New Opportunities for the Formal Proof of Computational Real Geometry?
Erika {Á}brahám, James Davenport, Matthew England, Gereon Kremer, Zak Tonks
NNew Opportunities for the Formal Proof ofComputational Real Geometry?
Erika ´Abrah´am , James Davenport , Matthew England , Gereon Kremer , andZak Tonks RWTH Aachen University, Germany { abraham,gereon.kremer } @cs.rwth-aachen.de University of Bath, Bath BA2 7AY, UK { J.H.Davenport,Z.P.Tonks } @bath.ac.uk Coventry University, UK
Abstract.
The purpose of this paper is to explore the question “to whatextent could we produce formal, machine-verifiable, proofs in real alge-braic geometry?” The question has been asked before but as yet the lead-ing algorithms for answering such questions have not been formalised.We present a thesis that a new algorithm for ascertaining satisfiability offormulae over the reals via Cylindrical Algebraic Coverings [ ´Abrah´am,Davenport, England, Kremer,
Deciding the Consistency of Non-LinearReal Arithmetic Constraints with a Conflict Driver Search Using Cylin-drical Algebraic Coverings , 2020] might provide trace and outputs thatallow the results to be more susceptible to machine verification thanthose of competing algorithms.
Keywords:
Computational Real Geometry, Formal Proof, Verification, Satisfi-ability, SMT, Computer Algebra, Symbolic Computation
Computational Real Algebraic Geometry really began with the Cylindrical Al-gebraic Decomposition (CAD) work of Collins [10], and independently W¨uthrich[29]: previous results such as [25,26] having been effective in name only.
Definition 1. An algebraic proposition is one built up from expressions of theform p i ( x , . . . , x n ) = 0 (where the p i are polynomials with integer coefficients)joined together by the logical connectives ¬ (not), ∧ (and) and ∨ (or). A semi-algebraic proposition is the same, except that the building blocks are expressionsof the form p i ( x , . . . , x n ) σ where σ ∈ { = , (cid:54) = , >, ≥ , <, ≤} . The language of semi-algebraic propositions is also called the Tarski language L . Notation 1
Although not strictly in the Tarski language, we will find it conve-nient to describe “the i -th root of p ” by i n √ p (or more generally i RootOf( p, y ) )to mean the i th real root (counting from −∞ ) of p , as a polynomial in y ( i p when the variable is clear). a r X i v : . [ c s . S C ] A p r hom’s Lemma [11] means that these can be converted into statements in L , atthe cost of adding additional polynomials — the derivatives of the ones we have. Notation 2
We let R ∗ be R to which we add (cid:15) to make the ordered ring R [ (cid:15) ] with < (cid:15) < any positive real, and then add ±∞ to the underlying ordered set. See [16] for the rationale behind these symbols in Virtual Term Substitution.
Problem 1 (Quantifier Elimination).
Consider a quantified proposition Q y . . . Q m y m F ( y , . . . , y m , x , . . . , x n ) , (1)where F ∈ L and Q i ∈ {∃ , ∀} . Does there exist a quantifier-free equivalentsemi-algebraic proposition G ( x , . . . , x n ) and if so, can we compute it? Notation 3
The structure of (1) forces an order onto the variables, which wetake from first to last as x , . . . , x n , y , . . . , y m . The most used complete method to solve Problem 1 is Cylindrical AlgebraicDecomposition (CAD) [10, and much subsequent work], although Virtual TermSubstitution (VTS) [28, and much subsequent work] is very useful when it isapplicable: see, for example, [27]. Problem 1 is known to be doubly-exponential(in n + m ) in the worst case [7,12], but more accurately it is doubly-exponentialin the number of times the sequence of Q i changes from ∃ to ∀ or vice versa [4].An important special case of Problem 2 is the following. Problem 2 (Satisfiability).
Given a fully existentially quantified proposition ∃ x ∃ x · · · ∃ x n F ( x , . . . , x n ) , (2)where F ∈ L , does there exist a solution? I.e. is this true or false (also knownas the problem being SAT or UNSAT )?Despite the fact that (2) is a quantified piece of algebra, the problem is knownas “Quantifier-Free Non-linear Real Arithmetic” (
QF_NRA ) in the SatisfiabilityModulo Theories (SMT) community [3], since all variables in SMT are assumedto be existentially quantified anyway. Traditionally Problem 1 was the focus ofthe symbolic computation community and Problem 2 the focus of the Satisfia-bility Checking community, but recently there has been a joint effort [1].By [4] it is soluble in time singly-exponential in n , but the authors know ofno implementation of this. A fundamental difference between Problem 2 and thefamous Boolean version of Satisfiability Checking is that there are an infinitenumber of possible values for the x i , so direct ‘brute force’ is not an option.A subtle variant of Problem 2 is the following. Problem 3 (Proven Satisfiability).
Given a fully existentially quantified proposi-tion (2), where F ∈ L , produce a computer-verifiable proof of SAT or UNSAT . Any proposition with quantified variables can be converted into one in this so-called prenex normal form — see any standard logic text. f the answer is
SAT , all the major algorithms (at least VTS and CAD, aswell as hybrids of these methods) will actually compute the witnesses x i , so thecomputer-verifiable proof of SAT is relatively easy (we say relatively easy as wemust bear in mind that these x i might be algebraic numbers). The challengeis the UNSAT case. The main body of work on this problem is by Cohenand Mahboubi [19], [20], [8], [9]. In the former works an attempt was made toformalise CAD but to the best of our knowledge this was not completed. In thoselatter papers QE is verified but not via CAD but with an algorithm describedin [14], which falls in the “effective in name only” category.
Thesis and plan of this article
The authors of the present paper have recently developed a new algorithm fortackling Problem 2 in [2] which offers computational advantages over CAD. Thealgorithm is based around the new idea of Cylindrical Algebraic Coverings andso we refer to it here as CAC. The present article is essentially a position paperwhere we present our thesis that the UNSAT results produced by CAC maybe far more susceptible to formal proof than those of the traditional tools. Wepresent examples which show that CAC produced proofs that are much closerto those of a human. The aim of the paper is to present this thesis to the formalproof community to garner interest and insight into whether it may be followed.The paper continues by introducing the two leading technologies for tacklingour problems in Section 2. Then in Section 3 we summarise our recent CACalgorithm. In Section 4 we present some examples that illustrate our thesis.
This was first introduced by Collins in [10]. The key idea is to partition R n intoconnected subsets called cells with the following properties:1. Each cell is sign-invariant for all the polynomials in F .2. Each cell C has a sample point s C identified within it.3. The cells and sample points are arranged cylindrically. This means that forall k < m + n , the projections onto the first k variables of two cells are eitherequal or disjoint, and if equal their sample points will have the same valuesfor the first k coordinates.4. The cells have semi-algebraic descriptions.Then the truth of ∃ yF ( y, x , . . . , x n ) , at a sample point s = ( s , . . . , s n ) followsfrom the truth of any of the sample points s (cid:48) = ( s , . . . , s n , s n +1 ) above it (andif they are all false, then ∃ yF is false). Similarly, the truth of ∀ yF ( y, x , . . . , x n ) , at s follows from the truth of all of the sample points s (cid:48) above it (and if any ofthem are false, then ∀ yF is false). The truth of ∃ y from the truth at any samplepoint (and the falsity of ∀ y from the falsity at any sample point) are obvious:he converses follow from the completeness of the decomposition, i.e. that thereis no behaviour not captured by a sample point.There are improvements to the original [10] by many authors: in particular[21] has a more efficient computation, but may explicitly state that the decompo-sition is not complete (“nullification” or “not well ordered”), and [18] (justifiedonly recently in [24]), is more efficient still but always complete. Further efficien-cies can be found when F has certain structure, for example, [22] considered thecase where F has the form p ( y , . . . , y m , x , . . . , x n ) = 0 ∧ F (cid:48) ( y , . . . , y m , x , . . . , x n )where p is referred to as an equational constraint ; [23], [13] considered the caseof several equational constraints; and [5] considered more complicated combina-tions, re-defining (1) in the construction to:1 (cid:48) Each cell is truth-invariant for F , but not necessarily sign-invariant for allthe polynomials in F .See for example the introduction of [13] for a more detailed review. The key pointis that however the decomposition is constructed, the fundamental requirementis completeness , i.e. that all cases, however defined, are captured as a cell (samplepoint) in the decomposition. Virtual term Substitution (VTS) was introduced in [28], and many developmentsare gathered in [16,17]. Here the key idea for
QyF ( y, x , . . . , x n ) is to considera y -value from every interval of the real line according to those intervals formedby the real roots of all polynomials contained in F , regarded as elements of Q [ x , . . . , x n ][ y ]. Unlike CAD, it is limited to elimination of quantified variablesappearing as low degree - currently the methodology is described for up to de-gree 3 in [16]. Action of elimination by VTS may even increase the degree ofintermediate formulae, and as such all x , . . . , x n appearing at most cubically isnot a guarantee VTS can complete QE alone.If n = 0, these would truly be values v i in R ∗ , the truth of ∃ yF ( y ) wouldbe that of (cid:87) i F ( v i ), and the truth of ∀ yF ( y ) would be that of (cid:86) i F ( v i ). Ingeneral, of course, n >
0, so we have terms rather than values, which are theroots in y of these polynomials in Q [ x , . . . , x n ][ y ], and the substitution into F is “virtual”. We write F [ y//v i ] for “the virtual substitution of v i for y in F ”,which is especially relevant if the v i ∈ R ∗ \ R .Again, if a F ( y//v i ) is true, then ∃ yF ( y ) is true, and if a F ( y//v i ) is false,then ∀ yF ( y ) is false. Deducing the converse again requires that the set of v i be“complete”. If v i ∈ R ∗ \ R is a witness to truth/falsity, then it is possible, withthe hindsight of knowing the expressions in which it occurs, to replace ∞ by alarge enough number, and (cid:15) by a small enough one - see Algorithm 1 from [27]. We recently presented a new algorithm for determining the satisfiability of con-junctions of non-linear polynomial constraints over the reals [2], which can besed to solve Problem 2. The algorithm is based around the technology of CADbut does not build a decomposition of R n . Instead, overlapping cells are gener-ated, until we have a covering of the sample space. Sample points are constructedincrementally, either until a satisfying sample is found or sufficient samples havebeen sampled to conclude unsatisfiability. The choice of samples is guided byboth the input constraints and previous conflicts (combinations of constraintsand samples found to be unsatisfiable). The key idea behind our new approach isto start with a partial sample; demonstrate that it cannot be extended to a fullsample; and from the reasons for that rule out a larger space around the partialsample, which build up incrementally into a covering of the space. The cells arestill arranged in cylinders and have semi-algebraic descriptions and thus we callthe data structure produced a Cylindrical Algebraic Covering (CAC).Unlike CAD, which starts with projection to generate algebraic information,the algorithm described in [2] starts with “guessing” a sample point dimension-wise, starting in the lowest dimension and iteratively extending it to higherdimensions. Either we “guessed” right and find a satisfying sample or we face apartial sample that cannot be extended to a full solution and use it to guide theprojection (and thus the cell construction). To do so, we recursively execute thefollowing: – Given an i -dimensional sample s = ( s , . . . , s i ), we try to extend it to asample ( s , . . . , s i , s i +1 ) that does not evaluate any input constraint to false. – If this works out then either the sample is full dimensional and we reportconsistency (and this witness), or we continue with extending the sample inthe next dimension. – Otherwise we take note of the reason the sample cannot be extended, andexclude from further search not just this particular sample s , but all exten-sions of ( s , . . . , s i − ) into the i th dimension with any value from a (hopefullylarge) interval around s i which is non-extensible for the same reason. – We continue and check further extensions of ( s , . . . , s i − ) until either wefind a solution or the i th dimension is fully covered by excluding intervals. – In the latter case, we analyse the collection of intervals to try and rule out notjust the original sample in R i − but an interval around it within dimension( i − s × s i violating a constraint with polynomial p can be generalised to a cell in a p -sign-invariant CAD. So when all extensions of s have been excluded (the i th dimensionis fully covered by excluding intervals) then we project all the covering cells todimension i − We demonstrate our thesis with some simple UNSAT examples.
Fig. 1.
Graphs of polynomials involved in the worked examples.
Consider F := ( x + y < ∧ (( x − + y < F must be UNSAT. CAD:
To solve Problem 2, the CAD algorithm would do the following:(a) partitions the x -axis at − , , , , R (see Table 3); x = ± x = 3 , x = 2. The answer is that both circles (boundaries of the discs) in F have common zeros at x − , y = ±√−
3: of course these zeros are not real, but havea real x -component. c) deduces that no sample points have both x + y < x − + y < R , the statement must be nowhere true.Step (c) is analogous to verifying SAT , and, due to the cylindrical natureof the decomposition, (e) is relatively easy. The problem is verifying (d). Itstruth depends on the fine details of the CAD algorithm used (for example [21]is distinctly different from [10], and the Lazard method [24] is based on entirelydifferent mathematics again).
VTS:
Virtual Term Substitution would consider a variety of possible values v i for y . In the implementation of [27], the set of v i starts with −∞ , then variousother trivial (in the sense of immediately yielding false) values, and the firstnon-trivial one is √ − x + (cid:15) . Virtually substituting this into F yields x < (cid:124) (cid:123)(cid:122) (cid:125) guard ∧ true (cid:124)(cid:123)(cid:122)(cid:125) x + y < ∧ (cid:0) − x < − ∨ (cid:0) x = 2 ∧ x < (cid:1)(cid:1)(cid:124) (cid:123)(cid:122) (cid:125) ( x − + y < , (3)where the guard is there to make sure that the substitution makes sense, and“ − x < −
2” is the simplification of ( x − + (cid:0) √ − x + (cid:15) (cid:1) <
1. In all there are41 VTS test points, of which 21 are initial ones used in y , and of the remaining20 on x , there are 7 distinct ones (used on similar intermediate formulae). Theyare characterised in a manner intelligible as semi-algebraic sets (to compare withCAD) in Table 1. It is important to note that this is only a characterisation,considering VTS does not in itself operate geometrically. We have fewer substi-tutions of exact values for x (what would be analogous to computing “sections”in CAD).Speaking generally, VTS is an algebraic approach on formulae as opposedto geometry. Amongst the formulae produced in x , x = 2 appears, but otheratomic formulae are all strong relations, such that this is the only substitutionof an “exact” value. All of the generated test points are substituted in order todeduce UNSAT , as we form a disjunction of formulae all equivalent to false.
Table 1.
Structural Test Points for VTS (as semi-algebraic sets) for the example inSection 4.1 x < − − < x < < x < x = 2 2 < x < < x < x > uman: Of course no human prover would proceed in either of these ways. Ahuman produced argument would be along the lines of x + y < ⇒ x < ⇒ x < x − + y < ⇒ ( x − < ⇒ x − ∈ ( − , ⇒ x − > − ⇒ x > CAC:
Cylindrical Algebraic Covering proceeds by choosing a variety of sample x values, then recursing on y (and any subsequent variables if there were any. Inthis example it it proceeds as follows, but we note that the theoretical algorithmallows a great deal of choice in computation path. x = − : This would require y < x , as − x + y − x < − : We sample x = − −
1, so ( −∞ , −
1) is ruled out along with x = − x > − : We sample x = 0. Here y ∈ ( − ,
1) can not be ruled out by x + y < x − + y < x immediately, andthe generalisation rules out with it the whole of ( −∞ , x ≥ : We sample x = 4. This trivially conflicts with x + y <
1, which rulesout (1 , ∞ ).Hence the whole of R is ruled out for x , and we may conclude UNSAT.While this is not quite as simple as the human proof above, it is much closer toit. If we pruned the reasoning, it would be that x ∈ ( −∞ ,
3) is infeasible becauseof ( x − + y <
1, and x ∈ (1 , ∞ ) because of x + y <
1. Most importantly,the argument of unsatisfiability can be reconstructed from the algorithm flowand output.
Consider F := ( x + y < ∧ (cid:16)(cid:0) x − (cid:1) + (cid:0) y − (cid:1) < (cid:17) . The circles are graphedon the right of Figure 1 and we see they again do not intersect and thus F mustbe UNSAT. CAD:
To solve Problem 2, the CAD algorithm behaves similarly to Example 1:the two circles have critical points (roots of the discriminant) at x = − , x = 1and x = , x = respectively. This time the resultant of the two circles is18 x − x + , whose roots are not real numbers and so do not contributeto the set of critical points. However, because the circles overlap the cylindersabove the x -axis are more decomposed and we have 41 cells as in Table 4. TS:
VTS this time receives non-false formulae owing to substitutions oftest points in y from both circles. Virtual substitution can substitute roots di-rectly from multivariate polynomials (which, in fact, is some of the cadencebehind the terminology “virtual”). An example is the virtual substitution of RootOf (cid:16)(cid:0) x − (cid:1) + (cid:0) y − (cid:1) − (cid:17) + (cid:15) for y into F , leading to (after someminor simplification):4 x − x + 5 < ∧ (cid:16) x < ∧ − x + 12 x − < ∨ x − x + 5 < ∨ x ≥ ∧ x − x + 5 = 0 ∧ x − x + 7 < (cid:17) Now, 4 x − x + 5 = (2 x − x − x − x + 5 and 2 x − x + 7 areirreducible. As a result of the irreducible polynomials, in contrast to Problem1, VTS must then use test points from quadratic polynomials in x rather thanusing purely linear test points. In fact, 8 x − x + 5 has no real roots, andthe negative discriminant manifests in a guard evaluating as false to preventsubstitution from this. In total, in the same manner as Table 1 we have Table 2as the characterisation of the geometry in x that VTS finds relevant. Table 2.
Structural Test Points for VTS (as semi-algebraic sets) for the example inSection 4.2 x < RootOf (2 x + 6 x − x = RootOf (2 x − x + 7) RootOf (2 x − x + 7) < x < x = 00 < x <
12 12 < x < RootOf (2 x − x + 7) x = RootOf (2 x + 6 x − RootOf (2 x − x + 7) < x < x > The only other non trivial formula VTS must traverse in x is: x < ∧ (cid:0) (3 < x ∧ − x + 12 x < ∨ (3 ≤ x ∧ − x + 12 x − (cid:1) with significant overlap in terms of test points, but also additionally identifying x = ± (cid:15) , making for a total of 11 unique non-degenerate test points in x .Again, there are fewer substitutions owing to exact roots than CAD, with VTSnot identifying x = or x = as meaningful to substitute. Yet again all testpoints are substituted to receive UNSAT . CAC:
Our implementation of the Cylindrical Algebraic Covering algorithmoperates on this example as follows. = − : Similarly yo the previous example, this would require y < − x + y − x < − : As in the first example we sample x = − y < −
3, excluding the whole interval ( −∞ , − − < x : We have now excluded ( −∞ , −
1] and sample x = 0. While y < y − / < − whichis directly conflicting. The characterisation ends up excluding the interval( −∞ , ), essentially superseding all previous intervals. < x : We sample x = 1 and obtain a direct conflict with y <
0. As with thefirst sample ( x = −
1) we only exclude the point interval [1 , < x < : To take care of this interval we sample x = which finally needsboth constraints to realize that no value for y is feasible. The characterisationexcludes exactly the interval ( , remains uncovered. x = : We now check the remaining point x = which directly conflicts with thesecond constraint. As is a root of the discriminant of the second constraintspolynomial, only this point interval is excluded.1 < x : We continue with x = 2, which is a direct conflict with the first constraintdue to y < −
3, excluding (1 , ∞ ) and thereby completing the covering ofthe x -axis.We have ascertained that no value for x ∈ R can satisfy the constraints and somay conclude UNSAT.Note that, after pruning, the reasoning consists of the following components: x (cid:54)∈ ( −∞ , ) because of the second constraint, x (cid:54) = because of the second constraint, x (cid:54)∈ ( ,
1) because of both constraints, x (cid:54) = 1 because of the first constraint and x (cid:54)∈ (1 , ∞ ) because of the first constraint. Human:
There is no trivial human proof this time like in Example 1. If weproceed as there we find conditions on x which are compatible and can onlyconclude that x ∈ ( , y -axis over that x -interval where bothconstraints could possibly be satisfied. In other words there is no “quick win”.There are two obvious proof approaches. Both require to know that at one point,say x = 1, the two constraints are not simultaneously satisfied. We use (cid:127) toindicate points where geometric reasoning would seem to be necessary.1. The resultant of the two circles (cid:127) is 18 x − x + , whose roots are notreal, and a fortiori not in [ , , ξ be a value in [ , (cid:127) to have y < (cid:112) − ξ . (4)imilarly we need (cid:127) to have y >
32 + (cid:114) − ( ξ −
32 ) ≥ . (5)We can square (5): y >
94 + 3 (cid:114) − ( ξ −
32 ) + (cid:18) − ( ξ −
32 ) (cid:19) since it is an inequality of positive numbers, which also implies we can square(4): y < − ξ . So1 − ξ >
94 + 3 (cid:114) − ( ξ −
32 ) + (cid:18) − ( ξ −
32 ) (cid:19) . Hence0 >
94 + 3 (cid:114) − ( ξ −
32 ) + 3 ξ −
94 = 3 (cid:32) ξ + (cid:114) − ( ξ −
32 ) (cid:33) . Then we have − (cid:114) − ( ξ −
32 ) > ξ, again an inequality of positive numbers, and so either 1 − ( ξ − ) > ξ , or1 − ξ + 3 ξ − >
0. This is not true when ξ = 1, and the roots of thisquadratic (which is essentially the resultant) are not in [ ,
1] (in fact theyare not real). Hence the inequality is nowhere true.The first approach requires less geometric reasoning, and furthermore that rea-soning is essentially uniform — “curves can only cross at roots of the resultant”.It is in fact very similar to line 3 of the CAC proof. Hence, at least in this case,CAC has essentially produced one of the possible proofs that a human would.
For general quantifier elimination (Problem 1), we have two standard imple-mented methods in the literature: CAD and VTS. Both require a completenessresult to accept their results, which is currently beyond the reach of formal proof.For the purely existential version (Problem 2), where SAT is easy to verify,but UNSAT is hard, we have a third method: CAC. At least in easy cases,its execution induces proofs much closer to the human proof. The trace of thealgorithm and its output seem to often allow for verifiable results without relianceon a verified completeness result for the entire algorithm. We acknowledge thatno verification has yet been conducted — we publish this paper to highlightthe opportunity to the verification community and encourage their input. Is itpossible to regard CAC as a tactic that can guide an automatic theorem prover? eferences
1. E. ´Abrah´am, J. Abbott, B. Becker, A.M. Bigatti, M. Brain, B. Buchberger,A. Cimatti, J.H. Davenport, M. England, P. Fontaine, S. Forrest, A. Griggio,D. Kroening, W.M. Seiler, and T. Sturm. SC : Satisfiability checking meets sym-bolic computation. In M. Kohlhase, M. Johansson, B. Miller, L. de Moura, andF. Tompa, editors, Intelligent Computer Mathematics: Proceedings CICM 2016 ,volume 9791 of
Lecture Notes in Computer Science , pages 28–43. Springer Inter-national Publishing, 2016.2. ´Abrah´am, E., Davenport, J., England, M., Kremer, G.: Deciding the Consistencyof Non-Linear Real Arithmetic Constraints with a Conflict Driven Search UsingCylindrical Algebraic Coverings. http://arxiv.org/abs/2003.05633 (2020)3. Barrett, C., Fontaine, P., Tinelli, C.: The SMT-LIB Standard: Version 2.6. http://smtlib.cs.uiowa.edu/papers/smt-lib-reference-v2.6-r2017-07-18.pdf (2017)4. Basu, S.: New results on quantifier elimination over real closed fields and applica-tions to constraint databases. J. ACM , 537–555 (1999)5. Bradford, R., Davenport, J., England, M., McCallum, S., Wilson, D.: Truth tableinvariant cylindrical algebraic decomposition. J. Symbolic Computation , 1–35(2016)6. Brown, C.W.: Open non-uniform cylindrical algebraic decompositions. In Proceed-ings of the 2015 International Symposium on Symbolic and Algebraic Computation ,ISSAC ’15, pages 85–92. ACM, 2015.7. Brown, C., Davenport, J.: The Complexity of Quantifier Elimination and Cylin-drical Algebraic Decomposition. In: Brown, C. (ed.) Proceedings ISSAC 2007. pp.54–60 (2007)8. Cohen, C. and Mahboubi, A.: A formal quantifier elimination for algebraicallyclosed fields. In S. Autexier, J. Calmet, D. Delahaye, P. Ion, L. Rideau, R. Ri-oboo, and A.P. Sexton, editors,
Intelligent Computer Mathematics , volume 6167of
Lecture Notes in Computer Science , pages 189–203. Springer Berlin Heidelberg,2010.9. Cohen, C., Mahboubi, A.: Formal Proofs in Real Algebraic Geometry: From Or-dered Fields to Quantifier Elimination. Logical Methods in Computer Science ,1–40 (2012)10. Collins, G.: Quantifier Elimination for Real Closed Fields by Cylindrical AlgebraicDecomposition. In: Proceedings 2nd. GI Conference Automata Theory & FormalLanguages. pp. 134–183 (1975)11. Coste, M., Roy, M.F.: Thom’s Lemma, the Coding of Real Algebraic Numbers andthe Computation of the Topology of Semi-Algebraic Sets. J. Symbolic Comp. ,121–129 (1988)12. Davenport, J., Heintz, J.: Real Quantifier Elimination is Doubly Exponential. J.Symbolic Comp. , 29–35 (1988)13. England, M., Bradford, R., Davenport, J.: Cylindrical Algebraic Decompositionwith Equational Constraints. In: Davenport, J., England, M., Griggio, A., Sturm,T., Tinelli, C. (eds.) Symbolic Computation and Satisfiability Checking: specialissue of Journal of Symbolic Computation, vol. 100, pp. 38–71 (2020)14. H¨ormander, L.: The analysis of linear partial differential operators. II. Differen-tial operators with constant coefficients, Grundlehren der Mathematischen Wis-senschaften [Fundamental Principles of Mathematical Sciences], vol. 257. Springer-Verlag, Berlin (1983; republished 2005)5. Jovanovic, D. and de Moura, L.: Solving non-linear arithmetic. In B. Gramlich,D. Miller, and U. Sattler, editors, Automated Reasoning: 6th International JointConference (IJCAR) , volume 7364 of
Lecture Notes in Computer Science , pages339–354. Springer, 2012.16. Koˇsta, M.: New concepts for real quantifier elimination by virtual substitution.Ph.D. thesis, Universit¨at des Saarlandes (2016)17. Koˇsta, M., Sturm, T., Dolzmann, A.: Better answers to real questions. J. SymbolicComp. , 255–275 (2016)18. Lazard, D.: An Improved Projection Operator for Cylindrical Algebraic Decompo-sition. In: Bajaj, C. (ed.) Proceedings Algebraic Geometry and its Applications:Collections of Papers from Shreeram S. Abhyankar’s 60th Birthday Conference.pp. 467–476 (1994)19. Mahboubi, A.: Programming and certifying a CAD algorithm in the Coq system.In T. Coquand, H. Lombardi, and M.F. Roy, editors, Mathematics, Algorithms,Proofs , number 05021 in Dagstuhl Seminar Proceedings. Internationales Begeg-nungs und Forschungszentrum f¨ur Informatik (IBFI), Schloss Dagstuhl, Germany,2006. http://drops.dagstuhl.de/opus/volltexte/2006/276 .20. Mahboubi, A.: Implementing the cylindrical algebraic decomposition within theCoq system.
Mathematical Structures in Computer Science , 17(1):99–127, 2007.21. McCallum, S.: An Improved Projection Operation for Cylindrical Algebraic De-composition. Ph.D. thesis, University of Wisconsin-Madison Computer Science(1984)22. McCallum, S.: On Projection in CAD-Based Quantifier Elimination with Equa-tional Constraints. In: Dooley, S. (ed.) Proceedings ISSAC ’99. pp. 145–149 (1999)23. McCallum, S.: On Propagation of Equational Constraints in CAD-Based QuantifierElimination. In: Mourrain, B. (ed.) Proceedings ISSAC 2001. pp. 223–230 (2001)24. McCallum, S., Parusi´nski, A., Paunescu, L.: Validity proof of Lazard’s method forCAD construction. J. Symbolic Comp. , 52–69 (2019)25. Seidenberg, A.: A new decision method for elementary algebra. Ann. Math. ,365–374 (1954)26. Tarski, A.: A Decision Method for Elementary Algebra and Geometry. 2nd ed.,Univ. Cal. Press. Reprinted in Quantifier Elimination and Cylindrical AlgebraicDecomposition (ed. B.F. Caviness & J.R. Johnson), Springer-Verlag, Wein-NewYork, 1998, pp. 24–84. (1951)27. Tonks, Z.: A Poly-algorithmic Quantifier Elimination Package in Maple. In Maplein Mathematics Education and Research 2019 pp. 171–186 (2020)28. Weispfenning, V.: The Complexity of Linear Problems in Fields. J. Symbolic Comp. , 3–27 (1988)29. W¨uthrich, H.: Ein Entscheidungsverfahren f¨ur die Theorie der reell-abgeschlossenen K¨orper. In: Specker, E., Strassen, V. (eds.) ProceedingsKomplexit¨at von Entschiedungsproblemen. pp. 138–162 (1976) a b l e . C A D c e ll s c o n s t r u c t e d f o r t h ee x a m p l e i nS e c t i o n . x : < − = − − < x < = < x < = < x < = < x < = > y : — < f < f < f ——— < f < f < f — y : = f = f = f = f = f = f y : > f f < y < f > f > f f < y < f > f y : = f = f y : > f > f w h e r e f = R oo t O f ( x + y − , y ) , f = R oo t O f (( x − ) + y − , y ) , a nd f i r e f e r s t oa n o r d e r e d r oo t o f t h e p o l y n o m i a l s ( N o t a t i o n ) . T a b l e . C e ll s f o r t h ee x a m p l e i nS e c t i o n . x : < − = − − < x < = < x < = < x < = > y : — < f < f < f < f < f < f < f — y : = f = f = f = f = f = f = f y : > f f < y < f f < y < f f < y < f > f f < y < f > f y : = f = f = f f < y < f f < y < f y : > f f < y < f f < y < f f < y < f > f y : = f = f = f y : > f f < y < f > f y : = f y : > f w h e r e f = R oo t O f ( x + y − , y ) , f = R oo t O f (cid:0) ( x − ) + ( y − ) − , y (cid:1)(cid:1)