"
],
"used_by": 0
},
{
"abstract": "In this work, we focus on the correctness of Conflict-free Replicated Data Types (CRDTs), a class of algorithm that provides strong eventual consistency guarantees for replicated data. We develop a modular and reusable framework for verifying the correctness of CRDT algorithms. We avoid correctness issues that have dogged previous mechanised proofs in this area by including a network model in our formalisation, and proving that our theorems hold in all possible network behaviours. Our axiomatic network model is a standard abstraction that accurately reflects the behaviour of real-world computer networks. Moreover, we identify an abstract convergence theorem, a property of order relations, which provides a formal definition of strong eventual consistency. We then obtain the first machine-checked correctness theorems for three concrete CRDTs: the Replicated Growable Array, the Observed-Remove Set, and an Increment-Decrement Counter.",
"authors": [
"Victor B. F. Gomes",
"Martin Kleppmann",
"Dominic P. Mulligan",
"Alastair R. Beresford"
],
"date": "2017-07-07",
- "id": 334,
+ "id": 339,
"link": "/entries/CRDT.html",
"permalink": "/entries/CRDT.html",
"shortname": "CRDT",
"title": "A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes",
"topic_links": [
"computer-science/algorithms/distributed",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms/Distributed",
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "We develop Stone-Kleene relation algebras, which expand Stone relation algebras with a Kleene star operation to describe reachability in weighted graphs. Many properties of the Kleene star arise as a special case of a more general theory of iteration based on Conway semirings extended by simulation axioms. This includes several theorems representing complex program transformations. We formally prove the correctness of Conway's automata-based construction of the Kleene star of a matrix. We prove numerous results useful for reasoning about weighted graphs.",
"authors": [
"Walter Guttmann"
],
"date": "2017-07-06",
- "id": 335,
+ "id": 340,
"link": "/entries/Stone_Kleene_Relation_Algebras.html",
"permalink": "/entries/Stone_Kleene_Relation_Algebras.html",
"shortname": "Stone_Kleene_Relation_Algebras",
"title": "Stone-Kleene Relation Algebras",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 4
},
{
"abstract": "We formalize a range of proof systems for classical propositional logic (sequent calculus, natural deduction, Hilbert systems, resolution) and prove the most important meta-theoretic results about semantics and proofs: compactness, soundness, completeness, translations between proof systems, cut-elimination, interpolation and model existence.",
"authors": [
"Julius Michaelis",
"Tobias Nipkow"
],
"date": "2017-06-21",
- "id": 336,
+ "id": 341,
"link": "/entries/Propositional_Proof_Systems.html",
"permalink": "/entries/Propositional_Proof_Systems.html",
"shortname": "Propositional_Proof_Systems",
"title": "Propositional Proof Systems",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 2
},
{
"abstract": "Partial Semigroups are relevant to the foundations of quantum mechanics and combinatorics as well as to interval and separation logics. Convolution algebras can be understood either as algebras of generalised binary modalities over ternary Kripke frames, in particular over partial semigroups, or as algebras of quantale-valued functions which are equipped with a convolution-style operation of multiplication that is parametrised by a ternary relation. Convolution algebras provide algebraic semantics for various substructural logics, including categorial, relevance and linear logics, for separation logic and for interval logics; they cover quantitative and qualitative applications. These mathematical components for partial semigroups and convolution algebras provide uniform foundations from which models of computation based on relations, program traces or pomsets, and verification components for separation or interval temporal logics can be built with little effort.",
"authors": [
"Brijesh Dongol",
"Victor B. F. Gomes",
"Ian J. Hayes",
"Georg Struth"
],
"date": "2017-06-13",
- "id": 337,
+ "id": 342,
"link": "/entries/PSemigroupsConvolution.html",
"permalink": "/entries/PSemigroupsConvolution.html",
"shortname": "PSemigroupsConvolution",
"title": "Partial Semigroups and Convolution Algebras",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "In the 18th century, Georges-Louis Leclerc, Comte de Buffon posed and later solved the following problem, which is often called the first problem ever solved in geometric probability: Given a floor divided into vertical strips of the same width, what is the probability that a needle thrown onto the floor randomly will cross two strips? This entry formally defines the problem in the case where the needle's position is chosen uniformly at random in a single strip around the origin (which is equivalent to larger arrangements due to symmetry). It then provides proofs of the simple solution in the case where the needle's length is no greater than the width of the strips and the more complicated solution in the opposite case.",
"authors": [
"Manuel Eberl"
],
"date": "2017-06-06",
- "id": 338,
+ "id": 343,
"link": "/entries/Buffons_Needle.html",
"permalink": "/entries/Buffons_Needle.html",
"shortname": "Buffons_Needle",
"title": "Buffon's Needle Problem",
"topic_links": [
"mathematics/probability-theory",
"mathematics/geometry"
],
"topics": [
"Mathematics/Probability theory",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "We present a formalization of flow networks and the Min-Cut-Max-Flow theorem. Our formal proof closely follows a standard textbook proof, and is accessible even without being an expert in Isabelle/HOL, the interactive theorem prover used for the formalization.",
"authors": [
"Peter Lammich",
"S. Reza Sefidgar"
],
"date": "2017-06-01",
- "id": 339,
+ "id": 344,
"link": "/entries/Flow_Networks.html",
"permalink": "/entries/Flow_Networks.html",
"shortname": "Flow_Networks",
"title": "Flow Networks and the Min-Cut-Max-Flow Theorem",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 2
},
{
"abstract": "We present a formalization of push-relabel algorithms for computing the maximum flow in a network. We start with Goldberg's et al.~generic push-relabel algorithm, for which we show correctness and the time complexity bound of O(V^2E). We then derive the relabel-to-front and FIFO implementation. Using stepwise refinement techniques, we derive an efficient verified implementation. Our formal proof of the abstract algorithms closely follows a standard textbook proof. It is accessible even without being an expert in Isabelle/HOL, the interactive theorem prover used for the formalization.",
"authors": [
"Peter Lammich",
"S. Reza Sefidgar"
],
"date": "2017-06-01",
- "id": 340,
+ "id": 345,
"link": "/entries/Prpu_Maxflow.html",
"permalink": "/entries/Prpu_Maxflow.html",
"shortname": "Prpu_Maxflow",
"title": "Formalizing Push-Relabel Algorithms",
"topic_links": [
"computer-science/algorithms/graph",
"mathematics/graph-theory"
],
"topics": [
"Computer science/Algorithms/Graph",
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "Lenses provide an abstract interface for manipulating data types through spatially-separated views. They are defined abstractly in terms of two functions, \u003cem\u003eget\u003c/em\u003e, the return a value from the source type, and \u003cem\u003eput\u003c/em\u003e that updates the value. We mechanise the underlying theory of lenses, in terms of an algebraic hierarchy of lenses, including well-behaved and very well-behaved lenses, each lens class being characterised by a set of lens laws. We also mechanise a lens algebra in Isabelle that enables their composition and comparison, so as to allow construction of complex lenses. This is accompanied by a large library of algebraic laws. Moreover we also show how the lens classes can be applied by instantiating them with a number of Isabelle data types.",
"authors": [
"Simon Foster",
"Frank Zeyda"
],
"date": "2017-05-25",
- "id": 341,
+ "id": 346,
"link": "/entries/Optics.html",
"permalink": "/entries/Optics.html",
"shortname": "Optics",
"title": "Optics",
"topic_links": [
"computer-science/functional-programming",
"mathematics/algebra"
],
"topics": [
"Computer science/Functional programming",
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "We propose a development method for security protocols based on stepwise refinement. Our refinement strategy transforms abstract security goals into protocols that are secure when operating over an insecure channel controlled by a Dolev-Yao-style intruder. As intermediate levels of abstraction, we employ messageless guard protocols and channel protocols communicating over channels with security properties. These abstractions provide insights on why protocols are secure and foster the development of families of protocols sharing common structure and properties. We have implemented our method in Isabelle/HOL and used it to develop different entity authentication and key establishment protocols, including realistic features such as key confirmation, replay caches, and encrypted tickets. Our development highlights that guard protocols and channel protocols provide fundamental abstractions for bridging the gap between security properties and standard protocol descriptions based on cryptographic messages. It also shows that our refinement approach scales to protocols of nontrivial size and complexity.",
"authors": [
"Christoph Sprenger",
"Ivano Somaini"
],
"date": "2017-05-24",
- "id": 342,
+ "id": 347,
"link": "/entries/Security_Protocol_Refinement.html",
"permalink": "/entries/Security_Protocol_Refinement.html",
"shortname": "Security_Protocol_Refinement",
"title": "Developing Security Protocols by Refinement",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "Isabelle's code generator natively supports type classes. For targets that do not have language support for classes and instances, it performs the well-known dictionary translation, as described by Haftmann and Nipkow. This translation happens outside the logic, i.e., there is no guarantee that it is correct, besides the pen-and-paper proof. This work implements a certified dictionary translation that produces new class-free constants and derives equality theorems.",
"authors": [
"Lars Hupel"
],
"date": "2017-05-24",
- "id": 343,
+ "id": 348,
"link": "/entries/Dict_Construction.html",
"permalink": "/entries/Dict_Construction.html",
"shortname": "Dict_Construction",
"title": "Dictionary Construction",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "The Floyd-Warshall algorithm [Flo62, Roy59, War62] is a classic dynamic programming algorithm to compute the length of all shortest paths between any two vertices in a graph (i.e. to solve the all-pairs shortest path problem, or APSP for short). Given a representation of the graph as a matrix of weights M, it computes another matrix M' which represents a graph with the same path lengths and contains the length of the shortest path between any two vertices i and j. This is only possible if the graph does not contain any negative cycles. However, in this case the Floyd-Warshall algorithm will detect the situation by calculating a negative diagonal entry. This entry includes a formalization of the algorithm and of these key properties. The algorithm is refined to an efficient imperative version using the Imperative Refinement Framework.",
"authors": [
"Simon Wimmer",
"Peter Lammich"
],
"date": "2017-05-08",
- "id": 344,
+ "id": 349,
"link": "/entries/Floyd_Warshall.html",
"permalink": "/entries/Floyd_Warshall.html",
"shortname": "Floyd_Warshall",
"title": "The Floyd-Warshall Algorithm for Shortest Paths",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eCryptHOL provides a framework for formalising cryptographic arguments in Isabelle/HOL. It shallowly embeds a probabilistic functional programming language in higher order logic. The language features monadic sequencing, recursion, random sampling, failures and failure handling, and black-box access to oracles. Oracles are probabilistic functions which maintain hidden state between different invocations. All operators are defined in the new semantic domain of generative probabilistic values, a codatatype. We derive proof rules for the operators and establish a connection with the theory of relational parametricity. Thus, the resuting proofs are trustworthy and comprehensible, and the framework is extensible and widely applicable. \u003c/p\u003e\u003cp\u003e The framework is used in the accompanying AFP entry \"Game-based Cryptography in HOL\". There, we show-case our framework by formalizing different game-based proofs from the literature. This formalisation continues the work described in the author's ESOP 2016 paper.\u003c/p\u003e",
"authors": [
"Andreas Lochbihler"
],
"date": "2017-05-05",
- "id": 345,
+ "id": 350,
"link": "/entries/CryptHOL.html",
"permalink": "/entries/CryptHOL.html",
"shortname": "CryptHOL",
"title": "CryptHOL",
"topic_links": [
"computer-science/security/cryptography",
"computer-science/functional-programming",
"mathematics/probability-theory"
],
"topics": [
"Computer science/Security/Cryptography",
"Computer science/Functional programming",
"Mathematics/Probability theory"
],
"used_by": 3
},
{
"abstract": "The notion of a monad cannot be expressed within higher-order logic (HOL) due to type system restrictions. We show that if a monad is used with values of only one type, this notion can be formalised in HOL. Based on this idea, we develop a library of effect specifications and implementations of monads and monad transformers. Hence, we can abstract over the concrete monad in HOL definitions and thus use the same definition for different (combinations of) effects. We illustrate the usefulness of effect polymorphism with a monadic interpreter for a simple language.",
"authors": [
"Andreas Lochbihler"
],
"date": "2017-05-05",
- "id": 346,
+ "id": 351,
"link": "/entries/Monomorphic_Monad.html",
"permalink": "/entries/Monomorphic_Monad.html",
"shortname": "Monomorphic_Monad",
"title": "Effect polymorphism in higher-order logic",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eIn this AFP entry, we show how to specify game-based cryptographic security notions and formally prove secure several cryptographic constructions from the literature using the CryptHOL framework. Among others, we formalise the notions of a random oracle, a pseudo-random function, an unpredictable function, and of encryption schemes that are indistinguishable under chosen plaintext and/or ciphertext attacks. We prove the random-permutation/random-function switching lemma, security of the Elgamal and hashed Elgamal public-key encryption scheme and correctness and security of several constructions with pseudo-random functions. \u003c/p\u003e\u003cp\u003eOur proofs follow the game-hopping style advocated by Shoup and Bellare and Rogaway, from which most of the examples have been taken. We generalise some of their results such that they can be reused in other proofs. Thanks to CryptHOL's integration with Isabelle's parametricity infrastructure, many simple hops are easily justified using the theory of representation independence.\u003c/p\u003e",
"authors": [
"Andreas Lochbihler",
"S. Reza Sefidgar",
"Bhargav Bhatt"
],
"date": "2017-05-05",
- "id": 347,
+ "id": 352,
"link": "/entries/Game_Based_Crypto.html",
"permalink": "/entries/Game_Based_Crypto.html",
"shortname": "Game_Based_Crypto",
"title": "Game-based cryptography in HOL",
"topic_links": [
"computer-science/security/cryptography"
],
"topics": [
"Computer science/Security/Cryptography"
],
"used_by": 2
},
{
"abstract": "The usual monad laws can directly be used as rewrite rules for Isabelle’s simplifier to normalise monadic HOL terms and decide equivalences. In a commutative monad, however, the commutativity law is a higher-order permutative rewrite rule that makes the simplifier loop. This AFP entry implements a simproc that normalises monadic expressions in commutative monads using ordered rewriting. The simproc can also permute computations across control operators like if and case.",
"authors": [
"Joshua Schneider",
"Manuel Eberl",
"Andreas Lochbihler"
],
"date": "2017-05-05",
- "id": 348,
+ "id": 353,
"link": "/entries/Monad_Normalisation.html",
"permalink": "/entries/Monad_Normalisation.html",
"shortname": "Monad_Normalisation",
"title": "Monad normalisation",
"topic_links": [
"tools",
"computer-science/functional-programming",
"logic/rewriting"
],
"topics": [
"Tools",
"Computer science/Functional programming",
"Logic/Rewriting"
],
"used_by": 3
},
{
"abstract": "This AFP entry defines a probabilistic while operator based on sub-probability mass functions and formalises zero-one laws and variant rules for probabilistic loop termination. As applications, we implement probabilistic algorithms for the Bernoulli, geometric and arbitrary uniform distributions that only use fair coin flips, and prove them correct and terminating with probability 1.",
"authors": [
"Andreas Lochbihler"
],
"date": "2017-05-05",
- "id": 349,
+ "id": 354,
"link": "/entries/Probabilistic_While.html",
"permalink": "/entries/Probabilistic_While.html",
"shortname": "Probabilistic_While",
"title": "Probabilistic while loop",
"topic_links": [
"computer-science/functional-programming",
"mathematics/probability-theory",
"computer-science/algorithms"
],
"topics": [
"Computer science/Functional programming",
"Mathematics/Probability theory",
"Computer science/Algorithms"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e Building on the formalization of basic category theory set out in the author's previous AFP article, the present article formalizes some basic aspects of the theory of monoidal categories. Among the notions defined here are monoidal category, monoidal functor, and equivalence of monoidal categories. The main theorems formalized are MacLane's coherence theorem and the constructions of the free monoidal category and free strict monoidal category generated by a given category. The coherence theorem is proved syntactically, using a structurally recursive approach to reduction of terms that might have some novel aspects. We also give proofs of some results given by Etingof et al, which may prove useful in a formal setting. In particular, we show that the left and right unitors need not be taken as given data in the definition of monoidal category, nor does the definition of monoidal functor need to take as given a specific isomorphism expressing the preservation of the unit object. Our definitions of monoidal category and monoidal functor are stated so as to take advantage of the economy afforded by these facts. \u003c/p\u003e\u003cp\u003e Revisions made subsequent to the first version of this article added material on cartesian monoidal categories; showing that the underlying category of a cartesian monoidal category is a cartesian category, and that every cartesian category extends to a cartesian monoidal category. \u003c/p\u003e",
"authors": [
"Eugene W. Stark"
],
"date": "2017-05-04",
- "id": 350,
+ "id": 355,
"link": "/entries/MonoidalCategory.html",
"permalink": "/entries/MonoidalCategory.html",
"shortname": "MonoidalCategory",
"title": "Monoidal Categories",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 1
},
{
"abstract": "A computer-formalisation of the essential parts of Fitting's textbook \"Types, Tableaus and Gödel's God\" in Isabelle/HOL is presented. In particular, Fitting's (and Anderson's) variant of the ontological argument is verified and confirmed. This variant avoids the modal collapse, which has been criticised as an undesirable side-effect of Kurt Gödel's (and Dana Scott's) versions of the ontological argument. Fitting's work is employing an intensional higher-order modal logic, which we shallowly embed here in classical higher-order logic. We then utilize the embedded logic for the formalisation of Fitting's argument. (See also the earlier AFP entry ``Gödel's God in Isabelle/HOL''.)",
"authors": [
"David Fuenmayor",
"Christoph Benzmüller"
],
"date": "2017-05-01",
- "id": 351,
+ "id": 356,
"link": "/entries/Types_Tableaus_and_Goedels_God.html",
"permalink": "/entries/Types_Tableaus_and_Goedels_God.html",
"shortname": "Types_Tableaus_and_Goedels_God",
"title": "Types, Tableaus and Gödel’s God in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "This formalisation accompanies the paper \u003ca href=\"https://arxiv.org/abs/1702.03277\"\u003eLocal Lexing\u003c/a\u003e which introduces a novel parsing concept of the same name. The paper also gives a high-level algorithm for local lexing as an extension of Earley's algorithm. This formalisation proves the algorithm to be correct with respect to its local lexing semantics. As a special case, this formalisation thus also contains a proof of the correctness of Earley's algorithm. The paper contains a short outline of how this formalisation is organised.",
"authors": [
"Steven Obua"
],
"date": "2017-04-28",
- "id": 352,
+ "id": 357,
"link": "/entries/LocalLexing.html",
"permalink": "/entries/LocalLexing.html",
"shortname": "LocalLexing",
"title": "Local Lexing",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "Isabelle's code generator performs various adaptations for target languages. Among others, constructor applications have to be fully saturated. That means that for constructor calls occuring as arguments to higher-order functions, synthetic lambdas have to be inserted. This entry provides tooling to avoid this construction altogether by introducing constructor functions.",
"authors": [
"Lars Hupel"
],
"date": "2017-04-19",
- "id": 353,
+ "id": 358,
"link": "/entries/Constructor_Funs.html",
"permalink": "/entries/Constructor_Funs.html",
"shortname": "Constructor_Funs",
"title": "Constructor Functions",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "Isabelle's code generator performs various adaptations for target languages. Among others, case statements are printed as match expressions. Internally, this is a sophisticated procedure, because in HOL, case statements are represented as nested calls to the case combinators as generated by the datatype package. Furthermore, the procedure relies on laziness of match expressions in the target language, i.e., that branches guarded by patterns that fail to match are not evaluated. Similarly, \u003ctt\u003eif-then-else\u003c/tt\u003e is printed to the corresponding construct in the target language. This entry provides tooling to replace these special cases in the code generator by ignoring these target language features, instead printing case expressions and \u003ctt\u003eif-then-else\u003c/tt\u003e as functions.",
"authors": [
"Lars Hupel"
],
"date": "2017-04-18",
- "id": 354,
+ "id": 359,
"link": "/entries/Lazy_Case.html",
"permalink": "/entries/Lazy_Case.html",
"shortname": "Lazy_Case",
"title": "Lazifying case constants",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "We formalize the theory of subresultants and the subresultant polynomial remainder sequence as described by Brown and Traub. As a result, we obtain efficient certified algorithms for computing the resultant and the greatest common divisor of polynomials.",
"authors": [
"Sebastiaan J. C. Joosten",
"René Thiemann",
"Akihisa Yamada"
],
"date": "2017-04-06",
- "id": 355,
+ "id": 360,
"link": "/entries/Subresultants.html",
"permalink": "/entries/Subresultants.html",
"shortname": "Subresultants",
"title": "Subresultants",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis entry contains proofs for the textbook results about the distributions of the height and internal path length of random binary search trees (BSTs), i.\u0026thinsp;e. BSTs that are formed by taking an empty BST and inserting elements from a fixed set in random order.\u003c/p\u003e \u003cp\u003eIn particular, we prove a logarithmic upper bound on the expected height and the \u003cem\u003eΘ(n log n)\u003c/em\u003e closed-form solution for the expected internal path length in terms of the harmonic numbers. We also show how the internal path length relates to the average-case cost of a lookup in a BST.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-04-04",
- "id": 356,
+ "id": 361,
"link": "/entries/Random_BSTs.html",
"permalink": "/entries/Random_BSTs.html",
"shortname": "Random_BSTs",
"title": "Expected Shape of Random Binary Search Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThis article contains a formal proof of the well-known fact that number of comparisons that a comparison-based sorting algorithm needs to perform to sort a list of length \u003cem\u003en\u003c/em\u003e is at least \u003cem\u003elog\u003csub\u003e2\u003c/sub\u003e\u0026nbsp;(n!)\u003c/em\u003e in the worst case, i.\u0026thinsp;e.\u0026nbsp;\u003cem\u003eΩ(n log n)\u003c/em\u003e.\u003c/p\u003e \u003cp\u003eFor this purpose, a shallow embedding for comparison-based sorting algorithms is defined: a sorting algorithm is a recursive datatype containing either a HOL function or a query of a comparison oracle with a continuation containing the remaining computation. This makes it possible to force the algorithm to use only comparisons and to track the number of comparisons made.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-03-15",
- "id": 357,
+ "id": 362,
"link": "/entries/Comparison_Sort_Lower_Bound.html",
"permalink": "/entries/Comparison_Sort_Lower_Bound.html",
"shortname": "Comparison_Sort_Lower_Bound",
"title": "Lower bound on comparison-based sorting algorithms",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eWe give a formal proof of the well-known results about the number of comparisons performed by two variants of QuickSort: first, the expected number of comparisons of randomised QuickSort (i.\u0026thinsp;e.\u0026nbsp;QuickSort with random pivot choice) is \u003cem\u003e2\u0026thinsp;(n+1)\u0026thinsp;H\u003csub\u003en\u003c/sub\u003e - 4\u0026thinsp;n\u003c/em\u003e, which is asymptotically equivalent to \u003cem\u003e2\u0026thinsp;n ln n\u003c/em\u003e; second, the number of comparisons performed by the classic non-randomised QuickSort has the same distribution in the average case as the randomised one.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-03-15",
- "id": 358,
+ "id": 363,
"link": "/entries/Quick_Sort_Cost.html",
"permalink": "/entries/Quick_Sort_Cost.html",
"shortname": "Quick_Sort_Cost",
"title": "The number of comparisons in QuickSort",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThe Euler-MacLaurin formula relates the value of a discrete sum to that of the corresponding integral in terms of the derivatives at the borders of the summation and a remainder term. Since the remainder term is often very small as the summation bounds grow, this can be used to compute asymptotic expansions for sums.\u003c/p\u003e \u003cp\u003eThis entry contains a proof of this formula for functions from the reals to an arbitrary Banach space. Two variants of the formula are given: the standard textbook version and a variant outlined in \u003cem\u003eConcrete Mathematics\u003c/em\u003e that is more useful for deriving asymptotic estimates.\u003c/p\u003e \u003cp\u003eAs example applications, we use that formula to derive the full asymptotic expansion of the harmonic numbers and the sum of inverse squares.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-03-10",
- "id": 359,
+ "id": 364,
"link": "/entries/Euler_MacLaurin.html",
"permalink": "/entries/Euler_MacLaurin.html",
"shortname": "Euler_MacLaurin",
"title": "The Euler–MacLaurin Formula",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 2
},
{
"abstract": "We prove the group law for elliptic curves in Weierstrass form over fields of characteristic greater than 2. In addition to affine coordinates, we also formalize projective coordinates, which allow for more efficient computations. By specializing the abstract formalization to prime fields, we can apply the curve operations to parameters used in standard security protocols.",
"authors": [
"Stefan Berghofer"
],
"date": "2017-02-28",
- "id": 360,
+ "id": 365,
"link": "/entries/Elliptic_Curves_Group_Law.html",
"permalink": "/entries/Elliptic_Curves_Group_Law.html",
"shortname": "Elliptic_Curves_Group_Law",
"title": "The Group Law for Elliptic Curves",
"topic_links": [
"computer-science/security/cryptography"
],
"topics": [
"Computer science/Security/Cryptography"
],
"used_by": 0
},
{
"abstract": "We present a formalization of Menger's Theorem for directed and undirected graphs in Isabelle/HOL. This well-known result shows that if two non-adjacent distinct vertices u, v in a directed graph have no separator smaller than n, then there exist n internally vertex-disjoint paths from u to v. The version for undirected graphs follows immediately because undirected graphs are a special case of directed graphs.",
"authors": [
"Christoph Dittmann"
],
"date": "2017-02-26",
- "id": 361,
+ "id": 366,
"link": "/entries/Menger.html",
"permalink": "/entries/Menger.html",
"shortname": "Menger",
"title": "Menger's Theorem",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "We formalize differential dynamic logic, a logic for proving properties of hybrid systems. The proof calculus in this formalization is based on the uniform substitution principle. We show it is sound with respect to our denotational semantics, which provides increased confidence in the correctness of the KeYmaera X theorem prover based on this calculus. As an application, we include a proof term checker embedded in Isabelle/HOL with several example proofs. Published in: Rose Bohrer, Vincent Rahli, Ivana Vukotic, Marcus Völp, André Platzer: Formally verified differential dynamic logic. CPP 2017.",
"authors": [
"Rose Bohrer"
],
"date": "2017-02-13",
- "id": 362,
+ "id": 367,
"link": "/entries/Differential_Dynamic_Logic.html",
"permalink": "/entries/Differential_Dynamic_Logic.html",
"shortname": "Differential_Dynamic_Logic",
"title": "Differential Dynamic Logic",
"topic_links": [
"logic/general-logic/modal-logic",
"computer-science/programming-languages/logics"
],
"topics": [
"Logic/General logic/Modal logic",
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "A formalized coinductive account of the abstract development of Brotherston, Gorogiannis, and Petersen [APLAS 2012], in a slightly more general form since we work with arbitrary infinite proofs, which may be acyclic. This work is described in detail in an article by the authors, published in 2017 in the \u003cem\u003eJournal of Automated Reasoning\u003c/em\u003e. The abstract proof can be instantiated for various formalisms, including first-order logic with inductive predicates.",
"authors": [
"Jasmin Christian Blanchette",
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2017-02-10",
- "id": 363,
+ "id": 368,
"link": "/entries/Abstract_Soundness.html",
"permalink": "/entries/Abstract_Soundness.html",
"shortname": "Abstract_Soundness",
"title": "Abstract Soundness",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 2
},
{
"abstract": "We develop Stone relation algebras, which generalise relation algebras by replacing the underlying Boolean algebra structure with a Stone algebra. We show that finite matrices over extended real numbers form an instance. As a consequence, relation-algebraic concepts and methods can be used for reasoning about weighted graphs. We also develop a fixpoint calculus and apply it to compare different definitions of reflexive-transitive closures in semirings.",
"authors": [
"Walter Guttmann"
],
"date": "2017-02-07",
- "id": 364,
+ "id": 369,
"link": "/entries/Stone_Relation_Algebras.html",
"permalink": "/entries/Stone_Relation_Algebras.html",
"shortname": "Stone_Relation_Algebras",
"title": "Stone Relation Algebras",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "We develop a family of key agreement protocols that are correct by construction. Our work substantially extends prior work on developing security protocols by refinement. First, we strengthen the adversary by allowing him to compromise different resources of protocol participants, such as their long-term keys or their session keys. This enables the systematic development of protocols that ensure strong properties such as perfect forward secrecy. Second, we broaden the class of protocols supported to include those with non-atomic keys and equationally defined cryptographic operators. We use these extensions to develop key agreement protocols including signed Diffie-Hellman and the core of IKEv1 and SKEME.",
"authors": [
"Joseph Lallemand",
"Christoph Sprenger"
],
"date": "2017-01-31",
- "id": 365,
+ "id": 370,
"link": "/entries/Key_Agreement_Strong_Adversaries.html",
"permalink": "/entries/Key_Agreement_Strong_Adversaries.html",
"shortname": "Key_Agreement_Strong_Adversaries",
"title": "Refining Authenticated Key Agreement with Strong Adversaries",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eBernoulli numbers were first discovered in the closed-form expansion of the sum 1\u003csup\u003em\u003c/sup\u003e + 2\u003csup\u003em\u003c/sup\u003e + \u0026hellip; + n\u003csup\u003em\u003c/sup\u003e for a fixed m and appear in many other places. This entry provides three different definitions for them: a recursive one, an explicit one, and one through their exponential generating function.\u003c/p\u003e \u003cp\u003eIn addition, we prove some basic facts, e.g. their relation to sums of powers of integers and that all odd Bernoulli numbers except the first are zero, and some advanced facts like their relationship to the Riemann zeta function on positive even integers.\u003c/p\u003e \u003cp\u003eWe also prove the correctness of the Akiyama\u0026ndash;Tanigawa algorithm for computing Bernoulli numbers with reasonable efficiency, and we define the periodic Bernoulli polynomials (which appear e.g. in the Euler\u0026ndash;MacLaurin summation formula and the expansion of the log-Gamma function) and prove their basic properties.\u003c/p\u003e",
"authors": [
"Lukas Bulwahn",
"Manuel Eberl"
],
"date": "2017-01-24",
- "id": 366,
+ "id": 371,
"link": "/entries/Bernoulli.html",
"permalink": "/entries/Bernoulli.html",
"shortname": "Bernoulli",
"title": "Bernoulli Numbers",
"topic_links": [
"mathematics/analysis",
"mathematics/number-theory"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Number theory"
],
"used_by": 5
},
{
"abstract": "\u003cp\u003eBertrand's postulate is an early result on the distribution of prime numbers: For every positive integer n, there exists a prime number that lies strictly between n and 2n. The proof is ported from John Harrison's formalisation in HOL Light. It proceeds by first showing that the property is true for all n greater than or equal to 600 and then showing that it also holds for all n below 600 by case distinction. \u003c/p\u003e",
"authors": [
"Julian Biendarra",
"Manuel Eberl"
],
"date": "2017-01-17",
- "id": 367,
+ "id": 372,
"link": "/entries/Bertrands_Postulate.html",
"permalink": "/entries/Bertrands_Postulate.html",
"shortname": "Bertrands_Postulate",
"title": "Bertrand's postulate",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThis formalization is an extension to \u003ca href=\"https://www.isa-afp.org/entries/Formal_SSA.html\"\u003e\"Verified Construction of Static Single Assignment Form\"\u003c/a\u003e. In their work, the authors have shown that \u003ca href=\"https://doi.org/10.1007/978-3-642-37051-9_6\"\u003eBraun et al.'s static single assignment (SSA) construction algorithm\u003c/a\u003e produces minimal SSA form for input programs with a reducible control flow graph (CFG). However Braun et al. also proposed an extension to their algorithm that they claim produces minimal SSA form even for irreducible CFGs.\u003cbr\u003e In this formalization we support that claim by giving a mechanized proof. \u003c/p\u003e \u003cp\u003eAs the extension of Braun et al.'s algorithm aims for removing so-called redundant strongly connected components of phi functions, we show that this suffices to guarantee minimality according to \u003ca href=\"https://doi.org/10.1145/115372.115320\"\u003eCytron et al.\u003c/a\u003e.\u003c/p\u003e",
"authors": [
"Max Wagner",
"Denis Lohner"
],
"date": "2017-01-17",
- "id": 368,
+ "id": 373,
"link": "/entries/Minimal_SSA.html",
"permalink": "/entries/Minimal_SSA.html",
"shortname": "Minimal_SSA",
"title": "Minimal Static Single Assignment Form",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis work contains a proof that Euler's number e is transcendental. The proof follows the standard approach of assuming that e is algebraic and then using a specific integer polynomial to derive two inconsistent bounds, leading to a contradiction.\u003c/p\u003e \u003cp\u003eThis kind of approach can be found in many different sources; this formalisation mostly follows a \u003ca href=\"http://planetmath.org/proofoflindemannweierstrasstheoremandthateandpiaretranscendental\"\u003ePlanetMath article\u003c/a\u003e by Roger Lipsett.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-01-12",
- "id": 369,
+ "id": 374,
"link": "/entries/E_Transcendental.html",
"permalink": "/entries/E_Transcendental.html",
"shortname": "E_Transcendental",
"title": "The Transcendence of e",
"topic_links": [
"mathematics/analysis",
"mathematics/number-theory"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Number theory"
],
"used_by": 2
},
{
"abstract": "We present a formal model of network protocols and their application to modeling firewall policies. The formalization is based on the Unified Policy Framework (UPF). The formalization was originally developed with for generating test cases for testing the security configuration actual firewall and router (middle-boxes) using HOL-TestGen. Our work focuses on modeling application level protocols on top of tcp/ip.",
"authors": [
"Achim D. Brucker",
"Lukas Brügger",
"Burkhart Wolff"
],
"date": "2017-01-08",
- "id": 370,
+ "id": 375,
"link": "/entries/UPF_Firewall.html",
"permalink": "/entries/UPF_Firewall.html",
"shortname": "UPF_Firewall",
"title": "Formal Network Models and Their Application to Firewall Policies",
"topic_links": [
"computer-science/security",
"computer-science/networks"
],
"topics": [
"Computer science/Security",
"Computer science/Networks"
],
"used_by": 0
},
{
"abstract": "This paper constructs a formal model of a Diffie-Hellman password-based authentication protocol between a user and a smart card, and proves its security. The protocol provides for the dispatch of the user's password to the smart card on a secure messaging channel established by means of Password Authenticated Connection Establishment (PACE), where the mapping method being used is Chip Authentication Mapping. By applying and suitably extending Paulson's Inductive Method, this paper proves that the protocol establishes trustworthy secure messaging channels, preserves the secrecy of users' passwords, and provides an effective mutual authentication service. What is more, these security properties turn out to hold independently of the secrecy of the PACE authentication key.",
"authors": [
"Pasquale Noce"
],
"date": "2017-01-03",
- "id": 371,
+ "id": 376,
"link": "/entries/Password_Authentication_Protocol.html",
"permalink": "/entries/Password_Authentication_Protocol.html",
"shortname": "Password_Authentication_Protocol",
"title": "Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eWe present a certified declarative first-order prover with equality based on John Harrison's Handbook of Practical Logic and Automated Reasoning, Cambridge University Press, 2009. ML code reflection is used such that the entire prover can be executed within Isabelle as a very simple interactive proof assistant. As examples we consider Pelletier's problems 1-46.\u003c/p\u003e \u003cp\u003eReference: Programming and Verifying a Declarative First-Order Prover in Isabelle/HOL. Alexander Birch Jensen, John Bruntse Larsen, Anders Schlichtkrull \u0026 Jørgen Villadsen. AI Communications 31:281-299 2018. \u003ca href=\"https://content.iospress.com/articles/ai-communications/aic764\"\u003e https://content.iospress.com/articles/ai-communications/aic764\u003c/a\u003e\u003c/p\u003e \u003cp\u003eSee also: Students' Proof Assistant (SPA). \u003ca href=https://github.com/logic-tools/spa\u003e https://github.com/logic-tools/spa\u003c/a\u003e\u003c/p\u003e",
"authors": [
"Alexander Birch Jensen",
"Anders Schlichtkrull",
"Jørgen Villadsen"
],
"date": "2017-01-01",
- "id": 372,
+ "id": 377,
"link": "/entries/FOL_Harrison.html",
"permalink": "/entries/FOL_Harrison.html",
"shortname": "FOL_Harrison",
"title": "First-Order Logic According to Harrison",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "The concurrent refinement algebra developed here is designed to provide a foundation for rely/guarantee reasoning about concurrent programs. The algebra builds on a complete lattice of commands by providing sequential composition, parallel composition and a novel weak conjunction operator. The weak conjunction operator coincides with the lattice supremum providing its arguments are non-aborting, but aborts if either of its arguments do. Weak conjunction provides an abstract version of a guarantee condition as a guarantee process. We distinguish between models that distribute sequential composition over non-deterministic choice from the left (referred to as being conjunctive in the refinement calculus literature) and those that don't. Least and greatest fixed points of monotone functions are provided to allow recursion and iteration operators to be added to the language. Additional iteration laws are available for conjunctive models. The rely quotient of processes \u003ci\u003ec\u003c/i\u003e and \u003ci\u003ei\u003c/i\u003e is the process that, if executed in parallel with \u003ci\u003ei\u003c/i\u003e implements \u003ci\u003ec\u003c/i\u003e. It represents an abstract version of a rely condition generalised to a process.",
"authors": [
"Julian Fell",
"Ian J. Hayes",
"Andrius Velykis"
],
"date": "2016-12-30",
- "id": 373,
+ "id": 378,
"link": "/entries/Concurrent_Ref_Alg.html",
"permalink": "/entries/Concurrent_Ref_Alg.html",
"shortname": "Concurrent_Ref_Alg",
"title": "Concurrent Refinement Algebra and Rely Quotients",
"topic_links": [
"computer-science/concurrency"
],
"topics": [
"Computer science/Concurrency"
],
"used_by": 0
},
{
"abstract": "This entry provides all cardinality theorems of the Twelvefold Way. The Twelvefold Way systematically classifies twelve related combinatorial problems concerning two finite sets, which include counting permutations, combinations, multisets, set partitions and number partitions. This development builds upon the existing formal developments with cardinality theorems for those structures. It provides twelve bijections from the various structures to different equivalence classes on finite functions, and hence, proves cardinality formulae for these equivalence classes on finite functions.",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-12-29",
- "id": 374,
+ "id": 379,
"link": "/entries/Twelvefold_Way.html",
"permalink": "/entries/Twelvefold_Way.html",
"shortname": "Twelvefold_Way",
"title": "The Twelvefold Way",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "Isabelle includes various automatic tools for finding proofs under certain conditions. However, for each conjecture, knowing which automation to use, and how to tweak its parameters, is currently labour intensive. We have developed a language, PSL, designed to capture high level proof strategies. PSL offloads the construction of human-readable fast-to-replay proof scripts to automatic search, making use of search-time information about each conjecture. Our preliminary evaluations show that PSL reduces the labour cost of interactive theorem proving. This submission contains the implementation of PSL and an example theory file, Example.thy, showing how to write poof strategies in PSL.",
"authors": [
"Yutaka Nagashima"
],
"date": "2016-12-20",
- "id": 375,
+ "id": 380,
"link": "/entries/Proof_Strategy_Language.html",
"permalink": "/entries/Proof_Strategy_Language.html",
"shortname": "Proof_Strategy_Language",
"title": "Proof Strategy Language",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 0
},
{
"abstract": "Paraconsistency is about handling inconsistency in a coherent way. In classical and intuitionistic logic everything follows from an inconsistent theory. A paraconsistent logic avoids the explosion. Quite a few applications in computer science and engineering are discussed in the Intelligent Systems Reference Library Volume 110: Towards Paraconsistent Engineering (Springer 2016). We formalize a paraconsistent many-valued logic that we motivated and described in a special issue on logical approaches to paraconsistency (Journal of Applied Non-Classical Logics 2005). We limit ourselves to the propositional fragment of the higher-order logic. The logic is based on so-called key equalities and has a countably infinite number of truth values. We prove theorems in the logic using the definition of validity. We verify truth tables and also counterexamples for non-theorems. We prove meta-theorems about the logic and finally we investigate a case study.",
"authors": [
"Anders Schlichtkrull",
"Jørgen Villadsen"
],
"date": "2016-12-07",
- "id": 376,
+ "id": 381,
"link": "/entries/Paraconsistency.html",
"permalink": "/entries/Paraconsistency.html",
"shortname": "Paraconsistency",
"title": "Paraconsistency",
"topic_links": [
"logic/general-logic/paraconsistent-logics"
],
"topics": [
"Logic/General logic/Paraconsistent logics"
],
"used_by": 0
},
{
"abstract": "We propose a concurrency reasoning framework for imperative programs, based on the Owicki-Gries (OG) foundational shared-variable concurrency method. Our framework combines the approaches of Hoare-Parallel, a formalisation of OG in Isabelle/HOL for a simple while-language, and Simpl, a generic imperative language embedded in Isabelle/HOL, allowing formal reasoning on C programs. We define the Complx language, extending the syntax and semantics of Simpl with support for parallel composition and synchronisation. We additionally define an OG logic, which we prove sound w.r.t. the semantics, and a verification condition generator, both supporting involved low-level imperative constructs such as function calls and abrupt termination. We illustrate our framework on an example that features exceptions, guards and function calls. We aim to then target concurrent operating systems, such as the interruptible eChronos embedded operating system for which we already have a model-level OG proof using Hoare-Parallel.",
"authors": [
"Sidney Amani",
"June Andronick",
"Maksym Bortin",
"Corey Lewis",
"Christine Rizkallah",
"Joseph Tuong"
],
"date": "2016-11-29",
- "id": 377,
+ "id": 382,
"link": "/entries/Complx.html",
"permalink": "/entries/Complx.html",
"shortname": "Complx",
"title": "COMPLX: A Verification Framework for Concurrent Imperative Programs",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "This is the Isabelle formalization of the material decribed in the eponymous \u003ca href=\"https://doi.org/10.1007/978-3-642-32347-8_9\"\u003eITP 2012 paper\u003c/a\u003e. It develops a generic abstract interpreter for a while-language, including widening and narrowing. The collecting semantics and the abstract interpreter operate on annotated commands: the program is represented as a syntax tree with the semantic information directly embedded, without auxiliary labels. The aim of the formalization is simplicity, not efficiency or precision. This is motivated by the inclusion of the material in a theorem prover based course on semantics. A similar (but more polished) development is covered in the book \u003ca href=\"https://doi.org/10.1007/978-3-319-10542-0\"\u003eConcrete Semantics\u003c/a\u003e.",
"authors": [
"Tobias Nipkow"
],
"date": "2016-11-23",
- "id": 378,
+ "id": 383,
"link": "/entries/Abs_Int_ITP2012.html",
"permalink": "/entries/Abs_Int_ITP2012.html",
"shortname": "Abs_Int_ITP2012",
"title": "Abstract Interpretation of Annotated Commands",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 0
},
{
"abstract": "We bring the labelled sequent calculus $LS_{PASL}$ for propositional abstract separation logic to Isabelle. The tactics given here are directly applied on an extension of the Separation Algebra in the AFP. In addition to the cancellative separation algebra, we further consider some useful properties in the heap model of separation logic, such as indivisible unit, disjointness, and cross-split. The tactics are essentially a proof search procedure for the calculus $LS_{PASL}$. We wrap the tactics in an Isabelle method called separata, and give a few examples of separation logic formulae which are provable by separata.",
"authors": [
"Zhe Hou",
"David Sanan",
"Alwen Tiu",
"Rajeev Gore",
"Ranald Clouston"
],
"date": "2016-11-16",
- "id": 379,
+ "id": 384,
"link": "/entries/Separata.html",
"permalink": "/entries/Separata.html",
"shortname": "Separata",
"title": "Separata: Isabelle tactics for Separation Algebra",
"topic_links": [
"computer-science/programming-languages/logics",
"tools"
],
"topics": [
"Computer science/Programming languages/Logics",
"Tools"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization defines Knuth–Bendix orders for higher-order terms without lambda-abstraction and proves many useful properties about them. The main order fully coincides with the standard transfinite KBO with subterm coefficients on first-order terms. It appears promising as the basis of a higher-order superposition calculus.",
"authors": [
"Heiko Becker",
"Jasmin Christian Blanchette",
"Uwe Waldmann",
"Daniel Wand"
],
"date": "2016-11-12",
- "id": 380,
+ "id": 385,
"link": "/entries/Lambda_Free_KBOs.html",
"permalink": "/entries/Lambda_Free_KBOs.html",
"shortname": "Lambda_Free_KBOs",
"title": "Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization introduces a nested multiset datatype and defines Dershowitz and Manna's nested multiset order. The order is proved well founded and linear. By removing one constructor, we transform the nested multisets into hereditary multisets. These are isomorphic to the syntactic ordinals—the ordinals can be recursively expressed in Cantor normal form. Addition, subtraction, multiplication, and linear orders are provided on this type.",
"authors": [
"Jasmin Christian Blanchette",
"Mathias Fleury",
"Dmitriy Traytel"
],
"date": "2016-11-12",
- "id": 381,
+ "id": 386,
"link": "/entries/Nested_Multisets_Ordinals.html",
"permalink": "/entries/Nested_Multisets_Ordinals.html",
"shortname": "Nested_Multisets_Ordinals",
"title": "Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 7
},
{
"abstract": "Deep learning has had a profound impact on computer science in recent years, with applications to search engines, image recognition and language processing, bioinformatics, and more. Recently, Cohen et al. provided theoretical evidence for the superiority of deep learning over shallow learning. This formalization of their work simplifies and generalizes the original proof, while working around the limitations of the Isabelle type system. To support the formalization, I developed reusable libraries of formalized mathematics, including results about the matrix rank, the Lebesgue measure, and multivariate polynomials, as well as a library for tensor analysis.",
"authors": [
"Alexander Bentkamp"
],
"date": "2016-11-10",
- "id": 382,
+ "id": 387,
"link": "/entries/Deep_Learning.html",
"permalink": "/entries/Deep_Learning.html",
"shortname": "Deep_Learning",
"title": "Expressiveness of Deep Learning",
"topic_links": [
"computer-science/machine-learning",
"mathematics/analysis"
],
"topics": [
"Computer science/Machine learning",
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "We formalize a uniform semantic substrate for a wide variety of process calculi where states and action labels can be from arbitrary nominal sets. A Hennessy-Milner logic for these systems is defined, and proved adequate for bisimulation equivalence. A main novelty is the construction of an infinitary nominal data type to model formulas with (finitely supported) infinite conjunctions and actions that may contain binding names. The logic is generalized to treat different bisimulation variants such as early, late and open in a systematic way.",
"authors": [
"Tjark Weber",
"Lars-Henrik Eriksson",
"Joachim Parrow",
"Johannes Borgström",
"Ramunas Gutkovas"
],
"date": "2016-10-25",
- "id": 383,
+ "id": 388,
"link": "/entries/Modal_Logics_for_NTS.html",
"permalink": "/entries/Modal_Logics_for_NTS.html",
"shortname": "Modal_Logics_for_NTS",
"title": "Modal Logics for Nominal Transition Systems",
"topic_links": [
"computer-science/concurrency/process-calculi",
"logic/general-logic/modal-logic"
],
"topics": [
"Computer science/Concurrency/Process calculi",
"Logic/General logic/Modal logic"
],
"used_by": 0
},
{
"abstract": "We mechanize proofs of several results from the matching with contracts literature, which generalize those of the classical two-sided matching scenarios that go by the name of stable marriage. Our focus is on game theoretic issues. Along the way we develop executable algorithms for computing optimal stable matches.",
"authors": [
"Peter Gammie"
],
"date": "2016-10-24",
- "id": 384,
+ "id": 389,
"link": "/entries/Stable_Matching.html",
"permalink": "/entries/Stable_Matching.html",
"shortname": "Stable_Matching",
"title": "Stable Matching",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "We present LOFT — Linux firewall OpenFlow Translator, a system that transforms the main routing table and FORWARD chain of iptables of a Linux-based firewall into a set of static OpenFlow rules. Our implementation is verified against a model of a simplified Linux-based router and we can directly show how much of the original functionality is preserved.",
"authors": [
"Julius Michaelis",
"Cornelius Diekmann"
],
"date": "2016-10-21",
- "id": 385,
+ "id": 390,
"link": "/entries/LOFT.html",
"permalink": "/entries/LOFT.html",
"shortname": "LOFT",
"title": "LOFT — Verified Migration of Linux Firewalls to SDN",
"topic_links": [
"computer-science/networks"
],
"topics": [
"Computer science/Networks"
],
"used_by": 0
},
{
"abstract": "We formalise the SPARCv8 instruction set architecture (ISA) which is used in processors such as LEON3. Our formalisation can be specialised to any SPARCv8 CPU, here we use LEON3 as a running example. Our model covers the operational semantics for all the instructions in the integer unit of the SPARCv8 architecture and it supports Isabelle code export, which effectively turns the Isabelle model into a SPARCv8 CPU simulator. We prove the language-based non-interference property for the LEON3 processor. Our model is based on deterministic monad, which is a modified version of the non-deterministic monad from NICTA/l4v.",
"authors": [
"Zhe Hou",
"David Sanan",
"Alwen Tiu",
"Yang Liu"
],
"date": "2016-10-19",
- "id": 386,
+ "id": 391,
"link": "/entries/SPARCv8.html",
"permalink": "/entries/SPARCv8.html",
"shortname": "SPARCv8",
"title": "A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor",
"topic_links": [
"computer-science/security",
"computer-science/hardware"
],
"topics": [
"Computer science/Security",
"Computer science/Hardware"
],
"used_by": 0
},
{
"abstract": "This document contains a proof of the necessary condition on the code rate of a source code, namely that this code rate is bounded by the entropy of the source. This represents one half of Shannon's source coding theorem, which is itself an equivalence.",
"authors": [
"Quentin Hibon",
"Lawrence C. Paulson"
],
"date": "2016-10-19",
- "id": 387,
+ "id": 392,
"link": "/entries/Source_Coding_Theorem.html",
"permalink": "/entries/Source_Coding_Theorem.html",
"shortname": "Source_Coding_Theorem",
"title": "Source Coding Theorem",
"topic_links": [
"mathematics/probability-theory"
],
"topics": [
"Mathematics/Probability theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eWe formalize the Berlekamp-Zassenhaus algorithm for factoring square-free integer polynomials in Isabelle/HOL. We further adapt an existing formalization of Yun’s square-free factorization algorithm to integer polynomials, and thus provide an efficient and certified factorization algorithm for arbitrary univariate polynomials. \u003c/p\u003e \u003cp\u003eThe algorithm first performs a factorization in the prime field GF(p) and then performs computations in the integer ring modulo p^k, where both p and k are determined at runtime. Since a natural modeling of these structures via dependent types is not possible in Isabelle/HOL, we formalize the whole algorithm using Isabelle’s recent addition of local type definitions. \u003c/p\u003e \u003cp\u003eThrough experiments we verify that our algorithm factors polynomials of degree 100 within seconds. \u003c/p\u003e",
"authors": [
"Jose Divasón",
"Sebastiaan J. C. Joosten",
"René Thiemann",
"Akihisa Yamada"
],
"date": "2016-10-14",
- "id": 388,
+ "id": 393,
"link": "/entries/Berlekamp_Zassenhaus.html",
"permalink": "/entries/Berlekamp_Zassenhaus.html",
"shortname": "Berlekamp_Zassenhaus",
"title": "The Factorization Algorithm of Berlekamp and Zassenhaus",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 7
},
{
"abstract": "This entry provides a geometric proof of the intersecting chords theorem. The theorem states that when two chords intersect each other inside a circle, the products of their segments are equal. After a short review of existing proofs in the literature, I decided to use a proof approach that employs reasoning about lengths of line segments, the orthogonality of two lines and the Pythagoras Law. Hence, one can understand the formalized proof easily with the knowledge of a few general geometric facts that are commonly taught in high-school. This theorem is the 55th theorem of the Top 100 Theorems list.",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-10-11",
- "id": 389,
+ "id": 394,
"link": "/entries/Chord_Segments.html",
"permalink": "/entries/Chord_Segments.html",
"shortname": "Chord_Segments",
"title": "Intersecting Chords Theorem",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "Lp is the space of functions whose p-th power is integrable. It is one of the most fundamental Banach spaces that is used in analysis and probability. We develop a framework for function spaces, and then implement the Lp spaces in this framework using the existing integration theory in Isabelle/HOL. Our development contains most fundamental properties of Lp spaces, notably the Hölder and Minkowski inequalities, completeness of Lp, duality, stability under almost sure convergence, multiplication of functions in Lp and Lq, stability under conditional expectation.",
"authors": [
"Sebastien Gouezel"
],
"date": "2016-10-05",
- "id": 390,
+ "id": 395,
"link": "/entries/Lp.html",
"permalink": "/entries/Lp.html",
"shortname": "Lp",
"title": "Lp spaces",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThis work defines and proves the correctness of the Fisher–Yates algorithm for shuffling – i.e. producing a random permutation – of a list. The algorithm proceeds by traversing the list and in each step swapping the current element with a random element from the remaining list.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2016-09-30",
- "id": 391,
+ "id": 396,
"link": "/entries/Fisher_Yates.html",
"permalink": "/entries/Fisher_Yates.html",
"shortname": "Fisher_Yates",
"title": "Fisher–Yates shuffle",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "Allen’s interval calculus is a qualitative temporal representation of time events. Allen introduced 13 binary relations that describe all the possible arrangements between two events, i.e. intervals with non-zero finite length. The compositions are pertinent to reasoning about knowledge of time. In particular, a consistency problem of relation constraints is commonly solved with a guideline from these compositions. We formalize the relations together with an axiomatic system. We proof the validity of the 169 compositions of these relations. We also define nests as the sets of intervals that share a meeting point. We prove that nests give the ordering properties of points without introducing a new datatype for points. [1] J.F. Allen. Maintaining Knowledge about Temporal Intervals. In Commun. ACM, volume 26, pages 832–843, 1983. [2] J. F. Allen and P. J. Hayes. A Common-sense Theory of Time. In Proceedings of the 9th International Joint Conference on Artificial Intelligence (IJCAI’85), pages 528–531, 1985.",
"authors": [
"Fadoua Ghourabi"
],
"date": "2016-09-29",
- "id": 392,
+ "id": 397,
"link": "/entries/Allen_Calculus.html",
"permalink": "/entries/Allen_Calculus.html",
"shortname": "Allen_Calculus",
"title": "Allen's Interval Calculus",
"topic_links": [
"logic/general-logic/temporal-logic",
"mathematics/order"
],
"topics": [
"Logic/General logic/Temporal logic",
"Mathematics/Order"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization defines recursive path orders (RPOs) for higher-order terms without lambda-abstraction and proves many useful properties about them. The main order fully coincides with the standard RPO on first-order terms also in the presence of currying, distinguishing it from previous work. An optimized variant is formalized as well. It appears promising as the basis of a higher-order superposition calculus.",
"authors": [
"Jasmin Christian Blanchette",
"Uwe Waldmann",
"Daniel Wand"
],
"date": "2016-09-23",
- "id": 393,
+ "id": 398,
"link": "/entries/Lambda_Free_RPOs.html",
"permalink": "/entries/Lambda_Free_RPOs.html",
"shortname": "Lambda_Free_RPOs",
"title": "Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 5
},
{
"abstract": "We present a big step semantics of the filtering behavior of the Linux/netfilter iptables firewall. We provide algorithms to simplify complex iptables rulests to a simple firewall model (c.f. AFP entry \u003ca href=\"https://www.isa-afp.org/entries/Simple_Firewall.html\"\u003eSimple_Firewall\u003c/a\u003e) and to verify spoofing protection of a ruleset. Internally, we embed our semantics into ternary logic, ultimately supporting every iptables match condition by abstracting over unknowns. Using this AFP entry and all entries it depends on, we created an easy-to-use, stand-alone haskell tool called \u003ca href=\"http://iptables.isabelle.systems\"\u003efffuu\u003c/a\u003e. The tool does not require any input \u0026mdash;except for the \u003ctt\u003eiptables-save\u003c/tt\u003e dump of the analyzed firewall\u0026mdash; and presents interesting results about the user's ruleset. Real-Word firewall errors have been uncovered, and the correctness of rulesets has been proved, with the help of our tool.",
"authors": [
"Cornelius Diekmann",
"Lars Hupel"
],
"date": "2016-09-09",
- "id": 394,
+ "id": 399,
"link": "/entries/Iptables_Semantics.html",
"permalink": "/entries/Iptables_Semantics.html",
"shortname": "Iptables_Semantics",
"title": "Iptables Semantics",
"topic_links": [
"computer-science/networks"
],
"topics": [
"Computer science/Networks"
],
"used_by": 2
},
{
"abstract": "We provide a formalization of a variant of the superposition calculus, together with formal proofs of soundness and refutational completeness (w.r.t. the usual redundancy criteria based on clause ordering). This version of the calculus uses all the standard restrictions of the superposition rules, together with the following refinement, inspired by the basic superposition calculus: each clause is associated with a set of terms which are assumed to be in normal form -- thus any application of the replacement rule on these terms is blocked. The set is initially empty and terms may be added or removed at each inference step. The set of terms that are assumed to be in normal form includes any term introduced by previous unifiers as well as any term occurring in the parent clauses at a position that is smaller (according to some given ordering on positions) than a previously replaced term. The standard superposition calculus corresponds to the case where the set of irreducible terms is always empty.",
"authors": [
"Nicolas Peltier"
],
"date": "2016-09-06",
- "id": 395,
+ "id": 400,
"link": "/entries/SuperCalc.html",
"permalink": "/entries/SuperCalc.html",
"shortname": "SuperCalc",
"title": "A Variant of the Superposition Calculus",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "A range of algebras between lattices and Boolean algebras generalise the notion of a complement. We develop a hierarchy of these pseudo-complemented algebras that includes Stone algebras. Independently of this theory we study filters based on partial orders. Both theories are combined to prove Chen and Grätzer's construction theorem for Stone algebras. The latter involves extensive reasoning about algebraic structures in addition to reasoning in algebraic structures.",
"authors": [
"Walter Guttmann"
],
"date": "2016-09-06",
- "id": 396,
+ "id": 401,
"link": "/entries/Stone_Algebras.html",
"permalink": "/entries/Stone_Algebras.html",
"shortname": "Stone_Algebras",
"title": "Stone Algebras",
"topic_links": [
"mathematics/order"
],
"topics": [
"Mathematics/Order"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThis work contains a proof of Stirling's formula both for the factorial $n! \\sim \\sqrt{2\\pi n} (n/e)^n$ on natural numbers and the real Gamma function $\\Gamma(x)\\sim \\sqrt{2\\pi/x} (x/e)^x$. The proof is based on work by \u003ca href=\"http://www.maths.lancs.ac.uk/~jameson/stirlgamma.pdf\"\u003eGraham Jameson\u003c/a\u003e.\u003c/p\u003e \u003cp\u003eThis is then extended to the full asymptotic expansion $$\\log\\Gamma(z) = \\big(z - \\tfrac{1}{2}\\big)\\log z - z + \\tfrac{1}{2}\\log(2\\pi) + \\sum_{k=1}^{n-1} \\frac{B_{k+1}}{k(k+1)} z^{-k}\\\\ {} - \\frac{1}{n} \\int_0^\\infty B_n([t])(t + z)^{-n}\\,\\text{d}t$$ uniformly for all complex $z\\neq 0$ in the cone $\\text{arg}(z)\\leq \\alpha$ for any $\\alpha\\in(0,\\pi)$, with which the above asymptotic relation for \u0026Gamma; is also extended to complex arguments.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2016-09-01",
- "id": 397,
+ "id": 402,
"link": "/entries/Stirling_Formula.html",
"permalink": "/entries/Stirling_Formula.html",
"shortname": "Stirling_Formula",
"title": "Stirling's formula",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 5
},
{
"abstract": "This entry contains definitions for routing with routing tables/longest prefix matching. A routing table entry is modelled as a record of a prefix match, a metric, an output port, and an optional next hop. A routing table is a list of entries, sorted by prefix length and metric. Additionally, a parser and serializer for the output of the ip-route command, a function to create a relation from output port to corresponding destination IP space, and a model of a Linux-style router are included.",
"authors": [
"Julius Michaelis",
"Cornelius Diekmann"
],
"date": "2016-08-31",
- "id": 398,
+ "id": 403,
"link": "/entries/Routing.html",
"permalink": "/entries/Routing.html",
"shortname": "Routing",
"title": "Routing",
"topic_links": [
"computer-science/networks"
],
"topics": [
"Computer science/Networks"
],
"used_by": 1
},
{
"abstract": "We present a simple model of a firewall. The firewall can accept or drop a packet and can match on interfaces, IP addresses, protocol, and ports. It was designed to feature nice mathematical properties: The type of match expressions was carefully crafted such that the conjunction of two match expressions is only one match expression. This model is too simplistic to mirror all aspects of the real world. In the upcoming entry \"Iptables Semantics\", we will translate the Linux firewall iptables to this model. For a fixed service (e.g. ssh, http), we provide an algorithm to compute an overview of the firewall's filtering behavior. The algorithm computes minimal service matrices, i.e. graphs which partition the complete IPv4 and IPv6 address space and visualize the allowed accesses between partitions. For a detailed description, see \u003ca href=\"http://dl.ifip.org/db/conf/networking/networking2016/1570232858.pdf\"\u003eVerified iptables Firewall Analysis\u003c/a\u003e, IFIP Networking 2016.",
"authors": [
"Cornelius Diekmann",
"Julius Michaelis",
"Max W. Haslbeck"
],
"date": "2016-08-24",
- "id": 399,
+ "id": 404,
"link": "/entries/Simple_Firewall.html",
"permalink": "/entries/Simple_Firewall.html",
"shortname": "Simple_Firewall",
"title": "Simple Firewall",
"topic_links": [
"computer-science/networks"
],
"topics": [
"Computer science/Networks"
],
"used_by": 1
},
{
"abstract": "TRACER is a tool for verifying safety properties of sequential C programs. TRACER attempts at building a finite symbolic execution graph which over-approximates the set of all concrete reachable states and the set of feasible paths. We present an abstract framework for TRACER and similar CEGAR-like systems. The framework provides 1) a graph- transformation based method for reducing the feasible paths in control-flow graphs, 2) a model for symbolic execution, subsumption, predicate abstraction and invariant generation. In this framework we formally prove two key properties: correct construction of the symbolic states and preservation of feasible paths. The framework focuses on core operations, leaving to concrete prototypes to “fit in” heuristics for combining them. The accompanying paper (published in ITP 2016) can be found at https://www.lri.fr/∼wolff/papers/conf/2016-itp-InfPathsNSE.pdf.",
"authors": [
"Romain Aissat",
"Frederic Voisin",
"Burkhart Wolff"
],
"date": "2016-08-18",
- "id": 400,
+ "id": 405,
"link": "/entries/InfPathElimination.html",
"permalink": "/entries/InfPathElimination.html",
"shortname": "InfPathElimination",
"title": "Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 0
},
{
"abstract": "We present a formalization of the Ford-Fulkerson method for computing the maximum flow in a network. Our formal proof closely follows a standard textbook proof, and is accessible even without being an expert in Isabelle/HOL--- the interactive theorem prover used for the formalization. We then use stepwise refinement to obtain the Edmonds-Karp algorithm, and formally prove a bound on its complexity. Further refinement yields a verified implementation, whose execution time compares well to an unverified reference implementation in Java. This entry is based on our ITP-2016 paper with the same title.",
"authors": [
"Peter Lammich",
"S. Reza Sefidgar"
],
"date": "2016-08-12",
- "id": 401,
+ "id": 406,
"link": "/entries/EdmondsKarp_Maxflow.html",
"permalink": "/entries/EdmondsKarp_Maxflow.html",
"shortname": "EdmondsKarp_Maxflow",
"title": "Formalizing the Edmonds-Karp Algorithm",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 1
},
{
"abstract": "We present the Imperative Refinement Framework (IRF), a tool that supports a stepwise refinement based approach to imperative programs. This entry is based on the material we presented in [ITP-2015, CPP-2016]. It uses the Monadic Refinement Framework as a frontend for the specification of the abstract programs, and Imperative/HOL as a backend to generate executable imperative programs. The IRF comes with tool support to synthesize imperative programs from more abstract, functional ones, using efficient imperative implementations for the abstract data structures. This entry also includes the Imperative Isabelle Collection Framework (IICF), which provides a library of re-usable imperative collection data structures. Moreover, this entry contains a quickstart guide and a reference manual, which provide an introduction to using the IRF for Isabelle/HOL experts. It also provids a collection of (partly commented) practical examples, some highlights being Dijkstra's Algorithm, Nested-DFS, and a generic worklist algorithm with subsumption. Finally, this entry contains benchmark scripts that compare the runtime of some examples against reference implementations of the algorithms in Java and C++. [ITP-2015] Peter Lammich: Refinement to Imperative/HOL. ITP 2015: 253--269 [CPP-2016] Peter Lammich: Refinement based verification of imperative data structures. CPP 2016: 27--36",
"authors": [
"Peter Lammich"
],
"date": "2016-08-08",
- "id": 402,
+ "id": 407,
"link": "/entries/Refine_Imperative_HOL.html",
"permalink": "/entries/Refine_Imperative_HOL.html",
"shortname": "Refine_Imperative_HOL",
"title": "The Imperative Refinement Framework",
"topic_links": [
"computer-science/semantics-and-reasoning",
"computer-science/data-structures"
],
"topics": [
"Computer science/Semantics and reasoning",
"Computer science/Data structures"
],
"used_by": 5
},
{
"abstract": "This entry provides an analytic proof to Ptolemy's Theorem using polar form transformation and trigonometric identities. In this formalization, we use ideas from John Harrison's HOL Light formalization and the proof sketch on the Wikipedia entry of Ptolemy's Theorem. This theorem is the 95th theorem of the Top 100 Theorems list.",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-08-07",
- "id": 403,
+ "id": 408,
"link": "/entries/Ptolemys_Theorem.html",
"permalink": "/entries/Ptolemys_Theorem.html",
"shortname": "Ptolemys_Theorem",
"title": "Ptolemy's Theorem",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "In 1964, Fitch showed that the paradox of the surprise hanging can be resolved by showing that the judge’s verdict is inconsistent. His formalization builds on Gödel’s coding of provability. In this theory, we reproduce his proof in Isabelle, building on Paulson’s formalisation of Gödel’s incompleteness theorems.",
"authors": [
"Joachim Breitner"
],
"date": "2016-07-17",
- "id": 404,
+ "id": 409,
"link": "/entries/Surprise_Paradox.html",
"permalink": "/entries/Surprise_Paradox.html",
"shortname": "Surprise_Paradox",
"title": "Surprise Paradox",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "This library defines three different versions of pairing heaps: a functional version of the original design based on binary trees [Fredman et al. 1986], the version by Okasaki [1998] and a modified version of the latter that is free of structural invariants. \u003cp\u003e The amortized complexity of pairing heaps is analyzed in the AFP article \u003ca href=\"http://isa-afp.org/entries/Amortized_Complexity.html\"\u003eAmortized Complexity\u003c/a\u003e.",
"authors": [
"Hauke Brinkop",
"Tobias Nipkow"
],
"date": "2016-07-14",
- "id": 405,
+ "id": 410,
"link": "/entries/Pairing_Heap.html",
"permalink": "/entries/Pairing_Heap.html",
"shortname": "Pairing_Heap",
"title": "Pairing Heap",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003e This entry presents a framework for the modular verification of DFS-based algorithms, which is described in our [CPP-2015] paper. It provides a generic DFS algorithm framework, that can be parameterized with user-defined actions on certain events (e.g. discovery of new node). It comes with an extensible library of invariants, which can be used to derive invariants of a specific parameterization. Using refinement techniques, efficient implementations of the algorithms can easily be derived. Here, the framework comes with templates for a recursive and a tail-recursive implementation, and also with several templates for implementing the data structures required by the DFS algorithm. Finally, this entry contains a set of re-usable DFS-based algorithms, which illustrate the application of the framework. \u003c/p\u003e\u003cp\u003e [CPP-2015] Peter Lammich, René Neumann: A Framework for Verifying Depth-First Search Algorithms. CPP 2015: 137-146\u003c/p\u003e",
"authors": [
"Peter Lammich",
"René Neumann"
],
"date": "2016-07-05",
- "id": 406,
+ "id": 411,
"link": "/entries/DFS_Framework.html",
"permalink": "/entries/DFS_Framework.html",
"shortname": "DFS_Framework",
"title": "A Framework for Verifying Depth-First Search Algorithms",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 4
},
{
"abstract": "We provide a basic formal framework for the theory of chamber complexes and Coxeter systems, and for buildings as thick chamber complexes endowed with a system of apartments. Along the way, we develop some of the general theory of abstract simplicial complexes and of groups (relying on the \u003ci\u003egroup_add\u003c/i\u003e class for the basics), including free groups and group presentations, and their universal properties. The main results verified are that the deletion condition is both necessary and sufficient for a group with a set of generators of order two to be a Coxeter system, and that the apartments in a (thick) building are all uniformly Coxeter.",
"authors": [
"Jeremy Sylvestre"
],
"date": "2016-07-01",
- "id": 407,
+ "id": 412,
"link": "/entries/Buildings.html",
"permalink": "/entries/Buildings.html",
"shortname": "Buildings",
"title": "Chamber Complexes, Coxeter Systems, and Buildings",
"topic_links": [
"mathematics/algebra",
"mathematics/geometry"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "This theory is a formalization of the resolution calculus for first-order logic. It is proven sound and complete. The soundness proof uses the substitution lemma, which shows a correspondence between substitutions and updates to an environment. The completeness proof uses semantic trees, i.e. trees whose paths are partial Herbrand interpretations. It employs Herbrand's theorem in a formulation which states that an unsatisfiable set of clauses has a finite closed semantic tree. It also uses the lifting lemma which lifts resolution derivation steps from the ground world up to the first-order world. The theory is presented in a paper in the Journal of Automated Reasoning [Sch18] which extends a paper presented at the International Conference on Interactive Theorem Proving [Sch16]. An earlier version was presented in an MSc thesis [Sch15]. The formalization mostly follows textbooks by Ben-Ari [BA12], Chang and Lee [CL73], and Leitsch [Lei97]. The theory is part of the IsaFoL project [IsaFoL]. \u003cp\u003e \u003ca name=\"Sch18\"\u003e\u003c/a\u003e[Sch18] Anders Schlichtkrull. \"Formalization of the Resolution Calculus for First-Order Logic\". Journal of Automated Reasoning, 2018.\u003cbr\u003e \u003ca name=\"Sch16\"\u003e\u003c/a\u003e[Sch16] Anders Schlichtkrull. \"Formalization of the Resolution Calculus for First-Order Logic\". In: ITP 2016. Vol. 9807. LNCS. Springer, 2016.\u003cbr\u003e \u003ca name=\"Sch15\"\u003e\u003c/a\u003e[Sch15] Anders Schlichtkrull. \u003ca href=\"https://people.compute.dtu.dk/andschl/Thesis.pdf\"\u003e \"Formalization of Resolution Calculus in Isabelle\"\u003c/a\u003e. \u003ca href=\"https://people.compute.dtu.dk/andschl/Thesis.pdf\"\u003ehttps://people.compute.dtu.dk/andschl/Thesis.pdf\u003c/a\u003e. MSc thesis. Technical University of Denmark, 2015.\u003cbr\u003e \u003ca name=\"BA12\"\u003e\u003c/a\u003e[BA12] Mordechai Ben-Ari. \u003ci\u003eMathematical Logic for Computer Science\u003c/i\u003e. 3rd. Springer, 2012.\u003cbr\u003e \u003ca name=\"CL73\"\u003e\u003c/a\u003e[CL73] Chin-Liang Chang and Richard Char-Tung Lee. \u003ci\u003eSymbolic Logic and Mechanical Theorem Proving\u003c/i\u003e. 1st. Academic Press, Inc., 1973.\u003cbr\u003e \u003ca name=\"Lei97\"\u003e\u003c/a\u003e[Lei97] Alexander Leitsch. \u003ci\u003eThe Resolution Calculus\u003c/i\u003e. Texts in theoretical computer science. Springer, 1997.\u003cbr\u003e \u003ca name=\"IsaFoL\"\u003e\u003c/a\u003e[IsaFoL] IsaFoL authors. \u003ca href=\"https://bitbucket.org/jasmin_blanchette/isafol\"\u003e IsaFoL: Isabelle Formalization of Logic\u003c/a\u003e. \u003ca href=\"https://bitbucket.org/jasmin_blanchette/isafol\"\u003ehttps://bitbucket.org/jasmin_blanchette/isafol\u003c/a\u003e.",
"authors": [
"Anders Schlichtkrull"
],
"date": "2016-06-30",
- "id": 408,
+ "id": 413,
"link": "/entries/Resolution_FOL.html",
"permalink": "/entries/Resolution_FOL.html",
"shortname": "Resolution_FOL",
"title": "The Resolution Calculus for First-Order Logic",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "We formalize the Z property introduced by Dehornoy and van Oostrom. First we show that for any abstract rewrite system, Z implies confluence. Then we give two examples of proofs using Z: confluence of lambda-calculus with respect to beta-reduction and confluence of combinatory logic.",
"authors": [
"Bertram Felgenhauer",
"Julian Nagele",
"Vincent van Oostrom",
"Christian Sternagel"
],
"date": "2016-06-30",
- "id": 409,
+ "id": 414,
"link": "/entries/Rewriting_Z.html",
"permalink": "/entries/Rewriting_Z.html",
"shortname": "Rewriting_Z",
"title": "The Z Property",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "The paper \"Compositional Verification and Refinement of Concurrent Value-Dependent Noninterference\" by Murray et. al. (CSF 2016) presents a compositional theory of refinement for a value-dependent noninterference property, defined in (Murray, PLAS 2015), for concurrent programs. This development formalises that refinement theory, and demonstrates its application on some small examples.",
"authors": [
"Toby Murray",
"Robert Sison",
"Edward Pierzchalski",
"Christine Rizkallah"
],
"date": "2016-06-28",
- "id": 410,
+ "id": 415,
"link": "/entries/Dependent_SIFUM_Refinement.html",
"permalink": "/entries/Dependent_SIFUM_Refinement.html",
"shortname": "Dependent_SIFUM_Refinement",
"title": "Compositional Security-Preserving Refinement for Concurrent Imperative Programs",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This entry contains a definition of IP addresses and a library to work with them. Generic IP addresses are modeled as machine words of arbitrary length. Derived from this generic definition, IPv4 addresses are 32bit machine words, IPv6 addresses are 128bit words. Additionally, IPv4 addresses can be represented in dot-decimal notation and IPv6 addresses in (compressed) colon-separated notation. We support toString functions and parsers for both notations. Sets of IP addresses can be represented with a netmask (e.g. 192.168.0.0/255.255.0.0) or in CIDR notation (e.g. 192.168.0.0/16). To provide executable code for set operations on IP address ranges, the library includes a datatype to work on arbitrary intervals of machine words.",
"authors": [
"Cornelius Diekmann",
"Julius Michaelis",
"Lars Hupel"
],
"date": "2016-06-28",
- "id": 411,
+ "id": 416,
"link": "/entries/IP_Addresses.html",
"permalink": "/entries/IP_Addresses.html",
"shortname": "IP_Addresses",
"title": "IP Addresses",
"topic_links": [
"computer-science/networks"
],
"topics": [
"Computer science/Networks"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis entry provides three lemmas to count the number of multisets of a given size and finite carrier set. The first lemma provides a cardinality formula assuming that the multiset's elements are chosen from the given carrier set. The latter two lemmas provide formulas assuming that the multiset's elements also cover the given carrier set, i.e., each element of the carrier set occurs in the multiset at least once.\u003c/p\u003e \u003cp\u003eThe proof of the first lemma uses the argument of the recurrence relation for counting multisets. The proof of the second lemma is straightforward, and the proof of the third lemma is easily obtained using the first cardinality lemma. A challenge for the formalization is the derivation of the required induction rule, which is a special combination of the induction rules for finite sets and natural numbers. The induction rule is derived by defining a suitable inductive predicate and transforming the predicate's induction rule.\u003c/p\u003e",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-06-26",
- "id": 412,
+ "id": 417,
"link": "/entries/Card_Multisets.html",
"permalink": "/entries/Card_Multisets.html",
"shortname": "Card_Multisets",
"title": "Cardinality of Multisets",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e This article attempts to develop a usable framework for doing category theory in Isabelle/HOL. Our point of view, which to some extent differs from that of the previous AFP articles on the subject, is to try to explore how category theory can be done efficaciously within HOL, rather than trying to match exactly the way things are done using a traditional approach. To this end, we define the notion of category in an \"object-free\" style, in which a category is represented by a single partial composition operation on arrows. This way of defining categories provides some advantages in the context of HOL, including the ability to avoid the use of records and the possibility of defining functors and natural transformations simply as certain functions on arrows, rather than as composite objects. We define various constructions associated with the basic notions, including: dual category, product category, functor category, discrete category, free category, functor composition, and horizontal and vertical composite of natural transformations. A \"set category\" locale is defined that axiomatizes the notion \"category of all sets at a type and all functions between them,\" and a fairly extensive set of properties of set categories is derived from the locale assumptions. The notion of a set category is used to prove the Yoneda Lemma in a general setting of a category equipped with a \"hom embedding,\" which maps arrows of the category to the \"universe\" of the set category. We also give a treatment of adjunctions, defining adjunctions via left and right adjoint functors, natural bijections between hom-sets, and unit and counit natural transformations, and showing the equivalence of these definitions. We also develop the theory of limits, including representations of functors, diagrams and cones, and diagonal functors. We show that right adjoint functors preserve limits, and that limits can be constructed via products and equalizers. We characterize the conditions under which limits exist in a set category. We also examine the case of limits in a functor category, ultimately culminating in a proof that the Yoneda embedding preserves limits. \u003c/p\u003e\u003cp\u003e Revisions made subsequent to the first version of this article added material on equivalence of categories, cartesian categories, categories with pullbacks, categories with finite limits, and cartesian closed categories. A construction was given of the category of hereditarily finite sets and functions between them, and it was shown that this category is cartesian closed. Using \"ZFC_in_HOL\", a construction was also given of the (large) category of small sets and functions between them, and it was shown that this category is small-complete. \u003c/p\u003e",
"authors": [
"Eugene W. Stark"
],
"date": "2016-06-26",
- "id": 413,
+ "id": 418,
"link": "/entries/Category3.html",
"permalink": "/entries/Category3.html",
"shortname": "Category3",
"title": "Category Theory with Adjunctions and Limits",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 1
},
{
"abstract": "The paper \"Compositional Verification and Refinement of Concurrent Value-Dependent Noninterference\" by Murray et. al. (CSF 2016) presents a dependent security type system for compositionally verifying a value-dependent noninterference property, defined in (Murray, PLAS 2015), for concurrent programs. This development formalises that security definition, the type system and its soundness proof, and demonstrates its application on some small examples. It was derived from the SIFUM_Type_Systems AFP entry, by Sylvia Grewe, Heiko Mantel and Daniel Schoepe, and whose structure it inherits.",
"authors": [
"Toby Murray",
"Robert Sison",
"Edward Pierzchalski",
"Christine Rizkallah"
],
"date": "2016-06-25",
- "id": 414,
+ "id": 419,
"link": "/entries/Dependent_SIFUM_Type_Systems.html",
"permalink": "/entries/Dependent_SIFUM_Type_Systems.html",
"shortname": "Dependent_SIFUM_Type_Systems",
"title": "A Dependent Security Type System for Concurrent Imperative Programs",
"topic_links": [
"computer-science/security",
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Security",
"Computer science/Programming languages/Type systems"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eIn this work, we define the Catalan numbers \u003cem\u003eC\u003csub\u003en\u003c/sub\u003e\u003c/em\u003e and prove several equivalent definitions (including some closed-form formulae). We also show one of their applications (counting the number of binary trees of size \u003cem\u003en\u003c/em\u003e), prove the asymptotic growth approximation \u003cem\u003eC\u003csub\u003en\u003c/sub\u003e \u0026sim; 4\u003csup\u003en\u003c/sup\u003e / (\u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e\u0026pi;\u003c/span\u003e \u0026middot; n\u003csup\u003e1.5\u003c/sup\u003e)\u003c/em\u003e, and provide reasonably efficient executable code to compute them.\u003c/p\u003e \u003cp\u003eThe derivation of the closed-form formulae uses algebraic manipulations of the ordinary generating function of the Catalan numbers, and the asymptotic approximation is then done using generalised binomial coefficients and the Gamma function. Thanks to these highly non-elementary mathematical tools, the proofs are very short and simple.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2016-06-21",
- "id": 415,
+ "id": 420,
"link": "/entries/Catalan_Numbers.html",
"permalink": "/entries/Catalan_Numbers.html",
"shortname": "Catalan_Numbers",
"title": "Catalan Numbers",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "Variants of Kleene algebra support program construction and verification by algebraic reasoning. This entry provides a verification component for Hoare logic based on Kleene algebra with tests, verification components for weakest preconditions and strongest postconditions based on Kleene algebra with domain and a component for step-wise refinement based on refinement Kleene algebra with tests. In addition to these components for the partial correctness of while programs, a verification component for total correctness based on divergence Kleene algebras and one for (partial correctness) of recursive programs based on domain quantales are provided. Finally we have integrated memory models for programs with pointers and a program trace semantics into the weakest precondition component.",
"authors": [
"Victor B. F. Gomes",
"Georg Struth"
],
"date": "2016-06-18",
- "id": 416,
+ "id": 421,
"link": "/entries/Algebraic_VCs.html",
"permalink": "/entries/Algebraic_VCs.html",
"shortname": "Algebraic_VCs",
"title": "Program Construction and Verification Components Based on Kleene Algebra",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eIn his outstanding work on Communicating Sequential Processes, Hoare has defined two fundamental binary operations allowing to compose the input processes into another, typically more complex, process: sequential composition and concurrent composition. Particularly, the output of the latter operation is a process in which any event not shared by both operands can occur whenever the operand that admits the event can engage in it, whereas any event shared by both operands can occur just in case both can engage in it.\u003c/p\u003e \u003cp\u003eThis paper formalizes Hoare's definition of concurrent composition and proves, in the general case of a possibly intransitive policy, that CSP noninterference security is conserved under this operation. This result, along with the previous analogous one concerning sequential composition, enables the construction of more and more complex processes enforcing noninterference security by composing, sequentially or concurrently, simpler secure processes, whose security can in turn be proven using either the definition of security, or unwinding theorems.\u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2016-06-13",
- "id": 417,
+ "id": 422,
"link": "/entries/Noninterference_Concurrent_Composition.html",
"permalink": "/entries/Noninterference_Concurrent_Composition.html",
"shortname": "Noninterference_Concurrent_Composition",
"title": "Conservation of CSP Noninterference Security under Concurrent Composition",
"topic_links": [
"computer-science/security",
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Security",
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "This entry contains an extension to the Isabelle library for fixed-width machine words. In particular, the entry adds quickcheck setup for words, printing as hexadecimals, additional operations, reasoning about alignment, signed words, enumerations of words, normalisation of word numerals, and an extensive library of properties about generic fixed-width words, as well as an instantiation of many of these to the commonly used 32 and 64-bit bases.",
"authors": [
"Joel Beeren",
"Matthew Fernandez",
"Xin Gao",
"Gerwin Klein",
"Rafal Kolanski",
"Japheth Lim",
"Corey Lewis",
"Daniel Matichuk",
"Thomas Sewell"
],
"date": "2016-06-09",
- "id": 418,
+ "id": 423,
"link": "/entries/Word_Lib.html",
"permalink": "/entries/Word_Lib.html",
"shortname": "Word_Lib",
"title": "Finite Machine Word Library",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 8
},
{
"abstract": "We formalize tree decompositions and tree width in Isabelle/HOL, proving that trees have treewidth 1. We also show that every edge of a tree decomposition is a separation of the underlying graph. As an application of this theorem we prove that complete graphs of size n have treewidth n-1.",
"authors": [
"Christoph Dittmann"
],
"date": "2016-05-31",
- "id": 419,
+ "id": 424,
"link": "/entries/Tree_Decomposition.html",
"permalink": "/entries/Tree_Decomposition.html",
"shortname": "Tree_Decomposition",
"title": "Tree Decomposition",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "This entry provides formulae for counting the number of equivalence relations and partial equivalence relations over a finite carrier set with given cardinality. To count the number of equivalence relations, we provide bijections between equivalence relations and set partitions, and then transfer the main results of the two AFP entries, Cardinality of Set Partitions and Spivey's Generalized Recurrence for Bell Numbers, to theorems on equivalence relations. To count the number of partial equivalence relations, we observe that counting partial equivalence relations over a set A is equivalent to counting all equivalence relations over all subsets of the set A. From this observation and the results on equivalence relations, we show that the cardinality of partial equivalence relations over a finite set of cardinality n is equal to the n+1-th Bell number.",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-05-24",
- "id": 420,
+ "id": 425,
"link": "/entries/Card_Equiv_Relations.html",
"permalink": "/entries/Card_Equiv_Relations.html",
"shortname": "Card_Equiv_Relations",
"title": "Cardinality of Equivalence Relations",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eBrzozowski introduced the notion of derivatives for regular expressions. They can be used for a very simple regular expression matching algorithm. Sulzmann and Lu cleverly extended this algorithm in order to deal with POSIX matching, which is the underlying disambiguation strategy for regular expressions needed in lexers. Their algorithm generates POSIX values which encode the information of how a regular expression matches a string--—that is, which part of the string is matched by which part of the regular expression. In this paper we give our inductive definition of what a POSIX value is and show (i) that such a value is unique (for given regular expression and string being matched) and (ii) that Sulzmann and Lu’s algorithm always generates such a value (provided that the regular expression matches the string). This holds also when optimisations are included. Finally we show that (iii) our inductive definition of a POSIX value is equivalent to an alternative definition by Okui and Suzuki which identifies POSIX values as least elements according to an ordering of values.\u003c/p\u003e",
"authors": [
"Fahad Ausaf",
"Roy Dyckhoff",
"Christian Urban"
],
"date": "2016-05-24",
- "id": 421,
+ "id": 426,
"link": "/entries/Posix-Lexing.html",
"permalink": "/entries/Posix-Lexing.html",
"shortname": "Posix-Lexing",
"title": "POSIX Lexing with Derivatives of Regular Expressions",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThe spectral radius of a matrix A is the maximum norm of all eigenvalues of A. In previous work we already formalized that for a complex matrix A, the values in A\u003csup\u003en\u003c/sup\u003e grow polynomially in n if and only if the spectral radius is at most one. One problem with the above characterization is the determination of all \u003cem\u003ecomplex\u003c/em\u003e eigenvalues. In case A contains only non-negative real values, a simplification is possible with the help of the Perron\u0026ndash;Frobenius theorem, which tells us that it suffices to consider only the \u003cem\u003ereal\u003c/em\u003e eigenvalues of A, i.e., applying Sturm's method can decide the polynomial growth of A\u003csup\u003en\u003c/sup\u003e. \u003c/p\u003e\u003cp\u003e We formalize the Perron\u0026ndash;Frobenius theorem based on a proof via Brouwer's fixpoint theorem, which is available in the HOL multivariate analysis (HMA) library. Since the results on the spectral radius is based on matrices in the Jordan normal form (JNF) library, we further develop a connection which allows us to easily transfer theorems between HMA and JNF. With this connection we derive the combined result: if A is a non-negative real matrix, and no real eigenvalue of A is strictly larger than one, then A\u003csup\u003en\u003c/sup\u003e is polynomially bounded in n. \u003c/p\u003e",
"authors": [
"Jose Divasón",
"Ondřej Kunčar",
"René Thiemann",
"Akihisa Yamada"
],
"date": "2016-05-20",
- "id": 422,
+ "id": 427,
"link": "/entries/Perron_Frobenius.html",
"permalink": "/entries/Perron_Frobenius.html",
"shortname": "Perron_Frobenius",
"title": "Perron-Frobenius Theorem for Spectral Radius Analysis",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 3
},
{
"abstract": "The \u003ca href=\"http://incredible.pm\"\u003eIncredible Proof Machine\u003c/a\u003e is an interactive visual theorem prover which represents proofs as port graphs. We model this proof representation in Isabelle, and prove that it is just as powerful as natural deduction.",
"authors": [
"Joachim Breitner",
"Denis Lohner"
],
"date": "2016-05-20",
- "id": 423,
+ "id": 428,
"link": "/entries/Incredible_Proof_Machine.html",
"permalink": "/entries/Incredible_Proof_Machine.html",
"shortname": "Incredible_Proof_Machine",
"title": "The meta theory of the Incredible Proof Machine",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "The impossibility of distributed consensus with one faulty process is a result with important consequences for real world distributed systems e.g., commits in replicated databases. Since proofs are not immune to faults and even plausible proofs with a profound formalism can conclude wrong results, we validate the fundamental result named FLP after Fischer, Lynch and Paterson. We present a formalization of distributed systems and the aforementioned consensus problem. Our proof is based on Hagen Völzer's paper \"A constructive proof for FLP\". In addition to the enhanced confidence in the validity of Völzer's proof, we contribute the missing gaps to show the correctness in Isabelle/HOL. We clarify the proof details and even prove fairness of the infinite execution that contradicts consensus. Our Isabelle formalization can also be reused for further proofs of properties of distributed systems.",
"authors": [
"Benjamin Bisping",
"Paul-David Brodmann",
"Tim Jungnickel",
"Christina Rickmann",
"Henning Seidler",
"Anke Stüber",
"Arno Wilhelm-Weidner",
"Kirstin Peters",
"Uwe Nestmann"
],
"date": "2016-05-18",
- "id": 424,
+ "id": 429,
"link": "/entries/FLP.html",
"permalink": "/entries/FLP.html",
"shortname": "FLP",
"title": "A Constructive Proof for FLP",
"topic_links": [
"computer-science/concurrency"
],
"topics": [
"Computer science/Concurrency"
],
"used_by": 0
},
{
"abstract": "This article formalises a proof of the maximum-flow minimal-cut theorem for networks with countably many edges. A network is a directed graph with non-negative real-valued edge labels and two dedicated vertices, the source and the sink. A flow in a network assigns non-negative real numbers to the edges such that for all vertices except for the source and the sink, the sum of values on incoming edges equals the sum of values on outgoing edges. A cut is a subset of the vertices which contains the source, but not the sink. Our theorem states that in every network, there is a flow and a cut such that the flow saturates all the edges going out of the cut and is zero on all the incoming edges. The proof is based on the paper \u003cemph\u003eThe Max-Flow Min-Cut theorem for countable networks\u003c/emph\u003e by Aharoni et al. Additionally, we prove a characterisation of the lifting operation for relations on discrete probability distributions, which leads to a concise proof of its distributivity over relation composition.",
"authors": [
"Andreas Lochbihler"
],
"date": "2016-05-09",
- "id": 425,
+ "id": 430,
"link": "/entries/MFMC_Countable.html",
"permalink": "/entries/MFMC_Countable.html",
"shortname": "MFMC_Countable",
"title": "A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 1
},
{
"abstract": "This work contains a formalisation of basic Randomised Social Choice, including Stochastic Dominance and Social Decision Schemes (SDSs) along with some of their most important properties (Anonymity, Neutrality, ex-post- and SD-Efficiency, SD-Strategy-Proofness) and two particular SDSs – Random Dictatorship and Random Serial Dictatorship (with proofs of the properties that they satisfy). Many important properties of these concepts are also proven – such as the two equivalent characterisations of Stochastic Dominance and the fact that SD-efficiency of a lottery only depends on the support. The entry also provides convenient commands to define Preference Profiles, prove their well-formedness, and automatically derive restrictions that sufficiently nice SDSs need to satisfy on the defined profiles. Currently, the formalisation focuses on weak preferences and Stochastic Dominance, but it should be easy to extend it to other domains – such as strict preferences – or other lottery extensions – such as Bilinear Dominance or Pairwise Comparison.",
"authors": [
"Manuel Eberl"
],
"date": "2016-05-05",
- "id": 426,
+ "id": 431,
"link": "/entries/Randomised_Social_Choice.html",
"permalink": "/entries/Randomised_Social_Choice.html",
"shortname": "Randomised_Social_Choice",
"title": "Randomised Social Choice Theory",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 2
},
{
"abstract": "This entry defines the Bell numbers as the cardinality of set partitions for a carrier set of given size, and derives Spivey's generalized recurrence relation for Bell numbers following his elegant and intuitive combinatorial proof. \u003cp\u003e As the set construction for the combinatorial proof requires construction of three intermediate structures, the main difficulty of the formalization is handling the overall combinatorial argument in a structured way. The introduced proof structure allows us to compose the combinatorial argument from its subparts, and supports to keep track how the detailed proof steps are related to the overall argument. To obtain this structure, this entry uses set monad notation for the set construction's definition, introduces suitable predicates and rules, and follows a repeating structure in its Isar proof.",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-05-04",
- "id": 427,
+ "id": 432,
"link": "/entries/Bell_Numbers_Spivey.html",
"permalink": "/entries/Bell_Numbers_Spivey.html",
"shortname": "Bell_Numbers_Spivey",
"title": "Spivey's Generalized Recurrence for Bell Numbers",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 2
},
{
"abstract": "This formalisation contains the proof that there is no anonymous and neutral Social Decision Scheme for at least four voters and alternatives that fulfils both SD-Efficiency and SD-Strategy- Proofness. The proof is a fully structured and quasi-human-redable one. It was derived from the (unstructured) SMT proof of the case for exactly four voters and alternatives by Brandl et al. Their proof relies on an unverified translation of the original problem to SMT, and the proof that lifts the argument for exactly four voters and alternatives to the general case is also not machine-checked. In this Isabelle proof, on the other hand, all of these steps are fully proven and machine-checked. This is particularly important seeing as a previously published informal proof of a weaker statement contained a mistake in precisely this lifting step.",
"authors": [
"Manuel Eberl"
],
"date": "2016-05-04",
- "id": 428,
+ "id": 433,
"link": "/entries/SDS_Impossibility.html",
"permalink": "/entries/SDS_Impossibility.html",
"shortname": "SDS_Impossibility",
"title": "The Incompatibility of SD-Efficiency and SD-Strategy-Proofness",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "This formalization is concerned with the theory of Gröbner bases in (commutative) multivariate polynomial rings over fields, originally developed by Buchberger in his 1965 PhD thesis. Apart from the statement and proof of the main theorem of the theory, the formalization also implements Buchberger's algorithm for actually computing Gröbner bases as a tail-recursive function, thus allowing to effectively decide ideal membership in finitely generated polynomial ideals. Furthermore, all functions can be executed on a concrete representation of multivariate polynomials as association lists.",
"authors": [
"Fabian Immler",
"Alexander Maletzky"
],
"date": "2016-05-02",
- "id": 429,
+ "id": 434,
"link": "/entries/Groebner_Bases.html",
"permalink": "/entries/Groebner_Bases.html",
"shortname": "Groebner_Bases",
"title": "Gröbner Bases Theory",
"topic_links": [
"mathematics/algebra",
"computer-science/algorithms/mathematical"
],
"topics": [
"Mathematics/Algebra",
"Computer science/Algorithms/Mathematical"
],
"used_by": 4
},
{
"abstract": "We provide a formal proof within First Order Relativity Theory that no observer can travel faster than the speed of light. Originally reported in Stannett \u0026 Németi (2014) \"Using Isabelle/HOL to verify first-order relativity theory\", Journal of Automated Reasoning 52(4), pp. 361-378.",
"authors": [
"Mike Stannett",
"István Németi"
],
"date": "2016-04-28",
- "id": 430,
+ "id": 435,
"link": "/entries/No_FTL_observers.html",
"permalink": "/entries/No_FTL_observers.html",
"shortname": "No_FTL_observers",
"title": "No Faster-Than-Light Observers",
"topic_links": [
"mathematics/physics"
],
"topics": [
"Mathematics/Physics"
],
"used_by": 0
},
{
"abstract": "The theory provides a formalisation of the Cocke-Younger-Kasami algorithm (CYK for short), an approach to solving the word problem for context-free languages. CYK decides if a word is in the languages generated by a context-free grammar in Chomsky normal form. The formalized algorithm is executable.",
"authors": [
"Maksym Bortin"
],
"date": "2016-04-27",
- "id": 431,
+ "id": 436,
"link": "/entries/CYK.html",
"permalink": "/entries/CYK.html",
"shortname": "CYK",
"title": "A formalisation of the Cocke-Younger-Kasami algorithm",
"topic_links": [
"computer-science/algorithms",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "We present a verified and executable implementation of ROBDDs in Isabelle/HOL. Our implementation relates pointer-based computation in the Heap monad to operations on an abstract definition of boolean functions. Internally, we implemented the if-then-else combinator in a recursive fashion, following the Shannon decomposition of the argument functions. The implementation mixes and adapts known techniques and is built with efficiency in mind.",
"authors": [
"Julius Michaelis",
"Max W. Haslbeck",
"Peter Lammich",
"Lars Hupel"
],
"date": "2016-04-27",
- "id": 432,
+ "id": 437,
"link": "/entries/ROBDD.html",
"permalink": "/entries/ROBDD.html",
"shortname": "ROBDD",
"title": "Algorithms for Reduced Ordered Binary Decision Diagrams",
"topic_links": [
"computer-science/algorithms",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eIn his outstanding work on Communicating Sequential Processes, Hoare has defined two fundamental binary operations allowing to compose the input processes into another, typically more complex, process: sequential composition and concurrent composition. Particularly, the output of the former operation is a process that initially behaves like the first operand, and then like the second operand once the execution of the first one has terminated successfully, as long as it does.\u003c/p\u003e \u003cp\u003eThis paper formalizes Hoare's definition of sequential composition and proves, in the general case of a possibly intransitive policy, that CSP noninterference security is conserved under this operation, provided that successful termination cannot be affected by confidential events and cannot occur as an alternative to other events in the traces of the first operand. Both of these assumptions are shown, by means of counterexamples, to be necessary for the theorem to hold.\u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2016-04-26",
- "id": 433,
+ "id": 438,
"link": "/entries/Noninterference_Sequential_Composition.html",
"permalink": "/entries/Noninterference_Sequential_Composition.html",
"shortname": "Noninterference_Sequential_Composition",
"title": "Conservation of CSP Noninterference Security under Sequential Composition",
"topic_links": [
"computer-science/security",
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Security",
"Computer science/Concurrency/Process calculi"
],
"used_by": 1
},
{
"abstract": "Kleene algebras with domain are Kleene algebras endowed with an operation that maps each element of the algebra to its domain of definition (or its complement) in abstract fashion. They form a simple algebraic basis for Hoare logics, dynamic logics or predicate transformer semantics. We formalise a modular hierarchy of algebras with domain and antidomain (domain complement) operations in Isabelle/HOL that ranges from domain and antidomain semigroups to modal Kleene algebras and divergence Kleene algebras. We link these algebras with models of binary relations and program traces. We include some examples from modal logics, termination and program analysis.",
"authors": [
"Victor B. F. Gomes",
"Walter Guttmann",
"Peter Höfner",
"Georg Struth",
"Tjark Weber"
],
"date": "2016-04-12",
- "id": 434,
+ "id": 439,
"link": "/entries/KAD.html",
"permalink": "/entries/KAD.html",
"shortname": "KAD",
"title": "Kleene Algebras with Domain",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/automata-and-formal-languages",
"mathematics/algebra"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Automata and formal languages",
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "We provide formal proofs in Isabelle-HOL (using mostly structured Isar proofs) of the soundness and completeness of the Resolution rule in propositional logic. The completeness proofs take into account the usual redundancy elimination rules (tautology elimination and subsumption), and several refinements of the Resolution rule are considered: ordered resolution (with selection functions), positive and negative resolution, semantic resolution and unit resolution (the latter refinement is complete only for clause sets that are Horn- renamable). We also define a concrete procedure for computing saturated sets and establish its soundness and completeness. The clause sets are not assumed to be finite, so that the results can be applied to formulas obtained by grounding sets of first-order clauses (however, a total ordering among atoms is assumed to be given). Next, we show that the unrestricted Resolution rule is deductive- complete, in the sense that it is able to generate all (prime) implicates of any set of propositional clauses (i.e., all entailment- minimal, non-valid, clausal consequences of the considered set). The generation of prime implicates is an important problem, with many applications in artificial intelligence and verification (for abductive reasoning, knowledge compilation, diagnosis, debugging etc.). We also show that implicates can be computed in an incremental way, by fixing an ordering among all the atoms in the considered sets and resolving upon these atoms one by one in the considered order (with no backtracking). This feature is critical for the efficient computation of prime implicates. Building on these results, we provide a procedure for computing such implicates and establish its soundness and completeness.",
"authors": [
"Nicolas Peltier"
],
"date": "2016-03-11",
- "id": 435,
+ "id": 440,
"link": "/entries/PropResPI.html",
"permalink": "/entries/PropResPI.html",
"shortname": "PropResPI",
"title": "Propositional Resolution and Prime Implicates Generation",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "The Cartan fixed point theorems concern the group of holomorphic automorphisms on a connected open set of C\u003csup\u003en\u003c/sup\u003e. Ciolli et al. have formalised the one-dimensional case of these theorems in HOL Light. This entry contains their proofs, ported to Isabelle/HOL. Thus it addresses the authors' remark that \"it would be important to write a formal proof in a language that can be read by both humans and machines\".",
"authors": [
"Lawrence C. Paulson"
],
"date": "2016-03-08",
- "id": 436,
+ "id": 441,
"link": "/entries/Cartan_FP.html",
"permalink": "/entries/Cartan_FP.html",
"shortname": "Cartan_FP",
"title": "The Cartan Fixed Point Theorems",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "Timed automata are a widely used formalism for modeling real-time systems, which is employed in a class of successful model checkers such as UPPAAL [LPY97], HyTech [HHWt97] or Kronos [Yov97]. This work formalizes the theory for the subclass of diagonal-free timed automata, which is sufficient to model many interesting problems. We first define the basic concepts and semantics of diagonal-free timed automata. Based on this, we prove two types of decidability results for the language emptiness problem. The first is the classic result of Alur and Dill [AD90, AD94], which uses a finite partitioning of the state space into so-called `regions`. Our second result focuses on an approach based on `Difference Bound Matrices (DBMs)`, which is practically used by model checkers. We prove the correctness of the basic forward analysis operations on DBMs. One of these operations is the Floyd-Warshall algorithm for the all-pairs shortest paths problem. To obtain a finite search space, a widening operation has to be used for this kind of analysis. We use Patricia Bouyer's [Bou04] approach to prove that this widening operation is correct in the sense that DBM-based forward analysis in combination with the widening operation also decides language emptiness. The interesting property of this proof is that the first decidability result is reused to obtain the second one.",
"authors": [
"Simon Wimmer"
],
"date": "2016-03-08",
- "id": 437,
+ "id": 442,
"link": "/entries/Timed_Automata.html",
"permalink": "/entries/Timed_Automata.html",
"shortname": "Timed_Automata",
"title": "Timed Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "This theory provides a formalisation of linear temporal logic (LTL) and unifies previous formalisations within the AFP. This entry establishes syntax and semantics for this logic and decouples it from existing entries, yielding a common environment for theories reasoning about LTL. Furthermore a parser written in SML and an executable simplifier are provided.",
"authors": [
"Salomon Sickert"
],
"date": "2016-03-01",
- "id": 438,
+ "id": 443,
"link": "/entries/LTL.html",
"permalink": "/entries/LTL.html",
"shortname": "LTL",
"title": "Linear Temporal Logic",
"topic_links": [
"logic/general-logic/temporal-logic",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Logic/General logic/Temporal logic",
"Computer science/Automata and formal languages"
],
"used_by": 6
},
{
"abstract": "\u003cp\u003e These theories formalize the quantitative analysis of a number of classical algorithms for the list update problem: 2-competitiveness of move-to-front, the lower bound of 2 for the competitiveness of deterministic list update algorithms and 1.6-competitiveness of the randomized COMB algorithm, the best randomized list update algorithm known to date. The material is based on the first two chapters of \u003ci\u003eOnline Computation and Competitive Analysis\u003c/i\u003e by Borodin and El-Yaniv. \u003c/p\u003e \u003cp\u003e For an informal description see the FSTTCS 2016 publication \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/fsttcs16.html\"\u003eVerified Analysis of List Update Algorithms\u003c/a\u003e by Haslbeck and Nipkow. \u003c/p\u003e",
"authors": [
"Maximilian P. L. Haslbeck",
"Tobias Nipkow"
],
"date": "2016-02-17",
- "id": 439,
+ "id": 444,
"link": "/entries/List_Update.html",
"permalink": "/entries/List_Update.html",
"shortname": "List_Update",
"title": "Analysis of List Update Algorithms",
"topic_links": [
"computer-science/algorithms/online"
],
"topics": [
"Computer science/Algorithms/Online"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e We define a functional variant of the static single assignment (SSA) form construction algorithm described by \u003ca href=\"https://doi.org/10.1007/978-3-642-37051-9_6\"\u003eBraun et al.\u003c/a\u003e, which combines simplicity and efficiency. The definition is based on a general, abstract control flow graph representation using Isabelle locales. \u003c/p\u003e \u003cp\u003e We prove that the algorithm's output is semantically equivalent to the input according to a small-step semantics, and that it is in minimal SSA form for the common special case of reducible inputs. We then show the satisfiability of the locale assumptions by giving instantiations for a simple While language. \u003c/p\u003e \u003cp\u003e Furthermore, we use a generic instantiation based on typedefs in order to extract OCaml code and replace the unverified SSA construction algorithm of the \u003ca href=\"https://doi.org/10.1145/2579080\"\u003eCompCertSSA project\u003c/a\u003e with it. \u003c/p\u003e \u003cp\u003e A more detailed description of the verified SSA construction can be found in the paper \u003ca href=\"https://doi.org/10.1145/2892208.2892211\"\u003eVerified Construction of Static Single Assignment Form\u003c/a\u003e, CC 2016. \u003c/p\u003e",
"authors": [
"Sebastian Ullrich",
"Denis Lohner"
],
"date": "2016-02-05",
- "id": 440,
+ "id": 445,
"link": "/entries/Formal_SSA.html",
"permalink": "/entries/Formal_SSA.html",
"shortname": "Formal_SSA",
"title": "Verified Construction of Static Single Assignment Form",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 1
},
{
"abstract": "Based on existing libraries for polynomial interpolation and matrices, we formalized several factorization algorithms for polynomials, including Kronecker's algorithm for integer polynomials, Yun's square-free factorization algorithm for field polynomials, and Berlekamp's algorithm for polynomials over finite fields. By combining the last one with Hensel's lifting, we derive an efficient factorization algorithm for the integer polynomials, which is then lifted for rational polynomials by mechanizing Gauss' lemma. Finally, we assembled a combined factorization algorithm for rational polynomials, which combines all the mentioned algorithms and additionally uses the explicit formula for roots of quadratic polynomials and a rational root test. \u003cp\u003e As side products, we developed division algorithms for polynomials over integral domains, as well as primality-testing and prime-factorization algorithms for integers.",
"authors": [
"René Thiemann",
"Akihisa Yamada"
],
"date": "2016-01-29",
- "id": 441,
+ "id": 446,
"link": "/entries/Polynomial_Factorization.html",
"permalink": "/entries/Polynomial_Factorization.html",
"shortname": "Polynomial_Factorization",
"title": "Polynomial Factorization",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 12
},
{
"abstract": "We formalized three algorithms for polynomial interpolation over arbitrary fields: Lagrange's explicit expression, the recursive algorithm of Neville and Aitken, and the Newton interpolation in combination with an efficient implementation of divided differences. Variants of these algorithms for integer polynomials are also available, where sometimes the interpolation can fail; e.g., there is no linear integer polynomial \u003ci\u003ep\u003c/i\u003e such that \u003ci\u003ep(0) = 0\u003c/i\u003e and \u003ci\u003ep(2) = 1\u003c/i\u003e. Moreover, for the Newton interpolation for integer polynomials, we proved that all intermediate results that are computed during the algorithm must be integers. This admits an early failure detection in the implementation. Finally, we proved the uniqueness of polynomial interpolation. \u003cp\u003e The development also contains improved code equations to speed up the division of integers in target languages.",
"authors": [
"René Thiemann",
"Akihisa Yamada"
],
"date": "2016-01-29",
- "id": 442,
+ "id": 447,
"link": "/entries/Polynomial_Interpolation.html",
"permalink": "/entries/Polynomial_Interpolation.html",
"shortname": "Polynomial_Interpolation",
"title": "Polynomial Interpolation",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 7
},
{
"abstract": "This work contains a formalization of some topics in knot theory. The concepts that were formalized include definitions of tangles, links, framed links and link/tangle equivalence. The formalization is based on a formulation of links in terms of tangles. We further construct and prove the invariance of the Bracket polynomial. Bracket polynomial is an invariant of framed links closely linked to the Jones polynomial. This is perhaps the first attempt to formalize any aspect of knot theory in an interactive proof assistant.",
"authors": [
"T.V.H. Prathamesh"
],
"date": "2016-01-20",
- "id": 443,
+ "id": 448,
"link": "/entries/Knot_Theory.html",
"permalink": "/entries/Knot_Theory.html",
"shortname": "Knot_Theory",
"title": "Knot Theory",
"topic_links": [
"mathematics/topology"
],
"topics": [
"Mathematics/Topology"
],
"used_by": 0
},
{
"abstract": "In this work, the Kronecker tensor product of matrices and the proofs of some of its properties are formalized. Properties which have been formalized include associativity of the tensor product and the mixed-product property.",
"authors": [
"T.V.H. Prathamesh"
],
"date": "2016-01-18",
- "id": 444,
+ "id": 449,
"link": "/entries/Matrix_Tensor.html",
"permalink": "/entries/Matrix_Tensor.html",
"shortname": "Matrix_Tensor",
"title": "Tensor Product of Matrices",
"topic_links": [
"computer-science/data-structures",
"mathematics/algebra"
],
"topics": [
"Computer science/Data structures",
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "This entry provides a basic library for number partitions, defines the two-argument partition function through its recurrence relation and relates this partition function to the cardinality of number partitions. The main proof shows that the recursively-defined partition function with arguments n and k equals the cardinality of number partitions of n with exactly k parts. The combinatorial proof follows the proof sketch of Theorem 2.4.1 in Mazur's textbook `Combinatorics: A Guided Tour`. This entry can serve as starting point for various more intrinsic properties about number partitions, the partition function and related recurrence relations.",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-01-14",
- "id": 445,
+ "id": 450,
"link": "/entries/Card_Number_Partitions.html",
"permalink": "/entries/Card_Number_Partitions.html",
"shortname": "Card_Number_Partitions",
"title": "Cardinality of Number Partitions",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003e This entry contains a definition of angles between vectors and between three points. Building on this, we prove basic geometric properties of triangles, such as the Isosceles Triangle Theorem, the Law of Sines and the Law of Cosines, that the sum of the angles of a triangle is π, and the congruence theorems for triangles. \u003c/p\u003e\u003cp\u003e The definitions and proofs were developed following those by John Harrison in HOL Light. However, due to Isabelle's type class system, all definitions and theorems in the Isabelle formalisation hold for all real inner product spaces. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2015-12-28",
- "id": 446,
+ "id": 451,
"link": "/entries/Triangle.html",
"permalink": "/entries/Triangle.html",
"shortname": "Triangle",
"title": "Basic Geometric Properties of Triangles",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 3
},
{
"abstract": "\u003cp\u003e Descartes' Rule of Signs relates the number of positive real roots of a polynomial with the number of sign changes in its coefficient sequence. \u003c/p\u003e\u003cp\u003e Our proof follows the simple inductive proof given by Rob Arthan, which was also used by John Harrison in his HOL Light formalisation. We proved most of the lemmas for arbitrary linearly-ordered integrity domains (e.g. integers, rationals, reals); the main result, however, requires the intermediate value theorem and was therefore only proven for real polynomials. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2015-12-28",
- "id": 447,
+ "id": 452,
"link": "/entries/Descartes_Sign_Rule.html",
"permalink": "/entries/Descartes_Sign_Rule.html",
"shortname": "Descartes_Sign_Rule",
"title": "Descartes' Rule of Signs",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e Liouville numbers are a class of transcendental numbers that can be approximated particularly well with rational numbers. Historically, they were the first numbers whose transcendence was proven. \u003c/p\u003e\u003cp\u003e In this entry, we define the concept of Liouville numbers as well as the standard construction to obtain Liouville numbers (including Liouville's constant) and we prove their most important properties: irrationality and transcendence. \u003c/p\u003e\u003cp\u003e The proof is very elementary and requires only standard arithmetic, the Mean Value Theorem for polynomials, and the boundedness of polynomials on compact intervals. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2015-12-28",
- "id": 448,
+ "id": 453,
"link": "/entries/Liouville_Numbers.html",
"permalink": "/entries/Liouville_Numbers.html",
"shortname": "Liouville_Numbers",
"title": "Liouville numbers",
"topic_links": [
"mathematics/analysis",
"mathematics/number-theory"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e In this work, we prove the lower bound \u003cspan class=\"nobr\"\u003eln(H_n) - ln(5/3)\u003c/span\u003e for the partial sum of the Prime Harmonic series and, based on this, the divergence of the Prime Harmonic Series \u003cspan class=\"nobr\"\u003e∑[p\u0026thinsp;prime]\u0026thinsp;·\u0026thinsp;1/p.\u003c/span\u003e \u003c/p\u003e\u003cp\u003e The proof relies on the unique squarefree decomposition of natural numbers. This is similar to Euler's original proof (which was highly informal and morally questionable). Its advantage over proofs by contradiction, like the famous one by Paul Erdős, is that it provides a relatively good lower bound for the partial sums. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2015-12-28",
- "id": 449,
+ "id": 454,
"link": "/entries/Prime_Harmonic_Series.html",
"permalink": "/entries/Prime_Harmonic_Series.html",
"shortname": "Prime_Harmonic_Series",
"title": "The Divergence of the Prime Harmonic Series",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "Based on existing libraries for matrices, factorization of rational polynomials, and Sturm's theorem, we formalized algebraic numbers in Isabelle/HOL. Our development serves as an implementation for real and complex numbers, and it admits to compute roots and completely factorize real and complex polynomials, provided that all coefficients are rational numbers. Moreover, we provide two implementations to display algebraic numbers, an injective and expensive one, or a faster but approximative version. \u003c/p\u003e\u003cp\u003e To this end, we mechanized several results on resultants, which also required us to prove that polynomials over a unique factorization domain form again a unique factorization domain. \u003c/p\u003e",
"authors": [
"René Thiemann",
"Akihisa Yamada",
"Sebastiaan J. C. Joosten"
],
"date": "2015-12-22",
- "id": 450,
+ "id": 455,
"link": "/entries/Algebraic_Numbers.html",
"permalink": "/entries/Algebraic_Numbers.html",
"shortname": "Algebraic_Numbers",
"title": "Algebraic Numbers in Isabelle/HOL",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 6
},
{
"abstract": "Applicative functors augment computations with effects by lifting function application to types which model the effects. As the structure of the computation cannot depend on the effects, applicative expressions can be analysed statically. This allows us to lift universally quantified equations to the effectful types, as observed by Hinze. Thus, equational reasoning over effectful computations can be reduced to pure types. \u003c/p\u003e\u003cp\u003e This entry provides a package for registering applicative functors and two proof methods for lifting of equations over applicative functors. The first method normalises applicative expressions according to the laws of applicative functors. This way, equations whose two sides contain the same list of variables can be lifted to every applicative functor. \u003c/p\u003e\u003cp\u003e To lift larger classes of equations, the second method exploits a number of additional properties (e.g., commutativity of effects) provided the properties have been declared for the concrete applicative functor at hand upon registration. \u003c/p\u003e\u003cp\u003e We declare several types from the Isabelle library as applicative functors and illustrate the use of the methods with two examples: the lifting of the arithmetic type class hierarchy to streams and the verification of a relabelling function on binary trees. We also formalise and verify the normalisation algorithm used by the first proof method. \u003c/p\u003e",
"authors": [
"Andreas Lochbihler",
"Joshua Schneider"
],
"date": "2015-12-22",
- "id": 451,
+ "id": 456,
"link": "/entries/Applicative_Lifting.html",
"permalink": "/entries/Applicative_Lifting.html",
"shortname": "Applicative_Lifting",
"title": "Applicative Lifting",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 4
},
{
"abstract": "The Stern-Brocot tree contains all rational numbers exactly once and in their lowest terms. We formalise the Stern-Brocot tree as a coinductive tree using recursive and iterative specifications, which we have proven equivalent, and show that it indeed contains all the numbers as stated. Following Hinze, we prove that the Stern-Brocot tree can be linearised looplessly into Stern's diatonic sequence (also known as Dijkstra's fusc function) and that it is a permutation of the Bird tree. \u003c/p\u003e\u003cp\u003e The reasoning stays at an abstract level by appealing to the uniqueness of solutions of guarded recursive equations and lifting algebraic laws point-wise to trees and streams using applicative functors. \u003c/p\u003e",
"authors": [
"Peter Gammie",
"Andreas Lochbihler"
],
"date": "2015-12-22",
- "id": 452,
+ "id": 457,
"link": "/entries/Stern_Brocot.html",
"permalink": "/entries/Stern_Brocot.html",
"shortname": "Stern_Brocot",
"title": "The Stern-Brocot Tree",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "The theory's main theorem states that the cardinality of set partitions of size k on a carrier set of size n is expressed by Stirling numbers of the second kind. In Isabelle, Stirling numbers of the second kind are defined in the AFP entry `Discrete Summation` through their well-known recurrence relation. The main theorem relates them to the alternative definition as cardinality of set partitions. The proof follows the simple and short explanation in Richard P. Stanley's `Enumerative Combinatorics: Volume 1` and Wikipedia, and unravels the full details and implicit reasoning steps of these explanations.",
"authors": [
"Lukas Bulwahn"
],
"date": "2015-12-12",
- "id": 453,
+ "id": 458,
"link": "/entries/Card_Partitions.html",
"permalink": "/entries/Card_Partitions.html",
"shortname": "Card_Partitions",
"title": "Cardinality of Set Partitions",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 4
},
{
"abstract": "A Latin Square is a n x n table filled with integers from 1 to n where each number appears exactly once in each row and each column. A Latin Rectangle is a partially filled n x n table with r filled rows and n-r empty rows, such that each number appears at most once in each row and each column. The main result of this theory is that any Latin Rectangle can be completed to a Latin Square.",
"authors": [
"Alexander Bentkamp"
],
"date": "2015-12-02",
- "id": 454,
+ "id": 459,
"link": "/entries/Latin_Square.html",
"permalink": "/entries/Latin_Square.html",
"shortname": "Latin_Square",
"title": "Latin Square",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "Ergodic theory is the branch of mathematics that studies the behaviour of measure preserving transformations, in finite or infinite measure. It interacts both with probability theory (mainly through measure theory) and with geometry as a lot of interesting examples are from geometric origin. We implement the first definitions and theorems of ergodic theory, including notably Poicaré recurrence theorem for finite measure preserving systems (together with the notion of conservativity in general), induced maps, Kac's theorem, Birkhoff theorem (arguably the most important theorem in ergodic theory), and variations around it such as conservativity of the corresponding skew product, or Atkinson lemma.",
"authors": [
"Sebastien Gouezel"
],
"date": "2015-12-01",
- "id": 455,
+ "id": 460,
"link": "/entries/Ergodic_Theory.html",
"permalink": "/entries/Ergodic_Theory.html",
"shortname": "Ergodic_Theory",
"title": "Ergodic Theory",
"topic_links": [
"mathematics/probability-theory"
],
"topics": [
"Mathematics/Probability theory"
],
"used_by": 4
},
{
"abstract": "Euler's Partition Theorem states that the number of partitions with only distinct parts is equal to the number of partitions with only odd parts. The combinatorial proof follows John Harrison's HOL Light formalization. This theorem is the 45th theorem of the Top 100 Theorems list.",
"authors": [
"Lukas Bulwahn"
],
"date": "2015-11-19",
- "id": 456,
+ "id": 461,
"link": "/entries/Euler_Partition.html",
"permalink": "/entries/Euler_Partition.html",
"shortname": "Euler_Partition",
"title": "Euler's Partition Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "We formalize the Tortoise and Hare cycle-finding algorithm ascribed to Floyd by Knuth, and an improved version due to Brent.",
"authors": [
"Peter Gammie"
],
"date": "2015-11-18",
- "id": 457,
+ "id": 462,
"link": "/entries/TortoiseHare.html",
"permalink": "/entries/TortoiseHare.html",
"shortname": "TortoiseHare",
"title": "The Tortoise and Hare Algorithm",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This development provides a formalization of planarity based on combinatorial maps and proves that Kuratowski's theorem implies combinatorial planarity. Moreover, it contains verified implementations of programs checking certificates for planarity (i.e., a combinatorial map) or non-planarity (i.e., a Kuratowski subgraph).",
"authors": [
"Lars Noschinski"
],
"date": "2015-11-11",
- "id": 458,
+ "id": 463,
"link": "/entries/Planarity_Certificates.html",
"permalink": "/entries/Planarity_Certificates.html",
"shortname": "Planarity_Certificates",
"title": "Planarity Certificates",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "We present a formalization of parity games (a two-player game on directed graphs) and a proof of their positional determinacy in Isabelle/HOL. This proof works for both finite and infinite games.",
"authors": [
"Christoph Dittmann"
],
"date": "2015-11-02",
- "id": 459,
+ "id": 464,
"link": "/entries/Parity_Game.html",
"permalink": "/entries/Parity_Game.html",
"shortname": "Parity_Game",
"title": "Positional Determinacy of Parity Games",
"topic_links": [
"mathematics/games-and-economics",
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Games and economics",
"Mathematics/Graph theory"
],
"used_by": 1
},
{
"abstract": "We represent a theory \u003ci\u003eof\u003c/i\u003e (a fragment of) Isabelle/HOL \u003ci\u003ein\u003c/i\u003e Isabelle/HOL. The purpose of this exercise is to write packages for domain-specific specifications such as class models, B-machines, ..., and generally speaking, any domain-specific languages whose abstract syntax can be defined by a HOL \"datatype\". On this basis, the Isabelle code-generator can then be used to generate code for global context transformations as well as tactic code. \u003cp\u003e Consequently the package is geared towards parsing, printing and code-generation to the Isabelle API. It is at the moment not sufficiently rich for doing meta theory on Isabelle itself. Extensions in this direction are possible though. \u003cp\u003e Moreover, the chosen fragment is fairly rudimentary. However it should be easily adapted to one's needs if a package is written on top of it. The supported API contains types, terms, transformation of global context like definitions and data-type declarations as well as infrastructure for Isar-setups. \u003cp\u003e This theory is drawn from the \u003ca href=\"http://isa-afp.org/entries/Featherweight_OCL.html\"\u003eFeatherweight OCL\u003c/a\u003e project where it is used to construct a package for object-oriented data-type theories generated from UML class diagrams. The Featherweight OCL, for example, allows for both the direct execution of compiled tactic code by the Isabelle API as well as the generation of \".thy\"-files for debugging purposes. \u003cp\u003e Gained experience from this project shows that the compiled code is sufficiently efficient for practical purposes while being based on a formal \u003ci\u003emodel\u003c/i\u003e on which properties of the package can be proven such as termination of certain transformations, correctness, etc.",
"authors": [
"Frédéric Tuong",
"Burkhart Wolff"
],
"date": "2015-09-16",
- "id": 460,
+ "id": 465,
"link": "/entries/Isabelle_Meta_Model.html",
"permalink": "/entries/Isabelle_Meta_Model.html",
"shortname": "Isabelle_Meta_Model",
"title": "A Meta-Model for the Isabelle API",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "Recently, Javier Esparza and Jan Kretinsky proposed a new method directly translating linear temporal logic (LTL) formulas to deterministic (generalized) Rabin automata. Compared to the existing approaches of constructing a non-deterministic Buechi-automaton in the first step and then applying a determinization procedure (e.g. some variant of Safra's construction) in a second step, this new approach preservers a relation between the formula and the states of the resulting automaton. While the old approach produced a monolithic structure, the new method is compositional. Furthermore, in some cases the resulting automata are much smaller than the automata generated by existing approaches. In order to ensure the correctness of the construction, this entry contains a complete formalisation and verification of the translation. Furthermore from this basis executable code is generated.",
"authors": [
"Salomon Sickert"
],
"date": "2015-09-04",
- "id": 461,
+ "id": 466,
"link": "/entries/LTL_to_DRA.html",
"permalink": "/entries/LTL_to_DRA.html",
"shortname": "LTL_to_DRA",
"title": "Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e Matrix interpretations are useful as measure functions in termination proving. In order to use these interpretations also for complexity analysis, the growth rate of matrix powers has to examined. Here, we formalized a central result of spectral radius theory, namely that the growth rate is polynomially bounded if and only if the spectral radius of a matrix is at most one. \u003c/p\u003e\u003cp\u003e To formally prove this result we first studied the growth rates of matrices in Jordan normal form, and prove the result that every complex matrix has a Jordan normal form using a constructive prove via Schur decomposition. \u003c/p\u003e\u003cp\u003e The whole development is based on a new abstract type for matrices, which is also executable by a suitable setup of the code generator. It completely subsumes our former AFP-entry on executable matrices, and its main advantage is its close connection to the HMA-representation which allowed us to easily adapt existing proofs on determinants. \u003c/p\u003e\u003cp\u003e All the results have been applied to improve CeTA, our certifier to validate termination and complexity proof certificates. \u003c/p\u003e",
"authors": [
"René Thiemann",
"Akihisa Yamada"
],
"date": "2015-08-21",
- "id": 462,
+ "id": 467,
"link": "/entries/Jordan_Normal_Form.html",
"permalink": "/entries/Jordan_Normal_Form.html",
"shortname": "Jordan_Normal_Form",
"title": "Matrices, Jordan Normal Forms, and Spectral Radius Theory",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 12
},
{
"abstract": "This theory formalizes the commutation version of decreasing diagrams for Church-Rosser modulo. The proof follows Felgenhauer and van Oostrom (RTA 2013). The theory also provides important specializations, in particular van Oostrom’s conversion version (TCS 2008) of decreasing diagrams.",
"authors": [
"Bertram Felgenhauer"
],
"date": "2015-08-20",
- "id": 463,
+ "id": 468,
"link": "/entries/Decreasing-Diagrams-II.html",
"permalink": "/entries/Decreasing-Diagrams-II.html",
"shortname": "Decreasing-Diagrams-II",
"title": "Decreasing Diagrams II",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e The necessary and sufficient condition for CSP noninterference security stated by the Ipurge Unwinding Theorem is expressed in terms of a pair of event lists varying over the set of process traces. This does not render it suitable for the subsequent application of rule induction in the case of a process defined inductively, since rule induction may rather be applied to a single variable ranging over an inductively defined set. \u003c/p\u003e\u003cp\u003e Starting from the Ipurge Unwinding Theorem, this paper derives a necessary and sufficient condition for CSP noninterference security that involves a single event list varying over the set of process traces, and is thus suitable for rule induction; hence its name, Inductive Unwinding Theorem. Similarly to the Ipurge Unwinding Theorem, the new theorem only requires to consider individual accepted and refused events for each process trace, and applies to the general case of a possibly intransitive noninterference policy. Specific variants of this theorem are additionally proven for deterministic processes and trace set processes. \u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2015-08-18",
- "id": 464,
+ "id": 469,
"link": "/entries/Noninterference_Inductive_Unwinding.html",
"permalink": "/entries/Noninterference_Inductive_Unwinding.html",
"shortname": "Noninterference_Inductive_Unwinding",
"title": "The Inductive Unwinding Theorem for CSP Noninterference Security",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "We provide a formal framework for the theory of representations of finite groups, as modules over the group ring. Along the way, we develop the general theory of groups (relying on the group_add class for the basics), modules, and vector spaces, to the extent required for theory of group representations. We then provide formal proofs of several important introductory theorems in the subject, including Maschke's theorem, Schur's lemma, and Frobenius reciprocity. We also prove that every irreducible representation is isomorphic to a submodule of the group ring, leading to the fact that for a finite group there are only finitely many isomorphism classes of irreducible representations. In all of this, no restriction is made on the characteristic of the ring or field of scalars until the definition of a group representation, and then the only restriction made is that the characteristic must not divide the order of the group.",
"authors": [
"Jeremy Sylvestre"
],
"date": "2015-08-12",
- "id": 465,
+ "id": 470,
"link": "/entries/Rep_Fin_Groups.html",
"permalink": "/entries/Rep_Fin_Groups.html",
"shortname": "Rep_Fin_Groups",
"title": "Representations of Finite Groups",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "Encodings or the proof of their absence are the main way to compare process calculi. To analyse the quality of encodings and to rule out trivial or meaningless encodings, they are augmented with quality criteria. There exists a bunch of different criteria and different variants of criteria in order to reason in different settings. This leads to incomparable results. Moreover it is not always clear whether the criteria used to obtain a result in a particular setting do indeed fit to this setting. We show how to formally reason about and compare encodability criteria by mapping them on requirements on a relation between source and target terms that is induced by the encoding function. In particular we analyse the common criteria full abstraction, operational correspondence, divergence reflection, success sensitiveness, and respect of barbs; e.g. we analyse the exact nature of the simulation relation (coupled simulation versus bisimulation) that is induced by different variants of operational correspondence. This way we reduce the problem of analysing or comparing encodability criteria to the better understood problem of comparing relations on processes.",
"authors": [
"Kirstin Peters",
"Rob van Glabbeek"
],
"date": "2015-08-10",
- "id": 466,
+ "id": 471,
"link": "/entries/Encodability_Process_Calculi.html",
"permalink": "/entries/Encodability_Process_Calculi.html",
"shortname": "Encodability_Process_Calculi",
"title": "Analysing and Comparing Encodability Criteria for Process Calculi",
"topic_links": [
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "Isabelle/Isar provides named cases to structure proofs. This article contains an implementation of a proof method \u003ctt\u003ecasify\u003c/tt\u003e, which can be used to easily extend proof tools with support for named cases. Such a proof tool must produce labeled subgoals, which are then interpreted by \u003ctt\u003ecasify\u003c/tt\u003e. \u003cp\u003e As examples, this work contains verification condition generators producing named cases for three languages: The Hoare language from \u003ctt\u003eHOL/Library\u003c/tt\u003e, a monadic language for computations with failure (inspired by the AutoCorres tool), and a language of conditional expressions. These VCGs are demonstrated by a number of example programs.",
"authors": [
"Lars Noschinski"
],
"date": "2015-07-21",
- "id": 467,
+ "id": 472,
"link": "/entries/Case_Labeling.html",
"permalink": "/entries/Case_Labeling.html",
"shortname": "Case_Labeling",
"title": "Generating Cases from Labeled Subgoals",
"topic_links": [
"tools",
"computer-science/programming-languages/misc"
],
"topics": [
"Tools",
"Computer science/Programming languages/Misc"
],
"used_by": 1
},
{
"abstract": "This entry provides Landau symbols to describe and reason about the asymptotic growth of functions for sufficiently large inputs. A number of simplification procedures are provided for additional convenience: cancelling of dominated terms in sums under a Landau symbol, cancelling of common factors in products, and a decision procedure for Landau expressions containing products of powers of functions like x, ln(x), ln(ln(x)) etc.",
"authors": [
"Manuel Eberl"
],
"date": "2015-07-14",
- "id": 468,
+ "id": 473,
"link": "/entries/Landau_Symbols.html",
"permalink": "/entries/Landau_Symbols.html",
"shortname": "Landau_Symbols",
"title": "Landau Symbols",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 11
},
{
"abstract": "This article contains a formalisation of the Akra-Bazzi method based on a proof by Leighton. It is a generalisation of the well-known Master Theorem for analysing the complexity of Divide \u0026 Conquer algorithms. We also include a generalised version of the Master theorem based on the Akra-Bazzi theorem, which is easier to apply than the Akra-Bazzi theorem itself. \u003cp\u003e Some proof methods that facilitate applying the Master theorem are also included. For a more detailed explanation of the formalisation and the proof methods, see the accompanying paper (publication forthcoming).",
"authors": [
"Manuel Eberl"
],
"date": "2015-07-14",
- "id": 469,
+ "id": 474,
"link": "/entries/Akra_Bazzi.html",
"permalink": "/entries/Akra_Bazzi.html",
"shortname": "Akra_Bazzi",
"title": "The Akra-Bazzi theorem and the Master theorem",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "Hermite Normal Form is a canonical matrix analogue of Reduced Echelon Form, but involving matrices over more general rings. In this work we formalise an algorithm to compute the Hermite Normal Form of a matrix by means of elementary row operations, taking advantage of the Echelon Form AFP entry. We have proven the correctness of such an algorithm and refined it to immutable arrays. Furthermore, we have also formalised the uniqueness of the Hermite Normal Form of a matrix. Code can be exported and some examples of execution involving integer matrices and polynomial matrices are presented as well.",
"authors": [
"Jose Divasón",
"Jesús Aransay"
],
"date": "2015-07-07",
- "id": 470,
+ "id": 475,
"link": "/entries/Hermite.html",
"permalink": "/entries/Hermite.html",
"shortname": "Hermite",
"title": "Hermite Normal Form",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "The Derangements Formula describes the number of fixpoint-free permutations as a closed formula. This theorem is the 88th theorem in a list of the ``\u003ca href=\"http://www.cs.ru.nl/~freek/100/\"\u003eTop 100 Mathematical Theorems\u003c/a\u003e''.",
"authors": [
"Lukas Bulwahn"
],
"date": "2015-06-27",
- "id": 471,
+ "id": 476,
"link": "/entries/Derangements.html",
"permalink": "/entries/Derangements.html",
"shortname": "Derangements",
"title": "Derangements Formula",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "Binary multirelations associate elements of a set with its subsets; hence they are binary relations from a set to its power set. Applications include alternating automata, models and logics for games, program semantics with dual demonic and angelic nondeterministic choices and concurrent dynamic logics. This proof document supports an arXiv article that formalises the basic algebra of multirelations and proposes axiom systems for them, ranging from weak bi-monoids to weak bi-quantales.",
"authors": [
"Hitoshi Furusawa",
"Georg Struth"
],
"date": "2015-06-11",
- "id": 472,
+ "id": 477,
"link": "/entries/Multirelations.html",
"permalink": "/entries/Multirelations.html",
"shortname": "Multirelations",
"title": "Binary Multirelations",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e Among the various mathematical tools introduced in his outstanding work on Communicating Sequential Processes, Hoare has defined \"interleaves\" as the predicate satisfied by any three lists such that the first list may be split into sublists alternately extracted from the other two ones, whatever is the criterion for extracting an item from either one list or the other in each step. \u003c/p\u003e\u003cp\u003e This paper enriches Hoare's definition by identifying such criterion with the truth value of a predicate taking as inputs the head and the tail of the first list. This enhanced \"interleaves\" predicate turns out to permit the proof of equalities between lists without the need of an induction. Some rules that allow to infer \"interleaves\" statements without induction, particularly applying to the addition or removal of a prefix to the input lists, are also proven. Finally, a stronger version of the predicate, named \"Interleaves\", is shown to fulfil further rules applying to the addition or removal of a suffix to the input lists. \u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2015-06-11",
- "id": 473,
+ "id": 478,
"link": "/entries/List_Interleaving.html",
"permalink": "/entries/List_Interleaving.html",
"shortname": "List_Interleaving",
"title": "Reasoning about Lists via List Interleaving",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e The classical definition of noninterference security for a deterministic state machine with outputs requires to consider the outputs produced by machine actions after any trace, i.e. any indefinitely long sequence of actions, of the machine. In order to render the verification of the security of such a machine more straightforward, there is a need of some sufficient condition for security such that just individual actions, rather than unbounded sequences of actions, have to be considered. \u003c/p\u003e\u003cp\u003e By extending previous results applying to transitive noninterference policies, Rushby has proven an unwinding theorem that provides a sufficient condition of this kind in the general case of a possibly intransitive policy. This condition has to be satisfied by a generic function mapping security domains into equivalence relations over machine states. \u003c/p\u003e\u003cp\u003e An analogous problem arises for CSP noninterference security, whose definition requires to consider any possible future, i.e. any indefinitely long sequence of subsequent events and any indefinitely large set of refused events associated to that sequence, for each process trace. \u003c/p\u003e\u003cp\u003e This paper provides a sufficient condition for CSP noninterference security, which indeed requires to just consider individual accepted and refused events and applies to the general case of a possibly intransitive policy. This condition follows Rushby's one for classical noninterference security, and has to be satisfied by a generic function mapping security domains into equivalence relations over process traces; hence its name, Generic Unwinding Theorem. Variants of this theorem applying to deterministic processes and trace set processes are also proven. Finally, the sufficient condition for security expressed by the theorem is shown not to be a necessary condition as well, viz. there exists a secure process such that no domain-relation map satisfying the condition exists. \u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2015-06-11",
- "id": 474,
+ "id": 479,
"link": "/entries/Noninterference_Generic_Unwinding.html",
"permalink": "/entries/Noninterference_Generic_Unwinding.html",
"shortname": "Noninterference_Generic_Unwinding",
"title": "The Generic Unwinding Theorem for CSP Noninterference Security",
"topic_links": [
"computer-science/security",
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Security",
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e The definition of noninterference security for Communicating Sequential Processes requires to consider any possible future, i.e. any indefinitely long sequence of subsequent events and any indefinitely large set of refused events associated to that sequence, for each process trace. In order to render the verification of the security of a process more straightforward, there is a need of some sufficient condition for security such that just individual accepted and refused events, rather than unbounded sequences and sets of events, have to be considered. \u003c/p\u003e\u003cp\u003e Of course, if such a sufficient condition were necessary as well, it would be even more valuable, since it would permit to prove not only that a process is secure by verifying that the condition holds, but also that a process is not secure by verifying that the condition fails to hold. \u003c/p\u003e\u003cp\u003e This paper provides a necessary and sufficient condition for CSP noninterference security, which indeed requires to just consider individual accepted and refused events and applies to the general case of a possibly intransitive policy. This condition follows Rushby's output consistency for deterministic state machines with outputs, and has to be satisfied by a specific function mapping security domains into equivalence relations over process traces. The definition of this function makes use of an intransitive purge function following Rushby's one; hence the name given to the condition, Ipurge Unwinding Theorem. \u003c/p\u003e\u003cp\u003e Furthermore, in accordance with Hoare's formal definition of deterministic processes, it is shown that a process is deterministic just in case it is a trace set process, i.e. it may be identified by means of a trace set alone, matching the set of its traces, in place of a failures-divergences pair. Then, variants of the Ipurge Unwinding Theorem are proven for deterministic processes and trace set processes. \u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2015-06-11",
- "id": 475,
+ "id": 480,
"link": "/entries/Noninterference_Ipurge_Unwinding.html",
"permalink": "/entries/Noninterference_Ipurge_Unwinding.html",
"shortname": "Noninterference_Ipurge_Unwinding",
"title": "The Ipurge Unwinding Theorem for CSP Noninterference Security",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 3
},
{
"abstract": "This article formalizes the amortized analysis of dynamic tables parameterized with their minimal and maximal load factors and the expansion and contraction factors. \u003cP\u003e A full description is found in a \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs\"\u003ecompanion paper\u003c/a\u003e.",
"authors": [
"Tobias Nipkow"
],
"date": "2015-06-07",
- "id": 476,
+ "id": 481,
"link": "/entries/Dynamic_Tables.html",
"permalink": "/entries/Dynamic_Tables.html",
"shortname": "Dynamic_Tables",
"title": "Parameterized Dynamic Tables",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "We formalize new decision procedures for WS1S, M2L(Str), and Presburger Arithmetics. Formulas of these logics denote regular languages. Unlike traditional decision procedures, we do \u003cem\u003enot\u003c/em\u003e translate formulas into automata (nor into regular expressions), at least not explicitly. Instead we devise notions of derivatives (inspired by Brzozowski derivatives for regular expressions) that operate on formulas directly and compute a syntactic bisimulation using these derivatives. The treatment of Boolean connectives and quantifiers is uniform for all mentioned logics and is abstracted into a locale. This locale is then instantiated by different atomic formulas and their derivatives (which may differ even for the same logic under different encodings of interpretations as formal words). \u003cp\u003e The WS1S instance is described in the draft paper \u003ca href=\"https://people.inf.ethz.ch/trayteld/papers/csl15-ws1s_derivatives/index.html\"\u003eA Coalgebraic Decision Procedure for WS1S\u003c/a\u003e by the author.",
"authors": [
"Dmitriy Traytel"
],
"date": "2015-05-28",
- "id": 477,
+ "id": 482,
"link": "/entries/Formula_Derivatives.html",
"permalink": "/entries/Formula_Derivatives.html",
"shortname": "Formula_Derivatives",
"title": "Derivatives of Logical Formulas",
"topic_links": [
"computer-science/automata-and-formal-languages",
"logic/general-logic/decidability-of-theories"
],
"topics": [
"Computer science/Automata and formal languages",
"Logic/General logic/Decidability of theories"
],
"used_by": 1
},
{
"abstract": "Numerous models of probabilistic systems are studied in the literature. Coalgebra has been used to classify them into system types and compare their expressiveness. We formalize the resulting hierarchy of probabilistic system types by modeling the semantics of the different systems as codatatypes. This approach yields simple and concise proofs, as bisimilarity coincides with equality for codatatypes. \u003cp\u003e This work is described in detail in the ITP 2015 publication by the authors.",
"authors": [
"Johannes Hölzl",
"Andreas Lochbihler",
"Dmitriy Traytel"
],
"date": "2015-05-27",
- "id": 478,
+ "id": 483,
"link": "/entries/Probabilistic_System_Zoo.html",
"permalink": "/entries/Probabilistic_System_Zoo.html",
"shortname": "Probabilistic_System_Zoo",
"title": "A Zoo of Probabilistic Systems",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "A VCG auction (named after their inventors Vickrey, Clarke, and Groves) is a generalization of the single-good, second price Vickrey auction to the case of a combinatorial auction (multiple goods, from which any participant can bid on each possible combination). We formalize in this entry VCG auctions, including tie-breaking and prove that the functions for the allocation and the price determination are well-defined. Furthermore we show that the allocation function allocates goods only to participants, only goods in the auction are allocated, and no good is allocated twice. We also show that the price function is non-negative. These properties also hold for the automatically extracted Scala code.",
"authors": [
"Marco B. Caminati",
"Manfred Kerber",
"Christoph Lange",
"Colin Rowat"
],
"date": "2015-04-30",
- "id": 479,
+ "id": 484,
"link": "/entries/Vickrey_Clarke_Groves.html",
"permalink": "/entries/Vickrey_Clarke_Groves.html",
"shortname": "Vickrey_Clarke_Groves",
"title": "VCG - Combinatorial Vickrey-Clarke-Groves Auctions",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "The theory of residuated lattices, first proposed by Ward and Dilworth, is formalised in Isabelle/HOL. This includes concepts of residuated functions; their adjoints and conjugates. It also contains necessary and sufficient conditions for the existence of these operations in an arbitrary lattice. The mathematical components for residuated lattices are linked to the AFP entry for relation algebra. In particular, we prove Jonsson and Tsinakis conditions for a residuated boolean algebra to form a relation algebra.",
"authors": [
"Victor B. F. Gomes",
"Georg Struth"
],
"date": "2015-04-15",
- "id": 480,
+ "id": 485,
"link": "/entries/Residuated_Lattices.html",
"permalink": "/entries/Residuated_Lattices.html",
"shortname": "Residuated_Lattices",
"title": "Residuated Lattices",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "ConcurrentIMP extends the small imperative language IMP with control non-determinism and constructs for synchronous message passing.",
"authors": [
"Peter Gammie"
],
"date": "2015-04-13",
- "id": 481,
+ "id": 486,
"link": "/entries/ConcurrentIMP.html",
"permalink": "/entries/ConcurrentIMP.html",
"shortname": "ConcurrentIMP",
"title": "Concurrent IMP",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e We use ConcurrentIMP to model Schism, a state-of-the-art real-time garbage collection scheme for weak memory, and show that it is safe on x86-TSO.\u003c/p\u003e \u003cp\u003e This development accompanies the PLDI 2015 paper of the same name. \u003c/p\u003e",
"authors": [
"Peter Gammie",
"Tony Hosking",
"Kai Engelhardt"
],
"date": "2015-04-13",
- "id": 482,
+ "id": 487,
"link": "/entries/ConcurrentGC.html",
"permalink": "/entries/ConcurrentGC.html",
"shortname": "ConcurrentGC",
"title": "Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO",
"topic_links": [
"computer-science/algorithms/concurrent"
],
"topics": [
"Computer science/Algorithms/Concurrent"
],
"used_by": 0
},
{
"abstract": "This article formalizes the ``trie'' data structure invented by Fredkin [CACM 1960]. It also provides a specialization where the entries in the trie are lists.",
"authors": [
"Andreas Lochbihler",
"Tobias Nipkow"
],
"date": "2015-03-30",
- "id": 483,
+ "id": 488,
"link": "/entries/Trie.html",
"permalink": "/entries/Trie.html",
"shortname": "Trie",
"title": "Trie",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 5
},
{
"abstract": "Algorithms for solving the consensus problem are fundamental to distributed computing. Despite their brevity, their ability to operate in concurrent, asynchronous and failure-prone environments comes at the cost of complex and subtle behaviors. Accordingly, understanding how they work and proving their correctness is a non-trivial endeavor where abstraction is immensely helpful. Moreover, research on consensus has yielded a large number of algorithms, many of which appear to share common algorithmic ideas. A natural question is whether and how these similarities can be distilled and described in a precise, unified way. In this work, we combine stepwise refinement and lockstep models to provide an abstract and unified view of a sizeable family of consensus algorithms. Our models provide insights into the design choices underlying the different algorithms, and classify them based on those choices.",
"authors": [
"Ognjen Marić",
"Christoph Sprenger"
],
"date": "2015-03-18",
- "id": 484,
+ "id": 489,
"link": "/entries/Consensus_Refined.html",
"permalink": "/entries/Consensus_Refined.html",
"shortname": "Consensus_Refined",
"title": "Consensus Refined",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eWe provide a framework for registering automatic methods to derive class instances of datatypes, as it is possible using Haskell's ``deriving Ord, Show, ...'' feature.\u003c/p\u003e \u003cp\u003eWe further implemented such automatic methods to derive comparators, linear orders, parametrizable equality functions, and hash-functions which are required in the Isabelle Collection Framework and the Container Framework. Moreover, for the tactic of Blanchette to show that a datatype is countable, we implemented a wrapper so that this tactic becomes accessible in our framework. All of the generators are based on the infrastructure that is provided by the BNF-based datatype package.\u003c/p\u003e \u003cp\u003eOur formalization was performed as part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eIsaFoR/CeTA\u003c/a\u003e project. With our new tactics we could remove several tedious proofs for (conditional) linear orders, and conditional equality operators within IsaFoR and the Container Framework.\u003c/p\u003e",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2015-03-11",
- "id": 485,
+ "id": 490,
"link": "/entries/Deriving.html",
"permalink": "/entries/Deriving.html",
"shortname": "Deriving",
"title": "Deriving class instances for datatypes",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 12
},
{
"abstract": "We formalize the Call Arity analysis, as implemented in GHC, and prove both functional correctness and, more interestingly, safety (i.e. the transformation does not increase allocation). \u003cp\u003e We use syntax and the denotational semantics from the entry \"Launchbury\", where we formalized Launchbury's natural semantics for lazy evaluation. \u003cp\u003e The functional correctness of Call Arity is proved with regard to that denotational semantics. The operational properties are shown with regard to a small-step semantics akin to Sestoft's mark 1 machine, which we prove to be equivalent to Launchbury's semantics. \u003cp\u003e We use Christian Urban's Nominal2 package to define our terms and make use of Brian Huffman's HOLCF package for the domain-theoretical aspects of the development.",
"authors": [
"Joachim Breitner"
],
"date": "2015-02-20",
- "id": 486,
+ "id": 491,
"link": "/entries/Call_Arity.html",
"permalink": "/entries/Call_Arity.html",
"shortname": "Call_Arity",
"title": "The Safety of Call Arity",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 0
},
{
"abstract": "We formalize an algorithm to compute the Echelon Form of a matrix. We have proved its existence over Bézout domains and made it executable over Euclidean domains, such as the integer ring and the univariate polynomials over a field. This allows us to compute determinants, inverses and characteristic polynomials of matrices. The work is based on the HOL-Multivariate Analysis library, and on both the Gauss-Jordan and Cayley-Hamilton AFP entries. As a by-product, some algebraic structures have been implemented (principal ideal domains, Bézout domains...). The algorithm has been refined to immutable arrays and code can be generated to functional languages as well.",
"authors": [
"Jose Divasón",
"Jesús Aransay"
],
"date": "2015-02-12",
- "id": 487,
+ "id": 492,
"link": "/entries/Echelon_Form.html",
"permalink": "/entries/Echelon_Form.html",
"shortname": "Echelon_Form",
"title": "Echelon Form",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "QR decomposition is an algorithm to decompose a real matrix A into the product of two other matrices Q and R, where Q is orthogonal and R is invertible and upper triangular. The algorithm is useful for the least squares problem; i.e., the computation of the best approximation of an unsolvable system of linear equations. As a side-product, the Gram-Schmidt process has also been formalized. A refinement using immutable arrays is presented as well. The development relies, among others, on the AFP entry \"Implementing field extensions of the form Q[sqrt(b)]\" by René Thiemann, which allows execution of the algorithm using symbolic computations. Verified code can be generated and executed using floats as well.",
"authors": [
"Jose Divasón",
"Jesús Aransay"
],
"date": "2015-02-12",
- "id": 488,
+ "id": 493,
"link": "/entries/QR_Decomposition.html",
"permalink": "/entries/QR_Decomposition.html",
"shortname": "QR_Decomposition",
"title": "QR Decomposition",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "Finite Automata, both deterministic and non-deterministic, for regular languages. The Myhill-Nerode Theorem. Closure under intersection, concatenation, etc. Regular expressions define regular languages. Closure under reversal; the powerset construction mapping NFAs to DFAs. Left and right languages; minimal DFAs. Brzozowski's minimization algorithm. Uniqueness up to isomorphism of minimal DFAs.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2015-02-05",
- "id": 489,
+ "id": 494,
"link": "/entries/Finite_Automata_HF.html",
"permalink": "/entries/Finite_Automata_HF.html",
"shortname": "Finite_Automata_HF",
"title": "Finite Automata in Hereditarily Finite Set Theory",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "The UpDown scheme is a recursive scheme used to compute the stiffness matrix on a special form of sparse grids. Usually, when discretizing a Euclidean space of dimension d we need O(n^d) points, for n points along each dimension. Sparse grids are a hierarchical representation where the number of points is reduced to O(n * log(n)^d). One disadvantage of such sparse grids is that the algorithm now operate recursively in the dimensions and levels of the sparse grid. \u003cp\u003e The UpDown scheme allows us to compute the stiffness matrix on such a sparse grid. The stiffness matrix represents the influence of each representation function on the L^2 scalar product. For a detailed description see Dirk Pflüger's PhD thesis. This formalization was developed as an interdisciplinary project (IDP) at the Technische Universität München.",
"authors": [
"Johannes Hölzl"
],
"date": "2015-01-28",
- "id": 490,
+ "id": 495,
"link": "/entries/UpDown_Scheme.html",
"permalink": "/entries/UpDown_Scheme.html",
"shortname": "UpDown_Scheme",
"title": "Verification of the UpDown Scheme",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 0
},
{
"abstract": "We present the Unified Policy Framework (UPF), a generic framework for modelling security (access-control) policies. UPF emphasizes the view that a policy is a policy decision function that grants or denies access to resources, permissions, etc. In other words, instead of modelling the relations of permitted or prohibited requests directly, we model the concrete function that implements the policy decision point in a system. In more detail, UPF is based on the following four principles: 1) Functional representation of policies, 2) No conflicts are possible, 3) Three-valued decision type (allow, deny, undefined), 4) Output type not containing the decision only.",
"authors": [
"Achim D. Brucker",
"Lukas Brügger",
"Burkhart Wolff"
],
"date": "2014-11-28",
- "id": 491,
+ "id": 496,
"link": "/entries/UPF.html",
"permalink": "/entries/UPF.html",
"shortname": "UPF",
"title": "The Unified Policy Framework (UPF)",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e The Ad hoc On-demand Distance Vector (AODV) routing protocol allows the nodes in a Mobile Ad hoc Network (MANET) or a Wireless Mesh Network (WMN) to know where to forward data packets. Such a protocol is ‘loop free’ if it never leads to routing decisions that forward packets in circles. \u003cp\u003e This development mechanises an existing pen-and-paper proof of loop freedom of AODV. The protocol is modelled in the Algebra of Wireless Networks (AWN), which is the subject of an earlier paper and AFP mechanization. The proof relies on a novel compositional approach for lifting invariants to networks of nodes. \u003c/p\u003e\u003cp\u003e We exploit the mechanization to analyse several variants of AODV and show that Isabelle/HOL can re-establish most proof obligations automatically and identify exactly the steps that are no longer valid. \u003c/p\u003e",
"authors": [
"Timothy Bourke",
"Peter Höfner"
],
"date": "2014-10-23",
- "id": 492,
+ "id": 497,
"link": "/entries/AODV.html",
"permalink": "/entries/AODV.html",
"shortname": "AODV",
"title": "Loop freedom of the (untimed) AODV routing protocol",
"topic_links": [
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "We implemented a command that can be used to easily generate elements of a restricted type \u003ctt\u003e{x :: 'a. P x}\u003c/tt\u003e, provided the definition is of the form \u003ctt\u003ef ys = (if check ys then Some(generate ys :: 'a) else None)\u003c/tt\u003e where \u003ctt\u003eys\u003c/tt\u003e is a list of variables \u003ctt\u003ey1 ... yn\u003c/tt\u003e and \u003ctt\u003echeck ys ==\u003e P(generate ys)\u003c/tt\u003e can be proved. \u003cp\u003e In principle, such a definition is also directly possible using the \u003ctt\u003elift_definition\u003c/tt\u003e command. However, then this definition will not be suitable for code-generation. To this end, we automated a more complex construction of Joachim Breitner which is amenable for code-generation, and where the test \u003ctt\u003echeck ys\u003c/tt\u003e will only be performed once. In the automation, one auxiliary type is created, and Isabelle's lifting- and transfer-package is invoked several times.",
"authors": [
"René Thiemann"
],
"date": "2014-10-13",
- "id": 493,
+ "id": 498,
"link": "/entries/Lifting_Definition_Option.html",
"permalink": "/entries/Lifting_Definition_Option.html",
"shortname": "Lifting_Definition_Option",
"title": "Lifting Definition Option",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "Stream Fusion is a system for removing intermediate list data structures from functional programs, in particular Haskell. This entry adapts stream fusion to Isabelle/HOL and its code generator. We define stream types for finite and possibly infinite lists and stream versions for most of the fusible list functions in the theories List and Coinductive_List, and prove them correct with respect to the conversion functions between lists and streams. The Stream Fusion transformation itself is implemented as a simproc in the preprocessor of the code generator. [Brian Huffman's \u003ca href=\"http://isa-afp.org/entries/Stream-Fusion.html\"\u003eAFP entry\u003c/a\u003e formalises stream fusion in HOLCF for the domain of lazy lists to prove the GHC compiler rewrite rules correct. In contrast, this work enables Isabelle's code generator to perform stream fusion itself. To that end, it covers both finite and coinductive lists from the HOL library and the Coinductive entry. The fusible list functions require specification and proof principles different from Huffman's.]",
"authors": [
"Andreas Lochbihler",
"Alexandra Maximova"
],
"date": "2014-10-10",
- "id": 494,
+ "id": 499,
"link": "/entries/Stream_Fusion_Code.html",
"permalink": "/entries/Stream_Fusion_Code.html",
"shortname": "Stream_Fusion_Code",
"title": "Stream Fusion in HOL with Code Generation",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "\u003ca href=\"https://doi.org/10.1007/978-3-642-36742-7_35\"\u003eBhat et al. [TACAS 2013]\u003c/a\u003e developed an inductive compiler that computes density functions for probability spaces described by programs in a probabilistic functional language. In this work, we implement such a compiler for a modified version of this language within the theorem prover Isabelle and give a formal proof of its soundness w.r.t. the semantics of the source and target language. Together with Isabelle's code generation for inductive predicates, this yields a fully verified, executable density compiler. The proof is done in two steps: First, an abstract compiler working with abstract functions modelled directly in the theorem prover's logic is defined and proved sound. Then, this compiler is refined to a concrete version that returns a target-language expression. \u003cp\u003e An article with the same title and authors is published in the proceedings of ESOP 2015. A detailed presentation of this work can be found in the first author's master's thesis with the same title.",
"authors": [
"Manuel Eberl",
"Johannes Hölzl",
"Tobias Nipkow"
],
"date": "2014-10-09",
- "id": 495,
+ "id": 500,
"link": "/entries/Density_Compiler.html",
"permalink": "/entries/Density_Compiler.html",
"shortname": "Density_Compiler",
"title": "A Verified Compiler for Probability Density Functions",
"topic_links": [
"mathematics/probability-theory",
"computer-science/programming-languages/compiling"
],
"topics": [
"Mathematics/Probability theory",
"Computer science/Programming languages/Compiling"
],
"used_by": 0
},
{
"abstract": "We present a formalization of refinement calculus for reactive systems. Refinement calculus is based on monotonic predicate transformers (monotonic functions from sets of post-states to sets of pre-states), and it is a powerful formalism for reasoning about imperative programs. We model reactive systems as monotonic property transformers that transform sets of output infinite sequences into sets of input infinite sequences. Within this semantics we can model refinement of reactive systems, (unbounded) angelic and demonic nondeterminism, sequential composition, and other semantic properties. We can model systems that may fail for some inputs, and we can model compatibility of systems. We can specify systems that have liveness properties using linear temporal logic, and we can refine system specifications into systems based on symbolic transitions systems, suitable for implementations.",
"authors": [
"Viorel Preoteasa"
],
"date": "2014-10-08",
- "id": 496,
+ "id": 501,
"link": "/entries/RefinementReactive.html",
"permalink": "/entries/RefinementReactive.html",
"shortname": "RefinementReactive",
"title": "Formalization of Refinement Calculus for Reactive Systems",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "This entry provides several monads intended for the development of stand-alone certifiers via code generation from Isabelle/HOL. More specifically, there are three flavors of error monads (the sum type, for the case where all monadic functions are total; an instance of the former, the so called check monad, yielding either success without any further information or an error message; as well as a variant of the sum type that accommodates partial functions by providing an explicit bottom element) and a parser monad built on top. All of this monads are heavily used in the IsaFoR/CeTA project which thus provides many examples of their usage.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2014-10-03",
- "id": 497,
+ "id": 502,
"link": "/entries/Certification_Monads.html",
"permalink": "/entries/Certification_Monads.html",
"shortname": "Certification_Monads",
"title": "Certification Monads",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 3
},
{
"abstract": "This entry provides an XML library for Isabelle/HOL. This includes parsing and pretty printing of XML trees as well as combinators for transforming XML trees into arbitrary user-defined data. The main contribution of this entry is an interface (fit for code generation) that allows for communication between verified programs formalized in Isabelle/HOL and the outside world via XML. This library was developed as part of the IsaFoR/CeTA project to which we refer for examples of its usage.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2014-10-03",
- "id": 498,
+ "id": 503,
"link": "/entries/XML.html",
"permalink": "/entries/XML.html",
"shortname": "XML",
"title": "XML",
"topic_links": [
"computer-science/functional-programming",
"computer-science/data-structures"
],
"topics": [
"Computer science/Functional programming",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "The insertion sort algorithm of Cormen et al. (Introduction to Algorithms) is expressed in Imperative HOL and proved to be correct and terminating. For this purpose we also provide a theory about imperative loop constructs with accompanying induction/invariant rules for proving partial and total correctness. Furthermore, the formalized algorithm is fit for code generation.",
"authors": [
"Christian Sternagel"
],
"date": "2014-09-25",
- "id": 499,
+ "id": 504,
"link": "/entries/Imperative_Insertion_Sort.html",
"permalink": "/entries/Imperative_Insertion_Sort.html",
"shortname": "Imperative_Insertion_Sort",
"title": "Imperative Insertion Sort",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "We have formalized the Sturm-Tarski theorem (also referred as the Tarski theorem), which generalizes Sturm's theorem. Sturm's theorem is usually used as a way to count distinct real roots, while the Sturm-Tarksi theorem forms the basis for Tarski's classic quantifier elimination for real closed field.",
"authors": [
"Wenda Li"
],
"date": "2014-09-19",
- "id": 500,
+ "id": 505,
"link": "/entries/Sturm_Tarski.html",
"permalink": "/entries/Sturm_Tarski.html",
"shortname": "Sturm_Tarski",
"title": "The Sturm-Tarski Theorem",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 4
},
{
"abstract": "This document contains a proof of the Cayley-Hamilton theorem based on the development of matrices in HOL/Multivariate Analysis.",
"authors": [
"Stephan Adelsberger",
"Stefan Hetzl",
"Florian Pollak"
],
"date": "2014-09-15",
- "id": 501,
+ "id": 506,
"link": "/entries/Cayley_Hamilton.html",
"permalink": "/entries/Cayley_Hamilton.html",
"shortname": "Cayley_Hamilton",
"title": "The Cayley-Hamilton Theorem",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "This submission contains theories that lead to a formalization of the proof of the Jordan-Hölder theorem about composition series of finite groups. The theories formalize the notions of isomorphism classes of groups, simple groups, normal series, composition series, maximal normal subgroups. Furthermore, they provide proofs of the second isomorphism theorem for groups, the characterization theorem for maximal normal subgroups as well as many useful lemmas about normal subgroups and factor groups. The proof is inspired by course notes of Stuart Rankin.",
"authors": [
"Jakob von Raumer"
],
"date": "2014-09-09",
- "id": 502,
+ "id": 507,
"link": "/entries/Jordan_Hoelder.html",
"permalink": "/entries/Jordan_Hoelder.html",
"shortname": "Jordan_Hoelder",
"title": "The Jordan-Hölder Theorem",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This entry verifies priority queues based on Braun trees. Insertion and deletion take logarithmic time and preserve the balanced nature of Braun trees. Two implementations of deletion are provided.",
"authors": [
"Tobias Nipkow"
],
"date": "2014-09-04",
- "id": 503,
+ "id": 508,
"link": "/entries/Priority_Queue_Braun.html",
"permalink": "/entries/Priority_Queue_Braun.html",
"shortname": "Priority_Queue_Braun",
"title": "Priority Queues Based on Braun Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "The Gauss-Jordan algorithm states that any matrix over a field can be transformed by means of elementary row operations to a matrix in reduced row echelon form. The formalization is based on the Rank Nullity Theorem entry of the AFP and on the HOL-Multivariate-Analysis session of Isabelle, where matrices are represented as functions over finite types. We have set up the code generator to make this representation executable. In order to improve the performance, a refinement to immutable arrays has been carried out. We have formalized some of the applications of the Gauss-Jordan algorithm. Thanks to this development, the following facts can be computed over matrices whose elements belong to a field: Ranks, Determinants, Inverses, Bases and dimensions and Solutions of systems of linear equations. Code can be exported to SML and Haskell.",
"authors": [
"Jose Divasón",
"Jesús Aransay"
],
"date": "2014-09-03",
- "id": 504,
+ "id": 509,
"link": "/entries/Gauss_Jordan.html",
"permalink": "/entries/Gauss_Jordan.html",
"shortname": "Gauss_Jordan",
"title": "Gauss-Jordan Algorithm and Its Applications",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 4
},
{
"abstract": "This development proves upper and lower bounds for several familiar real-valued functions. For sin, cos, exp and sqrt, it defines and verifies infinite families of upper and lower bounds, mostly based on Taylor series expansions. For arctan, ln and exp, it verifies a finite collection of upper and lower bounds, originally obtained from the functions' continued fraction expansions using the computer algebra system Maple. A common theme in these proofs is to take the difference between a function and its approximation, which should be zero at one point, and then consider the sign of the derivative. The immediate purpose of this development is to verify axioms used by MetiTarski, an automatic theorem prover for real-valued special functions. Crucial to MetiTarski's operation is the provision of upper and lower bounds for each function of interest.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2014-08-29",
- "id": 505,
+ "id": 510,
"link": "/entries/Special_Function_Bounds.html",
"permalink": "/entries/Special_Function_Bounds.html",
"shortname": "Special_Function_Bounds",
"title": "Real-Valued Special Functions: Upper and Lower Bounds",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "This formalisation of basic linear algebra is based completely on locales, building off HOL-Algebra. It includes basic definitions: linear combinations, span, linear independence; linear transformations; interpretation of function spaces as vector spaces; the direct sum of vector spaces, sum of subspaces; the replacement theorem; existence of bases in finite-dimensional; vector spaces, definition of dimension; the rank-nullity theorem. Some concepts are actually defined and proved for modules as they also apply there. Infinite-dimensional vector spaces are supported, but dimension is only supported for finite-dimensional vector spaces. The proofs are standard; the proofs of the replacement theorem and rank-nullity theorem roughly follow the presentation in Linear Algebra by Friedberg, Insel, and Spence. The rank-nullity theorem generalises the existing development in the Archive of Formal Proof (originally using type classes, now using a mix of type classes and locales).",
"authors": [
"Holden Lee"
],
"date": "2014-08-29",
- "id": 506,
+ "id": 511,
"link": "/entries/VectorSpace.html",
"permalink": "/entries/VectorSpace.html",
"shortname": "VectorSpace",
"title": "Vector Spaces",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 3
},
{
"abstract": "Skew heaps are an amazingly simple and lightweight implementation of priority queues. They were invented by Sleator and Tarjan [SIAM 1986] and have logarithmic amortized complexity. This entry provides executable and verified functional skew heaps. \u003cp\u003e The amortized complexity of skew heaps is analyzed in the AFP entry \u003ca href=\"http://isa-afp.org/entries/Amortized_Complexity.html\"\u003eAmortized Complexity\u003c/a\u003e.",
"authors": [
"Tobias Nipkow"
],
"date": "2014-08-13",
- "id": 507,
+ "id": 512,
"link": "/entries/Skew_Heap.html",
"permalink": "/entries/Skew_Heap.html",
"shortname": "Skew_Heap",
"title": "Skew Heap",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "Splay trees are self-adjusting binary search trees which were invented by Sleator and Tarjan [JACM 1985]. This entry provides executable and verified functional splay trees as well as the related splay heaps (due to Okasaki). \u003cp\u003e The amortized complexity of splay trees and heaps is analyzed in the AFP entry \u003ca href=\"http://isa-afp.org/entries/Amortized_Complexity.html\"\u003eAmortized Complexity\u003c/a\u003e.",
"authors": [
"Tobias Nipkow"
],
"date": "2014-08-12",
- "id": 508,
+ "id": 513,
"link": "/entries/Splay_Tree.html",
"permalink": "/entries/Splay_Tree.html",
"shortname": "Splay_Tree",
"title": "Splay Tree",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "We implemented a type class for \"to-string\" functions, similar to Haskell's Show class. Moreover, we provide instantiations for Isabelle/HOL's standard types like bool, prod, sum, nats, ints, and rats. It is further possible, to automatically derive show functions for arbitrary user defined datatypes similar to Haskell's \"deriving Show\".",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2014-07-29",
- "id": 509,
+ "id": 514,
"link": "/entries/Show.html",
"permalink": "/entries/Show.html",
"shortname": "Show",
"title": "Haskell's Show Class in Isabelle/HOL",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 16
},
{
"abstract": "\u003cp\u003eIntransitive noninterference has been a widely studied topic in the last few decades. Several well-established methodologies apply interactive theorem proving to formulate a noninterference theorem over abstract academic models. In joint work with several industrial and academic partners throughout Europe, we are helping in the certification process of PikeOS, an industrial separation kernel developed at SYSGO. In this process, established theories could not be applied. We present a new generic model of separation kernels and a new theory of intransitive noninterference. The model is rich in detail, making it suitable for formal verification of realistic and industrial systems such as PikeOS. Using a refinement-based theorem proving approach, we ensure that proofs remain manageable.\u003c/p\u003e \u003cp\u003e This document corresponds to the deliverable D31.1 of the EURO-MILS Project \u003ca href=\"http://www.euromils.eu\"\u003ehttp://www.euromils.eu\u003c/a\u003e.\u003c/p\u003e",
"authors": [
"Freek Verbeek",
"Sergey Tverdyshev",
"Oto Havle",
"Holger Blasum",
"Bruno Langenstein",
"Werner Stephan",
"Yakoub Nemouchi",
"Abderrahmane Feliachi",
"Burkhart Wolff",
"Julien Schmaltz"
],
"date": "2014-07-18",
- "id": 510,
+ "id": 515,
"link": "/entries/CISC-Kernel.html",
"permalink": "/entries/CISC-Kernel.html",
"shortname": "CISC-Kernel",
"title": "Formal Specification of a Generic Separation Kernel",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003epGCL is both a programming language and a specification language that incorporates both probabilistic and nondeterministic choice, in a unified manner. Program verification is by refinement or annotation (or both), using either Hoare triples, or weakest-precondition entailment, in the style of GCL.\u003c/p\u003e \u003cp\u003e This package provides both a shallow embedding of the language primitives, and an annotation and refinement framework. The generated document includes a brief tutorial.\u003c/p\u003e",
"authors": [
"David Cock"
],
"date": "2014-07-13",
- "id": 511,
+ "id": 516,
"link": "/entries/pGCL.html",
"permalink": "/entries/pGCL.html",
"shortname": "pGCL",
"title": "pGCL for Isabelle",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "A framework for the analysis of the amortized complexity of functional data structures is formalized in Isabelle/HOL and applied to a number of standard examples and to the folowing non-trivial ones: skew heaps, splay trees, splay heaps and pairing heaps.",
"authors": [
"Tobias Nipkow"
],
"date": "2014-07-07",
- "id": 512,
+ "id": 517,
"link": "/entries/Amortized_Complexity.html",
"permalink": "/entries/Amortized_Complexity.html",
"shortname": "Amortized_Complexity",
"title": "Amortized Complexity Verified",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 2
},
{
"abstract": "We present a unified theory for verifying network security policies. A security policy is represented as directed graph. To check high-level security goals, security invariants over the policy are expressed. We cover monotonic security invariants, i.e. prohibiting more does not harm security. We provide the following contributions for the security invariant theory. \u003cul\u003e \u003cli\u003eSecure auto-completion of scenario-specific knowledge, which eases usability.\u003c/li\u003e \u003cli\u003eSecurity violations can be repaired by tightening the policy iff the security invariants hold for the deny-all policy.\u003c/li\u003e \u003cli\u003eAn algorithm to compute a security policy.\u003c/li\u003e \u003cli\u003eA formalization of stateful connection semantics in network security mechanisms.\u003c/li\u003e \u003cli\u003eAn algorithm to compute a secure stateful implementation of a policy.\u003c/li\u003e \u003cli\u003eAn executable implementation of all the theory.\u003c/li\u003e \u003cli\u003eExamples, ranging from an aircraft cabin data network to the analysis of a large real-world firewall.\u003c/li\u003e \u003cli\u003eMore examples: A fully automated translation of high-level security goals to both firewall and SDN configurations (see Examples/Distributed_WebApp.thy).\u003c/li\u003e \u003c/ul\u003e For a detailed description, see \u003cul\u003e \u003cli\u003eC. Diekmann, A. Korsten, and G. Carle. \u003ca href=\"http://www.net.in.tum.de/fileadmin/bibtex/publications/papers/diekmann2015mansdnnfv.pdf\"\u003eDemonstrating topoS: Theorem-prover-based synthesis of secure network configurations.\u003c/a\u003e In 2nd International Workshop on Management of SDN and NFV Systems, manSDN/NFV, Barcelona, Spain, November 2015.\u003c/li\u003e \u003cli\u003eC. Diekmann, S.-A. Posselt, H. Niedermayer, H. Kinkelin, O. Hanka, and G. Carle. \u003ca href=\"http://www.net.in.tum.de/pub/diekmann/forte14.pdf\"\u003eVerifying Security Policies using Host Attributes.\u003c/a\u003e In FORTE, 34th IFIP International Conference on Formal Techniques for Distributed Objects, Components and Systems, Berlin, Germany, June 2014.\u003c/li\u003e \u003cli\u003eC. Diekmann, L. Hupel, and G. Carle. Directed Security Policies: \u003ca href=\"http://rvg.web.cse.unsw.edu.au/eptcs/paper.cgi?ESSS2014.3\"\u003eA Stateful Network Implementation.\u003c/a\u003e In J. Pang and Y. Liu, editors, Engineering Safety and Security Systems, volume 150 of Electronic Proceedings in Theoretical Computer Science, pages 20-34, Singapore, May 2014. Open Publishing Association.\u003c/li\u003e \u003c/ul\u003e",
"authors": [
"Cornelius Diekmann"
],
"date": "2014-07-04",
- "id": 513,
+ "id": 518,
"link": "/entries/Network_Security_Policy_Verification.html",
"permalink": "/entries/Network_Security_Policy_Verification.html",
"shortname": "Network_Security_Policy_Verification",
"title": "Network Security Policy Verification",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "Pop-refinement is an approach to stepwise refinement, carried out inside an interactive theorem prover by constructing a monotonically decreasing sequence of predicates over deeply embedded target programs. The sequence starts with a predicate that characterizes the possible implementations, and ends with a predicate that characterizes a unique program in explicit syntactic form. Pop-refinement enables more requirements (e.g. program-level and non-functional) to be captured in the initial specification and preserved through refinement. Security requirements expressed as hyperproperties (i.e. predicates over sets of traces) are always preserved by pop-refinement, unlike the popular notion of refinement as trace set inclusion. Two simple examples in Isabelle/HOL are presented, featuring program-level requirements, non-functional requirements, and hyperproperties.",
"authors": [
"Alessandro Coglio"
],
"date": "2014-07-03",
- "id": 514,
+ "id": 519,
"link": "/entries/Pop_Refinement.html",
"permalink": "/entries/Pop_Refinement.html",
"shortname": "Pop_Refinement",
"title": "Pop-Refinement",
"topic_links": [
"computer-science/programming-languages/misc"
],
"topics": [
"Computer science/Programming languages/Misc"
],
"used_by": 0
},
{
"abstract": "Monadic second-order logic on finite words (MSO) is a decidable yet expressive logic into which many decision problems can be encoded. Since MSO formulas correspond to regular languages, equivalence of MSO formulas can be reduced to the equivalence of some regular structures (e.g. automata). We verify an executable decision procedure for MSO formulas that is not based on automata but on regular expressions. \u003cp\u003e Decision procedures for regular expression equivalence have been formalized before, usually based on Brzozowski derivatives. Yet, for a straightforward embedding of MSO formulas into regular expressions an extension of regular expressions with a projection operation is required. We prove total correctness and completeness of an equivalence checker for regular expressions extended in that way. We also define a language-preserving translation of formulas into regular expressions with respect to two different semantics of MSO. ",
"authors": [
"Dmitriy Traytel",
"Tobias Nipkow"
],
"date": "2014-06-12",
- "id": 515,
+ "id": 520,
"link": "/entries/MSO_Regex_Equivalence.html",
"permalink": "/entries/MSO_Regex_Equivalence.html",
"shortname": "MSO_Regex_Equivalence",
"title": "Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions",
"topic_links": [
"computer-science/automata-and-formal-languages",
"logic/general-logic/decidability-of-theories"
],
"topics": [
"Computer science/Automata and formal languages",
"Logic/General logic/Decidability of theories"
],
"used_by": 0
},
{
"abstract": "This entry provides executable checkers for the following properties of boolean expressions: satisfiability, tautology and equivalence. Internally, the checkers operate on binary decision trees and are reasonably efficient (for purely functional algorithms).",
"authors": [
"Tobias Nipkow"
],
"date": "2014-06-08",
- "id": 516,
+ "id": 521,
"link": "/entries/Boolean_Expression_Checkers.html",
"permalink": "/entries/Boolean_Expression_Checkers.html",
"shortname": "Boolean_Expression_Checkers",
"title": "Boolean Expression Checkers",
"topic_links": [
"computer-science/algorithms",
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Computer science/Algorithms",
"Logic/General logic/Mechanization of proofs"
],
"used_by": 2
},
{
"abstract": "We present an LTL model checker whose code has been completely verified using the Isabelle theorem prover. The checker consists of over 4000 lines of ML code. The code is produced using the Isabelle Refinement Framework, which allows us to split its correctness proof into (1) the proof of an abstract version of the checker, consisting of a few hundred lines of ``formalized pseudocode'', and (2) a verified refinement step in which mathematical sets and other abstract structures are replaced by implementations of efficient structures like red-black trees and functional arrays. This leads to a checker that, while still slower than unverified checkers, can already be used as a trusted reference implementation against which advanced implementations can be tested.",
"authors": [
"Javier Esparza",
"Peter Lammich",
"René Neumann",
"Tobias Nipkow",
"Alexander Schimpf",
"Jan-Georg Smaus"
],
"date": "2014-05-28",
- "id": 517,
+ "id": 522,
"link": "/entries/CAVA_LTL_Modelchecker.html",
"permalink": "/entries/CAVA_LTL_Modelchecker.html",
"shortname": "CAVA_LTL_Modelchecker",
"title": "A Fully Verified Executable LTL Model Checker",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "We formalize linear-time temporal logic (LTL) and the algorithm by Gerth et al. to convert LTL formulas to generalized Büchi automata. We also formalize some syntactic rewrite rules that can be applied to optimize the LTL formula before conversion. Moreover, we integrate the Stuttering Equivalence AFP-Entry by Stefan Merz, adapting the lemma that next-free LTL formula cannot distinguish between stuttering equivalent runs to our setting. \u003cp\u003e We use the Isabelle Refinement and Collection framework, as well as the Autoref tool, to obtain a refined version of our algorithm, from which efficiently executable code can be extracted.",
"authors": [
"Alexander Schimpf",
"Peter Lammich"
],
"date": "2014-05-28",
- "id": 518,
+ "id": 523,
"link": "/entries/LTL_to_GBA.html",
"permalink": "/entries/LTL_to_GBA.html",
"shortname": "LTL_to_GBA",
"title": "Converting Linear-Time Temporal Logic to Generalized Büchi Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "We present an executable formalization of the language Promela, the description language for models of the model checker SPIN. This formalization is part of the work for a completely verified model checker (CAVA), but also serves as a useful (and executable!) description of the semantics of the language itself, something that is currently missing. The formalization uses three steps: It takes an abstract syntax tree generated from an SML parser, removes syntactic sugar and enriches it with type information. This further gets translated into a transition system, on which the semantic engine (read: successor function) operates.",
"authors": [
"René Neumann"
],
"date": "2014-05-28",
- "id": 519,
+ "id": 524,
"link": "/entries/Promela.html",
"permalink": "/entries/Promela.html",
"shortname": "Promela",
"title": "Promela Formalization",
"topic_links": [
"computer-science/system-description-languages"
],
"topics": [
"Computer science/System description languages"
],
"used_by": 1
},
{
"abstract": "We report on the graph and automata library that is used in the fully verified LTL model checker CAVA. As most components of CAVA use some type of graphs or automata, a common automata library simplifies assembly of the components and reduces redundancy. \u003cp\u003e The CAVA Automata Library provides a hierarchy of graph and automata classes, together with some standard algorithms. Its object oriented design allows for sharing of algorithms, theorems, and implementations between its classes, and also simplifies extensions of the library. Moreover, it is integrated into the Automatic Refinement Framework, supporting automatic refinement of the abstract automata types to efficient data structures. \u003cp\u003e Note that the CAVA Automata Library is work in progress. Currently, it is very specifically tailored towards the requirements of the CAVA model checker. Nevertheless, the formalization techniques presented here allow an extension of the library to a wider scope. Moreover, they are not limited to graph libraries, but apply to class hierarchies in general. \u003cp\u003e The CAVA Automata Library is described in the paper: Peter Lammich, The CAVA Automata Library, Isabelle Workshop 2014.",
"authors": [
"Peter Lammich"
],
"date": "2014-05-28",
- "id": 520,
+ "id": 525,
"link": "/entries/CAVA_Automata.html",
"permalink": "/entries/CAVA_Automata.html",
"shortname": "CAVA_Automata",
"title": "The CAVA Automata Library",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 8
},
{
"abstract": "We present an Isabelle/HOL formalization of Gabow's algorithm for finding the strongly connected components of a directed graph. Using data refinement techniques, we extract efficient code that performs comparable to a reference implementation in Java. Our style of formalization allows for re-using large parts of the proofs when defining variants of the algorithm. We demonstrate this by verifying an algorithm for the emptiness check of generalized Büchi automata, re-using most of the existing proofs.",
"authors": [
"Peter Lammich"
],
"date": "2014-05-28",
- "id": 521,
+ "id": 526,
"link": "/entries/Gabow_SCC.html",
"permalink": "/entries/Gabow_SCC.html",
"shortname": "Gabow_SCC",
"title": "Verified Efficient Implementation of Gabow's Strongly Connected Components Algorithm",
"topic_links": [
"computer-science/algorithms/graph",
"mathematics/graph-theory"
],
"topics": [
"Computer science/Algorithms/Graph",
"Mathematics/Graph theory"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003e An extension of classical noninterference security for deterministic state machines, as introduced by Goguen and Meseguer and elegantly formalized by Rushby, to nondeterministic systems should satisfy two fundamental requirements: it should be based on a mathematically precise theory of nondeterminism, and should be equivalent to (or at least not weaker than) the classical notion in the degenerate deterministic case. \u003c/p\u003e \u003cp\u003e This paper proposes a definition of noninterference security applying to Hoare's Communicating Sequential Processes (CSP) in the general case of a possibly intransitive noninterference policy, and proves the equivalence of this security property to classical noninterference security for processes representing deterministic state machines. \u003c/p\u003e \u003cp\u003e Furthermore, McCullough's generalized noninterference security is shown to be weaker than both the proposed notion of CSP noninterference security for a generic process, and classical noninterference security for processes representing deterministic state machines. This renders CSP noninterference security preferable as an extension of classical noninterference security to nondeterministic systems. \u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2014-05-23",
- "id": 522,
+ "id": 527,
"link": "/entries/Noninterference_CSP.html",
"permalink": "/entries/Noninterference_CSP.html",
"shortname": "Noninterference_CSP",
"title": "Noninterference Security in Communicating Sequential Processes",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 1
},
{
"abstract": "This formulation of the Roy-Floyd-Warshall algorithm for the transitive closure bypasses matrices and arrays, but uses a more direct mathematical model with adjacency functions for immediate predecessors and successors. This can be implemented efficiently in functional programming languages and is particularly adequate for sparse relations.",
"authors": [
"Makarius Wenzel"
],
"date": "2014-05-23",
- "id": 523,
+ "id": 528,
"link": "/entries/Roy_Floyd_Warshall.html",
"permalink": "/entries/Roy_Floyd_Warshall.html",
"shortname": "Roy_Floyd_Warshall",
"title": "Transitive closure according to Roy-Floyd-Warshall",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "Regular algebras axiomatise the equational theory of regular expressions as induced by regular language identity. We use Isabelle/HOL for a detailed systematic study of regular algebras given by Boffa, Conway, Kozen and Salomaa. We investigate the relationships between these classes, formalise a soundness proof for the smallest class (Salomaa's) and obtain completeness of the largest one (Boffa's) relative to a deep result by Krob. In addition we provide a large collection of regular identities in the general setting of Boffa's axiom. Our regular algebra hierarchy is orthogonal to the Kleene algebra hierarchy in the Archive of Formal Proofs; we have not aimed at an integration for pragmatic reasons.",
"authors": [
"Simon Foster",
"Georg Struth"
],
"date": "2014-05-21",
- "id": 524,
+ "id": 529,
"link": "/entries/Regular_Algebras.html",
"permalink": "/entries/Regular_Algebras.html",
"shortname": "Regular_Algebras",
"title": "Regular Algebras",
"topic_links": [
"computer-science/automata-and-formal-languages",
"mathematics/algebra"
],
"topics": [
"Computer science/Automata and formal languages",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This set of theories presents a formalisation in Isabelle/HOL of data dependencies between components. The approach allows to analyse system structure oriented towards efficient checking of system: it aims at elaborating for a concrete system, which parts of the system are necessary to check a given property.",
"authors": [
"Maria Spichkova"
],
"date": "2014-04-28",
- "id": 525,
+ "id": 530,
"link": "/entries/ComponentDependencies.html",
"permalink": "/entries/ComponentDependencies.html",
"shortname": "ComponentDependencies",
"title": "Formalisation and Analysis of Component Dependencies",
"topic_links": [
"computer-science/system-description-languages"
],
"topics": [
"Computer science/System description languages"
],
"used_by": 0
},
{
"abstract": "Research in information-flow security aims at developing methods to identify undesired information leaks within programs from private (high) sources to public (low) sinks. For a concurrent system, it is desirable to have compositional analysis methods that allow for analyzing each thread independently and that nevertheless guarantee that the parallel composition of successfully analyzed threads satisfies a global security guarantee. However, such a compositional analysis should not be overly pessimistic about what an environment might do with shared resources. Otherwise, the analysis will reject many intuitively secure programs. \u003cp\u003e The paper \"Assumptions and Guarantees for Compositional Noninterference\" by Mantel et. al. presents one solution for this problem: an approach for compositionally reasoning about non-interference in concurrent programs via rely-guarantee-style reasoning. We present an Isabelle/HOL formalization of the concepts and proofs of this approach.",
"authors": [
"Sylvia Grewe",
"Heiko Mantel",
"Daniel Schoepe"
],
"date": "2014-04-23",
- "id": 526,
+ "id": 531,
"link": "/entries/SIFUM_Type_Systems.html",
"permalink": "/entries/SIFUM_Type_Systems.html",
"shortname": "SIFUM_Type_Systems",
"title": "A Formalization of Assumptions and Guarantees for Compositional Noninterference",
"topic_links": [
"computer-science/security",
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Security",
"Computer science/Programming languages/Type systems"
],
"used_by": 0
},
{
"abstract": "Research in information-flow security aims at developing methods to identify undesired information leaks within programs from private sources to public sinks. Noninterference captures this intuition by requiring that no information whatsoever flows from private sources to public sinks. However, in practice this definition is often too strict: Depending on the intuitive desired security policy, the controlled declassification of certain private information (WHAT) at certain points in the program (WHERE) might not result in an undesired information leak. \u003cp\u003e We present an Isabelle/HOL formalization of such a security property for controlled declassification, namely WHAT\u0026WHERE-security from \"Scheduler-Independent Declassification\" by Lux, Mantel, and Perner. The formalization includes compositionality proofs for and a soundness proof for a security type system that checks for programs in a simple while language with dynamic thread creation. \u003cp\u003e Our formalization of the security type system is abstract in the language for expressions and in the semantic side conditions for expressions. It can easily be instantiated with different syntactic approximations for these side conditions. The soundness proof of such an instantiation boils down to showing that these syntactic approximations imply the semantic side conditions. \u003cp\u003e This Isabelle/HOL formalization uses theories from the entry Strong Security.",
"authors": [
"Sylvia Grewe",
"Alexander Lux",
"Heiko Mantel",
"Jens Sauer"
],
"date": "2014-04-23",
- "id": 527,
+ "id": 532,
"link": "/entries/WHATandWHERE_Security.html",
"permalink": "/entries/WHATandWHERE_Security.html",
"shortname": "WHATandWHERE_Security",
"title": "A Formalization of Declassification with WHAT-and-WHERE-Security",
"topic_links": [
"computer-science/security",
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Security",
"Computer science/Programming languages/Type systems"
],
"used_by": 0
},
{
"abstract": "Research in information-flow security aims at developing methods to identify undesired information leaks within programs from private sources to public sinks. Noninterference captures this intuition. Strong security from Sabelfeld and Sands formalizes noninterference for concurrent systems. \u003cp\u003e We present an Isabelle/HOL formalization of strong security for arbitrary security lattices (Sabelfeld and Sands use a two-element security lattice in the original publication). The formalization includes compositionality proofs for strong security and a soundness proof for a security type system that checks strong security for programs in a simple while language with dynamic thread creation. \u003cp\u003e Our formalization of the security type system is abstract in the language for expressions and in the semantic side conditions for expressions. It can easily be instantiated with different syntactic approximations for these side conditions. The soundness proof of such an instantiation boils down to showing that these syntactic approximations imply the semantic side conditions.",
"authors": [
"Sylvia Grewe",
"Alexander Lux",
"Heiko Mantel",
"Jens Sauer"
],
"date": "2014-04-23",
- "id": 528,
+ "id": 533,
"link": "/entries/Strong_Security.html",
"permalink": "/entries/Strong_Security.html",
"shortname": "Strong_Security",
"title": "A Formalization of Strong Security",
"topic_links": [
"computer-science/security",
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Security",
"Computer science/Programming languages/Type systems"
],
"used_by": 1
},
{
"abstract": "This is a formalization of bounded-deducibility security (BD security), a flexible notion of information-flow security applicable to arbitrary transition systems. It generalizes Sutherland's classic notion of nondeducibility by factoring in declassification bounds and trigger, whereas nondeducibility states that, in a system, information cannot flow between specified sources and sinks, BD security indicates upper bounds for the flow and triggers under which these upper bounds are no longer guaranteed.",
"authors": [
"Andrei Popescu",
"Peter Lammich",
"Thomas Bauereiss"
],
"date": "2014-04-22",
- "id": 529,
+ "id": 534,
"link": "/entries/Bounded_Deducibility_Security.html",
"permalink": "/entries/Bounded_Deducibility_Security.html",
"shortname": "Bounded_Deducibility_Security",
"title": "Bounded-Deducibility Security",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 3
},
{
"abstract": "We formalize HyperCTL*, a temporal logic for expressing security properties. We first define a shallow embedding of HyperCTL*, within which we prove inductive and coinductive rules for the operators. Then we show that a HyperCTL* formula captures Goguen-Meseguer noninterference, a landmark information flow property. We also define a deep embedding and connect it to the shallow embedding by a denotational semantics, for which we prove sanity w.r.t. dependence on the free variables. Finally, we show that under some finiteness assumptions about the model, noninterference is given by a (finitary) syntactic formula.",
"authors": [
"Markus N. Rabe",
"Peter Lammich",
"Andrei Popescu"
],
"date": "2014-04-16",
- "id": 530,
+ "id": 535,
"link": "/entries/HyperCTL.html",
"permalink": "/entries/HyperCTL.html",
"shortname": "HyperCTL",
"title": "A shallow embedding of HyperCTL*",
"topic_links": [
"computer-science/security",
"logic/general-logic/temporal-logic"
],
"topics": [
"Computer science/Security",
"Logic/General logic/Temporal logic"
],
"used_by": 0
},
{
"abstract": "A formalization of an abstract property of possibly infinite derivation trees (modeled by a codatatype), representing the core of a proof (in Beth/Hintikka style) of the first-order logic completeness theorem, independent of the concrete syntax or inference rules. This work is described in detail in the IJCAR 2014 publication by the authors. The abstract proof can be instantiated for a wide range of Gentzen and tableau systems as well as various flavors of FOL---e.g., with or without predicates, equality, or sorts. Here, we give only a toy example instantiation with classical propositional logic. A more serious instance---many-sorted FOL with equality---is described elsewhere [Blanchette and Popescu, FroCoS 2013].",
"authors": [
"Jasmin Christian Blanchette",
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2014-04-16",
- "id": 531,
+ "id": 536,
"link": "/entries/Abstract_Completeness.html",
"permalink": "/entries/Abstract_Completeness.html",
"shortname": "Abstract_Completeness",
"title": "Abstract Completeness",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 4
},
{
"abstract": "These theories introduce basic concepts and proofs about discrete summation: shifts, formal summation, falling factorials and stirling numbers. As proof of concept, a simple summation conversion is provided.",
"authors": [
"Florian Haftmann"
],
"date": "2014-04-13",
- "id": 532,
+ "id": 537,
"link": "/entries/Discrete_Summation.html",
"permalink": "/entries/Discrete_Summation.html",
"shortname": "Discrete_Summation",
"title": "Discrete Summation",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 2
},
{
"abstract": "This document accompanies the article \"The Design and Implementation of a Verification Technique for GPU Kernels\" by Adam Betts, Nathan Chong, Alastair F. Donaldson, Jeroen Ketema, Shaz Qadeer, Paul Thomson and John Wickerson. It formalises all of the definitions provided in Sections 3 and 4 of the article.",
"authors": [
"John Wickerson"
],
"date": "2014-04-03",
- "id": 533,
+ "id": 538,
"link": "/entries/GPU_Kernel_PL.html",
"permalink": "/entries/GPU_Kernel_PL.html",
"shortname": "GPU_Kernel_PL",
"title": "Syntax and semantics of a GPU kernel programming language",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "We formalize a probabilistic noninterference for a multi-threaded language with uniform scheduling, where probabilistic behaviour comes from both the scheduler and the individual threads. We define notions probabilistic noninterference in two variants: resumption-based and trace-based. For the resumption-based notions, we prove compositionality w.r.t. the language constructs and establish sound type-system-like syntactic criteria. This is a formalization of the mathematical development presented at CPP 2013 and CALCO 2013. It is the probabilistic variant of the Possibilistic Noninterference AFP entry.",
"authors": [
"Andrei Popescu",
"Johannes Hölzl"
],
"date": "2014-03-11",
- "id": 534,
+ "id": 539,
"link": "/entries/Probabilistic_Noninterference.html",
"permalink": "/entries/Probabilistic_Noninterference.html",
"shortname": "Probabilistic_Noninterference",
"title": "Probabilistic Noninterference",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e AWN is a process algebra developed for modelling and analysing protocols for Mobile Ad hoc Networks (MANETs) and Wireless Mesh Networks (WMNs). AWN models comprise five distinct layers: sequential processes, local parallel compositions, nodes, partial networks, and complete networks.\u003c/p\u003e \u003cp\u003e This development mechanises the original operational semantics of AWN and introduces a variant 'open' operational semantics that enables the compositional statement and proof of invariants across distinct network nodes. It supports labels (for weakening invariants) and (abstract) data state manipulations. A framework for compositional invariant proofs is developed, including a tactic (inv_cterms) for inductive invariant proofs of sequential processes, lifting rules for the open versions of the higher layers, and a rule for transferring lifted properties back to the standard semantics. A notion of 'control terms' reduces proof obligations to the subset of subterms that act directly (in contrast to operators for combining terms and joining processes).\u003c/p\u003e",
"authors": [
"Timothy Bourke"
],
"date": "2014-03-08",
- "id": 535,
+ "id": 540,
"link": "/entries/AWN.html",
"permalink": "/entries/AWN.html",
"shortname": "AWN",
"title": "Mechanization of the Algebra for Wireless Networks (AWN)",
"topic_links": [
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Concurrency/Process calculi"
],
"used_by": 1
},
{
"abstract": "We provide a wrapper around the partial-function command that supports mutual recursion.",
"authors": [
"René Thiemann"
],
"date": "2014-02-18",
- "id": 536,
+ "id": 541,
"link": "/entries/Partial_Function_MR.html",
"permalink": "/entries/Partial_Function_MR.html",
"shortname": "Partial_Function_MR",
"title": "Mutually Recursive Partial Functions",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 2
},
{
"abstract": "Random graphs are graphs with a fixed number of vertices, where each edge is present with a fixed probability. We are interested in the probability that a random graph contains a certain pattern, for example a cycle or a clique. A very high edge probability gives rise to perhaps too many edges (which degrades performance for many algorithms), whereas a low edge probability might result in a disconnected graph. We prove a theorem about a threshold probability such that a higher edge probability will asymptotically almost surely produce a random graph with the desired subgraph.",
"authors": [
"Lars Hupel"
],
"date": "2014-02-13",
- "id": 537,
+ "id": 542,
"link": "/entries/Random_Graph_Subgraph_Threshold.html",
"permalink": "/entries/Random_Graph_Subgraph_Threshold.html",
"shortname": "Random_Graph_Subgraph_Threshold",
"title": "Properties of Random Graphs -- Subgraph Containment",
"topic_links": [
"mathematics/graph-theory",
"mathematics/probability-theory"
],
"topics": [
"Mathematics/Graph theory",
"Mathematics/Probability theory"
],
"used_by": 1
},
{
"abstract": "Stepwise program refinement techniques can be used to simplify program verification. Programs are better understood since their main properties are clearly stated, and verification of rather complex algorithms is reduced to proving simple statements connecting successive program specifications. Additionally, it is easy to analyze similar algorithms and to compare their properties within a single formalization. Usually, formal analysis is not done in educational setting due to complexity of verification and a lack of tools and procedures to make comparison easy. Verification of an algorithm should not only give correctness proof, but also better understanding of an algorithm. If the verification is based on small step program refinement, it can become simple enough to be demonstrated within the university-level computer science curriculum. In this paper we demonstrate this and give a formal analysis of two well known algorithms (Selection Sort and Heap Sort) using proof assistant Isabelle/HOL and program refinement techniques.",
"authors": [
"Danijela Petrovic"
],
"date": "2014-02-11",
- "id": 538,
+ "id": 543,
"link": "/entries/Selection_Heap_Sort.html",
"permalink": "/entries/Selection_Heap_Sort.html",
"shortname": "Selection_Heap_Sort",
"title": "Verification of Selection and Heap Sort Using Locales",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "We give a formalization of affine forms as abstract representations of zonotopes. We provide affine operations as well as overapproximations of some non-affine operations like multiplication and division. Expressions involving those operations can automatically be turned into (executable) functions approximating the original expression in affine arithmetic.",
"authors": [
"Fabian Immler"
],
"date": "2014-02-07",
- "id": 539,
+ "id": 544,
"link": "/entries/Affine_Arithmetic.html",
"permalink": "/entries/Affine_Arithmetic.html",
"shortname": "Affine_Arithmetic",
"title": "Affine Arithmetic",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 2
},
{
"abstract": "We apply data refinement to implement the real numbers, where we support all numbers in the field extension Q[sqrt(b)], i.e., all numbers of the form p + q * sqrt(b) for rational numbers p and q and some fixed natural number b. To this end, we also developed algorithms to precisely compute roots of a rational number, and to perform a factorization of natural numbers which eliminates duplicate prime factors. \u003cp\u003e Our results have been used to certify termination proofs which involve polynomial interpretations over the reals.",
"authors": [
"René Thiemann"
],
"date": "2014-02-06",
- "id": 540,
+ "id": 545,
"link": "/entries/Real_Impl.html",
"permalink": "/entries/Real_Impl.html",
"shortname": "Real_Impl",
"title": "Implementing field extensions of the form Q[sqrt(b)]",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 2
},
{
"abstract": "We formalize a unified framework for verified decision procedures for regular expression equivalence. Five recently published formalizations of such decision procedures (three based on derivatives, two on marked regular expressions) can be obtained as instances of the framework. We discover that the two approaches based on marked regular expressions, which were previously thought to be the same, are different, and one seems to produce uniformly smaller automata. The common framework makes it possible to compare the performance of the different decision procedures in a meaningful way. ",
"authors": [
"Tobias Nipkow",
"Dmitriy Traytel"
],
"date": "2014-01-30",
- "id": 541,
+ "id": 546,
"link": "/entries/Regex_Equivalence.html",
"permalink": "/entries/Regex_Equivalence.html",
"shortname": "Regex_Equivalence",
"title": "Unified Decision Procedures for Regular Expression Equivalence",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "These theories extend the existing proof of the first Sylow theorem (written by Florian Kammueller and L. C. Paulson) by what are often called the second, third and fourth Sylow theorems. These theorems state propositions about the number of Sylow p-subgroups of a group and the fact that they are conjugate to each other. The proofs make use of an implementation of group actions and their properties.",
"authors": [
"Jakob von Raumer"
],
"date": "2014-01-28",
- "id": 542,
+ "id": 547,
"link": "/entries/Secondary_Sylow.html",
"permalink": "/entries/Secondary_Sylow.html",
"shortname": "Secondary_Sylow",
"title": "Secondary Sylow Theorems",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "Tarski's algebra of binary relations is formalised along the lines of the standard textbooks of Maddux and Schmidt and Ströhlein. This includes relation-algebraic concepts such as subidentities, vectors and a domain operation as well as various notions associated to functions. Relation algebras are also expanded by a reflexive transitive closure operation, and they are linked with Kleene algebras and models of binary relations and Boolean matrices.",
"authors": [
"Alasdair Armstrong",
"Simon Foster",
"Georg Struth",
"Tjark Weber"
],
"date": "2014-01-25",
- "id": 543,
+ "id": 548,
"link": "/entries/Relation_Algebra.html",
"permalink": "/entries/Relation_Algebra.html",
"shortname": "Relation_Algebra",
"title": "Relation Algebra",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "We formalise Kleene algebra with tests (KAT) and demonic refinement algebra (DRA) in Isabelle/HOL. KAT is relevant for program verification and correctness proofs in the partial correctness setting. While DRA targets similar applications in the context of total correctness. Our formalisation contains the two most important models of these algebras: binary relations in the case of KAT and predicate transformers in the case of DRA. In addition, we derive the inference rules for Hoare logic in KAT and its relational model and present a simple formally verified program verification tool prototype based on the algebraic approach.",
"authors": [
"Alasdair Armstrong",
"Victor B. F. Gomes",
"Georg Struth"
],
"date": "2014-01-23",
- "id": 544,
+ "id": 549,
"link": "/entries/KAT_and_DRA.html",
"permalink": "/entries/KAT_and_DRA.html",
"shortname": "KAT_and_DRA",
"title": "Kleene Algebra with Tests and Demonic Refinement Algebras",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/automata-and-formal-languages",
"mathematics/algebra"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Automata and formal languages",
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "The Unified Modeling Language (UML) is one of the few modeling languages that is widely used in industry. While UML is mostly known as diagrammatic modeling language (e.g., visualizing class models), it is complemented by a textual language, called Object Constraint Language (OCL). The current version of OCL is based on a four-valued logic that turns UML into a formal language. Any type comprises the elements \"invalid\" and \"null\" which are propagated as strict and non-strict, respectively. Unfortunately, the former semi-formal semantics of this specification language, captured in the \"Annex A\" of the OCL standard, leads to different interpretations of corner cases. We formalize the core of OCL: denotational definitions, a logical calculus and operational rules that allow for the execution of OCL expressions by a mixture of term rewriting and code compilation. Our formalization reveals several inconsistencies and contradictions in the current version of the OCL standard. Overall, this document is intended to provide the basis for a machine-checked text \"Annex A\" of the OCL standard targeting at tool implementors.",
"authors": [
"Achim D. Brucker",
"Frédéric Tuong",
"Burkhart Wolff"
],
"date": "2014-01-16",
- "id": 545,
+ "id": 550,
"link": "/entries/Featherweight_OCL.html",
"permalink": "/entries/Featherweight_OCL.html",
"shortname": "Featherweight_OCL",
"title": "Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5",
"topic_links": [
"computer-science/system-description-languages"
],
"topics": [
"Computer science/System description languages"
],
"used_by": 0
},
{
"abstract": "This paper presents an Isabelle/HOL set of theories which allows the specification of crypto-based components and the verification of their composition properties wrt. cryptographic aspects. We introduce a formalisation of the security property of data secrecy, the corresponding definitions and proofs. Please note that here we import the Isabelle/HOL theory ListExtras.thy, presented in the AFP entry FocusStreamsCaseStudies-AFP.",
"authors": [
"Maria Spichkova"
],
"date": "2014-01-11",
- "id": 546,
+ "id": 551,
"link": "/entries/CryptoBasedCompositionalProperties.html",
"permalink": "/entries/CryptoBasedCompositionalProperties.html",
"shortname": "CryptoBasedCompositionalProperties",
"title": "Compositional Properties of Crypto-Based Components",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "Sturm's Theorem states that polynomial sequences with certain properties, so-called Sturm sequences, can be used to count the number of real roots of a real polynomial. This work contains a proof of Sturm's Theorem and code for constructing Sturm sequences efficiently. It also provides the “sturm” proof method, which can decide certain statements about the roots of real polynomials, such as “the polynomial P has exactly n roots in the interval I” or “P(x) \u003e Q(x) for all x \u0026#8712; \u0026#8477;”.",
"authors": [
"Manuel Eberl"
],
"date": "2014-01-11",
- "id": 547,
+ "id": 552,
"link": "/entries/Sturm_Sequences.html",
"permalink": "/entries/Sturm_Sequences.html",
"shortname": "Sturm_Sequences",
"title": "Sturm's Theorem",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 4
},
{
"abstract": "\u003cp\u003e Tail-recursive function definitions are sometimes more straightforward than alternatives, but proving theorems on them may be roundabout because of the peculiar form of the resulting recursion induction rules. \u003c/p\u003e\u003cp\u003e This paper describes a proof method that provides a general solution to this problem by means of suitable invariants over inductive sets, and illustrates the application of such method by examining two case studies. \u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2013-12-01",
- "id": 548,
+ "id": 553,
"link": "/entries/Tail_Recursive_Functions.html",
"permalink": "/entries/Tail_Recursive_Functions.html",
"shortname": "Tail_Recursive_Functions",
"title": "A General Method for the Proof of Theorems on Tail-recursive Functions",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "Gödel's two incompleteness theorems are formalised, following a careful \u003ca href=\"http://journals.impan.gov.pl/dm/Inf/422-0-1.html\"\u003epresentation\u003c/a\u003e by Swierczkowski, in the theory of \u003ca href=\"HereditarilyFinite.html\"\u003ehereditarily finite sets\u003c/a\u003e. This represents the first ever machine-assisted proof of the second incompleteness theorem. Compared with traditional formalisations using Peano arithmetic (see e.g. Boolos), coding is simpler, with no need to formalise the notion of multiplication (let alone that of a prime number) in the formalised calculus upon which the theorem is based. However, other technical problems had to be solved in order to complete the argument.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2013-11-17",
- "id": 549,
+ "id": 554,
"link": "/entries/Incompleteness.html",
"permalink": "/entries/Incompleteness.html",
"shortname": "Incompleteness",
"title": "Gödel's Incompleteness Theorems",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 2
},
{
"abstract": "The theory of hereditarily finite sets is formalised, following the \u003ca href=\"http://journals.impan.gov.pl/dm/Inf/422-0-1.html\"\u003edevelopment\u003c/a\u003e of Swierczkowski. An HF set is a finite collection of other HF sets; they enjoy an induction principle and satisfy all the axioms of ZF set theory apart from the axiom of infinity, which is negated. All constructions that are possible in ZF set theory (Cartesian products, disjoint sums, natural numbers, functions) without using infinite sets are possible here. The definition of addition for the HF sets follows Kirby. This development forms the foundation for the Isabelle proof of Gödel's incompleteness theorems, which has been \u003ca href=\"Incompleteness.html\"\u003eformalised separately\u003c/a\u003e.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2013-11-17",
- "id": 550,
+ "id": 555,
"link": "/entries/HereditarilyFinite.html",
"permalink": "/entries/HereditarilyFinite.html",
"shortname": "HereditarilyFinite",
"title": "The Hereditarily Finite Sets",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 4
},
{
"abstract": "\u003cp\u003eWe define formal languages as a codataype of infinite trees branching over the alphabet. Each node in such a tree indicates whether the path to this node constitutes a word inside or outside of the language. This codatatype is isormorphic to the set of lists representation of languages, but caters for definitions by corecursion and proofs by coinduction.\u003c/p\u003e \u003cp\u003eRegular operations on languages are then defined by primitive corecursion. A difficulty arises here, since the standard definitions of concatenation and iteration from the coalgebraic literature are not primitively corecursive-they require guardedness up-to union/concatenation. Without support for up-to corecursion, these operation must be defined as a composition of primitive ones (and proved being equal to the standard definitions). As an exercise in coinduction we also prove the axioms of Kleene algebra for the defined regular operations.\u003c/p\u003e \u003cp\u003eFurthermore, a language for context-free grammars given by productions in Greibach normal form and an initial nonterminal is constructed by primitive corecursion, yielding an executable decision procedure for the word problem without further ado.\u003c/p\u003e",
"authors": [
"Dmitriy Traytel"
],
"date": "2013-11-15",
- "id": 551,
+ "id": 556,
"link": "/entries/Coinductive_Languages.html",
"permalink": "/entries/Coinductive_Languages.html",
"shortname": "Coinductive_Languages",
"title": "A Codatatype of Formal Languages",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "This set of theories presents an Isabelle/HOL formalisation of stream processing components introduced in Focus, a framework for formal specification and development of interactive systems. This is an extended and updated version of the formalisation, which was elaborated within the methodology \"Focus on Isabelle\". In addition, we also applied the formalisation on three case studies that cover different application areas: process control (Steam Boiler System), data transmission (FlexRay communication protocol), memory and processing components (Automotive-Gateway System).",
"authors": [
"Maria Spichkova"
],
"date": "2013-11-14",
- "id": 552,
+ "id": 557,
"link": "/entries/FocusStreamsCaseStudies.html",
"permalink": "/entries/FocusStreamsCaseStudies.html",
"shortname": "FocusStreamsCaseStudies",
"title": "Stream Processing Components: Isabelle/HOL Formalisation and Case Studies",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "Dana Scott's version of Gödel's proof of God's existence is formalized in quantified modal logic KB (QML KB). QML KB is modeled as a fragment of classical higher-order logic (HOL); thus, the formalization is essentially a formalization in HOL.",
"authors": [
"Christoph Benzmüller",
"Bruno Woltzenlogel Paleo"
],
"date": "2013-11-12",
- "id": 553,
+ "id": 558,
"link": "/entries/GoedelGod.html",
"permalink": "/entries/GoedelGod.html",
"shortname": "GoedelGod",
"title": "Gödel's God in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "This theory contains a formalization of decreasing diagrams showing that any locally decreasing abstract rewrite system is confluent. We consider the valley (van Oostrom, TCS 1994) and the conversion version (van Oostrom, RTA 2008) and closely follow the original proofs. As an application we prove Newman's lemma.",
"authors": [
"Harald Zankl"
],
"date": "2013-11-01",
- "id": 554,
+ "id": 559,
"link": "/entries/Decreasing-Diagrams.html",
"permalink": "/entries/Decreasing-Diagrams.html",
"shortname": "Decreasing-Diagrams",
"title": "Decreasing Diagrams",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "We present the Autoref tool for Isabelle/HOL, which automatically refines algorithms specified over abstract concepts like maps and sets to algorithms over concrete implementations like red-black-trees, and produces a refinement theorem. It is based on ideas borrowed from relational parametricity due to Reynolds and Wadler. The tool allows for rapid prototyping of verified, executable algorithms. Moreover, it can be configured to fine-tune the result to the user~s needs. Our tool is able to automatically instantiate generic algorithms, which greatly simplifies the implementation of executable data structures. \u003cp\u003e This AFP-entry provides the basic tool, which is then used by the Refinement and Collection Framework to provide automatic data refinement for the nondeterminism monad and various collection datastructures.",
"authors": [
"Peter Lammich"
],
"date": "2013-10-02",
- "id": 555,
+ "id": 560,
"link": "/entries/Automatic_Refinement.html",
"permalink": "/entries/Automatic_Refinement.html",
"shortname": "Automatic_Refinement",
"title": "Automatic Data Refinement",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 10
},
{
"abstract": "This entry makes machine words and machine arithmetic available for code generation from Isabelle/HOL. It provides a common abstraction that hides the differences between the different target languages. The code generator maps these operations to the APIs of the target languages. Apart from that, we extend the available bit operations on types int and integer, and map them to the operations in the target languages.",
"authors": [
"Andreas Lochbihler"
],
"date": "2013-09-17",
- "id": 556,
+ "id": 561,
"link": "/entries/Native_Word.html",
"permalink": "/entries/Native_Word.html",
"shortname": "Native_Word",
"title": "Native Word",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 10
},
{
"abstract": "This development provides a formal model of IEEE-754 floating-point arithmetic. This formalization, including formal specification of the standard and proofs of important properties of floating-point arithmetic, forms the foundation for verifying programs with floating-point computation. There is also a code generation setup for floats so that we can execute programs using this formalization in functional programming languages.",
"authors": [
"Lei Yu"
],
"date": "2013-07-27",
- "id": 557,
+ "id": 562,
"link": "/entries/IEEE_Floating_Point.html",
"permalink": "/entries/IEEE_Floating_Point.html",
"shortname": "IEEE_Floating_Point",
"title": "A Formal Model of IEEE Floating Point Arithmetic",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 2
},
{
"abstract": "In 1927, Lehmer presented criterions for primality, based on the converse of Fermat's litte theorem. This work formalizes the second criterion from Lehmer's paper, a necessary and sufficient condition for primality. \u003cp\u003e As a side product we formalize some properties of Euler's phi-function, the notion of the order of an element of a group, and the cyclicity of the multiplicative group of a finite field.",
"authors": [
"Simon Wimmer",
"Lars Noschinski"
],
"date": "2013-07-22",
- "id": 558,
+ "id": 563,
"link": "/entries/Lehmer.html",
"permalink": "/entries/Lehmer.html",
"shortname": "Lehmer",
"title": "Lehmer's Theorem",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "In 1975, Pratt introduced a proof system for certifying primes. He showed that a number \u003ci\u003ep\u003c/i\u003e is prime iff a primality certificate for \u003ci\u003ep\u003c/i\u003e exists. By showing a logarithmic upper bound on the length of the certificates in size of the prime number, he concluded that the decision problem for prime numbers is in NP. This work formalizes soundness and completeness of Pratt's proof system as well as an upper bound for the size of the certificate.",
"authors": [
"Simon Wimmer",
"Lars Noschinski"
],
"date": "2013-07-22",
- "id": 559,
+ "id": 564,
"link": "/entries/Pratt_Certificate.html",
"permalink": "/entries/Pratt_Certificate.html",
"shortname": "Pratt_Certificate",
"title": "Pratt's Primality Certificates",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 2
},
{
"abstract": "This development provides a formalization of undirected graphs and simple graphs, which are based on Benedikt Nordhoff and Peter Lammich's simple formalization of labelled directed graphs in the archive. Then, with our formalization of graphs, we show both necessary and sufficient conditions for Eulerian trails and circuits as well as the fact that the Königsberg Bridge Problem does not have a solution. In addition, we show the Friendship Theorem in simple graphs.",
"authors": [
"Wenda Li"
],
"date": "2013-07-19",
- "id": 560,
+ "id": 565,
"link": "/entries/Koenigsberg_Friendship.html",
"permalink": "/entries/Koenigsberg_Friendship.html",
"shortname": "Koenigsberg_Friendship",
"title": "The Königsberg Bridge Problem and the Friendship Theorem",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "This is a formalization of the soundness and completeness properties for various efficient encodings of sorts in unsorted first-order logic used by Isabelle's Sledgehammer tool. \u003cp\u003e Essentially, the encodings proceed as follows: a many-sorted problem is decorated with (as few as possible) tags or guards that make the problem monotonic; then sorts can be soundly erased. \u003cp\u003e The development employs a formalization of many-sorted first-order logic in clausal form (clauses, structures and the basic properties of the satisfaction relation), which could be of interest as the starting point for other formalizations of first-order logic metatheory.",
"authors": [
"Jasmin Christian Blanchette",
"Andrei Popescu"
],
"date": "2013-06-27",
- "id": 561,
+ "id": 566,
"link": "/entries/Sort_Encodings.html",
"permalink": "/entries/Sort_Encodings.html",
"shortname": "Sort_Encodings",
"title": "Sound and Complete Sort Encodings for First-Order Logic",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "This theory is split into two sections. In the first section, we give a formal proof that a well-known axiomatic characterization of the single-source shortest path problem is correct. Namely, we prove that in a directed graph with a non-negative cost function on the edges the single-source shortest path function is the only function that satisfies a set of four axioms. In the second section, we give a formal proof of the correctness of an axiomatic characterization of the single-source shortest path problem for directed graphs with general cost functions. The axioms here are more involved because we have to account for potential negative cycles in the graph. The axioms are summarized in three Isabelle locales.",
"authors": [
"Christine Rizkallah"
],
"date": "2013-05-22",
- "id": 562,
+ "id": 567,
"link": "/entries/ShortestPath.html",
"permalink": "/entries/ShortestPath.html",
"shortname": "ShortestPath",
"title": "An Axiomatic Characterization of the Single-Source Shortest Path Problem",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "This development provides a formalization of directed graphs, supporting (labelled) multi-edges and infinite graphs. A polymorphic edge type allows edges to be treated as pairs of vertices, if multi-edges are not required. Formalized properties are i.a. walks (and related concepts), connectedness and subgraphs and basic properties of isomorphisms. \u003cp\u003e This formalization is used to prove characterizations of Euler Trails, Shortest Paths and Kuratowski subgraphs.",
"authors": [
"Lars Noschinski"
],
"date": "2013-04-28",
- "id": 563,
+ "id": 568,
"link": "/entries/Graph_Theory.html",
"permalink": "/entries/Graph_Theory.html",
"shortname": "Graph_Theory",
"title": "Graph Theory",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 4
},
{
"abstract": "This development provides a framework for container types like sets and maps such that generated code implements these containers with different (efficient) data structures. Thanks to type classes and refinement during code generation, this light-weight approach can seamlessly replace Isabelle's default setup for code generation. Heuristics automatically pick one of the available data structures depending on the type of elements to be stored, but users can also choose on their own. The extensible design permits to add more implementations at any time. \u003cp\u003e To support arbitrary nesting of sets, we define a linear order on sets based on a linear order of the elements and provide efficient implementations. It even allows to compare complements with non-complements.",
"authors": [
"Andreas Lochbihler"
],
"date": "2013-04-15",
- "id": 564,
+ "id": 569,
"link": "/entries/Containers.html",
"permalink": "/entries/Containers.html",
"shortname": "Containers",
"title": "Light-weight Containers",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 8
},
{
"abstract": "\u003cp\u003eDealing with binders, renaming of bound variables, capture-avoiding substitution, etc., is very often a major problem in formal proofs, especially in proofs by structural and rule induction. Nominal Isabelle is designed to make such proofs easy to formalise: it provides an infrastructure for declaring nominal datatypes (that is alpha-equivalence classes) and for defining functions over them by structural recursion. It also provides induction principles that have Barendregt’s variable convention already built in. \u003c/p\u003e\u003cp\u003e This entry can be used as a more advanced replacement for HOL/Nominal in the Isabelle distribution. \u003c/p\u003e",
"authors": [
"Christian Urban",
"Stefan Berghofer",
"Cezary Kaliszyk"
],
"date": "2013-02-21",
- "id": 565,
+ "id": 570,
"link": "/entries/Nominal2.html",
"permalink": "/entries/Nominal2.html",
"shortname": "Nominal2",
"title": "Nominal 2",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 8
},
{
"abstract": "In his seminal paper \"Natural Semantics for Lazy Evaluation\", John Launchbury proves his semantics correct with respect to a denotational semantics, and outlines an adequacy proof. We have formalized both semantics and machine-checked the correctness proof, clarifying some details. Furthermore, we provide a new and more direct adequacy proof that does not require intermediate operational semantics.",
"authors": [
"Joachim Breitner"
],
"date": "2013-01-31",
- "id": 566,
+ "id": 571,
"link": "/entries/Launchbury.html",
"permalink": "/entries/Launchbury.html",
"shortname": "Launchbury",
"title": "The Correctness of Launchbury's Natural Semantics for Lazy Evaluation",
"topic_links": [
"computer-science/programming-languages/lambda-calculi",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Programming languages/Lambda calculi",
"Computer science/Semantics and reasoning"
],
"used_by": 1
},
{
"abstract": "This document concerns the theory of ribbon proofs: a diagrammatic proof system, based on separation logic, for verifying program correctness. We include the syntax, proof rules, and soundness results for two alternative formalisations of ribbon proofs. \u003cp\u003e Compared to traditional proof outlines, ribbon proofs emphasise the structure of a proof, so are intelligible and pedagogical. Because they contain less redundancy than proof outlines, and allow each proof step to be checked locally, they may be more scalable. Where proof outlines are cumbersome to modify, ribbon proofs can be visually manoeuvred to yield proofs of variant programs.",
"authors": [
"John Wickerson"
],
"date": "2013-01-19",
- "id": 567,
+ "id": 572,
"link": "/entries/Ribbon_Proofs.html",
"permalink": "/entries/Ribbon_Proofs.html",
"shortname": "Ribbon_Proofs",
"title": "Ribbon Proofs",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "In this contribution, we present some formalizations based on the HOL-Multivariate-Analysis session of Isabelle. Firstly, a generalization of several theorems of such library are presented. Secondly, some definitions and proofs involving Linear Algebra and the four fundamental subspaces of a matrix are shown. Finally, we present a proof of the result known in Linear Algebra as the ``Rank-Nullity Theorem'', which states that, given any linear map f from a finite dimensional vector space V to a vector space W, then the dimension of V is equal to the dimension of the kernel of f (which is a subspace of V) and the dimension of the range of f (which is a subspace of W). The proof presented here is based on the one given by Sheldon Axler in his book \u003ci\u003eLinear Algebra Done Right\u003c/i\u003e. As a corollary of the previous theorem, and taking advantage of the relationship between linear maps and matrices, we prove that, for every matrix A (which has associated a linear map between finite dimensional vector spaces), the sum of its null space and its column space (which is equal to the range of the linear map) is equal to the number of columns of A.",
"authors": [
"Jose Divasón",
"Jesús Aransay"
],
"date": "2013-01-16",
- "id": 568,
+ "id": 573,
"link": "/entries/Rank_Nullity_Theorem.html",
"permalink": "/entries/Rank_Nullity_Theorem.html",
"shortname": "Rank_Nullity_Theorem",
"title": "Rank-Nullity Theorem in Linear Algebra",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 4
},
{
"abstract": "These files contain a formalisation of variants of Kleene algebras and their most important models as axiomatic type classes in Isabelle/HOL. Kleene algebras are foundational structures in computing with applications ranging from automata and language theory to computational modeling, program construction and verification. \u003cp\u003e We start with formalising dioids, which are additively idempotent semirings, and expand them by axiomatisations of the Kleene star for finite iteration and an omega operation for infinite iteration. We show that powersets over a given monoid, (regular) languages, sets of paths in a graph, sets of computation traces, binary relations and formal power series form Kleene algebras, and consider further models based on lattices, max-plus semirings and min-plus semirings. We also demonstrate that dioids are closed under the formation of matrices (proofs for Kleene algebras remain to be completed). \u003cp\u003e On the one hand we have aimed at a reference formalisation of variants of Kleene algebras that covers a wide range of variants and the core theorems in a structured and modular way and provides readable proofs at text book level. On the other hand, we intend to use this algebraic hierarchy and its models as a generic algebraic middle-layer from which programming applications can quickly be explored, implemented and verified.",
"authors": [
"Alasdair Armstrong",
"Georg Struth",
"Tjark Weber"
],
"date": "2013-01-15",
- "id": 569,
+ "id": 574,
"link": "/entries/Kleene_Algebra.html",
"permalink": "/entries/Kleene_Algebra.html",
"shortname": "Kleene_Algebra",
"title": "Kleene Algebra",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/automata-and-formal-languages",
"mathematics/algebra"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Automata and formal languages",
"Mathematics/Algebra"
],
"used_by": 6
},
{
"abstract": "We implement the Babylonian method to compute n-th roots of numbers. We provide precise algorithms for naturals, integers and rationals, and offer an approximation algorithm for square roots over linear ordered fields. Moreover, there are precise algorithms to compute the floor and the ceiling of n-th roots.",
"authors": [
"René Thiemann"
],
"date": "2013-01-03",
- "id": 570,
+ "id": 575,
"link": "/entries/Sqrt_Babylonian.html",
"permalink": "/entries/Sqrt_Babylonian.html",
"shortname": "Sqrt_Babylonian",
"title": "Computing N-th Roots using the Babylonian Method",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 4
},
{
"abstract": "We provide a framework for separation-logic based correctness proofs of Imperative HOL programs. Our framework comes with a set of proof methods to automate canonical tasks such as verification condition generation and frame inference. Moreover, we provide a set of examples that show the applicability of our framework. The examples include algorithms on lists, hash-tables, and union-find trees. We also provide abstract interfaces for lists, maps, and sets, that allow to develop generic imperative algorithms and use data-refinement techniques. \u003cbr\u003e As we target Imperative HOL, our programs can be translated to efficiently executable code in various target languages, including ML, OCaml, Haskell, and Scala.",
"authors": [
"Peter Lammich",
"Rene Meis"
],
"date": "2012-11-14",
- "id": 571,
+ "id": 576,
"link": "/entries/Separation_Logic_Imperative_HOL.html",
"permalink": "/entries/Separation_Logic_Imperative_HOL.html",
"shortname": "Separation_Logic_Imperative_HOL",
"title": "A Separation Logic Framework for Imperative HOL",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 2
},
{
"abstract": "A proof of the open induction schema based on J.-C. Raoult, Proving open properties by induction, \u003ci\u003eInformation Processing Letters\u003c/i\u003e 29, 1988, pp.19-23. \u003cp\u003eThis research was supported by the Austrian Science Fund (FWF): J3202.\u003c/p\u003e",
"authors": [
"Mizuhito Ogawa",
"Christian Sternagel"
],
"date": "2012-11-02",
- "id": 572,
+ "id": 577,
"link": "/entries/Open_Induction.html",
"permalink": "/entries/Open_Induction.html",
"shortname": "Open_Induction",
"title": "Open Induction",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 4
},
{
"abstract": "Tarski's axioms of plane geometry are formalized and, using the standard real Cartesian model, shown to be consistent. A substantial theory of the projective plane is developed. Building on this theory, the Klein-Beltrami model of the hyperbolic plane is defined and shown to satisfy all of Tarski's axioms except his Euclidean axiom; thus Tarski's Euclidean axiom is shown to be independent of his other axioms of plane geometry. \u003cp\u003e An earlier version of this work was the subject of the author's \u003ca href=\"http://researcharchive.vuw.ac.nz/handle/10063/2315\"\u003eMSc thesis\u003c/a\u003e, which contains natural-language explanations of some of the more interesting proofs.",
"authors": [
"T. J. M. Makarios"
],
"date": "2012-10-30",
- "id": 573,
+ "id": 578,
"link": "/entries/Tarskis_Geometry.html",
"permalink": "/entries/Tarskis_Geometry.html",
"shortname": "Tarskis_Geometry",
"title": "The independence of Tarski's Euclidean axiom",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "A proof of Bondy's theorem following B. Bollabas, Combinatorics, 1986, Cambridge University Press.",
"authors": [
"Jeremy Avigad",
"Stefan Hetzl"
],
"date": "2012-10-27",
- "id": 574,
+ "id": 579,
"link": "/entries/Bondy.html",
"permalink": "/entries/Bondy.html",
"shortname": "Bondy",
"title": "Bondy's Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "We formalize a wide variety of Volpano/Smith-style noninterference notions for a while language with parallel composition. We systematize and classify these notions according to compositionality w.r.t. the language constructs. Compositionality yields sound syntactic criteria (a.k.a. type systems) in a uniform way. \u003cp\u003e An \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/cpp12.html\"\u003earticle\u003c/a\u003e about these proofs is published in the proceedings of the conference Certified Programs and Proofs 2012.",
"authors": [
"Andrei Popescu",
"Johannes Hölzl"
],
"date": "2012-09-10",
- "id": 575,
+ "id": 580,
"link": "/entries/Possibilistic_Noninterference.html",
"permalink": "/entries/Possibilistic_Noninterference.html",
"shortname": "Possibilistic_Noninterference",
"title": "Possibilistic Noninterference",
"topic_links": [
"computer-science/security",
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Security",
"Computer science/Programming languages/Type systems"
],
"used_by": 0
},
{
"abstract": "We provide a framework for registering automatic methods to derive class instances of datatypes, as it is possible using Haskell's ``deriving Ord, Show, ...'' feature. \u003cp\u003e We further implemented such automatic methods to derive (linear) orders or hash-functions which are required in the Isabelle Collection Framework. Moreover, for the tactic of Huffman and Krauss to show that a datatype is countable, we implemented a wrapper so that this tactic becomes accessible in our framework. \u003cp\u003e Our formalization was performed as part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eIsaFoR/CeTA\u003c/a\u003e project. With our new tactic we could completely remove tedious proofs for linear orders of two datatypes. \u003cp\u003e This development is aimed at datatypes generated by the \"old_datatype\" command.",
"authors": [
"René Thiemann"
],
"date": "2012-08-07",
- "id": 576,
+ "id": 581,
"link": "/entries/Datatype_Order_Generator.html",
"permalink": "/entries/Datatype_Order_Generator.html",
"shortname": "Datatype_Order_Generator",
"title": "Generating linear orders for datatypes",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 4
},
{
"abstract": "Squaring the circle, doubling the cube and trisecting an angle, using a compass and straightedge alone, are classic unsolved problems first posed by the ancient Greeks. All three problems were proved to be impossible in the 19th century. The following document presents the proof of the impossibility of solving the latter two problems using Isabelle/HOL, following a proof by Carrega. The proof uses elementary methods: no Galois theory or field extensions. The set of points constructible using a compass and straightedge is defined inductively. Radical expressions, which involve only square roots and arithmetic of rational numbers, are defined, and we find that all constructive points have radical coordinates. Finally, doubling the cube and trisecting certain angles requires solving certain cubic equations that can be proved to have no rational roots. The Isabelle proofs require a great many detailed calculations.",
"authors": [
"Ralph Romanos",
"Lawrence C. Paulson"
],
"date": "2012-08-05",
- "id": 577,
+ "id": 582,
"link": "/entries/Impossible_Geometry.html",
"permalink": "/entries/Impossible_Geometry.html",
"shortname": "Impossible_Geometry",
"title": "Proving the Impossibility of Trisecting an Angle and Doubling the Cube",
"topic_links": [
"mathematics/algebra",
"mathematics/geometry"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "Distributed computing is inherently based on replication, promising increased tolerance to failures of individual computing nodes or communication channels. Realizing this promise, however, involves quite subtle algorithmic mechanisms, and requires precise statements about the kinds and numbers of faults that an algorithm tolerates (such as process crashes, communication faults or corrupted values). The landmark theorem due to Fischer, Lynch, and Paterson shows that it is impossible to achieve Consensus among N asynchronously communicating nodes in the presence of even a single permanent failure. Existing solutions must rely on assumptions of \"partial synchrony\". \u003cp\u003e Indeed, there have been numerous misunderstandings on what exactly a given algorithm is supposed to realize in what kinds of environments. Moreover, the abundance of subtly different computational models complicates comparisons between different algorithms. Charron-Bost and Schiper introduced the Heard-Of model for representing algorithms and failure assumptions in a uniform framework, simplifying comparisons between algorithms. \u003cp\u003e In this contribution, we represent the Heard-Of model in Isabelle/HOL. We define two semantics of runs of algorithms with different unit of atomicity and relate these through a reduction theorem that allows us to verify algorithms in the coarse-grained semantics (where proofs are easier) and infer their correctness for the fine-grained one (which corresponds to actual executions). We instantiate the framework by verifying six Consensus algorithms that differ in the underlying algorithmic mechanisms and the kinds of faults they tolerate.",
"authors": [
"Henri Debrat",
"Stephan Merz"
],
"date": "2012-07-27",
- "id": 578,
+ "id": 583,
"link": "/entries/Heard_Of.html",
"permalink": "/entries/Heard_Of.html",
"shortname": "Heard_Of",
"title": "Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 1
},
{
"abstract": "We apply Andy Pitts's methods of defining relations over domains to several classical results in the literature. We show that the Y combinator coincides with the domain-theoretic fixpoint operator, that parallel-or and the Plotkin existential are not definable in PCF, that the continuation semantics for PCF coincides with the direct semantics, and that our domain-theoretic semantics for PCF is adequate for reasoning about contextual equivalence in an operational semantics. Our version of PCF is untyped and has both strict and non-strict function abstractions. The development is carried out in HOLCF.",
"authors": [
"Peter Gammie"
],
"date": "2012-07-01",
- "id": 579,
+ "id": 584,
"link": "/entries/PCF.html",
"permalink": "/entries/PCF.html",
"shortname": "PCF",
"title": "Logical Relations for PCF",
"topic_links": [
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 0
},
{
"abstract": "These theories contain a formalization of first class type constructors and axiomatic constructor classes for HOLCF. This work is described in detail in the ICFP 2012 paper \u003ci\u003eFormal Verification of Monad Transformers\u003c/i\u003e by the author. The formalization is a revised and updated version of earlier joint work with Matthews and White. \u003cP\u003e Based on the hierarchy of type classes in Haskell, we define classes for functors, monads, monad-plus, etc. Each one includes all the standard laws as axioms. We also provide a new user command, tycondef, for defining new type constructors in HOLCF. Using tycondef, we instantiate the type class hierarchy with various monads and monad transformers.",
"authors": [
"Brian Huffman"
],
"date": "2012-06-26",
- "id": 580,
+ "id": 585,
"link": "/entries/Tycon.html",
"permalink": "/entries/Tycon.html",
"shortname": "Tycon",
"title": "Type Constructor Classes and Monad Transformers",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "We formalise a large portion of CCS as described in Milner's book 'Communication and Concurrency' using the nominal datatype package in Isabelle. Our results include many of the standard theorems of bisimulation equivalence and congruence, for both weak and strong versions. One main goal of this formalisation is to keep the machine-checked proofs as close to their pen-and-paper counterpart as possible. \u003cp\u003e This entry is described in detail in \u003ca href=\"http://www.itu.dk/people/jebe/files/thesis.pdf\"\u003eBengtson's thesis\u003c/a\u003e.",
"authors": [
"Jesper Bengtson"
],
"date": "2012-05-29",
- "id": 581,
+ "id": 586,
"link": "/entries/CCS.html",
"permalink": "/entries/CCS.html",
"shortname": "CCS",
"title": "CCS in nominal logic",
"topic_links": [
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "Psi-calculi are extensions of the pi-calculus, accommodating arbitrary nominal datatypes to represent not only data but also communication channels, assertions and conditions, giving it an expressive power beyond the applied pi-calculus and the concurrent constraint pi-calculus. \u003cp\u003e We have formalised psi-calculi in the interactive theorem prover Isabelle using its nominal datatype package. One distinctive feature is that the framework needs to treat binding sequences, as opposed to single binders, in an efficient way. While different methods for formalising single binder calculi have been proposed over the last decades, representations for such binding sequences are not very well explored. \u003cp\u003e The main effort in the formalisation is to keep the machine checked proofs as close to their pen-and-paper counterparts as possible. This includes treating all binding sequences as atomic elements, and creating custom induction and inversion rules that to remove the bulk of manual alpha-conversions. \u003cp\u003e This entry is described in detail in \u003ca href=\"http://www.itu.dk/people/jebe/files/thesis.pdf\"\u003eBengtson's thesis\u003c/a\u003e.",
"authors": [
"Jesper Bengtson"
],
"date": "2012-05-29",
- "id": 582,
+ "id": 587,
"link": "/entries/Psi_Calculi.html",
"permalink": "/entries/Psi_Calculi.html",
"shortname": "Psi_Calculi",
"title": "Psi-calculi in Isabelle",
"topic_links": [
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "We formalise the pi-calculus using the nominal datatype package, based on ideas from the nominal logic by Pitts et al., and demonstrate an implementation in Isabelle/HOL. The purpose is to derive powerful induction rules for the semantics in order to conduct machine checkable proofs, closely following the intuitive arguments found in manual proofs. In this way we have covered many of the standard theorems of bisimulation equivalence and congruence, both late and early, and both strong and weak in a uniform manner. We thus provide one of the most extensive formalisations of a the pi-calculus ever done inside a theorem prover. \u003cp\u003e A significant gain in our formulation is that agents are identified up to alpha-equivalence, thereby greatly reducing the arguments about bound names. This is a normal strategy for manual proofs about the pi-calculus, but that kind of hand waving has previously been difficult to incorporate smoothly in an interactive theorem prover. We show how the nominal logic formalism and its support in Isabelle accomplishes this and thus significantly reduces the tedium of conducting completely formal proofs. This improves on previous work using weak higher order abstract syntax since we do not need extra assumptions to filter out exotic terms and can keep all arguments within a familiar first-order logic. \u003cp\u003e This entry is described in detail in \u003ca href=\"http://www.itu.dk/people/jebe/files/thesis.pdf\"\u003eBengtson's thesis\u003c/a\u003e.",
"authors": [
"Jesper Bengtson"
],
"date": "2012-05-29",
- "id": 583,
+ "id": 588,
"link": "/entries/Pi_Calculus.html",
"permalink": "/entries/Pi_Calculus.html",
"shortname": "Pi_Calculus",
"title": "The pi-calculus in nominal logic",
"topic_links": [
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "The Circus specification language combines elements for complex data and behavior specifications, using an integration of Z and CSP with a refinement calculus. Its semantics is based on Hoare and He's Unifying Theories of Programming (UTP). Isabelle/Circus is a formalization of the UTP and the Circus language in Isabelle/HOL. It contains proof rules and tactic support that allows for proofs of refinement for Circus processes (involving both data and behavioral aspects). \u003cp\u003e The Isabelle/Circus environment supports a syntax for the semantic definitions which is close to textbook presentations of Circus. This article contains an extended version of corresponding VSTTE Paper together with the complete formal development of its underlying commented theories.",
"authors": [
"Abderrahmane Feliachi",
"Burkhart Wolff",
"Marie-Claude Gaudel"
],
"date": "2012-05-27",
- "id": 584,
+ "id": 589,
"link": "/entries/Circus.html",
"permalink": "/entries/Circus.html",
"shortname": "Circus",
"title": "Isabelle/Circus",
"topic_links": [
"computer-science/concurrency/process-calculi",
"computer-science/system-description-languages"
],
"topics": [
"Computer science/Concurrency/Process calculi",
"Computer science/System description languages"
],
"used_by": 0
},
{
"abstract": "We present a generic type class implementation of separation algebra for Isabelle/HOL as well as lemmas and generic tactics which can be used directly for any instantiation of the type class. \u003cP\u003e The ex directory contains example instantiations that include structures such as a heap or virtual memory. \u003cP\u003e The abstract separation algebra is based upon \"Abstract Separation Logic\" by Calcagno et al. These theories are also the basis of the ITP 2012 rough diamond \"Mechanised Separation Algebra\" by the authors. \u003cP\u003e The aim of this work is to support and significantly reduce the effort for future separation logic developments in Isabelle/HOL by factoring out the part of separation logic that can be treated abstractly once and for all. This includes developing typical default rule sets for reasoning as well as automated tactic support for separation logic.",
"authors": [
"Gerwin Klein",
"Rafal Kolanski",
"Andrew Boyton"
],
"date": "2012-05-11",
- "id": 585,
+ "id": 590,
"link": "/entries/Separation_Algebra.html",
"permalink": "/entries/Separation_Algebra.html",
"shortname": "Separation_Algebra",
"title": "Separation Algebra",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eTwo omega-sequences are stuttering equivalent if they differ only by finite repetitions of elements. Stuttering equivalence is a fundamental concept in the theory of concurrent and distributed systems. Notably, Lamport argues that refinement notions for such systems should be insensitive to finite stuttering. Peled and Wilke showed that all PLTL (propositional linear-time temporal logic) properties that are insensitive to stuttering equivalence can be expressed without the next-time operator. Stuttering equivalence is also important for certain verification techniques such as partial-order reduction for model checking.\u003c/p\u003e \u003cp\u003eWe formalize stuttering equivalence in Isabelle/HOL. Our development relies on the notion of stuttering sampling functions that may skip blocks of identical sequence elements. We also encode PLTL and prove the theorem due to Peled and Wilke.\u003c/p\u003e",
"authors": [
"Stephan Merz"
],
"date": "2012-05-07",
- "id": 586,
+ "id": 591,
"link": "/entries/Stuttering_Equivalence.html",
"permalink": "/entries/Stuttering_Equivalence.html",
"shortname": "Stuttering_Equivalence",
"title": "Stuttering Equivalence",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 5
},
{
"abstract": "This document contains the full theory files accompanying article \u003ci\u003eInductive Study of Confidentiality --- for Everyone\u003c/i\u003e in \u003ci\u003eFormal Aspects of Computing\u003c/i\u003e. They aim at an illustrative and didactic presentation of the Inductive Method of protocol analysis, focusing on the treatment of one of the main goals of security protocols: confidentiality against a threat model. The treatment of confidentiality, which in fact forms a key aspect of all protocol analysis tools, has been found cryptic by many learners of the Inductive Method, hence the motivation for this work. The theory files in this document guide the reader step by step towards design and proof of significant confidentiality theorems. These are developed against two threat models, the standard Dolev-Yao and a more audacious one, the General Attacker, which turns out to be particularly useful also for teaching purposes.",
"authors": [
"Giampaolo Bella"
],
"date": "2012-05-02",
- "id": 587,
+ "id": 592,
"link": "/entries/Inductive_Confidentiality.html",
"permalink": "/entries/Inductive_Confidentiality.html",
"shortname": "Inductive_Confidentiality",
"title": "Inductive Study of Confidentiality",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eSession Ordinary-Differential-Equations formalizes ordinary differential equations (ODEs) and initial value problems. This work comprises proofs for local and global existence of unique solutions (Picard-Lindelöf theorem). Moreover, it contains a formalization of the (continuous or even differentiable) dependency of the flow on initial conditions as the \u003ci\u003eflow\u003c/i\u003e of ODEs.\u003c/p\u003e \u003cp\u003e Not in the generated document are the following sessions: \u003cul\u003e \u003cli\u003e HOL-ODE-Numerics: Rigorous numerical algorithms for computing enclosures of solutions based on Runge-Kutta methods and affine arithmetic. Reachability analysis with splitting and reduction at hyperplanes.\u003c/li\u003e \u003cli\u003e HOL-ODE-Examples: Applications of the numerical algorithms to concrete systems of ODEs.\u003c/li\u003e \u003cli\u003e Lorenz_C0, Lorenz_C1: Verified algorithms for checking C1-information according to Tucker's proof, computation of C0-information.\u003c/li\u003e \u003c/ul\u003e \u003c/p\u003e",
"authors": [
"Fabian Immler",
"Johannes Hölzl"
],
"date": "2012-04-26",
- "id": 588,
+ "id": 593,
"link": "/entries/Ordinary_Differential_Equations.html",
"permalink": "/entries/Ordinary_Differential_Equations.html",
"shortname": "Ordinary_Differential_Equations",
"title": "Ordinary Differential Equations",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 3
},
{
"abstract": "Based on Isabelle/HOL's type class for preorders, we introduce a type class for well-quasi-orders (wqo) which is characterized by the absence of \"bad\" sequences (our proofs are along the lines of the proof of Nash-Williams, from which we also borrow terminology). Our main results are instantiations for the product type, the list type, and a type of finite trees, which (almost) directly follow from our proofs of (1) Dickson's Lemma, (2) Higman's Lemma, and (3) Kruskal's Tree Theorem. More concretely: \u003cul\u003e \u003cli\u003eIf the sets A and B are wqo then their Cartesian product is wqo.\u003c/li\u003e \u003cli\u003eIf the set A is wqo then the set of finite lists over A is wqo.\u003c/li\u003e \u003cli\u003eIf the set A is wqo then the set of finite trees over A is wqo.\u003c/li\u003e \u003c/ul\u003e The research was funded by the Austrian Science Fund (FWF): J3202.",
"authors": [
"Christian Sternagel"
],
"date": "2012-04-13",
- "id": 589,
+ "id": 594,
"link": "/entries/Well_Quasi_Orders.html",
"permalink": "/entries/Well_Quasi_Orders.html",
"shortname": "Well_Quasi_Orders",
"title": "Well-Quasi-Orders",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 5
},
{
"abstract": "We define the Abortable Linearizable Module automaton (ALM for short) and prove its key composition property using the IOA theory of HOLCF. The ALM is at the heart of the Speculative Linearizability framework. This framework simplifies devising correct speculative algorithms by enabling their decomposition into independent modules that can be analyzed and proved correct in isolation. It is particularly useful when working in a distributed environment, where the need to tolerate faults and asynchrony has made current monolithic protocols so intricate that it is no longer tractable to check their correctness. Our theory contains a typical example of a refinement proof in the I/O-automata framework of Lynch and Tuttle.",
"authors": [
"Rachid Guerraoui",
"Viktor Kuncak",
"Giuliano Losa"
],
"date": "2012-03-01",
- "id": 590,
+ "id": 595,
"link": "/entries/Abortable_Linearizable_Modules.html",
"permalink": "/entries/Abortable_Linearizable_Modules.html",
"shortname": "Abortable_Linearizable_Modules",
"title": "Abortable Linearizable Modules",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e We provide a generic work-list algorithm to compute the (reflexive-)transitive closure of relations where only successors of newly detected states are generated. In contrast to our previous work, the relations do not have to be finite, but each element must only have finitely many (indirect) successors. Moreover, a subsumption relation can be used instead of pure equality. An executable variant of the algorithm is available where the generic operations are instantiated with list operations. \u003c/p\u003e\u003cp\u003e This formalization was performed as part of the IsaFoR/CeTA project, and it has been used to certify size-change termination proofs where large transitive closures have to be computed. \u003c/p\u003e",
"authors": [
"René Thiemann"
],
"date": "2012-02-29",
- "id": 591,
+ "id": 596,
"link": "/entries/Transitive-Closure-II.html",
"permalink": "/entries/Transitive-Closure-II.html",
"shortname": "Transitive-Closure-II",
"title": "Executable Transitive Closures",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "This works presents a formalization of the Girth-Chromatic number theorem in graph theory, stating that graphs with arbitrarily large girth and chromatic number exist. The proof uses the theory of Random Graphs to prove the existence with probabilistic arguments.",
"authors": [
"Lars Noschinski"
],
"date": "2012-02-06",
- "id": 592,
+ "id": 597,
"link": "/entries/Girth_Chromatic.html",
"permalink": "/entries/Girth_Chromatic.html",
"shortname": "Girth_Chromatic",
"title": "A Probabilistic Proof of the Girth-Chromatic Number Theorem",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 3
},
{
"abstract": "We implement and prove correct Dijkstra's algorithm for the single source shortest path problem, conceived in 1956 by E. Dijkstra. The algorithm is implemented using the data refinement framework for monadic, nondeterministic programs. An efficient implementation is derived using data structures from the Isabelle Collection Framework.",
"authors": [
"Benedikt Nordhoff",
"Peter Lammich"
],
"date": "2012-01-30",
- "id": 593,
+ "id": 598,
"link": "/entries/Dijkstra_Shortest_Path.html",
"permalink": "/entries/Dijkstra_Shortest_Path.html",
"shortname": "Dijkstra_Shortest_Path",
"title": "Dijkstra's Shortest Path Algorithm",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 3
},
{
"abstract": "We provide a framework for program and data refinement in Isabelle/HOL. The framework is based on a nondeterminism-monad with assertions, i.e., the monad carries a set of results or an assertion failure. Recursion is expressed by fixed points. For convenience, we also provide while and foreach combinators. \u003cp\u003e The framework provides tools to automatize canonical tasks, such as verification condition generation, finding appropriate data refinement relations, and refine an executable program to a form that is accepted by the Isabelle/HOL code generator. \u003cp\u003e This submission comes with a collection of examples and a user-guide, illustrating the usage of the framework.",
"authors": [
"Peter Lammich"
],
"date": "2012-01-30",
- "id": 594,
+ "id": 599,
"link": "/entries/Refine_Monadic.html",
"permalink": "/entries/Refine_Monadic.html",
"shortname": "Refine_Monadic",
"title": "Refinement for Monadic Programs",
"topic_links": [
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Semantics and reasoning"
],
"used_by": 3
},
{
"abstract": "This is a formalization of Markov models in Isabelle/HOL. It builds on Isabelle's probability theory. The available models are currently Discrete-Time Markov Chains and a extensions of them with rewards. \u003cp\u003e As application of these models we formalize probabilistic model checking of pCTL formulas, analysis of IPv4 address allocation in ZeroConf and an analysis of the anonymity of the Crowds protocol. \u003ca href=\"http://arxiv.org/abs/1212.3870\"\u003eSee here for the corresponding paper.\u003c/a\u003e",
"authors": [
"Johannes Hölzl",
"Tobias Nipkow"
],
"date": "2012-01-03",
- "id": 595,
+ "id": 600,
"link": "/entries/Markov_Models.html",
"permalink": "/entries/Markov_Models.html",
"shortname": "Markov_Models",
"title": "Markov Models",
"topic_links": [
"mathematics/probability-theory",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Mathematics/Probability theory",
"Computer science/Automata and formal languages"
],
"used_by": 4
},
{
"abstract": "We mechanise the logic TLA* \u003ca href=\"http://www.springerlink.com/content/ax3qk557qkdyt7n6/\"\u003e[Merz 1999]\u003c/a\u003e, an extension of Lamport's Temporal Logic of Actions (TLA) \u003ca href=\"http://dl.acm.org/citation.cfm?doid=177492.177726\"\u003e[Lamport 1994]\u003c/a\u003e for specifying and reasoning about concurrent and reactive systems. Aiming at a framework for mechanising] the verification of TLA (or TLA*) specifications, this contribution reuses some elements from a previous axiomatic encoding of TLA in Isabelle/HOL by the second author [Merz 1998], which has been part of the Isabelle distribution. In contrast to that previous work, we give here a shallow, definitional embedding, with the following highlights: \u003cul\u003e \u003cli\u003ea theory of infinite sequences, including a formalisation of the concepts of stuttering invariance central to TLA and TLA*; \u003cli\u003ea definition of the semantics of TLA*, which extends TLA by a mutually-recursive definition of formulas and pre-formulas, generalising TLA action formulas; \u003cli\u003ea substantial set of derived proof rules, including the TLA* axioms and Lamport's proof rules for system verification; \u003cli\u003ea set of examples illustrating the usage of Isabelle/TLA* for reasoning about systems. \u003c/ul\u003e Note that this work is unrelated to the ongoing development of a proof system for the specification language TLA+, which includes an encoding of TLA+ as a new Isabelle object logic \u003ca href=\"http://www.springerlink.com/content/354026160p14j175/\"\u003e[Chaudhuri et al 2010]\u003c/a\u003e.",
"authors": [
"Gudmund Grov",
"Stephan Merz"
],
"date": "2011-11-19",
- "id": 596,
+ "id": 601,
"link": "/entries/TLA.html",
"permalink": "/entries/TLA.html",
"shortname": "TLA",
"title": "A Definitional Encoding of TLA* in Isabelle/HOL",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "We provide a formalization of the mergesort algorithm as used in GHC's Data.List module, proving correctness and stability. Furthermore, experimental data suggests that generated (Haskell-)code for this algorithm is much faster than for previous algorithms available in the Isabelle distribution.",
"authors": [
"Christian Sternagel"
],
"date": "2011-11-09",
- "id": 597,
+ "id": 602,
"link": "/entries/Efficient-Mergesort.html",
"permalink": "/entries/Efficient-Mergesort.html",
"shortname": "Efficient-Mergesort",
"title": "Efficient Mergesort",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 2
},
{
"abstract": "Algebras of imperative programming languages have been successful in reasoning about programs. In general an algebra of programs is an algebraic structure with programs as elements and with program compositions (sequential composition, choice, skip) as algebra operations. Various versions of these algebras were introduced to model partial correctness, total correctness, refinement, demonic choice, and other aspects. We formalize here an algebra which can be used to model total correctness, refinement, demonic and angelic choice. The basic model of this algebra are monotonic Boolean transformers (monotonic functions from a Boolean algebra to itself).",
"authors": [
"Viorel Preoteasa"
],
"date": "2011-09-22",
- "id": 598,
+ "id": 603,
"link": "/entries/MonoBoolTranAlgebra.html",
"permalink": "/entries/MonoBoolTranAlgebra.html",
"shortname": "MonoBoolTranAlgebra",
"title": "Algebra of Monotonic Boolean Transformers",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 1
},
{
"abstract": "This formalization introduces and collects some algebraic structures based on lattices and complete lattices for use in other developments. The structures introduced are modular, and lattice ordered groups. In addition to the results proved for the new lattices, this formalization also introduces theorems about latices and complete lattices in general.",
"authors": [
"Viorel Preoteasa"
],
"date": "2011-09-22",
- "id": 599,
+ "id": 604,
"link": "/entries/LatticeProperties.html",
"permalink": "/entries/LatticeProperties.html",
"shortname": "LatticeProperties",
"title": "Lattice Properties",
"topic_links": [
"mathematics/order"
],
"topics": [
"Mathematics/Order"
],
"used_by": 3
},
{
"abstract": "Pseudo-hoops are algebraic structures introduced by B. Bosbach under the name of complementary semigroups. In this formalization we prove some properties of pseudo-hoops and we define the basic concepts of filter and normal filter. The lattice of normal filters is isomorphic with the lattice of congruences of a pseudo-hoop. We also study some important classes of pseudo-hoops. Bounded Wajsberg pseudo-hoops are equivalent to pseudo-Wajsberg algebras and bounded basic pseudo-hoops are equivalent to pseudo-BL algebras. Some examples of pseudo-hoops are given in the last section of the formalization.",
"authors": [
"George Georgescu",
"Laurentiu Leustean",
"Viorel Preoteasa"
],
"date": "2011-09-22",
- "id": 600,
+ "id": 605,
"link": "/entries/PseudoHoops.html",
"permalink": "/entries/PseudoHoops.html",
"shortname": "PseudoHoops",
"title": "Pseudo Hoops",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "There are many proofs of the Myhill-Nerode theorem using automata. In this library we give a proof entirely based on regular expressions, since regularity of languages can be conveniently defined using regular expressions (it is more painful in HOL to define regularity in terms of automata). We prove the first direction of the Myhill-Nerode theorem by solving equational systems that involve regular expressions. For the second direction we give two proofs: one using tagging-functions and another using partial derivatives. We also establish various closure properties of regular languages. Most details of the theories are described in our ITP 2011 paper.",
"authors": [
"Chunhan Wu",
"Xingyuan Zhang",
"Christian Urban"
],
"date": "2011-08-26",
- "id": 601,
+ "id": 606,
"link": "/entries/Myhill-Nerode.html",
"permalink": "/entries/Myhill-Nerode.html",
"shortname": "Myhill-Nerode",
"title": "The Myhill-Nerode Theorem Based on Regular Expressions",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "This theory provides a compact formulation of Gauss-Jordan elimination for matrices represented as functions. Its distinctive feature is succinctness. It is not meant for large computations.",
"authors": [
"Tobias Nipkow"
],
"date": "2011-08-19",
- "id": 602,
+ "id": 607,
"link": "/entries/Gauss-Jordan-Elim-Fun.html",
"permalink": "/entries/Gauss-Jordan-Elim-Fun.html",
"shortname": "Gauss-Jordan-Elim-Fun",
"title": "Gauss-Jordan Elimination for Matrices Represented as Functions",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e A \u003cem\u003ematching\u003c/em\u003e in a graph \u003ci\u003eG\u003c/i\u003e is a subset \u003ci\u003eM\u003c/i\u003e of the edges of \u003ci\u003eG\u003c/i\u003e such that no two share an endpoint. A matching has maximum cardinality if its cardinality is at least as large as that of any other matching. An \u003cem\u003eodd-set cover\u003c/em\u003e \u003ci\u003eOSC\u003c/i\u003e of a graph \u003ci\u003eG\u003c/i\u003e is a labeling of the nodes of \u003ci\u003eG\u003c/i\u003e with integers such that every edge of \u003ci\u003eG\u003c/i\u003e is either incident to a node labeled 1 or connects two nodes labeled with the same number \u003ci\u003ei \u0026ge; 2\u003c/i\u003e. \u003c/p\u003e\u003cp\u003e This article proves Edmonds theorem:\u003cbr\u003e Let \u003ci\u003eM\u003c/i\u003e be a matching in a graph \u003ci\u003eG\u003c/i\u003e and let \u003ci\u003eOSC\u003c/i\u003e be an odd-set cover of \u003ci\u003eG\u003c/i\u003e. For any \u003ci\u003ei \u0026ge; 0\u003c/i\u003e, let \u003cvar\u003en(i)\u003c/var\u003e be the number of nodes labeled \u003ci\u003ei\u003c/i\u003e. If \u003ci\u003e|M| = n(1) + \u0026sum;\u003csub\u003ei \u0026ge; 2\u003c/sub\u003e(n(i) div 2)\u003c/i\u003e, then \u003ci\u003eM\u003c/i\u003e is a maximum cardinality matching. \u003c/p\u003e",
"authors": [
"Christine Rizkallah"
],
"date": "2011-07-21",
- "id": 603,
+ "id": 608,
"link": "/entries/Max-Card-Matching.html",
"permalink": "/entries/Max-Card-Matching.html",
"shortname": "Max-Card-Matching",
"title": "Maximum Cardinality Matching",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "Knowledge-based programs (KBPs) are a formalism for directly relating agents' knowledge and behaviour. Here we present a general scheme for compiling KBPs to executable automata with a proof of correctness in Isabelle/HOL. We develop the algorithm top-down, using Isabelle's locale mechanism to structure these proofs, and show that two classic examples can be synthesised using Isabelle's code generator.",
"authors": [
"Peter Gammie"
],
"date": "2011-05-17",
- "id": 604,
+ "id": 609,
"link": "/entries/KBPs.html",
"permalink": "/entries/KBPs.html",
"shortname": "KBPs",
"title": "Knowledge-based programs",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "Some acute-angled triangles are special, e.g. right-angled or isoscele triangles. Some are not of this kind, but, without measuring angles, look as if they were. In that sense, there is exactly one general triangle. This well-known fact is proven here formally.",
"authors": [
"Joachim Breitner"
],
"date": "2011-04-01",
- "id": 605,
+ "id": 610,
"link": "/entries/General-Triangle.html",
"permalink": "/entries/General-Triangle.html",
"shortname": "General-Triangle",
"title": "The General Triangle Is Unique",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "We provide a generic work-list algorithm to compute the transitive closure of finite relations where only successors of newly detected states are generated. This algorithm is then instantiated for lists over arbitrary carriers and red black trees (which are faster but require a linear order on the carrier), respectively. Our formalization was performed as part of the IsaFoR/CeTA project where reflexive transitive closures of large tree automata have to be computed.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2011-03-14",
- "id": 606,
+ "id": 611,
"link": "/entries/Transitive-Closure.html",
"permalink": "/entries/Transitive-Closure.html",
"shortname": "Transitive-Closure",
"title": "Executable Transitive Closures of Finite Relations",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 3
},
{
"abstract": "We formalize the AutoFocus Semantics (a time-synchronous subset of the Focus formalism) as stream processing functions on finite and infinite message streams represented as finite/infinite lists. The formalization comprises both the conventional single-clocking semantics (uniform global clock for all components and communications channels) and its extension to multi-clocking semantics (internal execution clocking of a component may be a multiple of the external communication clocking). The semantics is defined by generic stream processing functions making it suitable for simulation/code generation in Isabelle/HOL. Furthermore, a number of AutoFocus semantics properties are formalized using definitions from the IntervalLogic theories.",
"authors": [
"David Trachtenherz"
],
"date": "2011-02-23",
- "id": 607,
+ "id": 612,
"link": "/entries/AutoFocus-Stream.html",
"permalink": "/entries/AutoFocus-Stream.html",
"shortname": "AutoFocus-Stream",
"title": "AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "We introduce a theory of infinite lists in HOL formalized as functions over naturals (folder ListInf, theories ListInf and ListInf_Prefix). It also provides additional results for finite lists (theory ListInf/List2), natural numbers (folder CommonArith, esp. division/modulo, naturals with infinity), sets (folder CommonSet, esp. cutting/truncating sets, traversing sets of naturals).",
"authors": [
"David Trachtenherz"
],
"date": "2011-02-23",
- "id": 608,
+ "id": 613,
"link": "/entries/List-Infinite.html",
"permalink": "/entries/List-Infinite.html",
"shortname": "List-Infinite",
"title": "Infinite Lists",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "We introduce a theory of temporal logic operators using sets of natural numbers as time domain, formalized in a shallow embedding manner. The theory comprises special natural intervals (theory IL_Interval: open and closed intervals, continuous and modulo intervals, interval traversing results), operators for shifting intervals to left/right on the number axis as well as expanding/contracting intervals by constant factors (theory IL_IntervalOperators.thy), and ultimately definitions and results for unary and binary temporal operators on arbitrary natural sets (theory IL_TemporalOperators).",
"authors": [
"David Trachtenherz"
],
"date": "2011-02-23",
- "id": 609,
+ "id": 614,
"link": "/entries/Nat-Interval-Logic.html",
"permalink": "/entries/Nat-Interval-Logic.html",
"shortname": "Nat-Interval-Logic",
"title": "Interval Temporal Logic on Natural Numbers",
"topic_links": [
"logic/general-logic/temporal-logic"
],
"topics": [
"Logic/General logic/Temporal logic"
],
"used_by": 1
},
{
"abstract": "A fully-formalized and extensible minimal imperative fragment of Java.",
"authors": [
"Rok Strniša",
"Matthew Parkinson"
],
"date": "2011-02-07",
- "id": 610,
+ "id": 615,
"link": "/entries/LightweightJava.html",
"permalink": "/entries/LightweightJava.html",
"shortname": "LightweightJava",
"title": "Lightweight Java",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "This work presents a verification of an implementation in SPARK/ADA of the cryptographic hash-function RIPEMD-160. A functional specification of RIPEMD-160 is given in Isabelle/HOL. Proofs for the verification conditions generated by the static-analysis toolset of SPARK certify the functional correctness of the implementation.",
"authors": [
"Fabian Immler"
],
"date": "2011-01-10",
- "id": 611,
+ "id": 616,
"link": "/entries/RIPEMD-160-SPARK.html",
"permalink": "/entries/RIPEMD-160-SPARK.html",
"shortname": "RIPEMD-160-SPARK",
"title": "RIPEMD-160",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 0
},
{
"abstract": "We define the notions of lower and upper semicontinuity for functions from a metric space to the extended real line. We prove that a function is both lower and upper semicontinuous if and only if it is continuous. We also give several equivalent characterizations of lower semicontinuity. In particular, we prove that a function is lower semicontinuous if and only if its epigraph is a closed set. Also, we introduce the notion of the lower semicontinuous hull of an arbitrary function and prove its basic properties.",
"authors": [
"Bogdan Grechuk"
],
"date": "2011-01-08",
- "id": 612,
+ "id": 617,
"link": "/entries/Lower_Semicontinuous.html",
"permalink": "/entries/Lower_Semicontinuous.html",
"shortname": "Lower_Semicontinuous",
"title": "Lower Semicontinuous Functions",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "Two proofs of Hall's Marriage Theorem: one due to Halmos and Vaughan, one due to Rado.",
"authors": [
"Dongchen Jiang",
"Tobias Nipkow"
],
"date": "2010-12-17",
- "id": 613,
+ "id": 618,
"link": "/entries/Marriage.html",
"permalink": "/entries/Marriage.html",
"shortname": "Marriage",
"title": "Hall's Marriage Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "In his dissertation, Olin Shivers introduces a concept of control flow graphs for functional languages, provides an algorithm to statically derive a safe approximation of the control flow graph and proves this algorithm correct. In this research project, Shivers' algorithms and proofs are formalized in the HOLCF extension of HOL.",
"authors": [
"Joachim Breitner"
],
"date": "2010-11-16",
- "id": 614,
+ "id": 619,
"link": "/entries/Shivers-CFA.html",
"permalink": "/entries/Shivers-CFA.html",
"shortname": "Shivers-CFA",
"title": "Shivers' Control Flow Analysis",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 0
},
{
"abstract": "We implement and prove correct binomial heaps and skew binomial heaps. Both are data-structures for priority queues. While binomial heaps have logarithmic \u003cem\u003efindMin\u003c/em\u003e, \u003cem\u003edeleteMin\u003c/em\u003e, \u003cem\u003einsert\u003c/em\u003e, and \u003cem\u003emeld\u003c/em\u003e operations, skew binomial heaps have constant time \u003cem\u003efindMin\u003c/em\u003e, \u003cem\u003einsert\u003c/em\u003e, and \u003cem\u003emeld\u003c/em\u003e operations, and only the \u003cem\u003edeleteMin\u003c/em\u003e-operation is logarithmic. This is achieved by using \u003cem\u003eskew links\u003c/em\u003e to avoid cascading linking on \u003cem\u003einsert\u003c/em\u003e-operations, and \u003cem\u003edata-structural bootstrapping\u003c/em\u003e to get constant-time \u003cem\u003efindMin\u003c/em\u003e and \u003cem\u003emeld\u003c/em\u003e operations. Our implementation follows the paper by Brodal and Okasaki.",
"authors": [
"Rene Meis",
"Finn Nielsen",
"Peter Lammich"
],
"date": "2010-10-28",
- "id": 615,
+ "id": 620,
"link": "/entries/Binomial-Heaps.html",
"permalink": "/entries/Binomial-Heaps.html",
"shortname": "Binomial-Heaps",
"title": "Binomial Heaps and Skew Binomial Heaps",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 2
},
{
"abstract": "We implement and prove correct 2-3 finger trees. Finger trees are a general purpose data structure, that can be used to efficiently implement other data structures, such as priority queues. Intuitively, a finger tree is an annotated sequence, where the annotations are elements of a monoid. Apart from operations to access the ends of the sequence, the main operation is to split the sequence at the point where a \u003cem\u003emonotone predicate\u003c/em\u003e over the sum of the left part of the sequence becomes true for the first time. The implementation follows the paper of Hinze and Paterson. The code generator can be used to get efficient, verified code.",
"authors": [
"Benedikt Nordhoff",
"Stefan Körner",
"Peter Lammich"
],
"date": "2010-10-28",
- "id": 616,
+ "id": 621,
"link": "/entries/Finger-Trees.html",
"permalink": "/entries/Finger-Trees.html",
"shortname": "Finger-Trees",
"title": "Finger Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 3
},
{
"abstract": "Priority queues are an important data structure and efficient implementations of them are crucial. We implement a functional variant of binomial queues in Isabelle/HOL and show its functional correctness. A verification against an abstract reference specification of priority queues has also been attempted, but could not be achieved to the full extent.",
"authors": [
"René Neumann"
],
"date": "2010-10-28",
- "id": 617,
+ "id": 622,
"link": "/entries/Binomial-Queues.html",
"permalink": "/entries/Binomial-Queues.html",
"shortname": "Binomial-Queues",
"title": "Functional Binomial Queues",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "Handling variable binding is one of the main difficulties in formal proofs. In this context, Moggi's computational metalanguage serves as an interesting case study. It features monadic types and a commuting conversion rule that rearranges the binding structure. Lindley and Stark have given an elegant proof of strong normalization for this calculus. The key construction in their proof is a notion of relational TT-lifting, using stacks of elimination contexts to obtain a Girard-Tait style logical relation. I give a formalization of their proof in Isabelle/HOL-Nominal with a particular emphasis on the treatment of bound variables.",
"authors": [
"Christian Doczkal"
],
"date": "2010-08-29",
- "id": 618,
+ "id": 623,
"link": "/entries/Lam-ml-Normalization.html",
"permalink": "/entries/Lam-ml-Normalization.html",
"shortname": "Lam-ml-Normalization",
"title": "Strong Normalization of Moggis's Computational Metalanguage",
"topic_links": [
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 0
},
{
"abstract": "We define multivariate polynomials over arbitrary (ordered) semirings in combination with (executable) operations like addition, multiplication, and substitution. We also define (weak) monotonicity of polynomials and comparison of polynomials where we provide standard estimations like absolute positiveness or the more recent approach of Neurauter, Zankl, and Middeldorp. Moreover, it is proven that strongly normalizing (monotone) orders can be lifted to strongly normalizing (monotone) orders over polynomials. Our formalization was performed as part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eIsaFoR/CeTA-system\u003c/a\u003e which contains several termination techniques. The provided theories have been essential to formalize polynomial interpretations. \u003cp\u003e This formalization also contains an abstract representation as coefficient functions with finite support and a type of power-products. If this type is ordered by a linear (term) ordering, various additional notions, such as leading power-product, leading coefficient etc., are introduced as well. Furthermore, a lot of generic properties of, and functions on, multivariate polynomials are formalized, including the substitution and evaluation homomorphisms, embeddings of polynomial rings into larger rings (i.e. with one additional indeterminate), homogenization and dehomogenization of polynomials, and the canonical isomorphism between R[X,Y] and R[X][Y].",
"authors": [
"Christian Sternagel",
"René Thiemann",
"Alexander Maletzky",
"Fabian Immler",
"Florian Haftmann",
"Andreas Lochbihler",
"Alexander Bentkamp"
],
"date": "2010-08-10",
- "id": 619,
+ "id": 624,
"link": "/entries/Polynomials.html",
"permalink": "/entries/Polynomials.html",
"shortname": "Polynomials",
"title": "Executable Multivariate Polynomials",
"topic_links": [
"mathematics/analysis",
"mathematics/algebra",
"computer-science/algorithms/mathematical"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Algebra",
"Computer science/Algorithms/Mathematical"
],
"used_by": 7
},
{
"abstract": "We formalize in Isabelle/HOL the abtract syntax and a synchronous step semantics for the specification language Statecharts. The formalization is based on Hierarchical Automata which allow a structural decomposition of Statecharts into Sequential Automata. To support the composition of Statecharts, we introduce calculating operators to construct a Hierarchical Automaton in a stepwise manner. Furthermore, we present a complete semantics of Statecharts including a theory of data spaces, which enables the modelling of racing effects. We also adapt CTL for Statecharts to build a bridge for future combinations with model checking. However the main motivation of this work is to provide a sound and complete basis for reasoning on Statecharts. As a central meta theorem we prove that the well-formedness of a Statechart is preserved by the semantics.",
"authors": [
"Steffen Helke",
"Florian Kammüller"
],
"date": "2010-08-08",
- "id": 620,
+ "id": 625,
"link": "/entries/Statecharts.html",
"permalink": "/entries/Statecharts.html",
"shortname": "Statecharts",
"title": "Formalizing Statecharts using Hierarchical Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "Free Groups are, in a sense, the most generic kind of group. They are defined over a set of generators with no additional relations in between them. They play an important role in the definition of group presentations and in other fields. This theory provides the definition of Free Group as the set of fully canceled words in the generators. The universal property is proven, as well as some isomorphisms results about Free Groups.",
"authors": [
"Joachim Breitner"
],
"date": "2010-06-24",
- "id": 621,
+ "id": 626,
"link": "/entries/Free-Groups.html",
"permalink": "/entries/Free-Groups.html",
"shortname": "Free-Groups",
"title": "Free Groups",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This article presents a development of Category Theory in Isabelle/HOL. A Category is defined using records and locales. Functors and Natural Transformations are also defined. The main result that has been formalized is that the Yoneda functor is a full and faithful embedding. We also formalize the completeness of many sorted monadic equational logic. Extensive use is made of the HOLZF theory in both cases. For an informal description see \u003ca href=\"http://www.srcf.ucam.org/~apk32/Isabelle/Category/Cat.pdf\"\u003ehere [pdf]\u003c/a\u003e.",
"authors": [
"Alexander Katovsky"
],
"date": "2010-06-20",
- "id": 622,
+ "id": 627,
"link": "/entries/Category2.html",
"permalink": "/entries/Category2.html",
"shortname": "Category2",
"title": "Category Theory",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 0
},
{
"abstract": "We provide the operations of matrix addition, multiplication, transposition, and matrix comparisons as executable functions over ordered semirings. Moreover, it is proven that strongly normalizing (monotone) orders can be lifted to strongly normalizing (monotone) orders over matrices. We further show that the standard semirings over the naturals, integers, and rationals, as well as the arctic semirings satisfy the axioms that are required by our matrix theory. Our formalization is part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eCeTA\u003c/a\u003e system which contains several termination techniques. The provided theories have been essential to formalize matrix-interpretations and arctic interpretations.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2010-06-17",
- "id": 623,
+ "id": 628,
"link": "/entries/Matrix.html",
"permalink": "/entries/Matrix.html",
"shortname": "Matrix",
"title": "Executable Matrix Operations on Matrices of Arbitrary Dimensions",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 5
},
{
"abstract": "We present an Isabelle formalization of abstract rewriting (see, e.g., the book by Baader and Nipkow). First, we define standard relations like \u003ci\u003ejoinability\u003c/i\u003e, \u003ci\u003emeetability\u003c/i\u003e, \u003ci\u003econversion\u003c/i\u003e, etc. Then, we formalize important properties of abstract rewrite systems, e.g., confluence and strong normalization. Our main concern is on strong normalization, since this formalization is the basis of \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eCeTA\u003c/a\u003e (which is mainly about strong normalization of term rewrite systems). Hence lemmas involving strong normalization constitute by far the biggest part of this theory. One of those is Newman's lemma.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2010-06-14",
- "id": 624,
+ "id": 629,
"link": "/entries/Abstract-Rewriting.html",
"permalink": "/entries/Abstract-Rewriting.html",
"shortname": "Abstract-Rewriting",
"title": "Abstract Rewriting",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 10
},
{
"abstract": "The invariant based programming is a technique of constructing correct programs by first identifying the basic situations (pre- and post-conditions and invariants) that can occur during the execution of the program, and then defining the transitions and proving that they preserve the invariants. Data refinement is a technique of building correct programs working on concrete datatypes as refinements of more abstract programs. In the theories presented here we formalize the predicate transformer semantics for invariant based programs and their data refinement.",
"authors": [
"Viorel Preoteasa",
"Ralph-Johan Back"
],
"date": "2010-05-28",
- "id": 625,
+ "id": 630,
"link": "/entries/DataRefinementIBP.html",
"permalink": "/entries/DataRefinementIBP.html",
"shortname": "DataRefinementIBP",
"title": "Semantics and Data Refinement of Invariant Based Programs",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 1
},
{
"abstract": "The verification of the Deutsch-Schorr-Waite graph marking algorithm is used as a benchmark in many formalizations of pointer programs. The main purpose of this mechanization is to show how data refinement of invariant based programs can be used in verifying practical algorithms. The verification starts with an abstract algorithm working on a graph given by a relation \u003ci\u003enext\u003c/i\u003e on nodes. Gradually the abstract program is refined into Deutsch-Schorr-Waite graph marking algorithm where only one bit per graph node of additional memory is used for marking.",
"authors": [
"Viorel Preoteasa",
"Ralph-Johan Back"
],
"date": "2010-05-28",
- "id": 626,
+ "id": 631,
"link": "/entries/GraphMarkingIBP.html",
"permalink": "/entries/GraphMarkingIBP.html",
"shortname": "GraphMarkingIBP",
"title": "Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "This document gives a formalization of the proof of the Robbins conjecture, following A. Mann, \u003ci\u003eA Complete Proof of the Robbins Conjecture\u003c/i\u003e, 2003.",
"authors": [
- "Matthew Wampler-Doty"
+ "Matthew Doty"
],
"date": "2010-05-22",
- "id": 627,
+ "id": 632,
"link": "/entries/Robbins-Conjecture.html",
"permalink": "/entries/Robbins-Conjecture.html",
"shortname": "Robbins-Conjecture",
"title": "A Complete Proof of the Robbins Conjecture",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This is a library of constructions on regular expressions and languages. It provides the operations of concatenation, Kleene star and derivative on languages. Regular expressions and their meaning are defined. An executable equivalence checker for regular expressions is verified; it does not need automata but works directly on regular expressions. \u003ci\u003eBy mapping regular expressions to binary relations, an automatic and complete proof method for (in)equalities of binary relations over union, concatenation and (reflexive) transitive closure is obtained.\u003c/i\u003e \u003cP\u003e Extended regular expressions with complement and intersection are also defined and an equivalence checker is provided.",
"authors": [
"Alexander Krauss",
"Tobias Nipkow"
],
"date": "2010-05-12",
- "id": 628,
+ "id": 633,
"link": "/entries/Regular-Sets.html",
"permalink": "/entries/Regular-Sets.html",
"shortname": "Regular-Sets",
"title": "Regular Sets and Expressions",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 12
},
{
"abstract": "We present a Theory of Objects based on the original functional sigma-calculus by Abadi and Cardelli but with an additional parameter to methods. We prove confluence of the operational semantics following the outline of Nipkow's proof of confluence for the lambda-calculus reusing his theory Commutation, a generic diamond lemma reduction. We furthermore formalize a simple type system for our sigma-calculus including a proof of type safety. The entire development uses the concept of Locally Nameless representation for binders. We reuse an earlier proof of confluence for a simpler sigma-calculus based on de Bruijn indices and lists to represent objects.",
"authors": [
"Ludovic Henrio",
"Florian Kammüller",
"Bianca Lutz",
"Henry Sudhof"
],
"date": "2010-04-30",
- "id": 629,
+ "id": 634,
"link": "/entries/Locally-Nameless-Sigma.html",
"permalink": "/entries/Locally-Nameless-Sigma.html",
"shortname": "Locally-Nameless-Sigma",
"title": "Locally Nameless Sigma Calculus",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "This theory defines a type constructor representing the free Boolean algebra over a set of generators. Values of type (α)\u003ci\u003eformula\u003c/i\u003e represent propositional formulas with uninterpreted variables from type α, ordered by implication. In addition to all the standard Boolean algebra operations, the library also provides a function for building homomorphisms to any other Boolean algebra type.",
"authors": [
"Brian Huffman"
],
"date": "2010-03-29",
- "id": 630,
+ "id": 635,
"link": "/entries/Free-Boolean-Algebra.html",
"permalink": "/entries/Free-Boolean-Algebra.html",
"shortname": "Free-Boolean-Algebra",
"title": "Free Boolean Algebra",
"topic_links": [
"logic/general-logic/classical-propositional-logic"
],
"topics": [
"Logic/General logic/Classical propositional logic"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e In this contribution, we show how correctness proofs for \u003ca href=\"Slicing.html\"\u003eintra-\u003c/a\u003e and \u003ca href=\"HRB-Slicing.html\"\u003einterprocedural slicing\u003c/a\u003e can be used to prove that slicing is able to guarantee information flow noninterference. Moreover, we also illustrate how to lift the control flow graphs of the respective frameworks such that they fulfil the additional assumptions needed in the noninterference proofs. A detailed description of the intraprocedural proof and its interplay with the slicing framework can be found in the PLAS'09 paper by Wasserrab et al. \u003c/p\u003e \u003cp\u003e This entry contains the part for intra-procedural slicing. See entry \u003ca href=\"InformationFlowSlicing_Inter.html\"\u003eInformationFlowSlicing_Inter\u003c/a\u003e for the inter-procedural part. \u003c/p\u003e",
"authors": [
"Daniel Wasserrab"
],
"date": "2010-03-23",
- "id": 631,
+ "id": 636,
"link": "/entries/InformationFlowSlicing.html",
"permalink": "/entries/InformationFlowSlicing.html",
"shortname": "InformationFlowSlicing",
"title": "Information Flow Noninterference via Slicing",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e In this contribution, we show how correctness proofs for \u003ca href=\"Slicing.html\"\u003eintra-\u003c/a\u003e and \u003ca href=\"HRB-Slicing.html\"\u003einterprocedural slicing\u003c/a\u003e can be used to prove that slicing is able to guarantee information flow noninterference. Moreover, we also illustrate how to lift the control flow graphs of the respective frameworks such that they fulfil the additional assumptions needed in the noninterference proofs. A detailed description of the intraprocedural proof and its interplay with the slicing framework can be found in the PLAS'09 paper by Wasserrab et al. \u003c/p\u003e \u003cp\u003e This entry contains the part for inter-procedural slicing. See entry \u003ca href=\"InformationFlowSlicing.html\"\u003eInformationFlowSlicing\u003c/a\u003e for the intra-procedural part. \u003c/p\u003e",
"authors": [
"Daniel Wasserrab"
],
"date": "2010-03-23",
- "id": 632,
+ "id": 637,
"link": "/entries/InformationFlowSlicing_Inter.html",
"permalink": "/entries/InformationFlowSlicing_Inter.html",
"shortname": "InformationFlowSlicing_Inter",
"title": "Inter-Procedural Information Flow Noninterference via Slicing",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This theory provides functions for finding the index of an element in a list, by predicate and by value.",
"authors": [
"Tobias Nipkow"
],
"date": "2010-02-20",
- "id": 633,
+ "id": 638,
"link": "/entries/List-Index.html",
"permalink": "/entries/List-Index.html",
"shortname": "List-Index",
"title": "List Index",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 21
},
{
"abstract": "This article collects formalisations of general-purpose coinductive data types and sets. Currently, it contains coinductive natural numbers, coinductive lists, i.e. lazy lists or streams, infinite streams, coinductive terminated lists, coinductive resumptions, a library of operations on coinductive lists, and a version of König's lemma as an application for coinductive lists.\u003cbr\u003eThe initial theory was contributed by Paulson and Wenzel. Extensions and other coinductive formalisations of general interest are welcome.",
"authors": [
"Andreas Lochbihler"
],
"date": "2010-02-12",
- "id": 634,
+ "id": 639,
"link": "/entries/Coinductive.html",
"permalink": "/entries/Coinductive.html",
"shortname": "Coinductive",
"title": "Coinductive",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 12
},
{
"abstract": "This contribution contains a fast SAT solver for Isabelle written in Standard ML. By loading the theory \u003ctt\u003eDPT_SAT_Solver\u003c/tt\u003e, the SAT solver installs itself (under the name ``dptsat'') and certain Isabelle tools like Refute will start using it automatically. This is a port of the DPT (Decision Procedure Toolkit) SAT Solver written in OCaml.",
"authors": [
"Armin Heller"
],
"date": "2009-12-09",
- "id": 635,
+ "id": 640,
"link": "/entries/DPT-SAT-Solver.html",
"permalink": "/entries/DPT-SAT-Solver.html",
"shortname": "DPT-SAT-Solver",
"title": "A Fast SAT Solver for Isabelle in Standard ML",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 0
},
{
"abstract": "This work presents a formalization of a library for automata on bit strings. It forms the basis of a reflection-based decision procedure for Presburger arithmetic, which is efficiently executable thanks to Isabelle's code generator. With this work, we therefore provide a mechanized proof of a well-known connection between logic and automata theory. The formalization is also described in a publication [TPHOLs 2009].",
"authors": [
"Stefan Berghofer",
"Markus Reiter"
],
"date": "2009-12-03",
- "id": 636,
+ "id": 641,
"link": "/entries/Presburger-Automata.html",
"permalink": "/entries/Presburger-Automata.html",
"shortname": "Presburger-Automata",
"title": "Formalizing the Logic-Automaton Connection",
"topic_links": [
"computer-science/automata-and-formal-languages",
"logic/general-logic/decidability-of-theories"
],
"topics": [
"Computer science/Automata and formal languages",
"Logic/General logic/Decidability of theories"
],
"used_by": 0
},
{
"abstract": "This development provides an efficient, extensible, machine checked collections framework. The library adopts the concepts of interface, implementation and generic algorithm from object-oriented programming and implements them in Isabelle/HOL. The framework features the use of data refinement techniques to refine an abstract specification (using high-level concepts like sets) to a more concrete implementation (using collection datastructures, like red-black-trees). The code-generator of Isabelle/HOL can be used to generate efficient code.",
"authors": [
"Peter Lammich"
],
"date": "2009-11-25",
- "id": 637,
+ "id": 642,
"link": "/entries/Collections.html",
"permalink": "/entries/Collections.html",
"shortname": "Collections",
"title": "Collections Framework",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 18
},
{
"abstract": "This work presents a machine-checked tree automata library for Standard-ML, OCaml and Haskell. The algorithms are efficient by using appropriate data structures like RB-trees. The available algorithms for non-deterministic automata include membership query, reduction, intersection, union, and emptiness check with computation of a witness for non-emptiness. The executable algorithms are derived from less-concrete, non-executable algorithms using data-refinement techniques. The concrete data structures are from the Isabelle Collections Framework. Moreover, this work contains a formalization of the class of tree-regular languages and its closure properties under set operations.",
"authors": [
"Peter Lammich"
],
"date": "2009-11-25",
- "id": 638,
+ "id": 643,
"link": "/entries/Tree-Automata.html",
"permalink": "/entries/Tree-Automata.html",
"shortname": "Tree-Automata",
"title": "Tree Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "These theories present the mechanised proof of the Perfect Number Theorem.",
"authors": [
"Mark Ijbema"
],
"date": "2009-11-22",
- "id": 639,
+ "id": 644,
"link": "/entries/Perfect-Number-Thm.html",
"permalink": "/entries/Perfect-Number-Thm.html",
"shortname": "Perfect-Number-Thm",
"title": "Perfect Number Theorem",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "After verifying \u003ca href=\"Slicing.html\"\u003edynamic and static interprocedural slicing\u003c/a\u003e, we present a modular framework for static interprocedural slicing. To this end, we formalized the standard two-phase slicer from Horwitz, Reps and Binkley (see their TOPLAS 12(1) 1990 paper) together with summary edges as presented by Reps et al. (see FSE 1994). The framework is again modular in the programming language by using an abstract CFG, defined via structural and well-formedness properties. Using a weak simulation between the original and sliced graph, we were able to prove the correctness of static interprocedural slicing. We also instantiate our framework with a simple While language with procedures. This shows that the chosen abstractions are indeed valid.",
"authors": [
"Daniel Wasserrab"
],
"date": "2009-11-13",
- "id": 640,
+ "id": 645,
"link": "/entries/HRB-Slicing.html",
"permalink": "/entries/HRB-Slicing.html",
"shortname": "HRB-Slicing",
"title": "Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 1
},
{
"abstract": "Gill and Hutton formalise the worker/wrapper transformation, building on the work of Launchbury and Peyton-Jones who developed it as a way of changing the type at which a recursive function operates. This development establishes the soundness of the technique and several examples of its use.",
"authors": [
"Peter Gammie"
],
"date": "2009-10-30",
- "id": 641,
+ "id": 646,
"link": "/entries/WorkerWrapper.html",
"permalink": "/entries/WorkerWrapper.html",
"shortname": "WorkerWrapper",
"title": "The Worker/Wrapper Transformation",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "We develop a basic theory of ordinals and cardinals in Isabelle/HOL, up to the point where some cardinality facts relevant for the ``working mathematician\" become available. Unlike in set theory, here we do not have at hand canonical notions of ordinal and cardinal. Therefore, here an ordinal is merely a well-order relation and a cardinal is an ordinal minim w.r.t. order embedding on its field.",
"authors": [
"Andrei Popescu"
],
"date": "2009-09-01",
- "id": 642,
+ "id": 647,
"link": "/entries/Ordinals_and_Cardinals.html",
"permalink": "/entries/Ordinals_and_Cardinals.html",
"shortname": "Ordinals_and_Cardinals",
"title": "Ordinals and Cardinals",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 0
},
{
"abstract": "The invertibility of the rules of a sequent calculus is important for guiding proof search and can be used in some formalised proofs of Cut admissibility. We present sufficient conditions for when a rule is invertible with respect to a calculus. We illustrate the conditions with examples. It must be noted we give purely syntactic criteria; no guarantees are given as to the suitability of the rules.",
"authors": [
"Peter Chapman"
],
"date": "2009-08-28",
- "id": 643,
+ "id": 648,
"link": "/entries/SequentInvertibility.html",
"permalink": "/entries/SequentInvertibility.html",
"shortname": "SequentInvertibility",
"title": "Invertibility in Sequent Calculi",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "We formalize the usual proof that the group generated by the function k -\u003e k + 1 on the integers gives rise to a cofinitary group.",
"authors": [
"Bart Kastermans"
],
"date": "2009-08-04",
- "id": 644,
+ "id": 649,
"link": "/entries/CofGroups.html",
"permalink": "/entries/CofGroups.html",
"shortname": "CofGroups",
"title": "An Example of a Cofinitary Group in Isabelle/HOL",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "FinFuns are total functions that are constant except for a finite set of points, i.e. a generalisation of finite maps. They are formalised as a new type in Isabelle/HOL such that the code generator can handle equality tests and quantification on FinFuns. On the code output level, FinFuns are explicitly represented by constant functions and pointwise updates, similarly to associative lists. Inside the logic, they behave like ordinary functions with extensionality. Via the update/constant pattern, a recursion combinator and an induction rule for FinFuns allow for defining and reasoning about operators on FinFun that are also executable.",
"authors": [
"Andreas Lochbihler"
],
"date": "2009-05-06",
- "id": 645,
+ "id": 650,
"link": "/entries/FinFun.html",
"permalink": "/entries/FinFun.html",
"shortname": "FinFun",
"title": "Code Generation for Functions as Data",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 4
},
{
"abstract": "Stream Fusion is a system for removing intermediate list structures from Haskell programs; it consists of a Haskell library along with several compiler rewrite rules. (The library is available \u003ca href=\"http://hackage.haskell.org/package/stream-fusion\"\u003eonline\u003c/a\u003e.)\u003cbr\u003e\u003cbr\u003eThese theories contain a formalization of much of the Stream Fusion library in HOLCF. Lazy list and stream types are defined, along with coercions between the two types, as well as an equivalence relation for streams that generate the same list. List and stream versions of map, filter, foldr, enumFromTo, append, zipWith, and concatMap are defined, and the stream versions are shown to respect stream equivalence.",
"authors": [
"Brian Huffman"
],
"date": "2009-04-29",
- "id": 646,
+ "id": 651,
"link": "/entries/Stream-Fusion.html",
"permalink": "/entries/Stream-Fusion.html",
"shortname": "Stream-Fusion",
"title": "Stream Fusion",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "This document contains the Isabelle/HOL sources underlying the paper \u003ci\u003eA bytecode logic for JML and types\u003c/i\u003e by Beringer and Hofmann, updated to Isabelle 2008. We present a program logic for a subset of sequential Java bytecode that is suitable for representing both, features found in high-level specification language JML as well as interpretations of high-level type systems. To this end, we introduce a fine-grained collection of assertions, including strong invariants, local annotations and VDM-reminiscent partial-correctness specifications. Thanks to a goal-oriented structure and interpretation of judgements, verification may proceed without recourse to an additional control flow analysis. The suitability for interpreting intensional type systems is illustrated by the proof-carrying-code style encoding of a type system for a first-order functional language which guarantees a constant upper bound on the number of objects allocated throughout an execution, be the execution terminating or non-terminating. Like the published paper, the formal development is restricted to a comparatively small subset of the JVML, lacking (among other features) exceptions, arrays, virtual methods, and static fields. This shortcoming has been overcome meanwhile, as our paper has formed the basis of the Mobius base logic, a program logic for the full sequential fragment of the JVML. Indeed, the present formalisation formed the basis of a subsequent formalisation of the Mobius base logic in the proof assistant Coq, which includes a proof of soundness with respect to the Bicolano operational semantics by Pichardie.",
"authors": [
"Lennart Beringer",
"Martin Hofmann"
],
"date": "2008-12-12",
- "id": 647,
+ "id": 652,
"link": "/entries/BytecodeLogicJmlTypes.html",
"permalink": "/entries/BytecodeLogicJmlTypes.html",
"shortname": "BytecodeLogicJmlTypes",
"title": "A Bytecode Logic for JML and Types",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "We present interpretations of type systems for secure information flow in Hoare logic, complementing previous encodings in relational program logics. We first treat the imperative language IMP, extended by a simple procedure call mechanism. For this language we consider base-line non-interference in the style of Volpano et al. and the flow-sensitive type system by Hunt and Sands. In both cases, we show how typing derivations may be used to automatically generate proofs in the program logic that certify the absence of illicit flows. We then add instructions for object creation and manipulation, and derive appropriate proof rules for base-line non-interference. As a consequence of our work, standard verification technology may be used for verifying that a concrete program satisfies the non-interference property.\u003cbr\u003e\u003cbr\u003eThe present proof development represents an update of the formalisation underlying our paper [CSF 2007] and is intended to resolve any ambiguities that may be present in the paper.",
"authors": [
"Lennart Beringer",
"Martin Hofmann"
],
"date": "2008-11-10",
- "id": 648,
+ "id": 653,
"link": "/entries/SIFPL.html",
"permalink": "/entries/SIFPL.html",
"shortname": "SIFPL",
"title": "Secure information flow and program logics",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/security"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "Drawing on Sen's landmark work \"Collective Choice and Social Welfare\" (1970), this development proves Arrow's General Possibility Theorem, Sen's Liberal Paradox and May's Theorem in a general setting. The goal was to make precise the classical statements and proofs of these results, and to provide a foundation for more recent results such as the Gibbard-Satterthwaite and Duggan-Schwartz theorems.",
"authors": [
"Peter Gammie"
],
"date": "2008-11-09",
- "id": 649,
+ "id": 654,
"link": "/entries/SenSocialChoice.html",
"permalink": "/entries/SenSocialChoice.html",
"shortname": "SenSocialChoice",
"title": "Some classical results in Social Choice Theory",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "Tilings are defined inductively. It is shown that one form of mutilated chess board cannot be tiled with dominoes, while another one can be tiled with L-shaped tiles. Please add further fun examples of this kind!",
"authors": [
"Tobias Nipkow",
"Lawrence C. Paulson"
],
"date": "2008-11-07",
- "id": 650,
+ "id": 655,
"link": "/entries/FunWithTilings.html",
"permalink": "/entries/FunWithTilings.html",
"shortname": "FunWithTilings",
"title": "Fun With Tilings",
"topic_links": [
"mathematics/misc"
],
"topics": [
"Mathematics/Misc"
],
"used_by": 0
},
{
"abstract": "Huffman's algorithm is a procedure for constructing a binary tree with minimum weighted path length. This report presents a formal proof of the correctness of Huffman's algorithm written using Isabelle/HOL. Our proof closely follows the sketches found in standard algorithms textbooks, uncovering a few snags in the process. Another distinguishing feature of our formalization is the use of custom induction rules to help Isabelle's automatic tactics, leading to very short proofs for most of the lemmas.",
"authors": [
"Jasmin Christian Blanchette"
],
"date": "2008-10-15",
- "id": 651,
+ "id": 656,
"link": "/entries/Huffman.html",
"permalink": "/entries/Huffman.html",
"shortname": "Huffman",
"title": "The Textbook Proof of Huffman's Algorithm",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "Slicing is a widely-used technique with applications in e.g. compiler technology and software security. Thus verification of algorithms in these areas is often based on the correctness of slicing, which should ideally be proven independent of concrete programming languages and with the help of well-known verifying techniques such as proof assistants. As a first step in this direction, this contribution presents a framework for dynamic and static intraprocedural slicing based on control flow and program dependence graphs. Abstracting from concrete syntax we base the framework on a graph representation of the program fulfilling certain structural and well-formedness properties.\u003cbr\u003e\u003cbr\u003eThe formalization consists of the basic framework (in subdirectory Basic/), the correctness proof for dynamic slicing (in subdirectory Dynamic/), the correctness proof for static intraprocedural slicing (in subdirectory StaticIntra/) and instantiations of the framework with a simple While language (in subdirectory While/) and the sophisticated object-oriented bytecode language of Jinja (in subdirectory JinjaVM/). For more information on the framework, see the TPHOLS 2008 paper by Wasserrab and Lochbihler and the PLAS 2009 paper by Wasserrab et al.",
"authors": [
"Daniel Wasserrab"
],
"date": "2008-09-16",
- "id": 652,
+ "id": 657,
"link": "/entries/Slicing.html",
"permalink": "/entries/Slicing.html",
"shortname": "Slicing",
"title": "Towards Certified Slicing",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 2
},
{
"abstract": "The Volpano/Smith/Irvine security type systems requires that variables are annotated as high (secret) or low (public), and provides typing rules which guarantee that secret values cannot leak to public output ports. This property of a program is called confidentiality. For a simple while-language without threads, our proof shows that typeability in the Volpano/Smith system guarantees noninterference. Noninterference means that if two initial states for program execution are low-equivalent, then the final states are low-equivalent as well. This indeed implies that secret values cannot leak to public ports. The proof defines an abstract syntax and operational semantics for programs, formalizes noninterference, and then proceeds by rule induction on the operational semantics. The mathematically most intricate part is the treatment of implicit flows. Note that the Volpano/Smith system is not flow-sensitive and thus quite unprecise, resulting in false alarms. However, due to the correctness property, all potential breaks of confidentiality are discovered.",
"authors": [
"Gregor Snelting",
"Daniel Wasserrab"
],
"date": "2008-09-02",
- "id": 653,
+ "id": 658,
"link": "/entries/VolpanoSmith.html",
"permalink": "/entries/VolpanoSmith.html",
"shortname": "VolpanoSmith",
"title": "A Correctness Proof for the Volpano/Smith Security Typing System",
"topic_links": [
"computer-science/programming-languages/type-systems",
"computer-science/security"
],
"topics": [
"Computer science/Programming languages/Type systems",
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This article formalizes two proofs of Arrow's impossibility theorem due to Geanakoplos and derives the Gibbard-Satterthwaite theorem as a corollary. One formalization is based on utility functions, the other one on strict partial orders.",
"authors": [
"Tobias Nipkow"
],
"date": "2008-09-01",
- "id": 654,
+ "id": 659,
"link": "/entries/ArrowImpossibilityGS.html",
"permalink": "/entries/ArrowImpossibilityGS.html",
"shortname": "ArrowImpossibilityGS",
"title": "Arrow and Gibbard-Satterthwaite",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "This is a collection of cute puzzles of the form ``Show that if a function satisfies the following constraints, it must be ...'' Please add further examples to this collection!",
"authors": [
"Tobias Nipkow"
],
"date": "2008-08-26",
- "id": 655,
+ "id": 660,
"link": "/entries/FunWithFunctions.html",
"permalink": "/entries/FunWithFunctions.html",
"shortname": "FunWithFunctions",
"title": "Fun With Functions",
"topic_links": [
"mathematics/misc"
],
"topics": [
"Mathematics/Misc"
],
"used_by": 0
},
{
"abstract": "This document contains formal correctness proofs of modern SAT solvers. Following (Krstic et al, 2007) and (Nieuwenhuis et al., 2006), solvers are described using state-transition systems. Several different SAT solver descriptions are given and their partial correctness and termination is proved. These include: \u003cul\u003e \u003cli\u003e a solver based on classical DPLL procedure (using only a backtrack-search with unit propagation),\u003c/li\u003e \u003cli\u003e a very general solver with backjumping and learning (similar to the description given in (Nieuwenhuis et al., 2006)), and\u003c/li\u003e \u003cli\u003e a solver with a specific conflict analysis algorithm (similar to the description given in (Krstic et al., 2007)).\u003c/li\u003e \u003c/ul\u003e Within the SAT solver correctness proofs, a large number of lemmas about propositional logic and CNF formulae are proved. This theory is self-contained and could be used for further exploring of properties of CNF based SAT algorithms.",
"authors": [
"Filip Marić"
],
"date": "2008-07-23",
- "id": 656,
+ "id": 661,
"link": "/entries/SATSolverVerification.html",
"permalink": "/entries/SATSolverVerification.html",
"shortname": "SATSolverVerification",
"title": "Formal Verification of Modern SAT Solvers",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This document presents the formalization of introductory material from recursion theory --- definitions and basic properties of primitive recursive functions, Cantor pairing function and computably enumerable sets (including a proof of existence of a one-complete computably enumerable set and a proof of the Rice's theorem).",
"authors": [
"Michael Nedzelsky"
],
"date": "2008-04-05",
- "id": 657,
+ "id": 662,
"link": "/entries/Recursion-Theory-I.html",
"permalink": "/entries/Recursion-Theory-I.html",
"shortname": "Recursion-Theory-I",
"title": "Recursion Theory I",
"topic_links": [
"logic/computability"
],
"topics": [
"Logic/Computability"
],
"used_by": 1
},
{
"abstract": "We present the theory of Simpl, a sequential imperative programming language. We introduce its syntax, its semantics (big and small-step operational semantics) and Hoare logics for both partial as well as total correctness. We prove soundness and completeness of the Hoare logic. We integrate and automate the Hoare logic in Isabelle/HOL to obtain a practically usable verification environment for imperative programs. Simpl is independent of a concrete programming language but expressive enough to cover all common language features: mutually recursive procedures, abrupt termination and exceptions, runtime faults, local and global variables, pointers and heap, expressions with side effects, pointers to procedures, partial application and closures, dynamic method invocation and also unbounded nondeterminism.",
"authors": [
"Norbert Schirmer"
],
"date": "2008-02-29",
- "id": 658,
+ "id": 663,
"link": "/entries/Simpl.html",
"permalink": "/entries/Simpl.html",
"shortname": "Simpl",
"title": "A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment",
"topic_links": [
"computer-science/programming-languages/language-definitions",
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Language definitions",
"Computer science/Programming languages/Logics"
],
"used_by": 2
},
{
"abstract": "We present the verification of the normalisation of a binary decision diagram (BDD). The normalisation follows the original algorithm presented by Bryant in 1986 and transforms an ordered BDD in a reduced, ordered and shared BDD. The verification is based on Hoare logics.",
"authors": [
"Veronika Ortner",
"Norbert Schirmer"
],
"date": "2008-02-29",
- "id": 659,
+ "id": 664,
"link": "/entries/BDD.html",
"permalink": "/entries/BDD.html",
"shortname": "BDD",
"title": "BDD Normalisation",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "This article formalizes normalization by evaluation as implemented in Isabelle. Lambda calculus plus term rewriting is compiled into a functional program with pattern matching. It is proved that the result of a successful evaluation is a) correct, i.e. equivalent to the input, and b) in normal form.",
"authors": [
"Klaus Aehlig",
"Tobias Nipkow"
],
"date": "2008-02-18",
- "id": 660,
+ "id": 665,
"link": "/entries/NormByEval.html",
"permalink": "/entries/NormByEval.html",
"shortname": "NormByEval",
"title": "Normalization by Evaluation",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 0
},
{
"abstract": "This article formalizes quantifier elimination procedures for dense linear orders, linear real arithmetic and Presburger arithmetic. In each case both a DNF-based non-elementary algorithm and one or more (doubly) exponential NNF-based algorithms are formalized, including the well-known algorithms by Ferrante and Rackoff and by Cooper. The NNF-based algorithms for dense linear orders are new but based on Ferrante and Rackoff and on an algorithm by Loos and Weisspfenning which simulates infenitesimals. All algorithms are directly executable. In particular, they yield reflective quantifier elimination procedures for HOL itself. The formalization makes heavy use of locales and is therefore highly modular.",
"authors": [
"Tobias Nipkow"
],
"date": "2008-01-11",
- "id": 661,
+ "id": 666,
"link": "/entries/LinearQuantifierElim.html",
"permalink": "/entries/LinearQuantifierElim.html",
"shortname": "LinearQuantifierElim",
"title": "Quantifier Elimination for Linear Arithmetic",
"topic_links": [
"logic/general-logic/decidability-of-theories"
],
"topics": [
"Logic/General logic/Decidability of theories"
],
"used_by": 0
},
{
"abstract": "In this work we formally verify the soundness and precision of a static program analysis that detects conflicts (e. g. data races) in programs with procedures, thread creation and monitors with the Isabelle theorem prover. As common in static program analysis, our program model abstracts guarded branching by nondeterministic branching, but completely interprets the call-/return behavior of procedures, synchronization by monitors, and thread creation. The analysis is based on the observation that all conflicts already occur in a class of particularly restricted schedules. These restricted schedules are suited to constraint-system-based program analysis. The formalization is based upon a flowgraph-based program model with an operational semantics as reference point.",
"authors": [
"Peter Lammich",
"Markus Müller-Olm"
],
"date": "2007-12-14",
- "id": 662,
+ "id": 667,
"link": "/entries/Program-Conflict-Analysis.html",
"permalink": "/entries/Program-Conflict-Analysis.html",
"shortname": "Program-Conflict-Analysis",
"title": "Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 1
},
{
"abstract": "We extend the Jinja source code semantics by Klein and Nipkow with Java-style arrays and threads. Concurrency is captured in a generic framework semantics for adding concurrency through interleaving to a sequential semantics, which features dynamic thread creation, inter-thread communication via shared memory, lock synchronisation and joins. Also, threads can suspend themselves and be notified by others. We instantiate the framework with the adapted versions of both Jinja source and byte code and show type safety for the multithreaded case. Equally, the compiler from source to byte code is extended, for which we prove weak bisimilarity between the source code small step semantics and the defensive Jinja virtual machine. On top of this, we formalise the JMM and show the DRF guarantee and consistency. For description of the different parts, see Lochbihler's papers at FOOL 2008, ESOP 2010, ITP 2011, and ESOP 2012.",
"authors": [
"Andreas Lochbihler"
],
"date": "2007-12-03",
- "id": 663,
+ "id": 668,
"link": "/entries/JinjaThreads.html",
"permalink": "/entries/JinjaThreads.html",
"shortname": "JinjaThreads",
"title": "Jinja with Threads",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "This article is an Isabelle formalisation of a paper with the same title. In a similar way as Knuth's 0-1-principle for sorting algorithms, that paper develops a 0-1-2-principle for parallel prefix computations.",
"authors": [
"Sascha Böhme"
],
"date": "2007-11-06",
- "id": 664,
+ "id": 669,
"link": "/entries/MuchAdoAboutTwo.html",
"permalink": "/entries/MuchAdoAboutTwo.html",
"shortname": "MuchAdoAboutTwo",
"title": "Much Ado About Two",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This document presents the mechanised proofs of\u003cul\u003e\u003cli\u003eFermat's Last Theorem for exponents 3 and 4 and\u003c/li\u003e\u003cli\u003ethe parametrisation of Pythagorean Triples.\u003c/li\u003e\u003c/ul\u003e",
"authors": [
"Roelof Oosterhuis"
],
"date": "2007-08-12",
- "id": 665,
+ "id": 670,
"link": "/entries/Fermat3_4.html",
"permalink": "/entries/Fermat3_4.html",
"shortname": "Fermat3_4",
"title": "Fermat's Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "This document presents the mechanised proofs of the following results:\u003cul\u003e\u003cli\u003eany prime number of the form 4m+1 can be written as the sum of two squares;\u003c/li\u003e\u003cli\u003eany natural number can be written as the sum of four squares\u003c/li\u003e\u003c/ul\u003e",
"authors": [
"Roelof Oosterhuis"
],
"date": "2007-08-12",
- "id": 666,
+ "id": 671,
"link": "/entries/SumSquares.html",
"permalink": "/entries/SumSquares.html",
"shortname": "SumSquares",
"title": "Sums of Two and Four Squares",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "Convergence with respect to a valuation is discussed as convergence of a Cauchy sequence. Cauchy sequences of polynomials are defined. They are used to formalize Hensel's lemma.",
"authors": [
"Hidetsune Kobayashi"
],
"date": "2007-08-08",
- "id": 667,
+ "id": 672,
"link": "/entries/Valuation.html",
"permalink": "/entries/Valuation.html",
"shortname": "Valuation",
"title": "Fundamental Properties of Valuation Theory and Hensel's Lemma",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "We present a formalization of parts of Melvin Fitting's book \"First-Order Logic and Automated Theorem Proving\". The formalization covers the syntax of first-order logic, its semantics, the model existence theorem, a natural deduction proof calculus together with a proof of correctness and completeness, as well as the Löwenheim-Skolem theorem.",
"authors": [
"Stefan Berghofer"
],
"date": "2007-08-02",
- "id": 668,
+ "id": 673,
"link": "/entries/FOL-Fitting.html",
"permalink": "/entries/FOL-Fitting.html",
"shortname": "FOL-Fitting",
"title": "First-Order Logic According to Fitting",
"topic_links": [
"logic/general-logic/classical-first-order-logic"
],
"topics": [
"Logic/General logic/Classical first-order logic"
],
"used_by": 2
},
{
"abstract": "We present a solution to the POPLmark challenge designed by Aydemir et al., which has as a goal the formalization of the meta-theory of System F\u003csub\u003e\u0026lt;:\u003c/sub\u003e. The formalization is carried out in the theorem prover Isabelle/HOL using an encoding based on de Bruijn indices. We start with a relatively simple formalization covering only the basic features of System F\u003csub\u003e\u0026lt;:\u003c/sub\u003e, and explain how it can be extended to also cover records and more advanced binding constructs.",
"authors": [
"Stefan Berghofer"
],
"date": "2007-08-02",
- "id": 669,
+ "id": 674,
"link": "/entries/POPLmark-deBruijn.html",
"permalink": "/entries/POPLmark-deBruijn.html",
"shortname": "POPLmark-deBruijn",
"title": "POPLmark Challenge Via de Bruijn Indices",
"topic_links": [
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 0
},
{
"abstract": "Two models of an electronic hotel key card system are contrasted: a state based and a trace based one. Both are defined, verified, and proved equivalent in the theorem prover Isabelle/HOL. It is shown that if a guest follows a certain safety policy regarding her key cards, she can be sure that nobody but her can enter her room.",
"authors": [
"Tobias Nipkow"
],
"date": "2006-09-09",
- "id": 670,
+ "id": 675,
"link": "/entries/HotelKeyCards.html",
"permalink": "/entries/HotelKeyCards.html",
"shortname": "HotelKeyCards",
"title": "Hotel Key Card System",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "These therories describe Hoare logics for a number of imperative language constructs, from while-loops to mutually recursive procedures. Both partial and total correctness are treated. In particular a proof system for total correctness of recursive procedures in the presence of unbounded nondeterminism is presented.",
"authors": [
"Tobias Nipkow"
],
"date": "2006-08-08",
- "id": 671,
+ "id": 676,
"link": "/entries/Abstract-Hoare-Logics.html",
"permalink": "/entries/Abstract-Hoare-Logics.html",
"shortname": "Abstract-Hoare-Logics",
"title": "Abstract Hoare Logics",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "These theories present the verified enumeration of \u003ci\u003etame\u003c/i\u003e plane graphs as defined by Thomas C. Hales in his proof of the Kepler Conjecture in his book \u003ci\u003eDense Sphere Packings. A Blueprint for Formal Proofs.\u003c/i\u003e [CUP 2012]. The values of the constants in the definition of tameness are identical to those in the \u003ca href=\"https://code.google.com/p/flyspeck/\"\u003eFlyspeck project\u003c/a\u003e. The \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/Flyspeck/\"\u003eIJCAR 2006 paper by Nipkow, Bauer and Schultz\u003c/a\u003e refers to the original version of Hales' proof, the \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/itp11.html\"\u003eITP 2011 paper by Nipkow\u003c/a\u003e refers to the Blueprint version of the proof.",
"authors": [
"Gertrud Bauer",
"Tobias Nipkow"
],
"date": "2006-05-22",
- "id": 672,
+ "id": 677,
"link": "/entries/Flyspeck-Tame.html",
"permalink": "/entries/Flyspeck-Tame.html",
"shortname": "Flyspeck-Tame",
"title": "Flyspeck I: Tame Graphs",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 1
},
{
"abstract": "We present an operational semantics and type safety proof for multiple inheritance in C++. The semantics models the behavior of method calls, field accesses, and two forms of casts in C++ class hierarchies. For explanations see the OOPSLA 2006 paper by Wasserrab, Nipkow, Snelting and Tip.",
"authors": [
"Daniel Wasserrab"
],
"date": "2006-05-15",
- "id": 673,
+ "id": 678,
"link": "/entries/CoreC++.html",
"permalink": "/entries/CoreC++.html",
"shortname": "CoreC++",
"title": "CoreC++",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "We formalize the type system, small-step operational semantics, and type soundness proof for Featherweight Java, a simple object calculus, in Isabelle/HOL.",
"authors": [
"J. Nathan Foster",
"Dimitrios Vytiniotis"
],
"date": "2006-03-31",
- "id": 674,
+ "id": 679,
"link": "/entries/FeatherweightJava.html",
"permalink": "/entries/FeatherweightJava.html",
"shortname": "FeatherweightJava",
"title": "A Theory of Featherweight Java in Isabelle/HOL",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "F. B. Schneider (\"Understanding protocols for Byzantine clock synchronization\") generalizes a number of protocols for Byzantine fault-tolerant clock synchronization and presents a uniform proof for their correctness. In Schneider's schema, each processor maintains a local clock by periodically adjusting each value to one computed by a convergence function applied to the readings of all the clocks. Then, correctness of an algorithm, i.e. that the readings of two clocks at any time are within a fixed bound of each other, is based upon some conditions on the convergence function. To prove that a particular clock synchronization algorithm is correct it suffices to show that the convergence function used by the algorithm meets Schneider's conditions. Using the theorem prover Isabelle, we formalize the proofs that the convergence functions of two algorithms, namely, the Interactive Convergence Algorithm (ICA) of Lamport and Melliar-Smith and the Fault-tolerant Midpoint algorithm of Lundelius-Lynch, meet Schneider's conditions. Furthermore, we experiment on handling some parts of the proofs with fully automatic tools like ICS and CVC-lite. These theories are part of a joint work with Alwen Tiu and Leonor P. Nieto \u003ca href=\"http://users.rsise.anu.edu.au/~tiu/clocksync.pdf\"\u003e\"Verification of Clock Synchronization Algorithms: Experiments on a combination of deductive tools\"\u003c/a\u003e in proceedings of AVOCS 2005. In this work the correctness of Schneider schema was also verified using Isabelle (entry \u003ca href=\"GenClock.html\"\u003eGenClock\u003c/a\u003e in AFP).",
"authors": [
"Damián Barsotti"
],
"date": "2006-03-15",
- "id": 675,
+ "id": 680,
"link": "/entries/ClockSynchInst.html",
"permalink": "/entries/ClockSynchInst.html",
"shortname": "ClockSynchInst",
"title": "Instances of Schneider's generalized protocol of clock synchronization",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "This document presents the mechanised proofs of two popular theorems attributed to Augustin Louis Cauchy - Cauchy's Mean Theorem and the Cauchy-Schwarz Inequality.",
"authors": [
"Benjamin Porter"
],
"date": "2006-03-14",
- "id": 676,
+ "id": 681,
"link": "/entries/Cauchy.html",
"permalink": "/entries/Cauchy.html",
"shortname": "Cauchy",
"title": "Cauchy's Mean Theorem and the Cauchy-Schwarz Inequality",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "This development defines a well-ordered type of countable ordinals. It includes notions of continuous and normal functions, recursively defined functions over ordinals, least fixed-points, and derivatives. Much of ordinal arithmetic is formalized, including exponentials and logarithms. The development concludes with formalizations of Cantor Normal Form and Veblen hierarchies over normal functions.",
"authors": [
"Brian Huffman"
],
"date": "2005-11-11",
- "id": 677,
+ "id": 682,
"link": "/entries/Ordinal.html",
"permalink": "/entries/Ordinal.html",
"shortname": "Ordinal",
"title": "Countable Ordinals",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 1
},
{
"abstract": "We formalise a functional implementation of the FFT algorithm over the complex numbers, and its inverse. Both are shown equivalent to the usual definitions of these operations through Vandermonde matrices. They are also shown to be inverse to each other, more precisely, that composition of the inverse and the transformation yield the identity up to a scalar.",
"authors": [
"Clemens Ballarin"
],
"date": "2005-10-12",
- "id": 678,
+ "id": 683,
"link": "/entries/FFT.html",
"permalink": "/entries/FFT.html",
"shortname": "FFT",
"title": "Fast Fourier Transform",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 0
},
{
"abstract": "We formalize the generalized Byzantine fault-tolerant clock synchronization protocol of Schneider. This protocol abstracts from particular algorithms or implementations for clock synchronization. This abstraction includes several assumptions on the behaviors of physical clocks and on general properties of concrete algorithms/implementations. Based on these assumptions the correctness of the protocol is proved by Schneider. His proof was later verified by Shankar using the theorem prover EHDM (precursor to PVS). Our formalization in Isabelle/HOL is based on Shankar's formalization.",
"authors": [
"Alwen Tiu"
],
"date": "2005-06-24",
- "id": 679,
+ "id": 684,
"link": "/entries/GenClock.html",
"permalink": "/entries/GenClock.html",
"shortname": "GenClock",
"title": "Formalization of a Generalized Protocol for Clock Synchronization",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "Disk Paxos is an algorithm for building arbitrary fault-tolerant distributed systems. The specification of Disk Paxos has been proved correct informally and tested using the TLC model checker, but up to now, it has never been fully formally verified. In this work we have formally verified its correctness using the Isabelle theorem prover and the HOL logic system, showing that Isabelle is a practical tool for verifying properties of TLA+ specifications.",
"authors": [
"Mauro Jaskelioff",
"Stephan Merz"
],
"date": "2005-06-22",
- "id": 680,
+ "id": 685,
"link": "/entries/DiskPaxos.html",
"permalink": "/entries/DiskPaxos.html",
"shortname": "DiskPaxos",
"title": "Proving the Correctness of Disk Paxos",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "This document presents the formalization of an object-oriented data and store model in Isabelle/HOL. This model is being used in the Java Interactive Verification Environment, Jive.",
"authors": [
"Nicole Rauch",
"Norbert Schirmer"
],
"date": "2005-06-20",
- "id": 681,
+ "id": 686,
"link": "/entries/JiveDataStoreModel.html",
"permalink": "/entries/JiveDataStoreModel.html",
"shortname": "JiveDataStoreModel",
"title": "Jive Data and Store Model",
"topic_links": [
"computer-science/programming-languages/misc"
],
"topics": [
"Computer science/Programming languages/Misc"
],
"used_by": 0
},
{
"abstract": "We introduce Jinja, a Java-like programming language with a formal semantics designed to exhibit core features of the Java language architecture. Jinja is a compromise between realism of the language and tractability and clarity of the formal semantics. The following aspects are formalised: a big and a small step operational semantics for Jinja and a proof of their equivalence; a type system and a definite initialisation analysis; a type safety proof of the small step semantics; a virtual machine (JVM), its operational semantics and its type system; a type safety proof for the JVM; a bytecode verifier, i.e. data flow analyser for the JVM; a correctness proof of the bytecode verifier w.r.t. the type system; a compiler and a proof that it preserves semantics and well-typedness. The emphasis of this work is not on particular language features but on providing a unified model of the source language, the virtual machine and the compiler. The whole development has been carried out in the theorem prover Isabelle/HOL.",
"authors": [
"Gerwin Klein",
"Tobias Nipkow"
],
"date": "2005-06-01",
- "id": 682,
+ "id": 687,
"link": "/entries/Jinja.html",
"permalink": "/entries/Jinja.html",
"shortname": "Jinja",
"title": "Jinja is not Java",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 4
},
{
"abstract": "Formal verification is getting more and more important in computer science. However the state of the art formal verification methods in cryptography are very rudimentary. These theories are one step to provide a tool box allowing the use of formal methods in every aspect of cryptography. Moreover we present a proof of concept for the feasibility of verification techniques to a standard signature algorithm.",
"authors": [
"Christina Lindenberg",
"Kai Wirt"
],
"date": "2005-05-02",
- "id": 683,
+ "id": 688,
"link": "/entries/RSAPSS.html",
"permalink": "/entries/RSAPSS.html",
"shortname": "RSAPSS",
"title": "SHA1, RSA, PSS and more",
"topic_links": [
"computer-science/security/cryptography"
],
"topics": [
"Computer science/Security/Cryptography"
],
"used_by": 0
},
{
"abstract": "This development proves Yoneda's lemma and aims to be readable by humans. It only defines what is needed for the lemma: categories, functors and natural transformations. Limits, adjunctions and other important concepts are not included.",
"authors": [
"Greg O'Keefe"
],
"date": "2005-04-21",
- "id": 684,
+ "id": 689,
"link": "/entries/Category.html",
"permalink": "/entries/Category.html",
"shortname": "Category",
"title": "Category Theory to Yoneda's Lemma",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 0
},
{
"abstract": "These theories illustrates the verification of basic file operations (file creation, file read and file write) in the Isabelle theorem prover. We describe a file at two levels of abstraction: an abstract file represented as a resizable array, and a concrete file represented using data blocks.",
"authors": [
"Karen Zee",
"Viktor Kuncak"
],
"date": "2004-12-09",
- "id": 685,
+ "id": 690,
"link": "/entries/FileRefinement.html",
"permalink": "/entries/FileRefinement.html",
"shortname": "FileRefinement",
"title": "File Refinement",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "Lebesgue-style integration plays a major role in advanced probability. We formalize concepts of elementary measure theory, real-valued random variables as Borel-measurable functions, and a stepwise inductive definition of the integral itself. All proofs are carried out in human readable style using the Isar language.",
"authors": [
"Stefan Richter"
],
"date": "2004-11-19",
- "id": 686,
+ "id": 691,
"link": "/entries/Integration.html",
"permalink": "/entries/Integration.html",
"shortname": "Integration",
"title": "Integration theory and random variables",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "Soundness and completeness for a system of first order logic are formally proved, building on James Margetson's formalization of work by Wainer and Wallen. The completeness proofs naturally suggest an algorithm to derive proofs. This algorithm, which can be implemented tail recursively, is formalized in Isabelle/HOL. The algorithm can be executed via the rewriting tactics of Isabelle. Alternatively, the definitions can be exported to OCaml, yielding a directly executable program.",
"authors": [
"Tom Ridge"
],
"date": "2004-09-28",
- "id": 687,
+ "id": 692,
"link": "/entries/Verified-Prover.html",
"permalink": "/entries/Verified-Prover.html",
"shortname": "Verified-Prover",
"title": "A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "The completeness of first-order logic is proved, following the first five pages of Wainer and Wallen's chapter of the book \u003ci\u003eProof Theory\u003c/i\u003e by Aczel et al., CUP, 1992. Their presentation of formulas allows the proofs to use symmetry arguments. Margetson formalized this theorem by early 2000. The Isar conversion is thanks to Tom Ridge. A paper describing the formalization is available \u003ca href=\"Completeness-paper.pdf\"\u003e[pdf]\u003c/a\u003e.",
"authors": [
"James Margetson",
"Tom Ridge"
],
"date": "2004-09-20",
- "id": 688,
+ "id": 693,
"link": "/entries/Completeness.html",
"permalink": "/entries/Completeness.html",
"shortname": "Completeness",
"title": "Completeness theorem",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "This formalization of Ramsey's theorem (infinitary version) is taken from Boolos and Jeffrey, \u003ci\u003eComputability and Logic\u003c/i\u003e, 3rd edition, Chapter 26. It differs slightly from the text by assuming a slightly stronger hypothesis. In particular, the induction hypothesis is stronger, holding for any infinite subset of the naturals. This avoids the rather peculiar mapping argument between kj and aikj on p.263, which is unnecessary and slightly mars this really beautiful result.",
"authors": [
"Tom Ridge"
],
"date": "2004-09-20",
- "id": 689,
+ "id": 694,
"link": "/entries/Ramsey-Infinite.html",
"permalink": "/entries/Ramsey-Infinite.html",
"shortname": "Ramsey-Infinite",
"title": "Ramsey's theorem, infinitary version",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "An exception compilation scheme that dynamically creates and removes exception handler entries on the stack. A formalization of an article of the same name by \u003ca href=\"http://www.cs.nott.ac.uk/~gmh/\"\u003eHutton\u003c/a\u003e and Wright.",
"authors": [
"Tobias Nipkow"
],
"date": "2004-07-09",
- "id": 690,
+ "id": 695,
"link": "/entries/Compiling-Exceptions-Correctly.html",
"permalink": "/entries/Compiling-Exceptions-Correctly.html",
"shortname": "Compiling-Exceptions-Correctly",
"title": "Compiling Exceptions Correctly",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 0
},
{
"abstract": "Depth-first search of a graph is formalized with recdef. It is shown that it visits all of the reachable nodes from a given list of nodes. Executable ML code of depth-first search is obtained using the code generation feature of Isabelle/HOL.",
"authors": [
"Toshiaki Nishihara",
"Yasuhiko Minamide"
],
"date": "2004-06-24",
- "id": 691,
+ "id": 696,
"link": "/entries/Depth-First-Search.html",
"permalink": "/entries/Depth-First-Search.html",
"shortname": "Depth-First-Search",
"title": "Depth First Search",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "The theory of groups, rings and modules is developed to a great depth. Group theory results include Zassenhaus's theorem and the Jordan-Hoelder theorem. The ring theory development includes ideals, quotient rings and the Chinese remainder theorem. The module development includes the Nakayama lemma, exact sequences and Tensor products.",
"authors": [
"Hidetsune Kobayashi",
"L. Chen",
"H. Murao"
],
"date": "2004-05-18",
- "id": 692,
+ "id": 697,
"link": "/entries/Group-Ring-Module.html",
"permalink": "/entries/Group-Ring-Module.html",
"shortname": "Group-Ring-Module",
"title": "Groups, Rings and Modules",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "This theory contains some useful extensions to the LList (lazy list) theory by \u003ca href=\"http://www.cl.cam.ac.uk/~lp15/\"\u003eLarry Paulson\u003c/a\u003e, including finite, infinite, and positive llists over an alphabet, as well as the new constants take and drop and the prefix order of llists. Finally, the notions of safety and liveness in the sense of Alpern and Schneider (1985) are defined.",
"authors": [
"Stefan Friedrich"
],
"date": "2004-04-26",
- "id": 693,
+ "id": 698,
"link": "/entries/Lazy-Lists-II.html",
"permalink": "/entries/Lazy-Lists-II.html",
"shortname": "Lazy-Lists-II",
"title": "Lazy Lists II",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "This entry contains two theories. The first, \u003ctt\u003eTopology\u003c/tt\u003e, develops the basic notions of general topology. The second, which can be viewed as a demonstration of the first, is called \u003ctt\u003eLList_Topology\u003c/tt\u003e. It develops the topology of lazy lists.",
"authors": [
"Stefan Friedrich"
],
"date": "2004-04-26",
- "id": 694,
+ "id": 699,
"link": "/entries/Topology.html",
"permalink": "/entries/Topology.html",
"shortname": "Topology",
"title": "Topology",
"topic_links": [
"mathematics/topology"
],
"topics": [
"Mathematics/Topology"
],
"used_by": 0
},
{
"abstract": "The correctness is shown of binary search tree operations (lookup, insert and remove) implementing a set. Two versions are given, for both structured and linear (tactic-style) proofs. An implementation of integer-indexed maps is also verified.",
"authors": [
"Viktor Kuncak"
],
"date": "2004-04-05",
- "id": 695,
+ "id": 700,
"link": "/entries/BinarySearchTree.html",
"permalink": "/entries/BinarySearchTree.html",
"shortname": "BinarySearchTree",
"title": "Binary Search Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "This theory defines deterministic and nondeterministic automata in a functional representation: the transition function/relation and the finality predicate are just functions. Hence the state space may be infinite. It is shown how to convert regular expressions into such automata. A scanner (generator) is implemented with the help of functional automata: the scanner chops the input up into longest recognized substrings. Finally we also show how to convert a certain subclass of functional automata (essentially the finite deterministic ones) into regular sets.",
"authors": [
"Tobias Nipkow"
],
"date": "2004-03-30",
- "id": 696,
+ "id": 701,
"link": "/entries/Functional-Automata.html",
"permalink": "/entries/Functional-Automata.html",
"shortname": "Functional-Automata",
"title": "Functional Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "Two formalizations of AVL trees with room for extensions. The first formalization is monolithic and shorter, the second one in two stages, longer and a bit simpler. The final implementation is the same. If you are interested in developing this further, please contact \u003ctt\u003egerwin.klein@nicta.com.au\u003c/tt\u003e.",
"authors": [
"Tobias Nipkow",
"Cornelia Pusch"
],
"date": "2004-03-19",
- "id": 697,
+ "id": 702,
"link": "/entries/AVL-Trees.html",
"permalink": "/entries/AVL-Trees.html",
"shortname": "AVL-Trees",
"title": "AVL Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "This theory defines the type inference rules and the type inference algorithm \u003ci\u003eW\u003c/i\u003e for MiniML (simply-typed lambda terms with \u003ctt\u003elet\u003c/tt\u003e) due to Milner. It proves the soundness and completeness of \u003ci\u003eW\u003c/i\u003e w.r.t. the rules.",
"authors": [
"Wolfgang Naraschewski",
"Tobias Nipkow"
],
"date": "2004-03-19",
- "id": 698,
+ "id": 703,
"link": "/entries/MiniML.html",
"permalink": "/entries/MiniML.html",
"shortname": "MiniML",
"title": "Mini ML",
"topic_links": [
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Programming languages/Type systems"
],
"used_by": 0
}
]
\ No newline at end of file
diff --git a/web/index.xml b/web/index.xml
--- a/web/index.xml
+++ b/web/index.xml
@@ -1,12860 +1,12950 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Archive of Formal Proofs</title>
<link>/</link>
<description>Recent content on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Thu, 08 Sep 2022 00:00:00 +0000</lastBuildDate><atom:link href="/index.xml" rel="self" type="application/rss+xml" />
+ <lastBuildDate>Thu, 22 Sep 2022 00:00:00 +0000</lastBuildDate><atom:link href="/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>p-adic Fields and p-adic Semialgebraic Sets</title>
+ <link>/entries/Padic_Field.html</link>
+ <pubDate>Thu, 22 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Padic_Field.html</guid>
+ <description></description>
+ </item>
+
+ <item>
+ <title>Risk-Free Lending</title>
+ <link>/entries/Risk_Free_Lending.html</link>
+ <pubDate>Sun, 18 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Risk_Free_Lending.html</guid>
+ <description></description>
+ </item>
+
+ <item>
+ <title>Soundness and Completeness of Implicational Logic</title>
+ <link>/entries/Implicational_Logic.html</link>
+ <pubDate>Tue, 13 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Implicational_Logic.html</guid>
+ <description></description>
+ </item>
+
<item>
<title>CRYSTALS-Kyber</title>
<link>/entries/CRYSTALS-Kyber.html</link>
<pubDate>Thu, 08 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/CRYSTALS-Kyber.html</guid>
<description></description>
</item>
<item>
+ <title>Unbounded Separation Logic</title>
+ <link>/entries/Separation_Logic_Unbounded.html</link>
+ <pubDate>Mon, 05 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Separation_Logic_Unbounded.html</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Khovanskii&amp;#x27;s Theorem</title>
<link>/entries/Khovanskii_Theorem.html</link>
<pubDate>Fri, 02 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Khovanskii_Theorem.html</guid>
<description></description>
</item>
<item>
<title>The Hales–Jewett Theorem</title>
<link>/entries/Hales_Jewett.html</link>
<pubDate>Fri, 02 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Hales_Jewett.html</guid>
<description></description>
</item>
<item>
<title>Number Theoretic Transform</title>
<link>/entries/Number_Theoretic_Transform.html</link>
<pubDate>Thu, 18 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/Number_Theoretic_Transform.html</guid>
<description></description>
</item>
<item>
+ <title>Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</title>
+ <link>/entries/SCC_Bloemen_Sequential.html</link>
+ <pubDate>Wed, 17 Aug 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/SCC_Bloemen_Sequential.html</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>From THE BOOK: Two Squares via Involutions</title>
<link>/entries/Involutions2Squares.html</link>
<pubDate>Mon, 15 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/Involutions2Squares.html</guid>
<description></description>
</item>
<item>
<title>Verified Complete Test Strategies for Finite State Machines</title>
<link>/entries/FSM_Tests.html</link>
<pubDate>Tue, 09 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/FSM_Tests.html</guid>
<description></description>
</item>
<item>
<title>Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML</title>
<link>/entries/Nano_JSON.html</link>
<pubDate>Fri, 29 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Nano_JSON.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</title>
<link>/entries/Solidity.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Solidity.html</guid>
<description></description>
</item>
<item>
<title>Simultaneous diagonalization of pairwise commuting Hermitian matrices</title>
<link>/entries/Commuting_Hermitian.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Commuting_Hermitian.html</guid>
<description></description>
</item>
<item>
<title>Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality</title>
<link>/entries/Weighted_Arithmetic_Geometric_Mean.html</link>
<pubDate>Mon, 11 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Weighted_Arithmetic_Geometric_Mean.html</guid>
<description></description>
</item>
<item>
<title>A Reuse-Based Multi-Stage Compiler Verification for Language IMP</title>
<link>/entries/IMP_Compiler_Reuse.html</link>
<pubDate>Sun, 10 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/IMP_Compiler_Reuse.html</guid>
<description></description>
</item>
<item>
<title>Real-Time Double-Ended Queue</title>
<link>/entries/Real_Time_Deque.html</link>
<pubDate>Thu, 23 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Real_Time_Deque.html</guid>
<description></description>
</item>
<item>
<title>Boolos&#39;s Curious Inference in Isabelle/HOL</title>
<link>/entries/Boolos_Curious_Inference.html</link>
<pubDate>Mon, 20 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Boolos_Curious_Inference.html</guid>
<description></description>
</item>
<item>
<title>Finite Fields</title>
<link>/entries/Finite_Fields.html</link>
<pubDate>Wed, 08 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Finite_Fields.html</guid>
<description></description>
</item>
<item>
<title>IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols</title>
<link>/entries/IsaNet.html</link>
<pubDate>Wed, 08 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/IsaNet.html</guid>
<description></description>
</item>
<item>
<title>Diophantine Equations and the DPRM Theorem</title>
<link>/entries/DPRM_Theorem.html</link>
<pubDate>Mon, 06 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/DPRM_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Reducing Rewrite Properties to Properties on Ground Terms</title>
<link>/entries/Rewrite_Properties_Reduction.html</link>
<pubDate>Thu, 02 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Rewrite_Properties_Reduction.html</guid>
<description></description>
</item>
<item>
<title>A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</title>
<link>/entries/Combinable_Wands.html</link>
<pubDate>Mon, 30 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Combinable_Wands.html</guid>
<description></description>
</item>
<item>
<title>The Plünnecke-Ruzsa Inequality</title>
<link>/entries/Pluennecke_Ruzsa_Inequality.html</link>
<pubDate>Thu, 26 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Pluennecke_Ruzsa_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Framework for the Sound Automation of Magic Wands</title>
<link>/entries/Package_logic.html</link>
<pubDate>Wed, 18 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Package_logic.html</guid>
<description></description>
</item>
<item>
<title>Clique is not solvable by monotone circuits of polynomial size</title>
<link>/entries/Clique_and_Monotone_Circuits.html</link>
<pubDate>Sun, 08 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Clique_and_Monotone_Circuits.html</guid>
<description></description>
</item>
<item>
<title>Fisher&#39;s Inequality: Linear Algebraic Proof Techniques for Combinatorics</title>
<link>/entries/Fishers_Inequality.html</link>
<pubDate>Thu, 21 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Fishers_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Digit Expansions</title>
<link>/entries/Digit_Expansions.html</link>
<pubDate>Wed, 20 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Digit_Expansions.html</guid>
<description></description>
</item>
<item>
<title>The Generalized Multiset Ordering is NP-Complete</title>
<link>/entries/Multiset_Ordering_NPC.html</link>
<pubDate>Wed, 20 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Multiset_Ordering_NPC.html</guid>
<description></description>
</item>
<item>
<title>The Sophomore&#39;s Dream</title>
<link>/entries/Sophomores_Dream.html</link>
<pubDate>Sun, 10 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Sophomores_Dream.html</guid>
<description></description>
</item>
<item>
<title>A Combinator Library for Prefix-Free Codes</title>
<link>/entries/Prefix_Free_Code_Combinators.html</link>
<pubDate>Fri, 08 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Prefix_Free_Code_Combinators.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Randomized Approximation Algorithms for Frequency Moments</title>
<link>/entries/Frequency_Moments.html</link>
<pubDate>Fri, 08 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Frequency_Moments.html</guid>
<description></description>
</item>
<item>
<title>Constructing the Reals as Dedekind Cuts of Rationals</title>
<link>/entries/Dedekind_Real.html</link>
<pubDate>Thu, 24 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Dedekind_Real.html</guid>
<description></description>
</item>
<item>
<title>Ackermann&#39;s Function Is Not Primitive Recursive</title>
<link>/entries/Ackermanns_not_PR.html</link>
<pubDate>Wed, 23 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Ackermanns_not_PR.html</guid>
<description></description>
</item>
<item>
<title>A Naive Prover for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc3.html</link>
<pubDate>Tue, 22 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc3.html</guid>
<description></description>
</item>
<item>
<title>A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent</title>
<link>/entries/Cotangent_PFD_Formula.html</link>
<pubDate>Tue, 15 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Cotangent_PFD_Formula.html</guid>
<description></description>
</item>
<item>
<title>The Independence of the Continuum Hypothesis in Isabelle/ZF</title>
<link>/entries/Independence_CH.html</link>
<pubDate>Sun, 06 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Independence_CH.html</guid>
<description></description>
</item>
<item>
<title>Transitive Models of Fragments of ZFC</title>
<link>/entries/Transitive_Models.html</link>
<pubDate>Thu, 03 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Transitive_Models.html</guid>
<description></description>
</item>
<item>
<title>Residuated Transition Systems</title>
<link>/entries/ResiduatedTransitionSystem.html</link>
<pubDate>Mon, 28 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/ResiduatedTransitionSystem.html</guid>
<description></description>
</item>
<item>
<title>Universal Hash Families</title>
<link>/entries/Universal_Hash_Families.html</link>
<pubDate>Sun, 20 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Universal_Hash_Families.html</guid>
<description></description>
</item>
<item>
<title>Wetzel&#39;s Problem and the Continuum Hypothesis</title>
<link>/entries/Wetzels_Problem.html</link>
<pubDate>Fri, 18 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Wetzels_Problem.html</guid>
<description></description>
</item>
<item>
<title>First-Order Query Evaluation</title>
<link>/entries/Eval_FO.html</link>
<pubDate>Tue, 15 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Eval_FO.html</guid>
<description></description>
</item>
<item>
<title>Multi-Head Monitoring of Metric Dynamic Logic</title>
<link>/entries/VYDRA_MDL.html</link>
<pubDate>Sun, 13 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/VYDRA_MDL.html</guid>
<description></description>
</item>
<item>
<title>Enumeration of Equivalence Relations</title>
<link>/entries/Equivalence_Relation_Enumeration.html</link>
<pubDate>Fri, 04 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Equivalence_Relation_Enumeration.html</guid>
<description></description>
</item>
<item>
<title>Duality of Linear Programming</title>
<link>/entries/LP_Duality.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/LP_Duality.html</guid>
<description></description>
</item>
<item>
<title>Quasi-Borel Spaces</title>
<link>/entries/Quasi_Borel_Spaces.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Quasi_Borel_Spaces.html</guid>
<description></description>
</item>
<item>
<title>First-Order Theory of Rewriting</title>
<link>/entries/FO_Theory_Rewriting.html</link>
<pubDate>Wed, 02 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/FO_Theory_Rewriting.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus Prover for First-Order Logic with Functions</title>
<link>/entries/FOL_Seq_Calc2.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc2.html</guid>
<description></description>
</item>
<item>
<title>Young&#39;s Inequality for Increasing Functions</title>
<link>/entries/Youngs_Inequality.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Youngs_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Interpolation Polynomials (in HOL-Algebra)</title>
<link>/entries/Interpolation_Polynomials_HOL_Algebra.html</link>
<pubDate>Sat, 29 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Interpolation_Polynomials_HOL_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Median Method</title>
<link>/entries/Median_Method.html</link>
<pubDate>Tue, 25 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Median_Method.html</guid>
<description></description>
</item>
<item>
<title>Actuarial Mathematics</title>
<link>/entries/Actuarial_Mathematics.html</link>
<pubDate>Sun, 23 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Actuarial_Mathematics.html</guid>
<description></description>
</item>
<item>
<title>Irrational numbers from THE BOOK</title>
<link>/entries/Irrationals_From_THEBOOK.html</link>
<pubDate>Sat, 08 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Irrationals_From_THEBOOK.html</guid>
<description></description>
</item>
<item>
<title>Knight&#39;s Tour Revisited Revisited</title>
<link>/entries/Knights_Tour.html</link>
<pubDate>Tue, 04 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Knights_Tour.html</guid>
<description></description>
</item>
<item>
<title>Hyperdual Numbers and Forward Differentiation</title>
<link>/entries/Hyperdual.html</link>
<pubDate>Fri, 31 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hyperdual.html</guid>
<description></description>
</item>
<item>
<title>Gale-Shapley Algorithm</title>
<link>/entries/Gale_Shapley.html</link>
<pubDate>Wed, 29 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Gale_Shapley.html</guid>
<description></description>
</item>
<item>
<title>Roth&#39;s Theorem on Arithmetic Progressions</title>
<link>/entries/Roth_Arithmetic_Progressions.html</link>
<pubDate>Tue, 28 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Roth_Arithmetic_Progressions.html</guid>
<description></description>
</item>
<item>
<title>Markov Decision Processes with Rewards</title>
<link>/entries/MDP-Rewards.html</link>
<pubDate>Thu, 16 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/MDP-Rewards.html</guid>
<description></description>
</item>
<item>
<title>Verified Algorithms for Solving Markov Decision Processes</title>
<link>/entries/MDP-Algorithms.html</link>
<pubDate>Thu, 16 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/MDP-Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Regular Tree Relations</title>
<link>/entries/Regular_Tree_Relations.html</link>
<pubDate>Wed, 15 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Regular_Tree_Relations.html</guid>
<description></description>
</item>
<item>
<title>Simplicial Complexes and Boolean functions</title>
<link>/entries/Simplicial_complexes_and_boolean_functions.html</link>
<pubDate>Mon, 29 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Simplicial_complexes_and_boolean_functions.html</guid>
<description></description>
</item>
<item>
<title>van Emde Boas Trees</title>
<link>/entries/Van_Emde_Boas_Trees.html</link>
<pubDate>Tue, 23 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Van_Emde_Boas_Trees.html</guid>
<description></description>
</item>
<item>
<title>Foundation of geometry in planes, and some complements: Excluding the parallel axioms</title>
<link>/entries/Foundation_of_geometry.html</link>
<pubDate>Mon, 22 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Foundation_of_geometry.html</guid>
<description></description>
</item>
<item>
<title>The Hahn and Jordan Decomposition Theorems</title>
<link>/entries/Hahn_Jordan_Decomposition.html</link>
<pubDate>Fri, 19 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hahn_Jordan_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL</title>
<link>/entries/PAL.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/PAL.html</guid>
<description></description>
</item>
<item>
<title>Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</title>
<link>/entries/SimplifiedOntologicalArgument.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/SimplifiedOntologicalArgument.html</guid>
<description></description>
</item>
<item>
<title>Factorization of Polynomials with Algebraic Coefficients</title>
<link>/entries/Factor_Algebraic_Polynomial.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Factor_Algebraic_Polynomial.html</guid>
<description></description>
</item>
<item>
<title>Real Exponents as the Limits of Sequences of Rational Exponents</title>
<link>/entries/Real_Power.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Real_Power.html</guid>
<description></description>
</item>
<item>
<title>Szemerédi&#39;s Regularity Lemma</title>
<link>/entries/Szemeredi_Regularity.html</link>
<pubDate>Fri, 05 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Szemeredi_Regularity.html</guid>
<description></description>
</item>
<item>
<title>Quantum and Classical Registers</title>
<link>/entries/Registers.html</link>
<pubDate>Thu, 28 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Registers.html</guid>
<description></description>
</item>
<item>
<title>Belief Revision Theory</title>
<link>/entries/Belief_Revision.html</link>
<pubDate>Tue, 19 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Belief_Revision.html</guid>
<description></description>
</item>
<item>
<title>X86 instruction semantics and basic block symbolic execution</title>
<link>/entries/X86_Semantics.html</link>
<pubDate>Wed, 13 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/X86_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations</title>
<link>/entries/Correctness_Algebras.html</link>
<pubDate>Tue, 12 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Correctness_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Verified Quadratic Virtual Substitution for Real Arithmetic</title>
<link>/entries/Virtual_Substitution.html</link>
<pubDate>Sat, 02 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Virtual_Substitution.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of an Axiomatic System for First-Order Logic</title>
<link>/entries/FOL_Axiomatic.html</link>
<pubDate>Fri, 24 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Axiomatic.html</guid>
<description></description>
</item>
<item>
<title>Complex Bounded Operators</title>
<link>/entries/Complex_Bounded_Operators.html</link>
<pubDate>Sat, 18 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Complex_Bounded_Operators.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Weighted Path Orders and Recursive Path Orders</title>
<link>/entries/Weighted_Path_Order.html</link>
<pubDate>Thu, 16 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Weighted_Path_Order.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories</title>
<link>/entries/CZH_Foundations.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Foundations.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories</title>
<link>/entries/CZH_Elementary_Categories.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Elementary_Categories.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL III: Universal Constructions</title>
<link>/entries/CZH_Universal_Constructions.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Universal_Constructions.html</guid>
<description></description>
</item>
<item>
<title>Conditional Simplification</title>
<link>/entries/Conditional_Simplification.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Conditional_Simplification.html</guid>
<description></description>
</item>
<item>
<title>Conditional Transfer Rule</title>
<link>/entries/Conditional_Transfer_Rule.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Conditional_Transfer_Rule.html</guid>
<description></description>
</item>
<item>
<title>Extension of Types-To-Sets</title>
<link>/entries/Types_To_Sets_Extension.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Types_To_Sets_Extension.html</guid>
<description></description>
</item>
<item>
<title>IDE: Introduction, Destruction, Elimination</title>
<link>/entries/Intro_Dest_Elim.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Intro_Dest_Elim.html</guid>
<description></description>
</item>
<item>
<title>A data flow analysis algorithm for computing dominators</title>
<link>/entries/Dominance_CHK.html</link>
<pubDate>Sun, 05 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Dominance_CHK.html</guid>
<description></description>
</item>
<item>
<title>Solving Cubic and Quartic Equations</title>
<link>/entries/Cubic_Quartic_Equations.html</link>
<pubDate>Fri, 03 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Cubic_Quartic_Equations.html</guid>
<description></description>
</item>
<item>
<title>Logging-independent Message Anonymity in the Relational Method</title>
<link>/entries/Logging_Independent_Anonymity.html</link>
<pubDate>Thu, 26 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Logging_Independent_Anonymity.html</guid>
<description></description>
</item>
<item>
<title>The Theorem of Three Circles</title>
<link>/entries/Three_Circles.html</link>
<pubDate>Sat, 21 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Three_Circles.html</guid>
<description></description>
</item>
<item>
<title>CoCon: A Confidentiality-Verified Conference Management System</title>
<link>/entries/CoCon.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoCon.html</guid>
<description></description>
</item>
<item>
<title>Compositional BD Security</title>
<link>/entries/BD_Security_Compositional.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/BD_Security_Compositional.html</guid>
<description></description>
</item>
<item>
<title>CoSMed: A confidentiality-verified social media platform</title>
<link>/entries/CoSMed.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoSMed.html</guid>
<description></description>
</item>
<item>
<title>CoSMeDis: A confidentiality-verified distributed social media platform</title>
<link>/entries/CoSMeDis.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoSMeDis.html</guid>
<description></description>
</item>
<item>
<title>Fresh identifiers</title>
<link>/entries/Fresh_Identifiers.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Fresh_Identifiers.html</guid>
<description></description>
</item>
<item>
<title>Combinatorial Design Theory</title>
<link>/entries/Design_Theory.html</link>
<pubDate>Fri, 13 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Design_Theory.html</guid>
<description></description>
</item>
<item>
<title>Relational Forests</title>
<link>/entries/Relational_Forests.html</link>
<pubDate>Tue, 03 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Forests.html</guid>
<description></description>
</item>
<item>
<title>Schutz&#39; Independent Axioms for Minkowski Spacetime</title>
<link>/entries/Schutz_Spacetime.html</link>
<pubDate>Tue, 27 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/Schutz_Spacetime.html</guid>
<description></description>
</item>
<item>
<title>Finitely Generated Abelian Groups</title>
<link>/entries/Finitely_Generated_Abelian_Groups.html</link>
<pubDate>Wed, 07 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/Finitely_Generated_Abelian_Groups.html</guid>
<description></description>
</item>
<item>
<title>SpecCheck - Specification-Based Testing for Isabelle/ML</title>
<link>/entries/SpecCheck.html</link>
<pubDate>Thu, 01 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/SpecCheck.html</guid>
<description></description>
</item>
<item>
<title>Van der Waerden&#39;s Theorem</title>
<link>/entries/Van_der_Waerden.html</link>
<pubDate>Tue, 22 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/Van_der_Waerden.html</guid>
<description></description>
</item>
<item>
<title>MiniSail - A kernel language for the ISA specification language SAIL</title>
<link>/entries/MiniSail.html</link>
<pubDate>Fri, 18 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/MiniSail.html</guid>
<description></description>
</item>
<item>
<title>Public Announcement Logic</title>
<link>/entries/Public_Announcement_Logic.html</link>
<pubDate>Thu, 17 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/Public_Announcement_Logic.html</guid>
<description></description>
</item>
<item>
<title>A Shorter Compiler Correctness Proof for Language IMP</title>
<link>/entries/IMP_Compiler.html</link>
<pubDate>Fri, 04 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/IMP_Compiler.html</guid>
<description></description>
</item>
<item>
<title>Combinatorics on Words Basics</title>
<link>/entries/Combinatorics_Words.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words.html</guid>
<description></description>
</item>
<item>
<title>Graph Lemma</title>
<link>/entries/Combinatorics_Words_Graph_Lemma.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words_Graph_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Lyndon words</title>
<link>/entries/Combinatorics_Words_Lyndon.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words_Lyndon.html</guid>
<description></description>
</item>
<item>
<title>Regression Test Selection</title>
<link>/entries/Regression_Test_Selection.html</link>
<pubDate>Fri, 30 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Regression_Test_Selection.html</guid>
<description></description>
</item>
<item>
<title>Isabelle&#39;s Metalogic: Formalization and Proof Checker</title>
<link>/entries/Metalogic_ProofChecker.html</link>
<pubDate>Tue, 27 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Metalogic_ProofChecker.html</guid>
<description></description>
</item>
<item>
<title>Lifting the Exponent</title>
<link>/entries/Lifting_the_Exponent.html</link>
<pubDate>Tue, 27 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Lifting_the_Exponent.html</guid>
<description></description>
</item>
<item>
<title>The BKR Decision Procedure for Univariate Real Arithmetic</title>
<link>/entries/BenOr_Kozen_Reif.html</link>
<pubDate>Sat, 24 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/BenOr_Kozen_Reif.html</guid>
<description></description>
</item>
<item>
<title>Gale-Stewart Games</title>
<link>/entries/GaleStewart_Games.html</link>
<pubDate>Fri, 23 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/GaleStewart_Games.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Timely Dataflow&#39;s Progress Tracking Protocol</title>
<link>/entries/Progress_Tracking.html</link>
<pubDate>Tue, 13 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Progress_Tracking.html</guid>
<description></description>
</item>
<item>
<title>Information Flow Control via Dependency Tracking</title>
<link>/entries/IFC_Tracking.html</link>
<pubDate>Thu, 01 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/IFC_Tracking.html</guid>
<description></description>
</item>
<item>
<title>Grothendieck&#39;s Schemes in Algebraic Geometry</title>
<link>/entries/Grothendieck_Schemes.html</link>
<pubDate>Mon, 29 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Grothendieck_Schemes.html</guid>
<description></description>
</item>
<item>
<title>Hensel&#39;s Lemma for the p-adic Integers</title>
<link>/entries/Padic_Ints.html</link>
<pubDate>Tue, 23 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Padic_Ints.html</guid>
<description></description>
</item>
<item>
<title>Constructive Cryptography in HOL: the Communication Modeling Aspect</title>
<link>/entries/Constructive_Cryptography_CM.html</link>
<pubDate>Wed, 17 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Constructive_Cryptography_CM.html</guid>
<description></description>
</item>
<item>
<title>Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation</title>
<link>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</link>
<pubDate>Fri, 12 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</guid>
<description></description>
</item>
<item>
<title>Quantum projective measurements and the CHSH inequality</title>
<link>/entries/Projective_Measurements.html</link>
<pubDate>Wed, 03 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Projective_Measurements.html</guid>
<description></description>
</item>
<item>
<title>The Hermite–Lindemann–Weierstraß Transcendence Theorem</title>
<link>/entries/Hermite_Lindemann.html</link>
<pubDate>Wed, 03 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hermite_Lindemann.html</guid>
<description></description>
</item>
<item>
<title>Mereology</title>
<link>/entries/Mereology.html</link>
<pubDate>Mon, 01 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Mereology.html</guid>
<description></description>
</item>
<item>
<title>The Sunflower Lemma of Erdős and Rado</title>
<link>/entries/Sunflowers.html</link>
<pubDate>Thu, 25 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Sunflowers.html</guid>
<description></description>
</item>
<item>
<title>A Verified Imperative Implementation of B-Trees</title>
<link>/entries/BTree.html</link>
<pubDate>Wed, 24 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/BTree.html</guid>
<description></description>
</item>
<item>
<title>Formal Puiseux Series</title>
<link>/entries/Formal_Puiseux_Series.html</link>
<pubDate>Wed, 17 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Formal_Puiseux_Series.html</guid>
<description></description>
</item>
<item>
<title>The Laws of Large Numbers</title>
<link>/entries/Laws_of_Large_Numbers.html</link>
<pubDate>Wed, 10 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Laws_of_Large_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Tarski&#39;s Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid</title>
<link>/entries/IsaGeoCoq.html</link>
<pubDate>Sun, 31 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/IsaGeoCoq.html</guid>
<description></description>
</item>
<item>
<title>Solution to the xkcd Blue Eyes puzzle</title>
<link>/entries/Blue_Eyes.html</link>
<pubDate>Sat, 30 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/Blue_Eyes.html</guid>
<description></description>
</item>
<item>
<title>Hood-Melville Queue</title>
<link>/entries/Hood_Melville_Queue.html</link>
<pubDate>Mon, 18 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hood_Melville_Queue.html</guid>
<description></description>
</item>
<item>
<title>JinjaDCI: a Java semantics with dynamic class initialization</title>
<link>/entries/JinjaDCI.html</link>
<pubDate>Mon, 11 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/JinjaDCI.html</guid>
<description></description>
</item>
<item>
<title>Cofinality and the Delta System Lemma</title>
<link>/entries/Delta_System_Lemma.html</link>
<pubDate>Sun, 27 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Delta_System_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Topological semantics for paraconsistent and paracomplete logics</title>
<link>/entries/Topological_Semantics.html</link>
<pubDate>Thu, 17 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Topological_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Relational Minimum Spanning Tree Algorithms</title>
<link>/entries/Relational_Minimum_Spanning_Trees.html</link>
<pubDate>Tue, 08 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Minimum_Spanning_Trees.html</guid>
<description></description>
</item>
<item>
<title>Inline Caching and Unboxing Optimization for Interpreters</title>
<link>/entries/Interpreter_Optimizations.html</link>
<pubDate>Mon, 07 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Interpreter_Optimizations.html</guid>
<description></description>
</item>
<item>
<title>The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols</title>
<link>/entries/Relational_Method.html</link>
<pubDate>Sat, 05 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Method.html</guid>
<description></description>
</item>
<item>
<title>Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information</title>
<link>/entries/Isabelle_Marries_Dirac.html</link>
<pubDate>Sun, 22 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_Marries_Dirac.html</guid>
<description></description>
</item>
<item>
<title>The HOL-CSP Refinement Toolkit</title>
<link>/entries/CSP_RefTK.html</link>
<pubDate>Thu, 19 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/CSP_RefTK.html</guid>
<description></description>
</item>
<item>
<title>AI Planning Languages Semantics</title>
<link>/entries/AI_Planning_Languages_Semantics.html</link>
<pubDate>Thu, 29 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/AI_Planning_Languages_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Verified SAT-Based AI Planning</title>
<link>/entries/Verified_SAT_Based_AI_Planning.html</link>
<pubDate>Thu, 29 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Verified_SAT_Based_AI_Planning.html</guid>
<description></description>
</item>
<item>
<title>A Sound Type System for Physical Quantities, Units, and Measurements</title>
<link>/entries/Physical_Quantities.html</link>
<pubDate>Tue, 20 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Physical_Quantities.html</guid>
<description></description>
</item>
<item>
<title>Finite Map Extras</title>
<link>/entries/Finite-Map-Extras.html</link>
<pubDate>Mon, 12 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Finite-Map-Extras.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Document Object Model with Shadow Roots</title>
<link>/entries/Shadow_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Shadow_DOM.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Safely Composable Document Object Model with Shadow Roots</title>
<link>/entries/Shadow_SC_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Shadow_SC_DOM.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Safely Composable Web Components</title>
<link>/entries/SC_DOM_Components.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/SC_DOM_Components.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Web Components</title>
<link>/entries/DOM_Components.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/DOM_Components.html</guid>
<description></description>
</item>
<item>
<title>The Safely Composable DOM</title>
<link>/entries/Core_SC_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Core_SC_DOM.html</guid>
<description></description>
</item>
<item>
<title>An Abstract Formalization of G&amp;ouml;del&#39;s Incompleteness Theorems</title>
<link>/entries/Goedel_Incompleteness.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_Incompleteness.html</guid>
<description></description>
</item>
<item>
<title>From Abstract to Concrete G&amp;ouml;del&#39;s Incompleteness Theorems&amp;mdash;Part I</title>
<link>/entries/Goedel_HFSet_Semantic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_HFSet_Semantic.html</guid>
<description></description>
</item>
<item>
<title>From Abstract to Concrete G&amp;ouml;del&#39;s Incompleteness Theorems&amp;mdash;Part II</title>
<link>/entries/Goedel_HFSet_Semanticless.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_HFSet_Semanticless.html</guid>
<description></description>
</item>
<item>
<title>Robinson Arithmetic</title>
<link>/entries/Robinson_Arithmetic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Robinson_Arithmetic.html</guid>
<description></description>
</item>
<item>
<title>Syntax-Independent Logic Infrastructure</title>
<link>/entries/Syntax_Independent_Logic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Syntax_Independent_Logic.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of Extended Finite State Machines</title>
<link>/entries/Extended_Finite_State_Machines.html</link>
<pubDate>Mon, 07 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Extended_Finite_State_Machines.html</guid>
<description></description>
</item>
<item>
<title>Inference of Extended Finite State Machines</title>
<link>/entries/Extended_Finite_State_Machine_Inference.html</link>
<pubDate>Mon, 07 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Extended_Finite_State_Machine_Inference.html</guid>
<description></description>
</item>
<item>
<title>Practical Algebraic Calculus Checker</title>
<link>/entries/PAC_Checker.html</link>
<pubDate>Mon, 31 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/PAC_Checker.html</guid>
<description></description>
</item>
<item>
<title>Some classical results in inductive inference of recursive functions</title>
<link>/entries/Inductive_Inference.html</link>
<pubDate>Mon, 31 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Inductive_Inference.html</guid>
<description></description>
</item>
<item>
<title>Relational Disjoint-Set Forests</title>
<link>/entries/Relational_Disjoint_Set_Forests.html</link>
<pubDate>Wed, 26 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Disjoint_Set_Forests.html</guid>
<description></description>
</item>
<item>
<title>Extensions to the Comprehensive Framework for Saturation Theorem Proving</title>
<link>/entries/Saturation_Framework_Extensions.html</link>
<pubDate>Tue, 25 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Saturation_Framework_Extensions.html</guid>
<description></description>
</item>
<item>
<title>Putting the `K&#39; into Bird&#39;s derivation of Knuth-Morris-Pratt string matching</title>
<link>/entries/BirdKMP.html</link>
<pubDate>Tue, 25 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/BirdKMP.html</guid>
<description></description>
</item>
<item>
<title>Amicable Numbers</title>
<link>/entries/Amicable_Numbers.html</link>
<pubDate>Tue, 04 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Amicable_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Ordinal Partitions</title>
<link>/entries/Ordinal_Partitions.html</link>
<pubDate>Mon, 03 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Ordinal_Partitions.html</guid>
<description></description>
</item>
<item>
<title>A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm</title>
<link>/entries/Chandy_Lamport.html</link>
<pubDate>Tue, 21 Jul 2020 00:00:00 +0000</pubDate>
<guid>/entries/Chandy_Lamport.html</guid>
<description></description>
</item>
<item>
<title>Relational Characterisations of Paths</title>
<link>/entries/Relational_Paths.html</link>
<pubDate>Mon, 13 Jul 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Paths.html</guid>
<description></description>
</item>
<item>
<title>A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles</title>
<link>/entries/Safe_Distance.html</link>
<pubDate>Mon, 01 Jun 2020 00:00:00 +0000</pubDate>
<guid>/entries/Safe_Distance.html</guid>
<description></description>
</item>
<item>
<title>A verified algorithm for computing the Smith normal form of a matrix</title>
<link>/entries/Smith_Normal_Form.html</link>
<pubDate>Sat, 23 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Smith_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>The Nash-Williams Partition Theorem</title>
<link>/entries/Nash_Williams.html</link>
<pubDate>Sat, 16 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Nash_Williams.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Knuth–Bendix Orders</title>
<link>/entries/Knuth_Bendix_Order.html</link>
<pubDate>Wed, 13 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Knuth_Bendix_Order.html</guid>
<description></description>
</item>
<item>
<title>Irrationality Criteria for Series by Erdős and Straus</title>
<link>/entries/Irrational_Series_Erdos_Straus.html</link>
<pubDate>Tue, 12 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Irrational_Series_Erdos_Straus.html</guid>
<description></description>
</item>
<item>
<title>Recursion Theorem in ZF</title>
<link>/entries/Recursion-Addition.html</link>
<pubDate>Mon, 11 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Recursion-Addition.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</title>
<link>/entries/LTL_Normal_Form.html</link>
<pubDate>Fri, 08 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Forcing in Isabelle/ZF</title>
<link>/entries/Forcing.html</link>
<pubDate>Wed, 06 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Forcing.html</guid>
<description></description>
</item>
<item>
<title>Banach-Steinhaus Theorem</title>
<link>/entries/Banach_Steinhaus.html</link>
<pubDate>Sat, 02 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Banach_Steinhaus.html</guid>
<description></description>
</item>
<item>
<title>Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems</title>
<link>/entries/Attack_Trees.html</link>
<pubDate>Mon, 27 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Attack_Trees.html</guid>
<description></description>
</item>
<item>
<title>Gaussian Integers</title>
<link>/entries/Gaussian_Integers.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Gaussian_Integers.html</guid>
<description></description>
</item>
<item>
<title>Power Sum Polynomials</title>
<link>/entries/Power_Sum_Polynomials.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Power_Sum_Polynomials.html</guid>
<description></description>
</item>
<item>
<title>The Lambert W Function on the Reals</title>
<link>/entries/Lambert_W.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Lambert_W.html</guid>
<description></description>
</item>
<item>
<title>Matrices for ODEs</title>
<link>/entries/Matrices_for_ODEs.html</link>
<pubDate>Sun, 19 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Matrices_for_ODEs.html</guid>
<description></description>
</item>
<item>
<title>Authenticated Data Structures As Functors</title>
<link>/entries/ADS_Functor.html</link>
<pubDate>Thu, 16 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/ADS_Functor.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows</title>
<link>/entries/Sliding_Window_Algorithm.html</link>
<pubDate>Fri, 10 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Sliding_Window_Algorithm.html</guid>
<description></description>
</item>
<item>
<title>A Comprehensive Framework for Saturation Theorem Proving</title>
<link>/entries/Saturation_Framework.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Saturation_Framework.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</title>
<link>/entries/MFODL_Monitor_Optimized.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/MFODL_Monitor_Optimized.html</guid>
<description></description>
</item>
<item>
<title>Automated Stateful Protocol Verification</title>
<link>/entries/Automated_Stateful_Protocol_Verification.html</link>
<pubDate>Wed, 08 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Automated_Stateful_Protocol_Verification.html</guid>
<description></description>
</item>
<item>
<title>Stateful Protocol Composition and Typing</title>
<link>/entries/Stateful_Protocol_Composition_and_Typing.html</link>
<pubDate>Wed, 08 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Stateful_Protocol_Composition_and_Typing.html</guid>
<description></description>
</item>
<item>
<title>Lucas&#39;s Theorem</title>
<link>/entries/Lucas_Theorem.html</link>
<pubDate>Tue, 07 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Lucas_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Strong Eventual Consistency of the Collaborative Editing Framework WOOT</title>
<link>/entries/WOOT_Strong_Eventual_Consistency.html</link>
<pubDate>Wed, 25 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/WOOT_Strong_Eventual_Consistency.html</guid>
<description></description>
</item>
<item>
<title>Furstenberg&#39;s topology and his proof of the infinitude of primes</title>
<link>/entries/Furstenberg_Topology.html</link>
<pubDate>Sun, 22 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Furstenberg_Topology.html</guid>
<description></description>
</item>
<item>
<title>An Under-Approximate Relational Logic</title>
<link>/entries/Relational-Incorrectness-Logic.html</link>
<pubDate>Thu, 12 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational-Incorrectness-Logic.html</guid>
<description></description>
</item>
<item>
<title>Hello World</title>
<link>/entries/Hello_World.html</link>
<pubDate>Sat, 07 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Hello_World.html</guid>
<description></description>
</item>
<item>
<title>Implementing the Goodstein Function in &amp;lambda;-Calculus</title>
<link>/entries/Goodstein_Lambda.html</link>
<pubDate>Fri, 21 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goodstein_Lambda.html</guid>
<description></description>
</item>
<item>
<title>A Generic Framework for Verified Compilers</title>
<link>/entries/VeriComp.html</link>
<pubDate>Mon, 10 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/VeriComp.html</guid>
<description></description>
</item>
<item>
<title>Arithmetic progressions and relative primes</title>
<link>/entries/Arith_Prog_Rel_Primes.html</link>
<pubDate>Sat, 01 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/Arith_Prog_Rel_Primes.html</guid>
<description></description>
</item>
<item>
<title>A Hierarchy of Algebras for Boolean Subsets</title>
<link>/entries/Subset_Boolean_Algebras.html</link>
<pubDate>Fri, 31 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Subset_Boolean_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Mersenne primes and the Lucas–Lehmer test</title>
<link>/entries/Mersenne_Primes.html</link>
<pubDate>Fri, 17 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Mersenne_Primes.html</guid>
<description></description>
</item>
<item>
<title>Verified Approximation Algorithms</title>
<link>/entries/Approximation_Algorithms.html</link>
<pubDate>Thu, 16 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Approximation_Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Closest Pair of Points Algorithms</title>
<link>/entries/Closest_Pair_Points.html</link>
<pubDate>Mon, 13 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Closest_Pair_Points.html</guid>
<description></description>
</item>
<item>
<title>Skip Lists</title>
<link>/entries/Skip_Lists.html</link>
<pubDate>Thu, 09 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Skip_Lists.html</guid>
<description></description>
</item>
<item>
<title>Bicategories</title>
<link>/entries/Bicategory.html</link>
<pubDate>Mon, 06 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Bicategory.html</guid>
<description></description>
</item>
<item>
<title>The Irrationality of ζ(3)</title>
<link>/entries/Zeta_3_Irrational.html</link>
<pubDate>Fri, 27 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Zeta_3_Irrational.html</guid>
<description></description>
</item>
<item>
<title>Formalizing a Seligman-Style Tableau System for Hybrid Logic</title>
<link>/entries/Hybrid_Logic.html</link>
<pubDate>Fri, 20 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Logic.html</guid>
<description></description>
</item>
<item>
<title>The Poincaré-Bendixson Theorem</title>
<link>/entries/Poincare_Bendixson.html</link>
<pubDate>Wed, 18 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Poincare_Bendixson.html</guid>
<description></description>
</item>
<item>
<title>Complex Geometry</title>
<link>/entries/Complex_Geometry.html</link>
<pubDate>Mon, 16 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Complex_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Poincaré Disc Model</title>
<link>/entries/Poincare_Disc.html</link>
<pubDate>Mon, 16 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Poincare_Disc.html</guid>
<description></description>
</item>
<item>
<title>Gauss Sums and the Pólya–Vinogradov Inequality</title>
<link>/entries/Gauss_Sums.html</link>
<pubDate>Tue, 10 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Gauss_Sums.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges</title>
<link>/entries/Generalized_Counting_Sort.html</link>
<pubDate>Wed, 04 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generalized_Counting_Sort.html</guid>
<description></description>
</item>
<item>
<title>Interval Arithmetic on 32-bit Words</title>
<link>/entries/Interval_Arithmetic_Word32.html</link>
<pubDate>Wed, 27 Nov 2019 00:00:00 +0000</pubDate>
<guid>/entries/Interval_Arithmetic_Word32.html</guid>
<description></description>
</item>
<item>
<title>Zermelo Fraenkel Set Theory in Higher-Order Logic</title>
<link>/entries/ZFC_in_HOL.html</link>
<pubDate>Thu, 24 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/ZFC_in_HOL.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/C</title>
<link>/entries/Isabelle_C.html</link>
<pubDate>Tue, 22 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_C.html</guid>
<description></description>
</item>
<item>
<title>VerifyThis 2019 -- Polished Isabelle Solutions</title>
<link>/entries/VerifyThis2019.html</link>
<pubDate>Wed, 16 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/VerifyThis2019.html</guid>
<description></description>
</item>
<item>
<title>Aristotle&#39;s Assertoric Syllogistic</title>
<link>/entries/Aristotles_Assertoric_Syllogistic.html</link>
<pubDate>Tue, 08 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Aristotles_Assertoric_Syllogistic.html</guid>
<description></description>
</item>
<item>
<title>Sigma Protocols and Commitment Schemes</title>
<link>/entries/Sigma_Commit_Crypto.html</link>
<pubDate>Mon, 07 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Sigma_Commit_Crypto.html</guid>
<description></description>
</item>
<item>
<title>Clean - An Abstract Imperative Programming Language and its Theory</title>
<link>/entries/Clean.html</link>
<pubDate>Fri, 04 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Clean.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Multiway-Join Algorithms</title>
<link>/entries/Generic_Join.html</link>
<pubDate>Mon, 16 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generic_Join.html</guid>
<description></description>
</item>
<item>
<title>Verification Components for Hybrid Systems</title>
<link>/entries/Hybrid_Systems_VCs.html</link>
<pubDate>Tue, 10 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Systems_VCs.html</guid>
<description></description>
</item>
<item>
<title>Fourier Series</title>
<link>/entries/Fourier.html</link>
<pubDate>Fri, 06 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Fourier.html</guid>
<description></description>
</item>
<item>
<title>A Case Study in Basic Algebra</title>
<link>/entries/Jacobson_Basic_Algebra.html</link>
<pubDate>Fri, 30 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Jacobson_Basic_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Formalisation of an Adaptive State Counting Algorithm</title>
<link>/entries/Adaptive_State_Counting.html</link>
<pubDate>Fri, 16 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Adaptive_State_Counting.html</guid>
<description></description>
</item>
<item>
<title>Laplace Transform</title>
<link>/entries/Laplace_Transform.html</link>
<pubDate>Wed, 14 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Laplace_Transform.html</guid>
<description></description>
</item>
<item>
<title>Communicating Concurrent Kleene Algebra for Distributed Systems Specification</title>
<link>/entries/C2KA_DistributedSystems.html</link>
<pubDate>Tue, 06 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/C2KA_DistributedSystems.html</guid>
<description></description>
</item>
<item>
<title>Linear Programming</title>
<link>/entries/Linear_Programming.html</link>
<pubDate>Tue, 06 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Programming.html</guid>
<description></description>
</item>
<item>
<title>Selected Problems from the International Mathematical Olympiad 2019</title>
<link>/entries/IMO2019.html</link>
<pubDate>Mon, 05 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMO2019.html</guid>
<description></description>
</item>
<item>
<title>Stellar Quorum Systems</title>
<link>/entries/Stellar_Quorums.html</link>
<pubDate>Thu, 01 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Stellar_Quorums.html</guid>
<description></description>
</item>
<item>
<title>A Formal Development of a Polychronous Polytimed Coordination Language</title>
<link>/entries/TESL_Language.html</link>
<pubDate>Tue, 30 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/TESL_Language.html</guid>
<description></description>
</item>
<item>
<title>Order Extension and Szpilrajn&#39;s Extension Theorem</title>
<link>/entries/Szpilrajn.html</link>
<pubDate>Sat, 27 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/Szpilrajn.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc1.html</link>
<pubDate>Thu, 18 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc1.html</guid>
<description></description>
</item>
<item>
<title>A Verified Code Generator from Isabelle/HOL to CakeML</title>
<link>/entries/CakeML_Codegen.html</link>
<pubDate>Mon, 08 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/CakeML_Codegen.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</title>
<link>/entries/MFOTL_Monitor.html</link>
<pubDate>Thu, 04 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/MFOTL_Monitor.html</guid>
<description></description>
</item>
<item>
<title>Complete Non-Orders and Fixed Points</title>
<link>/entries/Complete_Non_Orders.html</link>
<pubDate>Thu, 27 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Complete_Non_Orders.html</guid>
<description></description>
</item>
<item>
<title>Priority Search Trees</title>
<link>/entries/Priority_Search_Trees.html</link>
<pubDate>Tue, 25 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Priority_Search_Trees.html</guid>
<description></description>
</item>
<item>
<title>Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra</title>
<link>/entries/Prim_Dijkstra_Simple.html</link>
<pubDate>Tue, 25 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Prim_Dijkstra_Simple.html</guid>
<description></description>
</item>
<item>
<title>Linear Inequalities</title>
<link>/entries/Linear_Inequalities.html</link>
<pubDate>Fri, 21 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Inequalities.html</guid>
<description></description>
</item>
<item>
<title>Hilbert&#39;s Nullstellensatz</title>
<link>/entries/Nullstellensatz.html</link>
<pubDate>Sun, 16 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Nullstellensatz.html</guid>
<description></description>
</item>
<item>
<title>Gröbner Bases, Macaulay Matrices and Dubé&#39;s Degree Bounds</title>
<link>/entries/Groebner_Macaulay.html</link>
<pubDate>Sat, 15 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Groebner_Macaulay.html</guid>
<description></description>
</item>
<item>
<title>Binary Heaps for IMP2</title>
<link>/entries/IMP2_Binary_Heap.html</link>
<pubDate>Thu, 13 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2_Binary_Heap.html</guid>
<description></description>
</item>
<item>
<title>Differential Game Logic</title>
<link>/entries/Differential_Game_Logic.html</link>
<pubDate>Mon, 03 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Game_Logic.html</guid>
<description></description>
</item>
<item>
<title>Multidimensional Binary Search Trees</title>
<link>/entries/KD_Tree.html</link>
<pubDate>Thu, 30 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/KD_Tree.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Generic Authenticated Data Structures</title>
<link>/entries/LambdaAuth.html</link>
<pubDate>Tue, 14 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/LambdaAuth.html</guid>
<description></description>
</item>
<item>
<title>Multi-Party Computation</title>
<link>/entries/Multi_Party_Computation.html</link>
<pubDate>Thu, 09 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/Multi_Party_Computation.html</guid>
<description></description>
</item>
<item>
<title>HOL-CSP Version 2.0</title>
<link>/entries/HOL-CSP.html</link>
<pubDate>Fri, 26 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/HOL-CSP.html</guid>
<description></description>
</item>
<item>
<title>A Compositional and Unified Translation of LTL into ω-Automata</title>
<link>/entries/LTL_Master_Theorem.html</link>
<pubDate>Tue, 16 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Master_Theorem.html</guid>
<description></description>
</item>
<item>
<title>A General Theory of Syntax with Bindings</title>
<link>/entries/Binding_Syntax_Theory.html</link>
<pubDate>Sat, 06 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/Binding_Syntax_Theory.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of Certain Infinite Series</title>
<link>/entries/Transcendence_Series_Hancl_Rucki.html</link>
<pubDate>Wed, 27 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Transcendence_Series_Hancl_Rucki.html</guid>
<description></description>
</item>
<item>
<title>Quantum Hoare Logic</title>
<link>/entries/QHLProver.html</link>
<pubDate>Sun, 24 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/QHLProver.html</guid>
<description></description>
</item>
<item>
<title>Safe OCL</title>
<link>/entries/Safe_OCL.html</link>
<pubDate>Sat, 09 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Safe_OCL.html</guid>
<description></description>
</item>
<item>
<title>Elementary Facts About the Distribution of Primes</title>
<link>/entries/Prime_Distribution_Elementary.html</link>
<pubDate>Thu, 21 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Distribution_Elementary.html</guid>
<description></description>
</item>
<item>
<title>Kruskal&#39;s Algorithm for Minimum Spanning Forest</title>
<link>/entries/Kruskal.html</link>
<pubDate>Thu, 14 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Kruskal.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Primality Testing</title>
<link>/entries/Probabilistic_Prime_Tests.html</link>
<pubDate>Mon, 11 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Prime_Tests.html</guid>
<description></description>
</item>
<item>
<title>Universal Turing Machine</title>
<link>/entries/Universal_Turing_Machine.html</link>
<pubDate>Fri, 08 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Universal_Turing_Machine.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming</title>
<link>/entries/UTP.html</link>
<pubDate>Fri, 01 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/UTP.html</guid>
<description></description>
</item>
<item>
<title>The Inversions of a List</title>
<link>/entries/List_Inversions.html</link>
<pubDate>Fri, 01 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/List_Inversions.html</guid>
<description></description>
</item>
<item>
<title>Farkas&#39; Lemma and Motzkin&#39;s Transposition Theorem</title>
<link>/entries/Farkas.html</link>
<pubDate>Thu, 17 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Farkas.html</guid>
<description></description>
</item>
<item>
<title>An Algebra for Higher-Order Terms</title>
<link>/entries/Higher_Order_Terms.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Higher_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>IMP2 – Simple Program Verification in Isabelle/HOL</title>
<link>/entries/IMP2.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2.html</guid>
<description></description>
</item>
<item>
<title>A Reduction Theorem for Store Buffers</title>
<link>/entries/Store_Buffer_Reduction.html</link>
<pubDate>Mon, 07 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Store_Buffer_Reduction.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Document Object Model</title>
<link>/entries/Core_DOM.html</link>
<pubDate>Wed, 26 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Core_DOM.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Concurrent Revisions</title>
<link>/entries/Concurrent_Revisions.html</link>
<pubDate>Tue, 25 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Concurrent_Revisions.html</guid>
<description></description>
</item>
<item>
<title>Verifying Imperative Programs using Auto2</title>
<link>/entries/Auto2_Imperative_HOL.html</link>
<pubDate>Fri, 21 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Auto2_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Constructive Cryptography in HOL</title>
<link>/entries/Constructive_Cryptography.html</link>
<pubDate>Mon, 17 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Constructive_Cryptography.html</guid>
<description></description>
</item>
<item>
<title>Properties of Orderings and Lattices</title>
<link>/entries/Order_Lattice_Props.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Order_Lattice_Props.html</guid>
<description></description>
</item>
<item>
<title>Quantales</title>
<link>/entries/Quantales.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Quantales.html</guid>
<description></description>
</item>
<item>
<title>Transformer Semantics</title>
<link>/entries/Transformer_Semantics.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Transformer_Semantics.html</guid>
<description></description>
</item>
<item>
<title>A Verified Functional Implementation of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</title>
<link>/entries/Functional_Ordered_Resolution_Prover.html</link>
<pubDate>Fri, 23 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Functional_Ordered_Resolution_Prover.html</guid>
<description></description>
</item>
<item>
<title>Graph Saturation</title>
<link>/entries/Graph_Saturation.html</link>
<pubDate>Fri, 23 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Graph_Saturation.html</guid>
<description></description>
</item>
<item>
<title>Auto2 Prover</title>
<link>/entries/Auto2_HOL.html</link>
<pubDate>Tue, 20 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Auto2_HOL.html</guid>
<description></description>
</item>
<item>
<title>Matroids</title>
<link>/entries/Matroids.html</link>
<pubDate>Fri, 16 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Matroids.html</guid>
<description></description>
</item>
<item>
<title>Deriving generic class instances for datatypes</title>
<link>/entries/Generic_Deriving.html</link>
<pubDate>Tue, 06 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Generic_Deriving.html</guid>
<description></description>
</item>
<item>
<title>Formalisation and Evaluation of Alan Gewirth&#39;s Proof for the Principle of Generic Consistency in Isabelle/HOL</title>
<link>/entries/GewirthPGCProof.html</link>
<pubDate>Tue, 30 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/GewirthPGCProof.html</guid>
<description></description>
</item>
<item>
<title>Epistemic Logic: Completeness of Modal Logics</title>
<link>/entries/Epistemic_Logic.html</link>
<pubDate>Mon, 29 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Epistemic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Smooth Manifolds</title>
<link>/entries/Smooth_Manifolds.html</link>
<pubDate>Mon, 22 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Smooth_Manifolds.html</guid>
<description></description>
</item>
<item>
<title>Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_EPO.html</link>
<pubDate>Fri, 19 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_EPO.html</guid>
<description></description>
</item>
<item>
<title>Randomised Binary Search Trees</title>
<link>/entries/Randomised_BSTs.html</link>
<pubDate>Fri, 19 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Randomised_BSTs.html</guid>
<description></description>
</item>
<item>
<title>Upper Bounding Diameters of State Spaces of Factored Transition Systems</title>
<link>/entries/Factored_Transition_System_Bounding.html</link>
<pubDate>Fri, 12 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Factored_Transition_System_Bounding.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of π</title>
<link>/entries/Pi_Transcendental.html</link>
<pubDate>Fri, 28 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Pi_Transcendental.html</guid>
<description></description>
</item>
<item>
<title>Symmetric Polynomials</title>
<link>/entries/Symmetric_Polynomials.html</link>
<pubDate>Tue, 25 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Symmetric_Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Signature-Based Gröbner Basis Algorithms</title>
<link>/entries/Signature_Groebner.html</link>
<pubDate>Thu, 20 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Signature_Groebner.html</guid>
<description></description>
</item>
<item>
<title>The Prime Number Theorem</title>
<link>/entries/Prime_Number_Theorem.html</link>
<pubDate>Wed, 19 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Number_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Aggregation Algebras</title>
<link>/entries/Aggregation_Algebras.html</link>
<pubDate>Sat, 15 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Aggregation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Octonions</title>
<link>/entries/Octonions.html</link>
<pubDate>Fri, 14 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Octonions.html</guid>
<description></description>
</item>
<item>
<title>Quaternions</title>
<link>/entries/Quaternions.html</link>
<pubDate>Wed, 05 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Quaternions.html</guid>
<description></description>
</item>
<item>
<title>The Budan-Fourier Theorem and Counting Real Roots with Multiplicity</title>
<link>/entries/Budan_Fourier.html</link>
<pubDate>Sun, 02 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Budan_Fourier.html</guid>
<description></description>
</item>
<item>
<title>An Incremental Simplex Algorithm with Unsatisfiable Core Generation</title>
<link>/entries/Simplex.html</link>
<pubDate>Fri, 24 Aug 2018 00:00:00 +0000</pubDate>
<guid>/entries/Simplex.html</guid>
<description></description>
</item>
<item>
<title>Minsky Machines</title>
<link>/entries/Minsky_Machines.html</link>
<pubDate>Tue, 14 Aug 2018 00:00:00 +0000</pubDate>
<guid>/entries/Minsky_Machines.html</guid>
<description></description>
</item>
<item>
<title>Pricing in discrete financial models</title>
<link>/entries/DiscretePricing.html</link>
<pubDate>Mon, 16 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/DiscretePricing.html</guid>
<description></description>
</item>
<item>
<title>Von-Neumann-Morgenstern Utility Theorem</title>
<link>/entries/Neumann_Morgenstern_Utility.html</link>
<pubDate>Wed, 04 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/Neumann_Morgenstern_Utility.html</guid>
<description></description>
</item>
<item>
<title>Pell&#39;s Equation</title>
<link>/entries/Pell.html</link>
<pubDate>Sat, 23 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Pell.html</guid>
<description></description>
</item>
<item>
<title>Projective Geometry</title>
<link>/entries/Projective_Geometry.html</link>
<pubDate>Thu, 14 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Projective_Geometry.html</guid>
<description></description>
</item>
<item>
<title>The Localization of a Commutative Ring</title>
<link>/entries/Localization_Ring.html</link>
<pubDate>Thu, 14 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Localization_Ring.html</guid>
<description></description>
</item>
<item>
<title>Partial Order Reduction</title>
<link>/entries/Partial_Order_Reduction.html</link>
<pubDate>Tue, 05 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Partial_Order_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Optimal Binary Search Trees</title>
<link>/entries/Optimal_BST.html</link>
<pubDate>Sun, 27 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Optimal_BST.html</guid>
<description></description>
</item>
<item>
<title>Hidden Markov Models</title>
<link>/entries/Hidden_Markov_Models.html</link>
<pubDate>Fri, 25 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hidden_Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Timed Automata</title>
<link>/entries/Probabilistic_Timed_Automata.html</link>
<pubDate>Thu, 24 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Timed_Automata.html</guid>
<description></description>
</item>
<item>
<title>Axiom Systems for Category Theory in Free Logic</title>
<link>/entries/AxiomaticCategoryTheory.html</link>
<pubDate>Wed, 23 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/AxiomaticCategoryTheory.html</guid>
<description></description>
</item>
<item>
<title>Irrational Rapidly Convergent Series</title>
<link>/entries/Irrationality_J_Hancl.html</link>
<pubDate>Wed, 23 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Irrationality_J_Hancl.html</guid>
<description></description>
</item>
<item>
<title>Monadification, Memoization and Dynamic Programming</title>
<link>/entries/Monad_Memo_DP.html</link>
<pubDate>Tue, 22 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Monad_Memo_DP.html</guid>
<description></description>
</item>
<item>
<title>OpSets: Sequential Specifications for Replicated Datatypes</title>
<link>/entries/OpSets.html</link>
<pubDate>Thu, 10 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/OpSets.html</guid>
<description></description>
</item>
<item>
<title>An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties</title>
<link>/entries/Modular_Assembly_Kit_Security.html</link>
<pubDate>Mon, 07 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Modular_Assembly_Kit_Security.html</guid>
<description></description>
</item>
<item>
<title>WebAssembly</title>
<link>/entries/WebAssembly.html</link>
<pubDate>Sun, 29 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/WebAssembly.html</guid>
<description></description>
</item>
<item>
<title>VerifyThis 2018 - Polished Isabelle Solutions</title>
<link>/entries/VerifyThis2018.html</link>
<pubDate>Fri, 27 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/VerifyThis2018.html</guid>
<description></description>
</item>
<item>
<title>Bounded Natural Functors with Covariance and Contravariance</title>
<link>/entries/BNF_CC.html</link>
<pubDate>Tue, 24 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/BNF_CC.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency</title>
<link>/entries/Fishburn_Impossibility.html</link>
<pubDate>Thu, 22 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Fishburn_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Weight-Balanced Trees</title>
<link>/entries/Weight_Balanced_Trees.html</link>
<pubDate>Tue, 13 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Weight_Balanced_Trees.html</guid>
<description></description>
</item>
<item>
<title>CakeML</title>
<link>/entries/CakeML.html</link>
<pubDate>Mon, 12 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/CakeML.html</guid>
<description></description>
</item>
<item>
<title>A Theory of Architectural Design Patterns</title>
<link>/entries/Architectural_Design_Patterns.html</link>
<pubDate>Thu, 01 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Architectural_Design_Patterns.html</guid>
<description></description>
</item>
<item>
<title>Hoare Logics for Time Bounds</title>
<link>/entries/Hoare_Time.html</link>
<pubDate>Mon, 26 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hoare_Time.html</guid>
<description></description>
</item>
<item>
<title>A verified factorization algorithm for integer polynomials with polynomial complexity</title>
<link>/entries/LLL_Factorization.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/LLL_Factorization.html</guid>
<description></description>
</item>
<item>
<title>First-Order Terms</title>
<link>/entries/First_Order_Terms.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/First_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>The Error Function</title>
<link>/entries/Error_Function.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Error_Function.html</guid>
<description></description>
</item>
<item>
<title>Treaps</title>
<link>/entries/Treaps.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Treaps.html</guid>
<description></description>
</item>
<item>
<title>A verified LLL algorithm</title>
<link>/entries/LLL_Basis_Reduction.html</link>
<pubDate>Fri, 02 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/LLL_Basis_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</title>
<link>/entries/Ordered_Resolution_Prover.html</link>
<pubDate>Thu, 18 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Ordered_Resolution_Prover.html</guid>
<description></description>
</item>
<item>
<title>Gromov Hyperbolicity</title>
<link>/entries/Gromov_Hyperbolicity.html</link>
<pubDate>Tue, 16 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Gromov_Hyperbolicity.html</guid>
<description></description>
</item>
<item>
<title>An Isabelle/HOL formalisation of Green&#39;s Theorem</title>
<link>/entries/Green.html</link>
<pubDate>Thu, 11 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Green.html</guid>
<description></description>
</item>
<item>
<title>Taylor Models</title>
<link>/entries/Taylor_Models.html</link>
<pubDate>Mon, 08 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Taylor_Models.html</guid>
<description></description>
</item>
<item>
<title>The Falling Factorial of a Sum</title>
<link>/entries/Falling_Factorial_Sum.html</link>
<pubDate>Fri, 22 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Falling_Factorial_Sum.html</guid>
<description></description>
</item>
<item>
<title>Dirichlet L-Functions and Dirichlet&#39;s Theorem</title>
<link>/entries/Dirichlet_L.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dirichlet_L.html</guid>
<description></description>
</item>
<item>
<title>The Mason–Stothers Theorem</title>
<link>/entries/Mason_Stothers.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Mason_Stothers.html</guid>
<description></description>
</item>
<item>
<title>The Median-of-Medians Selection Algorithm</title>
<link>/entries/Median_Of_Medians_Selection.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Median_Of_Medians_Selection.html</guid>
<description></description>
</item>
<item>
<title>Operations on Bounded Natural Functors</title>
<link>/entries/BNF_Operations.html</link>
<pubDate>Tue, 19 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/BNF_Operations.html</guid>
<description></description>
</item>
<item>
<title>The string search algorithm by Knuth, Morris and Pratt</title>
<link>/entries/Knuth_Morris_Pratt.html</link>
<pubDate>Mon, 18 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Knuth_Morris_Pratt.html</guid>
<description></description>
</item>
<item>
<title>Stochastic Matrices and the Perron-Frobenius Theorem</title>
<link>/entries/Stochastic_Matrices.html</link>
<pubDate>Wed, 22 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stochastic_Matrices.html</guid>
<description></description>
</item>
<item>
<title>The IMAP CmRDT</title>
<link>/entries/IMAP-CRDT.html</link>
<pubDate>Thu, 09 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/IMAP-CRDT.html</guid>
<description></description>
</item>
<item>
<title>Hybrid Multi-Lane Spatial Logic</title>
<link>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</link>
<pubDate>Mon, 06 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</guid>
<description></description>
</item>
<item>
<title>The Kuratowski Closure-Complement Theorem</title>
<link>/entries/Kuratowski_Closure_Complement.html</link>
<pubDate>Thu, 26 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Kuratowski_Closure_Complement.html</guid>
<description></description>
</item>
<item>
<title>Büchi Complementation</title>
<link>/entries/Buchi_Complementation.html</link>
<pubDate>Thu, 19 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Buchi_Complementation.html</guid>
<description></description>
</item>
<item>
<title>Transition Systems and Automata</title>
<link>/entries/Transition_Systems_and_Automata.html</link>
<pubDate>Thu, 19 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Transition_Systems_and_Automata.html</guid>
<description></description>
</item>
<item>
<title>Count the Number of Complex Roots</title>
<link>/entries/Count_Complex_Roots.html</link>
<pubDate>Tue, 17 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Count_Complex_Roots.html</guid>
<description></description>
</item>
<item>
<title>Evaluate Winding Numbers through Cauchy Indices</title>
<link>/entries/Winding_Number_Eval.html</link>
<pubDate>Tue, 17 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Winding_Number_Eval.html</guid>
<description></description>
</item>
<item>
<title>Homogeneous Linear Diophantine Equations</title>
<link>/entries/Diophantine_Eqns_Lin_Hom.html</link>
<pubDate>Sat, 14 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Diophantine_Eqns_Lin_Hom.html</guid>
<description></description>
</item>
<item>
<title>Dirichlet Series</title>
<link>/entries/Dirichlet_Series.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dirichlet_Series.html</guid>
<description></description>
</item>
<item>
<title>Linear Recurrences</title>
<link>/entries/Linear_Recurrences.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Recurrences.html</guid>
<description></description>
</item>
<item>
<title>The Hurwitz and Riemann ζ Functions</title>
<link>/entries/Zeta_Function.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Zeta_Function.html</guid>
<description></description>
</item>
<item>
<title>Computer-assisted Reconstruction and Assessment of E. J. Lowe&#39;s Modal Ontological Argument</title>
<link>/entries/Lowe_Ontological_Argument.html</link>
<pubDate>Thu, 21 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/Lowe_Ontological_Argument.html</guid>
<description></description>
</item>
<item>
<title>Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL</title>
<link>/entries/PLM.html</link>
<pubDate>Sun, 17 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/PLM.html</guid>
<description></description>
</item>
<item>
<title>Anselm&#39;s God in Isabelle/HOL</title>
<link>/entries/AnselmGod.html</link>
<pubDate>Wed, 06 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/AnselmGod.html</guid>
<description></description>
</item>
<item>
<title>Microeconomics and the First Welfare Theorem</title>
<link>/entries/First_Welfare_Theorem.html</link>
<pubDate>Fri, 01 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/First_Welfare_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Orbit-Stabiliser Theorem with Application to Rotational Symmetries</title>
<link>/entries/Orbit_Stabiliser.html</link>
<pubDate>Sun, 20 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/Orbit_Stabiliser.html</guid>
<description></description>
</item>
<item>
<title>Root-Balanced Tree</title>
<link>/entries/Root_Balanced_Tree.html</link>
<pubDate>Sun, 20 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/Root_Balanced_Tree.html</guid>
<description></description>
</item>
<item>
<title>The LambdaMu-calculus</title>
<link>/entries/LambdaMu.html</link>
<pubDate>Wed, 16 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/LambdaMu.html</guid>
<description></description>
</item>
<item>
<title>Stewart&#39;s Theorem and Apollonius&#39; Theorem</title>
<link>/entries/Stewart_Apollonius.html</link>
<pubDate>Mon, 31 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stewart_Apollonius.html</guid>
<description></description>
</item>
<item>
<title>Dynamic Architectures</title>
<link>/entries/DynamicArchitectures.html</link>
<pubDate>Fri, 28 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/DynamicArchitectures.html</guid>
<description></description>
</item>
<item>
<title>Declarative Semantics for Functional Languages</title>
<link>/entries/Decl_Sem_Fun_PL.html</link>
<pubDate>Fri, 21 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Decl_Sem_Fun_PL.html</guid>
<description></description>
</item>
<item>
<title>HOLCF-Prelude</title>
<link>/entries/HOLCF-Prelude.html</link>
<pubDate>Sat, 15 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/HOLCF-Prelude.html</guid>
<description></description>
</item>
<item>
<title>Minkowski&#39;s Theorem</title>
<link>/entries/Minkowskis_Theorem.html</link>
<pubDate>Thu, 13 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Minkowskis_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus</title>
<link>/entries/Name_Carrying_Type_Inference.html</link>
<pubDate>Sun, 09 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Name_Carrying_Type_Inference.html</guid>
<description></description>
</item>
<item>
<title>A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes</title>
<link>/entries/CRDT.html</link>
<pubDate>Fri, 07 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/CRDT.html</guid>
<description></description>
</item>
<item>
<title>Stone-Kleene Relation Algebras</title>
<link>/entries/Stone_Kleene_Relation_Algebras.html</link>
<pubDate>Thu, 06 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Kleene_Relation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Propositional Proof Systems</title>
<link>/entries/Propositional_Proof_Systems.html</link>
<pubDate>Wed, 21 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Propositional_Proof_Systems.html</guid>
<description></description>
</item>
<item>
<title>Partial Semigroups and Convolution Algebras</title>
<link>/entries/PSemigroupsConvolution.html</link>
<pubDate>Tue, 13 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/PSemigroupsConvolution.html</guid>
<description></description>
</item>
<item>
<title>Buffon&#39;s Needle Problem</title>
<link>/entries/Buffons_Needle.html</link>
<pubDate>Tue, 06 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Buffons_Needle.html</guid>
<description></description>
</item>
<item>
<title>Flow Networks and the Min-Cut-Max-Flow Theorem</title>
<link>/entries/Flow_Networks.html</link>
<pubDate>Thu, 01 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Flow_Networks.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Push-Relabel Algorithms</title>
<link>/entries/Prpu_Maxflow.html</link>
<pubDate>Thu, 01 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Prpu_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>Optics</title>
<link>/entries/Optics.html</link>
<pubDate>Thu, 25 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Optics.html</guid>
<description></description>
</item>
<item>
<title>Developing Security Protocols by Refinement</title>
<link>/entries/Security_Protocol_Refinement.html</link>
<pubDate>Wed, 24 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Security_Protocol_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Dictionary Construction</title>
<link>/entries/Dict_Construction.html</link>
<pubDate>Wed, 24 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dict_Construction.html</guid>
<description></description>
</item>
<item>
<title>The Floyd-Warshall Algorithm for Shortest Paths</title>
<link>/entries/Floyd_Warshall.html</link>
<pubDate>Mon, 08 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Floyd_Warshall.html</guid>
<description></description>
</item>
<item>
<title>CryptHOL</title>
<link>/entries/CryptHOL.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/CryptHOL.html</guid>
<description></description>
</item>
<item>
<title>Effect polymorphism in higher-order logic</title>
<link>/entries/Monomorphic_Monad.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Monomorphic_Monad.html</guid>
<description></description>
</item>
<item>
<title>Game-based cryptography in HOL</title>
<link>/entries/Game_Based_Crypto.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Game_Based_Crypto.html</guid>
<description></description>
</item>
<item>
<title>Monad normalisation</title>
<link>/entries/Monad_Normalisation.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Monad_Normalisation.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic while loop</title>
<link>/entries/Probabilistic_While.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_While.html</guid>
<description></description>
</item>
<item>
<title>Monoidal Categories</title>
<link>/entries/MonoidalCategory.html</link>
<pubDate>Thu, 04 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/MonoidalCategory.html</guid>
<description></description>
</item>
<item>
<title>Types, Tableaus and Gödel’s God in Isabelle/HOL</title>
<link>/entries/Types_Tableaus_and_Goedels_God.html</link>
<pubDate>Mon, 01 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Types_Tableaus_and_Goedels_God.html</guid>
<description></description>
</item>
<item>
<title>Local Lexing</title>
<link>/entries/LocalLexing.html</link>
<pubDate>Fri, 28 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/LocalLexing.html</guid>
<description></description>
</item>
<item>
<title>Constructor Functions</title>
<link>/entries/Constructor_Funs.html</link>
<pubDate>Wed, 19 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Constructor_Funs.html</guid>
<description></description>
</item>
<item>
<title>Lazifying case constants</title>
<link>/entries/Lazy_Case.html</link>
<pubDate>Tue, 18 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Lazy_Case.html</guid>
<description></description>
</item>
<item>
<title>Subresultants</title>
<link>/entries/Subresultants.html</link>
<pubDate>Thu, 06 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Subresultants.html</guid>
<description></description>
</item>
<item>
<title>Expected Shape of Random Binary Search Trees</title>
<link>/entries/Random_BSTs.html</link>
<pubDate>Tue, 04 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Random_BSTs.html</guid>
<description></description>
</item>
<item>
<title>Lower bound on comparison-based sorting algorithms</title>
<link>/entries/Comparison_Sort_Lower_Bound.html</link>
<pubDate>Wed, 15 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Comparison_Sort_Lower_Bound.html</guid>
<description></description>
</item>
<item>
<title>The number of comparisons in QuickSort</title>
<link>/entries/Quick_Sort_Cost.html</link>
<pubDate>Wed, 15 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Quick_Sort_Cost.html</guid>
<description></description>
</item>
<item>
<title>The Euler–MacLaurin Formula</title>
<link>/entries/Euler_MacLaurin.html</link>
<pubDate>Fri, 10 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Euler_MacLaurin.html</guid>
<description></description>
</item>
<item>
<title>The Group Law for Elliptic Curves</title>
<link>/entries/Elliptic_Curves_Group_Law.html</link>
<pubDate>Tue, 28 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Elliptic_Curves_Group_Law.html</guid>
<description></description>
</item>
<item>
<title>Menger&#39;s Theorem</title>
<link>/entries/Menger.html</link>
<pubDate>Sun, 26 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Menger.html</guid>
<description></description>
</item>
<item>
<title>Differential Dynamic Logic</title>
<link>/entries/Differential_Dynamic_Logic.html</link>
<pubDate>Mon, 13 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Dynamic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Abstract Soundness</title>
<link>/entries/Abstract_Soundness.html</link>
<pubDate>Fri, 10 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Abstract_Soundness.html</guid>
<description></description>
</item>
<item>
<title>Stone Relation Algebras</title>
<link>/entries/Stone_Relation_Algebras.html</link>
<pubDate>Tue, 07 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Relation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Refining Authenticated Key Agreement with Strong Adversaries</title>
<link>/entries/Key_Agreement_Strong_Adversaries.html</link>
<pubDate>Tue, 31 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Key_Agreement_Strong_Adversaries.html</guid>
<description></description>
</item>
<item>
<title>Bernoulli Numbers</title>
<link>/entries/Bernoulli.html</link>
<pubDate>Tue, 24 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Bernoulli.html</guid>
<description></description>
</item>
<item>
<title>Bertrand&#39;s postulate</title>
<link>/entries/Bertrands_Postulate.html</link>
<pubDate>Tue, 17 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Bertrands_Postulate.html</guid>
<description></description>
</item>
<item>
<title>Minimal Static Single Assignment Form</title>
<link>/entries/Minimal_SSA.html</link>
<pubDate>Tue, 17 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Minimal_SSA.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of e</title>
<link>/entries/E_Transcendental.html</link>
<pubDate>Thu, 12 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/E_Transcendental.html</guid>
<description></description>
</item>
<item>
<title>Formal Network Models and Their Application to Firewall Policies</title>
<link>/entries/UPF_Firewall.html</link>
<pubDate>Sun, 08 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/UPF_Firewall.html</guid>
<description></description>
</item>
<item>
<title>Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method</title>
<link>/entries/Password_Authentication_Protocol.html</link>
<pubDate>Tue, 03 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Password_Authentication_Protocol.html</guid>
<description></description>
</item>
<item>
<title>First-Order Logic According to Harrison</title>
<link>/entries/FOL_Harrison.html</link>
<pubDate>Sun, 01 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Harrison.html</guid>
<description></description>
</item>
<item>
<title>Concurrent Refinement Algebra and Rely Quotients</title>
<link>/entries/Concurrent_Ref_Alg.html</link>
<pubDate>Fri, 30 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Concurrent_Ref_Alg.html</guid>
<description></description>
</item>
<item>
<title>The Twelvefold Way</title>
<link>/entries/Twelvefold_Way.html</link>
<pubDate>Thu, 29 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Twelvefold_Way.html</guid>
<description></description>
</item>
<item>
<title>Proof Strategy Language</title>
<link>/entries/Proof_Strategy_Language.html</link>
<pubDate>Tue, 20 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Proof_Strategy_Language.html</guid>
<description></description>
</item>
<item>
<title>Paraconsistency</title>
<link>/entries/Paraconsistency.html</link>
<pubDate>Wed, 07 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Paraconsistency.html</guid>
<description></description>
</item>
<item>
<title>COMPLX: A Verification Framework for Concurrent Imperative Programs</title>
<link>/entries/Complx.html</link>
<pubDate>Tue, 29 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Complx.html</guid>
<description></description>
</item>
<item>
<title>Abstract Interpretation of Annotated Commands</title>
<link>/entries/Abs_Int_ITP2012.html</link>
<pubDate>Wed, 23 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Abs_Int_ITP2012.html</guid>
<description></description>
</item>
<item>
<title>Separata: Isabelle tactics for Separation Algebra</title>
<link>/entries/Separata.html</link>
<pubDate>Wed, 16 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Separata.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_KBOs.html</link>
<pubDate>Sat, 12 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_KBOs.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals</title>
<link>/entries/Nested_Multisets_Ordinals.html</link>
<pubDate>Sat, 12 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Nested_Multisets_Ordinals.html</guid>
<description></description>
</item>
<item>
<title>Expressiveness of Deep Learning</title>
<link>/entries/Deep_Learning.html</link>
<pubDate>Thu, 10 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Deep_Learning.html</guid>
<description></description>
</item>
<item>
<title>Modal Logics for Nominal Transition Systems</title>
<link>/entries/Modal_Logics_for_NTS.html</link>
<pubDate>Tue, 25 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Modal_Logics_for_NTS.html</guid>
<description></description>
</item>
<item>
<title>Stable Matching</title>
<link>/entries/Stable_Matching.html</link>
<pubDate>Mon, 24 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stable_Matching.html</guid>
<description></description>
</item>
<item>
<title>LOFT — Verified Migration of Linux Firewalls to SDN</title>
<link>/entries/LOFT.html</link>
<pubDate>Fri, 21 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/LOFT.html</guid>
<description></description>
</item>
<item>
<title>A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor</title>
<link>/entries/SPARCv8.html</link>
<pubDate>Wed, 19 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/SPARCv8.html</guid>
<description></description>
</item>
<item>
<title>Source Coding Theorem</title>
<link>/entries/Source_Coding_Theorem.html</link>
<pubDate>Wed, 19 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Source_Coding_Theorem.html</guid>
<description></description>
</item>
<item>
<title>The Factorization Algorithm of Berlekamp and Zassenhaus</title>
<link>/entries/Berlekamp_Zassenhaus.html</link>
<pubDate>Fri, 14 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Berlekamp_Zassenhaus.html</guid>
<description></description>
</item>
<item>
<title>Intersecting Chords Theorem</title>
<link>/entries/Chord_Segments.html</link>
<pubDate>Tue, 11 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Chord_Segments.html</guid>
<description></description>
</item>
<item>
<title>Lp spaces</title>
<link>/entries/Lp.html</link>
<pubDate>Wed, 05 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lp.html</guid>
<description></description>
</item>
<item>
<title>Fisher–Yates shuffle</title>
<link>/entries/Fisher_Yates.html</link>
<pubDate>Fri, 30 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Fisher_Yates.html</guid>
<description></description>
</item>
<item>
<title>Allen&#39;s Interval Calculus</title>
<link>/entries/Allen_Calculus.html</link>
<pubDate>Thu, 29 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Allen_Calculus.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_RPOs.html</link>
<pubDate>Fri, 23 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_RPOs.html</guid>
<description></description>
</item>
<item>
<title>Iptables Semantics</title>
<link>/entries/Iptables_Semantics.html</link>
<pubDate>Fri, 09 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Iptables_Semantics.html</guid>
<description></description>
</item>
<item>
<title>A Variant of the Superposition Calculus</title>
<link>/entries/SuperCalc.html</link>
<pubDate>Tue, 06 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/SuperCalc.html</guid>
<description></description>
</item>
<item>
<title>Stone Algebras</title>
<link>/entries/Stone_Algebras.html</link>
<pubDate>Tue, 06 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Stirling&#39;s formula</title>
<link>/entries/Stirling_Formula.html</link>
<pubDate>Thu, 01 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stirling_Formula.html</guid>
<description></description>
</item>
<item>
<title>Routing</title>
<link>/entries/Routing.html</link>
<pubDate>Wed, 31 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Routing.html</guid>
<description></description>
</item>
<item>
<title>Simple Firewall</title>
<link>/entries/Simple_Firewall.html</link>
<pubDate>Wed, 24 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Simple_Firewall.html</guid>
<description></description>
</item>
<item>
<title>Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths</title>
<link>/entries/InfPathElimination.html</link>
<pubDate>Thu, 18 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/InfPathElimination.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Edmonds-Karp Algorithm</title>
<link>/entries/EdmondsKarp_Maxflow.html</link>
<pubDate>Fri, 12 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/EdmondsKarp_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>The Imperative Refinement Framework</title>
<link>/entries/Refine_Imperative_HOL.html</link>
<pubDate>Mon, 08 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Refine_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Ptolemy&#39;s Theorem</title>
<link>/entries/Ptolemys_Theorem.html</link>
<pubDate>Sun, 07 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Ptolemys_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Surprise Paradox</title>
<link>/entries/Surprise_Paradox.html</link>
<pubDate>Sun, 17 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Surprise_Paradox.html</guid>
<description></description>
</item>
<item>
<title>Pairing Heap</title>
<link>/entries/Pairing_Heap.html</link>
<pubDate>Thu, 14 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Pairing_Heap.html</guid>
<description></description>
</item>
<item>
<title>A Framework for Verifying Depth-First Search Algorithms</title>
<link>/entries/DFS_Framework.html</link>
<pubDate>Tue, 05 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/DFS_Framework.html</guid>
<description></description>
</item>
<item>
<title>Chamber Complexes, Coxeter Systems, and Buildings</title>
<link>/entries/Buildings.html</link>
<pubDate>Fri, 01 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Buildings.html</guid>
<description></description>
</item>
<item>
<title>The Resolution Calculus for First-Order Logic</title>
<link>/entries/Resolution_FOL.html</link>
<pubDate>Thu, 30 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Resolution_FOL.html</guid>
<description></description>
</item>
<item>
<title>The Z Property</title>
<link>/entries/Rewriting_Z.html</link>
<pubDate>Thu, 30 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Rewriting_Z.html</guid>
<description></description>
</item>
<item>
<title>Compositional Security-Preserving Refinement for Concurrent Imperative Programs</title>
<link>/entries/Dependent_SIFUM_Refinement.html</link>
<pubDate>Tue, 28 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Dependent_SIFUM_Refinement.html</guid>
<description></description>
</item>
<item>
<title>IP Addresses</title>
<link>/entries/IP_Addresses.html</link>
<pubDate>Tue, 28 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/IP_Addresses.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Multisets</title>
<link>/entries/Card_Multisets.html</link>
<pubDate>Sun, 26 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Multisets.html</guid>
<description></description>
</item>
<item>
<title>Category Theory with Adjunctions and Limits</title>
<link>/entries/Category3.html</link>
<pubDate>Sun, 26 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Category3.html</guid>
<description></description>
</item>
<item>
<title>A Dependent Security Type System for Concurrent Imperative Programs</title>
<link>/entries/Dependent_SIFUM_Type_Systems.html</link>
<pubDate>Sat, 25 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Dependent_SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>Catalan Numbers</title>
<link>/entries/Catalan_Numbers.html</link>
<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Catalan_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Program Construction and Verification Components Based on Kleene Algebra</title>
<link>/entries/Algebraic_VCs.html</link>
<pubDate>Sat, 18 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Algebraic_VCs.html</guid>
<description></description>
</item>
<item>
<title>Conservation of CSP Noninterference Security under Concurrent Composition</title>
<link>/entries/Noninterference_Concurrent_Composition.html</link>
<pubDate>Mon, 13 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Concurrent_Composition.html</guid>
<description></description>
</item>
<item>
<title>Finite Machine Word Library</title>
<link>/entries/Word_Lib.html</link>
<pubDate>Thu, 09 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Word_Lib.html</guid>
<description></description>
</item>
<item>
<title>Tree Decomposition</title>
<link>/entries/Tree_Decomposition.html</link>
<pubDate>Tue, 31 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Tree_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Equivalence Relations</title>
<link>/entries/Card_Equiv_Relations.html</link>
<pubDate>Tue, 24 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Equiv_Relations.html</guid>
<description></description>
</item>
<item>
<title>POSIX Lexing with Derivatives of Regular Expressions</title>
<link>/entries/Posix-Lexing.html</link>
<pubDate>Tue, 24 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Posix-Lexing.html</guid>
<description></description>
</item>
<item>
<title>Perron-Frobenius Theorem for Spectral Radius Analysis</title>
<link>/entries/Perron_Frobenius.html</link>
<pubDate>Fri, 20 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Perron_Frobenius.html</guid>
<description></description>
</item>
<item>
<title>The meta theory of the Incredible Proof Machine</title>
<link>/entries/Incredible_Proof_Machine.html</link>
<pubDate>Fri, 20 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Incredible_Proof_Machine.html</guid>
<description></description>
</item>
<item>
<title>A Constructive Proof for FLP</title>
<link>/entries/FLP.html</link>
<pubDate>Wed, 18 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/FLP.html</guid>
<description></description>
</item>
<item>
<title>A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks</title>
<link>/entries/MFMC_Countable.html</link>
<pubDate>Mon, 09 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/MFMC_Countable.html</guid>
<description></description>
</item>
<item>
<title>Randomised Social Choice Theory</title>
<link>/entries/Randomised_Social_Choice.html</link>
<pubDate>Thu, 05 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Randomised_Social_Choice.html</guid>
<description></description>
</item>
<item>
<title>Spivey&#39;s Generalized Recurrence for Bell Numbers</title>
<link>/entries/Bell_Numbers_Spivey.html</link>
<pubDate>Wed, 04 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Bell_Numbers_Spivey.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of SD-Efficiency and SD-Strategy-Proofness</title>
<link>/entries/SDS_Impossibility.html</link>
<pubDate>Wed, 04 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/SDS_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Gröbner Bases Theory</title>
<link>/entries/Groebner_Bases.html</link>
<pubDate>Mon, 02 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Groebner_Bases.html</guid>
<description></description>
</item>
<item>
<title>No Faster-Than-Light Observers</title>
<link>/entries/No_FTL_observers.html</link>
<pubDate>Thu, 28 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/No_FTL_observers.html</guid>
<description></description>
</item>
<item>
<title>A formalisation of the Cocke-Younger-Kasami algorithm</title>
<link>/entries/CYK.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/CYK.html</guid>
<description></description>
</item>
<item>
<title>Algorithms for Reduced Ordered Binary Decision Diagrams</title>
<link>/entries/ROBDD.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/ROBDD.html</guid>
<description></description>
</item>
<item>
<title>Conservation of CSP Noninterference Security under Sequential Composition</title>
<link>/entries/Noninterference_Sequential_Composition.html</link>
<pubDate>Tue, 26 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Sequential_Composition.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebras with Domain</title>
<link>/entries/KAD.html</link>
<pubDate>Tue, 12 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/KAD.html</guid>
<description></description>
</item>
<item>
<title>Propositional Resolution and Prime Implicates Generation</title>
<link>/entries/PropResPI.html</link>
<pubDate>Fri, 11 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/PropResPI.html</guid>
<description></description>
</item>
<item>
<title>The Cartan Fixed Point Theorems</title>
<link>/entries/Cartan_FP.html</link>
<pubDate>Tue, 08 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/Cartan_FP.html</guid>
<description></description>
</item>
<item>
<title>Timed Automata</title>
<link>/entries/Timed_Automata.html</link>
<pubDate>Tue, 08 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/Timed_Automata.html</guid>
<description></description>
</item>
<item>
<title>Linear Temporal Logic</title>
<link>/entries/LTL.html</link>
<pubDate>Tue, 01 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/LTL.html</guid>
<description></description>
</item>
<item>
<title>Analysis of List Update Algorithms</title>
<link>/entries/List_Update.html</link>
<pubDate>Wed, 17 Feb 2016 00:00:00 +0000</pubDate>
<guid>/entries/List_Update.html</guid>
<description></description>
</item>
<item>
<title>Verified Construction of Static Single Assignment Form</title>
<link>/entries/Formal_SSA.html</link>
<pubDate>Fri, 05 Feb 2016 00:00:00 +0000</pubDate>
<guid>/entries/Formal_SSA.html</guid>
<description></description>
</item>
<item>
<title>Polynomial Factorization</title>
<link>/entries/Polynomial_Factorization.html</link>
<pubDate>Fri, 29 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Polynomial_Factorization.html</guid>
<description></description>
</item>
<item>
<title>Polynomial Interpolation</title>
<link>/entries/Polynomial_Interpolation.html</link>
<pubDate>Fri, 29 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Polynomial_Interpolation.html</guid>
<description></description>
</item>
<item>
<title>Knot Theory</title>
<link>/entries/Knot_Theory.html</link>
<pubDate>Wed, 20 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Knot_Theory.html</guid>
<description></description>
</item>
<item>
<title>Tensor Product of Matrices</title>
<link>/entries/Matrix_Tensor.html</link>
<pubDate>Mon, 18 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Matrix_Tensor.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Number Partitions</title>
<link>/entries/Card_Number_Partitions.html</link>
<pubDate>Thu, 14 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Number_Partitions.html</guid>
<description></description>
</item>
<item>
<title>Basic Geometric Properties of Triangles</title>
<link>/entries/Triangle.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Triangle.html</guid>
<description></description>
</item>
<item>
<title>Descartes&#39; Rule of Signs</title>
<link>/entries/Descartes_Sign_Rule.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Descartes_Sign_Rule.html</guid>
<description></description>
</item>
<item>
<title>Liouville numbers</title>
<link>/entries/Liouville_Numbers.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Liouville_Numbers.html</guid>
<description></description>
</item>
<item>
<title>The Divergence of the Prime Harmonic Series</title>
<link>/entries/Prime_Harmonic_Series.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Harmonic_Series.html</guid>
<description></description>
</item>
<item>
<title>Algebraic Numbers in Isabelle/HOL</title>
<link>/entries/Algebraic_Numbers.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Algebraic_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Applicative Lifting</title>
<link>/entries/Applicative_Lifting.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Applicative_Lifting.html</guid>
<description></description>
</item>
<item>
<title>The Stern-Brocot Tree</title>
<link>/entries/Stern_Brocot.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Stern_Brocot.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Set Partitions</title>
<link>/entries/Card_Partitions.html</link>
<pubDate>Sat, 12 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Card_Partitions.html</guid>
<description></description>
</item>
<item>
<title>Latin Square</title>
<link>/entries/Latin_Square.html</link>
<pubDate>Wed, 02 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Latin_Square.html</guid>
<description></description>
</item>
<item>
<title>Ergodic Theory</title>
<link>/entries/Ergodic_Theory.html</link>
<pubDate>Tue, 01 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Ergodic_Theory.html</guid>
<description></description>
</item>
<item>
<title>Euler&#39;s Partition Theorem</title>
<link>/entries/Euler_Partition.html</link>
<pubDate>Thu, 19 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Euler_Partition.html</guid>
<description></description>
</item>
<item>
<title>The Tortoise and Hare Algorithm</title>
<link>/entries/TortoiseHare.html</link>
<pubDate>Wed, 18 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/TortoiseHare.html</guid>
<description></description>
</item>
<item>
<title>Planarity Certificates</title>
<link>/entries/Planarity_Certificates.html</link>
<pubDate>Wed, 11 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Planarity_Certificates.html</guid>
<description></description>
</item>
<item>
<title>Positional Determinacy of Parity Games</title>
<link>/entries/Parity_Game.html</link>
<pubDate>Mon, 02 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Parity_Game.html</guid>
<description></description>
</item>
<item>
<title>A Meta-Model for the Isabelle API</title>
<link>/entries/Isabelle_Meta_Model.html</link>
<pubDate>Wed, 16 Sep 2015 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_Meta_Model.html</guid>
<description></description>
</item>
<item>
<title>Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata</title>
<link>/entries/LTL_to_DRA.html</link>
<pubDate>Fri, 04 Sep 2015 00:00:00 +0000</pubDate>
<guid>/entries/LTL_to_DRA.html</guid>
<description></description>
</item>
<item>
<title>Matrices, Jordan Normal Forms, and Spectral Radius Theory</title>
<link>/entries/Jordan_Normal_Form.html</link>
<pubDate>Fri, 21 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Jordan_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Decreasing Diagrams II</title>
<link>/entries/Decreasing-Diagrams-II.html</link>
<pubDate>Thu, 20 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Decreasing-Diagrams-II.html</guid>
<description></description>
</item>
<item>
<title>The Inductive Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Inductive_Unwinding.html</link>
<pubDate>Tue, 18 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Inductive_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>Representations of Finite Groups</title>
<link>/entries/Rep_Fin_Groups.html</link>
<pubDate>Wed, 12 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Rep_Fin_Groups.html</guid>
<description></description>
</item>
<item>
<title>Analysing and Comparing Encodability Criteria for Process Calculi</title>
<link>/entries/Encodability_Process_Calculi.html</link>
<pubDate>Mon, 10 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Encodability_Process_Calculi.html</guid>
<description></description>
</item>
<item>
<title>Generating Cases from Labeled Subgoals</title>
<link>/entries/Case_Labeling.html</link>
<pubDate>Tue, 21 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Case_Labeling.html</guid>
<description></description>
</item>
<item>
<title>Landau Symbols</title>
<link>/entries/Landau_Symbols.html</link>
<pubDate>Tue, 14 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Landau_Symbols.html</guid>
<description></description>
</item>
<item>
<title>The Akra-Bazzi theorem and the Master theorem</title>
<link>/entries/Akra_Bazzi.html</link>
<pubDate>Tue, 14 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Akra_Bazzi.html</guid>
<description></description>
</item>
<item>
<title>Hermite Normal Form</title>
<link>/entries/Hermite.html</link>
<pubDate>Tue, 07 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Hermite.html</guid>
<description></description>
</item>
<item>
<title>Derangements Formula</title>
<link>/entries/Derangements.html</link>
<pubDate>Sat, 27 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Derangements.html</guid>
<description></description>
</item>
<item>
<title>Binary Multirelations</title>
<link>/entries/Multirelations.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Multirelations.html</guid>
<description></description>
</item>
<item>
<title>Reasoning about Lists via List Interleaving</title>
<link>/entries/List_Interleaving.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/List_Interleaving.html</guid>
<description></description>
</item>
<item>
<title>The Generic Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Generic_Unwinding.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Generic_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>The Ipurge Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Ipurge_Unwinding.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Ipurge_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>Parameterized Dynamic Tables</title>
<link>/entries/Dynamic_Tables.html</link>
<pubDate>Sun, 07 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Dynamic_Tables.html</guid>
<description></description>
</item>
<item>
<title>Derivatives of Logical Formulas</title>
<link>/entries/Formula_Derivatives.html</link>
<pubDate>Thu, 28 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Formula_Derivatives.html</guid>
<description></description>
</item>
<item>
<title>A Zoo of Probabilistic Systems</title>
<link>/entries/Probabilistic_System_Zoo.html</link>
<pubDate>Wed, 27 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_System_Zoo.html</guid>
<description></description>
</item>
<item>
<title>VCG - Combinatorial Vickrey-Clarke-Groves Auctions</title>
<link>/entries/Vickrey_Clarke_Groves.html</link>
<pubDate>Thu, 30 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/Vickrey_Clarke_Groves.html</guid>
<description></description>
</item>
<item>
<title>Residuated Lattices</title>
<link>/entries/Residuated_Lattices.html</link>
<pubDate>Wed, 15 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/Residuated_Lattices.html</guid>
<description></description>
</item>
<item>
<title>Concurrent IMP</title>
<link>/entries/ConcurrentIMP.html</link>
<pubDate>Mon, 13 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/ConcurrentIMP.html</guid>
<description></description>
</item>
<item>
<title>Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO</title>
<link>/entries/ConcurrentGC.html</link>
<pubDate>Mon, 13 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/ConcurrentGC.html</guid>
<description></description>
</item>
<item>
<title>Trie</title>
<link>/entries/Trie.html</link>
<pubDate>Mon, 30 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Trie.html</guid>
<description></description>
</item>
<item>
<title>Consensus Refined</title>
<link>/entries/Consensus_Refined.html</link>
<pubDate>Wed, 18 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Consensus_Refined.html</guid>
<description></description>
</item>
<item>
<title>Deriving class instances for datatypes</title>
<link>/entries/Deriving.html</link>
<pubDate>Wed, 11 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Deriving.html</guid>
<description></description>
</item>
<item>
<title>The Safety of Call Arity</title>
<link>/entries/Call_Arity.html</link>
<pubDate>Fri, 20 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Call_Arity.html</guid>
<description></description>
</item>
<item>
<title>Echelon Form</title>
<link>/entries/Echelon_Form.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Echelon_Form.html</guid>
<description></description>
</item>
<item>
<title>QR Decomposition</title>
<link>/entries/QR_Decomposition.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/QR_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Finite Automata in Hereditarily Finite Set Theory</title>
<link>/entries/Finite_Automata_HF.html</link>
<pubDate>Thu, 05 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Finite_Automata_HF.html</guid>
<description></description>
</item>
<item>
<title>Verification of the UpDown Scheme</title>
<link>/entries/UpDown_Scheme.html</link>
<pubDate>Wed, 28 Jan 2015 00:00:00 +0000</pubDate>
<guid>/entries/UpDown_Scheme.html</guid>
<description></description>
</item>
<item>
<title>The Unified Policy Framework (UPF)</title>
<link>/entries/UPF.html</link>
<pubDate>Fri, 28 Nov 2014 00:00:00 +0000</pubDate>
<guid>/entries/UPF.html</guid>
<description></description>
</item>
<item>
<title>Loop freedom of the (untimed) AODV routing protocol</title>
<link>/entries/AODV.html</link>
<pubDate>Thu, 23 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/AODV.html</guid>
<description></description>
</item>
<item>
<title>Lifting Definition Option</title>
<link>/entries/Lifting_Definition_Option.html</link>
<pubDate>Mon, 13 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Lifting_Definition_Option.html</guid>
<description></description>
</item>
<item>
<title>Stream Fusion in HOL with Code Generation</title>
<link>/entries/Stream_Fusion_Code.html</link>
<pubDate>Fri, 10 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Stream_Fusion_Code.html</guid>
<description></description>
</item>
<item>
<title>A Verified Compiler for Probability Density Functions</title>
<link>/entries/Density_Compiler.html</link>
<pubDate>Thu, 09 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Density_Compiler.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Refinement Calculus for Reactive Systems</title>
<link>/entries/RefinementReactive.html</link>
<pubDate>Wed, 08 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/RefinementReactive.html</guid>
<description></description>
</item>
<item>
<title>Certification Monads</title>
<link>/entries/Certification_Monads.html</link>
<pubDate>Fri, 03 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Certification_Monads.html</guid>
<description></description>
</item>
<item>
<title>XML</title>
<link>/entries/XML.html</link>
<pubDate>Fri, 03 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/XML.html</guid>
<description></description>
</item>
<item>
<title>Imperative Insertion Sort</title>
<link>/entries/Imperative_Insertion_Sort.html</link>
<pubDate>Thu, 25 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Imperative_Insertion_Sort.html</guid>
<description></description>
</item>
<item>
<title>The Sturm-Tarski Theorem</title>
<link>/entries/Sturm_Tarski.html</link>
<pubDate>Fri, 19 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Sturm_Tarski.html</guid>
<description></description>
</item>
<item>
<title>The Cayley-Hamilton Theorem</title>
<link>/entries/Cayley_Hamilton.html</link>
<pubDate>Mon, 15 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Cayley_Hamilton.html</guid>
<description></description>
</item>
<item>
<title>The Jordan-Hölder Theorem</title>
<link>/entries/Jordan_Hoelder.html</link>
<pubDate>Tue, 09 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Jordan_Hoelder.html</guid>
<description></description>
</item>
<item>
<title>Priority Queues Based on Braun Trees</title>
<link>/entries/Priority_Queue_Braun.html</link>
<pubDate>Thu, 04 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Priority_Queue_Braun.html</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan Algorithm and Its Applications</title>
<link>/entries/Gauss_Jordan.html</link>
<pubDate>Wed, 03 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Gauss_Jordan.html</guid>
<description></description>
</item>
<item>
<title>Real-Valued Special Functions: Upper and Lower Bounds</title>
<link>/entries/Special_Function_Bounds.html</link>
<pubDate>Fri, 29 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Special_Function_Bounds.html</guid>
<description></description>
</item>
<item>
<title>Vector Spaces</title>
<link>/entries/VectorSpace.html</link>
<pubDate>Fri, 29 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/VectorSpace.html</guid>
<description></description>
</item>
<item>
<title>Skew Heap</title>
<link>/entries/Skew_Heap.html</link>
<pubDate>Wed, 13 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Skew_Heap.html</guid>
<description></description>
</item>
<item>
<title>Splay Tree</title>
<link>/entries/Splay_Tree.html</link>
<pubDate>Tue, 12 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Splay_Tree.html</guid>
<description></description>
</item>
<item>
<title>Haskell&#39;s Show Class in Isabelle/HOL</title>
<link>/entries/Show.html</link>
<pubDate>Tue, 29 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Show.html</guid>
<description></description>
</item>
<item>
<title>Formal Specification of a Generic Separation Kernel</title>
<link>/entries/CISC-Kernel.html</link>
<pubDate>Fri, 18 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/CISC-Kernel.html</guid>
<description></description>
</item>
<item>
<title>pGCL for Isabelle</title>
<link>/entries/pGCL.html</link>
<pubDate>Sun, 13 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/pGCL.html</guid>
<description></description>
</item>
<item>
<title>Amortized Complexity Verified</title>
<link>/entries/Amortized_Complexity.html</link>
<pubDate>Mon, 07 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Amortized_Complexity.html</guid>
<description></description>
</item>
<item>
<title>Network Security Policy Verification</title>
<link>/entries/Network_Security_Policy_Verification.html</link>
<pubDate>Fri, 04 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Network_Security_Policy_Verification.html</guid>
<description></description>
</item>
<item>
<title>Pop-Refinement</title>
<link>/entries/Pop_Refinement.html</link>
<pubDate>Thu, 03 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Pop_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</title>
<link>/entries/MSO_Regex_Equivalence.html</link>
<pubDate>Thu, 12 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/MSO_Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Boolean Expression Checkers</title>
<link>/entries/Boolean_Expression_Checkers.html</link>
<pubDate>Sun, 08 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/Boolean_Expression_Checkers.html</guid>
<description></description>
</item>
<item>
<title>A Fully Verified Executable LTL Model Checker</title>
<link>/entries/CAVA_LTL_Modelchecker.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/CAVA_LTL_Modelchecker.html</guid>
<description></description>
</item>
<item>
<title>Converting Linear-Time Temporal Logic to Generalized Büchi Automata</title>
<link>/entries/LTL_to_GBA.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/LTL_to_GBA.html</guid>
<description></description>
</item>
<item>
<title>Promela Formalization</title>
<link>/entries/Promela.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Promela.html</guid>
<description></description>
</item>
<item>
<title>The CAVA Automata Library</title>
<link>/entries/CAVA_Automata.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/CAVA_Automata.html</guid>
<description></description>
</item>
<item>
<title>Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</title>
<link>/entries/Gabow_SCC.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Gabow_SCC.html</guid>
<description></description>
</item>
<item>
<title>Noninterference Security in Communicating Sequential Processes</title>
<link>/entries/Noninterference_CSP.html</link>
<pubDate>Fri, 23 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_CSP.html</guid>
<description></description>
</item>
<item>
<title>Transitive closure according to Roy-Floyd-Warshall</title>
<link>/entries/Roy_Floyd_Warshall.html</link>
<pubDate>Fri, 23 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Roy_Floyd_Warshall.html</guid>
<description></description>
</item>
<item>
<title>Regular Algebras</title>
<link>/entries/Regular_Algebras.html</link>
<pubDate>Wed, 21 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Regular_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Formalisation and Analysis of Component Dependencies</title>
<link>/entries/ComponentDependencies.html</link>
<pubDate>Mon, 28 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/ComponentDependencies.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Assumptions and Guarantees for Compositional Noninterference</title>
<link>/entries/SIFUM_Type_Systems.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Declassification with WHAT-and-WHERE-Security</title>
<link>/entries/WHATandWHERE_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/WHATandWHERE_Security.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Strong Security</title>
<link>/entries/Strong_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Strong_Security.html</guid>
<description></description>
</item>
<item>
<title>Bounded-Deducibility Security</title>
<link>/entries/Bounded_Deducibility_Security.html</link>
<pubDate>Tue, 22 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Bounded_Deducibility_Security.html</guid>
<description></description>
</item>
<item>
<title>A shallow embedding of HyperCTL*</title>
<link>/entries/HyperCTL.html</link>
<pubDate>Wed, 16 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/HyperCTL.html</guid>
<description></description>
</item>
<item>
<title>Abstract Completeness</title>
<link>/entries/Abstract_Completeness.html</link>
<pubDate>Wed, 16 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Abstract_Completeness.html</guid>
<description></description>
</item>
<item>
<title>Discrete Summation</title>
<link>/entries/Discrete_Summation.html</link>
<pubDate>Sun, 13 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Discrete_Summation.html</guid>
<description></description>
</item>
<item>
<title>Syntax and semantics of a GPU kernel programming language</title>
<link>/entries/GPU_Kernel_PL.html</link>
<pubDate>Thu, 03 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/GPU_Kernel_PL.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Noninterference</title>
<link>/entries/Probabilistic_Noninterference.html</link>
<pubDate>Tue, 11 Mar 2014 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Noninterference.html</guid>
<description></description>
</item>
<item>
<title>Mechanization of the Algebra for Wireless Networks (AWN)</title>
<link>/entries/AWN.html</link>
<pubDate>Sat, 08 Mar 2014 00:00:00 +0000</pubDate>
<guid>/entries/AWN.html</guid>
<description></description>
</item>
<item>
<title>Mutually Recursive Partial Functions</title>
<link>/entries/Partial_Function_MR.html</link>
<pubDate>Tue, 18 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Partial_Function_MR.html</guid>
<description></description>
</item>
<item>
<title>Properties of Random Graphs -- Subgraph Containment</title>
<link>/entries/Random_Graph_Subgraph_Threshold.html</link>
<pubDate>Thu, 13 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Random_Graph_Subgraph_Threshold.html</guid>
<description></description>
</item>
<item>
<title>Verification of Selection and Heap Sort Using Locales</title>
<link>/entries/Selection_Heap_Sort.html</link>
<pubDate>Tue, 11 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Selection_Heap_Sort.html</guid>
<description></description>
</item>
<item>
<title>Affine Arithmetic</title>
<link>/entries/Affine_Arithmetic.html</link>
<pubDate>Fri, 07 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Affine_Arithmetic.html</guid>
<description></description>
</item>
<item>
<title>Implementing field extensions of the form Q[sqrt(b)]</title>
<link>/entries/Real_Impl.html</link>
<pubDate>Thu, 06 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Real_Impl.html</guid>
<description></description>
</item>
<item>
<title>Unified Decision Procedures for Regular Expression Equivalence</title>
<link>/entries/Regex_Equivalence.html</link>
<pubDate>Thu, 30 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Secondary Sylow Theorems</title>
<link>/entries/Secondary_Sylow.html</link>
<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Secondary_Sylow.html</guid>
<description></description>
</item>
<item>
<title>Relation Algebra</title>
<link>/entries/Relation_Algebra.html</link>
<pubDate>Sat, 25 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Relation_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra with Tests and Demonic Refinement Algebras</title>
<link>/entries/KAT_and_DRA.html</link>
<pubDate>Thu, 23 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/KAT_and_DRA.html</guid>
<description></description>
</item>
<item>
<title>Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5</title>
<link>/entries/Featherweight_OCL.html</link>
<pubDate>Thu, 16 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Featherweight_OCL.html</guid>
<description></description>
</item>
<item>
<title>Compositional Properties of Crypto-Based Components</title>
<link>/entries/CryptoBasedCompositionalProperties.html</link>
<pubDate>Sat, 11 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/CryptoBasedCompositionalProperties.html</guid>
<description></description>
</item>
<item>
<title>Sturm&#39;s Theorem</title>
<link>/entries/Sturm_Sequences.html</link>
<pubDate>Sat, 11 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Sturm_Sequences.html</guid>
<description></description>
</item>
<item>
<title>A General Method for the Proof of Theorems on Tail-recursive Functions</title>
<link>/entries/Tail_Recursive_Functions.html</link>
<pubDate>Sun, 01 Dec 2013 00:00:00 +0000</pubDate>
<guid>/entries/Tail_Recursive_Functions.html</guid>
<description></description>
</item>
<item>
<title>Gödel&#39;s Incompleteness Theorems</title>
<link>/entries/Incompleteness.html</link>
<pubDate>Sun, 17 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Incompleteness.html</guid>
<description></description>
</item>
<item>
<title>The Hereditarily Finite Sets</title>
<link>/entries/HereditarilyFinite.html</link>
<pubDate>Sun, 17 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/HereditarilyFinite.html</guid>
<description></description>
</item>
<item>
<title>A Codatatype of Formal Languages</title>
<link>/entries/Coinductive_Languages.html</link>
<pubDate>Fri, 15 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Coinductive_Languages.html</guid>
<description></description>
</item>
<item>
<title>Stream Processing Components: Isabelle/HOL Formalisation and Case Studies</title>
<link>/entries/FocusStreamsCaseStudies.html</link>
<pubDate>Thu, 14 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/FocusStreamsCaseStudies.html</guid>
<description></description>
</item>
<item>
<title>Gödel&#39;s God in Isabelle/HOL</title>
<link>/entries/GoedelGod.html</link>
<pubDate>Tue, 12 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/GoedelGod.html</guid>
<description></description>
</item>
<item>
<title>Decreasing Diagrams</title>
<link>/entries/Decreasing-Diagrams.html</link>
<pubDate>Fri, 01 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Decreasing-Diagrams.html</guid>
<description></description>
</item>
<item>
<title>Automatic Data Refinement</title>
<link>/entries/Automatic_Refinement.html</link>
<pubDate>Wed, 02 Oct 2013 00:00:00 +0000</pubDate>
<guid>/entries/Automatic_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Native Word</title>
<link>/entries/Native_Word.html</link>
<pubDate>Tue, 17 Sep 2013 00:00:00 +0000</pubDate>
<guid>/entries/Native_Word.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of IEEE Floating Point Arithmetic</title>
<link>/entries/IEEE_Floating_Point.html</link>
<pubDate>Sat, 27 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/IEEE_Floating_Point.html</guid>
<description></description>
</item>
<item>
<title>Lehmer&#39;s Theorem</title>
<link>/entries/Lehmer.html</link>
<pubDate>Mon, 22 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Lehmer.html</guid>
<description></description>
</item>
<item>
<title>Pratt&#39;s Primality Certificates</title>
<link>/entries/Pratt_Certificate.html</link>
<pubDate>Mon, 22 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Pratt_Certificate.html</guid>
<description></description>
</item>
<item>
<title>The Königsberg Bridge Problem and the Friendship Theorem</title>
<link>/entries/Koenigsberg_Friendship.html</link>
<pubDate>Fri, 19 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Koenigsberg_Friendship.html</guid>
<description></description>
</item>
<item>
<title>Sound and Complete Sort Encodings for First-Order Logic</title>
<link>/entries/Sort_Encodings.html</link>
<pubDate>Thu, 27 Jun 2013 00:00:00 +0000</pubDate>
<guid>/entries/Sort_Encodings.html</guid>
<description></description>
</item>
<item>
<title>An Axiomatic Characterization of the Single-Source Shortest Path Problem</title>
<link>/entries/ShortestPath.html</link>
<pubDate>Wed, 22 May 2013 00:00:00 +0000</pubDate>
<guid>/entries/ShortestPath.html</guid>
<description></description>
</item>
<item>
<title>Graph Theory</title>
<link>/entries/Graph_Theory.html</link>
<pubDate>Sun, 28 Apr 2013 00:00:00 +0000</pubDate>
<guid>/entries/Graph_Theory.html</guid>
<description></description>
</item>
<item>
<title>Light-weight Containers</title>
<link>/entries/Containers.html</link>
<pubDate>Mon, 15 Apr 2013 00:00:00 +0000</pubDate>
<guid>/entries/Containers.html</guid>
<description></description>
</item>
<item>
<title>Nominal 2</title>
<link>/entries/Nominal2.html</link>
<pubDate>Thu, 21 Feb 2013 00:00:00 +0000</pubDate>
<guid>/entries/Nominal2.html</guid>
<description></description>
</item>
<item>
<title>The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</title>
<link>/entries/Launchbury.html</link>
<pubDate>Thu, 31 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Launchbury.html</guid>
<description></description>
</item>
<item>
<title>Ribbon Proofs</title>
<link>/entries/Ribbon_Proofs.html</link>
<pubDate>Sat, 19 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Ribbon_Proofs.html</guid>
<description></description>
</item>
<item>
<title>Rank-Nullity Theorem in Linear Algebra</title>
<link>/entries/Rank_Nullity_Theorem.html</link>
<pubDate>Wed, 16 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Rank_Nullity_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra</title>
<link>/entries/Kleene_Algebra.html</link>
<pubDate>Tue, 15 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Kleene_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Computing N-th Roots using the Babylonian Method</title>
<link>/entries/Sqrt_Babylonian.html</link>
<pubDate>Thu, 03 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Sqrt_Babylonian.html</guid>
<description></description>
</item>
<item>
<title>A Separation Logic Framework for Imperative HOL</title>
<link>/entries/Separation_Logic_Imperative_HOL.html</link>
<pubDate>Wed, 14 Nov 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Logic_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Open Induction</title>
<link>/entries/Open_Induction.html</link>
<pubDate>Fri, 02 Nov 2012 00:00:00 +0000</pubDate>
<guid>/entries/Open_Induction.html</guid>
<description></description>
</item>
<item>
<title>The independence of Tarski&#39;s Euclidean axiom</title>
<link>/entries/Tarskis_Geometry.html</link>
<pubDate>Tue, 30 Oct 2012 00:00:00 +0000</pubDate>
<guid>/entries/Tarskis_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Bondy&#39;s Theorem</title>
<link>/entries/Bondy.html</link>
<pubDate>Sat, 27 Oct 2012 00:00:00 +0000</pubDate>
<guid>/entries/Bondy.html</guid>
<description></description>
</item>
<item>
<title>Possibilistic Noninterference</title>
<link>/entries/Possibilistic_Noninterference.html</link>
<pubDate>Mon, 10 Sep 2012 00:00:00 +0000</pubDate>
<guid>/entries/Possibilistic_Noninterference.html</guid>
<description></description>
</item>
<item>
<title>Generating linear orders for datatypes</title>
<link>/entries/Datatype_Order_Generator.html</link>
<pubDate>Tue, 07 Aug 2012 00:00:00 +0000</pubDate>
<guid>/entries/Datatype_Order_Generator.html</guid>
<description></description>
</item>
<item>
<title>Proving the Impossibility of Trisecting an Angle and Doubling the Cube</title>
<link>/entries/Impossible_Geometry.html</link>
<pubDate>Sun, 05 Aug 2012 00:00:00 +0000</pubDate>
<guid>/entries/Impossible_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model</title>
<link>/entries/Heard_Of.html</link>
<pubDate>Fri, 27 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/Heard_Of.html</guid>
<description></description>
</item>
<item>
<title>Logical Relations for PCF</title>
<link>/entries/PCF.html</link>
<pubDate>Sun, 01 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/PCF.html</guid>
<description></description>
</item>
<item>
<title>Type Constructor Classes and Monad Transformers</title>
<link>/entries/Tycon.html</link>
<pubDate>Tue, 26 Jun 2012 00:00:00 +0000</pubDate>
<guid>/entries/Tycon.html</guid>
<description></description>
</item>
<item>
<title>CCS in nominal logic</title>
<link>/entries/CCS.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/CCS.html</guid>
<description></description>
</item>
<item>
<title>Psi-calculi in Isabelle</title>
<link>/entries/Psi_Calculi.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Psi_Calculi.html</guid>
<description></description>
</item>
<item>
<title>The pi-calculus in nominal logic</title>
<link>/entries/Pi_Calculus.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Pi_Calculus.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Circus</title>
<link>/entries/Circus.html</link>
<pubDate>Sun, 27 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Circus.html</guid>
<description></description>
</item>
<item>
<title>Separation Algebra</title>
<link>/entries/Separation_Algebra.html</link>
<pubDate>Fri, 11 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Stuttering Equivalence</title>
<link>/entries/Stuttering_Equivalence.html</link>
<pubDate>Mon, 07 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Stuttering_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Inductive Study of Confidentiality</title>
<link>/entries/Inductive_Confidentiality.html</link>
<pubDate>Wed, 02 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Inductive_Confidentiality.html</guid>
<description></description>
</item>
<item>
<title>Ordinary Differential Equations</title>
<link>/entries/Ordinary_Differential_Equations.html</link>
<pubDate>Thu, 26 Apr 2012 00:00:00 +0000</pubDate>
<guid>/entries/Ordinary_Differential_Equations.html</guid>
<description></description>
</item>
<item>
<title>Well-Quasi-Orders</title>
<link>/entries/Well_Quasi_Orders.html</link>
<pubDate>Fri, 13 Apr 2012 00:00:00 +0000</pubDate>
<guid>/entries/Well_Quasi_Orders.html</guid>
<description></description>
</item>
<item>
<title>Abortable Linearizable Modules</title>
<link>/entries/Abortable_Linearizable_Modules.html</link>
<pubDate>Thu, 01 Mar 2012 00:00:00 +0000</pubDate>
<guid>/entries/Abortable_Linearizable_Modules.html</guid>
<description></description>
</item>
<item>
<title>Executable Transitive Closures</title>
<link>/entries/Transitive-Closure-II.html</link>
<pubDate>Wed, 29 Feb 2012 00:00:00 +0000</pubDate>
<guid>/entries/Transitive-Closure-II.html</guid>
<description></description>
</item>
<item>
<title>A Probabilistic Proof of the Girth-Chromatic Number Theorem</title>
<link>/entries/Girth_Chromatic.html</link>
<pubDate>Mon, 06 Feb 2012 00:00:00 +0000</pubDate>
<guid>/entries/Girth_Chromatic.html</guid>
<description></description>
</item>
<item>
<title>Dijkstra&#39;s Shortest Path Algorithm</title>
<link>/entries/Dijkstra_Shortest_Path.html</link>
<pubDate>Mon, 30 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Dijkstra_Shortest_Path.html</guid>
<description></description>
</item>
<item>
<title>Refinement for Monadic Programs</title>
<link>/entries/Refine_Monadic.html</link>
<pubDate>Mon, 30 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Refine_Monadic.html</guid>
<description></description>
</item>
<item>
<title>Markov Models</title>
<link>/entries/Markov_Models.html</link>
<pubDate>Tue, 03 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>A Definitional Encoding of TLA* in Isabelle/HOL</title>
<link>/entries/TLA.html</link>
<pubDate>Sat, 19 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/TLA.html</guid>
<description></description>
</item>
<item>
<title>Efficient Mergesort</title>
<link>/entries/Efficient-Mergesort.html</link>
<pubDate>Wed, 09 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/Efficient-Mergesort.html</guid>
<description></description>
</item>
<item>
<title>Algebra of Monotonic Boolean Transformers</title>
<link>/entries/MonoBoolTranAlgebra.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/MonoBoolTranAlgebra.html</guid>
<description></description>
</item>
<item>
<title>Lattice Properties</title>
<link>/entries/LatticeProperties.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/LatticeProperties.html</guid>
<description></description>
</item>
<item>
<title>Pseudo Hoops</title>
<link>/entries/PseudoHoops.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/PseudoHoops.html</guid>
<description></description>
</item>
<item>
<title>The Myhill-Nerode Theorem Based on Regular Expressions</title>
<link>/entries/Myhill-Nerode.html</link>
<pubDate>Fri, 26 Aug 2011 00:00:00 +0000</pubDate>
<guid>/entries/Myhill-Nerode.html</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan Elimination for Matrices Represented as Functions</title>
<link>/entries/Gauss-Jordan-Elim-Fun.html</link>
<pubDate>Fri, 19 Aug 2011 00:00:00 +0000</pubDate>
<guid>/entries/Gauss-Jordan-Elim-Fun.html</guid>
<description></description>
</item>
<item>
<title>Maximum Cardinality Matching</title>
<link>/entries/Max-Card-Matching.html</link>
<pubDate>Thu, 21 Jul 2011 00:00:00 +0000</pubDate>
<guid>/entries/Max-Card-Matching.html</guid>
<description></description>
</item>
<item>
<title>Knowledge-based programs</title>
<link>/entries/KBPs.html</link>
<pubDate>Tue, 17 May 2011 00:00:00 +0000</pubDate>
<guid>/entries/KBPs.html</guid>
<description></description>
</item>
<item>
<title>The General Triangle Is Unique</title>
<link>/entries/General-Triangle.html</link>
<pubDate>Fri, 01 Apr 2011 00:00:00 +0000</pubDate>
<guid>/entries/General-Triangle.html</guid>
<description></description>
</item>
<item>
<title>Executable Transitive Closures of Finite Relations</title>
<link>/entries/Transitive-Closure.html</link>
<pubDate>Mon, 14 Mar 2011 00:00:00 +0000</pubDate>
<guid>/entries/Transitive-Closure.html</guid>
<description></description>
</item>
<item>
<title>AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics</title>
<link>/entries/AutoFocus-Stream.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/AutoFocus-Stream.html</guid>
<description></description>
</item>
<item>
<title>Infinite Lists</title>
<link>/entries/List-Infinite.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/List-Infinite.html</guid>
<description></description>
</item>
<item>
<title>Interval Temporal Logic on Natural Numbers</title>
<link>/entries/Nat-Interval-Logic.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/Nat-Interval-Logic.html</guid>
<description></description>
</item>
<item>
<title>Lightweight Java</title>
<link>/entries/LightweightJava.html</link>
<pubDate>Mon, 07 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/LightweightJava.html</guid>
<description></description>
</item>
<item>
<title>RIPEMD-160</title>
<link>/entries/RIPEMD-160-SPARK.html</link>
<pubDate>Mon, 10 Jan 2011 00:00:00 +0000</pubDate>
<guid>/entries/RIPEMD-160-SPARK.html</guid>
<description></description>
</item>
<item>
<title>Lower Semicontinuous Functions</title>
<link>/entries/Lower_Semicontinuous.html</link>
<pubDate>Sat, 08 Jan 2011 00:00:00 +0000</pubDate>
<guid>/entries/Lower_Semicontinuous.html</guid>
<description></description>
</item>
<item>
<title>Hall&#39;s Marriage Theorem</title>
<link>/entries/Marriage.html</link>
<pubDate>Fri, 17 Dec 2010 00:00:00 +0000</pubDate>
<guid>/entries/Marriage.html</guid>
<description></description>
</item>
<item>
<title>Shivers&#39; Control Flow Analysis</title>
<link>/entries/Shivers-CFA.html</link>
<pubDate>Tue, 16 Nov 2010 00:00:00 +0000</pubDate>
<guid>/entries/Shivers-CFA.html</guid>
<description></description>
</item>
<item>
<title>Binomial Heaps and Skew Binomial Heaps</title>
<link>/entries/Binomial-Heaps.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Binomial-Heaps.html</guid>
<description></description>
</item>
<item>
<title>Finger Trees</title>
<link>/entries/Finger-Trees.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Finger-Trees.html</guid>
<description></description>
</item>
<item>
<title>Functional Binomial Queues</title>
<link>/entries/Binomial-Queues.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Binomial-Queues.html</guid>
<description></description>
</item>
<item>
<title>Strong Normalization of Moggis&#39;s Computational Metalanguage</title>
<link>/entries/Lam-ml-Normalization.html</link>
<pubDate>Sun, 29 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Lam-ml-Normalization.html</guid>
<description></description>
</item>
<item>
<title>Executable Multivariate Polynomials</title>
<link>/entries/Polynomials.html</link>
<pubDate>Tue, 10 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Statecharts using Hierarchical Automata</title>
<link>/entries/Statecharts.html</link>
<pubDate>Sun, 08 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Statecharts.html</guid>
<description></description>
</item>
<item>
<title>Free Groups</title>
<link>/entries/Free-Groups.html</link>
<pubDate>Thu, 24 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Free-Groups.html</guid>
<description></description>
</item>
<item>
<title>Category Theory</title>
<link>/entries/Category2.html</link>
<pubDate>Sun, 20 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Category2.html</guid>
<description></description>
</item>
<item>
<title>Executable Matrix Operations on Matrices of Arbitrary Dimensions</title>
<link>/entries/Matrix.html</link>
<pubDate>Thu, 17 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Matrix.html</guid>
<description></description>
</item>
<item>
<title>Abstract Rewriting</title>
<link>/entries/Abstract-Rewriting.html</link>
<pubDate>Mon, 14 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Abstract-Rewriting.html</guid>
<description></description>
</item>
<item>
<title>Semantics and Data Refinement of Invariant Based Programs</title>
<link>/entries/DataRefinementIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/DataRefinementIBP.html</guid>
<description></description>
</item>
<item>
<title>Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement</title>
<link>/entries/GraphMarkingIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/GraphMarkingIBP.html</guid>
<description></description>
</item>
<item>
<title>A Complete Proof of the Robbins Conjecture</title>
<link>/entries/Robbins-Conjecture.html</link>
<pubDate>Sat, 22 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/Robbins-Conjecture.html</guid>
<description></description>
</item>
<item>
<title>Regular Sets and Expressions</title>
<link>/entries/Regular-Sets.html</link>
<pubDate>Wed, 12 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/Regular-Sets.html</guid>
<description></description>
</item>
<item>
<title>Locally Nameless Sigma Calculus</title>
<link>/entries/Locally-Nameless-Sigma.html</link>
<pubDate>Fri, 30 Apr 2010 00:00:00 +0000</pubDate>
<guid>/entries/Locally-Nameless-Sigma.html</guid>
<description></description>
</item>
<item>
<title>Free Boolean Algebra</title>
<link>/entries/Free-Boolean-Algebra.html</link>
<pubDate>Mon, 29 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/Free-Boolean-Algebra.html</guid>
<description></description>
</item>
<item>
<title>Information Flow Noninterference via Slicing</title>
<link>/entries/InformationFlowSlicing.html</link>
<pubDate>Tue, 23 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/InformationFlowSlicing.html</guid>
<description></description>
</item>
<item>
<title>Inter-Procedural Information Flow Noninterference via Slicing</title>
<link>/entries/InformationFlowSlicing_Inter.html</link>
<pubDate>Tue, 23 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/InformationFlowSlicing_Inter.html</guid>
<description></description>
</item>
<item>
<title>List Index</title>
<link>/entries/List-Index.html</link>
<pubDate>Sat, 20 Feb 2010 00:00:00 +0000</pubDate>
<guid>/entries/List-Index.html</guid>
<description></description>
</item>
<item>
<title>Coinductive</title>
<link>/entries/Coinductive.html</link>
<pubDate>Fri, 12 Feb 2010 00:00:00 +0000</pubDate>
<guid>/entries/Coinductive.html</guid>
<description></description>
</item>
<item>
<title>A Fast SAT Solver for Isabelle in Standard ML</title>
<link>/entries/DPT-SAT-Solver.html</link>
<pubDate>Wed, 09 Dec 2009 00:00:00 +0000</pubDate>
<guid>/entries/DPT-SAT-Solver.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Logic-Automaton Connection</title>
<link>/entries/Presburger-Automata.html</link>
<pubDate>Thu, 03 Dec 2009 00:00:00 +0000</pubDate>
<guid>/entries/Presburger-Automata.html</guid>
<description></description>
</item>
<item>
<title>Collections Framework</title>
<link>/entries/Collections.html</link>
<pubDate>Wed, 25 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Collections.html</guid>
<description></description>
</item>
<item>
<title>Tree Automata</title>
<link>/entries/Tree-Automata.html</link>
<pubDate>Wed, 25 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Tree-Automata.html</guid>
<description></description>
</item>
<item>
<title>Perfect Number Theorem</title>
<link>/entries/Perfect-Number-Thm.html</link>
<pubDate>Sun, 22 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Perfect-Number-Thm.html</guid>
<description></description>
</item>
<item>
<title>Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer</title>
<link>/entries/HRB-Slicing.html</link>
<pubDate>Fri, 13 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/HRB-Slicing.html</guid>
<description></description>
</item>
<item>
<title>The Worker/Wrapper Transformation</title>
<link>/entries/WorkerWrapper.html</link>
<pubDate>Fri, 30 Oct 2009 00:00:00 +0000</pubDate>
<guid>/entries/WorkerWrapper.html</guid>
<description></description>
</item>
<item>
<title>Ordinals and Cardinals</title>
<link>/entries/Ordinals_and_Cardinals.html</link>
<pubDate>Tue, 01 Sep 2009 00:00:00 +0000</pubDate>
<guid>/entries/Ordinals_and_Cardinals.html</guid>
<description></description>
</item>
<item>
<title>Invertibility in Sequent Calculi</title>
<link>/entries/SequentInvertibility.html</link>
<pubDate>Fri, 28 Aug 2009 00:00:00 +0000</pubDate>
<guid>/entries/SequentInvertibility.html</guid>
<description></description>
</item>
<item>
<title>An Example of a Cofinitary Group in Isabelle/HOL</title>
<link>/entries/CofGroups.html</link>
<pubDate>Tue, 04 Aug 2009 00:00:00 +0000</pubDate>
<guid>/entries/CofGroups.html</guid>
<description></description>
</item>
<item>
<title>Code Generation for Functions as Data</title>
<link>/entries/FinFun.html</link>
<pubDate>Wed, 06 May 2009 00:00:00 +0000</pubDate>
<guid>/entries/FinFun.html</guid>
<description></description>
</item>
<item>
<title>Stream Fusion</title>
<link>/entries/Stream-Fusion.html</link>
<pubDate>Wed, 29 Apr 2009 00:00:00 +0000</pubDate>
<guid>/entries/Stream-Fusion.html</guid>
<description></description>
</item>
<item>
<title>A Bytecode Logic for JML and Types</title>
<link>/entries/BytecodeLogicJmlTypes.html</link>
<pubDate>Fri, 12 Dec 2008 00:00:00 +0000</pubDate>
<guid>/entries/BytecodeLogicJmlTypes.html</guid>
<description></description>
</item>
<item>
<title>Secure information flow and program logics</title>
<link>/entries/SIFPL.html</link>
<pubDate>Mon, 10 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SIFPL.html</guid>
<description></description>
</item>
<item>
<title>Some classical results in Social Choice Theory</title>
<link>/entries/SenSocialChoice.html</link>
<pubDate>Sun, 09 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SenSocialChoice.html</guid>
<description></description>
</item>
<item>
<title>Fun With Tilings</title>
<link>/entries/FunWithTilings.html</link>
<pubDate>Fri, 07 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/FunWithTilings.html</guid>
<description></description>
</item>
<item>
<title>The Textbook Proof of Huffman&#39;s Algorithm</title>
<link>/entries/Huffman.html</link>
<pubDate>Wed, 15 Oct 2008 00:00:00 +0000</pubDate>
<guid>/entries/Huffman.html</guid>
<description></description>
</item>
<item>
<title>Towards Certified Slicing</title>
<link>/entries/Slicing.html</link>
<pubDate>Tue, 16 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/Slicing.html</guid>
<description></description>
</item>
<item>
<title>A Correctness Proof for the Volpano/Smith Security Typing System</title>
<link>/entries/VolpanoSmith.html</link>
<pubDate>Tue, 02 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/VolpanoSmith.html</guid>
<description></description>
</item>
<item>
<title>Arrow and Gibbard-Satterthwaite</title>
<link>/entries/ArrowImpossibilityGS.html</link>
<pubDate>Mon, 01 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/ArrowImpossibilityGS.html</guid>
<description></description>
</item>
<item>
<title>Fun With Functions</title>
<link>/entries/FunWithFunctions.html</link>
<pubDate>Tue, 26 Aug 2008 00:00:00 +0000</pubDate>
<guid>/entries/FunWithFunctions.html</guid>
<description></description>
</item>
<item>
<title>Formal Verification of Modern SAT Solvers</title>
<link>/entries/SATSolverVerification.html</link>
<pubDate>Wed, 23 Jul 2008 00:00:00 +0000</pubDate>
<guid>/entries/SATSolverVerification.html</guid>
<description></description>
</item>
<item>
<title>Recursion Theory I</title>
<link>/entries/Recursion-Theory-I.html</link>
<pubDate>Sat, 05 Apr 2008 00:00:00 +0000</pubDate>
<guid>/entries/Recursion-Theory-I.html</guid>
<description></description>
</item>
<item>
<title>A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</title>
<link>/entries/Simpl.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/Simpl.html</guid>
<description></description>
</item>
<item>
<title>BDD Normalisation</title>
<link>/entries/BDD.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/BDD.html</guid>
<description></description>
</item>
<item>
<title>Normalization by Evaluation</title>
<link>/entries/NormByEval.html</link>
<pubDate>Mon, 18 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/NormByEval.html</guid>
<description></description>
</item>
<item>
<title>Quantifier Elimination for Linear Arithmetic</title>
<link>/entries/LinearQuantifierElim.html</link>
<pubDate>Fri, 11 Jan 2008 00:00:00 +0000</pubDate>
<guid>/entries/LinearQuantifierElim.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors</title>
<link>/entries/Program-Conflict-Analysis.html</link>
<pubDate>Fri, 14 Dec 2007 00:00:00 +0000</pubDate>
<guid>/entries/Program-Conflict-Analysis.html</guid>
<description></description>
</item>
<item>
<title>Jinja with Threads</title>
<link>/entries/JinjaThreads.html</link>
<pubDate>Mon, 03 Dec 2007 00:00:00 +0000</pubDate>
<guid>/entries/JinjaThreads.html</guid>
<description></description>
</item>
<item>
<title>Much Ado About Two</title>
<link>/entries/MuchAdoAboutTwo.html</link>
<pubDate>Tue, 06 Nov 2007 00:00:00 +0000</pubDate>
<guid>/entries/MuchAdoAboutTwo.html</guid>
<description></description>
</item>
<item>
<title>Fermat&#39;s Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples</title>
<link>/entries/Fermat3_4.html</link>
<pubDate>Sun, 12 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/Fermat3_4.html</guid>
<description></description>
</item>
<item>
<title>Sums of Two and Four Squares</title>
<link>/entries/SumSquares.html</link>
<pubDate>Sun, 12 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/SumSquares.html</guid>
<description></description>
</item>
<item>
<title>Fundamental Properties of Valuation Theory and Hensel&#39;s Lemma</title>
<link>/entries/Valuation.html</link>
<pubDate>Wed, 08 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/Valuation.html</guid>
<description></description>
</item>
<item>
<title>First-Order Logic According to Fitting</title>
<link>/entries/FOL-Fitting.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/FOL-Fitting.html</guid>
<description></description>
</item>
<item>
<title>POPLmark Challenge Via de Bruijn Indices</title>
<link>/entries/POPLmark-deBruijn.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/POPLmark-deBruijn.html</guid>
<description></description>
</item>
<item>
<title>Hotel Key Card System</title>
<link>/entries/HotelKeyCards.html</link>
<pubDate>Sat, 09 Sep 2006 00:00:00 +0000</pubDate>
<guid>/entries/HotelKeyCards.html</guid>
<description></description>
</item>
<item>
<title>Abstract Hoare Logics</title>
<link>/entries/Abstract-Hoare-Logics.html</link>
<pubDate>Tue, 08 Aug 2006 00:00:00 +0000</pubDate>
<guid>/entries/Abstract-Hoare-Logics.html</guid>
<description></description>
</item>
<item>
<title>Flyspeck I: Tame Graphs</title>
<link>/entries/Flyspeck-Tame.html</link>
<pubDate>Mon, 22 May 2006 00:00:00 +0000</pubDate>
<guid>/entries/Flyspeck-Tame.html</guid>
<description></description>
</item>
<item>
<title>CoreC&#43;&#43;</title>
<link>/entries/CoreC&#43;&#43;.html</link>
<pubDate>Mon, 15 May 2006 00:00:00 +0000</pubDate>
<guid>/entries/CoreC&#43;&#43;.html</guid>
<description></description>
</item>
<item>
<title>A Theory of Featherweight Java in Isabelle/HOL</title>
<link>/entries/FeatherweightJava.html</link>
<pubDate>Fri, 31 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/FeatherweightJava.html</guid>
<description></description>
</item>
<item>
<title>Instances of Schneider&#39;s generalized protocol of clock synchronization</title>
<link>/entries/ClockSynchInst.html</link>
<pubDate>Wed, 15 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/ClockSynchInst.html</guid>
<description></description>
</item>
<item>
<title>Cauchy&#39;s Mean Theorem and the Cauchy-Schwarz Inequality</title>
<link>/entries/Cauchy.html</link>
<pubDate>Tue, 14 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/Cauchy.html</guid>
<description></description>
</item>
<item>
<title>Countable Ordinals</title>
<link>/entries/Ordinal.html</link>
<pubDate>Fri, 11 Nov 2005 00:00:00 +0000</pubDate>
<guid>/entries/Ordinal.html</guid>
<description></description>
</item>
<item>
<title>Fast Fourier Transform</title>
<link>/entries/FFT.html</link>
<pubDate>Wed, 12 Oct 2005 00:00:00 +0000</pubDate>
<guid>/entries/FFT.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Generalized Protocol for Clock Synchronization</title>
<link>/entries/GenClock.html</link>
<pubDate>Fri, 24 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/GenClock.html</guid>
<description></description>
</item>
<item>
<title>Proving the Correctness of Disk Paxos</title>
<link>/entries/DiskPaxos.html</link>
<pubDate>Wed, 22 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/DiskPaxos.html</guid>
<description></description>
</item>
<item>
<title>Jive Data and Store Model</title>
<link>/entries/JiveDataStoreModel.html</link>
<pubDate>Mon, 20 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/JiveDataStoreModel.html</guid>
<description></description>
</item>
<item>
<title>Jinja is not Java</title>
<link>/entries/Jinja.html</link>
<pubDate>Wed, 01 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/Jinja.html</guid>
<description></description>
</item>
<item>
<title>SHA1, RSA, PSS and more</title>
<link>/entries/RSAPSS.html</link>
<pubDate>Mon, 02 May 2005 00:00:00 +0000</pubDate>
<guid>/entries/RSAPSS.html</guid>
<description></description>
</item>
<item>
<title>Category Theory to Yoneda&#39;s Lemma</title>
<link>/entries/Category.html</link>
<pubDate>Thu, 21 Apr 2005 00:00:00 +0000</pubDate>
<guid>/entries/Category.html</guid>
<description></description>
</item>
<item>
<title>File Refinement</title>
<link>/entries/FileRefinement.html</link>
<pubDate>Thu, 09 Dec 2004 00:00:00 +0000</pubDate>
<guid>/entries/FileRefinement.html</guid>
<description></description>
</item>
<item>
<title>Integration theory and random variables</title>
<link>/entries/Integration.html</link>
<pubDate>Fri, 19 Nov 2004 00:00:00 +0000</pubDate>
<guid>/entries/Integration.html</guid>
<description></description>
</item>
<item>
<title>A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic</title>
<link>/entries/Verified-Prover.html</link>
<pubDate>Tue, 28 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Verified-Prover.html</guid>
<description></description>
</item>
<item>
<title>Completeness theorem</title>
<link>/entries/Completeness.html</link>
<pubDate>Mon, 20 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Completeness.html</guid>
<description></description>
</item>
<item>
<title>Ramsey&#39;s theorem, infinitary version</title>
<link>/entries/Ramsey-Infinite.html</link>
<pubDate>Mon, 20 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Ramsey-Infinite.html</guid>
<description></description>
</item>
<item>
<title>Compiling Exceptions Correctly</title>
<link>/entries/Compiling-Exceptions-Correctly.html</link>
<pubDate>Fri, 09 Jul 2004 00:00:00 +0000</pubDate>
<guid>/entries/Compiling-Exceptions-Correctly.html</guid>
<description></description>
</item>
<item>
<title>Depth First Search</title>
<link>/entries/Depth-First-Search.html</link>
<pubDate>Thu, 24 Jun 2004 00:00:00 +0000</pubDate>
<guid>/entries/Depth-First-Search.html</guid>
<description></description>
</item>
<item>
<title>Groups, Rings and Modules</title>
<link>/entries/Group-Ring-Module.html</link>
<pubDate>Tue, 18 May 2004 00:00:00 +0000</pubDate>
<guid>/entries/Group-Ring-Module.html</guid>
<description></description>
</item>
<item>
<title>Lazy Lists II</title>
<link>/entries/Lazy-Lists-II.html</link>
<pubDate>Mon, 26 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/Lazy-Lists-II.html</guid>
<description></description>
</item>
<item>
<title>Topology</title>
<link>/entries/Topology.html</link>
<pubDate>Mon, 26 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/Topology.html</guid>
<description></description>
</item>
<item>
<title>Binary Search Trees</title>
<link>/entries/BinarySearchTree.html</link>
<pubDate>Mon, 05 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/BinarySearchTree.html</guid>
<description></description>
</item>
<item>
<title>Functional Automata</title>
<link>/entries/Functional-Automata.html</link>
<pubDate>Tue, 30 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/Functional-Automata.html</guid>
<description></description>
</item>
<item>
<title>AVL Trees</title>
<link>/entries/AVL-Trees.html</link>
<pubDate>Fri, 19 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/AVL-Trees.html</guid>
<description></description>
</item>
<item>
<title>Mini ML</title>
<link>/entries/MiniML.html</link>
<pubDate>Fri, 19 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/MiniML.html</guid>
<description></description>
</item>
<item>
<title>Abortable_Linearizable_Modules</title>
<link>/theories/abortable_linearizable_modules/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abortable_linearizable_modules/</guid>
<description></description>
</item>
<item>
<title>About</title>
<link>/about/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/about/</guid>
<description>The Archive of Formal Proofs is a collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle. It is organized in the way of a scientific journal. Submissions are refereed.
The archive repository is hosted on Heptapod to provide easy free access to archive entries. The entries are tested and maintained continuously against the current stable release of Isabelle. Older versions of archive entries will remain available.</description>
</item>
<item>
<title>Abs_Int_ITP2012</title>
<link>/theories/abs_int_itp2012/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abs_int_itp2012/</guid>
<description></description>
</item>
<item>
<title>Abstract-Hoare-Logics</title>
<link>/theories/abstract-hoare-logics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abstract-hoare-logics/</guid>
<description></description>
</item>
<item>
<title>Abstract-Rewriting</title>
<link>/theories/abstract-rewriting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abstract-rewriting/</guid>
<description></description>
</item>
<item>
<title>Abstract_Completeness</title>
<link>/theories/abstract_completeness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abstract_completeness/</guid>
<description></description>
</item>
<item>
<title>Abstract_Soundness</title>
<link>/theories/abstract_soundness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abstract_soundness/</guid>
<description></description>
</item>
<item>
<title>Ackermanns_not_PR</title>
<link>/theories/ackermanns_not_pr/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ackermanns_not_pr/</guid>
<description></description>
</item>
<item>
<title>Actuarial_Mathematics</title>
<link>/theories/actuarial_mathematics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/actuarial_mathematics/</guid>
<description></description>
</item>
<item>
<title>Adaptive_State_Counting</title>
<link>/theories/adaptive_state_counting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/adaptive_state_counting/</guid>
<description></description>
</item>
<item>
<title>ADS_Functor</title>
<link>/theories/ads_functor/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ads_functor/</guid>
<description></description>
</item>
<item>
<title>Affine_Arithmetic</title>
<link>/theories/affine_arithmetic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/affine_arithmetic/</guid>
<description></description>
</item>
<item>
<title>Aggregation_Algebras</title>
<link>/theories/aggregation_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/aggregation_algebras/</guid>
<description></description>
</item>
<item>
<title>AI_Planning_Languages_Semantics</title>
<link>/theories/ai_planning_languages_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ai_planning_languages_semantics/</guid>
<description></description>
</item>
<item>
<title>Akra_Bazzi</title>
<link>/theories/akra_bazzi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/akra_bazzi/</guid>
<description></description>
</item>
<item>
<title>Algebraic_Numbers</title>
<link>/theories/algebraic_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/algebraic_numbers/</guid>
<description></description>
</item>
<item>
<title>Algebraic_VCs</title>
<link>/theories/algebraic_vcs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/algebraic_vcs/</guid>
<description></description>
</item>
<item>
<title>Allen_Calculus</title>
<link>/theories/allen_calculus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/allen_calculus/</guid>
<description></description>
</item>
<item>
<title>Amicable_Numbers</title>
<link>/theories/amicable_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/amicable_numbers/</guid>
<description></description>
</item>
<item>
<title>Amortized_Complexity</title>
<link>/theories/amortized_complexity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/amortized_complexity/</guid>
<description></description>
</item>
<item>
<title>AnselmGod</title>
<link>/theories/anselmgod/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/anselmgod/</guid>
<description></description>
</item>
<item>
<title>AODV</title>
<link>/theories/aodv/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/aodv/</guid>
<description></description>
</item>
<item>
<title>Applicative_Lifting</title>
<link>/theories/applicative_lifting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/applicative_lifting/</guid>
<description></description>
</item>
<item>
<title>Approximation_Algorithms</title>
<link>/theories/approximation_algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/approximation_algorithms/</guid>
<description></description>
</item>
<item>
<title>Architectural_Design_Patterns</title>
<link>/theories/architectural_design_patterns/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/architectural_design_patterns/</guid>
<description></description>
</item>
<item>
<title>Aristotles_Assertoric_Syllogistic</title>
<link>/theories/aristotles_assertoric_syllogistic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/aristotles_assertoric_syllogistic/</guid>
<description></description>
</item>
<item>
<title>Arith_Prog_Rel_Primes</title>
<link>/theories/arith_prog_rel_primes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/arith_prog_rel_primes/</guid>
<description></description>
</item>
<item>
<title>ArrowImpossibilityGS</title>
<link>/theories/arrowimpossibilitygs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/arrowimpossibilitygs/</guid>
<description></description>
</item>
<item>
<title>Attack_Trees</title>
<link>/theories/attack_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/attack_trees/</guid>
<description></description>
</item>
<item>
<title>Auto2_HOL</title>
<link>/theories/auto2_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/auto2_hol/</guid>
<description></description>
</item>
<item>
<title>Auto2_Imperative_HOL</title>
<link>/theories/auto2_imperative_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/auto2_imperative_hol/</guid>
<description></description>
</item>
<item>
<title>AutoFocus-Stream</title>
<link>/theories/autofocus-stream/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/autofocus-stream/</guid>
<description></description>
</item>
<item>
<title>Automated_Stateful_Protocol_Verification</title>
<link>/theories/automated_stateful_protocol_verification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/automated_stateful_protocol_verification/</guid>
<description></description>
</item>
<item>
<title>Automatic_Refinement</title>
<link>/theories/automatic_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/automatic_refinement/</guid>
<description></description>
</item>
<item>
<title>AVL-Trees</title>
<link>/theories/avl-trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/avl-trees/</guid>
<description></description>
</item>
<item>
<title>AWN</title>
<link>/theories/awn/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/awn/</guid>
<description></description>
</item>
<item>
<title>AxiomaticCategoryTheory</title>
<link>/theories/axiomaticcategorytheory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/axiomaticcategorytheory/</guid>
<description></description>
</item>
<item>
<title>Banach_Steinhaus</title>
<link>/theories/banach_steinhaus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/banach_steinhaus/</guid>
<description></description>
</item>
<item>
<title>BD_Security_Compositional</title>
<link>/theories/bd_security_compositional/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bd_security_compositional/</guid>
<description></description>
</item>
<item>
<title>BDD</title>
<link>/theories/bdd/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bdd/</guid>
<description></description>
</item>
<item>
<title>Belief_Revision</title>
<link>/theories/belief_revision/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/belief_revision/</guid>
<description></description>
</item>
<item>
<title>Bell_Numbers_Spivey</title>
<link>/theories/bell_numbers_spivey/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bell_numbers_spivey/</guid>
<description></description>
</item>
<item>
<title>BenOr_Kozen_Reif</title>
<link>/theories/benor_kozen_reif/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/benor_kozen_reif/</guid>
<description></description>
</item>
<item>
<title>Berlekamp_Zassenhaus</title>
<link>/theories/berlekamp_zassenhaus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/berlekamp_zassenhaus/</guid>
<description></description>
</item>
<item>
<title>Bernoulli</title>
<link>/theories/bernoulli/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bernoulli/</guid>
<description></description>
</item>
<item>
<title>Bertrands_Postulate</title>
<link>/theories/bertrands_postulate/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bertrands_postulate/</guid>
<description></description>
</item>
<item>
<title>Bicategory</title>
<link>/theories/bicategory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bicategory/</guid>
<description></description>
</item>
<item>
<title>BinarySearchTree</title>
<link>/theories/binarysearchtree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/binarysearchtree/</guid>
<description></description>
</item>
<item>
<title>Binding_Syntax_Theory</title>
<link>/theories/binding_syntax_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/binding_syntax_theory/</guid>
<description></description>
</item>
<item>
<title>Binomial-Heaps</title>
<link>/theories/binomial-heaps/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/binomial-heaps/</guid>
<description></description>
</item>
<item>
<title>Binomial-Queues</title>
<link>/theories/binomial-queues/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/binomial-queues/</guid>
<description></description>
</item>
<item>
<title>BirdKMP</title>
<link>/theories/birdkmp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/birdkmp/</guid>
<description></description>
</item>
<item>
<title>Blue_Eyes</title>
<link>/theories/blue_eyes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/blue_eyes/</guid>
<description></description>
</item>
<item>
<title>BNF_CC</title>
<link>/theories/bnf_cc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bnf_cc/</guid>
<description></description>
</item>
<item>
<title>BNF_Operations</title>
<link>/theories/bnf_operations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bnf_operations/</guid>
<description></description>
</item>
<item>
<title>Bondy</title>
<link>/theories/bondy/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bondy/</guid>
<description></description>
</item>
<item>
<title>Boolean_Expression_Checkers</title>
<link>/theories/boolean_expression_checkers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/boolean_expression_checkers/</guid>
<description></description>
</item>
<item>
<title>Boolos_Curious_Inference</title>
<link>/theories/boolos_curious_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/boolos_curious_inference/</guid>
<description></description>
</item>
<item>
<title>Bounded_Deducibility_Security</title>
<link>/theories/bounded_deducibility_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bounded_deducibility_security/</guid>
<description></description>
</item>
<item>
<title>BTree</title>
<link>/theories/btree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/btree/</guid>
<description></description>
</item>
<item>
<title>Buchi_Complementation</title>
<link>/theories/buchi_complementation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/buchi_complementation/</guid>
<description></description>
</item>
<item>
<title>Budan_Fourier</title>
<link>/theories/budan_fourier/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/budan_fourier/</guid>
<description></description>
</item>
<item>
<title>Buffons_Needle</title>
<link>/theories/buffons_needle/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/buffons_needle/</guid>
<description></description>
</item>
<item>
<title>Buildings</title>
<link>/theories/buildings/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/buildings/</guid>
<description></description>
</item>
<item>
<title>BytecodeLogicJmlTypes</title>
<link>/theories/bytecodelogicjmltypes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bytecodelogicjmltypes/</guid>
<description></description>
</item>
<item>
<title>C2KA_DistributedSystems</title>
<link>/theories/c2ka_distributedsystems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/c2ka_distributedsystems/</guid>
<description></description>
</item>
<item>
<title>CakeML</title>
<link>/theories/cakeml/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cakeml/</guid>
<description></description>
</item>
<item>
<title>CakeML_Codegen</title>
<link>/theories/cakeml_codegen/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cakeml_codegen/</guid>
<description></description>
</item>
<item>
<title>Call_Arity</title>
<link>/theories/call_arity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/call_arity/</guid>
<description></description>
</item>
<item>
<title>Card_Equiv_Relations</title>
<link>/theories/card_equiv_relations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/card_equiv_relations/</guid>
<description></description>
</item>
<item>
<title>Card_Multisets</title>
<link>/theories/card_multisets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/card_multisets/</guid>
<description></description>
</item>
<item>
<title>Card_Number_Partitions</title>
<link>/theories/card_number_partitions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/card_number_partitions/</guid>
<description></description>
</item>
<item>
<title>Card_Partitions</title>
<link>/theories/card_partitions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/card_partitions/</guid>
<description></description>
</item>
<item>
<title>Cartan_FP</title>
<link>/theories/cartan_fp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cartan_fp/</guid>
<description></description>
</item>
<item>
<title>Case_Labeling</title>
<link>/theories/case_labeling/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/case_labeling/</guid>
<description></description>
</item>
<item>
<title>Catalan_Numbers</title>
<link>/theories/catalan_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/catalan_numbers/</guid>
<description></description>
</item>
<item>
<title>Category</title>
<link>/theories/category/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/category/</guid>
<description></description>
</item>
<item>
<title>Category2</title>
<link>/theories/category2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/category2/</guid>
<description></description>
</item>
<item>
<title>Category3</title>
<link>/theories/category3/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/category3/</guid>
<description></description>
</item>
<item>
<title>Cauchy</title>
<link>/theories/cauchy/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cauchy/</guid>
<description></description>
</item>
<item>
<title>CAVA_Automata</title>
<link>/theories/cava_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cava_automata/</guid>
<description></description>
</item>
<item>
<title>CAVA_Base</title>
<link>/theories/cava_base/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cava_base/</guid>
<description></description>
</item>
<item>
<title>CAVA_LTL_Modelchecker</title>
<link>/theories/cava_ltl_modelchecker/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cava_ltl_modelchecker/</guid>
<description></description>
</item>
<item>
<title>CAVA_Setup</title>
<link>/theories/cava_setup/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cava_setup/</guid>
<description></description>
</item>
<item>
<title>Cayley_Hamilton</title>
<link>/theories/cayley_hamilton/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cayley_hamilton/</guid>
<description></description>
</item>
<item>
<title>CCS</title>
<link>/theories/ccs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ccs/</guid>
<description></description>
</item>
<item>
<title>Certification_Monads</title>
<link>/theories/certification_monads/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/certification_monads/</guid>
<description></description>
</item>
<item>
<title>Chandy_Lamport</title>
<link>/theories/chandy_lamport/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/chandy_lamport/</guid>
<description></description>
</item>
<item>
<title>Chord_Segments</title>
<link>/theories/chord_segments/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/chord_segments/</guid>
<description></description>
</item>
<item>
<title>Circus</title>
<link>/theories/circus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/circus/</guid>
<description></description>
</item>
<item>
<title>CISC-Kernel</title>
<link>/theories/cisc-kernel/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cisc-kernel/</guid>
<description></description>
</item>
<item>
<title>Clean</title>
<link>/theories/clean/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/clean/</guid>
<description></description>
</item>
<item>
<title>Clique_and_Monotone_Circuits</title>
<link>/theories/clique_and_monotone_circuits/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/clique_and_monotone_circuits/</guid>
<description></description>
</item>
<item>
<title>ClockSynchInst</title>
<link>/theories/clocksynchinst/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/clocksynchinst/</guid>
<description></description>
</item>
<item>
<title>Closest_Pair_Points</title>
<link>/theories/closest_pair_points/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/closest_pair_points/</guid>
<description></description>
</item>
<item>
<title>CoCon</title>
<link>/theories/cocon/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cocon/</guid>
<description></description>
</item>
<item>
<title>CofGroups</title>
<link>/theories/cofgroups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cofgroups/</guid>
<description></description>
</item>
<item>
<title>Coinductive</title>
<link>/theories/coinductive/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/coinductive/</guid>
<description></description>
</item>
<item>
<title>Coinductive_Languages</title>
<link>/theories/coinductive_languages/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/coinductive_languages/</guid>
<description></description>
</item>
<item>
<title>Collections</title>
<link>/theories/collections/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/collections/</guid>
<description></description>
</item>
<item>
<title>Collections_Examples</title>
<link>/theories/collections_examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/collections_examples/</guid>
<description></description>
</item>
<item>
<title>Combinable_Wands</title>
<link>/theories/combinable_wands/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/combinable_wands/</guid>
<description></description>
</item>
<item>
<title>Combinatorics_Words</title>
<link>/theories/combinatorics_words/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/combinatorics_words/</guid>
<description></description>
</item>
<item>
<title>Combinatorics_Words_Graph_Lemma</title>
<link>/theories/combinatorics_words_graph_lemma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/combinatorics_words_graph_lemma/</guid>
<description></description>
</item>
<item>
<title>Combinatorics_Words_Lyndon</title>
<link>/theories/combinatorics_words_lyndon/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/combinatorics_words_lyndon/</guid>
<description></description>
</item>
<item>
<title>Commuting_Hermitian</title>
<link>/theories/commuting_hermitian/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/commuting_hermitian/</guid>
<description></description>
</item>
<item>
<title>Comparison_Sort_Lower_Bound</title>
<link>/theories/comparison_sort_lower_bound/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/comparison_sort_lower_bound/</guid>
<description></description>
</item>
<item>
<title>Compiling-Exceptions-Correctly</title>
<link>/theories/compiling-exceptions-correctly/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/compiling-exceptions-correctly/</guid>
<description></description>
</item>
<item>
<title>Complete_Non_Orders</title>
<link>/theories/complete_non_orders/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/complete_non_orders/</guid>
<description></description>
</item>
<item>
<title>Completeness</title>
<link>/theories/completeness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/completeness/</guid>
<description></description>
</item>
<item>
<title>Complex_Bounded_Operators</title>
<link>/theories/complex_bounded_operators/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/complex_bounded_operators/</guid>
<description></description>
</item>
<item>
<title>Complex_Geometry</title>
<link>/theories/complex_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/complex_geometry/</guid>
<description></description>
</item>
<item>
<title>Complx</title>
<link>/theories/complx/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/complx/</guid>
<description></description>
</item>
<item>
<title>ComponentDependencies</title>
<link>/theories/componentdependencies/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/componentdependencies/</guid>
<description></description>
</item>
<item>
<title>Concurrent_Ref_Alg</title>
<link>/theories/concurrent_ref_alg/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/concurrent_ref_alg/</guid>
<description></description>
</item>
<item>
<title>Concurrent_Revisions</title>
<link>/theories/concurrent_revisions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/concurrent_revisions/</guid>
<description></description>
</item>
<item>
<title>ConcurrentGC</title>
<link>/theories/concurrentgc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/concurrentgc/</guid>
<description></description>
</item>
<item>
<title>ConcurrentIMP</title>
<link>/theories/concurrentimp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/concurrentimp/</guid>
<description></description>
</item>
<item>
<title>Conditional_Simplification</title>
<link>/theories/conditional_simplification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/conditional_simplification/</guid>
<description></description>
</item>
<item>
<title>Conditional_Transfer_Rule</title>
<link>/theories/conditional_transfer_rule/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/conditional_transfer_rule/</guid>
<description></description>
</item>
<item>
<title>Consensus_Refined</title>
<link>/theories/consensus_refined/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/consensus_refined/</guid>
<description></description>
</item>
<item>
<title>Constructive_Cryptography</title>
<link>/theories/constructive_cryptography/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/constructive_cryptography/</guid>
<description></description>
</item>
<item>
<title>Constructive_Cryptography_CM</title>
<link>/theories/constructive_cryptography_cm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/constructive_cryptography_cm/</guid>
<description></description>
</item>
<item>
<title>Constructor_Funs</title>
<link>/theories/constructor_funs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/constructor_funs/</guid>
<description></description>
</item>
<item>
<title>Containers</title>
<link>/theories/containers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/containers/</guid>
<description></description>
</item>
<item>
<title>Containers-Benchmarks</title>
<link>/theories/containers-benchmarks/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/containers-benchmarks/</guid>
<description></description>
</item>
<item>
<title>Core_DOM</title>
<link>/theories/core_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/core_dom/</guid>
<description></description>
</item>
<item>
<title>Core_SC_DOM</title>
<link>/theories/core_sc_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/core_sc_dom/</guid>
<description></description>
</item>
<item>
<title>CoreC&#43;&#43;</title>
<link>/theories/corec&#43;&#43;/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/corec&#43;&#43;/</guid>
<description></description>
</item>
<item>
<title>Correctness_Algebras</title>
<link>/theories/correctness_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/correctness_algebras/</guid>
<description></description>
</item>
<item>
<title>CoSMed</title>
<link>/theories/cosmed/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cosmed/</guid>
<description></description>
</item>
<item>
<title>CoSMeDis</title>
<link>/theories/cosmedis/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cosmedis/</guid>
<description></description>
</item>
<item>
<title>Cotangent_PFD_Formula</title>
<link>/theories/cotangent_pfd_formula/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cotangent_pfd_formula/</guid>
<description></description>
</item>
<item>
<title>Count_Complex_Roots</title>
<link>/theories/count_complex_roots/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/count_complex_roots/</guid>
<description></description>
</item>
<item>
<title>CRDT</title>
<link>/theories/crdt/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/crdt/</guid>
<description></description>
</item>
<item>
<title>CryptHOL</title>
<link>/theories/crypthol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/crypthol/</guid>
<description></description>
</item>
<item>
<title>CryptoBasedCompositionalProperties</title>
<link>/theories/cryptobasedcompositionalproperties/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cryptobasedcompositionalproperties/</guid>
<description></description>
</item>
<item>
<title>CRYSTALS-Kyber</title>
<link>/theories/crystals-kyber/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/crystals-kyber/</guid>
<description></description>
</item>
<item>
<title>CSP_RefTK</title>
<link>/theories/csp_reftk/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/csp_reftk/</guid>
<description></description>
</item>
<item>
<title>Cubic_Quartic_Equations</title>
<link>/theories/cubic_quartic_equations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cubic_quartic_equations/</guid>
<description></description>
</item>
<item>
<title>CYK</title>
<link>/theories/cyk/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cyk/</guid>
<description></description>
</item>
<item>
<title>CZH_Elementary_Categories</title>
<link>/theories/czh_elementary_categories/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/czh_elementary_categories/</guid>
<description></description>
</item>
<item>
<title>CZH_Foundations</title>
<link>/theories/czh_foundations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/czh_foundations/</guid>
<description></description>
</item>
<item>
<title>CZH_Universal_Constructions</title>
<link>/theories/czh_universal_constructions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/czh_universal_constructions/</guid>
<description></description>
</item>
<item>
<title>DataRefinementIBP</title>
<link>/theories/datarefinementibp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/datarefinementibp/</guid>
<description></description>
</item>
<item>
<title>Datatype_Order_Generator</title>
<link>/theories/datatype_order_generator/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/datatype_order_generator/</guid>
<description></description>
</item>
<item>
<title>Decl_Sem_Fun_PL</title>
<link>/theories/decl_sem_fun_pl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/decl_sem_fun_pl/</guid>
<description></description>
</item>
<item>
<title>Decreasing-Diagrams</title>
<link>/theories/decreasing-diagrams/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/decreasing-diagrams/</guid>
<description></description>
</item>
<item>
<title>Decreasing-Diagrams-II</title>
<link>/theories/decreasing-diagrams-ii/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/decreasing-diagrams-ii/</guid>
<description></description>
</item>
<item>
<title>Dedekind_Real</title>
<link>/theories/dedekind_real/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dedekind_real/</guid>
<description></description>
</item>
<item>
<title>Deep_Learning</title>
<link>/theories/deep_learning/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/deep_learning/</guid>
<description></description>
</item>
<item>
<title>Delta_System_Lemma</title>
<link>/theories/delta_system_lemma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/delta_system_lemma/</guid>
<description></description>
</item>
<item>
<title>Density_Compiler</title>
<link>/theories/density_compiler/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/density_compiler/</guid>
<description></description>
</item>
<item>
<title>Dependent_SIFUM_Refinement</title>
<link>/theories/dependent_sifum_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dependent_sifum_refinement/</guid>
<description></description>
</item>
<item>
<title>Dependent_SIFUM_Type_Systems</title>
<link>/theories/dependent_sifum_type_systems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dependent_sifum_type_systems/</guid>
<description></description>
</item>
<item>
<title>Depth-First-Search</title>
<link>/theories/depth-first-search/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/depth-first-search/</guid>
<description></description>
</item>
<item>
<title>Derangements</title>
<link>/theories/derangements/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/derangements/</guid>
<description></description>
</item>
<item>
<title>Deriving</title>
<link>/theories/deriving/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/deriving/</guid>
<description></description>
</item>
<item>
<title>Descartes_Sign_Rule</title>
<link>/theories/descartes_sign_rule/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/descartes_sign_rule/</guid>
<description></description>
</item>
<item>
<title>Design_Theory</title>
<link>/theories/design_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/design_theory/</guid>
<description></description>
</item>
<item>
<title>DFS_Framework</title>
<link>/theories/dfs_framework/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dfs_framework/</guid>
<description></description>
</item>
<item>
<title>Dict_Construction</title>
<link>/theories/dict_construction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dict_construction/</guid>
<description></description>
</item>
<item>
<title>Differential_Dynamic_Logic</title>
<link>/theories/differential_dynamic_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/differential_dynamic_logic/</guid>
<description></description>
</item>
<item>
<title>Differential_Game_Logic</title>
<link>/theories/differential_game_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/differential_game_logic/</guid>
<description></description>
</item>
<item>
<title>Digit_Expansions</title>
<link>/theories/digit_expansions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/digit_expansions/</guid>
<description></description>
</item>
<item>
<title>Dijkstra_Shortest_Path</title>
<link>/theories/dijkstra_shortest_path/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dijkstra_shortest_path/</guid>
<description></description>
</item>
<item>
<title>Diophantine_Eqns_Lin_Hom</title>
<link>/theories/diophantine_eqns_lin_hom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/diophantine_eqns_lin_hom/</guid>
<description></description>
</item>
<item>
<title>Dirichlet_L</title>
<link>/theories/dirichlet_l/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dirichlet_l/</guid>
<description></description>
</item>
<item>
<title>Dirichlet_Series</title>
<link>/theories/dirichlet_series/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dirichlet_series/</guid>
<description></description>
</item>
<item>
<title>Discrete_Summation</title>
<link>/theories/discrete_summation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/discrete_summation/</guid>
<description></description>
</item>
<item>
<title>DiscretePricing</title>
<link>/theories/discretepricing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/discretepricing/</guid>
<description></description>
</item>
<item>
<title>DiskPaxos</title>
<link>/theories/diskpaxos/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/diskpaxos/</guid>
<description></description>
</item>
<item>
<title>DOM_Components</title>
<link>/theories/dom_components/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dom_components/</guid>
<description></description>
</item>
<item>
<title>Dominance_CHK</title>
<link>/theories/dominance_chk/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dominance_chk/</guid>
<description></description>
</item>
<item>
<title>Download the Archive</title>
<link>/download/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/download/</guid>
<description>Current stable version (for most recent Isabelle release): Download all sessions: afp-current.tar.gz (~70 MB)
Older stable versions: Please use the sourceforge download system to access older versions of the archive.
Mercurial access: The AFP repositories with tooling and metadata can be found at Heptapod. In particular, the development version of the Archive (for the development version of Isabelle) is available there.
How to refer to AFP entries: You can refer to AFP entries by using the AFP as an Isabelle component.</description>
</item>
<item>
<title>DPRM_Theorem</title>
<link>/theories/dprm_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dprm_theorem/</guid>
<description></description>
</item>
<item>
<title>DPT-SAT-Solver</title>
<link>/theories/dpt-sat-solver/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dpt-sat-solver/</guid>
<description></description>
</item>
<item>
<title>Dynamic_Tables</title>
<link>/theories/dynamic_tables/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dynamic_tables/</guid>
<description></description>
</item>
<item>
<title>DynamicArchitectures</title>
<link>/theories/dynamicarchitectures/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dynamicarchitectures/</guid>
<description></description>
</item>
<item>
<title>E_Transcendental</title>
<link>/theories/e_transcendental/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/e_transcendental/</guid>
<description></description>
</item>
<item>
<title>Echelon_Form</title>
<link>/theories/echelon_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/echelon_form/</guid>
<description></description>
</item>
<item>
<title>EdmondsKarp_Maxflow</title>
<link>/theories/edmondskarp_maxflow/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/edmondskarp_maxflow/</guid>
<description></description>
</item>
<item>
<title>Efficient-Mergesort</title>
<link>/theories/efficient-mergesort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/efficient-mergesort/</guid>
<description></description>
</item>
<item>
<title>Elliptic_Curves_Group_Law</title>
<link>/theories/elliptic_curves_group_law/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/elliptic_curves_group_law/</guid>
<description></description>
</item>
<item>
<title>Encodability_Process_Calculi</title>
<link>/theories/encodability_process_calculi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/encodability_process_calculi/</guid>
<description></description>
</item>
<item>
<title>Entry Submission</title>
<link>/submission/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/submission/</guid>
<description>Submission Guidelines The submission must follow the following Isabelle style rules. For additional guidelines on Isabelle proofs, also see the this guide (feel free to follow all of these; only the below are mandatory). Technical details about the submission process and the format of the submission are explained on the submission site.
No use of the commands sorry or back. Instantiations must not use Isabelle-generated names such as xa — use Isar, the subgoal command or rename_tac to avoid such names.</description>
</item>
<item>
<title>Epistemic_Logic</title>
<link>/theories/epistemic_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/epistemic_logic/</guid>
<description></description>
</item>
<item>
<title>Equivalence_Relation_Enumeration</title>
<link>/theories/equivalence_relation_enumeration/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/equivalence_relation_enumeration/</guid>
<description></description>
</item>
<item>
<title>Ergodic_Theory</title>
<link>/theories/ergodic_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ergodic_theory/</guid>
<description></description>
</item>
<item>
<title>Error_Function</title>
<link>/theories/error_function/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/error_function/</guid>
<description></description>
</item>
<item>
<title>Euler_MacLaurin</title>
<link>/theories/euler_maclaurin/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/euler_maclaurin/</guid>
<description></description>
</item>
<item>
<title>Euler_Partition</title>
<link>/theories/euler_partition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/euler_partition/</guid>
<description></description>
</item>
<item>
<title>Eval_FO</title>
<link>/theories/eval_fo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/eval_fo/</guid>
<description></description>
</item>
<item>
<title>Extended_Finite_State_Machine_Inference</title>
<link>/theories/extended_finite_state_machine_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/extended_finite_state_machine_inference/</guid>
<description></description>
</item>
<item>
<title>Extended_Finite_State_Machines</title>
<link>/theories/extended_finite_state_machines/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/extended_finite_state_machines/</guid>
<description></description>
</item>
<item>
<title>Factor_Algebraic_Polynomial</title>
<link>/theories/factor_algebraic_polynomial/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/factor_algebraic_polynomial/</guid>
<description></description>
</item>
<item>
<title>Factored_Transition_System_Bounding</title>
<link>/theories/factored_transition_system_bounding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/factored_transition_system_bounding/</guid>
<description></description>
</item>
<item>
<title>Falling_Factorial_Sum</title>
<link>/theories/falling_factorial_sum/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/falling_factorial_sum/</guid>
<description></description>
</item>
<item>
<title>Farkas</title>
<link>/theories/farkas/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/farkas/</guid>
<description></description>
</item>
<item>
<title>Featherweight_OCL</title>
<link>/theories/featherweight_ocl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/featherweight_ocl/</guid>
<description></description>
</item>
<item>
<title>FeatherweightJava</title>
<link>/theories/featherweightjava/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/featherweightjava/</guid>
<description></description>
</item>
<item>
<title>Fermat3_4</title>
<link>/theories/fermat3_4/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fermat3_4/</guid>
<description></description>
</item>
<item>
<title>FFT</title>
<link>/theories/fft/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fft/</guid>
<description></description>
</item>
<item>
<title>FileRefinement</title>
<link>/theories/filerefinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/filerefinement/</guid>
<description></description>
</item>
<item>
<title>FinFun</title>
<link>/theories/finfun/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finfun/</guid>
<description></description>
</item>
<item>
<title>Finger-Trees</title>
<link>/theories/finger-trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finger-trees/</guid>
<description></description>
</item>
<item>
<title>Finite-Map-Extras</title>
<link>/theories/finite-map-extras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finite-map-extras/</guid>
<description></description>
</item>
<item>
<title>Finite_Automata_HF</title>
<link>/theories/finite_automata_hf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finite_automata_hf/</guid>
<description></description>
</item>
<item>
<title>Finite_Fields</title>
<link>/theories/finite_fields/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finite_fields/</guid>
<description></description>
</item>
<item>
<title>Finitely_Generated_Abelian_Groups</title>
<link>/theories/finitely_generated_abelian_groups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finitely_generated_abelian_groups/</guid>
<description></description>
</item>
<item>
<title>First_Order_Terms</title>
<link>/theories/first_order_terms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/first_order_terms/</guid>
<description></description>
</item>
<item>
<title>First_Welfare_Theorem</title>
<link>/theories/first_welfare_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/first_welfare_theorem/</guid>
<description></description>
</item>
<item>
<title>Fishburn_Impossibility</title>
<link>/theories/fishburn_impossibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fishburn_impossibility/</guid>
<description></description>
</item>
<item>
<title>Fisher_Yates</title>
<link>/theories/fisher_yates/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fisher_yates/</guid>
<description></description>
</item>
<item>
<title>Fishers_Inequality</title>
<link>/theories/fishers_inequality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fishers_inequality/</guid>
<description></description>
</item>
<item>
<title>Flow_Networks</title>
<link>/theories/flow_networks/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/flow_networks/</guid>
<description></description>
</item>
<item>
<title>Floyd_Warshall</title>
<link>/theories/floyd_warshall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/floyd_warshall/</guid>
<description></description>
</item>
<item>
<title>FLP</title>
<link>/theories/flp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/flp/</guid>
<description></description>
</item>
<item>
<title>Flyspeck-Tame</title>
<link>/theories/flyspeck-tame/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/flyspeck-tame/</guid>
<description></description>
</item>
<item>
<title>Flyspeck-Tame-Computation</title>
<link>/theories/flyspeck-tame-computation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/flyspeck-tame-computation/</guid>
<description></description>
</item>
<item>
<title>FO_Theory_Rewriting</title>
<link>/theories/fo_theory_rewriting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fo_theory_rewriting/</guid>
<description></description>
</item>
<item>
<title>FocusStreamsCaseStudies</title>
<link>/theories/focusstreamscasestudies/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/focusstreamscasestudies/</guid>
<description></description>
</item>
<item>
<title>FOL-Fitting</title>
<link>/theories/fol-fitting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol-fitting/</guid>
<description></description>
</item>
<item>
<title>FOL_Axiomatic</title>
<link>/theories/fol_axiomatic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_axiomatic/</guid>
<description></description>
</item>
<item>
<title>FOL_Harrison</title>
<link>/theories/fol_harrison/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_harrison/</guid>
<description></description>
</item>
<item>
<title>FOL_Seq_Calc1</title>
<link>/theories/fol_seq_calc1/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_seq_calc1/</guid>
<description></description>
</item>
<item>
<title>FOL_Seq_Calc2</title>
<link>/theories/fol_seq_calc2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_seq_calc2/</guid>
<description></description>
</item>
<item>
<title>FOL_Seq_Calc3</title>
<link>/theories/fol_seq_calc3/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_seq_calc3/</guid>
<description></description>
</item>
<item>
<title>Forcing</title>
<link>/theories/forcing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/forcing/</guid>
<description></description>
</item>
<item>
<title>Formal_Puiseux_Series</title>
<link>/theories/formal_puiseux_series/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/formal_puiseux_series/</guid>
<description></description>
</item>
<item>
<title>Formal_SSA</title>
<link>/theories/formal_ssa/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/formal_ssa/</guid>
<description></description>
</item>
<item>
<title>Formula_Derivatives</title>
<link>/theories/formula_derivatives/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/formula_derivatives/</guid>
<description></description>
</item>
<item>
<title>Formula_Derivatives-Examples</title>
<link>/theories/formula_derivatives-examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/formula_derivatives-examples/</guid>
<description></description>
</item>
<item>
<title>Foundation_of_geometry</title>
<link>/theories/foundation_of_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/foundation_of_geometry/</guid>
<description></description>
</item>
<item>
<title>Fourier</title>
<link>/theories/fourier/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fourier/</guid>
<description></description>
</item>
<item>
<title>Free-Boolean-Algebra</title>
<link>/theories/free-boolean-algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/free-boolean-algebra/</guid>
<description></description>
</item>
<item>
<title>Free-Groups</title>
<link>/theories/free-groups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/free-groups/</guid>
<description></description>
</item>
<item>
<title>Frequency_Moments</title>
<link>/theories/frequency_moments/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/frequency_moments/</guid>
<description></description>
</item>
<item>
<title>Fresh_Identifiers</title>
<link>/theories/fresh_identifiers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fresh_identifiers/</guid>
<description></description>
</item>
<item>
<title>FSM_Tests</title>
<link>/theories/fsm_tests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fsm_tests/</guid>
<description></description>
</item>
<item>
<title>Functional-Automata</title>
<link>/theories/functional-automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/functional-automata/</guid>
<description></description>
</item>
<item>
<title>Functional_Ordered_Resolution_Prover</title>
<link>/theories/functional_ordered_resolution_prover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/functional_ordered_resolution_prover/</guid>
<description></description>
</item>
<item>
<title>FunWithFunctions</title>
<link>/theories/funwithfunctions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/funwithfunctions/</guid>
<description></description>
</item>
<item>
<title>FunWithTilings</title>
<link>/theories/funwithtilings/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/funwithtilings/</guid>
<description></description>
</item>
<item>
<title>Furstenberg_Topology</title>
<link>/theories/furstenberg_topology/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/furstenberg_topology/</guid>
<description></description>
</item>
<item>
<title>Gabow_SCC</title>
<link>/theories/gabow_scc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gabow_scc/</guid>
<description></description>
</item>
<item>
<title>Gale_Shapley</title>
<link>/theories/gale_shapley/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gale_shapley/</guid>
<description></description>
</item>
<item>
<title>GaleStewart_Games</title>
<link>/theories/galestewart_games/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/galestewart_games/</guid>
<description></description>
</item>
<item>
<title>Game_Based_Crypto</title>
<link>/theories/game_based_crypto/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/game_based_crypto/</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan-Elim-Fun</title>
<link>/theories/gauss-jordan-elim-fun/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gauss-jordan-elim-fun/</guid>
<description></description>
</item>
<item>
<title>Gauss_Jordan</title>
<link>/theories/gauss_jordan/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gauss_jordan/</guid>
<description></description>
</item>
<item>
<title>Gauss_Sums</title>
<link>/theories/gauss_sums/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gauss_sums/</guid>
<description></description>
</item>
<item>
<title>Gaussian_Integers</title>
<link>/theories/gaussian_integers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gaussian_integers/</guid>
<description></description>
</item>
<item>
<title>GenClock</title>
<link>/theories/genclock/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/genclock/</guid>
<description></description>
</item>
<item>
<title>General-Triangle</title>
<link>/theories/general-triangle/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/general-triangle/</guid>
<description></description>
</item>
<item>
<title>Generalized_Counting_Sort</title>
<link>/theories/generalized_counting_sort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/generalized_counting_sort/</guid>
<description></description>
</item>
<item>
<title>Generic_Deriving</title>
<link>/theories/generic_deriving/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/generic_deriving/</guid>
<description></description>
</item>
<item>
<title>Generic_Join</title>
<link>/theories/generic_join/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/generic_join/</guid>
<description></description>
</item>
<item>
<title>GewirthPGCProof</title>
<link>/theories/gewirthpgcproof/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gewirthpgcproof/</guid>
<description></description>
</item>
<item>
<title>Girth_Chromatic</title>
<link>/theories/girth_chromatic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/girth_chromatic/</guid>
<description></description>
</item>
<item>
<title>Goedel_HFSet_Semantic</title>
<link>/theories/goedel_hfset_semantic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goedel_hfset_semantic/</guid>
<description></description>
</item>
<item>
<title>Goedel_HFSet_Semanticless</title>
<link>/theories/goedel_hfset_semanticless/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goedel_hfset_semanticless/</guid>
<description></description>
</item>
<item>
<title>Goedel_Incompleteness</title>
<link>/theories/goedel_incompleteness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goedel_incompleteness/</guid>
<description></description>
</item>
<item>
<title>GoedelGod</title>
<link>/theories/goedelgod/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goedelgod/</guid>
<description></description>
</item>
<item>
<title>Goodstein_Lambda</title>
<link>/theories/goodstein_lambda/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goodstein_lambda/</guid>
<description></description>
</item>
<item>
<title>GPU_Kernel_PL</title>
<link>/theories/gpu_kernel_pl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gpu_kernel_pl/</guid>
<description></description>
</item>
<item>
<title>Graph_Saturation</title>
<link>/theories/graph_saturation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/graph_saturation/</guid>
<description></description>
</item>
<item>
<title>Graph_Theory</title>
<link>/theories/graph_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/graph_theory/</guid>
<description></description>
</item>
<item>
<title>GraphMarkingIBP</title>
<link>/theories/graphmarkingibp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/graphmarkingibp/</guid>
<description></description>
</item>
<item>
<title>Green</title>
<link>/theories/green/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/green/</guid>
<description></description>
</item>
<item>
<title>Groebner_Bases</title>
<link>/theories/groebner_bases/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/groebner_bases/</guid>
<description></description>
</item>
<item>
<title>Groebner_Macaulay</title>
<link>/theories/groebner_macaulay/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/groebner_macaulay/</guid>
<description></description>
</item>
<item>
<title>Gromov_Hyperbolicity</title>
<link>/theories/gromov_hyperbolicity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gromov_hyperbolicity/</guid>
<description></description>
</item>
<item>
<title>Grothendieck_Schemes</title>
<link>/theories/grothendieck_schemes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/grothendieck_schemes/</guid>
<description></description>
</item>
<item>
<title>Group-Ring-Module</title>
<link>/theories/group-ring-module/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/group-ring-module/</guid>
<description></description>
</item>
<item>
<title>Hahn_Jordan_Decomposition</title>
<link>/theories/hahn_jordan_decomposition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hahn_jordan_decomposition/</guid>
<description></description>
</item>
<item>
<title>Hales_Jewett</title>
<link>/theories/hales_jewett/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hales_jewett/</guid>
<description></description>
</item>
<item>
<title>Heard_Of</title>
<link>/theories/heard_of/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/heard_of/</guid>
<description></description>
</item>
<item>
<title>Hello_World</title>
<link>/theories/hello_world/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hello_world/</guid>
<description></description>
</item>
<item>
<title>Help</title>
<link>/help/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/help/</guid>
<description>This section focuses on the Archive of Formal Proofs. For help with Isabelle, see the Isabelle Documentation. More resources are listed in the Isabelle Quick Access Links.
Referring to AFP Entries in Isabelle/JEdit Once you have downloaded the AFP, you can include its articles and theories in your own developments. If you would like to make your work available to others without having to include the AFP articles you depend on, here is how to do it.</description>
</item>
<item>
<title>HereditarilyFinite</title>
<link>/theories/hereditarilyfinite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hereditarilyfinite/</guid>
<description></description>
</item>
<item>
<title>Hermite</title>
<link>/theories/hermite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hermite/</guid>
<description></description>
</item>
<item>
<title>Hermite_Lindemann</title>
<link>/theories/hermite_lindemann/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hermite_lindemann/</guid>
<description></description>
</item>
<item>
<title>Hidden_Markov_Models</title>
<link>/theories/hidden_markov_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hidden_markov_models/</guid>
<description></description>
</item>
<item>
<title>Higher_Order_Terms</title>
<link>/theories/higher_order_terms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/higher_order_terms/</guid>
<description></description>
</item>
<item>
<title>Hoare_Time</title>
<link>/theories/hoare_time/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hoare_time/</guid>
<description></description>
</item>
<item>
<title>HOL-CSP</title>
<link>/theories/hol-csp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hol-csp/</guid>
<description></description>
</item>
<item>
<title>HOL-ODE-ARCH-COMP</title>
<link>/theories/hol-ode-arch-comp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hol-ode-arch-comp/</guid>
<description></description>
</item>
<item>
<title>HOL-ODE-Examples</title>
<link>/theories/hol-ode-examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hol-ode-examples/</guid>
<description></description>
</item>
<item>
<title>HOL-ODE-Numerics</title>
<link>/theories/hol-ode-numerics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hol-ode-numerics/</guid>
<description></description>
</item>
<item>
<title>HOLCF-Prelude</title>
<link>/theories/holcf-prelude/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/holcf-prelude/</guid>
<description></description>
</item>
<item>
<title>Hood_Melville_Queue</title>
<link>/theories/hood_melville_queue/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hood_melville_queue/</guid>
<description></description>
</item>
<item>
<title>HotelKeyCards</title>
<link>/theories/hotelkeycards/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hotelkeycards/</guid>
<description></description>
</item>
<item>
<title>HRB-Slicing</title>
<link>/theories/hrb-slicing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hrb-slicing/</guid>
<description></description>
</item>
<item>
<title>Huffman</title>
<link>/theories/huffman/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/huffman/</guid>
<description></description>
</item>
<item>
<title>Hybrid_Logic</title>
<link>/theories/hybrid_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hybrid_logic/</guid>
<description></description>
</item>
<item>
<title>Hybrid_Multi_Lane_Spatial_Logic</title>
<link>/theories/hybrid_multi_lane_spatial_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hybrid_multi_lane_spatial_logic/</guid>
<description></description>
</item>
<item>
<title>Hybrid_Systems_VCs</title>
<link>/theories/hybrid_systems_vcs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hybrid_systems_vcs/</guid>
<description></description>
</item>
<item>
<title>HyperCTL</title>
<link>/theories/hyperctl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hyperctl/</guid>
<description></description>
</item>
<item>
<title>Hyperdual</title>
<link>/theories/hyperdual/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hyperdual/</guid>
<description></description>
</item>
<item>
<title>IEEE_Floating_Point</title>
<link>/theories/ieee_floating_point/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ieee_floating_point/</guid>
<description></description>
</item>
<item>
<title>IFC_Tracking</title>
<link>/theories/ifc_tracking/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ifc_tracking/</guid>
<description></description>
</item>
<item>
<title>IMAP-CRDT</title>
<link>/theories/imap-crdt/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imap-crdt/</guid>
<description></description>
</item>
<item>
<title>IMO2019</title>
<link>/theories/imo2019/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imo2019/</guid>
<description></description>
</item>
<item>
<title>IMP2</title>
<link>/theories/imp2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imp2/</guid>
<description></description>
</item>
<item>
<title>IMP2_Binary_Heap</title>
<link>/theories/imp2_binary_heap/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imp2_binary_heap/</guid>
<description></description>
</item>
<item>
<title>IMP_Compiler</title>
<link>/theories/imp_compiler/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imp_compiler/</guid>
<description></description>
</item>
<item>
<title>IMP_Compiler_Reuse</title>
<link>/theories/imp_compiler_reuse/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imp_compiler_reuse/</guid>
<description></description>
</item>
<item>
<title>Imperative_Insertion_Sort</title>
<link>/theories/imperative_insertion_sort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imperative_insertion_sort/</guid>
<description></description>
</item>
<item>
+ <title>Implicational_Logic</title>
+ <link>/theories/implicational_logic/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>/theories/implicational_logic/</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Impossible_Geometry</title>
<link>/theories/impossible_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/impossible_geometry/</guid>
<description></description>
</item>
<item>
<title>Incompleteness</title>
<link>/theories/incompleteness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/incompleteness/</guid>
<description></description>
</item>
<item>
<title>Incredible_Proof_Machine</title>
<link>/theories/incredible_proof_machine/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/incredible_proof_machine/</guid>
<description></description>
</item>
<item>
<title>Independence_CH</title>
<link>/theories/independence_ch/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/independence_ch/</guid>
<description></description>
</item>
<item>
<title>Inductive_Confidentiality</title>
<link>/theories/inductive_confidentiality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/inductive_confidentiality/</guid>
<description></description>
</item>
<item>
<title>Inductive_Inference</title>
<link>/theories/inductive_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/inductive_inference/</guid>
<description></description>
</item>
<item>
<title>InformationFlowSlicing</title>
<link>/theories/informationflowslicing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/informationflowslicing/</guid>
<description></description>
</item>
<item>
<title>InformationFlowSlicing_Inter</title>
<link>/theories/informationflowslicing_inter/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/informationflowslicing_inter/</guid>
<description></description>
</item>
<item>
<title>InfPathElimination</title>
<link>/theories/infpathelimination/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/infpathelimination/</guid>
<description></description>
</item>
<item>
<title>Integration</title>
<link>/theories/integration/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/integration/</guid>
<description></description>
</item>
<item>
<title>Interpolation_Polynomials_HOL_Algebra</title>
<link>/theories/interpolation_polynomials_hol_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/interpolation_polynomials_hol_algebra/</guid>
<description></description>
</item>
<item>
<title>Interpreter_Optimizations</title>
<link>/theories/interpreter_optimizations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/interpreter_optimizations/</guid>
<description></description>
</item>
<item>
<title>Interval_Arithmetic_Word32</title>
<link>/theories/interval_arithmetic_word32/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/interval_arithmetic_word32/</guid>
<description></description>
</item>
<item>
<title>Intro_Dest_Elim</title>
<link>/theories/intro_dest_elim/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/intro_dest_elim/</guid>
<description></description>
</item>
<item>
<title>Involutions2Squares</title>
<link>/theories/involutions2squares/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/involutions2squares/</guid>
<description></description>
</item>
<item>
<title>IP_Addresses</title>
<link>/theories/ip_addresses/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ip_addresses/</guid>
<description></description>
</item>
<item>
<title>Iptables_Semantics</title>
<link>/theories/iptables_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/iptables_semantics/</guid>
<description></description>
</item>
<item>
<title>Iptables_Semantics_Examples</title>
<link>/theories/iptables_semantics_examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/iptables_semantics_examples/</guid>
<description></description>
</item>
<item>
<title>Iptables_Semantics_Examples_Big</title>
<link>/theories/iptables_semantics_examples_big/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/iptables_semantics_examples_big/</guid>
<description></description>
</item>
<item>
<title>Irrational_Series_Erdos_Straus</title>
<link>/theories/irrational_series_erdos_straus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/irrational_series_erdos_straus/</guid>
<description></description>
</item>
<item>
<title>Irrationality_J_Hancl</title>
<link>/theories/irrationality_j_hancl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/irrationality_j_hancl/</guid>
<description></description>
</item>
<item>
<title>Irrationals_From_THEBOOK</title>
<link>/theories/irrationals_from_thebook/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/irrationals_from_thebook/</guid>
<description></description>
</item>
<item>
<title>Isabelle_C</title>
<link>/theories/isabelle_c/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isabelle_c/</guid>
<description></description>
</item>
<item>
<title>Isabelle_Marries_Dirac</title>
<link>/theories/isabelle_marries_dirac/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isabelle_marries_dirac/</guid>
<description></description>
</item>
<item>
<title>Isabelle_Meta_Model</title>
<link>/theories/isabelle_meta_model/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isabelle_meta_model/</guid>
<description></description>
</item>
<item>
<title>IsaGeoCoq</title>
<link>/theories/isageocoq/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isageocoq/</guid>
<description></description>
</item>
<item>
<title>IsaNet</title>
<link>/theories/isanet/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isanet/</guid>
<description></description>
</item>
<item>
<title>Jacobson_Basic_Algebra</title>
<link>/theories/jacobson_basic_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jacobson_basic_algebra/</guid>
<description></description>
</item>
<item>
<title>Jinja</title>
<link>/theories/jinja/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jinja/</guid>
<description></description>
</item>
<item>
<title>JinjaDCI</title>
<link>/theories/jinjadci/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jinjadci/</guid>
<description></description>
</item>
<item>
<title>JinjaThreads</title>
<link>/theories/jinjathreads/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jinjathreads/</guid>
<description></description>
</item>
<item>
<title>JiveDataStoreModel</title>
<link>/theories/jivedatastoremodel/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jivedatastoremodel/</guid>
<description></description>
</item>
<item>
<title>Jordan_Hoelder</title>
<link>/theories/jordan_hoelder/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jordan_hoelder/</guid>
<description></description>
</item>
<item>
<title>Jordan_Normal_Form</title>
<link>/theories/jordan_normal_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jordan_normal_form/</guid>
<description></description>
</item>
<item>
<title>KAD</title>
<link>/theories/kad/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kad/</guid>
<description></description>
</item>
<item>
<title>KAT_and_DRA</title>
<link>/theories/kat_and_dra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kat_and_dra/</guid>
<description></description>
</item>
<item>
<title>KBPs</title>
<link>/theories/kbps/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kbps/</guid>
<description></description>
</item>
<item>
<title>KD_Tree</title>
<link>/theories/kd_tree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kd_tree/</guid>
<description></description>
</item>
<item>
<title>Key_Agreement_Strong_Adversaries</title>
<link>/theories/key_agreement_strong_adversaries/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/key_agreement_strong_adversaries/</guid>
<description></description>
</item>
<item>
<title>Khovanskii_Theorem</title>
<link>/theories/khovanskii_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/khovanskii_theorem/</guid>
<description></description>
</item>
<item>
<title>Kleene_Algebra</title>
<link>/theories/kleene_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kleene_algebra/</guid>
<description></description>
</item>
<item>
<title>Knights_Tour</title>
<link>/theories/knights_tour/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/knights_tour/</guid>
<description></description>
</item>
<item>
<title>Knot_Theory</title>
<link>/theories/knot_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/knot_theory/</guid>
<description></description>
</item>
<item>
<title>Knuth_Bendix_Order</title>
<link>/theories/knuth_bendix_order/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/knuth_bendix_order/</guid>
<description></description>
</item>
<item>
<title>Knuth_Morris_Pratt</title>
<link>/theories/knuth_morris_pratt/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/knuth_morris_pratt/</guid>
<description></description>
</item>
<item>
<title>Koenigsberg_Friendship</title>
<link>/theories/koenigsberg_friendship/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/koenigsberg_friendship/</guid>
<description></description>
</item>
<item>
<title>Kruskal</title>
<link>/theories/kruskal/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kruskal/</guid>
<description></description>
</item>
<item>
<title>Kuratowski_Closure_Complement</title>
<link>/theories/kuratowski_closure_complement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kuratowski_closure_complement/</guid>
<description></description>
</item>
<item>
<title>Lam-ml-Normalization</title>
<link>/theories/lam-ml-normalization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lam-ml-normalization/</guid>
<description></description>
</item>
<item>
<title>Lambda_Free_EPO</title>
<link>/theories/lambda_free_epo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambda_free_epo/</guid>
<description></description>
</item>
<item>
<title>Lambda_Free_KBOs</title>
<link>/theories/lambda_free_kbos/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambda_free_kbos/</guid>
<description></description>
</item>
<item>
<title>Lambda_Free_RPOs</title>
<link>/theories/lambda_free_rpos/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambda_free_rpos/</guid>
<description></description>
</item>
<item>
<title>LambdaAuth</title>
<link>/theories/lambdaauth/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambdaauth/</guid>
<description></description>
</item>
<item>
<title>LambdaMu</title>
<link>/theories/lambdamu/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambdamu/</guid>
<description></description>
</item>
<item>
<title>Lambert_W</title>
<link>/theories/lambert_w/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambert_w/</guid>
<description></description>
</item>
<item>
<title>Landau_Symbols</title>
<link>/theories/landau_symbols/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/landau_symbols/</guid>
<description></description>
</item>
<item>
<title>Laplace_Transform</title>
<link>/theories/laplace_transform/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/laplace_transform/</guid>
<description></description>
</item>
<item>
<title>Latin_Square</title>
<link>/theories/latin_square/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/latin_square/</guid>
<description></description>
</item>
<item>
<title>LatticeProperties</title>
<link>/theories/latticeproperties/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/latticeproperties/</guid>
<description></description>
</item>
<item>
<title>Launchbury</title>
<link>/theories/launchbury/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/launchbury/</guid>
<description></description>
</item>
<item>
<title>Laws_of_Large_Numbers</title>
<link>/theories/laws_of_large_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/laws_of_large_numbers/</guid>
<description></description>
</item>
<item>
<title>Lazy-Lists-II</title>
<link>/theories/lazy-lists-ii/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lazy-lists-ii/</guid>
<description></description>
</item>
<item>
<title>Lazy_Case</title>
<link>/theories/lazy_case/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lazy_case/</guid>
<description></description>
</item>
<item>
<title>Lehmer</title>
<link>/theories/lehmer/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lehmer/</guid>
<description></description>
</item>
<item>
<title>LEM</title>
<link>/theories/lem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lem/</guid>
<description></description>
</item>
<item>
<title>Lifting_Definition_Option</title>
<link>/theories/lifting_definition_option/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lifting_definition_option/</guid>
<description></description>
</item>
<item>
<title>Lifting_the_Exponent</title>
<link>/theories/lifting_the_exponent/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lifting_the_exponent/</guid>
<description></description>
</item>
<item>
<title>LightweightJava</title>
<link>/theories/lightweightjava/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lightweightjava/</guid>
<description></description>
</item>
<item>
<title>Linear_Inequalities</title>
<link>/theories/linear_inequalities/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linear_inequalities/</guid>
<description></description>
</item>
<item>
<title>Linear_Programming</title>
<link>/theories/linear_programming/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linear_programming/</guid>
<description></description>
</item>
<item>
<title>Linear_Recurrences</title>
<link>/theories/linear_recurrences/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linear_recurrences/</guid>
<description></description>
</item>
<item>
<title>Linear_Recurrences_Solver</title>
<link>/theories/linear_recurrences_solver/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linear_recurrences_solver/</guid>
<description></description>
</item>
<item>
<title>LinearQuantifierElim</title>
<link>/theories/linearquantifierelim/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linearquantifierelim/</guid>
<description></description>
</item>
<item>
<title>Liouville_Numbers</title>
<link>/theories/liouville_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/liouville_numbers/</guid>
<description></description>
</item>
<item>
<title>List-Index</title>
<link>/theories/list-index/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list-index/</guid>
<description></description>
</item>
<item>
<title>List-Infinite</title>
<link>/theories/list-infinite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list-infinite/</guid>
<description></description>
</item>
<item>
<title>List_Interleaving</title>
<link>/theories/list_interleaving/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list_interleaving/</guid>
<description></description>
</item>
<item>
<title>List_Inversions</title>
<link>/theories/list_inversions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list_inversions/</guid>
<description></description>
</item>
<item>
<title>List_Update</title>
<link>/theories/list_update/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list_update/</guid>
<description></description>
</item>
<item>
<title>LLL_Basis_Reduction</title>
<link>/theories/lll_basis_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lll_basis_reduction/</guid>
<description></description>
</item>
<item>
<title>LLL_Factorization</title>
<link>/theories/lll_factorization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lll_factorization/</guid>
<description></description>
</item>
<item>
<title>Localization_Ring</title>
<link>/theories/localization_ring/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/localization_ring/</guid>
<description></description>
</item>
<item>
<title>LocalLexing</title>
<link>/theories/locallexing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/locallexing/</guid>
<description></description>
</item>
<item>
<title>Locally-Nameless-Sigma</title>
<link>/theories/locally-nameless-sigma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/locally-nameless-sigma/</guid>
<description></description>
</item>
<item>
<title>LOFT</title>
<link>/theories/loft/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/loft/</guid>
<description></description>
</item>
<item>
<title>Logging_Independent_Anonymity</title>
<link>/theories/logging_independent_anonymity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/logging_independent_anonymity/</guid>
<description></description>
</item>
<item>
<title>Lorenz_Approximation</title>
<link>/theories/lorenz_approximation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lorenz_approximation/</guid>
<description></description>
</item>
<item>
<title>Lorenz_C0</title>
<link>/theories/lorenz_c0/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lorenz_c0/</guid>
<description></description>
</item>
<item>
<title>Lorenz_C1</title>
<link>/theories/lorenz_c1/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lorenz_c1/</guid>
<description></description>
</item>
<item>
<title>Lowe_Ontological_Argument</title>
<link>/theories/lowe_ontological_argument/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lowe_ontological_argument/</guid>
<description></description>
</item>
<item>
<title>Lower_Semicontinuous</title>
<link>/theories/lower_semicontinuous/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lower_semicontinuous/</guid>
<description></description>
</item>
<item>
<title>Lp</title>
<link>/theories/lp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lp/</guid>
<description></description>
</item>
<item>
<title>LP_Duality</title>
<link>/theories/lp_duality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lp_duality/</guid>
<description></description>
</item>
<item>
<title>LTL</title>
<link>/theories/ltl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl/</guid>
<description></description>
</item>
<item>
<title>LTL_Master_Theorem</title>
<link>/theories/ltl_master_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl_master_theorem/</guid>
<description></description>
</item>
<item>
<title>LTL_Normal_Form</title>
<link>/theories/ltl_normal_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl_normal_form/</guid>
<description></description>
</item>
<item>
<title>LTL_to_DRA</title>
<link>/theories/ltl_to_dra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl_to_dra/</guid>
<description></description>
</item>
<item>
<title>LTL_to_GBA</title>
<link>/theories/ltl_to_gba/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl_to_gba/</guid>
<description></description>
</item>
<item>
<title>Lucas_Theorem</title>
<link>/theories/lucas_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lucas_theorem/</guid>
<description></description>
</item>
<item>
<title>Markov_Models</title>
<link>/theories/markov_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/markov_models/</guid>
<description></description>
</item>
<item>
<title>Marriage</title>
<link>/theories/marriage/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/marriage/</guid>
<description></description>
</item>
<item>
<title>Mason_Stothers</title>
<link>/theories/mason_stothers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mason_stothers/</guid>
<description></description>
</item>
<item>
<title>Matrices_for_ODEs</title>
<link>/theories/matrices_for_odes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/matrices_for_odes/</guid>
<description></description>
</item>
<item>
<title>Matrix</title>
<link>/theories/matrix/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/matrix/</guid>
<description></description>
</item>
<item>
<title>Matrix_Tensor</title>
<link>/theories/matrix_tensor/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/matrix_tensor/</guid>
<description></description>
</item>
<item>
<title>Matroids</title>
<link>/theories/matroids/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/matroids/</guid>
<description></description>
</item>
<item>
<title>Max-Card-Matching</title>
<link>/theories/max-card-matching/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/max-card-matching/</guid>
<description></description>
</item>
<item>
<title>MDP-Algorithms</title>
<link>/theories/mdp-algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mdp-algorithms/</guid>
<description></description>
</item>
<item>
<title>MDP-Rewards</title>
<link>/theories/mdp-rewards/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mdp-rewards/</guid>
<description></description>
</item>
<item>
<title>Median_Method</title>
<link>/theories/median_method/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/median_method/</guid>
<description></description>
</item>
<item>
<title>Median_Of_Medians_Selection</title>
<link>/theories/median_of_medians_selection/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/median_of_medians_selection/</guid>
<description></description>
</item>
<item>
<title>Menger</title>
<link>/theories/menger/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/menger/</guid>
<description></description>
</item>
<item>
<title>Mereology</title>
<link>/theories/mereology/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mereology/</guid>
<description></description>
</item>
<item>
<title>Mersenne_Primes</title>
<link>/theories/mersenne_primes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mersenne_primes/</guid>
<description></description>
</item>
<item>
<title>Metalogic_ProofChecker</title>
<link>/theories/metalogic_proofchecker/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/metalogic_proofchecker/</guid>
<description></description>
</item>
<item>
<title>MFMC_Countable</title>
<link>/theories/mfmc_countable/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mfmc_countable/</guid>
<description></description>
</item>
<item>
<title>MFODL_Monitor_Optimized</title>
<link>/theories/mfodl_monitor_optimized/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mfodl_monitor_optimized/</guid>
<description></description>
</item>
<item>
<title>MFOTL_Monitor</title>
<link>/theories/mfotl_monitor/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mfotl_monitor/</guid>
<description></description>
</item>
<item>
<title>Minimal_SSA</title>
<link>/theories/minimal_ssa/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/minimal_ssa/</guid>
<description></description>
</item>
<item>
<title>MiniML</title>
<link>/theories/miniml/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/miniml/</guid>
<description></description>
</item>
<item>
<title>MiniSail</title>
<link>/theories/minisail/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/minisail/</guid>
<description></description>
</item>
<item>
<title>Minkowskis_Theorem</title>
<link>/theories/minkowskis_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/minkowskis_theorem/</guid>
<description></description>
</item>
<item>
<title>Minsky_Machines</title>
<link>/theories/minsky_machines/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/minsky_machines/</guid>
<description></description>
</item>
<item>
<title>Modal_Logics_for_NTS</title>
<link>/theories/modal_logics_for_nts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/modal_logics_for_nts/</guid>
<description></description>
</item>
<item>
<title>Modular_arithmetic_LLL_and_HNF_algorithms</title>
<link>/theories/modular_arithmetic_lll_and_hnf_algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/modular_arithmetic_lll_and_hnf_algorithms/</guid>
<description></description>
</item>
<item>
<title>Modular_Assembly_Kit_Security</title>
<link>/theories/modular_assembly_kit_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/modular_assembly_kit_security/</guid>
<description></description>
</item>
<item>
<title>Monad_Memo_DP</title>
<link>/theories/monad_memo_dp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monad_memo_dp/</guid>
<description></description>
</item>
<item>
<title>Monad_Normalisation</title>
<link>/theories/monad_normalisation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monad_normalisation/</guid>
<description></description>
</item>
<item>
<title>MonoBoolTranAlgebra</title>
<link>/theories/monobooltranalgebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monobooltranalgebra/</guid>
<description></description>
</item>
<item>
<title>MonoidalCategory</title>
<link>/theories/monoidalcategory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monoidalcategory/</guid>
<description></description>
</item>
<item>
<title>Monomorphic_Monad</title>
<link>/theories/monomorphic_monad/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monomorphic_monad/</guid>
<description></description>
</item>
<item>
<title>MSO_Regex_Equivalence</title>
<link>/theories/mso_regex_equivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mso_regex_equivalence/</guid>
<description></description>
</item>
<item>
<title>MuchAdoAboutTwo</title>
<link>/theories/muchadoabouttwo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/muchadoabouttwo/</guid>
<description></description>
</item>
<item>
<title>Multi_Party_Computation</title>
<link>/theories/multi_party_computation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/multi_party_computation/</guid>
<description></description>
</item>
<item>
<title>Multirelations</title>
<link>/theories/multirelations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/multirelations/</guid>
<description></description>
</item>
<item>
<title>Multiset_Ordering_NPC</title>
<link>/theories/multiset_ordering_npc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/multiset_ordering_npc/</guid>
<description></description>
</item>
<item>
<title>Myhill-Nerode</title>
<link>/theories/myhill-nerode/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/myhill-nerode/</guid>
<description></description>
</item>
<item>
<title>Name_Carrying_Type_Inference</title>
<link>/theories/name_carrying_type_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/name_carrying_type_inference/</guid>
<description></description>
</item>
<item>
<title>Nano_JSON</title>
<link>/theories/nano_json/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nano_json/</guid>
<description></description>
</item>
<item>
<title>Nash_Williams</title>
<link>/theories/nash_williams/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nash_williams/</guid>
<description></description>
</item>
<item>
<title>Nat-Interval-Logic</title>
<link>/theories/nat-interval-logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nat-interval-logic/</guid>
<description></description>
</item>
<item>
<title>Native_Word</title>
<link>/theories/native_word/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/native_word/</guid>
<description></description>
</item>
<item>
<title>Nested_Multisets_Ordinals</title>
<link>/theories/nested_multisets_ordinals/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nested_multisets_ordinals/</guid>
<description></description>
</item>
<item>
<title>Network_Security_Policy_Verification</title>
<link>/theories/network_security_policy_verification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/network_security_policy_verification/</guid>
<description></description>
</item>
<item>
<title>Neumann_Morgenstern_Utility</title>
<link>/theories/neumann_morgenstern_utility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/neumann_morgenstern_utility/</guid>
<description></description>
</item>
<item>
<title>No_FTL_observers</title>
<link>/theories/no_ftl_observers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/no_ftl_observers/</guid>
<description></description>
</item>
<item>
<title>Nominal2</title>
<link>/theories/nominal2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nominal2/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Concurrent_Composition</title>
<link>/theories/noninterference_concurrent_composition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_concurrent_composition/</guid>
<description></description>
</item>
<item>
<title>Noninterference_CSP</title>
<link>/theories/noninterference_csp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_csp/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Generic_Unwinding</title>
<link>/theories/noninterference_generic_unwinding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_generic_unwinding/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Inductive_Unwinding</title>
<link>/theories/noninterference_inductive_unwinding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_inductive_unwinding/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Ipurge_Unwinding</title>
<link>/theories/noninterference_ipurge_unwinding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_ipurge_unwinding/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Sequential_Composition</title>
<link>/theories/noninterference_sequential_composition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_sequential_composition/</guid>
<description></description>
</item>
<item>
<title>NormByEval</title>
<link>/theories/normbyeval/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/normbyeval/</guid>
<description></description>
</item>
<item>
<title>Nullstellensatz</title>
<link>/theories/nullstellensatz/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nullstellensatz/</guid>
<description></description>
</item>
<item>
<title>Number_Theoretic_Transform</title>
<link>/theories/number_theoretic_transform/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/number_theoretic_transform/</guid>
<description></description>
</item>
<item>
<title>Octonions</title>
<link>/theories/octonions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/octonions/</guid>
<description></description>
</item>
<item>
<title>Old_Datatype_Show</title>
<link>/theories/old_datatype_show/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/old_datatype_show/</guid>
<description></description>
</item>
<item>
<title>Open_Induction</title>
<link>/theories/open_induction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/open_induction/</guid>
<description></description>
</item>
<item>
<title>OpSets</title>
<link>/theories/opsets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/opsets/</guid>
<description></description>
</item>
<item>
<title>Optics</title>
<link>/theories/optics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/optics/</guid>
<description></description>
</item>
<item>
<title>Optimal_BST</title>
<link>/theories/optimal_bst/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/optimal_bst/</guid>
<description></description>
</item>
<item>
<title>Orbit_Stabiliser</title>
<link>/theories/orbit_stabiliser/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/orbit_stabiliser/</guid>
<description></description>
</item>
<item>
<title>Order_Lattice_Props</title>
<link>/theories/order_lattice_props/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/order_lattice_props/</guid>
<description></description>
</item>
<item>
<title>Ordered_Resolution_Prover</title>
<link>/theories/ordered_resolution_prover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordered_resolution_prover/</guid>
<description></description>
</item>
<item>
<title>Ordinal</title>
<link>/theories/ordinal/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordinal/</guid>
<description></description>
</item>
<item>
<title>Ordinal_Partitions</title>
<link>/theories/ordinal_partitions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordinal_partitions/</guid>
<description></description>
</item>
<item>
<title>Ordinals_and_Cardinals</title>
<link>/theories/ordinals_and_cardinals/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordinals_and_cardinals/</guid>
<description></description>
</item>
<item>
<title>Ordinary_Differential_Equations</title>
<link>/theories/ordinary_differential_equations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordinary_differential_equations/</guid>
<description></description>
</item>
<item>
<title>PAC_Checker</title>
<link>/theories/pac_checker/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pac_checker/</guid>
<description></description>
</item>
<item>
<title>Package_logic</title>
<link>/theories/package_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/package_logic/</guid>
<description></description>
</item>
<item>
+ <title>Padic_Field</title>
+ <link>/theories/padic_field/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>/theories/padic_field/</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Padic_Ints</title>
<link>/theories/padic_ints/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/padic_ints/</guid>
<description></description>
</item>
<item>
<title>Pairing_Heap</title>
<link>/theories/pairing_heap/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pairing_heap/</guid>
<description></description>
</item>
<item>
<title>PAL</title>
<link>/theories/pal/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pal/</guid>
<description></description>
</item>
<item>
<title>Paraconsistency</title>
<link>/theories/paraconsistency/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/paraconsistency/</guid>
<description></description>
</item>
<item>
<title>Parity_Game</title>
<link>/theories/parity_game/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/parity_game/</guid>
<description></description>
</item>
<item>
<title>Partial_Function_MR</title>
<link>/theories/partial_function_mr/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/partial_function_mr/</guid>
<description></description>
</item>
<item>
<title>Partial_Order_Reduction</title>
<link>/theories/partial_order_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/partial_order_reduction/</guid>
<description></description>
</item>
<item>
<title>Password_Authentication_Protocol</title>
<link>/theories/password_authentication_protocol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/password_authentication_protocol/</guid>
<description></description>
</item>
<item>
<title>PCF</title>
<link>/theories/pcf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pcf/</guid>
<description></description>
</item>
<item>
<title>Pell</title>
<link>/theories/pell/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pell/</guid>
<description></description>
</item>
<item>
<title>Perfect-Number-Thm</title>
<link>/theories/perfect-number-thm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/perfect-number-thm/</guid>
<description></description>
</item>
<item>
<title>Perron_Frobenius</title>
<link>/theories/perron_frobenius/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/perron_frobenius/</guid>
<description></description>
</item>
<item>
<title>pGCL</title>
<link>/theories/pgcl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pgcl/</guid>
<description></description>
</item>
<item>
<title>Physical_Quantities</title>
<link>/theories/physical_quantities/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/physical_quantities/</guid>
<description></description>
</item>
<item>
<title>Pi_Calculus</title>
<link>/theories/pi_calculus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pi_calculus/</guid>
<description></description>
</item>
<item>
<title>Pi_Transcendental</title>
<link>/theories/pi_transcendental/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pi_transcendental/</guid>
<description></description>
</item>
<item>
<title>Planarity_Certificates</title>
<link>/theories/planarity_certificates/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/planarity_certificates/</guid>
<description></description>
</item>
<item>
<title>PLM</title>
<link>/theories/plm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/plm/</guid>
<description></description>
</item>
<item>
<title>Pluennecke_Ruzsa_Inequality</title>
<link>/theories/pluennecke_ruzsa_inequality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pluennecke_ruzsa_inequality/</guid>
<description></description>
</item>
<item>
<title>Poincare_Bendixson</title>
<link>/theories/poincare_bendixson/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/poincare_bendixson/</guid>
<description></description>
</item>
<item>
<title>Poincare_Disc</title>
<link>/theories/poincare_disc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/poincare_disc/</guid>
<description></description>
</item>
<item>
<title>Polynomial_Factorization</title>
<link>/theories/polynomial_factorization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/polynomial_factorization/</guid>
<description></description>
</item>
<item>
<title>Polynomial_Interpolation</title>
<link>/theories/polynomial_interpolation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/polynomial_interpolation/</guid>
<description></description>
</item>
<item>
<title>Polynomials</title>
<link>/theories/polynomials/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/polynomials/</guid>
<description></description>
</item>
<item>
<title>Pop_Refinement</title>
<link>/theories/pop_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pop_refinement/</guid>
<description></description>
</item>
<item>
<title>POPLmark-deBruijn</title>
<link>/theories/poplmark-debruijn/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/poplmark-debruijn/</guid>
<description></description>
</item>
<item>
<title>Posix-Lexing</title>
<link>/theories/posix-lexing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/posix-lexing/</guid>
<description></description>
</item>
<item>
<title>Possibilistic_Noninterference</title>
<link>/theories/possibilistic_noninterference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/possibilistic_noninterference/</guid>
<description></description>
</item>
<item>
<title>Power_Sum_Polynomials</title>
<link>/theories/power_sum_polynomials/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/power_sum_polynomials/</guid>
<description></description>
</item>
<item>
<title>Pratt_Certificate</title>
<link>/theories/pratt_certificate/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pratt_certificate/</guid>
<description></description>
</item>
<item>
<title>Prefix_Free_Code_Combinators</title>
<link>/theories/prefix_free_code_combinators/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prefix_free_code_combinators/</guid>
<description></description>
</item>
<item>
<title>Presburger-Automata</title>
<link>/theories/presburger-automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/presburger-automata/</guid>
<description></description>
</item>
<item>
<title>Prim_Dijkstra_Simple</title>
<link>/theories/prim_dijkstra_simple/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prim_dijkstra_simple/</guid>
<description></description>
</item>
<item>
<title>Prime_Distribution_Elementary</title>
<link>/theories/prime_distribution_elementary/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prime_distribution_elementary/</guid>
<description></description>
</item>
<item>
<title>Prime_Harmonic_Series</title>
<link>/theories/prime_harmonic_series/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prime_harmonic_series/</guid>
<description></description>
</item>
<item>
<title>Prime_Number_Theorem</title>
<link>/theories/prime_number_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prime_number_theorem/</guid>
<description></description>
</item>
<item>
<title>Priority_Queue_Braun</title>
<link>/theories/priority_queue_braun/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/priority_queue_braun/</guid>
<description></description>
</item>
<item>
<title>Priority_Search_Trees</title>
<link>/theories/priority_search_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/priority_search_trees/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_Noninterference</title>
<link>/theories/probabilistic_noninterference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_noninterference/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_Prime_Tests</title>
<link>/theories/probabilistic_prime_tests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_prime_tests/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_System_Zoo</title>
<link>/theories/probabilistic_system_zoo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_system_zoo/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_Timed_Automata</title>
<link>/theories/probabilistic_timed_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_timed_automata/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_While</title>
<link>/theories/probabilistic_while/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_while/</guid>
<description></description>
</item>
<item>
<title>Program-Conflict-Analysis</title>
<link>/theories/program-conflict-analysis/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/program-conflict-analysis/</guid>
<description></description>
</item>
<item>
<title>Progress_Tracking</title>
<link>/theories/progress_tracking/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/progress_tracking/</guid>
<description></description>
</item>
<item>
<title>Projective_Geometry</title>
<link>/theories/projective_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/projective_geometry/</guid>
<description></description>
</item>
<item>
<title>Projective_Measurements</title>
<link>/theories/projective_measurements/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/projective_measurements/</guid>
<description></description>
</item>
<item>
<title>Promela</title>
<link>/theories/promela/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/promela/</guid>
<description></description>
</item>
<item>
<title>Proof_Strategy_Language</title>
<link>/theories/proof_strategy_language/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/proof_strategy_language/</guid>
<description></description>
</item>
<item>
<title>Propositional_Proof_Systems</title>
<link>/theories/propositional_proof_systems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/propositional_proof_systems/</guid>
<description></description>
</item>
<item>
<title>PropResPI</title>
<link>/theories/proprespi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/proprespi/</guid>
<description></description>
</item>
<item>
<title>Prpu_Maxflow</title>
<link>/theories/prpu_maxflow/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prpu_maxflow/</guid>
<description></description>
</item>
<item>
<title>PSemigroupsConvolution</title>
<link>/theories/psemigroupsconvolution/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/psemigroupsconvolution/</guid>
<description></description>
</item>
<item>
<title>PseudoHoops</title>
<link>/theories/pseudohoops/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pseudohoops/</guid>
<description></description>
</item>
<item>
<title>Psi_Calculi</title>
<link>/theories/psi_calculi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/psi_calculi/</guid>
<description></description>
</item>
<item>
<title>Ptolemys_Theorem</title>
<link>/theories/ptolemys_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ptolemys_theorem/</guid>
<description></description>
</item>
<item>
<title>Public_Announcement_Logic</title>
<link>/theories/public_announcement_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/public_announcement_logic/</guid>
<description></description>
</item>
<item>
<title>QHLProver</title>
<link>/theories/qhlprover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/qhlprover/</guid>
<description></description>
</item>
<item>
<title>QR_Decomposition</title>
<link>/theories/qr_decomposition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/qr_decomposition/</guid>
<description></description>
</item>
<item>
<title>Quantales</title>
<link>/theories/quantales/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/quantales/</guid>
<description></description>
</item>
<item>
<title>Quasi_Borel_Spaces</title>
<link>/theories/quasi_borel_spaces/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/quasi_borel_spaces/</guid>
<description></description>
</item>
<item>
<title>Quaternions</title>
<link>/theories/quaternions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/quaternions/</guid>
<description></description>
</item>
<item>
<title>Quick_Sort_Cost</title>
<link>/theories/quick_sort_cost/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/quick_sort_cost/</guid>
<description></description>
</item>
<item>
<title>Ramsey-Infinite</title>
<link>/theories/ramsey-infinite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ramsey-infinite/</guid>
<description></description>
</item>
<item>
<title>Random_BSTs</title>
<link>/theories/random_bsts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/random_bsts/</guid>
<description></description>
</item>
<item>
<title>Random_Graph_Subgraph_Threshold</title>
<link>/theories/random_graph_subgraph_threshold/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/random_graph_subgraph_threshold/</guid>
<description></description>
</item>
<item>
<title>Randomised_BSTs</title>
<link>/theories/randomised_bsts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/randomised_bsts/</guid>
<description></description>
</item>
<item>
<title>Randomised_Social_Choice</title>
<link>/theories/randomised_social_choice/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/randomised_social_choice/</guid>
<description></description>
</item>
<item>
<title>Rank_Nullity_Theorem</title>
<link>/theories/rank_nullity_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rank_nullity_theorem/</guid>
<description></description>
</item>
<item>
<title>Real_Impl</title>
<link>/theories/real_impl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/real_impl/</guid>
<description></description>
</item>
<item>
<title>Real_Power</title>
<link>/theories/real_power/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/real_power/</guid>
<description></description>
</item>
<item>
<title>Real_Time_Deque</title>
<link>/theories/real_time_deque/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/real_time_deque/</guid>
<description></description>
</item>
<item>
<title>Recursion-Addition</title>
<link>/theories/recursion-addition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/recursion-addition/</guid>
<description></description>
</item>
<item>
<title>Recursion-Theory-I</title>
<link>/theories/recursion-theory-i/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/recursion-theory-i/</guid>
<description></description>
</item>
<item>
<title>Refine_Imperative_HOL</title>
<link>/theories/refine_imperative_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/refine_imperative_hol/</guid>
<description></description>
</item>
<item>
<title>Refine_Monadic</title>
<link>/theories/refine_monadic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/refine_monadic/</guid>
<description></description>
</item>
<item>
<title>RefinementReactive</title>
<link>/theories/refinementreactive/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/refinementreactive/</guid>
<description></description>
</item>
<item>
<title>Regex_Equivalence</title>
<link>/theories/regex_equivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regex_equivalence/</guid>
<description></description>
</item>
<item>
<title>Registers</title>
<link>/theories/registers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/registers/</guid>
<description></description>
</item>
<item>
<title>Regression_Test_Selection</title>
<link>/theories/regression_test_selection/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regression_test_selection/</guid>
<description></description>
</item>
<item>
<title>Regular-Sets</title>
<link>/theories/regular-sets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regular-sets/</guid>
<description></description>
</item>
<item>
<title>Regular_Algebras</title>
<link>/theories/regular_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regular_algebras/</guid>
<description></description>
</item>
<item>
<title>Regular_Tree_Relations</title>
<link>/theories/regular_tree_relations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regular_tree_relations/</guid>
<description></description>
</item>
<item>
<title>Relation_Algebra</title>
<link>/theories/relation_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relation_algebra/</guid>
<description></description>
</item>
<item>
<title>Relational-Incorrectness-Logic</title>
<link>/theories/relational-incorrectness-logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational-incorrectness-logic/</guid>
<description></description>
</item>
<item>
<title>Relational_Disjoint_Set_Forests</title>
<link>/theories/relational_disjoint_set_forests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_disjoint_set_forests/</guid>
<description></description>
</item>
<item>
<title>Relational_Forests</title>
<link>/theories/relational_forests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_forests/</guid>
<description></description>
</item>
<item>
<title>Relational_Method</title>
<link>/theories/relational_method/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_method/</guid>
<description></description>
</item>
<item>
<title>Relational_Minimum_Spanning_Trees</title>
<link>/theories/relational_minimum_spanning_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_minimum_spanning_trees/</guid>
<description></description>
</item>
<item>
<title>Relational_Paths</title>
<link>/theories/relational_paths/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_paths/</guid>
<description></description>
</item>
<item>
<title>Rep_Fin_Groups</title>
<link>/theories/rep_fin_groups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rep_fin_groups/</guid>
<description></description>
</item>
<item>
<title>Residuated_Lattices</title>
<link>/theories/residuated_lattices/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/residuated_lattices/</guid>
<description></description>
</item>
<item>
<title>ResiduatedTransitionSystem</title>
<link>/theories/residuatedtransitionsystem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/residuatedtransitionsystem/</guid>
<description></description>
</item>
<item>
<title>Resolution_FOL</title>
<link>/theories/resolution_fol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/resolution_fol/</guid>
<description></description>
</item>
<item>
<title>Rewrite_Properties_Reduction</title>
<link>/theories/rewrite_properties_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rewrite_properties_reduction/</guid>
<description></description>
</item>
<item>
<title>Rewriting_Z</title>
<link>/theories/rewriting_z/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rewriting_z/</guid>
<description></description>
</item>
<item>
<title>Ribbon_Proofs</title>
<link>/theories/ribbon_proofs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ribbon_proofs/</guid>
<description></description>
</item>
<item>
<title>RIPEMD-160-SPARK</title>
<link>/theories/ripemd-160-spark/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ripemd-160-spark/</guid>
<description></description>
</item>
<item>
+ <title>Risk_Free_Lending</title>
+ <link>/theories/risk_free_lending/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>/theories/risk_free_lending/</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Robbins-Conjecture</title>
<link>/theories/robbins-conjecture/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/robbins-conjecture/</guid>
<description></description>
</item>
<item>
<title>ROBDD</title>
<link>/theories/robdd/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/robdd/</guid>
<description></description>
</item>
<item>
<title>Robinson_Arithmetic</title>
<link>/theories/robinson_arithmetic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/robinson_arithmetic/</guid>
<description></description>
</item>
<item>
<title>Root_Balanced_Tree</title>
<link>/theories/root_balanced_tree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/root_balanced_tree/</guid>
<description></description>
</item>
<item>
<title>Roth_Arithmetic_Progressions</title>
<link>/theories/roth_arithmetic_progressions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/roth_arithmetic_progressions/</guid>
<description></description>
</item>
<item>
<title>Routing</title>
<link>/theories/routing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/routing/</guid>
<description></description>
</item>
<item>
<title>Roy_Floyd_Warshall</title>
<link>/theories/roy_floyd_warshall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/roy_floyd_warshall/</guid>
<description></description>
</item>
<item>
<title>RSAPSS</title>
<link>/theories/rsapss/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rsapss/</guid>
<description></description>
</item>
<item>
<title>Safe_Distance</title>
<link>/theories/safe_distance/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/safe_distance/</guid>
<description></description>
</item>
<item>
<title>Safe_OCL</title>
<link>/theories/safe_ocl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/safe_ocl/</guid>
<description></description>
</item>
<item>
<title>SATSolverVerification</title>
<link>/theories/satsolververification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/satsolververification/</guid>
<description></description>
</item>
<item>
<title>Saturation_Framework</title>
<link>/theories/saturation_framework/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/saturation_framework/</guid>
<description></description>
</item>
<item>
<title>Saturation_Framework_Extensions</title>
<link>/theories/saturation_framework_extensions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/saturation_framework_extensions/</guid>
<description></description>
</item>
<item>
<title>SC_DOM_Components</title>
<link>/theories/sc_dom_components/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sc_dom_components/</guid>
<description></description>
</item>
<item>
+ <title>SCC_Bloemen_Sequential</title>
+ <link>/theories/scc_bloemen_sequential/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>/theories/scc_bloemen_sequential/</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Schutz_Spacetime</title>
<link>/theories/schutz_spacetime/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/schutz_spacetime/</guid>
<description></description>
</item>
<item>
<title>SDS_Impossibility</title>
<link>/theories/sds_impossibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sds_impossibility/</guid>
<description></description>
</item>
<item>
<title>Search the Archive</title>
<link>/search/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/search/</guid>
<description></description>
</item>
<item>
<title>Secondary_Sylow</title>
<link>/theories/secondary_sylow/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/secondary_sylow/</guid>
<description></description>
</item>
<item>
<title>Security_Protocol_Refinement</title>
<link>/theories/security_protocol_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/security_protocol_refinement/</guid>
<description></description>
</item>
<item>
<title>Selection_Heap_Sort</title>
<link>/theories/selection_heap_sort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/selection_heap_sort/</guid>
<description></description>
</item>
<item>
<title>SenSocialChoice</title>
<link>/theories/sensocialchoice/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sensocialchoice/</guid>
<description></description>
</item>
<item>
<title>Separata</title>
<link>/theories/separata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/separata/</guid>
<description></description>
</item>
<item>
<title>Separation_Algebra</title>
<link>/theories/separation_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/separation_algebra/</guid>
<description></description>
</item>
<item>
<title>Separation_Logic_Imperative_HOL</title>
<link>/theories/separation_logic_imperative_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/separation_logic_imperative_hol/</guid>
<description></description>
</item>
<item>
+ <title>Separation_Logic_Unbounded</title>
+ <link>/theories/separation_logic_unbounded/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>/theories/separation_logic_unbounded/</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Sepref_Basic</title>
<link>/theories/sepref_basic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sepref_basic/</guid>
<description></description>
</item>
<item>
<title>Sepref_IICF</title>
<link>/theories/sepref_iicf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sepref_iicf/</guid>
<description></description>
</item>
<item>
<title>Sepref_Prereq</title>
<link>/theories/sepref_prereq/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sepref_prereq/</guid>
<description></description>
</item>
<item>
<title>SequentInvertibility</title>
<link>/theories/sequentinvertibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sequentinvertibility/</guid>
<description></description>
</item>
<item>
<title>Shadow_DOM</title>
<link>/theories/shadow_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/shadow_dom/</guid>
<description></description>
</item>
<item>
<title>Shadow_SC_DOM</title>
<link>/theories/shadow_sc_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/shadow_sc_dom/</guid>
<description></description>
</item>
<item>
<title>Shivers-CFA</title>
<link>/theories/shivers-cfa/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/shivers-cfa/</guid>
<description></description>
</item>
<item>
<title>ShortestPath</title>
<link>/theories/shortestpath/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/shortestpath/</guid>
<description></description>
</item>
<item>
<title>Show</title>
<link>/theories/show/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/show/</guid>
<description></description>
</item>
<item>
<title>SIFPL</title>
<link>/theories/sifpl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sifpl/</guid>
<description></description>
</item>
<item>
<title>SIFUM_Type_Systems</title>
<link>/theories/sifum_type_systems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sifum_type_systems/</guid>
<description></description>
</item>
<item>
<title>Sigma_Commit_Crypto</title>
<link>/theories/sigma_commit_crypto/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sigma_commit_crypto/</guid>
<description></description>
</item>
<item>
<title>Signature_Groebner</title>
<link>/theories/signature_groebner/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/signature_groebner/</guid>
<description></description>
</item>
<item>
<title>Simpl</title>
<link>/theories/simpl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simpl/</guid>
<description></description>
</item>
<item>
<title>Simple_Firewall</title>
<link>/theories/simple_firewall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simple_firewall/</guid>
<description></description>
</item>
<item>
<title>Simplex</title>
<link>/theories/simplex/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simplex/</guid>
<description></description>
</item>
<item>
<title>Simplicial_complexes_and_boolean_functions</title>
<link>/theories/simplicial_complexes_and_boolean_functions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simplicial_complexes_and_boolean_functions/</guid>
<description></description>
</item>
<item>
<title>SimplifiedOntologicalArgument</title>
<link>/theories/simplifiedontologicalargument/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simplifiedontologicalargument/</guid>
<description></description>
</item>
<item>
<title>Skew_Heap</title>
<link>/theories/skew_heap/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/skew_heap/</guid>
<description></description>
</item>
<item>
<title>Skip_Lists</title>
<link>/theories/skip_lists/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/skip_lists/</guid>
<description></description>
</item>
<item>
<title>Slicing</title>
<link>/theories/slicing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/slicing/</guid>
<description></description>
</item>
<item>
<title>Sliding_Window_Algorithm</title>
<link>/theories/sliding_window_algorithm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sliding_window_algorithm/</guid>
<description></description>
</item>
<item>
<title>SM</title>
<link>/theories/sm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sm/</guid>
<description></description>
</item>
<item>
<title>SM_Base</title>
<link>/theories/sm_base/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sm_base/</guid>
<description></description>
</item>
<item>
<title>Smith_Normal_Form</title>
<link>/theories/smith_normal_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/smith_normal_form/</guid>
<description></description>
</item>
<item>
<title>Smooth_Manifolds</title>
<link>/theories/smooth_manifolds/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/smooth_manifolds/</guid>
<description></description>
</item>
<item>
<title>Solidity</title>
<link>/theories/solidity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/solidity/</guid>
<description></description>
</item>
<item>
<title>Sophomores_Dream</title>
<link>/theories/sophomores_dream/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sophomores_dream/</guid>
<description></description>
</item>
<item>
<title>Sort_Encodings</title>
<link>/theories/sort_encodings/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sort_encodings/</guid>
<description></description>
</item>
<item>
<title>Source_Coding_Theorem</title>
<link>/theories/source_coding_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/source_coding_theorem/</guid>
<description></description>
</item>
<item>
<title>SPARCv8</title>
<link>/theories/sparcv8/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sparcv8/</guid>
<description></description>
</item>
<item>
<title>SpecCheck</title>
<link>/theories/speccheck/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/speccheck/</guid>
<description></description>
</item>
<item>
<title>Special_Function_Bounds</title>
<link>/theories/special_function_bounds/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/special_function_bounds/</guid>
<description></description>
</item>
<item>
<title>Splay_Tree</title>
<link>/theories/splay_tree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/splay_tree/</guid>
<description></description>
</item>
<item>
<title>Sqrt_Babylonian</title>
<link>/theories/sqrt_babylonian/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sqrt_babylonian/</guid>
<description></description>
</item>
<item>
<title>Stable_Matching</title>
<link>/theories/stable_matching/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stable_matching/</guid>
<description></description>
</item>
<item>
<title>Statecharts</title>
<link>/theories/statecharts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/statecharts/</guid>
<description></description>
</item>
<item>
<title>Stateful_Protocol_Composition_and_Typing</title>
<link>/theories/stateful_protocol_composition_and_typing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stateful_protocol_composition_and_typing/</guid>
<description></description>
</item>
<item>
<title>Statistics</title>
<link>/statistics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/statistics/</guid>
- <description>699 Entries 425 Authors ~220,200 Lemmas ~3,582,600 Lines of Code Most used AFP articles: Name Used by ? articles 1. List-Index 21 2. Collections 18 3. Show 16 4. Coinductive 12 5. Deriving 12 6. Jordan_Normal_Form 12 7. Polynomial_Factorization 12 8. Regular-Sets 12 9.</description>
+ <description>704 Entries 426 Authors ~222,700 Lemmas ~3,630,000 Lines of Code Most used AFP articles: Name Used by ? articles 1. List-Index 21 2. Collections 18 3. Show 16 4. Coinductive 12 5. Deriving 12 6. Jordan_Normal_Form 12 7. Polynomial_Factorization 12 8. Regular-Sets 12 9.</description>
</item>
<item>
<title>Stellar_Quorums</title>
<link>/theories/stellar_quorums/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stellar_quorums/</guid>
<description></description>
</item>
<item>
<title>Stern_Brocot</title>
<link>/theories/stern_brocot/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stern_brocot/</guid>
<description></description>
</item>
<item>
<title>Stewart_Apollonius</title>
<link>/theories/stewart_apollonius/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stewart_apollonius/</guid>
<description></description>
</item>
<item>
<title>Stirling_Formula</title>
<link>/theories/stirling_formula/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stirling_formula/</guid>
<description></description>
</item>
<item>
<title>Stochastic_Matrices</title>
<link>/theories/stochastic_matrices/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stochastic_matrices/</guid>
<description></description>
</item>
<item>
<title>Stone_Algebras</title>
<link>/theories/stone_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stone_algebras/</guid>
<description></description>
</item>
<item>
<title>Stone_Kleene_Relation_Algebras</title>
<link>/theories/stone_kleene_relation_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stone_kleene_relation_algebras/</guid>
<description></description>
</item>
<item>
<title>Stone_Relation_Algebras</title>
<link>/theories/stone_relation_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stone_relation_algebras/</guid>
<description></description>
</item>
<item>
<title>Store_Buffer_Reduction</title>
<link>/theories/store_buffer_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/store_buffer_reduction/</guid>
<description></description>
</item>
<item>
<title>Stream-Fusion</title>
<link>/theories/stream-fusion/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stream-fusion/</guid>
<description></description>
</item>
<item>
<title>Stream_Fusion_Code</title>
<link>/theories/stream_fusion_code/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stream_fusion_code/</guid>
<description></description>
</item>
<item>
<title>Strong_Security</title>
<link>/theories/strong_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/strong_security/</guid>
<description></description>
</item>
<item>
<title>Sturm_Sequences</title>
<link>/theories/sturm_sequences/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sturm_sequences/</guid>
<description></description>
</item>
<item>
<title>Sturm_Tarski</title>
<link>/theories/sturm_tarski/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sturm_tarski/</guid>
<description></description>
</item>
<item>
<title>Stuttering_Equivalence</title>
<link>/theories/stuttering_equivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stuttering_equivalence/</guid>
<description></description>
</item>
<item>
<title>Subresultants</title>
<link>/theories/subresultants/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/subresultants/</guid>
<description></description>
</item>
<item>
<title>Subset_Boolean_Algebras</title>
<link>/theories/subset_boolean_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/subset_boolean_algebras/</guid>
<description></description>
</item>
<item>
<title>SumSquares</title>
<link>/theories/sumsquares/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sumsquares/</guid>
<description></description>
</item>
<item>
<title>Sunflowers</title>
<link>/theories/sunflowers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sunflowers/</guid>
<description></description>
</item>
<item>
<title>SuperCalc</title>
<link>/theories/supercalc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/supercalc/</guid>
<description></description>
</item>
<item>
<title>Surprise_Paradox</title>
<link>/theories/surprise_paradox/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/surprise_paradox/</guid>
<description></description>
</item>
<item>
<title>Symmetric_Polynomials</title>
<link>/theories/symmetric_polynomials/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/symmetric_polynomials/</guid>
<description></description>
</item>
<item>
<title>Syntax_Independent_Logic</title>
<link>/theories/syntax_independent_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/syntax_independent_logic/</guid>
<description></description>
</item>
<item>
<title>Szemeredi_Regularity</title>
<link>/theories/szemeredi_regularity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/szemeredi_regularity/</guid>
<description></description>
</item>
<item>
<title>Szpilrajn</title>
<link>/theories/szpilrajn/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/szpilrajn/</guid>
<description></description>
</item>
<item>
<title>Tail_Recursive_Functions</title>
<link>/theories/tail_recursive_functions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tail_recursive_functions/</guid>
<description></description>
</item>
<item>
<title>Tarskis_Geometry</title>
<link>/theories/tarskis_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tarskis_geometry/</guid>
<description></description>
</item>
<item>
<title>Taylor_Models</title>
<link>/theories/taylor_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/taylor_models/</guid>
<description></description>
</item>
<item>
<title>TESL_Language</title>
<link>/theories/tesl_language/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tesl_language/</guid>
<description></description>
</item>
<item>
<title>Three_Circles</title>
<link>/theories/three_circles/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/three_circles/</guid>
<description></description>
</item>
<item>
<title>Timed_Automata</title>
<link>/theories/timed_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/timed_automata/</guid>
<description></description>
</item>
<item>
<title>TLA</title>
<link>/theories/tla/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tla/</guid>
<description></description>
</item>
<item>
<title>Topological_Semantics</title>
<link>/theories/topological_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/topological_semantics/</guid>
<description></description>
</item>
<item>
<title>Topology</title>
<link>/theories/topology/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/topology/</guid>
<description></description>
</item>
<item>
<title>TortoiseHare</title>
<link>/theories/tortoisehare/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tortoisehare/</guid>
<description></description>
</item>
<item>
<title>Transcendence_Series_Hancl_Rucki</title>
<link>/theories/transcendence_series_hancl_rucki/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transcendence_series_hancl_rucki/</guid>
<description></description>
</item>
<item>
<title>Transformer_Semantics</title>
<link>/theories/transformer_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transformer_semantics/</guid>
<description></description>
</item>
<item>
<title>Transition_Systems_and_Automata</title>
<link>/theories/transition_systems_and_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transition_systems_and_automata/</guid>
<description></description>
</item>
<item>
<title>Transitive-Closure</title>
<link>/theories/transitive-closure/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transitive-closure/</guid>
<description></description>
</item>
<item>
<title>Transitive-Closure-II</title>
<link>/theories/transitive-closure-ii/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transitive-closure-ii/</guid>
<description></description>
</item>
<item>
<title>Transitive_Models</title>
<link>/theories/transitive_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transitive_models/</guid>
<description></description>
</item>
<item>
<title>Treaps</title>
<link>/theories/treaps/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/treaps/</guid>
<description></description>
</item>
<item>
<title>Tree-Automata</title>
<link>/theories/tree-automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tree-automata/</guid>
<description></description>
</item>
<item>
<title>Tree_Decomposition</title>
<link>/theories/tree_decomposition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tree_decomposition/</guid>
<description></description>
</item>
<item>
<title>Triangle</title>
<link>/theories/triangle/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/triangle/</guid>
<description></description>
</item>
<item>
<title>Trie</title>
<link>/theories/trie/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/trie/</guid>
<description></description>
</item>
<item>
<title>Twelvefold_Way</title>
<link>/theories/twelvefold_way/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/twelvefold_way/</guid>
<description></description>
</item>
<item>
<title>Tycon</title>
<link>/theories/tycon/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tycon/</guid>
<description></description>
</item>
<item>
<title>Types_Tableaus_and_Goedels_God</title>
<link>/theories/types_tableaus_and_goedels_god/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/types_tableaus_and_goedels_god/</guid>
<description></description>
</item>
<item>
<title>Types_To_Sets_Extension</title>
<link>/theories/types_to_sets_extension/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/types_to_sets_extension/</guid>
<description></description>
</item>
<item>
<title>Universal_Hash_Families</title>
<link>/theories/universal_hash_families/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/universal_hash_families/</guid>
<description></description>
</item>
<item>
<title>Universal_Turing_Machine</title>
<link>/theories/universal_turing_machine/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/universal_turing_machine/</guid>
<description></description>
</item>
<item>
<title>UpDown_Scheme</title>
<link>/theories/updown_scheme/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/updown_scheme/</guid>
<description></description>
</item>
<item>
<title>UPF</title>
<link>/theories/upf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/upf/</guid>
<description></description>
</item>
<item>
<title>UPF_Firewall</title>
<link>/theories/upf_firewall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/upf_firewall/</guid>
<description></description>
</item>
<item>
<title>UTP</title>
<link>/theories/utp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/utp/</guid>
<description></description>
</item>
<item>
<title>UTP-Toolkit</title>
<link>/theories/utp-toolkit/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/utp-toolkit/</guid>
<description></description>
</item>
<item>
<title>Valuation</title>
<link>/theories/valuation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/valuation/</guid>
<description></description>
</item>
<item>
<title>Van_der_Waerden</title>
<link>/theories/van_der_waerden/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/van_der_waerden/</guid>
<description></description>
</item>
<item>
<title>Van_Emde_Boas_Trees</title>
<link>/theories/van_emde_boas_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/van_emde_boas_trees/</guid>
<description></description>
</item>
<item>
<title>VectorSpace</title>
<link>/theories/vectorspace/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/vectorspace/</guid>
<description></description>
</item>
<item>
<title>VeriComp</title>
<link>/theories/vericomp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/vericomp/</guid>
<description></description>
</item>
<item>
<title>Verified-Prover</title>
<link>/theories/verified-prover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/verified-prover/</guid>
<description></description>
</item>
<item>
<title>Verified_SAT_Based_AI_Planning</title>
<link>/theories/verified_sat_based_ai_planning/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/verified_sat_based_ai_planning/</guid>
<description></description>
</item>
<item>
<title>VerifyThis2018</title>
<link>/theories/verifythis2018/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/verifythis2018/</guid>
<description></description>
</item>
<item>
<title>VerifyThis2019</title>
<link>/theories/verifythis2019/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/verifythis2019/</guid>
<description></description>
</item>
<item>
<title>Vickrey_Clarke_Groves</title>
<link>/theories/vickrey_clarke_groves/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/vickrey_clarke_groves/</guid>
<description></description>
</item>
<item>
<title>Virtual_Substitution</title>
<link>/theories/virtual_substitution/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/virtual_substitution/</guid>
<description></description>
</item>
<item>
<title>VolpanoSmith</title>
<link>/theories/volpanosmith/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/volpanosmith/</guid>
<description></description>
</item>
<item>
<title>VYDRA_MDL</title>
<link>/theories/vydra_mdl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/vydra_mdl/</guid>
<description></description>
</item>
<item>
<title>WebAssembly</title>
<link>/theories/webassembly/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/webassembly/</guid>
<description></description>
</item>
<item>
<title>Weight_Balanced_Trees</title>
<link>/theories/weight_balanced_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/weight_balanced_trees/</guid>
<description></description>
</item>
<item>
<title>Weighted_Arithmetic_Geometric_Mean</title>
<link>/theories/weighted_arithmetic_geometric_mean/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/weighted_arithmetic_geometric_mean/</guid>
<description></description>
</item>
<item>
<title>Weighted_Path_Order</title>
<link>/theories/weighted_path_order/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/weighted_path_order/</guid>
<description></description>
</item>
<item>
<title>Well_Quasi_Orders</title>
<link>/theories/well_quasi_orders/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/well_quasi_orders/</guid>
<description></description>
</item>
<item>
<title>Wetzels_Problem</title>
<link>/theories/wetzels_problem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/wetzels_problem/</guid>
<description></description>
</item>
<item>
<title>WHATandWHERE_Security</title>
<link>/theories/whatandwhere_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/whatandwhere_security/</guid>
<description></description>
</item>
<item>
<title>Winding_Number_Eval</title>
<link>/theories/winding_number_eval/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/winding_number_eval/</guid>
<description></description>
</item>
<item>
<title>WOOT_Strong_Eventual_Consistency</title>
<link>/theories/woot_strong_eventual_consistency/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/woot_strong_eventual_consistency/</guid>
<description></description>
</item>
<item>
<title>Word_Lib</title>
<link>/theories/word_lib/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/word_lib/</guid>
<description></description>
</item>
<item>
<title>WorkerWrapper</title>
<link>/theories/workerwrapper/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/workerwrapper/</guid>
<description></description>
</item>
<item>
<title>X86_Semantics</title>
<link>/theories/x86_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/x86_semantics/</guid>
<description></description>
</item>
<item>
<title>XML</title>
<link>/theories/xml/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/xml/</guid>
<description></description>
</item>
<item>
<title>Youngs_Inequality</title>
<link>/theories/youngs_inequality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/youngs_inequality/</guid>
<description></description>
</item>
<item>
<title>Zeta_3_Irrational</title>
<link>/theories/zeta_3_irrational/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/zeta_3_irrational/</guid>
<description></description>
</item>
<item>
<title>Zeta_Function</title>
<link>/theories/zeta_function/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/zeta_function/</guid>
<description></description>
</item>
<item>
<title>ZFC_in_HOL</title>
<link>/theories/zfc_in_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/zfc_in_hol/</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/sitemap.xml b/web/sitemap.xml
--- a/web/sitemap.xml
+++ b/web/sitemap.xml
@@ -1,5826 +1,5860 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
xmlns:xhtml="http://www.w3.org/1999/xhtml">
<url>
<loc>/</loc>
- <lastmod>2022-09-08T00:00:00+00:00</lastmod>
+ <lastmod>2022-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/</loc>
- <lastmod>2022-09-08T00:00:00+00:00</lastmod>
+ <lastmod>2022-09-22T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/authors/crighton/</loc>
+ <lastmod>2022-09-22T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/dependencies/</loc>
+ <lastmod>2022-09-22T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/entries/</loc>
+ <lastmod>2022-09-22T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/dependencies/localization_ring/</loc>
+ <lastmod>2022-09-22T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/entries/Padic_Field.html</loc>
+ <lastmod>2022-09-22T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/dependencies/padic_ints/</loc>
+ <lastmod>2022-09-22T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/authors/doty/</loc>
+ <lastmod>2022-09-18T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/entries/Risk_Free_Lending.html</loc>
+ <lastmod>2022-09-18T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/authors/from/</loc>
+ <lastmod>2022-09-13T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/entries/Implicational_Logic.html</loc>
+ <lastmod>2022-09-13T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/authors/villadsen/</loc>
+ <lastmod>2022-09-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/berlekamp_zassenhaus/</loc>
<lastmod>2022-09-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CRYSTALS-Kyber.html</loc>
<lastmod>2022-09-08T00:00:00+00:00</lastmod>
</url><url>
- <loc>/dependencies/</loc>
- <lastmod>2022-09-08T00:00:00+00:00</lastmod>
- </url><url>
- <loc>/entries/</loc>
- <lastmod>2022-09-08T00:00:00+00:00</lastmod>
- </url><url>
<loc>/authors/kreuzer/</loc>
<lastmod>2022-09-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/number_theoretic_transform/</loc>
<lastmod>2022-09-08T00:00:00+00:00</lastmod>
</url><url>
+ <loc>/authors/dardinier/</loc>
+ <lastmod>2022-09-05T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/entries/Separation_Logic_Unbounded.html</loc>
+ <lastmod>2022-09-05T00:00:00+00:00</lastmod>
+ </url><url>
<loc>/authors/argyraki/</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/bernoulli/</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/eberl/</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/jacobson_basic_algebra/</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Khovanskii_Theorem.html</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/paulson/</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/pluennecke_ruzsa_inequality/</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sulejmani/</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hales_Jewett.html</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ammer/</loc>
<lastmod>2022-08-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Number_Theoretic_Transform.html</loc>
<lastmod>2022-08-18T00:00:00+00:00</lastmod>
</url><url>
+ <loc>/entries/SCC_Bloemen_Sequential.html</loc>
+ <lastmod>2022-08-17T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/authors/merz/</loc>
+ <lastmod>2022-08-17T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/authors/trelat/</loc>
+ <lastmod>2022-08-17T00:00:00+00:00</lastmod>
+ </url><url>
<loc>/authors/bortin/</loc>
<lastmod>2022-08-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Involutions2Squares.html</loc>
<lastmod>2022-08-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/containers/</loc>
<lastmod>2022-08-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/datatype_order_generator/</loc>
<lastmod>2022-08-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/native_word/</loc>
<lastmod>2022-08-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sachtleben/</loc>
<lastmod>2022-08-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FSM_Tests.html</loc>
<lastmod>2022-08-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brucker/</loc>
<lastmod>2022-07-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Nano_JSON.html</loc>
<lastmod>2022-07-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/topics/tools/</loc>
<lastmod>2022-07-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/topics/</loc>
<lastmod>2022-07-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/echenim/</loc>
<lastmod>2022-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Solidity.html</loc>
<lastmod>2022-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/marmsoler/</loc>
<lastmod>2022-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/projective_measurements/</loc>
<lastmod>2022-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Commuting_Hermitian.html</loc>
<lastmod>2022-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Weighted_Arithmetic_Geometric_Mean.html</loc>
<lastmod>2022-07-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IMP_Compiler_Reuse.html</loc>
<lastmod>2022-07-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/noce/</loc>
<lastmod>2022-07-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nipkow/</loc>
<lastmod>2022-06-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Real_Time_Deque.html</loc>
<lastmod>2022-06-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/toth/</loc>
<lastmod>2022-06-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Boolos_Curious_Inference.html</loc>
<lastmod>2022-06-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ketland/</loc>
<lastmod>2022-06-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dirichlet_series/</loc>
<lastmod>2022-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Finite_Fields.html</loc>
<lastmod>2022-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IsaNet.html</loc>
<lastmod>2022-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/karayel/</loc>
<lastmod>2022-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/klenze/</loc>
<lastmod>2022-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sprenger/</loc>
<lastmod>2022-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bayer/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/david/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/digit_expansions/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DPRM_Theorem.html</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lucas_theorem/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/matiyasevich/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/pal/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schleicher/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stock/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lochmann/</loc>
<lastmod>2022-06-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Rewrite_Properties_Reduction.html</loc>
<lastmod>2022-06-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/regular_tree_relations/</loc>
<lastmod>2022-06-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Combinable_Wands.html</loc>
<lastmod>2022-05-30T00:00:00+00:00</lastmod>
</url><url>
- <loc>/authors/dardinier/</loc>
- <lastmod>2022-05-30T00:00:00+00:00</lastmod>
- </url><url>
<loc>/dependencies/package_logic/</loc>
<lastmod>2022-05-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pluennecke_Ruzsa_Inequality.html</loc>
<lastmod>2022-05-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Package_logic.html</loc>
<lastmod>2022-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Clique_and_Monotone_Circuits.html</loc>
<lastmod>2022-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/stirling_formula/</loc>
<lastmod>2022-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sunflowers/</loc>
<lastmod>2022-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/thiemann/</loc>
<lastmod>2022-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/benor_kozen_reif/</loc>
<lastmod>2022-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/design_theory/</loc>
<lastmod>2022-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/edmonds/</loc>
<lastmod>2022-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Fishers_Inequality.html</loc>
<lastmod>2022-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/groebner_bases/</loc>
<lastmod>2022-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/list-index/</loc>
<lastmod>2022-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/polynomial_factorization/</loc>
<lastmod>2022-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Digit_Expansions.html</loc>
<lastmod>2022-04-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schmidinger/</loc>
<lastmod>2022-04-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Multiset_Ordering_NPC.html</loc>
<lastmod>2022-04-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/weighted_path_order/</loc>
<lastmod>2022-04-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sophomores_Dream.html</loc>
<lastmod>2022-04-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Prefix_Free_Code_Combinators.html</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/bertrands_postulate/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/equivalence_relation_enumeration/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Frequency_Moments.html</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/interpolation_polynomials_hol_algebra/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lp/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/median_method/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/prefix_free_code_combinators/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/universal_hash_families/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dedekind_Real.html</loc>
<lastmod>2022-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fleuriot/</loc>
<lastmod>2022-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ackermanns_not_PR.html</loc>
<lastmod>2022-03-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FOL_Seq_Calc3.html</loc>
<lastmod>2022-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/abstract_completeness/</loc>
<lastmod>2022-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/abstract_soundness/</loc>
<lastmod>2022-03-22T00:00:00+00:00</lastmod>
</url><url>
- <loc>/authors/from/</loc>
- <lastmod>2022-03-22T00:00:00+00:00</lastmod>
- </url><url>
<loc>/entries/Cotangent_PFD_Formula.html</loc>
<lastmod>2022-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gunther/</loc>
<lastmod>2022-03-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/pagano/</loc>
<lastmod>2022-03-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/steinberg/</loc>
<lastmod>2022-03-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/terraf/</loc>
<lastmod>2022-03-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Independence_CH.html</loc>
<lastmod>2022-03-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/transitive_models/</loc>
<lastmod>2022-03-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/delta_system_lemma/</loc>
<lastmod>2022-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Transitive_Models.html</loc>
<lastmod>2022-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ResiduatedTransitionSystem.html</loc>
<lastmod>2022-02-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stark/</loc>
<lastmod>2022-02-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/finite_fields/</loc>
<lastmod>2022-02-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Universal_Hash_Families.html</loc>
<lastmod>2022-02-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Wetzels_Problem.html</loc>
<lastmod>2022-02-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/zfc_in_hol/</loc>
<lastmod>2022-02-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Eval_FO.html</loc>
<lastmod>2022-02-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/raszyk/</loc>
<lastmod>2022-02-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/VYDRA_MDL.html</loc>
<lastmod>2022-02-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/card_equiv_relations/</loc>
<lastmod>2022-02-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Equivalence_Relation_Enumeration.html</loc>
<lastmod>2022-02-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LP_Duality.html</loc>
<lastmod>2022-02-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hirata/</loc>
<lastmod>2022-02-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/linear_inequalities/</loc>
<lastmod>2022-02-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/minamide/</loc>
<lastmod>2022-02-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Quasi_Borel_Spaces.html</loc>
<lastmod>2022-02-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sato/</loc>
<lastmod>2022-02-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/felgenhauer/</loc>
<lastmod>2022-02-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FO_Theory_Rewriting.html</loc>
<lastmod>2022-02-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/fol-fitting/</loc>
<lastmod>2022-02-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FOL_Seq_Calc2.html</loc>
<lastmod>2022-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/collections/</loc>
<lastmod>2022-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/fol_seq_calc1/</loc>
<lastmod>2022-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jacobsen/</loc>
<lastmod>2022-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Youngs_Inequality.html</loc>
<lastmod>2022-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Interpolation_Polynomials_HOL_Algebra.html</loc>
<lastmod>2022-01-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Median_Method.html</loc>
<lastmod>2022-01-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Actuarial_Mathematics.html</loc>
<lastmod>2022-01-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ito/</loc>
<lastmod>2022-01-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Irrationals_From_THEBOOK.html</loc>
<lastmod>2022-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Knights_Tour.html</loc>
<lastmod>2022-01-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/koller/</loc>
<lastmod>2022-01-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hyperdual.html</loc>
<lastmod>2021-12-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/smola/</loc>
<lastmod>2021-12-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gale_Shapley.html</loc>
<lastmod>2021-12-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ergodic_theory/</loc>
<lastmod>2021-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/girth_chromatic/</loc>
<lastmod>2021-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/random_graph_subgraph_threshold/</loc>
<lastmod>2021-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Roth_Arithmetic_Progressions.html</loc>
<lastmod>2021-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/szemeredi_regularity/</loc>
<lastmod>2021-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/abdulaziz/</loc>
<lastmod>2021-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/gauss_jordan/</loc>
<lastmod>2021-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MDP-Rewards.html</loc>
<lastmod>2021-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/mdp-rewards/</loc>
<lastmod>2021-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schaeffeler/</loc>
<lastmod>2021-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MDP-Algorithms.html</loc>
<lastmod>2021-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/knuth_bendix_order/</loc>
<lastmod>2021-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Regular_Tree_Relations.html</loc>
<lastmod>2021-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sternagel/</loc>
<lastmod>2021-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sternagelt/</loc>
<lastmod>2021-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/aransay/</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/campo/</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/jordan_normal_form/</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/michaelis/</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/robdd/</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sepref_prereq/</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Simplicial_complexes_and_boolean_functions.html</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/automatic_refinement/</loc>
<lastmod>2021-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/deriving/</loc>
<lastmod>2021-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lammich/</loc>
<lastmod>2021-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Van_Emde_Boas_Trees.html</loc>
<lastmod>2021-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Foundation_of_geometry.html</loc>
<lastmod>2021-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/iwama/</loc>
<lastmod>2021-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/cousin/</loc>
<lastmod>2021-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/guiol/</loc>
<lastmod>2021-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hahn_Jordan_Decomposition.html</loc>
<lastmod>2021-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/algebraic_numbers/</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PAL.html</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/benzmueller/</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SimplifiedOntologicalArgument.html</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Factor_Algebraic_Polynomial.html</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hermite_lindemann/</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/polynomials/</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Real_Power.html</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/reiche/</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Szemeredi_Regularity.html</loc>
<lastmod>2021-11-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/complex_bounded_operators/</loc>
<lastmod>2021-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Registers.html</loc>
<lastmod>2021-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/unruh/</loc>
<lastmod>2021-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Belief_Revision.html</loc>
<lastmod>2021-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/boulanger/</loc>
<lastmod>2021-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fouillard/</loc>
<lastmod>2021-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sabouret/</loc>
<lastmod>2021-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/taha/</loc>
<lastmod>2021-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bharadwaj/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bockenek/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ravindran/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/roessle/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/verbeek/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/weerwag/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/word_lib/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/X86_Semantics.html</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Correctness_Algebras.html</loc>
<lastmod>2021-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/guttmann/</loc>
<lastmod>2021-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/monobooltranalgebra/</loc>
<lastmod>2021-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/stone_kleene_relation_algebras/</loc>
<lastmod>2021-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/subset_boolean_algebras/</loc>
<lastmod>2021-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/cordwell/</loc>
<lastmod>2021-10-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/mitsch/</loc>
<lastmod>2021-10-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/platzer/</loc>
<lastmod>2021-10-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/scharager/</loc>
<lastmod>2021-10-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Virtual_Substitution.html</loc>
<lastmod>2021-10-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FOL_Axiomatic.html</loc>
<lastmod>2021-09-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/banach_steinhaus/</loc>
<lastmod>2021-09-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/caballero/</loc>
<lastmod>2021-09-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Complex_Bounded_Operators.html</loc>
<lastmod>2021-09-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/real_impl/</loc>
<lastmod>2021-09-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Weighted_Path_Order.html</loc>
<lastmod>2021-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/yamada/</loc>
<lastmod>2021-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CZH_Foundations.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CZH_Elementary_Categories.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CZH_Universal_Constructions.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Conditional_Simplification.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Conditional_Transfer_Rule.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/conditional_simplification/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/conditional_transfer_rule/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/czh_elementary_categories/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/czh_foundations/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Types_To_Sets_Extension.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Intro_Dest_Elim.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/intro_dest_elim/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/milehins/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/speccheck/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dominance_CHK.html</loc>
<lastmod>2021-09-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jiang/</loc>
<lastmod>2021-09-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/jinja/</loc>
<lastmod>2021-09-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/complex_geometry/</loc>
<lastmod>2021-09-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/factor_algebraic_polynomial/</loc>
<lastmod>2021-09-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Cubic_Quartic_Equations.html</loc>
<lastmod>2021-09-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Logging_Independent_Anonymity.html</loc>
<lastmod>2021-08-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/budan_fourier/</loc>
<lastmod>2021-08-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/li/</loc>
<lastmod>2021-08-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/polynomial_interpolation/</loc>
<lastmod>2021-08-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Three_Circles.html</loc>
<lastmod>2021-08-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/thomson/</loc>
<lastmod>2021-08-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bauereiss/</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/bd_security_compositional/</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/bounded_deducibility_security/</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CoCon.html</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BD_Security_Compositional.html</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CoSMed.html</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CoSMeDis.html</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Fresh_Identifiers.html</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/fresh_identifiers/</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/popescu/</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/card_partitions/</loc>
<lastmod>2021-08-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Design_Theory.html</loc>
<lastmod>2021-08-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/graph_theory/</loc>
<lastmod>2021-08-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/nested_multisets_ordinals/</loc>
<lastmod>2021-08-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational_Forests.html</loc>
<lastmod>2021-08-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/palmer/</loc>
<lastmod>2021-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schmoetten/</loc>
<lastmod>2021-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Schutz_Spacetime.html</loc>
<lastmod>2021-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Finitely_Generated_Abelian_Groups.html</loc>
<lastmod>2021-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/thommes/</loc>
<lastmod>2021-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bulwahn/</loc>
<lastmod>2021-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kappelmann/</loc>
<lastmod>2021-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SpecCheck.html</loc>
<lastmod>2021-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/willenbrink/</loc>
<lastmod>2021-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Van_der_Waerden.html</loc>
<lastmod>2021-06-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MiniSail.html</loc>
<lastmod>2021-06-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/nominal2/</loc>
<lastmod>2021-06-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/show/</loc>
<lastmod>2021-06-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wassell/</loc>
<lastmod>2021-06-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/epistemic_logic/</loc>
<lastmod>2021-06-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Public_Announcement_Logic.html</loc>
<lastmod>2021-06-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IMP_Compiler.html</loc>
<lastmod>2021-06-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Combinatorics_Words.html</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/combinatorics_words/</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Combinatorics_Words_Graph_Lemma.html</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/holub/</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Combinatorics_Words_Lyndon.html</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/raska/</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/starosta/</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/szpilrajn/</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/jinjadci/</loc>
<lastmod>2021-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/mansky/</loc>
<lastmod>2021-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Regression_Test_Selection.html</loc>
<lastmod>2021-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Metalogic_ProofChecker.html</loc>
<lastmod>2021-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kadzioka/</loc>
<lastmod>2021-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lifting_the_Exponent.html</loc>
<lastmod>2021-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rosskopf/</loc>
<lastmod>2021-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sturm_tarski/</loc>
<lastmod>2021-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tan/</loc>
<lastmod>2021-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BenOr_Kozen_Reif.html</loc>
<lastmod>2021-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/GaleStewart_Games.html</loc>
<lastmod>2021-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/joosten/</loc>
<lastmod>2021-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/parity_game/</loc>
<lastmod>2021-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brun/</loc>
<lastmod>2021-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/decova/</loc>
<lastmod>2021-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Progress_Tracking.html</loc>
<lastmod>2021-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lattuada/</loc>
<lastmod>2021-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/traytel/</loc>
<lastmod>2021-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IFC_Tracking.html</loc>
<lastmod>2021-04-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nordhoff/</loc>
<lastmod>2021-04-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bordg/</loc>
<lastmod>2021-03-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Grothendieck_Schemes.html</loc>
<lastmod>2021-03-29T00:00:00+00:00</lastmod>
</url><url>
- <loc>/authors/crighton/</loc>
- <lastmod>2021-03-23T00:00:00+00:00</lastmod>
- </url><url>
<loc>/entries/Padic_Ints.html</loc>
<lastmod>2021-03-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Constructive_Cryptography_CM.html</loc>
<lastmod>2021-03-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/constructive_cryptography/</loc>
<lastmod>2021-03-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/game_based_crypto/</loc>
<lastmod>2021-03-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lochbihler/</loc>
<lastmod>2021-03-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sefidgar/</loc>
<lastmod>2021-03-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sigma_commit_crypto/</loc>
<lastmod>2021-03-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bottesch/</loc>
<lastmod>2021-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/divason/</loc>
<lastmod>2021-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hermite/</loc>
<lastmod>2021-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lll_basis_reduction/</loc>
<lastmod>2021-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/smith_normal_form/</loc>
<lastmod>2021-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</loc>
<lastmod>2021-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/isabelle_marries_dirac/</loc>
<lastmod>2021-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/pi_transcendental/</loc>
<lastmod>2021-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/power_sum_polynomials/</loc>
<lastmod>2021-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/qhlprover/</loc>
<lastmod>2021-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Projective_Measurements.html</loc>
<lastmod>2021-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hermite_Lindemann.html</loc>
<lastmod>2021-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/blumson/</loc>
<lastmod>2021-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Mereology.html</loc>
<lastmod>2021-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sunflowers.html</loc>
<lastmod>2021-02-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BTree.html</loc>
<lastmod>2021-02-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/muendler/</loc>
<lastmod>2021-02-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/refine_imperative_hol/</loc>
<lastmod>2021-02-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Formal_Puiseux_Series.html</loc>
<lastmod>2021-02-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Laws_of_Large_Numbers.html</loc>
<lastmod>2021-02-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/coghetto/</loc>
<lastmod>2021-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IsaGeoCoq.html</loc>
<lastmod>2021-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Blue_Eyes.html</loc>
<lastmod>2021-01-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hood_Melville_Queue.html</loc>
<lastmod>2021-01-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/londono/</loc>
<lastmod>2021-01-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/JinjaDCI.html</loc>
<lastmod>2021-01-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Delta_System_Lemma.html</loc>
<lastmod>2020-12-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fuenmayor/</loc>
<lastmod>2020-12-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Topological_Semantics.html</loc>
<lastmod>2020-12-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/aggregation_algebras/</loc>
<lastmod>2020-12-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brien/</loc>
<lastmod>2020-12-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational_Minimum_Spanning_Trees.html</loc>
<lastmod>2020-12-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/relational_disjoint_set_forests/</loc>
<lastmod>2020-12-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/desharnais/</loc>
<lastmod>2020-12-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Interpreter_Optimizations.html</loc>
<lastmod>2020-12-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/vericomp/</loc>
<lastmod>2020-12-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational_Method.html</loc>
<lastmod>2020-12-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/he/</loc>
<lastmod>2020-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Isabelle_Marries_Dirac.html</loc>
<lastmod>2020-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lachnitt/</loc>
<lastmod>2020-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/matrix_tensor/</loc>
<lastmod>2020-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/vectorspace/</loc>
<lastmod>2020-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hol-csp/</loc>
<lastmod>2020-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CSP_RefTK.html</loc>
<lastmod>2020-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wolff/</loc>
<lastmod>2020-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ye/</loc>
<lastmod>2020-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AI_Planning_Languages_Semantics.html</loc>
<lastmod>2020-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ai_planning_languages_semantics/</loc>
<lastmod>2020-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/certification_monads/</loc>
<lastmod>2020-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kurz/</loc>
<lastmod>2020-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/propositional_proof_systems/</loc>
<lastmod>2020-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Verified_SAT_Based_AI_Planning.html</loc>
<lastmod>2020-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Physical_Quantities.html</loc>
<lastmod>2020-10-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fosters/</loc>
<lastmod>2020-10-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/diaz/</loc>
<lastmod>2020-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Finite-Map-Extras.html</loc>
<lastmod>2020-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Shadow_DOM.html</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Shadow_SC_DOM.html</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SC_DOM_Components.html</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DOM_Components.html</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/core_dom/</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/core_sc_dom/</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/herzberg/</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/shadow_dom/</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/shadow_sc_dom/</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Core_SC_DOM.html</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Goedel_Incompleteness.html</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Goedel_HFSet_Semantic.html</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Goedel_HFSet_Semanticless.html</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/goedel_incompleteness/</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hereditarilyfinite/</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/incompleteness/</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Robinson_Arithmetic.html</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Syntax_Independent_Logic.html</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/syntax_independent_logic/</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Extended_Finite_State_Machines.html</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/derrick/</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/extended_finite_state_machines/</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/finfun/</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/foster/</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Extended_Finite_State_Machine_Inference.html</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/taylor/</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/balbach/</loc>
<lastmod>2020-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fleury/</loc>
<lastmod>2020-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kaufmann/</loc>
<lastmod>2020-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PAC_Checker.html</loc>
<lastmod>2020-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sepref_iicf/</loc>
<lastmod>2020-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Inductive_Inference.html</loc>
<lastmod>2020-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational_Disjoint_Set_Forests.html</loc>
<lastmod>2020-08-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/blanchette/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Saturation_Framework_Extensions.html</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/first_order_terms/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gammie/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/holcf-prelude/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ordered_resolution_prover/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BirdKMP.html</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/saturation_framework/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tourret/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/well_quasi_orders/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Amicable_Numbers.html</loc>
<lastmod>2020-08-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/pratt_certificate/</loc>
<lastmod>2020-08-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/nash_williams/</loc>
<lastmod>2020-08-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ordinal_Partitions.html</loc>
<lastmod>2020-08-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Chandy_Lamport.html</loc>
<lastmod>2020-07-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fiedler/</loc>
<lastmod>2020-07-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hoefner/</loc>
<lastmod>2020-07-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/relation_algebra/</loc>
<lastmod>2020-07-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational_Paths.html</loc>
<lastmod>2020-07-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Safe_Distance.html</loc>
<lastmod>2020-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/immler/</loc>
<lastmod>2020-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rizaldi/</loc>
<lastmod>2020-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sturm_sequences/</loc>
<lastmod>2020-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Smith_Normal_Form.html</loc>
<lastmod>2020-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/perron_frobenius/</loc>
<lastmod>2020-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Nash_Williams.html</loc>
<lastmod>2020-05-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Knuth_Bendix_Order.html</loc>
<lastmod>2020-05-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/matrix/</loc>
<lastmod>2020-05-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Irrational_Series_Erdos_Straus.html</loc>
<lastmod>2020-05-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/prime_distribution_elementary/</loc>
<lastmod>2020-05-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/prime_number_theorem/</loc>
<lastmod>2020-05-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dunaev/</loc>
<lastmod>2020-05-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Recursion-Addition.html</loc>
<lastmod>2020-05-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LTL_Normal_Form.html</loc>
<lastmod>2020-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ltl/</loc>
<lastmod>2020-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ltl_master_theorem/</loc>
<lastmod>2020-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sickert/</loc>
<lastmod>2020-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Forcing.html</loc>
<lastmod>2020-05-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Banach_Steinhaus.html</loc>
<lastmod>2020-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Attack_Trees.html</loc>
<lastmod>2020-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kammueller/</loc>
<lastmod>2020-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gaussian_Integers.html</loc>
<lastmod>2020-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Power_Sum_Polynomials.html</loc>
<lastmod>2020-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/symmetric_polynomials/</loc>
<lastmod>2020-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lambert_W.html</loc>
<lastmod>2020-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hybrid_systems_vcs/</loc>
<lastmod>2020-04-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Matrices_for_ODEs.html</loc>
<lastmod>2020-04-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/munive/</loc>
<lastmod>2020-04-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ADS_Functor.html</loc>
<lastmod>2020-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/maric/</loc>
<lastmod>2020-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sliding_Window_Algorithm.html</loc>
<lastmod>2020-04-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/heimes/</loc>
<lastmod>2020-04-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schneider/</loc>
<lastmod>2020-04-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Saturation_Framework.html</loc>
<lastmod>2020-04-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MFODL_Monitor_Optimized.html</loc>
<lastmod>2020-04-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/generic_join/</loc>
<lastmod>2020-04-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ieee_floating_point/</loc>
<lastmod>2020-04-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lambda_free_rpos/</loc>
<lastmod>2020-04-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/mfotl_monitor/</loc>
<lastmod>2020-04-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Automated_Stateful_Protocol_Verification.html</loc>
<lastmod>2020-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hess/</loc>
<lastmod>2020-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/moedersheim/</loc>
<lastmod>2020-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schlichtkrull/</loc>
<lastmod>2020-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stateful_Protocol_Composition_and_Typing.html</loc>
<lastmod>2020-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/stateful_protocol_composition_and_typing/</loc>
<lastmod>2020-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lucas_Theorem.html</loc>
<lastmod>2020-04-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gonzalez/</loc>
<lastmod>2020-03-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/WOOT_Strong_Eventual_Consistency.html</loc>
<lastmod>2020-03-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Furstenberg_Topology.html</loc>
<lastmod>2020-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational-Incorrectness-Logic.html</loc>
<lastmod>2020-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/murray/</loc>
<lastmod>2020-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/diekmann/</loc>
<lastmod>2020-03-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hello_World.html</loc>
<lastmod>2020-03-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hupel/</loc>
<lastmod>2020-03-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Goodstein_Lambda.html</loc>
<lastmod>2020-02-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/VeriComp.html</loc>
<lastmod>2020-02-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Arith_Prog_Rel_Primes.html</loc>
<lastmod>2020-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Subset_Boolean_Algebras.html</loc>
<lastmod>2020-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/moeller/</loc>
<lastmod>2020-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/stone_algebras/</loc>
<lastmod>2020-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Mersenne_Primes.html</loc>
<lastmod>2020-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/pell/</loc>
<lastmod>2020-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/probabilistic_prime_tests/</loc>
<lastmod>2020-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/essmann/</loc>
<lastmod>2020-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/robillard/</loc>
<lastmod>2020-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Approximation_Algorithms.html</loc>
<lastmod>2020-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/akra_bazzi/</loc>
<lastmod>2020-01-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Closest_Pair_Points.html</loc>
<lastmod>2020-01-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rau/</loc>
<lastmod>2020-01-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/root_balanced_tree/</loc>
<lastmod>2020-01-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/haslbeck/</loc>
<lastmod>2020-01-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/monad_normalisation/</loc>
<lastmod>2020-01-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Skip_Lists.html</loc>
<lastmod>2020-01-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Bicategory.html</loc>
<lastmod>2020-01-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/monoidalcategory/</loc>
<lastmod>2020-01-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/e_transcendental/</loc>
<lastmod>2019-12-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Zeta_3_Irrational.html</loc>
<lastmod>2019-12-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hybrid_Logic.html</loc>
<lastmod>2019-12-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hol-ode-numerics/</loc>
<lastmod>2019-12-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Poincare_Bendixson.html</loc>
<lastmod>2019-12-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/boutry/</loc>
<lastmod>2019-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Complex_Geometry.html</loc>
<lastmod>2019-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/maricf/</loc>
<lastmod>2019-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Poincare_Disc.html</loc>
<lastmod>2019-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/simic/</loc>
<lastmod>2019-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dirichlet_l/</loc>
<lastmod>2019-12-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gauss_Sums.html</loc>
<lastmod>2019-12-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/raya/</loc>
<lastmod>2019-12-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Generalized_Counting_Sort.html</loc>
<lastmod>2019-12-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bohrer/</loc>
<lastmod>2019-11-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Interval_Arithmetic_Word32.html</loc>
<lastmod>2019-11-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ZFC_in_HOL.html</loc>
<lastmod>2019-10-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Isabelle_C.html</loc>
<lastmod>2019-10-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tuong/</loc>
<lastmod>2019-10-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/VerifyThis2019.html</loc>
<lastmod>2019-10-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wimmer/</loc>
<lastmod>2019-10-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Aristotles_Assertoric_Syllogistic.html</loc>
<lastmod>2019-10-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/butler/</loc>
<lastmod>2019-10-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/crypthol/</loc>
<lastmod>2019-10-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sigma_Commit_Crypto.html</loc>
<lastmod>2019-10-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Clean.html</loc>
<lastmod>2019-10-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Generic_Join.html</loc>
<lastmod>2019-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/kad/</loc>
<lastmod>2019-09-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/kat_and_dra/</loc>
<lastmod>2019-09-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ordinary_differential_equations/</loc>
<lastmod>2019-09-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/transformer_semantics/</loc>
<lastmod>2019-09-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hybrid_Systems_VCs.html</loc>
<lastmod>2019-09-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Fourier.html</loc>
<lastmod>2019-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Jacobson_Basic_Algebra.html</loc>
<lastmod>2019-08-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ballarin/</loc>
<lastmod>2019-08-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Adaptive_State_Counting.html</loc>
<lastmod>2019-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/transition_systems_and_automata/</loc>
<lastmod>2019-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Laplace_Transform.html</loc>
<lastmod>2019-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/buyse/</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/C2KA_DistributedSystems.html</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/farkas/</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jaskolka/</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kaliszyk/</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Linear_Programming.html</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/parsert/</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IMO2019.html</loc>
<lastmod>2019-08-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/losa/</loc>
<lastmod>2019-08-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stellar_Quorums.html</loc>
<lastmod>2019-08-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/TESL_Language.html</loc>
<lastmod>2019-07-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/van/</loc>
<lastmod>2019-07-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Szpilrajn.html</loc>
<lastmod>2019-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stevens/</loc>
<lastmod>2019-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zeller/</loc>
<lastmod>2019-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FOL_Seq_Calc1.html</loc>
<lastmod>2019-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CakeML_Codegen.html</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/cakeml/</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/constructor_funs/</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dict_construction/</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/higher_order_terms/</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/huffman/</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/pairing_heap/</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MFOTL_Monitor.html</loc>
<lastmod>2019-07-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Complete_Non_Orders.html</loc>
<lastmod>2019-06-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dubut/</loc>
<lastmod>2019-06-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Priority_Search_Trees.html</loc>
<lastmod>2019-06-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/priority_search_trees/</loc>
<lastmod>2019-06-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Prim_Dijkstra_Simple.html</loc>
<lastmod>2019-06-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Linear_Inequalities.html</loc>
<lastmod>2019-06-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/reynaud/</loc>
<lastmod>2019-06-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Nullstellensatz.html</loc>
<lastmod>2019-06-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/maletzky/</loc>
<lastmod>2019-06-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Groebner_Macaulay.html</loc>
<lastmod>2019-06-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IMP2_Binary_Heap.html</loc>
<lastmod>2019-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/griebel/</loc>
<lastmod>2019-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/imp2/</loc>
<lastmod>2019-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Differential_Game_Logic.html</loc>
<lastmod>2019-06-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/median_of_medians_selection/</loc>
<lastmod>2019-05-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/KD_Tree.html</loc>
<lastmod>2019-05-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LambdaAuth.html</loc>
<lastmod>2019-05-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/aspinall/</loc>
<lastmod>2019-05-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Multi_Party_Computation.html</loc>
<lastmod>2019-05-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HOL-CSP.html</loc>
<lastmod>2019-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LTL_Master_Theorem.html</loc>
<lastmod>2019-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/seidl/</loc>
<lastmod>2019-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Binding_Syntax_Theory.html</loc>
<lastmod>2019-04-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gheri/</loc>
<lastmod>2019-04-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Transcendence_Series_Hancl_Rucki.html</loc>
<lastmod>2019-03-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/deep_learning/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/liu/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/liut/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/liy/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/QHLProver.html</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wang/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ying/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/yingm/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zhan/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zhann/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nikiforov/</loc>
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Safe_OCL.html</loc>
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Prime_Distribution_Elementary.html</loc>
<lastmod>2019-02-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/zeta_function/</loc>
<lastmod>2019-02-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/biendarra/</loc>
<lastmod>2019-02-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/haslbeckm/</loc>
<lastmod>2019-02-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Kruskal.html</loc>
<lastmod>2019-02-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/matroids/</loc>
<lastmod>2019-02-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/refine_monadic/</loc>
<lastmod>2019-02-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Probabilistic_Prime_Tests.html</loc>
<lastmod>2019-02-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stuewe/</loc>
<lastmod>2019-02-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/regensburger/</loc>
<lastmod>2019-02-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Universal_Turing_Machine.html</loc>
<lastmod>2019-02-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/urban/</loc>
<lastmod>2019-02-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/xu/</loc>
<lastmod>2019-02-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zhangx/</loc>
<lastmod>2019-02-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/UTP.html</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nemouchi/</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/optics/</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ribeiro/</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/List_Inversions.html</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/utp-toolkit/</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zeyda/</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Farkas.html</loc>
<lastmod>2019-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/simplex/</loc>
<lastmod>2019-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Higher_Order_Terms.html</loc>
<lastmod>2019-01-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IMP2.html</loc>
<lastmod>2019-01-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Store_Buffer_Reduction.html</loc>
<lastmod>2019-01-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/cohen/</loc>
<lastmod>2019-01-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schirmer/</loc>
<lastmod>2019-01-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Core_DOM.html</loc>
<lastmod>2018-12-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Concurrent_Revisions.html</loc>
<lastmod>2018-12-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/overbeek/</loc>
<lastmod>2018-12-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/auto2_hol/</loc>
<lastmod>2018-12-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Auto2_Imperative_HOL.html</loc>
<lastmod>2018-12-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Constructive_Cryptography.html</loc>
<lastmod>2018-12-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/kleene_algebra/</loc>
<lastmod>2018-12-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/order_lattice_props/</loc>
<lastmod>2018-12-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Order_Lattice_Props.html</loc>
<lastmod>2018-12-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/quantales/</loc>
<lastmod>2018-12-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Quantales.html</loc>
<lastmod>2018-12-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/struth/</loc>
<lastmod>2018-12-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Transformer_Semantics.html</loc>
<lastmod>2018-12-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Functional_Ordered_Resolution_Prover.html</loc>
<lastmod>2018-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Graph_Saturation.html</loc>
<lastmod>2018-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/open_induction/</loc>
<lastmod>2018-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Auto2_HOL.html</loc>
<lastmod>2018-11-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/keinholz/</loc>
<lastmod>2018-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Matroids.html</loc>
<lastmod>2018-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Generic_Deriving.html</loc>
<lastmod>2018-11-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/raedle/</loc>
<lastmod>2018-11-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/GewirthPGCProof.html</loc>
<lastmod>2018-10-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Epistemic_Logic.html</loc>
<lastmod>2018-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Smooth_Manifolds.html</loc>
<lastmod>2018-10-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bentkamp/</loc>
<lastmod>2018-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lambda_Free_EPO.html</loc>
<lastmod>2018-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/random_bsts/</loc>
<lastmod>2018-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Randomised_BSTs.html</loc>
<lastmod>2018-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Factored_Transition_System_Bounding.html</loc>
<lastmod>2018-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pi_Transcendental.html</loc>
<lastmod>2018-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Symmetric_Polynomials.html</loc>
<lastmod>2018-09-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Signature_Groebner.html</loc>
<lastmod>2018-09-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Prime_Number_Theorem.html</loc>
<lastmod>2018-09-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Aggregation_Algebras.html</loc>
<lastmod>2018-09-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Octonions.html</loc>
<lastmod>2018-09-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Quaternions.html</loc>
<lastmod>2018-09-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Budan_Fourier.html</loc>
<lastmod>2018-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Simplex.html</loc>
<lastmod>2018-08-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/spasic/</loc>
<lastmod>2018-08-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/abstract-rewriting/</loc>
<lastmod>2018-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Minsky_Machines.html</loc>
<lastmod>2018-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/recursion-theory-i/</loc>
<lastmod>2018-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DiscretePricing.html</loc>
<lastmod>2018-07-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/first_welfare_theorem/</loc>
<lastmod>2018-07-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Neumann_Morgenstern_Utility.html</loc>
<lastmod>2018-07-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pell.html</loc>
<lastmod>2018-06-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Projective_Geometry.html</loc>
<lastmod>2018-06-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Localization_Ring.html</loc>
<lastmod>2018-06-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brunner/</loc>
<lastmod>2018-06-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/coinductive/</loc>
<lastmod>2018-06-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Partial_Order_Reduction.html</loc>
<lastmod>2018-06-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/stuttering_equivalence/</loc>
<lastmod>2018-06-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/monad_memo_dp/</loc>
<lastmod>2018-05-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Optimal_BST.html</loc>
<lastmod>2018-05-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/somogyi/</loc>
<lastmod>2018-05-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hidden_Markov_Models.html</loc>
<lastmod>2018-05-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/markov_models/</loc>
<lastmod>2018-05-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hoelzl/</loc>
<lastmod>2018-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Probabilistic_Timed_Automata.html</loc>
<lastmod>2018-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/timed_automata/</loc>
<lastmod>2018-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AxiomaticCategoryTheory.html</loc>
<lastmod>2018-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Irrationality_J_Hancl.html</loc>
<lastmod>2018-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/scott/</loc>
<lastmod>2018-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hu/</loc>
<lastmod>2018-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Monad_Memo_DP.html</loc>
<lastmod>2018-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/beresford/</loc>
<lastmod>2018-05-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gomes/</loc>
<lastmod>2018-05-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kleppmann/</loc>
<lastmod>2018-05-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/mulligan/</loc>
<lastmod>2018-05-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/OpSets.html</loc>
<lastmod>2018-05-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Modular_Assembly_Kit_Security.html</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bracevac/</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gay/</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/grewe/</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/mantel/</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sudbrock/</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tasch/</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/watt/</loc>
<lastmod>2018-04-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/WebAssembly.html</loc>
<lastmod>2018-04-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/VerifyThis2018.html</loc>
<lastmod>2018-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BNF_CC.html</loc>
<lastmod>2018-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brandt/</loc>
<lastmod>2018-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/randomised_social_choice/</loc>
<lastmod>2018-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/saile/</loc>
<lastmod>2018-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stricker/</loc>
<lastmod>2018-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Fishburn_Impossibility.html</loc>
<lastmod>2018-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dirix/</loc>
<lastmod>2018-03-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Weight_Balanced_Trees.html</loc>
<lastmod>2018-03-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CakeML.html</loc>
<lastmod>2018-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lem/</loc>
<lastmod>2018-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zhang/</loc>
<lastmod>2018-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Architectural_Design_Patterns.html</loc>
<lastmod>2018-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dynamicarchitectures/</loc>
<lastmod>2018-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hoare_Time.html</loc>
<lastmod>2018-02-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/separation_algebra/</loc>
<lastmod>2018-02-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LLL_Factorization.html</loc>
<lastmod>2018-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/comparison_sort_lower_bound/</loc>
<lastmod>2018-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/First_Order_Terms.html</loc>
<lastmod>2018-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/landau_symbols/</loc>
<lastmod>2018-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Error_Function.html</loc>
<lastmod>2018-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Treaps.html</loc>
<lastmod>2018-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LLL_Basis_Reduction.html</loc>
<lastmod>2018-02-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ordered_Resolution_Prover.html</loc>
<lastmod>2018-01-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/waldmann/</loc>
<lastmod>2018-01-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gouezel/</loc>
<lastmod>2018-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gromov_Hyperbolicity.html</loc>
<lastmod>2018-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Green.html</loc>
<lastmod>2018-01-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/affine_arithmetic/</loc>
<lastmod>2018-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Taylor_Models.html</loc>
<lastmod>2018-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/traut/</loc>
<lastmod>2018-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/discrete_summation/</loc>
<lastmod>2017-12-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Falling_Factorial_Sum.html</loc>
<lastmod>2017-12-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dirichlet_L.html</loc>
<lastmod>2017-12-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/finitely_generated_abelian_groups/</loc>
<lastmod>2017-12-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Mason_Stothers.html</loc>
<lastmod>2017-12-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Median_Of_Medians_Selection.html</loc>
<lastmod>2017-12-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BNF_Operations.html</loc>
<lastmod>2017-12-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hellauer/</loc>
<lastmod>2017-12-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Knuth_Morris_Pratt.html</loc>
<lastmod>2017-12-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stochastic_Matrices.html</loc>
<lastmod>2017-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/crdt/</loc>
<lastmod>2017-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jungnickel/</loc>
<lastmod>2017-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/loibl/</loc>
<lastmod>2017-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/oldenburg/</loc>
<lastmod>2017-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IMAP-CRDT.html</loc>
<lastmod>2017-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</loc>
<lastmod>2017-11-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/linker/</loc>
<lastmod>2017-11-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gioiosa/</loc>
<lastmod>2017-10-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Kuratowski_Closure_Complement.html</loc>
<lastmod>2017-10-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Buchi_Complementation.html</loc>
<lastmod>2017-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dfs_framework/</loc>
<lastmod>2017-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/gabow_scc/</loc>
<lastmod>2017-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Transition_Systems_and_Automata.html</loc>
<lastmod>2017-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Count_Complex_Roots.html</loc>
<lastmod>2017-10-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Winding_Number_Eval.html</loc>
<lastmod>2017-10-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/winding_number_eval/</loc>
<lastmod>2017-10-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Diophantine_Eqns_Lin_Hom.html</loc>
<lastmod>2017-10-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/messner/</loc>
<lastmod>2017-10-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schoepf/</loc>
<lastmod>2017-10-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/count_complex_roots/</loc>
<lastmod>2017-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dirichlet_Series.html</loc>
<lastmod>2017-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/euler_maclaurin/</loc>
<lastmod>2017-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Linear_Recurrences.html</loc>
<lastmod>2017-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/linear_recurrences/</loc>
<lastmod>2017-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Zeta_Function.html</loc>
<lastmod>2017-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lowe_Ontological_Argument.html</loc>
<lastmod>2017-09-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kirchner/</loc>
<lastmod>2017-09-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PLM.html</loc>
<lastmod>2017-09-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AnselmGod.html</loc>
<lastmod>2017-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/First_Welfare_Theorem.html</loc>
<lastmod>2017-09-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/amortized_complexity/</loc>
<lastmod>2017-08-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Orbit_Stabiliser.html</loc>
<lastmod>2017-08-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Root_Balanced_Tree.html</loc>
<lastmod>2017-08-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/matache/</loc>
<lastmod>2017-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LambdaMu.html</loc>
<lastmod>2017-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stewart_Apollonius.html</loc>
<lastmod>2017-07-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/triangle/</loc>
<lastmod>2017-07-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DynamicArchitectures.html</loc>
<lastmod>2017-07-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Decl_Sem_Fun_PL.html</loc>
<lastmod>2017-07-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/siek/</loc>
<lastmod>2017-07-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/breitner/</loc>
<lastmod>2017-07-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HOLCF-Prelude.html</loc>
<lastmod>2017-07-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/huffman/</loc>
<lastmod>2017-07-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/mitchell/</loc>
<lastmod>2017-07-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Minkowskis_Theorem.html</loc>
<lastmod>2017-07-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rawson/</loc>
<lastmod>2017-07-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Name_Carrying_Type_Inference.html</loc>
<lastmod>2017-07-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CRDT.html</loc>
<lastmod>2017-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stone_Kleene_Relation_Algebras.html</loc>
<lastmod>2017-07-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/stone_relation_algebras/</loc>
<lastmod>2017-07-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Propositional_Proof_Systems.html</loc>
<lastmod>2017-06-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dongol/</loc>
<lastmod>2017-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hayes/</loc>
<lastmod>2017-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PSemigroupsConvolution.html</loc>
<lastmod>2017-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Buffons_Needle.html</loc>
<lastmod>2017-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/cava_automata/</loc>
<lastmod>2017-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Flow_Networks.html</loc>
<lastmod>2017-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/flow_networks/</loc>
<lastmod>2017-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Prpu_Maxflow.html</loc>
<lastmod>2017-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/program-conflict-analysis/</loc>
<lastmod>2017-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Optics.html</loc>
<lastmod>2017-05-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Security_Protocol_Refinement.html</loc>
<lastmod>2017-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dict_Construction.html</loc>
<lastmod>2017-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lazy_case/</loc>
<lastmod>2017-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/somaini/</loc>
<lastmod>2017-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Floyd_Warshall.html</loc>
<lastmod>2017-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/applicative_lifting/</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bhatt/</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CryptHOL.html</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Monomorphic_Monad.html</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Game_Based_Crypto.html</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/mfmc_countable/</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Monad_Normalisation.html</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/monomorphic_monad/</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Probabilistic_While.html</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/probabilistic_while/</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/category3/</loc>
<lastmod>2017-05-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MonoidalCategory.html</loc>
<lastmod>2017-05-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Types_Tableaus_and_Goedels_God.html</loc>
<lastmod>2017-05-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LocalLexing.html</loc>
<lastmod>2017-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/obua/</loc>
<lastmod>2017-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Constructor_Funs.html</loc>
<lastmod>2017-04-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lazy_Case.html</loc>
<lastmod>2017-04-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Subresultants.html</loc>
<lastmod>2017-04-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Random_BSTs.html</loc>
<lastmod>2017-04-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/quick_sort_cost/</loc>
<lastmod>2017-04-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Comparison_Sort_Lower_Bound.html</loc>
<lastmod>2017-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/regular-sets/</loc>
<lastmod>2017-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Quick_Sort_Cost.html</loc>
<lastmod>2017-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Euler_MacLaurin.html</loc>
<lastmod>2017-03-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/berghofer/</loc>
<lastmod>2017-02-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Elliptic_Curves_Group_Law.html</loc>
<lastmod>2017-02-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dittmann/</loc>
<lastmod>2017-02-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Menger.html</loc>
<lastmod>2017-02-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Differential_Dynamic_Logic.html</loc>
<lastmod>2017-02-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Abstract_Soundness.html</loc>
<lastmod>2017-02-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stone_Relation_Algebras.html</loc>
<lastmod>2017-02-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lallemand/</loc>
<lastmod>2017-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Key_Agreement_Strong_Adversaries.html</loc>
<lastmod>2017-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Bernoulli.html</loc>
<lastmod>2017-01-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Bertrands_Postulate.html</loc>
<lastmod>2017-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/formal_ssa/</loc>
<lastmod>2017-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lohner/</loc>
<lastmod>2017-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Minimal_SSA.html</loc>
<lastmod>2017-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wagner/</loc>
<lastmod>2017-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/E_Transcendental.html</loc>
<lastmod>2017-01-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bruegger/</loc>
<lastmod>2017-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/UPF_Firewall.html</loc>
<lastmod>2017-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/upf/</loc>
<lastmod>2017-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Password_Authentication_Protocol.html</loc>
<lastmod>2017-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FOL_Harrison.html</loc>
<lastmod>2017-01-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jensen/</loc>
<lastmod>2017-01-01T00:00:00+00:00</lastmod>
</url><url>
- <loc>/authors/villadsen/</loc>
- <lastmod>2017-01-01T00:00:00+00:00</lastmod>
- </url><url>
<loc>/entries/Concurrent_Ref_Alg.html</loc>
<lastmod>2016-12-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fell/</loc>
<lastmod>2016-12-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/velykis/</loc>
<lastmod>2016-12-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/bell_numbers_spivey/</loc>
<lastmod>2016-12-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/card_multisets/</loc>
<lastmod>2016-12-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/card_number_partitions/</loc>
<lastmod>2016-12-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Twelvefold_Way.html</loc>
<lastmod>2016-12-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nagashima/</loc>
<lastmod>2016-12-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Proof_Strategy_Language.html</loc>
<lastmod>2016-12-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Paraconsistency.html</loc>
<lastmod>2016-12-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/amani/</loc>
<lastmod>2016-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/andronick/</loc>
<lastmod>2016-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Complx.html</loc>
<lastmod>2016-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lewis/</loc>
<lastmod>2016-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rizkallah/</loc>
<lastmod>2016-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tuongj/</loc>
<lastmod>2016-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Abs_Int_ITP2012.html</loc>
<lastmod>2016-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/clouston/</loc>
<lastmod>2016-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gore/</loc>
<lastmod>2016-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hou/</loc>
<lastmod>2016-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sanan/</loc>
<lastmod>2016-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Separata.html</loc>
<lastmod>2016-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tiu/</loc>
<lastmod>2016-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/becker/</loc>
<lastmod>2016-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lambda_Free_KBOs.html</loc>
<lastmod>2016-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Nested_Multisets_Ordinals.html</loc>
<lastmod>2016-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ordinal/</loc>
<lastmod>2016-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wand/</loc>
<lastmod>2016-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Deep_Learning.html</loc>
<lastmod>2016-11-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/borgstroem/</loc>
<lastmod>2016-10-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/eriksson/</loc>
<lastmod>2016-10-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gutkovas/</loc>
<lastmod>2016-10-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Modal_Logics_for_NTS.html</loc>
<lastmod>2016-10-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/parrow/</loc>
<lastmod>2016-10-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/weber/</loc>
<lastmod>2016-10-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stable_Matching.html</loc>
<lastmod>2016-10-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/iptables_semantics/</loc>
<lastmod>2016-10-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LOFT.html</loc>
<lastmod>2016-10-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SPARCv8.html</loc>
<lastmod>2016-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hibon/</loc>
<lastmod>2016-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/liuy/</loc>
<lastmod>2016-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Source_Coding_Theorem.html</loc>
<lastmod>2016-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/efficient-mergesort/</loc>
<lastmod>2016-10-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/subresultants/</loc>
<lastmod>2016-10-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Berlekamp_Zassenhaus.html</loc>
<lastmod>2016-10-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Chord_Segments.html</loc>
<lastmod>2016-10-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lp.html</loc>
<lastmod>2016-10-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Fisher_Yates.html</loc>
<lastmod>2016-09-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Allen_Calculus.html</loc>
<lastmod>2016-09-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ghourabi/</loc>
<lastmod>2016-09-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lambda_Free_RPOs.html</loc>
<lastmod>2016-09-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Iptables_Semantics.html</loc>
<lastmod>2016-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/iptables_semantics_examples/</loc>
<lastmod>2016-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/routing/</loc>
<lastmod>2016-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SuperCalc.html</loc>
<lastmod>2016-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/peltier/</loc>
<lastmod>2016-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stone_Algebras.html</loc>
<lastmod>2016-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stirling_Formula.html</loc>
<lastmod>2016-09-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Routing.html</loc>
<lastmod>2016-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/simple_firewall/</loc>
<lastmod>2016-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ip_addresses/</loc>
<lastmod>2016-08-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Simple_Firewall.html</loc>
<lastmod>2016-08-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/aissat/</loc>
<lastmod>2016-08-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/InfPathElimination.html</loc>
<lastmod>2016-08-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/voisin/</loc>
<lastmod>2016-08-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/EdmondsKarp_Maxflow.html</loc>
<lastmod>2016-08-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/collections_examples/</loc>
<lastmod>2016-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dijkstra_shortest_path/</loc>
<lastmod>2016-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/separation_logic_imperative_hol/</loc>
<lastmod>2016-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sepref_basic/</loc>
<lastmod>2016-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Refine_Imperative_HOL.html</loc>
<lastmod>2016-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ptolemys_Theorem.html</loc>
<lastmod>2016-08-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Surprise_Paradox.html</loc>
<lastmod>2016-07-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brinkop/</loc>
<lastmod>2016-07-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pairing_Heap.html</loc>
<lastmod>2016-07-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DFS_Framework.html</loc>
<lastmod>2016-07-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/neumann/</loc>
<lastmod>2016-07-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Buildings.html</loc>
<lastmod>2016-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sylvestre/</loc>
<lastmod>2016-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nagele/</loc>
<lastmod>2016-06-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/oostrom/</loc>
<lastmod>2016-06-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Resolution_FOL.html</loc>
<lastmod>2016-06-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Rewriting_Z.html</loc>
<lastmod>2016-06-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dependent_SIFUM_Refinement.html</loc>
<lastmod>2016-06-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dependent_sifum_type_systems/</loc>
<lastmod>2016-06-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IP_Addresses.html</loc>
<lastmod>2016-06-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/pierzchalski/</loc>
<lastmod>2016-06-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sison/</loc>
<lastmod>2016-06-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Card_Multisets.html</loc>
<lastmod>2016-06-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Category3.html</loc>
<lastmod>2016-06-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dependent_SIFUM_Type_Systems.html</loc>
<lastmod>2016-06-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Catalan_Numbers.html</loc>
<lastmod>2016-06-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Algebraic_VCs.html</loc>
<lastmod>2016-06-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Noninterference_Concurrent_Composition.html</loc>
<lastmod>2016-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/noninterference_sequential_composition/</loc>
<lastmod>2016-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/beeren/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fernandez/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Word_Lib.html</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gao/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/klein/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kolanski/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lim/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/matichuk/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sewell/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Tree_Decomposition.html</loc>
<lastmod>2016-05-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ausaf/</loc>
<lastmod>2016-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Card_Equiv_Relations.html</loc>
<lastmod>2016-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dyckhoff/</loc>
<lastmod>2016-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Posix-Lexing.html</loc>
<lastmod>2016-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kuncar/</loc>
<lastmod>2016-05-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Perron_Frobenius.html</loc>
<lastmod>2016-05-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/rank_nullity_theorem/</loc>
<lastmod>2016-05-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Incredible_Proof_Machine.html</loc>
<lastmod>2016-05-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FLP.html</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bisping/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brodmann/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nestmann/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/peters/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rickmann/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/seidler/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stueber/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/weidner/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MFMC_Countable.html</loc>
<lastmod>2016-05-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/edmondskarp_maxflow/</loc>
<lastmod>2016-05-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Randomised_Social_Choice.html</loc>
<lastmod>2016-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Bell_Numbers_Spivey.html</loc>
<lastmod>2016-05-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SDS_Impossibility.html</loc>
<lastmod>2016-05-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Groebner_Bases.html</loc>
<lastmod>2016-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nemeti/</loc>
<lastmod>2016-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/No_FTL_observers.html</loc>
<lastmod>2016-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stannett/</loc>
<lastmod>2016-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CYK.html</loc>
<lastmod>2016-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ROBDD.html</loc>
<lastmod>2016-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Noninterference_Sequential_Composition.html</loc>
<lastmod>2016-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/noninterference_ipurge_unwinding/</loc>
<lastmod>2016-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/KAD.html</loc>
<lastmod>2016-04-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PropResPI.html</loc>
<lastmod>2016-03-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Cartan_FP.html</loc>
<lastmod>2016-03-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Timed_Automata.html</loc>
<lastmod>2016-03-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/boolean_expression_checkers/</loc>
<lastmod>2016-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LTL.html</loc>
<lastmod>2016-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/List_Update.html</loc>
<lastmod>2016-02-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/slicing/</loc>
<lastmod>2016-02-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ullrich/</loc>
<lastmod>2016-02-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Formal_SSA.html</loc>
<lastmod>2016-02-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/partial_function_mr/</loc>
<lastmod>2016-01-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Polynomial_Factorization.html</loc>
<lastmod>2016-01-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Polynomial_Interpolation.html</loc>
<lastmod>2016-01-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sqrt_babylonian/</loc>
<lastmod>2016-01-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Knot_Theory.html</loc>
<lastmod>2016-01-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/prathamesh/</loc>
<lastmod>2016-01-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Matrix_Tensor.html</loc>
<lastmod>2016-01-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Card_Number_Partitions.html</loc>
<lastmod>2016-01-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Triangle.html</loc>
<lastmod>2015-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Descartes_Sign_Rule.html</loc>
<lastmod>2015-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Liouville_Numbers.html</loc>
<lastmod>2015-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Prime_Harmonic_Series.html</loc>
<lastmod>2015-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Algebraic_Numbers.html</loc>
<lastmod>2015-12-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Applicative_Lifting.html</loc>
<lastmod>2015-12-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stern_Brocot.html</loc>
<lastmod>2015-12-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Card_Partitions.html</loc>
<lastmod>2015-12-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Latin_Square.html</loc>
<lastmod>2015-12-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/marriage/</loc>
<lastmod>2015-12-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ergodic_Theory.html</loc>
<lastmod>2015-12-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Euler_Partition.html</loc>
<lastmod>2015-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/TortoiseHare.html</loc>
<lastmod>2015-11-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/case_labeling/</loc>
<lastmod>2015-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/noschinski/</loc>
<lastmod>2015-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Planarity_Certificates.html</loc>
<lastmod>2015-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/simpl/</loc>
<lastmod>2015-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/transitive-closure/</loc>
<lastmod>2015-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Parity_Game.html</loc>
<lastmod>2015-11-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Isabelle_Meta_Model.html</loc>
<lastmod>2015-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LTL_to_DRA.html</loc>
<lastmod>2015-09-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/kbps/</loc>
<lastmod>2015-09-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Jordan_Normal_Form.html</loc>
<lastmod>2015-08-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Decreasing-Diagrams-II.html</loc>
<lastmod>2015-08-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Noninterference_Inductive_Unwinding.html</loc>
<lastmod>2015-08-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Rep_Fin_Groups.html</loc>
<lastmod>2015-08-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Encodability_Process_Calculi.html</loc>
<lastmod>2015-08-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/glabbeek/</loc>
<lastmod>2015-08-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Case_Labeling.html</loc>
<lastmod>2015-07-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Landau_Symbols.html</loc>
<lastmod>2015-07-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Akra_Bazzi.html</loc>
<lastmod>2015-07-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/echelon_form/</loc>
<lastmod>2015-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hermite.html</loc>
<lastmod>2015-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Derangements.html</loc>
<lastmod>2015-06-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Multirelations.html</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/furusawa/</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/list_interleaving/</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/noninterference_csp/</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/List_Interleaving.html</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Noninterference_Generic_Unwinding.html</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Noninterference_Ipurge_Unwinding.html</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dynamic_Tables.html</loc>
<lastmod>2015-06-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/coinductive_languages/</loc>
<lastmod>2015-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Formula_Derivatives.html</loc>
<lastmod>2015-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/formula_derivatives/</loc>
<lastmod>2015-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Probabilistic_System_Zoo.html</loc>
<lastmod>2015-05-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/caminati/</loc>
<lastmod>2015-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kerber/</loc>
<lastmod>2015-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lange/</loc>
<lastmod>2015-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rowat/</loc>
<lastmod>2015-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Vickrey_Clarke_Groves.html</loc>
<lastmod>2015-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Residuated_Lattices.html</loc>
<lastmod>2015-04-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ConcurrentIMP.html</loc>
<lastmod>2015-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/concurrentimp/</loc>
<lastmod>2015-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/engelhardt/</loc>
<lastmod>2015-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hosking/</loc>
<lastmod>2015-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ConcurrentGC.html</loc>
<lastmod>2015-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Trie.html</loc>
<lastmod>2015-03-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Consensus_Refined.html</loc>
<lastmod>2015-03-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/heard_of/</loc>
<lastmod>2015-03-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Deriving.html</loc>
<lastmod>2015-03-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/launchbury/</loc>
<lastmod>2015-02-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Call_Arity.html</loc>
<lastmod>2015-02-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/cayley_hamilton/</loc>
<lastmod>2015-02-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Echelon_Form.html</loc>
<lastmod>2015-02-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/QR_Decomposition.html</loc>
<lastmod>2015-02-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Finite_Automata_HF.html</loc>
<lastmod>2015-02-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/UpDown_Scheme.html</loc>
<lastmod>2015-01-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/UPF.html</loc>
<lastmod>2014-11-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/awn/</loc>
<lastmod>2014-10-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bourke/</loc>
<lastmod>2014-10-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AODV.html</loc>
<lastmod>2014-10-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lifting_Definition_Option.html</loc>
<lastmod>2014-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/maximova/</loc>
<lastmod>2014-10-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stream_Fusion_Code.html</loc>
<lastmod>2014-10-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Density_Compiler.html</loc>
<lastmod>2014-10-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/RefinementReactive.html</loc>
<lastmod>2014-10-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/preoteasa/</loc>
<lastmod>2014-10-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Certification_Monads.html</loc>
<lastmod>2014-10-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/XML.html</loc>
<lastmod>2014-10-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Imperative_Insertion_Sort.html</loc>
<lastmod>2014-09-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sturm_Tarski.html</loc>
<lastmod>2014-09-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/adelsberger/</loc>
<lastmod>2014-09-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hetzl/</loc>
<lastmod>2014-09-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/pollak/</loc>
<lastmod>2014-09-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Cayley_Hamilton.html</loc>
<lastmod>2014-09-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/raumer/</loc>
<lastmod>2014-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/secondary_sylow/</loc>
<lastmod>2014-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Jordan_Hoelder.html</loc>
<lastmod>2014-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Priority_Queue_Braun.html</loc>
<lastmod>2014-09-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gauss_Jordan.html</loc>
<lastmod>2014-09-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lee/</loc>
<lastmod>2014-08-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Special_Function_Bounds.html</loc>
<lastmod>2014-08-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/VectorSpace.html</loc>
<lastmod>2014-08-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Skew_Heap.html</loc>
<lastmod>2014-08-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Splay_Tree.html</loc>
<lastmod>2014-08-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Show.html</loc>
<lastmod>2014-07-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/blasum/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/feliachi/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CISC-Kernel.html</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/havle/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/langenstein/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schmaltz/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stephan/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tverdyshev/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/cock/</loc>
<lastmod>2014-07-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/pGCL.html</loc>
<lastmod>2014-07-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Amortized_Complexity.html</loc>
<lastmod>2014-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/skew_heap/</loc>
<lastmod>2014-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/splay_tree/</loc>
<lastmod>2014-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Network_Security_Policy_Verification.html</loc>
<lastmod>2014-07-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/coglio/</loc>
<lastmod>2014-07-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pop_Refinement.html</loc>
<lastmod>2014-07-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MSO_Regex_Equivalence.html</loc>
<lastmod>2014-06-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Boolean_Expression_Checkers.html</loc>
<lastmod>2014-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CAVA_LTL_Modelchecker.html</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/cava_base/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/cava_setup/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LTL_to_GBA.html</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/esparza/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ltl_to_gba/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/partial_order_reduction/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/promela/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Promela.html</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schimpf/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sm/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sm_base/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/smaus/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CAVA_Automata.html</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gabow_SCC.html</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Noninterference_CSP.html</loc>
<lastmod>2014-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Roy_Floyd_Warshall.html</loc>
<lastmod>2014-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wenzel/</loc>
<lastmod>2014-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Regular_Algebras.html</loc>
<lastmod>2014-05-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ComponentDependencies.html</loc>
<lastmod>2014-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/spichkova/</loc>
<lastmod>2014-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SIFUM_Type_Systems.html</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/WHATandWHERE_Security.html</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Strong_Security.html</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lux/</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sauer/</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schoepe/</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/strong_security/</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Bounded_Deducibility_Security.html</loc>
<lastmod>2014-04-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HyperCTL.html</loc>
<lastmod>2014-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Abstract_Completeness.html</loc>
<lastmod>2014-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rabe/</loc>
<lastmod>2014-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Discrete_Summation.html</loc>
<lastmod>2014-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/haftmann/</loc>
<lastmod>2014-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/GPU_Kernel_PL.html</loc>
<lastmod>2014-04-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wickerson/</loc>
<lastmod>2014-04-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Probabilistic_Noninterference.html</loc>
<lastmod>2014-03-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AWN.html</loc>
<lastmod>2014-03-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Partial_Function_MR.html</loc>
<lastmod>2014-02-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Random_Graph_Subgraph_Threshold.html</loc>
<lastmod>2014-02-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/petrovic/</loc>
<lastmod>2014-02-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Selection_Heap_Sort.html</loc>
<lastmod>2014-02-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Affine_Arithmetic.html</loc>
<lastmod>2014-02-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Real_Impl.html</loc>
<lastmod>2014-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Regex_Equivalence.html</loc>
<lastmod>2014-01-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Secondary_Sylow.html</loc>
<lastmod>2014-01-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/armstrong/</loc>
<lastmod>2014-01-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relation_Algebra.html</loc>
<lastmod>2014-01-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/KAT_and_DRA.html</loc>
<lastmod>2014-01-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Featherweight_OCL.html</loc>
<lastmod>2014-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CryptoBasedCompositionalProperties.html</loc>
<lastmod>2014-01-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sturm_Sequences.html</loc>
<lastmod>2014-01-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Tail_Recursive_Functions.html</loc>
<lastmod>2013-12-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Incompleteness.html</loc>
<lastmod>2013-11-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HereditarilyFinite.html</loc>
<lastmod>2013-11-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Coinductive_Languages.html</loc>
<lastmod>2013-11-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FocusStreamsCaseStudies.html</loc>
<lastmod>2013-11-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/GoedelGod.html</loc>
<lastmod>2013-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/paleo/</loc>
<lastmod>2013-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Decreasing-Diagrams.html</loc>
<lastmod>2013-11-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zankl/</loc>
<lastmod>2013-11-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Automatic_Refinement.html</loc>
<lastmod>2013-10-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Native_Word.html</loc>
<lastmod>2013-09-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IEEE_Floating_Point.html</loc>
<lastmod>2013-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/yu/</loc>
<lastmod>2013-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lehmer/</loc>
<lastmod>2013-07-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lehmer.html</loc>
<lastmod>2013-07-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pratt_Certificate.html</loc>
<lastmod>2013-07-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Koenigsberg_Friendship.html</loc>
<lastmod>2013-07-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sort_Encodings.html</loc>
<lastmod>2013-06-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ShortestPath.html</loc>
<lastmod>2013-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Graph_Theory.html</loc>
<lastmod>2013-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/finger-trees/</loc>
<lastmod>2013-04-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Containers.html</loc>
<lastmod>2013-04-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/trie/</loc>
<lastmod>2013-04-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Nominal2.html</loc>
<lastmod>2013-02-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Launchbury.html</loc>
<lastmod>2013-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ribbon_Proofs.html</loc>
<lastmod>2013-01-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Rank_Nullity_Theorem.html</loc>
<lastmod>2013-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Kleene_Algebra.html</loc>
<lastmod>2013-01-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/cauchy/</loc>
<lastmod>2013-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sqrt_Babylonian.html</loc>
<lastmod>2013-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Separation_Logic_Imperative_HOL.html</loc>
<lastmod>2012-11-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/meis/</loc>
<lastmod>2012-11-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ogawa/</loc>
<lastmod>2012-11-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Open_Induction.html</loc>
<lastmod>2012-11-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/makarios/</loc>
<lastmod>2012-10-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Tarskis_Geometry.html</loc>
<lastmod>2012-10-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/avigad/</loc>
<lastmod>2012-10-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Bondy.html</loc>
<lastmod>2012-10-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Possibilistic_Noninterference.html</loc>
<lastmod>2012-09-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Datatype_Order_Generator.html</loc>
<lastmod>2012-08-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Impossible_Geometry.html</loc>
<lastmod>2012-08-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/romanos/</loc>
<lastmod>2012-08-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/debrat/</loc>
<lastmod>2012-07-27T00:00:00+00:00</lastmod>
</url><url>
- <loc>/authors/merz/</loc>
- <lastmod>2012-07-27T00:00:00+00:00</lastmod>
- </url><url>
<loc>/entries/Heard_Of.html</loc>
<lastmod>2012-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PCF.html</loc>
<lastmod>2012-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Tycon.html</loc>
<lastmod>2012-06-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bengtson/</loc>
<lastmod>2012-05-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CCS.html</loc>
<lastmod>2012-05-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Psi_Calculi.html</loc>
<lastmod>2012-05-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pi_Calculus.html</loc>
<lastmod>2012-05-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gaudel/</loc>
<lastmod>2012-05-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Circus.html</loc>
<lastmod>2012-05-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/boyton/</loc>
<lastmod>2012-05-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Separation_Algebra.html</loc>
<lastmod>2012-05-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stuttering_Equivalence.html</loc>
<lastmod>2012-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bella/</loc>
<lastmod>2012-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Inductive_Confidentiality.html</loc>
<lastmod>2012-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lorenz_approximation/</loc>
<lastmod>2012-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ordinary_Differential_Equations.html</loc>
<lastmod>2012-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Well_Quasi_Orders.html</loc>
<lastmod>2012-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Abortable_Linearizable_Modules.html</loc>
<lastmod>2012-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/guerraoui/</loc>
<lastmod>2012-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kuncak/</loc>
<lastmod>2012-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Transitive-Closure-II.html</loc>
<lastmod>2012-02-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Girth_Chromatic.html</loc>
<lastmod>2012-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dijkstra_Shortest_Path.html</loc>
<lastmod>2012-01-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Refine_Monadic.html</loc>
<lastmod>2012-01-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/gauss-jordan-elim-fun/</loc>
<lastmod>2012-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Markov_Models.html</loc>
<lastmod>2012-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/TLA.html</loc>
<lastmod>2011-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/grov/</loc>
<lastmod>2011-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Efficient-Mergesort.html</loc>
<lastmod>2011-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MonoBoolTranAlgebra.html</loc>
<lastmod>2011-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/georgescu/</loc>
<lastmod>2011-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LatticeProperties.html</loc>
<lastmod>2011-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/latticeproperties/</loc>
<lastmod>2011-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/leustean/</loc>
<lastmod>2011-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PseudoHoops.html</loc>
<lastmod>2011-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Myhill-Nerode.html</loc>
<lastmod>2011-08-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wu/</loc>
<lastmod>2011-08-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gauss-Jordan-Elim-Fun.html</loc>
<lastmod>2011-08-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Max-Card-Matching.html</loc>
<lastmod>2011-07-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/KBPs.html</loc>
<lastmod>2011-05-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/General-Triangle.html</loc>
<lastmod>2011-04-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Transitive-Closure.html</loc>
<lastmod>2011-03-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AutoFocus-Stream.html</loc>
<lastmod>2011-02-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/List-Infinite.html</loc>
<lastmod>2011-02-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Nat-Interval-Logic.html</loc>
<lastmod>2011-02-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/list-infinite/</loc>
<lastmod>2011-02-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/nat-interval-logic/</loc>
<lastmod>2011-02-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/trachtenherz/</loc>
<lastmod>2011-02-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LightweightJava.html</loc>
<lastmod>2011-02-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/parkinson/</loc>
<lastmod>2011-02-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/strnisa/</loc>
<lastmod>2011-02-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/RIPEMD-160-SPARK.html</loc>
<lastmod>2011-01-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/grechuk/</loc>
<lastmod>2011-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lower_Semicontinuous.html</loc>
<lastmod>2011-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Marriage.html</loc>
<lastmod>2010-12-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jiangd/</loc>
<lastmod>2010-12-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Shivers-CFA.html</loc>
<lastmod>2010-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Binomial-Heaps.html</loc>
<lastmod>2010-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Finger-Trees.html</loc>
<lastmod>2010-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Binomial-Queues.html</loc>
<lastmod>2010-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/koerner/</loc>
<lastmod>2010-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nielsen/</loc>
<lastmod>2010-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/doczkal/</loc>
<lastmod>2010-08-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lam-ml-Normalization.html</loc>
<lastmod>2010-08-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Polynomials.html</loc>
<lastmod>2010-08-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Statecharts.html</loc>
<lastmod>2010-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/helke/</loc>
<lastmod>2010-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Free-Groups.html</loc>
<lastmod>2010-06-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Category2.html</loc>
<lastmod>2010-06-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/katovsky/</loc>
<lastmod>2010-06-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Matrix.html</loc>
<lastmod>2010-06-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Abstract-Rewriting.html</loc>
<lastmod>2010-06-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/back/</loc>
<lastmod>2010-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/datarefinementibp/</loc>
<lastmod>2010-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DataRefinementIBP.html</loc>
<lastmod>2010-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/GraphMarkingIBP.html</loc>
<lastmod>2010-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Robbins-Conjecture.html</loc>
<lastmod>2010-05-22T00:00:00+00:00</lastmod>
</url><url>
- <loc>/authors/doty/</loc>
- <lastmod>2010-05-22T00:00:00+00:00</lastmod>
- </url><url>
<loc>/authors/krauss/</loc>
<lastmod>2010-05-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Regular-Sets.html</loc>
<lastmod>2010-05-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/henrio/</loc>
<lastmod>2010-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Locally-Nameless-Sigma.html</loc>
<lastmod>2010-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lutz/</loc>
<lastmod>2010-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sudhof/</loc>
<lastmod>2010-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Free-Boolean-Algebra.html</loc>
<lastmod>2010-03-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hrb-slicing/</loc>
<lastmod>2010-03-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/InformationFlowSlicing.html</loc>
<lastmod>2010-03-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/InformationFlowSlicing_Inter.html</loc>
<lastmod>2010-03-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wasserrab/</loc>
<lastmod>2010-03-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/List-Index.html</loc>
<lastmod>2010-02-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Coinductive.html</loc>
<lastmod>2010-02-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DPT-SAT-Solver.html</loc>
<lastmod>2009-12-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/heller/</loc>
<lastmod>2009-12-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Presburger-Automata.html</loc>
<lastmod>2009-12-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/reiter/</loc>
<lastmod>2009-12-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/binomial-heaps/</loc>
<lastmod>2009-11-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Collections.html</loc>
<lastmod>2009-11-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Tree-Automata.html</loc>
<lastmod>2009-11-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ijbema/</loc>
<lastmod>2009-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Perfect-Number-Thm.html</loc>
<lastmod>2009-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HRB-Slicing.html</loc>
<lastmod>2009-11-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/WorkerWrapper.html</loc>
<lastmod>2009-10-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ordinals_and_Cardinals.html</loc>
<lastmod>2009-09-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/chapman/</loc>
<lastmod>2009-08-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SequentInvertibility.html</loc>
<lastmod>2009-08-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CofGroups.html</loc>
<lastmod>2009-08-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kastermans/</loc>
<lastmod>2009-08-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FinFun.html</loc>
<lastmod>2009-05-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stream-Fusion.html</loc>
<lastmod>2009-04-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BytecodeLogicJmlTypes.html</loc>
<lastmod>2008-12-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/beringer/</loc>
<lastmod>2008-12-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hofmann/</loc>
<lastmod>2008-12-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SIFPL.html</loc>
<lastmod>2008-11-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SenSocialChoice.html</loc>
<lastmod>2008-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FunWithTilings.html</loc>
<lastmod>2008-11-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Huffman.html</loc>
<lastmod>2008-10-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Slicing.html</loc>
<lastmod>2008-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/VolpanoSmith.html</loc>
<lastmod>2008-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/snelting/</loc>
<lastmod>2008-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ArrowImpossibilityGS.html</loc>
<lastmod>2008-09-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FunWithFunctions.html</loc>
<lastmod>2008-08-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SATSolverVerification.html</loc>
<lastmod>2008-07-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nedzelsky/</loc>
<lastmod>2008-04-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Recursion-Theory-I.html</loc>
<lastmod>2008-04-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Simpl.html</loc>
<lastmod>2008-02-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BDD.html</loc>
<lastmod>2008-02-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ortner/</loc>
<lastmod>2008-02-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/aehlig/</loc>
<lastmod>2008-02-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/NormByEval.html</loc>
<lastmod>2008-02-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LinearQuantifierElim.html</loc>
<lastmod>2008-01-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Program-Conflict-Analysis.html</loc>
<lastmod>2007-12-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/olm/</loc>
<lastmod>2007-12-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/JinjaThreads.html</loc>
<lastmod>2007-12-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/boehme/</loc>
<lastmod>2007-11-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MuchAdoAboutTwo.html</loc>
<lastmod>2007-11-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Fermat3_4.html</loc>
<lastmod>2007-08-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/oosterhuis/</loc>
<lastmod>2007-08-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SumSquares.html</loc>
<lastmod>2007-08-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Valuation.html</loc>
<lastmod>2007-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/group-ring-module/</loc>
<lastmod>2007-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kobayashi/</loc>
<lastmod>2007-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FOL-Fitting.html</loc>
<lastmod>2007-08-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/POPLmark-deBruijn.html</loc>
<lastmod>2007-08-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HotelKeyCards.html</loc>
<lastmod>2006-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Abstract-Hoare-Logics.html</loc>
<lastmod>2006-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bauer/</loc>
<lastmod>2006-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Flyspeck-Tame.html</loc>
<lastmod>2006-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/flyspeck-tame/</loc>
<lastmod>2006-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CoreC&#43;&#43;.html</loc>
<lastmod>2006-05-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FeatherweightJava.html</loc>
<lastmod>2006-03-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fosterj/</loc>
<lastmod>2006-03-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/vytiniotis/</loc>
<lastmod>2006-03-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/barsotti/</loc>
<lastmod>2006-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ClockSynchInst.html</loc>
<lastmod>2006-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Cauchy.html</loc>
<lastmod>2006-03-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/porter/</loc>
<lastmod>2006-03-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ordinal.html</loc>
<lastmod>2005-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FFT.html</loc>
<lastmod>2005-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/GenClock.html</loc>
<lastmod>2005-06-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jaskelioff/</loc>
<lastmod>2005-06-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DiskPaxos.html</loc>
<lastmod>2005-06-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/JiveDataStoreModel.html</loc>
<lastmod>2005-06-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rauch/</loc>
<lastmod>2005-06-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Jinja.html</loc>
<lastmod>2005-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lindenberg/</loc>
<lastmod>2005-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/RSAPSS.html</loc>
<lastmod>2005-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wirt/</loc>
<lastmod>2005-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Category.html</loc>
<lastmod>2005-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/keefe/</loc>
<lastmod>2005-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FileRefinement.html</loc>
<lastmod>2004-12-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zee/</loc>
<lastmod>2004-12-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Integration.html</loc>
<lastmod>2004-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/richter/</loc>
<lastmod>2004-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Verified-Prover.html</loc>
<lastmod>2004-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ridge/</loc>
<lastmod>2004-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Completeness.html</loc>
<lastmod>2004-09-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/margetson/</loc>
<lastmod>2004-09-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ramsey-Infinite.html</loc>
<lastmod>2004-09-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Compiling-Exceptions-Correctly.html</loc>
<lastmod>2004-07-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Depth-First-Search.html</loc>
<lastmod>2004-06-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nishihara/</loc>
<lastmod>2004-06-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/chen/</loc>
<lastmod>2004-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Group-Ring-Module.html</loc>
<lastmod>2004-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/murao/</loc>
<lastmod>2004-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/friedrich/</loc>
<lastmod>2004-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lazy-Lists-II.html</loc>
<lastmod>2004-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lazy-lists-ii/</loc>
<lastmod>2004-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Topology.html</loc>
<lastmod>2004-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BinarySearchTree.html</loc>
<lastmod>2004-04-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Functional-Automata.html</loc>
<lastmod>2004-03-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AVL-Trees.html</loc>
<lastmod>2004-03-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MiniML.html</loc>
<lastmod>2004-03-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/naraschewski/</loc>
<lastmod>2004-03-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/pusch/</loc>
<lastmod>2004-03-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/theories/abortable_linearizable_modules/</loc>
</url><url>
<loc>/about/</loc>
</url><url>
<loc>/theories/abs_int_itp2012/</loc>
</url><url>
<loc>/theories/abstract-hoare-logics/</loc>
</url><url>
<loc>/theories/abstract-rewriting/</loc>
</url><url>
<loc>/theories/abstract_completeness/</loc>
</url><url>
<loc>/theories/abstract_soundness/</loc>
</url><url>
<loc>/theories/ackermanns_not_pr/</loc>
</url><url>
<loc>/theories/actuarial_mathematics/</loc>
</url><url>
<loc>/theories/adaptive_state_counting/</loc>
</url><url>
<loc>/theories/ads_functor/</loc>
</url><url>
<loc>/theories/affine_arithmetic/</loc>
</url><url>
<loc>/theories/aggregation_algebras/</loc>
</url><url>
<loc>/theories/ai_planning_languages_semantics/</loc>
</url><url>
<loc>/theories/akra_bazzi/</loc>
</url><url>
<loc>/theories/algebraic_numbers/</loc>
</url><url>
<loc>/theories/algebraic_vcs/</loc>
</url><url>
<loc>/theories/allen_calculus/</loc>
</url><url>
<loc>/theories/amicable_numbers/</loc>
</url><url>
<loc>/theories/amortized_complexity/</loc>
</url><url>
<loc>/theories/anselmgod/</loc>
</url><url>
<loc>/theories/aodv/</loc>
</url><url>
<loc>/theories/applicative_lifting/</loc>
</url><url>
<loc>/theories/approximation_algorithms/</loc>
</url><url>
<loc>/theories/architectural_design_patterns/</loc>
</url><url>
<loc>/theories/aristotles_assertoric_syllogistic/</loc>
</url><url>
<loc>/theories/arith_prog_rel_primes/</loc>
</url><url>
<loc>/theories/arrowimpossibilitygs/</loc>
</url><url>
<loc>/theories/attack_trees/</loc>
</url><url>
<loc>/theories/auto2_hol/</loc>
</url><url>
<loc>/theories/auto2_imperative_hol/</loc>
</url><url>
<loc>/theories/autofocus-stream/</loc>
</url><url>
<loc>/theories/automated_stateful_protocol_verification/</loc>
</url><url>
<loc>/theories/automatic_refinement/</loc>
</url><url>
<loc>/theories/avl-trees/</loc>
</url><url>
<loc>/theories/awn/</loc>
</url><url>
<loc>/theories/axiomaticcategorytheory/</loc>
</url><url>
<loc>/theories/banach_steinhaus/</loc>
</url><url>
<loc>/theories/bd_security_compositional/</loc>
</url><url>
<loc>/theories/bdd/</loc>
</url><url>
<loc>/theories/belief_revision/</loc>
</url><url>
<loc>/theories/bell_numbers_spivey/</loc>
</url><url>
<loc>/theories/benor_kozen_reif/</loc>
</url><url>
<loc>/theories/berlekamp_zassenhaus/</loc>
</url><url>
<loc>/theories/bernoulli/</loc>
</url><url>
<loc>/theories/bertrands_postulate/</loc>
</url><url>
<loc>/theories/bicategory/</loc>
</url><url>
<loc>/theories/binarysearchtree/</loc>
</url><url>
<loc>/theories/binding_syntax_theory/</loc>
</url><url>
<loc>/theories/binomial-heaps/</loc>
</url><url>
<loc>/theories/binomial-queues/</loc>
</url><url>
<loc>/theories/birdkmp/</loc>
</url><url>
<loc>/theories/blue_eyes/</loc>
</url><url>
<loc>/theories/bnf_cc/</loc>
</url><url>
<loc>/theories/bnf_operations/</loc>
</url><url>
<loc>/theories/bondy/</loc>
</url><url>
<loc>/theories/boolean_expression_checkers/</loc>
</url><url>
<loc>/theories/boolos_curious_inference/</loc>
</url><url>
<loc>/theories/bounded_deducibility_security/</loc>
</url><url>
<loc>/theories/btree/</loc>
</url><url>
<loc>/theories/buchi_complementation/</loc>
</url><url>
<loc>/theories/budan_fourier/</loc>
</url><url>
<loc>/theories/buffons_needle/</loc>
</url><url>
<loc>/theories/buildings/</loc>
</url><url>
<loc>/theories/bytecodelogicjmltypes/</loc>
</url><url>
<loc>/theories/c2ka_distributedsystems/</loc>
</url><url>
<loc>/theories/cakeml/</loc>
</url><url>
<loc>/theories/cakeml_codegen/</loc>
</url><url>
<loc>/theories/call_arity/</loc>
</url><url>
<loc>/theories/card_equiv_relations/</loc>
</url><url>
<loc>/theories/card_multisets/</loc>
</url><url>
<loc>/theories/card_number_partitions/</loc>
</url><url>
<loc>/theories/card_partitions/</loc>
</url><url>
<loc>/theories/cartan_fp/</loc>
</url><url>
<loc>/theories/case_labeling/</loc>
</url><url>
<loc>/theories/catalan_numbers/</loc>
</url><url>
<loc>/theories/category/</loc>
</url><url>
<loc>/theories/category2/</loc>
</url><url>
<loc>/theories/category3/</loc>
</url><url>
<loc>/theories/cauchy/</loc>
</url><url>
<loc>/theories/cava_automata/</loc>
</url><url>
<loc>/theories/cava_base/</loc>
</url><url>
<loc>/theories/cava_ltl_modelchecker/</loc>
</url><url>
<loc>/theories/cava_setup/</loc>
</url><url>
<loc>/theories/cayley_hamilton/</loc>
</url><url>
<loc>/theories/ccs/</loc>
</url><url>
<loc>/theories/certification_monads/</loc>
</url><url>
<loc>/theories/chandy_lamport/</loc>
</url><url>
<loc>/theories/chord_segments/</loc>
</url><url>
<loc>/theories/circus/</loc>
</url><url>
<loc>/theories/cisc-kernel/</loc>
</url><url>
<loc>/theories/clean/</loc>
</url><url>
<loc>/theories/clique_and_monotone_circuits/</loc>
</url><url>
<loc>/theories/clocksynchinst/</loc>
</url><url>
<loc>/theories/closest_pair_points/</loc>
</url><url>
<loc>/theories/cocon/</loc>
</url><url>
<loc>/theories/cofgroups/</loc>
</url><url>
<loc>/theories/coinductive/</loc>
</url><url>
<loc>/theories/coinductive_languages/</loc>
</url><url>
<loc>/theories/collections/</loc>
</url><url>
<loc>/theories/collections_examples/</loc>
</url><url>
<loc>/theories/combinable_wands/</loc>
</url><url>
<loc>/theories/combinatorics_words/</loc>
</url><url>
<loc>/theories/combinatorics_words_graph_lemma/</loc>
</url><url>
<loc>/theories/combinatorics_words_lyndon/</loc>
</url><url>
<loc>/theories/commuting_hermitian/</loc>
</url><url>
<loc>/theories/comparison_sort_lower_bound/</loc>
</url><url>
<loc>/theories/compiling-exceptions-correctly/</loc>
</url><url>
<loc>/theories/complete_non_orders/</loc>
</url><url>
<loc>/theories/completeness/</loc>
</url><url>
<loc>/theories/complex_bounded_operators/</loc>
</url><url>
<loc>/theories/complex_geometry/</loc>
</url><url>
<loc>/theories/complx/</loc>
</url><url>
<loc>/theories/componentdependencies/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/approximation/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/concurrent/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/distributed/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/geometry/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/graph/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/mathematical/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/online/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/optimization/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/quantum-computing/</loc>
</url><url>
<loc>/topics/computer-science/artificial-intelligence/</loc>
</url><url>
<loc>/topics/computer-science/automata-and-formal-languages/</loc>
</url><url>
<loc>/topics/computer-science/concurrency/</loc>
</url><url>
<loc>/topics/computer-science/concurrency/process-calculi/</loc>
</url><url>
<loc>/topics/computer-science/data-structures/</loc>
</url><url>
<loc>/topics/computer-science/functional-programming/</loc>
</url><url>
<loc>/topics/computer-science/hardware/</loc>
</url><url>
<loc>/topics/computer-science/machine-learning/</loc>
</url><url>
<loc>/topics/computer-science/networks/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/compiling/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/lambda-calculi/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/language-definitions/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/logics/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/misc/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/static-analysis/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/type-systems/</loc>
</url><url>
<loc>/topics/computer-science/security/</loc>
</url><url>
<loc>/topics/computer-science/security/cryptography/</loc>
</url><url>
<loc>/topics/computer-science/semantics-and-reasoning/</loc>
</url><url>
<loc>/topics/computer-science/system-description-languages/</loc>
</url><url>
<loc>/theories/concurrent_ref_alg/</loc>
</url><url>
<loc>/theories/concurrent_revisions/</loc>
</url><url>
<loc>/theories/concurrentgc/</loc>
</url><url>
<loc>/theories/concurrentimp/</loc>
</url><url>
<loc>/theories/conditional_simplification/</loc>
</url><url>
<loc>/theories/conditional_transfer_rule/</loc>
</url><url>
<loc>/theories/consensus_refined/</loc>
</url><url>
<loc>/theories/constructive_cryptography/</loc>
</url><url>
<loc>/theories/constructive_cryptography_cm/</loc>
</url><url>
<loc>/theories/constructor_funs/</loc>
</url><url>
<loc>/theories/containers/</loc>
</url><url>
<loc>/theories/containers-benchmarks/</loc>
</url><url>
<loc>/theories/core_dom/</loc>
</url><url>
<loc>/theories/core_sc_dom/</loc>
</url><url>
<loc>/theories/corec&#43;&#43;/</loc>
</url><url>
<loc>/theories/correctness_algebras/</loc>
</url><url>
<loc>/theories/cosmed/</loc>
</url><url>
<loc>/theories/cosmedis/</loc>
</url><url>
<loc>/theories/cotangent_pfd_formula/</loc>
</url><url>
<loc>/theories/count_complex_roots/</loc>
</url><url>
<loc>/theories/crdt/</loc>
</url><url>
<loc>/theories/crypthol/</loc>
</url><url>
<loc>/theories/cryptobasedcompositionalproperties/</loc>
</url><url>
<loc>/theories/crystals-kyber/</loc>
</url><url>
<loc>/theories/csp_reftk/</loc>
</url><url>
<loc>/theories/cubic_quartic_equations/</loc>
</url><url>
<loc>/theories/cyk/</loc>
</url><url>
<loc>/theories/czh_elementary_categories/</loc>
</url><url>
<loc>/theories/czh_foundations/</loc>
</url><url>
<loc>/theories/czh_universal_constructions/</loc>
</url><url>
<loc>/theories/datarefinementibp/</loc>
</url><url>
<loc>/theories/datatype_order_generator/</loc>
</url><url>
<loc>/theories/decl_sem_fun_pl/</loc>
</url><url>
<loc>/theories/decreasing-diagrams/</loc>
</url><url>
<loc>/theories/decreasing-diagrams-ii/</loc>
</url><url>
<loc>/theories/dedekind_real/</loc>
</url><url>
<loc>/theories/deep_learning/</loc>
</url><url>
<loc>/theories/delta_system_lemma/</loc>
</url><url>
<loc>/theories/density_compiler/</loc>
</url><url>
<loc>/theories/dependent_sifum_refinement/</loc>
</url><url>
<loc>/theories/dependent_sifum_type_systems/</loc>
</url><url>
<loc>/theories/depth-first-search/</loc>
</url><url>
<loc>/theories/derangements/</loc>
</url><url>
<loc>/theories/deriving/</loc>
</url><url>
<loc>/theories/descartes_sign_rule/</loc>
</url><url>
<loc>/theories/design_theory/</loc>
</url><url>
<loc>/theories/dfs_framework/</loc>
</url><url>
<loc>/theories/dict_construction/</loc>
</url><url>
<loc>/theories/differential_dynamic_logic/</loc>
</url><url>
<loc>/theories/differential_game_logic/</loc>
</url><url>
<loc>/theories/digit_expansions/</loc>
</url><url>
<loc>/theories/dijkstra_shortest_path/</loc>
</url><url>
<loc>/theories/diophantine_eqns_lin_hom/</loc>
</url><url>
<loc>/theories/dirichlet_l/</loc>
</url><url>
<loc>/theories/dirichlet_series/</loc>
</url><url>
<loc>/theories/discrete_summation/</loc>
</url><url>
<loc>/theories/discretepricing/</loc>
</url><url>
<loc>/theories/diskpaxos/</loc>
</url><url>
<loc>/theories/dom_components/</loc>
</url><url>
<loc>/theories/dominance_chk/</loc>
</url><url>
<loc>/download/</loc>
</url><url>
<loc>/theories/dprm_theorem/</loc>
</url><url>
<loc>/theories/dpt-sat-solver/</loc>
</url><url>
<loc>/theories/dynamic_tables/</loc>
</url><url>
<loc>/theories/dynamicarchitectures/</loc>
</url><url>
<loc>/theories/e_transcendental/</loc>
</url><url>
<loc>/theories/echelon_form/</loc>
</url><url>
<loc>/theories/edmondskarp_maxflow/</loc>
</url><url>
<loc>/theories/efficient-mergesort/</loc>
</url><url>
<loc>/theories/elliptic_curves_group_law/</loc>
</url><url>
<loc>/theories/encodability_process_calculi/</loc>
</url><url>
<loc>/submission/</loc>
</url><url>
<loc>/theories/epistemic_logic/</loc>
</url><url>
<loc>/theories/equivalence_relation_enumeration/</loc>
</url><url>
<loc>/theories/ergodic_theory/</loc>
</url><url>
<loc>/theories/error_function/</loc>
</url><url>
<loc>/theories/euler_maclaurin/</loc>
</url><url>
<loc>/theories/euler_partition/</loc>
</url><url>
<loc>/theories/eval_fo/</loc>
</url><url>
<loc>/theories/extended_finite_state_machine_inference/</loc>
</url><url>
<loc>/theories/extended_finite_state_machines/</loc>
</url><url>
<loc>/theories/factor_algebraic_polynomial/</loc>
</url><url>
<loc>/theories/factored_transition_system_bounding/</loc>
</url><url>
<loc>/theories/falling_factorial_sum/</loc>
</url><url>
<loc>/theories/farkas/</loc>
</url><url>
<loc>/theories/featherweight_ocl/</loc>
</url><url>
<loc>/theories/featherweightjava/</loc>
</url><url>
<loc>/theories/fermat3_4/</loc>
</url><url>
<loc>/theories/fft/</loc>
</url><url>
<loc>/theories/filerefinement/</loc>
</url><url>
<loc>/theories/finfun/</loc>
</url><url>
<loc>/theories/finger-trees/</loc>
</url><url>
<loc>/theories/finite-map-extras/</loc>
</url><url>
<loc>/theories/finite_automata_hf/</loc>
</url><url>
<loc>/theories/finite_fields/</loc>
</url><url>
<loc>/theories/finitely_generated_abelian_groups/</loc>
</url><url>
<loc>/theories/first_order_terms/</loc>
</url><url>
<loc>/theories/first_welfare_theorem/</loc>
</url><url>
<loc>/theories/fishburn_impossibility/</loc>
</url><url>
<loc>/theories/fisher_yates/</loc>
</url><url>
<loc>/theories/fishers_inequality/</loc>
</url><url>
<loc>/theories/flow_networks/</loc>
</url><url>
<loc>/theories/floyd_warshall/</loc>
</url><url>
<loc>/theories/flp/</loc>
</url><url>
<loc>/theories/flyspeck-tame/</loc>
</url><url>
<loc>/theories/flyspeck-tame-computation/</loc>
</url><url>
<loc>/theories/fo_theory_rewriting/</loc>
</url><url>
<loc>/theories/focusstreamscasestudies/</loc>
</url><url>
<loc>/theories/fol-fitting/</loc>
</url><url>
<loc>/theories/fol_axiomatic/</loc>
</url><url>
<loc>/theories/fol_harrison/</loc>
</url><url>
<loc>/theories/fol_seq_calc1/</loc>
</url><url>
<loc>/theories/fol_seq_calc2/</loc>
</url><url>
<loc>/theories/fol_seq_calc3/</loc>
</url><url>
<loc>/theories/forcing/</loc>
</url><url>
<loc>/theories/formal_puiseux_series/</loc>
</url><url>
<loc>/theories/formal_ssa/</loc>
</url><url>
<loc>/theories/formula_derivatives/</loc>
</url><url>
<loc>/theories/formula_derivatives-examples/</loc>
</url><url>
<loc>/theories/foundation_of_geometry/</loc>
</url><url>
<loc>/theories/fourier/</loc>
</url><url>
<loc>/theories/free-boolean-algebra/</loc>
</url><url>
<loc>/theories/free-groups/</loc>
</url><url>
<loc>/theories/frequency_moments/</loc>
</url><url>
<loc>/theories/fresh_identifiers/</loc>
</url><url>
<loc>/theories/fsm_tests/</loc>
</url><url>
<loc>/theories/functional-automata/</loc>
</url><url>
<loc>/theories/functional_ordered_resolution_prover/</loc>
</url><url>
<loc>/theories/funwithfunctions/</loc>
</url><url>
<loc>/theories/funwithtilings/</loc>
</url><url>
<loc>/theories/furstenberg_topology/</loc>
</url><url>
<loc>/theories/gabow_scc/</loc>
</url><url>
<loc>/theories/gale_shapley/</loc>
</url><url>
<loc>/theories/galestewart_games/</loc>
</url><url>
<loc>/theories/game_based_crypto/</loc>
</url><url>
<loc>/theories/gauss-jordan-elim-fun/</loc>
</url><url>
<loc>/theories/gauss_jordan/</loc>
</url><url>
<loc>/theories/gauss_sums/</loc>
</url><url>
<loc>/theories/gaussian_integers/</loc>
</url><url>
<loc>/theories/genclock/</loc>
</url><url>
<loc>/theories/general-triangle/</loc>
</url><url>
<loc>/theories/generalized_counting_sort/</loc>
</url><url>
<loc>/theories/generic_deriving/</loc>
</url><url>
<loc>/theories/generic_join/</loc>
</url><url>
<loc>/theories/gewirthpgcproof/</loc>
</url><url>
<loc>/theories/girth_chromatic/</loc>
</url><url>
<loc>/theories/goedel_hfset_semantic/</loc>
</url><url>
<loc>/theories/goedel_hfset_semanticless/</loc>
</url><url>
<loc>/theories/goedel_incompleteness/</loc>
</url><url>
<loc>/theories/goedelgod/</loc>
</url><url>
<loc>/theories/goodstein_lambda/</loc>
</url><url>
<loc>/theories/gpu_kernel_pl/</loc>
</url><url>
<loc>/theories/graph_saturation/</loc>
</url><url>
<loc>/theories/graph_theory/</loc>
</url><url>
<loc>/theories/graphmarkingibp/</loc>
</url><url>
<loc>/theories/green/</loc>
</url><url>
<loc>/theories/groebner_bases/</loc>
</url><url>
<loc>/theories/groebner_macaulay/</loc>
</url><url>
<loc>/theories/gromov_hyperbolicity/</loc>
</url><url>
<loc>/theories/grothendieck_schemes/</loc>
</url><url>
<loc>/theories/group-ring-module/</loc>
</url><url>
<loc>/theories/hahn_jordan_decomposition/</loc>
</url><url>
<loc>/theories/hales_jewett/</loc>
</url><url>
<loc>/theories/heard_of/</loc>
</url><url>
<loc>/theories/hello_world/</loc>
</url><url>
<loc>/help/</loc>
</url><url>
<loc>/theories/hereditarilyfinite/</loc>
</url><url>
<loc>/theories/hermite/</loc>
</url><url>
<loc>/theories/hermite_lindemann/</loc>
</url><url>
<loc>/theories/hidden_markov_models/</loc>
</url><url>
<loc>/theories/higher_order_terms/</loc>
</url><url>
<loc>/theories/hoare_time/</loc>
</url><url>
<loc>/theories/hol-csp/</loc>
</url><url>
<loc>/theories/hol-ode-arch-comp/</loc>
</url><url>
<loc>/theories/hol-ode-examples/</loc>
</url><url>
<loc>/theories/hol-ode-numerics/</loc>
</url><url>
<loc>/theories/holcf-prelude/</loc>
</url><url>
<loc>/theories/hood_melville_queue/</loc>
</url><url>
<loc>/theories/hotelkeycards/</loc>
</url><url>
<loc>/theories/hrb-slicing/</loc>
</url><url>
<loc>/theories/huffman/</loc>
</url><url>
<loc>/theories/hybrid_logic/</loc>
</url><url>
<loc>/theories/hybrid_multi_lane_spatial_logic/</loc>
</url><url>
<loc>/theories/hybrid_systems_vcs/</loc>
</url><url>
<loc>/theories/hyperctl/</loc>
</url><url>
<loc>/theories/hyperdual/</loc>
</url><url>
<loc>/theories/ieee_floating_point/</loc>
</url><url>
<loc>/theories/ifc_tracking/</loc>
</url><url>
<loc>/theories/imap-crdt/</loc>
</url><url>
<loc>/theories/imo2019/</loc>
</url><url>
<loc>/theories/imp2/</loc>
</url><url>
<loc>/theories/imp2_binary_heap/</loc>
</url><url>
<loc>/theories/imp_compiler/</loc>
</url><url>
<loc>/theories/imp_compiler_reuse/</loc>
</url><url>
<loc>/theories/imperative_insertion_sort/</loc>
</url><url>
+ <loc>/theories/implicational_logic/</loc>
+ </url><url>
<loc>/theories/impossible_geometry/</loc>
</url><url>
<loc>/theories/incompleteness/</loc>
</url><url>
<loc>/theories/incredible_proof_machine/</loc>
</url><url>
<loc>/theories/independence_ch/</loc>
</url><url>
<loc>/theories/inductive_confidentiality/</loc>
</url><url>
<loc>/theories/inductive_inference/</loc>
</url><url>
<loc>/theories/informationflowslicing/</loc>
</url><url>
<loc>/theories/informationflowslicing_inter/</loc>
</url><url>
<loc>/theories/infpathelimination/</loc>
</url><url>
<loc>/theories/integration/</loc>
</url><url>
<loc>/theories/interpolation_polynomials_hol_algebra/</loc>
</url><url>
<loc>/theories/interpreter_optimizations/</loc>
</url><url>
<loc>/theories/interval_arithmetic_word32/</loc>
</url><url>
<loc>/theories/intro_dest_elim/</loc>
</url><url>
<loc>/theories/involutions2squares/</loc>
</url><url>
<loc>/theories/ip_addresses/</loc>
</url><url>
<loc>/theories/iptables_semantics/</loc>
</url><url>
<loc>/theories/iptables_semantics_examples/</loc>
</url><url>
<loc>/theories/iptables_semantics_examples_big/</loc>
</url><url>
<loc>/theories/irrational_series_erdos_straus/</loc>
</url><url>
<loc>/theories/irrationality_j_hancl/</loc>
</url><url>
<loc>/theories/irrationals_from_thebook/</loc>
</url><url>
<loc>/theories/isabelle_c/</loc>
</url><url>
<loc>/theories/isabelle_marries_dirac/</loc>
</url><url>
<loc>/theories/isabelle_meta_model/</loc>
</url><url>
<loc>/theories/isageocoq/</loc>
</url><url>
<loc>/theories/isanet/</loc>
</url><url>
<loc>/theories/jacobson_basic_algebra/</loc>
</url><url>
<loc>/theories/jinja/</loc>
</url><url>
<loc>/theories/jinjadci/</loc>
</url><url>
<loc>/theories/jinjathreads/</loc>
</url><url>
<loc>/theories/jivedatastoremodel/</loc>
</url><url>
<loc>/theories/jordan_hoelder/</loc>
</url><url>
<loc>/theories/jordan_normal_form/</loc>
</url><url>
<loc>/theories/kad/</loc>
</url><url>
<loc>/theories/kat_and_dra/</loc>
</url><url>
<loc>/theories/kbps/</loc>
</url><url>
<loc>/theories/kd_tree/</loc>
</url><url>
<loc>/theories/key_agreement_strong_adversaries/</loc>
</url><url>
<loc>/theories/khovanskii_theorem/</loc>
</url><url>
<loc>/theories/kleene_algebra/</loc>
</url><url>
<loc>/theories/knights_tour/</loc>
</url><url>
<loc>/theories/knot_theory/</loc>
</url><url>
<loc>/theories/knuth_bendix_order/</loc>
</url><url>
<loc>/theories/knuth_morris_pratt/</loc>
</url><url>
<loc>/theories/koenigsberg_friendship/</loc>
</url><url>
<loc>/theories/kruskal/</loc>
</url><url>
<loc>/theories/kuratowski_closure_complement/</loc>
</url><url>
<loc>/theories/lam-ml-normalization/</loc>
</url><url>
<loc>/theories/lambda_free_epo/</loc>
</url><url>
<loc>/theories/lambda_free_kbos/</loc>
</url><url>
<loc>/theories/lambda_free_rpos/</loc>
</url><url>
<loc>/theories/lambdaauth/</loc>
</url><url>
<loc>/theories/lambdamu/</loc>
</url><url>
<loc>/theories/lambert_w/</loc>
</url><url>
<loc>/theories/landau_symbols/</loc>
</url><url>
<loc>/theories/laplace_transform/</loc>
</url><url>
<loc>/theories/latin_square/</loc>
</url><url>
<loc>/theories/latticeproperties/</loc>
</url><url>
<loc>/theories/launchbury/</loc>
</url><url>
<loc>/theories/laws_of_large_numbers/</loc>
</url><url>
<loc>/theories/lazy-lists-ii/</loc>
</url><url>
<loc>/theories/lazy_case/</loc>
</url><url>
<loc>/theories/lehmer/</loc>
</url><url>
<loc>/theories/lem/</loc>
</url><url>
<loc>/theories/lifting_definition_option/</loc>
</url><url>
<loc>/theories/lifting_the_exponent/</loc>
</url><url>
<loc>/theories/lightweightjava/</loc>
</url><url>
<loc>/theories/linear_inequalities/</loc>
</url><url>
<loc>/theories/linear_programming/</loc>
</url><url>
<loc>/theories/linear_recurrences/</loc>
</url><url>
<loc>/theories/linear_recurrences_solver/</loc>
</url><url>
<loc>/theories/linearquantifierelim/</loc>
</url><url>
<loc>/theories/liouville_numbers/</loc>
</url><url>
<loc>/theories/list-index/</loc>
</url><url>
<loc>/theories/list-infinite/</loc>
</url><url>
<loc>/theories/list_interleaving/</loc>
</url><url>
<loc>/theories/list_inversions/</loc>
</url><url>
<loc>/theories/list_update/</loc>
</url><url>
<loc>/theories/lll_basis_reduction/</loc>
</url><url>
<loc>/theories/lll_factorization/</loc>
</url><url>
<loc>/theories/localization_ring/</loc>
</url><url>
<loc>/theories/locallexing/</loc>
</url><url>
<loc>/theories/locally-nameless-sigma/</loc>
</url><url>
<loc>/theories/loft/</loc>
</url><url>
<loc>/theories/logging_independent_anonymity/</loc>
</url><url>
<loc>/topics/logic/computability/</loc>
</url><url>
<loc>/topics/logic/general-logic/</loc>
</url><url>
<loc>/topics/logic/general-logic/classical-first-order-logic/</loc>
</url><url>
<loc>/topics/logic/general-logic/classical-propositional-logic/</loc>
</url><url>
<loc>/topics/logic/general-logic/decidability-of-theories/</loc>
</url><url>
<loc>/topics/logic/general-logic/logics-of-knowledge-and-belief/</loc>
</url><url>
<loc>/topics/logic/general-logic/mechanization-of-proofs/</loc>
</url><url>
<loc>/topics/logic/general-logic/modal-logic/</loc>
</url><url>
<loc>/topics/logic/general-logic/paraconsistent-logics/</loc>
</url><url>
<loc>/topics/logic/general-logic/temporal-logic/</loc>
</url><url>
<loc>/topics/logic/philosophical-aspects/</loc>
</url><url>
<loc>/topics/logic/proof-theory/</loc>
</url><url>
<loc>/topics/logic/rewriting/</loc>
</url><url>
<loc>/topics/logic/set-theory/</loc>
</url><url>
<loc>/theories/lorenz_approximation/</loc>
</url><url>
<loc>/theories/lorenz_c0/</loc>
</url><url>
<loc>/theories/lorenz_c1/</loc>
</url><url>
<loc>/theories/lowe_ontological_argument/</loc>
</url><url>
<loc>/theories/lower_semicontinuous/</loc>
</url><url>
<loc>/theories/lp/</loc>
</url><url>
<loc>/theories/lp_duality/</loc>
</url><url>
<loc>/theories/ltl/</loc>
</url><url>
<loc>/theories/ltl_master_theorem/</loc>
</url><url>
<loc>/theories/ltl_normal_form/</loc>
</url><url>
<loc>/theories/ltl_to_dra/</loc>
</url><url>
<loc>/theories/ltl_to_gba/</loc>
</url><url>
<loc>/theories/lucas_theorem/</loc>
</url><url>
<loc>/theories/markov_models/</loc>
</url><url>
<loc>/theories/marriage/</loc>
</url><url>
<loc>/theories/mason_stothers/</loc>
</url><url>
<loc>/topics/mathematics/algebra/</loc>
</url><url>
<loc>/topics/mathematics/analysis/</loc>
</url><url>
<loc>/topics/mathematics/category-theory/</loc>
</url><url>
<loc>/topics/mathematics/combinatorics/</loc>
</url><url>
<loc>/topics/mathematics/games-and-economics/</loc>
</url><url>
<loc>/topics/mathematics/geometry/</loc>
</url><url>
<loc>/topics/mathematics/graph-theory/</loc>
</url><url>
<loc>/topics/mathematics/measure-and-integration/</loc>
</url><url>
<loc>/topics/mathematics/misc/</loc>
</url><url>
<loc>/topics/mathematics/number-theory/</loc>
</url><url>
<loc>/topics/mathematics/order/</loc>
</url><url>
<loc>/topics/mathematics/physics/</loc>
</url><url>
<loc>/topics/mathematics/physics/quantum-information/</loc>
</url><url>
<loc>/topics/mathematics/probability-theory/</loc>
</url><url>
<loc>/topics/mathematics/topology/</loc>
</url><url>
<loc>/theories/matrices_for_odes/</loc>
</url><url>
<loc>/theories/matrix/</loc>
</url><url>
<loc>/theories/matrix_tensor/</loc>
</url><url>
<loc>/theories/matroids/</loc>
</url><url>
<loc>/theories/max-card-matching/</loc>
</url><url>
<loc>/theories/mdp-algorithms/</loc>
</url><url>
<loc>/theories/mdp-rewards/</loc>
</url><url>
<loc>/theories/median_method/</loc>
</url><url>
<loc>/theories/median_of_medians_selection/</loc>
</url><url>
<loc>/theories/menger/</loc>
</url><url>
<loc>/theories/mereology/</loc>
</url><url>
<loc>/theories/mersenne_primes/</loc>
</url><url>
<loc>/theories/metalogic_proofchecker/</loc>
</url><url>
<loc>/theories/mfmc_countable/</loc>
</url><url>
<loc>/theories/mfodl_monitor_optimized/</loc>
</url><url>
<loc>/theories/mfotl_monitor/</loc>
</url><url>
<loc>/theories/minimal_ssa/</loc>
</url><url>
<loc>/theories/miniml/</loc>
</url><url>
<loc>/theories/minisail/</loc>
</url><url>
<loc>/theories/minkowskis_theorem/</loc>
</url><url>
<loc>/theories/minsky_machines/</loc>
</url><url>
<loc>/theories/modal_logics_for_nts/</loc>
</url><url>
<loc>/theories/modular_arithmetic_lll_and_hnf_algorithms/</loc>
</url><url>
<loc>/theories/modular_assembly_kit_security/</loc>
</url><url>
<loc>/theories/monad_memo_dp/</loc>
</url><url>
<loc>/theories/monad_normalisation/</loc>
</url><url>
<loc>/theories/monobooltranalgebra/</loc>
</url><url>
<loc>/theories/monoidalcategory/</loc>
</url><url>
<loc>/theories/monomorphic_monad/</loc>
</url><url>
<loc>/theories/mso_regex_equivalence/</loc>
</url><url>
<loc>/theories/muchadoabouttwo/</loc>
</url><url>
<loc>/theories/multi_party_computation/</loc>
</url><url>
<loc>/theories/multirelations/</loc>
</url><url>
<loc>/theories/multiset_ordering_npc/</loc>
</url><url>
<loc>/theories/myhill-nerode/</loc>
</url><url>
<loc>/theories/name_carrying_type_inference/</loc>
</url><url>
<loc>/theories/nano_json/</loc>
</url><url>
<loc>/theories/nash_williams/</loc>
</url><url>
<loc>/theories/nat-interval-logic/</loc>
</url><url>
<loc>/theories/native_word/</loc>
</url><url>
<loc>/theories/nested_multisets_ordinals/</loc>
</url><url>
<loc>/theories/network_security_policy_verification/</loc>
</url><url>
<loc>/theories/neumann_morgenstern_utility/</loc>
</url><url>
<loc>/theories/no_ftl_observers/</loc>
</url><url>
<loc>/theories/nominal2/</loc>
</url><url>
<loc>/theories/noninterference_concurrent_composition/</loc>
</url><url>
<loc>/theories/noninterference_csp/</loc>
</url><url>
<loc>/theories/noninterference_generic_unwinding/</loc>
</url><url>
<loc>/theories/noninterference_inductive_unwinding/</loc>
</url><url>
<loc>/theories/noninterference_ipurge_unwinding/</loc>
</url><url>
<loc>/theories/noninterference_sequential_composition/</loc>
</url><url>
<loc>/theories/normbyeval/</loc>
</url><url>
<loc>/theories/nullstellensatz/</loc>
</url><url>
<loc>/theories/number_theoretic_transform/</loc>
</url><url>
<loc>/theories/octonions/</loc>
</url><url>
<loc>/theories/old_datatype_show/</loc>
</url><url>
<loc>/theories/open_induction/</loc>
</url><url>
<loc>/theories/opsets/</loc>
</url><url>
<loc>/theories/optics/</loc>
</url><url>
<loc>/theories/optimal_bst/</loc>
</url><url>
<loc>/theories/orbit_stabiliser/</loc>
</url><url>
<loc>/theories/order_lattice_props/</loc>
</url><url>
<loc>/theories/ordered_resolution_prover/</loc>
</url><url>
<loc>/theories/ordinal/</loc>
</url><url>
<loc>/theories/ordinal_partitions/</loc>
</url><url>
<loc>/theories/ordinals_and_cardinals/</loc>
</url><url>
<loc>/theories/ordinary_differential_equations/</loc>
</url><url>
<loc>/theories/pac_checker/</loc>
</url><url>
<loc>/theories/package_logic/</loc>
</url><url>
+ <loc>/theories/padic_field/</loc>
+ </url><url>
<loc>/theories/padic_ints/</loc>
</url><url>
<loc>/theories/pairing_heap/</loc>
</url><url>
<loc>/theories/pal/</loc>
</url><url>
<loc>/theories/paraconsistency/</loc>
</url><url>
<loc>/theories/parity_game/</loc>
</url><url>
<loc>/theories/partial_function_mr/</loc>
</url><url>
<loc>/theories/partial_order_reduction/</loc>
</url><url>
<loc>/theories/password_authentication_protocol/</loc>
</url><url>
<loc>/theories/pcf/</loc>
</url><url>
<loc>/theories/pell/</loc>
</url><url>
<loc>/theories/perfect-number-thm/</loc>
</url><url>
<loc>/theories/perron_frobenius/</loc>
</url><url>
<loc>/theories/pgcl/</loc>
</url><url>
<loc>/theories/physical_quantities/</loc>
</url><url>
<loc>/theories/pi_calculus/</loc>
</url><url>
<loc>/theories/pi_transcendental/</loc>
</url><url>
<loc>/theories/planarity_certificates/</loc>
</url><url>
<loc>/theories/plm/</loc>
</url><url>
<loc>/theories/pluennecke_ruzsa_inequality/</loc>
</url><url>
<loc>/theories/poincare_bendixson/</loc>
</url><url>
<loc>/theories/poincare_disc/</loc>
</url><url>
<loc>/theories/polynomial_factorization/</loc>
</url><url>
<loc>/theories/polynomial_interpolation/</loc>
</url><url>
<loc>/theories/polynomials/</loc>
</url><url>
<loc>/theories/pop_refinement/</loc>
</url><url>
<loc>/theories/poplmark-debruijn/</loc>
</url><url>
<loc>/theories/posix-lexing/</loc>
</url><url>
<loc>/theories/possibilistic_noninterference/</loc>
</url><url>
<loc>/theories/power_sum_polynomials/</loc>
</url><url>
<loc>/theories/pratt_certificate/</loc>
</url><url>
<loc>/theories/prefix_free_code_combinators/</loc>
</url><url>
<loc>/theories/presburger-automata/</loc>
</url><url>
<loc>/theories/prim_dijkstra_simple/</loc>
</url><url>
<loc>/theories/prime_distribution_elementary/</loc>
</url><url>
<loc>/theories/prime_harmonic_series/</loc>
</url><url>
<loc>/theories/prime_number_theorem/</loc>
</url><url>
<loc>/theories/priority_queue_braun/</loc>
</url><url>
<loc>/theories/priority_search_trees/</loc>
</url><url>
<loc>/theories/probabilistic_noninterference/</loc>
</url><url>
<loc>/theories/probabilistic_prime_tests/</loc>
</url><url>
<loc>/theories/probabilistic_system_zoo/</loc>
</url><url>
<loc>/theories/probabilistic_timed_automata/</loc>
</url><url>
<loc>/theories/probabilistic_while/</loc>
</url><url>
<loc>/theories/program-conflict-analysis/</loc>
</url><url>
<loc>/theories/progress_tracking/</loc>
</url><url>
<loc>/theories/projective_geometry/</loc>
</url><url>
<loc>/theories/projective_measurements/</loc>
</url><url>
<loc>/theories/promela/</loc>
</url><url>
<loc>/theories/proof_strategy_language/</loc>
</url><url>
<loc>/theories/propositional_proof_systems/</loc>
</url><url>
<loc>/theories/proprespi/</loc>
</url><url>
<loc>/theories/prpu_maxflow/</loc>
</url><url>
<loc>/theories/psemigroupsconvolution/</loc>
</url><url>
<loc>/theories/pseudohoops/</loc>
</url><url>
<loc>/theories/psi_calculi/</loc>
</url><url>
<loc>/theories/ptolemys_theorem/</loc>
</url><url>
<loc>/theories/public_announcement_logic/</loc>
</url><url>
<loc>/theories/qhlprover/</loc>
</url><url>
<loc>/theories/qr_decomposition/</loc>
</url><url>
<loc>/theories/quantales/</loc>
</url><url>
<loc>/theories/quasi_borel_spaces/</loc>
</url><url>
<loc>/theories/quaternions/</loc>
</url><url>
<loc>/theories/quick_sort_cost/</loc>
</url><url>
<loc>/theories/ramsey-infinite/</loc>
</url><url>
<loc>/theories/random_bsts/</loc>
</url><url>
<loc>/theories/random_graph_subgraph_threshold/</loc>
</url><url>
<loc>/theories/randomised_bsts/</loc>
</url><url>
<loc>/theories/randomised_social_choice/</loc>
</url><url>
<loc>/theories/rank_nullity_theorem/</loc>
</url><url>
<loc>/theories/real_impl/</loc>
</url><url>
<loc>/theories/real_power/</loc>
</url><url>
<loc>/theories/real_time_deque/</loc>
</url><url>
<loc>/theories/recursion-addition/</loc>
</url><url>
<loc>/theories/recursion-theory-i/</loc>
</url><url>
<loc>/theories/refine_imperative_hol/</loc>
</url><url>
<loc>/theories/refine_monadic/</loc>
</url><url>
<loc>/theories/refinementreactive/</loc>
</url><url>
<loc>/theories/regex_equivalence/</loc>
</url><url>
<loc>/theories/registers/</loc>
</url><url>
<loc>/theories/regression_test_selection/</loc>
</url><url>
<loc>/theories/regular-sets/</loc>
</url><url>
<loc>/theories/regular_algebras/</loc>
</url><url>
<loc>/theories/regular_tree_relations/</loc>
</url><url>
<loc>/theories/relation_algebra/</loc>
</url><url>
<loc>/theories/relational-incorrectness-logic/</loc>
</url><url>
<loc>/theories/relational_disjoint_set_forests/</loc>
</url><url>
<loc>/theories/relational_forests/</loc>
</url><url>
<loc>/theories/relational_method/</loc>
</url><url>
<loc>/theories/relational_minimum_spanning_trees/</loc>
</url><url>
<loc>/theories/relational_paths/</loc>
</url><url>
<loc>/theories/rep_fin_groups/</loc>
</url><url>
<loc>/theories/residuated_lattices/</loc>
</url><url>
<loc>/theories/residuatedtransitionsystem/</loc>
</url><url>
<loc>/theories/resolution_fol/</loc>
</url><url>
<loc>/theories/rewrite_properties_reduction/</loc>
</url><url>
<loc>/theories/rewriting_z/</loc>
</url><url>
<loc>/theories/ribbon_proofs/</loc>
</url><url>
<loc>/theories/ripemd-160-spark/</loc>
</url><url>
+ <loc>/theories/risk_free_lending/</loc>
+ </url><url>
<loc>/theories/robbins-conjecture/</loc>
</url><url>
<loc>/theories/robdd/</loc>
</url><url>
<loc>/theories/robinson_arithmetic/</loc>
</url><url>
<loc>/theories/root_balanced_tree/</loc>
</url><url>
<loc>/theories/roth_arithmetic_progressions/</loc>
</url><url>
<loc>/theories/routing/</loc>
</url><url>
<loc>/theories/roy_floyd_warshall/</loc>
</url><url>
<loc>/theories/rsapss/</loc>
</url><url>
<loc>/theories/safe_distance/</loc>
</url><url>
<loc>/theories/safe_ocl/</loc>
</url><url>
<loc>/theories/satsolververification/</loc>
</url><url>
<loc>/theories/saturation_framework/</loc>
</url><url>
<loc>/theories/saturation_framework_extensions/</loc>
</url><url>
<loc>/theories/sc_dom_components/</loc>
</url><url>
+ <loc>/theories/scc_bloemen_sequential/</loc>
+ </url><url>
<loc>/theories/schutz_spacetime/</loc>
</url><url>
<loc>/theories/sds_impossibility/</loc>
</url><url>
<loc>/search/</loc>
<priority>0.1</priority>
</url><url>
<loc>/theories/secondary_sylow/</loc>
</url><url>
<loc>/theories/security_protocol_refinement/</loc>
</url><url>
<loc>/theories/selection_heap_sort/</loc>
</url><url>
<loc>/theories/sensocialchoice/</loc>
</url><url>
<loc>/theories/separata/</loc>
</url><url>
<loc>/theories/separation_algebra/</loc>
</url><url>
<loc>/theories/separation_logic_imperative_hol/</loc>
</url><url>
+ <loc>/theories/separation_logic_unbounded/</loc>
+ </url><url>
<loc>/theories/sepref_basic/</loc>
</url><url>
<loc>/theories/sepref_iicf/</loc>
</url><url>
<loc>/theories/sepref_prereq/</loc>
</url><url>
<loc>/theories/sequentinvertibility/</loc>
</url><url>
<loc>/theories/shadow_dom/</loc>
</url><url>
<loc>/theories/shadow_sc_dom/</loc>
</url><url>
<loc>/theories/shivers-cfa/</loc>
</url><url>
<loc>/theories/shortestpath/</loc>
</url><url>
<loc>/theories/show/</loc>
</url><url>
<loc>/theories/sifpl/</loc>
</url><url>
<loc>/theories/sifum_type_systems/</loc>
</url><url>
<loc>/theories/sigma_commit_crypto/</loc>
</url><url>
<loc>/theories/signature_groebner/</loc>
</url><url>
<loc>/theories/simpl/</loc>
</url><url>
<loc>/theories/simple_firewall/</loc>
</url><url>
<loc>/theories/simplex/</loc>
</url><url>
<loc>/theories/simplicial_complexes_and_boolean_functions/</loc>
</url><url>
<loc>/theories/simplifiedontologicalargument/</loc>
</url><url>
<loc>/theories/skew_heap/</loc>
</url><url>
<loc>/theories/skip_lists/</loc>
</url><url>
<loc>/theories/slicing/</loc>
</url><url>
<loc>/theories/sliding_window_algorithm/</loc>
</url><url>
<loc>/theories/sm/</loc>
</url><url>
<loc>/theories/sm_base/</loc>
</url><url>
<loc>/theories/smith_normal_form/</loc>
</url><url>
<loc>/theories/smooth_manifolds/</loc>
</url><url>
<loc>/theories/solidity/</loc>
</url><url>
<loc>/theories/sophomores_dream/</loc>
</url><url>
<loc>/theories/sort_encodings/</loc>
</url><url>
<loc>/theories/source_coding_theorem/</loc>
</url><url>
<loc>/theories/sparcv8/</loc>
</url><url>
<loc>/theories/speccheck/</loc>
</url><url>
<loc>/theories/special_function_bounds/</loc>
</url><url>
<loc>/theories/splay_tree/</loc>
</url><url>
<loc>/theories/sqrt_babylonian/</loc>
</url><url>
<loc>/theories/stable_matching/</loc>
</url><url>
<loc>/theories/statecharts/</loc>
</url><url>
<loc>/theories/stateful_protocol_composition_and_typing/</loc>
</url><url>
<loc>/statistics/</loc>
</url><url>
<loc>/theories/stellar_quorums/</loc>
</url><url>
<loc>/theories/stern_brocot/</loc>
</url><url>
<loc>/theories/stewart_apollonius/</loc>
</url><url>
<loc>/theories/stirling_formula/</loc>
</url><url>
<loc>/theories/stochastic_matrices/</loc>
</url><url>
<loc>/theories/stone_algebras/</loc>
</url><url>
<loc>/theories/stone_kleene_relation_algebras/</loc>
</url><url>
<loc>/theories/stone_relation_algebras/</loc>
</url><url>
<loc>/theories/store_buffer_reduction/</loc>
</url><url>
<loc>/theories/stream-fusion/</loc>
</url><url>
<loc>/theories/stream_fusion_code/</loc>
</url><url>
<loc>/theories/strong_security/</loc>
</url><url>
<loc>/theories/sturm_sequences/</loc>
</url><url>
<loc>/theories/sturm_tarski/</loc>
</url><url>
<loc>/theories/stuttering_equivalence/</loc>
</url><url>
<loc>/theories/subresultants/</loc>
</url><url>
<loc>/theories/subset_boolean_algebras/</loc>
</url><url>
<loc>/theories/sumsquares/</loc>
</url><url>
<loc>/theories/sunflowers/</loc>
</url><url>
<loc>/theories/supercalc/</loc>
</url><url>
<loc>/theories/surprise_paradox/</loc>
</url><url>
<loc>/theories/symmetric_polynomials/</loc>
</url><url>
<loc>/theories/syntax_independent_logic/</loc>
</url><url>
<loc>/theories/szemeredi_regularity/</loc>
</url><url>
<loc>/theories/szpilrajn/</loc>
</url><url>
<loc>/theories/tail_recursive_functions/</loc>
</url><url>
<loc>/theories/tarskis_geometry/</loc>
</url><url>
<loc>/theories/taylor_models/</loc>
</url><url>
<loc>/theories/tesl_language/</loc>
</url><url>
<loc>/theories/</loc>
</url><url>
<loc>/theories/three_circles/</loc>
</url><url>
<loc>/theories/timed_automata/</loc>
</url><url>
<loc>/theories/tla/</loc>
</url><url>
<loc>/theories/topological_semantics/</loc>
</url><url>
<loc>/theories/topology/</loc>
</url><url>
<loc>/theories/tortoisehare/</loc>
</url><url>
<loc>/theories/transcendence_series_hancl_rucki/</loc>
</url><url>
<loc>/theories/transformer_semantics/</loc>
</url><url>
<loc>/theories/transition_systems_and_automata/</loc>
</url><url>
<loc>/theories/transitive-closure/</loc>
</url><url>
<loc>/theories/transitive-closure-ii/</loc>
</url><url>
<loc>/theories/transitive_models/</loc>
</url><url>
<loc>/theories/treaps/</loc>
</url><url>
<loc>/theories/tree-automata/</loc>
</url><url>
<loc>/theories/tree_decomposition/</loc>
</url><url>
<loc>/theories/triangle/</loc>
</url><url>
<loc>/theories/trie/</loc>
</url><url>
<loc>/theories/twelvefold_way/</loc>
</url><url>
<loc>/theories/tycon/</loc>
</url><url>
<loc>/theories/types_tableaus_and_goedels_god/</loc>
</url><url>
<loc>/theories/types_to_sets_extension/</loc>
</url><url>
<loc>/theories/universal_hash_families/</loc>
</url><url>
<loc>/theories/universal_turing_machine/</loc>
</url><url>
<loc>/theories/updown_scheme/</loc>
</url><url>
<loc>/theories/upf/</loc>
</url><url>
<loc>/theories/upf_firewall/</loc>
</url><url>
<loc>/theories/utp/</loc>
</url><url>
<loc>/theories/utp-toolkit/</loc>
</url><url>
<loc>/theories/valuation/</loc>
</url><url>
<loc>/theories/van_der_waerden/</loc>
</url><url>
<loc>/theories/van_emde_boas_trees/</loc>
</url><url>
<loc>/theories/vectorspace/</loc>
</url><url>
<loc>/theories/vericomp/</loc>
</url><url>
<loc>/theories/verified-prover/</loc>
</url><url>
<loc>/theories/verified_sat_based_ai_planning/</loc>
</url><url>
<loc>/theories/verifythis2018/</loc>
</url><url>
<loc>/theories/verifythis2019/</loc>
</url><url>
<loc>/theories/vickrey_clarke_groves/</loc>
</url><url>
<loc>/theories/virtual_substitution/</loc>
</url><url>
<loc>/theories/volpanosmith/</loc>
</url><url>
<loc>/theories/vydra_mdl/</loc>
</url><url>
<loc>/theories/webassembly/</loc>
</url><url>
<loc>/theories/weight_balanced_trees/</loc>
</url><url>
<loc>/theories/weighted_arithmetic_geometric_mean/</loc>
</url><url>
<loc>/theories/weighted_path_order/</loc>
</url><url>
<loc>/theories/well_quasi_orders/</loc>
</url><url>
<loc>/theories/wetzels_problem/</loc>
</url><url>
<loc>/theories/whatandwhere_security/</loc>
</url><url>
<loc>/theories/winding_number_eval/</loc>
</url><url>
<loc>/theories/woot_strong_eventual_consistency/</loc>
</url><url>
<loc>/theories/word_lib/</loc>
</url><url>
<loc>/theories/workerwrapper/</loc>
</url><url>
<loc>/theories/x86_semantics/</loc>
</url><url>
<loc>/theories/xml/</loc>
</url><url>
<loc>/theories/youngs_inequality/</loc>
</url><url>
<loc>/theories/zeta_3_irrational/</loc>
</url><url>
<loc>/theories/zeta_function/</loc>
</url><url>
<loc>/theories/zfc_in_hol/</loc>
</url>
</urlset>
diff --git a/web/statistics/index.html b/web/statistics/index.html
--- a/web/statistics/index.html
+++ b/web/statistics/index.html
@@ -1,337 +1,337 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Statistics - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><meta property="og:title" content="Statistics" />
-<meta property="og:description" content="699 Entries 425 Authors ~220,200 Lemmas ~3,582,600 Lines of Code Most used AFP articles: Name Used by ? articles 1. List-Index 21 2. Collections 18 3. Show 16 4. Coinductive 12 5. Deriving 12 6. Jordan_Normal_Form 12 7. Polynomial_Factorization 12 8. Regular-Sets 12 9." />
+<meta property="og:description" content="704 Entries 426 Authors ~222,700 Lemmas ~3,630,000 Lines of Code Most used AFP articles: Name Used by ? articles 1. List-Index 21 2. Collections 18 3. Show 16 4. Coinductive 12 5. Deriving 12 6. Jordan_Normal_Form 12 7. Polynomial_Factorization 12 8. Regular-Sets 12 9." />
<meta property="og:type" content="article" />
<meta property="og:url" content="/statistics/" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="" />
<meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Statistics"/>
-<meta name="twitter:description" content="699 Entries 425 Authors ~220,200 Lemmas ~3,582,600 Lines of Code Most used AFP articles: Name Used by ? articles 1. List-Index 21 2. Collections 18 3. Show 16 4. Coinductive 12 5. Deriving 12 6. Jordan_Normal_Form 12 7. Polynomial_Factorization 12 8. Regular-Sets 12 9."/>
+<meta name="twitter:description" content="704 Entries 426 Authors ~222,700 Lemmas ~3,630,000 Lines of Code Most used AFP articles: Name Used by ? articles 1. List-Index 21 2. Collections 18 3. Show 16 4. Coinductive 12 5. Deriving 12 6. Jordan_Normal_Form 12 7. Polynomial_Factorization 12 8. Regular-Sets 12 9."/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon"><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li class="active" >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>S</span>tatistics</h1>
<div>
</div>
</header><div><div>
<table>
<tr>
- <td class="statsnumber">699</td>
+ <td class="statsnumber">704</td>
<td><a href="../">Entries</a></td>
</tr>
<tr>
- <td class="statsnumber">425</td>
+ <td class="statsnumber">426</td>
<td><a href="../authors/">Authors</a></td>
</tr>
<tr>
- <td class="statsnumber">~220,200</td>
+ <td class="statsnumber">~222,700</td>
<td>Lemmas</td>
</tr>
<tr>
- <td class="statsnumber">~3,582,600</td>
+ <td class="statsnumber">~3,630,000</td>
<td>Lines of Code</td>
</tr>
</table>
<h4>Most used AFP articles:</h4>
<table id="most_used">
<tr>
<th></th>
<th>Name</th>
<th>Used by ? articles</th>
</tr>
<tr>
<td>1.</td>
<td><a href="../entries/List-Index.html">List-Index</a></td>
<td><a href="../dependencies/list-index/">21</a></td>
</tr>
<tr>
<td>2.</td>
<td><a href="../entries/Collections.html">Collections</a></td>
<td><a href="../dependencies/collections/">18</a></td>
</tr>
<tr>
<td>3.</td>
<td><a href="../entries/Show.html">Show</a></td>
<td><a href="../dependencies/show/">16</a></td>
</tr>
<tr>
<td>4.</td>
<td><a href="../entries/Coinductive.html">Coinductive</a></td>
<td><a href="../dependencies/coinductive/">12</a></td>
</tr>
<tr>
<td>5.</td>
<td><a href="../entries/Deriving.html">Deriving</a></td>
<td><a href="../dependencies/deriving/">12</a></td>
</tr>
<tr>
<td>6.</td>
<td><a href="../entries/Jordan_Normal_Form.html">Jordan_Normal_Form</a></td>
<td><a href="../dependencies/jordan_normal_form/">12</a></td>
</tr>
<tr>
<td>7.</td>
<td><a href="../entries/Polynomial_Factorization.html">Polynomial_Factorization</a></td>
<td><a href="../dependencies/polynomial_factorization/">12</a></td>
</tr>
<tr>
<td>8.</td>
<td><a href="../entries/Regular-Sets.html">Regular-Sets</a></td>
<td><a href="../dependencies/regular-sets/">12</a></td>
</tr>
<tr>
<td>9.</td>
<td><a href="../entries/Landau_Symbols.html">Landau_Symbols</a></td>
<td><a href="../dependencies/landau_symbols/">11</a></td>
</tr>
<tr>
<td>10.</td>
<td><a href="../entries/Abstract-Rewriting.html">Abstract-Rewriting</a></td>
<td><a href="../dependencies/abstract-rewriting/">10</a></td>
</tr>
<tr>
<td>11.</td>
<td><a href="../entries/Automatic_Refinement.html">Automatic_Refinement</a></td>
<td><a href="../dependencies/automatic_refinement/">10</a></td>
</tr>
<tr>
<td>12.</td>
<td><a href="../entries/Native_Word.html">Native_Word</a></td>
<td><a href="../dependencies/native_word/">10</a></td>
</tr>
</table>
<script>
const years = [2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021,2022]
- const no_articles = [14,22,29,37,52,64,86,103,128,151,208,253,326,396,455,511,577,650,699]
- const no_loc = [60600,96800,131300,238700,353500,435700,516800,567900,737800,824900,1036500,1216900,1600400,1856200,2127400,2443600,2838500,3349900,3582600]
- const no_authors = [14,11,6,6,10,6,24,11,17,16,37,20,63,31,26,38,30,43,16]
- const no_authors_series = [14,25,31,37,47,53,77,88,105,121,158,178,241,272,298,336,366,409,425]
- const all_articles = ['AVL-Trees','MiniML','Functional-Automata','BinarySearchTree','Lazy-Lists-II','Topology','Group-Ring-Module','Depth-First-Search','Compiling-Exceptions-Correctly','Completeness','Ramsey-Infinite','Verified-Prover','Integration','FileRefinement','Category','RSAPSS','Jinja','JiveDataStoreModel','DiskPaxos','GenClock','FFT','Ordinal','Cauchy','ClockSynchInst','FeatherweightJava','CoreC++','Flyspeck-Tame','Abstract-Hoare-Logics','HotelKeyCards','FOL-Fitting','POPLmark-deBruijn','Valuation','Fermat3_4','SumSquares','MuchAdoAboutTwo','JinjaThreads','Program-Conflict-Analysis','LinearQuantifierElim','NormByEval','BDD','Simpl','Recursion-Theory-I','SATSolverVerification','FunWithFunctions','ArrowImpossibilityGS','VolpanoSmith','Slicing','Huffman','FunWithTilings','SenSocialChoice','SIFPL','BytecodeLogicJmlTypes','Stream-Fusion','FinFun','CofGroups','SequentInvertibility','Ordinals_and_Cardinals','WorkerWrapper','HRB-Slicing','Perfect-Number-Thm','Collections','Tree-Automata','Presburger-Automata','DPT-SAT-Solver','Coinductive','List-Index','InformationFlowSlicing','InformationFlowSlicing_Inter','Free-Boolean-Algebra','Locally-Nameless-Sigma','Regular-Sets','Robbins-Conjecture','DataRefinementIBP','GraphMarkingIBP','Abstract-Rewriting','Matrix','Category2','Free-Groups','Statecharts','Polynomials','Lam-ml-Normalization','Binomial-Heaps','Binomial-Queues','Finger-Trees','Shivers-CFA','Marriage','Lower_Semicontinuous','RIPEMD-160-SPARK','LightweightJava','AutoFocus-Stream','List-Infinite','Nat-Interval-Logic','Transitive-Closure','General-Triangle','KBPs','Max-Card-Matching','Gauss-Jordan-Elim-Fun','Myhill-Nerode','LatticeProperties','MonoBoolTranAlgebra','PseudoHoops','Efficient-Mergesort','TLA','Markov_Models','Dijkstra_Shortest_Path','Refine_Monadic','Girth_Chromatic','Transitive-Closure-II','Abortable_Linearizable_Modules','Well_Quasi_Orders','Ordinary_Differential_Equations','Inductive_Confidentiality','Stuttering_Equivalence','Separation_Algebra','Circus','CCS','Pi_Calculus','Psi_Calculi','Tycon','PCF','Heard_Of','Impossible_Geometry','Datatype_Order_Generator','Possibilistic_Noninterference','Bondy','Tarskis_Geometry','Open_Induction','Separation_Logic_Imperative_HOL','Sqrt_Babylonian','Kleene_Algebra','Rank_Nullity_Theorem','Ribbon_Proofs','Launchbury','Nominal2','Containers','Graph_Theory','ShortestPath','Sort_Encodings','Koenigsberg_Friendship','Lehmer','Pratt_Certificate','IEEE_Floating_Point','Native_Word','Automatic_Refinement','Decreasing-Diagrams','GoedelGod','FocusStreamsCaseStudies','Coinductive_Languages','HereditarilyFinite','Incompleteness','Tail_Recursive_Functions','CryptoBasedCompositionalProperties','Sturm_Sequences','Featherweight_OCL','KAT_and_DRA','Relation_Algebra','Secondary_Sylow','Regex_Equivalence','Real_Impl','Affine_Arithmetic','Selection_Heap_Sort','Random_Graph_Subgraph_Threshold','Partial_Function_MR','AWN','Probabilistic_Noninterference','GPU_Kernel_PL','Discrete_Summation','Abstract_Completeness','HyperCTL','Bounded_Deducibility_Security','SIFUM_Type_Systems','Strong_Security','WHATandWHERE_Security','ComponentDependencies','Regular_Algebras','Noninterference_CSP','Roy_Floyd_Warshall','CAVA_Automata','CAVA_LTL_Modelchecker','Gabow_SCC','LTL_to_GBA','Promela','Boolean_Expression_Checkers','MSO_Regex_Equivalence','Pop_Refinement','Network_Security_Policy_Verification','Amortized_Complexity','pGCL','CISC-Kernel','Show','Splay_Tree','Skew_Heap','Special_Function_Bounds','VectorSpace','Gauss_Jordan','Priority_Queue_Braun','Jordan_Hoelder','Cayley_Hamilton','Sturm_Tarski','Imperative_Insertion_Sort','Certification_Monads','XML','RefinementReactive','Density_Compiler','Stream_Fusion_Code','Lifting_Definition_Option','AODV','UPF','UpDown_Scheme','Finite_Automata_HF','Echelon_Form','QR_Decomposition','Call_Arity','Deriving','Consensus_Refined','Trie','ConcurrentGC','ConcurrentIMP','Residuated_Lattices','Vickrey_Clarke_Groves','Probabilistic_System_Zoo','Formula_Derivatives','Dynamic_Tables','List_Interleaving','Multirelations','Noninterference_Generic_Unwinding','Noninterference_Ipurge_Unwinding','Derangements','Hermite','Akra_Bazzi','Landau_Symbols','Case_Labeling','Encodability_Process_Calculi','Rep_Fin_Groups','Noninterference_Inductive_Unwinding','Decreasing-Diagrams-II','Jordan_Normal_Form','LTL_to_DRA','Isabelle_Meta_Model','Parity_Game','Planarity_Certificates','TortoiseHare','Euler_Partition','Ergodic_Theory','Latin_Square','Card_Partitions','Algebraic_Numbers','Applicative_Lifting','Stern_Brocot','Descartes_Sign_Rule','Liouville_Numbers','Prime_Harmonic_Series','Triangle','Card_Number_Partitions','Matrix_Tensor','Knot_Theory','Polynomial_Factorization','Polynomial_Interpolation','Formal_SSA','List_Update','LTL','Cartan_FP','Timed_Automata','PropResPI','KAD','Noninterference_Sequential_Composition','CYK','ROBDD','No_FTL_observers','Groebner_Bases','Bell_Numbers_Spivey','SDS_Impossibility','Randomised_Social_Choice','MFMC_Countable','FLP','Incredible_Proof_Machine','Perron_Frobenius','Card_Equiv_Relations','Posix-Lexing','Tree_Decomposition','Word_Lib','Noninterference_Concurrent_Composition','Algebraic_VCs','Catalan_Numbers','Dependent_SIFUM_Type_Systems','Card_Multisets','Category3','Dependent_SIFUM_Refinement','IP_Addresses','Resolution_FOL','Rewriting_Z','Buildings','DFS_Framework','Pairing_Heap','Surprise_Paradox','Ptolemys_Theorem','Refine_Imperative_HOL','EdmondsKarp_Maxflow','InfPathElimination','Simple_Firewall','Routing','Stirling_Formula','Stone_Algebras','SuperCalc','Iptables_Semantics','Lambda_Free_RPOs','Allen_Calculus','Fisher_Yates','Lp','Chord_Segments','Berlekamp_Zassenhaus','SPARCv8','Source_Coding_Theorem','LOFT','Stable_Matching','Modal_Logics_for_NTS','Deep_Learning','Lambda_Free_KBOs','Nested_Multisets_Ordinals','Separata','Abs_Int_ITP2012','Complx','Paraconsistency','Proof_Strategy_Language','Twelvefold_Way','Concurrent_Ref_Alg','FOL_Harrison','Password_Authentication_Protocol','UPF_Firewall','E_Transcendental','Bertrands_Postulate','Minimal_SSA','Bernoulli','Key_Agreement_Strong_Adversaries','Stone_Relation_Algebras','Abstract_Soundness','Differential_Dynamic_Logic','Menger','Elliptic_Curves_Group_Law','Euler_MacLaurin','Comparison_Sort_Lower_Bound','Quick_Sort_Cost','Random_BSTs','Subresultants','Lazy_Case','Constructor_Funs','LocalLexing','Types_Tableaus_and_Goedels_God','MonoidalCategory','CryptHOL','Game_Based_Crypto','Monad_Normalisation','Monomorphic_Monad','Probabilistic_While','Floyd_Warshall','Dict_Construction','Security_Protocol_Refinement','Optics','Flow_Networks','Prpu_Maxflow','Buffons_Needle','PSemigroupsConvolution','Propositional_Proof_Systems','Stone_Kleene_Relation_Algebras','CRDT','Name_Carrying_Type_Inference','Minkowskis_Theorem','HOLCF-Prelude','Decl_Sem_Fun_PL','DynamicArchitectures','Stewart_Apollonius','LambdaMu','Orbit_Stabiliser','Root_Balanced_Tree','First_Welfare_Theorem','AnselmGod','PLM','Lowe_Ontological_Argument','Dirichlet_Series','Linear_Recurrences','Zeta_Function','Diophantine_Eqns_Lin_Hom','Count_Complex_Roots','Winding_Number_Eval','Buchi_Complementation','Transition_Systems_and_Automata','Kuratowski_Closure_Complement','Hybrid_Multi_Lane_Spatial_Logic','IMAP-CRDT','Stochastic_Matrices','Knuth_Morris_Pratt','BNF_Operations','Dirichlet_L','Mason_Stothers','Median_Of_Medians_Selection','Falling_Factorial_Sum','Taylor_Models','Green','Gromov_Hyperbolicity','Ordered_Resolution_Prover','LLL_Basis_Reduction','Error_Function','First_Order_Terms','LLL_Factorization','Treaps','Hoare_Time','Architectural_Design_Patterns','CakeML','Weight_Balanced_Trees','Fishburn_Impossibility','BNF_CC','VerifyThis2018','WebAssembly','Modular_Assembly_Kit_Security','OpSets','Monad_Memo_DP','AxiomaticCategoryTheory','Irrationality_J_Hancl','Probabilistic_Timed_Automata','Hidden_Markov_Models','Optimal_BST','Partial_Order_Reduction','Localization_Ring','Projective_Geometry','Pell','Neumann_Morgenstern_Utility','DiscretePricing','Minsky_Machines','Simplex','Budan_Fourier','Quaternions','Octonions','Aggregation_Algebras','Prime_Number_Theorem','Signature_Groebner','Symmetric_Polynomials','Pi_Transcendental','Factored_Transition_System_Bounding','Lambda_Free_EPO','Randomised_BSTs','Smooth_Manifolds','Epistemic_Logic','GewirthPGCProof','Generic_Deriving','Matroids','Auto2_HOL','Functional_Ordered_Resolution_Prover','Graph_Saturation','Order_Lattice_Props','Quantales','Transformer_Semantics','Constructive_Cryptography','Auto2_Imperative_HOL','Concurrent_Revisions','Core_DOM','Store_Buffer_Reduction','Higher_Order_Terms','IMP2','Farkas','List_Inversions','UTP','Universal_Turing_Machine','Probabilistic_Prime_Tests','Kruskal','Prime_Distribution_Elementary','Safe_OCL','QHLProver','Transcendence_Series_Hancl_Rucki','Binding_Syntax_Theory','LTL_Master_Theorem','HOL-CSP','Multi_Party_Computation','LambdaAuth','KD_Tree','Differential_Game_Logic','IMP2_Binary_Heap','Groebner_Macaulay','Nullstellensatz','Linear_Inequalities','Prim_Dijkstra_Simple','Priority_Search_Trees','Complete_Non_Orders','MFOTL_Monitor','CakeML_Codegen','FOL_Seq_Calc1','Szpilrajn','TESL_Language','Stellar_Quorums','IMO2019','C2KA_DistributedSystems','Linear_Programming','Laplace_Transform','Adaptive_State_Counting','Jacobson_Basic_Algebra','Fourier','Hybrid_Systems_VCs','Generic_Join','Clean','Sigma_Commit_Crypto','Aristotles_Assertoric_Syllogistic','VerifyThis2019','Isabelle_C','ZFC_in_HOL','Interval_Arithmetic_Word32','Generalized_Counting_Sort','Gauss_Sums','Complex_Geometry','Poincare_Disc','Poincare_Bendixson','Hybrid_Logic','Zeta_3_Irrational','Bicategory','Skip_Lists','Closest_Pair_Points','Approximation_Algorithms','Mersenne_Primes','Subset_Boolean_Algebras','Arith_Prog_Rel_Primes','VeriComp','Goodstein_Lambda','Hello_World','Relational-Incorrectness-Logic','Furstenberg_Topology','WOOT_Strong_Eventual_Consistency','Lucas_Theorem','Automated_Stateful_Protocol_Verification','Stateful_Protocol_Composition_and_Typing','MFODL_Monitor_Optimized','Saturation_Framework','Sliding_Window_Algorithm','ADS_Functor','Matrices_for_ODEs','Gaussian_Integers','Lambert_W','Power_Sum_Polynomials','Attack_Trees','Banach_Steinhaus','Forcing','LTL_Normal_Form','Recursion-Addition','Irrational_Series_Erdos_Straus','Knuth_Bendix_Order','Nash_Williams','Smith_Normal_Form','Safe_Distance','Relational_Paths','Chandy_Lamport','Ordinal_Partitions','Amicable_Numbers','BirdKMP','Saturation_Framework_Extensions','Relational_Disjoint_Set_Forests','Inductive_Inference','PAC_Checker','Extended_Finite_State_Machine_Inference','Extended_Finite_State_Machines','Goedel_HFSet_Semantic','Goedel_HFSet_Semanticless','Goedel_Incompleteness','Robinson_Arithmetic','Syntax_Independent_Logic','Core_SC_DOM','DOM_Components','SC_DOM_Components','Shadow_DOM','Shadow_SC_DOM','Finite-Map-Extras','Physical_Quantities','AI_Planning_Languages_Semantics','Verified_SAT_Based_AI_Planning','CSP_RefTK','Isabelle_Marries_Dirac','Relational_Method','Interpreter_Optimizations','Relational_Minimum_Spanning_Trees','Topological_Semantics','Delta_System_Lemma','JinjaDCI','Hood_Melville_Queue','Blue_Eyes','IsaGeoCoq','Laws_of_Large_Numbers','Formal_Puiseux_Series','BTree','Sunflowers','Mereology','Hermite_Lindemann','Projective_Measurements','Modular_arithmetic_LLL_and_HNF_algorithms','Constructive_Cryptography_CM','Padic_Ints','Grothendieck_Schemes','IFC_Tracking','Progress_Tracking','GaleStewart_Games','BenOr_Kozen_Reif','Lifting_the_Exponent','Metalogic_ProofChecker','Regression_Test_Selection','Combinatorics_Words','Combinatorics_Words_Graph_Lemma','Combinatorics_Words_Lyndon','IMP_Compiler','Public_Announcement_Logic','MiniSail','Van_der_Waerden','SpecCheck','Finitely_Generated_Abelian_Groups','Schutz_Spacetime','Relational_Forests','Design_Theory','BD_Security_Compositional','CoCon','CoSMeDis','CoSMed','Fresh_Identifiers','Three_Circles','Logging_Independent_Anonymity','Cubic_Quartic_Equations','Dominance_CHK','CZH_Elementary_Categories','CZH_Foundations','CZH_Universal_Constructions','Conditional_Simplification','Conditional_Transfer_Rule','Intro_Dest_Elim','Types_To_Sets_Extension','Weighted_Path_Order','Complex_Bounded_Operators','FOL_Axiomatic','Virtual_Substitution','Correctness_Algebras','X86_Semantics','Belief_Revision','Registers','Szemeredi_Regularity','Factor_Algebraic_Polynomial','PAL','Real_Power','SimplifiedOntologicalArgument','Hahn_Jordan_Decomposition','Foundation_of_geometry','Van_Emde_Boas_Trees','Simplicial_complexes_and_boolean_functions','Regular_Tree_Relations','MDP-Algorithms','MDP-Rewards','Roth_Arithmetic_Progressions','Gale_Shapley','Hyperdual','Knights_Tour','Irrationals_From_THEBOOK','Actuarial_Mathematics','Median_Method','Interpolation_Polynomials_HOL_Algebra','FOL_Seq_Calc2','Youngs_Inequality','FO_Theory_Rewriting','LP_Duality','Quasi_Borel_Spaces','Equivalence_Relation_Enumeration','VYDRA_MDL','Eval_FO','Wetzels_Problem','Universal_Hash_Families','ResiduatedTransitionSystem','Transitive_Models','Independence_CH','Cotangent_PFD_Formula','FOL_Seq_Calc3','Ackermanns_not_PR','Dedekind_Real','Frequency_Moments','Prefix_Free_Code_Combinators','Sophomores_Dream','Digit_Expansions','Multiset_Ordering_NPC','Fishers_Inequality','Clique_and_Monotone_Circuits','Package_logic','Pluennecke_Ruzsa_Inequality','Combinable_Wands','Rewrite_Properties_Reduction','DPRM_Theorem','Finite_Fields','IsaNet','Boolos_Curious_Inference','Real_Time_Deque','IMP_Compiler_Reuse','Weighted_Arithmetic_Geometric_Mean','Commuting_Hermitian','Solidity','Nano_JSON','FSM_Tests','Involutions2Squares','Number_Theoretic_Transform','Hales_Jewett','Khovanskii_Theorem','CRYSTALS-Kyber']
- const article_years_unique = ['2004','','','','','','','','','','','','','','2005','','','','','','','','2006','','','','','','','2007','','','','','','','','2008','','','','','','','','','','','','','','','2009','','','','','','','','','','','','2010','','','','','','','','','','','','','','','','','','','','','','2011','','','','','','','','','','','','','','','','','2012','','','','','','','','','','','','','','','','','','','','','','','','','2013','','','','','','','','','','','','','','','','','','','','','','','2014','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2015','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2016','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2017','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2018','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2019','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2020','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2021','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2022','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','']
- const loc_articles = [839,1507,1542,1096,1058,2419,44195,205,142,1974,209,1110,3792,506,1141,3766,17615,3119,6430,1145,447,2537,1275,1583,1838,12832,13047,2685,1228,3556,4238,9647,2847,970,1740,79712,4738,3396,2185,10664,31022,6726,30332,180,793,1047,14413,2080,254,2221,5959,3463,799,1540,684,6654,8,2627,27490,264,32555,5025,4380,208,9533,447,2380,3399,606,6305,2060,840,713,1024,5632,1427,4078,2230,6003,22604,1602,3370,1587,2451,2591,260,1617,16,2937,6557,7804,6381,992,125,10130,332,239,1831,999,1756,4420,434,4461,11864,2835,8575,1045,408,2940,2613,37935,3243,1480,2612,3141,2580,23005,27588,2266,4107,7701,1249,260,5309,73,9729,719,6674,1512,4355,1249,1908,6214,4977,10086,7261,538,3830,4591,202,853,1784,5274,10304,1524,150,5292,706,2248,10737,1463,1958,3067,11487,1860,1190,1219,2174,1144,14863,2212,1957,166,10685,6419,572,590,465,1698,1909,4134,1403,2138,2280,1959,2467,220,4432,9396,5430,3999,4472,406,5935,1829,12828,3234,9486,4560,926,659,63,1653,2338,9085,753,2113,875,1836,627,931,1405,1296,7880,1922,90,28055,2879,2796,1116,5259,4863,8842,1356,5997,527,6658,2606,1772,5327,1092,4112,952,1064,2362,1089,2446,477,2074,3763,1954,710,16080,8267,908,1063,21228,9679,8661,3142,9156,695,435,13995,478,898,10416,2724,1162,741,405,495,498,838,3622,4616,6264,4102,8166,12091,3178,518,17581,2876,2418,5496,885,2453,1162,17387,509,703,5047,10687,4287,3811,5337,329,3985,1057,15083,3257,2582,553,8478,206,26795,8773,3324,2960,398,12811,9483,370,173,384,18990,2545,6119,3774,645,2415,4344,9370,20053,3963,3419,319,3174,169,19414,14667,541,2652,7059,7590,3898,3243,4507,855,2289,5027,1349,276,4339,1475,3482,7119,9662,601,1728,852,2194,12204,4212,590,13558,1695,4484,1644,694,835,737,3394,105,68,10492,1127,8501,11278,4135,378,4711,1200,2078,639,14059,2229,3930,4869,468,1531,5570,5683,1993,4205,478,4121,3146,3472,88,480,1261,1877,2193,250,10669,822,7466,3107,5302,2784,8208,8844,2324,6164,945,6514,992,489,810,8949,3434,338,854,493,4593,9457,15962,6402,10342,787,2288,3260,1820,8442,3278,12945,672,843,3402,3638,11570,13548,3734,6261,528,965,7711,1042,1221,5017,1390,2755,1622,2173,13357,805,10042,2667,541,1271,2668,5319,9770,2765,934,11918,2205,1743,7917,1209,449,685,1812,1227,3559,3578,2951,2218,1644,5182,4968,2767,17368,34354,3204,6019,1900,373,9969,30917,3018,3298,5306,4576,10509,986,15793,4437,9487,5543,3301,1264,2973,805,10229,2606,5735,3365,472,3604,3199,13289,951,787,4455,527,713,782,2335,2134,9936,2090,3736,5801,2350,4124,3809,176,1726,9701,7027,5069,5729,4561,14098,10292,6402,4470,1907,68336,2355,3937,3485,1699,3154,944,1033,597,370,691,764,2564,332,21109,23314,10943,3061,744,2353,1560,2537,1609,1239,1939,1338,12002,1034,1444,1902,2670,755,13319,3036,5074,9793,6287,1261,2908,2101,5113,12873,9018,4265,4731,426,11477,3546,1295,8100,16384,3523,7798,12695,15385,648,1761,2352,16434,2359,7700,3995,6542,4731,2826,3304,24539,745,365,26525,290,2582,15792,615,4039,3766,4959,17068,8442,15847,6578,4131,7218,1015,10328,384,9264,4094,13798,488,837,666,840,19737,1088,233,4433,7684,1962,4940,3003,11165,14638,5913,303,3758,817,1329,3157,40867,29106,22137,225,1053,176,17526,4239,17784,1306,21771,13533,2621,1324,5953,909,2961,133,2203,471,2619,6076,20665,1882,9541,4288,4298,1384,2007,2946,3108,269,948,566,757,2594,807,9208,624,8738,502,7222,5937,343,828,18280,18383,14341,730,731,220,1411,4182,816,401,1312,1820,5168,2337,2169,654,2031,3338,8759,4623,7346,95,3711,1527,414,5785,15325,1041,53757,351,1958,2144,1518,3586]
+ const no_articles = [14,22,29,37,52,64,86,103,128,151,208,253,326,396,455,511,577,650,704]
+ const no_loc = [60600,96800,131300,238700,353500,435700,516800,567900,737800,824900,1036500,1216900,1600400,1856200,2127400,2443600,2838500,3350100,3630000]
+ const no_authors = [14,11,6,6,10,6,24,11,17,16,37,20,63,31,26,38,30,43,17]
+ const no_authors_series = [14,25,31,37,47,53,77,88,105,121,158,178,241,272,298,336,366,409,426]
+ const all_articles = ['AVL-Trees','MiniML','Functional-Automata','BinarySearchTree','Lazy-Lists-II','Topology','Group-Ring-Module','Depth-First-Search','Compiling-Exceptions-Correctly','Completeness','Ramsey-Infinite','Verified-Prover','Integration','FileRefinement','Category','RSAPSS','Jinja','JiveDataStoreModel','DiskPaxos','GenClock','FFT','Ordinal','Cauchy','ClockSynchInst','FeatherweightJava','CoreC++','Flyspeck-Tame','Abstract-Hoare-Logics','HotelKeyCards','FOL-Fitting','POPLmark-deBruijn','Valuation','Fermat3_4','SumSquares','MuchAdoAboutTwo','JinjaThreads','Program-Conflict-Analysis','LinearQuantifierElim','NormByEval','BDD','Simpl','Recursion-Theory-I','SATSolverVerification','FunWithFunctions','ArrowImpossibilityGS','VolpanoSmith','Slicing','Huffman','FunWithTilings','SenSocialChoice','SIFPL','BytecodeLogicJmlTypes','Stream-Fusion','FinFun','CofGroups','SequentInvertibility','Ordinals_and_Cardinals','WorkerWrapper','HRB-Slicing','Perfect-Number-Thm','Collections','Tree-Automata','Presburger-Automata','DPT-SAT-Solver','Coinductive','List-Index','InformationFlowSlicing','InformationFlowSlicing_Inter','Free-Boolean-Algebra','Locally-Nameless-Sigma','Regular-Sets','Robbins-Conjecture','DataRefinementIBP','GraphMarkingIBP','Abstract-Rewriting','Matrix','Category2','Free-Groups','Statecharts','Polynomials','Lam-ml-Normalization','Binomial-Heaps','Binomial-Queues','Finger-Trees','Shivers-CFA','Marriage','Lower_Semicontinuous','RIPEMD-160-SPARK','LightweightJava','AutoFocus-Stream','List-Infinite','Nat-Interval-Logic','Transitive-Closure','General-Triangle','KBPs','Max-Card-Matching','Gauss-Jordan-Elim-Fun','Myhill-Nerode','LatticeProperties','MonoBoolTranAlgebra','PseudoHoops','Efficient-Mergesort','TLA','Markov_Models','Dijkstra_Shortest_Path','Refine_Monadic','Girth_Chromatic','Transitive-Closure-II','Abortable_Linearizable_Modules','Well_Quasi_Orders','Ordinary_Differential_Equations','Inductive_Confidentiality','Stuttering_Equivalence','Separation_Algebra','Circus','CCS','Pi_Calculus','Psi_Calculi','Tycon','PCF','Heard_Of','Impossible_Geometry','Datatype_Order_Generator','Possibilistic_Noninterference','Bondy','Tarskis_Geometry','Open_Induction','Separation_Logic_Imperative_HOL','Sqrt_Babylonian','Kleene_Algebra','Rank_Nullity_Theorem','Ribbon_Proofs','Launchbury','Nominal2','Containers','Graph_Theory','ShortestPath','Sort_Encodings','Koenigsberg_Friendship','Lehmer','Pratt_Certificate','IEEE_Floating_Point','Native_Word','Automatic_Refinement','Decreasing-Diagrams','GoedelGod','FocusStreamsCaseStudies','Coinductive_Languages','HereditarilyFinite','Incompleteness','Tail_Recursive_Functions','CryptoBasedCompositionalProperties','Sturm_Sequences','Featherweight_OCL','KAT_and_DRA','Relation_Algebra','Secondary_Sylow','Regex_Equivalence','Real_Impl','Affine_Arithmetic','Selection_Heap_Sort','Random_Graph_Subgraph_Threshold','Partial_Function_MR','AWN','Probabilistic_Noninterference','GPU_Kernel_PL','Discrete_Summation','Abstract_Completeness','HyperCTL','Bounded_Deducibility_Security','SIFUM_Type_Systems','Strong_Security','WHATandWHERE_Security','ComponentDependencies','Regular_Algebras','Noninterference_CSP','Roy_Floyd_Warshall','CAVA_Automata','CAVA_LTL_Modelchecker','Gabow_SCC','LTL_to_GBA','Promela','Boolean_Expression_Checkers','MSO_Regex_Equivalence','Pop_Refinement','Network_Security_Policy_Verification','Amortized_Complexity','pGCL','CISC-Kernel','Show','Splay_Tree','Skew_Heap','Special_Function_Bounds','VectorSpace','Gauss_Jordan','Priority_Queue_Braun','Jordan_Hoelder','Cayley_Hamilton','Sturm_Tarski','Imperative_Insertion_Sort','Certification_Monads','XML','RefinementReactive','Density_Compiler','Stream_Fusion_Code','Lifting_Definition_Option','AODV','UPF','UpDown_Scheme','Finite_Automata_HF','Echelon_Form','QR_Decomposition','Call_Arity','Deriving','Consensus_Refined','Trie','ConcurrentGC','ConcurrentIMP','Residuated_Lattices','Vickrey_Clarke_Groves','Probabilistic_System_Zoo','Formula_Derivatives','Dynamic_Tables','List_Interleaving','Multirelations','Noninterference_Generic_Unwinding','Noninterference_Ipurge_Unwinding','Derangements','Hermite','Akra_Bazzi','Landau_Symbols','Case_Labeling','Encodability_Process_Calculi','Rep_Fin_Groups','Noninterference_Inductive_Unwinding','Decreasing-Diagrams-II','Jordan_Normal_Form','LTL_to_DRA','Isabelle_Meta_Model','Parity_Game','Planarity_Certificates','TortoiseHare','Euler_Partition','Ergodic_Theory','Latin_Square','Card_Partitions','Algebraic_Numbers','Applicative_Lifting','Stern_Brocot','Descartes_Sign_Rule','Liouville_Numbers','Prime_Harmonic_Series','Triangle','Card_Number_Partitions','Matrix_Tensor','Knot_Theory','Polynomial_Factorization','Polynomial_Interpolation','Formal_SSA','List_Update','LTL','Cartan_FP','Timed_Automata','PropResPI','KAD','Noninterference_Sequential_Composition','CYK','ROBDD','No_FTL_observers','Groebner_Bases','Bell_Numbers_Spivey','SDS_Impossibility','Randomised_Social_Choice','MFMC_Countable','FLP','Incredible_Proof_Machine','Perron_Frobenius','Card_Equiv_Relations','Posix-Lexing','Tree_Decomposition','Word_Lib','Noninterference_Concurrent_Composition','Algebraic_VCs','Catalan_Numbers','Dependent_SIFUM_Type_Systems','Card_Multisets','Category3','Dependent_SIFUM_Refinement','IP_Addresses','Resolution_FOL','Rewriting_Z','Buildings','DFS_Framework','Pairing_Heap','Surprise_Paradox','Ptolemys_Theorem','Refine_Imperative_HOL','EdmondsKarp_Maxflow','InfPathElimination','Simple_Firewall','Routing','Stirling_Formula','Stone_Algebras','SuperCalc','Iptables_Semantics','Lambda_Free_RPOs','Allen_Calculus','Fisher_Yates','Lp','Chord_Segments','Berlekamp_Zassenhaus','SPARCv8','Source_Coding_Theorem','LOFT','Stable_Matching','Modal_Logics_for_NTS','Deep_Learning','Lambda_Free_KBOs','Nested_Multisets_Ordinals','Separata','Abs_Int_ITP2012','Complx','Paraconsistency','Proof_Strategy_Language','Twelvefold_Way','Concurrent_Ref_Alg','FOL_Harrison','Password_Authentication_Protocol','UPF_Firewall','E_Transcendental','Bertrands_Postulate','Minimal_SSA','Bernoulli','Key_Agreement_Strong_Adversaries','Stone_Relation_Algebras','Abstract_Soundness','Differential_Dynamic_Logic','Menger','Elliptic_Curves_Group_Law','Euler_MacLaurin','Comparison_Sort_Lower_Bound','Quick_Sort_Cost','Random_BSTs','Subresultants','Lazy_Case','Constructor_Funs','LocalLexing','Types_Tableaus_and_Goedels_God','MonoidalCategory','CryptHOL','Game_Based_Crypto','Monad_Normalisation','Monomorphic_Monad','Probabilistic_While','Floyd_Warshall','Dict_Construction','Security_Protocol_Refinement','Optics','Flow_Networks','Prpu_Maxflow','Buffons_Needle','PSemigroupsConvolution','Propositional_Proof_Systems','Stone_Kleene_Relation_Algebras','CRDT','Name_Carrying_Type_Inference','Minkowskis_Theorem','HOLCF-Prelude','Decl_Sem_Fun_PL','DynamicArchitectures','Stewart_Apollonius','LambdaMu','Orbit_Stabiliser','Root_Balanced_Tree','First_Welfare_Theorem','AnselmGod','PLM','Lowe_Ontological_Argument','Dirichlet_Series','Linear_Recurrences','Zeta_Function','Diophantine_Eqns_Lin_Hom','Count_Complex_Roots','Winding_Number_Eval','Buchi_Complementation','Transition_Systems_and_Automata','Kuratowski_Closure_Complement','Hybrid_Multi_Lane_Spatial_Logic','IMAP-CRDT','Stochastic_Matrices','Knuth_Morris_Pratt','BNF_Operations','Dirichlet_L','Mason_Stothers','Median_Of_Medians_Selection','Falling_Factorial_Sum','Taylor_Models','Green','Gromov_Hyperbolicity','Ordered_Resolution_Prover','LLL_Basis_Reduction','Error_Function','First_Order_Terms','LLL_Factorization','Treaps','Hoare_Time','Architectural_Design_Patterns','CakeML','Weight_Balanced_Trees','Fishburn_Impossibility','BNF_CC','VerifyThis2018','WebAssembly','Modular_Assembly_Kit_Security','OpSets','Monad_Memo_DP','AxiomaticCategoryTheory','Irrationality_J_Hancl','Probabilistic_Timed_Automata','Hidden_Markov_Models','Optimal_BST','Partial_Order_Reduction','Localization_Ring','Projective_Geometry','Pell','Neumann_Morgenstern_Utility','DiscretePricing','Minsky_Machines','Simplex','Budan_Fourier','Quaternions','Octonions','Aggregation_Algebras','Prime_Number_Theorem','Signature_Groebner','Symmetric_Polynomials','Pi_Transcendental','Factored_Transition_System_Bounding','Lambda_Free_EPO','Randomised_BSTs','Smooth_Manifolds','Epistemic_Logic','GewirthPGCProof','Generic_Deriving','Matroids','Auto2_HOL','Functional_Ordered_Resolution_Prover','Graph_Saturation','Order_Lattice_Props','Quantales','Transformer_Semantics','Constructive_Cryptography','Auto2_Imperative_HOL','Concurrent_Revisions','Core_DOM','Store_Buffer_Reduction','Higher_Order_Terms','IMP2','Farkas','List_Inversions','UTP','Universal_Turing_Machine','Probabilistic_Prime_Tests','Kruskal','Prime_Distribution_Elementary','Safe_OCL','QHLProver','Transcendence_Series_Hancl_Rucki','Binding_Syntax_Theory','LTL_Master_Theorem','HOL-CSP','Multi_Party_Computation','LambdaAuth','KD_Tree','Differential_Game_Logic','IMP2_Binary_Heap','Groebner_Macaulay','Nullstellensatz','Linear_Inequalities','Prim_Dijkstra_Simple','Priority_Search_Trees','Complete_Non_Orders','MFOTL_Monitor','CakeML_Codegen','FOL_Seq_Calc1','Szpilrajn','TESL_Language','Stellar_Quorums','IMO2019','C2KA_DistributedSystems','Linear_Programming','Laplace_Transform','Adaptive_State_Counting','Jacobson_Basic_Algebra','Fourier','Hybrid_Systems_VCs','Generic_Join','Clean','Sigma_Commit_Crypto','Aristotles_Assertoric_Syllogistic','VerifyThis2019','Isabelle_C','ZFC_in_HOL','Interval_Arithmetic_Word32','Generalized_Counting_Sort','Gauss_Sums','Complex_Geometry','Poincare_Disc','Poincare_Bendixson','Hybrid_Logic','Zeta_3_Irrational','Bicategory','Skip_Lists','Closest_Pair_Points','Approximation_Algorithms','Mersenne_Primes','Subset_Boolean_Algebras','Arith_Prog_Rel_Primes','VeriComp','Goodstein_Lambda','Hello_World','Relational-Incorrectness-Logic','Furstenberg_Topology','WOOT_Strong_Eventual_Consistency','Lucas_Theorem','Automated_Stateful_Protocol_Verification','Stateful_Protocol_Composition_and_Typing','MFODL_Monitor_Optimized','Saturation_Framework','Sliding_Window_Algorithm','ADS_Functor','Matrices_for_ODEs','Gaussian_Integers','Lambert_W','Power_Sum_Polynomials','Attack_Trees','Banach_Steinhaus','Forcing','LTL_Normal_Form','Recursion-Addition','Irrational_Series_Erdos_Straus','Knuth_Bendix_Order','Nash_Williams','Smith_Normal_Form','Safe_Distance','Relational_Paths','Chandy_Lamport','Ordinal_Partitions','Amicable_Numbers','BirdKMP','Saturation_Framework_Extensions','Relational_Disjoint_Set_Forests','Inductive_Inference','PAC_Checker','Extended_Finite_State_Machine_Inference','Extended_Finite_State_Machines','Goedel_HFSet_Semantic','Goedel_HFSet_Semanticless','Goedel_Incompleteness','Robinson_Arithmetic','Syntax_Independent_Logic','Core_SC_DOM','DOM_Components','SC_DOM_Components','Shadow_DOM','Shadow_SC_DOM','Finite-Map-Extras','Physical_Quantities','AI_Planning_Languages_Semantics','Verified_SAT_Based_AI_Planning','CSP_RefTK','Isabelle_Marries_Dirac','Relational_Method','Interpreter_Optimizations','Relational_Minimum_Spanning_Trees','Topological_Semantics','Delta_System_Lemma','JinjaDCI','Hood_Melville_Queue','Blue_Eyes','IsaGeoCoq','Laws_of_Large_Numbers','Formal_Puiseux_Series','BTree','Sunflowers','Mereology','Hermite_Lindemann','Projective_Measurements','Modular_arithmetic_LLL_and_HNF_algorithms','Constructive_Cryptography_CM','Padic_Ints','Grothendieck_Schemes','IFC_Tracking','Progress_Tracking','GaleStewart_Games','BenOr_Kozen_Reif','Lifting_the_Exponent','Metalogic_ProofChecker','Regression_Test_Selection','Combinatorics_Words','Combinatorics_Words_Graph_Lemma','Combinatorics_Words_Lyndon','IMP_Compiler','Public_Announcement_Logic','MiniSail','Van_der_Waerden','SpecCheck','Finitely_Generated_Abelian_Groups','Schutz_Spacetime','Relational_Forests','Design_Theory','BD_Security_Compositional','CoCon','CoSMeDis','CoSMed','Fresh_Identifiers','Three_Circles','Logging_Independent_Anonymity','Cubic_Quartic_Equations','Dominance_CHK','CZH_Elementary_Categories','CZH_Foundations','CZH_Universal_Constructions','Conditional_Simplification','Conditional_Transfer_Rule','Intro_Dest_Elim','Types_To_Sets_Extension','Weighted_Path_Order','Complex_Bounded_Operators','FOL_Axiomatic','Virtual_Substitution','Correctness_Algebras','X86_Semantics','Belief_Revision','Registers','Szemeredi_Regularity','Factor_Algebraic_Polynomial','PAL','Real_Power','SimplifiedOntologicalArgument','Hahn_Jordan_Decomposition','Foundation_of_geometry','Van_Emde_Boas_Trees','Simplicial_complexes_and_boolean_functions','Regular_Tree_Relations','MDP-Algorithms','MDP-Rewards','Roth_Arithmetic_Progressions','Gale_Shapley','Hyperdual','Knights_Tour','Irrationals_From_THEBOOK','Actuarial_Mathematics','Median_Method','Interpolation_Polynomials_HOL_Algebra','FOL_Seq_Calc2','Youngs_Inequality','FO_Theory_Rewriting','LP_Duality','Quasi_Borel_Spaces','Equivalence_Relation_Enumeration','VYDRA_MDL','Eval_FO','Wetzels_Problem','Universal_Hash_Families','ResiduatedTransitionSystem','Transitive_Models','Independence_CH','Cotangent_PFD_Formula','FOL_Seq_Calc3','Ackermanns_not_PR','Dedekind_Real','Frequency_Moments','Prefix_Free_Code_Combinators','Sophomores_Dream','Digit_Expansions','Multiset_Ordering_NPC','Fishers_Inequality','Clique_and_Monotone_Circuits','Package_logic','Pluennecke_Ruzsa_Inequality','Combinable_Wands','Rewrite_Properties_Reduction','DPRM_Theorem','Finite_Fields','IsaNet','Boolos_Curious_Inference','Real_Time_Deque','IMP_Compiler_Reuse','Weighted_Arithmetic_Geometric_Mean','Commuting_Hermitian','Solidity','Nano_JSON','FSM_Tests','Involutions2Squares','SCC_Bloemen_Sequential','Number_Theoretic_Transform','Hales_Jewett','Khovanskii_Theorem','Separation_Logic_Unbounded','CRYSTALS-Kyber','Implicational_Logic','Risk_Free_Lending','Padic_Field']
+ const article_years_unique = ['2004','','','','','','','','','','','','','','2005','','','','','','','','2006','','','','','','','2007','','','','','','','','2008','','','','','','','','','','','','','','','2009','','','','','','','','','','','','2010','','','','','','','','','','','','','','','','','','','','','','2011','','','','','','','','','','','','','','','','','2012','','','','','','','','','','','','','','','','','','','','','','','','','2013','','','','','','','','','','','','','','','','','','','','','','','2014','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2015','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2016','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2017','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2018','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2019','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2020','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2021','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2022','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','']
+ const loc_articles = [839,1507,1542,1096,1058,2419,44195,205,142,1974,209,1110,3792,506,1141,3766,17615,3119,6430,1145,447,2537,1275,1583,1838,12832,13047,2685,1228,3556,4238,9647,2847,970,1740,79712,4738,3396,2185,10664,31022,6726,30332,180,793,1047,14413,2080,254,2221,5959,3463,799,1540,684,6654,8,2627,27490,264,32555,5025,4380,208,9533,447,2380,3399,606,6305,2060,840,713,1024,5632,1427,4078,2230,6003,22604,1602,3370,1587,2451,2591,260,1617,16,2937,6557,7804,6381,992,125,10130,332,239,1831,999,1756,4420,434,4461,11864,2835,8575,1045,408,2940,2613,37935,3243,1480,2612,3141,2580,23005,27588,2266,4107,7701,1249,260,5309,73,9729,719,6674,1512,4355,1249,1908,6214,4977,10086,7261,538,3830,4591,202,853,1784,5274,10304,1524,150,5292,706,2248,10737,1463,1958,3067,11487,1860,1190,1219,2174,1144,14863,2212,1957,166,10685,6419,572,590,465,1698,1909,4134,1403,2138,2280,1959,2467,220,4432,9396,5430,3999,4472,406,5935,1829,12828,3234,9486,4560,926,659,63,1653,2338,9085,753,2113,875,1836,627,945,1405,1296,7880,1922,90,28055,2879,2796,1116,5259,4863,8842,1356,5997,527,6658,2606,1772,5327,1092,4112,952,1064,2362,1089,2446,477,2074,3763,1954,710,16080,8267,908,1063,21228,9679,8661,3142,9156,695,435,13995,478,898,10416,2724,1162,741,405,495,498,838,3622,4616,6264,4106,8166,12091,3178,518,17581,2876,2418,5496,885,2453,1162,17387,509,703,5047,10687,4287,3811,5337,329,3985,1057,15083,3257,2582,553,8478,206,26817,8773,3324,2960,398,12811,9483,370,173,384,18990,2545,6119,3774,645,2415,4344,9370,20053,3963,3419,319,3174,169,19414,14667,541,2652,7059,7590,3898,3243,4507,855,2289,5027,1349,276,4339,1475,3482,7119,9662,601,1728,852,2194,12204,4212,590,13558,1695,4484,1644,694,835,737,3394,105,68,10492,1127,8501,11278,4135,378,4711,1200,2078,639,14059,2229,3930,4869,468,1531,5570,5683,1993,4205,478,4121,3146,3472,88,480,1261,1877,2193,250,10669,822,7466,3105,5302,2784,8208,8809,2324,6164,945,6514,992,489,810,8949,3434,338,854,493,4593,9457,15962,6402,10342,787,2288,3260,1820,8442,3278,12945,672,843,3402,3638,11570,13548,3734,6261,528,965,7711,1042,1221,5017,1390,2755,1622,2173,13357,805,10042,2667,541,1271,2668,5319,9770,2765,934,11918,2205,1743,7917,1209,449,685,1812,1227,3559,3578,2951,2218,1644,5182,4968,2767,17368,34354,3204,6019,1900,373,9969,30917,3018,3298,5306,4576,10509,986,15793,4437,9487,5543,3301,1264,2973,805,10229,2606,5735,3365,472,3604,3199,13289,987,787,4455,527,713,782,2335,2134,9936,2090,3736,5801,2350,4124,3809,176,1726,9701,7027,5069,5729,4561,14098,10292,6402,4470,1907,68336,2355,3937,3485,1706,3154,944,1033,597,370,691,764,2564,332,21109,23314,10943,3061,744,2353,1560,2537,1609,1239,1939,1338,12002,1034,1444,1902,2670,755,13319,3036,5074,9793,6287,1261,2908,2101,5117,12873,9018,4265,4731,426,11477,3546,1295,8100,16384,3523,7793,12668,15385,648,1761,2352,16434,2359,7700,3995,6542,4731,2826,3304,24539,745,365,26525,290,2582,15792,615,4039,3766,4959,17068,8442,15847,6578,4131,7218,1015,10328,384,9264,4094,13798,488,837,666,840,19737,1088,233,4433,7684,1962,4940,3003,11165,14638,5913,303,3758,817,1329,3157,40867,29106,22137,225,1053,176,17526,4239,18014,1306,21771,13533,2621,1324,5953,909,2961,133,2203,455,2619,6076,20665,1882,9541,4288,4298,1384,2007,2946,3108,269,948,566,757,2594,807,9208,624,8738,502,7222,5937,342,828,18280,18383,14310,730,719,200,1411,4182,816,401,1312,1820,5168,2337,2169,654,2031,3338,8759,4623,7346,95,3711,1527,414,5785,15325,1041,53757,351,3175,1958,2144,1388,2325,3584,175,1923,39761]
</script>
<h4>Growth in number of articles:</h4>
<script src="../js/Chart.js"></script>
<div class="chart">
<canvas id="num-articles-canvas"></canvas>
</div>
<script>
new Chart(document.getElementById("num-articles-canvas"), {
type: 'bar',
data: {
labels: years,
datasets: [{
label: 'size of the AFP in # of articles',
data: no_articles,
backgroundColor: "rgba(46, 45, 78, 1)"
}],
},
options: {
responsive: true,
maintainAspectRatio: false,
scales: {
yAxes: [{
ticks: {
beginAtZero: true
}
}]
},
}
})
</script>
<h4>Growth in lines of code:</h4>
<div class="chart">
<canvas id="loc-years-canvas"></canvas>
</div>
<script>
new Chart(document.getElementById("loc-years-canvas"), {
type: 'bar',
data: {
labels: years,
datasets: [{
label: 'size of the AFP in lines of code',
data: no_loc,
backgroundColor: "rgba(101, 99, 136, 1)"
}],
},
options: {
responsive: true,
maintainAspectRatio: false,
scales: {
yAxes: [{
ticks: {
beginAtZero: true
}
}]
},
}
})
</script>
<h4>Growth in number of authors:</h4>
<div class="chart">
<canvas id="author-years-canvas"></canvas>
</div>
<script>
new Chart(document.getElementById("author-years-canvas"), {
type: 'bar',
data: {
labels: years,
datasets: [{
label: 'new authors per year',
data: no_authors,
backgroundColor: "rgba(101, 99, 136, 1)"
},
{
label: 'number of authors contributing (cumulative)',
data: no_authors_series,
backgroundColor: "rgba(0, 15, 48, 1)"
}],
},
options: {
responsive: true,
maintainAspectRatio: false,
scales: {
yAxes: [{
ticks: {
beginAtZero: true
}
}]
},
}
})
</script>
<h4>Size of articles:</h4>
<div class="chart">
<canvas id="loc-articles-canvas"></canvas>
</div>
<script>
new Chart(document.getElementById("loc-articles-canvas"), {
type: 'bar',
data: {
labels: article_years_unique,
datasets: [{
label: 'loc per article',
data: loc_articles,
backgroundColor: 'rgba(101, 99, 136, 1)'
}]
},
options: {
responsive: true,
maintainAspectRatio: false,
scales: {
xAxes: [{
categoryPercentage: 1,
barPercentage: 0.9,
ticks: {
autoSkip: false
}
}],
yAxes: [{
ticks: {
beginAtZero: true
}
}]
},
tooltips: {
callbacks: {
title: tooltipItem => all_articles[tooltipItem[0].index]
}
}
}
})
</script>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/theories/fol_seq_calc1/index.html b/web/theories/fol_seq_calc1/index.html
--- a/web/theories/fol_seq_calc1/index.html
+++ b/web/theories/fol_seq_calc1/index.html
@@ -1,85 +1,86 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>FOL_Seq_Calc1 - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><meta property="og:title" content="FOL_Seq_Calc1" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/theories/fol_seq_calc1/" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="theories" />
<meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="FOL_Seq_Calc1"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css"><link rel="stylesheet" type="text/css" href="../../css/isabelle.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore theories'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
class="logo">
</a>
<ul id="return">
<li><a href="../../entries/FOL_Seq_Calc1.html">Return to entry</a></li>
</ul>
<hr>
<ul id="theory-navbar" class="list-group"></ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>F</span><span class='first'>O</span><span class='first'>L</span>_<span class='first'>S</span>eq_<span class='first'>C</span>alc1</h1>
<div>
</div>
</header><div><main id="theories">
<a id="Common" href="https://www.isa-afp.org/browser_info/current/AFP/FOL_Seq_Calc1/Common.html"><h2>Common</h2></a>
<a id="Tableau" href="https://www.isa-afp.org/browser_info/current/AFP/FOL_Seq_Calc1/Tableau.html"><h2>Tableau</h2></a>
- <a id="Sequent" href="https://www.isa-afp.org/browser_info/current/AFP/FOL_Seq_Calc1/Sequent.html"><h2>Sequent</h2></a></main>
+ <a id="Sequent" href="https://www.isa-afp.org/browser_info/current/AFP/FOL_Seq_Calc1/Sequent.html"><h2>Sequent</h2></a>
+ <a id="Sequent2" href="https://www.isa-afp.org/browser_info/current/AFP/FOL_Seq_Calc1/Sequent2.html"><h2>Sequent2</h2></a></main>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/theories/implicational_logic/index.html b/web/theories/implicational_logic/index.html
new file mode 100644
--- /dev/null
+++ b/web/theories/implicational_logic/index.html
@@ -0,0 +1,83 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>Implicational_Logic - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><meta property="og:title" content="Implicational_Logic" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/theories/implicational_logic/" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="theories" />
+
+<meta property="og:site_name" content="Archive of Formal Proofs" />
+
+<meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Implicational_Logic"/>
+<meta name="twitter:description" content=""/>
+
+
+ <link rel="stylesheet" type="text/css" href="../../css/front.min.css"><link rel="stylesheet" type="text/css" href="../../css/isabelle.css">
+
+
+ <link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
+ <script src="../../js/flexsearch.bundle.js"></script>
+ <script src="../../js/scroll-spy.js"></script>
+ <script src="../../js/theory.js"></script>
+ <script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
+</head>
+
+
+<body class='mathjax_ignore theories'>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
+ class="logo">
+ </a>
+ <ul id="return">
+ <li><a href="../../entries/Implicational_Logic.html">Return to entry</a></li>
+ </ul>
+ <hr>
+ <ul id="theory-navbar" class="list-group"></ul>
+ </div>
+ </nav>
+</div>
+
+ </aside>
+
+ <div
+ class='content '><header>
+ <form autocomplete="off" action="../../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1 >
+ <span class='first'>I</span>mplicational_<span class='first'>L</span>ogic</h1>
+ <div>
+
+
+ </div>
+</header><div><main id="theories">
+ <a id="Implicational_Logic" href="https://www.isa-afp.org/browser_info/current/AFP/Implicational_Logic/Implicational_Logic.html"><h2>Implicational_Logic</h2></a></main>
+ </div>
+ </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/web/theories/index.xml b/web/theories/index.xml
--- a/web/theories/index.xml
+++ b/web/theories/index.xml
@@ -1,6508 +1,6553 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Theories on Archive of Formal Proofs</title>
<link>/theories/</link>
<description>Recent content in Theories on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language><atom:link href="/theories/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Abortable_Linearizable_Modules</title>
<link>/theories/abortable_linearizable_modules/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abortable_linearizable_modules/</guid>
<description></description>
</item>
<item>
<title>Abs_Int_ITP2012</title>
<link>/theories/abs_int_itp2012/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abs_int_itp2012/</guid>
<description></description>
</item>
<item>
<title>Abstract-Hoare-Logics</title>
<link>/theories/abstract-hoare-logics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abstract-hoare-logics/</guid>
<description></description>
</item>
<item>
<title>Abstract-Rewriting</title>
<link>/theories/abstract-rewriting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abstract-rewriting/</guid>
<description></description>
</item>
<item>
<title>Abstract_Completeness</title>
<link>/theories/abstract_completeness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abstract_completeness/</guid>
<description></description>
</item>
<item>
<title>Abstract_Soundness</title>
<link>/theories/abstract_soundness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abstract_soundness/</guid>
<description></description>
</item>
<item>
<title>Ackermanns_not_PR</title>
<link>/theories/ackermanns_not_pr/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ackermanns_not_pr/</guid>
<description></description>
</item>
<item>
<title>Actuarial_Mathematics</title>
<link>/theories/actuarial_mathematics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/actuarial_mathematics/</guid>
<description></description>
</item>
<item>
<title>Adaptive_State_Counting</title>
<link>/theories/adaptive_state_counting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/adaptive_state_counting/</guid>
<description></description>
</item>
<item>
<title>ADS_Functor</title>
<link>/theories/ads_functor/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ads_functor/</guid>
<description></description>
</item>
<item>
<title>Affine_Arithmetic</title>
<link>/theories/affine_arithmetic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/affine_arithmetic/</guid>
<description></description>
</item>
<item>
<title>Aggregation_Algebras</title>
<link>/theories/aggregation_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/aggregation_algebras/</guid>
<description></description>
</item>
<item>
<title>AI_Planning_Languages_Semantics</title>
<link>/theories/ai_planning_languages_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ai_planning_languages_semantics/</guid>
<description></description>
</item>
<item>
<title>Akra_Bazzi</title>
<link>/theories/akra_bazzi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/akra_bazzi/</guid>
<description></description>
</item>
<item>
<title>Algebraic_Numbers</title>
<link>/theories/algebraic_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/algebraic_numbers/</guid>
<description></description>
</item>
<item>
<title>Algebraic_VCs</title>
<link>/theories/algebraic_vcs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/algebraic_vcs/</guid>
<description></description>
</item>
<item>
<title>Allen_Calculus</title>
<link>/theories/allen_calculus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/allen_calculus/</guid>
<description></description>
</item>
<item>
<title>Amicable_Numbers</title>
<link>/theories/amicable_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/amicable_numbers/</guid>
<description></description>
</item>
<item>
<title>Amortized_Complexity</title>
<link>/theories/amortized_complexity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/amortized_complexity/</guid>
<description></description>
</item>
<item>
<title>AnselmGod</title>
<link>/theories/anselmgod/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/anselmgod/</guid>
<description></description>
</item>
<item>
<title>AODV</title>
<link>/theories/aodv/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/aodv/</guid>
<description></description>
</item>
<item>
<title>Applicative_Lifting</title>
<link>/theories/applicative_lifting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/applicative_lifting/</guid>
<description></description>
</item>
<item>
<title>Approximation_Algorithms</title>
<link>/theories/approximation_algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/approximation_algorithms/</guid>
<description></description>
</item>
<item>
<title>Architectural_Design_Patterns</title>
<link>/theories/architectural_design_patterns/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/architectural_design_patterns/</guid>
<description></description>
</item>
<item>
<title>Aristotles_Assertoric_Syllogistic</title>
<link>/theories/aristotles_assertoric_syllogistic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/aristotles_assertoric_syllogistic/</guid>
<description></description>
</item>
<item>
<title>Arith_Prog_Rel_Primes</title>
<link>/theories/arith_prog_rel_primes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/arith_prog_rel_primes/</guid>
<description></description>
</item>
<item>
<title>ArrowImpossibilityGS</title>
<link>/theories/arrowimpossibilitygs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/arrowimpossibilitygs/</guid>
<description></description>
</item>
<item>
<title>Attack_Trees</title>
<link>/theories/attack_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/attack_trees/</guid>
<description></description>
</item>
<item>
<title>Auto2_HOL</title>
<link>/theories/auto2_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/auto2_hol/</guid>
<description></description>
</item>
<item>
<title>Auto2_Imperative_HOL</title>
<link>/theories/auto2_imperative_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/auto2_imperative_hol/</guid>
<description></description>
</item>
<item>
<title>AutoFocus-Stream</title>
<link>/theories/autofocus-stream/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/autofocus-stream/</guid>
<description></description>
</item>
<item>
<title>Automated_Stateful_Protocol_Verification</title>
<link>/theories/automated_stateful_protocol_verification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/automated_stateful_protocol_verification/</guid>
<description></description>
</item>
<item>
<title>Automatic_Refinement</title>
<link>/theories/automatic_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/automatic_refinement/</guid>
<description></description>
</item>
<item>
<title>AVL-Trees</title>
<link>/theories/avl-trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/avl-trees/</guid>
<description></description>
</item>
<item>
<title>AWN</title>
<link>/theories/awn/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/awn/</guid>
<description></description>
</item>
<item>
<title>AxiomaticCategoryTheory</title>
<link>/theories/axiomaticcategorytheory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/axiomaticcategorytheory/</guid>
<description></description>
</item>
<item>
<title>Banach_Steinhaus</title>
<link>/theories/banach_steinhaus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/banach_steinhaus/</guid>
<description></description>
</item>
<item>
<title>BD_Security_Compositional</title>
<link>/theories/bd_security_compositional/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bd_security_compositional/</guid>
<description></description>
</item>
<item>
<title>BDD</title>
<link>/theories/bdd/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bdd/</guid>
<description></description>
</item>
<item>
<title>Belief_Revision</title>
<link>/theories/belief_revision/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/belief_revision/</guid>
<description></description>
</item>
<item>
<title>Bell_Numbers_Spivey</title>
<link>/theories/bell_numbers_spivey/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bell_numbers_spivey/</guid>
<description></description>
</item>
<item>
<title>BenOr_Kozen_Reif</title>
<link>/theories/benor_kozen_reif/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/benor_kozen_reif/</guid>
<description></description>
</item>
<item>
<title>Berlekamp_Zassenhaus</title>
<link>/theories/berlekamp_zassenhaus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/berlekamp_zassenhaus/</guid>
<description></description>
</item>
<item>
<title>Bernoulli</title>
<link>/theories/bernoulli/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bernoulli/</guid>
<description></description>
</item>
<item>
<title>Bertrands_Postulate</title>
<link>/theories/bertrands_postulate/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bertrands_postulate/</guid>
<description></description>
</item>
<item>
<title>Bicategory</title>
<link>/theories/bicategory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bicategory/</guid>
<description></description>
</item>
<item>
<title>BinarySearchTree</title>
<link>/theories/binarysearchtree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/binarysearchtree/</guid>
<description></description>
</item>
<item>
<title>Binding_Syntax_Theory</title>
<link>/theories/binding_syntax_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/binding_syntax_theory/</guid>
<description></description>
</item>
<item>
<title>Binomial-Heaps</title>
<link>/theories/binomial-heaps/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/binomial-heaps/</guid>
<description></description>
</item>
<item>
<title>Binomial-Queues</title>
<link>/theories/binomial-queues/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/binomial-queues/</guid>
<description></description>
</item>
<item>
<title>BirdKMP</title>
<link>/theories/birdkmp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/birdkmp/</guid>
<description></description>
</item>
<item>
<title>Blue_Eyes</title>
<link>/theories/blue_eyes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/blue_eyes/</guid>
<description></description>
</item>
<item>
<title>BNF_CC</title>
<link>/theories/bnf_cc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bnf_cc/</guid>
<description></description>
</item>
<item>
<title>BNF_Operations</title>
<link>/theories/bnf_operations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bnf_operations/</guid>
<description></description>
</item>
<item>
<title>Bondy</title>
<link>/theories/bondy/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bondy/</guid>
<description></description>
</item>
<item>
<title>Boolean_Expression_Checkers</title>
<link>/theories/boolean_expression_checkers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/boolean_expression_checkers/</guid>
<description></description>
</item>
<item>
<title>Boolos_Curious_Inference</title>
<link>/theories/boolos_curious_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/boolos_curious_inference/</guid>
<description></description>
</item>
<item>
<title>Bounded_Deducibility_Security</title>
<link>/theories/bounded_deducibility_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bounded_deducibility_security/</guid>
<description></description>
</item>
<item>
<title>BTree</title>
<link>/theories/btree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/btree/</guid>
<description></description>
</item>
<item>
<title>Buchi_Complementation</title>
<link>/theories/buchi_complementation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/buchi_complementation/</guid>
<description></description>
</item>
<item>
<title>Budan_Fourier</title>
<link>/theories/budan_fourier/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/budan_fourier/</guid>
<description></description>
</item>
<item>
<title>Buffons_Needle</title>
<link>/theories/buffons_needle/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/buffons_needle/</guid>
<description></description>
</item>
<item>
<title>Buildings</title>
<link>/theories/buildings/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/buildings/</guid>
<description></description>
</item>
<item>
<title>BytecodeLogicJmlTypes</title>
<link>/theories/bytecodelogicjmltypes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bytecodelogicjmltypes/</guid>
<description></description>
</item>
<item>
<title>C2KA_DistributedSystems</title>
<link>/theories/c2ka_distributedsystems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/c2ka_distributedsystems/</guid>
<description></description>
</item>
<item>
<title>CakeML</title>
<link>/theories/cakeml/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cakeml/</guid>
<description></description>
</item>
<item>
<title>CakeML_Codegen</title>
<link>/theories/cakeml_codegen/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cakeml_codegen/</guid>
<description></description>
</item>
<item>
<title>Call_Arity</title>
<link>/theories/call_arity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/call_arity/</guid>
<description></description>
</item>
<item>
<title>Card_Equiv_Relations</title>
<link>/theories/card_equiv_relations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/card_equiv_relations/</guid>
<description></description>
</item>
<item>
<title>Card_Multisets</title>
<link>/theories/card_multisets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/card_multisets/</guid>
<description></description>
</item>
<item>
<title>Card_Number_Partitions</title>
<link>/theories/card_number_partitions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/card_number_partitions/</guid>
<description></description>
</item>
<item>
<title>Card_Partitions</title>
<link>/theories/card_partitions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/card_partitions/</guid>
<description></description>
</item>
<item>
<title>Cartan_FP</title>
<link>/theories/cartan_fp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cartan_fp/</guid>
<description></description>
</item>
<item>
<title>Case_Labeling</title>
<link>/theories/case_labeling/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/case_labeling/</guid>
<description></description>
</item>
<item>
<title>Catalan_Numbers</title>
<link>/theories/catalan_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/catalan_numbers/</guid>
<description></description>
</item>
<item>
<title>Category</title>
<link>/theories/category/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/category/</guid>
<description></description>
</item>
<item>
<title>Category2</title>
<link>/theories/category2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/category2/</guid>
<description></description>
</item>
<item>
<title>Category3</title>
<link>/theories/category3/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/category3/</guid>
<description></description>
</item>
<item>
<title>Cauchy</title>
<link>/theories/cauchy/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cauchy/</guid>
<description></description>
</item>
<item>
<title>CAVA_Automata</title>
<link>/theories/cava_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cava_automata/</guid>
<description></description>
</item>
<item>
<title>CAVA_Base</title>
<link>/theories/cava_base/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cava_base/</guid>
<description></description>
</item>
<item>
<title>CAVA_LTL_Modelchecker</title>
<link>/theories/cava_ltl_modelchecker/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cava_ltl_modelchecker/</guid>
<description></description>
</item>
<item>
<title>CAVA_Setup</title>
<link>/theories/cava_setup/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cava_setup/</guid>
<description></description>
</item>
<item>
<title>Cayley_Hamilton</title>
<link>/theories/cayley_hamilton/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cayley_hamilton/</guid>
<description></description>
</item>
<item>
<title>CCS</title>
<link>/theories/ccs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ccs/</guid>
<description></description>
</item>
<item>
<title>Certification_Monads</title>
<link>/theories/certification_monads/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/certification_monads/</guid>
<description></description>
</item>
<item>
<title>Chandy_Lamport</title>
<link>/theories/chandy_lamport/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/chandy_lamport/</guid>
<description></description>
</item>
<item>
<title>Chord_Segments</title>
<link>/theories/chord_segments/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/chord_segments/</guid>
<description></description>
</item>
<item>
<title>Circus</title>
<link>/theories/circus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/circus/</guid>
<description></description>
</item>
<item>
<title>CISC-Kernel</title>
<link>/theories/cisc-kernel/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cisc-kernel/</guid>
<description></description>
</item>
<item>
<title>Clean</title>
<link>/theories/clean/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/clean/</guid>
<description></description>
</item>
<item>
<title>Clique_and_Monotone_Circuits</title>
<link>/theories/clique_and_monotone_circuits/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/clique_and_monotone_circuits/</guid>
<description></description>
</item>
<item>
<title>ClockSynchInst</title>
<link>/theories/clocksynchinst/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/clocksynchinst/</guid>
<description></description>
</item>
<item>
<title>Closest_Pair_Points</title>
<link>/theories/closest_pair_points/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/closest_pair_points/</guid>
<description></description>
</item>
<item>
<title>CoCon</title>
<link>/theories/cocon/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cocon/</guid>
<description></description>
</item>
<item>
<title>CofGroups</title>
<link>/theories/cofgroups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cofgroups/</guid>
<description></description>
</item>
<item>
<title>Coinductive</title>
<link>/theories/coinductive/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/coinductive/</guid>
<description></description>
</item>
<item>
<title>Coinductive_Languages</title>
<link>/theories/coinductive_languages/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/coinductive_languages/</guid>
<description></description>
</item>
<item>
<title>Collections</title>
<link>/theories/collections/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/collections/</guid>
<description></description>
</item>
<item>
<title>Collections_Examples</title>
<link>/theories/collections_examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/collections_examples/</guid>
<description></description>
</item>
<item>
<title>Combinable_Wands</title>
<link>/theories/combinable_wands/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/combinable_wands/</guid>
<description></description>
</item>
<item>
<title>Combinatorics_Words</title>
<link>/theories/combinatorics_words/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/combinatorics_words/</guid>
<description></description>
</item>
<item>
<title>Combinatorics_Words_Graph_Lemma</title>
<link>/theories/combinatorics_words_graph_lemma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/combinatorics_words_graph_lemma/</guid>
<description></description>
</item>
<item>
<title>Combinatorics_Words_Lyndon</title>
<link>/theories/combinatorics_words_lyndon/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/combinatorics_words_lyndon/</guid>
<description></description>
</item>
<item>
<title>Commuting_Hermitian</title>
<link>/theories/commuting_hermitian/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/commuting_hermitian/</guid>
<description></description>
</item>
<item>
<title>Comparison_Sort_Lower_Bound</title>
<link>/theories/comparison_sort_lower_bound/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/comparison_sort_lower_bound/</guid>
<description></description>
</item>
<item>
<title>Compiling-Exceptions-Correctly</title>
<link>/theories/compiling-exceptions-correctly/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/compiling-exceptions-correctly/</guid>
<description></description>
</item>
<item>
<title>Complete_Non_Orders</title>
<link>/theories/complete_non_orders/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/complete_non_orders/</guid>
<description></description>
</item>
<item>
<title>Completeness</title>
<link>/theories/completeness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/completeness/</guid>
<description></description>
</item>
<item>
<title>Complex_Bounded_Operators</title>
<link>/theories/complex_bounded_operators/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/complex_bounded_operators/</guid>
<description></description>
</item>
<item>
<title>Complex_Geometry</title>
<link>/theories/complex_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/complex_geometry/</guid>
<description></description>
</item>
<item>
<title>Complx</title>
<link>/theories/complx/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/complx/</guid>
<description></description>
</item>
<item>
<title>ComponentDependencies</title>
<link>/theories/componentdependencies/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/componentdependencies/</guid>
<description></description>
</item>
<item>
<title>Concurrent_Ref_Alg</title>
<link>/theories/concurrent_ref_alg/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/concurrent_ref_alg/</guid>
<description></description>
</item>
<item>
<title>Concurrent_Revisions</title>
<link>/theories/concurrent_revisions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/concurrent_revisions/</guid>
<description></description>
</item>
<item>
<title>ConcurrentGC</title>
<link>/theories/concurrentgc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/concurrentgc/</guid>
<description></description>
</item>
<item>
<title>ConcurrentIMP</title>
<link>/theories/concurrentimp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/concurrentimp/</guid>
<description></description>
</item>
<item>
<title>Conditional_Simplification</title>
<link>/theories/conditional_simplification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/conditional_simplification/</guid>
<description></description>
</item>
<item>
<title>Conditional_Transfer_Rule</title>
<link>/theories/conditional_transfer_rule/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/conditional_transfer_rule/</guid>
<description></description>
</item>
<item>
<title>Consensus_Refined</title>
<link>/theories/consensus_refined/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/consensus_refined/</guid>
<description></description>
</item>
<item>
<title>Constructive_Cryptography</title>
<link>/theories/constructive_cryptography/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/constructive_cryptography/</guid>
<description></description>
</item>
<item>
<title>Constructive_Cryptography_CM</title>
<link>/theories/constructive_cryptography_cm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/constructive_cryptography_cm/</guid>
<description></description>
</item>
<item>
<title>Constructor_Funs</title>
<link>/theories/constructor_funs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/constructor_funs/</guid>
<description></description>
</item>
<item>
<title>Containers</title>
<link>/theories/containers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/containers/</guid>
<description></description>
</item>
<item>
<title>Containers-Benchmarks</title>
<link>/theories/containers-benchmarks/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/containers-benchmarks/</guid>
<description></description>
</item>
<item>
<title>Core_DOM</title>
<link>/theories/core_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/core_dom/</guid>
<description></description>
</item>
<item>
<title>Core_SC_DOM</title>
<link>/theories/core_sc_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/core_sc_dom/</guid>
<description></description>
</item>
<item>
<title>CoreC&#43;&#43;</title>
<link>/theories/corec&#43;&#43;/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/corec&#43;&#43;/</guid>
<description></description>
</item>
<item>
<title>Correctness_Algebras</title>
<link>/theories/correctness_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/correctness_algebras/</guid>
<description></description>
</item>
<item>
<title>CoSMed</title>
<link>/theories/cosmed/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cosmed/</guid>
<description></description>
</item>
<item>
<title>CoSMeDis</title>
<link>/theories/cosmedis/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cosmedis/</guid>
<description></description>
</item>
<item>
<title>Cotangent_PFD_Formula</title>
<link>/theories/cotangent_pfd_formula/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cotangent_pfd_formula/</guid>
<description></description>
</item>
<item>
<title>Count_Complex_Roots</title>
<link>/theories/count_complex_roots/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/count_complex_roots/</guid>
<description></description>
</item>
<item>
<title>CRDT</title>
<link>/theories/crdt/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/crdt/</guid>
<description></description>
</item>
<item>
<title>CryptHOL</title>
<link>/theories/crypthol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/crypthol/</guid>
<description></description>
</item>
<item>
<title>CryptoBasedCompositionalProperties</title>
<link>/theories/cryptobasedcompositionalproperties/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cryptobasedcompositionalproperties/</guid>
<description></description>
</item>
<item>
<title>CRYSTALS-Kyber</title>
<link>/theories/crystals-kyber/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/crystals-kyber/</guid>
<description></description>
</item>
<item>
<title>CSP_RefTK</title>
<link>/theories/csp_reftk/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/csp_reftk/</guid>
<description></description>
</item>
<item>
<title>Cubic_Quartic_Equations</title>
<link>/theories/cubic_quartic_equations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cubic_quartic_equations/</guid>
<description></description>
</item>
<item>
<title>CYK</title>
<link>/theories/cyk/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cyk/</guid>
<description></description>
</item>
<item>
<title>CZH_Elementary_Categories</title>
<link>/theories/czh_elementary_categories/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/czh_elementary_categories/</guid>
<description></description>
</item>
<item>
<title>CZH_Foundations</title>
<link>/theories/czh_foundations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/czh_foundations/</guid>
<description></description>
</item>
<item>
<title>CZH_Universal_Constructions</title>
<link>/theories/czh_universal_constructions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/czh_universal_constructions/</guid>
<description></description>
</item>
<item>
<title>DataRefinementIBP</title>
<link>/theories/datarefinementibp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/datarefinementibp/</guid>
<description></description>
</item>
<item>
<title>Datatype_Order_Generator</title>
<link>/theories/datatype_order_generator/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/datatype_order_generator/</guid>
<description></description>
</item>
<item>
<title>Decl_Sem_Fun_PL</title>
<link>/theories/decl_sem_fun_pl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/decl_sem_fun_pl/</guid>
<description></description>
</item>
<item>
<title>Decreasing-Diagrams</title>
<link>/theories/decreasing-diagrams/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/decreasing-diagrams/</guid>
<description></description>
</item>
<item>
<title>Decreasing-Diagrams-II</title>
<link>/theories/decreasing-diagrams-ii/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/decreasing-diagrams-ii/</guid>
<description></description>
</item>
<item>
<title>Dedekind_Real</title>
<link>/theories/dedekind_real/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dedekind_real/</guid>
<description></description>
</item>
<item>
<title>Deep_Learning</title>
<link>/theories/deep_learning/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/deep_learning/</guid>
<description></description>
</item>
<item>
<title>Delta_System_Lemma</title>
<link>/theories/delta_system_lemma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/delta_system_lemma/</guid>
<description></description>
</item>
<item>
<title>Density_Compiler</title>
<link>/theories/density_compiler/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/density_compiler/</guid>
<description></description>
</item>
<item>
<title>Dependent_SIFUM_Refinement</title>
<link>/theories/dependent_sifum_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dependent_sifum_refinement/</guid>
<description></description>
</item>
<item>
<title>Dependent_SIFUM_Type_Systems</title>
<link>/theories/dependent_sifum_type_systems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dependent_sifum_type_systems/</guid>
<description></description>
</item>
<item>
<title>Depth-First-Search</title>
<link>/theories/depth-first-search/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/depth-first-search/</guid>
<description></description>
</item>
<item>
<title>Derangements</title>
<link>/theories/derangements/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/derangements/</guid>
<description></description>
</item>
<item>
<title>Deriving</title>
<link>/theories/deriving/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/deriving/</guid>
<description></description>
</item>
<item>
<title>Descartes_Sign_Rule</title>
<link>/theories/descartes_sign_rule/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/descartes_sign_rule/</guid>
<description></description>
</item>
<item>
<title>Design_Theory</title>
<link>/theories/design_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/design_theory/</guid>
<description></description>
</item>
<item>
<title>DFS_Framework</title>
<link>/theories/dfs_framework/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dfs_framework/</guid>
<description></description>
</item>
<item>
<title>Dict_Construction</title>
<link>/theories/dict_construction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dict_construction/</guid>
<description></description>
</item>
<item>
<title>Differential_Dynamic_Logic</title>
<link>/theories/differential_dynamic_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/differential_dynamic_logic/</guid>
<description></description>
</item>
<item>
<title>Differential_Game_Logic</title>
<link>/theories/differential_game_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/differential_game_logic/</guid>
<description></description>
</item>
<item>
<title>Digit_Expansions</title>
<link>/theories/digit_expansions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/digit_expansions/</guid>
<description></description>
</item>
<item>
<title>Dijkstra_Shortest_Path</title>
<link>/theories/dijkstra_shortest_path/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dijkstra_shortest_path/</guid>
<description></description>
</item>
<item>
<title>Diophantine_Eqns_Lin_Hom</title>
<link>/theories/diophantine_eqns_lin_hom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/diophantine_eqns_lin_hom/</guid>
<description></description>
</item>
<item>
<title>Dirichlet_L</title>
<link>/theories/dirichlet_l/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dirichlet_l/</guid>
<description></description>
</item>
<item>
<title>Dirichlet_Series</title>
<link>/theories/dirichlet_series/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dirichlet_series/</guid>
<description></description>
</item>
<item>
<title>Discrete_Summation</title>
<link>/theories/discrete_summation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/discrete_summation/</guid>
<description></description>
</item>
<item>
<title>DiscretePricing</title>
<link>/theories/discretepricing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/discretepricing/</guid>
<description></description>
</item>
<item>
<title>DiskPaxos</title>
<link>/theories/diskpaxos/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/diskpaxos/</guid>
<description></description>
</item>
<item>
<title>DOM_Components</title>
<link>/theories/dom_components/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dom_components/</guid>
<description></description>
</item>
<item>
<title>Dominance_CHK</title>
<link>/theories/dominance_chk/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dominance_chk/</guid>
<description></description>
</item>
<item>
<title>DPRM_Theorem</title>
<link>/theories/dprm_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dprm_theorem/</guid>
<description></description>
</item>
<item>
<title>DPT-SAT-Solver</title>
<link>/theories/dpt-sat-solver/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dpt-sat-solver/</guid>
<description></description>
</item>
<item>
<title>Dynamic_Tables</title>
<link>/theories/dynamic_tables/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dynamic_tables/</guid>
<description></description>
</item>
<item>
<title>DynamicArchitectures</title>
<link>/theories/dynamicarchitectures/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dynamicarchitectures/</guid>
<description></description>
</item>
<item>
<title>E_Transcendental</title>
<link>/theories/e_transcendental/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/e_transcendental/</guid>
<description></description>
</item>
<item>
<title>Echelon_Form</title>
<link>/theories/echelon_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/echelon_form/</guid>
<description></description>
</item>
<item>
<title>EdmondsKarp_Maxflow</title>
<link>/theories/edmondskarp_maxflow/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/edmondskarp_maxflow/</guid>
<description></description>
</item>
<item>
<title>Efficient-Mergesort</title>
<link>/theories/efficient-mergesort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/efficient-mergesort/</guid>
<description></description>
</item>
<item>
<title>Elliptic_Curves_Group_Law</title>
<link>/theories/elliptic_curves_group_law/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/elliptic_curves_group_law/</guid>
<description></description>
</item>
<item>
<title>Encodability_Process_Calculi</title>
<link>/theories/encodability_process_calculi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/encodability_process_calculi/</guid>
<description></description>
</item>
<item>
<title>Epistemic_Logic</title>
<link>/theories/epistemic_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/epistemic_logic/</guid>
<description></description>
</item>
<item>
<title>Equivalence_Relation_Enumeration</title>
<link>/theories/equivalence_relation_enumeration/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/equivalence_relation_enumeration/</guid>
<description></description>
</item>
<item>
<title>Ergodic_Theory</title>
<link>/theories/ergodic_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ergodic_theory/</guid>
<description></description>
</item>
<item>
<title>Error_Function</title>
<link>/theories/error_function/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/error_function/</guid>
<description></description>
</item>
<item>
<title>Euler_MacLaurin</title>
<link>/theories/euler_maclaurin/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/euler_maclaurin/</guid>
<description></description>
</item>
<item>
<title>Euler_Partition</title>
<link>/theories/euler_partition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/euler_partition/</guid>
<description></description>
</item>
<item>
<title>Eval_FO</title>
<link>/theories/eval_fo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/eval_fo/</guid>
<description></description>
</item>
<item>
<title>Extended_Finite_State_Machine_Inference</title>
<link>/theories/extended_finite_state_machine_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/extended_finite_state_machine_inference/</guid>
<description></description>
</item>
<item>
<title>Extended_Finite_State_Machines</title>
<link>/theories/extended_finite_state_machines/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/extended_finite_state_machines/</guid>
<description></description>
</item>
<item>
<title>Factor_Algebraic_Polynomial</title>
<link>/theories/factor_algebraic_polynomial/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/factor_algebraic_polynomial/</guid>
<description></description>
</item>
<item>
<title>Factored_Transition_System_Bounding</title>
<link>/theories/factored_transition_system_bounding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/factored_transition_system_bounding/</guid>
<description></description>
</item>
<item>
<title>Falling_Factorial_Sum</title>
<link>/theories/falling_factorial_sum/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/falling_factorial_sum/</guid>
<description></description>
</item>
<item>
<title>Farkas</title>
<link>/theories/farkas/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/farkas/</guid>
<description></description>
</item>
<item>
<title>Featherweight_OCL</title>
<link>/theories/featherweight_ocl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/featherweight_ocl/</guid>
<description></description>
</item>
<item>
<title>FeatherweightJava</title>
<link>/theories/featherweightjava/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/featherweightjava/</guid>
<description></description>
</item>
<item>
<title>Fermat3_4</title>
<link>/theories/fermat3_4/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fermat3_4/</guid>
<description></description>
</item>
<item>
<title>FFT</title>
<link>/theories/fft/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fft/</guid>
<description></description>
</item>
<item>
<title>FileRefinement</title>
<link>/theories/filerefinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/filerefinement/</guid>
<description></description>
</item>
<item>
<title>FinFun</title>
<link>/theories/finfun/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finfun/</guid>
<description></description>
</item>
<item>
<title>Finger-Trees</title>
<link>/theories/finger-trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finger-trees/</guid>
<description></description>
</item>
<item>
<title>Finite-Map-Extras</title>
<link>/theories/finite-map-extras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finite-map-extras/</guid>
<description></description>
</item>
<item>
<title>Finite_Automata_HF</title>
<link>/theories/finite_automata_hf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finite_automata_hf/</guid>
<description></description>
</item>
<item>
<title>Finite_Fields</title>
<link>/theories/finite_fields/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finite_fields/</guid>
<description></description>
</item>
<item>
<title>Finitely_Generated_Abelian_Groups</title>
<link>/theories/finitely_generated_abelian_groups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finitely_generated_abelian_groups/</guid>
<description></description>
</item>
<item>
<title>First_Order_Terms</title>
<link>/theories/first_order_terms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/first_order_terms/</guid>
<description></description>
</item>
<item>
<title>First_Welfare_Theorem</title>
<link>/theories/first_welfare_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/first_welfare_theorem/</guid>
<description></description>
</item>
<item>
<title>Fishburn_Impossibility</title>
<link>/theories/fishburn_impossibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fishburn_impossibility/</guid>
<description></description>
</item>
<item>
<title>Fisher_Yates</title>
<link>/theories/fisher_yates/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fisher_yates/</guid>
<description></description>
</item>
<item>
<title>Fishers_Inequality</title>
<link>/theories/fishers_inequality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fishers_inequality/</guid>
<description></description>
</item>
<item>
<title>Flow_Networks</title>
<link>/theories/flow_networks/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/flow_networks/</guid>
<description></description>
</item>
<item>
<title>Floyd_Warshall</title>
<link>/theories/floyd_warshall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/floyd_warshall/</guid>
<description></description>
</item>
<item>
<title>FLP</title>
<link>/theories/flp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/flp/</guid>
<description></description>
</item>
<item>
<title>Flyspeck-Tame</title>
<link>/theories/flyspeck-tame/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/flyspeck-tame/</guid>
<description></description>
</item>
<item>
<title>Flyspeck-Tame-Computation</title>
<link>/theories/flyspeck-tame-computation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/flyspeck-tame-computation/</guid>
<description></description>
</item>
<item>
<title>FO_Theory_Rewriting</title>
<link>/theories/fo_theory_rewriting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fo_theory_rewriting/</guid>
<description></description>
</item>
<item>
<title>FocusStreamsCaseStudies</title>
<link>/theories/focusstreamscasestudies/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/focusstreamscasestudies/</guid>
<description></description>
</item>
<item>
<title>FOL-Fitting</title>
<link>/theories/fol-fitting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol-fitting/</guid>
<description></description>
</item>
<item>
<title>FOL_Axiomatic</title>
<link>/theories/fol_axiomatic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_axiomatic/</guid>
<description></description>
</item>
<item>
<title>FOL_Harrison</title>
<link>/theories/fol_harrison/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_harrison/</guid>
<description></description>
</item>
<item>
<title>FOL_Seq_Calc1</title>
<link>/theories/fol_seq_calc1/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_seq_calc1/</guid>
<description></description>
</item>
<item>
<title>FOL_Seq_Calc2</title>
<link>/theories/fol_seq_calc2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_seq_calc2/</guid>
<description></description>
</item>
<item>
<title>FOL_Seq_Calc3</title>
<link>/theories/fol_seq_calc3/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_seq_calc3/</guid>
<description></description>
</item>
<item>
<title>Forcing</title>
<link>/theories/forcing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/forcing/</guid>
<description></description>
</item>
<item>
<title>Formal_Puiseux_Series</title>
<link>/theories/formal_puiseux_series/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/formal_puiseux_series/</guid>
<description></description>
</item>
<item>
<title>Formal_SSA</title>
<link>/theories/formal_ssa/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/formal_ssa/</guid>
<description></description>
</item>
<item>
<title>Formula_Derivatives</title>
<link>/theories/formula_derivatives/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/formula_derivatives/</guid>
<description></description>
</item>
<item>
<title>Formula_Derivatives-Examples</title>
<link>/theories/formula_derivatives-examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/formula_derivatives-examples/</guid>
<description></description>
</item>
<item>
<title>Foundation_of_geometry</title>
<link>/theories/foundation_of_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/foundation_of_geometry/</guid>
<description></description>
</item>
<item>
<title>Fourier</title>
<link>/theories/fourier/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fourier/</guid>
<description></description>
</item>
<item>
<title>Free-Boolean-Algebra</title>
<link>/theories/free-boolean-algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/free-boolean-algebra/</guid>
<description></description>
</item>
<item>
<title>Free-Groups</title>
<link>/theories/free-groups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/free-groups/</guid>
<description></description>
</item>
<item>
<title>Frequency_Moments</title>
<link>/theories/frequency_moments/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/frequency_moments/</guid>
<description></description>
</item>
<item>
<title>Fresh_Identifiers</title>
<link>/theories/fresh_identifiers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fresh_identifiers/</guid>
<description></description>
</item>
<item>
<title>FSM_Tests</title>
<link>/theories/fsm_tests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fsm_tests/</guid>
<description></description>
</item>
<item>
<title>Functional-Automata</title>
<link>/theories/functional-automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/functional-automata/</guid>
<description></description>
</item>
<item>
<title>Functional_Ordered_Resolution_Prover</title>
<link>/theories/functional_ordered_resolution_prover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/functional_ordered_resolution_prover/</guid>
<description></description>
</item>
<item>
<title>FunWithFunctions</title>
<link>/theories/funwithfunctions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/funwithfunctions/</guid>
<description></description>
</item>
<item>
<title>FunWithTilings</title>
<link>/theories/funwithtilings/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/funwithtilings/</guid>
<description></description>
</item>
<item>
<title>Furstenberg_Topology</title>
<link>/theories/furstenberg_topology/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/furstenberg_topology/</guid>
<description></description>
</item>
<item>
<title>Gabow_SCC</title>
<link>/theories/gabow_scc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gabow_scc/</guid>
<description></description>
</item>
<item>
<title>Gale_Shapley</title>
<link>/theories/gale_shapley/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gale_shapley/</guid>
<description></description>
</item>
<item>
<title>GaleStewart_Games</title>
<link>/theories/galestewart_games/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/galestewart_games/</guid>
<description></description>
</item>
<item>
<title>Game_Based_Crypto</title>
<link>/theories/game_based_crypto/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/game_based_crypto/</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan-Elim-Fun</title>
<link>/theories/gauss-jordan-elim-fun/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gauss-jordan-elim-fun/</guid>
<description></description>
</item>
<item>
<title>Gauss_Jordan</title>
<link>/theories/gauss_jordan/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gauss_jordan/</guid>
<description></description>
</item>
<item>
<title>Gauss_Sums</title>
<link>/theories/gauss_sums/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gauss_sums/</guid>
<description></description>
</item>
<item>
<title>Gaussian_Integers</title>
<link>/theories/gaussian_integers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gaussian_integers/</guid>
<description></description>
</item>
<item>
<title>GenClock</title>
<link>/theories/genclock/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/genclock/</guid>
<description></description>
</item>
<item>
<title>General-Triangle</title>
<link>/theories/general-triangle/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/general-triangle/</guid>
<description></description>
</item>
<item>
<title>Generalized_Counting_Sort</title>
<link>/theories/generalized_counting_sort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/generalized_counting_sort/</guid>
<description></description>
</item>
<item>
<title>Generic_Deriving</title>
<link>/theories/generic_deriving/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/generic_deriving/</guid>
<description></description>
</item>
<item>
<title>Generic_Join</title>
<link>/theories/generic_join/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/generic_join/</guid>
<description></description>
</item>
<item>
<title>GewirthPGCProof</title>
<link>/theories/gewirthpgcproof/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gewirthpgcproof/</guid>
<description></description>
</item>
<item>
<title>Girth_Chromatic</title>
<link>/theories/girth_chromatic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/girth_chromatic/</guid>
<description></description>
</item>
<item>
<title>Goedel_HFSet_Semantic</title>
<link>/theories/goedel_hfset_semantic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goedel_hfset_semantic/</guid>
<description></description>
</item>
<item>
<title>Goedel_HFSet_Semanticless</title>
<link>/theories/goedel_hfset_semanticless/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goedel_hfset_semanticless/</guid>
<description></description>
</item>
<item>
<title>Goedel_Incompleteness</title>
<link>/theories/goedel_incompleteness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goedel_incompleteness/</guid>
<description></description>
</item>
<item>
<title>GoedelGod</title>
<link>/theories/goedelgod/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goedelgod/</guid>
<description></description>
</item>
<item>
<title>Goodstein_Lambda</title>
<link>/theories/goodstein_lambda/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goodstein_lambda/</guid>
<description></description>
</item>
<item>
<title>GPU_Kernel_PL</title>
<link>/theories/gpu_kernel_pl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gpu_kernel_pl/</guid>
<description></description>
</item>
<item>
<title>Graph_Saturation</title>
<link>/theories/graph_saturation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/graph_saturation/</guid>
<description></description>
</item>
<item>
<title>Graph_Theory</title>
<link>/theories/graph_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/graph_theory/</guid>
<description></description>
</item>
<item>
<title>GraphMarkingIBP</title>
<link>/theories/graphmarkingibp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/graphmarkingibp/</guid>
<description></description>
</item>
<item>
<title>Green</title>
<link>/theories/green/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/green/</guid>
<description></description>
</item>
<item>
<title>Groebner_Bases</title>
<link>/theories/groebner_bases/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/groebner_bases/</guid>
<description></description>
</item>
<item>
<title>Groebner_Macaulay</title>
<link>/theories/groebner_macaulay/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/groebner_macaulay/</guid>
<description></description>
</item>
<item>
<title>Gromov_Hyperbolicity</title>
<link>/theories/gromov_hyperbolicity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gromov_hyperbolicity/</guid>
<description></description>
</item>
<item>
<title>Grothendieck_Schemes</title>
<link>/theories/grothendieck_schemes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/grothendieck_schemes/</guid>
<description></description>
</item>
<item>
<title>Group-Ring-Module</title>
<link>/theories/group-ring-module/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/group-ring-module/</guid>
<description></description>
</item>
<item>
<title>Hahn_Jordan_Decomposition</title>
<link>/theories/hahn_jordan_decomposition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hahn_jordan_decomposition/</guid>
<description></description>
</item>
<item>
<title>Hales_Jewett</title>
<link>/theories/hales_jewett/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hales_jewett/</guid>
<description></description>
</item>
<item>
<title>Heard_Of</title>
<link>/theories/heard_of/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/heard_of/</guid>
<description></description>
</item>
<item>
<title>Hello_World</title>
<link>/theories/hello_world/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hello_world/</guid>
<description></description>
</item>
<item>
<title>HereditarilyFinite</title>
<link>/theories/hereditarilyfinite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hereditarilyfinite/</guid>
<description></description>
</item>
<item>
<title>Hermite</title>
<link>/theories/hermite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hermite/</guid>
<description></description>
</item>
<item>
<title>Hermite_Lindemann</title>
<link>/theories/hermite_lindemann/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hermite_lindemann/</guid>
<description></description>
</item>
<item>
<title>Hidden_Markov_Models</title>
<link>/theories/hidden_markov_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hidden_markov_models/</guid>
<description></description>
</item>
<item>
<title>Higher_Order_Terms</title>
<link>/theories/higher_order_terms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/higher_order_terms/</guid>
<description></description>
</item>
<item>
<title>Hoare_Time</title>
<link>/theories/hoare_time/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hoare_time/</guid>
<description></description>
</item>
<item>
<title>HOL-CSP</title>
<link>/theories/hol-csp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hol-csp/</guid>
<description></description>
</item>
<item>
<title>HOL-ODE-ARCH-COMP</title>
<link>/theories/hol-ode-arch-comp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hol-ode-arch-comp/</guid>
<description></description>
</item>
<item>
<title>HOL-ODE-Examples</title>
<link>/theories/hol-ode-examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hol-ode-examples/</guid>
<description></description>
</item>
<item>
<title>HOL-ODE-Numerics</title>
<link>/theories/hol-ode-numerics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hol-ode-numerics/</guid>
<description></description>
</item>
<item>
<title>HOLCF-Prelude</title>
<link>/theories/holcf-prelude/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/holcf-prelude/</guid>
<description></description>
</item>
<item>
<title>Hood_Melville_Queue</title>
<link>/theories/hood_melville_queue/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hood_melville_queue/</guid>
<description></description>
</item>
<item>
<title>HotelKeyCards</title>
<link>/theories/hotelkeycards/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hotelkeycards/</guid>
<description></description>
</item>
<item>
<title>HRB-Slicing</title>
<link>/theories/hrb-slicing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hrb-slicing/</guid>
<description></description>
</item>
<item>
<title>Huffman</title>
<link>/theories/huffman/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/huffman/</guid>
<description></description>
</item>
<item>
<title>Hybrid_Logic</title>
<link>/theories/hybrid_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hybrid_logic/</guid>
<description></description>
</item>
<item>
<title>Hybrid_Multi_Lane_Spatial_Logic</title>
<link>/theories/hybrid_multi_lane_spatial_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hybrid_multi_lane_spatial_logic/</guid>
<description></description>
</item>
<item>
<title>Hybrid_Systems_VCs</title>
<link>/theories/hybrid_systems_vcs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hybrid_systems_vcs/</guid>
<description></description>
</item>
<item>
<title>HyperCTL</title>
<link>/theories/hyperctl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hyperctl/</guid>
<description></description>
</item>
<item>
<title>Hyperdual</title>
<link>/theories/hyperdual/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hyperdual/</guid>
<description></description>
</item>
<item>
<title>IEEE_Floating_Point</title>
<link>/theories/ieee_floating_point/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ieee_floating_point/</guid>
<description></description>
</item>
<item>
<title>IFC_Tracking</title>
<link>/theories/ifc_tracking/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ifc_tracking/</guid>
<description></description>
</item>
<item>
<title>IMAP-CRDT</title>
<link>/theories/imap-crdt/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imap-crdt/</guid>
<description></description>
</item>
<item>
<title>IMO2019</title>
<link>/theories/imo2019/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imo2019/</guid>
<description></description>
</item>
<item>
<title>IMP2</title>
<link>/theories/imp2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imp2/</guid>
<description></description>
</item>
<item>
<title>IMP2_Binary_Heap</title>
<link>/theories/imp2_binary_heap/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imp2_binary_heap/</guid>
<description></description>
</item>
<item>
<title>IMP_Compiler</title>
<link>/theories/imp_compiler/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imp_compiler/</guid>
<description></description>
</item>
<item>
<title>IMP_Compiler_Reuse</title>
<link>/theories/imp_compiler_reuse/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imp_compiler_reuse/</guid>
<description></description>
</item>
<item>
<title>Imperative_Insertion_Sort</title>
<link>/theories/imperative_insertion_sort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imperative_insertion_sort/</guid>
<description></description>
</item>
<item>
+ <title>Implicational_Logic</title>
+ <link>/theories/implicational_logic/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>/theories/implicational_logic/</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Impossible_Geometry</title>
<link>/theories/impossible_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/impossible_geometry/</guid>
<description></description>
</item>
<item>
<title>Incompleteness</title>
<link>/theories/incompleteness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/incompleteness/</guid>
<description></description>
</item>
<item>
<title>Incredible_Proof_Machine</title>
<link>/theories/incredible_proof_machine/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/incredible_proof_machine/</guid>
<description></description>
</item>
<item>
<title>Independence_CH</title>
<link>/theories/independence_ch/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/independence_ch/</guid>
<description></description>
</item>
<item>
<title>Inductive_Confidentiality</title>
<link>/theories/inductive_confidentiality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/inductive_confidentiality/</guid>
<description></description>
</item>
<item>
<title>Inductive_Inference</title>
<link>/theories/inductive_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/inductive_inference/</guid>
<description></description>
</item>
<item>
<title>InformationFlowSlicing</title>
<link>/theories/informationflowslicing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/informationflowslicing/</guid>
<description></description>
</item>
<item>
<title>InformationFlowSlicing_Inter</title>
<link>/theories/informationflowslicing_inter/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/informationflowslicing_inter/</guid>
<description></description>
</item>
<item>
<title>InfPathElimination</title>
<link>/theories/infpathelimination/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/infpathelimination/</guid>
<description></description>
</item>
<item>
<title>Integration</title>
<link>/theories/integration/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/integration/</guid>
<description></description>
</item>
<item>
<title>Interpolation_Polynomials_HOL_Algebra</title>
<link>/theories/interpolation_polynomials_hol_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/interpolation_polynomials_hol_algebra/</guid>
<description></description>
</item>
<item>
<title>Interpreter_Optimizations</title>
<link>/theories/interpreter_optimizations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/interpreter_optimizations/</guid>
<description></description>
</item>
<item>
<title>Interval_Arithmetic_Word32</title>
<link>/theories/interval_arithmetic_word32/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/interval_arithmetic_word32/</guid>
<description></description>
</item>
<item>
<title>Intro_Dest_Elim</title>
<link>/theories/intro_dest_elim/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/intro_dest_elim/</guid>
<description></description>
</item>
<item>
<title>Involutions2Squares</title>
<link>/theories/involutions2squares/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/involutions2squares/</guid>
<description></description>
</item>
<item>
<title>IP_Addresses</title>
<link>/theories/ip_addresses/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ip_addresses/</guid>
<description></description>
</item>
<item>
<title>Iptables_Semantics</title>
<link>/theories/iptables_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/iptables_semantics/</guid>
<description></description>
</item>
<item>
<title>Iptables_Semantics_Examples</title>
<link>/theories/iptables_semantics_examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/iptables_semantics_examples/</guid>
<description></description>
</item>
<item>
<title>Iptables_Semantics_Examples_Big</title>
<link>/theories/iptables_semantics_examples_big/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/iptables_semantics_examples_big/</guid>
<description></description>
</item>
<item>
<title>Irrational_Series_Erdos_Straus</title>
<link>/theories/irrational_series_erdos_straus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/irrational_series_erdos_straus/</guid>
<description></description>
</item>
<item>
<title>Irrationality_J_Hancl</title>
<link>/theories/irrationality_j_hancl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/irrationality_j_hancl/</guid>
<description></description>
</item>
<item>
<title>Irrationals_From_THEBOOK</title>
<link>/theories/irrationals_from_thebook/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/irrationals_from_thebook/</guid>
<description></description>
</item>
<item>
<title>Isabelle_C</title>
<link>/theories/isabelle_c/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isabelle_c/</guid>
<description></description>
</item>
<item>
<title>Isabelle_Marries_Dirac</title>
<link>/theories/isabelle_marries_dirac/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isabelle_marries_dirac/</guid>
<description></description>
</item>
<item>
<title>Isabelle_Meta_Model</title>
<link>/theories/isabelle_meta_model/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isabelle_meta_model/</guid>
<description></description>
</item>
<item>
<title>IsaGeoCoq</title>
<link>/theories/isageocoq/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isageocoq/</guid>
<description></description>
</item>
<item>
<title>IsaNet</title>
<link>/theories/isanet/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isanet/</guid>
<description></description>
</item>
<item>
<title>Jacobson_Basic_Algebra</title>
<link>/theories/jacobson_basic_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jacobson_basic_algebra/</guid>
<description></description>
</item>
<item>
<title>Jinja</title>
<link>/theories/jinja/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jinja/</guid>
<description></description>
</item>
<item>
<title>JinjaDCI</title>
<link>/theories/jinjadci/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jinjadci/</guid>
<description></description>
</item>
<item>
<title>JinjaThreads</title>
<link>/theories/jinjathreads/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jinjathreads/</guid>
<description></description>
</item>
<item>
<title>JiveDataStoreModel</title>
<link>/theories/jivedatastoremodel/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jivedatastoremodel/</guid>
<description></description>
</item>
<item>
<title>Jordan_Hoelder</title>
<link>/theories/jordan_hoelder/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jordan_hoelder/</guid>
<description></description>
</item>
<item>
<title>Jordan_Normal_Form</title>
<link>/theories/jordan_normal_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jordan_normal_form/</guid>
<description></description>
</item>
<item>
<title>KAD</title>
<link>/theories/kad/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kad/</guid>
<description></description>
</item>
<item>
<title>KAT_and_DRA</title>
<link>/theories/kat_and_dra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kat_and_dra/</guid>
<description></description>
</item>
<item>
<title>KBPs</title>
<link>/theories/kbps/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kbps/</guid>
<description></description>
</item>
<item>
<title>KD_Tree</title>
<link>/theories/kd_tree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kd_tree/</guid>
<description></description>
</item>
<item>
<title>Key_Agreement_Strong_Adversaries</title>
<link>/theories/key_agreement_strong_adversaries/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/key_agreement_strong_adversaries/</guid>
<description></description>
</item>
<item>
<title>Khovanskii_Theorem</title>
<link>/theories/khovanskii_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/khovanskii_theorem/</guid>
<description></description>
</item>
<item>
<title>Kleene_Algebra</title>
<link>/theories/kleene_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kleene_algebra/</guid>
<description></description>
</item>
<item>
<title>Knights_Tour</title>
<link>/theories/knights_tour/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/knights_tour/</guid>
<description></description>
</item>
<item>
<title>Knot_Theory</title>
<link>/theories/knot_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/knot_theory/</guid>
<description></description>
</item>
<item>
<title>Knuth_Bendix_Order</title>
<link>/theories/knuth_bendix_order/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/knuth_bendix_order/</guid>
<description></description>
</item>
<item>
<title>Knuth_Morris_Pratt</title>
<link>/theories/knuth_morris_pratt/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/knuth_morris_pratt/</guid>
<description></description>
</item>
<item>
<title>Koenigsberg_Friendship</title>
<link>/theories/koenigsberg_friendship/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/koenigsberg_friendship/</guid>
<description></description>
</item>
<item>
<title>Kruskal</title>
<link>/theories/kruskal/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kruskal/</guid>
<description></description>
</item>
<item>
<title>Kuratowski_Closure_Complement</title>
<link>/theories/kuratowski_closure_complement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kuratowski_closure_complement/</guid>
<description></description>
</item>
<item>
<title>Lam-ml-Normalization</title>
<link>/theories/lam-ml-normalization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lam-ml-normalization/</guid>
<description></description>
</item>
<item>
<title>Lambda_Free_EPO</title>
<link>/theories/lambda_free_epo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambda_free_epo/</guid>
<description></description>
</item>
<item>
<title>Lambda_Free_KBOs</title>
<link>/theories/lambda_free_kbos/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambda_free_kbos/</guid>
<description></description>
</item>
<item>
<title>Lambda_Free_RPOs</title>
<link>/theories/lambda_free_rpos/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambda_free_rpos/</guid>
<description></description>
</item>
<item>
<title>LambdaAuth</title>
<link>/theories/lambdaauth/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambdaauth/</guid>
<description></description>
</item>
<item>
<title>LambdaMu</title>
<link>/theories/lambdamu/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambdamu/</guid>
<description></description>
</item>
<item>
<title>Lambert_W</title>
<link>/theories/lambert_w/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambert_w/</guid>
<description></description>
</item>
<item>
<title>Landau_Symbols</title>
<link>/theories/landau_symbols/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/landau_symbols/</guid>
<description></description>
</item>
<item>
<title>Laplace_Transform</title>
<link>/theories/laplace_transform/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/laplace_transform/</guid>
<description></description>
</item>
<item>
<title>Latin_Square</title>
<link>/theories/latin_square/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/latin_square/</guid>
<description></description>
</item>
<item>
<title>LatticeProperties</title>
<link>/theories/latticeproperties/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/latticeproperties/</guid>
<description></description>
</item>
<item>
<title>Launchbury</title>
<link>/theories/launchbury/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/launchbury/</guid>
<description></description>
</item>
<item>
<title>Laws_of_Large_Numbers</title>
<link>/theories/laws_of_large_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/laws_of_large_numbers/</guid>
<description></description>
</item>
<item>
<title>Lazy-Lists-II</title>
<link>/theories/lazy-lists-ii/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lazy-lists-ii/</guid>
<description></description>
</item>
<item>
<title>Lazy_Case</title>
<link>/theories/lazy_case/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lazy_case/</guid>
<description></description>
</item>
<item>
<title>Lehmer</title>
<link>/theories/lehmer/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lehmer/</guid>
<description></description>
</item>
<item>
<title>LEM</title>
<link>/theories/lem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lem/</guid>
<description></description>
</item>
<item>
<title>Lifting_Definition_Option</title>
<link>/theories/lifting_definition_option/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lifting_definition_option/</guid>
<description></description>
</item>
<item>
<title>Lifting_the_Exponent</title>
<link>/theories/lifting_the_exponent/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lifting_the_exponent/</guid>
<description></description>
</item>
<item>
<title>LightweightJava</title>
<link>/theories/lightweightjava/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lightweightjava/</guid>
<description></description>
</item>
<item>
<title>Linear_Inequalities</title>
<link>/theories/linear_inequalities/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linear_inequalities/</guid>
<description></description>
</item>
<item>
<title>Linear_Programming</title>
<link>/theories/linear_programming/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linear_programming/</guid>
<description></description>
</item>
<item>
<title>Linear_Recurrences</title>
<link>/theories/linear_recurrences/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linear_recurrences/</guid>
<description></description>
</item>
<item>
<title>Linear_Recurrences_Solver</title>
<link>/theories/linear_recurrences_solver/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linear_recurrences_solver/</guid>
<description></description>
</item>
<item>
<title>LinearQuantifierElim</title>
<link>/theories/linearquantifierelim/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linearquantifierelim/</guid>
<description></description>
</item>
<item>
<title>Liouville_Numbers</title>
<link>/theories/liouville_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/liouville_numbers/</guid>
<description></description>
</item>
<item>
<title>List-Index</title>
<link>/theories/list-index/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list-index/</guid>
<description></description>
</item>
<item>
<title>List-Infinite</title>
<link>/theories/list-infinite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list-infinite/</guid>
<description></description>
</item>
<item>
<title>List_Interleaving</title>
<link>/theories/list_interleaving/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list_interleaving/</guid>
<description></description>
</item>
<item>
<title>List_Inversions</title>
<link>/theories/list_inversions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list_inversions/</guid>
<description></description>
</item>
<item>
<title>List_Update</title>
<link>/theories/list_update/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list_update/</guid>
<description></description>
</item>
<item>
<title>LLL_Basis_Reduction</title>
<link>/theories/lll_basis_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lll_basis_reduction/</guid>
<description></description>
</item>
<item>
<title>LLL_Factorization</title>
<link>/theories/lll_factorization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lll_factorization/</guid>
<description></description>
</item>
<item>
<title>Localization_Ring</title>
<link>/theories/localization_ring/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/localization_ring/</guid>
<description></description>
</item>
<item>
<title>LocalLexing</title>
<link>/theories/locallexing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/locallexing/</guid>
<description></description>
</item>
<item>
<title>Locally-Nameless-Sigma</title>
<link>/theories/locally-nameless-sigma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/locally-nameless-sigma/</guid>
<description></description>
</item>
<item>
<title>LOFT</title>
<link>/theories/loft/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/loft/</guid>
<description></description>
</item>
<item>
<title>Logging_Independent_Anonymity</title>
<link>/theories/logging_independent_anonymity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/logging_independent_anonymity/</guid>
<description></description>
</item>
<item>
<title>Lorenz_Approximation</title>
<link>/theories/lorenz_approximation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lorenz_approximation/</guid>
<description></description>
</item>
<item>
<title>Lorenz_C0</title>
<link>/theories/lorenz_c0/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lorenz_c0/</guid>
<description></description>
</item>
<item>
<title>Lorenz_C1</title>
<link>/theories/lorenz_c1/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lorenz_c1/</guid>
<description></description>
</item>
<item>
<title>Lowe_Ontological_Argument</title>
<link>/theories/lowe_ontological_argument/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lowe_ontological_argument/</guid>
<description></description>
</item>
<item>
<title>Lower_Semicontinuous</title>
<link>/theories/lower_semicontinuous/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lower_semicontinuous/</guid>
<description></description>
</item>
<item>
<title>Lp</title>
<link>/theories/lp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lp/</guid>
<description></description>
</item>
<item>
<title>LP_Duality</title>
<link>/theories/lp_duality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lp_duality/</guid>
<description></description>
</item>
<item>
<title>LTL</title>
<link>/theories/ltl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl/</guid>
<description></description>
</item>
<item>
<title>LTL_Master_Theorem</title>
<link>/theories/ltl_master_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl_master_theorem/</guid>
<description></description>
</item>
<item>
<title>LTL_Normal_Form</title>
<link>/theories/ltl_normal_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl_normal_form/</guid>
<description></description>
</item>
<item>
<title>LTL_to_DRA</title>
<link>/theories/ltl_to_dra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl_to_dra/</guid>
<description></description>
</item>
<item>
<title>LTL_to_GBA</title>
<link>/theories/ltl_to_gba/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl_to_gba/</guid>
<description></description>
</item>
<item>
<title>Lucas_Theorem</title>
<link>/theories/lucas_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lucas_theorem/</guid>
<description></description>
</item>
<item>
<title>Markov_Models</title>
<link>/theories/markov_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/markov_models/</guid>
<description></description>
</item>
<item>
<title>Marriage</title>
<link>/theories/marriage/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/marriage/</guid>
<description></description>
</item>
<item>
<title>Mason_Stothers</title>
<link>/theories/mason_stothers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mason_stothers/</guid>
<description></description>
</item>
<item>
<title>Matrices_for_ODEs</title>
<link>/theories/matrices_for_odes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/matrices_for_odes/</guid>
<description></description>
</item>
<item>
<title>Matrix</title>
<link>/theories/matrix/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/matrix/</guid>
<description></description>
</item>
<item>
<title>Matrix_Tensor</title>
<link>/theories/matrix_tensor/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/matrix_tensor/</guid>
<description></description>
</item>
<item>
<title>Matroids</title>
<link>/theories/matroids/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/matroids/</guid>
<description></description>
</item>
<item>
<title>Max-Card-Matching</title>
<link>/theories/max-card-matching/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/max-card-matching/</guid>
<description></description>
</item>
<item>
<title>MDP-Algorithms</title>
<link>/theories/mdp-algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mdp-algorithms/</guid>
<description></description>
</item>
<item>
<title>MDP-Rewards</title>
<link>/theories/mdp-rewards/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mdp-rewards/</guid>
<description></description>
</item>
<item>
<title>Median_Method</title>
<link>/theories/median_method/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/median_method/</guid>
<description></description>
</item>
<item>
<title>Median_Of_Medians_Selection</title>
<link>/theories/median_of_medians_selection/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/median_of_medians_selection/</guid>
<description></description>
</item>
<item>
<title>Menger</title>
<link>/theories/menger/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/menger/</guid>
<description></description>
</item>
<item>
<title>Mereology</title>
<link>/theories/mereology/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mereology/</guid>
<description></description>
</item>
<item>
<title>Mersenne_Primes</title>
<link>/theories/mersenne_primes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mersenne_primes/</guid>
<description></description>
</item>
<item>
<title>Metalogic_ProofChecker</title>
<link>/theories/metalogic_proofchecker/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/metalogic_proofchecker/</guid>
<description></description>
</item>
<item>
<title>MFMC_Countable</title>
<link>/theories/mfmc_countable/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mfmc_countable/</guid>
<description></description>
</item>
<item>
<title>MFODL_Monitor_Optimized</title>
<link>/theories/mfodl_monitor_optimized/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mfodl_monitor_optimized/</guid>
<description></description>
</item>
<item>
<title>MFOTL_Monitor</title>
<link>/theories/mfotl_monitor/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mfotl_monitor/</guid>
<description></description>
</item>
<item>
<title>Minimal_SSA</title>
<link>/theories/minimal_ssa/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/minimal_ssa/</guid>
<description></description>
</item>
<item>
<title>MiniML</title>
<link>/theories/miniml/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/miniml/</guid>
<description></description>
</item>
<item>
<title>MiniSail</title>
<link>/theories/minisail/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/minisail/</guid>
<description></description>
</item>
<item>
<title>Minkowskis_Theorem</title>
<link>/theories/minkowskis_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/minkowskis_theorem/</guid>
<description></description>
</item>
<item>
<title>Minsky_Machines</title>
<link>/theories/minsky_machines/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/minsky_machines/</guid>
<description></description>
</item>
<item>
<title>Modal_Logics_for_NTS</title>
<link>/theories/modal_logics_for_nts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/modal_logics_for_nts/</guid>
<description></description>
</item>
<item>
<title>Modular_arithmetic_LLL_and_HNF_algorithms</title>
<link>/theories/modular_arithmetic_lll_and_hnf_algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/modular_arithmetic_lll_and_hnf_algorithms/</guid>
<description></description>
</item>
<item>
<title>Modular_Assembly_Kit_Security</title>
<link>/theories/modular_assembly_kit_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/modular_assembly_kit_security/</guid>
<description></description>
</item>
<item>
<title>Monad_Memo_DP</title>
<link>/theories/monad_memo_dp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monad_memo_dp/</guid>
<description></description>
</item>
<item>
<title>Monad_Normalisation</title>
<link>/theories/monad_normalisation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monad_normalisation/</guid>
<description></description>
</item>
<item>
<title>MonoBoolTranAlgebra</title>
<link>/theories/monobooltranalgebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monobooltranalgebra/</guid>
<description></description>
</item>
<item>
<title>MonoidalCategory</title>
<link>/theories/monoidalcategory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monoidalcategory/</guid>
<description></description>
</item>
<item>
<title>Monomorphic_Monad</title>
<link>/theories/monomorphic_monad/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monomorphic_monad/</guid>
<description></description>
</item>
<item>
<title>MSO_Regex_Equivalence</title>
<link>/theories/mso_regex_equivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mso_regex_equivalence/</guid>
<description></description>
</item>
<item>
<title>MuchAdoAboutTwo</title>
<link>/theories/muchadoabouttwo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/muchadoabouttwo/</guid>
<description></description>
</item>
<item>
<title>Multi_Party_Computation</title>
<link>/theories/multi_party_computation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/multi_party_computation/</guid>
<description></description>
</item>
<item>
<title>Multirelations</title>
<link>/theories/multirelations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/multirelations/</guid>
<description></description>
</item>
<item>
<title>Multiset_Ordering_NPC</title>
<link>/theories/multiset_ordering_npc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/multiset_ordering_npc/</guid>
<description></description>
</item>
<item>
<title>Myhill-Nerode</title>
<link>/theories/myhill-nerode/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/myhill-nerode/</guid>
<description></description>
</item>
<item>
<title>Name_Carrying_Type_Inference</title>
<link>/theories/name_carrying_type_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/name_carrying_type_inference/</guid>
<description></description>
</item>
<item>
<title>Nano_JSON</title>
<link>/theories/nano_json/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nano_json/</guid>
<description></description>
</item>
<item>
<title>Nash_Williams</title>
<link>/theories/nash_williams/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nash_williams/</guid>
<description></description>
</item>
<item>
<title>Nat-Interval-Logic</title>
<link>/theories/nat-interval-logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nat-interval-logic/</guid>
<description></description>
</item>
<item>
<title>Native_Word</title>
<link>/theories/native_word/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/native_word/</guid>
<description></description>
</item>
<item>
<title>Nested_Multisets_Ordinals</title>
<link>/theories/nested_multisets_ordinals/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nested_multisets_ordinals/</guid>
<description></description>
</item>
<item>
<title>Network_Security_Policy_Verification</title>
<link>/theories/network_security_policy_verification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/network_security_policy_verification/</guid>
<description></description>
</item>
<item>
<title>Neumann_Morgenstern_Utility</title>
<link>/theories/neumann_morgenstern_utility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/neumann_morgenstern_utility/</guid>
<description></description>
</item>
<item>
<title>No_FTL_observers</title>
<link>/theories/no_ftl_observers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/no_ftl_observers/</guid>
<description></description>
</item>
<item>
<title>Nominal2</title>
<link>/theories/nominal2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nominal2/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Concurrent_Composition</title>
<link>/theories/noninterference_concurrent_composition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_concurrent_composition/</guid>
<description></description>
</item>
<item>
<title>Noninterference_CSP</title>
<link>/theories/noninterference_csp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_csp/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Generic_Unwinding</title>
<link>/theories/noninterference_generic_unwinding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_generic_unwinding/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Inductive_Unwinding</title>
<link>/theories/noninterference_inductive_unwinding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_inductive_unwinding/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Ipurge_Unwinding</title>
<link>/theories/noninterference_ipurge_unwinding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_ipurge_unwinding/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Sequential_Composition</title>
<link>/theories/noninterference_sequential_composition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_sequential_composition/</guid>
<description></description>
</item>
<item>
<title>NormByEval</title>
<link>/theories/normbyeval/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/normbyeval/</guid>
<description></description>
</item>
<item>
<title>Nullstellensatz</title>
<link>/theories/nullstellensatz/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nullstellensatz/</guid>
<description></description>
</item>
<item>
<title>Number_Theoretic_Transform</title>
<link>/theories/number_theoretic_transform/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/number_theoretic_transform/</guid>
<description></description>
</item>
<item>
<title>Octonions</title>
<link>/theories/octonions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/octonions/</guid>
<description></description>
</item>
<item>
<title>Old_Datatype_Show</title>
<link>/theories/old_datatype_show/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/old_datatype_show/</guid>
<description></description>
</item>
<item>
<title>Open_Induction</title>
<link>/theories/open_induction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/open_induction/</guid>
<description></description>
</item>
<item>
<title>OpSets</title>
<link>/theories/opsets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/opsets/</guid>
<description></description>
</item>
<item>
<title>Optics</title>
<link>/theories/optics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/optics/</guid>
<description></description>
</item>
<item>
<title>Optimal_BST</title>
<link>/theories/optimal_bst/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/optimal_bst/</guid>
<description></description>
</item>
<item>
<title>Orbit_Stabiliser</title>
<link>/theories/orbit_stabiliser/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/orbit_stabiliser/</guid>
<description></description>
</item>
<item>
<title>Order_Lattice_Props</title>
<link>/theories/order_lattice_props/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/order_lattice_props/</guid>
<description></description>
</item>
<item>
<title>Ordered_Resolution_Prover</title>
<link>/theories/ordered_resolution_prover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordered_resolution_prover/</guid>
<description></description>
</item>
<item>
<title>Ordinal</title>
<link>/theories/ordinal/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordinal/</guid>
<description></description>
</item>
<item>
<title>Ordinal_Partitions</title>
<link>/theories/ordinal_partitions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordinal_partitions/</guid>
<description></description>
</item>
<item>
<title>Ordinals_and_Cardinals</title>
<link>/theories/ordinals_and_cardinals/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordinals_and_cardinals/</guid>
<description></description>
</item>
<item>
<title>Ordinary_Differential_Equations</title>
<link>/theories/ordinary_differential_equations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordinary_differential_equations/</guid>
<description></description>
</item>
<item>
<title>PAC_Checker</title>
<link>/theories/pac_checker/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pac_checker/</guid>
<description></description>
</item>
<item>
<title>Package_logic</title>
<link>/theories/package_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/package_logic/</guid>
<description></description>
</item>
<item>
+ <title>Padic_Field</title>
+ <link>/theories/padic_field/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>/theories/padic_field/</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Padic_Ints</title>
<link>/theories/padic_ints/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/padic_ints/</guid>
<description></description>
</item>
<item>
<title>Pairing_Heap</title>
<link>/theories/pairing_heap/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pairing_heap/</guid>
<description></description>
</item>
<item>
<title>PAL</title>
<link>/theories/pal/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pal/</guid>
<description></description>
</item>
<item>
<title>Paraconsistency</title>
<link>/theories/paraconsistency/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/paraconsistency/</guid>
<description></description>
</item>
<item>
<title>Parity_Game</title>
<link>/theories/parity_game/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/parity_game/</guid>
<description></description>
</item>
<item>
<title>Partial_Function_MR</title>
<link>/theories/partial_function_mr/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/partial_function_mr/</guid>
<description></description>
</item>
<item>
<title>Partial_Order_Reduction</title>
<link>/theories/partial_order_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/partial_order_reduction/</guid>
<description></description>
</item>
<item>
<title>Password_Authentication_Protocol</title>
<link>/theories/password_authentication_protocol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/password_authentication_protocol/</guid>
<description></description>
</item>
<item>
<title>PCF</title>
<link>/theories/pcf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pcf/</guid>
<description></description>
</item>
<item>
<title>Pell</title>
<link>/theories/pell/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pell/</guid>
<description></description>
</item>
<item>
<title>Perfect-Number-Thm</title>
<link>/theories/perfect-number-thm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/perfect-number-thm/</guid>
<description></description>
</item>
<item>
<title>Perron_Frobenius</title>
<link>/theories/perron_frobenius/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/perron_frobenius/</guid>
<description></description>
</item>
<item>
<title>pGCL</title>
<link>/theories/pgcl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pgcl/</guid>
<description></description>
</item>
<item>
<title>Physical_Quantities</title>
<link>/theories/physical_quantities/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/physical_quantities/</guid>
<description></description>
</item>
<item>
<title>Pi_Calculus</title>
<link>/theories/pi_calculus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pi_calculus/</guid>
<description></description>
</item>
<item>
<title>Pi_Transcendental</title>
<link>/theories/pi_transcendental/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pi_transcendental/</guid>
<description></description>
</item>
<item>
<title>Planarity_Certificates</title>
<link>/theories/planarity_certificates/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/planarity_certificates/</guid>
<description></description>
</item>
<item>
<title>PLM</title>
<link>/theories/plm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/plm/</guid>
<description></description>
</item>
<item>
<title>Pluennecke_Ruzsa_Inequality</title>
<link>/theories/pluennecke_ruzsa_inequality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pluennecke_ruzsa_inequality/</guid>
<description></description>
</item>
<item>
<title>Poincare_Bendixson</title>
<link>/theories/poincare_bendixson/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/poincare_bendixson/</guid>
<description></description>
</item>
<item>
<title>Poincare_Disc</title>
<link>/theories/poincare_disc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/poincare_disc/</guid>
<description></description>
</item>
<item>
<title>Polynomial_Factorization</title>
<link>/theories/polynomial_factorization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/polynomial_factorization/</guid>
<description></description>
</item>
<item>
<title>Polynomial_Interpolation</title>
<link>/theories/polynomial_interpolation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/polynomial_interpolation/</guid>
<description></description>
</item>
<item>
<title>Polynomials</title>
<link>/theories/polynomials/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/polynomials/</guid>
<description></description>
</item>
<item>
<title>Pop_Refinement</title>
<link>/theories/pop_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pop_refinement/</guid>
<description></description>
</item>
<item>
<title>POPLmark-deBruijn</title>
<link>/theories/poplmark-debruijn/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/poplmark-debruijn/</guid>
<description></description>
</item>
<item>
<title>Posix-Lexing</title>
<link>/theories/posix-lexing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/posix-lexing/</guid>
<description></description>
</item>
<item>
<title>Possibilistic_Noninterference</title>
<link>/theories/possibilistic_noninterference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/possibilistic_noninterference/</guid>
<description></description>
</item>
<item>
<title>Power_Sum_Polynomials</title>
<link>/theories/power_sum_polynomials/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/power_sum_polynomials/</guid>
<description></description>
</item>
<item>
<title>Pratt_Certificate</title>
<link>/theories/pratt_certificate/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pratt_certificate/</guid>
<description></description>
</item>
<item>
<title>Prefix_Free_Code_Combinators</title>
<link>/theories/prefix_free_code_combinators/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prefix_free_code_combinators/</guid>
<description></description>
</item>
<item>
<title>Presburger-Automata</title>
<link>/theories/presburger-automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/presburger-automata/</guid>
<description></description>
</item>
<item>
<title>Prim_Dijkstra_Simple</title>
<link>/theories/prim_dijkstra_simple/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prim_dijkstra_simple/</guid>
<description></description>
</item>
<item>
<title>Prime_Distribution_Elementary</title>
<link>/theories/prime_distribution_elementary/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prime_distribution_elementary/</guid>
<description></description>
</item>
<item>
<title>Prime_Harmonic_Series</title>
<link>/theories/prime_harmonic_series/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prime_harmonic_series/</guid>
<description></description>
</item>
<item>
<title>Prime_Number_Theorem</title>
<link>/theories/prime_number_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prime_number_theorem/</guid>
<description></description>
</item>
<item>
<title>Priority_Queue_Braun</title>
<link>/theories/priority_queue_braun/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/priority_queue_braun/</guid>
<description></description>
</item>
<item>
<title>Priority_Search_Trees</title>
<link>/theories/priority_search_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/priority_search_trees/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_Noninterference</title>
<link>/theories/probabilistic_noninterference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_noninterference/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_Prime_Tests</title>
<link>/theories/probabilistic_prime_tests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_prime_tests/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_System_Zoo</title>
<link>/theories/probabilistic_system_zoo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_system_zoo/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_Timed_Automata</title>
<link>/theories/probabilistic_timed_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_timed_automata/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_While</title>
<link>/theories/probabilistic_while/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_while/</guid>
<description></description>
</item>
<item>
<title>Program-Conflict-Analysis</title>
<link>/theories/program-conflict-analysis/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/program-conflict-analysis/</guid>
<description></description>
</item>
<item>
<title>Progress_Tracking</title>
<link>/theories/progress_tracking/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/progress_tracking/</guid>
<description></description>
</item>
<item>
<title>Projective_Geometry</title>
<link>/theories/projective_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/projective_geometry/</guid>
<description></description>
</item>
<item>
<title>Projective_Measurements</title>
<link>/theories/projective_measurements/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/projective_measurements/</guid>
<description></description>
</item>
<item>
<title>Promela</title>
<link>/theories/promela/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/promela/</guid>
<description></description>
</item>
<item>
<title>Proof_Strategy_Language</title>
<link>/theories/proof_strategy_language/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/proof_strategy_language/</guid>
<description></description>
</item>
<item>
<title>Propositional_Proof_Systems</title>
<link>/theories/propositional_proof_systems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/propositional_proof_systems/</guid>
<description></description>
</item>
<item>
<title>PropResPI</title>
<link>/theories/proprespi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/proprespi/</guid>
<description></description>
</item>
<item>
<title>Prpu_Maxflow</title>
<link>/theories/prpu_maxflow/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prpu_maxflow/</guid>
<description></description>
</item>
<item>
<title>PSemigroupsConvolution</title>
<link>/theories/psemigroupsconvolution/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/psemigroupsconvolution/</guid>
<description></description>
</item>
<item>
<title>PseudoHoops</title>
<link>/theories/pseudohoops/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pseudohoops/</guid>
<description></description>
</item>
<item>
<title>Psi_Calculi</title>
<link>/theories/psi_calculi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/psi_calculi/</guid>
<description></description>
</item>
<item>
<title>Ptolemys_Theorem</title>
<link>/theories/ptolemys_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ptolemys_theorem/</guid>
<description></description>
</item>
<item>
<title>Public_Announcement_Logic</title>
<link>/theories/public_announcement_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/public_announcement_logic/</guid>
<description></description>
</item>
<item>
<title>QHLProver</title>
<link>/theories/qhlprover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/qhlprover/</guid>
<description></description>
</item>
<item>
<title>QR_Decomposition</title>
<link>/theories/qr_decomposition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/qr_decomposition/</guid>
<description></description>
</item>
<item>
<title>Quantales</title>
<link>/theories/quantales/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/quantales/</guid>
<description></description>
</item>
<item>
<title>Quasi_Borel_Spaces</title>
<link>/theories/quasi_borel_spaces/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/quasi_borel_spaces/</guid>
<description></description>
</item>
<item>
<title>Quaternions</title>
<link>/theories/quaternions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/quaternions/</guid>
<description></description>
</item>
<item>
<title>Quick_Sort_Cost</title>
<link>/theories/quick_sort_cost/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/quick_sort_cost/</guid>
<description></description>
</item>
<item>
<title>Ramsey-Infinite</title>
<link>/theories/ramsey-infinite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ramsey-infinite/</guid>
<description></description>
</item>
<item>
<title>Random_BSTs</title>
<link>/theories/random_bsts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/random_bsts/</guid>
<description></description>
</item>
<item>
<title>Random_Graph_Subgraph_Threshold</title>
<link>/theories/random_graph_subgraph_threshold/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/random_graph_subgraph_threshold/</guid>
<description></description>
</item>
<item>
<title>Randomised_BSTs</title>
<link>/theories/randomised_bsts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/randomised_bsts/</guid>
<description></description>
</item>
<item>
<title>Randomised_Social_Choice</title>
<link>/theories/randomised_social_choice/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/randomised_social_choice/</guid>
<description></description>
</item>
<item>
<title>Rank_Nullity_Theorem</title>
<link>/theories/rank_nullity_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rank_nullity_theorem/</guid>
<description></description>
</item>
<item>
<title>Real_Impl</title>
<link>/theories/real_impl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/real_impl/</guid>
<description></description>
</item>
<item>
<title>Real_Power</title>
<link>/theories/real_power/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/real_power/</guid>
<description></description>
</item>
<item>
<title>Real_Time_Deque</title>
<link>/theories/real_time_deque/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/real_time_deque/</guid>
<description></description>
</item>
<item>
<title>Recursion-Addition</title>
<link>/theories/recursion-addition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/recursion-addition/</guid>
<description></description>
</item>
<item>
<title>Recursion-Theory-I</title>
<link>/theories/recursion-theory-i/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/recursion-theory-i/</guid>
<description></description>
</item>
<item>
<title>Refine_Imperative_HOL</title>
<link>/theories/refine_imperative_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/refine_imperative_hol/</guid>
<description></description>
</item>
<item>
<title>Refine_Monadic</title>
<link>/theories/refine_monadic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/refine_monadic/</guid>
<description></description>
</item>
<item>
<title>RefinementReactive</title>
<link>/theories/refinementreactive/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/refinementreactive/</guid>
<description></description>
</item>
<item>
<title>Regex_Equivalence</title>
<link>/theories/regex_equivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regex_equivalence/</guid>
<description></description>
</item>
<item>
<title>Registers</title>
<link>/theories/registers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/registers/</guid>
<description></description>
</item>
<item>
<title>Regression_Test_Selection</title>
<link>/theories/regression_test_selection/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regression_test_selection/</guid>
<description></description>
</item>
<item>
<title>Regular-Sets</title>
<link>/theories/regular-sets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regular-sets/</guid>
<description></description>
</item>
<item>
<title>Regular_Algebras</title>
<link>/theories/regular_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regular_algebras/</guid>
<description></description>
</item>
<item>
<title>Regular_Tree_Relations</title>
<link>/theories/regular_tree_relations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regular_tree_relations/</guid>
<description></description>
</item>
<item>
<title>Relation_Algebra</title>
<link>/theories/relation_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relation_algebra/</guid>
<description></description>
</item>
<item>
<title>Relational-Incorrectness-Logic</title>
<link>/theories/relational-incorrectness-logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational-incorrectness-logic/</guid>
<description></description>
</item>
<item>
<title>Relational_Disjoint_Set_Forests</title>
<link>/theories/relational_disjoint_set_forests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_disjoint_set_forests/</guid>
<description></description>
</item>
<item>
<title>Relational_Forests</title>
<link>/theories/relational_forests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_forests/</guid>
<description></description>
</item>
<item>
<title>Relational_Method</title>
<link>/theories/relational_method/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_method/</guid>
<description></description>
</item>
<item>
<title>Relational_Minimum_Spanning_Trees</title>
<link>/theories/relational_minimum_spanning_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_minimum_spanning_trees/</guid>
<description></description>
</item>
<item>
<title>Relational_Paths</title>
<link>/theories/relational_paths/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_paths/</guid>
<description></description>
</item>
<item>
<title>Rep_Fin_Groups</title>
<link>/theories/rep_fin_groups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rep_fin_groups/</guid>
<description></description>
</item>
<item>
<title>Residuated_Lattices</title>
<link>/theories/residuated_lattices/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/residuated_lattices/</guid>
<description></description>
</item>
<item>
<title>ResiduatedTransitionSystem</title>
<link>/theories/residuatedtransitionsystem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/residuatedtransitionsystem/</guid>
<description></description>
</item>
<item>
<title>Resolution_FOL</title>
<link>/theories/resolution_fol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/resolution_fol/</guid>
<description></description>
</item>
<item>
<title>Rewrite_Properties_Reduction</title>
<link>/theories/rewrite_properties_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rewrite_properties_reduction/</guid>
<description></description>
</item>
<item>
<title>Rewriting_Z</title>
<link>/theories/rewriting_z/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rewriting_z/</guid>
<description></description>
</item>
<item>
<title>Ribbon_Proofs</title>
<link>/theories/ribbon_proofs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ribbon_proofs/</guid>
<description></description>
</item>
<item>
<title>RIPEMD-160-SPARK</title>
<link>/theories/ripemd-160-spark/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ripemd-160-spark/</guid>
<description></description>
</item>
<item>
+ <title>Risk_Free_Lending</title>
+ <link>/theories/risk_free_lending/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>/theories/risk_free_lending/</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Robbins-Conjecture</title>
<link>/theories/robbins-conjecture/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/robbins-conjecture/</guid>
<description></description>
</item>
<item>
<title>ROBDD</title>
<link>/theories/robdd/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/robdd/</guid>
<description></description>
</item>
<item>
<title>Robinson_Arithmetic</title>
<link>/theories/robinson_arithmetic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/robinson_arithmetic/</guid>
<description></description>
</item>
<item>
<title>Root_Balanced_Tree</title>
<link>/theories/root_balanced_tree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/root_balanced_tree/</guid>
<description></description>
</item>
<item>
<title>Roth_Arithmetic_Progressions</title>
<link>/theories/roth_arithmetic_progressions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/roth_arithmetic_progressions/</guid>
<description></description>
</item>
<item>
<title>Routing</title>
<link>/theories/routing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/routing/</guid>
<description></description>
</item>
<item>
<title>Roy_Floyd_Warshall</title>
<link>/theories/roy_floyd_warshall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/roy_floyd_warshall/</guid>
<description></description>
</item>
<item>
<title>RSAPSS</title>
<link>/theories/rsapss/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rsapss/</guid>
<description></description>
</item>
<item>
<title>Safe_Distance</title>
<link>/theories/safe_distance/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/safe_distance/</guid>
<description></description>
</item>
<item>
<title>Safe_OCL</title>
<link>/theories/safe_ocl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/safe_ocl/</guid>
<description></description>
</item>
<item>
<title>SATSolverVerification</title>
<link>/theories/satsolververification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/satsolververification/</guid>
<description></description>
</item>
<item>
<title>Saturation_Framework</title>
<link>/theories/saturation_framework/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/saturation_framework/</guid>
<description></description>
</item>
<item>
<title>Saturation_Framework_Extensions</title>
<link>/theories/saturation_framework_extensions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/saturation_framework_extensions/</guid>
<description></description>
</item>
<item>
<title>SC_DOM_Components</title>
<link>/theories/sc_dom_components/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sc_dom_components/</guid>
<description></description>
</item>
<item>
+ <title>SCC_Bloemen_Sequential</title>
+ <link>/theories/scc_bloemen_sequential/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>/theories/scc_bloemen_sequential/</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Schutz_Spacetime</title>
<link>/theories/schutz_spacetime/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/schutz_spacetime/</guid>
<description></description>
</item>
<item>
<title>SDS_Impossibility</title>
<link>/theories/sds_impossibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sds_impossibility/</guid>
<description></description>
</item>
<item>
<title>Secondary_Sylow</title>
<link>/theories/secondary_sylow/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/secondary_sylow/</guid>
<description></description>
</item>
<item>
<title>Security_Protocol_Refinement</title>
<link>/theories/security_protocol_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/security_protocol_refinement/</guid>
<description></description>
</item>
<item>
<title>Selection_Heap_Sort</title>
<link>/theories/selection_heap_sort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/selection_heap_sort/</guid>
<description></description>
</item>
<item>
<title>SenSocialChoice</title>
<link>/theories/sensocialchoice/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sensocialchoice/</guid>
<description></description>
</item>
<item>
<title>Separata</title>
<link>/theories/separata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/separata/</guid>
<description></description>
</item>
<item>
<title>Separation_Algebra</title>
<link>/theories/separation_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/separation_algebra/</guid>
<description></description>
</item>
<item>
<title>Separation_Logic_Imperative_HOL</title>
<link>/theories/separation_logic_imperative_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/separation_logic_imperative_hol/</guid>
<description></description>
</item>
<item>
+ <title>Separation_Logic_Unbounded</title>
+ <link>/theories/separation_logic_unbounded/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>/theories/separation_logic_unbounded/</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Sepref_Basic</title>
<link>/theories/sepref_basic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sepref_basic/</guid>
<description></description>
</item>
<item>
<title>Sepref_IICF</title>
<link>/theories/sepref_iicf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sepref_iicf/</guid>
<description></description>
</item>
<item>
<title>Sepref_Prereq</title>
<link>/theories/sepref_prereq/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sepref_prereq/</guid>
<description></description>
</item>
<item>
<title>SequentInvertibility</title>
<link>/theories/sequentinvertibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sequentinvertibility/</guid>
<description></description>
</item>
<item>
<title>Shadow_DOM</title>
<link>/theories/shadow_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/shadow_dom/</guid>
<description></description>
</item>
<item>
<title>Shadow_SC_DOM</title>
<link>/theories/shadow_sc_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/shadow_sc_dom/</guid>
<description></description>
</item>
<item>
<title>Shivers-CFA</title>
<link>/theories/shivers-cfa/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/shivers-cfa/</guid>
<description></description>
</item>
<item>
<title>ShortestPath</title>
<link>/theories/shortestpath/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/shortestpath/</guid>
<description></description>
</item>
<item>
<title>Show</title>
<link>/theories/show/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/show/</guid>
<description></description>
</item>
<item>
<title>SIFPL</title>
<link>/theories/sifpl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sifpl/</guid>
<description></description>
</item>
<item>
<title>SIFUM_Type_Systems</title>
<link>/theories/sifum_type_systems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sifum_type_systems/</guid>
<description></description>
</item>
<item>
<title>Sigma_Commit_Crypto</title>
<link>/theories/sigma_commit_crypto/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sigma_commit_crypto/</guid>
<description></description>
</item>
<item>
<title>Signature_Groebner</title>
<link>/theories/signature_groebner/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/signature_groebner/</guid>
<description></description>
</item>
<item>
<title>Simpl</title>
<link>/theories/simpl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simpl/</guid>
<description></description>
</item>
<item>
<title>Simple_Firewall</title>
<link>/theories/simple_firewall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simple_firewall/</guid>
<description></description>
</item>
<item>
<title>Simplex</title>
<link>/theories/simplex/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simplex/</guid>
<description></description>
</item>
<item>
<title>Simplicial_complexes_and_boolean_functions</title>
<link>/theories/simplicial_complexes_and_boolean_functions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simplicial_complexes_and_boolean_functions/</guid>
<description></description>
</item>
<item>
<title>SimplifiedOntologicalArgument</title>
<link>/theories/simplifiedontologicalargument/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simplifiedontologicalargument/</guid>
<description></description>
</item>
<item>
<title>Skew_Heap</title>
<link>/theories/skew_heap/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/skew_heap/</guid>
<description></description>
</item>
<item>
<title>Skip_Lists</title>
<link>/theories/skip_lists/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/skip_lists/</guid>
<description></description>
</item>
<item>
<title>Slicing</title>
<link>/theories/slicing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/slicing/</guid>
<description></description>
</item>
<item>
<title>Sliding_Window_Algorithm</title>
<link>/theories/sliding_window_algorithm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sliding_window_algorithm/</guid>
<description></description>
</item>
<item>
<title>SM</title>
<link>/theories/sm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sm/</guid>
<description></description>
</item>
<item>
<title>SM_Base</title>
<link>/theories/sm_base/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sm_base/</guid>
<description></description>
</item>
<item>
<title>Smith_Normal_Form</title>
<link>/theories/smith_normal_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/smith_normal_form/</guid>
<description></description>
</item>
<item>
<title>Smooth_Manifolds</title>
<link>/theories/smooth_manifolds/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/smooth_manifolds/</guid>
<description></description>
</item>
<item>
<title>Solidity</title>
<link>/theories/solidity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/solidity/</guid>
<description></description>
</item>
<item>
<title>Sophomores_Dream</title>
<link>/theories/sophomores_dream/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sophomores_dream/</guid>
<description></description>
</item>
<item>
<title>Sort_Encodings</title>
<link>/theories/sort_encodings/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sort_encodings/</guid>
<description></description>
</item>
<item>
<title>Source_Coding_Theorem</title>
<link>/theories/source_coding_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/source_coding_theorem/</guid>
<description></description>
</item>
<item>
<title>SPARCv8</title>
<link>/theories/sparcv8/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sparcv8/</guid>
<description></description>
</item>
<item>
<title>SpecCheck</title>
<link>/theories/speccheck/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/speccheck/</guid>
<description></description>
</item>
<item>
<title>Special_Function_Bounds</title>
<link>/theories/special_function_bounds/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/special_function_bounds/</guid>
<description></description>
</item>
<item>
<title>Splay_Tree</title>
<link>/theories/splay_tree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/splay_tree/</guid>
<description></description>
</item>
<item>
<title>Sqrt_Babylonian</title>
<link>/theories/sqrt_babylonian/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sqrt_babylonian/</guid>
<description></description>
</item>
<item>
<title>Stable_Matching</title>
<link>/theories/stable_matching/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stable_matching/</guid>
<description></description>
</item>
<item>
<title>Statecharts</title>
<link>/theories/statecharts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/statecharts/</guid>
<description></description>
</item>
<item>
<title>Stateful_Protocol_Composition_and_Typing</title>
<link>/theories/stateful_protocol_composition_and_typing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stateful_protocol_composition_and_typing/</guid>
<description></description>
</item>
<item>
<title>Stellar_Quorums</title>
<link>/theories/stellar_quorums/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stellar_quorums/</guid>
<description></description>
</item>
<item>
<title>Stern_Brocot</title>
<link>/theories/stern_brocot/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stern_brocot/</guid>
<description></description>
</item>
<item>
<title>Stewart_Apollonius</title>
<link>/theories/stewart_apollonius/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stewart_apollonius/</guid>
<description></description>
</item>
<item>
<title>Stirling_Formula</title>
<link>/theories/stirling_formula/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stirling_formula/</guid>
<description></description>
</item>
<item>
<title>Stochastic_Matrices</title>
<link>/theories/stochastic_matrices/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stochastic_matrices/</guid>
<description></description>
</item>
<item>
<title>Stone_Algebras</title>
<link>/theories/stone_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stone_algebras/</guid>
<description></description>
</item>
<item>
<title>Stone_Kleene_Relation_Algebras</title>
<link>/theories/stone_kleene_relation_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stone_kleene_relation_algebras/</guid>
<description></description>
</item>
<item>
<title>Stone_Relation_Algebras</title>
<link>/theories/stone_relation_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stone_relation_algebras/</guid>
<description></description>
</item>
<item>
<title>Store_Buffer_Reduction</title>
<link>/theories/store_buffer_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/store_buffer_reduction/</guid>
<description></description>
</item>
<item>
<title>Stream-Fusion</title>
<link>/theories/stream-fusion/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stream-fusion/</guid>
<description></description>
</item>
<item>
<title>Stream_Fusion_Code</title>
<link>/theories/stream_fusion_code/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stream_fusion_code/</guid>
<description></description>
</item>
<item>
<title>Strong_Security</title>
<link>/theories/strong_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/strong_security/</guid>
<description></description>
</item>
<item>
<title>Sturm_Sequences</title>
<link>/theories/sturm_sequences/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sturm_sequences/</guid>
<description></description>
</item>
<item>
<title>Sturm_Tarski</title>
<link>/theories/sturm_tarski/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sturm_tarski/</guid>
<description></description>
</item>
<item>
<title>Stuttering_Equivalence</title>
<link>/theories/stuttering_equivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stuttering_equivalence/</guid>
<description></description>
</item>
<item>
<title>Subresultants</title>
<link>/theories/subresultants/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/subresultants/</guid>
<description></description>
</item>
<item>
<title>Subset_Boolean_Algebras</title>
<link>/theories/subset_boolean_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/subset_boolean_algebras/</guid>
<description></description>
</item>
<item>
<title>SumSquares</title>
<link>/theories/sumsquares/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sumsquares/</guid>
<description></description>
</item>
<item>
<title>Sunflowers</title>
<link>/theories/sunflowers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sunflowers/</guid>
<description></description>
</item>
<item>
<title>SuperCalc</title>
<link>/theories/supercalc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/supercalc/</guid>
<description></description>
</item>
<item>
<title>Surprise_Paradox</title>
<link>/theories/surprise_paradox/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/surprise_paradox/</guid>
<description></description>
</item>
<item>
<title>Symmetric_Polynomials</title>
<link>/theories/symmetric_polynomials/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/symmetric_polynomials/</guid>
<description></description>
</item>
<item>
<title>Syntax_Independent_Logic</title>
<link>/theories/syntax_independent_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/syntax_independent_logic/</guid>
<description></description>
</item>
<item>
<title>Szemeredi_Regularity</title>
<link>/theories/szemeredi_regularity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/szemeredi_regularity/</guid>
<description></description>
</item>
<item>
<title>Szpilrajn</title>
<link>/theories/szpilrajn/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/szpilrajn/</guid>
<description></description>
</item>
<item>
<title>Tail_Recursive_Functions</title>
<link>/theories/tail_recursive_functions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tail_recursive_functions/</guid>
<description></description>
</item>
<item>
<title>Tarskis_Geometry</title>
<link>/theories/tarskis_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tarskis_geometry/</guid>
<description></description>
</item>
<item>
<title>Taylor_Models</title>
<link>/theories/taylor_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/taylor_models/</guid>
<description></description>
</item>
<item>
<title>TESL_Language</title>
<link>/theories/tesl_language/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tesl_language/</guid>
<description></description>
</item>
<item>
<title>Three_Circles</title>
<link>/theories/three_circles/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/three_circles/</guid>
<description></description>
</item>
<item>
<title>Timed_Automata</title>
<link>/theories/timed_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/timed_automata/</guid>
<description></description>
</item>
<item>
<title>TLA</title>
<link>/theories/tla/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tla/</guid>
<description></description>
</item>
<item>
<title>Topological_Semantics</title>
<link>/theories/topological_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/topological_semantics/</guid>
<description></description>
</item>
<item>
<title>Topology</title>
<link>/theories/topology/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/topology/</guid>
<description></description>
</item>
<item>
<title>TortoiseHare</title>
<link>/theories/tortoisehare/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tortoisehare/</guid>
<description></description>
</item>
<item>
<title>Transcendence_Series_Hancl_Rucki</title>
<link>/theories/transcendence_series_hancl_rucki/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transcendence_series_hancl_rucki/</guid>
<description></description>
</item>
<item>
<title>Transformer_Semantics</title>
<link>/theories/transformer_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transformer_semantics/</guid>
<description></description>
</item>
<item>
<title>Transition_Systems_and_Automata</title>
<link>/theories/transition_systems_and_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transition_systems_and_automata/</guid>
<description></description>
</item>
<item>
<title>Transitive-Closure</title>
<link>/theories/transitive-closure/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transitive-closure/</guid>
<description></description>
</item>
<item>
<title>Transitive-Closure-II</title>
<link>/theories/transitive-closure-ii/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transitive-closure-ii/</guid>
<description></description>
</item>
<item>
<title>Transitive_Models</title>
<link>/theories/transitive_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transitive_models/</guid>
<description></description>
</item>
<item>
<title>Treaps</title>
<link>/theories/treaps/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/treaps/</guid>
<description></description>
</item>
<item>
<title>Tree-Automata</title>
<link>/theories/tree-automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tree-automata/</guid>
<description></description>
</item>
<item>
<title>Tree_Decomposition</title>
<link>/theories/tree_decomposition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tree_decomposition/</guid>
<description></description>
</item>
<item>
<title>Triangle</title>
<link>/theories/triangle/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/triangle/</guid>
<description></description>
</item>
<item>
<title>Trie</title>
<link>/theories/trie/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/trie/</guid>
<description></description>
</item>
<item>
<title>Twelvefold_Way</title>
<link>/theories/twelvefold_way/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/twelvefold_way/</guid>
<description></description>
</item>
<item>
<title>Tycon</title>
<link>/theories/tycon/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tycon/</guid>
<description></description>
</item>
<item>
<title>Types_Tableaus_and_Goedels_God</title>
<link>/theories/types_tableaus_and_goedels_god/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/types_tableaus_and_goedels_god/</guid>
<description></description>
</item>
<item>
<title>Types_To_Sets_Extension</title>
<link>/theories/types_to_sets_extension/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/types_to_sets_extension/</guid>
<description></description>
</item>
<item>
<title>Universal_Hash_Families</title>
<link>/theories/universal_hash_families/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/universal_hash_families/</guid>
<description></description>
</item>
<item>
<title>Universal_Turing_Machine</title>
<link>/theories/universal_turing_machine/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/universal_turing_machine/</guid>
<description></description>
</item>
<item>
<title>UpDown_Scheme</title>
<link>/theories/updown_scheme/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/updown_scheme/</guid>
<description></description>
</item>
<item>
<title>UPF</title>
<link>/theories/upf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/upf/</guid>
<description></description>
</item>
<item>
<title>UPF_Firewall</title>
<link>/theories/upf_firewall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/upf_firewall/</guid>
<description></description>
</item>
<item>
<title>UTP</title>
<link>/theories/utp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/utp/</guid>
<description></description>
</item>
<item>
<title>UTP-Toolkit</title>
<link>/theories/utp-toolkit/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/utp-toolkit/</guid>
<description></description>
</item>
<item>
<title>Valuation</title>
<link>/theories/valuation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/valuation/</guid>
<description></description>
</item>
<item>
<title>Van_der_Waerden</title>
<link>/theories/van_der_waerden/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/van_der_waerden/</guid>
<description></description>
</item>
<item>
<title>Van_Emde_Boas_Trees</title>
<link>/theories/van_emde_boas_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/van_emde_boas_trees/</guid>
<description></description>
</item>
<item>
<title>VectorSpace</title>
<link>/theories/vectorspace/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/vectorspace/</guid>
<description></description>
</item>
<item>
<title>VeriComp</title>
<link>/theories/vericomp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/vericomp/</guid>
<description></description>
</item>
<item>
<title>Verified-Prover</title>
<link>/theories/verified-prover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/verified-prover/</guid>
<description></description>
</item>
<item>
<title>Verified_SAT_Based_AI_Planning</title>
<link>/theories/verified_sat_based_ai_planning/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/verified_sat_based_ai_planning/</guid>
<description></description>
</item>
<item>
<title>VerifyThis2018</title>
<link>/theories/verifythis2018/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/verifythis2018/</guid>
<description></description>
</item>
<item>
<title>VerifyThis2019</title>
<link>/theories/verifythis2019/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/verifythis2019/</guid>
<description></description>
</item>
<item>
<title>Vickrey_Clarke_Groves</title>
<link>/theories/vickrey_clarke_groves/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/vickrey_clarke_groves/</guid>
<description></description>
</item>
<item>
<title>Virtual_Substitution</title>
<link>/theories/virtual_substitution/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/virtual_substitution/</guid>
<description></description>
</item>
<item>
<title>VolpanoSmith</title>
<link>/theories/volpanosmith/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/volpanosmith/</guid>
<description></description>
</item>
<item>
<title>VYDRA_MDL</title>
<link>/theories/vydra_mdl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/vydra_mdl/</guid>
<description></description>
</item>
<item>
<title>WebAssembly</title>
<link>/theories/webassembly/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/webassembly/</guid>
<description></description>
</item>
<item>
<title>Weight_Balanced_Trees</title>
<link>/theories/weight_balanced_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/weight_balanced_trees/</guid>
<description></description>
</item>
<item>
<title>Weighted_Arithmetic_Geometric_Mean</title>
<link>/theories/weighted_arithmetic_geometric_mean/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/weighted_arithmetic_geometric_mean/</guid>
<description></description>
</item>
<item>
<title>Weighted_Path_Order</title>
<link>/theories/weighted_path_order/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/weighted_path_order/</guid>
<description></description>
</item>
<item>
<title>Well_Quasi_Orders</title>
<link>/theories/well_quasi_orders/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/well_quasi_orders/</guid>
<description></description>
</item>
<item>
<title>Wetzels_Problem</title>
<link>/theories/wetzels_problem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/wetzels_problem/</guid>
<description></description>
</item>
<item>
<title>WHATandWHERE_Security</title>
<link>/theories/whatandwhere_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/whatandwhere_security/</guid>
<description></description>
</item>
<item>
<title>Winding_Number_Eval</title>
<link>/theories/winding_number_eval/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/winding_number_eval/</guid>
<description></description>
</item>
<item>
<title>WOOT_Strong_Eventual_Consistency</title>
<link>/theories/woot_strong_eventual_consistency/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/woot_strong_eventual_consistency/</guid>
<description></description>
</item>
<item>
<title>Word_Lib</title>
<link>/theories/word_lib/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/word_lib/</guid>
<description></description>
</item>
<item>
<title>WorkerWrapper</title>
<link>/theories/workerwrapper/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/workerwrapper/</guid>
<description></description>
</item>
<item>
<title>X86_Semantics</title>
<link>/theories/x86_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/x86_semantics/</guid>
<description></description>
</item>
<item>
<title>XML</title>
<link>/theories/xml/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/xml/</guid>
<description></description>
</item>
<item>
<title>Youngs_Inequality</title>
<link>/theories/youngs_inequality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/youngs_inequality/</guid>
<description></description>
</item>
<item>
<title>Zeta_3_Irrational</title>
<link>/theories/zeta_3_irrational/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/zeta_3_irrational/</guid>
<description></description>
</item>
<item>
<title>Zeta_Function</title>
<link>/theories/zeta_function/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/zeta_function/</guid>
<description></description>
</item>
<item>
<title>ZFC_in_HOL</title>
<link>/theories/zfc_in_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/zfc_in_hol/</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/theories/khovanskii_theorem/index.html b/web/theories/khovanskii_theorem/index.html
--- a/web/theories/khovanskii_theorem/index.html
+++ b/web/theories/khovanskii_theorem/index.html
@@ -1,85 +1,84 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Khovanskii_Theorem - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><meta property="og:title" content="Khovanskii_Theorem" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/theories/khovanskii_theorem/" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="theories" />
<meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Khovanskii_Theorem"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css"><link rel="stylesheet" type="text/css" href="../../css/isabelle.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore theories'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
class="logo">
</a>
<ul id="return">
<li><a href="../../entries/Khovanskii_Theorem.html">Return to entry</a></li>
</ul>
<hr>
<ul id="theory-navbar" class="list-group"></ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>K</span>hovanskii_<span class='first'>T</span>heorem</h1>
<div>
</div>
</header><div><main id="theories">
<a id="FiniteProduct" href="https://www.isa-afp.org/browser_info/current/AFP/Khovanskii_Theorem/FiniteProduct.html"><h2>FiniteProduct</h2></a>
- <a id="For_2022" href="https://www.isa-afp.org/browser_info/current/AFP/Khovanskii_Theorem/For_2022.html"><h2>For_2022</h2></a>
<a id="Khovanskii" href="https://www.isa-afp.org/browser_info/current/AFP/Khovanskii_Theorem/Khovanskii.html"><h2>Khovanskii</h2></a></main>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/theories/padic_field/index.html b/web/theories/padic_field/index.html
new file mode 100644
--- /dev/null
+++ b/web/theories/padic_field/index.html
@@ -0,0 +1,92 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>Padic_Field - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><meta property="og:title" content="Padic_Field" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/theories/padic_field/" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="theories" />
+
+<meta property="og:site_name" content="Archive of Formal Proofs" />
+
+<meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Padic_Field"/>
+<meta name="twitter:description" content=""/>
+
+
+ <link rel="stylesheet" type="text/css" href="../../css/front.min.css"><link rel="stylesheet" type="text/css" href="../../css/isabelle.css">
+
+
+ <link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
+ <script src="../../js/flexsearch.bundle.js"></script>
+ <script src="../../js/scroll-spy.js"></script>
+ <script src="../../js/theory.js"></script>
+ <script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
+</head>
+
+
+<body class='mathjax_ignore theories'>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
+ class="logo">
+ </a>
+ <ul id="return">
+ <li><a href="../../entries/Padic_Field.html">Return to entry</a></li>
+ </ul>
+ <hr>
+ <ul id="theory-navbar" class="list-group"></ul>
+ </div>
+ </nav>
+</div>
+
+ </aside>
+
+ <div
+ class='content '><header>
+ <form autocomplete="off" action="../../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1 >
+ <span class='first'>P</span>adic_<span class='first'>F</span>ield</h1>
+ <div>
+
+
+ </div>
+</header><div><main id="theories">
+ <a id="Fraction_Field" href="https://www.isa-afp.org/browser_info/current/AFP/Padic_Field/Fraction_Field.html"><h2>Fraction_Field</h2></a>
+ <a id="Cring_Multivariable_Poly" href="https://www.isa-afp.org/browser_info/current/AFP/Padic_Field/Cring_Multivariable_Poly.html"><h2>Cring_Multivariable_Poly</h2></a>
+ <a id="Indices" href="https://www.isa-afp.org/browser_info/current/AFP/Padic_Field/Indices.html"><h2>Indices</h2></a>
+ <a id="Ring_Powers" href="https://www.isa-afp.org/browser_info/current/AFP/Padic_Field/Ring_Powers.html"><h2>Ring_Powers</h2></a>
+ <a id="Padic_Fields" href="https://www.isa-afp.org/browser_info/current/AFP/Padic_Field/Padic_Fields.html"><h2>Padic_Fields</h2></a>
+ <a id="Padic_Field_Polynomials" href="https://www.isa-afp.org/browser_info/current/AFP/Padic_Field/Padic_Field_Polynomials.html"><h2>Padic_Field_Polynomials</h2></a>
+ <a id="Padic_Field_Topology" href="https://www.isa-afp.org/browser_info/current/AFP/Padic_Field/Padic_Field_Topology.html"><h2>Padic_Field_Topology</h2></a>
+ <a id="Generated_Boolean_Algebra" href="https://www.isa-afp.org/browser_info/current/AFP/Padic_Field/Generated_Boolean_Algebra.html"><h2>Generated_Boolean_Algebra</h2></a>
+ <a id="Padic_Field_Powers" href="https://www.isa-afp.org/browser_info/current/AFP/Padic_Field/Padic_Field_Powers.html"><h2>Padic_Field_Powers</h2></a>
+ <a id="Padic_Semialgebraic_Function_Ring" href="https://www.isa-afp.org/browser_info/current/AFP/Padic_Field/Padic_Semialgebraic_Function_Ring.html"><h2>Padic_Semialgebraic_Function_Ring</h2></a></main>
+ </div>
+ </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/web/theories/risk_free_lending/index.html b/web/theories/risk_free_lending/index.html
new file mode 100644
--- /dev/null
+++ b/web/theories/risk_free_lending/index.html
@@ -0,0 +1,83 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>Risk_Free_Lending - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><meta property="og:title" content="Risk_Free_Lending" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/theories/risk_free_lending/" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="theories" />
+
+<meta property="og:site_name" content="Archive of Formal Proofs" />
+
+<meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Risk_Free_Lending"/>
+<meta name="twitter:description" content=""/>
+
+
+ <link rel="stylesheet" type="text/css" href="../../css/front.min.css"><link rel="stylesheet" type="text/css" href="../../css/isabelle.css">
+
+
+ <link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
+ <script src="../../js/flexsearch.bundle.js"></script>
+ <script src="../../js/scroll-spy.js"></script>
+ <script src="../../js/theory.js"></script>
+ <script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
+</head>
+
+
+<body class='mathjax_ignore theories'>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
+ class="logo">
+ </a>
+ <ul id="return">
+ <li><a href="../../entries/Risk_Free_Lending.html">Return to entry</a></li>
+ </ul>
+ <hr>
+ <ul id="theory-navbar" class="list-group"></ul>
+ </div>
+ </nav>
+</div>
+
+ </aside>
+
+ <div
+ class='content '><header>
+ <form autocomplete="off" action="../../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1 >
+ <span class='first'>R</span>isk_<span class='first'>F</span>ree_<span class='first'>L</span>ending</h1>
+ <div>
+
+
+ </div>
+</header><div><main id="theories">
+ <a id="Risk_Free_Lending" href="https://www.isa-afp.org/browser_info/current/AFP/Risk_Free_Lending/Risk_Free_Lending.html"><h2>Risk_Free_Lending</h2></a></main>
+ </div>
+ </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/web/theories/scc_bloemen_sequential/index.html b/web/theories/scc_bloemen_sequential/index.html
new file mode 100644
--- /dev/null
+++ b/web/theories/scc_bloemen_sequential/index.html
@@ -0,0 +1,83 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>SCC_Bloemen_Sequential - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><meta property="og:title" content="SCC_Bloemen_Sequential" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/theories/scc_bloemen_sequential/" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="theories" />
+
+<meta property="og:site_name" content="Archive of Formal Proofs" />
+
+<meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="SCC_Bloemen_Sequential"/>
+<meta name="twitter:description" content=""/>
+
+
+ <link rel="stylesheet" type="text/css" href="../../css/front.min.css"><link rel="stylesheet" type="text/css" href="../../css/isabelle.css">
+
+
+ <link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
+ <script src="../../js/flexsearch.bundle.js"></script>
+ <script src="../../js/scroll-spy.js"></script>
+ <script src="../../js/theory.js"></script>
+ <script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
+</head>
+
+
+<body class='mathjax_ignore theories'>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
+ class="logo">
+ </a>
+ <ul id="return">
+ <li><a href="../../entries/SCC_Bloemen_Sequential.html">Return to entry</a></li>
+ </ul>
+ <hr>
+ <ul id="theory-navbar" class="list-group"></ul>
+ </div>
+ </nav>
+</div>
+
+ </aside>
+
+ <div
+ class='content '><header>
+ <form autocomplete="off" action="../../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1 >
+ <span class='first'>S</span><span class='first'>C</span><span class='first'>C</span>_<span class='first'>B</span>loemen_<span class='first'>S</span>equential</h1>
+ <div>
+
+
+ </div>
+</header><div><main id="theories">
+ <a id="SCC_Bloemen_Sequential" href="https://www.isa-afp.org/browser_info/current/AFP/SCC_Bloemen_Sequential/SCC_Bloemen_Sequential.html"><h2>SCC_Bloemen_Sequential</h2></a></main>
+ </div>
+ </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/web/theories/separation_logic_unbounded/index.html b/web/theories/separation_logic_unbounded/index.html
new file mode 100644
--- /dev/null
+++ b/web/theories/separation_logic_unbounded/index.html
@@ -0,0 +1,88 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>Separation_Logic_Unbounded - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><meta property="og:title" content="Separation_Logic_Unbounded" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/theories/separation_logic_unbounded/" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="theories" />
+
+<meta property="og:site_name" content="Archive of Formal Proofs" />
+
+<meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Separation_Logic_Unbounded"/>
+<meta name="twitter:description" content=""/>
+
+
+ <link rel="stylesheet" type="text/css" href="../../css/front.min.css"><link rel="stylesheet" type="text/css" href="../../css/isabelle.css">
+
+
+ <link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
+ <script src="../../js/flexsearch.bundle.js"></script>
+ <script src="../../js/scroll-spy.js"></script>
+ <script src="../../js/theory.js"></script>
+ <script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
+</head>
+
+
+<body class='mathjax_ignore theories'>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
+ class="logo">
+ </a>
+ <ul id="return">
+ <li><a href="../../entries/Separation_Logic_Unbounded.html">Return to entry</a></li>
+ </ul>
+ <hr>
+ <ul id="theory-navbar" class="list-group"></ul>
+ </div>
+ </nav>
+</div>
+
+ </aside>
+
+ <div
+ class='content '><header>
+ <form autocomplete="off" action="../../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1 >
+ <span class='first'>S</span>eparation_<span class='first'>L</span>ogic_<span class='first'>U</span>nbounded</h1>
+ <div>
+
+
+ </div>
+</header><div><main id="theories">
+ <a id="UnboundedLogic" href="https://www.isa-afp.org/browser_info/current/AFP/Separation_Logic_Unbounded/UnboundedLogic.html"><h2>UnboundedLogic</h2></a>
+ <a id="Distributivity" href="https://www.isa-afp.org/browser_info/current/AFP/Separation_Logic_Unbounded/Distributivity.html"><h2>Distributivity</h2></a>
+ <a id="Combinability" href="https://www.isa-afp.org/browser_info/current/AFP/Separation_Logic_Unbounded/Combinability.html"><h2>Combinability</h2></a>
+ <a id="FixedPoint" href="https://www.isa-afp.org/browser_info/current/AFP/Separation_Logic_Unbounded/FixedPoint.html"><h2>FixedPoint</h2></a>
+ <a id="WandProperties" href="https://www.isa-afp.org/browser_info/current/AFP/Separation_Logic_Unbounded/WandProperties.html"><h2>WandProperties</h2></a>
+ <a id="AutomaticVerifiers" href="https://www.isa-afp.org/browser_info/current/AFP/Separation_Logic_Unbounded/AutomaticVerifiers.html"><h2>AutomaticVerifiers</h2></a></main>
+ </div>
+ </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/web/theories/simplifiedontologicalargument/index.html b/web/theories/simplifiedontologicalargument/index.html
--- a/web/theories/simplifiedontologicalargument/index.html
+++ b/web/theories/simplifiedontologicalargument/index.html
@@ -1,95 +1,94 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>SimplifiedOntologicalArgument - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><meta property="og:title" content="SimplifiedOntologicalArgument" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/theories/simplifiedontologicalargument/" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="theories" />
<meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="SimplifiedOntologicalArgument"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css"><link rel="stylesheet" type="text/css" href="../../css/isabelle.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore theories'>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
class="logo">
</a>
<ul id="return">
<li><a href="../../entries/SimplifiedOntologicalArgument.html">Return to entry</a></li>
</ul>
<hr>
<ul id="theory-navbar" class="list-group"></ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>S</span>implified<span class='first'>O</span>ntological<span class='first'>A</span>rgument</h1>
<div>
</div>
</header><div><main id="theories">
<a id="HOML" href="https://www.isa-afp.org/browser_info/current/AFP/SimplifiedOntologicalArgument/HOML.html"><h2>HOML</h2></a>
- <a id="DisableKodkodScala" href="https://www.isa-afp.org/browser_info/current/AFP/SimplifiedOntologicalArgument/DisableKodkodScala.html"><h2>DisableKodkodScala</h2></a>
<a id="SimplifiedOntologicalArgument" href="https://www.isa-afp.org/browser_info/current/AFP/SimplifiedOntologicalArgument/SimplifiedOntologicalArgument.html"><h2>SimplifiedOntologicalArgument</h2></a>
<a id="MFilter" href="https://www.isa-afp.org/browser_info/current/AFP/SimplifiedOntologicalArgument/MFilter.html"><h2>MFilter</h2></a>
<a id="BaseDefs" href="https://www.isa-afp.org/browser_info/current/AFP/SimplifiedOntologicalArgument/BaseDefs.html"><h2>BaseDefs</h2></a>
<a id="ScottVariant" href="https://www.isa-afp.org/browser_info/current/AFP/SimplifiedOntologicalArgument/ScottVariant.html"><h2>ScottVariant</h2></a>
<a id="UFilterVariant" href="https://www.isa-afp.org/browser_info/current/AFP/SimplifiedOntologicalArgument/UFilterVariant.html"><h2>UFilterVariant</h2></a>
<a id="SimpleVariant" href="https://www.isa-afp.org/browser_info/current/AFP/SimplifiedOntologicalArgument/SimpleVariant.html"><h2>SimpleVariant</h2></a>
<a id="SimpleVariantPG" href="https://www.isa-afp.org/browser_info/current/AFP/SimplifiedOntologicalArgument/SimpleVariantPG.html"><h2>SimpleVariantPG</h2></a>
<a id="SimpleVariantSE" href="https://www.isa-afp.org/browser_info/current/AFP/SimplifiedOntologicalArgument/SimpleVariantSE.html"><h2>SimpleVariantSE</h2></a>
<a id="SimpleVariantSEinT" href="https://www.isa-afp.org/browser_info/current/AFP/SimplifiedOntologicalArgument/SimpleVariantSEinT.html"><h2>SimpleVariantSEinT</h2></a>
<a id="SimpleVariantHF" href="https://www.isa-afp.org/browser_info/current/AFP/SimplifiedOntologicalArgument/SimpleVariantHF.html"><h2>SimpleVariantHF</h2></a>
<a id="KanckosLethenNo2Possibilist" href="https://www.isa-afp.org/browser_info/current/AFP/SimplifiedOntologicalArgument/KanckosLethenNo2Possibilist.html"><h2>KanckosLethenNo2Possibilist</h2></a></main>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/computer-science/algorithms/graph/index.html b/web/topics/computer-science/algorithms/graph/index.html
--- a/web/topics/computer-science/algorithms/graph/index.html
+++ b/web/topics/computer-science/algorithms/graph/index.html
@@ -1,201 +1,210 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Computer science/Algorithms/Graph - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../../../topics/computer-science/algorithms/graph/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="Computer science/Algorithms/Graph" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/computer-science/algorithms/graph/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Computer science/Algorithms/Graph"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../../css/front.min.css">
<link rel="icon" href="../../../../images/favicon.ico" type="image/icon"><script src="../../../../js/obfuscate.js"></script>
<script src="../../../../js/flexsearch.bundle.js"></script>
<script src="../../../../js/scroll-spy.js"></script>
<script src="../../../../js/theory.js"></script>
<script src="../../../../js/util.js"></script><script src="../../../../js/header-search.js"></script><script src="../../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../../" class='logo-link'>
<img src="../../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../../../search"><img src="../../../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../../../" class='logo-link'>
<img src="../../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../../../"><li >Home</li></a>
<a href="../../../../topics/"><li >Topics</li></a>
<a href="../../../../download/"><li >Download</li></a>
<a href="../../../../help/"><li >Help</li></a>
<a href="../../../../submission/"><li >Submission</li></a>
<a href="../../../../statistics/"><li >Statistics</li></a>
<a href="../../../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>C</span>omputer <span class='first'>S</span>cience/<span class='first'>A</span>lgorithms/<span class='first'>G</span>raph</h1>
<div>
</div>
</header><div><h2>Subject Classification</h2><h3>AMS</h3>
<a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=05C85">Combinatorics / Graph theory / Graph algorithms</a><h3>ACM</h3>
-<a href="https://dl.acm.org/topic/ccs2012/10003752.10003809.10003635">Theory of computation~Graph algorithms analysis</a><h2 class="head">2020</h2><article class="entry">
+<a href="https://dl.acm.org/topic/ccs2012/10003752.10003809.10003635">Theory of computation~Graph algorithms analysis</a><h2 class="head">2022</h2><article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../../../entries/SCC_Bloemen_Sequential.html">Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</a></h5> <br>by <a href="../../../../authors/merz">Stephan Merz</a> and <a href="../../../../authors/trelat">Vincent Trélat</a></div>
+ <span class="date">
+ Aug 17
+ </span>
+</article>
+
+
+<h2 class="head">2020</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Relational_Minimum_Spanning_Trees.html">Relational Minimum Spanning Tree Algorithms</a></h5> <br>by <a href="../../../../authors/guttmann">Walter Guttmann</a> and <a href="../../../../authors/brien">Nicolas Robinson-O&rsquo;Brien</a></div>
<span class="date">
Dec 08
</span>
</article>
<h2 class="head">2019</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Prim_Dijkstra_Simple.html">Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra</a></h5> <br>by <a href="../../../../authors/lammich">Peter Lammich</a> and <a href="../../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Kruskal.html">Kruskal&#39;s Algorithm for Minimum Spanning Forest</a></h5> <br>by <a href="../../../../authors/haslbeckm">Maximilian P. L. Haslbeck</a>, <a href="../../../../authors/lammich">Peter Lammich</a> and <a href="../../../../authors/biendarra">Julian Biendarra</a></div>
<span class="date">
Feb 14
</span>
</article>
<h2 class="head">2017</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Prpu_Maxflow.html">Formalizing Push-Relabel Algorithms</a></h5> <br>by <a href="../../../../authors/lammich">Peter Lammich</a> and <a href="../../../../authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Floyd_Warshall.html">The Floyd-Warshall Algorithm for Shortest Paths</a></h5> <br>by <a href="../../../../authors/wimmer">Simon Wimmer</a> and <a href="../../../../authors/lammich">Peter Lammich</a></div>
<span class="date">
May 08
</span>
</article>
<h2 class="head">2016</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/EdmondsKarp_Maxflow.html">Formalizing the Edmonds-Karp Algorithm</a></h5> <br>by <a href="../../../../authors/lammich">Peter Lammich</a> and <a href="../../../../authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/DFS_Framework.html">A Framework for Verifying Depth-First Search Algorithms</a></h5> <br>by <a href="../../../../authors/lammich">Peter Lammich</a> and <a href="../../../../authors/neumann">René Neumann</a></div>
<span class="date">
Jul 05
</span>
</article>
<h2 class="head">2014</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Gabow_SCC.html">Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</a></h5> <br>by <a href="../../../../authors/lammich">Peter Lammich</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Roy_Floyd_Warshall.html">Transitive closure according to Roy-Floyd-Warshall</a></h5> <br>by <a href="../../../../authors/wenzel">Makarius Wenzel</a></div>
<span class="date">
May 23
</span>
</article>
<h2 class="head">2012</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Transitive-Closure-II.html">Executable Transitive Closures</a></h5> <br>by <a href="../../../../authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Dijkstra_Shortest_Path.html">Dijkstra&#39;s Shortest Path Algorithm</a></h5> <br>by <a href="../../../../authors/nordhoff">Benedikt Nordhoff</a> and <a href="../../../../authors/lammich">Peter Lammich</a></div>
<span class="date">
Jan 30
</span>
</article>
<h2 class="head">2011</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Transitive-Closure.html">Executable Transitive Closures of Finite Relations</a></h5> <br>by <a href="../../../../authors/sternagel">Christian Sternagel</a> and <a href="../../../../authors/thiemann">René Thiemann</a></div>
<span class="date">
Mar 14
</span>
</article>
<h2 class="head">2010</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/GraphMarkingIBP.html">Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement</a></h5> <br>by <a href="../../../../authors/preoteasa">Viorel Preoteasa</a> and <a href="../../../../authors/back">Ralph-Johan Back</a></div>
<span class="date">
May 28
</span>
</article>
<h2 class="head">2004</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Depth-First-Search.html">Depth First Search</a></h5> <br>by <a href="../../../../authors/nishihara">Toshiaki Nishihara</a> and <a href="../../../../authors/minamide">Yasuhiko Minamide</a></div>
<span class="date">
Jun 24
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/computer-science/algorithms/graph/index.xml b/web/topics/computer-science/algorithms/graph/index.xml
--- a/web/topics/computer-science/algorithms/graph/index.xml
+++ b/web/topics/computer-science/algorithms/graph/index.xml
@@ -1,136 +1,145 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Computer science/Algorithms/Graph on Archive of Formal Proofs</title>
<link>/topics/computer-science/algorithms/graph/</link>
<description>Recent content in Computer science/Algorithms/Graph on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language><atom:link href="/topics/computer-science/algorithms/graph/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</title>
+ <link>/entries/SCC_Bloemen_Sequential.html</link>
+ <pubDate>Wed, 17 Aug 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/SCC_Bloemen_Sequential.html</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Relational Minimum Spanning Tree Algorithms</title>
<link>/entries/Relational_Minimum_Spanning_Trees.html</link>
<pubDate>Tue, 08 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Minimum_Spanning_Trees.html</guid>
<description></description>
</item>
<item>
<title>Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra</title>
<link>/entries/Prim_Dijkstra_Simple.html</link>
<pubDate>Tue, 25 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Prim_Dijkstra_Simple.html</guid>
<description></description>
</item>
<item>
<title>Kruskal&#39;s Algorithm for Minimum Spanning Forest</title>
<link>/entries/Kruskal.html</link>
<pubDate>Thu, 14 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Kruskal.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Push-Relabel Algorithms</title>
<link>/entries/Prpu_Maxflow.html</link>
<pubDate>Thu, 01 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Prpu_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>The Floyd-Warshall Algorithm for Shortest Paths</title>
<link>/entries/Floyd_Warshall.html</link>
<pubDate>Mon, 08 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Floyd_Warshall.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Edmonds-Karp Algorithm</title>
<link>/entries/EdmondsKarp_Maxflow.html</link>
<pubDate>Fri, 12 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/EdmondsKarp_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>A Framework for Verifying Depth-First Search Algorithms</title>
<link>/entries/DFS_Framework.html</link>
<pubDate>Tue, 05 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/DFS_Framework.html</guid>
<description></description>
</item>
<item>
<title>Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</title>
<link>/entries/Gabow_SCC.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Gabow_SCC.html</guid>
<description></description>
</item>
<item>
<title>Transitive closure according to Roy-Floyd-Warshall</title>
<link>/entries/Roy_Floyd_Warshall.html</link>
<pubDate>Fri, 23 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Roy_Floyd_Warshall.html</guid>
<description></description>
</item>
<item>
<title>Executable Transitive Closures</title>
<link>/entries/Transitive-Closure-II.html</link>
<pubDate>Wed, 29 Feb 2012 00:00:00 +0000</pubDate>
<guid>/entries/Transitive-Closure-II.html</guid>
<description></description>
</item>
<item>
<title>Dijkstra&#39;s Shortest Path Algorithm</title>
<link>/entries/Dijkstra_Shortest_Path.html</link>
<pubDate>Mon, 30 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Dijkstra_Shortest_Path.html</guid>
<description></description>
</item>
<item>
<title>Executable Transitive Closures of Finite Relations</title>
<link>/entries/Transitive-Closure.html</link>
<pubDate>Mon, 14 Mar 2011 00:00:00 +0000</pubDate>
<guid>/entries/Transitive-Closure.html</guid>
<description></description>
</item>
<item>
<title>Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement</title>
<link>/entries/GraphMarkingIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/GraphMarkingIBP.html</guid>
<description></description>
</item>
<item>
<title>Depth First Search</title>
<link>/entries/Depth-First-Search.html</link>
<pubDate>Thu, 24 Jun 2004 00:00:00 +0000</pubDate>
<guid>/entries/Depth-First-Search.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/computer-science/algorithms/index.html b/web/topics/computer-science/algorithms/index.html
--- a/web/topics/computer-science/algorithms/index.html
+++ b/web/topics/computer-science/algorithms/index.html
@@ -1,784 +1,791 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Computer science/Algorithms - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../../topics/computer-science/algorithms/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="Computer science/Algorithms" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/computer-science/algorithms/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Computer science/Algorithms"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../css/front.min.css">
<link rel="icon" href="../../../images/favicon.ico" type="image/icon"><script src="../../../js/obfuscate.js"></script>
<script src="../../../js/flexsearch.bundle.js"></script>
<script src="../../../js/scroll-spy.js"></script>
<script src="../../../js/theory.js"></script>
<script src="../../../js/util.js"></script><script src="../../../js/header-search.js"></script><script src="../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../../search"><img src="../../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../../"><li >Home</li></a>
<a href="../../../topics/"><li >Topics</li></a>
<a href="../../../download/"><li >Download</li></a>
<a href="../../../help/"><li >Help</li></a>
<a href="../../../submission/"><li >Submission</li></a>
<a href="../../../statistics/"><li >Statistics</li></a>
<a href="../../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>C</span>omputer <span class='first'>S</span>cience/<span class='first'>A</span>lgorithms</h1>
<div>
</div>
</header><div><h2>Subject Classification</h2><h3>AMS</h3>
<a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=68Wxx">Computer science / Algorithms in computer science</a><h3>ACM</h3>
<a href="https://dl.acm.org/topic/ccs2012/10003752.10003809">Theory of computation~Design and analysis of algorithms</a><h2 class="head">2022</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Number_Theoretic_Transform.html">Number Theoretic Transform</a></h5> <br>by <a href="../../../authors/ammer">Thomas Ammer</a> and <a href="../../../authors/kreuzer">Katharina Kreuzer</a></div>
<span class="date">
Aug 18
</span>
</article>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../../../entries/SCC_Bloemen_Sequential.html">Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</a></h5> <br>by <a href="../../../authors/merz">Stephan Merz</a> and <a href="../../../authors/trelat">Vincent Trélat</a></div>
+ <span class="date">
+ Aug 17
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../../../entries/FSM_Tests.html">Verified Complete Test Strategies for Finite State Machines</a></h5> <br>by <a href="../../../authors/sachtleben">Robert Sachtleben</a></div>
<span class="date">
Aug 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Frequency_Moments.html">Formalization of Randomized Approximation Algorithms for Frequency Moments</a></h5> <br>by <a href="../../../authors/karayel">Emin Karayel</a></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Prefix_Free_Code_Combinators.html">A Combinator Library for Prefix-Free Codes</a></h5> <br>by <a href="../../../authors/karayel">Emin Karayel</a></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Universal_Hash_Families.html">Universal Hash Families</a></h5> <br>by <a href="../../../authors/karayel">Emin Karayel</a></div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/VYDRA_MDL.html">Multi-Head Monitoring of Metric Dynamic Logic</a></h5> <br>by <a href="../../../authors/raszyk">Martin Raszyk</a></div>
<span class="date">
Feb 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Equivalence_Relation_Enumeration.html">Enumeration of Equivalence Relations</a></h5> <br>by <a href="../../../authors/karayel">Emin Karayel</a></div>
<span class="date">
Feb 04
</span>
</article>
<h2 class="head">2021</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Gale_Shapley.html">Gale-Shapley Algorithm</a></h5> <br>by <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Dec 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/MDP-Algorithms.html">Verified Algorithms for Solving Markov Decision Processes</a></h5> <br>by <a href="../../../authors/schaeffeler">Maximilian Schäffeler</a> and <a href="../../../authors/abdulaziz">Mohammad Abdulaziz</a></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Registers.html">Quantum and Classical Registers</a></h5> <br>by <a href="../../../authors/unruh">Dominique Unruh</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Virtual_Substitution.html">Verified Quadratic Virtual Substitution for Real Arithmetic</a></h5> <br>by <a href="../../../authors/scharager">Matias Scharager</a>, <a href="../../../authors/cordwell">Katherine Cordwell</a>, <a href="../../../authors/mitsch">Stefan Mitsch</a> and <a href="../../../authors/platzer">André Platzer</a></div>
<span class="date">
Oct 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Regression_Test_Selection.html">Regression Test Selection</a></h5> <br>by <a href="../../../authors/mansky">Susannah Mansky</a></div>
<span class="date">
Apr 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/BenOr_Kozen_Reif.html">The BKR Decision Procedure for Univariate Real Arithmetic</a></h5> <br>by <a href="../../../authors/cordwell">Katherine Cordwell</a>, <a href="../../../authors/tan">Yong Kiam Tan</a> and <a href="../../../authors/platzer">André Platzer</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Progress_Tracking.html">Formalization of Timely Dataflow&#39;s Progress Tracking Protocol</a></h5> <br>by <a href="../../../authors/brun">Matthias Brun</a>, <a href="../../../authors/decova">Sára Decova</a>, <a href="../../../authors/lattuada">Andrea Lattuada</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Modular_arithmetic_LLL_and_HNF_algorithms.html">Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation</a></h5> <br>by <a href="../../../authors/bottesch">Ralph Bottesch</a>, <a href="../../../authors/divason">Jose Divasón</a> and <a href="../../../authors/thiemann">René Thiemann</a></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Projective_Measurements.html">Quantum projective measurements and the CHSH inequality</a></h5> <br>by <a href="../../../authors/echenim">Mnacho Echenim</a></div>
<span class="date">
Mar 03
</span>
</article>
<h2 class="head">2020</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Relational_Minimum_Spanning_Trees.html">Relational Minimum Spanning Tree Algorithms</a></h5> <br>by <a href="../../../authors/guttmann">Walter Guttmann</a> and <a href="../../../authors/brien">Nicolas Robinson-O&rsquo;Brien</a></div>
<span class="date">
Dec 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Isabelle_Marries_Dirac.html">Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information</a></h5> <br>by <a href="../../../authors/bordg">Anthony Bordg</a>, <a href="../../../authors/lachnitt">Hanna Lachnitt</a> and <a href="../../../authors/he">Yijun He</a></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/PAC_Checker.html">Practical Algebraic Calculus Checker</a></h5> <br>by <a href="../../../authors/fleury">Mathias Fleury</a> and <a href="../../../authors/kaufmann">Daniela Kaufmann</a></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Chandy_Lamport.html">A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm</a></h5> <br>by <a href="../../../authors/fiedler">Ben Fiedler</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Safe_Distance.html">A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles</a></h5> <br>by <a href="../../../authors/rizaldi">Albert Rizaldi</a> and <a href="../../../authors/immler">Fabian Immler</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Smith_Normal_Form.html">A verified algorithm for computing the Smith normal form of a matrix</a></h5> <br>by <a href="../../../authors/divason">Jose Divasón</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Sliding_Window_Algorithm.html">Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows</a></h5> <br>by <a href="../../../authors/heimes">Lukas Heimes</a>, <a href="../../../authors/traytel">Dmitriy Traytel</a> and <a href="../../../authors/schneider">Joshua Schneider</a></div>
<span class="date">
Apr 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/MFODL_Monitor_Optimized.html">Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</a></h5> <br>by <a href="../../../authors/dardinier">Thibault Dardinier</a>, <a href="../../../authors/heimes">Lukas Heimes</a>, <a href="../../../authors/raszyk">Martin Raszyk</a>, <a href="../../../authors/schneider">Joshua Schneider</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/WOOT_Strong_Eventual_Consistency.html">Strong Eventual Consistency of the Collaborative Editing Framework WOOT</a></h5> <br>by <a href="../../../authors/karayel">Emin Karayel</a> and <a href="../../../authors/gonzalez">Edgar Gonzàlez</a></div>
<span class="date">
Mar 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Approximation_Algorithms.html">Verified Approximation Algorithms</a></h5> <br>by <a href="../../../authors/essmann">Robin Eßmann</a>, <a href="../../../authors/nipkow">Tobias Nipkow</a>, <a href="../../../authors/robillard">Simon Robillard</a> and <a href="../../../authors/sulejmani">Ujkan Sulejmani</a></div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Closest_Pair_Points.html">Closest Pair of Points Algorithms</a></h5> <br>by <a href="../../../authors/rau">Martin Rau</a> and <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jan 13
</span>
</article>
<h2 class="head">2019</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Generalized_Counting_Sort.html">An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges</a></h5> <br>by <a href="../../../authors/noce">Pasquale Noce</a></div>
<span class="date">
Dec 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/VerifyThis2019.html">VerifyThis 2019 -- Polished Isabelle Solutions</a></h5> <br>by <a href="../../../authors/lammich">Peter Lammich</a> and <a href="../../../authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Oct 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Generic_Join.html">Formalization of Multiway-Join Algorithms</a></h5> <br>by <a href="../../../authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Adaptive_State_Counting.html">Formalisation of an Adaptive State Counting Algorithm</a></h5> <br>by <a href="../../../authors/sachtleben">Robert Sachtleben</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Stellar_Quorums.html">Stellar Quorum Systems</a></h5> <br>by <a href="../../../authors/losa">Giuliano Losa</a></div>
<span class="date">
Aug 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/MFOTL_Monitor.html">Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</a></h5> <br>by <a href="../../../authors/schneider">Joshua Schneider</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Prim_Dijkstra_Simple.html">Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra</a></h5> <br>by <a href="../../../authors/lammich">Peter Lammich</a> and <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/IMP2_Binary_Heap.html">Binary Heaps for IMP2</a></h5> <br>by <a href="../../../authors/griebel">Simon Griebel</a></div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Kruskal.html">Kruskal&#39;s Algorithm for Minimum Spanning Forest</a></h5> <br>by <a href="../../../authors/haslbeckm">Maximilian P. L. Haslbeck</a>, <a href="../../../authors/lammich">Peter Lammich</a> and <a href="../../../authors/biendarra">Julian Biendarra</a></div>
<span class="date">
Feb 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/List_Inversions.html">The Inversions of a List</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/IMP2.html">IMP2 – Simple Program Verification in Isabelle/HOL</a></h5> <br>by <a href="../../../authors/lammich">Peter Lammich</a> and <a href="../../../authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Jan 15
</span>
</article>
<h2 class="head">2018</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Auto2_Imperative_HOL.html">Verifying Imperative Programs using Auto2</a></h5> <br>by <a href="../../../authors/zhan">Bohua Zhan</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Signature_Groebner.html">Signature-Based Gröbner Basis Algorithms</a></h5> <br>by <a href="../../../authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Simplex.html">An Incremental Simplex Algorithm with Unsatisfiable Core Generation</a></h5> <br>by <a href="../../../authors/maricf">Filip Marić</a>, <a href="../../../authors/spasic">Mirko Spasić</a> and <a href="../../../authors/thiemann">René Thiemann</a></div>
<span class="date">
Aug 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Optimal_BST.html">Optimal Binary Search Trees</a></h5> <br>by <a href="../../../authors/nipkow">Tobias Nipkow</a> and <a href="../../../authors/somogyi">Dániel Somogyi</a></div>
<span class="date">
May 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Hidden_Markov_Models.html">Hidden Markov Models</a></h5> <br>by <a href="../../../authors/wimmer">Simon Wimmer</a></div>
<span class="date">
May 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Monad_Memo_DP.html">Monadification, Memoization and Dynamic Programming</a></h5> <br>by <a href="../../../authors/wimmer">Simon Wimmer</a>, <a href="../../../authors/hu">Shuwei Hu</a> and <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/OpSets.html">OpSets: Sequential Specifications for Replicated Datatypes</a></h5> <br>by <a href="../../../authors/kleppmann">Martin Kleppmann</a>, <a href="../../../authors/gomes">Victor B. F. Gomes</a>, <a href="../../../authors/mulligan">Dominic P. Mulligan</a> and <a href="../../../authors/beresford">Alastair R. Beresford</a></div>
<span class="date">
May 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/VerifyThis2018.html">VerifyThis 2018 - Polished Isabelle Solutions</a></h5> <br>by <a href="../../../authors/lammich">Peter Lammich</a> and <a href="../../../authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/First_Order_Terms.html">First-Order Terms</a></h5> <br>by <a href="../../../authors/sternagel">Christian Sternagel</a> and <a href="../../../authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/LLL_Basis_Reduction.html">A verified LLL algorithm</a></h5> <br>by <a href="../../../authors/bottesch">Ralph Bottesch</a>, <a href="../../../authors/divason">Jose Divasón</a>, <a href="../../../authors/haslbeck">Max W. Haslbeck</a>, <a href="../../../authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="../../../authors/thiemann">René Thiemann</a> and <a href="../../../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Feb 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Taylor_Models.html">Taylor Models</a></h5> <br>by <a href="../../../authors/traut">Christoph Traut</a> and <a href="../../../authors/immler">Fabian Immler</a></div>
<span class="date">
Jan 08
</span>
</article>
<h2 class="head">2017</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Median_Of_Medians_Selection.html">The Median-of-Medians Selection Algorithm</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Knuth_Morris_Pratt.html">The string search algorithm by Knuth, Morris and Pratt</a></h5> <br>by <a href="../../../authors/hellauer">Fabian Hellauer</a> and <a href="../../../authors/lammich">Peter Lammich</a></div>
<span class="date">
Dec 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/IMAP-CRDT.html">The IMAP CmRDT</a></h5> <br>by <a href="../../../authors/jungnickel">Tim Jungnickel</a>, <a href="../../../authors/oldenburg">Lennart Oldenburg</a> and <a href="../../../authors/loibl">Matthias Loibl</a></div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Diophantine_Eqns_Lin_Hom.html">Homogeneous Linear Diophantine Equations</a></h5> <br>by <a href="../../../authors/messner">Florian Messner</a>, <a href="../../../authors/parsert">Julian Parsert</a>, <a href="../../../authors/schoepf">Jonas Schöpf</a> and <a href="../../../authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Oct 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/CRDT.html">A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes</a></h5> <br>by <a href="../../../authors/gomes">Victor B. F. Gomes</a>, <a href="../../../authors/kleppmann">Martin Kleppmann</a>, <a href="../../../authors/mulligan">Dominic P. Mulligan</a> and <a href="../../../authors/beresford">Alastair R. Beresford</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Prpu_Maxflow.html">Formalizing Push-Relabel Algorithms</a></h5> <br>by <a href="../../../authors/lammich">Peter Lammich</a> and <a href="../../../authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Floyd_Warshall.html">The Floyd-Warshall Algorithm for Shortest Paths</a></h5> <br>by <a href="../../../authors/wimmer">Simon Wimmer</a> and <a href="../../../authors/lammich">Peter Lammich</a></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Probabilistic_While.html">Probabilistic while loop</a></h5> <br>by <a href="../../../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Quick_Sort_Cost.html">The number of comparisons in QuickSort</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Comparison_Sort_Lower_Bound.html">Lower bound on comparison-based sorting algorithms</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 15
</span>
</article>
<h2 class="head">2016</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Fisher_Yates.html">Fisher–Yates shuffle</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/EdmondsKarp_Maxflow.html">Formalizing the Edmonds-Karp Algorithm</a></h5> <br>by <a href="../../../authors/lammich">Peter Lammich</a> and <a href="../../../authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/DFS_Framework.html">A Framework for Verifying Depth-First Search Algorithms</a></h5> <br>by <a href="../../../authors/lammich">Peter Lammich</a> and <a href="../../../authors/neumann">René Neumann</a></div>
<span class="date">
Jul 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Groebner_Bases.html">Gröbner Bases Theory</a></h5> <br>by <a href="../../../authors/immler">Fabian Immler</a> and <a href="../../../authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/ROBDD.html">Algorithms for Reduced Ordered Binary Decision Diagrams</a></h5> <br>by <a href="../../../authors/michaelis">Julius Michaelis</a>, <a href="../../../authors/haslbeck">Max W. Haslbeck</a>, <a href="../../../authors/lammich">Peter Lammich</a> and <a href="../../../authors/hupel">Lars Hupel</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/CYK.html">A formalisation of the Cocke-Younger-Kasami algorithm</a></h5> <br>by <a href="../../../authors/bortin">Maksym Bortin</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/List_Update.html">Analysis of List Update Algorithms</a></h5> <br>by <a href="../../../authors/haslbeckm">Maximilian P. L. Haslbeck</a> and <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 17
</span>
</article>
<h2 class="head">2015</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/TortoiseHare.html">The Tortoise and Hare Algorithm</a></h5> <br>by <a href="../../../authors/gammie">Peter Gammie</a></div>
<span class="date">
Nov 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Hermite.html">Hermite Normal Form</a></h5> <br>by <a href="../../../authors/divason">Jose Divasón</a> and <a href="../../../authors/aransay">Jesús Aransay</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/ConcurrentGC.html">Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO</a></h5> <br>by <a href="../../../authors/gammie">Peter Gammie</a>, <a href="../../../authors/hosking">Tony Hosking</a> and <a href="../../../authors/engelhardt">Kai Engelhardt</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Consensus_Refined.html">Consensus Refined</a></h5> <br>by <a href="../../../authors/maric">Ognjen Marić</a> and <a href="../../../authors/sprenger">Christoph Sprenger</a></div>
<span class="date">
Mar 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/QR_Decomposition.html">QR Decomposition</a></h5> <br>by <a href="../../../authors/divason">Jose Divasón</a> and <a href="../../../authors/aransay">Jesús Aransay</a></div>
<span class="date">
Feb 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Echelon_Form.html">Echelon Form</a></h5> <br>by <a href="../../../authors/divason">Jose Divasón</a> and <a href="../../../authors/aransay">Jesús Aransay</a></div>
<span class="date">
Feb 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/UpDown_Scheme.html">Verification of the UpDown Scheme</a></h5> <br>by <a href="../../../authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
Jan 28
</span>
</article>
<h2 class="head">2014</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Imperative_Insertion_Sort.html">Imperative Insertion Sort</a></h5> <br>by <a href="../../../authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Sep 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Gauss_Jordan.html">Gauss-Jordan Algorithm and Its Applications</a></h5> <br>by <a href="../../../authors/divason">Jose Divasón</a> and <a href="../../../authors/aransay">Jesús Aransay</a></div>
<span class="date">
Sep 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Boolean_Expression_Checkers.html">Boolean Expression Checkers</a></h5> <br>by <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Gabow_SCC.html">Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</a></h5> <br>by <a href="../../../authors/lammich">Peter Lammich</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Roy_Floyd_Warshall.html">Transitive closure according to Roy-Floyd-Warshall</a></h5> <br>by <a href="../../../authors/wenzel">Makarius Wenzel</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Selection_Heap_Sort.html">Verification of Selection and Heap Sort Using Locales</a></h5> <br>by <a href="../../../authors/petrovic">Danijela Petrovic</a></div>
<span class="date">
Feb 11
</span>
</article>
<h2 class="head">2012</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Heard_Of.html">Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model</a></h5> <br>by <a href="../../../authors/debrat">Henri Debrat</a> and <a href="../../../authors/merz">Stephan Merz</a></div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Abortable_Linearizable_Modules.html">Abortable Linearizable Modules</a></h5> <br>by <a href="../../../authors/guerraoui">Rachid Guerraoui</a>, <a href="../../../authors/kuncak">Viktor Kuncak</a> and <a href="../../../authors/losa">Giuliano Losa</a></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Transitive-Closure-II.html">Executable Transitive Closures</a></h5> <br>by <a href="../../../authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Dijkstra_Shortest_Path.html">Dijkstra&#39;s Shortest Path Algorithm</a></h5> <br>by <a href="../../../authors/nordhoff">Benedikt Nordhoff</a> and <a href="../../../authors/lammich">Peter Lammich</a></div>
<span class="date">
Jan 30
</span>
</article>
<h2 class="head">2011</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Efficient-Mergesort.html">Efficient Mergesort</a></h5> <br>by <a href="../../../authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Gauss-Jordan-Elim-Fun.html">Gauss-Jordan Elimination for Matrices Represented as Functions</a></h5> <br>by <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Transitive-Closure.html">Executable Transitive Closures of Finite Relations</a></h5> <br>by <a href="../../../authors/sternagel">Christian Sternagel</a> and <a href="../../../authors/thiemann">René Thiemann</a></div>
<span class="date">
Mar 14
</span>
</article>
<h2 class="head">2010</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Polynomials.html">Executable Multivariate Polynomials</a></h5> <br>by <a href="../../../authors/sternagel">Christian Sternagel</a>, <a href="../../../authors/thiemann">René Thiemann</a>, <a href="../../../authors/maletzky">Alexander Maletzky</a>, <a href="../../../authors/immler">Fabian Immler</a>, <a href="../../../authors/haftmann">Florian Haftmann</a>, <a href="../../../authors/lochbihler">Andreas Lochbihler</a> and <a href="../../../authors/bentkamp">Alexander Bentkamp</a></div>
<span class="date">
Aug 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/GraphMarkingIBP.html">Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement</a></h5> <br>by <a href="../../../authors/preoteasa">Viorel Preoteasa</a> and <a href="../../../authors/back">Ralph-Johan Back</a></div>
<span class="date">
May 28
</span>
</article>
<h2 class="head">2008</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/SATSolverVerification.html">Formal Verification of Modern SAT Solvers</a></h5> <br>by <a href="../../../authors/maricf">Filip Marić</a></div>
<span class="date">
Jul 23
</span>
</article>
<h2 class="head">2007</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/MuchAdoAboutTwo.html">Much Ado About Two</a></h5> <br>by <a href="../../../authors/boehme">Sascha Böhme</a></div>
<span class="date">
Nov 06
</span>
</article>
<h2 class="head">2006</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/ClockSynchInst.html">Instances of Schneider&#39;s generalized protocol of clock synchronization</a></h5> <br>by <a href="../../../authors/barsotti">Damián Barsotti</a></div>
<span class="date">
Mar 15
</span>
</article>
<h2 class="head">2005</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/FFT.html">Fast Fourier Transform</a></h5> <br>by <a href="../../../authors/ballarin">Clemens Ballarin</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/GenClock.html">Formalization of a Generalized Protocol for Clock Synchronization</a></h5> <br>by <a href="../../../authors/tiu">Alwen Tiu</a></div>
<span class="date">
Jun 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/DiskPaxos.html">Proving the Correctness of Disk Paxos</a></h5> <br>by <a href="../../../authors/jaskelioff">Mauro Jaskelioff</a> and <a href="../../../authors/merz">Stephan Merz</a></div>
<span class="date">
Jun 22
</span>
</article>
<h2 class="head">2004</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Depth-First-Search.html">Depth First Search</a></h5> <br>by <a href="../../../authors/nishihara">Toshiaki Nishihara</a> and <a href="../../../authors/minamide">Yasuhiko Minamide</a></div>
<span class="date">
Jun 24
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/computer-science/algorithms/index.xml b/web/topics/computer-science/algorithms/index.xml
--- a/web/topics/computer-science/algorithms/index.xml
+++ b/web/topics/computer-science/algorithms/index.xml
@@ -1,865 +1,874 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Computer science/Algorithms on Archive of Formal Proofs</title>
<link>/topics/computer-science/algorithms/</link>
<description>Recent content in Computer science/Algorithms on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language><atom:link href="/topics/computer-science/algorithms/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Number Theoretic Transform</title>
<link>/entries/Number_Theoretic_Transform.html</link>
<pubDate>Thu, 18 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/Number_Theoretic_Transform.html</guid>
<description></description>
</item>
<item>
+ <title>Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</title>
+ <link>/entries/SCC_Bloemen_Sequential.html</link>
+ <pubDate>Wed, 17 Aug 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/SCC_Bloemen_Sequential.html</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Verified Complete Test Strategies for Finite State Machines</title>
<link>/entries/FSM_Tests.html</link>
<pubDate>Tue, 09 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/FSM_Tests.html</guid>
<description></description>
</item>
<item>
<title>A Combinator Library for Prefix-Free Codes</title>
<link>/entries/Prefix_Free_Code_Combinators.html</link>
<pubDate>Fri, 08 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Prefix_Free_Code_Combinators.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Randomized Approximation Algorithms for Frequency Moments</title>
<link>/entries/Frequency_Moments.html</link>
<pubDate>Fri, 08 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Frequency_Moments.html</guid>
<description></description>
</item>
<item>
<title>Universal Hash Families</title>
<link>/entries/Universal_Hash_Families.html</link>
<pubDate>Sun, 20 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Universal_Hash_Families.html</guid>
<description></description>
</item>
<item>
<title>Multi-Head Monitoring of Metric Dynamic Logic</title>
<link>/entries/VYDRA_MDL.html</link>
<pubDate>Sun, 13 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/VYDRA_MDL.html</guid>
<description></description>
</item>
<item>
<title>Enumeration of Equivalence Relations</title>
<link>/entries/Equivalence_Relation_Enumeration.html</link>
<pubDate>Fri, 04 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Equivalence_Relation_Enumeration.html</guid>
<description></description>
</item>
<item>
<title>Gale-Shapley Algorithm</title>
<link>/entries/Gale_Shapley.html</link>
<pubDate>Wed, 29 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Gale_Shapley.html</guid>
<description></description>
</item>
<item>
<title>Verified Algorithms for Solving Markov Decision Processes</title>
<link>/entries/MDP-Algorithms.html</link>
<pubDate>Thu, 16 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/MDP-Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Quantum and Classical Registers</title>
<link>/entries/Registers.html</link>
<pubDate>Thu, 28 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Registers.html</guid>
<description></description>
</item>
<item>
<title>Verified Quadratic Virtual Substitution for Real Arithmetic</title>
<link>/entries/Virtual_Substitution.html</link>
<pubDate>Sat, 02 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Virtual_Substitution.html</guid>
<description></description>
</item>
<item>
<title>Regression Test Selection</title>
<link>/entries/Regression_Test_Selection.html</link>
<pubDate>Fri, 30 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Regression_Test_Selection.html</guid>
<description></description>
</item>
<item>
<title>The BKR Decision Procedure for Univariate Real Arithmetic</title>
<link>/entries/BenOr_Kozen_Reif.html</link>
<pubDate>Sat, 24 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/BenOr_Kozen_Reif.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Timely Dataflow&#39;s Progress Tracking Protocol</title>
<link>/entries/Progress_Tracking.html</link>
<pubDate>Tue, 13 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Progress_Tracking.html</guid>
<description></description>
</item>
<item>
<title>Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation</title>
<link>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</link>
<pubDate>Fri, 12 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</guid>
<description></description>
</item>
<item>
<title>Quantum projective measurements and the CHSH inequality</title>
<link>/entries/Projective_Measurements.html</link>
<pubDate>Wed, 03 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Projective_Measurements.html</guid>
<description></description>
</item>
<item>
<title>Relational Minimum Spanning Tree Algorithms</title>
<link>/entries/Relational_Minimum_Spanning_Trees.html</link>
<pubDate>Tue, 08 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Minimum_Spanning_Trees.html</guid>
<description></description>
</item>
<item>
<title>Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information</title>
<link>/entries/Isabelle_Marries_Dirac.html</link>
<pubDate>Sun, 22 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_Marries_Dirac.html</guid>
<description></description>
</item>
<item>
<title>Practical Algebraic Calculus Checker</title>
<link>/entries/PAC_Checker.html</link>
<pubDate>Mon, 31 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/PAC_Checker.html</guid>
<description></description>
</item>
<item>
<title>A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm</title>
<link>/entries/Chandy_Lamport.html</link>
<pubDate>Tue, 21 Jul 2020 00:00:00 +0000</pubDate>
<guid>/entries/Chandy_Lamport.html</guid>
<description></description>
</item>
<item>
<title>A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles</title>
<link>/entries/Safe_Distance.html</link>
<pubDate>Mon, 01 Jun 2020 00:00:00 +0000</pubDate>
<guid>/entries/Safe_Distance.html</guid>
<description></description>
</item>
<item>
<title>A verified algorithm for computing the Smith normal form of a matrix</title>
<link>/entries/Smith_Normal_Form.html</link>
<pubDate>Sat, 23 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Smith_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows</title>
<link>/entries/Sliding_Window_Algorithm.html</link>
<pubDate>Fri, 10 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Sliding_Window_Algorithm.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</title>
<link>/entries/MFODL_Monitor_Optimized.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/MFODL_Monitor_Optimized.html</guid>
<description></description>
</item>
<item>
<title>Strong Eventual Consistency of the Collaborative Editing Framework WOOT</title>
<link>/entries/WOOT_Strong_Eventual_Consistency.html</link>
<pubDate>Wed, 25 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/WOOT_Strong_Eventual_Consistency.html</guid>
<description></description>
</item>
<item>
<title>Verified Approximation Algorithms</title>
<link>/entries/Approximation_Algorithms.html</link>
<pubDate>Thu, 16 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Approximation_Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Closest Pair of Points Algorithms</title>
<link>/entries/Closest_Pair_Points.html</link>
<pubDate>Mon, 13 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Closest_Pair_Points.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges</title>
<link>/entries/Generalized_Counting_Sort.html</link>
<pubDate>Wed, 04 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generalized_Counting_Sort.html</guid>
<description></description>
</item>
<item>
<title>VerifyThis 2019 -- Polished Isabelle Solutions</title>
<link>/entries/VerifyThis2019.html</link>
<pubDate>Wed, 16 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/VerifyThis2019.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Multiway-Join Algorithms</title>
<link>/entries/Generic_Join.html</link>
<pubDate>Mon, 16 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generic_Join.html</guid>
<description></description>
</item>
<item>
<title>Formalisation of an Adaptive State Counting Algorithm</title>
<link>/entries/Adaptive_State_Counting.html</link>
<pubDate>Fri, 16 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Adaptive_State_Counting.html</guid>
<description></description>
</item>
<item>
<title>Stellar Quorum Systems</title>
<link>/entries/Stellar_Quorums.html</link>
<pubDate>Thu, 01 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Stellar_Quorums.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</title>
<link>/entries/MFOTL_Monitor.html</link>
<pubDate>Thu, 04 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/MFOTL_Monitor.html</guid>
<description></description>
</item>
<item>
<title>Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra</title>
<link>/entries/Prim_Dijkstra_Simple.html</link>
<pubDate>Tue, 25 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Prim_Dijkstra_Simple.html</guid>
<description></description>
</item>
<item>
<title>Binary Heaps for IMP2</title>
<link>/entries/IMP2_Binary_Heap.html</link>
<pubDate>Thu, 13 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2_Binary_Heap.html</guid>
<description></description>
</item>
<item>
<title>Kruskal&#39;s Algorithm for Minimum Spanning Forest</title>
<link>/entries/Kruskal.html</link>
<pubDate>Thu, 14 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Kruskal.html</guid>
<description></description>
</item>
<item>
<title>The Inversions of a List</title>
<link>/entries/List_Inversions.html</link>
<pubDate>Fri, 01 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/List_Inversions.html</guid>
<description></description>
</item>
<item>
<title>IMP2 – Simple Program Verification in Isabelle/HOL</title>
<link>/entries/IMP2.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2.html</guid>
<description></description>
</item>
<item>
<title>Verifying Imperative Programs using Auto2</title>
<link>/entries/Auto2_Imperative_HOL.html</link>
<pubDate>Fri, 21 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Auto2_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Signature-Based Gröbner Basis Algorithms</title>
<link>/entries/Signature_Groebner.html</link>
<pubDate>Thu, 20 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Signature_Groebner.html</guid>
<description></description>
</item>
<item>
<title>An Incremental Simplex Algorithm with Unsatisfiable Core Generation</title>
<link>/entries/Simplex.html</link>
<pubDate>Fri, 24 Aug 2018 00:00:00 +0000</pubDate>
<guid>/entries/Simplex.html</guid>
<description></description>
</item>
<item>
<title>Optimal Binary Search Trees</title>
<link>/entries/Optimal_BST.html</link>
<pubDate>Sun, 27 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Optimal_BST.html</guid>
<description></description>
</item>
<item>
<title>Hidden Markov Models</title>
<link>/entries/Hidden_Markov_Models.html</link>
<pubDate>Fri, 25 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hidden_Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>Monadification, Memoization and Dynamic Programming</title>
<link>/entries/Monad_Memo_DP.html</link>
<pubDate>Tue, 22 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Monad_Memo_DP.html</guid>
<description></description>
</item>
<item>
<title>OpSets: Sequential Specifications for Replicated Datatypes</title>
<link>/entries/OpSets.html</link>
<pubDate>Thu, 10 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/OpSets.html</guid>
<description></description>
</item>
<item>
<title>VerifyThis 2018 - Polished Isabelle Solutions</title>
<link>/entries/VerifyThis2018.html</link>
<pubDate>Fri, 27 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/VerifyThis2018.html</guid>
<description></description>
</item>
<item>
<title>First-Order Terms</title>
<link>/entries/First_Order_Terms.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/First_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>A verified LLL algorithm</title>
<link>/entries/LLL_Basis_Reduction.html</link>
<pubDate>Fri, 02 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/LLL_Basis_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Taylor Models</title>
<link>/entries/Taylor_Models.html</link>
<pubDate>Mon, 08 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Taylor_Models.html</guid>
<description></description>
</item>
<item>
<title>The Median-of-Medians Selection Algorithm</title>
<link>/entries/Median_Of_Medians_Selection.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Median_Of_Medians_Selection.html</guid>
<description></description>
</item>
<item>
<title>The string search algorithm by Knuth, Morris and Pratt</title>
<link>/entries/Knuth_Morris_Pratt.html</link>
<pubDate>Mon, 18 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Knuth_Morris_Pratt.html</guid>
<description></description>
</item>
<item>
<title>The IMAP CmRDT</title>
<link>/entries/IMAP-CRDT.html</link>
<pubDate>Thu, 09 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/IMAP-CRDT.html</guid>
<description></description>
</item>
<item>
<title>Homogeneous Linear Diophantine Equations</title>
<link>/entries/Diophantine_Eqns_Lin_Hom.html</link>
<pubDate>Sat, 14 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Diophantine_Eqns_Lin_Hom.html</guid>
<description></description>
</item>
<item>
<title>A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes</title>
<link>/entries/CRDT.html</link>
<pubDate>Fri, 07 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/CRDT.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Push-Relabel Algorithms</title>
<link>/entries/Prpu_Maxflow.html</link>
<pubDate>Thu, 01 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Prpu_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>The Floyd-Warshall Algorithm for Shortest Paths</title>
<link>/entries/Floyd_Warshall.html</link>
<pubDate>Mon, 08 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Floyd_Warshall.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic while loop</title>
<link>/entries/Probabilistic_While.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_While.html</guid>
<description></description>
</item>
<item>
<title>Lower bound on comparison-based sorting algorithms</title>
<link>/entries/Comparison_Sort_Lower_Bound.html</link>
<pubDate>Wed, 15 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Comparison_Sort_Lower_Bound.html</guid>
<description></description>
</item>
<item>
<title>The number of comparisons in QuickSort</title>
<link>/entries/Quick_Sort_Cost.html</link>
<pubDate>Wed, 15 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Quick_Sort_Cost.html</guid>
<description></description>
</item>
<item>
<title>Fisher–Yates shuffle</title>
<link>/entries/Fisher_Yates.html</link>
<pubDate>Fri, 30 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Fisher_Yates.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Edmonds-Karp Algorithm</title>
<link>/entries/EdmondsKarp_Maxflow.html</link>
<pubDate>Fri, 12 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/EdmondsKarp_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>A Framework for Verifying Depth-First Search Algorithms</title>
<link>/entries/DFS_Framework.html</link>
<pubDate>Tue, 05 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/DFS_Framework.html</guid>
<description></description>
</item>
<item>
<title>Gröbner Bases Theory</title>
<link>/entries/Groebner_Bases.html</link>
<pubDate>Mon, 02 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Groebner_Bases.html</guid>
<description></description>
</item>
<item>
<title>A formalisation of the Cocke-Younger-Kasami algorithm</title>
<link>/entries/CYK.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/CYK.html</guid>
<description></description>
</item>
<item>
<title>Algorithms for Reduced Ordered Binary Decision Diagrams</title>
<link>/entries/ROBDD.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/ROBDD.html</guid>
<description></description>
</item>
<item>
<title>Analysis of List Update Algorithms</title>
<link>/entries/List_Update.html</link>
<pubDate>Wed, 17 Feb 2016 00:00:00 +0000</pubDate>
<guid>/entries/List_Update.html</guid>
<description></description>
</item>
<item>
<title>The Tortoise and Hare Algorithm</title>
<link>/entries/TortoiseHare.html</link>
<pubDate>Wed, 18 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/TortoiseHare.html</guid>
<description></description>
</item>
<item>
<title>Hermite Normal Form</title>
<link>/entries/Hermite.html</link>
<pubDate>Tue, 07 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Hermite.html</guid>
<description></description>
</item>
<item>
<title>Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO</title>
<link>/entries/ConcurrentGC.html</link>
<pubDate>Mon, 13 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/ConcurrentGC.html</guid>
<description></description>
</item>
<item>
<title>Consensus Refined</title>
<link>/entries/Consensus_Refined.html</link>
<pubDate>Wed, 18 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Consensus_Refined.html</guid>
<description></description>
</item>
<item>
<title>Echelon Form</title>
<link>/entries/Echelon_Form.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Echelon_Form.html</guid>
<description></description>
</item>
<item>
<title>QR Decomposition</title>
<link>/entries/QR_Decomposition.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/QR_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Verification of the UpDown Scheme</title>
<link>/entries/UpDown_Scheme.html</link>
<pubDate>Wed, 28 Jan 2015 00:00:00 +0000</pubDate>
<guid>/entries/UpDown_Scheme.html</guid>
<description></description>
</item>
<item>
<title>Imperative Insertion Sort</title>
<link>/entries/Imperative_Insertion_Sort.html</link>
<pubDate>Thu, 25 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Imperative_Insertion_Sort.html</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan Algorithm and Its Applications</title>
<link>/entries/Gauss_Jordan.html</link>
<pubDate>Wed, 03 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Gauss_Jordan.html</guid>
<description></description>
</item>
<item>
<title>Boolean Expression Checkers</title>
<link>/entries/Boolean_Expression_Checkers.html</link>
<pubDate>Sun, 08 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/Boolean_Expression_Checkers.html</guid>
<description></description>
</item>
<item>
<title>Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</title>
<link>/entries/Gabow_SCC.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Gabow_SCC.html</guid>
<description></description>
</item>
<item>
<title>Transitive closure according to Roy-Floyd-Warshall</title>
<link>/entries/Roy_Floyd_Warshall.html</link>
<pubDate>Fri, 23 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Roy_Floyd_Warshall.html</guid>
<description></description>
</item>
<item>
<title>Verification of Selection and Heap Sort Using Locales</title>
<link>/entries/Selection_Heap_Sort.html</link>
<pubDate>Tue, 11 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Selection_Heap_Sort.html</guid>
<description></description>
</item>
<item>
<title>Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model</title>
<link>/entries/Heard_Of.html</link>
<pubDate>Fri, 27 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/Heard_Of.html</guid>
<description></description>
</item>
<item>
<title>Abortable Linearizable Modules</title>
<link>/entries/Abortable_Linearizable_Modules.html</link>
<pubDate>Thu, 01 Mar 2012 00:00:00 +0000</pubDate>
<guid>/entries/Abortable_Linearizable_Modules.html</guid>
<description></description>
</item>
<item>
<title>Executable Transitive Closures</title>
<link>/entries/Transitive-Closure-II.html</link>
<pubDate>Wed, 29 Feb 2012 00:00:00 +0000</pubDate>
<guid>/entries/Transitive-Closure-II.html</guid>
<description></description>
</item>
<item>
<title>Dijkstra&#39;s Shortest Path Algorithm</title>
<link>/entries/Dijkstra_Shortest_Path.html</link>
<pubDate>Mon, 30 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Dijkstra_Shortest_Path.html</guid>
<description></description>
</item>
<item>
<title>Efficient Mergesort</title>
<link>/entries/Efficient-Mergesort.html</link>
<pubDate>Wed, 09 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/Efficient-Mergesort.html</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan Elimination for Matrices Represented as Functions</title>
<link>/entries/Gauss-Jordan-Elim-Fun.html</link>
<pubDate>Fri, 19 Aug 2011 00:00:00 +0000</pubDate>
<guid>/entries/Gauss-Jordan-Elim-Fun.html</guid>
<description></description>
</item>
<item>
<title>Executable Transitive Closures of Finite Relations</title>
<link>/entries/Transitive-Closure.html</link>
<pubDate>Mon, 14 Mar 2011 00:00:00 +0000</pubDate>
<guid>/entries/Transitive-Closure.html</guid>
<description></description>
</item>
<item>
<title>Executable Multivariate Polynomials</title>
<link>/entries/Polynomials.html</link>
<pubDate>Tue, 10 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement</title>
<link>/entries/GraphMarkingIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/GraphMarkingIBP.html</guid>
<description></description>
</item>
<item>
<title>Formal Verification of Modern SAT Solvers</title>
<link>/entries/SATSolverVerification.html</link>
<pubDate>Wed, 23 Jul 2008 00:00:00 +0000</pubDate>
<guid>/entries/SATSolverVerification.html</guid>
<description></description>
</item>
<item>
<title>Much Ado About Two</title>
<link>/entries/MuchAdoAboutTwo.html</link>
<pubDate>Tue, 06 Nov 2007 00:00:00 +0000</pubDate>
<guid>/entries/MuchAdoAboutTwo.html</guid>
<description></description>
</item>
<item>
<title>Instances of Schneider&#39;s generalized protocol of clock synchronization</title>
<link>/entries/ClockSynchInst.html</link>
<pubDate>Wed, 15 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/ClockSynchInst.html</guid>
<description></description>
</item>
<item>
<title>Fast Fourier Transform</title>
<link>/entries/FFT.html</link>
<pubDate>Wed, 12 Oct 2005 00:00:00 +0000</pubDate>
<guid>/entries/FFT.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Generalized Protocol for Clock Synchronization</title>
<link>/entries/GenClock.html</link>
<pubDate>Fri, 24 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/GenClock.html</guid>
<description></description>
</item>
<item>
<title>Proving the Correctness of Disk Paxos</title>
<link>/entries/DiskPaxos.html</link>
<pubDate>Wed, 22 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/DiskPaxos.html</guid>
<description></description>
</item>
<item>
<title>Depth First Search</title>
<link>/entries/Depth-First-Search.html</link>
<pubDate>Thu, 24 Jun 2004 00:00:00 +0000</pubDate>
<guid>/entries/Depth-First-Search.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/computer-science/programming-languages/index.html b/web/topics/computer-science/programming-languages/index.html
--- a/web/topics/computer-science/programming-languages/index.html
+++ b/web/topics/computer-science/programming-languages/index.html
@@ -1,760 +1,767 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Computer science/Programming languages - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../../topics/computer-science/programming-languages/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="Computer science/Programming languages" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/computer-science/programming-languages/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Computer science/Programming languages"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../css/front.min.css">
<link rel="icon" href="../../../images/favicon.ico" type="image/icon"><script src="../../../js/obfuscate.js"></script>
<script src="../../../js/flexsearch.bundle.js"></script>
<script src="../../../js/scroll-spy.js"></script>
<script src="../../../js/theory.js"></script>
<script src="../../../js/util.js"></script><script src="../../../js/header-search.js"></script><script src="../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../../search"><img src="../../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../../"><li >Home</li></a>
<a href="../../../topics/"><li >Topics</li></a>
<a href="../../../download/"><li >Download</li></a>
<a href="../../../help/"><li >Help</li></a>
<a href="../../../submission/"><li >Submission</li></a>
<a href="../../../statistics/"><li >Statistics</li></a>
<a href="../../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>C</span>omputer <span class='first'>S</span>cience/<span class='first'>P</span>rogramming <span class='first'>L</span>anguages</h1>
<div>
</div>
</header><div><h2>Subject Classification</h2><h3>AMS</h3>
<a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=68N15">Computer science / Theory of software / Theory of programming languages</a><h3>ACM</h3>
<a href="https://dl.acm.org/topic/ccs2012/10011007.10011006.10011008">Software and its engineering~General programming languages</a><h2 class="head">2022</h2><article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../../../entries/Separation_Logic_Unbounded.html">Unbounded Separation Logic</a></h5> <br>by <a href="../../../authors/dardinier">Thibault Dardinier</a></div>
+ <span class="date">
+ Sep 05
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../../../entries/Solidity.html">Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</a></h5> <br>by <a href="../../../authors/marmsoler">Diego Marmsoler</a> and <a href="../../../authors/brucker">Achim D. Brucker</a></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/IMP_Compiler_Reuse.html">A Reuse-Based Multi-Stage Compiler Verification for Language IMP</a></h5> <br>by <a href="../../../authors/noce">Pasquale Noce</a></div>
<span class="date">
Jul 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Combinable_Wands.html">A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</a></h5> <br>by <a href="../../../authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
May 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Package_logic.html">Formalization of a Framework for the Sound Automation of Magic Wands</a></h5> <br>by <a href="../../../authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
May 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/ResiduatedTransitionSystem.html">Residuated Transition Systems</a></h5> <br>by <a href="../../../authors/stark">Eugene W. Stark</a></div>
<span class="date">
Feb 28
</span>
</article>
<h2 class="head">2021</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Registers.html">Quantum and Classical Registers</a></h5> <br>by <a href="../../../authors/unruh">Dominique Unruh</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Correctness_Algebras.html">Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations</a></h5> <br>by <a href="../../../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Dominance_CHK.html">A data flow analysis algorithm for computing dominators</a></h5> <br>by <a href="../../../authors/jiang">Nan Jiang</a></div>
<span class="date">
Sep 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/MiniSail.html">MiniSail - A kernel language for the ISA specification language SAIL</a></h5> <br>by <a href="../../../authors/wassell">Mark Wassell</a></div>
<span class="date">
Jun 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/IMP_Compiler.html">A Shorter Compiler Correctness Proof for Language IMP</a></h5> <br>by <a href="../../../authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/JinjaDCI.html">JinjaDCI: a Java semantics with dynamic class initialization</a></h5> <br>by <a href="../../../authors/mansky">Susannah Mansky</a></div>
<span class="date">
Jan 11
</span>
</article>
<h2 class="head">2020</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Interpreter_Optimizations.html">Inline Caching and Unboxing Optimization for Interpreters</a></h5> <br>by <a href="../../../authors/desharnais">Martin Desharnais</a></div>
<span class="date">
Dec 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Physical_Quantities.html">A Sound Type System for Physical Quantities, Units, and Measurements</a></h5> <br>by <a href="../../../authors/fosters">Simon Foster</a> and <a href="../../../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Oct 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Relational-Incorrectness-Logic.html">An Under-Approximate Relational Logic</a></h5> <br>by <a href="../../../authors/murray">Toby Murray</a></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/VeriComp.html">A Generic Framework for Verified Compilers</a></h5> <br>by <a href="../../../authors/desharnais">Martin Desharnais</a></div>
<span class="date">
Feb 10
</span>
</article>
<h2 class="head">2019</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Isabelle_C.html">Isabelle/C</a></h5> <br>by <a href="../../../authors/tuong">Frédéric Tuong</a> and <a href="../../../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Oct 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Clean.html">Clean - An Abstract Imperative Programming Language and its Theory</a></h5> <br>by <a href="../../../authors/tuong">Frédéric Tuong</a> and <a href="../../../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Oct 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/CakeML_Codegen.html">A Verified Code Generator from Isabelle/HOL to CakeML</a></h5> <br>by <a href="../../../authors/hupel">Lars Hupel</a></div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Differential_Game_Logic.html">Differential Game Logic</a></h5> <br>by <a href="../../../authors/platzer">André Platzer</a></div>
<span class="date">
Jun 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/LambdaAuth.html">Formalization of Generic Authenticated Data Structures</a></h5> <br>by <a href="../../../authors/brun">Matthias Brun</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
May 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Binding_Syntax_Theory.html">A General Theory of Syntax with Bindings</a></h5> <br>by <a href="../../../authors/gheri">Lorenzo Gheri</a> and <a href="../../../authors/popescu">Andrei Popescu</a></div>
<span class="date">
Apr 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/QHLProver.html">Quantum Hoare Logic</a></h5> <br>by <a href="../../../authors/liu">Junyi Liu</a>, <a href="../../../authors/zhan">Bohua Zhan</a>, <a href="../../../authors/wang">Shuling Wang</a>, <a href="../../../authors/ying">Shenggang Ying</a>, <a href="../../../authors/liut">Tao Liu</a>, <a href="../../../authors/liy">Yangjia Li</a>, <a href="../../../authors/yingm">Mingsheng Ying</a> and <a href="../../../authors/zhann">Naijun Zhan</a></div>
<span class="date">
Mar 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Safe_OCL.html">Safe OCL</a></h5> <br>by <a href="../../../authors/nikiforov">Denis Nikiforov</a></div>
<span class="date">
Mar 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/UTP.html">Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming</a></h5> <br>by <a href="../../../authors/fosters">Simon Foster</a>, <a href="../../../authors/zeyda">Frank Zeyda</a>, <a href="../../../authors/nemouchi">Yakoub Nemouchi</a>, <a href="../../../authors/ribeiro">Pedro Ribeiro</a> and <a href="../../../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/IMP2.html">IMP2 – Simple Program Verification in Isabelle/HOL</a></h5> <br>by <a href="../../../authors/lammich">Peter Lammich</a> and <a href="../../../authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Jan 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Higher_Order_Terms.html">An Algebra for Higher-Order Terms</a></h5> <br>by <a href="../../../authors/hupel">Lars Hupel</a></div>
<span class="date">
Jan 15
</span>
</article>
<h2 class="head">2018</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/WebAssembly.html">WebAssembly</a></h5> <br>by <a href="../../../authors/watt">Conrad Watt</a></div>
<span class="date">
Apr 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/CakeML.html">CakeML</a></h5> <br>by <a href="../../../authors/hupel">Lars Hupel</a> and <a href="../../../authors/zhang">Yu Zhang</a></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Hoare_Time.html">Hoare Logics for Time Bounds</a></h5> <br>by <a href="../../../authors/haslbeckm">Maximilian P. L. Haslbeck</a> and <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 26
</span>
</article>
<h2 class="head">2017</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/LambdaMu.html">The LambdaMu-calculus</a></h5> <br>by <a href="../../../authors/matache">Cristina Matache</a>, <a href="../../../authors/gomes">Victor B. F. Gomes</a> and <a href="../../../authors/mulligan">Dominic P. Mulligan</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Decl_Sem_Fun_PL.html">Declarative Semantics for Functional Languages</a></h5> <br>by <a href="../../../authors/siek">Jeremy Siek</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Name_Carrying_Type_Inference.html">Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus</a></h5> <br>by <a href="../../../authors/rawson">Michael Rawson</a></div>
<span class="date">
Jul 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Differential_Dynamic_Logic.html">Differential Dynamic Logic</a></h5> <br>by <a href="../../../authors/bohrer">Rose Bohrer</a></div>
<span class="date">
Feb 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Minimal_SSA.html">Minimal Static Single Assignment Form</a></h5> <br>by <a href="../../../authors/wagner">Max Wagner</a> and <a href="../../../authors/lohner">Denis Lohner</a></div>
<span class="date">
Jan 17
</span>
</article>
<h2 class="head">2016</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Complx.html">COMPLX: A Verification Framework for Concurrent Imperative Programs</a></h5> <br>by <a href="../../../authors/amani">Sidney Amani</a>, <a href="../../../authors/andronick">June Andronick</a>, <a href="../../../authors/bortin">Maksym Bortin</a>, <a href="../../../authors/lewis">Corey Lewis</a>, <a href="../../../authors/rizkallah">Christine Rizkallah</a> and <a href="../../../authors/tuongj">Joseph Tuong</a></div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Complx.html">COMPLX: A Verification Framework for Concurrent Imperative Programs</a></h5> <br>by <a href="../../../authors/amani">Sidney Amani</a>, <a href="../../../authors/andronick">June Andronick</a>, <a href="../../../authors/bortin">Maksym Bortin</a>, <a href="../../../authors/lewis">Corey Lewis</a>, <a href="../../../authors/rizkallah">Christine Rizkallah</a> and <a href="../../../authors/tuongj">Joseph Tuong</a></div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Abs_Int_ITP2012.html">Abstract Interpretation of Annotated Commands</a></h5> <br>by <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Separata.html">Separata: Isabelle tactics for Separation Algebra</a></h5> <br>by <a href="../../../authors/hou">Zhe Hou</a>, <a href="../../../authors/sanan">David Sanan</a>, <a href="../../../authors/tiu">Alwen Tiu</a>, <a href="../../../authors/gore">Rajeev Gore</a> and <a href="../../../authors/clouston">Ranald Clouston</a></div>
<span class="date">
Nov 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/InfPathElimination.html">Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths</a></h5> <br>by <a href="../../../authors/aissat">Romain Aissat</a>, <a href="../../../authors/voisin">Frederic Voisin</a> and <a href="../../../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Aug 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Dependent_SIFUM_Type_Systems.html">A Dependent Security Type System for Concurrent Imperative Programs</a></h5> <br>by <a href="../../../authors/murray">Toby Murray</a>, <a href="../../../authors/sison">Robert Sison</a>, <a href="../../../authors/pierzchalski">Edward Pierzchalski</a> and <a href="../../../authors/rizkallah">Christine Rizkallah</a></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/KAD.html">Kleene Algebras with Domain</a></h5> <br>by <a href="../../../authors/gomes">Victor B. F. Gomes</a>, <a href="../../../authors/guttmann">Walter Guttmann</a>, <a href="../../../authors/hoefner">Peter Höfner</a>, <a href="../../../authors/struth">Georg Struth</a> and <a href="../../../authors/weber">Tjark Weber</a></div>
<span class="date">
Apr 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Formal_SSA.html">Verified Construction of Static Single Assignment Form</a></h5> <br>by <a href="../../../authors/ullrich">Sebastian Ullrich</a> and <a href="../../../authors/lohner">Denis Lohner</a></div>
<span class="date">
Feb 05
</span>
</article>
<h2 class="head">2015</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Isabelle_Meta_Model.html">A Meta-Model for the Isabelle API</a></h5> <br>by <a href="../../../authors/tuong">Frédéric Tuong</a> and <a href="../../../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Case_Labeling.html">Generating Cases from Labeled Subgoals</a></h5> <br>by <a href="../../../authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/ConcurrentIMP.html">Concurrent IMP</a></h5> <br>by <a href="../../../authors/gammie">Peter Gammie</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Call_Arity.html">The Safety of Call Arity</a></h5> <br>by <a href="../../../authors/breitner">Joachim Breitner</a></div>
<span class="date">
Feb 20
</span>
</article>
<h2 class="head">2014</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Density_Compiler.html">A Verified Compiler for Probability Density Functions</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a>, <a href="../../../authors/hoelzl">Johannes Hölzl</a> and <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Oct 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/RefinementReactive.html">Formalization of Refinement Calculus for Reactive Systems</a></h5> <br>by <a href="../../../authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Oct 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/pGCL.html">pGCL for Isabelle</a></h5> <br>by <a href="../../../authors/cock">David Cock</a></div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Pop_Refinement.html">Pop-Refinement</a></h5> <br>by <a href="../../../authors/coglio">Alessandro Coglio</a></div>
<span class="date">
Jul 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Strong_Security.html">A Formalization of Strong Security</a></h5> <br>by <a href="../../../authors/grewe">Sylvia Grewe</a>, <a href="../../../authors/lux">Alexander Lux</a>, <a href="../../../authors/mantel">Heiko Mantel</a> and <a href="../../../authors/sauer">Jens Sauer</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/WHATandWHERE_Security.html">A Formalization of Declassification with WHAT-and-WHERE-Security</a></h5> <br>by <a href="../../../authors/grewe">Sylvia Grewe</a>, <a href="../../../authors/lux">Alexander Lux</a>, <a href="../../../authors/mantel">Heiko Mantel</a> and <a href="../../../authors/sauer">Jens Sauer</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/SIFUM_Type_Systems.html">A Formalization of Assumptions and Guarantees for Compositional Noninterference</a></h5> <br>by <a href="../../../authors/grewe">Sylvia Grewe</a>, <a href="../../../authors/mantel">Heiko Mantel</a> and <a href="../../../authors/schoepe">Daniel Schoepe</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/GPU_Kernel_PL.html">Syntax and semantics of a GPU kernel programming language</a></h5> <br>by <a href="../../../authors/wickerson">John Wickerson</a></div>
<span class="date">
Apr 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/KAT_and_DRA.html">Kleene Algebra with Tests and Demonic Refinement Algebras</a></h5> <br>by <a href="../../../authors/armstrong">Alasdair Armstrong</a>, <a href="../../../authors/gomes">Victor B. F. Gomes</a> and <a href="../../../authors/struth">Georg Struth</a></div>
<span class="date">
Jan 23
</span>
</article>
<h2 class="head">2013</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/FocusStreamsCaseStudies.html">Stream Processing Components: Isabelle/HOL Formalisation and Case Studies</a></h5> <br>by <a href="../../../authors/spichkova">Maria Spichkova</a></div>
<span class="date">
Nov 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Automatic_Refinement.html">Automatic Data Refinement</a></h5> <br>by <a href="../../../authors/lammich">Peter Lammich</a></div>
<span class="date">
Oct 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Launchbury.html">The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</a></h5> <br>by <a href="../../../authors/breitner">Joachim Breitner</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Ribbon_Proofs.html">Ribbon Proofs</a></h5> <br>by <a href="../../../authors/wickerson">John Wickerson</a></div>
<span class="date">
Jan 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Kleene_Algebra.html">Kleene Algebra</a></h5> <br>by <a href="../../../authors/armstrong">Alasdair Armstrong</a>, <a href="../../../authors/struth">Georg Struth</a> and <a href="../../../authors/weber">Tjark Weber</a></div>
<span class="date">
Jan 15
</span>
</article>
<h2 class="head">2012</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Separation_Logic_Imperative_HOL.html">A Separation Logic Framework for Imperative HOL</a></h5> <br>by <a href="../../../authors/lammich">Peter Lammich</a> and <a href="../../../authors/meis">Rene Meis</a></div>
<span class="date">
Nov 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Possibilistic_Noninterference.html">Possibilistic Noninterference</a></h5> <br>by <a href="../../../authors/popescu">Andrei Popescu</a> and <a href="../../../authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/PCF.html">Logical Relations for PCF</a></h5> <br>by <a href="../../../authors/gammie">Peter Gammie</a></div>
<span class="date">
Jul 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Separation_Algebra.html">Separation Algebra</a></h5> <br>by <a href="../../../authors/klein">Gerwin Klein</a>, <a href="../../../authors/kolanski">Rafal Kolanski</a> and <a href="../../../authors/boyton">Andrew Boyton</a></div>
<span class="date">
May 11
</span>
</article>
<h2 class="head">2011</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/TLA.html">A Definitional Encoding of TLA* in Isabelle/HOL</a></h5> <br>by <a href="../../../authors/grov">Gudmund Grov</a> and <a href="../../../authors/merz">Stephan Merz</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/MonoBoolTranAlgebra.html">Algebra of Monotonic Boolean Transformers</a></h5> <br>by <a href="../../../authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/AutoFocus-Stream.html">AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics</a></h5> <br>by <a href="../../../authors/trachtenherz">David Trachtenherz</a></div>
<span class="date">
Feb 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/LightweightJava.html">Lightweight Java</a></h5> <br>by <a href="../../../authors/strnisa">Rok Strniša</a> and <a href="../../../authors/parkinson">Matthew Parkinson</a></div>
<span class="date">
Feb 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/RIPEMD-160-SPARK.html">RIPEMD-160</a></h5> <br>by <a href="../../../authors/immler">Fabian Immler</a></div>
<span class="date">
Jan 10
</span>
</article>
<h2 class="head">2010</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Shivers-CFA.html">Shivers&#39; Control Flow Analysis</a></h5> <br>by <a href="../../../authors/breitner">Joachim Breitner</a></div>
<span class="date">
Nov 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Lam-ml-Normalization.html">Strong Normalization of Moggis&#39;s Computational Metalanguage</a></h5> <br>by <a href="../../../authors/doczkal">Christian Doczkal</a></div>
<span class="date">
Aug 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/DataRefinementIBP.html">Semantics and Data Refinement of Invariant Based Programs</a></h5> <br>by <a href="../../../authors/preoteasa">Viorel Preoteasa</a> and <a href="../../../authors/back">Ralph-Johan Back</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Locally-Nameless-Sigma.html">Locally Nameless Sigma Calculus</a></h5> <br>by <a href="../../../authors/henrio">Ludovic Henrio</a>, <a href="../../../authors/kammueller">Florian Kammüller</a>, <a href="../../../authors/lutz">Bianca Lutz</a> and <a href="../../../authors/sudhof">Henry Sudhof</a></div>
<span class="date">
Apr 30
</span>
</article>
<h2 class="head">2009</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/HRB-Slicing.html">Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer</a></h5> <br>by <a href="../../../authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Nov 13
</span>
</article>
<h2 class="head">2008</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/BytecodeLogicJmlTypes.html">A Bytecode Logic for JML and Types</a></h5> <br>by <a href="../../../authors/beringer">Lennart Beringer</a> and <a href="../../../authors/hofmann">Martin Hofmann</a></div>
<span class="date">
Dec 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/SIFPL.html">Secure information flow and program logics</a></h5> <br>by <a href="../../../authors/beringer">Lennart Beringer</a> and <a href="../../../authors/hofmann">Martin Hofmann</a></div>
<span class="date">
Nov 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Slicing.html">Towards Certified Slicing</a></h5> <br>by <a href="../../../authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/VolpanoSmith.html">A Correctness Proof for the Volpano/Smith Security Typing System</a></h5> <br>by <a href="../../../authors/snelting">Gregor Snelting</a> and <a href="../../../authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Simpl.html">A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</a></h5> <br>by <a href="../../../authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Simpl.html">A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</a></h5> <br>by <a href="../../../authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/NormByEval.html">Normalization by Evaluation</a></h5> <br>by <a href="../../../authors/aehlig">Klaus Aehlig</a> and <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 18
</span>
</article>
<h2 class="head">2007</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Program-Conflict-Analysis.html">Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors</a></h5> <br>by <a href="../../../authors/lammich">Peter Lammich</a> and <a href="../../../authors/olm">Markus Müller-Olm</a></div>
<span class="date">
Dec 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/JinjaThreads.html">Jinja with Threads</a></h5> <br>by <a href="../../../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Dec 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/POPLmark-deBruijn.html">POPLmark Challenge Via de Bruijn Indices</a></h5> <br>by <a href="../../../authors/berghofer">Stefan Berghofer</a></div>
<span class="date">
Aug 02
</span>
</article>
<h2 class="head">2006</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Abstract-Hoare-Logics.html">Abstract Hoare Logics</a></h5> <br>by <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/CoreC&#43;&#43;.html">CoreC&#43;&#43;</a></h5> <br>by <a href="../../../authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
May 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/FeatherweightJava.html">A Theory of Featherweight Java in Isabelle/HOL</a></h5> <br>by <a href="../../../authors/fosterj">J. Nathan Foster</a> and <a href="../../../authors/vytiniotis">Dimitrios Vytiniotis</a></div>
<span class="date">
Mar 31
</span>
</article>
<h2 class="head">2005</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/JiveDataStoreModel.html">Jive Data and Store Model</a></h5> <br>by <a href="../../../authors/rauch">Nicole Rauch</a> and <a href="../../../authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Jun 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Jinja.html">Jinja is not Java</a></h5> <br>by <a href="../../../authors/klein">Gerwin Klein</a> and <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 01
</span>
</article>
<h2 class="head">2004</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Compiling-Exceptions-Correctly.html">Compiling Exceptions Correctly</a></h5> <br>by <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jul 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/MiniML.html">Mini ML</a></h5> <br>by <a href="../../../authors/naraschewski">Wolfgang Naraschewski</a> and <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Mar 19
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/computer-science/programming-languages/index.xml b/web/topics/computer-science/programming-languages/index.xml
--- a/web/topics/computer-science/programming-languages/index.xml
+++ b/web/topics/computer-science/programming-languages/index.xml
@@ -1,829 +1,838 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Computer science/Programming languages on Archive of Formal Proofs</title>
<link>/topics/computer-science/programming-languages/</link>
<description>Recent content in Computer science/Programming languages on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language><atom:link href="/topics/computer-science/programming-languages/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Unbounded Separation Logic</title>
+ <link>/entries/Separation_Logic_Unbounded.html</link>
+ <pubDate>Mon, 05 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Separation_Logic_Unbounded.html</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</title>
<link>/entries/Solidity.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Solidity.html</guid>
<description></description>
</item>
<item>
<title>A Reuse-Based Multi-Stage Compiler Verification for Language IMP</title>
<link>/entries/IMP_Compiler_Reuse.html</link>
<pubDate>Sun, 10 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/IMP_Compiler_Reuse.html</guid>
<description></description>
</item>
<item>
<title>A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</title>
<link>/entries/Combinable_Wands.html</link>
<pubDate>Mon, 30 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Combinable_Wands.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Framework for the Sound Automation of Magic Wands</title>
<link>/entries/Package_logic.html</link>
<pubDate>Wed, 18 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Package_logic.html</guid>
<description></description>
</item>
<item>
<title>Residuated Transition Systems</title>
<link>/entries/ResiduatedTransitionSystem.html</link>
<pubDate>Mon, 28 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/ResiduatedTransitionSystem.html</guid>
<description></description>
</item>
<item>
<title>Quantum and Classical Registers</title>
<link>/entries/Registers.html</link>
<pubDate>Thu, 28 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Registers.html</guid>
<description></description>
</item>
<item>
<title>Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations</title>
<link>/entries/Correctness_Algebras.html</link>
<pubDate>Tue, 12 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Correctness_Algebras.html</guid>
<description></description>
</item>
<item>
<title>A data flow analysis algorithm for computing dominators</title>
<link>/entries/Dominance_CHK.html</link>
<pubDate>Sun, 05 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Dominance_CHK.html</guid>
<description></description>
</item>
<item>
<title>MiniSail - A kernel language for the ISA specification language SAIL</title>
<link>/entries/MiniSail.html</link>
<pubDate>Fri, 18 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/MiniSail.html</guid>
<description></description>
</item>
<item>
<title>A Shorter Compiler Correctness Proof for Language IMP</title>
<link>/entries/IMP_Compiler.html</link>
<pubDate>Fri, 04 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/IMP_Compiler.html</guid>
<description></description>
</item>
<item>
<title>JinjaDCI: a Java semantics with dynamic class initialization</title>
<link>/entries/JinjaDCI.html</link>
<pubDate>Mon, 11 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/JinjaDCI.html</guid>
<description></description>
</item>
<item>
<title>Inline Caching and Unboxing Optimization for Interpreters</title>
<link>/entries/Interpreter_Optimizations.html</link>
<pubDate>Mon, 07 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Interpreter_Optimizations.html</guid>
<description></description>
</item>
<item>
<title>A Sound Type System for Physical Quantities, Units, and Measurements</title>
<link>/entries/Physical_Quantities.html</link>
<pubDate>Tue, 20 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Physical_Quantities.html</guid>
<description></description>
</item>
<item>
<title>An Under-Approximate Relational Logic</title>
<link>/entries/Relational-Incorrectness-Logic.html</link>
<pubDate>Thu, 12 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational-Incorrectness-Logic.html</guid>
<description></description>
</item>
<item>
<title>A Generic Framework for Verified Compilers</title>
<link>/entries/VeriComp.html</link>
<pubDate>Mon, 10 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/VeriComp.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/C</title>
<link>/entries/Isabelle_C.html</link>
<pubDate>Tue, 22 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_C.html</guid>
<description></description>
</item>
<item>
<title>Clean - An Abstract Imperative Programming Language and its Theory</title>
<link>/entries/Clean.html</link>
<pubDate>Fri, 04 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Clean.html</guid>
<description></description>
</item>
<item>
<title>A Verified Code Generator from Isabelle/HOL to CakeML</title>
<link>/entries/CakeML_Codegen.html</link>
<pubDate>Mon, 08 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/CakeML_Codegen.html</guid>
<description></description>
</item>
<item>
<title>Differential Game Logic</title>
<link>/entries/Differential_Game_Logic.html</link>
<pubDate>Mon, 03 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Game_Logic.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Generic Authenticated Data Structures</title>
<link>/entries/LambdaAuth.html</link>
<pubDate>Tue, 14 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/LambdaAuth.html</guid>
<description></description>
</item>
<item>
<title>A General Theory of Syntax with Bindings</title>
<link>/entries/Binding_Syntax_Theory.html</link>
<pubDate>Sat, 06 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/Binding_Syntax_Theory.html</guid>
<description></description>
</item>
<item>
<title>Quantum Hoare Logic</title>
<link>/entries/QHLProver.html</link>
<pubDate>Sun, 24 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/QHLProver.html</guid>
<description></description>
</item>
<item>
<title>Safe OCL</title>
<link>/entries/Safe_OCL.html</link>
<pubDate>Sat, 09 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Safe_OCL.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming</title>
<link>/entries/UTP.html</link>
<pubDate>Fri, 01 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/UTP.html</guid>
<description></description>
</item>
<item>
<title>An Algebra for Higher-Order Terms</title>
<link>/entries/Higher_Order_Terms.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Higher_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>IMP2 – Simple Program Verification in Isabelle/HOL</title>
<link>/entries/IMP2.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2.html</guid>
<description></description>
</item>
<item>
<title>WebAssembly</title>
<link>/entries/WebAssembly.html</link>
<pubDate>Sun, 29 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/WebAssembly.html</guid>
<description></description>
</item>
<item>
<title>CakeML</title>
<link>/entries/CakeML.html</link>
<pubDate>Mon, 12 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/CakeML.html</guid>
<description></description>
</item>
<item>
<title>Hoare Logics for Time Bounds</title>
<link>/entries/Hoare_Time.html</link>
<pubDate>Mon, 26 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hoare_Time.html</guid>
<description></description>
</item>
<item>
<title>The LambdaMu-calculus</title>
<link>/entries/LambdaMu.html</link>
<pubDate>Wed, 16 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/LambdaMu.html</guid>
<description></description>
</item>
<item>
<title>Declarative Semantics for Functional Languages</title>
<link>/entries/Decl_Sem_Fun_PL.html</link>
<pubDate>Fri, 21 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Decl_Sem_Fun_PL.html</guid>
<description></description>
</item>
<item>
<title>Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus</title>
<link>/entries/Name_Carrying_Type_Inference.html</link>
<pubDate>Sun, 09 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Name_Carrying_Type_Inference.html</guid>
<description></description>
</item>
<item>
<title>Differential Dynamic Logic</title>
<link>/entries/Differential_Dynamic_Logic.html</link>
<pubDate>Mon, 13 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Dynamic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Minimal Static Single Assignment Form</title>
<link>/entries/Minimal_SSA.html</link>
<pubDate>Tue, 17 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Minimal_SSA.html</guid>
<description></description>
</item>
<item>
<title>COMPLX: A Verification Framework for Concurrent Imperative Programs</title>
<link>/entries/Complx.html</link>
<pubDate>Tue, 29 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Complx.html</guid>
<description></description>
</item>
<item>
<title>COMPLX: A Verification Framework for Concurrent Imperative Programs</title>
<link>/entries/Complx.html</link>
<pubDate>Tue, 29 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Complx.html</guid>
<description></description>
</item>
<item>
<title>Abstract Interpretation of Annotated Commands</title>
<link>/entries/Abs_Int_ITP2012.html</link>
<pubDate>Wed, 23 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Abs_Int_ITP2012.html</guid>
<description></description>
</item>
<item>
<title>Separata: Isabelle tactics for Separation Algebra</title>
<link>/entries/Separata.html</link>
<pubDate>Wed, 16 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Separata.html</guid>
<description></description>
</item>
<item>
<title>Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths</title>
<link>/entries/InfPathElimination.html</link>
<pubDate>Thu, 18 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/InfPathElimination.html</guid>
<description></description>
</item>
<item>
<title>A Dependent Security Type System for Concurrent Imperative Programs</title>
<link>/entries/Dependent_SIFUM_Type_Systems.html</link>
<pubDate>Sat, 25 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Dependent_SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebras with Domain</title>
<link>/entries/KAD.html</link>
<pubDate>Tue, 12 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/KAD.html</guid>
<description></description>
</item>
<item>
<title>Verified Construction of Static Single Assignment Form</title>
<link>/entries/Formal_SSA.html</link>
<pubDate>Fri, 05 Feb 2016 00:00:00 +0000</pubDate>
<guid>/entries/Formal_SSA.html</guid>
<description></description>
</item>
<item>
<title>A Meta-Model for the Isabelle API</title>
<link>/entries/Isabelle_Meta_Model.html</link>
<pubDate>Wed, 16 Sep 2015 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_Meta_Model.html</guid>
<description></description>
</item>
<item>
<title>Generating Cases from Labeled Subgoals</title>
<link>/entries/Case_Labeling.html</link>
<pubDate>Tue, 21 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Case_Labeling.html</guid>
<description></description>
</item>
<item>
<title>Concurrent IMP</title>
<link>/entries/ConcurrentIMP.html</link>
<pubDate>Mon, 13 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/ConcurrentIMP.html</guid>
<description></description>
</item>
<item>
<title>The Safety of Call Arity</title>
<link>/entries/Call_Arity.html</link>
<pubDate>Fri, 20 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Call_Arity.html</guid>
<description></description>
</item>
<item>
<title>A Verified Compiler for Probability Density Functions</title>
<link>/entries/Density_Compiler.html</link>
<pubDate>Thu, 09 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Density_Compiler.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Refinement Calculus for Reactive Systems</title>
<link>/entries/RefinementReactive.html</link>
<pubDate>Wed, 08 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/RefinementReactive.html</guid>
<description></description>
</item>
<item>
<title>pGCL for Isabelle</title>
<link>/entries/pGCL.html</link>
<pubDate>Sun, 13 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/pGCL.html</guid>
<description></description>
</item>
<item>
<title>Pop-Refinement</title>
<link>/entries/Pop_Refinement.html</link>
<pubDate>Thu, 03 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Pop_Refinement.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Assumptions and Guarantees for Compositional Noninterference</title>
<link>/entries/SIFUM_Type_Systems.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Declassification with WHAT-and-WHERE-Security</title>
<link>/entries/WHATandWHERE_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/WHATandWHERE_Security.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Strong Security</title>
<link>/entries/Strong_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Strong_Security.html</guid>
<description></description>
</item>
<item>
<title>Syntax and semantics of a GPU kernel programming language</title>
<link>/entries/GPU_Kernel_PL.html</link>
<pubDate>Thu, 03 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/GPU_Kernel_PL.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra with Tests and Demonic Refinement Algebras</title>
<link>/entries/KAT_and_DRA.html</link>
<pubDate>Thu, 23 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/KAT_and_DRA.html</guid>
<description></description>
</item>
<item>
<title>Stream Processing Components: Isabelle/HOL Formalisation and Case Studies</title>
<link>/entries/FocusStreamsCaseStudies.html</link>
<pubDate>Thu, 14 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/FocusStreamsCaseStudies.html</guid>
<description></description>
</item>
<item>
<title>Automatic Data Refinement</title>
<link>/entries/Automatic_Refinement.html</link>
<pubDate>Wed, 02 Oct 2013 00:00:00 +0000</pubDate>
<guid>/entries/Automatic_Refinement.html</guid>
<description></description>
</item>
<item>
<title>The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</title>
<link>/entries/Launchbury.html</link>
<pubDate>Thu, 31 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Launchbury.html</guid>
<description></description>
</item>
<item>
<title>Ribbon Proofs</title>
<link>/entries/Ribbon_Proofs.html</link>
<pubDate>Sat, 19 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Ribbon_Proofs.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra</title>
<link>/entries/Kleene_Algebra.html</link>
<pubDate>Tue, 15 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Kleene_Algebra.html</guid>
<description></description>
</item>
<item>
<title>A Separation Logic Framework for Imperative HOL</title>
<link>/entries/Separation_Logic_Imperative_HOL.html</link>
<pubDate>Wed, 14 Nov 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Logic_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Possibilistic Noninterference</title>
<link>/entries/Possibilistic_Noninterference.html</link>
<pubDate>Mon, 10 Sep 2012 00:00:00 +0000</pubDate>
<guid>/entries/Possibilistic_Noninterference.html</guid>
<description></description>
</item>
<item>
<title>Logical Relations for PCF</title>
<link>/entries/PCF.html</link>
<pubDate>Sun, 01 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/PCF.html</guid>
<description></description>
</item>
<item>
<title>Separation Algebra</title>
<link>/entries/Separation_Algebra.html</link>
<pubDate>Fri, 11 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Algebra.html</guid>
<description></description>
</item>
<item>
<title>A Definitional Encoding of TLA* in Isabelle/HOL</title>
<link>/entries/TLA.html</link>
<pubDate>Sat, 19 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/TLA.html</guid>
<description></description>
</item>
<item>
<title>Algebra of Monotonic Boolean Transformers</title>
<link>/entries/MonoBoolTranAlgebra.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/MonoBoolTranAlgebra.html</guid>
<description></description>
</item>
<item>
<title>AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics</title>
<link>/entries/AutoFocus-Stream.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/AutoFocus-Stream.html</guid>
<description></description>
</item>
<item>
<title>Lightweight Java</title>
<link>/entries/LightweightJava.html</link>
<pubDate>Mon, 07 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/LightweightJava.html</guid>
<description></description>
</item>
<item>
<title>RIPEMD-160</title>
<link>/entries/RIPEMD-160-SPARK.html</link>
<pubDate>Mon, 10 Jan 2011 00:00:00 +0000</pubDate>
<guid>/entries/RIPEMD-160-SPARK.html</guid>
<description></description>
</item>
<item>
<title>Shivers&#39; Control Flow Analysis</title>
<link>/entries/Shivers-CFA.html</link>
<pubDate>Tue, 16 Nov 2010 00:00:00 +0000</pubDate>
<guid>/entries/Shivers-CFA.html</guid>
<description></description>
</item>
<item>
<title>Strong Normalization of Moggis&#39;s Computational Metalanguage</title>
<link>/entries/Lam-ml-Normalization.html</link>
<pubDate>Sun, 29 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Lam-ml-Normalization.html</guid>
<description></description>
</item>
<item>
<title>Semantics and Data Refinement of Invariant Based Programs</title>
<link>/entries/DataRefinementIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/DataRefinementIBP.html</guid>
<description></description>
</item>
<item>
<title>Locally Nameless Sigma Calculus</title>
<link>/entries/Locally-Nameless-Sigma.html</link>
<pubDate>Fri, 30 Apr 2010 00:00:00 +0000</pubDate>
<guid>/entries/Locally-Nameless-Sigma.html</guid>
<description></description>
</item>
<item>
<title>Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer</title>
<link>/entries/HRB-Slicing.html</link>
<pubDate>Fri, 13 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/HRB-Slicing.html</guid>
<description></description>
</item>
<item>
<title>A Bytecode Logic for JML and Types</title>
<link>/entries/BytecodeLogicJmlTypes.html</link>
<pubDate>Fri, 12 Dec 2008 00:00:00 +0000</pubDate>
<guid>/entries/BytecodeLogicJmlTypes.html</guid>
<description></description>
</item>
<item>
<title>Secure information flow and program logics</title>
<link>/entries/SIFPL.html</link>
<pubDate>Mon, 10 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SIFPL.html</guid>
<description></description>
</item>
<item>
<title>Towards Certified Slicing</title>
<link>/entries/Slicing.html</link>
<pubDate>Tue, 16 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/Slicing.html</guid>
<description></description>
</item>
<item>
<title>A Correctness Proof for the Volpano/Smith Security Typing System</title>
<link>/entries/VolpanoSmith.html</link>
<pubDate>Tue, 02 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/VolpanoSmith.html</guid>
<description></description>
</item>
<item>
<title>A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</title>
<link>/entries/Simpl.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/Simpl.html</guid>
<description></description>
</item>
<item>
<title>A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</title>
<link>/entries/Simpl.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/Simpl.html</guid>
<description></description>
</item>
<item>
<title>Normalization by Evaluation</title>
<link>/entries/NormByEval.html</link>
<pubDate>Mon, 18 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/NormByEval.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors</title>
<link>/entries/Program-Conflict-Analysis.html</link>
<pubDate>Fri, 14 Dec 2007 00:00:00 +0000</pubDate>
<guid>/entries/Program-Conflict-Analysis.html</guid>
<description></description>
</item>
<item>
<title>Jinja with Threads</title>
<link>/entries/JinjaThreads.html</link>
<pubDate>Mon, 03 Dec 2007 00:00:00 +0000</pubDate>
<guid>/entries/JinjaThreads.html</guid>
<description></description>
</item>
<item>
<title>POPLmark Challenge Via de Bruijn Indices</title>
<link>/entries/POPLmark-deBruijn.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/POPLmark-deBruijn.html</guid>
<description></description>
</item>
<item>
<title>Abstract Hoare Logics</title>
<link>/entries/Abstract-Hoare-Logics.html</link>
<pubDate>Tue, 08 Aug 2006 00:00:00 +0000</pubDate>
<guid>/entries/Abstract-Hoare-Logics.html</guid>
<description></description>
</item>
<item>
<title>CoreC&#43;&#43;</title>
<link>/entries/CoreC&#43;&#43;.html</link>
<pubDate>Mon, 15 May 2006 00:00:00 +0000</pubDate>
<guid>/entries/CoreC&#43;&#43;.html</guid>
<description></description>
</item>
<item>
<title>A Theory of Featherweight Java in Isabelle/HOL</title>
<link>/entries/FeatherweightJava.html</link>
<pubDate>Fri, 31 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/FeatherweightJava.html</guid>
<description></description>
</item>
<item>
<title>Jive Data and Store Model</title>
<link>/entries/JiveDataStoreModel.html</link>
<pubDate>Mon, 20 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/JiveDataStoreModel.html</guid>
<description></description>
</item>
<item>
<title>Jinja is not Java</title>
<link>/entries/Jinja.html</link>
<pubDate>Wed, 01 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/Jinja.html</guid>
<description></description>
</item>
<item>
<title>Compiling Exceptions Correctly</title>
<link>/entries/Compiling-Exceptions-Correctly.html</link>
<pubDate>Fri, 09 Jul 2004 00:00:00 +0000</pubDate>
<guid>/entries/Compiling-Exceptions-Correctly.html</guid>
<description></description>
</item>
<item>
<title>Mini ML</title>
<link>/entries/MiniML.html</link>
<pubDate>Fri, 19 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/MiniML.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/computer-science/programming-languages/logics/index.html b/web/topics/computer-science/programming-languages/logics/index.html
--- a/web/topics/computer-science/programming-languages/logics/index.html
+++ b/web/topics/computer-science/programming-languages/logics/index.html
@@ -1,317 +1,324 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Computer science/Programming languages/Logics - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../../../topics/computer-science/programming-languages/logics/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="Computer science/Programming languages/Logics" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/computer-science/programming-languages/logics/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Computer science/Programming languages/Logics"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../../css/front.min.css">
<link rel="icon" href="../../../../images/favicon.ico" type="image/icon"><script src="../../../../js/obfuscate.js"></script>
<script src="../../../../js/flexsearch.bundle.js"></script>
<script src="../../../../js/scroll-spy.js"></script>
<script src="../../../../js/theory.js"></script>
<script src="../../../../js/util.js"></script><script src="../../../../js/header-search.js"></script><script src="../../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../../" class='logo-link'>
<img src="../../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../../../search"><img src="../../../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../../../" class='logo-link'>
<img src="../../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../../../"><li >Home</li></a>
<a href="../../../../topics/"><li >Topics</li></a>
<a href="../../../../download/"><li >Download</li></a>
<a href="../../../../help/"><li >Help</li></a>
<a href="../../../../submission/"><li >Submission</li></a>
<a href="../../../../statistics/"><li >Statistics</li></a>
<a href="../../../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>C</span>omputer <span class='first'>S</span>cience/<span class='first'>P</span>rogramming <span class='first'>L</span>anguages/<span class='first'>L</span>ogics</h1>
<div>
</div>
</header><div><h2>Subject Classification</h2><h3>ACM</h3>
<a href="https://dl.acm.org/topic/ccs2012/10011007.10011006.10011008.10011009.10011015">Software and its engineering~Constraint and logic languages</a><h2 class="head">2022</h2><article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../../../../entries/Separation_Logic_Unbounded.html">Unbounded Separation Logic</a></h5> <br>by <a href="../../../../authors/dardinier">Thibault Dardinier</a></div>
+ <span class="date">
+ Sep 05
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../../../../entries/Combinable_Wands.html">A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</a></h5> <br>by <a href="../../../../authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
May 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Package_logic.html">Formalization of a Framework for the Sound Automation of Magic Wands</a></h5> <br>by <a href="../../../../authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
May 18
</span>
</article>
<h2 class="head">2021</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Registers.html">Quantum and Classical Registers</a></h5> <br>by <a href="../../../../authors/unruh">Dominique Unruh</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Correctness_Algebras.html">Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations</a></h5> <br>by <a href="../../../../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Oct 12
</span>
</article>
<h2 class="head">2020</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Relational-Incorrectness-Logic.html">An Under-Approximate Relational Logic</a></h5> <br>by <a href="../../../../authors/murray">Toby Murray</a></div>
<span class="date">
Mar 12
</span>
</article>
<h2 class="head">2019</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Differential_Game_Logic.html">Differential Game Logic</a></h5> <br>by <a href="../../../../authors/platzer">André Platzer</a></div>
<span class="date">
Jun 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/QHLProver.html">Quantum Hoare Logic</a></h5> <br>by <a href="../../../../authors/liu">Junyi Liu</a>, <a href="../../../../authors/zhan">Bohua Zhan</a>, <a href="../../../../authors/wang">Shuling Wang</a>, <a href="../../../../authors/ying">Shenggang Ying</a>, <a href="../../../../authors/liut">Tao Liu</a>, <a href="../../../../authors/liy">Yangjia Li</a>, <a href="../../../../authors/yingm">Mingsheng Ying</a> and <a href="../../../../authors/zhann">Naijun Zhan</a></div>
<span class="date">
Mar 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/UTP.html">Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming</a></h5> <br>by <a href="../../../../authors/fosters">Simon Foster</a>, <a href="../../../../authors/zeyda">Frank Zeyda</a>, <a href="../../../../authors/nemouchi">Yakoub Nemouchi</a>, <a href="../../../../authors/ribeiro">Pedro Ribeiro</a> and <a href="../../../../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/IMP2.html">IMP2 – Simple Program Verification in Isabelle/HOL</a></h5> <br>by <a href="../../../../authors/lammich">Peter Lammich</a> and <a href="../../../../authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Jan 15
</span>
</article>
<h2 class="head">2018</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Hoare_Time.html">Hoare Logics for Time Bounds</a></h5> <br>by <a href="../../../../authors/haslbeckm">Maximilian P. L. Haslbeck</a> and <a href="../../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 26
</span>
</article>
<h2 class="head">2017</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Differential_Dynamic_Logic.html">Differential Dynamic Logic</a></h5> <br>by <a href="../../../../authors/bohrer">Rose Bohrer</a></div>
<span class="date">
Feb 13
</span>
</article>
<h2 class="head">2016</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Complx.html">COMPLX: A Verification Framework for Concurrent Imperative Programs</a></h5> <br>by <a href="../../../../authors/amani">Sidney Amani</a>, <a href="../../../../authors/andronick">June Andronick</a>, <a href="../../../../authors/bortin">Maksym Bortin</a>, <a href="../../../../authors/lewis">Corey Lewis</a>, <a href="../../../../authors/rizkallah">Christine Rizkallah</a> and <a href="../../../../authors/tuongj">Joseph Tuong</a></div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Separata.html">Separata: Isabelle tactics for Separation Algebra</a></h5> <br>by <a href="../../../../authors/hou">Zhe Hou</a>, <a href="../../../../authors/sanan">David Sanan</a>, <a href="../../../../authors/tiu">Alwen Tiu</a>, <a href="../../../../authors/gore">Rajeev Gore</a> and <a href="../../../../authors/clouston">Ranald Clouston</a></div>
<span class="date">
Nov 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/KAD.html">Kleene Algebras with Domain</a></h5> <br>by <a href="../../../../authors/gomes">Victor B. F. Gomes</a>, <a href="../../../../authors/guttmann">Walter Guttmann</a>, <a href="../../../../authors/hoefner">Peter Höfner</a>, <a href="../../../../authors/struth">Georg Struth</a> and <a href="../../../../authors/weber">Tjark Weber</a></div>
<span class="date">
Apr 12
</span>
</article>
<h2 class="head">2015</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/ConcurrentIMP.html">Concurrent IMP</a></h5> <br>by <a href="../../../../authors/gammie">Peter Gammie</a></div>
<span class="date">
Apr 13
</span>
</article>
<h2 class="head">2014</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/RefinementReactive.html">Formalization of Refinement Calculus for Reactive Systems</a></h5> <br>by <a href="../../../../authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Oct 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/KAT_and_DRA.html">Kleene Algebra with Tests and Demonic Refinement Algebras</a></h5> <br>by <a href="../../../../authors/armstrong">Alasdair Armstrong</a>, <a href="../../../../authors/gomes">Victor B. F. Gomes</a> and <a href="../../../../authors/struth">Georg Struth</a></div>
<span class="date">
Jan 23
</span>
</article>
<h2 class="head">2013</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Automatic_Refinement.html">Automatic Data Refinement</a></h5> <br>by <a href="../../../../authors/lammich">Peter Lammich</a></div>
<span class="date">
Oct 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Ribbon_Proofs.html">Ribbon Proofs</a></h5> <br>by <a href="../../../../authors/wickerson">John Wickerson</a></div>
<span class="date">
Jan 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Kleene_Algebra.html">Kleene Algebra</a></h5> <br>by <a href="../../../../authors/armstrong">Alasdair Armstrong</a>, <a href="../../../../authors/struth">Georg Struth</a> and <a href="../../../../authors/weber">Tjark Weber</a></div>
<span class="date">
Jan 15
</span>
</article>
<h2 class="head">2012</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Separation_Logic_Imperative_HOL.html">A Separation Logic Framework for Imperative HOL</a></h5> <br>by <a href="../../../../authors/lammich">Peter Lammich</a> and <a href="../../../../authors/meis">Rene Meis</a></div>
<span class="date">
Nov 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Separation_Algebra.html">Separation Algebra</a></h5> <br>by <a href="../../../../authors/klein">Gerwin Klein</a>, <a href="../../../../authors/kolanski">Rafal Kolanski</a> and <a href="../../../../authors/boyton">Andrew Boyton</a></div>
<span class="date">
May 11
</span>
</article>
<h2 class="head">2011</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/TLA.html">A Definitional Encoding of TLA* in Isabelle/HOL</a></h5> <br>by <a href="../../../../authors/grov">Gudmund Grov</a> and <a href="../../../../authors/merz">Stephan Merz</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/MonoBoolTranAlgebra.html">Algebra of Monotonic Boolean Transformers</a></h5> <br>by <a href="../../../../authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Sep 22
</span>
</article>
<h2 class="head">2010</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/DataRefinementIBP.html">Semantics and Data Refinement of Invariant Based Programs</a></h5> <br>by <a href="../../../../authors/preoteasa">Viorel Preoteasa</a> and <a href="../../../../authors/back">Ralph-Johan Back</a></div>
<span class="date">
May 28
</span>
</article>
<h2 class="head">2008</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/BytecodeLogicJmlTypes.html">A Bytecode Logic for JML and Types</a></h5> <br>by <a href="../../../../authors/beringer">Lennart Beringer</a> and <a href="../../../../authors/hofmann">Martin Hofmann</a></div>
<span class="date">
Dec 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/SIFPL.html">Secure information flow and program logics</a></h5> <br>by <a href="../../../../authors/beringer">Lennart Beringer</a> and <a href="../../../../authors/hofmann">Martin Hofmann</a></div>
<span class="date">
Nov 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Simpl.html">A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</a></h5> <br>by <a href="../../../../authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Feb 29
</span>
</article>
<h2 class="head">2006</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Abstract-Hoare-Logics.html">Abstract Hoare Logics</a></h5> <br>by <a href="../../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 08
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/computer-science/programming-languages/logics/index.xml b/web/topics/computer-science/programming-languages/logics/index.xml
--- a/web/topics/computer-science/programming-languages/logics/index.xml
+++ b/web/topics/computer-science/programming-languages/logics/index.xml
@@ -1,271 +1,280 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Computer science/Programming languages/Logics on Archive of Formal Proofs</title>
<link>/topics/computer-science/programming-languages/logics/</link>
<description>Recent content in Computer science/Programming languages/Logics on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language><atom:link href="/topics/computer-science/programming-languages/logics/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Unbounded Separation Logic</title>
+ <link>/entries/Separation_Logic_Unbounded.html</link>
+ <pubDate>Mon, 05 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Separation_Logic_Unbounded.html</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</title>
<link>/entries/Combinable_Wands.html</link>
<pubDate>Mon, 30 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Combinable_Wands.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Framework for the Sound Automation of Magic Wands</title>
<link>/entries/Package_logic.html</link>
<pubDate>Wed, 18 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Package_logic.html</guid>
<description></description>
</item>
<item>
<title>Quantum and Classical Registers</title>
<link>/entries/Registers.html</link>
<pubDate>Thu, 28 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Registers.html</guid>
<description></description>
</item>
<item>
<title>Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations</title>
<link>/entries/Correctness_Algebras.html</link>
<pubDate>Tue, 12 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Correctness_Algebras.html</guid>
<description></description>
</item>
<item>
<title>An Under-Approximate Relational Logic</title>
<link>/entries/Relational-Incorrectness-Logic.html</link>
<pubDate>Thu, 12 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational-Incorrectness-Logic.html</guid>
<description></description>
</item>
<item>
<title>Differential Game Logic</title>
<link>/entries/Differential_Game_Logic.html</link>
<pubDate>Mon, 03 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Game_Logic.html</guid>
<description></description>
</item>
<item>
<title>Quantum Hoare Logic</title>
<link>/entries/QHLProver.html</link>
<pubDate>Sun, 24 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/QHLProver.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming</title>
<link>/entries/UTP.html</link>
<pubDate>Fri, 01 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/UTP.html</guid>
<description></description>
</item>
<item>
<title>IMP2 – Simple Program Verification in Isabelle/HOL</title>
<link>/entries/IMP2.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2.html</guid>
<description></description>
</item>
<item>
<title>Hoare Logics for Time Bounds</title>
<link>/entries/Hoare_Time.html</link>
<pubDate>Mon, 26 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hoare_Time.html</guid>
<description></description>
</item>
<item>
<title>Differential Dynamic Logic</title>
<link>/entries/Differential_Dynamic_Logic.html</link>
<pubDate>Mon, 13 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Dynamic_Logic.html</guid>
<description></description>
</item>
<item>
<title>COMPLX: A Verification Framework for Concurrent Imperative Programs</title>
<link>/entries/Complx.html</link>
<pubDate>Tue, 29 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Complx.html</guid>
<description></description>
</item>
<item>
<title>Separata: Isabelle tactics for Separation Algebra</title>
<link>/entries/Separata.html</link>
<pubDate>Wed, 16 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Separata.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebras with Domain</title>
<link>/entries/KAD.html</link>
<pubDate>Tue, 12 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/KAD.html</guid>
<description></description>
</item>
<item>
<title>Concurrent IMP</title>
<link>/entries/ConcurrentIMP.html</link>
<pubDate>Mon, 13 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/ConcurrentIMP.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Refinement Calculus for Reactive Systems</title>
<link>/entries/RefinementReactive.html</link>
<pubDate>Wed, 08 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/RefinementReactive.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra with Tests and Demonic Refinement Algebras</title>
<link>/entries/KAT_and_DRA.html</link>
<pubDate>Thu, 23 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/KAT_and_DRA.html</guid>
<description></description>
</item>
<item>
<title>Automatic Data Refinement</title>
<link>/entries/Automatic_Refinement.html</link>
<pubDate>Wed, 02 Oct 2013 00:00:00 +0000</pubDate>
<guid>/entries/Automatic_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Ribbon Proofs</title>
<link>/entries/Ribbon_Proofs.html</link>
<pubDate>Sat, 19 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Ribbon_Proofs.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra</title>
<link>/entries/Kleene_Algebra.html</link>
<pubDate>Tue, 15 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Kleene_Algebra.html</guid>
<description></description>
</item>
<item>
<title>A Separation Logic Framework for Imperative HOL</title>
<link>/entries/Separation_Logic_Imperative_HOL.html</link>
<pubDate>Wed, 14 Nov 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Logic_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Separation Algebra</title>
<link>/entries/Separation_Algebra.html</link>
<pubDate>Fri, 11 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Algebra.html</guid>
<description></description>
</item>
<item>
<title>A Definitional Encoding of TLA* in Isabelle/HOL</title>
<link>/entries/TLA.html</link>
<pubDate>Sat, 19 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/TLA.html</guid>
<description></description>
</item>
<item>
<title>Algebra of Monotonic Boolean Transformers</title>
<link>/entries/MonoBoolTranAlgebra.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/MonoBoolTranAlgebra.html</guid>
<description></description>
</item>
<item>
<title>Semantics and Data Refinement of Invariant Based Programs</title>
<link>/entries/DataRefinementIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/DataRefinementIBP.html</guid>
<description></description>
</item>
<item>
<title>A Bytecode Logic for JML and Types</title>
<link>/entries/BytecodeLogicJmlTypes.html</link>
<pubDate>Fri, 12 Dec 2008 00:00:00 +0000</pubDate>
<guid>/entries/BytecodeLogicJmlTypes.html</guid>
<description></description>
</item>
<item>
<title>Secure information flow and program logics</title>
<link>/entries/SIFPL.html</link>
<pubDate>Mon, 10 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SIFPL.html</guid>
<description></description>
</item>
<item>
<title>A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</title>
<link>/entries/Simpl.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/Simpl.html</guid>
<description></description>
</item>
<item>
<title>Abstract Hoare Logics</title>
<link>/entries/Abstract-Hoare-Logics.html</link>
<pubDate>Tue, 08 Aug 2006 00:00:00 +0000</pubDate>
<guid>/entries/Abstract-Hoare-Logics.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/index.html b/web/topics/index.html
--- a/web/topics/index.html
+++ b/web/topics/index.html
@@ -1,120 +1,120 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><meta property="og:title" content="Topics" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Topics"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon"><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>T</span>opics</h1>
<div>
</div>
</header><div>
<h2>Computer science</h2>
<ul><li><h3><a href="../topics/computer-science/algorithms">Algorithms (39)</a></h3></li>
- <ul><li><a href="../topics/computer-science/algorithms/approximation">Approximation (2)</a></li><li><a href="../topics/computer-science/algorithms/concurrent">Concurrent (1)</a></li><li><a href="../topics/computer-science/algorithms/distributed">Distributed (13)</a></li><li><a href="../topics/computer-science/algorithms/geometry">Geometry (1)</a></li><li><a href="../topics/computer-science/algorithms/graph">Graph (14)</a></li><li><a href="../topics/computer-science/algorithms/mathematical">Mathematical (20)</a></li><li><a href="../topics/computer-science/algorithms/online">Online (1)</a></li><li><a href="../topics/computer-science/algorithms/optimization">Optimization (1)</a></li><li><a href="../topics/computer-science/algorithms/quantum-computing">Quantum computing (3)</a></li></ul><li><h3><a href="../topics/computer-science/artificial-intelligence">Artificial intelligence (2)</a></h3></li>
+ <ul><li><a href="../topics/computer-science/algorithms/approximation">Approximation (2)</a></li><li><a href="../topics/computer-science/algorithms/concurrent">Concurrent (1)</a></li><li><a href="../topics/computer-science/algorithms/distributed">Distributed (13)</a></li><li><a href="../topics/computer-science/algorithms/geometry">Geometry (1)</a></li><li><a href="../topics/computer-science/algorithms/graph">Graph (15)</a></li><li><a href="../topics/computer-science/algorithms/mathematical">Mathematical (20)</a></li><li><a href="../topics/computer-science/algorithms/online">Online (1)</a></li><li><a href="../topics/computer-science/algorithms/optimization">Optimization (1)</a></li><li><a href="../topics/computer-science/algorithms/quantum-computing">Quantum computing (3)</a></li></ul><li><h3><a href="../topics/computer-science/artificial-intelligence">Artificial intelligence (2)</a></h3></li>
<ul></ul><li><h3><a href="../topics/computer-science/automata-and-formal-languages">Automata and formal languages (50)</a></h3></li>
<ul></ul><li><h3><a href="../topics/computer-science/concurrency">Concurrency (6)</a></h3></li>
<ul><li><a href="../topics/computer-science/concurrency/process-calculi">Process calculi (13)</a></li></ul><li><h3><a href="../topics/computer-science/data-structures">Data structures (65)</a></h3></li>
<ul></ul><li><h3><a href="../topics/computer-science/functional-programming">Functional programming (24)</a></h3></li>
<ul></ul><li><h3><a href="../topics/computer-science/hardware">Hardware (2)</a></h3></li>
<ul></ul><li><h3><a href="../topics/computer-science/machine-learning">Machine learning (2)</a></h3></li>
<ul></ul><li><h3><a href="../topics/computer-science/networks">Networks (7)</a></h3></li>
<ul></ul><li><h3><a href="../topics/computer-science/programming-languages">Programming languages (3)</a></h3></li>
- <ul><li><a href="../topics/computer-science/programming-languages/compiling">Compiling (9)</a></li><li><a href="../topics/computer-science/programming-languages/lambda-calculi">Lambda calculi (9)</a></li><li><a href="../topics/computer-science/programming-languages/language-definitions">Language definitions (18)</a></li><li><a href="../topics/computer-science/programming-languages/logics">Logics (29)</a></li><li><a href="../topics/computer-science/programming-languages/misc">Misc (4)</a></li><li><a href="../topics/computer-science/programming-languages/static-analysis">Static analysis (9)</a></li><li><a href="../topics/computer-science/programming-languages/type-systems">Type systems (10)</a></li></ul><li><h3><a href="../topics/computer-science/security">Security (46)</a></h3></li>
+ <ul><li><a href="../topics/computer-science/programming-languages/compiling">Compiling (9)</a></li><li><a href="../topics/computer-science/programming-languages/lambda-calculi">Lambda calculi (9)</a></li><li><a href="../topics/computer-science/programming-languages/language-definitions">Language definitions (18)</a></li><li><a href="../topics/computer-science/programming-languages/logics">Logics (30)</a></li><li><a href="../topics/computer-science/programming-languages/misc">Misc (4)</a></li><li><a href="../topics/computer-science/programming-languages/static-analysis">Static analysis (9)</a></li><li><a href="../topics/computer-science/programming-languages/type-systems">Type systems (10)</a></li></ul><li><h3><a href="../topics/computer-science/security">Security (46)</a></h3></li>
<ul><li><a href="../topics/computer-science/security/cryptography">Cryptography (7)</a></li></ul><li><h3><a href="../topics/computer-science/semantics-and-reasoning">Semantics and reasoning (14)</a></h3></li>
<ul></ul><li><h3><a href="../topics/computer-science/system-description-languages">System description languages (7)</a></h3></li>
<ul></ul></ul><h2>Logic</h2>
<ul><li><h3><a href="../topics/logic/computability">Computability (6)</a></h3></li>
<ul></ul><li><h3><a href="../topics/logic/general-logic">General logic (2)</a></h3></li>
- <ul><li><a href="../topics/logic/general-logic/classical-first-order-logic">Classical first-order logic (5)</a></li><li><a href="../topics/logic/general-logic/classical-propositional-logic">Classical propositional logic (1)</a></li><li><a href="../topics/logic/general-logic/decidability-of-theories">Decidability of theories (4)</a></li><li><a href="../topics/logic/general-logic/logics-of-knowledge-and-belief">Logics of knowledge and belief (5)</a></li><li><a href="../topics/logic/general-logic/mechanization-of-proofs">Mechanization of proofs (13)</a></li><li><a href="../topics/logic/general-logic/modal-logic">Modal logic (6)</a></li><li><a href="../topics/logic/general-logic/paraconsistent-logics">Paraconsistent logics (1)</a></li><li><a href="../topics/logic/general-logic/temporal-logic">Temporal logic (6)</a></li></ul><li><h3><a href="../topics/logic/philosophical-aspects">Philosophical aspects (10)</a></h3></li>
- <ul></ul><li><h3><a href="../topics/logic/proof-theory">Proof theory (19)</a></h3></li>
+ <ul><li><a href="../topics/logic/general-logic/classical-first-order-logic">Classical first-order logic (5)</a></li><li><a href="../topics/logic/general-logic/classical-propositional-logic">Classical propositional logic (2)</a></li><li><a href="../topics/logic/general-logic/decidability-of-theories">Decidability of theories (4)</a></li><li><a href="../topics/logic/general-logic/logics-of-knowledge-and-belief">Logics of knowledge and belief (5)</a></li><li><a href="../topics/logic/general-logic/mechanization-of-proofs">Mechanization of proofs (13)</a></li><li><a href="../topics/logic/general-logic/modal-logic">Modal logic (6)</a></li><li><a href="../topics/logic/general-logic/paraconsistent-logics">Paraconsistent logics (1)</a></li><li><a href="../topics/logic/general-logic/temporal-logic">Temporal logic (6)</a></li></ul><li><h3><a href="../topics/logic/philosophical-aspects">Philosophical aspects (10)</a></h3></li>
+ <ul></ul><li><h3><a href="../topics/logic/proof-theory">Proof theory (20)</a></h3></li>
<ul></ul><li><h3><a href="../topics/logic/rewriting">Rewriting (18)</a></h3></li>
<ul></ul><li><h3><a href="../topics/logic/set-theory">Set theory (12)</a></h3></li>
<ul></ul></ul><h2>Mathematics</h2>
- <ul><li><h3><a href="../topics/mathematics/algebra">Algebra (77)</a></h3></li>
+ <ul><li><h3><a href="../topics/mathematics/algebra">Algebra (78)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/analysis">Analysis (52)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/category-theory">Category theory (9)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/combinatorics">Combinatorics (32)</a></h3></li>
- <ul></ul><li><h3><a href="../topics/mathematics/games-and-economics">Games and economics (14)</a></h3></li>
+ <ul></ul><li><h3><a href="../topics/mathematics/games-and-economics">Games and economics (15)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/geometry">Geometry (21)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/graph-theory">Graph theory (22)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/measure-and-integration">Measure and integration (1)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/misc">Misc (3)</a></h3></li>
- <ul></ul><li><h3><a href="../topics/mathematics/number-theory">Number theory (39)</a></h3></li>
+ <ul></ul><li><h3><a href="../topics/mathematics/number-theory">Number theory (40)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/order">Order (6)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/physics">Physics (4)</a></h3></li>
<ul><li><a href="../topics/mathematics/physics/quantum-information">Quantum information (2)</a></li></ul><li><h3><a href="../topics/mathematics/probability-theory">Probability theory (19)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/topology">Topology (5)</a></h3></li>
<ul></ul></ul><h2><a href="../topics/tools">Tools (21)</a></h2>
<ul></ul>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/logic/general-logic/classical-propositional-logic/index.html b/web/topics/logic/general-logic/classical-propositional-logic/index.html
--- a/web/topics/logic/general-logic/classical-propositional-logic/index.html
+++ b/web/topics/logic/general-logic/classical-propositional-logic/index.html
@@ -1,93 +1,102 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Logic/General logic/Classical propositional logic - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../../../topics/logic/general-logic/classical-propositional-logic/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="Logic/General logic/Classical propositional logic" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/logic/general-logic/classical-propositional-logic/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Logic/General logic/Classical propositional logic"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../../css/front.min.css">
<link rel="icon" href="../../../../images/favicon.ico" type="image/icon"><script src="../../../../js/obfuscate.js"></script>
<script src="../../../../js/flexsearch.bundle.js"></script>
<script src="../../../../js/scroll-spy.js"></script>
<script src="../../../../js/theory.js"></script>
<script src="../../../../js/util.js"></script><script src="../../../../js/header-search.js"></script><script src="../../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../../" class='logo-link'>
<img src="../../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../../../search"><img src="../../../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../../../" class='logo-link'>
<img src="../../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../../../"><li >Home</li></a>
<a href="../../../../topics/"><li >Topics</li></a>
<a href="../../../../download/"><li >Download</li></a>
<a href="../../../../help/"><li >Help</li></a>
<a href="../../../../submission/"><li >Submission</li></a>
<a href="../../../../statistics/"><li >Statistics</li></a>
<a href="../../../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>L</span>ogic/<span class='first'>G</span>eneral <span class='first'>L</span>ogic/<span class='first'>C</span>lassical <span class='first'>P</span>ropositional <span class='first'>L</span>ogic</h1>
<div>
</div>
</header><div><h2>Subject Classification</h2><h3>AMS</h3>
-<a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=03B05">Mathematical logic and foundations / General logic / Classical propositional logic</a><h2 class="head">2010</h2><article class="entry">
+<a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=03B05">Mathematical logic and foundations / General logic / Classical propositional logic</a><h2 class="head">2022</h2><article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../../../entries/Implicational_Logic.html">Soundness and Completeness of Implicational Logic</a></h5> <br>by <a href="../../../../authors/from">Asta Halkjær From</a> and <a href="../../../../authors/villadsen">Jørgen Villadsen</a></div>
+ <span class="date">
+ Sep 13
+ </span>
+</article>
+
+
+<h2 class="head">2010</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../../entries/Free-Boolean-Algebra.html">Free Boolean Algebra</a></h5> <br>by <a href="../../../../authors/huffman">Brian Huffman</a></div>
<span class="date">
Mar 29
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/logic/general-logic/classical-propositional-logic/index.xml b/web/topics/logic/general-logic/classical-propositional-logic/index.xml
--- a/web/topics/logic/general-logic/classical-propositional-logic/index.xml
+++ b/web/topics/logic/general-logic/classical-propositional-logic/index.xml
@@ -1,19 +1,28 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Logic/General logic/Classical propositional logic on Archive of Formal Proofs</title>
<link>/topics/logic/general-logic/classical-propositional-logic/</link>
<description>Recent content in Logic/General logic/Classical propositional logic on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language><atom:link href="/topics/logic/general-logic/classical-propositional-logic/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Soundness and Completeness of Implicational Logic</title>
+ <link>/entries/Implicational_Logic.html</link>
+ <pubDate>Tue, 13 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Implicational_Logic.html</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Free Boolean Algebra</title>
<link>/entries/Free-Boolean-Algebra.html</link>
<pubDate>Mon, 29 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/Free-Boolean-Algebra.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/logic/general-logic/index.html b/web/topics/logic/general-logic/index.html
--- a/web/topics/logic/general-logic/index.html
+++ b/web/topics/logic/general-logic/index.html
@@ -1,417 +1,424 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Logic/General logic - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../../topics/logic/general-logic/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="Logic/General logic" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/logic/general-logic/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Logic/General logic"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../css/front.min.css">
<link rel="icon" href="../../../images/favicon.ico" type="image/icon"><script src="../../../js/obfuscate.js"></script>
<script src="../../../js/flexsearch.bundle.js"></script>
<script src="../../../js/scroll-spy.js"></script>
<script src="../../../js/theory.js"></script>
<script src="../../../js/util.js"></script><script src="../../../js/header-search.js"></script><script src="../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../../search"><img src="../../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../../"><li >Home</li></a>
<a href="../../../topics/"><li >Topics</li></a>
<a href="../../../download/"><li >Download</li></a>
<a href="../../../help/"><li >Help</li></a>
<a href="../../../submission/"><li >Submission</li></a>
<a href="../../../statistics/"><li >Statistics</li></a>
<a href="../../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>L</span>ogic/<span class='first'>G</span>eneral <span class='first'>L</span>ogic</h1>
<div>
</div>
</header><div><h2>Subject Classification</h2><h3>AMS</h3>
<a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=03Bxx">Mathematical logic and foundations / General logic</a><h2 class="head">2022</h2><article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../../../entries/Implicational_Logic.html">Soundness and Completeness of Implicational Logic</a></h5> <br>by <a href="../../../authors/from">Asta Halkjær From</a> and <a href="../../../authors/villadsen">Jørgen Villadsen</a></div>
+ <span class="date">
+ Sep 13
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../../../entries/FOL_Seq_Calc3.html">A Naive Prover for First-Order Logic</a></h5> <br>by <a href="../../../authors/from">Asta Halkjær From</a></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/FOL_Seq_Calc3.html">A Naive Prover for First-Order Logic</a></h5> <br>by <a href="../../../authors/from">Asta Halkjær From</a></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Eval_FO.html">First-Order Query Evaluation</a></h5> <br>by <a href="../../../authors/raszyk">Martin Raszyk</a></div>
<span class="date">
Feb 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/FOL_Seq_Calc2.html">A Sequent Calculus Prover for First-Order Logic with Functions</a></h5> <br>by <a href="../../../authors/from">Asta Halkjær From</a> and <a href="../../../authors/jacobsen">Frederik Krogsdal Jacobsen</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/FOL_Seq_Calc2.html">A Sequent Calculus Prover for First-Order Logic with Functions</a></h5> <br>by <a href="../../../authors/from">Asta Halkjær From</a> and <a href="../../../authors/jacobsen">Frederik Krogsdal Jacobsen</a></div>
<span class="date">
Jan 31
</span>
</article>
<h2 class="head">2021</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/SimplifiedOntologicalArgument.html">Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</a></h5> <br>by <a href="../../../authors/benzmueller">Christoph Benzmüller</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/PAL.html">Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL</a></h5> <br>by <a href="../../../authors/benzmueller">Christoph Benzmüller</a> and <a href="../../../authors/reiche">Sebastian Reiche</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Belief_Revision.html">Belief Revision Theory</a></h5> <br>by <a href="../../../authors/fouillard">Valentin Fouillard</a>, <a href="../../../authors/taha">Safouan Taha</a>, <a href="../../../authors/boulanger">Frédéric Boulanger</a> and <a href="../../../authors/sabouret">Nicolas Sabouret</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/FOL_Axiomatic.html">Soundness and Completeness of an Axiomatic System for First-Order Logic</a></h5> <br>by <a href="../../../authors/from">Asta Halkjær From</a></div>
<span class="date">
Sep 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Public_Announcement_Logic.html">Public Announcement Logic</a></h5> <br>by <a href="../../../authors/from">Asta Halkjær From</a></div>
<span class="date">
Jun 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Metalogic_ProofChecker.html">Isabelle&#39;s Metalogic: Formalization and Proof Checker</a></h5> <br>by <a href="../../../authors/nipkow">Tobias Nipkow</a> and <a href="../../../authors/rosskopf">Simon Roßkopf</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Blue_Eyes.html">Solution to the xkcd Blue Eyes puzzle</a></h5> <br>by <a href="../../../authors/kadzioka">Maya Kądziołka</a></div>
<span class="date">
Jan 30
</span>
</article>
<h2 class="head">2020</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Topological_Semantics.html">Topological semantics for paraconsistent and paracomplete logics</a></h5> <br>by <a href="../../../authors/fuenmayor">David Fuenmayor</a></div>
<span class="date">
Dec 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Saturation_Framework_Extensions.html">Extensions to the Comprehensive Framework for Saturation Theorem Proving</a></h5> <br>by <a href="../../../authors/blanchette">Jasmin Christian Blanchette</a> and <a href="../../../authors/tourret">Sophie Tourret</a></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/LTL_Normal_Form.html">An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</a></h5> <br>by <a href="../../../authors/sickert">Salomon Sickert</a></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/MFODL_Monitor_Optimized.html">Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</a></h5> <br>by <a href="../../../authors/dardinier">Thibault Dardinier</a>, <a href="../../../authors/heimes">Lukas Heimes</a>, <a href="../../../authors/raszyk">Martin Raszyk</a>, <a href="../../../authors/schneider">Joshua Schneider</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Saturation_Framework.html">A Comprehensive Framework for Saturation Theorem Proving</a></h5> <br>by <a href="../../../authors/tourret">Sophie Tourret</a></div>
<span class="date">
Apr 09
</span>
</article>
<h2 class="head">2019</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Hybrid_Logic.html">Formalizing a Seligman-Style Tableau System for Hybrid Logic</a></h5> <br>by <a href="../../../authors/from">Asta Halkjær From</a></div>
<span class="date">
Dec 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/MFOTL_Monitor.html">Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</a></h5> <br>by <a href="../../../authors/schneider">Joshua Schneider</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Binding_Syntax_Theory.html">A General Theory of Syntax with Bindings</a></h5> <br>by <a href="../../../authors/gheri">Lorenzo Gheri</a> and <a href="../../../authors/popescu">Andrei Popescu</a></div>
<span class="date">
Apr 06
</span>
</article>
<h2 class="head">2018</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Functional_Ordered_Resolution_Prover.html">A Verified Functional Implementation of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</a></h5> <br>by <a href="../../../authors/schlichtkrull">Anders Schlichtkrull</a>, <a href="../../../authors/blanchette">Jasmin Christian Blanchette</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Epistemic_Logic.html">Epistemic Logic: Completeness of Modal Logics</a></h5> <br>by <a href="../../../authors/from">Asta Halkjær From</a></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Ordered_Resolution_Prover.html">Formalization of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</a></h5> <br>by <a href="../../../authors/schlichtkrull">Anders Schlichtkrull</a>, <a href="../../../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../../../authors/traytel">Dmitriy Traytel</a> and <a href="../../../authors/waldmann">Uwe Waldmann</a></div>
<span class="date">
Jan 18
</span>
</article>
<h2 class="head">2017</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Hybrid_Multi_Lane_Spatial_Logic.html">Hybrid Multi-Lane Spatial Logic</a></h5> <br>by <a href="../../../authors/linker">Sven Linker</a></div>
<span class="date">
Nov 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Differential_Dynamic_Logic.html">Differential Dynamic Logic</a></h5> <br>by <a href="../../../authors/bohrer">Rose Bohrer</a></div>
<span class="date">
Feb 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/FOL_Harrison.html">First-Order Logic According to Harrison</a></h5> <br>by <a href="../../../authors/jensen">Alexander Birch Jensen</a>, <a href="../../../authors/schlichtkrull">Anders Schlichtkrull</a> and <a href="../../../authors/villadsen">Jørgen Villadsen</a></div>
<span class="date">
Jan 01
</span>
</article>
<h2 class="head">2016</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Paraconsistency.html">Paraconsistency</a></h5> <br>by <a href="../../../authors/schlichtkrull">Anders Schlichtkrull</a> and <a href="../../../authors/villadsen">Jørgen Villadsen</a></div>
<span class="date">
Dec 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Modal_Logics_for_NTS.html">Modal Logics for Nominal Transition Systems</a></h5> <br>by <a href="../../../authors/weber">Tjark Weber</a>, <a href="../../../authors/eriksson">Lars-Henrik Eriksson</a>, <a href="../../../authors/parrow">Joachim Parrow</a>, <a href="../../../authors/borgstroem">Johannes Borgström</a> and <a href="../../../authors/gutkovas">Ramunas Gutkovas</a></div>
<span class="date">
Oct 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Allen_Calculus.html">Allen&#39;s Interval Calculus</a></h5> <br>by <a href="../../../authors/ghourabi">Fadoua Ghourabi</a></div>
<span class="date">
Sep 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Resolution_FOL.html">The Resolution Calculus for First-Order Logic</a></h5> <br>by <a href="../../../authors/schlichtkrull">Anders Schlichtkrull</a></div>
<span class="date">
Jun 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/PropResPI.html">Propositional Resolution and Prime Implicates Generation</a></h5> <br>by <a href="../../../authors/peltier">Nicolas Peltier</a></div>
<span class="date">
Mar 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/LTL.html">Linear Temporal Logic</a></h5> <br>by <a href="../../../authors/sickert">Salomon Sickert</a></div>
<span class="date">
Mar 01
</span>
</article>
<h2 class="head">2015</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Formula_Derivatives.html">Derivatives of Logical Formulas</a></h5> <br>by <a href="../../../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
May 28
</span>
</article>
<h2 class="head">2014</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/MSO_Regex_Equivalence.html">Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</a></h5> <br>by <a href="../../../authors/traytel">Dmitriy Traytel</a> and <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Boolean_Expression_Checkers.html">Boolean Expression Checkers</a></h5> <br>by <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/HyperCTL.html">A shallow embedding of HyperCTL*</a></h5> <br>by <a href="../../../authors/rabe">Markus N. Rabe</a>, <a href="../../../authors/lammich">Peter Lammich</a> and <a href="../../../authors/popescu">Andrei Popescu</a></div>
<span class="date">
Apr 16
</span>
</article>
<h2 class="head">2013</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Sort_Encodings.html">Sound and Complete Sort Encodings for First-Order Logic</a></h5> <br>by <a href="../../../authors/blanchette">Jasmin Christian Blanchette</a> and <a href="../../../authors/popescu">Andrei Popescu</a></div>
<span class="date">
Jun 27
</span>
</article>
<h2 class="head">2011</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Nat-Interval-Logic.html">Interval Temporal Logic on Natural Numbers</a></h5> <br>by <a href="../../../authors/trachtenherz">David Trachtenherz</a></div>
<span class="date">
Feb 23
</span>
</article>
<h2 class="head">2010</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Free-Boolean-Algebra.html">Free Boolean Algebra</a></h5> <br>by <a href="../../../authors/huffman">Brian Huffman</a></div>
<span class="date">
Mar 29
</span>
</article>
<h2 class="head">2009</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Presburger-Automata.html">Formalizing the Logic-Automaton Connection</a></h5> <br>by <a href="../../../authors/berghofer">Stefan Berghofer</a> and <a href="../../../authors/reiter">Markus Reiter</a></div>
<span class="date">
Dec 03
</span>
</article>
<h2 class="head">2008</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/LinearQuantifierElim.html">Quantifier Elimination for Linear Arithmetic</a></h5> <br>by <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jan 11
</span>
</article>
<h2 class="head">2007</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/FOL-Fitting.html">First-Order Logic According to Fitting</a></h5> <br>by <a href="../../../authors/berghofer">Stefan Berghofer</a></div>
<span class="date">
Aug 02
</span>
</article>
<h2 class="head">2004</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Verified-Prover.html">A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic</a></h5> <br>by <a href="../../../authors/ridge">Tom Ridge</a></div>
<span class="date">
Sep 28
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/logic/general-logic/index.xml b/web/topics/logic/general-logic/index.xml
--- a/web/topics/logic/general-logic/index.xml
+++ b/web/topics/logic/general-logic/index.xml
@@ -1,397 +1,406 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Logic/General logic on Archive of Formal Proofs</title>
<link>/topics/logic/general-logic/</link>
<description>Recent content in Logic/General logic on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language><atom:link href="/topics/logic/general-logic/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Soundness and Completeness of Implicational Logic</title>
+ <link>/entries/Implicational_Logic.html</link>
+ <pubDate>Tue, 13 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Implicational_Logic.html</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>A Naive Prover for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc3.html</link>
<pubDate>Tue, 22 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc3.html</guid>
<description></description>
</item>
<item>
<title>A Naive Prover for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc3.html</link>
<pubDate>Tue, 22 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc3.html</guid>
<description></description>
</item>
<item>
<title>First-Order Query Evaluation</title>
<link>/entries/Eval_FO.html</link>
<pubDate>Tue, 15 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Eval_FO.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus Prover for First-Order Logic with Functions</title>
<link>/entries/FOL_Seq_Calc2.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc2.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus Prover for First-Order Logic with Functions</title>
<link>/entries/FOL_Seq_Calc2.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc2.html</guid>
<description></description>
</item>
<item>
<title>Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL</title>
<link>/entries/PAL.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/PAL.html</guid>
<description></description>
</item>
<item>
<title>Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</title>
<link>/entries/SimplifiedOntologicalArgument.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/SimplifiedOntologicalArgument.html</guid>
<description></description>
</item>
<item>
<title>Belief Revision Theory</title>
<link>/entries/Belief_Revision.html</link>
<pubDate>Tue, 19 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Belief_Revision.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of an Axiomatic System for First-Order Logic</title>
<link>/entries/FOL_Axiomatic.html</link>
<pubDate>Fri, 24 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Axiomatic.html</guid>
<description></description>
</item>
<item>
<title>Public Announcement Logic</title>
<link>/entries/Public_Announcement_Logic.html</link>
<pubDate>Thu, 17 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/Public_Announcement_Logic.html</guid>
<description></description>
</item>
<item>
<title>Isabelle&#39;s Metalogic: Formalization and Proof Checker</title>
<link>/entries/Metalogic_ProofChecker.html</link>
<pubDate>Tue, 27 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Metalogic_ProofChecker.html</guid>
<description></description>
</item>
<item>
<title>Solution to the xkcd Blue Eyes puzzle</title>
<link>/entries/Blue_Eyes.html</link>
<pubDate>Sat, 30 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/Blue_Eyes.html</guid>
<description></description>
</item>
<item>
<title>Topological semantics for paraconsistent and paracomplete logics</title>
<link>/entries/Topological_Semantics.html</link>
<pubDate>Thu, 17 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Topological_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Extensions to the Comprehensive Framework for Saturation Theorem Proving</title>
<link>/entries/Saturation_Framework_Extensions.html</link>
<pubDate>Tue, 25 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Saturation_Framework_Extensions.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</title>
<link>/entries/LTL_Normal_Form.html</link>
<pubDate>Fri, 08 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>A Comprehensive Framework for Saturation Theorem Proving</title>
<link>/entries/Saturation_Framework.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Saturation_Framework.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</title>
<link>/entries/MFODL_Monitor_Optimized.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/MFODL_Monitor_Optimized.html</guid>
<description></description>
</item>
<item>
<title>Formalizing a Seligman-Style Tableau System for Hybrid Logic</title>
<link>/entries/Hybrid_Logic.html</link>
<pubDate>Fri, 20 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Logic.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</title>
<link>/entries/MFOTL_Monitor.html</link>
<pubDate>Thu, 04 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/MFOTL_Monitor.html</guid>
<description></description>
</item>
<item>
<title>A General Theory of Syntax with Bindings</title>
<link>/entries/Binding_Syntax_Theory.html</link>
<pubDate>Sat, 06 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/Binding_Syntax_Theory.html</guid>
<description></description>
</item>
<item>
<title>A Verified Functional Implementation of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</title>
<link>/entries/Functional_Ordered_Resolution_Prover.html</link>
<pubDate>Fri, 23 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Functional_Ordered_Resolution_Prover.html</guid>
<description></description>
</item>
<item>
<title>Epistemic Logic: Completeness of Modal Logics</title>
<link>/entries/Epistemic_Logic.html</link>
<pubDate>Mon, 29 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Epistemic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</title>
<link>/entries/Ordered_Resolution_Prover.html</link>
<pubDate>Thu, 18 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Ordered_Resolution_Prover.html</guid>
<description></description>
</item>
<item>
<title>Hybrid Multi-Lane Spatial Logic</title>
<link>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</link>
<pubDate>Mon, 06 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</guid>
<description></description>
</item>
<item>
<title>Differential Dynamic Logic</title>
<link>/entries/Differential_Dynamic_Logic.html</link>
<pubDate>Mon, 13 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Dynamic_Logic.html</guid>
<description></description>
</item>
<item>
<title>First-Order Logic According to Harrison</title>
<link>/entries/FOL_Harrison.html</link>
<pubDate>Sun, 01 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Harrison.html</guid>
<description></description>
</item>
<item>
<title>Paraconsistency</title>
<link>/entries/Paraconsistency.html</link>
<pubDate>Wed, 07 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Paraconsistency.html</guid>
<description></description>
</item>
<item>
<title>Modal Logics for Nominal Transition Systems</title>
<link>/entries/Modal_Logics_for_NTS.html</link>
<pubDate>Tue, 25 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Modal_Logics_for_NTS.html</guid>
<description></description>
</item>
<item>
<title>Allen&#39;s Interval Calculus</title>
<link>/entries/Allen_Calculus.html</link>
<pubDate>Thu, 29 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Allen_Calculus.html</guid>
<description></description>
</item>
<item>
<title>The Resolution Calculus for First-Order Logic</title>
<link>/entries/Resolution_FOL.html</link>
<pubDate>Thu, 30 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Resolution_FOL.html</guid>
<description></description>
</item>
<item>
<title>Propositional Resolution and Prime Implicates Generation</title>
<link>/entries/PropResPI.html</link>
<pubDate>Fri, 11 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/PropResPI.html</guid>
<description></description>
</item>
<item>
<title>Linear Temporal Logic</title>
<link>/entries/LTL.html</link>
<pubDate>Tue, 01 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/LTL.html</guid>
<description></description>
</item>
<item>
<title>Derivatives of Logical Formulas</title>
<link>/entries/Formula_Derivatives.html</link>
<pubDate>Thu, 28 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Formula_Derivatives.html</guid>
<description></description>
</item>
<item>
<title>Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</title>
<link>/entries/MSO_Regex_Equivalence.html</link>
<pubDate>Thu, 12 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/MSO_Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Boolean Expression Checkers</title>
<link>/entries/Boolean_Expression_Checkers.html</link>
<pubDate>Sun, 08 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/Boolean_Expression_Checkers.html</guid>
<description></description>
</item>
<item>
<title>A shallow embedding of HyperCTL*</title>
<link>/entries/HyperCTL.html</link>
<pubDate>Wed, 16 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/HyperCTL.html</guid>
<description></description>
</item>
<item>
<title>Sound and Complete Sort Encodings for First-Order Logic</title>
<link>/entries/Sort_Encodings.html</link>
<pubDate>Thu, 27 Jun 2013 00:00:00 +0000</pubDate>
<guid>/entries/Sort_Encodings.html</guid>
<description></description>
</item>
<item>
<title>Interval Temporal Logic on Natural Numbers</title>
<link>/entries/Nat-Interval-Logic.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/Nat-Interval-Logic.html</guid>
<description></description>
</item>
<item>
<title>Free Boolean Algebra</title>
<link>/entries/Free-Boolean-Algebra.html</link>
<pubDate>Mon, 29 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/Free-Boolean-Algebra.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Logic-Automaton Connection</title>
<link>/entries/Presburger-Automata.html</link>
<pubDate>Thu, 03 Dec 2009 00:00:00 +0000</pubDate>
<guid>/entries/Presburger-Automata.html</guid>
<description></description>
</item>
<item>
<title>Quantifier Elimination for Linear Arithmetic</title>
<link>/entries/LinearQuantifierElim.html</link>
<pubDate>Fri, 11 Jan 2008 00:00:00 +0000</pubDate>
<guid>/entries/LinearQuantifierElim.html</guid>
<description></description>
</item>
<item>
<title>First-Order Logic According to Fitting</title>
<link>/entries/FOL-Fitting.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/FOL-Fitting.html</guid>
<description></description>
</item>
<item>
<title>A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic</title>
<link>/entries/Verified-Prover.html</link>
<pubDate>Tue, 28 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Verified-Prover.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/logic/proof-theory/index.html b/web/topics/logic/proof-theory/index.html
--- a/web/topics/logic/proof-theory/index.html
+++ b/web/topics/logic/proof-theory/index.html
@@ -1,238 +1,245 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Logic/Proof theory - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../../topics/logic/proof-theory/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="Logic/Proof theory" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/logic/proof-theory/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Logic/Proof theory"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../css/front.min.css">
<link rel="icon" href="../../../images/favicon.ico" type="image/icon"><script src="../../../js/obfuscate.js"></script>
<script src="../../../js/flexsearch.bundle.js"></script>
<script src="../../../js/scroll-spy.js"></script>
<script src="../../../js/theory.js"></script>
<script src="../../../js/util.js"></script><script src="../../../js/header-search.js"></script><script src="../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../../search"><img src="../../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../../"><li >Home</li></a>
<a href="../../../topics/"><li >Topics</li></a>
<a href="../../../download/"><li >Download</li></a>
<a href="../../../help/"><li >Help</li></a>
<a href="../../../submission/"><li >Submission</li></a>
<a href="../../../statistics/"><li >Statistics</li></a>
<a href="../../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>L</span>ogic/<span class='first'>P</span>roof <span class='first'>T</span>heory</h1>
<div>
</div>
</header><div><h2>Subject Classification</h2><h3>AMS</h3>
<a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=03Fxx">Mathematical logic and foundations / Proof theory and constructive mathematics</a><h3>ACM</h3>
<a href="https://dl.acm.org/topic/ccs2012/10003752.10003790.10003792">Theory of computation~Proof theory</a><h2 class="head">2022</h2><article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../../../entries/Implicational_Logic.html">Soundness and Completeness of Implicational Logic</a></h5> <br>by <a href="../../../authors/from">Asta Halkjær From</a> and <a href="../../../authors/villadsen">Jørgen Villadsen</a></div>
+ <span class="date">
+ Sep 13
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../../../entries/FOL_Seq_Calc3.html">A Naive Prover for First-Order Logic</a></h5> <br>by <a href="../../../authors/from">Asta Halkjær From</a></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/FO_Theory_Rewriting.html">First-Order Theory of Rewriting</a></h5> <br>by <a href="../../../authors/lochmann">Alexander Lochmann</a> and <a href="../../../authors/felgenhauer">Bertram Felgenhauer</a></div>
<span class="date">
Feb 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/FOL_Seq_Calc2.html">A Sequent Calculus Prover for First-Order Logic with Functions</a></h5> <br>by <a href="../../../authors/from">Asta Halkjær From</a> and <a href="../../../authors/jacobsen">Frederik Krogsdal Jacobsen</a></div>
<span class="date">
Jan 31
</span>
</article>
<h2 class="head">2021</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/FOL_Axiomatic.html">Soundness and Completeness of an Axiomatic System for First-Order Logic</a></h5> <br>by <a href="../../../authors/from">Asta Halkjær From</a></div>
<span class="date">
Sep 24
</span>
</article>
<h2 class="head">2020</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Syntax_Independent_Logic.html">Syntax-Independent Logic Infrastructure</a></h5> <br>by <a href="../../../authors/popescu">Andrei Popescu</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Robinson_Arithmetic.html">Robinson Arithmetic</a></h5> <br>by <a href="../../../authors/popescu">Andrei Popescu</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Goedel_HFSet_Semanticless.html">From Abstract to Concrete Gödel&#39;s Incompleteness Theorems—Part II</a></h5> <br>by <a href="../../../authors/popescu">Andrei Popescu</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Goedel_HFSet_Semantic.html">From Abstract to Concrete Gödel&#39;s Incompleteness Theorems—Part I</a></h5> <br>by <a href="../../../authors/popescu">Andrei Popescu</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Goedel_Incompleteness.html">An Abstract Formalization of Gödel&#39;s Incompleteness Theorems</a></h5> <br>by <a href="../../../authors/popescu">Andrei Popescu</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<h2 class="head">2019</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/FOL_Seq_Calc1.html">A Sequent Calculus for First-Order Logic</a></h5> <br>by <a href="../../../authors/from">Asta Halkjær From</a></div>
<span class="date">
Jul 18
</span>
</article>
<h2 class="head">2017</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Propositional_Proof_Systems.html">Propositional Proof Systems</a></h5> <br>by <a href="../../../authors/michaelis">Julius Michaelis</a> and <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Abstract_Soundness.html">Abstract Soundness</a></h5> <br>by <a href="../../../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../../../authors/popescu">Andrei Popescu</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Feb 10
</span>
</article>
<h2 class="head">2016</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/SuperCalc.html">A Variant of the Superposition Calculus</a></h5> <br>by <a href="../../../authors/peltier">Nicolas Peltier</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Surprise_Paradox.html">Surprise Paradox</a></h5> <br>by <a href="../../../authors/breitner">Joachim Breitner</a></div>
<span class="date">
Jul 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Incredible_Proof_Machine.html">The meta theory of the Incredible Proof Machine</a></h5> <br>by <a href="../../../authors/breitner">Joachim Breitner</a> and <a href="../../../authors/lohner">Denis Lohner</a></div>
<span class="date">
May 20
</span>
</article>
<h2 class="head">2014</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Abstract_Completeness.html">Abstract Completeness</a></h5> <br>by <a href="../../../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../../../authors/popescu">Andrei Popescu</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Apr 16
</span>
</article>
<h2 class="head">2013</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Incompleteness.html">Gödel&#39;s Incompleteness Theorems</a></h5> <br>by <a href="../../../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Nov 17
</span>
</article>
<h2 class="head">2009</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/SequentInvertibility.html">Invertibility in Sequent Calculi</a></h5> <br>by <a href="../../../authors/chapman">Peter Chapman</a></div>
<span class="date">
Aug 28
</span>
</article>
<h2 class="head">2004</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Completeness.html">Completeness theorem</a></h5> <br>by <a href="../../../authors/margetson">James Margetson</a> and <a href="../../../authors/ridge">Tom Ridge</a></div>
<span class="date">
Sep 20
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/logic/proof-theory/index.xml b/web/topics/logic/proof-theory/index.xml
--- a/web/topics/logic/proof-theory/index.xml
+++ b/web/topics/logic/proof-theory/index.xml
@@ -1,181 +1,190 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Logic/Proof theory on Archive of Formal Proofs</title>
<link>/topics/logic/proof-theory/</link>
<description>Recent content in Logic/Proof theory on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language><atom:link href="/topics/logic/proof-theory/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Soundness and Completeness of Implicational Logic</title>
+ <link>/entries/Implicational_Logic.html</link>
+ <pubDate>Tue, 13 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Implicational_Logic.html</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>A Naive Prover for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc3.html</link>
<pubDate>Tue, 22 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc3.html</guid>
<description></description>
</item>
<item>
<title>First-Order Theory of Rewriting</title>
<link>/entries/FO_Theory_Rewriting.html</link>
<pubDate>Wed, 02 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/FO_Theory_Rewriting.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus Prover for First-Order Logic with Functions</title>
<link>/entries/FOL_Seq_Calc2.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc2.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of an Axiomatic System for First-Order Logic</title>
<link>/entries/FOL_Axiomatic.html</link>
<pubDate>Fri, 24 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Axiomatic.html</guid>
<description></description>
</item>
<item>
<title>An Abstract Formalization of G&amp;ouml;del&#39;s Incompleteness Theorems</title>
<link>/entries/Goedel_Incompleteness.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_Incompleteness.html</guid>
<description></description>
</item>
<item>
<title>From Abstract to Concrete G&amp;ouml;del&#39;s Incompleteness Theorems&amp;mdash;Part I</title>
<link>/entries/Goedel_HFSet_Semantic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_HFSet_Semantic.html</guid>
<description></description>
</item>
<item>
<title>From Abstract to Concrete G&amp;ouml;del&#39;s Incompleteness Theorems&amp;mdash;Part II</title>
<link>/entries/Goedel_HFSet_Semanticless.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_HFSet_Semanticless.html</guid>
<description></description>
</item>
<item>
<title>Robinson Arithmetic</title>
<link>/entries/Robinson_Arithmetic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Robinson_Arithmetic.html</guid>
<description></description>
</item>
<item>
<title>Syntax-Independent Logic Infrastructure</title>
<link>/entries/Syntax_Independent_Logic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Syntax_Independent_Logic.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc1.html</link>
<pubDate>Thu, 18 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc1.html</guid>
<description></description>
</item>
<item>
<title>Propositional Proof Systems</title>
<link>/entries/Propositional_Proof_Systems.html</link>
<pubDate>Wed, 21 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Propositional_Proof_Systems.html</guid>
<description></description>
</item>
<item>
<title>Abstract Soundness</title>
<link>/entries/Abstract_Soundness.html</link>
<pubDate>Fri, 10 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Abstract_Soundness.html</guid>
<description></description>
</item>
<item>
<title>A Variant of the Superposition Calculus</title>
<link>/entries/SuperCalc.html</link>
<pubDate>Tue, 06 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/SuperCalc.html</guid>
<description></description>
</item>
<item>
<title>Surprise Paradox</title>
<link>/entries/Surprise_Paradox.html</link>
<pubDate>Sun, 17 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Surprise_Paradox.html</guid>
<description></description>
</item>
<item>
<title>The meta theory of the Incredible Proof Machine</title>
<link>/entries/Incredible_Proof_Machine.html</link>
<pubDate>Fri, 20 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Incredible_Proof_Machine.html</guid>
<description></description>
</item>
<item>
<title>Abstract Completeness</title>
<link>/entries/Abstract_Completeness.html</link>
<pubDate>Wed, 16 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Abstract_Completeness.html</guid>
<description></description>
</item>
<item>
<title>Gödel&#39;s Incompleteness Theorems</title>
<link>/entries/Incompleteness.html</link>
<pubDate>Sun, 17 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Incompleteness.html</guid>
<description></description>
</item>
<item>
<title>Invertibility in Sequent Calculi</title>
<link>/entries/SequentInvertibility.html</link>
<pubDate>Fri, 28 Aug 2009 00:00:00 +0000</pubDate>
<guid>/entries/SequentInvertibility.html</guid>
<description></description>
</item>
<item>
<title>Completeness theorem</title>
<link>/entries/Completeness.html</link>
<pubDate>Mon, 20 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Completeness.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/mathematics/algebra/index.html b/web/topics/mathematics/algebra/index.html
--- a/web/topics/mathematics/algebra/index.html
+++ b/web/topics/mathematics/algebra/index.html
@@ -1,655 +1,662 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Mathematics/Algebra - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../../topics/mathematics/algebra/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="Mathematics/Algebra" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/mathematics/algebra/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Mathematics/Algebra"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../css/front.min.css">
<link rel="icon" href="../../../images/favicon.ico" type="image/icon"><script src="../../../js/obfuscate.js"></script>
<script src="../../../js/flexsearch.bundle.js"></script>
<script src="../../../js/scroll-spy.js"></script>
<script src="../../../js/theory.js"></script>
<script src="../../../js/util.js"></script><script src="../../../js/header-search.js"></script><script src="../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../../search"><img src="../../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../../"><li >Home</li></a>
<a href="../../../topics/"><li >Topics</li></a>
<a href="../../../download/"><li >Download</li></a>
<a href="../../../help/"><li >Help</li></a>
<a href="../../../submission/"><li >Submission</li></a>
<a href="../../../statistics/"><li >Statistics</li></a>
<a href="../../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>M</span>athematics/<span class='first'>A</span>lgebra</h1>
<div>
</div>
</header><div><h2>Subject Classification</h2><h3>AMS</h3>
<a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=08-XX">General algebraic systems</a><h2 class="head">2022</h2><article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../../../entries/Padic_Field.html">p-adic Fields and p-adic Semialgebraic Sets</a></h5> <br>by <a href="../../../authors/crighton">Aaron Crighton</a></div>
+ <span class="date">
+ Sep 22
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../../../entries/Commuting_Hermitian.html">Simultaneous diagonalization of pairwise commuting Hermitian matrices</a></h5> <br>by <a href="../../../authors/echenim">Mnacho Echenim</a></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Finite_Fields.html">Finite Fields</a></h5> <br>by <a href="../../../authors/karayel">Emin Karayel</a></div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Fishers_Inequality.html">Fisher&#39;s Inequality: Linear Algebraic Proof Techniques for Combinatorics</a></h5> <br>by <a href="../../../authors/edmonds">Chelsea Edmonds</a> and <a href="../../../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Apr 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/LP_Duality.html">Duality of Linear Programming</a></h5> <br>by <a href="../../../authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Interpolation_Polynomials_HOL_Algebra.html">Interpolation Polynomials (in HOL-Algebra)</a></h5> <br>by <a href="../../../authors/karayel">Emin Karayel</a></div>
<span class="date">
Jan 29
</span>
</article>
<h2 class="head">2021</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Hyperdual.html">Hyperdual Numbers and Forward Differentiation</a></h5> <br>by <a href="../../../authors/smola">Filip Smola</a> and <a href="../../../authors/fleuriot">Jacques D. Fleuriot</a></div>
<span class="date">
Dec 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Factor_Algebraic_Polynomial.html">Factorization of Polynomials with Algebraic Coefficients</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a> and <a href="../../../authors/thiemann">René Thiemann</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Finitely_Generated_Abelian_Groups.html">Finitely Generated Abelian Groups</a></h5> <br>by <a href="../../../authors/thommes">Joseph Thommes</a> and <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Grothendieck_Schemes.html">Grothendieck&#39;s Schemes in Algebraic Geometry</a></h5> <br>by <a href="../../../authors/bordg">Anthony Bordg</a>, <a href="../../../authors/paulson">Lawrence C. Paulson</a> and <a href="../../../authors/li">Wenda Li</a></div>
<span class="date">
Mar 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Formal_Puiseux_Series.html">Formal Puiseux Series</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 17
</span>
</article>
<h2 class="head">2020</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Smith_Normal_Form.html">A verified algorithm for computing the Smith normal form of a matrix</a></h5> <br>by <a href="../../../authors/divason">Jose Divasón</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Power_Sum_Polynomials.html">Power Sum Polynomials</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Matrices_for_ODEs.html">Matrices for ODEs</a></h5> <br>by <a href="../../../authors/munive">Jonathan Julian Huerta y Munive</a></div>
<span class="date">
Apr 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Subset_Boolean_Algebras.html">A Hierarchy of Algebras for Boolean Subsets</a></h5> <br>by <a href="../../../authors/guttmann">Walter Guttmann</a> and <a href="../../../authors/moeller">Bernhard Möller</a></div>
<span class="date">
Jan 31
</span>
</article>
<h2 class="head">2019</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Hybrid_Systems_VCs.html">Verification Components for Hybrid Systems</a></h5> <br>by <a href="../../../authors/munive">Jonathan Julian Huerta y Munive</a></div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Jacobson_Basic_Algebra.html">A Case Study in Basic Algebra</a></h5> <br>by <a href="../../../authors/ballarin">Clemens Ballarin</a></div>
<span class="date">
Aug 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Linear_Programming.html">Linear Programming</a></h5> <br>by <a href="../../../authors/parsert">Julian Parsert</a> and <a href="../../../authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Aug 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/C2KA_DistributedSystems.html">Communicating Concurrent Kleene Algebra for Distributed Systems Specification</a></h5> <br>by <a href="../../../authors/buyse">Maxime Buyse</a> and <a href="../../../authors/jaskolka">Jason Jaskolka</a></div>
<span class="date">
Aug 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Linear_Inequalities.html">Linear Inequalities</a></h5> <br>by <a href="../../../authors/bottesch">Ralph Bottesch</a>, <a href="../../../authors/reynaud">Alban Reynaud</a> and <a href="../../../authors/thiemann">René Thiemann</a></div>
<span class="date">
Jun 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Nullstellensatz.html">Hilbert&#39;s Nullstellensatz</a></h5> <br>by <a href="../../../authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
Jun 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Groebner_Macaulay.html">Gröbner Bases, Macaulay Matrices and Dubé&#39;s Degree Bounds</a></h5> <br>by <a href="../../../authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
Jun 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Farkas.html">Farkas&#39; Lemma and Motzkin&#39;s Transposition Theorem</a></h5> <br>by <a href="../../../authors/bottesch">Ralph Bottesch</a>, <a href="../../../authors/haslbeck">Max W. Haslbeck</a> and <a href="../../../authors/thiemann">René Thiemann</a></div>
<span class="date">
Jan 17
</span>
</article>
<h2 class="head">2018</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Transformer_Semantics.html">Transformer Semantics</a></h5> <br>by <a href="../../../authors/struth">Georg Struth</a></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Quantales.html">Quantales</a></h5> <br>by <a href="../../../authors/struth">Georg Struth</a></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Symmetric_Polynomials.html">Symmetric Polynomials</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Signature_Groebner.html">Signature-Based Gröbner Basis Algorithms</a></h5> <br>by <a href="../../../authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Aggregation_Algebras.html">Aggregation Algebras</a></h5> <br>by <a href="../../../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Sep 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Octonions.html">Octonions</a></h5> <br>by <a href="../../../authors/argyraki">Angeliki Koutsoukou-Argyraki</a></div>
<span class="date">
Sep 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Quaternions.html">Quaternions</a></h5> <br>by <a href="../../../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Sep 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Localization_Ring.html">The Localization of a Commutative Ring</a></h5> <br>by <a href="../../../authors/bordg">Anthony Bordg</a></div>
<span class="date">
Jun 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/LLL_Factorization.html">A verified factorization algorithm for integer polynomials with polynomial complexity</a></h5> <br>by <a href="../../../authors/divason">Jose Divasón</a>, <a href="../../../authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="../../../authors/thiemann">René Thiemann</a> and <a href="../../../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/LLL_Basis_Reduction.html">A verified LLL algorithm</a></h5> <br>by <a href="../../../authors/bottesch">Ralph Bottesch</a>, <a href="../../../authors/divason">Jose Divasón</a>, <a href="../../../authors/haslbeck">Max W. Haslbeck</a>, <a href="../../../authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="../../../authors/thiemann">René Thiemann</a> and <a href="../../../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Feb 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Taylor_Models.html">Taylor Models</a></h5> <br>by <a href="../../../authors/traut">Christoph Traut</a> and <a href="../../../authors/immler">Fabian Immler</a></div>
<span class="date">
Jan 08
</span>
</article>
<h2 class="head">2017</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Mason_Stothers.html">The Mason–Stothers Theorem</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Dirichlet_L.html">Dirichlet L-Functions and Dirichlet&#39;s Theorem</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Stochastic_Matrices.html">Stochastic Matrices and the Perron-Frobenius Theorem</a></h5> <br>by <a href="../../../authors/thiemann">René Thiemann</a></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Orbit_Stabiliser.html">Orbit-Stabiliser Theorem with Application to Rotational Symmetries</a></h5> <br>by <a href="../../../authors/raedle">Jonas Rädle</a></div>
<span class="date">
Aug 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Stone_Kleene_Relation_Algebras.html">Stone-Kleene Relation Algebras</a></h5> <br>by <a href="../../../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Jul 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/PSemigroupsConvolution.html">Partial Semigroups and Convolution Algebras</a></h5> <br>by <a href="../../../authors/dongol">Brijesh Dongol</a>, <a href="../../../authors/gomes">Victor B. F. Gomes</a>, <a href="../../../authors/hayes">Ian J. Hayes</a> and <a href="../../../authors/struth">Georg Struth</a></div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Optics.html">Optics</a></h5> <br>by <a href="../../../authors/fosters">Simon Foster</a> and <a href="../../../authors/zeyda">Frank Zeyda</a></div>
<span class="date">
May 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Subresultants.html">Subresultants</a></h5> <br>by <a href="../../../authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="../../../authors/thiemann">René Thiemann</a> and <a href="../../../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Apr 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Stone_Relation_Algebras.html">Stone Relation Algebras</a></h5> <br>by <a href="../../../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Feb 07
</span>
</article>
<h2 class="head">2016</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Berlekamp_Zassenhaus.html">The Factorization Algorithm of Berlekamp and Zassenhaus</a></h5> <br>by <a href="../../../authors/divason">Jose Divasón</a>, <a href="../../../authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="../../../authors/thiemann">René Thiemann</a> and <a href="../../../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Oct 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Buildings.html">Chamber Complexes, Coxeter Systems, and Buildings</a></h5> <br>by <a href="../../../authors/sylvestre">Jeremy Sylvestre</a></div>
<span class="date">
Jul 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Algebraic_VCs.html">Program Construction and Verification Components Based on Kleene Algebra</a></h5> <br>by <a href="../../../authors/gomes">Victor B. F. Gomes</a> and <a href="../../../authors/struth">Georg Struth</a></div>
<span class="date">
Jun 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Perron_Frobenius.html">Perron-Frobenius Theorem for Spectral Radius Analysis</a></h5> <br>by <a href="../../../authors/divason">Jose Divasón</a>, <a href="../../../authors/kuncar">Ondřej Kunčar</a>, <a href="../../../authors/thiemann">René Thiemann</a> and <a href="../../../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
May 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Groebner_Bases.html">Gröbner Bases Theory</a></h5> <br>by <a href="../../../authors/immler">Fabian Immler</a> and <a href="../../../authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/KAD.html">Kleene Algebras with Domain</a></h5> <br>by <a href="../../../authors/gomes">Victor B. F. Gomes</a>, <a href="../../../authors/guttmann">Walter Guttmann</a>, <a href="../../../authors/hoefner">Peter Höfner</a>, <a href="../../../authors/struth">Georg Struth</a> and <a href="../../../authors/weber">Tjark Weber</a></div>
<span class="date">
Apr 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Polynomial_Interpolation.html">Polynomial Interpolation</a></h5> <br>by <a href="../../../authors/thiemann">René Thiemann</a> and <a href="../../../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Polynomial_Factorization.html">Polynomial Factorization</a></h5> <br>by <a href="../../../authors/thiemann">René Thiemann</a> and <a href="../../../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Matrix_Tensor.html">Tensor Product of Matrices</a></h5> <br>by <a href="../../../authors/prathamesh">T.V.H. Prathamesh</a></div>
<span class="date">
Jan 18
</span>
</article>
<h2 class="head">2015</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Algebraic_Numbers.html">Algebraic Numbers in Isabelle/HOL</a></h5> <br>by <a href="../../../authors/thiemann">René Thiemann</a>, <a href="../../../authors/yamada">Akihisa Yamada</a> and <a href="../../../authors/joosten">Sebastiaan J. C. Joosten</a></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Jordan_Normal_Form.html">Matrices, Jordan Normal Forms, and Spectral Radius Theory</a></h5> <br>by <a href="../../../authors/thiemann">René Thiemann</a> and <a href="../../../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Aug 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Rep_Fin_Groups.html">Representations of Finite Groups</a></h5> <br>by <a href="../../../authors/sylvestre">Jeremy Sylvestre</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Hermite.html">Hermite Normal Form</a></h5> <br>by <a href="../../../authors/divason">Jose Divasón</a> and <a href="../../../authors/aransay">Jesús Aransay</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Multirelations.html">Binary Multirelations</a></h5> <br>by <a href="../../../authors/furusawa">Hitoshi Furusawa</a> and <a href="../../../authors/struth">Georg Struth</a></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Residuated_Lattices.html">Residuated Lattices</a></h5> <br>by <a href="../../../authors/gomes">Victor B. F. Gomes</a> and <a href="../../../authors/struth">Georg Struth</a></div>
<span class="date">
Apr 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/QR_Decomposition.html">QR Decomposition</a></h5> <br>by <a href="../../../authors/divason">Jose Divasón</a> and <a href="../../../authors/aransay">Jesús Aransay</a></div>
<span class="date">
Feb 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Echelon_Form.html">Echelon Form</a></h5> <br>by <a href="../../../authors/divason">Jose Divasón</a> and <a href="../../../authors/aransay">Jesús Aransay</a></div>
<span class="date">
Feb 12
</span>
</article>
<h2 class="head">2014</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Cayley_Hamilton.html">The Cayley-Hamilton Theorem</a></h5> <br>by <a href="../../../authors/adelsberger">Stephan Adelsberger</a>, <a href="../../../authors/hetzl">Stefan Hetzl</a> and <a href="../../../authors/pollak">Florian Pollak</a></div>
<span class="date">
Sep 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Jordan_Hoelder.html">The Jordan-Hölder Theorem</a></h5> <br>by <a href="../../../authors/raumer">Jakob von Raumer</a></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/VectorSpace.html">Vector Spaces</a></h5> <br>by <a href="../../../authors/lee">Holden Lee</a></div>
<span class="date">
Aug 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Regular_Algebras.html">Regular Algebras</a></h5> <br>by <a href="../../../authors/fosters">Simon Foster</a> and <a href="../../../authors/struth">Georg Struth</a></div>
<span class="date">
May 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Secondary_Sylow.html">Secondary Sylow Theorems</a></h5> <br>by <a href="../../../authors/raumer">Jakob von Raumer</a></div>
<span class="date">
Jan 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Relation_Algebra.html">Relation Algebra</a></h5> <br>by <a href="../../../authors/armstrong">Alasdair Armstrong</a>, <a href="../../../authors/fosters">Simon Foster</a>, <a href="../../../authors/struth">Georg Struth</a> and <a href="../../../authors/weber">Tjark Weber</a></div>
<span class="date">
Jan 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/KAT_and_DRA.html">Kleene Algebra with Tests and Demonic Refinement Algebras</a></h5> <br>by <a href="../../../authors/armstrong">Alasdair Armstrong</a>, <a href="../../../authors/gomes">Victor B. F. Gomes</a> and <a href="../../../authors/struth">Georg Struth</a></div>
<span class="date">
Jan 23
</span>
</article>
<h2 class="head">2013</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Rank_Nullity_Theorem.html">Rank-Nullity Theorem in Linear Algebra</a></h5> <br>by <a href="../../../authors/divason">Jose Divasón</a> and <a href="../../../authors/aransay">Jesús Aransay</a></div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Kleene_Algebra.html">Kleene Algebra</a></h5> <br>by <a href="../../../authors/armstrong">Alasdair Armstrong</a>, <a href="../../../authors/struth">Georg Struth</a> and <a href="../../../authors/weber">Tjark Weber</a></div>
<span class="date">
Jan 15
</span>
</article>
<h2 class="head">2012</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Impossible_Geometry.html">Proving the Impossibility of Trisecting an Angle and Doubling the Cube</a></h5> <br>by <a href="../../../authors/romanos">Ralph Romanos</a> and <a href="../../../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Aug 05
</span>
</article>
<h2 class="head">2011</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/PseudoHoops.html">Pseudo Hoops</a></h5> <br>by <a href="../../../authors/georgescu">George Georgescu</a>, <a href="../../../authors/leustean">Laurentiu Leustean</a> and <a href="../../../authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Gauss-Jordan-Elim-Fun.html">Gauss-Jordan Elimination for Matrices Represented as Functions</a></h5> <br>by <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 19
</span>
</article>
<h2 class="head">2010</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Polynomials.html">Executable Multivariate Polynomials</a></h5> <br>by <a href="../../../authors/sternagel">Christian Sternagel</a>, <a href="../../../authors/thiemann">René Thiemann</a>, <a href="../../../authors/maletzky">Alexander Maletzky</a>, <a href="../../../authors/immler">Fabian Immler</a>, <a href="../../../authors/haftmann">Florian Haftmann</a>, <a href="../../../authors/lochbihler">Andreas Lochbihler</a> and <a href="../../../authors/bentkamp">Alexander Bentkamp</a></div>
<span class="date">
Aug 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Free-Groups.html">Free Groups</a></h5> <br>by <a href="../../../authors/breitner">Joachim Breitner</a></div>
<span class="date">
Jun 24
</span>
</article>
<article class="entry">
<div class="item-text">
- <h5><a class="title" href="../../../entries/Robbins-Conjecture.html">A Complete Proof of the Robbins Conjecture</a></h5> <br>by <a href="../../../authors/doty">Matthew Wampler-Doty</a></div>
+ <h5><a class="title" href="../../../entries/Robbins-Conjecture.html">A Complete Proof of the Robbins Conjecture</a></h5> <br>by <a href="../../../authors/doty">Matthew Doty</a></div>
<span class="date">
May 22
</span>
</article>
<h2 class="head">2009</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/CofGroups.html">An Example of a Cofinitary Group in Isabelle/HOL</a></h5> <br>by <a href="../../../authors/kastermans">Bart Kastermans</a></div>
<span class="date">
Aug 04
</span>
</article>
<h2 class="head">2007</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Valuation.html">Fundamental Properties of Valuation Theory and Hensel&#39;s Lemma</a></h5> <br>by <a href="../../../authors/kobayashi">Hidetsune Kobayashi</a></div>
<span class="date">
Aug 08
</span>
</article>
<h2 class="head">2004</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Group-Ring-Module.html">Groups, Rings and Modules</a></h5> <br>by <a href="../../../authors/kobayashi">Hidetsune Kobayashi</a>, <a href="../../../authors/chen">L. Chen</a> and <a href="../../../authors/murao">H. Murao</a></div>
<span class="date">
May 18
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/mathematics/algebra/index.xml b/web/topics/mathematics/algebra/index.xml
--- a/web/topics/mathematics/algebra/index.xml
+++ b/web/topics/mathematics/algebra/index.xml
@@ -1,703 +1,712 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Mathematics/Algebra on Archive of Formal Proofs</title>
<link>/topics/mathematics/algebra/</link>
<description>Recent content in Mathematics/Algebra on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language><atom:link href="/topics/mathematics/algebra/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>p-adic Fields and p-adic Semialgebraic Sets</title>
+ <link>/entries/Padic_Field.html</link>
+ <pubDate>Thu, 22 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Padic_Field.html</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Simultaneous diagonalization of pairwise commuting Hermitian matrices</title>
<link>/entries/Commuting_Hermitian.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Commuting_Hermitian.html</guid>
<description></description>
</item>
<item>
<title>Finite Fields</title>
<link>/entries/Finite_Fields.html</link>
<pubDate>Wed, 08 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Finite_Fields.html</guid>
<description></description>
</item>
<item>
<title>Fisher&#39;s Inequality: Linear Algebraic Proof Techniques for Combinatorics</title>
<link>/entries/Fishers_Inequality.html</link>
<pubDate>Thu, 21 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Fishers_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Duality of Linear Programming</title>
<link>/entries/LP_Duality.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/LP_Duality.html</guid>
<description></description>
</item>
<item>
<title>Interpolation Polynomials (in HOL-Algebra)</title>
<link>/entries/Interpolation_Polynomials_HOL_Algebra.html</link>
<pubDate>Sat, 29 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Interpolation_Polynomials_HOL_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Hyperdual Numbers and Forward Differentiation</title>
<link>/entries/Hyperdual.html</link>
<pubDate>Fri, 31 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hyperdual.html</guid>
<description></description>
</item>
<item>
<title>Factorization of Polynomials with Algebraic Coefficients</title>
<link>/entries/Factor_Algebraic_Polynomial.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Factor_Algebraic_Polynomial.html</guid>
<description></description>
</item>
<item>
<title>Finitely Generated Abelian Groups</title>
<link>/entries/Finitely_Generated_Abelian_Groups.html</link>
<pubDate>Wed, 07 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/Finitely_Generated_Abelian_Groups.html</guid>
<description></description>
</item>
<item>
<title>Grothendieck&#39;s Schemes in Algebraic Geometry</title>
<link>/entries/Grothendieck_Schemes.html</link>
<pubDate>Mon, 29 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Grothendieck_Schemes.html</guid>
<description></description>
</item>
<item>
<title>Formal Puiseux Series</title>
<link>/entries/Formal_Puiseux_Series.html</link>
<pubDate>Wed, 17 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Formal_Puiseux_Series.html</guid>
<description></description>
</item>
<item>
<title>A verified algorithm for computing the Smith normal form of a matrix</title>
<link>/entries/Smith_Normal_Form.html</link>
<pubDate>Sat, 23 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Smith_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Power Sum Polynomials</title>
<link>/entries/Power_Sum_Polynomials.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Power_Sum_Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Matrices for ODEs</title>
<link>/entries/Matrices_for_ODEs.html</link>
<pubDate>Sun, 19 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Matrices_for_ODEs.html</guid>
<description></description>
</item>
<item>
<title>A Hierarchy of Algebras for Boolean Subsets</title>
<link>/entries/Subset_Boolean_Algebras.html</link>
<pubDate>Fri, 31 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Subset_Boolean_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Verification Components for Hybrid Systems</title>
<link>/entries/Hybrid_Systems_VCs.html</link>
<pubDate>Tue, 10 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Systems_VCs.html</guid>
<description></description>
</item>
<item>
<title>A Case Study in Basic Algebra</title>
<link>/entries/Jacobson_Basic_Algebra.html</link>
<pubDate>Fri, 30 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Jacobson_Basic_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Communicating Concurrent Kleene Algebra for Distributed Systems Specification</title>
<link>/entries/C2KA_DistributedSystems.html</link>
<pubDate>Tue, 06 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/C2KA_DistributedSystems.html</guid>
<description></description>
</item>
<item>
<title>Linear Programming</title>
<link>/entries/Linear_Programming.html</link>
<pubDate>Tue, 06 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Programming.html</guid>
<description></description>
</item>
<item>
<title>Linear Inequalities</title>
<link>/entries/Linear_Inequalities.html</link>
<pubDate>Fri, 21 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Inequalities.html</guid>
<description></description>
</item>
<item>
<title>Hilbert&#39;s Nullstellensatz</title>
<link>/entries/Nullstellensatz.html</link>
<pubDate>Sun, 16 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Nullstellensatz.html</guid>
<description></description>
</item>
<item>
<title>Gröbner Bases, Macaulay Matrices and Dubé&#39;s Degree Bounds</title>
<link>/entries/Groebner_Macaulay.html</link>
<pubDate>Sat, 15 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Groebner_Macaulay.html</guid>
<description></description>
</item>
<item>
<title>Farkas&#39; Lemma and Motzkin&#39;s Transposition Theorem</title>
<link>/entries/Farkas.html</link>
<pubDate>Thu, 17 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Farkas.html</guid>
<description></description>
</item>
<item>
<title>Quantales</title>
<link>/entries/Quantales.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Quantales.html</guid>
<description></description>
</item>
<item>
<title>Transformer Semantics</title>
<link>/entries/Transformer_Semantics.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Transformer_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Symmetric Polynomials</title>
<link>/entries/Symmetric_Polynomials.html</link>
<pubDate>Tue, 25 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Symmetric_Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Signature-Based Gröbner Basis Algorithms</title>
<link>/entries/Signature_Groebner.html</link>
<pubDate>Thu, 20 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Signature_Groebner.html</guid>
<description></description>
</item>
<item>
<title>Aggregation Algebras</title>
<link>/entries/Aggregation_Algebras.html</link>
<pubDate>Sat, 15 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Aggregation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Octonions</title>
<link>/entries/Octonions.html</link>
<pubDate>Fri, 14 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Octonions.html</guid>
<description></description>
</item>
<item>
<title>Quaternions</title>
<link>/entries/Quaternions.html</link>
<pubDate>Wed, 05 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Quaternions.html</guid>
<description></description>
</item>
<item>
<title>The Localization of a Commutative Ring</title>
<link>/entries/Localization_Ring.html</link>
<pubDate>Thu, 14 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Localization_Ring.html</guid>
<description></description>
</item>
<item>
<title>A verified factorization algorithm for integer polynomials with polynomial complexity</title>
<link>/entries/LLL_Factorization.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/LLL_Factorization.html</guid>
<description></description>
</item>
<item>
<title>A verified LLL algorithm</title>
<link>/entries/LLL_Basis_Reduction.html</link>
<pubDate>Fri, 02 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/LLL_Basis_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Taylor Models</title>
<link>/entries/Taylor_Models.html</link>
<pubDate>Mon, 08 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Taylor_Models.html</guid>
<description></description>
</item>
<item>
<title>Dirichlet L-Functions and Dirichlet&#39;s Theorem</title>
<link>/entries/Dirichlet_L.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dirichlet_L.html</guid>
<description></description>
</item>
<item>
<title>The Mason–Stothers Theorem</title>
<link>/entries/Mason_Stothers.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Mason_Stothers.html</guid>
<description></description>
</item>
<item>
<title>Stochastic Matrices and the Perron-Frobenius Theorem</title>
<link>/entries/Stochastic_Matrices.html</link>
<pubDate>Wed, 22 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stochastic_Matrices.html</guid>
<description></description>
</item>
<item>
<title>Orbit-Stabiliser Theorem with Application to Rotational Symmetries</title>
<link>/entries/Orbit_Stabiliser.html</link>
<pubDate>Sun, 20 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/Orbit_Stabiliser.html</guid>
<description></description>
</item>
<item>
<title>Stone-Kleene Relation Algebras</title>
<link>/entries/Stone_Kleene_Relation_Algebras.html</link>
<pubDate>Thu, 06 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Kleene_Relation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Partial Semigroups and Convolution Algebras</title>
<link>/entries/PSemigroupsConvolution.html</link>
<pubDate>Tue, 13 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/PSemigroupsConvolution.html</guid>
<description></description>
</item>
<item>
<title>Optics</title>
<link>/entries/Optics.html</link>
<pubDate>Thu, 25 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Optics.html</guid>
<description></description>
</item>
<item>
<title>Subresultants</title>
<link>/entries/Subresultants.html</link>
<pubDate>Thu, 06 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Subresultants.html</guid>
<description></description>
</item>
<item>
<title>Stone Relation Algebras</title>
<link>/entries/Stone_Relation_Algebras.html</link>
<pubDate>Tue, 07 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Relation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>The Factorization Algorithm of Berlekamp and Zassenhaus</title>
<link>/entries/Berlekamp_Zassenhaus.html</link>
<pubDate>Fri, 14 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Berlekamp_Zassenhaus.html</guid>
<description></description>
</item>
<item>
<title>Chamber Complexes, Coxeter Systems, and Buildings</title>
<link>/entries/Buildings.html</link>
<pubDate>Fri, 01 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Buildings.html</guid>
<description></description>
</item>
<item>
<title>Program Construction and Verification Components Based on Kleene Algebra</title>
<link>/entries/Algebraic_VCs.html</link>
<pubDate>Sat, 18 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Algebraic_VCs.html</guid>
<description></description>
</item>
<item>
<title>Perron-Frobenius Theorem for Spectral Radius Analysis</title>
<link>/entries/Perron_Frobenius.html</link>
<pubDate>Fri, 20 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Perron_Frobenius.html</guid>
<description></description>
</item>
<item>
<title>Gröbner Bases Theory</title>
<link>/entries/Groebner_Bases.html</link>
<pubDate>Mon, 02 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Groebner_Bases.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebras with Domain</title>
<link>/entries/KAD.html</link>
<pubDate>Tue, 12 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/KAD.html</guid>
<description></description>
</item>
<item>
<title>Polynomial Factorization</title>
<link>/entries/Polynomial_Factorization.html</link>
<pubDate>Fri, 29 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Polynomial_Factorization.html</guid>
<description></description>
</item>
<item>
<title>Polynomial Interpolation</title>
<link>/entries/Polynomial_Interpolation.html</link>
<pubDate>Fri, 29 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Polynomial_Interpolation.html</guid>
<description></description>
</item>
<item>
<title>Tensor Product of Matrices</title>
<link>/entries/Matrix_Tensor.html</link>
<pubDate>Mon, 18 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Matrix_Tensor.html</guid>
<description></description>
</item>
<item>
<title>Algebraic Numbers in Isabelle/HOL</title>
<link>/entries/Algebraic_Numbers.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Algebraic_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Matrices, Jordan Normal Forms, and Spectral Radius Theory</title>
<link>/entries/Jordan_Normal_Form.html</link>
<pubDate>Fri, 21 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Jordan_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Representations of Finite Groups</title>
<link>/entries/Rep_Fin_Groups.html</link>
<pubDate>Wed, 12 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Rep_Fin_Groups.html</guid>
<description></description>
</item>
<item>
<title>Hermite Normal Form</title>
<link>/entries/Hermite.html</link>
<pubDate>Tue, 07 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Hermite.html</guid>
<description></description>
</item>
<item>
<title>Binary Multirelations</title>
<link>/entries/Multirelations.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Multirelations.html</guid>
<description></description>
</item>
<item>
<title>Residuated Lattices</title>
<link>/entries/Residuated_Lattices.html</link>
<pubDate>Wed, 15 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/Residuated_Lattices.html</guid>
<description></description>
</item>
<item>
<title>Echelon Form</title>
<link>/entries/Echelon_Form.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Echelon_Form.html</guid>
<description></description>
</item>
<item>
<title>QR Decomposition</title>
<link>/entries/QR_Decomposition.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/QR_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>The Cayley-Hamilton Theorem</title>
<link>/entries/Cayley_Hamilton.html</link>
<pubDate>Mon, 15 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Cayley_Hamilton.html</guid>
<description></description>
</item>
<item>
<title>The Jordan-Hölder Theorem</title>
<link>/entries/Jordan_Hoelder.html</link>
<pubDate>Tue, 09 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Jordan_Hoelder.html</guid>
<description></description>
</item>
<item>
<title>Vector Spaces</title>
<link>/entries/VectorSpace.html</link>
<pubDate>Fri, 29 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/VectorSpace.html</guid>
<description></description>
</item>
<item>
<title>Regular Algebras</title>
<link>/entries/Regular_Algebras.html</link>
<pubDate>Wed, 21 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Regular_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Secondary Sylow Theorems</title>
<link>/entries/Secondary_Sylow.html</link>
<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Secondary_Sylow.html</guid>
<description></description>
</item>
<item>
<title>Relation Algebra</title>
<link>/entries/Relation_Algebra.html</link>
<pubDate>Sat, 25 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Relation_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra with Tests and Demonic Refinement Algebras</title>
<link>/entries/KAT_and_DRA.html</link>
<pubDate>Thu, 23 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/KAT_and_DRA.html</guid>
<description></description>
</item>
<item>
<title>Rank-Nullity Theorem in Linear Algebra</title>
<link>/entries/Rank_Nullity_Theorem.html</link>
<pubDate>Wed, 16 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Rank_Nullity_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra</title>
<link>/entries/Kleene_Algebra.html</link>
<pubDate>Tue, 15 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Kleene_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Proving the Impossibility of Trisecting an Angle and Doubling the Cube</title>
<link>/entries/Impossible_Geometry.html</link>
<pubDate>Sun, 05 Aug 2012 00:00:00 +0000</pubDate>
<guid>/entries/Impossible_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Pseudo Hoops</title>
<link>/entries/PseudoHoops.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/PseudoHoops.html</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan Elimination for Matrices Represented as Functions</title>
<link>/entries/Gauss-Jordan-Elim-Fun.html</link>
<pubDate>Fri, 19 Aug 2011 00:00:00 +0000</pubDate>
<guid>/entries/Gauss-Jordan-Elim-Fun.html</guid>
<description></description>
</item>
<item>
<title>Executable Multivariate Polynomials</title>
<link>/entries/Polynomials.html</link>
<pubDate>Tue, 10 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Free Groups</title>
<link>/entries/Free-Groups.html</link>
<pubDate>Thu, 24 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Free-Groups.html</guid>
<description></description>
</item>
<item>
<title>A Complete Proof of the Robbins Conjecture</title>
<link>/entries/Robbins-Conjecture.html</link>
<pubDate>Sat, 22 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/Robbins-Conjecture.html</guid>
<description></description>
</item>
<item>
<title>An Example of a Cofinitary Group in Isabelle/HOL</title>
<link>/entries/CofGroups.html</link>
<pubDate>Tue, 04 Aug 2009 00:00:00 +0000</pubDate>
<guid>/entries/CofGroups.html</guid>
<description></description>
</item>
<item>
<title>Fundamental Properties of Valuation Theory and Hensel&#39;s Lemma</title>
<link>/entries/Valuation.html</link>
<pubDate>Wed, 08 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/Valuation.html</guid>
<description></description>
</item>
<item>
<title>Groups, Rings and Modules</title>
<link>/entries/Group-Ring-Module.html</link>
<pubDate>Tue, 18 May 2004 00:00:00 +0000</pubDate>
<guid>/entries/Group-Ring-Module.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/mathematics/games-and-economics/index.html b/web/topics/mathematics/games-and-economics/index.html
--- a/web/topics/mathematics/games-and-economics/index.html
+++ b/web/topics/mathematics/games-and-economics/index.html
@@ -1,196 +1,203 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Mathematics/Games and economics - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../../topics/mathematics/games-and-economics/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="Mathematics/Games and economics" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/mathematics/games-and-economics/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Mathematics/Games and economics"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../css/front.min.css">
<link rel="icon" href="../../../images/favicon.ico" type="image/icon"><script src="../../../js/obfuscate.js"></script>
<script src="../../../js/flexsearch.bundle.js"></script>
<script src="../../../js/scroll-spy.js"></script>
<script src="../../../js/theory.js"></script>
<script src="../../../js/util.js"></script><script src="../../../js/header-search.js"></script><script src="../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../../search"><img src="../../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../../"><li >Home</li></a>
<a href="../../../topics/"><li >Topics</li></a>
<a href="../../../download/"><li >Download</li></a>
<a href="../../../help/"><li >Help</li></a>
<a href="../../../submission/"><li >Submission</li></a>
<a href="../../../statistics/"><li >Statistics</li></a>
<a href="../../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>M</span>athematics/<span class='first'>G</span>ames and <span class='first'>E</span>conomics</h1>
<div>
</div>
</header><div><h2>Subject Classification</h2><h3>AMS</h3>
<a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=91-XX">Game theory, economics, finance, and other social and behavioral sciences</a><h2 class="head">2022</h2><article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../../../entries/Risk_Free_Lending.html">Risk-Free Lending</a></h5> <br>by <a href="../../../authors/doty">Matthew Doty</a></div>
+ <span class="date">
+ Sep 18
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../../../entries/Actuarial_Mathematics.html">Actuarial Mathematics</a></h5> <br>by <a href="../../../authors/ito">Yosuke Ito</a></div>
<span class="date">
Jan 23
</span>
</article>
<h2 class="head">2021</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Gale_Shapley.html">Gale-Shapley Algorithm</a></h5> <br>by <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Dec 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/GaleStewart_Games.html">Gale-Stewart Games</a></h5> <br>by <a href="../../../authors/joosten">Sebastiaan J. C. Joosten</a></div>
<span class="date">
Apr 23
</span>
</article>
<h2 class="head">2018</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/DiscretePricing.html">Pricing in discrete financial models</a></h5> <br>by <a href="../../../authors/echenim">Mnacho Echenim</a></div>
<span class="date">
Jul 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Neumann_Morgenstern_Utility.html">Von-Neumann-Morgenstern Utility Theorem</a></h5> <br>by <a href="../../../authors/parsert">Julian Parsert</a> and <a href="../../../authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Fishburn_Impossibility.html">The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency</a></h5> <br>by <a href="../../../authors/brandt">Felix Brandt</a>, <a href="../../../authors/eberl">Manuel Eberl</a>, <a href="../../../authors/saile">Christian Saile</a> and <a href="../../../authors/stricker">Christian Stricker</a></div>
<span class="date">
Mar 22
</span>
</article>
<h2 class="head">2017</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/First_Welfare_Theorem.html">Microeconomics and the First Welfare Theorem</a></h5> <br>by <a href="../../../authors/parsert">Julian Parsert</a> and <a href="../../../authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Sep 01
</span>
</article>
<h2 class="head">2016</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Stable_Matching.html">Stable Matching</a></h5> <br>by <a href="../../../authors/gammie">Peter Gammie</a></div>
<span class="date">
Oct 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Randomised_Social_Choice.html">Randomised Social Choice Theory</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/SDS_Impossibility.html">The Incompatibility of SD-Efficiency and SD-Strategy-Proofness</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
May 04
</span>
</article>
<h2 class="head">2015</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Parity_Game.html">Positional Determinacy of Parity Games</a></h5> <br>by <a href="../../../authors/dittmann">Christoph Dittmann</a></div>
<span class="date">
Nov 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Vickrey_Clarke_Groves.html">VCG - Combinatorial Vickrey-Clarke-Groves Auctions</a></h5> <br>by <a href="../../../authors/caminati">Marco B. Caminati</a>, <a href="../../../authors/kerber">Manfred Kerber</a>, <a href="../../../authors/lange">Christoph Lange</a> and <a href="../../../authors/rowat">Colin Rowat</a></div>
<span class="date">
Apr 30
</span>
</article>
<h2 class="head">2008</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/SenSocialChoice.html">Some classical results in Social Choice Theory</a></h5> <br>by <a href="../../../authors/gammie">Peter Gammie</a></div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/ArrowImpossibilityGS.html">Arrow and Gibbard-Satterthwaite</a></h5> <br>by <a href="../../../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Sep 01
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/mathematics/games-and-economics/index.xml b/web/topics/mathematics/games-and-economics/index.xml
--- a/web/topics/mathematics/games-and-economics/index.xml
+++ b/web/topics/mathematics/games-and-economics/index.xml
@@ -1,136 +1,145 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Mathematics/Games and economics on Archive of Formal Proofs</title>
<link>/topics/mathematics/games-and-economics/</link>
<description>Recent content in Mathematics/Games and economics on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language><atom:link href="/topics/mathematics/games-and-economics/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Risk-Free Lending</title>
+ <link>/entries/Risk_Free_Lending.html</link>
+ <pubDate>Sun, 18 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Risk_Free_Lending.html</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Actuarial Mathematics</title>
<link>/entries/Actuarial_Mathematics.html</link>
<pubDate>Sun, 23 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Actuarial_Mathematics.html</guid>
<description></description>
</item>
<item>
<title>Gale-Shapley Algorithm</title>
<link>/entries/Gale_Shapley.html</link>
<pubDate>Wed, 29 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Gale_Shapley.html</guid>
<description></description>
</item>
<item>
<title>Gale-Stewart Games</title>
<link>/entries/GaleStewart_Games.html</link>
<pubDate>Fri, 23 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/GaleStewart_Games.html</guid>
<description></description>
</item>
<item>
<title>Pricing in discrete financial models</title>
<link>/entries/DiscretePricing.html</link>
<pubDate>Mon, 16 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/DiscretePricing.html</guid>
<description></description>
</item>
<item>
<title>Von-Neumann-Morgenstern Utility Theorem</title>
<link>/entries/Neumann_Morgenstern_Utility.html</link>
<pubDate>Wed, 04 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/Neumann_Morgenstern_Utility.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency</title>
<link>/entries/Fishburn_Impossibility.html</link>
<pubDate>Thu, 22 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Fishburn_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Microeconomics and the First Welfare Theorem</title>
<link>/entries/First_Welfare_Theorem.html</link>
<pubDate>Fri, 01 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/First_Welfare_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Stable Matching</title>
<link>/entries/Stable_Matching.html</link>
<pubDate>Mon, 24 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stable_Matching.html</guid>
<description></description>
</item>
<item>
<title>Randomised Social Choice Theory</title>
<link>/entries/Randomised_Social_Choice.html</link>
<pubDate>Thu, 05 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Randomised_Social_Choice.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of SD-Efficiency and SD-Strategy-Proofness</title>
<link>/entries/SDS_Impossibility.html</link>
<pubDate>Wed, 04 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/SDS_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Positional Determinacy of Parity Games</title>
<link>/entries/Parity_Game.html</link>
<pubDate>Mon, 02 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Parity_Game.html</guid>
<description></description>
</item>
<item>
<title>VCG - Combinatorial Vickrey-Clarke-Groves Auctions</title>
<link>/entries/Vickrey_Clarke_Groves.html</link>
<pubDate>Thu, 30 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/Vickrey_Clarke_Groves.html</guid>
<description></description>
</item>
<item>
<title>Some classical results in Social Choice Theory</title>
<link>/entries/SenSocialChoice.html</link>
<pubDate>Sun, 09 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SenSocialChoice.html</guid>
<description></description>
</item>
<item>
<title>Arrow and Gibbard-Satterthwaite</title>
<link>/entries/ArrowImpossibilityGS.html</link>
<pubDate>Mon, 01 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/ArrowImpossibilityGS.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/mathematics/number-theory/index.html b/web/topics/mathematics/number-theory/index.html
--- a/web/topics/mathematics/number-theory/index.html
+++ b/web/topics/mathematics/number-theory/index.html
@@ -1,377 +1,384 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Mathematics/Number theory - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../../topics/mathematics/number-theory/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="Mathematics/Number theory" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/mathematics/number-theory/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Mathematics/Number theory"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../css/front.min.css">
<link rel="icon" href="../../../images/favicon.ico" type="image/icon"><script src="../../../js/obfuscate.js"></script>
<script src="../../../js/flexsearch.bundle.js"></script>
<script src="../../../js/scroll-spy.js"></script>
<script src="../../../js/theory.js"></script>
<script src="../../../js/util.js"></script><script src="../../../js/header-search.js"></script><script src="../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../../search"><img src="../../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../../"><li >Home</li></a>
<a href="../../../topics/"><li >Topics</li></a>
<a href="../../../download/"><li >Download</li></a>
<a href="../../../help/"><li >Help</li></a>
<a href="../../../submission/"><li >Submission</li></a>
<a href="../../../statistics/"><li >Statistics</li></a>
<a href="../../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>M</span>athematics/<span class='first'>N</span>umber <span class='first'>T</span>heory</h1>
<div>
</div>
</header><div><h2>Subject Classification</h2><h3>AMS</h3>
<a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=11-XX">Number theory</a><h2 class="head">2022</h2><article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../../../entries/Padic_Field.html">p-adic Fields and p-adic Semialgebraic Sets</a></h5> <br>by <a href="../../../authors/crighton">Aaron Crighton</a></div>
+ <span class="date">
+ Sep 22
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../../../entries/Involutions2Squares.html">From THE BOOK: Two Squares via Involutions</a></h5> <br>by <a href="../../../authors/bortin">Maksym Bortin</a></div>
<span class="date">
Aug 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/DPRM_Theorem.html">Diophantine Equations and the DPRM Theorem</a></h5> <br>by <a href="../../../authors/bayer">Jonas Bayer</a>, <a href="../../../authors/david">Marco David</a>, <a href="../../../authors/stock">Benedikt Stock</a>, <a href="../../../authors/pal">Abhik Pal</a>, <a href="../../../authors/matiyasevich">Yuri Matiyasevich</a> and <a href="../../../authors/schleicher">Dierk Schleicher</a></div>
<span class="date">
Jun 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Digit_Expansions.html">Digit Expansions</a></h5> <br>by <a href="../../../authors/bayer">Jonas Bayer</a>, <a href="../../../authors/david">Marco David</a>, <a href="../../../authors/pal">Abhik Pal</a> and <a href="../../../authors/stock">Benedikt Stock</a></div>
<span class="date">
Apr 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Irrationals_From_THEBOOK.html">Irrational numbers from THE BOOK</a></h5> <br>by <a href="../../../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Jan 08
</span>
</article>
<h2 class="head">2021</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Lifting_the_Exponent.html">Lifting the Exponent</a></h5> <br>by <a href="../../../authors/kadzioka">Maya Kądziołka</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Padic_Ints.html">Hensel&#39;s Lemma for the p-adic Integers</a></h5> <br>by <a href="../../../authors/crighton">Aaron Crighton</a></div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Hermite_Lindemann.html">The Hermite–Lindemann–Weierstraß Transcendence Theorem</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 03
</span>
</article>
<h2 class="head">2020</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Amicable_Numbers.html">Amicable Numbers</a></h5> <br>by <a href="../../../authors/argyraki">Angeliki Koutsoukou-Argyraki</a></div>
<span class="date">
Aug 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Irrational_Series_Erdos_Straus.html">Irrationality Criteria for Series by Erdős and Straus</a></h5> <br>by <a href="../../../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../../../authors/li">Wenda Li</a></div>
<span class="date">
May 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Gaussian_Integers.html">Gaussian Integers</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Lucas_Theorem.html">Lucas&#39;s Theorem</a></h5> <br>by <a href="../../../authors/edmonds">Chelsea Edmonds</a></div>
<span class="date">
Apr 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Furstenberg_Topology.html">Furstenberg&#39;s topology and his proof of the infinitude of primes</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Arith_Prog_Rel_Primes.html">Arithmetic progressions and relative primes</a></h5> <br>by <a href="../../../authors/caballero">José Manuel Rodríguez Caballero</a></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Mersenne_Primes.html">Mersenne primes and the Lucas–Lehmer test</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 17
</span>
</article>
<h2 class="head">2019</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Zeta_3_Irrational.html">The Irrationality of ζ(3)</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Gauss_Sums.html">Gauss Sums and the Pólya–Vinogradov Inequality</a></h5> <br>by <a href="../../../authors/raya">Rodrigo Raya</a> and <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Transcendence_Series_Hancl_Rucki.html">The Transcendence of Certain Infinite Series</a></h5> <br>by <a href="../../../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../../../authors/li">Wenda Li</a></div>
<span class="date">
Mar 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Prime_Distribution_Elementary.html">Elementary Facts About the Distribution of Primes</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Probabilistic_Prime_Tests.html">Probabilistic Primality Testing</a></h5> <br>by <a href="../../../authors/stuewe">Daniel Stüwe</a> and <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 11
</span>
</article>
<h2 class="head">2018</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Pi_Transcendental.html">The Transcendence of π</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Prime_Number_Theorem.html">The Prime Number Theorem</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a> and <a href="../../../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Sep 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Pell.html">Pell&#39;s Equation</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jun 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Irrationality_J_Hancl.html">Irrational Rapidly Convergent Series</a></h5> <br>by <a href="../../../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../../../authors/li">Wenda Li</a></div>
<span class="date">
May 23
</span>
</article>
<h2 class="head">2017</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Dirichlet_L.html">Dirichlet L-Functions and Dirichlet&#39;s Theorem</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Diophantine_Eqns_Lin_Hom.html">Homogeneous Linear Diophantine Equations</a></h5> <br>by <a href="../../../authors/messner">Florian Messner</a>, <a href="../../../authors/parsert">Julian Parsert</a>, <a href="../../../authors/schoepf">Jonas Schöpf</a> and <a href="../../../authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Oct 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Zeta_Function.html">The Hurwitz and Riemann ζ Functions</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Dirichlet_Series.html">Dirichlet Series</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Minkowskis_Theorem.html">Minkowski&#39;s Theorem</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Bernoulli.html">Bernoulli Numbers</a></h5> <br>by <a href="../../../authors/bulwahn">Lukas Bulwahn</a> and <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Bertrands_Postulate.html">Bertrand&#39;s postulate</a></h5> <br>by <a href="../../../authors/biendarra">Julian Biendarra</a> and <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/E_Transcendental.html">The Transcendence of e</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 12
</span>
</article>
<h2 class="head">2015</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Prime_Harmonic_Series.html">The Divergence of the Prime Harmonic Series</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Liouville_Numbers.html">Liouville numbers</a></h5> <br>by <a href="../../../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Stern_Brocot.html">The Stern-Brocot Tree</a></h5> <br>by <a href="../../../authors/gammie">Peter Gammie</a> and <a href="../../../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Dec 22
</span>
</article>
<h2 class="head">2013</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Pratt_Certificate.html">Pratt&#39;s Primality Certificates</a></h5> <br>by <a href="../../../authors/wimmer">Simon Wimmer</a> and <a href="../../../authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Jul 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Lehmer.html">Lehmer&#39;s Theorem</a></h5> <br>by <a href="../../../authors/wimmer">Simon Wimmer</a> and <a href="../../../authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Jul 22
</span>
</article>
<h2 class="head">2009</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Perfect-Number-Thm.html">Perfect Number Theorem</a></h5> <br>by <a href="../../../authors/ijbema">Mark Ijbema</a></div>
<span class="date">
Nov 22
</span>
</article>
<h2 class="head">2007</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/SumSquares.html">Sums of Two and Four Squares</a></h5> <br>by <a href="../../../authors/oosterhuis">Roelof Oosterhuis</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Fermat3_4.html">Fermat&#39;s Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples</a></h5> <br>by <a href="../../../authors/oosterhuis">Roelof Oosterhuis</a></div>
<span class="date">
Aug 12
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/mathematics/number-theory/index.xml b/web/topics/mathematics/number-theory/index.xml
--- a/web/topics/mathematics/number-theory/index.xml
+++ b/web/topics/mathematics/number-theory/index.xml
@@ -1,361 +1,370 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Mathematics/Number theory on Archive of Formal Proofs</title>
<link>/topics/mathematics/number-theory/</link>
<description>Recent content in Mathematics/Number theory on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language><atom:link href="/topics/mathematics/number-theory/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>p-adic Fields and p-adic Semialgebraic Sets</title>
+ <link>/entries/Padic_Field.html</link>
+ <pubDate>Thu, 22 Sep 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Padic_Field.html</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>From THE BOOK: Two Squares via Involutions</title>
<link>/entries/Involutions2Squares.html</link>
<pubDate>Mon, 15 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/Involutions2Squares.html</guid>
<description></description>
</item>
<item>
<title>Diophantine Equations and the DPRM Theorem</title>
<link>/entries/DPRM_Theorem.html</link>
<pubDate>Mon, 06 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/DPRM_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Digit Expansions</title>
<link>/entries/Digit_Expansions.html</link>
<pubDate>Wed, 20 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Digit_Expansions.html</guid>
<description></description>
</item>
<item>
<title>Irrational numbers from THE BOOK</title>
<link>/entries/Irrationals_From_THEBOOK.html</link>
<pubDate>Sat, 08 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Irrationals_From_THEBOOK.html</guid>
<description></description>
</item>
<item>
<title>Lifting the Exponent</title>
<link>/entries/Lifting_the_Exponent.html</link>
<pubDate>Tue, 27 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Lifting_the_Exponent.html</guid>
<description></description>
</item>
<item>
<title>Hensel&#39;s Lemma for the p-adic Integers</title>
<link>/entries/Padic_Ints.html</link>
<pubDate>Tue, 23 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Padic_Ints.html</guid>
<description></description>
</item>
<item>
<title>The Hermite–Lindemann–Weierstraß Transcendence Theorem</title>
<link>/entries/Hermite_Lindemann.html</link>
<pubDate>Wed, 03 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hermite_Lindemann.html</guid>
<description></description>
</item>
<item>
<title>Amicable Numbers</title>
<link>/entries/Amicable_Numbers.html</link>
<pubDate>Tue, 04 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Amicable_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Irrationality Criteria for Series by Erdős and Straus</title>
<link>/entries/Irrational_Series_Erdos_Straus.html</link>
<pubDate>Tue, 12 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Irrational_Series_Erdos_Straus.html</guid>
<description></description>
</item>
<item>
<title>Gaussian Integers</title>
<link>/entries/Gaussian_Integers.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Gaussian_Integers.html</guid>
<description></description>
</item>
<item>
<title>Lucas&#39;s Theorem</title>
<link>/entries/Lucas_Theorem.html</link>
<pubDate>Tue, 07 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Lucas_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Furstenberg&#39;s topology and his proof of the infinitude of primes</title>
<link>/entries/Furstenberg_Topology.html</link>
<pubDate>Sun, 22 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Furstenberg_Topology.html</guid>
<description></description>
</item>
<item>
<title>Arithmetic progressions and relative primes</title>
<link>/entries/Arith_Prog_Rel_Primes.html</link>
<pubDate>Sat, 01 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/Arith_Prog_Rel_Primes.html</guid>
<description></description>
</item>
<item>
<title>Mersenne primes and the Lucas–Lehmer test</title>
<link>/entries/Mersenne_Primes.html</link>
<pubDate>Fri, 17 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Mersenne_Primes.html</guid>
<description></description>
</item>
<item>
<title>The Irrationality of ζ(3)</title>
<link>/entries/Zeta_3_Irrational.html</link>
<pubDate>Fri, 27 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Zeta_3_Irrational.html</guid>
<description></description>
</item>
<item>
<title>Gauss Sums and the Pólya–Vinogradov Inequality</title>
<link>/entries/Gauss_Sums.html</link>
<pubDate>Tue, 10 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Gauss_Sums.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of Certain Infinite Series</title>
<link>/entries/Transcendence_Series_Hancl_Rucki.html</link>
<pubDate>Wed, 27 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Transcendence_Series_Hancl_Rucki.html</guid>
<description></description>
</item>
<item>
<title>Elementary Facts About the Distribution of Primes</title>
<link>/entries/Prime_Distribution_Elementary.html</link>
<pubDate>Thu, 21 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Distribution_Elementary.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Primality Testing</title>
<link>/entries/Probabilistic_Prime_Tests.html</link>
<pubDate>Mon, 11 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Prime_Tests.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of π</title>
<link>/entries/Pi_Transcendental.html</link>
<pubDate>Fri, 28 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Pi_Transcendental.html</guid>
<description></description>
</item>
<item>
<title>The Prime Number Theorem</title>
<link>/entries/Prime_Number_Theorem.html</link>
<pubDate>Wed, 19 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Number_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Pell&#39;s Equation</title>
<link>/entries/Pell.html</link>
<pubDate>Sat, 23 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Pell.html</guid>
<description></description>
</item>
<item>
<title>Irrational Rapidly Convergent Series</title>
<link>/entries/Irrationality_J_Hancl.html</link>
<pubDate>Wed, 23 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Irrationality_J_Hancl.html</guid>
<description></description>
</item>
<item>
<title>Dirichlet L-Functions and Dirichlet&#39;s Theorem</title>
<link>/entries/Dirichlet_L.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dirichlet_L.html</guid>
<description></description>
</item>
<item>
<title>Homogeneous Linear Diophantine Equations</title>
<link>/entries/Diophantine_Eqns_Lin_Hom.html</link>
<pubDate>Sat, 14 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Diophantine_Eqns_Lin_Hom.html</guid>
<description></description>
</item>
<item>
<title>Dirichlet Series</title>
<link>/entries/Dirichlet_Series.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dirichlet_Series.html</guid>
<description></description>
</item>
<item>
<title>The Hurwitz and Riemann ζ Functions</title>
<link>/entries/Zeta_Function.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Zeta_Function.html</guid>
<description></description>
</item>
<item>
<title>Minkowski&#39;s Theorem</title>
<link>/entries/Minkowskis_Theorem.html</link>
<pubDate>Thu, 13 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Minkowskis_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Bernoulli Numbers</title>
<link>/entries/Bernoulli.html</link>
<pubDate>Tue, 24 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Bernoulli.html</guid>
<description></description>
</item>
<item>
<title>Bertrand&#39;s postulate</title>
<link>/entries/Bertrands_Postulate.html</link>
<pubDate>Tue, 17 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Bertrands_Postulate.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of e</title>
<link>/entries/E_Transcendental.html</link>
<pubDate>Thu, 12 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/E_Transcendental.html</guid>
<description></description>
</item>
<item>
<title>Liouville numbers</title>
<link>/entries/Liouville_Numbers.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Liouville_Numbers.html</guid>
<description></description>
</item>
<item>
<title>The Divergence of the Prime Harmonic Series</title>
<link>/entries/Prime_Harmonic_Series.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Harmonic_Series.html</guid>
<description></description>
</item>
<item>
<title>The Stern-Brocot Tree</title>
<link>/entries/Stern_Brocot.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Stern_Brocot.html</guid>
<description></description>
</item>
<item>
<title>Lehmer&#39;s Theorem</title>
<link>/entries/Lehmer.html</link>
<pubDate>Mon, 22 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Lehmer.html</guid>
<description></description>
</item>
<item>
<title>Pratt&#39;s Primality Certificates</title>
<link>/entries/Pratt_Certificate.html</link>
<pubDate>Mon, 22 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Pratt_Certificate.html</guid>
<description></description>
</item>
<item>
<title>Perfect Number Theorem</title>
<link>/entries/Perfect-Number-Thm.html</link>
<pubDate>Sun, 22 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Perfect-Number-Thm.html</guid>
<description></description>
</item>
<item>
<title>Fermat&#39;s Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples</title>
<link>/entries/Fermat3_4.html</link>
<pubDate>Sun, 12 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/Fermat3_4.html</guid>
<description></description>
</item>
<item>
<title>Sums of Two and Four Squares</title>
<link>/entries/SumSquares.html</link>
<pubDate>Sun, 12 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/SumSquares.html</guid>
<description></description>
</item>
</channel>
</rss>

File Metadata

Mime Type
application/octet-stream
Expires
Mon, May 6, 4:21 AM (1 d, 23 h)
Storage Engine
chunks
Storage Format
Chunks
Storage Handle
e_0BJQveU_wj
Default Alt Text
(6 MB)

Event Timeline